目次
概要
企業の社内ネットワークを構築する総合的な演習です。以下の技術を組み合わせて企業の3つの拠点を相互接続します。拠点間の接続は広域イーサネットをプライマリとして、インターネットVPN(IPSec VTI)をバックアップにします。
- VLAN
- SVI/ルーテッドポート(レイヤ3スイッチ)
- OSPF
- HSRP
- BGP
- NAT
- IPSec-VPN(VTI)
Part6は、インターネットVPN(IPSec VTI)で拠点間を接続します。
Part1:拠点1の構築
Part2:拠点2/拠点3の構築
Part3:広域イーサネットの接続
Part4:インターネット(AS1/AS2)の構築
Part5:インターネットへの接続
Part6:インターネットVPNの構築
ネットワーク構成
拠点1物理構成
拠点1論理構成
拠点2/拠点3物理構成
拠点2/拠点3論理構成
インターネット物理/論理構成
インターネットVPN
初期設定
「[演習] 企業ネットワーク構築演習 Part5:インターネットへの接続」が完了した状態から開始します。
ASW11 Initial Configuration(Click)
! ! version 12.4 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption no service dhcp ! hostname ASW11 ! boot-start-marker boot-end-marker ! ! no aaa new-model memory-size iomem 5 no ip routing no ip icmp rate-limit unreachable no ip cef ! ! ! ! no ip domain lookup ! multilink bundle-name authenticated ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! vtp file nvram:vlan.dat archive log config hidekeys ! ! ! ! ip tcp synwait-time 5 ! ! ! ! interface FastEthernet0/0 description *** Unused for Layer2 EtherSwitch *** no ip address no ip route-cache shutdown duplex auto speed auto ! interface FastEthernet0/1 description *** Unused for Layer2 EtherSwitch *** no ip address no ip route-cache shutdown duplex auto speed auto ! interface FastEthernet1/0 duplex full speed 100 ! interface FastEthernet1/1 switchport access vlan 11 duplex full speed 100 spanning-tree portfast ! interface FastEthernet1/2 switchport access vlan 12 duplex full speed 100 spanning-tree portfast ! interface FastEthernet1/3 duplex full speed 100 ! interface FastEthernet1/4 duplex full speed 100 ! interface FastEthernet1/5 duplex full speed 100 ! interface FastEthernet1/6 duplex full speed 100 ! interface FastEthernet1/7 duplex full speed 100 ! interface FastEthernet1/8 switchport mode trunk duplex full speed 100 ! interface FastEthernet1/9 switchport mode trunk duplex full speed 100 ! interface FastEthernet1/10 duplex full speed 100 ! interface FastEthernet1/11 duplex full speed 100 ! interface FastEthernet1/12 duplex full speed 100 ! interface FastEthernet1/13 duplex full speed 100 ! interface FastEthernet1/14 duplex full speed 100 ! interface FastEthernet1/15 duplex full speed 100 ! interface Vlan1 no ip address no ip route-cache shutdown ! ip forward-protocol nd ! ! no ip http server no ip http secure-server ! no cdp log mismatch duplex ! ! ! ! ! ! control-plane ! ! ! ! ! ! ! ! ! ! line con 0 exec-timeout 0 0 privilege level 15 logging synchronous line aux 0 exec-timeout 0 0 privilege level 15 logging synchronous line vty 0 4 login ! ! end
ASW21 Initial Configuration(Click)
! ! version 12.4 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption no service dhcp ! hostname ASW21 ! boot-start-marker boot-end-marker ! ! no aaa new-model memory-size iomem 5 no ip routing no ip icmp rate-limit unreachable no ip cef ! ! ! ! no ip domain lookup ! multilink bundle-name authenticated ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! vtp file nvram:vlan.dat archive log config hidekeys ! ! ! ! ip tcp synwait-time 5 ! ! ! ! interface FastEthernet0/0 description *** Unused for Layer2 EtherSwitch *** no ip address no ip route-cache shutdown duplex auto speed auto ! interface FastEthernet0/1 description *** Unused for Layer2 EtherSwitch *** no ip address no ip route-cache shutdown duplex auto speed auto ! interface FastEthernet1/0 duplex full speed 100 ! interface FastEthernet1/1 switchport access vlan 21 duplex full speed 100 spanning-tree portfast ! interface FastEthernet1/2 duplex full speed 100 ! interface FastEthernet1/3 duplex full speed 100 ! interface FastEthernet1/4 duplex full speed 100 ! interface FastEthernet1/5 duplex full speed 100 ! interface FastEthernet1/6 duplex full speed 100 ! interface FastEthernet1/7 duplex full speed 100 ! interface FastEthernet1/8 switchport mode trunk duplex full speed 100 ! interface FastEthernet1/9 duplex full speed 100 ! interface FastEthernet1/10 duplex full speed 100 ! interface FastEthernet1/11 duplex full speed 100 ! interface FastEthernet1/12 duplex full speed 100 ! interface FastEthernet1/13 duplex full speed 100 ! interface FastEthernet1/14 duplex full speed 100 ! interface FastEthernet1/15 duplex full speed 100 ! interface Vlan1 no ip address no ip route-cache shutdown ! ip forward-protocol nd ! ! no ip http server no ip http secure-server ! no cdp log mismatch duplex ! ! ! ! ! ! control-plane ! ! ! ! ! ! ! ! ! ! line con 0 exec-timeout 0 0 privilege level 15 logging synchronous line aux 0 exec-timeout 0 0 privilege level 15 logging synchronous line vty 0 4 login ! ! end
BBSW Initial Configuration(Click)
! ! version 12.4 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption no service dhcp ! hostname BBSW ! boot-start-marker boot-end-marker ! ! no aaa new-model memory-size iomem 5 no ip icmp rate-limit unreachable ip cef ! ! ! ! no ip domain lookup ! multilink bundle-name authenticated ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! vtp file nvram:vlan.dat archive log config hidekeys ! ! ! vlan internal allocation policy ascending ! ip tcp synwait-time 5 ! ! ! ! interface FastEthernet0/0 description *** Unused for Layer2 EtherSwitch *** no ip address shutdown duplex auto speed auto ! interface FastEthernet0/1 description *** Unused for Layer2 EtherSwitch *** no ip address shutdown duplex auto speed auto ! interface FastEthernet1/0 duplex full speed 100 ! interface FastEthernet1/1 no switchport ip address 10.1.0.1 255.255.255.252 duplex full speed 100 ! interface FastEthernet1/2 no switchport ip address 10.1.0.5 255.255.255.252 duplex full speed 100 ! interface FastEthernet1/3 switchport access vlan 100 duplex full speed 100 ! interface FastEthernet1/4 no switchport ip address 10.1.0.9 255.255.255.252 duplex full speed 100 ! interface FastEthernet1/5 duplex full speed 100 ! interface FastEthernet1/6 duplex full speed 100 ! interface FastEthernet1/7 duplex full speed 100 ! interface FastEthernet1/8 duplex full speed 100 ! interface FastEthernet1/9 duplex full speed 100 ! interface FastEthernet1/10 duplex full speed 100 ! interface FastEthernet1/11 no switchport ip address 10.1.0.13 255.255.255.252 duplex full speed 100 ! interface FastEthernet1/12 no switchport ip address 10.1.0.17 255.255.255.252 duplex full speed 100 ! interface FastEthernet1/13 no switchport ip address 10.1.0.21 255.255.255.252 duplex full speed 100 ! interface FastEthernet1/14 duplex full speed 100 ! interface FastEthernet1/15 duplex full speed 100 ! interface Vlan1 no ip address shutdown ! interface Vlan100 ip address 10.1.100.251 255.255.255.0 ! router ospf 1 router-id 100.100.100.100 log-adjacency-changes network 10.1.0.0 0.0.255.255 area 1 ! ip forward-protocol nd ! ! no ip http server no ip http secure-server ! no cdp log mismatch duplex ! ! ! ! ! ! control-plane ! ! ! ! ! ! ! ! ! ! line con 0 exec-timeout 0 0 privilege level 15 logging synchronous line aux 0 exec-timeout 0 0 privilege level 15 logging synchronous line vty 0 4 login ! ! end
DSW11 Initial Configuration(Click)
! ! version 12.4 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption no service dhcp ! hostname DSW11 ! boot-start-marker boot-end-marker ! ! no aaa new-model memory-size iomem 5 no ip icmp rate-limit unreachable ip cef ! ! ! ! no ip domain lookup ! multilink bundle-name authenticated ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! vtp file nvram:vlan.dat archive log config hidekeys ! ! ! vlan internal allocation policy ascending ! ip tcp synwait-time 5 ! ! ! ! ! interface Port-channel1 ! interface FastEthernet0/0 description *** Unused for Layer2 EtherSwitch *** no ip address shutdown duplex auto speed auto ! interface FastEthernet0/1 description *** Unused for Layer2 EtherSwitch *** no ip address shutdown duplex auto speed auto ! interface FastEthernet1/0 duplex full speed 100 ! interface FastEthernet1/1 no switchport ip address 10.1.0.2 255.255.255.252 duplex full speed 100 ! interface FastEthernet1/2 duplex full speed 100 ! interface FastEthernet1/3 duplex full speed 100 ! interface FastEthernet1/4 duplex full speed 100 ! interface FastEthernet1/5 duplex full speed 100 ! interface FastEthernet1/6 duplex full speed 100 ! interface FastEthernet1/7 duplex full speed 100 ! interface FastEthernet1/8 switchport mode trunk duplex full speed 100 ! interface FastEthernet1/9 duplex full speed 100 ! interface FastEthernet1/10 duplex full speed 100 ! interface FastEthernet1/11 duplex full speed 100 ! interface FastEthernet1/12 duplex full speed 100 ! interface FastEthernet1/13 duplex full speed 100 ! interface FastEthernet1/14 duplex full speed 100 ! interface FastEthernet1/15 duplex full speed 100 ! interface Vlan1 no ip address shutdown ! interface Vlan11 ip address 10.1.11.251 255.255.255.0 standby 11 ip 10.1.11.250 standby 11 priority 110 standby 11 preempt standby 11 track FastEthernet1/1 20 ! interface Vlan12 ip address 10.1.12.251 255.255.255.0 standby 12 ip 10.1.12.250 standby 12 preempt ! router ospf 1 router-id 11.11.11.11 log-adjacency-changes network 10.1.0.0 0.0.255.255 area 1 ! ip forward-protocol nd ! ! no ip http server no ip http secure-server ! no cdp log mismatch duplex ! ! ! ! ! ! control-plane ! ! ! ! ! ! ! ! ! ! line con 0 exec-timeout 0 0 privilege level 15 logging synchronous line aux 0 exec-timeout 0 0 privilege level 15 logging synchronous line vty 0 4 login ! ! end
DSW12 Initial Configuration(Click)
! ! version 12.4 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption no service dhcp ! hostname DSW12 ! boot-start-marker boot-end-marker ! ! no aaa new-model memory-size iomem 5 no ip icmp rate-limit unreachable ip cef ! ! ! ! no ip domain lookup ! multilink bundle-name authenticated ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! vtp file nvram:vlan.dat archive log config hidekeys ! ! ! vlan internal allocation policy ascending ! ip tcp synwait-time 5 ! ! ! ! ! interface FastEthernet0/0 description *** Unused for Layer2 EtherSwitch *** no ip address shutdown duplex auto speed auto ! interface FastEthernet0/1 description *** Unused for Layer2 EtherSwitch *** no ip address shutdown duplex auto speed auto ! interface FastEthernet1/0 duplex full speed 100 ! interface FastEthernet1/1 no switchport ip address 10.1.0.6 255.255.255.252 duplex full speed 100 ! interface FastEthernet1/2 duplex full speed 100 ! interface FastEthernet1/3 duplex full speed 100 ! interface FastEthernet1/4 duplex full speed 100 ! interface FastEthernet1/5 duplex full speed 100 ! interface FastEthernet1/6 duplex full speed 100 ! interface FastEthernet1/7 duplex full speed 100 ! interface FastEthernet1/8 duplex full speed 100 ! interface FastEthernet1/9 switchport mode trunk duplex full speed 100 ! interface FastEthernet1/10 duplex full speed 100 ! interface FastEthernet1/11 duplex full speed 100 ! interface FastEthernet1/12 duplex full speed 100 ! interface FastEthernet1/13 duplex full speed 100 ! interface FastEthernet1/14 duplex full speed 100 ! interface FastEthernet1/15 duplex full speed 100 ! interface Vlan1 no ip address shutdown ! interface Vlan11 ip address 10.1.11.252 255.255.255.0 standby 11 ip 10.1.11.250 standby 11 preempt ! interface Vlan12 ip address 10.1.12.252 255.255.255.0 standby 12 ip 10.1.12.250 standby 12 priority 110 standby 12 preempt standby 12 track FastEthernet1/1 20 ! router ospf 1 router-id 12.12.12.12 log-adjacency-changes network 10.1.0.0 0.0.255.255 area 1 ! ip forward-protocol nd ! ! no ip http server no ip http secure-server ! no cdp log mismatch duplex ! ! ! ! ! ! control-plane ! ! ! ! ! ! ! ! ! ! line con 0 exec-timeout 0 0 privilege level 15 logging synchronous line aux 0 exec-timeout 0 0 privilege level 15 logging synchronous line vty 0 4 login ! ! end
DSW21 Initial Configuration(Click)
! ! version 12.4 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption no service dhcp ! hostname DSW21 ! boot-start-marker boot-end-marker ! ! no aaa new-model memory-size iomem 5 no ip icmp rate-limit unreachable ip cef ! ! ! ! no ip domain lookup ! multilink bundle-name authenticated ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! vtp file nvram:vlan.dat archive log config hidekeys ! ! ! vlan internal allocation policy ascending ! ip tcp synwait-time 5 ! ! ! ! interface FastEthernet0/0 description *** Unused for Layer2 EtherSwitch *** no ip address shutdown duplex auto speed auto ! interface FastEthernet0/1 description *** Unused for Layer2 EtherSwitch *** no ip address shutdown duplex auto speed auto ! interface FastEthernet1/0 duplex full speed 100 ! interface FastEthernet1/1 no switchport ip address 10.1.0.10 255.255.255.252 duplex full speed 100 ! interface FastEthernet1/2 duplex full speed 100 ! interface FastEthernet1/3 duplex full speed 100 ! interface FastEthernet1/4 duplex full speed 100 ! interface FastEthernet1/5 duplex full speed 100 ! interface FastEthernet1/6 duplex full speed 100 ! interface FastEthernet1/7 duplex full speed 100 ! interface FastEthernet1/8 switchport mode trunk duplex full speed 100 ! interface FastEthernet1/9 duplex full speed 100 ! interface FastEthernet1/10 duplex full speed 100 ! interface FastEthernet1/11 duplex full speed 100 ! interface FastEthernet1/12 duplex full speed 100 ! interface FastEthernet1/13 duplex full speed 100 ! interface FastEthernet1/14 duplex full speed 100 ! interface FastEthernet1/15 duplex full speed 100 ! interface Vlan1 no ip address shutdown ! interface Vlan21 ip address 10.1.21.251 255.255.255.0 ! router ospf 1 router-id 21.21.21.21 log-adjacency-changes network 10.1.0.0 0.0.255.255 area 1 ! ip forward-protocol nd ! ! no ip http server no ip http secure-server ! no cdp log mismatch duplex ! ! ! ! ! ! control-plane ! ! ! ! ! ! ! ! ! ! line con 0 exec-timeout 0 0 privilege level 15 logging synchronous line aux 0 exec-timeout 0 0 privilege level 15 logging synchronous line vty 0 4 login ! ! end
DSW120 Initial Configuration(Click)
! ! version 12.4 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption no service dhcp ! hostname DSW120 ! boot-start-marker boot-end-marker ! ! no aaa new-model memory-size iomem 5 no ip icmp rate-limit unreachable ip cef ! ! ! ! no ip domain lookup ! multilink bundle-name authenticated ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! vtp file nvram:vlan.dat archive log config hidekeys ! ! ! vlan internal allocation policy ascending ! ip tcp synwait-time 5 ! ! ! ! interface FastEthernet0/0 description *** Unused for Layer2 EtherSwitch *** no ip address shutdown duplex auto speed auto ! interface FastEthernet0/1 description *** Unused for Layer2 EtherSwitch *** no ip address shutdown duplex auto speed auto ! interface FastEthernet1/0 duplex full speed 100 ! interface FastEthernet1/1 switchport access vlan 11 duplex full speed 100 spanning-tree portfast ! interface FastEthernet1/2 duplex full speed 100 ! interface FastEthernet1/3 duplex full speed 100 ! interface FastEthernet1/4 duplex full speed 100 ! interface FastEthernet1/5 duplex full speed 100 ! interface FastEthernet1/6 duplex full speed 100 ! interface FastEthernet1/7 duplex full speed 100 ! interface FastEthernet1/8 duplex full speed 100 ! interface FastEthernet1/9 duplex full speed 100 ! interface FastEthernet1/10 duplex full speed 100 ! interface FastEthernet1/11 no switchport ip address 10.2.0.1 255.255.255.252 duplex full speed 100 ! interface FastEthernet1/12 no switchport ip address 10.2.0.5 255.255.255.252 duplex full speed 100 ! interface FastEthernet1/13 duplex full speed 100 ! interface FastEthernet1/14 duplex full speed 100 ! interface FastEthernet1/15 duplex full speed 100 ! interface Vlan1 no ip address shutdown ! interface Vlan11 ip address 10.2.11.251 255.255.255.0 ! router ospf 1 router-id 120.120.120.120 log-adjacency-changes network 10.2.0.0 0.0.255.255 area 2 ! ip forward-protocol nd ! ! no ip http server no ip http secure-server ! no cdp log mismatch duplex ! ! ! ! ! ! control-plane ! ! ! ! ! ! ! ! ! ! line con 0 exec-timeout 0 0 privilege level 15 logging synchronous line aux 0 exec-timeout 0 0 privilege level 15 logging synchronous line vty 0 4 login ! ! end
INET1 Initial Configuration(Click)
! ! version 12.4 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname INET1 ! boot-start-marker boot-end-marker ! ! no aaa new-model memory-size iomem 5 no ip icmp rate-limit unreachable ! ! ip cef no ip domain lookup ! ! ip auth-proxy max-nodata-conns 3 ip admission max-nodata-conns 3 ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ip tcp synwait-time 5 ! ! ! ! ! interface Ethernet0/0 ip address 1.1.1.1 255.255.255.252 ip nat outside ip virtual-reassembly half-duplex ! interface Ethernet0/1 ip address 10.1.0.18 255.255.255.252 ip nat inside ip virtual-reassembly half-duplex ! interface Ethernet0/2 ip address 1.1.1.5 255.255.255.252 half-duplex ! interface Ethernet0/3 no ip address shutdown half-duplex ! router ospf 1 router-id 112.112.112.112 log-adjacency-changes network 10.1.0.0 0.0.255.255 area 1 default-information originate ! no ip http server no ip http secure-server ! ip forward-protocol nd ip route 0.0.0.0 0.0.0.0 1.1.1.2 ! ip nat inside source list 10 interface Ethernet0/0 overload ! access-list 10 permit 10.1.0.0 0.0.255.255 no cdp log mismatch duplex ! ! ! control-plane ! ! ! ! ! ! ! ! ! ! line con 0 exec-timeout 0 0 privilege level 15 logging synchronous line aux 0 exec-timeout 0 0 privilege level 15 logging synchronous line vty 0 4 login ! ! end
INET2 Initial Configuration(Click)
! ! version 12.4 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname INET2 ! boot-start-marker boot-end-marker ! ! no aaa new-model memory-size iomem 5 no ip icmp rate-limit unreachable ! ! ip cef no ip domain lookup ! ! ip auth-proxy max-nodata-conns 3 ip admission max-nodata-conns 3 ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ip tcp synwait-time 5 ! ! ! ! ! interface Ethernet0/0 ip address 2.2.2.1 255.255.255.252 ip nat outside ip virtual-reassembly half-duplex ! interface Ethernet0/1 ip address 10.2.0.6 255.255.255.252 ip nat inside ip virtual-reassembly half-duplex ! interface Ethernet0/2 no ip address shutdown half-duplex ! interface Ethernet0/3 no ip address shutdown half-duplex ! router ospf 1 router-id 122.122.122.122 log-adjacency-changes network 10.2.0.0 0.0.255.255 area 2 default-information originate ! no ip http server no ip http secure-server ! ip forward-protocol nd ip route 0.0.0.0 0.0.0.0 2.2.2.2 ! ip nat inside source list 10 interface Ethernet0/0 overload ! access-list 10 permit 10.2.0.0 0.0.255.255 no cdp log mismatch duplex ! ! ! control-plane ! ! ! ! ! ! ! ! ! ! line con 0 exec-timeout 0 0 privilege level 15 logging synchronous line aux 0 exec-timeout 0 0 privilege level 15 logging synchronous line vty 0 4 login ! ! end
INET3 Initial Configuration(Click)
! ! version 12.4 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname INET3 ! boot-start-marker boot-end-marker ! ! no aaa new-model memory-size iomem 5 no ip icmp rate-limit unreachable ! ! ip cef no ip domain lookup ! ! ip auth-proxy max-nodata-conns 3 ip admission max-nodata-conns 3 ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ip tcp synwait-time 5 ! ! ! ! ! interface Ethernet0/0 ip address 3.3.3.1 255.255.255.252 ip nat outside ip virtual-reassembly half-duplex ! interface Ethernet0/1 ip address 10.3.11.251 255.255.255.0 ip nat inside ip virtual-reassembly half-duplex ! interface Ethernet0/2 no ip address shutdown half-duplex ! interface Ethernet0/3 no ip address shutdown half-duplex ! no ip http server no ip http secure-server ! ip forward-protocol nd ip route 0.0.0.0 0.0.0.0 3.3.3.2 ! ip nat inside source list 10 interface Ethernet0/0 overload ! access-list 10 permit 10.3.0.0 0.0.255.255 no cdp log mismatch duplex ! ! ! control-plane ! ! ! ! ! ! ! ! ! ! line con 0 exec-timeout 0 0 privilege level 15 logging synchronous line aux 0 exec-timeout 0 0 privilege level 15 logging synchronous line vty 0 4 login ! ! end
ISP11 Initial Configuration(Click)
! ! version 12.4 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname ISP11 ! boot-start-marker boot-end-marker ! ! no aaa new-model memory-size iomem 5 no ip icmp rate-limit unreachable ! ! ip cef no ip domain lookup ! ! ip auth-proxy max-nodata-conns 3 ip admission max-nodata-conns 3 ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ip tcp synwait-time 5 ! ! ! ! ! interface Loopback0 ip address 192.168.0.11 255.255.255.255 ip ospf network point-to-point ! interface Ethernet0/0 ip address 1.1.1.2 255.255.255.252 half-duplex ! interface Ethernet0/1 ip address 192.168.15.1 255.255.255.0 half-duplex ! interface Ethernet0/2 no ip address shutdown half-duplex ! interface Ethernet0/3 no ip address shutdown half-duplex ! router ospf 1 router-id 11.11.11.11 log-adjacency-changes network 192.168.0.0 0.0.255.255 area 0 ! router bgp 1 no synchronization bgp log-neighbor-changes network 1.1.1.0 mask 255.255.255.252 neighbor 192.168.0.15 remote-as 1 neighbor 192.168.0.15 update-source Loopback0 neighbor 192.168.0.15 next-hop-self no auto-summary ! no ip http server no ip http secure-server ! ip forward-protocol nd ! ! no cdp log mismatch duplex ! ! ! control-plane ! ! ! ! ! ! ! ! ! ! line con 0 exec-timeout 0 0 privilege level 15 logging synchronous line aux 0 exec-timeout 0 0 privilege level 15 logging synchronous line vty 0 4 login ! ! end
ISP12 Initial Configuration(Click)
! ! version 12.4 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname ISP12 ! boot-start-marker boot-end-marker ! ! no aaa new-model memory-size iomem 5 no ip icmp rate-limit unreachable ! ! ip cef no ip domain lookup ! ! ip auth-proxy max-nodata-conns 3 ip admission max-nodata-conns 3 ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ip tcp synwait-time 5 ! ! ! ! ! interface Loopback0 ip address 192.168.0.12 255.255.255.255 ! interface Ethernet0/0 ip address 2.2.2.2 255.255.255.252 half-duplex ! interface Ethernet0/1 ip address 192.168.25.2 255.255.255.0 half-duplex ! interface Ethernet0/2 no ip address shutdown half-duplex ! interface Ethernet0/3 no ip address shutdown half-duplex ! router ospf 1 router-id 12.12.12.12 log-adjacency-changes network 192.168.0.0 0.0.255.255 area 0 ! router bgp 1 no synchronization bgp log-neighbor-changes network 2.2.2.0 mask 255.255.255.252 neighbor 192.168.0.15 remote-as 1 neighbor 192.168.0.15 update-source Loopback0 neighbor 192.168.0.15 next-hop-self no auto-summary ! no ip http server no ip http secure-server ! ip forward-protocol nd ! ! no cdp log mismatch duplex ! ! ! control-plane ! ! ! ! ! ! ! ! ! ! line con 0 exec-timeout 0 0 privilege level 15 logging synchronous line aux 0 exec-timeout 0 0 privilege level 15 logging synchronous line vty 0 4 login ! ! end
ISP13 Initial Configuration(Click)
! ! version 12.4 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname ISP13 ! boot-start-marker boot-end-marker ! ! no aaa new-model memory-size iomem 5 no ip icmp rate-limit unreachable ! ! ip cef no ip domain lookup ! ! ip auth-proxy max-nodata-conns 3 ip admission max-nodata-conns 3 ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ip tcp synwait-time 5 ! ! ! ! ! interface Loopback0 ip address 192.168.0.13 255.255.255.255 ip ospf network point-to-point ! interface Ethernet0/0 ip address 12.12.12.1 255.255.255.252 half-duplex ! interface Ethernet0/1 ip address 192.168.35.3 255.255.255.0 half-duplex ! interface Ethernet0/2 no ip address shutdown half-duplex ! interface Ethernet0/3 no ip address shutdown half-duplex ! router ospf 1 router-id 13.13.13.13 log-adjacency-changes network 192.168.0.0 0.0.255.255 area 0 ! router bgp 1 no synchronization bgp log-neighbor-changes neighbor 12.12.12.2 remote-as 2 neighbor 12.12.12.2 password cisco neighbor 192.168.0.15 remote-as 1 neighbor 192.168.0.15 update-source Loopback0 neighbor 192.168.0.15 next-hop-self no auto-summary ! no ip http server no ip http secure-server ! ip forward-protocol nd ! ! no cdp log mismatch duplex ! ! ! control-plane ! ! ! ! ! ! ! ! ! ! line con 0 exec-timeout 0 0 privilege level 15 logging synchronous line aux 0 exec-timeout 0 0 privilege level 15 logging synchronous line vty 0 4 login ! ! end
ISP14 Initial Configuration(Click)
! ! version 12.4 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname ISP14 ! boot-start-marker boot-end-marker ! ! no aaa new-model memory-size iomem 5 no ip icmp rate-limit unreachable ! ! ip cef no ip domain lookup ! ! ip auth-proxy max-nodata-conns 3 ip admission max-nodata-conns 3 ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ip tcp synwait-time 5 ! ! ! ! ! interface Loopback0 ip address 192.168.0.14 255.255.255.255 ! interface Ethernet0/0 ip address 12.12.12.5 255.255.255.252 half-duplex ! interface Ethernet0/1 ip address 192.168.45.4 255.255.255.0 half-duplex ! interface Ethernet0/2 no ip address shutdown half-duplex ! interface Ethernet0/3 no ip address shutdown half-duplex ! router ospf 1 router-id 14.14.14.14 log-adjacency-changes network 192.168.0.0 0.0.255.255 area 0 ! router bgp 1 no synchronization bgp log-neighbor-changes neighbor 12.12.12.6 remote-as 2 neighbor 12.12.12.6 password cisco neighbor 192.168.0.15 remote-as 1 neighbor 192.168.0.15 update-source Loopback0 neighbor 192.168.0.15 next-hop-self no auto-summary ! no ip http server no ip http secure-server ! ip forward-protocol nd ! ! no cdp log mismatch duplex ! ! ! control-plane ! ! ! ! ! ! ! ! ! ! line con 0 exec-timeout 0 0 privilege level 15 logging synchronous line aux 0 exec-timeout 0 0 privilege level 15 logging synchronous line vty 0 4 login ! ! end
ISP15 Initial Configuration(Click)
! ! version 12.4 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname ISP15 ! boot-start-marker boot-end-marker ! ! no aaa new-model memory-size iomem 5 no ip icmp rate-limit unreachable ! ! ip cef no ip domain lookup ! ! ip auth-proxy max-nodata-conns 3 ip admission max-nodata-conns 3 ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ip tcp synwait-time 5 ! ! ! ! ! interface Loopback0 ip address 192.168.0.15 255.255.255.255 ! interface Loopback1 ip address 100.1.2.15 255.255.255.0 secondary ip address 100.1.1.15 255.255.255.0 ip ospf network point-to-point ! interface Ethernet0/0 ip address 192.168.15.5 255.255.255.0 half-duplex ! interface Ethernet0/1 ip address 192.168.25.5 255.255.255.0 half-duplex ! interface Ethernet0/2 ip address 192.168.35.5 255.255.255.0 half-duplex ! interface Ethernet0/3 ip address 192.168.45.5 255.255.255.0 half-duplex ! router ospf 1 router-id 15.15.15.15 log-adjacency-changes network 192.168.0.0 0.0.255.255 area 0 ! router bgp 1 no synchronization bgp log-neighbor-changes network 100.1.1.0 mask 255.255.255.0 network 100.1.2.0 mask 255.255.255.0 neighbor 192.168.0.11 remote-as 1 neighbor 192.168.0.11 update-source Loopback0 neighbor 192.168.0.11 route-reflector-client neighbor 192.168.0.12 remote-as 1 neighbor 192.168.0.12 update-source Loopback0 neighbor 192.168.0.12 route-reflector-client neighbor 192.168.0.13 remote-as 1 neighbor 192.168.0.13 update-source Loopback0 neighbor 192.168.0.13 route-reflector-client neighbor 192.168.0.14 remote-as 1 neighbor 192.168.0.14 update-source Loopback0 neighbor 192.168.0.14 route-reflector-client no auto-summary ! no ip http server no ip http secure-server ! ip forward-protocol nd ! ! no cdp log mismatch duplex ! ! ! control-plane ! ! ! ! ! ! ! ! ! ! line con 0 exec-timeout 0 0 privilege level 15 logging synchronous line aux 0 exec-timeout 0 0 privilege level 15 logging synchronous line vty 0 4 login ! ! end
ISP21 Initial Configuration(Click)
! ! version 12.4 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname ISP21 ! boot-start-marker boot-end-marker ! ! no aaa new-model memory-size iomem 5 no ip icmp rate-limit unreachable ! ! ip cef no ip domain lookup ! ! ip auth-proxy max-nodata-conns 3 ip admission max-nodata-conns 3 ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ip tcp synwait-time 5 ! ! ! ! ! interface Loopback0 ip address 192.168.0.21 255.255.255.255 ! interface Ethernet0/0 ip address 3.3.3.2 255.255.255.252 half-duplex ! interface Ethernet0/1 ip address 192.168.12.1 255.255.255.0 half-duplex ! interface Ethernet0/2 no ip address shutdown half-duplex ! interface Ethernet0/3 no ip address shutdown half-duplex ! router ospf 1 router-id 21.21.21.21 log-adjacency-changes network 192.168.0.0 0.0.255.255 area 0 ! router bgp 2 no synchronization bgp log-neighbor-changes network 3.3.3.0 mask 255.255.255.252 neighbor 192.168.0.22 remote-as 2 neighbor 192.168.0.22 update-source Loopback0 neighbor 192.168.0.22 next-hop-self no auto-summary ! no ip http server no ip http secure-server ! ip forward-protocol nd ! ! no cdp log mismatch duplex ! ! ! control-plane ! ! ! ! ! ! ! ! ! ! line con 0 exec-timeout 0 0 privilege level 15 logging synchronous line aux 0 exec-timeout 0 0 privilege level 15 logging synchronous line vty 0 4 login ! ! end
ISP22 Initial Configuration(Click)
! ! version 12.4 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname ISP22 ! boot-start-marker boot-end-marker ! ! no aaa new-model memory-size iomem 5 no ip icmp rate-limit unreachable ! ! ip cef no ip domain lookup ! ! ip auth-proxy max-nodata-conns 3 ip admission max-nodata-conns 3 ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ip tcp synwait-time 5 ! ! ! ! ! interface Loopback0 ip address 192.168.0.22 255.255.255.255 ! interface Ethernet0/0 ip address 12.12.12.2 255.255.255.252 half-duplex ! interface Ethernet0/1 ip address 12.12.12.6 255.255.255.252 half-duplex ! interface Ethernet0/2 ip address 192.168.12.2 255.255.255.0 half-duplex ! interface Ethernet0/3 no ip address shutdown half-duplex ! router ospf 1 router-id 22.22.22.22 log-adjacency-changes network 192.168.0.0 0.0.255.255 area 0 ! router bgp 2 no synchronization bgp log-neighbor-changes neighbor 12.12.12.1 remote-as 1 neighbor 12.12.12.1 password cisco neighbor 12.12.12.1 route-map From_ISP13 in neighbor 12.12.12.5 remote-as 1 neighbor 12.12.12.5 password cisco neighbor 12.12.12.5 route-map From_ISP14 in neighbor 192.168.0.21 remote-as 2 neighbor 192.168.0.21 update-source Loopback0 neighbor 192.168.0.21 next-hop-self no auto-summary ! no ip http server no ip http secure-server ! ip forward-protocol nd ! ! access-list 1 permit 100.1.1.0 access-list 2 permit 100.1.2.0 no cdp log mismatch duplex ! route-map From_ISP13 permit 10 match ip address 1 set local-preference 150 ! route-map From_ISP13 permit 100 ! route-map From_ISP14 permit 10 match ip address 2 set local-preference 150 ! route-map From_ISP14 permit 100 ! ! ! control-plane ! ! ! ! ! ! ! ! ! ! line con 0 exec-timeout 0 0 privilege level 15 logging synchronous line aux 0 exec-timeout 0 0 privilege level 15 logging synchronous line vty 0 4 login ! ! end
PC11 Initial Configuration(Click)
set pcname PC11 ip 10.1.11.11 10.1.11.250 24
PC12 Initial Configuration(Click)
set pcname PC12 ip 10.1.12.12 10.1.12.250 24
PC21 Initial Configuration(Click)
set pcname PC21 ip 10.1.21.21 10.1.21.251 24
PC120 Initial Configuration(Click)
# This the configuration for PC120 set pcname PC120 ip 10.2.11.120 255.255.255.0 10.2.11.251
PC130 Initial Configuration(Click)
# This the configuration for PC130 set pcname PC130 ip 10.3.11.130 255.255.255.0 10.3.11.251
SFSW Initial Configuration(Click)
! ! version 12.4 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption no service dhcp ! hostname SFSW ! boot-start-marker boot-end-marker ! ! no aaa new-model memory-size iomem 5 no ip routing no ip icmp rate-limit unreachable no ip cef ! ! ! ! no ip domain lookup ! multilink bundle-name authenticated ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! vtp file nvram:vlan.dat archive log config hidekeys ! ! ! ! ip tcp synwait-time 5 ! ! ! ! interface FastEthernet0/0 description *** Unused for Layer2 EtherSwitch *** no ip address no ip route-cache shutdown duplex auto speed auto ! interface FastEthernet0/1 description *** Unused for Layer2 EtherSwitch *** no ip address no ip route-cache shutdown duplex auto speed auto ! interface FastEthernet1/0 duplex full speed 100 ! interface FastEthernet1/1 switchport access vlan 100 duplex full speed 100 spanning-tree portfast ! interface FastEthernet1/2 duplex full speed 100 ! interface FastEthernet1/3 duplex full speed 100 ! interface FastEthernet1/4 duplex full speed 100 ! interface FastEthernet1/5 duplex full speed 100 ! interface FastEthernet1/6 duplex full speed 100 ! interface FastEthernet1/7 duplex full speed 100 ! interface FastEthernet1/8 switchport access vlan 100 duplex full speed 100 ! interface FastEthernet1/9 duplex full speed 100 ! interface FastEthernet1/10 duplex full speed 100 ! interface FastEthernet1/11 duplex full speed 100 ! interface FastEthernet1/12 duplex full speed 100 ! interface FastEthernet1/13 duplex full speed 100 ! interface FastEthernet1/14 duplex full speed 100 ! interface FastEthernet1/15 duplex full speed 100 ! interface Vlan1 no ip address no ip route-cache shutdown ! ip forward-protocol nd ! ! no ip http server no ip http secure-server ! no cdp log mismatch duplex ! ! ! ! ! ! control-plane ! ! ! ! ! ! ! ! ! ! line con 0 exec-timeout 0 0 privilege level 15 logging synchronous line aux 0 exec-timeout 0 0 privilege level 15 logging synchronous line vty 0 4 login ! ! end
SRV Initial Configuration(Click)
set pcname SRV ip 10.1.100.100 10.1.100.251 24
VPN1 Initial Configuration(Click)
! ! version 12.4 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname VPN1 ! boot-start-marker boot-end-marker ! ! no aaa new-model memory-size iomem 5 no ip icmp rate-limit unreachable ! ! ip cef no ip domain lookup ! ! ip auth-proxy max-nodata-conns 3 ip admission max-nodata-conns 3 ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ip tcp synwait-time 5 ! ! ! ! ! interface Ethernet0/0 ip address 1.1.1.6 255.255.255.252 half-duplex ! interface Ethernet0/1 ip address 10.1.0.22 255.255.255.252 half-duplex ! interface Ethernet0/2 no ip address shutdown half-duplex ! interface Ethernet0/3 no ip address shutdown half-duplex ! router ospf 1 router-id 113.113.113.113 log-adjacency-changes network 10.1.0.0 0.0.255.255 area 1 ! no ip http server no ip http secure-server ! ip forward-protocol nd ip route 0.0.0.0 0.0.0.0 1.1.1.5 ! ! no cdp log mismatch duplex ! ! ! control-plane ! ! ! ! ! ! ! ! ! ! line con 0 exec-timeout 0 0 privilege level 15 logging synchronous line aux 0 exec-timeout 0 0 privilege level 15 logging synchronous line vty 0 4 login ! ! end
WAN1 Initial Configuration(Click)
! ! version 12.4 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname WAN1 ! boot-start-marker boot-end-marker ! ! no aaa new-model memory-size iomem 5 no ip icmp rate-limit unreachable ! ! ip cef no ip domain lookup ! ! ip auth-proxy max-nodata-conns 3 ip admission max-nodata-conns 3 ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ip tcp synwait-time 5 ! ! ! ! ! interface Ethernet0/0 ip address 10.0.0.1 255.255.255.0 half-duplex ! interface Ethernet0/1 ip address 10.1.0.14 255.255.255.252 half-duplex ! interface Ethernet0/2 no ip address shutdown half-duplex ! interface Ethernet0/3 no ip address shutdown half-duplex ! router ospf 1 router-id 111.111.111.111 log-adjacency-changes area 1 range 10.1.0.0 255.255.0.0 network 10.0.0.0 0.0.0.255 area 0 network 10.1.0.0 0.0.255.255 area 1 ! no ip http server no ip http secure-server ! ip forward-protocol nd ! ! no cdp log mismatch duplex ! ! ! control-plane ! ! ! ! ! ! ! ! ! ! line con 0 exec-timeout 0 0 privilege level 15 logging synchronous line aux 0 exec-timeout 0 0 privilege level 15 logging synchronous line vty 0 4 login ! ! end
WAN2 Part3 Configuration(Click)
! ! version 12.4 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname WAN2 ! boot-start-marker boot-end-marker ! ! no aaa new-model memory-size iomem 5 no ip icmp rate-limit unreachable ! ! ip cef no ip domain lookup ! ! ip auth-proxy max-nodata-conns 3 ip admission max-nodata-conns 3 ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ip tcp synwait-time 5 ! ! ! ! ! interface Ethernet0/0 ip address 10.0.0.2 255.255.255.0 half-duplex ! interface Ethernet0/1 ip address 10.2.0.2 255.255.255.252 half-duplex ! interface Ethernet0/2 no ip address shutdown half-duplex ! interface Ethernet0/3 no ip address shutdown half-duplex ! router ospf 1 router-id 121.121.121.121 log-adjacency-changes area 2 range 10.2.0.0 255.255.0.0 network 10.0.0.0 0.0.0.255 area 0 network 10.2.0.0 0.0.255.255 area 2 ! no ip http server no ip http secure-server ! ip forward-protocol nd ! ! no cdp log mismatch duplex ! ! ! control-plane ! ! ! ! ! ! ! ! ! ! line con 0 exec-timeout 0 0 privilege level 15 logging synchronous line aux 0 exec-timeout 0 0 privilege level 15 logging synchronous line vty 0 4 login ! ! end
Part6:インターネットVPNの構築
要件
- 拠点1と拠点2を接続する広域イーサネットのバックアップとして、インターネットVPNを構築します。VPN1とINET2間でトンネルインタフェースを設定します。トンネルで送受信するIPパケットをIPSecで暗号化します。
- 拠点1と拠点3を接続するためにインターネットVPNを構築します。VPN1とINET3間でトンネルインタフェースを設定します。トンネルで送受信するIPパケットをIPSecで暗号化します。
- 拠点1-拠点2間のGREトンネルを広域イーサネットのバックアップとするために、フローティングスタティックルートの設定を行います。拠点1-拠点3間のGREトンネルでルーティングを行うためにスタティックルートの設定を行います。
- VPNゲートウェイ間の認証はパスワード「cisco」を利用します。IPSecの暗号化のパラメータとして、以下を利用します。IPSecの設定は、crypto mapを利用しません。
トランスフォームセット名 | IPSEC |
セキュリティプロトコル | ESP |
暗号化アルゴリズム | 3DES |
認証アルゴリズム | SHA-1 |
トンネルインタフェースの設定
VPN1-INET2間でトンネルを設定して、インターネット経由で拠点1と拠点2を接続します。VPN1-INET3間でトンネルを設定して、インターネット経由で拠点1と拠点3を接続します。VPN1-INET2間のトンネルは10.10.10.0/30のネットワークアドレスとします。VPN1-INET3間のトンネルは10.10.10.4/30のネットワークアドレスとします。
なお、トンネルインタフェースのカプセル化は、この段階ではデフォルトのGREのままとします。
VPN1 トンネルインタフェースの設定
interface tunnel12 tunnel source 1.1.1.6 tunnel destination 2.2.2.1 ip address 10.10.10.1 255.255.255.252 ! interface tunnel 13 tunnel source 1.1.1.6 tunnel destination 3.3.3.1 ip address 10.10.10.5 255.255.255.252
INET2 トンネルインタフェースの設定
interface tunnel12 tunnel source 2.2.2.1 tunnel destination 1.1.1.6 ip address 10.10.10.2 255.255.255.252
INET3 トンネルインタフェースの設定
interface tunnel 13 tunnel source 3.3.3.1 tunnel destination 1.1.1.6 ip address 10.10.10.6 255.255.255.252
show ip interface briefコマンドでGREトンネルインタフェースの状態とIPアドレスを正しく設定していることを確認します。また、GREトンネルの対向となるIPアドレスへPingを実行します。VPN1では、次のようになります。
VPN1 トンネルインタフェースの確認
VPN1#show ip int brief Interface IP-Address OK? Method Status Protocol Ethernet0/0 1.1.1.6 YES manual up up Ethernet0/1 10.1.0.22 YES NVRAM up up Ethernet0/2 unassigned YES NVRAM administratively down down Ethernet0/3 unassigned YES NVRAM administratively down down Tunnel12 10.10.10.1 YES manual up up Tunnel13 10.10.10.5 YES manual up up VPN1#ping 10.10.10.2 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 10.10.10.2, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 60/83/124 ms VPN1#ping 10.10.10.6 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 10.10.10.6, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 132/147/152 ms
トンネルのルーティングの設定 拠点1-拠点2間
拠点1-拠点2間のGREトンネルを広域イーサネットのバックアップとするためにフローティングスタティックルートを設定します。
VPN1に10.2.0.0/16のスタティックルートを設定します。ネクストホップをGREトンネルの対向の10.10.10.2としてアドミニストレイティブディスタンスをOSPFよりも大きい120にします。また、広域イーサネットがダウンしているときに、拠点1のルータ/レイヤ3スイッチが10.2.0.0/16をOSPFで学習できるようにスタティックルートをOSPFに再配送します。
INET2に10.1.0.0/16のスタティックルートを設定します。ネクストホップをGREトンネルの対向の10.10.10.1としてアドミニストレイティブディスタンスをOSPFよりも大きい120にします。また、広域イーサネットがダウンしているときに、拠点2のルータ/レイヤ3スイッチが10.1.0.0/16をOSPFで学習できるようにスタティックルートをOSPFに再配送します。
VPN1 フローティングスタティックの設定
ip route 10.2.0.0 255.255.0.0 10.10.10.2 120 ! router ospf 1 redistribute static subnets
INET2 フローティングスタティックの設定
ip route 10.1.0.0 255.255.0.0 10.10.10.1 120 ! router ospf 1 redistribute static subnets
GREトンネルが広域イーサネットのバックアップとして正しく動作することを確認します。広域イーサネットが正常なときのBBSWのルーティングテーブルを確認します。
BBSW ルーティングテーブル 広域イーサネット正常時
BBSW#show ip route -- omitted -- Gateway of last resort is 10.1.0.18 to network 0.0.0.0 10.0.0.0/8 is variably subnetted, 12 subnets, 3 masks O 10.1.11.0/24 [110/2] via 10.1.0.6, 00:53:49, FastEthernet1/2 [110/2] via 10.1.0.2, 00:53:39, FastEthernet1/1 C 10.1.0.8/30 is directly connected, FastEthernet1/4 O 10.1.12.0/24 [110/2] via 10.1.0.6, 00:53:49, FastEthernet1/2 [110/2] via 10.1.0.2, 00:53:39, FastEthernet1/1 C 10.1.0.12/30 is directly connected, FastEthernet1/11 O IA 10.2.0.0/16 [110/21] via 10.1.0.14, 00:53:51, FastEthernet1/11 O IA 10.0.0.0/24 [110/11] via 10.1.0.14, 00:53:51, FastEthernet1/11 C 10.1.0.0/30 is directly connected, FastEthernet1/1 C 10.1.0.4/30 is directly connected, FastEthernet1/2 C 10.1.0.16/30 is directly connected, FastEthernet1/12 O 10.1.21.0/24 [110/2] via 10.1.0.10, 00:53:51, FastEthernet1/4 C 10.1.0.20/30 is directly connected, FastEthernet1/13 C 10.1.100.0/24 is directly connected, Vlan100 O*E2 0.0.0.0/0 [110/1] via 10.1.0.18, 00:54:45, FastEthernet1/12
そして、広域イーサネットをダウンさせるためにWAN1/WAN2のE0/0をshutdownします。
WAN1/WAN2 shutdown
interface Ethernet0/0 shutdown
広域イーサネットがダウンするとBBSWのルーティングテーブルの10.2.0.0/16はVPN1経由となります。
BBSW ルーティングテーブル 広域イーサネットダウン時
BBSW#show ip route -- omitted -- Gateway of last resort is 10.1.0.18 to network 0.0.0.0 10.0.0.0/8 is variably subnetted, 11 subnets, 3 masks O 10.1.11.0/24 [110/2] via 10.1.0.6, 00:56:21, FastEthernet1/2 [110/2] via 10.1.0.2, 00:56:11, FastEthernet1/1 C 10.1.0.8/30 is directly connected, FastEthernet1/4 O 10.1.12.0/24 [110/2] via 10.1.0.6, 00:56:21, FastEthernet1/2 [110/2] via 10.1.0.2, 00:56:11, FastEthernet1/1 C 10.1.0.12/30 is directly connected, FastEthernet1/11 O E2 10.2.0.0/16 [110/20] via 10.1.0.22, 00:00:24, FastEthernet1/13 C 10.1.0.0/30 is directly connected, FastEthernet1/1 C 10.1.0.4/30 is directly connected, FastEthernet1/2 C 10.1.0.16/30 is directly connected, FastEthernet1/12 O 10.1.21.0/24 [110/2] via 10.1.0.10, 00:56:23, FastEthernet1/4 C 10.1.0.20/30 is directly connected, FastEthernet1/13 C 10.1.100.0/24 is directly connected, Vlan100 O*E2 0.0.0.0/0 [110/1] via 10.1.0.18, 00:57:19, FastEthernet1/12
PC11からPC120へTracerouteを実行すると、GREトンネル経由でルーティングされています。
PC11 Traceroute
PC11> trace 10.2.11.120 trace to 10.2.11.120, 8 hops max, press Ctrl+C to stop 1 10.1.11.251 10.360 ms 20.447 ms 10.293 ms 2 10.1.0.1 32.073 ms 31.246 ms 30.640 ms 3 10.1.0.22 62.247 ms 53.226 ms 52.323 ms 4 10.10.10.2 162.829 ms 193.119 ms 151.363 ms 5 10.2.0.5 172.152 ms 138.984 ms 105.722 ms 6 *10.2.11.120 171.117 ms (ICMP type:3, code:3, Destination port unreachable)
WAN1/WAN2 no shutdown
interface Ethernet0/0 no shutdown
トンネルのルーティングの設定 拠点1-拠点3間
拠点1-拠点3間のルーティングをGREトンネル経由で行うためにVPN1とINET3でスタティックルートを設定します。VPN1では拠点3の10.3.0.0/16のスタティックルートを設定します。このスタティックルートは、OSPFへ再配送されます。
INET3では、拠点1と拠点2の10.1.0.0/16と10.2.0.0/16のスタティックルートを設定します。
VPN1 スタティックルートの設定
ip route 10.3.0.0 255.255.0.0 10.10.10.6
INET3 スタティックルートの設定
ip route 10.1.0.0 255.255.0.0 10.10.10.5 ip route 10.2.0.0 255.255.0.0 10.10.10.5
拠点3との通信を確認します。PC130からPC11、PC120へTracerouteを実行します。
PC130 Traceroute
PC130> trace 10.1.11.11 trace to 10.1.11.11, 8 hops max, press Ctrl+C to stop 1 10.3.11.251 4.116 ms 9.204 ms 9.013 ms 2 10.10.10.5 160.539 ms 163.542 ms 161.207 ms 3 10.1.0.21 182.307 ms 179.498 ms 169.173 ms 4 10.1.0.6 202.895 ms 190.408 ms 129.223 ms 5 *10.1.11.11 139.293 ms (ICMP type:3, code:3, Destination port unreachable) PC130> trace 10.2.11.120 trace to 10.2.11.120, 8 hops max, press Ctrl+C to stop 1 10.3.11.251 4.269 ms 9.215 ms 9.115 ms 2 10.10.10.5 160.764 ms 159.532 ms 157.820 ms 3 10.1.0.21 181.802 ms 180.460 ms 181.339 ms 4 10.1.0.14 204.997 ms 203.358 ms 205.510 ms 5 10.0.0.2 224.476 ms 228.163 ms 227.935 ms 6 10.2.0.1 245.488 ms 246.349 ms 242.810 ms 7 *10.2.11.120 256.961 ms (ICMP type:3, code:3, Destination port unreachable)
IPSecの設定
トンネルでのルーティングの設定が完成すれば、あとは、トンネル経由のIPパケットをIPSecで暗号化するだけです。また、トンネルインタフェースのカプセル化は、tunnel mode ipsec ipv4コマンドでGREのオーバーヘッドを削減するIPSec VTIとして設定します。
VPN1 IPSec VTIの設定
crypto isakmp policy 1 authentication pre-share ! crypto isakmp key cisco address 2.2.2.1 crypto isakmp key cisco address 3.3.3.1 ! crypto ipsec transform-set IPSEC esp-3des esp-sha-hmac mode transport ! crypto ipsec profile IPSEC set transform-set IPSEC ! interface Tunnel12 tunnel mode ipsec ipv4 tunnel protection ipsec profile IPSEC ! interface Tunnel13 tunnel mode ipsec ipv4 tunnel protection ipsec profile IPSEC
INET2 IPSec VTIの設定
crypto isakmp policy 1 authentication pre-share ! crypto isakmp key cisco address 1.1.1.6 ! crypto ipsec transform-set IPSEC esp-3des esp-sha-hmac mode transport ! crypto ipsec profile IPSEC set transform-set IPSEC ! interface Tunnel12 tunnel mode ipsec ipv4 tunnel protection ipsec profile IPSEC
INET3 IPSec VTIの設定
crypto isakmp policy 1 authentication pre-share ! crypto isakmp key cisco address 1.1.1.6 ! crypto ipsec transform-set IPSEC esp-3des esp-sha-hmac mode transport ! crypto ipsec profile IPSEC set transform-set IPSEC ! interface Tunnel13 tunnel mode ipsec ipv4 tunnel protection ipsec profile IPSEC
トンネルのIPアドレスにPingを実行してIPSecの暗号化が正しく行われていることを確認します。
VPN1 IPSec VTIの確認
VPN1#ping 10.10.10.2 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 10.10.10.2, timeout is 2 seconds: .!!!! Success rate is 80 percent (4/5), round-trip min/avg/max = 96/112/132 ms VPN1#ping 10.10.10.6 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 10.10.10.6, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 92/104/108 ms VPN1#show crypto isakmp sa dst src state conn-id slot status 3.3.3.1 1.1.1.6 QM_IDLE 1 0 ACTIVE 2.2.2.1 1.1.1.6 QM_IDLE 2 0 ACTIVE VPN1#show crypto ipsec sa interface: Tunnel12 Crypto map tag: Tunnel12-head-0, local addr 1.1.1.6 protected vrf: (none) local ident (addr/mask/prot/port): (1.1.1.6/255.255.255.255/47/0) remote ident (addr/mask/prot/port): (2.2.2.1/255.255.255.255/47/0) current_peer 2.2.2.1 port 500 PERMIT, flags={origin_is_acl,ipsec_sa_request_sent} #pkts encaps: 4, #pkts encrypt: 4, #pkts digest: 4 #pkts decaps: 4, #pkts decrypt: 4, #pkts verify: 4 #pkts compressed: 0, #pkts decompressed: 0 #pkts not compressed: 0, #pkts compr. failed: 0 #pkts not decompressed: 0, #pkts decompress failed: 0 #send errors 6, #recv errors 0 local crypto endpt.: 1.1.1.6, remote crypto endpt.: 2.2.2.1 path mtu 1500, ip mtu 1500, ip mtu idb Ethernet0/0 current outbound spi: 0xF4D1A7F2(4107380722) inbound esp sas: spi: 0x58B32C28(1488137256) transform: esp-3des esp-sha-hmac , in use settings ={Transport, } conn id: 2003, flow_id: SW:3, crypto map: Tunnel12-head-0 sa timing: remaining key lifetime (k/sec): (4531747/3583) IV size: 8 bytes replay detection support: Y Status: ACTIVE inbound ah sas: inbound pcp sas: outbound esp sas: spi: 0xF4D1A7F2(4107380722) transform: esp-3des esp-sha-hmac , in use settings ={Transport, } conn id: 2004, flow_id: SW:4, crypto map: Tunnel12-head-0 sa timing: remaining key lifetime (k/sec): (4531747/3581) IV size: 8 bytes replay detection support: Y Status: ACTIVE outbound ah sas: outbound pcp sas: interface: Tunnel13 Crypto map tag: Tunnel13-head-0, local addr 1.1.1.6 protected vrf: (none) local ident (addr/mask/prot/port): (1.1.1.6/255.255.255.255/47/0) remote ident (addr/mask/prot/port): (3.3.3.1/255.255.255.255/47/0) current_peer 3.3.3.1 port 500 PERMIT, flags={origin_is_acl,} #pkts encaps: 20, #pkts encrypt: 20, #pkts digest: 20 #pkts decaps: 19, #pkts decrypt: 19, #pkts verify: 19 #pkts compressed: 0, #pkts decompressed: 0 #pkts not compressed: 0, #pkts compr. failed: 0 #pkts not decompressed: 0, #pkts decompress failed: 0 #send errors 6, #recv errors 0 local crypto endpt.: 1.1.1.6, remote crypto endpt.: 3.3.3.1 path mtu 1500, ip mtu 1500, ip mtu idb Ethernet0/0 current outbound spi: 0x5E437F77(1581481847) inbound esp sas: spi: 0x84EA2C93(2229939347) transform: esp-3des esp-sha-hmac , in use settings ={Transport, } conn id: 2001, flow_id: SW:1, crypto map: Tunnel13-head-0 sa timing: remaining key lifetime (k/sec): (4590407/3492) IV size: 8 bytes replay detection support: Y Status: ACTIVE inbound ah sas: inbound pcp sas: outbound esp sas: spi: 0x5E437F77(1581481847) transform: esp-3des esp-sha-hmac , in use settings ={Transport, } conn id: 2002, flow_id: SW:2, crypto map: Tunnel13-head-0 sa timing: remaining key lifetime (k/sec): (4590407/3491) IV size: 8 bytes replay detection support: Y Status: ACTIVE outbound ah sas: outbound pcp sas:
Part6 インターネットVPNの構築 完了の設定ファイル
ASW11 Part6 Configuration(Click)
! ! version 12.4 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption no service dhcp ! hostname ASW11 ! boot-start-marker boot-end-marker ! ! no aaa new-model memory-size iomem 5 no ip routing no ip icmp rate-limit unreachable no ip cef ! ! ! ! no ip domain lookup ! multilink bundle-name authenticated ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! vtp file nvram:vlan.dat archive log config hidekeys ! ! ! ! ip tcp synwait-time 5 ! ! ! ! interface FastEthernet0/0 description *** Unused for Layer2 EtherSwitch *** no ip address no ip route-cache shutdown duplex auto speed auto ! interface FastEthernet0/1 description *** Unused for Layer2 EtherSwitch *** no ip address no ip route-cache shutdown duplex auto speed auto ! interface FastEthernet1/0 duplex full speed 100 ! interface FastEthernet1/1 switchport access vlan 11 duplex full speed 100 spanning-tree portfast ! interface FastEthernet1/2 switchport access vlan 12 duplex full speed 100 spanning-tree portfast ! interface FastEthernet1/3 duplex full speed 100 ! interface FastEthernet1/4 duplex full speed 100 ! interface FastEthernet1/5 duplex full speed 100 ! interface FastEthernet1/6 duplex full speed 100 ! interface FastEthernet1/7 duplex full speed 100 ! interface FastEthernet1/8 switchport mode trunk duplex full speed 100 ! interface FastEthernet1/9 switchport mode trunk duplex full speed 100 ! interface FastEthernet1/10 duplex full speed 100 ! interface FastEthernet1/11 duplex full speed 100 ! interface FastEthernet1/12 duplex full speed 100 ! interface FastEthernet1/13 duplex full speed 100 ! interface FastEthernet1/14 duplex full speed 100 ! interface FastEthernet1/15 duplex full speed 100 ! interface Vlan1 no ip address no ip route-cache shutdown ! ip forward-protocol nd ! ! no ip http server no ip http secure-server ! no cdp log mismatch duplex ! ! ! ! ! ! control-plane ! ! ! ! ! ! ! ! ! ! line con 0 exec-timeout 0 0 privilege level 15 logging synchronous line aux 0 exec-timeout 0 0 privilege level 15 logging synchronous line vty 0 4 login ! ! end
ASW21 Part6 Configuration(Click)
! ! version 12.4 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption no service dhcp ! hostname ASW21 ! boot-start-marker boot-end-marker ! ! no aaa new-model memory-size iomem 5 no ip routing no ip icmp rate-limit unreachable no ip cef ! ! ! ! no ip domain lookup ! multilink bundle-name authenticated ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! vtp file nvram:vlan.dat archive log config hidekeys ! ! ! ! ip tcp synwait-time 5 ! ! ! ! interface FastEthernet0/0 description *** Unused for Layer2 EtherSwitch *** no ip address no ip route-cache shutdown duplex auto speed auto ! interface FastEthernet0/1 description *** Unused for Layer2 EtherSwitch *** no ip address no ip route-cache shutdown duplex auto speed auto ! interface FastEthernet1/0 duplex full speed 100 ! interface FastEthernet1/1 switchport access vlan 21 duplex full speed 100 spanning-tree portfast ! interface FastEthernet1/2 duplex full speed 100 ! interface FastEthernet1/3 duplex full speed 100 ! interface FastEthernet1/4 duplex full speed 100 ! interface FastEthernet1/5 duplex full speed 100 ! interface FastEthernet1/6 duplex full speed 100 ! interface FastEthernet1/7 duplex full speed 100 ! interface FastEthernet1/8 switchport mode trunk duplex full speed 100 ! interface FastEthernet1/9 duplex full speed 100 ! interface FastEthernet1/10 duplex full speed 100 ! interface FastEthernet1/11 duplex full speed 100 ! interface FastEthernet1/12 duplex full speed 100 ! interface FastEthernet1/13 duplex full speed 100 ! interface FastEthernet1/14 duplex full speed 100 ! interface FastEthernet1/15 duplex full speed 100 ! interface Vlan1 no ip address no ip route-cache shutdown ! ip forward-protocol nd ! ! no ip http server no ip http secure-server ! no cdp log mismatch duplex ! ! ! ! ! ! control-plane ! ! ! ! ! ! ! ! ! ! line con 0 exec-timeout 0 0 privilege level 15 logging synchronous line aux 0 exec-timeout 0 0 privilege level 15 logging synchronous line vty 0 4 login ! ! end
BBSW Part6 Configuration(Click)
! ! version 12.4 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption no service dhcp ! hostname BBSW ! boot-start-marker boot-end-marker ! ! no aaa new-model memory-size iomem 5 no ip icmp rate-limit unreachable ip cef ! ! ! ! no ip domain lookup ! multilink bundle-name authenticated ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! vtp file nvram:vlan.dat archive log config hidekeys ! ! ! vlan internal allocation policy ascending ! ip tcp synwait-time 5 ! ! ! ! interface FastEthernet0/0 description *** Unused for Layer2 EtherSwitch *** no ip address shutdown duplex auto speed auto ! interface FastEthernet0/1 description *** Unused for Layer2 EtherSwitch *** no ip address shutdown duplex auto speed auto ! interface FastEthernet1/0 duplex full speed 100 ! interface FastEthernet1/1 no switchport ip address 10.1.0.1 255.255.255.252 duplex full speed 100 ! interface FastEthernet1/2 no switchport ip address 10.1.0.5 255.255.255.252 duplex full speed 100 ! interface FastEthernet1/3 switchport access vlan 100 duplex full speed 100 ! interface FastEthernet1/4 no switchport ip address 10.1.0.9 255.255.255.252 duplex full speed 100 ! interface FastEthernet1/5 duplex full speed 100 ! interface FastEthernet1/6 duplex full speed 100 ! interface FastEthernet1/7 duplex full speed 100 ! interface FastEthernet1/8 duplex full speed 100 ! interface FastEthernet1/9 duplex full speed 100 ! interface FastEthernet1/10 duplex full speed 100 ! interface FastEthernet1/11 no switchport ip address 10.1.0.13 255.255.255.252 duplex full speed 100 ! interface FastEthernet1/12 no switchport ip address 10.1.0.17 255.255.255.252 duplex full speed 100 ! interface FastEthernet1/13 no switchport ip address 10.1.0.21 255.255.255.252 duplex full speed 100 ! interface FastEthernet1/14 duplex full speed 100 ! interface FastEthernet1/15 duplex full speed 100 ! interface Vlan1 no ip address shutdown ! interface Vlan100 ip address 10.1.100.251 255.255.255.0 ! router ospf 1 router-id 100.100.100.100 log-adjacency-changes network 10.1.0.0 0.0.255.255 area 1 ! ip forward-protocol nd ! ! no ip http server no ip http secure-server ! no cdp log mismatch duplex ! ! ! ! ! ! control-plane ! ! ! ! ! ! ! ! ! ! line con 0 exec-timeout 0 0 privilege level 15 logging synchronous line aux 0 exec-timeout 0 0 privilege level 15 logging synchronous line vty 0 4 login ! ! end
DSW11 Part6 Configuration(Click)
! ! version 12.4 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption no service dhcp ! hostname DSW11 ! boot-start-marker boot-end-marker ! ! no aaa new-model memory-size iomem 5 no ip icmp rate-limit unreachable ip cef ! ! ! ! no ip domain lookup ! multilink bundle-name authenticated ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! vtp file nvram:vlan.dat archive log config hidekeys ! ! ! vlan internal allocation policy ascending ! ip tcp synwait-time 5 ! ! ! ! ! interface Port-channel1 ! interface FastEthernet0/0 description *** Unused for Layer2 EtherSwitch *** no ip address shutdown duplex auto speed auto ! interface FastEthernet0/1 description *** Unused for Layer2 EtherSwitch *** no ip address shutdown duplex auto speed auto ! interface FastEthernet1/0 duplex full speed 100 ! interface FastEthernet1/1 no switchport ip address 10.1.0.2 255.255.255.252 duplex full speed 100 ! interface FastEthernet1/2 duplex full speed 100 ! interface FastEthernet1/3 duplex full speed 100 ! interface FastEthernet1/4 duplex full speed 100 ! interface FastEthernet1/5 duplex full speed 100 ! interface FastEthernet1/6 duplex full speed 100 ! interface FastEthernet1/7 duplex full speed 100 ! interface FastEthernet1/8 switchport mode trunk duplex full speed 100 ! interface FastEthernet1/9 duplex full speed 100 ! interface FastEthernet1/10 duplex full speed 100 ! interface FastEthernet1/11 duplex full speed 100 ! interface FastEthernet1/12 duplex full speed 100 ! interface FastEthernet1/13 duplex full speed 100 ! interface FastEthernet1/14 duplex full speed 100 ! interface FastEthernet1/15 duplex full speed 100 ! interface Vlan1 no ip address shutdown ! interface Vlan11 ip address 10.1.11.251 255.255.255.0 standby 11 ip 10.1.11.250 standby 11 priority 110 standby 11 preempt standby 11 track FastEthernet1/1 20 ! interface Vlan12 ip address 10.1.12.251 255.255.255.0 standby 12 ip 10.1.12.250 standby 12 preempt ! router ospf 1 router-id 11.11.11.11 log-adjacency-changes network 10.1.0.0 0.0.255.255 area 1 ! ip forward-protocol nd ! ! no ip http server no ip http secure-server ! no cdp log mismatch duplex ! ! ! ! ! ! control-plane ! ! ! ! ! ! ! ! ! ! line con 0 exec-timeout 0 0 privilege level 15 logging synchronous line aux 0 exec-timeout 0 0 privilege level 15 logging synchronous line vty 0 4 login ! ! end
DSW12 Part6 Configuration(Click)
! ! version 12.4 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption no service dhcp ! hostname DSW12 ! boot-start-marker boot-end-marker ! ! no aaa new-model memory-size iomem 5 no ip icmp rate-limit unreachable ip cef ! ! ! ! no ip domain lookup ! multilink bundle-name authenticated ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! vtp file nvram:vlan.dat archive log config hidekeys ! ! ! vlan internal allocation policy ascending ! ip tcp synwait-time 5 ! ! ! ! ! interface FastEthernet0/0 description *** Unused for Layer2 EtherSwitch *** no ip address shutdown duplex auto speed auto ! interface FastEthernet0/1 description *** Unused for Layer2 EtherSwitch *** no ip address shutdown duplex auto speed auto ! interface FastEthernet1/0 duplex full speed 100 ! interface FastEthernet1/1 no switchport ip address 10.1.0.6 255.255.255.252 duplex full speed 100 ! interface FastEthernet1/2 duplex full speed 100 ! interface FastEthernet1/3 duplex full speed 100 ! interface FastEthernet1/4 duplex full speed 100 ! interface FastEthernet1/5 duplex full speed 100 ! interface FastEthernet1/6 duplex full speed 100 ! interface FastEthernet1/7 duplex full speed 100 ! interface FastEthernet1/8 duplex full speed 100 ! interface FastEthernet1/9 switchport mode trunk duplex full speed 100 ! interface FastEthernet1/10 duplex full speed 100 ! interface FastEthernet1/11 duplex full speed 100 ! interface FastEthernet1/12 duplex full speed 100 ! interface FastEthernet1/13 duplex full speed 100 ! interface FastEthernet1/14 duplex full speed 100 ! interface FastEthernet1/15 duplex full speed 100 ! interface Vlan1 no ip address shutdown ! interface Vlan11 ip address 10.1.11.252 255.255.255.0 standby 11 ip 10.1.11.250 standby 11 preempt ! interface Vlan12 ip address 10.1.12.252 255.255.255.0 standby 12 ip 10.1.12.250 standby 12 priority 110 standby 12 preempt standby 12 track FastEthernet1/1 20 ! router ospf 1 router-id 12.12.12.12 log-adjacency-changes network 10.1.0.0 0.0.255.255 area 1 ! ip forward-protocol nd ! ! no ip http server no ip http secure-server ! no cdp log mismatch duplex ! ! ! ! ! ! control-plane ! ! ! ! ! ! ! ! ! ! line con 0 exec-timeout 0 0 privilege level 15 logging synchronous line aux 0 exec-timeout 0 0 privilege level 15 logging synchronous line vty 0 4 login ! ! end
DSW21 Part6 Configuration(Click)
! ! version 12.4 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption no service dhcp ! hostname DSW21 ! boot-start-marker boot-end-marker ! ! no aaa new-model memory-size iomem 5 no ip icmp rate-limit unreachable ip cef ! ! ! ! no ip domain lookup ! multilink bundle-name authenticated ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! vtp file nvram:vlan.dat archive log config hidekeys ! ! ! vlan internal allocation policy ascending ! ip tcp synwait-time 5 ! ! ! ! interface FastEthernet0/0 description *** Unused for Layer2 EtherSwitch *** no ip address shutdown duplex auto speed auto ! interface FastEthernet0/1 description *** Unused for Layer2 EtherSwitch *** no ip address shutdown duplex auto speed auto ! interface FastEthernet1/0 duplex full speed 100 ! interface FastEthernet1/1 no switchport ip address 10.1.0.10 255.255.255.252 duplex full speed 100 ! interface FastEthernet1/2 duplex full speed 100 ! interface FastEthernet1/3 duplex full speed 100 ! interface FastEthernet1/4 duplex full speed 100 ! interface FastEthernet1/5 duplex full speed 100 ! interface FastEthernet1/6 duplex full speed 100 ! interface FastEthernet1/7 duplex full speed 100 ! interface FastEthernet1/8 switchport mode trunk duplex full speed 100 ! interface FastEthernet1/9 duplex full speed 100 ! interface FastEthernet1/10 duplex full speed 100 ! interface FastEthernet1/11 duplex full speed 100 ! interface FastEthernet1/12 duplex full speed 100 ! interface FastEthernet1/13 duplex full speed 100 ! interface FastEthernet1/14 duplex full speed 100 ! interface FastEthernet1/15 duplex full speed 100 ! interface Vlan1 no ip address shutdown ! interface Vlan21 ip address 10.1.21.251 255.255.255.0 ! router ospf 1 router-id 21.21.21.21 log-adjacency-changes network 10.1.0.0 0.0.255.255 area 1 ! ip forward-protocol nd ! ! no ip http server no ip http secure-server ! no cdp log mismatch duplex ! ! ! ! ! ! control-plane ! ! ! ! ! ! ! ! ! ! line con 0 exec-timeout 0 0 privilege level 15 logging synchronous line aux 0 exec-timeout 0 0 privilege level 15 logging synchronous line vty 0 4 login ! ! end
DSW120 Part6 Configuration(Click)
! ! version 12.4 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption no service dhcp ! hostname DSW120 ! boot-start-marker boot-end-marker ! ! no aaa new-model memory-size iomem 5 no ip icmp rate-limit unreachable ip cef ! ! ! ! no ip domain lookup ! multilink bundle-name authenticated ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! vtp file nvram:vlan.dat archive log config hidekeys ! ! ! vlan internal allocation policy ascending ! ip tcp synwait-time 5 ! ! ! ! interface FastEthernet0/0 description *** Unused for Layer2 EtherSwitch *** no ip address shutdown duplex auto speed auto ! interface FastEthernet0/1 description *** Unused for Layer2 EtherSwitch *** no ip address shutdown duplex auto speed auto ! interface FastEthernet1/0 duplex full speed 100 ! interface FastEthernet1/1 switchport access vlan 11 duplex full speed 100 spanning-tree portfast ! interface FastEthernet1/2 duplex full speed 100 ! interface FastEthernet1/3 duplex full speed 100 ! interface FastEthernet1/4 duplex full speed 100 ! interface FastEthernet1/5 duplex full speed 100 ! interface FastEthernet1/6 duplex full speed 100 ! interface FastEthernet1/7 duplex full speed 100 ! interface FastEthernet1/8 duplex full speed 100 ! interface FastEthernet1/9 duplex full speed 100 ! interface FastEthernet1/10 duplex full speed 100 ! interface FastEthernet1/11 no switchport ip address 10.2.0.1 255.255.255.252 duplex full speed 100 ! interface FastEthernet1/12 no switchport ip address 10.2.0.5 255.255.255.252 duplex full speed 100 ! interface FastEthernet1/13 duplex full speed 100 ! interface FastEthernet1/14 duplex full speed 100 ! interface FastEthernet1/15 duplex full speed 100 ! interface Vlan1 no ip address shutdown ! interface Vlan11 ip address 10.2.11.251 255.255.255.0 ! router ospf 1 router-id 120.120.120.120 log-adjacency-changes network 10.2.0.0 0.0.255.255 area 2 ! ip forward-protocol nd ! ! no ip http server no ip http secure-server ! no cdp log mismatch duplex ! ! ! ! ! ! control-plane ! ! ! ! ! ! ! ! ! ! line con 0 exec-timeout 0 0 privilege level 15 logging synchronous line aux 0 exec-timeout 0 0 privilege level 15 logging synchronous line vty 0 4 login ! ! end
INET1 Part6 Configuration(Click)
! ! version 12.4 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname INET1 ! boot-start-marker boot-end-marker ! ! no aaa new-model memory-size iomem 5 no ip icmp rate-limit unreachable ! ! ip cef no ip domain lookup ! ! ip auth-proxy max-nodata-conns 3 ip admission max-nodata-conns 3 ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ip tcp synwait-time 5 ! ! ! ! ! interface Ethernet0/0 ip address 1.1.1.1 255.255.255.252 ip nat outside ip virtual-reassembly half-duplex ! interface Ethernet0/1 ip address 10.1.0.18 255.255.255.252 ip nat inside ip virtual-reassembly half-duplex ! interface Ethernet0/2 ip address 1.1.1.5 255.255.255.252 half-duplex ! interface Ethernet0/3 no ip address shutdown half-duplex ! router ospf 1 router-id 112.112.112.112 log-adjacency-changes network 10.1.0.0 0.0.255.255 area 1 default-information originate ! no ip http server no ip http secure-server ! ip forward-protocol nd ip route 0.0.0.0 0.0.0.0 1.1.1.2 ! ip nat inside source list 10 interface Ethernet0/0 overload ! access-list 10 permit 10.1.0.0 0.0.255.255 no cdp log mismatch duplex ! ! ! control-plane ! ! ! ! ! ! ! ! ! ! line con 0 exec-timeout 0 0 privilege level 15 logging synchronous line aux 0 exec-timeout 0 0 privilege level 15 logging synchronous line vty 0 4 login ! ! end
INET2 Part6 Configuration(Click)
! ! version 12.4 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname INET2 ! boot-start-marker boot-end-marker ! ! no aaa new-model memory-size iomem 5 no ip icmp rate-limit unreachable ! ! ip cef no ip domain lookup ! ! ip auth-proxy max-nodata-conns 3 ip admission max-nodata-conns 3 ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ip tcp synwait-time 5 ! ! crypto isakmp policy 1 authentication pre-share crypto isakmp key cisco address 1.1.1.6 ! ! crypto ipsec transform-set IPSEC esp-3des esp-sha-hmac mode transport ! crypto ipsec profile IPSEC set transform-set IPSEC ! ! ! ! ! interface Tunnel12 ip address 10.10.10.2 255.255.255.252 tunnel source 2.2.2.1 tunnel destination 1.1.1.6 tunnel mode ipsec ipv4 tunnel protection ipsec profile IPSEC ! interface Ethernet0/0 ip address 2.2.2.1 255.255.255.252 ip nat outside ip virtual-reassembly half-duplex ! interface Ethernet0/1 ip address 10.2.0.6 255.255.255.252 ip nat inside ip virtual-reassembly half-duplex ! interface Ethernet0/2 no ip address shutdown half-duplex ! interface Ethernet0/3 no ip address shutdown half-duplex ! router ospf 1 router-id 122.122.122.122 log-adjacency-changes redistribute static subnets network 10.2.0.0 0.0.255.255 area 2 default-information originate ! no ip http server no ip http secure-server ! ip forward-protocol nd ip route 0.0.0.0 0.0.0.0 2.2.2.2 ip route 10.1.0.0 255.255.0.0 10.10.10.1 120 ! ip nat inside source list 10 interface Ethernet0/0 overload ! access-list 10 permit 10.2.0.0 0.0.255.255 no cdp log mismatch duplex ! ! ! control-plane ! ! ! ! ! ! ! ! ! ! line con 0 exec-timeout 0 0 privilege level 15 logging synchronous line aux 0 exec-timeout 0 0 privilege level 15 logging synchronous line vty 0 4 login ! ! end
INET3 Part6 Configuration(Click)
! ! version 12.4 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname INET3 ! boot-start-marker boot-end-marker ! ! no aaa new-model memory-size iomem 5 no ip icmp rate-limit unreachable ! ! ip cef no ip domain lookup ! ! ip auth-proxy max-nodata-conns 3 ip admission max-nodata-conns 3 ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ip tcp synwait-time 5 ! ! crypto isakmp policy 1 authentication pre-share crypto isakmp key cisco address 1.1.1.6 ! ! crypto ipsec transform-set IPSEC esp-3des esp-sha-hmac mode transport ! crypto ipsec profile IPSEC set transform-set IPSEC ! ! ! ! ! interface Tunnel13 ip address 10.10.10.6 255.255.255.252 tunnel source 3.3.3.1 tunnel destination 1.1.1.6 tunnel mode ipsec ipv4 tunnel protection ipsec profile IPSEC ! interface Ethernet0/0 ip address 3.3.3.1 255.255.255.252 ip nat outside ip virtual-reassembly half-duplex ! interface Ethernet0/1 ip address 10.3.11.251 255.255.255.0 ip nat inside ip virtual-reassembly half-duplex ! interface Ethernet0/2 no ip address shutdown half-duplex ! interface Ethernet0/3 no ip address shutdown half-duplex ! no ip http server no ip http secure-server ! ip forward-protocol nd ip route 0.0.0.0 0.0.0.0 3.3.3.2 ip route 10.1.0.0 255.255.0.0 10.10.10.5 ip route 10.2.0.0 255.255.0.0 10.10.10.5 ! ip nat inside source list 10 interface Ethernet0/0 overload ! access-list 10 permit 10.3.0.0 0.0.255.255 no cdp log mismatch duplex ! ! ! control-plane ! ! ! ! ! ! ! ! ! ! line con 0 exec-timeout 0 0 privilege level 15 logging synchronous line aux 0 exec-timeout 0 0 privilege level 15 logging synchronous line vty 0 4 login ! ! end
ISP11 Part6 Configuration(Click)
! ! version 12.4 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname ISP11 ! boot-start-marker boot-end-marker ! ! no aaa new-model memory-size iomem 5 no ip icmp rate-limit unreachable ! ! ip cef no ip domain lookup ! ! ip auth-proxy max-nodata-conns 3 ip admission max-nodata-conns 3 ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ip tcp synwait-time 5 ! ! ! ! ! interface Loopback0 ip address 192.168.0.11 255.255.255.255 ip ospf network point-to-point ! interface Ethernet0/0 ip address 1.1.1.2 255.255.255.252 half-duplex ! interface Ethernet0/1 ip address 192.168.15.1 255.255.255.0 half-duplex ! interface Ethernet0/2 no ip address shutdown half-duplex ! interface Ethernet0/3 no ip address shutdown half-duplex ! router ospf 1 router-id 11.11.11.11 log-adjacency-changes network 192.168.0.0 0.0.255.255 area 0 ! router bgp 1 no synchronization bgp log-neighbor-changes network 1.1.1.0 mask 255.255.255.252 neighbor 192.168.0.15 remote-as 1 neighbor 192.168.0.15 update-source Loopback0 neighbor 192.168.0.15 next-hop-self no auto-summary ! no ip http server no ip http secure-server ! ip forward-protocol nd ! ! no cdp log mismatch duplex ! ! ! control-plane ! ! ! ! ! ! ! ! ! ! line con 0 exec-timeout 0 0 privilege level 15 logging synchronous line aux 0 exec-timeout 0 0 privilege level 15 logging synchronous line vty 0 4 login ! ! end
ISP12 Part6 Configuration(Click)
! ! version 12.4 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname ISP12 ! boot-start-marker boot-end-marker ! ! no aaa new-model memory-size iomem 5 no ip icmp rate-limit unreachable ! ! ip cef no ip domain lookup ! ! ip auth-proxy max-nodata-conns 3 ip admission max-nodata-conns 3 ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ip tcp synwait-time 5 ! ! ! ! ! interface Loopback0 ip address 192.168.0.12 255.255.255.255 ! interface Ethernet0/0 ip address 2.2.2.2 255.255.255.252 half-duplex ! interface Ethernet0/1 ip address 192.168.25.2 255.255.255.0 half-duplex ! interface Ethernet0/2 no ip address shutdown half-duplex ! interface Ethernet0/3 no ip address shutdown half-duplex ! router ospf 1 router-id 12.12.12.12 log-adjacency-changes network 192.168.0.0 0.0.255.255 area 0 ! router bgp 1 no synchronization bgp log-neighbor-changes network 2.2.2.0 mask 255.255.255.252 neighbor 192.168.0.15 remote-as 1 neighbor 192.168.0.15 update-source Loopback0 neighbor 192.168.0.15 next-hop-self no auto-summary ! no ip http server no ip http secure-server ! ip forward-protocol nd ! ! no cdp log mismatch duplex ! ! ! control-plane ! ! ! ! ! ! ! ! ! ! line con 0 exec-timeout 0 0 privilege level 15 logging synchronous line aux 0 exec-timeout 0 0 privilege level 15 logging synchronous line vty 0 4 login ! ! end
ISP13 Part6 Configuration(Click)
! ! version 12.4 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname ISP13 ! boot-start-marker boot-end-marker ! ! no aaa new-model memory-size iomem 5 no ip icmp rate-limit unreachable ! ! ip cef no ip domain lookup ! ! ip auth-proxy max-nodata-conns 3 ip admission max-nodata-conns 3 ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ip tcp synwait-time 5 ! ! ! ! ! interface Loopback0 ip address 192.168.0.13 255.255.255.255 ip ospf network point-to-point ! interface Ethernet0/0 ip address 12.12.12.1 255.255.255.252 half-duplex ! interface Ethernet0/1 ip address 192.168.35.3 255.255.255.0 half-duplex ! interface Ethernet0/2 no ip address shutdown half-duplex ! interface Ethernet0/3 no ip address shutdown half-duplex ! router ospf 1 router-id 13.13.13.13 log-adjacency-changes network 192.168.0.0 0.0.255.255 area 0 ! router bgp 1 no synchronization bgp log-neighbor-changes neighbor 12.12.12.2 remote-as 2 neighbor 12.12.12.2 password cisco neighbor 192.168.0.15 remote-as 1 neighbor 192.168.0.15 update-source Loopback0 neighbor 192.168.0.15 next-hop-self no auto-summary ! no ip http server no ip http secure-server ! ip forward-protocol nd ! ! no cdp log mismatch duplex ! ! ! control-plane ! ! ! ! ! ! ! ! ! ! line con 0 exec-timeout 0 0 privilege level 15 logging synchronous line aux 0 exec-timeout 0 0 privilege level 15 logging synchronous line vty 0 4 login ! ! end
ISP14 Part6 Configuration(Click)
! ! version 12.4 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname ISP14 ! boot-start-marker boot-end-marker ! ! no aaa new-model memory-size iomem 5 no ip icmp rate-limit unreachable ! ! ip cef no ip domain lookup ! ! ip auth-proxy max-nodata-conns 3 ip admission max-nodata-conns 3 ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ip tcp synwait-time 5 ! ! ! ! ! interface Loopback0 ip address 192.168.0.14 255.255.255.255 ! interface Ethernet0/0 ip address 12.12.12.5 255.255.255.252 half-duplex ! interface Ethernet0/1 ip address 192.168.45.4 255.255.255.0 half-duplex ! interface Ethernet0/2 no ip address shutdown half-duplex ! interface Ethernet0/3 no ip address shutdown half-duplex ! router ospf 1 router-id 14.14.14.14 log-adjacency-changes network 192.168.0.0 0.0.255.255 area 0 ! router bgp 1 no synchronization bgp log-neighbor-changes neighbor 12.12.12.6 remote-as 2 neighbor 12.12.12.6 password cisco neighbor 192.168.0.15 remote-as 1 neighbor 192.168.0.15 update-source Loopback0 neighbor 192.168.0.15 next-hop-self no auto-summary ! no ip http server no ip http secure-server ! ip forward-protocol nd ! ! no cdp log mismatch duplex ! ! ! control-plane ! ! ! ! ! ! ! ! ! ! line con 0 exec-timeout 0 0 privilege level 15 logging synchronous line aux 0 exec-timeout 0 0 privilege level 15 logging synchronous line vty 0 4 login ! ! end
ISP15 Part6 Configuration(Click)
! ! version 12.4 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname ISP15 ! boot-start-marker boot-end-marker ! ! no aaa new-model memory-size iomem 5 no ip icmp rate-limit unreachable ! ! ip cef no ip domain lookup ! ! ip auth-proxy max-nodata-conns 3 ip admission max-nodata-conns 3 ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ip tcp synwait-time 5 ! ! ! ! ! interface Loopback0 ip address 192.168.0.15 255.255.255.255 ! interface Loopback1 ip address 100.1.2.15 255.255.255.0 secondary ip address 100.1.1.15 255.255.255.0 ip ospf network point-to-point ! interface Ethernet0/0 ip address 192.168.15.5 255.255.255.0 half-duplex ! interface Ethernet0/1 ip address 192.168.25.5 255.255.255.0 half-duplex ! interface Ethernet0/2 ip address 192.168.35.5 255.255.255.0 half-duplex ! interface Ethernet0/3 ip address 192.168.45.5 255.255.255.0 half-duplex ! router ospf 1 router-id 15.15.15.15 log-adjacency-changes network 192.168.0.0 0.0.255.255 area 0 ! router bgp 1 no synchronization bgp log-neighbor-changes network 100.1.1.0 mask 255.255.255.0 network 100.1.2.0 mask 255.255.255.0 neighbor 192.168.0.11 remote-as 1 neighbor 192.168.0.11 update-source Loopback0 neighbor 192.168.0.11 route-reflector-client neighbor 192.168.0.12 remote-as 1 neighbor 192.168.0.12 update-source Loopback0 neighbor 192.168.0.12 route-reflector-client neighbor 192.168.0.13 remote-as 1 neighbor 192.168.0.13 update-source Loopback0 neighbor 192.168.0.13 route-reflector-client neighbor 192.168.0.14 remote-as 1 neighbor 192.168.0.14 update-source Loopback0 neighbor 192.168.0.14 route-reflector-client no auto-summary ! no ip http server no ip http secure-server ! ip forward-protocol nd ! ! no cdp log mismatch duplex ! ! ! control-plane ! ! ! ! ! ! ! ! ! ! line con 0 exec-timeout 0 0 privilege level 15 logging synchronous line aux 0 exec-timeout 0 0 privilege level 15 logging synchronous line vty 0 4 login ! ! end
ISP21 Part6 Configuration(Click)
! ! version 12.4 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname ISP21 ! boot-start-marker boot-end-marker ! ! no aaa new-model memory-size iomem 5 no ip icmp rate-limit unreachable ! ! ip cef no ip domain lookup ! ! ip auth-proxy max-nodata-conns 3 ip admission max-nodata-conns 3 ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ip tcp synwait-time 5 ! ! ! ! ! interface Loopback0 ip address 192.168.0.21 255.255.255.255 ! interface Ethernet0/0 ip address 3.3.3.2 255.255.255.252 half-duplex ! interface Ethernet0/1 ip address 192.168.12.1 255.255.255.0 half-duplex ! interface Ethernet0/2 no ip address shutdown half-duplex ! interface Ethernet0/3 no ip address shutdown half-duplex ! router ospf 1 router-id 21.21.21.21 log-adjacency-changes network 192.168.0.0 0.0.255.255 area 0 ! router bgp 2 no synchronization bgp log-neighbor-changes network 3.3.3.0 mask 255.255.255.252 neighbor 192.168.0.22 remote-as 2 neighbor 192.168.0.22 update-source Loopback0 neighbor 192.168.0.22 next-hop-self no auto-summary ! no ip http server no ip http secure-server ! ip forward-protocol nd ! ! no cdp log mismatch duplex ! ! ! control-plane ! ! ! ! ! ! ! ! ! ! line con 0 exec-timeout 0 0 privilege level 15 logging synchronous line aux 0 exec-timeout 0 0 privilege level 15 logging synchronous line vty 0 4 login ! ! end
ISP22 Part6 Configuration(Click)
! ! version 12.4 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname ISP22 ! boot-start-marker boot-end-marker ! ! no aaa new-model memory-size iomem 5 no ip icmp rate-limit unreachable ! ! ip cef no ip domain lookup ! ! ip auth-proxy max-nodata-conns 3 ip admission max-nodata-conns 3 ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ip tcp synwait-time 5 ! ! ! ! ! interface Loopback0 ip address 192.168.0.22 255.255.255.255 ! interface Ethernet0/0 ip address 12.12.12.2 255.255.255.252 half-duplex ! interface Ethernet0/1 ip address 12.12.12.6 255.255.255.252 half-duplex ! interface Ethernet0/2 ip address 192.168.12.2 255.255.255.0 half-duplex ! interface Ethernet0/3 no ip address shutdown half-duplex ! router ospf 1 router-id 22.22.22.22 log-adjacency-changes network 192.168.0.0 0.0.255.255 area 0 ! router bgp 2 no synchronization bgp log-neighbor-changes neighbor 12.12.12.1 remote-as 1 neighbor 12.12.12.1 password cisco neighbor 12.12.12.1 route-map From_ISP13 in neighbor 12.12.12.5 remote-as 1 neighbor 12.12.12.5 password cisco neighbor 12.12.12.5 route-map From_ISP14 in neighbor 192.168.0.21 remote-as 2 neighbor 192.168.0.21 update-source Loopback0 neighbor 192.168.0.21 next-hop-self no auto-summary ! no ip http server no ip http secure-server ! ip forward-protocol nd ! ! access-list 1 permit 100.1.1.0 access-list 2 permit 100.1.2.0 no cdp log mismatch duplex ! route-map From_ISP13 permit 10 match ip address 1 set local-preference 150 ! route-map From_ISP13 permit 100 ! route-map From_ISP14 permit 10 match ip address 2 set local-preference 150 ! route-map From_ISP14 permit 100 ! ! ! control-plane ! ! ! ! ! ! ! ! ! ! line con 0 exec-timeout 0 0 privilege level 15 logging synchronous line aux 0 exec-timeout 0 0 privilege level 15 logging synchronous line vty 0 4 login ! ! end
PC11 Part6 Configuration(Click)
set pcname PC11 ip 10.1.11.11 10.1.11.250 24
PC12 Part6 Configuration(Click)
set pcname PC12 ip 10.1.12.12 10.1.12.250 24
PC21 Part6 Configuration(Click)
set pcname PC21 ip 10.1.21.21 10.1.21.251 24
PC120 Part6 Configuration(Click)
# This the configuration for PC120 set pcname PC120 ip 10.2.11.120 255.255.255.0 10.2.11.251
PC130 Part6 Configuration(Click)
# This the configuration for PC130 set pcname PC130 ip 10.3.11.130 255.255.255.0 10.3.11.251
SFSW Part6 Configuration(Click)
! ! version 12.4 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption no service dhcp ! hostname SFSW ! boot-start-marker boot-end-marker ! ! no aaa new-model memory-size iomem 5 no ip routing no ip icmp rate-limit unreachable no ip cef ! ! ! ! no ip domain lookup ! multilink bundle-name authenticated ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! vtp file nvram:vlan.dat archive log config hidekeys ! ! ! ! ip tcp synwait-time 5 ! ! ! ! interface FastEthernet0/0 description *** Unused for Layer2 EtherSwitch *** no ip address no ip route-cache shutdown duplex auto speed auto ! interface FastEthernet0/1 description *** Unused for Layer2 EtherSwitch *** no ip address no ip route-cache shutdown duplex auto speed auto ! interface FastEthernet1/0 duplex full speed 100 ! interface FastEthernet1/1 switchport access vlan 100 duplex full speed 100 spanning-tree portfast ! interface FastEthernet1/2 duplex full speed 100 ! interface FastEthernet1/3 duplex full speed 100 ! interface FastEthernet1/4 duplex full speed 100 ! interface FastEthernet1/5 duplex full speed 100 ! interface FastEthernet1/6 duplex full speed 100 ! interface FastEthernet1/7 duplex full speed 100 ! interface FastEthernet1/8 switchport access vlan 100 duplex full speed 100 ! interface FastEthernet1/9 duplex full speed 100 ! interface FastEthernet1/10 duplex full speed 100 ! interface FastEthernet1/11 duplex full speed 100 ! interface FastEthernet1/12 duplex full speed 100 ! interface FastEthernet1/13 duplex full speed 100 ! interface FastEthernet1/14 duplex full speed 100 ! interface FastEthernet1/15 duplex full speed 100 ! interface Vlan1 no ip address no ip route-cache shutdown ! ip forward-protocol nd ! ! no ip http server no ip http secure-server ! no cdp log mismatch duplex ! ! ! ! ! ! control-plane ! ! ! ! ! ! ! ! ! ! line con 0 exec-timeout 0 0 privilege level 15 logging synchronous line aux 0 exec-timeout 0 0 privilege level 15 logging synchronous line vty 0 4 login ! ! end
SRV Part6 Configuration(Click)
set pcname SRV ip 10.1.100.100 10.1.100.251 24
VPN1 Part6 Configuration(Click)
! ! version 12.4 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname VPN1 ! boot-start-marker boot-end-marker ! ! no aaa new-model memory-size iomem 5 no ip icmp rate-limit unreachable ! ! ip cef no ip domain lookup ! ! ip auth-proxy max-nodata-conns 3 ip admission max-nodata-conns 3 ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ip tcp synwait-time 5 ! ! crypto isakmp policy 1 authentication pre-share crypto isakmp key cisco address 2.2.2.1 crypto isakmp key cisco address 3.3.3.1 ! ! crypto ipsec transform-set IPSEC esp-3des esp-sha-hmac mode transport ! crypto ipsec profile IPSEC set transform-set IPSEC ! ! ! ! ! interface Tunnel12 ip address 10.10.10.1 255.255.255.252 tunnel source 1.1.1.6 tunnel destination 2.2.2.1 tunnel mode ipsec ipv4 tunnel protection ipsec profile IPSEC ! interface Tunnel13 ip address 10.10.10.5 255.255.255.252 tunnel source 1.1.1.6 tunnel destination 3.3.3.1 tunnel mode ipsec ipv4 tunnel protection ipsec profile IPSEC ! interface Ethernet0/0 ip address 1.1.1.6 255.255.255.252 half-duplex ! interface Ethernet0/1 ip address 10.1.0.22 255.255.255.252 half-duplex ! interface Ethernet0/2 no ip address shutdown half-duplex ! interface Ethernet0/3 no ip address shutdown half-duplex ! router ospf 1 router-id 113.113.113.113 log-adjacency-changes redistribute static subnets network 10.1.0.0 0.0.255.255 area 1 ! no ip http server no ip http secure-server ! ip forward-protocol nd ip route 0.0.0.0 0.0.0.0 1.1.1.5 ip route 10.2.0.0 255.255.0.0 10.10.10.2 120 ip route 10.3.0.0 255.255.0.0 10.10.10.6 ! ! no cdp log mismatch duplex ! ! ! control-plane ! ! ! ! ! ! ! ! ! ! line con 0 exec-timeout 0 0 privilege level 15 logging synchronous line aux 0 exec-timeout 0 0 privilege level 15 logging synchronous line vty 0 4 login ! ! end
WAN1 Part6 Configuration(Click)
! ! version 12.4 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname WAN1 ! boot-start-marker boot-end-marker ! ! no aaa new-model memory-size iomem 5 no ip icmp rate-limit unreachable ! ! ip cef no ip domain lookup ! ! ip auth-proxy max-nodata-conns 3 ip admission max-nodata-conns 3 ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ip tcp synwait-time 5 ! ! ! ! ! interface Ethernet0/0 ip address 10.0.0.1 255.255.255.0 half-duplex ! interface Ethernet0/1 ip address 10.1.0.14 255.255.255.252 half-duplex ! interface Ethernet0/2 no ip address shutdown half-duplex ! interface Ethernet0/3 no ip address shutdown half-duplex ! router ospf 1 router-id 111.111.111.111 log-adjacency-changes area 1 range 10.1.0.0 255.255.0.0 network 10.0.0.0 0.0.0.255 area 0 network 10.1.0.0 0.0.255.255 area 1 ! no ip http server no ip http secure-server ! ip forward-protocol nd ! ! no cdp log mismatch duplex ! ! ! control-plane ! ! ! ! ! ! ! ! ! ! line con 0 exec-timeout 0 0 privilege level 15 logging synchronous line aux 0 exec-timeout 0 0 privilege level 15 logging synchronous line vty 0 4 login ! ! end
WAN2 Part6 Configuration(Click)
! ! version 12.4 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname WAN2 ! boot-start-marker boot-end-marker ! ! no aaa new-model memory-size iomem 5 no ip icmp rate-limit unreachable ! ! ip cef no ip domain lookup ! ! ip auth-proxy max-nodata-conns 3 ip admission max-nodata-conns 3 ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ip tcp synwait-time 5 ! ! ! ! ! interface Ethernet0/0 ip address 10.0.0.2 255.255.255.0 half-duplex ! interface Ethernet0/1 ip address 10.2.0.2 255.255.255.252 half-duplex ! interface Ethernet0/2 no ip address shutdown half-duplex ! interface Ethernet0/3 no ip address shutdown half-duplex ! router ospf 1 router-id 121.121.121.121 log-adjacency-changes area 2 range 10.2.0.0 255.255.0.0 network 10.0.0.0 0.0.0.255 area 0 network 10.2.0.0 0.0.255.255 area 2 ! no ip http server no ip http secure-server ! ip forward-protocol nd ! ! no cdp log mismatch duplex ! ! ! control-plane ! ! ! ! ! ! ! ! ! ! line con 0 exec-timeout 0 0 privilege level 15 logging synchronous line aux 0 exec-timeout 0 0 privilege level 15 logging synchronous line vty 0 4 login ! ! end
関連記事
関連記事
IPルーティング応用
- DNSラウンドロビン方式の負荷分散
- 負荷分散装置(ロードバランサ)の仕組み
- ルーティングプロセス ~実行中のルーティングプロトコル用のプログラム~
- 複数のルーティングプロトコルの利用
- 再配送(再配布) ~ルーティングドメイン境界で必須の設定~
- Cisco再配送(再配布)の設定 ~redistributeコマンド~
- Cisco 再配送の設定例 ~OSPFとRIPの双方向再配送~
- 再配送 設定ミスの切り分けと修正 Part1
- 再配送 設定ミスの切り分けと修正 Part2
- 再配送 設定ミスの切り分けと修正 Part3
- 再配送 設定ミスの切り分けと修正 Part4
- 再配送 設定ミスの切り分けと修正 Part5
- 再配送 設定ミスの切り分けと修正 Part6
- オフセットリスト(offset-list) ~ルート情報のメトリックを加算~
- オフセットリストの設定例 RIP
- オフセットリストの設定例 EIGRP
- ルートフィルタの概要
- ルートフィルタのポイント
- ディストリビュートリストによるルートフィルタの設定
- Ciscoディストリビュートリストによるルートフィルタの設定例
- プレフィクスリスト(prefix-list)によるルートフィルタの設定
- Ciscoプレフィクスリストによるルートフィルタの設定例
- Ciscoルートマップ(route-map)の概要 ~何をどう処理するか~
- Ciscoルートマップの設定
- Ciscoルートマップ(route-map)設定のポイント
- Ciscoルートマップによる再配送時のルート制御の設定例
- ポリシーベースルーティングの設定例
- GREトンネルインタフェース ~仮想的なポイントツーポイント接続~
- GREトンネルインタフェースの設定例
- GREトンネルの注意点 ~フラッピングしないように~
- オーバーレイネットワークとアンダーレイネットワーク
- ルート制御 ケーススタディ Part1
- ルート制御 ケーススタディ Part2
- ルート制御 ケーススタディ Part3
- VRF/VRF-Liteの概要 ~仮想的にルータを分割する~
- VRFの設定と確認コマンド [Cisco]
- VRF-Liteによるレイヤ3VPNの設定例 [Cisco]
- VRFルートリーク(スタティックルート)
- VRFルートリーク(スタティックルート)の設定例
- VRFルートリーク(MP-BGP)
- VRFルートリーク(MP-BGP)の設定例
- [FVRFの仕組み] FVRF(Front door VRF)とは
- [FVRFの仕組み] ポイントツーポイントGREトンネル:FVRFなし
- [FVRFの仕組み] ポイントツーポイントGREトンネル : FVRFあり(tunnel vrfコマンド)
- [FVRFの仕組み] IPSec VTI : FRVRFあり
- [FVRFの仕組み] IPSec VTI : FVRFあり 設定例
- [FVRFの仕組み] DMVPN : FVRFあり
- [FVRFの仕組み] DMVPN : FVRFあり 設定例 Part1
- [FVRFの仕組み] DMVPN : FVRFあり 設定例 Part2
- tunnel vrfコマンド
- tunnel vrfコマンドの設定例
- [演習] ルーティングループの防止
- [演習] 企業ネットワーク構築演習 Part1:拠点1の構築
- [演習] 企業ネットワーク構築演習 Part2:拠点2/拠点3の構築
- [演習] 企業ネットワーク構築演習 Part3:広域イーサネットの接続
- [演習] 企業ネットワーク構築演習 Part4:インターネット(AS1/AS2)の構築
- [演習] 企業ネットワーク構築演習 Part5:インターネットへの接続
- [演習] 企業ネットワーク構築演習 Part6:インターネットVPNの構築