某公司网络拓扑如下:
为了尽量减少工程师的工作难度,现将整个网络业务规划做基本情况介绍。
某公司共有:
两个数据中心: AS 65001和 AS 65002
三个分支站点:65003、65004、65005
一个家庭办公点:Home Office
AS 64512 为MPLS核心,主要用于转发站点之间的私有业务流量
AS 64511 和 AS 64513 为Global SP,主要为用户提供互联网接入服务
其中MPLS核心和Global SP互为备份
R9和R13为企业互联网网关,其中每个远程站点均可独立访问互联网,本地互联网链路故障后,可通过×××访问互联网
R9、R14、R15 部署DM×××,其中对于 AS 65005区域,Spoke场点之间的流量优先走DM×××,其它流量优先走MPLS ×××
R13和R18之间部署IPSec LAN to LAN ×××,User4通过IPSec ×××接入公司网络,通过SP2访问互联网
测试规则说明:
参加乾颐堂CCIE理论课学习并完成课后作业的同学,建议参考这个文档和拓扑自行提前研究案例;
测试题使用上面拓扑,几套题目部署不同故障点,测试学员需要在规定时间内完成故障排查,测试时间为六个小时;
以抽签形式决定测试哪一套;
每题分值不同,得分大于等于80%即视为通过测试,可以开始进行LAB考试的备考;
测试过程为开卷测试,允许学员翻阅自己的笔记、查阅官方文档;
测试过程中不允许请其它人帮忙;
一旦有违规行为则取消测试资格,半年之内不允许再次测试;
学员参加测试即视为同意以上规则;
测试过程配置及其它规则:
除非题目有明确说明,否则不允许在任何位置部署静态路由;
不允许修改任何接口的MAC地址;
不允许修改任何接口的IP地址;
不允许创建任何新的路由协议进程;
要求对解题最终解法的每个改动做出记录并解释,否则不给分;
解题现象出来之后要求截图保存,附在解法解释下面;
输出图中标记下划线的部分要求必须完全一致;
任务一 (四分)
AS 65001区域 User1与Server之间的连通性有故障,请排查并实现如下图输出:
User1#traceroute 10.1.200.100 numeric
Type escape sequence to abort.
Tracing the route to 10.1.200.100
VRF info: (vrf in name/id, vrf out name/id)
1 10.1.100.254 1 msec 1 msec 1 msec
2 10.1.10.1 1 msec 1 msec 0 msec
3 10.1.200.100 2 msec * 3 msec
任务二 (二分)
排除故障并实现DM××× Spoke场点之间建立动态隧道,产生如下输出:
R15#traceroute 10.4.1.14 source loopback 0 numeric
Type escape sequence to abort.
Tracing the route to 10.4.1.14
VRF info: (vrf in name/id, vrf out name/id)
1 172.16.1.14 [AS 65001] 5 msec * 1 msec
R15#show crypto session
Crypto session current status
Interface: Tunnel0
Session status: UP-ACTIVE
Peer: 123.14.14.14 port 500
IKEv1 SA: local 123.15.15.15/500 remote 123.14.14.14/500 Active
IPSEC FLOW: permit 47 host 123.15.15.15 host 123.14.14.14
Active SAs: 2, origin: crypto map
任务三 (二分)
排查连通性故障并实现如下输出:
User3#ping 10.1.200.100
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.1.200.100, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 2/2/3 ms
User3#traceroute 10.1.200.100 numeric
Type escape sequence to abort.
Tracing the route to 10.1.200.100
VRF info: (vrf in name/id, vrf out name/id)
1 10.3.100.254 1 msec 0 msec 1 msec
2 10.3.10.1 0 msec 1 msec 0 msec
3 101.2.16.2 1 msec 1 msec 1 msec
4 10.0.10.17 [MPLS: Labels 207/312 Exp 0] 1 msec 1 msec 2 msec
5 10.0.10.1 [MPLS: Labels 108/312 Exp 0] 2 msec 1 msec 2 msec
6 101.2.7.2 [MPLS: Label 312 Exp 0] 2 msec 1 msec 1 msec
7 101.2.7.1 1 msec 2 msec 1 msec
8 10.1.10.5 3 msec 1 msec 1 msec
9 10.1.200.100 3 msec * 3 msec
User3#traceroute 10.2.100.1 numeric
Type escape sequence to abort.
Tracing the route to 10.2.100.1
VRF info: (vrf in name/id, vrf out name/id)
1 10.3.100.254 0 msec 1 msec 0 msec
2 10.3.10.1 1 msec 0 msec 1 msec
3 101.2.16.2 1 msec 1 msec 1 msec
4 10.0.10.17 [MPLS: Labels 204/512 Exp 0] 1 msec 1 msec 2 msec
5 101.2.12.2 [MPLS: Label 512 Exp 0] 1 msec 2 msec 1 msec
6 101.2.12.1 1 msec 3 msec 1 msec
7 10.2.10.5 2 msec 2 msec 1 msec
8 10.2.100.1 2 msec * 4 msec
任务四 (二分)
检查连通性和路由策略配置实现如下输出:
R15#traceroute 10.1.200.100 source loopback 0 numeric
Type escape sequence to abort.
Tracing the route to 10.1.200.100
VRF info: (vrf in name/id, vrf out name/id)
1 101.2.15.2 [AS 65001] 1 msec 0 msec 0 msec
2 10.0.10.21 [AS 65001] [MPLS: Labels 108/312 Exp 0] 1 msec 1 msec 1 msec
3 101.2.7.2 [AS 65001] [MPLS: Label 312 Exp 0] 0 msec 1 msec 0 msec
4 101.2.7.1 [AS 65001] 1 msec 1 msec 0 msec
5 10.1.10.5 [AS 65001] 2 msec 1 msec 1 msec
6 10.1.200.100 [AS 65001] 2 msec * 3 msec
任务五 (四分)
检查连通性和路由策略配置实现如下输出:
R15#traceroute 10.3.100.100 source loopback 0 numeric
Type escape sequence to abort.
Tracing the route to 10.3.100.100
VRF info: (vrf in name/id, vrf out name/id)
1 101.2.15.2 [AS 65001] 1 msec 0 msec 0 msec
2 10.0.10.21 [AS 65001] [MPLS: Labels 106/612 Exp 0] 2 msec 1 msec 1 msec
3 10.0.10.2 [AS 65001] [MPLS: Labels 203/612 Exp 0] 1 msec 1 msec 1 msec
4 101.2.16.2 [AS 65001] [MPLS: Label 612 Exp 0] 1 msec 2 msec 1 msec
5 101.2.16.1 [AS 65001] 1 msec 2 msec 1 msec
6 10.3.10.2 [AS 65003] 2 msec 2 msec 1 msec
7 10.3.100.100 [AS 65003] 2 msec * 3 msec
R15#traceroute 10.2.100.1 source loopback 0 numeric
Type escape sequence to abort.
Tracing the route to 10.2.100.1
VRF info: (vrf in name/id, vrf out name/id)
1 101.2.15.2 [AS 65001] 1 msec 0 msec 1 msec
2 10.0.10.21 [AS 65001] [MPLS: Labels 107/512 Exp 0] 1 msec 2 msec 1 msec
3 10.0.10.2 [AS 65001] [MPLS: Labels 204/512 Exp 0] 1 msec 1 msec 1 msec
4 101.2.12.2 [AS 65001] [MPLS: Label 512 Exp 0] 1 msec 1 msec 1 msec
5 101.2.12.1 [AS 65001] 1 msec 1 msec 1 msec
6 10.2.10.5 [AS 65002] 2 msec 1 msec 2 msec
7 10.2.100.1 [AS 65002] 1 msec * 2 msec
任务六 (二分)
检查连通性和路由策略配置实现如下输出:
User2#traceroute 10.1.200.100 numeric
Type escape sequence to abort.
Tracing the route to 10.1.200.100
VRF info: (vrf in name/id, vrf out name/id)
1 10.2.100.254 1 msec 0 msec 1 msec
2 10.2.10.6 0 msec 0 msec 1 msec
3 101.2.12.2 1 msec 1 msec 1 msec
4 10.0.10.13 [MPLS: Labels 207/312 Exp 0] 7 msec 7 msec 7 msec
5 10.0.10.1 [MPLS: Labels 108/312 Exp 0] 7 msec 6 msec 7 msec
6 101.2.7.2 [MPLS: Label 312 Exp 0] 1 msec 2 msec 2 msec
7 101.2.7.1 7 msec 6 msec 6 msec
8 10.1.10.5 7 msec 7 msec 6 msec
9 10.1.200.100 7 msec * 7 msec
User2#traceroute 10.1.100.100 numeric
Type escape sequence to abort.
Tracing the route to 10.1.100.100
VRF info: (vrf in name/id, vrf out name/id)
1 10.2.100.254 1 msec 0 msec 1 msec
2 10.2.10.2 0 msec 0 msec 1 msec
3 102.10.11.1 9 msec 9 msec 9 msec
4 10.1.10.21 9 msec 10 msec 10 msec
5 10.1.100.100 10 msec * 11 msec
任务七 (四分)
检查连通性并实现如下输出:
User4#traceroute 10.2.100.1 numeric
Type escape sequence to abort.
Tracing the route to 10.2.100.1
VRF info: (vrf in name/id, vrf out name/id)
1 10.6.100.254 0 msec 1 msec 0 msec
2 * * *
3 10.2.10.9 2 msec 1 msec 1 msec
4 10.2.100.1 2 msec * 2 msec
R13#show crypto session
Crypto session current status
Interface: Ethernet0/0
Session status: UP-ACTIVE
Peer: 101.3.17.1 port 4500
IKEv1 SA: local 101.3.13.1/4500 remote 101.3.17.1/4500 Active
IPSEC FLOW: permit ip 10.0.0.0/255.0.0.0 10.6.0.0/255.255.0.0
Active SAs: 2, origin: crypto map
R18#show crypto session
Crypto session current status
Interface: Ethernet0/2
Session status: UP-ACTIVE
Peer: 101.3.13.1 port 4500
IKEv1 SA: local 10.6.10.2/4500 remote 101.3.13.1/4500 Active
IPSEC FLOW: permit ip 10.6.0.0/255.255.0.0 10.0.0.0/255.0.0.0
Active SAs: 2, origin: crypto map
任务八 (二分)
解决远程管理故障,并实现如下输出:
R10#telnet 102.10.11.2
Trying 102.10.11.2 ... Open
User Access Verification
Username: CCNA
Password:
R11>show users
Line User Host(s) Idle Location
0 con 0 idle 00:00:08
* 2 vty 0 CCNA idle 00:00:00 102.10.11.1
Interface User Mode Idle Peer Address
Se1/0 R10 Sync PPP 00:00:02 102.10.11.1
注:telnet用户密码为 : username CCNA password CCIE