Router - yusukew62/docs GitHub Wiki
Router
1.基本設定
1-1.管理アクセス共通設定
ホスト名変更
Router(config)#hostname RT1
割り込みメッセージのコマンド再表示
RT1(config)#line con 0
RT1(config-line)#logging synchronous
セッションタイムアウト時間の変更
RT1(config-line)#exec-timeout 720
コンソール接続のパスワード設定
RT1(config-line)#password cisco_con
RT1(config-line)#login
1-2.パスワード設定
イネーブルパスワードの設定
RT1(config)#enable password cisco_enable
イネーブルシークレットパスワードの設定
RT1(config)#enable secret cisco_enable_secret
イネーブルシークレットパスワードは暗号化されて保存される
イネーブルシークレットとイネーブルを同時に設定した場合イネーブルシークレットが優先
RT1#show run | sec enable
enable secret 5 $1$pF.7$2rr.iWh5uspggJCXFnRqs/
enable password cisco_enable
既存の平文パスワードを暗号化する場合は下記のとおり
RT1(config)#enable password cisco_enable
RT1(config)#service password-encryption
RT1(config)#do show run | sec enable
enable password 7 094F471A1A0A2817050D06262E
特権レベルの確認
ユーザモードの特権レベルの確認
RT1>show privilege
Current privilege level is 1
enableモードの特権レベルの確認
RT1>en
RT1#show privilege
Current privilege level is 15
1-3.telnet接続設定
リモート接続のパスワード設定
RT1(config)#line vty 0 4
RT1(config-line)#password cisco_vty
RT1(config-line)#login
RT1(config-line)#transport input telnet
ユーザアカウントを作成
RT1(config)#username permit password permit
ローカル認証の有効化
RT1(config)#line con 0
RT1(config-line)#login local
RT1(config)#line vty 0 4
RT1(config-line)#login local
1-4.ssh接続設定
ホスト名/ユーザアカウント/ドメイン名の設定
iosv-1(config)#hostname RT1
RT1(config)#username permit password permit
RT1(config)#ip domain-name yusukew62.net
秘密鍵の作成
ここではkey-sizeは1024bitで作成
RT1(config)#crypto key generate rsa
% You already have RSA keys defined named RT1.yusukew62.net.
% Do you really want to replace them? [yes/no]: yes
How many bits in the modulus [512]: 1024
% Generating 1024 bit RSA keys, keys will be non-exportable...
[OK] (elapsed time was 1 seconds)
SSHバージョンの設定
RT1(config)#ip ssh version 2
vty接続時のssh許可、ローカル認証の設定
RT1(config)#line vty 0 4
RT1(config-line)#transport input ssh
RT1(config-line)#login local
設定確認
作成した秘密鍵・公開鍵の確認
RT1#show crypto key mypubkey rsa
% Key pair was generated at: 02:16:22 UTC Jan 14 2018
Key name: RT1.yusukew62.net
Key type: RSA KEYS
Storage Device: not specified
Usage: General Purpose Key
Key is not exportable.
Key Data:
30819F30 0D06092A 864886F7 0D010101 05000381 8D003081 89028181 00A72742
34EA123A 2BF0ABC0 2C34E1B2 7A39389A 72A8FBA3 848183B8 AB1ED596 DD7ADFF0
0BE32817 B3FF2D0B 3C9E46A3 CFF86514 DB9EA602 90B7862F 9C059938 DED442A6
7A1525C6 D3D7315B AD6AFEAD C2B3BC3F C46B5C43 EC64EC47 0718D893 3EA9F53C
EBC05E40 F3646CEE 9BA9A216 CB5D9508 E4ED709C B65C50E4 2CC840F8 DB020301
0001
% Key pair was generated at: 02:16:23 UTC Jan 14 2018
Key name: RT1.yusukew62.net.server
Key type: RSA KEYS
Temporary key
Usage: Encryption Key
Key is not exportable.
Key Data:
307C300D 06092A86 4886F70D 01010105 00036B00 30680261 00E7D052 9A8E8773
AE05CDA9 70D8DF94 0AEF5707 3D0A41FD 7B69FB49 EEC8461C E33E231B 74B589CB
123690BF 30F7B1FB 2B3EAAEE 90973CC4 9B34227E 4B2F3412 171D847B 6D0EE097
204E173C 308FC65B AEEB7397 BDF01AC2 CEE6A954 77EBFFC2 41020301 0001
sshの設定情報の確認
RT1#show ip ssh
SSH Enabled - version 2.0
Authentication methods:password
Authentication Publickey Algorithms:x509v3-ssh-rsa,ssh-rsa
Hostkey Algorithms:x509v3-ssh-rsa,ssh-rsa
Encryption Algorithms:aes128-ctr,aes192-ctr,aes256-ctr
MAC Algorithms:hmac-sha1,hmac-sha1-96
Authentication timeout: 120 secs; Authentication retries: 3
Minimum expected Diffie Hellman key size : 1024 bits
IOS Keys in SECSH format(ssh-rsa, base64 encoded): RT1.yusukew62.net
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAAgQCnJ0I06hI6K/CrwCw04bJ6OTiacqj7o4SBg7irHtWW
3Xrf8AvjKBez/y0LPJ5Go8/4ZRTbnqYCkLeGL5wFmTje1EKmehUlxtPXMVutav6twrO8P8RrXEPsZOxH
BxjYkz6p9TzrwF5A82Rs7pupohbLXZUI5O1wnLZcUOQsyED42w==
ssh接続状態を確認(下記は対向のRT2からSSH接続している)
RT1#show ssh
Connection Version Mode Encryption Hmac State Username
0 1.99 IN aes128-ctr hmac-sha1 Session started permit
0 1.99 OUT aes128-ctr hmac-sha1 Session started permit
動作確認
RT2からRT1(10.0.0.9)へのssh接続
RT2#ssh -l permit 10.0.0.9
(メッセージは割愛)
Password:
(メッセージは割愛)
RT1>
ACLを使用したvtyのアクセス制御
10.0.0.100からのアクセスのみ許可するACLを作成し、vtyにACL適用
RT1(config)#access-list 1 permit 10.0.0.100
RT1(config)#line vty 0 4
RT1(config-line)#access-class 1 in
再度RT2(10.0.0.10)からssh接続すると接続拒否されることを確認
RT2#ssh -l permit 10.0.0.9
% Connection refused by remote host
1-5.バナー設定
バナーを設定、ここでは「### exec ###」とした
exec以外にも motd, login, incomingなどがある
RT1(config)#banner exec $
Enter TEXT message. End with the character '$'.
### exec ###
$
running-configには区切り文字は「^C」で表される
RT1#show run | begin banner
banner exec ^C
### exec ###
^C
2.インターフェイス設定
2-1.スタティック
IPアドレスとサブネットマスク
RT1(config-if)#ip address 172.16.1.1 255.255.255.0
RT1(config-if)#no shutdown
2-2.DHCPクライアント
Fa1をDHCPクライアントとしてIPアドレス取得
RT1(config)#int fa 1
RT1(config-if)#ip address dhcp
RT1(config-if)#no shutdown
2-3.二重モードと速度
二重モードと速度の設定
RT1(config-if)#duplex auto
RT1(config-if)#speed auto
3.DHCPサーバ
DHCPプールの作成
RT1(config)#ip dhcp pool LANUser
ネットワークアドレスの指定
RT1(dhcp-config)#network 172.16.20.0 255.255.255.0
デフォルトゲートウェイの指定
RT1(dhcp-config)#default-router 172.16.20.254
DHCPオプション設定
ドメイン名
RT1(dhcp-config)#domain-name yusukew62.com
リース期間の設定
RT1(dhcp-config)#lease 0 12
除外するIPアドレスの指定
RT1(config)#ip dhcp excluded-address 172.16.20.101 172.16.20.254
動作確認
DHCPプールの表示、アドレスバインディング情報の表示、アドレス競合の表示
RT1#show ip dhcp pool
RT1#show ip dhcp binding
RT1#show ip dhcp conflict
4.NAT
4-1.スタティックNAT
Outside設定
fa0.10をOutsideとして設定
RT1(config)#int fa 0.10
RT1(config-subif)#ip nat outside
Inside設定
fa0.20をInsideとして設定
RT1(config)#int fa 0.20
RT1(config-subif)#ip nat inside
スタティックNAT変換設定
fa0.20の172.16.20.1をfa0.10の172.16.10.2へNAT変換
RT1(config)#ip nat inside source static 172.16.20.1 172.16.10.2
動作確認
PCのIPを172.16.20.1へ設定し、対向機器172.16.10.1へping
NAT変換を確認
RT1#show ip nat translations
Pro Inside global Inside local Outside local Outside global
icmp 172.16.10.2:1 172.16.20.1:1 172.16.10.1:1 172.16.10.1:1
--- 172.16.10.2 172.16.20.1 --- ---
4-2.ダイナミックNAT
Outside設定
fa0.10をOutsideとして設定
RT1(config)#int fa 0.10
RT1(config-subif)#ip nat outside
Inside設定
fa0.20をInsideとして設定
RT1(config)#int fa 0.20
RT1(config-subif)#ip nat inside
ACLリストの作成
変換対象となる内部ローカルアドレスをACLで指定
RT1(config)#access-list 1 permit 172.16.10.0 0.0.0.255
Poolアドレス作成
172.16.10.4~172.16.10.7をPoolアドレスとして作成
RT1(config)#ip nat pool DNAT 172.16.10.4 172.16.10.7 netmask 255.255.255.248
NAT対象のACLリストと適用するPoolアドレスの指定
変換対象となる内部ローカルアドレスをACLで指定
RT1(config)#ip nat inside source list 1 pool DNAT
動作確認
PCのIPを172.16.20.1へ設定し、対向機器172.16.10.1へping
NAT変換を確認
RT1#show ip nat translations
Pro Inside global Inside local Outside local Outside global
udp 172.16.10.4:53 172.16.10.254:53 172.16.10.1:63021 172.16.10.1:63021
udp 172.16.10.4:53 172.16.10.254:53 172.16.10.1:63636 172.16.10.1:63636
--- 172.16.10.4 172.16.10.254 --- ---
5.PAT
5-1.プールに定義されたアドレスを使用して変換したPAT
Outside設定
fa0.10をOutsideとして設定
RT1(config)#int fa 0.10
RT1(config-subif)#ip nat outside
Inside設定
fa0.20をInsideとして設定
RT1(config)#int fa 0.20
RT1(config-subif)#ip nat inside
ACLリストの作成
変換対象となる内部ローカルアドレスをACLで指定
RT1(config)#access-list 1 permit 172.16.20.0 0.0.0.255
Poolアドレス設定
Fa0.20の172.16.10.4をNATプールとして作成
RT1(config)#ip nat pool DPAT 172.16.20.4 172.16.20.4 netmask 255.255.255.248
PAT対象のACLリストと適用するPoolアドレスの指定
RT1(config)#ip nat inside source list 1 pool DPAT overload
動作確認
PCのIPを172.16.20.1へ設定し、対向機器172.16.10.1へping
NAT変換を確認
RT1#show ip nat translations
Pro Inside global Inside local Outside local Outside global
udp 172.16.20.4:1 172.16.10.254:53 172.16.10.1:57134 172.16.10.1:57134
udp 172.16.20.4:2 172.16.10.254:53 172.16.10.1:57316 172.16.10.1:57316
udp 172.16.20.4:3 172.16.10.254:53 172.16.10.1:62835 172.16.10.1:62835
5-2.外部インターフェイスのアドレスを使用して変換したPAT
Outside設定
fa0.10をOutsideとして設定
RT1(config)#int fa 0.10
RT1(config-subif)#ip nat outside
Inside設定
fa0.20をInsideとして設定
RT1(config)#int fa 0.20
RT1(config-subif)#ip nat inside
ACLリストの作成
変換対象となる内部ローカルアドレスをACLで指定
RT1(config)#access-list 1 permit 172.16.20.0 0.0.0.255
PAT対象のACLリストと適用するPoolアドレスの指定
RT1(config)#ip nat inside source list 1 int fa 0.10 overload
動作確認
PCのIPを172.16.20.1へ設定し、対向機器172.16.10.1へping
NAT変換を確認
RT1#show ip nat translations
Pro Inside global Inside local Outside local Outside global
icmp 172.16.10.254:1 172.16.20.1:1 172.16.10.1:1 172.16.10.1:1
6.VLAN間ルーティング
6-1.Router on a stick
- ルータ:サブインタフェースの設定
- スイッチ:トランク接続の設定
- PC:デフォルトゲートウェイの設定
6-2.ルータの設定
管理VLAN用サブインタフェースの作成
RT1(config)#int fa 0.1
RT1(config-subif)#encapsulation dot1q 1
RT1(config-subif)#ip address 172.16.1.254 255.255.255.0
VLAN10用サブインタフェースの作成
RT1(config)#int fa 0.10
RT1(config-subif)#encapsulation dot1q 10
RT1(config-subif)#ip address 172.16.10.254 255.255.255.0
VLAN20用サブインタフェースの作成
RT1(config)#int fa 0.20
RT1(config-subif)#encapsulation dot1q 20
RT1(config-subif)#ip address 172.16.20.254 255.255.255.0
ネイティブVLAN用サブインタフェースの作成
RT1(config)#int fa 0.99
RT1(config-subif)#encapsulation dot1q 99 native
インタフェースの有効化
RT1(config)#int fa 0
RT1(config-if)#no shutdown
6-3.スイッチの設定
VLANの作成
SW1(config)#vlan 10,20,99
アクセスポートの指定
fa0/1-3はアクセスポート(Fa0/1は管理VLAN用、Fa0/2-3はVLAN用)
fa0/4はトランクポート
SW1(config)#int range fa 0/1 - 3
SW1(config-if-range)#switchport mode access
vlanメンバーシップ
fa0/2-3のアクセスポートにVLANを割り当てる
fa0/2
SW1(config)#int fa 0/2
SW1(config-if)#switchport access vlan 10
fa0/3
SW1(config)#int fa 0/3
SW1(config-if)#switchport access vlan 20
トランクポートの設定
fa0/4
SW1(config)#int fa 0/4
SW1(config-if)#switchport mode trunk
SW1(config-if)#switchport nonegotiate
SW1(config-if)#switchport trunk native vlan 99
fa0/1
SW1(config)#int vlan 1
SW1(config-if)#ip address 172.16.1.100 255.255.255.0
SW1(config-if)#no shutdown
デフォルトゲートウェイの設定
SW1(config)#ip default-gateway 172.16.1.254
6-4.PCの設定
Windowsでの場合
1.PCへLANケーブルを刺す
2.ネットワークアダプターの設定からIPアドレスを設定する
3.WindowsファイアウォールでICMPv4を許可する
4.コマンドプロンプト上で対向PCへping確認をする
6-5.ルータの確認
IPアドレスの確認
RT1#show ip int bri
ルーティングの確認
RT1#show ip route | inc 172
サブインタフェースで受信されたパケット数の確認
RT1#show vlans
6-6.スイッチの確認
トランクポートの確認
SW1#show int trunk
アクセスポートの確認
SW1#show int switchport
VLANとアクセスポートの確認
SW1#show vlan brief
管理用VLANの確認
SW1#show int vlan 1
デフォルトゲートウェイの確認
SW1#show run | inc default-gateway
7.RIP
試す構成
SV1-(gi0/2)RT1(gi0/1)-(gi0/1)RT2(gi0/2)-(gi0/1)RT3(gi0/2)-SV2
Interfaceに設定したIPアドレスを確認
RT1#show ip int bri
Interface IP-Address OK? Method Status Protocol
GigabitEthernet0/0 10.255.0.3 YES NVRAM up up
GigabitEthernet0/1 172.16.2.1 YES manual up up
GigabitEthernet0/2 172.16.1.1 YES manual up up
Loopback0 192.168.0.1 YES NVRAM up up
RIPの設定
RT1#conf t
RT1(config)#router rip
RT1(config-router)#version 2
RT1(config-router)#network 172.16.0.0
RT1(config-router)#passive-interface gi 0/2
設定の確認
RT1#show run | sec router rip
router rip
version 2
passive-interface GigabitEthernet0/2
network 172.16.0.0
ルーティングの確認
RT1#show ip route rip
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
a - application route
+ - replicated route, % - next hop override, p - overrides from PfR
Gateway of last resort is not set
172.16.0.0/16 is variably subnetted, 6 subnets, 2 masks
R 172.16.3.0/24 [120/1] via 172.16.2.2, 00:00:17, GigabitEthernet0/1
R 172.16.4.0/24 [120/2] via 172.16.2.2, 00:00:17, GigabitEthernet0/1
各種パラメータと現在の値の確認
RT1#show ip protocols | sec rip
Routing Protocol is "rip"
Outgoing update filter list for all interfaces is not set
Incoming update filter list for all interfaces is not set
Sending updates every 30 seconds, next due in 13 seconds
Invalid after 180 seconds, hold down 180, flushed after 240
Redistributing: rip
Default version control: send version 2, receive version 2
Interface Send Recv Triggered RIP Key-chain
GigabitEthernet0/1 2 2 No none
Automatic network summarization is in effect
Maximum path: 4
Routing for Networks:
172.16.0.0
Passive Interface(s):
GigabitEthernet0/2
Routing Information Sources:
Gateway Distance Last Update
172.16.2.2 120 00:00:26
Distance: (default is 120)
RIPデータベースの確認
RT1#show ip rip database
172.16.0.0/16 auto-summary
172.16.1.0/24 directly connected, GigabitEthernet0/2
172.16.2.0/24 directly connected, GigabitEthernet0/1
172.16.3.0/24
[1] via 172.16.2.2, 00:00:18, GigabitEthernet0/1
172.16.4.0/24
[2] via 172.16.2.2, 00:00:18, GigabitEthernet0/1
ルーティング確認
RT1
RT1#show ip route rip
(割愛)
Gateway of last resort is 172.16.2.2 to network 0.0.0.0
172.16.0.0/16 is variably subnetted, 6 subnets, 2 masks
R 172.16.3.0/24 [120/1] via 172.16.2.2, 00:00:01, GigabitEthernet0/1
R 172.16.4.0/24 [120/2] via 172.16.2.2, 00:00:01, GigabitEthernet0/1
RT2
RT2#show ip route rip
(割愛)
Gateway of last resort is 172.16.2.1 to network 0.0.0.0
R* 0.0.0.0/0 [120/1] via 172.16.2.1, 00:00:15, GigabitEthernet0/1
172.16.0.0/16 is variably subnetted, 6 subnets, 2 masks
R 172.16.1.0/24 [120/1] via 172.16.2.1, 00:00:15, GigabitEthernet0/1
R 172.16.4.0/24 [120/1] via 172.16.3.3, 00:00:06, GigabitEthernet0/2
RT3
RT3#show ip route rip
(割愛)
Gateway of last resort is 172.16.3.2 to network 0.0.0.0
R* 0.0.0.0/0 [120/2] via 172.16.3.2, 00:00:18, GigabitEthernet0/1
172.16.0.0/16 is variably subnetted, 6 subnets, 2 masks
R 172.16.1.0/24 [120/2] via 172.16.3.2, 00:00:18, GigabitEthernet0/1
R 172.16.2.0/24 [120/1] via 172.16.3.2, 00:00:18, GigabitEthernet0/1
RIPのオプション
アップデート情報でデフォルトルートの配布
RT1の対向のRT2のgi0/1のネクストホップをデフォルトゲートウェイに指定
RT1(config)#ip route 0.0.0.0 0.0.0.0 172.16.2.2
RT1(config)#router rip
RT1(config-router)#default-information originate
RIPのトラブルシューティング
デバッグでパケット確認
RT1#debug ip rip
RIP protocol debugging is on
アップデート情報の受信
RT1#
*Jan 13 12:22:15.508: RIP: received v2 update from 172.16.2.2 on GigabitEthernet0/1
*Jan 13 12:22:15.509: 172.16.3.0/24 via 0.0.0.0 in 1 hops
*Jan 13 12:22:15.509: 172.16.4.0/24 via 0.0.0.0 in 2 hops
アップデート情報の送信
RT1#
*Jan 13 12:22:26.622: RIP: sending v2 update to 224.0.0.9 via GigabitEthernet0/1 (172.16.2.1)
*Jan 13 12:22:26.622: RIP: build update entries
*Jan 13 12:22:26.623: 172.16.1.0/24 via 0.0.0.0, metric 1, tag 0
8.セキュリティ
CDPの停止
RT1(config)#no cdp run
RT1(config)#no ^Z
RT1#show cdp neighbors
% CDP is not enabled
httpサーバの停止
RT1(config)#no ip http server
httpsサーバの起動(WebUIを使用する場合)
RT1(config)#ip http secure-server
TCP/UDPスモールサーバの無効化
RT1(config)#no service tcp-small-servers
RT1(config)#no service udp-small-servers
有効状態のサービス確認
RT1#show control-plane host open-ports
Active internet connections (servers and established)
Prot Local Address Foreign Address Service State
tcp *:22 *:0 SSH-Server LISTEN
tcp *:23 *:0 Telnet LISTEN
tcp *:443 *:0 HTTP CORE LISTEN
tcp *:443 *:0 HTTP CORE LISTEN
udp *:18999 *:0 udp_transport Server LISTEN
9.ネットワークデバイス管理
9-1.CDP
CDPの有効化
RT1(config)#cdp run
CDPのグローバルな情報の確認
RT1#show cdp
Global CDP information:
Sending CDP packets every 60 seconds
Sending a holdtime value of 180 seconds
Sending CDPv2 advertisements is enabled
CDPネイバー情報の表示
RT1#show cdp neighbors
Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge
S - Switch, H - Host, I - IGMP, r - Repeater, P - Phone,
D - Remote, C - CVTA, M - Two-port Mac Relay
Device ID Local Intrfce Holdtme Capability Platform Port ID
RT2.virl.info Gig 0/2 132 R B Gig 0/1
RT2.virl.info Gig 0/0 166 R B Gig 0/0
Total cdp entries displayed : 2
CDPで取得した詳細情報の確認
RT1#show cdp neighbors detail
-------------------------
Device ID: RT2.virl.info
Entry address(es):
IP address: 10.0.0.10
Platform: Cisco , Capabilities: Router Source-Route-Bridge
Interface: GigabitEthernet0/2, Port ID (outgoing port): GigabitEthernet0/1
Holdtime : 171 sec
Version :
Cisco IOS Software, IOSv Software (VIOS-ADVENTERPRISEK9-M), Version 15.6(3)M2, RELEASE SOFTWARE (fc2)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2017 by Cisco Systems, Inc.
Compiled Wed 29-Mar-17 14:05 by prod_rel_team
advertisement version: 2
Duplex: full
Management address(es):
IP address: 10.0.0.10
-------------------------
Device ID: RT2.virl.info
Entry address(es):
IP address: 10.255.0.50
Platform: Cisco , Capabilities: Router Source-Route-Bridge
Interface: GigabitEthernet0/0, Port ID (outgoing port): GigabitEthernet0/0
Holdtime : 159 sec
Version :
Cisco IOS Software, IOSv Software (VIOS-ADVENTERPRISEK9-M), Version 15.6(3)M2, RELEASE SOFTWARE (fc2)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2017 by Cisco Systems, Inc.
Compiled Wed 29-Mar-17 14:05 by prod_rel_team
advertisement version: 2
Duplex: full
Management address(es):
IP address: 10.255.0.50
Total CDP entries displayed : 2
CDPのインタフェース情報の表示
RT1#show cdp interface
GigabitEthernet0/0 is up, line protocol is up
Encapsulation ARPA
Sending CDP packets every 60 seconds
Holdtime is 180 seconds
GigabitEthernet0/1 is up, line protocol is up
Encapsulation ARPA
Sending CDP packets every 60 seconds
Holdtime is 180 seconds
GigabitEthernet0/2 is up, line protocol is up
Encapsulation ARPA
Sending CDP packets every 60 seconds
Holdtime is 180 seconds
cdp enabled interfaces : 3
interfaces up : 3
interfaces down : 0
CDPのトラフィック情報の表示
RT1#show cdp traffic
CDP counters :
Total packets output: 86, Input: 56
Hdr syntax: 0, Chksum error: 0, Encaps failed: 0
No memory: 0, Invalid packet: 0,
CDP version 1 advertisements output: 0, Input: 0
CDP version 2 advertisements output: 86, Input: 56
9-2.LLDP
LLDPの有効化
RT1(config)#lldp run
LLDPのグローバルな情報の確認
RT1#show lldp
Global LLDP Information:
Status: ACTIVE
LLDP advertisements are sent every 30 seconds
LLDP hold time advertised is 120 seconds
LLDP interface reinitialisation delay is 2 seconds
LLDPネイバー情報の表示
RT1#show lldp neighbors
Capability codes:
(R) Router, (B) Bridge, (T) Telephone, (C) DOCSIS Cable Device
(W) WLAN Access Point, (P) Repeater, (S) Station, (O) Other
Device ID Local Intf Hold-time Capability Port ID
RT2.virl.info Gi0/2 120 R Gi0/1
RT2.virl.info Gi0/0 120 R Gi0/0
Total entries displayed: 2
LLDPで取得した詳細情報の確認
RT1#show lldp neighbors detail
------------------------------------------------
Local Intf: Gi0/2
Chassis id: 5e00.0003.0000
Port id: Gi0/1
Port Description: to iosv-1
System Name: RT2.virl.info
System Description:
Cisco IOS Software, IOSv Software (VIOS-ADVENTERPRISEK9-M), Version 15.6(3)M2, RELEASE SOFTWARE (fc2)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2017 by Cisco Systems, Inc.
Compiled Wed 29-Mar-17 14:05 by prod_rel_team
Time remaining: 95 seconds
System Capabilities: B,R
Enabled Capabilities: R
Management Addresses:
IP: 10.0.0.10
Auto Negotiation - not supported
Physical media capabilities - not advertised
Media Attachment Unit type - not advertised
Vlan ID: - not advertised
------------------------------------------------
Local Intf: Gi0/0
Chassis id: 5e00.0003.0000
Port id: Gi0/0
Port Description: OOB Management
System Name: RT2.virl.info
System Description:
Cisco IOS Software, IOSv Software (VIOS-ADVENTERPRISEK9-M), Version 15.6(3)M2, RELEASE SOFTWARE (fc2)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2017 by Cisco Systems, Inc.
Compiled Wed 29-Mar-17 14:05 by prod_rel_team
Time remaining: 95 seconds
System Capabilities: B,R
Enabled Capabilities: R
Management Addresses:
IP: 10.255.0.55
Auto Negotiation - not supported
Physical media capabilities - not advertised
Media Attachment Unit type - not advertised
Vlan ID: - not advertised
Total entries displayed: 2
LLDPのインタフェース情報の表示
RT1#show lldp interface
GigabitEthernet0/0:
Tx: enabled
Rx: enabled
Tx state: IDLE
Rx state: WAIT FOR FRAME
GigabitEthernet0/1:
Tx: enabled
Rx: enabled
Tx state: IDLE
Rx state: WAIT FOR FRAME
GigabitEthernet0/2:
Tx: enabled
Rx: enabled
Tx state: IDLE
Rx state: WAIT FOR FRAME
LLDPのトラフィック情報の表示
RT1#show lldp traffic
LLDP traffic statistics:
Total frames out: 30
Total entries aged: 0
Total frames in: 20
Total frames received in error: 0
Total frames discarded: 0
Total TLVs discarded: 0
Total TLVs unrecognized: 0
9-3.名前解決
名前とIPアドレスのマッピング
RT1(config)#ip host RT2 10.0.0.13
hostsの表示
RT1#show hosts
Default domain is virl.info
Name/address lookup uses static mappings
Codes: UN - unknown, EX - expired, OK - OK, ?? - revalidate
temp - temporary, perm - permanent
NA - Not Applicable None - Not defined
Host Port Flags Age Type Address(es)
RT2 None (perm, OK) 0 IP 10.0.0.13
9-4.telnet
接続状況の確認
RT2#show users
Line User Host(s) Idle Location
0 con 0 idle 00:06:45
*578 vty 0 idle 00:00:00 10.0.0.9
Interface User Mode Idle Peer Address
telnetセッションの中断
RT2(config)# (Ctl+Shift+6キーを同時押下後、xキーを押下)
RT1#
直前のtelnetセッションの再開
RT1#resume
[Resuming connection 1 to RT2 ... ]
RT2(config)#
特定のtelnetセッションの再開
RT1からRT2のセッション3へ接続後、セッション中断を行い直前セッションがセッション3であることを確認
RT1#show sessions
Conn Host Address Byte Idle Conn Name
1 RT2 10.0.0.13 0 2 RT2
2 RT2 10.0.0.13 0 1
3 RT2 10.0.0.13 0 1
4 RT2 10.0.0.13 0 0
* 5 RT2 10.0.0.13 0 0
RT1#resume 3
[Resuming connection 3 to RT2 ... ]
RT2(config-if)#
RT1#show sessions
Conn Host Address Byte Idle Conn Name
1 RT2 10.0.0.13 0 3 RT2
2 RT2 10.0.0.13 0 2
* 3 RT2 10.0.0.13 0 0
4 RT2 10.0.0.13 0 1
5 RT2 10.0.0.13 0 1
リモートデバイスでセッションの終了
リモートデバイス側でexit or logout
RT2>
RT1#show sessions
Conn Host Address Byte Idle Conn Name
1 RT2 10.0.0.13 0 0 RT2
2 RT2 10.0.0.13 0 0
3 RT2 10.0.0.13 0 0
4 RT2 10.0.0.13 0 0
* 5 RT2 10.0.0.13 0 0
RT1#resume 5
[Resuming connection 5 to RT2 ... ]
RT2>exit
[Connection to RT2 closed by foreign host]
RT1#show sessions
Conn Host Address Byte Idle Conn Name
1 RT2 10.0.0.13 0 1 RT2
2 RT2 10.0.0.13 0 1
3 RT2 10.0.0.13 0 0
* 4 RT2 10.0.0.13 0 0
クライアント側でリモートデバイスのセッションを切断
RT1#show sessions
Conn Host Address Byte Idle Conn Name
1 RT2 10.0.0.13 0 2 RT2
2 RT2 10.0.0.13 0 2
3 RT2 10.0.0.13 0 2
* 4 RT2 10.0.0.13 0 0
RT1#disconnect 4
Closing connection to RT2 [confirm]
RT1#show sessions
Conn Host Address Byte Idle Conn Name
1 RT2 10.0.0.13 0 3 RT2
2 RT2 10.0.0.13 0 2
* 3 RT2 10.0.0.13 0 2
サーバ側でセッションを切断(ただし自分自身のセッションを切断はできない)
RT2#show users
Line User Host(s) Idle Location
578 vty 0 idle 00:04:58 10.0.0.9
579 vty 1 idle 00:04:48 10.0.0.9
*580 vty 2 idle 00:00:00 10.0.0.9
Interface User Mode Idle Peer Address
RT2#clear line 579
[confirm]
[OK]
RT2#show users
Line User Host(s) Idle Location
578 vty 0 idle 00:05:09 10.0.0.9
*580 vty 2 idle 00:00:00 10.0.0.9
Interface User Mode Idle Peer Address
サーバ側からセッション切断した場合、クライアント側にはセッションは残っているようにみえる
セッションを再開しようとするとエラーが表示される
RT1#show sessions
Conn Host Address Byte Idle Conn Name
1 RT2 10.0.0.13 0 7 RT2
2 RT2 10.0.0.13 6 6
* 3 RT2 10.0.0.13 0 0
RT1#resume 2
[Resuming connection 2 to RT2 ... ]
[Connection to RT2 closed by foreign host]
RT1#show sessions
Conn Host Address Byte Idle Conn Name
1 RT2 10.0.0.13 0 9 RT2
* 3 RT2 10.0.0.13 0 0
9-5.syslog
syslogサーバの設定
RT1(config)#logging 10.0.0.6
ファシリティはデフォルトでlocal7であることがわかる
root@server-1:~# tcpdump -i eth1 -nn port 514
22:33:05.061821 IP 10.0.0.5.57392 > 10.0.0.6.514: SYSLOG local7.info, length: 117
syslogファシリティの変更
RT1(config)#logging facility syslog
ファシリティがsyslogへ変更されたことを確認
22:36:54.779254 IP 10.0.0.5.57392 > 10.0.0.6.514: SYSLOG syslog.notice, length: 81
コンソールへのロギング出力の無効
RT1(config)#no logging console
コンソールへのロギングをシビリティを指定
ここでは1:Alert、デフォルトは7:Debug
RT1(config)#logging console 1
syslogサーバへ転送するシビリティレベルを設定
ここでは2:Critical
RT1(config)#logging trap 2
ロギングバッファサイズを設定
4096-2147483647の範囲から選択、ここでは4096に設定
RT1(config)#logging buffered 4096
ロギングバッファのシビリティを設定
0-6の範囲で選択、ここでは6:information
RT1(config)#logging buffered 6
ロギングバッファを表示
RT1#show logging
Syslog logging: enabled (0 messages dropped, 3 messages rate-limited, 0 flushes, 0 overruns, xml disabled, filtering disabled)
No Active Message Discriminator.
No Inactive Message Discriminator.
Console logging: level debugging, 59 messages logged, xml disabled,
filtering disabled
Monitor logging: level debugging, 0 messages logged, xml disabled,
filtering disabled
Buffer logging: level debugging, 2 messages logged, xml disabled,
filtering disabled
Exception Logging: size (8192 bytes)
Count and timestamp logging messages: disabled
Persistent logging: disabled
No active filter modules.
Trap logging: level debugging, 68 message lines logged
Logging to 10.0.0.6 (udp port 514, audit disabled,
link up),
25 message lines logged,
0 message lines rate-limited,
0 message lines dropped-by-MD,
xml disabled, sequence number disabled
filtering disabled
Logging Source-Interface: VRF Name:
Log Buffer (4096 bytes):
*Jan 21 00:11:46.177: %SYS-5-LOG_CONFIG_CHANGE: Buffer logging: level debugging, xml disabled, filtering disabled, size (4096)
*Jan 21 00:11:51.504: %SYS-5-CONFIG_I: Configured from console by console
CPU使用率確認
RT1#show processes
CPU utilization for five seconds: 2%/0%; one minute: 3%; five minutes: 2%
PID QTy PC Runtime (ms) Invoked uSecs Stacks TTY Process
1 Cwe 409D80B 1 11 9011044/12000 0 Chunk Manager
2 Csp 27415D 21 2074 10 5300/6000 0 Load Meter
3 Mwe 2FD64F7 2248 10196 220 8812/12000 0 OSPF-1 Router
4 Mwe 3E1EEBE 0 1 011500/12000 0 RO Notify Timers
5 Lst 3DD5261 1115 1392 80110668/12000 0 Check heaps
6 Cwe 3DCE00D 455 347 131110796/12000 0 Pool Manager
7 Mwe 3DCDEE6 0 1 011484/12000 0 DiscardQ Backgro
8 Mst 1116ED7 1 2 50011180/12000 0 Timers
9 Mwe 1181CEF 21 158 132 5516/6000 0 WATCH_AFS
10 Mwe 19FD25 1 1 100031404/32000 0 Crash writer
(割愛)
システムクロックの表示
先頭に"*"が付いている場合は時刻が正確ではない
RT1#show clock
*01:06:42.576 UTC Sun Jan 21 2018
Time source is hardware calendar
手動でシステムクロックを設定
RT1#clock set 10:11:00 21 Jan 2018
手動設定されたことがわかる
RT1#show clock detail
10:12:55.267 UTC Sun Jan 21 2018
Time source is user configuration
タイムゾーンをUTCからJST(UTC+9)に変更
先にタイムゾーンを設定した後に時刻を設定する
RT1(config)#clock timezone JST 9
RT1#clock set 10:20:00 21 Jan 2018
UTCからJFTに変更したことがわかる
RT1#show clock detail
10:20:03.766 JST Sun Jan 21 2018
Time source is user configuration
ハードウェアクロックの確認
RT1#show calendar
10:24:33 JST Sun Jan 21 2018
ソフトウェアクロックをハードウェアクロックに同期
RT1#clock update-calendar
10.ルータの管理
10-1.ルータの起動シーケンス
1.POSTの実行
ルータのすべてのコンポーネント(CPU、I/F、メモリ)の機能確認
2.ブートストラップコードのロードと実行
NVRAM内のコンフィグレーションレジスタのチェック
3.IOSのロード
IOSをRAMへロード
4.コンフィグレーションファイルの検出
NVRAM内にstartup-configがある場合は、RAMへrunning-configとしてロード
NVRAM内にstartup-configがない場合は、セットアップモードを起動
5.IOSの実行
running-configを使用してIOSを実行
10-2.Ciscoイメージの管理
コンフィグレーションレジスタの確認
RT1#show version
(割愛)
Configuration register is 0x0
Cisco IOSファイルシステム(IFS)のファイルシステムの表示
RT1#show file systems
File Systems:
Size(b) Free(b) Type Flags Prefixes
* 2142715904 1989595136 disk rw flash0: flash:#
- - disk rw flash1:
- - disk rw flash2:
10192896 10192384 disk rw flash3:#
- - opaque rw archive:
- - opaque rw system:
262144 254872 nvram rw nvram:
(割愛)
10-3.IOSの命名規則
IOSのバージョン表記
Version 15.6(3)M2
バージョン番号:15.6
フィーチャリリース番号:(3)
トレイン:M(M:拡張メンテナンスリリース、Tは標準メンテナンスリリース)
リビルト番号:2(機能追加なしでBugfixを行った回数)
IOSイメージの命名規則
vios-adventerprisek9-m
プラットフォーム:vios
フィーチャセット:adventerprisek9
イメージの実行場所/ファイルの暗号:m(RAM)
10-4.IOSイメージのバックアップ
IOSイメージの確認
RT1#show flash:
(割愛)
267 147988420 Mar 29 2017 09:00:00 +09:00 vios-adventerprisek9-m
(割愛)
tftpサーバへのIOSイメージのバックアップ
RT1#copy flash: tftp:
Source filename [boot]? vios-adventerprisek9-m
Address or name of remote host []? 10.0.0.6
Destination filename [vios-adventerprisek9-m]?
10-5.ntpによる時刻同期
下記ではRT1をntpクライアント、RT2をntpサーバとして設定している
RT2をntpサーバとして設定
RT2(config)#ntp master 3
RT2のntpのアソシエーション(ntpを実行しているマシン間の通信)を確認
RT2#show ntp associations
address ref clock st when poll reach delay offset disp
*~127.127.1.1 .LOCL. 2 10 16 1 0.000 0.000 7937.5
* sys.peer, # selected, + candidate, - outlyer, x falseticker, ~ configured
RT2のntpのステータス確認
RT2#show ntp status
Clock is unsynchronized, stratum 3, reference is 127.127.1.1
nominal freq is 1000.0003 Hz, actual freq is 1000.0003 Hz, precision is 2**15
ntp uptime is 6700 (1/100 of seconds), resolution is 1000
reference time is DE0F0DAB.03EEDC7D (22:01:31.015 JST Sun Jan 21 2018)
clock offset is 0.0000 msec, root delay is 0.00 msec
root dispersion is 437.80 msec, peer dispersion is 437.72 msec
loopfilter state is 'FREQ' (Drift being measured), drift is 0.000000000 s/s
system poll interval is 16, last update was 3 sec ago.
RT1をntpクライアントとして設定
RT1(config)#ntp server 10.0.0.10
RT1のntpアソシエーションを確認
RT1#show ntp associations
address ref clock st when poll reach delay offset disp
*~10.0.0.10 127.127.1.1 3 17 64 1 3.986 -63.490 187.61
* sys.peer, # selected, + candidate, - outlyer, x falseticker, ~ configured
RT1のntpステータスを確認
RT1#show ntp status
Clock is unsynchronized, stratum 4, reference is 10.0.0.10
nominal freq is 1000.0003 Hz, actual freq is 1000.0003 Hz, precision is 2**14
ntp uptime is 88300 (1/100 of seconds), resolution is 1000
reference time is DE0F1166.A4A27772 (13:17:26.643 UTC Sun Jan 21 2018)
clock offset is -89.8436 msec, root delay is 4.12 msec
root dispersion is 203.63 msec, peer dispersion is 63.03 msec
loopfilter state is 'FREQ' (Drift being measured), drift is 0.000000000 s/s
system poll interval is 64, last update was 8 sec ago.
RT1のソフトウェアクロックを確認
RT1#show clock detail
*13:18:34.101 UTC Sun Jan 21 2018
Time source is NTP
11.IPv6
11-1.IPv6アドレス手動設定
IPv6のIFの無効
RT1(config)#int gi 0/2
RT1(config-if)#no ipv6 address 2001:DB8:A:0:1:1:0:A/126
IPv6アドレスの手動設定(インターフェイスIDは手動設定)
RT1(config)#int gi 0/2
RT1(config-if)#ipv6 address 2001:DB8:A:0:1:1:0:A/126
RT1(config-if)#^Z
RT1#show ipv6 int bri gi 0/2
GigabitEthernet0/2 [up/up]
FE80::F816:3EFF:FE8B:C0F7
2001:DB8:A:0:1:1:0:A
IPv6アドレスの手動設定(インターフェイスIDはeui-64で自動生成)
RT1(config)#int gi 0/2
RT1(config-if)#ipv6 address 2001:DB8:A:0:1:1:0::/126 eui-64
RT1(config-if)#^Z
RT1#show ipv6 int bri gi 0/2
GigabitEthernet0/2 [up/up]
FE80::F816:3EFF:FE8B:C0F7
2001:DB8:A:0:1:1:0:3
リンクローカルアドレスの設定
RT1(config)#int gi 0/2
RT1(config-if)#ipv6 address FE80::F816:3EFF:FE8B:C0F7 link-local
11-2.IPv6アドレスの自動設定
RAの設定
RT1にRA(ルータ広告)の設定
RT1(config)#ipv6 unicast-routing
RAを受信してIPv6の自動設定
RT2のgi0/1はRAを受信してIPv6の自動設定をするよう設定
RT2(config)#int gi 0/1
RT2(config-if)#ipv6 address autoconfig
11-3.IPv6アドレス設定の動作確認
RT1からRT2へのicmpv6による疎通確認
RT1#ping ipv6 2001:DB8:A:0:1:1:0:B
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 2001:DB8:A:0:1:1:0:B, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/3/11 ms
RT2側でicmpv6のデバッグモードをOnにした状態での確認
RT2#debug ipv6 icmp
ICMPv6 Packet debugging is on
RT2#
*Jan 21 16:08:53.828: ICMPv6: Received echo request, Src=2001:DB8:A:0:1:1:0:A, Dst=2001:DB8:A:0:1:1:0:B
*Jan 21 16:08:53.829: ICMPv6: Sent echo reply, Src=2001:DB8:A:0:1:1:0:B, Dst=2001:DB8:A:0:1:1:0:A
11-4.RIPngの設定
RIPngの設定
RT1にRIPngの設定(RT2も同様に設定する)
RT1(config)#ipv6 router rip RIPng
RT1(config-rtr)#int gi 0/1
RT1(config-if)#ipv6 rip RIPng enable
RT1(config-if)#int gi 0/2
RT1(config-if)#ipv6 rip RIPng enable
RIPngの確認
IPv6のRIPngの確認
RT1#show ipv6 rip
RIP process "RIPng", port 521, multicast-group FF02::9, pid 48
Administrative distance is 120. Maximum paths is 16
Updates every 30 seconds, expire after 180
Holddown lasts 0 seconds, garbage collect after 120
Split horizon is on; poison reverse is off
Default routes are not generated
Periodic updates 8, trigger updates 3
Full Advertisement 0, Delayed Events 0
Interfaces:
GigabitEthernet0/2
GigabitEthernet0/1
Redistribution:
None
IPv6ルーティングの確認
RT1#show ipv6 route rip
IPv6 Routing Table - default - 7 entries
Codes: C - Connected, L - Local, S - Static, U - Per-user Static route
B - BGP, HA - Home Agent, MR - Mobile Router, R - RIP
H - NHRP, I1 - ISIS L1, I2 - ISIS L2, IA - ISIS interarea
IS - ISIS summary, D - EIGRP, EX - EIGRP external, NM - NEMO
ND - ND Default, NDp - ND Prefix, DCE - Destination, NDr - Redirect
RL - RPL, O - OSPF Intra, OI - OSPF Inter, OE1 - OSPF ext 1
OE2 - OSPF ext 2, ON1 - OSPF NSSA ext 1, ON2 - OSPF NSSA ext 2
la - LISP alt, lr - LISP site-registrations, ld - LISP dyn-eid
lA - LISP away, a - Application
R 2001:DB8:A:0:1:1:0:C/126 [120/2]
via FE80::F816:3EFF:FE5B:AD6D, GigabitEthernet0/2
IPv6のネクストホップの確認
RT1#show ipv6 rip next-hops
RIP process "RIPng", Next Hops
FE80::F816:3EFF:FE5B:AD6D/GigabitEthernet0/2 [2 paths]
RIPngの経路情報の確認
RT1#show ipv6 rip database
RIP process "RIPng", local RIB
2001:DB8:A:0:1:1:0:8/126, metric 2
GigabitEthernet0/2/FE80::F816:3EFF:FE5B:AD6D, expires in 176 secs
2001:DB8:A:0:1:1:0:C/126, metric 2, installed
GigabitEthernet0/2/FE80::F816:3EFF:FE5B:AD6D, expires in 176 secs
12.EIGRP
12-1.EIGRPの設定
インタフェースの設定
RT1のインタフェース設定
RT1(config)#int gi 0/1
RT1(config-if)#ip address 172.16.1.1 255.255.255.0
RT1(config)#int gi 0/2
RT1(config-if)#ip address 172.16.2.1 255.255.255.0
RT2のインタフェース設定
RT2(config)#int gi 0/1
RT2(config-if)#ip address 172.16.2.2 255.255.255.0
RT2(config)#int gi 0/2
RT2(config-if)#ip address 172.16.3.2 255.255.255.0
RT3のインタフェース設定
RT3(config)#int gi 0/1
RT3(config-if)#ip address 172.16.3.3 255.255.255.0
RT3(config)#int gi 0/2
RT3(config-if)#ip address 172.16.4.3 255.255.255.0
eigrpの設定
RT1(config)#router eigrp 1
RT1(config-router)#network 172.16.0.0
RT2(config)#router eigrp 1
RT2(config-router)#network 172.16.2.0 0.0.0.255
RT2(config-router)#network 172.16.3.0 0.0.0.255
RT3(config)#router eigrp 1
RT3(config-router)#network 172.16.3.0 0.0.0.255
RT3(config-router)#network 172.16.4.0 0.0.0.255
12-2.EIGRPの確認
eigrpのルーティングプロトコル情報の確認
IPルーティングプロトコルに関するパラメータ確認
RT1#show ip protocols
(割愛)
Routing Protocol is "eigrp 1"
Outgoing update filter list for all interfaces is not set
Incoming update filter list for all interfaces is not set
Default networks flagged in outgoing updates
Default networks accepted from incoming updates
EIGRP-IPv4 Protocol for AS(1)
Metric weight K1=1, K2=0, K3=1, K4=0, K5=0
Soft SIA disabled
NSF-aware route hold timer is 240
Router-ID: 192.168.0.2
Topology : 0 (base)
Active Timer: 3 min
Distance: internal 90 external 170
Maximum path: 4
Maximum hopcount 100
Maximum metric variance 1
Automatic Summarization: disabled
Maximum path: 4
Routing for Networks:
172.16.1.0/24
172.16.0.0
Routing Information Sources:
Gateway Distance Last Update
172.16.2.2 90 00:12:32
Distance: internal 90 external 170
eigrpの各ネイバーの情報を確認
RT1
RT1#show ip eigrp neighbors
EIGRP-IPv4 Neighbors for AS(1)
H Address Interface Hold Uptime SRTT RTO Q Seq
(sec) (ms) Cnt Num
0 172.16.2.2 Gi0/2 14 00:16:33 5 100 0 8
RT2
RT2#show ip eigrp neighbors
EIGRP-IPv4 Neighbors for AS(1)
H Address Interface Hold Uptime SRTT RTO Q Seq
(sec) (ms) Cnt Num
1 172.16.3.3 Gi0/2 10 00:17:54 5 100 0 4
0 172.16.2.1 Gi0/1 14 00:19:04 5 100 0 4
RT3
RT3#show ip eigrp neighbors
EIGRP-IPv4 Neighbors for AS(1)
H Address Interface Hold Uptime SRTT RTO Q Seq
(sec) (ms) Cnt Num
0 172.16.3.2 Gi0/1 12 00:18:27 1278 5000 0 7
eigrpのルーティング情報の確認
RT1
RT1#show ip route eigrp
172.16.0.0/16 is variably subnetted, 6 subnets, 2 masks
D 172.16.3.0/24 [90/3072] via 172.16.2.2, 00:23:31, GigabitEthernet0/2
D 172.16.4.0/24 [90/3328] via 172.16.2.2, 00:22:20, GigabitEthernet0/2
RT2
RT2#show ip route eigrp
172.16.0.0/16 is variably subnetted, 6 subnets, 2 masks
D 172.16.1.0/24 [90/3072] via 172.16.2.1, 00:24:59, GigabitEthernet0/1
D 172.16.4.0/24 [90/3072] via 172.16.3.3, 00:23:42, GigabitEthernet0/2
RT3
RT3#show ip route eigrp
172.16.0.0/16 is variably subnetted, 6 subnets, 2 masks
D 172.16.1.0/24 [90/3328] via 172.16.3.2, 00:24:12, GigabitEthernet0/1
D 172.16.2.0/24 [90/3072] via 172.16.3.2, 00:24:12, GigabitEthernet0/1
eigrpのインタフェース情報の確認
RT1
RT1#show ip eigrp int
EIGRP-IPv4 Interfaces for AS(1)
Xmit Queue PeerQ Mean Pacing Time Multicast Pending
Interface Peers Un/Reliable Un/Reliable SRTT Un/Reliable Flow Timer Routes
Gi0/1 0 0/0 0/0 0 0/0 0 0
Gi0/2 1 0/0 0/0 5 0/0 50 0
RT2
RT2#show ip eigrp int
EIGRP-IPv4 Interfaces for AS(1)
Xmit Queue PeerQ Mean Pacing Time Multicast Pending
Interface Peers Un/Reliable Un/Reliable SRTT Un/Reliable Flow Timer Routes
Gi0/1 1 0/0 0/0 5 0/0 50 0
Gi0/2 1 0/0 0/0 5 0/0 50 0
RT3
RT3#show ip eigrp interfaces
EIGRP-IPv4 Interfaces for AS(1)
Xmit Queue PeerQ Mean Pacing Time Multicast Pending
Interface Peers Un/Reliable Un/Reliable SRTT Un/Reliable Flow Timer Routes
Gi0/1 1 0/0 0/0 1278 0/0 6388 0
Gi0/2 0 0/0 0/0 0 0/0 0 0
eigrpトポロジーの確認
RT1
RT1#show ip eigrp topology
EIGRP-IPv4 Topology Table for AS(1)/ID(192.168.0.2)
Codes: P - Passive, A - Active, U - Update, Q - Query, R - Reply,
r - reply Status, s - sia Status
P 172.16.2.0/24, 1 successors, FD is 2816
via Connected, GigabitEthernet0/2
P 172.16.3.0/24, 1 successors, FD is 3072
via 172.16.2.2 (3072/2816), GigabitEthernet0/2
P 172.16.1.0/24, 1 successors, FD is 2816
via Connected, GigabitEthernet0/1
P 172.16.4.0/24, 1 successors, FD is 3328
via 172.16.2.2 (3328/3072), GigabitEthernet0/2
RT2
RT2#show ip eigrp topology
EIGRP-IPv4 Topology Table for AS(1)/ID(192.168.0.4)
Codes: P - Passive, A - Active, U - Update, Q - Query, R - Reply,
r - reply Status, s - sia Status
P 172.16.2.0/24, 1 successors, FD is 2816
via Connected, GigabitEthernet0/1
P 172.16.3.0/24, 1 successors, FD is 2816
via Connected, GigabitEthernet0/2
P 172.16.1.0/24, 1 successors, FD is 3072
via 172.16.2.1 (3072/2816), GigabitEthernet0/1
P 172.16.4.0/24, 1 successors, FD is 3072
via 172.16.3.3 (3072/2816), GigabitEthernet0/2
RT3
RT3#show ip eigrp topology
EIGRP-IPv4 Topology Table for AS(1)/ID(192.168.0.5)
Codes: P - Passive, A - Active, U - Update, Q - Query, R - Reply,
r - reply Status, s - sia Status
P 172.16.2.0/24, 1 successors, FD is 3072
via 172.16.3.2 (3072/2816), GigabitEthernet0/1
P 172.16.3.0/24, 1 successors, FD is 2816
via Connected, GigabitEthernet0/1
P 172.16.1.0/24, 1 successors, FD is 3328
via 172.16.3.2 (3328/3072), GigabitEthernet0/1
P 172.16.4.0/24, 1 successors, FD is 2816
via Connected, GigabitEthernet0/2
特定ネットワークの詳細情報を表示
RT1で172.16.1.0/24
RT1#show ip eigrp topology 172.16.1.0 255.255.255.0
EIGRP-IPv4 Topology Entry for AS(1)/ID(192.168.0.2) for 172.16.1.0/24
State is Passive, Query origin flag is 1, 1 Successor(s), FD is 2816
Descriptor Blocks:
0.0.0.0 (GigabitEthernet0/1), from Connected, Send flag is 0x0
Composite metric is (2816/0), route is Internal
Vector metric:
Minimum bandwidth is 1000000 Kbit
Total delay is 10 microseconds
Reliability is 255/255
Load is 1/255
Minimum MTU is 1500
Hop count is 0
Originating router is 192.168.0.2
RT1で172.16.2.0/24
RT1#show ip eigrp topology 172.16.2.0 255.255.255.0
EIGRP-IPv4 Topology Entry for AS(1)/ID(192.168.0.2) for 172.16.2.0/24
State is Passive, Query origin flag is 1, 1 Successor(s), FD is 2816
Descriptor Blocks:
0.0.0.0 (GigabitEthernet0/2), from Connected, Send flag is 0x0
Composite metric is (2816/0), route is Internal
Vector metric:
Minimum bandwidth is 1000000 Kbit
Total delay is 10 microseconds
Reliability is 255/255
Load is 1/255
Minimum MTU is 1500
Hop count is 0
Originating router is 192.168.0.2
RT1で172.16.3.0/24
RT1#show ip eigrp topology 172.16.3.0 255.255.255.0
EIGRP-IPv4 Topology Entry for AS(1)/ID(192.168.0.2) for 172.16.3.0/24
State is Passive, Query origin flag is 1, 1 Successor(s), FD is 3072
Descriptor Blocks:
172.16.2.2 (GigabitEthernet0/2), from 172.16.2.2, Send flag is 0x0
Composite metric is (3072/2816), route is Internal
Vector metric:
Minimum bandwidth is 1000000 Kbit
Total delay is 20 microseconds
Reliability is 253/255
Load is 1/255
Minimum MTU is 1500
Hop count is 1
Originating router is 192.168.0.4
RT1で172.16.4.0/24
EIGRP-IPv4 Topology Entry for AS(1)/ID(192.168.0.2) for 172.16.4.0/24
State is Passive, Query origin flag is 1, 1 Successor(s), FD is 3328
Descriptor Blocks:
172.16.2.2 (GigabitEthernet0/2), from 172.16.2.2, Send flag is 0x0
Composite metric is (3328/3072), route is Internal
Vector metric:
Minimum bandwidth is 1000000 Kbit
Total delay is 30 microseconds
Reliability is 251/255
Load is 1/255
Minimum MTU is 1500
Hop count is 2
Originating router is 192.168.0.5
eigrpの送受信パケット数の確認
RT1
RT1#show ip eigrp traffic
EIGRP-IPv4 Traffic Statistics for AS(1)
Hellos sent/received: 1002/493
Updates sent/received: 5/7
Queries sent/received: 0/0
Replies sent/received: 0/0
Acks sent/received: 4/4
SIA-Queries sent/received: 0/0
SIA-Replies sent/received: 0/0
Hello Process ID: 119
PDM Process ID: 99
Socket Queue: 0/10000/1/0 (current/max/highest/drops)
Input Queue: 0/10000/1/0 (current/max/highest/drops)
12-3.EIGRPのオプション設定
パッシブインタフェース
パッシブインタフェースの設定
RT1(config)#router eigrp 1
RT1(config-router)#passive-interface gi 0/1
パッシブインタフェースの確認
RT1#show ip protocols
(割愛)
Routing Protocol is "eigrp 1"
Outgoing update filter list for all interfaces is not set
Incoming update filter list for all interfaces is not set
Default networks flagged in outgoing updates
Default networks accepted from incoming updates
EIGRP-IPv4 Protocol for AS(1)
Metric weight K1=1, K2=0, K3=1, K4=0, K5=0
Soft SIA disabled
NSF-aware route hold timer is 240
Router-ID: 192.168.0.2
Topology : 0 (base)
Active Timer: 3 min
Distance: internal 90 external 170
Maximum path: 4
Maximum hopcount 100
Maximum metric variance 1
Automatic Summarization: disabled
Maximum path: 4
Routing for Networks:
172.16.1.0/24
172.16.0.0
Passive Interface(s):
GigabitEthernet0/1
Routing Information Sources:
Gateway Distance Last Update
172.16.2.2 90 00:50:06
Distance: internal 90 external 170
自動経路集約
自動経路集約の設定
RT1(config-router)#auto-summary
12-4.EIGRPのトラブルシューティング
eigrpのパケット
eigrpのパケット確認
RT1#debug eigrp packets
(UPDATE, REQUEST, QUERY, REPLY, HELLO, UNKNOWN, PROBE, ACK, STUB, SIAQUERY, SIAREPLY)
EIGRP Packet debugging is on
RT1#
*Feb 20 00:03:20.749: EIGRP: Received HELLO on Gi0/2 - paklen 20 nbr 172.16.2.2
*Feb 20 00:03:20.750: AS 1, Flags 0x0:(NULL), Seq 0/0 interfaceQ 0/0 iidbQ un/rely 0/0 peerQ un/rely 0/0
*Feb 20 00:03:21.330: EIGRP: Sending HELLO on Gi0/1 - paklen 20
*Feb 20 00:03:21.330: AS 1, Flags 0x0:(NULL), Seq 0/0 interfaceQ 0/0 iidbQ un/rely 0/0
RT1#
*Feb 20 00:03:24.736: EIGRP: Sending HELLO on Gi0/2 - paklen 20
*Feb 20 00:03:24.736: AS 1, Flags 0x0:(NULL), Seq 0/0 interfaceQ 0/0 iidbQ un/rely 0/0
*Feb 20 00:03:25.260: EIGRP: Received HELLO on Gi0/2 - paklen 20 nbr 172.16.2.2
*Feb 20 00:03:25.260: AS 1, Flags 0x0:(NULL), Seq 0/0 interfaceQ 0/0 iidbQ un/rely 0/0 peerQ un/rely 0/0
13.OSPF
13-1.OSPF設定
OSPF設定
RT1(config)#router ospf 1
RT1(config-router)#network 172.16.0.0 0.0.255.255 area 0
13-2.OSPFオプション設定
ルータIDの設定
ルータIDの設定後はospfプロセスのクリアが必要
RT1(config-router)#router-id 1.1.1.1
% OSPF: Reload or use "clear ip ospf process" command, for this to take effect
ospfプロセスのクリア
RT1#clear ip ospf process
Reset ALL OSPF processes? [no]: yes
パッシブインタフェース
RT1(config-router)#passive-interface gi 0/1
プライオリティの変更
RT1(config)#int gi 0/2
RT1(config-if)#ip ospf priority 10
13-3.OSPF設定確認
ルーティングプロトコルの確認
RT1#show ip protocols
(割愛)
Routing Protocol is "ospf 1"
Outgoing update filter list for all interfaces is not set
Incoming update filter list for all interfaces is not set
Router ID 1.1.1.1
Number of areas in this router is 1. 1 normal 0 stub 0 nssa
Maximum path: 4
Routing for Networks:
172.16.0.0 0.0.255.255 area 0
Passive Interface(s):
GigabitEthernet0/1
Routing Information Sources:
Gateway Distance Last Update
3.3.3.3 110 00:17:25
192.168.0.4 110 01:07:41
172.16.4.3 110 00:56:24
Distance: (default is 110)
OSPFネイバー情報の確認
RT1#show ip ospf neighbor
Neighbor ID Pri State Dead Time Address Interface
2.2.2.2 1 FULL/DR 00:00:38 172.16.2.2 GigabitEthernet0/2
OSPFのルーティング確認
RT1#show ip route ospf
(割愛)
172.16.0.0/16 is variably subnetted, 6 subnets, 2 masks
O 172.16.3.0/24 [110/2] via 172.16.2.2, 00:03:44, GigabitEthernet0/2
O 172.16.4.0/24 [110/3] via 172.16.2.2, 00:03:34, GigabitEthernet0/2
OSPFインタフェースの確認
RT1
RT1#show ip ospf int bri
Interface PID Area IP Address/Mask Cost State Nbrs F/C
Gi0/2 1 0 172.16.2.1/24 1 BDR 1/1
Gi0/1 1 0 172.16.1.1/24 1 DR 0/0
RT2
RT2#show ip ospf int bri
Interface PID Area IP Address/Mask Cost State Nbrs F/C
Gi0/2 2 0 172.16.3.2/24 1 BDR 1/1
Gi0/1 2 0 172.16.2.2/24 1 DR 1/1
RT3
RT3#show ip ospf int bri
Interface PID Area IP Address/Mask Cost State Nbrs F/C
Gi0/2 3 0 172.16.4.3/24 1 DR 0/0
Gi0/1 3 0 172.16.3.3/24 1 DR 1/1
OSPFのデータベース情報確認
RT1#show ip ospf database
OSPF Router with ID (1.1.1.1) (Process ID 1)
Router Link States (Area 0)
Link ID ADV Router Age Seq# Checksum Link count
1.1.1.1 1.1.1.1 444 0x8000000A 0x00F5DC 2
2.2.2.2 2.2.2.2 423 0x8000000F 0x005F9F 2
3.3.3.3 3.3.3.3 420 0x8000000A 0x0006B4 2
172.16.4.3 172.16.4.3 790 0x80000005 0x004E03 2
Net Link States (Area 0)
Link ID ADV Router Age Seq# Checksum
172.16.2.2 2.2.2.2 450 0x80000001 0x002A3B
172.16.3.3 3.3.3.3 431 0x80000001 0x004B0C
OSPF情報の確認
RT1#show ip ospf
Routing Process "ospf 1" with ID 1.1.1.1
Start time: 00:09:48.545, Time elapsed: 01:05:01.107
Supports only single TOS(TOS0) routes
Supports opaque LSA
Supports Link-local Signaling (LLS)
Supports area transit capability
Supports NSSA (compatible with RFC 3101)
Supports Database Exchange Summary List Optimization (RFC 5243)
Event-log enabled, Maximum number of events: 1000, Mode: cyclic
Router is not originating router-LSAs with maximum metric
Initial SPF schedule delay 5000 msecs
Minimum hold time between two consecutive SPFs 10000 msecs
Maximum wait time between two consecutive SPFs 10000 msecs
Incremental-SPF disabled
Minimum LSA interval 5 secs
Minimum LSA arrival 1000 msecs
LSA group pacing timer 240 secs
Interface flood pacing timer 33 msecs
Retransmission pacing timer 66 msecs
EXCHANGE/LOADING adjacency limit: initial 300, process maximum 300
Number of external LSA 0. Checksum Sum 0x000000
Number of opaque AS LSA 0. Checksum Sum 0x000000
Number of DCbitless external and opaque AS LSA 0
Number of DoNotAge external and opaque AS LSA 0
Number of areas in this router is 1. 1 normal 0 stub 0 nssa
Number of areas transit capable is 0
External flood list length 0
IETF NSF helper support enabled
Cisco NSF helper support enabled
Reference bandwidth unit is 100 mbps
Area BACKBONE(0)
Number of interfaces in this area is 2
Area has no authentication
SPF algorithm last executed 00:07:48.278 ago
SPF algorithm executed 7 times
Area ranges are
Number of LSA 6. Checksum Sum 0x021F79
Number of opaque link LSA 0. Checksum Sum 0x000000
Number of DCbitless LSA 0
Number of indication LSA 0
Number of DoNotAge LSA 0
Flood list length 0
ospfインタフェースの確認
RT1#show ip ospf int gi 0/2
GigabitEthernet0/2 is up, line protocol is up
Internet Address 172.16.2.1/24, Area 0, Attached via Network Statement
Process ID 1, Router ID 1.1.1.1, Network Type BROADCAST, Cost: 1
Topology-MTID Cost Disabled Shutdown Topology Name
0 1 no no Base
Transmit Delay is 1 sec, State BDR, Priority 1
Designated Router (ID) 2.2.2.2, Interface address 172.16.2.2
Backup Designated router (ID) 1.1.1.1, Interface address 172.16.2.1
Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5
oob-resync timeout 40
Hello due in 00:00:08
Supports Link-local Signaling (LLS)
Cisco NSF helper support enabled
IETF NSF helper support enabled
Index 1/2/2, flood queue length 0
Next 0x0(0)/0x0(0)/0x0(0)
Last flood scan length is 1, maximum is 2
Last flood scan time is 0 msec, maximum is 1 msec
Neighbor Count is 1, Adjacent neighbor count is 1
Adjacent with neighbor 2.2.2.2 (Designated Router)
Suppress hello for 0 neighbor(s)
13-4.OSPFトラブルシュート
helloパケット
*Feb 21 03:12:42.775: OSPF-2 HELLO Gi0/1: Send hello to 224.0.0.5 area 0 from 172.16.2.2
*Feb 21 03:12:42.778: OSPF-2 HELLO Gi0/2: Send hello to 224.0.0.5 area 0 from 172.16.3.2
14.GRE
14-1.GRE設定
インタフェース設定
RT1
RT1(config)#int gi 0/1
RT1(config-if)#ip addr 172.16.1.1 255.255.255.0
RT1(config)#int gi 0/2
RT1(config-if)#ip addr 172.16.2.1 255.255.255.0
RT2
RT2(config)#int gi 0/1
RT2(config-if)#ip addr 172.16.2.2 255.255.255.0
RT2(config)#int gi 0/2
RT2(config-if)#ip addr 172.16.3.2 255.255.255.0
RT3
RT3(config)#int gi 0/1
RT3(config-if)#ip addr 172.16.3.3 255.255.255.0
RT3(config)#int gi 0/2
RT3(config-if)#ip addr 172.16.4.3 255.255.255.0
ospf設定*
RT1
RT1(config)#router ospf 1
RT1(config-router)#router-id 1.1.1.1
RT1(config-router)#network 172.16.0.0 0.0.255.255 area 0
RT1(config-router)#passive-interface gi 0/1
RT2
RT2(config)#router ospf 2
RT2(config-router)#router-id 2.2.2.2
RT2(config-router)#network 172.16.0.0 0.0.255.255 area 0
RT3
RT3(config)#router ospf 3
RT3(config-router)#router-id 3.3.3.3
RT3(config-router)#network 172.16.0.0 0.0.255.255 area 0
RT3(config-router)#passive-interface gi 0/2
GRE Tunnel設定
RT1
RT1(config)#int tun 0
RT1(config-if)#tun mode gre ip
RT1(config-if)#tun source 172.16.2.1
RT1(config-if)#tun destination 172.16.3.3
RT1(config-if)#ip addr 10.0.0.1 255.255.255.0
RT3
RT3(config)#int tun 0
RT3(config-if)#tun mode gre ip
RT3(config-if)#tun source 172.16.3.3
RT3(config-if)#tun destination 172.16.2.1
RT3(config-if)#ip addr 10.0.0.3 255.255.255.0
ospf neighborの確認
RT1
RT1#show ip ospf neighbor
Neighbor ID Pri State Dead Time Address Interface
2.2.2.2 1 FULL/DR 00:00:36 172.16.2.2 GigabitEthernet0/2
RT2
RT2#show ip ospf neighbor
Neighbor ID Pri State Dead Time Address Interface
3.3.3.3 1 FULL/DR 00:00:34 172.16.3.3 GigabitEthernet0/2
1.1.1.1 1 FULL/BDR 00:00:30 172.16.2.1 GigabitEthernet0/1
RT3
RT3#show ip ospf neighbor
Neighbor ID Pri State Dead Time Address Interface
2.2.2.2 1 FULL/BDR 00:00:35 172.16.3.2 GigabitEthernet0/1
ルーティングの確認
RT1
RT1#show ip route
(割愛)
10.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C 10.0.0.0/24 is directly connected, Tunnel0 ★
L 10.0.0.1/32 is directly connected, Tunnel0 ★
172.16.0.0/16 is variably subnetted, 6 subnets, 2 masks
C 172.16.1.0/24 is directly connected, GigabitEthernet0/1
L 172.16.1.1/32 is directly connected, GigabitEthernet0/1
C 172.16.2.0/24 is directly connected, GigabitEthernet0/2
L 172.16.2.1/32 is directly connected, GigabitEthernet0/2
O 172.16.3.0/24 [110/2] via 172.16.2.2, 00:31:27, GigabitEthernet0/2
O 172.16.4.0/24 [110/3] via 172.16.2.2, 00:31:17, GigabitEthernet0/2
192.168.0.0/32 is subnetted, 1 subnets
C 192.168.0.1 is directly connected, Loopback0
RT2
RT2#show ip route
(割愛)
172.16.0.0/16 is variably subnetted, 6 subnets, 2 masks
O 172.16.1.0/24 [110/2] via 172.16.2.1, 00:34:01, GigabitEthernet0/1
C 172.16.2.0/24 is directly connected, GigabitEthernet0/1
L 172.16.2.2/32 is directly connected, GigabitEthernet0/1
C 172.16.3.0/24 is directly connected, GigabitEthernet0/2
L 172.16.3.2/32 is directly connected, GigabitEthernet0/2
O 172.16.4.0/24 [110/2] via 172.16.3.3, 00:33:33, GigabitEthernet0/2
192.168.0.0/32 is subnetted, 1 subnets
C 192.168.0.5 is directly connected, Loopback0
RT3
RT3#show ip route
(割愛)
10.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C 10.0.0.0/24 is directly connected, Tunnel0 ★
L 10.0.0.3/32 is directly connected, Tunnel0 ★
172.16.0.0/16 is variably subnetted, 6 subnets, 2 masks
O 172.16.1.0/24 [110/3] via 172.16.3.2, 00:35:25, GigabitEthernet0/1
O 172.16.2.0/24 [110/2] via 172.16.3.2, 00:35:25, GigabitEthernet0/1
C 172.16.3.0/24 is directly connected, GigabitEthernet0/1
L 172.16.3.3/32 is directly connected, GigabitEthernet0/1
C 172.16.4.0/24 is directly connected, GigabitEthernet0/2
L 172.16.4.3/32 is directly connected, GigabitEthernet0/2
192.168.0.0/32 is subnetted, 1 subnets
C 192.168.0.4 is directly connected, Loopback0
tunnelインタフェースの確認
RT1
RT1#show int tun 0
Tunnel0 is up, line protocol is up
Hardware is Tunnel
Internet address is 10.0.0.1/24
MTU 17916 bytes, BW 100 Kbit/sec, DLY 50000 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation TUNNEL, loopback not set
Keepalive not set
Tunnel linestate evaluation up
Tunnel source 172.16.2.1, destination 172.16.3.3
Tunnel protocol/transport GRE/IP
Key disabled, sequencing disabled
Checksumming of packets disabled
Tunnel TTL 255, Fast tunneling enabled
Tunnel transport MTU 1476 bytes
Tunnel transmit bandwidth 8000 (kbps)
Tunnel receive bandwidth 8000 (kbps)
Last input never, output never, output hang never
Last clearing of "show interface" counters 00:36:23
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: fifo
Output queue: 0/0 (size/max)
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
0 packets input, 0 bytes, 0 no buffer
Received 0 broadcasts (0 IP multicasts)
0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
0 packets output, 0 bytes, 0 underruns
0 output errors, 0 collisions, 0 interface resets
0 unknown protocol drops
0 output buffer failures, 0 output buffers swapped out
15.eBGP
15-1.eBGP設定
インタフェースの設定
RT1
RT1(config)#int gi 0/1
RT1(config-if)#ip addr 172.16.1.1 255.255.255.0
RT2
RT2(config)#int gi 0/1
RT2(config-if)#ip addr 172.16.1.2 255.255.255.0
RT2(config)#int gi 0/2
RT2(config-if)#ip addr 172.16.2.2 255.255.255.0
RT3
RT3(config)#int gi 0/1
RT3(config-if)#ip addr 172.16.2.3 255.255.255.0
eBGP設定
RT1
RT1(config)#router bgp 10
RT1(config-router)#neighbor 172.16.1.2 remote-as 20
RT2
RT2(config)#router bgp 20
RT2(config-router)#neighbor 172.16.1.1 remote-as 10
RT2(config-router)#neighbor 172.16.2.3 remote-as 30
RT3
RT3(config)#router bgp 30
RT3(config-router)#neighbor 172.16.2.2 remote-as 20
eBGP設定確認
RT1
RT1#show ip bgp summary
BGP router identifier 192.168.0.1, local AS number 10
BGP table version is 1, main routing table version 1
Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd
172.16.1.2 4 20 7 7 1 0 0 00:02:47 0
RT2
RT2#show ip bgp summary
BGP router identifier 192.168.0.2, local AS number 20
BGP table version is 1, main routing table version 1
Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd
172.16.1.1 4 10 7 7 1 0 0 00:02:56 0
172.16.2.3 4 30 5 3 1 0 0 00:01:20 0
RT3
RT3#show ip bgp summary
BGP router identifier 192.168.0.3, local AS number 30
BGP table version is 1, main routing table version 1
Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd
172.16.2.2 4 20 3 5 1 0 0 00:01:27 0
ネイバーの詳細情報を確認
RT1#show ip bgp neighbors 172.16.1.2
BGP neighbor is 172.16.1.2, remote AS 20, external link
BGP version 4, remote router ID 192.168.0.2
BGP state = Established, up for 00:10:04
Last read 00:00:21, last write 00:00:19, hold time is 180, keepalive interval is 60 seconds
Neighbor sessions:
1 active, is not multisession capable (disabled)
Neighbor capabilities:
Route refresh: advertised and received(new)
Four-octets ASN Capability: advertised and received
Address family IPv4 Unicast: advertised and received
Enhanced Refresh Capability: advertised and received
Multisession Capability:
Stateful switchover support enabled: NO for session 1
Message statistics:
InQ depth is 0
OutQ depth is 0
Sent Rcvd
Opens: 1 1
Notifications: 0 0
Updates: 1 1
Keepalives: 13 13
Route Refresh: 0 0
Total: 15 15
Do log neighbor state changes (via global configuration)
Default minimum time between advertisement runs is 30 seconds
For address family: IPv4 Unicast
Session: 172.16.1.2
BGP table version 1, neighbor version 1/0
Output queue size : 0
Index 1, Advertise bit 0
1 update-group member
Slow-peer detection is disabled
Slow-peer split-update-group dynamic is disabled
Sent Rcvd
Prefix activity: ---- ----
Prefixes Current: 0 0
Prefixes Total: 0 0
Implicit Withdraw: 0 0
Explicit Withdraw: 0 0
Used as bestpath: n/a 0
Used as multipath: n/a 0
Used as secondary: n/a 0
Outbound Inbound
Local Policy Denied Prefixes: -------- -------
Total: 0 0
Number of NLRIs in the update sent: max 0, min 0
Last detected as dynamic slow peer: never
Dynamic slow peer recovered: never
Refresh Epoch: 1
Last Sent Refresh Start-of-rib: never
Last Sent Refresh End-of-rib: never
Last Received Refresh Start-of-rib: never
Last Received Refresh End-of-rib: never
Sent Rcvd
Refresh activity: ---- ----
Refresh Start-of-RIB 0 0
Refresh End-of-RIB 0 0
Address tracking is enabled, the RIB does have a route to 172.16.1.2
Connections established 1; dropped 0
Last reset never
External BGP neighbor configured for connected checks (single-hop no-disable-connected-check)
Interface associated: GigabitEthernet0/1 (peering address in same link)
Transport(tcp) path-mtu-discovery is enabled
Graceful-Restart is disabled
SSO is disabled
Connection state is ESTAB, I/O status: 1, unread input bytes: 0
Connection is ECN Disabled, Mininum incoming TTL 0, Outgoing TTL 1
Local host: 172.16.1.1, Local port: 179
Foreign host: 172.16.1.2, Foreign port: 33380
Connection tableid (VRF): 0
Maximum output segment queue size: 50
Enqueued packets for retransmit: 0, input: 0 mis-ordered: 0 (0 bytes)
Event Timers (current time is 0x1269AA):
Timer Starts Wakeups Next
Retrans 14 0 0x0
TimeWait 0 0 0x0
AckHold 14 11 0x0
SendWnd 0 0 0x0
KeepAlive 0 0 0x0
GiveUp 0 0 0x0
PmtuAger 0 0 0x0
DeadWait 0 0 0x0
Linger 0 0 0x0
ProcessQ 0 0 0x0
iss: 3081074458 snduna: 3081074786 sndnxt: 3081074786
irs: 1470156664 rcvnxt: 1470156992
sndwnd: 16057 scale: 0 maxrcvwnd: 16384
rcvwnd: 16057 scale: 0 delrcvwnd: 327
SRTT: 846 ms, RTTO: 1975 ms, RTV: 1129 ms, KRTT: 0 ms
minRTT: 4 ms, maxRTT: 1000 ms, ACK hold: 200 ms
uptime: 604226 ms, Sent idletime: 19518 ms, Receive idletime: 19316 ms
Status Flags: passive open, gen tcbs
Option Flags: nagle, path mtu capable
IP Precedence value : 6
Datagrams (max data segment is 1460 bytes):
Rcvd: 30 (out of order: 0), with data: 15, total data bytes: 327
Sent: 29 (retransmit: 0, fastretransmit: 0, partialack: 0, Second Congestion: 0), with data: 15, total data bytes: 327
Packets received in fast path: 0, fast processed: 0, slow path: 0
fast lock acquisition failures: 0, slow path: 0
TCP Semaphore 0x0C5BBEAC FREE
プロトコル情報の確認
RT1#show ip protocols
(割愛)
Routing Protocol is "bgp 10"
Outgoing update filter list for all interfaces is not set
Incoming update filter list for all interfaces is not set
IGP synchronization is disabled
Automatic route summarization is disabled
Neighbor(s):
Address FiltIn FiltOut DistIn DistOut Weight RouteMap
172.16.1.2
Maximum path: 1
Routing Information Sources:
Gateway Distance Last Update
Distance: external 20 internal 200 local 200