HCIE必考题:HUB Spoke实验
HCIE必考的一个lab题,可以添加微信 领取实验压缩包和实验图。(微信号:taige8080)多的不说了,直接上图和配置文件。
太真实了,自己敲过才知道,会错在什么地方。
BGP中:
Ipv4单播邻居跑公网路由
VPNv4 跑穿透路由
Vpnv4 instance和客户CE建立邻居传递私网路由。
VPN-IPv4地址结构
图片
RD(route distinguisher):64bits,用于区分使用相同地址空间的IPv4前缀,增加了RD的IPv4地址称为VPN-IPv4地址(即VPNv4地址)。PE从CE接收到IPv4路由后,转换为全局唯一的VPN-IPv4路,并在公网上发布。
RD的两个功能:
1) 与 32bits 的 Ipv4 前缀一起构成 96bits 的 VPNv4 前缀;
2) 如果不同的 VPN 客户,存在相同的 IPv4 地址空间,那么可以通过设置不同的 RD 值从而保证前缀的唯一性。
• 每一个VRF有一个全局唯一的RD。
• 同一个VPN的不同站点可以配置相同的RD,不同VPN的RD必须唯一。
RT(Route Target):用来区分VPN customer ,是BGP community 的扩展属性,在VRF 中进行配置。它跟在VPNv4 前缀后面被一起传递。一条路由可以附加多个RT 值。
有两类VPN Target属性:
• Export Target:本地PE从直接相连Site学到IPv4路由后,转换为VPN-IPv4路由,并为这些路由设置Export Target属性。Export Target属性作为BGP的扩展团体属性随路由发布。
• Import Target:PE收到其它PE发布的VPN-IPv4路由时,检查其Export Target属性。当此属性与PE上某个VPN实例的Import Target匹配时,PE就把路由加入到该VPN实例中。
在BGP/MPLS IP VPN网络中,通过VPNTarget属性来控制VPN路由信息在各Site之间的发布和接收。VPN Export Target和ImportTarget的设置相互独立,并且都可以设置多个值,能够实现灵活的VPN访问控制,从而实现多种VPN组网方案。
配置文档
R1
#
sysname R1
#
snmp-agent local-engineid 800007DB03000000000000
snmp-agent
#
clock timezone China-Standard-Time minus 08:00:00
#
portal local-server load portalpage.zip
#
drop illegal-mac alarm
#
set cpu-usage threshold 80 restore 75
#
ip vpn-instance A
ipv4-family
route-distinguisher 10:10
vpn-target 10:10 export-extcommunity
#
ip vpn-instance B
ipv4-family
route-distinguisher 11:11
vpn-target 20:20 30:30 import-extcommunity
#
mpls lsr-id 1.1.1.1
mpls
#
mpls ldp
#
#
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password cipher %$%$K8m.Nt84DZ}e#<0`8bmE3Uw}%$%$
local-user admin service-type http
#
firewall zone Local
priority 15
#
interface GigabitEthernet0/0/0
ip address 13.1.1.1 255.255.255.0
mpls
mpls ldp
#
interface GigabitEthernet0/0/1
#
interface GigabitEthernet0/0/1.10
dot1q termination vid 10
ip binding vpn-instance A
ip address 12.1.1.10 255.255.255.0
arp broadcast enable
#
interface GigabitEthernet0/0/1.20
dot1q termination vid 11
ip binding vpn-instance B
ip address 12.1.2.20 255.255.255.0
arp broadcast enable
#
interface GigabitEthernet0/0/2
ip address 14.1.1.1 255.255.255.0
mpls
mpls ldp
#
interface NULL0
#
interface LoopBack0
ip address 1.1.1.1 255.255.255.255
#
bgp 10
router-id 1.1.1.1
undo default ipv4-unicast
peer 3.3.3.3 as-number 10
peer 3.3.3.3 connect-interface LoopBack0
peer 4.4.4.4 as-number 10
peer 4.4.4.4 connect-interface LoopBack0
#
ipv4-family unicast
undo synchronization
undo peer 3.3.3.3 enable
undo peer 4.4.4.4 enable
#
ipv4-family vpnv4
policy vpn-target
peer 3.3.3.3 enable
peer 3.3.3.3 reflect-client
peer 4.4.4.4 enable
peer 4.4.4.4 reflect-client
#
ipv4-family vpn-instance A
peer 12.1.1.11 as-number 65000
#
ipv4-family vpn-instance B
peer 12.1.2.21 as-number 65000
#
ospf 10 router-id 1.1.1.1
area 0.0.0.0
network 1.1.1.1 0.0.0.0
network 13.1.1.1 0.0.0.0
network 14.1.1.1 0.0.0.0
#
user-interface con 0
authentication-mode password
user-interface vty 0 4
user-interface vty 16 20
#
wlan ac
#
Return
R2
#
sysname R2
#
snmp-agent local-engineid 800007DB03000000000000
snmp-agent
#
clock timezone China-Standard-Time minus 08:00:00
#
portal local-server load portalpage.zip
#
drop illegal-mac alarm
#
set cpu-usage threshold 80 restore 75
#
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password cipher %$%$K8m.Nt84DZ}e#<0`8bmE3Uw}%$%$
local-user admin service-type http
#
firewall zone Local
priority 15
#
interface GigabitEthernet0/0/0
#
interface GigabitEthernet0/0/0.10
dot1q termination vid 10
ip address 12.1.1.11 255.255.255.0
arp broadcast enable
#
interface GigabitEthernet0/0/0.20
dot1q termination vid 11
ip address 12.1.2.21 255.255.255.0
arp broadcast enable
#
interface GigabitEthernet0/0/1
#
interface GigabitEthernet0/0/1.20
#
interface GigabitEthernet0/0/2
#
interface NULL0
#
interface LoopBack0
ip address 2.2.2.2 255.255.255.0
#
bgp 65000
router-id 2.2.2.2
peer 12.1.1.10 as-number 10
peer 12.1.2.20 as-number 10
#
ipv4-family unicast
undo synchronization
aggregate 10.0.0.0 255.0.0.0 detail-suppressed
import-route direct
peer 12.1.1.10 enable
peer 12.1.2.20 enable
peer 12.1.2.20 allow-as-loop
#
user-interface con 0
authentication-mode password
user-interface vty 0 4
user-interface vty 16 20
#
wlan ac
#
Return
R3
#
sysname R3
#
snmp-agent local-engineid 800007DB03000000000000
snmp-agent
#
clock timezone China-Standard-Time minus 08:00:00
#
portal local-server load portalpage.zip
#
drop illegal-mac alarm
#
set cpu-usage threshold 80 restore 75
#
ip vpn-instance A
ipv4-family
route-distinguisher 20:20
vpn-target 20:20 export-extcommunity
vpn-target 10:10 import-extcommunity
#
mpls lsr-id 3.3.3.3
mpls
#
mpls ldp
#
#
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password cipher %$%$K8m.Nt84DZ}e#<0`8bmE3Uw}%$%$
local-user admin service-type http
#
firewall zone Local
priority 15
#
interface GigabitEthernet0/0/0
ip address 13.1.1.3 255.255.255.0
mpls
mpls ldp
#
interface GigabitEthernet0/0/1
ip binding vpn-instance A
ip address 35.1.1.3 255.255.255.0
#
interface GigabitEthernet0/0/2
#
interface NULL0
#
interface LoopBack0
ip address 3.3.3.3 255.255.255.255
#
bgp 10
router-id 3.3.3.3
undo default ipv4-unicast
peer 1.1.1.1 as-number 10
peer 1.1.1.1 connect-interface LoopBack0
#
ipv4-family unicast
undo synchronization
undo peer 1.1.1.1 enable
#
ipv4-family vpnv4
policy vpn-target
peer 1.1.1.1 enable
#
ipv4-family vpn-instance A
peer 35.1.1.5 as-number 65000
#
ospf 10 router-id 3.3.3.3
area 0.0.0.0
network 3.3.3.3 0.0.0.0
network 13.1.1.3 0.0.0.0
#
user-interface con 0
authentication-mode password
user-interface vty 0 4
user-interface vty 16 20
#
wlan ac
#
Return
R4
#
sysname R4
#
snmp-agent local-engineid 800007DB03000000000000
snmp-agent
#
clock timezone China-Standard-Time minus 08:00:00
#
portal local-server load portalpage.zip
#
drop illegal-mac alarm
#
set cpu-usage threshold 80 restore 75
#
ip vpn-instance B
ipv4-family
route-distinguisher 30:30
vpn-target 10:10 30:30 export-extcommunity
vpn-target 30:30 10:10 import-extcommunity
#
mpls lsr-id 4.4.4.4
mpls
#
mpls ldp
#
#
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password cipher %$%$K8m.Nt84DZ}e#<0`8bmE3Uw}%$%$
local-user admin service-type http
#
firewall zone Local
priority 15
#
interface GigabitEthernet0/0/0
ip address 14.1.1.4 255.255.255.0
mpls
mpls ldp
#
interface GigabitEthernet0/0/1
ip binding vpn-instance B
ip address 46.1.1.4 255.255.255.0
#
interface GigabitEthernet0/0/2
#
interface NULL0
#
interface LoopBack0
ip address 4.4.4.4 255.255.255.255
#
bgp 10
router-id 4.4.4.4
undo default ipv4-unicast
peer 1.1.1.1 as-number 10
peer 1.1.1.1 connect-interface LoopBack0
#
ipv4-family unicast
undo synchronization
undo peer 1.1.1.1 enable
#
ipv4-family vpnv4
policy vpn-target
peer 1.1.1.1 enable
#
ipv4-family vpn-instance B
peer 46.1.1.6 as-number 65000
#
ospf 10 router-id 4.4.4.4
area 0.0.0.0
network 4.4.4.4 0.0.0.0
network 14.1.1.4 0.0.0.0
#
user-interface con 0
authentication-mode password
user-interface vty 0 4
user-interface vty 16 20
#
wlan ac
#
Return
R5
#
sysname R5
#
snmp-agent local-engineid 800007DB03000000000000
snmp-agent
#
clock timezone China-Standard-Time minus 08:00:00
#
portal local-server load portalpage.zip
#
drop illegal-mac alarm
#
set cpu-usage threshold 80 restore 75
#
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password cipher %$%$K8m.Nt84DZ}e#<0`8bmE3Uw}%$%$
local-user admin service-type http
#
firewall zone Local
priority 15
#
interface GigabitEthernet0/0/0
ip address 35.1.1.5 255.255.255.0
#
interface GigabitEthernet0/0/1
#
interface GigabitEthernet0/0/2
#
interface NULL0
#
interface LoopBack0
ip address 5.5.5.5 255.255.255.255
#
interface LoopBack1
ip address 10.5.5.5 255.255.255.255
#
bgp 65000
router-id 5.5.5.5
peer 35.1.1.3 as-number 10
#
ipv4-family unicast
undo synchronization
import-route direct
peer 35.1.1.3 enable
peer 35.1.1.3 allow-as-loop
#
user-interface con 0
authentication-mode password
user-interface vty 0 4
user-interface vty 16 20
#
wlan ac
#
return
R6
#
sysname R6
#
snmp-agent local-engineid 800007DB03000000000000
snmp-agent
#
clock timezone China-Standard-Time minus 08:00:00
#
portal local-server load portalpage.zip
#
drop illegal-mac alarm
#
set cpu-usage threshold 80 restore 75
#
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password cipher %$%$K8m.Nt84DZ}e#<0`8bmE3Uw}%$%$
local-user admin service-type http
#
firewall zone Local
priority 15
#
interface GigabitEthernet0/0/0
ip address 46.1.1.6 255.255.255.0
#
interface GigabitEthernet0/0/1
#
interface GigabitEthernet0/0/2
#
interface NULL0
#
interface LoopBack0
ip address 6.6.6.6 255.255.255.255
#
bgp 65000
router-id 6.6.6.6
peer 46.1.1.4 as-number 10
#
ipv4-family unicast
undo synchronization
import-route direct
peer 46.1.1.4 enable
peer 46.1.1.4 allow-as-loop
#
user-interface con 0
authentication-mode password
user-interface vty 0 4
user-interface vty 16 20
#
wlan ac
#
return {:6_290:} 辉哥牛逼!!!!
页:
[1]