1. Trang chủ
  2. » Giáo án - Bài giảng

Thực hành mạng máy tính nâng cao

204 1 0

Đang tải... (xem toàn văn)

Tài liệu hạn chế xem trước, để xem đầy đủ mời bạn chọn Tải xuống

THÔNG TIN TÀI LIỆU

Thông tin cơ bản

Tiêu đề Thực Hành Mạng Máy Tính Nâng Cao
Tác giả ThS. Hàn Minh Châu
Trường học Hutech University
Chuyên ngành Computer Networks
Thể loại Practical Document
Năm xuất bản 2021
Thành phố Ho Chi Minh City
Định dạng
Số trang 204
Dung lượng 2,9 MB

Cấu trúc

  • 1.1 HÌNH IPV4-IPV6 STATIC ROUTE VÀ DEFAULT ROUTE (0)
  • 1.2 HÌNH STATIC ROUTE (0)
  • BÀI 2: G (20)
    • 2.1 HÌNH EIGRP IPV4 (0)
    • 2.2 HÌNH EIGRP CHO IPV6 (0)
    • 3.1 SINGLE-AREA OSPFV2 (48)
    • 3.2 MULTI-AREA OSPFV2 (62)
    • 3.3 MULTI-AREA OSPFV3 (86)
    • 4.1 EBGP TRÊN IPV4 (106)
      • 4.1.1 Mô hình (106)
    • 4.2 ROUTE SUMMARIZATION (122)
    • 4.3 ADVERTISING DEFAULT ROUTE (0)
    • 4.4 REDISTRIBUTION (125)
      • 4.4.1 Mô hình (125)
  • BÀI 5: ETHERCHANNEL VÀ HSRP (6)
    • 5.1 HÌNH VLAN , TRUNK VÀ VTP (0)
      • 5.1.1 Mô hình (140)
    • 5.2 ETHERCHANNEL (149)
    • 5.3 HSRP (0)
  • BÀI 6: ACCESS CONTROL LIST (6)
    • 6.1 HÌNH VÀ TRA STANDARD ACL (0)
      • 6.1.1 Mô hình (157)
    • 6.2 HÌNH VÀ TRA VTY (0)
      • 6.2.1 Mô hình (165)
    • 6.3 HÌNH VÀ KI TRA EXTENDED ACL (0)
      • 6.3.1 Mô hình (171)
  • BÀI 7: NAT OVER IPV4 (177)
    • 7.1 HÌNH NAT (0)
      • 7.1.1 Mô hình (177)
  • BÀI 8: GRE VPN (186)
    • 8.1 HÌNH VPN (0)
      • 8.1.1 Mô hình (186)

Nội dung

R1# copy running-config startup-config R2# copy running-config startup-config R3# copy running-config startup-config D2# copy running-config startup-config fe80::1:3 R2config# ipv6 route

G

HÌNH EIGRP CHO IPV6

BÀI 7: NAT TRÊN IPv4 th

1.1 C U HÌNH IPV4-IPV6 STATIC ROUTE VÀ

Device Interface IP Address / Prefix

Device Interface IP Address / Prefix

- hình static route và default route cho IPv4 trên R1, R2

Gán tên cho router: router(config)# hostname R1 router(config)# hostname R2

R1(config)# no ip domain lookup

R2(config)# no ip domain lookup

Gán cisco làm password cho VTY và enable login:

R1(config)# banner motd $ Authorized Users Only! $

R2(config)# banner motd $ Authorized Users Only! $

R1# copy running-config startup-config

R2# copy running-config startup-config

Gán tên cho router: switch(config)# hostname R1 switch(config)# hostname R2

S1(config)# no ip domain lookup

S2(config)# no ip domain lookup

Gán cisco làm password cho VTY và enable login:

S1(config)# banner motd $ Authorized Users Only! $ S2(config)# banner motd $ Authorized Users Only! $

S1# copy running-config startup-config

S2# copy running-config startup-config

R1(config-if)# ipv6 address fe80::1 link-local

R1(config-if)# ipv6 address 2001:db8:acad:2::1/64

R1(config-if)# ipv6 address fe80::1 link-local

R1(config-if)# ipv6 address 2001:db8:acad:1::1/64

R1(config-if)# ipv6 address fe80::1 link-local

R1(config-if)# ipv6 address 2001:db8:acad:10::1/64

R1(config-if)# ipv6 address fe80::1 link-local

R1(config-if)# ipv6 address 2001:db8:acad:209::1/64

R2(config-if)# ipv6 address fe80::2 link-local

R2(config-if)# ipv6 address 2001:db8:acad:2::2/64

R2(config-if)# ipv6 address fe80::2 link-local

R2(config-if)# ipv6 address 2001:db8:acad:1::2/64

R2(config-if)# ipv6 address fe80::2 link-local

R2(config-if)# ipv6 address 2001:db8:acad:11::2/64

R2(config-if)# ipv6 address fe80::2 link-local

R2(config-if)# ipv6 address 2001:db8:acad:210::1/64

R1# copy running-config startup-config

R2# copy running-config startup-config

Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP

D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area

N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2

E1 - OSPF external type 1, E2 - OSPF external type 2 i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2 ia - IS-IS inter area, * - candidate default, U - per-user static route a - application route

+ - replicated route, % - next hop override, p - overrides from PfR

Gateway of last resort is 172.16.1.2 to network 0.0.0.0

10.0.0.0/8 is variably subnetted, 3 subnets, 2 masks

172.16.0.0/16 is variably subnetted, 2 subnets, 2 masks

192.168.1.0/24 is variably subnetted, 2 subnets, 2 masks

209.165.200.0/24 is variably subnetted, 2 subnets, 2 masks

R2(config)# ipv6 route 2001:db8:acad:10::/64 2001:db8:acad:1::1

R2(config)# ipv6 route ::/0 2001:db8:acad:2::1

R2(config)# ipv6 route ::/0 2001:db8:acad:1::1 80

R1(config)# ipv6 route ::/0 2001:db8:acad:2::2

IPv6 Routing Table - default - 11 entries

Codes: C - Connected, L - Local, S - Static, U - Per-user Static route

I2 - ISIS L2, IA - ISIS interarea, IS - ISIS summary, D - EIGRP

EX - EIGRP external, ND - ND Default, NDp - ND Prefix, DCE - Destination NDr - Redirect, RL - RPL, O - OSPF Intra, OI - OSPF Inter

OE1 - OSPF ext 1, OE2 - OSPF ext 2, ON1 - OSPF NSSA ext 1

ON2 - OSPF NSSA ext 2, a - Application

C 2001:DB8:ACAD:1::/64 [0/0] via GigabitEthernet0/0/1, directly connected

L 2001:DB8:ACAD:1::2/128 [0/0] via GigabitEthernet0/0/1, receive

C 2001:DB8:ACAD:2::/64 [0/0] via GigabitEthernet0/0/0, directly connected

L 2001:DB8:ACAD:2::2/128 [0/0] via GigabitEthernet0/0/0, receive

S 2001:DB8:ACAD:10::/64 [1/0] via 2001:DB8:ACAD:1::1

C 2001:DB8:ACAD:11::/64 [0/0] via Loopback1, directly connected

L 2001:DB8:ACAD:11::1/128 [0/0] via Loopback1, receive

C 2001:DB8:ACAD:210::/64 [0/0] via Loopback2, directly connected

L 2001:DB8:ACAD:210::1/128 [0/0] via Loopback2, receive

Hostname Edge ipv6 unicast-routing interface GigabitEthernet0/0 ip address 192.168.10.1 255.255.255.0 ipv6 address FE80::E link-local ipv6 address 2001:DB8:1:10::1/64 interface GigabitEthernet0/1 ip address 192.168.11.1 255.255.255.0 ipv6 address FE80::E link-local ipv6 address 2001:DB8:1:11::1/64 interface Serial0/0/0 ip address 10.10.10.2 255.255.255.252 ipv6 address FE80::E link-local ipv6 address 2001:DB8:A:1::2/64 interface Serial0/0/1 ip address 10.10.10.6 255.255.255.252 ipv6 address FE80::E link-local ipv6 address 2001:DB8:A:2::2/64 ip route 0.0.0.0 0.0.0.0 Serial0/0/0 ip route 0.0.0.0 0.0.0.0 Serial0/0/1 5

10 ipv6 route ::/0 2001:DB8:A:1::1 ipv6 route ::/0 2001:DB8:A:2::1 5

: hostname ISP1 ipv6 unicast-routing interface GigabitEthernet0/0 ip address 198.0.0.1 255.255.255.0 ipv6 address FE80::1 link-local ipv6 address 2001:DB8:F:F::1/64 interface Serial0/0/0 ip address 10.10.10.1 255.255.255.252 ipv6 address FE80::1 link-local ipv6 address 2001:DB8:A:1::1/64 ip route 192.168.10.0 255.255.255.0 Serial0/0/0 ip route 192.168.11.0 255.255.255.0 Serial0/0/0 ip route 192.168.10.0 255.255.255.0 GigabitEthernet0/0 5 ip route 192.168.11.0 255.255.255.0 GigabitEthernet0/0 5 ipv6 route 2001:DB8:1:10::/64 2001:DB8:A:1::2 ipv6 route 2001:DB8:1:11::/64 2001:DB8:A:1::2 ipv6 route 2001:DB8:1:10::/64 2001:DB8:F:F::2 5 ipv6 route 2001:DB8:1:11::/64 2001:DB8:F:F::2 5 hostname ISP2 ipv6 unicast-routing interface GigabitEthernet0/0 ip address 198.0.0.2 255.255.255.0 ipv6 address FE80::2 link-local ipv6 address 2001:DB8:F:F::2/64 interface Serial0/0/1 ipv6 address FE80::2 link-local ipv6 address 2001:DB8:A:2::1/64 ip route 192.168.10.0 255.255.255.0 Serial0/0/1 ip route 192.168.11.0 255.255.255.0 Serial0/0/1 ip route 192.168.10.0 255.255.255.0 GigabitEthernet0/0 5 ip route 192.168.11.0 255.255.255.0 GigabitEthernet0/0 5 ipv6 route 2001:DB8:1:10::/64 2001:DB8:A:2::2 ipv6 route 2001:DB8:1:11::/64 2001:DB8:A:2::2 ipv6 route 2001:DB8:1:10::/64 2001:DB8:F:F::1 5 ipv6 route 2001:DB8:1:11::/64 2001:DB8:F:F::1 5

Device Interface IP Address Subnet Mask

Gán tên cho router: router(config)# hostname R1 router(config)# hostname R2 router(config)# hostname R3

R1(config)# no ip domain lookup

R2(config)# no ip domain lookup

R3(config)# no ip domain lookup

R1(config)# banner motd $ Authorized Users Only! $

R2(config)# banner motd $ Authorized Users Only! $

R3(config)# banner motd $ Authorized Users Only! $

Gán cisco làm password cho VTY và enable login:

R1(config)# service password-encryption R2(config)# service password-encryption R3(config)# service password-encryption

R1# copy running-config startup-config

R2# copy running-config startup-config

R3# copy running-config startup-config

Gán tên cho switch: switch(config)# hostname D1 switch(config)# hostname D2

D1(config)# no ip domain lookup

D2(config)# no ip domain lookup

Gán cisco làm password cho VTY và enable login:

D1(config)# banner motd $ Authorized Users Only! $ D2(config)# banner motd $ Authorized Users Only! $

D1# copy running-config startup-config

D2# copy running-config startup-config

R1(config-if)# ip address 10.0.12.1 255.255.255.0 R1(config-if)# no shutdown

R1(config-subif)# ip address 172.16.1.1 255.255.255.0 R1(config-subif)# no shutdown

R1(config-subif)# ip address 192.168.1.1 255.255.255.0 R1(config-subif)# no shutdown

R1(config)# ip dhcp pool HOSTS

D1(config-vlan)# name HOST-VLAN-2

D1(config-if)# switchport trunk encapsulation dot1q

D1(config-if)# switchport mode trunk

Gán interface vào vlan 2 trên D1:

D1(config-if)# switchport mode access

D1(config-if)# switchport access vlan 2

R2(config-router)# eigrp router-id 2.2.2.2

R1(config)# router eigrp BASIC-EIGRP-LAB

R1(config-router)# address-family ipv4 unicast autonomous-system 27

R1(config-router-af)# eigrp router-id 1.1.1.1

R3(config)# router eigrp BASIC-EIGRP-LAB

R3(config-router)# address-family ipv4 unicast autonomous-system 27

R3(config-router-af)# eigrp router-id 3.3.3.3

D2(config)# router eigrp BASIC-EIGRP-LAB

D2(config-router)# address-family ipv4 unicast autonomous-system 27

D2(config-router-af)# eigrp router-id 132.132.132.132

R1(config)# router eigrp BASIC-EIGRP-LAB

R1(config-router)# address-family ipv4 unicast autonomous-system 27 R1(config-router-af)# af-interface g0/0/1.2

R1(config-router-af-interface)# passive-interface

R1(config-router-af-interface)# end

R2(config-router)# passive-interface default

R2(config-router)# no passive-interface g0/0/0

R2(config-router)# no passive-interface g0/0/1

R3(config)# router eigrp BASIC-EIGRP-LAB

R3(config-router)# address-family ipv4 unicast autonomous-system 27

R3(config-router-af)# af-interface default

R3(config-router-af-interface)# passive-interface

R3(config-router-af-interface)# exit

R3(config-router-af)# af-interface g0/0/0

R3(config-router-af-interface)# no passive-interface

R3(config-router-af-interface)# exit

R3(config-router-af)# af-interface g0/0/1

R3(config-router-af-interface)# no passive-interface

R3(config-router-af-interface)# end

R3# show ip protocols | section Passive

Loopback0 y tính PC1 ping thành công R3

10.0.0.0/8 is variably subnetted, 3 subnets, 2 masks

172.16.0.0/16 is variably subnetted, 3 subnets, 2 masks

192.168.1.0/24 is variably subnetted, 2 subnets, 2 masks

R1# show ip eigrp topology all-links

P 192.168.3.0/24, 2 successors, FD is 196689920, serno 8 via 10.0.12.2 (196689920/131153920), g0/0/0 via 172.16.1.2 (196689920/131153920), g0/0/1.1

P 172.16.13.0/24, 1 successors, FD is 196608000, serno 7 via 172.16.1.2 (196608000/131072000), g0/0/1.1 via 10.0.12.2 (262144000/196608000), g0/0/0

P 192.168.1.0/24, 1 successors, FD is 131072000, serno 2 via Connected, g0/0/1.2 via Connected, g0/0/1.1

P 10.0.23.0/24, 1 successors, FD is 196608000, serno 4 via 10.0.12.2 (196608000/131072000), g0/0/0 via 172.16.1.2 (262144000/196608000), g0/0/1.1

P 10.0.12.0/24, 1 successors, FD is 131072000, serno 3 via Connected, g0/0/0 nhau

R3# show ip route eigrp | section 192.168.1.0

R3# show ip route eigrp | section 192.168.1.0

EIGRP-AUTHEN-KEY trên R1, R2, R3, D2 key-string là $3cre7!!

R1(config)# key chain EIGRP-AUTHEN-KEY

R1(config-keychain-key)# key-string $3cre7!!

R2(config-if)# ip authentication key-chain eigrp 27 EIGRP-AUTHEN-KEY

R2(config-if)# ip authentication mode eigrp 27 md5

R2(config-if)# ip authentication key-chain eigrp 27 EIGRP-AUTHEN-KEY

R2(config-if)# ip authentication mode eigrp 27 md5

R1(config)# router eigrp BASIC-EIGRP-LAB

R1(config-router)# address-family ipv4 unicast autonomous-system 27

R1(config-router-af)# af-interface g0/0/0

R1(config-router-af-interface)# authentication key-chain EIGRP-AUTHEN-KEY R1(config-router-af-interface)# authentication mode md5

R1(config-router-af-interface)# end

R3(config)# router eigrp BASIC-EIGRP-LAB

R3(config-router)# address-family ipv4 unicast autonomous-system 27

R3(config-router-af)# af-interface g0/0/0

R3(config-router-af-interface)# authentication key-chain EIGRP-AUTHEN-KEY R3(config-router-af-interface)# authentication mode md5

R3(config-router-af-interface)# end md5 R1# show ip eigrp interface detail | section G0/0/0

Authentication mode is md5, key-chain is "EIGRP-AUTHEN-KEY"

- $3cre7!! trên R1 và D2 có cùng Named EIGRP

R1(config)# router eigrp BASIC-EIGRP-LAB

R1(config-router)# address-family ipv4 unicast autonomous-system 27

R1(config-router-af-interface)# authentication mode hmac-sha-256 $3cre7!! R1(config-router-af-interface)# end

D2(config)# router eigrp BASIC-EIGRP-LAB

D2(config-router)# address-family ipv4 unicast autonomous-system 27

D2(config-router-af)# af-interface g1/0/1

D2(config-router-af-interface)# authentication mode hmac-sha-256 $3cre7!! D2(config-router-af-interface)# end

Authentication mode HMAC-SHA-256 R1# show ip eigrp interface detail | section G0/0/1.1

Authentication mode is HMAC-SHA-256, key-chain is not set

Device Interface IPv6 Address/Prefix Length Link Local Address

Device Interface IPv6 Address/Prefix Length Link Local Address R2

R1(config)# no ip domain lookup

R1(config)# banner motd # R1, Implement EIGRP for IPv6 #

R1(config-if)# ipv6 address 2001:db8:cafe:1::1/64

R1(config-if)# ipv6 address fe80::1:1 link-local

R1(config-if)# no ip address

R1(config-subif)# description VLAN 1 Interface

R1(config-subif)# ipv6 address fe80::1:2 link-local

R1(config-subif)# ipv6 address 2001:db8:acad:1::1/64

R1(config-subif)# description VLAN 2 Interface

R1(config-subif)# ipv6 address fe80::1:3 link-local

R1(config-subif)# ipv6 address 2001:db8:acad:2::1/64

R2(config)# no ip domain lookup

R2(config)# banner motd # R2, Implement EIGRP for IPv6 #

R2(config-if)# ipv6 address 2001:db8:cafe:1::2/64

R2(config-if)# ipv6 address fe80::2:1 link-local

R2(config-if)# ipv6 address 2001:db8:cafe:2::2/64

R2(config-if)#ipv6 address fe80::2:2 link-local

R2(config-if)# description Internet host

R2(config-if)# ipv6 address 2001:db8:ff:999::153/64

R2(config-if)# ipv6 address 2001:db8:cede::1/64

R2(config-if)# ipv6 address fe80::2:4 link-local

R2(config-if)# ipv6 address 2001:db8:cede:1::1/64

R2(config-if)# ipv6 address fe80::2:5 link-local

R3(config)# no ip domain lookup

R3(config)# banner motd # R3, Implement EIGRP for IPv6 #

R3(config-if)# ipv6 address fe80::3:1 link-local R3(config-if)# ipv6 address 2001:db8:cafe:2::1/64 R3(config-if)# no shutdown

R3(config-if)#ipv6 address fe80::3:2 link-local R3(config-if)# ipv6 address 2001:db8:acad:3::1/64 R3(config-if)# no shutdown

R3(config-if)# ipv6 address fe80::3:3 link-local R3(config-if)# ipv6 address 2001:db8:abcd:8::1/64 R3(config-if)# no shutdown

R3(config-if)# ipv6 address fe80::3:4 link-local R3(config-if)# ipv6 address 2001:db8:abcd:9::1/64 R3(config-if)# no shutdown

R3(config-if)# ipv6 address fe80::3:5 link-local R3(config-if)# ipv6 address 2001:db8:abcd:10::1/64 R3(config-if)# no shutdown

R3(config-if)# ipv6 address fe80::3:6 link-local R3(config-if)# ipv6 address 2001:db8:abcd:11::1/64 R3(config-if)# no shutdown

R3(config-if)# ipv6 address fe80::3:7 link-local

R3(config-if)# ipv6 address 2001:db8:abcd:12::1/64

D1(config)# no ip domain lookup

D1(config)# banner motd # D1, Implement EIGRP for IPv6 #

D1(config-vlan)# name HOST-VLAN

D1(config-if)# switchport trunk encapsulation dot1q

D1(config-if)# switchport mode trunk

D1(config-if)# switchport mode access

D1(config-if)# switchport access vlan 2

D2(config)# no ip domain lookup

D2(config)# banner motd # D2, Implement EIGRP for IPv6 #

D2(config-if)# ipv6 address fe80::d1:1 link-local

D2(config-if)# ipv6 address 2001:Db8:acad:1::2/64

D2(config-if)# ipv6 address fe80::d1:2 link-local

D2(config-if)# ipv6 address 2001:db8:acad:3::2/64

R1# copy running-config startup-config

R2# copy running-config startup-config

R3# copy running-config startup-config

D2# copy running-config startup-config fe80::1:3

R2(config-rtr)# eigrp router-id 2.2.2.2

R1(config)# router eigrp EIGRP_IPV6

R1(config-router)# address-family ipv6 unicast autonomous-system 43

R1(config-router-af)# eigrp router-id 1.1.1.1

R3(config)# router eigrp EIGRP_IPV6

R3(config-router)# address-family ipv6 unicast autonomous-system 43

R3(config-router-af)# eigrp router-id 3.3.3.3

D2(config)# router eigrp EIGRP_IPV6

D2(config-router)# address-family ipv6 unicast autonomous-system 43

D2(config-router-af)# eigrp router-id 132.132.132.132

# show ipv6 route eigrp uccessor và feasible successor

R1# show ipv6 eigrp topology all-links

R1(config)# router eigrp EIGRP_IPV6

R1(config-router)# address-family ipv6 unicast autonomous-system 43

R1(config-router-af)# af-interface g0/0/1.2

R1(config-router-af-interface)# passive-interface

R1(config-router-af-interface)# end

(Classic EIGRP) R2(config)# ipv6 router eigrp 43

R2(config-rtr)# passive-interface default

R2(config-rtr)# no passive-interface g0/0/0

R2(config-rtr)# no passive-interface g0/0/1

RP) R3(config)# router eigrp EIGRP_IPV6

R3(config-router)# address-family ipv6 unicast autonomous-system 43

R3(config-router-af)# af-interface default

R3(config-router-af-interface)# passive-interface

R3(config-router-af-interface)# exit-af-interface

R3(config-router-af)# af-interface g0/0/0

R3(config-router-af-interface)# no passive-interface

R3(config-router-af-interface)# exit-af-interface

R3(config-router-af)# af-interface g0/0/1

R3(config-router-af-interface)# no passive-interface

R3(config-router-af-interface)# end

R3# show ipv6 protocols | include (passive

Loopback4 (passive) Loopback3 (passive) Loopback2 (passive) Loopback1 (passive) hình default route trên R2 qua interface Loopback0 R2(config)# ipv6 route ::/0 2001:db8:ff:999::1

R2(config-rtr)# no redistribute static

R2(config-if)# ipv6 summary-address eigrp 43 ::/0

R2(config-if)# ipv6 summary-address eigrp 43 ::/0

R3(config)# router eigrp EIGRP_IPV6

R3(config-router)# address-family ipv6 unicast autonomous-system 43

R3(config-router-af)# af-interface g0/0/0

R3(config-router-af-interface)# summary-address 2001:db8:abcd::/56

R3(config-router-af-interface)# exit

R3(config-router-af)# af-interface g0/0/1

R3(config-router-af-interface)# summary-address 2001:db8:abcd::/56

R3(config-router-af-interface)# end

D 2001:DB8:ABCD::/56 [90/1536640] via FE80::D1:1, Ethernet0/1.1

-AUTHEN-KEY trên R1, R2, R3, D2 i key-string là

R1(config)# key chain EIGRPv6-AUTHEN-KEY

R1(config-keychain-key)# key-string $3cre7!!

R2(config-if)# ipv6 authentication key-chain eigrp 43 EIGRPv6-AUTHEN-KEY R2(config-if)# ipv6 authentication mode eigrp 43 md5

R2(config-if)# ipv6 authentication key-chain eigrp 43 EIGRPv6-AUTHEN-KEY R2(config-if)# ipv6 authentication mode eigrp 43 md5

R1(config)# router eigrp EIGRP_IPV6

R1(config-router)# address-family ipv6 unicast autonomous-system 43

R1(config-router-af)# af-interface g0/0/0

R1(config-router-af-interface)# authentication key-chain EIGRPv6-AUTHEN-KEY R1(config-router-af-interface)# authentication mode md5

R1(config-router-af-interface)# end

R3(config)# router eigrp EIGRP_IPV6

R3(config-router)# address-family ipv6 unicast autonomous-system 43

R3(config-router-af)# af-interface g0/0/0

R3(config-router-af-interface)# authentication key-chain EIGRPv6-AUTHEN-KEY R3(config-router-af-interface)# authentication mode md5

R3(config-router-af-interface)# end thentication mode md5 R1# show ipv6 eigrp interface detail | section Gi0/0/0

Authentication mode is md5, key-chain is "EIGRP-AUTHEN-KEY"

- G0/0/1.1, R3 interface G0/0/1, và D2 interfaces G1/0/1 - G1/0/11 có cùng Named EIGRP

R1(config)# router eigrp EIGRP_IPV6

R1(config-router)# address-family ipv6 unicast autonomous-system 43

R1(config-router-af)# af-interface g0/0/1.1

R1(config-router-af-interface)# authentication mode hmac-sha-256 $3cre7!! R1(config-router-af-interface)# end

-SHA-256 R1# show ipv6 eigrp interface detail | section Gi0/0/1.1

Authentication mode is HMAC-SHA-256, key-chain is not set

R2(config-if)# no ipv6 summary-address eigrp 43 ::/0

R2(config-if)# no ipv6 summary-address eigrp 43 ::/0

R3# show ipv6 route eigrp | section 2001:DB8:ACAD:2::/64

D 2001:DB8:ACAD:2::/64 [90/2048000] via FE80::2:2, Ethernet0/0 via FE80::D1:2, Ethernet0/1

R3# show ipv6 route eigrp | section 2001:DB8:ACAD:2::/64

D 2001:DB8:ACAD:2::/64 [90/2048000] via FE80::D1:2, Ethernet0/1

R3(config)# router eigrp EIGRP_IPV6

R3(config-router)# address-family ipv6 unicast autonomous-system 43

R3(config-router-af)# topology base

R3(config-router-af-topology)# variance 2

R3(config-router-af-topology)# exit

SINGLE-AREA OSPFV2

R1(config)#no ip domain lookup

R1(config-if)# ip address 192.168.1.1 255.255.255.192 R1(config-if)# no shut

R1(config-if)#ip address 10.10.0.1 255.255.255.248 R1(config-if)# no shut

D1(config)# no ip domain lookup

D1(config-if)# ip address 10.10.0.2 255.255.255.248 D1(config-if)# no shut

D1(config-if)# ip address 10.10.8.1 255.255.255.0 D1(config-if)# no shut

D1(config-if)# ip address 10.10.9.1 255.255.255.0 D1(config-if)# no shut

D2(config)# no ip domain lookup

R1# copy running-config startup-config

D1# copy running-config startup-config

D2# copy running-config startup-config

R1# show ip interface brief | include manual

GigabitEthernet0/0/1 10.10.0.1 YES manual up up Loopback0 209.165.200.225 YES manual up up Loopback1 192.168.1.1 YES manual up up

D1# show ip interface brief | include manual

GigabitEthernet1/0/5 10.10.0.2 YES manual up up GigabitEthernet1/0/23 10.10.8.1 YES manual up up GigabitEthernet1/0/24 10.10.9.1 YES manual up up

D2# show ip interface brief | include manual

GigabitEthernet1/0/5 10.10.0.3 YES manual up up GigabitEthernet1/0/23 10.10.24.1 YES manual up up GigabitEthernet1/0/24 10.10.25.1 YES manual up up

Type escape sequence to abort

Sending 5, 100-byte ICMP Echos to 10.10.0.2, timeout is 2 seconds: !!!!

Success rate is 80 percent (4/5), round-trip min/avg/max = 1/1/1 ms R1# ping 10.10.0.3

Type escape sequence to abort

Sending 5, 100-byte ICMP Echos to 10.10.0.3, timeout is 2 seconds: !!!!

Success rate is 80 percent (4/5), round-trip min/avg/max = 1/1/1 ms

Outgoing update filter list for all interfaces is not set

Incoming update filter list for all interfaces is not set

Number of areas in this router is 1 1 normal 0 stub 0 nssa

Outgoing update filter list for all interfaces is not set

Incoming update filter list for all interfaces is not set

Number of areas in this router is 1 1 normal 0 stub 0 nssa

R1(config-if)# ip ospf network point-to-point

R1(config-if)# ip ospf 123 area 0

R1(config-if)#ip ospf 123 area 0

R1# show ip protocols | section ospf

Outgoing update filter list for all interfaces is not set Incoming update filter list for all interfaces is not set Router ID 209.165.200.225

Number of areas in this router is 1 1 normal 0 stub 0 nssa Maximum path: 4

Routing on Interfaces Configured Explicitly (Area 0):

Reset ALL OSPF processes? [no]: yes R1# show ip protocol | include Router ID

Reset ALL OSPF processes? [no]: yes D1# show ip protocol | include Router ID

Reset ALL OSPF processes? [no]: yes

D2# show ip protocols | include Router ID

R1# show ip route ospf | begin Gateway

Gateway of last resort is not set

10.0.0.0/8 is variably subnetted, 6 subnets, 3 masks

D1# show ip route ospf | begin Gateway

Gateway of last resort is not set

10.0.0.0/8 is variably subnetted, 8 subnets, 3 masks

O 10.10.25.0/24 [110/20] via 10.10.0.3, 00:11:17, GigabitEthernet1/0/5 192.168.1.0/26 is subnetted, 1 subnets

D2# show ip route ospf | begin Gateway

Gateway of last resort is not set

10.0.0.0/8 is variably subnetted, 8 subnets, 3 masks

O 10.10.9.0/24 [110/20] via 10.10.0.2, 00:14:26, GigabitEthernet1/0/5 192.168.1.0/26 is subnetted, 1 subnets

R1# show ip ospf interface brief

Interface PID Area IP Address/Mask Cost State Nbrs F/C

D1# show ip ospf interface brief

Interface PID Area IP Address/Mask Cost State Nbrs F/C

D2# show ip ospf interface brief

Interface PID Area IP Address/Mask Cost State Nbrs F/C

R1(config-router)# default-information originate

R1# show ip route static | begin Gateway

Gateway of last resort is 0.0.0.0 to network 0.0.0.0

D1# show ip route | include Gateway|0/0

Gateway of last resort is 10.10.0.1 to network 0.0.0.0

D2# show ip route | include Gateway|0/0

Gateway of last resort is 10.10.0.1 to network 0.0.0.0

O*E2 0.0.0.0/0 [110/1] via 10.10.0.1, 00:09:36, GigabitEthernet1/0/5 passive interfaces trên R1, D1 và D2

R1(config-router)# passive-interface lo1

D1(config-router)# passive-interface default

D1(config-router)# no passive-interface g1/0/5

D2(config-router)# passive-interface default

D2(config-router)# no passive-interface g1/0/5

R1# show ip protocols | section ospf

R1(config-router)# auto-cost reference-bandwidth 1000

% OSPF: Reference bandwidth is changed

Please ensure reference bandwidth is consistent across all routers R1(config-router)# end

D1(config-router)# auto-cost reference-bandwidth 1000

% OSPF: Reference bandwidth is changed

Please ensure reference bandwidth is consistent across all routers D1(config-router)# end

D2(config-router)# auto-cost reference-bandwidth 1000

% OSPF: Reference bandwidth is changed

Please ensure reference bandwidth is consistent across all routers D2(config-router)# end

, D1, D2 R1# show ip ospf | include Ref

D1# show ip ospf | include Ref

D2# show ip ospf | include Ref

R1# show ip route ospf | begin Gateway

Gateway of last resort is 0.0.0.0 to network 0.0.0.0

D1# show ip route ospf | begin Gateway

Gateway of last resort is 10.10.0.1 to network 0.0.0.0

10.0.0.0/8 is variably subnetted, 5 subnets, 2 masks

O 10.10.25.0/24 [110/20] via 10.10.0.3, 00:02:48, GigabitEthernet1/0/5 192.168.1.0/26 is subnetted, 1 subnets

D2# show ip route ospf | begin Gateway

Gateway of last resort is 10.10.0.1 to network 0.0.0.0

10.0.0.0/8 is variably subnetted, 5 subnets, 2 masks

O 10.10.9.0/24 [110/20] via 10.10.0.2, 00:00:10, GigabitEthernet1/0/5 192.168.1.0/26 is subnetted, 1 subnets

Hello timers và Dead timers

R1(config-if)# ip ospf hello-interval 5

R1(config-if)# ip ospf dead-interval 20

D1(config-if)# ip ospf hello-interval 5

D1(config-if)# ip ospf dead-interval 20

D2(config-if)# ip ospf hello-interval 5

D2(config-if)# ip ospf dead-interval 20

R1# show ip ospf interface g0/0/1 | include Timer

Timer intervals configured, Hello 5, Dead 20, Wait 20, Retransmit 5 D1# show ip ospf interface g1/0/5 | include Timer

Timer intervals configured, Hello 5, Dead 20, Wait 20, Retransmit 5 D2# show ip ospf interface g1/0/5 | include Timer

Timer intervals configured, Hello 5, Dead 20, Wait 20, Retransmit 5

DR và BDR trong OSPF

Neighbor ID Pri State Dead Time Address Interface 2.2.2.2 1 FULL/BDR 00:00:34 10.10.0.2 G0/0/1

GigabitEthernet0/0/1 is up, line protocol is up

Internet Address 10.10.0.1/29, Interface ID 7, Area 0

Process ID 123, Router ID 1.1.1.1, Network Type BROADCAST, Cost: 10 Topology-MTID Cost Disabled Shutdown Topology Name

Enabled by interface config, including secondary ip addresses

Transmit Delay is 1 sec, State BDR, Priority 1

Designated Router (ID) 3.3.3.3, Interface address 10.10.0.3

Backup Designated router (ID) 2.2.2.2, Interface address 10.10.0.2 Timer intervals configured, Hello 5, Dead 20, Wait 20, Retransmit 5

Supports Link-local Signaling (LLS)

Cisco NSF helper support enabled

IETF NSF helper support enabled

Can be protected by per-prefix Loop-Free FastReroute

Can be used for per-prefix Loop-Free FastReroute repair paths

Not Protected by per-prefix TI-LFA

Last flood scan length is 1, maximum is 2

Last flood scan time is 0 msec, maximum is 1 msec

Neighbor Count is 2, Adjacent neighbor count is 2

Adjacent with neighbor 2.2.2.2 (Backup Designated Router)

Adjacent with neighbor 3.3.3.3 (Designated Router)

D2(config-if)# ip ospf priority 0

R1(config-if)# ip ospf priority 255

Neighbor ID Pri State Dead Time Address Interface

R1# show ip ospf interface g0/0/1 | include State

Transmit Delay is 1 sec, State DR, Priority 255

Neighbor ID Pri State Dead Time Address Interface

MULTI-AREA OSPFV2

R1(config)# no ip domain lookup

R1(config)# banner motd # This is R1, Implement Multi-Area OSPFv2 Lab #

R2(config)# no ip domain lookup

R2(config)# banner motd # This is R2, Implement Multi-Area OSPFv2 Lab #

R3(config)# no ip domain lookup

R3(config)# banner motd # This is R3, Implement Multi-Area OSPFv2 Lab #

D1(config)# no ip domain lookup

D1(config)# banner motd # This is D1, Implement Multi-Area OSPFv2 Lab #

D2(config)# no ip domain lookup

D2(config)# banner motd # This is D2, Implement Multi-Area OSPFv2 Lab #

R1# copy running-config startup-config

R2# copy running-config startup-config

R3# copy running-config startup-config

D1# copy running-config startup-config

D2# copy running-config startup-config

R1# show ip interface brief | include manual

GigabitEthernet0/0/0 172.16.0.2 YES manual up up GigabitEthernet0/0/1 10.10.0.1 YES manual up up

R2# show ip interface brief | include manual GigabitEthernet0/0/0 172.16.0.1 YES manual up up GigabitEthernet0/0/1 172.16.1.1 YES manual up up Loopback0 209.165.200.225 YES manual up up

R3# show ip interface brief | include manual GigabitEthernet0/0/0 172.16.1.2 YES manual up up GigabitEthernet0/0/1 10.10.4.1 YES manual up up

D1# show ip interface brief | include manual GigabitEthernet1/0/11 10.10.0.2 YES manual up up GigabitEthernet1/0/23 10.10.1.1 YES manual up up

GigabitEthernet1/0/11 10.10.4.2 YES manual up up

GigabitEthernet1/0/23 10.10.5.1 YES manual up up

D1(config-router)# auto-cost reference-bandwidth 1000

*** IP Routing is NSF aware ***

Outgoing update filter list for all interfaces is not set

Incoming update filter list for all interfaces is not set

Number of areas in this router is 1 1 normal 0 stub 0 nssa

D1#show ip ospf interface brief

Interface PID Area IP Address/Mask Cost State Nbrs F/C Gi1/0/23 123 1 10.10.1.1/24 100 DR 0/0

R1(config-router)# auto-cost reference-bandwidth 1000

R1# show ip protocols | begin ospf

Outgoing update filter list for all interfaces is not set Incoming update filter list for all interfaces is not set Router ID 1.1.1.1

It is an area border router

Number of areas in this router is 2 2 normal 0 stub 0 nssa Maximum path: 4

R1#show ip ospf | begin Ref

Reference bandwidth unit is 1000 mbps

Number of interfaces in this area is 1

SPF algorithm last executed 00:12:29.782 ago

Number of LSA 3 Checksum Sum 0x0142E6

Number of opaque link LSA 0 Checksum Sum 0x000000

Number of interfaces in this area is 1

SPF algorithm last executed 00:12:19.777 ago

Number of LSA 4 Checksum Sum 0x01C317

Number of opaque link LSA 0 Checksum Sum 0x000000

R1# show ip ospf interface brief

Interface PID Area IP Address/Mask Cost State Nbrs F/C Gi0/0/0 123 0 172.16.0.2/30 1 DR 0/0

Neighbor ID Pri State Dead Time Address Interface

R1# show ip ospf neighbor detail

Neighbor 1.1.1.2, interface address 10.10.0.2, interface-id 38

In the area 1 via interface GigabitEthernet0/0/1

Neighbor priority is 1, State is FULL, 6 state changes

Options is 0x12 in Hello (E-bit, L-bit)

Options is 0x52 in DBD (E-bit, L-bit, O-bit)

Index 1/1/1, retransmission queue length 0, number of retransmission 0 First 0x0(0)/0x0(0)/0x0(0) Next 0x0(0)/0x0(0)/0x0(0)

Last retransmission scan length is 0, maximum is 0

Last retransmission scan time is 0 msec, maximum is 0 msec

R1#show ip route ospf | begin Gateway

Gateway of last resort is not set

10.0.0.0/8 is variably subnetted, 3 subnets, 3 masks

Known via "ospf 123", distance 110, metric 11, type intra area

Last update from 10.10.0.2 on GigabitEthernet0/0/1, 00:25:25 ago

Route metric is 11, traffic share count is 1

R2(config-router)# auto-cost reference-bandwidth 1000

R2(config-router)# default-information originate

R2# show ip protocols | begin ospf

Outgoing update filter list for all interfaces is not set

Incoming update filter list for all interfaces is not set

Number of areas in this router is 1 1 normal 0 stub 0 nssa

R2#show ip ospf | begin Ref

Reference bandwidth unit is 1000 mbps

Number of interfaces in this area is 2

SPF algorithm last executed 00:05:04.999 ago

Number of LSA 5 Checksum Sum 0x01F6E8

Number of opaque link LSA 0 Checksum Sum 0x000000

R2# show ip ospf interface brief

Interface PID Area IP Address/Mask Cost State Nbrs F/C Gi0/0/1 123 0 172.16.1.1/30 1 DR 0/0

Neighbor ID Pri State Dead Time Address Interface 1.1.1.1 1 FULL/DR 00:00:36 172.16.0.2 G0/0/0

R2# show ip ospf neigh detail

Neighbor 1.1.1.1, interface address 172.16.0.2, interface-id 5

In the area 0 via interface GigabitEthernet0/0/0

Neighbor priority is 1, State is FULL, 6 state changes

Options is 0x12 in Hello (E-bit, L-bit)

Options is 0x52 in DBD (E-bit, L-bit, O-bit)

Index 1/1/1, retransmission queue length 0, number of retransmission 0 First 0x0(0)/0x0(0)/0x0(0) Next 0x0(0)/0x0(0)/0x0(0)

Last retransmission scan length is 0, maximum is 0

Last retransmission scan time is 0 msec, maximum is 0 msec

R2# show ip route ospf | begin Gateway

Gateway of last resort is 0.0.0.0 to network 0.0.0.0

10.0.0.0/8 is variably subnetted, 2 subnets, 2 masks

R2# show ip route static | begin Gateway

Gateway of last resort is 0.0.0.0 to network 0.0.0.0

Known via "ospf 123", distance 110, metric 12, type inter area

Last update from 172.16.0.2 on GigabitEthernet0/0/0, 00:31:08 ago

Route metric is 12, traffic share count is 1

R3(config-router)# auto-cost reference-bandwidth 1000

R3# show ip protocols | begin ospf

Outgoing update filter list for all interfaces is not set

Incoming update filter list for all interfaces is not set

It is an area border router

Number of areas in this router is 2 2 normal 0 stub 0 nssa

R3# show ip ospf | begin Ref

Reference bandwidth unit is 1000 mbps

Number of interfaces in this area is 1

SPF algorithm last executed 00:10:38.256 ago

Number of LSA 8 Checksum Sum 0x0396BA

Number of opaque link LSA 0 Checksum Sum 0x000000 Number of DCbitless LSA 0

Number of interfaces in this area is 1

SPF algorithm last executed 00:10:13.755 ago

Number of LSA 6 Checksum Sum 0x0362CF

Number of opaque link LSA 0 Checksum Sum 0x000000 Number of DCbitless LSA 0

R3# show ip ospf interface brief

Interface PID Area IP Address/Mask Cost State Nbrs F/C Gi0/0/0 123 0 172.16.1.2/30 1 BDR 1/1

Neighbor ID Pri State Dead Time Address Interface 2.2.2.1 1 FULL/DR 00:00:31 172.16.1.1 G0/0/0

R3# show ip ospf neighbor detail

Neighbor 2.2.2.1, interface address 172.16.1.1, interface-id 6

In the area 0 via interface GigabitEthernet0/0/0

Neighbor priority is 1, State is FULL, 6 state changes

Options is 0x12 in Hello (E-bit, L-bit)

Options is 0x52 in DBD (E-bit, L-bit, O-bit)

Index 1/1/1, retransmission queue length 0, number of retransmission 0 First 0x0(0)/0x0(0)/0x0(0) Next 0x0(0)/0x0(0)/0x0(0)

Last retransmission scan length is 0, maximum is 0

Last retransmission scan time is 0 msec, maximum is 0 msec

R3# show ip route ospf | begin Gateway

Gateway of last resort is 172.16.1.1 to network 0.0.0.0

10.0.0.0/8 is variably subnetted, 4 subnets, 3 masks

172.16.0.0/16 is variably subnetted, 3 subnets, 2 masks

Known via "ospf 123", distance 110, metric 1, candidate default path Tag 123, type extern 2, forward metric 1

Last update from 172.16.1.1 on GigabitEthernet0/0/0, 00:28:41 ago Routing Descriptor Blocks:

* 172.16.1.1, from 2.2.2.1, 00:28:41 ago, via GigabitEthernet0/0/0 Route metric is 1, traffic share count is 1

Known via "ospf 123", distance 110, metric 13, type inter area

Last update from 172.16.1.1 on GigabitEthernet0/0/0, 00:29:10 ago Routing Descriptor Blocks:

* 172.16.1.1, from 1.1.1.1, 00:29:10 ago, via GigabitEthernet0/0/0 Route metric is 13, traffic share count is 1

D2(config-router)# auto-cost reference-bandwidth 1000

Outgoing update filter list for all interfaces is not set

Incoming update filter list for all interfaces is not set

Number of areas in this router is 1 1 normal 0 stub 0 nssa

D2# show ip ospf interface brief

Interface PID Area IP Address/Mask Cost State Nbrs F/C Gi1/0/23 123 2 10.10.5.1/24 10 DR 0/0 G11/0/11 123 2 10.10.4.2/30 1 BDR 1/1

Neighbor ID Pri State Dead Time Address Interface 3.3.3.1 1 FULL/BDR 00:00:33 10.10.4.1 G1/0/11

D2# show ip route ospf | begin Gateway

Gateway of last resort is 10.10.4.1 to network 0.0.0.0

10.0.0.0/8 is variably subnetted, 6 subnets, 3 masks

Known via "ospf 123", distance 110, metric 1, candidate default path

Tag 123, type extern 2, forward metric 2

Last update from 10.10.4.1 on G1/0/11, 00:18:31 ago

Route metric is 1, traffic share count is 1

Pinging 10.10.5.10 with 32 bytes of data:

Reply from 10.10.5.10: bytes2 time=1ms TTL3

Reply from 10.10.5.10: bytes2 time=1ms TTL3

Reply from 10.10.5.10: bytes2 time=1ms TTL3

Reply from 10.10.5.10: bytes2 time=1ms TTL3

Neighbor ID Pri State Dead Time Address Interface 1.1.1.1 1 FULL/BDR 00:00:32 10.10.0.1 G1/0/11

D1# show ip route ospf | begin Gateway

Gateway of last resort is 10.10.0.1 to network 0.0.0.0

10.0.0.0/8 is variably subnetted, 6 subnets, 3 masks

OSPF Router with ID (1.1.1.2) (Process ID 123)

Link ID ADV Router Age Seq# Checksum Link count 1.1.1.1 1.1.1.1 1806 0x80000005 0x00DC15 1

Link ID ADV Router Age Seq# Checksum

Summary Net Link States (Area 1)

Link ID ADV Router Age Seq# Checksum

Summary ASB Link States (Area 1)

Link ID ADV Router Age Seq# Checksum

Type-5 AS External Link States

Link ID ADV Router Age Seq# Checksum Tag

D1# show ip ospf database router

OSPF Router with ID (1.1.1.2) (Process ID 123)

Routing Bit Set on this LSA in topology Base with MTID 0

Options: (No TOS-capability, DC)

Link connected to: a Transit Network

(Link ID) Designated Router address: 10.10.0.2 (Link Data) Router Interface address: 10.10.0.1 Number of TOS metrics: 0

Options: (No TOS-capability, DC)

Link connected to: a Transit Network

(Link ID) Designated Router address: 10.10.0.2 (Link Data) Router Interface address: 10.10.0.2 Number of MTID metrics: 0

(Link ID) Network/subnet number: 10.10.1.0

Xem thông tin network LSA type 2

D1# show ip ospf database network

OSPF Router with ID (1.1.1.2) (Process ID 123)

Options: (No TOS-capability, DC)

Link State ID: 10.10.0.2 (address of Designated Router)

Xem thông tin network LSA type 3

D1# show ip ospf database summary

OSPF Router with ID (1.1.1.2) (Process ID 123)

Summary Net Link States (Area 1)

Options: (No TOS-capability, DC, Upward)

LS Type: Summary Links(Network)

Link State ID: 10.10.4.0 (summary Network Number)

Options: (No TOS-capability, DC, Upward)

LS Type: Summary Links(Network)

Link State ID: 10.10.5.0 (summary Network Number) Advertising Router: 1.1.1.1

Options: (No TOS-capability, DC, Upward)

LS Type: Summary Links(Network)

Link State ID: 172.16.0.0 (summary Network Number) Advertising Router: 1.1.1.1

Options: (No TOS-capability, DC, Upward)

LS Type: Summary Links(Network)

Link State ID: 172.16.1.0 (summary Network Number) Advertising Router: 1.1.1.1

Xem thông tin network LSA type 4

D1# show ip ospf database asbr-summary

OSPF Router with ID (1.1.1.2) (Process ID 123)

Summary ASB Link States (Area 1)

Options: (No TOS-capability, DC, Upward)

LS Type: Summary Links(AS Boundary Router)

Link State ID: 2.2.2.1 (AS Boundary Router address)

Xem thông tin network LSA type 5

D1# show ip ospf database external

OSPF Router with ID (1.1.1.2) (Process ID 123)

Type-5 AS External Link States

Options: (No TOS-capability, DC, Upward)

LS Type: AS External Link

Link State ID: 0.0.0.0 (External Network Number )

Metric Type: 2 (Larger than any link state path)

OSPF Router with ID (1.1.1.1) (Process ID 123)

Link ID ADV Router Age Seq# Checksum Link count 1.1.1.1 1.1.1.1 1250 0x80000009 0x001E87 1

Link ID ADV Router Age Seq# Checksum

Summary Net Link States (Area 0)

Link ID ADV Router Age Seq# Checksum

Link ID ADV Router Age Seq# Checksum Link count 1.1.1.1 1.1.1.1 1250 0x80000009 0x00D419 1

Link ID ADV Router Age Seq# Checksum

Summary Net Link States (Area 1)

Link ID ADV Router Age Seq# Checksum

Summary ASB Link States (Area 1)

Link ID ADV Router Age Seq# Checksum

Type-5 AS External Link States

Link ID ADV Router Age Seq# Checksum Tag

OSPF Router with ID (2.2.2.1) (Process ID 123)

Link ID ADV Router Age Seq# Checksum Link count 1.1.1.1 1.1.1.1 1790 0x80000009 0x001E87 1

Link ID ADV Router Age Seq# Checksum

Summary Net Link States (Area 0)

Link ID ADV Router Age Seq# Checksum

Type-5 AS External Link States

Link ID ADV Router Age Seq# Checksum Tag

MULTI-AREA OSPFV3

Device Interface IPv4 Address IPv6 Address IPv6 Link-Local R1 G0/0/0 172.16.0.2/30 2001:db8:acad:a001::2/64 fe80::1:2

R1(config)# no ip domain lookup

R1(config-if)# ipv6 add 2001:db8:acad:a001::2/64 R1(config-if)# ipv6 add fe80::1:2 link-local

R1(config-if)# ip add 10.10.0.1 255.255.255.252 R1(config-if)# ipv6 add 2001:db8:acad:1001::1/64 R1(config-if)# ipv6 add fe80::1:1 link-local

R2(config)# no ip domain lookup

R2(config-if)# ip add 172.16.0.1 255.255.255.252 R2(config-if)# ipv6 add 2001:db8:acad:a001::1/64 R2(config-if)# ipv6 add fe80::2:1 link-local

R2(config-if)# ip address 172.16.1.1 255.255.255.252 R2(config-if)# ipv6 add 2001:db8:acad:a002::1/64 R2(config-if)# ipv6 add fe80::2:2 link-local

R2(config-if)# ipv6 add 2001:db8:feed:209::1/64

R2(config-if)# ipv6 add fe80::2:3 link-local

R3(config)# no ip domain lookup

R3(config-if)# ipv6 add 2001:db8:acad:a002::2/64

R3(config-if)# ipv6 add fe80::3:2 link-local

R3(config-if)# ipv6 add 2001:db8:acad:2001::1/64

R3(config-if)# ipv6 add fe80::3:1 link-local

D1(config)# no ip domain lookup

D1(config-if)# ip address 10.10.0.2 255.255.255.252 D1(config-if)# ipv6 add 2001:db8:acad:1001::2/64 D1(config-if)# ipv6 add fe80::d1:2 link-local

D1(config-if)# ip address 10.10.1.1 255.255.255.0 D1(config-if)# ipv6 add 2001:db8:acad:1002::1/64 D1(config-if)# ipv6 add fe80::d1:1 link-local

D2(config)# no ip domain lookup

D2(config-if)# ip address 10.10.4.2 255.255.255.252 D2(config-if)# ipv6 add 2001:db8:acad:2001::2/64 D2(config-if)# ipv6 add fe80::d2:2 link-local

D2(config-if)# ipv6 add 2001:db8:acad:2002::1/64

D2(config-if)# ipv6 add fe80::d2:1 link-local

R1# copy running-config startup-config

R2# copy running-config startup-config

R3# copy running-config startup-config

D1# copy running-config startup-config

D2# copy running-config startup-config

2001:DB8:ACAD:1001::/64 attached to GigabitEthernet1/0/11

2001:DB8:ACAD:1001::2/128 receive for GigabitEthernet1/0/11

2001:DB8:ACAD:1002::/64 attached to GigabitEthernet1/0/23

2001:DB8:ACAD:1002::1/128 receive for GigabitEthernet1/0/23

D1(config-if)# ipv6 ospf 123 area 1

D1(config-if)# ipv6 ospf 123 area 1

Routing Process "ospfv3 123" with ID 1.1.1.2

Supports NSSA (compatible with RFC 3101)

Supports Database Exchange Summary List Optimization (RFC 5243) Event-log enabled, Maximum number of events: 1000, Mode: cyclic Router is not originating router-LSAs with maximum metric

Initial SPF schedule delay 50 msecs

Minimum hold time between two consecutive SPFs 200 msecs

Maximum wait time between two consecutive SPFs 5000 msecs

Minimum hold time for LSA throttle 200 msecs

Maximum wait time for LSA throttle 5000 msecs

LSA group pacing timer 240 secs

Interface flood pacing timer 33 msecs

Retransmission limit dc 24 non-dc 24

EXCHANGE/LOADING adjacency limit: initial 300, process maximum 300

Number of external LSA 0 Checksum Sum 0x000000

Number of areas in this router is 1 1 normal 0 stub 0 nssa

Graceful restart helper support enabled

Reference bandwidth unit is 100 mbps

Number of interfaces in this area is 2

Number of LSA 12 Checksum Sum 0x0486C1

IPv6 Routing Protocol is "connected"

IPv6 Routing Protocol is "ND"

IPv6 Routing Protocol is "ospf 123"

Number of areas: 1 normal, 0 stub, 0 nssa

R1(config-router)# address-family ? ipv4 Address family ipv6 Address family

R1(config-router)# address-family ipv4 ? unicast Address Family modifier vrf Specify parameters for a VPN Routing/Forwarding instance

R1(config-router)# address-family ipv4 unicast

Router Address Family configuration commands: adjacency Control adjacency formation area OSPF area parameters authentication Authentication parameters auto-cost Calculate OSPF interface cost according to bandwidth auto-cost-determination Calculate OSPF interface cost according to bandwidth bfd BFD configuration commands compatible Compatibility list default Set a command to its defaults default-information Control distribution of default information default-metric Set metric of redistributed routes discard-route Enable or disable discard-route installation distance Define an administrative distance distribute-list Filter networks in routing updates event-log Event Logging exit-address-family Exit from Address Family configuration mode graceful-restart Graceful-restart options help Description of the interactive help system interface-id Source of the interface ID limit Limit a specific OSPF feature local-rib-criteria Enable or disable usage of local RIB as route criteria log-adjacency-changes Log changes in adjacency state manet Specify MANET OSPF parameters max-lsa Maximum number of non self-generated LSAs to accept max-metric Set maximum metric maximum-paths Forward packets over multiple paths mpls MPLS Traffic Engineering configs no Negate a command or set its defaults passive-interface Suppress routing updates on an interface prefix-suppression Enable prefix suppression process-min-time Percentage of quantum to be used before releasing CPU queue-depth Hello/Router process queue depth redistribute Redistribute information from another routing protocol router-id router-id for this OSPF process shutdown Shutdown the router process snmp Modify snmp parameters statistics Enable or disable OSPF statistics options summary-address Configure IP address summaries summary-prefix Configure IP address summaries timers Adjust routing timers

R1(config-router-af)# router-id 1.1.1.1

R1(config-router-af)# exit-address-family

R1(config-router)# address-family ipv6 unicast

R1(config-router-af)# router-id 1.1.1.1

R1(config-router-af)# exit-address-family

R1(config-if)# ospfv3 123 ipv4 area 0

R1(config-if)# ospfv3 123 ipv6 area 0

R1(config-if)# ospfv3 123 ipv4 area 1

R1(config-if)# ospfv3 123 ipv6 area 1

R2(config-router)# address-family ipv4 unicast R2(config-router-af)# router-id 2.2.2.1

R2(config-router-af)# exit-address-family R2(config-router)# address-family ipv6 unicast R2(config-router-af)# router-id 2.2.2.1

R2(config-router-af)# exit-address-family R2(config-router)# exit

R2(config-if)# ospfv3 123 ipv4 area 0

R2(config-if)# ospfv3 123 ipv6 area 0

R2(config-if)# ospfv3 123 ipv4 area 0

R2(config-if)# ospfv3 123 ipv6 area 0

R3(config-router)# address-family ipv4 unicast R3(config-router-af)# exit-address-family R3(config-router)# address-family ipv6 unicast R3(config-router-af)# exit-address-family R3(config-router)# exit

R3(config-if)# ospfv3 123 ipv4 area 0

R3(config-if)# ospfv3 123 ipv6 area 0

R3(config-if)# ospfv3 123 ipv4 area 2

R3(config-if)# ospfv3 123 ipv6 area 2

D2(config-router)# address-family ipv4 unicast

D2(config-router-af)# router-id 3.3.3.2

D2(config-router-af)# exit-address-family

D2(config-router)# address-family ipv6 unicast

D2(config-router-af)# router-id 3.3.3.2

D2(config-router-af)# exit-address-family

D2(config-if)# ospfv3 123 ipv4 area 2

D2(config-if)# ospfv3 123 ipv6 area 2

D2(config-if)# ospfv3 123 ipv4 area 2

D2(config-if)# ospfv3 123 ipv6 area 2

OSPFv3 Router with ID (1.1.1.2) (Process ID 123)

Neighbor ID Pri State Dead Time Interface ID Interface 1.1.1.1 1 FULL/DR 00:00:39 6 g1/0/11

OSPFv3 Router with ID (1.1.1.1) (Process ID 123)

Neighbor ID Pri State Dead Time Interface ID Interface 2.2.2.1 1 FULL/BDR 00:00:31 5 g0/0/0 1.1.1.2 1 FULL/BDR 00:00:38 471 g0/0/1

OSPFv3 123 address-family ipv4 (router-id 1.1.1.1)

Neighbor ID Pri State Dead Time Interface ID Interface 2.2.2.1 1 FULL/BDR 00:00:38 5 g0/0/0

OSPFv3 123 address-family ipv6 (router-id 1.1.1.1)

Neighbor ID Pri State Dead Time Interface ID Interface 2.2.2.1 1 FULL/BDR 00:00:32 5 g0/0/0 1.1.1.2 1 FULL/BDR 00:00:30 471 g0/0/1

IPv6 Routing Table - default - 9 entries

Codes: C - Connected, L - Local, S - Static, U - Per-user Static route

I2 - ISIS L2, IA - ISIS interarea, IS - ISIS summary, D - EIGRP

EX - EIGRP external, ND - ND Default, NDp - ND Prefix, DCE -

NDr - Redirect, RL - RPL, O - OSPF Intra, OI - OSPF Inter

OE1 - OSPF ext 1, OE2 - OSPF ext 2, ON1 - OSPF NSSA ext 1

ON2 - OSPF NSSA ext 2, la - LISP alt, lr - LISP site-registrations ld - LISP dyn-eid, lA - LISP away, le - LISP extranet-policy

OI 2001:DB8:ACAD:2001::/64 [110/4] via FE80::1:1, GigabitEthernet1/0/11

OI 2001:DB8:ACAD:2002::/64 [110/5] via FE80::1:1, GigabitEthernet1/0/11

OI 2001:DB8:ACAD:A001::/64 [110/2] via FE80::1:1, GigabitEthernet1/0/11 via FE80::1:1, GigabitEthernet1/0/11

Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP

D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area

N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2

E1 - OSPF external type 1, E2 - OSPF external type 2 i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2 ia - IS-IS inter area, * - candidate default, U - per-user static route o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP a - application route

+ - replicated route, % - next hop override, p - overrides from PfR

Gateway of last resort is not set

10.0.0.0/8 is variably subnetted, 4 subnets, 3 masks

O IA 10.10.5.0/24 [110/4] via 172.16.0.1, 00:17:34, GigabitEthernet0/0/0 172.16.0.0/16 is variably subnetted, 3 subnets, 2 masks

IPv6 Routing Table - default - 9 entries

Codes: C - Connected, L - Local, S - Static, U - Per-user Static route

I2 - ISIS L2, IA - ISIS interarea, IS - ISIS summary, D - EIGRP

EX - EIGRP external, ND - ND Default, NDp - ND Prefix, DCE -

NDr - Redirect, RL - RPL, O - OSPF Intra, OI - OSPF Inter

OE1 - OSPF ext 1, OE2 - OSPF ext 2, ON1 - OSPF NSSA ext 1

ON2 - OSPF NSSA ext 2, a - Application

O 2001:DB8:ACAD:1002::/64 [110/2] via FE80::D1:2, GigabitEthernet0/0/1

OI 2001:DB8:ACAD:2001::/64 [110/3] via FE80::2:1, GigabitEthernet0/0/0

OI 2001:DB8:ACAD:2002::/64 [110/4] via FE80::2:1, GigabitEthernet0/0/0

O 2001:DB8:ACAD:A002::/64 [110/2] via FE80::2:1, GigabitEthernet0/0/0

OSPFv3 Router with ID (1.1.1.2) (Process ID 123)

ADV Router Age Seq# Fragment ID Link count Bits 1.1.1.1 1096 0x80000009 0 1 B 1.1.1.2 1110 0x80000005 0 1 None

ADV Router Age Seq# Link ID Rtr count

Inter Area Prefix Link States (Area 1)

ADV Router Age Seq# Prefix

Link (Type-8) Link States (Area 1)

ADV Router Age Seq# Link ID Interface

ADV Router Age Seq# Link ID Ref-lstype Ref-LSID 1.1.1.1 1152 0x80000001 6144 0x2002 6

OSPFv3 123 address-family ipv4 (router-id 1.1.1.1)

ADV Router Age Seq# Fragment ID Link count Bits

ADV Router Age Seq# Link ID Rtr count

Inter Area Prefix Link States (Area 0)

ADV Router Age Seq# Prefix

Link (Type-8) Link States (Area 0)

ADV Router Age Seq# Link ID Interface

Intra Area Prefix Link States (Area 0)

ADV Router Age Seq# Link ID Ref-lstype Ref-LSID 2.2.2.1 539 0x80000001 5120 0x2002 5

ADV Router Age Seq# Fragment ID Link count Bits

OSPFv3 123 address-family ipv6 (router-id 1.1.1.1)

ADV Router Age Seq# Fragment ID Link count Bits 1.1.1.1 530 0x80000005 0 1 B 2.2.2.1 508 0x80000009 0 2 None 3.3.3.1 508 0x80000006 0 1 B

ADV Router Age Seq# Link ID Rtr count

Inter Area Prefix Link States (Area 0)

ADV Router Age Seq# Prefix

Link (Type-8) Link States (Area 0)

ADV Router Age Seq# Link ID Interface

Intra Area Prefix Link States (Area 0)

ADV Router Age Seq# Link ID Ref-lstype Ref-LSID 2.2.2.1 539 0x80000001 5120 0x2002 5

ADV Router Age Seq# Fragment ID Link count Bits 1.1.1.1 553 0x80000006 0 1 B 1.1.1.2 552 0x80000025 0 1 None

ADV Router Age Seq# Link ID Rtr count

Inter Area Prefix Link States (Area 1)

ADV Router Age Seq# Prefix

Link (Type-8) Link States (Area 1)

ADV Router Age Seq# Link ID Interface

Intra Area Prefix Link States (Area 1)

ADV Router Age Seq# Link ID Ref-lstype Ref-LSID 1.1.1.2 481 0x80000016 0 0x2001 0

D2(config-router)# no passive-interface g1/0/23

D2(config-router)# address-family ipv4 unicast

D2(config-router-af)# passive-interface g1/0/23

D2(config-router-af)# exit-address-family

D2(config-router)# address-family ipv6 unicast

D2(config-router-af)# passive-interface g1/0/23

D2(config-router-af)# exit-address-family

R1(config-router)# address-family ipv6 unicast

R1(config-router-af)# area 1 range 2001:db8:acad:1000::/52

R3(config-router)# address-family ipv6 unicast

R3(config-router-af)# area 2 range 2001:db8:acad:2000::/52

OI 2001:DB8:ACAD:1000::/52 [110/3] via FE80::1:2, GigabitEthernet0/0/0

OI 2001:DB8:ACAD:2000::/52 [110/3] via FE80::3:2, GigabitEthernet0/0/1

Interface PID Area AF Cost State Nbrs F/C Gi0/0/1 123 0 ipv4 1 BDR 1/1 Gi0/0/0 123 0 ipv4 1 DR 1/1 Gi0/0/1 123 0 ipv6 1 BDR 1/1 Gi0/0/0 123 0 ipv6 1 DR 1/1

R2(config-if)# ospfv3 network point-to-point

R2(config-if)# ospfv3 network point-to-point

R1(config-if)# ospfv3 network point-to-point

R3(config-if)# ospfv3 network point-to-point

Interface PID Area AF Cost State Nbrs F/C

R2(config-router)# address-family ipv6 unicast

R2(config-router-af)# default-information originate

R2(config-router)# address-family ipv4 unicast

R2(config-router-af)# default-information originate

OE2 ::/0 [110/1], tag 123 via FE80::1:1, GigabitEthernet1/0/11

OI 2001:DB8:ACAD:2000::/52 [110/5] via FE80::1:1, GigabitEthernet1/0/11

OI 2001:DB8:ACAD:A001::/64 [110/2] via FE80::1:1, GigabitEthernet1/0/11

OI 2001:DB8:ACAD:A002::/64 [110/3] via FE80::1:1, GigabitEthernet1/0/11

Gateway of last resort is 10.10.4.1 to network 0.0.0.0

EBGP TRÊN IPV4

Router R1 hostname R1 no ip domain lookup line con 0 logging sync exec-time 0 0 exit interface Loopback0 ip address 192.168.1.1 255.255.255.224 no shut exit

100 interface Loopback1 ip address 192.168.1.65 255.255.255.192 no shut exit interface FastEthernet0/0 ip address 10.1.2.1 255.255.255.0 no shut exit interface Serial1/0 ip address 10.1.3.1 255.255.255.128 no shut exit interface Serial1/1 ip address 10.1.3.129 255.255.255.128 no shut exit

Router R2 hostname R2 no ip domain lookup line con 0 logging sync exec-time 0 0 exit interface Loopback0 ip address 192.168.2.1 255.255.255.224 no shut exit interface Loopback1 ip address 192.168.2.65 255.255.255.192 no shut exit interface FastEthernet0/0 ip address 10.1.2.2 255.255.255.0 no shut interface FasttEthernet1/0 ip address 10.2.3.2 255.255.255.0 no shut exit

Router R3 hostname R3 no ip domain lookup line con 0 logging sync exec-time 0 0 exit interface Loopback0 ip address 192.168.3.1 255.255.255.224 no shut exit interface Loopback1 ip address 192.168.3.65 255.255.255.192 no shut exit interface FastEthernet0/0 ip address 10.2.3.3 255.255.255.0 negotiation auto no shut exit interface Serial1/0 ip address 10.1.3.3 255.255.255.128 no shut exit interface Serial1/1 ip address 10.1.3.130 255.255.255.128 no shut exit

R1(config)# router bgp 1000 b -id cho R1

R1(config-router)# bgp router-id 1.1.1.1 c neighbors cho R1

R1(config-router)# neighbor 10.1.2.2 remote-as 500

R1(config-router)# neighbor 10.1.3.3 remote-as 300

R1(config-router)# neighbor 10.1.3.130 remote-as 300 d

R1(config-router)# network 192.168.1.0 mask 255.255.255.224 R1(config-router)# network 192.168.1.64 mask 255.255.255.192

R2(config)# router bgp 500 b -id cho R2

R2(config-router)# bgp router-id 2.2.2.2 c

R2(config-router)# neighbor 10.1.2.1 remote-as 1000

R2(config-router)# neighbor 10.2.3.3 remote-as 300 d

R2(config-router)# network 192.168.2.0 mask 255.255.255.224 R2(config-router)# network 192.168.2.64 mask 255.255.255.192

R3(config-router)# bgp router-id 3.3.3.3 c

R3(config-router)# no bgp default ipv4-unicast

Ch bgp default ipv4-unicast c b t m nh trên các IOS R1 và R2 s d ng ch cho phép t i giá tr IPv4 address family prefixes L nh no bgp default ipv4-unicast s t t ch , các bgp neighbors ph i IPv4 address family (AF) b ng cách c u hình th công

L nh BGP network c n ph c thi t l p v i IPv4 AF d

R3(config-router)# neighbor 10.2.3.2 remote-as 500

R3(config-router)# neighbor 10.1.3.1 remote-as 1000

R3(config-router)# neighbor 10.1.3.129 remote-as 1000

Ki m tra m i quan h láng gi ng BGP a

R1# show ip route bgp | begin Gateway

Gateway of last resort is not set

192.168.2.0/24 is variably subnetted, 2 subnets, 2 masks

R2# show ip route bgp | begin Gateway

Gateway of last resort is not set

192.168.1.0/24 is variably subnetted, 2 subnets, 2 masks

R3# show ip route bgp | begin Gateway

Gateway of last resort is not set b established, R2 và R3 là idle)

BGP neighbor is 10.1.2.1, remote AS 1000, external link

BGP version 4, remote router ID 1.1.1.1

BGP state = Established, up for 00:35:34

Last read 00:00:28, last write 00:00:35, hold time is 180, keepalive interval is 60 seconds

1 active, is not multisession capable (disabled)

BGP neighbor is 10.2.3.3, remote AS 300, external link

BGP version 4, remote router ID 0.0.0.0

BGP state = Idle, down for never

0 active, is not multisession capable (disabled)

R3(config-router)# address-family ipv4

R3(config-router-af)# neighbor 10.1.3.1 activate

R3(config-router-af)# neighbor 10.1.3.129 activate

R3(config-router-af)# neighbor 10.2.3.2 activate

R3(config-router-af)# network 192.168.3.0 mask 255.255.255.224 d

R1# show ip route bgp | begin Gateway

Gateway of last resort is not set

192.168.2.0/24 is variably subnetted, 2 subnets, 2 masks

192.168.3.0/24 is variably subnetted, 2 subnets, 2 masks

R2# show ip route bgp | begin Gateway

Gateway of last resort is not set

192.168.1.0/24 is variably subnetted, 2 subnets, 2 masks

192.168.3.0/24 is variably subnetted, 2 subnets, 2 masks

R3# show ip route bgp | begin Gateway

Gateway of last resort is not set

192.168.1.0/24 is variably subnetted, 2 subnets, 2 masks

192.168.2.0/24 is variably subnetted, 2 subnets, 2 masks

R2# show ip bgp neighbors | begin BGP neighbor is 10.2.3.3 BGP neighbor is 10.2.3.3, remote AS 300, external link

BGP version 4, remote router ID 3.3.3.3

BGP state = Established, up for 00:12:16

Last read 00:00:37, last write 00:00:52, hold time is 180, keepalive interval is 60 seconds

1 active, is not multisession capable (disabled)

-configure R1# show running-config | section bgp router bgp 1000 bgp router-id 1.1.1.1 bgp log-neighbor-changes network 192.168.1.0 mask 255.255.255.224 network 192.168.1.64 mask 255.255.255.192 neighbor 10.1.2.2 remote-as 500 neighbor 10.1.3.3 remote-as 300 neighbor 10.1.3.130 remote-as 300

R2# show running-config | section bgp router bgp 500 bgp router-id 2.2.2.2 bgp log-neighbor-changes network 192.168.2.0 mask 255.255.255.224 network 192.168.2.64 mask 255.255.255.192 neighbor 10.1.2.1 remote-as 1000

R3# show running-config | section bgp router bgp 300 bgp log-neighbor-changes no bgp default ipv4-unicast neighbor 10.1.3.1 remote-as 1000 neighbor 10.1.3.129 remote-as 1000 neighbor 10.2.3.2 remote-as 500

! address-family ipv4 network 192.168.3.0 mask 255.255.255.224 network 192.168.3.64 mask 255.255.255.192 neighbor 10.1.3.1 activate neighbor 10.1.3.129 activate neighbor 10.2.3.2 activate exit-address-family

BGP table version is 11, local router ID is 2.2.2.2

Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter, x best-external, a additional-path, c RIB-compressed, t secondary path, L long-lived-stale,

Origin codes: i - IGP, e - EGP, ? - incomplete

RPKI validation codes: V valid, I invalid, N Not found

Network Next Hop Metric LocPrf Weight Path

192.168.1.0/27 a show ip bgp ip-prefix

BGP routing table entry for 192.168.1.0/27, version 14

Paths: (2 available, best #2, table default)

Origin IGP, localpref 100, valid, external rx pathid: 0, tx pathid: 0

Origin IGP, metric 0, localpref 100, valid, external, best rx pathid: 0, tx pathid: 0x0

1 b show ip bgp neighbors trên R2

BGP neighbor is 10.1.2.1, remote AS 1000, external link

BGP version 4, remote router ID 1.1.1.1

BGP state = Established, up for 00:00:51

1 active, is not multisession capable (disabled)

Route refresh: advertised and received(new)

Four-octets ASN Capability: advertised and received

Address family IPv4 Unicast: advertised and received

Enhanced Refresh Capability: advertised and received

Stateful switchover support enabled: NO for session 1

BGP neighbor is 10.2.3.3, remote AS 300, external link

BGP version 4, remote router ID 3.3.3.3

BGP state = Established, up for 16:23:45

Last read 00:00:29, last write 00:00:51, hold time is 180, keepalive interval is 60 seconds

1 active, is not multisession capable (disabled)

Route refresh: advertised and received(new)

Four-octets ASN Capability: advertised and received

Address family IPv4 Unicast: advertised and received

Enhanced Refresh Capability: advertised and received

Stateful switchover support enabled: NO for session 1

Do log neighbor state changes (via global configuration)

Default minimum time between advertisement runs is 30 seconds

C u hình và ki m tra Route Summarization và Atomic Aggregate

192.168.3.0/24 prefix aggregate-address Summary-only address-family ipv4

R1(config-router)# aggregate-address 192.168.1.0 255.255.255.0 summary-only

R3(config-router)# address-family ipv4

R3(config-router-af)# aggregate-address 192.168.3.0 255.255.255.0 summary-only c 2: Ki m tra route summarization dùng atomic aggregate a

R1# show ip route bgp | begin Gateway

Gateway of last resort is not set

192.168.1.0/24 is variably subnetted, 5 subnets, 4 masks

192.168.2.0/24 is variably subnetted, 2 subnets, 2 masks

R2# show ip route bgp | begin Gateway

Gateway of last resort is not set

R3# show ip route bgp | begin Gateway

Gateway of last resort is not set

192.168.2.0/24 is variably subnetted, 2 subnets, 2 masks

192.168.3.0/24 is variably subnetted, 5 subnets, 4 masks

BGP table version is 69, local router ID is 1.1.1.1

Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,

Network Next Hop Metric LocPrf Weight Path

BGP table version is 69, local router ID is 1.1.1.1

Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,

Network Next Hop Metric LocPrf Weight Path s> 192.168.1.0/27 0.0.0.0 0 32768 i

BGP table version is 22, local router ID is 3.3.3.3

Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, r RIB-failure, S Stale, m multipath, b backup-path, f RT-

Filter, x best-external, a additional-path, c RIB-compressed, t secondary path, L long-lived-stale,

Origin codes: i - IGP, e - EGP, ? - incomplete

RPKI validation codes: V valid, I invalid, N Not found

Network Next Hop Metric LocPrf Weight Path

BGP routing table entry for 192.168.1.0/24, version 45

Paths: (2 available, best #2, table default)

Origin IGP, localpref 100, valid, external, atomic-aggregate rx pathid: 0, tx pathid: 0

Origin IGP, metric 0, localpref 100, valid, external, atomic-aggregate, best rx pathid: 0, tx pathid: 0x0

ADVERTISING DEFAULT ROUTE

BÀI 7: NAT TRÊN IPv4 th

1.1 C U HÌNH IPV4-IPV6 STATIC ROUTE VÀ

Device Interface IP Address / Prefix

Device Interface IP Address / Prefix

- hình static route và default route cho IPv4 trên R1, R2

Gán tên cho router: router(config)# hostname R1 router(config)# hostname R2

R1(config)# no ip domain lookup

R2(config)# no ip domain lookup

Gán cisco làm password cho VTY và enable login:

R1(config)# banner motd $ Authorized Users Only! $

R2(config)# banner motd $ Authorized Users Only! $

R1# copy running-config startup-config

R2# copy running-config startup-config

Gán tên cho router: switch(config)# hostname R1 switch(config)# hostname R2

S1(config)# no ip domain lookup

S2(config)# no ip domain lookup

Gán cisco làm password cho VTY và enable login:

S1(config)# banner motd $ Authorized Users Only! $ S2(config)# banner motd $ Authorized Users Only! $

S1# copy running-config startup-config

S2# copy running-config startup-config

R1(config-if)# ipv6 address fe80::1 link-local

R1(config-if)# ipv6 address 2001:db8:acad:2::1/64

R1(config-if)# ipv6 address fe80::1 link-local

R1(config-if)# ipv6 address 2001:db8:acad:1::1/64

R1(config-if)# ipv6 address fe80::1 link-local

R1(config-if)# ipv6 address 2001:db8:acad:10::1/64

R1(config-if)# ipv6 address fe80::1 link-local

R1(config-if)# ipv6 address 2001:db8:acad:209::1/64

R2(config-if)# ipv6 address fe80::2 link-local

R2(config-if)# ipv6 address 2001:db8:acad:2::2/64

R2(config-if)# ipv6 address fe80::2 link-local

R2(config-if)# ipv6 address 2001:db8:acad:1::2/64

R2(config-if)# ipv6 address fe80::2 link-local

R2(config-if)# ipv6 address 2001:db8:acad:11::2/64

R2(config-if)# ipv6 address fe80::2 link-local

R2(config-if)# ipv6 address 2001:db8:acad:210::1/64

R1# copy running-config startup-config

R2# copy running-config startup-config

Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP

D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area

N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2

E1 - OSPF external type 1, E2 - OSPF external type 2 i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2 ia - IS-IS inter area, * - candidate default, U - per-user static route a - application route

+ - replicated route, % - next hop override, p - overrides from PfR

Gateway of last resort is 172.16.1.2 to network 0.0.0.0

10.0.0.0/8 is variably subnetted, 3 subnets, 2 masks

172.16.0.0/16 is variably subnetted, 2 subnets, 2 masks

192.168.1.0/24 is variably subnetted, 2 subnets, 2 masks

209.165.200.0/24 is variably subnetted, 2 subnets, 2 masks

R2(config)# ipv6 route 2001:db8:acad:10::/64 2001:db8:acad:1::1

R2(config)# ipv6 route ::/0 2001:db8:acad:2::1

R2(config)# ipv6 route ::/0 2001:db8:acad:1::1 80

R1(config)# ipv6 route ::/0 2001:db8:acad:2::2

IPv6 Routing Table - default - 11 entries

Codes: C - Connected, L - Local, S - Static, U - Per-user Static route

I2 - ISIS L2, IA - ISIS interarea, IS - ISIS summary, D - EIGRP

EX - EIGRP external, ND - ND Default, NDp - ND Prefix, DCE - Destination NDr - Redirect, RL - RPL, O - OSPF Intra, OI - OSPF Inter

OE1 - OSPF ext 1, OE2 - OSPF ext 2, ON1 - OSPF NSSA ext 1

ON2 - OSPF NSSA ext 2, a - Application

C 2001:DB8:ACAD:1::/64 [0/0] via GigabitEthernet0/0/1, directly connected

L 2001:DB8:ACAD:1::2/128 [0/0] via GigabitEthernet0/0/1, receive

C 2001:DB8:ACAD:2::/64 [0/0] via GigabitEthernet0/0/0, directly connected

L 2001:DB8:ACAD:2::2/128 [0/0] via GigabitEthernet0/0/0, receive

S 2001:DB8:ACAD:10::/64 [1/0] via 2001:DB8:ACAD:1::1

C 2001:DB8:ACAD:11::/64 [0/0] via Loopback1, directly connected

L 2001:DB8:ACAD:11::1/128 [0/0] via Loopback1, receive

C 2001:DB8:ACAD:210::/64 [0/0] via Loopback2, directly connected

L 2001:DB8:ACAD:210::1/128 [0/0] via Loopback2, receive

Hostname Edge ipv6 unicast-routing interface GigabitEthernet0/0 ip address 192.168.10.1 255.255.255.0 ipv6 address FE80::E link-local ipv6 address 2001:DB8:1:10::1/64 interface GigabitEthernet0/1 ip address 192.168.11.1 255.255.255.0 ipv6 address FE80::E link-local ipv6 address 2001:DB8:1:11::1/64 interface Serial0/0/0 ip address 10.10.10.2 255.255.255.252 ipv6 address FE80::E link-local ipv6 address 2001:DB8:A:1::2/64 interface Serial0/0/1 ip address 10.10.10.6 255.255.255.252 ipv6 address FE80::E link-local ipv6 address 2001:DB8:A:2::2/64 ip route 0.0.0.0 0.0.0.0 Serial0/0/0 ip route 0.0.0.0 0.0.0.0 Serial0/0/1 5

10 ipv6 route ::/0 2001:DB8:A:1::1 ipv6 route ::/0 2001:DB8:A:2::1 5

: hostname ISP1 ipv6 unicast-routing interface GigabitEthernet0/0 ip address 198.0.0.1 255.255.255.0 ipv6 address FE80::1 link-local ipv6 address 2001:DB8:F:F::1/64 interface Serial0/0/0 ip address 10.10.10.1 255.255.255.252 ipv6 address FE80::1 link-local ipv6 address 2001:DB8:A:1::1/64 ip route 192.168.10.0 255.255.255.0 Serial0/0/0 ip route 192.168.11.0 255.255.255.0 Serial0/0/0 ip route 192.168.10.0 255.255.255.0 GigabitEthernet0/0 5 ip route 192.168.11.0 255.255.255.0 GigabitEthernet0/0 5 ipv6 route 2001:DB8:1:10::/64 2001:DB8:A:1::2 ipv6 route 2001:DB8:1:11::/64 2001:DB8:A:1::2 ipv6 route 2001:DB8:1:10::/64 2001:DB8:F:F::2 5 ipv6 route 2001:DB8:1:11::/64 2001:DB8:F:F::2 5 hostname ISP2 ipv6 unicast-routing interface GigabitEthernet0/0 ip address 198.0.0.2 255.255.255.0 ipv6 address FE80::2 link-local ipv6 address 2001:DB8:F:F::2/64 interface Serial0/0/1 ipv6 address FE80::2 link-local ipv6 address 2001:DB8:A:2::1/64 ip route 192.168.10.0 255.255.255.0 Serial0/0/1 ip route 192.168.11.0 255.255.255.0 Serial0/0/1 ip route 192.168.10.0 255.255.255.0 GigabitEthernet0/0 5 ip route 192.168.11.0 255.255.255.0 GigabitEthernet0/0 5 ipv6 route 2001:DB8:1:10::/64 2001:DB8:A:2::2 ipv6 route 2001:DB8:1:11::/64 2001:DB8:A:2::2 ipv6 route 2001:DB8:1:10::/64 2001:DB8:F:F::1 5 ipv6 route 2001:DB8:1:11::/64 2001:DB8:F:F::1 5

Device Interface IP Address Subnet Mask

Gán tên cho router: router(config)# hostname R1 router(config)# hostname R2 router(config)# hostname R3

R1(config)# no ip domain lookup

R2(config)# no ip domain lookup

R3(config)# no ip domain lookup

R1(config)# banner motd $ Authorized Users Only! $

R2(config)# banner motd $ Authorized Users Only! $

R3(config)# banner motd $ Authorized Users Only! $

Gán cisco làm password cho VTY và enable login:

R1(config)# service password-encryption R2(config)# service password-encryption R3(config)# service password-encryption

R1# copy running-config startup-config

R2# copy running-config startup-config

R3# copy running-config startup-config

Gán tên cho switch: switch(config)# hostname D1 switch(config)# hostname D2

D1(config)# no ip domain lookup

D2(config)# no ip domain lookup

Gán cisco làm password cho VTY và enable login:

D1(config)# banner motd $ Authorized Users Only! $ D2(config)# banner motd $ Authorized Users Only! $

D1# copy running-config startup-config

D2# copy running-config startup-config

R1(config-if)# ip address 10.0.12.1 255.255.255.0 R1(config-if)# no shutdown

R1(config-subif)# ip address 172.16.1.1 255.255.255.0 R1(config-subif)# no shutdown

R1(config-subif)# ip address 192.168.1.1 255.255.255.0 R1(config-subif)# no shutdown

R1(config)# ip dhcp pool HOSTS

D1(config-vlan)# name HOST-VLAN-2

D1(config-if)# switchport trunk encapsulation dot1q

D1(config-if)# switchport mode trunk

Gán interface vào vlan 2 trên D1:

D1(config-if)# switchport mode access

D1(config-if)# switchport access vlan 2

R2(config-router)# eigrp router-id 2.2.2.2

R1(config)# router eigrp BASIC-EIGRP-LAB

R1(config-router)# address-family ipv4 unicast autonomous-system 27

R1(config-router-af)# eigrp router-id 1.1.1.1

R3(config)# router eigrp BASIC-EIGRP-LAB

R3(config-router)# address-family ipv4 unicast autonomous-system 27

R3(config-router-af)# eigrp router-id 3.3.3.3

D2(config)# router eigrp BASIC-EIGRP-LAB

D2(config-router)# address-family ipv4 unicast autonomous-system 27

D2(config-router-af)# eigrp router-id 132.132.132.132

R1(config)# router eigrp BASIC-EIGRP-LAB

R1(config-router)# address-family ipv4 unicast autonomous-system 27 R1(config-router-af)# af-interface g0/0/1.2

R1(config-router-af-interface)# passive-interface

R1(config-router-af-interface)# end

R2(config-router)# passive-interface default

R2(config-router)# no passive-interface g0/0/0

R2(config-router)# no passive-interface g0/0/1

R3(config)# router eigrp BASIC-EIGRP-LAB

R3(config-router)# address-family ipv4 unicast autonomous-system 27

R3(config-router-af)# af-interface default

R3(config-router-af-interface)# passive-interface

R3(config-router-af-interface)# exit

R3(config-router-af)# af-interface g0/0/0

R3(config-router-af-interface)# no passive-interface

R3(config-router-af-interface)# exit

R3(config-router-af)# af-interface g0/0/1

R3(config-router-af-interface)# no passive-interface

R3(config-router-af-interface)# end

R3# show ip protocols | section Passive

Loopback0 y tính PC1 ping thành công R3

10.0.0.0/8 is variably subnetted, 3 subnets, 2 masks

172.16.0.0/16 is variably subnetted, 3 subnets, 2 masks

192.168.1.0/24 is variably subnetted, 2 subnets, 2 masks

R1# show ip eigrp topology all-links

P 192.168.3.0/24, 2 successors, FD is 196689920, serno 8 via 10.0.12.2 (196689920/131153920), g0/0/0 via 172.16.1.2 (196689920/131153920), g0/0/1.1

P 172.16.13.0/24, 1 successors, FD is 196608000, serno 7 via 172.16.1.2 (196608000/131072000), g0/0/1.1 via 10.0.12.2 (262144000/196608000), g0/0/0

P 192.168.1.0/24, 1 successors, FD is 131072000, serno 2 via Connected, g0/0/1.2 via Connected, g0/0/1.1

P 10.0.23.0/24, 1 successors, FD is 196608000, serno 4 via 10.0.12.2 (196608000/131072000), g0/0/0 via 172.16.1.2 (262144000/196608000), g0/0/1.1

P 10.0.12.0/24, 1 successors, FD is 131072000, serno 3 via Connected, g0/0/0 nhau

R3# show ip route eigrp | section 192.168.1.0

R3# show ip route eigrp | section 192.168.1.0

EIGRP-AUTHEN-KEY trên R1, R2, R3, D2 key-string là $3cre7!!

R1(config)# key chain EIGRP-AUTHEN-KEY

R1(config-keychain-key)# key-string $3cre7!!

R2(config-if)# ip authentication key-chain eigrp 27 EIGRP-AUTHEN-KEY

R2(config-if)# ip authentication mode eigrp 27 md5

R2(config-if)# ip authentication key-chain eigrp 27 EIGRP-AUTHEN-KEY

R2(config-if)# ip authentication mode eigrp 27 md5

R1(config)# router eigrp BASIC-EIGRP-LAB

R1(config-router)# address-family ipv4 unicast autonomous-system 27

R1(config-router-af)# af-interface g0/0/0

R1(config-router-af-interface)# authentication key-chain EIGRP-AUTHEN-KEY R1(config-router-af-interface)# authentication mode md5

R1(config-router-af-interface)# end

R3(config)# router eigrp BASIC-EIGRP-LAB

R3(config-router)# address-family ipv4 unicast autonomous-system 27

R3(config-router-af)# af-interface g0/0/0

R3(config-router-af-interface)# authentication key-chain EIGRP-AUTHEN-KEY R3(config-router-af-interface)# authentication mode md5

R3(config-router-af-interface)# end md5 R1# show ip eigrp interface detail | section G0/0/0

Authentication mode is md5, key-chain is "EIGRP-AUTHEN-KEY"

- $3cre7!! trên R1 và D2 có cùng Named EIGRP

R1(config)# router eigrp BASIC-EIGRP-LAB

R1(config-router)# address-family ipv4 unicast autonomous-system 27

R1(config-router-af-interface)# authentication mode hmac-sha-256 $3cre7!! R1(config-router-af-interface)# end

D2(config)# router eigrp BASIC-EIGRP-LAB

D2(config-router)# address-family ipv4 unicast autonomous-system 27

D2(config-router-af)# af-interface g1/0/1

D2(config-router-af-interface)# authentication mode hmac-sha-256 $3cre7!! D2(config-router-af-interface)# end

Authentication mode HMAC-SHA-256 R1# show ip eigrp interface detail | section G0/0/1.1

Authentication mode is HMAC-SHA-256, key-chain is not set

Device Interface IPv6 Address/Prefix Length Link Local Address

Device Interface IPv6 Address/Prefix Length Link Local Address R2

R1(config)# no ip domain lookup

R1(config)# banner motd # R1, Implement EIGRP for IPv6 #

R1(config-if)# ipv6 address 2001:db8:cafe:1::1/64

R1(config-if)# ipv6 address fe80::1:1 link-local

R1(config-if)# no ip address

R1(config-subif)# description VLAN 1 Interface

R1(config-subif)# ipv6 address fe80::1:2 link-local

R1(config-subif)# ipv6 address 2001:db8:acad:1::1/64

R1(config-subif)# description VLAN 2 Interface

R1(config-subif)# ipv6 address fe80::1:3 link-local

R1(config-subif)# ipv6 address 2001:db8:acad:2::1/64

R2(config)# no ip domain lookup

R2(config)# banner motd # R2, Implement EIGRP for IPv6 #

R2(config-if)# ipv6 address 2001:db8:cafe:1::2/64

R2(config-if)# ipv6 address fe80::2:1 link-local

R2(config-if)# ipv6 address 2001:db8:cafe:2::2/64

R2(config-if)#ipv6 address fe80::2:2 link-local

R2(config-if)# description Internet host

R2(config-if)# ipv6 address 2001:db8:ff:999::153/64

R2(config-if)# ipv6 address 2001:db8:cede::1/64

R2(config-if)# ipv6 address fe80::2:4 link-local

R2(config-if)# ipv6 address 2001:db8:cede:1::1/64

R2(config-if)# ipv6 address fe80::2:5 link-local

R3(config)# no ip domain lookup

R3(config)# banner motd # R3, Implement EIGRP for IPv6 #

R3(config-if)# ipv6 address fe80::3:1 link-local R3(config-if)# ipv6 address 2001:db8:cafe:2::1/64 R3(config-if)# no shutdown

R3(config-if)#ipv6 address fe80::3:2 link-local R3(config-if)# ipv6 address 2001:db8:acad:3::1/64 R3(config-if)# no shutdown

R3(config-if)# ipv6 address fe80::3:3 link-local R3(config-if)# ipv6 address 2001:db8:abcd:8::1/64 R3(config-if)# no shutdown

R3(config-if)# ipv6 address fe80::3:4 link-local R3(config-if)# ipv6 address 2001:db8:abcd:9::1/64 R3(config-if)# no shutdown

R3(config-if)# ipv6 address fe80::3:5 link-local R3(config-if)# ipv6 address 2001:db8:abcd:10::1/64 R3(config-if)# no shutdown

R3(config-if)# ipv6 address fe80::3:6 link-local R3(config-if)# ipv6 address 2001:db8:abcd:11::1/64 R3(config-if)# no shutdown

R3(config-if)# ipv6 address fe80::3:7 link-local

R3(config-if)# ipv6 address 2001:db8:abcd:12::1/64

D1(config)# no ip domain lookup

D1(config)# banner motd # D1, Implement EIGRP for IPv6 #

D1(config-vlan)# name HOST-VLAN

D1(config-if)# switchport trunk encapsulation dot1q

D1(config-if)# switchport mode trunk

D1(config-if)# switchport mode access

D1(config-if)# switchport access vlan 2

D2(config)# no ip domain lookup

D2(config)# banner motd # D2, Implement EIGRP for IPv6 #

D2(config-if)# ipv6 address fe80::d1:1 link-local

D2(config-if)# ipv6 address 2001:Db8:acad:1::2/64

D2(config-if)# ipv6 address fe80::d1:2 link-local

D2(config-if)# ipv6 address 2001:db8:acad:3::2/64

R1# copy running-config startup-config

R2# copy running-config startup-config

R3# copy running-config startup-config

D2# copy running-config startup-config fe80::1:3

R2(config-rtr)# eigrp router-id 2.2.2.2

R1(config)# router eigrp EIGRP_IPV6

R1(config-router)# address-family ipv6 unicast autonomous-system 43

R1(config-router-af)# eigrp router-id 1.1.1.1

R3(config)# router eigrp EIGRP_IPV6

R3(config-router)# address-family ipv6 unicast autonomous-system 43

R3(config-router-af)# eigrp router-id 3.3.3.3

D2(config)# router eigrp EIGRP_IPV6

D2(config-router)# address-family ipv6 unicast autonomous-system 43

D2(config-router-af)# eigrp router-id 132.132.132.132

# show ipv6 route eigrp uccessor và feasible successor

R1# show ipv6 eigrp topology all-links

R1(config)# router eigrp EIGRP_IPV6

R1(config-router)# address-family ipv6 unicast autonomous-system 43

R1(config-router-af)# af-interface g0/0/1.2

R1(config-router-af-interface)# passive-interface

R1(config-router-af-interface)# end

(Classic EIGRP) R2(config)# ipv6 router eigrp 43

R2(config-rtr)# passive-interface default

R2(config-rtr)# no passive-interface g0/0/0

R2(config-rtr)# no passive-interface g0/0/1

RP) R3(config)# router eigrp EIGRP_IPV6

R3(config-router)# address-family ipv6 unicast autonomous-system 43

R3(config-router-af)# af-interface default

R3(config-router-af-interface)# passive-interface

R3(config-router-af-interface)# exit-af-interface

R3(config-router-af)# af-interface g0/0/0

R3(config-router-af-interface)# no passive-interface

R3(config-router-af-interface)# exit-af-interface

R3(config-router-af)# af-interface g0/0/1

R3(config-router-af-interface)# no passive-interface

R3(config-router-af-interface)# end

R3# show ipv6 protocols | include (passive

Loopback4 (passive) Loopback3 (passive) Loopback2 (passive) Loopback1 (passive) hình default route trên R2 qua interface Loopback0 R2(config)# ipv6 route ::/0 2001:db8:ff:999::1

R2(config-rtr)# no redistribute static

R2(config-if)# ipv6 summary-address eigrp 43 ::/0

R2(config-if)# ipv6 summary-address eigrp 43 ::/0

R3(config)# router eigrp EIGRP_IPV6

R3(config-router)# address-family ipv6 unicast autonomous-system 43

R3(config-router-af)# af-interface g0/0/0

R3(config-router-af-interface)# summary-address 2001:db8:abcd::/56

R3(config-router-af-interface)# exit

R3(config-router-af)# af-interface g0/0/1

R3(config-router-af-interface)# summary-address 2001:db8:abcd::/56

R3(config-router-af-interface)# end

D 2001:DB8:ABCD::/56 [90/1536640] via FE80::D1:1, Ethernet0/1.1

-AUTHEN-KEY trên R1, R2, R3, D2 i key-string là

R1(config)# key chain EIGRPv6-AUTHEN-KEY

R1(config-keychain-key)# key-string $3cre7!!

R2(config-if)# ipv6 authentication key-chain eigrp 43 EIGRPv6-AUTHEN-KEY R2(config-if)# ipv6 authentication mode eigrp 43 md5

R2(config-if)# ipv6 authentication key-chain eigrp 43 EIGRPv6-AUTHEN-KEY R2(config-if)# ipv6 authentication mode eigrp 43 md5

R1(config)# router eigrp EIGRP_IPV6

R1(config-router)# address-family ipv6 unicast autonomous-system 43

R1(config-router-af)# af-interface g0/0/0

R1(config-router-af-interface)# authentication key-chain EIGRPv6-AUTHEN-KEY R1(config-router-af-interface)# authentication mode md5

R1(config-router-af-interface)# end

R3(config)# router eigrp EIGRP_IPV6

R3(config-router)# address-family ipv6 unicast autonomous-system 43

R3(config-router-af)# af-interface g0/0/0

R3(config-router-af-interface)# authentication key-chain EIGRPv6-AUTHEN-KEY R3(config-router-af-interface)# authentication mode md5

R3(config-router-af-interface)# end thentication mode md5 R1# show ipv6 eigrp interface detail | section Gi0/0/0

Authentication mode is md5, key-chain is "EIGRP-AUTHEN-KEY"

- G0/0/1.1, R3 interface G0/0/1, và D2 interfaces G1/0/1 - G1/0/11 có cùng Named EIGRP

R1(config)# router eigrp EIGRP_IPV6

R1(config-router)# address-family ipv6 unicast autonomous-system 43

R1(config-router-af)# af-interface g0/0/1.1

R1(config-router-af-interface)# authentication mode hmac-sha-256 $3cre7!! R1(config-router-af-interface)# end

-SHA-256 R1# show ipv6 eigrp interface detail | section Gi0/0/1.1

Authentication mode is HMAC-SHA-256, key-chain is not set

R2(config-if)# no ipv6 summary-address eigrp 43 ::/0

R2(config-if)# no ipv6 summary-address eigrp 43 ::/0

R3# show ipv6 route eigrp | section 2001:DB8:ACAD:2::/64

D 2001:DB8:ACAD:2::/64 [90/2048000] via FE80::2:2, Ethernet0/0 via FE80::D1:2, Ethernet0/1

R3# show ipv6 route eigrp | section 2001:DB8:ACAD:2::/64

D 2001:DB8:ACAD:2::/64 [90/2048000] via FE80::D1:2, Ethernet0/1

R3(config)# router eigrp EIGRP_IPV6

R3(config-router)# address-family ipv6 unicast autonomous-system 43

R3(config-router-af)# topology base

R3(config-router-af-topology)# variance 2

R3(config-router-af-topology)# exit

R1(config)#no ip domain lookup

R1(config-if)# ip address 192.168.1.1 255.255.255.192 R1(config-if)# no shut

R1(config-if)#ip address 10.10.0.1 255.255.255.248 R1(config-if)# no shut

D1(config)# no ip domain lookup

D1(config-if)# ip address 10.10.0.2 255.255.255.248 D1(config-if)# no shut

D1(config-if)# ip address 10.10.8.1 255.255.255.0 D1(config-if)# no shut

D1(config-if)# ip address 10.10.9.1 255.255.255.0 D1(config-if)# no shut

D2(config)# no ip domain lookup

R1# copy running-config startup-config

D1# copy running-config startup-config

D2# copy running-config startup-config

R1# show ip interface brief | include manual

GigabitEthernet0/0/1 10.10.0.1 YES manual up up Loopback0 209.165.200.225 YES manual up up Loopback1 192.168.1.1 YES manual up up

D1# show ip interface brief | include manual

GigabitEthernet1/0/5 10.10.0.2 YES manual up up GigabitEthernet1/0/23 10.10.8.1 YES manual up up GigabitEthernet1/0/24 10.10.9.1 YES manual up up

D2# show ip interface brief | include manual

GigabitEthernet1/0/5 10.10.0.3 YES manual up up GigabitEthernet1/0/23 10.10.24.1 YES manual up up GigabitEthernet1/0/24 10.10.25.1 YES manual up up

Type escape sequence to abort

Sending 5, 100-byte ICMP Echos to 10.10.0.2, timeout is 2 seconds: !!!!

Success rate is 80 percent (4/5), round-trip min/avg/max = 1/1/1 ms R1# ping 10.10.0.3

Type escape sequence to abort

Sending 5, 100-byte ICMP Echos to 10.10.0.3, timeout is 2 seconds: !!!!

Success rate is 80 percent (4/5), round-trip min/avg/max = 1/1/1 ms

Outgoing update filter list for all interfaces is not set

Incoming update filter list for all interfaces is not set

Number of areas in this router is 1 1 normal 0 stub 0 nssa

Outgoing update filter list for all interfaces is not set

Incoming update filter list for all interfaces is not set

Number of areas in this router is 1 1 normal 0 stub 0 nssa

R1(config-if)# ip ospf network point-to-point

R1(config-if)# ip ospf 123 area 0

R1(config-if)#ip ospf 123 area 0

R1# show ip protocols | section ospf

Outgoing update filter list for all interfaces is not set Incoming update filter list for all interfaces is not set Router ID 209.165.200.225

Number of areas in this router is 1 1 normal 0 stub 0 nssa Maximum path: 4

Routing on Interfaces Configured Explicitly (Area 0):

Reset ALL OSPF processes? [no]: yes R1# show ip protocol | include Router ID

Reset ALL OSPF processes? [no]: yes D1# show ip protocol | include Router ID

Reset ALL OSPF processes? [no]: yes

D2# show ip protocols | include Router ID

R1# show ip route ospf | begin Gateway

Gateway of last resort is not set

10.0.0.0/8 is variably subnetted, 6 subnets, 3 masks

D1# show ip route ospf | begin Gateway

Gateway of last resort is not set

10.0.0.0/8 is variably subnetted, 8 subnets, 3 masks

O 10.10.25.0/24 [110/20] via 10.10.0.3, 00:11:17, GigabitEthernet1/0/5 192.168.1.0/26 is subnetted, 1 subnets

D2# show ip route ospf | begin Gateway

Gateway of last resort is not set

10.0.0.0/8 is variably subnetted, 8 subnets, 3 masks

O 10.10.9.0/24 [110/20] via 10.10.0.2, 00:14:26, GigabitEthernet1/0/5 192.168.1.0/26 is subnetted, 1 subnets

R1# show ip ospf interface brief

Interface PID Area IP Address/Mask Cost State Nbrs F/C

D1# show ip ospf interface brief

Interface PID Area IP Address/Mask Cost State Nbrs F/C

D2# show ip ospf interface brief

Interface PID Area IP Address/Mask Cost State Nbrs F/C

R1(config-router)# default-information originate

R1# show ip route static | begin Gateway

Gateway of last resort is 0.0.0.0 to network 0.0.0.0

D1# show ip route | include Gateway|0/0

Gateway of last resort is 10.10.0.1 to network 0.0.0.0

D2# show ip route | include Gateway|0/0

Gateway of last resort is 10.10.0.1 to network 0.0.0.0

O*E2 0.0.0.0/0 [110/1] via 10.10.0.1, 00:09:36, GigabitEthernet1/0/5 passive interfaces trên R1, D1 và D2

R1(config-router)# passive-interface lo1

D1(config-router)# passive-interface default

D1(config-router)# no passive-interface g1/0/5

D2(config-router)# passive-interface default

D2(config-router)# no passive-interface g1/0/5

R1# show ip protocols | section ospf

R1(config-router)# auto-cost reference-bandwidth 1000

% OSPF: Reference bandwidth is changed

Please ensure reference bandwidth is consistent across all routers R1(config-router)# end

D1(config-router)# auto-cost reference-bandwidth 1000

% OSPF: Reference bandwidth is changed

Please ensure reference bandwidth is consistent across all routers D1(config-router)# end

D2(config-router)# auto-cost reference-bandwidth 1000

% OSPF: Reference bandwidth is changed

Please ensure reference bandwidth is consistent across all routers D2(config-router)# end

, D1, D2 R1# show ip ospf | include Ref

D1# show ip ospf | include Ref

D2# show ip ospf | include Ref

R1# show ip route ospf | begin Gateway

Gateway of last resort is 0.0.0.0 to network 0.0.0.0

D1# show ip route ospf | begin Gateway

Gateway of last resort is 10.10.0.1 to network 0.0.0.0

10.0.0.0/8 is variably subnetted, 5 subnets, 2 masks

O 10.10.25.0/24 [110/20] via 10.10.0.3, 00:02:48, GigabitEthernet1/0/5 192.168.1.0/26 is subnetted, 1 subnets

D2# show ip route ospf | begin Gateway

Gateway of last resort is 10.10.0.1 to network 0.0.0.0

10.0.0.0/8 is variably subnetted, 5 subnets, 2 masks

O 10.10.9.0/24 [110/20] via 10.10.0.2, 00:00:10, GigabitEthernet1/0/5 192.168.1.0/26 is subnetted, 1 subnets

Hello timers và Dead timers

R1(config-if)# ip ospf hello-interval 5

R1(config-if)# ip ospf dead-interval 20

D1(config-if)# ip ospf hello-interval 5

D1(config-if)# ip ospf dead-interval 20

D2(config-if)# ip ospf hello-interval 5

D2(config-if)# ip ospf dead-interval 20

R1# show ip ospf interface g0/0/1 | include Timer

Timer intervals configured, Hello 5, Dead 20, Wait 20, Retransmit 5 D1# show ip ospf interface g1/0/5 | include Timer

Timer intervals configured, Hello 5, Dead 20, Wait 20, Retransmit 5 D2# show ip ospf interface g1/0/5 | include Timer

Timer intervals configured, Hello 5, Dead 20, Wait 20, Retransmit 5

DR và BDR trong OSPF

Neighbor ID Pri State Dead Time Address Interface 2.2.2.2 1 FULL/BDR 00:00:34 10.10.0.2 G0/0/1

GigabitEthernet0/0/1 is up, line protocol is up

Internet Address 10.10.0.1/29, Interface ID 7, Area 0

Process ID 123, Router ID 1.1.1.1, Network Type BROADCAST, Cost: 10 Topology-MTID Cost Disabled Shutdown Topology Name

Enabled by interface config, including secondary ip addresses

Transmit Delay is 1 sec, State BDR, Priority 1

Designated Router (ID) 3.3.3.3, Interface address 10.10.0.3

Backup Designated router (ID) 2.2.2.2, Interface address 10.10.0.2 Timer intervals configured, Hello 5, Dead 20, Wait 20, Retransmit 5

Supports Link-local Signaling (LLS)

Cisco NSF helper support enabled

IETF NSF helper support enabled

Can be protected by per-prefix Loop-Free FastReroute

Can be used for per-prefix Loop-Free FastReroute repair paths

Not Protected by per-prefix TI-LFA

Last flood scan length is 1, maximum is 2

Last flood scan time is 0 msec, maximum is 1 msec

Neighbor Count is 2, Adjacent neighbor count is 2

Adjacent with neighbor 2.2.2.2 (Backup Designated Router)

Adjacent with neighbor 3.3.3.3 (Designated Router)

D2(config-if)# ip ospf priority 0

R1(config-if)# ip ospf priority 255

Neighbor ID Pri State Dead Time Address Interface

R1# show ip ospf interface g0/0/1 | include State

Transmit Delay is 1 sec, State DR, Priority 255

Neighbor ID Pri State Dead Time Address Interface

R1(config)# no ip domain lookup

R1(config)# banner motd # This is R1, Implement Multi-Area OSPFv2 Lab #

R2(config)# no ip domain lookup

R2(config)# banner motd # This is R2, Implement Multi-Area OSPFv2 Lab #

R3(config)# no ip domain lookup

R3(config)# banner motd # This is R3, Implement Multi-Area OSPFv2 Lab #

D1(config)# no ip domain lookup

D1(config)# banner motd # This is D1, Implement Multi-Area OSPFv2 Lab #

D2(config)# no ip domain lookup

D2(config)# banner motd # This is D2, Implement Multi-Area OSPFv2 Lab #

R1# copy running-config startup-config

R2# copy running-config startup-config

R3# copy running-config startup-config

D1# copy running-config startup-config

D2# copy running-config startup-config

R1# show ip interface brief | include manual

GigabitEthernet0/0/0 172.16.0.2 YES manual up up GigabitEthernet0/0/1 10.10.0.1 YES manual up up

R2# show ip interface brief | include manual GigabitEthernet0/0/0 172.16.0.1 YES manual up up GigabitEthernet0/0/1 172.16.1.1 YES manual up up Loopback0 209.165.200.225 YES manual up up

R3# show ip interface brief | include manual GigabitEthernet0/0/0 172.16.1.2 YES manual up up GigabitEthernet0/0/1 10.10.4.1 YES manual up up

D1# show ip interface brief | include manual GigabitEthernet1/0/11 10.10.0.2 YES manual up up GigabitEthernet1/0/23 10.10.1.1 YES manual up up

GigabitEthernet1/0/11 10.10.4.2 YES manual up up

GigabitEthernet1/0/23 10.10.5.1 YES manual up up

D1(config-router)# auto-cost reference-bandwidth 1000

*** IP Routing is NSF aware ***

Outgoing update filter list for all interfaces is not set

Incoming update filter list for all interfaces is not set

Number of areas in this router is 1 1 normal 0 stub 0 nssa

D1#show ip ospf interface brief

Interface PID Area IP Address/Mask Cost State Nbrs F/C Gi1/0/23 123 1 10.10.1.1/24 100 DR 0/0

R1(config-router)# auto-cost reference-bandwidth 1000

R1# show ip protocols | begin ospf

Outgoing update filter list for all interfaces is not set Incoming update filter list for all interfaces is not set Router ID 1.1.1.1

It is an area border router

Number of areas in this router is 2 2 normal 0 stub 0 nssa Maximum path: 4

R1#show ip ospf | begin Ref

Reference bandwidth unit is 1000 mbps

Number of interfaces in this area is 1

SPF algorithm last executed 00:12:29.782 ago

Number of LSA 3 Checksum Sum 0x0142E6

Number of opaque link LSA 0 Checksum Sum 0x000000

Number of interfaces in this area is 1

SPF algorithm last executed 00:12:19.777 ago

Number of LSA 4 Checksum Sum 0x01C317

Number of opaque link LSA 0 Checksum Sum 0x000000

R1# show ip ospf interface brief

Interface PID Area IP Address/Mask Cost State Nbrs F/C Gi0/0/0 123 0 172.16.0.2/30 1 DR 0/0

Neighbor ID Pri State Dead Time Address Interface

R1# show ip ospf neighbor detail

Neighbor 1.1.1.2, interface address 10.10.0.2, interface-id 38

In the area 1 via interface GigabitEthernet0/0/1

Neighbor priority is 1, State is FULL, 6 state changes

Options is 0x12 in Hello (E-bit, L-bit)

Options is 0x52 in DBD (E-bit, L-bit, O-bit)

Index 1/1/1, retransmission queue length 0, number of retransmission 0 First 0x0(0)/0x0(0)/0x0(0) Next 0x0(0)/0x0(0)/0x0(0)

Last retransmission scan length is 0, maximum is 0

Last retransmission scan time is 0 msec, maximum is 0 msec

R1#show ip route ospf | begin Gateway

Gateway of last resort is not set

10.0.0.0/8 is variably subnetted, 3 subnets, 3 masks

Known via "ospf 123", distance 110, metric 11, type intra area

Last update from 10.10.0.2 on GigabitEthernet0/0/1, 00:25:25 ago

Route metric is 11, traffic share count is 1

R2(config-router)# auto-cost reference-bandwidth 1000

R2(config-router)# default-information originate

R2# show ip protocols | begin ospf

Outgoing update filter list for all interfaces is not set

Incoming update filter list for all interfaces is not set

Number of areas in this router is 1 1 normal 0 stub 0 nssa

R2#show ip ospf | begin Ref

Reference bandwidth unit is 1000 mbps

Number of interfaces in this area is 2

SPF algorithm last executed 00:05:04.999 ago

Number of LSA 5 Checksum Sum 0x01F6E8

Number of opaque link LSA 0 Checksum Sum 0x000000

R2# show ip ospf interface brief

Interface PID Area IP Address/Mask Cost State Nbrs F/C Gi0/0/1 123 0 172.16.1.1/30 1 DR 0/0

Neighbor ID Pri State Dead Time Address Interface 1.1.1.1 1 FULL/DR 00:00:36 172.16.0.2 G0/0/0

R2# show ip ospf neigh detail

Neighbor 1.1.1.1, interface address 172.16.0.2, interface-id 5

In the area 0 via interface GigabitEthernet0/0/0

Neighbor priority is 1, State is FULL, 6 state changes

Options is 0x12 in Hello (E-bit, L-bit)

Options is 0x52 in DBD (E-bit, L-bit, O-bit)

Index 1/1/1, retransmission queue length 0, number of retransmission 0 First 0x0(0)/0x0(0)/0x0(0) Next 0x0(0)/0x0(0)/0x0(0)

Last retransmission scan length is 0, maximum is 0

Last retransmission scan time is 0 msec, maximum is 0 msec

R2# show ip route ospf | begin Gateway

Gateway of last resort is 0.0.0.0 to network 0.0.0.0

10.0.0.0/8 is variably subnetted, 2 subnets, 2 masks

R2# show ip route static | begin Gateway

Gateway of last resort is 0.0.0.0 to network 0.0.0.0

Known via "ospf 123", distance 110, metric 12, type inter area

Last update from 172.16.0.2 on GigabitEthernet0/0/0, 00:31:08 ago

Route metric is 12, traffic share count is 1

R3(config-router)# auto-cost reference-bandwidth 1000

R3# show ip protocols | begin ospf

Outgoing update filter list for all interfaces is not set

Incoming update filter list for all interfaces is not set

It is an area border router

Number of areas in this router is 2 2 normal 0 stub 0 nssa

R3# show ip ospf | begin Ref

Reference bandwidth unit is 1000 mbps

Number of interfaces in this area is 1

SPF algorithm last executed 00:10:38.256 ago

Number of LSA 8 Checksum Sum 0x0396BA

Number of opaque link LSA 0 Checksum Sum 0x000000 Number of DCbitless LSA 0

Number of interfaces in this area is 1

SPF algorithm last executed 00:10:13.755 ago

Number of LSA 6 Checksum Sum 0x0362CF

Number of opaque link LSA 0 Checksum Sum 0x000000 Number of DCbitless LSA 0

R3# show ip ospf interface brief

Interface PID Area IP Address/Mask Cost State Nbrs F/C Gi0/0/0 123 0 172.16.1.2/30 1 BDR 1/1

Neighbor ID Pri State Dead Time Address Interface 2.2.2.1 1 FULL/DR 00:00:31 172.16.1.1 G0/0/0

R3# show ip ospf neighbor detail

Neighbor 2.2.2.1, interface address 172.16.1.1, interface-id 6

In the area 0 via interface GigabitEthernet0/0/0

Neighbor priority is 1, State is FULL, 6 state changes

Options is 0x12 in Hello (E-bit, L-bit)

Options is 0x52 in DBD (E-bit, L-bit, O-bit)

Index 1/1/1, retransmission queue length 0, number of retransmission 0 First 0x0(0)/0x0(0)/0x0(0) Next 0x0(0)/0x0(0)/0x0(0)

Last retransmission scan length is 0, maximum is 0

Last retransmission scan time is 0 msec, maximum is 0 msec

R3# show ip route ospf | begin Gateway

Gateway of last resort is 172.16.1.1 to network 0.0.0.0

10.0.0.0/8 is variably subnetted, 4 subnets, 3 masks

172.16.0.0/16 is variably subnetted, 3 subnets, 2 masks

Known via "ospf 123", distance 110, metric 1, candidate default path Tag 123, type extern 2, forward metric 1

Last update from 172.16.1.1 on GigabitEthernet0/0/0, 00:28:41 ago Routing Descriptor Blocks:

* 172.16.1.1, from 2.2.2.1, 00:28:41 ago, via GigabitEthernet0/0/0 Route metric is 1, traffic share count is 1

Known via "ospf 123", distance 110, metric 13, type inter area

Last update from 172.16.1.1 on GigabitEthernet0/0/0, 00:29:10 ago Routing Descriptor Blocks:

* 172.16.1.1, from 1.1.1.1, 00:29:10 ago, via GigabitEthernet0/0/0 Route metric is 13, traffic share count is 1

D2(config-router)# auto-cost reference-bandwidth 1000

Outgoing update filter list for all interfaces is not set

Incoming update filter list for all interfaces is not set

Number of areas in this router is 1 1 normal 0 stub 0 nssa

D2# show ip ospf interface brief

Interface PID Area IP Address/Mask Cost State Nbrs F/C Gi1/0/23 123 2 10.10.5.1/24 10 DR 0/0 G11/0/11 123 2 10.10.4.2/30 1 BDR 1/1

Neighbor ID Pri State Dead Time Address Interface 3.3.3.1 1 FULL/BDR 00:00:33 10.10.4.1 G1/0/11

D2# show ip route ospf | begin Gateway

Gateway of last resort is 10.10.4.1 to network 0.0.0.0

10.0.0.0/8 is variably subnetted, 6 subnets, 3 masks

Known via "ospf 123", distance 110, metric 1, candidate default path

Tag 123, type extern 2, forward metric 2

Last update from 10.10.4.1 on G1/0/11, 00:18:31 ago

Route metric is 1, traffic share count is 1

Pinging 10.10.5.10 with 32 bytes of data:

Reply from 10.10.5.10: bytes2 time=1ms TTL3

Reply from 10.10.5.10: bytes2 time=1ms TTL3

Reply from 10.10.5.10: bytes2 time=1ms TTL3

Reply from 10.10.5.10: bytes2 time=1ms TTL3

Neighbor ID Pri State Dead Time Address Interface 1.1.1.1 1 FULL/BDR 00:00:32 10.10.0.1 G1/0/11

D1# show ip route ospf | begin Gateway

Gateway of last resort is 10.10.0.1 to network 0.0.0.0

10.0.0.0/8 is variably subnetted, 6 subnets, 3 masks

OSPF Router with ID (1.1.1.2) (Process ID 123)

Link ID ADV Router Age Seq# Checksum Link count 1.1.1.1 1.1.1.1 1806 0x80000005 0x00DC15 1

Link ID ADV Router Age Seq# Checksum

Summary Net Link States (Area 1)

Link ID ADV Router Age Seq# Checksum

Summary ASB Link States (Area 1)

Link ID ADV Router Age Seq# Checksum

Type-5 AS External Link States

Link ID ADV Router Age Seq# Checksum Tag

D1# show ip ospf database router

OSPF Router with ID (1.1.1.2) (Process ID 123)

Routing Bit Set on this LSA in topology Base with MTID 0

Options: (No TOS-capability, DC)

Link connected to: a Transit Network

(Link ID) Designated Router address: 10.10.0.2 (Link Data) Router Interface address: 10.10.0.1 Number of TOS metrics: 0

Options: (No TOS-capability, DC)

Link connected to: a Transit Network

(Link ID) Designated Router address: 10.10.0.2 (Link Data) Router Interface address: 10.10.0.2 Number of MTID metrics: 0

(Link ID) Network/subnet number: 10.10.1.0

Xem thông tin network LSA type 2

D1# show ip ospf database network

OSPF Router with ID (1.1.1.2) (Process ID 123)

Options: (No TOS-capability, DC)

Link State ID: 10.10.0.2 (address of Designated Router)

Xem thông tin network LSA type 3

D1# show ip ospf database summary

OSPF Router with ID (1.1.1.2) (Process ID 123)

Summary Net Link States (Area 1)

Options: (No TOS-capability, DC, Upward)

LS Type: Summary Links(Network)

Link State ID: 10.10.4.0 (summary Network Number)

Options: (No TOS-capability, DC, Upward)

LS Type: Summary Links(Network)

Link State ID: 10.10.5.0 (summary Network Number) Advertising Router: 1.1.1.1

Options: (No TOS-capability, DC, Upward)

LS Type: Summary Links(Network)

Link State ID: 172.16.0.0 (summary Network Number) Advertising Router: 1.1.1.1

Options: (No TOS-capability, DC, Upward)

LS Type: Summary Links(Network)

Link State ID: 172.16.1.0 (summary Network Number) Advertising Router: 1.1.1.1

Xem thông tin network LSA type 4

D1# show ip ospf database asbr-summary

OSPF Router with ID (1.1.1.2) (Process ID 123)

Summary ASB Link States (Area 1)

Options: (No TOS-capability, DC, Upward)

LS Type: Summary Links(AS Boundary Router)

Link State ID: 2.2.2.1 (AS Boundary Router address)

Xem thông tin network LSA type 5

D1# show ip ospf database external

OSPF Router with ID (1.1.1.2) (Process ID 123)

Type-5 AS External Link States

Options: (No TOS-capability, DC, Upward)

LS Type: AS External Link

Link State ID: 0.0.0.0 (External Network Number )

Metric Type: 2 (Larger than any link state path)

OSPF Router with ID (1.1.1.1) (Process ID 123)

Link ID ADV Router Age Seq# Checksum Link count 1.1.1.1 1.1.1.1 1250 0x80000009 0x001E87 1

Link ID ADV Router Age Seq# Checksum

Summary Net Link States (Area 0)

Link ID ADV Router Age Seq# Checksum

Link ID ADV Router Age Seq# Checksum Link count 1.1.1.1 1.1.1.1 1250 0x80000009 0x00D419 1

Link ID ADV Router Age Seq# Checksum

Summary Net Link States (Area 1)

Link ID ADV Router Age Seq# Checksum

Summary ASB Link States (Area 1)

Link ID ADV Router Age Seq# Checksum

Type-5 AS External Link States

Link ID ADV Router Age Seq# Checksum Tag

OSPF Router with ID (2.2.2.1) (Process ID 123)

Link ID ADV Router Age Seq# Checksum Link count 1.1.1.1 1.1.1.1 1790 0x80000009 0x001E87 1

Link ID ADV Router Age Seq# Checksum

Summary Net Link States (Area 0)

Link ID ADV Router Age Seq# Checksum

Type-5 AS External Link States

Link ID ADV Router Age Seq# Checksum Tag

Device Interface IPv4 Address IPv6 Address IPv6 Link-Local R1 G0/0/0 172.16.0.2/30 2001:db8:acad:a001::2/64 fe80::1:2

R1(config)# no ip domain lookup

R1(config-if)# ipv6 add 2001:db8:acad:a001::2/64 R1(config-if)# ipv6 add fe80::1:2 link-local

R1(config-if)# ip add 10.10.0.1 255.255.255.252 R1(config-if)# ipv6 add 2001:db8:acad:1001::1/64 R1(config-if)# ipv6 add fe80::1:1 link-local

R2(config)# no ip domain lookup

R2(config-if)# ip add 172.16.0.1 255.255.255.252 R2(config-if)# ipv6 add 2001:db8:acad:a001::1/64 R2(config-if)# ipv6 add fe80::2:1 link-local

R2(config-if)# ip address 172.16.1.1 255.255.255.252 R2(config-if)# ipv6 add 2001:db8:acad:a002::1/64 R2(config-if)# ipv6 add fe80::2:2 link-local

R2(config-if)# ipv6 add 2001:db8:feed:209::1/64

R2(config-if)# ipv6 add fe80::2:3 link-local

R3(config)# no ip domain lookup

R3(config-if)# ipv6 add 2001:db8:acad:a002::2/64

R3(config-if)# ipv6 add fe80::3:2 link-local

R3(config-if)# ipv6 add 2001:db8:acad:2001::1/64

R3(config-if)# ipv6 add fe80::3:1 link-local

D1(config)# no ip domain lookup

D1(config-if)# ip address 10.10.0.2 255.255.255.252 D1(config-if)# ipv6 add 2001:db8:acad:1001::2/64 D1(config-if)# ipv6 add fe80::d1:2 link-local

D1(config-if)# ip address 10.10.1.1 255.255.255.0 D1(config-if)# ipv6 add 2001:db8:acad:1002::1/64 D1(config-if)# ipv6 add fe80::d1:1 link-local

D2(config)# no ip domain lookup

D2(config-if)# ip address 10.10.4.2 255.255.255.252 D2(config-if)# ipv6 add 2001:db8:acad:2001::2/64 D2(config-if)# ipv6 add fe80::d2:2 link-local

D2(config-if)# ipv6 add 2001:db8:acad:2002::1/64

D2(config-if)# ipv6 add fe80::d2:1 link-local

R1# copy running-config startup-config

R2# copy running-config startup-config

R3# copy running-config startup-config

D1# copy running-config startup-config

D2# copy running-config startup-config

2001:DB8:ACAD:1001::/64 attached to GigabitEthernet1/0/11

2001:DB8:ACAD:1001::2/128 receive for GigabitEthernet1/0/11

2001:DB8:ACAD:1002::/64 attached to GigabitEthernet1/0/23

2001:DB8:ACAD:1002::1/128 receive for GigabitEthernet1/0/23

D1(config-if)# ipv6 ospf 123 area 1

D1(config-if)# ipv6 ospf 123 area 1

Routing Process "ospfv3 123" with ID 1.1.1.2

Supports NSSA (compatible with RFC 3101)

Supports Database Exchange Summary List Optimization (RFC 5243) Event-log enabled, Maximum number of events: 1000, Mode: cyclic Router is not originating router-LSAs with maximum metric

Initial SPF schedule delay 50 msecs

Minimum hold time between two consecutive SPFs 200 msecs

Maximum wait time between two consecutive SPFs 5000 msecs

Minimum hold time for LSA throttle 200 msecs

Maximum wait time for LSA throttle 5000 msecs

LSA group pacing timer 240 secs

Interface flood pacing timer 33 msecs

Retransmission limit dc 24 non-dc 24

EXCHANGE/LOADING adjacency limit: initial 300, process maximum 300

Number of external LSA 0 Checksum Sum 0x000000

Number of areas in this router is 1 1 normal 0 stub 0 nssa

Graceful restart helper support enabled

Reference bandwidth unit is 100 mbps

Number of interfaces in this area is 2

Number of LSA 12 Checksum Sum 0x0486C1

IPv6 Routing Protocol is "connected"

IPv6 Routing Protocol is "ND"

IPv6 Routing Protocol is "ospf 123"

Number of areas: 1 normal, 0 stub, 0 nssa

R1(config-router)# address-family ? ipv4 Address family ipv6 Address family

R1(config-router)# address-family ipv4 ? unicast Address Family modifier vrf Specify parameters for a VPN Routing/Forwarding instance

R1(config-router)# address-family ipv4 unicast

Router Address Family configuration commands: adjacency Control adjacency formation area OSPF area parameters authentication Authentication parameters auto-cost Calculate OSPF interface cost according to bandwidth auto-cost-determination Calculate OSPF interface cost according to bandwidth bfd BFD configuration commands compatible Compatibility list default Set a command to its defaults default-information Control distribution of default information default-metric Set metric of redistributed routes discard-route Enable or disable discard-route installation distance Define an administrative distance distribute-list Filter networks in routing updates event-log Event Logging exit-address-family Exit from Address Family configuration mode graceful-restart Graceful-restart options help Description of the interactive help system interface-id Source of the interface ID limit Limit a specific OSPF feature local-rib-criteria Enable or disable usage of local RIB as route criteria log-adjacency-changes Log changes in adjacency state manet Specify MANET OSPF parameters max-lsa Maximum number of non self-generated LSAs to accept max-metric Set maximum metric maximum-paths Forward packets over multiple paths mpls MPLS Traffic Engineering configs no Negate a command or set its defaults passive-interface Suppress routing updates on an interface prefix-suppression Enable prefix suppression process-min-time Percentage of quantum to be used before releasing CPU queue-depth Hello/Router process queue depth redistribute Redistribute information from another routing protocol router-id router-id for this OSPF process shutdown Shutdown the router process snmp Modify snmp parameters statistics Enable or disable OSPF statistics options summary-address Configure IP address summaries summary-prefix Configure IP address summaries timers Adjust routing timers

R1(config-router-af)# router-id 1.1.1.1

R1(config-router-af)# exit-address-family

R1(config-router)# address-family ipv6 unicast

R1(config-router-af)# router-id 1.1.1.1

R1(config-router-af)# exit-address-family

R1(config-if)# ospfv3 123 ipv4 area 0

R1(config-if)# ospfv3 123 ipv6 area 0

R1(config-if)# ospfv3 123 ipv4 area 1

R1(config-if)# ospfv3 123 ipv6 area 1

R2(config-router)# address-family ipv4 unicast R2(config-router-af)# router-id 2.2.2.1

R2(config-router-af)# exit-address-family R2(config-router)# address-family ipv6 unicast R2(config-router-af)# router-id 2.2.2.1

R2(config-router-af)# exit-address-family R2(config-router)# exit

R2(config-if)# ospfv3 123 ipv4 area 0

R2(config-if)# ospfv3 123 ipv6 area 0

R2(config-if)# ospfv3 123 ipv4 area 0

R2(config-if)# ospfv3 123 ipv6 area 0

R3(config-router)# address-family ipv4 unicast R3(config-router-af)# exit-address-family R3(config-router)# address-family ipv6 unicast R3(config-router-af)# exit-address-family R3(config-router)# exit

R3(config-if)# ospfv3 123 ipv4 area 0

R3(config-if)# ospfv3 123 ipv6 area 0

R3(config-if)# ospfv3 123 ipv4 area 2

R3(config-if)# ospfv3 123 ipv6 area 2

D2(config-router)# address-family ipv4 unicast

D2(config-router-af)# router-id 3.3.3.2

D2(config-router-af)# exit-address-family

D2(config-router)# address-family ipv6 unicast

D2(config-router-af)# router-id 3.3.3.2

D2(config-router-af)# exit-address-family

D2(config-if)# ospfv3 123 ipv4 area 2

D2(config-if)# ospfv3 123 ipv6 area 2

D2(config-if)# ospfv3 123 ipv4 area 2

D2(config-if)# ospfv3 123 ipv6 area 2

OSPFv3 Router with ID (1.1.1.2) (Process ID 123)

Neighbor ID Pri State Dead Time Interface ID Interface 1.1.1.1 1 FULL/DR 00:00:39 6 g1/0/11

OSPFv3 Router with ID (1.1.1.1) (Process ID 123)

Neighbor ID Pri State Dead Time Interface ID Interface 2.2.2.1 1 FULL/BDR 00:00:31 5 g0/0/0 1.1.1.2 1 FULL/BDR 00:00:38 471 g0/0/1

OSPFv3 123 address-family ipv4 (router-id 1.1.1.1)

Neighbor ID Pri State Dead Time Interface ID Interface 2.2.2.1 1 FULL/BDR 00:00:38 5 g0/0/0

OSPFv3 123 address-family ipv6 (router-id 1.1.1.1)

Neighbor ID Pri State Dead Time Interface ID Interface 2.2.2.1 1 FULL/BDR 00:00:32 5 g0/0/0 1.1.1.2 1 FULL/BDR 00:00:30 471 g0/0/1

IPv6 Routing Table - default - 9 entries

Codes: C - Connected, L - Local, S - Static, U - Per-user Static route

I2 - ISIS L2, IA - ISIS interarea, IS - ISIS summary, D - EIGRP

EX - EIGRP external, ND - ND Default, NDp - ND Prefix, DCE -

NDr - Redirect, RL - RPL, O - OSPF Intra, OI - OSPF Inter

OE1 - OSPF ext 1, OE2 - OSPF ext 2, ON1 - OSPF NSSA ext 1

ON2 - OSPF NSSA ext 2, la - LISP alt, lr - LISP site-registrations ld - LISP dyn-eid, lA - LISP away, le - LISP extranet-policy

OI 2001:DB8:ACAD:2001::/64 [110/4] via FE80::1:1, GigabitEthernet1/0/11

OI 2001:DB8:ACAD:2002::/64 [110/5] via FE80::1:1, GigabitEthernet1/0/11

OI 2001:DB8:ACAD:A001::/64 [110/2] via FE80::1:1, GigabitEthernet1/0/11 via FE80::1:1, GigabitEthernet1/0/11

Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP

D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area

N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2

E1 - OSPF external type 1, E2 - OSPF external type 2 i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2 ia - IS-IS inter area, * - candidate default, U - per-user static route o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP a - application route

+ - replicated route, % - next hop override, p - overrides from PfR

Gateway of last resort is not set

10.0.0.0/8 is variably subnetted, 4 subnets, 3 masks

O IA 10.10.5.0/24 [110/4] via 172.16.0.1, 00:17:34, GigabitEthernet0/0/0 172.16.0.0/16 is variably subnetted, 3 subnets, 2 masks

IPv6 Routing Table - default - 9 entries

Codes: C - Connected, L - Local, S - Static, U - Per-user Static route

I2 - ISIS L2, IA - ISIS interarea, IS - ISIS summary, D - EIGRP

EX - EIGRP external, ND - ND Default, NDp - ND Prefix, DCE -

NDr - Redirect, RL - RPL, O - OSPF Intra, OI - OSPF Inter

OE1 - OSPF ext 1, OE2 - OSPF ext 2, ON1 - OSPF NSSA ext 1

ON2 - OSPF NSSA ext 2, a - Application

O 2001:DB8:ACAD:1002::/64 [110/2] via FE80::D1:2, GigabitEthernet0/0/1

OI 2001:DB8:ACAD:2001::/64 [110/3] via FE80::2:1, GigabitEthernet0/0/0

OI 2001:DB8:ACAD:2002::/64 [110/4] via FE80::2:1, GigabitEthernet0/0/0

O 2001:DB8:ACAD:A002::/64 [110/2] via FE80::2:1, GigabitEthernet0/0/0

OSPFv3 Router with ID (1.1.1.2) (Process ID 123)

ADV Router Age Seq# Fragment ID Link count Bits 1.1.1.1 1096 0x80000009 0 1 B 1.1.1.2 1110 0x80000005 0 1 None

ADV Router Age Seq# Link ID Rtr count

Inter Area Prefix Link States (Area 1)

ADV Router Age Seq# Prefix

Link (Type-8) Link States (Area 1)

ADV Router Age Seq# Link ID Interface

ADV Router Age Seq# Link ID Ref-lstype Ref-LSID 1.1.1.1 1152 0x80000001 6144 0x2002 6

OSPFv3 123 address-family ipv4 (router-id 1.1.1.1)

ADV Router Age Seq# Fragment ID Link count Bits

ADV Router Age Seq# Link ID Rtr count

Inter Area Prefix Link States (Area 0)

ADV Router Age Seq# Prefix

Link (Type-8) Link States (Area 0)

ADV Router Age Seq# Link ID Interface

Intra Area Prefix Link States (Area 0)

ADV Router Age Seq# Link ID Ref-lstype Ref-LSID 2.2.2.1 539 0x80000001 5120 0x2002 5

ADV Router Age Seq# Fragment ID Link count Bits

OSPFv3 123 address-family ipv6 (router-id 1.1.1.1)

ADV Router Age Seq# Fragment ID Link count Bits 1.1.1.1 530 0x80000005 0 1 B 2.2.2.1 508 0x80000009 0 2 None 3.3.3.1 508 0x80000006 0 1 B

ADV Router Age Seq# Link ID Rtr count

Inter Area Prefix Link States (Area 0)

ADV Router Age Seq# Prefix

Link (Type-8) Link States (Area 0)

ADV Router Age Seq# Link ID Interface

Intra Area Prefix Link States (Area 0)

ADV Router Age Seq# Link ID Ref-lstype Ref-LSID 2.2.2.1 539 0x80000001 5120 0x2002 5

ADV Router Age Seq# Fragment ID Link count Bits 1.1.1.1 553 0x80000006 0 1 B 1.1.1.2 552 0x80000025 0 1 None

ADV Router Age Seq# Link ID Rtr count

Inter Area Prefix Link States (Area 1)

ADV Router Age Seq# Prefix

Link (Type-8) Link States (Area 1)

ADV Router Age Seq# Link ID Interface

Intra Area Prefix Link States (Area 1)

ADV Router Age Seq# Link ID Ref-lstype Ref-LSID 1.1.1.2 481 0x80000016 0 0x2001 0

D2(config-router)# no passive-interface g1/0/23

D2(config-router)# address-family ipv4 unicast

D2(config-router-af)# passive-interface g1/0/23

D2(config-router-af)# exit-address-family

D2(config-router)# address-family ipv6 unicast

D2(config-router-af)# passive-interface g1/0/23

D2(config-router-af)# exit-address-family

R1(config-router)# address-family ipv6 unicast

R1(config-router-af)# area 1 range 2001:db8:acad:1000::/52

R3(config-router)# address-family ipv6 unicast

R3(config-router-af)# area 2 range 2001:db8:acad:2000::/52

OI 2001:DB8:ACAD:1000::/52 [110/3] via FE80::1:2, GigabitEthernet0/0/0

OI 2001:DB8:ACAD:2000::/52 [110/3] via FE80::3:2, GigabitEthernet0/0/1

Interface PID Area AF Cost State Nbrs F/C Gi0/0/1 123 0 ipv4 1 BDR 1/1 Gi0/0/0 123 0 ipv4 1 DR 1/1 Gi0/0/1 123 0 ipv6 1 BDR 1/1 Gi0/0/0 123 0 ipv6 1 DR 1/1

R2(config-if)# ospfv3 network point-to-point

R2(config-if)# ospfv3 network point-to-point

R1(config-if)# ospfv3 network point-to-point

R3(config-if)# ospfv3 network point-to-point

Interface PID Area AF Cost State Nbrs F/C

R2(config-router)# address-family ipv6 unicast

R2(config-router-af)# default-information originate

R2(config-router)# address-family ipv4 unicast

R2(config-router-af)# default-information originate

OE2 ::/0 [110/1], tag 123 via FE80::1:1, GigabitEthernet1/0/11

OI 2001:DB8:ACAD:2000::/52 [110/5] via FE80::1:1, GigabitEthernet1/0/11

OI 2001:DB8:ACAD:A001::/64 [110/2] via FE80::1:1, GigabitEthernet1/0/11

OI 2001:DB8:ACAD:A002::/64 [110/3] via FE80::1:1, GigabitEthernet1/0/11

Gateway of last resort is 10.10.4.1 to network 0.0.0.0

Router R1 hostname R1 no ip domain lookup line con 0 logging sync exec-time 0 0 exit interface Loopback0 ip address 192.168.1.1 255.255.255.224 no shut exit

100 interface Loopback1 ip address 192.168.1.65 255.255.255.192 no shut exit interface FastEthernet0/0 ip address 10.1.2.1 255.255.255.0 no shut exit interface Serial1/0 ip address 10.1.3.1 255.255.255.128 no shut exit interface Serial1/1 ip address 10.1.3.129 255.255.255.128 no shut exit

Router R2 hostname R2 no ip domain lookup line con 0 logging sync exec-time 0 0 exit interface Loopback0 ip address 192.168.2.1 255.255.255.224 no shut exit interface Loopback1 ip address 192.168.2.65 255.255.255.192 no shut exit interface FastEthernet0/0 ip address 10.1.2.2 255.255.255.0 no shut interface FasttEthernet1/0 ip address 10.2.3.2 255.255.255.0 no shut exit

Router R3 hostname R3 no ip domain lookup line con 0 logging sync exec-time 0 0 exit interface Loopback0 ip address 192.168.3.1 255.255.255.224 no shut exit interface Loopback1 ip address 192.168.3.65 255.255.255.192 no shut exit interface FastEthernet0/0 ip address 10.2.3.3 255.255.255.0 negotiation auto no shut exit interface Serial1/0 ip address 10.1.3.3 255.255.255.128 no shut exit interface Serial1/1 ip address 10.1.3.130 255.255.255.128 no shut exit

R1(config)# router bgp 1000 b -id cho R1

R1(config-router)# bgp router-id 1.1.1.1 c neighbors cho R1

R1(config-router)# neighbor 10.1.2.2 remote-as 500

R1(config-router)# neighbor 10.1.3.3 remote-as 300

R1(config-router)# neighbor 10.1.3.130 remote-as 300 d

R1(config-router)# network 192.168.1.0 mask 255.255.255.224 R1(config-router)# network 192.168.1.64 mask 255.255.255.192

R2(config)# router bgp 500 b -id cho R2

R2(config-router)# bgp router-id 2.2.2.2 c

R2(config-router)# neighbor 10.1.2.1 remote-as 1000

R2(config-router)# neighbor 10.2.3.3 remote-as 300 d

R2(config-router)# network 192.168.2.0 mask 255.255.255.224 R2(config-router)# network 192.168.2.64 mask 255.255.255.192

R3(config-router)# bgp router-id 3.3.3.3 c

R3(config-router)# no bgp default ipv4-unicast

Ch bgp default ipv4-unicast c b t m nh trên các IOS R1 và R2 s d ng ch cho phép t i giá tr IPv4 address family prefixes L nh no bgp default ipv4-unicast s t t ch , các bgp neighbors ph i IPv4 address family (AF) b ng cách c u hình th công

L nh BGP network c n ph c thi t l p v i IPv4 AF d

R3(config-router)# neighbor 10.2.3.2 remote-as 500

R3(config-router)# neighbor 10.1.3.1 remote-as 1000

R3(config-router)# neighbor 10.1.3.129 remote-as 1000

Ki m tra m i quan h láng gi ng BGP a

R1# show ip route bgp | begin Gateway

Gateway of last resort is not set

192.168.2.0/24 is variably subnetted, 2 subnets, 2 masks

R2# show ip route bgp | begin Gateway

Gateway of last resort is not set

192.168.1.0/24 is variably subnetted, 2 subnets, 2 masks

R3# show ip route bgp | begin Gateway

Gateway of last resort is not set b established, R2 và R3 là idle)

BGP neighbor is 10.1.2.1, remote AS 1000, external link

BGP version 4, remote router ID 1.1.1.1

BGP state = Established, up for 00:35:34

Last read 00:00:28, last write 00:00:35, hold time is 180, keepalive interval is 60 seconds

1 active, is not multisession capable (disabled)

BGP neighbor is 10.2.3.3, remote AS 300, external link

BGP version 4, remote router ID 0.0.0.0

BGP state = Idle, down for never

0 active, is not multisession capable (disabled)

R3(config-router)# address-family ipv4

R3(config-router-af)# neighbor 10.1.3.1 activate

R3(config-router-af)# neighbor 10.1.3.129 activate

R3(config-router-af)# neighbor 10.2.3.2 activate

R3(config-router-af)# network 192.168.3.0 mask 255.255.255.224 d

R1# show ip route bgp | begin Gateway

Gateway of last resort is not set

192.168.2.0/24 is variably subnetted, 2 subnets, 2 masks

192.168.3.0/24 is variably subnetted, 2 subnets, 2 masks

R2# show ip route bgp | begin Gateway

Gateway of last resort is not set

192.168.1.0/24 is variably subnetted, 2 subnets, 2 masks

192.168.3.0/24 is variably subnetted, 2 subnets, 2 masks

R3# show ip route bgp | begin Gateway

Gateway of last resort is not set

192.168.1.0/24 is variably subnetted, 2 subnets, 2 masks

192.168.2.0/24 is variably subnetted, 2 subnets, 2 masks

R2# show ip bgp neighbors | begin BGP neighbor is 10.2.3.3 BGP neighbor is 10.2.3.3, remote AS 300, external link

BGP version 4, remote router ID 3.3.3.3

BGP state = Established, up for 00:12:16

Last read 00:00:37, last write 00:00:52, hold time is 180, keepalive interval is 60 seconds

1 active, is not multisession capable (disabled)

-configure R1# show running-config | section bgp router bgp 1000 bgp router-id 1.1.1.1 bgp log-neighbor-changes network 192.168.1.0 mask 255.255.255.224 network 192.168.1.64 mask 255.255.255.192 neighbor 10.1.2.2 remote-as 500 neighbor 10.1.3.3 remote-as 300 neighbor 10.1.3.130 remote-as 300

R2# show running-config | section bgp router bgp 500 bgp router-id 2.2.2.2 bgp log-neighbor-changes network 192.168.2.0 mask 255.255.255.224 network 192.168.2.64 mask 255.255.255.192 neighbor 10.1.2.1 remote-as 1000

R3# show running-config | section bgp router bgp 300 bgp log-neighbor-changes no bgp default ipv4-unicast neighbor 10.1.3.1 remote-as 1000 neighbor 10.1.3.129 remote-as 1000 neighbor 10.2.3.2 remote-as 500

! address-family ipv4 network 192.168.3.0 mask 255.255.255.224 network 192.168.3.64 mask 255.255.255.192 neighbor 10.1.3.1 activate neighbor 10.1.3.129 activate neighbor 10.2.3.2 activate exit-address-family

BGP table version is 11, local router ID is 2.2.2.2

Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter, x best-external, a additional-path, c RIB-compressed, t secondary path, L long-lived-stale,

Origin codes: i - IGP, e - EGP, ? - incomplete

RPKI validation codes: V valid, I invalid, N Not found

Network Next Hop Metric LocPrf Weight Path

192.168.1.0/27 a show ip bgp ip-prefix

BGP routing table entry for 192.168.1.0/27, version 14

Paths: (2 available, best #2, table default)

Origin IGP, localpref 100, valid, external rx pathid: 0, tx pathid: 0

Origin IGP, metric 0, localpref 100, valid, external, best rx pathid: 0, tx pathid: 0x0

1 b show ip bgp neighbors trên R2

BGP neighbor is 10.1.2.1, remote AS 1000, external link

BGP version 4, remote router ID 1.1.1.1

BGP state = Established, up for 00:00:51

1 active, is not multisession capable (disabled)

Route refresh: advertised and received(new)

Four-octets ASN Capability: advertised and received

Address family IPv4 Unicast: advertised and received

Enhanced Refresh Capability: advertised and received

Stateful switchover support enabled: NO for session 1

BGP neighbor is 10.2.3.3, remote AS 300, external link

BGP version 4, remote router ID 3.3.3.3

BGP state = Established, up for 16:23:45

Last read 00:00:29, last write 00:00:51, hold time is 180, keepalive interval is 60 seconds

1 active, is not multisession capable (disabled)

Route refresh: advertised and received(new)

Four-octets ASN Capability: advertised and received

Address family IPv4 Unicast: advertised and received

Enhanced Refresh Capability: advertised and received

Stateful switchover support enabled: NO for session 1

Do log neighbor state changes (via global configuration)

Default minimum time between advertisement runs is 30 seconds

C u hình và ki m tra Route Summarization và Atomic Aggregate

192.168.3.0/24 prefix aggregate-address Summary-only address-family ipv4

R1(config-router)# aggregate-address 192.168.1.0 255.255.255.0 summary-only

R3(config-router)# address-family ipv4

R3(config-router-af)# aggregate-address 192.168.3.0 255.255.255.0 summary-only c 2: Ki m tra route summarization dùng atomic aggregate a

R1# show ip route bgp | begin Gateway

Gateway of last resort is not set

192.168.1.0/24 is variably subnetted, 5 subnets, 4 masks

192.168.2.0/24 is variably subnetted, 2 subnets, 2 masks

R2# show ip route bgp | begin Gateway

Gateway of last resort is not set

R3# show ip route bgp | begin Gateway

Gateway of last resort is not set

192.168.2.0/24 is variably subnetted, 2 subnets, 2 masks

192.168.3.0/24 is variably subnetted, 5 subnets, 4 masks

BGP table version is 69, local router ID is 1.1.1.1

Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,

Network Next Hop Metric LocPrf Weight Path

BGP table version is 69, local router ID is 1.1.1.1

Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,

Network Next Hop Metric LocPrf Weight Path s> 192.168.1.0/27 0.0.0.0 0 32768 i

BGP table version is 22, local router ID is 3.3.3.3

Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, r RIB-failure, S Stale, m multipath, b backup-path, f RT-

Filter, x best-external, a additional-path, c RIB-compressed, t secondary path, L long-lived-stale,

Origin codes: i - IGP, e - EGP, ? - incomplete

RPKI validation codes: V valid, I invalid, N Not found

Network Next Hop Metric LocPrf Weight Path

BGP routing table entry for 192.168.1.0/24, version 45

Paths: (2 available, best #2, table default)

Origin IGP, localpref 100, valid, external, atomic-aggregate rx pathid: 0, tx pathid: 0

Origin IGP, metric 0, localpref 100, valid, external, atomic-aggregate, best rx pathid: 0, tx pathid: 0x0

R1(config-router)# no aggregate-address 192.168.1.0 255.255.255.0 summary-only

Routing entry for 192.168.1.0/24, 2 known subnets

R2(config-router)# aggregate-address 192.168.1.0 255.255.255.0 summary-only ute summarization dùngatomic aggregate và AS-Set d

R3# show ip route bgp | begin Gateway

Gateway of last resort is not set

192.168.2.0/24 is variably subnetted, 2 subnets, 2 masks

192.168.3.0/24 is variably subnetted, 5 subnets, 4 masks

Network Next Hop Metric LocPrf Weight Path

R2(config-router)# no aggregate-address 192.168.1.0 255.255.255.0 summary-only R2(config-router)# aggregate-address 192.168.1.0 255.255.255.0 as-set summary-only g

R3# show ip route bgp | begin Gateway

Gateway of last resort is not set

192.168.2.0/24 is variably subnetted, 2 subnets, 2 masks

192.168.3.0/24 is variably subnetted, 5 subnets, 4 masks

Network Next Hop Metric LocPrf Weight Path

R3# show ip bgp 192.168.1.0 | begin Refresh

Origin IGP, metric 0, localpref 100, valid, external, best rx pathid: 0, tx pathid: 0x0 c 1: C c qu ng bá trên R2

C u hình R2 qu ng bá default router t i R1 R2 không nh t thi t ph i có default route riêng (trong m nh tuy n)

R2(config-router)# neighbor 10.1.2.1 default-originate c 2: Ki m tra qu ng bá default route trên R1

R1# show ip route bgp | begin Gateway

Gateway of last resort is 10.1.2.2 to network 0.0.0.0

192.168.2.0/24 is variably subnetted, 2 subnets, 2 masks

B 192.168.3.0/24 [20/0] via 10.1.2.2, 12:41:58 a Ki m tra b nh tuy p nh t default route

Network Next Hop Metric LocPrf Weight Path

ETHERCHANNEL VÀ HSRP

HSRP

ACCESS CONTROL LIST

HÌNH VÀ TRA VTY

R1#(config)# ip access-list standard BRANCH-OFFICE-POLICY

R1(config-std-nacl)# 40 deny any

Standard IP access list BRANCH-OFFICE-POLICY

6.2 C U HÌNH VÀ KI M TRA H N CH K T N I VTY

Device Interface IP Address Subnet Mask Default Gateway

Device Interface IP Address Subnet Mask Default Gateway

-A và PC- a b no ip domain-lookup hostname R1 service password-encryption enable secret class banner motd #

Unauthorized access is strictly prohibited #

Line con 0 password cisco login logging synchronous line vty 0 4 login c d e K f no ip domain-lookup hostname S1 service password-encryption enable secret class banner motd #

Unauthorized access is strictly prohibited #

Line con 0 password cisco login logging synchronous line vty 0 15 password cisco login exit g h i ig vào startup config ta a b -list

R1(config)# ip access-list ? extended Extended Access List helper Access List acts on helper-address log-update Control access list log updates

160 logging Control access list logging resequence Resequence Access List standard Standard Access List c -list standard

R1(config)# ip access-list standard ?

Standard IP access-list number

Standard IP access-list number (expanded range)

WORD Access-list name d Them tên ADMIN- - ta -std-nacl)

R1(config)# ip access-list standard ADMIN-MGT

Standard Access List configuration commands:

Sequence Number default Set a command to its defaults deny Specify packets to reject exit Exit from access-list configuration mode no Negate a command or set its defaults permit Specify packets to forward remark Access list entry comment f -

R1(config-std-nacl)# permit host 192.168.1.3

R1(config-line)# exit lnet a - ta

Pinging 192.168.1.1 with 32 bytes of data:

Reply from 192.168.1.1: bytes2 time=5ms TTLd

Reply from 192.168.1.1: bytes2 time=1ms TTLd

Reply from 192.168.1.1: bytes2 time=1ms TTLd

Reply from 192.168.1.1: bytes2 time=1ms TTLd

Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 1ms, Maximum = 5ms, Average = 2ms

- Phiên telnet có thành công không? g -

Standard IP access list ADMIN-MGT

20 permit 192.168.1.4, wildcard bits 0.0.0.3 (2 matches) ta ta h i - ADMIN-MGT và thêm ACE deny any vào

R1(config)# ip access-list standard ADMIN-MGT

R1(config-std-nacl)# deny any

R1(config-std-nacl)# exit j - tên ADMIN-MGT k - Ta

Standard IP access list ADMIN-MGT

HÌNH VÀ KI TRA EXTENDED ACL

6.3 C U HÌNH VÀ KI M TRA EXTENDED ACL

Device Interface IP Address Subnet Mask Default Gateway R1 G0/0 172.22.34.65 255.255.255.224 N/A

R1(config)# access-list 100 ? deny Specify packets to reject permit Specify packets to forward remark Access list entry comment

R1(config)# access-list 100 permit ? ahp Authentication Header Protocol eigrp Cisco's EIGRP routing protocol esp Encapsulation Security Payload gre Cisco's GRE tunneling icmp Internet Control Message Protocol ospf OSPF routing protocol tcp Transmission Control Protocol udp User Datagram Protocol

R1(config)# access-list 100 permit tcp ?

A.B.C.D Source address any Any source host host A single source host

R1(config)# access-list 100 permit tcp 172.22.34.64 ?

R1(config)# access-list 100 permit tcp 172.22.34.64 0.0.0.31 ?

A.B.C.D Destination address any Any destination host eq Match only packets on a given port number gt Match only packets with a greater port number host A single destination host lt Match only packets with a lower port number neq Match only packets not on a given port number range Match only packets in the range of port numbers

R1(config)# access-list 100 permit tcp 172.22.34.64 0.0.0.31 host

172.22.34.62 ? dscp Match packets with given dscp value eq Match only packets on a given port number established established gt Match only packets with a greater port number lt Match only packets with a lower port number neq Match only packets not on a given port number precedence Match packets with given precedence value range Match only packets in the range of port numbers

R1(config)# access-list 100 permit tcp 172.22.34.64 0.0.0.31 host 172.22.34.62 eq ?

Port number ftp File Transfer Protocol (21) pop3 Post Office Protocol v3 (110) smtp Simple Mail Transport Protocol (25) telnet Telnet (23) www World Wide Web (HTTP, 80)

R1(config)# access-list 100 permit tcp 172.22.34.64 0.0.0.31 host 172.22.34.62 eq ftp

R1(config)# access-list 100 permit icmp 172.22.34.64 0.0.0.31 host 172.22.34.62

10 permit tcp 172.22.34.64 0.0.0.31 host 172.22.34.62 eq ftp

R1(config-if)# ip access-group 100 in

R1(config)# ip access-list ? extended Extended Access List standard Standard Access List

R1(config)# ip access-list extended HTTP_ONLY

R1(config-ext-nacl)# permit tcp 172.22.34.96 ?

R1(config-ext-nacl)# permit tcp 172.22.34.96 0.0.0.15

R1(config-ext-nacl)# permit tcp 172.22.34.96 0.0.0.15 host 172.22.34.62 eq www

R1(config-ext-nacl)# permit icmp 172.22.34.96 0.0.0.15 host 172.22.34.62

10 permit tcp 172.22.34.64 0.0.0.31 host 172.22.34.62 eq ftp

Extended IP access list HTTP_ONLY

10 permit tcp 172.22.34.96 0.0.0.15 host 172.22.34.62 eq www

R1(config-if)# ip access-group HTTP_ONLY in

NAT OVER IPV4

GRE VPN

Ngày đăng: 06/02/2024, 10:01

TỪ KHÓA LIÊN QUAN