ENARSI Lab Simulation | wenyang blog

type

status

date

slug

1. EIGRP Config

1) no classful routing protocol对应no auto-summary

2）没有EIGRProuters的接口配置成passive-interface

3）在BB上参与EIGRP的接口下配置summary-address

4) 在router eigrp 50下用variance 2激活unequal load balance

2. OSPF Config

1) ospf metric-type 2, 不会增加metric； metric 200 = cost 200

2) show ip ospf neighbor发现R1是DR，R2是BDR

3) 接口下配置ip ospf priority 0会让router变成DROTHER； FULL Neighborship；2WAY Neighborship

4) ABR：ospf进程下，area 10 range 10.10.0.0 255.255.252.0，用掩码

5) ASBR：ospf进程下，summary-address 172.16.0.0 255.255.252.0，用掩码

3. Advanced OSPF Config

1）这里没有要求metric配置多少，就随便配置个50

2）反向配置passive-interface，配置default会让所有端口都是passive，有邻居的会down，用no passive指定端口的方式，仅开放该端口

3）Area 0 MD5：在Area 0每个Router对应的interface下配置（md5不是在ospf下配置）

Area 23 clear-text authentication: ospf area鉴权都是在interface下配置

4）Routers不接收external routes out of OSPF domain = stub，R1 redistribute的static subnets将消失，但是R3的loopback interfaces将不会消失

stub area需要成对配置，不然neighbor会down；配置完之后，route会只有OSPF内的路由，其他路由都通过默认路由出去

5）LSA 3 4 5都不想收到，那么就是totally stub;

By default, the ABR sends summary LSAs (type 3 LSAs) into stub areas. 所以只需要在ABR上配置no-summary

最后一行是A default summary LSA, with a prefix of 0.0.0.0/0 is originated into the stub area by an ABR, so that devices in the area can forward all traffic for which a specific route is not known, via ABR.

6）Area 78没有与area 0直接相连，所以需要打通area 67

We configure the virtual link between ABRs and we use the area virtual-link command. First, you need to specify the area where we need the virtual link which is area 67 in my example. The second step is to configure the OSPF router ID of the other ABR. Keep this in mind…you need to configure the OSPF router ID and NOT the IP address of the ABR. If everything is OK area 78 will be directly connected to area 0 through our virtual link

4. Basic Redistribute Config

1) OSPF, unlike EIGRP, doesn't support automatic summarization. 所以，只需要给eigrp配置no auto-summary

2）在R2上配置redistribute，在R1和R3上检查是否引入了对方的loopback路由，不增加metric means metric-type = 2

3）在R2上配置distribute-list filter：不想R1 EIGRP引入的某些网段被R3看见，在R2的OSPF OUT方向过滤

4）在R2上配置，EIGRP下配置route-map，过滤掉引入ospf时候的/30网段

5. Advanced Redistribute Config

这个图里原来EIGRP和OSPF标识应该要互换一下，不然要求2和3与图不符。

1）Config EIGRP and OSPF：R1配ospf，R4配eigrp，R2，R3都配；

LANs behind R4全部配置进R4的network

2&3）R2和R3都配；

配route-map EIGRP_TO_OSPF，匹配不同access-list，set不同的metric和tag

配route-map OSPF_TO_EIRGP，不配access-list，set attributes和tag

6. Policy Based Routing

config on the Router, config ip access-list extended, config route-map, implement on the inbound interface

7. BGP Neighbors Config

1) R4 and R5 neighbor without Loopback, 最简单的ebgp neighbor配置

注意：OSPF和EIGRP的Network Statement用Wild Mask；BGP用subnet mask

1）R4 and R5 neighbor with loopback,需要用ebgp-multihop命令（eBGP要用ebgp-multihop）

2）R1-R4 neighbor：先用OSPF做到互联，ospf，network（iGBP要用update-source）

8. BGP Attributes

1）配置涉及access-list，route-map，local preference

2）配置要在R2和R3上对等着做

3）The BGP preference has to be set inbound on routes being received to influence the outbound routing behaviour.

9. Multi Layer Switch

Switch are default a Layer 2 Switch, and different vlans are isolated

1) Assign VLANs to switch ports

2) Turn Layer 2 switch to Layer 3 switch

3）Assign IP address to Vlanif as gateway

13. DHCP Snooping config

A trusted port is a port or source whose DHCP server messages are trusted. An untrusted port is a port from which DHCP server messages are not trusted.

If the DHCP Snooping is initiated, the DHCP offer message can only be sent through the trusted port. Otherwise, it will be dropped

Specifies the number of DHCP packets received per second on the interface. If the number exceeds the specified value, system will drop the excessive DHCP packets. The value range is 0 to 10000. The default value is 0, i.e., no rate limit.

467. VRF-Lite Config

考点位于Layer 3 Technologies• 1.7 Configure and verify VRF-Lite； When VRFs are used without MPLS it is classed as VRF-lite.

1）config vrf-lite,由于我们的vrf是用于ipv4（address-family ipv4 vrf GREEN），而不是vpnv4（需要对应MPLS的RT配置），所以这里配置的rd只对R1自身有意义

2）接口配置：ip vrf forwarding Green

3）BGP配置；重点在于在address-family ipv4 vrf Green下进行配置neighbor和引入路由

471. OSPF authentication,DR priority, E1(add cost), network statement not allowed

图里信息不全，猜测：

1）inter-area links应该指的是area 0到area 1的links，也就是R1-R4，R3-R5的links，在对接的接口下分别配置ospf md5 authentication

2）R3对接R2的E0/1接口配置成priority 255

3）似乎什么都不需要做，因为ospf选路先看path类型，intra-area本来就优于inter-area。

OSPF will first look at the “type of path” to make a decision and, secondly look at the metric. This is the preferred path list that OSPF uses:

Intra-Area (O)

Inter-Area (O IA)

External Type 1 (E1)

NSSA Type 1 (N1)

External Type 2 (E2)

NSSA Type 2 (N2)

Path选完之后，会根据cost来选路；如果有需要通过接口下cost来控制路径；但是题目要求不要改

4）要求1，引入路有时候add link cost，也就是metric type 1；要求2，不要用network statement引入网络，也就是在接口下配置ospf area

473. DMVPN

A DMVPN network is preconfigured with tunnel 0 IP address 192.168.1.254 on the HUB, IP connectivity, crypto policies, profiles, and EIGRP AS 100. The NHRP password is cсnp123, and the network ID and tunnel key is EIGRP ASN. Do not introduce a static route. Configure DMVPN connectivity between routers BR1 and BR2 to the HUB router using physical interface as the tunnel source to achieve these goals:

1）Configure NHRP authentication, static IP-to-NBMA address maps, hold time 5 minutes, network ID, and server on branch router BR1 and BR2

2）Config Spoke-to-spoke communication

3）Ensure that packet fragmentation is done before encryption to account for GRE and IPsec header and allow a maximum TCP segment size of 1360 on an IP MTU of 1400 on the tunnel interfaces of both branch routers.

4）Apply an IPsec profile to the tunnel. Verify that direct spoke-to-spoke tunnel is functional between branch routers BR1 and BR2 by using traceroute to Ethernet 0/0 IP address to get a full score

5）BR1和BR2完整配置：

6）低层网络限制

如果使用OSPF，要注意HUB和Spoke的Tunnel接口都要修改OSPF的网络类型为P2MP。对于有一个多Spoke的DMVPN网络来说，如果不修改网络类型，会导致OSPF邻居翻滚。

如果使用EIGRP，要注意关闭HUB的水平分割，不然对于多Spoke的DMVPN网络环境来说，一个Spoke无法学到其他Spoke的路由。

480. SNMP and Service Log

1）The locally generated logs should have sequence number, date and time

2） The SNMP traps related to OSPF and participating interface state changes utilizing RFC1253-MIB OSPFv2 should be sent to SNMP server

3）其他知识点：Cisco routers log messages can handle in five different ways:

Console logging: By default, the router sends all log messages to its console port. Hence only the users that are physically connected to the router console port can view these messages.

Terminal logging: It is similar to console logging, but it displays log messages to the router's VTY lines instead. This is not enabled by default.

Buffered logging:This type of logging uses router's RAM for storing log messages. buffer has a fixed size to ensure that the log will not deplete valuable system memory. The router accomplishes this by deleting old messages from the buffer as new messages are added.

Syslog Server logging:The router can use syslog to forward log messages to external syslog servers for storage. This is considered to be the best practice as there is no loss of data (huge storage capacities) and there is no overload on the router or switch as in the case of buffered logging. A syslog server also provides for centralized logging for all network devices.

SNMP trap logging:The router can send syslog message to an external SNMP server. This is accomplished using SNMP trap.

495

496