Protegido: lab1SW1
<SW1>display saved-configuration
!Software Version V200R003C00SPC300
#
sysname SW1
#
router id 10.20.1.1
#
vlan batch 10 15 24 30 35 255
#
stp instance 1 root primary
stp instance 2 root secondary
stp bpdu-protection
#
domain default_admin
#
time-range work 23:00 to 00:00 working-day
time-range work 00:00 to 07:00 working-day
#
stp region-configuration
region-name HW
revision-level 1
instance 1 vlan 10 15 24
instance 2 vlan 30 35 255
active region-configuration
#
acl number 2001
rule 5 permit source 10.20.10.100 0
rule 10 deny source 10.20.10.0 0.0.0.255 time-range work
#
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password cipher %@%@5d~9:M^ipCfL\iB)EQd>3Uwe%@%@
local-user admin service-type http
#
interface Vlanif1
#
interface Vlanif10
ip address 10.20.10.11 255.255.255.0
#
interface Vlanif30
ip address 10.20.30.11 255.255.255.0
#
interface MEth0/0/1
#
interface Eth-Trunk1
port link-type trunk
mode lacp
#
interface GigabitEthernet0/0/1
undo port hybrid vlan 1
#
interface GigabitEthernet0/0/2
port link-type access
port default vlan 255
#
interface GigabitEthernet0/0/3
undo port hybrid vlan 1
#
interface GigabitEthernet0/0/4
undo port hybrid vlan 1
#
interface GigabitEthernet0/0/5
undo port hybrid vlan 1
#
interface GigabitEthernet0/0/6
undo port hybrid vlan 1
#
interface GigabitEthernet0/0/7
undo port hybrid vlan 1
#
interface GigabitEthernet0/0/8
undo port hybrid vlan 1
#
interface GigabitEthernet0/0/9
undo port hybrid vlan 1
#
interface GigabitEthernet0/0/10
port link-type access
port default vlan 10
stp edged-port enable
#
interface GigabitEthernet0/0/11
undo port hybrid vlan 1
#
interface GigabitEthernet0/0/12
undo port hybrid vlan 1
#
interface GigabitEthernet0/0/13
eth-trunk 1
#
interface GigabitEthernet0/0/14
eth-trunk 1
#
interface GigabitEthernet0/0/15
eth-trunk 1
#
interface GigabitEthernet0/0/16
port link-type trunk
port trunk allow-pass vlan 2 4094
#
interface GigabitEthernet0/0/17
undo port hybrid vlan 1
#
interface GigabitEthernet0/0/18
undo port hybrid vlan 1
#
interface GigabitEthernet0/0/19
port link-type trunk
port trunk allow-pass vlan 2 4094
stp disable
smart-link flush receive control-vlan 10
#
interface GigabitEthernet0/0/20
undo port hybrid vlan 1
#
interface GigabitEthernet0/0/21
undo port hybrid vlan 1
#
interface GigabitEthernet0/0/22
undo port hybrid vlan 1
#
interface GigabitEthernet0/0/23
port link-type access
port default vlan 10
traffic-filter inbound acl 2001
#
interface GigabitEthernet0/0/24
undo port hybrid vlan 1
#
interface NULL0
#
ospf 20 router-id 10.20.1.1
import-route direct route-policy ACCEPTROUTES
area 0.0.0.34
network 10.20.30.11 0.0.0.0
nssa
#
route-policy ACCEPTROUTES permit node 10
if-match interface Vlanif10
#
user-interface con 0
authentication-mode password
set authentication password cipher %@%@^1}}(.ERKV\-VJVxy@c2,,7Gi,Y[SQwxIM'KptWQl0\+,7J,%@%@
idle-timeout 0 0
screen-length 0
user-interface vty 0 4
user-interface vty 16 20
SW2
sysname SW2
#
vlan batch 10 15 24 30 35 255
#
stp instance 1 root secondary
stp instance 2 root primary
#
domain default_admin
#
igmp-snooping enable
#
dhcp enable
#
dhcp snooping enable
#
stp region-configuration
region-name HW
revision-level 1
instance 1 vlan 10 15 24
instance 2 vlan 30 35 255
active region-configuration
#
acl number 3001
rule 5 permit udp destination-port eq 6000
rule 10 permit tcp source 10.20.24.0 0.0.0.255
#
vlan 24
igmp-snooping enable
dhcp snooping enable
dhcp snooping trusted interface GigabitEthernet0/0/4
#
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password cipher %@%@5d~9:M^ipCfL\iB)EQd>3Uwe%@%@
local-user admin service-type http
#
interface Vlanif1
#
interface MEth0/0/1
#
interface Eth-Trunk1
port link-type trunk
mode lacp
lacp preempt enable
max active-linknumber 2
lacp preempt delay 10
#
interface GigabitEthernet0/0/1
port link-type access
port default vlan 15
#
interface GigabitEthernet0/0/2
port link-type access
port default vlan 24
qos lr inbound cir 20000 cbs 2500000
storm-control multicast min-rate 1000 max-rate 2000
storm-control interval 60
storm-control action block
storm-control enable log
#
interface GigabitEthernet0/0/3
port link-type access
port default vlan 24
#
interface GigabitEthernet0/0/4
port link-type access
port default vlan 24
qos lr inbound cir 18000 cbs 2250000
#
interface GigabitEthernet0/0/5
undo port hybrid vlan 1
#
interface GigabitEthernet0/0/6
undo port hybrid vlan 1
#
interface GigabitEthernet0/0/7
undo port hybrid vlan 1
#
interface GigabitEthernet0/0/8
undo port hybrid vlan 1
#
interface GigabitEthernet0/0/9
undo port hybrid vlan 1
#
interface GigabitEthernet0/0/10
undo port hybrid vlan 1
traffic-remark inbound acl 3001 rule 10 dscp af11
#
interface GigabitEthernet0/0/11
undo port hybrid vlan 1
#
interface GigabitEthernet0/0/12
undo port hybrid vlan 1
#
interface GigabitEthernet0/0/13
eth-trunk 1
lacp priority 40000
#
interface GigabitEthernet0/0/14
eth-trunk 1
#
interface GigabitEthernet0/0/15
eth-trunk 1
#
interface GigabitEthernet0/0/16
port link-type trunk
port trunk allow-pass vlan 2 4094
#
interface GigabitEthernet0/0/17
undo port hybrid vlan 1
#
interface GigabitEthernet0/0/18
undo port hybrid vlan 1
#
interface GigabitEthernet0/0/19
port link-type trunk
port trunk allow-pass vlan 2 4094
stp disable
smart-link flush receive control-vlan 10
#
interface GigabitEthernet0/0/20
undo port hybrid vlan 1
#
interface GigabitEthernet0/0/21
undo port hybrid vlan 1
#
interface GigabitEthernet0/0/22
undo port hybrid vlan 1
#
interface GigabitEthernet0/0/23
undo port hybrid vlan 1
#
interface GigabitEthernet0/0/24
undo port hybrid vlan 1
#
interface NULL0
#
user-interface con 0
authentication-mode password
set authentication password cipher %@%@Yv#c#y\]+)JF3hB2|_f5,,3*-Me&O(I>SA_u,uLA9M>!,3-,%@%@
idle-timeout 0 0
user-interface vty 0 4
screen-length 0
user-interface vty 16 20
SW3
sysname SW3
#
router id 10.20.13.13
#
vlan batch 10 15 24 30 35 255
#
undo http server enable
#
drop illegal-mac alarm
#
stp region-configuration
region-name HW
revision-level 1
instance 1 vlan 10 15 24
instance 2 vlan 30 35 255
active region-configuration
#
bfd
#
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password cipher %$%$/)ht,:(&34$A10"s;LF8FQH~%$%$
local-user admin service-type http
#
ntp-service authentication enable
ntp-service authentication-keyid 20 authentication-mode md5 cipher %$%$#Vu$"%N42~`qNIEs-EWFII@7%$%$
ntp-service reliable authentication-keyid 20
#
interface Vlanif15
ip address 10.20.15.13 255.255.255.0
ntp-service broadcast-client
#
interface Ethernet0/0/1
undo port hybrid vlan 1
#
interface Ethernet0/0/2
undo port hybrid vlan 1
#
interface Ethernet0/0/3
port link-type access
port default vlan 35
#
interface Ethernet0/0/4
undo port hybrid vlan 1
#
interface Ethernet0/0/5
port link-type access
port default vlan 35
#
interface Ethernet0/0/6
undo port hybrid vlan 1
#
interface Ethernet0/0/7
undo port hybrid vlan 1
#
interface Ethernet0/0/8
undo port hybrid vlan 1
#
interface Ethernet0/0/9
undo port hybrid vlan 1
#
interface Ethernet0/0/10
undo port hybrid vlan 1
#
interface Ethernet0/0/11
undo port hybrid vlan 1
#
interface Ethernet0/0/12
undo port hybrid vlan 1
#
interface Ethernet0/0/13
port link-type trunk
port trunk allow-pass vlan 2 4094
#
interface Ethernet0/0/14
undo port hybrid vlan 1
#
interface Ethernet0/0/15
undo port hybrid vlan 1
#
interface Ethernet0/0/16
port link-type trunk
port trunk allow-pass vlan 2 4094
#
interface Ethernet0/0/17
undo port hybrid vlan 1
#
interface Ethernet0/0/18
undo port hybrid vlan 1
#
interface Ethernet0/0/19
undo port hybrid vlan 1
#
interface Ethernet0/0/20
undo port hybrid vlan 1
#
interface Ethernet0/0/21
undo port hybrid vlan 1
#
interface Ethernet0/0/22
undo port hybrid vlan 1
#
interface Ethernet0/0/23
port link-type access
port default vlan 15
#
interface Ethernet0/0/24
port link-type access
port default vlan 255
#
interface GigabitEthernet0/0/1
undo port hybrid vlan 1
#
interface GigabitEthernet0/0/2
undo port hybrid vlan 1
#
interface GigabitEthernet0/0/3
undo port hybrid vlan 1
#
interface GigabitEthernet0/0/4
undo port hybrid vlan 1
#
interface NULL0
#
bgp 10
router-id 10.20.13.13
peer 10.20.15.1 as-number 10
peer 10.20.15.1 bfd min-tx-interval 300 min-rx-interval 300
peer 10.20.15.1 bfd enable
#
ipv4-family unicast
undo synchronization
peer 10.20.15.1 enable
#
ospf 20 router-id 10.20.13.13
area 0.0.0.15
network 10.20.15.13 0.0.0.0
#
user-interface con 0
authentication-mode password
set authentication password cipher %$%$~DmY$;(*=&_$C}!@ViT%,=4+EIeKGo[Y0H[I=u90rmAN,C:5%$%$
idle-timeout 0 0
screen-length 0
user-interface vty 0 4
SW4
sysname SW4
#
vlan batch 10 15 24 30 35 255
#
undo http server enable
#
drop illegal-mac alarm
#
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password cipher %$%$2umg)BAu;2my+)2pIqnNWQH~%$%$
local-user admin service-type http
#
interface Ethernet0/0/1
undo port hybrid vlan 1
#
interface Ethernet0/0/2
undo port hybrid vlan 1
#
interface Ethernet0/0/3
undo port hybrid vlan 1
#
interface Ethernet0/0/4
undo port hybrid vlan 1
#
interface Ethernet0/0/5
port link-type access
port default vlan 15
#
interface Ethernet0/0/6
undo port hybrid vlan 1
#
interface Ethernet0/0/7
undo port hybrid vlan 1
#
interface Ethernet0/0/8
undo port hybrid vlan 1
#
interface Ethernet0/0/9
undo port hybrid vlan 1
#
interface Ethernet0/0/10
undo port hybrid vlan 1
#
interface Ethernet0/0/11
undo pot hybrid vlan 1
#
interface Ethernet0/0/12
undo port hybrid vlan 1
#
interface Ethernet0/0/13
port link-type trunk
port trunk allow-pass vlan 2 4094
stp disable
#
interface Ethernet0/0/14
undo port hybrid vlan 1
#
interface Ethernet0/0/15
undo port hybrid vlan 1
#
interface Ethernet0/0/16
port link-type trunk
port trunk allow-pass vlan 2 4094
stp disable
#
interface Ethernet0/0/17
undo port hybrid vlan 1
#
interface Ethernet0/0/18
undo port hybrid vlan 1
#
interface Ethernet0/0/19
undo port hybrid vlan 1
#
interface Ethernet0/0/20
undo port hybrid vlan 1
#
interface Ethernet0/0/21
undo port hybrid vlan 1
#
interface Ethernet0/0/22
undo port hybrid vlan 1
#
interface Ethernet0/0/23
undo port hybrid vlan 1
#
interface Ethernet0/0/24
undo port hybrid vlan 1
#
interface GigabitEthernet0/0/1
undo port hybrid vlan 1
#
interface GigabitEthernet0/0/2
undo port hybrid vlan 1
#
interface GigabitEthernet0/0/3
undo port hybrid vlan 1
#
interface GigabitEthernet0/0/4
undo port hybrid vlan 1
#
interface NULL0
#
smart-link group 1
restore enable
smart-link enable
port Ethernet0/0/13 master
port Ethernet0/0/16 slave
timer wtr 30
flush send control-vlan 10
#
user-interface con 0
authentication-mode password
set authentication password cipher %$%$v>iPG{j';9.vS`,A"3Y',{ri%`X6V{SqO.&Zs[;e\82F,$xs%$%$
idle-timeout 0 0
screen-length 0
user-interface vty 0 4
R1
sysname R1
#
board add 0/1 2SA
board add 0/2 2SA
board add 0/3 2SA
#
snmp-agent local-engineid 800007DB03105172F26541
snmp-agent
#
http timeout 3
#
drop illegal-mac alarm
#
router id 10.20.1.1
#
multicast routing-enable
#
bfd
#
pki realm default
enrollment self-signed
#
#
acl number 3001
rule 5 deny tcp destination-port eq 135
rule 10 deny tcp destination-port eq 139
rule 15 deny udp destination-port eq 445
#
aaa
authentication-scheme default
authentication-scheme chap
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
domain pppchap
authentication-scheme chap
local-user admin password cipher %$%$O5qd'E_89<Jdd(N@,A%EFI3W%$%$
local-user admin service-type http
local-user hwssh password cipher %$%$Ja[u%qzN@"G>iSS*_ZY#Iq*m%$%$
local-user hwssh privilege level 3
local-user hwssh service-type ssh
local-user chapuser password cipher %$%$H8}bS37Q"8GjmhN`kBYXH`Vt%$%$
local-user chapuser service-type ppp
#
isis 20
is-level level-2
cost-style wide
network-entity 49.0012.0000.0000.0001.00
import-route ospf 20
#
firewall zone Local
priority 64
#
interface Serial1/0/0
link-protocol fr
undo fr inarp
fr dlci 104
fr dlci 105
fr map ip 10.20.145.4 104 broadcast
fr map ip 10.20.145.5 105 broadcast
ip address 10.20.145.1 255.255.255.0
pim sm
#
interface Serial1/0/1
link-protocol ppp
#
interface Serial2/0/0
link-protocol ppp
ppp authentication-mode chap domain pppchap
ppp pap local-user papuser password cipher %$%$Pb>=Z>f-J&\@a6VOAOE-,Fgy%$%$
ip address 10.20.12.1 255.255.255.0
isis enable 20
isis ppp-negotiation 3-way only
pim sm
#
interface Serial2/0/1
link-protocol ppp
#
interface Serial3/0/0
link-protocol ppp
ip address 157.68.1.1 255.255.255.0
#
interface Serial3/0/1
link-protocol ppp
#
interface GigabitEthernet0/0/0
#
interface GigabitEthernet0/0/1
ip address 10.20.15.1 255.255.255.0
vrrp vrid 125 virtual-ip 10.20.15.254
vrrp vrid 125 priority 115
vrrp vrid 125 preempt-mode timer delay 20
vrrp vrid 125 track interface Serial2/0/0
vrrp vrid 125 track interface Serial3/0/0
vrrp vrid 125 authentication-mode md5 %$%$Wmc"6w\gT$-q*j7nOC2$Ivr|%$%$
pim hello-option dr-priority 50000
pim sm
ospf cost 1600
ntp-service broadcast-server authentication-keyid 20
#
interface GigabitEthernet0/0/2
#
interface Cellular0/0/0
link-protocol ppp
#
interface Cellular0/0/1
link-protocol ppp
#
interface NULL0
#
interface LoopBack0
ip address 10.20.1.1 255.255.255.255
#
bgp 10
router-id 10.20.1.1
peer 10.20.12.2 as-number 20
peer 10.20.15.13 as-number 10
peer 10.20.15.13 bfd min-tx-interval 300 min-rx-interval 300
peer 10.20.15.13 bfd enable
peer 157.68.1.254 as-number 100
#
ipv4-family unicast
undo synchronization
aggregate 10.20.0.0 255.255.0.0 as-set detail-suppressed
peer 10.20.12.2 enable
peer 10.20.12.2 route-policy R2SOURCE import
peer 10.20.15.13 enable
peer 157.68.1.254 enable
peer 157.68.1.254 route-policy ROUTEIMPORT import
#
ospf 20 router-id 10.20.1.1
import-route isis 20
peer 10.20.145.4
peer 10.20.145.5
preference route-policy ISIS2OSPF 10
area 0.0.0.0
authentication-mode md5 20 cipher %$%$:y,nP%V4^I8bf[U|)P=FHjXJ%$%$
network 10.20.1.1 0.0.0.0
network 10.20.145.1 0.0.0.0
network 157.68.1.1 0.0.0.0
area 0.0.0.15
network 10.20.15.1 0.0.0.0
#
route-policy ROUTEIMPORT permit node 10
apply as-path 254 254 254 254 additive
#
route-policy R2SOURCE permit node 10
if-match ip-prefix NETWORK40
#
route-policy R2SOURCE permit node 20
apply ip-address next-hop 10.20.56.6
#
ssh server rekey-interval 2
undo ssh server compatible-ssh1x enable
stelnet server enable
#
ip ip-prefix NETWORK40 index 10 permit 10.20.40.0 24
#
user-interface con 0
authentication-mode password
set authentication password cipher %$%$#J_i!.o'TOmN}_~CJisR,"`Pn"g`&nrxt37bet(E#N\U"`S,%$%$
idle-timeout 0 0
screen-length 0
user-interface vty 0
user-interface vty 1
authentication-mode aaa
protocol inbound ssh
user-interface vty 2 4
#
wlan ac
#
ntp-service authentication enable
ntp-service authentication-keyid 20 authentication-mode md5 %$%$E~t`(h7efE&(0J4U~'{:,.2a%$%$
ntp-service reliable authentication-keyid 20
ntp-service refclock-master 3
#
voice
#
diagnose
R2
sysname R2
#
board add 0/1 2SA
board add 0/2 2SA
board add 0/3 2SA
#
snmp-agent local-engineid 800007DB03105172F20F5B
snmp-agent
#
http timeout 3
#
drop illegal-mac alarm
#
router id 10.20.2.2
#
multicast routing-enable
#
pki realm default
enrollment self-signed
#
#
acl number 2001
rule 5 permit source 0.0.0.0 252.255.255.255
#
drop-profile DROPPING
wred dscp
dscp af11 low-limit 20 high-limit 95 discard-percentage 30
#
traffic classifier llq operator or
if-match dscp ef
traffic classifier af operator or
if-match dscp af11
#
traffic behavior llq
queue llq bandwidth pct 30
traffic behavior af
queue af bandwidth pct 40
drop-profile DROPPING
#
traffic policy RULEIF
classifier llq behavior llq
classifier af behavior af
#
aaa
authentication-scheme default
authentication-scheme pap
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
domain ppppap
authentication-scheme pap
local-user admin password cipher %$%$2fvQ7X|I#@\j,b-/O0(8F"&i%$%$
local-user admin service-type http
local-user papuser password cipher %$%$;9+:TUDP|Y=J[_-Rxjn>H@Gp%$%$
local-user papuser service-type ppp
#
isis 20
is-level level-2
cost-style wide
network-entity 49.0012.0000.0000.0002.00
import-route direct route-policy ISISACCEPT
#
firewall zone Local
priority 64
#
interface Serial1/0/0
link-protocol ppp
#
interface Serial1/0/1
link-protocol ppp
#
interface Serial2/0/0
link-protocol ppp
ppp authentication-mode pap domain ppppap
ppp chap user chapuser
ppp chap password cipher %$%$8&ayR'C:29wvE@:;9^$.,Er@%$%$
ip address 10.20.12.2 255.255.255.0
isis enable 20
isis ppp-negotiation 3-way only
pim sm
#
interface Serial2/0/1
link-protocol ppp
#
interface Serial3/0/0
link-protocol ppp
#
interface Serial3/0/1
link-protocol ppp
#
interface GigabitEthernet0/0/0
ip address 157.68.3.1 255.255.255.0
traffic-policy RULEIF outbound
#
interface GigabitEthernet0/0/1
ip address 10.20.24.2 255.255.255.0
isis enable 20
isis circuit-type p2p
isis ppp-negotiation 3-way only
pim sm
#
interface GigabitEthernet0/0/2
#
interface Cellular0/0/0
link-protocol ppp
#
interface Cellular0/0/1
link-protocol ppp
#
interface NULL0
#
interface LoopBack0
ip address 10.20.2.2 255.255.255.255
isis enable 20
pim sm
#
bgp 20
router-id 10.20.2.2
peer 10.20.12.1 as-number 10
peer 10.20.24.4 as-number 345
#
ipv4-family unicast
undo synchronization
peer 10.20.12.1 enable
peer 10.20.24.4 enable
#
route-policy ISISACCEPT permit node 2
if-match interface GigabitEthernet0/0/0
#
pim
c-rp LoopBack0 group-policy 2001
#
user-interface con 0
authentication-mode password
set authentication password cipher %$%$~=rVWQyR"WN3"bW[!LXI,"a:g/oK!]t^8T5z~0@b2{{4"a=,%$%$
idle-timeout 0 0
screen-length 0
user-interface vty 0 4
#
wlan ac
#
voice
#
diagnose
R3
sysname R3
#
board add 0/1 2SA
board add 0/2 2SA
board add 0/3 2SA
#
snmp-agent local-engineid 800007DB03105172F264F5
snmp-agent
#
http timeout 3
#
drop illegal-mac alarm
#
router id 10.20.3.3
#
multicast routing-enable
#
pki realm default
enrollment self-signed
#
#
acl number 2001
rule 5 permit source 0.0.0.0 248.255.255.255
#
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password cipher %$%$=P`%V3}t0D7d>v"<Xsj2FTM&%$%$
local-user admin service-type http
#
firewall zone Local
priority 64
#
interface Serial1/0/0
link-protocol ppp
#
interface Serial1/0/1
link-protocol ppp
#
interface Serial2/0/0
link-protocol ppp
#
interface Serial2/0/1
link-protocol ppp
#
interface Serial3/0/0
link-protocol ppp
ip address 10.20.34.3 255.255.255.0
pim sm
#
interface Serial3/0/1
link-protocol ppp
#
interface GigabitEthernet0/0/0
ip address 10.20.30.3 255.255.255.0
ip netstream sampler fix-packets 200 inbound
ip netstream inbound
#
interface GigabitEthernet0/0/1
ip address 10.20.35.3 255.255.255.0
pim sm
#
interface GigabitEthernet0/0/2
#
interface Cellular0/0/0
link-protocol ppp
#
interface Cellular0/0/1
link-protocol ppp
#
interface NULL0
#
interface LoopBack0
ip address 10.20.3.3 255.255.255.255
pim sm
#
bgp 345
router-id 10.20.3.3
peer 10.20.4.4 as-number 345
peer 10.20.4.4 connect-interface LoopBack0
peer 10.20.5.5 as-number 345
peer 10.20.5.5 connect-interface LoopBack0
#
ipv4-family unicast
undo synchronization
peer 10.20.4.4 enable
peer 10.20.4.4 reflect-client
peer 10.20.4.4 advertise-community
peer 10.20.5.5 enable
peer 10.20.5.5 reflect-client
#
ospf 20 router-id 10.20.3.3
area 0.0.0.34
network 10.20.30.3 0.0.0.0
network 10.20.34.3 0.0.0.0
nssa no-import-route
area 0.0.0.35
network 10.20.3.3 0.0.0.0
network 10.20.35.3 0.0.0.0
#
pim
c-rp LoopBack0 group-policy 2001
#
ip netstream aggregation destination-prefix
enable
export version 9
ip netstream export source 10.20.3.3
ip netstream export host 10.20.10.30 6000
#
user-interface con 0
authentication-mode password
set authentication password cipher %$%$*kf}P]~1s,E1f*@|iiLD,"b$Y^|I!1.7!<+YnTMfJFUU"b',%$%$
idle-timeout 0 0
screen-length 0
user-interface vty 0 4
#
wlan ac
#
voice
#
diagnose
R4
sysname R4
#
board add 0/1 2SA
board add 0/2 2SA
board add 0/3 2SA
#
snmp-agent local-engineid 800007DB03105172F26559
snmp-agent
#
http timeout 3
#
drop illegal-mac alarm
#
router id 10.20.4.4
#
multicast routing-enable
#
dhcp enable
#
undo dhcp server bootp
#
pki realm default
enrollment self-signed
#
#
qos map-table dscp-dscp
input 27 output 7
#
ip pool pool_24
gateway-list 10.20.24.254
network 10.20.24.0 mask 255.255.255.0
excluded-ip-address 10.20.24.1 10.20.24.20
lease day 2 hour 0 minute 0
dns-list 10.20.30.30
#
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password cipher %$%$sr^J&|sNJB3./2Uw&q>PF\GW%$%$
local-user admin service-type http
#
isis 20
is-level level-2
cost-style wide
network-entity 49.0004.0000.0000.0004.00
import-route ospf 20
#
firewall zone Local
priority 64
#
interface Serial1/0/0
link-protocol fr
undo fr inarp
fr dlci 401
fr map ip 10.20.145.1 401 broadcast
fr map ip 10.20.145.5 401 broadcast
ip address 10.20.145.4 255.255.255.0
pim sm
#
interface Serial1/0/1
link-protocol ppp
#
interface Serial2/0/0
link-protocol ppp
ip address 10.20.34.4 255.255.255.0
pim sm
#
interface Serial2/0/1
link-protocol ppp
#
interface Serial3/0/0
link-protocol ppp
#
interface Serial3/0/1
link-protocol ppp
#
interface GigabitEthernet0/0/0
ip address 10.20.24.4 255.255.255.0
isis enable 20
isis circuit-type p2p
isis ppp-negotiation 3-way only
trust dscp override
pim sm
dhcp select global
#
interface GigabitEthernet0/0/1
ip address 10.20.40.4 255.255.255.0
#
interface GigabitEthernet0/0/2
#
interface Cellular0/0/0
link-protocol ppp
#
interface Cellular0/0/1
link-protocol ppp
#
interface NULL0
#
interface LoopBack0
ip address 10.20.4.4 255.255.255.255
pim sm
#
bgp 345
router-id 10.20.4.4
peer 10.20.3.3 as-number 345
peer 10.20.3.3 connect-interface LoopBack0
peer 10.20.24.2 as-number 20
#
ipv4-family unicast
undo synchronization
network 10.20.40.0 255.255.255.0
peer 10.20.3.3 enable
peer 10.20.24.2 enable
#
ospf 20 router-id 10.20.4.4
import-route isis 20
peer 10.20.145.1
area 0.0.0.0
authentication-mode md5 20 cipher %$%$,~d;$h\)(-<I"w'Yg6j5H"DL%$%$
network 10.20.4.4 0.0.0.0
network 10.20.145.4 0.0.0.0
area 0.0.0.34
network 10.20.34.4 0.0.0.0
nssa no-import-route
#
pim
c-bsr LoopBack0
#
user-interface con 0
authentication-mode password
set authentication password cipher %$%$$mN:%A`GIGne_<MxeIi2,"`4`;[EHS)}01v-ksD37N!<"`7,%$%$
idle-timeout 0 0
screen-length 0
user-interface vty 0 4
#
wlan ac
#
voice
#
diagnose
R5
sysname R5
#
board add 0/1 2SA
board add 0/2 2SA
board add 0/3 2SA
#
snmp-agent local-engineid 800007DB03105172F2311D
snmp-agent
#
http timeout 3
#
drop illegal-mac alarm
#
router id 10.20.5.5
#
multicast routing-enable
#
undo anti-attack abnormal enable
undo anti-attack fragment enable
undo anti-attack icmp-flood enable
#
pki realm default
enrollment self-signed
#
#
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password cipher %$%$id]+U)ly$Fb;Te-ief=WFI/v%$%$
local-user admin service-type http
#
firewall zone Local
priority 64
#
interface Serial1/0/0
link-protocol fr
undo fr inarp
fr dlci 501
fr map ip 10.20.145.1 501 broadcast
fr map ip 10.20.145.4 501 broadcast
ip address 10.20.145.5 255.255.255.0
pim sm
#
interface Serial1/0/1
link-protocol ppp
#
interface Serial2/0/0
link-protocol ppp
#
interface Serial2/0/1
link-protocol ppp
#
interface Serial3/0/0
link-protocol ppp
ip address 10.20.56.5 255.255.255.0
#
interface Serial3/0/1
link-protocol ppp
#
interface GigabitEthernet0/0/0
ip address 10.20.35.5 255.255.255.0
pim sm
igmp enable
igmp static-group 238.10.10.10
#
interface GigabitEthernet0/0/1
ip address 10.20.15.5 255.255.255.0
pim sm
ospf cost 1600
ntp-service broadcast-client
#
interface GigabitEthernet0/0/2
#
interface Cellular0/0/0
link-protocol ppp
#
interface Cellular0/0/1
link-protocol ppp
#
interface NULL0
#
interface LoopBack0
ip address 10.20.5.5 255.255.255.255
#
bgp 345
router-id 10.20.5.5
peer 10.1.56.6 as-number 60
peer 10.20.3.3 as-number 345
peer 10.20.3.3 connect-interface LoopBack0
#
ipv4-family unicast
undo synchronization
peer 10.1.56.6 enable
peer 10.20.3.3 enable
peer 10.20.3.3 advertise-community
#
ospf 20 router-id 10.20.5.5
peer 10.20.145.1
area 0.0.0.0
authentication-mode md5 20 cipher %$%$yS/R:~6l]K%Mkw:kSa>DHro6%$%$
network 10.20.5.5 0.0.0.0
network 10.20.145.5 0.0.0.0
area 0.0.0.15
network 10.20.15.5 0.0.0.0
area 0.0.0.35
network 10.20.35.5 0.0.0.0
area 0.0.0.56
network 10.20.56.5 0.0.0.0
#
route-policy SOURCE permit node 10
if-match community-filter 1
#
route-policy RESTRICT permit node 10
apply community no-export additive
#
pim
#
ip community-filter 20 permit 1:254
#
ip rpf-route-static 10.20.2.2 32 10.20.145.1
ip rpf-route-static 10.20.4.4 32 10.20.145.1
#
user-interface con 0
authentication-mode password
set authentication password cipher %$%$j%ffBBU.q8X-H4*0Rcl7,"`>%Dkh.!X\Z$4:n4=)-RzK"`A,%$%$
idle-timeout 0 0
screen-length 0
user-interface vty 0 4
#
wlan ac
#
ntp-service authentication-keyid 20 authentication-mode md5 %$%$E~t`(h7efE&(0J4U~'{:,.2a%$%$
ntp-service reliable authentication-keyid 20
#
voice
#
diagnose
R6
sysname R6
#
board add 0/1 2SA
board add 0/2 2SA
board add 0/3 2SA
#
snmp-agent local-engineid 800007DB03105172F20F23
snmp-agent
#
http timeout 3
#
drop illegal-mac alarm
#
router id 10.20.6.6
#
pki realm default
enrollment self-signed
#
#
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password cipher %$%$KGsIW!@4K'`O3O-Oskd*FU;A%$%$
local-user admin service-type http
#
firewall zone Local
priority 64
#
interface Serial1/0/0
link-protocol ppp
#
interface Serial1/0/1
link-protocol ppp
#
interface Serial2/0/0
link-protocol ppp
ip address 10.20.56.6 255.255.255.0
#
interface Serial2/0/1
link-protocol ppp
#
interface Serial3/0/0
link-protocol ppp
ip address 157.68.2.1 255.255.255.0
rip summary-address 10.20.0.0 255.255.0.0
#
interface Serial3/0/1
link-protocol ppp
#
interface GigabitEthernet0/0/0
#
interface GigabitEthernet0/0/1
#
interface GigabitEthernet0/0/2
#
interface Cellular0/0/0
link-protocol ppp
#
interface Cellular0/0/1
link-protocol ppp
#
interface NULL0
#
interface LoopBack0
ip address 10.20.6.6 255.255.255.255
#
bgp 60
router-id 10.20.6.6
peer 10.20.56.5 as-number 345
peer 157.68.2.254 as-number 254
#
ipv4-family unicast
undo synchronization
peer 10.20.56.5 enable
peer 10.20.56.5 advertise-community
peer 157.68.2.254 enable
#
ospf 20 router-id 10.20.6.6
import-route rip 1 cost 100 tag 100
area 0.0.0.56
network 10.20.6.6 0.0.0.0
network 10.20.56.6 0.0.0.0
#
rip 1
version 2
peer 157.68.2.254
network 157.68.0.0
undo verify-source
filter-policy ip-prefix R6-BB2 import Serial3/0/0
filter-policy ip-prefix OSPF2RIP export Serial3/0/0
import-route ospf 20
#
ip ip-prefix R6-BB2 index 10 permit 171.10.0.0 22 greater-equal 22 less-equal 24
ip ip-prefix OSPF2RIP index 10 permit 10.20.0.0 16
#
user-interface con 0
authentication-mode password
set authentication password cipher %$%$a.*xEh-ln.esM"PUX#Y+,"a$D\"XC3Xd|~9Tr6"[^XOX"a',%$%$
idle-timeout 0 0
screen-length 0
user-interface vty 0 4
#
wlan ac
#
voice
#
diagnose
Protegido: lab2 – MPLSSW1
<SW1>dis saved-config
!Software Version V200R003C00SPC300
#
sysname SW1
#
router id 10.1.113.11
#
vlan batch 35 110 113 135 222 224 255
#
stp instance 10 root primary
stp instance 20 root secondary
#
undo http server enable
undo http secure-server enable
#
drop illegal-mac alarm
#
stp region-configuration
region-name HUAWEI
revision-level 12
instance 10 vlan 110 135 222 224
instance 20 vlan 35 113 255
active region-configuration
#
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password cipher %@%@5d~9:M^ipCfL\iB)EQd>3Uwe%@%@
local-user admin service-type http
#
interface Vlanif1
#
interface Vlanif110
ip address 10.1.110.11 255.255.255.0
#
interface Vlanif113
ip address 10.1.113.11 255.255.255.0
#
interface MEth0/0/1
#
interface GigabitEthernet0/0/1
undo port hybrid vlan 1
#
interface GigabitEthernet0/0/2
port link-type access
port default vlan 224
#
interface GigabitEthernet0/0/3
undo port hybrid vlan 1
#
interface GigabitEthernet0/0/4
undo port hybrid vlan 1
#
interface GigabitEthernet0/0/5
undo port hybrid vlan 1
#
interface GigabitEthernet0/0/6
undo port hybrid vlan 1
#
interface GigabitEthernet0/0/7
undo port hybrid vlan 1
#
interface GigabitEthernet0/0/8
undo port hybrid vlan 1
#
interface GigabitEthernet0/0/9
undo port hybrid vlan 1
#
interface GigabitEthernet0/0/10
port link-type access
port default vlan 110
#
interface GigabitEthernet0/0/11
undo port hybrid vlan 1
#
interface GigabitEthernet0/0/12
undo port hybrid vlan 1
#
interface GigabitEthernet0/0/13
port link-type trunk
undo port trunk allow-pass vlan 1
port trunk allow-pass vlan 2 to 4094
#
interface GigabitEthernet0/0/14
undo port hybrid vlan 1
#
interface GigabitEthernet0/0/15
undo port hybrid vlan 1
#
interface GigabitEthernet0/0/16
port link-type trunk
undo port trunk allow-pass vlan 1
port trunk allow-pass vlan 2 to 4094
#
interface GigabitEthernet0/0/17
undo port hybrid vlan 1
#
interface GigabitEthernet0/0/18
undo port hybrid vlan 1
#
interface GigabitEthernet0/0/19
port link-type trunk
undo port trunk allow-pass vlan 1
port trunk allow-pass vlan 2 to 4094
stp disable
smart-link flush receive control-vlan 110
#
interface GigabitEthernet0/0/20
undo port hybrid vlan 1
#
interface GigabitEthernet0/0/21
undo port hybrid vlan 1
#
interface GigabitEthernet0/0/22
undo port hybrid vlan 1
#
interface GigabitEthernet0/0/23
port link-type access
port default vlan 110
#
interface GigabitEthernet0/0/24
undo port hybrid vlan 1
#
interface NULL0
#
ospf 1 router-id 10.1.113.11
import-route direct route-policy vlan110
area 0.0.0.34
network 10.1.113.11 0.0.0.0
nssa
#
route-policy vlan110 permit node 10
if-match interface Vlanif110
apply tag 100
#
user-interface con 0
authentication-mode password
set authentication password cipher %@%@qoa~0Pxf/&^!=eP>Bj~O,~.=d26=$Aso@;yaf3(I0[:9~.@,%@%@
screen-length 0
user-interface vty 0 4
user-interface vty 16 20
#
return
<SW1>
SW2
<SW2> dis current-configuration
!Software Version V200R003C00SPC300
#
sysname SW2
#
vlan batch 35 110 113 135 222 224 255
#
stp instance 10 root secondary
stp instance 20 root primary
#
multicast routing-enable
#
igmp-snooping enable
#
undo http server enable
undo http secure-server enable
#
drop illegal-mac alarm
#
stp region-configuration
region-name HUAWEI
revision-level 12
instance 10 vlan 110 135 222 224
instance 20 vlan 35 113 255
active region-configuration
#
vlan 224
igmp-snooping enable
#
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password cipher %@%@5d~9:M^ipCfL\iB)EQd>3Uwe%@%@
local-user admin service-type http
#
interface Vlanif1
#
interface Vlanif222
ip address 10.1.222.22 255.255.255.0
pim sm
#
interface Vlanif224
ip address 10.1.224.22 255.255.255.0
undo rip output
undo rip input
pim sm
#
interface MEth0/0/1
#
interface GigabitEthernet0/0/1
port link-type access
port default vlan 135
#
interface GigabitEthernet0/0/2
port link-type access
port default vlan 222
#
interface GigabitEthernet0/0/3
port link-type access
port default vlan 113
#
interface GigabitEthernet0/0/4
port link-type access
port default vlan 224
#
interface GigabitEthernet0/0/5
undo port hybrid vlan 1
#
interface GigabitEthernet0/0/6
undo port hybrid vlan 1
#
interface GigabitEthernet0/0/7
undo port hybrid vlan 1
#
interface GigabitEthernet0/0/8
undo port hybrid vlan 1
#
interface GigabitEthernet0/0/9
undo port hybrid vlan 1
#
interface GigabitEthernet0/0/10
undo port hybrid vlan 1
#
interface GigabitEthernet0/0/11
undo port hybrid vlan 1
#
interface GigabitEthernet0/0/12
undo port hybrid vlan 1
#
interface GigabitEthernet0/0/13
port link-type trunk
undo port trunk allow-pass vlan 1
port trunk allow-pass vlan 2 to 4094
#
interface GigabitEthernet0/0/14
undo port hybrid vlan 1
#
interface GigabitEthernet0/0/15
undo port hybrid vlan 1
#
interface GigabitEthernet0/0/16
port link-type trunk
undo port trunk allow-pass vlan 1
port trunk allow-pass vlan 2 to 4094
#
interface GigabitEthernet0/0/17
undo port hybrid vlan 1
#
interface GigabitEthernet0/0/18
undo port hybrid vlan 1
#
interface GigabitEthernet0/0/19
port link-type trunk
undo port trunk allow-pass vlan 1
port trunk allow-pass vlan 2 to 4094
stp disable
smart-link flush receive control-vlan 110
#
interface GigabitEthernet0/0/20
undo port hybrid vlan 1
#
interface GigabitEthernet0/0/21
undo port hybrid vlan 1
#
interface GigabitEthernet0/0/22
undo port hybrid vlan 1
#
interface GigabitEthernet0/0/23
undo port hybrid vlan 1
#
interface GigabitEthernet0/0/24
undo port hybrid vlan 1
#
interface NULL0
#
bgp 20
peer 10.1.222.2 as-number 20
peer 10.1.224.2 as-number 345
#
ipv4-family unicast
undo synchronization
peer 10.1.222.2 enable
peer 10.1.224.2 enable
#
ospf 1
import-route rip 1 route-policy rto
preference ase route-policy pre 10
area 0.0.0.224
network 10.1.224.22 0.0.0.0
#
rip 1
undo summary
version 2
network 10.0.0.0
import-route ospf 1 route-policy otr
#
route-policy r20 deny node 10
if-match tag 101
#
route-policy r20 permit node 20
apply tag 102
#
route-policy o2r deny node 10
if-match tag 202
#
route-policy o2r permit node 20
apply tag 201
#
route-policy ext permit node 10
if-match tag 100
apply preference 10
#
route-policy otr deny node 5
if-match tag 301
#
route-policy otr permit node 10
apply tag 102
#
route-policy rto deny node 10
if-match tag 103
#
route-policy rto permit node 20
apply tag 201
#
route-policy pre permit node 10
if-match tag 301
apply preference 150
#
user-interface con 0
authentication-mode password
set authentication password cipher %@%@u"1dPHMm1=U`zg2b-$_Y,~,VmuGKBJR,[={TlR/Q+lKB~,Y,%@%@
screen-length 0
user-interface vty 0 4
user-interface vty 16 20
#
return
<SW2>
SW3
<SW3>dis saved-configuration
#
!Software Version V100R006C03
sysname SW3
#
vlan batch 35 110 113 135 222 224 255
#
multicast routing-enable
#
igmp-snooping enable
#
undo http server enable
#
drop illegal-mac alarm
#
stp region-configuration
region-name HUAWEI
revision-level 12
instance 10 vlan 110 135 222 224
instance 20 vlan 35 113 255
active region-configuration
#
vlan 135
igmp-snooping enable
#
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password cipher %$%$1Y_g(cH^p<Rv/`VnWvY&3:1(%$%$
local-user admin service-type http
#
interface Vlanif135
ip address 10.1.135.13 255.255.255.0
pim sm
#
interface Ethernet0/0/1
undo port hybrid vlan 1
#
interface Ethernet0/0/2
undo port hybrid vlan 1
#
interface Ethernet0/0/3
port link-type access
port default vlan 35
#
interface Ethernet0/0/4
undo port hybrid vlan 1
#
interface Ethernet0/0/5
port link-type access
port default vlan 35
#
interface Ethernet0/0/6
undo port hybrid vlan 1
#
interface Ethernet0/0/7
undo port hybrid vlan 1
#
interface Ethernet0/0/8
undo port hybrid vlan 1
#
interface Ethernet0/0/9
undo port hybrid vlan 1
#
interface Ethernet0/0/10
undo port hybrid vlan 1
#
interface Ethernet0/0/11
undo port hybrid vlan 1
#
interface Ethernet0/0/12
undo port hybrid vlan 1
#
interface Ethernet0/0/13
port link-type trunk
undo port trunk allow-pass vlan 1
port trunk allow-pass vlan 2 to 4094
#
interface Ethernet0/0/14
undo port hybrid vlan 1
#
interface Ethernet0/0/15
undo port hybrid vlan 1
#
interface Ethernet0/0/16
port link-type trunk
undo port trunk allow-pass vlan 1
port trunk allow-pass vlan 2 to 4094
#
interface Ethernet0/0/17
undo port hybrid vlan 1
#
interface Ethernet0/0/18
undo port hybrid vlan 1
#
interface Ethernet0/0/19
undo port hybrid vlan 1
#
interface Ethernet0/0/20
undo port hybrid vlan 1
#
interface Ethernet0/0/21
undo port hybrid vlan 1
#
interface Ethernet0/0/22
undo port hybrid vlan 1
#
interface Ethernet0/0/23
port link-type access
port default vlan 135
#
interface Ethernet0/0/24
port link-type access
port default vlan 255
stp root-protection
stp bpdu-filter enable
#
interface GigabitEthernet0/0/1
undo port hybrid vlan 1
#
interface GigabitEthernet0/0/2
undo port hybrid vlan 1
#
interface GigabitEthernet0/0/3
undo port hybrid vlan 1
#
interface GigabitEthernet0/0/4
undo port hybrid vlan 1
#
interface NULL0
#
bgp 10
peer 10.1.135.1 as-number 10
#
ipv4-family unicast
undo synchronization
peer 10.1.135.1 enable
#
ospf 1
area 0.0.0.135
network 10.1.135.0 0.0.0.255
#
user-interface con 0
authentication-mode password
set authentication password cipher %$%$k[Q-&!62mDI5f&:6KatV,OF=YYNr>ilM66.Ck1Slyn7O~ULG%$%$
screen-length 0
user-interface vty 0 4
#
return
<SW3>
SW4
<SW4>dis saved-configuration
#
!Software Version V100R006C03
sysname SW4
#
vlan batch 35 110 113 135 222 224 255
#
undo http server enable
#
drop illegal-mac alarm
#
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password cipher %$%$6`FJ:sGL(Q#Z]P"!K&-!3ri`%$%$
local-user admin service-type http
#
interface Ethernet0/0/1
undo port hybrid vlan 1
#
interface Ethernet0/0/2
undo port hybrid vlan 1
#
interface Ethernet0/0/3
undo port hybrid vlan 1
#
interface Ethernet0/0/4
#
interface Ethernet0/0/5
port link-type access
port default vlan 135
#
interface Ethernet0/0/6
undo port hybrid vlan 1
#
interface Ethernet0/0/7
undo port hybrid vlan 1
#
interface Ethernet0/0/8
undo port hybrid vlan 1
#
interface Ethernet0/0/9
undo port hybrid vlan 1
#
interface Ethernet0/0/10
undo port hybrid vlan 1
#
interface Ethernet0/0/11
undo port hybrid vlan 1
#
interface Ethernet0/0/12
undo port hybrid vlan 1
#
interface Ethernet0/0/13
port link-type trunk
undo port trunk allow-pass vlan 1
port trunk allow-pass vlan 2 to 4094
stp disable
#
interface Ethernet0/0/14
undo port hybrid vlan 1
#
interface Ethernet0/0/15
undo port hybrid vlan 1
#
interface Ethernet0/0/16
port link-type trunk
undo port trunk allow-pass vlan 1
port trunk allow-pass vlan 2 to 4094
stp disable
#
interface Ethernet0/0/17
undo port hybrid vlan 1
#
interface Ethernet0/0/18
undo port hybrid vlan 1
#
interface Ethernet0/0/19
undo port hybrid vlan 1
#
interface Ethernet0/0/20
undo port hybrid vlan 1
#
interface Ethernet0/0/21
undo port hybrid vlan 1
#
interface Ethernet0/0/22
undo port hybrid vlan 1
#
interface Ethernet0/0/23
undo port hybrid vlan 1
#
interface Ethernet0/0/24
undo port hybrid vlan 1
#
interface GigabitEthernet0/0/1
undo port hybrid vlan 1
#
interface GigabitEthernet0/0/2
undo port hybrid vlan 1
#
interface GigabitEthernet0/0/3
undo port hybrid vlan 1
#
interface GigabitEthernet0/0/4
undo port hybrid vlan 1
#
interface NULL0
#
smart-link group 4
restore enable
smart-link enable
port Ethernet0/0/13 master
port Ethernet0/0/16 slave
timer wtr 30
flush send control-vlan 110
#
user-interface con 0
authentication-mode password
set authentication password cipher %$%$)yZ,2,:uR@J"TB8Ov/G:,JA8B`^d/8<FnWs)ELOxQ/@/~PGB%$%$
screen-length 0
user-interface vty 0 4
#
return
<SW4>
R1
<R1>dis saved-config
[V200R003C01SPC900]
#
sysname R1
#
board add 0/1 2SA
board add 0/2 2SA
board add 0/3 2SA
#
snmp-agent local-engineid 800007DB037054F593DEBA
snmp-agent
#
http timeout 3
#
drop illegal-mac alarm
#
router id 10.1.1.1
#
pki realm default
enrollment self-signed
#
#
aaa
authentication-scheme default
authentication-scheme chap
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
domain pppchap
authentication-scheme chap
local-user admin password cipher %$%$S2^!KY6ZZ=~omd*ynVMDF`4B%$%$
local-user admin service-type http
local-user chapuser password cipher %$%$|t2)7/_bQQAJ1)AT9cNSH3a|%$%$
local-user chapuser service-type ppp
#
firewall zone Local
priority 64
#
interface Serial1/0/0
link-protocol fr
undo fr inarp
fr map ip 10.1.145.4 104 broadcast
fr map ip 10.1.145.5 105 broadcast
ip address 10.1.145.1 255.255.255.0
#
interface Serial1/0/1
link-protocol ppp
#
interface Serial2/0/0
link-protocol ppp
ppp authentication-mode chap domain pppchap
ppp pap local-user papuser password cipher %$%$f9S|"[>Z^&9xbj~r-^C+,I:K%$%$
ip address 10.1.12.1 255.255.255.0
#
interface Serial2/0/1
link-protocol ppp
#
interface Serial3/0/0
link-protocol ppp
ip address 157.68.1.1 255.255.255.0
undo rip output
undo rip input
#
interface Serial3/0/1
link-protocol ppp
#
interface GigabitEthernet0/0/0
#
interface GigabitEthernet0/0/1
ip address 10.1.135.1 255.255.255.0
undo rip output
undo rip input
ospf cost 2000
#
interface GigabitEthernet0/0/2
#
interface Cellular0/0/0
link-protocol ppp
#
interface Cellular0/0/1
link-protocol ppp
#
interface NULL0
#
interface LoopBack0
ip address 10.1.1.1 255.255.255.255
#
bgp 10
router-id 10.1.1.1
peer 10.1.12.2 as-number 20
peer 10.1.135.33 as-number 10
peer 157.68.1.254 as-number 254
peer 157.68.1.254 fake-as 100
#
ipv4-family unicast
undo synchronization
aggregate 10.1.0.0 255.255.0.0 as-set detail-suppressed
peer 10.1.12.2 enable
peer 10.1.12.2 route-policy R2 import
peer 10.1.135.33 enable
peer 157.68.1.254 enable
peer 157.68.1.254 route-policy as-path import
#
ospf 1 router-id 10.1.1.1
import-route rip 1 route-policy rto
peer 10.1.145.4
peer 10.1.145.5
preference ase route-policy pre 10
area 0.0.0.0
authentication-mode md5 1 plain HuaWei
network 10.1.1.1 0.0.0.0
network 10.1.145.1 0.0.0.0
network 157.68.1.1 0.0.0.0
area 0.0.0.135
network 10.1.135.1 0.0.0.0
vlink-peer 10.1.5.5
#
rip 1
undo summary
version 2
network 10.0.0.0
import-route ospf 1 route-policy otr
#
route-policy 02R deny node 10
if-match tag 102
#
route-policy 02R permit node 20
apply tag 101
#
route-policy R20 deny node 10
if-match tag 201
#
route-policy R20 permit node 20
apply tag 202
#
route-policy ext permit node 10
if-match tag 100
apply preference 10
#
route-policy otr deny node 5
if-match tag 201
#
route-policy otr permit node 10
apply tag 103
#
route-policy rto deny node 10
if-match tag 102
#
route-policy rto permit node 20
apply tag 301
#
route-policy pre permit node 10
if-match tag 201
apply preference 150
#
route-policy as-path permit node 10
apply as-path 254 254 254 254 additive
#
route-policy R2 permit node 10
if-match ip-prefix 1
apply ip-address next-hop 10.1.4.4
#
route-policy R2 permit node 20
apply ip-address next-hop 10.1.56.6
#
ip ip-prefix 1 index 10 permit 10.1.40.0 24
#
user-interface con 0
authentication-mode password
set authentication password cipher %$%$D}|N(e-'\7d6H@,[R5e~,$WlCS\$~/Q0qPk:cg:AA>|I$Wo,%$%$
screen-length 0
user-interface vty 0 4
#
wlan ac
#
voice
#
diagnose
#
return
<R1>
R2
<R2>display saved-configuration
[V200R003C01SPC900]
#
sysname R2
#
board add 0/1 2SA
board add 0/2 2SA
board add 0/3 2SA
#
snmp-agent local-engineid 800007DB03E468A39B2F72
snmp-agent
#
http timeout 3
#
drop illegal-mac alarm
#
multicast routing-enable
#
ip vpn-instance ABC
ipv4-family
route-distinguisher 34:34
#
pki realm default
enrollment self-signed
#
#
acl number 2000
rule 5 permit source 236.0.0.0 3.255.255.255
#
aaa
authentication-scheme default
authentication-scheme pap
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
domain ppppap
authentication-scheme pap
local-user admin password cipher %$%$$h)w;{6km5\Rf265P%W8FUc~%$%$
local-user admin service-type http
local-user papuser password cipher %$%$\V63.(MUXAvf\yJR2u+5H-dj%$%$
local-user papuser service-type ppp
#
firewall zone Local
priority 64
#
interface Serial1/0/0
link-protocol ppp
#
interface Serial1/0/1
link-protocol ppp
#
interface Serial2/0/0
link-protocol ppp
ppp authentication-mode pap domain ppppap
ppp chap user chapuser
ppp chap password cipher %$%$mfp;JX_J}>C/|#O.}3&/,J{u%$%$
ip address 10.1.12.2 255.255.255.0
rip metricin 5
pim sm
#
interface Serial2/0/1
link-protocol ppp
#
interface Serial3/0/0
link-protocol ppp
ip address 172.16.1.2 255.255.255.0
#
interface Serial3/0/1
link-protocol ppp
#
interface GigabitEthernet0/0/0
ip address 157.68.3.1 255.255.255.0
#
interface GigabitEthernet0/0/1
ip address 10.1.222.2 255.255.255.0
rip metricin ip-prefix same-way 6
pim sm
#
interface GigabitEthernet0/0/2
#
interface Cellular0/0/0
link-protocol ppp
#
interface Cellular0/0/1
link-protocol ppp
#
interface NULL0
#
interface LoopBack0
ip address 10.1.2.2 255.255.255.255
pim sm
#
bgp 20
router-id 10.1.2.2
peer 10.1.12.1 as-number 10
peer 10.1.222.22 as-number 20
#
ipv4-family unicast
undo synchronization
peer 10.1.12.1 enable
peer 10.1.222.22 enable
#
ospf 2
area 0.0.0.0
network 172.16.1.2 0.0.0.0
#
rip 1
undo summary
version 2
network 10.0.0.0
import-route direct route-policy direct
#
route-policy direct permit node 10
if-match interface GigabitEthernet0/0/0
#
pim
c-rp LoopBack0 group-policy 2000
#
ip ip-prefix same-way index 10 permit 10.1.15.0 24
#
user-interface con 0
authentication-mode password
set authentication password cipher %$%$;xPhYQp9@A<I{{>)q<^O,$W%;A#JFCUM*07S4@JLc&bU$W(,%$%$
screen-length 0
user-interface vty 0 4
#
wlan ac
#
voice
#
diagnose
#
return
<R2>
R3
[R3]display saved-configuration
[V200R003C01SPC900]
#
sysname R3
#
board add 0/1 2SA
board add 0/2 2SA
board add 0/3 2SA
#
snmp-agent local-engineid 800007DB037054F593DEC2
snmp-agent
#
http timeout 3
#
drop illegal-mac alarm
#
router id 10.1.3.3
#
multicast routing-enable
#
ip vpn-instance ABC
ipv4-family
route-distinguisher 34:34
vpn-target 34:34 export-extcommunity
vpn-target 34:34 import-extcommunity
#
mpls lsr-id 10.1.3.3
mpls
#
pki realm default
enrollment self-signed
#
#
acl number 3000
rule 5 permit ip source 232.0.0.0 7.255.255.255
#
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password cipher %$%$.zw@6L%}o&1zYY&VIMJVFa0:%$%$
local-user admin service-type http
#
firewall zone Local
priority 64
#
interface Serial1/0/0
link-protocol ppp
ip binding vpn-instance ABC
#
interface Serial1/0/1
link-protocol ppp
#
interface Serial2/0/0
link-protocol ppp
ip binding vpn-instance ABC
ip address 172.16.1.3 255.255.255.0
#
interface Serial2/0/1
link-protocol ppp
#
interface Serial3/0/0
link-protocol ppp
ip address 10.1.34.3 255.255.255.0
#
interface Serial3/0/1
link-protocol ppp
#
interface GigabitEthernet0/0/0
ip address 10.1.113.3 255.255.255.0
pim sm
mpls
#
interface GigabitEthernet0/0/1
ip address 10.1.35.3 255.255.255.0
#
interface GigabitEthernet0/0/2
#
interface Cellular0/0/0
link-protocol ppp
#
interface Cellular0/0/1
link-protocol ppp
#
interface NULL0
#
interface LoopBack0
ip address 10.1.3.3 255.255.255.255
pim sm
#
bgp 345
router-id 10.1.3.3
peer 10.1.4.4 as-number 345
peer 10.1.4.4 connect-interface LoopBack0
peer 10.1.5.5 as-number 345
peer 10.1.5.5 connect-interface LoopBack0
#
ipv4-family unicast
undo synchronization
peer 10.1.4.4 enable
peer 10.1.4.4 reflect-client
peer 10.1.4.4 advertise-community
peer 10.1.5.5 enable
peer 10.1.5.5 reflect-client
#
ipv4-family vpnv4
policy vpn-target
peer 10.1.4.4 enable
#
ipv4-family vpn-instance ABC
import-route ospf 2
#
ospf 1 router-id 10.1.3.3
area 0.0.0.0
authentication-mode md5 1 plain HuaWei
area 0.0.0.34
network 10.1.34.3 0.0.0.0
network 10.1.113.3 0.0.0.0
nssa
area 0.0.0.35
network 10.1.3.3 0.0.0.0
network 10.1.35.3 0.0.0.0
vlink-peer 10.1.5.5
#
ospf 2 vpn-instance ABC
import-route bgp
area 0.0.0.0
network 172.16.1.3 0.0.0.0
#
pim
c-rp LoopBack0 group-policy 2000
#
static-lsp ingress 3514 destination 10.1.4.4 32 outgoing-interface GigabitEthernet0/0/0 nexthop 10.1.35.5 out-label 305
#
user-interface con 0
authentication-mode password
set authentication password cipher %$%$tto~:vz|YOx~9_!.EiI=,$Xa|"gx>~:a)H_o'NX.oQN($Xd,%$%$
screen-length 0
user-interface vty 0 4
#
wlan ac
#
voice
#
diagnose
#
return
[R3]
R4
[R4]display saved-configuration
[V200R003C01SPC900]
#
sysname R4
#
board add 0/1 2SA
board add 0/2 2SA
board add 0/3 2SA
#
snmp-agent local-engineid 800007DB037054F593DE92
snmp-agent
#
http timeout 3
#
drop illegal-mac alarm
#
router id 10.1.4.4
#
multicast routing-enable
#
ip vpn-instance ABC
ipv4-family
route-distinguisher 34:34
vpn-target 34:34 export-extcommunity
vpn-target 34:34 import-extcommunity
#
mpls lsr-id 10.1.4.4
mpls
#
pki realm default
enrollment self-signed
#
#
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password cipher %$%$_MUtPfy1`,@0}u69|R>2F].H%$%$
local-user admin service-type http
#
firewall zone Local
priority 64
#
interface Serial1/0/0
link-protocol fr
undo fr inarp
fr map ip 10.1.145.1 401 broadcast
fr map ip 10.1.145.5 401 broadcast
ip address 10.1.145.4 255.255.255.0
pim sm
ospf dr-priority 0
mpls
#
interface Serial1/0/1
link-protocol ppp
#
interface Serial2/0/0
link-protocol ppp
ip address 10.1.34.4 255.255.255.0
pim sm
#
interface Serial2/0/1
link-protocol ppp
#
interface Serial3/0/0
link-protocol ppp
#
interface Serial3/0/1
link-protocol ppp
#
interface GigabitEthernet0/0/0
ip address 10.1.224.4 255.255.255.0
pim sm
#
interface GigabitEthernet0/0/1
ip binding vpn-instance ABC
ip address 172.16.40.4 255.255.255.0
#
interface GigabitEthernet0/0/2
#
interface Cellular0/0/0
link-protocol ppp
#
interface Cellular0/0/1
link-protocol ppp
#
interface NULL0
#
interface LoopBack0
ip address 10.1.4.4 255.255.255.255
pim sm
#
interface LoopBack1
ip address 10.1.40.4 255.255.255.0
#
bgp 345
router-id 10.1.4.4
peer 10.1.3.3 as-number 345
peer 10.1.3.3 connect-interface LoopBack0
peer 10.1.224.22 as-number 20
#
ipv4-family unicast
undo synchronization
network 10.1.40.0 255.255.255.0
peer 10.1.3.3 enable
peer 10.1.224.22 enable
#
ipv4-family vpnv4
policy vpn-target
peer 10.1.3.3 enable
#
ipv4-family vpn-instance ABC
import-route direct
#
ospf 1 router-id 10.1.4.4
peer 10.1.145.1
area 0.0.0.0
authentication-mode md5 1 plain HuaWei
network 10.1.4.4 0.0.0.0
network 10.1.145.4 0.0.0.0
area 0.0.0.24
area 0.0.0.34
network 10.1.34.4 0.0.0.0
nssa no-import-route
area 0.0.0.224
network 10.1.224.4 0.0.0.0
#
pim
c-bsr LoopBack0
#
static-lsp egress 3514 incoming-interface Serial1/0/0 in-label 104
static-lsp ingress 4153 destination 10.1.3.3 32 outgoing-interface Serial1/0/0 nexthop 10.1.145.5 out-label 401
#
user-interface con 0
authentication-mode password
set authentication password cipher %$%$z0OJAU>`nN\36"&$O`#L,$XEBqJ!Wg\)^"%d7,M^^b=7$XH,%$%$
screen-length 0
user-interface vty 0 4
#
wlan ac
#
voice
#
diagnose
#
return
[R4]
R5
[R5]dis saved-config
[V200R003C01SPC900]
#
sysname R5
#
board add 0/1 2SA
board add 0/2 2SA
board add 0/3 2SA
#
snmp-agent local-engineid 800007DB03E468A39EEFCE
snmp-agent
#
http timeout 3
#
drop illegal-mac alarm
#
ipv6
#
router id 10.1.5.5
#
multicast routing-enable
#
mpls lsr-id 10.1.5.5
mpls
#
pki realm default
enrollment self-signed
#
#
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password cipher %$%$_BhY5_b(hXS2x2'(SJ2SF`P0%$%$
local-user admin service-type http
#
ospfv3 1
router-id 10.1.5.5
#
firewall zone Local
priority 64
#
interface Serial1/0/0
link-protocol fr
undo fr inarp
fr map ip 10.1.145.1 501 broadcast
fr map ip 10.1.145.4 501 broadcast
ip address 10.1.145.5 255.255.255.0
pim sm
ospf dr-priority 0
mpls
#
interface Serial1/0/1
link-protocol ppp
#
interface Serial2/0/0
link-protocol ppp
#
interface Serial2/0/1
link-protocol ppp
#
interface Serial3/0/0
link-protocol ppp
ip address 10.1.56.5 255.255.255.0
#
interface Serial3/0/1
link-protocol ppp
#
interface GigabitEthernet0/0/0
ipv6 enable
ip address 10.1.35.5 255.255.255.0
ipv6 address 2001:1:135::5/64
pim sm
#
interface GigabitEthernet0/0/1
ip address 10.1.135.5 255.255.255.0
pim sm
igmp enable
igmp static-group 238.10.10.10
ospf cost 2000
mpls
#
interface GigabitEthernet0/0/2
#
interface Cellular0/0/0
link-protocol ppp
#
interface Cellular0/0/1
link-protocol ppp
#
interface NULL0
#
interface LoopBack0
ip address 10.1.5.5 255.255.255.255
#
bgp 345
router-id 10.1.5.5
peer 10.1.3.3 as-number 345
peer 10.1.3.3 connect-interface LoopBack0
peer 10.1.56.6 as-number 60
#
ipv4-family unicast
undo synchronization
aggregate 60.0.0.0 255.255.252.0 as-set origin-policy origin attribute-policy att
peer 10.1.3.3 enable
peer 10.1.3.3 advertise-community
peer 10.1.56.6 enable
#
ospf 1 router-id 10.1.5.5
asbr-summary 172.10.0.0 255.255.252.0 tag 100 cost 100
import-route rip 1 cost 100 tag 100 route-policy R5
peer 10.1.145.1
area 0.0.0.0
authentication-mode md5 1 plain HuaWei
network 10.1.5.5 0.0.0.0
network 10.1.145.5 0.0.0.0
area 0.0.0.35
network 10.1.15.5 0.0.0.0
vlink-peer 10.1.1.1
vlink-peer 10.1.3.3
area 0.0.0.135
network 10.1.135.5 0.0.0.0
#
rip 1
undo summary
version 2
network 10.0.0.0
import-route ospf 1
#
route-policy R5 permit node 10
if-match ip-prefix 1
#
route-policy origin permit node 10
if-match community-filter 1
#
route-policy att permit node 10
apply community no-export additive
#
pim
spt-switch-threshold infinity
#
ip ip-prefix 1 index 5 permit 10.1.56.0 24 greater-equal 24 less-equal 24
ip ip-prefix 1 index 10 permit 10.1.6.6 32
ip ip-prefix 1 index 20 permit 171.10.0.0 16 greater-equal 24 less-equal 24
#
ip community-filter 1 permit 1:254
#
ip rpf-route-static 10.1.4.4 32 10.1.145.1
#
static-lsp transit 3514 incoming-interface GigabitEthernet0/0/1 in-label 305 outgoing-interface Serial1/0/0 nexthop 10.1.145.4 out-label 501
static-lsp transit 4153 incoming-interface Serial1/0/0 in-label 105 outgoing-interface GigabitEthernet0/0/1 nexthop 10.1.135.3 out-label 503
#
user-interface con 0
authentication-mode password
set authentication password cipher %$%$uZrwTDeVI3dm$&)fo*7U,$WzEGW>(bM-(#j4Ok1@7yR7$W},%$%$
screen-length 0
user-interface vty 0 4
#
wlan ac
#
voice
#
diagnose
#
return
[R5]
R6
<R6>dis saved-configuration
[V200R003C01SPC900]
#
sysname R6
#
board add 0/1 2SA
board add 0/2 2SA
board add 0/3 2SA
#
snmp-agent local-engineid 800007DB037054F593DDE2
snmp-agent
#
http timeout 3
#
drop illegal-mac alarm
#
pki realm default
enrollment self-signed
#
#
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password cipher %$%$p=*XS'm,qY^.Yr9'x/=)FfR'%$%$
local-user admin service-type http
#
firewall zone Local
priority 64
#
interface Serial1/0/0
link-protocol ppp
#
interface Serial1/0/1
link-protocol ppp
#
interface Serial2/0/0
link-protocol ppp
ip address 10.1.56.6 255.255.255.0
#
interface Serial2/0/1
link-protocol ppp
#
interface Serial3/0/0
link-protocol ppp
ip address 157.68.2.1 255.255.255.0
rip summary-address 10.1.0.0 255.255.0.0
#
interface Serial3/0/1
link-protocol ppp
#
interface GigabitEthernet0/0/0
#
interface GigabitEthernet0/0/1
#
interface GigabitEthernet0/0/2
#
interface Cellular0/0/0
link-protocol ppp
#
interface Cellular0/0/1
link-protocol ppp
#
interface NULL0
#
interface LoopBack0
ip address 10.1.6.6 255.255.255.255
#
bgp 60
router-id 10.1.6.6
peer 10.1.3.3 as-number 345
peer 10.1.56.5 as-number 345
peer 157.68.2.254 as-number 254
#
ipv4-family unicast
undo synchronization
peer 10.1.3.3 enable
peer 10.1.56.5 enable
peer 10.1.56.5 advertise-community
peer 157.68.2.254 enable
#
rip 1
undo summary
version 2
peer 157.68.2.254
network 10.0.0.0
network 157.68.0.0
silent-interface Serial3/0/0
filter-policy ip-prefix rip-sum export Serial3/0/0
#
ip ip-prefix rip-sum index 10 permit 10.1.0.0 16
#
user-interface con 0
authentication-mode password
set authentication password cipher %$%$.)LsECL4&!R{$STM~h&:,$YROeqe3;0ZM'O9mp.)e;*'$YU,%$%$
screen-length 0
user-interface vty 0 4
#
wlan ac
#
voice
#
diagnose
#
return
<R6>
Protegido: lab3SW1
<SW1>di cu
!Software Version V200R003C00SPC300
#
sysname SW1
#
vlan batch 10 15 24 30 35 100 135 255
#
stp instance 1 root primary
stp instance 2 root secondary
stp bpdu-protection
#
lacp priority 0
#
undo http server enable
undo http secure-server enable
#
drop illegal-mac alarm
#
time-range work 23:00 to 00:00 working-day
time-range work 00:00 to 07:00 working-day
#
stp region-configuration
region-name HW
revision-level 1
instance 1 vlan 10 15 24 100
instance 2 vlan 30 35 135 255
active region-configuration
#
acl number 2000
rule 10 permit source 10.4.10.100 0
rule 20 deny source 10.1.10.0 0.0.0.255 time-range work
#
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password cipher %@%@5d~9:M^ipCfL\iB)EQd>3Uwe%@%@
local-user admin service-type http
#
interface Vlanif1
#
interface Vlanif10
ip address 10.4.10.11 255.255.255.0
#
interface Vlanif30
ip address 10.4.30.11 255.255.255.0
#
interface MEth0/0/1
#
interface Eth-Trunk12
port link-type trunk
port trunk pvid vlan 255
undo port trunk allow-pass vlan 1
port trunk allow-pass vlan 2 to 4094
mode lacp
lacp preempt enable
max active-linknumber 2
lacp preempt delay 15
#
interface GigabitEthernet0/0/1
undo port hybrid vlan 1
#
interface GigabitEthernet0/0/2
port link-type access
port default vlan 255
#
interface GigabitEthernet0/0/3
undo port hybrid vlan 1
#
interface GigabitEthernet0/0/4
undo port hybrid vlan 1
#
interface GigabitEthernet0/0/5
port link-type access
port default vlan 100
#
interface GigabitEthernet0/0/6
undo port hybrid vlan 1
#
interface GigabitEthernet0/0/7
undo port hybrid vlan 1
#
interface GigabitEthernet0/0/8
undo port hybrid vlan 1
#
interface GigabitEthernet0/0/9
undo port hybrid vlan 1
#
interface GigabitEthernet0/0/10
port link-type access
port default vlan 10
#
interface GigabitEthernet0/0/11
stp edged-port enable
#
interface GigabitEthernet0/0/12
undo port hybrid vlan 1
stp edged-port enable
#
interface GigabitEthernet0/0/13
eth-trunk 12
#
interface GigabitEthernet0/0/14
eth-trunk 12
lacp priority 60000
#
interface GigabitEthernet0/0/15
eth-trunk 12
#
interface GigabitEthernet0/0/16
port link-type trunk
port trunk pvid vlan 255
undo port trunk allow-pass vlan 1
port trunk allow-pass vlan 2 to 4094
#
interface GigabitEthernet0/0/17
undo port hybrid vlan 1
#
interface GigabitEthernet0/0/18
undo port hybrid vlan 1
#
interface GigabitEthernet0/0/19
port link-type trunk
port trunk pvid vlan 255
undo port trunk allow-pass vlan 1
port trunk allow-pass vlan 2 to 4094
stp disable
smart-link flush receive control-vlan 10
#
interface GigabitEthernet0/0/20
undo port hybrid vlan 1
#
interface GigabitEthernet0/0/21
undo port hybrid vlan 1
#
interface GigabitEthernet0/0/22
undo port hybrid vlan 1
#
interface GigabitEthernet0/0/23
port link-type access
port default vlan 10
traffic-filter inbound acl 2000
#
interface GigabitEthernet0/0/24
undo port hybrid vlan 1
#
interface NULL0
#
ospf 4 router-id 10.4.11.11
import-route direct route-policy DIR
area 0.0.0.34
network 10.4.30.11 0.0.0.0
nssa
#
route-policy DIR permit node 10
if-match interface Vlanif10
#
user-interface con 0
authentication-mode password
set authentication password cipher %@%@${1s&m>**38_5H:AG.=;,I;MGAy]'1QWNF|l't@7/6=1I;P,%@%@
idle-timeout 0 0
screen-length 0
user-interface vty 0 4
user-interface vty 16 20
#
return
SW2
<SW2>di cu
!Software Version V200R003C00SPC300
#
sysname SW2
#
vlan batch 10 15 24 30 35 100 135 255
#
stp instance 1 root secondary
stp instance 2 root primary
#
igmp-snooping enable
#
undo http server enable
undo http secure-server enable
#
drop illegal-mac alarm
#
stp region-configuration
region-name HW
revision-level 1
instance 1 vlan 10 15 24 100
instance 2 vlan 30 35 135 255
active region-configuration
#
acl number 3000
rule 10 permit udp destination-port eq 6000
rule 20 permit tcp source 10.4.24.0 0.0.0.255
#
vlan 24
igmp-snooping enable
#
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password cipher %@%@5d~9:M^ipCfL\iB)EQd>3Uwe%@%@
local-user admin service-type http
#
interface Vlanif1
#
interface MEth0/0/1
#
interface Eth-Trunk12
port link-type trunk
port trunk pvid vlan 255
undo port trunk allow-pass vlan 1
port trunk allow-pass vlan 2 to 4094
mode lacp
#
interface GigabitEthernet0/0/1
port link-type access
port default vlan 15
#
interface GigabitEthernet0/0/2
port link-type access
port default vlan 24
qos lr outbound cir 20000 cbs 2500000
storm-control multicast min-rate 1000 max-rate 2000
storm-control interval 60
storm-control action block
storm-control enable log
#
interface GigabitEthernet0/0/3
port link-type access
port default vlan 30
#
interface GigabitEthernet0/0/4
port link-type access
port default vlan 24
qos lr outbound cir 18000 cbs 2250000
qos lr inbound cir 18000 cbs 2250000
#
interface GigabitEthernet0/0/5
undo port hybrid vlan 1
#
interface GigabitEthernet0/0/6
undo port hybrid vlan 1
#
interface GigabitEthernet0/0/7
undo port hybrid vlan 1
#
interface GigabitEthernet0/0/8
undo port hybrid vlan 1
#
interface GigabitEthernet0/0/9
undo port hybrid vlan 1
#
interface GigabitEthernet0/0/10
undo port hybrid vlan 1
traffic-remark inbound acl 3000 rule 10 dscp af11
traffic-remark inbound acl 3000 rule 20 dscp af22
#
interface GigabitEthernet0/0/11
undo port hybrid vlan 1
#
interface GigabitEthernet0/0/12
undo port hybrid vlan 1
#
interface GigabitEthernet0/0/13
eth-trunk 12
#
interface GigabitEthernet0/0/14
eth-trunk 12
#
interface GigabitEthernet0/0/15
eth-trunk 12
#
interface GigabitEthernet0/0/16
port link-type trunk
port trunk pvid vlan 255
undo port trunk allow-pass vlan 1
port trunk allow-pass vlan 2 to 4094
#
interface GigabitEthernet0/0/17
undo port hybrid vlan 1
#
interface GigabitEthernet0/0/18
undo port hybrid vlan 1
#
interface GigabitEthernet0/0/19
port link-type trunk
port trunk pvid vlan 255
undo port trunk allow-pass vlan 1
port trunk allow-pass vlan 2 to 4094
stp disable
smart-link flush receive control-vlan 10
#
interface GigabitEthernet0/0/20
undo port hybrid vlan 1
#
interface GigabitEthernet0/0/21
undo port hybrid vlan 1
#
interface GigabitEthernet0/0/22
undo port hybrid vlan 1
#
interface GigabitEthernet0/0/23
undo port hybrid vlan 1
#
interface GigabitEthernet0/0/24
undo port hybrid vlan 1
#
interface NULL0
#
user-interface con 0
authentication-mode password
set authentication password cipher %@%@@C/@)$gr"ZIrk3**FL8<,I3qBzS'3yS_zU!.dsSo=P)II3t,%@%@
idle-timeout 0 0
screen-length 0
user-interface vty 0 4
user-interface vty 16 20
#
return
SW3
<SW3>di cu
#
!Software Version V100R006C03
sysname SW3
#
vlan batch 10 15 24 30 35 100 135 255
#
undo http server enable
#
drop illegal-mac alarm
#
stp region-configuration
region-name HW
revision-level 1
instance 1 vlan 10 15 24 100
instance 2 vlan 30 35 135 255
active region-configuration
#
bfd
#
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password cipher %$%$d9"fEUzy2!gO%HWdOK`$^ypg%$%$
local-user admin service-type http
#
interface Vlanif15
ip address 10.4.15.13 255.255.255.0
#
interface Ethernet0/0/1
undo port hybrid vlan 1
#
interface Ethernet0/0/2
undo port hybrid vlan 1
#
interface Ethernet0/0/3
port link-type access
port default vlan 35
#
interface Ethernet0/0/4
undo port hybrid vlan 1
#
interface Ethernet0/0/5
port link-type access
port default vlan 35
#
interface Ethernet0/0/6
undo port hybrid vlan 1
#
interface Ethernet0/0/7
port link-type access
port default vlan 135
#
interface Ethernet0/0/8
undo port hybrid vlan 1
#
interface Ethernet0/0/9
undo port hybrid vlan 1
#
interface Ethernet0/0/10
undo port hybrid vlan 1
#
interface Ethernet0/0/11
undo port hybrid vlan 1
#
interface Ethernet0/0/12
undo port hybrid vlan 1
#
interface Ethernet0/0/13
port link-type trunk
port trunk pvid vlan 255
undo port trunk allow-pass vlan 1
port trunk allow-pass vlan 2 to 4094
#
interface Ethernet0/0/14
undo port hybrid vlan 1
#
interface Ethernet0/0/15
undo port hybrid vlan 1
#
interface Ethernet0/0/16
port link-type trunk
port trunk pvid vlan 255
undo port trunk allow-pass vlan 1
port trunk allow-pass vlan 2 to 4094
#
interface Ethernet0/0/17
undo port hybrid vlan 1
#
interface Ethernet0/0/18
undo port hybrid vlan 1
#
interface Ethernet0/0/19
undo port hybrid vlan 1
#
interface Ethernet0/0/20
undo port hybrid vlan 1
#
interface Ethernet0/0/21
undo port hybrid vlan 1
#
interface Ethernet0/0/22
undo port hybrid vlan 1
#
interface Ethernet0/0/23
port link-type access
port default vlan 15
#
interface Ethernet0/0/24
port link-type access
port default vlan 255
#
interface GigabitEthernet0/0/1
undo port hybrid vlan 1
#
interface GigabitEthernet0/0/2
undo port hybrid vlan 1
#
interface GigabitEthernet0/0/3
undo port hybrid vlan 1
#
interface GigabitEthernet0/0/4
undo port hybrid vlan 1
#
interface NULL0
#
bgp 10
router-id 10.4.13.13
peer 10.4.15.1 as-number 10
peer 10.4.15.1 bfd min-tx-interval 333 min-rx-interval 333
peer 10.4.15.1 bfd enable
#
ipv4-family unicast
undo synchronization
peer 10.4.15.1 enable
#
ospf 4 router-id 10.4.13.13
area 0.0.0.15
network 10.4.15.13 0.0.0.0
#
user-interface con 0
authentication-mode password
set authentication password cipher %$%$c;|YQt/egAfdH8#%00RL,H~6]~fe37+MrYLDme93$K=~INE@%$%$
idle-timeout 0 0
screen-length 0
user-interface vty 0 4
#
return
<SW3>
SW4
<SW4>di cu
#
!Software Version V100R006C03
sysname SW4
#
vlan batch 10 15 24 30 35 100 135 255
#
undo http server enable
#
drop illegal-mac alarm
#
stp region-configuration
region-name HW
revision-level 1
instance 1 vlan 10 15 24 100
instance 2 vlan 30 35 135 255
active region-configuration
#
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password cipher %$%$ah]5<lOI7O(pE=Tm:Bk*4C:1%$%$
local-user admin service-type http
#
interface Ethernet0/0/1
undo port hybrid vlan 1
#
interface Ethernet0/0/2
undo port hybrid vlan 1
#
interface Ethernet0/0/3
undo port hybrid vlan 1
#
interface Ethernet0/0/4
undo port hybrid vlan 1
#
interface Ethernet0/0/5
port link-type access
port default vlan 15
#
interface Ethernet0/0/6
undo port hybrid vlan 1
#
interface Ethernet0/0/7
port link-type access
port default vlan 100
#
interface Ethernet0/0/8
port link-type access
port default vlan 135
#
interface Ethernet0/0/9
undo port hybrid vlan 1
#
interface Ethernet0/0/10
undo port hybrid vlan 1
#
interface Ethernet0/0/11
undo port hybrid vlan 1
#
interface Ethernet0/0/12
undo port hybrid vlan 1
#
interface Ethernet0/0/13
port link-type trunk
port trunk pvid vlan 255
undo port trunk allow-pass vlan 1
port trunk allow-pass vlan 2 to 4094
stp disable
#
interface Ethernet0/0/14
undo port hybrid vlan 1
#
interface Ethernet0/0/15
undo port hybrid vlan 1
#
interface Ethernet0/0/16
port link-type trunk
port trunk pvid vlan 255
undo port trunk allow-pass vlan 1
port trunk allow-pass vlan 2 to 4094
stp disable
#
interface Ethernet0/0/17
undo port hybrid vlan 1
#
interface Ethernet0/0/18
undo port hybrid vlan 1
#
interface Ethernet0/0/19
undo port hybrid vlan 1
#
interface Ethernet0/0/20
undo port hybrid vlan 1
#
interface Ethernet0/0/21
undo port hybrid vlan 1
#
interface Ethernet0/0/22
undo port hybrid vlan 1
#
interface Ethernet0/0/23
undo port hybrid vlan 1
#
interface Ethernet0/0/24
undo port hybrid vlan 1
#
interface GigabitEthernet0/0/1
undo port hybrid vlan 1
#
interface GigabitEthernet0/0/2
undo port hybrid vlan 1
#
interface GigabitEthernet0/0/3
undo port hybrid vlan 1
#
interface GigabitEthernet0/0/4
undo port hybrid vlan 1
#
interface NULL0
#
smart-link group 4
restore enable
smart-link enable
port Ethernet0/0/13 master
port Ethernet0/0/16 slave
timer wtr 40
flush send control-vlan 10
#
user-interface con 0
authentication-mode password
set authentication password cipher %$%$P5!Z/ly/=,"hg~)\,'tL,d[Rbu,9C-3&+-]$tx)~)\D:Ija\%$%$
idle-timeout 0 0
screen-length 0
user-interface vty 0 4
#
return
R1
<R1>di cu
[V200R003C01SPC900]
#
sysname R1
#
board add 0/1 2SA
board add 0/2 2SA
board add 0/3 2SA
#
snmp-agent local-engineid 800007DB03D46AA873391C
snmp-agent
#
http timeout 3
#
drop illegal-mac alarm
#
router id 10.4.1.1
#
multicast routing-enable
#
bfd
#
pki realm default
enrollment self-signed
#
#
acl number 3000
rule 5 deny tcp destination-port eq 135
rule 10 deny tcp destination-port eq 139
rule 15 deny udp destination-port eq 445
#
aaa
authentication-scheme default
authentication-scheme pap
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
domain ppppap
authentication-scheme pap
local-user admin password cipher %$%$W].o8lpR/R}/{{>3\4iA]bu:%$%$
local-user admin service-type http
local-user papuser password cipher %$%$Zo14*^^(l1k[Fn3(Z*AG`yi2%$%$
local-user papuser service-type ppp
#
isis 4
is-level level-2
cost-style wide
network-entity 49.0012.0000.0000.0001.00
import-route ospf 4 route-policy OSPFaISIS
#
firewall zone Local
priority 64
#
interface Serial1/0/0
link-protocol fr
undo fr inarp
fr map ip 10.4.145.4 104 broadcast
fr map ip 10.4.145.5 105 broadcast
description FR a R4 R5
ip address 10.4.145.1 255.255.255.0
pim sm
#
interface Serial1/0/1
link-protocol ppp
#
interface Serial2/0/0
link-protocol ppp
ppp authentication-mode pap domain ppppap
ppp chap user chapuser
ppp chap password cipher %$%$9MB7NG[hY9\p5eE#7'GS,"JQ%$%$
ip address 10.4.12.1 255.255.255.0
isis enable 4
isis ppp-negotiation 3-way only
pim sm
#
interface Serial2/0/1
link-protocol ppp
#
interface Serial3/0/0
link-protocol ppp
description a BB1
ip address 157.68.1.1 255.255.255.0
traffic-filter inbound acl 3000
#
interface Serial3/0/1
link-protocol ppp
#
interface GigabitEthernet0/0/0
#
interface GigabitEthernet0/0/1
description a Sw3 - R5
ip address 10.4.15.1 255.255.255.0
pim hello-option dr-priority 50000
pim sm
ospf cost 2000
#
interface GigabitEthernet0/0/2
#
interface Cellular0/0/0
link-protocol ppp
#
interface Cellular0/0/1
link-protocol ppp
#
interface NULL0
#
interface LoopBack0
ip address 10.4.1.1 255.255.255.255
#
bgp 10
router-id 10.4.1.1
peer 10.4.12.2 as-number 20
peer 10.4.15.13 as-number 10
peer 10.4.15.13 bfd min-tx-interval 333 min-rx-interval 333
peer 10.4.15.13 bfd enable
peer 157.68.1.254 as-number 254
peer 157.68.1.254 fake-as 100
#
ipv4-family unicast
undo synchronization
aggregate 10.4.0.0 255.255.0.0 as-set detail-suppressed
peer 10.4.12.2 enable
peer 10.4.12.2 route-policy de_r2 import
peer 10.4.15.13 enable
peer 157.68.1.254 enable
peer 157.68.1.254 route-policy AS-PATH import
#
ospf 1
#
ospf 4 router-id 10.4.1.1
import-route isis 4 route-policy ISISaOSPF
peer 10.4.145.4
peer 10.4.145.5
preference ase route-policy EXTER 150
area 0.0.0.0
authentication-mode md5 1 plain HuaWei
network 10.4.1.1 0.0.0.0
network 10.4.145.1 0.0.0.0
network 157.68.1.1 0.0.0.0
area 0.0.0.15
network 10.4.15.1 0.0.0.0
vlink-peer 10.4.5.5
#
route-policy EXTER permit node 10
if-match tag 100
apply preference 13
#
route-policy ISISaOSPF deny node 10
if-match tag 401
#
route-policy ISISaOSPF permit node 20
apply tag 104
#
route-policy OSPFaISIS deny node 10
if-match tag 102
#
route-policy OSPFaISIS permit node 20
apply tag 101
#
route-policy AS-PATH permit node 10
apply as-path 254 254 254 254 additive
#
route-policy de_r2 permit node 10
if-match ip-prefix red40
#
route-policy de_r2 permit node 20
apply ip-address next-hop 10.4.56.6
#
ip ip-prefix red40 index 10 permit 10.4.40.0 24
#
user-interface con 0
authentication-mode password
set authentication password cipher %$%$/T~XOk~H8B_SLuND|2{T,%7<O{zrJ`>F!U)}_b<QCD{X%7~,%$%$
idle-timeout 0 0
screen-length 0
user-interface vty 0 4
#
wlan ac
#
voice
#
diagnose
#
return
R2
<R2>di cu
[V200R003C01SPC900]
#
sysname R2
#
board add 0/1 2SA
board add 0/2 2SA
board add 0/3 2SA
#
snmp-agent local-engineid 800007DB03D46AA87334A8
snmp-agent
#
http timeout 3
#
drop illegal-mac alarm
#
router id 10.4.2.2
#
multicast routing-enable
#
pki realm default
enrollment self-signed
#
#
acl number 2000
rule 5 permit source 232.0.0.0 7.255.255.255
#
aaa
authentication-scheme default
authentication-scheme chap
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
domain pppchap
authentication-scheme chap
local-user admin password cipher %$%$fNE(RIoxA>,[Qt3)}SpY]^gu%$%$
local-user admin service-type http
local-user chapuser password cipher %$%$Mc=DY/\FY!5!hu@2>P\I`(9m%$%$
local-user chapuser service-type ppp
#
isis 4
is-level level-2
cost-style wide
network-entity 49.0012.0000.0000.0002.00
#
firewall zone Local
priority 64
#
interface Serial1/0/0
link-protocol ppp
#
interface Serial1/0/1
link-protocol ppp
#
interface Serial2/0/0
link-protocol ppp
ppp authentication-mode chap domain pppchap
ppp pap local-user papuser password cipher %$%$V;^B<k5)W9\6rZ3{=Xu*,"})%$%$
ip address 10.4.12.2 255.255.255.0
isis enable 4
isis ppp-negotiation 3-way only
pim sm
#
interface Serial2/0/1
link-protocol ppp
#
interface Serial3/0/0
link-protocol ppp
#
interface Serial3/0/1
link-protocol ppp
#
interface GigabitEthernet0/0/0
description a BB3
ip address 157.68.3.1 255.255.255.0
#
interface GigabitEthernet0/0/1
description a Sw2 - R4
ip address 10.4.24.2 255.255.255.0
isis enable 4
isis circuit-type p2p
isis ppp-negotiation 3-way only
pim sm
#
interface GigabitEthernet0/0/2
#
interface Cellular0/0/0
link-protocol ppp
#
interface Cellular0/0/1
link-protocol ppp
#
interface NULL0
#
interface LoopBack0
ip address 10.4.2.2 255.255.255.255
isis enable 4
pim sm
#
bgp 20
router-id 10.4.2.2
peer 10.4.2.2 as-number 20
peer 10.4.12.1 as-number 10
peer 10.4.24.4 as-number 345
#
ipv4-family unicast
undo synchronization
peer 10.4.2.2 enable
peer 10.4.12.1 enable
peer 10.4.24.4 enable
#
route-policy r2 permit node 10
if-match interface GigabitEthernet0/0/0
#
pim
c-rp LoopBack0 group-policy 2000
#
user-interface con 0
authentication-mode password
set authentication password cipher %$%$5w*2>G3UHCoc8$3.\IMO,%6\!m%YC'{Ym+zXaGV5z;mX%6_,%$%$
idle-timeout 0 0
screen-length 0
user-interface vty 0 4
#
wlan ac
#
voice
#
diagnose
#
return
<R2>
R3
<R3>di cu
[V200R003C01SPC900]
#
sysname R3
#
board add 0/1 2SA
board add 0/2 2SA
board add 0/3 2SA
#
snmp-agent local-engineid 800007DB03D46AA8733460
snmp-agent
#
http timeout 3
#
drop illegal-mac alarm
#
router id 10.4.3.3
#
multicast routing-enable
#
pki realm default
enrollment self-signed
#
#
acl number 2000
rule 5 permit source 236.0.0.0 3.255.255.255
#
drop-profile DROP
wred dscp
dscp af11 low-limit 20 high-limit 95 discard-percentage 30
#
traffic classifier AF operator or
if-match dscp af11
traffic classifier LLQ operator or
if-match dscp ef
#
traffic behavior AF
queue af bandwidth pct 40
traffic behavior LLQ
queue llq bandwidth pct 30
#
traffic policy TP
classifier LLQ behavior LLQ
classifier AF behavior AF
#
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password cipher %$%$+[{2~/$'49~~b:,ZTIBZ]ao~%$%$
local-user admin service-type http
#
firewall zone Local
priority 64
#
interface Serial1/0/0
link-protocol ppp
#
interface Serial1/0/1
link-protocol ppp
#
interface Serial2/0/0
link-protocol ppp
#
interface Serial2/0/1
link-protocol ppp
#
interface Serial3/0/0
link-protocol ppp
ip address 10.4.34.3 255.255.255.0
pim sm
#
interface Serial3/0/1
link-protocol ppp
#
interface GigabitEthernet0/0/0
description Eth a Sw1
ip address 10.4.30.3 255.255.255.0
traffic-policy TP outbound
ip netstream sampler fix-packets 200 inbound
ip netstream inbound
#
interface GigabitEthernet0/0/1
description Eth a R5
ip address 10.4.35.3 255.255.255.0
pim sm
#
interface GigabitEthernet0/0/2
#
interface Cellular0/0/0
link-protocol ppp
#
interface Cellular0/0/1
link-protocol ppp
#
interface NULL0
#
interface LoopBack0
ip address 10.4.3.3 255.255.255.255
pim sm
#
bgp 345
router-id 10.4.3.3
peer 10.4.4.4 as-number 345
peer 10.4.4.4 connect-interface LoopBack0
peer 10.4.5.5 as-number 345
peer 10.4.5.5 connect-interface LoopBack0
#
ipv4-family unicast
undo synchronization
peer 10.4.4.4 enable
peer 10.4.4.4 reflect-client
peer 10.4.4.4 advertise-community
peer 10.4.5.5 enable
peer 10.4.5.5 reflect-client
#
ospf 4 router-id 10.4.3.3
area 0.0.0.0
authentication-mode md5 1 plain HuaWei
area 0.0.0.34
network 10.4.30.3 0.0.0.0
network 10.4.34.3 0.0.0.0
nssa
area 0.0.0.35
network 10.4.3.3 0.0.0.0
network 10.4.35.3 0.0.0.0
vlink-peer 10.4.5.5
#
pim
c-rp LoopBack0 group-policy 2000
#
ip netstream aggregation destination-prefix
enable
export version 9
ip netstream export source 10.4.3.3
ip netstream export host 10.4.10.30 6000
#
user-interface con 0
authentication-mode password
set authentication password cipher %$%$/%[%#,gJdL'c2HT0Q+d*,%5j^Z>j4u>^THkpW\<^oJB4%5m,%$%$
idle-timeout 0 0
screen-length 0
user-interface vty 0 4
#
wlan ac
#
voice
#
diagnose
#
return
R4
<R4>di cu
[V200R003C01SPC900]
#
sysname R4
#
board add 0/1 2SA
board add 0/2 2SA
board add 0/3 2SA
#
snmp-agent local-engineid 800007DB03D46AA87338E4
snmp-agent
#
http timeout 3
#
drop illegal-mac alarm
#
router id 10.4.4.4
#
multicast routing-enable
#
pki realm default
enrollment self-signed
#
#
qos map-table dscp-dscp
input 27 output 7
#
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password cipher %$%$f)StU$6nbH*`t%9Ra+.>]]DC%$%$
local-user admin service-type http
#
isis 4
is-level level-2
cost-style wide
network-entity 49.0004.0000.0000.0004.00
import-route ospf 4 route-policy O2I
#
firewall zone Local
priority 64
#
interface Serial1/0/0
link-protocol fr
undo fr inarp
fr map ip 10.4.145.1 401 broadcast
fr map ip 10.4.145.5 401 broadcast
description Ser FR a R1
ip address 10.4.145.4 255.255.255.0
pim sm
ospf dr-priority 0
#
interface Serial1/0/1
link-protocol ppp
#
interface Serial2/0/0
link-protocol ppp
description Ser a R3
ip address 10.4.34.4 255.255.255.0
pim sm
#
interface Serial2/0/1
link-protocol ppp
#
interface Serial3/0/0
link-protocol ppp
#
interface Serial3/0/1
link-protocol ppp
#
interface GigabitEthernet0/0/0
ip address 10.4.24.4 255.255.255.0
isis enable 4
isis circuit-type p2p
isis ppp-negotiation 3-way only
trust dscp override
pim sm
#
interface GigabitEthernet0/0/1
description LAN
ip address 10.4.40.4 255.255.255.0
#
interface GigabitEthernet0/0/2
#
interface Cellular0/0/0
link-protocol ppp
#
interface Cellular0/0/1
link-protocol ppp
#
interface NULL0
#
interface LoopBack0
ip address 10.4.4.4 255.255.255.255
pim sm
#
bgp 345
router-id 10.4.4.4
peer 10.4.3.3 as-number 345
peer 10.4.3.3 connect-interface LoopBack0
peer 10.4.24.2 as-number 20
#
ipv4-family unicast
undo synchronization
network 10.4.40.0 255.255.255.0
peer 10.4.3.3 enable
peer 10.4.24.2 enable
#
ospf 4 router-id 10.4.4.4
import-route isis 4 route-policy I2O
peer 10.4.145.1
preference ase route-policy EXT 150
area 0.0.0.0
authentication-mode md5 1 plain HuaWei
network 10.4.4.4 0.0.0.0
network 10.4.145.4 0.0.0.0
area 0.0.0.34
network 10.4.34.4 0.0.0.0
nssa no-import-route
#
route-policy I2O deny node 10
if-match tag 101
#
route-policy EXT permit node 10
if-match tag 100
apply preference 13
#
route-policy O2I deny node 10
if-match tag 104
#
route-policy O2I permit node 20
apply tag 401
#
pim
c-bsr LoopBack0
#
user-interface con 0
authentication-mode password
set authentication password cipher %$%$&q)J0"'ntDUw-_2;|+IE,%5w*@+3K+b_9)h.`4L>):uJ%5z,%$%$
idle-timeout 0 0
screen-length 0
user-interface vty 0 4
#
wlan ac
#
voice
#
diagnose
#
return
<R4>
R5
<R5>di cu
[V200R003C01SPC900]
#
sysname R5
#
board add 0/1 2SA
board add 0/2 2SA
board add 0/3 2SA
#
snmp-agent local-engineid 800007DB03D46AA8732918
snmp-agent
#
http timeout 3
#
drop illegal-mac alarm
#
router id 10.4.5.5
#
multicast routing-enable
#
undo anti-attack abnormal enable
undo anti-attack fragment enable
undo anti-attack icmp-flood enable
#
pki realm default
enrollment self-signed
#
#
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password cipher %$%$lBKpIQoSzOU%tsMGkI4']c#v%$%$
local-user admin service-type http
#
firewall zone Local
priority 64
#
interface Serial1/0/0
link-protocol fr
undo fr inarp
fr map ip 10.4.145.1 501 broadcast
fr map ip 10.4.145.4 501 broadcast
description Ser FR a R1
ip address 10.4.145.5 255.255.255.0
pim sm
ospf dr-priority 0
#
interface Serial1/0/1
link-protocol ppp
#
interface Serial2/0/0
link-protocol ppp
#
interface Serial2/0/1
link-protocol ppp
#
interface Serial3/0/0
link-protocol ppp
ip address 10.4.56.5 255.255.255.0
#
interface Serial3/0/1
link-protocol ppp
#
interface GigabitEthernet0/0/0
description Eth a R3
ip address 10.4.35.5 255.255.255.0
pim sm
igmp enable
igmp static-group 234.10.10.10
#
interface GigabitEthernet0/0/1
description a Sw3 - R1
ip address 10.4.15.5 255.255.255.0
pim sm
ospf cost 2000
#
interface GigabitEthernet0/0/2
#
interface Cellular0/0/0
link-protocol ppp
#
interface Cellular0/0/1
link-protocol ppp
#
interface NULL0
#
interface LoopBack0
ip address 10.4.5.5 255.255.255.255
#
bgp 345
router-id 10.4.5.5
peer 10.4.3.3 as-number 345
peer 10.4.3.3 connect-interface LoopBack0
peer 10.4.56.6 as-number 60
#
ipv4-family unicast
undo synchronization
aggregate 60.10.0.0 255.255.252.0 as-set origin-policy ORIG attribute-policy ATTRIB
peer 10.4.3.3 enable
peer 10.4.56.6 enable
#
ospf 4 router-id 10.4.5.5
peer 10.4.145.1
area 0.0.0.0
authentication-mode md5 1 plain HuaWei
network 10.4.5.5 0.0.0.0
network 10.4.145.5 0.0.0.0
area 0.0.0.15
network 10.4.15.5 0.0.0.0
vlink-peer 10.4.1.1
area 0.0.0.35
network 10.4.35.5 0.0.0.0
vlink-peer 10.4.3.3
area 0.0.0.56
network 10.4.56.5 0.0.0.0
#
route-policy ORIG permit node 10
if-match community-filter 1
#
route-policy ATTRIB permit node 10
apply community no-export additive
#
pim
spt-switch-threshold infinity
#
ip community-filter 1 permit 1:254
#
ip rpf-route-static 10.4.2.2 32 10.4.145.1
#
user-interface con 0
authentication-mode password
set authentication password cipher %$%$=IH"PZb:9:pqr!(oyDNN,%5hlP]`/d[*iW*rASIxC\'W%5k,%$%$
idle-timeout 0 0
screen-length 0
user-interface vty 0 4
#
wlan ac
#
voice
#
diagnose
#
return
R6
<R6>di cu
[V200R003C01SPC900]
#
sysname R6
#
board add 0/1 2SA
board add 0/2 2SA
board add 0/3 2SA
#
snmp-agent local-engineid 800007DB03D46AA8732610
snmp-agent
#
http timeout 3
#
drop illegal-mac alarm
#
router id 10.1.6.6
#
pki realm default
enrollment self-signed
#
#
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password cipher %$%$RzK'Yep(xDx4d7&9/yG$]sje%$%$
local-user admin service-type http
#
firewall zone Local
priority 64
#
interface Serial1/0/0
link-protocol ppp
#
interface Serial1/0/1
link-protocol ppp
#
interface Serial2/0/0
link-protocol ppp
ip address 10.4.56.6 255.255.255.0
#
interface Serial2/0/1
link-protocol ppp
#
interface Serial3/0/0
link-protocol ppp
ip address 157.68.2.1 255.255.255.0
rip summary-address 10.4.0.0 255.255.0.0
#
interface Serial3/0/1
link-protocol ppp
#
interface GigabitEthernet0/0/0
#
interface GigabitEthernet0/0/1
#
interface GigabitEthernet0/0/2
#
interface Cellular0/0/0
link-protocol ppp
#
interface Cellular0/0/1
link-protocol ppp
#
interface NULL0
#
interface LoopBack0
ip address 10.4.6.6 255.255.255.255
#
bgp 60
router-id 10.4.6.6
peer 10.4.56.5 as-number 345
peer 157.68.2.254 as-number 254
#
ipv4-family unicast
undo synchronization
peer 10.4.56.5 enable
peer 10.4.56.5 advertise-community
peer 157.68.2.254 enable
#
ospf 4 router-id 10.4.6.6
asbr-summary 171.10.0.0 255.255.252.0 tag 100 cost 100
import-route rip 4 cost 100 tag 100
area 0.0.0.56
network 10.4.6.6 0.0.0.0
network 10.4.56.6 0.0.0.0
#
rip 4
version 2
peer 157.68.2.254
network 157.68.0.0
silent-interface all
filter-policy ip-prefix imp_bb2 import Serial3/0/0
import-route ospf 4
#
ip ip-prefix imp_bb2 index 10 permit 171.10.0.0 22 greater-equal 24 less-equal 24
#
user-interface con 0
authentication-mode password
set authentication password cipher %$%$(7TfH);4u0xi&FIV5dC-,%5/$#Q!+>^0ODDE4X>uS1:2%52,%$%$
idle-timeout 0 0
screen-length 0
user-interface vty 0 4
#
wlan ac
#
voice
#
diagnose
#
return
Protegido: lab4SW1
<SW1>dis save
!Software Version V200R003C00SPC300
#
sysname SW1
#
vlan batch 35 110 113 135 222 224 255
#
stp instance 10 root primary
stp instance 20 root secondary
#
undo http server enable
undo http secure-server enable
#
drop illegal-mac alarm
#
stp region-configuration
region-name HUAWEI
revision-level 12
instance 10 vlan 110 135 222 224
instance 20 vlan 35 113 255
active region-configuration
#
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password cipher %@%@5d~9:M^ipCfL\iB)EQd>3Uwe%@%@
local-user admin service-type http
#
interface Vlanif1
#
interface Vlanif110
ip address 10.1.110.11 255.255.255.0
#
interface Vlanif113
ip address 10.1.113.11 255.255.255.0
#
interface MEth0/0/1
#
interface GigabitEthernet0/0/1
undo port hybrid vlan 1
#
interface GigabitEthernet0/0/2
port link-type access
port default vlan 255
#
interface GigabitEthernet0/0/3
undo port hybrid vlan 1
#
interface GigabitEthernet0/0/4
undo port hybrid vlan 1
#
interface GigabitEthernet0/0/5
undo port hybrid vlan 1
#
interface GigabitEthernet0/0/6
undo port hybrid vlan 1
#
interface GigabitEthernet0/0/7
undo port hybrid vlan 1
#
interface GigabitEthernet0/0/8
undo port hybrid vlan 1
#
interface GigabitEthernet0/0/9
undo port hybrid vlan 1
#
interface GigabitEthernet0/0/10
port link-type access
port default vlan 110
#
interface GigabitEthernet0/0/11
undo port hybrid vlan 1
#
interface GigabitEthernet0/0/12
undo port hybrid vlan 1
#
interface GigabitEthernet0/0/13
port link-type trunk
undo port trunk allow-pass vlan 1
port trunk allow-pass vlan 35 110 113 135 222 224 255
#
interface GigabitEthernet0/0/14
undo port hybrid vlan 1
#
interface GigabitEthernet0/0/15
undo port hybrid vlan 1
#
interface GigabitEthernet0/0/16
port link-type trunk
undo port trunk allow-pass vlan 1
port trunk allow-pass vlan 35 110 113 135 222 224 255
#
interface GigabitEthernet0/0/17
undo port hybrid vlan 1
#
interface GigabitEthernet0/0/18
undo port hybrid vlan 1
#
interface GigabitEthernet0/0/19
port link-type trunk
undo port trunk allow-pass vlan 1
port trunk allow-pass vlan 35 110 113 135 222 224 255
#
interface GigabitEthernet0/0/20
undo port hybrid vlan 1
#
interface GigabitEthernet0/0/21
undo port hybrid vlan 1
#
interface GigabitEthernet0/0/22
undo port hybrid vlan 1
#
interface GigabitEthernet0/0/23
port link-type access
port default vlan 110
#
interface GigabitEthernet0/0/24
undo port hybrid vlan 1
#
interface NULL0
#
ospf 1
import-route direct route-policy vlan113
area 0.0.0.34
network 10.1.113.11 0.0.0.0
nssa
#
route-policy vlan113 permit node 10
if-match interface Vlanif113
apply tag 100
#
user-interface con 0
authentication-mode password
set authentication password cipher %@%@}eVdSNi&XPFu)kWPQ`/S,GW(g\Do53mt#Z#x#uLFt{g2GW+,%@%@
screen-length 0
user-interface vty 0 4
user-interface vty 16 20
#
return
SW2
<SW2>dis save
!Software Version V200R003C00SPC300
#
sysname SW2
#
vlan batch 35 110 113 135 222 224 255
#
stp instance 10 root secondary
stp instance 20 root primary
#
multicast routing-enable
#
undo http server enable
undo http secure-server enable
#
drop illegal-mac alarm
#
stp region-configuration
region-name HUAWEI
revision-level 12
instance 10 vlan 110 135 222 224
instance 20 vlan 35 113 255
active region-configuration
#
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password cipher %@%@5d~9:M^ipCfL\iB)EQd>3Uwe%@%@
local-user admin service-type http
#
interface Vlanif1
#
interface Vlanif222
ip address 10.1.222.12 255.255.255.0
pim sm
#
interface Vlanif224
ip address 10.1.224.12 255.255.255.0
undo rip output
undo rip input
pim sm
#
interface MEth0/0/1
#
interface GigabitEthernet0/0/1
port link-type access
port default vlan 135
#
interface GigabitEthernet0/0/2
port link-type access
port default vlan 222
#
interface GigabitEthernet0/0/3
port link-type access
port default vlan 113
#
interface GigabitEthernet0/0/4
port link-type access
port default vlan 224
#
interface GigabitEthernet0/0/5
undo port hybrid vlan 1
#
interface GigabitEthernet0/0/6
undo port hybrid vlan 1
#
interface GigabitEthernet0/0/7
undo port hybrid vlan 1
#
interface GigabitEthernet0/0/8
undo port hybrid vlan 1
#
interface GigabitEthernet0/0/9
undo port hybrid vlan 1
#
interface GigabitEthernet0/0/10
undo port hybrid vlan 1
#
interface GigabitEthernet0/0/11
undo port hybrid vlan 1
#
interface GigabitEthernet0/0/12
undo port hybrid vlan 1
#
interface GigabitEthernet0/0/13
port link-type trunk
undo port trunk allow-pass vlan 1
port trunk allow-pass vlan 35 110 113 135 222 224 255
#
interface GigabitEthernet0/0/14
undo port hybrid vlan 1
#
interface GigabitEthernet0/0/15
undo port hybrid vlan 1
#
interface GigabitEthernet0/0/16
port link-type trunk
undo port trunk allow-pass vlan 1
port trunk allow-pass vlan 35 110 113 135 222 224 255
#
interface GigabitEthernet0/0/17
undo port hybrid vlan 1
#
interface GigabitEthernet0/0/18
undo port hybrid vlan 1
#
interface GigabitEthernet0/0/19
port link-type trunk
undo port trunk allow-pass vlan 1
port trunk allow-pass vlan 35 110 113 135 222 224 255
#
interface GigabitEthernet0/0/20
undo port hybrid vlan 1
#
interface GigabitEthernet0/0/21
undo port hybrid vlan 1
#
interface GigabitEthernet0/0/22
undo port hybrid vlan 1
#
interface GigabitEthernet0/0/23
undo port hybrid vlan 1
#
interface GigabitEthernet0/0/24
undo port hybrid vlan 1
#
interface NULL0
#
bgp 20
peer 10.1.222.2 as-number 20
peer 10.1.224.4 as-number 345
#
ipv4-family unicast
undo synchronization
peer 10.1.222.2 enable
peer 10.1.224.4 enable
#
ospf 1
import-route rip 1 route-policy RIPtoOSPF
preference ase route-policy ext 150
area 0.0.0.224
network 10.1.224.12 0.0.0.0
#
rip 1
undo summary
version 2
network 10.0.0.0
import-route ospf 1 route-policy OSPFtoRIP
#
route-policy RIPtoOSPF deny node 10
if-match tag 101
#
route-policy RIPtoOSPF permit node 20
apply tag 102
#
route-policy OSPFtoRIP deny node 10
if-match tag 202
#
route-policy OSPFtoRIP permit node 20
apply tag 201
#
route-policy ext permit node 10
if-match tag 100
apply preference 10
#
user-interface con 0
authentication-mode password
set authentication password cipher %@%@zlk)>T]]kBbjkY;86k;',G2DI0s9HFZqpFO\fmD"cz"GG2G,%@%@
screen-length 0
user-interface vty 0 4
user-interface vty 16 20
#
return
SW3
<SW3>dis save
#
!Software Version V100R006C03
sysname SW3
#
vlan batch 35 110 113 135 222 224 255
#
undo http server enable
#
drop illegal-mac alarm
#
stp region-configuration
region-name HUAWEI
revision-level 12
instance 10 vlan 110 135 222 224
instance 20 vlan 35 113 255
active region-configuration
#
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password cipher %$%$%h%uBV,a]MHp'=O0,3c!`kbY%$%$
local-user admin service-type http
#
interface Vlanif135
ip address 10.1.135.13 255.255.255.0
#
interface Ethernet0/0/1
undo port hybrid vlan 1
#
interface Ethernet0/0/2
undo port hybrid vlan 1
#
interface Ethernet0/0/3
port link-type access
port default vlan 35
#
interface Ethernet0/0/4
undo port hybrid vlan 1
#
interface Ethernet0/0/5
port link-type access
port default vlan 35
#
interface Ethernet0/0/6
undo port hybrid vlan 1
#
interface Ethernet0/0/7
undo port hybrid vlan 1
#
interface Ethernet0/0/8
undo port hybrid vlan 1
#
interface Ethernet0/0/9
undo port hybrid vlan 1
#
interface Ethernet0/0/10
undo port hybrid vlan 1
#
interface Ethernet0/0/11
undo port hybrid vlan 1
#
interface Ethernet0/0/12
undo port hybrid vlan 1
#
interface Ethernet0/0/13
port link-type trunk
undo port trunk allow-pass vlan 1
port trunk allow-pass vlan 35 110 113 135 222 224 255
#
interface Ethernet0/0/14
undo port hybrid vlan 1
#
interface Ethernet0/0/15
undo port hybrid vlan 1
#
interface Ethernet0/0/16
port link-type trunk
undo port trunk allow-pass vlan 1
port trunk allow-pass vlan 35 110 113 135 222 224 255
#
interface Ethernet0/0/17
undo port hybrid vlan 1
#
interface Ethernet0/0/18
undo port hybrid vlan 1
#
interface Ethernet0/0/19
undo port hybrid vlan 1
#
interface Ethernet0/0/20
undo port hybrid vlan 1
#
interface Ethernet0/0/21
undo port hybrid vlan 1
#
interface Ethernet0/0/22
undo port hybrid vlan 1
#
interface Ethernet0/0/23
port link-type access
port default vlan 135
#
interface Ethernet0/0/24
port link-type access
port default vlan 255
stp root-protection
#
interface GigabitEthernet0/0/1
undo port hybrid vlan 1
#
interface GigabitEthernet0/0/2
undo port hybrid vlan 1
#
interface GigabitEthernet0/0/3
undo port hybrid vlan 1
#
interface GigabitEthernet0/0/4
undo port hybrid vlan 1
#
interface NULL0
#
bgp 10
peer 10.1.135.1 as-number 10
#
ipv4-family unicast
undo synchronization
peer 10.1.135.1 enable
#
ospf 1
area 0.0.0.135
network 10.1.135.13 0.0.0.0
#
user-interface con 0
authentication-mode password
set authentication password cipher %$%$U~jWYM"%h'YNTNDK%IbG,]TKW3rc,A3f06YjQ=A=|OA~GcZU%$%$
screen-length 0
user-interface vty 0 4
#
return
SW4
<SW4>DIS SAVE
#
!Software Version V100R006C03
sysname SW4
#
vlan batch 35 110 113 135 222 224 255
#
undo http server enable
#
drop illegal-mac alarm
#
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password cipher %$%$jTUCZ50@(.n]t&HqoV3.4+"v%$%$
local-user admin service-type http
#
interface Ethernet0/0/1
undo port hybrid vlan 1
#
interface Ethernet0/0/2
undo port hybrid vlan 1
#
interface Ethernet0/0/3
undo port hybrid vlan 1
#
interface Ethernet0/0/4
undo port hybrid vlan 1
#
interface Ethernet0/0/5
port link-type access
port default vlan 135
#
interface Ethernet0/0/6
undo port hybrid vlan 1
#
interface Ethernet0/0/7
undo port hybrid vlan 1
#
interface Ethernet0/0/8
undo port hybrid vlan 1
#
interface Ethernet0/0/9
undo port hybrid vlan 1
#
interface Ethernet0/0/10
undo port hybrid vlan 1
#
interface Ethernet0/0/11
undo port hybrid vlan 1
#
interface Ethernet0/0/12
undo port hybrid vlan 1
#
interface Ethernet0/0/13
port link-type trunk
undo port trunk allow-pass vlan 1
port trunk allow-pass vlan 35 110 113 135 222 224 255
stp disable
#
interface Ethernet0/0/14
undo port hybrid vlan 1
#
interface Ethernet0/0/15
undo port hybrid vlan 1
#
interface Ethernet0/0/16
port link-type trunk
undo port trunk allow-pass vlan 1
port trunk allow-pass vlan 35 110 113 135 222 224 255
stp disable
#
interface Ethernet0/0/17
undo port hybrid vlan 1
#
interface Ethernet0/0/18
undo port hybrid vlan 1
#
interface Ethernet0/0/19
undo port hybrid vlan 1
#
interface Ethernet0/0/20
undo port hybrid vlan 1
#
interface Ethernet0/0/21
undo port hybrid vlan 1
#
interface Ethernet0/0/22
undo port hybrid vlan 1
#
interface Ethernet0/0/23
undo port hybrid vlan 1
#
interface Ethernet0/0/24
undo port hybrid vlan 1
#
interface GigabitEthernet0/0/1
undo port hybrid vlan 1
#
interface GigabitEthernet0/0/2
undo port hybrid vlan 1
#
interface GigabitEthernet0/0/3
undo port hybrid vlan 1
#
interface GigabitEthernet0/0/4
undo port hybrid vlan 1
#
interface NULL0
#
smart-link group 4
restore enable
smart-link enable
port Ethernet0/0/13 master
port Ethernet0/0/16 slave
timer wtr 30
flush send control-vlan 12
#
user-interface con 0
authentication-mode password
set authentication password cipher %$%$v>iPG{j';9.vS`,A"3Y',{ri[R$U9QGBoGNYOEE"=CH6G$xs%$%$
screen-length 0
user-interface vty 0 4
#
return
R1
<R1>dis save
[V200R003C01SPC900]
#
sysname R1
#
board add 0/1 2SA
board add 0/2 2SA
board add 0/3 2SA
#
snmp-agent local-engineid 800007DB03D46AA8733F30
snmp-agent
#
http timeout 3
#
drop illegal-mac alarm
#
router id 10.1.1.1
#
multicast routing-enable
#
pki realm default
enrollment self-signed
#
#
aaa
authentication-scheme default
authentication-scheme chap
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
domain pppchap
authentication-scheme chap
local-user admin password cipher %$%$J{5vPf_^e"Q,*-&ubpUJ`.~`%$%$
local-user admin service-type http
local-user chapuser password cipher %$%$]]ek$z51uKz=RbMZzv~Fdc}8%$%$
local-user chapuser service-type ppp
#
firewall zone Local
priority 64
#
interface Serial1/0/0
link-protocol fr
undo fr inarp
fr map ip 10.1.145.4 104 broadcast
fr map ip 10.1.145.5 105 broadcast
ip address 10.1.145.1 255.255.255.0
undo rip output
undo rip input
pim sm
#
interface Serial1/0/1
link-protocol ppp
#
interface Serial2/0/0
link-protocol ppp
ppp authentication-mode chap domain pppchap
ppp pap local-user papuser password cipher %$%$dP:1Fv^/J64zkm4AhO`A,|"X%$%$
ip address 10.1.12.1 255.255.255.0
pim sm
#
interface Serial2/0/1
link-protocol ppp
#
interface Serial3/0/0
link-protocol ppp
ip address 157.68.1.1 255.255.255.0
#
interface Serial3/0/1
link-protocol ppp
#
interface GigabitEthernet0/0/0
pim hello-option dr-priority 1000
#
interface GigabitEthernet0/0/1
ip address 10.1.135.1 255.255.255.0
undo rip output
undo rip input
ospf cost 2000
#
interface GigabitEthernet0/0/2
#
interface Cellular0/0/0
link-protocol ppp
#
interface Cellular0/0/1
link-protocol ppp
#
interface NULL0
#
interface LoopBack0
ip address 10.1.1.1 255.255.255.255
#
bgp 10
peer 10.1.12.2 as-number 20
peer 10.1.135.13 as-number 10
peer 157.68.1.254 as-number 254
peer 157.68.1.254 fake-as 100
#
ipv4-family unicast
undo synchronization
aggregate 10.1.0.0 255.255.0.0 as-set detail-suppressed
peer 10.1.12.2 enable
peer 10.1.12.2 route-policy R2 import
peer 10.1.135.13 enable
peer 157.68.1.254 enable
peer 157.68.1.254 route-policy as-path import
#
ospf 1
import-route rip 1 route-policy RIPtoOSPF
peer 10.1.145.4
peer 10.1.145.5
preference ase route-policy ext 150
area 0.0.0.0
authentication-mode md5 1 plain HuaWei
network 10.1.1.1 0.0.0.0
network 10.1.145.1 0.0.0.0
network 157.168.1.1 0.0.0.0
area 0.0.0.135
network 10.1.135.1 0.0.0.0
vlink-peer 10.1.5.5
#
rip 1
undo summary
version 2
network 10.0.0.0
import-route ospf 1 route-policy OSPFtoRIP
#
route-policy RIPtoOSPF deny node 10
if-match tag 201
#
route-policy RIPtoOSPF permit node 20
apply tag 202
#
route-policy OSPFtoRIP deny node 10
if-match tag 102
#
route-policy OSPFtoRIP permit node 20
apply tag 101
#
route-policy ext permit node 10
if-match tag 100
apply preference 10
#
route-policy R2 permit node 10
if-match ip-prefix 1
#
route-policy as-path permit node 10
apply as-path 254 254 254 254 additive
#
ip ip-prefix 1 index 10 permit 10.1.40.0 24
#
user-interface con 0
authentication-mode password
set authentication password cipher %$%$T&\a#AQ7B1f-zjVb]uZ~,$^-ORAL4M,7F"'mltPCakHA$^0,%$%$
screen-length 0
user-interface vty 0 4
#
wlan ac
#
voice
#
diagnose
#
return
<R1>
R2
<R2>dis save
[V200R003C01SPC900]
#
sysname R2
#
board add 0/1 2SA
board add 0/2 2SA
board add 0/3 2SA
#
snmp-agent local-engineid 800007DB03D46AA8732878
snmp-agent
#
http timeout 3
#
drop illegal-mac alarm
#
router id 10.1.2.2
#
multicast routing-enable
#
pki realm default
enrollment self-signed
#
#
acl number 2000
rule 5 permit source 236.0.0.0 3.255.255.255
#
aaa
authentication-scheme default
authentication-scheme pap
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
domain pppap
local-user admin password cipher %$%$^KK$>0pa39i.~l"s"l8*]i.k%$%$
local-user admin service-type http
local-user papuser password cipher %$%${.b7Xk*}p12z,P))CFz,`{g]%$%$
local-user papuser service-type ppp
#
firewall zone Local
priority 64
#
interface Serial1/0/0
link-protocol ppp
#
interface Serial1/0/1
link-protocol ppp
#
interface Serial2/0/0
link-protocol ppp
ppp authentication-mode pap domain pppap
ppp chap user chapuser
ppp chap password cipher %$%$f{2-B<2@N*"w[,)p|r4<,}\t%$%$
ip address 10.1.12.2 255.255.255.0
pim sm
#
interface Serial2/0/1
link-protocol ppp
#
interface Serial3/0/0
link-protocol ppp
#
interface Serial3/0/1
link-protocol ppp
#
interface GigabitEthernet0/0/0
ip address 157.68.3.1 255.255.255.0
#
interface GigabitEthernet0/0/1
ip address 10.1.222.2 255.255.255.0
pim sm
#
interface GigabitEthernet0/0/2
#
interface Cellular0/0/0
link-protocol ppp
#
interface Cellular0/0/1
link-protocol ppp
#
interface NULL0
#
interface LoopBack0
ip address 10.1.2.2 255.255.255.255
#
bgp 20
peer 10.1.12.1 as-number 10
peer 10.1.222.12 as-number 20
#
ipv4-family unicast
undo synchronization
peer 10.1.12.1 enable
peer 10.1.222.12 enable
#
rip 1
undo summary
version 2
network 10.0.0.0
import-route direct route-policy directas
#
route-policy directas permit node 10
if-match interface GigabitEthernet0/0/0
#
pim
c-rp LoopBack0 group-policy 2000
#
user-interface con 0
authentication-mode password
set authentication password cipher %$%$!f;aQ]uri%l\T!1-wEM>,$_ZVfoP.FUzW-\{ooY.FMiE$_],%$%$
screen-length 0
user-interface vty 0 4
#
wlan ac
#
voice
#
diagnose
#
return
<R2>
R3
<R3>dis save
[V200R003C01SPC900]
#
sysname R3
#
board add 0/1 2SA
board add 0/2 2SA
board add 0/3 2SA
#
snmp-agent local-engineid 800007DB03D46AA8733544
snmp-agent
#
http timeout 3
#
drop illegal-mac alarm
#
router id 10.1.3.3
#
multicast routing-enable
#
pki realm default
enrollment self-signed
#
#
acl number 2000
rule 5 permit source 232.0.0.0 7.255.255.255
#
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password cipher %$%$1ipMGg[4VXw`hl9C_`J$]a'S%$%$
local-user admin service-type http
#
firewall zone Local
priority 64
#
interface Serial1/0/0
link-protocol ppp
#
interface Serial1/0/1
link-protocol ppp
#
interface Serial2/0/0
link-protocol ppp
ip address 172.1.23.3 255.255.255.0
pim sm
#
interface Serial2/0/1
link-protocol ppp
#
interface Serial3/0/0
link-protocol ppp
ip address 10.1.34.3 255.255.255.0
pim sm
#
interface Serial3/0/1
link-protocol ppp
#
interface GigabitEthernet0/0/0
ip address 10.1.113.3 255.255.255.0
#
interface GigabitEthernet0/0/1
ip address 10.1.35.3 255.255.255.0
pim sm
#
interface GigabitEthernet0/0/2
#
interface Cellular0/0/0
link-protocol ppp
#
interface Cellular0/0/1
link-protocol ppp
#
interface NULL0
#
interface LoopBack0
ip address 10.1.3.3 255.255.255.255
#
bgp 345
peer 10.1.4.4 as-number 345
peer 10.1.4.4 connect-interface LoopBack0
peer 10.1.5.5 as-number 345
peer 10.1.5.5 connect-interface LoopBack0
#
ipv4-family unicast
undo synchronization
peer 10.1.4.4 enable
peer 10.1.4.4 reflect-client
peer 10.1.5.5 enable
peer 10.1.5.5 reflect-client
#
ospf 1
area 0.0.0.34
network 10.1.34.3 0.0.0.0
network 10.1.113.3 0.0.0.0
nssa
area 0.0.0.35
network 10.1.3.3 0.0.0.0
network 10.1.35.3 0.0.0.0
vlink-peer 10.1.5.5
#
pim
c-rp LoopBack0 group-policy 2000
#
user-interface con 0
authentication-mode password
set authentication password cipher %$%$1JisFQ+dEY]A;'(/+"t2,$_w:>rCMqlGMMR6zv~c*sB>$_z,%$%$
screen-length 0
user-interface vty 0 4
#
wlan ac
#
voice
#
diagnose
#
return
R4
<R4>dis save
[V200R003C01SPC900]
#
sysname R4
#
board add 0/1 2SA
board add 0/2 2SA
board add 0/3 2SA
#
snmp-agent local-engineid 800007DB03D46AA87335D0
snmp-agent
#
http timeout 3
#
drop illegal-mac alarm
#
router id 10.1.4.4
#
multicast routing-enable
#
pki realm default
enrollment self-signed
#
#
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password cipher %$%$ZHW^'+1g%(cv~X0N4lD#]hH#%$%$
local-user admin service-type http
#
firewall zone Local
priority 64
#
interface Serial1/0/0
link-protocol fr
undo fr inarp
fr map ip 10.1.145.1 401 broadcast
ip address 10.1.145.4 255.255.255.0
pim sm
#
interface Serial1/0/1
link-protocol ppp
#
interface Serial2/0/0
link-protocol ppp
ip address 10.1.34.4 255.255.255.0
pim sm
#
interface Serial2/0/1
link-protocol ppp
#
interface Serial3/0/0
link-protocol ppp
#
interface Serial3/0/1
link-protocol ppp
#
interface GigabitEthernet0/0/0
ip address 10.1.224.4 255.255.255.0
pim sm
#
interface GigabitEthernet0/0/1
ip address 172.1.40.4 255.255.255.0
#
interface GigabitEthernet0/0/2
#
interface Cellular0/0/0
link-protocol ppp
#
interface Cellular0/0/1
link-protocol ppp
#
interface NULL0
#
interface LoopBack0
ip address 10.1.4.4 255.255.255.255
#
interface LoopBack1
ip address 10.1.40.4 255.255.255.0
#
bgp 345
peer 10.1.3.3 as-number 345
peer 10.1.3.3 connect-interface LoopBack0
peer 10.1.224.12 as-number 20
#
ipv4-family unicast
undo synchronization
network 10.1.40.0 255.255.255.0
peer 10.1.3.3 enable
peer 10.1.224.12 enable
#
ospf 1
peer 10.1.145.1
area 0.0.0.0
authentication-mode md5 1 plain HuaWei
network 10.1.4.4 0.0.0.0
network 10.1.145.4 0.0.0.0
area 0.0.0.34
network 10.1.34.4 0.0.0.0
nssa
area 0.0.0.224
network 10.1.224.4 0.0.0.0
#
pim
c-bsr LoopBack0
#
user-interface con 0
authentication-mode password
set authentication password cipher %$%$(^z$L}bJx5MdEe+3ocW:,$_\5K9+:vy5LAbe"0VES7VY$__,%$%$
screen-length 0
user-interface vty 0 4
#
wlan ac
#
voice
#
diagnose
#
return
R5
<R5>dis save
[V200R003C01SPC900]
#
sysname R5
#
board add 0/1 2SA
board add 0/2 2SA
board add 0/3 2SA
#
snmp-agent local-engineid 800007DB03D46AA8733A04
snmp-agent
#
http timeout 3
#
drop illegal-mac alarm
#
router id 10.1.5.5
#
multicast routing-enable
#
pki realm default
enrollment self-signed
#
#
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password cipher %$%$@NY:,v:KwJ(xmbBAp@),`.Iu%$%$
local-user admin service-type http
#
firewall zone Local
priority 64
#
interface Serial1/0/0
link-protocol fr
undo fr inarp
fr map ip 10.1.145.1 501 broadcast
ip address 10.1.145.5 255.255.255.0
pim sm
#
interface Serial1/0/1
link-protocol ppp
#
interface Serial2/0/0
link-protocol ppp
#
interface Serial2/0/1
link-protocol ppp
#
interface Serial3/0/0
link-protocol ppp
ip address 10.1.56.5 255.255.255.0
#
interface Serial3/0/1
link-protocol ppp
#
interface GigabitEthernet0/0/0
ip address 10.1.35.5 255.255.255.0
pim sm
#
interface GigabitEthernet0/0/1
ip address 10.1.135.5 255.255.255.0
pim sm
igmp enable
igmp static-group 238.10.10.10
ospf cost 2000
#
interface GigabitEthernet0/0/2
#
interface Cellular0/0/0
link-protocol ppp
#
interface Cellular0/0/1
link-protocol ppp
#
interface NULL0
#
interface LoopBack0
ip address 10.1.5.5 255.255.255.255
#
bgp 345
peer 10.1.3.3 as-number 345
peer 10.1.3.3 connect-interface LoopBack0
peer 10.1.56.6 as-number 60
#
ipv4-family unicast
undo synchronization
aggregate 60.0.0.0 255.255.252.0 as-set origin-policy origen attribute-policy att
peer 10.1.3.3 enable
peer 10.1.3.3 advertise-community
peer 10.1.56.6 enable
#
ospf 1
asbr-summary 171.10.0.0 255.255.252.0 tag 100 cost 100
import-route rip 1 route-policy R5
peer 10.1.145.1
area 0.0.0.0
authentication-mode md5 1 plain HuaWei
network 10.1.5.5 0.0.0.0
network 10.1.145.5 0.0.0.0
area 0.0.0.35
network 10.1.35.5 0.0.0.0
vlink-peer 10.1.3.3
area 0.0.0.135
network 10.1.135.5 0.0.0.0
vlink-peer 10.1.1.1
#
rip 1
undo summary
version 2
network 10.0.0.0
import-route ospf 1
#
route-policy R5 permit node 10
if-match ip-prefix 1
apply cost 100
apply tag 100
#
route-policy origen permit node 10
if-match community-filter 1
#
route-policy att permit node 10
apply community no-export additive
#
pim
spt-switch-threshold infinity
#
ip ip-prefix 1 index 5 permit 10.1.56.0 24 greater-equal 24 less-equal 24
ip ip-prefix 1 index 10 permit 10.1.6.6 32
ip ip-prefix 1 index 20 permit 171.10.0.0 16 greater-equal 24 less-equal 24
#
ip community-filter 1 permit 1:254
#
ip rpf-route-static 10.1.4.4 32 10.1.145.1
#
user-interface con 0
authentication-mode password
set authentication password cipher %$%$2Y%L=lAB.!~}rbDEvX}-,$^i3A-b8s%lD2sYZkE1M2Q9$^l,%$%$
screen-length 0
user-interface vty 0 4
#
wlan ac
#
voice
#
diagnose
#
return
R6
<R6>dis save
[V200R003C01SPC900]
#
sysname R6
#
board add 0/1 2SA
board add 0/2 2SA
board add 0/3 2SA
#
snmp-agent local-engineid 800007DB03D46AA8732494
snmp-agent
#
http timeout 3
#
drop illegal-mac alarm
#
router id 10.1.6.6
#
multicast routing-enable
#
pki realm default
enrollment self-signed
#
#
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password cipher %$%$0mTj$tVV);XZJ^2pKd*~]fSp%$%$
local-user admin service-type http
#
firewall zone Local
priority 64
#
interface Serial1/0/0
link-protocol ppp
#
interface Serial1/0/1
link-protocol ppp
#
interface Serial2/0/0
link-protocol ppp
ip address 10.1.56.6 255.255.255.0
#
interface Serial2/0/1
link-protocol ppp
#
interface Serial3/0/0
link-protocol ppp
ip address 157.68.2.1 255.255.255.0
rip summary-address 10.1.0.0 255.255.0.0
#
interface Serial3/0/1
link-protocol ppp
#
interface GigabitEthernet0/0/0
#
interface GigabitEthernet0/0/1
#
interface GigabitEthernet0/0/2
#
interface Cellular0/0/0
link-protocol ppp
#
interface Cellular0/0/1
link-protocol ppp
#
interface NULL0
#
interface LoopBack0
ip address 10.1.6.6 255.255.255.255
#
bgp 60
peer 10.1.56.5 as-number 345
peer 157.68.2.254 as-number 254
#
ipv4-family unicast
undo synchronization
peer 10.1.56.5 enable
peer 157.68.2.254 enable
#
rip 1
undo summary
version 2
peer 157.68.2.254
network 10.0.0.0
network 157.68.0.0
silent-interface Serial2/0/0
filter-policy ip-prefix RIP-SUMMARY export Serial3/0/0
#
ip ip-prefix RIP-SUMMARY index 10 permit 10.1.0.0 16
#
user-interface con 0
authentication-mode password
set authentication password cipher %$%$Mrt/($w)l'!5g/=HI~5S,$_Vjl/E'&cfeIy2!:B7B}6$$_Y,%$%$
screen-length 0
user-interface vty 0 4
#
wlan ac
#
voice
#
diagnose
#
return
LAB5
1.1 VLAN(3p) Create VLAN 10, VLAN 15, VLAN 24, VLAN 30, VLAN 35, VLAN 255 in SW1.SW2.SW3.SW4
Assign the following interfaces to the corresponding VLANs. The interface mode is Access.
system-view
vlan batch 10 15 24 30 40 35 255
#
int GE0/0/X
undo port hybrid untagged vlan 1
port link-type access
port default vlan 10 ###vlan 10,15,24,30,35,255
#
int GE0/0/Y
port link-type trunk
undo port trunk allow-pass vlan 1
port trunk allow-pass vlan 2 to 4094
1.2 Link Aggregation (3p) SW1 and SW2 are connected to each other through GE0/0/13, GE0/0/14 and GE0/0/15
respectively, and these three interfaces are bundled into one logical interface. SW2 is the actor. The maximum available bandwidth between two devices is 2G. The interface connected to GE0 /
0/13 is the backup link. After the active interface GE0/0/14 or GE0/0/15 in SW2 goes Down, GE0/0/13 immediately
becomes the active interface. If the faulty interface is restored, GE0/0/13 is backed up after a delay of 10s.After the active interface GE0/0/14 or GE0/0/15 in SW2 is Down, GE0/0/13 immediately becomes the active
SW1#interface Eth-Trunk1 mode lacp-static trunkport gigabitethernet 0/0/13
trunkport gigabitethernet 0/0/14 trunkport gigabitethernet 0/0/15#
SW2#lacp priority 0#interface Eth-Trunk1 mode lacp-static trunkport gigabitethernet 0/0/13 trunkport gigabitethernet 0/0/14 trunkport gigabitethernet 0/0/15 lacp preempt enable max active-linknumber 2 lacp preempt delay 10 #interface g0/0/13 lacp priority 60000#
dis eth-trunk dis trunkmembership eth-trunk
A prioridade da lacq da interface é usada para determinar o link ativo, o padrão é 32768, quanto menor a prioridade, maior será a prioridade da lacp.
1.3 Trunk (1p) SW1 and SW2 are connected to each other through GE0/0/13, GE0/0/14 and GE0/0/15 interfaces
respectively. GE0/0/16 of SW1 is connected to Eth0/0/13 of SW3, GE0/0/16 of SW2 is connected to Eth0/0/16 of
SW3, and GE0/0/19 of SW2 is connected to Eth0/0/16 of SW4. The interfaces interconnected on SW1, SW2, SW3 and SW4 are modified into Trunk types to allow
all VLANs except vlan 1 to pass through.
SW1 #interface Eth-Trunk1 port link-type trunk undo trunk allow-pass vlan 1 port trunk allow-pass vlan 2 to 4094#
SW2#interface Eth-Trunk1 port link-type trunk
undo trunk allow-pass vlan 1 port trunk allow-pass vlan 2 to 4094
1.4 MSTP(2p)
SW1, SW2, SW3 are running MSTP. VLAN 10, VLAN 15 and VLAN 24 are in Instance 1, SW1 is the Primary Root, SW2 is the
Secondary Root, VLAN 30, VLAN 35 and VLAN 255 are in Instance 2, SW2 is the Primary Root, SW1 is the Secondary Root, and MSTP Region-name is HW, Revion-level is 1.
The GE0 / 0/10 interface of SW 1 connects directly to the PC. After the interface is UP, it needs to be in the forwarding status immediately. After receiving a BPDU packet, the interface needs to be shut down automatically.
SW1:# stp mode mstp stp region-configuration region-name HW revision-level 1 instance 1 vlan 10 15 24 instance 2 vlan 30 35 255 active region-configuration#stp instance 1 root primarystp instance 2 root secondary#stp bpdu-protection#interface G0/0/10 stp edge-port enable#
SW2:# stp mode mstp stp region-configuration region-name HW revision-level 1 instance 1 vlan 10 15 24 instance 2 vlan 30 35 255 active region-configuration#stp instance 2 root primarystp instance 1 root secondary#
SW3:# stp mode mstp
stp region-configuration region-name HW revision-level 1 instance 1 vlan 10 15 24 instance 2 vlan 30 35 255 active region-configuration# dis stp dis stp brief dis stp region-config
1.5 Smart Link(2p)
SW4 is connected to GE0/0/19 of SW1 through Eth0/0/13 and to GE0/0/19 of SW2 through Eth0/0/16. Eth0/0/13 is the master interface and Eth0/0/16 is the slave interface.
If a problem occurs on the Eth0/0/13 interface of SW4, the traffic automatically switches to the Eth0/0/16 interface. After Eth0/0/13 is restored to normal, traffic is automatically switched back within 30s. VLAN 10 as the Control VLAN.
SW4system-view#interface g0/0/13 ###接 SW1的 g0/0/19口 stp disableinterface g0/0/16 ###接 SW2的 g0/0/19口 stp disable# smart-link group 1 port g0/0/13 master port g0/0/16 slave smart-link enable ### Enable Smart Link group function restore enable ### Enable the switchback function of the smart link group. timer wtr 30 ### Set the Smart Link group switch-back time. By default, the Smart Link group switch-back time is 60 seconds. flush send control-vlan 10 ### The control VLAN can not be a VLAN mapped to a load-sharing instance#
SW1/SW2#interface g0/0/19 stp disable smart-link flush receive control-vlan 10 ## Habilite recepção de mensagens de descarga e configure o ID de VLAN de controle e a senha carregada em pacotes Flush (opcional)#dis smart-link group 1 ### Verifique o status do grupo de ligação inteligentedis smart-link flush ### Veja a informação de pacote de descarga recebida
1.6 Frame-Relay(1p)
Frame-Relay is used for interconnection between R1, R4 and R5 in Hub-Spoke mode. R1 is the Hub and R4 and R5 are Spoke. All Frame-Relay interfaces can not use sub-interfaces, and turn off the automatic Inverse ARP function
R1#interface Serial0/0/0 ### Here the new version of the simulator is 1/0/0 link-protocol fr undo fr inarp fr map ip 10.1.145.4 104 broadcast fr map ip 10.1.145.5 105 broadcast ip address 10.1.145.1 255.255.255.0#R4#interface Serial0/0/0 link-protocol fr undo fr inarp fr map ip 10.1.145.1 401 broadcast fr map ip 10.1.145.5 401 broadcast ip address 10.1.145.4 255.255.255.0#R5#interface Serial0/0/0 link-protocol fr undo fr inarp fr map ip 10.1.145.1 501 broadcast fr map ip 10.1.145.4 501 broadcast ip address 10.1.145.5 255.255.255.0#
1.7 PPP(2p)
R1 and R2 are interconnected through a serial interface, and the encapsulation type is PPP. R1 needs CHAP authentication for R2, R1 is the authentication end, and R2 is the authentication
end. The verified user name is chapuser and the password is CHAP123. R2 needs PAP authentication on R1, R2 on the authentication side, R1 on the authenticated side,
papuser on the authentication side, and PAP123 on the authentication side.
R1 # interface s0/0/2 ### The new simulator uses 1/0/1 ppp authentication-mode chap domain pppchap ppp pap local-user HUAWEI password cipher HUAWEI quit aaa authentication-scheme chap authentication-mode local domain pppchap authentication-scheme chap
local-user huawei password cipher huawei local-user huawei service-type ppp
R2 # interface s0/0/2 ## New simulator with 1/0/1 ppp authentication-mode pap ppppap ppp chap user huawei ppp chap password cipher huawei quit aaa authentication-scheme pap authentication-mode local domain ppppap authentication-scheme pap local-user HUAWEI password cipher HUAWEI local-user HUAWEI service-type ppp #
2.1 BASIC CONFIGRATION(3p)
As shown in the figure, the device interconnection address is 10.Y.ZZ.X / 24, where Y is the rack number, X is the device number, the device number rule is R1 is 1, R2 is 2 and so on, SW1 is 11, SW2 12 and so on, ZZ as shown in Figure II.
All routers have a loopback address, the address is 10.Y.X.X / 32. The address of R1 connecting BB1 is 157.68.1.1/24: the interface of BB1 is 157.68.1.254/24; The address of R6 connecting to BB2 is 157.68.2.1/24: the interface of B2B is 157.68.2.254/24 The address of R2 connecting to BB3 is 157.68.3.1/24: the interface of BB3 is 157.68.3.254/24; The router’s router-id is the loopback address.
2.2 RIP(2p) R6 is connected to BB2 via S3 / 0/0, RIPv2 is connected to R6 and BB2, and 157.68.2.254/24 is
connected to BB2 on BB2. The interface on the unrelated RIP can not run RIP but sends only unicast routing information.
R6 can only accept the four routes of 171.10.0.0/24, 171.10.1.0/24, 171.10.2.0/24, and 171.10.3.0/24, with the fewest commands.
R6:
rip 1
undo summary
version 2
peer 157.68.2.254
network 157.68.0.0
silent-interface all
filter-policy 2000 import S3/0/0 ### S3/0/0 here is the interface of R6 to BB2
#
acl number 2000
rule 10 permit source 171.10.0.0 0.0.3.0
#
2.3 Basic OSPF(4p) All OSPF processes are Y. OSPF runs between R1 \ R4 and R5. Its interconnecting interfaces, loopback interfaces, and S3 /
0/0 of R1 all operate in OSPF Area 0, and can not change the default type of the router interface. G0/0/1 for R1, G0/0/1 for R5, and Vlanif15 for SW3 all operate in OSPF Area15. S3/0/0 of R5, S2/0/0 of R6 and loopback mouth all run within OSPF Area 56. G0/0/0 of R5, G0/0/1 of R3, and loopback ports all operate in OSPF Area 35. G0/0/0 of R3, S/0/0 of S30 / 0/0, R4 / 0/0 of R4 and Vlan30 of SW1 all run in the OSPF Area 34.
R1
#
router id 10.1.1.1
#
ospf 1
peer 10.1.145.4
peer 10.1.145.5
area 0.0.0.0
network 157.68.1.1 0.0.0.0
network 10.1.145.1 0.0.0.0
network 10.1.1.1 0.0.0.0
area 0.0.0.15
network 10.1.15.1 0.0.0.0
#
R3
#
router id 10.1.3.3
#
ospf 1
area 0.0.0.0
area 0.0.0.34
network 10.1.34.3 0.0.0.0
network 10.1.30.3 0.0.0.0
area 0.0.0.35
network 10.1.3.3 0.0.0.0
network 10.1.35.3 0.0.0.0
#
R4
#
router id 10.1.4.4
#
interface Serial0/0/0
ospf dr-priority 0
#
ospf 1
peer 10.1.145.1
area 0.0.0.0
network 10.1.145.4 0.0.0.0
network 10.1.4.4 0.0.0.0
area 0.0.0.34
network 10.1.34.4 0.0.0.0
#
R5
#
router id 10.1.5.5
#
interface Serial0/0/0
ospf dr-priority 0
#
ospf 1
peer 10.1.145.1
area 0.0.0.0
network 10.1.145.5 0.0.0.0
network 10.1.5.5 0.0.0.0
area 0.0.0.15
network 10.1.15.5 0.0.0.0
area 0.0.0.35
network 10.1.35.5 0.0.0.0
area 0.0.0.56
network 10.1.56.5 0.0.0.0
#
R6
#
router id 10.1.6.6
#
ospf 1
area 0.0.0.56
network 10.1.56.6 0.0.0.0
network 10.1.6.6 0.0.0.0
#
SW1
#
router id 10.1.11.11
#
ospf 1
import-route direct route-policy direct
area 0.0.0.34
network 10.1.30.11 0.0.0.0
#
route-policy direct permit node 10
if-match interface Vlanif10
apply tag 100
#
2.4 OSPF Availability(2p)
The frame relay between R1 and R5 is the primary link. Generally, the traffic of the network segment where Area S3, Area 0/0, and Area 35 of Area 35, Area 56, and R1 reside goes through the Frame Relay link, but this link is not When the frame relay link is interrupted, the traffic needs to be switched to the Ethernet standby link of R1 and R5. If the main link is restored to normal, the traffic will be switched automatically.
Configure the virtual link through area 15 between R1 and R5
R1
#
router id 10.1.1.1
#
ospf 1
area 0.0.0.15
network 10.1.15.1 0.0.0.0
vlink-peer 10.1.5.5
#
int g0/0/1 ### 连接 vlan 15的 link
ospf cost 1570
#
R5
#
router id 10.1.5.5
#
ospf 1
area 0.0.0.15
network 10.1.15.5 0.0.0.0
vlink-peer 10.1.1.1
#
int g0/0/1 ### 连接 vlan 15的 link
ospf cost 1570
#
2.5 Traffic Optimization (2p)
Vlan15 and Vlan30 network access business traffic need to take the Ethernet link.
R3 and R5 through the area 35 to establish a virtual link
R3
router id 10.1.3.3
#
ospf 1
area 0.0.0.0
area 0.0.0.34
network 10.1.34.3 0.0.0.0
network 10.1.30.3 0.0.0.0
area 0.0.0.35
network 10.1.3.3 0.0.0.0
network 10.1.35.3 0.0.0.0
vlink-peer 10.1.5.5
R5
router id 10.1.5.5
#
ospf 1
peer 10.1.145.1
area 0.0.0.0
network 10.1.145.5 0.0.0.0
network 10.1.5.5 0.0.0.0
area 0.0.0.15
network 10.1.15.5 0.0.0.0
area 0.0.0.35
network 10.1.35.5 0.0.0.0
vlink-peer 10.1.3.3
area 0.0.0.56
network 10.1.56.5 0.0.0.0
#
2.6 OSPF authentication(2p)
OSPF area 0 is area authentication, MD5 is required, and the authentication password is HuaWei.
R1router id 10.1.1.1#ospf 1 area 0.0.0.0 authentication-mode md5 1 plain HuaWei#R4router id 10.1.4.4#ospf 1 area 0.0.0.0 authentication-mode md5 1 plain HuaWei#R5router id 10.1.5.5#ospf 1 area 0.0.0.0 authentication-mode md5 1 plain HuaWei#R3router id 10.1.3.3#ospf 1 area 0.0.0.0 ### vlink on R3, vlink belongs to area0, so we have to open the area0 authentication authentication-mode md5 1 plain HuaWei
#
2.7 Interoperability Between RIP and OSPF (2p) RIP and OSPF running on R6 need to be introduced to each other On R6, OSPF learns the routes learned from RIP optimally. In Area0, you can see that all routes
imported by R6 cost 100 and the tag is 100
R6rip 1 import ospf 1 cost 5#ospf 1 import rip 1 cost 100 tag 100 asbr-summary 171.10.0.0 255.255.252.0 tag 100 cost 100 #ip route-static 171.10.0.0 255.255.252.0 NULL 0
#Note: Huawei does not automatically generate summary routes to null0. It is a good idea to manually refer to the summary of nullo0 and RIP is the same.
2.8 RIP Route Summary (1p)
R6 sends a summary route of 10.y.0.0 / 16 to BB2
R6
#
rip 1
import ospf 1 cost 5
#
interface S3/0/0 ###此处的 S3/0/0接口是连接 BB2的接口
rip summary-address 10.1.0.0 255.255.0.0 avoid-feedback
#
ip route-static 10.1.0.0 255.255.0.0 NULL 0
#
2.9 OSPF Area 34(2p)
Area 34 does not accept any external routes imported by other OSPF areas. SW1 only imports the IP network segment in which Vlan10 resides to OSPF. The default type is tag 100.
Area 34 is the NSSA area
R4
router id 10.1.4.4
#
ospf 1
peer 10.1.145.1
area 0.0.0.0
network 10.1.145.4 0.0.0.0
network 10.1.4.4 0.0.0.0
area 0.0.0.34
network 10.1.34.4 0.0.0.0
nssa no-import-route
#
R3
router id 10.1.3.3
#
ospf 1
area 0.0.0.0
authentication-mode md5 1 plain HuaWei
area 0.0.0.34
network 10.1.34.3 0.0.0.0
network 10.1.30.3 0.0.0.0
area 0.0.0.35
network 10.1.3.3 0.0.0.0
network 10.1.35.3 0.0.0.0
area 0.0.0.34
network 10.1.34.3 0.0.0.0
network 10.1.30.3 0.0.0.0
nssa
#
SW1
router id 10.1.11.11
#
ospf 1
import-route direct route-policy direct
area 0.0.0.34
network 10.1.30.11 0.0.0.0
nssa
#
route-policy direct permit node 10
if-match interface Vlanif10
apply tag 100
2.10 Basic ISIS(4p) R1 and R2, the mutual interface between R2 and R4, and the Loopback interface of R2 run the ISIS
protocol.R1 and R2 belong to area 49.0012 and R4 belongs to 49.0004, both of which are Level-2 type routers whose System-id are 0000.0000.000X X is the router number.
ISIS process number is Y. ISIS routers only establish the neighbor relationship through reliable technology, and DIS is not
allowed between R2 and R4. G0 / 0/0 of R2 does not run ISIS but the network segment where the interface resides can be accessed by the ISIS area.
R1
isis 1
is-level level-2
cost-style wide
network-entity 49.0012.0000.0000.0001.00
interface Serial0/0/2 ### Connection R2 interface
isis enable 1
R2
isis 1
is-level level-2
cost-style wide
network-entity 49.0012.0000.0000.0002.00
import direct route-policy match-bb3
#
interface Serial0/0/2 ### interface to connect R1
isis enable 1
#
interface GigabitEthernet0/0/0 ### BB3 interface
#
interface GigabitEthernet0/0/1 ### Interface to R4
isis enable 1
isis circuit-type p2p
isis ppp-negotiation 3-way only
#
interface LoopBack0
isis enable 1
#
route-policy match-bb3 permit node 10
if-match interface GigabitEthernet0/0/0
R4
isis 1
is-level level-2
cost-style wide
network-entity 49.0004.0000.0000.0004.00
#
interface GigabitEthernet0/0/1 ### Interface to R2
isis enable 1
isis circuit-type p2p
isis ppp-negotiation 3-way only
2.11 Interoperation Between OSPF and ISIS (4p) OSPF and ISIS are respectively introduced on R1 and R4. The type of the route imported by IS-IS
to OSPF is 2, but all network routes can be seen on the entire network. R1 and R4 need to go through the optimal path for accessing external routes and the configuration requires the best Scalability.
R2 and R5 ‘s loopback 0 should be balanced shared;
Note:1.isis tag distance anti-ospf external routing suboptimal path2. Inject directly into the cost of change, to the second best path rejected host routing 32, Huawei equipment to generate their own3. Control isis area to ospf area 34 path to walk the recent
On IS-IS, another route-policy is used to adjust the sub-optimal path from ISIS to OSPF intra-area routes.Prevent loops by filtering;
R1#isis 1 import-route direct route-policy direct import-route ospf 1 cost 20 tag 1000 preference route-policy pre#ospf 1 import-route direct cost 0 import-route isis 1 cost 20#route-policy pre permit node 10 if-match tag 4000 apply preference 160#route-policy direct deny node 10 if-match ip-prefix 145route-policy direct permit node 20#ip ip-prefix 145 index 10 permit 10.1.145.0 24 greater-equal 32 less-equal 32#R4#isis 1 import-route direct route-policy direct import-route ospf 1 route-policy a34 preference route-policy pre#ospf 1 import-route direct cost 0 route-policy deny40ospf
import-route isis 1 cost 20#route-policy pre permit node 10 if-match tag 1000apply preference 160#route-policy direct deny node 10 if-match ip-prefix 40&145route-policy direct permit node 20#route-policy a34 permit node 10 if-match ip-prefix a34 apply cost 0 apply tag 4000route-policy a34 permit node 20 apply cost 20apply tag 4000#route-policy deny40ospf deny node 10 if-match ip-prefix deny40toospf#route-policy deny40ospf permit node 20#ip ip-prefix 40&145 index 10 permit 10.1.145.0 24 greater-equal 32 less-equal 32ip ip-prefix 40&145 index 20 permit 10.1.40.0 24#ip ip-prefix deny40toospf index 20 permit 10.1.40.0 24 #ip ip-prefix a34 index 10 permit 10.1.30.0 24ip ip-prefix a34 index 20 permit 10.1.10.0 24#
—> sub-optimal path (OSPF internal, as well as external);—-> Use tag to prevent loop;
3.1 IBGP (2p) R1 and SW3 belong to AS 10, R2 belong to AS20, R3, R4 and R5 belong to AS345, R6 belong to
AS60, R1 and SW3 establish a BGP neighbor relationship through the directly connected interface. Router in AS345 establishes stable and reliable BGP neighbor relationship, R4 and R5 do not
establish neighbor relationship;
IBGP session between R1 and SW3
R1:#bgp 10 peer 10.1.15.13 as-number 10# ipv4-family unicast undo synchronization peer 10.1.15.13 enable#
SW3:#bgp 10 peer 10.1.15.1 as-number 10#
ipv4-family unicast undo synchronization peer 10.1.15.1 enable#
R3 and R4 and R5 iBGP session
R4:#bgp 345 peer 10.1.3.3 as-number 345 peer 10.1.3.3 connect-interface LoopBack0 # ipv4-family unicast undo synchronization peer 10.1.3.3 enable#R3:#bgp 345 peer 10.1.4.4 as-number 345 peer 10.1.4.4 connect-interface LoopBack0 peer 10.1.5.5 as-number 345 peer 10.1.5.5 connect-interface LoopBack0# ipv4-family unicast undo synchronization peer 10.1.4.4 enable peer 10.1.5.5 enable peer 10.1.4.4 reflect-client peer 10.1.5.5 reflect-client#R5:#bgp 345 peer 10.1.3.3 as-number 345 peer 10.1.3.3 connect-interface LoopBack0# ipv4-family unicast undo synchronization peer 10.1.3.3 enable##
There are no iBGP sessions on R2 and R6
3.2 EBGP (2p) EBGP through the direct connection to establish a neighbor relationship; BB1 and BB2 are in AS254. R1 and R2 establish EBGP neighbors. R2 and R4 establish EBGP
neighbors. R5 and R6 establish EBGP neighbors.
R1 and BB1 establish EBGP neighbors. The EBGP neighbor address is 157.68.1.254. BB1 neighbors consider R1 as AS100. R6 and BB2 establish EBGP neighbors. The BB2 interface address is 157.68.2.254.
eBGP session:R1 and R2R1 and BB1R2 and R4Between R5 and R6R6 and BB2R2 and BB3
R1:
#
bgp 10
peer 10.1.12.2 as-number 20
peer 10.1.15.13 as-number 10
peer 157.68.1.254 as-number 254
peer 157.68.1.254 fake-as 100 ### BB1和 AS100建立 BGP
#
ipv4-family unicast
undo synchronization
peer 10.1.12.2 enable
peer 10.1.15.13 enable
peer 157.68.1.254 enable
#
R2:
#
bgp 20
peer 10.1.12.1 as-number 10
peer 10.1.24.4 as-number 345
#
ipv4-family unicast
undo synchronization
peer 10.1.12.1 enable
peer 10.1.24.4 enable
#
R4:
#
bgp 345
peer 10.1.3.3 as-number 345
peer 10.1.3.3 connect-interface LoopBack0
peer 10.1.24.2 as-number 20
#
ipv4-family unicast
undo synchronization
peer 10.1.3.3 enable
peer 10.1.24.2 enable
#
R5:
#
bgp 345
peer 10.1.3.3 as-number 345
peer 10.1.3.3 connect-interface LoopBack0
peer 10.1.56.6 as-number 60
#
ipv4-family unicast
undo synchronization
peer 10.1.3.3 enable
peer 10.1.56.6 enable
#
R6:
#
bgp 60
peer 10.1.56.5 as-number 345
peer 157.68.2.254 as-number 254
#
ipv4-family unicast
undo synchronization
peer 10.1.56.5 enable
peer 157.68.2.254 enable
#
3.3 EBGP Routing (4p)
R6 sends the EBGP route learned by BB2 to R5, and R5 summarizes the route with community-number 1: 254 as an optimal summary route and inherits the community attribute of the detailed route
This summary route can not be advertised as AS345. You can not use route filtering.
R6
#
bgp 60
peer 10.1.56.5 as-number 345
peer 157.68.2.254 as-number 254
#
ipv4-family unicast
undo synchronization
peer 10.1.56.5 enable
peer 10.1.56.5 advertise-community
peer 157.68.2.254 enable
#
R5:
#
bgp 345
peer 10.1.3.3 as-number 345
peer 10.1.3.3 connect-interface LoopBack0
peer 10.1.56.6 as-number 60
#
ipv4-family unicast
undo synchronization
aggregate 60.0.0.0 255.255.252.0 as-set attribute-policy att
peer 10.1.3.3 enable
peer 10.1.3.3 advertise-community
peer 10.1.56.6 enable
#
route-policy att permit node 10
apply community no-export-subconfed additive
#
R3:
#
bgp 345
peer 10.1.4.4 as-number 345
peer 10.1.4.4 connect-interface LoopBack0
peer 10.1.5.5 as-number 345
peer 10.1.5.5 connect-interface LoopBack0
#
ipv4-family unicast
undo synchronization
peer 10.1.4.4 enable
peer 10.1.4.4 advertise-community
peer 10.1.5.5 enable
peer 10.1.4.4 reflect-client
peer 10.1.5.5 reflect-client
#
R4:
#
bgp 345
peer 10.1.3.3 as-number 345
peer 10.1.3.3 connect-interface LoopBack0
peer 10.1.24.2 as-number 20
#
ipv4-family unicast
undo synchronization
peer 10.1.3.3 enable
peer 10.1.24.2 enable
## There is no community value left AS345, so R4 to R2 direction did not increase advertise-community
R2
#
bgp 20
peer 10.1.12.1 as-number 10
peer 10.1.24.4 as-number 345
#
ipv4-family unicast
undo synchronization
peer 10.1.12.1 enable
peer 10.1.24.4 enable
#
R1
#
bgp 10
peer 10.1.12.2 as-number 20
peer 10.1.15.13 as-number 10
peer 157.68.1.254 as-number 254
peer 157.68.1.254 fake-as 100 ### BB1 and AS100 establish BGP
#
ipv4-family unicast
undo synchronization
peer 10.1.12.2 enable
peer 10.1.15.13 enable
peer 157.68.1.254 enable
#
3.4 BGP Notification (3p) R4 on the interface G0 / 0/1, address 10. Y. 40.0 / 24, informed into the BGP R1 need to be summarized as a 10.Y.0.0 / 16 BGP routes, detailed routing is not announced, R2
can not see this summary of the route, you can not use the route summary filtering
R4
#
bgp 345
network 10.1.40.0 24
#
R1
#
bgp 10
peer 10.1.12.2 as-number 20
peer 10.1.15.13 as-number 10
peer 157.68.1.254 as-number 254
#
ipv4-family unicast
undo synchronization
aggregate 10.1.0.0 255.255.0.0 as-set detail-suppressed
peer 10.1.12.2 enable
peer 10.1.15.13 enable
peer 157.68.1.254 enable
#
3.5 BGP Control (4p) AS 10, AS20, AS345, and AS60 preferentially route from BB2. If BB2 is unreachable, it needs to
reach through BB1 and can only be configured on R1 R4 G0/0/1 address needs to be BB1 and BB2 normal access to R4’s G0 / 0/1 interface is a
10.1.40.0 network that is not advertised in OSPF The title also said that if the BB2 is broken, can be accessed through the BB1. BB1 access BB1
40.0 visit is no problem, but there is a routing table and the actual data flow inconsistencies. Communicate with the examiner, he said that the best way to use R4 in the next revision of routing changes back to the data flow routing BGP to achieve the same routing table and the actual data flow.Bringing 40.0 out of R4 into bgp guarantees that he will be able to access bb1 and BB2 normally
Here from 1, 2, 4 to the bb2 where there is a target network segment data loop, R5 routing here next hop set to 35.5, you can break the loop.Note that this place is useless on R5R3 is the reflector can not change the next hop, only in the R4 inbound direction to do the next hop
R1:
#
bgp 10
peer 10.1.12.2 as-number 20
peer 10.1.15.13 as-number 10
peer 157.68.1.254 as-number 254
peer 157.68.1.254 fake-as 100
#
ipv4-family unicast
undo synchronization
aggregate 10.1.0.0 255.255.0.0 as-set detail-suppressed
peer 10.1.12.2 enable
peer 10.1.15.13 enable
peer 157.68.1.254 enable
peer 157.68.1.254 route-policy as-path import ###对从 BB1进来的 BGP路由延长 AS-path.
#
route-policy as-path permit node 10
apply as-path 1000 1000 1000 1000 additive
#
R4
#
bgp 345
network 10.1.40.0 24
peer 10.1.3.3 as-number 345
peer 10.1.3.3 connect-interface LoopBack0
peer 10.1.24.2 as-number 20
#
ipv4-family unicast
undo synchronization
peer 10.1.3.3 enable
peer 10.1.24.2 enable
peer 10.1.3.3 route-policy set-inbound-next-hop import ###R4访问 BB2
peer 10.1.3.3 route-policy set-outbound-next-hop export ###R5访问 BB1
#
route-policy set-inbound-next-hop permit node 10
apply ip-address next-hop 10.1.34.3
#
route-policy set-outbound-next-hop permit node 10
apply ip-address next-hop 10.1.34.4
#
3.6 BGP BFD(1p) IBGP connections are established between R1 and SW3 over Ethernet segments. If there is a
problem with the intermediate network, IBGP needs to be detected within 1s and can take effect immediately.
R1:#bfdbgp 10 peer 10.1.12.2 as-number 20 peer 10.1.15.13 as-number 10
peer 10.1.15.13 bfd min-tx-interval 300 min-rx-interval 300 peer 10.1.15.13 bfd enable peer 157.68.1.254 as-number 254 peer 157.68.1.254 fake-as 100 peer 10.1.15.13 bfd min-tx-interval 300 min-rx-interval 300 peer 10.1.15.13 bfd enable # ipv4-family unicast undo synchronization aggregate 10.1.0.0 255.255.0.0 as-set detail-suppressed peer 10.1.12.2 enable peer 10.1.15.13 enable peer 157.68.1.254 enable peer 157.68.1.254 route-policy as-path import#SW3:# bfdbgp 10 peer 10.1.15.1 as-number 10 peer 10.1.15.1 bfd min-tx-interval 300 min-rx-interval 300 peer 10.1.15.1 bfd enable# ipv4-family unicast undo synchronization peer 10.1.15.1 enable#
<R1>display bgp bfd session all Local_Address Peer_Address LD/RD Interface 10.1.15.1 10.1.15.13 8193/8193 Unknown Tx-interval(ms) Rx-interval(ms) Multiplier Session-State 300 300 3 Up Wtr-interval(m) 0 <SW3>display bgp bfd session all Local_Address Peer_Address LD/RD Interface 10.1.15.13 10.1.15.1 8193/8193 Unknown Tx-interval(ms) Rx-interval(ms) Multiplier Session-State 300 300 3 Up Wtr-interval(m)
0 4.1 PIM(2p) R1, R2, R3, R4 and R5 need to enable multicast and PIM-SM mode is used to establish neighbor
relationships between neighboring devices
R1#multicast routing-enable#interface Serial0/0/0 pim sm#interface Serial0/0/2 pim sm#interface GigabitEthernet0/0/1 pim sm
R2#multicast routing-enable#interface Serial0/0/2 pim sm#interface GigabitEthernet0/0/1 pim sm#interface LoopBack0 pim sm#
R3#multicast routing-enable#interface Serial0/0/2 pim sm#interface GigabitEthernet0/0/0 pim sm#interface LoopBack0 pim sm#
R4#multicast routing-enable#interface Serial0/0/0 pim sm#interface Serial0/0/2 pim sm#interface GigabitEthernet0/0/1 pim sm#interface LoopBack0 pim sm#
R5#multicast routing-enable#interface Serial0/0/0 pim sm#interface GigabitEthernet0/0/0 pim sm#interface GigabitEthernet0/0/1 pim sm#
4.2 RP(4p)
2 Use the loopback interface address, allowing the C-RP of the multicast address of 236.0.0.0-239.255.255.255.
R3 uses the loopback interface address, allowing C-RPs for the multicast address of 232.0.0.0-239.255.255.255.
R4 uses the loopback port address as the C-BSR address, so routers can learn RPs.
R2multicast routing-enable#acl number 2000 rule 10 permit source 236.0.0.0 3.255.255.255#pim c-rp LoopBack0 group-policy 2000
R3multicast routing-enable#acl number 2000 rule 10 permit source 232.0.0.0 7.255.255.255#pim c-rp LoopBack0 group-policy 2000
R4multicast routing-enable#pim c-bsr LoopBack0
R5multicast routing-enable#ip rpf-route-static 10.1.4.4 32 10.1.145.1
Use display pim rp-info to observe the rp and group mappings on each router
<R2>dis pim rp-info VPN-Instance: public net PIM-SM BSR RP Number:2 Group/MaskLen: 232.0.0.0/5 RP: 10.1.3.3 Priority: 0 Uptime: 00:12:21 Expires: 00:02:09 Group/MaskLen: 236.0.0.0/6 RP: 10.1.2.2 (local) Priority: 0 Uptime: 04:43:05 Expires: 00:02:09#<R3>dis pim rp-info VPN-Instance: public net PIM-SM BSR RP Number:2 Group/MaskLen: 232.0.0.0/5 RP: 10.1.3.3 (local) Priority: 0 Uptime: 00:12:27 Expires: 00:02:03 Group/MaskLen: 236.0.0.0/6 RP: 10.1.2.2 Priority: 0
Uptime: 00:12:32 Expires: 00:02:03<R3>#<R4>dis pim bsr-info VPN-Instance: public net Elected AdminScoped BSR Count: 0 Elected BSR Address: 10.1.4.4 Priority: 0 Hash mask length: 30 State: Elected Scope: Not scoped Uptime: 04:45:20 Next BSR message scheduled at: 00:00:27 C-RP Count: 2 Candidate AdminScoped BSR Count: 0 Candidate BSR Address: 10.1.4.4 Priority: 0 Hash mask length: 30 State: Elected Scope: Not scoped Wait to be BSR: 0<R4>
4.3 Multicast Routing (3p) G0 / 0/0 of R5 is statically added to 238.10.10.10. R5 always uses RP as the multicast source, and
you can see the multicast route of this address on R2. A multicast source is on the Vlan 15 network segment, and R1 is responsible for registering
multicast sources with the RP on this network segment.
R1multicast routing-enable#interface GigabitEthernet0/0/1 pim hello-option dr-priority 50000 ### 强制 R1当做 DR. pim sm#
R5multicast routing-enable#interface Serial0/0/0 pim sm#interface GigabitEthernet0/0/0 pim sm igmp static-group 238.10.10.10#interface GigabitEthernet0/0/1 pim sm#pim spt-switch-threshold infinity#ip rpf-route-static 10.1.2.2 32 10.1.145.1 ### Used to rpf check R5 rpt tree
ip rpf-route-static 10.1.4.4 32 10.1.145.1 ### is used to make an rpf check on the rp-info content advertised by the BSR
使用 display pim routing-table 去观察组播路由表<R5>display pim routing-table VPN-Instance: public net Total 1 (*, G) entry; 0 (S, G) entry (*, 238.10.10.10) RP: 10.1.2.2 Protocol: pim-sm, Flag: WC UpTime: 05:26:13 Upstream interface: Serial0/0/0 Upstream neighbor: 10.1.145.1 RPF prime neighbor: 10.1.145.1 Downstream interface(s) information: None<R5>
4.4 IGMP Snooping(1p) The Vlan24 on SW2 monitors and records IGMP messages, forwards the multicast messages to the
required interfaces correctly, and avoids flooding multicast traffic and occupying unnecessary network bandwidth and resources.
SW2#igmp-snooping enable#vlan 24 igmp-snooping enable#
5.1 QOS Flow Classification (2p) G0 / 0/0 of R4 trusts the packet priority, and changes the received DSCP mapping value of DSCP
value 27 to 7. Change the DSCP value of UDP packets with the physical port number of 6000 to 10 and the
source IP address to 10 in the inbound direction of G0 / 0/10 of SW2 to 20. Change the DSCP value of TCP packets of Y. 24.0/24 to 20 .
interface g0/0/1 trust dscp override ### On the AR2200, if priority mapping needs to be performed according to the priority carried in the packet, you must configure the priority of the packet on the inbound interface of the packet and specify the override attribute. Otherwise, the priority of the packet will not be changedquit
qos map-table dscp-dscp input 27 output 7 # If the bridge does not go here, enter the dscp followed by knock input output# Here in the boss simulator can not knock on, please practice with 5.12 and 5.13
SW1 #acl number 3000 rule 10 permit udp destination-port eq 6000#acl number 3001 rule 10 permit tcp source 10.1.24.0 0.0.0.255#traffic classifier 10 operator and if-match acl 3000traffic classifier 20 operator and if-match acl 3001#traffic behavior 10 remark dscp af11traffic behavior 20 remark dscp af22#traffic policy mark classifier 10 behavior 10classifier 20 behavior 20#int g0/0/23 traffic-policy mark inbound#
display qos map-table ### View Priority Mappingdisplay traffic policy statistics ### Based on traffic policy information
5.2 Traffic Regulation and Shaping (2p) Set the flow rate of G0 / 0/2 inbound interface of SW2 to 20M, and perform traffic shaping on the
outbound interface of G0 / 0/4. The speed limit bandwidth is 18M.
SW2 #int g0/0/2 qos lr inbound cir 20000#int g0/0/4 qos lr outbound cir 18000#display qos lr ### View the rate limit of an interfacedisplay qos config int xxx ### View all the QoS configuration information on the interface
5.3 CBQ(4p)
There are three kinds of traffic on the G0 / 0/0 interface of R2, namely voice EF, important data AF11 and other data streams.
The optimal voice stream transmission can not exceed 30% of the interface available bandwidth at the same time.
To ensure the important data stream has 40% Of the available bandwidth. other traffic into the default queue.
When WRED is used for important data flows, packets are discarded when the queue length exceeds 20% with the default queue length being 30%. When the queue length exceeds 95%, all packets are discarded.R1 #traffic classifier efif-match dscp ef#traffic classifier af if-match dscp af11#traffic behavior ef queue ef bandwidth pct 30#traffic behavior af queue af bandwidth pct 40 drop-profile wred#drop-profile wred wred dscp dscp af11 low-limit 20 high-limit 95 discard-percentage 30#traffic policy llq classifier ef behavior ef classifier af behavior af#int G0/0/0 traffic-policy llq outbound#
6.1 TCP and UDP Attack Prevention (3p)BB1 belongs to the external area. There exist TCP attack packets with fixed port numbers of 135 and 139 in the area, and UDP packets with the fixed port number of 445 may enter the internal network through R1. To prevent this attack, you are not allowed to create a secure area.
R1:#acl 3000 rule 10 permit udp destination-port eq 445 rule 20 permit tcp destination-port eq 135 rule 30 permit tcp destination-port eq 139
#traffic classifier att if-match acl 3000#traffic behavior drop deny#traffic policy filter classifier att behavior drop#int s2/0/0 traffic-policy filter inbound#
6.2 Storm Control (2p)The G0 / 0/2 interface of SW2 receives a large number of multicast packets and needs to be controlled. When the multicast packet rate exceeds 2000pps, the interface is blocked and the logs are blocked. When the rate is less than 1000pps, the interface forwarding function is restored and the interval For 1 minute.
SW2#interface g0/0/2 storm-control interval 60 storm-control action block storm-control enable log storm-control multicast min-rate 1000 max-rate 2000#
6.3 Access Control (3p)The G0/0/23 interface of SW2 accesses the intranet, and the IP network segment is 10.Y.10.0 / 24. It is required that the IP host of the intranet except the working day after 23:00 and before 7:00. Y.10.100 host can access the network, other hosts can not access the network, there are no restrictions on other time periods, using minimal command to achieve.
Note:This week’s week 6 and Sunday did not say, do not know if you want to count to “other time unlimited” inWeeks 6 and 6 put “unlimited other times” and use the flow strategy to score pointsPay attention to the Huawei device, the flow policy acl deny data packets directly refused permit data packets look behavior action
on sw2#time-range work 7:00 to 23:00 working-day#acl 3000 ru 5 per ip time-range work
ru 10 per ip sou 10.1.10.100 0
#Global:Traffic-filter vlan 24 inbound acl 3000Here with adapter on the interface g0/0/23 with: traffic-filter inbound acl 3000#
7.1 Info-center(3p) Use Channel 7 on R1 to output the log message above Warning for AAA module. Use channel 9 on R2 to output the trap information of the IP module Waring to the SNMP server.
The SNMP server uses the V2C version and the SNMP server address is 10.Y.10.20. All other names use HUAWEI.
R1system-view#info-center enableinfo-center source aaa channel 7 log level warning info-center console channel 7 #
R2#info-center enableinfo-center source ip channel 9 trap level warninginfo-center snmp channel 9#snmp-agentsnmp-agent sys-info version v2csnmp-agent trap enablesnmp-agent community read HUAWEIsnmp-agent target-host trap-paramsname HUAWEI v2c securityname HUAWEI //这里 2条命令老版模拟器敲不上snmp-agent target-host trap-hostname HUAWEI address 10.100.100.100 trap-paramsname HUAWEI#
7.2 NetStream(2p)It is output in version 9 format according to the format of G0 / 0/0 incoming direction of R3. Based on the destination IP address aggregation statistics and the fixed packet sampling mode, the sampling interval is 200 and the network source address sent by R3 is 10.Y. 3.3, the destination address is 10.100.100.100 and the destination port is 6000.
R3#ip netstream aggregation destination-prefix ip netstream export source 10.1.3.3 ip netstream export host 10.100.100.100 6000 enable export version 9#int g0/0/0
ip netstream sampler fix-packets 200 inbound ip netstream inbound
#
7.3 SSH(3p) On VTY1 of R1, only SSH login is allowed. The username and password are both hwssh. SSH is
not compatible with version 2.0 or later. If necessary, it takes 2 hours to update.
R1#rsa local-key-pair createThe key name will be: Huawei_HostThe range of public key size is (512 ~ 2048).NOTES: If the key modulus is greater than 512,it will take a few minutes.Input the bits in the modulus[default = 512]: 1024Generating keys..........++++++++++++..........++++++++++++...................................++++++++......++++++++在服务器端配置 VTY用户界面#user-interface vty 1 authentication-mode aaaprotocol inbound sshaa local-user huawei password cipher huawei local-user huawei privilege level 3 local-user huawei service-type ssh#ssh user huawei authentication-type password# Set the authentication mode of SSH user to password# Enable the STelnet server function and change the key generation time and version stelnet server enable (examination did not order this, with protocol inbound ssh opened, if there is knock)stelnet server enable undo ssh server compatible-ssh1x enablessh server rekey-interval 20#
8.1 VRRP(2p) VRRP is implemented on R1 and R5 in the network segment of vlan 15. The vrid is 125 and the
virtual ip is 10.1.15.254. R1 is the master and R5 is the backup. Vrrp between R1 and R5 needs MD5 authentication and the authentication password is HWvrrp. When R1’s S2 / 0/0 and S3 / 0/0 are both down, R5 becomes the master, and when any of these two interfaces of R1 resumes normal, R1 becomes 20s as the master.
R1#interface GigabitEthernet0/0/1 ip address 10.1.15.1 255.255.255.0 vrrp vrid 125 virtual-ip 10.1.15.254 vrrp vrid 125 priority 150 vrrp vrid 125 preempt-mode timer delay 30 vrrp vrid 125 track interface Serial0/0/2 reduced 30 vrrp vrid 125 track interface Serial0/0/3 reduced 30
vrrp vrid 125 authentication-mode md5 HWvrrp#R5#interface GigabitEthernet0/0/1 ip address 10.1.15.5 255.255.255.0 vrrp vrid 125 virtual-ip 10.1.15.254 vrrp vrid 125 authentication-mode md5 HWvrrp#
8.2 DHCP(4p) Vlan 24 users obtain the IP address, gateway and DNS information through DHCP, R4 is the DHCP
server, and the address pool is 10.Y.24.0 / 24,10.Y.24.1 ~ 10.Y.21.20 The address needs to be reserved and the gateway is 10. Y.24.254, DNS is 10.Y.30.20, Lease is 2 days, and address pool name is pool_24.
You need to enable the security function on the Vlan24 of SW2 to prevent the unauthorized DHCP server from accessing the network.
Note:Interface to add a dhcp select globalDhcp snoopingRequired to enable dhcp snooping feature on SW2 go to 4 of the mouth to trustTo enable dhcpInterface should also enableThen to 4 mouth trusted
R4#dhcp enableip pool 24 gateway-list 10.1.24.4 network 10.1.24.0 mask 255.255.255.0 excluded-ip-address 10.1.24.1 10.1.24.10 lease day 2 hour 0 minute 0 dns-list 10.1.100.2#int g0/0/1 dhcp select global
SW2#dhcp enable#dhcp snooping enable#vlan 24 dhcp snooping enable#int g0/0/2 dhcp snooping enable#int g0/0/4 dhcp snooping enable dhcp snooping trusted
8.3 NTP(2p) R1 has an accurate clock, Stratum is 3. NTP information is broadcast only to VLAN 15, and R5 and
SW3 get the clock information from it. The authentication mode is MD5 and the password is HWNTP.
R1#ntp-service refclock-master 3ntp-service authentication enablentp-service authentication-keyid 1 authentication-mode md5 huaweintp-service reliable authentication-keyid 1#interface g0/0/1 ntp-service broadcast-server authentication-keyid 1#
SW3#ntp-service authentication enablentp-service authentication-keyid 1 authentication-mode md5 huaweintp-service reliable authentication-keyid 1#interface vlanif 15 ntp-service broadcast-client#
R5#ntp-service authentication enablentp-service authentication-keyid 1 authentication-mode md5 huaweintp-service reliable authentication-keyid 1#interface g0/0/1 ntp-service broadcast-client