N5.docx
- 文档编号:30479414
- 上传时间:2023-08-15
- 格式:DOCX
- 页数:41
- 大小:155.67KB
N5.docx
《N5.docx》由会员分享,可在线阅读,更多相关《N5.docx(41页珍藏版)》请在冰豆网上搜索。
N5
CCIERoutingandSwitchingLAB
Ver:
N5
summaryv3.0
所有设备的环回口都是32位的
Section1:
BridgingandSwitching
1.1SwitchManagement
●Etheroneachswitch(sw1,sw2,sw3,andsw4)anIOScommandthatallowsallFastEthernetPorttobeconfiguredatonceyouwillfindthisstepusesfulonthenextquestion.
●Note:
theGBethernetportsonthesedevicesarenotusedinthistest
Solution:
\\题目意思是说通过某种配置,可以用来快速地配置四台交换机的FE(GE除外)
SW1-SW4:
defineinterface-rangeCCIEf0/1–24\\定义一个Macro的名字,并将端口加入
intrangemacroCCIE\\通过这条命令可以对所定义的端口配置
………..
\\Macro特性的目的是为了提供了一种方便的方式用于交换机保存及共享配置,可以基于交换机在网络中所放置的位置进行特性及设置,便于大量设备的配置及实施。
\\这道题需要根据考试题目要求决定是否配置,可能有变化。
3560交换机默认配置了一些Macro,可以使用showsparsermarco进行查看
1.2SwitchProtocols
●DisableDTPandVTPtrafficonallFastEthernetportsonallswitches
Solution:
SW1-SW4:
intrangemacroCCIE
switchportmodeaccess
switchportnonegotiate
\\题目要求禁用DTP以及VTP在所有的FE接口上。
DTP(DynamicTrunkingProtocol):
Trunk的协商是能过DTP进行管理的,DTP是一个点到点的协议,为了避免DTP引起的误配置,可能配置接口不支持DTP也不转发DTP的帧,这样就关闭了DTP。
可以通过下面的方法:
(1)如果你不打算在链路之间使用trunk,可以使用switchportmodeaccess接口配置命令禁用trunk
(2)为了使用trunk连接设备但又不支持DTP,可以使用switchportmodetrunkswitchportnonegotiate接口配置命令,使接口成为trunk但不产生DTP帧。
然后使用switchporttrunkencapsulationisl/dot1q设置trunk端口的封装类型。
1.3VLANManagement
以下为实验室接口分配
SW1
SW2
VLAN_A
11
F0/1
VLAN_B
12
F0/2F0/5
VLAN_C
13
F0/3
VLAN_C
13
F0/6
VLAN_D
14
F0/4
VLAN_BB2
16
F0/10
VLAN_BB1
15
F0/6F0/10
VLAN_BB2
16
F0/5
RoutedPort:
SW2
SW3
F0/1
R1F0/1
F0/10
BB3F0/0
F0/3
R3F0/1
SW4
F0/19
SW4F0/19
F0/19
SW2F0/19
Solution:
\\题目没有说明要用透明模式,以下是参考别的版本配置
SW1-SW4:
vtpdomainCCIE
vtpmodetransparent
vlan11
nameVLAN_A
vlan12
nameVLAN_B
vlan13
nameVLAN_C
vlan14
nameVLAN_D
vlan15
nameVLAN_BB1
vlan16
nameVLAN_BB2
====================================
SW1:
intfa0/1
swaccvlan11
intfa0/3
swaccvlan13
intfa0/4
swaccvlan14
intrangefa0/6,f0/10
swaccvlan15
intfa0/5
swaccvlan16
===================================
SW2:
intrangef0/2,f0/5
swaccvlan12
intfa0/6
swaccvlan13
intfa0/10
swaccvlan16
intf0/1
noswichport
ipaddYY.YY.10.8255.255.255.0
intf0/3
noswichport
ipaddYY.YY.11.8255.255.255.0
intf0/19
noswichport
ipaddYY.YY.18.8255.255.255.0
===================================
SW3:
intf0/10
noswichport
ipadd150.3.YY.1255.255.255.0
===================================
SW4:
intf0/19
noswichport
ipaddYY.YY.18.10255.255.255.0
1.4Trunking
●Trunkasasimplewaytoloadbalancetrafficcreate2separateisltrunksbetweensw1andsw2usingtheseports.
−TrunkalloddVLANsthatarebeingusedinyoutopologyoverportFa0/23
−TrunkallevenVLANsthatarebeingusedinyoutopologyoverportFa0/24
−MakesureallVLANsarepresentonbothswitches
Solution:
\\此外要注意VLAN1的问题?
SW1/SW2:
intf0/23
swmodetrunk
swtrunkenisl
swtrunkallowvlannone
swtrunkallowvlan11,13,15
switchportnonegotiate
intf0/24
swmodetrunk
swtrunkenisl
swtrunkallowvlannone
swtrunkallowvlan12,14,16
switchportnonegotiate
\\验证:
showinterfacetrunkshowinterfacef0/23swichport
1.5Ether-Channels
●Sw1andsw3Fa0/19andFa0/20etherchannel
●Theseinterfacetobuild2two-portstandards-basedEthernetChannellinkwithfollowparameters:
−ThelinkshouldNOTbeatrunkandshouldonlyserviceVLAN13
−Theportonsw3mustinitiatenegotiationtoformthechannelLACPactive
−Theportonsw1shouldnotinitiatenegotiationtoformthechannelLACPpassive
−useyourracknumberintheform“YY”tonumberyourport-channel
Solution:
SW1:
intrangefa0/19–20
swmodeaccess
swaccvlan13
channel-groupYYmodepassive
intport-channelYY
swmodeaccess
swaccessvlan13
==================================
\\建议先配置SW3
SW3:
intrangef0/19–20
swmodeaccess
swaccvlan13
channel-groupYYmodeactive
intport-channelYY
swmodeaccess
swaccessvlan13
\\根据题目要求,SW1的端口不能协商,SW3的端口可以协商。
本题主要是应用了LACP协议,它具有两种模式:
Active:
将端口放入active协商状态,通过发送LACP包与另一端的接口开始协商建立channel
Passive:
将端口放入passive协商状态,端口可以响应它所接收到的LACP的包,但是并不能开始LACP包的协商,最大小化使得LACP包的传输。
1.6SVI
●AddthefollowingswitchvirtualinterfacetoSW1-VLAN_DandSw3-VLAN_COncetheyareconfiguredmakesurethatyouhaveconnectivitytoanyotherdeviceonthatnetworksegment
−AddIPaddressYY.YY.13.7/24toSw1
−AddIPaddressYY.YY.17.9/24toSw3
Solution:
\\SW1:
VLAN_D14SW3:
VLAN_C13
SW1:
iprouting
intvlan14
ipaddYY.YY.13.7255.255.255.0
==================================
SW3:
iprouting
intvlan13
ipaddYY.YY.17.9255.255.255.0
1.7CatalystFeature
●InordertopreventanylossofdatapacketsduringcongestionconfigureSw3G0/1sothattheportcanreceivepauseframesfromtheattacheddeviceuntilthecongestionconditioncleans
Solution:
SW3:
Nomlsqos
Intgi0/1
Flowcontrolreceiveon
\\注:
flowcontrol为congestion控制技术,通过在一条congestion的链路上相互发送pause-frame(此frame用来指明链路已经发生congestion),可以使对方停止在congestion的链路上发送或者接收包。
Flowcontrolreceiveon\\打开接收pause-frame的功能
Flowcontrolreceiveoff\\关闭接收pause-frame的功能
Flowcontrolsendon\\打开发送pause-frame的功能
Flowcontrolsendoff\\关闭发送pause-frame的功能
\\showflowcontrolinterfacegi0/1
1.8Spanning-tree
●ConfigureSw1portfa0/7onVLAN_D,Sw1shouldbetherootbridgeforVLAN_D,themaxmumageintervalto16seconds,theforwarddelayto14seconds,andhellointervalof2second
Solution:
SW1:
intf0/7
swmodeaccess
swaccessvlan14
spanning-treevlan14rootprimary
spanning-treevlan14max16
spanning-treevlan14forward14
spanning-treevlan14hello2
\\showspanning-treevlan14
1.9NetworkAnalyzer
●ConfigureSw2sothatanetworkanalyzercancollectallbidirectionalIPtrafficonFa0/20TheAnalyzerisconnectedtoFa0/16(notsure)
Solution:
SW2:
nomonitorsessionall
monitorsession1sourceinterf0/20both\\默认为both,最好还是加上
monitorsession1destinationinterf0/16
intf0/16
noshut
\\验证:
shomonitorsession1
1.10LinkDiagnostics
●ConfigurethetrunkbetweenSw1andSw2onportFa0/23sothatthetrunkwillbebroughtdownifaunidirectionalproblem,ensurethatthetrunkgetsshutdownifonesidestopsprocessingtraffics
Solution:
SW1/SW2:
intf0/23
udldportaggressive
\\注:
UDLD(unidirctionallinkdetection)单向链路检测,用于检测下列情况:
链路一端可以收到另一端发送过来包,但是另一端却收不到本端发送出去的数据包。
UDLD的两种工作模式:
(1)Normalmode
用于检测光纤,当检测到单向链路存在的时候,将该端口标记为undetermined.
(2)Aggressivemode
用于检测光纤为双胶线,当检测到单向链路存在的时候,将该端口标记为shutdown
配置方式:
Udldenable\\将所有端口设为normalmode
Udldaggressive\\将所有端口设为aggressivemode
1.11Spanning-treeProtection
●YouhaveexperiencedproblemswithrecevingBPDUformBackboneVLANs,ConfigureyourbackboneinterfacetoensurethatBPDUsarenotsendorreceivedonVLAN_BB1orVLAN_BB2
Solution:
SW1/SW2:
intfa0/10
spanning-treebpdufilterenable
\\查查手册
1.12PortRecovery
●Onsw1,ensurethatallportsthatareputintoerrdisablestateduetoaunidirectionalstatearere-enabled,themaximumtimethataportshouldremaininerrdisablestatein10minutes
Solution:
SW1:
errdisablerecoverycauseudld
errdiablerecoveryinterval600
\\showerrdisablerecovery
1.13Frame-relayConfigration
TheFrameRelayCloudprovidedisfullymeshed,howeveronlyusePVCsindicatedinDagram3,Theusedynamiccircuitsisnotpermitconfiguretheframerelaycloudasfollows:
−Createahub-andspokeconfiguresetupforR3(hub),R2(spoke),andR5(spoke)usea
multi-pointsubinterfaceatthehubandphysicalinterfaceatthespoke
−Usepoint-to-pointsub-interfacefortheFrameRelaycloudbetweenR1andR6
−Forallotherconnectionusephysicalinterfaces
−MakesurethatyoucanpingacrossallFrameRelayinterfacewithinthesameFrame
Relaycloud
Solution:
\\除非题目明确要求能够ping通自己,才加指向自己的MAP
R1:
ints0/0
enfram
noarpfram
noframinver
ints0/0.1point-to-point
ipaddYY.YY.16.18255.255.255.252
framinterface-dlci106
=====================================
R6:
ints0/0
enfram
noarpfram
noframinver
ints0/0.6point-to-point
ipaddYY.YY.16.17255.255.255.252
framinterface-dlci601
=====================================
R3:
ints0/0
enfram
noarpfram
noframinver
ints0/0.3multipoint
ipaddYY.YY.12.13255.255.255.248
frammapipYY.YY.12.12302br
frammapipYY.YY.12.14305br
ints0/1
enfram
noarpfram
noframinver
ipaddYY.YY.16.3255.255.255.0
frammapipYY.YY.16.4314br
=================================
R4:
ints0/1
enfram
noarpfram
noframinver
ipaddYY.YY.16.4255.255.255.0
frammapipYY.YY.16.3413br
================================
R5:
ints0/0
enfram
noarpfram
noframinver
ipaddYY.YY.12.14255.255.255.248
frammapipYY.YY.12.13503br
frammapipYY.YY.12.12503br
================================
R2:
ints0/0
enfram
noarpfram
noframinver
ipaddYY.YY.12.12255.255.255.248
frammapipYY.YY.12.13203br
frammapipYY.YY.12.14203br
Section2:
IPIGPProtocols
2.1BasicRIPConfiguration
●ConfigureRIPv2onR6-G0/0Backbone1,Arouteronthebackbone1networkadvertiseroutesoftheformat199.172.Z.0MakesurethatroutingupdatesareONLYsenttothebackboneroutes(150.1.YY.254)onVLAN_BB1
Solution:
\\题目明确要求R6仅发送路由更新给BB1,因此需要采用单播方式实现
R6:
routerrip
ver2
noauto
passivedefault
nei150.1.YY.254
net150.1.0.0
2.2RIPFiltering
●ConfigureR6usingastandardaccesscontrollist(ACL)named"RIP_IN"withasingleaccess-listentrysothatonlytheroutesbelowareseenintheroutingtableofR6andintherestofyourtopology
●199.172.Z.0(Z为0-3,8-11)
−RackYYR6#showiprouterip
−R199.172.11.0/24[120/4]via150.1.YY.254G0/0
−R199.172.10.0/24[120/4]via150.1.YY.254G0/0
−R199.172.9.0/24[120/4]via150.1.YY.254G0/0
−R199.172.
- 配套讲稿:
如PPT文件的首页显示word图标,表示该PPT已包含配套word讲稿。双击word图标可打开word文档。
- 特殊限制:
部分文档作品中含有的国旗、国徽等图片,仅作为作品整体效果示例展示,禁止商用。设计者仅对作品中独创性部分享有著作权。
- 关 键 词:
- N5