DOC

IPIOS-Feature

By Marjorie Porter,2014-06-04 22:58
14 views 0
IPIOS-Feature

Lab 135

IP/IOS Feature 1 DRP-server: config R6 to support the distributed director agent function. R6: ip drp server ///题目明确说了是Vlan ? 是这样的 ip drp access-group 6 access-list 6 permit 135.5.56.0 0.0.0.255 # sh ip drp 2 WRED: config random detect on s0/1 of R4. Config critical informationwith that lowest queuesize is 32, maximum queue size is 2000 and droppingrate is one every 50 packets. R4: int s0/1 Random-detect Random-detect precedence 5 32 2000 50 # sh queueing random-detect 3 VOIP Bandwidth Reservation: Config bandwidth reservation for voice traffic on PVC between R4, R3 and R6; Totally reserve 300k bandwidth, and maximum bandwidth for every call is 20K. R4: R3 R6: ip rsvp pq-profile voice-like int s0/0 ip rsvp bandwidth 300 20 r4: ip rsvp pq-profile voice-like int 0/0 ip rsvp bandwidth 300 20 int s0/0.1 ip rsvp bandwidth 300 20 # sh ip rsvp int 4 IP ACCOUNTING: config your customer complained that you must record the traffic from R3 to R1, configured at R3 to record the packets sum and the bytes count form R3 to R1.and set the MAXIMUM record entry to 350. R3: Ip acounting-threshhold 350 int s1 ip accounting output-packets logging buffer 5 Telnet Feature: config on R2, let all users that telneted to R2 can telnet 135.YY.4.4 with hostname "R4", even when they are in user exec mode;When user telnet R4, the map between hostname and ip address should not be seen by user; If telnet fail, it should display message "CONNETION FAILED, REASON IS UNKNOW". R2: service hide-telnet-address ip host R4 135.1.4.4 busy-message R4 #CONNETION FAILED, RESASON IS UNKNOW# # ping r4 # telnet r4 6 Web-Cache Engine: config on R6 let it can intercept the WWW traffic on Fa2/0 and redirect to cache-engine. R6: Ip wccp web-cache Int f 1/0 Ip wccp web-cache redirect out # sh ip wccp 7 Autoinstallation: at R4, creat a new subinterface, use DLCI 402, a new router will connect to this subinterface, at VLAN BB2, there is a TFTP server with ip address: 150.100.2.38, have its configuration file, config R4 for new router's autoinstallation. R4: int s0/1.2 point-to-point ip address xxxxxxxx frame-relay interface-dlci 402 protocol ip xxxxxxx ip helper-address 150.100.2.38 8 Time-Ranges ACL. At weekdays, from 8:00 to 18:00, don’t permit anywww traffic on VLANA, and at weekend, form noon to 16:00, don’t permit any UDP traffic. Configured on R5 for it. R5 F0/0 access-list, 过滤RFC1918 规定的三个网段的私有地址和127.0.0.0/8 这个地址。 R5: clock set 09:17:23 1 mar 2004 clock timezone GMT 8

1

    Lab 135 time-range www periodic weekdays 8:00 to 18:00 time-range udp periodic weekend 12:00 to 16:00 ip access-list extended time deny ip 10.0.0.0 0.255.255.255 any deny ip 127.0.0.0 0.255.255.255 any deny ip 172.16.0.0 0.15.2555.255 any deny ip 192.168.0.0 0.0.255.255 any deny udp 135.1.57.0 0.0.0.255 any eq www time-range www deny udp 135.1.57.0 0.0.0.255 any time-range udp permit ip any any int f0/0 ip access-group time in 1 R5 F0/0 access-list, 过滤RFC1918 规定的三个网段的私有地址和127.0.0.0/8 这个地址。前面已做,见timerange 2 交换机上的端口安全性(port-security: 端口fa0/15 1 台主机,mac:0000.1111.1111 ip address: 1.1.1.1 SW1: Int f 0/15 switchport mode access switchport port-security switchport port-security max 1 switchport port-security mac-address 0000.1111.1111 switchport port-security violation protect arp 1.1.1.1 0000.1111.1111 ARPA alias # sh port-security # sh arp 3 bpduguard 配置在sw1 F0/16 SW1: Int f 0/16 switchport mode access spanning-tree bpduguard enable # sh spanning-tree detail 4 R1 配置SNMP rmon: cpu 达到70%或者下降到40%的时候, log and trap.

     每隔1分钟监控CPU利用率. 监控对象为:lsystem.57.0. R1 snmp-server community cisco RO snmp-server enable traps snmp-server host 150.1.1.252 cisco rmon event 1 log trapccie description high owner config rmon event 2 log trap ccie description low owner config rmon alarm 1 lsystem.57.0 60 absolute rising-threshold 70 1 falling-threshold 40 2 owner config sh snmp / sh snmp group / sh rmon events / sh rmon alarms 5 DHCP : R5 上作server, 它向vlanb 客户发布的domain-server cisco.comdns server 150.100.1.50 150.100.1.51 确保客户端拿到的地址永不过期 R5: service dhcp no ip dhcp conflict logging ip dhcp excluded-address 135.1.57.5 ip dhcp excluded-address 135.1.57.7 ip dhcp pool CCIE network 135.2.57.0 /24 dns-server 150.100.1.50 150.100.1.51 default-router 135.2.57.7 135.2.57.5 domain-name cisco.com lease infinite # sh ip dhcp server statistics 6. voip dial-peer voice 3010 pots destination-pattern 3010 port 1/0/0 dial-peer voice 3011 pots destination-pattern 3011 port 1/0/1 dial-peer voice 3002 voip destination-pattern 3002 session target ipv4:128.28.2.8 ip pre 6 num-exp 0 3011

     2

Report this document

For any questions or suggestions please email
cust-service@docsford.com