RA#show ip eigrp neighbor RA#show ip eigrp topology RA#show ip route *Check the auto summarization of your loopback networks in your neighbor ’s routing table by telnetting on their WAN
Trang 2INDEX
EIGRP -1
OSPF - 4
ISIS - 10
REDISTRIBUTION -14
BGP -19
MULTICASTING -29
IPv6 - 30
ADSL - 34
VPN -36
IDS/IPS -39
FIREWALL - -40
AAA, SYSLOG, SNMP -41
MPLS - 43
VLAN- -46
STP -49
Advanced STP -51
INTERVLAN ROUTING -53
HSRP -57
GLBP -59
SWITCH SECURITY - -61
VOIP -64
QOS -67
WLAN - 69
Trang 4Important Notes
How to telnet (for ZOOM CCNP Lab only)
1 First make sure your IP address matches the one on the label on your monitor If
different, please change it to the correct address
2 Telnet to the Access-server IP address 192.168.0.1
3 In case you are using router number is ‘A’ , where ‘A’ can be value from 1 to 16, in the access-server enter the following command For example, when using the first router the command must look like this
During the configuration in few of the labs, you might encounter ip addresses with the value
‘X’ in it You will have to replace ‘X’ with a number according to the router you will be configuring These are the values for X for the following routers
Trang 6RA#show ip eigrp neighbor
RA#show ip eigrp topology
RA#show ip route
*Check the auto summarization of your loopback networks in your neighbor ’s
routing table by telnetting on their WAN IP All the Loopback interfaces networks appear as one network with the default class-full subnet mask
Calculate the summarized network ID manually and advertise it on all the interfaces of the router as follows
Router (config)#interface serial 0/1/0
Router (config-if)#ip summary-address eigrp 65000 10.X.0.0 255.255.252.0
Router (config)#interface serial 0/1/1
Router (config-if)#ip summary-address eigrp 65000 10.X.0.0 255.255.252.0
Router (config-if)#interface serial 0/2/0
Router (config-if)#ip summary-address eigrp 65000 10.X.0.0 255.255.252.0
Trang 7*Chec k the output in neighbor’s routing table to find the summarized address with
the customized subnet mask that you advertised
have to enable variance This can be configured only on the routers with feasible
successors available in the topology table
RA1#show ip eigrp neighbor
RA1(config)#key chain zoom
RA1(config-if)#ip authentication mode eigrp 65000 md5
RA1(config-if)#ip authentication key-chain eigrp 65000 zoom
RA2(config-if)#ip authentication mode eigrp 65000 md5
RA2(config-if)#ip authentication key-chain eigrp 65000 ccnp
RA2(config-if)#end
RA1#show ip eigrp neighbor
Trang 8OSPF
*Configure all the routers in OSPF area 0 Shown below are the different possible ways of advertising the directly connected networks in the OSPF process You may use any of the following methods to advertise your connected networks
RA1(config)#router ospf 1
RA1(config-router)#network 192.168.X.16 0.0.0.15 area 0
RA1(config-router)#network 192.168.X.80 0.0.0.3 area 0
RA1(config-router)#network 192.168.X.92 0.0.0.3 area 0
RA1(config-router)#network 172.16.1.Y 0.0.0.3 area 0
RA1(config-router)#end
RA2#conf t
RA2(config)#router ospf 2
RA2(config-router)#net 192.168.X.0 0.0.0.255 area 0
RA2(config-router)#end
RA3(config)#router ospf 3
RA3(config-router)#net 0.0.0.0 255.255.255.255 area 0
RA3(config-router)#end
RA4(config)#router ospf 4
RA4(config-router)#net 192.168.X.0 0.0.0.255 area 0
RA4(config-router)#end
RA#show ip protocol
RA#show ip ospf neighbor
RA#show ip ospf database
RA#show ip route
Trang 9DR and BDR Election
*Remove any previous routing configuration and configure all router s’ Ethernet
interface ip addresses in the same network as shown in the diagram and advertise the networks in OSPF area 0
Trang 10*Use the show ip ospf neighbor command to find the DR and BDR in the neighbor table In case of the wrong routers elected as the DR and BDR, restart the election process; clear the OSPF process on all the routers at the same time
RA3#clear ip ospf process
Reset ALL OSPF processes? [no]: y
RA4#show ip ospf neighbor
RA2(config-if)#ip ospf message-digest-key 1 md5 zoom123
*Verify by checking the routing table to see from which routers you receive
updates
RA1#show ip route
RA2#show ip route
Trang 11OSPF - II
*Configure Routers into Multi Area OSPF as per given diagram Routers on the border of two areas have different interfaces configured in different areas Take care to advertise the proper interfaces (networks) in the right areas.
Trang 12RA#show ip ospf neighbor
RA#show ip ospf database
RA#show ip ospf border-routers
RA1(config-router)#redistribute eigrp 100 subnets
*Check the output in neighbor router to find OSPF external routes labeled as E 2
RA2#show ip route
*Redistributed routes have a default metric Use the following commands to
change the seed-metric of the redistributed routes and check the output in the
Trang 13*Configuration of manual summarization of routes originated by redistribution of RIP & EIGRP, on the ASBR
RA3(config)#router ospf 1
RA3(config-router)#summary-address 30.X.0.0 255.255.252.0
RA2#show ip route
*We can configure Area 20 as a Stub area , since it doesn’t have any ASBR in it
and has only one exit point in the AS ALL the routers in the stub area must be configured with this configuration Check the routing table to find only ‘O’ and ‘O
IA’ routes and no ‘O E2’ routes Verify by checking the routing table before and
*Configure Area 20, now as a Totally Stubby area Check the routing table to
find only ‘O’ routes and no ‘O IA’ and ‘O E2’ routes
RA1(config)#router ospf 1
RA1(config-router)#area 20 stub no-summary
After configuration check the routing table again
RA4#show ip route
* Since Area 10 has an ASBR in it, it can’t be configured as a stub, but can be
configured as a Not-So-Stubby-Area (NSSA) Configure Area 10 as a NSSA using
the following commands Check the routing table to find on ly ‘O’ and ‘O IA’ routes and no ‘O E2’ routes Verify by checking the routing table before and after
*Configure Area 10, now as a Totally NSSA Check the routing table to find only
‘O’ routes and no ‘O IA’ and ‘O E2’ routes
RA2(config)#router ospf 2
RA2(config-router)#area 10 nssa no-summary
*After configuration check the routing table again
Trang 14ISIS
SINGLE AREA IS-IS
*Configure ISIS routing protocol as per give diagram by first assigning the CLNS address to each router and making sure all of them are in the same area Next, on the interface-configuration mode of each interface that you wish to advertise, execute the ‘ip router isis’ command
Trang 15RA2(config-if)#ip router isis
RA4#sh isis database
RA4#sh isis topology
RA4#sh ip route
Trang 16CONFIGURING MULTIPLE AREA ISIS
*Configure ISIS routing protocol as per give diagram by first assigning the CLNS address to each router and making sure all of them are in their respective areas Then configure the is-type level of the router Next, on the interface- configuration mode of each interface that you wish to advertise, execute the ‘ip router isis’command
RA1(config)#no router isis
Trang 17RA3(config)#no router isis
RA4#sh isis database
RA4#sh isis topology
RA4#sh ip route
*Configure manual summarization of the internal networks of an area, on the
border router of that particular area This summarized route is injected to the other areas by the Level-2 router (border router)
Trang 19RA1(config)#router eigrp 20
RA1(config-router)#redistribute isis level-1 metric 1544 2000 255 1 1500
RA1(config-router)#redistribute connected metric 1544 2000 255 1 1500
*Use the redistribute command to inject eigrp routes into rip with seed metric
in hop coun ts taking care that the final hop count doesn’t cross ‘15’
RA2(config)#router rip
RA2(config-router)#redistribute eigrp 20 metric 13
*Use the redistribute command to inject rip routes into eigrp with some seed
metric which includes values for bandwidth, delay, reliability, load and MTU
RA2(config)#router eigrp 20
RA2(config-router)#redistribute rip metric 1544 2000 255 1 1500
*Use the redistribute command to inject ospf routes into rip with some seed metric in hop counts taking care that the final hop count doesn’t cross ‘15’
RA3(config)#router rip
RA3(config-router)#redistribute ospf 3 metric 5
*Use the redistribute command to inject rip routes into ospf with some seed
metric in link cost taking care that the final hop count doesn’t cross ‘15’
RA3(config)#router ospf 3
RA3(config-router)#redistribute rip subnets metric 50 metric-type 1
*Check by pinging successfully from router RA4 to the core.
Trang 21CONFIGURING THE ROUTE-MAP FOR FILTERING REDISTRIUTED ROUTES
*All the routes redistributed from RIP to OSPF are injected with the same default metric This can be changed according to our necessity and individual routes can
be assigned different metrics using route-map
*Creating access-lists to define the selected networks
Trang 22RA3(config)#route-map zoom permit 50
RA3(config-router)#redistribute rip route-map zoom subnets
*Check the output in RA4 to find different routes with different metrics as specified in the diagram
RA1#show ip route
Trang 23*Configure all the routers in the same BGP autonomous system Create a mesh topology by mentioning every other router, including those not directly connected, with the ‘ neighbor’ statement
Trang 24*Verify the configuration using the following show commands
Router #show ip protocol
Router #show ip bgp summary
Router #show ip bgp neighbor
Router #show ip bgp
Router #show ip route
*Enable synchronization in one router and check the output on the same router
You will find that the router doesn’t have Internal BGP routes anymore
Trang 25VERIFYING SPLIT-HORIZON
*To verify the problem of split-horizon, configure the lab as per the above diagram Remove the previous instance of bgp and configure bgp freshly as shown Take care not to configure bgp on RA3
Router #show ip bgp
Router #show ip route
*The Solution to this Split-Horizon problem is to configure Route-Reflector as defined in the next page
Trang 26CONFIGURING ROUTE-REFLECTOR CLIENT
*Note: Continue configuration from above steps
*By configuring the following, RA1 becomes the route-reflector-server and it
‘reflects’ the routes coming from one interface out the other interface, hence
solving the problem of split-horizon
RA1(config)#router bgp 6500X
RA1(config-router)#neighbor 192.168.X.93 route-reflector-client
RA1(config-router)#neighbor 192.168.X.82 route-reflector-client
RA1(config-router)#end
*Ch eck output in all three router to find that RA2 and RA4 now have each other’s
routes in their routing table
Router #show ip bgp
Router #show ip route
R.R Server
Trang 29Step 4: CONFIGURING LOCAL-PREFERENCE
*Creating Route-maps to set local-preference values for specific routes in order
to define which path the router must use to exit the AS
*Note: Continue from above configuration
*Create access lists to define the mentioned networks
Trang 30*Implement the route-map by defining one route-map for each neighbor in the appropriate direction
RA1(config)#router bgp 65000
RA1(config-router)#neighbor 192.168.X.82 route-map R1toR2 in
RA1(config-router)#neighbor 192.168.X.93 route-map R1toR4 in
*Clear the bgp route updates from the two neighboring BGP routers
Trang 31CONFIGURING MED
*Remove the previous configuration of BGP and configure the above given
topology RA1 belongs to AS 65001 whereas routers RA2, RA3 and RA4 are in AS 650X5 Make sure you configure RA2 and RA4 as route-reflector-clients and RA3
Trang 33Step 3: Change the IP address and gateway of the client PCs to allow them to be
in the LAN of the configured router Make sure the switch to which the multicast server is connected is isolated from the rest of the LAN
Step 4: Start the multicast client software and enter the appropriate server IP
address and file location to start receiving the multicast
Trang 34*Check the output of configuration in the entire three routes
router#sh ipv6 route
Trang 35*After the interfaces are configured with IPv6 addresses, configure OSPF v3 routing on all the routers
RA1(config)#ipv6 router ospf 1
*Check the output in the entire three routes
R# show ipv6 protocol
R# show ipv6 ospf
R# show ipv6 ospf neighbor
R# show ipv6 ospf database
R# show ipv6 route
Trang 36IP6 to IP4 tunnel
*Configuring a IPv6 tunnel over an IPv4 tunnel The network in between the two routers is an IPv4 network and is unaware of IPv6
*Clear both IPv4 and IPv6 routing on the routers
RA2(config-if)#ipv6 address 2001:X:A::1/64
RA2(config-if)#tunnel mode ipv6ip
RA4(config-if)#ipv6 address 2001:X:A::2/64
RA4(config-if)#tunnel mode ipv6ip
Trang 37Configuration of IPv6-v4 auto tunnel
*Configure IPv6-v4 auto tunnel over an IPv4 network The destination end of the tunnel is not mentioned in this configuration Both routers find each other and create a tunnel with the help of the static route and the Ipv6 auto tunnel configuration
RA2(config)#no ipv6 unicast-routing
RA2(config)#ipv6 unicast-routing
RA2(config)#int tunnel 10
RA2(config-if)#ipv6 add 2002:C0A8:0X55::1/64
RA2(config-if)#tunnel mode ipv6ip 6to4
RA2(config-if)#tunnel source serial 0
RA2(config-if)#exit
RA2(config)#ip route 0.0.0.0 0.0.0.0 s 0
RA2(config)#ipv6 route 2002::/16 tunnel 10
RA2(config)#ipv6 route 2001:X:5::/64 2002:C0A8:0X5A::1
RA2(config)#end
RA4(config)#no ipv6 unicast-routing
RA4(config)#ipv6 unicast-routing
RA4(config)#int tunnel 15
RA4(config-if)#ipv6 add 2002:C0A8:0X5A::1/64
RA4(config-if)#tunnel mode ipv6ip 6to4
RA4(config-if)#tunnel source s 1
RA4(config-if)#exit
RA4(config)#ip route 0.0.0.0 0.0.0.0 s 1
RA4(config)#ipv6 route 2002::/16 tunnel 15
RA4(config)#ipv6 route 2001:X:1::/64 2002:C0A8:0X55::1
Trang 38ADSL ROUTER Configuration
*Configure physical WAN interface (ATM 0 in our case) with PPPoE or PPPoA
and map it with logical dialer interface using the dial-pool- number which we’ll
configure further below
adslrouter(config)#interface dialer 0
adslrouter(config-if)#ip address negotiated
adslrouter(config-if)#encapsulation ppp
adslrouter(config-if)#ppp authentication pap chap callin
adslrouter(config-if)#ppp pap sent-username *** password ***
adslrouter(config-if)#ppp chap hostname ***
adslrouter(config-if)#ppp chap password ***
adslrouter(config-if)#ip mtu 1492
adslrouter(config-if)#dialer pool 1
adslrouter(config-if)#exit
*Configure static default route for internet towards interface dialer 0
adslrouter(config)#ip route 0.0.0.0 0.0.0.0 dialer 0
*Configure NAT/PAT with the VLAN interface configured as ‘nat inside’ interface and the dialer interface as the ‘nat outside’ interface
Trang 39*Verification
Verify the configuration by checking the routing table and the interface status of the dialer The configuration is successful if you obtain a public address from the service provider
show ip route
show ip int brief
show interface atm 0
show interface dialer 10
show dsl interface atm 0