概要

企業の社内ネットワークを構築する総合的な演習です。以下の技術を組み合わせて企業の3つの拠点を相互接続します。拠点間の接続は広域イーサネットをプライマリとして、インターネットVPN(IPSec VTI)をバックアップにします。

  • VLAN
  • SVI/ルーテッドポート(レイヤ3スイッチ)
  • OSPF
  • HSRP
  • BGP
  • NAT
  • IPSec-VPN(VTI)

Part1は、メインの拠点1を構築します。

Part1:拠点1の構築
Part2:拠点2/拠点3の構築
Part3:広域イーサネットの接続
Part4:インターネット(AS1/AS2)の構築
Part5:インターネットへの接続
Part6:インターネットVPNの構築

ネットワーク構成

拠点1物理構成

拠点1論理構成

拠点2/拠点3物理構成

拠点2/拠点3論理構成

インターネット物理/論理構成

インターネットVPN

初期設定

拠点1/拠点2/拠点3

  • PC/SRV
    • IPアドレス/サブネットマスク、デフォルトゲートウェイ

インターネット(AS1/AS2)

  • AS内のプライベートアドレス
    • AS内のOSPF
    • AS1の100.1.1.0/24、100.1.2.0/24のネットワーク
    • AS間のグローバルアドレス

ASW11 Initical Configuration(Click)

!
!
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
no service dhcp
!
hostname ASW11
!
ip cef
no ip routing
no ip domain-lookup
no ip icmp rate-limit unreachable
ip tcp synwait 5
no cdp log mismatch duplex
vtp file nvram:vlan.dat
!
!
interface FastEthernet0/0
 description *** Unused for Layer2 EtherSwitch ***
 no ip address
 shutdown
!
interface FastEthernet0/1
 description *** Unused for Layer2 EtherSwitch ***
 no ip address
 shutdown
!
interface FastEthernet1/0
 no shutdown
 duplex full
 speed 100
!
interface FastEthernet1/1
 no shutdown
 duplex full
 speed 100
!
interface FastEthernet1/2
 no shutdown
 duplex full
 speed 100
!
interface FastEthernet1/3
 no shutdown
 duplex full
 speed 100
!
interface FastEthernet1/4
 no shutdown
 duplex full
 speed 100
!
interface FastEthernet1/5
 no shutdown
 duplex full
 speed 100
!
interface FastEthernet1/6
 no shutdown
 duplex full
 speed 100
!
interface FastEthernet1/7
 no shutdown
 duplex full
 speed 100
!
interface FastEthernet1/8
 no shutdown
 duplex full
 speed 100
!
interface FastEthernet1/9
 no shutdown
 duplex full
 speed 100
!
interface FastEthernet1/10
 no shutdown
 duplex full
 speed 100
!
interface FastEthernet1/11
 no shutdown
 duplex full
 speed 100
!
interface FastEthernet1/12
 no shutdown
 duplex full
 speed 100
!
interface FastEthernet1/13
 no shutdown
 duplex full
 speed 100
!
interface FastEthernet1/14
 no shutdown
 duplex full
 speed 100
!
interface FastEthernet1/15
 no shutdown
 duplex full
 speed 100
!
interface Vlan1
 no ip address
 shutdown
!
!
line con 0
 exec-timeout 0 0
 logging synchronous
 privilege level 15
 no login
line aux 0
 exec-timeout 0 0
 logging synchronous
 privilege level 15
 no login
!
!

ASW21 Initical Configuration(Click)

!
!
!
!
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
no service dhcp
!
hostname ASW21
!
ip cef
no ip routing
no ip domain-lookup
no ip icmp rate-limit unreachable
ip tcp synwait 5
no cdp log mismatch duplex
vtp file nvram:vlan.dat
!
!
interface FastEthernet0/0
 description *** Unused for Layer2 EtherSwitch ***
 no ip address
 shutdown
!
interface FastEthernet0/1
 description *** Unused for Layer2 EtherSwitch ***
 no ip address
 shutdown
!
interface FastEthernet1/0
 no shutdown
 duplex full
 speed 100
!
interface FastEthernet1/1
 no shutdown
 duplex full
 speed 100
!
interface FastEthernet1/2
 no shutdown
 duplex full
 speed 100
!
interface FastEthernet1/3
 no shutdown
 duplex full
 speed 100
!
interface FastEthernet1/4
 no shutdown
 duplex full
 speed 100
!
interface FastEthernet1/5
 no shutdown
 duplex full
 speed 100
!
interface FastEthernet1/6
 no shutdown
 duplex full
 speed 100
!
interface FastEthernet1/7
 no shutdown
 duplex full
 speed 100
!
interface FastEthernet1/8
 no shutdown
 duplex full
 speed 100
!
interface FastEthernet1/9
 no shutdown
 duplex full
 speed 100
!
interface FastEthernet1/10
 no shutdown
 duplex full
 speed 100
!
interface FastEthernet1/11
 no shutdown
 duplex full
 speed 100
!
interface FastEthernet1/12
 no shutdown
 duplex full
 speed 100
!
interface FastEthernet1/13
 no shutdown
 duplex full
 speed 100
!
interface FastEthernet1/14
 no shutdown
 duplex full
 speed 100
!
interface FastEthernet1/15
 no shutdown
 duplex full
 speed 100
!
interface Vlan1
 no ip address
 shutdown
!
!
line con 0
 exec-timeout 0 0
 logging synchronous
 privilege level 15
 no login
line aux 0
 exec-timeout 0 0
 logging synchronous
 privilege level 15
 no login
!
!

BBSW Initical Configuration(Click)

!
!
!
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
no service dhcp
!
hostname BBSW
!
ip cef
no ip routing
no ip domain-lookup
no ip icmp rate-limit unreachable
ip tcp synwait 5
no cdp log mismatch duplex
vtp file nvram:vlan.dat
!
!
interface FastEthernet0/0
 description *** Unused for Layer2 EtherSwitch ***
 no ip address
 shutdown
!
interface FastEthernet0/1
 description *** Unused for Layer2 EtherSwitch ***
 no ip address
 shutdown
!
interface FastEthernet1/0
 no shutdown
 duplex full
 speed 100
!
interface FastEthernet1/1
 no shutdown
 duplex full
 speed 100
!
interface FastEthernet1/2
 no shutdown
 duplex full
 speed 100
!
interface FastEthernet1/3
 no shutdown
 duplex full
 speed 100
!
interface FastEthernet1/4
 no shutdown
 duplex full
 speed 100
!
interface FastEthernet1/5
 no shutdown
 duplex full
 speed 100
!
interface FastEthernet1/6
 no shutdown
 duplex full
 speed 100
!
interface FastEthernet1/7
 no shutdown
 duplex full
 speed 100
!
interface FastEthernet1/8
 no shutdown
 duplex full
 speed 100
!
interface FastEthernet1/9
 no shutdown
 duplex full
 speed 100
!
interface FastEthernet1/10
 no shutdown
 duplex full
 speed 100
!
interface FastEthernet1/11
 no shutdown
 duplex full
 speed 100
!
interface FastEthernet1/12
 no shutdown
 duplex full
 speed 100
!
interface FastEthernet1/13
 no shutdown
 duplex full
 speed 100
!
interface FastEthernet1/14
 no shutdown
 duplex full
 speed 100
!
interface FastEthernet1/15
 no shutdown
 duplex full
 speed 100
!
interface Vlan1
 no ip address
 shutdown
!
!
line con 0
 exec-timeout 0 0
 logging synchronous
 privilege level 15
 no login
line aux 0
 exec-timeout 0 0
 logging synchronous
 privilege level 15
 no login
!
!

DSW11 Initical Configuration(Click)

!
!
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
no service dhcp
!
hostname DSW11
!
ip cef
no ip routing
no ip domain-lookup
no ip icmp rate-limit unreachable
ip tcp synwait 5
no cdp log mismatch duplex
vtp file nvram:vlan.dat
!
!
interface FastEthernet0/0
 description *** Unused for Layer2 EtherSwitch ***
 no ip address
 shutdown
!
interface FastEthernet0/1
 description *** Unused for Layer2 EtherSwitch ***
 no ip address
 shutdown
!
interface FastEthernet1/0
 no shutdown
 duplex full
 speed 100
!
interface FastEthernet1/1
 no shutdown
 duplex full
 speed 100
!
interface FastEthernet1/2
 no shutdown
 duplex full
 speed 100
!
interface FastEthernet1/3
 no shutdown
 duplex full
 speed 100
!
interface FastEthernet1/4
 no shutdown
 duplex full
 speed 100
!
interface FastEthernet1/5
 no shutdown
 duplex full
 speed 100
!
interface FastEthernet1/6
 no shutdown
 duplex full
 speed 100
!
interface FastEthernet1/7
 no shutdown
 duplex full
 speed 100
!
interface FastEthernet1/8
 no shutdown
 duplex full
 speed 100
!
interface FastEthernet1/9
 no shutdown
 duplex full
 speed 100
!
interface FastEthernet1/10
 no shutdown
 duplex full
 speed 100
!
interface FastEthernet1/11
 no shutdown
 duplex full
 speed 100
!
interface FastEthernet1/12
 no shutdown
 duplex full
 speed 100
!
interface FastEthernet1/13
 no shutdown
 duplex full
 speed 100
!
interface FastEthernet1/14
 no shutdown
 duplex full
 speed 100
!
interface FastEthernet1/15
 no shutdown
 duplex full
 speed 100
!
interface Vlan1
 no ip address
 shutdown
!
!
line con 0
 exec-timeout 0 0
 logging synchronous
 privilege level 15
 no login
line aux 0
 exec-timeout 0 0
 logging synchronous
 privilege level 15
 no login
!
!

DSW12 Initical Configuration(Click)

!
!
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
no service dhcp
!
hostname DSW12
!
ip cef
no ip routing
no ip domain-lookup
no ip icmp rate-limit unreachable
ip tcp synwait 5
no cdp log mismatch duplex
vtp file nvram:vlan.dat
!
!
interface FastEthernet0/0
 description *** Unused for Layer2 EtherSwitch ***
 no ip address
 shutdown
!
interface FastEthernet0/1
 description *** Unused for Layer2 EtherSwitch ***
 no ip address
 shutdown
!
interface FastEthernet1/0
 no shutdown
 duplex full
 speed 100
!
interface FastEthernet1/1
 no shutdown
 duplex full
 speed 100
!
interface FastEthernet1/2
 no shutdown
 duplex full
 speed 100
!
interface FastEthernet1/3
 no shutdown
 duplex full
 speed 100
!
interface FastEthernet1/4
 no shutdown
 duplex full
 speed 100
!
interface FastEthernet1/5
 no shutdown
 duplex full
 speed 100
!
interface FastEthernet1/6
 no shutdown
 duplex full
 speed 100
!
interface FastEthernet1/7
 no shutdown
 duplex full
 speed 100
!
interface FastEthernet1/8
 no shutdown
 duplex full
 speed 100
!
interface FastEthernet1/9
 no shutdown
 duplex full
 speed 100
!
interface FastEthernet1/10
 no shutdown
 duplex full
 speed 100
!
interface FastEthernet1/11
 no shutdown
 duplex full
 speed 100
!
interface FastEthernet1/12
 no shutdown
 duplex full
 speed 100
!
interface FastEthernet1/13
 no shutdown
 duplex full
 speed 100
!
interface FastEthernet1/14
 no shutdown
 duplex full
 speed 100
!
interface FastEthernet1/15
 no shutdown
 duplex full
 speed 100
!
interface Vlan1
 no ip address
 shutdown
!
!
line con 0
 exec-timeout 0 0
 logging synchronous
 privilege level 15
 no login
line aux 0
 exec-timeout 0 0
 logging synchronous
 privilege level 15
 no login
!
!

DSW21 Initical Configuration(Click)

!
!
!
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
no service dhcp
!
hostname DSW21
!
ip cef
no ip routing
no ip domain-lookup
no ip icmp rate-limit unreachable
ip tcp synwait 5
no cdp log mismatch duplex
vtp file nvram:vlan.dat
!
!
interface FastEthernet0/0
 description *** Unused for Layer2 EtherSwitch ***
 no ip address
 shutdown
!
interface FastEthernet0/1
 description *** Unused for Layer2 EtherSwitch ***
 no ip address
 shutdown
!
interface FastEthernet1/0
 no shutdown
 duplex full
 speed 100
!
interface FastEthernet1/1
 no shutdown
 duplex full
 speed 100
!
interface FastEthernet1/2
 no shutdown
 duplex full
 speed 100
!
interface FastEthernet1/3
 no shutdown
 duplex full
 speed 100
!
interface FastEthernet1/4
 no shutdown
 duplex full
 speed 100
!
interface FastEthernet1/5
 no shutdown
 duplex full
 speed 100
!
interface FastEthernet1/6
 no shutdown
 duplex full
 speed 100
!
interface FastEthernet1/7
 no shutdown
 duplex full
 speed 100
!
interface FastEthernet1/8
 no shutdown
 duplex full
 speed 100
!
interface FastEthernet1/9
 no shutdown
 duplex full
 speed 100
!
interface FastEthernet1/10
 no shutdown
 duplex full
 speed 100
!
interface FastEthernet1/11
 no shutdown
 duplex full
 speed 100
!
interface FastEthernet1/12
 no shutdown
 duplex full
 speed 100
!
interface FastEthernet1/13
 no shutdown
 duplex full
 speed 100
!
interface FastEthernet1/14
 no shutdown
 duplex full
 speed 100
!
interface FastEthernet1/15
 no shutdown
 duplex full
 speed 100
!
interface Vlan1
 no ip address
 shutdown
!
!
line con 0
 exec-timeout 0 0
 logging synchronous
 privilege level 15
 no login
line aux 0
 exec-timeout 0 0
 logging synchronous
 privilege level 15
 no login
!
!

DSW120 Initical Configuration(Click)

!
!
!
!
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
no service dhcp
!
hostname DSW120
!
ip cef
no ip routing
no ip domain-lookup
no ip icmp rate-limit unreachable
ip tcp synwait 5
no cdp log mismatch duplex
vtp file nvram:vlan.dat
!
!
interface FastEthernet0/0
 description *** Unused for Layer2 EtherSwitch ***
 no ip address
 shutdown
!
interface FastEthernet0/1
 description *** Unused for Layer2 EtherSwitch ***
 no ip address
 shutdown
!
interface FastEthernet1/0
 no shutdown
 duplex full
 speed 100
!
interface FastEthernet1/1
 no shutdown
 duplex full
 speed 100
!
interface FastEthernet1/2
 no shutdown
 duplex full
 speed 100
!
interface FastEthernet1/3
 no shutdown
 duplex full
 speed 100
!
interface FastEthernet1/4
 no shutdown
 duplex full
 speed 100
!
interface FastEthernet1/5
 no shutdown
 duplex full
 speed 100
!
interface FastEthernet1/6
 no shutdown
 duplex full
 speed 100
!
interface FastEthernet1/7
 no shutdown
 duplex full
 speed 100
!
interface FastEthernet1/8
 no shutdown
 duplex full
 speed 100
!
interface FastEthernet1/9
 no shutdown
 duplex full
 speed 100
!
interface FastEthernet1/10
 no shutdown
 duplex full
 speed 100
!
interface FastEthernet1/11
 no shutdown
 duplex full
 speed 100
!
interface FastEthernet1/12
 no shutdown
 duplex full
 speed 100
!
interface FastEthernet1/13
 no shutdown
 duplex full
 speed 100
!
interface FastEthernet1/14
 no shutdown
 duplex full
 speed 100
!
interface FastEthernet1/15
 no shutdown
 duplex full
 speed 100
!
interface Vlan1
 no ip address
 shutdown
!
!
line con 0
 exec-timeout 0 0
 logging synchronous
 privilege level 15
 no login
line aux 0
 exec-timeout 0 0
 logging synchronous
 privilege level 15
 no login
!
!

INET1 Initical Configuration(Click)

!
!
!
!
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname INET1
!
ip cef
no ip domain-lookup
no ip icmp rate-limit unreachable
ip tcp synwait 5
no cdp log mismatch duplex
!
line con 0
 exec-timeout 0 0
 logging synchronous
 privilege level 15
 no login
line aux 0
 exec-timeout 0 0
 logging synchronous
 privilege level 15
 no login
!
!
end

INET2 Initical Configuration(Click)

!
!
!
!
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname INET2
!
ip cef
no ip domain-lookup
no ip icmp rate-limit unreachable
ip tcp synwait 5
no cdp log mismatch duplex
!
line con 0
 exec-timeout 0 0
 logging synchronous
 privilege level 15
 no login
line aux 0
 exec-timeout 0 0
 logging synchronous
 privilege level 15
 no login
!
!
end

INET3 Initical Configuration(Click)

!
!
!
!
!
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname INET3
!
ip cef
no ip domain-lookup
no ip icmp rate-limit unreachable
ip tcp synwait 5
no cdp log mismatch duplex
!
line con 0
 exec-timeout 0 0
 logging synchronous
 privilege level 15
 no login
line aux 0
 exec-timeout 0 0
 logging synchronous
 privilege level 15
 no login
!
!
end

ISP11 Initical Configuration(Click)

!

!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname ISP11
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
memory-size iomem 5
no ip icmp rate-limit unreachable
!
!
ip cef
no ip domain lookup
!
!
ip auth-proxy max-nodata-conns 3
ip admission max-nodata-conns 3
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
ip tcp synwait-time 5
! 
!
!
!
!
interface Loopback0
 ip address 192.168.0.11 255.255.255.255
 ip ospf network point-to-point
!
interface Ethernet0/0
 ip address 1.1.1.2 255.255.255.252
 half-duplex
!
interface Ethernet0/1
 ip address 192.168.15.1 255.255.255.0
 half-duplex
!
interface Ethernet0/2
 no ip address
 shutdown
 half-duplex
!
interface Ethernet0/3
 no ip address
 shutdown
 half-duplex
!
router ospf 1
 router-id 11.11.11.11
 log-adjacency-changes
 network 192.168.0.0 0.0.255.255 area 0
!
no ip http server
no ip http secure-server
!
ip forward-protocol nd
!
!
no cdp log mismatch duplex
!
!
!
control-plane
!
!
!
!
!
!
!
!
!
!
line con 0
 exec-timeout 0 0
 privilege level 15
 logging synchronous
line aux 0
 exec-timeout 0 0
 privilege level 15
 logging synchronous
line vty 0 4
 login
!
!
end

ISP12 Initical Configuration(Click)

!

!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname ISP12
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
memory-size iomem 5
no ip icmp rate-limit unreachable
!
!
ip cef
no ip domain lookup
!
!
ip auth-proxy max-nodata-conns 3
ip admission max-nodata-conns 3
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
ip tcp synwait-time 5
! 
!
!
!
!
interface Loopback0
 ip address 192.168.0.22 255.255.255.255
!
interface Ethernet0/0
 ip address 2.2.2.2 255.255.255.252
 half-duplex
!
interface Ethernet0/1
 ip address 192.168.25.2 255.255.255.0
 half-duplex
!
interface Ethernet0/2
 no ip address
 shutdown
 half-duplex
!
interface Ethernet0/3
 no ip address
 shutdown
 half-duplex
!
router ospf 1
 router-id 12.12.12.12
 log-adjacency-changes
 network 192.168.0.0 0.0.255.255 area 0
!
no ip http server
no ip http secure-server
!
ip forward-protocol nd
!
!
no cdp log mismatch duplex
!
!
!
control-plane
!
!
!
!
!
!
!
!
!
!
line con 0
 exec-timeout 0 0
 privilege level 15
 logging synchronous
line aux 0
 exec-timeout 0 0
 privilege level 15
 logging synchronous
line vty 0 4
 login
!
!
end

ISP13 Initical Configuration(Click)

!

!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname ISP13
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
memory-size iomem 5
no ip icmp rate-limit unreachable
!
!
ip cef
no ip domain lookup
!
!
ip auth-proxy max-nodata-conns 3
ip admission max-nodata-conns 3
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
ip tcp synwait-time 5
! 
!
!
!
!
interface Loopback0
 ip address 192.168.0.13 255.255.255.255
 ip ospf network point-to-point
!
interface Ethernet0/0
 ip address 12.12.12.1 255.255.255.252
 half-duplex
!
interface Ethernet0/1
 ip address 192.168.35.3 255.255.255.0
 half-duplex
!
interface Ethernet0/2
 no ip address
 shutdown
 half-duplex
!
interface Ethernet0/3
 no ip address
 shutdown
 half-duplex
!
router ospf 1
 router-id 13.13.13.13
 log-adjacency-changes
 network 192.168.0.0 0.0.255.255 area 0
!
no ip http server
no ip http secure-server
!
ip forward-protocol nd
!
!
no cdp log mismatch duplex
!
!
!
control-plane
!
!
!
!
!
!
!
!
!
!
line con 0
 exec-timeout 0 0
 privilege level 15
 logging synchronous
line aux 0
 exec-timeout 0 0
 privilege level 15
 logging synchronous
line vty 0 4
 login
!
!
end

ISP14 Initical Configuration(Click)

!

!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname ISP14
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
memory-size iomem 5
no ip icmp rate-limit unreachable
!
!
ip cef
no ip domain lookup
!
!
ip auth-proxy max-nodata-conns 3
ip admission max-nodata-conns 3
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
ip tcp synwait-time 5
! 
!
!
!
!
interface Loopback0
 ip address 192.168.0.14 255.255.255.255
!
interface Ethernet0/0
 ip address 12.12.12.5 255.255.255.252
 half-duplex
!
interface Ethernet0/1
 ip address 192.168.45.4 255.255.255.0
 half-duplex
!
interface Ethernet0/2
 no ip address
 shutdown
 half-duplex
!
interface Ethernet0/3
 no ip address
 shutdown
 half-duplex
!
router ospf 1
 router-id 14.14.14.14
 log-adjacency-changes
 network 192.168.0.0 0.0.255.255 area 0
!
no ip http server
no ip http secure-server
!
ip forward-protocol nd
!
!
no cdp log mismatch duplex
!
!
!
control-plane
!
!
!
!
!
!
!
!
!
!
line con 0
 exec-timeout 0 0
 privilege level 15
 logging synchronous
line aux 0
 exec-timeout 0 0
 privilege level 15
 logging synchronous
line vty 0 4
 login
!
!
end

ISP15 Initical Configuration(Click)

!

!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname ISP15
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
memory-size iomem 5
no ip icmp rate-limit unreachable
!
!
ip cef
no ip domain lookup
!
!
ip auth-proxy max-nodata-conns 3
ip admission max-nodata-conns 3
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
ip tcp synwait-time 5
! 
!
!
!
!
interface Loopback0
 ip address 192.168.0.15 255.255.255.255
!
interface Loopback1
 ip address 100.1.2.15 255.255.255.0 secondary
 ip address 100.1.1.15 255.255.255.0
 ip ospf network point-to-point
!
interface Ethernet0/0
 ip address 192.168.15.5 255.255.255.0
 half-duplex
!
interface Ethernet0/1
 ip address 192.168.25.5 255.255.255.0
 half-duplex
!
interface Ethernet0/2
 ip address 192.168.35.5 255.255.255.0
 half-duplex
!
interface Ethernet0/3
 ip address 192.168.45.5 255.255.255.0
 half-duplex
!
router ospf 1
 router-id 15.15.15.15
 log-adjacency-changes
 network 192.168.0.0 0.0.255.255 area 0
!
no ip http server
no ip http secure-server
!
ip forward-protocol nd
!
!
no cdp log mismatch duplex
!
!
!
control-plane
!
!
!
!
!
!
!
!
!
!
line con 0
 exec-timeout 0 0
 privilege level 15
 logging synchronous
line aux 0
 exec-timeout 0 0
 privilege level 15
 logging synchronous
line vty 0 4
 login
!
!
end

ISP21 Initical Configuration(Click)

!

!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname ISP21
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
memory-size iomem 5
no ip icmp rate-limit unreachable
!
!
ip cef
no ip domain lookup
!
!
ip auth-proxy max-nodata-conns 3
ip admission max-nodata-conns 3
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
ip tcp synwait-time 5
! 
!
!
!
!
interface Loopback0
 ip address 192.168.0.21 255.255.255.255
!
interface Ethernet0/0
 ip address 3.3.3.2 255.255.255.252
 half-duplex
!
interface Ethernet0/1
 ip address 192.168.12.1 255.255.255.0
 half-duplex
!
interface Ethernet0/2
 no ip address
 shutdown
 half-duplex
!
interface Ethernet0/3
 no ip address
 shutdown
 half-duplex
!
router ospf 1
 router-id 21.21.21.21
 log-adjacency-changes
 network 192.168.0.0 0.0.255.255 area 0
!
no ip http server
no ip http secure-server
!
ip forward-protocol nd
!
!
no cdp log mismatch duplex
!
!
!
control-plane
!
!
!
!
!
!
!
!
!
!
line con 0
 exec-timeout 0 0
 privilege level 15
 logging synchronous
line aux 0
 exec-timeout 0 0
 privilege level 15
 logging synchronous
line vty 0 4
 login
!
!
end

ISP22 Initical Configuration(Click)

!

!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname ISP22
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
memory-size iomem 5
no ip icmp rate-limit unreachable
!
!
ip cef
no ip domain lookup
!
!
ip auth-proxy max-nodata-conns 3
ip admission max-nodata-conns 3
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
ip tcp synwait-time 5
! 
!
!
!
!
interface Loopback0
 ip address 192.168.0.22 255.255.255.255
!
interface Ethernet0/0
 ip address 12.12.12.2 255.255.255.252
 half-duplex
!
interface Ethernet0/1
 ip address 12.12.12.6 255.255.255.252
 half-duplex
!
interface Ethernet0/2
 ip address 192.168.12.2 255.255.255.0
 half-duplex
!
interface Ethernet0/3
 no ip address
 shutdown
 half-duplex
!
router ospf 1
 router-id 22.22.22.22
 log-adjacency-changes
 network 192.168.0.0 0.0.255.255 area 0
!
no ip http server
no ip http secure-server
!
ip forward-protocol nd
!
!
no cdp log mismatch duplex
!
!
!
control-plane
!
!
!
!
!
!
!
!
!
!
line con 0
 exec-timeout 0 0
 privilege level 15
 logging synchronous
line aux 0
 exec-timeout 0 0
 privilege level 15
 logging synchronous
line vty 0 4
 login
!
!
end

PC11 Initical Configuration(Click)

# This the configuration for PC11

#

# Uncomment the following line to enable DHCP

# dhcp

# or the line below to manually setup an IP address and subnet mask

# ip 192.168.1.1 255.0.0.0

#



set pcname PC11
set ip 10.1.11.11 255.255.255.0 10.1.11.251

PC12 Initical Configuration(Click)

# This the configuration for PC12

#

# Uncomment the following line to enable DHCP

# dhcp

# or the line below to manually setup an IP address and subnet mask

# ip 192.168.1.1 255.0.0.0

#



set pcname PC12
set ip 10.1.12.12 255.255.255.0 10.1.12.251

PC21 Initical Configuration(Click)

# This the configuration for PC21

#

# Uncomment the following line to enable DHCP

# dhcp

# or the line below to manually setup an IP address and subnet mask

# ip 192.168.1.1 255.0.0.0

#



set pcname PC21
set ip 10.1.21.21 255.255.255.0 10.1.21.251

PC120 Initical Configuration(Click)

# This the configuration for PC120

#

# Uncomment the following line to enable DHCP

# dhcp

# or the line below to manually setup an IP address and subnet mask

# ip 192.168.1.1 255.0.0.0

#



set pcname PC120

PC130 Initical Configuration(Click)

# This the configuration for PC130




#




# Uncomment the following line to enable DHCP




# dhcp




# or the line below to manually setup an IP address and subnet mask




# ip 192.168.1.1 255.0.0.0




#









set pcname PC130

SFSW Initical Configuration(Click)

!
!
!
!
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
no service dhcp
!
hostname SFSW
!
ip cef
no ip routing
no ip domain-lookup
no ip icmp rate-limit unreachable
ip tcp synwait 5
no cdp log mismatch duplex
vtp file nvram:vlan.dat
!
!
interface FastEthernet0/0
 description *** Unused for Layer2 EtherSwitch ***
 no ip address
 shutdown
!
interface FastEthernet0/1
 description *** Unused for Layer2 EtherSwitch ***
 no ip address
 shutdown
!
interface FastEthernet1/0
 no shutdown
 duplex full
 speed 100
!
interface FastEthernet1/1
 no shutdown
 duplex full
 speed 100
!
interface FastEthernet1/2
 no shutdown
 duplex full
 speed 100
!
interface FastEthernet1/3
 no shutdown
 duplex full
 speed 100
!
interface FastEthernet1/4
 no shutdown
 duplex full
 speed 100
!
interface FastEthernet1/5
 no shutdown
 duplex full
 speed 100
!
interface FastEthernet1/6
 no shutdown
 duplex full
 speed 100
!
interface FastEthernet1/7
 no shutdown
 duplex full
 speed 100
!
interface FastEthernet1/8
 no shutdown
 duplex full
 speed 100
!
interface FastEthernet1/9
 no shutdown
 duplex full
 speed 100
!
interface FastEthernet1/10
 no shutdown
 duplex full
 speed 100
!
interface FastEthernet1/11
 no shutdown
 duplex full
 speed 100
!
interface FastEthernet1/12
 no shutdown
 duplex full
 speed 100
!
interface FastEthernet1/13
 no shutdown
 duplex full
 speed 100
!
interface FastEthernet1/14
 no shutdown
 duplex full
 speed 100
!
interface FastEthernet1/15
 no shutdown
 duplex full
 speed 100
!
interface Vlan1
 no ip address
 shutdown
!
!
line con 0
 exec-timeout 0 0
 logging synchronous
 privilege level 15
 no login
line aux 0
 exec-timeout 0 0
 logging synchronous
 privilege level 15
 no login
!
!

SRV Initical Configuration(Click)

# This the configuration for SRV

#

# Uncomment the following line to enable DHCP

# dhcp

# or the line below to manually setup an IP address and subnet mask

# ip 192.168.1.1 255.0.0.0

#



set pcname SRV
set ip 10.1.100.100 255.255.255.0 10.1.100.251

VPN1 Initical Configuration(Click)

!
!
!
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname VPN1
!
ip cef
no ip domain-lookup
no ip icmp rate-limit unreachable
ip tcp synwait 5
no cdp log mismatch duplex
!
line con 0
 exec-timeout 0 0
 logging synchronous
 privilege level 15
 no login
line aux 0
 exec-timeout 0 0
 logging synchronous
 privilege level 15
 no login
!
!
end

WAN1 Initical Configuration(Click)

!
!
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname WAN1
!
ip cef
no ip domain-lookup
no ip icmp rate-limit unreachable
ip tcp synwait 5
no cdp log mismatch duplex
!
line con 0
 exec-timeout 0 0
 logging synchronous
 privilege level 15
 no login
line aux 0
 exec-timeout 0 0
 logging synchronous
 privilege level 15
 no login
!
!
end

WAN2 Initical Configuration(Click)

!
!
!
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname WAN2
!
ip cef
no ip domain-lookup
no ip icmp rate-limit unreachable
ip tcp synwait 5
no cdp log mismatch duplex
!
line con 0
 exec-timeout 0 0
 logging synchronous
 privilege level 15
 no login
line aux 0
 exec-timeout 0 0
 logging synchronous
 privilege level 15
 no login
!
!
end

Part1:拠点1の構築

要件

  1. ビル1およびビル2でPCを収容するVLANを設定して、適切なアクセスポートの設定を行います。また、サーバファームのSRVを収容するVLANを設定して、適切なアクセスポートの設定を行います。
  2. PC/SRVが接続されるポートは、Portfastを有効にして、すぐにフォワーディング状態になるようにします。
  3. 論理構成図に基づいて、必要な機器にIPアドレス/サブネットマスクを設定します。
機器インタフェースIPアドレス
DSW11Vlan1110.1.11.251/24
 Vlan1210.1.12.251/24
 F1/110.1.0.2/30
DSW12Vlan1110.1.11.252/24
 Vlan1210.1.12.252/24
 F1/110.1.0.6/30
DSW21Vlan2110.1.21.251/24
 F1/110.1.0.10/30
BBSW1F1/110.1.0.1/30
 F1/210.1.0.5/30
 F1/410.1.0.9/30
 Vlan10010.1.100.251/24
 F1/1110.1.0.13/30
 F1/1210.1.0.17/30
 F1/1310.1.0.21/30
WAN1E0/110.1.0.14/30
INET1E0/110.1.0.18/30
VPN1E0/110.1.0.22/30
表 IPアドレス
  • 拠点1内のルーティングができるようにOSPFを有効化します。OSPFエリアはエリア1とします。ルータIDは、以下のように設定します。
機器ルータID
DSW1111.11.11.11
DSW1212.12.12.12
DSW2121.21.21.21
BBSW100.100.100.100
WAN1111.111.111.111
INET1112.112.112.112
VPN1113.113.113.113
表 OSPFルータID
  • VLAN11/VLAN12でHSRPによってデフォルトゲートウェイの冗長化を行います。VLAN11はDSW11をアクティブルータとします。VLAN12はDSW12をアクティブルータとします。それぞれF1/1がダウンすると、アクティブルータを切り替えるように設定します。

VLANとアクセスポートの設定

ASW11とASW21で必要なVLANを作成して、アクセスポートを割り当てます。また、ASW11/ASW21で作成したVLANを相互接続するために、DSW11/DSW12/DSW21でもVLANを作成する必要があります。ただし、DSW11/DSW12/DSW21にはアクセスポートの割り当ては不要です。

また、SFSWでサーバを収容するためのVLANを作成して、アクセスポートを割り当てます。BBSW1でもサーバを収容するためのVLANが必要です。

機器作成するVLANアクセスポート
ASW11VLAN11Fa1/1
 VLAN12Fa1/2
DSW11VLAN11
 VLAN12
DSW12VLAN11
 VLAN12
ASW21VLAN21Fa1/1
DSW21VLAN21
SFSWVLAN100Fa1/1、Fa1/8
BBSW1VLAN100Fa1/3
表 VLANとアクセスポート

ASW11 VLAN/アクセスポートの設定

vlan 11,12
!
interface FastEthernet 1/1
 switchport mode access 
 switchport access vlan 11
!
interface FastEthernet 1/2
 switchport mode access 
 switchport access vlan 12

DSW11/DSW12 VLAN/アクセスポートの設定

vlan 11,12

ASW21 VLAN/アクセスポートの設定

vlan 21
!
interface FastEthernet 1/1
 switchport mode access 
 switchport access vlan 21

DSW21 VLAN/アクセスポートの設定

vlan 21

SFSW VLAN/アクセスポートの設定

vlan 100
!
interface FastEthernet1/1
 switchport mode access
 switchport access vlan 100
!
interface FastEthernet1/8
 switchport mode access
 switchport access vlan 100

BBSW1 VLAN/アクセスポートの設定

vlan 100
!
interface FastEthernet1/3
 switchport mode access
 switchport access vlan 100

VLANの作成とアクセスポートの割り当てを確認するためには、show vlan-switch briefコマンドを利用します。

この演習のスイッチは、ルータにイーサネットスイッチモジュールを搭載しています。Catalystスイッチでは、show vlan briefコマンドです。

ASW11でのshow vlan-switch briefは以下のような表示です。

ASW11 show vlan-switch brief

ASW11#show vlan-switch brief

VLAN Name                             Status    Ports
---- -------------------------------- --------- -------------------------------
1    default                          active    Fa1/0, Fa1/3, Fa1/4, Fa1/5
                                                Fa1/6, Fa1/7, Fa1/8, Fa1/9
                                                Fa1/10, Fa1/11, Fa1/12, Fa1/13
                                                Fa1/14, Fa1/15
11   VLAN0011                         active    Fa1/1
12   VLAN0012                         active    Fa1/2
1002 fddi-default                     act/unsup
1003 token-ring-default               act/unsup
1004 fddinet-default                  act/unsup
1005 trnet-default                    act/unsup
図 ASW11 VLANとアクセスポートの設定
図 ASW11 VLANとアクセスポートの設定

トランクポートの設定

ASW11-DSW11間、ASW11-DSW12間、ASW21-DSW21間を、複数のVLANのイーサネットフレームを転送するためにトランクポートにします。

ASW11 トランクポートの設定

interface range FastEthernet 1/8 - 9
 switchport mode trunk

DSW11 トランクポートの設定

interface range FastEthernet 1/8
 switchport mode trunk

DSW12 トランクポートの設定

interface range FastEthernet 1/9
 switchport mode trunk

ASW21 トランクポートの設定

interface FastEthernet 1/8
 switchport mode trunk

DSW21 トランクポートの設定

interface FastEthernet 1/8
 switchport mode trunk

show interface trunkコマンドでトランクポートの状態を確認します。ASW11では、次のような表示です。

ASW11 トランクポートの確認 show interfaces trunk

ASW11#show interfaces trunk

Port      Mode         Encapsulation  Status        Native vlan
Fa1/8     on           802.1q         trunking      1
Fa1/9     on           802.1q         trunking      1

Port      Vlans allowed on trunk
Fa1/8     1-4094
Fa1/9     1-4094

Port      Vlans allowed and active in management domain
Fa1/8     1,11-12
Fa1/9     1,11-12

Port      Vlans in spanning tree forwarding state and not pruned
Fa1/8     1,11-12
Fa1/9     1,11-12
図 ASW11-DSW11間のトランクポート
図 ASW11-DSW11間のトランクポート

PortFastの設定

ASW11/ASW21/SFSWでホストが接続されているインタフェースでPortFastを有効にします。PortFastによって、リンクがアップするとすぐにフォワーディング状態に移行させます。

ASW11 PortFast

interface range FastEthernet 1/1 - 2
 spanning-tree portfast

ASW21 PortFast

interface FastEthernet 1/1
 spanning-tree portfast

SFSW PortFast

interface FastEthernet 1/1
 spanning-tree portfast

IPアドレスの設定

DSW11/DSW12/DSW21/BBSW1/WAN1/INET1/VPN1でIPアドレスを設定して、それぞれネットワークを相互接続します。ここでは、拠点1の10.1.0.0/16の範囲のIPアドレスのみの設定をします。

DSW11 IPアドレス設定

ip routing
!
interface vlan 11
 ip address 10.1.11.251 255.255.255.0
 no shutdown
!
interface vlan 12
 ip address 10.1.12.251 255.255.255.0
 no shutdown
!
interface FastEthernet1/1
 no switchport 
 ip address 10.1.0.2 255.255.255.252
図 DSW11 IPアドレス設定
図 DSW11 IPアドレス設定

DSW12 IPアドレス設定

ip routing
!
interface vlan 11
 ip address 10.1.11.252 255.255.255.0
 no shutdown
!
interface vlan 12
 ip address 10.1.12.252 255.255.255.0
 no shutdown
!
interface FastEthernet1/1
 no switchport 
 ip address 10.1.0.6 255.255.255.252

DSW21 IPアドレス設定

ip routing
!
interface vlan 21
 ip address 10.1.21.251 255.255.255.0
 no shutdown
!
interface FastEthernet1/1
 no switchport 
 ip address 10.1.0.10 255.255.255.252

BBSW1 IPアドレス設定

ip routing
!
interface vlan 100
 ip address 10.1.100.251 255.255.255.0
 no shutdown
!
interface FastEthernet1/1
 no switchport 
 ip address 10.1.0.1 255.255.255.252
!
interface FastEthernet1/2
 no switchport 
 ip address 10.1.0.5 255.255.255.252
!
interface FastEthernet1/4
 no switchport 
 ip address 10.1.0.9 255.255.255.252
!
interface FastEthernet1/11
 no switchport 
 ip address 10.1.0.13 255.255.255.252
!
interface FastEthernet1/12
 no switchport 
 ip address 10.1.0.17 255.255.255.252
!
interface FastEthernet1/13
 no switchport 
 ip address 10.1.0.21 255.255.255.252

WAN1 IPアドレス設定

interface Ethernet 0/1
 ip address 10.1.0.14 255.255.255.252
 no shutdown

INET1 IPアドレス設定

interface Ethernet 0/1
 ip address 10.1.0.18 255.255.255.252
 no shutdown

VPN1 IPアドレス設定

interface Ethernet 0/1
 ip address 10.1.0.22 255.255.255.252
 no shutdown

IPアドレスの確認は、show ip interface briefコマンドがわかりやすいです。BBSW1では、次のような表示です。

BBSW1 IPアドレス確認 show ip interface brief

BBSW#show ip interface brief | exclude unassigned
Interface                  IP-Address      OK? Method Status                Protocol
FastEthernet1/1            10.1.0.1        YES manual up                    up
FastEthernet1/2            10.1.0.5        YES manual up                    up
FastEthernet1/4            10.1.0.9        YES manual up                    up
FastEthernet1/11           10.1.0.13       YES manual up                    up
FastEthernet1/12           10.1.0.17       YES manual up                    up
FastEthernet1/13           10.1.0.21       YES manual up                    up
Vlan100                    10.1.100.251    YES manual up                    up

また、ルーティングテーブルにDirectly connectedのルート情報が正しく登録されていることを確認します。

BBSW1 show ip route

BBSW#show ip route
-- omitted --

Gateway of last resort is not set

     10.0.0.0/8 is variably subnetted, 7 subnets, 2 masks
C       10.1.0.8/30 is directly connected, FastEthernet1/4
C       10.1.0.12/30 is directly connected, FastEthernet1/11
C       10.1.0.0/30 is directly connected, FastEthernet1/1
C       10.1.0.4/30 is directly connected, FastEthernet1/2
C       10.1.0.16/30 is directly connected, FastEthernet1/12
C       10.1.0.20/30 is directly connected, FastEthernet1/13
C       10.1.100.0/24 is directly connected, Vlan100

OSPFの設定

DSW11/DSW12/DSW21/BBSW1/WAN1/INET1/VPN1でOSPFを有効化して、ルーティングテーブルを作成します。拠点1の10.1.0.0/16の範囲のインタフェースでOSPFを有効にしてエリア1とします。

DSW11 OSPFの設定

router ospf 1
 router-id 11.11.11.11
 network 10.1.0.0 0.0.255.255 area 1

DSW12 OSPFの設定

router ospf 1
 router-id 12.12.12.12
 network 10.1.0.0 0.0.255.255 area 1

DSW21 OSPFの設定

router ospf 1
 router-id 21.21.21.21
 network 10.1.0.0 0.0.255.255 area 1

BBSW1 OSPFの設定

router ospf 1
 router-id 100.100.100.100
 network 10.1.0.0 0.0.255.255 area 1

WAN1 OSPFの設定

router ospf 1
 router-id 111.111.111.111
 network 10.1.0.0 0.0.255.255 area 1

INET1 OSPFの設定

router ospf 1
 router-id 112.112.112.112
 network 10.1.0.0 0.0.255.255 area 1

VPN1 OSPFの設定

router ospf 1
 router-id 113.113.113.113
 network 10.1.0.0 0.0.255.255 area 1

OSPFの確認は、以下のコマンドを利用します。

コマンド概要
#show ip ospf interface [brief]OSPFが有効なインタフェースを確認します。
#show ip ospf neighborOSPFネイバーを確認します。
#show ip route ospfルーティングテーブル上のOSPFルートを確認します。
表 OSPFの確認コマンド

BBSW1では、次のような表示です。

BBSW1 OSPFの確認

BBSW#show ip ospf interface brief
Interface    PID   Area            IP Address/Mask    Cost  State Nbrs F/C
Vl100        1     1               10.1.100.251/24    1     DR    0/0
Fa1/13       1     1               10.1.0.21/30       1     BDR   1/1
Fa1/12       1     1               10.1.0.17/30       1     BDR   1/1
Fa1/11       1     1               10.1.0.13/30       1     BDR   1/1
Fa1/4        1     1               10.1.0.9/30        1     DR    1/1
Fa1/2        1     1               10.1.0.5/30        1     DR    1/1
Fa1/1        1     1               10.1.0.1/30        1     DR    1/1
BBSW#show ip ospf neighbor

Neighbor ID     Pri   State           Dead Time   Address         Interface
113.113.113.113   1   FULL/DR         00:00:34    10.1.0.22       FastEthernet1/13
112.112.112.112   1   FULL/DR         00:00:35    10.1.0.18       FastEthernet1/12
111.111.111.111   1   FULL/DR         00:00:36    10.1.0.14       FastEthernet1/11
21.21.21.21       1   FULL/BDR        00:00:35    10.1.0.10       FastEthernet1/4
12.12.12.12       1   FULL/BDR        00:00:37    10.1.0.6        FastEthernet1/2
11.11.11.11       1   FULL/BDR        00:00:32    10.1.0.2        FastEthernet1/1
BBSW#show ip route ospf
     10.0.0.0/8 is variably subnetted, 10 subnets, 2 masks
O       10.1.11.0/24 [110/2] via 10.1.0.6, 00:01:35, FastEthernet1/2
                     [110/2] via 10.1.0.2, 00:01:35, FastEthernet1/1
O       10.1.12.0/24 [110/2] via 10.1.0.6, 00:01:35, FastEthernet1/2
                     [110/2] via 10.1.0.2, 00:01:35, FastEthernet1/1
O       10.1.21.0/24 [110/2] via 10.1.0.10, 00:01:35, FastEthernet1/4

OSPFのルーティングが正しく設定できていれば、拠点1内の各PCとSRV間の通信も可能です。

PC11 通信確認

PC11> ping 10.1.100.100
84 bytes from 10.1.100.100 icmp_seq=1 ttl=62 time=34.266 ms
84 bytes from 10.1.100.100 icmp_seq=2 ttl=62 time=30.297 ms
84 bytes from 10.1.100.100 icmp_seq=3 ttl=62 time=33.337 ms
84 bytes from 10.1.100.100 icmp_seq=4 ttl=62 time=36.081 ms
84 bytes from 10.1.100.100 icmp_seq=5 ttl=62 time=42.023 ms

PC11> ping 10.1.12.12
84 bytes from 10.1.12.12 icmp_seq=1 ttl=63 time=14.307 ms
84 bytes from 10.1.12.12 icmp_seq=2 ttl=63 time=13.862 ms
84 bytes from 10.1.12.12 icmp_seq=3 ttl=63 time=14.352 ms
84 bytes from 10.1.12.12 icmp_seq=4 ttl=63 time=17.192 ms
84 bytes from 10.1.12.12 icmp_seq=5 ttl=63 time=17.290 ms

PC11> ping 10.1.21.21
84 bytes from 10.1.21.21 icmp_seq=1 ttl=61 time=60.416 ms
84 bytes from 10.1.21.21 icmp_seq=2 ttl=61 time=56.153 ms
84 bytes from 10.1.21.21 icmp_seq=3 ttl=61 time=56.290 ms
84 bytes from 10.1.21.21 icmp_seq=4 ttl=61 time=58.141 ms
84 bytes from 10.1.21.21 icmp_seq=5 ttl=61 time=57.126 ms

HSRPの設定

VLAN11およびVLAN12でHSRPによってデフォルトゲートウェイの冗長化を行います。

インタフェースアクティブスタンバイ仮想IP
VLAN11DSW11(pri 110)DSW12(pri 100)10.1.11.250
VLAN12DSW12(pri 110)DSW11(pri 100)10.1.12.250
表 HSRP

DSW11はFa1/1がダウンするとVLAN11アクティブルータをやめるようにトラッキングの設定を行います。また、DSW12はFa1/1がダウンするとVLAN12のアクティブルータをやめるようにトラッキングの設定を行います。

DSW11 HSRPの設定

interface vlan 11
 standby 11 ip 10.1.11.250
 standby 11 priority 110
 standby 11 preempt
 standby 11 track Fa1/1 20
!
interface vlan 12
 standby 12 ip 10.1.12.250
 standby 12 preempt

DSW12 HSRPの設定

interface vlan 11
 standby 11 ip 10.1.11.250
 standby 11 preempt
!
interface vlan 12
 standby 12 ip 10.1.12.250
 standby 12 priority 110
 standby 12 preempt
 standby 12 track fa 1/1 20

また、PC11/PC12のデフォルトゲートウェイをHSRPの仮想IPアドレスに変更します。

PC11 デフォルトゲートウェイ

ip 10.1.11.11 255.255.255.0 10.1.11.250

PC12 デフォルトゲートウェイ

ip 10.1.12.12 255.255.255.0 10.1.12.250

HSRPの確認はshow standbyコマンドを利用します。DSW11では、次のような表示です。

DSW11 HSRPの確認 show standby

DSW11#show standby
Vlan11 - Group 11
  State is Active
    2 state changes, last state change 00:06:32
  Virtual IP address is 10.1.11.250
  Active virtual MAC address is 0000.0c07.ac0b
    Local virtual MAC address is 0000.0c07.ac0b (v1 default)
  Hello time 3 sec, hold time 10 sec
    Next hello sent in 0.860 secs
  Preemption enabled
  Active router is local
  Standby router is 10.1.11.252, priority 100 (expires in 8.448 sec)
  Priority 110 (configured 110)
    Track interface FastEthernet1/1 state Up decrement 20
  Group name is "hsrp-Vl11-11" (default)
Vlan12 - Group 12
  State is Standby
    4 state changes, last state change 00:05:58
  Virtual IP address is 10.1.12.250
  Active virtual MAC address is 0000.0c07.ac0c
    Local virtual MAC address is 0000.0c07.ac0c (v1 default)
  Hello time 3 sec, hold time 10 sec
    Next hello sent in 1.936 secs
  Preemption enabled
  Active router is 10.1.12.252, priority 110 (expires in 8.076 sec)
  Standby router is local
  Priority 100 (default 100)
  Group name is "hsrp-Vl12-12" (default)

図 VLAN11/VLAN12 HSRP
図 VLAN11/VLAN12 HSRP

Part1 拠点1の構築 完了の設定ファイル

ASW11 Part1 Configuration(Click)

!

!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
no service dhcp
!
hostname ASW11
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
memory-size iomem 5
no ip routing
no ip icmp rate-limit unreachable
no ip cef
!
!
!
!
no ip domain lookup
!
multilink bundle-name authenticated
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
vtp file nvram:vlan.dat
archive
 log config
  hidekeys
! 
!
!
!
ip tcp synwait-time 5
!
!
!
!
interface FastEthernet0/0
 description *** Unused for Layer2 EtherSwitch ***
 no ip address
 no ip route-cache
 shutdown
 duplex auto
 speed auto
!
interface FastEthernet0/1
 description *** Unused for Layer2 EtherSwitch ***
 no ip address
 no ip route-cache
 shutdown
 duplex auto
 speed auto
!
interface FastEthernet1/0
 duplex full
 speed 100
!
interface FastEthernet1/1
 switchport access vlan 11
 duplex full
 speed 100
 spanning-tree portfast
!
interface FastEthernet1/2
 switchport access vlan 12
 duplex full
 speed 100
 spanning-tree portfast
!
interface FastEthernet1/3
 duplex full
 speed 100
!
interface FastEthernet1/4
 duplex full
 speed 100
!
interface FastEthernet1/5
 duplex full
 speed 100
!
interface FastEthernet1/6
 duplex full
 speed 100
!
interface FastEthernet1/7
 duplex full
 speed 100
!
interface FastEthernet1/8
 switchport mode trunk
 duplex full
 speed 100
!
interface FastEthernet1/9
 switchport mode trunk
 duplex full
 speed 100
!
interface FastEthernet1/10
 duplex full
 speed 100
!
interface FastEthernet1/11
 duplex full
 speed 100
!
interface FastEthernet1/12
 duplex full
 speed 100
!
interface FastEthernet1/13
 duplex full
 speed 100
!
interface FastEthernet1/14
 duplex full
 speed 100
!
interface FastEthernet1/15
 duplex full
 speed 100
!
interface Vlan1
 no ip address
 no ip route-cache
 shutdown
!
ip forward-protocol nd
!
!
no ip http server
no ip http secure-server
!
no cdp log mismatch duplex
!
!
!
!
!
!
control-plane
!
!
!
!
!
!
!
!
!
!
line con 0
 exec-timeout 0 0
 privilege level 15
 logging synchronous
line aux 0
 exec-timeout 0 0
 privilege level 15
 logging synchronous
line vty 0 4
 login
!
!
end

ASW21 Part1 Configuration(Click)

!

!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
no service dhcp
!
hostname ASW21
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
memory-size iomem 5
no ip routing
no ip icmp rate-limit unreachable
no ip cef
!
!
!
!
no ip domain lookup
!
multilink bundle-name authenticated
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
vtp file nvram:vlan.dat
archive
 log config
  hidekeys
! 
!
!
!
ip tcp synwait-time 5
!
!
!
!
interface FastEthernet0/0
 description *** Unused for Layer2 EtherSwitch ***
 no ip address
 no ip route-cache
 shutdown
 duplex auto
 speed auto
!
interface FastEthernet0/1
 description *** Unused for Layer2 EtherSwitch ***
 no ip address
 no ip route-cache
 shutdown
 duplex auto
 speed auto
!
interface FastEthernet1/0
 duplex full
 speed 100
!
interface FastEthernet1/1
 switchport access vlan 21
 duplex full
 speed 100
 spanning-tree portfast
!
interface FastEthernet1/2
 duplex full
 speed 100
!
interface FastEthernet1/3
 duplex full
 speed 100
!
interface FastEthernet1/4
 duplex full
 speed 100
!
interface FastEthernet1/5
 duplex full
 speed 100
!
interface FastEthernet1/6
 duplex full
 speed 100
!
interface FastEthernet1/7
 duplex full
 speed 100
!
interface FastEthernet1/8
 switchport mode trunk
 duplex full
 speed 100
!
interface FastEthernet1/9
 duplex full
 speed 100
!
interface FastEthernet1/10
 duplex full
 speed 100
!
interface FastEthernet1/11
 duplex full
 speed 100
!
interface FastEthernet1/12
 duplex full
 speed 100
!
interface FastEthernet1/13
 duplex full
 speed 100
!
interface FastEthernet1/14
 duplex full
 speed 100
!
interface FastEthernet1/15
 duplex full
 speed 100
!
interface Vlan1
 no ip address
 no ip route-cache
 shutdown
!
ip forward-protocol nd
!
!
no ip http server
no ip http secure-server
!
no cdp log mismatch duplex
!
!
!
!
!
!
control-plane
!
!
!
!
!
!
!
!
!
!
line con 0
 exec-timeout 0 0
 privilege level 15
 logging synchronous
line aux 0
 exec-timeout 0 0
 privilege level 15
 logging synchronous
line vty 0 4
 login
!
!
end

BBSW1 Part1 Configuration(Click)

!

!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
no service dhcp
!
hostname BBSW
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
memory-size iomem 5
no ip icmp rate-limit unreachable
ip cef
!
!
!
!
no ip domain lookup
!
multilink bundle-name authenticated
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
vtp file nvram:vlan.dat
archive
 log config
  hidekeys
! 
!
!
vlan internal allocation policy ascending
!
ip tcp synwait-time 5
!
!
!
!
interface FastEthernet0/0
 description *** Unused for Layer2 EtherSwitch ***
 no ip address
 shutdown
 duplex auto
 speed auto
!
interface FastEthernet0/1
 description *** Unused for Layer2 EtherSwitch ***
 no ip address
 shutdown
 duplex auto
 speed auto
!
interface FastEthernet1/0
 duplex full
 speed 100
!
interface FastEthernet1/1
 no switchport
 ip address 10.1.0.1 255.255.255.252
 duplex full
 speed 100
!
interface FastEthernet1/2
 no switchport
 ip address 10.1.0.5 255.255.255.252
 duplex full
 speed 100
!
interface FastEthernet1/3
 switchport access vlan 100
 duplex full
 speed 100
!
interface FastEthernet1/4
 no switchport
 ip address 10.1.0.9 255.255.255.252
 duplex full
 speed 100
!
interface FastEthernet1/5
 duplex full
 speed 100
!
interface FastEthernet1/6
 duplex full
 speed 100
!
interface FastEthernet1/7
 duplex full
 speed 100
!
interface FastEthernet1/8
 duplex full
 speed 100
!
interface FastEthernet1/9
 duplex full
 speed 100
!
interface FastEthernet1/10
 duplex full
 speed 100
!
interface FastEthernet1/11
 no switchport
 ip address 10.1.0.13 255.255.255.252
 duplex full
 speed 100
!
interface FastEthernet1/12
 no switchport
 ip address 10.1.0.17 255.255.255.252
 duplex full
 speed 100
!
interface FastEthernet1/13
 no switchport
 ip address 10.1.0.21 255.255.255.252
 duplex full
 speed 100
!
interface FastEthernet1/14
 duplex full
 speed 100
!
interface FastEthernet1/15
 duplex full
 speed 100
!
interface Vlan1
 no ip address
 shutdown
!
interface Vlan100
 ip address 10.1.100.251 255.255.255.0
!
router ospf 1
 router-id 100.100.100.100
 log-adjacency-changes
 network 10.1.0.0 0.0.255.255 area 1
!
ip forward-protocol nd
!
!
no ip http server
no ip http secure-server
!
no cdp log mismatch duplex
!
!
!
!
!
!
control-plane
!
!
!
!
!
!
!
!
!
!
line con 0
 exec-timeout 0 0
 privilege level 15
 logging synchronous
line aux 0
 exec-timeout 0 0
 privilege level 15
 logging synchronous
line vty 0 4
 login
!
!
end

DSW11 Part1 Configuration(Click)

!

!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
no service dhcp
!
hostname DSW11
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
memory-size iomem 5
no ip icmp rate-limit unreachable
ip cef
!
!
!
!
no ip domain lookup
!
multilink bundle-name authenticated
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
vtp file nvram:vlan.dat
archive
 log config
  hidekeys
! 
!
!
vlan internal allocation policy ascending
!
ip tcp synwait-time 5
!
!
!
!
!
interface Port-channel1
!
interface FastEthernet0/0
 description *** Unused for Layer2 EtherSwitch ***
 no ip address
 shutdown
 duplex auto
 speed auto
!
interface FastEthernet0/1
 description *** Unused for Layer2 EtherSwitch ***
 no ip address
 shutdown
 duplex auto
 speed auto
!
interface FastEthernet1/0
 duplex full
 speed 100
!
interface FastEthernet1/1
 no switchport
 ip address 10.1.0.2 255.255.255.252
 duplex full
 speed 100
!
interface FastEthernet1/2
 duplex full
 speed 100
!
interface FastEthernet1/3
 duplex full
 speed 100
!
interface FastEthernet1/4
 duplex full
 speed 100
!
interface FastEthernet1/5
 duplex full
 speed 100
!
interface FastEthernet1/6
 duplex full
 speed 100
!
interface FastEthernet1/7
 duplex full
 speed 100
!
interface FastEthernet1/8
 switchport mode trunk
 duplex full
 speed 100
!
interface FastEthernet1/9
 duplex full
 speed 100
!
interface FastEthernet1/10
 duplex full
 speed 100
!
interface FastEthernet1/11
 duplex full
 speed 100
!
interface FastEthernet1/12
 duplex full
 speed 100
!
interface FastEthernet1/13
 duplex full
 speed 100
!
interface FastEthernet1/14
 duplex full
 speed 100
!
interface FastEthernet1/15
 duplex full
 speed 100
!
interface Vlan1
 no ip address
 shutdown
!
interface Vlan11
 ip address 10.1.11.251 255.255.255.0
 standby 11 ip 10.1.11.250
 standby 11 priority 110
 standby 11 preempt
 standby 11 track FastEthernet1/1 20
!
interface Vlan12
 ip address 10.1.12.251 255.255.255.0
 standby 12 ip 10.1.12.250
 standby 12 preempt
!
router ospf 1
 router-id 11.11.11.11
 log-adjacency-changes
 network 10.1.0.0 0.0.255.255 area 1
!
ip forward-protocol nd
!
!
no ip http server
no ip http secure-server
!
no cdp log mismatch duplex
!
!
!
!
!
!
control-plane
!
!
!
!
!
!
!
!
!
!
line con 0
 exec-timeout 0 0
 privilege level 15
 logging synchronous
line aux 0
 exec-timeout 0 0
 privilege level 15
 logging synchronous
line vty 0 4
 login
!
!
end

DSW12 Part1 Configuration(Click)

!

!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
no service dhcp
!
hostname DSW12
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
memory-size iomem 5
no ip icmp rate-limit unreachable
ip cef
!
!
!
!
no ip domain lookup
!
multilink bundle-name authenticated
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
vtp file nvram:vlan.dat
archive
 log config
  hidekeys
! 
!
!
vlan internal allocation policy ascending
!
ip tcp synwait-time 5
!
!
!
!
!
interface FastEthernet0/0
 description *** Unused for Layer2 EtherSwitch ***
 no ip address
 shutdown
 duplex auto
 speed auto
!
interface FastEthernet0/1
 description *** Unused for Layer2 EtherSwitch ***
 no ip address
 shutdown
 duplex auto
 speed auto
!
interface FastEthernet1/0
 duplex full
 speed 100
!
interface FastEthernet1/1
 no switchport
 ip address 10.1.0.6 255.255.255.252
 duplex full
 speed 100
!
interface FastEthernet1/2
 duplex full
 speed 100
!
interface FastEthernet1/3
 duplex full
 speed 100
!
interface FastEthernet1/4
 duplex full
 speed 100
!
interface FastEthernet1/5
 duplex full
 speed 100
!
interface FastEthernet1/6
 duplex full
 speed 100
!
interface FastEthernet1/7
 duplex full
 speed 100
!
interface FastEthernet1/8
 duplex full
 speed 100
!
interface FastEthernet1/9
 switchport mode trunk
 duplex full
 speed 100
!
interface FastEthernet1/10
 duplex full
 speed 100
!
interface FastEthernet1/11
 duplex full
 speed 100
!
interface FastEthernet1/12
 duplex full
 speed 100
!
interface FastEthernet1/13
 duplex full
 speed 100
!
interface FastEthernet1/14
 duplex full
 speed 100
!
interface FastEthernet1/15
 duplex full
 speed 100
!
interface Vlan1
 no ip address
 shutdown
!
interface Vlan11
 ip address 10.1.11.252 255.255.255.0
 standby 11 ip 10.1.11.250
 standby 11 preempt
!
interface Vlan12
 ip address 10.1.12.252 255.255.255.0
 standby 12 ip 10.1.12.250
 standby 12 priority 110
 standby 12 preempt
 standby 12 track FastEthernet1/1 20
!
router ospf 1
 router-id 12.12.12.12
 log-adjacency-changes
 network 10.1.0.0 0.0.255.255 area 1
!
ip forward-protocol nd
!
!
no ip http server
no ip http secure-server
!
no cdp log mismatch duplex
!
!
!
!
!
!
control-plane
!
!
!
!
!
!
!
!
!
!
line con 0
 exec-timeout 0 0
 privilege level 15
 logging synchronous
line aux 0
 exec-timeout 0 0
 privilege level 15
 logging synchronous
line vty 0 4
 login
!
!
end

DSW21 Part1 Configuration(Click)

!

!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
no service dhcp
!
hostname DSW21
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
memory-size iomem 5
no ip icmp rate-limit unreachable
ip cef
!
!
!
!
no ip domain lookup
!
multilink bundle-name authenticated
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
vtp file nvram:vlan.dat
archive
 log config
  hidekeys
! 
!
!
vlan internal allocation policy ascending
!
ip tcp synwait-time 5
!
!
!
!
interface FastEthernet0/0
 description *** Unused for Layer2 EtherSwitch ***
 no ip address
 shutdown
 duplex auto
 speed auto
!
interface FastEthernet0/1
 description *** Unused for Layer2 EtherSwitch ***
 no ip address
 shutdown
 duplex auto
 speed auto
!
interface FastEthernet1/0
 duplex full
 speed 100
!
interface FastEthernet1/1
 no switchport
 ip address 10.1.0.10 255.255.255.252
 duplex full
 speed 100
!
interface FastEthernet1/2
 duplex full
 speed 100
!
interface FastEthernet1/3
 duplex full
 speed 100
!
interface FastEthernet1/4
 duplex full
 speed 100
!
interface FastEthernet1/5
 duplex full
 speed 100
!
interface FastEthernet1/6
 duplex full
 speed 100
!
interface FastEthernet1/7
 duplex full
 speed 100
!
interface FastEthernet1/8
 switchport mode trunk
 duplex full
 speed 100
!
interface FastEthernet1/9
 duplex full
 speed 100
!
interface FastEthernet1/10
 duplex full
 speed 100
!
interface FastEthernet1/11
 duplex full
 speed 100
!
interface FastEthernet1/12
 duplex full
 speed 100
!
interface FastEthernet1/13
 duplex full
 speed 100
!
interface FastEthernet1/14
 duplex full
 speed 100
!
interface FastEthernet1/15
 duplex full
 speed 100
!
interface Vlan1
 no ip address
 shutdown
!
interface Vlan21
 ip address 10.1.21.251 255.255.255.0
!
router ospf 1
 router-id 21.21.21.21
 log-adjacency-changes
 network 10.1.0.0 0.0.255.255 area 1
!
ip forward-protocol nd
!
!
no ip http server
no ip http secure-server
!
no cdp log mismatch duplex
!
!
!
!
!
!
control-plane
!
!
!
!
!
!
!
!
!
!
line con 0
 exec-timeout 0 0
 privilege level 15
 logging synchronous
line aux 0
 exec-timeout 0 0
 privilege level 15
 logging synchronous
line vty 0 4
 login
!
!
end

DSW120 Part1 Configuration(Click)

!
!
!
!
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
no service dhcp
!
hostname DSW120
!
ip cef
no ip routing
no ip domain-lookup
no ip icmp rate-limit unreachable
ip tcp synwait 5
no cdp log mismatch duplex
vtp file nvram:vlan.dat
!
!
interface FastEthernet0/0
 description *** Unused for Layer2 EtherSwitch ***
 no ip address
 shutdown
!
interface FastEthernet0/1
 description *** Unused for Layer2 EtherSwitch ***
 no ip address
 shutdown
!
interface FastEthernet1/0
 no shutdown
 duplex full
 speed 100
!
interface FastEthernet1/1
 no shutdown
 duplex full
 speed 100
!
interface FastEthernet1/2
 no shutdown
 duplex full
 speed 100
!
interface FastEthernet1/3
 no shutdown
 duplex full
 speed 100
!
interface FastEthernet1/4
 no shutdown
 duplex full
 speed 100
!
interface FastEthernet1/5
 no shutdown
 duplex full
 speed 100
!
interface FastEthernet1/6
 no shutdown
 duplex full
 speed 100
!
interface FastEthernet1/7
 no shutdown
 duplex full
 speed 100
!
interface FastEthernet1/8
 no shutdown
 duplex full
 speed 100
!
interface FastEthernet1/9
 no shutdown
 duplex full
 speed 100
!
interface FastEthernet1/10
 no shutdown
 duplex full
 speed 100
!
interface FastEthernet1/11
 no shutdown
 duplex full
 speed 100
!
interface FastEthernet1/12
 no shutdown
 duplex full
 speed 100
!
interface FastEthernet1/13
 no shutdown
 duplex full
 speed 100
!
interface FastEthernet1/14
 no shutdown
 duplex full
 speed 100
!
interface FastEthernet1/15
 no shutdown
 duplex full
 speed 100
!
interface Vlan1
 no ip address
 shutdown
!
!
line con 0
 exec-timeout 0 0
 logging synchronous
 privilege level 15
 no login
line aux 0
 exec-timeout 0 0
 logging synchronous
 privilege level 15
 no login
!
!

INET1 Part1 Configuration(Click)

!

!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname INET1
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
memory-size iomem 5
no ip icmp rate-limit unreachable
!
!
ip cef
no ip domain lookup
!
!
ip auth-proxy max-nodata-conns 3
ip admission max-nodata-conns 3
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
ip tcp synwait-time 5
! 
!
!
!
!
interface Ethernet0/0
 no ip address
 shutdown
 half-duplex
!
interface Ethernet0/1
 ip address 10.1.0.18 255.255.255.252
 half-duplex
!
interface Ethernet0/2
 no ip address
 shutdown
 half-duplex
!
interface Ethernet0/3
 no ip address
 shutdown
 half-duplex
!
router ospf 1
 router-id 112.112.112.112
 log-adjacency-changes
 network 10.1.0.0 0.0.255.255 area 1
!
no ip http server
no ip http secure-server
!
ip forward-protocol nd
!
!
no cdp log mismatch duplex
!
!
!
control-plane
!
!
!
!
!
!
!
!
!
!
line con 0
 exec-timeout 0 0
 privilege level 15
 logging synchronous
line aux 0
 exec-timeout 0 0
 privilege level 15
 logging synchronous
line vty 0 4
 login
!
!
end

INET2 Part1 Configuration(Click)

!
!
!
!
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname INET2
!
ip cef
no ip domain-lookup
no ip icmp rate-limit unreachable
ip tcp synwait 5
no cdp log mismatch duplex
!
line con 0
 exec-timeout 0 0
 logging synchronous
 privilege level 15
 no login
line aux 0
 exec-timeout 0 0
 logging synchronous
 privilege level 15
 no login
!
!
end

INET3 Part1 Configuration(Click)

!
!
!
!
!
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname INET3
!
ip cef
no ip domain-lookup
no ip icmp rate-limit unreachable
ip tcp synwait 5
no cdp log mismatch duplex
!
line con 0
 exec-timeout 0 0
 logging synchronous
 privilege level 15
 no login
line aux 0
 exec-timeout 0 0
 logging synchronous
 privilege level 15
 no login
!
!
end

ISP11 Part1 Configuration(Click)

!

!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname ISP11
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
memory-size iomem 5
no ip icmp rate-limit unreachable
!
!
ip cef
no ip domain lookup
!
!
ip auth-proxy max-nodata-conns 3
ip admission max-nodata-conns 3
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
ip tcp synwait-time 5
! 
!
!
!
!
interface Loopback0
 ip address 192.168.0.11 255.255.255.255
 ip ospf network point-to-point
!
interface Ethernet0/0
 ip address 1.1.1.2 255.255.255.252
 half-duplex
!
interface Ethernet0/1
 ip address 192.168.15.1 255.255.255.0
 half-duplex
!
interface Ethernet0/2
 no ip address
 shutdown
 half-duplex
!
interface Ethernet0/3
 no ip address
 shutdown
 half-duplex
!
router ospf 1
 router-id 11.11.11.11
 log-adjacency-changes
 network 192.168.0.0 0.0.255.255 area 0
!
no ip http server
no ip http secure-server
!
ip forward-protocol nd
!
!
no cdp log mismatch duplex
!
!
!
control-plane
!
!
!
!
!
!
!
!
!
!
line con 0
 exec-timeout 0 0
 privilege level 15
 logging synchronous
line aux 0
 exec-timeout 0 0
 privilege level 15
 logging synchronous
line vty 0 4
 login
!
!
end

ISP12 Part1 Configuration(Click)

!

!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
no service dhcp
!
hostname BBSW
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
memory-size iomem 5
no ip icmp rate-limit unreachable
ip cef
!
!
!
!
no ip domain lookup
!
multilink bundle-name authenticated
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
vtp file nvram:vlan.dat
archive
 log config
  hidekeys
! 
!
!
vlan internal allocation policy ascending
!
ip tcp synwait-time 5
!
!
!
!
interface FastEthernet0/0
 description *** Unused for Layer2 EtherSwitch ***
 no ip address
 shutdown
 duplex auto
 speed auto
!
interface FastEthernet0/1
 description *** Unused for Layer2 EtherSwitch ***
 no ip address
 shutdown
 duplex auto
 speed auto
!
interface FastEthernet1/0
 duplex full
 speed 100
!
interface FastEthernet1/1
 no switchport
 ip address 10.1.0.1 255.255.255.252
 duplex full
 speed 100
!
interface FastEthernet1/2
 no switchport
 ip address 10.1.0.5 255.255.255.252
 duplex full
 speed 100
!
interface FastEthernet1/3
 switchport access vlan 100
 duplex full
 speed 100
!
interface FastEthernet1/4
 no switchport
 ip address 10.1.0.9 255.255.255.252
 duplex full
 speed 100
!
interface FastEthernet1/5
 duplex full
 speed 100
!
interface FastEthernet1/6
 duplex full
 speed 100
!
interface FastEthernet1/7
 duplex full
 speed 100
!
interface FastEthernet1/8
 duplex full
 speed 100
!
interface FastEthernet1/9
 duplex full
 speed 100
!
interface FastEthernet1/10
 duplex full
 speed 100
!
interface FastEthernet1/11
 no switchport
 ip address 10.1.0.13 255.255.255.252
 duplex full
 speed 100
!
interface FastEthernet1/12
 no switchport
 ip address 10.1.0.17 255.255.255.252
 duplex full
 speed 100
!
interface FastEthernet1/13
 no switchport
 ip address 10.1.0.21 255.255.255.252
 duplex full
 speed 100
!
interface FastEthernet1/14
 duplex full
 speed 100
!
interface FastEthernet1/15
 duplex full
 speed 100
!
interface Vlan1
 no ip address
 shutdown
!
interface Vlan100
 ip address 10.1.100.251 255.255.255.0
!
router ospf 1
 router-id 100.100.100.100
 log-adjacency-changes
 network 10.1.0.0 0.0.255.255 area 1
!
ip forward-protocol nd
!
!
no ip http server
no ip http secure-server
!
no cdp log mismatch duplex
!
!
!
!
!
!
control-plane
!
!
!
!
!
!
!
!
!
!
line con 0
 exec-timeout 0 0
 privilege level 15
 logging synchronous
line aux 0
 exec-timeout 0 0
 privilege level 15
 logging synchronous
line vty 0 4
 login
!
!
end

ISP13 Part1 Configuration(Click)

!

!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname ISP13
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
memory-size iomem 5
no ip icmp rate-limit unreachable
!
!
ip cef
no ip domain lookup
!
!
ip auth-proxy max-nodata-conns 3
ip admission max-nodata-conns 3
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
ip tcp synwait-time 5
! 
!
!
!
!
interface Loopback0
 ip address 192.168.0.13 255.255.255.255
 ip ospf network point-to-point
!
interface Ethernet0/0
 ip address 12.12.12.1 255.255.255.252
 half-duplex
!
interface Ethernet0/1
 ip address 192.168.35.3 255.255.255.0
 half-duplex
!
interface Ethernet0/2
 no ip address
 shutdown
 half-duplex
!
interface Ethernet0/3
 no ip address
 shutdown
 half-duplex
!
router ospf 1
 router-id 13.13.13.13
 log-adjacency-changes
 network 192.168.0.0 0.0.255.255 area 0
!
no ip http server
no ip http secure-server
!
ip forward-protocol nd
!
!
no cdp log mismatch duplex
!
!
!
control-plane
!
!
!
!
!
!
!
!
!
!
line con 0
 exec-timeout 0 0
 privilege level 15
 logging synchronous
line aux 0
 exec-timeout 0 0
 privilege level 15
 logging synchronous
line vty 0 4
 login
!
!
end

ISP14 Part1 Configuration(Click)

!

!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname ISP14
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
memory-size iomem 5
no ip icmp rate-limit unreachable
!
!
ip cef
no ip domain lookup
!
!
ip auth-proxy max-nodata-conns 3
ip admission max-nodata-conns 3
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
ip tcp synwait-time 5
! 
!
!
!
!
interface Loopback0
 ip address 192.168.0.14 255.255.255.255
!
interface Ethernet0/0
 ip address 12.12.12.5 255.255.255.252
 half-duplex
!
interface Ethernet0/1
 ip address 192.168.45.4 255.255.255.0
 half-duplex
!
interface Ethernet0/2
 no ip address
 shutdown
 half-duplex
!
interface Ethernet0/3
 no ip address
 shutdown
 half-duplex
!
router ospf 1
 router-id 14.14.14.14
 log-adjacency-changes
 network 192.168.0.0 0.0.255.255 area 0
!
no ip http server
no ip http secure-server
!
ip forward-protocol nd
!
!
no cdp log mismatch duplex
!
!
!
control-plane
!
!
!
!
!
!
!
!
!
!
line con 0
 exec-timeout 0 0
 privilege level 15
 logging synchronous
line aux 0
 exec-timeout 0 0
 privilege level 15
 logging synchronous
line vty 0 4
 login
!
!
end

ISP15 Part1 Configuration(Click)

!

!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname ISP15
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
memory-size iomem 5
no ip icmp rate-limit unreachable
!
!
ip cef
no ip domain lookup
!
!
ip auth-proxy max-nodata-conns 3
ip admission max-nodata-conns 3
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
ip tcp synwait-time 5
! 
!
!
!
!
interface Loopback0
 ip address 192.168.0.15 255.255.255.255
!
interface Loopback1
 ip address 100.1.2.15 255.255.255.0 secondary
 ip address 100.1.1.15 255.255.255.0
 ip ospf network point-to-point
!
interface Ethernet0/0
 ip address 192.168.15.5 255.255.255.0
 half-duplex
!
interface Ethernet0/1
 ip address 192.168.25.5 255.255.255.0
 half-duplex
!
interface Ethernet0/2
 ip address 192.168.35.5 255.255.255.0
 half-duplex
!
interface Ethernet0/3
 ip address 192.168.45.5 255.255.255.0
 half-duplex
!
router ospf 1
 router-id 15.15.15.15
 log-adjacency-changes
 network 192.168.0.0 0.0.255.255 area 0
!
no ip http server
no ip http secure-server
!
ip forward-protocol nd
!
!
no cdp log mismatch duplex
!
!
!
control-plane
!
!
!
!
!
!
!
!
!
!
line con 0
 exec-timeout 0 0
 privilege level 15
 logging synchronous
line aux 0
 exec-timeout 0 0
 privilege level 15
 logging synchronous
line vty 0 4
 login
!
!
end

ISP21 Part1 Configuration(Click)

!

!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname ISP21
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
memory-size iomem 5
no ip icmp rate-limit unreachable
!
!
ip cef
no ip domain lookup
!
!
ip auth-proxy max-nodata-conns 3
ip admission max-nodata-conns 3
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
ip tcp synwait-time 5
! 
!
!
!
!
interface Loopback0
 ip address 192.168.0.21 255.255.255.255
!
interface Ethernet0/0
 ip address 3.3.3.2 255.255.255.252
 half-duplex
!
interface Ethernet0/1
 ip address 192.168.12.1 255.255.255.0
 half-duplex
!
interface Ethernet0/2
 no ip address
 shutdown
 half-duplex
!
interface Ethernet0/3
 no ip address
 shutdown
 half-duplex
!
router ospf 1
 router-id 21.21.21.21
 log-adjacency-changes
 network 192.168.0.0 0.0.255.255 area 0
!
no ip http server
no ip http secure-server
!
ip forward-protocol nd
!
!
no cdp log mismatch duplex
!
!
!
control-plane
!
!
!
!
!
!
!
!
!
!
line con 0
 exec-timeout 0 0
 privilege level 15
 logging synchronous
line aux 0
 exec-timeout 0 0
 privilege level 15
 logging synchronous
line vty 0 4
 login
!
!
end

ISP22 Part1 Configuration(Click)

!

!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname ISP22
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
memory-size iomem 5
no ip icmp rate-limit unreachable
!
!
ip cef
no ip domain lookup
!
!
ip auth-proxy max-nodata-conns 3
ip admission max-nodata-conns 3
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
ip tcp synwait-time 5
! 
!
!
!
!
interface Loopback0
 ip address 192.168.0.22 255.255.255.255
!
interface Ethernet0/0
 ip address 12.12.12.2 255.255.255.252
 half-duplex
!
interface Ethernet0/1
 ip address 12.12.12.6 255.255.255.252
 half-duplex
!
interface Ethernet0/2
 ip address 192.168.12.2 255.255.255.0
 half-duplex
!
interface Ethernet0/3
 no ip address
 shutdown
 half-duplex
!
router ospf 1
 router-id 22.22.22.22
 log-adjacency-changes
 network 192.168.0.0 0.0.255.255 area 0
!
no ip http server
no ip http secure-server
!
ip forward-protocol nd
!
!
no cdp log mismatch duplex
!
!
!
control-plane
!
!
!
!
!
!
!
!
!
!
line con 0
 exec-timeout 0 0
 privilege level 15
 logging synchronous
line aux 0
 exec-timeout 0 0
 privilege level 15
 logging synchronous
line vty 0 4
 login
!
!
end

PC12 Part1 Configuration(Click)

set pcname PC12
ip 10.1.12.12 10.1.12.250 24

PC21 Part1 Configuration(Click)

set pcname PC21
ip 10.1.21.21 10.1.21.251 24

PC120 Part1 Configuration(Click)

# This the configuration for PC120
#
# Uncomment the following line to enable DHCP
# dhcp
# or the line below to manually setup an IP address and subnet mask
# ip 192.168.1.1 255.0.0.0
#
set pcname PC120

PC130 Part1 Configuration(Click)

# This the configuration for PC130
#
# Uncomment the following line to enable DHCP
# dhcp
# or the line below to manually setup an IP address and subnet mask
# ip 192.168.1.1 255.0.0.0
#
set pcname PC130

SFSW Part1 Configuration(Click)

!

!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
no service dhcp
!
hostname SFSW
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
memory-size iomem 5
no ip routing
no ip icmp rate-limit unreachable
no ip cef
!
!
!
!
no ip domain lookup
!
multilink bundle-name authenticated
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
vtp file nvram:vlan.dat
archive
 log config
  hidekeys
! 
!
!
!
ip tcp synwait-time 5
!
!
!
!
interface FastEthernet0/0
 description *** Unused for Layer2 EtherSwitch ***
 no ip address
 no ip route-cache
 shutdown
 duplex auto
 speed auto
!
interface FastEthernet0/1
 description *** Unused for Layer2 EtherSwitch ***
 no ip address
 no ip route-cache
 shutdown
 duplex auto
 speed auto
!
interface FastEthernet1/0
 duplex full
 speed 100
!
interface FastEthernet1/1
 switchport access vlan 100
 duplex full
 speed 100
 spanning-tree portfast
!
interface FastEthernet1/2
 duplex full
 speed 100
!
interface FastEthernet1/3
 duplex full
 speed 100
!
interface FastEthernet1/4
 duplex full
 speed 100
!
interface FastEthernet1/5
 duplex full
 speed 100
!
interface FastEthernet1/6
 duplex full
 speed 100
!
interface FastEthernet1/7
 duplex full
 speed 100
!
interface FastEthernet1/8
 switchport access vlan 100
 duplex full
 speed 100
!
interface FastEthernet1/9
 duplex full
 speed 100
!
interface FastEthernet1/10
 duplex full
 speed 100
!
interface FastEthernet1/11
 duplex full
 speed 100
!
interface FastEthernet1/12
 duplex full
 speed 100
!
interface FastEthernet1/13
 duplex full
 speed 100
!
interface FastEthernet1/14
 duplex full
 speed 100
!
interface FastEthernet1/15
 duplex full
 speed 100
!
interface Vlan1
 no ip address
 no ip route-cache
 shutdown
!
ip forward-protocol nd
!
!
no ip http server
no ip http secure-server
!
no cdp log mismatch duplex
!
!
!
!
!
!
control-plane
!
!
!
!
!
!
!
!
!
!
line con 0
 exec-timeout 0 0
 privilege level 15
 logging synchronous
line aux 0
 exec-timeout 0 0
 privilege level 15
 logging synchronous
line vty 0 4
 login
!
!
end

SRV Part1 Configuration(Click)

set pcname SRV
ip 10.1.100.100 10.1.100.251 24

VPN1 Part1 Configuration(Click)

!

!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname VPN1
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
memory-size iomem 5
no ip icmp rate-limit unreachable
!
!
ip cef
no ip domain lookup
!
!
ip auth-proxy max-nodata-conns 3
ip admission max-nodata-conns 3
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
ip tcp synwait-time 5
! 
!
!
!
!
interface Ethernet0/0
 no ip address
 shutdown
 half-duplex
!
interface Ethernet0/1
 ip address 10.1.0.22 255.255.255.252
 half-duplex
!
interface Ethernet0/2
 no ip address
 shutdown
 half-duplex
!
interface Ethernet0/3
 no ip address
 shutdown
 half-duplex
!
router ospf 1
 router-id 113.113.113.113
 log-adjacency-changes
 network 10.1.0.0 0.0.255.255 area 1
!
no ip http server
no ip http secure-server
!
ip forward-protocol nd
!
!
no cdp log mismatch duplex
!
!
!
control-plane
!
!
!
!
!
!
!
!
!
!
line con 0
 exec-timeout 0 0
 privilege level 15
 logging synchronous
line aux 0
 exec-timeout 0 0
 privilege level 15
 logging synchronous
line vty 0 4
 login
!
!
end

WAN1 Part1 Configuration(Click)

!

!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname WAN1
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
memory-size iomem 5
no ip icmp rate-limit unreachable
!
!
ip cef
no ip domain lookup
!
!
ip auth-proxy max-nodata-conns 3
ip admission max-nodata-conns 3
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
ip tcp synwait-time 5
! 
!
!
!
!
interface Ethernet0/0
 no ip address
 shutdown
 half-duplex
!
interface Ethernet0/1
 ip address 10.1.0.14 255.255.255.252
 half-duplex
!
interface Ethernet0/2
 no ip address
 shutdown
 half-duplex
!
interface Ethernet0/3
 no ip address
 shutdown
 half-duplex
!
router ospf 1
 router-id 111.111.111.111
 log-adjacency-changes
 network 10.1.0.0 0.0.255.255 area 1
!
no ip http server
no ip http secure-server
!
ip forward-protocol nd
!
!
no cdp log mismatch duplex
!
!
!
control-plane
!
!
!
!
!
!
!
!
!
!
line con 0
 exec-timeout 0 0
 privilege level 15
 logging synchronous
line aux 0
 exec-timeout 0 0
 privilege level 15
 logging synchronous
line vty 0 4
 login
!
!
end

WAN2 Part1 Configuration(Click)

!
!
!
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname WAN2
!
ip cef
no ip domain-lookup
no ip icmp rate-limit unreachable
ip tcp synwait 5
no cdp log mismatch duplex
!
line con 0
 exec-timeout 0 0
 logging synchronous
 privilege level 15
 no login
line aux 0
 exec-timeout 0 0
 logging synchronous
 privilege level 15
 no login
!
!
end

関連記事

関連記事

ネットワークのおべんきょしませんか?
 
Cisco VLANの設定と確認
https://www.n-study.com/vlan-detail/cisco-vlan-configuration/
VLANの設定の流れまず、全体的な設定の流れを確認しましょう。デフォルトでは、スイッチにはVLAN1が存在します。すべてのポートはCatalystのモデルに応じて、特定のDTPモードになっています。Catalyst3560/3750では、Dynamic autoのモードです。そのため、Catalystスイッチが接続されない場合は、すべてのポートはアクセスポートとして動作します。アクセスポートとして動作する場合のVLANメンバーシップはVLAN1です。ここから必要に応じて、新しくVLANを作成したり、DTPモードを変更したりしてアクセスポート/トランクポートとして動...

ネットワークのおべんきょしませんか?
 
Cisco レイヤ3スイッチによるVLAN間ルーティングの設定(SVI/ルーテッドポート)
https://www.n-study.com/vlan-detail/cisco-svi-routedport/
レイヤ3スイッチの設定レイヤ3スイッチの設定を行うには、まずグローバルコンフィグレーションモードでip routingコマンドを入力してIPルーティングを有効にします。機種によってはip routingコマンドは不要です。そして、レイヤ3スイッチにIPアドレスを設定することでVLAN(ネットワーク)を相互接続して、VLAN間の通信を可能にします。レイヤ3スイッチのIPアドレス設定は、次のいずれかで行います。SVIの設定ルーテッドポートの設定SVIの設定SVIは、内部ルータとVLANを接続する仮想的なインタフェースです。SVIにIPアドレスを設定して...

ネットワークのおべんきょしませんか?
 
レイヤ3スイッチのポートの考え方のまとめ ~アクセスポート/トランクポート/SVI/...
https://www.n-study.com/vlan-detail/layer3switch-port-classification/
レイヤ3スイッチのポートの考え方についてまとめています。レイヤ3スイッチ内部で、仮想ルータ、VLAN、ポートの関連付けをイメージしましょう。

ネットワークのおべんきょしませんか?
 
PortFast ~すぐにフォワーディング状態にする~
https://www.n-study.com/layer2switch/cisco-portfast/
PortFastによって、スパニングツリーのポート状態をブロッキングから即座にフォワーディング状態に移行させることができます。PortFastの動作と設定について解説します。

ネットワークのおべんきょしませんか?
 
Cisco IPアドレスの設定
https://www.n-study.com/ip-addressing/cisco-ipaddress-configuration/
CiscoルータでのIPアドレスの設定について解説します。原則として、1つのインタフェースにはIPアドレスは1つですが、セカンダリIPアドレスとして複数設定することもできます。

ネットワークのおべんきょしませんか?
 
OSPFの基本的な設定と確認コマンド [Cisco] | ネットワークのおべんきょしませんか?
https://www.n-study.com/ospf-detail/ospf-basic-configuration/
OSPFの基本的な設定手順は次の2つです。1.OSPFルーティングプロセスの起動2.インタフェースでOSPFを有効化

ネットワークのおべんきょしませんか?
Cisco HSRP設定と確認
https://www.n-study.com/iprouting/cisco-hsrp-configuration/
HSRPの基本設定HSRPの基本的な設定は以下の手順です。HSRPグループと仮想IPアドレスの設定HSRPプライオリティの設定以降で、それぞれの手順のコマンドを解説します。HSRPグループと仮想IPアドレスの設定HSRPは、PCやサーバなどが接続されていて、デフォルトゲートウェイとして動作するインタフェースのインタフェースコンフィグレーションモードで設定します。まず、以下のコマンドでHSRPグループと仮想ルータのIPアドレスを設定します。(config-if)#standby ip : HSRPグループ...

ネットワークのおべんきょしませんか?
2022年ページビューランキング | ネットワークのおべんきょしませんか?
https://www.n-study.com/2022-pv-ranking/
2022年「ネットワークのおべんきょしませんか?」コンテンツのページビューランキングTOP10です。

ネットワーク技術解説記事のアップデートや新規記事をTwitterでお知らせしています。

CCNAを目指すなら『基礎からのCCNA(200-301)攻略テキスト』

詳細な解説と実践的な演習シナリオでスキルアップ

「ネットワークのおべんきょしませんか?」内の記事を検索

IPルーティング応用