i.
we
hu a
g.
rn in
ea
:/ /l
ht tp
:
取
料 获
资
多
co m/
cn
cn co m/ we
hu a
HCDA-HNTD
i.
Huawei Certification
更
多
资
料 获
取
:
ht tp
:/ /l
ea
rn in
Lab Guide
g.
Huawei Networking Technology and Device
Huawei Technologies Co.,Ltd
cn co m/
)UV_XOMNZj.[G]KO:KINTURUMOKY)U2ZJ'RRXOMNZYXKYKX\KJ
i.
No part of this document may be reproduced or transmitted in any form or by any means without prior written consent of Huawei Technologies Co., Ltd.
we
:XGJKSGXQYGTJ6KXSOYYOUTY
hu a
and other Huawei trademarks are trademarks of Huawei Technologies Co., Ltd. All other trademarks and trade names mentioned in this document the property of their respective holders.
g.
4UZOIK
:/ /l
ea
rn in
The information in this document is subject to change without notice. Every effort has been made in the preparation of this document to ensure accuracy of the contents, but all statements, information, and recommendations in this document do not constitute the warranty of any kind, express or implied.
.[G]KO)KXZOLOIGZOUT
更
多
资
料 获
取
:
ht tp
.)*'.4:*.[G]KO4KZ]UXQOTM:KINTURUM_GTJ*K\OIK 2GH-[OJK
+JOZOUT\
cn co m/
Huawei Certification System
i.
Relaying on its strong technical and professional training system, according to different customers at different levels of ICT technology, Huawei certification is committed to provide customs with authentic, professional certification.
hu a
we
Based on characteristics of ICT technologies and customers’needs at different levels, Huawei certification provides customers with certification system of four levels.
rn in
g.
HCDA (Huawei Certification Datacom Associate) is primary for IP network maintenance engineers, and any others who want to learn the IP network knowledge. HCDA certification covers the TCP/IP basics, routing, switching and other common foundational knowledge of IP networks, together with Huawei communications products, versatile routing platform VRP characteristics and basic maintenance.
:/ /l
ea
HCDP (Huawei Certification Datacom Professional-Enterprise) is aimed at enterprise-class network maintenance engineers, network design engineers, and any others who want to in depth grasp routing, switching, network adjustment and optimization technologies. HCDP-Enterprise is consist of IESN (Implementing Enterprise Switch Networks), IERN (Implementing Enterprise Routing Networks), and IENP (Improving Enterprise Network performance), which includes advanced IPv4 routing and switching technology principle, IP technology of network security, high availability and Qos, as well as the implementation in Huawei products.
更
多
资
料 获
取
:
ht tp
HCIE (Huawei Certified Internetwork Expert) is designed to endue engineers with a variety of IP network technology and proficiency in maintenance, diagnostics and troubleshooting of Huawei products, which equips the engineers with competence in planning, design and optimization of large-scale IP network.
i.
we
hu a
g.
rn in
ea
:/ /l
ht tp
:
取
料 获
资
多
更
co m/
cn
cn co m/
Referenced icon
29]OZIN
29]OZIN
,OXK]GRR
4KZIRU[J
9KXOGRROTK
更
多
资
料 获
取
:
ht tp
:/ /l
ea
+ZNKXTKZROTK
rn in
g.
8U[ZKX
hu a
we
i.
cn co m/
Lab environment specification
i.
:NK2GHKT\OXUTSKTZOYY[MMKYZKJHKRU]
*K\OIK
59\KXYOUT
8
'8
8
'8
8
'8
9
9)+/9
9
9)+/9
9
9:6+/')
9
9:6+/')
,=
;9-
g.
rn in
ea
:/ /l
ht tp : 取
料 获 资 多
hu a
/JKTZOLOKX
更
we
CONTENTS
i.
Chapter 1 Basic Operations on the VRP Platform ............................................................................................... 1
we
Lab 1-1 Basic Operations on the VRP Platform ............................................................................................... 1
hu a
Chapter 2 Configuring Static Routes and Default Routes .................................................................................. 23 Lab 2-1 Configuring Static Routes and Default Routes .................................................................................. 23
g.
Chapter 3 RIP Configuration ............................................................................................................................. 41 Lab 3-1 Configuring RIPv1 and RIPv2 ............................................................................................................ 41
rn in
Lab 3-2 RIPv2 Route Aggregation and Authentication .................................................................................. 58 Chapter 4 OSPF Configuration .......................................................................................................................... 74
ea
Lab 4-1 OSPF Single-area Configuration ....................................................................................................... 74 Lab 4-2 OSPF Multi-area and Authentication Configuration ......................................................................... 89
:/ /l
Chapter 5 RIP and OSPF Route Import ............................................................................................................ 103 Lab 5-1 RIP and OSPF Route Import ........................................................................................................... 103
ht tp
Chapter 6 Ethernet and STP ........................................................................................................................... 114 Lab 6-1 Ethernet Interface and Link Configuration ..................................................................................... 114 Lab 6-2 STP Configuration .......................................................................................................................... 121
:
Lab 6-3 VLAN Configuration ....................................................................................................................... 134 Chapter 7 Layer3 Configuration and VRRP...................................................................................................... 145
取
Lab 7-1 Configuring Layer 3 Switching ........................................................................................................ 145
料 获
Lab 7-2 Configuring the VRRP .................................................................................................................... 159 Chapter 8 WAN Configuration ........................................................................................................................ 174
更
多
资
Lab 8-1 HDLC and PPP Configuration.......................................................................................................... 174 Lab 8-2 FR Configuration (Back to Back) ..................................................................................................... 190
HC Series
cn
co m/
HCDA-HNTD Content
HUAWEI TECHNOLOGIES
Page1
cn co m/
HCDA-HNTD CONTENTS
Lab 8-3 FR Configuration (Using FR Switch) ................................................................................................ 211 Chapter 9 Firewall Configuration.................................................................................................................... 228
i.
Lab 9-1 USG Firewall Configuration............................................................................................................ 228
we
Lab 9-2 USG Firewall Zone Configuration ................................................................................................... 241 Lab 9-3 NAT Configuration on the USG Firewall ......................................................................................... 257
hu a
Chapter 10 Comprehensive Exercise............................................................................................................... 270
更
多
资
料 获
取
:
ht tp
:/ /l
ea
rn in
g.
Lab 10-1 Comprehensive Exercise .............................................................................................................. 270
Page2
HUAWEI TECHNOLOGIES
HC Series
we
Learning Objectives
i.
Chapter 1 Basic Operations on the VRP Platform Lab 1-1 Basic Operations on the VRP Platform
x
ea
rn in
g.
Configure the connection from a personal computer (PC) to a router using the Windows built-in terminal software. Configure a device name, time, and time zone. Configure the value for Console port idle timeout. Configure the login information. Configure the login password and super password. Save and delete a configuration file. Configure IP addresses for router interfaces. Test the connectivity between two routers that are connected directly. Control a router after using Telnet to another router. Copy configuration files from one router to another using File Transfer Protocol (FTP). Restart a router.
:/ /l
x x x x x x x x x
hu a
The objectives of this lab are to learn and understand how to perform the following operations: x
取
:
ht tp
Topology
料 获
Figure 1.1 Lab topology of the basic operations on the VRP platform
更
多
资
Scenario A company purchases two AR G3 routers. You need to commission the two
HC Series
HUAWEI TECHNOLOGIES
cn
co m/
HCDA-HNTD Chapter 1 Basic Operations on the VRP Platform
Page1
cn co m/
HCDA-HNTD Chapter 1 Basic Operations on the VRP Platform
AR G3 routers before using them. Items to be commissioned include configuration modes, device names, time, passwords, file management, and restart operations.
we
i.
Tasks
hu a
Step 1 Connect devices.
This step describes how to connect to a router using the Windows XP built-in HyperTerminal.
:
ht tp
:/ /l
ea
rn in
g.
Connect a PC to a router using a console cable. Run a terminal emulation program such as Windows XP HyperTerminal on the PC to create a as shown in Figure 3.1. The name and icon provided in the figure are only examples.Creating a connection.
更
多
资
料 获
取
Select a COM port.Selecting a COM port.
Page2
HUAWEI TECHNOLOGIES
HC Series
rn in
g.
hu a
we
i.
cn
co m/
HCDA-HNTD Chapter 1 Basic Operations on the VRP Platform
料 获
取
:
ht tp
:/ /l
ea
If the PC has multiple COM ports, select a proper one. The serial port of a PC is usually COM1.Setting port communication parameters.
更
多
资
In the COM1 Properties dialog box, click Restore Defaults to retain the default settings. Click OK. HC Series
HUAWEI TECHNOLOGIES
Page3
cn co m/
HCDA-HNTD Chapter 1 Basic Operations on the VRP Platform
i.
Turn on the power switch to start the router. If the preceding parameters are set properly, the terminal window displays the startup information until the startup process is complete, and the system asks you to press Enter. If the command prompt, such as
, is displayed on the user interface, you have successfully entered the user view configuration environment.
we
Step 2 View the system information.
hu a
Run the display version command to view the software version and hardware information for the system. display version
g.
Huawei Versatile Routing Platform Software
VRP (R) software, Version 5.90 (AR2200 V200R001C01SPC300) Copyright (C) 2011 HUAWEI TECH CO., LTD
rn in
Huawei AR2220 Router uptime is 0 week, 0 day, 0 hour, 2 minutes BKP 0 version information: ......output omit......
ea
The command output includes the VRP operating system version, device model, and startup time.
:/ /l
Step 3 Change the system time parameter. The system automatically saves the time. If the time is incorrect, run the clock datetime command in the user view to change the system time.
ht tp
clock datetime 12:00:00 2011-09-15
Run the display clock command to check that the new system time has taken effect.
:
display clock 2011-09-15 12:00:21 Thursday
取
Time Zone(Default Zone Name) : UTC+00:00
料 获
Step 4 Use the question mark (?) or press Tab to enter
更
多
资
commands.
The question mark (?) is a wildcard, and the Tab is used as a shortcut to
Page4
HUAWEI TECHNOLOGIES
HC Series
enter commands. display ? aaa
AAA User access
accounting-scheme acl
Accounting scheme
i.
access-user
acl command group Ipv4 information
adp-mpls
Adp-mpls module
anti-attack
Specify anti-attack configurations arp command group
arp-limit
hu a
we
adp-ipv4
arp
Display the number of limitation
atm
ATM status and configuration information Authentication scheme
authorization-scheme
Display AAA authorization scheme
g.
authentication-scheme
rn in
......output omit......
ht tp
:/ /l
ea
If you want to display all the commands that start with a specific letter or string of letters, enter the desired letters and the question mark (?). The system displays all the commands that start with the letters you enter. For example, if you enter dis?, the system displays all the commands that start with dis. Make sure that there is a space between the string and the question mark (?). The system identifies the command corresponding to the string and displays the parameters of the command. For example, if you enter dis ? and only the display command starts with dis, the system displays the parameters of the display command. If multiple commands start with dis, the system displays an error. You can also press Tab to complete a command. For example, if you enter dis and press Tab, the system completes the display command. If multiple commands start with dis, you can select the appropriate one.
:
If there are no other commands start with the same letters, you can type dis or disp to indicate display, and int or inter to indicate interface.
取
Step 5 Access the system view.
料 获
Run the system-view command to access the system view where you configure interfaces and protocols.
system-view Enter system view, return user view with Ctrl+Z.
更
多
资
[Huawei]
HC Series
cn
co m/
HCDA-HNTD Chapter 1 Basic Operations on the VRP Platform
HUAWEI TECHNOLOGIES
Page5
cn co m/
HCDA-HNTD Chapter 1 Basic Operations on the VRP Platform
Step 6 Change device names.
i.
To more easily identify devices, set device names during the device configuration. Change device names based on the lab topology, as shown below:
we
Change the name of the R1 router to R1. [Huawei]sysname R1
hu a
[R1]
Change the name of the R2 router to R2.
g.
[Huawei]sysname R2
rn in
[R2]
Step 7 Configure the login information.
Configure the login information to indicate the login result.
ea
[R1]header shell information "Welcome to Huawei certification lab"
:/ /l
Run the preceding command to configure the login information. To check whether the login information has been changed, quit out of the router command line interface, and log back in to view the login information. [R1]quit
ht tp
quit
Configuration console exit, please press any key to log on Welcome to Huawei certification lab
:
取
Note: Login information usually provides warnings of illegal logins. Do not use words that are welcoming.
料 获
Step 8 Configure the login authentication mode and timeout interval of the console port.
更
多
资
The console port by default does not have a login password. Therefore, users can log in to the device without passwords.
Page6
HUAWEI TECHNOLOGIES
HC Series
cn
co m/
HCDA-HNTD Chapter 1 Basic Operations on the VRP Platform
This presents a serious risk to the device. You need to change the login mode of the console port to the password authentication mode. The password in the password authentication mode is huawei in plain text.
we
i.
If there is no activity on the console port for the period of time specified by the timeout interval, the system automatically exits. When this occurs, you need to log in to the system again using the password.
hu a
The default timeout interval is 10 minutes. If 10 minutes are not a reasonable amount of time for the timeout interval, change the timeout interval to 20 minutes. [R1]user-interface console 0 [R1-ui-console0]authentication-mode password
g.
[R1-ui-console0]set authentication password simple huawei
rn in
[R1-ui-console0]idle-timeout 20 0
Run the display this command to check the configuration results. [R1-ui-console0]display this [V200R001C01SPC300]
ea
# user-interface con 0 authentication-mode password
idle-timeout 20 0
:/ /l
set authentication password simple huawei
ht tp
Log out of the system and log back in to verify that you need to enter the password. [R1-ui-console0]return quit
:
Configuration console exit, please press any key to log on Welcome to Huawei certification lab
取
料 获
Step 9 Configure IP addresses and descriptions for the interfaces.
更
多
资
Configure an IP address for the S1/0/0 interface of R1. The IP address can use the subnet mask length or use a complete subnet mask, such as 24 or 255.255.255.0. HC Series
HUAWEI TECHNOLOGIES
Page7
cn co m/
HCDA-HNTD Chapter 1 Basic Operations on the VRP Platform [R1]interface Serial 1/0/0 [R1-Serial1/0/0]ip address 10.0.12.1 24 [R1-Serial1/0/0]description This interface connects to R2-S1/0/0
i.
Run the display this command to check the configuration results. [R1-Serial1/0/0]display this
we
[V200R001C01SPC300] #
hu a
interface Serial1/0/0 link-protocol ppp description This interface connect to R2-S1/0/0 ip address 10.0.12.1 255.255.255.0
g.
#
rn in
Return
Run the display interface command to view the interface description. [R1-Serial1/0/0]display interface Serial2/0/0 Serial1/0/0 current state : UP Line protocol current state : UP
ea
Last line protocol up time : 2011-09-15 17:38:48 Description:This interface connect to R2-S1/0/0
:/ /l
Route Port,The Maximum Transmit Unit is 1500, Hold timer is 10(sec) Internet Address is 10.0.12.1/24 Link layer protocol is PPP LCP opened, IPCP stopped Last physical up time
: 2011-09-16 17:38:45
ht tp
Last physical down time : 2011-09-16 17:38:34 Current system time: 2011-09-16 17:42:58 Physical layer is synchronous, Baudrate is 64000 bps Interface is DCE, Cable type is V35, Clock mode is DCECLK Last 300 seconds input rate 2 bytes/sec 16 bits/sec 0 packets/sec
:
Last 300 seconds output rate 2 bytes/sec 16 bits/sec 0 packets/sec Input: 212 packets, 2944 bytes
取
broadcasts:
0, multicasts: 0, runts:
CRC:
0, align errors:
料 获
errors:
dribbles: frame errors:
0, aborts:
0 0, giants:
0
0, overruns:
0
0, no buffers:
0
0, collisions:
0
0
资
Output: 216 packets, 2700 bytes errors:
0, underruns:
deferred:
0
更
多
DCD=UP DTR=UP DSR=UP RTS=UP CTS=UP
Page8
HUAWEI TECHNOLOGIES
HC Series
Input bandwidth utilization : 0.13% Output bandwidth utilization : 0.13%
i.
[R1-Serial1/0/0]
we
The command output shows that the physical status and protocol status of the interface are UP, and the corresponding physical layer and data link layer are functional.
hu a
The interface link cables are V.35 DCE.
Once you have verified the status, configure the IP address and description for the interface of R2.
g.
[R2]interface Serial 1/0/0
[R2-Serial1/0/0]ip address 10.0.12.2 255.255.255.0
rn in
[R2-Serial1/0/0]description This interface connect to R1-S1/0/0 [R2-Serial1/0/0]
ea
After completing the configuration, run the ping command to test the connection between R1 and R2. [R1]ping 10.0.12.2
PING 10.0.12.2: 56 data bytes, press CTRL_C to break
:/ /l
Reply from 10.0.12.2: bytes=56 Sequence=1 ttl=255 time=35 ms Reply from 10.0.12.2: bytes=56 Sequence=2 ttl=255 time=32 ms Reply from 10.0.12.2: bytes=56 Sequence=3 ttl=255 time=32 ms Reply from 10.0.12.2: bytes=56 Sequence=4 ttl=255 time=32 ms Reply from 10.0.12.2: bytes=56 Sequence=5 ttl=255 time=32 ms
ht tp
--- 10.0.12.2 ping statistics --5 packet(s) transmitted 5 packet(s) received 0.00% packet loss
:
round-trip min/avg/max = 32/32/35 ms
Configure the telnet login mode.
取
Step 10
料 获
Set the telnet login mode of R1 to password authentication mode, password to huawei, and user privilege level to 3.
[R1]user-interface vty 0 4 [R1-ui-vty0-4]authentication-mode password [R1-ui-vty0-4]set authentication password simple huawei
更
多
资
[R1-ui-vty0-4]user privilege level 3
HC Series
cn
co m/
HCDA-HNTD Chapter 1 Basic Operations on the VRP Platform
HUAWEI TECHNOLOGIES
Page9
cn
Run the display this command to check the configuration results. [R1-ui-vty0-4]display this [V200R001C01SPC300]
i.
#
co m/
HCDA-HNTD Chapter 1 Basic Operations on the VRP Platform
user-interface con 0
we
authentication-mode password set authentication password simple huawei
hu a
idle-timeout 20 0 user-interface vty 0 4 user privilege level 3 set authentication password simple huawei
g.
user-interface vty 16 20 #
rn in
Return
Set the telnet login mode of R2 to user name and password authentication mode. [R2]user-interface vty 0 4
ea
[R2-ui-vty0-4]authentication-mode aaa
:/ /l
[R2-ui-vty0-4]quit
Note: You can run the quit command to return to the previous view or the return command to return to the user view. [R2]aaa
ht tp
[R2-aaa]local-user huawei password simple huawei [R2-aaa]local-user huawei privilege level 15 [R2-aaa]local-user huawei service-type telnet
Run the display this command to check the configuration results.
:
[R2-aaa]display this
# aaa
取
[V200R001C01SPC300]
料 获
authentication-scheme default authorization-scheme default accounting-scheme default domain default domain default_admin
更
多
资
local-user admin password simple admin
Page10
HUAWEI TECHNOLOGIES
HC Series
local-user admin service-type http local-user huawei password simple huawei local-user huawei privilege level 15 local-user huawei service-type telnet
i.
# Return
we
Telnet to R2 from R1.
hu a
telnet 10.0.12.2 Press CTRL_] to quit telnet mode Trying 10.0.12.2 ...
g.
Connected to 10.0.12.2 ...
rn in
Login authentication
Username:huawei Password:
----------------------------------------------------------------------------
ea
User last login information:
IP-Address : 10.0.12.1 Time
:/ /l
---------------------------------------------------------------------------Access Type: Telnet
: 2011-09-14 13:19:59+00:00
ht tp
---------------------------------------------------------------------------
Based on the output above, the login is successful.
:
Telnet to R1 from R2. telnet 10.0.12.1
Press CTRL_] to quit telnet mode
取
Trying 10.0.12.1 ...
料 获
Connected to 10.0.12.1 ...
Login authentication
Password:
Welcome to Huawei certification lab
更
多
资
HC Series
cn
co m/
HCDA-HNTD Chapter 1 Basic Operations on the VRP Platform
HUAWEI TECHNOLOGIES
Page11
cn co m/
HCDA-HNTD Chapter 1 Basic Operations on the VRP Platform
Step 11
Configure a super password for the device.
i.
Based on the output above, the login is successful.
hu a
we
When there are low user rights, for example, the value of user privilege level is 0 or 1 for the telnet login, you can use the super command to increase the user rights. To minimize risks caused by illegal right elevations, set super passwords.
g.
Set a super password for R1. The super password is stored in simple (plain text) mode.
rn in
[R1]super password simple Huawei
Run the display current-configuration command to check the configuration results. [R1]display current-configuration
ea
......output omit...... #
:/ /l
super password level 3 simple huawei user-interface con 0
authentication-mode password ......output omit......
ht tp
As shown in the command output, the super password is stored in plain text, which is relatively unsecure and unsafe. Set a super password for R2. The super password is stored in cipher (cipher text) mode.
:
[R2]super password cipher huawei [R2]display current-configuration
#
取
......output omit......
super password level 3 cipher Q;L]@C0S3[%;LEEP8+INFQ!!
料 获
user-interface con 0 authentication-mode password
......output omit......
更
多
资
As shown in the command output, the super password is stored in cipher text, which is more secure and safe. Page12
HUAWEI TECHNOLOGIES
HC Series
Step 12
View the file list stored on the current device.
i.
Run the dir command in the user view to display the list of files in the current directory.
we
dir
Idx Attr
Size(Byte) Date
hu a
Directory of sd1:/
Time(LMT) FileName
1,738,816 Sep 14 2011 11:50:24
1 -rw-
68,288,896 Jul 12 2011 14:17:58
web.zip
ar2220_V200R001C01SPC300.cc
g.
0 -rw-
rn in
1,927,476 KB total (1,856,548 KB free)
dir Directory of sd1:/
Idx Attr
Size(Byte) Date
Time(LMT) FileName
1,738,816 Sep 14 2011 11:50:58
1 -rw-
68,288,896 Jul 12 2011 14:19:02
web.zip
ar2220_V200R001C01SPC300.cc
:/ /l
ea
0 -rw-
1,927,476 KB total (1,855,076 KB free)
Step 13
Upload and download files between R1 and R2 using
ht tp
FTP.
:
Routers are considered as FTP clients by default. In this lab, R1 is considered as an FTP client, and R2 is considered as an FTP server. Enable the FTP server function on R2.
取
[R2]ftp server enable Info: Succeeded in starting the FTP server
料 获
[R2]set default ftp-directory sd1:/
Create a local account Āftpuserā as the FTP login account on R2.
[R2]aaa
[R2-aaa]local-user ftpuser password cipher huawei
资
[R2-aaa]local-user ftpuser service-type ftp
更
多
[R2-aaa]local-user ftpuser privilege level 15
HC Series
HUAWEI TECHNOLOGIES
Page13
cn
co m/
HCDA-HNTD Chapter 1 Basic Operations on the VRP Platform
cn co m/
HCDA-HNTD Chapter 1 Basic Operations on the VRP Platform
Log in to R2 from R1 using FTP. ftp 10.0.12.2 Trying 10.0.12.2 ...
i.
Press CTRL+K to abort Connected to 10.0.12.2.
we
220 FTP service ready. User(10.0.12.2:(none)):ftpuser
hu a
331 Password required for ftpuser. Enter password: 230 User logged in.
g.
[R1-ftp]
rn in
If the [R1-ftp] prompt is displayed, you have successfully logged in to the R2 FTP server. Transfer a file from R1 to the R2 FTP server using FTP. [R1-ftp]put hq-r.cfg file-from-R1.bak
ea
200 Port command okay.
150 Opening ASCII mode data connection for file-from-R1.bak.
:/ /l
226 Transfer complete.
FTP: 0 byte(s) sent in 0.627 second(s) 0.00byte(s)/sec. [R1-ftp]
ht tp
Note: The source file names on the lab device may be different. You need to use the actual file name. Run the dir command in the R1 user view to check the file names in the file list. Run the dir command to view the result of the transfer. [R1-ftp]dir
:
200 Port command okay.
150 Opening ASCII mode data connection for *. 1 noone
取
-rwxrwxrwx -rwxrwxrwx
1 noone
nogroup
1738816 Sep 14 11:50 web.zip
nogroup 68288896 Jul 12 14:19
ar2220_V200R001C01SPC300.cc
料 获
-rwxrwxrwx
1 noone
nogroup
0 Sep 14 14:10 file-from-r1.bak
226 Transfer complete. FTP: 551 byte(s) received in 0.619 second(s) 890.14byte(s)/sec.
更
多
资
The command output lists files on the R2 FTP server.
Page14
HUAWEI TECHNOLOGIES
HC Series
Download the file-from-r1.bak file from the R2 FTP server to R1 and change the file name to file-from-r2.bak. [R1-ftp]get file-from-r1.bak file-from-r2.bak 200 Port command okay.
hu a
FTP: 0 byte(s) received in 0.591 second(s) 0.00byte(s)/sec.
we
226 Transfer complete.
i.
150 Opening ASCII mode data connection for file-from-r1.bak.
Exit from the R2 FTP server and check the file list on R1. Make sure that the file-from-r2.bak file has been downloaded successfully.
g.
[R1-ftp]quit 221 Server closing. dir
Idx Attr
rn in
Directory of sd1:/
Size(Byte) Date
Time(LMT) FileName
0 -rw-
1,738,816 Sep 16 2011 18:44:54
1 -rw-
68,288,896 Jul 12 2011 14:17:58 0 Sep 16 2011 19:13:00
ea
2 -rw-
web.zip
ar2220_V200R001C01SPC300.cc
file-from-r2.bak
:/ /l
1,927,476 KB total (1,856,548 KB free)
Delete the files on the devices.
ht tp
x Warning: Delete only the two lab files file-from-r1.bak and file-from-r2.bak. Do not delete other files; otherwise, the devices may fail to boot.
:
Delete the file-from-r1.bak file from R2. dir
取
Directory of sd1:/
Idx Attr
Size(Byte) Date
Time(LMT) FileName
1,738,816 Sep 14 2011 11:50:58
1 -rw-
68,288,896 Jul 12 2011 14:19:02
料 获
0 -rw-
2 -rw-
0 Sep 14 2011 14:10:08
web.zip ar2220_V200R001C01SPC300.cc file-from-r1.bak
1,927,476 KB total (1,855,076 KB free) delete /unreserved file-from-r1.bak
更
多
资
Warning: The contents of file sd1:/file-from-r1.bak cannot be recycled. Continue?
HC Series
HUAWEI TECHNOLOGIES
Page15
cn
co m/
HCDA-HNTD Chapter 1 Basic Operations on the VRP Platform
cn
(y/n)[n]:y Info: Deleting file sd1:/file-from-r1.bak...succeed.
dir Directory of sd1:/
Size(Byte) Date
Time(LMT) FileName
0 -rw-
1,738,816 Sep 14 2011 11:50:58
1 -rw-
68,288,896 Jul 12 2011 14:19:02
web.zip
ar2220_V200R001C01SPC300.cc
g.
1,927,476 KB total (1,855,076 KB free)
hu a
Idx Attr
we
i.
The /unreserved parameter indicates that the file is to be deleted permanently and cannot be restored. Use this parameter with caution.
co m/
HCDA-HNTD Chapter 1 Basic Operations on the VRP Platform
Delete the file-from-r2.bak file from R1. delete /unreserved file-from-r2.bak
rn in
Compare the file list with the preceding file list and make sure that the file-from-r1.bak file has been deleted.
ea
Warning: The contents of file sd1:/file-from-r2.bak cannot be recycled. Continue? (y/n)[n]:y
dir Directory of sd1:/
Idx Attr
:/ /l
Info: Deleting file sd1:/file-from-r2.bak...succeed.
Size(Byte) Date
Time(LMT) FileName
1,738,816 Sep 16 2011 18:44:54
1 -rw-
68,288,896 Jul 12 2011 14:17:58
ht tp
0 -rw-
web.zip ar2220_V200R001C01SPC300.cc
1,927,476 KB total (1,856,548 KB free)
Manage configuration files of a device.
取
Step 14
:
料 获
Save the current configuration file. save
The current configuration will be written to the device. Are you sure to continue? (y/n)[n]:y
It will take several minutes to save configuration file, please wait............
更
多
资
Configuration file had been saved successfully Note: The configuration file will take effect after being activated
Page16
HUAWEI TECHNOLOGIES
HC Series
Run the following command to view the saved configuration information: display saved-configuration
# sysname R1
we
header shell information "Welcome to Huawei certification lab"
i.
[V200R001C01SPC300]
#
hu a
board add 0/1 1SA board add 0/2 1SA
g.
ĂĂoutput omitĂĂ
Run the following command to view the current configuration information:
rn in
display current-configuration [V200R001C01SPC300] # sysname R1
header shell information "Welcome to Huawei certification lab"
ea
# board add 0/1 1SA
ĂĂoutput omitĂĂ
:/ /l
board add 0/2 1SA board add 0/3 2FE
ht tp
A router can store multiple configuration files. You can select the configuration file to be used after the next startup of the router as required. startup saved-configuration iascfg.zip This operation will take several minutes, please wait......... Info: Succeeded in setting the file for booting system
:
取
Run the following command to select the configuration file to be used after the next startup:
料 获
display startup MainBoard: Startup system software:
sd1:/ar2220_V200R001C01SPC300.cc
Next startup system software:
sd1:/ar2220_V200R001C01SPC300.cc
更
多
资
Backup system software for next startup:
Startup saved-configuration file:
HC Series
cn
co m/
HCDA-HNTD Chapter 1 Basic Operations on the VRP Platform
null null
HUAWEI TECHNOLOGIES
Page17
Next startup saved-configuration file: Startup license file:
cn co m/
HCDA-HNTD Chapter 1 Basic Operations on the VRP Platform sd1:/iascfg.zip null
Next startup license file:
null
Startup patch package:
null null
Startup voice-files:
i.
Next startup patch package:
null null
we
Next startup voice-files:
hu a
Delete configuration files from the flash memory. reset saved-configuration
This will delete the configuration in the flash memory.
The device configurations will be erased to reconfigure.
g.
Are you sure? (y/n)[n]:y
Clear the configuration in the device successfully.
Step 15
rn in
Restart a router.
ea
Run the reboot command to restart a router. reboot
:/ /l
Info: The system is now comparing the configuration, please wait. Warning: All the configuration will be saved to the next startup configuration. Continue ? [y/n]:n
System will reboot! Continue ? [y/n]:y
ht tp
Info: system is rebooting ,please wait...
:
The system asks whether you want to save the current configuration. Determine whether to save the current configuration based on the requirements for the lab. If you are unsure whether you should save the current confirmation, do not save it.
取
Additional Exercises: Analyzing and Verifying
料 获
1. You can use USB cables to connect to the USB ports of AR G3 routers to perform configuration management. For more information, see the related product guide.
更
多
资
2. Currently, most laptops do not have COM ports. How do we configure routers without laptop COM ports? List all the methods you have in mind.
Page18
HUAWEI TECHNOLOGIES
HC Series
Final Configurations [R1]display current-configuration
i.
[V200R001C01SPC300] # sysname R1
we
tftp client-source -i Serial2/0/0
header shell information "Welcome to Huawei certification lab"
hu a
# voice # http server enable
g.
# drop illegal-mac alarm
rn in
# l2tp aging 0 # aaa authentication-scheme default
ea
authorization-scheme default accounting-scheme default
domain default_admin
:/ /l
domain default
local-user admin password simple admin local-user admin service-type http #
ht tp
interface Ethernet3/0/0 #
interface Ethernet3/0/1 #
interface Serial1/0/0
:
link-protocol ppp
description This interface connect to R2-S2/0/0
取
ip address 10.0.12.1 255.255.255.0 #
interface Serial2/0/0
料 获
link-protocol ppp
#
interface GigabitEthernet0/0/0 #
interface GigabitEthernet0/0/1
更
多
资
#
HC Series
cn
co m/
HCDA-HNTD Chapter 1 Basic Operations on the VRP Platform
HUAWEI TECHNOLOGIES
Page19
cn co m/
HCDA-HNTD Chapter 1 Basic Operations on the VRP Platform interface GigabitEthernet0/0/2 # interface Cellular0/0/0 link-protocol ppp
i.
# interface Cellular0/0/1
we
link-protocol ppp # interface NULL0
hu a
# super password level 3 simple huawei user-interface con 0
set authentication password simple huawei idle-timeout 10 0
rn in
user-interface vty 0 4
g.
authentication-mode password
user privilege level 3
user-interface vty 16 20 # return
[V200R001C01SPC300] # sysname R2 ftp server enable
:/ /l
[R2]display current-configuration
ea
set authentication password simple huawei
ht tp
set default ftp-directory sd1:/ #
board add 0/1 1SA
board add 0/2 1SA board add 0/3 2FE
:
# voice
取
#
http server enable
料 获
#
drop illegal-mac alarm
#
l2tp aging 0
#
资
dhcp enable
更
多
#
Page20
HUAWEI TECHNOLOGIES
HC Series
aaa authentication-scheme default authorization-scheme default accounting-scheme default
domain default_admin local-user admin password simple admin local-user admin service-type http local-user ftpuser password cipher N`C55QK<`=/Q=^Q`MAF4<1!!
hu a
local-user ftpuser privilege level 15 local-user ftpuser service-type ftp local-user huawei password simple huawei
#
# interface Ethernet3/0/1 # interface Serial1/0/0 link-protocol ppp
ea
rn in
interface Ethernet3/0/0
g.
local-user huawei privilege level 15 local-user huawei service-type telnet ftp
we
i.
domain default
description This interface connect to R1-S2/0/0
interface Serial2/0/0 link-protocol ppp #
:/ /l
ip address 10.0.12.2 255.255.255.0 #
ht tp
interface GigabitEthernet0/0/0 #
interface GigabitEthernet0/0/1 #
interface GigabitEthernet0/0/2
:
#
interface Cellular0/0/0
取
link-protocol ppp #
料 获
interface Cellular0/0/1 link-protocol ppp
#
interface NULL0 #
资
super password level 3 cipher Q;L]@C0S3[%;LEEP8+INFQ!!
更
多
user-interface con 0
HC Series
cn
co m/
HCDA-HNTD Chapter 1 Basic Operations on the VRP Platform
HUAWEI TECHNOLOGIES
Page21
cn co m/
HCDA-HNTD Chapter 1 Basic Operations on the VRP Platform user-interface vty 0 4 authentication-mode aaa user-interface vty 16 20 #
更
多
资
料 获
取
:
ht tp
:/ /l
ea
rn in
g.
hu a
we
i.
return
Page22
HUAWEI TECHNOLOGIES
HC Series
Chapter 2 Configuring Static Routes and Default
we
Lab 2-1 Configuring Static Routes and Default Routes
i.
Routes
hu a
Learning Objectives
The objectives of this lab are to learn and understand:
x x
更
多
g.
rn in
资
料 获
取
:
ht tp
x
ea
x x
Advantages of static routes and default routes over dynamic routes Routing functions and operation processes Procedure for configuring a static route with the next hop as an interface Procedure for configuring a static route with the next hop as an IP address Method of testing connectivity of a static route Method of implementing interconnection between the distal network and external network by configuring a default route Procedure for testing a default route Procedure for configuring a backup static route on a router with redundant links Method of testing a backup static route
:/ /l
x x x x
HC Series
cn
co m/
HCDA-HNTD Chapter 2 Configuring Static Routes and Default Routes
HUAWEI TECHNOLOGIES
Page23
cn co m/
HCDA-HNTD Chapter 2 Configuring Static Routes and Default Routes
:/ /l
ea
rn in
g.
hu a
we
i.
Topology
ht tp
Figure 2.1 Lab topology of static routes and default routes
Scenario
取
:
Assume that you are a network administrator of a company with a headquarters (HQ) and two branches. R1 is the router in the HQ, and the HQ has a network segment. R2 and R3 are the routers in the two branches. R1 is connected to R2 and R3 through the Ethernet and serial cables. R2 and R3 are connected through serial cables.
更
多
资
料 获
Because the network scale is small, static routes and default routes are used to implement interworking. For the IP addressing information, see Figure 2.1.
Page24
HUAWEI TECHNOLOGIES
HC Series
Tasks
Perform basic configurations and configure IP
i.
Step 16
we
addresses.
Configure the device names and IP addresses for R1, R2, and R3.
hu a
system-view Enter system view, return user view with Ctrl+Z. [Huawei]sysname R1
g.
[R1]interface Serial 1/0/0 [R1-Serial1/0/0]ip address 10.0.12.1 24
[R1-Serial1/0/0]quit [R1]interface GigabitEthernet 0/0/0
rn in
[R1-Serial1/0/0]description this port connect to R2-S1/0/0
[R1-GigabitEthernet0/0/0]ip address 10.0.13.1 24
[R1-GigabitEthernet0/0/0]description this port connect to R3-G0/0/0 [R1-GigabitEthernet0/0/0]interface loopback 0
:/ /l
ea
[R1-LoopBack0]ip address 10.0.1.1 24
Run the display current-configuration command to check the configurations. [R1-LoopBack0]display current-configuration ......output omit......
ht tp
#
interface GigabitEthernet 0/0/0
description this port connect to R3-G0/0/0 ip address 10.0.13.1 255.255.255.0
:
#
interface Ethernet3/0/1 #
取
interface Serial1/0/0 link-protocol ppp
料 获
description this port connect to R2-S1/0/0 ip address 10.0.12.1 255.255.255.0
#
......output omit...... interface LoopBack0
资
ip address 10.0.1.1 255.255.255.0
多
#
更
cn
co m/
HCDA-HNTD Chapter 2 Configuring Static Routes and Default Routes
HC Series
HUAWEI TECHNOLOGIES
Page25
cn co m/
HCDA-HNTD Chapter 2 Configuring Static Routes and Default Routes ......output omit......
system-view Enter system view, return user view with Ctrl+Z.
[R2]interface serial 1/0/0 [R2-Serial1/0/0]ip address 10.0.12.2 24 [R2-Serial1/0/0]description this port connect to R1-S1/0/0 [R2-Serial1/0/0]interface serial 2/0/0
hu a
[R2-Serial2/0/0]ip address 10.0.23.2 24
we
i.
[Huawei]sysname R2
[R2-Serial2/0/0]description this port connect to R3-S2/0/0 [R2-Serial2/0/0]interface loopback0
[R2-LoopBack0]display current-configuration ......output omit......
rn in
interface Serial1/0/0
g.
[R2-LoopBack0]ip address 10.0.2.2 24
link-protocol ppp
description this port connect to R1-S1/0/0 ip address 10.0.12.2 255.255.255.0 #
ea
interface Serial2/0/0 link-protocol ppp
:/ /l
description this port connect to R3-S2/0/0 ip address 10.0.23.2 255.255.255.0 # ......output omit...... #
ht tp
interface LoopBack0
ip address 10.0.2.2 255.255.255.0
system-view
Enter system view, return user view with Ctrl+Z.
:
[Huawei]sysname R3
[R3]interface Serial 2/0/0
取
[R3-Serial2/0/0]ip address 10.0.23.3 24 [R3-Serial2/0/0]description this port connect to R2-S2/0/0
料 获
[R3-Serial2/0/0]quit [R3]interface GigabitEthernet 0/0/0 [R3-GigabitEthernet0/0/0]ip address 10.0.13.3 24 [R3-GigabitEthernet0/0/0]description this port connect to R1-G0/0/0 [R3-GigabitEthernet0/0/0]interface loopback 0
资
[R3-LoopBack0]ip address 10.0.3.3 24
更
多
[R3-LoopBack0]display current-configuration
Page26
HUAWEI TECHNOLOGIES
HC Series
......output omit...... # interface Serial2/0/0 link-protocol ppp
i.
description this port connect to R2-S2/0/0 ip address 10.0.23.3 255.255.255.0
we
# interface GigabitEthernet0/0/0 description this port connect to R1-G0/0/0
hu a
ip address 10.0.13.3 255.255.255.0 # ......output omit......
g.
interface LoopBack0 ip address 10.0.3.3 255.255.255.0 #
rn in
......output omit......
Run the ping command to test network connectivity. ping 10.0.12.2
ea
PING 10.0.12.2: 56 data bytes, press CTRL_C to break
Reply from 10.0.12.2: bytes=56 Sequence=1 ttl=255 time=30 ms Reply from 10.0.12.2: bytes=56 Sequence=2 ttl=255 time=30 ms
:/ /l
Reply from 10.0.12.2: bytes=56 Sequence=3 ttl=255 time=30 ms Reply from 10.0.12.2: bytes=56 Sequence=4 ttl=255 time=30 ms Reply from 10.0.12.2: bytes=56 Sequence=5 ttl=255 time=30 ms
ht tp
--- 10.0.12.2 ping statistics --5 packet(s) transmitted 5 packet(s) received 0.00% packet loss
:
round-trip min/avg/max = 30/30/30 ms
ping 10.0.13.3
PING 10.0.13.2: 56 data bytes, press CTRL_C to break
取
Reply from 10.0.13.3: bytes=56 Sequence=1 ttl=255 time=6 ms Reply from 10.0.13.3: bytes=56 Sequence=2 ttl=255 time=2 ms
料 获
Reply from 10.0.13.3: bytes=56 Sequence=3 ttl=255 time=2 ms Reply from 10.0.13.3: bytes=56 Sequence=4 ttl=255 time=2 ms Reply from 10.0.13.3: bytes=56 Sequence=5 ttl=255 time=2 ms
更
多
资
--- 10.0.13.3 ping statistics --5 packet(s) transmitted
HC Series
cn
co m/
HCDA-HNTD Chapter 2 Configuring Static Routes and Default Routes
HUAWEI TECHNOLOGIES
Page27
cn co m/
HCDA-HNTD Chapter 2 Configuring Static Routes and Default Routes 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 2/2/6 ms
PING 10.0.23.3: 56 data bytes, press CTRL_C to break
we
Reply from 10.0.23.3: bytes=56 Sequence=1 ttl=255 time=31 ms
i.
ping 10.0.23.3
Reply from 10.0.23.3: bytes=56 Sequence=2 ttl=255 time=31 ms Reply from 10.0.23.3: bytes=56 Sequence=3 ttl=255 time=41 ms
hu a
Reply from 10.0.23.3: bytes=56 Sequence=4 ttl=255 time=31 ms Reply from 10.0.23.3: bytes=56 Sequence=5 ttl=255 time=41 ms
g.
--- 10.0.23.3 ping statistics --5 packet(s) transmitted
0.00% packet loss round-trip min/avg/max = 31/35/41 ms
Test connectivity from R2 to 10.0.13.0/24 and
ea
Step 17
rn in
5 packet(s) received
[R2]ping 10.0.13.3
:/ /l
10.0.3.0/24.
PING 10.0.13.3: 56 data bytes, press CTRL_C to break Request time out Request time out
ht tp
Request time out Request time out Request time out
:
--- 10.0.13.3 ping statistics --5 packet(s) transmitted 0 packet(s) received
取
100.00% packet loss
料 获
[R2]ping 10.0.3.3 PING 10.0.3.3: 56 data bytes, press CTRL_C to break Request time out Request time out
更
多
资
Request time out Request time out
Page28
HUAWEI TECHNOLOGIES
HC Series
Request time out
--- 10.0.3.3 ping statistics --5 packet(s) transmitted
i.
0 packet(s) received 100.00% packet loss
hu a
we
Note: If R2 needs to communicate with the network segment 10.0.3.0, the routes destined for this network segment must be configured on R2, and the routes destined for the R2 interface must be configured on R3.
g.
The preceding test result shows that R2 cannot communicate with 10.0.3.3 and 10.0.13.3.
rn in
Run the display ip routing-table command to view the routing table of R2. The routing table does not contain the routes of the two networks. [R2]display ip routing-table
Route Flags: R - relay, D - download to fib
---------------------------------------------------------------------------Routing Tables: Public
Proto
Pre Cost
Flags NextHop
:/ /l
Destination/Mask
Routes : 15
ea
Destinations : 15
Interface
10.0.2.0/24 Direct 0
0
D
10.0.2.2
LoopBack0
10.0.2.2/32 Direct 0
0
D
127.0.0.1
InLoopBack0
0
D
127.0.0.1
InLoopBack0
10.0.12.0/24 Direct 0
0
D
10.0.12.2
Serial1/0/0
ht tp
10.0.2.255/32 Direct 0
0
D
10.0.12.1
Serial1/0/0
0
D
127.0.0.1
InLoopBack0
10.0.12.255/32 Direct 0
0
D
127.0.0.1
InLoopBack0
10.0.23.0/24 Direct 0
0
D
10.0.23.2
Serial2/0/0
10.0.23.2/32 Direct 0
0
D
127.0.0.1
InLoopBack0 Serial2/0/0
:
10.0.12.1/32 Direct 0 10.0.12.2/32 Direct 0
0
D
10.0.23.3
0
D
127.0.0.1
InLoopBack0
Direct 0
0
D
127.0.0.1
InLoopBack0
127.0.0.1/32 Direct 0
0
取
10.0.23.3/32 Direct 0 10.0.23.255/32 Direct 0 127.0.0.0/8
127.0.0.1
InLoopBack0
0
D
127.0.0.1
InLoopBack0
255.255.255.255/32 Direct 0
0
D
127.0.0.1
InLoopBack0
更
多
资
料 获
D
127.255.255.255/32 Direct 0
HC Series
cn
co m/
HCDA-HNTD Chapter 2 Configuring Static Routes and Default Routes
HUAWEI TECHNOLOGIES
Page29
Step 18
cn co m/
HCDA-HNTD Chapter 2 Configuring Static Routes and Default Routes
Configure static routes on R2.
we
i.
Configure a static route for destination networks 10.0.13.0/24 and 10.0.3.0/24, with the next hop as R3 interface's IP address 10.0.23.3 , preference of 60 is the default and not needed to be set. Also in the example the preference is not set. system-view
hu a
Enter system view, return user view with Ctrl+Z. [R2]ip route-static 10.0.13.0 24 10.0.23.3 [R2]ip route-static 10.0.3.0 24 10.0.23.3
g.
Note: In the ip route-static command, 24 indicates the subnet mask length, which can also be expressed in 255.255.255.0.
Configure backup static routes.
rn in
Step 19
ea
The data exchanged between R2 and 10.0.13.3 and 10.0.3.3 is transmitted through the link between R2 and R3. R2 fails to communicate with 10.0.13.3 and 10.0.3.3 if the link between R2 and R3 is faulty.
:/ /l
According to the topology, R2 can communicate with R3 through R1 after the link between R2 and R3 is faulty. You can configure a backup static route to solve the preceding problem. Backup static routes do not take effect in normal cases. If the link between R2 and R3 is faulty, backup static routes are used to transfer data.
ht tp
You must configure preferences for backup static routes to ensure that the backup static routes are used only when the primary link is faulty. In this example, the preference of the backup static route is set to 80.
:
[R1]ip route-static 10.0.3.0 24 10.0.13.3
[R2]ip route-static 10.0.13.0 255.255.255.0 Serial 1/0/0 preference 80
取
[R2]ip route-static 10.0.3.0 24 Serial 1/0/0 preference 80
料 获
[R3]ip route-static 10.0.12.0 24 10.0.13.1
Step 20
Test the static routes.
更
多
资
View the routing table of R2.
Page30
HUAWEI TECHNOLOGIES
HC Series
[R2]display ip routing-table Route Flags: R - relay, D - download to fib
---------------------------------------------------------------------------Routing Tables: Public
Proto
Pre Cost
Flags NextHop
Interface
0
10.0.2.2
10.0.2.2/32 Direct 0
0
D
127.0.0.1
InLoopBack0
10.0.2.255/32 Direct 0
0
D
127.0.0.1
InLoopBack0
D
10.0.12.2
10.0.23.3
10.0.12.1/32 Direct 0
0
D
10.0.12.1
10.0.12.2/32 Direct 0
0
D
127.0.0.1
10.0.12.255/32 Direct 0
0
D
127.0.0.1
10.0.13.0/24 Static 60
0
RD
10.0.23.0/24 Direct 0
0
D
Serial2/0/0 Serial1/0/0
g.
RD
0
Serial1/0/0
InLoopBack0
InLoopBack0
rn in
0
10.0.12.0/24 Direct 0
LoopBack0
hu a
10.0.2.0/24 Direct 0
10.0.3.0/24 Static 60
D
i.
Destination/Mask
Routes : 17
we
Destinations : 17
10.0.23.3
Serial2/0/0
10.0.23.2
Serial2/0/0 InLoopBack0
0
D
127.0.0.1
0
D
10.0.23.3
Serial2/0/0
10.0.23.255/32 Direct 0
0
D
127.0.0.1
ea
10.0.23.2/32 Direct 0 10.0.23.3/32 Direct 0
InLoopBack0
0
0
D
127.0.0.1
InLoopBack0
255.255.255.255/32 Direct 0
0
D
127.0.0.1
InLoopBack0
Direct 0
0
D
127.0.0.1
InLoopBack0
127.0.0.1/32 Direct 0
0
D
127.0.0.1
InLoopBack0
:/ /l
127.0.0.0/8
127.255.255.255/32 Direct
ht tp
The routing table contains two static routes that are configured in step 3. The value of the Proto field is Static, indicating a static route. The value of the Pre field is 60, indicating the default preference of a route. Test network connectivity when the link between R2 and R3 works properly. [R2]ping 10.0.13.3
:
PING 10.0.13.3: 56 data bytes, press CTRL_C to break Reply from 10.0.13.3: bytes=56 Sequence=1 ttl=255 time=34 ms
取
Reply from 10.0.13.3: bytes=56 Sequence=2 ttl=255 time=34 ms Reply from 10.0.13.3: bytes=56 Sequence=3 ttl=255 time=34 ms
料 获
Reply from 10.0.13.3: bytes=56 Sequence=4 ttl=255 time=34 ms Reply from 10.0.13.3: bytes=56 Sequence=5 ttl=255 time=34 ms
--- 10.0.13.3 ping statistics --5 packet(s) transmitted
更
多
资
5 packet(s) received 0.00% packet loss
HC Series
cn
co m/
HCDA-HNTD Chapter 2 Configuring Static Routes and Default Routes
HUAWEI TECHNOLOGIES
Page31
cn co m/
HCDA-HNTD Chapter 2 Configuring Static Routes and Default Routes round-trip min/avg/max = 34/34/34 ms ping 10.0.3.3 PING 10.0.3.3: 56 data bytes, press CTRL_C to break Reply from 10.0.3.3: bytes=56 Sequence=1 ttl=255 time=41 ms
i.
Reply from 10.0.3.3: bytes=56 Sequence=2 ttl=255 time=41 ms Reply from 10.0.3.3: bytes=56 Sequence=3 ttl=255 time=41 ms
we
Reply from 10.0.3.3: bytes=56 Sequence=4 ttl=255 time=41 ms Reply from 10.0.3.3: bytes=56 Sequence=5 ttl=255 time=41 ms
hu a
--- 10.0.3.3 ping statistics --5 packet(s) transmitted 5 packet(s) received
g.
0.00% packet loss round-trip min/avg/max = 41/41/41 ms
rn in
The command output shows that communication is normal. You can also run the tracert command to view the routers through which data is transferred. tracert 10.0.13.3
press CTRL_C to break
tracert 10.0.3.3
:/ /l
1 10.0.23.3 40 ms 31 ms 30 ms
ea
traceroute to 10.0.13.3(10.0.13.3), max hops: 30 ,packet length: 40,
traceroute to 10.0.3.3(10.0.3.3), max hops: 30 ,packet length: 40, press CTRL_C to break
ht tp
1 10.0.23.3 40 ms 30 ms 30 ms
Test the backup static routes.
取
Step 21
:
The command output shows that R2 directly sends data to R3.
Disable Serial2/0/0 on R2 and observe the changes in the routing tables.
料 获
Compare the routing tables with the previous routing tables before Serial2/0/0 was disabled.
[R2]int Serial 2/0/0 [R2-Serial2/0/0]shutdown
资
[R2-Serial2/0/0]quit
更
多
[R2]display ip routing-table
Page32
HUAWEI TECHNOLOGIES
HC Series
Route Flags: R - relay, D - download to fib
---------------------------------------------------------------------------Routing Tables: Public
Proto
Pre Cost
i.
Destination/Mask
Routes : 13
Flags NextHop
Interface
we
Destinations : 13
10.0.2.0/24 Direct 0
0
D
10.0.2.2
LoopBack0
10.0.2.2/32 Direct 0
0
D
127.0.0.1
InLoopBack0
D
127.0.0.1
InLoopBack0
D
10.0.12.2
Serial1/0/0
10.0.12.0/24 Direct 0
0
D
10.0.12.2
Serial1/0/0
10.0.12.1/32 Direct 0
0
D
10.0.12.1
10.0.12.2/32 Direct 0
0
D
127.0.0.1
Serial1/0/0 InLoopBack0
0
D
127.0.0.1
10.0.13.0/24 Static 80
0
D
10.0.12.2
InLoopBack0
127.0.0.0/8
Direct 0
0
D
127.0.0.1
InLoopBack0
127.0.0.1/32 Direct 0
0
D
127.0.0.1
InLoopBack0
Serial1/0/0
rn in
10.0.12.255/32 Direct 0
hu a
0 0
10.0.3.0/24 Static 80
g.
10.0.2.255/32 Direct 0
0
D
127.0.0.1
InLoopBack0
255.255.255.255/32 Direct 0
0
D
127.0.0.1
InLoopBack0
ea
127.255.255.255/32 Direct 0
:/ /l
The next hops and preferences of the two routes in the preceding information are changed. Test connectivity between R2 and the destination addresses 10.0.13.3 and 10.0.3.3 on R2. ping 10.0.3.3
ht tp
PING 10.0.3.3: 56 data bytes, press CTRL_C to break Reply from 10.0.3.3: bytes=56 Sequence=1 ttl=255 time=3 ms Reply from 10.0.3.3: bytes=56 Sequence=2 ttl=255 time=2 ms Reply from 10.0.3.3: bytes=56 Sequence=3 ttl=255 time=2 ms Reply from 10.0.3.3: bytes=56 Sequence=4 ttl=255 time=2 ms
:
Reply from 10.0.3.3: bytes=56 Sequence=5 ttl=255 time=2 ms
取
--- 10.0.3.3 ping statistics --5 packet(s) transmitted
料 获
5 packet(s) received 0.00% packet loss round-trip min/avg/max = 2/2/3 ms
ping 10.0.13.3
更
多
资
PING 10.0.13.3: 56 data bytes, press CTRL_C to break Reply from 10.0.13.3: bytes=56 Sequence=1 ttl=255 time=3 ms
HC Series
cn
co m/
HCDA-HNTD Chapter 2 Configuring Static Routes and Default Routes
HUAWEI TECHNOLOGIES
Page33
cn co m/
HCDA-HNTD Chapter 2 Configuring Static Routes and Default Routes Reply from 10.0.13.3: bytes=56 Sequence=2 ttl=255 time=2 ms Reply from 10.0.13.3: bytes=56 Sequence=3 ttl=255 time=2 ms Reply from 10.0.13.3: bytes=56 Sequence=4 ttl=255 time=2 ms
i.
Reply from 10.0.13.3: bytes=56 Sequence=5 ttl=255 time=2 ms
--- 10.0.13.3 ping statistics ---
we
5 packet(s) transmitted 5 packet(s) received 0.00% packet loss
hu a
round-trip min/avg/max = 2/2/3 ms
g.
The network is not disconnected when the link between R2 and R3 is shut down.
tracert 10.0.13.3
rn in
You can also run the tracert command to view the routers through which data is transferred.
1 10.0.12.1 40 ms 21 ms 21 ms 2 10.0.13.3 30 ms 21 ms 21 ms
:/ /l
tracert 10.0.3.3
ea
traceroute to 10.0.13.3(10.0.13.3), max hops: 30 ,packet length: 40,press CTRL_C to break
traceroute to 10.0.3.3(10.0.3.3), max hops: 30 ,packet length: 40,press CTRL_C to break
1 10.0.12.1 40 ms 21 ms 21 ms
ht tp
2 10.0.13.3 30 ms 21 ms 21 ms
Step 22
:
The command output shows that the data sent by R2 reaches R3 through R1.
Configure a default route on R1 to implement
料 获
取
network connectivity. Enable the interface that was disabled in step 6 on R2.
[R2]int Serial 2/0/0
更
多
资
[R2-Serial2/0/0]undo shutdown
Test connectivity between R1 and R3.
Page34
HUAWEI TECHNOLOGIES
HC Series
[R1]ping 10.0.23.3 PING 10.0.23.3: 56 data bytes, press CTRL_C to break Request time out Request time out
i.
Request time out Request time out
we
Request time out
--- 10.0.23.3 ping statistics ---
hu a
5 packet(s) transmitted 0 packet(s) received 100.00% packet loss
rn in
g.
R3 cannot be pinged because the route destined for 10.0.23.3 is not configured on R1. You can configure a default route on R1 to implement network connectivity. [R1]ip route-static 0.0.0.0 0.0.0.0 10.0.13.3
ea
After the configuration is complete, test connectivity between R1 and 10.0.23.3.
:/ /l
[R1]ping 10.0.23.3
PING 10.0.23.3: 56 data bytes, press CTRL_C to break Reply from 10.0.23.3: bytes=56 Sequence=1 ttl=255 time=3 ms Reply from 10.0.23.3: bytes=56 Sequence=2 ttl=255 time=2 ms Reply from 10.0.23.3: bytes=56 Sequence=3 ttl=255 time=2 ms
ht tp
Reply from 10.0.23.3: bytes=56 Sequence=4 ttl=255 time=2 ms Reply from 10.0.23.3: bytes=56 Sequence=5 ttl=255 time=2 ms
--- 10.0.23.3 ping statistics --5 packet(s) transmitted
:
5 packet(s) received 0.00% packet loss
取
round-trip min/avg/max = 2/2/3 ms
料 获
Step 23
Configure a backup default route.
更
多
资
If the link between R1 and R3 is faulty, R1 can communicate with 10.0.23.3 and 10.0.3.3 through R2. However, R1 does not learn about this route by default. You can also
HC Series
HUAWEI TECHNOLOGIES
cn
co m/
HCDA-HNTD Chapter 2 Configuring Static Routes and Default Routes
Page35
cn co m/
HCDA-HNTD Chapter 2 Configuring Static Routes and Default Routes
configure a backup default route in this step. [R1]ip route-static 0.0.0.0 0.0.0.0 10.0.12.2 preference 80
Test the backup default route.
we
Step 24
i.
[R3]ip route-static 10.0.12.0 24 10.0.23.2 preference 80
hu a
View the routes of R1 when the link between R1 and R3 works properly. display ip routing-table Route Flags: R - relay, D - download to fib
Routing Tables: Public
Destination/Mask
0.0.0.0/0
Proto
Routes : 16
Pre Cost
Static 60
0
RD
rn in
Destinations : 16
g.
----------------------------------------------------------------------------
Flags NextHop
10.0.13.3
Interface
GigabitEthernet0/0/0
0
D
10.0.1.1
10.0.1.1/32 Direct 0
0
D
127.0.0.1
LoopBack0 InLoopBack0
10.0.1.255/32 Direct 0
0
D
127.0.0.1
ea
10.0.1.0/24 Direct 0
InLoopBack0
10.0.12.0/24 Direct 0
0
D
10.0.12.1
Serial1/0/0
10.0.12.1/32 Direct 0
0
D
127.0.0.1
InLoopBack0
10.0.12.2/32 Direct 0
0
D
10.0.12.2
Serial1/0/0
10.0.12.255/32 Direct 0
0
D
127.0.0.1
InLoopBack0
10.0.13.0/24 Direct 0
0
0
RD
10.0.13.3
:/ /l
10.0.3.0/24 Static 60
D
10.0.13.1
GigabitEthernet0/0/0
0
D
127.0.0.1
InLoopBack0
ht tp
10.0.13.1/32 Direct 0
10.0.13.255/32 Direct 0
GigabitEthernet0/0/0
0
D
127.0.0.1
InLoopBack0
Direct 0
0
D
127.0.0.1
InLoopBack0
127.0.0.1/32 Direct 0
0
127.0.0.0/8
127.0.0.1
InLoopBack0
0
D
127.0.0.1
InLoopBack0
255.255.255.255/32 Direct 0
0
D
127.0.0.1
InLoopBack0
取
:
D
127.255.255.255/32 Direct 0
料 获
Disable GigabitEthernet0/0/0 on R1 and disable GigabitEthernet0/0/0 on R3, and then view the routes of R1. Compare the current routes with the routes before GigabitEthernet0/0/0 was disabled.
[R1]interface GigabitEthernet0/0/0 [R1-GigabitEthernet0/0/0]shutdown
更
多
资
[R1-GigabitEthernet0/0/0]quit
Page36
HUAWEI TECHNOLOGIES
HC Series
[R3]interface GigabitEthernet0/0/0 [R3-GigabitEthernet0/0/0]shutdown [R3-GigabitEthernet0/0/0]quit
i.
[R1]display ip routing-table Route Flags: R - relay, D - download to fib
we
---------------------------------------------------------------------------Routing Tables: Public
Pre Cost
0
RD
10.0.1.0/24 Direct 0
Static 80
0
D
Flags NextHop
10.0.12.2 10.0.1.1
Interface
Serial1/0/0 LoopBack0
10.0.1.1/32 Direct 0
0
D
127.0.0.1
10.0.1.255/32 Direct 0
0
D
127.0.0.1
10.0.12.0/24 Direct 0
0
D
10.0.12.1
Serial1/0/0
10.0.12.1/32 Direct 0
0
D
127.0.0.1
InLoopBack0
10.0.12.2/32 Direct 0
0
D
10.0.12.2
Serial1/0/0
10.0.12.255/32 Direct 0
0
D
127.0.0.1
InLoopBack0
Direct 0
0
D
127.0.0.1
InLoopBack0
127.0.0.1/32 Direct 0
0
ea
0.0.0.0/0
Proto
hu a
Destination/Mask
Routes : 12
g.
Destinations : 12
D
127.0.0.1
InLoopBack0
D
127.0.0.1
InLoopBack0
D
InLoopBack0
0
:/ /l
127.255.255.255/32 Direct 0 255.255.255.255/32 Direct 0
0
InLoopBack0 InLoopBack0
rn in
127.0.0.0/8
127.0.0.1
ht tp
According to the preceding routing table, the value of 80 in the Pre column indicates that backup default route 0.0.0.0 is valid. Test network connectivity on R1. [R1]ping 10.0.23.3
PING 10.0.23.3: 56 data bytes, press CTRL_C to break
:
Reply from 10.0.23.3: bytes=56 Sequence=1 ttl=254 time=76 ms Reply from 10.0.23.3: bytes=56 Sequence=2 ttl=254 time=250 ms
取
Reply from 10.0.23.3: bytes=56 Sequence=3 ttl=254 time=76 ms Reply from 10.0.23.3: bytes=56 Sequence=4 ttl=254 time=76 ms
料 获
Reply from 10.0.23.3: bytes=56 Sequence=5 ttl=254 time=76 ms
--- 10.0.23.3 ping statistics --5 packet(s) transmitted 5 packet(s) received
更
多
资
0.00% packet loss round-trip min/avg/max = 76/110/250 ms
HC Series
cn
co m/
HCDA-HNTD Chapter 2 Configuring Static Routes and Default Routes
HUAWEI TECHNOLOGIES
Page37
cn co m/
HCDA-HNTD Chapter 2 Configuring Static Routes and Default Routes [R1]tracert 10.0.23.3
traceroute to 10.0.23.3(10.0.23.2), max hops: 30 ,packet length: 40,press CTRL_C to break 1 10.0.12.2 30 ms 26 ms 26 ms
The data packets reach R3 through R2.
hu a
'JJOZOUTGR+^KXIOYKY 'TGR_`OTMGTJ
we
i.
2 10.0.23.3 60 ms 53 ms 56 ms
g.
You can run the ping command to control other information about forwarded data packets, such as the source address, data packet size, and data packet quantity. Consider the following questions:
rn in
1. What is the source address of the ping data packets sent from a router by default? 2. In this lab, is connectivity implemented for all the network segments?
ea
3. What is the simplest static route configuration for this lab topology if only static route are configured to implement connectivity?
ht tp
:/ /l
4. You can specify the next hop address or an interface when configuring a static route. Consider the differences between the two configurations. How do non-Huawei vendors configure static routes?
:
'VVKTJO^ ' *KLG[RZ 6XKLKXKTIK UL +GIN 8U[ZOTM 6XUZUIUR
取
UL.[G]KO8U[ZKXY
Preference
Direct
0
OSPF
10
IS-IS
15
更
多
资
料 获
Routing Protocol and Routing Type
Page38
HUAWEI TECHNOLOGIES
HC Series
RIP
100
OSPF ASE
150
BGP
255
i.
60
we
Static
hu a
,OTGR)UTLOM[XGZOUTY display current-configuration [V200R001C01SPC300]
g.
# sysname R1
interface Serial1/0/0 link-protocol ppp
rn in
#
description this port connect to R2-S1/0/0 ip address 10.0.12.1 255.255.255.0
ea
# interface GigabitEthernet0/0/0
:/ /l
description this port connect to R3-G0/0/0 ip address 10.0.13.1 255.255.255.0 # interface LoopBack0
ip address 10.0.1.1 255.255.255.0
ht tp
#
ip route-static 0.0.0.0 0.0.0.0 10.0.13.3 ip route-static 0.0.0.0 0.0.0.0 10.0.12.2 preference 80 ip route-static 10.0.3.0 255.255.255.0 10.0.13.3 #
:
return
取
display current-configuration [V200R001C01SPC300] #
料 获
sysname R2
#
interface Serial1/0/0 link-protocol ppp
更
多
资
description this port connect to R1-S1/0/0 ip address 10.0.12.2 255.255.255.0
HC Series
HUAWEI TECHNOLOGIES
cn
co m/
HCDA-HNTD Chapter 2 Configuring Static Routes and Default Routes
Page39
cn co m/
HCDA-HNTD Chapter 2 Configuring Static Routes and Default Routes # interface Serial2/0/0 link-protocol ppp description this port connect to R3-S2/0/0
i.
ip address 10.0.23.1 255.255.255.0 #
we
interface LoopBack0 ip address 10.0.2.2 255.255.255.0 #
hu a
ip route-static 10.0.3.0 255.255.255.0 10.0.23.3
ip route-static 10.0.3.0 255.255.255.0 Serial1/0/0 preference 80 ip route-static 10.0.13.0 255.255.255.0 10.0.23.3
g.
ip route-static 10.0.13.0 255.255.255.0 Serial1/0/0 preference 80 #
display current-configuration [V200R001C01SPC300] # sysname R3
ea
#
rn in
return
interface Serial2/0/0
:/ /l
link-protocol ppp
description this port connect to R2-S2/0/0 ip address 10.0.23.3 255.255.255.0 #
interface GigabitEthernet0/0/0
ht tp
description this port connect to R1-G0/0/0 ip address 10.0.13.3 255.255.255.0 #
interface LoopBack0
ip address 10.0.3.3 255.255.255.0
:
#
ip route-static 10.0.12.0 255.255.255.0 10.0.13.1
#
更
多
资
料 获
return
取
ip route-static 10.0.12.0 255.255.255.0 10.0.23.2 preference 80
Page40
HUAWEI TECHNOLOGIES
HC Series
Chapter 3 RIP Configuration
Learning Objectives
更
多
g.
rn in
资
料 获
取
:
ht tp
:/ /l
x x x x x x x x
Loop prevention mechanism of the Routing Information Protocol (RIP). Method of using RIP to exchange routing information between two routers. Method of configuring RIPv1. Method of enabling RIP on a specified network and interface. Method of using the display and debug commands to test RIP. Procedure for testing connectivity of the RIP network. Formats of the network prefixes sent to or received by RIP. Method of configuring RIPv2. Differences between RIPv1 and RIPv2. Method of importing a static route to RIP.
ea
x x
hu a
The objectives of this lab are to learn and understand:
we
i.
Lab 3-1 Configuring RIPv1 and RIPv2
HC Series
HUAWEI TECHNOLOGIES
cn
co m/
HCDA-HNTD Chapter 3 RIP Configuration
Page41
cn co m/
HCDA-HNTD Chapter 3 RIP Configuration
:/ /l
ea
rn in
g.
hu a
we
i.
Topology
ht tp
Figure 3.1 Lab topology of RIPv1 and RIPv2
Scenario
更
多
资
料 获
取
:
Assume that you are a network administrator of a company that has a small intranet with three routers and five networks. You want to use RIP to transfer routing information. Considering compatibility, you want to use RIPv1 at first, but you realize that RIPv2 also has many advantages. After certain tests, you finally select RIPv2.
Page42
HUAWEI TECHNOLOGIES
HC Series
Tasks
i.
Step 1 Perform basic configurations and IP addressing.
we
Configure basic device information and set IP addresses based on the topology.
hu a
system-view Enter system view, return user view with Ctrl+Z. [Huawei]sysname R1 [R1]interface Serial 1/0/0
g.
[R1-Serial1/0/0]ip address 10.0.12.1 24
[R1-Serial1/0/0]description this port connect to R2-S1/0/0
[R1-LoopBack0]ip address 10.0.1.1 24 [R1-LoopBack0]quit
rn in
[R1-Serial1/0/0]interface loopback 0
ea
Run the display current-configuration command to check the configuration results. [R1-LoopBack0]display current-configuration
# interface Serial1/0/0 link-protocol ppp
:/ /l
......output omit......
description this port connect to R2-S1/0/0
ht tp
ip address 10.0.12.1 255.255.255.0 #
......output omit...... interface LoopBack0
ip address 10.0.1.1 255.255.255.0
:
#
取
......output omit......
system-view Enter system view, return user view with Ctrl+Z.
料 获
[Huawei]sysname R2 [R2]interface serial 1/0/0 [R2-Serial1/0/0]ip address 10.0.12.2 24 [R2-Serial1/0/0]description this port connect to R1-S1/0/0
资
[R2-Serial1/0/0]interface serial 2/0/0
更
多
[R2-Serial2/0/0]ip address 10.0.23.2 24
HC Series
HUAWEI TECHNOLOGIES
Page43
cn
co m/
HCDA-HNTD Chapter 3 RIP Configuration
cn co m/
HCDA-HNTD Chapter 3 RIP Configuration [R2-Serial2/0/0]description this port connect to R3-S2/0/0 [R2-Serial2/0/0]interface loopback0 [R2-LoopBack0]ip address 10.0.2.2 24 [R2-LoopBack0]display current-configuration
i.
......output omit...... #
we
interface Serial1/0/0 link-protocol ppp description this port connect to R1-S1/0/0
hu a
ip address 10.0.12.2 255.255.255.0 # interface Serial2/0/0
description this port connect to R3-S2/0/0 ip address 10.0.23.2 255.255.255.0
rn in
# ......output omit...... # interface LoopBack0 ip address 10.0.2.2 255.255.255.0
ea
#
g.
link-protocol ppp
:/ /l
system-view
Enter system view, return user view with Ctrl+Z. [Huawei]sysname R3
[R3]interface Serial 2/0/0
[R3-Serial2/0/0]ip address 10.0.23.3 24
ht tp
[R3-Serial2/0/0]description this port connect to R2-S2/0/0 [R3-Serial2/0/0]interface loopback 0 [R3-LoopBack0]ip address 10.0.3.3 24 [R3-LoopBack0]display current-configuration ......output omit......
:
#
interface Serial2/0/0
取
link-protocol ppp
description this port connect to R2-S2/0/0
料 获
ip address 10.0.23.3 255.255.255.0 #
......output omit...... interface LoopBack0 ip address 10.0.3.3 255.255.255.0
资
#
更
多
......output omit......
Page44
HUAWEI TECHNOLOGIES
HC Series
R1 and R2 can communicate with each other. ping 10.0.12.2
Reply from 10.0.12.2: bytes=56 Sequence=2 ttl=255 time=30 ms
we
Reply from 10.0.12.2: bytes=56 Sequence=3 ttl=255 time=30 ms
i.
PING 10.0.12.2: 56 data bytes, press CTRL_C to break Reply from 10.0.12.2: bytes=56 Sequence=1 ttl=255 time=30 ms
Reply from 10.0.12.2: bytes=56 Sequence=4 ttl=255 time=30 ms
hu a
Reply from 10.0.12.2: bytes=56 Sequence=5 ttl=255 time=30 ms
--- 10.0.12.2 ping statistics --5 packet(s) transmitted
g.
5 packet(s) received 0.00% packet loss
rn in
round-trip min/avg/max = 30/30/30 ms
R2 can successfully ping the IP address 10.0.23.3 of R3. ping 10.0.23.3
PING 10.0.23.2: 56 data bytes, press CTRL_C to break
ea
Reply from 10.0.23.3: bytes=56 Sequence=1 ttl=255 time=31 ms Reply from 10.0.23.3: bytes=56 Sequence=2 ttl=255 time=31 ms
:/ /l
Reply from 10.0.23.3: bytes=56 Sequence=3 ttl=255 time=41 ms Reply from 10.0.23.3: bytes=56 Sequence=4 ttl=255 time=31 ms Reply from 10.0.23.3: bytes=56 Sequence=5 ttl=255 time=41 ms
--- 10.0.23.3 ping statistics ---
ht tp
5 packet(s) transmitted 5 packet(s) received 0.00% packet loss
:
round-trip min/avg/max = 31/35/41 ms
取
Step 2 Configure RIPv1.
料 获
Enable RIP on R1, and then advertise the 10.0.0.0 network segment to RIP. [R1]rip 1 [R1-rip-1]network 10.0.0.0
资
Enable RIP on R2, and then advertise the 10.0.0.0 network segment to RIP. [R2]rip 1
更
多
[R2-rip-1]network 10.0.0.0
HC Series
HUAWEI TECHNOLOGIES
cn
co m/
HCDA-HNTD Chapter 3 RIP Configuration
Page45
cn co m/
HCDA-HNTD Chapter 3 RIP Configuration
Enable RIP on R3, and then advertise the 10.0.0.0 network segment to RIP. [R3]rip 1
i.
[R3-rip-1]net 10.0.0.0
we
Step 3 Verify RIPv1 routes.
hu a
View the routing tables of R1, R2, and R3. Make sure that these routers have learned the RIP routes that are highlighted in gray in the following command output. [R1]display ip routing-table
g.
Route Flags: R - relay, D - download to fib
Routing Tables: Public Destinations : 14
Proto
Pre Cost
0
10.0.1.1/32 Direct 0
0
10.0.1.255/32 Direct 0
0
LoopBack0
D
127.0.0.1
InLoopBack0
D
127.0.0.1
InLoopBack0
Interface
100 1
D
10.0.12.2
Serial1/0/0
100 2
D
10.0.12.2
Serial1/0/0
10.0.12.0/24 Direct 0
0
D
10.0.12.1
Serial1/0/0
10.0.12.1/32 Direct 0
0
D
127.0.0.1
InLoopBack0
10.0.12.2/32 Direct 0
0
D
10.0.12.2
Serial1/0/0
10.0.12.255/32 Direct 0
0
D
127.0.0.1
InLoopBack0
ht tp
10.0.3.0/24 RIP
10.0.1.1
Flags NextHop
:/ /l
10.0.1.0/24 Direct 0
10.0.2.0/24 RIP
D
Routes : 14
ea
Destination/Mask
rn in
----------------------------------------------------------------------------
10.0.23.0/24 RIP 127.0.0.0/8
100 1
Direct 0
0
127.0.0.1/32 Direct 0
0
D
10.0.12.2
Serial1/0/0
D
127.0.0.1
InLoopBack0
127.0.0.1
InLoopBack0
D
0
D
127.0.0.1
InLoopBack0
255.255.255.255/32 Direct 0
0
D
127.0.0.1
InLoopBack0
取
:
127.255.255.255/32 Direct 0
[R2]display ip routing-table Route Flags: R - relay, D - download to fib
料 获
---------------------------------------------------------------------------Routing Tables: Public Destinations : 17
更
多
资
Destination/Mask
Page46
Proto
Routes : 17
Pre Cost
Flags NextHop
HUAWEI TECHNOLOGIES
Interface
HC Series
10.0.1.0/24 RIP
100 1
D
10.0.12.1
Serial1/0/0
10.0.2.0/24 Direct 0
0
D
10.0.2.2
LoopBack0
10.0.2.2/32 Direct 0
0
D
127.0.0.1
InLoopBack0
10.0.2.255/32 Direct 0
0
D
127.0.0.1
InLoopBack0
100 1
10.0.23.3
Serial2/0/0
0
D
10.0.12.2
Serial1/0/0
10.0.12.1/32 Direct 0
0
D
10.0.12.1
Serial1/0/0
10.0.12.2/32 Direct 0
0
D
127.0.0.1
InLoopBack0
10.0.12.255/32 Direct 0
0
D
127.0.0.1
InLoopBack0
10.0.23.0/24 Direct 0
0
D
10.0.23.2
Serial2/0/0
10.0.23.2/32 Direct 0
0
D
127.0.0.1
10.0.23.3/32 Direct 0
0
D
10.0.23.3
10.0.23.255/32 Direct 0
0
D
127.0.0.1
Direct 0
0
D
127.0.0.1/32 Direct 0
0
127.255.255.255/32 Direct 0
0
255.255.255.255/32 Direct 0
0
D
[R3]display ip routing-table
we
hu a
InLoopBack0
Serial2/0/0 InLoopBack0
g.
127.0.0.0/8
127.0.0.1
InLoopBack0
127.0.0.1
InLoopBack0
D
127.0.0.1
InLoopBack0
D
127.0.0.1
InLoopBack0
rn in
10.0.3.0/24 RIP
i.
D
10.0.12.0/24 Direct 0
Route Flags: R - relay, D - download to fib
ea
---------------------------------------------------------------------------Routing Tables: Public
Destination/Mask
Proto
10.0.1.0/24 RIP
Pre Cost
Flags NextHop
Interface
100 2
D
10.0.23.2
Serial2/0/0
100 1
D
10.0.23.2
Serial2/0/0
ht tp
10.0.2.0/24 RIP
Routes : 14
:/ /l
Destinations : 14
10.0.3.0/24 Direct 0
0
D
10.0.3.3
LoopBack0
10.0.3.3/32 Direct 0
0
D
127.0.0.1
InLoopBack0
10.0.3.255/32 Direct 0
0
D
127.0.0.1
InLoopBack0
100 1
D
10.0.23.2
Serial2/0/0
10.0.12.0/24 RIP
0
D
10.0.23.3
Serial2/0/0
10.0.23.2/32 Direct 0
0
D
10.0.23.2
Serial2/0/0
10.0.23.3/32 Direct 0
0
D
127.0.0.1
InLoopBack0
取
:
10.0.23.0/24 Direct 0
10.0.23.255/32 Direct 0
0
D
127.0.0.1
InLoopBack0
Direct 0
0
D
127.0.0.1
InLoopBack0
127.0.0.1/32 Direct 0
0
D
127.0.0.1
InLoopBack0
料 获
127.0.0.0/8
127.255.255.255/32 Direct 0
0
D
127.0.0.1
InLoopBack0
255.255.255.255/32 Direct 0
0
D
127.0.0.1
InLoopBack0
更
多
资
Test connectivity from R1 to IP address 10.0.23.3. R1 and R3 can communicate with each other. HC Series
HUAWEI TECHNOLOGIES
Page47
cn
co m/
HCDA-HNTD Chapter 3 RIP Configuration
cn co m/
HCDA-HNTD Chapter 3 RIP Configuration [R1]ping 10.0.23.3 PING 10.0.23.3: 56 data bytes, press CTRL_C to break Reply from 10.0.23.3: bytes=56 Sequence=1 ttl=254 time=70 ms Reply from 10.0.23.3: bytes=56 Sequence=2 ttl=254 time=65 ms
Reply from 10.0.23.3: bytes=56 Sequence=4 ttl=254 time=65 ms
we
Reply from 10.0.23.3: bytes=56 Sequence=5 ttl=254 time=65 ms
i.
Reply from 10.0.23.3: bytes=56 Sequence=3 ttl=254 time=65 ms
--- 10.0.23.3 ping statistics ---
hu a
5 packet(s) transmitted 5 packet(s) received 0.00% packet loss
g.
round-trip min/avg/max = 65/66/70 ms
rn in
You can run the debug command to view RIP periodic updates. Run the debug command to enable the RIP debugging function. The debug command can be used only in the user view. Then run the terminal debugging and terminal monitor commands to display the debugging information.
ea
The information about RIP interactions between routers is displayed. terminal debugging
:/ /l
debug rip 1
Info: Current terminal debugging is on. terminal monitor
Info: Current terminal monitor is on.
ht tp
Sep 19 2011 19:15:22.630.1+00:00 R1 RM/6/RMDEBUG: 6: 11647: RIP 1: Receiving v1 response on Serial1/0/0 from 10.0.12.2 with 2 RTEs Sep 19 2011 19:15:22.630.2+00:00 R1 RM/6/RMDEBUG: 6: 11698: RIP 1: Receive response from 10.0.12.2 on Serial1/0/0
Sep 19 2011 19:15:22.630.3+00:00 R1 RM/6/RMDEBUG: 6: 11709: Packet: Version 1,
:
Cmd response, Length 44
Sep 19 2011 19:15:22.630.4+00:00 R1 RM/6/RMDEBUG: 6: 11758: Dest 10.0.3.0, Cost
取
2
Sep 19 2011 19:15:22.630.5+00:00 R1 RM/6/RMDEBUG: 6: 11758: Dest 10.0.23.0, Cost 1
料 获
Sep 19 2011 19:15:52.650.1+00:00 R1 RM/6/RMDEBUG: 6: 11647: RIP 1: Receiving v1 response on Serial1/0/0 from 10.0.12.2 with 2 RTEs Sep 19 2011 19:15:52.650.2+00:00 R1 RM/6/RMDEBUG: 6: 11698: RIP 1: Receive response from 10.0.12.2 on Serial1/0/0 Sep 19 2011 19:15:52.650.3+00:00 R1 RM/6/RMDEBUG: 6: 11709: Packet: Version 1,
更
多
资
Cmd response, Length 44
Page48
HUAWEI TECHNOLOGIES
HC Series
Sep 19 2011 19:15:52.650.4+00:00 R1 RM/6/RMDEBUG: 6: 11758: Dest 10.0.2.0, Cost 1
i.
You can run the undo debug rip or undo debug all command to disable debugging functions.
we
undo debug rip 1
g.
hu a
In addition, you can run the commands that have more parameters to view the debugging information of a certain type. For example, run the debug rip 1 event command to view the periodical update events sent or received by routers. You can add the question mark (?) to the command to query other parameters. debug rip 1 event
Sep 19 2011 19:23:44.200.1+00:00 R1 RM/6/RMDEBUG: 25: 3873: RIP 1: Periodic timer
rn in
expired for interface Serial1/0/0 (10.0.12.1) and its added to periodic update queue
Sep 19 2011 19:23:44.210.1+00:00 R1 RM/6/RMDEBUG: 25: 4201: RIP 1: Interface Serial1/0/0 (10.0.12.1) is deleted from the periodic update queue undo debug all
ea
Info: All possible debugging has been turned off
ht tp
:/ /l
Warning: If too many debugging functions are enabled, a large number of router resources are used. This may lead to break down. Therefore, use the commands (such as debug all) for enabling debugging functions in batches with caution.
Step 4 Configure RIPv2.
取
[R1]rip 1
:
After the preceding configuration, you need to configure only version 2 in the RIP sub view. [R1-rip-1]version 2
料 获
[R2]rip 1
[R2-rip-1]version 2
[R3]rip 1
多
资
[R3-rip-1]version 2
更
cn
co m/
HCDA-HNTD Chapter 3 RIP Configuration
HC Series
HUAWEI TECHNOLOGIES
Page49
cn co m/
HCDA-HNTD Chapter 3 RIP Configuration
Step 5 Verify RIPv2 routes. View the routing tables of R1, R2, and R3.
i.
Run the display ip routing-table command to view the routing tables of R1, R2, and R3. Compare the routes that are highlighted in gray with RIPv1 routes.
we
[R1]display ip routing-table Route Flags: R - relay, D - download to fib
Routing Tables: Public
Proto
Pre Cost
10.0.1.0/24 Direct 0
0
10.0.1.1/32 Direct 0
0
10.0.1.255/32 Direct 0
0
100 1
10.0.3.0/24 RIP
100 2
D
0
10.0.12.1/32 Direct 0
0
10.0.12.2/32 Direct 0
0
10.0.23.0/24 RIP 127.0.0.0/8
0
100 1
Direct 0
0
127.0.0.1/32 Direct 0
0
ht tp
127.255.255.255/32 Direct 0
255.255.255.255/32 Direct 0
127.0.0.1
Interface
LoopBack0 InLoopBack0
D
127.0.0.1
InLoopBack0
D
10.0.12.2
Serial1/0/0
D
10.0.12.2
Serial1/0/0
D
10.0.12.1
Serial1/0/0
D
127.0.0.1
InLoopBack0
D
10.0.12.2
Serial1/0/0
127.0.0.1
InLoopBack0
:/ /l
10.0.12.0/24 Direct 0
10.0.12.255/32 Direct 0
10.0.1.1
D
ea
10.0.2.0/24 RIP
Flags NextHop
rn in
Destination/Mask
Routes : 14
g.
Destinations : 14
hu a
----------------------------------------------------------------------------
D
D
10.0.12.2
Serial1/0/0
D
127.0.0.1
InLoopBack0
127.0.0.1
InLoopBack0
D
0
D
127.0.0.1
InLoopBack0
0
D
127.0.0.1
InLoopBack0
[R2]display ip routing-table
Route Flags: R - relay, D - download to fib
:
---------------------------------------------------------------------------Routing Tables: Public
取
Destinations : 17
Proto
料 获
Destination/Mask
更
多
资
10.0.1.0/24 RIP
Routes : 17
Pre Cost
Interface
D
10.0.12.1
Serial1/0/0
10.0.2.0/24 Direct 0
0
D
10.0.2.2
LoopBack0
10.0.2.2/32 Direct 0
0
D
127.0.0.1
InLoopBack0
10.0.2.255/32 Direct 0
0
D
127.0.0.1
InLoopBack0
100 1
D
10.0.23.3
Serial2/0/0
10.0.3.0/24 RIP
Page50
100 1
Flags NextHop
HUAWEI TECHNOLOGIES
HC Series
0
D
10.0.12.2
Serial1/0/0
10.0.12.1/32 Direct 0
0
D
10.0.12.1
Serial1/0/0
10.0.12.2/32 Direct 0
0
D
127.0.0.1
InLoopBack0
10.0.12.255/32 Direct 0
0
D
127.0.0.1
InLoopBack0
10.0.23.0/24 Direct 0
0
D
10.0.23.2
Serial2/0/0
10.0.23.2/32 Direct 0
0
D
127.0.0.1
InLoopBack0
10.0.23.3/32 Direct 0
0
D
10.0.23.3
Serial2/0/0
10.0.23.255/32 Direct 0
0
D
127.0.0.1
InLoopBack0
127.0.0.1
InLoopBack0
127.0.0.1
InLoopBack0
0
D
127.0.0.1/32 Direct 0
0
D 0
D
127.0.0.1
255.255.255.255/32 Direct 0
0
D
127.0.0.1
InLoopBack0
InLoopBack0
g.
127.255.255.255/32 Direct 0
we
Direct 0
hu a
127.0.0.0/8
i.
10.0.12.0/24 Direct 0
[R3]display ip routing-table Route Flags: R - relay, D - download to fib
Destinations : 14
Proto
Routes : 14
Pre Cost
100 2
10.0.2.0/24 RIP
100 1
Interface
D
10.0.23.2
Serial2/0/0
D
10.0.23.2
Serial2/0/0
:/ /l
10.0.1.0/24 RIP
Flags NextHop
ea
Destination/Mask
rn in
---------------------------------------------------------------------------Routing Tables: Public
10.0.3.0/24 Direct 0
0
D
10.0.3.3
LoopBack0
10.0.3.3/32 Direct 0
0
D
127.0.0.1
InLoopBack0
10.0.3.255/32 Direct 0
0
D
127.0.0.1
InLoopBack0
100 1
D
10.0.23.2
Serial2/0/0
D
10.0.23.3
Serial2/0/0
10.0.12.0/24 RIP
0
ht tp
10.0.23.0/24 Direct 0
10.0.23.2/32 Direct 0
0
D
10.0.23.2
Serial2/0/0
10.0.23.3/32 Direct 0
0
D
127.0.0.1
InLoopBack0
10.0.23.255/32 Direct 0
127.0.0.1
InLoopBack0
Direct 0
0
D
127.0.0.1
InLoopBack0
127.0.0.1/32 Direct 0
0
D
127.0.0.1
InLoopBack0
:
127.0.0.0/8
0
D
0
D
127.0.0.1
InLoopBack0
255.255.255.255/32 Direct 0
0
D
127.0.0.1
InLoopBack0
取
127.255.255.255/32 Direct 0
料 获
Note: The route learning of RIPv1 is the same of the route learning of RIPv2. Why is this true? Test connectivity from R1 to 10.0.23.3.
[R1]ping 10.0.23.3
更
多
资
PING 10.0.23.3: 56 data bytes, press CTRL_C to break Reply from 10.0.23.3: bytes=56 Sequence=1 ttl=254 time=74 ms
HC Series
HUAWEI TECHNOLOGIES
Page51
cn
co m/
HCDA-HNTD Chapter 3 RIP Configuration
cn co m/
HCDA-HNTD Chapter 3 RIP Configuration Reply from 10.0.23.3: bytes=56 Sequence=2 ttl=254 time=75 ms Reply from 10.0.23.3: bytes=56 Sequence=3 ttl=254 time=75 ms Reply from 10.0.23.3: bytes=56 Sequence=4 ttl=254 time=75 ms
i.
Reply from 10.0.23.3: bytes=56 Sequence=5 ttl=254 time=75 ms
--- 10.0.23.3 ping statistics ---
we
5 packet(s) transmitted 5 packet(s) received 0.00% packet loss
hu a
round-trip min/avg/max = 74/74/75 ms
You can run the debug command to view the RIPv2 periodic updates.
g.
terminal debugging Info: Current terminal debugging is on.
Info: Current terminal monitor is on. debug rip 1 event
rn in
terminal monitor
Sep 19 2011 19:55:46.600.1+00:00 R1 RM/6/RMDEBUG: 25: 3873: RIP 1: Periodic timer expired for interface Serial1/0/0 (10.0.12.1) and its added to periodic update
ea
queue
Sep 19 2011 19:55:46.610.1+00:00 R1 RM/6/RMDEBUG: 25: 4201: RIP 1: Interface
undo debug rip 1 debug rip 1 packet
:/ /l
Serial1/0/0 (10.0.12.1) is deleted from the periodic update queue
Sep 19 2011 20:31:34.230.1+00:00 R1 RM/6/RMDEBUG: 6: 11689: RIP 1: Sending response on interface Serial1/0/0 from 10.0.12.1 to 224.0.0.9
ht tp
Sep 19 2011 20:31:34.230.2+00:00 R1 RM/6/RMDEBUG: 6: 11709: Packet: Version 2, Cmd response, Length 24
Sep 19 2011 20:31:34.230.3+00:00 R1 RM/6/RMDEBUG: 6: 11777: Dest 10.0.1.0/24, Nexthop 0.0.0.0, Cost 1, Tag 0 undo debug all
:
Info: All possible debugging has been turned off
取
Step 6 Import a static route to RIPv2.
料 获
Add a loopback interface on R3, and then set the IP address to 172.16.3.3/24. Configure a static route to the network segment on R2. Import the static route to the RIP routing information so that R1 can communicate with 172.16.3.3.
更
多
资
Configure the loopback interface on R3.
Page52
HUAWEI TECHNOLOGIES
HC Series
[R3]interface LoopBack 1 [R3-LoopBack1]ip address 172.16.3.3 24
[R1]ping 172.16.3.3 PING 172.16.3.3: 56 data bytes, press CTRL_C to break
we
Request time out
i.
Test connectivity from R1 to 172.16.3.3.
Request time out
hu a
Request time out Request time out Request time out
g.
--- 172.16.3.3 ping statistics --5 packet(s) transmitted
rn in
0 packet(s) received 100.00% packet loss
R1 does not have a route to 172.16.3.3. Therefore, the address cannot be pinged successfully.
ea
Configure the static route on R2.
:/ /l
system-view
[R2]ip route-static 172.16.3.0 24 10.0.23.3
Import the static route to RIPv2. [R2]rip 1
ht tp
[R2-rip-1]import-route static
Step 7 Verify that the static routes are imported to RIPv2
:
successfully.
料 获
取
View the routing tables of R1, R2, and R3. The route to 172.16.3.0/24 exists in the routing table of R1; the static route to 172.16.3.0/24 exists in the routing table of R2; no change occurs in the routing table of R3. [R1]display ip routing-table Route Flags: R - relay, D - download to fib ----------------------------------------------------------------------------
更
多
资
Routing Tables: Public Destinations : 15
HC Series
cn
co m/
HCDA-HNTD Chapter 3 RIP Configuration
Routes : 15
HUAWEI TECHNOLOGIES
Page53
Destination/Mask
Proto
cn
Pre Cost
Flags NextHop
Interface
0
D
10.0.1.1
LoopBack0
10.0.1.1/32 Direct 0
0
D
127.0.0.1
InLoopBack0
10.0.1.255/32 Direct 0
0
D
127.0.0.1
InLoopBack0
i.
10.0.1.0/24 Direct 0
100 1
D
10.0.12.2
Serial1/0/0
10.0.3.0/24 RIP
100 2
D
10.0.12.2
Serial1/0/0
Serial1/0/0
D
10.0.12.1
10.0.12.1/32 Direct 0
0
D
127.0.0.1
10.0.12.2/32 Direct 0
0
D
10.0.12.2
10.0.12.255/32 Direct 0
0
Direct 0
0
127.0.0.1/32 Direct 0
0
127.255.255.255/32 Direct 0 172.16.3.0/24 RIP
10.0.12.2
D
127.0.0.1
InLoopBack0
127.0.0.1
InLoopBack0
D
100 1
255.255.255.255/32 Direct 0
D
0
D
[R2]display ip routing-table
InLoopBack0
D
D
0
127.0.0.1
Serial1/0/0
Serial1/0/0
g.
127.0.0.0/8
D
100 1
127.0.0.1
rn in
10.0.23.0/24 RIP
InLoopBack0
hu a
0
we
10.0.2.0/24 RIP
10.0.12.0/24 Direct 0
co m/
HCDA-HNTD Chapter 3 RIP Configuration
10.0.12.2
127.0.0.1
InLoopBack0
Serial1/0/0 InLoopBack0
ea
Route Flags: R - relay, D - download to fib
----------------------------------------------------------------------------
Destinations : 18
Destination/Mask
Proto
Routes : 18
Pre Cost
100 1
ht tp
10.0.1.0/24 RIP
:/ /l
Routing Tables: Public
10.0.12.1
Serial1/0/0
0
D
10.0.2.2
LoopBack0
0
D
127.0.0.1
InLoopBack0
10.0.2.255/32 Direct 0
0
D
127.0.0.1
InLoopBack0
100 1
D
10.0.23.3
Serial2/0/0
0
D
10.0.12.2
Serial1/0/0
10.0.12.1/32 Direct 0
0
D
10.0.12.1
Serial1/0/0
10.0.12.2/32 Direct 0
0
D
127.0.0.1
InLoopBack0
取
:
10.0.12.0/24 Direct 0
10.0.12.255/32 Direct 0
0
D
127.0.0.1
InLoopBack0
10.0.23.0/24 Direct 0
0
D
10.0.23.2
Serial2/0/0
10.0.23.2/32 Direct 0
0
D
127.0.0.1
InLoopBack0
10.0.23.3/32 Direct 0
0
D
10.0.23.3
Serial2/0/0
10.0.23.255/32 Direct 0
0
D
127.0.0.1
InLoopBack0
料 获 资
D
10.0.2.2/32 Direct 0
127.0.0.0/8
Direct 0
0
D
127.0.0.1
InLoopBack0
127.0.0.1/32 Direct 0
0
D
127.0.0.1
InLoopBack0
127.255.255.255/32 Direct 0
多
Interface
10.0.2.0/24 Direct 0
10.0.3.0/24 RIP
更
Flags NextHop
Page54
0
D
127.0.0.1
HUAWEI TECHNOLOGIES
InLoopBack0
HC Series
172.16.3.0/24 Static 60
0
255.255.255.255/32 Direct 0
RD
0
D
10.0.23.3
Serial2/0/0
127.0.0.1
InLoopBack0
[R3]display ip routing-table
i.
Route Flags: R - relay, D - download to fib
----------------------------------------------------------------------------
Routes : 17
Proto
Pre Cost
Flags NextHop
10.0.1.0/24 RIP
100 2
D
10.0.23.2
10.0.2.0/24 RIP
100 1
D
10.0.23.2
Interface Serial2/0/0
hu a
Destinations : 17 Destination/Mask
we
Routing Tables: Public
Serial2/0/0
10.0.3.0/24 Direct 0
0
D
10.0.3.3
10.0.3.3/32 Direct 0
0
D
127.0.0.1
10.0.3.255/32 Direct 0
0
D
127.0.0.1
InLoopBack0
100 1
D
10.0.23.2
Serial2/0/0
D
10.0.23.3
Serial2/0/0
D
10.0.23.2
Serial2/0/0
D
127.0.0.1
InLoopBack0
10.0.23.2/32 Direct 0
0
10.0.23.3/32 Direct 0
0
10.0.23.255/32 Direct 0 127.0.0.0/8
0
Direct 0
0
127.0.0.1/32 Direct 0
0
127.255.255.255/32 Direct 0
0 0
127.0.0.1
InLoopBack0
D
127.0.0.1
InLoopBack0
D
127.0.0.1
InLoopBack0
D
D
:/ /l
172.16.3.0/24 Direct 0
D
InLoopBack0
g.
0
rn in
10.0.23.0/24 Direct 0
ea
10.0.12.0/24 RIP
LoopBack0
127.0.0.1
InLoopBack0
172.16.3.3
LoopBack1
172.16.3.3/32 Direct 0
0
D
127.0.0.1
InLoopBack0
172.16.3.255/32 Direct 0
0
D
127.0.0.1
InLoopBack0
255.255.255.255/32 Direct 0
0
127.0.0.1
InLoopBack0
D
ht tp
Test connectivity from R1 to 172.16.3.3. R1 can communicate with 172.16.3.3. [R1]ping 172.16.3.3
PING 172.16.3.3: 56 data bytes, press CTRL_C to break
:
Reply from 172.16.3.3: bytes=56 Sequence=1 ttl=254 time=63 ms Reply from 172.16.3.3: bytes=56 Sequence=2 ttl=254 time=73 ms
取
Reply from 172.16.3.3: bytes=56 Sequence=3 ttl=254 time=74 ms Reply from 172.16.3.3: bytes=56 Sequence=4 ttl=254 time=65 ms
料 获
Reply from 172.16.3.3: bytes=56 Sequence=5 ttl=254 time=74 ms
--- 172.16.3.3 ping statistics --5 packet(s) transmitted 5 packet(s) received
更
多
资
0.00% packet loss round-trip min/avg/max = 63/69/74 ms
HC Series
HUAWEI TECHNOLOGIES
Page55
cn
co m/
HCDA-HNTD Chapter 3 RIP Configuration
cn co m/
HCDA-HNTD Chapter 3 RIP Configuration
'JJOZOUTGR+^KXIOYKY 'TGR_`OTMGTJ
[V200R001C01SPC300] # sysname R1 #
ea
interface Serial1/0/0
rn in
[R1]display current-configuration
g.
Final Configurations
hu a
How are RIPv1 and RIPv2 compatible with each other?
we
i.
When you use RIPv1, a router sends network IDs and other route update information to its neighbor routers without sending subnet masks. How do neighbor routers process the route update information and generate the corresponding subnet masks?
link-protocol ppp
:/ /l
description this port connect to R2-S1/0/0 ip address 10.0.12.1 255.255.255.0 # interface LoopBack0
ip address 10.0.1.1 255.255.255.0
ht tp
# rip 1 version 2
network 10.0.0.0 #
:
return
取
[R2]display current-configuration [V200R001C01SPC300] #
料 获
sysname R2
#
interface Serial1/0/0 link-protocol ppp
更
多
资
description this port connect to R1-S1/0/0
ip address 10.0.12.2 255.255.255.0
Page56
HUAWEI TECHNOLOGIES
HC Series
# interface Serial2/0/0 link-protocol ppp description this port connect to R3-S2/0/0
i.
ip address 10.0.23.2 255.255.255.0 #
we
interface LoopBack0 ip address 10.0.2.2 255.255.255.0 #
hu a
rip 1 version 2 network 10.0.0.0
g.
import-route static #
ip route-static 172.16.3.0 255.255.255.0 10.0.23.3
rn in
# return
[R3]display current-configuration [V200R001C01SPC300]
ea
# sysname R3
interface Serial2/0/0 link-protocol ppp
:/ /l
#
description this port connects to R2-S2/0/0 ip address 10.0.23.3 255.255.255.0
ht tp
#
interface LoopBack0
ip address 10.0.3.3 255.255.255.0 #
interface LoopBack1
:
ip address 172.16.3.3 255.255.255.0 #
取
rip 1 version 2
料 获
network 10.0.0.0 #
更
多
资
Return
HC Series
cn
co m/
HCDA-HNTD Chapter 3 RIP Configuration
HUAWEI TECHNOLOGIES
Page57
cn co m/
HCDA-HNTD Chapter 3 RIP Configuration
i.
Lab 3-2 RIPv2 Route Aggregation and Authentication
Route aggregation advantages Method used to configure RIPv2 route aggregation RIP authentication method Method used to troubleshoot an RIP authentication failure
g.
x x x x
hu a
The objectives of this lab are to learn and understand:
we
Learning Objectives
更
多
资
料 获
取
:
ht tp
:/ /l
ea
rn in
Topology
Page58
Figure 3.2 RIPv2 topology
HUAWEI TECHNOLOGIES
HC Series
Scenario
i.
Assume that you are a network engineer of a company. The company is small; therefore, RIPv2 is used. There are too many routes; therefore, route aggregation is required to control and advertise routes.
Tasks
g.
Step 1 Configure IP addresses for interfaces.
hu a
we
Malicious attackers may forge a valid router to receive and modify valid routes, so RIPv2 authentication is used to protect the network.
rn in
Configure device names and IP addresses for R1, R2, and R3. system system-view
Enter system view, return user view with Ctrl+Z.
ea
[Huawei]sysname R1 [R1]interface Serial 1/0/0
[R1-Serial1/0/0]ip address 10.0.12.1 24
:/ /l
[R1-Serial1/0/0]interface loopback 0 [R1-LoopBack0]ip address 10.0.1.1 24
system-view
Enter system view, return user view with Ctrl+Z.
ht tp
[Huawei]sysname R2
[R2]interface serial 1/0/0
[R2-Serial1/0/0]ip address 10.0.12.2 24 [R2-Serial1/0/0]interface serial 2/0/0
:
[R2-Serial2/0/0]ip address 10.0.23.2 24 [R2-Serial2/0/0]interface loopback0
取
[R2-LoopBack0]ip address 10.0.2.2 24
system-view
料 获
Enter system view, return user view with Ctrl+Z. [Huawei]sysname R3 [R3]interface Serial 2/0/0 [R3-Serial2/0/0]ip address 10.0.23.3 24 [R3-Serial2/0/0]interface loopback0
资
[R3-LoopBack0]ip address 10.0.3.3 24
多
[R3-LoopBack0]interface loopback 2
更
cn
co m/
HCDA-HNTD Chapter 3 RIP Configuration
HC Series
HUAWEI TECHNOLOGIES
Page59
cn co m/
HCDA-HNTD Chapter 3 RIP Configuration [R3-LoopBack2]ip address 172.16.0.1 24 [R3-LoopBack2]interface loopback 3 [R3-LoopBack3]ip address 172.16.1.1 24 [R3-LoopBack3]interface loopback 4
i.
[R3-LoopBack4]ip address 172.16.2.1 24 [R3-LoopBack4]interface loopback 5
we
[R3-LoopBack5]ip address 172.16.3.1 24
ping 10.0.12.2 PING 10.0.12.2: 56 data bytes, press CTRL_C to break
hu a
After you have configured the IP addresses for the interfaces, test network connectivity.
g.
Reply from 10.0.12.2: bytes=56 Sequence=1 ttl=255 time=30 ms
Reply from 10.0.12.2: bytes=56 Sequence=2 ttl=255 time=30 ms
rn in
Reply from 10.0.12.2: bytes=56 Sequence=3 ttl=255 time=30 ms Reply from 10.0.12.2: bytes=56 Sequence=4 ttl=255 time=30 ms Reply from 10.0.12.2: bytes=56 Sequence=5 ttl=255 time=30 ms
--- 10.0.12.2 ping statistics ---
ea
5 packet(s) transmitted 5 packet(s) received 0.00% packet loss
ping 10.0.23.3
:/ /l
round-trip min/avg/max = 30/30/30 ms
PING 10.0.23.3: 56 data bytes, press CTRL_C to break
ht tp
Reply from 10.0.23.3: bytes=56 Sequence=1 ttl=255 time=31 ms Reply from 10.0.23.3: bytes=56 Sequence=2 ttl=255 time=31 ms Reply from 10.0.23.3: bytes=56 Sequence=3 ttl=255 time=41 ms Reply from 10.0.23.3: bytes=56 Sequence=4 ttl=255 time=31 ms
:
Reply from 10.0.23.3: bytes=56 Sequence=5 ttl=255 time=41 ms
--- 10.0.23.3 ping statistics --5 packet(s) transmitted
取
5 packet(s) received 0.00% packet loss
更
多
资
料 获
round-trip min/avg/max = 31/35/41 ms
Page60
HUAWEI TECHNOLOGIES
HC Series
Step 2 Configure RIPv2. Configure RIPv2 on R1, R2, and R3.
i.
[R1]rip 1 [R1-rip-1]network 10.0.0.0
we
[R1-rip-1]version 2
[R2]rip 1
hu a
[R2-rip-1]network 10.0.0.0 [R2-rip-1]version 2
g.
[R3]rip 1 [R3-rip-1]network 172.16.0.0 [R3-rip-1]network 10.0.0.0
rn in
[R3-rip-1]version 2
View the routing table of R1. display ip routing-table
ea
Route Flags: R - relay, D - download to fib
----------------------------------------------------------------------------
Destinations : 18
Destination/Mask
Proto
:/ /l
Routing Tables: Public
Routes : 18
Pre
0
D
10.0.1.1
LoopBack0
D
127.0.0.1
InLoopBack0
10.0.1.255/32 Direct 0
0
D
127.0.0.1
InLoopBack0
10.0.2.0/24 RIP
100 1
D
10.0.12.2
Serial1/0/0
10.0.3.0/24 RIP
100 2
10.0.12.2
Serial1/0/0
0
D
10.0.12.1
Serial1/0/0
10.0.12.1/32 Direct 0
0
D
127.0.0.1
InLoopBack0
10.0.12.2/32 Direct 0
0
D
10.0.12.2
Serial1/0/0
0
D
127.0.0.1
InLoopBack0
100 1
Serial1/0/0
取
:
D
10.0.12.0/24 Direct 0
10.0.23.0/24 RIP
D
10.0.12.2
Direct 0
0
D
127.0.0.1
InLoopBack0
127.0.0.1/32 Direct 0
0
D
127.0.0.1
InLoopBack0
料 获
127.0.0.0/8
资
127.255.255.255/32 Direct 0
多
Interface
0
10.0.12.255/32 Direct 0
更
Flags NextHop
10.0.1.1/32 Direct 0
ht tp
10.0.1.0/24 Direct 0
Cost
D
127.0.0.1
InLoopBack0
172.16.0.0/24 RIP
100 2
D
10.0.12.2
Serial1/0/0
172.16.1.0/24 RIP
100 2
D
10.0.12.2
Serial1/0/0
172.16.2.0/24 RIP
100 2
D
10.0.12.2
Serial1/0/0
HC Series
0
cn
co m/
HCDA-HNTD Chapter 3 RIP Configuration
HUAWEI TECHNOLOGIES
Page61
172.16.3.0/24 RIP
cn
100 2
255.255.255.255/32 Direct 0
0
D
10.0.12.2
Serial1/0/0
D
127.0.0.1
InLoopBack0
co m/
HCDA-HNTD Chapter 3 RIP Configuration
i.
The information in grey shows that R1 has learned specific routes but not aggregated routes.
ping 172.16.0.1 PING 172.16.0.1: 56 data bytes, press CTRL_C to break
we
Test network connectivity.
hu a
Reply from 172.16.0.1: bytes=56 Sequence=1 ttl=254 time=80 ms
Reply from 172.16.0.1: bytes=56 Sequence=2 ttl=254 time=79 ms Reply from 172.16.0.1: bytes=56 Sequence=3 ttl=254 time=79 ms
g.
Reply from 172.16.0.1: bytes=56 Sequence=4 ttl=254 time=79 ms
--- 172.16.0.1 ping statistics --5 packet(s) transmitted 5 packet(s) received 0.00% packet loss
ea
round-trip min/avg/max = 79/79/80 ms
rn in
Reply from 172.16.0.1: bytes=56 Sequence=5 ttl=254 time=79 ms
:/ /l
Step 3 Configure RIP manual route aggregation on R2.
ht tp
Run the rip summary-address command on S1/0/0 of R2 to configure RIP route aggregation. The four routes (172.16.0.0/24, 172.16.1.0/24, 172.16.2.0/24, and 172.16.3.0/24) are aggregated into one route (172.16.0.0/16). [R2]interface serial1/0/0
[R2-Serial1/0/0]rip summary-address 172.16.0.0 255.255.0.0
:
View the routing table and the aggregated route. display ip routing-table
取
Route Flags: R - relay, D - download to fib ----------------------------------------------------------------------------
料 获
Routing Tables: Public Destinations : 15
更
多
资
Destination/Mask
Proto
Routes : 15
Pre Cost
Flags NextHop
Interface
10.0.1.0/24 Direct 0
0
D
10.0.1.1
LoopBack0
10.0.1.1/32 Direct 0
0
D
127.0.0.1
InLoopBack0
Page62
HUAWEI TECHNOLOGIES
HC Series
127.0.0.1
InLoopBack0
10.0.2.0/24 RIP
100 1
D
10.0.12.2
Serial1/0/0
10.0.3.0/24 RIP
100 2
D
10.0.12.2
Serial1/0/0
0
D
10.0.12.1
Serial1/0/0
10.0.12.1/32 Direct 0
0
D
127.0.0.1
InLoopBack0
10.0.12.2/32 Direct 0
0
D
10.0.12.2
Serial1/0/0
10.0.12.255/32 Direct 0
0
D
127.0.0.1
InLoopBack0
100 1
D
10.0.12.2
Serial1/0/0
D
127.0.0.1
InLoopBack0
D
127.0.0.1
InLoopBack0
D
127.0.0.1
InLoopBack0
D
10.0.12.2
Serial1/0/0
D
127.0.0.1
InLoopBack0
10.0.12.0/24 Direct 0
10.0.23.0/24 RIP 127.0.0.0/8
Direct 0
0
127.0.0.1/32 Direct 0
0
127.255.255.255/32 Direct 0 172.16.0.0/16 RIP
0
100 2 0
g.
255.255.255.255/32 Direct 0
i.
D
we
0
hu a
10.0.1.255/32 Direct 0
rn in
The information in grey shows an aggregated route. No specific route is listed in the routing table. Test network connectivity. ping 172.16.0.1
PING 172.16.0.1: 56 data bytes, press CTRL_C to break
ea
Reply from 172.16.0.1: bytes=56 Sequence=1 ttl=254 time=60 ms Reply from 172.16.0.1: bytes=56 Sequence=2 ttl=254 time=59 ms
:/ /l
Reply from 172.16.0.1: bytes=56 Sequence=3 ttl=254 time=80 ms Reply from 172.16.0.1: bytes=56 Sequence=4 ttl=254 time=60 ms Reply from 172.16.0.1: bytes=56 Sequence=5 ttl=254 time=60 ms
--- 172.16.0.1 ping statistics ---
ht tp
5 packet(s) transmitted 5 packet(s) received 0.00% packet loss
round-trip min/avg/max = 59/63/80 ms
取
:
The preceding information shows that route aggregation does not affect network connectivity.
料 获
Step 4 Configure RIP authentication. Configure plain text authentication between R1 and R2 and MD5 authentication between R2 and R3. Set the authentication password to huawei.
资
[R1]interface serial 1/0/0
更
多
[R1-Serial1/0/0]rip authentication-mode simple huawei
HC Series
HUAWEI TECHNOLOGIES
cn
co m/
HCDA-HNTD Chapter 3 RIP Configuration
Page63
cn co m/
HCDA-HNTD Chapter 3 RIP Configuration
[R2]interface serial 1/0/0 [R2-Serial1/0/0]rip authentication-mode simple huawei [R2-Serial1/0/0]quit
i.
[R2]interface serial 2/0/0
[R3]interface serial 2/0/0
hu a
[R3-Serial2/0/0]rip authentication-mode md5 usual huawei
we
[R2-Serial2/0/0]rip authentication-mode md5 usual huawei
After the configurations are complete, test network connectivity. Route Flags: R - relay, D - download to fib
g.
display ip routing-table
----------------------------------------------------------------------------
Destinations : 15
Destination/Mask
Proto
rn in
Routing Tables: Public Routes : 15
Pre Cost
Flags NextHop
0
D
10.0.1.1/32 Direct 0
0
D
127.0.0.1
InLoopBack0
10.0.1.255/32 Direct 0
LoopBack0
D
127.0.0.1
InLoopBack0
D
10.0.12.2
Serial1/0/0
100 2
D
10.0.12.2
Serial1/0/0
:/ /l
0
100 1
10.0.12.0/24 Direct 0
0
D
10.0.12.1
Serial1/0/0
10.0.12.1/32 Direct 0
0
D
127.0.0.1
InLoopBack0
10.0.12.2/32 Direct 0
0
D
10.0.12.2
Serial1/0/0
ht tp
10.0.3.0/24 RIP
ea
10.0.1.0/24 Direct 0
10.0.2.0/24 RIP
10.0.1.1
Interface
0
D
127.0.0.1
InLoopBack0
100 1
D
10.0.12.2
Serial1/0/0
10.0.12.255/32 Direct 0 10.0.23.0/24 RIP 127.0.0.0/8
Direct 0
0
D
127.0.0.1
InLoopBack0
127.0.0.1/32 Direct 0
0
D
127.0.0.1
InLoopBack0
:
127.255.255.255/32 Direct 0 172.16.0.0/16 RIP
0
100 2 0
127.0.0.1
InLoopBack0
10.0.12.2
Serial1/0/0
D
127.0.0.1
InLoopBack0
取
255.255.255.255/32 Direct 0
D D
display ip routing-table
料 获
Route Flags: R - relay, D - download to fib ---------------------------------------------------------------------------Routing Tables: Public Destinations : 21
更
多
资
Destination/Mask
Page64
Proto
Routes : 21
Pre Cost
Flags NextHop
HUAWEI TECHNOLOGIES
Interface
HC Series
D
10.0.12.1
Serial1/0/0
10.0.2.0/24 Direct 0
0
D
10.0.2.2
LoopBack0
10.0.2.2/32 Direct 0
0
D
127.0.0.1
InLoopBack0
10.0.2.255/32 Direct 0
0
D
127.0.0.1
InLoopBack0
100 1
D
10.0.23.3
Serial2/0/0
10.0.3.0/24 RIP
100 1
0
D
10.0.12.2
Serial1/0/0
10.0.12.1/32 Direct 0
0
D
10.0.12.1
Serial1/0/0
10.0.12.2/32 Direct 0
0
D
127.0.0.1
InLoopBack0
we
10.0.12.0/24 Direct 0
0
D
127.0.0.1
InLoopBack0
10.0.23.0/24 Direct 0
0
D
10.0.23.2
Serial2/0/0
10.0.23.2/32 Direct 0
0
D
127.0.0.1
InLoopBack0
10.0.23.3/32 Direct 0
0
D
10.0.23.3
10.0.23.255/32 Direct 0
0
D
127.0.0.1
D
127.0.0.1
0
D
127.0.0.1
0
InLoopBack0
InLoopBack0
D
127.0.0.1
InLoopBack0
172.16.0.0/24 RIP
100 1
D
10.0.23.3
Serial2/0/0
172.16.1.0/24 RIP
100 1
D
10.0.23.3
Serial2/0/0
172.16.2.0/24 RIP
100 1
D
10.0.23.3
Serial2/0/0
172.16.3.0/24 RIP
100 1
D
10.0.23.3
Serial2/0/0
D
127.0.0.1
InLoopBack0
0
:/ /l
255.255.255.255/32 Direct 0
ea
127.255.255.255/32 Direct 0
g.
0
Serial2/0/0 InLoopBack0
rn in
Direct 0
127.0.0.1/32 Direct 0
hu a
10.0.12.255/32 Direct 0
127.0.0.0/8
i.
10.0.1.0/24 RIP
display ip routing-table
Route Flags: R - relay, D - download to fib ---------------------------------------------------------------------------Routing Tables: Public
Routes : 26
ht tp
Destinations : 26
Destination/Mask
Proto
Pre Cost
D
10.0.23.2
Serial2/0/0
100 1
D
10.0.23.2
Serial2/0/0
:
100 2
10.0.2.0/24 RIP
0
D
10.0.3.3
LoopBack0
10.0.3.3/32 Direct 0
0
D
127.0.0.1
InLoopBack0
0
D
127.0.0.1
InLoopBack0
100 1
D
10.0.23.2
Serial2/0/0
取
10.0.3.0/24 Direct 0
料 获
10.0.12.0/24 RIP
10.0.23.0/24 Direct 0
0
D
10.0.23.3
Serial2/0/0
10.0.23.2/32 Direct 0
0
D
10.0.23.2
Serial2/0/0
10.0.23.3/32 Direct 0
0
D
127.0.0.1
InLoopBack0
10.0.23.255/32 Direct 0
0
D
127.0.0.1
InLoopBack0
Direct 0
0
D
127.0.0.1
InLoopBack0
127.0.0.1/32 Direct 0
0
D
127.0.0.1
InLoopBack0
HC Series
HUAWEI TECHNOLOGIES
资
127.0.0.0/8
多
Interface
10.0.1.0/24 RIP
10.0.3.255/32 Direct 0
更
Flags NextHop
cn
co m/
HCDA-HNTD Chapter 3 RIP Configuration
Page65
cn 0
D
127.0.0.1
InLoopBack0
0
D
172.16.0.1
LoopBack2
172.16.0.1/32 Direct 0
0
D
127.0.0.1
InLoopBack0
172.16.0.255/32 Direct 0
0
D
127.0.0.1
InLoopBack0
172.16.1.0/24 Direct 0
0
D
172.16.1.1
LoopBack3
172.16.1.1/32 Direct 0
0
D
127.0.0.1
InLoopBack0
172.16.1.255/32 Direct 0
0
D
127.0.0.1
InLoopBack0
172.16.2.0/24 Direct 0
0
D
172.16.2.1
LoopBack4
172.16.2.1/32 Direct 0
0
D
127.0.0.1
InLoopBack0
172.16.2.255/32 Direct 0
0
D
127.0.0.1
InLoopBack0
172.16.3.0/24 Direct 0
0
D
172.16.3.1
LoopBack5
InLoopBack0
127.0.0.1
D
127.0.0.1
255.255.255.255/32 Direct 0
0
D
127.0.0.1
Step 5 Rectify the RIPv2 fault.
hu a
D
0
InLoopBack0
g.
0
InLoopBack0
rn in
172.16.3.1/32 Direct 0 172.16.3.255/32 Direct 0
we
172.16.0.0/24 Direct 0
i.
127.255.255.255/32 Direct 0
co m/
HCDA-HNTD Chapter 3 RIP Configuration
Change the authentication password on S1/0/0 of R2 to huawei2.
ea
[R2]interface serial1/0/0
[R2-Serial1/0/0]rip authentication-mode simple huawei2
:/ /l
Run the following command to delete the routes learned by R1 from R2 before the authentication password on R2 is changed. reset ip routing-table statistics protocol rip
ht tp
View the routing table of R1. display ip routing-table
Route Flags: R - relay, D - download to fib ----------------------------------------------------------------------------
:
Routing Tables: Public
Destinations : 11
取
Destination/Mask
Proto
Routes : 11
Pre Cost
资 多 更
Interface
0
D
10.0.1.1
LoopBack0
10.0.1.1/32 Direct 0
0
D
127.0.0.1
InLoopBack0
10.0.1.255/32 Direct 0
0
D
127.0.0.1
InLoopBack0
10.0.12.0/24 Direct 0
0
D
10.0.12.1
Serial1/0/0
10.0.12.1/32 Direct 0
0
D
127.0.0.1
InLoopBack0
10.0.12.2/32 Direct 0
0
D
10.0.12.2
Serial1/0/0
料 获
10.0.1.0/24 Direct 0
Flags NextHop
Page66
HUAWEI TECHNOLOGIES
HC Series
10.0.12.255/32 Direct 0 127.0.0.0/8
0
D
127.0.0.1
InLoopBack0
Direct 0
0
D
127.0.0.1
InLoopBack0
127.0.0.1/32 Direct 0
0
D
127.0.0.1
InLoopBack0
0
D
127.0.0.1
InLoopBack0
255.255.255.255/32 Direct 0
0
D
127.0.0.1
InLoopBack0
i.
127.255.255.255/32 Direct 0
we
Because R1 and R2 use different RIP authentication passwords, R1 cannot receive any RIP route from R2.
g.
[R2-Serial1/0/0]rip authentication-mode simple huawei
hu a
Restore the authentication password on S1/0/0 of R2 to huawei. [R2]interface serial1/0/0
rn in
Change the authentication mode on S2/0/0 of R2 to plain text authentication. [R2]interface Serial 2/0/0
[R2-Serial2/0/0]rip authentication-mode simple huawei
ea
Run the following command to delete the routes learned by R3 from R2 before you change the authentication password.
:/ /l
reset ip routing-table statistics protocol rip
View the routing table of R3. display ip routing-table
Route Flags: R - relay, D - download to fib
ht tp
---------------------------------------------------------------------------Routing Tables: Public
Destinations : 23
Proto
Pre Cost
:
Destination/Mask
Routes : 23
0
D
10.0.3.3
LoopBack0
0
D
127.0.0.1
InLoopBack0
0
D
127.0.0.1
InLoopBack0
10.0.23.0/24 Direct 0
取
10.0.3.3/32 Direct 0 10.0.3.255/32 Direct 0
D
10.0.23.3
Serial2/0/0
0
D
10.0.23.2
Serial2/0/0
10.0.23.3/32 Direct 0
0
D
127.0.0.1
InLoopBack0
10.0.23.255/32 Direct 0
0
D
127.0.0.1
InLoopBack0
127.0.0.1
InLoopBack0
127.0.0.1
InLoopBack0
料 获
0
10.0.23.2/32 Direct 0
0
127.0.0.1/32 Direct 0
0
资
Direct 0
127.255.255.255/32 Direct 0
多
Interface
10.0.3.0/24 Direct 0
127.0.0.0/8
更
Flags NextHop
HC Series
D D 0
D
127.0.0.1
HUAWEI TECHNOLOGIES
InLoopBack0
Page67
cn
co m/
HCDA-HNTD Chapter 3 RIP Configuration
cn
172.16.0.0/24 Direct 0
0
D
172.16.0.1
LoopBack2 InLoopBack0
172.16.0.1/32 Direct 0
0
D
127.0.0.1
172.16.0.255/32 Direct 0
0
D
127.0.0.1
InLoopBack0
172.16.1.0/24 Direct 0
0
D
172.16.1.1
LoopBack3
0
D
127.0.0.1
InLoopBack0
0
D
127.0.0.1
InLoopBack0
172.16.2.0/24 Direct 0
0
D
172.16.2.1
LoopBack4
172.16.2.1/32 Direct 0
0
D
127.0.0.1
InLoopBack0
172.16.2.255/32 Direct 0
0
D
127.0.0.1
InLoopBack0
172.16.3.0/24 Direct 0
0
D
172.16.3.1
172.16.3.1/32 Direct 0
0
D
127.0.0.1
172.16.3.255/32 Direct 0
0
D
127.0.0.1
D
127.0.0.1
we
hu a
0
LoopBack5
InLoopBack0 InLoopBack0 InLoopBack0
g.
255.255.255.255/32 Direct 0
i.
172.16.1.1/32 Direct 0 172.16.1.255/32 Direct 0
co m/
HCDA-HNTD Chapter 3 RIP Configuration
rn in
Because R2 and R3 use different RIP authentication modes, R3 cannot receive any RIP route from R2. Restore the authentication mode on S2/0/0 of R2 to MD5. [R2]interface serial2/0/0
ea
[R2-Serial2/0/0]rip authentication-mode md5 usual huawei
:/ /l
Verify that routes in routing tables of R1, R2, and R3 are correct. display ip routing-table
Route Flags: R - relay, D - download to fib ---------------------------------------------------------------------------Routing Tables: Public
Routes : 15
ht tp
Destinations : 15
Proto
Pre Cost
D
10.0.1.1
0
D
127.0.0.1
InLoopBack0
0
D
127.0.0.1
InLoopBack0
10.0.2.0/24 RIP
100 1
D
10.0.12.2
Serial1/0/0
100 2
D
10.0.12.2
Serial1/0/0
:
0
10.0.1.1/32 Direct 0
10.0.3.0/24 RIP
D
10.0.12.1
Serial1/0/0
0
D
127.0.0.1
InLoopBack0
10.0.12.2/32 Direct 0
0
D
10.0.12.2
Serial1/0/0
10.0.12.255/32 Direct 0
0
D
127.0.0.1
InLoopBack0
100 1
D
10.0.12.2
Serial1/0/0
料 获
0
10.0.12.1/32 Direct 0
127.0.0.0/8
资
LoopBack0
10.0.12.0/24 Direct 0
10.0.23.0/24 RIP
多
Interface
10.0.1.0/24 Direct 0
10.0.1.255/32 Direct 0
更
Flags NextHop
取
Destination/Mask
Direct 0
0
D
127.0.0.1
InLoopBack0
127.0.0.1/32 Direct 0
0
D
127.0.0.1
InLoopBack0
Page68
HUAWEI TECHNOLOGIES
HC Series
127.255.255.255/32 Direct 0 172.16.0.0/16 RIP
0
100 2
255.255.255.255/32 Direct 0
0
D
127.0.0.1
InLoopBack0
D
10.0.12.2
Serial1/0/0
D
127.0.0.1
InLoopBack0
i.
display ip routing-table Route Flags: R - relay, D - download to fib
we
---------------------------------------------------------------------------Routing Tables: Public
Proto
10.0.1.0/24 RIP
Pre Cost
100 1
Flags NextHop
D
10.0.12.1
D
10.0.2.2
0
10.0.2.2/32 Direct 0
0
D
127.0.0.1
10.0.2.255/32 Direct 0
0
D
127.0.0.1
100 1
Serial1/0/0 LoopBack0 InLoopBack0
InLoopBack0
D
10.0.23.3
Serial2/0/0
10.0.12.0/24 Direct 0
0
D
10.0.12.2
Serial1/0/0
10.0.12.1/32 Direct 0
0
D
10.0.12.1
Serial1/0/0
10.0.12.2/32 Direct 0
0
D
127.0.0.1
InLoopBack0
10.0.12.255/32 Direct 0
0
D
127.0.0.1
InLoopBack0
10.0.23.0/24 Direct 0
0
D
10.0.23.2
10.0.23.2/32 Direct 0
0
D
127.0.0.1
InLoopBack0
Serial2/0/0
10.0.23.3/32 Direct 0
0
D
10.0.23.3
Serial2/0/0
10.0.23.255/32 Direct 0
0
D
127.0.0.1
InLoopBack0
Direct 0
0
D
127.0.0.1
InLoopBack0
127.0.0.1/32 Direct 0
0
D
127.0.0.1
InLoopBack0
D
127.0.0.1
:/ /l
ea
10.0.3.0/24 RIP
Interface
rn in
10.0.2.0/24 Direct 0
hu a
Destination/Mask
Routes : 21
g.
Destinations : 21
InLoopBack0
172.16.0.0/24 RIP
100 1
D
10.0.23.3
Serial2/0/0
172.16.1.0/24 RIP
100 1
D
10.0.23.3
Serial2/0/0
172.16.2.0/24 RIP
100 1
D
10.0.23.3
Serial2/0/0
172.16.3.0/24 RIP
100 1
D
10.0.23.3
Serial2/0/0
D
127.0.0.1
InLoopBack0
127.0.0.0/8
ht tp
127.255.255.255/32 Direct 0
0
取
:
255.255.255.255/32 Direct 0
0
display ip routing-table
料 获
Route Flags: R - relay, D - download to fib ---------------------------------------------------------------------------Routing Tables: Public Destinations : 26
Proto
Routes : 26
Pre Cost
Flags NextHop
Interface
更
多
资
Destination/Mask
HC Series
HUAWEI TECHNOLOGIES
cn
co m/
HCDA-HNTD Chapter 3 RIP Configuration
Page69
100 2
10.0.2.0/24 RIP
100 1
cn D
10.0.23.2
Serial2/0/0
D
10.0.23.2
Serial2/0/0
10.0.3.0/24 Direct 0
0
D
10.0.3.3
LoopBack0
10.0.3.3/32 Direct 0
0
D
127.0.0.1
InLoopBack0
10.0.3.255/32 Direct 0
0
D
127.0.0.1
InLoopBack0
100 1
D
10.0.23.2
Serial2/0/0
10.0.12.0/24 RIP
0
D
10.0.23.3
Serial2/0/0
10.0.23.2/32 Direct 0
0
D
10.0.23.2
Serial2/0/0
10.0.23.3/32 Direct 0
0
D
127.0.0.1
InLoopBack0
D
127.0.0.1
InLoopBack0
0
D
127.0.0.1
InLoopBack0
127.0.0.1/32 Direct 0
0
D
127.0.0.1
InLoopBack0
D
127.0.0.1
InLoopBack0
D
172.16.0.1
127.255.255.255/32 Direct 0
0
172.16.0.0/24 Direct 0
0
hu a
0
Direct 0
127.0.0.0/8
g.
10.0.23.255/32 Direct 0
we
10.0.23.0/24 Direct 0
i.
10.0.1.0/24 RIP
co m/
HCDA-HNTD Chapter 3 RIP Configuration
LoopBack2
172.16.0.1/32 Direct 0
0
D
127.0.0.1
172.16.0.255/32 Direct 0
0
D
127.0.0.1
InLoopBack0
172.16.1.0/24 Direct 0
0
D
172.16.1.1
LoopBack3
172.16.1.1/32 Direct 0
0
D
127.0.0.1
InLoopBack0
172.16.1.255/32 Direct 0
0
D
127.0.0.1
InLoopBack0
172.16.2.0/24 Direct 0
0
D
172.16.2.1
LoopBack4
172.16.2.1/32 Direct 0
0
D
127.0.0.1
InLoopBack0
172.16.2.255/32 Direct 0
0
D
127.0.0.1
172.16.3.0/24 Direct 0
0
D
172.16.3.1
LoopBack5
InLoopBack0
172.16.3.1/32 Direct 0
0
D
127.0.0.1
InLoopBack0
172.16.3.255/32 Direct 0
0
D
127.0.0.1
InLoopBack0
255.255.255.255/32 Direct 0
0
D
127.0.0.1
InLoopBack0
ht tp
:/ /l
ea
rn in
InLoopBack0
Additional Exercises: Analyzing and Verifying
取
:
You can use debug commands to troubleshoot faults. In step 5, the authentication passwords or authentication modes on two routers are different. Use debug commands to view relevant information.
料 获
Appendix A:
RIP Debugging Commands on Huawei Routers
更
多
资
debugging rip 1 ? brief
Brief information about RIP events
error
Information about RIP Errors
event
Information about RIP events
packet
All RIP packets
Page70
HUAWEI TECHNOLOGIES
HC Series
receive
Received RIP packet information
route-processing
Information about RIP Route-Processing Sent RIP packet information
timer
Information about RIP timers
Please press ENTER to execute command
i.
send
we
The preceding lists some debugging commands, which can be used for reference.
hu a
Final Configurations display current-configuration
g.
[V200R001C01SPC300] #
interface Serial1/0/0 link-protocol ppp ip address 10.0.12.1 255.255.255.0
ea
rip authentication-mode simple huawei
rn in
sysname R1 #
#
:/ /l
interface LoopBack0 ip address 10.0.1.1 255.255.255.0 # rip 1 version 2
ht tp
network 10.0.0.0 # Return
display current-configuration
#
取
sysname R2 #
:
[V200R001C01SPC300]
interface Serial1/0/0
料 获
link-protocol ppp ip address 10.0.12.2 255.255.255.0 rip authentication-mode simple huawei rip summary-address 172.16.0.0 255.255.0.0
#
更
多
资
interface Serial2/0/0
HC Series
HUAWEI TECHNOLOGIES
Page71
cn
co m/
HCDA-HNTD Chapter 3 RIP Configuration
cn co m/
HCDA-HNTD Chapter 3 RIP Configuration link-protocol ppp ip address 10.0.23.2 255.255.255.0 rip authentication-mode md5 usual gg^dP=F.[>=H)H2[EInB~.2# #
i.
interface LoopBack0 ip address 10.0.2.2 255.255.255.0
we
# rip 1 version 2
hu a
network 10.0.0.0 #
g.
return
display current-configuration
rn in
[V200R001C01SPC300] # sysname R3 #
link-protocol ppp ip address 10.0.23.3 255.255.255.0
ea
interface Serial2/0/0
# interface LoopBack0
:/ /l
rip authentication-mode md5 usual gg^dP=F.[>=H)H2[EInB~.2#
ip address 10.0.3.3 255.255.255.0 #
ht tp
interface LoopBack2
ip address 172.16.0.1 255.255.255.0 #
interface LoopBack3
ip address 172.16.1.1 255.255.255.0
:
#
interface LoopBack4
取
ip address 172.16.2.1 255.255.255.0 #
料 获
interface LoopBack5 ip address 172.16.3.1 255.255.255.0
#
rip 1
version 2
更
多
资
network 10.0.0.0 network 172.16.0.0
Page72
HUAWEI TECHNOLOGIES
HC Series
#
多
资
料 获
取
:
ht tp
:/ /l
ea
rn in
g.
hu a
we
i.
Return
更
cn
co m/
HCDA-HNTD Chapter 3 RIP Configuration
HC Series
HUAWEI TECHNOLOGIES
Page73
cn co m/
HCDA-HNTD Chapter 4 OSPF Configuration
Chapter 4 OSPF Configuration
Learning Objectives
g.
Router ID usage. Method used to enable OSPF on a specified interface or network. Method used to view OSPF operations using display commands. Method to use OSPF to advertise default routes. Method used to change the OSPF hello interval and dead interval. Method used to change the OSPF route priority. DR or BDR election on the Ethernet.
rn in
x x x x x x x
hu a
The objectives of this lab are to learn and understand:
we
i.
Lab 4-1 OSPF Single-area Configuration
更
多
资
料 获
取
:
ht tp
:/ /l
ea
Topology
Page74
Figure 4.1 OSPF single area topology
HUAWEI TECHNOLOGIES
HC Series
Scenario
we
i.
Assume that you are a network administrator of a company. The company will use OSPF to exchange routes. All the routers belong to OSPF area 0. OSPF is required to advertise default routes and the DR or BDR will be elected.
Step 1 Configure IP addresses for interfaces.
Enter system view, return user view with Ctrl+Z.
[R1]interface serial1/0/0 [R1-Serial1/0/0]ip address 10.0.12.1 24
rn in
[Huawei]sysname R1
g.
system-view
hu a
Tasks
[R1-Serial1/0/0]interface GigabitEthernet 0/0/0
[R1-GigabitEthernet0/0/0]ip address 10.0.13.1 24
ea
[R1-GigabitEthernet0/0/0]interface loopback 0
system-view
:/ /l
[R1-LoopBack0]ip address 10.0.1.1 24
Enter system view, return user view with Ctrl+Z. [Huawei]sysname R2
[R2]interface serial 1/0/0
[R2-Serial1/0/0]ip address 10.0.12.2 24
ht tp
[R2-Serial1/0/0]interface loopback 0 [R2-LoopBack0]ip address 10.0.2.2 24
system-view
:
Enter system view, return user view with Ctrl+Z. [Huawei]sysname R3
[R3]interface GigabitEthernet 0/0/0
取
[R3-GigabitEthernet0/0/0]ip address 10.0.13.3 24 [R3-GigabitEthernet0/0/0]interface loopback 0
料 获
[R3-LoopBack0]ip address 10.0.3.3 24 [R3-LoopBack0]interface loopback 2
多
资
[R3-LoopBack2]ip address 172.16.0.1 24
更
cn
co m/
HCDA-HNTD Chapter 4 OSPF Configuration
HC Series
HUAWEI TECHNOLOGIES
Page75
cn co m/
HCDA-HNTD Chapter 4 OSPF Configuration
Step 2 Configure OSPF.
i.
Use Loopback0's IP address 10.0.1.1 as the router ID, use OSPF process 1 (default OSPF process), and specify network segments 10.0.12.0/24, 10.0.13.0/24, and 10.0.1.0/24 in OSPF area 0.
we
[R1]ospf 1 router-id 10.0.1.1 [R1-ospf-1]area 0
[R1-ospf-1-area-0.0.0.0]network 10.0.13.0 0.0.0.255 [R1-ospf-1-area-0.0.0.0]network 10.0.12.0 0.0.0.255
hu a
[R1-ospf-1-area-0.0.0.0]network 10.0.1.0 0.0.0.255
rn in
g.
A router can run multiple OSPF processes and different routers in a routing domain can use identical or different OSPF process IDs. You must specify the wildcard mask in the network command. Use Loopback0's IP address 10.0.2.2 as the router ID, use OSPF process 10, and specify network segments 10.0.12.0/24 and 10.0.2.0/24 in OSPF area 0.
ea
[R2]ospf 10 router-id 10.0.2.2 [R2-ospf-10]area 0
[R2-ospf-10-area-0.0.0.0]network 10.0.12.0 0.0.0.255
:/ /l
[R2-ospf-10-area-0.0.0.0]network 10.0.2.0 0.0.0.255
ht tp
Use Loopback0's IP address 10.0.3.3 as the router ID, use OSPF process 100, and specify network segments 10.0.13.0/24 and 10.0.3.0/24 in OSPF area 0. [R3]ospf 100 router-id 10.0.3.3 [R3-ospf-100]area 0
[R3-ospf-100-area-0.0.0.0]network 10.0.13.0 0.0.0.255
:
[R3-ospf-100-area-0.0.0.0]network 10.0.3.0 0.0.0.255
取
Step 3 Verify the OSPF configuration.
料 获
After OSPF route convergence is complete, view routing tables of R1, R2, and R3.
display ip routing-table Route Flags: R - relay, D - download to fib ----------------------------------------------------------------------------
更
多
资
Routing Tables: Public
Page76
HUAWEI TECHNOLOGIES
HC Series
Destination/Mask
Proto
Routes : 16
Pre Cost
Flags NextHop
Interface
10.0.1.0/24 Direct 0
0
D
10.0.1.1
LoopBack0
10.0.1.1/32 Direct 0
0
D
127.0.0.1
InLoopBack0
0
InLoopBack0
127.0.0.1
10
1562 D
10.0.12.2
Serial1/0/0
10.0.3.3/32 OSPF
10
1
D
10.0.13.3
GigabitEthernet0/0/0
10.0.12.0/24 Direct 0
0
D
10.0.12.1
Serial1/0/0
10.0.12.1/32 Direct 0
0
D
127.0.0.1
InLoopBack0
we
D
10.0.2.2/32 OSPF
hu a
10.0.1.255/32 Direct 0
i.
Destinations : 16
0
D
10.0.12.2
Serial1/0/0
0
D
127.0.0.1
InLoopBack0
10.0.13.0/24 Direct 0
0
D
10.0.13.1
10.0.13.1/32 Direct 0
0
D
127.0.0.1
10.0.13.255/32 Direct 0
0
D
127.0.0.1
GigabitEthernet0/0/0 InLoopBack0
InLoopBack0
rn in
127.0.0.0/8
g.
10.0.12.2/32 Direct 0 10.0.12.255/32 Direct 0
Direct 0
0
D
127.0.0.1
InLoopBack0
127.0.0.1/32 Direct 0
0
D
127.0.0.1
InLoopBack0
0
D
127.0.0.1
InLoopBack0
255.255.255.255/32 Direct 0
0
D
127.0.0.1
InLoopBack0
ea
127.255.255.255/32 Direct 0
display ip routing-table
:/ /l
Route Flags: R - relay, D - download to fib
---------------------------------------------------------------------------Routing Tables: Public Destinations : 14
Proto
Pre Cost
ht tp
Destination/Mask
Routes : 14
10.0.1.1/32 OSPF
10
10.0.12.1
Serial1/0/0
D
10.0.2.2
LoopBack0
0
D
127.0.0.1
InLoopBack0
10.0.2.255/32 Direct 0
0
D
127.0.0.1
InLoopBack0
:
0
10.0.2.2/32 Direct 0
10.0.3.3/32 OSPF
10
1563
D
10.0.12.1
Serial1/0/0
0
D
10.0.12.2
Serial1/0/0
10.0.12.1/32 Direct 0
0
D
10.0.12.1
Serial1/0/0
10.0.12.2/32 Direct 0
0
D
127.0.0.1
InLoopBack0
0
D
127.0.0.1
InLoopBack0
取
料 获
10.0.12.255/32 Direct 0 10.0.13.0/24 OSPF
127.0.0.0/8
10
1563
Direct 0
0
127.0.0.1/32 Direct 0
0
资
127.255.255.255/32 Direct 0 255.255.255.255/32 Direct 0
多
D
Interface
10.0.2.0/24 Direct 0
10.0.12.0/24 Direct 0
更
1562
Flags NextHop
HC Series
D D D
10.0.12.1
Serial1/0/0
127.0.0.1
InLoopBack0
127.0.0.1
InLoopBack0
0
D
127.0.0.1
InLoopBack0
0
D
127.0.0.1
InLoopBack0
HUAWEI TECHNOLOGIES
Page77
cn
co m/
HCDA-HNTD Chapter 4 OSPF Configuration
cn co m/
HCDA-HNTD Chapter 4 OSPF Configuration
display ip routing-table Route Flags: R - relay, D - download to fib
----------------------------------------------------------------------------
Destination/Mask
Routes : 16
Proto
Pre Cost
we
Destinations : 16
i.
Routing Tables: Public
Flags NextHop
Interface
10
1
D
10.0.13.1
GigabitEthernet0/0/0
10.0.2.2/32 OSPF
10
1563 D
10.0.13.1
GigabitEthernet0/0/0 LoopBack0
0
D
10.0.3.3
10.0.3.3/32 Direct 0
0
D
127.0.0.1
10.0.3.255/32 Direct 0
0
D
127.0.0.1
1563 D
10.0.13.1
10.0.13.0/24 Direct 0
0
D
10.0.13.3
10.0.13.3/32 Direct 0
0
D
127.0.0.1
InLoopBack0
10.0.13.255/32 Direct 0
0
D
127.0.0.1
InLoopBack0
GigabitEthernet0/0/0 GigabitEthernet0/0/0
Direct 0
0
D
127.0.0.1
InLoopBack0
127.0.0.1/32 Direct 0
0
D
127.0.0.1
InLoopBack0
D
127.0.0.1
InLoopBack0
127.255.255.255/32 Direct 0
0
ea
127.0.0.0/8
10
InLoopBack0
rn in
10.0.12.0/24 OSPF
InLoopBack0
g.
10.0.3.0/24 Direct 0
hu a
10.0.1.1/32 OSPF
0
D
172.16.0.1
LoopBack2
172.16.0.1/32 Direct 0
0
D
127.0.0.1
InLoopBack0
:/ /l
172.16.0.0/24 Direct 0
172.16.0.255/32 Direct 0
0
D
127.0.0.1
InLoopBack0
255.255.255.255/32 Direct 0
0
D
127.0.0.1
InLoopBack0
ht tp
Test network connectivity between R2 and R1 at 10.0.1.1 and between R2 and R3 at 10.0.3.3. [R2]ping 10.0.1.1
PING 10.0.1.1: 56 data bytes, press CTRL_C to break Reply from 10.0.1.1: bytes=56 Sequence=1 ttl=255 time=37 ms
:
Reply from 10.0.1.1: bytes=56 Sequence=2 ttl=255 time=42 ms Reply from 10.0.1.1: bytes=56 Sequence=3 ttl=255 time=42 ms
取
Reply from 10.0.1.1: bytes=56 Sequence=4 ttl=255 time=45 ms
料 获
Reply from 10.0.1.1: bytes=56 Sequence=5 ttl=255 time=42 ms
--- 10.0.1.1 ping statistics --5 packet(s) transmitted 5 packet(s) received 0.00% packet loss
更
多
资
round-trip min/avg/max = 37/41/45 ms
Page78
HUAWEI TECHNOLOGIES
HC Series
[R2]ping 10.0.3.3 PING 10.0.3.3: 56 data bytes, press CTRL_C to break Reply from 10.0.3.3: bytes=56 Sequence=1 ttl=254 time=37 ms Reply from 10.0.3.3: bytes=56 Sequence=2 ttl=254 time=42 ms
we
Reply from 10.0.3.3: bytes=56 Sequence=5 ttl=254 time=42 ms
i.
Reply from 10.0.3.3: bytes=56 Sequence=3 ttl=254 time=42 ms Reply from 10.0.3.3: bytes=56 Sequence=4 ttl=254 time=42 ms
--- 10.0.3.3 ping statistics ---
hu a
5 packet(s) transmitted 5 packet(s) received 0.00% packet loss
g.
round-trip min/avg/max = 37/41/42 ms
rn in
Run the display ip routing-table protocol ospf command to view the learned routes. Use the display on R1 as an example. The configurations on R2 and R3 are similar. [R1]display ip routing-table protocol ospf
Route Flags: R - relay, D - download to fib
ea
---------------------------------------------------------------------------Public routing table : OSPF
Routes : 2
:/ /l
Destinations : 2
OSPF routing table status : Destinations : 2
Proto
Routes : 2
Pre Cost
ht tp
Destination/Mask
Flags NextHop
Interface
10.0.2.2/32 OSPF
10
1562 D
10.0.12.2
Serial1/0/0
10.0.3.3/32 OSPF
10
1
10.0.13.3
GigabitEthernet0/0/0
D
OSPF routing table status : Routes : 0
:
Destinations : 0
取
Run the display ospf peer command to view the OSPF neighbor status.
料 获
[R1]display ospf peer
OSPF Process 1 with Router ID 10.0.1.1 Neighbors
Area 0.0.0.0 interface 10.0.12.1(Serial1/0/0)'s neighbors
更
多
资
Router ID: 10.0.2.2
Address: 10.0.12.2
State: Full Mode:Nbr is Master Priority: 1
HC Series
HUAWEI TECHNOLOGIES
cn
co m/
HCDA-HNTD Chapter 4 OSPF Configuration
Page79
DR: None
BDR: None
cn co m/
HCDA-HNTD Chapter 4 OSPF Configuration MTU: 0
Dead timer due in 30 sec Retrans timer interval: 5 Neighbor is up for 00:09:19
i.
Authentication Sequence: [ 0 ]
we
Neighbors Area 0.0.0.0 interface 10.0.13.1(GigabitEthernet0/0/0)'s neighbors Router ID: 10.0.3.3
Address: 10.0.13.3
hu a
State: Full Mode:Nbr is Master Priority: 1 DR: 10.0.13.1 BDR: 10.0.13.3 MTU: 0 Dead timer due in 37 sec
g.
Retrans timer interval: 5 Neighbor is up for 00:10:04
rn in
Authentication Sequence: [ 0 ]
ea
The display ospf peer command displays detailed information about neighbors. The preceding information shows that R1 has two neighbors: R2 (Router ID: 10.0.2.2) and R3 (Router ID:10.0.3.3). The neighbors are in full state. You can also run the display ospf peer brief command to view brief information about neighbors.
:/ /l
[R1]display ospf peer brief
OSPF Process 1 with Router ID 10.0.1.1 Peer Statistic Information
Interface
0.0.0.0
ht tp
---------------------------------------------------------------------------Area Id
Serial1/0/0
0.0.0.0
Neighbor id
State
10.0.2.2
Full
GigabitEthernet0/0/0
10.0.3.3
Full
----------------------------------------------------------------------------
:
[R2]display ospf peer brief
取
OSPF Process 10 with Router ID 10.0.2.2 Peer Statistic Information
---------------------------------------------------------------------------Interface
Neighbor id
State
0.0.0.0
Serial1/0/0
10.0.1.1
Full
料 获
Area Id
----------------------------------------------------------------------------
更
多
资
[R3]display ospf peer brief OSPF Process 100 with Router ID 10.0.3.3
Page80
HUAWEI TECHNOLOGIES
HC Series
Peer Statistic Information
---------------------------------------------------------------------------Area Id
Interface
0.0.0.0
GigabitEthernet0/0/0
Neighbor id 10.0.1.1
State Full
i.
----------------------------------------------------------------------------
we
Step 4 Change the OSPF hello interval and dead interval.
hu a
Run the display ospf interface GigabitEthernet 0/0/0 command on R1 to view the default OSPF hello interval and dead interval.
OSPF Process 1 with Router ID 10.0.1.1
rn in
Interfaces
g.
[R1]display ospf interface GigabitEthernet 0/0/0
Interface: 10.0.13.1 (GigabitEthernet0/0/0) Cost: 1
State: DR
Type: Broadcast
MTU: 1500
ea
Priority: 1 Designated Router: 10.0.13.1
Backup Designated Router: 10.0.13.3
:/ /l
Timers: Hello 10 , Dead 40 , Poll 120 , Retransmit 5 , Transmit Delay 1
Run the ospf timer command to change the OSPF hello interval and dead interval on GE0/0/0 of R1 to 15s and 60s respectively.
ht tp
[R1]interface GigabitEthernet 0/0/0
[R1-GigabitEthernet0/0/0]ospf timer hello 15 [R1-GigabitEthernet0/0/0]ospf timer dead 60 [R1-GigabitEthernet0/0/0]display ospf interface GigabitEthernet 0/0/0
:
OSPF Process 1 with Router ID 10.0.1.1
取
Interfaces
Interface: 10.0.13.1 (GigabitEthernet0/0/0)
料 获
Cost: 1
State: DR
Type: Broadcast
MTU: 1500
Priority: 1 Designated Router: 10.0.13.1 Backup Designated Router: 10.0.13.3
更
多
资
Timers: Hello 15 , Dead 60 , Poll 120 , Retransmit 5 , Transmit Delay 1
HC Series
HUAWEI TECHNOLOGIES
cn
co m/
HCDA-HNTD Chapter 4 OSPF Configuration
Page81
cn co m/
HCDA-HNTD Chapter 4 OSPF Configuration
Check the OSPF neighbor status on R1. [R1]display ospf peer brief
Peer Statistic Information
i.
OSPF Process 1 with Router ID 10.0.1.1
---------------------------------------------------------------------------Interface
Neighbor id
State
0.0.0.0
Serial1/0/0
10.0.2.2
Full
we
Area Id
hu a
----------------------------------------------------------------------------
g.
The preceding information shows that R1 has only one neighbor, R2. Because OSPF hello intervals and dead intervals on R1 and R3 are different, R1 and R3 cannot establish an OSPF neighbor relationship.
rn in
Run the ospf timer command to change the OSPF hello interval and dead interval on GE0/0/0 of R3 to 15s and 60s respectively. [R3]interface GigabitEthernet 0/0/0
[R3-GigabitEthernet0/0/0]ospf timer hello 15 [R3-GigabitEthernet0/0/0]ospf timer dead 60
ea
[R3-GigabitEthernet0/0/0]display ospf interface GigabitEthernet 0/0/0
Interfaces
:/ /l
OSPF Process 100 with Router ID 10.0.3.3
Interface: 10.0.13.3 (GigabitEthernet0/0/0) State: DR
Priority: 1
Type: Broadcast
MTU: 1500
ht tp
Cost: 1
Designated Router: 10.0.13.3
Backup Designated Router: 10.0.13.1
:
Timers: Hello 15 , Dead 60 , Poll 120 , Retransmit 5 , Transmit Delay 1
取
Check the OSPF neighbor status on R1 again. [R1]display ospf peer brief
料 获
OSPF Process 1 with Router ID 10.0.1.1 Peer Statistic Information
----------------------------------------------------------------------------
更
多
资
Area Id
Interface
Neighbor id
State
0.0.0.0
Serial1/0/0
10.0.2.2
Full
0.0.0.0
GigabitEthernet0/0/0
10.0.3.3
Full
----------------------------------------------------------------------------
Page82
HUAWEI TECHNOLOGIES
HC Series
Step 5 Configure OSPF to advertise default routes and verify
i.
the configuration.
we
Configure OSPF to advertise default routes on R3. [R3]ip route-static 0.0.0.0 0 LoopBack 2 [R3]ospf 100
hu a
[R3-ospf-100]default-route-advertise
g.
View routing tables of R1 and R2. You can see that R1 and R2 have learned the default routes advertised by R3.
rn in
[R1]display ip routing-table Route Flags: R - relay, D - download to fib
---------------------------------------------------------------------------Routing Tables: Public
O_ASE
Pre Cost
150 1
Flags NextHop
Interface
D
10.0.13.3
GigabitEthernet0/0/0
D
10.0.1.1
LoopBack0
:/ /l
0.0.0.0/0
Proto
Routes : 17
ea
Destinations : 17
Destination/Mask
10.0.1.0/24 Direct 0
0
10.0.1.1/32 Direct 0
0
D
127.0.0.1
InLoopBack0
10.0.1.255/32 Direct 0
0
D
127.0.0.1
InLoopBack0
1562 D
10.0.12.2
Serial1/0/0
10 10
1
D
10.0.13.3
GigabitEthernet0/0/0
10.0.12.0/24 Direct 0
0
D
10.0.12.1
Serial1/0/0
10.0.12.1/32 Direct 0
0
D
127.0.0.1
InLoopBack0
10.0.12.2/32 Direct 0
0
D
10.0.12.2
Serial1/0/0
10.0.12.255/32 Direct 0
0
D
127.0.0.1
InLoopBack0
:
ht tp
10.0.2.2/32 OSPF 10.0.3.3/32 OSPF
10.0.13.0/24 Direct 0
0
D
10.0.13.1
GigabitEthernet0/0/0
10.0.13.1/32 Direct 0
0
D
127.0.0.1
InLoopBack0
0
D
127.0.0.1
InLoopBack0
Direct 0
0
D
127.0.0.1
InLoopBack0
127.0.0.1/32 Direct 0
0
取
10.0.13.255/32 Direct 0 127.0.0.0/8
127.0.0.1
InLoopBack0
0
D
127.0.0.1
InLoopBack0
255.255.255.255/32 Direct 0
0
D
127.0.0.1
InLoopBack0
料 获
D
127.255.255.255/32 Direct 0
[R2]display ip routing-table
资
Route Flags: R - relay, D - download to fib
更
多
----------------------------------------------------------------------------
HC Series
cn
co m/
HCDA-HNTD Chapter 4 OSPF Configuration
HUAWEI TECHNOLOGIES
Page83
cn
Routing Tables: Public
Destination/Mask
0.0.0.0/0
Routes : 15
Proto
O_ASE
150 1
D
Interface
10.0.12.1
Serial1/0/0
1562
D
10.0.12.1
Serial1/0/0
10.0.2.0/24 Direct 0
0
D
10.0.2.2
LoopBack0
10.0.2.2/32 Direct 0
0
D
127.0.0.1
InLoopBack0
InLoopBack0
10.0.2.255/32 Direct 0 10.0.3.3/32 OSPF
10
0
D
127.0.0.1
1563
D
10.0.12.1
we
10
Flags NextHop
hu a
10.0.1.1/32 OSPF
Pre Cost
i.
Destinations : 15
Serial1/0/0
10.0.12.0/24 Direct 0
0
D
10.0.12.2
10.0.12.1/32 Direct 0
0
D
10.0.12.1
10.0.12.2/32 Direct 0
0
D
127.0.0.1
InLoopBack0
0
D
127.0.0.1
InLoopBack0
1563
D
10.0.12.1
Serial1/0/0
D
127.0.0.1
InLoopBack0
D
127.0.0.1
InLoopBack0
127.0.0.0/8
10
Direct 0
0
127.0.0.1/32 Direct 0
0 0
255.255.255.255/32 Direct 0
0
Serial1/0/0
D
127.0.0.1
InLoopBack0
D
127.0.0.1
InLoopBack0
ea
127.255.255.255/32 Direct 0
Serial1/0/0
g.
10.0.13.0/24 OSPF
rn in
10.0.12.255/32 Direct 0
co m/
HCDA-HNTD Chapter 4 OSPF Configuration
ping 172.16.0.1
:/ /l
Run the ping command to test connectivity between R2 and Loopback2 at 172.16.0.1. PING 172.16.0.1: 56 data bytes, press CTRL_C to break Reply from 172.16.0.1: bytes=56 Sequence=1 ttl=254 time=47 ms
ht tp
Reply from 172.16.0.1: bytes=56 Sequence=2 ttl=254 time=37 ms Reply from 172.16.0.1: bytes=56 Sequence=3 ttl=254 time=37 ms Reply from 172.16.0.1: bytes=56 Sequence=4 ttl=254 time=37 ms Reply from 172.16.0.1: bytes=56 Sequence=5 ttl=254 time=37 ms
:
--- 172.16.0.1 ping statistics --5 packet(s) transmitted 5 packet(s) received
取
0.00% packet loss
料 获
round-trip min/avg/max = 37/39/47 ms
Step 6 Control OSPF DR or BDR election. Run the display ospf peer command to view the DR and BDR of R1 and
更
多
资
R3.
Page84
HUAWEI TECHNOLOGIES
HC Series
[R1]display ospf peer 10.0.3.3
OSPF Process 1 with Router ID 10.0.1.1
Area 0.0.0.0 interface 10.0.13.1(GigabitEthernet0/0/0)'s neighbors
we
Address: 10.0.13.3
i.
Neighbors
Router ID: 10.0.3.3
State: Full Mode:Nbr is Master Priority: 1 DR: 10.0.13.3 BDR: 10.0.13.1 MTU: 0
hu a
Dead timer due in 49 sec Retrans timer interval: 5 Neighbor is up for 00:17:40
g.
Authentication Sequence: [ 0 ]
rn in
The preceding information shows that R3 is the DR and R1 is the BDR. This is because R3's router ID 10.0.3.3 is greater than R1's router ID 10.0.1.1. R1 and R3 use the default priority of 1, so their router IDs are used for DR or BDR election.
ea
Run the ospf dr-priority command to change DR priorities of R1 and R3. [R1]interface GigabitEthernet 0/0/0
:/ /l
[R1-GigabitEthernet0/0/0]ospf dr-priority 200
[R3]interface GigabitEthernet 0/0/0
[R3-GigabitEthernet0/0/0]ospf dr-priority 100
ht tp
By default, a DR or BDR is elected in non-preemption mode. After router priorities are changed, a DR is not re-elected, so you must reset the OSPF neighbor relationship between R1 and R3.
:
Shut down and re-enable GE0/0/0 interfaces on R1 and R3 to reset the OSPF neighbor relationship between R1 and R3. [R1]interface GigabitEthernet0/0/0
取
[R1-GigabitEthernet0/0/0]shutdown
[R3]interface GigabitEthernet0/0/0
料 获
[R3-GigabitEthernet0/0/0]shutdown
[R1-GigabitEthernet0/0/0]undo shutdown
更
多
资
[R3-GigabitEthernet0/0/0]undo shutdown
Run the display ospf peer command to view the DR and BDR of R1 and HC Series
cn
co m/
HCDA-HNTD Chapter 4 OSPF Configuration
HUAWEI TECHNOLOGIES
Page85
cn co m/
HCDA-HNTD Chapter 4 OSPF Configuration
R3. [R1]display ospf peer 10.0.3.3
Neighbors
Router ID: 10.0.3.3
we
Area 0.0.0.0 interface 10.0.13.1(GigabitEthernet0/0/0)'s neighbors
i.
OSPF Process 1 with Router ID 10.0.1.1
Address: 10.0.13.3
hu a
State: Full Mode:Nbr is Master Priority: 100 DR: 10.0.13.1 BDR: 10.0.13.3 MTU: 0 Dead timer due in 52 sec Retrans timer interval: 5
g.
Neighbor is up for 00:00:25
rn in
Authentication Sequence: [ 0 ]
According to the preceding information, R1's priority is higher than R3's priority, so R1 becomes DR and R3 becomes the BDR.
ea
Additional Exercises: Analyzing and Verifying
:/ /l
Why are OSPF hello interval and dead interval changed? Must OSPF hello intervals and dead intervals of all the routers in an OSPF area be the same? Must the OSPF hello interval and dead interval of a router be the same? Why?
ht tp
In which network is DR or BDR elected? R1, R2, and R3 are configured with loopback interfaces and use 24-bit mask. Why does the mask have 32 bits after other routers learn networks connected to loopback interfaces?
:
Final Configurations
取
[R1]display current-configuration [V200R001C01SPC300]
料 获
#
sysname R1
#
interface Serial1/0/0
更
多
资
link-protocol ppp ip address 10.0.12.1 255.255.255.0
Page86
HUAWEI TECHNOLOGIES
HC Series
# interface GigabitEthernet0/0/0 ip address 10.0.13.1 255.255.255.0 ospf dr-priority 200
i.
ospf timer hello 15 #
we
interface LoopBack0 ip address 10.0.1.1 255.255.255.0 #
hu a
ospf 1 router-id 10.0.1.1 area 0.0.0.0 network 10.0.1.0 0.0.0.255
g.
network 10.0.13.0 0.0.0.255 network 10.0.12.0 0.0.0.255
[R2]display current-configuration [V200R001C01SPC300] #
ea
sysname R2 #
:/ /l
interface Serial1/0/0 link-protocol ppp
rn in
# return
ip address 10.0.12.2 255.255.255.0 # interface LoopBack0
ht tp
ip address 10.0.2.2 255.255.255.0 #
ospf 10 router-id 10.0.2.2 area 0.0.0.0
network 10.0.2.0 0.0.0.255
:
network 10.0.12.0 0.0.0.255 #
取
return
料 获
[R3]display current-configuration [V200R001C01SPC300] #
sysname R3
#
更
多
资
interface GigabitEthernet0/0/0 ip address 10.0.13.3 255.255.255.0
HC Series
cn
co m/
HCDA-HNTD Chapter 4 OSPF Configuration
HUAWEI TECHNOLOGIES
Page87
cn co m/
HCDA-HNTD Chapter 4 OSPF Configuration ospf dr-priority 100 ospf timer hello 15 # interface LoopBack0
i.
ip address 10.0.3.3 255.255.255.0 #
we
interface LoopBack2 ip address 172.16.0.1 255.255.255.0 #
hu a
ospf 100 router-id 10.0.3.3 default-route-advertise area 0.0.0.0
#
rn in
ip route-static 0.0.0.0 0.0.0.0 LoopBack2
g.
network 10.0.13.0 0.0.0.255 network 10.0.3.0 0.0.0.255
#
更
多
资
料 获
取
:
ht tp
:/ /l
ea
return
Page88
HUAWEI TECHNOLOGIES
HC Series
Lab 4-2 OSPF Multi-area and Authentication Configuration
i.
Learning Objectives
we
The objectives of this lab are to learn and understand:
hu a
OSPF multi-area advantages. Route exchange in multiple OSPF areas. OSPF multi-area configuration commands. OSPF authentication configuration. Troubleshooting method used when the setup of an OSPF relationship fails.
. neighbor
g.
x x x x x
料 获
取
:
ht tp
:/ /l
ea
rn in
Topology
Figure 4.2 OSPF multi area topology
更
多
资
Scenario Assume that you are a network administrator of a company. The company
HC Series
cn
co m/
HCDA-HNTD Chapter 4 OSPF Configuration
HUAWEI TECHNOLOGIES
Page89
cn co m/
HCDA-HNTD Chapter 4 OSPF Configuration
i.
will use OSPF to advertise routes. As the network scale increases, OSPF multi-area is used to plan the company network. OSPF authentication is required to ensure security. During this configuration, you will learn about OSPF LSA types and functions.
we
Tasks
hu a
Step 1 Configure IP addresses for interfaces. system-view Enter system view, return user view with Ctrl+Z.
g.
[Huawei]sysname R1 [R1]interface serial1/0/0
rn in
[R1-Serial1/0/0]ip address 10.0.12.1 24 [R1-Serial1/0/0]interface GigabitEthernet 0/0/0
[R1-GigabitEthernet0/0/0]ip address 10.0.13.1 24 [R1-GigabitEthernet0/0/0]interface loopback 0
ea
[R1-LoopBack0]ip address 10.0.1.1 24
system-view
[Huawei]sysname R2
:/ /l
Enter system view, return user view with Ctrl+Z.
[R2]interface serial 1/0/0
[R2-Serial1/0/0]ip address 10.0.12.2 24 [R2-Serial1/0/0]interface loopback 0
ht tp
[R2-LoopBack0]ip address 10.0.2.2 24
system-view
Enter system view, return user view with Ctrl+Z. [Huawei]sysname R3
:
[R3]interface GigabitEthernet 0/0/0 [R3-GigabitEthernet0/0/0]ip address 10.0.13.3 24 [R3-GigabitEthernet0/0/0]interface loopback 0
取
[R3-LoopBack0]ip address 10.0.3.3 24 [R3-LoopBack0]interface loopback 2
料 获
[R3-LoopBack2]ip address 172.16.0.1 24
更
多
资
Step 2 Configure multiple OSPF areas. R1 functions as the ABR. Specify network segment 10.0.12.0/24 in area 0
Page90
HUAWEI TECHNOLOGIES
HC Series
and network segments 10.0.13.0/24 and 10.0.1.0/24 in area 1. [R1]ospf 1 router-id 10.0.1.1 [R1-ospf-1]area 0 [R1-ospf-1-area-0.0.0.0]network 10.0.12.0 0.0.0.255
i.
[R1-ospf-1-area-0.0.0.0]quit [R1-ospf-1]area 1
we
[R1-ospf-1-area-0.0.0.1]network 10.0.13.0 0.0.0.255
hu a
[R1-ospf-1-area-0.0.0.1]network 10.0.1.0 0.0.0.255
Add R2 to the backbone area, area 0. [R2]ospf 1 router-id 10.0.2.2
g.
[R2-ospf-1]area 0
[R2-ospf-1-area-0.0.0.0]network 10.0.12.0 0.0.0.255
rn in
[R2-ospf-1-area-0.0.0.0]network 10.0.2.0 0.0.0.255
ea
R3 functions as the ASBR. Specify network segments 10.0.13.0/24 and 10.0.3.0/24 in area 1. The network segment 172.16.0.0/24 does not belong to any OSPF area. [R3]ospf 1 router-id 10.0.3.3
:/ /l
[R3-ospf-1]area 1
[R3-ospf-1-area-0.0.0.1]network 10.0.3.0 0.0.0.255 [R3-ospf-1-area-0.0.0.1]network 10.0.13.0 0.0.0.255
ht tp
Step 3 Verify OSPF routes.
View routing tables of R1, R2, and R3. Verify that each router has learned the following routes marked in grey. [R1]display ip routing-table protocol ospf
:
Route Flags: R - relay, D - download to fib ----------------------------------------------------------------------------
取
Public routing table : OSPF
料 获
Destinations : 2
Routes : 2
OSPF routing table status : Destinations : 2
Destination/Mask
资
10.0.2.2/32 OSPF
更
多
10.0.3.3/32 OSPF
HC Series
Routes : 2
Proto
Pre Cost
Flags NextHop
Interface
10
1562
D
10.0.12.2
Serial1/0/0
10
1
D
10.0.13.3
GigabitEthernet0/0/0
HUAWEI TECHNOLOGIES
cn
co m/
HCDA-HNTD Chapter 4 OSPF Configuration
Page91
cn co m/
HCDA-HNTD Chapter 4 OSPF Configuration OSPF routing table status : Destinations : 0
Routes : 0
[R2]display ip routing-table protocol ospf
i.
Route Flags: R - relay, D - download to fib
----------------------------------------------------------------------------
Routes : 3
OSPF routing table status :
Destination/Mask
Routes : 3
Proto
Pre Cost
Flags NextHop
Interface
g.
Destinations : 3
hu a
Destinations : 3
we
Public routing table : OSPF
10
1562
D
10.0.12.1
Serial1/0/0
10.0.3.3/32 OSPF
10
1563
D
10.0.12.1
Serial1/0/0
10.0.13.0/24 OSPF
10
1563
D
10.0.12.1
Serial1/0/0
OSPF routing table status : Destinations : 0
rn in
10.0.1.1/32 OSPF
Routes : 0
ea
[R3]display ip routing-table protocol ospf
Route Flags: R - relay, D - download to fib
:/ /l
---------------------------------------------------------------------------Public routing table : OSPF Destinations : 3
Routes : 3
OSPF routing table status :
Routes : 3
ht tp
Destinations : 3
Destination/Mask
Proto
Pre Cost
Flags NextHop
Interface
10
1
D
10.0.13.1
GigabitEthernet0/0/0
10.0.2.2/32 OSPF
10
1563
D
10.0.13.1
GigabitEthernet0/0/0
:
10.0.1.1/32 OSPF
取
10.0.12.0/24 OSPF
10
1563
D
10.0.13.1
GigabitEthernet0/0/0
OSPF routing table status : Routes : 0
料 获
Destinations : 0
Test network connectivity between R3 and R1 , R3 and R2.
[R3]ping 10.0.1.1
更
多
资
PING 10.0.1.1: 56 data bytes, press CTRL_C to break Reply from 10.0.1.1: bytes=56 Sequence=1 ttl=255 time=3 ms
Page92
HUAWEI TECHNOLOGIES
HC Series
Reply from 10.0.1.1: bytes=56 Sequence=2 ttl=255 time=2 ms Reply from 10.0.1.1: bytes=56 Sequence=3 ttl=255 time=2 ms Reply from 10.0.1.1: bytes=56 Sequence=4 ttl=255 time=2 ms
i.
Reply from 10.0.1.1: bytes=56 Sequence=5 ttl=255 time=2 ms
--- 10.0.1.1 ping statistics ---
we
5 packet(s) transmitted 5 packet(s) received
round-trip min/avg/max = 2/2/3 ms
[R3]ping 10.0.2.2
g.
PING 10.0.2.2: 56 data bytes, press CTRL_C to break
hu a
0.00% packet loss
Reply from 10.0.2.2: bytes=56 Sequence=1 ttl=254 time=32 ms Reply from 10.0.2.2: bytes=56 Sequence=2 ttl=254 time=37 ms
rn in
Reply from 10.0.2.2: bytes=56 Sequence=3 ttl=254 time=37 ms Reply from 10.0.2.2: bytes=56 Sequence=4 ttl=254 time=37 ms Reply from 10.0.2.2: bytes=56 Sequence=5 ttl=254 time=37 ms
--- 10.0.2.2 ping statistics ---
ea
5 packet(s) transmitted 5 packet(s) received
:/ /l
0.00% packet loss
round-trip min/avg/max = 32/36/37 ms
Check the OSPF neighbor status.
ht tp
[R1]display ospf peer brief
Neighbor id
State
Serial1/0/0
10.0.2.2
Full
OSPF Process 1 with Router ID 10.0.1.1 Peer Statistic Information ----------------------------------------------------------------------------
0.0.0.0 0.0.0.1
Interface
:
Area Id
GigabitEthernet0/0/0
10.0.3.3
Full
取
----------------------------------------------------------------------------
料 获
[R2]display ospf peer brief
OSPF Process 1 with Router ID 10.0.2.2 Peer Statistic Information
更
多
资
----------------------------------------------------------------------------
Area Id
HC Series
Interface
Neighbor id
HUAWEI TECHNOLOGIES
cn
co m/
HCDA-HNTD Chapter 4 OSPF Configuration
State
Page93
0.0.0.0
cn
Serial1/0/0
10.0.1.1
co m/
HCDA-HNTD Chapter 4 OSPF Configuration Full
----------------------------------------------------------------------------
i.
[R3]display ospf peer brief
OSPF Process 1 with Router ID 10.0.3.3
we
Peer Statistic Information
---------------------------------------------------------------------------Interface
Neighbor id
0.0.0.1
GigabitEthernet0/0/0
10.0.1.1
State
Full
hu a
Area Id
----------------------------------------------------------------------------
rn in
g.
Verify that the OSPF process ID and router ID of each router is correct and the neighbor relationships are in full state.
Step 4 Import external routes and verify the configuration.
ea
Run the import-route command on R3 to import direct routes. [R3]ospf 1
:/ /l
[R3-ospf-1]import-route direct
View routing tables of R1 and R2. R1 and R2 have learned the route 10.0.3.0/24 and 172.16.0.0/24.
ht tp
[R1]display ip routing-table protocol ospf Route Flags: R - relay, D - download to fib ---------------------------------------------------------------------------Public routing table : OSPF
Routes : 4
:
Destinations : 4
OSPF routing table status :
取
Destinations : 4
Destination/Mask
Routes : 4
Proto
Pre Cost
Interface
10
D
10.0.12.2
Serial1/0/0
10.0.3.0/24 O_ASE
150 1
D
10.0.13.3
GigabitEthernet0/0/0
10.0.3.3/32 OSPF
10
D
10.0.13.3
GigabitEthernet0/0/0
料 获
10.0.2.2/32 OSPF
172.16.0.0/24 O_ASE
1562
Flags NextHop
1 150 1
D
10.0.13.3
GigabitEthernet0/0/0
更
多
资
OSPF routing table status :
Page94
HUAWEI TECHNOLOGIES
HC Series
Destinations : 0
Routes : 0
[R2]display ip routing-table protocol ospf Route Flags: R - relay, D - download to fib
i.
---------------------------------------------------------------------------Public routing table : OSPF Routes : 5
we
Destinations : 5
Destination/Mask
Routes : 5
Proto
Pre Cost
10.0.3.0/24 O_ASE
Flags NextHop
Interface
D
10.0.12.1
150 1
D
10.0.12.1
Serial1/0/0
10.0.3.3/32 OSPF
10
1563
D
10.0.12.1
Serial1/0/0
10.0.13.0/24 OSPF
10
1563
D
10.0.12.1
Serial1/0/0
D
10.0.12.1
Serial1/0/0
172.16.0.0/24 O_ASE
1562
150 1
OSPF routing table status :
Routes : 0
ea
Destinations : 0
Serial1/0/0
g.
10
rn in
10.0.1.1/32 OSPF
hu a
OSPF routing table status : Destinations : 5
:/ /l
The routes in grey are imported routes. The value of Proto is O_ASE, indicating an external route. Run the ping command with the source address specified to test network connectivity. [R2]ping -a 10.0.2.2 10.0.3.3
ht tp
PING 10.0.3.3: 56 data bytes, press CTRL_C to break Reply from 10.0.3.3: bytes=56 Sequence=1 ttl=254 time=35 ms Reply from 10.0.3.3: bytes=56 Sequence=2 ttl=254 time=33 ms Reply from 10.0.3.3: bytes=56 Sequence=3 ttl=254 time=33 ms Reply from 10.0.3.3: bytes=56 Sequence=4 ttl=254 time=33 ms
:
Reply from 10.0.3.3: bytes=56 Sequence=5 ttl=254 time=33 ms
取
--- 10.0.3.3 ping statistics --5 packet(s) transmitted
料 获
5 packet(s) received 0.00% packet loss round-trip min/avg/max = 33/33/35 ms
[R2]ping -a 10.0.2.2 172.16.0.1
更
多
资
PING 172.16.0.1: 56 data bytes, press CTRL_C to break Reply from 172.16.0.1: bytes=56 Sequence=1 ttl=254 time=35 ms
HC Series
cn
co m/
HCDA-HNTD Chapter 4 OSPF Configuration
HUAWEI TECHNOLOGIES
Page95
cn co m/
HCDA-HNTD Chapter 4 OSPF Configuration Reply from 172.16.0.1: bytes=56 Sequence=2 ttl=254 time=33 ms Reply from 172.16.0.1: bytes=56 Sequence=3 ttl=254 time=33 ms Reply from 172.16.0.1: bytes=56 Sequence=4 ttl=254 time=33 ms
i.
Reply from 172.16.0.1: bytes=56 Sequence=5 ttl=254 time=33 ms
--- 172.16.0.1 ping statistics ---
we
5 packet(s) transmitted 5 packet(s) received 0.00% packet loss
hu a
round-trip min/avg/max = 33/33/35 ms
[R1]display ospf lsdb OSPF Process 1 with Router ID 10.0.1.1
AdvRouter
Router
10.0.2.2
10.0.2.2
Router
10.0.1.1
10.0.1.1
Sum-Net
10.0.13.0
10.0.1.1
Sum-Net
10.0.3.3
10.0.1.1
Sum-Net
10.0.1.1
10.0.1.1
Sum-Asbr 10.0.3.3
10.0.1.1
Age Len
:/ /l
LinkState ID
Sequence
Metric
908 60
80000003
1562
918 48
80000003
1562
ea
Area: 0.0.0.0 Type
rn in
Link State Database
g.
Run the display ospf lsdb command to view the LSDB of R1.
1022 28
80000001
1 1
720 28
80000001
1016 28
80000001
0
393 28
80000001
1
Area: 0.0.0.1 LinkState ID 10.0.3.3
10.0.3.3
AdvRouter
394 48
80000005
1
Router
10.0.1.1
10.0.1.1
719 48
80000006
1
Network
10.0.13.1
10.0.1.1
719 32
80000002
Sum-Net
10.0.12.0
10.0.1.1
1022 28
80000001
1562
Sum-Net
10.0.2.2
10.0.1.1
908 28
80000001
1562
Type
LinkState ID
Metric
:
ht tp
Type Router
Age Len
Sequence
Metric
0
AdvRouter
Age Len
Sequence
External 10.0.3.0
10.0.3.3
395 36
80000001
1
External 10.0.13.0
10.0.3.3
395 36
80000001
1
External 172.16.0.0
10.0.3.3
395 36
80000001
1
料 获
取
AS External Database
更
多
资
The preceding information is the brief information about the LSDB. The LSDB contains one ASBR-summary-LSA (Type4 LSA) and three AS-external-LSAs (Type5 LSAs). Page96
HUAWEI TECHNOLOGIES
HC Series
You can also run the following commands to view detailed information about LSAs. The following three commands display the Type3 LSA, Type4 LSA, and Type5 LSA respectively.
i.
[R1]display ospf lsdb summary 10.0.3.3
OSPF Process 1 with Router ID 10.0.1.1
we
Area: 0.0.0.0
: 10.0.1.1
Ls age
: 869
Len
: 28
Options
g.
: 10.0.3.3
Adv rtr
rn in
Ls id
: E
seq#
: 80000001
chksum
: 0x4cf3
Net mask : 255.255.255.255 Tos 0 metric: 1 Priority : Low Area: 0.0.0.1
:/ /l
Link State Database
ea
: Sum-Net
hu a
Link State Database
Type
[R1]display ospf lsdb asbr
ht tp
OSPF Process 1 with Router ID 10.0.1.1 Area: 0.0.0.0
Link State Database
: Sum-Asbr
Ls id
: 10.0.3.3
Adv rtr
:
Type
: 10.0.1.1
: 591 : 28
取
Ls age Len
Options
料 获
seq#
chksum
: E
: 80000001 : 0x3e01
Tos 0 metric: 1 Area: 0.0.0.1 Link State Database
资 多 更
HC Series
cn
co m/
HCDA-HNTD Chapter 4 OSPF Configuration
HUAWEI TECHNOLOGIES
Page97
cn co m/
HCDA-HNTD Chapter 4 OSPF Configuration [R1]display ospf lsdb ase 172.16.0.0
OSPF Process 1 with Router ID 10.0.1.1
Ls id
: 172.16.0.0
Adv rtr
: 10.0.3.3
Ls age
: 607
Len
: 36 : E
seq#
: 80000001
chksum
: 0xf70c
g.
Options
we
: External
hu a
Type
i.
Link State Database
Net mask : 255.255.255.0 TOS 0 Metric: 1 : 2
rn in
E type
Forwarding Address : 0.0.0.0 Tag
: 1
ea
Priority : Low
Step 5 Configure OSPF authentication and verify
:/ /l
the configuration.
Configure S1/0/0 on R1 in interface authentication mode, use the plain text, and set the password to Huawei.
ht tp
[R1]interface Serial 1/0/0
[R1-Serial1/0/0]ospf authentication-mode simple plain huawei
On R1, check the neighbor status.
:
[R1]display ospf peer brief
取
OSPF Process 1 with Router ID 10.0.1.1 Peer Statistic Information
---------------------------------------------------------------------------Interface
0.0.0.1
GigabitEthernet0/0/0
料 获
Area Id
Neighbor id 10.0.3.3
State Full
----------------------------------------------------------------------------
更
多
资
R1 and R2 cannot establish an OSPF neighbor relationship because they
Page98
HUAWEI TECHNOLOGIES
HC Series
use different OSPF authentication modes.
Configure S1/0/0 on R2 in interface authentication mode, use the plain text, and set the password to Huawei.
i.
[R2]interface Serial 1/0/0
we
[R2-Serial1/0/0]ospf authentication-mode simple plain huawei
On R1, check the neighbor status.
hu a
[R1]display ospf peer brief OSPF Process 1 with Router ID 10.0.1.1 Peer Statistic Information
---------------------------------------------------------------------------Interface
Neighbor id
State
0.0.0.0
Serial1/0/0
10.0.2.2
Full
0.0.0.1
GigabitEthernet0/0/0
g.
Area Id
Full
rn in
10.0.3.3
----------------------------------------------------------------------------
R1 and R2 can reestablish an OSPF neighbor relationship because they use the same authentication modes and passwords.
[R1-ospf-1]area 1
:/ /l
ea
Configure area authentication, MD5 encryption, and password Huawei in cipher text in area 1 on R1. [R1]ospf 1
[R1-ospf-1-area-0.0.0.1]authentication-mode md5 1 cipher huawei
ht tp
On R1, check the neighbor status. [R1]display ospf peer brief
OSPF Process 1 with Router ID 10.0.1.1
:
Peer Statistic Information ---------------------------------------------------------------------------Area Id
取
0.0.0.0
Interface
Neighbor id
State
Serial1/0/0
10.0.2.2
Full
料 获
----------------------------------------------------------------------------
R1 and R3 cannot establish an OSPF neighbor relationship because they use different OSPF authentication modes.
资
Configure area authentication, MD5 encryption, and password Huawei in cipher text in area 1 on R3.
更
多
[R3]ospf 1
HC Series
cn
co m/
HCDA-HNTD Chapter 4 OSPF Configuration
HUAWEI TECHNOLOGIES
Page99
cn co m/
HCDA-HNTD Chapter 4 OSPF Configuration [R3-ospf-1]area 1 [R3-ospf-1-area-0.0.0.1]authentication-mode md5 1 cipher huawei
On R1, check the neighbor status.
i.
[R1]display ospf peer brief
we
OSPF Process 1 with Router ID 10.0.1.1 Peer Statistic Information
hu a
---------------------------------------------------------------------------Area Id
Interface
Neighbor id
State
0.0.0.0
Serial1/0/0
10.0.2.2
Full
0.0.0.1
GigabitEthernet0/0/0
10.0.3.3
Full
g.
----------------------------------------------------------------------------
rn in
R1 and R3 can reestablish an OSPF neighbor relationship because they use the same authentication modes and passwords.
10.0.3.0/24 O_ASE
150 1
10.0.3.3/32 OSPF
:/ /l
Information in step 4:
ea
Additional Exercises: Analyzing and Verifying
10
1563
D
D
10.0.12.1
Serial1/0/0
10.0.12.1
Serial1/0/0
The preceding routes have the same source interface, Loopback0 on R3. Other routers learn two routes. Does this lead to any problem and how to solve this problem?
ht tp
Analyze Type4 LSA generation, transfer, and conversion.
Final Configurations
:
[R1]display current-configuration [V200R001C01SPC300]
取
# sysname R1 #
料 获
interface Serial1/0/0 link-protocol ppp ip address 10.0.12.1 255.255.255.0 ospf authentication-mode simple plain huawei
#
更
多
资
interface GigabitEthernet0/0/0
Page100
HUAWEI TECHNOLOGIES
HC Series
ip address 10.0.13.1 255.255.255.0 # interface LoopBack0 ip address 10.0.1.1 255.255.255.0
ospf 1 router-id 10.0.1.1 area 0.0.0.0 network 10.0.12.0 0.0.0.255 area 0.0.0.1
hu a
authentication-mode md5 1 cipher gg^dP=F.[>=H)H2[EInB~.2#
we
i.
#
network 10.0.13.0 0.0.0.255 network 10.0.1.0 0.0.0.255
g.
#
# sysname R2 # interface Serial1/0/0 link-protocol ppp
:/ /l
ip address 10.0.12.2 255.255.255.0
ea
[V200R001C01SPC300]
rn in
return
[R2]display current-configuration
ospf authentication-mode simple plain huawei # interface LoopBack0
ht tp
ip address 10.0.2.2 255.255.255.0 #
ospf 1 router-id 10.0.2.2 area 0.0.0.0
network 10.0.12.0 0.0.0.255 network 10.0.2.0 0.0.0.255
:
#
取
return
[R3]display current-configuration
料 获
[V200R001C01SPC300] #
sysname R3
#
interface GigabitEthernet0/0/0
资
ip address 10.0.13.3 255.255.255.0
更
多
#
HC Series
cn
co m/
HCDA-HNTD Chapter 4 OSPF Configuration
HUAWEI TECHNOLOGIES
Page101
cn co m/
HCDA-HNTD Chapter 4 OSPF Configuration interface LoopBack0 ip address 10.0.3.3 255.255.255.0 # interface LoopBack2
ospf 1 router-id 10.0.3.3 import-route direct area 0.0.0.1
hu a
authentication-mode md5 1 cipher gg^dP=F.[>=H)H2[EInB~.2#
we
i.
ip address 172.16.0.1 255.255.255.0 #
network 10.0.3.0 0.0.0.255 network 10.0.13.0 0.0.0.255
g.
#
更
多
资
料 获
取
:
ht tp
:/ /l
ea
rn in
return
Page102
HUAWEI TECHNOLOGIES
HC Series
Chapter 5 RIP and OSPF Route Import
Learning Objectives
Route import advantages Method used to import OSPF routes to RIP Method used to import RIP routes to OSPF
g.
x x x
hu a
The objectives of this lab are to learn and understand:
we
i.
Lab 5-1 RIP and OSPF Route Import
Figure 5.1 Topology for OSPF and RIP route import
更
多
资
料 获
取
:
ht tp
:/ /l
ea
rn in
Topology
HC Series
HUAWEI TECHNOLOGIES
cn
co m/
HCDA-HNTD Chapter 5 RIP and OSPF Route Import
Page103
cn co m/
HCDA-HNTD Chapter 5 RIP and OSPF Route Import
Scenario
Tasks
system-view
[Huawei]sysname R1 [R1]interface serial 1/0/0 [R1-Serial1/0/0]ip address 10.0.12.1 24
rn in
Enter system view, return user view with Ctrl+Z.
g.
Step 1 Configure IP addresses for interfaces.
hu a
we
i.
Assume that you are a network administrator of a company, and the company network uses RIPv2 and OSPF. RIP needs to import OSPF routes and OSPF needs to import RIP routes to enable communication between RIP-enabled devices and OSPF-enabled devices. The metrics of different routing protocols are different.
ea
[R1-Serial1/0/0]interface GigabitEthernet 0/0/0
[R1-GigabitEthernet0/0/0]ip address 10.0.13.1 24 [R1-GigabitEthernet0/0/0]interface loopback 0
system-view
:/ /l
[R1-LoopBack0]ip address 10.0.1.1 24
Enter system view, return user view with Ctrl+Z. [Huawei]sysname R2
ht tp
[R2]interface serial1/0/0
[R2-Serial1/0/0]ip address 10.0.12.2 24 [R2-Serial1/0/0]interface loopback 0
:
[R2-LoopBack0]ip address 10.0.2.2 24
system-view
Enter system view, return user view with Ctrl+Z.
取
[Huawei]sysname R3
[R3]interface GigabitEthernet 0/0/0
料 获
[R3-GigabitEthernet0/0/0]ip address 10.0.13.3 24 [R3-GigabitEthernet0/0/0]interface loopback 0 [R3-LoopBack0]ip address 10.0.3.3 24 [R3-LoopBack0]interface loopback 2 [R3-LoopBack2]ip address 172.16.0.1 24
更
多
资
[R3-LoopBack2]interface LoopBack 3
Page104
HUAWEI TECHNOLOGIES
HC Series
[R3-LoopBack3]ip address 172.16.1.1 24 [R3-LoopBack3]interface LoopBack 4 [R3-LoopBack4]ip address 172.16.2.1 24 [R3-LoopBack4]interface LoopBack 5
we
i.
[R3-LoopBack5]ip address 172.16.3.1 24
hu a
Step 2 Configure OSPF and verify the OSPF configuration. Enable OSPF on R1 and R2 and add them to area 0. [R1]ospf 1 router-id 10.0.1.1
g.
[R1-ospf-1]area 0 [R1-ospf-1-area-0.0.0.0]network 10.0.12.0 0.0.0.255
rn in
[R2]ospf 1 router-id 10.0.2.2 [R2-ospf-1]area 0
[R2-ospf-1-area-0.0.0.0]network 10.0.12.0 0.0.0.255 [R2-ospf-1-area-0.0.0.0]network 10.0.2.0 0.0.0.255
:/ /l
ea
View routing tables of R1 and R2. The following information shows that R1 has learned a route to another network segment using OSPF. [R1]display ip routing-table protocol ospf Route Flags: R - relay, D - download to fib ---------------------------------------------------------------------------Public routing table : OSPF
Routes : 1
ht tp
Destinations : 1
OSPF routing table status : Destinations : 1
Proto
:
Destination/Mask
取
10.0.2.2/32 OSPF
Routes : 1
Pre Cost
10
1562
Flags NextHop
D
10.0.12.2
Interface
Serial1/0/0
OSPF routing table status :
料 获
Destinations : 0
Routes : 0
[R2]display ip routing-table protocol ospf
更
多
资
[R2]
R2 is directly connected to network segments in the OSPF area; therefore,
HC Series
cn
co m/
HCDA-HNTD Chapter 5 RIP and OSPF Route Import
HUAWEI TECHNOLOGIES
Page105
cn
R2 does not learn other routes using OSPF.
Step 3 Configure RIPv2 and verify the RIPv2 configuration.
co m/
HCDA-HNTD Chapter 5 RIP and OSPF Route Import
i.
Enable RIPv2 process 1 on R1, and specify the network segment 10.0.0.0 in RIP process 1.
we
[R1]rip 1 [R1-rip-1]version 2
hu a
[R1-rip-1]network 10.0.0.0
g.
Enable RIPv2 process 1 on R3, and specify network segments 172.16.0.0 and 10.0.0.0 in RIP process 1. [R3]rip 1
rn in
[R3-rip-1]version 2 [R3-rip-1]network 10.0.0.0 [R3-rip-1]network 172.16.0.0
ea
View routing tables of R1 and R3. The following information shows that R1 has learned the corresponding routes using RIP. [R1]display ip routing-table protocol rip
:/ /l
Route Flags: R - relay, D - download to fib
---------------------------------------------------------------------------Public routing table : RIP Destinations : 5
Routes : 5
ht tp
RIP routing table status : Destinations : 5
Destination/Mask 10.0.3.0/24 RIP
:
172.16.0.0/24 RIP
Proto
Routes : 5
Pre Cost
100 1
100 1
Flags NextHop
D
10.0.13.3 D
10.0.13.3
Interface
GigabitEthernet0/0/0 GigabitEthernet0/0/0
100 1
D
10.0.13.3
GigabitEthernet0/0/0
172.16.2.0/24 RIP
100 1
D
10.0.13.3
GigabitEthernet0/0/0
100 1
D
10.0.13.3
GigabitEthernet0/0/0
取
172.16.1.0/24 RIP
料 获
172.16.3.0/24 RIP
RIP routing table status : Destinations : 0
Routes : 0
[R3]display ip routing-table protocol rip
资
Route Flags: R - relay, D - download to fib
更
多
----------------------------------------------------------------------------
Page106
HUAWEI TECHNOLOGIES
HC Series
Public routing table : RIP Destinations : 2
Routes : 2
RIP routing table status :
Proto
10.0.1.0/24 RIP
Pre Cost
100 1
10.0.12.0/24 RIP
Flags NextHop
D
100 1
10.0.13.1 D
10.0.13.1
GigabitEthernet0/0/0
hu a
Routes : 0
RIPv2
and
OSPF
routes
verify
the
rn in
configuration.
and
g.
Step 4 Import
Interface
GigabitEthernet0/0/0
RIP routing table status : Destinations : 0
i.
Destination/Mask
Routes : 2
we
Destinations : 2
R2 and R3 do not learn routes from each other because they belong to different routing areas. On R1, import RIP routes into the OSPF routing table.
ea
[R1]ospf 1 [R1-ospf-1]import-route rip 1 cost 100
:/ /l
On R1, import OSPF routes into the RIP routing domain. [R1]rip 1
[R1-rip-1]import-route ospf 1 cost 1
ht tp
View the routing tables of R1, R2, and R3. [R1]display ip routing-table
Route Flags: R - relay, D - download to fib ----------------------------------------------------------------------------
:
Routing Tables: Public
Destinations : 20
取
Destination/Mask
Proto
Routes : 20
Pre Cost
资 多 更
Flags NextHop
Interface
0
D
10.0.1.1
10.0.1.1/32 Direct 0
0
D
127.0.0.1
InLoopBack0
10.0.1.255/32 Direct 0
0
D
127.0.0.1
InLoopBack0
1562 D
料 获
10.0.1.0/24 Direct 0
10.0.2.2/32 OSPF
10
10.0.3.0/24 RIP
100 1
cn
co m/
HCDA-HNTD Chapter 5 RIP and OSPF Route Import
LoopBack0
10.0.12.2
Serial1/0/0
D
10.0.13.3
GigabitEthernet0/0/0
10.0.12.0/24 Direct 0
0
D
10.0.12.1
Serial1/0/0
10.0.12.1/32 Direct 0
0
D
127.0.0.1
InLoopBack0
HC Series
HUAWEI TECHNOLOGIES
Page107
10.0.12.2/32 Direct 0
0
D
cn 10.0.12.2
Serial1/0/0
co m/
HCDA-HNTD Chapter 5 RIP and OSPF Route Import
10.0.12.255/32 Direct 0
0
D
127.0.0.1
InLoopBack0
10.0.13.0/24 Direct 0
0
D
10.0.13.1
GigabitEthernet0/0/0
10.0.13.1/32 Direct 0
0
D
127.0.0.1
InLoopBack0
D
127.0.0.1
InLoopBack0
0
D
127.0.0.1
InLoopBack0
127.0.0.1/32 Direct 0
0
D
127.0.0.1
InLoopBack0
D
127.0.0.1
InLoopBack0
D
10.0.13.3
GigabitEthernet0/0/0
127.255.255.255/32 Direct 0 172.16.0.0/24 RIP
0
100 1
i.
0
Direct 0
127.0.0.0/8
we
10.0.13.255/32 Direct 0
100 1
D
10.0.13.3
GigabitEthernet0/0/0
172.16.2.0/24 RIP
100 1
D
10.0.13.3
GigabitEthernet0/0/0
172.16.3.0/24 RIP
100 1
D
10.0.13.3
GigabitEthernet0/0/0
D
127.0.0.1
InLoopBack0
0
g.
255.255.255.255/32 Direct 0
hu a
172.16.1.0/24 RIP
rn in
The R1 routing table remains unchanged after route import. This is because R1 is located in both OSPF and RIP routing domains. Before routes are imported, R1 has learned all the routes. R2 and R3 have learned the following routes. [R2]display ip routing-table protocol ospf
ea
Route Flags: R - relay, D - download to fib
----------------------------------------------------------------------------
Destinations : 7
:/ /l
Public routing table : OSPF
Routes : 7
OSPF routing table status :
Routes : 7
ht tp
Destinations : 7
Destination/Mask
Proto
Pre Cost
Flags NextHop
Interface
10.0.1.0/24 O_ASE
150 100
D
10.0.12.1
Serial1/0/0
10.0.3.0/24 O_ASE
150 100
D
10.0.12.1
Serial1/0/0
150 100
D
10.0.12.1
Serial1/0/0
150 100
D
10.0.12.1
Serial1/0/0
172.16.1.0/24 O_ASE
:
10.0.13.0/24 O_ASE
172.16.0.0/24 O_ASE
D
10.0.12.1
Serial1/0/0
150 100
D
10.0.12.1
Serial1/0/0
172.16.3.0/24 O_ASE
150 100
D
10.0.12.1
Serial1/0/0
料 获
取
150 100
172.16.2.0/24 O_ASE
OSPF routing table status : Destinations : 0
Routes : 0
[R3]display ip routing-table protocol rip
资
Route Flags: R - relay, D - download to fib
更
多
---------------------------------------------------------------------------Page108
HUAWEI TECHNOLOGIES
HC Series
Public routing table : RIP Destinations : 3
Routes : 3
RIP routing table status :
Proto
Pre Cost
Flags NextHop
Interface
10.0.1.0/24 RIP
100 1
10.0.13.1
GigabitEthernet0/0/0
10.0.2.2/32 RIP
100 2
D
10.0.13.1
GigabitEthernet0/0/0
10.0.12.0/24 RIP
100 1
D
10.0.13.1
GigabitEthernet0/0/0
hu a
D
i.
Destination/Mask
Routes : 3
we
Destinations : 3
Routes : 0
g.
RIP routing table status : Destinations : 0
rn in
Test network connectivity. On R2, run the ping command specifying the source address. [R2]ping -a 10.0.2.2 10.0.3.3
PING 10.0.3.3: 56 data bytes, press CTRL_C to break
ea
Reply from 10.0.3.3: bytes=56 Sequence=1 ttl=254 time=43 ms Reply from 10.0.3.3: bytes=56 Sequence=2 ttl=254 time=41 ms Reply from 10.0.3.3: bytes=56 Sequence=3 ttl=254 time=40 ms
:/ /l
Reply from 10.0.3.3: bytes=56 Sequence=4 ttl=254 time=41 ms Reply from 10.0.3.3: bytes=56 Sequence=5 ttl=254 time=41 ms
--- 10.0.3.3 ping statistics ---
ht tp
5 packet(s) transmitted 5 packet(s) received 0.00% packet loss
round-trip min/avg/max = 40/41/43 ms
:
[R2]ping -a 10.0.2.2 172.16.0.1 PING 172.16.0.1: 56 data bytes, press CTRL_C to break Reply from 172.16.0.1: bytes=56 Sequence=1 ttl=254 time=43 ms
取
Reply from 172.16.0.1: bytes=56 Sequence=2 ttl=254 time=42 ms Reply from 172.16.0.1: bytes=56 Sequence=3 ttl=254 time=41 ms
料 获
Reply from 172.16.0.1: bytes=56 Sequence=4 ttl=254 time=41 ms Reply from 172.16.0.1: bytes=56 Sequence=5 ttl=254 time=41 ms
--- 172.16.0.1 ping statistics ---
更
多
资
5 packet(s) transmitted 5 packet(s) received
HC Series
cn
co m/
HCDA-HNTD Chapter 5 RIP and OSPF Route Import
HUAWEI TECHNOLOGIES
Page109
cn co m/
HCDA-HNTD Chapter 5 RIP and OSPF Route Import 0.00% packet loss round-trip min/avg/max = 41/41/43 ms
Configure RIP route aggregation on G0/0/0 of R3.
i.
[R3]interface GigabitEthernet 0/0/0
we
[R3-GigabitEthernet0/0/0]rip summary-address 172.16.0.0 255.255.252.0
hu a
View routing tables of R1 and R2 and compare routing tables in this step with the routing tables in step 3. [R1]display ip routing-table Route Flags: R - relay, D - download to fib
g.
---------------------------------------------------------------------------Routing Tables: Public Destinations : 17
Pre Cost
10.0.1.0/24 Direct 0
0
10.0.1.1/32 Direct 0
0
10.0.1.255/32 Direct 0
0
10.0.2.2/32 OSPF 10.0.3.0/24 RIP
10
1562
100 1
Flags NextHop
rn in
Proto
D 0
10.0.1.1
LoopBack0
D
127.0.0.1
InLoopBack0
D
127.0.0.1
InLoopBack0
D
10.0.12.2
Serial1/0/0
10.0.13.3 D
:/ /l
10.0.12.0/24 Direct 0
Interface
D
ea
Destination/Mask
Routes : 17
GigabitEthernet0/0/0
10.0.12.1
Serial1/0/0
10.0.12.1/32 Direct 0
0
D
127.0.0.1
InLoopBack0
10.0.12.2/32 Direct 0
0
D
10.0.12.2
Serial1/0/0
10.0.12.255/32 Direct 0
0
D
127.0.0.1
10.0.13.0/24 Direct 0
0
D
10.0.13.1
InLoopBack0 GigabitEthernet0/0/0
0
D
127.0.0.1
0
D
127.0.0.1
InLoopBack0
127.0.0.1
InLoopBack0
127.0.0.1
InLoopBack0
ht tp
10.0.13.1/32 Direct 0
10.0.13.255/32 Direct 0 127.0.0.0/8
Direct 0
0
127.0.0.1/32 Direct 0
0
127.255.255.255/32 Direct 0
:
172.16.0.0/22 RIP
D D 0
100 1
D
127.0.0.1
10.0.13.3
0
D
127.0.0.1
InLoopBack0 GigabitEthernet0/0/0 InLoopBack0
取
255.255.255.255/32 Direct 0
D
InLoopBack0
[R2]display ip routing-table protocol ospf
料 获
Route Flags: R - relay, D - download to fib ---------------------------------------------------------------------------Public routing table : OSPF Destinations : 4
Routes : 4
更
多
资
OSPF routing table status : Destinations : 4
Page110
Routes : 4
HUAWEI TECHNOLOGIES
HC Series
Destination/Mask
Proto
Pre Cost
Flags NextHop
Interface
10.0.1.0/24 O_ASE
150 100
D
10.0.12.1
Serial1/0/0
150 100
D
10.0.12.1
Serial1/0/0
150 100
D
10.0.12.1
Serial1/0/0
172.16.0.0/22 O_ASE
150 100
D
10.0.12.1
Serial1/0/0
we
i.
10.0.3.0/24 O_ASE 10.0.13.0/24 O_ASE
OSPF routing table status : Routes : 0
hu a
Destinations : 0
g.
R1 and R2 learn the aggregated route 172.16.0.0/22 but not the specific route 172.16.0.0/24.
rn in
Additional Exercises: Analyzing and Verifying
An external route refers to a route imported from another routing protocol. How do OSPF and RIP identify external routes? What is the difference between external routes and routes learned by a protocol? Which types of routes are more reliable?
ea
Can route aggregation be performed on R1?
ht tp
:/ /l
The default configurations are used for route import. Which parameters are optional when RIP routes are imported into OSPF? What are the functions of these parameters?
Final Configurations
[R1]display current-configuration [V200R001C01SPC300] #
:
sysname R1 #
interface Serial1/0/0
取
link-protocol ppp
ip address 10.0.12.1 255.255.255.0
料 获
#
interface GigabitEthernet0/0/0 ip address 10.0.13.1 255.255.255.0
#
资
interface LoopBack0 ip address 10.0.1.1 255.255.255.0
更
多
#
HC Series
HUAWEI TECHNOLOGIES
cn
co m/
HCDA-HNTD Chapter 5 RIP and OSPF Route Import
Page111
cn co m/
HCDA-HNTD Chapter 5 RIP and OSPF Route Import ospf 1 router-id 10.0.1.1 import-route rip 1 cost 100 area 0.0.0.0 network 10.0.12.0 0.0.0.255
i.
# rip 1
we
version 2 network 10.0.0.0 import-route ospf 1 cost 1
hu a
# return
g.
[R2]display current-configuration [V200R001C01SPC300]
# interface Serial1/0/0 link-protocol ppp ip address 10.0.12.2 255.255.255.0 # interface LoopBack0
# ospf 1 router-id 10.0.2.2 area 0.0.0.0
:/ /l
ip address 10.0.2.2 255.255.255.0
ea
sysname R2
rn in
#
network 10.0.12.0 0.0.0.255
ht tp
network 10.0.2.0 0.0.0.255 # return
[R3]display current-configuration
#
#
取
sysname R3
:
[V200R001C01SPC300]
料 获
interface GigabitEthernet0/0/0 ip address 10.0.13.3 255.255.255.0 rip summary-address 172.16.0.0 255.255.252.0
#
interface LoopBack0
资
ip address 10.0.3.3 255.255.255.0
更
多
#
Page112
HUAWEI TECHNOLOGIES
HC Series
interface LoopBack2 ip address 172.16.0.1 255.255.255.0 # interface LoopBack3
i.
ip address 172.16.1.1 255.255.255.0 #
we
interface LoopBack4 ip address 172.16.2.1 255.255.255.0 #
hu a
interface LoopBack5 ip address 172.16.3.1 255.255.255.0 #
g.
rip 1 version 2 network 10.0.0.0
rn in
network 172.16.0.0
更
多
资
料 获
取
:
ht tp
:/ /l
ea
#
HC Series
cn
co m/
HCDA-HNTD Chapter 5 RIP and OSPF Route Import
HUAWEI TECHNOLOGIES
Page113
cn co m/
HCDA-HNTD Chapter 6 Ethernet and STP
Learning Objectives
g.
x
Statistics on an Ethernet interface. Interface rate and duplex mode. Method used to configure the Ethernet interface rate and duplex mode. Method used to configure manual link aggregation.
rn in
x x x
hu a
The objectives of this lab are to learn and understand:
we
Lab 6-1 Ethernet Interface and Link Configuration
i.
Chapter 6 Ethernet and STP
ht tp
:/ /l
ea
Topology
Figure 6.1 Switch topology
:
Scenario
更
多
资
料 获
取
Assume that you are a network administrator of a company that has two Huawei S5700 switches. You need to commission the switches. The Ethernet interface rate and duplex mode will be tested.
Page114
HUAWEI TECHNOLOGIES
HC Series
Tasks
i.
Step 1 Perform basic configurations on Ethernet switches.
we
Auto-negotiation is enabled on Huawei switch interfaces by default. In this example, the rate and duplex mode of G0/0/9 and G0/0/10 on S1 and S2 are set manually.
hu a
Change the system name and view detailed information about G0/0/9 and G0/0/10 on S1. [Quidway]sysname S1 [S1]display interface GigabitEthernet 0/0/9
rn in
GigabitEthernet0/0/9 current state : UP
g.
system-view
Line protocol current state : UP
Description:HUAWEI, Quidway Series, GigabitEthernet0/0/9 Interface Switch Port,PVID :
1,The Maximum Frame Length is 1600
Speed : 1000, Loopback: NONE
Mdi
:/ /l
Duplex: FULL, Negotiation: ENABLE
ea
IP Sending Frames' Format is PKTFMT_ETHNT_2, Hardware address is 0018-82e1-aea6 Port Mode: COMMON COPPER
: AUTO
Last 300 seconds input rate 752 bits/sec, 0 packets/sec Last 300 seconds output rate 720 bits/sec, 0 packets/sec Input peak rate 1057259144 bits/sec,Record time: 2008-10-01 00:08:58
ht tp
Output peak rate 1057267232 bits/sec,Record time: 2008-10-01 00:08:58 Input: 11655141 packets, 960068100 bytes Unicast
:
Broadcast
: :
Jabbers Runts
:
:
:
取
Alignments Ignoreds
:
Discard
:
:
6643714,Jumbo 0,Giants
:
CRC
70,Multicast
5011357
: :
0 0
0,Throttles
:
0
0,DropEvents
:
0
:
0
0,Symbols 0,Frames 69,Total Error
: :
0 0
料 获
Output: 11652169 packets, 959869843 bytes Unicast
:
Broadcast
:
Collisions
:
0,Deferreds
:
0
:
0
0,ExcessiveCollisions:
Buffers Purged :
0
HC Series
5009016
:
Late Collisions:
资 多 更
345,Multicast 6642808,Jumbo
HUAWEI TECHNOLOGIES
cn
co m/
HCDA-HNTD Chapter 6 Ethernet and STP
0
Page115
Discard
:
cn 5,Total Error
:
0
Input bandwidth utilization threshold : 100.00% Output bandwidth utilization threshold: 100.00% Input bandwidth utilization : 0.01%
i.
Output bandwidth utilization : 0.00%
co m/
HCDA-HNTD Chapter 6 Ethernet and STP
we
[S1]display interface GigabitEthernet 0/0/10 GigabitEthernet0/0/10 current state : UP Line protocol current state : UP
Switch Port,PVID :
hu a
Description:HUAWEI, Quidway Series, GigabitEthernet0/0/10 Interface 1,The Maximum Frame Length is 1600
IP Sending Frames' Format is PKTFMT_ETHNT_2, Hardware address is 0018-82e1-aea6
g.
Port Mode: COMMON COPPER Speed : 1000, Loopback: NONE Duplex: FULL, Negotiation: ENABLE : AUTO
rn in
Mdi
Last 300 seconds input rate 1312 bits/sec, 0 packets/sec Last 300 seconds output rate 72 bits/sec, 0 packets/sec
Input peak rate 1057256792 bits/sec,Record time: 2008-10-01 00:08:58 Output peak rate 1057267296 bits/sec,Record time: 2008-10-01 00:08:58
:
Broadcast
: :
3,Giants
Jabbers
:
Runts
:
Alignments
:
Ignoreds
:
Discard
:
:
5009062
: :
0 0
0,Throttles
:
0
0,DropEvents
:
0
0,Symbols
0,Frames
ht tp
CRC
115,Multicast 6642648,Jumbo
:/ /l
Unicast
ea
Input: 11651829 packets, 959852817 bytes
: :
218,Total Error
:
4 0 7
Output: 11655280 packets, 960072712 bytes :
Broadcast
:
Collisions
:
:
Unicast
245,Multicast
6643751,Jumbo 0,Deferreds
:
0
:
0
0,ExcessiveCollisions:
Buffers Purged :
0
取
Late Collisions:
Discard
:
107,Total Error
5011284
:
:
0
0
料 获
Input bandwidth utilization threshold : 100.00% Output bandwidth utilization threshold: 100.00% Input bandwidth utilization : 0.01% Output bandwidth utilization : 0.00%
更
多
资
Set the rate of G0/0/9 and G0/0/10 on S1 to 100 Mbit/s and configure them
Page116
HUAWEI TECHNOLOGIES
HC Series
to work in full duplex mode. [S1]interface GigabitEthernet 0/0/9 [S1-GigabitEthernet0/0/9]undo negotiation auto [S1-GigabitEthernet0/0/9]speed 100
i.
[S1-GigabitEthernet0/0/9]duplex full [S1-GigabitEthernet0/0/9]quit
we
[S1]interface GigabitEthernet 0/0/10 [S1-GigabitEthernet0/0/10]undo negotiation auto
hu a
[S1-GigabitEthernet0/0/10]speed 100 [S1-GigabitEthernet0/0/10]duplex full
g.
Before changing the interface rate and duplex mode, disable auto-negotiation.
rn in
Set the rate of G0/0/9 and G0/0/10 on S2 to 100 Mbit/s and configure them to work in full duplex mode. system-view [Quidway]sysname S2 [S2]interface GigabitEthernet 0/0/9
ea
[S2-GigabitEthernet0/0/9]undo negotiation auto [S2-GigabitEthernet0/0/9]speed 100
:/ /l
[S2-GigabitEthernet0/0/9]duplex full [S2-GigabitEthernet0/0/9]quit
[S2]interface GigabitEthernet 0/0/10
[S2-GigabitEthernet0/0/10]undo negotiation auto [S2-GigabitEthernet0/0/10]speed 100
ht tp
[S2-GigabitEthernet0/0/10]duplex full
Verify the rate and duplex mode of G0/0/9 and G0/0/10 on S1. [S1]display interface GigabitEthernet 0/0/9
:
GigabitEthernet0/0/9 current state : UP Line protocol current state : UP
取
Description:HUAWEI, Quidway Series, GigabitEthernet0/0/9 Interface Switch Port,PVID :
1,The Maximum Frame Length is 1600
IP Sending Frames' Format is PKTFMT_ETHNT_2, Hardware address is 0018-82e1-aea6
料 获
Port Mode: COMMON COPPER Speed : 100, Loopback: NONE Duplex: FULL, Negotiation: DISABLE Mdi
: AUTO
更
多
资
……output omit……
HC Series
cn
co m/
HCDA-HNTD Chapter 6 Ethernet and STP
HUAWEI TECHNOLOGIES
Page117
cn
[S1]display interface GigabitEthernet 0/0/10 GigabitEthernet0/0/10 current state : UP Line protocol current state : UP Description:HUAWEI, Quidway Series, GigabitEthernet0/0/10 Interface 1,The Maximum Frame Length is 1600
i.
Switch Port,PVID :
co m/
HCDA-HNTD Chapter 6 Ethernet and STP
IP Sending Frames' Format is PKTFMT_ETHNT_2, Hardware address is 0018-82e1-aea6
we
Port Mode: COMMON COPPER Speed : 100, Loopback: NONE
Mdi
: AUTO
……output omit……
g.
Step 2 Configure manual link aggregation.
hu a
Duplex: FULL, Negotiation: DISABLE
rn in
Create Eth-Trunk 1 on S1 and S2. Delete the default configurations from G0/0/9 and G0/0/10 on S1 and S2, and then add G0/0/9 and G0/0/10 to Eth-Trunk 1. [S1]interface Eth-Trunk 1
[S1]interface GigabitEthernet 0/0/9
ea
[S1-Eth-Trunk1]quit
[S1-GigabitEthernet0/0/9]eth-trunk 1
:/ /l
[S1-GigabitEthernet0/0/9]interface GigabitEthernet 0/0/10 [S1-GigabitEthernet0/0/10]eth-trunk 1
[S2]interface Eth-Trunk 1
ht tp
[S2-Eth-Trunk1]quit
[S2]interface GigabitEthernet 0/0/9 [S2-GigabitEthernet0/0/9]eth-trunk 1 [S2-GigabitEthernet0/0/9]interface GigabitEthernet 0/0/10
:
[S2-GigabitEthernet0/0/10]eth-trunk 1
Verify the Eth-Trunk configuration.
取
[S1]display eth-trunk 1 Eth-Trunk1's state information is: WorkingMode: NORMAL
Hash arithmetic: According to MAC
料 获
Least Active-linknumber: 1 Max Bandwidth-affected-linknumber: 8 Operate status: up
Number Of Up Port In Trunk: 2
---------------------------------------------------------------------------PortName
资
GigabitEthernet0/0/9
更
多
GigabitEthernet0/0/10
Page118
Status
Weight
Up
1
Up
1
HUAWEI TECHNOLOGIES
HC Series
[S2]display eth-trunk 1 Eth-Trunk1's state information is: WorkingMode: NORMAL
Hash arithmetic: According to MAC
Number Of Up Port In Trunk: 2
i.
Least Active-linknumber: 1 Max Bandwidth-affected-linknumber: 8 Operate status: up
Weight
GigabitEthernet0/0/9
Up
1
GigabitEthernet0/0/10
Up
1
hu a
Status
we
---------------------------------------------------------------------------PortName
g.
The greyed lines in the preceding information indicate that the Eth-Trunk works properly.
rn in
Additional Exercises: Analyzing and Verifying
When auto-negotiation is enabled on switches, which protocol is used? What is the working principle?
#
:/ /l
[S1]display current-configuration
ea
Final Configurations
!Software Version V100R006C00SPC800 sysname S1 #
#
ht tp
interface Eth-Trunk1
interface GigabitEthernet0/0/9 eth-trunk 1
undo negotiation auto speed 100
:
#
interface GigabitEthernet0/0/10
取
eth-trunk 1
undo negotiation auto
料 获
speed 100 #
return
[S2]display current-configuration
更
多
资
#
!Software Version V100R006C00SPC800
HC Series
HUAWEI TECHNOLOGIES
cn
co m/
HCDA-HNTD Chapter 6 Ethernet and STP
Page119
cn co m/
HCDA-HNTD Chapter 6 Ethernet and STP sysname S2 # interface Eth-Trunk1 #
i.
interface GigabitEthernet0/0/9 eth-trunk 1
we
undo negotiation auto speed 100 #
hu a
interface GigabitEthernet0/0/10 eth-trunk 1 undo negotiation auto
g.
speed 100 #
更
多
资
料 获
取
:
ht tp
:/ /l
ea
rn in
return
Page120
HUAWEI TECHNOLOGIES
HC Series
i.
cn
co m/
HCDA-HNTD Chapter 6 Ethernet and STP
we
Lab 6-2 STP Configuration
hu a
Learning Objectives The objectives of this lab are to learn and understand:
x x
g.
Method used to enable and disable STP. Difference between STP modes. Method used to change the bridge priority to control root bridge election. Method used to change the port priority to control election of the root port and designated port. Method used to configure an edge port.
rn in
x x x
Figure 6.2 STP topology
更
多
资
料 获
取
:
ht tp
:/ /l
ea
Topology
HC Series
HUAWEI TECHNOLOGIES
Page121
cn co m/
HCDA-HNTD Chapter 6 Ethernet and STP
Scenario
we
i.
Assume that you are a network administrator of a company. The company network consists of two layers: core layer and access layer. The network uses a redundancy design. STP will be used to prevent loops. STP has different modes. You can set the bridge priority to control STP root bridge election, and configure features to speed up STP route convergence at the edge network.
hu a
Tasks
g.
Step 1 Configure STP and verify the STP configuration.
rn in
Irrelevant interfaces must be disabled to ensure test result accuracy. Shut down E0/0/1 on S3 before starting STP configuration. Ensure that the devices start without any configuration files. If STP is disabled, run the stp enable command to enable STP.
ea
In the lab, traditional STP is used. system-view
[Quidway]sysname S1 [S1]stp mode stp [S1]stp root secondary
ht tp
system-view
:/ /l
Enter system view, return user view with Ctrl+Z.
Enter system view, return user view with Ctrl+Z. [Quidway]sysname S2 [S2]stp mode stp
:
[S2]stp root primary
system-view
取
Enter system view, return user view with Ctrl+Z. [Quidway]sysname S3
料 获
[S3]stp mode stp
system-view Enter system view, return user view with Ctrl+Z. [Quidway]sysname S4
更
多
资
[S4]stp mode stp
Page122
HUAWEI TECHNOLOGIES
HC Series
Run the display stp brief command to view brief information about STP. [S1]display stp brief Protection
0
GigabitEthernet0/0/9
ROOT FORWARDING
NONE
0
GigabitEthernet0/0/10
ALTE DISCARDING
NONE
0
GigabitEthernet0/0/13
DESI FORWARDING
NONE
0
GigabitEthernet0/0/14
DESI FORWARDING
NONE
MSTID Port
Role STP State
hu a
[S2]display stp brief
Protection
GigabitEthernet0/0/9
DESI FORWARDING
NONE
0
GigabitEthernet0/0/10
DESI FORWARDING
NONE
0
GigabitEthernet0/0/23
DESI FORWARDING
0
GigabitEthernet0/0/24
DESI FORWARDING
g.
0
NONE NONE
rn in
[S3]display stp brief MSTID Port
Role STP State
Protection
Ethernet0/0/13
ALTE DISCARDING
NONE
Ethernet0/0/23
ROOT FORWARDING
NONE
ea
0 0
[S4]display stp brief
Role STP State
0
Ethernet0/0/14 Ethernet0/0/24
Protection
:/ /l
MSTID Port
0
i.
Role STP State
we
MSTID Port
ALTE DISCARDING
NONE
ROOT FORWARDING
NONE
ht tp
Run the display stp interface command to view the STP status of a port. [S1]display stp interface GigabitEthernet 0/0/10 ----[CIST][Port10(GigabitEthernet0/0/10)][DISCARDING]---Port Protocol
:enabled
:Alternate Port
:
Port Role Port Priority
:128 :Config=auto / Active=20000 :0.0018-82e1-aea6 / 128.10
取
Port Cost(Dot1T ) Desg. Bridge/Port Port Edged
:Config=default / Active=disabled :Config=auto / Active=true
Transit Limit
:147 packets/hello-time
料 获
Point-to-point
Protection Type
:None
Port Stp Mode
:STP
更
多
资
Port Protocol Type :Config=auto / Active=dot1s
PortTimes
HC Series
:Hello 2s MaxAge 20s FwDly 15s RemHop 0
HUAWEI TECHNOLOGIES
cn
co m/
HCDA-HNTD Chapter 6 Ethernet and STP
Page123
cn co m/
HCDA-HNTD Chapter 6 Ethernet and STP TC or TCN send :2 TC or TCN received :64 BPDU Sent
:24
TCN: 0, Config: 0, RST: 24, MST: 0 :350601
i.
BPDU Received
we
TCN: 0, Config: 0, RST: 350601, MST: 0
hu a
Step 2 Control root bridge election.
Run the display stp command to view information about the root bridge. [S2]display stp
CIST Bridge
:0
Bridge Times
:Hello 2s MaxAge 20s FwDly 15s MaxHop 20
CIST Root/ERPC
:0
.0018-82e1-aea6 / 0
CIST RegRoot/IRPC
:0
.0018-82e1-aea6 / 0
CIST RootPortId
:0.0 :disabled
CIST Root Type
:PRIMARY root
ea
BPDU-Protection
TC or TCN received :41
:Nomal
:/ /l
TC count per hello :0 STP Converge Mode
rn in
.0018-82e1-aea6
g.
-------[CIST Global Info][Mode STP]-------
Time since last TC :0 days 0h:1m:6s ĂĂoutput omitĂĂ
ht tp
Configure S2 as the root bridge and S1 as the backup root bridge. The device with the same value of CIST Bridge and CIST Root/ERPC is the root bridge.
:
A smaller bridge priority value indicates a higher bridge priority. Change the priorities of S1 and S2 to 4096 and 8192 respectively so that S1 becomes the root bridge.
取
[S1]undo stp root
料 获
[S1]stp priority 4096
[S2]undo stp root [S2]stp priority 8192
更
多
资
Run the display stp command to view information about the new root bridge.
Page124
HUAWEI TECHNOLOGIES
HC Series
[S1]display stp -------[CIST Global Info][Mode STP]------:4096 .0018-82e1-aea6
Bridge Times
:Hello 2s MaxAge 20s FwDly 15s MaxHop 20
CIST Root/ERPC
:4096 .0018-82e1-aea6 / 0
CIST RegRoot/IRPC
:4096 .0018-82e1-aea6 / 0
CIST RootPortId
:0.0
BPDU-Protection
:disabled
we
i.
CIST Bridge
TC or TCN received :62
STP Converge Mode
hu a
TC count per hello :0 :Nomal
Time since last TC :0 days 0h:0m:3s
g.
ĂĂoutput omitĂĂ
rn in
[S2]display stp -------[CIST Global Info][Mode STP]------CIST Bridge
:8192 .0018-82e1-ae82
Bridge Times
:Hello 2s MaxAge 20s FwDly 15s MaxHop 20
CIST Root/ERPC
:4096 .0018-82e1-aea6 / 20000 :8192 .0018-82e1-ae82 / 0
CIST RootPortId
:128.9
BPDU-Protection
:disabled
TC count per hello :2 STP Converge Mode
:Nomal
:/ /l
TC or TCN received :174
ea
CIST RegRoot/IRPC
Time since last TC :0 days 0h:0m:1s
ht tp
ĂĂoutput omitĂĂ
The greyed lines in the preceding information indicate that S1 has become the new root bridge.
:
Shut down G0/0/9, G0/0/10, G0/0/13, and G0/0/14 on S1 to isolate S1. [S1]interface GigabitEthernet 0/0/9
取
[S1-GigabitEthernet0/0/9]shutdown [S1-GigabitEthernet0/0/9]interface GigabitEthernet 0/0/10
料 获
[S1-GigabitEthernet0/0/10]shutdown [S1-GigabitEthernet0/0/10]interface GigabitEthernet 0/0/13 [S1-GigabitEthernet0/0/13]shutdown [S1-GigabitEthernet0/0/13]interface GigabitEthernet 0/0/14
更
多
资
[S1-GigabitEthernet0/0/14]shutdown
HC Series
HUAWEI TECHNOLOGIES
cn
co m/
HCDA-HNTD Chapter 6 Ethernet and STP
Page125
cn co m/
HCDA-HNTD Chapter 6 Ethernet and STP [S2]display stp -------[CIST Global Info][Mode STP]------:8192 .0018-82e1-ae82
Bridge Times
:Hello 2s MaxAge 20s FwDly 15s MaxHop 20
CIST Root/ERPC
:8192 .0018-82e1-ae82 / 0
CIST RegRoot/IRPC
:8192 .0018-82e1-ae82 / 0
CIST RootPortId
:0.0
BPDU-Protection
:disabled
we
i.
CIST Bridge
TC or TCN received :197
STP Converge Mode
hu a
TC count per hello :0 :Nomal
Time since last TC :0 days 0h:0m:3s
g.
ĂĂoutput omitĂĂ
Start the shutdown interfaces on S1. [S1]interface GigabitEthernet 0/0/9
ea
[S1-GigabitEthernet0/0/9]undo shutdown
rn in
The greyed lines in the preceding information indicate that S2 becomes the root bridge when S1 is faulty.
[S1-GigabitEthernet0/0/9]interface GigabitEthernet 0/0/10 [S1-GigabitEthernet0/0/10]undo shutdown
:/ /l
[S1-GigabitEthernet0/0/10]interface GigabitEthernet 0/0/13 [S1-GigabitEthernet0/0/13]undo shutdown
[S1-GigabitEthernet0/0/13]interface GigabitEthernet 0/0/14
[S1]display stp
ht tp
[S1-GigabitEthernet0/0/14]undo shutdown
-------[CIST Global Info][Mode STP]------CIST Bridge Bridge Times
:Hello 2s MaxAge 20s FwDly 15s MaxHop 20 :4096 .0018-82e1-aea6 / 0
:
CIST Root/ERPC
:4096 .0018-82e1-aea6
:4096 .0018-82e1-aea6 / 0
CIST RootPortId
:0.0
BPDU-Protection
:disabled
取
CIST RegRoot/IRPC
TC or TCN received :63
料 获
TC count per hello :0 STP Converge Mode
:Nomal
Time since last TC :0 days 0h:1m:6s
资
ĂĂoutput omitĂĂ
更
多
[S2]display stp
Page126
HUAWEI TECHNOLOGIES
HC Series
-------[CIST Global Info][Mode STP]------CIST Bridge
:8192 .0018-82e1-ae82
Bridge Times
:Hello 2s MaxAge 20s FwDly 15s MaxHop 20
CIST Root/ERPC
:4096 .0018-82e1-aea6 / 20000 :8192 .0018-82e1-ae82 / 0
CIST RootPortId
:128.9
BPDU-Protection
:disabled
we
i.
CIST RegRoot/IRPC
TC or TCN received :251 TC count per hello :0 :Nomal
hu a
STP Converge Mode
Time since last TC :0 days 0h:0m:1s
g.
ĂĂoutput omitĂĂ
ea
rn in
The greyed lines in the preceding information indicate that S1 has restored and became the root bridge.
Step 3 Control root port election.
Run the display stp brief command on S2 to view the roles of interfaces.
:/ /l
[S2]display stp brief MSTID Port
Role STP State
Protection
GigabitEthernet0/0/9
ROOT FORWARDING
NONE
0
GigabitEthernet0/0/10
ALTE DISCARDING
NONE
0
GigabitEthernet0/0/23
DESI FORWARDING
NONE
0
GigabitEthernet0/0/24
DESI FORWARDING
NONE
ht tp
0
:
The preceding information shows that G0/0/9 is the root port and G0/0/10 is the alternate port. You can change port priorities so that G0/0/10 becomes the root port and G0/0/9 becomes the alternate port. Change priorities of G0/0/9 and G0/0/10 on S1.
料 获
取
The default port priority is 128. A larger port priority value indicates a lower priority. The priorities of G0/0/9 and G0/0/10 on S1 are set to 32 and 16; therefore, G0/0/10 on S2 becomes the root port. [S1]interface GigabitEthernet 0/0/9 [S1-GigabitEthernet0/0/9]stp port priority 32 [S1-GigabitEthernet0/0/9]interface GigabitEthernet 0/0/10
更
多
资
[S1-GigabitEthernet0/0/10]stp port priority 16
HC Series
HUAWEI TECHNOLOGIES
cn
co m/
HCDA-HNTD Chapter 6 Ethernet and STP
Page127
cn co m/
HCDA-HNTD Chapter 6 Ethernet and STP
Note that the port priorities are changed on S1, not S2. [S1]display stp interface GigabitEthernet 0/0/9 ----[CIST][Port9(GigabitEthernet0/0/9)][FORWARDING]---Port Protocol
:enabled :Designated Port
Port Priority
i.
Port Role
:32 :Config=auto / Active=20000
Desg. Bridge/Port
:4096.0018-82e1-aea6 / 32.9
Point-to-point
:Config=auto / Active=true
Transit Limit
:147 packets/hello-time
Protection Type
:None
Port Stp Mode
:STP
Port Protocol Type :Config=auto / Active=dot1s
:Hello 2s MaxAge 20s FwDly 15s RemHop 20
rn in
PortTimes
hu a
:Config=default / Active=disabled
g.
Port Edged
we
Port Cost(Dot1T )
TC or TCN send :0 TC or TCN received :0 BPDU Sent
:229
TCN: 0, Config: 229, RST: 0, MST: 0 :3
ea
BPDU Received
TCN: 1, Config: 2, RST: 0, MST: 0
:/ /l
[S1]display stp interface GigabitEthernet 0/0/10 ----[CIST][Port10(GigabitEthernet0/0/10)][FORWARDING]---Port Protocol
:enabled
Port Role
:Designated Port :16
ht tp
Port Priority Port Cost(Dot1T )
:Config=auto / Active=20000
Desg. Bridge/Port
:4096.0018-82e1-aea6 / 16.10
Port Edged
:Config=default / Active=disabled
Point-to-point
:147 packets/hello-time
:
Transit Limit
:Config=auto / Active=true
Protection Type
:None
Port Stp Mode
:STP
取
Port Protocol Type :Config=auto / Active=dot1s PortTimes
:Hello 2s MaxAge 20s FwDly 15s RemHop 20
料 获
TC or TCN send :0 TC or TCN received :0
BPDU Sent
:210
TCN: 0, Config: 210, RST: 0, MST: 0
更
多
资
BPDU Received
:3
TCN: 1, Config: 2, RST: 0, MST: 0
Page128
HUAWEI TECHNOLOGIES
HC Series
Run the display stp brief command on S2 to view the role of interfaces.. [S2]display stp brief Protection
GigabitEthernet0/0/9
ALTE DISCARDING
NONE
0
GigabitEthernet0/0/10
ROOT FORWARDING
NONE
0
GigabitEthernet0/0/23
DESI FORWARDING
NONE
0
GigabitEthernet0/0/24
DESI FORWARDING
NONE
hu a
0
i.
Role STP State
we
MSTID Port
The greyed lines in the preceding information indicate that G0/0/10 on S2 has become the root port and G0/0/9 has become the alternate port.
g.
Shut down G0/0/10 on S2 and view the port roles. [S2]interface GigabitEthernet 0/0/10
rn in
[S2-GigabitEthernet0/0/10]shutdown display stp brief MSTID Port 0
Role STP State
GigabitEthernet0/0/9
Protection
ROOT FORWARDING
NONE
GigabitEthernet0/0/23
DESI FORWARDING
NONE
0
GigabitEthernet0/0/24
DESI FORWARDING
NONE
ea
0
:/ /l
The greyed line in the preceding information indicates that G0/0/9 has become the root port.
ht tp
Step 4 Configure an edge port.
:
Configure ports connected to the user terminals as edge ports. An edge port can transition to the forwarding state without participating in the STP calculation. In this example, E0/0/3 and E0/0/4 on S3 are configured as edge ports. [S3]interface Ethernet0/0/3
取
[S3-Ethernet0/0/3]stp edged-port enable [S3-Ethernet0/0/3]interface Ethernet0/0/4
料 获
[S3-Ethernet0/0/4]stp edged-port enable
更
多
资
After the configurations are complete, connect the network cable of a computer to E0/0/3 on S3 and run the display stp brief command to view the port status. You can see that E0/0/2 enters the Āforwardingā state immediately.
HC Series
HUAWEI TECHNOLOGIES
cn
co m/
HCDA-HNTD Chapter 6 Ethernet and STP
Page129
cn co m/
HCDA-HNTD Chapter 6 Ethernet and STP
we
Additional Exercises: Analyzing and Verifying
i.
When the network cable of the computer is connected to a non-edge port such as E0/0/5, the port enters the Āforwardingā state about 30s after the link becomes Up.
hu a
Why does root bridge election need to be controlled? How is root bridge election controlled?
g.
What is the transition process when a port changes from the blocking state to the forwarding state? How much time does the transition process take?
Final Configurations [S1]display current-configuration #
ea
!Software Version V100R006C00SPC800
rn in
Which method can be used to accelerate STP route convergence?
sysname S1
:/ /l
# vlan batch 1 # stp mode stp
stp instance 0 priority 4096
ht tp
stp enable #
interface GigabitEthernet0/0/9
stp instance 0 port priority 32
ndp enable
:
ntdp enable
bpdu enable
取
#
interface GigabitEthernet0/0/10 stp instance 0 port priority 16
料 获
ntdp enable ndp enable bpdu enable
#
更
多
资
interface GigabitEthernet0/0/13 ntdp enable
Page130
HUAWEI TECHNOLOGIES
HC Series
ndp enable bpdu enable # interface GigabitEthernet0/0/14
i.
ntdp enable ndp enable
we
bpdu enable #
hu a
return
[S2]display current-configuration
g.
# !Software Version V100R006C00SPC800 sysname S2
rn in
# vlan batch 1 # stp mode stp stp instance 0 priority 8192
ea
stp enable #
:/ /l
interface GigabitEthernet0/0/9 ntdp enable ndp enable bpdu enable #
shutdown
ndp enable bpdu enable
:
#
ht tp
interface GigabitEthernet0/0/10
ntdp enable
interface GigabitEthernet0/0/23
取
ntdp enable ndp enable
料 获
bpdu enable #
interface GigabitEthernet0/0/24 ntdp enable ndp enable
资
bpdu enable
更
多
#
HC Series
cn
co m/
HCDA-HNTD Chapter 6 Ethernet and STP
HUAWEI TECHNOLOGIES
Page131
cn co m/
HCDA-HNTD Chapter 6 Ethernet and STP return
[S3]display current-configuration #
i.
!Software Version V100R006C00SPC800 sysname S3
we
# stp mode stp stp enable
hu a
# interface Ethernet0/0/1 shutdown
g.
bpdu enable #
interface Ethernet0/0/3
stp edged-port enable
rn in
bpdu enable # interface Ethernet0/0/4 stp edged-port enable bpdu enable
ea
# interface Ethernet0/0/13
# interface Ethernet0/0/23 bpdu enable #
ht tp
return
:/ /l
bpdu enable
[S4]display current-configuration #
sysname S4 #
:
!Software Version V100R005C01SPC100
取
stp mode stp stp enable
料 获
#
interface Ethernet0/0/1 bpdu enable
#
interface Ethernet0/0/14
资
bpdu enable
更
多
#
Page132
HUAWEI TECHNOLOGIES
HC Series
interface Ethernet0/0/24 bpdu enable #
更
多
资
料 获
取
:
ht tp
:/ /l
ea
rn in
g.
hu a
we
i.
return
HC Series
cn
co m/
HCDA-HNTD Chapter 6 Ethernet and STP
HUAWEI TECHNOLOGIES
Page133
cn co m/
HCDA-HNTD Chapter 6 Ethernet and STP
Lab 6-3 VLAN Configuration
hu a
VLAN functions. VLAN security. VLAN configurations. Access port and trunk port configuration. Method used to add a port to a VLAN. Hybrid port configuration.
g.
x x x x x x
we
The objectives of this lab are to learn and understand:
i.
Learning Objectives
ht tp
:/ /l
ea
rn in
Topology
Figure 6.3 VLAN topology
:
Scenario
更
多
资
料 获
取
Assume that you are a network administrator of a company and need to configure VLANs on the network. Your company has two switches. You need to configure VLANs and relevant features.
Page134
HUAWEI TECHNOLOGIES
HC Series
Tasks
i.
Step 1 Configure an Eth-Trunk.
we
Irrelevant interfaces must be disabled to ensure test result accuracy.
hu a
In this lab, Ethernet0/0/1 and Ethernet0/0/23 on S3 and Ethernet0/0/14 on S4 need to be shut down.
g.
Two links exist between S1 and S2. If STP is enabled, one link will be disabled, which wastes bandwidth. If STP is not used, loops may occur. In this situation, you can configure an Eth-Trunk.
rn in
Before configuring an Eth-Trunk, delete the original configurations on the member interfaces. You can add physical interfaces to an Eth-Trunk in the interface view or in the Eth-Trunk view. On S1, add interfaces to an Eth-Trunk in the interface view.
ea
system-view [Quidway]sysname S1
[S1-Eth-Trunk1]quit
:/ /l
[S1]interface eth-trunk 1
[S1]interface gigabitethernet0/0/9
[S1-Gigabitethernet0/0/9]eth-trunk 1
[S1-Gigabitethernet0/0/9]interface gigabitethernet0/0/10
ht tp
[S1-Gigabitethernet0/0/10]eth-trunk 1
On S2, add interfaces to an Eth-Trunk in the Eth-Trunk view. system-view
:
[Quidway]sysname S2
[S2]interface eth-trunk 1 [S2-Eth-Trunk1]trunkport GigabitEthernet 0/0/9
料 获
取
[S2-Eth-Trunk1]trunkport GigabitEthernet 0/0/10
By default, the link type of a interface is hybrid. You can change the link type to trunk. By default, a interface of trunk type rejects data from any VLANs.
资
[S1]interface Eth-Trunk 1
更
多
[S1-Eth-Trunk1]port link-type trunk HC Series
cn
co m/
HCDA-HNTD Chapter 6 Ethernet and STP
HUAWEI TECHNOLOGIES
Page135
cn co m/
HCDA-HNTD Chapter 6 Ethernet and STP [S1-Eth-Trunk1]port trunk allow-pass vlan all
[S2]interface Eth-Trunk 1 [S2-Eth-Trunk1]port link-type trunk
i.
[S2-Eth-Trunk1]port trunk allow-pass vlan all
we
Step 2 Configure VLANs.
hu a
Use S3, R1, R3, and S4 as hosts to perform the VLAN configuration. S3 belongs to VLAN 3, R1 and R3 belong to VLAN 4, and S4 belongs to VLAN 5. There are two methods to configure VLANs with consecutive IDs.
g.
There are two methods to define mapping between VLANs and interfaces.
rn in
[S1]interface GigabitEthernet0/0/13 [S1-GigabitEthernet0/0/13]port link-type access
[S1-GigabitEthernet0/0/13]interface GigabitEthernet0/0/1 [S1-GigabitEthernet0/0/1]port link-type access [S1-GigabitEthernet0/0/1]vlan 3
[S1-vlan3]vlan 4
[S1-vlan4]vlan 5
[S2]vlan batch 3 to 5
:/ /l
[S1-vlan4]port GigabitEthernet0/0/1
ea
[S1-vlan3]port GigabitEthernet0/0/13
[S2]interface GigabitEthernet 0/0/3
ht tp
[S2-GigabitEthernet0/0/3]port link-type access [S2-GigabitEthernet0/0/3]port default vlan 4 [S2-GigabitEthernet0/0/3]interface GigabitEthernet 0/0/24 [S2-GigabitEthernet0/0/24]port link-type access
:
[S2-GigabitEthernet0/0/24]port default vlan 5
取
Step 3 Plan IP addresses. Use S3, R1, R3, and S4 as clients to perform the VLAN configuration.
料 获
Configure IP addresses for interfaces. Physical interfaces on switches cannot be configured with IP addresses, so VLANIF 1 is assigned an IP address.
system-view
更
多
资
[Quidway]sysname S3
Page136
HUAWEI TECHNOLOGIES
HC Series
[S3]interface vlanif 1 [S3-vlanif1]ip address 10.0.3.3 24
system-view
i.
[Huawei]sysname R1 [R1]interface GigabitEthernet0/0/1
we
[R1-GigabitEthernet0/0/1]ip address 10.0.4.1 24
system-view
hu a
[Huawei]sysname R3 [R3]interface GigabitEthernet0/0/2
g.
[R3-GigabitEthernet0/0/2]ip address 10.0.4.3 24
system-view
[S4-vlanif1]ip address 10.0.5.4 24
ea
Step 4 Perform a test.
rn in
[Quidway]sysname S4 [S4]interface vlanif 1
:/ /l
Run the ping command. R1 and R3 in VLAN 4 can communicate with each other, and devices in different VLANs cannot communicate. [R3]ping 10.0.4.1
PING 10.0.4.1: 56 data bytes, press CTRL_C to break Reply from 10.0.4.1: bytes=56 Sequence=1 ttl=255 time=6 ms Reply from 10.0.4.1: bytes=56 Sequence=2 ttl=255 time=2 ms
ht tp
Reply from 10.0.4.1: bytes=56 Sequence=3 ttl=255 time=2 ms Reply from 10.0.4.1: bytes=56 Sequence=4 ttl=255 time=2 ms Reply from 10.0.4.1: bytes=56 Sequence=5 ttl=255 time=2 ms
:
--- 10.0.4.1 ping statistics --5 packet(s) transmitted 5 packet(s) received
取
0.00% packet loss
料 获
round-trip min/avg/max = 2/2/6 ms
Test communication between R1 and S3, and between R3 and S4.
资
Configure a management address for each VLAN on S1. By doing this, S1 connects to three clients that belong to VLAN 3, VLAN 4, and VLAN 5 respectively.
更
多
[S1]interface Vlanif 3 HC Series
cn
co m/
HCDA-HNTD Chapter 6 Ethernet and STP
HUAWEI TECHNOLOGIES
Page137
cn co m/
HCDA-HNTD Chapter 6 Ethernet and STP [S1-Vlanif3]ip address 10.0.3.11 24 [S1-Vlanif3]interface Vlanif 4 [S1-Vlanif4]ip address 10.0.4.11 24 [S1-Vlanif4]interface Vlanif 5
i.
[S1-Vlanif5]ip address 10.0.5.11 24
we
After the configurations are complete, test communication between clients in VLANs on S1. PING 10.0.3.3: 56 data bytes, press CTRL_C to break
hu a
[S1]ping 10.0.3.3
Reply from 10.0.3.3: bytes=56 Sequence=1 ttl=255 time=10 ms Reply from 10.0.3.3: bytes=56 Sequence=2 ttl=255 time=1 ms
g.
Reply from 10.0.3.3: bytes=56 Sequence=3 ttl=255 time=1 ms Reply from 10.0.3.3: bytes=56 Sequence=4 ttl=255 time=1 ms
rn in
Reply from 10.0.3.3: bytes=56 Sequence=5 ttl=255 time=10 ms
--- 10.0.3.3 ping statistics --5 packet(s) transmitted 5 packet(s) received
ea
0.00% packet loss
[S1]ping 10.0.4.1
:/ /l
round-trip min/avg/max = 1/4/10 ms
PING 10.0.4.1: 56 data bytes, press CTRL_C to break Reply from 10.0.4.1: bytes=56 Sequence=1 ttl=255 time=1 ms Reply from 10.0.4.1: bytes=56 Sequence=2 ttl=255 time=1 ms
ht tp
Reply from 10.0.4.1: bytes=56 Sequence=3 ttl=255 time=1 ms Reply from 10.0.4.1: bytes=56 Sequence=4 ttl=255 time=1 ms Reply from 10.0.4.1: bytes=56 Sequence=5 ttl=255 time=1 ms
--- 10.0.4.1 ping statistics ---
:
5 packet(s) transmitted 5 packet(s) received 0.00% packet loss
取
round-trip min/avg/max = 1/1/1 ms
料 获
[S1]ping 10.0.4.3 PING 10.0.4.3: 56 data bytes, press CTRL_C to break Reply from 10.0.4.3: bytes=56 Sequence=1 ttl=255 time=1 ms Reply from 10.0.4.3: bytes=56 Sequence=2 ttl=255 time=1 ms
更
多
资
Reply from 10.0.4.3: bytes=56 Sequence=3 ttl=255 time=1 ms Reply from 10.0.4.3: bytes=56 Sequence=4 ttl=255 time=1 ms
Page138
HUAWEI TECHNOLOGIES
HC Series
Reply from 10.0.4.3: bytes=56 Sequence=5 ttl=255 time=1 ms
--- 10.0.4.3 ping statistics --5 packet(s) transmitted
i.
5 packet(s) received 0.00% packet loss
we
round-trip min/avg/max = 1/1/1 ms
PING 10.0.5.4: 56 data bytes, press CTRL_C to break
hu a
[S1]ping 10.0.5.4
Reply from 10.0.5.4: bytes=56 Sequence=1 ttl=255 time=1 ms
Reply from 10.0.5.4: bytes=56 Sequence=2 ttl=255 time=1 ms
g.
Reply from 10.0.5.4: bytes=56 Sequence=3 ttl=255 time=1 ms Reply from 10.0.5.4: bytes=56 Sequence=4 ttl=255 time=1 ms
5 packet(s) transmitted 5 packet(s) received 0.00% packet loss
ea
round-trip min/avg/max = 1/1/1 ms
rn in
Reply from 10.0.5.4: bytes=56 Sequence=5 ttl=255 time=1 ms
--- 10.0.5.4 ping statistics ---
:/ /l
Step 5 Configure a hybrid interface.
ht tp
A hybrid interface is similar to a trunk interface, but it allows users in different VLANs to communicate if these users are on the same network segment. Change IP addresses of S3 and R3. [S3]interface Vlanif 1
:
[S3-Vlanif1]ip address 10.0.6.3 24
[R3]interface GigabitEthernet 0/0/2
取
[R3-GigabitEthernet0/0/2]ip address 10.0.6.4 24
料 获
Set the link type of G0/0/13 on S1 to hybrid and configure VLAN 3 as its default VLAN. Add G0/0/13 to VLAN 3 and VLAN 4 in untagged mode. Before changing the interface type, delete any existing configuration on the interface.
[S1]interface GigabitEthernet0/0/13 [S1-GigabitEthernet0/0/13]undo port default vlan
更
多
资
[S1-GigabitEthernet0/0/13]port link-type hybrid
HC Series
HUAWEI TECHNOLOGIES
cn
co m/
HCDA-HNTD Chapter 6 Ethernet and STP
Page139
cn co m/
HCDA-HNTD Chapter 6 Ethernet and STP [S1-GigabitEthernet0/0/13]port hybrid pvid vlan 3 [S1-GigabitEthernet0/0/13]port hybrid untagged vlan 3 to 4
i.
Set the link type of G0/0/3 on S2 to hybrid and configure VLAN 4 as its default VLAN. Add G0/03 to VLAN 3 and VLAN 4 in untagged mode. [S2]interface GigabitEthernet0/0/3
we
[S2-GigabitEthernet0/0/3]undo port default vlan [S2-GigabitEthernet0/0/3]port link-type hybrid
hu a
[S2-GigabitEthernet0/0/3]port hybrid pvid vlan 4 [S2-GigabitEthernet0/0/3]port hybrid untagged vlan 3 to 4
g.
S3 and R3 can communicate even though they are located in different network segments. [S3]ping 10.0.6.4
rn in
PING 10.0.6.4: 56 data bytes, press CTRL_C to break
Reply from 10.0.6.4: bytes=56 Sequence=1 ttl=255 time=1 ms Reply from 10.0.6.4: bytes=56 Sequence=2 ttl=255 time=1 ms Reply from 10.0.6.4: bytes=56 Sequence=3 ttl=255 time=1 ms Reply from 10.0.6.4: bytes=56 Sequence=4 ttl=255 time=1 ms
:/ /l
--- 10.0.6.4 ping statistics ---
ea
Reply from 10.0.6.4: bytes=56 Sequence=5 ttl=255 time=1 ms
5 packet(s) transmitted 5 packet(s) received 0.00% packet loss
ht tp
round-trip min/avg/max = 1/1/1 ms
Additional Exercises: Analyzing and Verifying
:
In which scenario is a hybrid interface used?
取
Final Configurations
料 获
[S1]display current-configuration #
!Software Version V100R006C00SPC800
sysname S1 #
更
多
资
vlan batch 1 3 to 5
Page140
HUAWEI TECHNOLOGIES
HC Series
# interface Vlanif1 # interface Vlanif3
i.
ip address 10.0.3.11 255.255.255.0 #
we
interface Vlanif4 ip address 10.0.4.11 255.255.255.0 #
hu a
interface Vlanif5 ip address 10.0.5.11 255.255.255.0 #
g.
interface MEth0/0/1 #
port link-type trunk port trunk allow-pass vlan 2 to 4094
# interface GigabitEthernet0/0/1
ea
port link-type access
rn in
interface Eth-Trunk1
bpdu enable
port default vlan 4
:/ /l
ntdp enable ndp enable bpdu enable #
ht tp
interface GigabitEthernet0/0/9 eth-trunk 1
undo ntdp enable undo ndp enable #
interface GigabitEthernet0/0/10
:
eth-trunk 1
undo ntdp enable
取
undo ndp enable #
料 获
interface GigabitEthernet0/0/13 port hybrid pvid vlan 3 port hybrid untagged vlan 3 to 4
ntdp enable ndp enable
资
bpdu enable
更
多
#
HC Series
cn
co m/
HCDA-HNTD Chapter 6 Ethernet and STP
HUAWEI TECHNOLOGIES
Page141
cn co m/
HCDA-HNTD Chapter 6 Ethernet and STP interface NULL0 # return
i.
[S2]display current-configuration #
we
!Software Version V100R006C00SPC800 sysname S2 #
hu a
vlan batch 1 3 to 5 # interface Vlanif1
g.
# interface MEth0/0/1
interface Eth-Trunk1 port link-type trunk
bpdu enable # interface GigabitEthernet0/0/3 port hybrid pvid vlan 4
:/ /l
port hybrid untagged vlan 3 to 4
ea
port trunk allow-pass vlan 2 to 4094
rn in
#
ntdp enable ndp enable bpdu enable #
eth-trunk 1
ht tp
interface GigabitEthernet0/0/9
undo ntdp enable undo ndp enable #
:
interface GigabitEthernet0/0/10 eth-trunk 1
取
undo ntdp enable undo ndp enable
料 获
#
interface GigabitEthernet0/0/24 port link-type access port default vlan 5
ntdp enable
更
多
资
ndp enable bpdu enable
Page142
HUAWEI TECHNOLOGIES
HC Series
# return
[S3]display current-configuration
i.
# !Software Version V100R006C00SPC800
we
sysname S3 # interface Vlanif1
hu a
ip address 10.0.6.3 255.255.255.0 # interface Ethernet0/0/13
g.
bpdu enable #
!Software Version V100R006C00SPC800 sysname S4 # interface Vlanif1
# interface Ethernet0/0/24 bpdu enable #
ht tp
return
:/ /l
ip address 10.0.5.4 255.255.255.0
ea
#
rn in
return
[S4]display current-configuration
[R1]display current-configuration [V200R001C01SPC300]
sysname R1 #
:
#
取
interface GigabitEthernet0/0/1 ip address 10.0.4.1 255.255.255.0
料 获
# return
[R3]display current-configuration [V200R001C01SPC300]
更
多
资
#
sysname R3
HC Series
cn
co m/
HCDA-HNTD Chapter 6 Ethernet and STP
HUAWEI TECHNOLOGIES
Page143
cn co m/
HCDA-HNTD Chapter 6 Ethernet and STP # interface GigabitEthernet0/0/2 ip address 10.0.6.4 255.255.255.0 #
更
多
资
料 获
取
:
ht tp
:/ /l
ea
rn in
g.
hu a
we
i.
return
Page144
HUAWEI TECHNOLOGIES
HC Series
Chapter 7 Layer3 Configuration and VRRP
Learning Objectives
g.
x x x
Layer 3 switching advantages. Similarities and differences between Layer 3 switching and Layer 3 routing. Method of configuring VLANIF interfaces. Method of configuring communication between VLANs. Method of configuring Open Shortest Path First (OSPF) between VLANIF interfaces.
rn in
x x
hu a
The objectives of this lab are to learn and understand:
we
i.
Lab 7-1 Configuring Layer 3 Switching
:
ht tp
:/ /l
ea
:UVURUM_
取
Figure 7.1 Lab topology of Layer 3 switching
料 获
Scenario
更
多
资
Assume that you are a network administrator of a company and the current network of your company has four users: S3, R1, R3, and S4. The users belong to different virtual local area networks (VLANs). S3 belongs to VLAN 3, R1 belongs to VLAN 4, R3 belongs to VLAN 6, and S4 belongs to VLAN 7.
HC Series
HUAWEI TECHNOLOGIES
cn
co m/
HCDA-HNTD Chapter 7 Layer3 Configuration and VRRP
Page145
cn co m/
HCDA-HNTD Chapter 7 Layer3 Configuration and VRRP
Users in these VLANs can communicate with each other. S1 and S2 communicate with each other through a Layer 3 link, so routing protocols are used.
we
i.
:GYQY
Step 1 Configure the links between S1 and S2 as Eth-Trunk
hu a
links.
Irrelevant interfaces must be disabled to ensure test result accuracy.
rn in
g.
In this example, Ethernet0/0/1 and Ethernet0/0/23 of S3 and Ethernet0/0/14 of S4 must be disabled. system-view [Quidway]sysname S1 [S1]interface Eth-Trunk 1 [S1-Eth-Trunk1]quit
ea
[S1]interface GigabitEthernet 0/0/9 [S1-GigabitEthernet0/0/9]eth-trunk 1
[S1-GigabitEthernet0/0/9]interface GigabitEthernet 0/0/10
system-view [Quidway]sysname S2
ht tp
[S2]interface Eth-Trunk 1
:/ /l
[S1-GigabitEthernet0/0/10]eth-trunk 1
[S2-Eth-Trunk1]quit
[S2]interface GigabitEthernet 0/0/9 [S2-GigabitEthernet0/0/9]eth-trunk 1 [S2-GigabitEthernet0/0/9]interface GigabitEthernet 0/0/10
:
[S2-GigabitEthernet0/0/10]eth-trunk 1
取
Step 2 Configure VLAN 3 to VLAN 7 in batches for S1 and S2.
料 获
[S1]vlan batch 3 to 7
[S2]vlan batch 3 to 7
资
Check the creation of VLANs.
更
多
[S1]display vlan
Page146
HUAWEI TECHNOLOGIES
HC Series
The total number of vlans is : 6
---------------------------------------------------------------------------U: Up;
D: Down;
TG: Tagged;
MP: Vlan-mapping;
UT: Untagged;
ST: Vlan-stacking; *: Management-vlan;
i.
#: ProtocolTransparent-vlan;
we
----------------------------------------------------------------------------
VID Type
Ports
---------------------------------------------------------------------------
4
common
5
common
6
common
7
common
GE0/0/4(D)
GE0/0/6(D)
GE0/0/7(D)
GE0/0/8(D)
GE0/0/9(U)
GE0/0/10(U)
GE0/0/11(D)
GE0/0/13(U)
GE0/0/14(U)
GE0/0/15(D)
GE0/0/17(D)
GE0/0/18(D)
GE0/0/19(D)
GE0/0/20(D)
GE0/0/21(U)
GE0/0/22(U)
GE0/0/23(U)
GE0/0/24(D)
GE0/0/12(D) GE0/0/16(D)
g.
common
GE0/0/3(U)
GE0/0/5(D)
rn in
3
GE0/0/2(U)
hu a
common UT:GE0/0/1(U)
ea
1
VID Status Property
MAC-LRN Statistics Description
:/ /l
--------------------------------------------------------------------------enable default
enable disable
VLAN 0001
3
enable default
enable disable
VLAN 0003
4
enable default
enable disable
VLAN 0004
5
enable default
enable disable
VLAN 0005
6
enable default
enable disable
VLAN 0006
7
enable default
enable disable
VLAN 0007
ht tp
1
[S2]display vlan
:
The total number of vlans is : 6 ---------------------------------------------------------------------------U: Up;
D: Down;
取
MP: Vlan-mapping;
#: ProtocolTransparent-vlan;
TG: Tagged;
UT: Untagged;
ST: Vlan-stacking; *: Management-vlan;
料 获
----------------------------------------------------------------------------
VID Type
Ports
---------------------------------------------------------------------------common UT:GE0/0/1(U)
更
多
资
1
HC Series
GE0/0/2(U)
GE0/0/3(U)
GE0/0/4(D)
GE0/0/5(D)
GE0/0/6(D)
GE0/0/7(D)
GE0/0/8(D)
GE0/0/9(U)
GE0/0/10(U)
GE0/0/11(D)
GE0/0/12(D)
HUAWEI TECHNOLOGIES
cn
co m/
HCDA-HNTD Chapter 7 Layer3 Configuration and VRRP
Page147
common
5
common
6
common
7
common
cn GE0/0/16(D)
GE0/0/17(D)
GE0/0/18(D)
GE0/0/19(D)
GE0/0/20(D)
GE0/0/21(D)
GE0/0/22(D)
GE0/0/23(U)
GE0/0/24(U)
i.
4
GE0/0/15(D)
VID Status Property
MAC-LRN Statistics Description
we
common
GE0/0/14(D)
hu a
3
GE0/0/13(D)
co m/
HCDA-HNTD Chapter 7 Layer3 Configuration and VRRP
---------------------------------------------------------------------------enable default
enable disable
VLAN 0001
3
enable default
enable disable
VLAN 0003
4
enable default
enable disable
VLAN 0004
5
enable default
enable disable
VLAN 0005
6
enable default
enable disable
VLAN 0006
7
enable default
enable disable
rn in
g.
1
VLAN 0007
ea
Step 3 Set the types of Eth-Trunk links between S1 and S2 to
:/ /l
access. The links belong to VLAN 5. Add G0/0/1 and G0/0/13 of S1 to VLAN 4 and VLAN 3 respectively, and add G0/0/3 and G0/0/24 of S2 to VLAN 6 and VLAN 7 respectively. [S1]interface Eth-Trunk 1
[S1-Eth-Trunk1]port link-type access
ht tp
[S1-Eth-Trunk1]port default vlan 5
[S1-Eth-Trunk1]interface GigabitEthernet 0/0/1 [S1-GigabitEthernet0/0/1]port link-type access [S1-GigabitEthernet0/0/1]port default vlan 4
:
[S1-GigabitEthernet0/0/1]interface GigabitEthernet 0/0/13 [S1-GigabitEthernet0/0/13]port link-type access
取
[S1-GigabitEthernet0/0/13]port default vlan 3
[S2]interface Eth-Trunk 1
料 获
[S2-Eth-Trunk1]port link-type access [S2-Eth-Trunk1]port default vlan 5 [S2-Eth-Trunk1]interface GigabitEthernet 0/0/3 [S2-GigabitEthernet0/0/3]port link-type access [S2-GigabitEthernet0/0/3]port default vlan 6
更
多
资
[S2-GigabitEthernet0/0/3]interface GigabitEthernet 0/0/24
Page148
HUAWEI TECHNOLOGIES
HC Series
[S2-GigabitEthernet0/0/24]port link-type access [S2-GigabitEthernet0/0/24]port default vlan 7
i.
Step 4 Configure gateway IP addresses for the VLANs of S1
we
and S2.
hu a
S1 provides gateway services for VLAN 3 to VLAN 5, while S2 provides gateway services for VLAN 5 to VLAN 7. Therefore, configure IP addresses for VLANIF 3, VLANIF 4, and VLANIF 5 on S1, and configure IP addresses for VLANIF 5, VLANIF 6, and VLANIF 7 on S2.
g.
[S1]interface Vlanif 3 [S1-Vlanif3]ip address 10.0.3.1 24
rn in
[S1-Vlanif3]interface Vlanif 4 [S1-Vlanif4]ip address 10.0.4.1 24 [S1-Vlanif4]interface Vlanif 5 [S1-Vlanif5]ip address 10.0.5.1 24
[S2-Vlanif5]ip address 10.0.5.2 24 [S2-Vlanif5]interface Vlanif 6
:/ /l
[S2-Vlanif6]ip address 10.0.6.1 24
ea
[S2]interface Vlanif 5
[S2-Vlanif6]interface Vlanif 7
[S2-Vlanif7]ip address 10.0.7.1 24
ht tp
Step 5 Configure IP addresses and default routes for S3, R1, R3, and S4.
:
system-view [Quidway]sysname S3
[S3]interface Vlanif 1
取
[S3-Vlanif1]ip address 10.0.3.33 24 [S3-Vlanif1]quit
料 获
[S3]ip route-static 0.0.0.0 0 10.0.3.1
更
多
资
Note: Physical interfaces on switches cannot be configured with IP addresses, so IP addresses are configured for VLANIF interfaces. S3 belongs to VLAN 3 on S1; however, E0/0/13 on S3 belongs to VLAN 1. In this case, configure an IP address for VLANIF 1 on S3 so that S3 belongs to VLAN 3.
HC Series
cn
co m/
HCDA-HNTD Chapter 7 Layer3 Configuration and VRRP
HUAWEI TECHNOLOGIES
Page149
cn co m/
HCDA-HNTD Chapter 7 Layer3 Configuration and VRRP
The configuration of S4 is similar. system-view [Huawei]sysname R1 [R1]interface GigabitEthernet 0/0/1
i.
[R1-GigabitEthernet0/0/1]ip address 10.0.4.11 24 [R1-GigabitEthernet0/0/1]quit
we
[R1]ip route-static 0.0.0.0 0 10.0.4.1
hu a
system-view [Huawei]sysname R3 [R3]interface GigabitEthernet 0/0/2 [R3-GigabitEthernet0/0/2]ip address 10.0.6.33 24
g.
[R3-GigabitEthernet0/0/2]quit
rn in
[R3]ip route-static 0.0.0.0 0 10.0.6.1
system-view [Quidway]sysname S4 [S4]interface Vlanif 1 [S4-Vlanif1]ip address 10.0.7.44 24
ea
[S4-Vlanif1]quit
:/ /l
[S4]ip route-static 0.0.0.0 0 10.0.7.1
Step 6 Test connectivity between VLAN 3 and VLAN 4. Test connectivity between S3 and R1.
ht tp
[R1]ping 10.0.3.33
PING 10.0.3.33: 56 data bytes, press CTRL_C to break Reply from 10.0.3.33: bytes=56 Sequence=1 ttl=254 time=16 ms Reply from 10.0.3.33: bytes=56 Sequence=2 ttl=254 time=5 ms Reply from 10.0.3.33: bytes=56 Sequence=3 ttl=254 time=4 ms
:
Reply from 10.0.3.33: bytes=56 Sequence=4 ttl=254 time=4 ms
取
Reply from 10.0.3.33: bytes=56 Sequence=5 ttl=254 time=4 ms
--- 10.0.3.33 ping statistics --5 packet(s) transmitted
料 获
5 packet(s) received 0.00% packet loss round-trip min/avg/max = 4/6/16 ms
更
多
资
Test connectivity between R3 and R1.
Page150
HUAWEI TECHNOLOGIES
HC Series
[R1]ping 10.0.6.33 PING 10.0.6.33: 56 data bytes, press CTRL_C to break Request time out Request time out
i.
Request time out Request time out
we
Request time out
--- 10.0.6.33 ping statistics ---
hu a
5 packet(s) transmitted 0 packet(s) received 100.00% packet loss
rn in
g.
R1 and R3 fail to communicate with each other. Run the tracert command to troubleshoot the fault: [R1]tracert 10.0.6.33
traceroute to 10.0.6.33(10.0.6.33), max hops: 30 ,packet length: 40,press CTRL_C to break 1 10.0.4.1 62 ms 4 ms 4 ms
ea
2 * * *
:/ /l
According to the command output, R1 has sent the data packet to the destination address 10.0.6.33, but the gateway at 10.0.4.1 responds that the network is unreachable.
ht tp
Then check whether the network is unreachable on the gateway (S1). [S1]display ip routing-table
Route Flags: R - relay, D - download to fib ---------------------------------------------------------------------------Routing Tables: Public
Routes : 8
:
Destinations : 8
Proto Pre Cost
取
Destination/Mask
0
D
10.0.3.1
Vlanif3
10.0.3.1/32 Direct 0
0
D
127.0.0.1
InLoopBack0 Vlanif4
料 获 资 多
Interface
10.0.3.0/24 Direct 0
10.0.4.0/24 Direct 0
0
D
10.0.4.1
10.0.4.1/32 Direct 0
0
D
127.0.0.1
InLoopBack0
10.0.5.0/24 Direct 0
0
D
10.0.5.1
Vlanif5
10.0.5.1/32 Direct 0
更
Flags NextHop
127.0.0.0/8
HC Series
Direct 0
0
D
127.0.0.1
InLoopBack0
0
D
127.0.0.1
InLoopBack0
HUAWEI TECHNOLOGIES
cn
co m/
HCDA-HNTD Chapter 7 Layer3 Configuration and VRRP
Page151
127.0.0.1/32 Direct 0
0
D
cn 127.0.0.1
InLoopBack0
co m/
HCDA-HNTD Chapter 7 Layer3 Configuration and VRRP
we
i.
According to the command output, S1 does not have a route to the network segment 10.0.6.0 because the network segment is not directly connected to S1. In addition, no static route or dynamic routing protocol is configured.
[S1]ospf 1 [S2-ospf-1]area 0 [S1-ospf-1-area-0.0.0.0]network 10.0.0.0 0.255.255.255
g.
hu a
Step 7 Enable OSPF on S1 and S2.
rn in
[S2]ospf 1 [S2-ospf-1]area 0
[S2-ospf-1-area-0.0.0.0]network 10.0.0.0 0.255.255.255
ea
After the configuration, wait until S1 and S2 exchange OSPF routes. View the routing table of S1.
:/ /l
[S1]display ip routing-table
Route Flags: R - relay, D - download to fib ---------------------------------------------------------------------------Routing Tables: Public
Routes : 10
ht tp
Destinations : 10
Destination/Mask
Proto Pre Cost
Flags NextHop
Interface
0
D
10.0.3.1
10.0.3.1/32 Direct 0
0
D
127.0.0.1
InLoopBack0
10.0.4.0/24 Direct 0
0
D
10.0.4.1
Vlanif4
10.0.4.1/32 Direct 0
0
D
127.0.0.1
InLoopBack0
10.0.5.0/24 Direct 0
0
D
10.0.5.1
Vlanif5
取
:
10.0.3.0/24 Direct 0
Vlanif3
0
D
127.0.0.1
InLoopBack0
10.0.6.0/24 OSPF
10
2
D
10.0.5.2
Vlanif5
10.0.7.0/24 OSPF
10
2
D
10.0.5.2
Vlanif5
Direct 0
0
D
127.0.0.1
InLoopBack0
127.0.0.1/32 Direct 0
0
D
127.0.0.1
InLoopBack0
料 获
10.0.5.1/32 Direct 0
127.0.0.0/8
更
多
资
S1 has learned two routes using OSPF.
Page152
HUAWEI TECHNOLOGIES
HC Series
Test connectivity between R1 and R3. [R1]ping 10.0.6.33 PING 10.0.6.33: 56 data bytes, press CTRL_C to break
Reply from 10.0.6.33: bytes=56 Sequence=3 ttl=253 time=2 ms
we
Reply from 10.0.6.33: bytes=56 Sequence=4 ttl=253 time=2 ms
i.
Reply from 10.0.6.33: bytes=56 Sequence=1 ttl=253 time=8 ms Reply from 10.0.6.33: bytes=56 Sequence=2 ttl=253 time=2 ms
hu a
Reply from 10.0.6.33: bytes=56 Sequence=5 ttl=253 time=2 ms
--- 10.0.6.33 ping statistics --5 packet(s) transmitted 5 packet(s) received
g.
0.00% packet loss
rn in
round-trip min/avg/max = 2/3/8 ms
[R1]ping 10.0.7.44
PING 10.0.7.44: 56 data bytes, press CTRL_C to break
Reply from 10.0.7.44: bytes=56 Sequence=1 ttl=252 time=12 ms Reply from 10.0.7.44: bytes=56 Sequence=2 ttl=253 time=4 ms
ea
Reply from 10.0.7.44: bytes=56 Sequence=3 ttl=253 time=4 ms Reply from 10.0.7.44: bytes=56 Sequence=4 ttl=253 time=4 ms
:/ /l
Reply from 10.0.7.44: bytes=56 Sequence=5 ttl=253 time=4 ms
--- 10.0.7.44 ping statistics --5 packet(s) transmitted 5 packet(s) received
ht tp
0.00% packet loss
round-trip min/avg/max = 4/5/12 ms
:
Additional Exercises: Analyzing and Verifying
更
多
资
料 获
取
If the links between S1 and S2 are trunk links, can users in VLANs communicate with each other without using any routing protocols?
HC Series
HUAWEI TECHNOLOGIES
cn
co m/
HCDA-HNTD Chapter 7 Layer3 Configuration and VRRP
Page153
cn g.
hu a
we
i.
co m/
HCDA-HNTD Chapter 7 Layer3 Configuration and VRRP
[S1]display current-configuration # !Software Version V100R006C00SPC800
ea
sysname S1 #
interface Vlanif1 # interface Vlanif3
:/ /l
vlan batch 1 3 to 7 #
rn in
,OTGR)UTLOM[XGZOUTY
ht tp
ip address 10.0.3.1 255.255.255.0 #
interface Vlanif4
ip address 10.0.4.1 255.255.255.0 #
:
interface Vlanif5
ip address 10.0.5.1 255.255.255.0 #
#
取
interface MEth0/0/1
料 获
interface Eth-Trunk1 port link-type access port default vlan 5
#
更
多
资
interface GigabitEthernet0/0/1 port link-type access
Page154
HUAWEI TECHNOLOGIES
HC Series
port default vlan 4 ntdp enable ndp enable bpdu enable
i.
# interface GigabitEthernet0/0/9
we
eth-trunk 1 undo ntdp enable undo ndp enable
hu a
# interface GigabitEthernet0/0/10 eth-trunk 1
g.
undo ntdp enable undo ndp enable #
rn in
interface GigabitEthernet0/0/13 port link-type access port default vlan 3 ntdp enable ndp enable
ea
bpdu enable #
:/ /l
ospf 1 area 0.0.0.0
network 10.0.0.0 0.255.255.255 #
ht tp
return
[S2]display current-configuration #
!Software Version V100R006C00SPC800 sysname S2
:
#
vlan batch 1 3 to 7
取
#
interface Vlanif1
料 获
#
interface Vlanif5 ip address 10.0.5.2 255.255.255.0
#
interface Vlanif6
资
ip address 10.0.6.1 255.255.255.0
更
多
#
HC Series
cn
co m/
HCDA-HNTD Chapter 7 Layer3 Configuration and VRRP
HUAWEI TECHNOLOGIES
Page155
cn co m/
HCDA-HNTD Chapter 7 Layer3 Configuration and VRRP interface Vlanif7 ip address 10.0.7.1 255.255.255.0 # interface MEth0/0/1
i.
# interface Eth-Trunk1
we
port link-type access port default vlan 5 #
hu a
interface GigabitEthernet0/0/3 port link-type access port default vlan 6
g.
ntdp enable ndp enable bpdu enable
rn in
# interface GigabitEthernet0/0/9 eth-trunk 1 undo ntdp enable undo ndp enable
ea
# interface GigabitEthernet0/0/10
undo ntdp enable undo ndp enable #
:/ /l
eth-trunk 1
interface GigabitEthernet0/0/24
ht tp
port link-type access port default vlan 7 ntdp enable ndp enable bpdu enable
:
# ospf 1
取
area 0.0.0.0
network 10.0.0.0 0.255.255.255
料 获
# return
[S3]display current-configuration #
更
多
资
!Software Version V100R006C00SPC800 sysname S3
Page156
HUAWEI TECHNOLOGIES
HC Series
# interface Vlanif1 ip address 10.0.3.33 255.255.255.0 #
i.
interface Ethernet0/0/13 bpdu enable
we
# ip route-static 0.0.0.0 0.0.0.0 10.0.3.1 #
hu a
return
[S4]display current-configuration
g.
# !Software Version V100R006C00SPC800
interface Vlanif1 ip address 10.0.7.44 255.255.255.0 # interface Ethernet0/0/24
ea
bpdu enable
rn in
sysname S4 #
#
return
:/ /l
ip route-static 0.0.0.0 0.0.0.0 10.0.7.1 #
[R1]display current-configuration
ht tp
[V200R001C01SPC300] # sysname R1 #
interface GigabitEthernet0/0/1
:
ip address 10.0.4.11 255.255.255.0 #
料 获
return
取
ip route-static 0.0.0.0 0.0.0.0 10.0.4.1 #
[R3]display current-configuration [V200R001C01SPC300] #
资
sysname R3
更
多
#
HC Series
cn
co m/
HCDA-HNTD Chapter 7 Layer3 Configuration and VRRP
HUAWEI TECHNOLOGIES
Page157
cn co m/
HCDA-HNTD Chapter 7 Layer3 Configuration and VRRP interface GigabitEthernet0/0/2 ip address 10.0.6.33 255.255.255.0 # ip route-static 0.0.0.0 0.0.0.0 10.0.6.1
i.
#
更
多
资
料 获
取
:
ht tp
:/ /l
ea
rn in
g.
hu a
we
return
Page158
HUAWEI TECHNOLOGIES
HC Series
Lab 7-2 Configuring the VRRP
hu a
Functions of load balancing. Working principles of the Virtual Router Redundancy Protocol (VRRP). Method of configuring one VRRP group on a Layer 3 switching network. Method of configuring VRRP authentication. Method of configuring VRRP to trace the interface status. Method of using VRRP to implement load balancing.
g.
x x x
we
The objectives of this lab are to learn and understand:
i.
Learning Objectives
x x x
Figure 7.2 Lab topology of the VRRP configuration
料 获
取
:
ht tp
:/ /l
ea
rn in
:UVURUM_
9IKTGXOU
更
多
资
Assume that you are a network administrator of a company and the current network of your company has two users: R2 and R3. A loopback interface of R1 simulates an Internet server. The network has two gateways, and you use
HC Series
cn
co m/
HCDA-HNTD Chapter 7 Layer3 Configuration and VRRP
HUAWEI TECHNOLOGIES
Page159
cn co m/
HCDA-HNTD Chapter 7 Layer3 Configuration and VRRP
VRRP to implement gateway redundancy.
i.
:GYQY
we
Step 1 Perform basic configurations and IP addressing.
Irrelevant interfaces must be disabled to ensure test result accuracy.
hu a
In this lab, GigabitEthernet0/0/9, GigabitEthernet0/0/13 and GigabitEthernet0/0/14 on S1 need to be shut down.
g.
The user network uses VLAN 1; S1 connects to R1 using VLAN 2; S2 connects to R1 using VLAN 3; a loopback interface has been configured on R1; IP addresses and default gateways have been configured on R2 and R3.
[Huawei]sysname R1 [R1]interface LoopBack 0
ea
[R1-LoopBack0]ip address 10.0.1.1 24
rn in
The router R1 simulates a wide area network (WAN), while its loopback interface simulates a server on the WAN.
[R1-LoopBack0]interface GigabitEthernet 0/0/1
:/ /l
[R1-GigabitEthernet0/0/1]ip address 10.0.11.2 24 [R1-GigabitEthernet0/0/1]interface GigabitEthernet 0/0/2 [R1-GigabitEthernet0/0/2]ip address 10.0.12.2 24
ht tp
The router R2 simulates one PC on a local area network (LAN), using the network segment 10.0.123.0/24 and the gateway 10.0.123.1. The router R3 simulates another PC on the LAN, using the network segment 10.0.123.0/24 and the gateway 10.0.123.1. system-view
:
[Huawei]sysname R2
[R2]interface GigabitEthernet 0/0/1
取
[R2-GigabitEthernet0/0/1]ip address 10.0.123.4 24 [R2-GigabitEthernet0/0/1]quit
料 获
[R2]ip route-static 0.0.0.0 0 10.0.123.1
system-view [Huawei]sysname R3 [R3]interface GigabitEthernet 0/0/2 [R3-GigabitEthernet0/0/2]ip address 10.0.123.5 24
更
多
资
[R3-GigabitEthernet0/0/2]quit
Page160
HUAWEI TECHNOLOGIES
HC Series
[R3]ip route-static 0.0.0.0 0 10.0.123.1
hu a
we
i.
Create VLAN 1 to VLAN 3 on the switch S1. The default link type of interfaces is hybrid. Configure G0/0/10 as a Trunk interface and configure it to allow all VLANs. Configure G0/0/1 as an access interface and add it to VLAN 2. Configure G0/0/2 as an access interface and add it to VLAN 1. Create VLANIF 1 to provide gateway for VLAN 1 and assign IP address 10.0.123.2/24 to VLANIF 1. Create VLANIF 2 as a Layer 3 link connecting to R1 and assign IP address 10.0.11.1/24 to VLANIF 2. system-view [Huawei]sysname S1
[S1]interface GigabitEthernet 0/0/10 [S1-GigabitEthernet0/0/10]port link-type trunk
g.
[S1]vlan batch 1 to 3
rn in
[S1-GigabitEthernet0/0/10]port trunk allow-pass vlan all
[S1-GigabitEthernet0/0/10]interface GigabitEthernet 0/0/1 [S1-GigabitEthernet0/0/1]port link-type access [S1-GigabitEthernet0/0/1]port default vlan 2
[S1-GigabitEthernet0/0/1]interface GigabitEthernet 0/0/2
ea
[S1-GigabitEthernet0/0/2]port link-type access [S1-GigabitEthernet0/0/2]port default vlan 1
:/ /l
[S1-GigabitEthernet0/0/2]interface Vlanif 1 [S1-Vlanif1]ip address 10.0.123.2 24 [S1-Vlanif1]interface vlanif 2
ht tp
[S1-Vlanif2]ip address 10.0.11.1 24
取
:
Create VLAN 1 to VLAN 3 for the switch S2. The interfaces by default adopt the hybrid mode. Define G0/0/10 as a Trunk interface to allow the access of all VLANs. Define G0/0/1 as an access interface belonging to VLAN 3. Define G0/0/3 as an access interface belonging to VLAN 1. Set the IP address of VLANIF 1 to 10.0.123.3/24 and use VLANIF 1 to provide gateway services for VLAN 1. Set the IP address of VLANIF 2 to 10.0.12.1/24 and use VLANIF 2 as a Layer 3 link for connecting to R1. system-view
料 获
[Huawei]sysname S2 [S2]vlan batch 1 to 3 [S2]interface GigabitEthernet 0/0/10 [S2-GigabitEthernet0/0/10]port link-type trunk [S2-GigabitEthernet0/0/10]port trunk allow-pass vlan all
资
[S2-GigabitEthernet0/0/10]interface GigabitEthernet 0/0/1
更
多
[S2-GigabitEthernet0/0/1]port link-type access
HC Series
cn
co m/
HCDA-HNTD Chapter 7 Layer3 Configuration and VRRP
HUAWEI TECHNOLOGIES
Page161
cn co m/
HCDA-HNTD Chapter 7 Layer3 Configuration and VRRP [S2-GigabitEthernet0/0/1]port default vlan 3 [S2-GigabitEthernet0/0/1]interface GigabitEthernet 0/0/3 [S2-GigabitEthernet0/0/3]port link-type access [S2-GigabitEthernet0/0/3]port default vlan 1
i.
[S2-GigabitEthernet0/0/3]interface Vlanif 1 [S2-Vlanif1]ip address 10.0.123.3 24
we
[S2-Vlanif1]interface Vlanif 3
hu a
[S2-Vlanif3]ip address 10.0.12.1 24
g.
After completing the configuration, test connectivity of direct links. Use the ping command to test the connections to S1, R1, R2, and R3 on S2. Use -c 1 in the ping command to configure the system to send only one ping packet. If you do not use this parameter, the system sends five packets by default. [S2]ping -c 1 10.0.12.2
rn in
PING 10.0.12.2: 56 data bytes, press CTRL_C to break
Reply from 10.0.12.2: bytes=56 Sequence=1 ttl=255 time=10 ms
--- 10.0.12.2 ping statistics --1 packet(s) transmitted
ea
1 packet(s) received 0.00% packet loss
[S2]ping -c 1 10.0.123.2
:/ /l
round-trip min/avg/max = 10/10/10 ms
PING 10.0.123.2: 56 data bytes, press CTRL_C to break
ht tp
Reply from 10.0.123.2: bytes=56 Sequence=1 ttl=255 time=1 ms
--- 10.0.123.2 ping statistics --1 packet(s) transmitted 1 packet(s) received 0.00% packet loss
:
round-trip min/avg/max = 1/1/1 ms
取
[S2]ping -c 1 10.0.123.4 PING 10.0.123.4: 56 data bytes, press CTRL_C to break
料 获
Reply from 10.0.123.4: bytes=56 Sequence=1 ttl=255 time=1 ms
--- 10.0.123.4 ping statistics --1 packet(s) transmitted 1 packet(s) received
更
多
资
0.00% packet loss round-trip min/avg/max = 1/1/1 ms
Page162
HUAWEI TECHNOLOGIES
HC Series
[S2]ping -c 1 10.0.123.5 PING 10.0.123.5: 56 data bytes, press CTRL_C to break
i.
Reply from 10.0.123.5: bytes=56 Sequence=1 ttl=255 time=1 ms
--- 10.0.123.5 ping statistics ---
we
1 packet(s) transmitted 1 packet(s) received 0.00% packet loss
hu a
round-trip min/avg/max = 1/1/1 ms
g.
Step 2 Configure the OSPF routing protocol to implement the
[S1-ospf-1]area 0
rn in
route connectivity between S1, S2, and R1. [S1]ospf 1
[S1-ospf-1-area-0.0.0.0]network 10.0.0.0 0.255.255.255 [S1-ospf-1-area-0.0.0.0]quit
ea
[S1-ospf-1]silent-interface Vlanif 1
[S2-ospf-1]area 0
:/ /l
[S2]ospf 1
[S2-ospf-1-area-0.0.0.0]network 10.0.0.0 0.255.255.255 [S2-ospf-1-area-0.0.0.0]quit
ht tp
[S2-ospf-1]silent-interface Vlanif 1
[R1]ospf 1
[R1-ospf-1]area 0
[R1-ospf-1-area-0.0.0.0]network 10.0.0.0 0.255.255.255
:
After completing the configuration, wait until the network convergence is complete. Then test the network connectivity.
取
[S2]ping -c 1 10.0.11.1 PING 10.0.11.1: 56 data bytes, press CTRL_C to break
料 获
Reply from 10.0.11.1: bytes=56 Sequence=1 ttl=255 time=1 ms
--- 10.0.11.1 ping statistics --1 packet(s) transmitted
更
多
资
1 packet(s) received 0.00% packet loss round-trip min/avg/max = 1/1/1 ms
HC Series
HUAWEI TECHNOLOGIES
cn
co m/
HCDA-HNTD Chapter 7 Layer3 Configuration and VRRP
Page163
cn co m/
HCDA-HNTD Chapter 7 Layer3 Configuration and VRRP
[S2]ping -c 1 10.0.1.1 PING 10.0.1.1: 56 data bytes, press CTRL_C to break
i.
Reply from 10.0.2.1: bytes=56 Sequence=1 ttl=254 time=1 ms
--- 10.0.1.1 ping statistics ---
we
1 packet(s) transmitted 1 packet(s) received
round-trip min/avg/max = 1/1/1 ms
[S2]ping -c 1 10.0.12.2
g.
PING 10.0.12.2: 56 data bytes, press CTRL_C to break
hu a
0.00% packet loss
--- 10.0.12.2 ping statistics --1 packet(s) transmitted 1 packet(s) received 0.00% packet loss
ea
round-trip min/avg/max = 1/1/1 ms
rn in
Reply from 10.0.2.2: bytes=56 Sequence=1 ttl=255 time=1 ms
:/ /l
Step 3 Configure VRRP to implement gateway redundancy. Configure VRRP on S1. Create VRRP group 1 and set its priority to 105. By default, the priority is 100. [S1]interface Vlanif 1
ht tp
[S1-Vlanif1]vrrp vrid 1 virtual-ip 10.0.123.1 [S1-Vlanif1]vrrp vrid 1 priority 105
[S2]interface Vlanif 1
:
[S2-Vlanif1]vrrp vrid 1 virtual-ip 10.0.123.1
取
After the configuration, run the ping command on R2 and R3 to test whether they can communicate with the simulated Internet server. [R2]ping -c 1 10.0.1.1
料 获
PING 10.0.1.1: 56 data bytes, press CTRL_C to break Reply from 10.0.1.1: bytes=56 Sequence=1 ttl=254 time=2 ms
--- 10.0.1.1 ping statistics ---
更
多
资
1 packet(s) transmitted 1 packet(s) received
Page164
HUAWEI TECHNOLOGIES
HC Series
0.00% packet loss round-trip min/avg/max = 2/2/2 ms
[R3]ping -c 1 10.0.1.1
i.
PING 10.0.1.1: 56 data bytes, press CTRL_C to break
we
Reply from 10.0.1.1: bytes=56 Sequence=1 ttl=254 time=7 ms
--- 10.0.1.1 ping statistics --1 packet(s) transmitted
hu a
1 packet(s) received 0.00% packet loss round-trip min/avg/max = 7/7/7 ms
g.
Check the VRRP state on S1. Vlanif1 | Virtual Router 1 State : Master Virtual IP : 10.0.123.1 Master IP : 10.0.123.2 PriorityRun : 105 PriorityConfig : 105 MasterPriority : 105 Delay time : 0
TimerRun : 1 TimerConfig : 1 Auth type : NONE
:/ /l
Preempt : YES
ea
rn in
[S1]display vrrp
ht tp
Virtual MAC : 0000-5e00-0101 Check TTL : YES
Config type : normal-vrrp
Config track link-bfd down-number : 0
取
:
Currently, R2 and R3 send data packets to the Internet server through S1. Shut down VLANIF 1 on S1, and then test whether the traffic can be switched to S2. [S1]interface Vlanif 1
料 获
[S1-Vlanif1]shutdown
Run the ping command on R2 and R3 to test whether they can communicate with the simulated Internet server.
更
多
资
[R2]ping -c 1 10.0.1.1 PING 10.0.1.1: 56 data bytes, press CTRL_C to break
HC Series
HUAWEI TECHNOLOGIES
cn
co m/
HCDA-HNTD Chapter 7 Layer3 Configuration and VRRP
Page165
cn co m/
HCDA-HNTD Chapter 7 Layer3 Configuration and VRRP Reply from 10.0.1.1: bytes=56 Sequence=1 ttl=254 time=2 ms
--- 10.0.1.1 ping statistics --1 packet(s) transmitted
i.
1 packet(s) received 0.00% packet loss
we
round-trip min/avg/max = 2/2/2 ms
PING 10.0.1.1: 56 data bytes, press CTRL_C to break
hu a
[R3]ping -c 1 10.0.1.1
Reply from 10.0.1.1: bytes=56 Sequence=1 ttl=254 time=2 ms
g.
--- 10.0.1.1 ping statistics --1 packet(s) transmitted
0.00% packet loss round-trip min/avg/max = 2/2/2 ms
rn in
1 packet(s) received
S1 stops running at present. Check the VRRP state on S1 and S2.
ea
[S1]display vrrp Vlanif1 | Virtual Router 1 State : Initialize
Master IP : 0.0.0.0 PriorityRun : 105 PriorityConfig : 105
ht tp
MasterPriority : 0 Preempt : YES TimerRun : 1
:/ /l
Virtual IP : 10.0.123.1
Delay time : 0
TimerConfig : 1
Auth type : NONE
:
Virtual MAC : 0000-5e00-0101 Check TTL : YES
Config type : normal-vrrp
取
Config track link-bfd down-number : 0
料 获
[S2]display vrrp Vlanif1 | Virtual Router 1 State : Master Virtual IP : 10.0.123.1
更
多
资
Master IP : 10.0.123.3 PriorityRun : 100
Page166
HUAWEI TECHNOLOGIES
HC Series
PriorityConfig : 100 MasterPriority : 100 Preempt : YES
Delay time : 0
TimerRun : 1
i.
TimerConfig : 1 Auth type : NONE
we
Virtual MAC : 0000-5e00-0101 Check TTL : YES Config type : normal-vrrp
hu a
Config track link-bfd down-number : 0
g.
Step 4 Configure interface tracking.
[S1-Vlanif1]undo shutdown
ea
Check the VRRP state on S1. [S1]display vrrp
:/ /l
Vlanif1 | Virtual Router 1 State : Master
rn in
Enable the VLANIF 1 interface on S1. Specify G0/0/1 for S1 and S2 to track. [S1]interface Vlanif 1
Virtual IP : 10.0.123.1 Master IP : 10.0.123.2 PriorityRun : 105
ht tp
PriorityConfig : 105 MasterPriority : 105 Preempt : YES TimerRun : 1
Delay time : 0
TimerConfig : 1
:
Auth type : NONE
Virtual MAC : 0000-5e00-0101
取
Check TTL : YES
Config type : normal-vrrp
料 获
Config track link-bfd down-number : 0
Currently, R2 and R3 send data to the Internet server through S1. If G0/0/1 of S1 or G0/0/1 of R1 is disabled, traffic cannot be switched to S2.
资
Disable G0/0/1 of S1.
更
多
[S1]interface GigabitEthernet 0/0/1
HC Series
cn
co m/
HCDA-HNTD Chapter 7 Layer3 Configuration and VRRP
HUAWEI TECHNOLOGIES
Page167
cn co m/
HCDA-HNTD Chapter 7 Layer3 Configuration and VRRP [S1-GigabitEthernet0/0/1]shutdown
Check the VRRP state on S1. VRID State
Interface
Type
Virtual IP
-------------------------------------------------------Master
Vlanif1
Normal 10.0.123.1
we
1
i.
[S1]display vrrp brief
hu a
Note: You can use the brief parameter to display only the brief information. Test connectivity between R2 and the Internet server. [R2]ping -c 1 10.0.1.1
g.
PING 10.0.1.1: 56 data bytes, press CTRL_C to break
rn in
Request time out
--- 10.0.1.1 ping statistics --1 packet(s) transmitted 0 packet(s) received
ea
100.00% packet loss
Enable G0/0/1 of S1.
:/ /l
The command output shows that R2 cannot communicate with the Internet server.
[S1]interface GigabitEthernet 0/0/1
ht tp
[S1-GigabitEthernet0/0/1]undo shutdown
Configure VRRP to track G0/0/1 on S1 and S2. If G0/0/1 of S1 is disabled, the VRRP priority of S1 is reduced by 10. In this case, S2 replaces S1 as the VRRP master device.
:
[S1]interface Vlanif 1
[S1-Vlanif1]vrrp vrid 1 track interface GigabitEthernet 0/0/1 reduced 10
取
[S2]interface Vlanif 1
料 获
[S2-Vlanif1]vrrp vrid 1 track interface GigabitEthernet 0/0/1 reduced 10
Test the network connectivity. R2 can communicate with the Internet server.
[R2]ping -c 1 10.0.1.1
更
多
资
PING 10.0.1.1: 56 data bytes, press CTRL_C to break
Page168
HUAWEI TECHNOLOGIES
HC Series
Reply from 10.0.1.1: bytes=56 Sequence=1 ttl=254 time=3 ms
--- 10.0.1.1 ping statistics --1 packet(s) transmitted
i.
1 packet(s) received 0.00% packet loss
we
round-trip min/avg/max = 3/3/3 ms
hu a
Disable G0/0/1 of S1. [S1]interface GigabitEthernet 0/0/1 [S1-GigabitEthernet0/0/1]shutdown
g.
Test connectivity between R2 and the Internet server. [R2]ping -c 1 10.0.1.1
rn in
PING 10.0.1.1: 56 data bytes, press CTRL_C to break
1 packet(s) transmitted 1 packet(s) received 0.00% packet loss
:/ /l
round-trip min/avg/max = 2/2/2 ms
ea
Reply from 10.0.1.1: bytes=56 Sequence=1 ttl=254 time=2 ms
--- 10.0.1.1 ping statistics ---
R2 can communicate with the Internet server. Check the VRRP state on S1.
ht tp
[S1]display vrrp
Vlanif1 | Virtual Router 1 State : Backup
Virtual IP : 10.0.123.1 Master IP : 10.0.123.3
:
PriorityRun : 95
PriorityConfig : 105
取
MasterPriority : 100 Preempt : YES
Delay time : 0
料 获
TimerRun : 1 TimerConfig : 1 Auth type : NONE Virtual MAC : 0000-5e00-0101 Check TTL : YES
更
多
资
Config type : normal-vrrp Track IF : GigabitEthernet0/0/1
HC Series
Priority reduced : 10
HUAWEI TECHNOLOGIES
cn
co m/
HCDA-HNTD Chapter 7 Layer3 Configuration and VRRP
Page169
cn co m/
HCDA-HNTD Chapter 7 Layer3 Configuration and VRRP IF state : DOWN
we
Additional Exercises: Analyzing and Verifying
i.
Config track link-bfd down-number : 0
hu a
The configuration in this lab implements the redundancy of two Layer 3 switches, which can effectively prevent single-point failures. However, only one Layer 3 switch processes services, resulting in resource waste.
g.
Design a scheme based on the current topology to implement redundancy and load balancing.
rn in
,OTGR)UTLOM[XGZOUTY [S1]display current-configuration # !Software Version V100R006C00SPC800
ea
sysname S1 #
interface Vlanif1
:/ /l
vlan batch 1 to 3 #
ip address 10.0.123.2 255.255.255.0 vrrp vrid 1 virtual-ip 10.0.123.1 vrrp vrid 1 priority 105
ht tp
vrrp vrid 1 track interface GigabitEthernet0/0/1 #
interface Vlanif2
ip address 10.0.11.1 255.255.255.0
:
#
interface GigabitEthernet0/0/1 shutdown
取
port link-type access port default vlan 2
料 获
ntdp enable ndp enable bpdu enable
#
interface GigabitEthernet0/0/2
更
多
资
port link-type access
Page170
HUAWEI TECHNOLOGIES
HC Series
ntdp enable ndp enable bpdu enable #
i.
interface GigabitEthernet0/0/10 port link-type trunk
we
port trunk allow-pass vlan 2 to 4094 ntdp enable ndp enable
hu a
bpdu enable # interface NULL0
g.
# ospf 1 silent-interface Vlanif1
rn in
area 0.0.0.0 network 10.0.0.0 0.255.255.255 # user-interface con 0 user-interface vty 0 4
ea
#
:/ /l
return
[S2]display current-configuration #
!Software Version V100R006C00SPC800 sysname S2
ht tp
#
vlan batch 1 to 3 #
interface Vlanif1
ip address 10.0.123.3 255.255.255.0
:
vrrp vrid 1 virtual-ip 10.0.123.1 vrrp vrid 1 track interface GigabitEthernet0/0/1
取
#
interface Vlanif3
料 获
ip address 10.0.12.1 255.255.255.0 #
interface GigabitEthernet0/0/1 port link-type access port default vlan 3
更
多
资
ntdp enable ndp enable
HC Series
cn
co m/
HCDA-HNTD Chapter 7 Layer3 Configuration and VRRP
HUAWEI TECHNOLOGIES
Page171
cn co m/
HCDA-HNTD Chapter 7 Layer3 Configuration and VRRP bpdu enable # interface GigabitEthernet0/0/3 port link-type access
i.
ntdp enable ndp enable
we
bpdu enable # ospf 1
hu a
silent-interface Vlanif1 area 0.0.0.0 network 10.0.0.0 0.255.255.255
g.
# user-interface con 0
# return
[R1]display current-configuration [V200R001C01SPC300]
ea
#
rn in
user-interface vty 0 4
sysname R1
:/ /l
# interface GigabitEthernet0/0/1
ip address 10.0.11.2 255.255.255.0 #
interface GigabitEthernet0/0/2
ht tp
ip address 10.0.12.2 255.255.255.0 #
interface LoopBack0
ip address 10.0.1.1 255.255.255.0 #
:
ospf 1
area 0.0.0.0
取
network 10.0.0.0 0.255.255.255 #
料 获
user-interface con 0 user-interface vty 0 4 user-interface vty 16 20 #
资
return
更
多
[R2]display current-configuration
Page172
HUAWEI TECHNOLOGIES
HC Series
[V200R001C01SPC300] # sysname R2 #
i.
interface GigabitEthernet0/0/1 ip address 10.0.123.4 255.255.255.0
we
# ip route-static 0.0.0.0 0.0.0.0 10.0.123.1 #
hu a
user-interface con 0 user-interface vty 0 4 user-interface vty 16 20
g.
# return
rn in
[R3]display current-configuration [V200R001C01SPC300] # sysname R3 #
ea
interface GigabitEthernet0/0/2
ip address 10.0.123.5 255.255.255.0
:/ /l
#
ip route-static 0.0.0.0 0.0.0.0 10.0.123.1 # user-interface con 0 user-interface vty 0 4
ht tp
user-interface vty 16 20 #
更
多
资
料 获
取
:
return
HC Series
cn
co m/
HCDA-HNTD Chapter 7 Layer3 Configuration and VRRP
HUAWEI TECHNOLOGIES
Page173
cn co m/
HCDA-HNTD Chapter 8 WAN Configuration
Chapter 8 WAN Configuration
Learning Objectives
g.
WAN technologies. PPP implementation. Method used to configure HDLC on a serial link. Method used to change the clock frequency on a serial link. Method used to configure PPP on a serial link. Method used to configure PAP authentication on the PPP link. Method used to configure CHAP authentication on the PPP link. Negotiation on the PPP link.
rn in
x x x x x x x x
hu a
The objectives of this lab are to learn and understand:
we
i.
Lab 8-1 HDLC and PPP Configuration
ht tp
:/ /l
ea
Topology
Scenario
:
Figure 8.1 HDLC and PPP configuration
更
多
资
料 获
取
You are a network administrator of a company. R1, R2, R3 in 0 are routers. R1 is located in the headquarters, and R2 and R3 are located in two branches. The headquarters and branches need to be interconnected. Use HDLC and PPP on WAN links and use different authentication modes to ensure security.
Page174
HUAWEI TECHNOLOGIES
HC Series
Tasks
i.
Step 1 Configure IP addresses. system-view
we
Enter system view, return user view with Ctrl+Z. [Huawei]sysname R1
hu a
[R1]interface Serial 1/0/0 [R1-Serial1/0/0]ip address 10.0.12.1 24
Enter system view, return user view with Ctrl+Z. [Huawei]sysname R2
[R2-Serial1/0/0]quit [R2]interface Serial 2/0/0
ea
[R2-Serial2/0/0]ip address 10.0.23.2 24
rn in
[R2]interface Serial 1/0/0
g.
system-view
[R2-Serial1/0/0]ip address 10.0.12.2 24
system-view
:/ /l
Enter system view, return user view with Ctrl+Z. [Huawei]sysname R3
[R3]interface Serial 2/0/0
[R3-Serial2/0/0]ip address 10.0.23.3 24
ht tp
Step 2 Enable HDLC on serial interfaces. [R1]interface Serial 1/0/0
[R1-Serial1/0/0]link-protocol hdlc
:
Warning: The encapsulation protocol of the link will be changed. Continue? [Y/N]:y [R1-Serial1/0/0]
取
[R2]interface Serial 1/0/0 [R2-Serial1/0/0]link-protocol hdlc
料 获
Warning: The encapsulation protocol of the link will be changed. Continue? [Y/N]:y [R2-Serial1/0/0]quit [R2]interface Serial 2/0/0 [R2-Serial2/0/0]link-protocol hdlc Warning: The encapsulation protocol of the link will be changed. Continue? [Y/N]:y
更
多
资
[R2-Serial2/0/0]
HC Series
cn
co m/
HCDA-HNTD Chapter 8 WAN Configuration
HUAWEI TECHNOLOGIES
Page175
cn co m/
HCDA-HNTD Chapter 8 WAN Configuration [R3]interface Serial 2/0/0 [R3-Serial2/0/0]link-protocol hdlc
Warning: The encapsulation protocol of the link will be changed. Continue? [Y/N]:y
i.
[R3-Serial2/0/0]
we
After HDLC is enabled the on serial interfaces, view the serial interface status. Use the display on R1 as an example. [R1]display interface Serial1/0/0
Line protocol current state : UP Last line protocol up time : 2011-10-09 14:42:26 Description:HUAWEI, AR Series, Serial1/0/0 Interface
hu a
Serial1/0/0 current state : UP
g.
Route Port,The Maximum Transmit Unit is 1500, Hold timer is 10(sec) Internet Address is 10.0.12.1/24
Last physical up time
rn in
Link layer protocol is nonstandard HDLC : 2011-10-09 14:39:44
Last physical down time : 2011-10-09 14:39:43 Current system time: 2011-10-09 14:43:14
Physical layer is synchronous, Baudrate is 64000 bps
ea
Interface is DCE, Cable type is V35, Clock mode is DCECLK Last 300 seconds input rate 2 bytes/sec 16 bits/sec 0 packets/sec Last 300 seconds output rate 2 bytes/sec 16 bits/sec 0 packets/sec
:/ /l
Input: 257 packets, 3856 bytes broadcasts:
0, multicasts:
errors:
0, runts:
CRC:
0, align errors:
0, aborts:
frame errors:
0, giants:
0, overruns:
ht tp
dribbles:
0 0 0
0, no buffers:
0
0
Output: 252 packets, 3184 bytes errors:
0, underruns:
deferred:
0, collisions:
0
0
:
DCD=UP DTR=UP DSR=UP RTS=UP CTS=UP
Input bandwidth utilization : 0.05%
取
Output bandwidth utilization : 0.05%
料 获
Test connectivity of the directly connected link after verifying that the physical status and protocol status of the interface are Up. [R2]ping 10.0.12.1 PING 10.0.12.1: 56 data bytes, press CTRL_C to break
更
多
资
Reply from 10.0.12.1: bytes=56 Sequence=1 ttl=255 time=44 ms Reply from 10.0.12.1: bytes=56 Sequence=2 ttl=255 time=39 ms
Page176
HUAWEI TECHNOLOGIES
HC Series
Reply from 10.0.12.1: bytes=56 Sequence=3 ttl=255 time=39 ms Reply from 10.0.12.1: bytes=56 Sequence=4 ttl=255 time=40 ms Reply from 10.0.12.1: bytes=56 Sequence=5 ttl=255 time=39 ms
i.
--- 10.0.12.1 ping statistics --5 packet(s) transmitted
we
5 packet(s) received 0.00% packet loss
[R2]ping 10.0.23.3 PING 10.0.23.3: 56 data bytes, press CTRL_C to break
hu a
round-trip min/avg/max = 39/40/44 ms
g.
Reply from 10.0.23.3: bytes=56 Sequence=1 ttl=255 time=44 ms
Reply from 10.0.23.3: bytes=56 Sequence=2 ttl=255 time=39 ms Reply from 10.0.23.3: bytes=56 Sequence=3 ttl=255 time=39 ms
rn in
Reply from 10.0.23.3: bytes=56 Sequence=4 ttl=255 time=40 ms Reply from 10.0.23.3: bytes=56 Sequence=5 ttl=255 time=39 ms
--- 10.0.23.3 ping statistics --5 packet(s) transmitted
ea
5 packet(s) received 0.00% packet loss
:/ /l
round-trip min/avg/max = 39/40/44 ms
Step 3 Configure RIPv2.
ht tp
[R1]rip [R1-rip-1]version 2
[R1-rip-1]network 10.0.0.0
[R2]rip
:
[R2-rip-1]version 2
取
[R2-rip-1]network 10.0.0.0
[R3]rip
[R3-rip-1]version 2
料 获
[R3-rip-1]network 10.0.0.0
After the configurations are complete, check whether all the routes are learned. Verify that corresponding routes are learned by RIP.
资
[R1]display ip routing-table
更
多
Route Flags: R - relay, D - download to fib
HC Series
HUAWEI TECHNOLOGIES
cn
co m/
HCDA-HNTD Chapter 8 WAN Configuration
Page177
cn co m/
HCDA-HNTD Chapter 8 WAN Configuration ---------------------------------------------------------------------------Routing Tables: Public
Destination/Mask
Routes : 8
Proto
Pre Cost
Flags NextHop
Interface
0
D
10.0.12.1
Serial1/0/0
10.0.12.1/32 Direct 0
0
D
127.0.0.1
InLoopBack0
D
127.0.0.1
InLoopBack0
127.0.0.0/8
100 1
Direct 0
0
127.0.0.1/32 Direct 0
0
D
10.0.12.2
D D
Serial1/0/0
hu a
10.0.23.0/24 RIP
0
127.0.0.1
InLoopBack0
127.0.0.1
InLoopBack0
127.255.255.255/32 Direct 0
0
D
127.0.0.1
255.255.255.255/32 Direct 0
0
D
127.0.0.1
InLoopBack0
g.
10.0.12.255/32 Direct 0
we
10.0.12.0/24 Direct 0
i.
Destinations : 8
InLoopBack0
rn in
On R1, run the ping command to test connectivity between R1 and R3. [R1]ping 10.0.23.3
PING 10.0.23.3: 56 data bytes, press CTRL_C to break
Reply from 10.0.23.3: bytes=56 Sequence=1 ttl=254 time=44 ms
ea
Reply from 10.0.23.3: bytes=56 Sequence=2 ttl=254 time=39 ms Reply from 10.0.23.3: bytes=56 Sequence=3 ttl=254 time=39 ms Reply from 10.0.23.3: bytes=56 Sequence=4 ttl=254 time=40 ms
:/ /l
Reply from 10.0.23.3: bytes=56 Sequence=5 ttl=254 time=39 ms
--- 10.0.23.3 ping statistics --5 packet(s) transmitted
ht tp
5 packet(s) received 0.00% packet loss
round-trip min/avg/max = 39/40/44 ms
:
Step 4 View the type of the cable connected to the serial
取
interface, interface status, and clock frequency, and
料 获
change the clock frequency. [R2]display interface Serial1/0/0 Serial1/0/0 current state : UP Line protocol current state : UP Last line protocol up time : 2011-10-09 16:25:55
更
多
资
Description:HUAWEI, AR Series, Serial1/0/0 Interface
Page178
HUAWEI TECHNOLOGIES
HC Series
Route Port,The Maximum Transmit Unit is 1500, Hold timer is 10(sec) Internet Address is 10.0.12.2/24 Link layer protocol is nonstandard HDLC Last physical up time
: 2011-10-09 16:25:55
i.
Last physical down time : 2011-10-09 16:25:55 Current system time: 2011-10-09 16:52:14
we
Physical layer is synchronous, Virtualbaudrate is 64000 bps Interface is DTE, Cable type is V35, Clock mode is TC
Last 300 seconds input rate 4 bytes/sec 32 bits/sec 0 packets/sec
broadcasts:
0, multicasts:
0
0, runts:
0, giants:
0, align errors:
dribbles:
0, aborts:
frame errors:
0
Output: 227 packets, 6674 bytes errors:
0, underruns:
deferred:
0
0
0, no buffers:
0
0, collisions:
0
ea
DCD=UP DTR=UP DSR=UP RTS=UP CTS=UP
0
0, overruns:
rn in
CRC:
g.
errors:
hu a
Last 300 seconds output rate 4 bytes/sec 32 bits/sec 0 packets/sec Input: 223 packets, 7152 bytes
Input bandwidth utilization : 0.05%
:/ /l
Output bandwidth utilization : 0.19%
The preceding information shows that S1/0/0 on R2 connects to a DCE cable and the clock frequency is 64000 bit/s.
ht tp
The DCE controls the clock frequency and bandwidth. Change the clock frequency on the link between R1 and R2 to 128000 bit/s. This operation must be performed on the DCE, R1. [R1]interface Serial 1/0/0
:
[R1-Serial1/0/0]baudrate 128000
取
After the configurations are complete, view the serial interface status. [R1]display interface Serial1/0/0
料 获
Serial1/0/0 current state : UP Line protocol current state : UP Last line protocol up time : 2011-10-10 11:56:41 Description:HUAWEI, AR Series, Serial1/0/0 Interface Route Port,The Maximum Transmit Unit is 1500, Hold timer is 10(sec)
资
Internet Address is 10.0.12.1/24
更
多
Link layer protocol is PPP
HC Series
HUAWEI TECHNOLOGIES
cn
co m/
HCDA-HNTD Chapter 8 WAN Configuration
Page179
cn co m/
HCDA-HNTD Chapter 8 WAN Configuration LCP opened, IPCP opened Last physical up time
: 2011-10-10 11:56:38
Last physical down time : 2011-10-10 11:53:32 Current system time: 2011-10-10 13:58:43
Interface is DCE, Cable type is V35, Clock mode is DCECLK
we
Last 300 seconds input rate 5 bytes/sec 40 bits/sec 0 packets/sec
i.
Physical layer is synchronous, Baudrate is 128000 bps
Last 300 seconds output rate 2 bytes/sec 16 bits/sec 0 packets/sec Input: 3471 packets, 66408 bytes
CRC:
0, align errors:
dribbles:
0
0, giants:
0, aborts:
frame errors:
hu a
0, multicasts: 0, runts:
0
errors:
0, underruns:
deferred:
0
DCD=UP DTR=UP DSR=UP RTS=UP CTS=UP
Input bandwidth utilization : 0.03%
0 0
0
0, collisions:
ea
Output bandwidth utilization : 0.03%
0, overruns:
0, no buffers:
rn in
Output: 3218 packets, 40326 bytes
0
g.
broadcasts: errors:
:/ /l
Step 5 Configure PPP on serial interfaces between R1 and R2 and between R2 and R3.
ht tp
Configure PPP. Both ends of the link must use the same encapsulation mode. If both ends of the link use different encapsulation modes, interfaces may become Down. [R1]interface Serial 1/0/0
:
[R1-Serial1/0/0]link-protocol ppp Warning: The encapsulation protocol of the link will be changed. Continue? [Y/N]:y
取
[R1-Serial1/0/0]
料 获
[R2]interface Serial 1/0/0 [R2-Serial1/0/0]link-protocol ppp Warning: The encapsulation protocol of the link will be changed. Continue? [Y/N]:y [R2-Serial1/0/0]quit
资
[R2]interface Serial 2/0/0
更
多
[R2-Serial2/0/0]link-protocol ppp
Page180
HUAWEI TECHNOLOGIES
HC Series
Warning: The encapsulation protocol of the link will be changed. Continue? [Y/N]:y [R2-Serial2/0/0]
i.
[R3]interface Serial 2/0/0 [R3-Serial2/0/0]link-protocol ppp
we
Warning: The encapsulation protocol of the link will be changed. Continue? [Y/N]:y
hu a
[R3-Serial2/0/0]
After the configurations are complete, test link connectivity. [R2]ping 10.0.12.1
g.
PING 10.0.12.1: 56 data bytes, press CTRL_C to break
Reply from 10.0.12.1: bytes=56 Sequence=1 ttl=255 time=22 ms
rn in
Reply from 10.0.12.1: bytes=56 Sequence=2 ttl=255 time=27 ms Reply from 10.0.12.1: bytes=56 Sequence=3 ttl=255 time=27 ms Reply from 10.0.12.1: bytes=56 Sequence=4 ttl=255 time=27 ms Reply from 10.0.12.1: bytes=56 Sequence=5 ttl=255 time=27 ms
ea
--- 10.0.12.1 ping statistics --5 packet(s) transmitted
:/ /l
5 packet(s) received 0.00% packet loss
round-trip min/avg/max = 22/26/27 ms
[R2]ping 10.0.23.3
ht tp
PING 10.0.23.3: 56 data bytes, press CTRL_C to break Reply from 10.0.23.3: bytes=56 Sequence=1 ttl=255 time=35 ms Reply from 10.0.23.3: bytes=56 Sequence=2 ttl=255 time=40 ms Reply from 10.0.23.3: bytes=56 Sequence=3 ttl=255 time=40 ms Reply from 10.0.23.3: bytes=56 Sequence=4 ttl=255 time=40 ms
:
Reply from 10.0.23.3: bytes=56 Sequence=5 ttl=255 time=40 ms
--- 10.0.23.3 ping statistics ---
取
5 packet(s) transmitted 5 packet(s) received
料 获
0.00% packet loss round-trip min/avg/max = 35/39/40 ms
资
If the ping operation fails, check the interface status and check whether the link layer protocol type is correct.
更
多
[R1]display interface Serial1/0/0
HC Series
cn
co m/
HCDA-HNTD Chapter 8 WAN Configuration
HUAWEI TECHNOLOGIES
Page181
cn co m/
HCDA-HNTD Chapter 8 WAN Configuration Serial1/0/0 current state : UP Line protocol current state : UP Last line protocol up time : 2011-10-10 16:26:28 Description:HUAWEI, AR Series, Serial1/0/0 Interface
i.
Route Port,The Maximum Transmit Unit is 1500, Hold timer is 10(sec) Internet Address is 10.0.12.1/24
we
Link layer protocol is PPP LCP opened, IPCP opened : 2011-10-10 16:26:25
Last physical down time : 2011-10-10 16:26:04 Current system time: 2011-10-10 16:31:06 Physical layer is synchronous, Baudrate is 128000 bps
hu a
Last physical up time
g.
Interface is DCE, Cable type is V35, Clock mode is DCECLK
Last 300 seconds input rate 5 bytes/sec 40 bits/sec 0 packets/sec
Input: 5600 packets, 116506 bytes broadcasts:
0, multicasts:
errors:
0, runts:
CRC:
0, align errors: 0, aborts:
frame errors:
0
Output: 5046 packets, 63250 bytes
0
0, giants:
ea
dribbles:
rn in
Last 300 seconds output rate 2 bytes/sec 16 bits/sec 0 packets/sec
0, underruns:
deferred:
0
0, overruns:
0
0, no buffers:
0
0, collisions:
0
:/ /l
errors:
0
DCD=UP DTR=UP DSR=UP RTS=UP CTS=UP
Input bandwidth utilization : 0.03%
ht tp
Output bandwidth utilization : 0.03%
Step 6 Check routing entry changes.
取
:
After PPP configurations are complete, routers establish connections at the data link layer. The local device sends a route to the peer device. The route contains the interface IP address and a 32-bit mask.
料 获
The following information uses R2 as an example. You can see the routes to R1 and R3.
[R2]display ip routing-table Route Flags: R - relay, D - download to fib ----------------------------------------------------------------------------
更
多
资
Routing Tables: Public Destinations : 12
Page182
Routes : 12
HUAWEI TECHNOLOGIES
HC Series
Destination/Mask
Proto
Pre Cost
Flags NextHop
Interface
0
D
10.0.12.2
Serial1/0/0
10.0.12.1/32 Direct 0
0
D
10.0.12.1
Serial1/0/0
10.0.12.2/32 Direct 0
0
D
127.0.0.1
InLoopBack0
i.
10.0.12.0/24 Direct 0
0
D
127.0.0.1
InLoopBack0
10.0.23.0/24 Direct 0
0
D
10.0.23.2
Serial2/0/0
10.0.23.2/32 Direct 0
0
D
127.0.0.1
InLoopBack0
10.0.23.3/32 Direct 0
0
D
10.0.23.3
Serial2/0/0
10.0.23.255/32 Direct 0
0
D
127.0.0.1
D
127.0.0.1
0
D
127.0.0.1
hu a
0
InLoopBack0
InLoopBack0 InLoopBack0
g.
Direct 0
127.0.0.1/32 Direct 0
we
10.0.12.255/32 Direct 0
127.0.0.0/8
0
D
127.0.0.1
InLoopBack0
255.255.255.255/32 Direct 0
0
D
127.0.0.1
InLoopBack0
rn in
127.255.255.255/32 Direct 0
Think about the origin and functions of the two routes. Check the following items: If HDLC is used, do the two routes exist?
:/ /l
ea
Can R1 and R2 communicate using HDLC or PPP when the IP addresses of S1/0/0 interfaces on R1 and R2 are located on different network segments?
Step 7 Enable PAP authentication on the PPP link between R1
ht tp
and R2.
Configure R1 as the authentication server. After R2 sends an authentication request to R1, R1 sends a response message to R2, requesting R2 to use PAP authentication and send its password to R1.
:
Configure PAP authentication on R1. [R1]interface Serial 1/0/0 [R1-Serial1/0/0]ppp authentication-mode pap
取
[R1-Serial1/0/0]quit [R1]aaa
料 获
[R1-aaa]local-user huawei password simple hello info: A new user added
更
多
资
[R1-aaa]local-user huawei service-type ppp
Configure PAP authentication on R2.
HC Series
HUAWEI TECHNOLOGIES
cn
co m/
HCDA-HNTD Chapter 8 WAN Configuration
Page183
cn co m/
HCDA-HNTD Chapter 8 WAN Configuration [R2]interface Serial 1/0/0 [R2-Serial1/0/0]shutdown [R2-Serial1/0/0]ppp pap local-user huawei password simple hello
i.
[R2-Serial1/0/0]undo shutdown
we
After the configurations are complete, test connectivity between R1 and R2.
hu a
Step 8 Enable CHAP authentication on the PPP link between R2 and R3.
rn in
g.
Configure R3 as the authentication server. After R2 sends an authentication request to R3, R3 sends a response message to R2, requesting R2 to use CHAP authentication and send its user name and password to R3. [R3]interface Serial 2/0/0
[R3-Serial2/0/0]ppp authentication-mode chap [R3-Serial2/0/0]shutdown
ea
[R3-Serial2/0/0]quit [R3]aaa
info: A new user added
:/ /l
[R3-aaa]local-user user1 password cipher huawei
[R3-aaa]local-user user1 service-type ppp [R3-aaa]quit
ht tp
[R3]interface Serial 2/0/0
[R3-Serial2/0/0]undo shutdown
On R3, the following information is displayed. Oct 10 2011 16:46:03+00:00 R3 %%01PPP/4/PEERNOCHAP(l)[9]:On the interface
:
Serial2/0/0, authentication failed and PPP link was closed because CHAP was disabled on the peer.
取
Oct 10 2011 16:46:03+00:00 R3 %%01PPP/4/RESULTERR(l)[10]:On the interface Serial2/0/0, LCP negotiation failDCD=UP DTR=UP DSR=UP RTS=UP CTS=UP
料 获
The greyed line indicates that authentication failed. Configure R2 as the CHAP client.
[R2]interface Serial 2/0/0
更
多
资
[R2-Serial2/0/0]ppp chap user user1
Page184
HUAWEI TECHNOLOGIES
HC Series
[R2-Serial2/0/0]ppp chap password cipher huawei
i.
After the configurations are complete, the interface becomes Up. The ping command output is as follows: [R2]ping 10.0.23.3
we
PING 10.0.23.3: 56 data bytes, press CTRL_C to break Reply from 10.0.23.3: bytes=56 Sequence=1 ttl=255 time=35 ms Reply from 10.0.23.3: bytes=56 Sequence=2 ttl=255 time=41 ms
hu a
Reply from 10.0.23.3: bytes=56 Sequence=3 ttl=255 time=41 ms Reply from 10.0.23.3: bytes=56 Sequence=4 ttl=255 time=41 ms
g.
Reply from 10.0.23.3: bytes=56 Sequence=5 ttl=255 time=41 ms
--- 10.0.23.3 ping statistics ---
5 packet(s) received 0.00% packet loss round-trip min/avg/max = 35/39/41 ms
rn in
5 packet(s) transmitted
ea
Step 9 Run the debug command to view negotiation of the PPP
:/ /l
connection between R2 and R3. The PPP connection is established by CHAP.
ht tp
Use R2 as an example. View the PPP negotiation process between R2 and R3. Disable S2/0/0 on R2, run the debug command, and enable S2/0/0 on R2. First shut down S2/0/0 on R2. [R2]interface Serial 2/0/0
:
[R2-Serial2/0/0]shutdown
料 获
取
Run the debugging ppp chap all command. By default, the debugging information is displayed. Run the terminal debugging command to display the debugging information on the console port. [R2-Serial2/0/0]return debugging ppp chap all terminal debugging
更
多
资
Info: Current terminal debugging is on.
HC Series
cn
co m/
HCDA-HNTD Chapter 8 WAN Configuration
HUAWEI TECHNOLOGIES
Page185
cn co m/
HCDA-HNTD Chapter 8 WAN Configuration
Enable S2/0/0 on R2. system-view Enter system view, return user view with Ctrl+Z. [R2]interface Serial 2/0/0
i.
[R2-Serial2/0/0]undo shutdown
we
The following debugging information is displayed on the console port: Serial2/0/0 CHAP : Initial --> ListenChallenge Oct 10 2011 17:54:48.830.1+00:00 R2 PPP/7/debug2: PPP Packet:
g.
Serial2/0/0 Input CHAP(c223) Pkt, Len 25
hu a
PPP State Change:
State ListenChallenge, code Challenge(01), id 1, len 21
Value_Size: 16 Value: 53 e3 a6 26 1b 54 e5 e2 a1 ed 90 87 94 3 f0 1
rn in
Name:
Oct 10 2011 17:54:48.830.2+00:00 R2 PPP/7/debug2: PPP Event:
Serial2/0/0 CHAP Receive Challenge Event state ListenChallenge
ea
Oct 10 2011 17:54:48.830.3+00:00 R2 PPP/7/debug2: PPP Packet:
:/ /l
Serial2/0/0 Output CHAP(c223) Pkt, Len 37
State ListenChallenge, code Response(02), id 1, len 33 Value_Size: 16 Value: 4b 6 73 d1 48 c2 55 8d da a6 c7 3e 21 e9 44 48 Name: user1
Oct 10 2011 17:54:48.830.4+00:00 R2 PPP/7/debug2:
ht tp
PPP State Change:
Serial2/0/0 CHAP : ListenChallenge --> SendResponse Oct 10 2011 17:54:48.850.1+00:00 R2 PPP/7/debug2: PPP Packet:
Serial2/0/0 Input CHAP(c223) Pkt, Len 20
:
State SendResponse, code SUCCESS(03), id 1, len 16 Message: Welcome to .
取
Oct 10 2011 17:54:48.850.2+00:00 R2 PPP/7/debug2: PPP Event:
料 获
Serial2/0/0 CHAP Receive Success Event state SendResponse
Oct 10 2011 17:54:48.850.3+00:00 R2 PPP/7/debug2: PPP State Change:
更
多
资
Serial2/0/0 CHAP : SendResponse --> ClientSuccess
Page186
HUAWEI TECHNOLOGIES
HC Series
The greyed line shows the interface status change.
hu a
we
Additional Exercises: Analyzing and Verifying
i.
Run the debugging ppp pap all command to view PPP negotiation when PAP authentication is used between R1 and R2. Compare the debugging ppp pap all command output with the debugging ppp chap all command output to learn about difference between PAP authentication and CHAP authentication.
Why CHAP is more secure than PAP?
g.
Final Configurations [R1]display current-configuration
rn in
[V200R001C01SPC300] # sysname R1 #
ea
aaa authentication-scheme default authorization-scheme default
domain default domain default_admin
:/ /l
accounting-scheme default
local-user admin password simple admin local-user admin service-type http
ht tp
local-user huawei password simple hello local-user huawei service-type ppp #
interface Serial1/0/0
:
link-protocol ppp
ppp authentication-mode pap
取
ip address 10.0.12.1 255.255.255.0 baudrate 128000 #
料 获
rip 1
version 2 network 10.0.0.0
#
更
多
资
return
HC Series
HUAWEI TECHNOLOGIES
cn
co m/
HCDA-HNTD Chapter 8 WAN Configuration
Page187
cn co m/
HCDA-HNTD Chapter 8 WAN Configuration [R2]display current-configuration [V200R001C01SPC300] # sysname R2
i.
# aaa
we
authentication-scheme default authorization-scheme default accounting-scheme default
hu a
domain default domain default_admin local-user admin password simple admin
g.
local-user admin service-type http #
link-protocol ppp
rn in
interface Serial1/0/0
ppp pap local-user huawei password simple hello ip address 10.0.12.2 255.255.255.0 #
ea
interface Serial2/0/0 link-protocol ppp
:/ /l
ppp chap user user1
ppp chap password cipher N`C55QK<`=/Q=^Q`MAF4<1!! ip address 10.0.23.2 255.255.255.0 #
ht tp
rip 1 version 2
network 10.0.0.0 #
:
return
display current-configuration [V200R001C01SPC300]
取
#
sysname R3
料 获
# aaa
authentication-scheme default authentication-scheme system
更
多
资
authorization-scheme default accounting-scheme default
Page188
HUAWEI TECHNOLOGIES
HC Series
domain default domain default_admin domain system local-user admin password simple admin
we
local-user user1 service-type ppp
i.
local-user admin service-type http local-user user1 password cipher N`C55QK<`=/Q=^Q`MAF4<1!!
# interface Serial2/0/0
hu a
link-protocol ppp ppp authentication-mode chap ip address 10.0.23.3 255.255.255.0
g.
# rip 1
rn in
version 2 network 10.0.0.0 #
更
多
资
料 获
取
:
ht tp
:/ /l
ea
Return
HC Series
cn
co m/
HCDA-HNTD Chapter 8 WAN Configuration
HUAWEI TECHNOLOGIES
Page189
cn co m/
HCDA-HNTD Chapter 8 WAN Configuration
Lab 8-2 FR Configuration (Back to Back)
The objectives of this lab are to learn and understand:
we
x x x x
i.
Learning Objectives
x x
g.
hu a
PVC functions. Frame Relay (FR) implementation. Method used to configure FR on a serial link. Method used to configure mapping between IP addresses and DLCIs on the FR network. Method used to configure RIP on the FR network. Method used to configure OSPF on the FR network.
:/ /l
ea
rn in
Topology
Figure 8.2 FR topology
ht tp
Scenario
取
:
You are a network administrator of a company. R1, R2, R3 in 0 are routers. R1 is located in the headquarters, and R2 and R3 are located in two branches. The headquarters and branches need to be interconnected. You need to configure FR on WAN links and mapping between DLCIs and IP addresses.
料 获
Tasks
Step 1 Configure IP addresses. system-view
更
多
资
[Huawei]sysname R1
Page190
HUAWEI TECHNOLOGIES
HC Series
[R1]interface Serial 1/0/0 [R1-Serial1/0/0]ip address 10.0.12.1 24 [R1-Serial1/0/0]interface loopback 0
i.
[R1-LoopBack0]ip address 10.0.1.1 24
system-view
we
[Huawei]sysname R2 [R2]interface Serial 1/0/0 [R2-Serial1/0/0]ip address 10.0.12.2 24
hu a
[R2-Serial1/0/0]interface loopback 0 [R2-LoopBack0]ip address 10.0.2.2 24 [R2-LoopBack0]interface Serial 2/0/0
g.
[R2-Serial2/0/0]ip address 10.0.23.2 24
[R3]interface Serial 2/0/0 [R3-Serial2/0/0]ip address 10.0.23.3 24 [R3-Serial2/0/0]interface loopback 0
ea
[R3-LoopBack0]ip address 10.0.3.3 24
rn in
system-view [Huawei]sysname R3
:/ /l
After the IP addresses are configured, test network connectivity. [R2]ping 10.0.12.1
PING 10.0.12.1: 56 data bytes, press CTRL_C to break Reply from 10.0.12.1: bytes=56 Sequence=1 ttl=255 time=36 ms Reply from 10.0.12.1: bytes=56 Sequence=2 ttl=255 time=32 ms
ht tp
Reply from 10.0.12.1: bytes=56 Sequence=3 ttl=255 time=32 ms Reply from 10.0.12.1: bytes=56 Sequence=4 ttl=255 time=32 ms Reply from 10.0.12.1: bytes=56 Sequence=5 ttl=255 time=32 ms
--- 10.0.12.1 ping statistics ---
:
5 packet(s) transmitted 5 packet(s) received 0.00% packet loss
取
round-trip min/avg/max = 32/32/36 ms
料 获
[R2]ping 10.0.23.3 PING 10.0.23.3: 56 data bytes, press CTRL_C to break Reply from 10.0.23.3: bytes=56 Sequence=1 ttl=255 time=41 ms Reply from 10.0.23.3: bytes=56 Sequence=2 ttl=255 time=37 ms
更
多
资
Reply from 10.0.23.3: bytes=56 Sequence=3 ttl=255 time=37 ms Reply from 10.0.23.3: bytes=56 Sequence=4 ttl=255 time=37 ms
HC Series
cn
co m/
HCDA-HNTD Chapter 8 WAN Configuration
HUAWEI TECHNOLOGIES
Page191
cn co m/
HCDA-HNTD Chapter 8 WAN Configuration Reply from 10.0.23.3: bytes=56 Sequence=5 ttl=255 time=37 ms
--- 10.0.23.3 ping statistics --5 packet(s) transmitted
i.
5 packet(s) received 0.00% packet loss
we
round-trip min/avg/max = 37/37/41 ms
hu a
Step 2 Configure FR in back-to-back mode between R1 and R2 and use static address mapping.
rn in
g.
The router configurations vary depending on whether it is connected to DCE or DTE port. Check whether R1 or R2 connects to the DCE port of the serial interface cable. [R1]display interface Serial1/0/0 Serial1/0/0 current state : UP Line protocol current state : UP
ea
Last line protocol up time : 2011-10-11 14:40:34
Description:HUAWEI, AR Series, Serial1/0/0 Interface Route Port,The Maximum Transmit Unit is 1500, Hold timer is 10(sec)
:/ /l
Internet Address is 10.0.12.1/24 Link layer protocol is PPP LCP opened, IPCP opened Last physical up time
: 2011-10-11 14:40:34
ht tp
Last physical down time : 2011-10-11 14:40:33 Current system time: 2011-10-11 14:40:38 Physical layer is synchronous, Baudrate is 64000 bps Interface is DCE, Cable type is V35, Clock mode is DCECLK Last 300 seconds input rate 4 bytes/sec 32 bits/sec 0 packets/sec
:
Last 300 seconds output rate 5 bytes/sec 40 bits/sec 0 packets/sec Input: 3564 packets, 50438 bytes broadcasts:
CRC:
取
errors:
料 获
dribbles:
frame errors:
0, multicasts: 0, runts: 0, align errors: 0, aborts:
0 0, giants:
0
0, overruns:
0
0, no buffers:
0
0, collisions:
0
0
Output: 3597 packets, 43666 bytes errors:
0, underruns:
deferred:
0
更
多
资
DCD=UP DTR=UP DSR=UP RTS=UP CTS=UP
Page192
HUAWEI TECHNOLOGIES
HC Series
Input bandwidth utilization : 0.28% Output bandwidth utilization : 0.28%
i.
The preceding information shows that S1/0/0 on R1 connects to the DCE port of the serial interface cable.
we
[R1]interface Serial 1/0/0 [R1-Serial1/0/0]link-protocol fr
hu a
Warning: The encapsulation protocol of the link will be changed. Continue? [Y/N]:y [R1-Serial1/0/0]fr interface-type dce [R1-Serial1/0/0]undo fr inarp
[R1-fr-dlci-Serial1/0/0-102]quit
rn in
[R1-Serial1/0/0]fr map ip 10.0.12.2 102 broadcast
g.
[R1-Serial1/0/0]fr dlci 102
S1/0/0 on R2 connects to the DTE port of the serial interface cable. [R2]interface Serial 1/0/0 [R2-Serial1/0/0]link-protocol fr
ea
Warning: The encapsulation protocol of the link will be changed. Continue? [Y/N]:y [R2-Serial1/0/0]fr interface-type dte [R1-Serial1/0/0]undo fr inarp
:/ /l
[R2-Serial1/0/0]fr map ip 10.0.12.1 102 broadcast
After the configurations are complete, test link connectivity between R1 and R2.
ht tp
[R2]ping 10.0.12.1
PING 10.0.12.1: 56 data bytes, press CTRL_C to break Reply from 10.0.12.1: bytes=56 Sequence=1 ttl=255 time=38 ms Reply from 10.0.12.1: bytes=56 Sequence=2 ttl=255 time=34 ms Reply from 10.0.12.1: bytes=56 Sequence=3 ttl=255 time=34 ms
:
Reply from 10.0.12.1: bytes=56 Sequence=4 ttl=255 time=34 ms
取
Reply from 10.0.12.1: bytes=56 Sequence=5 ttl=255 time=34 ms
--- 10.0.12.1 ping statistics ---
料 获
5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 34/34/38 ms
更
多
资
If communication between R1 and R2 is abnormal before step 1 is performed, the FR configuration is incorrect. Perform the following operations HC Series
cn
co m/
HCDA-HNTD Chapter 8 WAN Configuration
HUAWEI TECHNOLOGIES
Page193
cn co m/
HCDA-HNTD Chapter 8 WAN Configuration
to troubleshoot the fault.
Compare the display fr map-info command output on R1 with that on R2. Use R1 as an example.
i.
[R1]display fr map-info Map Statistics for interface Serial1/0/0 (DCE)
we
DLCI = 102, IP 10.0.12.2, Serial1/0/0 create time = 2011/10/11 14:44:45, status = ACTIVE
hu a
encapsulation = ietf, vlink = 6, broadcast
[R1]display interface Serial1/0/0 Serial1/0/0 current state : UP
Last line protocol up time : 2011-10-11 14:44:35
g.
Line protocol current state : UP
Description:HUAWEI, AR Series, Serial1/0/0 Interface
rn in
Route Port,The Maximum Transmit Unit is 1500, Hold timer is 10(sec) Internet Address is 10.0.12.1/24 Link layer protocol is FR IETF
LMI DLCI is 0, LMI type is Q.933a, frame relay DCE
LMI status enquiry received 21, LMI status sent 21
ea
LMI status enquiry timeout 9, LMI message discarded 2 Last physical up time
: 2011-10-11 14:44:25
:/ /l
Last physical down time : 2011-10-11 14:44:25 Current system time: 2011-10-11 14:48:04
Physical layer is synchronous, Baudrate is 64000 bps Interface is DCE, Cable type is V35, Clock mode is DCECLK Last 300 seconds input rate 12 bytes/sec 96 bits/sec 0 packets/sec
ht tp
Last 300 seconds output rate 10 bytes/sec 80 bits/sec 0 packets/sec Input: 3712 packets, 54496 bytes broadcasts: errors:
0, multicasts:
0, runts:
0, giants:
0, align errors:
dribbles:
:
CRC:
0
frame errors:
0, aborts:
0
0, overruns:
0
0, no buffers:
0
0, collisions:
0
0
取
Output: 3727 packets, 47136 bytes 0, underruns:
deferred:
0
料 获
errors:
DCD=UP DTR=UP DSR=UP RTS=UP CTS=UP
Input bandwidth utilization : 0.08%
资
Output bandwidth utilization : 0.08%
更
多
[R1]display fr lmi-info interface Serial 1/0/0
Page194
HUAWEI TECHNOLOGIES
HC Series
Frame relay LMI statistics for interface Serial1/0/0 (DCE, Q933) T392DCE = 15, N392DCE = 3, N393DCE = 4 in status enquiry = 31, out status = 31
i.
status enquiry timeout = 9, discarded messages = 2
we
Step 3 Configure FR in back-to-back mode between R2 and R3
hu a
and use dynamic address mapping.
g.
The router configurations vary depending on whether it is connected to DCE or DTE port. Check whether R2 or R3 connects to the DCE port of the serial port cable. [R3]display interface Serial2/0/0
rn in
Serial2/0/0 current state : UP Line protocol current state : UP
Last line protocol up time : 2011-10-11 14:31:29
Description:HUAWEI, AR Series, Serial2/0/0 Interface
Route Port,The Maximum Transmit Unit is 1500, Hold timer is 10(sec)
ea
Internet Address is 10.0.23.3/24 Link layer protocol is PPP LCP opened, IPCP opened
: 2011-10-11 09:43:20
:/ /l
Last physical up time
Last physical down time : 2011-10-11 09:43:19 Current system time: 2011-10-11 14:56:16
Physical layer is synchronous, Baudrate is 64000 bps
ht tp
Interface is DCE, Cable type is V24, Clock mode is DCECLK Last 300 seconds input rate 2 bytes/sec 16 bits/sec 0 packets/sec Last 300 seconds output rate 2 bytes/sec 16 bits/sec 0 packets/sec Input: 3765 packets, 53110 bytes broadcasts:
CRC: dribbles:
0, multicasts:
0, runts:
:
errors:
取
frame errors:
0, align errors: 0, aborts:
0 0, giants:
0
0, overruns:
0
0, no buffers:
0
0, collisions:
0
0
Output: 3766 packets, 45590 bytes
料 获
errors:
deferred:
0, underruns: 0
DCD=UP DTR=UP DSR=UP RTS=UP CTS=UP
Input bandwidth utilization : 0.06%
更
多
资
Output bandwidth utilization : 0.05%
HC Series
HUAWEI TECHNOLOGIES
cn
co m/
HCDA-HNTD Chapter 8 WAN Configuration
Page195
cn co m/
HCDA-HNTD Chapter 8 WAN Configuration
The greyed line indicates that S2/0/0 on R3 connects to the DCE port. [R2]interface Serial 2/0/0 [R2-Serial2/0/0]link-protocol fr
Warning: The encapsulation protocol of the link will be changed. Continue? [Y/N]:y
i.
[R2-Serial2/0/0]fr interface-type dte
we
[R2-Serial2/0/0]fr inarp
S2/0/0 on R3 connects to the DCE port of the serial port cable.
hu a
[R3]interface Serial 2/0/0 [R3-Serial2/0/0]link-protocol fr
Warning: The encapsulation protocol of the link will be changed. Continue? [Y/N]:y
g.
[R3-Serial2/0/0]fr interface-type dce [R3-Serial2/0/0]fr dlci 203
rn in
[R3-fr-dlci-Serial2/0/0-203]quit [R3-Serial2/0/0]fr inarp
After the configurations are complete, test connectivity between R2 and R3.
ea
[R3]ping 10.0.23.2
PING 10.0.23.2: 56 data bytes, press CTRL_C to break
:/ /l
Reply from 10.0.23.2: bytes=56 Sequence=1 ttl=255 time=40 ms Reply from 10.0.23.2: bytes=56 Sequence=2 ttl=255 time=35 ms Reply from 10.0.23.2: bytes=56 Sequence=3 ttl=255 time=35 ms Reply from 10.0.23.2: bytes=56 Sequence=4 ttl=255 time=35 ms
ht tp
Reply from 10.0.23.2: bytes=56 Sequence=5 ttl=255 time=35 ms
--- 10.0.23.2 ping statistics --5 packet(s) transmitted 5 packet(s) received 0.00% packet loss
:
round-trip min/avg/max = 35/36/40 ms
取
If R2 fails to communicate with R3, locate the fault using the following command output.
料 获
[R3]display interface Serial2/0/0 Serial2/0/0 current state : UP Line protocol current state : UP Last line protocol up time : 2011-10-11 15:02:01 Description:HUAWEI, AR Series, Serial2/0/0 Interface
更
多
资
Route Port,The Maximum Transmit Unit is 1500, Hold timer is 10(sec)
Page196
HUAWEI TECHNOLOGIES
HC Series
Internet Address is 10.0.23.3/24 Link layer protocol is FR IETF LMI DLCI is 0, LMI type is Q.933a, frame relay DCE LMI status enquiry received 28, LMI status sent 28
i.
LMI status enquiry timeout 0, LMI message discarded 8 Last physical up time
: 2011-10-11 15:01:31
Current system time: 2011-10-11 15:06:36 Physical layer is synchronous, Baudrate is 64000 bps
hu a
Interface is DCE, Cable type is V24, Clock mode is DCECLK
we
Last physical down time : 2011-10-11 15:01:30
Last 300 seconds input rate 12 bytes/sec 96 bits/sec 0 packets/sec
Last 300 seconds output rate 12 bytes/sec 96 bits/sec 0 packets/sec
0, multicasts:
errors:
0, runts:
CRC:
0, align errors:
dribbles:
0, giants:
0, aborts:
frame errors:
0
Output: 3957 packets, 50073 bytes 0, underruns:
deferred:
0
0
0, overruns:
0
0, no buffers:
0
0, collisions:
0
:/ /l
ea
errors:
DCD=UP DTR=UP DSR=UP RTS=UP CTS=UP
0
rn in
broadcasts:
g.
Input: 3974 packets, 58123 bytes
Input bandwidth utilization : 0.11%
Output bandwidth utilization : 0.10% [R3]display fr lmi-info
Frame relay LMI statistics for interface Serial2/0/0 (DCE, Q933)
ht tp
T392DCE = 15, N392DCE = 3, N393DCE = 4
in status enquiry = 31, out status = 31 status enquiry timeout = 0, discarded messages = 8 [R3]display fr map-info
Map Statistics for interface Serial2/0/0 (DCE)
:
DLCI = 203, IP INARP 10.0.23.2, Serial2/0/0 create time = 2011/10/11 15:02:21, status = ACTIVE
取
encapsulation = ietf, vlink = 2, broadcast
更
多
资
料 获
Pay attention to the greyed lines. Compare the information on R1 with that on R2.
HC Series
HUAWEI TECHNOLOGIES
cn
co m/
HCDA-HNTD Chapter 8 WAN Configuration
Page197
cn co m/
HCDA-HNTD Chapter 8 WAN Configuration
Step 4 Configure RIPv2 between R1 and R2 and configure a
i.
neighbor relationship. [R1]rip [R1-rip-1]version 2
we
[R1-rip-1]network 10.0.0.0
hu a
[R1-rip-1]undo summary
[R2]rip [R2-rip-1]version 2 [R2-rip-1]network 10.0.0.0
g.
[R2-rip-1]undo summary
rn in
View the R1 routing table. [R1]display ip routing-table
Route Flags: R - relay, D - download to fib
----------------------------------------------------------------------------
ea
Routing Tables: Public Destinations : 13
Proto
Pre Cost
Flags NextHop
:/ /l
Destination/Mask
Routes : 13
Interface
10.0.1.0/24 Direct 0
0
D
10.0.1.1
LoopBack0
10.0.1.1/32 Direct 0
0
D
127.0.0.1
InLoopBack0
10.0.1.255/32 Direct 0
0
D
127.0.0.1
InLoopBack0
100 1
10.0.2.0/24 RIP
10.0.12.2
Serial1/0/0
0
D
10.0.12.1
Serial1/0/0
10.0.12.1/32 Direct 0
0
D
127.0.0.1
InLoopBack0
10.0.12.2/32 Direct 0
0
D
10.0.12.2
Serial1/0/0
10.0.12.255/32 Direct 0
0
D
127.0.0.1
InLoopBack0
:
ht tp
D
10.0.12.0/24 Direct 0
D
10.0.12.2
Serial1/0/0
Direct 0
0
D
127.0.0.1
InLoopBack0
127.0.0.1/32 Direct 0
0
D
127.0.0.1
InLoopBack0
10.0.23.0/24 RIP
取
127.0.0.0/8
100 1
0
D
127.0.0.1
InLoopBack0
255.255.255.255/32 Direct 0
0
D
127.0.0.1
InLoopBack0
料 获
127.255.255.255/32 Direct 0
The preceding information shows that R1 has learned routes. Test network connectivity on R1.
更
多
资
[R1]ping 10.0.23.2 PING 10.0.23.2: 56 data bytes, press CTRL_C to break
Page198
HUAWEI TECHNOLOGIES
HC Series
Reply from 10.0.23.2: bytes=56 Sequence=1 ttl=255 time=33 ms Reply from 10.0.23.2: bytes=56 Sequence=2 ttl=255 time=39 ms Reply from 10.0.23.2: bytes=56 Sequence=3 ttl=255 time=39 ms Reply from 10.0.23.2: bytes=56 Sequence=4 ttl=255 time=39 ms
i.
Reply from 10.0.23.2: bytes=56 Sequence=5 ttl=255 time=39 ms
we
--- 10.0.23.2 ping statistics --5 packet(s) transmitted 5 packet(s) received
hu a
0.00% packet loss round-trip min/avg/max = 33/37/39 ms
g.
The preceding information shows that communication between R1 and R2 is normal.
rn in
R1 fails to communicate with R3 because R3 is not running any routing protocol. R1 and R2 run RIPv2. They can learn routes from each other because the network supports broadcast.
ea
Run the display fr map-info interface Serial 1/0/0 command on R2 to check whether R2 supports broadcast. Use R2 as an example.
:/ /l
[R2]display fr map-info interface Serial 1/0/0 Map Statistics for interface Serial1/0/0 (DTE) DLCI = 102, IP 10.0.12.1, Serial1/0/0
create time = 2011/10/11 15:12:15, status = ACTIVE
ht tp
encapsulation = ietf, vlink = 11, broadcast
Modify configurations of R1 and R2 and disable broadcast. [R1]interface Serial 1/0/0
[R1-Serial1/0/0]undo fr map ip 10.0.12.2 102
:
[R1-Serial1/0/0]fr map ip 10.0.12.2 102
取
[R2]interface Serial 1/0/0 [R2-Serial1/0/0]undo fr map ip 10.0.12.1 102
料 获
[R2-Serial1/0/0]fr map ip 10.0.12.1 102
To enable R1 and R2 to update routes, run shutdown and undo shutdown on an interface of R1 or R2. Use R2 as an example. [R2-Serial1/0/0]shutdown
更
多
资
[R2-Serial1/0/0]undo shutdown
HC Series
HUAWEI TECHNOLOGIES
cn
co m/
HCDA-HNTD Chapter 8 WAN Configuration
Page199
cn co m/
HCDA-HNTD Chapter 8 WAN Configuration
After the configurations are complete, check the routes. Use R2 as an example. [R2]display ip routing-table Route Flags: R - relay, D - download to fib
i.
---------------------------------------------------------------------------Routing Tables: Public
Proto
Pre Cost
we
Destination/Mask
Routes : 15
Flags NextHop
10.0.2.0/24 Direct 0
0
D
10.0.2.2
Interface
hu a
Destinations : 15
LoopBack0
10.0.2.2/32 Direct 0
0
D
127.0.0.1
10.0.2.255/32 Direct 0
0
D
127.0.0.1
10.0.12.0/24 Direct 0
0
D
10.0.12.2
Serial1/0/0
10.0.12.1/32 Direct 0
0
D
10.0.12.1
Serial1/0/0
10.0.12.2/32 Direct 0
0
0
10.0.23.2/32 Direct 0
0
10.0.23.3/32 Direct 0
0
10.0.23.255/32 Direct 0
0
Direct 0
0
127.0.0.1/32 Direct 0
0
g.
InLoopBack0
InLoopBack0
D
127.0.0.1
InLoopBack0
D
10.0.23.2
Serial2/0/0
D
127.0.0.1
InLoopBack0
D
10.0.23.3
Serial2/0/0
D
127.0.0.1
InLoopBack0
D
127.0.0.1
InLoopBack0
D
127.0.0.1
InLoopBack0
:/ /l
127.0.0.0/8
rn in
0
10.0.23.0/24 Direct 0
127.0.0.1
ea
10.0.12.255/32 Direct 0
D
InLoopBack0
127.255.255.255/32 Direct 0
0
D
127.0.0.1
InLoopBack0
255.255.255.255/32 Direct 0
0
D
127.0.0.1
InLoopBack0
ht tp
R1 and R2 cannot exchange routes because broadcast is disabled. Run the ping command on R2. [R2]ping 10.0.1.1
PING 10.0.1.1: 56 data bytes, press CTRL_C to break Request time out
:
Request time out Request time out
取
Request time out
料 获
Request time out
--- 10.0.1.1 ping statistics --5 packet(s) transmitted 0 packet(s) received
更
多
资
100.00% packet loss
Page200
HUAWEI TECHNOLOGIES
HC Series
Run the display fr map-info interface Serial 1/0/0 command on R2 to check whether R2 supports broadcast. [R2]display fr map-info interface Serial 1/0/0 Map Statistics for interface Serial1/0/0 (DTE)
i.
DLCI = 102, IP 10.0.12.1, Serial1/0/0 create time = 2011/10/11 15:22:22, status = ACTIVE
we
encapsulation = ietf, vlink = 13
hu a
There is no broadcast field, indicating that R2 does not support broadcast. Configure a RIP neighbor relationship between R1 and R2 and configure them to exchange routes in unicast mode.
g.
[R1]rip
rn in
[R1-rip-1]peer 10.0.12.2
[R2]rip [R2-rip-1]peer 10.0.12.1
After the configurations are complete, check the routes on R2.
ea
[R2]display ip routing-table
Route Flags: R - relay, D - download to fib
Destinations : 16
Proto
Routes : 16
Pre Cost
ht tp
Destination/Mask
:/ /l
---------------------------------------------------------------------------Routing Tables: Public
100 1
D
10.0.12.1
Serial1/0/0
D
10.0.2.2
LoopBack0
0
D
127.0.0.1
InLoopBack0
10.0.2.255/32 Direct 0
0
D
127.0.0.1
InLoopBack0
10.0.12.0/24 Direct 0
0
D
10.0.12.2
Serial1/0/0
10.0.12.1/32 Direct 0
0
D
10.0.12.1
Serial1/0/0
10.0.12.2/32 Direct 0
0
D
127.0.0.1
InLoopBack0
10.0.12.255/32 Direct 0
0
D
127.0.0.1
InLoopBack0
取
0
10.0.2.2/32 Direct 0
D
10.0.23.2
Serial2/0/0
0
D
127.0.0.1
InLoopBack0
10.0.23.3/32 Direct 0
0
D
10.0.23.3
Serial2/0/0
料 获
0
10.0.23.2/32 Direct 0
10.0.23.255/32 Direct 0
0
Direct 0
0
127.0.0.1/32 Direct 0
0
资
127.0.0.0/8
127.255.255.255/32 Direct 0
多
Interface
10.0.2.0/24 Direct 0
10.0.23.0/24 Direct 0
更
Flags NextHop
:
10.0.1.0/24 RIP
HC Series
D D
0
D D
cn
co m/
HCDA-HNTD Chapter 8 WAN Configuration
127.0.0.1
InLoopBack0
127.0.0.1
InLoopBack0
127.0.0.1
InLoopBack0
127.0.0.1
HUAWEI TECHNOLOGIES
InLoopBack0
Page201
255.255.255.255/32 Direct 0
cn
0
D
127.0.0.1
InLoopBack0
Run the ping command to test network connectivity. [R2]ping 10.0.1.1
i.
PING 10.0.1.1: 56 data bytes, press CTRL_C to break
co m/
HCDA-HNTD Chapter 8 WAN Configuration
Reply from 10.0.1.1: bytes=56 Sequence=1 ttl=255 time=35 ms
we
Reply from 10.0.1.1: bytes=56 Sequence=2 ttl=255 time=41 ms Reply from 10.0.1.1: bytes=56 Sequence=3 ttl=255 time=31 ms
hu a
Reply from 10.0.1.1: bytes=56 Sequence=4 ttl=255 time=41 ms
Reply from 10.0.1.1: bytes=56 Sequence=5 ttl=255 time=41 ms
--- 10.0.1.1 ping statistics ---
g.
5 packet(s) transmitted 5 packet(s) received
rn in
0.00% packet loss round-trip min/avg/max = 31/37/41 ms
ea
By default, route aggregation is enabled in RIPv2; therefore, there is only one RIP route on R1.
Step 5 Configure OSPF between R2 and R3 and configure an
[R2]router id 10.0.2.2 [R2]ospf 1
ht tp
[R2-ospf-1]area 0
:/ /l
OSPF neighbor relationship between them.
[R2-ospf-1-area-0.0.0.0]network 10.0.0.0 0.255.255.255
[R3]router id 10.0.3.3 [R3]ospf 1
:
[R3-ospf-1]area 0
取
[R3-ospf-1-area-0.0.0.0]network 10.0.0.0 0.255.255.255
After the configurations are complete, check the routes on R3.
料 获
[R3]display ip routing-table Route Flags: R - relay, D - download to fib ---------------------------------------------------------------------------Routing Tables: Public
更
多
资
Destinations : 11
Page202
Routes : 11
HUAWEI TECHNOLOGIES
HC Series
Destination/Mask
Proto
Pre Cost
Flags NextHop
Interface
10.0.3.0/24 Direct 0
0
D
10.0.3.3
LoopBack0
10.0.3.3/32 Direct 0
0
D
127.0.0.1
InLoopBack0
0
D
127.0.0.1
InLoopBack0
10.0.23.0/24 Direct 0
0
D
10.0.23.3
Serial2/0/0
10.0.23.2/32 Direct 0
0
D
10.0.23.2
Serial2/0/0
10.0.23.3/32 Direct 0
0
D
127.0.0.1
InLoopBack0
10.0.23.255/32 Direct 0
0
D
127.0.0.1
InLoopBack0
Direct 0
0
D
127.0.0.1
InLoopBack0
127.0.0.1/32 Direct 0
0
D
127.0.0.1
0
D
127.0.0.1
255.255.255.255/32 Direct 0
0
D
127.0.0.1
we
InLoopBack0 InLoopBack0 InLoopBack0
g.
127.255.255.255/32 Direct 0
hu a
127.0.0.0/8
i.
10.0.3.255/32 Direct 0
rn in
The preceding information shows that R3 does not learn the routes sent by R2.
By default, OSPF considers that the network mode on the FR-enabled port is NBMA and devices do not detect neighbors.
ea
[R3]display ospf interface Serial 2/0/0
OSPF Process 1 with Router ID 10.0.3.3
:/ /l
Interfaces
Interface: 10.0.23.3 (Serial2/0/0) State: Waiting
Priority: 1
Type: NBMA
MTU: 1500
ht tp
Cost: 1562
Designated Router: 0.0.0.0
Backup Designated Router: 0.0.0.0 Timers: Hello 30 , Dead 120 , Poll 120 , Retransmit 5 , Transmit Delay 1
:
Check the OSPF neighbor. Use R3 as an example.
取
[R3]display ospf peer
料 获
OSPF Process 1 with Router ID 10.0.3.3
R3 does not discover a neighbor. You must manually configure an OSPF neighbor relationship.
[R2]ospf 1
更
多
资
[R2-ospf-1]peer 10.0.23.3
HC Series
HUAWEI TECHNOLOGIES
cn
co m/
HCDA-HNTD Chapter 8 WAN Configuration
Page203
cn co m/
HCDA-HNTD Chapter 8 WAN Configuration [R3]ospf 1
After the configurations are complete, check the OSPF neighbor relationship on R3.
we
[R3]display ospf peer
i.
[R3-ospf-1]peer 10.0.23.2
OSPF Process 1 with Router ID 10.0.3.3
hu a
Neighbors
Area 0.0.0.0 interface 10.0.23.3(Serial2/0/0)'s neighbors Address: 10.0.23.2
State: Full Mode:Nbr is Slave Priority: 1 DR: 10.0.23.2 BDR: None
MTU: 0
rn in
Dead timer due in 116 sec
g.
Router ID: 10.0.2.2
Retrans timer interval: 5 Neighbor is up for 00:00:04 Authentication Sequence: [ 0 ]
ea
The preceding information shows that the OSPF neighbor relationship has been set up.
:/ /l
Check the routing tables. Use R3 as an example. [R3]display ip routing-table
Route Flags: R - relay, D - download to fib ----------------------------------------------------------------------------
ht tp
Routing Tables: Public Destinations : 13
Proto
10
D
10.0.23.2
Serial2/0/0
0
D
10.0.3.3
LoopBack0
10.0.3.3/32 Direct 0
0
D
127.0.0.1
InLoopBack0
0
D
127.0.0.1
InLoopBack0
3124
D
10.0.23.2
Serial2/0/0
10.0.23.0/24 Direct 0
0
D
10.0.23.3
Serial2/0/0
10.0.23.2/32 Direct 0
0
D
10.0.23.2
Serial2/0/0
10.0.23.3/32 Direct 0
0
D
127.0.0.1
InLoopBack0
10.0.23.255/32 Direct 0
0
D
127.0.0.1
InLoopBack0
Direct 0
0
D
127.0.0.1
InLoopBack0
127.0.0.1/32 Direct 0
0
D
127.0.0.1
InLoopBack0
料 获
10.0.12.0/24 OSPF
资
127.0.0.0/8
多
Interface
1562
10.0.3.255/32 Direct 0
更
Flags NextHop
10.0.3.0/24 Direct 0
:
10.0.2.2/32 OSPF
Pre Cost
取
Destination/Mask
Routes : 13
Page204
10
HUAWEI TECHNOLOGIES
HC Series
127.255.255.255/32 Direct 0
0
D
127.0.0.1
InLoopBack0
255.255.255.255/32 Direct 0
0
D
127.0.0.1
InLoopBack0
Test network connectivity between R3 and R2.
i.
[R3]ping 10.0.2.2 PING 10.0.2.2: 56 data bytes, press CTRL_C to break
we
Reply from 10.0.2.2: bytes=56 Sequence=1 ttl=255 time=32 ms
Reply from 10.0.2.2: bytes=56 Sequence=2 ttl=255 time=27 ms
hu a
Reply from 10.0.2.2: bytes=56 Sequence=3 ttl=255 time=27 ms Reply from 10.0.2.2: bytes=56 Sequence=4 ttl=255 time=27 ms Reply from 10.0.2.2: bytes=56 Sequence=5 ttl=255 time=27 ms
g.
--- 10.0.2.2 ping statistics --5 packet(s) transmitted
0.00% packet loss round-trip min/avg/max = 27/28/32 ms
rn in
5 packet(s) received
ea
Step 6 Configure OSPF between R2 and R3 and change the
:/ /l
network type to broadcast.
Run OSPF on the FR network. You can manually configure a neighbor relationship or configure OSPF on a broadcast network to discover neighbors.
ht tp
Delete the configured neighbors on R2 and R3 shown in step 5. [R2]ospf 1
[R2-ospf-1]undo peer 10.0.23.3
[R3]ospf 1
:
[R3-ospf-1]undo peer 10.0.23.2
取
Check whether the FR-enabled interface supports broadcast. [R3]display fr map-info interface Serial 2/0/0 Map Statistics for interface Serial2/0/0 (DCE)
料 获
DLCI = 203, IP INARP 10.0.23.2, Serial2/0/0 create time = 2011/10/11 15:02:21, status = ACTIVE encapsulation = ietf, vlink = 2, broadcast
资
Determine the OSPF network type on the port.
更
多
[R3]display ospf interface Serial 2/0/0 HC Series
HUAWEI TECHNOLOGIES
cn
co m/
HCDA-HNTD Chapter 8 WAN Configuration
Page205
cn co m/
HCDA-HNTD Chapter 8 WAN Configuration
OSPF Process 1 with Router ID 10.0.3.3
i.
Interfaces
Interface: 10.0.23.3 (Serial2/0/0) State: DR
Type: NBMA
MTU: 1500
we
Cost: 1562 Priority: 1
Designated Router: 10.0.23.3
hu a
Backup Designated Router: 10.0.23.2
Timers: Hello 30 , Dead 120 , Poll 120 , Retransmit 5 , Transmit Delay 1
[R2]interface Serial 2/0/0
rn in
[R2-Serial2/0/0]ospf network-type broadcast
g.
Change the network type to broadcast.
[R3]interface Serial 2/0/0
[R3-Serial2/0/0]ospf network-type broadcast
ea
Run the shutdown and undo shutdown commands on S2/0/0 of R3 to update neighbors.
:/ /l
[R3-Serial2/0/0]shutdown [R3-Serial2/0/0]undo shutdown
ht tp
After the OSPF neighbor relationship is established, check the OSPF neighbor relationship. [R3]display ospf peer
OSPF Process 1 with Router ID 10.0.3.3
:
Neighbors
Area 0.0.0.0 interface 10.0.23.3(Serial2/0/0)'s neighbors Address: 10.0.23.2
取
Router ID: 10.0.2.2
State: Full Mode:Nbr is Slave Priority: 1 DR: 10.0.23.3 BDR: 10.0.23.2 MTU: 0
料 获
Dead timer due in 34 sec Retrans timer interval: 4
Neighbor is up for 00:00:20
更
多
资
Authentication Sequence: [ 0 ]
Check the routing table of R3 and test connectivity between R3 and R2.
Page206
HUAWEI TECHNOLOGIES
HC Series
Use R3 as an example. [R3]display ip routing-table Route Flags: R - relay, D - download to fib
----------------------------------------------------------------------------
10.0.2.2/32 OSPF
Pre Cost
10
Flags NextHop
1562
D
10.0.23.2
10.0.3.0/24 Direct 0
0
D
10.0.3.3
10.0.3.3/32 Direct 0
0
D
127.0.0.1
Interface
Serial2/0/0
LoopBack0
InLoopBack0
D
127.0.0.1
D
10.0.23.2
Serial2/0/0
10.0.23.0/24 Direct 0
0
D
10.0.23.3
Serial2/0/0
10.0.23.2/32 Direct 0
0
10.0.23.3/32 Direct 0
0
10.0.23.255/32 Direct 0
0
Direct 0
0
127.0.0.1/32 Direct 0
0
rn in
127.0.0.0/8
10
D
10.0.23.2
Serial2/0/0
D
127.0.0.1
InLoopBack0
D
127.0.0.1
InLoopBack0
127.0.0.1
InLoopBack0
127.0.0.1
InLoopBack0
D
0
255.255.255.255/32 Direct 0
0
D
D
127.0.0.1
InLoopBack0
D
127.0.0.1
InLoopBack0
:/ /l
127.255.255.255/32 Direct 0
InLoopBack0
g.
0 3124
10.0.12.0/24 OSPF
ea
10.0.3.255/32 Direct 0
we
Proto
Routes : 13
hu a
Destination/Mask
i.
Routing Tables: Public Destinations : 13
[R3]display ospf interface Serial 2/0/0
OSPF Process 1 with Router ID 10.0.3.3
ht tp
Interfaces
Interface: 10.0.23.3 (Serial2/0/0) Cost: 1562
State: DR
Type: Broadcast
MTU: 1500
:
Priority: 1
Designated Router: 10.0.23.3 Backup Designated Router: 10.0.23.2
取
Timers: Hello 10 , Dead 40 , Poll 120 , Retransmit 5 , Transmit Delay 1 [R3]ping 10.0.2.2
料 获
PING 10.0.2.2: 56 data bytes, press CTRL_C to break Reply from 10.0.2.2: bytes=56 Sequence=1 ttl=255 time=35 ms Reply from 10.0.2.2: bytes=56 Sequence=2 ttl=255 time=30 ms Reply from 10.0.2.2: bytes=56 Sequence=3 ttl=255 time=30 ms
更
多
资
Reply from 10.0.2.2: bytes=56 Sequence=4 ttl=255 time=30 ms Reply from 10.0.2.2: bytes=56 Sequence=5 ttl=255 time=30 ms
HC Series
cn
co m/
HCDA-HNTD Chapter 8 WAN Configuration
HUAWEI TECHNOLOGIES
Page207
cn co m/
HCDA-HNTD Chapter 8 WAN Configuration
--- 10.0.2.2 ping statistics --5 packet(s) transmitted 5 packet(s) received
round-trip min/avg/max = 30/31/35 ms
hu a
Additional Exercises: Analyzing and Verifying
we
i.
0.00% packet loss
g.
How is the broadcast function on an FR-enabled interface used? If possible, verify this configuration.
[R1]display current-configuration [V200R001C01SPC300] # sysname R1
ea
#
fr interface-type dce undo fr inarp fr dlci 102
ht tp
fr map ip 10.0.12.2 102
:/ /l
interface Serial1/0/0 link-protocol fr
rn in
Final Configurations
ip address 10.0.12.1 255.255.255.0 #
interface LoopBack0
ip address 10.0.1.1 255.255.255.0
:
# rip 1
取
undo summary version 2
peer 10.0.12.2
料 获
network 10.0.0.0
#
return
[R2]display current-configuration
更
多
资
[V200R001C01SPC300]
Page208
HUAWEI TECHNOLOGIES
HC Series
# sysname R2 # router id 10.0.2.2
i.
# interface Serial1/0/0
we
link-protocol fr fr dlci 102
hu a
undo fr inarp fr map ip 10.0.12.1 102 ip address 10.0.12.2 255.255.255.0 #
g.
interface Serial2/0/0 link-protocol fr
interface LoopBack0 ip address 10.0.2.2 255.255.255.0 # ospf 1 area 0.0.0.0
:/ /l
network 10.0.0.0 0.255.255.255
rip 1 undo summary
ht tp
version 2 peer 10.0.12.1
ea
#
rn in
ip address 10.0.23.2 255.255.255.0 ospf network-type broadcast
#
network 10.0.0.0 #
:
return
[R3]display current-configuration
取
[V200R001C01SPC300] #
sysname R3
料 获
#
router id 10.0.3.3 #
interface Serial2/0/0
更
多
资
link-protocol fr fr interface-type dce fr dlci 203 HC Series
cn
co m/
HCDA-HNTD Chapter 8 WAN Configuration
HUAWEI TECHNOLOGIES
Page209
cn co m/
HCDA-HNTD Chapter 8 WAN Configuration ip address 10.0.23.3 255.255.255.0 ospf network-type broadcast # interface LoopBack0
i.
ip address 10.0.3.3 255.255.255.0 #
we
ospf 1 area 0.0.0.0 network 10.0.0.0 0.255.255.255
hu a
#
更
多
资
料 获
取
:
ht tp
:/ /l
ea
rn in
g.
Return
Page210
HUAWEI TECHNOLOGIES
HC Series
Lab 8-3 FR Configuration (Using FR Switch)
hu a
How to configure frame relay (FR) router interfaces when an FR switch is used on the network. How to configure RIP in hub-spoke mode. How to configure OSPF in hub-spoke mode. How to configure FR interfaces when the OSPF network type is set to point-to-multipoint.
g.
x x x
we
The objectives of this lab are to learn and understand:
i.
Learning Objectives
x
ht tp
:/ /l
ea
rn in
Topology
取
:
Figure 8.3 Lab topology for FR configuration
料 获
Scenario
更
多
资
Assume that you are a network administrator of a company. R1, R2, R3 in Figure 8.3 are routers. R1 is located at the company headquarters, and R2 and R3 are located in two branches. To interconnect the headquarters and branches, you need to configure FR on WAN links in hub-spoke mode.
HC Series
HUAWEI TECHNOLOGIES
cn
co m/
HCDA-HNTD Chapter 8 WAN Configuration
Page211
cn co m/
HCDA-HNTD Chapter 8 WAN Configuration
Tasks
i.
Step 1 Configure IP addresses.
we
Set basic parameters, such as IP addresses. When configuring FR encapsulation, you must disable the Inarp function and manually define mapping between the PVC DLCI numbers and IP addresses.
hu a
system-view Enter system view, return user view with Ctrl+Z. [Huawei]sysname R1
g.
[R1]interface Serial 2/0/0 [R1-Serial2/0/0]link-protocol fr
[R1-Serial2/0/0]ip address 10.0.123.1 24 [R1-Serial2/0/0]undo fr inarp
rn in
Warning: The encapsulation protocol of the link will be changed. Continue? [Y/N]:y
[R1-Serial2/0/0]fr map ip 10.0.123.2 102 broadcast [R1-Serial2/0/0]fr map ip 10.0.123.3 103 broadcast [R1-Serial2/0/0]interface loopback 0
:/ /l
system-view
ea
[R1-LoopBack0]ip address 10.0.1.1 24
Enter system view, return user view with Ctrl+Z. [Huawei]sysname R2
[R2]interface Serial 3/0/0
[R2-Serial3/0/0]link-protocol fr
ht tp
Warning: The encapsulation protocol of the link will be changed. Continue? [Y/N]:y [R2-Serial3/0/0]ip address 10.0.123.2 24 [R2-Serial3/0/0]undo fr inarp
[R2-Serial3/0/0]fr map ip 10.0.123.1 201 broadcast [R2-Serial3/0/0]interface loopback 0
:
[R2-LoopBack0]ip address 10.0.2.2 24
取
system-view
Enter system view, return user view with Ctrl+Z.
料 获
[Huawei]sysname R3 [R3]interface Serial 1/0/0 [R3-Serial1/0/0]link-protocol fr Warning: The encapsulation protocol of the link will be changed. Continue? [Y/N]:y [R3-Serial1/0/0]ip address 10.0.123.3 24
更
多
资
[R3-Serial1/0/0]undo fr inarp
Page212
HUAWEI TECHNOLOGIES
HC Series
[R3-Serial1/0/0]fr map ip 10.0.123.1 301 broadcast [R3-Serial1/0/0]interface loopback 0
PING 10.0.123.2: 56 data bytes, press CTRL_C to break
we
[R1]ping 10.0.123.2
i.
[R3-LoopBack0]ip address 10.0.3.3 24
After the IP addresses are configured, test network connectivity.
Reply from 10.0.123.2: bytes=56 Sequence=1 ttl=255 time=64 ms
hu a
Reply from 10.0.123.2: bytes=56 Sequence=2 ttl=255 time=59 ms
Reply from 10.0.123.2: bytes=56 Sequence=3 ttl=255 time=59 ms Reply from 10.0.123.2: bytes=56 Sequence=4 ttl=255 time=59 ms
g.
Reply from 10.0.123.2: bytes=56 Sequence=5 ttl=255 time=59 ms
--- 10.0.123.2 ping statistics ---
5 packet(s) received 0.00% packet loss round-trip min/avg/max = 59/60/64 ms
ea
[R1]ping 10.0.123.3
rn in
5 packet(s) transmitted
PING 10.0.123.3: 56 data bytes, press CTRL_C to break Reply from 10.0.123.3: bytes=56 Sequence=1 ttl=255 time=64 ms
:/ /l
Reply from 10.0.123.3: bytes=56 Sequence=2 ttl=255 time=59 ms Reply from 10.0.123.3: bytes=56 Sequence=3 ttl=255 time=59 ms Reply from 10.0.123.3: bytes=56 Sequence=4 ttl=255 time=59 ms
ht tp
Reply from 10.0.123.3: bytes=56 Sequence=5 ttl=255 time=59 ms
--- 10.0.123.3 ping statistics --5 packet(s) transmitted 5 packet(s) received 0.00% packet loss
:
round-trip min/avg/max = 59/60/64 ms
取
Run the following commands to view the FR encapsulation information for the R1 interfaces.
料 获
[R1]display fr interface Serial 2/0/0 Serial2/0/0, DTE, physical up, protocol up
[R1]display fr map-info interface Serial 2/0/0 Map Statistics for interface Serial2/0/0 (DTE)
更
多
资
DLCI = 102, IP 10.0.123.2, Serial2/0/0 create time = 2011/11/16 09:28:49, status = ACTIVE
HC Series
HUAWEI TECHNOLOGIES
cn
co m/
HCDA-HNTD Chapter 8 WAN Configuration
Page213
cn co m/
HCDA-HNTD Chapter 8 WAN Configuration encapsulation = ietf, vlink = 1, broadcast DLCI = 103, IP 10.0.123.3, Serial2/0/0 create time = 2011/11/16 09:28:56, status = ACTIVE
i.
encapsulation = ietf, vlink = 2, broadcast
we
Step 2 Configure RIPv2 among R1, R2, and R3.
g.
hu a
Configure RIPv2 and ensure that all network segments are in the RIP area. By default, static neighbors are not configured. The automatic summary function must be disabled. In addition, the RIP split horizon function for FR interfaces is disabled by default because an FR network has its own unique features. You do not need to modify the split horizon configurations for this exercise.
rn in
[R1]rip 1 [R1-rip-1]version 2 [R1-rip-1]network 10.0.0.0 [R1-rip-1]undo summary
ea
[R2]rip 1 [R2-rip-1]version 2
[R2-rip-1]undo summary
[R3]rip 1 [R3-rip-1]version 2
:/ /l
[R2-rip-1]network 10.0.0.0
ht tp
[R3-rip-1]network 10.0.0.0 [R3-rip-1]undo summary
View the routing tables on R1, R2, and R3 to check the learned routes. [R1]display ip routing-table protocol rip
:
Route Flags: R - relay, D - download to fib ----------------------------------------------------------------------------
取
Public routing table : RIP
料 获
Destinations : 2
Routes : 2
RIP routing table status : Destinations : 2
更
多
资
Destination/Mask
Proto
10.0.2.0/24 RIP
Page214
Routes : 2
Pre Cost
100 1
Flags NextHop
D
10.0.123.2
HUAWEI TECHNOLOGIES
Interface
Serial2/0/0
HC Series
10.0.3.0/24 RIP
100 1
D
10.0.123.3
Serial2/0/0
RIP routing table status : Routes : 0
i.
Destinations : 0
[R2]display ip routing-table protocol rip
we
Route Flags: R - relay, D - download to fib
---------------------------------------------------------------------------Public routing table : RIP Routes : 2
hu a
Destinations : 2
RIP routing table status :
Proto
Pre Cost
10.0.1.0/24 RIP
100 1
10.0.3.0/24 RIP
100 2
RIP routing table status :
Interface
D
10.0.123.1
Serial3/0/0
D
10.0.123.1
Serial3/0/0
Routes : 0
ea
Destinations : 0
Flags NextHop
rn in
Destination/Mask
Routes : 2
g.
Destinations : 2
:/ /l
[R3]display ip routing-table protocol rip
Route Flags: R - relay, D - download to fib ---------------------------------------------------------------------------Public routing table : RIP
Routes : 2
ht tp
Destinations : 2
RIP routing table status : Destinations : 2
Proto
:
Destination/Mask
Routes : 2
Pre Cost
Flags NextHop
Interface
100 1
D
10.0.123.1
Serial1/0/0
10.0.2.0/24 RIP
100 2
D
10.0.123.1
Serial1/0/0
取
10.0.1.0/24 RIP
料 获
RIP routing table status : Destinations : 0
Routes : 0
Perform a test on R3 to detect network connectivity.
[R3]ping 10.0.1.1
更
多
资
PING 10.0.1.1: 56 data bytes, press CTRL_C to break Reply from 10.0.1.1: bytes=56 Sequence=1 ttl=255 time=68 ms
HC Series
HUAWEI TECHNOLOGIES
cn
co m/
HCDA-HNTD Chapter 8 WAN Configuration
Page215
cn co m/
HCDA-HNTD Chapter 8 WAN Configuration Reply from 10.0.1.1: bytes=56 Sequence=2 ttl=255 time=63 ms Reply from 10.0.1.1: bytes=56 Sequence=3 ttl=255 time=63 ms Reply from 10.0.1.1: bytes=56 Sequence=4 ttl=255 time=63 ms
i.
Reply from 10.0.1.1: bytes=56 Sequence=5 ttl=255 time=63 ms
--- 10.0.1.1 ping statistics ---
we
5 packet(s) transmitted 5 packet(s) received
round-trip min/avg/max = 63/64/68 ms
[R3]ping 10.0.2.2
g.
PING 10.0.2.2: 56 data bytes, press CTRL_C to break
hu a
0.00% packet loss
Request time out
Request time out Request time out Request time out
--- 10.0.2.2 ping statistics ---
ea
5 packet(s) transmitted
rn in
Request time out
0 packet(s) received
:/ /l
100.00% packet loss
The preceding test results indicate that R3 and R2 are disconnected. Check the routes to find out why R3 and R2 are disconnected.
ht tp
The procedure for diagnosing this fault is as follows: View the R3 routing table and check whether any route is destined for the IP address 10.0.2.2.
取
:
If there is such a route, find out the next hop IP address of this route. Then check whether R3 can reach the next hop and whether there is mapping between Layer-3 IP addresses and Layer-2 PVCs.
料 获
If R3 can reach the next hop and there is mapping between Layer-3 IP addresses and Layer-2 PVCs, check the devices on the route to determine whether there is any route that can reach IP address 10.0.2.2, whether the next hop of this route is reachable, and whether there is mapping between Layer-3 IP addresses and Layer-2 PVCs.
更
多
资
If there is a route that can reach IP address 10.0.2.2 and there is mapping between Layer-3 IP addresses and Layer-2 PVCs, check R2 to determine
Page216
HUAWEI TECHNOLOGIES
HC Series
cn
co m/
HCDA-HNTD Chapter 8 WAN Configuration
whether there is any route that reaches the destination IP address of response packets and whether the next hop of this route is reachable.
we
i.
If the next hop of this route is unreachable and the destination IP address of the response packets is 10.0.123.3, R2 has the route that reaches this address but there is no mapping between Layer-3 IP addresses and Layer-2 PVCs.
hu a
The following is the output of the commands used in the preceding fault diagnosis procedure. [R3]display ip routing-table Route Flags: R - relay, D - download to fib
----------------------------------------------------------------------------
Proto
Pre Cost
10.0.1.0/24 RIP
100 1
10.0.2.0/24 RIP
100 2 0
10.0.3.3/32 Direct 0
0
10.0.3.255/32 Direct 0
0
LoopBack0
D
127.0.0.1
InLoopBack0
D
127.0.0.1
InLoopBack0
Interface
D
10.0.123.1
D
10.0.123.1
Serial1/0/0
D
10.0.3.3
:/ /l
10.0.3.0/24 Direct 0
Flags NextHop
ea
Destination/Mask
Routes : 13
rn in
Destinations : 13
g.
Routing Tables: Public
Serial1/0/0
10.0.123.0/24 Direct 0
0
D
10.0.123.3
Serial1/0/0
10.0.123.1/32 Direct 0
0
D
10.0.123.1
Serial1/0/0
10.0.123.3/32 Direct 0
0
D
127.0.0.1
InLoopBack0
10.0.123.255/32 Direct 0 Direct 0
0
0
ht tp
127.0.0.0/8
127.0.0.1/32 Direct 0
D
D
0
D
127.0.0.1
InLoopBack0
127.0.0.1
InLoopBack0
127.0.0.1
InLoopBack0
127.255.255.255/32 Direct 0
0
D
127.0.0.1
InLoopBack0
255.255.255.255/32 Direct 0
0
D
127.0.0.1
InLoopBack0
:
[R3]display fr map-info interface Serial 1/0/0 Map Statistics for interface Serial1/0/0 (DTE)
取
DLCI = 301, IP 10.0.123.1, Serial1/0/0 create time = 2011/11/16 09:22:30, status = ACTIVE
料 获
encapsulation = ietf, vlink = 1, broadcast
[R1]display ip routing-table Route Flags: R - relay, D - download to fib ----------------------------------------------------------------------------
更
多
资
Routing Tables: Public Destinations : 14
HC Series
Routes : 14
HUAWEI TECHNOLOGIES
Page217
Destination/Mask
Proto
cn
Pre Cost
Flags NextHop
Interface
0
D
10.0.1.1
LoopBack0
10.0.1.1/32 Direct 0
0
D
127.0.0.1
InLoopBack0
10.0.1.255/32 Direct 0
0
D
127.0.0.1
InLoopBack0
10.0.2.0/24 RIP
100 1
D
10.0.123.2
Serial2/0/0
10.0.3.0/24 RIP
100 1
D
10.0.123.3
Serial2/0/0
we
i.
10.0.1.0/24 Direct 0
0
D
10.0.123.1
Serial2/0/0
10.0.123.1/32 Direct 0
0
D
127.0.0.1
InLoopBack0
10.0.123.2/32 Direct 0
0
D
10.0.123.2
10.0.123.3/32 Direct 0
0
D
10.0.123.3
10.0.123.255/32 Direct 0
0
D
127.0.0.1
D
127.0.0.1/32 Direct 0
0
127.255.255.255/32 Direct 0
0
255.255.255.255/32 Direct 0
0
D
Serial2/0/0 Serial2/0/0 InLoopBack0
g.
0
127.0.0.1
InLoopBack0
127.0.0.1
InLoopBack0
D
127.0.0.1
InLoopBack0
D
127.0.0.1
InLoopBack0
rn in
Direct 0
hu a
10.0.123.0/24 Direct 0
127.0.0.0/8
co m/
HCDA-HNTD Chapter 8 WAN Configuration
[R1]display fr map-info interface Serial 2/0/0 Map Statistics for interface Serial2/0/0 (DTE)
ea
DLCI = 102, IP 10.0.123.2, Serial2/0/0
create time = 2011/11/16 09:28:49, status = ACTIVE
:/ /l
encapsulation = ietf, vlink = 1, broadcast DLCI = 103, IP 10.0.123.3, Serial2/0/0
create time = 2011/11/16 09:28:56, status = ACTIVE encapsulation = ietf, vlink = 2, broadcast
ht tp
[R2]display ip routing-table
Route Flags: R - relay, D - download to fib ---------------------------------------------------------------------------Routing Tables: Public
:
Destinations : 13
Proto
取
Destination/Mask
10.0.1.0/24 RIP
Routes : 13
Pre Cost
100 1
D
10.0.123.1
Serial3/0/0
D
10.0.2.2
LoopBack0
10.0.2.2/32 Direct 0
0
D
127.0.0.1
InLoopBack0
10.0.2.255/32 Direct 0
0
D
127.0.0.1
InLoopBack0
100 2
D
10.0.123.1
Serial3/0/0 Serial3/0/0
料 获 资
10.0.3.0/24 RIP
多
Interface
0
10.0.2.0/24 Direct 0
更
Flags NextHop
10.0.123.0/24 Direct 0
0
D
10.0.123.2
10.0.123.1/32 Direct 0
0
D
10.0.123.1
Serial3/0/0
10.0.123.2/32 Direct 0
0
D
127.0.0.1
InLoopBack0
Page218
HUAWEI TECHNOLOGIES
HC Series
10.0.123.255/32 Direct 0 127.0.0.0/8
0
D
127.0.0.1
InLoopBack0
Direct 0
0
D
127.0.0.1
InLoopBack0
127.0.0.1/32 Direct 0
0
D
127.0.0.1
InLoopBack0
0
D
127.0.0.1
InLoopBack0
255.255.255.255/32 Direct 0
0
D
127.0.0.1
InLoopBack0
i.
127.255.255.255/32 Direct 0
we
[R2]display fr map-info interface Serial 3/0/0 Map Statistics for interface Serial3/0/0 (DTE)
create time = 2011/11/16 09:21:10, status = ACTIVE encapsulation = ietf, vlink = 1, broadcast
hu a
DLCI = 201, IP 10.0.123.1, Serial3/0/0
rn in
g.
The conclusion is that R2 has no PVC reaching IP address 10.0.123.3.
Step 3 Modify network parameters to enable the connection between R2 and R3.
:/ /l
ea
The fault diagnosis results in step 2 indicate that there is no virtual circuit between the FR interfaces on R2 and R3. In this case, configure the mapping between IP addresses and PVCs to enable communications between FR interfaces on R2 and R3 through R1. [R2]interface Serial 3/0/0
ht tp
[R2-Serial3/0/0]fr map ip 10.0.123.3 201 broadcast
[R3]interface Serial 1/0/0
[R3-Serial1/0/0]fr map ip 10.0.123.2 301 broadcast
:
After you configure the mapping between IP addresses and PVCs, check the IP address-PVC mapping tables on R2 and R3 and detect network connectivity.
取
[R3]display fr map-info interface Serial 1/0/0 Map Statistics for interface Serial1/0/0 (DTE)
料 获
DLCI = 301, IP 10.0.123.1, Serial1/0/0 create time = 2011/11/16 09:22:30, status = ACTIVE encapsulation = ietf, vlink = 1, broadcast
DLCI = 301, IP 10.0.123.2, Serial1/0/0 create time = 2011/11/16 09:55:23, status = ACTIVE
更
多
资
encapsulation = ietf, vlink = 2, broadcast
HC Series
HUAWEI TECHNOLOGIES
cn
co m/
HCDA-HNTD Chapter 8 WAN Configuration
Page219
cn co m/
HCDA-HNTD Chapter 8 WAN Configuration [R3]ping 10.0.2.2 PING 10.0.2.2: 56 data bytes, press CTRL_C to break Reply from 10.0.2.2: bytes=56 Sequence=1 ttl=254 time=118 ms Reply from 10.0.2.2: bytes=56 Sequence=2 ttl=254 time=123 ms
Reply from 10.0.2.2: bytes=56 Sequence=4 ttl=254 time=123 ms
we
Reply from 10.0.2.2: bytes=56 Sequence=5 ttl=254 time=123 ms
i.
Reply from 10.0.2.2: bytes=56 Sequence=3 ttl=254 time=123 ms
--- 10.0.2.2 ping statistics ---
hu a
5 packet(s) transmitted 5 packet(s) received 0.00% packet loss
g.
round-trip min/avg/max = 118/122/123 ms
rn in
Step 4 Configure OSPF between R1 and R2.
Delete the RIP configurations added in step 2 and the IP address-PVC mapping of R2 and R3 that is established in step 3.
ea
[R1]undo rip 1
Warning: The RIP process will be deleted. Continue?[Y/N]y
:/ /l
[R1]
[R2]interface Serial 3/0/0
[R2-Serial3/0/0]undo fr map ip 10.0.123.3 201 [R2-Serial3/0/0]quit [R2]undo rip 1
ht tp
Warning: The RIP process will be deleted. Continue?[Y/N]y [R2]
[R3]interface Serial 1/0/0
:
[R3-Serial1/0/0]undo fr map ip 10.0.123.2 301 [R3-Serial1/0/0]quit [R3]undo rip 1
料 获
[R3]
取
Warning: The RIP process will be deleted. Continue?[Y/N]y
Configure single-area OSPF on R1, R2, and R3.
[R1]ospf 1 router-id 10.0.1.1 [R1-ospf-1]area 0
更
多
资
[R1-ospf-1-area-0.0.0.0]network 10.0.0.0 0.255.255.255
Page220
HUAWEI TECHNOLOGIES
HC Series
[R2]ospf 1 router-id 10.0.2.2 [R2-ospf-1]area 0 [R2-ospf-1-area-0.0.0.0]network 10.0.0.0 0.255.255.255
i.
[R3]ospf 1 router-id 10.0.3.3 [R3-ospf-1]area 0
we
[R3-ospf-1-area-0.0.0.0]network 10.0.0.0 0.255.255.255
Interfaces
Interface: 10.0.123.3 (Serial1/0/0) State: DR
Type: NBMA
g.
MTU: 1500
ea
Cost: 1562
rn in
OSPF Process 1 with Router ID 10.0.3.3
hu a
After basic parameters are set, OSPF cannot establish neighbor relationships. By default, OSPF determines that the FR network can identify the NBMA network. As a result, OSPF does not support broadcast and cannot automatically discover neighbors. [R3]display ospf interface Serial 1/0/0 verbose
Priority: 1
:/ /l
Designated Router: 10.0.123.3 Backup Designated Router: 0.0.0.0
Timers: Hello 30 , Dead 120 , Poll 120 , Retransmit 5 , Transmit Delay 1 IO Statistics
Input
Hello
0
Output 0
ht tp
Type
DB Description
0
0
Link-State Req
0
0
0
0
0
0
Link-State Update Link-State Ack
PrevState: Waiting
:
OpaqueId: 0
料 获
取
There are various methods for running OSPF on an FR network. This exercise demonstrates how to run OSPF on the FR network by setting the OSPF network type of the interface to point-to-multipoint.
Step 5 Set the OSPF network type of the interface to
资
point-to-multipoint.
更
多
[R1]interface Serial 2/0/0
HC Series
HUAWEI TECHNOLOGIES
cn
co m/
HCDA-HNTD Chapter 8 WAN Configuration
Page221
cn co m/
HCDA-HNTD Chapter 8 WAN Configuration [R1-Serial2/0/0]ospf network-type p2mp
[R2]interface Serial 3/0/0
i.
[R2-Serial3/0/0]ospf network-type p2mp
[R3]interface Serial 1/0/0
we
[R3-Serial1/0/0]ospf network-type p2mp
hu a
After you set the OSPF network type, wait until the neighbor relationship is established. Then check the neighbor relationship and route information. [R1]display ospf peer brief
g.
OSPF Process 1 with Router ID 10.0.1.1 Peer Statistic Information
Interface
0.0.0.0
Serial2/0/0
0.0.0.0
Serial2/0/0
rn in
---------------------------------------------------------------------------Area Id
Neighbor id
State
10.0.2.2
Full
10.0.3.3
Full
ea
----------------------------------------------------------------------------
[R1]display ip routing-table
Route Flags: R - relay, D - download to fib
Routing Tables: Public Destinations : 14
Proto
Routes : 14
Pre Cost
ht tp
Destination/Mask
:/ /l
----------------------------------------------------------------------------
0
D
10.0.1.1
LoopBack0
10.0.1.1/32 Direct 0
0
D
127.0.0.1
InLoopBack0
10.0.1.255/32 Direct 0
0
D
127.0.0.1
InLoopBack0
10
1562
D
10.0.123.2
Serial2/0/0
10
1562
D
10.0.123.3
Serial2/0/0
10.0.123.0/24 Direct 0
0
D
10.0.123.1
Serial2/0/0
10.0.123.1/32 Direct 0
0
D
127.0.0.1
InLoopBack0
10.0.123.2/32 Direct 0
0
D
10.0.123.2
Serial2/0/0
10.0.123.3/32 Direct 0
0
D
10.0.123.3
Serial2/0/0
10.0.123.255/32 Direct 0
0
D
127.0.0.1
InLoopBack0
:
料 获
取
10.0.3.3/32 OSPF
127.0.0.0/8
Direct 0
0
D
127.0.0.1
InLoopBack0
127.0.0.1/32 Direct 0
0
D
127.0.0.1
InLoopBack0
127.255.255.255/32 Direct 0
0
D
127.0.0.1
InLoopBack0
255.255.255.255/32 Direct 0
0
D
127.0.0.1
InLoopBack0
资 多
Interface
10.0.1.0/24 Direct 0
10.0.2.2/32 OSPF
更
Flags NextHop
Page222
HUAWEI TECHNOLOGIES
HC Series
[R2]display ospf peer brief
OSPF Process 1 with Router ID 10.0.2.2
i.
Peer Statistic Information
---------------------------------------------------------------------------Interface
Neighbor id
State
0.0.0.0
Serial3/0/0
10.0.1.1
Full
we
Area Id
hu a
----------------------------------------------------------------------------
[R2]display ip routing-table Route Flags: R - relay, D - download to fib
g.
---------------------------------------------------------------------------Routing Tables: Public
Proto
10.0.1.1/32 OSPF
Pre Cost
10
1562
10.0.2.0/24 Direct 0
0
10.0.2.2/32 Direct 0
0
10.0.2.255/32 Direct 0 10
0 3124
Interface
D
10.0.123.1
D
10.0.2.2
LoopBack0
D
127.0.0.1
InLoopBack0
D
127.0.0.1
InLoopBack0
D
10.0.123.1
Serial3/0/0 Serial3/0/0
:/ /l
10.0.3.3/32 OSPF
Flags NextHop
ea
Destination/Mask
Routes : 14
rn in
Destinations : 14
Serial3/0/0
10.0.123.0/24 Direct 0
0
D
10.0.123.2
10.0.123.1/32 Direct 0
0
D
10.0.123.1
Serial3/0/0
10.0.123.2/32 Direct 0
0
D
127.0.0.1
InLoopBack0
10.0.123.3/32 OSPF
3124
D
10.0.123.1
Serial3/0/0
D
127.0.0.1
InLoopBack0
10
0
ht tp
10.0.123.255/32 Direct 0 127.0.0.0/8
Direct 0
0
D
127.0.0.1
InLoopBack0
127.0.0.1/32 Direct 0
0
D
127.0.0.1
InLoopBack0
0
D
127.0.0.1
InLoopBack0
255.255.255.255/32 Direct 0
0
D
127.0.0.1
InLoopBack0
:
127.255.255.255/32 Direct 0
取
[R3]display ospf peer brief
料 获
OSPF Process 1 with Router ID 10.0.3.3 Peer Statistic Information
----------------------------------------------------------------------------
Area Id
Interface
Neighbor id
State
0.0.0.0
Serial1/0/0
10.0.1.1
Full
----------------------------------------------------------------------------
资
[R3]display ip routing-table
更
多
Route Flags: R - relay, D - download to fib
HC Series
cn
co m/
HCDA-HNTD Chapter 8 WAN Configuration
HUAWEI TECHNOLOGIES
Page223
cn co m/
HCDA-HNTD Chapter 8 WAN Configuration ---------------------------------------------------------------------------Routing Tables: Public
Destination/Mask
Routes : 14
Proto
Pre Cost
Flags NextHop
Interface
i.
Destinations : 14
10
1562
D
10.0.123.1
10.0.2.2/32 OSPF
10
3124
D
10.0.123.1
Serial1/0/0
10.0.3.0/24 Direct 0
0
D
10.0.3.3
LoopBack0
InLoopBack0
we
10.0.1.1/32 OSPF
Serial1/0/0
0
D
127.0.0.1
0
D
127.0.0.1
10.0.123.0/24 Direct 0
0
D
10.0.123.3
10.0.123.1/32 Direct 0
0
D
10.0.123.1
10.0.123.2/32 OSPF
3124
D
10.0.123.1
10.0.123.3/32 Direct 0
0
D
127.0.0.1
InLoopBack0
10.0.123.255/32 Direct 0
0
D
127.0.0.1
InLoopBack0
Direct 0
0
127.0.0.1/32 Direct 0
0 0
255.255.255.255/32 Direct 0
0
InLoopBack0 Serial1/0/0
g.
Serial1/0/0 Serial1/0/0
D
127.0.0.1
InLoopBack0
D
127.0.0.1
InLoopBack0
D
127.0.0.1
InLoopBack0
D
127.0.0.1
InLoopBack0
ea
127.255.255.255/32 Direct 0
rn in
127.0.0.0/8
10
hu a
10.0.3.3/32 Direct 0 10.0.3.255/32 Direct 0
[R3]ping 10.0.1.1
:/ /l
Perform a network connectivity test on R3.
PING 10.0.1.1: 56 data bytes, press CTRL_C to break Reply from 10.0.1.1: bytes=56 Sequence=1 ttl=255 time=55 ms Reply from 10.0.1.1: bytes=56 Sequence=2 ttl=255 time=60 ms
ht tp
Reply from 10.0.1.1: bytes=56 Sequence=3 ttl=255 time=61 ms Reply from 10.0.1.1: bytes=56 Sequence=4 ttl=255 time=61 ms Reply from 10.0.1.1: bytes=56 Sequence=5 ttl=255 time=61 ms
--- 10.0.1.1 ping statistics ---
:
5 packet(s) transmitted 5 packet(s) received 0.00% packet loss
取
round-trip min/avg/max = 55/59/61 ms
料 获
[R3]ping 10.0.2.2 PING 10.0.2.2: 56 data bytes, press CTRL_C to break Reply from 10.0.2.2: bytes=56 Sequence=1 ttl=254 time=116 ms Reply from 10.0.2.2: bytes=56 Sequence=2 ttl=254 time=121 ms
更
多
资
Reply from 10.0.2.2: bytes=56 Sequence=3 ttl=254 time=121 ms Reply from 10.0.2.2: bytes=56 Sequence=4 ttl=254 time=120 ms
Page224
HUAWEI TECHNOLOGIES
HC Series
Reply from 10.0.2.2: bytes=56 Sequence=5 ttl=254 time=120 ms
--- 10.0.2.2 ping statistics --5 packet(s) transmitted
i.
5 packet(s) received 0.00% packet loss
[R3]ping 10.0.123.2
hu a
PING 10.0.123.2: 56 data bytes, press CTRL_C to break
we
round-trip min/avg/max = 116/119/121 ms
Reply from 10.0.123.2: bytes=56 Sequence=1 ttl=254 time=115 ms Reply from 10.0.123.2: bytes=56 Sequence=2 ttl=254 time=119 ms
g.
Reply from 10.0.123.2: bytes=56 Sequence=3 ttl=254 time=119 ms
Reply from 10.0.123.2: bytes=56 Sequence=4 ttl=254 time=119 ms
5 packet(s) transmitted 5 packet(s) received 0.00% packet loss
rn in
Reply from 10.0.123.2: bytes=56 Sequence=5 ttl=254 time=119 ms
--- 10.0.123.2 ping statistics ---
:/ /l
ea
round-trip min/avg/max = 115/118/119 ms
Additional Exercises: Analyzing and Verifying
ht tp
As mentioned in step 4, there are various methods for running OSPF on the FR network that are achieved by changing the network type of the interface.
:
By default, OSPF determines that the FR network does not support broadcast and cannot automatically discover neighbors. Is it possible to achieve the connectivity of an OSPF network by manually defining the neighbor relationship? How?
取
In step 5, the R2-R3 communications are successful even when the IP address-PVC mapping between them is not manually configured. Why?
料 获
Final Configurations [R1]display current-configuration [V200R001C01SPC300]
更
多
资
#
sysname R1
HC Series
HUAWEI TECHNOLOGIES
cn
co m/
HCDA-HNTD Chapter 8 WAN Configuration
Page225
cn co m/
HCDA-HNTD Chapter 8 WAN Configuration # interface Serial2/0/0 link-protocol fr undo fr inarp
i.
fr map ip 10.0.123.2 102 broadcast fr map ip 10.0.123.3 103 broadcast
we
ip address 10.0.123.1 255.255.255.0 ospf network-type p2mp #
hu a
interface LoopBack0 ip address 10.0.1.1 255.255.255.0 #
g.
ospf 1 router-id 10.0.1.1 area 0.0.0.0 network 10.0.0.0 0.255.255.255
rn in
# return
[R2]display current-configuration [V200R001C01SPC300]
ea
# sysname R2
interface Serial3/0/0 link-protocol fr undo fr inarp
:/ /l
#
fr map ip 10.0.123.1 201 broadcast
ht tp
ip address 10.0.123.2 255.255.255.0 ospf network-type p2mp #
interface LoopBack0
ip address 10.0.2.2 255.255.255.0
:
#
ospf 1 router-id 10.0.2.2
取
area 0.0.0.0
network 10.0.0.0 0.255.255.255
料 获
# return
[R3]display current-configuration [V200R001C01SPC300]
更
多
资
#
sysname R3
Page226
HUAWEI TECHNOLOGIES
HC Series
# interface Serial1/0/0 link-protocol fr undo fr inarp
i.
fr map ip 10.0.123.1 301 broadcast ip address 10.0.123.3 255.255.255.0
we
ospf network-type p2mp # interface LoopBack0
hu a
ip address 10.0.3.3 255.255.255.0 # ospf 1 router-id 10.0.3.3
g.
area 0.0.0.0 network 10.0.0.0 0.255.255.255 #
更
多
资
料 获
取
:
ht tp
:/ /l
ea
rn in
return
HC Series
cn
co m/
HCDA-HNTD Chapter 8 WAN Configuration
HUAWEI TECHNOLOGIES
Page227
cn co m/
HCDA-HNTD Chapter 9 Firewall Configuration
Chapter 9 Firewall Configuration
Learning Objectives
g.
rn in
x
How to log in to the USG firewall. How to change the firewall device name. How to change the system time and time zone. How to modify the login banner. How to change the login password. How to view, save, and delete firewall configurations. How to configure the VLAN/interface IP address and detect network connectivity. How to restart the firewall.
ea
x x x x x x x
hu a
The objectives of this lab are to learn and understand:
we
i.
Lab 9-1 USG Firewall Configuration
ht tp
:/ /l
Topology
取
Scenario
:
Figure 9.1 Lab topology for USG firewall configuration
更
多
资
料 获
Assume that you are a network administrator of a company. The company bought a USG2160 firewall and intends to connect it to S1, the core switch, to filter packets transmitted across different VLANs. You need to familiarize yourself with various operations of the firewall.
Page228
HUAWEI TECHNOLOGIES
HC Series
Tasks
i.
Step 1 Log in to the firewall and change its name.
hu a
we
Like a router, a firewall provides a console interface, which can connect to the COM interface on a computer. The computer can connect to the firewall using the super terminal software that comes with the Windows operating system. For details, see "Lab 1-1 Basic Operations on the VRP Platform."
g.
The firewall provides default configurations and the default user name and password are admin and Admin@123. Enter the case-sensitive user name and password when logging in to the firewall.
rn in
************************************************************************* *
Copyright(C) 2008-2012 Huawei Technologies Co., Ltd.
*
*
All rights reserved
*
*
Without the owner's prior written consent,
*
no decompiling or reverse-engineering shall be allowed.
*
ea
*
*************************************************************************
Please Press ENTER.
Username:admin
ht tp
Login authentication
:/ /l
User interface con0 is available
Password:*********
NOTICE:This is a private communication system.
:
Unauthorized access or use may lead to prosecution. Warning: Using default authentication method and password on console.
取
料 获
The method for changing the firewall name is the same as that for changing the router name. Because both the firewall and router use the VRP operating system, the command level and help operations for them are the same.
< USG2100>system-view
资
Enter system view, return user view with Ctrl+Z.
更
多
[USG2100]sysname FW
HC Series
HUAWEI TECHNOLOGIES
cn
co m/
HCDA-HNTD Chapter 9 Firewall Configuration
Page229
cn co m/
HCDA-HNTD Chapter 9 Firewall Configuration [FW]
i.
Step 2 Change the time and time zone for the firewall.
hu a
we
By default, the time zone is not defined on the firewall. Therefore, the firewall system time may be inconsistent with the actual time. You should change the time and time zone information based on the actual information for your location. During the exercise, the time zone GMT+8 is used and the standard time is defined. clock timezone 1 add 08:00:00 display clock
g.
2011-11-17 18:39:48 Thursday
clock datetime 10:36:00 2011/11/17 display clock 2011-11-17 10:36:09 Thursday
ea
Time Zone : 1 add 08:00:00
rn in
Time Zone : 1 add 08:00:00
:/ /l
Step 3 Change the login banner information. Change the login banner information. The following login banner information is displayed by default after you successfully log in to the fire wall.
ht tp
quit Please Press ENTER.
:
Login authentication
Username:admin
取
Password:*********
NOTICE:This is a private communication system.
料 获
Unauthorized access or use may lead to prosecution. Warning: Using default authentication method and password on console.
更
多
资
The firewall device warns about unauthorized access using the banner information. Page230
HUAWEI TECHNOLOGIES
HC Series
The administrator can change the login banner information as needed. Different banner information is displayed before and after you log in to the firewall. [FW]header login information ^
i.
Info: The banner text supports 220 characters max, including the start and the end character. If you want to enter more than this, use banner file instead.
we
Input banner text, and quit with the character '^':
[FW]header shell information ^
hu a
Welcome to USG2160 ^
Info: The banner text supports 220 characters max, including the start and the end character. If you want to enter more than this, use banner file instead.
g.
Input banner text, and quit with the character '^': Welcome to USG2160
rn in
You are logining in system Please donot delete system config files ^ [FW]
Log out of the firewall system and then log in to the system again to check whether the change takes effect.
Username:admin
:/ /l
Username:admin
ht tp
Login authentication
ea
Please Press ENTER.
Welcome to USG2160
Password:*********
Welcome to USG2160
:
You are logining in system Please do not delete system config files
取
NOTICE:This is a private communication system. Unauthorized access or use may lead to prosecution.
料 获
Warning: Using default authentication method and password on console.
更
多
资
If the preceding information is displayed, the banner information is successfully changed. Note that the default notice information cannot be deleted or replaced.
HC Series
cn
co m/
HCDA-HNTD Chapter 9 Firewall Configuration
HUAWEI TECHNOLOGIES
Page231
cn co m/
HCDA-HNTD Chapter 9 Firewall Configuration
Step 4 Change the login user name and password.
[FW]aaa
g.
hu a
we
i.
The default user name and password are admin and Admin@123. You can change them as needed. For this exercise, create a level-3 user. The user name and password are user1 and huawei@123. By default, only the user admin is allowed to log in to the firewall system using the console interface. Therefore, a newly created user is allowed to log in to the system using the console interface only after the authentication mode is set to aaa. In addition, specify the applicable scope of the newly created user. In this exercise, the applicable scope is set to terminal, indicating that this user is allowed to log in to the system using the console interface. [FW-aaa]local-user user1 password cipher huawei@123
[FW-aaa]local-user user1 level 3 [FW-aaa]quit [FW]user-interface console 0
ea
[FW-ui-console0]authentication-mode aaa
rn in
[FW-aaa]local-user user1 service-type terminal
[FW-ui-console0]return quit
:/ /l
After you set the authentication mode to aaa, log out of the system and check whether the newly created user name and password take effect.
*
ht tp
************************************************************************* Copyright(C) 2008-2011 Huawei Technologies Co., Ltd.
*
All rights reserved
*
* * *
Without the owner's prior written consent,
*
no decompiling or reverse-engineering shall be allowed.
*
:
*************************************************************************
料 获
取
User interface con0 is available
Please Press ENTER.
更
多
资
Welcome to USG2160
Page232
HUAWEI TECHNOLOGIES
HC Series
Login authentication
Username:user1
Welcome to USG2160
NOTICE:This is a private communication system.
hu a
Unauthorized access or use may lead to prosecution.
we
You are logining in system Please donot delete system config files
i.
Password:**********
g.
Step 5 View, save, and delete firewall configurations.
rn in
On a firewall, run the display current-configuration command to view the configurations that are running and run the display saved-configuration command to view the configurations that have been saved. display current-configuration
ea
# sysname FW
:/ /l
# l2tp domain suffix-separator @ #
firewall packet-filter default permit interzone local trust direction inbound firewall packet-filter default permit interzone local trust direction outbound
ht tp
firewall packet-filter default permit interzone local untrust direction outbound firewall packet-filter default permit interzone local dmz direction outbound #
ip df-unreachables enable #
:
firewall ipv6 session link-state check firewall ipv6 statistic system enable
取
#
dns resolve #
料 获
vlan batch 1
#
firewall statistic system enable
资
ĂĂoutput omitĂĂ
更
多
display saved-configuration
HC Series
cn
co m/
HCDA-HNTD Chapter 9 Firewall Configuration
HUAWEI TECHNOLOGIES
Page233
cn co m/
HCDA-HNTD Chapter 9 Firewall Configuration Error:No startup config.
i.
As shown in the preceding example, if no configurations are saved, the related information is unavailable.
we
If the configurations have been saved, information similar to the following is displayed.
hu a
save 15:05:50 2011/11/17
The current configuration will be written to the device. Are you sure to continue?[Y/N]y
g.
Info:Please input the file name(*.cfg,*.zip)[vrpcfg.zip]:
Now saving the current configuration to the device.................
rn in
Info:The current configuration was saved to the device successfully.. display saved-configuration
# Last configuration was changed at 2011/11/17 15:05:59 from console0 #*****BEGIN****public****# #
ea
sysname FW #
:/ /l
l2tp domain suffix-separator @ #
firewall packet-filter default permit interzone local trust direction inbound firewall packet-filter default permit interzone local trust direction outbound firewall packet-filter default permit interzone local untrust direction outbound
ht tp
firewall packet-filter default permit interzone local dmz direction outbound #
ip df-unreachables enable #
firewall ipv6 session link-state check
:
firewall ipv6 statistic system enable #
取
dns resolve #
料 获
vlan batch 1 #
firewall statistic system enable
更
多
资
ĂĂoutput omitĂĂ
Run the delete flash:/vrpcfg.zip command to delete the configurations
Page234
HUAWEI TECHNOLOGIES
HC Series
that have been saved. delete flash:/vrpcfg.zip
Be Careful! Deleting the next startup config file will lose your configuration.
i.
Delete flash:/vrpcfg.zip?[Y/N]:y
we
%Deleting file flash:/vrpcfg.zip...
hu a
Step 6 Configure the VLAN and interface IP address.
rn in
g.
On the firewall, E0/0/0 is a Layer-3 interface and E1/0/0 to E1/0/7 are Layer-2 interfaces. Layer-2 interface IP addresses cannot be configured directly but must be configured on the related VLANIF interfaces. By default, VLAN1 is available on the firewall device and the VLANIF1 IP address has been assigned. Create VLAN2 and VLANIF2 and configure their IP addresses as 10.0.2.1/24. In addition, delete the IP address of VLANIF1. [FW]interface Vlanif 1 [FW-Vlanif1]undo ip address
:/ /l
[FW-Vlanif2]ip address 10.0.2.1 24
ea
[FW]vlan 2 [FW-vlan-2]interface vlanif 2
Configure E1/0/0 to access VLAN2. [FW]interface Ethernet 1/0/0
ht tp
[FW-Ethernet1/0/0]port access vlan 2
Configure the IP address for E0/0/0 as 10.0.1.1/24 and the IP address for E2/0/0 as 10.0.3.1/24. [FW]interface Ethernet 0/0/0
:
[FW-Ethernet0/0/0]ip address 10.0.1.1 24 [FW-Ethernet0/0/0]interface Ethernet 2/0/0
取
[FW-Ethernet2/0/0]ip address 10.0.3.1 24
料 获
On S1, configure G0/0/21, G0/0/22, and G0/0/23 to access VLAN1, VLAN2, and VLAN3, respectively. Configure the IP addresses of VLANIF1, VLANIF2 and VLANIF3 as 10.0.2.2/24, 10.0.2.2/24, and 10.0.3.2/24.
system-view Enter system view, return user view with Ctrl+Z.
更
多
资
[Quidway]sysname S1
HC Series
cn
co m/
HCDA-HNTD Chapter 9 Firewall Configuration
HUAWEI TECHNOLOGIES
Page235
cn co m/
HCDA-HNTD Chapter 9 Firewall Configuration [S1]vlan batch 2 3 [S1]interface GigabitEthernet 0/0/21 [S1-GigabitEthernet0/0/21]port link-type access [S1-GigabitEthernet0/0/21]port default vlan 1
[S1-GigabitEthernet0/0/22]port link-type access [S1-GigabitEthernet0/0/22]port default vlan 2 [S1-GigabitEthernet0/0/22]interface GigabitEthernet 0/0/23 [S1-GigabitEthernet0/0/23]port link-type access
hu a
[S1-GigabitEthernet0/0/23]port default vlan 3
we
i.
[S1-GigabitEthernet0/0/21]interface GigabitEthernet 0/0/22
[S1-GigabitEthernet0/0/23]interface vlanif 1 [S1-Vlanif1]ip address 10.0.1.2 24
g.
[S1-Vlanif1]interface vlanif 2 [S1-Vlanif2]ip address 10.0.2.2 24 [S1-Vlanif2]interface vlanif 3
rn in
[S1-Vlanif3]ip address 10.0.3.2 24
ea
As default,the trust zone contain interface Ethernet1/0/0~1/0/7 and interface Vlanif1.Add the interface Vlanif 2ǃEthernet 0/0/0 and Ethernet 2/0/0 into the trust zone. Delete the interface Ethernet 0/0/0 from the untust zone before Add it into the trust zone.
[FW]firewall zone untrust
:/ /l
After the configurations are complete, perform a test on the firewall to detect the network connectivity. [FW-zone-untrust]undo add interface Ethernet 0/0/0 [FW-zone-untrust]quit
ht tp
[FW]firewall zone trust
[FW-zone-trust]add interface Vlanif 2 [FW-zone-trust]add interface Ethernet 2/0/0
:
[FW-zone-trust]add interface Ethernet 0/0/0
[S1]ping 10.0.1.1
取
PING 10.0.1.1: 56 data bytes, press CTRL_C to break Reply from 10.0.1.1: bytes=56 Sequence=1 ttl=255 time=1 ms Reply from 10.0.1.1: bytes=56 Sequence=2 ttl=255 time=1 ms
料 获
Reply from 10.0.1.1: bytes=56 Sequence=3 ttl=255 time=1 ms Reply from 10.0.1.1: bytes=56 Sequence=4 ttl=255 time=1 ms Reply from 10.0.1.1: bytes=56 Sequence=5 ttl=255 time=1 ms
更
多
资
--- 10.0.1.1 ping statistics --5 packet(s) transmitted
Page236
HUAWEI TECHNOLOGIES
HC Series
5 packet(s) received 0.00% packet loss round-trip min/avg/max = 1/1/1 ms
Reply from 10.0.2.1: bytes=56 Sequence=1 ttl=255 time=2 ms Reply from 10.0.2.1: bytes=56 Sequence=2 ttl=255 time=3 ms Reply from 10.0.2.1: bytes=56 Sequence=3 ttl=255 time=1 ms
hu a
Reply from 10.0.2.1: bytes=56 Sequence=4 ttl=255 time=1 ms
we
PING 10.0.2.1: 56 data bytes, press CTRL_C to break
i.
[S1]ping 10.0.2.1
Reply from 10.0.2.1: bytes=56 Sequence=5 ttl=255 time=1 ms
g.
--- 10.0.2.1 ping statistics --5 packet(s) transmitted
round-trip min/avg/max = 1/1/3 ms
[S1]ping 10.0.3.1
rn in
5 packet(s) received 0.00% packet loss
PING 10.0.3.1: 56 data bytes, press CTRL_C to break
ea
Reply from 10.0.3.1: bytes=56 Sequence=1 ttl=255 time=1 ms Reply from 10.0.3.1: bytes=56 Sequence=2 ttl=255 time=1 ms
:/ /l
Reply from 10.0.3.1: bytes=56 Sequence=3 ttl=255 time=1 ms Reply from 10.0.3.1: bytes=56 Sequence=4 ttl=255 time=1 ms Reply from 10.0.3.1: bytes=56 Sequence=5 ttl=255 time=1 ms
--- 10.0.3.1 ping statistics ---
ht tp
5 packet(s) transmitted 5 packet(s) received 0.00% packet loss
:
round-trip min/avg/max = 1/1/1 ms
取
Step 7 Restart the firewall.
料 获
After all configurations are complete and the test is successful, delete the configuration files and restart the firewall to clear the configurations. After you restart the firewall, a message is displayed, asking you whether to save the current configuration. Delete the current configuration.
reboot
更
多
资
Info:Reading saved configuration failed. System will reboot, could you want to save current configuration [Y/N]?n System will reboot, continue?[Y/N]:y
HC Series
cn
co m/
HCDA-HNTD Chapter 9 Firewall Configuration
HUAWEI TECHNOLOGIES
Page237
cn co m/
HCDA-HNTD Chapter 9 Firewall Configuration
Additional Exercises: Analyzing and Verifying
i.
The login banner contains mainly warning information. Is there any other information that can be included in the login banner?
we
Final Configurations [FW]display current-configuration
hu a
# sysname FW #
g.
firewall packet-filter default permit interzone local trust direction inbound firewall packet-filter default permit interzone local trust direction outbound
rn in
firewall packet-filter default permit interzone local untrust direction outbound firewall packet-filter default permit interzone local dmz direction outbound # dns resolve #
ea
vlan batch 1 to 2 #
# interface Vlanif2
:/ /l
interface Vlanif1
ip address 10.0.2.1 255.255.255.0 #
ht tp
interface Cellular5/0/0 link-protocol ppp #
interface Ethernet0/0/0
#
:
ip address 10.0.1.1 255.255.255.0
interface Ethernet1/0/0
取
portswitch
port link-type access port access vlan 2
料 获
#
interface Ethernet2/0/0 ip address 10.0.3.1 255.255.255.0
#
资
interface NULL0
更
多
#
Page238
HUAWEI TECHNOLOGIES
HC Series
firewall zone local set priority 100 # firewall zone trust
i.
set priority 85 add interface Ethernet0/0/0
we
add interface Ethernet1/0/0 add interface Ethernet1/0/1 add interface Ethernet1/0/2
hu a
add interface Ethernet1/0/3 add interface Ethernet1/0/4 add interface Ethernet1/0/5
g.
add interface Ethernet1/0/6 add interface Ethernet1/0/7 add interface Ethernet2/0/0
rn in
add interface Vlanif1 add interface Vlanif2 # firewall zone untrust set priority 5
ea
# firewall zone dmz
:/ /l
set priority 50 # aaa
local-user admin password cipher %$%$Ir#0"8`~3LQ#K3
ht tp
local-user admin level 15
local-user user1 password cipher %$%$P-[yN}K4yXZTL0*(IWw)m#wn%$%$ local-user user1 service-type terminal local-user user1 level 3
authentication-scheme default
:
#
header shell information "Welcome to USG2160
取
You are logining in system Please do not delete system config files "
料 获
header login information "Welcome to USG2160 " banner enable
#
user-interface con 0 authentication-mode aaa
更
多
资
user-interface tty 2 authentication-mode password
HC Series
cn
co m/
HCDA-HNTD Chapter 9 Firewall Configuration
HUAWEI TECHNOLOGIES
Page239
cn co m/
HCDA-HNTD Chapter 9 Firewall Configuration modem both user-interface vty 0 4 authentication-mode aaa protocol inbound all
i.
#
we
Return
[S1]display current-configuration
hu a
# !Software Version V100R006C00SPC800 sysname S1
g.
# vlan batch 2 to 3
ip address 10.0.1.2 255.255.255.0 # interface Vlanif2 ip address 10.0.2.2 255.255.255.0 # interface Vlanif3
#
:/ /l
ip address 10.0.3.2 255.255.255.0
ea
interface Vlanif1
rn in
#
interface GigabitEthernet0/0/21 port link-type access #
ht tp
interface GigabitEthernet0/0/22 port link-type access port default vlan 2 #
interface GigabitEthernet0/0/23
:
port link-type access port default vlan 3
更
多
资
料 获
return
取
#
Page240
HUAWEI TECHNOLOGIES
HC Series
Lab 9-2 USG Firewall Zone Configuration
i.
Learning Objectives
we
The objectives of this lab are to learn and understand: How to configure firewall security zones Parameter settings for security zones How to filter packets transmitted between different zones
hu a
x x x
:
ht tp
:/ /l
ea
rn in
g.
Topology
取
Figure 9.2 Lab topology for USG firewall zone configuration
料 获
Scenario
更
多
资
Assume that you are a network administrator of a company. The company's network at headquarters is divided into three zones: trust, untrust, and DMZ. You intend to control inter-zone traffic using the firewall. On S1, configure three network segments: G0/0/1 to G0/0/21 for accessing VLAN11, G0/0/2 to G0/0/22 for accessing VLAN12, and G0/0/3 to G0/0/23 for accessing
HC Series
HUAWEI TECHNOLOGIES
cn
co m/
HCDA-HNTD Chapter 9 Firewall Configuration
Page241
cn
VLAN13. You need to achieve the following configurations to meet work requirements:
i.
z Users in the trust zone can access users in the untrust zone.
co m/
HCDA-HNTD Chapter 9 Firewall Configuration
we
z Users in the trust and untrust zones can access users in the DMZ zone.
hu a
z Users in the untrust zone cannot directly access users in the trust zone.
g.
z Users in the DMZ zone cannot directly access users in the trust and untrust zones.
Step 1 Configure IP addresses.
rn in
Tasks
ea
Set IP addresses for R1, R2, and R3. system-view
[Huawei]sysname R1
:/ /l
Enter system view, return user view with Ctrl+Z.
[R1]interface GigabitEthernet 0/0/1
[R1-GigabitEthernet0/0/1]ip address 10.0.10.1 24 [R1-GigabitEthernet0/0/1]interface loopback 0
ht tp
[R1-LoopBack0]ip address 10.0.1.1 24
system-view
Enter system view, return user view with Ctrl+Z. [Huawei]sysname R2
:
[R2]interface GigabitEthernet0/0/1 [R2-GigabitEthernet0/0/1]ip address 10.0.20.2 24
取
[R2-GigabitEthernet0/0/1]interface loopback 0 [R2-LoopBack0]ip address 10.0.2.2 24
料 获
system-view Enter system view, return user view with Ctrl+Z. [Huawei]sysname R3 [R3]interface GigabitEthernet 0/0/1 [R3-GigabitEthernet0/0/1]ip address 10.0.30.3 24
更
多
资
[R3-GigabitEthernet0/0/1]interface loopback 0
Page242
HUAWEI TECHNOLOGIES
HC Series
[R3-LoopBack0]ip address 10.0.3.3 24
we
i.
Note that E1/0/0 is an interface on the Layer-2 switch and you cannot directly set an IP address for it. In this exercise, configure the VLAN12, the VLANIF12 interface, and the IP address 10.0.20.254/24 for the gateway in the inside zone. By default, the firewall automatically assigns an IP address for its VLANIF1. Delete this configuration to prevent any interference during the exercise.
hu a
system-view Enter system view, return user view with Ctrl+Z. [USG2100]sysname FW [FW]vlan 12
g.
[FW-vlan-12]quit [FW]interface Vlanif 12
[FW-Ethernet1/0/0]port access vlan 12 [FW-Ethernet1/0/0]quit [FW]interface Vlanif 1
ea
[FW-Vlanif1]undo ip address
rn in
[FW-Vlanif12]ip address 10.0.20.254 24 [FW-Vlanif12]interface ethernet 1/0/0
[FW]interface Ethernet 0/0/0
:/ /l
[FW-Ethernet0/0/0]ip address 10.0.10.254 24 [FW-Ethernet0/0/0]interface ethernet 2/0/0
[FW-Ethernet2/0/0]ip address 10.0.30.254 24
Configure the VLAN on S1 based on requirements.
ht tp
[Quidway]sysname S1
[S1]vlan batch 11 to 13
[S1]interface GigabitEthernet 0/0/1 [S1-GigabitEthernet0/0/1]port link-type access [S1-GigabitEthernet0/0/1]port default vlan 11
:
[S1-GigabitEthernet0/0/1]interface GigabitEthernet 0/0/2 [S1-GigabitEthernet0/0/2]port link-type access
取
[S1-GigabitEthernet0/0/2]port default vlan 12 [S1-GigabitEthernet0/0/2]interface GigabitEthernet 0/0/3
料 获
[S1-GigabitEthernet0/0/3]port link-type access [S1-GigabitEthernet0/0/3]port default vlan 13 [S1-GigabitEthernet0/0/3]interface GigabitEthernet 0/0/21 [S1-GigabitEthernet0/0/21]port link-type access [S1-GigabitEthernet0/0/21]port default vlan 11
资
[S1-GigabitEthernet0/0/21]interface GigabitEthernet 0/0/22
更
多
[S1-GigabitEthernet0/0/22]port link-type access
HC Series
cn
co m/
HCDA-HNTD Chapter 9 Firewall Configuration
HUAWEI TECHNOLOGIES
Page243
cn co m/
HCDA-HNTD Chapter 9 Firewall Configuration [S1-GigabitEthernet0/0/22]port default vlan 12 [S1-GigabitEthernet0/0/22]interface GigabitEthernet 0/0/23 [S1-GigabitEthernet0/0/23]port link-type access
i.
[S1-GigabitEthernet0/0/23]port default vlan 13
we
Step 2 Configuring security zones.
hu a
Configure trusted zones of FW, and add interfaces to the trusted zones. [FW]firewall zone dmz [FW-zone-dmz]add interface Ethernet 2/0/0
[FW-zone-trust]add interface Vlanif 12
rn in
[FW]firewall packet-filter default permit all
g.
[FW-zone-dmz]firewall zone trust
After the configurations are complete, perform a test on the firewall to detect the network connectivity. [FW]ping 10.0.10.1
ea
PING 10.0.10.1: 56 data bytes, press CTRL_C to break Request time out
Reply from 10.0.10.1: bytes=56 Sequence=2 ttl=255 time=1 ms
:/ /l
Reply from 10.0.10.1: bytes=56 Sequence=3 ttl=255 time=1 ms Reply from 10.0.10.1: bytes=56 Sequence=4 ttl=255 time=1 ms Reply from 10.0.10.1: bytes=56 Sequence=5 ttl=255 time=1 ms
--- 10.0.10.1 ping statistics ---
ht tp
5 packet(s) transmitted 4 packet(s) received 20.00% packet loss
:
round-trip min/avg/max = 1/1/1 ms
[FW]ping 10.0.20.2
PING 10.0.20.2: 56 data bytes, press CTRL_C to break
取
Request time out
Reply from 10.0.20.2: bytes=56 Sequence=2 ttl=255 time=1 ms
料 获
Reply from 10.0.20.2: bytes=56 Sequence=3 ttl=255 time=1 ms Reply from 10.0.20.2: bytes=56 Sequence=4 ttl=255 time=1 ms Reply from 10.0.20.2: bytes=56 Sequence=5 ttl=255 time=1 ms
--- 10.0.20.2 ping statistics ---
更
多
资
5 packet(s) transmitted
Page244
HUAWEI TECHNOLOGIES
HC Series
4 packet(s) received 20.00% packet loss round-trip min/avg/max = 1/1/1 ms
i.
[FW]ping 10.0.30.3 PING 10.0.30.3: 56 data bytes, press CTRL_C to break
we
Request time out Reply from 10.0.30.3: bytes=56 Sequence=2 ttl=255 time=1 ms
Reply from 10.0.30.3: bytes=56 Sequence=3 ttl=255 time=1 ms
hu a
Reply from 10.0.30.3: bytes=56 Sequence=4 ttl=255 time=1 ms Reply from 10.0.30.3: bytes=56 Sequence=5 ttl=255 time=1 ms
g.
--- 10.0.30.3 ping statistics --5 packet(s) transmitted
round-trip min/avg/max = 1/1/1 ms
static
routes
to
implement
network
ea
Step 3 Configure
rn in
4 packet(s) received 20.00% packet loss
:/ /l
connectivity.
Configure default routes on R1, R2, and R3 and specific static routes on the firewall to implement the connectivity between the three network segments that are connected by three Loopback0 interfaces.
ht tp
[R1]ip route-static 0.0.0.0 0 10.0.10.254
[R2]ip route-static 0.0.0.0 0 10.0.20.254
:
[R3]ip route-static 0.0.0.0 0 10.0.30.254
[FW]ip route-static 10.0.1.0 24 10.0.10.1 [FW]ip route-static 10.0.2.0 24 10.0.20.2
取
[FW]ip route-static 10.0.3.0 24 10.0.30.3
料 获
After the configurations are complete, test the connectivity between the network segments that connect to each other using Loopback0 interfaces.
[R1]ping -a 10.0.1.1 10.0.2.2 PING 10.0.2.2: 56 data bytes, press CTRL_C to break
更
多
资
Reply from 10.0.2.2: bytes=56 Sequence=1 ttl=254 time=3 ms Reply from 10.0.2.2: bytes=56 Sequence=2 ttl=254 time=3 ms
HC Series
cn
co m/
HCDA-HNTD Chapter 9 Firewall Configuration
HUAWEI TECHNOLOGIES
Page245
cn co m/
HCDA-HNTD Chapter 9 Firewall Configuration Reply from 10.0.2.2: bytes=56 Sequence=3 ttl=254 time=4 ms Reply from 10.0.2.2: bytes=56 Sequence=4 ttl=254 time=2 ms Reply from 10.0.2.2: bytes=56 Sequence=5 ttl=254 time=3 ms
i.
--- 10.0.2.2 ping statistics --5 packet(s) transmitted
we
5 packet(s) received 0.00% packet loss
[R1]ping -a 10.0.1.1 10.0.3.3 PING 10.0.3.3: 56 data bytes, press CTRL_C to break
hu a
round-trip min/avg/max = 2/3/4 ms
g.
Reply from 10.0.3.3: bytes=56 Sequence=1 ttl=254 time=4 ms Reply from 10.0.3.3: bytes=56 Sequence=2 ttl=254 time=4 ms Reply from 10.0.3.3: bytes=56 Sequence=3 ttl=254 time=3 ms
rn in
Reply from 10.0.3.3: bytes=56 Sequence=4 ttl=254 time=4 ms Reply from 10.0.3.3: bytes=56 Sequence=5 ttl=254 time=4 ms
--- 10.0.3.3 ping statistics --5 packet(s) transmitted
ea
5 packet(s) received 0.00% packet loss
:/ /l
round-trip min/avg/max = 3/3/4 ms
ht tp
Step 4 Configuring security filtering between zones. Configure packets to transmit only from the trusted zone to the other zone. [FW]firewall packet-filter default deny all [FW]firewall packet-filter default permit interzone trust untrust direction
:
outbound
[FW]firewall packet-filter default permit interzone trust dmz direction outbound
取
[FW]firewall session link-state check
料 获
Information similar to the following indicates that the communication from the untrust zone to the trust zone is normal. ping -a 10.0.1.1 10.0.2.2 PING 10.0.2.2: 56 data bytes, press CTRL_C to break Reply from 10.0.2.2: bytes=56 Sequence=1 ttl=254 time=3 ms Reply from 10.0.2.2: bytes=56 Sequence=2 ttl=254 time=3 ms
更
多
资
Reply from 10.0.2.2: bytes=56 Sequence=3 ttl=254 time=3 ms
Page246
HUAWEI TECHNOLOGIES
HC Series
Reply from 10.0.2.2: bytes=56 Sequence=4 ttl=254 time=3 ms Reply from 10.0.2.2: bytes=56 Sequence=5 ttl=254 time=3 ms
--- 10.0.2.2 ping statistics ---
i.
5 packet(s) transmitted 5 packet(s) received
we
0.00% packet loss round-trip min/avg/max = 3/3/3 ms
g.
PING 10.0.3.3: 56 data bytes, press CTRL_C to break
hu a
Information similar to the following indicates that communication from the untrust zone to the DMZ zone is normal. [R1]ping -a 10.0.1.1 10.0.3.3
Reply from 10.0.3.3: bytes=56 Sequence=1 ttl=254 time=5 ms
rn in
Reply from 10.0.3.3: bytes=56 Sequence=2 ttl=254 time=3 ms Reply from 10.0.3.3: bytes=56 Sequence=3 ttl=254 time=3 ms Reply from 10.0.3.3: bytes=56 Sequence=4 ttl=254 time=4 ms Reply from 10.0.3.3: bytes=56 Sequence=5 ttl=254 time=3 ms
ea
--- 10.0.3.3 ping statistics --5 packet(s) transmitted
0.00% packet loss
:/ /l
5 packet(s) received
round-trip min/avg/max = 3/3/5 ms
ht tp
Information similar to the following indicates that communication from the trust zone to the untrust zone is normal. [R2]ping -a 10.0.2.2 10.0.1.1
PING 10.0.1.1: 56 data bytes, press CTRL_C to break Reply from 10.0.1.1: bytes=56 Sequence=1 ttl=254 time=3 ms Reply from 10.0.1.1: bytes=56 Sequence=2 ttl=254 time=3 ms
:
Reply from 10.0.1.1: bytes=56 Sequence=3 ttl=254 time=3 ms Reply from 10.0.1.1: bytes=56 Sequence=4 ttl=254 time=3 ms
取
Reply from 10.0.1.1: bytes=56 Sequence=5 ttl=254 time=3 ms
料 获
--- 10.0.1.1 ping statistics --5 packet(s) transmitted 5 packet(s) received
0.00% packet loss
更
多
资
round-trip min/avg/max = 3/3/3 ms
Information similar to the following indicates that communication from the HC Series
HUAWEI TECHNOLOGIES
cn
co m/
HCDA-HNTD Chapter 9 Firewall Configuration
Page247
cn co m/
HCDA-HNTD Chapter 9 Firewall Configuration
trust zone to the DMZ zone is normal. [R2]ping -a 10.0.2.2 10.0.3.3 PING 10.0.3.3: 56 data bytes, press CTRL_C to break
Reply from 10.0.3.3: bytes=56 Sequence=3 ttl=254 time=3 ms Reply from 10.0.3.3: bytes=56 Sequence=4 ttl=254 time=4 ms
hu a
Reply from 10.0.3.3: bytes=56 Sequence=5 ttl=254 time=3 ms
we
Reply from 10.0.3.3: bytes=56 Sequence=2 ttl=254 time=3 ms
i.
Reply from 10.0.3.3: bytes=56 Sequence=1 ttl=254 time=5 ms
--- 10.0.3.3 ping statistics --5 packet(s) transmitted 5 packet(s) received
g.
0.00% packet loss
rn in
round-trip min/avg/max = 3/3/5 ms
Information similar to the following indicates that communication from the DMZ zone to the untrust zone is normal. [R3]ping -a 10.0.3.3 10.0.1.1
PING 10.0.1.1: 56 data bytes, press CTRL_C to break
ea
Reply from 10.0.1.1: bytes=56 Sequence=1 ttl=254 time=3 ms Reply from 10.0.1.1: bytes=56 Sequence=2 ttl=254 time=3 ms
:/ /l
Reply from 10.0.1.1: bytes=56 Sequence=3 ttl=254 time=3 ms Reply from 10.0.1.1: bytes=56 Sequence=4 ttl=254 time=3 ms Reply from 10.0.1.1: bytes=56 Sequence=5 ttl=254 time=3 ms
--- 10.0.1.1 ping statistics ---
ht tp
5 packet(s) transmitted 5 packet(s) received 0.00% packet loss
round-trip min/avg/max = 3/3/3 ms
取
:
Information similar to the following indicates that communication from the DMZ zone to the trust zone is normal. [R3]ping -a 10.0.3.3 10.0.2.2 PING 10.0.2.2: 56 data bytes, press CTRL_C to break
料 获
Reply from 10.0.2.2: bytes=56 Sequence=1 ttl=254 time=5 ms Reply from 10.0.2.2: bytes=56 Sequence=2 ttl=254 time=3 ms Reply from 10.0.2.2: bytes=56 Sequence=3 ttl=254 time=3 ms Reply from 10.0.2.2: bytes=56 Sequence=4 ttl=254 time=4 ms
更
多
资
Reply from 10.0.2.2: bytes=56 Sequence=5 ttl=254 time=3 ms
Page248
HUAWEI TECHNOLOGIES
HC Series
--- 10.0.2.2 ping statistics --5 packet(s) transmitted 5 packet(s) received 0.00% packet loss
i.
round-trip min/avg/max = 3/3/5 ms
we
Configure the inter-zone policies to allow users in the trust zone to access other zones but not allow other zones to access each other.
hu a
[FW]firewall packet-filter default deny all
[FW]firewall packet-filter default permit interzone trust untrust direction outbound
[FW]firewall packet-filter default permit interzone trust dmz direction outbound
g.
[FW]firewall session link-state check
rn in
After the configurations are complete, test the inter-zone connectivity. Information similar to the following indicates that communication from the untrust zone to the trust zone is normal. [R1]ping -a 10.0.1.1 10.0.2.2
ea
PING 10.0.2.2: 56 data bytes, press CTRL_C to break Request time out
Request time out Request time out Request time out
:/ /l
Request time out
ht tp
--- 10.0.2.2 ping statistics --5 packet(s) transmitted 0 packet(s) received 100.00% packet loss
:
Information similar to the following indicates that communication from the untrust zone to the DMZ zone is normal.
取
[R1]ping -a 10.0.1.1 10.0.3.3 PING 10.0.3.3: 56 data bytes, press CTRL_C to break
料 获
Request time out Request time out Request time out Request time out
更
多
资
Request time out
--- 10.0.3.3 ping statistics ---
HC Series
cn
co m/
HCDA-HNTD Chapter 9 Firewall Configuration
HUAWEI TECHNOLOGIES
Page249
cn co m/
HCDA-HNTD Chapter 9 Firewall Configuration 5 packet(s) transmitted 0 packet(s) received 100.00% packet loss
[R2]ping -a 10.0.2.2 10.0.1.1 PING 10.0.1.1: 56 data bytes, press CTRL_C to break
hu a
Reply from 10.0.1.1: bytes=56 Sequence=1 ttl=254 time=3 ms
we
i.
Information similar to the following indicates that communication from the trust zone to the untrust zone is normal.
Reply from 10.0.1.1: bytes=56 Sequence=2 ttl=254 time=3 ms Reply from 10.0.1.1: bytes=56 Sequence=3 ttl=254 time=3 ms
Reply from 10.0.1.1: bytes=56 Sequence=4 ttl=254 time=3 ms
g.
Reply from 10.0.1.1: bytes=56 Sequence=5 ttl=254 time=3 ms
5 packet(s) transmitted 5 packet(s) received 0.00% packet loss
ea
round-trip min/avg/max = 3/3/3 ms
rn in
--- 10.0.1.1 ping statistics ---
:/ /l
Information similar to the following indicates that communication from the trust zone to the DMZ zone is normal. [R2]ping -a 10.0.2.2 10.0.3.3
PING 10.0.3.3: 56 data bytes, press CTRL_C to break Reply from 10.0.3.3: bytes=56 Sequence=1 ttl=254 time=5 ms Reply from 10.0.3.3: bytes=56 Sequence=2 ttl=254 time=3 ms
ht tp
Reply from 10.0.3.3: bytes=56 Sequence=3 ttl=254 time=3 ms Reply from 10.0.3.3: bytes=56 Sequence=4 ttl=254 time=4 ms Reply from 10.0.3.3: bytes=56 Sequence=5 ttl=254 time=3 ms
--- 10.0.3.3 ping statistics ---
:
5 packet(s) transmitted 5 packet(s) received
取
0.00% packet loss
料 获
round-trip min/avg/max = 3/3/5 ms
Information similar to the following indicates that communication from the DMZ zone to the untrust zone is normal.
[R3]ping -a 10.0.3.3 10.0.1.1
更
多
资
PING 10.0.1.1: 56 data bytes, press CTRL_C to break Request time out
Page250
HUAWEI TECHNOLOGIES
HC Series
Request time out Request time out Request time out
i.
Request time out
--- 10.0.1.1 ping statistics ---
we
5 packet(s) transmitted 0 packet(s) received
hu a
100.00% packet loss
Information similar to the following indicates that communication from the DMZ zone to the trust zone is normal.
g.
[R3]ping -a 10.0.3.3 10.0.2.2
PING 10.0.2.2: 56 data bytes, press CTRL_C to break
rn in
Request time out Request time out Request time out Request time out
--- 10.0.2.2 ping statistics ---
100.00% packet loss
:/ /l
5 packet(s) transmitted
ea
Request time out
0 packet(s) received
ht tp
Step 5 Configure the specific server used to allow the untrust zone to access the DMZ zone.
:
In the DMZ zone, configure the server with IP address 10.0.3.3 to enable two functions: the Telnet service available for the untrust zone and ICMP ping for the network connectivity test.
取
[FW]policy interzone dmz untrust inbound [FW-policy-interzone-dmz-untrust-inbound]policy 1 [FW-policy-interzone-dmz-untrust-inbound-1]policy service service-set icmp
料 获
[FW-policy-interzone-dmz-untrust-inbound-1]policy destination 10.0.3.3 0 [FW-policy-interzone-dmz-untrust-inbound-1]action permit [FW-policy-interzone-dmz-untrust-inbound-1]quit [FW-policy-interzone-dmz-untrust-inbound]policy 2
资
[FW-policy-interzone-dmz-untrust-inbound-2]policy service service-set telnet
更
多
[FW-policy-interzone-dmz-untrust-inbound-2]policy destination 10.0.3.3 0
HC Series
cn
co m/
HCDA-HNTD Chapter 9 Firewall Configuration
HUAWEI TECHNOLOGIES
Page251
cn co m/
HCDA-HNTD Chapter 9 Firewall Configuration [FW-policy-interzone-dmz-untrust-inbound-2]action permit [FW-policy-interzone-dmz-untrust-inbound-2]quit [FW-policy-interzone-dmz-untrust-inbound]policy 3
i.
[FW-policy-interzone-dmz-untrust-inbound-3]action deny
we
You must enable the Telnet function on R3 before performing the Telnet test. [R3]user-interface vty 0 4
hu a
[R3-ui-vty0-4]authentication-mode none
Test network connectivity.
g.
[R1]ping 10.0.3.3 PING 10.0.3.3: 56 data bytes, press CTRL_C to break
Reply from 10.0.3.3: bytes=56 Sequence=1 ttl=254 time=3 ms
rn in
Reply from 10.0.3.3: bytes=56 Sequence=2 ttl=254 time=2 ms Reply from 10.0.3.3: bytes=56 Sequence=3 ttl=254 time=2 ms Reply from 10.0.3.3: bytes=56 Sequence=4 ttl=254 time=4 ms
--- 10.0.3.3 ping statistics --5 packet(s) transmitted
0.00% packet loss
:/ /l
5 packet(s) received
ea
Reply from 10.0.3.3: bytes=56 Sequence=5 ttl=254 time=2 ms
round-trip min/avg/max = 2/2/4 ms
[R1]ping -a 10.0.1.1 10.0.3.3
ht tp
PING 10.0.3.3: 56 data bytes, press CTRL_C to break Reply from 10.0.3.3: bytes=56 Sequence=1 ttl=254 time=3 ms Reply from 10.0.3.3: bytes=56 Sequence=2 ttl=254 time=2 ms Reply from 10.0.3.3: bytes=56 Sequence=3 ttl=254 time=2 ms Reply from 10.0.3.3: bytes=56 Sequence=4 ttl=254 time=2 ms
:
Reply from 10.0.3.3: bytes=56 Sequence=5 ttl=254 time=2 ms
取
--- 10.0.3.3 ping statistics --5 packet(s) transmitted
料 获
5 packet(s) received 0.00% packet loss round-trip min/avg/max = 2/2/3 ms
[R1]ping 10.0.30.3
更
多
资
PING 10.0.30.3: 56 data bytes, press CTRL_C to break Request time out
Page252
HUAWEI TECHNOLOGIES
HC Series
Request time out Request time out Request time out
i.
Request time out
--- 10.0.30.3 ping statistics ---
we
5 packet(s) transmitted 0 packet(s) received
hu a
100.00% packet loss
telnet 10.0.3.3 Press CTRL_] to quit telnet mode
g.
Trying 10.0.3.3 ... Connected to 10.0.3.3 ...
rn in
quit
Configuration console exit, please retry to log on
Press CTRL_] to quit telnet mode
:/ /l
Trying 10.0.30.3 ...
ea
The connection was closed by the remote host telnet 10.0.30.3
The preceding test results indicate how the data transmitted between zones is filtered. Except for the permitted data, all other data is filtered out.
ht tp
Additional Exercises: Analyzing and Verifying
:
In this exercise, you can replace the switch with the firewall to make configuration easier. However, most of the time, the scenario in this exercise is used in actual applications. What is the advantage of this application scenario?
取
Final Configurations [R1]display current-configuration
料 获
[V200R001C01SPC300] #
sysname R1
#
更
多
资
interface GigabitEthernet0/0/1 ip address 10.0.10.1 255.255.255.0
HC Series
cn
co m/
HCDA-HNTD Chapter 9 Firewall Configuration
HUAWEI TECHNOLOGIES
Page253
cn co m/
HCDA-HNTD Chapter 9 Firewall Configuration # interface LoopBack0 ip address 10.0.1.1 255.255.255.0 #
i.
ip route-static 0.0.0.0 0.0.0.0 10.0.10.254 #
we
Return
hu a
[R2]display current-configuration [V200R001C01SPC300] # sysname R2
g.
# interface GigabitEthernet0/0/1
interface LoopBack0 ip address 10.0.2.2 255.255.255.0 #
rn in
ip address 10.0.20.2 255.255.255.0 #
ea
ip route-static 0.0.0.0 0.0.0.0 10.0.20.254 #
:/ /l
return
[R3]display current-configuration [V200R001C01SPC300] #
ht tp
sysname R3 # sysname R3 #
interface GigabitEthernet0/0/1
:
ip address 10.0.30.3 255.255.255.0 #
取
interface LoopBack0
ip address 10.0.3.3 255.255.255.0
料 获
#
ip route-static 0.0.0.0 0.0.0.0 10.0.30.254
#
user-interface con 0 user-interface vty 0 4
资
authentication-mode none
更
多
user-interface vty 16 20
Page254
HUAWEI TECHNOLOGIES
HC Series
# Return
[FW]display current-configuration
i.
#
we
sysname FW # l2tp domain suffix-separator @
hu a
#
firewall packet-filter default permit interzone trust untrust direction outbound firewall packet-filter default permit interzone trust dmz direction outbound
g.
# ip df-unreachables enable #
rn in
vlan batch 1 12 # firewall statistic system enable # interface Vlanif1
ea
# interface Vlanif12
interface Ethernet0/0/0
:/ /l
ip address 10.0.20.254 255.255.255.0 #
ip address 10.0.10.254 255.255.255.0 #
ht tp
interface Ethernet1/0/0 portswitch
port link-type access port access vlan 12 #
:
interface Ethernet2/0/0
ip address 10.0.30.254 255.255.255.0
取
#
firewall zone local
料 获
set priority 100 #
firewall zone trust set priority 85 add interface Ethernet1/0/0
更
多
资
add interface Ethernet1/0/1 add interface Ethernet1/0/2
HC Series
cn
co m/
HCDA-HNTD Chapter 9 Firewall Configuration
HUAWEI TECHNOLOGIES
Page255
cn co m/
HCDA-HNTD Chapter 9 Firewall Configuration add interface Ethernet1/0/3 add interface Ethernet1/0/4 add interface Ethernet1/0/5 add interface Ethernet1/0/6
i.
add interface Ethernet1/0/7 add interface Vlanif1
we
add interface Vlanif12 # firewall zone untrust
hu a
set priority 5 add interface Ethernet0/0/0 #
g.
firewall zone dmz set priority 50 add interface Ethernet2/0/0
rn in
# aaa
local-user admin password cipher %$%$r(sf.cF$A7%o4X%u-+AZ]6-
local-user admin service-type web terminal telnet local-user admin level 15
ea
authentication-scheme default #
:/ /l
ip route-static 10.0.1.0 255.255.255.0 10.0.10.1 ip route-static 10.0.2.0 255.255.255.0 10.0.20.2 ip route-static 10.0.3.0 255.255.255.0 10.0.30.3 # user-interface con 0
ht tp
user-interface tty 2
authentication-mode password modem both
user-interface vty 0 4
authentication-mode aaa
:
protocol inbound all #
取
policy interzone dmz untrust inbound policy 1
料 获
action permit policy service service-set icmp policy destination 10.0.3.3 0
policy 2
更
多
资
action permit policy service service-set telnet
Page256
HUAWEI TECHNOLOGIES
HC Series
policy destination 10.0.3.3 0
policy 3 action deny
i.
#
ht tp
:/ /l
ea
rn in
g.
hu a
we
return
Lab 9-3 NAT Configuration on the USG Firewall
:
Learning Objectives
取
The objectives of this lab are to learn and understand: How to configure a network address translation (NAT) server on the USG firewall. How to configure the Easy IP feature on the USG firewall.
料 获
x
更
多
资
x
HC Series
cn
co m/
HCDA-HNTD Chapter 9 Firewall Configuration
HUAWEI TECHNOLOGIES
Page257
cn co m/
HCDA-HNTD Chapter 9 Firewall Configuration
ea
rn in
g.
hu a
we
i.
Topology
:/ /l
Figure 9.3 Lab topology for NAT configuration on the USG firewall
ht tp
Scenario
取
:
Assume that you are a network administrator of a company. The company network is isolated into three zones by the USG firewall: untrust zone, trust zone, and demilitarized zone (DMZ). You need to release the Telnet service that is provided by a server with IP address 10.0.3.3 in the DMZ zone. The external IP address of the server is 10.0.10.20/24. Users in the trust zone can access the untrust zone by means of Easy IP. Other access methods are not allowed.
更
多
资
料 获
On S1, you need to configure three network segments: G0/0/1 to G0/0/21 for accessing VLAN11, G0/0/2 to G0/0/22 for accessing VLAN12, and G0/0/3 to G0/0/23 for accessing VLAN13.
Page258
HUAWEI TECHNOLOGIES
HC Series
Tasks
i.
Step 1 Configure IP addresses.
we
Configure IP addresses for R1, R2, and R3. system-view Enter system view, return user view with Ctrl+Z.
hu a
[Huawei]sysname R1 [R1]interface GigabitEthernet 0/0/1 [R1-GigabitEthernet0/0/1]ip address 10.0.10.1 24
g.
[R1-GigabitEthernet0/0/1]interface loopback 0 [R1-LoopBack0]ip address 10.0.1.1 24
rn in
system-view
Enter system view, return user view with Ctrl+Z. [Huawei]sysname R2 [R2]interface GigabitEthernet0/0/1
[R2-GigabitEthernet0/0/1]ip address 10.0.20.2 24
ea
[R2-GigabitEthernet0/0/1]interface loopback 0
:/ /l
[R2-LoopBack0]ip address 10.0.2.2 24
system-view
Enter system view, return user view with Ctrl+Z. [Huawei]sysname R3
[R3]interface GigabitEthernet 0/0/1
ht tp
[R3-GigabitEthernet0/0/1]ip address 10.0.30.3 24 [R3-GigabitEthernet0/0/1]interface loopback 0 [R3-LoopBack0]ip address 10.0.3.3 24
料 获
取
:
Note that E1/0/0 is an interface on the Layer-2 switch and you cannot directly set an IP address for it. In this exercise, you need to configure VLAN12, the VLANIF12 interface, and the IP address 10.0.20.254/24 for the gateway in the trust zone. By default, the firewall automatically assigns an IP address for its VLANIF1. You need to delete this configuration to prevent any interference during the experiment. system-view Enter system view, return user view with Ctrl+Z. [USG2100]sysname FW [FW]vlan 12
更
多
资
[FW-vlan-12]quit
HC Series
cn
co m/
HCDA-HNTD Chapter 9 Firewall Configuration
HUAWEI TECHNOLOGIES
Page259
cn co m/
HCDA-HNTD Chapter 9 Firewall Configuration [FW]interface Vlanif 12 [FW-Vlanif12]ip address 10.0.20.254 24 [FW-Vlanif12]interface ethernet 1/0/0 [FW-Ethernet1/0/0]port access vlan 12
i.
[FW-Ethernet1/0/0]quit [FW]interface Vlanif 1
we
[FW-Vlanif1]undo ip address [FW-Vlanif1]quit [FW]interface Ethernet 0/0/0
hu a
[FW-Ethernet0/0/0]ip address 10.0.10.254 24 [FW-Ethernet0/0/0]interface ethernet 2/0/0 [FW-Ethernet2/0/0]ip address 10.0.30.254 24
g.
Configure VLANs on S1 as required. [S1]vlan batch 11 to 13 [S1]interface GigabitEthernet 0/0/1
rn in
[Quidway]sysname S1
[S1-GigabitEthernet0/0/1]port link-type access [S1-GigabitEthernet0/0/1]port default vlan 11
ea
[S1-GigabitEthernet0/0/1]interface GigabitEthernet 0/0/2 [S1-GigabitEthernet0/0/2]port link-type access [S1-GigabitEthernet0/0/2]port default vlan 12
:/ /l
[S1-GigabitEthernet0/0/2]interface GigabitEthernet 0/0/3 [S1-GigabitEthernet0/0/3]port link-type access [S1-GigabitEthernet0/0/3]port default vlan 13 [S1-GigabitEthernet0/0/3]interface GigabitEthernet 0/0/21
ht tp
[S1-GigabitEthernet0/0/21]port link-type access [S1-GigabitEthernet0/0/21]port default vlan 11 [S1-GigabitEthernet0/0/21]interface GigabitEthernet 0/0/22 [S1-GigabitEthernet0/0/22]port link-type access [S1-GigabitEthernet0/0/22]port default vlan 12
:
[S1-GigabitEthernet0/0/22]interface GigabitEthernet 0/0/23 [S1-GigabitEthernet0/0/23]port link-type access
取
[S1-GigabitEthernet0/0/23]port default vlan 13
料 获
Step 2 Configuring security zones. Configure trusted zones of FW, and add interfaces to the trusted zones.
[FW]firewall zone dmz
更
多
资
[FW-zone-dmz]add interface Ethernet 2/0/0
Page260
HUAWEI TECHNOLOGIES
HC Series
[FW-zone-dmz]firewall zone trust [FW-zone-trust]add interface Vlanif 12 [FW]firewall packet-filter default permit all
i.
After the configurations are complete, perform a test on the firewall to detect the network connectivity.
we
[FW]ping 10.0.10.1 PING 10.0.10.1: 56 data bytes, press CTRL_C to break Request time out
hu a
Reply from 10.0.10.1: bytes=56 Sequence=2 ttl=255 time=1 ms
Reply from 10.0.10.1: bytes=56 Sequence=3 ttl=255 time=1 ms Reply from 10.0.10.1: bytes=56 Sequence=4 ttl=255 time=1 ms
g.
Reply from 10.0.10.1: bytes=56 Sequence=5 ttl=255 time=1 ms
5 packet(s) transmitted 4 packet(s) received 20.00% packet loss round-trip min/avg/max = 1/1/1 ms
ea
[FW]ping 10.0.20.2
rn in
--- 10.0.10.1 ping statistics ---
PING 10.0.20.2: 56 data bytes, press CTRL_C to break
:/ /l
Request time out
Reply from 10.0.20.2: bytes=56 Sequence=2 ttl=255 time=1 ms Reply from 10.0.20.2: bytes=56 Sequence=3 ttl=255 time=1 ms Reply from 10.0.20.2: bytes=56 Sequence=4 ttl=255 time=1 ms
ht tp
Reply from 10.0.20.2: bytes=56 Sequence=5 ttl=255 time=1 ms
--- 10.0.20.2 ping statistics --5 packet(s) transmitted 4 packet(s) received 20.00% packet loss
:
round-trip min/avg/max = 1/1/1 ms
取
[FW]ping 10.0.30.3
PING 10.0.30.3: 56 data bytes, press CTRL_C to break
料 获
Request time out Reply from 10.0.30.3: bytes=56 Sequence=2 ttl=255 time=1 ms Reply from 10.0.30.3: bytes=56 Sequence=3 ttl=255 time=1 ms Reply from 10.0.30.3: bytes=56 Sequence=4 ttl=255 time=1 ms
更
多
资
Reply from 10.0.30.3: bytes=56 Sequence=5 ttl=255 time=1 ms
--- 10.0.30.3 ping statistics ---
HC Series
cn
co m/
HCDA-HNTD Chapter 9 Firewall Configuration
HUAWEI TECHNOLOGIES
Page261
cn co m/
HCDA-HNTD Chapter 9 Firewall Configuration 5 packet(s) transmitted 4 packet(s) received 20.00% packet loss
static
routes
to
implement
network
we
Step 3 Configure
i.
round-trip min/avg/max = 1/1/1 ms
hu a
connectivity.
rn in
g.
Configure default routes on R2 and R3 and specific static routes on the firewall to implement the connectivity between the three network segments that are connected by three Loopback0 interfaces. R1, an Internet device, does not require you to define default routes because R1 does not need to know any private network information about the trust and DMZ zones. [R2]ip route-static 0.0.0.0 0 10.0.20.254
[R3]ip route-static 0.0.0.0 0 10.0.30.254
ea
[FW]ip route-static 10.0.1.0 24 10.0.10.1 [FW]ip route-static 10.0.2.0 24 10.0.20.2
:/ /l
[FW]ip route-static 10.0.3.0 24 10.0.30.3
Test the link connectivity of the three network segments on the firewall: 10.0.1.0/24, 10.0.2.0/24, and 10.0.3.0/24. [FW]ping 10.0.1.1
ht tp
PING 10.0.1.1: 56 data bytes, press CTRL_C to break Reply from 10.0.1.1: bytes=56 Sequence=1 ttl=255 time=1 ms Reply from 10.0.1.1: bytes=56 Sequence=2 ttl=255 time=1 ms Reply from 10.0.1.1: bytes=56 Sequence=3 ttl=255 time=1 ms Reply from 10.0.1.1: bytes=56 Sequence=4 ttl=255 time=1 ms
:
Reply from 10.0.1.1: bytes=56 Sequence=5 ttl=255 time=1 ms
取
--- 10.0.1.1 ping statistics --5 packet(s) transmitted
料 获
5 packet(s) received 0.00% packet loss round-trip min/avg/max = 1/1/1 ms
[FW]ping 10.0.2.2
更
多
资
PING 10.0.2.2: 56 data bytes, press CTRL_C to break Reply from 10.0.2.2: bytes=56 Sequence=1 ttl=255 time=1 ms
Page262
HUAWEI TECHNOLOGIES
HC Series
Reply from 10.0.2.2: bytes=56 Sequence=2 ttl=255 time=1 ms Reply from 10.0.2.2: bytes=56 Sequence=3 ttl=255 time=1 ms Reply from 10.0.2.2: bytes=56 Sequence=4 ttl=255 time=1 ms
i.
Reply from 10.0.2.2: bytes=56 Sequence=5 ttl=255 time=1 ms
--- 10.0.2.2 ping statistics ---
we
5 packet(s) transmitted 5 packet(s) received
round-trip min/avg/max = 1/1/1 ms
[FW]ping 10.0.3.3
g.
PING 10.0.3.3: 56 data bytes, press CTRL_C to break
hu a
0.00% packet loss
Reply from 10.0.3.3: bytes=56 Sequence=1 ttl=255 time=1 ms Reply from 10.0.3.3: bytes=56 Sequence=2 ttl=255 time=1 ms
rn in
Reply from 10.0.3.3: bytes=56 Sequence=3 ttl=255 time=1 ms Reply from 10.0.3.3: bytes=56 Sequence=4 ttl=255 time=1 ms Reply from 10.0.3.3: bytes=56 Sequence=5 ttl=255 time=1 ms
--- 10.0.3.3 ping statistics ---
ea
5 packet(s) transmitted 5 packet(s) received
:/ /l
0.00% packet loss
round-trip min/avg/max = 1/1/1 ms
ht tp
At present, devices in all zones can communicate with each other. However, currently devices in the untrust zone cannot communicate with devices in the trust and DMZ zones because NAT is not defined.
Step 4 Configure interzone packet filtering.
取
:
Packets can be sent from 10.0.2.0 in the trust zone to the untrust zone. Telnet requests can be sent from the untrust zone to the target server with IP address 10.0.3.3 in the DMZ zone. [FW]firewall session link-state check [FW]policy interzone trust untrust outbound
料 获
[FW-policy-interzone-trust-untrust-outbound]policy 0 [FW-policy-interzone-trust-untrust-outbound-0]policy source 10.0.2.0 0.0.0.255 [FW-policy-interzone-trust-untrust-outbound-0]action permit [FW-policy-interzone-trust-untrust-outbound-0]quit
资
[FW-policy-interzone-trust-untrust-outbound]quit
更
多
[FW]policy interzone dmz untrust inbound
HC Series
HUAWEI TECHNOLOGIES
cn
co m/
HCDA-HNTD Chapter 9 Firewall Configuration
Page263
cn co m/
HCDA-HNTD Chapter 9 Firewall Configuration [FW-policy-interzone-dmz-untrust-inbound]policy 0
[FW-policy-interzone-dmz-untrust-inbound-0]policy destination 10.0.3.3 0
[FW-policy-interzone-dmz-untrust-inbound-0]policy service service-set telnet [FW-policy-interzone-dmz-untrust-inbound-0]action permit
i.
[FW-policy-interzone-dmz-untrust-inbound-0]quit
we
Step 5 Configure the Easy IP feature to enable the trust and
hu a
untrust zones to access each other.
[FW]nat-policy interzone trust untrust outbound
g.
Configure the Easy IP feature, perform NAT translation, and bind the NAT to E0/0/0. [FW-nat-policy-interzone-trust-untrust-outbound]policy 0
rn in
[FW-nat-policy-interzone-trust-untrust-outbound-0]policy source 10.0.2.0 0.0.0.255
[FW-nat-policy-interzone-trust-untrust-outbound-0]action source-nat
ea
[FW-nat-policy-interzone-trust-untrust-outbound-0]easy-ip Ethernet 0/0/0
[R2]ping 10.0.1.1
:/ /l
After the configurations are complete, check whether the trust and untrust zones can access each other. PING 10.0.1.1: 56 data bytes, press CTRL_C to break Request time out Request time out
ht tp
Request time out Request time out Request time out
--- 10.0.1.1 ping statistics ---
:
5 packet(s) transmitted 0 packet(s) received
取
100.00% packet loss
[R2]ping -a 10.0.2.2 10.0.1.1
料 获
PING 10.0.1.1: 56 data bytes, press CTRL_C to break Reply from 10.0.1.1: bytes=56 Sequence=1 ttl=254 time=4 ms Reply from 10.0.1.1: bytes=56 Sequence=2 ttl=254 time=3 ms Reply from 10.0.1.1: bytes=56 Sequence=3 ttl=254 time=3 ms
更
多
资
Reply from 10.0.1.1: bytes=56 Sequence=4 ttl=254 time=3 ms Reply from 10.0.1.1: bytes=56 Sequence=5 ttl=254 time=3 ms
Page264
HUAWEI TECHNOLOGIES
HC Series
--- 10.0.1.1 ping statistics --5 packet(s) transmitted 5 packet(s) received
i.
0.00% packet loss round-trip min/avg/max = 3/3/4 ms
rn in
g.
hu a
we
The preceding information shows that the connectivity between R2 and 10.0.1.1 is not working. After you perform the expanded ping and specify the source IP address of packets as 10.0.2.2, the connectivity is implemented. The cause of this problem is that packets are directly sent to 10.0.1.1 and the source IP address of packets is 10.0.20.2, which is not within the client IP address range of NAT translation.
Step 6 Release the Telnet service that is provided by the internal server with IP address 10.0.3.3.
ea
Configure the Telnet service on R3 with IP address 10.0.3.3 and map it to 10.0.10.20.
:/ /l
[FW]nat server protocol tcp global 10.0.10.20 telnet inside 10.0.3.3 telnet
ht tp
Enable the Telnet function on R3 and test it on R1. Note that the external IP address of R3 is 10.0.10.20. When R1 needs to access 10.0.3.3, the destination address must be 10.0.10.20. [R3]user-interface vty 0 4
[R3-ui-vty0-4]authentication-mode none
telnet 10.0.10.20
:
Press CTRL_] to quit telnet mode Trying 10.0.10.20 ...
料 获
取
Connected to 10.0.10.20 ...
Additional Exercises: Analyzing and Verifying
更
多
资
In this exercise, the simple Telnet service is selected for release. If the FTP application service needs to be released, what are the differences
HC Series
cn
co m/
HCDA-HNTD Chapter 9 Firewall Configuration
HUAWEI TECHNOLOGIES
Page265
cn co m/
HCDA-HNTD Chapter 9 Firewall Configuration
between releasing the two services in terms of principles and configurations?
i.
Analyze how the firewall processes FTP data from the aspect of two modes (proactive testing and passive monitoring) of the FTP application service.
we
Final Configurations [R1]display current-configuration
hu a
[V200R001C01SPC300] # sysname R1
g.
# interface GigabitEthernet0/0/1
interface LoopBack0 ip address 10.0.1.1 255.255.255.0 # Return
[V200R001C01SPC300] # sysname R2
ht tp
#
:/ /l
[R2]display current-configuration
ea
#
rn in
ip address 10.0.10.1 255.255.255.0
interface GigabitEthernet0/0/1
ip address 10.0.20.2 255.255.255.0 #
interface LoopBack0
:
ip address 10.0.2.2 255.255.255.0 #
料 获
Return
取
ip route-static 0.0.0.0 0.0.0.0 10.0.20.254 #
[R3]display current-configuration [V200R001C01SPC300]
更
多
资
#
sysname R3
Page266
HUAWEI TECHNOLOGIES
HC Series
# interface GigabitEthernet0/0/1 ip address 10.0.30.3 255.255.255.0 #
i.
interface LoopBack0 ip address 10.0.3.3 255.255.255.0
we
# ip route-static 0.0.0.0 0.0.0.0 10.0.30.254 #
hu a
user-interface con 0 user-interface vty 0 4 authentication-mode none
g.
user-interface vty 16 20 #
rn in
Return
[FW]display current-configuration # sysname FW
ea
# l2tp domain suffix-separator @
:/ /l
#
firewall packet-filter default permit interzone local trust direction inbound firewall packet-filter default permit interzone local trust direction outbound firewall packet-filter default permit interzone local untrust direction inbound firewall packet-filter default permit interzone local untrust direction outbound
ht tp
firewall packet-filter default permit interzone local dmz direction inbound firewall packet-filter default permit interzone local dmz direction outbound firewall packet-filter default permit interzone trust untrust direction inbound firewall packet-filter default permit interzone trust untrust direction outbound firewall packet-filter default permit interzone trust dmz direction inbound
:
firewall packet-filter default permit interzone trust dmz direction outbound firewall packet-filter default permit interzone dmz untrust direction inbound
取
firewall packet-filter default permit interzone dmz untrust direction outbound #
料 获
nat server 0 protocol tcp global 10.0.10.20 telnet inside 10.0.3.3 telnet #
ip df-unreachables enable
#
firewall ipv6 session link-state check
资
firewall ipv6 statistic system enable
更
多
#
HC Series
cn
co m/
HCDA-HNTD Chapter 9 Firewall Configuration
HUAWEI TECHNOLOGIES
Page267
cn co m/
HCDA-HNTD Chapter 9 Firewall Configuration interface Vlanif1 # interface Vlanif12 ip address 10.0.20.254 255.255.255.0
i.
# interface Ethernet0/0/0
we
ip address 10.0.10.254 255.255.255.0 # interface Ethernet1/0/0
hu a
portswitch port link-type access port access vlan 12
g.
# interface Ethernet2/0/0 ip address 10.0.30.254 255.255.255.0
rn in
# interface NULL0 # firewall zone local set priority 100
ea
# firewall zone trust
:/ /l
set priority 85 add interface Ethernet1/0/0 add interface Ethernet1/0/1 add interface Ethernet1/0/2 add interface Ethernet1/0/3
ht tp
add interface Ethernet1/0/4
add interface Ethernet1/0/5 add interface Ethernet1/0/6 add interface Ethernet1/0/7 add interface Vlanif1
:
add interface Vlanif12 #
取
firewall zone untrust set priority 5
料 获
add interface Ethernet0/0/0 #
firewall zone dmz set priority 50 add interface Ethernet2/0/0
更
多
资
#
ip route-static 10.0.1.0 255.255.255.0 10.0.10.1
Page268
HUAWEI TECHNOLOGIES
HC Series
ip route-static 10.0.2.0 255.255.255.0 10.0.20.2 ip route-static 10.0.3.0 255.255.255.0 10.0.30.3 # policy interzone trust untrust outbound
i.
policy 0 action permit
we
policy source 10.0.2.0 0.0.0.255 # policy interzone dmz untrust inbound
hu a
policy 0 action permit policy service service-set telnet
policy 0 action source-nat policy source 10.0.2.0 0.0.0.255 easy-ip Ethernet0/0/0 #
ea
return
rn in
nat-policy interzone trust untrust outbound
g.
policy destination 10.0.3.3 0 #
更
多
资
料 获
取
:
ht tp
:/ /l
[FW]
HC Series
cn
co m/
HCDA-HNTD Chapter 9 Firewall Configuration
HUAWEI TECHNOLOGIES
Page269
cn co m/
HCDA-HNTD Chapter 10 Comprehensive Exercise
Chapter 10 Comprehensive Exercise
i.
Lab 10-1 Comprehensive Exercise
we
Learning Objectives
更
多
资
g.
rn in
料 获
取
:
ht tp
:/ /l
x x x x
Frame Relay (FR). Virtual Local Area Network (VLAN). Layer 3 switching. Open Shortest Path First (OSPF). OSPF operating mode on a Non-Broadcast Multi-Access (NBMA) network. Dynamic Host Configuration Protocol (DHCP) function. DHCP relay. Firewall. Network Address Translation (NAT).
ea
x x x x x
hu a
The objective of this lab is to test whether you have understood how to configure the following items:
Page270
HUAWEI TECHNOLOGIES
HC Series
ea
rn in
g.
hu a
we
i.
Topology
:/ /l
Figure 10.1 Topology for the comprehensive exercise
Scenario
Assume that you are a network administrator of a company.
:
ht tp
The company network is divided into three areas: headquarters network area, company branch network area, and branch office network area. The three network areas communicate with each other using the FR network connected to routers: R1, R2 and R3. Private lines are leased to provide line backups for network services.
取
Router R1 resides in the headquarters network area, router R2 resides in the company branch network area and router R3 resides in the branch office network.
料 获
The firewall located in HQ area divides it into three zones: Demilitarized Zone (DMZ), internal network zone and external network zone.
更
多
资
For details about interface and IP address configurations, see the preceding figure.
HC Series
cn
co m/
HCDA-HNTD Chapter 10 Comprehensive Exercise
HUAWEI TECHNOLOGIES
Page271
cn co m/
HCDA-HNTD Chapter 10 Comprehensive Exercise
Tasks
we
i.
The purpose of this comprehensive exercise is to test whether you have understood the configuration methods described in the previous 19 labs. Therefore, only a brief description of the configuration procedures and verification methods, not specific commands, is provided.
hu a
Step 1 Perform basic configuration and set IP addresses.
g.
Set IP addresses and configure VLANs based on the topology, and configure the FR function to achieve communication between different network areas. Test the network connectivity.
rn in
Layer 3 switching needs to be configured only for S1. The IP addresses of VLANIFs on S1 must be the same as those displayed in the preceding topology.
ea
R3 uses physical interface G0/0/2 to provide services for VLAN21, VLAN22, and VLAN23.
:/ /l
Inverse Address Resolution Protocol (InARP) must be disabled on FR interfaces. The mapping between Data Link Connection Identifiers (DLCIs) of permanent virtual circuits (PVCs) on the FR interfaces and the peer IP addresses for the PVCs must be defined on R1, R2, and R3. No virtual circuit exists between R2 and R3.
ht tp
E1/0/0 on the firewall must be connected to the DMZ, but no IP address can be configured for this interface. This comprehensive exercise requires that an IP address be configured for VLANIF100 and the default interface VLANIF1 be deleted from the firewall.
:
Step 2 Configure OSPF.
料 获
取
Configure OSPF on R1, R2, R3, S1, and the firewall. Ensure that all the network segments belong to area 0. On FR interfaces, configure OSPF to operate in NBMA mode, the default mode.
更
多
资
Configure all of the interfaces that do not need to send OSPF messages as silent interfaces. Enable MD5 authentication on the 10.0.123.0/24 network segment and set the authentication password to huawei. On the firewall, configure a default route with the next hop of 10.0.200.2.
Page272
HUAWEI TECHNOLOGIES
HC Series
Set the route type to Type 1 and cost value to 20, and import this route to the OSPF area in permanent advertisement mode.
i.
Step 3 Configure the DHCP service.
hu a
we
Configure the DHCP service on R1 to serve the devices on network segments including 10.0.11.0/24, 10.0.12.0/24, 10.0.13.0/24, 10.0.21.0/24, 10.0.22.0/24, and 10.0.23.0/24. Set the IP address of the Domain Name Server (DNS) to 10.0.200.200 and the IP address validity to three hours. Configure the DHCP relay function on R3 and ensure that the users in VLAN21, VLAN22, and VLAN23 can automatically obtain IP addresses.
g.
Configure VLANIF23 on S4 and test the DHCP service on the 10.0.23.0/24 segment.
ea
rn in
Configure VLANIF13 on S3 and test the DHCP service on the 10.0.13.0/24 segment.
Step 4 Configure the firewall.
:/ /l
Configure firewall functions and ensure that users on the internal network can access the external network, but users on the external network cannot access the internal network or the DMZ and users in the DMZ cannot access any network. By default, users on the internal network cannot access the DMZ.
ht tp
A server with IP address 10.0.100.11/24 resides in the DMZ to provide Telnet, File Transfer Protocol (FTP), and Hypertext Transfer Protocol (HTTP) services. The HTTP service is available to all areas, the FTP service is available to all addresses on the internal network, and the Telnet service is available only to 10.0.13.100/24.
:
Step 5 Configure NAT on the firewall.
料 获
取
Configure NAT on the firewall and enable the Easy-IP function so that users in the headquarters network area, company branch network area, and branch office network area can access the external network by means of NAT.
Additional Exercises: Analyzing and Verifying
更
多
资
What are the advantages and disadvantages of this topology used for the comprehensive exercise?
HC Series
cn
co m/
HCDA-HNTD Chapter 10 Comprehensive Exercise
HUAWEI TECHNOLOGIES
Page273
cn co m/
HCDA-HNTD Chapter 10 Comprehensive Exercise
Final Configurations
i.
[R1]display current-configuration
we
[R2]display current-configuration
hu a
[R3]display current-configuration
g.
[S1]display current-configuration
:/ /l
[S4]display current-configuration
ea
[S3]display current-configuration
rn in
[S2]display current-configuration
更
多
资
料 获
取
:
ht tp
[FW]display current-configuration
Page274
HUAWEI TECHNOLOGIES
HC Series
i.
we
hu a
g.
rn in
ea
:/ /l
ht tp
:
取
料 获
资
多
co m/
cn