Rsyslog+MySQL+LogAnalyzer

yum install –y rsyslog httpd php mysql php-mysql mysql-serverr syslog rsyslog-mysql phpmyadmin

service httpd start
chkconfig httpd on

[root@localhost log]# cat /usr/share/phpmyadmin/config.inc.php
$cfg['Servers'][$i]['auth_type'] = 'http';

[root@localhost log]# cat /etc/my.cnf
[client]
default-character-set=utf8

[mysqld]
init_connect='SET NAMES utf8'
default-character-set=utf8
default-collation=utf8_general_ci

[root@localhost ~]# cat /usr/share/doc/rsyslog-mysql-3.22.1/createDB.sql
CREATE DATABASE Syslog;
USE Syslog;
CREATE TABLE SystemEvents
(
        ID int unsigned not null auto_increment primary key,
        CustomerID bigint,
        ReceivedAt datetime NULL,
        DeviceReportedTime datetime NULL,
        Facility smallint NULL,
        Priority smallint NULL,
        FromHost varchar(60) NULL,
        Message text,
        NTSeverity int NULL,
        Importance int NULL,
        EventSource varchar(60),
        EventUser varchar(60) NULL,
        EventCategory int NULL,
        EventID int NULL,
        EventBinaryData text NULL,
        MaxAvailable int NULL,
        CurrUsage int NULL,
        MinUsage int NULL,
        MaxUsage int NULL,
        InfoUnitID int NULL ,
        SysLogTag varchar(60),
        EventLogType varchar(60),
        GenericFileName VarChar(60),
        SystemID int NULL
) DEFAULT CHARSET=utf8;

CREATE TABLE SystemEventsProperties
(
        ID int unsigned not null auto_increment primary key,
        SystemEventID int NULL ,
        ParamName varchar(255) NULL ,
        ParamValue text NULL
) DEFAULT CHARSET=utf8;

serice mysqld start
chkconfig mysqld on

mysqladmin -u root password NewPassword

mysql u root –p NewPassword

CREATE USER 'mysql'@'localhost' IDENTIFIED BY 'NewPassword';
GRANT ALL PRIVILEGES ON * . * TO 'test'@'localhost' IDENTIFIED BY 'NewPassword' WITH GRANT OPTION MAX_QUERIES_PER_HOUR 0 MAX_CONNECTIONS_PER_HOUR 0 MAX_UPDATES_PER_HOUR 0 MAX_USER_CONNECTIONS 0 ;
quit

mysql -u mysql -p < /usr/share/doc/rsyslog-mysql-3.22.1/createDB.sql

[root@localhost log]# cat /etc/rsyslog.conf
$ModLoad ommysql.so
*.*     :ommysql:localhost,Syslog,mysql,NewPassword

[root@localhost log]# cat /etc/sysconfig/rsyslog
SYSLOGD_OPTIONS="-m 0 -r514"

service syslog stop
chkconfig syslog off

service rsyslog start
chkconfig rsyslog on

cd
wget http://download.adiscon.com/loganalyzer/loganalyzer-3.0.0.tar.gz
tar –zxvf  loganalyzer-3.0.0.tar.gz
mv loganalyzer-3.0.0/src /var/www/html/loganalyzer
mv loganalyzer-3.0.0/contrib/* /var/www/html/loganalyzer/
cd /var/www/html/loganalyzer
chmod 777 *.sh
./configure.sh
chmod 777 config.php

http://localhost/loganalyzer
next
next

next

finish!!!

Linux DHCP+DDNS LAB

LAB環境說明:
1. DHCP+DNS主機IP = 10.1.3.222 , MASK = 255.255.255.0 , GATEWAY = 10.1.3.254
2. DNS Domain Name = example.local
3. Reverse DNS Domain Name = 3.1.10.in-addr.arpa

[root@localhost etc]# cat /etc/dhcpd.conf
ddns-update-style interim;
ddns-domainname "example.local";
ddns-rev-domainname "in-addr.arpa.";

key DHCP_UPDATER {
         algorithm hmac-md5;
         secret pRP5FapFoJ95JEL06sv4PQ==;
       };

       zone example.local. {
         primary 10.1.3.222;
         key DHCP_UPDATER;
       }

       zone 3.1.10.in-addr.arpa. {
         primary 10.1.3.222;
         key DHCP_UPDATER;
       }

subnet 10.1.3.0 netmask 255.255.255.0 {
range 10.1.3.50 10.1.3.100;
        option routers                  10.1.3.254;
        option subnet-mask              255.255.255.0;
        option domain-name              "example.local";
        option domain-name-servers      10.1.3.222, 168.95.192.1;
        option time-offset              -18000;
        option ntp-servers              clock.via.net;
        option netbios-name-servers     10.1.3.222;
        option netbios-node-type 8;
        allow client-updates;
        allow unknown-clients;
        ddns-updates on;
        authoritative;

[root@localhost etc]# cat /var/named/chroot/etc/named.conf
options {
        directory "/etc";
        pid-file "/var/run/named/named.pid";
        };

key DHCP_UPDATER {
         algorithm hmac-md5;
         secret pRP5FapFoJ95JEL06sv4PQ==;
       };

zone "example.local" {
        type master;
        file "/var/named/slaves/example.local.hosts";
        allow-update {
                key DHCP_UPDATER;
                };
        };
zone "3.1.10.in-addr.arpa" {
        type master;
        file "/var/named/slaves/10.1.3.rev";
        allow-update {
                key DHCP_UPDATER;
                };
        };

備註:
named.conf檔案中定義的zone file必須要存放在
/var/named/chroot/var/name/slaves目錄下(才可讀寫動態產生的dns record)

Cisco Switch Database Template(SDM)

! 調整SDM模式來增加Routing table大小
sdm prefer routing

驗證方式
調整前(Default)
#show sdm prefer | begin unicast routes
number of IPv4 unicast routes: 8K
number of directly-connected IPv4 hosts: 6K
number of indirect IPv4 routes: 2K
number of IPv4 policy based routing aces: 0
number of IPv4/MAC qos aces: 512
number of IPv4/MAC security aces: 1K

調整後
#show sdm prefer | begin unicast routes
number of IPv4 unicast routes: 11K
number of directly-connected IPv4 hosts: 3K
number of indirect IPv4 routes: 8K
number of IPv4 policy based routing aces: 512
number of IPv4/MAC qos aces: 512
number of IPv4/MAC security aces: 1K

Spanning-Tree Port-priority Example

未調整前，Port-Priority先比較Port-ID   

調整介面Port-Priority值


!-----手動指定為vlan 4,44,52,63的Spanning-tree Root
spanning-tree vlan 4,44,52,63 root primary

! -----手動指定fa0/14的Spanning-tree Port-Priority為32
interface FastEthernet0/14
spanning-tree vlan 4,44,52,63 port-priority 32

! -----手動指定fa0/15的Spanning-tree Port-Priority為16
interface FastEthernet0/15
spanning-tree vlan 4,44,52,63 port-priority 16

驗證方式
#show spanning-tree vlan 44 detail
Port 15 (FastEthernet0/13) of VLAN0044 is blocking
Designated port id is 128.15, designated path cost 0  
-----預設值128

Port 16 (FastEthernet0/14) of VLAN0044 is blocking
Designated port id is 32.16, designated path cost 0
-----手動調整為32

Port 17 (FastEthernet0/15) of VLAN0044 is forwarding
Designated port id is 16.17, designated path cost 0   
-----手動調整為16 (值較低故優先)

Fall Back Bridge Example

 

!-----啟動Integrated Routing and Bridging模式
bridge irb

! -----指定Bridge-Group 1 (Fa0/0介面界接SW1 VLAN 10)
interface FastEthernet0/0
no ip address
bridge-group 1

!-----指定Bridge-Group 1 (Fa0/0介面界接SW2 VLAN 20)
interface FastEthernet0/1
no ip address
bridge-group 1

! -----建立Bridge Virtual Interface
interface BVI1
ip address 192.168.1.254 255.255.255.0

! -----指定Bridge-Group的封裝模式為802.1q
bridge 1 protocol ieee

!-----指定Bridge-Group的Routing模式為IP Routing
bridge 1 route ip

驗證方式
#show interface irb | begin FastEthernet0/0
FastEthernet0/0
Routed protocols on FastEthernet0/0:
ip
Bridged protocols on FastEthernet0/0:
appletalk clns decnet ip

#show interface irb | begin FastEthernet0/1
FastEthernet0/1
Routed protocols on FastEthernet0/1:
ip
Bridged protocols on FastEthernet0/1:
appletalk clns decnet ip

802.1x & Radius Auth Example

!-----透過aaa來指定802.1x所使用的認證機制
aaa new-model
aaa authentication dot1x default group radius

!-----啟動系統的802.1x認證機制
dot1x system-auth-control

!-----在介面上啟動802.1x認證機制
interface FastEthernet0/9
switchport mode access
dot1x port-control auto
!
interface FastEthernet0/10
switchport mode access
dot1x port-control auto

!-----指定連線到Radius主機所使用的IP位址
ip radius source-interface Loopback0

!-----指定用來認證的Radius主機位址
radius-server host 204.12.1.100

驗證方式
#show dot1x
Sysauthcontrol = Enabled
Supplicant Allowed In Guest Vlan = Disabled
Dot1x Protocol Version = 1

#show dot1x all
Dot1x Info for interface FastEthernet0/9
<output omitted>
HostMode = Single
PortControl = Auto
ControlDirection = Both
QuietPeriod = 60 Seconds
Re-authentication = Disabled
<output omitted>
Dot1x Info for interface FastEthernet0/10

#show aaa servers
RADIUS: id 1, priority 1, host 204.12.1.100, auth-port 1645, acct-port
1646
State: current UP, duration 3634s, previous duration 0s

DTP-Dymanic Trunking Protocol

DTP模式介紹
1. 手動指定
╠switchport mode access (手動指定為Access)
╠switchport mode trunk (手動指定為Trunk)
╚switchport nonegotiate (關閉協商)
2. 動態協商
╠switchport mode dynamic auto (被動協商) (預設值)
╚switchport mode dynamic desitable (主動協商)

注意
兩端點設備的" VTP Domain "需一致方能進行動態協商，手動指定則無此限制

DTP協商關係一覽表

	Dynamic Auto (自動協商) (被動)	Dynamic Desirable (自動協商) (主動)	Trunk (手動指定)	Access (手動指定)
Dynamic Auto (自動協商) (被動)	Access	Trunk	Trunk	Access
Dynamic Desirable (自動協商) (主動)	Trunk	Trunk	Trunk	Access
Trunk (手動指定)	Trunk	Trunk	Trunk	不建議
Access (手動指定)	Access	Access	不建議	Access

設定範例
DTP trunk mode in L3 Switch
1. 指定封裝模式

(conf-int)#switchport trunk encapsulation [do1q | isl ]
2. 指定DTP模式
(conf-int)#switchport mode trunk
3. 指定允許通過的VLAN

(conf-int)#switcgport trunk allow vlan 1-10
4. 指定不被允許通過的VLAN (除了…其他都允許)
(conf-int)#switchport trink allow vlan except 1-10

DTP trunk mode in L2 Switch
1. 指定DTP模式

(conf-int)#switchport mode trunk

DTP access mode

1. 指定DTP模式
(conf-int)#switchport mode access
2. 指定允許通過的VLAN
(conf-int)#switchport access vlan 10

DTP dynamic auto mode (被動協商) (預設值)
1. 指定DTP模式
(conf-int)#switchport mode dynamic auto

 

DTP dynamic desirable mode (主動協商) 
1. 指定DTP模式
(conf-int)#switchport mode dynamic Desirable

DTP nonegotiate mode (關閉協商)
1. 指定DTP模式
(conf-int)#switchport mode dynamic Desirable

透過esxcfg或vicfg指令集設定VMware ESXi 4.1 vSwitch & dvSwitch

Single vSwitch Topology 
 

Single dvSwich Topology 


Single Cisco Nexus 1000v Topology

Multiple dvSwitch Topology

Hybrid vSwitch & dvSwitch Topology

Hybrid vSwitch & Cisco Nexus 1000v Topology

顯示現有的網卡狀態
esxcfg-nics -l

顯示現有的vSwitch狀態
esxcfg-vswitch -l

顯示現有的vmknic狀態
esxcfg-vmknic -l

vSwitch設定
Step1 建立vSwitch
新增vSwitch
esxcfg-vswitch -a "vSwitch Name"
ex: esxcfg-vswitch -a vSwitch0

刪除vSwitch
esxcfg-vswitch -d "vSwitch Name"
ex: esxcfg-vswitch -d vSiwtch0

Step2 將實體網卡與vSwitch做連結
將vmnic0增加到vSwitch上
esxcfg-vswitch –L "網卡名稱" "vSwitch Name"
ex: esxcfg-vswitch -L vmnic0 vSwitch0

將vmnic0從vSwitch上移除
esxcfg-vswitch -U "網卡名稱" "vSwitch Name"
ex: esxcfg-vswitch -U vmnic0 vSwitch0

Step3 建立vSwitch上的Port Group
新增Port Group到vSwitch上
esxcfg-vswitch -A "vSwitch Port Group Name" "vSwitch Name"
ex: esxcfg-vswitch -A vSwitch-PG vSwitch0

刪除vSwitch上的Port Group
esxcfg-vswitch -D "vSwitch Port Group Name" "vSwitch Name"
ex: esxcfg-vswitch -D vSwitch-PG vSwitch0

Step4 新增IP到vSwitch上的Port Group
新增VMkernel的IP到vSwitch上
esxcfg-vmknic -a –i "IP位址" -n "子網路遮罩" "vSwitch Port Group Name"
ex: esxcfg-vmknic -a -i 192.168.1.1 -n 255.255.255.0 vSwitch-PG

移除vSwitch上的VMkernel
esxcfg-vmknic –d "VMkernel網卡" "vSwitch Name"
ex: esxcfg-vmknic -d vmk0 vSwitch0

dvSwitch設定
Step1 透過vSphere Client連線到vCenter建立dvSwitch

Step2 透過vSphere Client連線到vCenter建立dvSwitch上的Port Group

Step3 透過vSphere Client連線到vCenter的Host上透過升級方式將vSwitch移轉到dvSwitch上

當設定錯誤導致無法連線時,可直接於Host透過下列指令對dvSwitch做調整
將實體網卡與vSwitch做連結
將vmnic0增加到dvSwitch上
esxcfg-vswitch -P "網卡名稱" "dvSwitch Name"
ex: esxcfg-vswitch –P vmnic0 dvSwitch0

將實體網卡從dvSwitch上移除
esxcfg-vswitch -Q "網卡名稱" -V "dvSwitch Port ID" "dvSwitch Name"  
ex: esxcfg-vswitch -Q vmnic0 -V 100 dvSwitch0

新增IP到dvSwitch上的Port Group
新增VMkernel的IP到dvSwitch上
esxcfg-vmknic -a -i "IP位址" -n "子網路遮罩" -s "dvSwitch Name" -v "dvSwitch Port ID"
ex: esxcfg-vmknic -a -i 172.16.1.1 -n 255.255.255.0 -s dvSwitch0 -v 100

移除dvSwitch上的VMkernel
esxcfg-vmknic –d "VMKernel網卡名稱" -s "dvSwitch Name" -v "dvSwitch Port ID"
ex: esxcfg-vmknic -d vmk0 -s dvSwitch0 -v 100

參考文件 vSphere Command-Line Interface Installation and Scripting Guide

Frame-Relay EEK & PPP over Frame-Relay

Topology

NET檔案

CONFIG檔案

R1
!
!Basic Setting
conf t
hostname R1
logging console
no ip domain-lookup
end
!
!Basic IP Setting
conf t
int lo 0
ip add 10.1.1.1 255.255.255.0
no sh
!
int s 0/0
ip add 10.0.1.1 255.255.255.0
no sh
end
!
!Frame-Relay Setting
conf t
int s 0/0
encapsulation frame-relay
no frame-relay inverse-arp
frame-relay lmi-type ansi
frame-relay interface-dlci 102
frame-relay interface-dlci 103
frame-relay map ip 10.0.1.1 102 broadcast
frame-relay map ip 10.0.1.2 102 broadcast
frame-relay map ip 10.0.1.3 103 broadcast
end
!
!Basic Dynamic Routing Setting
conf t
router eigrp 100
passive-interface lo 0
network 10.0.0.0
no auto
end

R2
!
!Basic Setting
conf t
hostname R2
logging console
no ip domain-lookup
end
!
!Basic IP Setting
conf t
int lo 0
ip add 10.2.2.2 255.255.255.0
no sh
!
int s 0/0
encapsulation frame-relay
no frame-relay inverse-arp
frame-relay lmi-type ansi
no ip add
no sh
end
!
!Frame-Relay Setting
conf t
int s 0/0.201 point-to-point
ip add 10.0.1.2 255.255.255.0
no frame-relay inverse-arp
frame-relay interface-dlci 201
no sh
!
int s 0/0.203 point-to-point
no frame-relay inverse-arp
frame-relay interface-dlci 203
no sh
end
!
!Frame-Relay EEK Setting
conf t
map-class frame-relay EEK
frame-relay end-to-end keepalive mode bidirectional
end
!
conf t
int s 0/0.203 point-to-point
frame-relay interface-dlci 203
class EEK
end
!
!PPP Over Frame-Relay Setting
conf t
int s 0/0.203
frame-relay interface-dlci 203 ppp virtual-template 1
int virtual-template 1
ip add 10.0.23.2 255.255.255.0
no sh
!
!fix PPP over Frame-Relay IGP prefix error
conf t
int virtual-template 1
no peer neighbor-route
end
!
!fix ppp over Frame-Relay ping self error
conf t
int virtual-template 1
ppp multilink
end
!
!Basic Dynamic Routing Setting
conf t
router eigrp 100
passive-interface lo 0
network 10.0.0.0
no auto
end

R3
!
!Basic Setting
conf t
hostname R3
logging console
no ip domain-lookup
end
!
!Basic IP Setting
conf t
int lo 0
ip add 10.3.3.3 255.255.255.0
no sh
!
int s 0/0
encapsulation frame-relay
no frame-relay inverse-arp
frame-relay lmi-type ansi
no ip add
no sh
end
!
!Frame-Relay Setting
conf t
int s 0/0.301 point-to-point
ip add 10.0.1.3 255.255.255.0
no frame-relay inverse-arp
frame-relay interface-dlci 301
no sh
!
int s 0/0.302 point-to-point
no frame-relay inverse-arp
frame-relay interface-dlci 302
no sh
end
!
!Frame-Relay EEK Setting
conf t
map-class frame-relay EEK
frame-relay end-to-end keepalive mode bidirectional
end
!
conf t
int s 0/0.302 point-to-point
frame-relay interface-dlci 302
class EEK
end
!
!PPP Over Frame-Relay Setting
conf t
int s 0/0.302
frame-relay interface-dlci 302 ppp virtual-template 1
int virtual-template 1
ip add 10.0.23.3 255.255.255.0
no sh
end
!
!fix PPP over Frame-Relay IGP prefix error
conf t
int virtual-template 1
no peer neighbor-route
end
!
!fix ppp over Frame-Relay ping self error
conf t
int virtual-template 1 
ppp multilink 
end
!
!Basic Dynamic Routing Setting
conf t
router eigrp 100
passive-interface lo 0
network 10.0.0.0
no auto
end

FR
!
!Basic Setting
conf t
hostname FR
logging console
no ip domain-lookup
end
!
!Frame-Relay Switching Setting
conf t
frame-relay switching
int s 1/1
encapsulation frame-relay
frame-relay lmi-type ansi
frame-relay intf-type dce
frame-relay route 102 interface s 1/2 201
frame-relay route 103 interface s 1/3 301
no sh
int s 1/2
encapsulation frame-relay
frame-relay lmi-type ansi
frame-relay intf-type dce
frame-relay route 201 interface s 1/1 102
frame-relay route 203 interface s 1/3 302
no sh
int s 1/3
encapsulation frame-relay
frame-relay lmi-type ansi
frame-relay intf-type dce
frame-relay route 301 interface s 1/1 103
frame-relay route 302 interface s 1/2 203
no sh
end

show指令
show ip int brief
show frame-relay lmi
show frame-relay pvc
show frame-relay map
show frame-relay route
show frame-relay end-to-end keepalive
show interface virtual-access 1
show ip route
show ip eigrp neighbor
show interface s 0/0
show ip interface s 0/0

debug指令
debug ppp negotiation 
debug frame-relay adjacency

參考文件
Troubleshooting: IP Addressing Tricks & Tips Using PPP

Frame Relay Switch Configuration

透過AVG指令模式來替即時通訊/下載軟體掃毒

1. 安裝AVG Free防毒軟體主程式  載點

2. 開啟文字編輯器並將下列程式碼貼上，另存檔案成AvgScan.bat
然後將該檔案存放到"C:\Program Files\AVG\AVG9\"下

@echo off
"C:\Program Files\AVG\AVG9\avgscanx.exe" /SCAN=%1 /HEUR /ARC /PUP /CLEAN

3. 開啟即時通訊軟體或下載軟體的防毒過濾設定頁面，並將指定透過下列路徑掃毒即可!!

範例
MSN
"C:\Program Files\AVG\AVG9\AvgScan.bat"

FlashGet
"C:\Program Files\AVG\AVG9\AvgScan.bat"

FireFox download statusbar
防毒軟體位置 "C:\Program Files\AVG\AVG9\avgscanx.exe"
參數 /SCAN=%1 /HEUR /ARC /PUP /CLEAN

虛擬化版本與功能比較表

VMWare Vsphere

Citrix Xen Server

Citrix vs VMWare 版本與功能對應比較表

Citrix vs VMWare 價格比較表

範例一

範例二

Lab 6-2 Using the AS_PATH Attribute

Topology

GNS檔案

SanJose
!
!Step 0: Basic Setting
conf t
hostname SanJose
no ip domain-lookup
end
!
!Step 1: IP Addressing
conf t
int s 0/0
ip add 192.168.1.5 255.255.255.252
no sh
int lo 0
ip add 201.0.0.1 255.255.255.0
no sh
end
!
!Step 2: Configure BGP
conf t
router bgp 100
neighbor 192.168.1.6 remote-as 300
network 201.0.0.0
end

ISP
!
!Step 0: Basic Setting
conf t
hostname ISP
no ip domain-lookup
end
!
!Step 1: IP Addressing
conf t
int s 0/0
ip add 192.168.1.6 255.255.255.252
no sh
int s 0/1
ip add 172.24.1.17 255.255.255.252
no sh
int lo 0
ip add 202.0.0.1 255.255.255.0
no sh
end
!
!Step 2: Configure BGP
conf t
router bgp 300
neighbor 192.168.1.5 remote-as 100
neighbor 172.24.1.18 remote-as 65000
network 202.0.0.0
end
!
!Step 3: Remove the Private AS
conf t
router bgp 300
neighbor 192.168.1.5 remove-private-as
end
!
!Step 4: Use the AS_PATH Attribute to Filter Routes
conf t
!過濾AS-Path字元為 開始100結束
ip as-path access-list 1 deny ^100$
!允許AS-Path字元為 一個字元+任意字元 = i 或 i xxx
ip as-path access-list 1 permit .*
end
!將產生好的as-path acl 套用到往172.24.1.18的更新上(OUT)
conf t
router bgp 300
neighbor 172.24.1.18 filter-list 1 out
end

CustRtr
!
!Step 0: Basic Setting
conf t
hostname CustRtr
no ip domain-lookup
end
!
!Step 1: IP Addressing
conf t
int s 0/1
ip add 172.24.1.18 255.255.255.252
no sh
int lo 0
ip add 203.0.0.1 255.255.255.0
no sh
!
!Step 2: Configure BGP
conf t
router bgp 65000
neighbor 172.24.1.17 remote-as 300
network 203.0.0.0
end

show指令
show ip route
show ip bgp
show ip bgp neighbor
show ip bgp regexp ^100$

clear指令
clear ip bgp *
clear ip bgp 192.168.1.5 soft out
clear ip bgp 172.24.1.18 soft out

參考文件
Removing Private Autonomous System Numbers in BGP

Using Regular Expressions in BGP

Lab 6-1 Configuring BGP with Default Routing

Topology

GNS檔案

SanJose
!
!Step 0: Basic Setting
conf t
hostname SanJose
no ip domain-lookup
end
!
!Step 1: Assign IP Addresses
conf t
int s 0/0
ip add 10.0.0.2 255.255.255.252
no sh
int s 0/1
ip add 172.16.0.2 255.255.255.252
no sh
int lo0
ip add 192.168.0.1 255.255.255.0
no sh
int lo1
ip add 192.168.1.1 255.255.255.0
no sh
end
!
!Step 3: Configure SanJose BGP
conf t
router bgp 100
neighbor 10.0.0.1 remote-as 200
neighbor 172.16.0.1 remote-as 300
network 192.168.0.0
network 192.168.1.0
end
!
!Step 4: Verify BGP on the SanJose Router
show ip bgp
!
!針對ISP1的lo0介面做shutdown
show ip bgp
show ip bgp neighbor
!
!Step 5: Filter Routes
conf t
access-list 192.168.0.0 0.0.1.255
end
!
conf t
router bgp 100
neighbor 10.0.0.1 distribute-list 1 out
neighbor 172.16.0.1 distribute-list 1 out
end
!
!Hardware Update BGP Session Out
clear ip bgp *
!
!Soft Update BGP Session Out
clear ip bgp 100 soft out
!
!Step 6: Configure the Primary and Backup Routes Using Floating Static Routes
conf t
ip route 0.0.0.0 0.0.0.0 10.0.0.1 210
ip route 0.0.0.0 0.0.0.0 172.16.0.1 220
end
!啟用extend ping (TargetIP 210.210.210.1, SourceIP 192.168.1.1)
ping
!
!Step 7: Configure Primary and Backup Routes Using Static Routes
conf t
no ip route 0.0.0.0 0.0.0.0 10.0.0.1 210
no ip route 0.0.0.0 0.0.0.0 172.16.0.1 220
end
!
!使用ip default-network指令來送出Default Gateway(Primary)
conf t
ip default-network 210.210.210.0
end
!設定Backup default route至172.16.0.1(Secondary)
conf t
ip route 0.0.0.0 0.0.0.0 172.16.0.1 220
end

ISP1
!
!Step 0: Basic Setting
conf t
hostname ISP1
no ip domain-lookup
end
!
!Step 1: Assign IP Addresses
conf t
int s 0/0
ip add 10.0.0.1 255.255.255.252
no sh
int lo0
ip add 12.0.1.1 255.255.255.0
no sh
end
!
!Step 2: Configure the ISPs
conf t
router bgp 200
neighbor 10.0.0.2 remote-as 100
network 12.0.1.0 mask 255.255.255.0
end
!
!Step 6: Configure the Primary and Backup Routes Using Floating Static Routes
conf t
int lo 100
ip add 210.210.210.1 255.255.255.0
no sh
end
Step 7: Configure Primary and Backup Routes Using Static Routes
conf t
router bgp 200
network 210.210.210.0
end
clear ip bgp 10.0.0.2

ISP2
!
!Step 0: Basic Setting
conf t
hostname ISP2
no ip domain-lookup
end
!
!Step 1: Assign IP Addresses
conf t
int s 0/1
ip add 172.16.0.1 255.255.255.252
no sh
int lo0
ip add 172.16.1.1 255.255.255.0
no sh
end
!
!Step 2: Configure the ISPs
conf t
router bgp 300
neighbor 172.16.0.2 remote-as 100
network 172.16.1.0 mask 255.255.255.0
end

show指令
show ip int brief
show ip route
show ip route bgp
show ip bgp

clear指令
clear ip bgp *
clear ip bgp 10.0.0.1 soft out
clear ip bgp 172.16.0.1 soft out

參考文件
Sample Configuration for BGP with Two Different Service Providers (Multihoming)

BGP Soft Reset Enhancement

修復XenServer重開機後無法掛載Openfiler iSCSI LUN

系統版本 Openfiler 2.3

1. 使用root身分登入openfiler

2. vi /etc/rc.sysinit (將333-337行的內容註解掉)

#       if [ -x /sbin/lvm.static ]; then  
#               if /sbin/lvm.static vgscan --mknodes --ignorelockingfailure > /dev/null 2>&1 ; then  
#                    action $"Setting up Logical Volume Management:" /sbin/lvm.static vgchange -a y -ignorelockingfailure  
#               fi  
#       fi

3. vi /etc/lvm/lvm.conf (修改53行的內容)

   filter = [ "r|/dev/dm-*|", "r|/dev/VG_XenStorage*|", "r|/dev/sr/iscsi|", "a/.*/" ]

4. 輸入下列指令 
service aoe force-stop

5. 重開機
init 6

參考文件 https://forums.openfiler.com/viewtopic.php?id=2280&p=2

Lab 3-1 Single-Area OSPF Link Costs and Interface Priorities

Topology

GNS檔案

R1
!
!Step 0: Basic Setting
conf t
hostname R1
no ip domain-lookup
end
!
!Step 1: Addressing
conf t
int lo 1
description Engineering Department
ip add 10.1.1.1 255.255.255.0
no sh
int fa 0/0
ip add 10.1.200.1 255.255.255.0
no sh
int s 0/0
ip add 10.1.100.1 255.255.255.0
no sh
end
!
!宣告正確的OSPF Network Type來讓Loopback介面送出正確的prefix
!conf t
int lo 1
ip ospf network point-to-point
end
!
!Step 2: Adding Physical Interfaces to OSPF
conf t
router ospf 1
network 10.1.100.0 0.0.0.255 area 0
network 10.1.200.0 0.0.0.255 area 0
!
!Step 4: Adding Loopback Interfaces to OSPF
conf t
router ospf 1
network 10.1.1.0 0.0.0.255 area 0
end
!
!Step 5: Modifying Link Costs in OSPF
conf t
int fa 0/0
ip ospf cost 50
end
!
!Step 6: Modifying Interface Priorities
conf t
int fa 0/0
ip ospf priority 10
end
!
!Step 3: OSPF show Commands
show ip protocols
show ip route
show ip ospf neighbor
show ip ospf interface fa 0/0
show ip ospf database

R2
!
!Step 0: Basic Setting
conf t
hostname R2
no ip domain-lookup
end
!
!Step 1: Addressing
conf t
int lo 2
description Marketing Department
ip add 10.1.2.1 255.255.255.0
no sh
int fa 0/0
ip add 10.1.200.2 255.255.255.0
no sh
int s 0/0
ip add 10.1.100.2 255.255.255.0
no sh
end
!
!宣告正確的OSPF Network Type來讓Loopback介面送出正確的prefix
!conf t
int lo 2
ip ospf network point-to-point
end
!
!Step 2: Adding Physical Interfaces to OSPF
conf t
router ospf 1
network 10.1.100.0 0.0.0.255 area 0
network 10.1.200.0 0.0.0.255 area 0
!
!Step 4: Adding Loopback Interfaces to OSPF
conf t
router ospf 1
network 10.1.2.0 0.0.0.255 area 0
end
!
!Step 5: Modifying Link Costs in OSPF
conf t
int fa 0/0
ip ospf cost 50
end
!Step 6: Modifying Interface Priorities
conf t
int fa 0/0
ip ospf priority 5
end

R3
!
!Step 0: Basic Setting
conf t
hostname R3
no ip domain-lookup
end
!
!Step 1: Addressing
conf t
int lo 3
description Accounting Department
ip add 10.1.3.1 255.255.255.0
no sh
int fa 0/0
ip add 10.1.200.3 255.255.255.0
no sh
end
!
!宣告正確的OSPF Network Type來讓Loopback介面送出正確的prefix
!conf t
int lo 3
ip ospf network point-to-point
end
!
!Step 2: Adding Physical Interfaces to OSPF
conf t
router ospf 1
network 10.1.200.0 0.0.0.255 area 0
!
!Step 4: Adding Loopback Interfaces to OSPF
conf t
router ospf 1
network 10.1.3.0 0.0.0.255 area 0
end
!
!Step 5: Modifying Link Costs in OSPF
conf t
int fa 0/0
ip ospf cost 50
end

OSPF Link Type

介面類型	Cost值
Asynchronous	10000
X25	5208
56Kbps Serial Link	1785
64Kbps Serial Link	1562
T1 1.544Mbps Serial Link	64
E1 2.048Mbps Serial Link	48
4Mbps Token Ring	25
Ethernet	10
16Mbps Token Ring	6
FDDI	1
ATM	1

show指令
show ip route
show ip protocol
show ip ospf
show ip ospf database
show ip ospf interface (介面 代號)
show ip ospf neighbor
show ip ospf neighbor detail

debug指令
debug ip ospf adj

參考文件
OSPF Design Guide

Lab 5-5 Configuring the Cisco IOS DHCP Server

Topology

GNS檔案

R1
!
!Step 0: Basic Setting
conf t
hostname R1
no ip domain-lookup
end
!
!Step 1: Assign IP Addresses
conf t
int s 0/0
ip add 172.16.12.1 255.255.255.0
bandwidth 64
no sh
!
int lo 1
ip add 172.16.1.1 255.255.255.0
no sh
end
!
!Step 2: Configure EIGRP
conf t
router eigrp 1
no auto-summary
network 172.16.0.0
end
!
!Step 6: Configure the IP Helper Address
conf t
int lo 1
ip helper-address 172.16.2.1
!
!備註:預設啟用DHCP Relay後，若收到下列UDP廣播時會自動將該封包轉送至ip helper-address
!TFTP UDP 69
!DNS UDP 53
!Time Service UDP 37
!NetBios Name Server UDP 137
!NetBios Datagram Server UDP 138
!Boot Protocol UDP 67,68
!TACACS Service UDP 49
!IEN-116 Name Service UDP 42
!
!手動增加其他特殊的UDP廣播封包(以UDP 50000為例)
conf t
ip forward-protocol udp 50000
end

R2
!
!Step 0: Basic Setting
conf t
hostname R2
no ip domain-lookup
end
!
!Step 1: Assign IP Addresses
!設定介面IP
conf t
int s 0/0
ip add 172.16.12.2 255.255.255.0
bandwidth 64
no sh
!
int lo 2
ip add 172.16.2.1 255.255.255.0
no sh
!
int fa 0/0
ip add 172.16.23.2 255.255.255.0
no sh
end
!
!Step 2: Configure EIGRP
conf t
router eigrp 1
no auto-summary
network 172.16.0.0
end
!
!Step 3: Configure a DHCP Pool
conf t
!設備被排除配發的DHCP範圍
ip dhcp excluded-address 172.16.23.1 172.16.23.100
!設定DHCP派發的領域資訊
ip dhcp pool VLAN1-POOL
network 172.16.23.0 255.255.255.0
default-router 172.16.23.2
domain-name Cisco.com
!設定租期
lease 1 5 36
!
!Step 5: Verify DHCP Configuration on Server
show ip dhcp binding
show ip dhcp pool
show ip dhcp server statistics
!
!Step 6: DHCPRELEASE and DHCPRENEW
debug dhcp detail

R3
!
!Step 0: Basic Setting
conf t
hostname R3
no ip domain-lookup
end
!
!Step 3: Configure a DHCP Pool
conf t
no ip routing
int fa 0/0
no ip address
ip address dhcp
no sh
end
!
!Step 4: Verify DHCP Lease on Client
show ip int brief
show ip route 
!
!Step 6: DHCPRELEASE and DHCPRENEW
conf t
int fa 0/0
sh
no sh
release dhcp int fa 0/0
renew dhcp int fa 0/0

show指令
show ip int brief
show ip route
show ip dhcp binding
show ip dhcp pool
show ip dhcp server statistics
show ip helper-address

debug指令
debug ip dhcp server events
debug ip dhcp server packets
debug ip packet detail

參考文件
Understanding and Troubleshooting DHCP in Catalyst Switch or Enterprise Networks

Configuring DHCP

Lab 5-4 Manipulating Administrative Distances

Topology
 
GNS檔案

R1
!
!Step 0: Basic Setting
conf t
hostname R1
no ip domain-lookup
end
!
!Step 1: Configure Addressing
conf t
int lo 1
ip add 172.16.1.1 255.255.255.0
no sh
int lo 101
ip add 192.168.101.1 255.255.255.0
no sh
int fa 0/0
ip add 172.16.12.1 255.255.255.0
no sh
int s 0/0
ip add 172.16.13.1 255.255.255.0
no sh
end
!
!設定Serial介面的頻寬
conf t
int s 0/0
bandwidth 64
end
!
!Step 2: Configure RIP
conf t
router rip
version 2
no auto-summary
network 172.16.0.0
network 192.168.101.0
end
!
!Step 3: Configure OSPF
conf t
int lo 1
ip ospf network point-to-point
int lo 101
ip ospf network point-to-point
end
conf t
router ospf 1
network 172.16.0.0 0.0.255.255 area 0
network 192.168.101.0 0.0.0.255 area 0
end
!
!Step 4: Modify a Routing Protocol’s Distance
!修改RIP的Distance值(120 –> 100)
conf t
router rip
distance 100
end
!
!Step 5: Modify Distance Based on Route Source
!針對OSPF路由中的特定網段(192.168.100-104.x)給予不同的Distance值(110 -> 85)(Route Proccess方式)
conf t
router ospf 1
distance 85 192.168.100.0 0.0.3.255
end
!
!Step 6: Modify Distance Based on an Access List
!針對RIP路由中的特定網段(172.16.x.x)給予不同的Distance值(110 -> 65)(ACL方式)
conf t
access-list 1 permit 172.16.0.0 0.0.255.255
router rip
distance 65 0.0.0.0 255.255.255.255 1
end

R2
!
!Step 0: Basic Setting
conf t
hostname R2
no ip domain-lookup
end
!
!Step 1: Configure Addressing
conf t
int lo 1
ip add 172.16.2.1 255.255.255.0
no sh
int lo 101
ip add 192.168.102.1 255.255.255.0
no sh
int fa 0/0
ip add 172.16.12.2 255.255.255.0
no sh
int fa 0/1
ip add 172.16.23.2 255.255.255.0
no sh
end
!
!Step 2: Configure RIP
conf t
router rip
version 2
no auto-summary
network 172.16.0.0
network 192.168.102.0
end
!
!Step 3: Configure OSPF
conf t
int lo 2
ip ospf network point-to-point
int lo 102
ip ospf network point-to-point
end
conf t
router ospf 1
network 172.16.0.0 0.0.255.255 area 0
network 192.168.102.0 0.0.0.255 area 0
end
!
!Step 4: Modify a Routing Protocol’s Distance
!修改RIP的Distance值(120 –> 100)
conf t
router rip
distance 100
end
!
!Step 5: Modify Distance Based on Route Source
!針對OSPF路由中的特定網段(192.168.100-104.x)給予不同的Distance值(110 -> 85)(Route Proccess方式)
conf t
router ospf 1
distance 85 192.168.100.0 0.0.3.255
end
!
!Step 6: Modify Distance Based on an Access List
!針對RIP路由中的特定網段(172.16.x.x)給予不同的Distance值(110 -> 65)(ACL方式)
conf t
access-list 1 permit 172.16.0.0 0.0.255.255
router rip
distance 65 0.0.0.0 255.255.255.255 1
end

R3
!
!Step 0: Basic Setting
conf t
hostname R3
no ip domain-lookup
end
!
!Step 1: Configure Addressing
conf t
int lo 3
ip add 172.16.3.1 255.255.255.0
no sh
int lo 103
ip add 192.168.103.1 255.255.255.0
no sh
int s 0/0
ip add 172.16.13.3 255.255.255.0
no sh
end
!
!設定Serial介面的頻寬
conf t
int s 0/0
bandwidth 64
end
!
!Step 2: Configure RIP
conf t
router rip
version 2
no auto-summary
network 172.16.0.0
network 192.168.103.0
end
!
!Step 3: Configure OSPF
conf t
int lo 3
ip ospf network point-to-point
int lo 103
ip ospf network point-to-point
end
conf t
router ospf 1
network 172.16.0.0 0.0.255.255 area 0
network 192.168.103.0 0.0.0.255 area 0
end
!
!Step 4: Modify a Routing Protocol’s Distance
!修改RIP的Distance值(120 –> 100)
conf t
router rip
distance 100
end
!
!Step 5: Modify Distance Based on Route Source
!針對OSPF路由中的特定網段(192.168.100-104.x)給予不同的Distance值(110 -> 85)(Route Proccess方式)
conf t
router ospf 1
distance 85 192.168.100.0 0.0.3.255
end
!
!Step 6: Modify Distance Based on an Access List
!針對RIP路由中的特定網段(172.16.x.x)給予不同的Distance值(110 -> 65)(ACL方式)
conf t
access-list 1 permit 172.16.0.0 0.0.255.255
router rip
distance 65 0.0.0.0 255.255.255.255 1
end

SW
!
!基本設定
conf t
hostname SW
no ip domain-lookup
end
!
!設定介面IP
conf t
int range fa 1/1 - 15
speed 100
end
!
!設定VLAN資訊給介面
conf t
int range fa 1/1 - 2
switchport mode access
switchport access vlan 13
int range fa 1/3 - 4
switchport mode access
switchport access vlan 23
end

show指令
show ip int brief
show ip route
show ip protocol
show ip ospf neighbor
clear ip ospf proccess (會讓設備重新競選路由，請小心使用)

參考文件

Lab 5-2 Redistribution Between EIGRP and OSPF

Topology

GNS檔案

R1
!
!Step 0: Basic Setting
conf terminal
hostname R1
no ip domain-lookup
end
!
!Step 1: Additional Addressing
conf terminal
int s 0/0
ip address 172.16.12.1 255.255.255.0
no shutdown
int loopback 0
ip address 172.16.1.1 255.255.255.0
no shutdown
int loopback 48
ip address 192.168.48.1 255.255.255.0
no shutdown
int loopback 49
ip address 192.168.49.1 255.255.255.0
no shutdown
int loopback 50
ip address 192.168.50.1 255.255.255.0
no shutdown
int loopback 51
ip address 192.168.51.1 255.255.255.0
no shutdown
int loopback 70
ip address 192.168.70.1 255.255.255.0
no shutdown
end
!
!設定EIGRP介面的Bandwidth(64K)
conf t
int s 0/0
bandwidth 64
end
!
!Step 2: Configuring EIGRP
conf t
router eigrp 1
no auto-summary
network 172.16.0.0
network 192.168.1.0 0.0.255.255
end
!
!Step 3: Create Passive Interfaces in EIGRP
!針對末端介接非Router的介面關閉路由資訊(EIGRP)交換
conf t
router eigrp 1
passive-interface default
no passive-interface s 0/0
end
!
!設定EIGRP手動摘要
conf t
int s 0/0
ip summary-address eigrp 1 192.168.48.0 255.255.254.0
end
!
!Step 10: Modifying EIGRP Distances
!調整EIGRP Distance值(原始值internal 90,external 170)
conf t
router eigrp 1
distance eigrp 95 165
end

R2
!
!Step 0: Basic Setting
conf terminal
hostname R2
no ip domain-lookup
end
!
!Step 1: Additional Addressing
conf terminal
int s 0/0
ip address 172.16.12.2 255.255.255.0
no shutdown
int s 0/1
ip address 172.16.23.2 255.255.255.0
no shutdown
int loopback 0
ip address 172.16.2.1 255.255.255.0
no shutdown
int loopback 100
ip address 172.16.100.1 255.255.255.0
no shutdown
end
!
!設定EIGRP介面的Bandwidth(64K)
conf t
int s 0/0
bandwidth 64
end
!
!Step 2: Configuring EIGRP
conf t
router eigrp 1
no auto-summary
network 172.16.0.0
end
!
!Step 3: Create Passive Interfaces in EIGRP
!針對末端介接非Router的介面關閉路由資訊(EIGRP)交換
conf t
router eigrp 1
passive-interface default
no passive-interface s 0/0
end
!
!Step 5: Additional OSPF Configuration
conf t
router ospf 1
network 172.16.23.0 0.0.0.255 area 0
network 172.16.100.0 0.0.0.255 area 10
end
!
!設定OSPF network type(預設OSPF在Loopback介面上會送出/32的prefix，當宣告network type P2P後將會顯示正確的prefix)
conf t
int lo 0
ip ospf network point-to-point
int lo 100
ip ospf network point-to-point
end
!
!Step 7: Mutually Redistribute Between OSPF and EIGRP
!redistributing EIGRP & Connect into OSPF(單向)
conf t
router ospf 1
redistribute eigrp 1 subnets
redistribute connected subnets
end
!
!redistributing OSPF into EIGRP(雙向)
conf t
router eigrp 1
redistribute ospf 1 metric 10000 100 255 1 1500
default-metric 10000 100 255 1 1500
redistribute ospf 1
end
!
!Step 8: Filter Redistribution with Route Maps
!透過route-map來過濾特定路由資訊(以過濾192.168.25.0/24,192.168.30.0/24為例)
conf t
!設定要被過濾的路由內容
access-list 1 permit 192.168.25.0
access-list 1 permit 192.168.30.0
!建立route-map規則
route-map SELECTED-DENY deny 10
match ip address 1
route-map SELECTED-DENY permit 20
!將規則套用到redistribute內容內
router eigrp 1
redistribute ospf 1 route-map SELECTED-DENY metric 64 100 255 1 1500
redistribute ospf 1 route-map SELECTED-DENY

R3
!
!Step 0: Basic Setting
conf terminal
hostname R3
no ip domain-lookup
end
!
!Step 1: Additional Addressing
conf terminal
int s 0/1
ip address 172.16.23.3 255.255.255.0
no shutdown
int loopback 0
ip address 172.16.3.1 255.255.255.0
no shutdown
int loopback 20
ip address 192.168.20.1 255.255.255.0
no shutdown
int loopback 25
ip address 192.168.25.1 255.255.255.0
no shutdown
int loopback 30
ip address 192.168.30.1 255.255.255.0
no shutdown
int loopback 35
ip address 192.168.35.1 255.255.255.0
no shutdown
int loopback 40
ip address 192.168.40.1 255.255.255.0
no shutdown
int loopback 8
ip address 192.168.8.1 255.255.255.0
no shutdown
int loopback 9
ip address 192.168.9.1 255.255.255.0
no shutdown
int loopback 10
ip address 192.168.10.1 255.255.255.0
no shutdown
int loopback 11
ip address 192.168.11.1 255.255.255.0
no shutdown
end
!
!Step 5: Additional OSPF Configuration
conf t
router ospf 1
network 172.16.0.0 0.0.255.255 area 0
network 192.168.0.0 0.0.255.255 area 0
network 192.168.8.0 0.0.3.255 area 20
end
!
!針對末端介接非Router的介面關閉路由資訊(OSPF)交換
conf t
router ospf 1
passive-interface default
no passive-interface s 0/1
end
!
!設定OSPF network type(預設OSPF在Loopback介面上會送出/32的prefix，當宣告正確的network type後便會顯示正確的prefix)
conf t
int lo 0
ip ospf network point-to-point
int lo 8
ip ospf network point-to-point
int lo 9
ip ospf network point-to-point
int lo 10
ip ospf network point-to-point
int lo 11
ip ospf network point-to-point
int lo 25
ip ospf network point-to-point
int lo 30
ip ospf network point-to-point
int lo 35
ip ospf network point-to-point
int lo 40
ip ospf network point-to-point
end
!
!Step 6: Summarize OSPF Areas at the ABR
!設定OSPF ABR手動摘要
conf t
router ospf 1
area 20 range 192.168.8.0 255.255.252.0
end
!
!Step 9: Summarize External Routes into OSPF at the ASBR
!設定OSPF ASBR手動摘要
conf t
router ospf 1
summary-address 192.168.48.0 255.255.252.0
end
!
!Step 11: Modifying OSPF Distances
!調整OSPF Distance值(原始值都是110)
conf t
router ospf 1
distance ospf intra-area 105 inter-area 115 external 175
end

debug指令
debug ip packet
debug ip ospf adj

show指令
show ip eigrp neighbors
show ip route eigrp
show ip eigrp interface
show ip protocol
show ip route ospf
show ip eigrp topology
show ip ospf database

參考文件
Enhanced Interior Gateway Routing Protocol

OSPF Design Guide

Understanding Policy Routing

What Is Administrative Distance

Lab 5-1 Redistribution Between RIP and OSPF

Topology

GNS檔案

R1
!
!Step 0: Basic Setting 
conf terminal
hostname R1
no ip domain-lookup
end
!
!Step 1: Assign Addresses
conf terminal
int s 0/0
ip address 172.16.12.1 255.255.255.0
no shutdown
int loopback 0
ip address    172.16.1.1 255.255.255.0
no shutdown
int loopback 48
ip address 192.168.48.1 255.255.255.0
no shutdown
int loopback 49
ip address 192.168.49.1 255.255.255.0
no shutdown
int loopback 50
ip address 192.168.50.1 255.255.255.0
no shutdown
int loopback 51
ip address 192.168.51.1 255.255.255.0
no shutdown
int loopback 70
ip address 192.168.70.1 255.255.255.0
no shutdown
end
!
!Step 2: Configure RIPv2
conf terminal
router rip
version 2
no auto-summary
network 172.16.0.0
network 192.168.48.0
network 192.168.49.0
network 192.168.50.0
network 192.168.51.0
network 192.168.70.0
end
!
!針對末端介接非Router的介面關閉路由資訊交換
conf terminal
router rip
passive-interface loopback 0
passive-interface loopback 48
passive-interface loopback 49
passive-interface loopback 50
passive-interface loopback 51
passive-interface loopback 70
end
!
!Step 4: Summarize a Supernet with RIP
!方法一[無效]，當輸入指令ip summary-address rip 192.168.48.0 255.255.252.0
!會出現錯誤訊息Summary mask must be greater or equal to major net
!方法二，設定RIP手動摘要(RIP無法使用summary-address的方式，需要透過redistribute static的方式才行)
conf terminal
ip route 192.168.48.0 255.255.252.0 null0
router rip
redistribute static
end
!
!Step 5: Suppress Routes Using Prefix Lists
!設定distribute lists來過濾送出的路由資訊
conf terminal
ip prefix-list RIP-OUT permit 192.168.48.0/22
ip prefix-list RIP-OUT deny 192.168.48.0/22 le 24
ip prefix-list RIP-OUT permit 0.0.0.0/0 le 32
router rip
distribute-list prefix RIP-OUT out serial 0/0
end

R2
!
!Step 0: Basic Setting 
conf terminal
hostname R2
no ip domain-lookup
end
!
!Step 1: Assign Addresses
conf terminal
int s 0/0
ip address 172.16.12.2 255.255.255.0
no shutdown
int s 0/1
ip address 172.16.23.2 255.255.255.0
no shutdown
int loopback 0
ip address 172.16.2.1 255.255.255.0
no shutdown
end
!
!Step 2: Configure RIPv2
conf terminal
router rip
version 2
no auto-summary
network 172.16.0.0
!
!Step 3: Configure Passive Interfaces in RIP
conf t
router rip
passive-interface loopback 0
end
!
!Step 6: Configure OSPF
conf t
router ospf 1
network 172.16.23.0 0.0.0.255 area 0
end
!
!Step 8: Allow One-way Redistribution
conf terminal
router rip
redistribute ospf 1 metric 4
end
!
!Step 9: Redistribute Between Two Routing Protocol
!設定Redistributing OSPF(雙向，採用External Type2)
router ospf 1
redistribute rip subnet
!
!強制送出OSPF Default Route給鄰居(若設備本身無預設路由時，需要使用always指令方能送出預設路由給鄰居)
conf terminal
router ospf 1
default-information originate always
end
!
!Step 10: Set a Default Seed Metric
conf t
router ospf 1
default-metric 10000
end
!
!Step 11: Change the OSPF External Network Type!設定Redistributing OSPF(雙向，採用External Type1)
router ospf 1
redistribute rip subnet metric-type 1
end

R3
!
!Step 0: Basic Setting 
conf terminal
hostname R3
no ip domain-lookup
end
!
!Step 1: Assign Addresses
conf terminal
int s 0/1
ip address 172.16.23.3 255.255.255.0
no shutdown
int loopback 0
ip address    172.16.3.1 255.255.255.0
no shutdown
int loopback 25
ip address 192.168.25.1 255.255.255.0
no shutdown
int loopback 30
ip address 192.168.30.1 255.255.255.0
no shutdown
int loopback 35
ip address 192.168.35.1 255.255.255.0
no shutdown
int loopback 40
ip address 192.168.40.1 255.255.255.0
no shutdown
end
!
!Step 6: Configure OSPF
conf terminal
router ospf 1
network 172.16.23.0 0.0.0.255 area 0
network 172.16.1.0 0.0.0.255 area 0
network 192.168.25.0 0.0.0.255 area 0
network 192.168.30.0 0.0.0.255 area 0
network 192.168.35.0 0.0.0.255 area 0
network 192.168.40.0 0.0.0.255 area 0
!
!Step 7: Configure Passive Interfaces in OSPF
!針對末端介接非Router的介面關閉路由資訊交換(採用反向遮罩的方式)
passive-interface default
no passive-interface s 0/0
end

show指令
show ip route
show ip protocols
show ip route rip
show ip rip database
show ip route ospf
show ip ospf neighbor
show ip ospf database
show ip prefix-list

參考文件
Redistributing Routing Protocols

How Does the Passive Interface Feature Work in EIGRP

Filtering Routing Updates on Distance Vector IP Routing Protocols

How OSPF Injects a Default Route into a Normal Area

Lab 7-1 Configuring Switches for IP Telephony Support

Topology

GNS檔案

DLS1
!
!Step 0: Basic Setting
configure terminal
no ip domain-lookup
hostname DLS1
enable secret cisco
line vty 0 15
password cisco
login
end
!
!Step 1: IP Addressing 
configure terminal
ip routing
interface vlan 1
ip address 172.16.1.3 255.255.255.0
no shutdown
interface vlan 100
ip address 172.16.100.3 255.255.255.0
no shutdown
interface vlan 200
ip address 172.16.200.3 255.255.255.0
no shutdown
end
!
!Step 2: Setting EtherChannels
!設定etherchannel建立channel-group1,2,3
configure terminal
interfacefa 1/7 - 12
shutdown
speed 100
duplex full
interfacefa 1/7 - 8
channel-group 1 mode on
channel-group 1 mode desirable
interfacefa 1/9 - 10
channel-group 2 mode on
channel-group 2 mode desirable
interfacefa 1/11 - 12
channel-group 3 mode on
channel-group 3 mode desirable
no shutdown
end
!
!設定etherchannel為trunk模式
configure terminal
interface port-channel1 – 3
switchport trunk encapsulation dot1q
switchport mode trunk
no shutdown
end
!
!Step 4: Setting VTP Server Mode
!設定VTP資訊(Server)
configure terminal
vtp domain SWPOD
vtp mode server
vtp version 2
!
!Step 5: Setting VLAN Information And Deploy To VTP Clinet
vlan 100
name CP-Data
exit
vlan 200
name Voice
exit
end
!
!Step 6: Setting HSRP
!設定HSRP(vlan1,vlan100為active,vlan200為standby)
configure terminal 
interfacevlan 1
standby 1 ip 172.16.1.1
standby 1 preempt
standby 1 priority 150
!
interfacevlan 100
standby 1 ip 172.16.100.1
standby 1 preempt
standby 1 priority 150
!
interfacevlan 200
standby 1 ip 172.16.200.1
standby 1 preempt
standby 1 priority 100
end
!
!Step 9: Setting Auto Qos Trust
!設定access與voice vlan及啟動auto qos
configure terminal
interfacefa 1/7 - 12
auto qos voip trust
end
!
!Step 10: Verify Auto Qos Trust
show auto qos interface
show mls qos interface fastethernet 0/7

DLS2
!
!Step 0: Basic Setting
configure terminal
no ip domain-lookup
hostname DLS2
enable secret cisco
line vty 0 15
password cisco
login
end
!
!Step 1: IP Addressing 
interface vlan 1
ip routing
configure terminal
ip address 172.16.1.4 255.255.255.0
no shutdown
interface vlan 100
ip address 172.16.100.4 255.255.255.0
no shutdown
interface vlan 200
ip address 172.16.200.4 255.255.255.0
no shutdown
end
!
!Step 2: Setting EtherChannels

!設定etherchannel建立channel-group1,2,3
configure terminal
interfacefa 1/7 - 12
shutdown
speed 100
duplex full
interfacefa 1/7 - 8
channel-group 1 mode on
channel-group 1 mode desirable
interfacefa 1/9 - 10
channel-group 2 mode on
channel-group 2 mode desirable
interfacefa 1/11 - 12
channel-group 3 mode on
channel-group 3 mode desirable
no shutdown
end
!
!設定etherchannel為trunk模式
configure terminal 
interface port-channel1 – 3
switchport trunk encapsulation dot1q
switchport mode trunk
no shutdown
end
!
!Step 4: Setting VTP Client Mode
!設定VTP資訊(Clinet)
configure terminal
vtp domain SWPOD
vtp mode client
end
!
!Step 6: Setting HSRP
!設定HSRP(vlan200為active,vlan1,vlan100為standby)
configure terminal
interfacevlan 1
standby 1 ip 172.16.1.1
standby 1 preempt
standby 1 priority 100
!
interfacevlan 100
standby 1 ip 172.16.100.1
standby 1 preempt
standby 1 priority 100
!
interfacevlan 200
standby 1 ip 172.16.200.1
standby 1 preempt
standby 1 priority 150
end
!
!Step 9: Setting Auto Qos Trust
!設定access與voice vlan及啟動auto qos
configure terminal
interfacefa 1/7 - 12
auto qos voip trust
end

ALS1
!
!Step 0: Basic Setting
configure terminal
no ip domain-lookup
hostname ALS1
enable secret cisco
line vty 0 15
password cisco
login
end
!
!Step 1: IP Addressing 
configure terminal
interface vlan 1
ip address 172.16.1.101 255.255.255.0
no shutdown
exit
ip default-gateway 172.16.1.1
end
!
!Step 2: Setting EtherChannels
!設定etherchannel建立channel-group1,2,3
configure terminal
interfacefa 1/7 - 12
shutdown
speed 100
duplex full
interfacefa 1/7 - 8
channel-group 1 mode on
channel-group 1 mode desirable
interfacefa 1/9 - 10
channel-group 2 mode on
channel-group 2 mode desirable
interfacefa 1/11 - 12
channel-group 3 mode on
channel-group 3 mode desirable
no shutdown
end
!
!設定etherchannel為trunk模式
configure terminal
interface port-channel1 - 3
switchport mode trunk
no show
end
!
!Step 3: Setting VTP Client Mode
!設定VTP資訊(Clinet)
configure terminal
vtp domain SWPOD
vtp mode client
end
!
!Step 7: Setting Auto Qos
!設定access與voice vlan及啟動auto qos
configure terminal
interfacefa 1/13 - 15
switchport access vlan 100
switchport voice vlan 200
auto qos voip
auto qos voip cisco-phone
end
!
!Step 8: Verity AutoQos Setting
show mls qos int fa 1/15
show run interface fastethernet 1/15
end
!
!Step 12: Setting Portfast Function 
!設定spanning-tree portfast
configure terminal
interfacefa 1/13 - 15
spanning-tree portfast
end

ALS2
!
!Step 0: Basic Setting 
configure terminal
no ip domain-lookup
hostname ALS2
enable secret cisco
line vty 0 15
password cisco
login
end
!
!Step 1: IP Addressing 
configure terminal
interface vlan 1
ip address 172.16.1.102 255.255.255.0
no shutdown
exit
ip default-gateway 172.16.1.1
end
!
!Step 2: Setting EtherChannels
!設定etherchannel建立channel-group1,2,3
configure terminal
interfacefa 1/7 - 12
shutdown
speed 100
duplex full
interfacefa 1/7 - 8
channel-group 1 mode on
channel-group 1 mode desirable
interfacefa 1/9 - 10
channel-group 2 mode on
channel-group 2 mode desirable
interfacefa 1/11 - 12
channel-group 3 mode on
channel-group 3 mode desirable
no shutdown
end 
! 
!設定etherchannel為trunk模式
configure terminal
interface port-channel1 - 3
switchport mode trunk
no shutdown
end
!
!Step 3: Setting VTP Client Mode
!設定VTP資訊(Clinet)
configure terminal
vtp domain SWPOD
vtp mode client
end
!
!Step 7: Setting Auto Qos
!設定access與voice vlan及啟動auto qos
configure terminal
interfacefa 1/13 - 15
switchport access vlan 100
switchport voice vlan 200
auto qos voip
auto qos voip cisco-phone
end
!
!Step 11: Manual Setting interface COS Value
conf t
int fa 1/7
mls qos cos 3
end
!
!Step 12: Setting Portfast Function 
!設定spanning-tree portfast
configure terminal
interfacefa 1/13 - 15
spanning-tree portfast
end

showow指令
showip interfacebrief
show cdp neighbors
show etherchannel summary
show etherchannel detail
show vlan-switch
show vlan
show vtp status
show standby brief
show mls qos interface(介面 代號)
show auto qos interface

參考文件
Useing AutoQos

Understanding and Troubleshooting HSRP Problems in Catalyst Switch Networks

Understanding EtherChannel Load Balancing and Redundancy on Catalyst Switches