- Use markup editing (black code to the left, and white WYSIWYG to the right)
- On the left, click 6:th icon (zigzag + curve) called "Insert Diagram"
¶ Lab - Implement eBGP for IPv4 - CCNP ENCOR
¶ From the old lab-manual (CCNP TSHOOT)
Below is a bitmap from the old lab-manual (CCNP TSHOOT)
Below is a editable drawing made in draw.io
¶ Conf t -- examples
c3650-k9.16.09.04(config)#router ?
bgp Border Gateway Protocol (BGP)
eigrp Enhanced Interior Gateway Routing Protocol (EIGRP)
isis ISO IS-IS
iso-igrp IGRP for OSI networks
lisp Locator/ID Separation Protocol
mobile Mobile routes
odr On Demand stub Routes
ospf Open Shortest Path First (OSPF)
ospfv3 OSPFv3
rip Routing Information Protocol (RIP)
c3650-k9.16.09.04(config)#router
% Incomplete command.
c3650-k9.16.09.04(config)#router bgp 65001
IP routing not enabled
c3650-k9.16.09.04(config)#ip routing
c3650-k9.16.09.04(config)#interf loo 0
c3650-k9.16.09.04(config-if)#ip add
*Oct 11 09:58:35.182: %LINEPROTO-5-UPDOWN: Line protocol on Interface Loopback0, changed state to upress 10.0.0.1 255.
*Oct 11 09:58:41.003: %HMANRP-6-EMP_NO_ELECTION_INFO: Could not elect active EMP switch, setting emp active switch to 0: EMP_RELAY: Could not elect switch with mgmt port UP125
c3650-k9.16.09.04(config-if)#ip address 10.0.0.1 255.255.255.0
c3650-k9.16.09.04(config-if)#exit
c3650-k9.16.09.04(config)#ip routing
c3650-k9.16.09.04(config)#router bgp 65001
c3650-k9.16.09.04(config-router)#?
Router configuration commands:
address-family Enter Address Family command mode
aggregate-address Configure BGP aggregate entries
auto-summary Enable automatic network number summarization
bgp BGP specific commands
default Set a command to its defaults
default-information Control distribution of default information
default-metric Set metric of redistributed routes
distance Define an administrative distance
distribute-list Filter networks in routing updates
exit Exit from routing protocol configuration mode
help Description of the interactive help system
maximum-paths Forward packets over multiple paths
maximum-secondary-paths Maximum secondary paths
neighbor Specify a neighbor router
network Specify a network to announce via BGP
no Negate a command or set its defaults
redistribute Redistribute information from another routing
protocol
scope Enter scope command mode
snmp Modify snmp parameters
synchronization Perform IGP synchronization
c3650-k9.16.09.04(config-router)#neighb
c3650-k9.16.09.04(config-router)#neighbor 1.1.1.1 ?
activate Enable the Address Family for this Neighbor
additional-paths Negotiate additional paths capabilities with this
neighbor
advertise Advertise to this neighbor
advertise-map specify route-map for conditional advertisement
advertisement-interval Minimum interval between sending BGP routing updates
aigp Enable a AIGP on neighbor
allow-policy Enable the policy support for this IBGP Neighbor
allowas-in Accept as-path with my AS present in it
announce Announce RPKI State using an Extended Community
as-override Override matching AS-number while sending update
capability Advertise capability to the peer
cluster-id Configure Route-Reflector Cluster-id (peers may
reset)
default-originate Originate default route to this neighbor
description Neighbor specific description
disable-connected-check one-hop away EBGP peer using loopback address
distribute-list Filter updates to/from this neighbor
dmzlink-bw Propagate the DMZ link bandwidth
ebgp-multihop Allow EBGP neighbors not on directly connected
networks
fall-over session fall on peer route lost
filter-list Establish BGP filters
ha-mode high availability mode
inherit Inherit a template
local-as Specify a local-as number
log-neighbor-changes Log neighbor up/down and reset reason
maximum-prefix Maximum number of prefixes accepted from this peer
next-hop-self Disable the next hop calculation for this neighbor
next-hop-unchanged Propagate next hop unchanged for iBGP paths to this
neighbor
password Set a password
path-attribute BGP optional attribute filtering
peer-group Member of the peer-group
prefix-list Filter updates to/from this neighbor
remote-as Specify a BGP neighbor
remove-private-as Remove private AS number from outbound updates
route-map Apply route map to neighbor
route-reflector-client Configure a neighbor as Route Reflector client
send-community Send Community attribute to this neighbor
send-label Send NLRI + MPLS Label to this peer
shutdown Administratively shut down this neighbor
slow-peer Configure slow-peer
soft-reconfiguration Per neighbor soft reconfiguration
soo Site-of-Origin extended community
timers BGP per neighbor timers
translate-update Translate Update to MBGP format
transport Transport options
ttl-security BGP ttl security check
unsuppress-map Route-map to selectively unsuppress suppressed
routes
update-source Source of routing updates
version Set the BGP version to match a neighbor
weight Set default weight for routes from this neighbor
c3650-k9.16.09.04(config-router)#c3650-k9.16.09.04(config)#ipv6 unicast-routing
c3650-k9.16.09.04(config)#router bgp 65001
c3650-k9.16.09.04(config-router)#address-family ipv6 unicast
c3650-k9.16.09.04(config-router-af)#?
Router Address Family configuration commands:
aggregate-address Configure BGP aggregate entries
bgp BGP specific commands
default Set a command to its defaults
default-information Distribution of default information
default-metric Set metric of redistributed routes
distance Administrative distance
exit-address-family Exit from Address Family configuration mode
help Description of the interactive help system
maximum-paths Forward packets over multiple paths
neighbor Specify a neighbor router
network Specify a network to announce via BGP
no Negate a command or set its defaults
redistribute Redistribute IPv6 prefixes from another routing protocol
snmp Modify snmp parameters
synchronization Perform IGP synchronization
table-map Map external entry attributes into routing table
c3650-k9.16.09.04(config-router-af)#
¶ L3 on 2960
c2960-k9-mz.150-2(config)#sdm prefer lanbase-routing
Changes to the running SDM preferences have been stored, but cannot take effect
until the next reload.
Use 'show sdm prefer' to see what SDM preference is currently active.
c2960-k9-mz.150-2(config)#show sdm pre
c2960-k9-mz.150-2(config)#show sdm
^
% Invalid input detected at '^' marker.
c2960-k9-mz.150-2(config)#show sdm ?
% Unrecognized command
c2960-k9-mz.150-2(config)#exit
c2960-k9-mz.150-2#show
*Mar 2 01:00:04.291: %SYS-5-CONFIG_I: Configured from console by consolesdm ?
prefer Show current template configuration
c2960-k9-mz.150-2#show sdm pref
c2960-k9-mz.150-2#show sdm prefer
The current template is "default" template.
The selected template optimizes the resources in
the switch to support this level of features for
0 routed interfaces and 255 VLANs.
number of unicast mac addresses: 8K
number of IPv4 IGMP groups + multicast routes: 0.25K
number of IPv4 unicast routes: 0
number of IPv6 multicast groups: 0
number of IPv6 unicast routes: 0
number of directly-connected IPv6 addresses: 0
number of indirect IPv6 unicast routes: 0
number of IPv4 policy based routing aces: 0
number of IPv4/MAC qos aces: 0.125k
number of IPv4/MAC security aces: 0.375k
number of IPv6 policy based routing aces: 0
number of IPv6 qos aces: 20
number of IPv6 security aces: 25
On next reload, template will be "lanbase-routing" template.
c2960-k9-mz.150-2#
c2960-k9-mz.150-2#
c2960-k9-mz.150-2#
c2960-k9-mz.150-2# reload
Press RETURN to get started!
c2960-k9-mz.150-2>ena
c2960-k9-mz.150-2#conf t
Enter configuration commands, one per line. End with CNTL/Z.
c2960-k9-mz.150-2(config)#ip routing
c2960-k9-mz.150-2(config)#ipv6 routing
^
% Invalid input detected at '^' marker.
c2960-k9-mz.150-2(config)#ipv6 routing ?
% Unrecognized command
c2960-k9-mz.150-2(config)#
c2960-k9-mz.150-2(config)#
c2960-k9-mz.150-2(config)#
c2960-k9-mz.150-2(config)#
c2960-k9-mz.150-2(config)#
c2960-k9-mz.150-2(config)#
c2960-k9-mz.150-2(config)#
c2960-k9-mz.150-2(config)#unic
c2960-k9-mz.150-2(config)#ip
c2960-k9-mz.150-2(config)#ip
c2960-k9-mz.150-2(config)#ipv?
ipv6
c2960-k9-mz.150-2(config)#ipv6 ?
access-list Configure access lists
cef Cisco Express Forwarding for IPv6
flowset Set flow label random for originated packets
general-prefix Configure a general IPv6 prefix
hop-limit Configure hop count limit
host Configure static hostnames
icmp Configure ICMP parameters
local Specify local options
nd Configure IPv6 ND
neighbor Neighbor
prefix-list Build a prefix list
radius RADIUS configuration commands
route Configure static routes
router Enable an IPV6 routing process
snooping IPv6 snooping configuration commands
source-route Process packets with source routing header options
tacacs TACACS configuration commands
traffic Configure traffic parameters
unicast-routing Enable unicast routing
c2960-k9-mz.150-2(config)#ipv6 unica
c2960-k9-mz.150-2(config)#ipv6 unicast-routing
c2960-k9-mz.150-2(config)#
c2960-k9-mz.150-2(config)#ip route ?
A.B.C.D Destination prefix
profile Enable IP routing table profile
static Allow static routes
c2960-k9-mz.150-2(config)#show ip route
^
% Invalid input detected at '^' marker.
c2960-k9-mz.150-2(config)#do show ip route
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
+ - replicated route, % - next hop override
Gateway of last resort is not set
c2960-k9-mz.150-2(config)#interf lo 0
c2960-k9-mz.150-2(config-if)#ip address 1
*Mar 1 00:05:38.018: %LINEPROTO-5-UPDOWN: Line protocol on Interface Loopback0, changed state to up0.
c2960-k9-mz.150-2(config-if)#ip address 10.1.1.1 255.255.255.0
c2960-k9-mz.150-2(config-if)#no shut
c2960-k9-mz.150-2(config-if)#exit
c2960-k9-mz.150-2(config)#ip route 0.0.0.0 0.0.0.0 10.1.1.1.1 ?
% Unrecognized command
c2960-k9-mz.150-2(config)#ip route ?
A.B.C.D Destination prefix
profile Enable IP routing table profile
static Allow static routes
c2960-k9-mz.150-2(config)#ip route 0.0.0.0 ?
A.B.C.D Destination prefix mask
c2960-k9-mz.150-2(config)#ip route 0.0.0.0 0.0.0.0 ?
A.B.C.D Forwarding router's address
Async Async interface
Auto-Template Auto-Template interface
BVI Bridge-Group Virtual Interface
CTunnel CTunnel interface
DHCP Default Gateway obtained from DHCP
Dialer Dialer interface
Filter Filter interface
Filtergroup Filter Group interface
GigabitEthernet GigabitEthernet IEEE 802.3z
GroupVI Group Virtual interface
Lex Lex interface
Loopback Loopback interface
Null Null interface
Port-channel Ethernet Channel of interfaces
Portgroup Portgroup interface
Pos-channel POS Channel of interfaces
Tunnel Tunnel interface
Vif PGM Multicast Host interface
Virtual-TokenRing Virtual TokenRing
Vlan Catalyst Vlans
fcpa Fiber Channel
c2960-k9-mz.150-2(config)#ip route 0.0.0.0 0.0.0.0 10.1.1.1 ?
<1-255> Distance metric for this route
multicast multicast route
name Specify name of the next hop
permanent permanent route
tag Set tag for this route
track Install route depending on tracked item
c2960-k9-mz.150-2(config)#ip route 0.0.0.0 0.0.0.0 10.1.1.1
%Invalid next hop address (it's this router)
c2960-k9-mz.150-2(config)#ip route 0.0.0.0 0.0.0.0 nul
c2960-k9-mz.150-2(config)#ip route 0.0.0.0 0.0.0.0 null 0
c2960-k9-mz.150-2(config)#do show ip route
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
+ - replicated route, % - next hop override
Gateway of last resort is 0.0.0.0 to network 0.0.0.0
S* 0.0.0.0/0 is directly connected, Null0
10.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C 10.1.1.0/24 is directly connected, Loopback0
L 10.1.1.1/32 is directly connected, Loopback0
c2960-k9-mz.150-2(config)#
Exempel på CHALLANGE/SKILL
grund: kryptererade lösenord, enable säkerhet, bara ssh - stäng av telnet,
no ip domain lookup (utom R1, för den har DHCP), logg synch, ...
description på allt, inkl bgp (remark i OSPF, eigrp ??)
Banner (kort o korrekt)
Hostname
R1> ip address dhcp (då kommer default-route)
NAT/PAT för att alla interna addresser skall komma ut
BGP med loopbacks
update-source
neighbor default-route
DLS 1 : BGP + (OSPF eller EIGRP inkl defa route )
DHCP -server
statiska routes mot ALS1 and 2 (summary)
routed port mot ALSx
etherchannel (antingel l3 med routed port, eller L2 med SVI)
DLS 2:
statiska routes mot ALS1 and 2 (summary)
routed port mot ALSx
etherchannel (antingel l3 med routed port, eller L2 med SVI). Use on of Static, LACP or PAgP.
ALS1
statisk defa route mote DLS1 + floating static mot DLS2
vlan 10 mot DLS + interface vlan
vlan 20 mot PC + interface vlan , summeras med nedan
loopback för rolig summering
ip helper
ALS2
statisk defa route mote DLS1 + floating static mot DLS2
vlan 30 mot DLS + interface vlan
vlan 40 mot PC + interface vlan, summeras med nedan
loopback för rolig summering
PC A: DHCP client
IPV6 på R1+DLS1+DLS2 o deras loopback (ej mot CNAP)
Tag bort alla static routes på ALSx, och peka defaultroute på .5 istället.
Skapa 2st HSRP för de olika näten med .5-VIP
Extras
NTP: Synka R1 mot skolan, och låt alla andra enheter synca mot R1
NAT: OM du kollar vilket IP-nummer R1 fick, går det att sätta upp en web-server på PC-A som är nåbar utifrån?
STP: går det att sätta root guard, BPDU guard, and STP loop guard på alla accessportar
VTP: set DLS1 as SERVER and other Catalysts (DLS2, ALSx) as CLIENT
DTP: turn off DTP for static trunks (switchport nonegotiate)
VRF: Is it possible to create another VRF in R1 that only has connectivity with DLS1? (change R1-DLS1 connection to a trunk)
OBS : och allt annat oxå