Escenario final de prácticas CCNA 4
(Exploration 4)
Fecha: 21 de noviembre del 2013
Instructor: Ernesto Vilarrasa
Escenario
Este escenario está disponible en ftp.vilarrasa.com.ar ,user y pass: ccna ,
como archivos Escenario IPv6.pkt y Escenario IPv6 resuelto.pkt
Es un escenario de IPv6, donde se combina EIGRP v6 con redistribución de rutas estáticas, OSPFv3 multiárea, utilización de
ruta por defecto, rutas estáticas sumarizadas, VLANs, router on-a-stick con subinterfaces en IPv6, y listas de acceso IPv6.
En Rosario está armado de la
siguiente manera: 2340:1111:2222: vlan o subred ::
ip del host
Obviamente Packet Tracer no lo soportó y se rompió (ver al final).
Objetivos
Del trabajo
1.- Asegurar conectividad de extremo a extremo
2.- Red invitados sale a internet, pero no puede acceder a las otras subredes internas.
Del grupo
1.- Cada alumno debía configurar el escenario siguiendo las directivas propuestas, realizar la resolución de problemas, que
generalmente fue por problemas de mal ingreso de direcciones IPv6.
2.- Los alumnos colaboraron entre ellos para salir adelante con los problemas de inestabilidad de PT, se proprcionaban copias
del escenario si este colapsaba antes de guardarse.
3.- Los alumnos colaboraron entre ellos con la problemática del IPv6 mismo, los comandos no representaron dificultad.
Verificación de las rutas IPv6:
Rosario#sh ipv6 route
IPv6 Routing Table - 16 entries
Codes: C - Connected, L - Local, S - Static, R - RIP, B - BGP
U - Per-user Static route, M - MIPv6
I1 - ISIS L1, I2 - ISIS L2, IA - ISIS interarea, IS - ISIS summary
O - OSPF intra, OI - OSPF inter, OE1 - OSPF ext 1, OE2 - OSPF ext 2
ON1 - OSPF NSSA ext 1, ON2 - OSPF NSSA ext 2
D - EIGRP, EX - EIGRP external
S ::/0 [1/0] (ruta por defecto)
via 2340:1111:2222:1::1
C 2340:1111:2222:1::/64 [0/0]
via ::, Serial0/0/0
L 2340:1111:2222:1::2/128 [0/0]
via ::, Serial0/0/0
C 2340:1111:2222:10::/64 [0/0]
via ::, FastEthernet0/0.10
L 2340:1111:2222:10::1/128 [0/0]
via ::, FastEthernet0/0.10
OI 2340:1111:2222:20::/64 [110/65] (area 2)
via FE80::201:97FF:FE4C:B297, FastEthernet0/0.10
OI 2340:1111:2222:21::/64 [110/66] (area 2)
via FE80::201:97FF:FE4C:B297, FastEthernet0/0.10
OI 2340:1111:2222:30::/64 [110/65] (area 3)
via FE80::201:97FF:FE4C:B297, FastEthernet0/0.10
OI 2340:1111:2222:31::/64 [110/66] (area 3)
via FE80::201:97FF:FE4C:B297, FastEthernet0/0.10
C 2340:1111:2222:100::/64 [0/0]
via ::, FastEthernet0/0.100
L 2340:1111:2222:100::1/128 [0/0]
via ::, FastEthernet0/0.100
C 2340:1111:2222:200::/64 [0/0]
via ::, FastEthernet0/0.200
L 2340:1111:2222:200::1/128 [0/0]
via ::, FastEthernet0/0.200
C 2340:1111:2222:300::/64 [0/0]
via ::, FastEthernet0/0.300
L 2340:1111:2222:300::1/128 [0/0]
via ::, FastEthernet0/0.300
L FF00::/8 [0/0]
via ::, Null0
Rosario#
Sucursales#sh ipv6 route
IPv6 Routing Table - 12 entries
Codes: C - Connected, L - Local, S - Static, R - RIP, B - BGP
U - Per-user Static route, M - MIPv6
I1 - ISIS L1, I2 - ISIS L2, IA - ISIS interarea, IS - ISIS summary
O - OSPF intra, OI - OSPF inter, OE1 - OSPF ext 1, OE2 - OSPF ext 2
ON1 - OSPF NSSA ext 1, ON2 - OSPF NSSA ext 2
D - EIGRP, EX - EIGRP external
C 2340:1111:2222:10::/64 [0/0]
via ::, FastEthernet0/0
L 2340:1111:2222:10::2/128 [0/0]
via ::, FastEthernet0/0
C 2340:1111:2222:20::/64 [0/0]
via ::, Serial0/0/0
L 2340:1111:2222:20::1/128 [0/0]
via ::, Serial0/0/0
O 2340:1111:2222:21::/64 [110/65]
via FE80::201:C9FF:FE62:CA68, Serial0/0/0
C 2340:1111:2222:30::/64 [0/0]
via ::, Serial0/0/1
L 2340:1111:2222:30::1/128 [0/0]
via ::, Serial0/0/1
O 2340:1111:2222:31::/64 [110/65]
via FE80::290:2BFF:FE87:B701, Serial0/0/1
O 2340:1111:2222:100::/64 [110/2]
via FE80::204:9AFF:FEC1:4B33
O 2340:1111:2222:200::/64 [110/2]
via FE80::204:9AFF:FEC1:4B33
O 2340:1111:2222:300::/64 [110/2]
via FE80::204:9AFF:FEC1:4B33
L FF00::/8 [0/0]
via ::, Null0
Sucursales#
La ruta por defecto no se redistribuyó por una limitación del Packet Tracer
(al menos no existe el comando default information-originate)
Rosario#conf t
Enter configuration commands, one per line. End with CNTL/Z.
Rosario(config)#ipv6 router ospf 1
Rosario(config-rtr)#?
area OSPF area parameters
distance Administrative distance
exit Exit from routing protocol configuration mode
log-adjacency-changes Log changes in adjacency state
no Negate a command or set its defaults
passive-interface Suppress routing updates on an interface
redistribute Redistribute information from another routing protocol
router-id router-id for this OSPF process
Rosario(config-rtr)#redistribute static (plan “B”)
% Only classful networks will be redistributed (….?)
Rosario(config-rtr)#
Tucuman#sh ipv6 route
IPv6 Routing Table - 11 entries
Codes: C - Connected, L - Local, S - Static, R - RIP, B - BGP
U - Per-user Static route, M - MIPv6
I1 - ISIS L1, I2 - ISIS L2, IA - ISIS interarea, IS - ISIS summary
O - OSPF intra, OI - OSPF inter, OE1 - OSPF ext 1, OE2 - OSPF ext 2
ON1 - OSPF NSSA ext 1, ON2 - OSPF NSSA ext 2
D - EIGRP, EX - EIGRP external
OI 2340:1111:2222:10::/64 [110/65] (area 0)
via FE80::2E0:A3FF:FE85:A06D, Serial0/0/0
C 2340:1111:2222:20::/64 [0/0]
via ::, Serial0/0/0
L 2340:1111:2222:20::2/128 [0/0]
via ::, Serial0/0/0
C 2340:1111:2222:21::/64 [0/0]
via ::, FastEthernet0/0
L 2340:1111:2222:21::1/128 [0/0]
via ::, FastEthernet0/0
OI 2340:1111:2222:30::/64 [110/128] (area 3)
via FE80::2E0:A3FF:FE85:A06D, Serial0/0/0
OI 2340:1111:2222:31::/64 [110/129] (area 3)
via FE80::2E0:A3FF:FE85:A06D, Serial0/0/0
OI 2340:1111:2222:100::/64 [110/66] (area 0)
via FE80::2E0:A3FF:FE85:A06D, Serial0/0/0
OI 2340:1111:2222:200::/64 [110/66] (area 0)
via FE80::2E0:A3FF:FE85:A06D, Serial0/0/0
OI 2340:1111:2222:300::/64 [110/66] (area 0)
via FE80::2E0:A3FF:FE85:A06D, Serial0/0/0
L FF00::/8 [0/0]
via ::, Null0
Tucuman#
Cordoba#sh ipv6 route
IPv6 Routing Table - 11 entries
Codes: C - Connected, L - Local, S - Static, R - RIP, B - BGP
U - Per-user Static route, M - MIPv6
I1 - ISIS L1, I2 - ISIS L2, IA - ISIS interarea, IS - ISIS summary
O - OSPF intra, OI - OSPF inter, OE1 - OSPF ext 1, OE2 - OSPF ext 2
ON1 - OSPF NSSA ext 1, ON2 - OSPF NSSA ext 2
D - EIGRP, EX - EIGRP external
OI 2340:1111:2222:10::/64 [110/65] (area 0)
via FE80::2E0:F7FF:FE6A:90D5, Serial0/0/0
OI 2340:1111:2222:20::/64 [110/128] (area 2)
via FE80::2E0:F7FF:FE6A:90D5, Serial0/0/0
OI 2340:1111:2222:21::/64 [110/129] (area 2)
via FE80::2E0:F7FF:FE6A:90D5, Serial0/0/0
C 2340:1111:2222:30::/64 [0/0]
via ::, Serial0/0/0
L 2340:1111:2222:30::2/128 [0/0]
via ::, Serial0/0/0
C 2340:1111:2222:31::/64 [0/0]
via ::, FastEthernet0/0
L 2340:1111:2222:31::1/128 [0/0]
via ::, FastEthernet0/0
OI 2340:1111:2222:100::/64 [110/66] (area 0)
via FE80::2E0:F7FF:FE6A:90D5, Serial0/0/0
OI 2340:1111:2222:200::/64 [110/66] (area 0)
via FE80::2E0:F7FF:FE6A:90D5, Serial0/0/0
OI 2340:1111:2222:300::/64 [110/66] (area 0)
via FE80::2E0:F7FF:FE6A:90D5, Serial0/0/0
L FF00::/8 [0/0]
via ::, Null0
Cordoba#
Borde#sh ipv6 route
IPv6 Routing Table - 8 entries
Codes: C - Connected, L - Local, S - Static, R - RIP, B - BGP
U - Per-user Static route, M - MIPv6
I1 - ISIS L1, I2 - ISIS L2, IA - ISIS interarea, IS - ISIS summary
O - OSPF intra, OI - OSPF inter, OE1 - OSPF ext 1, OE2 - OSPF ext 2
ON1 - OSPF NSSA ext 1, ON2 - OSPF NSSA ext 2
D - EIGRP, EX - EIGRP external
D 200A:9876:1234:ABCD::/64 [90/2172416]
via FE80::202:17FF:FE72:A10E, Serial0/0/0
C 2222:3333:4444:5555:ABCD::/126 [0/0]
via ::, Serial0/0/0
L 2222:3333:4444:5555:ABCD::1/128 [0/0]
via ::, Serial0/0/0
S 2340:1111:2222::/48 [1/0] (ruta sumarizada)
via 2340:1111:2222:1::2
C 2340:1111:2222:1::/64 [0/0]
via ::, Serial0/0/1
L 2340:1111:2222:1::1/128 [0/0]
via ::, Serial0/0/1
D 2ABC:DEF0:1234:5678::/64 [90/2172416]
via FE80::202:17FF:FE72:A10E, Serial0/0/0
L FF00::/8 [0/0]
via ::, Null0
Borde#
Internet#sh ipv6 route
IPv6 Routing Table - 8 entries
Codes: C - Connected, L - Local, S - Static, R - RIP, B - BGP
U - Per-user Static route, M - MIPv6
I1 - ISIS L1, I2 - ISIS L2, IA - ISIS interarea, IS - ISIS summary
O - OSPF intra, OI - OSPF inter, OE1 - OSPF ext 1, OE2 - OSPF ext 2
ON1 - OSPF NSSA ext 1, ON2 - OSPF NSSA ext 2
D - EIGRP, EX - EIGRP external
C 200A:9876:1234:ABCD::/64 [0/0]
via ::, FastEthernet0/1
L 200A:9876:1234:ABCD::1/128 [0/0]
via ::, FastEthernet0/1
C 2222:3333:4444:5555:ABCD::/126 [0/0]
via ::, Serial0/0/0
L 2222:3333:4444:5555:ABCD::2/128 [0/0]
via ::, Serial0/0/0
EX 2340:1111:2222::/48 [170/7289856] (ruta sumarizada redistribuída, ver la AD de 170)
via FE80::290:CFF:FED7:9429, Serial0/0/0
C 2ABC:DEF0:1234:5678::/64 [0/0]
via ::, FastEthernet0/0
L 2ABC:DEF0:1234:5678::1/128 [0/0]
via ::, FastEthernet0/0
L FF00::/8 [0/0]
via ::, Null0
Internet#
Pruebas
Prueba de conectividad de extremo a extremo:
PC>tracert
200A:9876:1234:ABCD:20D:BDFF:FE86:C2B0
Tracing route to 200A:9876:1234:ABCD:20D:BDFF:FE86:C2B0 over a maximum of 30 hops:
1 15 ms 0 ms 16 ms
2340:1111:2222:300::1
2 1 ms 1 ms 16 ms 2340:1111:2222:1::1 (utilizó la rura por defecto y la ruta
sumarizada para el retorno)
3 31 ms 1 ms 16 ms
2222:3333:4444:5555:ABCD::2 (utilizó EIGRP y la ruta sumarizada para el
retorno)
4 31 ms 15 ms 31 ms 200A:9876:1234:ABCD:20D:BDFF:FE86:C2B0 (utilizó todo el
enrutamiento anterior)
Trace complete.
PC>
Prueba
de la ACL IPv6:
Consigna
(incluída en el layout del ejercicio)
“Invitados tiene
permitido internet, pero no debe acceder a las otras redes internas.”
PC>ping 2340:1111:2222:200::10 (no se debería alcanzar ninguna subred)
Pinging 2340:1111:2222:200::10
with 32 bytes of data:
Reply from 2340:1111:2222:300::1:
Destination host unreachable.
Reply from 2340:1111:2222:300::1:
Destination host unreachable.
Reply from 2340:1111:2222:300::1:
Destination host unreachable.
Reply from 2340:1111:2222:300::1:
Destination host unreachable.
Ping statistics for
2340:1111:2222:200::10:
Packets: Sent = 4, Received = 0, Lost
= 4 (100% loss)
PC>
Rosario#sh access-lists
IPv6 access list invitados
deny
ipv6 any 2340:1111:2222::/48 (4
match(es))(el any está a modo
de anti-spoofing)
permit
ipv6 2340:1111:2222:300::/64 any (18
match(es))
Rosario#
Configuraciones:
Rosario#sh runn
Building configuration...
Current configuration : 1624 bytes
!
version 12.4
no service timestamps log datetime msec
no service timestamps debug datetime
msec
no service password-encryption
!
hostname Rosario
!
enable secret 5
$1$mERr$9cTjUIEqNGurQiFU.ZeCi1
!
ipv6
unicast-routing
!
ipv6 host server
2340:1111:2222:10:290:21FF:FE26:E65B (para verificar con ping server)
!
spanning-tree mode pvst
!
interface FastEthernet0/0
no
ip address
duplex
auto
speed
auto
!
interface FastEthernet0/0.10
encapsulation
dot1Q 10
no
ip address
ipv6 address 2340:1111:2222:10::1/64
ipv6 ospf 1 area 0
!
interface FastEthernet0/0.100
encapsulation
dot1Q 100
no
ip address
ipv6 address 2340:1111:2222:100::1/64
ipv6 ospf 1 area 0
!
interface FastEthernet0/0.200
encapsulation
dot1Q 200
no
ip address
ipv6 address 2340:1111:2222:200::1/64
ipv6 ospf 1 area 0
!
interface FastEthernet0/0.300
encapsulation
dot1Q 300
no
ip address
ipv6 traffic-filter
invitados in (en IPv4 es ip access-group)
ipv6 address 2340:1111:2222:300::1/64
ipv6 ospf 1 area 0
!
interface FastEthernet0/1
no
ip address
duplex
auto
speed
auto
shutdown
!
interface Serial0/0/0
description
WAN to Borde
no
ip address
ipv6 address 2340:1111:2222:1::2/64 (no
lleva OSPF sino la default route)
!
interface Serial0/0/1
no
ip address
shutdown
!
interface Vlan1
no
ip address
shutdown
!
ipv6 router ospf 1
router-id 4.4.4.4
log-adjacency-changes
redistribute static
metric 0
!
ip classless
!
ipv6 route ::/0
2340:1111:2222:1::1
!
ipv6 access-list invitados
deny ipv6 any
2340:1111:2222::/48
permit ipv6
2340:1111:2222:300::/64 any
!
line con 0
password
cisco
login
!
line aux 0
!
line vty 0 4
password
cisco
login
!
end
Rosario#
Sucursales#sh runn
Building configuration...
Current configuration : 978 bytes
!
version 12.4
no service timestamps log datetime msec
no service timestamps debug datetime
msec
no service password-encryption
!
hostname Sucursales
!
enable secret 5
$1$mERr$9cTjUIEqNGurQiFU.ZeCi1
!
ipv6
unicast-routing
!
spanning-tree mode pvst
!
interface FastEthernet0/0
no
ip address
duplex
auto
speed
auto
ipv6 address 2340:1111:2222:10::2/64
ipv6 ospf 1 area 0
!
interface FastEthernet0/1
no
ip address
duplex
auto
speed
auto
shutdown
!
interface Serial0/0/0
description
WAN to Tucuman
no
ip address
ipv6 address 2340:1111:2222:20::1/64
ipv6 ospf 1 area 2
!
interface Serial0/0/1
description
WAN to Cordoba
no
ip address
ipv6 address 2340:1111:2222:30::1/64
ipv6 ospf 1 area 3
!
interface Vlan1
no
ip address
shutdown
!
ipv6 router ospf 1
router-id 1.1.1.1
log-adjacency-changes
!
ip classless
!
no cdp run
!
line con 0
password
cisco
login
!
line aux 0
!
line vty 0 4
password
cisco
login
!
!
!
end
Sucursales#
Tucuman#sh runn
Building configuration...
Current configuration : 871 bytes
!
version 12.4
no service timestamps log datetime msec
no service timestamps debug datetime
msec
no service password-encryption
!
hostname Tucuman
!
enable secret 5
$1$mERr$9cTjUIEqNGurQiFU.ZeCi1
!
ipv6
unicast-routing
!
spanning-tree mode pvst
!
interface FastEthernet0/0
no
ip address
duplex
auto
speed
auto
ipv6 address 2340:1111:2222:21::1/64
ipv6 ospf 1 area 2
!
interface FastEthernet0/1
no
ip address
duplex
auto
speed
auto
shutdown
!
interface Serial0/0/0
no
ip address
ipv6 address 2340:1111:2222:20::2/64
ipv6 ospf 1 area 2
!
interface Serial0/0/1
no
ip address
shutdown
!
interface Vlan1
no
ip address
shutdown
!
ipv6 router ospf 1
router-id 2.2.2.2
log-adjacency-changes
!
ip classless
!
no cdp run
!
line con 0
password
cisco
login
!
line aux 0
!
line vty 0 4
password
cisco
login
!
!
!
end
Tucuman#
Cordoba#sh runn
Building configuration...
Current configuration : 871 bytes
!
version 12.4
no service timestamps log datetime msec
no service timestamps debug datetime
msec
no service password-encryption
!
hostname Cordoba
!
enable secret 5
$1$mERr$9cTjUIEqNGurQiFU.ZeCi1
!
ipv6
unicast-routing
!
spanning-tree mode pvst
!
interface FastEthernet0/0
no
ip address
duplex
auto
speed
auto
ipv6 address 2340:1111:2222:31::1/64
ipv6 ospf 1 area 3
!
interface FastEthernet0/1
no
ip address
duplex
auto
speed
auto
shutdown
!
interface Serial0/0/0
no
ip address
ipv6 address 2340:1111:2222:30::2/64
ipv6 ospf 1 area 3
!
interface Serial0/0/1
no
ip address
shutdown
!
interface Vlan1
no
ip address
shutdown
!
ipv6 router ospf 1
router-id 3.3.3.3
log-adjacency-changes
!
ip classless
!
no cdp run
!
line con 0
password
cisco
login
!
line aux 0
!
line vty 0 4
password
cisco
login
!
end
Cordoba#
Borde#sh runn
Building configuration...
Current configuration : 962 bytes
!
version 12.4
no service timestamps log datetime msec
no service timestamps debug datetime
msec
no service password-encryption
!
hostname Borde
!
enable secret 5
$1$mERr$9cTjUIEqNGurQiFU.ZeCi1
!
ipv6
unicast-routing
!
spanning-tree mode pvst
!
interface FastEthernet0/0
no
ip address
duplex
auto
speed
auto
shutdown
!
interface FastEthernet0/1
no
ip address
duplex
auto
speed
auto
shutdown
!
interface Serial0/0/0
description
WAN to Internet
no
ip address
ipv6 address 2222:3333:4444:5555:ABCD::1/126
ipv6 eigrp 100
!
interface Serial0/0/1
description
WAN to Rosario
no
ip address
ipv6 address 2340:1111:2222:1::1/64 (utiliza
ruta sumarizada a Rosario)
!
interface Vlan1
no
ip address
shutdown
!
ipv6 router eigrp 100
router-id 6.6.6.6
no shutdown
redistribute static
!
ip classless
!
ipv6 route 2340:1111:2222::/48 2340:1111:2222:1::2
!
!
line con 0
password
cisco
login
!
line aux 0
!
line vty 0 4
password
cisco
login
!
end
Borde#
Internet#sh runn
Building configuration...
Current configuration : 891 bytes
!
version 12.4
no service timestamps log datetime msec
no service timestamps debug datetime
msec
no service password-encryption
!
hostname Internet
!
enable secret 5
$1$mERr$9cTjUIEqNGurQiFU.ZeCi1
!
ipv6
unicast-routing
!
spanning-tree mode pvst
!
interface FastEthernet0/0
no
ip address
duplex
auto
speed
auto
ipv6 address 2ABC:DEF0:1234:5678::1/64
ipv6 eigrp 100
!
interface FastEthernet0/1
no
ip address
duplex
auto
speed
auto
ipv6 address 200A:9876:1234:ABCD::1/64
ipv6 eigrp 100
!
interface Serial0/0/0
no
ip address
ipv6 address 2222:3333:4444:5555:ABCD::2/126
ipv6 eigrp 100
!
interface Serial0/0/1
no
ip address
!
interface Vlan1
no
ip address
shutdown
!
ipv6 router eigrp 100
router-id 7.7.7.7
no shutdown
!
ip classless
!
line con 0
password
cisco
login
!
line aux 0
!
line vty 0 4
password
cisco
login
!
end
Internet#
Packet
Tracer se rompe al atravezar el router multiárea:
(2013) Networking for lonely peoples
Rosario, Argentina