多
资
料
获
取
:
ht
tp
:/
/l
ea
rn
in
g.
hu
aw
ei
.c
om
/c
n
RIP Hands-on Exercise Guide Confidentiality Level
n
/c
Tasks .......................................................................................................................................... 4
Topology .................................................................................................................................... 5
om
IP Address Table ........................................................................................................................ 5
.c
Configuration and Verification .................................................................................................. 6
ei
Questions ................................................................................................................................ 14
Configuration List .................................................................................................................... 14
aw
Chapter 2 OSPF Hands-on Exercise Guide ................................................................................ 20
hu
Overview ................................................................................................................................. 20
Objectives................................................................................................................................ 21
g.
Tasks ........................................................................................................................................ 21
in
Topology .................................................................................................................................. 22
rn
IP Address Table ...................................................................................................................... 22
Configuration and Verification ................................................................................................ 23
ea
Questions ................................................................................................................................ 32
/l
Overview ................................................................................................................................. 42
tp
Objectives................................................................................................................................ 43
ht
Tasks ........................................................................................................................................ 43
Topology .................................................................................................................................. 44
:
Questions ................................................................................................................................ 53
Configuration List .................................................................................................................... 53
料
Overview ................................................................................................................................. 62
Objectives................................................................................................................................ 62
多
Tasks ........................................................................................................................................ 62
更
Topology .................................................................................................................................. 63
IP Address Table ...................................................................................................................... 63
Configuration and Verification ................................................................................................ 64
Questions ................................................................................................................................ 70
Configuration List .................................................................................................................... 70
Chapter 5 BGP Advanced Hands-on Exercise Guide ................................................................ 77
Overview ................................................................................................................................. 77
Objectives................................................................................................................................ 78
Tasks ........................................................................................................................................ 78
Topology .................................................................................................................................. 79
IP Address Table ...................................................................................................................... 79
Configuration and Verification ................................................................................................ 80
Questions ................................................................................................................................ 89
Configuration List .................................................................................................................... 89
Chapter 6 Route Import and Control Hands-on Exercise Guide ........................................... 101
Overview ...............................................................................................................................101
n
/c
Objectives..............................................................................................................................101
Tasks ......................................................................................................................................101
om
Topology ................................................................................................................................102
.c
IP Address Table ....................................................................................................................102
ei
Configuration and Verification ..............................................................................................103
Questions ..............................................................................................................................107
aw
Configuration List ..................................................................................................................107
hu
Chapter 7 VLAN Hands-on Exercise Guide ............................................................................. 117
Overview ...............................................................................................................................117
g.
Objectives..............................................................................................................................117
in
Tasks ......................................................................................................................................117
rn
Topology ................................................................................................................................119
IP Address Table ....................................................................................................................119
ea
Questions ..............................................................................................................................128
Configuration List ..................................................................................................................128
:/
Overview ...............................................................................................................................135
ht
Objectives..............................................................................................................................135
Tasks ......................................................................................................................................135
:
Topology ................................................................................................................................136
取
Questions ..............................................................................................................................141
料
Objectives..............................................................................................................................146
更
Tasks ......................................................................................................................................146
Topology ................................................................................................................................147
IP Address Table ....................................................................................................................147
Configuration and Verification ..............................................................................................147
Questions ..............................................................................................................................149
Configuration List ..................................................................................................................149
Chapter 10 STP Hands-on Exercise Guide ............................................................................... 155
Overview ...............................................................................................................................155
Objectives..............................................................................................................................155
Tasks ......................................................................................................................................155
Topology ................................................................................................................................156
IP Address Table ....................................................................................................................156
Configuration and Verification ..............................................................................................157
Questions ..............................................................................................................................161
Configuration List ..................................................................................................................161
Chapter 11 Multicast Hands-on Exercise Guide ...................................................................... 168
n
/c
Overview ...............................................................................................................................168
Objectives..............................................................................................................................169
om
Tasks ......................................................................................................................................169
.c
Topology ................................................................................................................................170
ei
IP Address Table ....................................................................................................................170
Configuration and Verification ..............................................................................................171
aw
Questions ..............................................................................................................................175
hu
Configuration List ..................................................................................................................175
Chapter 12 IPv6 Hands-on Exercise Guide .............................................................................. 185
g.
Overview ...............................................................................................................................185
in
Objectives..............................................................................................................................186
rn
Tasks ......................................................................................................................................186
Topology ................................................................................................................................187
ea
Overview ...............................................................................................................................203
ht
Objectives..............................................................................................................................205
Tasks ......................................................................................................................................205
:
Topology ................................................................................................................................206
取
Questions ..............................................................................................................................213
料
The Routing Information Protocol (RIP) is a simple Interior Gateway Protocol (IGP). It
is used on small-scale networks such as campus networks and simple regional networks. It is
not suitable for complex and large networks.
As a distance-vector routing protocol, RIP exchanges routing information through User
Datagram Protocol (UDP) packets with port 520.
n
RIP measures the distance from a source to a destination by a metric known as hop
/c
count. In RIP, by default, the hop count from a device to its directly connected network is 0,
om
and the hop count from a device to a network that is reachable through another device is 1.
That is, the hop count (metric) equals the number of devices along the path from the local
.c
network to the destination network. To restrict the route convergence time, RIP requires that
the hop count be an integer ranging from 0 to 15. A hop count of 16 is defined as infinite.
ei
That is, the destination network or host is unreachable. Due to this restriction, RIP cannot be
used in large networks.
aw
To improve performance and prevent routing loops, RIP supports split horizon and
hu
poison reverse.
As one of the earliest forms of IGP, RIP is designed for small and medium-scale
g.
networks. RIP implementation, configuration, and maintenance are easier than those of OSPF
and IS-IS, and so RIP is widely used on networks.
in
Objectives
rn
ea
Learn about application scenarios of route summarization and perform the correct
configuration.
:/
Tasks
获
The following topology shows the network of Company A. Deploy the network
料
other devices. Advertise the interfaces identified in the topology, and avoid advertising
多
service networks 1.0.0.0/24, 2.0.0.0/24, 5.0.X.0/24, and 6.0.X.0/24 into RIP because
traffic transmitted on these service networks is special.
更
(2) Import service networks 1.0.0.0/24 and 2.0.0.0/24 into RIP, using the default metric.
Prevent R2 from receiving the RIP packets sent by R1 to ensure security.
(3) Avoid the impact of malicious users connecting to E0/0/1 of R2 on the network, but
enable E0/0/1 to learn current network routes as it may connect to legitimate routers.
(4) Ensure that the metric of routes to service network 1.0.0.0/8 learned on R4 is 4 and
retain the default metric for all other routes. Do not perform the configuration on R4 for
security purposes.
(5) Import only service network segments 6.0.0.0/24 and 6.0.2.0/24 into RIP, and use the
default metric for the imported routes. Use the least number of commands to meet this
requirement.
2015-8-31 Huawei Confidential Page 4 of 226
RIP Hands-on Exercise Guide Confidentiality Level
(6) Import service network 5.0.X.0/24 into RIP, and summarize routes to improve efficiency.
To prevent routing loops, do not use static routes.
(7) Prevent R5 and R6 from directly exchanging routes for security purposes, but allow
their networks to be reachable by one another.
(8) Enable R4 that connects to the Internet as well as all the other devices to access the
Internet.
(9) Adjust RIP timers on the entire network to speed up RIP convergence. For example, set
the update and aging timers to 20s and 100s respectively, and adjust the garbage-collect
timer according to service requirements.
n
(10) Configure plain-text authentication on some devices to ensure security, and set the
/c
password to Huawei.
om
Topology
.c
ei
aw
hu
g.
in
rn
ea
/l
:/
tp
ht
:
取
IP Address Table
获
Default
Device Interface IP Address Subnet Mask
料
Gateway
资
R2
E0/0/1 20.0.0.2 255.255.255.0 N/A
更
1. Run the default RIP version on R1 since R1 is a legacy device, and run
RIPv2 on all other devices. Advertise the interfaces identified in the topology,
and avoid advertising service networks 1.0.0.0/24, 2.0.0.0/24, 5.0.X.0/24, and
6.0.X.0/24 into RIP because traffic transmitted on these service networks is
n
special.
/c
Perform basic configuration according to the address table, and then run the display rip
om
1 interface command to check whether RIP is enabled on related interfaces and whether
.c
interface addresses are configured correctly. The following uses the display of R2 as an
example.
ei
[R2]display rip 1 interface
aw
Interface IP Address State Protocol MTU
hu
Eth0/0/1 20.0.0.2 UP RIPv2 Multicast 500
Eth0/0/0 192.168.1.2 UP
g.
RIPv2 Multicast 500
in
During the configuration, advertise addresses of R2 interface (E0/0/1) and R4 interface
rn
(G0/0/1) in RIP to meet the requirement that interfaces identified in the experimental
topology be advertised.
ea
You can also run the following commands to verify the results:
display ip routing-table
/l
2. Import service networks 1.0.0.0/24 and 2.0.0.0/24 into RIP, using the default
tp
security.
:
RIP can enable the function of silent-interface to limit the packet sending from this
interface, also we can use the command "undo rip input/output "under interface. What’s more,
取
view the RIP routing tables of R1 and R2. The following RIP routing tables show only key
料
Destinations : 4 Routes : 4
Destinations : 2 Routes : 2
n
/c
Destination/Mask Proto Pre Cost Flags NextHop Interface
om
34.1.1.0/24 RIP 100 1 D 192.168.1.3 Ethernet0/0/0
.c
192.168.2.0/24 RIP 100 2 D 192.168.1.3 Ethernet0/0/0
ei
During the configuration, control the routes to be imported to meet the requirement that
only external network routes 1.0.0.0/24 and 2.0.0.0/24 are imported. Therefore, other external
aw
routes must be filtered.
R1 runs the default version, while R2 and R3 run RIPv2. Version compatibility must be
hu
considered. When RIP version is not specified for a Huawei device, the device can receive
g.
both RIPv1 and RIPv2 packets but can send only RIPv1 packets.
To meet the requirement that R2 not receive the RIP packets sent by R1, R1 should
in
unicast Update packets to R3, but R2 can accept RIPv2 broadcast packets, so R3 must update
by RIPv2 broadcast . When RIP version is not specified for a Huawei device, the device
rn
broadcasts update packets. You can also run the following command to verify the results:
display rip 1 route
ea
network, but enable E0/0/1 to learn current network routes as it may connect
to legitimate routers.
tp
ht
After completing this task, run the debugging rip 1 receive Ethernet 0/0/1 command.
The command output is empty.
:
According to the requirement, R2 interface E0/0/1 has been advertised in RIP. Therefore,
the command output includes RIP information on this interface. How to filter RIP update
取
4 and retain the default metric for all other routes. Do not perform the
configuration on R4 for security purposes.
资
多
After completing this task, run the display ip routing-table command to view the IP
routing table of R4. The following IP routing table shows only key information, while other
更
information is omitted.
[R4]display ip routing-table
During the configuration, to meet the requirement that the metric of route to 1.0.0.0/8
learned on R4 be 4, ensure that the cost of other RIP routes learned on R4 remains
unchanged.
You can also run the following command to verify the results:
display rip 1 route
5. Import only service network segments 6.0.0.0/24 and 6.0.2.0/24 into RIP, and
n
use the default metric for the imported routes. Use the least number of
/c
commands to meet this requirement.
om
After completing this task, run the display ip routing-table protocol rip command to
view the RIP routing table of R4. The following RIP routing table shows only key
.c
information, while other information is omitted.
ei
[R4]display ip routing-table protocol rip
aw
RIP routing table status : <Active>
hu
Destinations : 6 Routes : 6
You can also run the following commands to verify the results:
display acl all
获
display ip ip-prefix
料
After completing this task, run the display ip routing-table command to view the RIP
更
routing table of R4. The following IP routing table shows only key information, while other
information is omitted.
[R4]display ip routing-table
n
To perform classful route summarization, summarize 5.0.X.0/24 into 5.0.0.0/8.
/c
When a Huawei device performs automatic or manual summarization, the device does
om
not generate routes pointing to Null0. Therefore, consider how to prevent routing loops after
route summarization is performed.
.c
You can also run the following commands to verify the results:
display ip ip-prefix
ei
display route-policy
aw
7. Prevent R5 and R6 from directly exchanging routes for security purposes,
hu
but allow their networks to be reachable by one another.
g.
After completing this task, run the display rip 1 neighbor and display ip routing-table
commands to view the neighbors and IP routing tables of R5 and R6, and perform ping tests
in
between them. Only key information is displayed, while other information is omitted.
rn
---------------------------------------------------------------------
/l
---------------------------------------------------------------------
tp
---------------------------------------------------------------------
资
---------------------------------------------------------------------
更
[R5]display ip routing-table
n
/c
192.168.1.0/24 RIP 100 2 D 192.168.2.4 Ethernet0/0/0
om
.c
[R6]display ip routing-table
ei
Destination/Mask Proto Pre Cost Flags NextHop Interface
aw
1.0.0.0/8 RIP 100 5 D 192.168.2.4 Ethernet0/0/0
hu
2.0.0.0/8 RIP 100 3 D 192.168.2.4 Ethernet0/0/0
[R5]ping 6.0.0.1
:
[R6]ping 5.0.0.1
By default, R5 and R6 multicast update packets. That is, R5 and R6 receive update
packets from one another.
When R5 and R6 send RIP update packets only to R4, R4 does not send the update
packets back to R5 or R6 via the inbound interface of the update packets due to the loop
n
prevention mechanism.
/c
You can also run the following command to verify the results:
om
debugging rip 1
.c
8. Enable R4 that connects to the Internet as well as all the other devices to
access the Internet.
ei
aw
RIP must combine the static default route to advertise dynamic default route.
After completing this task, run the display ip routing-table command to view the IP
hu
routing tables of R1 and R4. The following IP routing table shows only key information,
while other information is omitted.
g.
[R1]display ip routing-table
in
Destination/Mask Proto Pre Cost Flags NextHop Interface
rn
[R4]display ip routing-table
更
9. Adjust RIP timers on the entire network to speed up RIP convergence. For
n
/c
example, set the update and aging timers to 20s and 100s respectively, and
adjust the garbage-collect timer according to service requirements.
om
After completing this task, run the display rip 1 command to view the settings of timers.
.c
The following uses the display of R1 as an example. Only key information is displayed,
ei
while other information is omitted.
[R1]display rip 1
aw
Public VPN-instance
hu
g.
RIP process : 1
in
RIP version : 1
rn
Preference : 100
ea
Checkzero : Enabled
/l
Default-cost : 0
:/
Summary : Enabled
tp
Host-route : Enabled
ht
Actually, there is no direct relationship between the update and garbage-collect timers.
料
However, the test experience tells us that the update timer value should be smaller than the
资
After completing this task, run the display rip 1 interface command to view the
authentication settings. The following uses the display of R4 as an example.
[R4]display rip 1 interface verbose
GigabitEthernet0/0/0(34.1.1.4)
Metricin : 0
Metricout : 1
n
/c
Receive version : RIPv2 Multicast and Broadcast Packets
om
Poison-reverse : Disabled
.c
Split-Horizon : Enabled
ei
Authentication type : Simple
aw
Replay Protection : Disabled
hu
GigabitEthernet0/0/1(40.0.0.4)
Metricout : 1
ea
/l
Poison-reverse : Disabled
取
Split-Horizon : Enabled
获
Ethernet0/0/0(192.168.2.4)
多
Metricin : 0
Metricout : 1
Poison-reverse : Disabled
Split-Horizon : Disabled
n
The authentication password is case-sensitive. R1 runs the Huawei default version,
/c
which does not support authentication. Therefore, pay more attention when performing
om
configurations on R1, R2, and R3.
.c
Questions
ei
In requirement 2, when version compatibility is not considered, can R2 learn routes to
aw
1.0.0.0/24 based on the existing configuration?
R2 can’t receive R3’s update about 1.0.0.0/24 even if RIPv1 compatible with RIPv2.
hu
RIP has default rule of split-horizon under interface so the segment network 1.0.0.0 will
never send again from the interface E3/0/0 in R3 unless we disable split-horizon.
g.
In requirement 4, why does 1.0.0.0/8 but not 1.0.0.0/24 exist?
RIP doesn’t support VLSM by using RIPv1. RIPv1 processes packets based on the main
in
class network segment mask or interface address mask so R3 gets 1.0.0.0/8
rn
In requirement 7, does any problem occur when you ping 6.1.1.1 from R5, if so, how to
solve the problem, and why are routes to the peer end learned by R5 and R6?
ea
When R5 tries to ping 6.1.1.1, the request will send to R4, R4 will choose G0/0/1 as
output interface via default route. But the route can’t arrive because it’s not real in this
/l
topology so we need to configure a static route with Null0 as next hop to avoid loop.
Because RIPv2 enable the feature of summary by default so R5 and R6 all get /8 routes.
:/
Configuration List
ht
:
<R1>display current-configuration
取
#
获
sysname R1
料
#
资
interface Ethernet0/0/0
多
interface LoopBack0
rip 1
peer 192.168.1.3
network 192.168.1.0
silent-interface Ethernet0/0/0
n
/c
#
om
route-policy DIRECT permit node 10
.c
if-match ip-prefix 10
ei
#
aw
ip ip-prefix 10 index 10 permit 1.0.0.0 24
hu
#
return
g.
in
rn
<R2>display current-configuration
ea
/l
#
:/
sysname R2
tp
#
ht
interface Ethernet0/0/0
:
interface Ethernet0/0/1
获
#
多
interface LoopBack0
更
rip 1
version 2
network 192.168.1.0
network 20.0.0.0
n
/c
if-match ip-prefix 10
om
#
.c
ip ip-prefix 10 index 10 permit 2.0.0.0 24
ei
#
aw
return
hu
<R3>display current-configuration
g.
in
#
rn
sysname R3
ea
/l
#
:/
interface Ethernet0/0/0
tp
#
取
interface GigabitEthernet0/0/0
获
#
更
rip 1
version 2
network 192.168.1.0
network 34.0.0.0
return
n
/c
<R4>display current-configuration
om
#
.c
sysname R4
ei
#
aw
interface Ethernet0/0/0
hu
ip address 192.168.2.4 255.255.255.0
interface GigabitEthernet0/0/0
ea
/l
#
ht
interface GigabitEthernet0/0/1
:
#
料
rip 1
资
default-route originate
多
version 2
更
network 192.168.2.0
network 34.0.0.0
network 40.0.0.0
return
<R5>display current-configuration
n
/c
#
om
sysname R5
.c
#
ei
interface Ethernet0/0/0
aw
ip address 192.168.2.5 255.255.255.0
hu
rip authentication-mode simple plain Huawei
interface LoopBack0
ea
/l
#
tp
interface LoopBack1
ht
#
取
interface LoopBack2
获
#
资
interface LoopBack3
多
rip 1
version 2
peer 192.168.2.4
network 192.168.2.0
silent-interface Ethernet0/0/0
n
/c
if-match ip-prefix 10
om
#
.c
ip ip-prefix 10 index 10 permit 5.0.0.0 22 greater-equal 24 less-equal 24
ei
#
aw
return
hu
<R6>display current-configuration
g.
in
#
rn
sysname R6
ea
/l
#
:/
#
:
interface Ethernet0/0/0
取
#
资
interface LoopBack0
多
interface LoopBack1
interface LoopBack2
interface LoopBack3
n
/c
rip 1
om
version 2
.c
peer 192.168.2.4
ei
network 192.168.2.0
aw
silent-interface Ethernet0/0/0
hu
timers rip 20 100 30
#
tp
return
ht
:
Overview
获
料
IETF developed Open Shortest Path First (OSPF), a link state Internal Gateway Protocol
(IGP), as an enhancement to distance-vector routing protocols in the late 1980s.
资
OSPF version 1 (OSPFv1) was first defined in RFC 113 but was soon replaced by OSPF
version 2 (OSPFv2) defined in RFC 1247. OSPFv2 made great improvements in stability and
多
functionality, and is used on existing IPv4 networks,but OSPFv3 is mainly used for IPv6
更
network.
With advantages of fast convergence, no loop, and good scalability, OSPF as a link state
routing protocol is widely applied. A link state routing protocol advertises link state
information. Each router on a network sends its own link state information (including the IP
address and subnet mask of the interface, network type, and link cost) to other routers. After
all routers collect all link state information on the network, they know the entire network
topology and use the shortest path first (SPF) algorithm to calculate the shortest paths to all
network segments.
OSPF allows multiple areas on a network. An area is regarded as a logical group, and
each group is identified by a 32 bit area ID. A network segment or a link belongs to only one
2015-8-31 Huawei Confidential Page 20 of 226
RIP Hands-on Exercise Guide Confidentiality Level
area. That is, you must specific the area to which each OSPF-enabled interface belongs. Area
0 is the OSPF backbone area and is responsible for advertising routing information between
non-backbone areas. There is only one backbone area on an OSPF network.
In a single OSPF area, each router needs to collect link state information from all other
routers. When a large number of routers run OSPF, there is much link state information and
the sizes of link state databases (LSDBs) on routers become large accordingly, increasing
loads on the routers and complicating maintenance and management. To resolve this issue,
OSPF partitions the Autonomous System (AS) into different areas.
Link state information is flooded only within the local area. Routers advertise only the
number of routes among areas, greatly reducing loads on routers. A router that belongs to
n
/c
different areas is called the Area Border Router (ABR). The ABR is used to transmit
inter-area routing information. The way in which inter-area routing information is transmitted
om
is similar to the distance-vector algorithm. To prevent loops between areas, ensure that
routing information between non-backbone areas is forwarded through the backbone area.
.c
That is, each non-backbone area is connected to the backbone area, and routers in
non-backbone areas cannot exchange routing information with each other.
ei
aw
Objectives
hu
Upon completion of this exercise guide, you will be able to:
Configure a single OSPF area and multiple OSPF areas.
g.
Configure Not-So-Stubby Area (NSSA) areas.
Configure OSPF route filtering.
in
Configure OSPF route summarization.
rn
Configure OSPF authentication.
Configure OSPF to advertise default routes.
ea
Tasks
tp
The following topology shows the network of Company A. Deploy the network
ht
(1) Configure multiple OSPF areas. Configure Routing Information Protocol Version 2
(RIPv2) between R3 and R6, and between R4 and R6. Configure Loopback 0 interfaces
取
on R1, R2, R3, and R4 to advertise routes to Area 0. Configure R5 to advertise routes to
Area 1 and R6’s direct-connected interfaces to advertise routes to RIP.
获
(3) On R3 and R4, configure OSPF and RIP to import routes from each other, and import
routes of network segments 192.168.10.0/24 and 192.168.20.0/24 to OSPF.
多
(4) Configure Area 2 as an NSSA area to reduce the number of LSAs (including Type 3 and
Type 5 LSAs) in Area 2.
更
(5) Perform the configurations only on R3 to ensure that R5 accesses network segment
192.168.10.0/24 through R1 and accesses network segment 192.168.20.0/24 through
R2.
(6) Eliminate existing suboptimal paths on the OSPF network.
(7) Improve robustness of the OSPF network to ensure that the physical link between R1
and R2 is stable.
(8) Optimize the OSPF routing table on R5, reduce the number of LSAs to maintain, and
summarize the two network segments on R5.
(9) Adjust OSPF timers based on the status of the link between R2 and R4.
(10) Configure cipher text authentication in OSPF areas to improve security of the OSPF
network.
Topology
n
/c
om
.c
ei
aw
hu
g.
in
rn
ea
/l
:/
IP Address Table
tp
Default
Subnet Mask
ht
R2
S1/0/0 10.0.24.2 255.255.255.0 N/A
更
n
G0/0/0 10.0.36.6 255.255.255.0 N/A
/c
R6 G0/0/1 10.0.46.6 255.255.255.0 N/A
om
Loopback 0 10.0.6.6 255.255.255.255 N/A
.c
Configuration and Verification
ei
aw
1. Configure multiple OSPF areas. Configure RIPv2 between R3 and R6, and
between R4 and R6. Configure Loopback 0 interfaces on R1, R2, R3, and R4
hu
to advertise routes to Area 0. Configure R5 to advertise routes to Area 1 and
R6’s direct-connected interfaces to advertise routes to RIP.
g.
in
Perform basic configurations according to the IP address table, and then check whether
OSPF neighbor relationships are established, whether devices can receive routes from
rn
Loopback 0 interfaces on other devices, and whether the RIP routing domain is properly
ea
working. The following uses the display of R3 as an example. (The following table lists only
key information, and as such some information is omitted.)
/l
[R3]display ip routing-table
:/
-------------------------------------------------------------------------
ht
Destinations : 28 Routes : 29
取
n
/c
192.168.10.0/24 RIP 100 1 D 10.0.36.6 GigabitEthernet0/0/2
om
192.168.20.0/24 RIP 100 1 D 10.0.36.6 GigabitEthernet0/0/2
.c
You can also run the following commands to verify the result:
display ospf peer brief
ei
display ip routing-table protocol ospf
aw
display rip 1 route
display ospf routingdisplay ip routing-table protocol rip
hu
g.
2. Configure R6 to advertise routes of internal network segments
192.168.10.0/24 and 192.168.20.0/24 to RIP. Configure R5 to import routes of
in
external network segments 172.16.10.0/24 and 172.16.20.0/24 to OSPF.
rn
RIP only supports advertise routes in classful format, but it can be identified in RIPv2
ea
by using VLSM.
Note that only network segments 172.16.10.0/24 and 172.16.20.0/24 on R5 need to be
/l
added.
After completing this task, run the display ip routing-table command to view the
:/
routing table of R1. (The following table lists only key information, and as such some
tp
information is omitted.)
[R1]display ip routing-table
ht
:
-------------------------------------------------------------------------
获
Destinations : 23 Routes : 23
资
3. On R3 and R4, configure OSPF and RIP to import routes from each other,
and import routes of network segments 192.168.10.0/24 and 192.168.20.0/24
to OSPF.
After completing this task, run the display ospf routing command to view the OSPF
routing table of R3 & R4. (The following table lists only key information, and as such some
information is omitted.)
2015-8-31 Huawei Confidential Page 24 of 226
RIP Hands-on Exercise Guide Confidentiality Level
Routing Tables
n
/c
172.16.0.0/16 2 Type2 1 10.0.13.1 10.0.5.5
om
192.168.10.0/24 1 Type2 1 202.101.34.4 10.0.4.4
.c
192.168.20.0/24 1 Type2 1 202.101.34.4 10.0.4.4
ei
Routing for NSSAs
aw
Destination Cost Type Tag NextHop AdvRouter
hu
192.168.10.0/24 1 Type2 1 10.0.34.4 10.0.4.4
192.168.20.0/24 1 Type2 1
g.
10.0.34.4 10.0.4.4
in
rn
Routing Tables
tp
-------------------------------------------------------------------------
Destinations : 27 Routes : 28
n
/c
192.168.10.0/24 O_ASE 150 1 D 10.0.15.1 GigabitEthernet0/0/0
om
192.168.20.0/24 O_ASE 150 1 D 10.0.15.1 GigabitEthernet0/0/0
.c
4. Configure Area 2 as an NSSA area to reduce the number of LSAs (including
ei
Type 3 and Type 5 LSAs) in Area 2.
aw
Totally Stub and totally NSSA can achieve this.
hu
NSSA achieves this task here, only the owner of the biggest Router-ID ABR can carry
out LSA-7 into LSA-5, but it can be modified by command then more than one ABR can
g.
execute this operation. Because R4’s Router-ID is bigger than R3, R4 carries out this
transform by default.
in
R3 and R4 in Area 2 function as Autonomous System Boundary Routers (ASBRs).
Therefore, the task can be completed after Area 2 is configured as an NSSA area.
rn
After completing this task, run the display ospf lsdb command to view the routing table
ea
of R3. (The following table lists only key information, and as such some information is
omitted.)
/l
Area: 0.0.0.2
:
n
OSPF imports external routes with Type-2 format by default and they keep metric 1 in
/c
the whole process, but the type and metric can be changed. Type-1 is higher than Type-2.
OSPF needs to choice the nearest path to arrive the ASBR as next-hop by using LSA-4 when
om
receive many same external routes.
Based on the configuration result in the default situation and the requirement for the
.c
configuration only on R3, adjust costs of default routes on R3 to perform the task.
ei
After completing this task, run the display ip routing-table & display ospf routing
command to view the routing table of R5. (The following table lists only key information,
aw
and as such some information is omitted.)
hu
[R5]display ip routing-
g.
Route Flags: R - relay, D - download to fib
in
-------------------------------------------------------------------------
rn
Destinations : 27 Routes : 28
/l
Routing Tables
资
n
/c
192.168.20.0/24 1 Type2 1 10.0.25.2 10.0.4.4
om
Total Nets: 9
.c
Intra Area: 3 Inter Area: 4 ASE: 2 NSSA: 0
ei
aw
<R5>tracert -a 172.16.10.1 192.168.10.1
hu
traceroute to 192.168.10.1(192.168.10.1), max hops: 30 ,packet length: 40,press
CTRL_C to break
g.
in
1 10.0.15.1 50 ms 10 ms 50 ms
rn
2 10.0.13.3 50 ms 60 ms 90 ms
ea
/l
CTRL_C to break
取
1 10.0.25.2 20 ms 20 ms 40 ms
获
2 10.0.24.4 60 ms 80 ms 70 ms
料
R2 and R4 are connected through a serial link which bandwidth is much smaller than
that of an Ethernet link. Test loopback 0 as an example so that routes mapping network
segments where loopback 0 interfaces of other devices reside are optimal.
R3’s Loopback0 and R4’s Loopback0 all stay on Area 0 and inter route better than intra
route, so R4’s Loopback0 wants to access R3’s Loopback0 must be transferred by R2. Here
must set up a virtual link to connect R3 and R4 and GRE tunnel can be used to finish them
with suitable cost.
After completing this task, run the display ip routing-table command to view the
routing table of R5 and R3. (The following table lists only key information, and as such some
information is omitted.)
2015-8-31 Huawei Confidential Page 28 of 226
RIP Hands-on Exercise Guide Confidentiality Level
-------------------------------------------------------------------------
Destinations : 15 Routes : 16
n
/c
OSPF routing table status : <Active>
om
Destinations : 15 Routes : 16
.c
Destination/Mask Proto Pre Cost Flags NextHop Interface
ei
10.0.1.1/32 OSPF 10 1 D 10.0.15.1 GigabitEthernet0/0/0
aw
10.0.2.2/32 OSPF 10 1 D 10.0.25.2 GigabitEthernet0/0/1
hu
10.0.3.3/32 OSPF 10 2 D 10.0.15.1 GigabitEthernet0/0/0
break
tp
1 202.101.34.4 20 ms 50 ms 40 ms
ht
:
<R3>display ip routing-table
取
7. Improve robustness of the OSPF network to ensure that the physical link
between R1 and R2 is stable.
2015-8-31 Huawei Confidential Page 29 of 226
RIP Hands-on Exercise Guide Confidentiality Level
OSPF rules backbone area can’t be divided, Area 0 will be divided into two isolated
areas when the physical link between R1 and R2 has a breakdown.
Virtual-link is a virtual link used to fix a divided backbone area to keep it complete and
resolve discontinuous area; it also can be used as a backup link.
Analyze the result of the physical link disconnection between R1 and R2. Perform OSPF
configurations to improve network robustness based on the analysis result.
After completing this task, run the display ospf vlink command to view the OSPF vlink
of R1. (The following table lists only key information, and as such some information is
omitted.)
n
<R1>display ospf vlink
/c
OSPF Process 1 with Router ID 10.0.1.1
om
Virtual Links
.c
ei
Virtual-link Neighbor-id -> 10.0.2.2, Neighbor-State: Full
aw
Interface: 10.0.15.1 (GigabitEthernet0/0/2)
hu
Cost: 2 State: P-2-P Type: Virtual
g.
Transit Area: 0.0.0.1 in
Timers: Hello 10 , Dead 40 , Retransmit 5 , Transmit Delay 1
rn
8. Optimize the OSPF routing table on R5, reduce the number of LSAs to
ea
OSPF and ISIS are all link-state protocols so they transfer route by LSA and LSP and
:/
the real route information can’t see. But OSPF transfers real routes in flooding LSA-3,
LSA-5 and LSA-7. R1 and R2 all need to filter LSA-3 with filter-policy in area 1.
tp
Know differences between route filtering and LSA filtering. Run proper commands to
ht
routing table of R5. (The following table lists only key information, and as such some
information is omitted.)
取
-------------------------------------------------------------------------
资
Destinations : 6 Routes : 6
Destinations : 6 Routes : 6
n
/c
OSPF routing table status : <Inactive>
om
Destinations : 0 Routes : 0
.c
9. Adjust OSPF timers based on the status of the link between R2 and R4.
ei
Understand rules for setting up OSPF neighbor relationships and adjust OSPF timers
aw
based on the actual situation.
hu
Serial link is a low-speed line, OSPF keep the default Hello and Dead interval as 10s
and 40s by default.
g.
After completing this task, run the display ospf interface all command to view the
Hello interval of R2. (The following table lists only key information, and as such some
in
information is omitted.)
rn
<R2>display ospf interface all
ea
Interfaces
:/
Configure cipher text authentication in the three OSPF areas and set the key to huawei.
After completing this task, run the display ospf peer GigabitEthernet 0/0/1 command
多
to view the authentication of R2. (The following table lists only key information, and as such
some information is omitted.)
更
Neighbors
n
/c
Authentication Sequence: [ 95]
om
Questions
.c
After requirement 6 is met, is requirement 5 still met? If not, analyze the reason and
ei
work out a solution.
aw
When request 6 is met, R5 will refer to LSA-4 to choose the best route to ASBR-R4.
Now, we can compare the OSPF routing-table before and after creating the tunnel0/0/0.
hu
After completing this task, run the display ospf routing command to view the OSPF
routing of R5. (The following table lists only key information, and as such some information
g.
is omitted.) in
Tunnel unestablished:
rn
Routing Tables
:/
Tunnel established:
Routing Tables
n
/c
192.168.20.0/24 1 Type2 1 10.0.15.1 10.0.4.4
om
Path can be chosen by setting policy-based-route on R5 and modifying output interface
or next hop.
.c
Configuration List
ei
aw
<R1>display current-configuration
hu
#
g.
sysname R1 in
#
rn
#
获
interface GigabitEthernet0/0/0
料
#
多
interface GigabitEthernet0/0/1
更
interface GigabitEthernet0/0/2
interface LoopBack0
area 0.0.0.0
n
/c
authentication-mode md5 1 plain huawei
om
network 10.0.1.1 0.0.0.0
.c
network 10.0.12.1 0.0.0.0
ei
network 10.0.13.1 0.0.0.0
aw
area 0.0.0.1
hu
authentication-mode md5 1 plain huawei
#
:/
#
:
#
获
return
料
资
<R2>display current-configuration
多
#
更
sysname R2
interface Serial1/0/0
n
/c
link-protocol ppp
om
ip address 10.0.24.2 255.255.255.0
.c
ospf timer hello 60
ei
#
aw
interface GigabitEthernet0/0/1
hu
ip address 10.0.12.2 255.255.255.0
#
g.
in
interface GigabitEthernet0/0/2
rn
#
:/
interface LoopBack0
tp
#
:
area 0.0.0.0
获
area 0.0.0.1
n
/c
#
om
user-interface con 0
.c
authentication-mode password
ei
idle-timeout 0 0
aw
user-interface vty 0 4
hu
user-interface vty 16 20
#
g.
in
return
rn
ea
/l
<R3>display current-configuration
:/
#
tp
sysname R3
ht
#
:
#
多
interface GigabitEthernet0/0/0
更
interface GigabitEthernet0/0/1
interface GigabitEthernet0/0/2
interface LoopBack0
n
/c
#
om
interface Tunnel0/0/0
.c
ip address 202.101.34.3 255.255.255.0
ei
tunnel-protocol gre
aw
source 10.0.34.3
hu
destination 10.0.34.4
ospf cost 1
g.
in
ospf network-type broadcast
rn
#
ea
/l
area 0.0.0.0
ht
area 0.0.0.2
资
nssa no-summary
rip 1
version 2
network 10.0.0.0
import-route ospf 1
n
/c
route-policy R2O permit node 20
om
if-match acl 2001
.c
apply cost 50
ei
#
aw
return
hu
<R4>display current-configuration
g.
in
#
rn
sysname R4
ea
/l
#
:/
#
取
interface Serial1/0/0
获
link-protocol ppp
料
#
更
interface GigabitEthernet0/0/0
interface GigabitEthernet0/0/2
interface LoopBack0
interface Tunnel0/0/0
n
/c
ip address 202.101.34.4 255.255.255.0
om
tunnel-protocol gre
.c
source 10.0.34.4
ei
destination 10.0.34.3
aw
ospf cost 1
hu
ospf network-type broadcast
#
g.
in
ospf 1 router-id 10.0.4.4
rn
area 0.0.0.0
:/
area 0.0.0.2
获
nssa no-summary
多
#
更
rip 1
version 2
network 10.0.0.0
import-route ospf 1
return
n
/c
<R5>display current-configuration
om
#
.c
sysname R5
ei
#
aw
ip local policy-based-route R5
hu
#acl number 2000
#
ea
/l
#
ht
interface GigabitEthernet0/0/0
:
#
获
interface GigabitEthernet0/0/1
料
#
多
interface LoopBack0
更
interface LoopBack1
interface LoopBack2
n
/c
import-route direct route-policy D2O
om
area 0.0.0.1
.c
authentication-mode md5 1 plain huawei
ei
network 10.0.5.5 0.0.0.0
aw
network 10.0.15.5 0.0.0.0
hu
network 10.0.25.5 0.0.0.0
#
g.
in
route-policy D2O permit node 10
rn
#
:/
#
获
return
料
资
<R6>display current-configuration
多
#
更
sysname R6
interface GigabitEthernet0/0/0
interface GigabitEthernet0/0/1
interface LoopBack0
n
/c
#
om
interface LoopBack1
.c
ip address 192.168.10.1 255.255.255.0
ei
#
aw
interface LoopBack2
hu
ip address 192.168.20.1 255.255.255.0
#
g.
in
rip 1
rn
version 2
ea
/l
network 10.0.0.0
:/
network 192.168.10.0
tp
network 192.168.20.0
ht
#
:
return
取
获
Overview
多
n
Objectives
/c
Upon completion of this exercise guide, you will be able to:
om
Configure IS-IS.
Use IS-IS in different network environments.
.c
Change the IS-IS cost.
ei
Configure IS-IS authentication modes.
Configure IS-IS route aggregation.
aw
Configure route leaking in different areas.
Configure a router to advertise default routes.
hu
Tasks
g.
in
The following topology shows the network of Company A. Deploy the network
according to the following requirements:
rn
(1) Add R1 to area 49.0001, add R2, R3, R4, and R5 to area 49.0002, and add R6 to area
49.0006. Set the system ID of each router to 0000.0000.000X.
ea
(2) Configure IS-IS on interfaces according to the topology. Run IS-IS on E1/0/0 of R6 and
/l
disable E1/0/0 from sending any IS-IS packets to its directly connected network segment.
Enable routers in the IS-IS area to learn addresses of the network segment directly connected
:/
to E1/0/0.
(3) Configure R1 as a Level-2 router, R2 and R3 as Level-1-2 routers, R4 and R5 as Level-1
tp
because routers are difficult to maintain when identified using only system IDs.
:
(5) Ensure that no DIS exists between R4 and R5, and establish a neighbor relationship between
them.
取
(9) Only configure R4 to import directly connected network segment 4.0.X.0/24 to the IS-IS area
and do not summary, configure R1 to import directly connected network segment 1.0.X.0/24
多
to the IS-IS area, and perform optimal aggregation. Use as few commands as possible.
(10) Disable R2 and R3 from advertising 4.0.0.0/24 and 4.0.2.0/24 to area 49.0001, configure
更
ACLs and disable routing policies on R2 and R3. Ensure that R4 and R5 can learn the
aggregated network segment 1.0.X.0/24, and disable routing policies on R4 and R5.
(11) Disable R6 from adding aggregated routes generated by R1 to the routing table. Enable R6 to
advertise a default route when routing information for network segment 1.0.X.0/24 exists on
R1.
Topology
n
/c
om
.c
ei
aw
hu
g.
in
IP Address Table
rn
Default
ea
1. Add R1 to area 49.0001, add R2, R3, R4, and R5 to area 49.0002, and add R6
to area 49.0006. Set the system ID of each router to 0000.0000.000X.
n
/c
Perform basic configuration according to the "IP Address Table", and then run the
display isis 1 brief command to view brief IS-IS information. The following uses the display
om
of R1 as an example. The table shows only key information, while other information is
.c
omitted.
[R1]display isis 1 brief
ei
aw
ISIS Protocol Information for ISIS(1)
hu
-------------------------------------
g.
SystemId: 0000.0000.0001 System Level: L12 in
Area-Authentication-mode: NULL
rn
Domain-Authentication-mode: NULL
ea
During the configuration, view and understand the requirements to avoid incorrect
ht
configuration.
:
of R6 and disable E1/0/0 from sending any IS-IS packets to its directly
connected network segment. Enable routers in the IS-IS area to learn
获
After completing this task, run the display isis interface command to view interfaces
资
that have IS-IS enabled, run the display isis peer command to view IS-IS neighbors, and run
the display ip routing-table protocol isis command to view the IS-IS routing table. The
多
following uses the display of R1 as an example. The table shows only key information, while
other information is omitted.
更
n
/c
System Id Interface Circuit Id State HoldTime Type PRI
om
-------------------------------------------------------------------------------
.c
0000.0000.0006 GE0/0/0 0000.0000.0006.01 Up 8s L2(L1L2) 64
ei
0000.0000.0002 S2/0/0.2 0000000002 Up 22s L2 --
aw
0000.0000.0003 S2/0/0.3 0000000001 Up 23s L2 --
hu
[R1]display ip routing-table protocol isis
g.
in
Destination/Mask Proto Pre Cost Flags NextHop Interface
rn
When IS-IS runs in a frame relay (FR) network, you need to configure FR interfaces as
更
sub-interfaces that work in P2P mode, otherwise, IS-IS neighbor relationships cannot be
established even if the network type is changed.
IS-IS only support broadcast and P2P network type by default.
In addition, you should understand IS-IS features when configuring IS-IS on E1/0/0 of
R6. IS-IS can disable a certain interface to receive and send data, so the build of the IS-IS
neighbor and transfer of route information can be controlled. You can also run the following
command to verify the results:
display isis lsdb
display isis route
display isis peer
2015-8-31 Huawei Confidential Page 46 of 226
RIP Hands-on Exercise Guide Confidentiality Level
After completing this task, run the display isis brief command to view the level at
which a device works. The following uses the display of R1 as an example. The table shows
only key information, while other information is omitted.
[R1]display isis 1 brief
n
/c
-------------------------------------
om
SystemId: 0000.0000.0001 System Level: L2
.c
Area-Authentication-mode: NULL
ei
Domain-Authentication-mode: NULL
aw
Ipv6 is not enabled
hu
ISIS is in invalid restart status
g.
in
ISIS is in protocol hot standby state: Real-Time Backup
interfaces. You cannot run the is-level command to configure R6 as a Level-2 router.
ea
You can also run the following command to verify the results:
display isis peer
/l
4. Run proper commands to configure the names (such as R1, R2, and R3) of
:/
the routers because routers are difficult to maintain when identified using
tp
After completing this task, run the display isis name-table command to view the
mapping between the host name and system ID of local and remote IS-IS routers. The
:
following uses the display of R1 as an example. The table shows only key information, while
other information is omitted.
取
-------------------------------------------------------------------------------
更
0000.0000.0001 R1 DYNAMIC
0000.0000.0002 R2 DYNAMIC
0000.0000.0003 R3 DYNAMIC
0000.0000.0006 R6 DYNAMIC
The host name is delivered to each router running IS-IS through LSPs. Note that the
length of a specified dynamic host name is limited within 64 bits
IS-IS can name the remote device by the command “is-name 0001.0001.0001 R1”, so
2015-8-31 Huawei Confidential Page 47 of 226
RIP Hands-on Exercise Guide Confidentiality Level
5. Ensure that no DIS exists between R4 and R5, and establish a neighbor
relationship between them.
After completing this task, view the network type of connected interfaces on R4 and R5.
The following uses the display of R5 as an example. The table shows only key information,
n
while other information is omitted.
/c
[R5]display isis interface Ethernet 1/0/0 verbose
om
Interface information for ISIS(1)
.c
---------------------------------
ei
Interface Id IPV4.State IPV6.State MTU Type DIS
aw
Eth1/0/0 003 Up Down 1497 L1/L2 --
hu
Circuit MT State : Standard
g.
Circuit Parameters : p2p
in
rn
Description : HUAWEI, AR Series, Ethernet1/0/0 Interface
ea
IP Address : 45.1.1.5
:/
You can also run the following command to verify the results:
display isis peer
取
After completing this task, run the display isis cost interface command to view the cost
资
of each interface. The following uses the display of R1 as an example. The table shows only
key information, while other information is omitted.
多
Interface: GE0/0/0
Topology base(0):
n
/c
7. Use a proper authentication mode to authenticate LSPs and SNPs in area
49.0002. Set the authentication password to HUAWEI and authentication
om
type to MD5.
.c
After completing this task, run the display isis error command to verify whether the
ei
configuration succeeds. The following uses the display of R5 as an example. The table shows
only key information, while other information is omitted.
aw
[R5]display isis error | include Authentication
hu
Statistics of error packets for ISIS(1)
g.
---------------------------------------
in
LSP packet errors:
rn
During the configuration, note that there are three IS-IS authentication modes that have
different functions.
ht
Default packet of ISIS has 3 formats: IHH、SNP、LSP, among which SNP includes
CSNP and PSNP of Level-1 and Level-2. Domain authentication is used to encrypt Level-2
:
packet ,area authentication is used to encrypt Level-1 packet and interface authentication is
used to encrypt Hello packet.
取
You can also run the following command to verify the results:
获
8. Disable R4 and R5 from sending Hello packets with the padding field to each
other to improve bandwidth usage between them.
资
多
Default Hello packet carries huge number of useless padding field, as shown below:
更
n
/c
om
.c
ei
aw
After completing this task, view detailed information about E1/0/0 on R4 and R5. The
hu
following uses the display of R5 as an example. The table shows only key information, while
other information is omitted.
[R5]display isis interface Ethernet 1/0/0 verbose
g.
in
Interface information for ISIS(1)
rn
---------------------------------
ea
/l
IP Address : 45.1.1.5
料
After completing this task, run the display ip routing-table protocol isis command to
view IS-IS routes. The following uses the display of R6 as an example. The table shows only
key information, while other information is omitted.
[R6]display ip routing-table protocol isis -
n
During the configuration, note that only required network segments can be imported to
/c
the IS-IS Area. Do not import irrelevant network segments. During IS-IS route aggregation, a
om
route to the Null0 interface is not generated by default.
.c
10. Disable R2 and R3 from advertising 4.0.0.0/24 and 4.0.2.0/24 to area 49.0001,
configure ACLs and disable routing policies on R2 and R3. Ensure that R4
ei
and R5 can learn the aggregated network segment 1.0.X.0/24, and disable
aw
routing policies on R4 and R5.
hu
After completing this task, run the display ip routing-table protocol isis command to
view IS-IS routes. The following table shows information of R1 and R4. Only key
g.
information is displayed, while other information is omitted.
in
[R1]display ip routing-table protocol isis
rn
n
/c
12.1.1.0/24 ISIS-L1 15 976 D 24.1.1.2 Serial2/0/1
om
13.1.1.0/24 ISIS-L1 15 986 D 45.1.1.5 Ethernet1/0/0
.c
35.1.1.0/24 ISIS-L1 15 498 D 45.1.1.5 Ethernet1/0/0
ei
This task requires bidirectional route leaking between Level-1 and Level-2 areas. Filter
routes according to the requirement.
aw
11. Disable R6 from adding aggregated routes generated by R1 to the routing
hu
table. Enable R6 to advertise a default route when routing information for
g.
network segment 1.0.X.0/24 exists on R1. in
After completing this task, run the display ip routing-table protocol isis command to
rn
view IS-IS routes. The following uses the display of R6 as an example. The table shows only
key information, while other information is omitted.
ea
Questions
n
In requirement 11, are corresponding LSPs filtered when route filtering is implemented
/c
on R6, and what are the considerations that should be taken for advertising default routes?
Because ISIS and OSPF are Link-state protocol, R6 can’t use filter-policy to filter LSP
om
in inbound direction. The filter-policy will effect in the process of LSP into routing-table, but
can’t deny LSP into LSDB.
.c
When advertising routes under a certain condition, it is required detailed routes and the
summary route to avoid the unknown loop. When the edge device’s routing table contains the
ei
external route to meet route policy, R4 released a default route to ISIS domain, avoid due to
aw
link failures and other reasons caused the equipment to do not exist already some important
external routing, still advertise default route resulting in routing loop. The routing strategy
hu
here does not affect the introduction of external ISIS routing.
g.
Configuration List in
rn
<R1>display current-configuration
ea
#
/l
sysname R1
:/
#
tp
#
取
isis 1
获
is-level level-2
料
cost-style wide
资
多
auto-cost enable
更
network-entity 49.0001.0000.0000.0001.00
is-name R1
interface Serial2/0/0
link-protocol fr
undo fr inarp
n
/c
interface Serial2/0/0.2
om
fr dlci 102
.c
ip address 12.1.1.1 255.255.255.0
ei
fr map ip 12.1.1.2 102 broadcast
aw
isis enable 1
hu
#
interface Serial2/0/0.3
g.
in
fr dlci 103
rn
isis enable 1
tp
#
ht
interface GigabitEthernet0/0/0
:
isis enable 1
获
#
料
interface LoopBack0
资
isis enable 1
更
interface LoopBack10
interface LoopBack11
interface LoopBack12
n
/c
interface LoopBack13
om
ip address 1.0.3.1 255.255.255.0
.c
#
ei
route-policy SUMM permit node 10
aw
if-match ip-prefix SUMM
hu
#
#
ea
/l
#
tp
return
ht
:
<R2>display current-configuration
取
#
获
sysname R2
料
#
资
rule 10 permit
isis 1
cost-style wide
auto-cost enable
network-entity 49.0002.0000.0000.0002.00
is-name R2
n
/c
#
om
interface Serial2/0/0
.c
link-protocol fr
ei
undo fr inarp
aw
#
hu
interface Serial2/0/0.2
fr dlci 201
g.
in
ip address 12.1.1.2 255.255.255.0
rn
isis enable 1
:/
#
tp
interface Serial2/0/1
ht
link-protocol ppp
:
isis enable 1
获
#
料
interface LoopBack0
资
isis enable 1
更
return
<R3>display current-configuration
sysname R3
n
/c
rule 5 deny source 4.0.0.0 0.0.254.255
om
rule 10 permit
.c
#
ei
isis 1
aw
cost-style wide
hu
auto-cost enable
network-entity 49.0002.0000.0000.0003.00
g.
in
is-name R3
rn
#
ht
interface Serial2/0/0
:
link-protocol fr
取
undo fr inarp
获
#
料
interface Serial2/0/0.3
资
fr dlci 301
多
isis enable 1
interface Serial2/0/1
link-protocol ppp
isis enable 1
interface LoopBack0
n
/c
isis enable 1
om
#
.c
ip ip-prefix LEAKSUMM index 10 permit 1.0.0.0 22
ei
#
aw
return
hu
<R4>display current-configuration
g.
in
#
rn
sysname R4
ea
/l
#
:/
isis 1
tp
is-level level-1
ht
cost-style wide
:
auto-cost enable
取
network-entity 49.0002.0000.0000.0004.00
获
is-name R4
料
#
更
interface Ethernet1/0/0
isis enable 1
isis small-hello
interface Serial2/0/1
link-protocol ppp
isis enable 1
n
/c
#
om
interface LoopBack0
.c
ip address 10.4.4.4 255.255.255.255
ei
isis enable 1
aw
#
hu
interface LoopBack10
interface LoopBack11
ea
/l
#
tp
interface LoopBack12
ht
#
取
interface LoopBack13
获
#
资
return
<R5>display current-configuration
sysname R5
isis 1
n
/c
is-level level-1
om
cost-style wide
.c
auto-cost enable
ei
network-entity 49.0002.0000.0000.0005.00
aw
is-name R5
hu
area-authentication-mode md5 plain HUAWEI
interface Ethernet1/0/0
ea
/l
isis enable 1
tp
isis small-hello
:
#
取
interface Serial2/0/1
获
link-protocol ppp
料
isis enable 1
多
#
更
interface LoopBack0
isis enable 1
return
<R6>display current-configuration
sysname R6
n
/c
isis 1
om
cost-style wide
.c
auto-cost enable
ei
network-entity 49.0006.0000.0000.0006.00
aw
is-name R6
hu
filter-policy ip-prefix FILTERR1SUMM import
#
g.
in
interface Ethernet1/0/0
rn
isis enable 1
:/
isis silent
tp
#
ht
interface GigabitEthernet0/0/0
:
isis enable 1
获
#
资
interface LoopBack0
多
isis enable 1
return
n
The Border Gateway Protocol (BGP) is a dynamic routing protocol used between
/c
Autonomous Systems (ASs). Three earlier BGP versions are BGP-1 defined in RFC 1105,
BGP-2 defined in RFC 1163, and BGP-3 defined in RFC 1267, and the currently used BGP
om
version is BGP-4 defined in RFC 4271. As an external routing protocol on the Internet,
BGP-4 is widely used among Internet Service Providers (ISPs).
.c
BGP is an EGP. Different from Interior Gateway Protocols (IGPs) such as Open Shortest
Path First (OSPF) and Routing Information Protocol (RIP), BGP controls route advertisement
ei
and selects optimal routes between ASs rather than discover or calculate routes. BGP uses the
aw
Transport Control Protocol (TCP) with listening port 179 as the transport layer protocol. TCP
ensures high reliability and efficiency when BGP advertises, and improves the capability to
hu
manage, a large number of routes.
BGP supports Classless Inter-Domain Routing (CIDR) and uses triggered incremental
g.
updates, greatly reducing the bandwidth consumed by route propagation. Therefore, BGP can
be used on the Internet to propagate a large amount of routing information. BGP routes carry
in
the AS-Path attribute to prevent routing loops between ASs.
rn
BGP provides rich route attributes and uses these attributes to flexibly filter and control
routes.
ea
BGP supports a variety of protocols, including IPv4, IPv6, multicast, and VPNv4, has
good scalability, and applies to network development.
/l
There are two types of BGP peer relationships: Internal BGP (IBGP) and External BGP
(EBGP). BGP routers with the same AS number are IBGP peers, while BGP routers with
:/
different AS numbers are EBGP peers. BGP peer relationships are established on TCP
tp
Objectives
:
Tasks
更
The following topology shows the network of Company A. Deploy the network
according to the following requirements:
(1) Build the network according to the topology, establish an IBGP peer relationship between R1
and R2 through loopback interfaces, and deploy OSPF. Establish an IBGP peer relationship
between R3 and R4 through physical interfaces, establish an EBGP peer relationship between
R2 and R5 through loopback interfaces using static routes, and establish an EBGP peer
relationship between R1 and R3.
(2) Advertise or import the loopback interface of each device into BGP processes, and enable
loopback interfaces of all the devices to communicate with each other.
2015-8-31 Huawei Confidential Page 62 of 226
RIP Hands-on Exercise Guide Confidentiality Level
(3) Advertise service network segments of R4 and R5 into BGP, and enable these network
segments to communicate normally.
(4) Optimize BGP routing tables on all the devices so that devices only need to maintain routing
entries of service network segments and network segments where loopback interfaces reside.
(5) Summarize two service network segments 192.168.20.0/24 and 192.168.30.0/24, and suppress
the advertisement of specific routes of service network segment 192.168.30.0/24. The service
network segment 192.168.10.0/24 should be advertised.
(6) Summarize two service network segments 172.16.10.0/24 and 172.16.20.0/24 on R3, and
suppress the advertisement of all the specific routes.
(7) Observe communication between service network segments, and solve the sub-optimal route
n
/c
problem on the network.
(8) Configure the Community attribute to prevent AS 200 from receiving the routes to service
om
network segment 192.168.20.0/24.
(9) Assume that service network segment 172.16.10.0/24 is unstable and often interrupted.
.c
Perform the correct configuration to reduce the impact of such interruptions on the entire
network.
ei
(10) Configure authentication between EBGP peers to improve BGP network security.
aw
(11) Change the BGP Keepalive timer to 30 seconds and adjust the BGP Holdtime accordingly on
R2.
hu
Topology
g.
in
rn
ea
/l
:/
tp
ht
:
取
获
料
资
多
IP Address Table
更
Default
Device Interface IP Address Subnet Mask
Gateway
G 0/0/0 10.0.12.1 255.255.255.0 N/A
R1 G 0/0/1 10.0.134.1 255.255.255.0 N/A
Loopback 0 10.0.1.1 255.255.255.255 N/A
R2 G 0/0/0 10.0.25.2 255.255.255.0 N/A
n
G 0/0/0 10.0.25.5 255.255.255.0 N/A
/c
R5
Loopback 0 10.0.5.5 255.255.255.255 N/A
om
.c
Configuration and Verification
ei
1. Build the network according to the topology, establish an IBGP peer
relationship between R1 and R2 through loopback interfaces, and deploy
aw
OSPF. Establish an IBGP peer relationship between R3 and R4 through
hu
physical interfaces, establish an EBGP peer relationship between R2 and R5
through loopback interfaces using static routes, and establish an EBGP peer
g.
relationship between R1 and R3. in
Perform basic configuration according to the address table, and then check the
rn
status. The following uses the display of R1 as an example. Only key information is
displayed, while other information is omitted.
/l
2. Advertise the loopback interface of each device into BGP processes, and
多
enable loopback interfaces of all the devices to communicate with each other.
更
Default BGP compares routers with IGP when advertising routers. To remind, BGP
doesn’t set the route as the best route since default route preference is 255 if there are same
routes.
Perform configuration to ensure that all of the devices have BGP routes to the loopback
interfaces of the devices.
After completing this task, run the display bgp routing-table command to view the
BGP routing table. The following uses the display of R1 as an example. Only key
information is displayed, while other information is omitted.
n
/c
Total Number of Routes: 14
om
Network NextHop MED LocPrf PrefVal Path/Ogn
.c
*> 10.0.1.1/32 0.0.0.0 0 0 i
ei
* i 10.0.2.2 1 100 0 ?
aw
*> 10.0.2.2/32 0.0.0.0 1 0 ?
hu
i 10.0.2.2 0 100 0 i
3. Advertise service network segments of R4 and R5 into BGP, and enable these
:/
After completing this task, run the display bgp routing-table command to view the
BGP routing table. The following uses the display of R5 as an example. Only key
ht
4. Optimize BGP routing tables on all the devices so that devices only need to
maintain routing entries of service network segments and network segments
After completing this task, run the display bgp routing-table command to view the
BGP routing table. The following uses the display of R1 as an example. Only key
information is displayed, while other information is omitted.
<R1>display bgp routing-table
n
Status codes: * - valid, > - best, d - damped,
/c
h - history, i - internal, s - suppressed, S - Stale
om
Origin : i - IGP, e - EGP, ? - incomplete
.c
ei
Total Number of Routes: 11
aw
Network NextHop MED LocPrf PrefVal Path/Ogn
hu
*> 10.0.1.1/32 0.0.0.0 0 0 i
g.
* i 10.0.2.2 1 100
in 0 ?
i 10.0.2.2 0 100 0 i
ea
BGP can use aggregate to filter all the detailed routes which can be released via
suppress-policy. Origin-policy can be used to select and advertise summary route, all of
which can be implanted via aggregate command.
Understand BGP route summarization principles, and configure route summarization
using routing policies according to requirements.
After completing this task, run the display bgp routing-table command to view the
BGP routing table. The following uses the display of R4 as an example. Only key
2015-8-31 Huawei Confidential Page 66 of 226
RIP Hands-on Exercise Guide Confidentiality Level
n
Origin : i - IGP, e - EGP, ? - incomplete
/c
Total Number of Routes: 10
om
Network NextHop MED LocPrf PrefVal Path/Ogn
.c
*>i 192.168.0.0/16 10.0.134.1 100 0 100 300i
ei
*>i 192.168.10.0 10.0.134.1 100 0 100 300i
aw
hu
*>i 192.168.20.0 10.0.134.1 100 0 100 300i
6.
g.
Summarize two service network segments 172.16.10.0/24 and 172.16.20.0/24
in
on R3, and suppress the advertisement of all the specific routes.
rn
After completing this task, run the display bgp routing-table command to view the
BGP routing table. The following uses the display of R5 as an example. Only key
ea
Under a MA and FR environment, BGP will report the real source of the route to its
neighbor if the advertise route and the source route are in the same network.
Since R3 has replaced R4 to aggregate detailed routes, R1 cannot arrive R4 and next hop
must be adjusted to avoid a sub-optimal route.
Check the path along which traffic is transmitted during communication between service
network segments, analyze the physical network topology, and avoid affecting other
requirements during the configuration.
Transfer of route can be limited via set the community, including Internet、No-advertise、
No-export、No-export-subconfed, etc.
After completing this task, run the display bgp routing-table community command to
view the BGP Community attribute. The following uses the display of R1 as an example.
Only key information is displayed, while other information is omitted.
n
<R1>display bgp routing-table community
/c
BGP Local router ID is 10.0.1.1
om
.c
Status codes: * - valid, > - best, d - damped,
ei
h - history, i - internal, s - suppressed, S - Stale
aw
Origin : i - IGP, e - EGP, ? - incomplete
hu
Total Number of Routes: 1
g.
Network NextHop MED LocPrf
in PrefVal Community
Analyze the requirement, add correct configuration, and verify the configuration.
After completing this task, run the display bgp routing-table dampening parameter
ht
command to view the BGP dampening. The following uses the display of R4 as an example.
Only key information is displayed, while other information is omitted.
:
Suppress-Limit : 2000
Route-policy : damp
Configure authentication between two EBGP peers, and set the password to huawei.
After completing this task, run the display bgp peer 10.0.5.5 verbose command to view
the BGP peer. The following uses the display of R2 as an example. Only key information is
2015-8-31 Huawei Confidential Page 68 of 226
RIP Hands-on Exercise Guide Confidentiality Level
n
Update-group ID: 0
/c
BGP current state: Established, Up for 00h08m00s
om
BGP current event: KATimerExpired
.c
BGP last state: OpenConfirm
ei
Authentication type configured: MD5
aw
hu
11. Change the BGP Keepalive timer to 30 seconds and adjust the BGP
g.
Holdtime accordingly on R2. in
Learn about the working principles of BGP timers and know how to adjust the timers.
After completing this task, run the display bgp peer 10.0.2.2 verbose command to view
rn
the BGP peer. The following uses the display of R1 as an example. Only key information is
ea
Update-group ID: 1
取
Questions
If the sub-optimal route is found in requirement 7, how many methods are available to
solve this problem? If no such problem occurs, do you know why?
n
To ensure R3 give priority to aggregate route from R4, R4 must aggregate routes and
/c
restrain detailed routes. Because of the default character of BGP, A true next hop from R3 to
R1 will ensure the generation of a sub-optimal route.
om
R1 can use route-policy to modify the router’s next hop from R3, but output interface
cannot be used since there is only one.
.c
ei
Configuration List
aw
<R1>display current-configuration
hu
#
sysname R1
g.
in
#
rn
#
tp
interface GigabitEthernet0/0/0
ht
#
取
interface GigabitEthernet0/0/1
获
#
资
interface LoopBack0
多
更
bgp 100
router-id 10.0.1.1
ipv4-family unicast
n
/c
undo synchronization
om
network 10.0.1.1 255.255.255.255
.c
import-route ospf 1 route-policy O2B
ei
peer 10.0.2.2 enable
aw
peer 10.0.2.2 next-hop-local
hu
peer 10.0.134.3 enable
area 0.0.0.0
:/
#
:
#
料
return
资
多
<R2>display current-configuration
更
sysname R2
interface GigabitEthernet0/0/0
n
/c
#
om
interface GigabitEthernet0/0/1
.c
ip address 10.0.12.2 255.255.255.0
ei
#
aw
interface LoopBack0
hu
ip address 10.0.2.2 255.255.255.255
#
g.
in
bgp 100
rn
router-id 10.0.2.2
ea
/l
#
资
ipv4-family unicast
多
undo synchronization
更
area 0.0.0.0
n
/c
network 10.0.12.2 0.0.0.0
om
#
.c
route-policy S2B permit node 10
ei
if-match acl 2000
aw
route-policy O2B permit node 10
hu
if-match acl 2001
#
g.
in
ip route-static 10.0.5.5 255.255.255.255 10.0.25.5
rn
#
ea
/l
return
:/
tp
<R3>display current-configuration
ht
#
:
sysname R3
取
#
获
interface GigabitEthernet0/0/1
料
#
多
interface LoopBack0
更
bgp 200
router-id 10.0.3.3
ipv4-family unicast
undo synchronization
n
/c
aggregate 172.16.0.0 255.255.0.0 detail-suppressed
om
network 10.0.3.3 255.255.255.255
.c
peer 10.0.134.1 enable
ei
peer 10.0.134.4 enable
aw
peer 10.0.134.4 next-hop-local
hu
#
return
g.
in
rn
<R4>display current-configuration
ea
/l
#
:/
sysname R4
tp
#
ht
#
获
interface GigabitEthernet0/0/1
料
#
多
interface LoopBack0
更
interface LoopBack1
interface LoopBack2
bgp 200
router-id 10.0.4.4
n
/c
peer 10.0.134.3 as-number 200
om
#
.c
ipv4-family unicast
ei
undo synchronization
aw
dampening route-policy damp
hu
aggregate 172.16.0.0 255.255.0.0 detail-suppressed
#
tp
#
取
return
获
料
<R5>display current-configuration
资
#
多
sysname R5
更
interface GigabitEthernet0/0/0
interface LoopBack0
n
/c
ip address 10.0.5.5 255.255.255.255
om
#
.c
interface LoopBack1
ei
ip address 192.168.10.1 255.255.255.0
aw
#
hu
interface LoopBack2
interface LoopBack3
ea
/l
#
tp
bgp 300
ht
router-id 10.0.5.5
:
#
多
ipv4-family unicast
更
undo synchronization
network 192.168.10.0
network 192.168.20.0
network 192.168.30.0
import-route static
n
/c
#
om
route-policy sup permit node 10
.c
if-match acl 2001
ei
#
aw
route-policy ori deny node 10
hu
if-match acl 2000
#
g.
in
route-policy ori permit node 20
rn
#
ea
/l
#
:
#
获
#
资
return
多
更
Multiple routes to the same destination may exist in a BGP routing table. BGP selects
the optimal route from the multiple routes and sends only the optimal route to peers. To select
the optimal route, BGP compares the BGP attributes of the routes according to BGP route
selection rules. BGP attributes are a set of parameters that describe routes.
2015-8-31 Huawei Confidential Page 77 of 226
RIP Hands-on Exercise Guide Confidentiality Level
n
/c
but it still accepts these attributes and advertises them to other peers. For example,
the Community attribute is an optional transitive attribute.
om
Optional non-transitive attributes: If a BGP router does not recognize this type of
attribute, it ignores these attributes and does not advertise them to other peers. For
.c
example, the MED attribute is an optional non-transitive attribute.
When there are multiple routes to the same destination, BGP compares the following
ei
attributes in sequence to select the optimal route:
Prefers the route with the largest PrefVal value.
aw
Prefers the route with the highest Local_Pref.
hu
Prefers the manually summarized route, automatically summarized route, route
imported using the network command, route imported using the import-route
g.
command, and route learned from peers in sequence.
Prefers the route with the shortest AS-Path.
in
Prefers the route with the lowest origin type. IGP is lower than EGP, and EGP is
lower than Incomplete.
rn
Prefers the route with the lowest MED among the routes from the same AS.
ea
Prefers an EBGP route (the preference of an EBGP route is higher than that of an
IBGP route).
/l
Prefers the route with the lowest IGP metric to the BGP next hop.
Prefers the route with the shortest Cluster_List.
:/
Prefers the route advertised by the router with the smallest router ID.
Prefers the route learned from the peer with the lowest IP address.
tp
The PrefVal attribute is a Huawei proprietary attribute and is valid only on the device
ht
where it is configured. If a route does not have the local preference, BGP calculates its local
preference as the default value of 100. When there are multiple equal-cost routes to the same
:
destination, you can perform load balancing among these routes to load balance traffic.
Equal-cost BGP routes can be generated for traffic load balancing only when the first eight
取
Objectives
料
Tasks
The following topology shows the network of a company. In the topology, R4, R5, R6,
and R7 are routers in the headquarters. R1 and R3 are routers in two different branches. R2 is
a carrier's network device. Different service network segments are defined on R1 and R3.
Network segments 192.168.10.0/24 and 172.16.10.0/24 are used by service A, and network
segments 192.168.20.0/24 and 172.16.20.0/24 are used by service B. Leased lines are
deployed between two branches and the headquarters so that service network segments on
devices in two branches can access each other through the carrier's network device or through
the headquarters' devices over leased lines. Deploy the network according to the following
requirements:
(1) Build the network according to the topology, and establish EBGP peer relationships between
devices in different ASs through directly connected interfaces.
(2) Establish IBGP peer relationships between R4 and R5, between R5 and R7, between R7 and
R6, and between R6 and R4 through loopback interfaces. Deploy OSPF as an IGP.
n
/c
(3) Ensure that all service network segments, and the network segments where loopback
interfaces Loopback 0 of all devices reside, access each other through BGP routes.
om
(4) Enable traffic of service network segment A to be forwarded by the carrier's network device,
and traffic of service network segment B to be forwarded by leased lines, in order to make full
.c
use of network resources.
(5) Make the network administrator periodically check lines. After the link costs of IGPs are
ei
adjusted, all the traffic that passes through the AS of the headquarters is forwarded along the
aw
path R4->R5->R7->R6.
(6) Forward traffic of service network segment B along the path R4->R6, because this network
hu
segment has a high volume of traffic. Ensure that the optimal route selected by BGP is the
same as the actual forwarding path.
g.
(7) Reconstruct the headquarters' network, retain the existing configuration, and add
configuration to disable R5 and R7 from participating in BGP route selection.
in
rn
Topology
ea
/l
:/
tp
ht
:
取
获
料
资
多
更
IP Address Table
Default
Device Interface IP Address Subnet Mask
Gateway
R1 G 0/0/0 10.0.14.1 255.255.255.0 N/A
2015-8-31 Huawei Confidential Page 79 of 226
RIP Hands-on Exercise Guide Confidentiality Level
n
R3 G 0/0/1 10.0.36.3 255.255.255.0 N/A
/c
Loopback 0 10.0.3.3 255.255.255.255 N/A
om
G 0/0/0 10.0.45.4 255.255.255.0 N/A
.c
G 0/0/1 10.0.14.4 255.255.255.0 N/A
R4
ei
G 0/0/2 10.0.46.4 255.255.255.0 N/A
aw
Loopback 0 10.0.4.4 255.255.255.255 N/A
G 0/0/0 10.0.57.5 255.255.255.0 N/A
hu
R5 G 0/0/1 10.0.45.5 255.255.255.0 N/A
Loopback 0 10.0.5.5
g.255.255.255.255 N/A
in
G 0/0/0 10.0.36.6 255.255.255.0 N/A
rn
1. Build the network according to the topology, and establish EBGP peer
获
Perform basic configuration according to the address table, and then check the
establishment of BGP peer relationships.
多
After completing this task, run the display bgp peer command to view BGP peer
information. The following uses the display of R1 as an example. Only key information is
更
2. Establish IBGP peer relationships between R4 and R5, between R5 and R7,
between R7 and R6, and between R6 and R4 through loopback interfaces.
n
Deploy OSPF as an IGP.
/c
Configuration commands are required when peer relationships are established through
om
loopback interfaces.
After completing this task, run the display ospf peer brief command to view OSPF peer
.c
information, run the display bgp peer command to view BGP peer information. The
ei
following uses the display of R4 as an example. Only key information is displayed, while
other information is omitted.
aw
[R4]display ospf peer brief
hu
OSPF Process 1 with Router ID 10.0.4.4
----------------------------------------------------------------------------
ht
:
3. Ensure that all service network segments, and the network segments where
loopback interfaces Loopback 0 of all devices reside, access each other
through BGP routes.
After completing this task, run the display bgp routing-table command to view the
BGP routing table. The following uses the display of R1 as an example. Only key
information is displayed, while other information is omitted.
<R1>display bg routing-table
n
h - history, i - internal, s - suppressed, S - Stale
/c
Origin : i - IGP, e - EGP, ? - incomplete
om
Total Number of Routes: 14
.c
Network NextHop MED LocPrf PrefVal Path/Ogn
ei
aw
*> 10.0.1.1/32 0.0.0.0 0 0 i
hu
*> 10.0.2.2/32 10.0.12.2 0 0 200i
g.
*> 10.0.3.3/32 10.0.12.2 in 0 200 300i
Understand the AS-Path attribute principles and modify the attribute accordingly.
After completing this task, run the display bgp routing-table command to view the
BGP routing table. The following uses the display of R1 as an example. Only key
information is displayed, while other information is omitted.
<R1>display bgp routing-table
n
/c
Network NextHop MED LocPrf PrefVal Path/Ogn
om
*> 172.16.10.0/24 10.0.12.2 0 200 300i
.c
* 10.0.14.4 0 400 300i
ei
*> 172.16.20.0/24 10.0.14.4 0 400 300i
aw
* 10.0.12.2 0 200 200 200 300i
hu
<R1>tracert -a 192.168.10.1 172.16.10.1
g.
in
traceroute to 172.16.10.1(172.16.10.1), max hops: 30 ,packet length: 40,press
rn
CTRL_C to break
ea
/l
1 10.0.12.2 90 ms 50 ms 50 ms
:/
2 10.0.23.3 120 ms 60 ms 50 ms
tp
ht
CTRL_C to break
获
1 10.0.14.4 40 ms 30 ms 50 ms
料
2 10.0.46.6 60 ms 80 ms 60 ms
资
MED is used to control the channel of inbound traffic from external AS, compare of
更
MED is limited in only one AS by default, but it can be modified to compare among
different AS. The less MED is, the better. BGP can modify the value of MED.
Understand the MED attribute principles, learn how to configure the attribute, and
modify the attribute accordingly.
After completing this task, run the display bgp routing-table command to view the
BGP routing table. The following uses the display of R3 as an example. Only key
information is displayed, while other information is omitted.
<R3>display bgp routing-table
n
/c
Network NextHop MED LocPrf PrefVal Path/Ogn
om
*> 192.168.10.0 10.0.23.2 0 200 100i
.c
* 10.0.36.6 0 400 100i
ei
*> 192.168.20.0 10.0.36.6 0 400 100i
aw
* 10.0.23.2 200 0 200 100i
hu
<R3>tracert -a 172.16.10.1 192.168.10.1
g.
in
traceroute to 192.168.10.1(192.168.10.1), max hops: 30 ,packet length: 40,press
rn
CTRL_C to break
ea
/l
1 10.0.23.2 10 ms 40 ms 40 ms
:/
2 10.0.12.1 70 ms 60 ms 40 ms
tp
ht
CTRL_C to break
获
1 10.0.36.6 10 ms 50 ms 30 ms
料
2 10.0.46.4 80 ms 60 ms 80 ms
资
3 10.0.14.1 110 ms 80 ms 70 ms
多
更
5. Make the network administrator periodically check lines. After the link costs
of IGPs are adjusted, all the traffic that passes through the AS of the
headquarters is forwarded along the path R4->R5->R7->R6.
Based on the principle of split-horizon among IBGP neighbors, R5 has no access to the
service network segment 172.16.20.0, R7 has no access to the service network segment
192.168.20.0. We can import BGP routes into OSPF so that R5 and R7 can get access under
IGP.
When OSPF imports BGP as external route, the other OSPF routers will choose the
nearest ASBR by default, during which path can be modified by cost of interface, which is
2015-8-31 Huawei Confidential Page 84 of 226
RIP Hands-on Exercise Guide Confidentiality Level
one by default.
After completing this task, run the display ip routing-table command to view
routing-table information. The following uses the display of R4 and R6 as an example. Only
key information is displayed, while other information is omitted.
[R4]display ip routing-table
-----------------------------------------------------------------------------
n
/c
-
om
Routing Tables: Public
.c
Destinations : 21 Routes : 22
ei
Destination/Mask Proto Pre Cost Flags NextHop Interface
aw
172.16.10.0/24 IBGP 255 0 RD 10.0.6.6
hu
GigabitEthernet0/0/2
Routing Tables
ht
Interfaces
Routing Tables
n
/c
Routing for ASEs
om
Destination Cost Type Tag NextHop AdvRouter
.c
192.168.20.0/24 1 Type2 1 10.0.67.7 10.0.4.4
ei
aw
<R1>tracert -a 192.168.20.1 172.16.20.1
hu
traceroute to 172.16.20.1(172.16.20.1), max hops: 30 ,packet length: 40,press
CTRL_C to break
g.
in
1 10.0.14.4 30 ms 30 ms 30 ms
rn
2 10.0.45.5 80 ms 70 ms 40 ms
ea
/l
because this network segment has a high volume of traffic. Ensure that the
取
optimal route selected by BGP is the same as the actual forwarding path.
获
IBGP cannot transfer route because of the principle of split-horizon, so we need to use
full mesh topology or router-reflector to realize.
料
Since the default route preference of BGP is 255 and OSPF is 150, we must decrease the
BGP’s route preference to choose path.
资
Understand BGP route selection rules and route-reflectors, analyze the routing table, and
多
BGP routing table. The following uses the display of R6 and R4as an example. Only key
information is displayed, while other information is omitted.
[R4]display bgp routing-table
n
/c
* 10.0.14.1 0 100 200 300i
om
*>i 172.16.20.0/24 10.0.46.6 0 100 0 300i
.c
* i 10.0.6.6 0 100 0 300i
ei
*> 192.168.10.0 10.0.14.1 0 0 100i
aw
*> 192.168.20.0 10.0.14.1 0 0 100i
hu
[R4]display ip routing-table
g.
in
Route Flags: R - relay, D - download to fib
rn
-----------------------------------------------------------------------------
ea
/l
-
:/
Destinations : 21 Routes : 21
ht
n
/c
om
[R6-ospf-1]display ip routing-table
.c
Route Flags: R - relay, D - download to fib
ei
-----------------------------------------------------------------------------
aw
-
hu
Routing Tables: Public
Destinations : 21 Routes : 21
g.
in
Destination/Mask Proto Pre Cost Flags NextHop Interface
rn
GigabitEthernet0/0/2
:/
tp
CTRL_C to break
取
1 10.0.14.4 30 ms 50 ms 60 ms
获
2 10.0.46.6 30 ms 80 ms 90 ms
料
3 10.0.36.3 100 ms 70 ms 70 ms
资
多
selection.
BGP can use the command peer ignore to suspend the neighbor relationship with other
BGP routers.
BGP establishes neighbors with three-hands mechanism, one side has to initiate TCP
connection. Otherwise, TCP connection will fail.
Peer listen-only command is passive to TCP connection, so both sides must be enabled
at the same time.
After completing this task, run the display bgp peer command on R4 and R6 to view
BGP peer information. Only key information is displayed, while other information is omitted.
2015-8-31 Huawei Confidential Page 88 of 226
RIP Hands-on Exercise Guide Confidentiality Level
n
/c
10.0.5.5 4 400 0 0 0 00:59:43 Idle(Admin) 0
om
10.0.6.6 4 400 65 69 0 00:53:18 Established 6
.c
10.0.14.1 4 100 253 206 0 03:00:59 Established 6
ei
aw
<R6>display bgp peer
hu
BGP local router ID : 10.0.6.6
Questions
:
取
Why BGP routes to service network segments on the devices in AS 400 have two
routing entries with the same next hop?
获
Since R5 and R7 in AS400 are both router reflector, they don’t modify the next hop adds
when reflecting routers, that is, the router is all the same.
料
Are there multiple methods to meet requirement 6 and which method is the best one?
Imported from BGP to OSPF can be cancelled, after which BGP will have no need to
资
modify the router preference, and only the next hop adds is needed to modified, so that the
suboptimal route can b avoided. Comparatively, Cancelling importing BGP to OSPF is better.
多
What problems occur on the network after requirement 7 is met and why do these
更
problems occur?
When R5 and R7 are not involved in election, Business B must transfer traffic via
AS200 other than AS200 if the connection between R4 and R6 is broken down.
Configuration List
<R1>display current-configuration
sysname R1
interface GigabitEthernet0/0/0
n
/c
interface GigabitEthernet0/0/1
om
ip address 10.0.12.1 255.255.255.0
.c
#
ei
interface LoopBack0
aw
ip address 10.0.1.1 255.255.255.255
hu
#
interface LoopBack1
g.
in
ip address 192.168.10.1 255.255.255.0
rn
#
ea
/l
interface LoopBack2
:/
#
ht
bgp 100
:
router-id 10.0.1.1
取
#
资
ipv4-family unicast
多
undo synchronization
更
network 192.168.10.0
network 192.168.20.0
return
<R2>display current-configuration
n
/c
sysname R2
om
#
.c
acl number 2000
ei
rule 5 permit source 172.16.20.0 0.0.0.255
aw
acl number 2001
hu
rule 5 permit source 192.168.20.0 0.0.0.255
#
g.
in
interface GigabitEthernet0/0/0
rn
#
:/
interface GigabitEthernet0/0/1
tp
#
:
interface LoopBack0
取
#
料
bgp 200
资
router-id 10.0.2.2
多
ipv4-family unicast
undo synchronization
n
/c
peer 10.0.23.3 route-policy MED export
om
#
.c
route-policy AS permit node 10
ei
if-match acl 2000
aw
apply as-path 200 200 additive
hu
#
#
ht
#
取
return
获
料
<R3>display current-configuration
资
#
多
sysname R3
更
interface GigabitEthernet0/0/0
interface GigabitEthernet0/0/1
interface LoopBack0
n
/c
interface LoopBack1
om
ip address 172.16.10.1 255.255.255.0
.c
#
ei
interface LoopBack2
aw
ip address 172.16.20.1 255.255.255.0
hu
#
bgp 300
g.
in
router-id 10.0.3.3
rn
#
tp
ipv4-family unicast
ht
undo synchronization
:
compare-different-as-med
取
return
<R4>display current-configuration
sysname R4
n
/c
rule 5 permit source 192.168.20.0 0.0.0.255
om
#
.c
interface GigabitEthernet0/0/0
ei
ip address 10.0.45.4 255.255.255.0
aw
#
hu
interface GigabitEthernet0/0/1
interface GigabitEthernet0/0/2
ea
/l
#
ht
interface LoopBack0
:
#
获
bgp 400
料
router-id 10.0.4.4
资
ipv4-family unicast
undo synchronization
n
/c
peer 10.0.5.5 enable
om
peer 10.0.5.5 next-hop-local
.c
peer 10.0.6.6 enable
ei
peer 10.0.6.6 route-policy local export
aw
peer 10.0.6.6 next-hop-local
hu
peer 10.0.14.1 enable
#
g.
in
ospf 1 router-id 10.0.4.4
rn
area 0.0.0.0
:/
#
取
#
资
return
<R5>display current-configuration
n
/c
#
om
sysname R5
.c
#
ei
interface GigabitEthernet0/0/0
aw
ip address 10.0.57.5 255.255.255.0
hu
#
interface GigabitEthernet0/0/1
g.
in
ip address 10.0.45.5 255.255.255.0
rn
#
ea
/l
interface LoopBack0
:/
#
ht
bgp 400
:
router-id 10.0.5.5
取
#
更
ipv4-family unicast
undo synchronization
reflector cluster-id 1
n
/c
area 0.0.0.0
om
network 10.0.5.5 0.0.0.0
.c
network 10.0.45.5 0.0.0.0
ei
network 10.0.57.5 0.0.0.0
aw
#
hu
return
g.
in
<R6>display current-configuration
rn
#
ea
/l
sysname R6
:/
#
tp
#
料
interface GigabitEthernet0/0/0
资
#
更
interface GigabitEthernet0/0/1
interface GigabitEthernet0/0/2
interface LoopBack0
n
/c
bgp 400
om
router-id 10.0.6.6
.c
peer 10.0.4.4 as-number 400
ei
peer 10.0.4.4 connect-interface LoopBack0
aw
peer 10.0.7.7 as-number 400
hu
peer 10.0.7.7 connect-interface LoopBack0
#
ea
/l
ipv4-family unicast
:/
undo synchronization
tp
area 0.0.0.0
n
/c
if-match acl 2000
om
#
.c
route-policy B2O permit node 10
ei
if-match acl 2001
aw
#
hu
route-policy local permit node 10
#
ea
/l
#
tp
return
ht
:
<R7>display current-configuration
取
#
获
sysname R7
料
#
资
interface GigabitEthernet0/0/0
interface GigabitEthernet0/0/1
interface LoopBack0
n
/c
bgp 400
om
router-id 10.0.7.7
.c
peer 10.0.5.5 as-number 400
ei
peer 10.0.5.5 connect-interface LoopBack0
aw
peer 10.0.6.6 as-number 400
hu
peer 10.0.6.6 connect-interface LoopBack0
ipv4-family unicast
ea
/l
undo synchronization
:/
reflector cluster-id 2
tp
reflect change-path-attribute
ht
#
更
area 0.0.0.0
n
/c
route-policy next permit node 20
om
#
.c
return
ei
aw
Chapter 6 Route Import and Control Hands-on Exercise
hu
Guide
Overview
g.
in
rn
You can configure route importing to enable protocols to exchange routing information.
Due to ever changing network environments, design defects, or misoperations, routing loops
ea
may occur and sub-optimal routes may be generated. In this situation, network resources are
wasted, and communication failures may even occur. To prevent these problems, add some
/l
matching conditions during route importing and use route policies for route control.
Route policies use different matching conditions and matching modes to select routes
:/
and change route attributes. A route policy may consist of multiple nodes. Each node has the
tp
permit or deny action. A route policy can reference other route selection tools such as ACL
and IP prefix list.
ht
Objectives
:
取
Tasks
The topology shows the network of a company. OSPF runs in the company's
headquarters, and IS-IS runs in the company's branch. The headquarters and branch have
some service network segments. Network segments 172.16.1.0/24, 172.16.3.0/24,
192.168.1.0/24, and 192.168.3.0/24 are service A network segments, and network segments
172.16.2.0/24, 172.16.4.0/24, 192.168.2.0/24, and 192.168.43.0/24 are service B network
segments. Deploy the network according to the following requirements:
(1) Build an OSPF network for the headquarters and an IS-IS network for the branch according to
the topology. Minimize the number of routing entries to be maintained by the devices in OSPF
2015-8-31 Huawei Confidential Page 101 of 226
RIP Hands-on Exercise Guide Confidentiality Level
Area 1.
(2) Import IS-IS routes on R1 into OSPF, and import OSPF routes on R2 into IS-IS. Perform
correct commissioning to ensure that service network segments communicate normally.
(3) Deploy bidirectional route importing on R1 and R2 to prevent single-point failures between
the headquarters and branch from resulting in network disconnection. Perform correct
commissioning to ensure that service network segments communicate normally.
(4) Implement load balancing on traffic between the headquarters and branch to ensure that traffic
of service A is forwarded through R1, and traffic of service B is forwarded through R2.
(5) Forward traffic of service A and traffic of service B in OSPF Area 1 of the headquarters using
different links to implement load balancing. Do not use any route policy.
n
/c
Topology
om
.c
ei
aw
hu
g.
in
rn
ea
/l
:/
tp
IP Address Table
ht
Default
Device Interface IP Address Subnet Mask
:
Gateway
取
n
/c
1. Build an OSPF network for the headquarters and an IS-IS network for the
om
branch according to the topology. Minimize the number of routing entries to
be maintained by the devices in OSPF Area 1.
.c
ei
Perform basic configuration according to the IP address table, and then check the
establishment of OSPF and IS-IS neighbor relationships.
aw
<R1>display ospf peer
hu
OSPF Process 1 with Router ID 10.0.1.1
Neighbors
g.
in
Area 0.0.0.0 interface 10.0.14.1(GigabitEthernet0/0/1)'s neighbors
rn
Authentication Sequence: [ 0 ]
获
料
-------------------------------------------------------------------------
Total Peer(s): 2
2. Import IS-IS routes on R1 into OSPF, and import OSPF routes on R2 into
IS-IS. Perform correct commissioning to ensure that service network
segments communicate normally.
Note: ISIS need wide metric to carry tag with route. Pay attention to the external ospf
route imported by R5.
After configuration, we can see that R1 has imported the ISIS route by check the LSDB
on R4 ; also we can see R2 has imported the OSPF route .
<R4>display ospf lsdb
n
/c
OSPF Process 1 with Router ID 10.0.4.4
om
AS External Database
.c
Type LinkState ID AdvRouter Age Len Sequence Metric
ei
External 172.16.4.0 10.0.4.4 1558 36 80000001 1
aw
External 172.16.2.0 10.0.4.4 1558 36 80000001 1
hu
g.
External 172.16.3.0 10.0.4.4 1558 36 80000001 1
in
External 172.16.1.0 10.0.4.4 1558 36 80000001 1
rn
……
ht
:
……
SOURCE 0000.0000.0002.00
…….
n
/c
+IP-Extended 172.16.2.0 255.255.255.0 COST: 0 Tag: 200
om
+IP-Extended 172.16.3.0 255.255.255.0 COST: 0 Tag: 200
.c
+IP-Extended 172.16.4.0 255.255.255.0 COST: 0 Tag: 200
ei
Total LSP(s): 1
aw
*(In TLV)-Leaking Route, *(By LSPID)-Self LSP, +-Self LSP(Extended),
hu
ATT-Attached, P-Partition, OL-Overload
3.
g.
Deploy bidirectional route importing on R1 and R2 to prevent single-point
in
failures between the headquarters and branch from resulting in network
disconnection. Perform correct commissioning to ensure that service
rn
<R3>display ip routing-table
取
……
<R4>display ip routing-table
……
n
/c
headquarters using different links to implement load balancing. Do not use
any route policy.
om
Note: Use policy route. In this requirement we need to use interface policy route.
.c
<R4>display traffic policy user-defined
ei
User Defined Traffic Policy Information:
aw
Policy: loadbalance
hu
g.
Classifier: serviceA
in
Operator: OR
rn
Behavior: SAbeh
ea
Redirect:
/l
Classifier: serviceB
tp
Operator: OR
ht
Behavior: SBbeh
:
Redirect:
取
Policy: loadbalance
Classifier: serviceA
Operator: OR
Behavior: SAbeh
Redirect:
Classifier: serviceB
Operator: OR
Behavior: SBbeh
Redirect:
n
/c
Redirect ip-nexthop 10.0.54.4
om
Questions
.c
Which problems will occur on the network after requirement 2 is met and how many
ei
methods are available to solve the problems?
aw
Which problems will occur on the network after requirement 3 is met? Why do these
problems occur? What are the differences between the problems in requirement 2 and
hu
requirement 3?
How many methods are available to meet requirement 4 and how to select a correct
g.
method?
What problem occurs on the network after requirement 5 is met and why do these
in
problems occur?
rn
Configuration List
ea
/l
<R1>display current-configuration
:/
#
tp
sysname R1
ht
#
:
router id 10.0.1.1
取
#
获
isis 1
cost-style wide
network-entity 10.0000.0000.0001.00
n
/c
#
om
interface GigabitEthernet0/0/0
.c
ip address 10.0.13.1 255.255.255.0
ei
isis enable 1
aw
#
hu
interface GigabitEthernet0/0/1
interface LoopBack0
ea
/l
#
tp
ospf 1
ht
area 0.0.0.0
获
#
多
n
/c
apply tag 100
om
#
.c
route-policy ISIS-TO-OSPF permit node 40
ei
apply tag 100
aw
#
hu
route-policy OSPF-TO-ISIS deny node 10
#
:
#
多
if-match tag 55
apply preference 12
return
<R2>display current-configuration
n
/c
sysname R2
om
#
.c
acl number 2000
ei
rule 10 permit source 172.16.1.0 0.0.2.0
aw
acl number 2001
hu
rule 10 permit source 172.16.0.0 0.0.6.0
#
tp
isis 1
ht
cost-style wide
:
network-entity 10.0000.0000.0002.00
取
#
料
interface GigabitEthernet0/0/0
资
isis enable 1
更
interface GigabitEthernet0/0/1
interface LoopBack0
ospf 1
n
/c
area 0.0.0.0
om
network 10.0.2.2 0.0.0.0
.c
network 10.0.24.0 0.0.0.255
ei
#
aw
route-policy OSPF-TO-ISIS deny node 10
hu
if-match tag 100
#
g.
in
route-policy OSPF-TO-ISIS permit node 20
rn
#
ht
#
资
n
/c
if-match acl 2011
om
apply cost 100
.c
apply tag 400
ei
#
aw
route-policy ISIS-TO-OSPF permit node 40
hu
apply tag 400
#
g.
in
route-policy OSPF-PREFERENCE permit node 10
rn
if-match tag 55
ea
/l
apply preference 12
:/
return
tp
ht
<R3>display current-configuration
:
#
取
sysname R3
获
#
料
isis 1
资
cost-style wide
多
network-entity 10.0000.0000.0003.00
更
interface GigabitEthernet0/0/0
isis enable 1
interface GigabitEthernet0/0/1
isis enable 1
n
/c
interface GigabitEthernet0/0/2
om
ip address 192.168.1.1 255.255.255.0
.c
ip address 192.168.2.1 255.255.255.0 sub
ei
ip address 192.168.3.1 255.255.255.0 sub
aw
ip address 192.168.4.1 255.255.255.0 sub
hu
#
interface LoopBack0
g.
in
ip address 10.0.3.3 255.255.255.255
rn
isis enable 1
ea
/l
#
:/
#
:
return
取
获
<R4>display current-configuration
料
#
资
sysname R4
多
#
更
n
/c
traffic behavior SAbeh
om
redirect ip-nexthop 10.0.45.5
.c
traffic behavior SBbeh
ei
redirect ip-nexthop 10.0.54.5
aw
#
hu
traffic policy loadbalance
#
ea
/l
interface Serial1/0/0
:/
link-protocol ppp
tp
#
:
interface Serial1/0/1
取
link-protocol ppp
获
#
资
interface GigabitEthernet0/0/0
多
interface GigabitEthernet0/0/1
interface LoopBack0
ospf 1
n
/c
area 0.0.0.0
om
network 10.0.4.4 0.0.0.0
.c
network 10.0.14.0 0.0.0.255
ei
network 10.0.24.0 0.0.0.255
aw
area 0.0.0.1
hu
network 10.0.45.0 0.0.0.255
#
ea
/l
return
:/
tp
<R5>display current-configuration
ht
#
:
sysname R5
取
#
获
n
/c
#
om
traffic policy loadbalance
.c
classifier serviceA behavior SAbeh
ei
classifier serviceB behavior SBbeh
aw
#
hu
interface Serial1/0/0
link-protocol ppp
g.
in
ip address 10.0.45.5 255.255.255.0
rn
#
ea
/l
interface Serial1/0/1
:/
link-protocol ppp
tp
#
:
interface GigabitEthernet0/0/2
取
interface LoopBack0
ospf 1
area 0.0.0.1
n
/c
nssa no-summary
om
#
.c
route-policy dirin permit node 10
ei
if-match interface GigabitEthernet0/0/2
aw
apply tag 55
hu
#
return
g.
in
rn
Overview
:/
The Virtual Local Area Network (VLAN) technology divides a physical LAN into
tp
multiple broadcast domains (VLANs). Hosts within a VLAN can communicate with each
other, whereas hosts in different VLANs cannot communicate with each other. As a result,
ht
and policies. Different VLAN packets are encapsulated using 802.1Q, differentiated based on
取
Objectives
料
资
Tasks
The following topology shows the network of company A. Deploy the network
according to the following requirements:
(1) Create VLANs 12, 13, 24, 112, 103, 212, 312, 334, 305, 401, and 402 on SW1, SW2,
SW3, and SW4.
(2) Add E0/0/1 and E0/0/2 on SW1 to VLAN 112 and E0/0/3 to VLAN 103.
2015-8-31 Huawei Confidential Page 117 of 226
RIP Hands-on Exercise Guide Confidentiality Level
n
(7) On SW2, implement Layer 2 isolation and Layer 3 connectivity between PC21 and
/c
PC22 in VLAN 212. Create VLAN 212 and assign the IP address of 2.0.0.254/24 to
VLANIF 212.
om
(8) On SW3, enable devices in VLAN 312 and VLAN 334 to communicate with devices in
VLAN 305. Enable isolation between VLAN 312 and VLAN 334, and prevent PC33
.c
and PC34 in VLAN 334 from communicating with one another.
(9) On SW4, implement communication between VLAN 401 and VLAN 402. Assign IP
ei
addresses of 4.1.1.254/24 and 4.2.2.254/24 to VLANIF 401 and VLANIF 402.
aw
(10) Enable PCs in VLAN 312, VLAN 334, and VLAN 305 to exchange information with
VLANIF 305 on SW4.
hu
(11) Create VLANIF interfaces according to the network topology. Configure interface
attributes, and configure interfaces to allow VLANs 12, 13, 24, 112, 103, 212, 312, 334,
g.
305, 、401 and 402. in
(12) Run RIPv2 and disable RIP summarization on SW1, SW2, SW3, and SW4. Enable SW1
to advertise routes of VLANIF 12, VLANIF 13, and VLANIF 104 to RIPv2. Enable
rn
SW2 to advertise routes of VLANIF 12, VLANIF 24, and VLANIF 202 to RIPv2.
Enable SW3 to advertise routes of VLANIF 13 to RIP, and enable SW4 to advertise
ea
routes of VLANIF 24, VLANIF 305, VLANIF 401, and VLANIF 402 to RIPv2.
Implement communication between the different network segments.
/l
:/
tp
ht
:
取
获
料
资
多
更
Topology
n
/c
om
.c
ei
aw
hu
g.
in
rn
ea
/l
IP Address Table
:/
tp
Default
Device Interface IP Address Subnet Mask
Gateway
ht
n
PC35 E0/0/1 3.0.0.5 255.255.255.0 N/A
/c
PC41 E0/0/1 4.1.1.1 255.255.255.0 4.1.1.254
om
PC42 E0/0/1 4.2.2.2 255.255.255.0 4.2.2.254
.c
Configuration and Verification
ei
aw
1. Create VLANs 12, 13, 24, 112, 103, 212, 312, 334, 305, 、401 and 402 on SW1,
hu
SW2, SW3, and SW4.
g.
Configure VLANs and run the display vlan summary command to check the summary
of VLANs. The display on SW1 is used as an example. (The following table lists only key
in
information, and as such some information is omitted.)
rn
static vlan:
/l
401 to 402
ht
dynamic vlan:
:
reserved vlan:
料
2. Add E0/0/1 and E0/0/2 on SW1 to VLAN 112 and E0/0/3 to VLAN 103.
更
After this operation is performed, run the display vlan command to check information
about interfaces in VLANs. The display on SW1 is used as an example. (The following table
lists only key information, and as such some information is omitted.)
[SW1]display vlan
--------------------------------------------------------------------------------
n
/c
GE0/0/1(D) GE0/0/2(D)
om
12 common
.c
13 common
ei
24 common
aw
103 common UT:Eth0/0/3(U)
hu
112 common UT:Eth0/0/1(U) Eth0/0/2(U)
g.
To meet the requirements, use interface-based VLAN assignment.
in
Run the display vlan vlan id command to verify the result.
rn
After this operation is performed, run the display vlan command to check information
/l
--------------------------------------------------------------------------------
:
GE0/0/1(D) GE0/0/2(D)
更
12 common
13 common
24 common
103 common
112 common
4. Add E0/0/1 and E0/0/2 on SW3 to VLAN 312, E0/0/3 and E0/0/4 to VLAN
334, and E0/0/5 to VLAN 305.
After this operation is performed, run the display vlan command to check information
about VLAN assignment. The display on SW3 is used as an example.
n
[SW3]display vlan
/c
The total number of vlans is : 12
om
.c
--------------------------------------------------------------------------------
ei
U: Up; D: Down; TG: Tagged; UT: Untagged;
aw
MP: Vlan-mapping; ST: Vlan-stacking;
hu
#: ProtocolTransparent-vlan; *: Management-vlan;
g.
--------------------------------------------------------------------------------
in
VID Type Ports
rn
--------------------------------------------------------------------------------
ea
12 common
获
13 common
料
24 common
资
103 common
多
112 common
更
212 common
address of 4.1.1.1 to VLAN 401, and PC42 with the MAC address of
5489-98CF-E17D and IP address of 4.2.2.2 to VLAN 402.
After this operation is performed, run the display policy-vlan all command on SW4 to
check the current policy-based VLAN assignment.
[SW4]display policy-vlan all
------------------------------------------------------------------------
n
MacAddress IPAddress Port Vlan Priority
/c
------------------------------------------------------------------------
om
.c
5489-98cf-447f 4.1.1.1 NA 401 0
ei
5489-98cf-e17d 4.2.2.2 NA 402 0
aw
------------------------------------------------------------------------
hu
VLANs can be assigned based on ports, MAC addresses, IP subnets, network protocols,
and policies. Determine the VLAN assignment mode according to the requirements. During
g.
VLAN assignment, pay attention to interface attributes.
Run the display vlan command to verify the result.
in
6. On SW1, implement Layer 2 isolation and Layer 3 forwarding between
rn
VLAN 112 and VLAN 103. Create VLAN 104 and assign the IP address of
ea
Note:when we want to forward packet between two separated different vlans, inter-vlan
:/
[SW1]display sub-vlan
:
VLAN ID Super-vlan
取
--------------------------------------------------------------------------------
获
103 104
料
112 104
资
多
[SW1]display super-vlan
更
VLAN ID Sub-vlan
--------------------------------------------------------------------------------
After the configuration is complete, perform connectivity test for VLAN 112 and VLAN
103.
PC21 and PC22 in VLAN 212. Create VLAN 212 and assign the IP address
of 2.0.0.254/24 to VLANIF 212.
Note:when we want to forward packet between two separated ports inside one vlan,
inner-vlan arp-proxy need to be enabled.
After this operation is performed, run the display port-isolate command to verify the
configuration.
[SW2]display port-isolate group all
n
The ports in isolate group 1:
/c
om
Ethernet0/0/1 Ethernet0/0/2
.c
this operation is performed, check whether PC21 can communicate with PC22.
ei
8. On SW3, enable devices in VLAN 312 and VLAN 334 to communicate with
aw
devices in VLAN 305. Enable isolation between VLAN 312 and VLAN 334,
implement communication between PC31 and PC32 in VLAN 312, and
hu
prevent PC33 and PC34 in VLAN 334 from communicating with one
g.
another. in
After this operation is performed, check the results on SW4.
rn
[SW3]display mux-vlan
ea
-----------------------------------------------------------------------------
:/
-----------------------------------------------------------------------------
取
VLANIF 402.
多
Note: for a PC to send packet to a destination out of the same network, the gateway
更
5 packet(s) transmitted
n
/c
5 packet(s) received
om
0.00% packet loss
.c
round-trip min/avg/max = 16/22/31 ms
ei
You can use the router-on-a-stick and VLANIF interface to implement communication
between VLANs.
aw
10. Enable PCs in VLAN 312, VLAN 334, and VLAN 305 to exchange
hu
information with VLANIF 305 on SW4.
g.
After this operation is performed, run the ping command to check connectivity between
in
VLANs.
rn
[PC31]ping 3.0.0.254
ea
5 packet(s) transmitted
资
5 packet(s) received
多
as an example. (The following table lists only key information, and as such some information
is omitted.)
[SW1]display vlan
--------------------------------------------------------------------------------
n
/c
MP: Vlan-mapping; ST: Vlan-stacking;
om
#: ProtocolTransparent-vlan; *: Management-vlan;
.c
--------------------------------------------------------------------------------
ei
VID Type Ports
aw
--------------------------------------------------------------------------------
hu
1 common UT:Eth0/0/4(D) Eth0/0/5(D) Eth0/0/6(D) Eth0/0/7(D)
Eth0/0/8(D) Eth0/0/9(D)
g.
Eth0/0/10(U) Eth0/0/11(U)
in
Eth0/0/12(D) Eth0/0/13(D) Eth0/0/14(D) Eth0/0/15(D)
rn
GE0/0/2(D)
tp
TG:Eth0/0/10(U) Eth0/0/11(U)
料
104 super
资
TG:Eth0/0/10(U) Eth0/0/11(U)
n
/c
Vlanif12 12.1.1.1/24 up up
om
Vlanif13 13.1.1.1/24 up up
.c
Vlanif104 1.0.0.254/24 up up
ei
12. Run RIPv2 and disable RIP summarization on SW1, SW2, SW3, and SW4.
aw
Enable SW1 to advertise routes of VLANIF 12, VLANIF 13, and VLANIF
hu
104 to RIPv2. Enable SW2 to advertise routes of VLANIF 12, VLANIF 24,
and VLANIF 202 to RIPv2. Enable SW3 to advertise routes of VLANIF 13 to
g.
RIP, and enable SW4 to advertise routes of VLANIF 24, VLANIF 305,
in
VLANIF 401, and VLANIF 402 to RIPv2. Implement communication of
different network segments.
rn
After this operation is performed, run the display ip routing-table command to check
ea
information about routes. The display on SW1 is used as an example. (The following table
/l
lists only key information, and as such some information is omitted.) Once verified, perform
the ping operation.
:/
[SW1]display ip routing-table
tp
[PC11]ping 3.0.0.2
n
/c
--- 3.0.0.2 ping statistics ---
om
5 packet(s) transmitted
.c
5 packet(s) received
ei
0.00% packet loss
aw
round-trip min/avg/max = 94/118/140 ms
hu
g.
Questions in
Can multiple MAC addresses and IP addresses be associated with one VLAN for
requirement 5?
rn
For requirement 10, why is VLANIF 305 on SW4 used as the gateway? Can an IP
address be configured in the MUX VLAN?
ea
/l
Configuration List
:/
<SW1>display current-configuration
tp
#
ht
sysname SW1
:
取
#
获
vlan batch 12 to 13 24 103 to 104 112 212 305 312 334 401 to 402
料
#
资
vlan 104
多
aggregate-vlan
更
interface Vlanif12
interface Vlanif13
interface Vlanif104
n
/c
arp-proxy inter-sub-vlan-proxy enable
om
#
.c
interface Ethernet0/0/1
ei
port link-type access
aw
port default vlan 112
hu
#
interface Ethernet0/0/2
g.
in
port link-type access
rn
#
:/
interface Ethernet0/0/3
tp
#
取
interface Ethernet0/0/10
获
port trunk allow-pass vlan 12 to 13 24 103 112 212 305 312 334 401 to 402
资
#
多
interface Ethernet0/0/11
更
port trunk allow-pass vlan 12 to 13 24 103 112 212 305 312 334 401 to 402
rip 1
undo summary
version 2
network 12.0.0.0
network 13.0.0.0
network 1.0.0.0
n
/c
return
om
.c
<SW2>display current-configuration
ei
#
aw
sysname SW2
hu
#
g.
vlan batch 12 to 13 24 103 112 212 305 312 334 401 to 402
in
#
rn
interface Vlanif12
ea
/l
#
tp
interface Vlanif24
ht
#
取
interface Vlanif212
获
#
多
interface Ethernet0/0/1
更
interface Ethernet0/0/2
interface Ethernet0/0/10
n
/c
port link-type trunk
om
port trunk allow-pass vlan 12 to 13 24 103 112 212 305 312 334 401 to 402
.c
#
ei
interface Ethernet0/0/11
aw
port link-type trunk
hu
port trunk allow-pass vlan 12 to 13 24 103 112 212 305 312 334 401 to 402
#
g.
in
rip 1
rn
undo summary
ea
/l
version 2
:/
network 12.0.0.0
tp
network 24.0.0.0
ht
network 2.0.0.0
:
#
取
return
获
料
<SW3>display current-configuration
资
#
多
sysname SW3
更
vlan batch 12 to 13 24 103 112 212 305 312 334 401 to 402
vlan 305
mux-vlan
interface Vlanif13
n
/c
#
om
interface Ethernet0/0/1
.c
port link-type access
ei
port default vlan 312
aw
port mux-vlan enable
hu
#
interface Ethernet0/0/2
g.
in
port link-type access
rn
#
tp
interface Ethernet0/0/3
ht
#
料
interface Ethernet0/0/4
资
interface Ethernet0/0/5
interface Ethernet0/0/10
n
/c
port mux-vlan enable
om
#
.c
interface Ethernet0/0/11
ei
port link-type trunk
aw
port trunk allow-pass vlan 12 to 13 24 103 112 212 305 312 334 401 to 402
hu
#
rip 1
g.
in
undo summary
rn
version 2
ea
/l
network 13.0.0.0
:/
#
tp
return
ht
:
<SW4>display current-configuration
取
#
获
sysname SW4
料
#
资
vlan batch 12 to 13 24 103 112 212 305 312 334 401 to 402
多
#
更
vlan 401
vlan 402
interface Vlanif24
interface Vlanif305
n
/c
#
om
interface Vlanif401
.c
ip address 4.1.1.254 255.255.255.0
ei
#
aw
interface Vlanif402
hu
ip address 4.2.2.254 255.255.255.0
#
g.
in
interface Ethernet0/0/1
rn
#
tp
interface Ethernet0/0/2
ht
#
获
interface Ethernet0/0/10
料
#
更
interface Ethernet0/0/11
port trunk allow-pass vlan 12 to 13 24 103 112 212 305 312 334 401 to 402
rip 1
undo summary
version 2
network 24.0.0.0
network 3.0.0.0
network 4.0.0.0
n
/c
#
om
return
.c
ei
Chapter 8 LAN Layer 2 Technology Hands-on Exercise
aw
Guide
hu
Overview
g.
in
LAN Layer 2 technologies include the Address Resolution Protocol (ARP), Media
Access Control (MAC), Ethernet link aggregation, and Generic Attribute Registration
rn
Protocol (GARP) VLAN Registration Protocol (GVRP).
ARP maps IP addresses to MAC addresses. Proxy ARP solves network connectivity
ea
problems. Gratuitous ARP enables a host to send an ARP Request packet using its own IP
address as the destination address.
/l
A MAC address defines the position of a network device. A MAC address consists of 48
bits and is displayed as a 12-digit hexadecimal number. Bits 0 to 23 are assigned by IETF and
:/
other institutions to identify vendors, and bits 24 to 47 are the unique ID assigned by vendors
tp
GVRP propagates VLAN attributes of one device throughout the entire switching network.
GVRP enables network devices to dynamically deliver, register, and propagate VLAN
取
attributes, thereby reducing workload of the network administrator and ensuring correct
获
configuration.
料
Objectives
资
Tasks
The following topology shows the network of company A. Deploy the network
according to the following requirements:
(1) Create VLAN 12 and VLAN 21 on SW1 and SW2, and create VLAN 34 on SW3 and SW4.
(2) On SW2, add E0/0/11 to VLAN 12 and E0/0/12 to VLAN 21; add E0/0/13 on SW3 to VLAN
34; add E0/0/14 on SW4 to VLAN 34.
2015-8-31 Huawei Confidential Page 135 of 226
RIP Hands-on Exercise Guide Confidentiality Level
(3) Configure static LACP between SW1 and SW2, configure SW1 as the Actor and the link
connected to E0/0/2 as the backup link, and set the timeout interval to 3 seconds.
(4) Configure interconnected interfaces of switches as trunk interfaces and configure them to
allow all VLANs.
(5) Enable GVRP on each switch, SW3 never learn the VLAN information carried by GVRP, and
implement communication between PC3 and PC4.
(6) Implement communication between PC1 and PC2 through R1.
(7) Set the maximum number of MAC addresses learned by E0/0/13 on SW3 to 2, and configure
an interface in error-down state and enable the device to generate alarms when the number of
learned MAC addresses reaches the limit. There is no need to consider MAC address loss
n
/c
after device restart.
om
Topology
.c
ei
aw
hu
g.
in
rn
ea
/l
:/
tp
ht
:
IP Address Table
取
Default
Device Interface IP Address Subnet Mask
获
Gateway
料
1. Create VLAN 12 and VLAN 21 on SW1 and SW2, and create VLAN 34 on
SW3 and SW4.
After this operation is performed, run the display vlan summary command to check the
summary of VLANs. The display on SW2 is used as an example.
[SW2]display vlan summary
static vlan:
1 12 21
n
/c
dynamic vlan:
om
Total 0 dynamic vlan.
.c
reserved vlan:
ei
Total 0 reserved vlan.
aw
2. On SW2, add E0/0/11 to VLAN 12 and E0/0/12 to VLAN 21; add E0/0/13 on
hu
SW3 to VLAN 34; add E0/0/14 on SW4 to VLAN 34.
g.
After this operation is performed, run the display vlan command to check information
in
about interfaces and VLANs. The display on SW2 is used as an example. (The following
table lists only key information, and as such some information is omitted.)
rn
[SW2]display vlan
ea
--------------------------------------------------------------------------------
:/
tp
#: ProtocolTransparent-vlan; *: Management-vlan;
取
--------------------------------------------------------------------------------
获
--------------------------------------------------------------------------------
资
GE0/0/1(D) GE0/0/2(D)
12 common UT:Eth0/0/11(U)
21 common UT:Eth0/0/12(U)
3. Configure static LACP between SW1 and SW2, configure SW1 as the Actor
and the link connected to E0/0/2 as the backup link, and set the timeout
interval to 3 seconds.
After this operation is performed, run the display eth-trunk command to check link
aggregation information. The display on SW1 is used as an example.
n
[SW1]display eth-trunk 12
/c
om
Eth-Trunk12's state information is:
.c
Local:
ei
LAG ID: 12 WorkingMode: STATIC
aw
Preempt Delay: Disabled Hash arithmetic: According to SIP-XOR-DIP
hu
System Priority: 0 System ID: 4c1f-cc3f-01c3
g.
Least Active-linknumber: 1 Max Active-linknumber: 1
in
Operate status: up Number Of Up Port In Trunk: 1
rn
--------------------------------------------------------------------------------
ea
Partner:
:
--------------------------------------------------------------------------------
取
When configuring link aggregation, notice that the LACP timeout interval can use fast
多
After this operation is performed, run the display vlan command to check VLAN
information of SW2.
[SW2]display vlan
--------------------------------------------------------------------------------
#: ProtocolTransparent-vlan; *: Management-vlan;
n
/c
--------------------------------------------------------------------------------
om
VID Type Ports
.c
--------------------------------------------------------------------------------
ei
1 common UT:Eth0/0/3(U) Eth0/0/4(U) Eth0/0/5(D) Eth0/0/6(D)
aw
Eth0/0/7(D) Eth0/0/8(D) Eth0/0/9(D) Eth0/0/10(D)
hu
Eth0/0/13(D) Eth0/0/14(D) Eth0/0/15(D) Eth0/0/16(D)
Eth0/0/17(D) Eth0/0/18(D)
g.
Eth0/0/19(D) Eth0/0/20(D)
in
Eth0/0/21(D) Eth0/0/22(D) GE0/0/1(D) GE0/0/2(D)
rn
Eth-Trunk12(U)
ea
/l
12 common UT:Eth0/0/11(U)
:/
21 common UT:Eth0/0/12(U)
ht
5. Enable GVRP on each switch, SW3 never learn the vlan information carried
取
After this operation is performed, run the display gvrp statistics command to check
料
[PC4]ping 34.1.1.3
n
/c
Reply from 34.1.1.3: bytes=32 Sequence=4 ttl=128 time=62 ms
om
Reply from 34.1.1.3: bytes=32 Sequence=5 ttl=128 time=31 ms
.c
--- 34.1.1.3 ping statistics ---
ei
5 packet(s) transmitted
aw
5 packet(s) received
hu
0.00% packet loss
[PC1]ping 21.1.1.1
ht
5 packet(s) transmitted
5 packet(s) received
You can use the router-on-a-stick and VLANIF interface to implement communication
2015-8-31 Huawei Confidential Page 140 of 226
RIP Hands-on Exercise Guide Confidentiality Level
n
/c
MAC address table of slot 0:
om
-------------------------------------------------------------------------------
.c
MAC Address VLAN/ PEVLAN CEVLAN Port Type LSP/LSR-ID
ei
VSI/SI MAC-Tunnel
aw
-------------------------------------------------------------------------------
hu
g.
5489-98cf-3447 34 - - Eth0/0/13 security -
in
-------------------------------------------------------------------------------
rn
The port security function changes MAC addresses learned on an interface into secure
dynamic MAC addresses and sticky MAC addresses. There are differences between secure
/l
dynamic MAC addresses and sticky MAC addresses in terms of aging and MAC address loss
after device restart.
:/
tp
Questions
ht
Configuration List
取
获
<R1>display current-configuration
料
#
资
sysname R1
多
#
更
interface GigabitEthernet0/0/1
interface GigabitEthernet0/0/1.1
interface GigabitEthernet0/0/1.2
n
/c
arp broadcast enable
om
#
.c
return
ei
aw
<SW1>display current-configuration
hu
#
sysname SW1
g.
in
#
rn
vlan batch 12 21
ea
/l
#
:/
gvrp
tp
#
ht
lacp priority 0
:
#
取
interface Eth-Trunk12
获
mode lacp-static
多
max active-linknumber 1
gvrp
interface Ethernet0/0/1
eth-trunk 12
interface Ethernet0/0/2
eth-trunk 12
n
/c
interface GigabitEthernet0/0/1
om
port link-type trunk
.c
port trunk allow-pass vlan 2 to 4094
ei
#
aw
return
hu
<SW2>display current-configuration
g.
in
#
rn
sysname SW2
ea
/l
#
:/
vlan batch 12 21
tp
#
ht
gvrp
:
#
取
interface Eth-Trunk12
获
mode lacp-static
多
gvrp
interface Ethernet0/0/1
eth-trunk 12
interface Ethernet0/0/2
eth-trunk 12
interface Ethernet0/0/3
n
/c
port trunk allow-pass vlan 2 to 4094
om
gvrp
.c
#
ei
interface Ethernet0/0/4
aw
port link-type trunk
hu
port trunk allow-pass vlan 2 to 4094
gvrp
g.
in
#
rn
interface Ethernet0/0/11
ea
/l
#
ht
interface Ethernet0/0/12
:
#
料
return
资
多
<SW3>display current-configuration
更
sysname SW3
vlan batch 34
gvrp
interface Ethernet0/0/3
n
/c
gvrp
om
gvrp registration fixed
.c
#
ei
interface Ethernet0/0/13
aw
port link-type access
hu
port default vlan 34
port-security enable
g.
in
port-security protect-action shutdown
rn
port-security max-mac-num 2
ea
/l
#
:/
return
tp
ht
<SW4>display current-configuration
:
#
取
sysname SW4
获
#
料
vlan batch 34
资
#
多
gvrp
更
interface Ethernet0/0/4
gvrp
interface Ethernet0/0/14
n
/c
return
om
.c
Chapter 9 WAN Layer 2 Technology Hands-on Exercise
ei
Guide
aw
Overview
hu
This document introduces Wide Area Network (WAN) Layer 2 technologies, including
g.
Point-to-Point Protocol (PPP), Multilink PPP (MP), PPP over Ethernet (PPPoE), and Frame
in
Relay (FR).
PPP is used at the data link layer for point-to-point data transmission over full-duplex
rn
synchronous and asynchronous links. It consists of the Link Control Protocol (LCP),
Network Control Protocol (NCP), Challenge-Handshake Authentication Protocol (CHAP),
ea
whose length is greater than the minimum packet length and then sends the fragments to the
:/
peer device over multiple PPP links in the MP-Group. After receiving these fragments, the
peer device assembles these packets and then sends them to the network layer. MP can be
tp
Objectives
料
Configure MP.
Configure PPPoE.
多
Configure FR.
更
Tasks
The following topology shows the network of Company A. Deploy the network
according to the following requirements:
(1) Bind PPP links between R1 and R4, and disable the MP-Group mode. For details
about the interface name and IP address, see the "IP Address Table".
(2) Configure R1 as the PPPoE server and R5 as the PPPoE client. Enable the PPPoE
server to allocate the IP address 15.1.1.5 to the PPPoE client. Configure the PPPoE
server to authenticate the PPPoE client using PAP, with the user name R5 and
password HUAWEI.
2015-8-31 Huawei Confidential Page 146 of 226
RIP Hands-on Exercise Guide Confidentiality Level
(3) Disable InARP on FR links between R1 and R2 and between R1 and R3. R1 and
R2 can communicate over the network segment 12.1.1.0/24, while R1 and R3 can
communicate over the network segment 23.1.1.0/24. Sub-interfaces cannot be
created.
(4) Run Intermediate System to Intermediate System (IS-IS) on R1, R2, R3, and R4,
set the area to 47.0000, the system ID to 0000.0000.000X, and the IS-IS level to
Level-2, implementing interworking between addresses in the "IP Address Table".
Topology
n
/c
om
.c
ei
aw
hu
g.
in
rn
ea
IP Address Table
/l
:/
Default
Device Interface IP Address Subnet Mask
Gateway
tp
R3
Loopback 0 10.3.3.3 255.255.255.255 N/A
更
1. Bind PPP links between R1 and R4, and disable the MP-Group mode. For
details about the interface name and IP address, see the "IP Address Table."
After completing this task, run the display ppp mp command to view the MP binding
information. The following uses the display of R1 as an example. The table shows only key
information, while other information is omitted.
[R1]display ppp mp
Template is Virtual-Template14
n
0 lost fragments, 0 reordered, 0 unassigned,
/c
sequence 0/0 rcvd/sent
om
The bundled sub channels are:
.c
ei
Serial2/0/0
aw
Serial2/0/1
hu
You can also run the following command to verify the results:
g.
display interface virtual-template in
2. Configure R1 as the PPPoE server and R5 as the PPPoE client. Enable the
PPPoE server to allocate the IP address 15.1.1.5 to the PPPoE client.
rn
Configure the PPPoE server to authenticate the PPPoE client using PAP,
ea
After completing this task, run the display pppoe-server session/display ip interface
:/
brief command to view information about the PPPoE server and IP address of the client. The
following table shows information of R1 and R5. The table shows only key information,
tp
You can also run the following command to verify the results:
display pppoe-client session
After completing this task, run the display fr map-info command to view FR address
mapping information. The following table shows information on R1.
[R1]display fr map-info
n
/c
encapsulation = ietf, vlink = 0
om
DLCI = 103, PPP over FR Virtual-Template13, Serial1/0/0
.c
create time = 2013/09/18 19:22:41, status = ACTIVE
ei
encapsulation = ietf, vlink = 0
aw
FR links can transmit multiple types of packets, such as IP packets and PPP packets. As
sub-interfaces cannot be created, another method should be used to meet the requirement in
hu
this task.
4.
g.
Run IS-IS on R1, R2, R3, and R4, set the area to 47.0000, the system ID to
in
0000.0000.000X, and the IS-IS level to Level-2, implementing interworking
between addresses in the "IP Address Table".
rn
ea
After completing this task, run the display ip routing-table protocol isis command to
view IS-IS routing information on R1.
/l
IS-IS does not apply to FR links. To enable IS-IS on FR links, you need to configure
获
Questions
资
Configuration List
<R1>display current-configuration
sysname R1
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
n
/c
domain default_admin
om
local-user r5 password cipher %$%$wgCcG9i@%B0!z/SzyC&,S2fp%$%$
.c
local-user r5 service-type ppp
ei
local-user admin password cipher %$%$K8m.Nt84DZ}e#<0`8bmE3Uw}%$%$
aw
local-user admin service-type http
hu
#
isis 1
g.
in
is-level level-2
rn
network-entity 47.0000.0000.0000.0001.00
ea
/l
#
:/
interface Serial1/0/0
tp
link-protocol fr
ht
undo fr inarp
:
#
料
interface Serial2/0/0
资
link-protocol ppp
多
ppp mp Virtual-Template 14
更
interface Serial2/0/1
link-protocol ppp
ppp mp Virtual-Template 14
interface Virtual-Template12
isis enable 1
interface Virtual-Template13
n
/c
ip address 13.1.1.1 255.255.255.0
om
isis enable 1
.c
#
ei
interface Virtual-Template14
aw
ip address 14.1.1.1 255.255.255.0
hu
isis enable 1
#
g.
in
interface Virtual-Template15
rn
#
ht
interface GigabitEthernet0/0/0
:
#
获
interface LoopBack0
料
isis enable 1
多
#
更
return
<R2>display current-configuration
sysname R2
isis 1
is-level level-2
network-entity 47.0000.0000.0000.0002.00
n
/c
interface Serial1/0/0
om
link-protocol fr
.c
undo fr inarp
ei
fr map ppp interface Virtual-Template12 201
aw
#
hu
interface Virtual-Template12
#
ea
/l
interface LoopBack0
:/
isis enable 1
ht
#
:
return
取
获
<R3>display current-configuration
料
#
资
sysname R3
多
#
更
isis 1
is-level level-2
network-entity 47.0000.0000.0000.0003.00
interface Serial1/0/0
link-protocol fr
undo fr inarp
interface Virtual-Template13
n
/c
ip address 13.1.1.3 255.255.255.0
om
isis enable 1
.c
#
ei
interface LoopBack0
aw
ip address 10.3.3.3 255.255.255.255
hu
isis enable 1
#
g.
in
return
rn
ea
/l
<R4>display current-configuration
:/
#
tp
sysname R4
ht
#
:
isis 1
取
is-level level-2
获
network-entity 47.0000.0000.0000.0004.00
料
#
资
interface Serial2/0/0
多
link-protocol ppp
更
ppp mp Virtual-Template 14
interface Serial2/0/1
link-protocol ppp
ppp mp Virtual-Template 14
interface Virtual-Template14
isis enable 1
n
/c
interface LoopBack0
om
ip address 10.4.4.4 255.255.255.255
.c
isis enable 1
ei
#
aw
return
hu
<R5>display current-configuration
g.
in
#
rn
sysname R5
ea
/l
#
:/
priority 15
ht
#
:
interface Dialer15
取
link-protocol ppp
获
ip address ppp-negotiate
资
dialer user R5
多
dialer bundle 1
更
interface GigabitEthernet0/0/0
pppoe-client dial-bundle-number 1
return
STP prevents loops at the data link layer. It uses BPDUs to transmit STP information,
calculate a loop-free tree network topology and block a specified port. When a network fault
n
occurs, STP can detect the fault and use another path to transmit data. STP exchanges BPDUs
/c
to select the root switch; each non-root-switch selects the root port to communicate with the
root switch; the designated port is selected on each network segment to forward data to the
om
root switch; the remaining ports, that is, ports not selected as the root and designated ports,
are blocked.
.c
STP can prevent loops, but there are disadvantages. STP does not differentiate port
statuses and roles in a fine-granular manner. It defines five ports statuses and has slow
ei
convergence. For users, there are no differences between ports in Listening, Learning, and
aw
Blocking states. Ports in Listening, Learning, and Blocking states do not forward traffic.
RSTP is an extension based on STP, and when compared to STP has two additional port roles.
hu
RSTP defines four port rules: root port, designated port, alternate port, and backup port.
RSTP defines the port status based on whether the port forwards user traffic and learns MAC
g.
addresses. If a port neither forwards user traffic nor learns MAC addresses, the port is in
Discarding state. If a port does not forward user traffic but learns MAC addresses, the port is
in
in Learning state. If a port forwards user traffic and learns MAC addresses, the port is in
rn
Forwarding state. RSTP uses the Proposal/Agreement mechanism, fast switching of the root
port, and edge port to implement fast convergence.
ea
VLAN-based load balancing cannot be performed. Once a link is blocked, it will no longer
transmit traffic, wasting bandwidth and causing the failure in forwarding certain VLAN
:/
MSTP divides a switching network into multiple regions, each of which has multiple
spanning trees that are independent of one another. Each region is called MST region and
ht
each spanning tree is called an MSTI. An MSTI can contain multiple VLANs. Binding
multiple VLANs to one MSTI reduces communication costs and resource usage. The
:
topology of each MSTI is calculated independently, and traffic can be balanced among
MSTIs.
取
获
Objectives
料
Configure MSTIs.
Configure multiple MST regions.
多
Tasks
The following topology shows the Layer 2 network of a company. SW1 and SW2 are
core switches. Deploy the network according to the following requirements:
(1) Configure the latest spanning tree protocol on the four switches, configure VLAN 10 and
VLAN 20 for service A, configure VLAN 30 and VLAN 40 for service B, and configure
management VLANs 50 and 60. Configure the four switches to allow the preceding VLANs.
2015-8-31 Huawei Confidential Page 155 of 226
RIP Hands-on Exercise Guide Confidentiality Level
n
/c
(5) Ensure that SW3 and SW4 will never be the root switch of the network.
(6) Configure the ports eth0/0/7 of SW2 operate in Forwarding state when faulty links recover,
om
and provide solutions if there are risks to devices such as rogue switches connected to user
ports.
.c
(7) To save the CPU resources, configure the two core switches to respond the TC-BPDU twice
during one hello interval.
ei
(8) To reduce the convergence time of MSTP, configure the link between switches as
aw
point-to-point.
hu
Topology
g.
in
rn
ea
/l
:/
tp
ht
:
取
获
料
资
多
更
IP Address Table
Default
Device Interface IP Address Subnet Mask
Gateway
PC1 G 0/0/7 10.0.1.1 255.255.255.0 N/A
PC2 G 0/0/7 10.0.1.2 255.255.255.0 N/A
PC3 G 0/0/7 20.0.1.1 255.255.255.0 N/A
1. Configure the latest spanning tree protocol on the four switches, configure
VLAN 10 and VLAN 20 for service A, configure VLAN 30 and VLAN 40 for
service B, and configure management VLANs 50 and 60. Configure the four
switches to allow the preceding VLANs. Service A, Service B and
management VLANs calculate the path separately.
n
Note: Latest STP means MSTP, configure links as trunk links, and configure the links to
/c
allow all VLANs. Need to use multi-instance.
om
[SW1] display stp region-configuration
.c
Oper configuration
ei
Format selector :0
aw
Region name :1
hu
Revision level :0
1 10, 20
ea
/l
2 30, 40
:/
topologies are used for services A and B:ServiceA use SW1 as root, Service B
use SW2 as root, when the root switch in any topology fails, the new root
ht
switch should be the core device (SW1, SW2 works as the core device, SW3,
:
Note: Configure multiple MSTIs and adjust the root switch in different MSTIs.
获
3. The spanning tree region configuration on SW1, SW2, and SW3 are different
料
from that on SW4 due to configuration errors or other causes. Ensure that
SW4 can access VLANs on other switches through SW1 user the link with
资
even number.
多
Note: Configure multiple MST regions. Use port priority to choose the blocking link.
更
Oper configuration
Format selector :0
Region name :2
Revision level :0
1 10, 20
2 30, 40
n
/c
<SW4>display stp brief
om
MSTID Port Role STP State Protection
.c
0 Ethernet0/0/3 ALTE DISCARDING NONE
ei
0 Ethernet0/0/4 ALTE DISCARDING NONE
aw
0 Ethernet0/0/5 ALTE DISCARDING NONE
hu
0 Ethernet0/0/6 ROOT FORWARDING NONE
4. Use port priority to Configure SW1 and SW2 to use different links to
transmit services A and B, implementing redundancy.
资
After the configuration is performed, different services are transmitted using different links.
多
……
……
……
n
/c
5. Ensure that SW3 and SW4 will never be the root switch of the network.
om
Note: Adjust the configuration and consider using root protection.
.c
[SW1]dis stp brief
ei
MSTID Port Role STP State Protection
aw
0 Ethernet0/0/1 DESI FORWARDING NONE
hu
0 Ethernet0/0/2 DESI FORWARDING NONE
6. Configure the ports eth0/0/7 of SW2 operate in Forwarding state when faulty
links recover, and provide solutions if there are risks to devices such as rogue
2015-8-31 Huawei Confidential Page 159 of 226
RIP Hands-on Exercise Guide Confidentiality Level
Note: Use the edge port and consider how to prevent risks caused by the edge port.
[SW2]display stp interface Ethernet 0/0/7
n
……
/c
CIST RootPortId :128.3
om
BPDU-Protection :Enabled
.c
ei
TC or TCN received :634
aw
……
hu
----[Port7(Ethernet0/0/7)][FORWARDING]----
g.
Port Protocol :Enabled in
…..
rn
BPDU-Protection :Enabled
/l
……
tp
ht
7. To save the CPU resources, configure the two core switches to respond the
TC-BPDU twice during one hello interval.
:
取
……
----[Port1(Ethernet0/0/1)][FORWARDING]----
……
Point-to-point :Config=ForceTrue
……
Questions
For requirement 9, why p2p link can accelerate the convergence of STP?
When traffic in VLAN 10/20/30/40/50/60 on SW4 needs to be transmitted in VLANs on
n
core switches, can the link between SW2 and SW4 be used?
/c
Configuration List
om
.c
<SW1>display current-configuration
ei
#
aw
sysname SW1
hu
#
vlan batch 10 20 30 40 50 60
g.
in
#
rn
stp tc-protection
ht
#
取
stp region-configuration
获
region-name 1
料
instance 1 vlan 10 20
资
instance 2 vlan 30 40
多
active region-configuration
更
interface Ethernet0/0/1
interface Ethernet0/0/2
n
/c
#
om
interface Ethernet0/0/3
.c
port link-type trunk
ei
port trunk allow-pass vlan 2 to 4094
aw
stp root-protection
hu
stp point-to-point force-true
#
g.
in
interface Ethernet0/0/4
rn
stp root-protection
tp
#
:
interface Ethernet0/0/5
取
stp root-protection
资
#
更
interface Ethernet0/0/6
stp root-protection
return
<SW2>display current-configuration
n
/c
#
om
sysname SW2
.c
#
ei
vlan batch 10 20 30 40 50 60
aw
#
hu
stp instance 0 root secondary
stp bpdu-protection
ea
/l
stp tc-protection
:/
#
ht
stp region-configuration
:
region-name 1
取
instance 1 vlan 10 20
获
instance 2 vlan 30 40
料
active region-configuration
资
#
多
interface Ethernet0/0/1
更
interface Ethernet0/0/2
n
/c
interface Ethernet0/0/3
om
port link-type trunk
.c
port trunk allow-pass vlan 2 to 4094
ei
stp root-protection
aw
stp point-to-point force-true
hu
#
interface Ethernet0/0/4
g.
in
port link-type trunk
rn
stp root-protection
:/
#
ht
interface Ethernet0/0/5
:
stp root-protection
料
#
多
interface Ethernet0/0/6
更
stp root-protection
interface Ethernet0/0/7
n
/c
return
om
.c
<SW3>display current-configuration
ei
#
aw
sysname SW3
hu
#
vlan batch 10 20 30 40 50 60 70
g.
in
#
rn
stp region-configuration
ea
/l
region-name 1
:/
instance 1 vlan 10 20
tp
instance 2 vlan 30 40
ht
active region-configuration
:
#
取
interface Ethernet0/0/1
获
interface Ethernet0/0/2
interface Ethernet0/0/3
n
/c
stp point-to-point force-true
om
#
.c
interface Ethernet0/0/4
ei
port link-type trunk
aw
port trunk allow-pass vlan 2 to 4094
hu
stp point-to-point force-true
#
g.
in
interface Ethernet0/0/5
rn
#
ht
interface Ethernet0/0/6
:
#
资
return
多
更
<SW4>display current-configuration
sysname SW4
vlan batch 10 20 30 40 50 60 70
stp region-configuration
region-name 2
instance 1 vlan 10 20
instance 2 vlan 30 40
n
/c
active region-configuration
om
#
.c
interface Ethernet0/0/1
ei
port link-type trunk
aw
undo port trunk allow-pass vlan 1
hu
port trunk allow-pass vlan 70
interface Ethernet0/0/2
ea
/l
#
取
interface Ethernet0/0/3
获
#
更
interface Ethernet0/0/4
interface Ethernet0/0/5
n
/c
interface Ethernet0/0/6
om
port link-type trunk
.c
port trunk allow-pass vlan 2 to 4094
ei
stp point-to-point force-true
aw
#
hu
return
g.
in
Chapter 11 Multicast Hands-on Exercise Guide
rn
ea
Overview
/l
As the Internet is developing rapidly, increasing data, voice, and video streams are
:/
popular. These services often use the multipoint-to-multipoint transmission model and
require high information security, paid service, and high bandwidth. The IP protocol supports
ht
multicast group. A multicast source sends only one copy of packets to a multicast address.
取
The multicast routing protocol running on the network establishes a multicast distribution
tree from the multicast source to all members of the multicast group. Multicast data packets
获
are replicated to all group members. Hosts can join a group to receive data sent to the group.
In multicast transmission mode, a data flow is transmitted to a group of users along the
料
multicast distribution tree. Each link transmits only one copy of multicast data packets.
Compared with the unicast mode, the multicast mode reduces loads on servers and CPUs of
资
network devices. The increase in the number of users will not significantly increase network
多
loads. Multicast packets can be transmitted across different network segments and will not be
sent to users who do not need the packets. Compared with the broadcast mode, the multicast
更
mode can transmit data over a long distance. In addition, data is transmitted only to network
segments with receivers, ensuring information security. In a summary, the multicast mode has
advantages over the unicast and broadcast modes in the multipoint-to-multipoint transmission
model.
A multicast group is identified by an IP multicast address. It represents a collection of
systems but not a specific host. If a host joins a multicast group, it means that the host wants
to receive packets destined for the IP multicast address. Multicast addresses are class D IP
addresses in the range of 224.0.0.0 to 239.255.255.255. IP addresses 224.0.0.0 to 224.0.0.255
are reserved as permanent group addresses by the Internet Assigned Numbers Authority
(IANA). In this address range, 224.0.0.0 is not allocated, and the other addresses are used by
Objectives
n
Configure PIM-SM.
/c
Configure static and dynamic RP.
Understand the RPF working mechanism.
om
Configure static multicast routes.
.c
Tasks
ei
The following topology shows the network of Company A. The network runs the OSPF
aw
protocol. Routers R2, R3, R4, and R5 work in area 0. Routers R1, R2, and R3 in area 1 form
a frame relay (FR) network and adopt a hub-spoke structure. Do not change the default
hu
network type or the link costs unless you are required to. R6/R7 locate in area 2. Ensure that
g.
reachable routes are available among the network devices. The company needs to deploy the
multicast service on the network. There are three multicast sources on the network. Source 1
in
and Source 3 connect to R1. Source 2 needs to send multicast data to PC2 in group 239.2.2.2
using the PIM-SM mode. PC3-1 and PC3-2 need to join group 239.3.3.3. Multicast data
rn
should be transmitted without a rendezvous point tree (RPT). The link between R5 and R7
and the link between R4 and R6 need to transmit a large amount of multicast data, so PIM
ea
cannot be enabled on the two links. Deploy the network according to the following
/l
requirements:
(1) Make R4 and R5 the RPs and ensure that the RP address is 45.45.45.45 on all multicast
:/
devices. The RPs must be determined through dynamic RP election. Make R2 the bootstrap
router (BSR) and use IP address of loopback 0 (20.1.1.2) as the BSR address. Ensure that
tp
20.1.1.2 is in area 1.
(2) R2 is the designated router (DR) on the Ethernet network. For Source 1 (10.1.1.1) connecting
ht
to R1, receiver is PC1. PC1 runs IGMPv2, when R7 receive membership report message, just
:
Source Discovery Protocol (MSDP), and only Source-Active (SA) messages with the
(70.0.0.7, 239.2.2.2) mapping are allowed between the RPs.
获
(4) Ensure that Source 2 will not receive multicast data packets from other multicast sources.
(5) Ensure that the multicast stream sent from Source 2 (70.0.0.7) to the downstream receiver
料
(6) When the IGMP querier on the Ethernet network in area 0 fails, a new querier must be
available as fast as possible.
多
更
Topology
n
/c
om
.c
ei
aw
hu
g.
in
rn
ea
/l
:/
tp
ht
IP Address Table
:
Default
Device Interface IP Address Subnet Mask
取
Gateway
获
n
Loopback 1 45.45.45.45 255.255.255.255 N/A
/c
G1/0/0 1.1.46.6 255.255.255.0 N/A
om
G 0/0/1 1.1.56.6 255.255.255.0 N/A
R6
.c
G 0/0/0 60.0.1.254 255.255.255.0 N/A
ei
G 0/0/2 60.0.2.254 255.255.255.0 N/A
aw
G 0/0/1 1.1.47.7 255.255.255.0 N/A
SW1 G 1/0/0 1.1.57.7 255.255.255.0 N/A
hu
G 0/0/2 70.0.0.254 255.255.255.0 N/A
Source 1 E 0/0/1 10.1.1.1
g.
255.255.255.0 10.1.1.254
in
Source 2 E 0/0/1 70.0.0.7 255.255.255.0 70.0.0.254
rn
1. Make R4 and R5 the RPs and ensure that the RP address is 45.45.45.45 on all
取
Bootstrap messages sent from the BSR must be spread throughout the network. Ensure
资
<R3>dis pim rp
更
Group/MaskLen: 224.0.0.0/4
RP: 45.45.45.45
Priority: 0
Uptime: 00:00:13
Expires: 00:02:17
n
Note that if SSM and SSM mapping are used and Join messages with the (S, G)
/c
mapping are transmitted in the FR network, the downstream receiver may receive the first
multicast data packets but fail to receive the subsequent multicast data packets.
om
[R2]display pim interface GigabitEthernet 0/0/2
.c
VPN-Instance: public net
ei
Interface State NbrCnt HelloInt DR-Pri DR-Address
aw
GE0/0/2 up 3 30 100 192.168.1.2 (local)
hu
g.
in
<R7>display igmp ssm-mapping group
rn
3. The two RPs implement load balancing and back each other up. The RPs
run MSDP, and only SA messages with the (70.0.0.7, 239.2.2.2) mapping are
:
You need to configure MSDP on the RPs. As the anycast-RP mode is used, pay
获
attention to MSDP peer authentication. Configure SA filtering between the MSDP peers to
allow only the specified (S, G) mapping.
料
1 1 0 0 0 0
1.1.45.4 Up 00:01:26 ? 0 0
4. Ensure that Source 2 will not receive multicast data packets from other
multicast sources.
SW1 connects to Source 2 and receiver PC1. PC1 needs to receive multicast data from
Source 1. To prevent Source 2 from receiving multicast data packets from other multicast
sources, configure IGMP snooping.
[Sw1]dis igmp-snooping configuration
igmp-snooping enable
n
/c
5. Ensure that the multicast stream sent from Source 2 (70.0.0.7) to the
downstream receiver PC2 is forwarded along the best path.
om
R4 is the RP for the source and R5 is the RP for the receiver. Configure an MSDP
.c
session and enable switchover between the two RPs. There are equal paths from S2 (70.0.0.7)
on R7 to R6. But PIM is not enabled on the link between R7 and R5, R4 and R6. Be sure
ei
RPT and SPT can be established successfully.
aw
[R5]dis multicast rpf-info 70.0.0.0
hu
VPN-Instance: public net
g.
RPF information about source: 70.0.0.0
in
RPF interface: GigabitEthernet0/0/0, RPF neighbor: 1.1.45.4
rn
(*, 239.2.2.2)
多
UpTime: 00:13:10
1: GigabitEthernet0/0/1
n
/c
(70.0.0.7, 239.2.2.2)
om
RP: 45.45.45.45 (local)
.c
Protocol: pim-sm, Flag: SPT 2MSDP ACT
ei
UpTime: 00:03:08
aw
Upstream interface: GigabitEthernet0/0/0
hu
Upstream neighbor: 1.1.45.4
1: GigabitEthernet0/0/1
:/
6. When the IGMP querier on the Ethernet network in area 0 fails, a new
ht
There is a receiver on the backbone network. R2 has the smallest IP address on the backbone
取
network and should be elected as the querier. If the querier fails, R3 should act as the querier.
However, the default querier re-election interval is a long time. To enable R3 to preempt as
获
the new querier as fast as possible, you can change the Other Querier Present Timer value.
料
GigabitEthernet0/0/2(192.168.1.4):
更
IGMP is enabled
IGMP state: up
IGMP limit: -
n
/c
Total 1 IGMP Group reported
om
Questions
.c
When use anycast to implement load balance between RPs, what will happen and how
ei
to resolve the problem?
aw
Configuration List
hu
g.
<R1>display current-configuration
in
#
rn
sysname R1
ea
#
/l
multicast routing-enable
:/
#
tp
interface Serial1/0/0
ht
link-protocol fr
:
pim sm
料
#
资
interface GigabitEthernet0/0/0
多
pim sm
interface GigabitEthernet0/0/1
pim sm
ospf 1
peer 1.1.123.2
peer 1.1.123.3
area 0.0.0.1
n
/c
network 1.1.123.0 0.0.0.255
om
network 10.1.1.0 0.0.0.255
.c
network 10.3.3.0 0.0.0.255
ei
network 10.5.5.0 0.0.0.255
aw
#
hu
pim
#
g.
in
return
rn
ea
/l
<R2>display current-configuration
:/
#
tp
sysname R2
ht
#
:
multicast routing-enable
取
#
获
interface Serial1/0/0
料
link-protocol fr
资
pim sm
更
ospf dr-priority 0
interface Serial1/0/1
link-protocol ppp
interface GigabitEthernet0/0/2
pim sm
igmp enable
n
/c
igmp version 3
om
igmp timer query 20
.c
igmp timer other-querier-present 60
ei
#
aw
interface LoopBack0
hu
ip address 20.1.1.2 255.255.255.255
pim sm
g.
in
#
rn
ospf 1
ea
/l
peer 1.1.123.1
:/
area 0.0.0.0
tp
area 0.0.0.1
:
#
料
pim
资
c-bsr LoopBack0
多
#
更
return
<R3>display current-configuration
sysname R3
multicast routing-enable
interface Serial1/0/0
link-protocol fr
n
/c
ip address 1.1.123.3 255.255.255.0
om
pim sm
.c
ospf dr-priority 0
ei
#
aw
interface GigabitEthernet0/0/2
hu
ip address 192.168.1.3 255.255.255.0
pim sm
g.
in
igmp enable
rn
igmp version 3
ea
/l
#
ht
ospf 1
:
peer 1.1.123.1
取
area 0.0.0.0
获
area 0.0.0.1
资
#
更
return
<R4>display current-configuration
sysname R4
multicast routing-enable
n
/c
acl number 3001
om
rule 5 permit ip source 70.0.0.7 0 destination 239.2.2.2 0
.c
rule 10 deny ip
ei
#
aw
interface GigabitEthernet0/0/0
hu
ip address 1.1.45.4 255.255.255.0
pim sm
g.
in
#
rn
interface GigabitEthernet0/0/1
ea
/l
pim sm
tp
#
ht
interface GigabitEthernet0/0/2
:
pim sm
料
igmp enable
资
igmp version 3
多
interface GigabitEthernet1/0/0
interface LoopBack1
pim sm
ospf 1
n
/c
area 0.0.0.0
om
network 1.1.45.0 0.0.0.255
.c
network 45.45.45.45 0.0.0.0
ei
network 192.168.1.0 0.0.0.255
aw
area 0.0.0.2
hu
network 1.1.46.0 0.0.0.255
pim
ea
/l
c-rp LoopBack1
:/
#
tp
pim
ht
c-rp LoopBack1
:
anycast-rp 45.45.45.45
取
local-address 1.1.45.4
获
peer 1.1.45.5
料
#
资
return
多
更
<R5>display current-configuration
sysname R5
multicast routing-enable
rule 10 deny ip
n
/c
interface GigabitEthernet0/0/0
om
ip address 1.1.45.5 255.255.255.0
.c
pim sm
ei
#
aw
interface GigabitEthernet0/0/1
hu
ip address 1.1.56.5 255.255.255.0
pim sm
g.
in
#
rn
interface GigabitEthernet0/0/2
ea
/l
pim sm
tp
igmp enable
ht
igmp version 3
:
#
料
interface GigabitEthernet1/0/0
资
#
更
interface LoopBack1
pim sm
ospf 1
area 0.0.0.0
area 0.0.0.2
n
/c
network 1.1.56.0 0.0.0.255
om
network 1.1.57.0 0.0.0.255
.c
#
ei
pim
aw
c-rp LoopBack1
hu
#
pim
g.
in
c-rp LoopBack1
rn
anycast-rp 45.45.45.45
ea
/l
local-address 1.1.45.5
:/
peer 1.1.45.4
tp
#
ht
#
取
return
获
料
<R6>display current-configuration
资
#
多
sysname R6
更
multicast routing-enable
interface GigabitEthernet0/0/0
pim sm
igmp enable
interface GigabitEthernet0/0/1
n
/c
pim sm
om
#
.c
interface GigabitEthernet0/0/2
ei
ip address 60.0.2.254 255.255.255.0
aw
pim sm
hu
igmp enable
igmp version 3
g.
in
#
rn
interface GigabitEthernet1/0/0
ea
/l
#
tp
ospf 1
ht
area 0.0.0.2
:
#
多
return
更
<R7>display current-configuration
sysname R7
multicast routing-enable
interface GigabitEthernet0/0/1
pim sm
n
/c
#
om
interface GigabitEthernet0/0/2
.c
ip address 70.0.0.254 255.255.255.0
ei
pim sm
aw
igmp enable
hu
igmp ssm-mapping enable
#
g.
in
interface GigabitEthernet1/0/0
rn
#
:/
ospf 1
tp
area 0.0.0.2
ht
#
料
igmp
资
#
更
pim
return
<Sw1>display current-configuration
sysname Sw1
igmp-snooping enable
n
/c
vlan 1
om
igmp-snooping enable
.c
#
ei
return
aw
hu
Chapter 12 IPv6 Hands-on Exercise Guide
g.
in
Overview
rn
throughput.
4. Enhanced security: IPv6 supports identity authentication and data encryption.
取
transition from IPv4 to IPv6 cannot be completed in a short time. In addition, enterprises and
资
users become increasingly dependent on the Internet in their daily work and cannot tolerate
service disruption brought by the transition. Therefore, IPv4 needs to gradually transit to
多
IPv6 so that users can experience the advantages brought by IPv6 while still be able to
communicate with IPv4 users. Smooth transition from IPv4 to IPv6 is a key factor
更
Objectives
Upon completion of this exercise guide, you will be able to master the method to:
Use stateless IPv6 address auto configuration.
Configure OSPFv3.
Configure IS-ISv6.
Configure BGPv4+.
Configure BGPv4+ to advertise default routes.
Configure BGPv4+ routing policy.
n
Configure a manual tunnel and an automatic tunnel (6to4).
/c
Tasks
om
.c
The following figure shows the IPv6 network topology. Deploy the network according
to the following requirements:
ei
(1) Run OSPFv3 among R1, R2, and R3, and set the area ID of the three routers to 0 and router
IDs of R1, R2, and R3 to 10.1.1.1, 10.2.2.2, and 10.3.3.3 respectively.
aw
(2) Run IS-ISv6 among R4, R5, and R6, set the area ID of the three routers to 49.0001, and
ensure that the three routers are all Level-2 routers.
hu
(3) Run OSPFv2 on the IPv4 network between R2 and R4 and set the area ID of the two routers
g.
to 0, include loopback interfaces.
(4) Set up an IS-ISv4 neighbor relationship between R6 and R7 (an IPv4 network is deployed
in
between R6 and R7) and set the area ID of the two routers to 49.0001.
(5) Set up full-mesh IBGP4+ IPv6 neighbor relationships among R1, R2, and R3, set the AS
rn
number of the three routers to 100, and configure R2 to advertise default routes to AS100. Set
up an IBGP4+ IPv6 neighbor relationship between R4 and R5 and set the AS number of the
ea
(6) Set up an GRE manual tunnel between R2 and R4 with the tunnel address
2001:db8:24::/64 ,Set up an EBGP IPv6 neighbor relationship between R2 and R4 using IPv6
:/
information in state auto configuration mode. In this example, R8 is used to simulate an IPv6
:
terminal.
(9) Establish a 6to4 tunnel between R6 and R7. Ensure R7 can ping the IPv6 networks inside
取
AS200.
获
料
资
多
更
Topology
IPv4 network
Autoconfiguration
n
/c
IPv4 network
om
.c
ei
aw
hu
IP Address Table
g.
in
rn
Default
Device Interface IP Address Subnet Mask
Gateway
ea
R1
Loopback 0 10.1.1.1 32 N/A
G 0/0/0 192.168.24.2 24 N/A
:/
R6
G 0/0/2 192.168.67.6 24 N/A
Loopback 0 10.6.6.6 32 N/A
更
1. Run OSPFv3 among R1, R2, and R3, and set the area ID of the three routers
to 0 and router IDs of R1, R2, and R3 to 10.1.1.1, 10.2.2.2, and 10.3.3.3
respectively.
2015-8-31 Huawei Confidential Page 187 of 226
RIP Hands-on Exercise Guide Confidentiality Level
Perform basic configurations according to the address table, and then run the display
ospfv3 peer command to check information about OSPF neighbor relationships and routes
on network segments where the loopback interfaces 0 reside.
<R1>display ospfv3 peer
n
Neighbor ID Pri State Dead Time Interface Instance ID
/c
10.2.2.2 1 Full/Backup 00:00:40 GE0/0/1 0
om
10.3.3.3 1 Full/DROther 00:00:31 GE0/0/1 0
.c
ei
2. Run IS-ISv6 among R4, R5, and R6, set the area ID of the three routers to
49.0001, and ensure that the three routers are all Level-2 routers.
aw
hu
After completing this task, check information about IS-IS neighbor relationships.
[R6]display isis 1 peer
g.
in
Peer information for ISIS(1)
rn
System Id Interface Circuit Id State HoldTime Type PRI
ea
--------------------------------------------------------------------------------
/l
Total Peer(s): 2
ht
:
3. Run OSPFv2 on the IPv4 network between R2 and R4 and set the area ID of
the two routers to 0, include loopback interfaces.
取
After completing this task, check information about the OSPF neighbor relationship.
获
--------------------------------------------------------------------------------
-------------------------------------------------------------------------------
routers to 49.0001.
After completing this task, check information about the IS-IS neighbor relationship.
<R7>display isis peer
n
-------------------------------------------------------------------------------
/c
0000.0000.0006 GE0/0/0 0000.0000.0006.03 Up 8s L2 64
om
Total Peer(s): 1
.c
ei
5. Set up full-mesh IBGP4+ IPv6 neighbor relationships among R1, R2, and R3,
aw
set the AS number of the three routers to 100, and configure R2 to advertise
default routes to AS100. Set up an IBGP4+ IPv6 neighbor relationship
hu
between R4 and R5 and set the AS number of the two routers to 200.
g.
Configure R2 to advertise default routes to AS100. in
[R1]display bgp ipv6 peer
rn
MED : 0 PrefVal : 0
Label :
Path/Ogn : i
n
/c
Local AS number : 200
om
Total number of peers : 1 Peers in established state : 1
.c
Peer V AS MsgRcvd MsgSent OutQ Up/Down State PrefRcv
ei
2002:A06:606:56::5
aw
4 200 2 2 0 00:00:16 Established 0
hu
g.
6. Set up an GRE manual tunnel between R2 and R4 with the tunnel address
2001:db8:24::/64.Set up an EBGP IPv6 neighbor relationship between R2
in
and R4 using IPv6 addresses, and configure R2 to advertise the route
2001:db8:100:00 of AS100 to AS200.
rn
ea
MED : 0 PrefVal : 0
取
Label :
获
Path/Ogn : 100 i
料
资
MED : 0 refVal : 0
Label :
Path/Ogn : 100 i
7. Import IS-ISv6 routes to BGP on R4 and R5. Ensure that all IPv6 networks
that connect to AS100 and AS200 can communicate with each other.
Run the import-route command on R4 and R5 to import IS-IS routes to BGP and
enable communication between AS100 and AS200. Since BGP+ does not run on R6, R6 does
not know the forwarding path of the data packets. It is recommended that you configure IS-IS
on R4 to advertise default IPv6 routes.
[R5]ping ipv6 -c 1 2001:db8:100::1
n
PING 2001:db8:100::1 : 56 data bytes, press CTRL_C to break
/c
Reply from 2001:DB8:100::1
om
.c
bytes=56 Sequence=1 hop limit=61 time = 60 ms
ei
--- 2001:db8:100::1 ping statistics ---
aw
1 packet(s) transmitted
hu
1 packet(s) received
g.
0.00% packet loss in
round-trip min/avg/max = 60/60/60 ms
rn
ea
It is required that DHCP be deployed together with NDP state auto configuration.
tp
State is BOUND.
取
Address : 2002:A07:707::100
9. Establish a 6to4 tunnel between R6 and R7. Ensure R7 can ping the IPv6
networks inside AS200.
n
Configuration List
/c
om
<R1>display current-configuration
.c
#
ei
sysname R1
aw
#
hu
ipv6
#
g.
in
router id 10.1.1.1
rn
#
ea
/l
ospfv3 1
:/
router-id 10.1.1.1
tp
#
ht
interface GigabitEthernet0/0/1
:
ipv6 enable
取
#
资
interface LoopBack0
多
bgp 100
router-id 10.1.1.1
ipv4-family unicast
undo synchronization
n
/c
ipv6-family unicast
om
undo synchronization
.c
peer 2001:DB8:100::2 enable
ei
peer 2001:DB8:100::3 enable
aw
#
hu
return
g.
in
<R2>display current-configuration
rn
#
ea
/l
sysname R2
:/
#
tp
ipv6
ht
#
:
router id 10.2.2.2
取
#
获
ospfv3 1
料
router-id 10.2.2.2
资
#
多
interface GigabitEthernet0/0/0
更
interface GigabitEthernet0/0/2
ipv6 enable
interface LoopBack0
n
/c
interface Tunnel0/0/0
om
ipv6 enable
.c
ipv6 address 2001:DB8:24::2/64
ei
tunnel-protocol gre
aw
source 10.2.2.2
hu
destination 10.4.4.4
#
g.
in
bgp 100
rn
router-id 10.2.2.2
ea
/l
#
:
ipv4-family unicast
取
undo synchronization
获
#
料
ipv6-family unicast
资
undo synchronization
多
network 2001:DB8:100:: 64
更
ospf 1
area 0.0.0.0
n
/c
#
om
ipv6 route-static :: 0 NULL0
.c
#
ei
return
aw
hu
<R3>display current-configuration
#
g.
in
sysname R3
rn
#
ea
/l
ipv6
:/
#
tp
router id 10.3.3.3
ht
#
:
ospfv3 1
取
router-id 10.3.3.3
获
#
料
interface Serial4/0/0
资
link-protocol ppp
多
interface GigabitEthernet0/0/0
ipv6 enable
interface LoopBack0
bgp 100
n
/c
router-id 10.3.3.3
om
undo default ipv4-unicast
.c
peer 2001:DB8:100::1 as-number 100
ei
peer 2001:DB8:100::2 as-number 100
aw
#
hu
ipv4-family unicast
undo synchronization
g.
in
#
rn
ipv6-family unicast
ea
/l
undo synchronization
:/
#
:
return
取
获
<R4>display current-configuration
料
#
资
sysname R4
多
#
更
ipv6
router id 10.4.4.4
isis 1
is-level level-2
cost-style wide
network-entity 49.0001.0000.0000.0004.00
n
/c
ipv6 default-route-advertise always
om
#
.c
firewall zone Local
ei
priority 15
aw
#
hu
interface GigabitEthernet0/0/0
interface GigabitEthernet0/0/1
ea
/l
ipv6 enable
:/
#
:
interface LoopBack0
取
#
料
interface Tunnel0/0/0
资
ipv6 enable
多
tunnel-protocol gre
source 10.4.4.4
destination 10.2.2.2
bgp 200
router-id 10.4.4.4
n
/c
ipv4-family unicast
om
undo synchronization
.c
#
ei
ipv6-family unicast
aw
undo synchronization
hu
import-route isis 1
#
:/
ospf 1
tp
area 0.0.0.0
ht
#
获
return
料
资
<R5>display current-configuration
多
#
更
sysname R5
ipv6
router id 10.5.5.5
isis 1
is-level level-2
cost-style wide
network-entity 49.0001.0000.0000.0005.00
n
/c
#
om
ipv6 enable topology standard
.c
#
ei
interface Serial4/0/0
aw
link-protocol ppp
hu
ip address 192.168.35.5 255.255.255.0
#
g.
in
interface GigabitEthernet0/0/0
rn
ipv6 enable
ea
/l
#
ht
interface LoopBack0
:
#
获
bgp 200
料
router-id 10.5.5.5
资
ipv4-family unicast
undo synchronization
ipv6-family unicast
undo synchronization
import-route isis 1
return
n
/c
om
<R6>display current-configuration
.c
#
ei
sysname R6
aw
#
hu
ipv6
#
g.
in
isis 1
rn
is-level level-2
ea
/l
cost-style wide
:/
network-entity 49.0001.0000.0000.0006.00
tp
#
ht
#
取
interface GigabitEthernet0/0/0
获
ipv6 enable
料
#
更
interface GigabitEthernet0/0/1
ipv6 enable
interface GigabitEthernet0/0/2
isis enable 1
interface LoopBack0
n
/c
ip address 10.6.6.6 255.255.255.255
om
isis enable 1
.c
#
ei
interface Tunnel0/0/0
aw
ipv6 enable
hu
ipv6 address 2002:A06:606::6/64
#
ea
/l
#
ht
return
:
取
<R7>display current-configuration
获
#
料
sysname R7
资
#
多
ipv6
更
dhcp enable
dns-server 2001:DB8:100::1
isis 1
cost-style wide
is-level level-2
n
/c
network-entity 49.0001.0000.0000.0007.00
om
#
.c
interface GigabitEthernet0/0/0
ei
ip address 192.168.67.7 255.255.255.0
aw
isis enable 1
hu
#
interface GigabitEthernet0/0/1
g.
in
ipv6 enable
rn
#
:
interface LoopBack0
取
isis enable 1
料
#
资
interface Tunnel0/0/0
多
ipv6 enable
更
source LoopBack 0
return
<R8>display current-configuration
n
/c
#
om
sysname PC
.c
#
ei
ipv6
aw
#
hu
dns resolve
#
g.
in
dhcp enable
rn
#
ea
/l
interface GigabitEthernet0/0/0
:/
ipv6 enable
tp
#
取
return
获
料
Overview
更
MPLS
The Multiprotocol Label Switching (MPLS) protocol can be used to deploy an IP
network with low cost. Similar to ATM technology, MPLS uses labels to implement fast
packet forwarding. BGP/MPLS VPN is a technique that implements VPN on MPLS networks
by using the MP-BGP protocol. On a BGP/MPLS VPN, network devices are classified into
Provider Edge (PE), Provider (P), and Customer Edge (CE). P devices are internally located
on the Service Provider's (SP) network and only run IGP and MPLS. PE devices are the edge
devices on the SP's network, and connect to the CE. PE devices run MP-BGP, and VPN
instances for users are configured on PE devices. In addition, PE devices need to run IGP and
MPLS. CE devices are the edge devices connected to customer devices. They connect
2015-8-31 Huawei Confidential Page 203 of 226
RIP Hands-on Exercise Guide Confidentiality Level
customer devices to PE devices. The only requirement on CE devices is that the CE devices
must be able to communicate with PE devices.
The BGP protocol can maintain only a single routing table, so it cannot serve the
customers with overlapping addresses or separate data of different users. To address this
problem, MP-BGP is used on the BGP/MPLS VPN. MP-BGP uses VPNv4 address family to
differentiate the network-layer protocols of different customers and uses VPN instances to
separate the routes and traffic of different customers.
SNMP
To cope with fast growing network services, a large number of network devices need to
n
/c
be deployed. In most situations, there is a long distance between these network devices and
the center equipment room where the network administrator stays. It is very difficult for a
om
network administrator to detect, locate and rectify the fault in real time if the devices do not
report the fault. This lowers maintenance efficiency and increases maintenance workload.
.c
Simple Network Management Protocol (SNMP) is introduced to address this problem. Based
on the concept of "network manages network", SNMP effectively manages network devices
ei
in batches. In addition, by using the SNMP protocol, the network management system can
aw
manage the devices of different vendors.
hu
BFD
A network device must be able to detect a communication fault between adjacent
g.
devices quickly so that the network administrator can rectify the fault and prevent service
interruption. In practice, hardware detection is used to detect link faults. For example,
in
Synchronous Digital Hierarchy (SDH) alarms are used to report link faults. However, not all
media can provide the hardware detection mechanism. Applications use the Hello mechanism
rn
of the upper-layer protocol to detect faults. The detection duration is more than 1 second,
ea
Detection (BFD) provides a fast fault detection mechanism that is independent of media and
protocols.
:/
NTP
tp
more important for devices on the entire network. If a system clock is manually modified by
network administrators, the workload is heavy and the modification is error-prone, which
:
affects clock precision. The Network Time Protocol (NTP) is formulated for clock
synchronization between devices on a network. NTP is an application-layer protocol in the
取
TCP/IP protocol suite. It synchronizes time among a set of distributed time servers and
clients. NTP is implemented based on IP and UDP, and transmits data through UDP. The port
获
NQA
资
Network Quality Analysis (NQA) is located at the link layer, and covers the network,
transport, and application layers. It is independent of the bottom-layer hardware. NQA
多
monitors network quality indicators in real time, and effectively diagnoses and locates
network faults.
更
QoS
On traditional IP networks, each network device handles all packets in an
undifferentiated manner and follows the First In First Out (FIFO) rule to transmit packets.
The devices try their best to transmit packets to the destination (Best-Effort). This Best-Effort
mode, however, does not ensure performance such as delay and reliability. Along with the
emergence of new applications on IP networks, new requirements are raised for the Quality
of Service (QoS) of IP networks. For example, voice over IP (VoIP) and video services are
delay-sensitive. A long delay in packet transmission is intolerable by customers (for which
email and FTP services are considered delay-insensitive). To support different services such
2015-8-31 Huawei Confidential Page 204 of 226
RIP Hands-on Exercise Guide Confidentiality Level
as voice, video, and data services, the network is required to distinguish different service
types before providing corresponding QoS. The Best-Effort mode cannot distinguish between
different service types on the network, and so it cannot provide differentiated QoS. The
Best-Effort mode therefore cannot meet the requirements of applications. QoS is introduced
to address this problem. QoS can control network traffic, avoid and manage network
congestion, and reduce packet loss. In addition, QoS provides dedicated bandwidth for
specific users and differentiated quality for different services.
Objectives
n
/c
Upon completion of this exercise guide, you will be able to:
Explain what BGP MPLS VPN is.
om
Configure LDP.
Configure MP-BGP.
.c
Configure SNMP.
Configure BFD.
ei
Configure QoS.
aw
Configure NQA.
Configure NTP.
hu
Tasks
g.
in
The following topology shows the network of Company A. Deploy the network
according to the following requirements:
rn
(1) Run OSPF and LDP on AR1, AR2, and AR3. Configure area 0 between AR1 and
AR2, and area 2 between AR2 and AR3. To reduce the number of routing entries in
ea
address.
(2) A backup router AR4 has been added to the SP's network. The links between AR1
:/
and AR4, between AR3 and AR4 are low-speed links, and run IS-IS. Ensure that
the traffic is preferentially transmitted through AR1-AR2-AR3 and uses
tp
implement mutual access, and configure static routes between the CE and PE
:
devices.
(4) With the growth of services, the customer leases lines from other SPs. The
取
customer prefers MPLS VPN. If the link between AR1 and AR6 or between AR3
and AR5 fails, ensure that the traffic can be switched to the link between R5 and
获
network need to be dual homed to PE devices and run BGP. Tear down the original
资
only on router AR6. Static routes are still used between AR3 and AR5.
(6) Add a new NMS to the VPN and ensure the connectivity between the NMS and
更
other network devices. Configure LSW3 in the NMS as the NTP server and other
devices as NTP clients; LSW2 use network 11.1.5.0/24 to connect to PE.
(7) Run SNMPv2 on network devices; public as RO community, private as RW
community.
(8) Configure NQA on the link between AR5 and AR6. Ensure that AR5 and AR6 can
send traps to the NMS server when three consecutive ICMP packets are dropped.
The address of NMS is 11.1.5.254.
(9) Configure traffic classifiers on AR6’s interface Ge0/0/1, Mark traffic of http/telnet
as DSCP AF41 and set the CAR for other traffic. Ensure the bandwidth of other
traffic under 2M.
Topology
n
/c
om
.c
ei
aw
hu
g.
in
IP Address Table
rn
Default
Device Interface IP Address Subnet Mask
ea
Gateway
/l
1. Run OSPF and LDP on AR1, AR2, and AR3. Configure area 0 between AR1
and AR2, and area 2 between AR2 and AR3. To reduce the number of
routing entries in area 0, configure OSPF route aggregation on AR2 to
summarize R3’s loopback address.
n
/c
The Loopback interface address of AR3 is in the routing table on AR1, but does not use
the 32-bit mask. Therefore, LDP cannot distribute labels. Add static routes.
om
[R1]display ip routing-table
.c
Destination/Mask Proto Pre Cost Flags NextHop Interface
ei
1.1.1.1/32 Direct 0 0 D 127.0.0.1 LoopBack0
aw
2.2.2.2/32 OSPF 10 1 D 10.1.1.2 GigabitEthernet0/0/0
hu
g.
3.3.3.0/24 OSPF 10 2 D 10.1.1.2 GigabitEthernet0/0/0
in
3.3.3.3/32 Static 60 0 RD 10.1.1.2 GigabitEthernet0/0/0
rn
……
ht
-------------------------------------------------------------------------------
取
获
-------------------------------------------------------------------------------
资
2. A backup router AR4 has been added to the SP's network. The links between
AR1 and AR4, between AR3 and AR4 are low-speed links, and run IS-IS.
Ensure that the traffic is preferentially transmitted through AR1-AR2-AR3
and uses AR1-AR4-AR3 as the backup link.
The static routes are configured for the path AR1-AR2-AR3 and IS-IS is configured on
the path AR1-AR4-AR3. IS-IS advertises the specific routes. IS-IS has a higher priority than
static routes and so traffic is transmitted to AR4. To meet the task requirements, change the
priority of static routes to be lower than the IS-IS priority.
<R4>dis isis peer
n
/c
Peer information for ISIS(1)
om
System Id Interface Circuit Id State HoldTime Type PRI
.c
-------------------------------------------------------------------------------
ei
0000.0000.0001 S1/0/0 0000000002 Up 24s L2 --
aw
0000.0000.0003 S1/0/1 0000000001 Up 26s L2 --
hu
g.
Total Peer(s): 2
in
3. Connect the customer devices AR5 and AR6 to the SP's network as VPN1 to
rn
implement mutual access, and configure static routes between the CE and
PE devices.
ea
After configuration, we can see the route information of VPN1, and CE routers can ping
/l
each other.
:/
n
/c
5 packet(s) transmitted
om
5 packet(s) received
.c
0.00% packet loss
ei
round-trip min/avg/max = 30/32/40 ms
aw
hu
4. With the growth of services, the customer leases lines from other SPs. The
g.
customer prefers MPLS VPN. If the link between AR1 and AR6 or between
AR3 and AR5 fails, ensure that the traffic can be switched to the link
in
between R5 and R6. Static routes are still used on the customer's network.
rn
ea
/l
:/
tp
ht
:
取
获
料
资
多
Configure a static route on the backup link between R5 and R6 and reduce the priority
更
of the static route. Create a BFD session between the ISP interfaces of R5 and R6 and
associate the BFD session with the static route. When the BFD session is down, the static
route should be deleted.R5 and R6 use 11.2.1.x/24 to connect together.
[R5]display bfd session all
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
n
headquarters network need to be dual homed to PE devices and run BGP.
/c
Tear down the original backup link. Ensure that the traffic is preferentially
transmitted through AR6-AR1-AR3-AR5, and uses AR6-AR4-AR3-AR5 as
om
the backup path. Configure only on router AR6.Static routes are still used
.c
between AR3 and AR5.
ei
aw
hu
g.
in
rn
ea
/l
:/
tp
ht
R3.Establish BGP connection between R6 and PEs. Use network address 11.1.4.0/24 between
R4 and R6, the Headquarter use AS number as 65001.
取
* 11.1.4.1 0 100?
多
更
* 11.1.4.1 0 100?
n
/c
Network NextHop MED LocPrf PrefVal Path/Ogn
om
*> 5.5.5.5/32 0.0.0.0 0 0 ?
.c
*>i 6.6.6.6/32 1.1.1.1 0 100 0 65001i
ei
* i 4.4.4.4 200 100 0 65001i
aw
*>i 11.1.1.0/24 1.1.1.1 0 100 0 65001i
hu
* i 4.4.4.4 200 100 0 65001i
6. Add a new NMS to the VPN and ensure the connectivity between the NMS
:
and other network devices. Configure LSW3 in the NMS as the NTP server
取
and other devices as NTP clients. LSW2 use network 11.1.5.0/24 to connect to
PE.
获
clock stratum: 3
更
n
“private” as RW community.
/c
om
Configure SNMP on the routers inside VPN1.
.c
8. Configure NQA on the link between AR5 and AR6. Ensure that AR5 and
ei
AR6 can send traps to the NMS server when three consecutive ICMP packets
are dropped. The address of NMS is 11.1.5.254.
aw
Configure NQA. Configure appropriate NQA test instances.
hu
[R6]dis nqa results
g.
NQA entry(admin, R5R6) :testflag is active ,testtype is icmp
in
1 . Test 5 result The test is finished
rn
ea
Destination ip address:5.5.5.5
获
Questions
Configuration List
<R1>display current-configuration
n
/c
sysname R1
om
#
.c
ip vpn-instance VPN1
ei
ipv4-family
aw
route-distinguisher 100:1
hu
g.
vpn-target 100:1 export-extcommunity
in
vpn-target 100:1 import-extcommunity
rn
#
ea
mpls
:/
#
tp
mpls ldp
ht
#
:
isis 1
取
is-level level-2
获
料
network-entity 47.0001.0000.0000.0001.00
资
#
多
interface Serial1/0/1
更
link-protocol ppp
isis enable 1
mpls
mpls ldp
interface GigabitEthernet0/0/0
mpls
mpls ldp
n
/c
#
om
interface GigabitEthernet0/0/1
.c
ip binding vpn-instance VPN1
ei
ip address 11.1.5.1 255.255.255.0
aw
trust dscp
hu
#
interface GigabitEthernet0/0/2
g.
in
ip binding vpn-instance VPN1
rn
trust dscp
:/
#
tp
interface LoopBack0
ht
isis enable 1
取
#
获
bgp 100
料
#
更
ipv4-family unicast
undo synchronization
ipv4-family vpnv4
policy vpn-target
import-route direct
n
/c
peer 11.1.1.2 as-number 65001
om
#
.c
ospf 1
ei
area 0.0.0.0
aw
network 1.1.1.1 0.0.0.0
hu
network 10.1.1.0 0.0.0.255
#
g.
in
ip route-static 3.3.3.3 255.255.255.255 10.1.1.2 preference 14
rn
#
ea
/l
return
:/
tp
<R2>display current-configuration
ht
#
:
sysname R2
取
#
获
mpls
资
#
多
mpls ldp
更
interface GigabitEthernet0/0/0
mpls
mpls ldp
interface GigabitEthernet0/0/1
mpls
mpls ldp
n
/c
#
om
interface LoopBack0
.c
ip address 2.2.2.2 255.255.255.255
ei
#
aw
ospf 1
hu
area 0.0.0.0
area 0.0.0.1
ea
/l
#
ht
return
:
取
<R3>display current-configuration
获
#
料
sysname R3
资
#
多
ip vpn-instance VPN1
更
ipv4-family
route-distinguisher 100:1
mpls
mpls ldp
n
/c
isis 1
om
is-level level-2
.c
network-entity 47.0001.0000.0000.0003.00
ei
#
aw
interface Serial1/0/1
hu
link-protocol ppp
mpls
ea
/l
mpls ldp
:/
#
tp
interface GigabitEthernet0/0/1
ht
mpls
取
mpls ldp
获
#
料
interface GigabitEthernet0/0/2
资
interface LoopBack0
isis enable 1
bgp 100
n
/c
#
om
ipv4-family unicast
.c
undo synchronization
ei
undo peer 1.1.1.1 enable
aw
undo peer 4.4.4.4 enable
hu
#
ipv4-family vpnv4
g.
in
policy vpn-target
rn
#
tp
import-route direct
:
import-route static
取
#
获
ospf 1
料
area 0.0.0.1
资
return
<R4>display current-configuration
sysname R4
ip vpn-instance VPN1
n
/c
ipv4-family
om
route-distinguisher 100:1
.c
vpn-target 100:1 export-extcommunity
ei
vpn-target 100:1 import-extcommunity
aw
#
hu
mpls lsr-id 4.4.4.4
mpls
g.
in
#
rn
mpls ldp
ea
/l
#
:/
isis 1
tp
is-level level-2
ht
network-entity 47.0001.0000.0000.0004.00
:
#
取
interface Serial1/0/0
获
link-protocol ppp
料
isis enable 1
多
mpls
更
mpls ldp
interface Serial1/0/1
link-protocol ppp
isis enable 1
mpls
mpls ldp
interface GigabitEthernet0/0/1
n
/c
ip binding vpn-instance VPN1
om
ip address 11.1.4.1 255.255.255.0
.c
trust dscp
ei
#
aw
interface LoopBack0
hu
ip address 4.4.4.4 255.255.255.255
isis enable 1
g.
in
#
rn
bgp 100
ea
/l
#
ht
ipv4-family unicast
:
undo synchronization
取
#
料
ipv4-family vpnv4
资
policy vpn-target
多
return
<R5>display current-configuration
sysname R5
n
/c
snmp-agent local-engineid 800007DB03000000000000
om
snmp-agent community read %$%$myajH5!e}TA{{B(PGDg',.Vy%$%$
.c
snmp-agent community write %$%$1\z;+o/>^)PB+`/Y\,\,,.Vy%$%$
ei
snmp-agent sys-info version v2c
aw
snmp-agent
hu
#
interface GigabitEthernet0/0/0
ea
/l
#
tp
interface LoopBack0
ht
#
取
#
料
return
资
多
<R6>display current-configuration
更
sysname R6
ramsname TRAPWORD
n
/c
snmp-agent trap enable
om
snmp-agent
.c
#
ei
ntp-service unicast-server 11.1.5.2
aw
#
hu
acl number 3001
g.
rule 10 permit tcp source-port eq www destination-port eq www
in
rule 20 permit tcp destination-port eq www
rn
#
tp
if-match any
获
#
料
car cir 2000 cbs 376000 pbs 626000 green pass yellow pass red discard
interface GigabitEthernet0/0/0
interface GigabitEthernet0/0/1
n
/c
traffic-policy POL6 inbound
om
#
.c
interface GigabitEthernet0/0/2
ei
ip address 11.1.4.2 255.255.255.0
aw
#
hu
interface LoopBack0
bgp 65001
ea
/l
#
ht
ipv4-family unicast
:
undo synchronization
取
n
/c
nqa test-instance admin R5R6
om
test-type icmp
.c
destination-address ipv4 5.5.5.5
ei
test-failtimes 3
aw
send-trap testfailure
hu
frequency 5
timeout 1
g.
in
start now
rn
#
ea
/l
return
:/
tp
<LSW1>display current-configuration
ht
#
:
sysname LSW1
取
#
获
#
资
interface Vlanif1
多
snmp-agent
return
n
/c
om
<SW2>display current-configuration
.c
#
ei
sysname SW2
aw
#
hu
ntp-service refclock-master 2
#
g.
in
interface Vlanif1
rn
#
:/
interface MEth0/0/1
tp
#
ht
interface Ethernet0/0/1
:
#
获
#
资
snmp-agent
多
return
n
/c
om
.c
ei
aw
hu
g.
in
rn
ea
/l
:/
tp
ht
:
取
获
料
资
多
更