概要

企業の社内ネットワークを構築する総合的な演習です。以下の技術を組み合わせて企業の3つの拠点を相互接続します。拠点間の接続は広域イーサネットをプライマリとして、インターネットVPN(IPSec VTI)をバックアップにします。

  • VLAN
  • SVI/ルーテッドポート(レイヤ3スイッチ)
  • OSPF
  • HSRP
  • BGP
  • NAT
  • IPSec-VPN(VTI)

Part6は、インターネットVPN(IPSec VTI)で拠点間を接続します。

Part1:拠点1の構築
Part2:拠点2/拠点3の構築
Part3:広域イーサネットの接続
Part4:インターネット(AS1/AS2)の構築
Part5:インターネットへの接続
Part6:インターネットVPNの構築

ネットワーク構成

拠点1物理構成

拠点1論理構成

拠点2/拠点3物理構成

拠点2/拠点3論理構成

インターネット物理/論理構成

インターネットVPN

初期設定

「[演習] 企業ネットワーク構築演習 Part5:インターネットへの接続」が完了した状態から開始します。

ASW11 Initial Configuration(Click)

!

!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
no service dhcp
!
hostname ASW11
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
memory-size iomem 5
no ip routing
no ip icmp rate-limit unreachable
no ip cef
!
!
!
!
no ip domain lookup
!
multilink bundle-name authenticated
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
vtp file nvram:vlan.dat
archive
 log config
  hidekeys
! 
!
!
!
ip tcp synwait-time 5
!
!
!
!
interface FastEthernet0/0
 description *** Unused for Layer2 EtherSwitch ***
 no ip address
 no ip route-cache
 shutdown
 duplex auto
 speed auto
!
interface FastEthernet0/1
 description *** Unused for Layer2 EtherSwitch ***
 no ip address
 no ip route-cache
 shutdown
 duplex auto
 speed auto
!
interface FastEthernet1/0
 duplex full
 speed 100
!
interface FastEthernet1/1
 switchport access vlan 11
 duplex full
 speed 100
 spanning-tree portfast
!
interface FastEthernet1/2
 switchport access vlan 12
 duplex full
 speed 100
 spanning-tree portfast
!
interface FastEthernet1/3
 duplex full
 speed 100
!
interface FastEthernet1/4
 duplex full
 speed 100
!
interface FastEthernet1/5
 duplex full
 speed 100
!
interface FastEthernet1/6
 duplex full
 speed 100
!
interface FastEthernet1/7
 duplex full
 speed 100
!
interface FastEthernet1/8
 switchport mode trunk
 duplex full
 speed 100
!
interface FastEthernet1/9
 switchport mode trunk
 duplex full
 speed 100
!
interface FastEthernet1/10
 duplex full
 speed 100
!
interface FastEthernet1/11
 duplex full
 speed 100
!
interface FastEthernet1/12
 duplex full
 speed 100
!
interface FastEthernet1/13
 duplex full
 speed 100
!
interface FastEthernet1/14
 duplex full
 speed 100
!
interface FastEthernet1/15
 duplex full
 speed 100
!
interface Vlan1
 no ip address
 no ip route-cache
 shutdown
!
ip forward-protocol nd
!
!
no ip http server
no ip http secure-server
!
no cdp log mismatch duplex
!
!
!
!
!
!
control-plane
!
!
!
!
!
!
!
!
!
!
line con 0
 exec-timeout 0 0
 privilege level 15
 logging synchronous
line aux 0
 exec-timeout 0 0
 privilege level 15
 logging synchronous
line vty 0 4
 login
!
!
end

ASW21 Initial Configuration(Click)

!

!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
no service dhcp
!
hostname ASW21
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
memory-size iomem 5
no ip routing
no ip icmp rate-limit unreachable
no ip cef
!
!
!
!
no ip domain lookup
!
multilink bundle-name authenticated
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
vtp file nvram:vlan.dat
archive
 log config
  hidekeys
! 
!
!
!
ip tcp synwait-time 5
!
!
!
!
interface FastEthernet0/0
 description *** Unused for Layer2 EtherSwitch ***
 no ip address
 no ip route-cache
 shutdown
 duplex auto
 speed auto
!
interface FastEthernet0/1
 description *** Unused for Layer2 EtherSwitch ***
 no ip address
 no ip route-cache
 shutdown
 duplex auto
 speed auto
!
interface FastEthernet1/0
 duplex full
 speed 100
!
interface FastEthernet1/1
 switchport access vlan 21
 duplex full
 speed 100
 spanning-tree portfast
!
interface FastEthernet1/2
 duplex full
 speed 100
!
interface FastEthernet1/3
 duplex full
 speed 100
!
interface FastEthernet1/4
 duplex full
 speed 100
!
interface FastEthernet1/5
 duplex full
 speed 100
!
interface FastEthernet1/6
 duplex full
 speed 100
!
interface FastEthernet1/7
 duplex full
 speed 100
!
interface FastEthernet1/8
 switchport mode trunk
 duplex full
 speed 100
!
interface FastEthernet1/9
 duplex full
 speed 100
!
interface FastEthernet1/10
 duplex full
 speed 100
!
interface FastEthernet1/11
 duplex full
 speed 100
!
interface FastEthernet1/12
 duplex full
 speed 100
!
interface FastEthernet1/13
 duplex full
 speed 100
!
interface FastEthernet1/14
 duplex full
 speed 100
!
interface FastEthernet1/15
 duplex full
 speed 100
!
interface Vlan1
 no ip address
 no ip route-cache
 shutdown
!
ip forward-protocol nd
!
!
no ip http server
no ip http secure-server
!
no cdp log mismatch duplex
!
!
!
!
!
!
control-plane
!
!
!
!
!
!
!
!
!
!
line con 0
 exec-timeout 0 0
 privilege level 15
 logging synchronous
line aux 0
 exec-timeout 0 0
 privilege level 15
 logging synchronous
line vty 0 4
 login
!
!
end

BBSW Initial Configuration(Click)

!

!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
no service dhcp
!
hostname BBSW
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
memory-size iomem 5
no ip icmp rate-limit unreachable
ip cef
!
!
!
!
no ip domain lookup
!
multilink bundle-name authenticated
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
vtp file nvram:vlan.dat
archive
 log config
  hidekeys
! 
!
!
vlan internal allocation policy ascending
!
ip tcp synwait-time 5
!
!
!
!
interface FastEthernet0/0
 description *** Unused for Layer2 EtherSwitch ***
 no ip address
 shutdown
 duplex auto
 speed auto
!
interface FastEthernet0/1
 description *** Unused for Layer2 EtherSwitch ***
 no ip address
 shutdown
 duplex auto
 speed auto
!
interface FastEthernet1/0
 duplex full
 speed 100
!
interface FastEthernet1/1
 no switchport
 ip address 10.1.0.1 255.255.255.252
 duplex full
 speed 100
!
interface FastEthernet1/2
 no switchport
 ip address 10.1.0.5 255.255.255.252
 duplex full
 speed 100
!
interface FastEthernet1/3
 switchport access vlan 100
 duplex full
 speed 100
!
interface FastEthernet1/4
 no switchport
 ip address 10.1.0.9 255.255.255.252
 duplex full
 speed 100
!
interface FastEthernet1/5
 duplex full
 speed 100
!
interface FastEthernet1/6
 duplex full
 speed 100
!
interface FastEthernet1/7
 duplex full
 speed 100
!
interface FastEthernet1/8
 duplex full
 speed 100
!
interface FastEthernet1/9
 duplex full
 speed 100
!
interface FastEthernet1/10
 duplex full
 speed 100
!
interface FastEthernet1/11
 no switchport
 ip address 10.1.0.13 255.255.255.252
 duplex full
 speed 100
!
interface FastEthernet1/12
 no switchport
 ip address 10.1.0.17 255.255.255.252
 duplex full
 speed 100
!
interface FastEthernet1/13
 no switchport
 ip address 10.1.0.21 255.255.255.252
 duplex full
 speed 100
!
interface FastEthernet1/14
 duplex full
 speed 100
!
interface FastEthernet1/15
 duplex full
 speed 100
!
interface Vlan1
 no ip address
 shutdown
!
interface Vlan100
 ip address 10.1.100.251 255.255.255.0
!
router ospf 1
 router-id 100.100.100.100
 log-adjacency-changes
 network 10.1.0.0 0.0.255.255 area 1
!
ip forward-protocol nd
!
!
no ip http server
no ip http secure-server
!
no cdp log mismatch duplex
!
!
!
!
!
!
control-plane
!
!
!
!
!
!
!
!
!
!
line con 0
 exec-timeout 0 0
 privilege level 15
 logging synchronous
line aux 0
 exec-timeout 0 0
 privilege level 15
 logging synchronous
line vty 0 4
 login
!
!
end

DSW11 Initial Configuration(Click)

!

!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
no service dhcp
!
hostname DSW11
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
memory-size iomem 5
no ip icmp rate-limit unreachable
ip cef
!
!
!
!
no ip domain lookup
!
multilink bundle-name authenticated
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
vtp file nvram:vlan.dat
archive
 log config
  hidekeys
! 
!
!
vlan internal allocation policy ascending
!
ip tcp synwait-time 5
!
!
!
!
!
interface Port-channel1
!
interface FastEthernet0/0
 description *** Unused for Layer2 EtherSwitch ***
 no ip address
 shutdown
 duplex auto
 speed auto
!
interface FastEthernet0/1
 description *** Unused for Layer2 EtherSwitch ***
 no ip address
 shutdown
 duplex auto
 speed auto
!
interface FastEthernet1/0
 duplex full
 speed 100
!
interface FastEthernet1/1
 no switchport
 ip address 10.1.0.2 255.255.255.252
 duplex full
 speed 100
!
interface FastEthernet1/2
 duplex full
 speed 100
!
interface FastEthernet1/3
 duplex full
 speed 100
!
interface FastEthernet1/4
 duplex full
 speed 100
!
interface FastEthernet1/5
 duplex full
 speed 100
!
interface FastEthernet1/6
 duplex full
 speed 100
!
interface FastEthernet1/7
 duplex full
 speed 100
!
interface FastEthernet1/8
 switchport mode trunk
 duplex full
 speed 100
!
interface FastEthernet1/9
 duplex full
 speed 100
!
interface FastEthernet1/10
 duplex full
 speed 100
!
interface FastEthernet1/11
 duplex full
 speed 100
!
interface FastEthernet1/12
 duplex full
 speed 100
!
interface FastEthernet1/13
 duplex full
 speed 100
!
interface FastEthernet1/14
 duplex full
 speed 100
!
interface FastEthernet1/15
 duplex full
 speed 100
!
interface Vlan1
 no ip address
 shutdown
!
interface Vlan11
 ip address 10.1.11.251 255.255.255.0
 standby 11 ip 10.1.11.250
 standby 11 priority 110
 standby 11 preempt
 standby 11 track FastEthernet1/1 20
!
interface Vlan12
 ip address 10.1.12.251 255.255.255.0
 standby 12 ip 10.1.12.250
 standby 12 preempt
!
router ospf 1
 router-id 11.11.11.11
 log-adjacency-changes
 network 10.1.0.0 0.0.255.255 area 1
!
ip forward-protocol nd
!
!
no ip http server
no ip http secure-server
!
no cdp log mismatch duplex
!
!
!
!
!
!
control-plane
!
!
!
!
!
!
!
!
!
!
line con 0
 exec-timeout 0 0
 privilege level 15
 logging synchronous
line aux 0
 exec-timeout 0 0
 privilege level 15
 logging synchronous
line vty 0 4
 login
!
!
end

DSW12 Initial Configuration(Click)

!

!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
no service dhcp
!
hostname DSW12
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
memory-size iomem 5
no ip icmp rate-limit unreachable
ip cef
!
!
!
!
no ip domain lookup
!
multilink bundle-name authenticated
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
vtp file nvram:vlan.dat
archive
 log config
  hidekeys
! 
!
!
vlan internal allocation policy ascending
!
ip tcp synwait-time 5
!
!
!
!
!
interface FastEthernet0/0
 description *** Unused for Layer2 EtherSwitch ***
 no ip address
 shutdown
 duplex auto
 speed auto
!
interface FastEthernet0/1
 description *** Unused for Layer2 EtherSwitch ***
 no ip address
 shutdown
 duplex auto
 speed auto
!
interface FastEthernet1/0
 duplex full
 speed 100
!
interface FastEthernet1/1
 no switchport
 ip address 10.1.0.6 255.255.255.252
 duplex full
 speed 100
!
interface FastEthernet1/2
 duplex full
 speed 100
!
interface FastEthernet1/3
 duplex full
 speed 100
!
interface FastEthernet1/4
 duplex full
 speed 100
!
interface FastEthernet1/5
 duplex full
 speed 100
!
interface FastEthernet1/6
 duplex full
 speed 100
!
interface FastEthernet1/7
 duplex full
 speed 100
!
interface FastEthernet1/8
 duplex full
 speed 100
!
interface FastEthernet1/9
 switchport mode trunk
 duplex full
 speed 100
!
interface FastEthernet1/10
 duplex full
 speed 100
!
interface FastEthernet1/11
 duplex full
 speed 100
!
interface FastEthernet1/12
 duplex full
 speed 100
!
interface FastEthernet1/13
 duplex full
 speed 100
!
interface FastEthernet1/14
 duplex full
 speed 100
!
interface FastEthernet1/15
 duplex full
 speed 100
!
interface Vlan1
 no ip address
 shutdown
!
interface Vlan11
 ip address 10.1.11.252 255.255.255.0
 standby 11 ip 10.1.11.250
 standby 11 preempt
!
interface Vlan12
 ip address 10.1.12.252 255.255.255.0
 standby 12 ip 10.1.12.250
 standby 12 priority 110
 standby 12 preempt
 standby 12 track FastEthernet1/1 20
!
router ospf 1
 router-id 12.12.12.12
 log-adjacency-changes
 network 10.1.0.0 0.0.255.255 area 1
!
ip forward-protocol nd
!
!
no ip http server
no ip http secure-server
!
no cdp log mismatch duplex
!
!
!
!
!
!
control-plane
!
!
!
!
!
!
!
!
!
!
line con 0
 exec-timeout 0 0
 privilege level 15
 logging synchronous
line aux 0
 exec-timeout 0 0
 privilege level 15
 logging synchronous
line vty 0 4
 login
!
!
end

DSW21 Initial Configuration(Click)

!

!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
no service dhcp
!
hostname DSW21
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
memory-size iomem 5
no ip icmp rate-limit unreachable
ip cef
!
!
!
!
no ip domain lookup
!
multilink bundle-name authenticated
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
vtp file nvram:vlan.dat
archive
 log config
  hidekeys
! 
!
!
vlan internal allocation policy ascending
!
ip tcp synwait-time 5
!
!
!
!
interface FastEthernet0/0
 description *** Unused for Layer2 EtherSwitch ***
 no ip address
 shutdown
 duplex auto
 speed auto
!
interface FastEthernet0/1
 description *** Unused for Layer2 EtherSwitch ***
 no ip address
 shutdown
 duplex auto
 speed auto
!
interface FastEthernet1/0
 duplex full
 speed 100
!
interface FastEthernet1/1
 no switchport
 ip address 10.1.0.10 255.255.255.252
 duplex full
 speed 100
!
interface FastEthernet1/2
 duplex full
 speed 100
!
interface FastEthernet1/3
 duplex full
 speed 100
!
interface FastEthernet1/4
 duplex full
 speed 100
!
interface FastEthernet1/5
 duplex full
 speed 100
!
interface FastEthernet1/6
 duplex full
 speed 100
!
interface FastEthernet1/7
 duplex full
 speed 100
!
interface FastEthernet1/8
 switchport mode trunk
 duplex full
 speed 100
!
interface FastEthernet1/9
 duplex full
 speed 100
!
interface FastEthernet1/10
 duplex full
 speed 100
!
interface FastEthernet1/11
 duplex full
 speed 100
!
interface FastEthernet1/12
 duplex full
 speed 100
!
interface FastEthernet1/13
 duplex full
 speed 100
!
interface FastEthernet1/14
 duplex full
 speed 100
!
interface FastEthernet1/15
 duplex full
 speed 100
!
interface Vlan1
 no ip address
 shutdown
!
interface Vlan21
 ip address 10.1.21.251 255.255.255.0
!
router ospf 1
 router-id 21.21.21.21
 log-adjacency-changes
 network 10.1.0.0 0.0.255.255 area 1
!
ip forward-protocol nd
!
!
no ip http server
no ip http secure-server
!
no cdp log mismatch duplex
!
!
!
!
!
!
control-plane
!
!
!
!
!
!
!
!
!
!
line con 0
 exec-timeout 0 0
 privilege level 15
 logging synchronous
line aux 0
 exec-timeout 0 0
 privilege level 15
 logging synchronous
line vty 0 4
 login
!
!
end

DSW120 Initial Configuration(Click)

!

!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
no service dhcp
!
hostname DSW120
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
memory-size iomem 5
no ip icmp rate-limit unreachable
ip cef
!
!
!
!
no ip domain lookup
!
multilink bundle-name authenticated
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
vtp file nvram:vlan.dat
archive
 log config
  hidekeys
! 
!
!
vlan internal allocation policy ascending
!
ip tcp synwait-time 5
!
!
!
!
interface FastEthernet0/0
 description *** Unused for Layer2 EtherSwitch ***
 no ip address
 shutdown
 duplex auto
 speed auto
!
interface FastEthernet0/1
 description *** Unused for Layer2 EtherSwitch ***
 no ip address
 shutdown
 duplex auto
 speed auto
!
interface FastEthernet1/0
 duplex full
 speed 100
!
interface FastEthernet1/1
 switchport access vlan 11
 duplex full
 speed 100
 spanning-tree portfast
!
interface FastEthernet1/2
 duplex full
 speed 100
!
interface FastEthernet1/3
 duplex full
 speed 100
!
interface FastEthernet1/4
 duplex full
 speed 100
!
interface FastEthernet1/5
 duplex full
 speed 100
!
interface FastEthernet1/6
 duplex full
 speed 100
!
interface FastEthernet1/7
 duplex full
 speed 100
!
interface FastEthernet1/8
 duplex full
 speed 100
!
interface FastEthernet1/9
 duplex full
 speed 100
!
interface FastEthernet1/10
 duplex full
 speed 100
!
interface FastEthernet1/11
 no switchport
 ip address 10.2.0.1 255.255.255.252
 duplex full
 speed 100
!
interface FastEthernet1/12
 no switchport
 ip address 10.2.0.5 255.255.255.252
 duplex full
 speed 100
!
interface FastEthernet1/13
 duplex full
 speed 100
!
interface FastEthernet1/14
 duplex full
 speed 100
!
interface FastEthernet1/15
 duplex full
 speed 100
!
interface Vlan1
 no ip address
 shutdown
!
interface Vlan11
 ip address 10.2.11.251 255.255.255.0
!
router ospf 1
 router-id 120.120.120.120
 log-adjacency-changes
 network 10.2.0.0 0.0.255.255 area 2
!
ip forward-protocol nd
!
!
no ip http server
no ip http secure-server
!
no cdp log mismatch duplex
!
!
!
!
!
!
control-plane
!
!
!
!
!
!
!
!
!
!
line con 0
 exec-timeout 0 0
 privilege level 15
 logging synchronous
line aux 0
 exec-timeout 0 0
 privilege level 15
 logging synchronous
line vty 0 4
 login
!
!
end

INET1 Initial Configuration(Click)

!

!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname INET1
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
memory-size iomem 5
no ip icmp rate-limit unreachable
!
!
ip cef
no ip domain lookup
!
!
ip auth-proxy max-nodata-conns 3
ip admission max-nodata-conns 3
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
ip tcp synwait-time 5
! 
!
!
!
!
interface Ethernet0/0
 ip address 1.1.1.1 255.255.255.252
 ip nat outside
 ip virtual-reassembly
 half-duplex
!
interface Ethernet0/1
 ip address 10.1.0.18 255.255.255.252
 ip nat inside
 ip virtual-reassembly
 half-duplex
!
interface Ethernet0/2
 ip address 1.1.1.5 255.255.255.252
 half-duplex
!
interface Ethernet0/3
 no ip address
 shutdown
 half-duplex
!
router ospf 1
 router-id 112.112.112.112
 log-adjacency-changes
 network 10.1.0.0 0.0.255.255 area 1
 default-information originate
!
no ip http server
no ip http secure-server
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 1.1.1.2
!
ip nat inside source list 10 interface Ethernet0/0 overload
!
access-list 10 permit 10.1.0.0 0.0.255.255
no cdp log mismatch duplex
!
!
!
control-plane
!
!
!
!
!
!
!
!
!
!
line con 0
 exec-timeout 0 0
 privilege level 15
 logging synchronous
line aux 0
 exec-timeout 0 0
 privilege level 15
 logging synchronous
line vty 0 4
 login
!
!
end

INET2 Initial Configuration(Click)

!

!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname INET2
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
memory-size iomem 5
no ip icmp rate-limit unreachable
!
!
ip cef
no ip domain lookup
!
!
ip auth-proxy max-nodata-conns 3
ip admission max-nodata-conns 3
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
ip tcp synwait-time 5
! 
!
!
!
!
interface Ethernet0/0
 ip address 2.2.2.1 255.255.255.252
 ip nat outside
 ip virtual-reassembly
 half-duplex
!
interface Ethernet0/1
 ip address 10.2.0.6 255.255.255.252
 ip nat inside
 ip virtual-reassembly
 half-duplex
!
interface Ethernet0/2
 no ip address
 shutdown
 half-duplex
!
interface Ethernet0/3
 no ip address
 shutdown
 half-duplex
!
router ospf 1
 router-id 122.122.122.122
 log-adjacency-changes
 network 10.2.0.0 0.0.255.255 area 2
 default-information originate
!
no ip http server
no ip http secure-server
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 2.2.2.2
!
ip nat inside source list 10 interface Ethernet0/0 overload
!
access-list 10 permit 10.2.0.0 0.0.255.255
no cdp log mismatch duplex
!
!
!
control-plane
!
!
!
!
!
!
!
!
!
!
line con 0
 exec-timeout 0 0
 privilege level 15
 logging synchronous
line aux 0
 exec-timeout 0 0
 privilege level 15
 logging synchronous
line vty 0 4
 login
!
!
end

INET3 Initial Configuration(Click)

!

!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname INET3
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
memory-size iomem 5
no ip icmp rate-limit unreachable
!
!
ip cef
no ip domain lookup
!
!
ip auth-proxy max-nodata-conns 3
ip admission max-nodata-conns 3
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
ip tcp synwait-time 5
! 
!
!
!
!
interface Ethernet0/0
 ip address 3.3.3.1 255.255.255.252
 ip nat outside
 ip virtual-reassembly
 half-duplex
!
interface Ethernet0/1
 ip address 10.3.11.251 255.255.255.0
 ip nat inside
 ip virtual-reassembly
 half-duplex
!
interface Ethernet0/2
 no ip address
 shutdown
 half-duplex
!
interface Ethernet0/3
 no ip address
 shutdown
 half-duplex
!
no ip http server
no ip http secure-server
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 3.3.3.2
!
ip nat inside source list 10 interface Ethernet0/0 overload
!
access-list 10 permit 10.3.0.0 0.0.255.255
no cdp log mismatch duplex
!
!
!
control-plane
!
!
!
!
!
!
!
!
!
!
line con 0
 exec-timeout 0 0
 privilege level 15
 logging synchronous
line aux 0
 exec-timeout 0 0
 privilege level 15
 logging synchronous
line vty 0 4
 login
!
!
end

ISP11 Initial Configuration(Click)

!

!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname ISP11
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
memory-size iomem 5
no ip icmp rate-limit unreachable
!
!
ip cef
no ip domain lookup
!
!
ip auth-proxy max-nodata-conns 3
ip admission max-nodata-conns 3
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
ip tcp synwait-time 5
! 
!
!
!
!
interface Loopback0
 ip address 192.168.0.11 255.255.255.255
 ip ospf network point-to-point
!
interface Ethernet0/0
 ip address 1.1.1.2 255.255.255.252
 half-duplex
!
interface Ethernet0/1
 ip address 192.168.15.1 255.255.255.0
 half-duplex
!
interface Ethernet0/2
 no ip address
 shutdown
 half-duplex
!
interface Ethernet0/3
 no ip address
 shutdown
 half-duplex
!
router ospf 1
 router-id 11.11.11.11
 log-adjacency-changes
 network 192.168.0.0 0.0.255.255 area 0
!
router bgp 1
 no synchronization
 bgp log-neighbor-changes
 network 1.1.1.0 mask 255.255.255.252
 neighbor 192.168.0.15 remote-as 1
 neighbor 192.168.0.15 update-source Loopback0
 neighbor 192.168.0.15 next-hop-self
 no auto-summary
!
no ip http server
no ip http secure-server
!
ip forward-protocol nd
!
!
no cdp log mismatch duplex
!
!
!
control-plane
!
!
!
!
!
!
!
!
!
!
line con 0
 exec-timeout 0 0
 privilege level 15
 logging synchronous
line aux 0
 exec-timeout 0 0
 privilege level 15
 logging synchronous
line vty 0 4
 login
!
!
end

ISP12 Initial Configuration(Click)

!

!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname ISP12
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
memory-size iomem 5
no ip icmp rate-limit unreachable
!
!
ip cef
no ip domain lookup
!
!
ip auth-proxy max-nodata-conns 3
ip admission max-nodata-conns 3
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
ip tcp synwait-time 5
! 
!
!
!
!
interface Loopback0
 ip address 192.168.0.12 255.255.255.255
!
interface Ethernet0/0
 ip address 2.2.2.2 255.255.255.252
 half-duplex
!
interface Ethernet0/1
 ip address 192.168.25.2 255.255.255.0
 half-duplex
!
interface Ethernet0/2
 no ip address
 shutdown
 half-duplex
!
interface Ethernet0/3
 no ip address
 shutdown
 half-duplex
!
router ospf 1
 router-id 12.12.12.12
 log-adjacency-changes
 network 192.168.0.0 0.0.255.255 area 0
!
router bgp 1
 no synchronization
 bgp log-neighbor-changes
 network 2.2.2.0 mask 255.255.255.252
 neighbor 192.168.0.15 remote-as 1
 neighbor 192.168.0.15 update-source Loopback0
 neighbor 192.168.0.15 next-hop-self
 no auto-summary
!
no ip http server
no ip http secure-server
!
ip forward-protocol nd
!
!
no cdp log mismatch duplex
!
!
!
control-plane
!
!
!
!
!
!
!
!
!
!
line con 0
 exec-timeout 0 0
 privilege level 15
 logging synchronous
line aux 0
 exec-timeout 0 0
 privilege level 15
 logging synchronous
line vty 0 4
 login
!
!
end

ISP13 Initial Configuration(Click)

!

!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname ISP13
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
memory-size iomem 5
no ip icmp rate-limit unreachable
!
!
ip cef
no ip domain lookup
!
!
ip auth-proxy max-nodata-conns 3
ip admission max-nodata-conns 3
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
ip tcp synwait-time 5
! 
!
!
!
!
interface Loopback0
 ip address 192.168.0.13 255.255.255.255
 ip ospf network point-to-point
!
interface Ethernet0/0
 ip address 12.12.12.1 255.255.255.252
 half-duplex
!
interface Ethernet0/1
 ip address 192.168.35.3 255.255.255.0
 half-duplex
!
interface Ethernet0/2
 no ip address
 shutdown
 half-duplex
!
interface Ethernet0/3
 no ip address
 shutdown
 half-duplex
!
router ospf 1
 router-id 13.13.13.13
 log-adjacency-changes
 network 192.168.0.0 0.0.255.255 area 0
!
router bgp 1
 no synchronization
 bgp log-neighbor-changes
 neighbor 12.12.12.2 remote-as 2
 neighbor 12.12.12.2 password cisco
 neighbor 192.168.0.15 remote-as 1
 neighbor 192.168.0.15 update-source Loopback0
 neighbor 192.168.0.15 next-hop-self
 no auto-summary
!
no ip http server
no ip http secure-server
!
ip forward-protocol nd
!
!
no cdp log mismatch duplex
!
!
!
control-plane
!
!
!
!
!
!
!
!
!
!
line con 0
 exec-timeout 0 0
 privilege level 15
 logging synchronous
line aux 0
 exec-timeout 0 0
 privilege level 15
 logging synchronous
line vty 0 4
 login
!
!
end

ISP14 Initial Configuration(Click)

!

!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname ISP14
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
memory-size iomem 5
no ip icmp rate-limit unreachable
!
!
ip cef
no ip domain lookup
!
!
ip auth-proxy max-nodata-conns 3
ip admission max-nodata-conns 3
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
ip tcp synwait-time 5
! 
!
!
!
!
interface Loopback0
 ip address 192.168.0.14 255.255.255.255
!
interface Ethernet0/0
 ip address 12.12.12.5 255.255.255.252
 half-duplex
!
interface Ethernet0/1
 ip address 192.168.45.4 255.255.255.0
 half-duplex
!
interface Ethernet0/2
 no ip address
 shutdown
 half-duplex
!
interface Ethernet0/3
 no ip address
 shutdown
 half-duplex
!
router ospf 1
 router-id 14.14.14.14
 log-adjacency-changes
 network 192.168.0.0 0.0.255.255 area 0
!
router bgp 1
 no synchronization
 bgp log-neighbor-changes
 neighbor 12.12.12.6 remote-as 2
 neighbor 12.12.12.6 password cisco
 neighbor 192.168.0.15 remote-as 1
 neighbor 192.168.0.15 update-source Loopback0
 neighbor 192.168.0.15 next-hop-self
 no auto-summary
!
no ip http server
no ip http secure-server
!
ip forward-protocol nd
!
!
no cdp log mismatch duplex
!
!
!
control-plane
!
!
!
!
!
!
!
!
!
!
line con 0
 exec-timeout 0 0
 privilege level 15
 logging synchronous
line aux 0
 exec-timeout 0 0
 privilege level 15
 logging synchronous
line vty 0 4
 login
!
!
end

ISP15 Initial Configuration(Click)

!

!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname ISP15
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
memory-size iomem 5
no ip icmp rate-limit unreachable
!
!
ip cef
no ip domain lookup
!
!
ip auth-proxy max-nodata-conns 3
ip admission max-nodata-conns 3
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
ip tcp synwait-time 5
! 
!
!
!
!
interface Loopback0
 ip address 192.168.0.15 255.255.255.255
!
interface Loopback1
 ip address 100.1.2.15 255.255.255.0 secondary
 ip address 100.1.1.15 255.255.255.0
 ip ospf network point-to-point
!
interface Ethernet0/0
 ip address 192.168.15.5 255.255.255.0
 half-duplex
!
interface Ethernet0/1
 ip address 192.168.25.5 255.255.255.0
 half-duplex
!
interface Ethernet0/2
 ip address 192.168.35.5 255.255.255.0
 half-duplex
!
interface Ethernet0/3
 ip address 192.168.45.5 255.255.255.0
 half-duplex
!
router ospf 1
 router-id 15.15.15.15
 log-adjacency-changes
 network 192.168.0.0 0.0.255.255 area 0
!
router bgp 1
 no synchronization
 bgp log-neighbor-changes
 network 100.1.1.0 mask 255.255.255.0
 network 100.1.2.0 mask 255.255.255.0
 neighbor 192.168.0.11 remote-as 1
 neighbor 192.168.0.11 update-source Loopback0
 neighbor 192.168.0.11 route-reflector-client
 neighbor 192.168.0.12 remote-as 1
 neighbor 192.168.0.12 update-source Loopback0
 neighbor 192.168.0.12 route-reflector-client
 neighbor 192.168.0.13 remote-as 1
 neighbor 192.168.0.13 update-source Loopback0
 neighbor 192.168.0.13 route-reflector-client
 neighbor 192.168.0.14 remote-as 1
 neighbor 192.168.0.14 update-source Loopback0
 neighbor 192.168.0.14 route-reflector-client
 no auto-summary
!
no ip http server
no ip http secure-server
!
ip forward-protocol nd
!
!
no cdp log mismatch duplex
!
!
!
control-plane
!
!
!
!
!
!
!
!
!
!
line con 0
 exec-timeout 0 0
 privilege level 15
 logging synchronous
line aux 0
 exec-timeout 0 0
 privilege level 15
 logging synchronous
line vty 0 4
 login
!
!
end

ISP21 Initial Configuration(Click)

!

!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname ISP21
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
memory-size iomem 5
no ip icmp rate-limit unreachable
!
!
ip cef
no ip domain lookup
!
!
ip auth-proxy max-nodata-conns 3
ip admission max-nodata-conns 3
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
ip tcp synwait-time 5
! 
!
!
!
!
interface Loopback0
 ip address 192.168.0.21 255.255.255.255
!
interface Ethernet0/0
 ip address 3.3.3.2 255.255.255.252
 half-duplex
!
interface Ethernet0/1
 ip address 192.168.12.1 255.255.255.0
 half-duplex
!
interface Ethernet0/2
 no ip address
 shutdown
 half-duplex
!
interface Ethernet0/3
 no ip address
 shutdown
 half-duplex
!
router ospf 1
 router-id 21.21.21.21
 log-adjacency-changes
 network 192.168.0.0 0.0.255.255 area 0
!
router bgp 2
 no synchronization
 bgp log-neighbor-changes
 network 3.3.3.0 mask 255.255.255.252
 neighbor 192.168.0.22 remote-as 2
 neighbor 192.168.0.22 update-source Loopback0
 neighbor 192.168.0.22 next-hop-self
 no auto-summary
!
no ip http server
no ip http secure-server
!
ip forward-protocol nd
!
!
no cdp log mismatch duplex
!
!
!
control-plane
!
!
!
!
!
!
!
!
!
!
line con 0
 exec-timeout 0 0
 privilege level 15
 logging synchronous
line aux 0
 exec-timeout 0 0
 privilege level 15
 logging synchronous
line vty 0 4
 login
!
!
end

ISP22 Initial Configuration(Click)

!

!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname ISP22
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
memory-size iomem 5
no ip icmp rate-limit unreachable
!
!
ip cef
no ip domain lookup
!
!
ip auth-proxy max-nodata-conns 3
ip admission max-nodata-conns 3
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
ip tcp synwait-time 5
! 
!
!
!
!
interface Loopback0
 ip address 192.168.0.22 255.255.255.255
!
interface Ethernet0/0
 ip address 12.12.12.2 255.255.255.252
 half-duplex
!
interface Ethernet0/1
 ip address 12.12.12.6 255.255.255.252
 half-duplex
!
interface Ethernet0/2
 ip address 192.168.12.2 255.255.255.0
 half-duplex
!
interface Ethernet0/3
 no ip address
 shutdown
 half-duplex
!
router ospf 1
 router-id 22.22.22.22
 log-adjacency-changes
 network 192.168.0.0 0.0.255.255 area 0
!
router bgp 2
 no synchronization
 bgp log-neighbor-changes
 neighbor 12.12.12.1 remote-as 1
 neighbor 12.12.12.1 password cisco
 neighbor 12.12.12.1 route-map From_ISP13 in
 neighbor 12.12.12.5 remote-as 1
 neighbor 12.12.12.5 password cisco
 neighbor 12.12.12.5 route-map From_ISP14 in
 neighbor 192.168.0.21 remote-as 2
 neighbor 192.168.0.21 update-source Loopback0
 neighbor 192.168.0.21 next-hop-self
 no auto-summary
!
no ip http server
no ip http secure-server
!
ip forward-protocol nd
!
!
access-list 1 permit 100.1.1.0
access-list 2 permit 100.1.2.0
no cdp log mismatch duplex
!
route-map From_ISP13 permit 10
 match ip address 1
 set local-preference 150
!
route-map From_ISP13 permit 100
!
route-map From_ISP14 permit 10
 match ip address 2
 set local-preference 150
!
route-map From_ISP14 permit 100
!
!
!
control-plane
!
!
!
!
!
!
!
!
!
!
line con 0
 exec-timeout 0 0
 privilege level 15
 logging synchronous
line aux 0
 exec-timeout 0 0
 privilege level 15
 logging synchronous
line vty 0 4
 login
!
!
end

PC11 Initial Configuration(Click)

set pcname PC11
ip 10.1.11.11 10.1.11.250 24

PC12 Initial Configuration(Click)

set pcname PC12
ip 10.1.12.12 10.1.12.250 24

PC21 Initial Configuration(Click)

set pcname PC21
ip 10.1.21.21 10.1.21.251 24

PC120 Initial Configuration(Click)

# This the configuration for PC120
set pcname PC120
ip 10.2.11.120 255.255.255.0 10.2.11.251

PC130 Initial Configuration(Click)

# This the configuration for PC130
set pcname PC130
ip 10.3.11.130 255.255.255.0 10.3.11.251

SFSW Initial Configuration(Click)

!

!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
no service dhcp
!
hostname SFSW
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
memory-size iomem 5
no ip routing
no ip icmp rate-limit unreachable
no ip cef
!
!
!
!
no ip domain lookup
!
multilink bundle-name authenticated
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
vtp file nvram:vlan.dat
archive
 log config
  hidekeys
! 
!
!
!
ip tcp synwait-time 5
!
!
!
!
interface FastEthernet0/0
 description *** Unused for Layer2 EtherSwitch ***
 no ip address
 no ip route-cache
 shutdown
 duplex auto
 speed auto
!
interface FastEthernet0/1
 description *** Unused for Layer2 EtherSwitch ***
 no ip address
 no ip route-cache
 shutdown
 duplex auto
 speed auto
!
interface FastEthernet1/0
 duplex full
 speed 100
!
interface FastEthernet1/1
 switchport access vlan 100
 duplex full
 speed 100
 spanning-tree portfast
!
interface FastEthernet1/2
 duplex full
 speed 100
!
interface FastEthernet1/3
 duplex full
 speed 100
!
interface FastEthernet1/4
 duplex full
 speed 100
!
interface FastEthernet1/5
 duplex full
 speed 100
!
interface FastEthernet1/6
 duplex full
 speed 100
!
interface FastEthernet1/7
 duplex full
 speed 100
!
interface FastEthernet1/8
 switchport access vlan 100
 duplex full
 speed 100
!
interface FastEthernet1/9
 duplex full
 speed 100
!
interface FastEthernet1/10
 duplex full
 speed 100
!
interface FastEthernet1/11
 duplex full
 speed 100
!
interface FastEthernet1/12
 duplex full
 speed 100
!
interface FastEthernet1/13
 duplex full
 speed 100
!
interface FastEthernet1/14
 duplex full
 speed 100
!
interface FastEthernet1/15
 duplex full
 speed 100
!
interface Vlan1
 no ip address
 no ip route-cache
 shutdown
!
ip forward-protocol nd
!
!
no ip http server
no ip http secure-server
!
no cdp log mismatch duplex
!
!
!
!
!
!
control-plane
!
!
!
!
!
!
!
!
!
!
line con 0
 exec-timeout 0 0
 privilege level 15
 logging synchronous
line aux 0
 exec-timeout 0 0
 privilege level 15
 logging synchronous
line vty 0 4
 login
!
!
end

SRV Initial Configuration(Click)

set pcname SRV
ip 10.1.100.100 10.1.100.251 24

VPN1 Initial Configuration(Click)

!

!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname VPN1
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
memory-size iomem 5
no ip icmp rate-limit unreachable
!
!
ip cef
no ip domain lookup
!
!
ip auth-proxy max-nodata-conns 3
ip admission max-nodata-conns 3
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
ip tcp synwait-time 5
! 
!
!
!
!
interface Ethernet0/0
 ip address 1.1.1.6 255.255.255.252
 half-duplex
!
interface Ethernet0/1
 ip address 10.1.0.22 255.255.255.252
 half-duplex
!
interface Ethernet0/2
 no ip address
 shutdown
 half-duplex
!
interface Ethernet0/3
 no ip address
 shutdown
 half-duplex
!
router ospf 1
 router-id 113.113.113.113
 log-adjacency-changes
 network 10.1.0.0 0.0.255.255 area 1
!
no ip http server
no ip http secure-server
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 1.1.1.5
!
!
no cdp log mismatch duplex
!
!
!
control-plane
!
!
!
!
!
!
!
!
!
!
line con 0
 exec-timeout 0 0
 privilege level 15
 logging synchronous
line aux 0
 exec-timeout 0 0
 privilege level 15
 logging synchronous
line vty 0 4
 login
!
!
end

WAN1 Initial Configuration(Click)

!

!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname WAN1
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
memory-size iomem 5
no ip icmp rate-limit unreachable
!
!
ip cef
no ip domain lookup
!
!
ip auth-proxy max-nodata-conns 3
ip admission max-nodata-conns 3
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
ip tcp synwait-time 5
! 
!
!
!
!
interface Ethernet0/0
 ip address 10.0.0.1 255.255.255.0
 half-duplex
!
interface Ethernet0/1
 ip address 10.1.0.14 255.255.255.252
 half-duplex
!
interface Ethernet0/2
 no ip address
 shutdown
 half-duplex
!
interface Ethernet0/3
 no ip address
 shutdown
 half-duplex
!
router ospf 1
 router-id 111.111.111.111
 log-adjacency-changes
 area 1 range 10.1.0.0 255.255.0.0
 network 10.0.0.0 0.0.0.255 area 0
 network 10.1.0.0 0.0.255.255 area 1
!
no ip http server
no ip http secure-server
!
ip forward-protocol nd
!
!
no cdp log mismatch duplex
!
!
!
control-plane
!
!
!
!
!
!
!
!
!
!
line con 0
 exec-timeout 0 0
 privilege level 15
 logging synchronous
line aux 0
 exec-timeout 0 0
 privilege level 15
 logging synchronous
line vty 0 4
 login
!
!
end

WAN2 Part3 Configuration(Click)

!

!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname WAN2
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
memory-size iomem 5
no ip icmp rate-limit unreachable
!
!
ip cef
no ip domain lookup
!
!
ip auth-proxy max-nodata-conns 3
ip admission max-nodata-conns 3
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
ip tcp synwait-time 5
! 
!
!
!
!
interface Ethernet0/0
 ip address 10.0.0.2 255.255.255.0
 half-duplex
!
interface Ethernet0/1
 ip address 10.2.0.2 255.255.255.252
 half-duplex
!
interface Ethernet0/2
 no ip address
 shutdown
 half-duplex
!
interface Ethernet0/3
 no ip address
 shutdown
 half-duplex
!
router ospf 1
 router-id 121.121.121.121
 log-adjacency-changes
 area 2 range 10.2.0.0 255.255.0.0
 network 10.0.0.0 0.0.0.255 area 0
 network 10.2.0.0 0.0.255.255 area 2
!
no ip http server
no ip http secure-server
!
ip forward-protocol nd
!
!
no cdp log mismatch duplex
!
!
!
control-plane
!
!
!
!
!
!
!
!
!
!
line con 0
 exec-timeout 0 0
 privilege level 15
 logging synchronous
line aux 0
 exec-timeout 0 0
 privilege level 15
 logging synchronous
line vty 0 4
 login
!
!
end

Part6:インターネットVPNの構築

要件

  1. 拠点1と拠点2を接続する広域イーサネットのバックアップとして、インターネットVPNを構築します。VPN1とINET2間でトンネルインタフェースを設定します。トンネルで送受信するIPパケットをIPSecで暗号化します。
  2. 拠点1と拠点3を接続するためにインターネットVPNを構築します。VPN1とINET3間でトンネルインタフェースを設定します。トンネルで送受信するIPパケットをIPSecで暗号化します。
  3. 拠点1-拠点2間のGREトンネルを広域イーサネットのバックアップとするために、フローティングスタティックルートの設定を行います。拠点1-拠点3間のGREトンネルでルーティングを行うためにスタティックルートの設定を行います。
  4. VPNゲートウェイ間の認証はパスワード「cisco」を利用します。IPSecの暗号化のパラメータとして、以下を利用します。IPSecの設定は、crypto mapを利用しません。
トランスフォームセット名IPSEC
セキュリティプロトコルESP
暗号化アルゴリズム3DES
認証アルゴリズムSHA-1
表 IPSecパラメータ

トンネルインタフェースの設定

VPN1-INET2間でトンネルを設定して、インターネット経由で拠点1と拠点2を接続します。VPN1-INET3間でトンネルを設定して、インターネット経由で拠点1と拠点3を接続します。VPN1-INET2間のトンネルは10.10.10.0/30のネットワークアドレスとします。VPN1-INET3間のトンネルは10.10.10.4/30のネットワークアドレスとします。

なお、トンネルインタフェースのカプセル化は、この段階ではデフォルトのGREのままとします。

VPN1 トンネルインタフェースの設定

interface tunnel12
 tunnel source 1.1.1.6
 tunnel destination 2.2.2.1
 ip address 10.10.10.1 255.255.255.252
!
interface tunnel 13
 tunnel source 1.1.1.6
 tunnel destination 3.3.3.1
 ip address 10.10.10.5 255.255.255.252

INET2 トンネルインタフェースの設定

interface tunnel12
 tunnel source 2.2.2.1
 tunnel destination 1.1.1.6
 ip address 10.10.10.2 255.255.255.252

INET3 トンネルインタフェースの設定

interface tunnel 13
 tunnel source 3.3.3.1
 tunnel destination 1.1.1.6
 ip address 10.10.10.6 255.255.255.252

show ip interface briefコマンドでGREトンネルインタフェースの状態とIPアドレスを正しく設定していることを確認します。また、GREトンネルの対向となるIPアドレスへPingを実行します。VPN1では、次のようになります。

VPN1 トンネルインタフェースの確認

VPN1#show ip int brief
Interface                  IP-Address      OK? Method Status                Protocol
Ethernet0/0                1.1.1.6         YES manual up                    up
Ethernet0/1                10.1.0.22       YES NVRAM  up                    up
Ethernet0/2                unassigned      YES NVRAM  administratively down down
Ethernet0/3                unassigned      YES NVRAM  administratively down down
Tunnel12                   10.10.10.1      YES manual up                    up
Tunnel13                   10.10.10.5      YES manual up                    up
VPN1#ping 10.10.10.2

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.10.10.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 60/83/124 ms
VPN1#ping 10.10.10.6

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.10.10.6, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 132/147/152 ms

トンネルのルーティングの設定 拠点1-拠点2間

拠点1-拠点2間のGREトンネルを広域イーサネットのバックアップとするためにフローティングスタティックルートを設定します。

VPN1に10.2.0.0/16のスタティックルートを設定します。ネクストホップをGREトンネルの対向の10.10.10.2としてアドミニストレイティブディスタンスをOSPFよりも大きい120にします。また、広域イーサネットがダウンしているときに、拠点1のルータ/レイヤ3スイッチが10.2.0.0/16をOSPFで学習できるようにスタティックルートをOSPFに再配送します。

INET2に10.1.0.0/16のスタティックルートを設定します。ネクストホップをGREトンネルの対向の10.10.10.1としてアドミニストレイティブディスタンスをOSPFよりも大きい120にします。また、広域イーサネットがダウンしているときに、拠点2のルータ/レイヤ3スイッチが10.1.0.0/16をOSPFで学習できるようにスタティックルートをOSPFに再配送します。

VPN1 フローティングスタティックの設定

ip route 10.2.0.0 255.255.0.0 10.10.10.2 120
!
router ospf 1
 redistribute static subnets

INET2 フローティングスタティックの設定

ip route 10.1.0.0 255.255.0.0 10.10.10.1 120
!
router ospf 1
 redistribute static subnets

GREトンネルが広域イーサネットのバックアップとして正しく動作することを確認します。広域イーサネットが正常なときのBBSWのルーティングテーブルを確認します。

BBSW ルーティングテーブル 広域イーサネット正常時

BBSW#show ip route
-- omitted --

Gateway of last resort is 10.1.0.18 to network 0.0.0.0

     10.0.0.0/8 is variably subnetted, 12 subnets, 3 masks
O       10.1.11.0/24 [110/2] via 10.1.0.6, 00:53:49, FastEthernet1/2
                     [110/2] via 10.1.0.2, 00:53:39, FastEthernet1/1
C       10.1.0.8/30 is directly connected, FastEthernet1/4
O       10.1.12.0/24 [110/2] via 10.1.0.6, 00:53:49, FastEthernet1/2
                     [110/2] via 10.1.0.2, 00:53:39, FastEthernet1/1
C       10.1.0.12/30 is directly connected, FastEthernet1/11
O IA    10.2.0.0/16 [110/21] via 10.1.0.14, 00:53:51, FastEthernet1/11
O IA    10.0.0.0/24 [110/11] via 10.1.0.14, 00:53:51, FastEthernet1/11
C       10.1.0.0/30 is directly connected, FastEthernet1/1
C       10.1.0.4/30 is directly connected, FastEthernet1/2
C       10.1.0.16/30 is directly connected, FastEthernet1/12
O       10.1.21.0/24 [110/2] via 10.1.0.10, 00:53:51, FastEthernet1/4
C       10.1.0.20/30 is directly connected, FastEthernet1/13
C       10.1.100.0/24 is directly connected, Vlan100
O*E2 0.0.0.0/0 [110/1] via 10.1.0.18, 00:54:45, FastEthernet1/12

図 広域イーサネット正常時のルーティング
図 広域イーサネット正常時のルーティング

そして、広域イーサネットをダウンさせるためにWAN1/WAN2のE0/0をshutdownします。

WAN1/WAN2 shutdown

interface Ethernet0/0
 shutdown

広域イーサネットがダウンするとBBSWのルーティングテーブルの10.2.0.0/16はVPN1経由となります。

BBSW ルーティングテーブル 広域イーサネットダウン時

BBSW#show ip route
-- omitted --

Gateway of last resort is 10.1.0.18 to network 0.0.0.0

     10.0.0.0/8 is variably subnetted, 11 subnets, 3 masks
O       10.1.11.0/24 [110/2] via 10.1.0.6, 00:56:21, FastEthernet1/2
                     [110/2] via 10.1.0.2, 00:56:11, FastEthernet1/1
C       10.1.0.8/30 is directly connected, FastEthernet1/4
O       10.1.12.0/24 [110/2] via 10.1.0.6, 00:56:21, FastEthernet1/2
                     [110/2] via 10.1.0.2, 00:56:11, FastEthernet1/1
C       10.1.0.12/30 is directly connected, FastEthernet1/11
O E2    10.2.0.0/16 [110/20] via 10.1.0.22, 00:00:24, FastEthernet1/13
C       10.1.0.0/30 is directly connected, FastEthernet1/1
C       10.1.0.4/30 is directly connected, FastEthernet1/2
C       10.1.0.16/30 is directly connected, FastEthernet1/12
O       10.1.21.0/24 [110/2] via 10.1.0.10, 00:56:23, FastEthernet1/4
C       10.1.0.20/30 is directly connected, FastEthernet1/13
C       10.1.100.0/24 is directly connected, Vlan100
O*E2 0.0.0.0/0 [110/1] via 10.1.0.18, 00:57:19, FastEthernet1/12

PC11からPC120へTracerouteを実行すると、GREトンネル経由でルーティングされています。

PC11 Traceroute

PC11> trace 10.2.11.120
trace to 10.2.11.120, 8 hops max, press Ctrl+C to stop
 1   10.1.11.251   10.360 ms  20.447 ms  10.293 ms
 2   10.1.0.1   32.073 ms  31.246 ms  30.640 ms
 3   10.1.0.22   62.247 ms  53.226 ms  52.323 ms
 4   10.10.10.2   162.829 ms  193.119 ms  151.363 ms
 5   10.2.0.5   172.152 ms  138.984 ms  105.722 ms
 6   *10.2.11.120   171.117 ms (ICMP type:3, code:3, Destination port unreachable)

WAN1/WAN2 no shutdown

interface Ethernet0/0
 no shutdown

図 広域イーサネット障害時のルーティング
図 広域イーサネット障害時のルーティング

トンネルのルーティングの設定 拠点1-拠点3間

拠点1-拠点3間のルーティングをGREトンネル経由で行うためにVPN1とINET3でスタティックルートを設定します。VPN1では拠点3の10.3.0.0/16のスタティックルートを設定します。このスタティックルートは、OSPFへ再配送されます。

INET3では、拠点1と拠点2の10.1.0.0/16と10.2.0.0/16のスタティックルートを設定します。

VPN1 スタティックルートの設定

ip route 10.3.0.0 255.255.0.0 10.10.10.6

INET3 スタティックルートの設定

ip route 10.1.0.0 255.255.0.0 10.10.10.5
ip route 10.2.0.0 255.255.0.0 10.10.10.5

拠点3との通信を確認します。PC130からPC11、PC120へTracerouteを実行します。

PC130 Traceroute

PC130> trace 10.1.11.11
trace to 10.1.11.11, 8 hops max, press Ctrl+C to stop
 1   10.3.11.251   4.116 ms  9.204 ms  9.013 ms
 2   10.10.10.5   160.539 ms  163.542 ms  161.207 ms
 3   10.1.0.21   182.307 ms  179.498 ms  169.173 ms
 4   10.1.0.6   202.895 ms  190.408 ms  129.223 ms
 5   *10.1.11.11   139.293 ms (ICMP type:3, code:3, Destination port unreachable)

PC130> trace 10.2.11.120
trace to 10.2.11.120, 8 hops max, press Ctrl+C to stop
 1   10.3.11.251   4.269 ms  9.215 ms  9.115 ms
 2   10.10.10.5   160.764 ms  159.532 ms  157.820 ms
 3   10.1.0.21   181.802 ms  180.460 ms  181.339 ms
 4   10.1.0.14   204.997 ms  203.358 ms  205.510 ms
 5   10.0.0.2   224.476 ms  228.163 ms  227.935 ms
 6   10.2.0.1   245.488 ms  246.349 ms  242.810 ms
 7   *10.2.11.120   256.961 ms (ICMP type:3, code:3, Destination port unreachable)

図 拠点1-拠点3間のルーティング
図 拠点1-拠点3間のルーティング

IPSecの設定

トンネルでのルーティングの設定が完成すれば、あとは、トンネル経由のIPパケットをIPSecで暗号化するだけです。また、トンネルインタフェースのカプセル化は、tunnel mode ipsec ipv4コマンドでGREのオーバーヘッドを削減するIPSec VTIとして設定します。

VPN1 IPSec VTIの設定

crypto isakmp policy 1
 authentication pre-share
!
crypto isakmp key cisco address 2.2.2.1
crypto isakmp key cisco address 3.3.3.1
!
crypto ipsec transform-set IPSEC esp-3des esp-sha-hmac
 mode transport
!
crypto ipsec profile IPSEC
 set transform-set IPSEC
!
interface Tunnel12
 tunnel mode ipsec ipv4
 tunnel protection ipsec profile IPSEC
!
interface Tunnel13
 tunnel mode ipsec ipv4
 tunnel protection ipsec profile IPSEC

INET2 IPSec VTIの設定

crypto isakmp policy 1
 authentication pre-share
!
crypto isakmp key cisco address 1.1.1.6
!
crypto ipsec transform-set IPSEC esp-3des esp-sha-hmac
 mode transport
!
crypto ipsec profile IPSEC
 set transform-set IPSEC
!
interface Tunnel12
 tunnel mode ipsec ipv4
 tunnel protection ipsec profile IPSEC

INET3 IPSec VTIの設定

crypto isakmp policy 1
 authentication pre-share
!
crypto isakmp key cisco address 1.1.1.6
!
crypto ipsec transform-set IPSEC esp-3des esp-sha-hmac
 mode transport
!
crypto ipsec profile IPSEC
 set transform-set IPSEC
!
interface Tunnel13
 tunnel mode ipsec ipv4
 tunnel protection ipsec profile IPSEC

トンネルのIPアドレスにPingを実行してIPSecの暗号化が正しく行われていることを確認します。

VPN1 IPSec VTIの確認

VPN1#ping 10.10.10.2

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.10.10.2, timeout is 2 seconds:
.!!!!
Success rate is 80 percent (4/5), round-trip min/avg/max = 96/112/132 ms
VPN1#ping 10.10.10.6

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.10.10.6, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 92/104/108 ms
VPN1#show crypto isakmp sa
dst             src             state          conn-id slot status
3.3.3.1         1.1.1.6         QM_IDLE              1    0 ACTIVE
2.2.2.1         1.1.1.6         QM_IDLE              2    0 ACTIVE

VPN1#show crypto ipsec sa

interface: Tunnel12
    Crypto map tag: Tunnel12-head-0, local addr 1.1.1.6

   protected vrf: (none)
   local  ident (addr/mask/prot/port): (1.1.1.6/255.255.255.255/47/0)
   remote ident (addr/mask/prot/port): (2.2.2.1/255.255.255.255/47/0)
   current_peer 2.2.2.1 port 500
     PERMIT, flags={origin_is_acl,ipsec_sa_request_sent}
    #pkts encaps: 4, #pkts encrypt: 4, #pkts digest: 4
    #pkts decaps: 4, #pkts decrypt: 4, #pkts verify: 4
    #pkts compressed: 0, #pkts decompressed: 0
    #pkts not compressed: 0, #pkts compr. failed: 0
    #pkts not decompressed: 0, #pkts decompress failed: 0
    #send errors 6, #recv errors 0

     local crypto endpt.: 1.1.1.6, remote crypto endpt.: 2.2.2.1
     path mtu 1500, ip mtu 1500, ip mtu idb Ethernet0/0
     current outbound spi: 0xF4D1A7F2(4107380722)

     inbound esp sas:
      spi: 0x58B32C28(1488137256)
        transform: esp-3des esp-sha-hmac ,
        in use settings ={Transport, }
        conn id: 2003, flow_id: SW:3, crypto map: Tunnel12-head-0
        sa timing: remaining key lifetime (k/sec): (4531747/3583)
        IV size: 8 bytes
        replay detection support: Y
        Status: ACTIVE

     inbound ah sas:

     inbound pcp sas:

     outbound esp sas:
      spi: 0xF4D1A7F2(4107380722)
        transform: esp-3des esp-sha-hmac ,
        in use settings ={Transport, }
        conn id: 2004, flow_id: SW:4, crypto map: Tunnel12-head-0
        sa timing: remaining key lifetime (k/sec): (4531747/3581)
        IV size: 8 bytes
        replay detection support: Y
        Status: ACTIVE

     outbound ah sas:

     outbound pcp sas:

interface: Tunnel13
    Crypto map tag: Tunnel13-head-0, local addr 1.1.1.6

   protected vrf: (none)
   local  ident (addr/mask/prot/port): (1.1.1.6/255.255.255.255/47/0)
   remote ident (addr/mask/prot/port): (3.3.3.1/255.255.255.255/47/0)
   current_peer 3.3.3.1 port 500
     PERMIT, flags={origin_is_acl,}
    #pkts encaps: 20, #pkts encrypt: 20, #pkts digest: 20
    #pkts decaps: 19, #pkts decrypt: 19, #pkts verify: 19
    #pkts compressed: 0, #pkts decompressed: 0
    #pkts not compressed: 0, #pkts compr. failed: 0
    #pkts not decompressed: 0, #pkts decompress failed: 0
    #send errors 6, #recv errors 0

     local crypto endpt.: 1.1.1.6, remote crypto endpt.: 3.3.3.1
     path mtu 1500, ip mtu 1500, ip mtu idb Ethernet0/0
     current outbound spi: 0x5E437F77(1581481847)

     inbound esp sas:
      spi: 0x84EA2C93(2229939347)
        transform: esp-3des esp-sha-hmac ,
        in use settings ={Transport, }
        conn id: 2001, flow_id: SW:1, crypto map: Tunnel13-head-0
        sa timing: remaining key lifetime (k/sec): (4590407/3492)
        IV size: 8 bytes
        replay detection support: Y
        Status: ACTIVE

     inbound ah sas:

     inbound pcp sas:

     outbound esp sas:
      spi: 0x5E437F77(1581481847)
        transform: esp-3des esp-sha-hmac ,
        in use settings ={Transport, }
        conn id: 2002, flow_id: SW:2, crypto map: Tunnel13-head-0
        sa timing: remaining key lifetime (k/sec): (4590407/3491)
        IV size: 8 bytes
        replay detection support: Y
        Status: ACTIVE

     outbound ah sas:

     outbound pcp sas:

Part6 インターネットVPNの構築 完了の設定ファイル

ASW11 Part6 Configuration(Click)

!

!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
no service dhcp
!
hostname ASW11
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
memory-size iomem 5
no ip routing
no ip icmp rate-limit unreachable
no ip cef
!
!
!
!
no ip domain lookup
!
multilink bundle-name authenticated
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
vtp file nvram:vlan.dat
archive
 log config
  hidekeys
! 
!
!
!
ip tcp synwait-time 5
!
!
!
!
interface FastEthernet0/0
 description *** Unused for Layer2 EtherSwitch ***
 no ip address
 no ip route-cache
 shutdown
 duplex auto
 speed auto
!
interface FastEthernet0/1
 description *** Unused for Layer2 EtherSwitch ***
 no ip address
 no ip route-cache
 shutdown
 duplex auto
 speed auto
!
interface FastEthernet1/0
 duplex full
 speed 100
!
interface FastEthernet1/1
 switchport access vlan 11
 duplex full
 speed 100
 spanning-tree portfast
!
interface FastEthernet1/2
 switchport access vlan 12
 duplex full
 speed 100
 spanning-tree portfast
!
interface FastEthernet1/3
 duplex full
 speed 100
!
interface FastEthernet1/4
 duplex full
 speed 100
!
interface FastEthernet1/5
 duplex full
 speed 100
!
interface FastEthernet1/6
 duplex full
 speed 100
!
interface FastEthernet1/7
 duplex full
 speed 100
!
interface FastEthernet1/8
 switchport mode trunk
 duplex full
 speed 100
!
interface FastEthernet1/9
 switchport mode trunk
 duplex full
 speed 100
!
interface FastEthernet1/10
 duplex full
 speed 100
!
interface FastEthernet1/11
 duplex full
 speed 100
!
interface FastEthernet1/12
 duplex full
 speed 100
!
interface FastEthernet1/13
 duplex full
 speed 100
!
interface FastEthernet1/14
 duplex full
 speed 100
!
interface FastEthernet1/15
 duplex full
 speed 100
!
interface Vlan1
 no ip address
 no ip route-cache
 shutdown
!
ip forward-protocol nd
!
!
no ip http server
no ip http secure-server
!
no cdp log mismatch duplex
!
!
!
!
!
!
control-plane
!
!
!
!
!
!
!
!
!
!
line con 0
 exec-timeout 0 0
 privilege level 15
 logging synchronous
line aux 0
 exec-timeout 0 0
 privilege level 15
 logging synchronous
line vty 0 4
 login
!
!
end

ASW21 Part6 Configuration(Click)

!

!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
no service dhcp
!
hostname ASW21
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
memory-size iomem 5
no ip routing
no ip icmp rate-limit unreachable
no ip cef
!
!
!
!
no ip domain lookup
!
multilink bundle-name authenticated
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
vtp file nvram:vlan.dat
archive
 log config
  hidekeys
! 
!
!
!
ip tcp synwait-time 5
!
!
!
!
interface FastEthernet0/0
 description *** Unused for Layer2 EtherSwitch ***
 no ip address
 no ip route-cache
 shutdown
 duplex auto
 speed auto
!
interface FastEthernet0/1
 description *** Unused for Layer2 EtherSwitch ***
 no ip address
 no ip route-cache
 shutdown
 duplex auto
 speed auto
!
interface FastEthernet1/0
 duplex full
 speed 100
!
interface FastEthernet1/1
 switchport access vlan 21
 duplex full
 speed 100
 spanning-tree portfast
!
interface FastEthernet1/2
 duplex full
 speed 100
!
interface FastEthernet1/3
 duplex full
 speed 100
!
interface FastEthernet1/4
 duplex full
 speed 100
!
interface FastEthernet1/5
 duplex full
 speed 100
!
interface FastEthernet1/6
 duplex full
 speed 100
!
interface FastEthernet1/7
 duplex full
 speed 100
!
interface FastEthernet1/8
 switchport mode trunk
 duplex full
 speed 100
!
interface FastEthernet1/9
 duplex full
 speed 100
!
interface FastEthernet1/10
 duplex full
 speed 100
!
interface FastEthernet1/11
 duplex full
 speed 100
!
interface FastEthernet1/12
 duplex full
 speed 100
!
interface FastEthernet1/13
 duplex full
 speed 100
!
interface FastEthernet1/14
 duplex full
 speed 100
!
interface FastEthernet1/15
 duplex full
 speed 100
!
interface Vlan1
 no ip address
 no ip route-cache
 shutdown
!
ip forward-protocol nd
!
!
no ip http server
no ip http secure-server
!
no cdp log mismatch duplex
!
!
!
!
!
!
control-plane
!
!
!
!
!
!
!
!
!
!
line con 0
 exec-timeout 0 0
 privilege level 15
 logging synchronous
line aux 0
 exec-timeout 0 0
 privilege level 15
 logging synchronous
line vty 0 4
 login
!
!
end

BBSW Part6 Configuration(Click)

!

!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
no service dhcp
!
hostname BBSW
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
memory-size iomem 5
no ip icmp rate-limit unreachable
ip cef
!
!
!
!
no ip domain lookup
!
multilink bundle-name authenticated
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
vtp file nvram:vlan.dat
archive
 log config
  hidekeys
! 
!
!
vlan internal allocation policy ascending
!
ip tcp synwait-time 5
!
!
!
!
interface FastEthernet0/0
 description *** Unused for Layer2 EtherSwitch ***
 no ip address
 shutdown
 duplex auto
 speed auto
!
interface FastEthernet0/1
 description *** Unused for Layer2 EtherSwitch ***
 no ip address
 shutdown
 duplex auto
 speed auto
!
interface FastEthernet1/0
 duplex full
 speed 100
!
interface FastEthernet1/1
 no switchport
 ip address 10.1.0.1 255.255.255.252
 duplex full
 speed 100
!
interface FastEthernet1/2
 no switchport
 ip address 10.1.0.5 255.255.255.252
 duplex full
 speed 100
!
interface FastEthernet1/3
 switchport access vlan 100
 duplex full
 speed 100
!
interface FastEthernet1/4
 no switchport
 ip address 10.1.0.9 255.255.255.252
 duplex full
 speed 100
!
interface FastEthernet1/5
 duplex full
 speed 100
!
interface FastEthernet1/6
 duplex full
 speed 100
!
interface FastEthernet1/7
 duplex full
 speed 100
!
interface FastEthernet1/8
 duplex full
 speed 100
!
interface FastEthernet1/9
 duplex full
 speed 100
!
interface FastEthernet1/10
 duplex full
 speed 100
!
interface FastEthernet1/11
 no switchport
 ip address 10.1.0.13 255.255.255.252
 duplex full
 speed 100
!
interface FastEthernet1/12
 no switchport
 ip address 10.1.0.17 255.255.255.252
 duplex full
 speed 100
!
interface FastEthernet1/13
 no switchport
 ip address 10.1.0.21 255.255.255.252
 duplex full
 speed 100
!
interface FastEthernet1/14
 duplex full
 speed 100
!
interface FastEthernet1/15
 duplex full
 speed 100
!
interface Vlan1
 no ip address
 shutdown
!
interface Vlan100
 ip address 10.1.100.251 255.255.255.0
!
router ospf 1
 router-id 100.100.100.100
 log-adjacency-changes
 network 10.1.0.0 0.0.255.255 area 1
!
ip forward-protocol nd
!
!
no ip http server
no ip http secure-server
!
no cdp log mismatch duplex
!
!
!
!
!
!
control-plane
!
!
!
!
!
!
!
!
!
!
line con 0
 exec-timeout 0 0
 privilege level 15
 logging synchronous
line aux 0
 exec-timeout 0 0
 privilege level 15
 logging synchronous
line vty 0 4
 login
!
!
end

DSW11 Part6 Configuration(Click)

!

!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
no service dhcp
!
hostname DSW11
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
memory-size iomem 5
no ip icmp rate-limit unreachable
ip cef
!
!
!
!
no ip domain lookup
!
multilink bundle-name authenticated
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
vtp file nvram:vlan.dat
archive
 log config
  hidekeys
! 
!
!
vlan internal allocation policy ascending
!
ip tcp synwait-time 5
!
!
!
!
!
interface Port-channel1
!
interface FastEthernet0/0
 description *** Unused for Layer2 EtherSwitch ***
 no ip address
 shutdown
 duplex auto
 speed auto
!
interface FastEthernet0/1
 description *** Unused for Layer2 EtherSwitch ***
 no ip address
 shutdown
 duplex auto
 speed auto
!
interface FastEthernet1/0
 duplex full
 speed 100
!
interface FastEthernet1/1
 no switchport
 ip address 10.1.0.2 255.255.255.252
 duplex full
 speed 100
!
interface FastEthernet1/2
 duplex full
 speed 100
!
interface FastEthernet1/3
 duplex full
 speed 100
!
interface FastEthernet1/4
 duplex full
 speed 100
!
interface FastEthernet1/5
 duplex full
 speed 100
!
interface FastEthernet1/6
 duplex full
 speed 100
!
interface FastEthernet1/7
 duplex full
 speed 100
!
interface FastEthernet1/8
 switchport mode trunk
 duplex full
 speed 100
!
interface FastEthernet1/9
 duplex full
 speed 100
!
interface FastEthernet1/10
 duplex full
 speed 100
!
interface FastEthernet1/11
 duplex full
 speed 100
!
interface FastEthernet1/12
 duplex full
 speed 100
!
interface FastEthernet1/13
 duplex full
 speed 100
!
interface FastEthernet1/14
 duplex full
 speed 100
!
interface FastEthernet1/15
 duplex full
 speed 100
!
interface Vlan1
 no ip address
 shutdown
!
interface Vlan11
 ip address 10.1.11.251 255.255.255.0
 standby 11 ip 10.1.11.250
 standby 11 priority 110
 standby 11 preempt
 standby 11 track FastEthernet1/1 20
!
interface Vlan12
 ip address 10.1.12.251 255.255.255.0
 standby 12 ip 10.1.12.250
 standby 12 preempt
!
router ospf 1
 router-id 11.11.11.11
 log-adjacency-changes
 network 10.1.0.0 0.0.255.255 area 1
!
ip forward-protocol nd
!
!
no ip http server
no ip http secure-server
!
no cdp log mismatch duplex
!
!
!
!
!
!
control-plane
!
!
!
!
!
!
!
!
!
!
line con 0
 exec-timeout 0 0
 privilege level 15
 logging synchronous
line aux 0
 exec-timeout 0 0
 privilege level 15
 logging synchronous
line vty 0 4
 login
!
!
end

DSW12 Part6 Configuration(Click)

!

!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
no service dhcp
!
hostname DSW12
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
memory-size iomem 5
no ip icmp rate-limit unreachable
ip cef
!
!
!
!
no ip domain lookup
!
multilink bundle-name authenticated
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
vtp file nvram:vlan.dat
archive
 log config
  hidekeys
! 
!
!
vlan internal allocation policy ascending
!
ip tcp synwait-time 5
!
!
!
!
!
interface FastEthernet0/0
 description *** Unused for Layer2 EtherSwitch ***
 no ip address
 shutdown
 duplex auto
 speed auto
!
interface FastEthernet0/1
 description *** Unused for Layer2 EtherSwitch ***
 no ip address
 shutdown
 duplex auto
 speed auto
!
interface FastEthernet1/0
 duplex full
 speed 100
!
interface FastEthernet1/1
 no switchport
 ip address 10.1.0.6 255.255.255.252
 duplex full
 speed 100
!
interface FastEthernet1/2
 duplex full
 speed 100
!
interface FastEthernet1/3
 duplex full
 speed 100
!
interface FastEthernet1/4
 duplex full
 speed 100
!
interface FastEthernet1/5
 duplex full
 speed 100
!
interface FastEthernet1/6
 duplex full
 speed 100
!
interface FastEthernet1/7
 duplex full
 speed 100
!
interface FastEthernet1/8
 duplex full
 speed 100
!
interface FastEthernet1/9
 switchport mode trunk
 duplex full
 speed 100
!
interface FastEthernet1/10
 duplex full
 speed 100
!
interface FastEthernet1/11
 duplex full
 speed 100
!
interface FastEthernet1/12
 duplex full
 speed 100
!
interface FastEthernet1/13
 duplex full
 speed 100
!
interface FastEthernet1/14
 duplex full
 speed 100
!
interface FastEthernet1/15
 duplex full
 speed 100
!
interface Vlan1
 no ip address
 shutdown
!
interface Vlan11
 ip address 10.1.11.252 255.255.255.0
 standby 11 ip 10.1.11.250
 standby 11 preempt
!
interface Vlan12
 ip address 10.1.12.252 255.255.255.0
 standby 12 ip 10.1.12.250
 standby 12 priority 110
 standby 12 preempt
 standby 12 track FastEthernet1/1 20
!
router ospf 1
 router-id 12.12.12.12
 log-adjacency-changes
 network 10.1.0.0 0.0.255.255 area 1
!
ip forward-protocol nd
!
!
no ip http server
no ip http secure-server
!
no cdp log mismatch duplex
!
!
!
!
!
!
control-plane
!
!
!
!
!
!
!
!
!
!
line con 0
 exec-timeout 0 0
 privilege level 15
 logging synchronous
line aux 0
 exec-timeout 0 0
 privilege level 15
 logging synchronous
line vty 0 4
 login
!
!
end

DSW21 Part6 Configuration(Click)

!

!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
no service dhcp
!
hostname DSW21
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
memory-size iomem 5
no ip icmp rate-limit unreachable
ip cef
!
!
!
!
no ip domain lookup
!
multilink bundle-name authenticated
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
vtp file nvram:vlan.dat
archive
 log config
  hidekeys
! 
!
!
vlan internal allocation policy ascending
!
ip tcp synwait-time 5
!
!
!
!
interface FastEthernet0/0
 description *** Unused for Layer2 EtherSwitch ***
 no ip address
 shutdown
 duplex auto
 speed auto
!
interface FastEthernet0/1
 description *** Unused for Layer2 EtherSwitch ***
 no ip address
 shutdown
 duplex auto
 speed auto
!
interface FastEthernet1/0
 duplex full
 speed 100
!
interface FastEthernet1/1
 no switchport
 ip address 10.1.0.10 255.255.255.252
 duplex full
 speed 100
!
interface FastEthernet1/2
 duplex full
 speed 100
!
interface FastEthernet1/3
 duplex full
 speed 100
!
interface FastEthernet1/4
 duplex full
 speed 100
!
interface FastEthernet1/5
 duplex full
 speed 100
!
interface FastEthernet1/6
 duplex full
 speed 100
!
interface FastEthernet1/7
 duplex full
 speed 100
!
interface FastEthernet1/8
 switchport mode trunk
 duplex full
 speed 100
!
interface FastEthernet1/9
 duplex full
 speed 100
!
interface FastEthernet1/10
 duplex full
 speed 100
!
interface FastEthernet1/11
 duplex full
 speed 100
!
interface FastEthernet1/12
 duplex full
 speed 100
!
interface FastEthernet1/13
 duplex full
 speed 100
!
interface FastEthernet1/14
 duplex full
 speed 100
!
interface FastEthernet1/15
 duplex full
 speed 100
!
interface Vlan1
 no ip address
 shutdown
!
interface Vlan21
 ip address 10.1.21.251 255.255.255.0
!
router ospf 1
 router-id 21.21.21.21
 log-adjacency-changes
 network 10.1.0.0 0.0.255.255 area 1
!
ip forward-protocol nd
!
!
no ip http server
no ip http secure-server
!
no cdp log mismatch duplex
!
!
!
!
!
!
control-plane
!
!
!
!
!
!
!
!
!
!
line con 0
 exec-timeout 0 0
 privilege level 15
 logging synchronous
line aux 0
 exec-timeout 0 0
 privilege level 15
 logging synchronous
line vty 0 4
 login
!
!
end

DSW120 Part6 Configuration(Click)

!

!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
no service dhcp
!
hostname DSW120
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
memory-size iomem 5
no ip icmp rate-limit unreachable
ip cef
!
!
!
!
no ip domain lookup
!
multilink bundle-name authenticated
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
vtp file nvram:vlan.dat
archive
 log config
  hidekeys
! 
!
!
vlan internal allocation policy ascending
!
ip tcp synwait-time 5
!
!
!
!
interface FastEthernet0/0
 description *** Unused for Layer2 EtherSwitch ***
 no ip address
 shutdown
 duplex auto
 speed auto
!
interface FastEthernet0/1
 description *** Unused for Layer2 EtherSwitch ***
 no ip address
 shutdown
 duplex auto
 speed auto
!
interface FastEthernet1/0
 duplex full
 speed 100
!
interface FastEthernet1/1
 switchport access vlan 11
 duplex full
 speed 100
 spanning-tree portfast
!
interface FastEthernet1/2
 duplex full
 speed 100
!
interface FastEthernet1/3
 duplex full
 speed 100
!
interface FastEthernet1/4
 duplex full
 speed 100
!
interface FastEthernet1/5
 duplex full
 speed 100
!
interface FastEthernet1/6
 duplex full
 speed 100
!
interface FastEthernet1/7
 duplex full
 speed 100
!
interface FastEthernet1/8
 duplex full
 speed 100
!
interface FastEthernet1/9
 duplex full
 speed 100
!
interface FastEthernet1/10
 duplex full
 speed 100
!
interface FastEthernet1/11
 no switchport
 ip address 10.2.0.1 255.255.255.252
 duplex full
 speed 100
!
interface FastEthernet1/12
 no switchport
 ip address 10.2.0.5 255.255.255.252
 duplex full
 speed 100
!
interface FastEthernet1/13
 duplex full
 speed 100
!
interface FastEthernet1/14
 duplex full
 speed 100
!
interface FastEthernet1/15
 duplex full
 speed 100
!
interface Vlan1
 no ip address
 shutdown
!
interface Vlan11
 ip address 10.2.11.251 255.255.255.0
!
router ospf 1
 router-id 120.120.120.120
 log-adjacency-changes
 network 10.2.0.0 0.0.255.255 area 2
!
ip forward-protocol nd
!
!
no ip http server
no ip http secure-server
!
no cdp log mismatch duplex
!
!
!
!
!
!
control-plane
!
!
!
!
!
!
!
!
!
!
line con 0
 exec-timeout 0 0
 privilege level 15
 logging synchronous
line aux 0
 exec-timeout 0 0
 privilege level 15
 logging synchronous
line vty 0 4
 login
!
!
end

INET1 Part6 Configuration(Click)

!

!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname INET1
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
memory-size iomem 5
no ip icmp rate-limit unreachable
!
!
ip cef
no ip domain lookup
!
!
ip auth-proxy max-nodata-conns 3
ip admission max-nodata-conns 3
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
ip tcp synwait-time 5
! 
!
!
!
!
interface Ethernet0/0
 ip address 1.1.1.1 255.255.255.252
 ip nat outside
 ip virtual-reassembly
 half-duplex
!
interface Ethernet0/1
 ip address 10.1.0.18 255.255.255.252
 ip nat inside
 ip virtual-reassembly
 half-duplex
!
interface Ethernet0/2
 ip address 1.1.1.5 255.255.255.252
 half-duplex
!
interface Ethernet0/3
 no ip address
 shutdown
 half-duplex
!
router ospf 1
 router-id 112.112.112.112
 log-adjacency-changes
 network 10.1.0.0 0.0.255.255 area 1
 default-information originate
!
no ip http server
no ip http secure-server
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 1.1.1.2
!
ip nat inside source list 10 interface Ethernet0/0 overload
!
access-list 10 permit 10.1.0.0 0.0.255.255
no cdp log mismatch duplex
!
!
!
control-plane
!
!
!
!
!
!
!
!
!
!
line con 0
 exec-timeout 0 0
 privilege level 15
 logging synchronous
line aux 0
 exec-timeout 0 0
 privilege level 15
 logging synchronous
line vty 0 4
 login
!
!
end

INET2 Part6 Configuration(Click)

!

!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname INET2
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
memory-size iomem 5
no ip icmp rate-limit unreachable
!
!
ip cef
no ip domain lookup
!
!
ip auth-proxy max-nodata-conns 3
ip admission max-nodata-conns 3
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
ip tcp synwait-time 5
! 
!
crypto isakmp policy 1
 authentication pre-share
crypto isakmp key cisco address 1.1.1.6
!
!
crypto ipsec transform-set IPSEC esp-3des esp-sha-hmac 
 mode transport
!
crypto ipsec profile IPSEC
 set transform-set IPSEC 
!
!
!
!
!
interface Tunnel12
 ip address 10.10.10.2 255.255.255.252
 tunnel source 2.2.2.1
 tunnel destination 1.1.1.6
 tunnel mode ipsec ipv4
 tunnel protection ipsec profile IPSEC
!
interface Ethernet0/0
 ip address 2.2.2.1 255.255.255.252
 ip nat outside
 ip virtual-reassembly
 half-duplex
!
interface Ethernet0/1
 ip address 10.2.0.6 255.255.255.252
 ip nat inside
 ip virtual-reassembly
 half-duplex
!
interface Ethernet0/2
 no ip address
 shutdown
 half-duplex
!
interface Ethernet0/3
 no ip address
 shutdown
 half-duplex
!
router ospf 1
 router-id 122.122.122.122
 log-adjacency-changes
 redistribute static subnets
 network 10.2.0.0 0.0.255.255 area 2
 default-information originate
!
no ip http server
no ip http secure-server
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 2.2.2.2
ip route 10.1.0.0 255.255.0.0 10.10.10.1 120
!
ip nat inside source list 10 interface Ethernet0/0 overload
!
access-list 10 permit 10.2.0.0 0.0.255.255
no cdp log mismatch duplex
!
!
!
control-plane
!
!
!
!
!
!
!
!
!
!
line con 0
 exec-timeout 0 0
 privilege level 15
 logging synchronous
line aux 0
 exec-timeout 0 0
 privilege level 15
 logging synchronous
line vty 0 4
 login
!
!
end

INET3 Part6 Configuration(Click)

!

!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname INET3
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
memory-size iomem 5
no ip icmp rate-limit unreachable
!
!
ip cef
no ip domain lookup
!
!
ip auth-proxy max-nodata-conns 3
ip admission max-nodata-conns 3
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
ip tcp synwait-time 5
! 
!
crypto isakmp policy 1
 authentication pre-share
crypto isakmp key cisco address 1.1.1.6
!
!
crypto ipsec transform-set IPSEC esp-3des esp-sha-hmac 
 mode transport
!
crypto ipsec profile IPSEC
 set transform-set IPSEC 
!
!
!
!
!
interface Tunnel13
 ip address 10.10.10.6 255.255.255.252
 tunnel source 3.3.3.1
 tunnel destination 1.1.1.6
 tunnel mode ipsec ipv4
 tunnel protection ipsec profile IPSEC
!
interface Ethernet0/0
 ip address 3.3.3.1 255.255.255.252
 ip nat outside
 ip virtual-reassembly
 half-duplex
!
interface Ethernet0/1
 ip address 10.3.11.251 255.255.255.0
 ip nat inside
 ip virtual-reassembly
 half-duplex
!
interface Ethernet0/2
 no ip address
 shutdown
 half-duplex
!
interface Ethernet0/3
 no ip address
 shutdown
 half-duplex
!
no ip http server
no ip http secure-server
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 3.3.3.2
ip route 10.1.0.0 255.255.0.0 10.10.10.5
ip route 10.2.0.0 255.255.0.0 10.10.10.5
!
ip nat inside source list 10 interface Ethernet0/0 overload
!
access-list 10 permit 10.3.0.0 0.0.255.255
no cdp log mismatch duplex
!
!
!
control-plane
!
!
!
!
!
!
!
!
!
!
line con 0
 exec-timeout 0 0
 privilege level 15
 logging synchronous
line aux 0
 exec-timeout 0 0
 privilege level 15
 logging synchronous
line vty 0 4
 login
!
!
end

ISP11 Part6 Configuration(Click)

!

!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname ISP11
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
memory-size iomem 5
no ip icmp rate-limit unreachable
!
!
ip cef
no ip domain lookup
!
!
ip auth-proxy max-nodata-conns 3
ip admission max-nodata-conns 3
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
ip tcp synwait-time 5
! 
!
!
!
!
interface Loopback0
 ip address 192.168.0.11 255.255.255.255
 ip ospf network point-to-point
!
interface Ethernet0/0
 ip address 1.1.1.2 255.255.255.252
 half-duplex
!
interface Ethernet0/1
 ip address 192.168.15.1 255.255.255.0
 half-duplex
!
interface Ethernet0/2
 no ip address
 shutdown
 half-duplex
!
interface Ethernet0/3
 no ip address
 shutdown
 half-duplex
!
router ospf 1
 router-id 11.11.11.11
 log-adjacency-changes
 network 192.168.0.0 0.0.255.255 area 0
!
router bgp 1
 no synchronization
 bgp log-neighbor-changes
 network 1.1.1.0 mask 255.255.255.252
 neighbor 192.168.0.15 remote-as 1
 neighbor 192.168.0.15 update-source Loopback0
 neighbor 192.168.0.15 next-hop-self
 no auto-summary
!
no ip http server
no ip http secure-server
!
ip forward-protocol nd
!
!
no cdp log mismatch duplex
!
!
!
control-plane
!
!
!
!
!
!
!
!
!
!
line con 0
 exec-timeout 0 0
 privilege level 15
 logging synchronous
line aux 0
 exec-timeout 0 0
 privilege level 15
 logging synchronous
line vty 0 4
 login
!
!
end

ISP12 Part6 Configuration(Click)

!

!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname ISP12
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
memory-size iomem 5
no ip icmp rate-limit unreachable
!
!
ip cef
no ip domain lookup
!
!
ip auth-proxy max-nodata-conns 3
ip admission max-nodata-conns 3
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
ip tcp synwait-time 5
! 
!
!
!
!
interface Loopback0
 ip address 192.168.0.12 255.255.255.255
!
interface Ethernet0/0
 ip address 2.2.2.2 255.255.255.252
 half-duplex
!
interface Ethernet0/1
 ip address 192.168.25.2 255.255.255.0
 half-duplex
!
interface Ethernet0/2
 no ip address
 shutdown
 half-duplex
!
interface Ethernet0/3
 no ip address
 shutdown
 half-duplex
!
router ospf 1
 router-id 12.12.12.12
 log-adjacency-changes
 network 192.168.0.0 0.0.255.255 area 0
!
router bgp 1
 no synchronization
 bgp log-neighbor-changes
 network 2.2.2.0 mask 255.255.255.252
 neighbor 192.168.0.15 remote-as 1
 neighbor 192.168.0.15 update-source Loopback0
 neighbor 192.168.0.15 next-hop-self
 no auto-summary
!
no ip http server
no ip http secure-server
!
ip forward-protocol nd
!
!
no cdp log mismatch duplex
!
!
!
control-plane
!
!
!
!
!
!
!
!
!
!
line con 0
 exec-timeout 0 0
 privilege level 15
 logging synchronous
line aux 0
 exec-timeout 0 0
 privilege level 15
 logging synchronous
line vty 0 4
 login
!
!
end

ISP13 Part6 Configuration(Click)

!

!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname ISP13
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
memory-size iomem 5
no ip icmp rate-limit unreachable
!
!
ip cef
no ip domain lookup
!
!
ip auth-proxy max-nodata-conns 3
ip admission max-nodata-conns 3
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
ip tcp synwait-time 5
! 
!
!
!
!
interface Loopback0
 ip address 192.168.0.13 255.255.255.255
 ip ospf network point-to-point
!
interface Ethernet0/0
 ip address 12.12.12.1 255.255.255.252
 half-duplex
!
interface Ethernet0/1
 ip address 192.168.35.3 255.255.255.0
 half-duplex
!
interface Ethernet0/2
 no ip address
 shutdown
 half-duplex
!
interface Ethernet0/3
 no ip address
 shutdown
 half-duplex
!
router ospf 1
 router-id 13.13.13.13
 log-adjacency-changes
 network 192.168.0.0 0.0.255.255 area 0
!
router bgp 1
 no synchronization
 bgp log-neighbor-changes
 neighbor 12.12.12.2 remote-as 2
 neighbor 12.12.12.2 password cisco
 neighbor 192.168.0.15 remote-as 1
 neighbor 192.168.0.15 update-source Loopback0
 neighbor 192.168.0.15 next-hop-self
 no auto-summary
!
no ip http server
no ip http secure-server
!
ip forward-protocol nd
!
!
no cdp log mismatch duplex
!
!
!
control-plane
!
!
!
!
!
!
!
!
!
!
line con 0
 exec-timeout 0 0
 privilege level 15
 logging synchronous
line aux 0
 exec-timeout 0 0
 privilege level 15
 logging synchronous
line vty 0 4
 login
!
!
end

ISP14 Part6 Configuration(Click)

!

!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname ISP14
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
memory-size iomem 5
no ip icmp rate-limit unreachable
!
!
ip cef
no ip domain lookup
!
!
ip auth-proxy max-nodata-conns 3
ip admission max-nodata-conns 3
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
ip tcp synwait-time 5
! 
!
!
!
!
interface Loopback0
 ip address 192.168.0.14 255.255.255.255
!
interface Ethernet0/0
 ip address 12.12.12.5 255.255.255.252
 half-duplex
!
interface Ethernet0/1
 ip address 192.168.45.4 255.255.255.0
 half-duplex
!
interface Ethernet0/2
 no ip address
 shutdown
 half-duplex
!
interface Ethernet0/3
 no ip address
 shutdown
 half-duplex
!
router ospf 1
 router-id 14.14.14.14
 log-adjacency-changes
 network 192.168.0.0 0.0.255.255 area 0
!
router bgp 1
 no synchronization
 bgp log-neighbor-changes
 neighbor 12.12.12.6 remote-as 2
 neighbor 12.12.12.6 password cisco
 neighbor 192.168.0.15 remote-as 1
 neighbor 192.168.0.15 update-source Loopback0
 neighbor 192.168.0.15 next-hop-self
 no auto-summary
!
no ip http server
no ip http secure-server
!
ip forward-protocol nd
!
!
no cdp log mismatch duplex
!
!
!
control-plane
!
!
!
!
!
!
!
!
!
!
line con 0
 exec-timeout 0 0
 privilege level 15
 logging synchronous
line aux 0
 exec-timeout 0 0
 privilege level 15
 logging synchronous
line vty 0 4
 login
!
!
end

ISP15 Part6 Configuration(Click)

!

!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname ISP15
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
memory-size iomem 5
no ip icmp rate-limit unreachable
!
!
ip cef
no ip domain lookup
!
!
ip auth-proxy max-nodata-conns 3
ip admission max-nodata-conns 3
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
ip tcp synwait-time 5
! 
!
!
!
!
interface Loopback0
 ip address 192.168.0.15 255.255.255.255
!
interface Loopback1
 ip address 100.1.2.15 255.255.255.0 secondary
 ip address 100.1.1.15 255.255.255.0
 ip ospf network point-to-point
!
interface Ethernet0/0
 ip address 192.168.15.5 255.255.255.0
 half-duplex
!
interface Ethernet0/1
 ip address 192.168.25.5 255.255.255.0
 half-duplex
!
interface Ethernet0/2
 ip address 192.168.35.5 255.255.255.0
 half-duplex
!
interface Ethernet0/3
 ip address 192.168.45.5 255.255.255.0
 half-duplex
!
router ospf 1
 router-id 15.15.15.15
 log-adjacency-changes
 network 192.168.0.0 0.0.255.255 area 0
!
router bgp 1
 no synchronization
 bgp log-neighbor-changes
 network 100.1.1.0 mask 255.255.255.0
 network 100.1.2.0 mask 255.255.255.0
 neighbor 192.168.0.11 remote-as 1
 neighbor 192.168.0.11 update-source Loopback0
 neighbor 192.168.0.11 route-reflector-client
 neighbor 192.168.0.12 remote-as 1
 neighbor 192.168.0.12 update-source Loopback0
 neighbor 192.168.0.12 route-reflector-client
 neighbor 192.168.0.13 remote-as 1
 neighbor 192.168.0.13 update-source Loopback0
 neighbor 192.168.0.13 route-reflector-client
 neighbor 192.168.0.14 remote-as 1
 neighbor 192.168.0.14 update-source Loopback0
 neighbor 192.168.0.14 route-reflector-client
 no auto-summary
!
no ip http server
no ip http secure-server
!
ip forward-protocol nd
!
!
no cdp log mismatch duplex
!
!
!
control-plane
!
!
!
!
!
!
!
!
!
!
line con 0
 exec-timeout 0 0
 privilege level 15
 logging synchronous
line aux 0
 exec-timeout 0 0
 privilege level 15
 logging synchronous
line vty 0 4
 login
!
!
end

ISP21 Part6 Configuration(Click)

!

!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname ISP21
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
memory-size iomem 5
no ip icmp rate-limit unreachable
!
!
ip cef
no ip domain lookup
!
!
ip auth-proxy max-nodata-conns 3
ip admission max-nodata-conns 3
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
ip tcp synwait-time 5
! 
!
!
!
!
interface Loopback0
 ip address 192.168.0.21 255.255.255.255
!
interface Ethernet0/0
 ip address 3.3.3.2 255.255.255.252
 half-duplex
!
interface Ethernet0/1
 ip address 192.168.12.1 255.255.255.0
 half-duplex
!
interface Ethernet0/2
 no ip address
 shutdown
 half-duplex
!
interface Ethernet0/3
 no ip address
 shutdown
 half-duplex
!
router ospf 1
 router-id 21.21.21.21
 log-adjacency-changes
 network 192.168.0.0 0.0.255.255 area 0
!
router bgp 2
 no synchronization
 bgp log-neighbor-changes
 network 3.3.3.0 mask 255.255.255.252
 neighbor 192.168.0.22 remote-as 2
 neighbor 192.168.0.22 update-source Loopback0
 neighbor 192.168.0.22 next-hop-self
 no auto-summary
!
no ip http server
no ip http secure-server
!
ip forward-protocol nd
!
!
no cdp log mismatch duplex
!
!
!
control-plane
!
!
!
!
!
!
!
!
!
!
line con 0
 exec-timeout 0 0
 privilege level 15
 logging synchronous
line aux 0
 exec-timeout 0 0
 privilege level 15
 logging synchronous
line vty 0 4
 login
!
!
end

ISP22 Part6 Configuration(Click)

!

!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname ISP22
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
memory-size iomem 5
no ip icmp rate-limit unreachable
!
!
ip cef
no ip domain lookup
!
!
ip auth-proxy max-nodata-conns 3
ip admission max-nodata-conns 3
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
ip tcp synwait-time 5
! 
!
!
!
!
interface Loopback0
 ip address 192.168.0.22 255.255.255.255
!
interface Ethernet0/0
 ip address 12.12.12.2 255.255.255.252
 half-duplex
!
interface Ethernet0/1
 ip address 12.12.12.6 255.255.255.252
 half-duplex
!
interface Ethernet0/2
 ip address 192.168.12.2 255.255.255.0
 half-duplex
!
interface Ethernet0/3
 no ip address
 shutdown
 half-duplex
!
router ospf 1
 router-id 22.22.22.22
 log-adjacency-changes
 network 192.168.0.0 0.0.255.255 area 0
!
router bgp 2
 no synchronization
 bgp log-neighbor-changes
 neighbor 12.12.12.1 remote-as 1
 neighbor 12.12.12.1 password cisco
 neighbor 12.12.12.1 route-map From_ISP13 in
 neighbor 12.12.12.5 remote-as 1
 neighbor 12.12.12.5 password cisco
 neighbor 12.12.12.5 route-map From_ISP14 in
 neighbor 192.168.0.21 remote-as 2
 neighbor 192.168.0.21 update-source Loopback0
 neighbor 192.168.0.21 next-hop-self
 no auto-summary
!
no ip http server
no ip http secure-server
!
ip forward-protocol nd
!
!
access-list 1 permit 100.1.1.0
access-list 2 permit 100.1.2.0
no cdp log mismatch duplex
!
route-map From_ISP13 permit 10
 match ip address 1
 set local-preference 150
!
route-map From_ISP13 permit 100
!
route-map From_ISP14 permit 10
 match ip address 2
 set local-preference 150
!
route-map From_ISP14 permit 100
!
!
!
control-plane
!
!
!
!
!
!
!
!
!
!
line con 0
 exec-timeout 0 0
 privilege level 15
 logging synchronous
line aux 0
 exec-timeout 0 0
 privilege level 15
 logging synchronous
line vty 0 4
 login
!
!
end

PC11 Part6 Configuration(Click)

set pcname PC11
ip 10.1.11.11 10.1.11.250 24

PC12 Part6 Configuration(Click)

set pcname PC12
ip 10.1.12.12 10.1.12.250 24

PC21 Part6 Configuration(Click)

set pcname PC21
ip 10.1.21.21 10.1.21.251 24

PC120 Part6 Configuration(Click)

# This the configuration for PC120
set pcname PC120
ip 10.2.11.120 255.255.255.0 10.2.11.251

PC130 Part6 Configuration(Click)

# This the configuration for PC130
set pcname PC130
ip 10.3.11.130 255.255.255.0 10.3.11.251

SFSW Part6 Configuration(Click)

!

!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
no service dhcp
!
hostname SFSW
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
memory-size iomem 5
no ip routing
no ip icmp rate-limit unreachable
no ip cef
!
!
!
!
no ip domain lookup
!
multilink bundle-name authenticated
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
vtp file nvram:vlan.dat
archive
 log config
  hidekeys
! 
!
!
!
ip tcp synwait-time 5
!
!
!
!
interface FastEthernet0/0
 description *** Unused for Layer2 EtherSwitch ***
 no ip address
 no ip route-cache
 shutdown
 duplex auto
 speed auto
!
interface FastEthernet0/1
 description *** Unused for Layer2 EtherSwitch ***
 no ip address
 no ip route-cache
 shutdown
 duplex auto
 speed auto
!
interface FastEthernet1/0
 duplex full
 speed 100
!
interface FastEthernet1/1
 switchport access vlan 100
 duplex full
 speed 100
 spanning-tree portfast
!
interface FastEthernet1/2
 duplex full
 speed 100
!
interface FastEthernet1/3
 duplex full
 speed 100
!
interface FastEthernet1/4
 duplex full
 speed 100
!
interface FastEthernet1/5
 duplex full
 speed 100
!
interface FastEthernet1/6
 duplex full
 speed 100
!
interface FastEthernet1/7
 duplex full
 speed 100
!
interface FastEthernet1/8
 switchport access vlan 100
 duplex full
 speed 100
!
interface FastEthernet1/9
 duplex full
 speed 100
!
interface FastEthernet1/10
 duplex full
 speed 100
!
interface FastEthernet1/11
 duplex full
 speed 100
!
interface FastEthernet1/12
 duplex full
 speed 100
!
interface FastEthernet1/13
 duplex full
 speed 100
!
interface FastEthernet1/14
 duplex full
 speed 100
!
interface FastEthernet1/15
 duplex full
 speed 100
!
interface Vlan1
 no ip address
 no ip route-cache
 shutdown
!
ip forward-protocol nd
!
!
no ip http server
no ip http secure-server
!
no cdp log mismatch duplex
!
!
!
!
!
!
control-plane
!
!
!
!
!
!
!
!
!
!
line con 0
 exec-timeout 0 0
 privilege level 15
 logging synchronous
line aux 0
 exec-timeout 0 0
 privilege level 15
 logging synchronous
line vty 0 4
 login
!
!
end

SRV Part6 Configuration(Click)

set pcname SRV
ip 10.1.100.100 10.1.100.251 24

VPN1 Part6 Configuration(Click)

!

!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname VPN1
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
memory-size iomem 5
no ip icmp rate-limit unreachable
!
!
ip cef
no ip domain lookup
!
!
ip auth-proxy max-nodata-conns 3
ip admission max-nodata-conns 3
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
ip tcp synwait-time 5
! 
!
crypto isakmp policy 1
 authentication pre-share
crypto isakmp key cisco address 2.2.2.1
crypto isakmp key cisco address 3.3.3.1
!
!
crypto ipsec transform-set IPSEC esp-3des esp-sha-hmac 
 mode transport
!
crypto ipsec profile IPSEC
 set transform-set IPSEC 
!
!
!
!
!
interface Tunnel12
 ip address 10.10.10.1 255.255.255.252
 tunnel source 1.1.1.6
 tunnel destination 2.2.2.1
 tunnel mode ipsec ipv4
 tunnel protection ipsec profile IPSEC
!
interface Tunnel13
 ip address 10.10.10.5 255.255.255.252
 tunnel source 1.1.1.6
 tunnel destination 3.3.3.1
 tunnel mode ipsec ipv4
 tunnel protection ipsec profile IPSEC
!
interface Ethernet0/0
 ip address 1.1.1.6 255.255.255.252
 half-duplex
!
interface Ethernet0/1
 ip address 10.1.0.22 255.255.255.252
 half-duplex
!
interface Ethernet0/2
 no ip address
 shutdown
 half-duplex
!
interface Ethernet0/3
 no ip address
 shutdown
 half-duplex
!
router ospf 1
 router-id 113.113.113.113
 log-adjacency-changes
 redistribute static subnets
 network 10.1.0.0 0.0.255.255 area 1
!
no ip http server
no ip http secure-server
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 1.1.1.5
ip route 10.2.0.0 255.255.0.0 10.10.10.2 120
ip route 10.3.0.0 255.255.0.0 10.10.10.6
!
!
no cdp log mismatch duplex
!
!
!
control-plane
!
!
!
!
!
!
!
!
!
!
line con 0
 exec-timeout 0 0
 privilege level 15
 logging synchronous
line aux 0
 exec-timeout 0 0
 privilege level 15
 logging synchronous
line vty 0 4
 login
!
!
end

WAN1 Part6 Configuration(Click)

!

!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname WAN1
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
memory-size iomem 5
no ip icmp rate-limit unreachable
!
!
ip cef
no ip domain lookup
!
!
ip auth-proxy max-nodata-conns 3
ip admission max-nodata-conns 3
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
ip tcp synwait-time 5
! 
!
!
!
!
interface Ethernet0/0
 ip address 10.0.0.1 255.255.255.0
 half-duplex
!
interface Ethernet0/1
 ip address 10.1.0.14 255.255.255.252
 half-duplex
!
interface Ethernet0/2
 no ip address
 shutdown
 half-duplex
!
interface Ethernet0/3
 no ip address
 shutdown
 half-duplex
!
router ospf 1
 router-id 111.111.111.111
 log-adjacency-changes
 area 1 range 10.1.0.0 255.255.0.0
 network 10.0.0.0 0.0.0.255 area 0
 network 10.1.0.0 0.0.255.255 area 1
!
no ip http server
no ip http secure-server
!
ip forward-protocol nd
!
!
no cdp log mismatch duplex
!
!
!
control-plane
!
!
!
!
!
!
!
!
!
!
line con 0
 exec-timeout 0 0
 privilege level 15
 logging synchronous
line aux 0
 exec-timeout 0 0
 privilege level 15
 logging synchronous
line vty 0 4
 login
!
!
end

WAN2 Part6 Configuration(Click)

!

!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname WAN2
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
memory-size iomem 5
no ip icmp rate-limit unreachable
!
!
ip cef
no ip domain lookup
!
!
ip auth-proxy max-nodata-conns 3
ip admission max-nodata-conns 3
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
ip tcp synwait-time 5
! 
!
!
!
!
interface Ethernet0/0
 ip address 10.0.0.2 255.255.255.0
 half-duplex
!
interface Ethernet0/1
 ip address 10.2.0.2 255.255.255.252
 half-duplex
!
interface Ethernet0/2
 no ip address
 shutdown
 half-duplex
!
interface Ethernet0/3
 no ip address
 shutdown
 half-duplex
!
router ospf 1
 router-id 121.121.121.121
 log-adjacency-changes
 area 2 range 10.2.0.0 255.255.0.0
 network 10.0.0.0 0.0.0.255 area 0
 network 10.2.0.0 0.0.255.255 area 2
!
no ip http server
no ip http secure-server
!
ip forward-protocol nd
!
!
no cdp log mismatch duplex
!
!
!
control-plane
!
!
!
!
!
!
!
!
!
!
line con 0
 exec-timeout 0 0
 privilege level 15
 logging synchronous
line aux 0
 exec-timeout 0 0
 privilege level 15
 logging synchronous
line vty 0 4
 login
!
!
end

関連記事

IPルーティング応用