N2.docx
- 文档编号:8509249
- 上传时间:2023-01-31
- 格式:DOCX
- 页数:42
- 大小:1.25MB
N2.docx
《N2.docx》由会员分享,可在线阅读,更多相关《N2.docx(42页珍藏版)》请在冰豆网上搜索。
N2
CCIERoutingandSwitchingLAB
Ver:
N2
summaryv3.0
Note:
Inthelabtopology,ciscohaveconfiguredtheprotocolEIGRP,PIMSM-DM,BGPandVlaninswitchexpectswitchBB.
Firstyoumustcheckouttheconfigurationandfindthatitiswhereiswrongbeforeyouconfigure.
Troubleshooting
Section1:
Bridgingandswitching
1.1CatalystVLANConfiguration
●ConfiguretheswitchasVTPSERVER.Becauseusethevlanshavebeenconfiguredyet.Youmustchangethevlan’snameindemandinthetopology.Forexample:
vlan_30changetoVLAN_30.
●CreatethevlaninswitchBB.Becausethenumberofvlanisnotdesignated,youcanconfigurevlan’snumberbyyourself.Butthevlan’snamemustbeinthisstylejustlikeVLAN_BB1.
Note:
(1)仔细查看预配置,将不一致的VLAN名称修改。
确定连接BB所在的交换机的端口
(2)先检查BB1/2/3的连接的F0/10的VLAN是否分配正确,然后再一个一个的检查是否VLAN分配正确,从fa0/1开始到FA0/6,不要放过任何细节。
Solution:
SW1:
vlan100
nameVLAN_BB1
SW2:
vlan200
nameVLAN_BB2
SW3:
vlan300
nameVLAN_BB3
1.2VTPmode
●Pre-Configuretheswitchmodeistransparentmode,andalltheportinswitchisinaccessmode
●ConfigureRackYYSW1tobetheVTPServerfordomainVTP+YY,forexamples,Rack07wouldbeVTP07,Rack15wouldbeVTP15andsoon;
●BesurethatRackYYSW2andSW3andSW4canseevlanconfigurationfromSW1;
●Configurethevtpversion2andauthentication,thepasswordiscisco
Note:
(1)交换机的预配置为透明模式,所有的端口都为access模式。
(2)题目明确指出SW1为Server,其他交换机为Client
(3)domain名称要按规定的配置,验证密码如果没有指定可以用cisco
Solution:
SW1:
vtpdomainVTPYY
vtpmodeserver
vtpversion2
vtppasswordcisco
\\vtpversion2只需要在server端进行配置
SW2/SW3/SW4:
vtpdomainVTPYY
vtpmodeclient
vtppasswordcisco
1.3TrunkandEtherchannel
●Becausetheuserfindthatthespeedofnetworkisslowandaskyoutoincreasethebandwithto200M.thatimplyyoumustconfigurethelayer2etherchannelandtheetherchannel’snumberisconfiguredbyyourselfdecision.
●Configurethetrunkinfourswithes.Whichnegotiatemodeyouwillchooseintrunkdependontheciscoexamination’sdemand.itisPAgPorLACP.
Note:
(1)明白题意,互连交换机的端口要搞清楚
(2)channel协商模式要看题目要求配置
(3)还应注意预配置,相关的接口是否划入了VLAN,如果存在就要干掉
(4)建议:
开始将每个交换机上的要作channel的接口shutdown,然后再作配置,等每台交换机配置完成后,再noshut;如果出现channel接口一连是down,另一边是err-disable时,先把两端的接口都shutdown,然后再noshut.
Solution:
SW1:
interfacerangefa0/19–20
swtrunkenisl
swmodetrunk\\不要忘记加,模拟时没加,对端死活学不到VLAN
chan13modedesirable
noshut
interfacerangfa0/21–22
swtrunkenisl
swmodetrunk
chan14modedesirable
noshut
======================================
SW2:
intrangefa0/19–20
swtrunkenisl
swmodetrunk
chan24modedesirable
noshut
intrangefa0/21–22
swtrunkenisl
swmodetrunk
chan23modedesirable
noshut
====================================
SW3:
intrangefa0/19–20
swtrunkenisl
swmodetrunk
channel13modedesirable
noshut
intrangefa0/21–22
swtrunkenisl
swmodetrunk
chan23modedesirable
noshut
=======================================
SW4:
intrangefa0/19–20
swtrunkenisl
swmodetrunk
chan24modedesirable
noshut
intrangefa0/21–22
swtrunkenisl
swmodetrunk
chan14modedesirable
noshut
\\完成channel及TRUNK后,看client端VLAN学习情况,并将所涉及的接口划入相应的VLAN中,切记不要搞错,否则后面就无法进行。
还有一个情况需特别注意,如果client和server的vlan信息不一样,在同步之前需要记录client上server没有的vlan,以便于在同步之后在sever上手动加上。
1.4Etherchannelloadbalancing
●Configuretheetherchannelloadbalancingbaseonthesource,destinationorMACaddress.Iftheswitchisnotsupportedthatfearures.Youcanconfigurethebalancingwithsource-macaddress.
Note:
(1)主要看四台交换机中有没有3550
(2)通过showetherload-balanc查看
Solution:
SW1:
port-channelload-balancingsrc-mac\\3550配置
============================
SW2/SW3/SW4:
port-channelload-balancingsrc-dst-mac
1.5802.1X
●Createvlan999andnameGUESTinSW1.Theportsfrominterfacefa0/11tofa0/18areconfigureinportauthentication.
●ConfigurethevlanbelongtoGUESTVLANifthevlanisnotsupportedtheprotocol802.1X,theipaddressofRADIUS-SERVERis150.1.1.254andKEYiscisco.
Note:
(1)明确题意,再下手
(2)通过showetherload-balanc查看
Solution
SW1上的预配置:
vlan999
namevlan_guest\\如果预配置是这样,就需要修改VLAN_GUEST
SW3:
aaanew-model
aaaauthenticationdot1xdefaultgroupradius
aaaauthorizationnetworkdefaultgroupradius
dot1xsystem-auth-control
dot1xguest-vlansupplicant\\手工敲入
radius-serverhost150.100.1.254keycisco\\这条150.100.1.0的路由是由BB1通告的
intrangefa0/11–18
noswiaccvlan**\\一定要注意预配置是否分配了VLAN,必须去掉,否则不得分
dot1xport-controlauto
dot1xguest-vlan999
dot1xauth-failvlan999\\看要求,如果需要就配置
spanning-treeportfast\\实际工作中必配的
noshut
1.6MST
●ConfiguretheMSTineveryswitch.CreattheinstanceineveryBB.VLAN100ininstance10.Vlan200ininstance20.VLAN300ininstance30.theothervlanisinstace40.
Note:
(1)看清题目要求,每个BB一个实例,其他所有VLAN一个实例
(2)通过showspanning-treemstconguration
Solution:
SW1/SW2/SW3/SW4:
spanning-treemodemst
spanning-treemstconfiguration
namecisco
reversion1
instance10vlan100
instance20vlan200
instance30vlan300
instance40vlan30,31,33,44,50,60,500,999\\结合上下文环境,不能漏掉
1.7MSTtunning
●ConfiguretheswitchthatisbelongtoVLANBBasaroot,andansuretheroot.
Solution:
SW1:
spanning-treemst10rootprimary
SW2:
spanning-treemst20rootprimary
SW3:
spanning-treemst30rootprimary
1.8TrafficMonitor
●Configuretheremotevlan500asVLAN_RSPAN,inSW1,VLAN_500isrenamedtoVLAN_RSPAN.MonitorthetrafficfromBB1andBB2ininterfacefa0/18ofSW4.
Solution:
SW1:
vlan500
nameVLAN_RSPAN
remote-span
nomonitorsessionall
monitorsession1sourceinterfacefa0/10rx
monitorsession1destinationremotevlan500reflector-portfa0/18\\3550交换机要求
intfa0/18
noshut
================================
SW2:
\\3560交换机
nomonitorsessionall
monitorsession1sourcefa0/10rx
monitorsession1destinationremotevlan500
================================
SW4:
intfa0/18
noshut\\这一点也很重要的
nomonitorsessionall
monitorsession1sourceremotevlan500
monitorsession1destinationfa0/18
\\验证shomonitorsessionall
1.9Frame-relay
●Configuretheframe-relayintopology.Afterconfiguration,everyequipmentmustebepingitselfandwhenyouusethecommand“showframe-relaymap”,0.0.0.0don’tcomeout.
Note:
(1)先查看是否有0.0.0.0的问题出现
(2)要与预配置的LMI类型相匹配
(3)如果没有给出DLCI就要求靠动态学习到
(4)注意看是否要求自己能ping通自己
Solution:
\\
R1:
ints0/0
ipaddYY.YY.12.1255.255.255.252
enfram
noarpfram
noframinver
frammapipYY.YY.12.2102br
frammapipYY.YY.12.1102br
noshut
ints0/1
ipaddYY.YY.21.1255.255.255.252
enfram
noarpfram
noframinver
frammapipYY.YY.21.2112br
frammapipYY.YY.21.1112br
noshut
======================================
R2:
ints0/0
ipaddYY.YY.12.2255.255.255.252
enfram
noarpfram
noframinver
frammapipYY.YY.12.1201br
frammapipYY.YY.12.2201br
nosh
ints0/1
ipaddYY.YY.21.2255.255.255.252
enfram
noarpfram
noframinver
frammapipYY.YY.21.1211br
frammapipYY.YY.21.2211br
noshut
==============================
R3:
ints0/0
ipaddYY.YY.36.1255.255.255.0
enfram
noarpfram
noframinver
frammapipYY.YY.36.2306br
frammapipYY.YY.36.1306br
noshut
=============================
R6:
ints0/0
ipaddYY.YY.36.2255.255.255.0
enfram
noarpfram
noframinver
frammapipYY.YY.36.1603br
frammapipYY.YY.36.2603br
noshut
===============================
R4:
ints0/0
ipaddYY.YY.45.4255.255.255.0
enfram
noarpfram
noframinver
frammapipYY.YY.45.5405br
frammapipYY.YY.45.4405br
nosh
===============================
R5:
ints0/0
ipaddYY.YY.45.5255.255.255.0
enfram
noarpfram
noframinver
frammapipYY.YY.45.4504br
frammapipYY.YY.45.5504br
noshut
Section2:
IGPProtocols
InthetopologyisconfiguredEIGRPYY,youmusttransittheEIGRPtoospfsmoothly.
EveryequipmentconfigureEIGRP:
routereigrpYY
auto-summary
networkYY.0.0.0
defatult,thereare25routesineveryrouter.itisYY.0.0.0/24
\\要求平滑过渡,注意所保留的几个接口(因为有些需要运行EIGRP)
2.1OSPF
●OSPFprocessisYY,router-idistheaddressofloopback0.
●Configuretheospfarea0accordingthegiventopologyinswitch.(note:
enableinterfaceloopback0inarea0)
●Configurearea167and2458accordingthetopology.thenyoucanpingalloftheinterface
●ConfiguretheNBMAinOSPF,anddesignatedthetypeofnetworkaspoint-to-point
●DesignatetheSW1andSW2asDRinAS167andAS2458.theotherswitchisnotDR.
Note:
(1)EIGRPYY中不能使用passive,这个是明确要求不能使用
(2)既然是平滑过渡,就不能产生32位路由,也就是说在OSPF中环回接口的要改为p2p类型
(3)看清题意,NBMA也要配置P2P类型
(4)做题顺序,从area0开始配置
Solution:
SW1:
iprouting
intvlan33
ipaddYY.YY.33.7255.255.255.0
intvlan44
ipaddYY.YY.44.7255.255.255.0
intlo0
ipospfnetworkpoint-to-point
intfa0/1
ipospfpriority255
intfa0/6
ipospfpriority255
routerospfYY
router-idYY.YY.7.7
netYY.YY.7.70.0.0.0area0
netYY.YY.33.70.0.0.0area0
netYY.YY.44.70.0.0.0area0
netYY.YY.17.70.0.0.0area167
netYY.YY.67.70.0.0.0area167
area167virtual-linkYY.YY.1.1\\所有区域配置完成后,再配置
area167virtual-linkYY.YY.6.6
==================================
SW2:
iprouting
intvlan33
ipaddYY.YY.33.8255.255.255.0
intvlan44
ipaddYY.YY.44.8255.255.255.0
intlo0
ipospfnetworkpoint-to-point
intfa0/2
ipospfpriority255
intfa0/4
ipospfpriority255
intfa0/5
ipospfpriority255
routerospfYY
router-idYY.YY.8.8
netYY.YY.8.80.0.0.0area0
netYY.YY.33.80.0.0.0area0
netYY.YY.44.80.0.0.0area0
netYY.YY.28.80.0.0.0area2458
netYY.YY.48.80.0.0.0area2458
netYY.YY.58.80.0.0.0area2458
area2458virtual-linkYY.YY.2.2
================================
SW3:
iprouting
intvlan33
ipaddYY.YY.33.9255.255.255.0
intlo0
ipospfnetworkpoint-to-point
routerospfYY
router-idYY.YY.9.9
netYY.YY.
- 配套讲稿:
如PPT文件的首页显示word图标,表示该PPT已包含配套word讲稿。双击word图标可打开word文档。
- 特殊限制:
部分文档作品中含有的国旗、国徽等图片,仅作为作品整体效果示例展示,禁止商用。设计者仅对作品中独创性部分享有著作权。
- 关 键 词:
- N2
![提示](https://static.bdocx.com/images/bang_tan.gif)