目次
概要
企業の社内ネットワークを構築する総合的な演習です。以下の技術を組み合わせて企業の3つの拠点を相互接続します。拠点間の接続は広域イーサネットをプライマリとして、インターネットVPN(IPSec VTI)をバックアップにします。
- VLAN
- SVI/ルーテッドポート(レイヤ3スイッチ)
- OSPF
- HSRP
- BGP
- NAT
- IPSec-VPN(VTI)
Part5は、それぞれの拠点からインターネットへアクセスできるようにします。
Part1:拠点1の構築
Part2:拠点2/拠点3の構築
Part3:広域イーサネットの接続
Part4:インターネット(AS1/AS2)の構築
Part5:インターネットへの接続
Part6:インターネットVPNの構築
ネットワーク構成
拠点1物理構成
拠点1論理構成
拠点2/拠点3物理構成
拠点2/拠点3論理構成
インターネット物理/論理構成
インターネットVPN
初期設定
「[演習] 企業ネットワーク構築演習 Part4:インターネット(AS1/AS2)の構築」が完了した状態から開始します。
ASW11 Initial Configuration(Click)
! ! version 12.4 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption no service dhcp ! hostname ASW11 ! boot-start-marker boot-end-marker ! ! no aaa new-model memory-size iomem 5 no ip routing no ip icmp rate-limit unreachable no ip cef ! ! ! ! no ip domain lookup ! multilink bundle-name authenticated ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! vtp file nvram:vlan.dat archive log config hidekeys ! ! ! ! ip tcp synwait-time 5 ! ! ! ! interface FastEthernet0/0 description *** Unused for Layer2 EtherSwitch *** no ip address no ip route-cache shutdown duplex auto speed auto ! interface FastEthernet0/1 description *** Unused for Layer2 EtherSwitch *** no ip address no ip route-cache shutdown duplex auto speed auto ! interface FastEthernet1/0 duplex full speed 100 ! interface FastEthernet1/1 switchport access vlan 11 duplex full speed 100 spanning-tree portfast ! interface FastEthernet1/2 switchport access vlan 12 duplex full speed 100 spanning-tree portfast ! interface FastEthernet1/3 duplex full speed 100 ! interface FastEthernet1/4 duplex full speed 100 ! interface FastEthernet1/5 duplex full speed 100 ! interface FastEthernet1/6 duplex full speed 100 ! interface FastEthernet1/7 duplex full speed 100 ! interface FastEthernet1/8 switchport mode trunk duplex full speed 100 ! interface FastEthernet1/9 switchport mode trunk duplex full speed 100 ! interface FastEthernet1/10 duplex full speed 100 ! interface FastEthernet1/11 duplex full speed 100 ! interface FastEthernet1/12 duplex full speed 100 ! interface FastEthernet1/13 duplex full speed 100 ! interface FastEthernet1/14 duplex full speed 100 ! interface FastEthernet1/15 duplex full speed 100 ! interface Vlan1 no ip address no ip route-cache shutdown ! ip forward-protocol nd ! ! no ip http server no ip http secure-server ! no cdp log mismatch duplex ! ! ! ! ! ! control-plane ! ! ! ! ! ! ! ! ! ! line con 0 exec-timeout 0 0 privilege level 15 logging synchronous line aux 0 exec-timeout 0 0 privilege level 15 logging synchronous line vty 0 4 login ! ! end
ASW21 Initial Configuration(Click)
! ! version 12.4 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption no service dhcp ! hostname ASW21 ! boot-start-marker boot-end-marker ! ! no aaa new-model memory-size iomem 5 no ip routing no ip icmp rate-limit unreachable no ip cef ! ! ! ! no ip domain lookup ! multilink bundle-name authenticated ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! vtp file nvram:vlan.dat archive log config hidekeys ! ! ! ! ip tcp synwait-time 5 ! ! ! ! interface FastEthernet0/0 description *** Unused for Layer2 EtherSwitch *** no ip address no ip route-cache shutdown duplex auto speed auto ! interface FastEthernet0/1 description *** Unused for Layer2 EtherSwitch *** no ip address no ip route-cache shutdown duplex auto speed auto ! interface FastEthernet1/0 duplex full speed 100 ! interface FastEthernet1/1 switchport access vlan 21 duplex full speed 100 spanning-tree portfast ! interface FastEthernet1/2 duplex full speed 100 ! interface FastEthernet1/3 duplex full speed 100 ! interface FastEthernet1/4 duplex full speed 100 ! interface FastEthernet1/5 duplex full speed 100 ! interface FastEthernet1/6 duplex full speed 100 ! interface FastEthernet1/7 duplex full speed 100 ! interface FastEthernet1/8 switchport mode trunk duplex full speed 100 ! interface FastEthernet1/9 duplex full speed 100 ! interface FastEthernet1/10 duplex full speed 100 ! interface FastEthernet1/11 duplex full speed 100 ! interface FastEthernet1/12 duplex full speed 100 ! interface FastEthernet1/13 duplex full speed 100 ! interface FastEthernet1/14 duplex full speed 100 ! interface FastEthernet1/15 duplex full speed 100 ! interface Vlan1 no ip address no ip route-cache shutdown ! ip forward-protocol nd ! ! no ip http server no ip http secure-server ! no cdp log mismatch duplex ! ! ! ! ! ! control-plane ! ! ! ! ! ! ! ! ! ! line con 0 exec-timeout 0 0 privilege level 15 logging synchronous line aux 0 exec-timeout 0 0 privilege level 15 logging synchronous line vty 0 4 login ! ! end
BBSW Initial Configuration(Click)
! ! version 12.4 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption no service dhcp ! hostname BBSW ! boot-start-marker boot-end-marker ! ! no aaa new-model memory-size iomem 5 no ip icmp rate-limit unreachable ip cef ! ! ! ! no ip domain lookup ! multilink bundle-name authenticated ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! vtp file nvram:vlan.dat archive log config hidekeys ! ! ! vlan internal allocation policy ascending ! ip tcp synwait-time 5 ! ! ! ! interface FastEthernet0/0 description *** Unused for Layer2 EtherSwitch *** no ip address shutdown duplex auto speed auto ! interface FastEthernet0/1 description *** Unused for Layer2 EtherSwitch *** no ip address shutdown duplex auto speed auto ! interface FastEthernet1/0 duplex full speed 100 ! interface FastEthernet1/1 no switchport ip address 10.1.0.1 255.255.255.252 duplex full speed 100 ! interface FastEthernet1/2 no switchport ip address 10.1.0.5 255.255.255.252 duplex full speed 100 ! interface FastEthernet1/3 switchport access vlan 100 duplex full speed 100 ! interface FastEthernet1/4 no switchport ip address 10.1.0.9 255.255.255.252 duplex full speed 100 ! interface FastEthernet1/5 duplex full speed 100 ! interface FastEthernet1/6 duplex full speed 100 ! interface FastEthernet1/7 duplex full speed 100 ! interface FastEthernet1/8 duplex full speed 100 ! interface FastEthernet1/9 duplex full speed 100 ! interface FastEthernet1/10 duplex full speed 100 ! interface FastEthernet1/11 no switchport ip address 10.1.0.13 255.255.255.252 duplex full speed 100 ! interface FastEthernet1/12 no switchport ip address 10.1.0.17 255.255.255.252 duplex full speed 100 ! interface FastEthernet1/13 no switchport ip address 10.1.0.21 255.255.255.252 duplex full speed 100 ! interface FastEthernet1/14 duplex full speed 100 ! interface FastEthernet1/15 duplex full speed 100 ! interface Vlan1 no ip address shutdown ! interface Vlan100 ip address 10.1.100.251 255.255.255.0 ! router ospf 1 router-id 100.100.100.100 log-adjacency-changes network 10.1.0.0 0.0.255.255 area 1 ! ip forward-protocol nd ! ! no ip http server no ip http secure-server ! no cdp log mismatch duplex ! ! ! ! ! ! control-plane ! ! ! ! ! ! ! ! ! ! line con 0 exec-timeout 0 0 privilege level 15 logging synchronous line aux 0 exec-timeout 0 0 privilege level 15 logging synchronous line vty 0 4 login ! ! end
DSW11 Initial Configuration(Click)
! ! version 12.4 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption no service dhcp ! hostname DSW11 ! boot-start-marker boot-end-marker ! ! no aaa new-model memory-size iomem 5 no ip icmp rate-limit unreachable ip cef ! ! ! ! no ip domain lookup ! multilink bundle-name authenticated ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! vtp file nvram:vlan.dat archive log config hidekeys ! ! ! vlan internal allocation policy ascending ! ip tcp synwait-time 5 ! ! ! ! ! interface Port-channel1 ! interface FastEthernet0/0 description *** Unused for Layer2 EtherSwitch *** no ip address shutdown duplex auto speed auto ! interface FastEthernet0/1 description *** Unused for Layer2 EtherSwitch *** no ip address shutdown duplex auto speed auto ! interface FastEthernet1/0 duplex full speed 100 ! interface FastEthernet1/1 no switchport ip address 10.1.0.2 255.255.255.252 duplex full speed 100 ! interface FastEthernet1/2 duplex full speed 100 ! interface FastEthernet1/3 duplex full speed 100 ! interface FastEthernet1/4 duplex full speed 100 ! interface FastEthernet1/5 duplex full speed 100 ! interface FastEthernet1/6 duplex full speed 100 ! interface FastEthernet1/7 duplex full speed 100 ! interface FastEthernet1/8 switchport mode trunk duplex full speed 100 ! interface FastEthernet1/9 duplex full speed 100 ! interface FastEthernet1/10 duplex full speed 100 ! interface FastEthernet1/11 duplex full speed 100 ! interface FastEthernet1/12 duplex full speed 100 ! interface FastEthernet1/13 duplex full speed 100 ! interface FastEthernet1/14 duplex full speed 100 ! interface FastEthernet1/15 duplex full speed 100 ! interface Vlan1 no ip address shutdown ! interface Vlan11 ip address 10.1.11.251 255.255.255.0 standby 11 ip 10.1.11.250 standby 11 priority 110 standby 11 preempt standby 11 track FastEthernet1/1 20 ! interface Vlan12 ip address 10.1.12.251 255.255.255.0 standby 12 ip 10.1.12.250 standby 12 preempt ! router ospf 1 router-id 11.11.11.11 log-adjacency-changes network 10.1.0.0 0.0.255.255 area 1 ! ip forward-protocol nd ! ! no ip http server no ip http secure-server ! no cdp log mismatch duplex ! ! ! ! ! ! control-plane ! ! ! ! ! ! ! ! ! ! line con 0 exec-timeout 0 0 privilege level 15 logging synchronous line aux 0 exec-timeout 0 0 privilege level 15 logging synchronous line vty 0 4 login ! ! end
DSW12 Initial Configuration(Click)
! ! version 12.4 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption no service dhcp ! hostname DSW12 ! boot-start-marker boot-end-marker ! ! no aaa new-model memory-size iomem 5 no ip icmp rate-limit unreachable ip cef ! ! ! ! no ip domain lookup ! multilink bundle-name authenticated ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! vtp file nvram:vlan.dat archive log config hidekeys ! ! ! vlan internal allocation policy ascending ! ip tcp synwait-time 5 ! ! ! ! ! interface FastEthernet0/0 description *** Unused for Layer2 EtherSwitch *** no ip address shutdown duplex auto speed auto ! interface FastEthernet0/1 description *** Unused for Layer2 EtherSwitch *** no ip address shutdown duplex auto speed auto ! interface FastEthernet1/0 duplex full speed 100 ! interface FastEthernet1/1 no switchport ip address 10.1.0.6 255.255.255.252 duplex full speed 100 ! interface FastEthernet1/2 duplex full speed 100 ! interface FastEthernet1/3 duplex full speed 100 ! interface FastEthernet1/4 duplex full speed 100 ! interface FastEthernet1/5 duplex full speed 100 ! interface FastEthernet1/6 duplex full speed 100 ! interface FastEthernet1/7 duplex full speed 100 ! interface FastEthernet1/8 duplex full speed 100 ! interface FastEthernet1/9 switchport mode trunk duplex full speed 100 ! interface FastEthernet1/10 duplex full speed 100 ! interface FastEthernet1/11 duplex full speed 100 ! interface FastEthernet1/12 duplex full speed 100 ! interface FastEthernet1/13 duplex full speed 100 ! interface FastEthernet1/14 duplex full speed 100 ! interface FastEthernet1/15 duplex full speed 100 ! interface Vlan1 no ip address shutdown ! interface Vlan11 ip address 10.1.11.252 255.255.255.0 standby 11 ip 10.1.11.250 standby 11 preempt ! interface Vlan12 ip address 10.1.12.252 255.255.255.0 standby 12 ip 10.1.12.250 standby 12 priority 110 standby 12 preempt standby 12 track FastEthernet1/1 20 ! router ospf 1 router-id 12.12.12.12 log-adjacency-changes network 10.1.0.0 0.0.255.255 area 1 ! ip forward-protocol nd ! ! no ip http server no ip http secure-server ! no cdp log mismatch duplex ! ! ! ! ! ! control-plane ! ! ! ! ! ! ! ! ! ! line con 0 exec-timeout 0 0 privilege level 15 logging synchronous line aux 0 exec-timeout 0 0 privilege level 15 logging synchronous line vty 0 4 login ! ! end
DSW21 Initial Configuration(Click)
! ! version 12.4 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption no service dhcp ! hostname DSW21 ! boot-start-marker boot-end-marker ! ! no aaa new-model memory-size iomem 5 no ip icmp rate-limit unreachable ip cef ! ! ! ! no ip domain lookup ! multilink bundle-name authenticated ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! vtp file nvram:vlan.dat archive log config hidekeys ! ! ! vlan internal allocation policy ascending ! ip tcp synwait-time 5 ! ! ! ! interface FastEthernet0/0 description *** Unused for Layer2 EtherSwitch *** no ip address shutdown duplex auto speed auto ! interface FastEthernet0/1 description *** Unused for Layer2 EtherSwitch *** no ip address shutdown duplex auto speed auto ! interface FastEthernet1/0 duplex full speed 100 ! interface FastEthernet1/1 no switchport ip address 10.1.0.10 255.255.255.252 duplex full speed 100 ! interface FastEthernet1/2 duplex full speed 100 ! interface FastEthernet1/3 duplex full speed 100 ! interface FastEthernet1/4 duplex full speed 100 ! interface FastEthernet1/5 duplex full speed 100 ! interface FastEthernet1/6 duplex full speed 100 ! interface FastEthernet1/7 duplex full speed 100 ! interface FastEthernet1/8 switchport mode trunk duplex full speed 100 ! interface FastEthernet1/9 duplex full speed 100 ! interface FastEthernet1/10 duplex full speed 100 ! interface FastEthernet1/11 duplex full speed 100 ! interface FastEthernet1/12 duplex full speed 100 ! interface FastEthernet1/13 duplex full speed 100 ! interface FastEthernet1/14 duplex full speed 100 ! interface FastEthernet1/15 duplex full speed 100 ! interface Vlan1 no ip address shutdown ! interface Vlan21 ip address 10.1.21.251 255.255.255.0 ! router ospf 1 router-id 21.21.21.21 log-adjacency-changes network 10.1.0.0 0.0.255.255 area 1 ! ip forward-protocol nd ! ! no ip http server no ip http secure-server ! no cdp log mismatch duplex ! ! ! ! ! ! control-plane ! ! ! ! ! ! ! ! ! ! line con 0 exec-timeout 0 0 privilege level 15 logging synchronous line aux 0 exec-timeout 0 0 privilege level 15 logging synchronous line vty 0 4 login ! ! end
DSW120 Initial Configuration(Click)
! ! version 12.4 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption no service dhcp ! hostname DSW120 ! boot-start-marker boot-end-marker ! ! no aaa new-model memory-size iomem 5 no ip icmp rate-limit unreachable ip cef ! ! ! ! no ip domain lookup ! multilink bundle-name authenticated ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! vtp file nvram:vlan.dat archive log config hidekeys ! ! ! vlan internal allocation policy ascending ! ip tcp synwait-time 5 ! ! ! ! interface FastEthernet0/0 description *** Unused for Layer2 EtherSwitch *** no ip address shutdown duplex auto speed auto ! interface FastEthernet0/1 description *** Unused for Layer2 EtherSwitch *** no ip address shutdown duplex auto speed auto ! interface FastEthernet1/0 duplex full speed 100 ! interface FastEthernet1/1 switchport access vlan 11 duplex full speed 100 spanning-tree portfast ! interface FastEthernet1/2 duplex full speed 100 ! interface FastEthernet1/3 duplex full speed 100 ! interface FastEthernet1/4 duplex full speed 100 ! interface FastEthernet1/5 duplex full speed 100 ! interface FastEthernet1/6 duplex full speed 100 ! interface FastEthernet1/7 duplex full speed 100 ! interface FastEthernet1/8 duplex full speed 100 ! interface FastEthernet1/9 duplex full speed 100 ! interface FastEthernet1/10 duplex full speed 100 ! interface FastEthernet1/11 no switchport ip address 10.2.0.1 255.255.255.252 duplex full speed 100 ! interface FastEthernet1/12 no switchport ip address 10.2.0.5 255.255.255.252 duplex full speed 100 ! interface FastEthernet1/13 duplex full speed 100 ! interface FastEthernet1/14 duplex full speed 100 ! interface FastEthernet1/15 duplex full speed 100 ! interface Vlan1 no ip address shutdown ! interface Vlan11 ip address 10.2.11.251 255.255.255.0 ! router ospf 1 router-id 120.120.120.120 log-adjacency-changes network 10.2.0.0 0.0.255.255 area 2 ! ip forward-protocol nd ! ! no ip http server no ip http secure-server ! no cdp log mismatch duplex ! ! ! ! ! ! control-plane ! ! ! ! ! ! ! ! ! ! line con 0 exec-timeout 0 0 privilege level 15 logging synchronous line aux 0 exec-timeout 0 0 privilege level 15 logging synchronous line vty 0 4 login ! ! end
INET1 Initial Configuration(Click)
! ! version 12.4 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname INET1 ! boot-start-marker boot-end-marker ! ! no aaa new-model memory-size iomem 5 no ip icmp rate-limit unreachable ! ! ip cef no ip domain lookup ! ! ip auth-proxy max-nodata-conns 3 ip admission max-nodata-conns 3 ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ip tcp synwait-time 5 ! ! ! ! ! interface Ethernet0/0 no ip address shutdown half-duplex ! interface Ethernet0/1 ip address 10.1.0.18 255.255.255.252 half-duplex ! interface Ethernet0/2 no ip address shutdown half-duplex ! interface Ethernet0/3 no ip address shutdown half-duplex ! router ospf 1 router-id 112.112.112.112 log-adjacency-changes network 10.1.0.0 0.0.255.255 area 1 ! no ip http server no ip http secure-server ! ip forward-protocol nd ! ! no cdp log mismatch duplex ! ! ! control-plane ! ! ! ! ! ! ! ! ! ! line con 0 exec-timeout 0 0 privilege level 15 logging synchronous line aux 0 exec-timeout 0 0 privilege level 15 logging synchronous line vty 0 4 login ! ! end
INET2 Initial Configuration(Click)
! ! version 12.4 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname INET2 ! boot-start-marker boot-end-marker ! ! no aaa new-model memory-size iomem 5 no ip icmp rate-limit unreachable ! ! ip cef no ip domain lookup ! ! ip auth-proxy max-nodata-conns 3 ip admission max-nodata-conns 3 ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ip tcp synwait-time 5 ! ! ! ! ! interface Ethernet0/0 no ip address shutdown half-duplex ! interface Ethernet0/1 ip address 10.2.0.6 255.255.255.252 half-duplex ! interface Ethernet0/2 no ip address shutdown half-duplex ! interface Ethernet0/3 no ip address shutdown half-duplex ! router ospf 1 router-id 122.122.122.122 log-adjacency-changes network 10.2.0.0 0.0.255.255 area 2 ! no ip http server no ip http secure-server ! ip forward-protocol nd ! ! no cdp log mismatch duplex ! ! ! control-plane ! ! ! ! ! ! ! ! ! ! line con 0 exec-timeout 0 0 privilege level 15 logging synchronous line aux 0 exec-timeout 0 0 privilege level 15 logging synchronous line vty 0 4 login ! ! end
INET3 Initial Configuration(Click)
! ! version 12.4 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname INET3 ! boot-start-marker boot-end-marker ! ! no aaa new-model memory-size iomem 5 no ip icmp rate-limit unreachable ! ! ip cef no ip domain lookup ! ! ip auth-proxy max-nodata-conns 3 ip admission max-nodata-conns 3 ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ip tcp synwait-time 5 ! ! ! ! ! interface Ethernet0/0 no ip address shutdown half-duplex ! interface Ethernet0/1 ip address 10.3.11.251 255.255.255.0 half-duplex ! interface Ethernet0/2 no ip address shutdown half-duplex ! interface Ethernet0/3 no ip address shutdown half-duplex ! no ip http server no ip http secure-server ! ip forward-protocol nd ! ! no cdp log mismatch duplex ! ! ! control-plane ! ! ! ! ! ! ! ! ! ! line con 0 exec-timeout 0 0 privilege level 15 logging synchronous line aux 0 exec-timeout 0 0 privilege level 15 logging synchronous line vty 0 4 login ! ! end
ISP11 Initial Configuration(Click)
! ! version 12.4 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname ISP11 ! boot-start-marker boot-end-marker ! ! no aaa new-model memory-size iomem 5 no ip icmp rate-limit unreachable ! ! ip cef no ip domain lookup ! ! ip auth-proxy max-nodata-conns 3 ip admission max-nodata-conns 3 ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ip tcp synwait-time 5 ! ! ! ! ! interface Loopback0 ip address 192.168.0.11 255.255.255.255 ip ospf network point-to-point ! interface Ethernet0/0 ip address 1.1.1.2 255.255.255.252 half-duplex ! interface Ethernet0/1 ip address 192.168.15.1 255.255.255.0 half-duplex ! interface Ethernet0/2 no ip address shutdown half-duplex ! interface Ethernet0/3 no ip address shutdown half-duplex ! router ospf 1 router-id 11.11.11.11 log-adjacency-changes network 192.168.0.0 0.0.255.255 area 0 ! router bgp 1 no synchronization bgp log-neighbor-changes network 1.1.1.0 mask 255.255.255.252 neighbor 192.168.0.15 remote-as 1 neighbor 192.168.0.15 update-source Loopback0 neighbor 192.168.0.15 next-hop-self no auto-summary ! no ip http server no ip http secure-server ! ip forward-protocol nd ! ! no cdp log mismatch duplex ! ! ! control-plane ! ! ! ! ! ! ! ! ! ! line con 0 exec-timeout 0 0 privilege level 15 logging synchronous line aux 0 exec-timeout 0 0 privilege level 15 logging synchronous line vty 0 4 login ! ! end
ISP12 Initial Configuration(Click)
! ! version 12.4 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname ISP12 ! boot-start-marker boot-end-marker ! ! no aaa new-model memory-size iomem 5 no ip icmp rate-limit unreachable ! ! ip cef no ip domain lookup ! ! ip auth-proxy max-nodata-conns 3 ip admission max-nodata-conns 3 ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ip tcp synwait-time 5 ! ! ! ! ! interface Loopback0 ip address 192.168.0.12 255.255.255.255 ! interface Ethernet0/0 ip address 2.2.2.2 255.255.255.252 half-duplex ! interface Ethernet0/1 ip address 192.168.25.2 255.255.255.0 half-duplex ! interface Ethernet0/2 no ip address shutdown half-duplex ! interface Ethernet0/3 no ip address shutdown half-duplex ! router ospf 1 router-id 12.12.12.12 log-adjacency-changes network 192.168.0.0 0.0.255.255 area 0 ! router bgp 1 no synchronization bgp log-neighbor-changes network 2.2.2.0 mask 255.255.255.252 neighbor 192.168.0.15 remote-as 1 neighbor 192.168.0.15 update-source Loopback0 neighbor 192.168.0.15 next-hop-self no auto-summary ! no ip http server no ip http secure-server ! ip forward-protocol nd ! ! no cdp log mismatch duplex ! ! ! control-plane ! ! ! ! ! ! ! ! ! ! line con 0 exec-timeout 0 0 privilege level 15 logging synchronous line aux 0 exec-timeout 0 0 privilege level 15 logging synchronous line vty 0 4 login ! ! end
ISP13 Initial Configuration(Click)
! ! version 12.4 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname ISP13 ! boot-start-marker boot-end-marker ! ! no aaa new-model memory-size iomem 5 no ip icmp rate-limit unreachable ! ! ip cef no ip domain lookup ! ! ip auth-proxy max-nodata-conns 3 ip admission max-nodata-conns 3 ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ip tcp synwait-time 5 ! ! ! ! ! interface Loopback0 ip address 192.168.0.13 255.255.255.255 ip ospf network point-to-point ! interface Ethernet0/0 ip address 12.12.12.1 255.255.255.252 half-duplex ! interface Ethernet0/1 ip address 192.168.35.3 255.255.255.0 half-duplex ! interface Ethernet0/2 no ip address shutdown half-duplex ! interface Ethernet0/3 no ip address shutdown half-duplex ! router ospf 1 router-id 13.13.13.13 log-adjacency-changes network 192.168.0.0 0.0.255.255 area 0 ! router bgp 1 no synchronization bgp log-neighbor-changes neighbor 12.12.12.2 remote-as 2 neighbor 12.12.12.2 password cisco neighbor 192.168.0.15 remote-as 1 neighbor 192.168.0.15 update-source Loopback0 neighbor 192.168.0.15 next-hop-self no auto-summary ! no ip http server no ip http secure-server ! ip forward-protocol nd ! ! no cdp log mismatch duplex ! ! ! control-plane ! ! ! ! ! ! ! ! ! ! line con 0 exec-timeout 0 0 privilege level 15 logging synchronous line aux 0 exec-timeout 0 0 privilege level 15 logging synchronous line vty 0 4 login ! ! end
ISP14 Initial Configuration(Click)
! ! version 12.4 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname ISP14 ! boot-start-marker boot-end-marker ! ! no aaa new-model memory-size iomem 5 no ip icmp rate-limit unreachable ! ! ip cef no ip domain lookup ! ! ip auth-proxy max-nodata-conns 3 ip admission max-nodata-conns 3 ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ip tcp synwait-time 5 ! ! ! ! ! interface Loopback0 ip address 192.168.0.14 255.255.255.255 ! interface Ethernet0/0 ip address 12.12.12.5 255.255.255.252 half-duplex ! interface Ethernet0/1 ip address 192.168.45.4 255.255.255.0 half-duplex ! interface Ethernet0/2 no ip address shutdown half-duplex ! interface Ethernet0/3 no ip address shutdown half-duplex ! router ospf 1 router-id 14.14.14.14 log-adjacency-changes network 192.168.0.0 0.0.255.255 area 0 ! router bgp 1 no synchronization bgp log-neighbor-changes neighbor 12.12.12.6 remote-as 2 neighbor 12.12.12.6 password cisco neighbor 192.168.0.15 remote-as 1 neighbor 192.168.0.15 update-source Loopback0 neighbor 192.168.0.15 next-hop-self no auto-summary ! no ip http server no ip http secure-server ! ip forward-protocol nd ! ! no cdp log mismatch duplex ! ! ! control-plane ! ! ! ! ! ! ! ! ! ! line con 0 exec-timeout 0 0 privilege level 15 logging synchronous line aux 0 exec-timeout 0 0 privilege level 15 logging synchronous line vty 0 4 login ! ! end
ISP15 Initial Configuration(Click)
! ! version 12.4 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname ISP15 ! boot-start-marker boot-end-marker ! ! no aaa new-model memory-size iomem 5 no ip icmp rate-limit unreachable ! ! ip cef no ip domain lookup ! ! ip auth-proxy max-nodata-conns 3 ip admission max-nodata-conns 3 ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ip tcp synwait-time 5 ! ! ! ! ! interface Loopback0 ip address 192.168.0.15 255.255.255.255 ! interface Loopback1 ip address 100.1.2.15 255.255.255.0 secondary ip address 100.1.1.15 255.255.255.0 ip ospf network point-to-point ! interface Ethernet0/0 ip address 192.168.15.5 255.255.255.0 half-duplex ! interface Ethernet0/1 ip address 192.168.25.5 255.255.255.0 half-duplex ! interface Ethernet0/2 ip address 192.168.35.5 255.255.255.0 half-duplex ! interface Ethernet0/3 ip address 192.168.45.5 255.255.255.0 half-duplex ! router ospf 1 router-id 15.15.15.15 log-adjacency-changes network 192.168.0.0 0.0.255.255 area 0 ! router bgp 1 no synchronization bgp log-neighbor-changes network 100.1.1.0 mask 255.255.255.0 network 100.1.2.0 mask 255.255.255.0 neighbor 192.168.0.11 remote-as 1 neighbor 192.168.0.11 update-source Loopback0 neighbor 192.168.0.11 route-reflector-client neighbor 192.168.0.12 remote-as 1 neighbor 192.168.0.12 update-source Loopback0 neighbor 192.168.0.12 route-reflector-client neighbor 192.168.0.13 remote-as 1 neighbor 192.168.0.13 update-source Loopback0 neighbor 192.168.0.13 route-reflector-client neighbor 192.168.0.14 remote-as 1 neighbor 192.168.0.14 update-source Loopback0 neighbor 192.168.0.14 route-reflector-client no auto-summary ! no ip http server no ip http secure-server ! ip forward-protocol nd ! ! no cdp log mismatch duplex ! ! ! control-plane ! ! ! ! ! ! ! ! ! ! line con 0 exec-timeout 0 0 privilege level 15 logging synchronous line aux 0 exec-timeout 0 0 privilege level 15 logging synchronous line vty 0 4 login ! ! end
ISP21 Initial Configuration(Click)
! ! version 12.4 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname ISP21 ! boot-start-marker boot-end-marker ! ! no aaa new-model memory-size iomem 5 no ip icmp rate-limit unreachable ! ! ip cef no ip domain lookup ! ! ip auth-proxy max-nodata-conns 3 ip admission max-nodata-conns 3 ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ip tcp synwait-time 5 ! ! ! ! ! interface Loopback0 ip address 192.168.0.21 255.255.255.255 ! interface Ethernet0/0 ip address 3.3.3.2 255.255.255.252 half-duplex ! interface Ethernet0/1 ip address 192.168.12.1 255.255.255.0 half-duplex ! interface Ethernet0/2 no ip address shutdown half-duplex ! interface Ethernet0/3 no ip address shutdown half-duplex ! router ospf 1 router-id 21.21.21.21 log-adjacency-changes network 192.168.0.0 0.0.255.255 area 0 ! router bgp 2 no synchronization bgp log-neighbor-changes network 3.3.3.0 mask 255.255.255.252 neighbor 192.168.0.22 remote-as 2 neighbor 192.168.0.22 update-source Loopback0 neighbor 192.168.0.22 next-hop-self no auto-summary ! no ip http server no ip http secure-server ! ip forward-protocol nd ! ! no cdp log mismatch duplex ! ! ! control-plane ! ! ! ! ! ! ! ! ! ! line con 0 exec-timeout 0 0 privilege level 15 logging synchronous line aux 0 exec-timeout 0 0 privilege level 15 logging synchronous line vty 0 4 login ! ! end
ISP22 Initial Configuration(Click)
! ! version 12.4 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname ISP22 ! boot-start-marker boot-end-marker ! ! no aaa new-model memory-size iomem 5 no ip icmp rate-limit unreachable ! ! ip cef no ip domain lookup ! ! ip auth-proxy max-nodata-conns 3 ip admission max-nodata-conns 3 ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ip tcp synwait-time 5 ! ! ! ! ! interface Loopback0 ip address 192.168.0.22 255.255.255.255 ! interface Ethernet0/0 ip address 12.12.12.2 255.255.255.252 half-duplex ! interface Ethernet0/1 ip address 12.12.12.6 255.255.255.252 half-duplex ! interface Ethernet0/2 ip address 192.168.12.2 255.255.255.0 half-duplex ! interface Ethernet0/3 no ip address shutdown half-duplex ! router ospf 1 router-id 22.22.22.22 log-adjacency-changes network 192.168.0.0 0.0.255.255 area 0 ! router bgp 2 no synchronization bgp log-neighbor-changes neighbor 12.12.12.1 remote-as 1 neighbor 12.12.12.1 password cisco neighbor 12.12.12.1 route-map From_ISP13 in neighbor 12.12.12.5 remote-as 1 neighbor 12.12.12.5 password cisco neighbor 12.12.12.5 route-map From_ISP14 in neighbor 192.168.0.21 remote-as 2 neighbor 192.168.0.21 update-source Loopback0 neighbor 192.168.0.21 next-hop-self no auto-summary ! no ip http server no ip http secure-server ! ip forward-protocol nd ! ! access-list 1 permit 100.1.1.0 access-list 2 permit 100.1.2.0 no cdp log mismatch duplex ! route-map From_ISP13 permit 10 match ip address 1 set local-preference 150 ! route-map From_ISP13 permit 100 ! route-map From_ISP14 permit 10 match ip address 2 set local-preference 150 ! route-map From_ISP14 permit 100 ! ! ! control-plane ! ! ! ! ! ! ! ! ! ! line con 0 exec-timeout 0 0 privilege level 15 logging synchronous line aux 0 exec-timeout 0 0 privilege level 15 logging synchronous line vty 0 4 login ! ! end
PC11 Initial Configuration(Click)
set pcname PC11 ip 10.1.11.11 10.1.11.250 24
PC12 Initial Configuration(Click)
set pcname PC12 ip 10.1.12.12 10.1.12.250 24
PC21 Initial Configuration(Click)
set pcname PC21 ip 10.1.21.21 10.1.21.251 24
PC120 Initial Configuration(Click)
# This the configuration for PC120 set pcname PC120 ip 10.2.11.120 255.255.255.0 10.2.11.251
PC130 Initial Configuration(Click)
# This the configuration for PC130 set pcname PC130 ip 10.3.11.130 255.255.255.0 10.3.11.251
SFSW Initial Configuration(Click)
! ! version 12.4 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption no service dhcp ! hostname SFSW ! boot-start-marker boot-end-marker ! ! no aaa new-model memory-size iomem 5 no ip routing no ip icmp rate-limit unreachable no ip cef ! ! ! ! no ip domain lookup ! multilink bundle-name authenticated ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! vtp file nvram:vlan.dat archive log config hidekeys ! ! ! ! ip tcp synwait-time 5 ! ! ! ! interface FastEthernet0/0 description *** Unused for Layer2 EtherSwitch *** no ip address no ip route-cache shutdown duplex auto speed auto ! interface FastEthernet0/1 description *** Unused for Layer2 EtherSwitch *** no ip address no ip route-cache shutdown duplex auto speed auto ! interface FastEthernet1/0 duplex full speed 100 ! interface FastEthernet1/1 switchport access vlan 100 duplex full speed 100 spanning-tree portfast ! interface FastEthernet1/2 duplex full speed 100 ! interface FastEthernet1/3 duplex full speed 100 ! interface FastEthernet1/4 duplex full speed 100 ! interface FastEthernet1/5 duplex full speed 100 ! interface FastEthernet1/6 duplex full speed 100 ! interface FastEthernet1/7 duplex full speed 100 ! interface FastEthernet1/8 switchport access vlan 100 duplex full speed 100 ! interface FastEthernet1/9 duplex full speed 100 ! interface FastEthernet1/10 duplex full speed 100 ! interface FastEthernet1/11 duplex full speed 100 ! interface FastEthernet1/12 duplex full speed 100 ! interface FastEthernet1/13 duplex full speed 100 ! interface FastEthernet1/14 duplex full speed 100 ! interface FastEthernet1/15 duplex full speed 100 ! interface Vlan1 no ip address no ip route-cache shutdown ! ip forward-protocol nd ! ! no ip http server no ip http secure-server ! no cdp log mismatch duplex ! ! ! ! ! ! control-plane ! ! ! ! ! ! ! ! ! ! line con 0 exec-timeout 0 0 privilege level 15 logging synchronous line aux 0 exec-timeout 0 0 privilege level 15 logging synchronous line vty 0 4 login ! ! end
SRV Initial Configuration(Click)
set pcname SRV ip 10.1.100.100 10.1.100.251 24
VPN1 Initial Configuration(Click)
! ! version 12.4 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname VPN1 ! boot-start-marker boot-end-marker ! ! no aaa new-model memory-size iomem 5 no ip icmp rate-limit unreachable ! ! ip cef no ip domain lookup ! ! ip auth-proxy max-nodata-conns 3 ip admission max-nodata-conns 3 ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ip tcp synwait-time 5 ! ! ! ! ! interface Ethernet0/0 no ip address shutdown half-duplex ! interface Ethernet0/1 ip address 10.1.0.22 255.255.255.252 half-duplex ! interface Ethernet0/2 no ip address shutdown half-duplex ! interface Ethernet0/3 no ip address shutdown half-duplex ! router ospf 1 router-id 113.113.113.113 log-adjacency-changes network 10.1.0.0 0.0.255.255 area 1 ! no ip http server no ip http secure-server ! ip forward-protocol nd ! ! no cdp log mismatch duplex ! ! ! control-plane ! ! ! ! ! ! ! ! ! ! line con 0 exec-timeout 0 0 privilege level 15 logging synchronous line aux 0 exec-timeout 0 0 privilege level 15 logging synchronous line vty 0 4 login ! ! end
WAN1 Initial Configuration(Click)
! ! version 12.4 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname WAN1 ! boot-start-marker boot-end-marker ! ! no aaa new-model memory-size iomem 5 no ip icmp rate-limit unreachable ! ! ip cef no ip domain lookup ! ! ip auth-proxy max-nodata-conns 3 ip admission max-nodata-conns 3 ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ip tcp synwait-time 5 ! ! ! ! ! interface Ethernet0/0 ip address 10.0.0.1 255.255.255.0 half-duplex ! interface Ethernet0/1 ip address 10.1.0.14 255.255.255.252 half-duplex ! interface Ethernet0/2 no ip address shutdown half-duplex ! interface Ethernet0/3 no ip address shutdown half-duplex ! router ospf 1 router-id 111.111.111.111 log-adjacency-changes area 1 range 10.1.0.0 255.255.0.0 network 10.0.0.0 0.0.0.255 area 0 network 10.1.0.0 0.0.255.255 area 1 ! no ip http server no ip http secure-server ! ip forward-protocol nd ! ! no cdp log mismatch duplex ! ! ! control-plane ! ! ! ! ! ! ! ! ! ! line con 0 exec-timeout 0 0 privilege level 15 logging synchronous line aux 0 exec-timeout 0 0 privilege level 15 logging synchronous line vty 0 4 login ! ! end
WAN2 Part3 Configuration(Click)
! ! version 12.4 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname WAN2 ! boot-start-marker boot-end-marker ! ! no aaa new-model memory-size iomem 5 no ip icmp rate-limit unreachable ! ! ip cef no ip domain lookup ! ! ip auth-proxy max-nodata-conns 3 ip admission max-nodata-conns 3 ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ip tcp synwait-time 5 ! ! ! ! ! interface Ethernet0/0 ip address 10.0.0.2 255.255.255.0 half-duplex ! interface Ethernet0/1 ip address 10.2.0.2 255.255.255.252 half-duplex ! interface Ethernet0/2 no ip address shutdown half-duplex ! interface Ethernet0/3 no ip address shutdown half-duplex ! router ospf 1 router-id 121.121.121.121 log-adjacency-changes area 2 range 10.2.0.0 255.255.0.0 network 10.0.0.0 0.0.0.255 area 0 network 10.2.0.0 0.0.255.255 area 2 ! no ip http server no ip http secure-server ! ip forward-protocol nd ! ! no cdp log mismatch duplex ! ! ! control-plane ! ! ! ! ! ! ! ! ! ! line con 0 exec-timeout 0 0 privilege level 15 logging synchronous line aux 0 exec-timeout 0 0 privilege level 15 logging synchronous line vty 0 4 login ! ! end
Part5:インターネットへの接続
要件
- INET1/INET2/INET3/VPN1でグローバルアドレスを設定します。
| 機器 | インタフェース | IPアドレス |
|---|---|---|
| INET1 | E0/0 | 1.1.1.1/30 |
| E0/2 | 1.1.1.5/30 | |
| VPN1 | E0/0 | 1.1.1.6/30 |
| INET2 | E0/0 | 2.2.2.1/30 |
| INET3 | E0/0 | 3.3.3.1/30 |
- インターネットへルーティングするためにデフォルトルートをスタティックルートで設定します。また、INET1/INET2ではOSPFで拠点内にデフォルトルートをアドバタイズします。
- 各拠点のPCからインターネットへ通信できるようにNATのアドレス変換を行います。
IPアドレスの設定
INET1/INET2/INET3/VPN1でインターネット側のインタフェースにグローバルアドレスを設定して、インターネットへ接続します。
INET1 IPアドレス設定
interface Ethernet0/0 ip address 1.1.1.1 255.255.255.252 no shutdown ! interface Ethernet0/2 ip address 1.1.1.5 255.255.255.252 no shutdown
VPN1 IPアドレス設定
interface Ethernet0/0 ip address 1.1.1.6 255.255.255.252 no shutdown
INET2 IPアドレス設定
interface Ethernet0/0 ip address 2.2.2.1 255.255.255.252 no shutdown
INET3 IPアドレス設定
interface Ethernet0/0 ip address 3.3.3.1 255.255.255.252 no shutdown
show ip interface briefコマンドでグローバルアドレスを正しく設定できていることを確認します。INET1では、次のような表示です。
INET1 IPアドレス確認 show ip interface brief
INET1#show ip int brief Interface IP-Address OK? Method Status Protocol Ethernet0/0 1.1.1.1 YES manual up up Ethernet0/1 10.1.0.18 YES NVRAM up up Ethernet0/2 1.1.1.5 YES manual up up Ethernet0/3 unassigned YES NVRAM administratively down down
デフォルトルートの設定
インターネットへルーティングするためにデフォルトルートを設定します。INET1では、ISP11をネクストホップとするスタティックルートのデフォルトルートを設定したうえで、拠点1内部へデフォルトルートをOSPFでアドバタイズできるようにします。
INET1 デフォルトルートの設定
ip route 0.0.0.0 0.0.0.0 1.1.1.2 ! router ospf 1 default-information originate
VPN1 デフォルトルートの設定
ip route 0.0.0.0 0.0.0.0 1.1.1.5
INET2 デフォルトルートの設定
ip route 0.0.0.0 0.0.0.0 2.2.2.2 ! router ospf 1 default-information originate
INET3 デフォルトルートの設定
ip route 0.0.0.0 0.0.0.0 3.3.3.2
ルーティングテーブルにデフォルトルートが正しく登録されていることを確認します。INET1およびBBSWでは、次のような表示です。
INET1 デフォルトルートの確認 show ip route
INET1#show ip route
-- omitted --
Gateway of last resort is 1.1.1.2 to network 0.0.0.0
1.0.0.0/30 is subnetted, 2 subnets
C 1.1.1.0 is directly connected, Ethernet0/0
C 1.1.1.4 is directly connected, Ethernet0/2
10.0.0.0/8 is variably subnetted, 12 subnets, 3 masks
O 10.1.11.0/24 [110/12] via 10.1.0.17, 00:00:27, Ethernet0/1
O 10.1.0.8/30 [110/11] via 10.1.0.17, 00:00:27, Ethernet0/1
O 10.1.12.0/24 [110/12] via 10.1.0.17, 00:00:27, Ethernet0/1
O 10.1.0.12/30 [110/11] via 10.1.0.17, 00:00:27, Ethernet0/1
O IA 10.2.0.0/16 [110/31] via 10.1.0.17, 00:00:30, Ethernet0/1
O IA 10.0.0.0/24 [110/21] via 10.1.0.17, 00:00:30, Ethernet0/1
O 10.1.0.0/30 [110/11] via 10.1.0.17, 00:00:30, Ethernet0/1
O 10.1.0.4/30 [110/11] via 10.1.0.17, 00:00:30, Ethernet0/1
C 10.1.0.16/30 is directly connected, Ethernet0/1
O 10.1.21.0/24 [110/12] via 10.1.0.17, 00:00:31, Ethernet0/1
O 10.1.0.20/30 [110/11] via 10.1.0.17, 00:00:31, Ethernet0/1
O 10.1.100.0/24 [110/11] via 10.1.0.17, 00:00:31, Ethernet0/1
S* 0.0.0.0/0 [1/0] via 1.1.1.2
BBSW デフォルトルートの確認 show ip route
BBSW#show ip route
-- omitted --
Gateway of last resort is 10.1.0.18 to network 0.0.0.0
10.0.0.0/8 is variably subnetted, 12 subnets, 3 masks
O 10.1.11.0/24 [110/2] via 10.1.0.6, 00:02:42, FastEthernet1/2
[110/2] via 10.1.0.2, 00:02:32, FastEthernet1/1
C 10.1.0.8/30 is directly connected, FastEthernet1/4
O 10.1.12.0/24 [110/2] via 10.1.0.6, 00:02:42, FastEthernet1/2
[110/2] via 10.1.0.2, 00:02:32, FastEthernet1/1
C 10.1.0.12/30 is directly connected, FastEthernet1/11
O IA 10.2.0.0/16 [110/21] via 10.1.0.14, 00:02:43, FastEthernet1/11
O IA 10.0.0.0/24 [110/11] via 10.1.0.14, 00:02:43, FastEthernet1/11
C 10.1.0.0/30 is directly connected, FastEthernet1/1
C 10.1.0.4/30 is directly connected, FastEthernet1/2
C 10.1.0.16/30 is directly connected, FastEthernet1/12
O 10.1.21.0/24 [110/2] via 10.1.0.10, 00:02:43, FastEthernet1/4
C 10.1.0.20/30 is directly connected, FastEthernet1/13
C 10.1.100.0/24 is directly connected, Vlan100
O*E2 0.0.0.0/0 [110/1] via 10.1.0.18, 00:03:37, FastEthernet1/12
NATの設定
拠点内のPCからインターネットへ通信するためには、NATの設定を行います。拠点内のPCからインターネット宛てのIPパケットの送信元IPアドレスをINET1/INET2/INET3のE0/0のグローバルアドレスに変換します。
INET1 NATの設定
interface Ethernet0/0 ip nat outside ! interface Ethernet0/1 ip nat inside ! ip nat inside source list 10 interface Ethernet0/0 overload ! access-list 10 permit 10.1.0.0 0.0.255.255
INET2 NATの設定
interface Ethernet0/0 ip nat outside ! interface Ethernet0/1 ip nat inside ! ip nat inside source list 10 interface Ethernet0/0 overload ! access-list 10 permit 10.2.0.0 0.0.255.255
INET3 NATの設定
interface Ethernet0/0 ip nat outside ! interface Ethernet0/1 ip nat inside ! ip nat inside source list 10 interface Ethernet0/0 overload ! access-list 10 permit 10.3.0.0 0.0.255.255
各拠点のPCからインターネットへPingします。そして、インターネットに接続しているルータでNAT変換を確認します。PC11とINET1では、次のようになります。
PC11 インターネットへの通信
PC11> ping 100.1.1.15 84 bytes from 100.1.1.15 icmp_seq=1 ttl=251 time=91.344 ms 84 bytes from 100.1.1.15 icmp_seq=2 ttl=251 time=91.986 ms 84 bytes from 100.1.1.15 icmp_seq=3 ttl=251 time=93.165 ms 84 bytes from 100.1.1.15 icmp_seq=4 ttl=251 time=92.341 ms 84 bytes from 100.1.1.15 icmp_seq=5 ttl=251 time=95.429 ms
INET1 NATテーブル show ip nat translations
INET1#show ip nat translations Pro Inside global Inside local Outside local Outside global icmp 1.1.1.1:60006 10.1.11.11:60006 100.1.1.15:60006 100.1.1.15:60006 icmp 1.1.1.1:60262 10.1.11.11:60262 100.1.1.15:60262 100.1.1.15:60262 icmp 1.1.1.1:60518 10.1.11.11:60518 100.1.1.15:60518 100.1.1.15:60518 icmp 1.1.1.1:60774 10.1.11.11:60774 100.1.1.15:60774 100.1.1.15:60774 icmp 1.1.1.1:61030 10.1.11.11:61030 100.1.1.15:61030 100.1.1.15:61030
Part5 インターネットへの接続 完了の設定ファイル
ASW11 Part5 Configuration(Click)
! ! version 12.4 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption no service dhcp ! hostname ASW11 ! boot-start-marker boot-end-marker ! ! no aaa new-model memory-size iomem 5 no ip routing no ip icmp rate-limit unreachable no ip cef ! ! ! ! no ip domain lookup ! multilink bundle-name authenticated ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! vtp file nvram:vlan.dat archive log config hidekeys ! ! ! ! ip tcp synwait-time 5 ! ! ! ! interface FastEthernet0/0 description *** Unused for Layer2 EtherSwitch *** no ip address no ip route-cache shutdown duplex auto speed auto ! interface FastEthernet0/1 description *** Unused for Layer2 EtherSwitch *** no ip address no ip route-cache shutdown duplex auto speed auto ! interface FastEthernet1/0 duplex full speed 100 ! interface FastEthernet1/1 switchport access vlan 11 duplex full speed 100 spanning-tree portfast ! interface FastEthernet1/2 switchport access vlan 12 duplex full speed 100 spanning-tree portfast ! interface FastEthernet1/3 duplex full speed 100 ! interface FastEthernet1/4 duplex full speed 100 ! interface FastEthernet1/5 duplex full speed 100 ! interface FastEthernet1/6 duplex full speed 100 ! interface FastEthernet1/7 duplex full speed 100 ! interface FastEthernet1/8 switchport mode trunk duplex full speed 100 ! interface FastEthernet1/9 switchport mode trunk duplex full speed 100 ! interface FastEthernet1/10 duplex full speed 100 ! interface FastEthernet1/11 duplex full speed 100 ! interface FastEthernet1/12 duplex full speed 100 ! interface FastEthernet1/13 duplex full speed 100 ! interface FastEthernet1/14 duplex full speed 100 ! interface FastEthernet1/15 duplex full speed 100 ! interface Vlan1 no ip address no ip route-cache shutdown ! ip forward-protocol nd ! ! no ip http server no ip http secure-server ! no cdp log mismatch duplex ! ! ! ! ! ! control-plane ! ! ! ! ! ! ! ! ! ! line con 0 exec-timeout 0 0 privilege level 15 logging synchronous line aux 0 exec-timeout 0 0 privilege level 15 logging synchronous line vty 0 4 login ! ! end
ASW21 Part5 Configuration(Click)
! ! version 12.4 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption no service dhcp ! hostname ASW21 ! boot-start-marker boot-end-marker ! ! no aaa new-model memory-size iomem 5 no ip routing no ip icmp rate-limit unreachable no ip cef ! ! ! ! no ip domain lookup ! multilink bundle-name authenticated ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! vtp file nvram:vlan.dat archive log config hidekeys ! ! ! ! ip tcp synwait-time 5 ! ! ! ! interface FastEthernet0/0 description *** Unused for Layer2 EtherSwitch *** no ip address no ip route-cache shutdown duplex auto speed auto ! interface FastEthernet0/1 description *** Unused for Layer2 EtherSwitch *** no ip address no ip route-cache shutdown duplex auto speed auto ! interface FastEthernet1/0 duplex full speed 100 ! interface FastEthernet1/1 switchport access vlan 21 duplex full speed 100 spanning-tree portfast ! interface FastEthernet1/2 duplex full speed 100 ! interface FastEthernet1/3 duplex full speed 100 ! interface FastEthernet1/4 duplex full speed 100 ! interface FastEthernet1/5 duplex full speed 100 ! interface FastEthernet1/6 duplex full speed 100 ! interface FastEthernet1/7 duplex full speed 100 ! interface FastEthernet1/8 switchport mode trunk duplex full speed 100 ! interface FastEthernet1/9 duplex full speed 100 ! interface FastEthernet1/10 duplex full speed 100 ! interface FastEthernet1/11 duplex full speed 100 ! interface FastEthernet1/12 duplex full speed 100 ! interface FastEthernet1/13 duplex full speed 100 ! interface FastEthernet1/14 duplex full speed 100 ! interface FastEthernet1/15 duplex full speed 100 ! interface Vlan1 no ip address no ip route-cache shutdown ! ip forward-protocol nd ! ! no ip http server no ip http secure-server ! no cdp log mismatch duplex ! ! ! ! ! ! control-plane ! ! ! ! ! ! ! ! ! ! line con 0 exec-timeout 0 0 privilege level 15 logging synchronous line aux 0 exec-timeout 0 0 privilege level 15 logging synchronous line vty 0 4 login ! ! end
BBSW Part5 Configuration(Click)
! ! version 12.4 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption no service dhcp ! hostname BBSW ! boot-start-marker boot-end-marker ! ! no aaa new-model memory-size iomem 5 no ip icmp rate-limit unreachable ip cef ! ! ! ! no ip domain lookup ! multilink bundle-name authenticated ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! vtp file nvram:vlan.dat archive log config hidekeys ! ! ! vlan internal allocation policy ascending ! ip tcp synwait-time 5 ! ! ! ! interface FastEthernet0/0 description *** Unused for Layer2 EtherSwitch *** no ip address shutdown duplex auto speed auto ! interface FastEthernet0/1 description *** Unused for Layer2 EtherSwitch *** no ip address shutdown duplex auto speed auto ! interface FastEthernet1/0 duplex full speed 100 ! interface FastEthernet1/1 no switchport ip address 10.1.0.1 255.255.255.252 duplex full speed 100 ! interface FastEthernet1/2 no switchport ip address 10.1.0.5 255.255.255.252 duplex full speed 100 ! interface FastEthernet1/3 switchport access vlan 100 duplex full speed 100 ! interface FastEthernet1/4 no switchport ip address 10.1.0.9 255.255.255.252 duplex full speed 100 ! interface FastEthernet1/5 duplex full speed 100 ! interface FastEthernet1/6 duplex full speed 100 ! interface FastEthernet1/7 duplex full speed 100 ! interface FastEthernet1/8 duplex full speed 100 ! interface FastEthernet1/9 duplex full speed 100 ! interface FastEthernet1/10 duplex full speed 100 ! interface FastEthernet1/11 no switchport ip address 10.1.0.13 255.255.255.252 duplex full speed 100 ! interface FastEthernet1/12 no switchport ip address 10.1.0.17 255.255.255.252 duplex full speed 100 ! interface FastEthernet1/13 no switchport ip address 10.1.0.21 255.255.255.252 duplex full speed 100 ! interface FastEthernet1/14 duplex full speed 100 ! interface FastEthernet1/15 duplex full speed 100 ! interface Vlan1 no ip address shutdown ! interface Vlan100 ip address 10.1.100.251 255.255.255.0 ! router ospf 1 router-id 100.100.100.100 log-adjacency-changes network 10.1.0.0 0.0.255.255 area 1 ! ip forward-protocol nd ! ! no ip http server no ip http secure-server ! no cdp log mismatch duplex ! ! ! ! ! ! control-plane ! ! ! ! ! ! ! ! ! ! line con 0 exec-timeout 0 0 privilege level 15 logging synchronous line aux 0 exec-timeout 0 0 privilege level 15 logging synchronous line vty 0 4 login ! ! end
DSW11 Part5 Configuration(Click)
! ! version 12.4 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption no service dhcp ! hostname DSW11 ! boot-start-marker boot-end-marker ! ! no aaa new-model memory-size iomem 5 no ip icmp rate-limit unreachable ip cef ! ! ! ! no ip domain lookup ! multilink bundle-name authenticated ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! vtp file nvram:vlan.dat archive log config hidekeys ! ! ! vlan internal allocation policy ascending ! ip tcp synwait-time 5 ! ! ! ! ! interface Port-channel1 ! interface FastEthernet0/0 description *** Unused for Layer2 EtherSwitch *** no ip address shutdown duplex auto speed auto ! interface FastEthernet0/1 description *** Unused for Layer2 EtherSwitch *** no ip address shutdown duplex auto speed auto ! interface FastEthernet1/0 duplex full speed 100 ! interface FastEthernet1/1 no switchport ip address 10.1.0.2 255.255.255.252 duplex full speed 100 ! interface FastEthernet1/2 duplex full speed 100 ! interface FastEthernet1/3 duplex full speed 100 ! interface FastEthernet1/4 duplex full speed 100 ! interface FastEthernet1/5 duplex full speed 100 ! interface FastEthernet1/6 duplex full speed 100 ! interface FastEthernet1/7 duplex full speed 100 ! interface FastEthernet1/8 switchport mode trunk duplex full speed 100 ! interface FastEthernet1/9 duplex full speed 100 ! interface FastEthernet1/10 duplex full speed 100 ! interface FastEthernet1/11 duplex full speed 100 ! interface FastEthernet1/12 duplex full speed 100 ! interface FastEthernet1/13 duplex full speed 100 ! interface FastEthernet1/14 duplex full speed 100 ! interface FastEthernet1/15 duplex full speed 100 ! interface Vlan1 no ip address shutdown ! interface Vlan11 ip address 10.1.11.251 255.255.255.0 standby 11 ip 10.1.11.250 standby 11 priority 110 standby 11 preempt standby 11 track FastEthernet1/1 20 ! interface Vlan12 ip address 10.1.12.251 255.255.255.0 standby 12 ip 10.1.12.250 standby 12 preempt ! router ospf 1 router-id 11.11.11.11 log-adjacency-changes network 10.1.0.0 0.0.255.255 area 1 ! ip forward-protocol nd ! ! no ip http server no ip http secure-server ! no cdp log mismatch duplex ! ! ! ! ! ! control-plane ! ! ! ! ! ! ! ! ! ! line con 0 exec-timeout 0 0 privilege level 15 logging synchronous line aux 0 exec-timeout 0 0 privilege level 15 logging synchronous line vty 0 4 login ! ! end
DSW12 Part5 Configuration(Click)
! ! version 12.4 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption no service dhcp ! hostname DSW12 ! boot-start-marker boot-end-marker ! ! no aaa new-model memory-size iomem 5 no ip icmp rate-limit unreachable ip cef ! ! ! ! no ip domain lookup ! multilink bundle-name authenticated ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! vtp file nvram:vlan.dat archive log config hidekeys ! ! ! vlan internal allocation policy ascending ! ip tcp synwait-time 5 ! ! ! ! ! interface FastEthernet0/0 description *** Unused for Layer2 EtherSwitch *** no ip address shutdown duplex auto speed auto ! interface FastEthernet0/1 description *** Unused for Layer2 EtherSwitch *** no ip address shutdown duplex auto speed auto ! interface FastEthernet1/0 duplex full speed 100 ! interface FastEthernet1/1 no switchport ip address 10.1.0.6 255.255.255.252 duplex full speed 100 ! interface FastEthernet1/2 duplex full speed 100 ! interface FastEthernet1/3 duplex full speed 100 ! interface FastEthernet1/4 duplex full speed 100 ! interface FastEthernet1/5 duplex full speed 100 ! interface FastEthernet1/6 duplex full speed 100 ! interface FastEthernet1/7 duplex full speed 100 ! interface FastEthernet1/8 duplex full speed 100 ! interface FastEthernet1/9 switchport mode trunk duplex full speed 100 ! interface FastEthernet1/10 duplex full speed 100 ! interface FastEthernet1/11 duplex full speed 100 ! interface FastEthernet1/12 duplex full speed 100 ! interface FastEthernet1/13 duplex full speed 100 ! interface FastEthernet1/14 duplex full speed 100 ! interface FastEthernet1/15 duplex full speed 100 ! interface Vlan1 no ip address shutdown ! interface Vlan11 ip address 10.1.11.252 255.255.255.0 standby 11 ip 10.1.11.250 standby 11 preempt ! interface Vlan12 ip address 10.1.12.252 255.255.255.0 standby 12 ip 10.1.12.250 standby 12 priority 110 standby 12 preempt standby 12 track FastEthernet1/1 20 ! router ospf 1 router-id 12.12.12.12 log-adjacency-changes network 10.1.0.0 0.0.255.255 area 1 ! ip forward-protocol nd ! ! no ip http server no ip http secure-server ! no cdp log mismatch duplex ! ! ! ! ! ! control-plane ! ! ! ! ! ! ! ! ! ! line con 0 exec-timeout 0 0 privilege level 15 logging synchronous line aux 0 exec-timeout 0 0 privilege level 15 logging synchronous line vty 0 4 login ! ! end
DSW21 Part5 Configuration(Click)
! ! version 12.4 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption no service dhcp ! hostname DSW21 ! boot-start-marker boot-end-marker ! ! no aaa new-model memory-size iomem 5 no ip icmp rate-limit unreachable ip cef ! ! ! ! no ip domain lookup ! multilink bundle-name authenticated ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! vtp file nvram:vlan.dat archive log config hidekeys ! ! ! vlan internal allocation policy ascending ! ip tcp synwait-time 5 ! ! ! ! interface FastEthernet0/0 description *** Unused for Layer2 EtherSwitch *** no ip address shutdown duplex auto speed auto ! interface FastEthernet0/1 description *** Unused for Layer2 EtherSwitch *** no ip address shutdown duplex auto speed auto ! interface FastEthernet1/0 duplex full speed 100 ! interface FastEthernet1/1 no switchport ip address 10.1.0.10 255.255.255.252 duplex full speed 100 ! interface FastEthernet1/2 duplex full speed 100 ! interface FastEthernet1/3 duplex full speed 100 ! interface FastEthernet1/4 duplex full speed 100 ! interface FastEthernet1/5 duplex full speed 100 ! interface FastEthernet1/6 duplex full speed 100 ! interface FastEthernet1/7 duplex full speed 100 ! interface FastEthernet1/8 switchport mode trunk duplex full speed 100 ! interface FastEthernet1/9 duplex full speed 100 ! interface FastEthernet1/10 duplex full speed 100 ! interface FastEthernet1/11 duplex full speed 100 ! interface FastEthernet1/12 duplex full speed 100 ! interface FastEthernet1/13 duplex full speed 100 ! interface FastEthernet1/14 duplex full speed 100 ! interface FastEthernet1/15 duplex full speed 100 ! interface Vlan1 no ip address shutdown ! interface Vlan21 ip address 10.1.21.251 255.255.255.0 ! router ospf 1 router-id 21.21.21.21 log-adjacency-changes network 10.1.0.0 0.0.255.255 area 1 ! ip forward-protocol nd ! ! no ip http server no ip http secure-server ! no cdp log mismatch duplex ! ! ! ! ! ! control-plane ! ! ! ! ! ! ! ! ! ! line con 0 exec-timeout 0 0 privilege level 15 logging synchronous line aux 0 exec-timeout 0 0 privilege level 15 logging synchronous line vty 0 4 login ! ! end
DSW120 Part5 Configuration(Click)
! ! version 12.4 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption no service dhcp ! hostname DSW120 ! boot-start-marker boot-end-marker ! ! no aaa new-model memory-size iomem 5 no ip icmp rate-limit unreachable ip cef ! ! ! ! no ip domain lookup ! multilink bundle-name authenticated ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! vtp file nvram:vlan.dat archive log config hidekeys ! ! ! vlan internal allocation policy ascending ! ip tcp synwait-time 5 ! ! ! ! interface FastEthernet0/0 description *** Unused for Layer2 EtherSwitch *** no ip address shutdown duplex auto speed auto ! interface FastEthernet0/1 description *** Unused for Layer2 EtherSwitch *** no ip address shutdown duplex auto speed auto ! interface FastEthernet1/0 duplex full speed 100 ! interface FastEthernet1/1 switchport access vlan 11 duplex full speed 100 spanning-tree portfast ! interface FastEthernet1/2 duplex full speed 100 ! interface FastEthernet1/3 duplex full speed 100 ! interface FastEthernet1/4 duplex full speed 100 ! interface FastEthernet1/5 duplex full speed 100 ! interface FastEthernet1/6 duplex full speed 100 ! interface FastEthernet1/7 duplex full speed 100 ! interface FastEthernet1/8 duplex full speed 100 ! interface FastEthernet1/9 duplex full speed 100 ! interface FastEthernet1/10 duplex full speed 100 ! interface FastEthernet1/11 no switchport ip address 10.2.0.1 255.255.255.252 duplex full speed 100 ! interface FastEthernet1/12 no switchport ip address 10.2.0.5 255.255.255.252 duplex full speed 100 ! interface FastEthernet1/13 duplex full speed 100 ! interface FastEthernet1/14 duplex full speed 100 ! interface FastEthernet1/15 duplex full speed 100 ! interface Vlan1 no ip address shutdown ! interface Vlan11 ip address 10.2.11.251 255.255.255.0 ! router ospf 1 router-id 120.120.120.120 log-adjacency-changes network 10.2.0.0 0.0.255.255 area 2 ! ip forward-protocol nd ! ! no ip http server no ip http secure-server ! no cdp log mismatch duplex ! ! ! ! ! ! control-plane ! ! ! ! ! ! ! ! ! ! line con 0 exec-timeout 0 0 privilege level 15 logging synchronous line aux 0 exec-timeout 0 0 privilege level 15 logging synchronous line vty 0 4 login ! ! end
INET1 Part5 Configuration(Click)
! ! version 12.4 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname INET1 ! boot-start-marker boot-end-marker ! ! no aaa new-model memory-size iomem 5 no ip icmp rate-limit unreachable ! ! ip cef no ip domain lookup ! ! ip auth-proxy max-nodata-conns 3 ip admission max-nodata-conns 3 ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ip tcp synwait-time 5 ! ! ! ! ! interface Ethernet0/0 ip address 1.1.1.1 255.255.255.252 ip nat outside ip virtual-reassembly half-duplex ! interface Ethernet0/1 ip address 10.1.0.18 255.255.255.252 ip nat inside ip virtual-reassembly half-duplex ! interface Ethernet0/2 ip address 1.1.1.5 255.255.255.252 half-duplex ! interface Ethernet0/3 no ip address shutdown half-duplex ! router ospf 1 router-id 112.112.112.112 log-adjacency-changes network 10.1.0.0 0.0.255.255 area 1 default-information originate ! no ip http server no ip http secure-server ! ip forward-protocol nd ip route 0.0.0.0 0.0.0.0 1.1.1.2 ! ip nat inside source list 10 interface Ethernet0/0 overload ! access-list 10 permit 10.1.0.0 0.0.255.255 no cdp log mismatch duplex ! ! ! control-plane ! ! ! ! ! ! ! ! ! ! line con 0 exec-timeout 0 0 privilege level 15 logging synchronous line aux 0 exec-timeout 0 0 privilege level 15 logging synchronous line vty 0 4 login ! ! end
INET2 Part5 Configuration(Click)
! ! version 12.4 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname INET2 ! boot-start-marker boot-end-marker ! ! no aaa new-model memory-size iomem 5 no ip icmp rate-limit unreachable ! ! ip cef no ip domain lookup ! ! ip auth-proxy max-nodata-conns 3 ip admission max-nodata-conns 3 ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ip tcp synwait-time 5 ! ! ! ! ! interface Ethernet0/0 ip address 2.2.2.1 255.255.255.252 ip nat outside ip virtual-reassembly half-duplex ! interface Ethernet0/1 ip address 10.2.0.6 255.255.255.252 ip nat inside ip virtual-reassembly half-duplex ! interface Ethernet0/2 no ip address shutdown half-duplex ! interface Ethernet0/3 no ip address shutdown half-duplex ! router ospf 1 router-id 122.122.122.122 log-adjacency-changes network 10.2.0.0 0.0.255.255 area 2 default-information originate ! no ip http server no ip http secure-server ! ip forward-protocol nd ip route 0.0.0.0 0.0.0.0 2.2.2.2 ! ip nat inside source list 10 interface Ethernet0/0 overload ! access-list 10 permit 10.2.0.0 0.0.255.255 no cdp log mismatch duplex ! ! ! control-plane ! ! ! ! ! ! ! ! ! ! line con 0 exec-timeout 0 0 privilege level 15 logging synchronous line aux 0 exec-timeout 0 0 privilege level 15 logging synchronous line vty 0 4 login ! ! end
INET3 Part5 Configuration(Click)
! ! version 12.4 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname INET3 ! boot-start-marker boot-end-marker ! ! no aaa new-model memory-size iomem 5 no ip icmp rate-limit unreachable ! ! ip cef no ip domain lookup ! ! ip auth-proxy max-nodata-conns 3 ip admission max-nodata-conns 3 ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ip tcp synwait-time 5 ! ! ! ! ! interface Ethernet0/0 ip address 3.3.3.1 255.255.255.252 ip nat outside ip virtual-reassembly half-duplex ! interface Ethernet0/1 ip address 10.3.11.251 255.255.255.0 ip nat inside ip virtual-reassembly half-duplex ! interface Ethernet0/2 no ip address shutdown half-duplex ! interface Ethernet0/3 no ip address shutdown half-duplex ! no ip http server no ip http secure-server ! ip forward-protocol nd ip route 0.0.0.0 0.0.0.0 3.3.3.2 ! ip nat inside source list 10 interface Ethernet0/0 overload ! access-list 10 permit 10.3.0.0 0.0.255.255 no cdp log mismatch duplex ! ! ! control-plane ! ! ! ! ! ! ! ! ! ! line con 0 exec-timeout 0 0 privilege level 15 logging synchronous line aux 0 exec-timeout 0 0 privilege level 15 logging synchronous line vty 0 4 login ! ! end
ISP11 Part5 Configuration(Click)
! ! version 12.4 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname ISP11 ! boot-start-marker boot-end-marker ! ! no aaa new-model memory-size iomem 5 no ip icmp rate-limit unreachable ! ! ip cef no ip domain lookup ! ! ip auth-proxy max-nodata-conns 3 ip admission max-nodata-conns 3 ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ip tcp synwait-time 5 ! ! ! ! ! interface Loopback0 ip address 192.168.0.11 255.255.255.255 ip ospf network point-to-point ! interface Ethernet0/0 ip address 1.1.1.2 255.255.255.252 half-duplex ! interface Ethernet0/1 ip address 192.168.15.1 255.255.255.0 half-duplex ! interface Ethernet0/2 no ip address shutdown half-duplex ! interface Ethernet0/3 no ip address shutdown half-duplex ! router ospf 1 router-id 11.11.11.11 log-adjacency-changes network 192.168.0.0 0.0.255.255 area 0 ! router bgp 1 no synchronization bgp log-neighbor-changes network 1.1.1.0 mask 255.255.255.252 neighbor 192.168.0.15 remote-as 1 neighbor 192.168.0.15 update-source Loopback0 neighbor 192.168.0.15 next-hop-self no auto-summary ! no ip http server no ip http secure-server ! ip forward-protocol nd ! ! no cdp log mismatch duplex ! ! ! control-plane ! ! ! ! ! ! ! ! ! ! line con 0 exec-timeout 0 0 privilege level 15 logging synchronous line aux 0 exec-timeout 0 0 privilege level 15 logging synchronous line vty 0 4 login ! ! end
ISP12 Part5 Configuration(Click)
! ! version 12.4 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname ISP12 ! boot-start-marker boot-end-marker ! ! no aaa new-model memory-size iomem 5 no ip icmp rate-limit unreachable ! ! ip cef no ip domain lookup ! ! ip auth-proxy max-nodata-conns 3 ip admission max-nodata-conns 3 ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ip tcp synwait-time 5 ! ! ! ! ! interface Loopback0 ip address 192.168.0.12 255.255.255.255 ! interface Ethernet0/0 ip address 2.2.2.2 255.255.255.252 half-duplex ! interface Ethernet0/1 ip address 192.168.25.2 255.255.255.0 half-duplex ! interface Ethernet0/2 no ip address shutdown half-duplex ! interface Ethernet0/3 no ip address shutdown half-duplex ! router ospf 1 router-id 12.12.12.12 log-adjacency-changes network 192.168.0.0 0.0.255.255 area 0 ! router bgp 1 no synchronization bgp log-neighbor-changes network 2.2.2.0 mask 255.255.255.252 neighbor 192.168.0.15 remote-as 1 neighbor 192.168.0.15 update-source Loopback0 neighbor 192.168.0.15 next-hop-self no auto-summary ! no ip http server no ip http secure-server ! ip forward-protocol nd ! ! no cdp log mismatch duplex ! ! ! control-plane ! ! ! ! ! ! ! ! ! ! line con 0 exec-timeout 0 0 privilege level 15 logging synchronous line aux 0 exec-timeout 0 0 privilege level 15 logging synchronous line vty 0 4 login ! ! end
ISP13 Part5 Configuration(Click)
! ! version 12.4 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname ISP13 ! boot-start-marker boot-end-marker ! ! no aaa new-model memory-size iomem 5 no ip icmp rate-limit unreachable ! ! ip cef no ip domain lookup ! ! ip auth-proxy max-nodata-conns 3 ip admission max-nodata-conns 3 ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ip tcp synwait-time 5 ! ! ! ! ! interface Loopback0 ip address 192.168.0.13 255.255.255.255 ip ospf network point-to-point ! interface Ethernet0/0 ip address 12.12.12.1 255.255.255.252 half-duplex ! interface Ethernet0/1 ip address 192.168.35.3 255.255.255.0 half-duplex ! interface Ethernet0/2 no ip address shutdown half-duplex ! interface Ethernet0/3 no ip address shutdown half-duplex ! router ospf 1 router-id 13.13.13.13 log-adjacency-changes network 192.168.0.0 0.0.255.255 area 0 ! router bgp 1 no synchronization bgp log-neighbor-changes neighbor 12.12.12.2 remote-as 2 neighbor 12.12.12.2 password cisco neighbor 192.168.0.15 remote-as 1 neighbor 192.168.0.15 update-source Loopback0 neighbor 192.168.0.15 next-hop-self no auto-summary ! no ip http server no ip http secure-server ! ip forward-protocol nd ! ! no cdp log mismatch duplex ! ! ! control-plane ! ! ! ! ! ! ! ! ! ! line con 0 exec-timeout 0 0 privilege level 15 logging synchronous line aux 0 exec-timeout 0 0 privilege level 15 logging synchronous line vty 0 4 login ! ! end
ISP14 Part5 Configuration(Click)
! ! version 12.4 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname ISP14 ! boot-start-marker boot-end-marker ! ! no aaa new-model memory-size iomem 5 no ip icmp rate-limit unreachable ! ! ip cef no ip domain lookup ! ! ip auth-proxy max-nodata-conns 3 ip admission max-nodata-conns 3 ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ip tcp synwait-time 5 ! ! ! ! ! interface Loopback0 ip address 192.168.0.14 255.255.255.255 ! interface Ethernet0/0 ip address 12.12.12.5 255.255.255.252 half-duplex ! interface Ethernet0/1 ip address 192.168.45.4 255.255.255.0 half-duplex ! interface Ethernet0/2 no ip address shutdown half-duplex ! interface Ethernet0/3 no ip address shutdown half-duplex ! router ospf 1 router-id 14.14.14.14 log-adjacency-changes network 192.168.0.0 0.0.255.255 area 0 ! router bgp 1 no synchronization bgp log-neighbor-changes neighbor 12.12.12.6 remote-as 2 neighbor 12.12.12.6 password cisco neighbor 192.168.0.15 remote-as 1 neighbor 192.168.0.15 update-source Loopback0 neighbor 192.168.0.15 next-hop-self no auto-summary ! no ip http server no ip http secure-server ! ip forward-protocol nd ! ! no cdp log mismatch duplex ! ! ! control-plane ! ! ! ! ! ! ! ! ! ! line con 0 exec-timeout 0 0 privilege level 15 logging synchronous line aux 0 exec-timeout 0 0 privilege level 15 logging synchronous line vty 0 4 login ! ! end
ISP15 Part5 Configuration(Click)
! ! version 12.4 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname ISP15 ! boot-start-marker boot-end-marker ! ! no aaa new-model memory-size iomem 5 no ip icmp rate-limit unreachable ! ! ip cef no ip domain lookup ! ! ip auth-proxy max-nodata-conns 3 ip admission max-nodata-conns 3 ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ip tcp synwait-time 5 ! ! ! ! ! interface Loopback0 ip address 192.168.0.15 255.255.255.255 ! interface Loopback1 ip address 100.1.2.15 255.255.255.0 secondary ip address 100.1.1.15 255.255.255.0 ip ospf network point-to-point ! interface Ethernet0/0 ip address 192.168.15.5 255.255.255.0 half-duplex ! interface Ethernet0/1 ip address 192.168.25.5 255.255.255.0 half-duplex ! interface Ethernet0/2 ip address 192.168.35.5 255.255.255.0 half-duplex ! interface Ethernet0/3 ip address 192.168.45.5 255.255.255.0 half-duplex ! router ospf 1 router-id 15.15.15.15 log-adjacency-changes network 192.168.0.0 0.0.255.255 area 0 ! router bgp 1 no synchronization bgp log-neighbor-changes network 100.1.1.0 mask 255.255.255.0 network 100.1.2.0 mask 255.255.255.0 neighbor 192.168.0.11 remote-as 1 neighbor 192.168.0.11 update-source Loopback0 neighbor 192.168.0.11 route-reflector-client neighbor 192.168.0.12 remote-as 1 neighbor 192.168.0.12 update-source Loopback0 neighbor 192.168.0.12 route-reflector-client neighbor 192.168.0.13 remote-as 1 neighbor 192.168.0.13 update-source Loopback0 neighbor 192.168.0.13 route-reflector-client neighbor 192.168.0.14 remote-as 1 neighbor 192.168.0.14 update-source Loopback0 neighbor 192.168.0.14 route-reflector-client no auto-summary ! no ip http server no ip http secure-server ! ip forward-protocol nd ! ! no cdp log mismatch duplex ! ! ! control-plane ! ! ! ! ! ! ! ! ! ! line con 0 exec-timeout 0 0 privilege level 15 logging synchronous line aux 0 exec-timeout 0 0 privilege level 15 logging synchronous line vty 0 4 login ! ! end
ISP21 Part5 Configuration(Click)
! ! version 12.4 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname ISP21 ! boot-start-marker boot-end-marker ! ! no aaa new-model memory-size iomem 5 no ip icmp rate-limit unreachable ! ! ip cef no ip domain lookup ! ! ip auth-proxy max-nodata-conns 3 ip admission max-nodata-conns 3 ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ip tcp synwait-time 5 ! ! ! ! ! interface Loopback0 ip address 192.168.0.21 255.255.255.255 ! interface Ethernet0/0 ip address 3.3.3.2 255.255.255.252 half-duplex ! interface Ethernet0/1 ip address 192.168.12.1 255.255.255.0 half-duplex ! interface Ethernet0/2 no ip address shutdown half-duplex ! interface Ethernet0/3 no ip address shutdown half-duplex ! router ospf 1 router-id 21.21.21.21 log-adjacency-changes network 192.168.0.0 0.0.255.255 area 0 ! router bgp 2 no synchronization bgp log-neighbor-changes network 3.3.3.0 mask 255.255.255.252 neighbor 192.168.0.22 remote-as 2 neighbor 192.168.0.22 update-source Loopback0 neighbor 192.168.0.22 next-hop-self no auto-summary ! no ip http server no ip http secure-server ! ip forward-protocol nd ! ! no cdp log mismatch duplex ! ! ! control-plane ! ! ! ! ! ! ! ! ! ! line con 0 exec-timeout 0 0 privilege level 15 logging synchronous line aux 0 exec-timeout 0 0 privilege level 15 logging synchronous line vty 0 4 login ! ! end
ISP22 Part5 Configuration(Click)
! ! version 12.4 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname ISP22 ! boot-start-marker boot-end-marker ! ! no aaa new-model memory-size iomem 5 no ip icmp rate-limit unreachable ! ! ip cef no ip domain lookup ! ! ip auth-proxy max-nodata-conns 3 ip admission max-nodata-conns 3 ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ip tcp synwait-time 5 ! ! ! ! ! interface Loopback0 ip address 192.168.0.22 255.255.255.255 ! interface Ethernet0/0 ip address 12.12.12.2 255.255.255.252 half-duplex ! interface Ethernet0/1 ip address 12.12.12.6 255.255.255.252 half-duplex ! interface Ethernet0/2 ip address 192.168.12.2 255.255.255.0 half-duplex ! interface Ethernet0/3 no ip address shutdown half-duplex ! router ospf 1 router-id 22.22.22.22 log-adjacency-changes network 192.168.0.0 0.0.255.255 area 0 ! router bgp 2 no synchronization bgp log-neighbor-changes neighbor 12.12.12.1 remote-as 1 neighbor 12.12.12.1 password cisco neighbor 12.12.12.1 route-map From_ISP13 in neighbor 12.12.12.5 remote-as 1 neighbor 12.12.12.5 password cisco neighbor 12.12.12.5 route-map From_ISP14 in neighbor 192.168.0.21 remote-as 2 neighbor 192.168.0.21 update-source Loopback0 neighbor 192.168.0.21 next-hop-self no auto-summary ! no ip http server no ip http secure-server ! ip forward-protocol nd ! ! access-list 1 permit 100.1.1.0 access-list 2 permit 100.1.2.0 no cdp log mismatch duplex ! route-map From_ISP13 permit 10 match ip address 1 set local-preference 150 ! route-map From_ISP13 permit 100 ! route-map From_ISP14 permit 10 match ip address 2 set local-preference 150 ! route-map From_ISP14 permit 100 ! ! ! control-plane ! ! ! ! ! ! ! ! ! ! line con 0 exec-timeout 0 0 privilege level 15 logging synchronous line aux 0 exec-timeout 0 0 privilege level 15 logging synchronous line vty 0 4 login ! ! end
PC11 Part5 Configuration(Click)
set pcname PC11 ip 10.1.11.11 10.1.11.250 24
PC12 Part5 Configuration(Click)
set pcname PC12 ip 10.1.12.12 10.1.12.250 24
PC21 Part5 Configuration(Click)
set pcname PC21 ip 10.1.21.21 10.1.21.251 24
PC120 Part5 Configuration(Click)
# This the configuration for PC120 set pcname PC120 ip 10.2.11.120 255.255.255.0 10.2.11.251
PC130 Part5 Configuration(Click)
# This the configuration for PC130 set pcname PC130 ip 10.3.11.130 255.255.255.0 10.3.11.251
SFSW Part5 Configuration(Click)
! ! version 12.4 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption no service dhcp ! hostname SFSW ! boot-start-marker boot-end-marker ! ! no aaa new-model memory-size iomem 5 no ip routing no ip icmp rate-limit unreachable no ip cef ! ! ! ! no ip domain lookup ! multilink bundle-name authenticated ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! vtp file nvram:vlan.dat archive log config hidekeys ! ! ! ! ip tcp synwait-time 5 ! ! ! ! interface FastEthernet0/0 description *** Unused for Layer2 EtherSwitch *** no ip address no ip route-cache shutdown duplex auto speed auto ! interface FastEthernet0/1 description *** Unused for Layer2 EtherSwitch *** no ip address no ip route-cache shutdown duplex auto speed auto ! interface FastEthernet1/0 duplex full speed 100 ! interface FastEthernet1/1 switchport access vlan 100 duplex full speed 100 spanning-tree portfast ! interface FastEthernet1/2 duplex full speed 100 ! interface FastEthernet1/3 duplex full speed 100 ! interface FastEthernet1/4 duplex full speed 100 ! interface FastEthernet1/5 duplex full speed 100 ! interface FastEthernet1/6 duplex full speed 100 ! interface FastEthernet1/7 duplex full speed 100 ! interface FastEthernet1/8 switchport access vlan 100 duplex full speed 100 ! interface FastEthernet1/9 duplex full speed 100 ! interface FastEthernet1/10 duplex full speed 100 ! interface FastEthernet1/11 duplex full speed 100 ! interface FastEthernet1/12 duplex full speed 100 ! interface FastEthernet1/13 duplex full speed 100 ! interface FastEthernet1/14 duplex full speed 100 ! interface FastEthernet1/15 duplex full speed 100 ! interface Vlan1 no ip address no ip route-cache shutdown ! ip forward-protocol nd ! ! no ip http server no ip http secure-server ! no cdp log mismatch duplex ! ! ! ! ! ! control-plane ! ! ! ! ! ! ! ! ! ! line con 0 exec-timeout 0 0 privilege level 15 logging synchronous line aux 0 exec-timeout 0 0 privilege level 15 logging synchronous line vty 0 4 login ! ! end
SRV Part5 Configuration(Click)
set pcname SRV ip 10.1.100.100 10.1.100.251 24
VPN1 Part5 Configuration(Click)
! ! version 12.4 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname VPN1 ! boot-start-marker boot-end-marker ! ! no aaa new-model memory-size iomem 5 no ip icmp rate-limit unreachable ! ! ip cef no ip domain lookup ! ! ip auth-proxy max-nodata-conns 3 ip admission max-nodata-conns 3 ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ip tcp synwait-time 5 ! ! ! ! ! interface Ethernet0/0 ip address 1.1.1.6 255.255.255.252 half-duplex ! interface Ethernet0/1 ip address 10.1.0.22 255.255.255.252 half-duplex ! interface Ethernet0/2 no ip address shutdown half-duplex ! interface Ethernet0/3 no ip address shutdown half-duplex ! router ospf 1 router-id 113.113.113.113 log-adjacency-changes network 10.1.0.0 0.0.255.255 area 1 ! no ip http server no ip http secure-server ! ip forward-protocol nd ip route 0.0.0.0 0.0.0.0 1.1.1.5 ! ! no cdp log mismatch duplex ! ! ! control-plane ! ! ! ! ! ! ! ! ! ! line con 0 exec-timeout 0 0 privilege level 15 logging synchronous line aux 0 exec-timeout 0 0 privilege level 15 logging synchronous line vty 0 4 login ! ! end
WAN1 Part5 Configuration(Click)
! ! version 12.4 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname WAN1 ! boot-start-marker boot-end-marker ! ! no aaa new-model memory-size iomem 5 no ip icmp rate-limit unreachable ! ! ip cef no ip domain lookup ! ! ip auth-proxy max-nodata-conns 3 ip admission max-nodata-conns 3 ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ip tcp synwait-time 5 ! ! ! ! ! interface Ethernet0/0 ip address 10.0.0.1 255.255.255.0 half-duplex ! interface Ethernet0/1 ip address 10.1.0.14 255.255.255.252 half-duplex ! interface Ethernet0/2 no ip address shutdown half-duplex ! interface Ethernet0/3 no ip address shutdown half-duplex ! router ospf 1 router-id 111.111.111.111 log-adjacency-changes area 1 range 10.1.0.0 255.255.0.0 network 10.0.0.0 0.0.0.255 area 0 network 10.1.0.0 0.0.255.255 area 1 ! no ip http server no ip http secure-server ! ip forward-protocol nd ! ! no cdp log mismatch duplex ! ! ! control-plane ! ! ! ! ! ! ! ! ! ! line con 0 exec-timeout 0 0 privilege level 15 logging synchronous line aux 0 exec-timeout 0 0 privilege level 15 logging synchronous line vty 0 4 login ! ! end
WAN2 Part5 Configuration(Click)
! ! version 12.4 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname WAN2 ! boot-start-marker boot-end-marker ! ! no aaa new-model memory-size iomem 5 no ip icmp rate-limit unreachable ! ! ip cef no ip domain lookup ! ! ip auth-proxy max-nodata-conns 3 ip admission max-nodata-conns 3 ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ip tcp synwait-time 5 ! ! ! ! ! interface Ethernet0/0 ip address 10.0.0.2 255.255.255.0 half-duplex ! interface Ethernet0/1 ip address 10.2.0.2 255.255.255.252 half-duplex ! interface Ethernet0/2 no ip address shutdown half-duplex ! interface Ethernet0/3 no ip address shutdown half-duplex ! router ospf 1 router-id 121.121.121.121 log-adjacency-changes area 2 range 10.2.0.0 255.255.0.0 network 10.0.0.0 0.0.0.255 area 0 network 10.2.0.0 0.0.255.255 area 2 ! no ip http server no ip http secure-server ! ip forward-protocol nd ! ! no cdp log mismatch duplex ! ! ! control-plane ! ! ! ! ! ! ! ! ! ! line con 0 exec-timeout 0 0 privilege level 15 logging synchronous line aux 0 exec-timeout 0 0 privilege level 15 logging synchronous line vty 0 4 login ! ! end
関連記事
関連記事
IPルーティング応用
- DNSラウンドロビン方式の負荷分散
- 負荷分散装置(ロードバランサ)の仕組み
- ルーティングプロセス ~実行中のルーティングプロトコル用のプログラム~
- 複数のルーティングプロトコルの利用
- 再配送(再配布) ~ルーティングドメイン境界で必須の設定~
- Cisco再配送(再配布)の設定 ~redistributeコマンド~
- Cisco 再配送の設定例 ~OSPFとRIPの双方向再配送~
- 再配送 設定ミスの切り分けと修正 Part1
- 再配送 設定ミスの切り分けと修正 Part2
- 再配送 設定ミスの切り分けと修正 Part3
- 再配送 設定ミスの切り分けと修正 Part4
- 再配送 設定ミスの切り分けと修正 Part5
- 再配送 設定ミスの切り分けと修正 Part6
- オフセットリスト(offset-list) ~ルート情報のメトリックを加算~
- オフセットリストの設定例 RIP
- オフセットリストの設定例 EIGRP
- ルートフィルタの概要
- ルートフィルタのポイント
- ディストリビュートリストによるルートフィルタの設定
- Ciscoディストリビュートリストによるルートフィルタの設定例
- プレフィクスリスト(prefix-list)によるルートフィルタの設定
- Ciscoプレフィクスリストによるルートフィルタの設定例
- Ciscoルートマップ(route-map)の概要 ~何をどう処理するか~
- Ciscoルートマップの設定
- Ciscoルートマップ(route-map)設定のポイント
- Ciscoルートマップによる再配送時のルート制御の設定例
- ポリシーベースルーティングの設定例
- GREトンネルインタフェース ~仮想的なポイントツーポイント接続~
- GREトンネルインタフェースの設定例
- GREトンネルの注意点 ~フラッピングしないように~
- オーバーレイネットワークとアンダーレイネットワーク
- ルート制御 ケーススタディ Part1
- ルート制御 ケーススタディ Part2
- ルート制御 ケーススタディ Part3
- VRF/VRF-Liteの概要 ~仮想的にルータを分割する~
- VRFの設定と確認コマンド [Cisco]
- VRF-Liteによるレイヤ3VPNの設定例 [Cisco]
- VRFルートリーク(スタティックルート)
- VRFルートリーク(スタティックルート)の設定例
- VRFルートリーク(MP-BGP)
- VRFルートリーク(MP-BGP)の設定例
- [FVRFの仕組み] FVRF(Front door VRF)とは
- [FVRFの仕組み] ポイントツーポイントGREトンネル:FVRFなし
- [FVRFの仕組み] ポイントツーポイントGREトンネル : FVRFあり(tunnel vrfコマンド)
- [FVRFの仕組み] IPSec VTI : FRVRFあり
- [FVRFの仕組み] IPSec VTI : FVRFあり 設定例
- [FVRFの仕組み] DMVPN : FVRFあり
- [FVRFの仕組み] DMVPN : FVRFあり 設定例 Part1
- [FVRFの仕組み] DMVPN : FVRFあり 設定例 Part2
- tunnel vrfコマンド
- tunnel vrfコマンドの設定例
- [演習] ルーティングループの防止
- [演習] 企業ネットワーク構築演習 Part1:拠点1の構築
- [演習] 企業ネットワーク構築演習 Part2:拠点2/拠点3の構築
- [演習] 企業ネットワーク構築演習 Part3:広域イーサネットの接続
- [演習] 企業ネットワーク構築演習 Part4:インターネット(AS1/AS2)の構築
- [演習] 企業ネットワーク構築演習 Part5:インターネットへの接続
- [演習] 企業ネットワーク構築演習 Part6:インターネットVPNの構築
