ccnpbr.com.brccnpbr.com.br/wp-content/uploads/2017/12/exam.docx · web viewimport-route direct...

Protegido: lab1SW1

<SW1>display saved-configuration

!Software Version V200R003C00SPC300

#

sysname SW1

#

router id 10.20.1.1

#

vlan batch 10 15 24 30 35 255

#

stp instance 1 root primary

stp instance 2 root secondary

stp bpdu-protection

#

domain default_admin

#

time-range work 23:00 to 00:00 working-day


#

stp region-configuration

region-name HW

revision-level 1

instance 1 vlan 10 15 24


active region-configuration

#

acl number 2001

rule 5 permit source 10.20.10.100 0

rule 10 deny source 10.20.10.0 0.0.0.255 time-range work

#

aaa

authentication-scheme default

authorization-scheme default

accounting-scheme default

domain default


local-user admin password cipher %@%@5d~9:M^ipCfL\iB)EQd>3Uwe%@%@

local-user admin service-type http

#

interface Vlanif1

#

interface Vlanif10

ip address 10.20.10.11 255.255.255.0

#

interface Vlanif30

ip address 10.20.30.11 255.255.255.0

#

interface MEth0/0/1

#

interface Eth-Trunk1

port link-type trunk

mode lacp

#

interface GigabitEthernet0/0/1

undo port hybrid vlan 1

#


port link-type access

port default vlan 255

#



#



#



#



#



#



#



#




stp edged-port enable

#



#



#


eth-trunk 1

#


eth-trunk 1

#


eth-trunk 1

#



port trunk allow-pass vlan 2 4094

#



#



#




stp disable

smart-link flush receive control-vlan 10

#



#



#



#




traffic-filter inbound acl 2001

#



#

interface NULL0

#

ospf 20 router-id 10.20.1.1

import-route direct route-policy ACCEPTROUTES

area 0.0.0.34

network 10.20.30.11 0.0.0.0

nssa

#

route-policy ACCEPTROUTES permit node 10

if-match interface Vlanif10

#

user-interface con 0

authentication-mode password

set authentication password cipher %@%@^1}}(.ERKV\-VJVxy@c2,,7Gi,Y[SQwxIM'KptWQl0\+,7J,%@%@

idle-timeout 0 0

screen-length 0

user-interface vty 0 4


SW2

sysname SW2

#

vlan batch 10 15 24 30 35 255

#



#


#

igmp-snooping enable

#

dhcp enable

#

dhcp snooping enable

#


region-name HW

revision-level 1




#

acl number 3001

rule 5 permit udp destination-port eq 6000

rule 10 permit tcp source 10.20.24.0 0.0.0.255

#

vlan 24


dhcp snooping enable

dhcp snooping trusted interface GigabitEthernet0/0/4

#

aaa




domain default




#

interface Vlanif1

#

interface MEth0/0/1

#



mode lacp

lacp preempt enable

max active-linknumber 2

lacp preempt delay 10

#




#




qos lr inbound cir 20000 cbs 2500000

storm-control multicast min-rate 1000 max-rate 2000

storm-control interval 60

storm-control action block

storm-control enable log

#




#





#



#



#



#



#



#



traffic-remark inbound acl 3001 rule 10 dscp af11

#



#



#


eth-trunk 1

lacp priority 40000

#


eth-trunk 1

#


eth-trunk 1

#




#



#



#




stp disable


#



#



#



#



#



#

interface NULL0

#



set authentication password cipher %@%@Yv#c#y\]+)JF3hB2|_f5,,3*-Me&O(I>SA_u,uLA9M>!,3-,%@%@

idle-timeout 0 0


screen-length 0


SW3

sysname SW3

#

router id 10.20.13.13

#

vlan batch 10 15 24 30 35 255

#

undo http server enable

#

drop illegal-mac alarm

#


region-name HW

revision-level 1




#

bfd

#

aaa




domain default


local-user admin password cipher %$%$/)ht,:(&34$A10"s;LF8FQH~%$%$


#

ntp-service authentication enable

ntp-service authentication-keyid 20 authentication-mode md5 cipher %$%$#Vu$"%N42~`qNIEs-EWFII@7%$%$

ntp-service reliable authentication-keyid 20

#

interface Vlanif15

ip address 10.20.15.13 255.255.255.0

ntp-service broadcast-client

#

interface Ethernet0/0/1


#



#




#



#




#



#



#



#



#



#



#



#




#



#



#




#



#



#



#



#



#



#




#




#



#



#



#



#

interface NULL0

#

bgp 10

router-id 10.20.13.13

peer 10.20.15.1 as-number 10

peer 10.20.15.1 bfd min-tx-interval 300 min-rx-interval 300

peer 10.20.15.1 bfd enable

#

ipv4-family unicast

undo synchronization

peer 10.20.15.1 enable

#


area 0.0.0.15

network 10.20.15.13 0.0.0.0

#



set authentication password cipher %$%$~DmY$;(*=&_$C}!@ViT%,=4+EIeKGo[Y0H[I=u90rmAN,C:5%$%$

idle-timeout 0 0

screen-length 0


SW4

sysname SW4

#

vlan batch 10 15 24 30 35 255

#


#


#

aaa




domain default


local-user admin password cipher %$%$2umg)BAu;2my+)2pIqnNWQH~%$%$


#



#



#



#



#




#



#



#



#



#



#


undo pot hybrid vlan 1

#



#




stp disable

#



#



#




stp disable

#



#



#



#



#



#



#



#



#



#



#



#



#

interface NULL0

#

smart-link group 1

restore enable

smart-link enable

port Ethernet0/0/13 master

port Ethernet0/0/16 slave

timer wtr 30

flush send control-vlan 10

#



set authentication password cipher %$%$v>iPG{j';9.vS`,A"3Y',{ri%`X6V{SqO.&Zs[;e\82F,$xs%$%$

idle-timeout 0 0

screen-length 0


R1

sysname R1

#

board add 0/1 2SA

board add 0/2 2SA

board add 0/3 2SA

#

snmp-agent local-engineid 800007DB03105172F26541

snmp-agent

#

http timeout 3

#


#

router id 10.20.1.1

#

multicast routing-enable

#

bfd

#

pki realm default

enrollment self-signed

#

#

acl number 3001

rule 5 deny tcp destination-port eq 135


rule 15 deny udp destination-port eq 445

#

aaa


authentication-scheme chap



domain default


domain pppchap


local-user admin password cipher %$%$O5qd'E_89<Jdd(N@,A%EFI3W%$%$


local-user hwssh password cipher %$%$Ja[u%qzN@"G>iSS*_ZY#Iq*m%$%$

local-user hwssh privilege level 3

local-user hwssh service-type ssh

local-user chapuser password cipher %$%$H8}bS37Q"8GjmhN`kBYXH`Vt%$%$

local-user chapuser service-type ppp

#

isis 20

is-level level-2

cost-style wide

network-entity 49.0012.0000.0000.0001.00

import-route ospf 20

#

firewall zone Local

priority 64

#

interface Serial1/0/0

link-protocol fr

undo fr inarp

fr dlci 104

fr dlci 105

fr map ip 10.20.145.4 104 broadcast


ip address 10.20.145.1 255.255.255.0

pim sm

#


link-protocol ppp

#


link-protocol ppp

ppp authentication-mode chap domain pppchap

ppp pap local-user papuser password cipher %$%$Pb>=Z>f-J&\@a6VOAOE-,Fgy%$%$

ip address 10.20.12.1 255.255.255.0

isis enable 20

isis ppp-negotiation 3-way only

pim sm

#


link-protocol ppp

#


link-protocol ppp

ip address 157.68.1.1 255.255.255.0

#


link-protocol ppp

#


#


ip address 10.20.15.1 255.255.255.0

vrrp vrid 125 virtual-ip 10.20.15.254

vrrp vrid 125 priority 115

vrrp vrid 125 preempt-mode timer delay 20

vrrp vrid 125 track interface Serial2/0/0

vrrp vrid 125 track interface Serial3/0/0

vrrp vrid 125 authentication-mode md5 %$%$Wmc"6w\gT$-q*j7nOC2$Ivr|%$%$

pim hello-option dr-priority 50000

pim sm

ospf cost 1600

ntp-service broadcast-server authentication-keyid 20

#


#

interface Cellular0/0/0

link-protocol ppp

#


link-protocol ppp

#

interface NULL0

#

interface LoopBack0

ip address 10.20.1.1 255.255.255.255

#

bgp 10

router-id 10.20.1.1





peer 157.68.1.254 as-number 100

#

ipv4-family unicast


aggregate 10.20.0.0 255.255.0.0 as-set detail-suppressed


peer 10.20.12.2 route-policy R2SOURCE import



peer 157.68.1.254 route-policy ROUTEIMPORT import

#


import-route isis 20

peer 10.20.145.4

peer 10.20.145.5

preference route-policy ISIS2OSPF 10

area 0.0.0.0

authentication-mode md5 20 cipher %$%$:y,nP%V4^I8bf[U|)P=FHjXJ%$%$

network 10.20.1.1 0.0.0.0

network 10.20.145.1 0.0.0.0

network 157.68.1.1 0.0.0.0

area 0.0.0.15

network 10.20.15.1 0.0.0.0

#

route-policy ROUTEIMPORT permit node 10

apply as-path 254 254 254 254 additive

#

route-policy R2SOURCE permit node 10

if-match ip-prefix NETWORK40

#

route-policy R2SOURCE permit node 20

apply ip-address next-hop 10.20.56.6

#

ssh server rekey-interval 2

undo ssh server compatible-ssh1x enable

stelnet server enable

#

ip ip-prefix NETWORK40 index 10 permit 10.20.40.0 24

#



set authentication password cipher %$%$#J_i!.o'TOmN}_~CJisR,"`Pn"g`&nrxt37bet(E#N\U"`S,%$%$

idle-timeout 0 0

screen-length 0

user-interface vty 0

user-interface vty 1

authentication-mode aaa

protocol inbound ssh


#

wlan ac

#

ntp-service authentication enable

ntp-service authentication-keyid 20 authentication-mode md5 %$%$E~t`(h7efE&(0J4U~'{:,.2a%$%$


ntp-service refclock-master 3

#

voice

#

diagnose

R2

sysname R2

#

board add 0/1 2SA

board add 0/2 2SA

board add 0/3 2SA

#

snmp-agent local-engineid 800007DB03105172F20F5B

snmp-agent

#

http timeout 3

#


#

router id 10.20.2.2

#


#

pki realm default


#

#

acl number 2001

rule 5 permit source 0.0.0.0 252.255.255.255

#

drop-profile DROPPING

wred dscp

dscp af11 low-limit 20 high-limit 95 discard-percentage 30

#

traffic classifier llq operator or

if-match dscp ef

traffic classifier af operator or

if-match dscp af11

#

traffic behavior llq

queue llq bandwidth pct 30

traffic behavior af

queue af bandwidth pct 40

drop-profile DROPPING

#

traffic policy RULEIF

classifier llq behavior llq

classifier af behavior af

#

aaa


authentication-scheme pap



domain default


domain ppppap


local-user admin password cipher %$%$2fvQ7X|I#@\j,b-/O0(8F"&i%$%$


local-user papuser password cipher %$%$;9+:TUDP|Y=J[_-Rxjn>H@Gp%$%$

local-user papuser service-type ppp

#

isis 20

is-level level-2

cost-style wide

network-entity 49.0012.0000.0000.0002.00

import-route direct route-policy ISISACCEPT

#

firewall zone Local

priority 64

#


link-protocol ppp

#


link-protocol ppp

#


link-protocol ppp

ppp authentication-mode pap domain ppppap

ppp chap user chapuser

ppp chap password cipher %$%$8&ayR'C:29wvE@:;9^$.,Er@%$%$

ip address 10.20.12.2 255.255.255.0

isis enable 20


pim sm

#


link-protocol ppp

#


link-protocol ppp

#


link-protocol ppp

#


ip address 157.68.3.1 255.255.255.0

traffic-policy RULEIF outbound

#


ip address 10.20.24.2 255.255.255.0

isis enable 20

isis circuit-type p2p


pim sm

#


#


link-protocol ppp

#


link-protocol ppp

#

interface NULL0

#

interface LoopBack0

ip address 10.20.2.2 255.255.255.255

isis enable 20

pim sm

#

bgp 20

router-id 10.20.2.2



#

ipv4-family unicast




#

route-policy ISISACCEPT permit node 2

if-match interface GigabitEthernet0/0/0

#

pim

c-rp LoopBack0 group-policy 2001

#



set authentication password cipher %$%$~=rVWQyR"WN3"bW[!LXI,"a:g/oK!]t^8T5z~0@b2{{4"a=,%$%$

idle-timeout 0 0

screen-length 0


#

wlan ac

#

voice

#

diagnose

R3

sysname R3

#

board add 0/1 2SA

board add 0/2 2SA

board add 0/3 2SA

#

snmp-agent local-engineid 800007DB03105172F264F5

snmp-agent

#

http timeout 3

#


#

router id 10.20.3.3

#


#

pki realm default


#

#

acl number 2001


#

aaa




domain default


local-user admin password cipher %$%$=P`%V3}t0D7d>v"<Xsj2FTM&%$%$


#

firewall zone Local

priority 64

#


link-protocol ppp

#


link-protocol ppp

#


link-protocol ppp

#


link-protocol ppp

#


link-protocol ppp

ip address 10.20.34.3 255.255.255.0

pim sm

#


link-protocol ppp

#


ip address 10.20.30.3 255.255.255.0

ip netstream sampler fix-packets 200 inbound

ip netstream inbound

#


ip address 10.20.35.3 255.255.255.0

pim sm

#


#


link-protocol ppp

#


link-protocol ppp

#

interface NULL0

#

interface LoopBack0

ip address 10.20.3.3 255.255.255.255

pim sm

#

bgp 345

router-id 10.20.3.3


peer 10.20.4.4 connect-interface LoopBack0



#

ipv4-family unicast



peer 10.20.4.4 reflect-client

peer 10.20.4.4 advertise-community



#


area 0.0.0.34

network 10.20.30.3 0.0.0.0

network 10.20.34.3 0.0.0.0

nssa no-import-route

area 0.0.0.35

network 10.20.3.3 0.0.0.0

network 10.20.35.3 0.0.0.0

#

pim


#

ip netstream aggregation destination-prefix

enable

export version 9

ip netstream export source 10.20.3.3

ip netstream export host 10.20.10.30 6000

#



set authentication password cipher %$%$*kf}P]~1s,E1f*@|iiLD,"b$Y^|I!1.7!<+YnTMfJFUU"b',%$%$

idle-timeout 0 0

screen-length 0


#

wlan ac

#

voice

#

diagnose

R4

sysname R4

#

board add 0/1 2SA

board add 0/2 2SA

board add 0/3 2SA

#

snmp-agent local-engineid 800007DB03105172F26559

snmp-agent

#

http timeout 3

#


#

router id 10.20.4.4

#


#

dhcp enable

#

undo dhcp server bootp

#

pki realm default


#

#

qos map-table dscp-dscp

input 27 output 7

#

ip pool pool_24

gateway-list 10.20.24.254

network 10.20.24.0 mask 255.255.255.0

excluded-ip-address 10.20.24.1 10.20.24.20

lease day 2 hour 0 minute 0

dns-list 10.20.30.30

#

aaa




domain default


local-user admin password cipher %$%$sr^J&|sNJB3./2Uw&q>PF\GW%$%$


#

isis 20

is-level level-2

cost-style wide

network-entity 49.0004.0000.0000.0004.00


#

firewall zone Local

priority 64

#


link-protocol fr

undo fr inarp

fr dlci 401



ip address 10.20.145.4 255.255.255.0

pim sm

#


link-protocol ppp

#


link-protocol ppp

ip address 10.20.34.4 255.255.255.0

pim sm

#


link-protocol ppp

#


link-protocol ppp

#


link-protocol ppp

#


ip address 10.20.24.4 255.255.255.0

isis enable 20



trust dscp override

pim sm

dhcp select global

#


ip address 10.20.40.4 255.255.255.0

#


#


link-protocol ppp

#


link-protocol ppp

#

interface NULL0

#

interface LoopBack0

ip address 10.20.4.4 255.255.255.255

pim sm

#

bgp 345

router-id 10.20.4.4




#

ipv4-family unicast


network 10.20.40.0 255.255.255.0



#


import-route isis 20

peer 10.20.145.1

area 0.0.0.0

authentication-mode md5 20 cipher %$%$,~d;$h\)(-<I"w'Yg6j5H"DL%$%$

network 10.20.4.4 0.0.0.0

network 10.20.145.4 0.0.0.0

area 0.0.0.34

network 10.20.34.4 0.0.0.0


#

pim

c-bsr LoopBack0

#



set authentication password cipher %$%$$mN:%A`GIGne_<MxeIi2,"`4`;[EHS)}01v-ksD37N!<"`7,%$%$

idle-timeout 0 0

screen-length 0


#

wlan ac

#

voice

#

diagnose

R5

sysname R5

#

board add 0/1 2SA

board add 0/2 2SA

board add 0/3 2SA

#

snmp-agent local-engineid 800007DB03105172F2311D

snmp-agent

#

http timeout 3

#


#

router id 10.20.5.5

#


#

undo anti-attack abnormal enable

undo anti-attack fragment enable

undo anti-attack icmp-flood enable

#

pki realm default


#

#

aaa




domain default


local-user admin password cipher %$%$id]+U)ly$Fb;Te-ief=WFI/v%$%$


#

firewall zone Local

priority 64

#


link-protocol fr

undo fr inarp

fr dlci 501



ip address 10.20.145.5 255.255.255.0

pim sm

#


link-protocol ppp

#


link-protocol ppp

#


link-protocol ppp

#


link-protocol ppp

ip address 10.20.56.5 255.255.255.0

#


link-protocol ppp

#


ip address 10.20.35.5 255.255.255.0

pim sm

igmp enable

igmp static-group 238.10.10.10

#


ip address 10.20.15.5 255.255.255.0

pim sm

ospf cost 1600

ntp-service broadcast-client

#


#


link-protocol ppp

#


link-protocol ppp

#

interface NULL0

#

interface LoopBack0

ip address 10.20.5.5 255.255.255.255

#

bgp 345

router-id 10.20.5.5




#

ipv4-family unicast





#


peer 10.20.145.1

area 0.0.0.0

authentication-mode md5 20 cipher %$%$yS/R:~6l]K%Mkw:kSa>DHro6%$%$

network 10.20.5.5 0.0.0.0

network 10.20.145.5 0.0.0.0

area 0.0.0.15

network 10.20.15.5 0.0.0.0

area 0.0.0.35

network 10.20.35.5 0.0.0.0

area 0.0.0.56

network 10.20.56.5 0.0.0.0

#

route-policy SOURCE permit node 10

if-match community-filter 1

#

route-policy RESTRICT permit node 10

apply community no-export additive

#

pim

#

ip community-filter 20 permit 1:254

#

ip rpf-route-static 10.20.2.2 32 10.20.145.1


#



set authentication password cipher %$%$j%ffBBU.q8X-H4*0Rcl7,"`>%Dkh.!X\Z$4:n4=)-RzK"`A,%$%$

idle-timeout 0 0

screen-length 0


#

wlan ac

#

ntp-service authentication-keyid 20 authentication-mode md5 %$%$E~t`(h7efE&(0J4U~'{:,.2a%$%$


#

voice

#

diagnose

R6

sysname R6

#

board add 0/1 2SA

board add 0/2 2SA

board add 0/3 2SA

#

snmp-agent local-engineid 800007DB03105172F20F23

snmp-agent

#

http timeout 3

#


#

router id 10.20.6.6

#

pki realm default


#

#

aaa




domain default


local-user admin password cipher %$%$KGsIW!@4K'`O3O-Oskd*FU;A%$%$


#

firewall zone Local

priority 64

#


link-protocol ppp

#


link-protocol ppp

#


link-protocol ppp

ip address 10.20.56.6 255.255.255.0

#


link-protocol ppp

#


link-protocol ppp

ip address 157.68.2.1 255.255.255.0

rip summary-address 10.20.0.0 255.255.0.0

#


link-protocol ppp

#


#


#


#


link-protocol ppp

#


link-protocol ppp

#

interface NULL0

#

interface LoopBack0

ip address 10.20.6.6 255.255.255.255

#

bgp 60

router-id 10.20.6.6


peer 157.68.2.254 as-number 254

#

ipv4-family unicast





#


import-route rip 1 cost 100 tag 100

area 0.0.0.56

network 10.20.6.6 0.0.0.0

network 10.20.56.6 0.0.0.0

#

rip 1

version 2

peer 157.68.2.254

network 157.68.0.0

undo verify-source

filter-policy ip-prefix R6-BB2 import Serial3/0/0

filter-policy ip-prefix OSPF2RIP export Serial3/0/0


#

ip ip-prefix R6-BB2 index 10 permit 171.10.0.0 22 greater-equal 22 less-equal 24

ip ip-prefix OSPF2RIP index 10 permit 10.20.0.0 16

#



set authentication password cipher %$%$a.*xEh-ln.esM"PUX#Y+,"a$D\"XC3Xd|~9Tr6"[^XOX"a',%$%$

idle-timeout 0 0

screen-length 0


#

wlan ac

#

voice

#

diagnose

Protegido: lab2 – MPLSSW1

<SW1>dis saved-config


#

sysname SW1

#

router id 10.1.113.11

#

vlan batch 35 110 113 135 222 224 255

#



#


undo http secure-server enable

#


#


region-name HUAWEI

revision-level 12

instance 10 vlan 110 135 222 224



#

aaa




domain default




#

interface Vlanif1

#

interface Vlanif110

ip address 10.1.110.11 255.255.255.0

#

interface Vlanif113

ip address 10.1.113.11 255.255.255.0

#

interface MEth0/0/1

#



#




#



#



#



#



#



#



#



#




#



#



#



undo port trunk allow-pass vlan 1

port trunk allow-pass vlan 2 to 4094

#



#



#





#



#



#





stp disable


#



#



#



#




#



#

interface NULL0

#


import-route direct route-policy vlan110

area 0.0.0.34

network 10.1.113.11 0.0.0.0

nssa

#

route-policy vlan110 permit node 10


apply tag 100

#



set authentication password cipher %@%@qoa~0Pxf/&^!=eP>Bj~O,~.=d26=$Aso@;yaf3(I0[:9~.@,%@%@

screen-length 0



#

return

<SW1>

SW2

<SW2> dis current-configuration


#

sysname SW2

#

vlan batch 35 110 113 135 222 224 255

#



#


#


#



#


#


region-name HUAWEI

revision-level 12

instance 10 vlan 110 135 222 224



#

vlan 224


#

aaa




domain default




#

interface Vlanif1

#

interface Vlanif222

ip address 10.1.222.22 255.255.255.0

pim sm

#

interface Vlanif224

ip address 10.1.224.22 255.255.255.0

undo rip output

undo rip input

pim sm

#

interface MEth0/0/1

#




#




#




#




#



#



#



#



#



#



#



#



#





#



#



#





#



#



#





stp disable


#



#



#



#



#



#

interface NULL0

#

bgp 20



#

ipv4-family unicast




#

ospf 1

import-route rip 1 route-policy rto

preference ase route-policy pre 10

area 0.0.0.224

network 10.1.224.22 0.0.0.0

#

rip 1

undo summary

version 2

network 10.0.0.0

import-route ospf 1 route-policy otr

#

route-policy r20 deny node 10

if-match tag 101

#

route-policy r20 permit node 20

apply tag 102

#

route-policy o2r deny node 10

if-match tag 202

#

route-policy o2r permit node 20

apply tag 201

#

route-policy ext permit node 10

if-match tag 100

apply preference 10

#

route-policy otr deny node 5

if-match tag 301

#

route-policy otr permit node 10

apply tag 102

#

route-policy rto deny node 10

if-match tag 103

#

route-policy rto permit node 20

apply tag 201

#

route-policy pre permit node 10

if-match tag 301

apply preference 150

#



set authentication password cipher %@%@u"1dPHMm1=U`zg2b-$_Y,~,VmuGKBJR,[={TlR/Q+lKB~,Y,%@%@

screen-length 0



#

return

<SW2>

SW3

<SW3>dis saved-configuration

#

!Software Version V100R006C03

sysname SW3

#

vlan batch 35 110 113 135 222 224 255

#


#


#


#


#


region-name HUAWEI

revision-level 12

instance 10 vlan 110 135 222 224



#

vlan 135


#

aaa




domain default


local-user admin password cipher %$%$1Y_g(cH^p<Rv/`VnWvY&3:1(%$%$


#

interface Vlanif135

ip address 10.1.135.13 255.255.255.0

pim sm

#



#



#




#



#




#



#



#



#



#



#



#



#





#



#



#





#



#



#



#



#



#



#




#




stp root-protection

stp bpdu-filter enable

#



#



#



#



#

interface NULL0

#

bgp 10


#

ipv4-family unicast



#

ospf 1

area 0.0.0.135

network 10.1.135.0 0.0.0.255

#



set authentication password cipher %$%$k[Q-&!62mDI5f&:6KatV,OF=YYNr>ilM66.Ck1Slyn7O~ULG%$%$

screen-length 0


#

return

<SW3>

SW4

<SW4>dis saved-configuration

#


sysname SW4

#

vlan batch 35 110 113 135 222 224 255

#


#


#

aaa




domain default


local-user admin password cipher %$%$6`FJ:sGL(Q#Z]P"!K&-!3ri`%$%$


#



#



#



#


#




#



#



#



#



#



#



#



#





stp disable

#



#



#





stp disable

#



#



#



#



#



#



#



#



#



#



#



#



#

interface NULL0

#

smart-link group 4

restore enable

smart-link enable



timer wtr 30


#



set authentication password cipher %$%$)yZ,2,:uR@J"TB8Ov/G:,JA8B`^d/8<FnWs)ELOxQ/@/~PGB%$%$

screen-length 0


#

return

<SW4>

R1

<R1>dis saved-config

[V200R003C01SPC900]

#

sysname R1

#

board add 0/1 2SA

board add 0/2 2SA

board add 0/3 2SA

#

snmp-agent local-engineid 800007DB037054F593DEBA

snmp-agent

#

http timeout 3

#


#

router id 10.1.1.1

#

pki realm default


#

#

aaa





domain default


domain pppchap


local-user admin password cipher %$%$S2^!KY6ZZ=~omd*ynVMDF`4B%$%$


local-user chapuser password cipher %$%$|t2)7/_bQQAJ1)AT9cNSH3a|%$%$


#

firewall zone Local

priority 64

#


link-protocol fr

undo fr inarp



ip address 10.1.145.1 255.255.255.0

#


link-protocol ppp

#


link-protocol ppp


ppp pap local-user papuser password cipher %$%$f9S|"[>Z^&9xbj~r-^C+,I:K%$%$

ip address 10.1.12.1 255.255.255.0

#


link-protocol ppp

#


link-protocol ppp

ip address 157.68.1.1 255.255.255.0

undo rip output

undo rip input

#


link-protocol ppp

#


#


ip address 10.1.135.1 255.255.255.0

undo rip output

undo rip input

ospf cost 2000

#


#


link-protocol ppp

#


link-protocol ppp

#

interface NULL0

#

interface LoopBack0

ip address 10.1.1.1 255.255.255.255

#

bgp 10

router-id 10.1.1.1



peer 157.68.1.254 as-number 254

peer 157.68.1.254 fake-as 100

#

ipv4-family unicast




peer 10.1.12.2 route-policy R2 import



peer 157.68.1.254 route-policy as-path import

#


import-route rip 1 route-policy rto

peer 10.1.145.4

peer 10.1.145.5

preference ase route-policy pre 10

area 0.0.0.0

authentication-mode md5 1 plain HuaWei

network 10.1.1.1 0.0.0.0

network 10.1.145.1 0.0.0.0

network 157.68.1.1 0.0.0.0

area 0.0.0.135

network 10.1.135.1 0.0.0.0

vlink-peer 10.1.5.5

#

rip 1

undo summary

version 2

network 10.0.0.0

import-route ospf 1 route-policy otr

#

route-policy 02R deny node 10

if-match tag 102

#

route-policy 02R permit node 20

apply tag 101

#

route-policy R20 deny node 10

if-match tag 201

#

route-policy R20 permit node 20

apply tag 202

#


if-match tag 100

apply preference 10

#

route-policy otr deny node 5

if-match tag 201

#

route-policy otr permit node 10

apply tag 103

#

route-policy rto deny node 10

if-match tag 102

#

route-policy rto permit node 20

apply tag 301

#

route-policy pre permit node 10

if-match tag 201

apply preference 150

#

route-policy as-path permit node 10


#


if-match ip-prefix 1


#



#

ip ip-prefix 1 index 10 permit 10.1.40.0 24

#



set authentication password cipher %$%$D}|N(e-'\7d6H@,[R5e~,$WlCS\$~/Q0qPk:cg:AA>|I$Wo,%$%$

screen-length 0


#

wlan ac

#

voice

#

diagnose

#

return

<R1>

R2

<R2>display saved-configuration

[V200R003C01SPC900]

#

sysname R2

#

board add 0/1 2SA

board add 0/2 2SA

board add 0/3 2SA

#

snmp-agent local-engineid 800007DB03E468A39B2F72

snmp-agent

#

http timeout 3

#


#


#

ip vpn-instance ABC

ipv4-family

route-distinguisher 34:34

#

pki realm default


#

#

acl number 2000


#

aaa





domain default


domain ppppap


local-user admin password cipher %$%$$h)w;{6km5\Rf265P%W8FUc~%$%$


local-user papuser password cipher %$%$\V63.(MUXAvf\yJR2u+5H-dj%$%$


#

firewall zone Local

priority 64

#


link-protocol ppp

#


link-protocol ppp

#


link-protocol ppp



ppp chap password cipher %$%$mfp;JX_J}>C/|#O.}3&/,J{u%$%$

ip address 10.1.12.2 255.255.255.0

rip metricin 5

pim sm

#


link-protocol ppp

#


link-protocol ppp

ip address 172.16.1.2 255.255.255.0

#


link-protocol ppp

#


ip address 157.68.3.1 255.255.255.0

#


ip address 10.1.222.2 255.255.255.0

rip metricin ip-prefix same-way 6

pim sm

#


#


link-protocol ppp

#


link-protocol ppp

#

interface NULL0

#

interface LoopBack0

ip address 10.1.2.2 255.255.255.255

pim sm

#

bgp 20

router-id 10.1.2.2



#

ipv4-family unicast




#

ospf 2

area 0.0.0.0

network 172.16.1.2 0.0.0.0

#

rip 1

undo summary

version 2

network 10.0.0.0

import-route direct route-policy direct

#

route-policy direct permit node 10


#

pim


#

ip ip-prefix same-way index 10 permit 10.1.15.0 24

#



set authentication password cipher %$%$;xPhYQp9@A<I{{>)q<^O,$W%;A#JFCUM*07S4@JLc&bU$W(,%$%$

screen-length 0


#

wlan ac

#

voice

#

diagnose

#

return

<R2>

R3

[R3]display saved-configuration

[V200R003C01SPC900]

#

sysname R3

#

board add 0/1 2SA

board add 0/2 2SA

board add 0/3 2SA

#

snmp-agent local-engineid 800007DB037054F593DEC2

snmp-agent

#

http timeout 3

#


#

router id 10.1.3.3

#


#

ip vpn-instance ABC

ipv4-family


vpn-target 34:34 export-extcommunity

vpn-target 34:34 import-extcommunity

#

mpls lsr-id 10.1.3.3

mpls

#

pki realm default


#

#

acl number 3000

rule 5 permit ip source 232.0.0.0 7.255.255.255

#

aaa




domain default


local-user admin password cipher %$%$.zw@6L%}o&1zYY&VIMJVFa0:%$%$


#

firewall zone Local

priority 64

#


link-protocol ppp

ip binding vpn-instance ABC

#


link-protocol ppp

#


link-protocol ppp


ip address 172.16.1.3 255.255.255.0

#


link-protocol ppp

#


link-protocol ppp

ip address 10.1.34.3 255.255.255.0

#


link-protocol ppp

#


ip address 10.1.113.3 255.255.255.0

pim sm

mpls

#


ip address 10.1.35.3 255.255.255.0

#


#


link-protocol ppp

#


link-protocol ppp

#

interface NULL0

#

interface LoopBack0

ip address 10.1.3.3 255.255.255.255

pim sm

#

bgp 345

router-id 10.1.3.3





#

ipv4-family unicast







#

ipv4-family vpnv4

policy vpn-target


#

ipv4-family vpn-instance ABC

import-route ospf 2

#


area 0.0.0.0


area 0.0.0.34

network 10.1.34.3 0.0.0.0

network 10.1.113.3 0.0.0.0

nssa

area 0.0.0.35

network 10.1.3.3 0.0.0.0

network 10.1.35.3 0.0.0.0

vlink-peer 10.1.5.5

#

ospf 2 vpn-instance ABC

import-route bgp

area 0.0.0.0

network 172.16.1.3 0.0.0.0

#

pim


#

static-lsp ingress 3514 destination 10.1.4.4 32 outgoing-interface GigabitEthernet0/0/0 nexthop 10.1.35.5 out-label 305

#



set authentication password cipher %$%$tto~:vz|YOx~9_!.EiI=,$Xa|"gx>~:a)H_o'NX.oQN($Xd,%$%$

screen-length 0


#

wlan ac

#

voice

#

diagnose

#

return

[R3]

R4

[R4]display saved-configuration

[V200R003C01SPC900]

#

sysname R4

#

board add 0/1 2SA

board add 0/2 2SA

board add 0/3 2SA

#

snmp-agent local-engineid 800007DB037054F593DE92

snmp-agent

#

http timeout 3

#


#

router id 10.1.4.4

#


#

ip vpn-instance ABC

ipv4-family


vpn-target 34:34 export-extcommunity

vpn-target 34:34 import-extcommunity

#


mpls

#

pki realm default


#

#

aaa




domain default


local-user admin password cipher %$%$_MUtPfy1`,@0}u69|R>2F].H%$%$


#

firewall zone Local

priority 64

#


link-protocol fr

undo fr inarp



ip address 10.1.145.4 255.255.255.0

pim sm

ospf dr-priority 0

mpls

#


link-protocol ppp

#


link-protocol ppp

ip address 10.1.34.4 255.255.255.0

pim sm

#


link-protocol ppp

#


link-protocol ppp

#


link-protocol ppp

#


ip address 10.1.224.4 255.255.255.0

pim sm

#



ip address 172.16.40.4 255.255.255.0

#


#


link-protocol ppp

#


link-protocol ppp

#

interface NULL0

#

interface LoopBack0

ip address 10.1.4.4 255.255.255.255

pim sm

#

interface LoopBack1

ip address 10.1.40.4 255.255.255.0

#

bgp 345

router-id 10.1.4.4




#

ipv4-family unicast


network 10.1.40.0 255.255.255.0



#

ipv4-family vpnv4

policy vpn-target


#

ipv4-family vpn-instance ABC

import-route direct

#


peer 10.1.145.1

area 0.0.0.0


network 10.1.4.4 0.0.0.0

network 10.1.145.4 0.0.0.0

area 0.0.0.24

area 0.0.0.34

network 10.1.34.4 0.0.0.0


area 0.0.0.224

network 10.1.224.4 0.0.0.0

#

pim

c-bsr LoopBack0

#

static-lsp egress 3514 incoming-interface Serial1/0/0 in-label 104

static-lsp ingress 4153 destination 10.1.3.3 32 outgoing-interface Serial1/0/0 nexthop 10.1.145.5 out-label 401

#



set authentication password cipher %$%$z0OJAU>`nN\36"&$O`#L,$XEBqJ!Wg\)^"%d7,M^^b=7$XH,%$%$

screen-length 0


#

wlan ac

#

voice

#

diagnose

#

return

[R4]

R5

[R5]dis saved-config

[V200R003C01SPC900]

#

sysname R5

#

board add 0/1 2SA

board add 0/2 2SA

board add 0/3 2SA

#

snmp-agent local-engineid 800007DB03E468A39EEFCE

snmp-agent

#

http timeout 3

#


#

ipv6

#

router id 10.1.5.5

#


#


mpls

#

pki realm default


#

#

aaa




domain default


local-user admin password cipher %$%$_BhY5_b(hXS2x2'(SJ2SF`P0%$%$


#

ospfv3 1

router-id 10.1.5.5

#

firewall zone Local

priority 64

#


link-protocol fr

undo fr inarp



ip address 10.1.145.5 255.255.255.0

pim sm

ospf dr-priority 0

mpls

#


link-protocol ppp

#


link-protocol ppp

#


link-protocol ppp

#


link-protocol ppp

ip address 10.1.56.5 255.255.255.0

#


link-protocol ppp

#


ipv6 enable

ip address 10.1.35.5 255.255.255.0

ipv6 address 2001:1:135::5/64

pim sm

#


ip address 10.1.135.5 255.255.255.0

pim sm

igmp enable


ospf cost 2000

mpls

#


#


link-protocol ppp

#


link-protocol ppp

#

interface NULL0

#

interface LoopBack0

ip address 10.1.5.5 255.255.255.255

#

bgp 345

router-id 10.1.5.5




#

ipv4-family unicast


aggregate 60.0.0.0 255.255.252.0 as-set origin-policy origin attribute-policy att




#


asbr-summary 172.10.0.0 255.255.252.0 tag 100 cost 100

import-route rip 1 cost 100 tag 100 route-policy R5

peer 10.1.145.1

area 0.0.0.0


network 10.1.5.5 0.0.0.0

network 10.1.145.5 0.0.0.0

area 0.0.0.35

network 10.1.15.5 0.0.0.0

vlink-peer 10.1.1.1

vlink-peer 10.1.3.3

area 0.0.0.135

network 10.1.135.5 0.0.0.0

#

rip 1

undo summary

version 2

network 10.0.0.0

import-route ospf 1

#



#

route-policy origin permit node 10


#

route-policy att permit node 10


#

pim

spt-switch-threshold infinity

#

ip ip-prefix 1 index 5 permit 10.1.56.0 24 greater-equal 24 less-equal 24



#


#


#

static-lsp transit 3514 incoming-interface GigabitEthernet0/0/1 in-label 305 outgoing-interface Serial1/0/0 nexthop 10.1.145.4 out-label 501

static-lsp transit 4153 incoming-interface Serial1/0/0 in-label 105 outgoing-interface GigabitEthernet0/0/1 nexthop 10.1.135.3 out-label 503

#



set authentication password cipher %$%$uZrwTDeVI3dm$&)fo*7U,$WzEGW>(bM-(#j4Ok1@7yR7$W},%$%$

screen-length 0


#

wlan ac

#

voice

#

diagnose

#

return

[R5]

R6

<R6>dis saved-configuration

[V200R003C01SPC900]

#

sysname R6

#

board add 0/1 2SA

board add 0/2 2SA

board add 0/3 2SA

#

snmp-agent local-engineid 800007DB037054F593DDE2

snmp-agent

#

http timeout 3

#


#

pki realm default


#

#

aaa




domain default


local-user admin password cipher %$%$p=*XS'm,qY^.Yr9'x/=)FfR'%$%$


#

firewall zone Local

priority 64

#


link-protocol ppp

#


link-protocol ppp

#


link-protocol ppp

ip address 10.1.56.6 255.255.255.0

#


link-protocol ppp

#


link-protocol ppp

ip address 157.68.2.1 255.255.255.0


#


link-protocol ppp

#


#


#


#


link-protocol ppp

#


link-protocol ppp

#

interface NULL0

#

interface LoopBack0

ip address 10.1.6.6 255.255.255.255

#

bgp 60

router-id 10.1.6.6



peer 157.68.2.254 as-number 254

#

ipv4-family unicast






#

rip 1

undo summary

version 2

peer 157.68.2.254

network 10.0.0.0

network 157.68.0.0

silent-interface Serial3/0/0

filter-policy ip-prefix rip-sum export Serial3/0/0

#

ip ip-prefix rip-sum index 10 permit 10.1.0.0 16

#



set authentication password cipher %$%$.)LsECL4&!R{$STM~h&:,$YROeqe3;0ZM'O9mp.)e;*'$YU,%$%$

screen-length 0


#

wlan ac

#

voice

#

diagnose

#

return

<R6>

Protegido: lab3SW1

<SW1>di cu


#

sysname SW1

#

vlan batch 10 15 24 30 35 100 135 255

#



stp bpdu-protection

#

lacp priority 0

#



#


#



#


region-name HW

revision-level 1

instance 1 vlan 10 15 24 100



#

acl number 2000

rule 10 permit source 10.4.10.100 0

rule 20 deny source 10.1.10.0 0.0.0.255 time-range work

#

aaa




domain default




#

interface Vlanif1

#

interface Vlanif10

ip address 10.4.10.11 255.255.255.0

#

interface Vlanif30

ip address 10.4.30.11 255.255.255.0

#

interface MEth0/0/1

#



port trunk pvid vlan 255



mode lacp

lacp preempt enable

max active-linknumber 2

lacp preempt delay 15

#



#




#



#



#




#



#



#



#



#




#



#




#


eth-trunk 12

#


eth-trunk 12

lacp priority 60000

#


eth-trunk 12

#






#



#



#






stp disable


#



#



#



#





#



#

interface NULL0

#


import-route direct route-policy DIR

area 0.0.0.34

network 10.4.30.11 0.0.0.0

nssa

#

route-policy DIR permit node 10


#



set authentication password cipher %@%@${1s&m>**38_5H:AG.=;,I;MGAy]'1QWNF|l't@7/6=1I;P,%@%@

idle-timeout 0 0

screen-length 0



#

return

SW2

<SW2>di cu


#

sysname SW2

#

vlan batch 10 15 24 30 35 100 135 255

#



#


#



#


#


region-name HW

revision-level 1




#

acl number 3000

rule 10 permit udp destination-port eq 6000

rule 20 permit tcp source 10.4.24.0 0.0.0.255

#

vlan 24


#

aaa




domain default




#

interface Vlanif1

#

interface MEth0/0/1

#






mode lacp

#




#




qos lr outbound cir 20000 cbs 2500000

storm-control multicast min-rate 1000 max-rate 2000

storm-control interval 60

storm-control action block

storm-control enable log

#




#




qos lr outbound cir 18000 cbs 2250000


#



#



#



#



#



#





#



#



#


eth-trunk 12

#


eth-trunk 12

#


eth-trunk 12

#






#



#



#






stp disable


#



#



#



#



#



#

interface NULL0

#



set authentication password cipher %@%@@C/@)$gr"ZIrk3**FL8<,I3qBzS'3yS_zU!.dsSo=P)II3t,%@%@

idle-timeout 0 0

screen-length 0



#

return

SW3

<SW3>di cu

#


sysname SW3

#

vlan batch 10 15 24 30 35 100 135 255

#


#


#


region-name HW

revision-level 1




#

bfd

#

aaa




domain default


local-user admin password cipher %$%$d9"fEUzy2!gO%HWdOK`$^ypg%$%$


#

interface Vlanif15

ip address 10.4.15.13 255.255.255.0

#



#



#




#



#




#



#




#



#



#



#



#



#






#



#



#






#



#



#



#



#



#



#




#




#



#



#



#



#

interface NULL0

#

bgp 10

router-id 10.4.13.13




#

ipv4-family unicast



#


area 0.0.0.15

network 10.4.15.13 0.0.0.0

#



set authentication password cipher %$%$c;|YQt/egAfdH8#%00RL,H~6]~fe37+MrYLDme93$K=~INE@%$%$

idle-timeout 0 0

screen-length 0


#

return

<SW3>

SW4

<SW4>di cu

#


sysname SW4

#

vlan batch 10 15 24 30 35 100 135 255

#


#


#


region-name HW

revision-level 1




#

aaa




domain default


local-user admin password cipher %$%$ah]5<lOI7O(pE=Tm:Bk*4C:1%$%$


#



#



#



#



#




#



#




#




#



#



#



#



#






stp disable

#



#



#






stp disable

#



#



#



#



#



#



#



#



#



#



#



#



#

interface NULL0

#

smart-link group 4

restore enable

smart-link enable



timer wtr 40


#



set authentication password cipher %$%$P5!Z/ly/=,"hg~)\,'tL,d[Rbu,9C-3&+-]$tx)~)\D:Ija\%$%$

idle-timeout 0 0

screen-length 0


#

return

R1

<R1>di cu

[V200R003C01SPC900]

#

sysname R1

#

board add 0/1 2SA

board add 0/2 2SA

board add 0/3 2SA

#

snmp-agent local-engineid 800007DB03D46AA873391C

snmp-agent

#

http timeout 3

#


#

router id 10.4.1.1

#


#

bfd

#

pki realm default


#

#

acl number 3000



rule 15 deny udp destination-port eq 445

#

aaa





domain default


domain ppppap


local-user admin password cipher %$%$W].o8lpR/R}/{{>3\4iA]bu:%$%$


local-user papuser password cipher %$%$Zo14*^^(l1k[Fn3(Z*AG`yi2%$%$


#

isis 4

is-level level-2

cost-style wide

network-entity 49.0012.0000.0000.0001.00

import-route ospf 4 route-policy OSPFaISIS

#

firewall zone Local

priority 64

#


link-protocol fr

undo fr inarp



description FR a R4 R5

ip address 10.4.145.1 255.255.255.0

pim sm

#


link-protocol ppp

#


link-protocol ppp



ppp chap password cipher %$%$9MB7NG[hY9\p5eE#7'GS,"JQ%$%$

ip address 10.4.12.1 255.255.255.0

isis enable 4


pim sm

#


link-protocol ppp

#


link-protocol ppp

description a BB1

ip address 157.68.1.1 255.255.255.0


#


link-protocol ppp

#


#


description a Sw3 - R5

ip address 10.4.15.1 255.255.255.0


pim sm

ospf cost 2000

#


#


link-protocol ppp

#


link-protocol ppp

#

interface NULL0

#

interface LoopBack0

ip address 10.4.1.1 255.255.255.255

#

bgp 10

router-id 10.4.1.1





peer 157.68.1.254 as-number 254

peer 157.68.1.254 fake-as 100

#

ipv4-family unicast




peer 10.4.12.2 route-policy de_r2 import



peer 157.68.1.254 route-policy AS-PATH import

#

ospf 1

#


import-route isis 4 route-policy ISISaOSPF

peer 10.4.145.4

peer 10.4.145.5

preference ase route-policy EXTER 150

area 0.0.0.0


network 10.4.1.1 0.0.0.0

network 10.4.145.1 0.0.0.0

network 157.68.1.1 0.0.0.0

area 0.0.0.15

network 10.4.15.1 0.0.0.0

vlink-peer 10.4.5.5

#

route-policy EXTER permit node 10

if-match tag 100

apply preference 13

#

route-policy ISISaOSPF deny node 10

if-match tag 401

#

route-policy ISISaOSPF permit node 20

apply tag 104

#

route-policy OSPFaISIS deny node 10

if-match tag 102

#

route-policy OSPFaISIS permit node 20

apply tag 101

#

route-policy AS-PATH permit node 10


#

route-policy de_r2 permit node 10

if-match ip-prefix red40

#

route-policy de_r2 permit node 20


#

ip ip-prefix red40 index 10 permit 10.4.40.0 24

#



set authentication password cipher %$%$/T~XOk~H8B_SLuND|2{T,%7<O{zrJ`>F!U)}_b<QCD{X%7~,%$%$

idle-timeout 0 0

screen-length 0


#

wlan ac

#

voice

#

diagnose

#

return

R2

<R2>di cu

[V200R003C01SPC900]

#

sysname R2

#

board add 0/1 2SA

board add 0/2 2SA

board add 0/3 2SA

#

snmp-agent local-engineid 800007DB03D46AA87334A8

snmp-agent

#

http timeout 3

#


#

router id 10.4.2.2

#


#

pki realm default


#

#

acl number 2000


#

aaa





domain default


domain pppchap


local-user admin password cipher %$%$fNE(RIoxA>,[Qt3)}SpY]^gu%$%$


local-user chapuser password cipher %$%$Mc=DY/\FY!5!hu@2>P\I`(9m%$%$


#

isis 4

is-level level-2

cost-style wide

network-entity 49.0012.0000.0000.0002.00

#

firewall zone Local

priority 64

#


link-protocol ppp

#


link-protocol ppp

#


link-protocol ppp


ppp pap local-user papuser password cipher %$%$V;^B<k5)W9\6rZ3{=Xu*,"})%$%$

ip address 10.4.12.2 255.255.255.0

isis enable 4


pim sm

#


link-protocol ppp

#


link-protocol ppp

#


link-protocol ppp

#


description a BB3

ip address 157.68.3.1 255.255.255.0

#



ip address 10.4.24.2 255.255.255.0

isis enable 4



pim sm

#


#


link-protocol ppp

#


link-protocol ppp

#

interface NULL0

#

interface LoopBack0

ip address 10.4.2.2 255.255.255.255

isis enable 4

pim sm

#

bgp 20

router-id 10.4.2.2




#

ipv4-family unicast





#

route-policy r2 permit node 10


#

pim


#



set authentication password cipher %$%$5w*2>G3UHCoc8$3.\IMO,%6\!m%YC'{Ym+zXaGV5z;mX%6_,%$%$

idle-timeout 0 0

screen-length 0


#

wlan ac

#

voice

#

diagnose

#

return

<R2>

R3

<R3>di cu

[V200R003C01SPC900]

#

sysname R3

#

board add 0/1 2SA

board add 0/2 2SA

board add 0/3 2SA

#

snmp-agent local-engineid 800007DB03D46AA8733460

snmp-agent

#

http timeout 3

#


#

router id 10.4.3.3

#


#

pki realm default


#

#

acl number 2000


#

drop-profile DROP

wred dscp

dscp af11 low-limit 20 high-limit 95 discard-percentage 30

#

traffic classifier AF operator or

if-match dscp af11

traffic classifier LLQ operator or

if-match dscp ef

#

traffic behavior AF

queue af bandwidth pct 40

traffic behavior LLQ

queue llq bandwidth pct 30

#

traffic policy TP

classifier LLQ behavior LLQ

classifier AF behavior AF

#

aaa




domain default


local-user admin password cipher %$%$+[{2~/$'49~~b:,ZTIBZ]ao~%$%$


#

firewall zone Local

priority 64

#


link-protocol ppp

#


link-protocol ppp

#


link-protocol ppp

#


link-protocol ppp

#


link-protocol ppp

ip address 10.4.34.3 255.255.255.0

pim sm

#


link-protocol ppp

#


description Eth a Sw1

ip address 10.4.30.3 255.255.255.0

traffic-policy TP outbound

ip netstream sampler fix-packets 200 inbound

ip netstream inbound

#


description Eth a R5

ip address 10.4.35.3 255.255.255.0

pim sm

#


#


link-protocol ppp

#


link-protocol ppp

#

interface NULL0

#

interface LoopBack0

ip address 10.4.3.3 255.255.255.255

pim sm

#

bgp 345

router-id 10.4.3.3





#

ipv4-family unicast







#


area 0.0.0.0


area 0.0.0.34

network 10.4.30.3 0.0.0.0

network 10.4.34.3 0.0.0.0

nssa

area 0.0.0.35

network 10.4.3.3 0.0.0.0

network 10.4.35.3 0.0.0.0

vlink-peer 10.4.5.5

#

pim


#

ip netstream aggregation destination-prefix

enable

export version 9

ip netstream export source 10.4.3.3

ip netstream export host 10.4.10.30 6000

#



set authentication password cipher %$%$/%[%#,gJdL'c2HT0Q+d*,%5j^Z>j4u>^THkpW\<^oJB4%5m,%$%$

idle-timeout 0 0

screen-length 0


#

wlan ac

#

voice

#

diagnose

#

return

R4

<R4>di cu

[V200R003C01SPC900]

#

sysname R4

#

board add 0/1 2SA

board add 0/2 2SA

board add 0/3 2SA

#

snmp-agent local-engineid 800007DB03D46AA87338E4

snmp-agent

#

http timeout 3

#


#

router id 10.4.4.4

#


#

pki realm default


#

#

qos map-table dscp-dscp

input 27 output 7

#

aaa




domain default


local-user admin password cipher %$%$f)StU$6nbH*`t%9Ra+.>]]DC%$%$


#

isis 4

is-level level-2

cost-style wide

network-entity 49.0004.0000.0000.0004.00

import-route ospf 4 route-policy O2I

#

firewall zone Local

priority 64

#


link-protocol fr

undo fr inarp



description Ser FR a R1

ip address 10.4.145.4 255.255.255.0

pim sm

ospf dr-priority 0

#


link-protocol ppp

#


link-protocol ppp

description Ser a R3

ip address 10.4.34.4 255.255.255.0

pim sm

#


link-protocol ppp

#


link-protocol ppp

#


link-protocol ppp

#


ip address 10.4.24.4 255.255.255.0

isis enable 4



trust dscp override

pim sm

#


description LAN

ip address 10.4.40.4 255.255.255.0

#


#


link-protocol ppp

#


link-protocol ppp

#

interface NULL0

#

interface LoopBack0

ip address 10.4.4.4 255.255.255.255

pim sm

#

bgp 345

router-id 10.4.4.4




#

ipv4-family unicast


network 10.4.40.0 255.255.255.0



#


import-route isis 4 route-policy I2O

peer 10.4.145.1

preference ase route-policy EXT 150

area 0.0.0.0


network 10.4.4.4 0.0.0.0

network 10.4.145.4 0.0.0.0

area 0.0.0.34

network 10.4.34.4 0.0.0.0


#

route-policy I2O deny node 10

if-match tag 101

#

route-policy EXT permit node 10

if-match tag 100

apply preference 13

#

route-policy O2I deny node 10

if-match tag 104

#

route-policy O2I permit node 20

apply tag 401

#

pim

c-bsr LoopBack0

#



set authentication password cipher %$%$&q)J0"'ntDUw-_2;|+IE,%5w*@+3K+b_9)h.`4L>):uJ%5z,%$%$

idle-timeout 0 0

screen-length 0


#

wlan ac

#

voice

#

diagnose

#

return

<R4>

R5

<R5>di cu

[V200R003C01SPC900]

#

sysname R5

#

board add 0/1 2SA

board add 0/2 2SA

board add 0/3 2SA

#


snmp-agent

#

http timeout 3

#


#

router id 10.4.5.5

#


#

undo anti-attack abnormal enable

undo anti-attack fragment enable

undo anti-attack icmp-flood enable

#

pki realm default


#

#

aaa




domain default


local-user admin password cipher %$%$lBKpIQoSzOU%tsMGkI4']c#v%$%$


#

firewall zone Local

priority 64

#


link-protocol fr

undo fr inarp



description Ser FR a R1

ip address 10.4.145.5 255.255.255.0

pim sm

ospf dr-priority 0

#


link-protocol ppp

#


link-protocol ppp

#


link-protocol ppp

#


link-protocol ppp

ip address 10.4.56.5 255.255.255.0

#


link-protocol ppp

#


description Eth a R3

ip address 10.4.35.5 255.255.255.0

pim sm

igmp enable


#



ip address 10.4.15.5 255.255.255.0

pim sm

ospf cost 2000

#


#


link-protocol ppp

#


link-protocol ppp

#

interface NULL0

#

interface LoopBack0

ip address 10.4.5.5 255.255.255.255

#

bgp 345

router-id 10.4.5.5




#

ipv4-family unicast


aggregate 60.10.0.0 255.255.252.0 as-set origin-policy ORIG attribute-policy ATTRIB



#


peer 10.4.145.1

area 0.0.0.0


network 10.4.5.5 0.0.0.0

network 10.4.145.5 0.0.0.0

area 0.0.0.15

network 10.4.15.5 0.0.0.0

vlink-peer 10.4.1.1

area 0.0.0.35

network 10.4.35.5 0.0.0.0

vlink-peer 10.4.3.3

area 0.0.0.56

network 10.4.56.5 0.0.0.0

#

route-policy ORIG permit node 10


#

route-policy ATTRIB permit node 10


#

pim


#


#


#



set authentication password cipher %$%$=IH"PZb:9:pqr!(oyDNN,%5hlP]`/d[*iW*rASIxC\'W%5k,%$%$

idle-timeout 0 0

screen-length 0


#

wlan ac

#

voice

#

diagnose

#

return

R6

<R6>di cu

[V200R003C01SPC900]

#

sysname R6

#

board add 0/1 2SA

board add 0/2 2SA

board add 0/3 2SA

#


snmp-agent

#

http timeout 3

#


#

router id 10.1.6.6

#

pki realm default


#

#

aaa




domain default


local-user admin password cipher %$%$RzK'Yep(xDx4d7&9/yG$]sje%$%$


#

firewall zone Local

priority 64

#


link-protocol ppp

#


link-protocol ppp

#


link-protocol ppp

ip address 10.4.56.6 255.255.255.0

#


link-protocol ppp

#


link-protocol ppp

ip address 157.68.2.1 255.255.255.0


#


link-protocol ppp

#


#


#


#


link-protocol ppp

#


link-protocol ppp

#

interface NULL0

#

interface LoopBack0

ip address 10.4.6.6 255.255.255.255

#

bgp 60

router-id 10.4.6.6


peer 157.68.2.254 as-number 254

#

ipv4-family unicast





#



import-route rip 4 cost 100 tag 100

area 0.0.0.56

network 10.4.6.6 0.0.0.0

network 10.4.56.6 0.0.0.0

#

rip 4

version 2

peer 157.68.2.254

network 157.68.0.0

silent-interface all

filter-policy ip-prefix imp_bb2 import Serial3/0/0

import-route ospf 4

#

ip ip-prefix imp_bb2 index 10 permit 171.10.0.0 22 greater-equal 24 less-equal 24

#



set authentication password cipher %$%$(7TfH);4u0xi&FIV5dC-,%5/$#Q!+>^0ODDE4X>uS1:2%52,%$%$

idle-timeout 0 0

screen-length 0


#

wlan ac

#

voice

#

diagnose

#

return

Protegido: lab4SW1

<SW1>dis save


#

sysname SW1

#

vlan batch 35 110 113 135 222 224 255

#



#



#


#


region-name HUAWEI

revision-level 12

instance 10 vlan 110 135 222 224



#

aaa




domain default




#

interface Vlanif1

#

interface Vlanif110

ip address 10.1.110.11 255.255.255.0

#

interface Vlanif113

ip address 10.1.113.11 255.255.255.0

#

interface MEth0/0/1

#



#




#



#



#



#



#



#



#



#




#



#



#




port trunk allow-pass vlan 35 110 113 135 222 224 255

#



#



#





#



#



#





#



#



#



#




#



#

interface NULL0

#

ospf 1

import-route direct route-policy vlan113

area 0.0.0.34

network 10.1.113.11 0.0.0.0

nssa

#

route-policy vlan113 permit node 10


apply tag 100

#



set authentication password cipher %@%@}eVdSNi&XPFu)kWPQ`/S,GW(g\Do53mt#Z#x#uLFt{g2GW+,%@%@

screen-length 0



#

return

SW2

<SW2>dis save


#

sysname SW2

#

vlan batch 35 110 113 135 222 224 255

#



#


#



#


#


region-name HUAWEI

revision-level 12

instance 10 vlan 110 135 222 224



#

aaa




domain default




#

interface Vlanif1

#

interface Vlanif222

ip address 10.1.222.12 255.255.255.0

pim sm

#

interface Vlanif224

ip address 10.1.224.12 255.255.255.0

undo rip output

undo rip input

pim sm

#

interface MEth0/0/1

#




#




#




#




#



#



#



#



#



#



#



#



#





#



#



#





#



#



#





#



#



#



#



#



#

interface NULL0

#

bgp 20



#

ipv4-family unicast




#

ospf 1

import-route rip 1 route-policy RIPtoOSPF

preference ase route-policy ext 150

area 0.0.0.224

network 10.1.224.12 0.0.0.0

#

rip 1

undo summary

version 2

network 10.0.0.0

import-route ospf 1 route-policy OSPFtoRIP

#

route-policy RIPtoOSPF deny node 10

if-match tag 101

#

route-policy RIPtoOSPF permit node 20

apply tag 102

#

route-policy OSPFtoRIP deny node 10

if-match tag 202

#

route-policy OSPFtoRIP permit node 20

apply tag 201

#


if-match tag 100

apply preference 10

#



set authentication password cipher %@%@zlk)>T]]kBbjkY;86k;',G2DI0s9HFZqpFO\fmD"cz"GG2G,%@%@

screen-length 0



#

return

SW3

<SW3>dis save

#


sysname SW3

#

vlan batch 35 110 113 135 222 224 255

#


#


#


region-name HUAWEI

revision-level 12

instance 10 vlan 110 135 222 224



#

aaa




domain default


local-user admin password cipher %$%$%h%uBV,a]MHp'=O0,3c!`kbY%$%$


#

interface Vlanif135

ip address 10.1.135.13 255.255.255.0

#



#



#




#



#




#



#



#



#



#



#



#



#





#



#



#





#



#



#



#



#



#



#




#




stp root-protection

#



#



#



#



#

interface NULL0

#

bgp 10


#

ipv4-family unicast



#

ospf 1

area 0.0.0.135

network 10.1.135.13 0.0.0.0

#



set authentication password cipher %$%$U~jWYM"%h'YNTNDK%IbG,]TKW3rc,A3f06YjQ=A=|OA~GcZU%$%$

screen-length 0


#

return

SW4

<SW4>DIS SAVE

#


sysname SW4

#

vlan batch 35 110 113 135 222 224 255

#


#


#

aaa




domain default


local-user admin password cipher %$%$jTUCZ50@(.n]t&HqoV3.4+"v%$%$


#



#



#



#



#




#



#



#



#



#



#



#



#





stp disable

#



#



#





stp disable

#



#



#



#



#



#



#



#



#



#



#



#



#

interface NULL0

#

smart-link group 4

restore enable

smart-link enable



timer wtr 30


#



set authentication password cipher %$%$v>iPG{j';9.vS`,A"3Y',{ri[R$U9QGBoGNYOEE"=CH6G$xs%$%$

screen-length 0


#

return

R1

<R1>dis save

[V200R003C01SPC900]

#

sysname R1

#

board add 0/1 2SA

board add 0/2 2SA

board add 0/3 2SA

#

snmp-agent local-engineid 800007DB03D46AA8733F30

snmp-agent

#

http timeout 3

#


#

router id 10.1.1.1

#


#

pki realm default


#

#

aaa





domain default


domain pppchap


local-user admin password cipher %$%$J{5vPf_^e"Q,*-&ubpUJ`.~`%$%$


local-user chapuser password cipher %$%$]]ek$z51uKz=RbMZzv~Fdc}8%$%$


#

firewall zone Local

priority 64

#


link-protocol fr

undo fr inarp



ip address 10.1.145.1 255.255.255.0

undo rip output

undo rip input

pim sm

#


link-protocol ppp

#


link-protocol ppp


ppp pap local-user papuser password cipher %$%$dP:1Fv^/J64zkm4AhO`A,|"X%$%$

ip address 10.1.12.1 255.255.255.0

pim sm

#


link-protocol ppp

#


link-protocol ppp

ip address 157.68.1.1 255.255.255.0

#


link-protocol ppp

#



#


ip address 10.1.135.1 255.255.255.0

undo rip output

undo rip input

ospf cost 2000

#


#


link-protocol ppp

#


link-protocol ppp

#

interface NULL0

#

interface LoopBack0

ip address 10.1.1.1 255.255.255.255

#

bgp 10



peer 157.68.1.254 as-number 254

peer 157.68.1.254 fake-as 100

#

ipv4-family unicast




peer 10.1.12.2 route-policy R2 import



peer 157.68.1.254 route-policy as-path import

#

ospf 1

import-route rip 1 route-policy RIPtoOSPF

peer 10.1.145.4

peer 10.1.145.5

preference ase route-policy ext 150

area 0.0.0.0


network 10.1.1.1 0.0.0.0

network 10.1.145.1 0.0.0.0

network 157.168.1.1 0.0.0.0

area 0.0.0.135

network 10.1.135.1 0.0.0.0

vlink-peer 10.1.5.5

#

rip 1

undo summary

version 2

network 10.0.0.0

import-route ospf 1 route-policy OSPFtoRIP

#

route-policy RIPtoOSPF deny node 10

if-match tag 201

#

route-policy RIPtoOSPF permit node 20

apply tag 202

#

route-policy OSPFtoRIP deny node 10

if-match tag 102

#

route-policy OSPFtoRIP permit node 20

apply tag 101

#


if-match tag 100

apply preference 10

#



#



#


#



set authentication password cipher %$%$T&\a#AQ7B1f-zjVb]uZ~,$^-ORAL4M,7F"'mltPCakHA$^0,%$%$

screen-length 0


#

wlan ac

#

voice

#

diagnose

#

return

<R1>

R2

<R2>dis save

[V200R003C01SPC900]

#

sysname R2

#

board add 0/1 2SA

board add 0/2 2SA

board add 0/3 2SA

#


snmp-agent

#

http timeout 3

#


#

router id 10.1.2.2

#


#

pki realm default


#

#

acl number 2000


#

aaa





domain default


domain pppap

local-user admin password cipher %$%$^KK$>0pa39i.~l"s"l8*]i.k%$%$


local-user papuser password cipher %$%${.b7Xk*}p12z,P))CFz,`{g]%$%$


#

firewall zone Local

priority 64

#


link-protocol ppp

#


link-protocol ppp

#


link-protocol ppp

ppp authentication-mode pap domain pppap


ppp chap password cipher %$%$f{2-B<2@N*"w[,)p|r4<,}\t%$%$

ip address 10.1.12.2 255.255.255.0

pim sm

#


link-protocol ppp

#


link-protocol ppp

#


link-protocol ppp

#


ip address 157.68.3.1 255.255.255.0

#


ip address 10.1.222.2 255.255.255.0

pim sm

#


#


link-protocol ppp

#


link-protocol ppp

#

interface NULL0

#

interface LoopBack0

ip address 10.1.2.2 255.255.255.255

#

bgp 20



#

ipv4-family unicast




#

rip 1

undo summary

version 2

network 10.0.0.0

import-route direct route-policy directas

#

route-policy directas permit node 10


#

pim


#



set authentication password cipher %$%$!f;aQ]uri%l\T!1-wEM>,$_ZVfoP.FUzW-\{ooY.FMiE$_],%$%$

screen-length 0


#

wlan ac

#

voice

#

diagnose

#

return

<R2>

R3

<R3>dis save

[V200R003C01SPC900]

#

sysname R3

#

board add 0/1 2SA

board add 0/2 2SA

board add 0/3 2SA

#


snmp-agent

#

http timeout 3

#


#

router id 10.1.3.3

#


#

pki realm default


#

#

acl number 2000


#

aaa




domain default


local-user admin password cipher %$%$1ipMGg[4VXw`hl9C_`J$]a'S%$%$


#

firewall zone Local

priority 64

#


link-protocol ppp

#


link-protocol ppp

#


link-protocol ppp

ip address 172.1.23.3 255.255.255.0

pim sm

#


link-protocol ppp

#


link-protocol ppp

ip address 10.1.34.3 255.255.255.0

pim sm

#


link-protocol ppp

#


ip address 10.1.113.3 255.255.255.0

#


ip address 10.1.35.3 255.255.255.0

pim sm

#


#


link-protocol ppp

#


link-protocol ppp

#

interface NULL0

#

interface LoopBack0

ip address 10.1.3.3 255.255.255.255

#

bgp 345





#

ipv4-family unicast






#

ospf 1

area 0.0.0.34

network 10.1.34.3 0.0.0.0

network 10.1.113.3 0.0.0.0

nssa

area 0.0.0.35

network 10.1.3.3 0.0.0.0

network 10.1.35.3 0.0.0.0

vlink-peer 10.1.5.5

#

pim


#



set authentication password cipher %$%$1JisFQ+dEY]A;'(/+"t2,$_w:>rCMqlGMMR6zv~c*sB>$_z,%$%$

screen-length 0


#

wlan ac

#

voice

#

diagnose

#

return

R4

<R4>dis save

[V200R003C01SPC900]

#

sysname R4

#

board add 0/1 2SA

board add 0/2 2SA

board add 0/3 2SA

#

snmp-agent local-engineid 800007DB03D46AA87335D0

snmp-agent

#

http timeout 3

#


#

router id 10.1.4.4

#


#

pki realm default


#

#

aaa




domain default


local-user admin password cipher %$%$ZHW^'+1g%(cv~X0N4lD#]hH#%$%$


#

firewall zone Local

priority 64

#


link-protocol fr

undo fr inarp


ip address 10.1.145.4 255.255.255.0

pim sm

#


link-protocol ppp

#


link-protocol ppp

ip address 10.1.34.4 255.255.255.0

pim sm

#


link-protocol ppp

#


link-protocol ppp

#


link-protocol ppp

#


ip address 10.1.224.4 255.255.255.0

pim sm

#


ip address 172.1.40.4 255.255.255.0

#


#


link-protocol ppp

#


link-protocol ppp

#

interface NULL0

#

interface LoopBack0

ip address 10.1.4.4 255.255.255.255

#

interface LoopBack1

ip address 10.1.40.4 255.255.255.0

#

bgp 345




#

ipv4-family unicast


network 10.1.40.0 255.255.255.0



#

ospf 1

peer 10.1.145.1

area 0.0.0.0


network 10.1.4.4 0.0.0.0

network 10.1.145.4 0.0.0.0

area 0.0.0.34

network 10.1.34.4 0.0.0.0

nssa

area 0.0.0.224

network 10.1.224.4 0.0.0.0

#

pim

c-bsr LoopBack0

#



set authentication password cipher %$%$(^z$L}bJx5MdEe+3ocW:,$_\5K9+:vy5LAbe"0VES7VY$__,%$%$

screen-length 0


#

wlan ac

#

voice

#

diagnose

#

return

R5

<R5>dis save

[V200R003C01SPC900]

#

sysname R5

#

board add 0/1 2SA

board add 0/2 2SA

board add 0/3 2SA

#

snmp-agent local-engineid 800007DB03D46AA8733A04

snmp-agent

#

http timeout 3

#


#

router id 10.1.5.5

#


#

pki realm default


#

#

aaa




domain default


local-user admin password cipher %$%$@NY:,v:KwJ(xmbBAp@),`.Iu%$%$


#

firewall zone Local

priority 64

#


link-protocol fr

undo fr inarp


ip address 10.1.145.5 255.255.255.0

pim sm

#


link-protocol ppp

#


link-protocol ppp

#


link-protocol ppp

#


link-protocol ppp

ip address 10.1.56.5 255.255.255.0

#


link-protocol ppp

#


ip address 10.1.35.5 255.255.255.0

pim sm

#


ip address 10.1.135.5 255.255.255.0

pim sm

igmp enable


ospf cost 2000

#


#


link-protocol ppp

#


link-protocol ppp

#

interface NULL0

#

interface LoopBack0

ip address 10.1.5.5 255.255.255.255

#

bgp 345




#

ipv4-family unicast


aggregate 60.0.0.0 255.255.252.0 as-set origin-policy origen attribute-policy att




#

ospf 1


import-route rip 1 route-policy R5

peer 10.1.145.1

area 0.0.0.0


network 10.1.5.5 0.0.0.0

network 10.1.145.5 0.0.0.0

area 0.0.0.35

network 10.1.35.5 0.0.0.0

vlink-peer 10.1.3.3

area 0.0.0.135

network 10.1.135.5 0.0.0.0

vlink-peer 10.1.1.1

#

rip 1

undo summary

version 2

network 10.0.0.0

import-route ospf 1

#



apply cost 100

apply tag 100

#

route-policy origen permit node 10


#



#

pim


#




#


#


#



set authentication password cipher %$%$2Y%L=lAB.!~}rbDEvX}-,$^i3A-b8s%lD2sYZkE1M2Q9$^l,%$%$

screen-length 0


#

wlan ac

#

voice

#

diagnose

#

return

R6

<R6>dis save

[V200R003C01SPC900]

#

sysname R6

#

board add 0/1 2SA

board add 0/2 2SA

board add 0/3 2SA

#


snmp-agent

#

http timeout 3

#


#

router id 10.1.6.6

#


#

pki realm default


#

#

aaa




domain default


local-user admin password cipher %$%$0mTj$tVV);XZJ^2pKd*~]fSp%$%$


#

firewall zone Local

priority 64

#


link-protocol ppp

#


link-protocol ppp

#


link-protocol ppp

ip address 10.1.56.6 255.255.255.0

#


link-protocol ppp

#


link-protocol ppp

ip address 157.68.2.1 255.255.255.0


#


link-protocol ppp

#


#


#


#


link-protocol ppp

#


link-protocol ppp

#

interface NULL0

#

interface LoopBack0

ip address 10.1.6.6 255.255.255.255

#

bgp 60


peer 157.68.2.254 as-number 254

#

ipv4-family unicast




#

rip 1

undo summary

version 2

peer 157.68.2.254

network 10.0.0.0

network 157.68.0.0

silent-interface Serial2/0/0

filter-policy ip-prefix RIP-SUMMARY export Serial3/0/0

#

ip ip-prefix RIP-SUMMARY index 10 permit 10.1.0.0 16

#



set authentication password cipher %$%$Mrt/($w)l'!5g/=HI~5S,$_Vjl/E'&cfeIy2!:B7B}6$$_Y,%$%$

screen-length 0


#

wlan ac

#

voice

#

diagnose

#

return

LAB5

1.1 VLAN（3p） Create VLAN 10, VLAN 15, VLAN 24, VLAN 30, VLAN 35, VLAN 255 in SW1.SW2.SW3.SW4

Assign the following interfaces to the corresponding VLANs. The interface mode is Access.

system-view

vlan batch 10 15 24 30 40 35 255

#

int GE0/0/X

undo port hybrid untagged vlan 1


port default vlan 10 ###vlan 10,15,24,30,35,255

#

int GE0/0/Y




1.2 Link Aggregation (3p) SW1 and SW2 are connected to each other through GE0/0/13, GE0/0/14 and GE0/0/15

respectively, and these three interfaces are bundled into one logical interface. SW2 is the actor. The maximum available bandwidth between two devices is 2G. The interface connected to GE0 /

0/13 is the backup link. After the active interface GE0/0/14 or GE0/0/15 in SW2 goes Down, GE0/0/13 immediately

becomes the active interface. If the faulty interface is restored, GE0/0/13 is backed up after a delay of 10s.After the active interface GE0/0/14 or GE0/0/15 in SW2 is Down, GE0/0/13 immediately becomes the active

SW1#interface Eth-Trunk1 mode lacp-static trunkport gigabitethernet 0/0/13

trunkport gigabitethernet 0/0/14 trunkport gigabitethernet 0/0/15#

SW2#lacp priority 0#interface Eth-Trunk1 mode lacp-static trunkport gigabitethernet 0/0/13 trunkport gigabitethernet 0/0/14 trunkport gigabitethernet 0/0/15 lacp preempt enable max active-linknumber 2 lacp preempt delay 10 #interface g0/0/13 lacp priority 60000#

dis eth-trunk dis trunkmembership eth-trunk

A prioridade da lacq da interface é usada para determinar o link ativo, o padrão é 32768, quanto menor a prioridade, maior será a prioridade da lacp.

1.3 Trunk （1p） SW1 and SW2 are connected to each other through GE0/0/13, GE0/0/14 and GE0/0/15 interfaces

respectively. GE0/0/16 of SW1 is connected to Eth0/0/13 of SW3, GE0/0/16 of SW2 is connected to Eth0/0/16 of

SW3, and GE0/0/19 of SW2 is connected to Eth0/0/16 of SW4. The interfaces interconnected on SW1, SW2, SW3 and SW4 are modified into Trunk types to allow

all VLANs except vlan 1 to pass through.

SW1 #interface Eth-Trunk1 port link-type trunk undo trunk allow-pass vlan 1 port trunk allow-pass vlan 2 to 4094#

SW2#interface Eth-Trunk1 port link-type trunk

undo trunk allow-pass vlan 1 port trunk allow-pass vlan 2 to 4094

1.4 MSTP（2p）

SW1, SW2, SW3 are running MSTP. VLAN 10, VLAN 15 and VLAN 24 are in Instance 1, SW1 is the Primary Root, SW2 is the

Secondary Root, VLAN 30, VLAN 35 and VLAN 255 are in Instance 2, SW2 is the Primary Root, SW1 is the Secondary Root, and MSTP Region-name is HW, Revion-level is 1.

The GE0 / 0/10 interface of SW 1 connects directly to the PC. After the interface is UP, it needs to be in the forwarding status immediately. After receiving a BPDU packet, the interface needs to be shut down automatically.

SW1：# stp mode mstp stp region-configuration region-name HW revision-level 1 instance 1 vlan 10 15 24 instance 2 vlan 30 35 255 active region-configuration#stp instance 1 root primarystp instance 2 root secondary#stp bpdu-protection#interface G0/0/10 stp edge-port enable#

SW2：# stp mode mstp stp region-configuration region-name HW revision-level 1 instance 1 vlan 10 15 24 instance 2 vlan 30 35 255 active region-configuration#stp instance 2 root primarystp instance 1 root secondary#

SW3：# stp mode mstp

stp region-configuration region-name HW revision-level 1 instance 1 vlan 10 15 24 instance 2 vlan 30 35 255 active region-configuration# dis stp dis stp brief dis stp region-config

1.5 Smart Link（2p）

SW4 is connected to GE0/0/19 of SW1 through Eth0/0/13 and to GE0/0/19 of SW2 through Eth0/0/16. Eth0/0/13 is the master interface and Eth0/0/16 is the slave interface.

If a problem occurs on the Eth0/0/13 interface of SW4, the traffic automatically switches to the Eth0/0/16 interface. After Eth0/0/13 is restored to normal, traffic is automatically switched back within 30s. VLAN 10 as the Control VLAN.

SW4system-view#interface g0/0/13 ###接 SW1的 g0/0/19口 stp disableinterface g0/0/16 ###接 SW2的 g0/0/19口 stp disable# smart-link group 1 port g0/0/13 master port g0/0/16 slave smart-link enable ### Enable Smart Link group function restore enable ### Enable the switchback function of the smart link group. timer wtr 30 ### Set the Smart Link group switch-back time. By default, the Smart Link group switch-back time is 60 seconds. flush send control-vlan 10 ### The control VLAN can not be a VLAN mapped to a load-sharing instance#

SW1/SW2#interface g0/0/19 stp disable smart-link flush receive control-vlan 10 ## Habilite recepção de mensagens de descarga e configure o ID de VLAN de controle e a senha carregada em pacotes Flush (opcional)#dis smart-link group 1 ### Verifique o status do grupo de ligação inteligentedis smart-link flush ### Veja a informação de pacote de descarga recebida

1.6 Frame-Relay（1p）

Frame-Relay is used for interconnection between R1, R4 and R5 in Hub-Spoke mode. R1 is the Hub and R4 and R5 are Spoke. All Frame-Relay interfaces can not use sub-interfaces, and turn off the automatic Inverse ARP function

R1#interface Serial0/0/0 ### Here the new version of the simulator is 1/0/0 link-protocol fr undo fr inarp fr map ip 10.1.145.4 104 broadcast fr map ip 10.1.145.5 105 broadcast ip address 10.1.145.1 255.255.255.0#R4#interface Serial0/0/0 link-protocol fr undo fr inarp fr map ip 10.1.145.1 401 broadcast fr map ip 10.1.145.5 401 broadcast ip address 10.1.145.4 255.255.255.0#R5#interface Serial0/0/0 link-protocol fr undo fr inarp fr map ip 10.1.145.1 501 broadcast fr map ip 10.1.145.4 501 broadcast ip address 10.1.145.5 255.255.255.0#

1.7 PPP（2p）

R1 and R2 are interconnected through a serial interface, and the encapsulation type is PPP. R1 needs CHAP authentication for R2, R1 is the authentication end, and R2 is the authentication

end. The verified user name is chapuser and the password is CHAP123. R2 needs PAP authentication on R1, R2 on the authentication side, R1 on the authenticated side,

papuser on the authentication side, and PAP123 on the authentication side.

R1 # interface s0/0/2 ### The new simulator uses 1/0/1 ppp authentication-mode chap domain pppchap ppp pap local-user HUAWEI password cipher HUAWEI quit aaa authentication-scheme chap authentication-mode local domain pppchap authentication-scheme chap

local-user huawei password cipher huawei local-user huawei service-type ppp

R2 # interface s0/0/2 ## New simulator with 1/0/1 ppp authentication-mode pap ppppap ppp chap user huawei ppp chap password cipher huawei quit aaa authentication-scheme pap authentication-mode local domain ppppap authentication-scheme pap local-user HUAWEI password cipher HUAWEI local-user HUAWEI service-type ppp #

2.1 BASIC CONFIGRATION（3p）

As shown in the figure, the device interconnection address is 10.Y.ZZ.X / 24, where Y is the rack number, X is the device number, the device number rule is R1 is 1, R2 is 2 and so on, SW1 is 11, SW2 12 and so on, ZZ as shown in Figure II.

All routers have a loopback address, the address is 10.Y.X.X / 32. The address of R1 connecting BB1 is 157.68.1.1/24: the interface of BB1 is 157.68.1.254/24; The address of R6 connecting to BB2 is 157.68.2.1/24: the interface of B2B is 157.68.2.254/24 The address of R2 connecting to BB3 is 157.68.3.1/24: the interface of BB3 is 157.68.3.254/24; The router’s router-id is the loopback address.

2.2 RIP（2p） R6 is connected to BB2 via S3 / 0/0, RIPv2 is connected to R6 and BB2, and 157.68.2.254/24 is

connected to BB2 on BB2. The interface on the unrelated RIP can not run RIP but sends only unicast routing information.

R6 can only accept the four routes of 171.10.0.0/24, 171.10.1.0/24, 171.10.2.0/24, and 171.10.3.0/24, with the fewest commands.

R6：

rip 1

undo summary

version 2

peer 157.68.2.254

network 157.68.0.0

silent-interface all

filter-policy 2000 import S3/0/0 ### S3/0/0 here is the interface of R6 to BB2

#

acl number 2000


#

2.3 Basic OSPF（4p） All OSPF processes are Y. OSPF runs between R1 \ R4 and R5. Its interconnecting interfaces, loopback interfaces, and S3 /

0/0 of R1 all operate in OSPF Area 0, and can not change the default type of the router interface. G0/0/1 for R1, G0/0/1 for R5, and Vlanif15 for SW3 all operate in OSPF Area15. S3/0/0 of R5, S2/0/0 of R6 and loopback mouth all run within OSPF Area 56. G0/0/0 of R5, G0/0/1 of R3, and loopback ports all operate in OSPF Area 35. G0/0/0 of R3, S/0/0 of S30 / 0/0, R4 / 0/0 of R4 and Vlan30 of SW1 all run in the OSPF Area 34.

R1

#

router id 10.1.1.1

#

ospf 1

peer 10.1.145.4

peer 10.1.145.5

area 0.0.0.0

network 157.68.1.1 0.0.0.0

network 10.1.145.1 0.0.0.0

network 10.1.1.1 0.0.0.0

area 0.0.0.15

network 10.1.15.1 0.0.0.0

#

R3

#

router id 10.1.3.3

#

ospf 1

area 0.0.0.0

area 0.0.0.34

network 10.1.34.3 0.0.0.0

network 10.1.30.3 0.0.0.0

area 0.0.0.35

network 10.1.3.3 0.0.0.0

network 10.1.35.3 0.0.0.0

#

R4

#

router id 10.1.4.4

#


ospf dr-priority 0

#

ospf 1

peer 10.1.145.1

area 0.0.0.0

network 10.1.145.4 0.0.0.0

network 10.1.4.4 0.0.0.0

area 0.0.0.34

network 10.1.34.4 0.0.0.0

#

R5

#

router id 10.1.5.5

#


ospf dr-priority 0

#

ospf 1

peer 10.1.145.1

area 0.0.0.0

network 10.1.145.5 0.0.0.0

network 10.1.5.5 0.0.0.0

area 0.0.0.15

network 10.1.15.5 0.0.0.0

area 0.0.0.35

network 10.1.35.5 0.0.0.0

area 0.0.0.56

network 10.1.56.5 0.0.0.0

#

R6

#

router id 10.1.6.6

#

ospf 1

area 0.0.0.56

network 10.1.56.6 0.0.0.0

network 10.1.6.6 0.0.0.0

#

SW1

#

router id 10.1.11.11

#

ospf 1


area 0.0.0.34

network 10.1.30.11 0.0.0.0

#



apply tag 100

#

2.4 OSPF Availability（2p）

The frame relay between R1 and R5 is the primary link. Generally, the traffic of the network segment where Area S3, Area 0/0, and Area 35 of Area 35, Area 56, and R1 reside goes through the Frame Relay link, but this link is not When the frame relay link is interrupted, the traffic needs to be switched to the Ethernet standby link of R1 and R5. If the main link is restored to normal, the traffic will be switched automatically.

Configure the virtual link through area 15 between R1 and R5

R1

#

router id 10.1.1.1

#

ospf 1

area 0.0.0.15

network 10.1.15.1 0.0.0.0

vlink-peer 10.1.5.5

#

int g0/0/1 ### 连接 vlan 15的 link

ospf cost 1570

#

R5

#

router id 10.1.5.5

#

ospf 1

area 0.0.0.15

network 10.1.15.5 0.0.0.0

vlink-peer 10.1.1.1

#

int g0/0/1 ### 连接 vlan 15的 link

ospf cost 1570

#

2.5 Traffic Optimization (2p)

Vlan15 and Vlan30 network access business traffic need to take the Ethernet link.

R3 and R5 through the area 35 to establish a virtual link

R3

router id 10.1.3.3

#

ospf 1

area 0.0.0.0

area 0.0.0.34

network 10.1.34.3 0.0.0.0

network 10.1.30.3 0.0.0.0

area 0.0.0.35

network 10.1.3.3 0.0.0.0

network 10.1.35.3 0.0.0.0

vlink-peer 10.1.5.5

R5

router id 10.1.5.5

#

ospf 1

peer 10.1.145.1

area 0.0.0.0

network 10.1.145.5 0.0.0.0

network 10.1.5.5 0.0.0.0

area 0.0.0.15

network 10.1.15.5 0.0.0.0

area 0.0.0.35

network 10.1.35.5 0.0.0.0

vlink-peer 10.1.3.3

area 0.0.0.56

network 10.1.56.5 0.0.0.0

#

2.6 OSPF authentication（2p）

OSPF area 0 is area authentication, MD5 is required, and the authentication password is HuaWei.

R1router id 10.1.1.1#ospf 1 area 0.0.0.0 authentication-mode md5 1 plain HuaWei#R4router id 10.1.4.4#ospf 1 area 0.0.0.0 authentication-mode md5 1 plain HuaWei#R5router id 10.1.5.5#ospf 1 area 0.0.0.0 authentication-mode md5 1 plain HuaWei#R3router id 10.1.3.3#ospf 1 area 0.0.0.0 ### vlink on R3, vlink belongs to area0, so we have to open the area0 authentication authentication-mode md5 1 plain HuaWei

#

2.7 Interoperability Between RIP and OSPF (2p) RIP and OSPF running on R6 need to be introduced to each other On R6, OSPF learns the routes learned from RIP optimally. In Area0, you can see that all routes

imported by R6 cost 100 and the tag is 100

R6rip 1 import ospf 1 cost 5#ospf 1 import rip 1 cost 100 tag 100 asbr-summary 171.10.0.0 255.255.252.0 tag 100 cost 100 #ip route-static 171.10.0.0 255.255.252.0 NULL 0

#Note: Huawei does not automatically generate summary routes to null0. It is a good idea to manually refer to the summary of nullo0 and RIP is the same.

2.8 RIP Route Summary (1p)

R6 sends a summary route of 10.y.0.0 / 16 to BB2

R6

#

rip 1

import ospf 1 cost 5

#

interface S3/0/0 ###此处的 S3/0/0接口是连接 BB2的接口

rip summary-address 10.1.0.0 255.255.0.0 avoid-feedback

#

ip route-static 10.1.0.0 255.255.0.0 NULL 0

#

2.9 OSPF Area 34（2p）

Area 34 does not accept any external routes imported by other OSPF areas. SW1 only imports the IP network segment in which Vlan10 resides to OSPF. The default type is tag 100.

Area 34 is the NSSA area

R4

router id 10.1.4.4

#

ospf 1

peer 10.1.145.1

area 0.0.0.0

network 10.1.145.4 0.0.0.0

network 10.1.4.4 0.0.0.0

area 0.0.0.34

network 10.1.34.4 0.0.0.0


#

R3

router id 10.1.3.3

#

ospf 1

area 0.0.0.0


area 0.0.0.34

network 10.1.34.3 0.0.0.0

network 10.1.30.3 0.0.0.0

area 0.0.0.35

network 10.1.3.3 0.0.0.0

network 10.1.35.3 0.0.0.0

area 0.0.0.34

network 10.1.34.3 0.0.0.0

network 10.1.30.3 0.0.0.0

nssa

#

SW1

router id 10.1.11.11

#

ospf 1


area 0.0.0.34

network 10.1.30.11 0.0.0.0

nssa

#



apply tag 100

2.10 Basic ISIS（4p） R1 and R2, the mutual interface between R2 and R4, and the Loopback interface of R2 run the ISIS

protocol.R1 and R2 belong to area 49.0012 and R4 belongs to 49.0004, both of which are Level-2 type routers whose System-id are 0000.0000.000X X is the router number.

ISIS process number is Y. ISIS routers only establish the neighbor relationship through reliable technology, and DIS is not

allowed between R2 and R4. G0 / 0/0 of R2 does not run ISIS but the network segment where the interface resides can be accessed by the ISIS area.

R1

isis 1

is-level level-2

cost-style wide

network-entity 49.0012.0000.0000.0001.00

interface Serial0/0/2 ### Connection R2 interface

isis enable 1

R2

isis 1

is-level level-2

cost-style wide

network-entity 49.0012.0000.0000.0002.00

import direct route-policy match-bb3

#

interface Serial0/0/2 ### interface to connect R1

isis enable 1

#

interface GigabitEthernet0/0/0 ### BB3 interface

#

interface GigabitEthernet0/0/1 ### Interface to R4

isis enable 1



#

interface LoopBack0

isis enable 1

#

route-policy match-bb3 permit node 10


R4

isis 1

is-level level-2

cost-style wide

network-entity 49.0004.0000.0000.0004.00

#

interface GigabitEthernet0/0/1 ### Interface to R2

isis enable 1



2.11 Interoperation Between OSPF and ISIS (4p) OSPF and ISIS are respectively introduced on R1 and R4. The type of the route imported by IS-IS

to OSPF is 2, but all network routes can be seen on the entire network. R1 and R4 need to go through the optimal path for accessing external routes and the configuration requires the best Scalability.

R2 and R5 ‘s loopback 0 should be balanced shared;

Note:1.isis tag distance anti-ospf external routing suboptimal path2. Inject directly into the cost of change, to the second best path rejected host routing 32, Huawei equipment to generate their own3. Control isis area to ospf area 34 path to walk the recent

On IS-IS, another route-policy is used to adjust the sub-optimal path from ISIS to OSPF intra-area routes.Prevent loops by filtering;

R1#isis 1 import-route direct route-policy direct import-route ospf 1 cost 20 tag 1000 preference route-policy pre#ospf 1 import-route direct cost 0 import-route isis 1 cost 20#route-policy pre permit node 10 if-match tag 4000 apply preference 160#route-policy direct deny node 10 if-match ip-prefix 145route-policy direct permit node 20#ip ip-prefix 145 index 10 permit 10.1.145.0 24 greater-equal 32 less-equal 32#R4#isis 1 import-route direct route-policy direct import-route ospf 1 route-policy a34 preference route-policy pre#ospf 1 import-route direct cost 0 route-policy deny40ospf

import-route isis 1 cost 20#route-policy pre permit node 10 if-match tag 1000apply preference 160#route-policy direct deny node 10 if-match ip-prefix 40&145route-policy direct permit node 20#route-policy a34 permit node 10 if-match ip-prefix a34 apply cost 0 apply tag 4000route-policy a34 permit node 20 apply cost 20apply tag 4000#route-policy deny40ospf deny node 10 if-match ip-prefix deny40toospf#route-policy deny40ospf permit node 20#ip ip-prefix 40&145 index 10 permit 10.1.145.0 24 greater-equal 32 less-equal 32ip ip-prefix 40&145 index 20 permit 10.1.40.0 24#ip ip-prefix deny40toospf index 20 permit 10.1.40.0 24 #ip ip-prefix a34 index 10 permit 10.1.30.0 24ip ip-prefix a34 index 20 permit 10.1.10.0 24#

—> sub-optimal path (OSPF internal, as well as external);—-> Use tag to prevent loop;

3.1 IBGP （2p） R1 and SW3 belong to AS 10, R2 belong to AS20, R3, R4 and R5 belong to AS345, R6 belong to

AS60, R1 and SW3 establish a BGP neighbor relationship through the directly connected interface. Router in AS345 establishes stable and reliable BGP neighbor relationship, R4 and R5 do not

establish neighbor relationship;

IBGP session between R1 and SW3

R1：#bgp 10 peer 10.1.15.13 as-number 10# ipv4-family unicast undo synchronization peer 10.1.15.13 enable#

SW3：#bgp 10 peer 10.1.15.1 as-number 10#

ipv4-family unicast undo synchronization peer 10.1.15.1 enable#

R3 and R4 and R5 iBGP session

R4：#bgp 345 peer 10.1.3.3 as-number 345 peer 10.1.3.3 connect-interface LoopBack0 # ipv4-family unicast undo synchronization peer 10.1.3.3 enable#R3：#bgp 345 peer 10.1.4.4 as-number 345 peer 10.1.4.4 connect-interface LoopBack0 peer 10.1.5.5 as-number 345 peer 10.1.5.5 connect-interface LoopBack0# ipv4-family unicast undo synchronization peer 10.1.4.4 enable peer 10.1.5.5 enable peer 10.1.4.4 reflect-client peer 10.1.5.5 reflect-client#R5：#bgp 345 peer 10.1.3.3 as-number 345 peer 10.1.3.3 connect-interface LoopBack0# ipv4-family unicast undo synchronization peer 10.1.3.3 enable##

There are no iBGP sessions on R2 and R6

3.2 EBGP （2p） EBGP through the direct connection to establish a neighbor relationship; BB1 and BB2 are in AS254. R1 and R2 establish EBGP neighbors. R2 and R4 establish EBGP

neighbors. R5 and R6 establish EBGP neighbors.

R1 and BB1 establish EBGP neighbors. The EBGP neighbor address is 157.68.1.254. BB1 neighbors consider R1 as AS100. R6 and BB2 establish EBGP neighbors. The BB2 interface address is 157.68.2.254.

eBGP session：R1 and R2R1 and BB1R2 and R4Between R5 and R6R6 and BB2R2 and BB3

R1：

#

bgp 10



peer 157.68.1.254 as-number 254

peer 157.68.1.254 fake-as 100 ### BB1和 AS100建立 BGP

#

ipv4-family unicast





#

R2：

#

bgp 20



#

ipv4-family unicast




#

R4：

#

bgp 345




#

ipv4-family unicast




#

R5：

#

bgp 345




#

ipv4-family unicast




#

R6：

#

bgp 60


peer 157.68.2.254 as-number 254

#

ipv4-family unicast




#

3.3 EBGP Routing (4p)

R6 sends the EBGP route learned by BB2 to R5, and R5 summarizes the route with community-number 1: 254 as an optimal summary route and inherits the community attribute of the detailed route

This summary route can not be advertised as AS345. You can not use route filtering.

R6

#

bgp 60


peer 157.68.2.254 as-number 254

#

ipv4-family unicast





#

R5：

#

bgp 345




#

ipv4-family unicast


aggregate 60.0.0.0 255.255.252.0 as-set attribute-policy att




#


apply community no-export-subconfed additive

#

R3：

#

bgp 345





#

ipv4-family unicast







#

R4：

#

bgp 345




#

ipv4-family unicast




## There is no community value left AS345, so R4 to R2 direction did not increase advertise-community

R2

#

bgp 20



#

ipv4-family unicast




#

R1

#

bgp 10



peer 157.68.1.254 as-number 254

peer 157.68.1.254 fake-as 100 ### BB1 and AS100 establish BGP

#

ipv4-family unicast





#

3.4 BGP Notification (3p) R4 on the interface G0 / 0/1, address 10. Y. 40.0 / 24, informed into the BGP R1 need to be summarized as a 10.Y.0.0 / 16 BGP routes, detailed routing is not announced, R2

can not see this summary of the route, you can not use the route summary filtering

R4

#

bgp 345

network 10.1.40.0 24

#

R1

#

bgp 10



peer 157.68.1.254 as-number 254

#

ipv4-family unicast






#

3.5 BGP Control （4p） AS 10, AS20, AS345, and AS60 preferentially route from BB2. If BB2 is unreachable, it needs to

reach through BB1 and can only be configured on R1 R4 G0/0/1 address needs to be BB1 and BB2 normal access to R4’s G0 / 0/1 interface is a

10.1.40.0 network that is not advertised in OSPF The title also said that if the BB2 is broken, can be accessed through the BB1. BB1 access BB1

40.0 visit is no problem, but there is a routing table and the actual data flow inconsistencies. Communicate with the examiner, he said that the best way to use R4 in the next revision of routing changes back to the data flow routing BGP to achieve the same routing table and the actual data flow.Bringing 40.0 out of R4 into bgp guarantees that he will be able to access bb1 and BB2 normally

Here from 1, 2, 4 to the bb2 where there is a target network segment data loop, R5 routing here next hop set to 35.5, you can break the loop.Note that this place is useless on R5R3 is the reflector can not change the next hop, only in the R4 inbound direction to do the next hop

R1：

#

bgp 10



peer 157.68.1.254 as-number 254

peer 157.68.1.254 fake-as 100

#

ipv4-family unicast






peer 157.68.1.254 route-policy as-path import ###对从 BB1进来的 BGP路由延长 AS-path.

#



#

R4

#

bgp 345

network 10.1.40.0 24




#

ipv4-family unicast




peer 10.1.3.3 route-policy set-inbound-next-hop import ###R4访问 BB2

peer 10.1.3.3 route-policy set-outbound-next-hop export ###R5访问 BB1

#

route-policy set-inbound-next-hop permit node 10


#

route-policy set-outbound-next-hop permit node 10


#

3.6 BGP BFD（1p） IBGP connections are established between R1 and SW3 over Ethernet segments. If there is a

problem with the intermediate network, IBGP needs to be detected within 1s and can take effect immediately.

R1:#bfdbgp 10 peer 10.1.12.2 as-number 20 peer 10.1.15.13 as-number 10

peer 10.1.15.13 bfd min-tx-interval 300 min-rx-interval 300 peer 10.1.15.13 bfd enable peer 157.68.1.254 as-number 254 peer 157.68.1.254 fake-as 100 peer 10.1.15.13 bfd min-tx-interval 300 min-rx-interval 300 peer 10.1.15.13 bfd enable # ipv4-family unicast undo synchronization aggregate 10.1.0.0 255.255.0.0 as-set detail-suppressed peer 10.1.12.2 enable peer 10.1.15.13 enable peer 157.68.1.254 enable peer 157.68.1.254 route-policy as-path import#SW3:# bfdbgp 10 peer 10.1.15.1 as-number 10 peer 10.1.15.1 bfd min-tx-interval 300 min-rx-interval 300 peer 10.1.15.1 bfd enable# ipv4-family unicast undo synchronization peer 10.1.15.1 enable#

<R1>display bgp bfd session all Local_Address Peer_Address LD/RD Interface 10.1.15.1 10.1.15.13 8193/8193 Unknown Tx-interval(ms) Rx-interval(ms) Multiplier Session-State 300 300 3 Up Wtr-interval(m) 0 <SW3>display bgp bfd session all Local_Address Peer_Address LD/RD Interface 10.1.15.13 10.1.15.1 8193/8193 Unknown Tx-interval(ms) Rx-interval(ms) Multiplier Session-State 300 300 3 Up Wtr-interval(m)

0 4.1 PIM（2p） R1, R2, R3, R4 and R5 need to enable multicast and PIM-SM mode is used to establish neighbor

relationships between neighboring devices

R1#multicast routing-enable#interface Serial0/0/0 pim sm#interface Serial0/0/2 pim sm#interface GigabitEthernet0/0/1 pim sm

R2#multicast routing-enable#interface Serial0/0/2 pim sm#interface GigabitEthernet0/0/1 pim sm#interface LoopBack0 pim sm#

R3#multicast routing-enable#interface Serial0/0/2 pim sm#interface GigabitEthernet0/0/0 pim sm#interface LoopBack0 pim sm#

R4#multicast routing-enable#interface Serial0/0/0 pim sm#interface Serial0/0/2 pim sm#interface GigabitEthernet0/0/1 pim sm#interface LoopBack0 pim sm#

R5#multicast routing-enable#interface Serial0/0/0 pim sm#interface GigabitEthernet0/0/0 pim sm#interface GigabitEthernet0/0/1 pim sm#

4.2 RP（4p）

2 Use the loopback interface address, allowing the C-RP of the multicast address of 236.0.0.0-239.255.255.255.

R3 uses the loopback interface address, allowing C-RPs for the multicast address of 232.0.0.0-239.255.255.255.

R4 uses the loopback port address as the C-BSR address, so routers can learn RPs.

R2multicast routing-enable#acl number 2000 rule 10 permit source 236.0.0.0 3.255.255.255#pim c-rp LoopBack0 group-policy 2000

R3multicast routing-enable#acl number 2000 rule 10 permit source 232.0.0.0 7.255.255.255#pim c-rp LoopBack0 group-policy 2000

R4multicast routing-enable#pim c-bsr LoopBack0

R5multicast routing-enable#ip rpf-route-static 10.1.4.4 32 10.1.145.1

Use display pim rp-info to observe the rp and group mappings on each router

<R2>dis pim rp-info VPN-Instance: public net PIM-SM BSR RP Number:2 Group/MaskLen: 232.0.0.0/5 RP: 10.1.3.3 Priority: 0 Uptime: 00:12:21 Expires: 00:02:09 Group/MaskLen: 236.0.0.0/6 RP: 10.1.2.2 (local) Priority: 0 Uptime: 04:43:05 Expires: 00:02:09#<R3>dis pim rp-info VPN-Instance: public net PIM-SM BSR RP Number:2 Group/MaskLen: 232.0.0.0/5 RP: 10.1.3.3 (local) Priority: 0 Uptime: 00:12:27 Expires: 00:02:03 Group/MaskLen: 236.0.0.0/6 RP: 10.1.2.2 Priority: 0

Uptime: 00:12:32 Expires: 00:02:03<R3>#<R4>dis pim bsr-info VPN-Instance: public net Elected AdminScoped BSR Count: 0 Elected BSR Address: 10.1.4.4 Priority: 0 Hash mask length: 30 State: Elected Scope: Not scoped Uptime: 04:45:20 Next BSR message scheduled at: 00:00:27 C-RP Count: 2 Candidate AdminScoped BSR Count: 0 Candidate BSR Address: 10.1.4.4 Priority: 0 Hash mask length: 30 State: Elected Scope: Not scoped Wait to be BSR: 0<R4>

4.3 Multicast Routing (3p) G0 / 0/0 of R5 is statically added to 238.10.10.10. R5 always uses RP as the multicast source, and

you can see the multicast route of this address on R2. A multicast source is on the Vlan 15 network segment, and R1 is responsible for registering

multicast sources with the RP on this network segment.

R1multicast routing-enable#interface GigabitEthernet0/0/1 pim hello-option dr-priority 50000 ### 强制 R1当做 DR. pim sm#

R5multicast routing-enable#interface Serial0/0/0 pim sm#interface GigabitEthernet0/0/0 pim sm igmp static-group 238.10.10.10#interface GigabitEthernet0/0/1 pim sm#pim spt-switch-threshold infinity#ip rpf-route-static 10.1.2.2 32 10.1.145.1 ### Used to rpf check R5 rpt tree

ip rpf-route-static 10.1.4.4 32 10.1.145.1 ### is used to make an rpf check on the rp-info content advertised by the BSR

使用 display pim routing-table 去观察组播路由表<R5>display pim routing-table VPN-Instance: public net Total 1 (*, G) entry; 0 (S, G) entry (*, 238.10.10.10) RP: 10.1.2.2 Protocol: pim-sm, Flag: WC UpTime: 05:26:13 Upstream interface: Serial0/0/0 Upstream neighbor: 10.1.145.1 RPF prime neighbor: 10.1.145.1 Downstream interface(s) information: None<R5>

4.4 IGMP Snooping（1p） The Vlan24 on SW2 monitors and records IGMP messages, forwards the multicast messages to the

required interfaces correctly, and avoids flooding multicast traffic and occupying unnecessary network bandwidth and resources.

SW2#igmp-snooping enable#vlan 24 igmp-snooping enable#

5.1 QOS Flow Classification (2p) G0 / 0/0 of R4 trusts the packet priority, and changes the received DSCP mapping value of DSCP

value 27 to 7. Change the DSCP value of UDP packets with the physical port number of 6000 to 10 and the

source IP address to 10 in the inbound direction of G0 / 0/10 of SW2 to 20. Change the DSCP value of TCP packets of Y. 24.0/24 to 20 .

interface g0/0/1 trust dscp override ### On the AR2200, if priority mapping needs to be performed according to the priority carried in the packet, you must configure the priority of the packet on the inbound interface of the packet and specify the override attribute. Otherwise, the priority of the packet will not be changedquit

qos map-table dscp-dscp input 27 output 7 # If the bridge does not go here, enter the dscp followed by knock input output# Here in the boss simulator can not knock on, please practice with 5.12 and 5.13

SW1 #acl number 3000 rule 10 permit udp destination-port eq 6000#acl number 3001 rule 10 permit tcp source 10.1.24.0 0.0.0.255#traffic classifier 10 operator and if-match acl 3000traffic classifier 20 operator and if-match acl 3001#traffic behavior 10 remark dscp af11traffic behavior 20 remark dscp af22#traffic policy mark classifier 10 behavior 10classifier 20 behavior 20#int g0/0/23 traffic-policy mark inbound#

display qos map-table ### View Priority Mappingdisplay traffic policy statistics ### Based on traffic policy information

5.2 Traffic Regulation and Shaping (2p) Set the flow rate of G0 / 0/2 inbound interface of SW2 to 20M, and perform traffic shaping on the

outbound interface of G0 / 0/4. The speed limit bandwidth is 18M.

SW2 #int g0/0/2 qos lr inbound cir 20000#int g0/0/4 qos lr outbound cir 18000#display qos lr ### View the rate limit of an interfacedisplay qos config int xxx ### View all the QoS configuration information on the interface

5.3 CBQ（4p）

There are three kinds of traffic on the G0 / 0/0 interface of R2, namely voice EF, important data AF11 and other data streams.

The optimal voice stream transmission can not exceed 30% of the interface available bandwidth at the same time.

To ensure the important data stream has 40% Of the available bandwidth. other traffic into the default queue.

When WRED is used for important data flows, packets are discarded when the queue length exceeds 20% with the default queue length being 30%. When the queue length exceeds 95%, all packets are discarded.R1 #traffic classifier efif-match dscp ef#traffic classifier af if-match dscp af11#traffic behavior ef queue ef bandwidth pct 30#traffic behavior af queue af bandwidth pct 40 drop-profile wred#drop-profile wred wred dscp dscp af11 low-limit 20 high-limit 95 discard-percentage 30#traffic policy llq classifier ef behavior ef classifier af behavior af#int G0/0/0 traffic-policy llq outbound#

6.1 TCP and UDP Attack Prevention (3p)BB1 belongs to the external area. There exist TCP attack packets with fixed port numbers of 135 and 139 in the area, and UDP packets with the fixed port number of 445 may enter the internal network through R1. To prevent this attack, you are not allowed to create a secure area.

R1：#acl 3000 rule 10 permit udp destination-port eq 445 rule 20 permit tcp destination-port eq 135 rule 30 permit tcp destination-port eq 139

#traffic classifier att if-match acl 3000#traffic behavior drop deny#traffic policy filter classifier att behavior drop#int s2/0/0 traffic-policy filter inbound#

6.2 Storm Control (2p)The G0 / 0/2 interface of SW2 receives a large number of multicast packets and needs to be controlled. When the multicast packet rate exceeds 2000pps, the interface is blocked and the logs are blocked. When the rate is less than 1000pps, the interface forwarding function is restored and the interval For 1 minute.

SW2#interface g0/0/2 storm-control interval 60 storm-control action block storm-control enable log storm-control multicast min-rate 1000 max-rate 2000#

6.3 Access Control (3p)The G0/0/23 interface of SW2 accesses the intranet, and the IP network segment is 10.Y.10.0 / 24. It is required that the IP host of the intranet except the working day after 23:00 and before 7:00. Y.10.100 host can access the network, other hosts can not access the network, there are no restrictions on other time periods, using minimal command to achieve.

Note:This week’s week 6 and Sunday did not say, do not know if you want to count to “other time unlimited” inWeeks 6 and 6 put “unlimited other times” and use the flow strategy to score pointsPay attention to the Huawei device, the flow policy acl deny data packets directly refused permit data packets look behavior action

on sw2#time-range work 7:00 to 23:00 working-day#acl 3000 ru 5 per ip time-range work

ru 10 per ip sou 10.1.10.100 0

#Global:Traffic-filter vlan 24 inbound acl 3000Here with adapter on the interface g0/0/23 with: traffic-filter inbound acl 3000#

7.1 Info-center（3p） Use Channel 7 on R1 to output the log message above Warning for AAA module. Use channel 9 on R2 to output the trap information of the IP module Waring to the SNMP server.

The SNMP server uses the V2C version and the SNMP server address is 10.Y.10.20. All other names use HUAWEI.

R1system-view#info-center enableinfo-center source aaa channel 7 log level warning info-center console channel 7 #

R2#info-center enableinfo-center source ip channel 9 trap level warninginfo-center snmp channel 9#snmp-agentsnmp-agent sys-info version v2csnmp-agent trap enablesnmp-agent community read HUAWEIsnmp-agent target-host trap-paramsname HUAWEI v2c securityname HUAWEI //这里 2条命令老版模拟器敲不上snmp-agent target-host trap-hostname HUAWEI address 10.100.100.100 trap-paramsname HUAWEI#

7.2 NetStream（2p）It is output in version 9 format according to the format of G0 / 0/0 incoming direction of R3. Based on the destination IP address aggregation statistics and the fixed packet sampling mode, the sampling interval is 200 and the network source address sent by R3 is 10.Y. 3.3, the destination address is 10.100.100.100 and the destination port is 6000.

R3#ip netstream aggregation destination-prefix ip netstream export source 10.1.3.3 ip netstream export host 10.100.100.100 6000 enable export version 9#int g0/0/0

ip netstream sampler fix-packets 200 inbound ip netstream inbound

#

7.3 SSH（3p） On VTY1 of R1, only SSH login is allowed. The username and password are both hwssh. SSH is

not compatible with version 2.0 or later. If necessary, it takes 2 hours to update.

R1#rsa local-key-pair createThe key name will be: Huawei_HostThe range of public key size is (512 ~ 2048).NOTES: If the key modulus is greater than 512,it will take a few minutes.Input the bits in the modulus[default = 512]: 1024Generating keys..........++++++++++++..........++++++++++++...................................++++++++......++++++++在服务器端配置 VTY用户界面#user-interface vty 1 authentication-mode aaaprotocol inbound sshaa local-user huawei password cipher huawei local-user huawei privilege level 3 local-user huawei service-type ssh#ssh user huawei authentication-type password# Set the authentication mode of SSH user to password# Enable the STelnet server function and change the key generation time and version stelnet server enable (examination did not order this, with protocol inbound ssh opened, if there is knock)stelnet server enable undo ssh server compatible-ssh1x enablessh server rekey-interval 20#

8.1 VRRP（2p） VRRP is implemented on R1 and R5 in the network segment of vlan 15. The vrid is 125 and the

virtual ip is 10.1.15.254. R1 is the master and R5 is the backup. Vrrp between R1 and R5 needs MD5 authentication and the authentication password is HWvrrp. When R1’s S2 / 0/0 and S3 / 0/0 are both down, R5 becomes the master, and when any of these two interfaces of R1 resumes normal, R1 becomes 20s as the master.

R1#interface GigabitEthernet0/0/1 ip address 10.1.15.1 255.255.255.0 vrrp vrid 125 virtual-ip 10.1.15.254 vrrp vrid 125 priority 150 vrrp vrid 125 preempt-mode timer delay 30 vrrp vrid 125 track interface Serial0/0/2 reduced 30 vrrp vrid 125 track interface Serial0/0/3 reduced 30

vrrp vrid 125 authentication-mode md5 HWvrrp#R5#interface GigabitEthernet0/0/1 ip address 10.1.15.5 255.255.255.0 vrrp vrid 125 virtual-ip 10.1.15.254 vrrp vrid 125 authentication-mode md5 HWvrrp#

8.2 DHCP（4p） Vlan 24 users obtain the IP address, gateway and DNS information through DHCP, R4 is the DHCP

server, and the address pool is 10.Y.24.0 / 24,10.Y.24.1 ~ 10.Y.21.20 The address needs to be reserved and the gateway is 10. Y.24.254, DNS is 10.Y.30.20, Lease is 2 days, and address pool name is pool_24.

You need to enable the security function on the Vlan24 of SW2 to prevent the unauthorized DHCP server from accessing the network.

Note:Interface to add a dhcp select globalDhcp snoopingRequired to enable dhcp snooping feature on SW2 go to 4 of the mouth to trustTo enable dhcpInterface should also enableThen to 4 mouth trusted

R4#dhcp enableip pool 24 gateway-list 10.1.24.4 network 10.1.24.0 mask 255.255.255.0 excluded-ip-address 10.1.24.1 10.1.24.10 lease day 2 hour 0 minute 0 dns-list 10.1.100.2#int g0/0/1 dhcp select global

SW2#dhcp enable#dhcp snooping enable#vlan 24 dhcp snooping enable#int g0/0/2 dhcp snooping enable#int g0/0/4 dhcp snooping enable dhcp snooping trusted

8.3 NTP（2p） R1 has an accurate clock, Stratum is 3. NTP information is broadcast only to VLAN 15, and R5 and

SW3 get the clock information from it. The authentication mode is MD5 and the password is HWNTP.

R1#ntp-service refclock-master 3ntp-service authentication enablentp-service authentication-keyid 1 authentication-mode md5 huaweintp-service reliable authentication-keyid 1#interface g0/0/1 ntp-service broadcast-server authentication-keyid 1#

SW3#ntp-service authentication enablentp-service authentication-keyid 1 authentication-mode md5 huaweintp-service reliable authentication-keyid 1#interface vlanif 15 ntp-service broadcast-client#

R5#ntp-service authentication enablentp-service authentication-keyid 1 authentication-mode md5 huaweintp-service reliable authentication-keyid 1#interface g0/0/1 ntp-service broadcast-client

ccnpbr.com.brccnpbr.com.br/wp-content/uploads/2017/12/exam.docx · web viewimport-route direct...

Documents