目次
概要
企業の社内ネットワークを構築する総合的な演習です。以下の技術を組み合わせて企業の3つの拠点を相互接続します。拠点間の接続は広域イーサネットをプライマリとして、インターネットVPN(IPSec VTI)をバックアップにします。
- VLAN
- SVI/ルーテッドポート(レイヤ3スイッチ)
- OSPF
- HSRP
- BGP
- NAT
- IPSec-VPN(VTI)
Part4は、インターネットをエミュレートするAS1とAS2を構築します。
Part1:拠点1の構築
Part2:拠点2/拠点3の構築
Part3:広域イーサネットの接続
Part4:インターネット(AS1/AS2)の構築
Part5:インターネットへの接続
Part6:インターネットVPNの構築
ネットワーク構成
拠点1物理構成
拠点1論理構成
拠点2/拠点3物理構成
拠点2/拠点3論理構成
インターネット物理/論理構成
インターネットVPN
初期設定
「[演習] 企業ネットワーク構築演習 Part3:広域イーサネットの接続」が完了した状態から開始します。
ASW11 Initial Configuration(Click)
! ! version 12.4 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption no service dhcp ! hostname ASW11 ! boot-start-marker boot-end-marker ! ! no aaa new-model memory-size iomem 5 no ip routing no ip icmp rate-limit unreachable no ip cef ! ! ! ! no ip domain lookup ! multilink bundle-name authenticated ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! vtp file nvram:vlan.dat archive log config hidekeys ! ! ! ! ip tcp synwait-time 5 ! ! ! ! interface FastEthernet0/0 description *** Unused for Layer2 EtherSwitch *** no ip address no ip route-cache shutdown duplex auto speed auto ! interface FastEthernet0/1 description *** Unused for Layer2 EtherSwitch *** no ip address no ip route-cache shutdown duplex auto speed auto ! interface FastEthernet1/0 duplex full speed 100 ! interface FastEthernet1/1 switchport access vlan 11 duplex full speed 100 spanning-tree portfast ! interface FastEthernet1/2 switchport access vlan 12 duplex full speed 100 spanning-tree portfast ! interface FastEthernet1/3 duplex full speed 100 ! interface FastEthernet1/4 duplex full speed 100 ! interface FastEthernet1/5 duplex full speed 100 ! interface FastEthernet1/6 duplex full speed 100 ! interface FastEthernet1/7 duplex full speed 100 ! interface FastEthernet1/8 switchport mode trunk duplex full speed 100 ! interface FastEthernet1/9 switchport mode trunk duplex full speed 100 ! interface FastEthernet1/10 duplex full speed 100 ! interface FastEthernet1/11 duplex full speed 100 ! interface FastEthernet1/12 duplex full speed 100 ! interface FastEthernet1/13 duplex full speed 100 ! interface FastEthernet1/14 duplex full speed 100 ! interface FastEthernet1/15 duplex full speed 100 ! interface Vlan1 no ip address no ip route-cache shutdown ! ip forward-protocol nd ! ! no ip http server no ip http secure-server ! no cdp log mismatch duplex ! ! ! ! ! ! control-plane ! ! ! ! ! ! ! ! ! ! line con 0 exec-timeout 0 0 privilege level 15 logging synchronous line aux 0 exec-timeout 0 0 privilege level 15 logging synchronous line vty 0 4 login ! ! end
ASW21 Initial Configuration(Click)
! ! version 12.4 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption no service dhcp ! hostname ASW21 ! boot-start-marker boot-end-marker ! ! no aaa new-model memory-size iomem 5 no ip routing no ip icmp rate-limit unreachable no ip cef ! ! ! ! no ip domain lookup ! multilink bundle-name authenticated ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! vtp file nvram:vlan.dat archive log config hidekeys ! ! ! ! ip tcp synwait-time 5 ! ! ! ! interface FastEthernet0/0 description *** Unused for Layer2 EtherSwitch *** no ip address no ip route-cache shutdown duplex auto speed auto ! interface FastEthernet0/1 description *** Unused for Layer2 EtherSwitch *** no ip address no ip route-cache shutdown duplex auto speed auto ! interface FastEthernet1/0 duplex full speed 100 ! interface FastEthernet1/1 switchport access vlan 21 duplex full speed 100 spanning-tree portfast ! interface FastEthernet1/2 duplex full speed 100 ! interface FastEthernet1/3 duplex full speed 100 ! interface FastEthernet1/4 duplex full speed 100 ! interface FastEthernet1/5 duplex full speed 100 ! interface FastEthernet1/6 duplex full speed 100 ! interface FastEthernet1/7 duplex full speed 100 ! interface FastEthernet1/8 switchport mode trunk duplex full speed 100 ! interface FastEthernet1/9 duplex full speed 100 ! interface FastEthernet1/10 duplex full speed 100 ! interface FastEthernet1/11 duplex full speed 100 ! interface FastEthernet1/12 duplex full speed 100 ! interface FastEthernet1/13 duplex full speed 100 ! interface FastEthernet1/14 duplex full speed 100 ! interface FastEthernet1/15 duplex full speed 100 ! interface Vlan1 no ip address no ip route-cache shutdown ! ip forward-protocol nd ! ! no ip http server no ip http secure-server ! no cdp log mismatch duplex ! ! ! ! ! ! control-plane ! ! ! ! ! ! ! ! ! ! line con 0 exec-timeout 0 0 privilege level 15 logging synchronous line aux 0 exec-timeout 0 0 privilege level 15 logging synchronous line vty 0 4 login ! ! end
BBSW Initial Configuration(Click)
! ! version 12.4 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption no service dhcp ! hostname BBSW ! boot-start-marker boot-end-marker ! ! no aaa new-model memory-size iomem 5 no ip icmp rate-limit unreachable ip cef ! ! ! ! no ip domain lookup ! multilink bundle-name authenticated ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! vtp file nvram:vlan.dat archive log config hidekeys ! ! ! vlan internal allocation policy ascending ! ip tcp synwait-time 5 ! ! ! ! interface FastEthernet0/0 description *** Unused for Layer2 EtherSwitch *** no ip address shutdown duplex auto speed auto ! interface FastEthernet0/1 description *** Unused for Layer2 EtherSwitch *** no ip address shutdown duplex auto speed auto ! interface FastEthernet1/0 duplex full speed 100 ! interface FastEthernet1/1 no switchport ip address 10.1.0.1 255.255.255.252 duplex full speed 100 ! interface FastEthernet1/2 no switchport ip address 10.1.0.5 255.255.255.252 duplex full speed 100 ! interface FastEthernet1/3 switchport access vlan 100 duplex full speed 100 ! interface FastEthernet1/4 no switchport ip address 10.1.0.9 255.255.255.252 duplex full speed 100 ! interface FastEthernet1/5 duplex full speed 100 ! interface FastEthernet1/6 duplex full speed 100 ! interface FastEthernet1/7 duplex full speed 100 ! interface FastEthernet1/8 duplex full speed 100 ! interface FastEthernet1/9 duplex full speed 100 ! interface FastEthernet1/10 duplex full speed 100 ! interface FastEthernet1/11 no switchport ip address 10.1.0.13 255.255.255.252 duplex full speed 100 ! interface FastEthernet1/12 no switchport ip address 10.1.0.17 255.255.255.252 duplex full speed 100 ! interface FastEthernet1/13 no switchport ip address 10.1.0.21 255.255.255.252 duplex full speed 100 ! interface FastEthernet1/14 duplex full speed 100 ! interface FastEthernet1/15 duplex full speed 100 ! interface Vlan1 no ip address shutdown ! interface Vlan100 ip address 10.1.100.251 255.255.255.0 ! router ospf 1 router-id 100.100.100.100 log-adjacency-changes network 10.1.0.0 0.0.255.255 area 1 ! ip forward-protocol nd ! ! no ip http server no ip http secure-server ! no cdp log mismatch duplex ! ! ! ! ! ! control-plane ! ! ! ! ! ! ! ! ! ! line con 0 exec-timeout 0 0 privilege level 15 logging synchronous line aux 0 exec-timeout 0 0 privilege level 15 logging synchronous line vty 0 4 login ! ! end
DSW11 Initial Configuration(Click)
! ! version 12.4 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption no service dhcp ! hostname DSW11 ! boot-start-marker boot-end-marker ! ! no aaa new-model memory-size iomem 5 no ip icmp rate-limit unreachable ip cef ! ! ! ! no ip domain lookup ! multilink bundle-name authenticated ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! vtp file nvram:vlan.dat archive log config hidekeys ! ! ! vlan internal allocation policy ascending ! ip tcp synwait-time 5 ! ! ! ! ! interface Port-channel1 ! interface FastEthernet0/0 description *** Unused for Layer2 EtherSwitch *** no ip address shutdown duplex auto speed auto ! interface FastEthernet0/1 description *** Unused for Layer2 EtherSwitch *** no ip address shutdown duplex auto speed auto ! interface FastEthernet1/0 duplex full speed 100 ! interface FastEthernet1/1 no switchport ip address 10.1.0.2 255.255.255.252 duplex full speed 100 ! interface FastEthernet1/2 duplex full speed 100 ! interface FastEthernet1/3 duplex full speed 100 ! interface FastEthernet1/4 duplex full speed 100 ! interface FastEthernet1/5 duplex full speed 100 ! interface FastEthernet1/6 duplex full speed 100 ! interface FastEthernet1/7 duplex full speed 100 ! interface FastEthernet1/8 switchport mode trunk duplex full speed 100 ! interface FastEthernet1/9 duplex full speed 100 ! interface FastEthernet1/10 duplex full speed 100 ! interface FastEthernet1/11 duplex full speed 100 ! interface FastEthernet1/12 duplex full speed 100 ! interface FastEthernet1/13 duplex full speed 100 ! interface FastEthernet1/14 duplex full speed 100 ! interface FastEthernet1/15 duplex full speed 100 ! interface Vlan1 no ip address shutdown ! interface Vlan11 ip address 10.1.11.251 255.255.255.0 standby 11 ip 10.1.11.250 standby 11 priority 110 standby 11 preempt standby 11 track FastEthernet1/1 20 ! interface Vlan12 ip address 10.1.12.251 255.255.255.0 standby 12 ip 10.1.12.250 standby 12 preempt ! router ospf 1 router-id 11.11.11.11 log-adjacency-changes network 10.1.0.0 0.0.255.255 area 1 ! ip forward-protocol nd ! ! no ip http server no ip http secure-server ! no cdp log mismatch duplex ! ! ! ! ! ! control-plane ! ! ! ! ! ! ! ! ! ! line con 0 exec-timeout 0 0 privilege level 15 logging synchronous line aux 0 exec-timeout 0 0 privilege level 15 logging synchronous line vty 0 4 login ! ! end
DSW12 Initial Configuration(Click)
! ! version 12.4 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption no service dhcp ! hostname DSW12 ! boot-start-marker boot-end-marker ! ! no aaa new-model memory-size iomem 5 no ip icmp rate-limit unreachable ip cef ! ! ! ! no ip domain lookup ! multilink bundle-name authenticated ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! vtp file nvram:vlan.dat archive log config hidekeys ! ! ! vlan internal allocation policy ascending ! ip tcp synwait-time 5 ! ! ! ! ! interface FastEthernet0/0 description *** Unused for Layer2 EtherSwitch *** no ip address shutdown duplex auto speed auto ! interface FastEthernet0/1 description *** Unused for Layer2 EtherSwitch *** no ip address shutdown duplex auto speed auto ! interface FastEthernet1/0 duplex full speed 100 ! interface FastEthernet1/1 no switchport ip address 10.1.0.6 255.255.255.252 duplex full speed 100 ! interface FastEthernet1/2 duplex full speed 100 ! interface FastEthernet1/3 duplex full speed 100 ! interface FastEthernet1/4 duplex full speed 100 ! interface FastEthernet1/5 duplex full speed 100 ! interface FastEthernet1/6 duplex full speed 100 ! interface FastEthernet1/7 duplex full speed 100 ! interface FastEthernet1/8 duplex full speed 100 ! interface FastEthernet1/9 switchport mode trunk duplex full speed 100 ! interface FastEthernet1/10 duplex full speed 100 ! interface FastEthernet1/11 duplex full speed 100 ! interface FastEthernet1/12 duplex full speed 100 ! interface FastEthernet1/13 duplex full speed 100 ! interface FastEthernet1/14 duplex full speed 100 ! interface FastEthernet1/15 duplex full speed 100 ! interface Vlan1 no ip address shutdown ! interface Vlan11 ip address 10.1.11.252 255.255.255.0 standby 11 ip 10.1.11.250 standby 11 preempt ! interface Vlan12 ip address 10.1.12.252 255.255.255.0 standby 12 ip 10.1.12.250 standby 12 priority 110 standby 12 preempt standby 12 track FastEthernet1/1 20 ! router ospf 1 router-id 12.12.12.12 log-adjacency-changes network 10.1.0.0 0.0.255.255 area 1 ! ip forward-protocol nd ! ! no ip http server no ip http secure-server ! no cdp log mismatch duplex ! ! ! ! ! ! control-plane ! ! ! ! ! ! ! ! ! ! line con 0 exec-timeout 0 0 privilege level 15 logging synchronous line aux 0 exec-timeout 0 0 privilege level 15 logging synchronous line vty 0 4 login ! ! end
DSW21 Initial Configuration(Click)
! ! version 12.4 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption no service dhcp ! hostname DSW21 ! boot-start-marker boot-end-marker ! ! no aaa new-model memory-size iomem 5 no ip icmp rate-limit unreachable ip cef ! ! ! ! no ip domain lookup ! multilink bundle-name authenticated ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! vtp file nvram:vlan.dat archive log config hidekeys ! ! ! vlan internal allocation policy ascending ! ip tcp synwait-time 5 ! ! ! ! interface FastEthernet0/0 description *** Unused for Layer2 EtherSwitch *** no ip address shutdown duplex auto speed auto ! interface FastEthernet0/1 description *** Unused for Layer2 EtherSwitch *** no ip address shutdown duplex auto speed auto ! interface FastEthernet1/0 duplex full speed 100 ! interface FastEthernet1/1 no switchport ip address 10.1.0.10 255.255.255.252 duplex full speed 100 ! interface FastEthernet1/2 duplex full speed 100 ! interface FastEthernet1/3 duplex full speed 100 ! interface FastEthernet1/4 duplex full speed 100 ! interface FastEthernet1/5 duplex full speed 100 ! interface FastEthernet1/6 duplex full speed 100 ! interface FastEthernet1/7 duplex full speed 100 ! interface FastEthernet1/8 switchport mode trunk duplex full speed 100 ! interface FastEthernet1/9 duplex full speed 100 ! interface FastEthernet1/10 duplex full speed 100 ! interface FastEthernet1/11 duplex full speed 100 ! interface FastEthernet1/12 duplex full speed 100 ! interface FastEthernet1/13 duplex full speed 100 ! interface FastEthernet1/14 duplex full speed 100 ! interface FastEthernet1/15 duplex full speed 100 ! interface Vlan1 no ip address shutdown ! interface Vlan21 ip address 10.1.21.251 255.255.255.0 ! router ospf 1 router-id 21.21.21.21 log-adjacency-changes network 10.1.0.0 0.0.255.255 area 1 ! ip forward-protocol nd ! ! no ip http server no ip http secure-server ! no cdp log mismatch duplex ! ! ! ! ! ! control-plane ! ! ! ! ! ! ! ! ! ! line con 0 exec-timeout 0 0 privilege level 15 logging synchronous line aux 0 exec-timeout 0 0 privilege level 15 logging synchronous line vty 0 4 login ! ! end
DSW120 Initial Configuration(Click)
! ! version 12.4 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption no service dhcp ! hostname DSW120 ! boot-start-marker boot-end-marker ! ! no aaa new-model memory-size iomem 5 no ip icmp rate-limit unreachable ip cef ! ! ! ! no ip domain lookup ! multilink bundle-name authenticated ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! vtp file nvram:vlan.dat archive log config hidekeys ! ! ! vlan internal allocation policy ascending ! ip tcp synwait-time 5 ! ! ! ! interface FastEthernet0/0 description *** Unused for Layer2 EtherSwitch *** no ip address shutdown duplex auto speed auto ! interface FastEthernet0/1 description *** Unused for Layer2 EtherSwitch *** no ip address shutdown duplex auto speed auto ! interface FastEthernet1/0 duplex full speed 100 ! interface FastEthernet1/1 switchport access vlan 11 duplex full speed 100 spanning-tree portfast ! interface FastEthernet1/2 duplex full speed 100 ! interface FastEthernet1/3 duplex full speed 100 ! interface FastEthernet1/4 duplex full speed 100 ! interface FastEthernet1/5 duplex full speed 100 ! interface FastEthernet1/6 duplex full speed 100 ! interface FastEthernet1/7 duplex full speed 100 ! interface FastEthernet1/8 duplex full speed 100 ! interface FastEthernet1/9 duplex full speed 100 ! interface FastEthernet1/10 duplex full speed 100 ! interface FastEthernet1/11 no switchport ip address 10.2.0.1 255.255.255.252 duplex full speed 100 ! interface FastEthernet1/12 no switchport ip address 10.2.0.5 255.255.255.252 duplex full speed 100 ! interface FastEthernet1/13 duplex full speed 100 ! interface FastEthernet1/14 duplex full speed 100 ! interface FastEthernet1/15 duplex full speed 100 ! interface Vlan1 no ip address shutdown ! interface Vlan11 ip address 10.2.11.251 255.255.255.0 ! router ospf 1 router-id 120.120.120.120 log-adjacency-changes network 10.2.0.0 0.0.255.255 area 2 ! ip forward-protocol nd ! ! no ip http server no ip http secure-server ! no cdp log mismatch duplex ! ! ! ! ! ! control-plane ! ! ! ! ! ! ! ! ! ! line con 0 exec-timeout 0 0 privilege level 15 logging synchronous line aux 0 exec-timeout 0 0 privilege level 15 logging synchronous line vty 0 4 login ! ! end
INET1 Initial Configuration(Click)
! ! version 12.4 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname INET1 ! boot-start-marker boot-end-marker ! ! no aaa new-model memory-size iomem 5 no ip icmp rate-limit unreachable ! ! ip cef no ip domain lookup ! ! ip auth-proxy max-nodata-conns 3 ip admission max-nodata-conns 3 ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ip tcp synwait-time 5 ! ! ! ! ! interface Ethernet0/0 no ip address shutdown half-duplex ! interface Ethernet0/1 ip address 10.1.0.18 255.255.255.252 half-duplex ! interface Ethernet0/2 no ip address shutdown half-duplex ! interface Ethernet0/3 no ip address shutdown half-duplex ! router ospf 1 router-id 112.112.112.112 log-adjacency-changes network 10.1.0.0 0.0.255.255 area 1 ! no ip http server no ip http secure-server ! ip forward-protocol nd ! ! no cdp log mismatch duplex ! ! ! control-plane ! ! ! ! ! ! ! ! ! ! line con 0 exec-timeout 0 0 privilege level 15 logging synchronous line aux 0 exec-timeout 0 0 privilege level 15 logging synchronous line vty 0 4 login ! ! end
INET2 Initial Configuration(Click)
! ! version 12.4 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname INET2 ! boot-start-marker boot-end-marker ! ! no aaa new-model memory-size iomem 5 no ip icmp rate-limit unreachable ! ! ip cef no ip domain lookup ! ! ip auth-proxy max-nodata-conns 3 ip admission max-nodata-conns 3 ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ip tcp synwait-time 5 ! ! ! ! ! interface Ethernet0/0 no ip address shutdown half-duplex ! interface Ethernet0/1 ip address 10.2.0.6 255.255.255.252 half-duplex ! interface Ethernet0/2 no ip address shutdown half-duplex ! interface Ethernet0/3 no ip address shutdown half-duplex ! router ospf 1 router-id 122.122.122.122 log-adjacency-changes network 10.2.0.0 0.0.255.255 area 2 ! no ip http server no ip http secure-server ! ip forward-protocol nd ! ! no cdp log mismatch duplex ! ! ! control-plane ! ! ! ! ! ! ! ! ! ! line con 0 exec-timeout 0 0 privilege level 15 logging synchronous line aux 0 exec-timeout 0 0 privilege level 15 logging synchronous line vty 0 4 login ! ! end
INET3 Initial Configuration(Click)
! ! version 12.4 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname INET3 ! boot-start-marker boot-end-marker ! ! no aaa new-model memory-size iomem 5 no ip icmp rate-limit unreachable ! ! ip cef no ip domain lookup ! ! ip auth-proxy max-nodata-conns 3 ip admission max-nodata-conns 3 ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ip tcp synwait-time 5 ! ! ! ! ! interface Ethernet0/0 no ip address shutdown half-duplex ! interface Ethernet0/1 ip address 10.3.11.251 255.255.255.0 half-duplex ! interface Ethernet0/2 no ip address shutdown half-duplex ! interface Ethernet0/3 no ip address shutdown half-duplex ! no ip http server no ip http secure-server ! ip forward-protocol nd ! ! no cdp log mismatch duplex ! ! ! control-plane ! ! ! ! ! ! ! ! ! ! line con 0 exec-timeout 0 0 privilege level 15 logging synchronous line aux 0 exec-timeout 0 0 privilege level 15 logging synchronous line vty 0 4 login ! ! end
ISP11 Initial Configuration(Click)
! ! version 12.4 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname ISP11 ! boot-start-marker boot-end-marker ! ! no aaa new-model memory-size iomem 5 no ip icmp rate-limit unreachable ! ! ip cef no ip domain lookup ! ! ip auth-proxy max-nodata-conns 3 ip admission max-nodata-conns 3 ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ip tcp synwait-time 5 ! ! ! ! ! interface Loopback0 ip address 192.168.0.11 255.255.255.255 ip ospf network point-to-point ! interface Ethernet0/0 ip address 1.1.1.2 255.255.255.252 half-duplex ! interface Ethernet0/1 ip address 192.168.15.1 255.255.255.0 half-duplex ! interface Ethernet0/2 no ip address shutdown half-duplex ! interface Ethernet0/3 no ip address shutdown half-duplex ! router ospf 1 router-id 11.11.11.11 log-adjacency-changes network 192.168.0.0 0.0.255.255 area 0 ! no ip http server no ip http secure-server ! ip forward-protocol nd ! ! no cdp log mismatch duplex ! ! ! control-plane ! ! ! ! ! ! ! ! ! ! line con 0 exec-timeout 0 0 privilege level 15 logging synchronous line aux 0 exec-timeout 0 0 privilege level 15 logging synchronous line vty 0 4 login ! ! end
ISP12 Initial Configuration(Click)
! ! version 12.4 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname ISP12 ! boot-start-marker boot-end-marker ! ! no aaa new-model memory-size iomem 5 no ip icmp rate-limit unreachable ! ! ip cef no ip domain lookup ! ! ip auth-proxy max-nodata-conns 3 ip admission max-nodata-conns 3 ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ip tcp synwait-time 5 ! ! ! ! ! interface Loopback0 ip address 192.168.0.22 255.255.255.255 ! interface Ethernet0/0 ip address 2.2.2.2 255.255.255.252 half-duplex ! interface Ethernet0/1 ip address 192.168.25.2 255.255.255.0 half-duplex ! interface Ethernet0/2 no ip address shutdown half-duplex ! interface Ethernet0/3 no ip address shutdown half-duplex ! router ospf 1 router-id 12.12.12.12 log-adjacency-changes network 192.168.0.0 0.0.255.255 area 0 ! no ip http server no ip http secure-server ! ip forward-protocol nd ! ! no cdp log mismatch duplex ! ! ! control-plane ! ! ! ! ! ! ! ! ! ! line con 0 exec-timeout 0 0 privilege level 15 logging synchronous line aux 0 exec-timeout 0 0 privilege level 15 logging synchronous line vty 0 4 login ! ! end
ISP13 Initial Configuration(Click)
! ! version 12.4 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname ISP13 ! boot-start-marker boot-end-marker ! ! no aaa new-model memory-size iomem 5 no ip icmp rate-limit unreachable ! ! ip cef no ip domain lookup ! ! ip auth-proxy max-nodata-conns 3 ip admission max-nodata-conns 3 ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ip tcp synwait-time 5 ! ! ! ! ! interface Loopback0 ip address 192.168.0.13 255.255.255.255 ip ospf network point-to-point ! interface Ethernet0/0 ip address 12.12.12.1 255.255.255.252 half-duplex ! interface Ethernet0/1 ip address 192.168.35.3 255.255.255.0 half-duplex ! interface Ethernet0/2 no ip address shutdown half-duplex ! interface Ethernet0/3 no ip address shutdown half-duplex ! router ospf 1 router-id 13.13.13.13 log-adjacency-changes network 192.168.0.0 0.0.255.255 area 0 ! no ip http server no ip http secure-server ! ip forward-protocol nd ! ! no cdp log mismatch duplex ! ! ! control-plane ! ! ! ! ! ! ! ! ! ! line con 0 exec-timeout 0 0 privilege level 15 logging synchronous line aux 0 exec-timeout 0 0 privilege level 15 logging synchronous line vty 0 4 login ! ! end
ISP14 Initial Configuration(Click)
! ! version 12.4 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname ISP14 ! boot-start-marker boot-end-marker ! ! no aaa new-model memory-size iomem 5 no ip icmp rate-limit unreachable ! ! ip cef no ip domain lookup ! ! ip auth-proxy max-nodata-conns 3 ip admission max-nodata-conns 3 ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ip tcp synwait-time 5 ! ! ! ! ! interface Loopback0 ip address 192.168.0.14 255.255.255.255 ! interface Ethernet0/0 ip address 12.12.12.5 255.255.255.252 half-duplex ! interface Ethernet0/1 ip address 192.168.45.4 255.255.255.0 half-duplex ! interface Ethernet0/2 no ip address shutdown half-duplex ! interface Ethernet0/3 no ip address shutdown half-duplex ! router ospf 1 router-id 14.14.14.14 log-adjacency-changes network 192.168.0.0 0.0.255.255 area 0 ! no ip http server no ip http secure-server ! ip forward-protocol nd ! ! no cdp log mismatch duplex ! ! ! control-plane ! ! ! ! ! ! ! ! ! ! line con 0 exec-timeout 0 0 privilege level 15 logging synchronous line aux 0 exec-timeout 0 0 privilege level 15 logging synchronous line vty 0 4 login ! ! end
ISP15 Initial Configuration(Click)
! ! version 12.4 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname ISP15 ! boot-start-marker boot-end-marker ! ! no aaa new-model memory-size iomem 5 no ip icmp rate-limit unreachable ! ! ip cef no ip domain lookup ! ! ip auth-proxy max-nodata-conns 3 ip admission max-nodata-conns 3 ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ip tcp synwait-time 5 ! ! ! ! ! interface Loopback0 ip address 192.168.0.15 255.255.255.255 ! interface Loopback1 ip address 100.1.2.15 255.255.255.0 secondary ip address 100.1.1.15 255.255.255.0 ip ospf network point-to-point ! interface Ethernet0/0 ip address 192.168.15.5 255.255.255.0 half-duplex ! interface Ethernet0/1 ip address 192.168.25.5 255.255.255.0 half-duplex ! interface Ethernet0/2 ip address 192.168.35.5 255.255.255.0 half-duplex ! interface Ethernet0/3 ip address 192.168.45.5 255.255.255.0 half-duplex ! router ospf 1 router-id 15.15.15.15 log-adjacency-changes network 192.168.0.0 0.0.255.255 area 0 ! no ip http server no ip http secure-server ! ip forward-protocol nd ! ! no cdp log mismatch duplex ! ! ! control-plane ! ! ! ! ! ! ! ! ! ! line con 0 exec-timeout 0 0 privilege level 15 logging synchronous line aux 0 exec-timeout 0 0 privilege level 15 logging synchronous line vty 0 4 login ! ! end
ISP21 Initial Configuration(Click)
! ! version 12.4 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname ISP21 ! boot-start-marker boot-end-marker ! ! no aaa new-model memory-size iomem 5 no ip icmp rate-limit unreachable ! ! ip cef no ip domain lookup ! ! ip auth-proxy max-nodata-conns 3 ip admission max-nodata-conns 3 ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ip tcp synwait-time 5 ! ! ! ! ! interface Loopback0 ip address 192.168.0.21 255.255.255.255 ! interface Ethernet0/0 ip address 3.3.3.2 255.255.255.252 half-duplex ! interface Ethernet0/1 ip address 192.168.12.1 255.255.255.0 half-duplex ! interface Ethernet0/2 no ip address shutdown half-duplex ! interface Ethernet0/3 no ip address shutdown half-duplex ! router ospf 1 router-id 21.21.21.21 log-adjacency-changes network 192.168.0.0 0.0.255.255 area 0 ! no ip http server no ip http secure-server ! ip forward-protocol nd ! ! no cdp log mismatch duplex ! ! ! control-plane ! ! ! ! ! ! ! ! ! ! line con 0 exec-timeout 0 0 privilege level 15 logging synchronous line aux 0 exec-timeout 0 0 privilege level 15 logging synchronous line vty 0 4 login ! ! end
ISP22 Initial Configuration(Click)
! ! version 12.4 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname ISP22 ! boot-start-marker boot-end-marker ! ! no aaa new-model memory-size iomem 5 no ip icmp rate-limit unreachable ! ! ip cef no ip domain lookup ! ! ip auth-proxy max-nodata-conns 3 ip admission max-nodata-conns 3 ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ip tcp synwait-time 5 ! ! ! ! ! interface Loopback0 ip address 192.168.0.22 255.255.255.255 ! interface Ethernet0/0 ip address 12.12.12.2 255.255.255.252 half-duplex ! interface Ethernet0/1 ip address 12.12.12.6 255.255.255.252 half-duplex ! interface Ethernet0/2 ip address 192.168.12.2 255.255.255.0 half-duplex ! interface Ethernet0/3 no ip address shutdown half-duplex ! router ospf 1 router-id 22.22.22.22 log-adjacency-changes network 192.168.0.0 0.0.255.255 area 0 ! no ip http server no ip http secure-server ! ip forward-protocol nd ! ! no cdp log mismatch duplex ! ! ! control-plane ! ! ! ! ! ! ! ! ! ! line con 0 exec-timeout 0 0 privilege level 15 logging synchronous line aux 0 exec-timeout 0 0 privilege level 15 logging synchronous line vty 0 4 login ! ! end
PC11 Initial Configuration(Click)
set pcname PC11 ip 10.1.11.11 10.1.11.250 24
PC12 Initial Configuration(Click)
set pcname PC12 ip 10.1.12.12 10.1.12.250 24
PC21 Initial Configuration(Click)
set pcname PC21 ip 10.1.21.21 10.1.21.251 24
PC120 Initial Configuration(Click)
# This the configuration for PC120 set pcname PC120 ip 10.2.11.120 255.255.255.0 10.2.11.251
PC130 Initial Configuration(Click)
# This the configuration for PC130 set pcname PC130 ip 10.3.11.130 255.255.255.0 10.3.11.251
SFSW Initial Configuration(Click)
! ! version 12.4 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption no service dhcp ! hostname SFSW ! boot-start-marker boot-end-marker ! ! no aaa new-model memory-size iomem 5 no ip routing no ip icmp rate-limit unreachable no ip cef ! ! ! ! no ip domain lookup ! multilink bundle-name authenticated ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! vtp file nvram:vlan.dat archive log config hidekeys ! ! ! ! ip tcp synwait-time 5 ! ! ! ! interface FastEthernet0/0 description *** Unused for Layer2 EtherSwitch *** no ip address no ip route-cache shutdown duplex auto speed auto ! interface FastEthernet0/1 description *** Unused for Layer2 EtherSwitch *** no ip address no ip route-cache shutdown duplex auto speed auto ! interface FastEthernet1/0 duplex full speed 100 ! interface FastEthernet1/1 switchport access vlan 100 duplex full speed 100 spanning-tree portfast ! interface FastEthernet1/2 duplex full speed 100 ! interface FastEthernet1/3 duplex full speed 100 ! interface FastEthernet1/4 duplex full speed 100 ! interface FastEthernet1/5 duplex full speed 100 ! interface FastEthernet1/6 duplex full speed 100 ! interface FastEthernet1/7 duplex full speed 100 ! interface FastEthernet1/8 switchport access vlan 100 duplex full speed 100 ! interface FastEthernet1/9 duplex full speed 100 ! interface FastEthernet1/10 duplex full speed 100 ! interface FastEthernet1/11 duplex full speed 100 ! interface FastEthernet1/12 duplex full speed 100 ! interface FastEthernet1/13 duplex full speed 100 ! interface FastEthernet1/14 duplex full speed 100 ! interface FastEthernet1/15 duplex full speed 100 ! interface Vlan1 no ip address no ip route-cache shutdown ! ip forward-protocol nd ! ! no ip http server no ip http secure-server ! no cdp log mismatch duplex ! ! ! ! ! ! control-plane ! ! ! ! ! ! ! ! ! ! line con 0 exec-timeout 0 0 privilege level 15 logging synchronous line aux 0 exec-timeout 0 0 privilege level 15 logging synchronous line vty 0 4 login ! ! end
SRV Initial Configuration(Click)
set pcname SRV ip 10.1.100.100 10.1.100.251 24
VPN1 Initial Configuration(Click)
! ! version 12.4 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname VPN1 ! boot-start-marker boot-end-marker ! ! no aaa new-model memory-size iomem 5 no ip icmp rate-limit unreachable ! ! ip cef no ip domain lookup ! ! ip auth-proxy max-nodata-conns 3 ip admission max-nodata-conns 3 ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ip tcp synwait-time 5 ! ! ! ! ! interface Ethernet0/0 no ip address shutdown half-duplex ! interface Ethernet0/1 ip address 10.1.0.22 255.255.255.252 half-duplex ! interface Ethernet0/2 no ip address shutdown half-duplex ! interface Ethernet0/3 no ip address shutdown half-duplex ! router ospf 1 router-id 113.113.113.113 log-adjacency-changes network 10.1.0.0 0.0.255.255 area 1 ! no ip http server no ip http secure-server ! ip forward-protocol nd ! ! no cdp log mismatch duplex ! ! ! control-plane ! ! ! ! ! ! ! ! ! ! line con 0 exec-timeout 0 0 privilege level 15 logging synchronous line aux 0 exec-timeout 0 0 privilege level 15 logging synchronous line vty 0 4 login ! ! end
WAN1 Initial Configuration(Click)
! ! version 12.4 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname WAN1 ! boot-start-marker boot-end-marker ! ! no aaa new-model memory-size iomem 5 no ip icmp rate-limit unreachable ! ! ip cef no ip domain lookup ! ! ip auth-proxy max-nodata-conns 3 ip admission max-nodata-conns 3 ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ip tcp synwait-time 5 ! ! ! ! ! interface Ethernet0/0 ip address 10.0.0.1 255.255.255.0 half-duplex ! interface Ethernet0/1 ip address 10.1.0.14 255.255.255.252 half-duplex ! interface Ethernet0/2 no ip address shutdown half-duplex ! interface Ethernet0/3 no ip address shutdown half-duplex ! router ospf 1 router-id 111.111.111.111 log-adjacency-changes area 1 range 10.1.0.0 255.255.0.0 network 10.0.0.0 0.0.0.255 area 0 network 10.1.0.0 0.0.255.255 area 1 ! no ip http server no ip http secure-server ! ip forward-protocol nd ! ! no cdp log mismatch duplex ! ! ! control-plane ! ! ! ! ! ! ! ! ! ! line con 0 exec-timeout 0 0 privilege level 15 logging synchronous line aux 0 exec-timeout 0 0 privilege level 15 logging synchronous line vty 0 4 login ! ! end
WAN2 Part3 Configuration(Click)
! ! version 12.4 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname WAN2 ! boot-start-marker boot-end-marker ! ! no aaa new-model memory-size iomem 5 no ip icmp rate-limit unreachable ! ! ip cef no ip domain lookup ! ! ip auth-proxy max-nodata-conns 3 ip admission max-nodata-conns 3 ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ip tcp synwait-time 5 ! ! ! ! ! interface Ethernet0/0 ip address 10.0.0.2 255.255.255.0 half-duplex ! interface Ethernet0/1 ip address 10.2.0.2 255.255.255.252 half-duplex ! interface Ethernet0/2 no ip address shutdown half-duplex ! interface Ethernet0/3 no ip address shutdown half-duplex ! router ospf 1 router-id 121.121.121.121 log-adjacency-changes area 2 range 10.2.0.0 255.255.0.0 network 10.0.0.0 0.0.0.255 area 0 network 10.2.0.0 0.0.255.255 area 2 ! no ip http server no ip http secure-server ! ip forward-protocol nd ! ! no cdp log mismatch duplex ! ! ! control-plane ! ! ! ! ! ! ! ! ! ! line con 0 exec-timeout 0 0 privilege level 15 logging synchronous line aux 0 exec-timeout 0 0 privilege level 15 logging synchronous line vty 0 4 login ! ! end
Part4:インターネット(AS1/AS2)の構築
要件
- AS1のISP11~ISP15でLoopback0のIPアドレスを利用してIBGPネイバーを確立します。ISP15をルートリフレクタとして設定します。
- ISP15でBGPルート100.1.1.0/24、100.1.2.0/24を生成します。また、拠点1、拠点2を接続しているネットワークアドレスをBGPルートとして生成します。
- AS2のISP21とISP22でLoopback0のIPアドレスを利用してIBGPネイバーを確立します。
- 拠点3を接続しているネットワークアドレスをBGPルートして生成します。
- AS1-AS2間でEBGPネイバーを設定して、AS間のBGPルートを交換できるようにします。EBGPネイバーでは、パスワード「cisco」でネイバー認証を行います。
- AS2から100.1.1.0/24へパケットをルーティングするときには、ISP13を経由するようにします。AS2から100.1.2.0/24へパケットをルーティングするにはISP14を経由するようにします。
AS1の設定
IBGPネイバー
AS1のISP11~ISP15でIBGPネイバーを設定します。IBGPネイバーは、Loopback0のIPアドレスで確立します。各ルータのLoopback0のIPアドレスは以下の通りです。
| ルータ | Loopback0のIPアドレス |
|---|---|
| ISP11 | 192.168.0.11/32 |
| ISP12 | 192.168.0.12/32 |
| ISP13 | 192.168.0.13/32 |
| ISP14 | 192.168.0.14/32 |
| ISP15 | 192.168.0.15/32 |
これらLoopback0のIPアドレスは、AS内のOSPFでルーティング可能です。
そして、ISP15はルートリフレクタなので、ISP11~ISP14はISP15とのIBGPネイバーを設定します。
ISP11 IBGPネイバーの設定
router bgp 1 neighbor 192.168.0.15 remote-as 1 neighbor 192.168.0.15 update-source loopback0 neighbor 192.168.0.15 next-hop-self
ISP12 IBGPネイバーの設定
router bgp 1 neighbor 192.168.0.15 remote-as 1 neighbor 192.168.0.15 update-source loopback0 neighbor 192.168.0.15 next-hop-self
ISP13 IBGPネイバーの設定
router bgp 1 neighbor 192.168.0.15 remote-as 1 neighbor 192.168.0.15 update-source loopback0 neighbor 192.168.0.15 next-hop-self
ISP14 IBGPネイバーの設定
router bgp 1 neighbor 192.168.0.15 remote-as 1 neighbor 192.168.0.15 update-source loopback0 neighbor 192.168.0.15 next-hop-self
ISP15 IBGPネイバーの設定
router bgp 1 neighbor 192.168.0.11 remote-as 1 neighbor 192.168.0.11 update-source loopback0 neighbor 192.168.0.11 route-reflector-client neighbor 192.168.0.12 remote-as 1 neighbor 192.168.0.12 update-source loopback0 neighbor 192.168.0.12 route-reflector-client neighbor 192.168.0.13 remote-as 1 neighbor 192.168.0.13 update-source loopback0 neighbor 192.168.0.13 route-reflector-client neighbor 192.168.0.14 remote-as 1 neighbor 192.168.0.14 update-source loopback0 neighbor 192.168.0.14 route-reflector-client
ルートリフレクタのISP11でshow ip bgp sumamryコマンドでIBGPネイバーの状態を確認します。
ISP15 IBGPネイバーの確認 show ip bgp summary
ISP15#show ip bgp summary BGP router identifier 192.168.0.15, local AS number 1 BGP table version is 1, main routing table version 1 Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd 192.168.0.11 4 1 9 9 1 0 0 00:06:48 0 192.168.0.12 4 1 4 4 1 0 0 00:00:21 0 192.168.0.13 4 1 9 9 1 0 0 00:06:55 0 192.168.0.14 4 1 9 9 1 0 0 00:06:52 0
BGPルートの生成
ISP15でnetworkコマンドによって、BGPルート100.1.1.0/24、100.1.2.0/24を生成します。また、ISP11で拠点1のグローバルアドレスの1.1.1.0/30と1.1.1.4/30をBGPルートとして生成します。ISP12で拠点2と接続している2.2.2.0/30をBGPルートとして生成します。
ISP15 BGPルートの生成
router bgp 1 network 100.1.1.0 mask 255.255.255.0 network 100.1.2.0 mask 255.255.255.0
ISP11 BGPルートの生成
router bgp 1 network 1.1.1.0 mask 255.255.255.252 network 1.1.1.4 mask 255.255.255.252 ! ip route 1.1.1.4 255.255.255.252 1.1.1.1
ISP12 BGPルートの生成
router bgp 1 network 2.2.2.0 mask 255.255.255.252
show ip bgpコマンドでBGPテーブルを見て、BGPルートの生成を確認します。ISP15では、次のようになります。
ISP15 BGPルートの生成の確認 show ip bgp
ISP15#show ip bgp
BGP table version is 5, local router ID is 192.168.0.15
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
*>i1.1.1.0/30 192.168.0.11 0 100 0 i
*>i1.1.1.4/30 192.168.0.11 0 100 0 i
*>i2.2.2.0/30 192.168.0.12 0 100 0 i
*> 100.1.1.0/24 0.0.0.0 0 32768 i
*> 100.1.2.0/24 0.0.0.0 0 32768 i
AS2の設定
ISP21-ISP22間でIBGPネイバーを設定します。それぞれLoopback0のIPアドレスを利用します。また、ISP21では拠点3と接続している3.3.3.0/30のネットワークアドレスをBGPルートとして生成します。
| ルータ | Loopback0のIPアドレス |
|---|---|
| ISP21 | 192.168.0.21/32 |
| ISP22 | 192.168.0.22/32 |
ISP21 IBGPネイバー
router bgp 2 neighbor 192.168.0.22 remote-as 2 neighbor 192.168.0.22 update-source loopback0 neighbor 192.168.0.22 next-hop-self network 3.3.3.0 mask 255.255.255.252
ISP22 IBGPネイバー
router bgp 2 neighbor 192.168.0.21 remote-as 2 neighbor 192.168.0.21 update-source loopback0 neighbor 192.168.0.21 next-hop-self
show ip bgp summary、show ip bgpコマンドで設定が正しく行われていることを確認します。ISP22では、次のようになります。
ISP22 IBGPネイバーの確認 show ip bgps summary/show ip bgp
ISP22#show ip bgp summary
BGP router identifier 192.168.0.22, local AS number 2
BGP table version is 2, main routing table version 2
1 network entries using 117 bytes of memory
1 path entries using 52 bytes of memory
2/1 BGP path/bestpath attribute entries using 248 bytes of memory
0 BGP route-map cache entries using 0 bytes of memory
0 BGP filter-list cache entries using 0 bytes of memory
BGP using 417 total bytes of memory
BGP activity 1/0 prefixes, 1/0 paths, scan interval 60 secs
Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd
192.168.0.21 4 2 4 3 2 0 0 00:00:40 1
ISP22#show ip bgp
BGP table version is 2, local router ID is 192.168.0.22
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
*>i3.3.3.0/30 192.168.0.21 0 100 0 i
EBGPネイバーの設定
AS1-AS2間のEBGPネイバーを設定します。
ISP13 EBGPネイバー
router bgp 1 neighbor 12.12.12.2 remote-as 2 neighbor 12.12.12.2 password cisco
ISP14 EBGPネイバー
router bgp 1 neighbor 12.12.12.6 remote-as 2 neighbor 12.12.12.6 password cisco
ISP22 EBGPネイバー
router bgp 2 neighbor 12.12.12.1 remote-as 1 neighbor 12.12.12.1 password cisco neighbor 12.12.12.5 remote-as 1 neighbor 12.12.12.5 password cisco
show ip bgp summaryコマンドでEBGPネイバーを確認します。また、show ip bgpでお互いのASのルート情報がBGPテーブルに登録されていることを確認します。ISP22では、以下のようになります。
ISP22 EBGPネイバーの確認 show ip bgp summary/show ip bgp
ISP22#show ip bgp summary
BGP router identifier 192.168.0.22, local AS number 2
BGP table version is 6, main routing table version 6
5 network entries using 585 bytes of memory
9 path entries using 468 bytes of memory
3/2 BGP path/bestpath attribute entries using 372 bytes of memory
1 BGP AS-PATH entries using 24 bytes of memory
0 BGP route-map cache entries using 0 bytes of memory
0 BGP filter-list cache entries using 0 bytes of memory
BGP using 1449 total bytes of memory
BGP activity 5/0 prefixes, 9/0 paths, scan interval 60 secs
Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd
12.12.12.1 4 1 6 7 6 0 0 00:01:09 4
12.12.12.5 4 1 8 7 6 0 0 00:01:04 4
192.168.0.21 4 2 13 13 6 0 0 00:09:38 1
ISP22#show ip bgp
BGP table version is 6, local router ID is 192.168.0.22
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
* 1.1.1.0/30 12.12.12.5 0 1 i
*> 12.12.12.1 0 1 i
* 2.2.2.0/30 12.12.12.5 0 1 i
*> 12.12.12.1 0 1 i
*>i3.3.3.0/30 192.168.0.21 0 100 0 i
* 100.1.1.0/24 12.12.12.5 0 1 i
*> 12.12.12.1 0 1 i
* 100.1.2.0/24 12.12.12.5 0 1 i
*> 12.12.12.1 0 1 i
ポリシーベースルーティングの設定
AS2からAS1の100.1.1.0/24へパケットをルーティングするときにISP13を経由させます。ISP22では、ISP13から100.1.1.0/24を受信するときに、LOCAL_PREFを大きくします。
また、AS2からAS1の100.1.2.0/24へパケットをルーティングするときにISP14を経由させます。ISP22では、ISP14から100.1.2.0/24を受信するときに、LOCAL_PREFを大きくします。
ISP22 ポリシーベースルーティングの設定
access-list 1 permit 100.1.1.0 access-list 2 permit 100.1.2.0 ! route-map From_ISP13 permit 10 match ip address 1 set local-pref 150 route-map From_ISP13 permit 100 ! route-map From_ISP14 permit 10 match ip address 2 set local-pref 150 route-map From_ISP14 permit 100 ! router bgp 2 neighbor 12.12.12.1 route-map From_ISP13 in neighbor 12.12.12.5 route-map From_ISP14 in
ルートマップを設定したあと、反映させるにはISP22でclear ip bgp * inコマンドでBGPルートを再度受信します。show ip bgpコマンドでBGPテーブルを見て、ベストパスが意図した通りに選択されていることを確認します。
ISP22 ポリシーベースルーティングの確認
ISP22#show ip bgp
BGP table version is 8, local router ID is 192.168.0.22
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
* 1.1.1.0/30 12.12.12.5 0 1 i
*> 12.12.12.1 0 1 i
* 2.2.2.0/30 12.12.12.5 0 1 i
*> 12.12.12.1 0 1 i
*>i3.3.3.0/30 192.168.0.21 0 100 0 i
* 100.1.1.0/24 12.12.12.5 0 1 i
*> 12.12.12.1 150 0 1 i
*> 100.1.2.0/24 12.12.12.5 150 0 1 i
* 12.12.12.1 0 1 i
Part4 インターネット(AS1/AS2)の構築 完了の設定ファイル
ASW11 Part4 Configuration(Click)
! ! version 12.4 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption no service dhcp ! hostname ASW11 ! boot-start-marker boot-end-marker ! ! no aaa new-model memory-size iomem 5 no ip routing no ip icmp rate-limit unreachable no ip cef ! ! ! ! no ip domain lookup ! multilink bundle-name authenticated ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! vtp file nvram:vlan.dat archive log config hidekeys ! ! ! ! ip tcp synwait-time 5 ! ! ! ! interface FastEthernet0/0 description *** Unused for Layer2 EtherSwitch *** no ip address no ip route-cache shutdown duplex auto speed auto ! interface FastEthernet0/1 description *** Unused for Layer2 EtherSwitch *** no ip address no ip route-cache shutdown duplex auto speed auto ! interface FastEthernet1/0 duplex full speed 100 ! interface FastEthernet1/1 switchport access vlan 11 duplex full speed 100 spanning-tree portfast ! interface FastEthernet1/2 switchport access vlan 12 duplex full speed 100 spanning-tree portfast ! interface FastEthernet1/3 duplex full speed 100 ! interface FastEthernet1/4 duplex full speed 100 ! interface FastEthernet1/5 duplex full speed 100 ! interface FastEthernet1/6 duplex full speed 100 ! interface FastEthernet1/7 duplex full speed 100 ! interface FastEthernet1/8 switchport mode trunk duplex full speed 100 ! interface FastEthernet1/9 switchport mode trunk duplex full speed 100 ! interface FastEthernet1/10 duplex full speed 100 ! interface FastEthernet1/11 duplex full speed 100 ! interface FastEthernet1/12 duplex full speed 100 ! interface FastEthernet1/13 duplex full speed 100 ! interface FastEthernet1/14 duplex full speed 100 ! interface FastEthernet1/15 duplex full speed 100 ! interface Vlan1 no ip address no ip route-cache shutdown ! ip forward-protocol nd ! ! no ip http server no ip http secure-server ! no cdp log mismatch duplex ! ! ! ! ! ! control-plane ! ! ! ! ! ! ! ! ! ! line con 0 exec-timeout 0 0 privilege level 15 logging synchronous line aux 0 exec-timeout 0 0 privilege level 15 logging synchronous line vty 0 4 login ! ! end
ASW21 Part4 Configuration(Click)
! ! version 12.4 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption no service dhcp ! hostname ASW21 ! boot-start-marker boot-end-marker ! ! no aaa new-model memory-size iomem 5 no ip routing no ip icmp rate-limit unreachable no ip cef ! ! ! ! no ip domain lookup ! multilink bundle-name authenticated ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! vtp file nvram:vlan.dat archive log config hidekeys ! ! ! ! ip tcp synwait-time 5 ! ! ! ! interface FastEthernet0/0 description *** Unused for Layer2 EtherSwitch *** no ip address no ip route-cache shutdown duplex auto speed auto ! interface FastEthernet0/1 description *** Unused for Layer2 EtherSwitch *** no ip address no ip route-cache shutdown duplex auto speed auto ! interface FastEthernet1/0 duplex full speed 100 ! interface FastEthernet1/1 switchport access vlan 21 duplex full speed 100 spanning-tree portfast ! interface FastEthernet1/2 duplex full speed 100 ! interface FastEthernet1/3 duplex full speed 100 ! interface FastEthernet1/4 duplex full speed 100 ! interface FastEthernet1/5 duplex full speed 100 ! interface FastEthernet1/6 duplex full speed 100 ! interface FastEthernet1/7 duplex full speed 100 ! interface FastEthernet1/8 switchport mode trunk duplex full speed 100 ! interface FastEthernet1/9 duplex full speed 100 ! interface FastEthernet1/10 duplex full speed 100 ! interface FastEthernet1/11 duplex full speed 100 ! interface FastEthernet1/12 duplex full speed 100 ! interface FastEthernet1/13 duplex full speed 100 ! interface FastEthernet1/14 duplex full speed 100 ! interface FastEthernet1/15 duplex full speed 100 ! interface Vlan1 no ip address no ip route-cache shutdown ! ip forward-protocol nd ! ! no ip http server no ip http secure-server ! no cdp log mismatch duplex ! ! ! ! ! ! control-plane ! ! ! ! ! ! ! ! ! ! line con 0 exec-timeout 0 0 privilege level 15 logging synchronous line aux 0 exec-timeout 0 0 privilege level 15 logging synchronous line vty 0 4 login ! ! end
BBSW Part4 Configuration(Click)
! ! version 12.4 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption no service dhcp ! hostname BBSW ! boot-start-marker boot-end-marker ! ! no aaa new-model memory-size iomem 5 no ip icmp rate-limit unreachable ip cef ! ! ! ! no ip domain lookup ! multilink bundle-name authenticated ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! vtp file nvram:vlan.dat archive log config hidekeys ! ! ! vlan internal allocation policy ascending ! ip tcp synwait-time 5 ! ! ! ! interface FastEthernet0/0 description *** Unused for Layer2 EtherSwitch *** no ip address shutdown duplex auto speed auto ! interface FastEthernet0/1 description *** Unused for Layer2 EtherSwitch *** no ip address shutdown duplex auto speed auto ! interface FastEthernet1/0 duplex full speed 100 ! interface FastEthernet1/1 no switchport ip address 10.1.0.1 255.255.255.252 duplex full speed 100 ! interface FastEthernet1/2 no switchport ip address 10.1.0.5 255.255.255.252 duplex full speed 100 ! interface FastEthernet1/3 switchport access vlan 100 duplex full speed 100 ! interface FastEthernet1/4 no switchport ip address 10.1.0.9 255.255.255.252 duplex full speed 100 ! interface FastEthernet1/5 duplex full speed 100 ! interface FastEthernet1/6 duplex full speed 100 ! interface FastEthernet1/7 duplex full speed 100 ! interface FastEthernet1/8 duplex full speed 100 ! interface FastEthernet1/9 duplex full speed 100 ! interface FastEthernet1/10 duplex full speed 100 ! interface FastEthernet1/11 no switchport ip address 10.1.0.13 255.255.255.252 duplex full speed 100 ! interface FastEthernet1/12 no switchport ip address 10.1.0.17 255.255.255.252 duplex full speed 100 ! interface FastEthernet1/13 no switchport ip address 10.1.0.21 255.255.255.252 duplex full speed 100 ! interface FastEthernet1/14 duplex full speed 100 ! interface FastEthernet1/15 duplex full speed 100 ! interface Vlan1 no ip address shutdown ! interface Vlan100 ip address 10.1.100.251 255.255.255.0 ! router ospf 1 router-id 100.100.100.100 log-adjacency-changes network 10.1.0.0 0.0.255.255 area 1 ! ip forward-protocol nd ! ! no ip http server no ip http secure-server ! no cdp log mismatch duplex ! ! ! ! ! ! control-plane ! ! ! ! ! ! ! ! ! ! line con 0 exec-timeout 0 0 privilege level 15 logging synchronous line aux 0 exec-timeout 0 0 privilege level 15 logging synchronous line vty 0 4 login ! ! end
DSW11 Part4 Configuration(Click)
! ! version 12.4 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption no service dhcp ! hostname DSW11 ! boot-start-marker boot-end-marker ! ! no aaa new-model memory-size iomem 5 no ip icmp rate-limit unreachable ip cef ! ! ! ! no ip domain lookup ! multilink bundle-name authenticated ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! vtp file nvram:vlan.dat archive log config hidekeys ! ! ! vlan internal allocation policy ascending ! ip tcp synwait-time 5 ! ! ! ! ! interface Port-channel1 ! interface FastEthernet0/0 description *** Unused for Layer2 EtherSwitch *** no ip address shutdown duplex auto speed auto ! interface FastEthernet0/1 description *** Unused for Layer2 EtherSwitch *** no ip address shutdown duplex auto speed auto ! interface FastEthernet1/0 duplex full speed 100 ! interface FastEthernet1/1 no switchport ip address 10.1.0.2 255.255.255.252 duplex full speed 100 ! interface FastEthernet1/2 duplex full speed 100 ! interface FastEthernet1/3 duplex full speed 100 ! interface FastEthernet1/4 duplex full speed 100 ! interface FastEthernet1/5 duplex full speed 100 ! interface FastEthernet1/6 duplex full speed 100 ! interface FastEthernet1/7 duplex full speed 100 ! interface FastEthernet1/8 switchport mode trunk duplex full speed 100 ! interface FastEthernet1/9 duplex full speed 100 ! interface FastEthernet1/10 duplex full speed 100 ! interface FastEthernet1/11 duplex full speed 100 ! interface FastEthernet1/12 duplex full speed 100 ! interface FastEthernet1/13 duplex full speed 100 ! interface FastEthernet1/14 duplex full speed 100 ! interface FastEthernet1/15 duplex full speed 100 ! interface Vlan1 no ip address shutdown ! interface Vlan11 ip address 10.1.11.251 255.255.255.0 standby 11 ip 10.1.11.250 standby 11 priority 110 standby 11 preempt standby 11 track FastEthernet1/1 20 ! interface Vlan12 ip address 10.1.12.251 255.255.255.0 standby 12 ip 10.1.12.250 standby 12 preempt ! router ospf 1 router-id 11.11.11.11 log-adjacency-changes network 10.1.0.0 0.0.255.255 area 1 ! ip forward-protocol nd ! ! no ip http server no ip http secure-server ! no cdp log mismatch duplex ! ! ! ! ! ! control-plane ! ! ! ! ! ! ! ! ! ! line con 0 exec-timeout 0 0 privilege level 15 logging synchronous line aux 0 exec-timeout 0 0 privilege level 15 logging synchronous line vty 0 4 login ! ! end
DSW12 Part4 Configuration(Click)
! ! version 12.4 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption no service dhcp ! hostname DSW12 ! boot-start-marker boot-end-marker ! ! no aaa new-model memory-size iomem 5 no ip icmp rate-limit unreachable ip cef ! ! ! ! no ip domain lookup ! multilink bundle-name authenticated ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! vtp file nvram:vlan.dat archive log config hidekeys ! ! ! vlan internal allocation policy ascending ! ip tcp synwait-time 5 ! ! ! ! ! interface FastEthernet0/0 description *** Unused for Layer2 EtherSwitch *** no ip address shutdown duplex auto speed auto ! interface FastEthernet0/1 description *** Unused for Layer2 EtherSwitch *** no ip address shutdown duplex auto speed auto ! interface FastEthernet1/0 duplex full speed 100 ! interface FastEthernet1/1 no switchport ip address 10.1.0.6 255.255.255.252 duplex full speed 100 ! interface FastEthernet1/2 duplex full speed 100 ! interface FastEthernet1/3 duplex full speed 100 ! interface FastEthernet1/4 duplex full speed 100 ! interface FastEthernet1/5 duplex full speed 100 ! interface FastEthernet1/6 duplex full speed 100 ! interface FastEthernet1/7 duplex full speed 100 ! interface FastEthernet1/8 duplex full speed 100 ! interface FastEthernet1/9 switchport mode trunk duplex full speed 100 ! interface FastEthernet1/10 duplex full speed 100 ! interface FastEthernet1/11 duplex full speed 100 ! interface FastEthernet1/12 duplex full speed 100 ! interface FastEthernet1/13 duplex full speed 100 ! interface FastEthernet1/14 duplex full speed 100 ! interface FastEthernet1/15 duplex full speed 100 ! interface Vlan1 no ip address shutdown ! interface Vlan11 ip address 10.1.11.252 255.255.255.0 standby 11 ip 10.1.11.250 standby 11 preempt ! interface Vlan12 ip address 10.1.12.252 255.255.255.0 standby 12 ip 10.1.12.250 standby 12 priority 110 standby 12 preempt standby 12 track FastEthernet1/1 20 ! router ospf 1 router-id 12.12.12.12 log-adjacency-changes network 10.1.0.0 0.0.255.255 area 1 ! ip forward-protocol nd ! ! no ip http server no ip http secure-server ! no cdp log mismatch duplex ! ! ! ! ! ! control-plane ! ! ! ! ! ! ! ! ! ! line con 0 exec-timeout 0 0 privilege level 15 logging synchronous line aux 0 exec-timeout 0 0 privilege level 15 logging synchronous line vty 0 4 login ! ! end
DSW21 Part4 Configuration(Click)
! ! version 12.4 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption no service dhcp ! hostname DSW21 ! boot-start-marker boot-end-marker ! ! no aaa new-model memory-size iomem 5 no ip icmp rate-limit unreachable ip cef ! ! ! ! no ip domain lookup ! multilink bundle-name authenticated ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! vtp file nvram:vlan.dat archive log config hidekeys ! ! ! vlan internal allocation policy ascending ! ip tcp synwait-time 5 ! ! ! ! interface FastEthernet0/0 description *** Unused for Layer2 EtherSwitch *** no ip address shutdown duplex auto speed auto ! interface FastEthernet0/1 description *** Unused for Layer2 EtherSwitch *** no ip address shutdown duplex auto speed auto ! interface FastEthernet1/0 duplex full speed 100 ! interface FastEthernet1/1 no switchport ip address 10.1.0.10 255.255.255.252 duplex full speed 100 ! interface FastEthernet1/2 duplex full speed 100 ! interface FastEthernet1/3 duplex full speed 100 ! interface FastEthernet1/4 duplex full speed 100 ! interface FastEthernet1/5 duplex full speed 100 ! interface FastEthernet1/6 duplex full speed 100 ! interface FastEthernet1/7 duplex full speed 100 ! interface FastEthernet1/8 switchport mode trunk duplex full speed 100 ! interface FastEthernet1/9 duplex full speed 100 ! interface FastEthernet1/10 duplex full speed 100 ! interface FastEthernet1/11 duplex full speed 100 ! interface FastEthernet1/12 duplex full speed 100 ! interface FastEthernet1/13 duplex full speed 100 ! interface FastEthernet1/14 duplex full speed 100 ! interface FastEthernet1/15 duplex full speed 100 ! interface Vlan1 no ip address shutdown ! interface Vlan21 ip address 10.1.21.251 255.255.255.0 ! router ospf 1 router-id 21.21.21.21 log-adjacency-changes network 10.1.0.0 0.0.255.255 area 1 ! ip forward-protocol nd ! ! no ip http server no ip http secure-server ! no cdp log mismatch duplex ! ! ! ! ! ! control-plane ! ! ! ! ! ! ! ! ! ! line con 0 exec-timeout 0 0 privilege level 15 logging synchronous line aux 0 exec-timeout 0 0 privilege level 15 logging synchronous line vty 0 4 login ! ! end
DSW120 Part4 Configuration(Click)
! ! version 12.4 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption no service dhcp ! hostname DSW120 ! boot-start-marker boot-end-marker ! ! no aaa new-model memory-size iomem 5 no ip icmp rate-limit unreachable ip cef ! ! ! ! no ip domain lookup ! multilink bundle-name authenticated ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! vtp file nvram:vlan.dat archive log config hidekeys ! ! ! vlan internal allocation policy ascending ! ip tcp synwait-time 5 ! ! ! ! interface FastEthernet0/0 description *** Unused for Layer2 EtherSwitch *** no ip address shutdown duplex auto speed auto ! interface FastEthernet0/1 description *** Unused for Layer2 EtherSwitch *** no ip address shutdown duplex auto speed auto ! interface FastEthernet1/0 duplex full speed 100 ! interface FastEthernet1/1 switchport access vlan 11 duplex full speed 100 spanning-tree portfast ! interface FastEthernet1/2 duplex full speed 100 ! interface FastEthernet1/3 duplex full speed 100 ! interface FastEthernet1/4 duplex full speed 100 ! interface FastEthernet1/5 duplex full speed 100 ! interface FastEthernet1/6 duplex full speed 100 ! interface FastEthernet1/7 duplex full speed 100 ! interface FastEthernet1/8 duplex full speed 100 ! interface FastEthernet1/9 duplex full speed 100 ! interface FastEthernet1/10 duplex full speed 100 ! interface FastEthernet1/11 no switchport ip address 10.2.0.1 255.255.255.252 duplex full speed 100 ! interface FastEthernet1/12 no switchport ip address 10.2.0.5 255.255.255.252 duplex full speed 100 ! interface FastEthernet1/13 duplex full speed 100 ! interface FastEthernet1/14 duplex full speed 100 ! interface FastEthernet1/15 duplex full speed 100 ! interface Vlan1 no ip address shutdown ! interface Vlan11 ip address 10.2.11.251 255.255.255.0 ! router ospf 1 router-id 120.120.120.120 log-adjacency-changes network 10.2.0.0 0.0.255.255 area 2 ! ip forward-protocol nd ! ! no ip http server no ip http secure-server ! no cdp log mismatch duplex ! ! ! ! ! ! control-plane ! ! ! ! ! ! ! ! ! ! line con 0 exec-timeout 0 0 privilege level 15 logging synchronous line aux 0 exec-timeout 0 0 privilege level 15 logging synchronous line vty 0 4 login ! ! end
INET1 Part4 Configuration(Click)
! ! version 12.4 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname INET1 ! boot-start-marker boot-end-marker ! ! no aaa new-model memory-size iomem 5 no ip icmp rate-limit unreachable ! ! ip cef no ip domain lookup ! ! ip auth-proxy max-nodata-conns 3 ip admission max-nodata-conns 3 ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ip tcp synwait-time 5 ! ! ! ! ! interface Ethernet0/0 no ip address shutdown half-duplex ! interface Ethernet0/1 ip address 10.1.0.18 255.255.255.252 half-duplex ! interface Ethernet0/2 no ip address shutdown half-duplex ! interface Ethernet0/3 no ip address shutdown half-duplex ! router ospf 1 router-id 112.112.112.112 log-adjacency-changes network 10.1.0.0 0.0.255.255 area 1 ! no ip http server no ip http secure-server ! ip forward-protocol nd ! ! no cdp log mismatch duplex ! ! ! control-plane ! ! ! ! ! ! ! ! ! ! line con 0 exec-timeout 0 0 privilege level 15 logging synchronous line aux 0 exec-timeout 0 0 privilege level 15 logging synchronous line vty 0 4 login ! ! end
INET2 Part4 Configuration(Click)
! ! version 12.4 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname INET2 ! boot-start-marker boot-end-marker ! ! no aaa new-model memory-size iomem 5 no ip icmp rate-limit unreachable ! ! ip cef no ip domain lookup ! ! ip auth-proxy max-nodata-conns 3 ip admission max-nodata-conns 3 ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ip tcp synwait-time 5 ! ! ! ! ! interface Ethernet0/0 no ip address shutdown half-duplex ! interface Ethernet0/1 ip address 10.2.0.6 255.255.255.252 half-duplex ! interface Ethernet0/2 no ip address shutdown half-duplex ! interface Ethernet0/3 no ip address shutdown half-duplex ! router ospf 1 router-id 122.122.122.122 log-adjacency-changes network 10.2.0.0 0.0.255.255 area 2 ! no ip http server no ip http secure-server ! ip forward-protocol nd ! ! no cdp log mismatch duplex ! ! ! control-plane ! ! ! ! ! ! ! ! ! ! line con 0 exec-timeout 0 0 privilege level 15 logging synchronous line aux 0 exec-timeout 0 0 privilege level 15 logging synchronous line vty 0 4 login ! ! end
INET3 Part4 Configuration(Click)
! ! version 12.4 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname INET3 ! boot-start-marker boot-end-marker ! ! no aaa new-model memory-size iomem 5 no ip icmp rate-limit unreachable ! ! ip cef no ip domain lookup ! ! ip auth-proxy max-nodata-conns 3 ip admission max-nodata-conns 3 ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ip tcp synwait-time 5 ! ! ! ! ! interface Ethernet0/0 no ip address shutdown half-duplex ! interface Ethernet0/1 ip address 10.3.11.251 255.255.255.0 half-duplex ! interface Ethernet0/2 no ip address shutdown half-duplex ! interface Ethernet0/3 no ip address shutdown half-duplex ! no ip http server no ip http secure-server ! ip forward-protocol nd ! ! no cdp log mismatch duplex ! ! ! control-plane ! ! ! ! ! ! ! ! ! ! line con 0 exec-timeout 0 0 privilege level 15 logging synchronous line aux 0 exec-timeout 0 0 privilege level 15 logging synchronous line vty 0 4 login ! ! end
ISP11 Part4 Configuration(Click)
! ! version 12.4 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname ISP11 ! boot-start-marker boot-end-marker ! ! no aaa new-model memory-size iomem 5 no ip icmp rate-limit unreachable ! ! ip cef no ip domain lookup ! ! ip auth-proxy max-nodata-conns 3 ip admission max-nodata-conns 3 ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ip tcp synwait-time 5 ! ! ! ! ! interface Loopback0 ip address 192.168.0.11 255.255.255.255 ip ospf network point-to-point ! interface Ethernet0/0 ip address 1.1.1.2 255.255.255.252 half-duplex ! interface Ethernet0/1 ip address 192.168.15.1 255.255.255.0 half-duplex ! interface Ethernet0/2 no ip address shutdown half-duplex ! interface Ethernet0/3 no ip address shutdown half-duplex ! router ospf 1 router-id 11.11.11.11 log-adjacency-changes network 192.168.0.0 0.0.255.255 area 0 ! router bgp 1 no synchronization bgp log-neighbor-changes network 1.1.1.0 mask 255.255.255.252 neighbor 192.168.0.15 remote-as 1 neighbor 192.168.0.15 update-source Loopback0 neighbor 192.168.0.15 next-hop-self no auto-summary ! no ip http server no ip http secure-server ! ip forward-protocol nd ! ! no cdp log mismatch duplex ! ! ! control-plane ! ! ! ! ! ! ! ! ! ! line con 0 exec-timeout 0 0 privilege level 15 logging synchronous line aux 0 exec-timeout 0 0 privilege level 15 logging synchronous line vty 0 4 login ! ! end
ISP12 Part4 Configuration(Click)
! ! version 12.4 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname ISP12 ! boot-start-marker boot-end-marker ! ! no aaa new-model memory-size iomem 5 no ip icmp rate-limit unreachable ! ! ip cef no ip domain lookup ! ! ip auth-proxy max-nodata-conns 3 ip admission max-nodata-conns 3 ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ip tcp synwait-time 5 ! ! ! ! ! interface Loopback0 ip address 192.168.0.12 255.255.255.255 ! interface Ethernet0/0 ip address 2.2.2.2 255.255.255.252 half-duplex ! interface Ethernet0/1 ip address 192.168.25.2 255.255.255.0 half-duplex ! interface Ethernet0/2 no ip address shutdown half-duplex ! interface Ethernet0/3 no ip address shutdown half-duplex ! router ospf 1 router-id 12.12.12.12 log-adjacency-changes network 192.168.0.0 0.0.255.255 area 0 ! router bgp 1 no synchronization bgp log-neighbor-changes network 2.2.2.0 mask 255.255.255.252 neighbor 192.168.0.15 remote-as 1 neighbor 192.168.0.15 update-source Loopback0 neighbor 192.168.0.15 next-hop-self no auto-summary ! no ip http server no ip http secure-server ! ip forward-protocol nd ! ! no cdp log mismatch duplex ! ! ! control-plane ! ! ! ! ! ! ! ! ! ! line con 0 exec-timeout 0 0 privilege level 15 logging synchronous line aux 0 exec-timeout 0 0 privilege level 15 logging synchronous line vty 0 4 login ! ! end
ISP13 Part4 Configuration(Click)
! ! version 12.4 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname ISP13 ! boot-start-marker boot-end-marker ! ! no aaa new-model memory-size iomem 5 no ip icmp rate-limit unreachable ! ! ip cef no ip domain lookup ! ! ip auth-proxy max-nodata-conns 3 ip admission max-nodata-conns 3 ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ip tcp synwait-time 5 ! ! ! ! ! interface Loopback0 ip address 192.168.0.13 255.255.255.255 ip ospf network point-to-point ! interface Ethernet0/0 ip address 12.12.12.1 255.255.255.252 half-duplex ! interface Ethernet0/1 ip address 192.168.35.3 255.255.255.0 half-duplex ! interface Ethernet0/2 no ip address shutdown half-duplex ! interface Ethernet0/3 no ip address shutdown half-duplex ! router ospf 1 router-id 13.13.13.13 log-adjacency-changes network 192.168.0.0 0.0.255.255 area 0 ! router bgp 1 no synchronization bgp log-neighbor-changes neighbor 12.12.12.2 remote-as 2 neighbor 12.12.12.2 password cisco neighbor 192.168.0.15 remote-as 1 neighbor 192.168.0.15 update-source Loopback0 neighbor 192.168.0.15 next-hop-self no auto-summary ! no ip http server no ip http secure-server ! ip forward-protocol nd ! ! no cdp log mismatch duplex ! ! ! control-plane ! ! ! ! ! ! ! ! ! ! line con 0 exec-timeout 0 0 privilege level 15 logging synchronous line aux 0 exec-timeout 0 0 privilege level 15 logging synchronous line vty 0 4 login ! ! end
ISP14 Part4 Configuration(Click)
! ! version 12.4 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname ISP14 ! boot-start-marker boot-end-marker ! ! no aaa new-model memory-size iomem 5 no ip icmp rate-limit unreachable ! ! ip cef no ip domain lookup ! ! ip auth-proxy max-nodata-conns 3 ip admission max-nodata-conns 3 ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ip tcp synwait-time 5 ! ! ! ! ! interface Loopback0 ip address 192.168.0.14 255.255.255.255 ! interface Ethernet0/0 ip address 12.12.12.5 255.255.255.252 half-duplex ! interface Ethernet0/1 ip address 192.168.45.4 255.255.255.0 half-duplex ! interface Ethernet0/2 no ip address shutdown half-duplex ! interface Ethernet0/3 no ip address shutdown half-duplex ! router ospf 1 router-id 14.14.14.14 log-adjacency-changes network 192.168.0.0 0.0.255.255 area 0 ! router bgp 1 no synchronization bgp log-neighbor-changes neighbor 12.12.12.6 remote-as 2 neighbor 12.12.12.6 password cisco neighbor 192.168.0.15 remote-as 1 neighbor 192.168.0.15 update-source Loopback0 neighbor 192.168.0.15 next-hop-self no auto-summary ! no ip http server no ip http secure-server ! ip forward-protocol nd ! ! no cdp log mismatch duplex ! ! ! control-plane ! ! ! ! ! ! ! ! ! ! line con 0 exec-timeout 0 0 privilege level 15 logging synchronous line aux 0 exec-timeout 0 0 privilege level 15 logging synchronous line vty 0 4 login ! ! end
ISP15 Part4 Configuration(Click)
! ! version 12.4 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname ISP15 ! boot-start-marker boot-end-marker ! ! no aaa new-model memory-size iomem 5 no ip icmp rate-limit unreachable ! ! ip cef no ip domain lookup ! ! ip auth-proxy max-nodata-conns 3 ip admission max-nodata-conns 3 ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ip tcp synwait-time 5 ! ! ! ! ! interface Loopback0 ip address 192.168.0.15 255.255.255.255 ! interface Loopback1 ip address 100.1.2.15 255.255.255.0 secondary ip address 100.1.1.15 255.255.255.0 ip ospf network point-to-point ! interface Ethernet0/0 ip address 192.168.15.5 255.255.255.0 half-duplex ! interface Ethernet0/1 ip address 192.168.25.5 255.255.255.0 half-duplex ! interface Ethernet0/2 ip address 192.168.35.5 255.255.255.0 half-duplex ! interface Ethernet0/3 ip address 192.168.45.5 255.255.255.0 half-duplex ! router ospf 1 router-id 15.15.15.15 log-adjacency-changes network 192.168.0.0 0.0.255.255 area 0 ! router bgp 1 no synchronization bgp log-neighbor-changes network 100.1.1.0 mask 255.255.255.0 network 100.1.2.0 mask 255.255.255.0 neighbor 192.168.0.11 remote-as 1 neighbor 192.168.0.11 update-source Loopback0 neighbor 192.168.0.11 route-reflector-client neighbor 192.168.0.12 remote-as 1 neighbor 192.168.0.12 update-source Loopback0 neighbor 192.168.0.12 route-reflector-client neighbor 192.168.0.13 remote-as 1 neighbor 192.168.0.13 update-source Loopback0 neighbor 192.168.0.13 route-reflector-client neighbor 192.168.0.14 remote-as 1 neighbor 192.168.0.14 update-source Loopback0 neighbor 192.168.0.14 route-reflector-client no auto-summary ! no ip http server no ip http secure-server ! ip forward-protocol nd ! ! no cdp log mismatch duplex ! ! ! control-plane ! ! ! ! ! ! ! ! ! ! line con 0 exec-timeout 0 0 privilege level 15 logging synchronous line aux 0 exec-timeout 0 0 privilege level 15 logging synchronous line vty 0 4 login ! ! end
ISP21 Part4 Configuration(Click)
! ! version 12.4 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname ISP21 ! boot-start-marker boot-end-marker ! ! no aaa new-model memory-size iomem 5 no ip icmp rate-limit unreachable ! ! ip cef no ip domain lookup ! ! ip auth-proxy max-nodata-conns 3 ip admission max-nodata-conns 3 ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ip tcp synwait-time 5 ! ! ! ! ! interface Loopback0 ip address 192.168.0.21 255.255.255.255 ! interface Ethernet0/0 ip address 3.3.3.2 255.255.255.252 half-duplex ! interface Ethernet0/1 ip address 192.168.12.1 255.255.255.0 half-duplex ! interface Ethernet0/2 no ip address shutdown half-duplex ! interface Ethernet0/3 no ip address shutdown half-duplex ! router ospf 1 router-id 21.21.21.21 log-adjacency-changes network 192.168.0.0 0.0.255.255 area 0 ! router bgp 2 no synchronization bgp log-neighbor-changes network 3.3.3.0 mask 255.255.255.252 neighbor 192.168.0.22 remote-as 2 neighbor 192.168.0.22 update-source Loopback0 neighbor 192.168.0.22 next-hop-self no auto-summary ! no ip http server no ip http secure-server ! ip forward-protocol nd ! ! no cdp log mismatch duplex ! ! ! control-plane ! ! ! ! ! ! ! ! ! ! line con 0 exec-timeout 0 0 privilege level 15 logging synchronous line aux 0 exec-timeout 0 0 privilege level 15 logging synchronous line vty 0 4 login ! ! end
ISP22 Part4 Configuration(Click)
! ! version 12.4 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname ISP22 ! boot-start-marker boot-end-marker ! ! no aaa new-model memory-size iomem 5 no ip icmp rate-limit unreachable ! ! ip cef no ip domain lookup ! ! ip auth-proxy max-nodata-conns 3 ip admission max-nodata-conns 3 ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ip tcp synwait-time 5 ! ! ! ! ! interface Loopback0 ip address 192.168.0.22 255.255.255.255 ! interface Ethernet0/0 ip address 12.12.12.2 255.255.255.252 half-duplex ! interface Ethernet0/1 ip address 12.12.12.6 255.255.255.252 half-duplex ! interface Ethernet0/2 ip address 192.168.12.2 255.255.255.0 half-duplex ! interface Ethernet0/3 no ip address shutdown half-duplex ! router ospf 1 router-id 22.22.22.22 log-adjacency-changes network 192.168.0.0 0.0.255.255 area 0 ! router bgp 2 no synchronization bgp log-neighbor-changes neighbor 12.12.12.1 remote-as 1 neighbor 12.12.12.1 password cisco neighbor 12.12.12.1 route-map From_ISP13 in neighbor 12.12.12.5 remote-as 1 neighbor 12.12.12.5 password cisco neighbor 12.12.12.5 route-map From_ISP14 in neighbor 192.168.0.21 remote-as 2 neighbor 192.168.0.21 update-source Loopback0 neighbor 192.168.0.21 next-hop-self no auto-summary ! no ip http server no ip http secure-server ! ip forward-protocol nd ! ! access-list 1 permit 100.1.1.0 access-list 2 permit 100.1.2.0 no cdp log mismatch duplex ! route-map From_ISP13 permit 10 match ip address 1 set local-preference 150 ! route-map From_ISP13 permit 100 ! route-map From_ISP14 permit 10 match ip address 2 set local-preference 150 ! route-map From_ISP14 permit 100 ! ! ! control-plane ! ! ! ! ! ! ! ! ! ! line con 0 exec-timeout 0 0 privilege level 15 logging synchronous line aux 0 exec-timeout 0 0 privilege level 15 logging synchronous line vty 0 4 login ! ! end
PC11 Part4 Configuration(Click)
set pcname PC11 ip 10.1.11.11 10.1.11.250 24
PC12 Part4 Configuration(Click)
set pcname PC12 ip 10.1.12.12 10.1.12.250 24
PC21 Part4 Configuration(Click)
set pcname PC21 ip 10.1.21.21 10.1.21.251 24
PC120 Part4 Configuration(Click)
# This the configuration for PC120 set pcname PC120 ip 10.2.11.120 255.255.255.0 10.2.11.251
PC130 Part4 Configuration(Click)
# This the configuration for PC130 set pcname PC130 ip 10.3.11.130 255.255.255.0 10.3.11.251
SFSW Part4 Configuration(Click)
! ! version 12.4 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption no service dhcp ! hostname SFSW ! boot-start-marker boot-end-marker ! ! no aaa new-model memory-size iomem 5 no ip routing no ip icmp rate-limit unreachable no ip cef ! ! ! ! no ip domain lookup ! multilink bundle-name authenticated ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! vtp file nvram:vlan.dat archive log config hidekeys ! ! ! ! ip tcp synwait-time 5 ! ! ! ! interface FastEthernet0/0 description *** Unused for Layer2 EtherSwitch *** no ip address no ip route-cache shutdown duplex auto speed auto ! interface FastEthernet0/1 description *** Unused for Layer2 EtherSwitch *** no ip address no ip route-cache shutdown duplex auto speed auto ! interface FastEthernet1/0 duplex full speed 100 ! interface FastEthernet1/1 switchport access vlan 100 duplex full speed 100 spanning-tree portfast ! interface FastEthernet1/2 duplex full speed 100 ! interface FastEthernet1/3 duplex full speed 100 ! interface FastEthernet1/4 duplex full speed 100 ! interface FastEthernet1/5 duplex full speed 100 ! interface FastEthernet1/6 duplex full speed 100 ! interface FastEthernet1/7 duplex full speed 100 ! interface FastEthernet1/8 switchport access vlan 100 duplex full speed 100 ! interface FastEthernet1/9 duplex full speed 100 ! interface FastEthernet1/10 duplex full speed 100 ! interface FastEthernet1/11 duplex full speed 100 ! interface FastEthernet1/12 duplex full speed 100 ! interface FastEthernet1/13 duplex full speed 100 ! interface FastEthernet1/14 duplex full speed 100 ! interface FastEthernet1/15 duplex full speed 100 ! interface Vlan1 no ip address no ip route-cache shutdown ! ip forward-protocol nd ! ! no ip http server no ip http secure-server ! no cdp log mismatch duplex ! ! ! ! ! ! control-plane ! ! ! ! ! ! ! ! ! ! line con 0 exec-timeout 0 0 privilege level 15 logging synchronous line aux 0 exec-timeout 0 0 privilege level 15 logging synchronous line vty 0 4 login ! ! end
SRV Part4 Configuration(Click)
set pcname SRV ip 10.1.100.100 10.1.100.251 24
VPN1 Part4 Configuration(Click)
! ! version 12.4 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname VPN1 ! boot-start-marker boot-end-marker ! ! no aaa new-model memory-size iomem 5 no ip icmp rate-limit unreachable ! ! ip cef no ip domain lookup ! ! ip auth-proxy max-nodata-conns 3 ip admission max-nodata-conns 3 ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ip tcp synwait-time 5 ! ! ! ! ! interface Ethernet0/0 no ip address shutdown half-duplex ! interface Ethernet0/1 ip address 10.1.0.22 255.255.255.252 half-duplex ! interface Ethernet0/2 no ip address shutdown half-duplex ! interface Ethernet0/3 no ip address shutdown half-duplex ! router ospf 1 router-id 113.113.113.113 log-adjacency-changes network 10.1.0.0 0.0.255.255 area 1 ! no ip http server no ip http secure-server ! ip forward-protocol nd ! ! no cdp log mismatch duplex ! ! ! control-plane ! ! ! ! ! ! ! ! ! ! line con 0 exec-timeout 0 0 privilege level 15 logging synchronous line aux 0 exec-timeout 0 0 privilege level 15 logging synchronous line vty 0 4 login ! ! end
WAN1 Part4 Configuration(Click)
! ! version 12.4 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname WAN1 ! boot-start-marker boot-end-marker ! ! no aaa new-model memory-size iomem 5 no ip icmp rate-limit unreachable ! ! ip cef no ip domain lookup ! ! ip auth-proxy max-nodata-conns 3 ip admission max-nodata-conns 3 ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ip tcp synwait-time 5 ! ! ! ! ! interface Ethernet0/0 ip address 10.0.0.1 255.255.255.0 half-duplex ! interface Ethernet0/1 ip address 10.1.0.14 255.255.255.252 half-duplex ! interface Ethernet0/2 no ip address shutdown half-duplex ! interface Ethernet0/3 no ip address shutdown half-duplex ! router ospf 1 router-id 111.111.111.111 log-adjacency-changes area 1 range 10.1.0.0 255.255.0.0 network 10.0.0.0 0.0.0.255 area 0 network 10.1.0.0 0.0.255.255 area 1 ! no ip http server no ip http secure-server ! ip forward-protocol nd ! ! no cdp log mismatch duplex ! ! ! control-plane ! ! ! ! ! ! ! ! ! ! line con 0 exec-timeout 0 0 privilege level 15 logging synchronous line aux 0 exec-timeout 0 0 privilege level 15 logging synchronous line vty 0 4 login ! ! end
WAN2 Part4 Configuration(Click)
! ! version 12.4 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname WAN2 ! boot-start-marker boot-end-marker ! ! no aaa new-model memory-size iomem 5 no ip icmp rate-limit unreachable ! ! ip cef no ip domain lookup ! ! ip auth-proxy max-nodata-conns 3 ip admission max-nodata-conns 3 ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ip tcp synwait-time 5 ! ! ! ! ! interface Ethernet0/0 ip address 10.0.0.2 255.255.255.0 half-duplex ! interface Ethernet0/1 ip address 10.2.0.2 255.255.255.252 half-duplex ! interface Ethernet0/2 no ip address shutdown half-duplex ! interface Ethernet0/3 no ip address shutdown half-duplex ! router ospf 1 router-id 121.121.121.121 log-adjacency-changes area 2 range 10.2.0.0 255.255.0.0 network 10.0.0.0 0.0.0.255 area 0 network 10.2.0.0 0.0.255.255 area 2 ! no ip http server no ip http secure-server ! ip forward-protocol nd ! ! no cdp log mismatch duplex ! ! ! control-plane ! ! ! ! ! ! ! ! ! ! line con 0 exec-timeout 0 0 privilege level 15 logging synchronous line aux 0 exec-timeout 0 0 privilege level 15 logging synchronous line vty 0 4 login ! ! end
関連記事
関連記事
IPルーティング応用
- DNSラウンドロビン方式の負荷分散
- 負荷分散装置(ロードバランサ)の仕組み
- ルーティングプロセス ~実行中のルーティングプロトコル用のプログラム~
- 複数のルーティングプロトコルの利用
- 再配送(再配布) ~ルーティングドメイン境界で必須の設定~
- Cisco再配送(再配布)の設定 ~redistributeコマンド~
- Cisco 再配送の設定例 ~OSPFとRIPの双方向再配送~
- 再配送 設定ミスの切り分けと修正 Part1
- 再配送 設定ミスの切り分けと修正 Part2
- 再配送 設定ミスの切り分けと修正 Part3
- 再配送 設定ミスの切り分けと修正 Part4
- 再配送 設定ミスの切り分けと修正 Part5
- 再配送 設定ミスの切り分けと修正 Part6
- オフセットリスト(offset-list) ~ルート情報のメトリックを加算~
- オフセットリストの設定例 RIP
- オフセットリストの設定例 EIGRP
- ルートフィルタの概要
- ルートフィルタのポイント
- ディストリビュートリストによるルートフィルタの設定
- Ciscoディストリビュートリストによるルートフィルタの設定例
- プレフィクスリスト(prefix-list)によるルートフィルタの設定
- Ciscoプレフィクスリストによるルートフィルタの設定例
- Ciscoルートマップ(route-map)の概要 ~何をどう処理するか~
- Ciscoルートマップの設定
- Ciscoルートマップ(route-map)設定のポイント
- Ciscoルートマップによる再配送時のルート制御の設定例
- ポリシーベースルーティングの設定例
- GREトンネルインタフェース ~仮想的なポイントツーポイント接続~
- GREトンネルインタフェースの設定例
- GREトンネルの注意点 ~フラッピングしないように~
- オーバーレイネットワークとアンダーレイネットワーク
- ルート制御 ケーススタディ Part1
- ルート制御 ケーススタディ Part2
- ルート制御 ケーススタディ Part3
- VRF/VRF-Liteの概要 ~仮想的にルータを分割する~
- VRFの設定と確認コマンド [Cisco]
- VRF-Liteによるレイヤ3VPNの設定例 [Cisco]
- VRFルートリーク(スタティックルート)
- VRFルートリーク(スタティックルート)の設定例
- VRFルートリーク(MP-BGP)
- VRFルートリーク(MP-BGP)の設定例
- [FVRFの仕組み] FVRF(Front door VRF)とは
- [FVRFの仕組み] ポイントツーポイントGREトンネル:FVRFなし
- [FVRFの仕組み] ポイントツーポイントGREトンネル : FVRFあり(tunnel vrfコマンド)
- [FVRFの仕組み] IPSec VTI : FRVRFあり
- [FVRFの仕組み] IPSec VTI : FVRFあり 設定例
- [FVRFの仕組み] DMVPN : FVRFあり
- [FVRFの仕組み] DMVPN : FVRFあり 設定例 Part1
- [FVRFの仕組み] DMVPN : FVRFあり 設定例 Part2
- tunnel vrfコマンド
- tunnel vrfコマンドの設定例
- [演習] ルーティングループの防止
- [演習] 企業ネットワーク構築演習 Part1:拠点1の構築
- [演習] 企業ネットワーク構築演習 Part2:拠点2/拠点3の構築
- [演習] 企業ネットワーク構築演習 Part3:広域イーサネットの接続
- [演習] 企業ネットワーク構築演習 Part4:インターネット(AS1/AS2)の構築
- [演習] 企業ネットワーク構築演習 Part5:インターネットへの接続
- [演習] 企業ネットワーク構築演習 Part6:インターネットVPNの構築
