Модуль C. Предварительная конфигурация.

BR1

enable
conf t
!
enable password cisco
!
line vty 0 4
password cisco
transport input telnet
!
int f0/0
no sh
ip add 192.168.254.3 255.255.255.0
!
end
wr

HQ1

enable
conf t
!
enable password cisco
!
line vty 0 4
password cisco
transport input telnet
!
int F0/1
no sh
ip add 192.168.254.1 255.255.255.0
!
end
wr

ISP1

en
conf t
!
no service password-encryption
!
hostname ISP
!
aaa new-model
!
aaa authentication ppp default local
aaa authentication login default local
aaa authorization network default local
!
no ip domain lookup
ip domain name wsr2018.ru
!
username cisco priv 1 password 0 cisco
!
ip vrf ISP1
rd 1:1
route-target export 1:1
route-target export 2:2
route-target import 1:1
route-target import 2:2
!
ip vrf ISP2
rd 2:2
route-target export 1:1
route-target export 2:2
route-target import 1:1
route-target import 2:2
!
interface Multilink1
ip vrf forwarding ISP1
ip address 100.45.5.1 255.255.255.252
peer default ip address pool PPP
ppp multilink
ppp multilink group 1
!
interface F0/0
ip vrf forwarding ISP1
no sh
ip address 100.45.10.1 255.255.255.252
desc to FW1 E0 from ISP1
no shut
!
interface F0/1
no shut
!
interface F0/1.901
encapsulation dot1Q 901
ip vrf forwarding ISP2
ip address 22.84.4.5 255.255.255.252
desc to FW1 E1 from ISP2
!
interface Serial0/1/0
desc to BR1 from ISP1
no ip address
encapsulation ppp
ppp multilink
ppp multilink group 1
clock rate 64000
no shut
!
interface Serial0/2/0
desc to BR1 from ISP1
no ip address
no shut
encapsulation ppp
ppp multilink
ppp multilink group 1
clock rate 64000
!
interface Serial0/3/0
ip vrf forwarding ISP2
desc to BR1 from ISP2
ip address 22.84.4.1 255.255.255.252
no shut
clock rate 64000
!
interface Loopback0
ip vrf forwarding ISP1
ip address 8.8.8.8 255.255.255.255
!
interface Loopback1
ip vrf forwarding ISP2
ip address 78.88.8.8 255.255.255.255
!
interface Loopback2
ip address 11.11.11.11 255.255.255.255
!
interface Loopback3
ip address 22.22.22.22 255.255.255.255
!
interface Tunnel1
bandwidth 10000000
ip vrf forwarding ISP1
ip address 100.22.5.1 255.255.255.252
no ip redirects
ip mtu 9000
tunnel source Loopback2
tunnel destination 22.22.22.22
!
interface Tunnel2
bandwidth 10000000
ip vrf forwarding ISP2
ip address 100.22.5.2 255.255.255.252
no ip redirects
ip mtu 9000
tunnel source Loopback3
tunnel destination 11.11.11.11
!
router bgp 65001
bgp router-id 8.8.8.8
bgp log-neighbor-changes
neighbor 100.22.5.1 remote-as 65001
!
address-family ipv4
no neighbor 100.22.5.1 activate
no auto-summary
exit-address-family
!
address-family ipv4 vrf ISP1
bgp router-id 8.8.8.8
redistribute static
network 8.8.8.8 mask 255.255.255.255
network 100.22.5.0 mask 255.255.255.252
network 100.45.5.0 mask 255.255.255.255
network 100.45.10.0 mask 255.255.255.252
network 14.88.22.8 mask 255.255.255.255
neighbor 100.22.5.2 remote-as 65001
neighbor 100.22.5.2 activate
neighbor 100.45.5.2 remote-as 65020
neighbor 100.45.5.2 activate
neighbor 100.45.5.2 default-originate
neighbor 100.45.10.2 remote-as 65000
neighbor 100.45.10.2 activate
neighbor 100.45.10.2 default-originate
exit-address-family
!
address-family ipv4 vrf ISP2
bgp router-id 78.88.8.8
redistribute static
network 78.88.8.8 mask 255.255.255.255
network 100.22.5.0 mask 255.255.255.252
network 22.84.4.0 mask 255.255.255.255
network 22.84.4.4 mask 255.255.255.252
neighbor 100.22.5.1 remote-as 65001
neighbor 100.22.5.1 activate
neighbor 22.84.4.2 remote-as 65020
neighbor 22.84.4.2 local-as 65002 no-prepend replace-as
neighbor 22.84.4.2 default-originate
neighbor 22.84.4.2 activate
neighbor 22.84.4.6 remote-as 65000
neighbor 22.84.4.6 default-originate
neighbor 22.84.4.6 local-as 65002 no-prepend replace-as
neighbor 22.84.4.6 activate
exit-address-family
!
!
ip local pool PPP 100.45.5.2
ip forward-protocol nd
no ip http server
no ip http secure-server
!
ip route vrf ISP1 0.0.0.0 0.0.0.0 Null0
ip route vrf ISP2 0.0.0.0 0.0.0.0 Null0
!
line con 0
line aux 0
line vty 0 4
transport input none
!
end

SW1

enable
conf t
!
enable password cisco
!
line vty 0 4
password cisco
transport input telnet
!
int vlan 1
ip add 192.168.254.10 255.255.255.0
no sh
!
end
wr

SW2

enable
conf t
!
enable password cisco
!
line vty 0 4
password cisco
transport input telnet
!
int vlan 1
ip add 192.168.254.20 255.255.255.0
no sh
!
end
wr

SW3

enable
conf t
!
enable password cisco
!
line vty 0 4
password cisco
transport input telnet
!
int vlan 1
ip add 192.168.254.30 255.255.255.0
no sh
!
end
wr

FW1 (ASA5505)

enable

conf t
!
!
int E0/4
no sh
!
int E0/5
no sh
!
int vlan 1
no sh
nameif inside
ip add 192.168.254.2 255.255.255.0
!
enable password cisco
!
username cisco password cisco
!
aaa authentication telnet console LOCAL
!
telnet 192.168.254.0 255.255.255.0 inside
!
end
wr

FW2 (ASA5506)

enable

conf t
!
!
int G1/4
no sh
bridge-group 1
!
int G1/5
no sh
bridge-group 1
!
interface BVI 1
nameif inside
ip add 192.168.254.2 255.255.255.0
!
enable password cisco
!
username cisco password cisco
!
aaa authentication telnet console LOCAL
!
telnet 192.168.254.0 255.255.255.0 inside
!
end
wr

Яндекс.Метрика