Trouble Shooting Practice 09

TASK

次のOUTPUTが得られるようにしてください。

OUTPUT

R103#ping 192.168.104.104 so fa0/1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.104.104, timeout is 2 seconds:
Packet sent with a source address of 192.168.103.103
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 72/87/104 ms
R103#
R103#
R103#trace 192.168.104.104 so fa0/1
Type escape sequence to abort.
Tracing the route to 192.168.104.104
VRF info: (vrf in name/id, vrf out name/id)
  1 192.168.234.104 96 msec *  84 msec

DIAGRAM

CONFIG

hostname R1
!
no logging console
!
no ip domain lookup
ip cef
no ipv6 cef
!
interface Loopback0
 ip address 10.0.0.1 255.255.255.255
 ip ospf 1 area 0
!
interface FastEthernet0/0
 no ip address
 shutdown
!
interface FastEthernet0/1
 ip address 10.1.234.1 255.255.255.0
 ip ospf priority 255
 ip ospf 1 area 0
 no shutdown
!
router ospf 1
 mpls ldp autoconfig
 router-id 10.0.0.1
!
router bgp 65000
 bgp router-id 10.0.0.1
 no bgp default ipv4-unicast
 timers bgp 30 90
 neighbor IBGP-PEER peer-group
 neighbor IBGP-PEER remote-as 65000
 neighbor IBGP-PEER update-source Loopback0
 neighbor 10.0.0.2 peer-group IBGP-PEER
 neighbor 10.0.0.3 peer-group IBGP-PEER
 neighbor 10.0.0.4 peer-group IBGP-PEER
 !
 address-family ipv4
 exit-address-family
 !
 address-family vpnv4
  neighbor IBGP-PEER send-community extended
  neighbor IBGP-PEER route-reflector-client
  neighbor 10.0.0.2 activate
  neighbor 10.0.0.3 activate
  neighbor 10.0.0.4 activate
 exit-address-family
!
mpls ldp router-id Loopback0 force
!
end
hostname R2
!
no logging console
!
ip vrf VPN-A
 rd 65000:234
 route-target export 65000:234
 route-target import 65000:234
!
no ip domain lookup
ip cef
no ipv6 cef
!
interface Loopback0
 ip address 10.0.0.2 255.255.255.255
 ip ospf 1 area 0
!
interface FastEthernet0/0
 ip address 10.1.234.2 255.255.255.0
 ip ospf 1 area 0
 no shutdown
!
interface FastEthernet0/1
 ip vrf forwarding VPN-A
 ip address 192.168.2.1 255.255.255.252
 no shutdown
!
router eigrp CCIE
 !
 address-family ipv4 unicast vrf VPN-A autonomous-system 65002
  !
  topology base
   redistribute bgp 65000 metric 100000 10 255 1 1500
  exit-af-topology
  network 192.168.2.1 0.0.0.0
  eigrp router-id 10.0.0.2
 exit-address-family
!
router ospf 1
 mpls ldp autoconfig
 router-id 10.0.0.2
!
router bgp 65000
 bgp router-id 10.0.0.2
 no bgp default ipv4-unicast
 timers bgp 30 90
 neighbor 10.0.0.1 remote-as 65000
 neighbor 10.0.0.1 update-source Loopback0
 !
 address-family ipv4
 exit-address-family
 !
 address-family vpnv4
  neighbor 10.0.0.1 activate
  neighbor 10.0.0.1 send-community extended
 exit-address-family
 !
 address-family ipv4 vrf VPN-A
  redistribute eigrp 65002
 exit-address-family
!
route-map CON-INTO-BGP permit 10
 match interface FastEthernet0/1
!
mpls ldp router-id Loopback0 force
!
end
hostname R3
!
no logging console
!
ip vrf VPN-A
 rd 65000:234
 route-target export 65000:234
 route-target import 65000:234
!
no ip domain lookup
ip cef
no ipv6 cef
!
interface Loopback0
 ip address 10.0.0.3 255.255.255.255
 ip ospf 1 area 0
!
interface FastEthernet0/0
 ip address 10.1.234.3 255.255.255.0
 ip ospf 1 area 0
 no shutdown
!
interface FastEthernet0/1
 ip vrf forwarding VPN-A
 ip address 192.168.3.1 255.255.255.252
 no shutdown
!
router eigrp CCIE
 !
 address-family ipv4 unicast vrf VPN-A autonomous-system 65003
  !
  topology base
   redistribute bgp 65000 metric 100000 10 255 1 1500
  exit-af-topology
  network 192.168.3.1 0.0.0.0
  eigrp router-id 10.0.0.3
 exit-address-family
!
router ospf 1
 mpls ldp autoconfig
 router-id 10.0.0.3
!
router bgp 65000
 bgp router-id 10.0.0.3
 no bgp default ipv4-unicast
 timers bgp 30 90
 neighbor 10.0.0.1 remote-as 65000
 neighbor 10.0.0.1 update-source Loopback0
 !
 address-family ipv4
 exit-address-family
 !
 address-family vpnv4
  neighbor 10.0.0.1 activate
  neighbor 10.0.0.1 send-community extended
 exit-address-family
 !
 address-family ipv4 vrf VPN-A
  redistribute eigrp 65003
 exit-address-family
!
route-map CON-INTO-BGP permit 10
 match interface FastEthernet0/1
!
mpls ldp router-id Loopback0 force
!
end
hostname R4
!
no logging console
!
ip vrf VPN-A
 rd 65000:234
 route-target export 65000:234
 route-target import 65000:234
!
no ip domain lookup
ip cef
no ipv6 cef
!
interface Loopback0
 ip address 10.0.0.4 255.255.255.255
 ip ospf 1 area 0
!
interface FastEthernet0/0
 ip address 10.1.234.4 255.255.255.0
 ip ospf 1 area 0
 no shutdown
!
interface FastEthernet0/1
 ip vrf forwarding VPN-A
 ip address 192.168.4.1 255.255.255.252
 no shutdown
!
router eigrp CCIE
 !
 address-family ipv4 unicast vrf VPN-A autonomous-system 65004
  !
  topology base
   redistribute bgp 65000 metric 100000 10 255 1 1500
  exit-af-topology
  network 192.168.4.1 0.0.0.0
  eigrp router-id 10.0.0.4
 exit-address-family
!
router ospf 1
 mpls ldp autoconfig
 router-id 10.0.0.4
!
router bgp 65000
 bgp router-id 10.0.0.4
 no bgp default ipv4-unicast
 timers bgp 30 90
 neighbor 10.0.0.1 remote-as 65000
 neighbor 10.0.0.1 update-source Loopback0
 !
 address-family ipv4
 exit-address-family
 !
 address-family vpnv4
  neighbor 10.0.0.1 activate
  neighbor 10.0.0.1 send-community extended
 exit-address-family
 !
 address-family ipv4 vrf VPN-A
  redistribute eigrp 65004
 exit-address-family
!
route-map CON-INTO-BGP permit 10
 match interface FastEthernet0/1
!
mpls ldp router-id Loopback0 force
!
end
hostname R102
!
no logging console
!
ip vrf VPN-A
 rd 65002:102
!
no ip domain lookup
ip cef
no ipv6 cef
!
crypto keyring KEYRING vrf VPN-A
  pre-shared-key address 0.0.0.0 0.0.0.0 key CCIE
!
crypto isakmp policy 10
 encr aes
 authentication pre-share
 group 2
crypto isakmp key cisco address 0.0.0.0
!
crypto ipsec transform-set TF-SET esp-aes 256
 mode transport
crypto ipsec transform-set TF-SET1 esp-aes 192
 mode transport
!
crypto ipsec profile PROF
 set transform-set TF-SET
!
interface Loopback0
 ip vrf forwarding VPN-A
 ip address 192.168.0.102 255.255.255.255
!
interface Tunnel0
 ip address 192.168.234.102 255.255.255.0
 no ip redirects
 ip mtu 1400
 ip nhrp authentication cisco
 ip nhrp map multicast dynamic
 ip nhrp network-id 234
 ip nhrp holdtime 300
 ip nhrp redirect
 ip tcp adjust-mss 1380
 tunnel source FastEthernet0/0
 tunnel mode gre multipoint
 tunnel key 234
 tunnel protection ipsec profile PROF
!
interface FastEthernet0/0
 ip vrf forwarding VPN-A
 ip address 192.168.2.2 255.255.255.252
 ip access-group 102 in
 no shutdown
!
interface FastEthernet0/1
 ip address 192.168.102.102 255.255.255.0
 no shutdown
!
router eigrp CCIE
 !
 address-family ipv4 unicast vrf VPN-A autonomous-system 65002
  !
  topology base
  exit-af-topology
  network 192.168.0.102 0.0.0.0
  network 192.168.2.2 0.0.0.0
  eigrp router-id 192.168.0.102
 exit-address-family
 !
 address-family ipv4 unicast autonomous-system 65000
  !
  af-interface Tunnel0
   no split-horizon
  exit-af-interface
  !
  topology base
  exit-af-topology
  network 192.168.102.102 0.0.0.0
  network 192.168.234.102 0.0.0.0
  eigrp router-id 192.168.0.102
 exit-address-family
!
access-list 102 permit esp any any log
access-list 102 permit ip any any log
!
end
hostname R103
!
no logging console
!
ip vrf VPN-A
 rd 65003:103
!
no ip domain lookup
ip cef
no ipv6 cef
!
crypto keyring KEYRING vrf VPN-A
  pre-shared-key address 0.0.0.0 0.0.0.0 key CCIE
!
crypto isakmp policy 10
 encr aes
 authentication pre-share
 group 2
crypto isakmp key cisco address 0.0.0.0
!
crypto ipsec transform-set TF-SET esp-aes 256
 mode transport
crypto ipsec transform-set TF-SET1 esp-aes 192
 mode transport
!
crypto ipsec profile PROF
 set transform-set TF-SET1
!
interface Loopback0
 ip vrf forwarding VPN-A
 ip address 192.168.0.103 255.255.255.255
!
interface Tunnel0
 ip address 192.168.234.103 255.255.255.0
 no ip redirects
 ip mtu 1400
 ip nhrp authentication cisco
 ip nhrp map multicast 192.168.0.102
 ip nhrp map 192.168.234.102 192.168.0.102
 ip nhrp network-id 234
 ip nhrp holdtime 300
 ip nhrp nhs 192.168.234.102
 ip nhrp shortcut
 ip tcp adjust-mss 1380
 tunnel source Loopback0
 tunnel mode gre multipoint
 tunnel key 234
 tunnel vrf VPN-A
 tunnel protection ipsec profile PROF
!
interface FastEthernet0/0
 ip vrf forwarding VPN-A
 ip address 192.168.3.2 255.255.255.252
 ip access-group 103 in
 no shutdown
!
interface FastEthernet0/1
 ip address 192.168.103.103 255.255.255.0
 no shutdown
!
router eigrp CCIE
 !
 address-family ipv4 unicast vrf VPN-A autonomous-system 65003
  !
  topology base
  exit-af-topology
  network 192.168.0.103 0.0.0.0
  network 192.168.3.2 0.0.0.0
  eigrp router-id 192.168.0.103
 exit-address-family
 !
 address-family ipv4 unicast autonomous-system 65000
  !
  topology base
  exit-af-topology
  network 192.168.103.103 0.0.0.0
  network 192.168.234.103 0.0.0.0
  eigrp router-id 192.168.0.103
 exit-address-family
!
access-list 103 permit esp any any log
access-list 103 permit ip any any log
!
end
hostname R104
!
no logging console
!
ip vrf VPN-A
 rd 65004:104
!
no ip domain lookup
ip cef
no ipv6 cef
!
crypto keyring KEYRING vrf VPN-A
  pre-shared-key address 0.0.0.0 0.0.0.0 key CCIE
!
crypto isakmp policy 10
 encr aes
 authentication pre-share
 group 2
crypto isakmp key cisco address 0.0.0.0
!
crypto ipsec transform-set TF-SET esp-aes 256
 mode transport
crypto ipsec transform-set TF-SET1 esp-aes 192
 mode transport
!
crypto ipsec profile PROF
 set transform-set TF-SET
!
interface Loopback0
 ip vrf forwarding VPN-A
 ip address 192.168.0.104 255.255.255.255
!
interface Tunnel0
 ip address 192.168.234.104 255.255.255.0
 no ip redirects
 ip mtu 1400
 ip nhrp authentication cisco
 ip nhrp map multicast 192.168.0.102
 ip nhrp map 192.168.234.102 192.168.0.102
 ip nhrp network-id 234
 ip nhrp holdtime 300
 ip nhrp nhs 192.168.234.102
 ip nhrp shortcut
 ip tcp adjust-mss 1380
 tunnel source Loopback0
 tunnel mode gre multipoint
 tunnel key 234
 tunnel vrf VPN-A
 tunnel protection ipsec profile PROF
!
interface FastEthernet0/0
 ip vrf forwarding VPN-A
 ip address 192.168.4.2 255.255.255.252
 ip access-group 104 in
 no shutdown
!
interface FastEthernet0/1
 ip address 192.168.104.104 255.255.255.0
 no shutdown
!
router eigrp CCIE
 !
 address-family ipv4 unicast vrf VPN-A autonomous-system 65004
  !
  topology base
  exit-af-topology
  network 192.168.0.104 0.0.0.0
  network 192.168.4.2 0.0.0.0
  eigrp router-id 192.168.0.104
 exit-address-family
 !
 address-family ipv4 unicast autonomous-system 65000
  !
  topology base
  exit-af-topology
  network 192.168.104.104 0.0.0.0
  network 192.168.234.104 0.0.0.0
  eigrp router-id 192.168.0.104
 exit-address-family
!
access-list 104 deny   esp any any log
access-list 104 permit ip any any log
!
end

SOLUTION

SOLUTION

コメント