차등화 된 서비스를 제공하기 위해 서비스 별로 분류하여 마킹을 진행.

셋팅

ip access-list extended acl-ftp

 permit tcp host 192.168.2.1 eq ftp-data any

 permit tcp host 192.168.2.1 eq ftp any

!

class-map match-any ftp

 match access-group name acl-ftp

!

policy-map kong

 class ftp

  set precedence 3

interface FastEthernet0/1

 switchport trunk encapsulation dot1q

 switchport mode trunk

 service-policy input kong

!

interface FastEthernet0/2

 switchport trunk encapsulation dot1q

 switchport mode trunk

 service-policy input kong

interface Port-channel 1

 switchport trunk encapsulation dot1q

 switchport mode trunk

결과값

HQ_SE_2F_L3_1#show mls qos

QoS is enabled

Differentiated Services Field: 0x60 (DSCP: CS3, ECN: Not-ECT)

0110 00.. = Differentiated Services Codepoint: Class Selector 3 (24)

.... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0)

HQ_SE_2F_L3_1#

show policy-map interface f0/1-2

 FastEthernet0/1

  Service-policy input: kong

 Class-map: ftp (match-any)

   0 packets, 0 bytes

   5 minute offered rate 0 bps,

   Match: access-group acl-ftp

     0 packets, 0 bytes

     5 minute rate 0 bps

정상작동 테스트 (재분류)

Service-policy input: kong

   Class-map: reftp (match-any)

     958955 packets, 959638048 bytes

     5 minute offered rate 16591000 bps, drop rate 0 bps

     Match: ip precedence 3

       958954 packets, 959638048 bytes

       5 minute rate 16591000 bps

     QoS Set

       precedence 4

         Packets marked 958965

0110 00.. = Differentiated Services Codepoint:

Class Selector 4 (24)

(Port-Channel 1)

HQ_SE_2F_L3_1(config-if)#service-policy input kong

QoS: policymap is not supported on virtual interfaces

Service Policy attachment failed

패킷에 대한 암호화 및 인증을 실시하여 데이터에 대한 기밀성을 보장하고 지사 2곳과 근거리에서 통신하는 효과를 얻을 수 있다.

셋팅

HQ_SE_Core_R1

crypto isakmp policy 10

 authentication pre-share

crypto isakmp key 6 tae address 0.0.0.0 0.0.0.0

crypto ipsec transform-set eung esp-3des esp-md5-hmac   

crypto ipsec profile vpn-1

 set transform-set eung

!

interface Tunnel0

 ip address 192.168.81.1 255.255.255.0

 no ip redirects

 ip nhrp authentication kong

 ip nhrp map multicast dynamic

 ip nhrp network-id 2811

 ip nhrp holdtime 360

 ip nhrp cache non-authoritative

 tunnel source 200.1.1.2

 tunnel mode gre multipoint

 tunnel key 2811

 tunnel protection ipsec profile vpn-1

 Active Router가 Down되거나 회선에 문제가 생겨 통신이 불가능해진 경우 Active Router를 전환하기 위해 사용.

셋팅

HQ_SE_1F_SW1(config-if)#standby 10 track FastEthernet0/6

HQ_SE_1F_SW1(config-if)#standby 10 preempt

결과

HQ_SE_2F_L3_1#show standby brief

P indicates configured to preempt.

|

Interface   Grp   Pri   P   State   Active   Standby       Virtual IP

Vl10          10   150  P  Active   local   192.168.2.29  192.168.2.30

HQ_SE_2F_L3_2#show standby brief

P indicates configured to preempt.

|

Interface   Grp    Pri   P   State    Active        Standby   Virtual IP

Vl10         10     145  P Standby 192.168.2.28   local    192.168.2.30

HQ_SE_2F_L3_1#show standby brief

P indicates configured to preempt.

|

Interface   Grp   Pri   P   State       Active      Standby    Virtual IP

Vl10         10    140  P  Standby 192.168.2.29   local     192.168.2.30

HQ_SE_2F_L3_2#show standby brief

P indicates configured to preempt.

|

Interface   Grp   Pri   P    State     Active     Standby      Virtual IP

Vl10         10    145  P   Active    local     192.168.2.28 192.168.2.30

Gateway의 Path를 이중화해 하나의 링크가 Down되어도 Client들의 서비스에 지장이  없게 한다.

셋팅

HQ_SE_GN_1F_L3_1

interface Vlan10

ip address 192.168.1.28 255.255.255.224

standby 1 ip 192.168.1.30

standby 1 priority 150

standby 1 preempt

!

interface Vlan20

ip address 192.168.1.61 255.255.255.224

standby 2 ip 192.168.1.60

standby 2 priority 145

standby 2 preempt

!

HQ_SE_GN_1F_L3_2

interface Vlan10

ip address 192.168.1.29 255.255.255.224

standby 1 ip 192.168.1.30

standby 1 priority 145

standby 1 preempt

!

interface Vlan20

ip address 192.168.1.62 255.255.255.224

standby 2 ip 192.168.1.60

standby 2 priority 150

standby 2 preempt

!

결과

HQ_SE_GN_1F_L3_1#show standby brief

                     P indicates configured to preempt.

                     |

Interface   Grp    Prio   P  State       Active           Standby           Virtual IP

Vl10          1      150   P  Active      local             192.168.1.29     192.168.1.30

Vl20          2      145   P  Standby   192.168.1.62    local              192.168.1.60

HQ_SE_GN_1F_L3_2#show standby brief

                     P indicates configured to preempt.

                     |

Interface    Grp   Prio   P  State        Active                  Standby         Virtual IP

Vl10           1     145   P  Standby    192.168.1.28          local              192.168.1.30

Vl20           2     150   P  Active       local                   192.168.1.61     192.168.1.60

여러 개의 스패닝트리를 그룹화해 1개의 스패닝트리 처럼 동작하게 하여 프로세서의 소모율을 줄인다.

셋팅

Dispatch_L2_1

spanning-tree mode mst

no spanning-tree optimize bpdu transmission

spanning-tree extend system-id

spanning-tree vlan 1,10,20,30,40 priority 40960

!

spanning-tree mst configuration

 name mst-1

 instance 1 vlan 1, 10, 20, 30, 40

!

spanning-tree mst 1 priority 40960

!

!

!

!

interface FastEthernet0/1

 switchport mode trunk

!

interface FastEthernet0/2

 switchport mode trunk

!

결과

Dispatch_L2_1#show spanning-tree mst configuration

Name      [mst-1]

Revision  0

Instance  Vlans mapped

--------  -------------------------------------------------------------------

0         2-9,11-19,21-29,31-39,41-4094

1         1,10,20,30,40

----------------------------------------------------------------------------

Dispatch_L2_1#show spanning-tree mst 1

Interface        Role Sts Cost      Prio.Nbr Type

---------------- ---- --- --------- -------- --------------------------------

Fa0/1            Altn BLK 200000     128.1    P2p

Fa0/2            Root FWD 200000   128.2    P2p

Dispatch_L2_2#show spanning-tree mst 1

Interface        Role Sts Cost      Prio.Nbr Type

---------------- ---- --- --------- -------- --------------------------------

Fa0/1            Desg FWD 200000    128.1    P2p

Fa0/3            Root FWD 200000    128.3    P2p

Dispatch_L3_1#show spanning-tree mst 1

Interface        Role Sts Cost      Prio.Nbr Type

---------------- ---- --- --------- -------- --------------------------------

Fa0/2            Desg FWD 200000    128.2    P2p Pre-STD-Rx

Fa0/3            Desg FWD 200000    128.3    P2p Pre-STD-Rx