Scribd Logo
Upload

Welcome to Scribd!

  • 2 views

    3 Sims

    Uploaded by

    Nurkay Erbay

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd

    3 Sims

    Uploaded by

    Nurkay Erbay
    2 views8 pages

    Original Title

    3.SIMS

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Download as pdf or txt
    2 views8 pages

    3 Sims

    Uploaded by

    Nurkay Erbay

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Download as pdf or txt
    of 8

    VRF

    On R1: On R2:
    ! !
    ip vrf GREEN ip vrf GREEN
    rd 1:200 rd 1:200
    ! !
    ip vrf RED ip vrf RED
    rd 1:100 rd 1:100
    ! !
    interface Ethernet0/0 interface Ethernet0/0
    ip vrf forwarding RED ip vrf forwarding RED
    ip address 192.168.1.254 255.255.255.0 ip address 192.168.2.254 255.255.255.0
    ! !
    interface Ethernet0/1 interface Ethernet0/1
    ip vrf forwarding GREEN ip vrf forwarding GREEN
    ip address 192.168.20.254 255.255.255.0 ip address 192.168.22.254 255.255.255.0
    ! !
    interface Ethernet0/2 interface Ethernet0/2
    no ip address no ip address
    ! !
    interface Ethernet0/2.100 interface Ethernet0/2.100
    encapsulation dot1Q 100 encapsulation dot1Q 100
    ip vrf forwarding RED ip vrf forwarding RED
    ip address 10.10.10.1 255.255.255.252 ip address 10.10.10.2 255.255.255.252
    ! !
    interface Ethernet0/2.200 interface Ethernet0/2.200
    encapsulation dot1Q 200 encapsulation dot1Q 200
    ip vrf forwarding GREEN ip vrf forwarding GREEN
    ip address 10.10.20.1 255.255.255.252 ip address 10.10.20.2 255.255.255.252
    ! !
    router bgp 65000 router bgp 65000
    bgp router-id 1.1.1.1 bgp router-id 2.2.2.2
    bgp log-neighbor-changes bgp log-neighbor-changes
    ! !
    address-family ipv4 vrf GREEN address-family ipv4 vrf GREEN
    redistribute connected redistribute connected
    neighbor 10.10.20.2 remote-as 65000 neighbor 10.10.20.1 remote-as 65000
    neighbor 10.10.20.2 activate neighbor 10.10.20.1 activate
    exit-address-family exit-address-family
    ! !
    address-family ipv4 vrf RED address-family ipv4 vrf RED
    redistribute connected redistribute connected
    neighbor 10.10.10.2 remote-as 65000 neighbor 10.10.10.1 remote-as 65000
    neighbor 10.10.10.2 activate neighbor 10.10.10.1 activate
    exit-address-family exit-address-family
    ! !
    copy run startup copy run startup
    Verification
    From SW1 to SW3: From SW2 to SW4:
    SW1#ping 192.168.1.1 SW2#ping 192.168.20.1
    Sending 5, 100-byte ICMP Echos to 192.168.1.1, timeoutis 2 seconds: Sending 5, 100-byte ICMP Echos to 192.168.20.1, timeout is 2 seconds:
    !!!!! !!!!!
    But can’t Reach SW2 or SW4 in VRF cu-green: But can’t Reach SW3 or SW1 in VRF cu-red:
    ! !
    SW1#ping 192.168.22.1 SW2#ping 192.168.1.1
    Sending 5, 100-byte ICMP Echos to 192.168.22.1, timeouits 2 seconds: Sending 5, 100-byte ICMP Echos to 192.168.1.1, timeoutis 2 seconds:
    uuu uuu
    SW1#ping 192.168.20.1 SW2#ping 192.168.2.1
    Sending 5, 100-byte ICMP Echos to 192.168.20.1, timeouits 2 seconds: Sending 5, 100-byte ICMP Echos to 192.168.2.1, timeoutis 2 seconds:
    uuu uuu

    OSPF

    1. Inter-area links have link authentication (not area authentication) using MD5 with the key 1 string CCNP.
    R4 R5
    int e0/0 int e0/0
    ip ospf 1 area 0 ip ospf 1 area 0
    ip ospf authentication message-digest ip ospf authentication message-digest
    ip ospf message-digest-key 1 md5 CCNP ip ospf message-digest-key 1 mdS CCNP
    copy run startup copy run startup
    2. R3 is a DR regardless of R2 status while R1 and R2 establish a DR/BDR relationship.
    R2#
    int e0/1
    ip ospf priority 0
    или
    на R3 на инт. в сторону R2 cost 255
    copy run startup

    3. OSPF uses the default cost on all interfaces. Network reachability must follow OSPF default behavior for traffic within an area over
    intra-area VS inter-area links
    R5#
    router ospf 1
    redistribute connected subnets
    Проверить R5 какая на нем OSPF конфига ?
    copy run startup
    4. The OSPF external route generated on R4 adds link cost when traversing through the network to reach R2. A network command to
    advertise routes is not allowed.
    R4#
    router ospf 1
    redistribute connected subnets metric-type 1
    copy run startup
    or
    router ospf 1
    redistribute connected subnets route-map E1
    route-map E1 permit 10
    set metric-type type-1

    DMVPN

    • both spokes have a pre-configured ipsec profile already, just applied it to tun0
    • Also, don't forget to add following lines in the global configuration mode
    crypto ipsec df-bit clear
    crypto ipsec fragmentation before-encrypt

    BR1 BR1
    Interface Tunnel0 Interface Tunnel0
    IP address 192.168.1.1 255.255.255.0 IP address 192.168.1.2 255.255.255.0
    no ip redirects no ip redirects
    ip mtu 1400 ip mtu 1400
    ip nhrp authentication ccnp123 ip nhrp authentication ccnp123
    ip nhrp map 192.168.1.254 10.10.255.254 ip nhrp map 192.168.1.254 10.10.255.254
    ip nhrp map multicast 10.10.255.254 ip nhrp map multicast 10.10.255.254
    ip nhrp network-id 100 ### = EIGRP ASN ip nhrp network-id 100
    ip nhrp holdtime 300 ip nhrp holdtime 300
    ip nhrp nhs 192.168.1.254 ip nhrp nhs 192.168.1.254
    ip nhrp shortcut ### может убрать ip nhrp shortcut ### может убрать
    ip tep adjust-mss 1360 ip tcp adjust-mss 1360
    delay 1000 ### может убрать delay 1000 ### может убрать
    tunnel source 10.10.255.1 или source e0/1 tunnel source 10.10.10.2 или source e0/1
    tunnel destination 10.10.255.254 tunnel destination 10.10.255.254
    tunnel mode gre multipoint tunnel mode gre multipoint
    tunnel key 100 ### = EIGRP ASN tunnel key 100
    может добавить может добавить
    tunnel protection ipsec profile MyPROFILE ### какой профайл tunnel protection ipsec profile MyPROFILE ### какой профайл
    есть есть
    copy run startup copy run startup

    NMS-1
    R-WEST:
    R-WEST>en
    R-WEST#config t
    R-WEST(config)#service sequence-numbers
    R-WEST(config)#service timestamps log datetime msec
    R-WEST(config)#snmp-server enable traps ospf
    R-WEST(config)#end
    copy run startup

    COPP
    CORE(config)#ip access-list extended COPP-CRITICAL
    CORE(config)#permit eigrp 10.10.0.0 0.0.255.255 any
    CORE(config)#permit eigrp any 10.10.0.0 0.0.255.255
    CORE(config)#permit eigrp any host 244.0.0.10
    CORE(config)#ip access-list extended COPP-IMPORTANT
    CORE(config)#permit icmp 10.10.0.0 0.0.255.255 host 10.10.13.1
    CORE(config)#permit tcp 10.10.0.0 0.0.255.255 host 10.10.13.1 eq telnet
    CORE(config)#permit tcp 10.10.0.0 0.0.255.255 host 10.10.13.1 eq 22

    CORE(config)#ip access-list extended COPP-NORMAL


    CORE(config)#permit udp 10.10.0.0 0.0.255.255 host 10.10.1.1 range 33434 33464
    CORE(config)#permit udp 10.10.0.0 0.0.255.255 host 10.10.12.1 range 33434 33464
    CORE(config)#permit udp 10.10.0.0 0.0.255.255 host 10.10.13.1 range 33434 33464

    copy run startup

    BGP

    R4#
    ip route 10.20.0.0 255.255.0.0 null 0
    router bgp 65000
    network 10.20.0.0 mask 255.255.0.0
    aggregate-address 192.168.2.0 255.255.254.0
    neighbor 10.20.6.6 route-map BGP-R6 out
    !
    no ip prefix-list AS65001-in
    ip prefix-list 65000-in seq 10 permit 192.168.2.0/24
    !
    route-map BGP-R6 permit 10
    match ip address 65000-in
    set local-preference 104
    !
    #route-map BGP-R6 permit 20
    !
    R4# clear ip bgp * soft
    copy run startup

    R5#
    ip route 10.20.0.0 255.255.0.0 null 0
    router bgp 65000
    network 10.20.0.0 mask 255.255.0.0
    aggregate-address 192.168.2.0 255.255.254.0
    neighbor 10.20.6.6 route-map BGP-R6 out
    !
    no ip prefix-list AS65001-in ### ch в cfg есть такой или нет, может не надо удалять его
    ip prefix-list 65001-in seq 10 permit 192.168.3.0/24
    !
    route-map BGP-R6 permit 10 ### ch в cfg есть такая или нет, может не надо удалять его
    match ip address 65000-in
    set local-preference 105
    !
    route-map BGP-R6 permit 20
    !
    R5# clear ip bgp * soft
    copy run startup

    R6#
    ### ch BGP cfg на R6, все левое удалить
    router bgp 65000
    network 172.16.6.0 mask 255.255.255.0

    copy run startup

    TS
    • Used traceroute to troubleshoot flow as suggested

    R3#
    R3 (config)#router eigrp 10
    R3(config-router)#no distance 0.0.0.0 255.255.255.255 66
    R3(config-router)#redistribute ospf 10 metric 100000 1 255 10 1500
    !
    route-map SP1 permit 10
    set ip next-hop 209.165.201.2
    !
    route-map SP2 permit 10
    set ip next-hop 209.165.200.226
    !
    int e0/1
    ip policy route-map SP1
    int 0/0
    ip policy route-map SP2

    copy run startup

    R4#
    R4(config)#router eigrp 10
    R4(config-router) #no distance 0.0.0.0 255.255.255.255 66
    copy run startup

    NMS-2
    R-WEST#config t
    R-WEST(config)#archive
    R-WEST(Config-archive)#log config
    R-WEST(config-archive-log-cfg)#logging enable
    R-WEST(config-archive-log-cfg)#hidekeys
    К-WEST(config-archive-log-cfg)#notify syslog
    R-WEST(config-archive-log-cfg)#exit
    R-WEST(config)#snmp-server enable traps
    R-WEST(config)#snmp-server enable traps ospf Isa
    R-WEST(config)#snmp-server enable traps ospf cisco-specific Isa

    copy run startup

    GRE

    R0#
    RO(config)#interface Tunnel
    RO(config-if}#ip address 10.0.0.254 255.255.255.0
    RO(config-if}#ip uhrp map multicast dynamic
    RO(config-if}#ip uhrp network-id 10
    RO(config-if}# tunnel source GigabitEthemet0 ### another interface in SIM
    RO(config-if}#tunnel mode gre multipoint
    RO(config-if}#end

    copy run startup


    R1#
    R1(config)#interface Tunnel0
    R1(config-if}#ip address 10.0.0.1 255.255.255.0
    R1(config-if)#ip nhrp network-id 10
    R1(config-if}#ip nhrp nhs 10.0.0.254
    R1(config-if}#tunnel source GigabitEthemet0
    R1(config-if}#tunnel mode gre multipoint
    copy run startup
    R2:
    R2(config)#interface Tunnel
    R2(config-if}#ip address 10.0.0.2 255.255.255.0
    R2(config-if}#ip nhrp network-id 10
    R2(config-if)#ip nhrp nhs 10.0.0.254
    R2(config-if}#tunnel source GigabitEthemet0 ### another interface in SIM
    R2(config-if}#tunnel mode gre multipoint
    R2(config-if}#end

    You might also like