第15回 CCIE R&S 勉強会 演習問題 回答

ection 1

!!! R1
router ospf 65100
 router-id 10.0.0.1
interface loopback0
 ip ospf 65100 area 0
interface Ethernet1/0.13
 ip ospf 65100 area 0
 ip ospf network point-to-point
interface Ethernet1/0.15
 ip ospf 65100 area 0
 ip ospf network point-to-point
interface Ethernet1/0.17
 ip ospf 65100 area 0
 ip ospf network point-to-point

!!! R3
router ospf 65100
 router-id 10.0.0.3
interface loopback0
 ip ospf 65100 area 0
interface Ethernet1/0.13
 ip ospf 65100 area 0
 ip ospf network point-to-point

!!! R5
router ospf 65100
 router-id 10.0.0.5
interface loopback0
 ip ospf 65100 area 0
interface Ethernet1/0.15
 ip ospf 65100 area 0
 ip ospf network point-to-point

!!! R7
router ospf 65100
 router-id 10.0.0.7
 network 10.0.0.7 0.0.0.0 area 0
 network 10.1.7.7 0.0.0.0 area 0
interface Ethernet1/0.17
 ip ospf 65100 area 0
 ip ospf network point-to-point

 

Section 2

!!! R2
router ospf 65200
 router-id 10.0.0.2
interface Loopback0
 ip ospf 65200 area 0
interface Ethernet1/0.26
 ip ospf 65200 area 0
 ip ospf priority 255
interface Ethernet1/0.28
 ip ospf 65200 area 0
 ip ospf priority 255
interface Ethernet1/0.210
 ip ospf 65200 area 0
 ip ospf priority 255

!!! R4
router ospf 65200
 router-id 10.0.0.4
 max-metric router-lsa
interface Loopback0
 ip ospf 65200 area 0
interface Ethernet1/0.46
 ip ospf 65200 area 0
 ip ospf priority 255
interface Ethernet1/0.48
 ip ospf 65200 area 0
 ip ospf priority 255
interface Ethernet1/0.410
 ip ospf 65200 area 0
 ip ospf priority 255

!!! R6
router ospf 65200
 router-id 10.0.0.6
interface Loopback0
 ip ospf 65200 area 0
interface Ethernet1/0.26
 ip ospf 65200 area 0
interface Ethernet1/0.46
 ip ospf 65200 area 0

!!! R8
router ospf 65200
 router-id 10.0.0.8
interface Loopback0
 ip ospf 65200 area 0
interface Ethernet1/0.28
 ip ospf 65200 area 0
interface Ethernet1/0.48
 ip ospf 65200 area 0

!!! R10
router ospf 65200
 router-id 10.0.0.10
interface Loopback0
 ip ospf 65200 area 0
interface Ethernet1/0.210
 ip ospf 65200 area 0
interface Ethernet1/0.410
 ip ospf 65200 area 0

 

Section 3

!!! R1
router bgp 65100
 bgp router-id 10.0.0.1
 neighbor IBGP-PEER peer-group
 neighbor IBGP-PEER remote-as 65100
 neighbor IBGP-PEER update-source Loopback0
 neighbor IBGP-PEER route-reflector-client
 neighbor 10.0.0.3 peer-group IBGP-PEER
 neighbor 10.0.0.5 peer-group IBGP-PEER
 neighbor 10.0.0.7 peer-group IBGP-PEER

!!! R3
ip prefix-list ADV-ROUTE seq 10 permit 10.5.11.0/30
ip prefix-list ADV-ROUTE seq 20 permit 10.7.13.0/30

route-map CON-INTO-BGP permit 10
 match interface Ethernet1/0.39

router bgp 65100
 bgp router-id 10.0.0.3
 neighbor 10.0.0.1 remote-as 65100
 neighbor 10.0.0.1 update-source Loopback0
 neighbor 10.0.0.1 next-hop-self
 neighbor 10.3.9.2 remote-as 65101
 neighbor 10.3.9.2 prefix-list ADV-ROUTE out
 redistribute connected route-map CON-INTO-BGP

!!! R5
ip prefix-list ADV-ROUTE seq 10 permit 10.3.9.0/30
ip prefix-list ADV-ROUTE seq 20 permit 10.7.13.0/30

route-map CON-INTO-BGP permit 10
 match interface Ethernet1/0.511

router bgp 65100
 bgp router-id 10.0.0.5
 neighbor 10.0.0.1 remote-as 65100
 neighbor 10.0.0.1 update-source Loopback0
 neighbor 10.0.0.1 next-hop-self
 neighbor 10.5.11.2 remote-as 65101
 neighbor 10.5.11.2 prefix-list ADV-ROUTE out
 redistribute connected route-map CON-INTO-BGP

!!! R7
ip prefix-list ADV-ROUTE seq 10 permit 10.3.9.0/30
ip prefix-list ADV-ROUTE seq 20 permit 10.5.11.0/30

route-map CON-INTO-BGP permit 10
 match interface Ethernet1/0.713

router bgp 65100
 bgp router-id 10.0.0.7
 neighbor 10.0.0.1 remote-as 65100
 neighbor 10.0.0.1 update-source Loopback0
 neighbor 10.0.0.1 next-hop-self
 neighbor 10.7.13.2 remote-as 65101
 neighbor 10.7.13.2 prefix-list ADV-ROUTE out
 redistribute connected route-map CON-INTO-BGP

 

Section 4

!!! R9
router bgp 65101
 bgp router-id 10.0.0.9
 neighbor 10.3.9.1 remote-as 65100

!!! R11
router bgp 65101
 bgp router-id 10.0.0.11
 neighbor 10.5.11.1 remote-as 65100

!!! R13
router bgp 65101
 bgp router-id 10.0.0.13
 neighbor 10.7.13.1 remote-as 65100

 

Section 5

!!! R14
router bgp 65201
 bgp router-id 10.0.0.14
 neighbor 10.0.0.18 remote-as 65201
 neighbor 10.0.0.18 update-source Loopback0
 neighbor 10.0.0.18 next-hop-self
 neighbor 10.8.14.1 remote-as 65200

!!! R16
router bgp 65201
 bgp router-id 10.0.0.16
 nei 10.0.0.18 remote-as 65201
 nei 10.0.0.18 update-source Loopback0
 nei 10.0.0.18 next-hop-self
 nei 10.10.16.1 remote-as 65200

 

Section 6

!!! R9
crypto isakmp policy 10
 encr aes 256
 hash sha256
 authentication pre-share
 group 2
 lifetime 86400
crypto isakmp key CCIE? address 10.5.11.2
crypto isakmp key CCIE? address 10.7.13.2

crypto ipsec transform-set TF-SET esp-aes 256 esp-sha256-hmac
 mode transport
crypto ipsec profile PROF
 set transform-set TF-SET

interface tunnel 0
 ip address 172.16.100.9 255.255.255.0
 tunnel source Ethernet1/0.39
 tunnel mode gre multipoint
 ip mtu 1400
 ip tcp adjust-mss 1380
 ip nhrp network-id 1
 ip nhrp authentication cisco
 ip nhrp holdtime 300
 ip nhrp nhs 172.16.100.13
 ip nhrp map 172.16.100.13 10.7.13.2
 ip nhrp map multicast 10.7.13.2
 tunnel protection ipsec profile PROF

!!! R11
crypto isakmp policy 10
 encr aes 256
 hash sha256
 authentication pre-share
 group 2
 lifetime 86400
crypto isakmp key CCIE? address 10.3.9.2
crypto isakmp key CCIE? address 10.7.13.2

crypto ipsec transform-set TF-SET esp-aes 256 esp-sha256-hmac
 mode transport
crypto ipsec profile PROF
 set transform-set TF-SET

interface tunnel 0
 ip address 172.16.100.11 255.255.255.0
 tunnel source Ethernet1/0.511
 tunnel mode gre multipoint
 ip mtu 1400
 ip tcp adjust-mss 1380
 ip nhrp network-id 1
 ip nhrp authentication cisco
 ip nhrp holdtime 300
 ip nhrp nhs 172.16.100.13
 ip nhrp map 172.16.100.13 10.7.13.2
 ip nhrp map multicast 10.7.13.2
 tunnel protection ipsec profile PROF

!!! R13
crypto isakmp policy 10
 encr aes 256
 hash sha256
 authentication pre-share
 group 2
 lifetime 86400
crypto isakmp key CCIE? address 10.3.9.2
crypto isakmp key CCIE? address 10.5.11.2

crypto ipsec transform-set TF-SET esp-aes 256 esp-sha256-hmac
 mode transport
crypto ipsec profile PROF
 set transform-set TF-SET

interface tunnel 0
 ip address 172.16.100.13 255.255.255.0
 tunnel source Ethernet1/0.713
 tunnel mode gre multipoint
 ip mtu 1400
 ip tcp adjust-mss 1380
 ip nhrp network-id 1
 ip nhrp authentication cisco
 ip nhrp holdtime 300
 ip nhrp map multicast dynamic
 tunnel protection ipsec profile PROF

 

Section 7

!!! R9
router eigrp 65101
 eigrp router-id 10.0.0.9
 network 172.16.100.9 0.0.0.0
 network 172.16.103.9 0.0.0.0

interface tunnel 0
 ip nhrp shortcut

!!! R11
router eigrp 65101
 eigrp router-id 10.0.0.11
 network 172.16.100.11 0.0.0.0
 network 172.16.102.11 0.0.0.0

interface tunnel 0
 ip nhrp shortcut

!!! R13
router eigrp 65101
 eigrp router-id 10.0.0.13
 network 172.16.100.13 0.0.0.0
 network 172.16.101.13 0.0.0.0

interface tunnel 0
 no ip split-horizon eigrp 65101
 ip nhrp redirect

 

Section 8

!!! R2
router ospf 65200
 mpls ldp autoconfig
mpls ldp router-id loopback 0 force

!!! R4
router ospf 65200
 mpls ldp autoconfig
mpls ldp router-id loopback 0 force

!!! R6
router ospf 65200
 mpls ldp autoconfig
mpls ldp router-id loopback 0 force

vrf definition VPN-EVENING
 rd 65200:65201
 route-target export 65200:65201
 route-target import 65200:65201
 address-family ipv4

interface Ethernet1/0.612
 vrf forwarding VPN-EVENING
 ip address 10.6.12.1 255.255.255.252

router bgp 65200
 no bgp default ipv4-unicast
 bgp router-id 10.0.0.6
 neighbor VPNV4-PEER peer-group
 neighbor VPNV4-PEER remote-as 65200
 neighbor VPNV4-PEER update-source loopback 0
 neighbor 10.0.0.8 peer-group VPNV4-PEER
 neighbor 10.0.0.10 peer-group VPNV4-PEER

 address-family vpnv4
  neighbor 10.0.0.8 activate
  neighbor 10.0.0.10 activate
  neighbor VPNV4-PEER send-community extended

 address-family ipv4 vrf VPN-EVENING
  redistribute ospf 65201
  redistribute connected

router ospf 65201 vrf VPN-EVENING
 router-id 6.6.6.6
 redistribute bgp 65200 subnets
 network 10.6.12.1 0.0.0.0 area 0

!!! R8
router ospf 65200
 mpls ldp autoconfig
mpls ldp router-id loopback 0 force

vrf definition VPN-EVENING
 rd 65200:65201
 route-target export 65200:65201
 route-target import 65200:65201
 address-family ipv4

interface Ethernet1/0.814
 vrf forwarding VPN-EVENING
 ip address 10.8.14.1 255.255.255.252

router bgp 65200
 no bgp default ipv4-unicast
 bgp router-id 10.0.0.8
 neighbor VPNV4-PEER peer-group
 neighbor VPNV4-PEER remote-as 65200
 neighbor VPNV4-PEER update-source loopback 0
 neighbor 10.0.0.6 peer-group VPNV4-PEER
 neighbor 10.0.0.10 peer-group VPNV4-PEER

 address-family vpnv4
  neighbor 10.0.0.6 activate
  neighbor 10.0.0.10 activate
  neighbor VPNV4-PEER send-community extended

 address-family ipv4 vrf VPN-EVENING
  neighbor 10.8.14.2 remote-as 65201
  neighbor 10.8.14.2 as-override
  neighbor 10.8.14.2 soo 65200:65201
  redistribute connected

!!! R10
router ospf 65200
 mpls ldp autoconfig
mpls ldp router-id loopback 0 force

vrf definition VPN-EVENING
 rd 65200:65201
 route-target export 65200:65201
 route-target import 65200:65201
 address-family ipv4

interface Ethernet1/0.1016
 vrf forwarding VPN-EVENING
 ip address 10.10.16.1 255.255.255.252

router bgp 65200
 no bgp default ipv4-unicast
 bgp router-id 10.0.0.10
 neighbor VPNV4-PEER peer-group
 neighbor VPNV4-PEER remote-as 65200
 neighbor VPNV4-PEER update-source loopback 0
 neighbor 10.0.0.6 peer-group VPNV4-PEER
 neighbor 10.0.0.8 peer-group VPNV4-PEER

 address-family vpnv4
  neighbor 10.0.0.6 activate
  neighbor 10.0.0.8 activate
  neighbor VPNV4-PEER send-community extended

 address-family ipv4 vrf VPN-EVENING
  neighbor 10.10.16.2 remote-as 65201
  neighbor 10.10.16.2 as-override
  neighbor 10.10.16.2 soo 65200:65201
  redistribute connected

 

Section 9

!!! R6
no mpls ip propagate-ttl

!!! R8
no mpls ip propagate-ttl

!!! R10
no mpls ip propagate-ttl

route-map SET-LP permit 10
 set local-preference 200

router bgp 65200
 address-family ipv4 vrf VPN-EVENING
  neighbor 10.10.16.2 route-map SET-LP in

do clear bgp vpnv4 unicast * soft

!!! R12
router ospf 65201
 router-id 10.0.0.12
interface Loopback0
 ip ospf 65201 area 0
interface Ethernet1/0.12
 ip ospf 65201 area 0
interface Ethernet1/0.612
 ip ospf 65201 area 0

 

Section 10

!!! R12
interface Ethernet1/0.1220
 ip ospf 65201 area 0

!!! R19
router eigrp 65101
 network 192.168.201.129 0.0.0.0

!!! R20
router ospf 65201
 router-id 10.0.0.20
 redistribute eigrp 65101 subnets

interface Ethernet1/0.1220
 ip ospf 65201 area 0

router eigrp 65101
 eigrp router-id 10.0.0.20
 network 192.168.201.190 0.0.0.0
 redistribute ospf 65201 metric 10000 100 255 1 1500

interface Ethernet1/0.1920
 ip summary-address eigrp 65101 0.0.0.0 0.0.0.0

!!! R6
router bgp 65200
 address-family ipv4 vrf VPN-EVENING
  redistribute ospf 65201 match internal external

!!! R19
ip dhcp excluded-address 172.16.103.9
ip dhcp excluded-address 172.16.102.11
ip dhcp pool DHCP-KANAGAWA
 host 172.16.103.15 255.255.255.0
 client-identifier 01cc.1ecc.1e00.15
 default-router 172.16.103.9
ip dhcp pool DHCP-SAITAMA
 host 172.16.102.17 255.255.255.0
 client-identifier 01cc.1ecc.1e00.17
 default-router 172.16.102.11