实验拓扑 配置参数 任务1:设备命名 为了方便后期维护和故障定位及网络的规范性,需要对网络设备进行规范化命名。 请根据Figure 3-1实验考试拓扑对设备进行命名。 命名规则为:
实验拓扑 配置参数 任务1:设备命名 为了方便后期维护和故障定位及网络的规范性,需要对网络设备进行规范化命名。 请根据Figure 3-1实验考试拓扑对设备进行命名。 命名规则为:
实验拓扑
配置参数
任务1:设备命名
为了方便后期维护和故障定位及网络的规范性,需要对网络设备进行规范化命名。
请根据Figure 3-1实验考试拓扑对设备进行命名。
命名规则为:城市-设备的设置地点-设备的功能属性和序号-设备型号。
例如::处于杭州校园的核心层路由器,命名为:HZ-HZXiaoYuan-Core01-AR6140。
请注意大小写,务必与Figure3-1实验考试拓扑保持一致。
HZ-HZXiaoYuan-Agg01-S5731
<Huawei>undo t m
<Huawei>sy
[Huawei]sy HZ-HZXiaoYuan-Agg01-S5731
[HZ-HZXiaoYuan-Agg01-S5731]HZ-HZXiaoYuan-Agg02-S5731
<Huawei>undo t m
<Huawei>sy
[Huawei]sy HZ-HZXiaoYuan-Agg02-S5731
[HZ-HZXiaoYuan-Agg02-S5731]HZ-HZXiaoYuan-Acc02-S5731
<Huawei>undo t m
<Huawei>sy
[Huawei]sy HZ-HZXiaoYuan-Acc02-S5731
[HZ-HZXiaoYuan-Acc02-S5731]HZ-HZXiaoYuan-Acc01-S5731
<Huawei>undo t m
<Huawei>sy
[Huawei]sy HZ-HZXiaoYuan-Acc01-S5731
[HZ-HZXiaoYuan-Acc01-S5731]HZ-HZXiaoYuan-Core01-AR6140
<Huawei>undo t m
<Huawei>sy
[Huawei]sy HZ-HZXiaoYuan-Core01-AR6140
[HZ-HZXiaoYuan-Core01-AR6140]HZ-HZXiaoYuan-Core02-AR6140
<Huawei>undo t m
<Huawei>sy
[Huawei]sy HZ-HZXiaoYuan-Core02-AR6140
[HZ-HZXiaoYuan-Core02-AR6140]HZ-HZXiaoYuan-Edge01-AR6140
<Huawei>undo t m
<Huawei>sy
[Huawei]sy HZ-HZXiaoYuan-Edge01-AR6140
[HZ-HZXiaoYuan-Edge01-AR6140]SH-SHXiaoYuan-Edge01-AR6140
<Huawei>undo t m
<Huawei>sy
[Huawei]sy SH-SHXiaoYuan-Edge01-AR6140
[SH-SHXiaoYuan-Edge01-AR6140]HZ-HZEDU-Edge01-AR6140
<Huawei>undo t m
<Huawei>sy
[Huawei]sy HZ-HZEDU-Edge01-AR6140
[HZ-HZEDU-Edge01-AR6140]任务2:链路聚合
校园网中用户密度极大,在学生上网的高峰时段,会产生大量的网络流量。为了保证汇聚层链路的稳定性,在不升级硬件设备的前提下最大限度的提升带宽。在Agg01与Agg02之间配置链路聚合。请通过手工模式实现二层链路聚合,成员接口为GE0/0/21、GE0/0/22、GEO/0/23,聚合组ID为1。
HZ-HZXiaoYuan-Agg01-S5731
[HZ-HZXiaoYuan-Agg01-S5731]int Eth-Trunk 1
[HZ-HZXiaoYuan-Agg01-S5731-Eth-Trunk1]t
[HZ-HZXiaoYuan-Agg01-S5731-Eth-Trunk1]trunkport g0/0/21
[HZ-HZXiaoYuan-Agg01-S5731-Eth-Trunk1]trunkport g0/0/22
[HZ-HZXiaoYuan-Agg01-S5731-Eth-Trunk1]trunkport g0/0/23HZ-HZXiaoYuan-Agg02-S5731
[HZ-HZXiaoYuan-Agg02-S5731]int Eth-Trunk 1
[HZ-HZXiaoYuan-Agg02-S5731-Eth-Trunk1]t
[HZ-HZXiaoYuan-Agg02-S5731-Eth-Trunk1]trunkport g0/0/21
[HZ-HZXiaoYuan-Agg02-S5731-Eth-Trunk1]trunkport g0/0/22
[HZ-HZXiaoYuan-Agg02-S5731-Eth-Trunk1]trunkport g0/0/23
[HZ-HZXiaoYuan-Agg02-S5731-Eth-Trunk1]任务3:VLAN
为了确保网络的稳定与安全,避免二层网络过大可能带来的问题,在本网络中进行VLAN的规划部署。
请根据Figure 3-1实验考试拓扑和Table 3-1 VLAN信息,在对应交换机上配置所需的VLAN。
注意:为了保证网络的连通性,交换机只允许题目中规定的VLAN通过。
[HZ-HZXiaoYuan-Agg01-S5731]
[HZ-HZXiaoYuan-Agg01-S5731]v b 1 10 20 100
[HZ-HZXiaoYuan-Agg01-S5731]int g0/0/1
[HZ-HZXiaoYuan-Agg01-S5731-GigabitEthernet0/0/1]port link-type trunk
[HZ-HZXiaoYuan-Agg01-S5731-GigabitEthernet0/0/1]port trunk allow-pass vlan 10 20
[HZ-HZXiaoYuan-Agg01-S5731-GigabitEthernet0/0/1]int g0/0/3
[HZ-HZXiaoYuan-Agg01-S5731-GigabitEthernet0/0/3]port link-type trunk
[HZ-HZXiaoYuan-Agg01-S5731-GigabitEthernet0/0/3]port trunk allow-pass vlan 10 20
[HZ-HZXiaoYuan-Agg01-S5731-GigabitEthernet0/0/3]int g0/0/24
[HZ-HZXiaoYuan-Agg01-S5731-GigabitEthernet0/0/24]port link-type access
[HZ-HZXiaoYuan-Agg01-S5731-GigabitEthernet0/0/24]port default vlan 100
[HZ-HZXiaoYuan-Agg01-S5731-GigabitEthernet0/0/24]int et 1
[HZ-HZXiaoYuan-Agg01-S5731-Eth-Trunk1]port link-type trunk
[HZ-HZXiaoYuan-Agg01-S5731-Eth-Trunk1]po t a v 10 20
[HZ-HZXiaoYuan-Agg01-S5731-Eth-Trunk1]
[HZ-HZXiaoYuan-Agg02-S5731]
[HZ-HZXiaoYuan-Agg02-S5731]v b 10 20 101
[HZ-HZXiaoYuan-Agg02-S5731]int g0/0/2
[HZ-HZXiaoYuan-Agg02-S5731-GigabitEthernet0/0/2]port link-t t
[HZ-HZXiaoYuan-Agg02-S5731-GigabitEthernet0/0/2]po t a v 10 20
[HZ-HZXiaoYuan-Agg02-S5731-GigabitEthernet0/0/2]int g0/0/4
[HZ-HZXiaoYuan-Agg02-S5731-GigabitEthernet0/0/4]po link-t t
[HZ-HZXiaoYuan-Agg02-S5731-GigabitEthernet0/0/4]po t a v 10 20
[HZ-HZXiaoYuan-Agg02-S5731-GigabitEthernet0/0/4]int g0/0/24
[HZ-HZXiaoYuan-Agg02-S5731-GigabitEthernet0/0/24]po link-t a
[HZ-HZXiaoYuan-Agg02-S5731-GigabitEthernet0/0/24]po de v 101
[HZ-HZXiaoYuan-Agg02-S5731-GigabitEthernet0/0/24]int et 1
[HZ-HZXiaoYuan-Agg02-S5731-Eth-Trunk1]po link-t t
[HZ-HZXiaoYuan-Agg02-S5731-Eth-Trunk1]po t a v 10 20
[HZ-HZXiaoYuan-Agg02-S5731-Eth-Trunk1]
[HZ-HZXiaoYuan-Acc01-S5731]v b 10 20
[HZ-HZXiaoYuan-Acc01-S5731]int g0/0/3
[HZ-HZXiaoYuan-Acc01-S5731-GigabitEthernet0/0/3]po link-t t
[HZ-HZXiaoYuan-Acc01-S5731-GigabitEthernet0/0/3]po t a v 10 20
[HZ-HZXiaoYuan-Acc01-S5731-GigabitEthernet0/0/3]int g0/0/4
[HZ-HZXiaoYuan-Acc01-S5731-GigabitEthernet0/0/4]po link-t t
[HZ-HZXiaoYuan-Acc01-S5731-GigabitEthernet0/0/4]po t a v 10 20
[HZ-HZXiaoYuan-Acc01-S5731-GigabitEthernet0/0/4]int g0/0/24
[HZ-HZXiaoYuan-Acc01-S5731-GigabitEthernet0/0/24]po link-t h
[HZ-HZXiaoYuan-Acc01-S5731-GigabitEthernet0/0/24]port hybrid pvid vlan 20
[HZ-HZXiaoYuan-Acc01-S5731-GigabitEthernet0/0/24]port hybrid untagged vlan 20
[HZ-HZXiaoYuan-Acc01-S5731-GigabitEthernet0/0/24]
[HZ-HZXiaoYuan-Acc02-S5731]v b 10 20
[HZ-HZXiaoYuan-Acc02-S5731]int g0/0/1
[HZ-HZXiaoYuan-Acc02-S5731-GigabitEthernet0/0/1]po link-t t
[HZ-HZXiaoYuan-Acc02-S5731-GigabitEthernet0/0/1]po t a v 10 20
[HZ-HZXiaoYuan-Acc02-S5731-GigabitEthernet0/0/1]int g0/0/2
[HZ-HZXiaoYuan-Acc02-S5731-GigabitEthernet0/0/2]po link-t t
[HZ-HZXiaoYuan-Acc02-S5731-GigabitEthernet0/0/2]po t a v 10 20
[HZ-HZXiaoYuan-Acc02-S5731-GigabitEthernet0/0/2]int g0/0/23
[HZ-HZXiaoYuan-Acc02-S5731-GigabitEthernet0/0/23]po link-t a
[HZ-HZXiaoYuan-Acc02-S5731-GigabitEthernet0/0/23]po de v 10
[HZ-HZXiaoYuan-Acc02-S5731-GigabitEthernet0/0/23]int g0/0/24
[HZ-HZXiaoYuan-Acc02-S5731-GigabitEthernet0/0/24]po link-t a
[HZ-HZXiaoYuan-Acc02-S5731-GigabitEthernet0/0/24]po de v 10
[HZ-HZXiaoYuan-Acc02-S5731-GigabitEthernet0/0/24]
任务4:IP 编址
请根据Figure 3-1实验考试拓扑和Table 3-2 IP地址规划给出的信息,配置对应网络设备接口的IP地址。
[HZ-HZXiaoYuan-Edge01-AR6140]int g0/0/0
[HZ-HZXiaoYuan-Edge01-AR6140-GigabitEthernet0/0/0]ip ad 10.1.12.1 24
[HZ-HZXiaoYuan-Edge01-AR6140-GigabitEthernet0/0/0]int g0/0/1
[HZ-HZXiaoYuan-Edge01-AR6140-GigabitEthernet0/0/1]ip ad 10.1.13.1 24
[HZ-HZXiaoYuan-Edge01-AR6140-GigabitEthernet0/0/1]int g0/0/2
[HZ-HZXiaoYuan-Edge01-AR6140-GigabitEthernet0/0/2]ip ad 10.1.15.1 24
[HZ-HZXiaoYuan-Edge01-AR6140-GigabitEthernet0/0/2]int s 4/0/0
[HZ-HZXiaoYuan-Edge01-AR6140-Serial4/0/0]ip ad 10.2.15.1 24
[HZ-HZXiaoYuan-Edge01-AR6140-Serial4/0/0]int lo 0
[HZ-HZXiaoYuan-Edge01-AR6140-LoopBack0]ip ad 10.1.1.1 32
[HZ-HZXiaoYuan-Edge01-AR6140-LoopBack0]
[HZ-HZXiaoYuan-Core01-AR6140]int g0/0/0
[HZ-HZXiaoYuan-Core01-AR6140-GigabitEthernet0/0/0]ip ad 10.1.12.2 24
[HZ-HZXiaoYuan-Core01-AR6140-GigabitEthernet0/0/0]int g0/0/1
[HZ-HZXiaoYuan-Core01-AR6140-GigabitEthernet0/0/1]ip ad 10.1.26.2 24
[HZ-HZXiaoYuan-Core01-AR6140-GigabitEthernet0/0/1]int g0/0/2
[HZ-HZXiaoYuan-Core01-AR6140-GigabitEthernet0/0/2]ip ad 10.1.23.2 24
[HZ-HZXiaoYuan-Core01-AR6140-GigabitEthernet0/0/2]int lo 0
[HZ-HZXiaoYuan-Core01-AR6140-LoopBack0]ip ad 10.1.2.2 32
[HZ-HZXiaoYuan-Core01-AR6140-LoopBack0]
[HZ-HZXiaoYuan-Core02-AR6140]int g0/0/0
[HZ-HZXiaoYuan-Core02-AR6140-GigabitEthernet0/0/0]ip ad 10.1.37.3 24
[HZ-HZXiaoYuan-Core02-AR6140-GigabitEthernet0/0/0]int g0/0/1
[HZ-HZXiaoYuan-Core02-AR6140-GigabitEthernet0/0/1]ip ad 10.1.13.3 24
[HZ-HZXiaoYuan-Core02-AR6140-GigabitEthernet0/0/1]int g0/0/2
[HZ-HZXiaoYuan-Core02-AR6140-GigabitEthernet0/0/2]ip ad 10.1.23.3 24
[HZ-HZXiaoYuan-Core02-AR6140-GigabitEthernet0/0/2]int lo 0
[HZ-HZXiaoYuan-Core02-AR6140-LoopBack0]ip ad 10.1.3.3 32
[HZ-HZXiaoYuan-Core02-AR6140-LoopBack0]
[HZ-HZEDU-Edge01-AR6140]int g0/0/0
[HZ-HZEDU-Edge01-AR6140-GigabitEthernet0/0/0]ip ad 192.168.4.254 24
[HZ-HZEDU-Edge01-AR6140-GigabitEthernet0/0/0]int s 4/0/0
[HZ-HZEDU-Edge01-AR6140-Serial4/0/0]ip ad 10.2.14.4 24
[HZ-HZEDU-Edge01-AR6140-Serial4/0/0]int lo 0
[HZ-HZEDU-Edge01-AR6140-LoopBack0]ip ad 10.1.4.4 32
[HZ-HZEDU-Edge01-AR6140-LoopBack0]
[SH-SHXiaoYuan-Edge01-AR6140]int g0/0/0
[SH-SHXiaoYuan-Edge01-AR6140-GigabitEthernet0/0/0]ip ad 10.1.15.5 24
[SH-SHXiaoYuan-Edge01-AR6140-GigabitEthernet0/0/0]int g0/0/1
[SH-SHXiaoYuan-Edge01-AR6140-GigabitEthernet0/0/1]ip ad 192.168.5.254 24
[SH-SHXiaoYuan-Edge01-AR6140-GigabitEthernet0/0/1]int lo 0
[SH-SHXiaoYuan-Edge01-AR6140-LoopBack0]ip ad 10.1.5.5 32
[SH-SHXiaoYuan-Edge01-AR6140-LoopBack0]
[HZ-HZXiaoYuan-Agg01-S5731]int v 10
[HZ-HZXiaoYuan-Agg01-S5731-Vlanif10]ip ad 192.168.10.100 24
[HZ-HZXiaoYuan-Agg01-S5731-Vlanif10]int v 20
[HZ-HZXiaoYuan-Agg01-S5731-Vlanif20]ip ad 192.168.20.101 24
[HZ-HZXiaoYuan-Agg01-S5731-Vlanif20]int v100
[HZ-HZXiaoYuan-Agg01-S5731-Vlanif100]ip a 10.1.26.6 24
[HZ-HZXiaoYuan-Agg01-S5731-Vlanif100]int lo 0
[HZ-HZXiaoYuan-Agg01-S5731-LoopBack0]ip ad 10.1.6.6 32
[HZ-HZXiaoYuan-Agg01-S5731-LoopBack0]
[HZ-HZXiaoYuan-Agg02-S5731]int v 10
[HZ-HZXiaoYuan-Agg02-S5731-Vlanif10]ip ad 192.168.10.101 24
[HZ-HZXiaoYuan-Agg02-S5731-Vlanif10]int v 20
[HZ-HZXiaoYuan-Agg02-S5731-Vlanif20]ip ad 192.168.20.100 24
[HZ-HZXiaoYuan-Agg02-S5731-Vlanif20]int v 101
[HZ-HZXiaoYuan-Agg02-S5731-Vlanif101]ip ad 10.1.37.7 24
[HZ-HZXiaoYuan-Agg02-S5731-Vlanif101]int lo 0
[HZ-HZXiaoYuan-Agg02-S5731-LoopBack0]ip ad 10.1.7.7 32
[HZ-HZXiaoYuan-Agg02-S5731-LoopBack0]
任务5:RSTP
为了防止二层网络中出现环路,导致广播风暴等问题。在Acc01、Acc02、Agg01、Agg02之间配置STP协议。
- STP模式为RSTP。要求通过使用“stp root primary/secondary" 命令,使得Agg01为根桥,Agg02为备份根桥。
- 为了保证网络连通性,在不改变交换机角色的前提下,通过修改接入层交换机接口的开销值使得Acc01-Agg01、Acc02-Agg02 这两条链路被阻塞,必要的接口开销值改为200000。
- 为了最大限度的保证网络的稳定性,避免主机频繁重启导致的网络波动。要求所有与PC相连的交换机端口,不参加STP计算,直接进入Forwarding状态转发。
[HZ-HZXiaoYuan-Agg01-S5731]stp mode rstp
[HZ-HZXiaoYuan-Agg01-S5731]stp root primary
[HZ-HZXiaoYuan-Agg02-S5731]stp mode rstp
[HZ-HZXiaoYuan-Agg02-S5731]stp root secondary
[HZ-HZXiaoYuan-Acc02-S5731]stp mode rstp
[HZ-HZXiaoYuan-Acc01-S5731]stp mode rstp
[HZ-HZXiaoYuan-Acc01-S5731-GigabitEthernet0/0/3] stp instance 0 cost 200000
[HZ-HZXiaoYuan-Acc02-S5731]int g0/0/24
[HZ-HZXiaoYuan-Acc02-S5731-GigabitEthernet0/0/24]stp edged-port enable
[HZ-HZXiaoYuan-Acc02-S5731-GigabitEthernet0/0/24]int g0/0/23
[HZ-HZXiaoYuan-Acc02-S5731-GigabitEthernet0/0/23]stp edged-port enable
[HZ-HZXiaoYuan-Acc01-S5731]int g0/0/24
[HZ-HZXiaoYuan-Acc01-S5731-GigabitEthernet0/0/24]stp edged-port enable
[HZ-HZXiaoYuan-Acc01-S5731-GigabitEthernet0/0/24]
任务6:VRRP
单一网关的设置,在物理设备与链路出现故障时,会导致大量用户无法上网的情况。为了保证校园网中宿舍楼及教学楼的终端访问网络的稳定性,在校园网络的网关位置进行冗余备份配置,通过在Agg01、Agg02 上部署VRRP协议,满足上述要求。
- VLAN 10使用VRRP备份组1, VRRP备份组1虚拟IP地址为192.168.10.254。VLAN 20使用VRRP备份组2, VRRP 备份组2虚拟IP地址为192.168.20.254。
- VRRP 备份组1以Agg01为主网关(优先级为120) ,Agg02作为备份网关(优先级为缺省); VRRP备份组2以Agg02为主网关(优先级为120),Agg01 作为备份网关(优先级为缺省)。
- 分别在两个备份组中监测上行接口,当上行接口出现故障时主网关优先级降低30,主动完成切换。
[HZ-HZXiaoYuan-Agg01-S5731]int v 10
[HZ-HZXiaoYuan-Agg01-S5731-Vlanif10]vrrp vrid 1 virtual-ip 192.168.10.254
[HZ-HZXiaoYuan-Agg01-S5731-Vlanif10]int v 20
[HZ-HZXiaoYuan-Agg01-S5731-Vlanif20]vrrp vrid 2 virtual-ip 192.168.20.254
[HZ-HZXiaoYuan-Agg01-S5731-Vlanif20]int v10
[HZ-HZXiaoYuan-Agg01-S5731-Vlanif10]vrrp vrid 1 priority 120
[HZ-HZXiaoYuan-Agg01-S5731-Vlanif10]vrrp vrid 1 track int g0/0/24 reduced 30
[HZ-HZXiaoYuan-Agg02-S5731]int v 10
[HZ-HZXiaoYuan-Agg02-S5731-Vlanif10]vrrp vrid 1 virtual-ip 192.168.10.254
[HZ-HZXiaoYuan-Agg02-S5731-Vlanif10]int v 20
[HZ-HZXiaoYuan-Agg02-S5731-Vlanif20]vrrp vrid 2 virtual-ip 192.168.20.254
[HZ-HZXiaoYuan-Agg02-S5731-Vlanif20]vrrp vrid 2 priority 120
[HZ-HZXiaoYuan-Agg02-S5731-Vlanif20]vrrp vrid 2 track int g0/0/24 reduced 30
任务7:OSPF
为了满足校园网中众多设备之间的三层访问,且避免路由环路的出现,保证后期校园网络的扩展性,选用动态路由协议OSPF作为本校园网络的IGP。
- Agg01、 Agg02、Core01、Core02、HZ-HZXiaoYuan-Edge01-AR6140 (除S4/0/0 )、SH-SHXiaoYuan-Edge01-AR6140之间运行OSPF,配置OSPF进程号为1,SHXiaoYuan- Edge01的所有接口及HZXiaoYuan的GE0/0/2接口在区域1,其他都在骨干区域。多区域配置的命令:area 1 network x.x.x.x x.x.x.x
- 在创建OSPF进程时手动设定Router ID与环回口地址一致。要求所有网段采用32位精确宣告。例如:将1.2.3.4/24 此地址进行32位宣告的命令为Network 1.2.3.4 0.0.0.0。
- 修改
- 为了加强攻击行为的防范性,在HZXiaoYuan-Edge01、Core01、Core02 三台设备的互联接口上配置接口认证,选择md5加密算法,认证密钥ID为1,密钥类型为cipher,密码为huawei。
[HZ-HZXiaoYuan-Agg01-S5731]ospf 1 r 10.1.6.6
[HZ-HZXiaoYuan-Agg01-S5731-ospf-1]a 0
[HZ-HZXiaoYuan-Agg01-S5731-ospf-1-area-0.0.0.0] network 10.1.6.6 0.0.0.0
[HZ-HZXiaoYuan-Agg01-S5731-ospf-1-area-0.0.0.0]net 192.168.10.100 0.0.0.0
[HZ-HZXiaoYuan-Agg01-S5731-ospf-1-area-0.0.0.0]net 192.168.20.101 0.0.0.0
[HZ-HZXiaoYuan-Agg01-S5731-ospf-1-area-0.0.0.0]net 10.1.26.6 0.0.0.0
[HZ-HZXiaoYuan-Agg01-S5731-ospf-1-area-0.0.0.0]
[HZ-HZXiaoYuan-Agg02-S5731] ospf 1 router-id 10.1.7.7
[HZ-HZXiaoYuan-Agg02-S5731-ospf-1]a 0
[HZ-HZXiaoYuan-Agg02-S5731-ospf-1-area-0.0.0.0] network 10.1.7.7 0.0.0.0
[HZ-HZXiaoYuan-Agg02-S5731-ospf-1-area-0.0.0.0]net 192.168.10.101 0.0.0.0
[HZ-HZXiaoYuan-Agg02-S5731-ospf-1-area-0.0.0.0]net 192.168.20.100 0.0.0.0
[HZ-HZXiaoYuan-Agg02-S5731-ospf-1-area-0.0.0.0]net 10.1.37.7 0.0.0.0
[HZ-HZXiaoYuan-Core01-AR6140] ospf 1 router-id 10.1.2.2
[HZ-HZXiaoYuan-Core01-AR6140-ospf-1]a 0
[HZ-HZXiaoYuan-Core01-AR6140-ospf-1-area-0.0.0.0] network 10.1.2.2 0.0.0.0
[HZ-HZXiaoYuan-Core01-AR6140-ospf-1-area-0.0.0.0]net 10.1.12.2 0.0.0.0
[HZ-HZXiaoYuan-Core01-AR6140-ospf-1-area-0.0.0.0]net 10.1.26.2 0.0.0.0
[HZ-HZXiaoYuan-Core01-AR6140-ospf-1-area-0.0.0.0]net 10.1.23.2 0.0.0.0
[HZ-HZXiaoYuan-Core02-AR6140]ospf 1 r 10.1.3.3
[HZ-HZXiaoYuan-Core02-AR6140-ospf-1]a 0
[HZ-HZXiaoYuan-Core02-AR6140-ospf-1-area-0.0.0.0] network 10.1.3.3 0.0.0.0
[HZ-HZXiaoYuan-Core02-AR6140-ospf-1-area-0.0.0.0]net 10.1.37.3 0.0.0.0
[HZ-HZXiaoYuan-Core02-AR6140-ospf-1-area-0.0.0.0]net 10.1.13.3 0.0.0.0
[HZ-HZXiaoYuan-Core02-AR6140-ospf-1-area-0.0.0.0]net 10.1.23.3 0.0.0.0
[HZ-HZXiaoYuan-Core02-AR6140-ospf-1-area-0.0.0.0]
[HZ-HZXiaoYuan-Edge01-AR6140] ospf 1 router-id 10.1.1.1
[HZ-HZXiaoYuan-Edge01-AR6140-ospf-1]a 1
[HZ-HZXiaoYuan-Edge01-AR6140-ospf-1-area-0.0.0.1]net 10.1.15.1 0.0.0.0
[HZ-HZXiaoYuan-Edge01-AR6140-ospf-1-area-0.0.0.1]q
[HZ-HZXiaoYuan-Edge01-AR6140-ospf-1]a 0
[HZ-HZXiaoYuan-Edge01-AR6140-ospf-1-area-0.0.0.0] network 10.1.1.1 0.0.0.0
[HZ-HZXiaoYuan-Edge01-AR6140-ospf-1-area-0.0.0.0] network 10.1.12.1 0.0.0.0
[HZ-HZXiaoYuan-Edge01-AR6140-ospf-1-area-0.0.0.0]network 10.1.13.1 0.0.0.0
[SH-SHXiaoYuan-Edge01-AR6140] ospf 1 router-id 10.1.5.5
[SH-SHXiaoYuan-Edge01-AR6140-ospf-1]a 1
[SH-SHXiaoYuan-Edge01-AR6140-ospf-1-area-0.0.0.1] network 10.1.5.5 0.0.0.0
[SH-SHXiaoYuan-Edge01-AR6140-ospf-1-area-0.0.0.1]net 10.1.15.5 0.0.0.0
[SH-SHXiaoYuan-Edge01-AR6140-ospf-1-area-0.0.0.1]net 192.168.5.254 0.0.0.0
[HZ-HZXiaoYuan-Edge01-AR6140]int g0/0/0
[HZ-HZXiaoYuan-Edge01-AR6140-GigabitEthernet0/0/0]ospf dr-priority 255
[HZ-HZXiaoYuan-Edge01-AR6140]int g0/0/0
[HZ-HZXiaoYuan-Edge01-AR6140-GigabitEthernet0/0/0]ospf authentication-mode md5 1 cipher huawei
[HZ-HZXiaoYuan-Edge01-AR6140-GigabitEthernet0/0/0]int g0/0/1
[HZ-HZXiaoYuan-Edge01-AR6140-GigabitEthernet0/0/1]ospf authentication-mode md5 1 cipher huawei
[HZ-HZXiaoYuan-Core01-AR6140]int g0/0/0
[HZ-HZXiaoYuan-Core01-AR6140-GigabitEthernet0/0/0]ospf authentication-mode md5 1 cipher huawei
[HZ-HZXiaoYuan-Core01-AR6140-GigabitEthernet0/0/0]int g0/0/2
[HZ-HZXiaoYuan-Core01-AR6140-GigabitEthernet0/0/2]ospf authentication-mode md5 1 cipher huawei
[HZ-HZXiaoYuan-Core02-AR6140]int g0/0/2
[HZ-HZXiaoYuan-Core02-AR6140-GigabitEthernet0/0/2]ospf authentication-mode md5 1 cipher huawei
[HZ-HZXiaoYuan-Core02-AR6140-GigabitEthernet0/0/2]int g0/0/1
[HZ-HZXiaoYuan-Core02-AR6140-GigabitEthernet0/0/1]ospf authentication-mode md5 1 cipher huawei
任务8:出口设计
1. 为保证网络出口的安全性, HZXiaoYuan-Edge01与HZEDU-Edge01之间的PPP链路采用CHAP方式进行验证,HZEDU-Edge01作为验证方,用户名为huawei,密码为Huawei123。
2. HZ-HZXiaoYuan-Edge01-AR6140配置明细静态路由使得校园网内 PC 可以访问教育网中终端PC4所在的网段( 192.168.4.0/24 ),下一跳为HZ-HZEDU-Edge01-AR6140的S4/0/0口。HZ-HZEDU-Edge01-AR6140配置缺省路由访问校园网内部,下一跳为HZ-HZXiaoYuan-Edge01-AR6140的S4/0/0口。
[HZ-HZEDU-Edge01-AR6140]aaa
[HZ-HZEDU-Edge01-AR6140-aaa]local-user huawei password cipher Huawei123
[HZ-HZEDU-Edge01-AR6140-aaa]local-user huawei service-type ppp
[HZ-HZEDU-Edge01-AR6140-aaa]int s 4/0/0
[HZ-HZEDU-Edge01-AR6140-Serial4/0/0]ppp authentication-mode chap
[HZ-HZXiaoYuan-Edge01-AR6140]int s4/0/0
[HZ-HZXiaoYuan-Edge01-AR6140-Serial4/0/0]ppp chap password cipher Huawei123
[HZ-HZEDU-Edge01-AR6140] ip route-static 0.0.0.0 0.0.0.0 10.2.14.1
[HZ-HZXiaoYuan-Edge01-AR6140] ip route-static 192.168.4.0 255.255.255.0 10.2.14.4
任务9:路由引入
为了使内网用户能够访问教育网,需要将教育网中的路由条目引入校园网,且在计算开销时最大限度的保证精确,在HZ-HZXiaoYuan-Edge01-AR6140上将静态路由引入OSPF,并设置为1类外部路由。
路由引入的命令为: Import-route <protocol> type <1/2>
[HZ-HZXiaoYuan-Edge01-AR6140]ospf
[HZ-HZXiaoYuan-Edge01-AR6140-ospf-1]import-route static type 1
腾讯云开发者
