2011ǯ03

ƥ:

EIGRPǧڤǧޤR2R3ϥꥢ륱֥³Ƥޤ

R2#show ip interface brief
Interface                  IP-Address      OK? Method Status                Protocol
Serial1/2                  23.23.23.2      YES manual up                    up
Loopback0                  17.17.2.2       YES NVRAM  up                    up

R3#show ip interface brief
Interface                  IP-Address      OK? Method Status                Protocol
Serial1/3                  23.23.23.3      YES manual up                    up
Loopback0                  17.17.3.3       YES NVRAM  up                    up

EIGRPϲΤ褦ˤʤäƤޤ

R2#show running-config | section eigrp
router eigrp 100
network 0.0.0.0
no auto-summary
eigrp router-id 17.17.2.2

R3#show running-config | section eigrp
ip authentication mode eigrp 100 md5
router eigrp 100
network 0.0.0.0
no auto-summary
eigrp router-id 17.17.3.3

R2R3³Ƥ뤳ȤǧǤޤ

R2#show ip eigrp neighbors
IP-EIGRP neighbors for process 100
H   Address                 Interface       Hold Uptime   SRTT   RTO  Q  Seq
                                            (sec)         (ms)       Cnt Num
0   23.23.23.3              Se1/2             13 00:00:25    1  5000  2  0

R2#show ip route eigrp
     17.0.0.0/24 is subnetted, 2 subnets
D       17.17.3.0 [90/2297856] via 23.23.23.3, 00:00:07, Serial1/2

ǧڤѤƤ뤫ɤĴ٤ˤ"show ip eigrp interfaces detail"ǤߤR2R3δ֤ǧڤѤƤޤ

R2#show ip eigrp interfaces detail s1/2
IP-EIGRP interfaces for process 100

                        Xmit Queue   Mean   Pacing Time   Multicast    Pending
Interface        Peers  Un/Reliable  SRTT   Un/Reliable   Flow Timer   Routes
Se1/2              1        0/0        34       0/15         151           0
  Hello interval is 5 sec
  Next xmit serial <none>
  Un/reliable mcasts: 0/0  Un/reliable ucasts: 3/82
  Mcast exceptions: 0  CR packets: 0  ACKs suppressed: 10
  Retransmissions sent: 65  Out-of-sequence rcvd: 2
  Authentication mode is not set
  Use unicast

EIGRPǧڤѤˤϡޤޤR2R3ƱΤޤǤϥ̾"EIGRP"Ȥֹ"1"Ȥޤʸ"CISCO"Ǥ

R2(config)#key chain EIGRP
R2(config-keychain)#key 1
R2(config-keychain-key)#key-string CISCO

ݤˤ꤬ʥߥȤơʸκǸ˥ڡäƤޤȤΤޤܾƱǤۤʤʸǧ졢ǧڤԤޤΤդƤΥߥɤᡢ"show key chain"dzǧԤޤǤWITHSPACEκǸ˥ڡ뤳Ȥʬޤ

R2#show key chain
Key-chain EIGRP:
    key 1 -- text "CISCO"
        accept lifetime (always valid) - (always valid) [valid now]
        send lifetime (always valid) - (always valid) [valid now]
Key-chain WITHSPACE:
    key 1 -- text "CISCO "
        accept lifetime (always valid) - (always valid) [valid now]
        send lifetime (always valid) - (always valid) [valid now]

R3ǥǥХͭˤޤ

R3#debug eigrp packets
EIGRP Packets debugging is on
    (UPDATE, REQUEST, QUERY, REPLY, HELLO, IPXSAP, PROBE, ACK, STUB, SIAQUERY, SIAREPLY)
R3#

R2s1/2ǧڤͭˤޤ

R2(config)#int s1/2
R2(config-if)#ip authentication key-chain eigrp 100 EIGRP
R2(config-if)#ip authentication mode eigrp 100 md5

R3ǧڤͭˤƤʤ֤ǤϲΤ褦ɽޤ

Mar 28 11:05:03.178: EIGRP: Serial1/3: ignored packet from 23.23.23.2, opcode = 5 (authentication off or key-chain missing)
Mar 28 11:05:03.182: EIGRP: Dropping peer, invalid authentication
Mar 28 11:05:03.186: EIGRP: Sending HELLO on Serial1/3
Mar 28 11:05:03.186:   AS 100, Flags 0x0, Seq 0/0 idbQ 0/0 iidbQ un/rely 0/0
Mar 28 11:05:03.198: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 100: Neighbor 23.23.23.2 (Serial1/3) is down: Auth failure

R3ǤǧڤͭˤޤR2R3κ³ǧǤޤ

R3(config)#int s1/3
R3(config-if)#ip authentication key-chain eigrp 100 EIGRP
R3(config-if)#ip authentication mode eigrp 100 md5

Mar 28 11:07:06.974: EIGRP: received packet with MD5 authentication, key id = 1
Mar 28 11:07:06.974: EIGRP: Received HELLO on Serial1/3 nbr 23.23.23.2

ǧȡΤǧڤѤƤ뤳Ȥɽޤ

R2#show ip eigrp interfaces detail s1/2
IP-EIGRP interfaces for process 100

                        Xmit Queue   Mean   Pacing Time   Multicast    Pending
Interface        Peers  Un/Reliable  SRTT   Un/Reliable   Flow Timer   Routes
Se1/2              1        0/0        15       0/15          95           0
  Hello interval is 5 sec
  Next xmit serial <none>
  Un/reliable mcasts: 0/0  Un/reliable ucasts: 7/90
  Mcast exceptions: 0  CR packets: 0  ACKs suppressed: 14
  Retransmissions sent: 66  Out-of-sequence rcvd: 4
  Authentication mode is md5,  key-chain is "EIGRP"
  Use unicast

ƥ:

OSPFǧڤǧƤޤޤΤ褦R2R3Υ󥿡եꤷƤޤ

R2(config-router)#do sh ip int b
Interface                  IP-Address      OK? Method Status                Protocol
Serial1/2                  23.23.23.2      YES manual up                    up
Loopback0                  17.17.2.2       YES NVRAM  up                    up   

R3(config-router)#do sh ip int b
Interface                  IP-Address      OK? Method Status                Protocol
Serial1/3                  23.23.23.3      YES manual up                    up 
Loopback0                  17.17.3.3       YES NVRAM  up                    up

OSPFǤ줾Υꥢȥ롼ץХåɥ쥹ɥ쥹ͭˤޤ

R2(config-router)#do sh run | s ospf
router ospf 1
router-id 17.17.2.2
log-adjacency-changes
network 17.17.2.2 0.0.0.0 area 0
network 23.23.23.2 0.0.0.0 area 0

R3(config-router)#do sh run | s ospf
router ospf 1
router-id 17.17.3.3
log-adjacency-changes
network 17.17.3.3 0.0.0.0 area 0
network 23.23.23.3 0.0.0.0 area 0

ǧڤꤷƤޤޤR3ǥǥХͭˤơ֤ǧǤ褦ˤޤ

R3#debug ip ospf adj
OSPF adjacency events debugging is on

R2ʿʸ(Simple password authentication)ǧڤͭˤޤ

R2(config-router)#int s1/2
R2(config-if)#ip ospf authentication

R3ˤR2ѤƤΤtype 1Ǥȡɽ뤳Ȥʬޤ

R3#
Mar 21 06:18:16.387: OSPF: Rcv pkt from 23.23.23.2, Serial1/3 : Mismatch Authentication type. Input packet specified type 1, we use type 0

R2ǥѥɤꤷޤǤ"CISCO"Ȥޤ

R2(config-if)#ip ospf authentication-key CISCO

R3ǤʿʸǤǧڤͭˤޤ

R3(config-router)#int s1/3
R3(config-if)#ip ospf authentication

ǥХƤѲ뤳Ȥʬޤ

R3(config-if)#
Mar 21 06:20:00.531: OSPF: Rcv pkt from 23.23.23.2, Serial1/3 : Mismatch Authentication Key - Clear Text

R3ǥѥɤꤹǧڤͭȤʤꡢܴطޤ

R3(config-if)#ip ospf authentication-key CISCO

Mar 21 06:20:38.019: OSPF: Synchronized with 17.17.2.2 on Serial1/3, state FULL

R3(config-if)#do sh ip os int s1/3
Serial1/3 is up, line protocol is up
  Internet Address 23.23.23.3/24, Area 0
ά
  Simple password authentication enabled

R2ǧˡMD5(Cryptographic authentication)ѹƤߤޤ

R2(config-if)#ip ospf authentication message-digest

R3ˤR2ѤƤΤtype 2Ǥȡɽ뤳Ȥʬޤ

R3#
Mar 21 06:23:39.491: OSPF: Rcv pkt from 23.23.23.2, Serial1/3 : Mismatch Authentication type. Input packet specified type 2, we use type 1

R3ǤǧˡMD5ѹޤ

R3(config-if)#ip ospf authentication message-digest

Mar 21 06:25:56.643: OSPF: Send with youngest Key 0
Mar 21 06:26:02.211: OSPF: Rcv pkt from 23.23.23.2, Serial1/3 : Mismatch Authentication Key - No message digest key 1 on interface

Ȥλܴط줿ȤǧǤޤ

R3(config-if)#do sh ip os nei

Neighbor ID     Pri   State           Dead Time   Address         Interface
17.17.2.2         0   FULL/  -        00:00:39    23.23.23.2      Serial1/3

ΥꤷƤʤ֤ǤϡΤ褦ɽޤȤƤԴǤ

R3(config-if)#do sh ip os int s1/3
Serial1/3 is up, line protocol is up
  Internet Address 23.23.23.3/24, Area 0
ά
  Message digest authentication enabled
      No key configured, using default key id 0

˥ꤷޤǤ"CCNA"Ѥޤ

R2(config-if)#ip ospf message-digest-key 1 md5 CCNA

R3ǤΥǥХǤ󤳤λǤܴطϲƤޤ

Mar 21 07:10:50.175: OSPF: Send with youngest Key 0
Mar 21 07:10:53.375: OSPF: Rcv pkt from 23.23.23.2, Serial1/3 : Mismatch Authentication Key - No message digest key 1 on interface

R3ˤ⥭ꤷޤ

R3(config-if)#ip ospf message-digest-key 1 md5 CCNA

ˤܴطƷޤ

R3(config-if)#do sh ip os int s1/3
Serial1/3 is up, line protocol is up
  Internet Address 23.23.23.3/24, Area 0
ά
  Message digest authentication enabled
    Youngest key id is 1

ϥ󥿡եǤǧˡꤷޤꥢΤǻǽǤޤǧڤλ̵ˤޤ

R2(config-if)#no ip ospf authentication message-digest
R2(config-if)#no ip ospf authentication-key CISCO

R3(config-if)#no ip ospf authentication message-digest
R3(config-if)#no ip ospf authentication-key CISCO

OSPFΥץǧڤͭˤޤ

R2(config-if)#router ospf 1
R2(config-router)#area 0 authentication message-digest

R3(config-if)#router ospf 1
R3(config-router)#area 0 authentication message-digest

ǧƱ褦ˡMD5ǤǧڤͭǤ뤳Ȥʬޤ

R3(config-router)#do sh ip os int s1/3
Serial1/3 is up, line protocol is up
  Internet Address 23.23.23.3/24, Area 0
ά
  Message digest authentication enabled
    Youngest key id is 1

ƥ:

IP PrecedenceγǧˡդޤơݥꥷޥåפѤƤߤޤR1R2ͳR3³ƤꡢEIGRPǥ롼ƥ󥰤ꤵƤޤ

R3#sh ip interface brief
Interface                  IP-Address      OK? Method Status                Protocol
Serial1/3                  23.23.23.3      YES manual up                    up      
Loopback0                  17.17.3.3       YES NVRAM  up                    up

R3#show ip route eigrp
     17.0.0.0/24 is subnetted, 3 subnets
D       17.17.1.0 [90/2300416] via 23.23.23.2, 01:43:35, Serial1/3
D       17.17.2.0 [90/2297856] via 23.23.23.2, 01:52:36, Serial1/3
     12.0.0.0/24 is subnetted, 1 subnets
D       12.12.12.0 [90/2172416] via 23.23.23.2, 01:52:36, Serial1/3

R1Lo0ping¹Խ뤳Ȥǧޤ

R3#ping 17.17.1.1

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 17.17.1.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 12/17/32 ms

R1˥ꥹȤޤޤEIGRPƵĤޤprecedenceͤflash(3)ǤеĤȤʳϵݤȤޤʤߤflash򤷤Ȥ˿̣Ϥޤ

R1(config)#ip access-list extended PRECEDENCE
R1(config-ext-nacl)#permit eigrp any any
R1(config-ext-nacl)#permit ip any any precedence flash log
R1(config-ext-nacl)#deny ip any any

R1#show ip access-lists
Extended IP access list PRECEDENCE
    10 permit eigrp any any
    20 permit ip any any precedence flash log
    30 deny ip any any

F0/0ŬѤޤ

R1(config)#interface f0/0
R1(config-if)#ip access-group PRECEDENCE in

R1#show ip access-lists interface f0/0
Extended IP access list PRECEDENCE in
    10 permit eigrp any any (15 matches)
    20 permit ip any any precedence flash log
    30 deny ip any any

ˤR3pingϼ¹ԤǤʤʤޤ

R3#ping 17.17.1.1

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 17.17.1.1, timeout is 2 seconds:
U.U.U
Success rate is 0 percent (0/5)

R2ΥѥåȤprecedenceͤflashꤹ뤿ΥݥꥷޥåפޤޤꥹȤޤR3Lo0(17.17.3.3)ĤS1/3(23.23.23.3)ݤޤ

R2(config)#ip access-list standard FROM_R3
R2(config-std-nacl)#permit host 17.17.3.3
R2(config-std-nacl)#deny host 23.23.23.3

R2#show ip access-lists FROM_R3
Standard IP access list FROM_R3
    10 permit 17.17.3.3
    20 deny   23.23.23.3

˥饹ޥåפޤ

R2(config)#class-map C_FROM_R3
R2(config-cmap)#match access-group name FROM_R3

R2#show class-map C_FROM_R3
Class Map match-all C_FROM_R3 (id 2)
   Match access-group name FROM_R3

Ǹ˥ݥꥷޥåפޤ

R2(config)#policy-map P_FROM_R3
R2(config-pmap)#class C_FROM_R3
R2(config-pmap-c)#set ip precedence ?
  <0-7>           Precedence value
  critical        Set packets with critical precedence (5)
  flash           Set packets with flash precedence (3)
  flash-override  Set packets with flash override precedence (4)
  immediate       Set packets with immediate precedence (2)
  internet        Set packets with internetwork control precedence (6)
  network         Set packets with network control precedence (7)
  priority        Set packets with priority precedence (1)
  routine         Set packets with routine precedence (0)
R2(config-pmap-c)#set ip precedence flash

R2#show policy-map P_FROM_R3
  Policy Map P_FROM_R3
    Class C_FROM_R3
      set ip precedence 3

ݥꥷޥåפR3³줿S1/2ŬѤޤ

R2(config)#interface s1/2
R2(config-if)#service-policy input P_FROM_R3

R2#show policy-map interface s1/2
Serial1/2

  Service-policy input: P_FROM_R3

    Class-map: C_FROM_R3 (match-all)
      0 packets, 0 bytes
      5 minute offered rate 0 bps, drop rate 0 bps
      Match: access-group name FROM_R3
      QoS Set
        precedence 3
          Packets marked 0

    Class-map: class-default (match-any)
      4 packets, 256 bytes
      5 minute offered rate 0 bps, drop rate 0 bps
      Match: any

R3ping¹Ԥޤ顼ȤʤޤR2ΥꥹȤ򸫤R3S1/3(23.23.23.3)ȤäƤ뤳Ȥʬޤ

R2#show ip access-lists FROM_R3
Standard IP access list FROM_R3
    10 permit 17.17.3.3
    20 deny   23.23.23.3 (56 matches)

˥ɥ쥹Lo0(17.17.3.3)ǻꤷƼ¹Ԥ뤳Ȥʬޤ

R3#ping 17.17.1.1 source loopback 0

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 17.17.1.1, timeout is 2 seconds:
Packet sent with a source address of 17.17.3.3
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 12/15/20 ms

R2ǥݥꥷޥåפǧȡѥåȤprecedenceͤꤵ줿Ȥʬޤ

R2#show policy-map interface s1/2
Serial1/2

  Service-policy input: P_FROM_R3

    Class-map: C_FROM_R3 (match-all)
      5 packets, 520 bytes
      5 minute offered rate 0 bps, drop rate 0 bps
      Match: access-group name FROM_R3
      QoS Set
        precedence 3
          Packets marked 5

    Class-map: class-default (match-any)
      108 packets, 7312 bytes
      5 minute offered rate 0 bps, drop rate 0 bps
      Match: any

R1ǥꥹȤǧprecedence flashĤ줿Ȥʬޤ

R1#
Mar 13 08:58:36.659: %SEC-6-IPACCESSLOGDP: list PRECEDENCE permitted icmp 17.17.3.3 -> 17.17.1.1 (0/0), 5 packets
R1#show ip access-lists interface f0/0
Extended IP access list PRECEDENCE in
    10 permit eigrp any any (1410 matches)
    20 permit ip any any precedence flash log (5 matches)
    30 deny ip any any (15 matches)

ƥ:

QoSǤIP Precedence(Type of ServiceƬ3ӥå)DSCP(Type of ServiceƬ6ӥå)ȤޤºݤΥѥåȤꤵƤ뤳Ȥ򡢤ɤΤ褦ˤƳǧФΤǤ礦ǤϥꥹȤѤˡҲޤ

ĥꥹȤѤޤmatchdzprecedenceꤷޤǸlogѤ뤳ȤdzǧѰդˤʤޤǽԤpermitʤȥѥåȤ̲ǤʤʤΤդɬפǤ

R1(config)#ip access-list extended CHECK_PRECEDENCE
R1(config-ext-nacl)#deny ip any any precedence ?
  <0-7>           Precedence value
  critical        Match packets with critical precedence (5)
  flash           Match packets with flash precedence (3)
  flash-override  Match packets with flash override precedence (4)
  immediate       Match packets with immediate precedence (2)
  internet        Match packets with internetwork control precedence (6)
  network         Match packets with network control precedence (7)
  priority        Match packets with priority precedence (1)
  routine         Match packets with routine precedence (0)

R1(config-ext-nacl)#deny ip any any precedence priority ?
  fragments   Check non-initial fragments
  log         Log matches against this entry
  log-input   Log matches against this entry, including input interface
  option      Match packets with given IP Options value
  time-range  Specify a time-range
  tos         Match packets with given TOS value
  ttl         Match packets with given TTL value
  <cr>

R1(config-ext-nacl)#deny ip any any precedence priority log
R1(config-ext-nacl)#deny ip any any precedence immediate log
R1(config-ext-nacl)#permit ip any any
R1(config-ext-nacl)#do show ip access-lists CHECK_PRECEDENCE
Extended IP access list CHECK_PRECEDENCE
    10 deny ip any any precedence priority log
    20 deny ip any any precedence immediate log
    30 permit ip any any
R1(config-ext-nacl)#int f0/0
R1(config-if)#ip access-group CHECK_PRECEDENCE in
R1(config-if)#do sh ip int f0/0 | i Inbound
  Inbound  access list is CHECK_PRECEDENCE

̾pingϤΤޤ޼¹Ԥޤ

R2#ping 12.12.12.1

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 12.12.12.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 8/10/12 ms

ǤϤΥꥹȤTOSͤꤷping¹ԤޤΥѥåȤǤʤȥꥹȤȿʤΤդƤǤܤR2¹Ԥޤ

ޤType of service32ꤷƼ¹Ԥޤ32001Ȥʤ뤿ᡢIP PrecedencepriorityѤޤ

R2#ping
Protocol [ip]:
Target IP address: 12.12.12.1
Repeat count [5]:
Datagram size [100]:
Timeout in seconds [2]:
Extended commands [n]: y
Source address or interface:
Type of service [0]: 32
Set DF bit in IP header? [no]:
Validate reply data? [no]:
Data pattern [0xABCD]:
Loose, Strict, Record, Timestamp, Verbose[none]:
Sweep range of sizes [n]:
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 12.12.12.1, timeout is 2 seconds:
U.U.U
Success rate is 0 percent (0/5)

R1(config-if)#
Mar  7 07:09:54.575: %SEC-6-IPACCESSLOGDP: list CHECK_PRECEDENCE denied icmp 12.12.12.2 -> 12.12.12.1 (0/0), 1 packet
Mar  7 07:15:18.459: %SEC-6-IPACCESSLOGDP: list CHECK_PRECEDENCE denied icmp 12.12.12.2 -> 12.12.12.1 (0/0), 4 packets
R1(config-if)#do show ip access-lists CHECK_PRECEDENCE
Extended IP access list CHECK_PRECEDENCE
    10 deny ip any any precedence priority log (5 matches)
    20 deny ip any any precedence immediate log
    30 permit ip any any (627 matches)

Type of service 64ꤷƼ¹Ԥޤ64010Ȥʤ뤿ᡢIP PrecedenceimmediateѤޤ㤤ʬ䤹뤿ˡԡȲ4ˤƤޤ

R2#ping
Protocol [ip]:
Target IP address: 12.12.12.1
Repeat count [5]: 4
Datagram size [100]:
Timeout in seconds [2]:
Extended commands [n]: y
Source address or interface:
Type of service [0]: 64
Set DF bit in IP header? [no]:
Validate reply data? [no]:
Data pattern [0xABCD]:
Loose, Strict, Record, Timestamp, Verbose[none]:
Sweep range of sizes [n]:
Type escape sequence to abort.
Sending 4, 100-byte ICMP Echos to 12.12.12.1, timeout is 2 seconds:
U.U.
Success rate is 0 percent (0/4)

R1(config-if)#
Mar  7 07:23:18.459: %SEC-6-IPACCESSLOGDP: list CHECK_PRECEDENCE denied icmp 12.12.12.2 -> 12.12.12.1 (0/0), 4 packets
R1(config-if)#do show ip access-lists CHECK_PRECEDENCE
Extended IP access list CHECK_PRECEDENCE
    10 deny ip any any precedence priority log (5 matches)
    20 deny ip any any precedence immediate log (4 matches)
    30 permit ip any any (813 matches)

Ʊ褦ʼǡꥹȤDSCPѤ뤳ȤǽǤ

R1(config-if)# ip access-list extended CHECK_PRECEDENCE
R1(config-ext-nacl)#25 deny ip any any dscp ?
  <0-63>   Differentiated services codepoint value
  af11     Match packets with AF11 dscp (001010)
  af12     Match packets with AF12 dscp (001100)
  af13     Match packets with AF13 dscp (001110)
  af21     Match packets with AF21 dscp (010010)
  af22     Match packets with AF22 dscp (010100)
  af23     Match packets with AF23 dscp (010110)
  af31     Match packets with AF31 dscp (011010)
  af32     Match packets with AF32 dscp (011100)
  af33     Match packets with AF33 dscp (011110)
  af41     Match packets with AF41 dscp (100010)
  af42     Match packets with AF42 dscp (100100)
  af43     Match packets with AF43 dscp (100110)
  cs1      Match packets with CS1(precedence 1) dscp (001000)
  cs2      Match packets with CS2(precedence 2) dscp (010000)
  cs3      Match packets with CS3(precedence 3) dscp (011000)
  cs4      Match packets with CS4(precedence 4) dscp (100000)
  cs5      Match packets with CS5(precedence 5) dscp (101000)
  cs6      Match packets with CS6(precedence 6) dscp (110000)
  cs7      Match packets with CS7(precedence 7) dscp (111000)
  default  Match packets with default dscp (000000)
  ef       Match packets with EF dscp (101110)

R1(config-ext-nacl)#25 deny ip any any dscp af43 log

R2TOS152(100110)pingԡȲ6Ǽ¹Ԥޤ

R1(config-ext-nacl)#
Mar  7 07:30:18.463: %SEC-6-IPACCESSLOGDP: list CHECK_PRECEDENCE denied icmp 12.12.12.2 -> 12.12.12.1 (0/0), 6 packets
R1(config-ext-nacl)#do show ip access-lists CHECK_PRECEDENCE
Extended IP access list CHECK_PRECEDENCE
    10 deny ip any any precedence priority log (5 matches)
    20 deny ip any any precedence immediate log (8 matches)
    25 deny ip any any dscp af43 log (6 matches)
    30 permit ip any any (1077 matches)

ƥ:

3ĤΥ󥿡եIPɥ쥹ꤷޤǤϤƥޥͤ/24ʳꤷޤ

interface Serial1/0
ip address 192.168.3.1 255.255.255.128
!
interface Serial1/1
ip address 192.168.33.1 255.255.255.192
!
interface Serial1/2
ip address 192.168.133.1 255.255.255.224

IPɥ쥹ꤷǧޤshow ip interface briefǤϥޥͤɽޤ

R3#show ip interface brief
Interface                  IP-Address      OK? Method Status                Protocol
Serial1/0                  192.168.3.1     YES manual up                    down
Serial1/1                  192.168.33.1    YES manual up                    down
Serial1/2                  192.168.133.1   YES manual up                    down

IPɥ쥹ꤷˤ⤫餺̿ʤ硢ޥͤտޤΤˤʤäƤʤ礬ޤޤޤޥͤγǧshow ip interfaceѤޤ

R3#show ip interface
Serial1/0 is up, line protocol is down
  Internet address is 192.168.3.1/25
  Broadcast address is 255.255.255.255
ά

Τޤ޼¹ԤȾ嵭ͤˡפʾޤ̤ɽޤinclude|Ѥ뤳ȤǡɬפʹԤΤߤȴФȤǽǤ

R3#show ip interface | include is up|Internet address
Serial1/0 is up, line protocol is down
  Internet address is 192.168.3.1/25
Serial1/1 is up, line protocol is down
  Internet address is 192.168.33.1/26
Serial1/2 is up, line protocol is down
  Internet address is 192.168.133.1/27

ޤBGPγؽʤɡIPɥ쥹ꤹɬפsecondary addressǤĤΥ󥿡եʣIPɥ쥹ꤹ뤳ȤǽǤ

R2(config)#interface loopback 200
R2(config-if)#ip address 192.168.0.2 255.255.255.0
R2(config-if)#ip address 192.168.1.2 255.255.255.0 ?
  secondary  Make this IP address a secondary address
R2(config-if)#ip address 192.168.1.2 255.255.255.0 secondary
R2(config-if)#ip address 192.168.2.2 255.255.255.0 secondary
R2(config-if)#ip address 192.168.3.2 255.255.255.0 secondary

R2#show running-config interface loopback 200
Building configuration...

Current configuration : 211 bytes
!
interface Loopback200
ip address 192.168.1.2 255.255.255.0 secondary
ip address 192.168.2.2 255.255.255.0 secondary
ip address 192.168.3.2 255.255.255.0 secondary
ip address 192.168.0.2 255.255.255.0

γǧˤshow ip interfaceѤޤincludeȤȤǸ䤹ˤƤޤ

R2#show ip interface loopback 200 | include Internet|Secondary
  Internet address is 192.168.0.2/24
  Secondary address 192.168.1.2/24
  Secondary address 192.168.2.2/24
  Secondary address 192.168.3.2/24

ΤޤBGPѽ뤳Ȥʬޤ

R2(config)#router bgp 200
R2(config-router)#network 192.168.0.0 mask 255.255.255.0
R2(config-router)#network 192.168.1.0 mask 255.255.255.0
R2(config-router)#network 192.168.2.0 mask 255.255.255.0
R2(config-router)#network 192.168.3.0 mask 255.255.255.0

R2#show ip bgp
BGP table version is 5, local router ID is 17.17.2.2
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
              r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete

   Network          Next Hop            Metric LocPrf Weight Path
*> 192.168.0.0      0.0.0.0                  0         32768 i
*> 192.168.1.0      0.0.0.0                  0         32768 i
*> 192.168.2.0      0.0.0.0                  0         32768 i
*> 192.168.3.0      0.0.0.0                  0         32768 i

ΥڡΥȥåץ

Ф