experimental topology
configuration parameters
Task 1: Device Naming
To facilitate later maintenance, fault location, and network standardization, standardized naming of network devices is required.
Please name the devices according to the topology of the lab exam in Figure 3-1.
The naming rules are: city-device installation location-device function attribute and serial number-device model.
For example: The core layer router in the Hangzhou campus is named: HZ-HZXiaoYuan-Core01-AR6140.
Please pay attention to uppercase and lowercase, and make sure it is consistent with the topology of the experimental exam in Figure3-1.
HZ-HZXiaoYuan-Agg01-S5731
<Huawei>undo t m
<Huawei>sy
[Huawei]sy HZ-HZXiaoYuan-Agg01-S5731
[HZ-HZXiaoYuan-Agg01-S5731]
HZ-HZXiaoYuan-Agg02-S5731
<Huawei>undo tm
<Huawei>mother
[Huawei]mother HZ-HZXiaoYuan-Agg02-
S5
HZ-HZXiaoYuan-Acc02-S5731
<Huawei>undo t m
<Huawei>sy
[Huawei]sy HZ-HZXiaoYuan-Acc02-S5731
[HZ-HZXiaoYuan-Acc02-S5731]
HZ-HZXiaoYuan-Acc01-S5731
<Huawei>undo t m
<Huawei>sy
[Huawei]sy HZ-HZXiaoYuan-Acc01-S5731
[HZ-HZXiaoYuan-Acc01-S5731]
HZ-HZXiaoYuan-Core01-AR6140
<Huawei>undo t m
<Huawei>sy
[Huawei]sy HZ-HZXiaoYuan-Core01-AR6140
[HZ-HZXiaoYuan-Core01-AR6140]
HZ-HZXiaoYuan-Core02-AR6140
<Huawei>undo t m
<Huawei>sy
[Huawei]sy HZ-HZXiaoYuan-Core02-AR6140
[HZ-HZXiaoYuan-Core02-AR6140]
HZ-HZXiaoYuan-Edge01-AR6140
<Huawei>undo t m
<Huawei>sy
[Huawei]sy HZ-HZXiaoYuan-Edge01-AR6140
[HZ-HZXiaoYuan-Edge01-AR6140]
SH-SHXiaoYuan-Edge01-AR6140
<Huawei>undo t m
<Huawei>sy
[Huawei]sy SH-SHXiaoYuan-Edge01-AR6140
[SH-SHXiaoYuan-Edge01-AR6140]
HZ-HZEDU-Edge01-AR6140
<Huawei>undo t m
<Huawei>sy
[Huawei]sy HZ-HZEDU-Edge01-AR6140
[HZ-HZEDU-Edge01-AR6140]
Task 2: Link Aggregation
The user density in the campus network is extremely high, and a large amount of network traffic will be generated during the peak hours when students surf the Internet. In order to ensure the stability of the links at the aggregation layer, the bandwidth is maximized without upgrading hardware devices. Configure link aggregation between Agg01 and Agg02. Please implement Layer 2 link aggregation manually. The member interfaces are GE0/0/21, GE0/0/22, and GEO/0/23, and the aggregation group ID is 1.
HZ-HZXiaoYuan-Agg01-S5731
[HZ-HZXiaoYuan-Agg01-S5731]int Eth-Trunk 1
[HZ-HZXiaoYuan-Agg01-S5731-Eth-Trunk1]t
[HZ-HZXiaoYuan-Agg01-S5731-Eth-Trunk1]trunkport g0/0/21
[HZ-HZXiaoYuan-Agg01-S5731-Eth-Trunk1]trunkport g0/0/22
[HZ-HZXiaoYuan-Agg01-S5731-Eth-Trunk1]trunkport g0/0/23
HZ-HZXiaoYuan-Agg02-S5731
[HZ-HZXiaoYuan-Agg02-S5731]int Eth-Trunk 1
[HZ-HZXiaoYuan-Agg02-S5731-Eth-Trunk1]t
[HZ-HZXiaoYuan-Agg02-S5731-Eth-Trunk1]trunkport g0/0/21
[HZ-HZXiaoYuan-Agg02-S5731-Eth-Trunk1]trunkport g0/0/22
[HZ-HZXiaoYuan-Agg02-S5731-Eth-Trunk1]trunkport g0/0/23
[HZ-HZXiaoYuan-Agg02-S5731-Eth-Trunk1]
Task 3: VLANs
In order to ensure the stability and security of the network and avoid problems that may be caused by an oversized Layer 2 network, VLANs are planned and deployed in this network.
Please configure the required VLAN on the corresponding switch according to Figure 3-1 lab test topology and Table 3-1 VLAN information.
Note: In order to ensure the connectivity of the network, the switch only allows the VLAN specified in the title to pass through.
[HZ-HZXiaoYuan-Agg01-S5731]
[HZ-HZXiaoYuan-Agg01-S5731]v b 1 10 20 100
[HZ-HZXiaoYuan-Agg01-S5731]int g0/0/1
[HZ-HZXiaoYuan-Agg01-S5731-GigabitEthernet0/0/1]port link-type trunk
[HZ-HZXiaoYuan-Agg01-S5731-GigabitEthernet0/0/1]port trunk allow-pass vlan 10 20
[HZ-HZXiaoYuan-Agg01-S5731-GigabitEthernet0/0/1]int g0/0/3
[HZ-HZXiaoYuan-Agg01-S5731-GigabitEthernet0/0/3]port link-type trunk
[HZ-HZXiaoYuan-Agg01-S5731-GigabitEthernet0/0/3]port trunk allow-pass vlan 10 20
[HZ-HZXiaoYuan-Agg01-S5731-GigabitEthernet0/0/3]int g0/0/24
[HZ-HZXiaoYuan-Agg01-S5731-GigabitEthernet0/0/24]port link-type access
[HZ-HZXiaoYuan-Agg01-S5731-GigabitEthernet0/0/24]port default vlan 100
[HZ-HZXiaoYuan-Agg01-S5731-GigabitEthernet0/0/24]int et 1
[HZ-HZXiaoYuan-Agg01-S5731-Eth-Trunk1]port link-type trunk
[HZ-HZXiaoYuan-Agg01-S5731-Eth-Trunk1]po t a v 10 20
[HZ-HZXiaoYuan-Agg01-S5731-Eth-Trunk1]
HZ-HZXiaoYuan-Agg02-S5731
[HZ-HZXiaoYuan-Agg02-S5731]
[HZ-HZXiaoYuan-Agg02-S5731]v b 10 20 101
[HZ-HZXiaoYuan-Agg02-S5731]int g0/0/2
[HZ-HZXiaoYuan-Agg02-S5731-GigabitEthernet0/0/2]port link-t t
[HZ-HZXiaoYuan-Agg02-S5731-GigabitEthernet0/0/2]po t a v 10 20
[HZ-HZXiaoYuan-Agg02-S5731-GigabitEthernet0/0/2]int g0/0/4
[HZ-HZXiaoYuan-Agg02-S5731-GigabitEthernet0/0/4]po link-t t
[HZ-HZXiaoYuan-Agg02-S5731-GigabitEthernet0/0/4]po t a v 10 20
[HZ-HZXiaoYuan-Agg02-S5731-GigabitEthernet0/0/4]int g0/0/24
[HZ-HZXiaoYuan-Agg02-S5731-GigabitEthernet0/0/24]po link-t a
[HZ-HZXiaoYuan-Agg02-S5731-GigabitEthernet0/0/24]po de v 101
[HZ-HZXiaoYuan-Agg02-S5731-GigabitEthernet0/0/24]int et 1
[HZ-HZXiaoYuan-Agg02-S5731-Eth-Trunk1]po link-t t
[HZ-HZXiaoYuan-Agg02-S5731-Eth-Trunk1]po t a v 10 20
[HZ-HZXiaoYuan-Agg02-S5731-Eth-Trunk1]
[HZ-HZXiaoYuan-Acc01-S5731]v b 10 20
[HZ-HZXiaoYuan-Acc01-S5731]int g0/0/3
[HZ-HZXiaoYuan-Acc01-S5731-GigabitEthernet0/0/3]po link-t t
[HZ-HZXiaoYuan-Acc01-S5731-GigabitEthernet0/0/3]po t a v 10 20
[HZ-HZXiaoYuan-Acc01-S5731-GigabitEthernet0/0/3]int g0/0/4
[HZ-HZXiaoYuan-Acc01-S5731-GigabitEthernet0/0/4]po link-t t
[HZ-HZXiaoYuan-Acc01-S5731-GigabitEthernet0/0/4]po t a v 10 20
[HZ-HZXiaoYuan-Acc01-S5731-GigabitEthernet0/0/4]int g0/0/24
[HZ-HZXiaoYuan-Acc01-S5731-GigabitEthernet0/0/24]po link-t h
[HZ-HZXiaoYuan-Acc01-S5731-GigabitEthernet0/0/24]port hybrid pvid vlan 20
[HZ-HZXiaoYuan-Acc01-S5731-GigabitEthernet0/0/24]port hybrid untagged vlan 20
[HZ-HZXiaoYuan-Acc01-S5731-GigabitEthernet0/0/24]
[HZ-HZXiaoYuan-Acc02-S5731]v b 10 20
[HZ-HZXiaoYuan-Acc02-S5731]int g0/0/1
[HZ-HZXiaoYuan-Acc02-S5731-GigabitEthernet0/0/1]po link-t t
[HZ-HZXiaoYuan-Acc02-S5731-GigabitEthernet0/0/1]po t a v 10 20
[HZ-HZXiaoYuan-Acc02-S5731-GigabitEthernet0/0/1]int g0/0/2
[HZ-HZXiaoYuan-Acc02-S5731-GigabitEthernet0/0/2]po link-t t
[HZ-HZXiaoYuan-Acc02-S5731-GigabitEthernet0/0/2]po t a v 10 20
[HZ-HZXiaoYuan-Acc02-S5731-GigabitEthernet0/0/2]int g0/0/23
[HZ-HZXiaoYuan-Acc02-S5731-GigabitEthernet0/0/23]po link-t a
[HZ-HZXiaoYuan-Acc02-S5731-GigabitEthernet0/0/23]po de v 10
[HZ-HZXiaoYuan-Acc02-S5731-GigabitEthernet0/0/23]int g0/0/24
[HZ-HZXiaoYuan-Acc02-S5731-GigabitEthernet0/0/24]po link-t a
[HZ-HZXiaoYuan-Acc02-S5731-GigabitEthernet0/0/24]po de v 10
[HZ-HZXiaoYuan-Acc02-S5731-GigabitEthernet0/0/24]
Task 4: IP Addressing
Please configure the IP address of the corresponding network device interface according to the information given in Figure 3-1 lab test topology and Table 3-2 IP address planning.
[HZ-HZXiaoYuan-Edge01-AR6140]int g0/0/0
[HZ-HZXiaoYuan-Edge01-AR6140-GigabitEthernet0/0/0]ip ad 10.1.12.1 24
[HZ-HZXiaoYuan-Edge01-AR6140-GigabitEthernet0/0/0]int g0/0/1
[HZ-HZXiaoYuan-Edge01-AR6140-GigabitEthernet0/0/1]ip ad 10.1.13.1 24
[HZ-HZXiaoYuan-Edge01-AR6140-GigabitEthernet0/0/1]int g0/0/2
[HZ-HZXiaoYuan-Edge01-AR6140-GigabitEthernet0/0/2]ip ad 10.1.15.1 24
[HZ-HZXiaoYuan-Edge01-AR6140-GigabitEthernet0/0/2]int s 4/0/0
[HZ-HZXiaoYuan-Edge01-AR6140-Serial4/0/0]ip ad 10.2.15.1 24
[HZ-HZXiaoYuan-Edge01-AR6140-Serial4/0/0]int lo 0
[HZ-HZXiaoYuan-Edge01-AR6140-LoopBack0]ip ad 10.1.1.1 32
[HZ-HZXiaoYuan-Edge01-AR6140-LoopBack0]
[HZ-HZXiaoYuan-Core01-AR6140]int g0/0/0
[HZ-HZXiaoYuan-Core01-AR6140-GigabitEthernet0/0/0]ip ad 10.1.12.2 24
[HZ-HZXiaoYuan-Core01-AR6140-GigabitEthernet0/0/0]int g0/0/1
[HZ-HZXiaoYuan-Core01-AR6140-GigabitEthernet0/0/1]ip ad 10.1.26.2 24
[HZ-HZXiaoYuan-Core01-AR6140-GigabitEthernet0/0/1]int g0/0/2
[HZ-HZXiaoYuan-Core01-AR6140-GigabitEthernet0/0/2]ip ad 10.1.23.2 24
[HZ-HZXiaoYuan-Core01-AR6140-GigabitEthernet0/0/2]int lo 0
[HZ-HZXiaoYuan-Core01-AR6140-LoopBack0]ip ad 10.1.2.2 32
[HZ-HZXiaoYuan-Core01-AR6140-LoopBack0]
[HZ-HZXiaoYuan-Core02-AR6140]int g0/0/0
[HZ-HZXiaoYuan-Core02-AR6140-GigabitEthernet0/0/0]ip ad 10.1.37.3 24
[HZ-HZXiaoYuan-Core02-AR6140-GigabitEthernet0/0/0]int g0/0/1
[HZ-HZXiaoYuan-Core02-AR6140-GigabitEthernet0/0/1]ip ad 10.1.13.3 24
[HZ-HZXiaoYuan-Core02-AR6140-GigabitEthernet0/0/1]int g0/0/2
[HZ-HZXiaoYuan-Core02-AR6140-GigabitEthernet0/0/2]ip ad 10.1.23.3 24
[HZ-HZXiaoYuan-Core02-AR6140-GigabitEthernet0/0/2]int lo 0
[HZ-HZXiaoYuan-Core02-AR6140-LoopBack0]ip ad 10.1.3.3 32
[HZ-HZXiaoYuan-Core02-AR6140-LoopBack0]
[HZ-HZEDU-Edge01-AR6140]int g0/0/0
[HZ-HZEDU-Edge01-AR6140-GigabitEthernet0/0/0]ip ad 192.168.4.254 24
[HZ-HZEDU-Edge01-AR6140-GigabitEthernet0/0/0]int s 4/0/0
[HZ-HZEDU-Edge01-AR6140-Serial4/0/0]ip ad 10.2.14.4 24
[HZ-HZEDU-Edge01-AR6140-Serial4/0/0]int lo 0
[HZ-HZEDU-Edge01-AR6140-LoopBack0]ip ad 10.1.4.4 32
[HZ-HZEDU-Edge01-AR6140-LoopBack0]
[SH-SHXiaoYuan-Edge01-AR6140]int g0/0/0
[SH-SHXiaoYuan-Edge01-AR6140-GigabitEthernet0/0/0]ip ad 10.1.15.5 24
[SH-SHXiaoYuan-Edge01-AR6140-GigabitEthernet0/0/0]int g0/0/1
[SH-SHXiaoYuan-Edge01-AR6140-GigabitEthernet0/0/1]ip ad 192.168.5.254 24
[SH-SHXiaoYuan-Edge01-AR6140-GigabitEthernet0/0/1]int lo 0
[SH-SHXiaoYuan-Edge01-AR6140-LoopBack0]ip ad 10.1.5.5 32
[SH-SHXiaoYuan-Edge01-AR6140-LoopBack0]
[HZ-HZXiaoYuan-Agg01-S5731]int v 10
[HZ-HZXiaoYuan-Agg01-S5731-Vlanif10]ip ad 192.168.10.100 24
[HZ-HZXiaoYuan-Agg01-S5731-Vlanif10]int v 20
[HZ-HZXiaoYuan-Agg01-S5731-Vlanif20]ip ad 192.168.20.101 24
[HZ-HZXiaoYuan-Agg01-S5731-Vlanif20]int v100
[HZ-HZXiaoYuan-Agg01-S5731-Vlanif100]ip a 10.1.26.6 24
[HZ-HZXiaoYuan-Agg01-S5731-Vlanif100]int lo 0
[HZ-HZXiaoYuan-Agg01-S5731-LoopBack0]ip ad 10.1.6.6 32
[HZ-HZXiaoYuan-Agg01-S5731-LoopBack0]
[HZ-HZXiaoYuan-Agg02-S5731]int v 10
[HZ-HZXiaoYuan-Agg02-S5731-Vlanif10]ip ad 192.168.10.101 24
[HZ-HZXiaoYuan-Agg02-S5731-Vlanif10]int v 20
[HZ-HZXiaoYuan-Agg02-S5731-Vlanif20]ip ad 192.168.20.100 24
[HZ-HZXiaoYuan-Agg02-S5731-Vlanif20]int v 101
[HZ-HZXiaoYuan-Agg02-S5731-Vlanif101]ip ad 10.1.37.7 24
[HZ-HZXiaoYuan-Agg02-S5731-Vlanif101]int lo 0
[HZ-HZXiaoYuan-Agg02-S5731-LoopBack0]ip ad 10.1.7.7 32
[HZ-HZXiaoYuan-Agg02-S5731-LoopBack0]
Task 5: RSTP
In order to prevent loops in the Layer 2 network from causing problems such as broadcast storms. Configure the STP protocol between Acc01, Acc02, Agg01, and Agg02.
- The STP mode is RSTP. It is required to use the "stp root primary/secondary" command to make Agg01 the root bridge and Agg02 the backup root bridge.
- To ensure network connectivity, without changing the role of the switch, the two links Acc01-Agg01 and Acc02-Agg02 are blocked by modifying the cost value of the access layer switch interface, and the necessary interface cost value is changed to 200000.
- In order to ensure the stability of the network to the greatest extent, avoid network fluctuations caused by frequent host restarts. It is required that all switch ports connected to the PC do not participate in the STP calculation and directly enter the Forwarding state for forwarding.
[HZ-HZXiaoYuan-Agg01-S5731]stp mode rstp
[HZ-HZXiaoYuan-Agg01-S5731]stp root primary
[HZ-HZXiaoYuan-Agg02-S5731] stp mode rstp
[HZ-HZXiaoYuan-Agg02-S5731]stp root secondary
[HZ-HZXiaoYuan-Acc02-S5731]stp mode rstp
[HZ-HZXiaoYuan-Acc01-S5731] stp mode rstp
[HZ-HZXiaoYuan-Acc01-S5731-GigabitEthernet0/0/3] stp instance 0 cost 200000
[HZ-HZXiaoYuan-Acc02-S5731]int g0/0/24
[HZ-HZXiaoYuan-Acc02-S5731-GigabitEthernet0/0/24]stp edged-port enable
[HZ-HZXiaoYuan-Acc02-S5731-GigabitEthernet0/0/24]int g0/0/23
[HZ-HZXiaoYuan-Acc02-S5731-GigabitEthernet0/0/23]stp edged-port enable
[HZ-HZXiaoYuan-Acc01-S5731]int g0/0/24
[HZ-HZXiaoYuan-Acc01-S5731-GigabitEthernet0/0/24]stp edged-port enable
[HZ-HZXiaoYuan-Acc01-S5731-GigabitEthernet0/0/24]
Task 6: VRRP
The setting of a single gateway will cause a large number of users to be unable to access the Internet when physical equipment and links fail. In order to ensure the stability of the terminal access network in the dormitory buildings and teaching buildings in the campus network, redundant backup configuration is performed at the gateway of the campus network, and the VRRP protocol is deployed on Agg01 and Agg02 to meet the above requirements.
- VLAN 10 uses VRRP backup group 1, and the virtual IP address of VRRP backup group 1 is 192.168.10.254. VLAN 20 uses VRRP backup group 2, and the virtual IP address of VRRP backup group 2 is 192.168.20.254.
- VRRP backup group 1 uses Agg01 as the main gateway (with priority 120), and Agg02 as the backup gateway (with the default priority); VRRP backup group 2 uses Agg02 as the main gateway (with priority 120), and Agg01 as the backup gateway (with priority level is the default).
- Monitor the uplink interface in the two backup groups respectively. When the uplink interface fails, the priority of the main gateway is reduced by 30, and the switchover is completed actively.
[HZ-HZXiaoYuan-Agg01-S5731]int v 10
[HZ-HZXiaoYuan-Agg01-S5731-Vlanif10]vrrp vrid 1 virtual-ip 192.168.10.254
[HZ-HZXiaoYuan-Agg01-S5731-Vlanif10]int v 20
[HZ-HZXiaoYuan-Agg01-S5731-Vlanif20]vrrp vrid 2 virtual-ip 192.168.20.254
[HZ-HZXiaoYuan-Agg01-S5731-Vlanif20]int v10
[HZ-HZXiaoYuan-Agg01-S5731-Vlanif10]vrrp vrid 1 priority 120
[HZ-HZXiaoYuan-Agg01-S5731-Vlanif10]vrrp vrid 1 track int g0/0/24 reduced 30
[HZ-HZXiaoYuan-Agg02-S5731]int v 10
[HZ-HZXiaoYuan-Agg02-S5731-Vlanif10]vrrp vrid 1 virtual-ip 192.168.10.254
[HZ-HZXiaoYuan-Agg02-S5731-Vlanif10]int v 20
[HZ-HZXiaoYuan-Agg02-S5731-Vlanif20]vrrp vrid 2 virtual-ip 192.168.20.254
[HZ-HZXiaoYuan-Agg02-S5731-Vlanif20]vrrp vrid 2 priority 120
[HZ-HZXiaoYuan-Agg02-S5731-Vlanif20]vrrp vrid 2 track int g0/0/24 reduced 30
Task 7: OSPF
In order to meet the three-layer access between many devices in the campus network, avoid routing loops, and ensure the scalability of the campus network in the future, the dynamic routing protocol OSPF is selected as the IGP of the campus network.
- Agg01, Agg02, Core01, Core02, HZ-HZXiaoYuan-Edge01-AR6140 (except S4/0/0), SH-SHXiaoYuan-Edge01-AR6140 run OSPF, configure OSPF process ID as 1, all interfaces of SHXiaoYuan-Edge01 and The GE0/0/2 interface of HZXiaoYuan is in area 1, and the others are in the backbone area. Command for multi-area configuration: area 1 network xxxx xxxx
- When creating an OSPF process, manually set the Router ID to be consistent with the address of the loopback port. All network segments are required to use 32-bit precision declarations. For example: the command to declare the address 1.2.3.4/24 in 32 bits is Network 1.2.3.4 0.0.0.0.
- Revise
- To strengthen the defense against attacks, configure interface authentication on the interconnection interfaces of HZXiaoYuan-Edge01, Core01, and Core02, select the md5 encryption algorithm, set the authentication key ID to 1, key type to cipher, and password to huawei.
[HZ-HZXiaoYuan-Agg01-S5731]ospf 1 r 10.1.6.6
[HZ-HZXiaoYuan-Agg01-S5731-ospf-1]a 0
[HZ-HZXiaoYuan-Agg01-S5731-ospf-1-area-0.0.0.0] network 10.1.6.6 0.0.0.0
[HZ-HZXiaoYuan-Agg01-S5731-ospf-1-area-0.0.0.0]net 192.168.10.100 0.0.0.0
[HZ-HZXiaoYuan-Agg01-S5731-ospf-1-area-0.0.0.0]net 192.168.20.101 0.0.0.0
[HZ-HZXiaoYuan-Agg01-S5731-ospf-1-area-0.0.0.0]net 10.1.26.6 0.0.0.0
[HZ-HZXiaoYuan-Agg01-S5731-ospf-1-area-0.0.0.0]
[HZ-HZXiaoYuan-Agg02-S5731] ospf 1 router-id 10.1.7.7
[HZ-HZXiaoYuan-Agg02-S5731-ospf-1]a 0
[HZ-HZXiaoYuan-Agg02-S5731-ospf-1-area-0.0.0.0] network 10.1.7.7 0.0.0.0
[HZ-HZXiaoYuan-Agg02-S5731-ospf-1-area-0.0.0.0]net 192.168.10.101 0.0.0.0
[HZ-HZXiaoYuan-Agg02-S5731-ospf-1-area-0.0.0.0]net 192.168.20.100 0.0.0.0
[HZ-HZXiaoYuan-Agg02-S5731-ospf-1-area-0.0.0.0]net 10.1.37.7 0.0.0.0
[HZ-HZXiaoYuan-Core01-AR6140] ospf 1 router-id 10.1.2.2
[HZ-HZXiaoYuan-Core01-AR6140-ospf-1]a 0
[HZ-HZXiaoYuan-Core01-AR6140-ospf-1-area-0.0.0.0] network 10.1.2.2 0.0.0.0
[HZ-HZXiaoYuan-Core01-AR6140-ospf-1-area-0.0.0.0]net 10.1.12.2 0.0.0.0
[HZ-HZXiaoYuan-Core01-AR6140-ospf-1-area-0.0.0.0]net 10.1.26.2 0.0.0.0
[HZ-HZXiaoYuan-Core01-AR6140-ospf-1-area-0.0.0.0]net 10.1.23.2 0.0.0.0
[HZ-HZXiaoYuan-Core02-AR6140]ospf 1 r 10.1.3.3
[HZ-HZXiaoYuan-Core02-AR6140-ospf-1]a 0
[HZ-HZXiaoYuan-Core02-AR6140-ospf-1-area-0.0.0.0] network 10.1.3.3 0.0.0.0
[HZ-HZXiaoYuan-Core02-AR6140-ospf-1-area-0.0.0.0]net 10.1.37.3 0.0.0.0
[HZ-HZXiaoYuan-Core02-AR6140-ospf-1-area-0.0.0.0]net 10.1.13.3 0.0.0.0
[HZ-HZXiaoYuan-Core02-AR6140-ospf-1-area-0.0.0.0]net 10.1.23.3 0.0.0.0
[HZ-HZXiaoYuan-Core02-AR6140-ospf-1-area-0.0.0.0]
[HZ-HZXiaoYuan-Edge01-AR6140] ospf 1 router-id 10.1.1.1
[HZ-HZXiaoYuan-Edge01-AR6140-ospf-1]a 1
[HZ-HZXiaoYuan-Edge01-AR6140-ospf-1-area-0.0.0.1]net 10.1.15.1 0.0.0.0
[HZ-HZXiaoYuan-Edge01-AR6140-ospf-1-area-0.0.0.1]q
[HZ-HZXiaoYuan-Edge01-AR6140-ospf-1]a 0
[HZ-HZXiaoYuan-Edge01-AR6140-ospf-1-area-0.0.0.0] network 10.1.1.1 0.0.0.0
[HZ-HZXiaoYuan-Edge01-AR6140-ospf-1-area-0.0.0.0] network 10.1.12.1 0.0.0.0
[HZ-HZXiaoYuan-Edge01-AR6140-ospf-1-area-0.0.0.0]network 10.1.13.1 0.0.0.0
[SH-SHXiaoYuan-Edge01-AR6140] ospf 1 router-id 10.1.5.5
[SH-SHXiaoYuan-Edge01-AR6140-ospf-1]a 1
[SH-SHXiaoYuan-Edge01-AR6140-ospf-1-area-0.0.0.1] network 10.1.5.5 0.0.0.0
[SH-SHXiaoYuan-Edge01-AR6140-ospf-1-area-0.0.0.1]net 10.1.15.5 0.0.0.0
[SH-SHXiaoYuan-Edge01-AR6140-ospf-1-area-0.0.0.1]net 192.168.5.254 0.0.0.0
[HZ-HZXiaoYuan-Edge01-AR6140]int g0/0/0
[HZ-HZXiaoYuan-Edge01-AR6140-GigabitEthernet0/0/0]ospf dr-priority 255
[HZ-HZXiaoYuan-Edge01-AR6140]int g0/0/0
[HZ-HZXiaoYuan-Edge01-AR6140-GigabitEthernet0/0/0]ospf authentication-mode md5 1 cipher huawei
[HZ-HZXiaoYuan-Edge01-AR6140-GigabitEthernet0/0/0]int g0/0/1
[HZ-HZXiaoYuan-Edge01-AR6140-GigabitEthernet0/0/1]ospf authentication-mode md5 1 cipher huawei
[HZ-HZXiaoYuan-Core01-AR6140]int g0/0/0
[HZ-HZXiaoYuan-Core01-AR6140-GigabitEthernet0/0/0]ospf authentication-mode md5 1 cipher huawei
[HZ-HZXiaoYuan-Core01-AR6140-GigabitEthernet0/0/0]int g0/0/2
[HZ-HZXiaoYuan-Core01-AR6140-GigabitEthernet0/0/2]ospf authentication-mode md5 1 cipher huawei
[HZ-HZXiaoYuan-Core02-AR6140]int g0/0/2
[HZ-HZXiaoYuan-Core02-AR6140-GigabitEthernet0/0/2]ospf authentication-mode md5 1 cipher huawei
[HZ-HZXiaoYuan-Core02-AR6140-GigabitEthernet0/0/2]int g0/0/1
[HZ-HZXiaoYuan-Core02-AR6140-GigabitEthernet0/0/1]ospf authentication-mode md5 1 cipher huawei
Task 8: Export Design
1. To ensure the security of the network egress, the PPP link between HZXiaoYuan-Edge01 and HZEDU-Edge01 is authenticated by CHAP. HZEDU-Edge01 is the authenticator, the user name is huawei, and the password is Huawei123.
2. HZ-HZXiaoYuan-Edge01-AR6140 configures a detailed static route so that the PC in the campus network can access the network segment (192.168.4.0/24) where the terminal PC4 in the education network is located, and the next hop is S4 of HZ-HZEDU-Edge01-AR6140 /0/0 port. HZ-HZEDU-Edge01-AR6140 is configured with a default route to access the campus network, and the next hop is S4/0/0 of HZ-HZXiaoYuan-Edge01-AR6140.
[HZ-HZEDU-Edge01-AR6140]aaa
[HZ-HZEDU-Edge01-AR6140-aaa]local-user huawei password cipher Huawei123
[HZ-HZEDU-Edge01-AR6140-aaa]local-user huawei service-type ppp
[HZ-HZEDU-Edge01-AR6140-aaa]int s 4/0/0
[HZ-HZEDU-Edge01-AR6140-Serial4/0/0]ppp authentication-mode chap
[HZ-HZXiaoYuan-Edge01-AR6140]int s4/0/0
[HZ-HZXiaoYuan-Edge01-AR6140-Serial4/0/0]ppp chap password cipher Huawei123
[HZ-HZEDU-Edge01-AR6140] ip route-static 0.0.0.0 0.0.0.0 10.2.14.1
[HZ-HZXiaoYuan-Edge01-AR6140] ip route-static 192.168.4.0 255.255.255.0 10.2.14.4
Task 9: Route import
In order to allow intranet users to access the education network, it is necessary to import the routing entries in the education network into the campus network, and to ensure the accuracy of the cost calculation to the maximum extent, import static routes into OSPF on HZ-HZXiaoYuan-Edge01-AR6140, and set It is a type 1 external route.
The command to import routes is: Import-route <protocol> type <1/2>
[HZ-HZXiaoYuan-Edge01-AR6140]ospf
[HZ-HZXiaoYuan-Edge01-AR6140-ospf-1]import-route static type 1