本次練習是參考Cisco網路學院
CCNP1 Building Scalable Internetworks v5.0
Student Lab Manual
我將它轉成Dynamips的設定檔 並寫下自己的實驗紀錄
Dynamips的設定檔:
##################################################
#
# For CCNP1 Building Scalable Internetworks v5.0
# Lab 6_7_1-2,4
#
##################################################
autostart=false
[localhost:7200]
workingdir = /opt/dynamips/dynagen-0.10.1/UTS/CCNP1/Week05/workingconfig/
[[3640]]
# Specify 3640 IOS image on Windows here:
# image = C:\Program Files\Dynamips\images\c3640-jk9o3s-mz.123-14.T7.extracted.bin
# Specify 3640 IOS image on Linux here:
image = /opt/dynamips/images/c3640-jk.bin
ram = 128
disk0 = 0
disk1 = 0
# Choose an idlepc value from the below
idlepc = 0x605ac7b8
mmap = true
ghostios = true
confreg = 0x2102
###########################
#
# Define router instances 1
#
###########################
[[Router R1]]
model = 3640
console = 2001
slot0 = NM-4T
[[Router R2]]
model = 3640
console = 2002
slot0 = NM-4T
S0/0 = R1 S0/0
S0/1 = R3 S0/1
[[Router R3]]
model = 3640
console = 2003
slot0 = NM-4T
這Lab學習目標為
In this lab, you will use BGP commands to prevent private AS numbers from being advertised to the outside world. You will also use the AS_PATH attribute to filter BGP routes based on their source AS numbers.
我的設定是
1. Assign IP Addresses
SanJose:
hostname SanJose
!
no ip domain lookup
!
interface Loopback0
ip address 201.0.0.1 255.255.255.0
!
interface Serial0/0
ip address 192.168.1.5 255.255.255.252
no shutdown
!
line con 0
exec-timeout 0 0
logging synchronous
!
end
ISP:
hostname ISP
!
no ip domain lookup
!
interface Loopback0
ip address 202.0.0.1 255.255.255.0
!
interface Serial0/0
ip address 192.168.1.6 255.255.255.0
no shutdown
!
interface Serial0/1
ip address 172.24.1.17 255.255.255.252
no shutdown
!
line con 0
exec-timeout 0 0
logging synchronous
!
end
CustRtr:
hostname CustRtr
!
no ip domain lookup
!
interface Loopback0
ip address 203.0.0.1 255.255.255.0
!
interface Serial0/1
ip address 172.24.1.18 255.255.255.252
no shutdown
!
line con 0
exec-timeout 0 0
logging synchronous
!
end
2. Configure BGP
SanJose:
router bgp 100
network 201.0.0.0
neighbor 192.168.1.6 remote-as 300
ISP:
router bgp 300
network 202.0.0.0
neighbor 172.24.1.18 remote-as 65000
neighbor 192.168.1.5 remote-as 100
CustRtr:
router bgp 65000
network 203.0.0.0
neighbor 172.24.1.17 remote-as 300
3. Remove the Private AS
Configure ISP to strip the private AS numbers from BGP routes exchanged with SanJose.
ISP:
router bgp 300
neighbor 192.168.1.5 remove-private-as
SanJose
clear ip bgp *
!
Show ip bgp
!
ping 203.0.0.1
4. Use the AS_PATH Attribute to Filter Routes
In ISP does not propagate routes that originate from AS 100 to the CustRtr.
ISP:
ip as-path access-list 1 deny ^100$
ip as-path access-list 1 permit .*
!
router bgp 300
neighbor 172.24.1.18 filter-list 1 out
!
clear ip bgp *
!
show ip bgp regexp ^100$
SanJose Configuration:
hostname SanJose
!
no ip domain lookup
!
interface Loopback0
ip address 201.0.0.1 255.255.255.0
!
interface Serial0/0
ip address 192.168.1.5 255.255.255.252
no shutdown
!
router bgp 100
no synchronization
network 201.0.0.0
neighbor 192.168.1.6 remote-as 300
no auto-summary
!
line con 0
exec-timeout 0 0
logging synchronous
!
end
ISP Configuration:
hostname ISP
!
no ip domain lookup
!
interface Loopback0
ip address 202.0.0.1 255.255.255.0
!
interface Serial0/0
ip address 192.168.1.6 255.255.255.0
no shutdown
!
interface Serial0/1
ip address 172.24.1.17 255.255.255.252
no shutdown
!
router bgp 300
no synchronization
network 202.0.0.0
neighbor 172.24.1.18 remote-as 65000
neighbor 172.24.1.18 filter-list 1 out
neighbor 192.168.1.5 remote-as 100
neighbor 192.168.1.5 remove-private-as
no auto-summary
!
ip as-path access-list 1 deny ^100$
ip as-path access-list 1 permit .*
!
line con 0
exec-timeout 0 0
logging synchronous
!
end
CustRtr Configuration:
hostname CustRtr
!
no ip domain lookup
!
interface Loopback0
ip address 203.0.0.1 255.255.255.0
!
interface Serial0/1
ip address 172.24.1.18 255.255.255.252
no shutdown
!
router bgp 65000
no synchronization
network 203.0.0.0
neighbor 172.24.1.17 remote-as 300
no auto-summary
!
line con 0
exec-timeout 0 0
logging synchronous
!
end
參考資料:
Cisco網路學院 http://www.cisco.com/web/learning/netacad/index.html
CCNP1 Building Scalable Internetworks v5.0
Student Lab Manual
最初發表 / 最後更新: 2008.04.26 / 2018.05.31
0 comments:
張貼留言