Sei sulla pagina 1di 32

Static Route Configuration

2

Basic Configuration Of RIPV1

3

RIPV2 Basic Configuration

3

RIP Extended Lab

4

RIP Equal Cost Load Balancing

6

EIGRP Basic Configuration Lab

7

EIGRP MD5 Authentication Configuration Lab

8

OSPF Basic Configurationand DR BDR Selection Lab

9

OSPF extend configuration lab

10

Route Redistribution Configuration Lab

12

Switch Basic Configuration And Port Security

13

Switch Vlan Configuration Lab

14

Switch Vlan Trunk Configuration Lab

15

Switch VTP Configuration Lab

16

Switch STP Basic Configuration Lab

17

Routing Between Vlans - Router On A Stick

18

Frame-Relay Basic Configuration Lab

19

Static Frame-Relay Map Configuration Lab

21

Distance Vector Routing Protocol in Frame-Relay Network Lab

22

Frame-Relay Point to Point Sub-interface Configuration Lab

24

Frame-Relay Multi-Point Sub-interface Configuration Lab

25

PPP PAP Authentication Basic Lab Configuration

26

PPP CHAP Authentication Basic Lab Configuration

27

Static Nat And Dynamic Nat Basic Configuration Lab

27

Basic Standard ACL Configuration Lab

28

Basic Extended ACL Configuration Lab

29

Named Extended ACL Configuration Lab

30

ACL Working on VTY Line Configuration Lab

31

IPV6 Basic Configuration Lab

31

Static Route Configuration

Topology

www.ccieuniversity.com Static Route Configuration Topology Lab Purpose: Master static route and default route

Lab Purpose: Master static route and default route configuration Lab Requirement 1: The whole network should be reachable R1 use egress static route configuration R2 use next hop interface static route configuration R2 should perform load balance to network 10.1.1.128/30 R2 should perform load balance to network 10.1.1.128/30 R3 use next hop + egress interface static route configuration R4 use default route to access other network Lab Steps:

Step 1 Finish the basic IP configuration according to the diagram, and test connectivity. Step 2 Config static route on the 4 routers. R1(config)#ip route 10.1.1.64 255.255.255.252 s0 R1(config)#ip route 10.1.1.128 255.255.255.252 s0 R2(config)#ip route 10.1.1.128 255.255.255.252 10.1.1.66 R2(config)#ip route 10.1.1.128 255.255.255.252 192.168.1.2 Tips: If you want to enable packet based load balance, You need to disable Cisco CEF first. R2(config)#no ip cef R2(config)#int s1 R2(config-if)#no ip route-cache R2(config)#int e0 R2(config-if)#no ip route-cache R3(config)#ip route 10.1.1.0 255.255.255.252 s1 10.1.1.65 R4(config)#ip route 0.0.0.0 0.0.0.0 10.1.1.129

Lab Requirement 2: Change load balance to floating static route on R2, packets should prefer ethernet to serial line, when ethernet is down, route should switch to serial line automatically. Lab Steps: Change the Administrative Distance of static route to enable the function of floating static route. R2(config)#no ip route 10.1.1.128 255.255.255.252 10.1.1.66 R2(config)#ip route 10.1.1.128 255.255.255.252 10.1.1.66 2

Before we shutdown E0 interface on R2, ethernet is preferred. S 10.1.1.128 [1/0] via 192.168.1.2

After we shutdown E0 interface on R2, the route switch to use serial line. S 10.1.1.128 [2/0] via 10.1.1.66

Basic Configuration Of RIPV1

Topology

www.ccieuniversity.com Basic Configuration Of RIPV1 Topology Lab Purpose: Master RIPV1 basic configuration Lab

Lab Purpose: Master RIPV1 basic configuration Lab Requirement: The whole network should be reachable by ripv1 Lab Steps:

Step 1: Finish the basic IP configuration according to the diagram, and test connectivity. Step 2: Config RIPV1 on the 3 routers. R1(config)#router rip //enable rip R1(config-router)#version 1 //assign rip version 1 R1(config-router)#network 172.16.0.0 //RIP's main network announce R1(config-router)#network 10.0.0.0 R2(config)#router rip R2(config-router)#version 1 R2(config-router)#network 10.0.0.0 R3(config)#router rip R3(config-router)#version 1 R3(config-router)#network 172.16.0.0 R3(config-router)#network 10.0.0.0

Tips:RIPV1 is based on UDP port 520 and using broadcast to send period update. Timer: Sending updates every 30 seconds, next due in 27 seconds Invalid after 180 seconds, hold down 180, flushed after 240 Version: Default version control: send version 1, receive version 1 Route summary: Automatic network summarization is in effect Load balance: Maximum path: 4 Administrative Distance: (default is 120)

RIPV2 Basic Configuration

Topology

www.ccieuniversity.com RIPV2 Basic Configuration Topology Lab Purpose: Master RIPV2 basic configuration, watch the

Lab Purpose: Master RIPV2 basic configuration, watch the auto summarization of RIPV2, master how to change RIP timer. Lab Requirement: The whole network should be reachable by ripv2

Lab Steps:

Step 1: Finish the basic IP configuration according to the diagram, and test connectivity. Step 2: Config RIPV2 on the 3 routers. R1(config)#router rip R1(config-router)#version 2 R1(config-router)#network 172.16.0.0 R1(config-router)# network 10.0.0.0 R2(config)#router rip R2(config-router)#version 2 R2(config-router)# network 10.0.0.0 R3(config)#router rip R3(config-router)#version 2 R3(config-router)# network 172.16.0.0 R3(config-router)# network 10.0.0.0 Step 3: Use show ip route to check whether there is auto summarize Step 4: Disable auto summarize to see the changes R1(config)#router rip R1(config-router)#version 2 R1(config-router)#no auto-summary R2(config)#router rip R2(config-router)#version 2 R2(config-router)#no auto-summary R3(config)#router rip R3(config-router)#version 2 R3(config-router)#no auto-summary Step 5: change the 4 timers on R1 R1(config)#router rip R1(config-router)#version 2 R1(config-router)#timers basic 20 120 120 160 The above 4 value are update, Invalid, hold down, flushed Tips:RIPV2 is based on UDP port 520 and using multicast to send triggered update.

RIP Extended Lab

Topology

www.ccieuniversity.com Lab Purpose:Master RIPV2 manual summarize configuration Master RIPV2 passive interface and unicast

Lab Purpose:Master RIPV2 manual summarize configuration Master RIPV2 passive interface and unicast update configuration Master RIPV2 authentication configuration

Lab Requirement:

Only R1 can learn routes from R3, R2 can't learn routes from R3R2 can only use default route to reach other network. Enable RIP MD5 authentication between R3 and R4. Manually summary network from 172.16.1.0 to 172.16.3.0 on R4. Disable split horizon on R4. The Whole network should be reachable.

Lab Steps:

Step 1: Finish the basic IP configuration according to the diagram, and test connectivity.

Step 2: Enable RIP on R1 R3 R4. R1(config)#router rip R1(config-router)#version 2 R1(config-router)#no auto-summary R1(config-router)#network 1.0.0.0 R1(config-router)# network 192.168.1.0 R3(config)#router rip R3(config-router)#version 2 R3(config-router)#no auto-summary R3(config-router)# network 192.168.1.0 R3(config-router)# network 10.0.0.0 R4(config)#router rip R4(config-router)#version 2 R4(config-router)#no auto-summary R4(config-router)# network 172.16.0.0 R4(config-router)# network 10.0.0.0

Step 3: config default route on R2. R2(config)#ip route 0.0.0.0 0.0.0.0 192.168.1.3

Step 4: Config passive interface and unicast update, so R2 can not learn route from R3. R3(config)#router rip R3(config-router)#passive-interface E0 R3(config-router)#neighbor 192.168.1.1 Tips: You could use debug ip rip to observe the unicast update.

Step 5: enable RIP MD5 authentication between R3 and R4. R3(config)#key chain www.ccieuniversity.com R3(config-keychain)#key 1 R3(config-keychain-key)#key-string cisco

R3(config-keychain-key)#exit

R3(config-keychain)#exit

R4(config)#key chain www.ccieuniversity.com R4(config-keychain)#key 1 R4(config-keychain-key)#key-string cisco

R4(config-keychain-key)#exit

R4(config-keychain)#exit

Enable rip md5 authentication on interfaceR3(config)#interface s0 R3(config-if)#ip rip authentication mode md5 R3(config-if)#ip rip authentication key-chain www.ccieuniversity.com R4(config)#interface s0 R4(config-if)#ip rip authentication mode md5 R4(config-if)#ip rip authentication key-chain www.ccieuniversity.com Step 6:config route summarize on R4. R4(config)#interface s0 R4(config-if)#ip summary-address rip 172.16.0.0 255.255.252.0

Step 7: disable split horizon on R4 s0, and use debug ip rip to check it. R4(config)#interface s0 R4(config-if)#no ip split-horizon

R4(config-if)#end

RIP Equal Cost Load Balancing

Topology

RIP Equal Cost Load Balancing Topology Lab Purpose: Master RIP Equal Cost Load Balancing

Lab Purpose: Master RIP Equal Cost Load Balancing configuration, learn how to modify load balancing path.

Lab Requirement: Based on connectivity RIP should do load balancing.

Lab Steps:

Step 1: Finish the basic IP configuration according to the diagram, and test connectivity. Step 2: Enable RIP on 3 routers R1(config)#router rip R1(config-router)#version 2 R1(config-router)#no auto-summary R1(config-router)#network 13.0.0.0 R1(config-router)#network 12.0.0.0

R2(config)#router rip R2(config-router)#version 2 R2(config-router)#no auto-summary R2(config-router)# network 23.0.0.0 R2(config-router)# network 12.0.0.0 R2(config-router)# network 2.2.2.0 R3(config)#router rip R3(config-router)#version 2 R3(config-router)#no auto-summary R3(config-router)# network 13.0.0.0 R3(config-router)# network 23.0.0.0 Step 3: Check route table of R2 to see whether there are 2 routes for network 13.0.0.0 Step 4: If you want to enable packet based load balance, You need to disable Cisco CEF first. R2(config)#interface s1 R2(config-if)#no ip cef R2(config-if)#no ip route-cache R2(config)#interface s0 R2(config-if)#no ip cef R2(config-if)#no ip route-cache Step 5: "ping 13.0.0.1 source 2.2.2.2" and "debug ip packet" to check RIP Equal Cost Load Balancing feature.

Step 6: Change the maximum load balancing number of RIP to 6 Use show ip protocols we can see Maximum path: 4 Change the number to 6R2(config)#router rip R2(config-router)#maximum-paths 6 Tips: Before IOS 12.3 the maximum number is 6, after 12.3 it could be up to 16.

EIGRP Basic Configuration Lab

Topology

EIGRP Basic Configuration Lab Topology Lab Purpose: Master EIGRP basic configuration Observe EIGRP

Lab Purpose:

Master EIGRP basic configuration Observe EIGRP auto summary

Lab Steps:

Step 1: Finish the basic IP configuration according to the diagram, and test connectivity. Step 2: Enable EIGRP on the 3 routers R1(config)#router eigrp 100 //EIGRP Autonomous System R1(config-router)#network 172.16.1.0 0.0.0.255 R1(config-router)#network 10.1.1.0 0.0.0.3

R2(config)#router eigrp 100 R2(config-router)#network 10.1.1.64 0.0.0.3 R2(config-router)#network 10.1.1.0 0.0.0.3 R3(config)#router eigrp 100 R3(config-router)#network 172.16.1.0 0.0.0.255 R3(config-router)#network 10.1.1.64 0.0.0.3 Step 3:Use "show ip route" to observe the auto summary feature Step 4:Disable auto summary then "show ip route" again R1(config)#router eigrp 100 R1(config-router)#no auto-summary R2(config)#router eigrp 100 R2(config-router)#no auto-summary R3(config)#router eigrp 100 R3(config-router)#no auto-summary

EIGRP MD5 Authentication Configuration Lab

Topology

EIGRP MD5 Authentication Configuration Lab Topology Lab Purpose: Master EIGRP basic configuration Master EIGRP

Lab Purpose:

Master EIGRP basic configuration Master EIGRP MD5 Authentication Configuration

Lab Steps:

Step 1: Finish the basic IP configuration according to the diagram, and test connectivity. Step 2: Enable EIGRP on the 3 routers R1(config)#router eigrp 100 //EIGRP Autonomous System R1(config-router)#network 172.16.1.0 0.0.0.255 R1(config-router)#network 10.1.1.0 0.0.0.3 R2(config)#router eigrp 100 R2(config-router)#network 10.1.1.64 0.0.0.3 R2(config-router)#network 10.1.1.0 0.0.0.3 R3(config)#router eigrp 100 R3(config-router)#network 172.16.1.0 0.0.0.255 R3(config-router)#network 10.1.1.64 0.0.0.3

Step 3:Use "show ip route" to observe the auto summary feature

Step 4:enable MD5 authentication on 3 routers R1(config)#key chain www.ccieuniversity.com R1(config-keychain)#key 1 R1(config-keychain-key)#key-string cisco R1(config)#interface s0 R1(config-if)#ip authentication mode eigrp 100 md5 R1(config-if)#ip authentication key-chain eigrp 100 www.ccieuniversity.com

R2(config)#key chain www.ccieuniversity.com R2(config-keychain)#key 1 R2(config-keychain-key)#key-string cisco

R2(config)#interface s0 R2(config-if)#ip authentication mode eigrp 100 md5 R2(config-if)#ip authentication key-chain eigrp 100 www.ccieuniversity.com R2(config)#interface s1 R2(config-if)#ip authentication mode eigrp 100 md5 R2(config-if)#ip authentication key-chain eigrp 100 www.ccieuniversity.com

R3(config)#key chain www.ccieuniversity.com R3(config-keychain)#key 1 R3(config-keychain-key)#key-string cisco R3(config)#interface s0 R3(config-if)#ip authentication mode eigrp 100 md5 R3(config-if)#ip authentication key-chain eigrp 100 www.ccieuniversity.com R3(config)#interface s1 R3(config-if)#ip authentication mode eigrp 100 md5 R3(config-if)#ip authentication key-chain eigrp 100 www.ccieuniversity.com

OSPF Basic Configurationand DR BDR Selection Lab

Topology

OSPF Basic Configurationand DR BDR Selection Lab Topology Lab Purpose: Master OSPF basic configuration. Master

Lab Purpose: Master OSPF basic configuration. Master manually assign RID(Router ID). Master how to modify ospf interface priority. Observe DR BDR selection process. Lab Requirement: R3 would be the DR,R2 would be BDR, R4 will not participate in the selection.

Lab Steps:

Step 1: Finish the basic IP configuration according to the diagram, and test connectivity.

Step 2: Enable ospf on the 3 Routers

R1(config)#interface lo0 R1(config-if)#ip address 1.1.1.1 255.255.255.0 R1(config)#router ospf 100 R1(config-router)#router-id 1.1.1.1 R1(config-router)#network 10.1.1.0 0.0.0.3 area 1 R2(config)#interface lo0 R2(config-if)#ip address 2.2.2.2 255.255.255.0 R2(config)#router ospf 100 R2(config-router)#router-id 2.2.2.2 R2(config-router)#network 10.1.1.0 0.0.0.3 area 1 R2(config-router)#network 10.2.2.0 0.0.0.255 area 0 R3(config)#interface lo0 R3(config-if)#ip address 3.3.3.3 255.255.255.0 R3(config)#router ospf 100 R3(config-router)#router-id 3.3.3.3 R3(config-router)#network 10.2.2.0 0.0.0.255 area 0 R4(config)#interface lo0 R4(config-if)#ip address 4.4.4.4 255.255.255.0 R4(config)#router ospf 100 R4(config-router)#router-id 4.4.4.4 R4(config-router)#network 10.1.1.64 0.0.0.3 area 2 R4(config-router)#network 10.2.2.0 0.0.0.255 area 0

Step 3: Use "show ip ospf neighbors" to see the DR BDR selection result.

Step 4: Modify R4 E0 interface priority to 0 then it will not participate in the DR BDR selection. R4(config)#int E0 R4(config-if)#ip ospf priority 0 Tips: The default ospf interface priority is 1, so R2 and R3 should compare RID to decide who will be DR, as 3.3.3.3 is greater than 2.2.2.2, so R3 would be DR.

OSPF extend configuration lab

Topology

OSPF extend configuration lab Topology Lab Purpose: Master OSPF area summarization configuration.

Lab Purpose:

Master OSPF area summarization configuration. Master OSPF simple password and MD5 authentication configuration.

Learn how to modify OSPF hello interval, dead interval, and cost value. Lab Requirement:

Enable route summary from area 1 to area 0. Enable simple password authentication between R1 and R2. Enable MD5 authentication between R2 and R3. Modify hello interval to 5 and dead interval to 10 between R3 and R4. Modify R4 s0 cost to 80. Enable OSPF neighbor log on all Routers. Lab Steps:

Step 1: Finish the basic IP configuration according to the diagram, and test connectivity.

Step 2: Enable OSPF on all routers R1(config)#router ospf 100 R1(config-router)#network 172.16.1.0 0.0.0.255 area 1 R1(config-router)#network 172.16.2.0 0.0.0.255 area 1 R1(config-router)#network 172.16.3.0 0.0.0.255 area 1 R1(config-router)#network 172.16.4.0 0.0.0.255 area 1 R1(config-router)#network 12.1.1.0 0.0.0.255 area 1 R1(config-router)#log-adjacency-changes //enable OSPF neighbor log R2(config)#router ospf 100 R2(config-router)#network 12.1.1.0 0.0.0.255 area 1 R2(config-router)#network 23.1.1.0 0.0.0.255 area 0

R2(config-router)#log-adjacency-changes

R3(config)#router ospf 100 R3(config-router)#network 23.1.1.0 0.0.0.255 area 0 R3(config-router)#network 34.1.1.0 0.0.0.255 area 2

R3(config-router)#log-adjacency-changes

R4(config)#router ospf 100 R4(config-router)#network 34.1.1.0 0.0.0.255 area 2

R4(config-router)#log-adjacency-changes

Step 3: Enable area 1 route summary on R2 R2(config)#router ospf 100 R2(config-router)#area 1 range 172.16.0.0 255.255.248.0

Step 4:Enable MD5 authentication between R2 and R3 R2(config)#int s1 R2(config-if)#ip ospf message-digest-key 1 md5 cisco R2(config-if)#ip ospf authentication message-digest R3(config)#int s1 R3(config-if)#ip ospf message-digest-key 1 md5 cisco R3(config-if)#ip ospf authentication message-digest Step 5: enable simple password authentication between R1 and R2 R1(config)#int s0 R1(config-if)#ip ospf authentication-key cisco R1(config-if)#ip ospf authentication R2(config)#int s0 R2(config-if)#ip ospf authentication-key cisco R2(config-if)#ip ospf authentication Step 6:Modify hellodead interval R3(config)#int s0 R3(config-if)#ip ospf hello-interval 5 R3(config-if)#ip ospf dead-interval 20 R4(config)#int s0 R4(config-if)#ip ospf hello-interval 5 R4(config-if)#ip ospf dead-interval 20 Step 7: Modify R4 interface s0 cost R4(config)#int s0 R4(config-if)#ip ospf cost 80

Use "show ip ospf interface so" to see all the modify value including RID, priority, area, timer, cost, etc. By www.ccieuniversity.com

Route Redistribution Configuration Lab

Topology

Route Redistribution Configuration Lab Topology Lab Purpose: Master redistribution configuration between

Lab Purpose: Master redistribution configuration between different routing protocols. Lab Requirement: The whole network should be reachable with out static route nor default route. Lab Steps:

Step 1: Finish the basic IP configuration according to the diagram. Step 2: Enable RIPV2 on R1, enable RIPV2 EIGRP OSPF on R2, enable EIGRP on R3enable OSPF on R4. R1(config)#router rip R1(config-router)#version 2 R1(config-router)#network 1.1.1.0 R1(config-router)#network 12.1.1.0 R2(config)#router rip R2(config-router)#version 2 R2(config-router)#network 23.1.1.0 R2(config-router)#network 12.1.1.0 R2(config-router)#network 24.1.1.0 R2(config)#router eigrp 100 R2(config-router)#network 12.1.1.0 0.0.0.255 R2(config-router)#network 23.1.1.0 0.0.0.255 R2(config-router)#network 24.1.1.0 0.0.0.255 R2(config)#router ospf 100 R2(config-router)#network 12.1.1.0 0.0.0.255 area 0 R2(config-router)#network 23.1.1.0 0.0.0.255 area 0 R2(config-router)#network 24.1.1.0 0.0.0.255 area 0 R3(config)#router eigrp 100 R3(config-router)#network 23.1.1.0 0.0.0.255 R3(config-router)#network 3.3.3.0 0.0.0.255 R4(config)#router ospf 100 R4(config-router)#network 24.1.1.0 0.0.0.255 area 0 R4(config-router)#network 4.4.4.0 0.0.0.255 area 0 Step 3: redistribute routing protocols on R2. R2(config)#router rip

R2(config-router)#redistribute eigrp 100 metric 2 R2(config-router)#redistribute ospf 100 metric 2 R2(config)#router eigrp 100 R2(config-router)#redistribute rip metric 2000 1 255 1 1500 //EIGRP combine metric R2(config-router)#redistribute ospf 100 metric 2000 1 255 1500 R2(conf t)#router ospf 100 R2(config-router)#redistribute rip metric 64 subnets R2(config-router)#redistribute eigrp 100 metric 64 subnets Tips: Command "subnets" in OSPF redistribution is to allow subnets prefix join the OSPF route table. By www.ccieuniversity.com

Switch Basic Configuration And Port Security

Topology

Switch Basic Configuration And Port Security Topology Lab Purpose: Master switch basic configuration. Master

Lab Purpose:

Master switch basic configuration. Master switch port security configuration. Lab Requirement: finish basic configuration including ip address, default gateway. Enable port security on Fa0/3 to allow maximum 10 mac address to be learn, others will be dropped. Lab Steps:

Step 1: basic configuration Switch(config)#ip default-gateway 192.168.1.1 //If without default gateway you can not access the switch from different network. Switch(config)#interface vlan 1 Switch(config-if)#ip address 192.168.1.2 255.255.255.0 Switch(config-if)#no shutdown //set up switch management ip address. Switch(config)#int fa0/1

Switch(config-if)#duplex full Switch(config-if)#speed 100 Step 2:enable port security. Switch(config-if)#int fa0/3 Switch(config-if)#switchport mode access //only access mode can enable port security Switch(config-if)#switchport port-security maximum 10 //set the maximum learned mac address number to 10 Switch(config-if)#switchport port-security violation protect //drop the exceeded frames By www.ccieuniversity.com

Switch Vlan Configuration Lab

Topology

Switch Vlan Configuration Lab Topology Lab Purpose: Master vlan basic configuration. Master

Lab Purpose:

Master vlan basic configuration. Master interface assign vlan configuration. Lab Requirement: create vlan2 and vlan3vlan name is HRENG Assign pc1 in vlan2, assign pc2 in vlan3 Lab Steps:

Step 1:create VLAN2 and VLAN3 Switch#conf t Switch(config)#vlan 2 Switch(config-vlan)#name HR Switch(config-vlan)#exit Switch(config)#vlan 3 Switch(config-vlan)#name ENG Step 2: assign the 2 PC connected interfaces to the 2 vlan. Switch(config)#int fa0/1 Switch(config-if)#switchport mode access Switch(config-if)#switchport access vlan 2 Switch(config-if)#end Switch(config)#int fa0/2 Switch(config-if)#switchport mode access Switch(config-if)#switchport access vlan 3 Switch(config-if)#end Step 3:Use "show vlan brif" to check the vlan table. By www.ccieuniversity.com

Switch Vlan Trunk Configuration Lab

Topology

Switch Vlan Trunk Configuration Lab Topology Lab Purpose: Master trunk basic configuration Lab

Lab Purpose: Master trunk basic configuration Lab Requirement: create vlan2 on both SW1 and SW2, set up trunk link between SW1 and SW2. Lab Steps:

Step 1: Create vlan2 and assign pc1 pc2 connected switch interfaces

to vlan2. SW1#conf t SW1(config)#vlan 2 SW1(config-vlan)#name HR

SW1(config-vlan)#exit

SW1(config)#int fa0/1 SW1(config-if)#switchport mode access SW1(config-if)#switchport access vlan 2 SW2#conf t SW2(config)#vlan 2 SW2(config-vlan)#name HR

SW2(config-vlan)#exit

SW2(config)#int fa0/2 SW2(config-if)#switchport mode access SW2(config-if)#switchport access vlan 2 Step 2: Set up trunk link between the 2 switches. SW1(config)#int fa0/20 SW1(config-if)#switchport trunk encapsulation dot1q SW1(config-if)#switchport mode trunk SW2(config)#int fa0/20 SW2(config-if)#switchport trunk encapsulation dot1q SW2(config-if)#switchport mode trunk By www.ccieuniversity.com

Switch VTP Configuration Lab

Topology

www.ccieuniversity.com Switch VTP Configuration Lab Topology Lab Purpose: Master VLAN and VTP configuration Lab

Lab Purpose: Master VLAN and VTP configuration Lab Requirement: Set VTP to www.ccieuniversity.com , password www.ccieuniversity.com. Set SwitchA to VTP Server modecreate VLAN 10 name ccieuniversity1 and VLAN 20 name ccieuniversity2enable VTP pruning. Set SwitchB to VTP Client moreassign interfaces Fa0/110 to VLAN10, Fa0/1120 to VLAN20. Set SwitchC to VTP Transparent mode.

Lab Steps:

Step 1: AS VTP information based on trunk link transferSo we set up trunk link first. SwitchA(config)#int f0/0 SwitchA(config-if)#switchport trunk encapsulation dot1q SwitchA(config-if)#switchport mode trunk SwitchA(config)#int f0/1 SwitchA(config-if)#switchport trunk encapsulation dot1q SwitchA(config-if)#switchport mode trunk SwitchB(config)#int f0/0 SwitchB(config-if)#switchport trunk encapsulation dot1q SwitchB(config-if)#switchport mode trunk SwitchC(config)#int f0/0 SwitchC(config-if)#switchport trunk encapsulation dot1q SwitchC(config-if)#switchport mode trunk

Step 2: Enable VTP Server mode and pruning on SwitchA, then create vlans SwitchA(config)#vtp mode server SwitchA(config)#vtp domain www.ccieuniversity.com SwitchA(config)#vtp password www.ccieuniversity.com SwitchA(config)#vtp pruning SwitchA#vlan 10 name ccieuniversity1 SwitchA#vlan 20 name ccieuniversity2

Step 3: Enable VTP Client mode on SwitchB SwitchB(config)#vtp mode client SwitchB(config)#vtp domain www.ccieuniversity.com SwitchB(config)#vtp password www.ccieuniversity.com

Step 4: Enable VTP transparent mode on SwitchC SwitchC(config)#vtp mode transparent

Step 5: Check SwitchB vlan information to see whether there are automatically created vlan10 and vlan20.

Step 6: Check whether SwitchB and SwitchC could create vlans. By www.ccieuniversity.com

Switch STP Basic Configuration Lab

Topology

Switch STP Basic Configuration Lab Topology Lab Purpose: Observed STP working principal, learn how to

Lab Purpose:

Observed STP working principal, learn how to change STP common parameters such as STP priority, STP interface cost, STP interface priority. Learn how to modify a switch to a primary root or a secondary root. Learn how to enable rapid STP.

Lab Requirement: SW1 should become the primary rootSW2 will be the secondary root. Modify SW3 Fa0/24 interface priority to 64. Modify SW3 and SW4 Fa0/20 interface cost to 5.

Lab Steps:

Step 1: Use "show spanning-tree" command to see the default PVST+(Per Vlan Spanning Tree)

Step 2: enable or disable STP for specific vlan. Switch(config)#spanning-tree vlan 2 //enable STP for vlan2,the default is enable. Switch(config)#no spanning-tree vlan 2 //disable STP for vlan2

Step 3: Modify STP priority to make SW1 be primary rootSW2 be secondary root. SW1(config)#spanning-tree vlan 1 priority 24576 SW2(config)#spanning-tree vlan 1 priority 28672 Tips: Switch STP priority must be multiple of 4096 Also you could use the following command to decide who is primary root and who is secondary root. SW1(config)#spanning-tree vlan 1 root primary Tips: Sw1 will set it's STP priority lower than all others' in the network.

SW2(config)#spanning-tree vlan 1 root secondary Tips: Sw2 will set it's STP priority only higher than SW1 and lower than all others in the network.

Step 4: Modify SW3 Fa0/24 STP priority to 64 SW3(config)#int fa0/24 SW3(config-if)#spanning-tree vlan 1 port-priority 64 Tips: STP interface priority should be multiple of 16 Step 5: Modify SW3SW4 Fa0/20 cost to 5 SW3(config)#int fa0/20 SW3(config-if)#spanning-tree vlan 1 cost 5 SW4(config)#int fa0/20 SW4(config-if)#spanning-tree vlan 1 cost 5 Step 6: enable rapid STP. SW1(config)#spanning-tree mode rapid-pvst SW2(config)#spanning-tree mode rapid-pvst SW3(config)#spanning-tree mode rapid-pvst SW4(config)#spanning-tree mode rapid-pvst By www.ccieuniversity.com

Routing Between Vlans - Router On A Stick

Topology

Routing Between Vlans - Router On A Stick Topology Lab Purpose: Master "router on a stick"

Lab Purpose: Master "router on a stick" configuration.

Lab Requirement:

1 Make R1 R2 work as host

2 R1 F0/0 ip address is 192.168.1.2 default gateway is 192.168.1.1

3 R2 F0/0 ip address is 192.168.2.2 default gateway is 192.168.2.1

4 Create VLAN5 and VLAN10 on SW1assign R1 to VLAN5assign R2 to

VLAN10.

5 Enable routing between vlans on R3.

6 Ping package can go trough R1 and R2.

Lab Steps:

Step 1: Disable R1 R2 routing function R1(config)#no ip routing //disable routing function

R1(config)#ip default-gateway 192.168.1.1 //set default gateway R1(config)#int fa0/0 R1(config-if)#ip add 192.168.1.2 255.255.255.0 R1(config-if)#no shutdown R2(config)#no ip routing R2(config)#ip default-gateway 192.168.2.1 R2(config)#int fa0/0 R2(config-if)#ip add 192.168.2.2 255.255.255.0 R2(config-if)#no shutdown Step 2: Create and assign vlans on SW1. SW1#conf t SW1(config)#vlan 5

SW1(config-vlan)#exit

SW1(config)#vlan 10

SW1(config-vlan)#exit

SW1(config)#int fa1/5 SW1(config-if)#switchport mode access SW1(config-if)#switchport access vlan 5 SW1(config-if)#exit SW1(config)#int fa1/10 SW1(config-if)#switchport mode access SW1(config-if)#switchport access vlan 10 SW1(config- if)#exit Step 3: Create trunk between SW1 and R3. SW1(config)#int fa1/2 SW1(config-if)#switchport mod trunk SW1(config-if)#switchport trunk encapsulation dot1q SW1(config-if)#no shutdown

SW1(config-if)#exit

Step 4: Encapsulate vlans on R3. R3(config)#ip routing R3(config)#int fa0/0 R3(config-if)#no shutdown R3(config)#int fa0/0.5 R3(config-subif)#encapsulation dot1q 5 R3(config-subif)#ip add 192.168.1.1 255.255.255.0 R3(config-subif)#no shutdown

R3(config-subif)#exit

R3(config)#int fa0/0.10 R3(config-subif)#encapsulation dot1q 10 R3(config-subif)#ip add 192.168.2.1 255.255.255.0 R3(config-subif)#no shutdown

R3(config-subif)#exit

Step 5: Ping between R1 and R2 to make sure the router on a stick is working properly. By www.ccieuniversity.com

Frame-Relay Basic Configuration Lab

Topology

www.ccieuniversity.com Lab Purpose: Master frame-relay principal, frame-relay switch basic configuration, frame-relay

Lab Purpose: Master frame-relay principal, frame-relay switch basic configuration, frame-relay client basic configuration.

Lab Requirement: frame-relay encapsulationis IETF, LMI type is ANSI. Make the whole frame-relay network full-mesh and could ping from each other. Frame-relay Clients are in 10.1.1.0/24 network.

Lab Steps:

Step 1: Frame-relay switch configuration. FR(config)#frame-relay switching //enable frame-relay switching globally. FR(config)#int s0/0 FR(config-if)#encapsulation frame-relay ietf FR(config-if)#frame-relay intf-type dce FR(config-if)#clock rate 64000 FR(config-if)#frame-relay lmi-type ansi FR(config-if)#frame-relay route 102 interface s0/1 201 FR(config-if)#frame-relay route 103 interface s0/2 301 FR(config-if)#no shutdown FR(config)#int s0/1 FR(config-if)#encapsulation frame-relay ietf FR(config-if)#frame-relay intf-type dce FR(config-if)#clock rate 64000 FR(config-if)#frame-relay lmi-type ansi FR(config-if)#frame-relay route 201 interface s0/0 102 FR(config-if)#frame-relay route 203 interface s0/2 302 FR(config-if)#no shutdown FR(config)#int s0/2 FR(config-if)#encapsulation frame-relay ietf FR(config-if)#frame-relay intf-type dce FR(config-if)#clock rate 64000 FR(config-if)#frame-relay lmi-type ansi FR(config-if)#frame-relay route 103 interface s0/2 301 FR(config-if)#frame-relay route 302 interface s0/1 203 FR(config-if)#no shutdown Step 2: Frame-relay client configuration. R1(config)#int s0 R1(config-if)#encapsulation frame-relay ietf R1(config-if)#frame-relay lmi-type ansi

R1(config-if)#ip add 10.1.1.1 255.255.255.0 R1(config-if)#no shutdown R2(config)#int s0 R2(config-if)#encapsulation frame-relay ietf R2(config-if)#frame-relay lmi-type ansi R2(config-if)#ip add 10.1.1.2 255.255.255.0 R2(config-if)#no shutdown R3(config)#int s0 R3(config-if)#encapsulation frame-relay ietf R3(config-if)#frame-relay lmi-type ansi R3(config-if)#ip add 10.1.1.3 255.255.255.0 R3(config-if)#no shutdown Step 3:ping between clients to check the FR connectivity. By www.ccieuniversity.com

Static Frame-Relay Map Configuration Lab

Topology

Static Frame-Relay Map Configuration Lab Topology Lab Purpose: Master inverse arp principal. Master static

Lab Purpose: Master inverse arp principal. Master static IP/DLCI match configuration. Lab Requirement: Disable frame-relay inverse arp, create static IP DLCI map on clients. Lab Steps:

Step 1: Disable inverse-arp on frame-relay switch. FR(config)#int s0/0 FR(config-if)#no frame-relay inverse-arp FR(config)#int s0/1 FR(config-if)#no frame-relay inverse-arp FR(config)#int s0/2 FR(config-if)#no frame-relay inverse-arp

Step 2: Create frame-relay map on the 3 FR clients. R1(config)#int s0 R1(config-if)#frame-relay map ip 10.1.1.2 102

R1(config-if)#frame-relay map ip 10.1.1.3 103 R2(config)#int s0 R2(config-if)#frame-relay map ip 10.1.1.1 201 R2(config-if)#frame-relay map ip 10.1.1.3 203 R3(config)#int s0 R3(config-if)#frame-relay map ip 10.1.1.1 301 R3(config-if)#frame-relay map ip 10.1.1.2 302

Step 3:use "show frame-relay map" command to check the created IP/DLCI map, and check the ping connectivity. R1#show frame-relay map Serial0 (up): ip 10.1.1.2 dlci 102(0x66,0x1860), static, IETF, status defined, active Serial0 (up): ip 10.1.1.3 dlci 103(0x67,0x1870), static, IETF, status defined, active

R1#ping 10.1.1.2 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 10.1.1.2, timeout is 2 seconds:

!!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 32/60/80 ms R1#ping 10.1.1.3 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 10.1.1.3, timeout is 2 seconds:

!!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 32/61/96 ms By www.ccieuniversity.com

Distance Vector Routing Protocol in Frame-Relay Network Lab

Topology

www.ccieuniversity.com Lab Purpose: Observe distance vector routing protocol running in frame-relay network. Lab

Lab Purpose: Observe distance vector routing protocol running in frame-relay network. Lab Requirement: enable EIGRP on frame-relay network and learn route from each other.

Lab Steps:

Step 1: Finish the basic ip and frame-relay configuration

Step 2: Add a loopback interface on all routers for future test. R1(config)#int lo0 R1(config-if)#ip add 172.16.1.1 255.255.255.0 R2(config)#int lo0 R2(config-if)#ip add 172.16.2.1 255.255.255.0 R3(config)#int lo0 R3(config-if)#ip add 172.16.3.1 255.255.255.0 Step 3: Enable EIGRP on R1 R2 R3, announce the necessary network. R1(config)#router eigrp 100 R1(config-router)#no auto-summary R1(config-router)#network 10.1.1.0 0.0.0.255 R1(config-router)#network 172.16.1.0 0.0.0.255 R2(config)#router eigrp 100 R2(config-router)#no auto-summary R2(config-router)#network 10.1.1.0 0.0.0.255 R2(config-router)#network 172.16.2.0 0.0.0.255 R3(config)#router eigrp 100 R3(config-router)#no auto-summary R3(config-router)#network 10.1.1.0 0.0.0.255 R3(config-router)#network 172.16.3.0 0.0.0.255

Step 4: Check R2 R3 routing table and observe the effect of split horizon.

Step 5: Disable R1 S0 EIGRP split horizon to insure necessary update.

R1(config-if)#no ip split-horizon eigrp 100 By www.ccieuniversity.com

Frame-Relay Point to Point Sub-interface Configuration Lab

Topology

Point to Point Sub-interface Configuration Lab Topology Lab Purpose: Master frame-relay point to point sub-interface

Lab Purpose: Master frame-relay point to point sub-interface configuration. Lab Requirement: Enable frame-relay point to point sub-interface on R1 to solve split horizon issue. Lab Steps:

Step 1: Create 2 frame-relay point to point sub-interface on R1. Sub-interfaces are on different networks. R1(config)#int s0 R1(config-if)#no ip address R1(config-if)#encapsulation frame-relay ietf R1(config-if)#frame-relay lmi-type ansi R1(config-if)#no shutdown

R1(config-if)#exit

R1(config)#int s0.1 point-to-point R1(config-subif)#frame-relay interface-dlci 102

R1(config-fr-dlci)#exit

R1(config-subif)#ip add 10.1.1.1 255.255.255.0 R1(config-subif)#no shutdown

R1(config-subif)#exit

R1(config)#int s0.2 point-to-point R1(config-subif)#frame-relay interface-dlci 103

R1(config-fr-dlci)#exit

R1(config-subif)#ip add 10.1.2.1 255.255.255.0 R1(config-subif)#no shutdown

R1(config-subif)#end

Under frame-relay point to point sub-interface EIGRP is working properly without disabling split horizon. By www.ccieuniversity.com

Frame-Relay Multi-Point Sub-interface Configuration Lab

Topology

Multi-Point Sub-interface Configuration Lab Topology Lab Purpose: Master frame-relay multi-point sub-interface

Lab Purpose: Master frame-relay multi-point sub-interface configuration.

Lab Steps:

Step 1: Finish basic configuration.

Step 2: Enable multi-point interface on R1. R1(config)#int s0 R1(config-if)#encapsulation frame-relay R1(config-if)#no ip address R1(config-if)#no shutdown R1(config)#int s0.1 multipoint R1(config-subif)#ip add 10.1.1.1 255.255.255.0 / Same network as R2 and R3. R1(config-subif)#frame-relay interface-dlci 102

R1(config-fr-dlci)#exit

R1(config-subif)#frame-relay interface-dlci 103

R1(config-fr-dlci)#exit

Tips: Frame-Relay multi-point sub-interface will bring split-horizon issue as the common frame-relay interface do. By www.ccieuniversity.com

PPP PAP Authentication Basic Lab Configuration

Topology

PPP PAP Authentication Basic Lab Configuration Topology Lab Purpose: Master ppp one way authentication configuration

Lab Purpose: Master ppp one way authentication configuration for pap.

Lab Requirement: R2 is the ppp authentication server, R1 and R3 are clients.

Lab Steps:

Step 1: PPP sever configuration on R2. R2(config)#username R1 password cisco R2(config)#username R3 password cisco R2(config)#int s1 R2(config-if)#encapsulation ppp R2(config-if)ppp authentication pap R2(config)#int s0 R2(config-if)#encapsulation ppp R2(config-if)# ppp authentication pap

Step 2: PPP client configuration on R1 and R3. R1(config)#int s0 R1(config-if)#encapsulation ppp R1(config-if)#ppp pap send-username R1 password cisco R3(config)#int s1 R3(config-if)#encapsulation ppp R3(config-if)# ppp pap send-username R3 password cisco

PPP CHAP Authentication Basic Lab Configuration

Topology

PPP CHAP Authentication Basic Lab Configuration Topology Lab Purpose: Master ppp one way authentication configuration

Lab Purpose: Master ppp one way authentication configuration for pap.

Lab Steps: Enable ppp chap authentication on all routers interfaces.

R1(config)#username R2 password www.ccieuniversity.com R1(config)#int s0 R1(config-if)#encapsulation ppp R1(config-if)# ppp authentication chap R2(config)#username R1 password www.ccieuniversity.com R2(config)#username R3 password www.ccieuniversity.com R2(config)#int s0 R2(config-if)#encapsulation ppp R2(config-if)# ppp authentication chap R2(config)#int s1 R2(config-if)#encapsulation ppp R2(config-if)# ppp authentication chap R3(config)#username R2 password www.ccieuniversity.com R3(config)#int s1 R3(config-if)#encapsulation ppp R3(config-if)# ppp authentication chap

Static Nat And Dynamic Nat Basic Configuration Lab

Topology

Static Nat And Dynamic Nat Basic Configuration Lab Topology Lab Purpose: Master static and dynamic NAT

Lab Purpose: Master static and dynamic NAT configuration.

Lab Requirement: Add static nat translation for host 192.168.1.2, 192.168.1.5, add dynamic nat translation for network 192.168.1.0/24.

Lab Steps:

Step 1: Finish the basic IP configuration according to the diagram, and test connectivity. Step 2: Add a default route on router NAT. NAT(config)#ip route 0.0.0.0 0.0.0.0 200.200.100.2 Step 3: Create static translation for host 192.168.1.2 and

192.168.1.5

NAT(config)#ip nat inside source static 192.168.1.2 200.200.100.129 NAT(config)#ip nat inside source static 192.168.1.5 200.200.100.130 Step 4: Create dynamic translation for network 192.168.1.0/24 NAT(config)#access-list 1 permit 192.168.1.0 0.0.0.255 NAT(config)#ip nat pool public 200.200.100.129 200.200.100.254 netmask 255.255.255.128 NAT(cinfig)#ip nat inside source list 1 pool public Step 5: Assign inside and outside interface for router NAT. NAT(config)#int f0/0 NAT(config-if)#ip nat inside NAT(config)#int s0/0 NAT(config-if)#ip nat outside

Basic Standard ACL Configuration Lab

Topology

Basic Standard ACL Configuration Lab Topology Lab Purpose: Master basic standard ACL configuration Lab

Lab Purpose: Master basic standard ACL configuration

Lab Requirement: Deny all traffic from R1 to R3.

Lab Steps:

Step 1: Finish the basic IP and route configuration according to the diagram, and test connectivity. R1(config)#ip route 10.1.1.64 255.255.255.252 10.1.1.2 R3(config)#ip route 10.1.1.0 255.255.255.252 10.1.1.65

Step 2: add a standard ACL to block the traffic from R1 to R3. R3(config)#access-list 1 deny 10.1.1.1 0.0.0.0 Or use the host command. R3(config)#access-list 1 deny host 10.1.1.1 Tips: As there is a default deny any at the bottom of the ACL, so add permit any to allow other traffic. R3(config)#access-list 1 permit any Choose the right direction to assign the ACL. R3(config)#int s1 R3(config-if)#ip access-group 1 in

Basic Extended ACL Configuration Lab

Topology

Basic Extended ACL Configuration Lab Topology Lab Purpose: Master basic extended ACL configuration Lab

Lab Purpose: Master basic extended ACL configuration

Lab Requirement: Deny icmp traffic from network 192.168.1.0, only pc1 can access FTP server.

Lab Steps:

Step 1: finish basic ip configuration and enable RIPV2 on the 3 routers. R1(config)#router rip R1(config-router)#version 2 R1(config-router)#no auto-summary R1(config-rotuer)#network 10.0.0.0 R1(config-rotuer)#network 172.16.0.0 R2(config)#router rip R2(config-router)#version 2 R2(config-router)#no auto-summary R2(config-rotuer)#network 10.0.0.0 R3(config)#router rip R3(config-router)#version 2 R3(config-router)#no auto-summary R3(config-rotuer)#network 10.0.0.0 R3(config-router)#network 192.168.1.0

Step 2: Create an extended ACL on R3 to deny traffic from network

192.168.1.0

R3(config)#access-list 102 deny icmp 192.168.1.0 0.0.0.255 any R3(config)#access-list 102 permit ip any any R3(config)#int e0 R3(config-if)ip access-group 102 in

Step 3: Create an extended ACL on R1 to allow only pc1 to access the FTP server. Tipsnormally FTP server is using tcp port 20 and 21 to communicate with FTP clients.

R1(config)#access-list 110 permit tcp 192.168.1.1 0.0.0.0 172.16.1.2

0.0.0.0 eq 21

R1(config)#access-list 110 permit tcp 192.168.1.1 0.0.0.0 172.16.1.2

0.0.0.0 eq 20

R1(config)#int s0 R1(config-if)#ip access-group 110 in

Named Extended ACL Configuration Lab

Topology

Named Extended ACL Configuration Lab Topology Lab Purpose: Master basic extended ACL configuration Lab

Lab Purpose: Master basic extended ACL configuration

Lab Requirement: Deny icmp traffic from network 192.168.1.0, only pc1 can access FTP server.

Lab Steps:

Step 1: finish basic ip configuration and enable RIPV2 on the 3 routers. R1(config)#router rip R1(config-router)#version 2 R1(config-router)#no auto-summary R1(config-rotuer)#network 10.0.0.0 R1(config-rotuer)#network 172.16.0.0 R2(config)#router rip R2(config-router)#version 2 R2(config-router)#no auto-summary R2(config-rotuer)#network 10.0.0.0 R3(config)#router rip R3(config-router)#version 2 R3(config-router)#no auto-summary R3(config-rotuer)#network 10.0.0.0 R3(config-router)#network 192.168.1.0

Step 2: Create an named extended ACL on R3 to deny traffic from network 192.168.1.0 R3(config)#ip access-list extended deny_icmp R3(config-ext-nacl)#deny icmp 192.168.1.0 0.0.0.255 any R3(config-ext-nacl)#permit ip any any R3(config)#int e0 R3(config-if)#ip access-group deny_icmp in

Step 3: Create an named extended ACL on R1 to allow only pc1 to access the FTP server.

Tipsnormally FTP server is using tcp port 20 and 21 to communicate with FTP clients. R1(config)#ip access-list extended deny_ftp R1(config-ext-nacl)#permit tcp 192.168.1.1 0.0.0.0 172.16.1.2

0.0.0.0 eq 20

R1(config-ext-nacl)#permit tcp 192.168.1.1 0.0.0.0 172.16.1.2

0.0.0.0 eq 21

R1(config)#int s0 R1(config-if)#ip access-group deny_ftp in

ACL Working on VTY Line Configuration Lab

Topology

ACL Working on VTY Line Configuration Lab Topology Lab Requirement: Only PC1 can remote access the

Lab Requirement: Only PC1 can remote access the router.

Lab Steps:

Router(config)#access-list 1 permit host 172.16.1.3 Router(config)#line vty 0 15 Router(config-line)#password www.ccieuniversity.com Router(config-line)#login Router(config-line)#access-class 1 in

IPV6 Basic Configuration Lab

Topology

www.ccieuniversity.com IPV6 Basic Configuration Lab Topology Lab Purpose: Master IPV6 basic principal and configuration

Lab Purpose: Master IPV6 basic principal and configuration

Lab

Lab Steps:

Requirement: Add IPV6 address and IPV6 static route on R1 and R2.

Step 1: Add IPV6 address on R1 and R2. R1(config)#interface lo0 R1(config-if)#ipv6 address 2001:aaaa:1::1/64

R1(config-if)#exit

R1(config)#interface s1/1 R1(config-if)#ipv6 address 2001:aaaa:2::1/64 R1(config-if)#clock rate 64000 R1(config-if)#no shutdown

R1(config-if)#end

R2(config)#interface s1/0 R2(config-if)#ipv6 address 2001:aaaa:2::1/64 R2(config-if)#clock rate 64000 R2(config-if)#no shutdown

R2(config-if)#exit

R2(config)#interface lo0 R2(config-if)#ipv6 address 2001:aaaa:3::1/64

R2(config-if)#end

Step 2: Enable IPV6 routing on R1 and R2. R1#conf t R1(config)#ipv6 unicast-routing R2#conf t R2(config)#ipv6 unicast-routing Step 3: Add static IPV6 route on R1 and R2. R1(config)#ipv6 route 2001:aaaa:3::/64 s1/1 R2(config)#ipv6 route 2001:aaaa:1::/64 s1/0