(1)按照
要求
对教师党员的评价套管和固井爆破片与爆破装置仓库管理基本要求三甲医院都需要复审吗
配置路由器各个端口的IP地址,保证直连链路通。
(2)配置OSPF路由协议,保证OSPF各区域路由正常;
① 将区域2配置成nssa区域;
R2:area 2 nssa no-sunmmary
R4:area 2 nssa
② 区域0需要MD5认证,密码为cisco;区域2需要简单口令认证,密码ccna
R1:
router ospf 1
area 0 authentication message-digest
int s0/0
ip ospf message-digest-key 1 md5 cisco
int e1/0
ip ospf message-digest-key 1 md5 cisco
R2:
router ospf 1
area 0 authentication message-digest
int s0/0
ip ospf message-digest-key 1 md5 cisco
int e1/0
ip ospf message-digest-key 1 md5 cisco
exit
int s0/2
ip ospf authentication
ip ospf authentication-key ccna
R4:
int s0/2
ip ospf authentication
ip ospf authentication-key ccna
③ R1的s0/0的hello interval 设置为5秒,dead-interval设置为20秒
int s0/0
ip ospf hell-interval 5
ip ospf dead-interval 20
④ 控制DR选举,使得R2没有机会成为DR.
R2:
int e1/0
ip ospf priority 0
(3)配置RIP V2路由协议,KEYCHAIN名字为CCIE,路由器R1和R5采用MD5验证,key的ID为1,密码为cisco,路由器R4和R6采用明文验证,密码是cisco。
R1:
router rip
version 2
network 192.15.1.0
network 1.1.1.0
no auto-summary
key chain CCIE
key 1
key-string cisco
exit
int e1/1
ip rip authentication key-chain CCIE
R5:
router rip
version 2
network 5.0.0.0
network 192.15.1.0
no auto-summary
key chain CCIE
key 1
key-string cisco
exit
int e1/0
ip rip authentication key-chain CCIE
R4:
router rip
version 2
network 192.46.1.0
no auto-summary
exit
do sh ip route
key chain CCIE
key 1
key-string cisco
exit
int e1/0
ip rip authentication key-chain CCIE
R6:
router rip
version 2
network 192.46.1.0
network 6.6.6.6
no auto-summary
exit
key chain CCIE
key 1
key-string cisco
exit
int e1/0
ip rip authentication key-chain CCIE
(4)配置EIGRP路由协议,采用MD5验证,KEYCHAIN名字为EI,,key的ID为1,密码为cisco,并且关闭自动汇总。
R2:
key chain EI
key 1
key-string cisco
exit
router eigrp 1
network 192.23.1.2 0.0.0.0
no auto-summary
exit
int s0/1
ip authentication mode eigrp 1 md5
ip authentication key-chain eigrp 1 EI
R3:
router eigrp 1
no auto-summary
network 3.3.3.3 0.0.0.0
network 3.3.64.3 0.0.0.0
network 3.3.65.3 0.0.0.0
network 3.3.66.3 0.0.0.0
network 3.3.67.3 0.0.0.0
network 192.23.1.3 0.0.0.0
no auto-summary
exit
key chain EI
key 1
key-string cisco
exit
int s0/1
ip authentication mode eigrp 1 md5
ip authentication key-chain eigrp 1 EI
(5)R1和R5配置EBGP路由协议,用环回接口做更新源,通告R5的L50和L55。在路由器R1上配置BGP属性,使得:
A: L50的as-path属性追加300 400 500
B: L55的起源为EGP 600
C:L50的local-preference值为2000
R1:
Router bgp 100
bgp router-id 1.1.1.1
no synchronization
neighbor 5.5.5.5 remote-as 500
neighbor 5.5.5.5 ebgp-multihop 255
neighbor 5.5.5.5 update-source Loopback0
neighbor 5.5.5.5 route-map BGP in
exit
access-list 50 permit 50.50.50.0
access-list 55 permit 55.55.55.0
route-map BGP permit 10
match ip address 50
set local-preference 2000
set as-path prepend 300 400 500
!
route-map BGP permit 20
match ip address 55
set origin egp 600
R5:
router bgp 500
no synchronization
bgp router-id 5.5.5.5
bgp log-neighbor-changes
network 50.50.50.0 mask 255.255.255.0
network 55.55.55.0 mask 255.255.255.0
neighbor 1.1.1.1 remote-as 100
neighbor 1.1.1.1 ebgp-multihop 255
neighbor 1.1.1.1 update-source Loopback0
no auto-summary
(6)在R1上向OSPF网络注入一条默认路由,并将OSPF网络重分布到BGP中,为了确保网络的畅通,请在R5上配置一条指向192.15.1.1的默认路由。
R1:
router ospf 1
default-information originate always
router bgp 100
redistribute ospf 1
R5:
ip route 0.0.0.0 0.0.0.0 192.15.1.1
(7)在路由器R2上执行EIGRP和OSPF的双向重分布:
① 将EIGRP路由重分布到OSPF时,用route-map实现,第三位为奇数的路由条目,类型为1,度量值为130,第三位为偶数的路由条目,类型为2,度量值为50,其他路由条目采用默认,不做控制。
② 将OSPF路由重分布到EIGRP。
R2:
access-list 1 permit 3.3.0.0 0.0.254.0
access-list 2 permit 3.3.1.0 0.0.254.0
route-map test permit 10
match ip address 1
set metric 50
exit
route-map test permit 20
match ip address 2
set metric 130
set metric-type type-1
exit
route-map test permit 30
exit
router ospf 1
redistribute eigrp 1 subnets route-map test
exit
router eigrp 1
redistribute ospf 1 metric 100000 100 255 1 1500
exit
(8)在路由器R4上执行RIP和OSPF的双向重分布,RIP重分布到OSPF参数均采用默认,OSPF重分布到RIP中,metric为5。
R4:
router ospf 1
redistribute rip subnets
exit
router rip
redistribute ospf 1 metric 5
exit
(9)将R6配置成DHCP服务器,具体如下:DHCP:网络:172.1.1.0/24 默认网关:172.1.1.1 域名:cisco.com ,地址排除:172.1.1.1-172.1.1.5(不需要测试)。
R6:
ip dhcp excluded-address 172.1.1.1 172.1.1.5
ip dhcp pool test
network 172.1.1.0 255.255.255.0
default-router 172.1.1.1
domain-name cisco.com
(10)配置RIPng 或者OSPFv3协议,保证IPv6路由通。OSPF v3用MD5或者sha1的验证。
R6:
ipv6 router ospf 1
router-id 6.6.6.6
area 0 authentication ipsec spi 2346 sha1 6789
(11)在R1上配置策略路由,使从R5方向来的HTTP数据流走R1的s0/0接口,使从R5方向来的TELNET和FTP数据流走R1的F2/0接口。
R1:
access-list 110 remark HTTP
access-list 110 permit tcp any any eq www
access-list 120 remark FTP and TELNET
access-list 120 permit tcp any any eq telnet
access-list 120 permit tcp any any eq ftp-data
access-list 120 permit tcp any any eq ftp route-map ABC permit 10
match ip address 110
set interface Serial0/0
exit
route-map ABC permit 20
match ip address 120
set interface Ethernet1/0
exit
int e1/1
ip policy route-map ABC