實(shí)驗(yàn)拓?fù)?/h4>

?

?

配置參數(shù)

?

?

?

?

?

?

任務(wù)1：設(shè)備命名

為了方便后期維護(hù)和故障定位及網(wǎng)絡(luò)的規(guī)范性，需要對(duì)網(wǎng)絡(luò)設(shè)備進(jìn)行規(guī)范化命名。

請(qǐng)根據(jù)Figure 3-1實(shí)驗(yàn)考試拓?fù)鋵?duì)設(shè)備進(jìn)行命名。

命名規(guī)則為：城市-設(shè)備的設(shè)置地點(diǎn)-設(shè)備的功能屬性和序號(hào)-設(shè)備型號(hào)。

例如:：處于杭州校園的核心層路由器，命名為：HZ-HZXiaoYuan-Core01-AR6140。

請(qǐng)注意大小寫(xiě)，務(wù)必與Figure3-1實(shí)驗(yàn)考試拓?fù)浔３忠恢隆?/p>

HZ-HZXiaoYuan-Agg01-S5731?

?<Huawei>undo t m
<Huawei>sy
[Huawei]sy HZ-HZXiaoYuan-Agg01-S5731
[HZ-HZXiaoYuan-Agg01-S5731]

?

HZ-HZXiaoYuan-Agg02-S5731?

?<Huawei>undo t m
<Huawei>sy
[Huawei]sy HZ-HZXiaoYuan-Agg02-S5731
[HZ-HZXiaoYuan-Agg02-S5731]

?

HZ-HZXiaoYuan-Acc02-S5731?

?

<Huawei>undo t m
<Huawei>sy
[Huawei]sy HZ-HZXiaoYuan-Acc02-S5731
[HZ-HZXiaoYuan-Acc02-S5731]

?

HZ-HZXiaoYuan-Acc01-S5731?

?<Huawei>undo t m
<Huawei>sy
[Huawei]sy HZ-HZXiaoYuan-Acc01-S5731
[HZ-HZXiaoYuan-Acc01-S5731]

?

HZ-HZXiaoYuan-Core01-AR6140?

?

<Huawei>undo t m
<Huawei>sy
[Huawei]sy HZ-HZXiaoYuan-Core01-AR6140
[HZ-HZXiaoYuan-Core01-AR6140]

?

HZ-HZXiaoYuan-Core02-AR6140?

?<Huawei>undo t m
<Huawei>sy
[Huawei]sy HZ-HZXiaoYuan-Core02-AR6140
[HZ-HZXiaoYuan-Core02-AR6140]

?

HZ-HZXiaoYuan-Edge01-AR6140?

?<Huawei>undo t m
<Huawei>sy
[Huawei]sy HZ-HZXiaoYuan-Edge01-AR6140
[HZ-HZXiaoYuan-Edge01-AR6140]

?

SH-SHXiaoYuan-Edge01-AR6140?

?<Huawei>undo t m
<Huawei>sy
[Huawei]sy SH-SHXiaoYuan-Edge01-AR6140
[SH-SHXiaoYuan-Edge01-AR6140]

?

HZ-HZEDU-Edge01-AR6140?

?<Huawei>undo t m
<Huawei>sy
[Huawei]sy HZ-HZEDU-Edge01-AR6140
[HZ-HZEDU-Edge01-AR6140]

?

任務(wù)2：鏈路聚合

校園網(wǎng)中用戶密度極大，在學(xué)生上網(wǎng)的高峰時(shí)段，會(huì)產(chǎn)生大量的網(wǎng)絡(luò)流量。為了保證匯聚層鏈路的穩(wěn)定性，在不升級(jí)硬件設(shè)備的前提下最大限度的提升帶寬。在Agg01與Agg02之間配置鏈路聚合。請(qǐng)通過(guò)手工模式實(shí)現(xiàn)二層鏈路聚合，成員接口為GE0/0/21、GE0/0/22、GEO/0/23，聚合組ID為1。

HZ-HZXiaoYuan-Agg01-S5731

?[HZ-HZXiaoYuan-Agg01-S5731]int Eth-Trunk 1
[HZ-HZXiaoYuan-Agg01-S5731-Eth-Trunk1]t
[HZ-HZXiaoYuan-Agg01-S5731-Eth-Trunk1]trunkport g0/0/21
[HZ-HZXiaoYuan-Agg01-S5731-Eth-Trunk1]trunkport g0/0/22
[HZ-HZXiaoYuan-Agg01-S5731-Eth-Trunk1]trunkport g0/0/23

?

HZ-HZXiaoYuan-Agg02-S5731

?[HZ-HZXiaoYuan-Agg02-S5731]int Eth-Trunk 1
[HZ-HZXiaoYuan-Agg02-S5731-Eth-Trunk1]t
[HZ-HZXiaoYuan-Agg02-S5731-Eth-Trunk1]trunkport g0/0/21
[HZ-HZXiaoYuan-Agg02-S5731-Eth-Trunk1]trunkport g0/0/22
[HZ-HZXiaoYuan-Agg02-S5731-Eth-Trunk1]trunkport g0/0/23
[HZ-HZXiaoYuan-Agg02-S5731-Eth-Trunk1]

?

任務(wù)3：VLAN

為了確保網(wǎng)絡(luò)的穩(wěn)定與安全，避免二層網(wǎng)絡(luò)過(guò)大可能帶來(lái)的問(wèn)題，在本網(wǎng)絡(luò)中進(jìn)行VLAN的規(guī)劃部署。

請(qǐng)根據(jù)Figure 3-1實(shí)驗(yàn)考試拓?fù)浜蚑able 3-1 VLAN信息，在對(duì)應(yīng)交換機(jī)上配置所需的VLAN。

注意:為了保證網(wǎng)絡(luò)的連通性，交換機(jī)只允許題目中規(guī)定的VLAN通過(guò)。

[HZ-HZXiaoYuan-Agg01-S5731]?

[HZ-HZXiaoYuan-Agg01-S5731]v b 1 10 20 100?

[HZ-HZXiaoYuan-Agg01-S5731]int g0/0/1 ?

[HZ-HZXiaoYuan-Agg01-S5731-GigabitEthernet0/0/1]port link-type trunk ?

[HZ-HZXiaoYuan-Agg01-S5731-GigabitEthernet0/0/1]port trunk allow-pass vlan 10 20?

[HZ-HZXiaoYuan-Agg01-S5731-GigabitEthernet0/0/1]int g0/0/3?

[HZ-HZXiaoYuan-Agg01-S5731-GigabitEthernet0/0/3]port link-type trunk?

[HZ-HZXiaoYuan-Agg01-S5731-GigabitEthernet0/0/3]port trunk allow-pass vlan 10 20?

[HZ-HZXiaoYuan-Agg01-S5731-GigabitEthernet0/0/3]int g0/0/24?

[HZ-HZXiaoYuan-Agg01-S5731-GigabitEthernet0/0/24]port link-type access ?

[HZ-HZXiaoYuan-Agg01-S5731-GigabitEthernet0/0/24]port default vlan 100?

[HZ-HZXiaoYuan-Agg01-S5731-GigabitEthernet0/0/24]int et 1?

[HZ-HZXiaoYuan-Agg01-S5731-Eth-Trunk1]port link-type trunk ?

[HZ-HZXiaoYuan-Agg01-S5731-Eth-Trunk1]po t a v 10 20?

[HZ-HZXiaoYuan-Agg01-S5731-Eth-Trunk1]?

HZ-HZXiaoYuan-Agg02-S5731

[HZ-HZXiaoYuan-Agg02-S5731]?

[HZ-HZXiaoYuan-Agg02-S5731]v b 10 20 101?

[HZ-HZXiaoYuan-Agg02-S5731]int g0/0/2?

[HZ-HZXiaoYuan-Agg02-S5731-GigabitEthernet0/0/2]port link-t t?

[HZ-HZXiaoYuan-Agg02-S5731-GigabitEthernet0/0/2]po t a v 10 20?

[HZ-HZXiaoYuan-Agg02-S5731-GigabitEthernet0/0/2]int g0/0/4?

[HZ-HZXiaoYuan-Agg02-S5731-GigabitEthernet0/0/4]po link-t t?

[HZ-HZXiaoYuan-Agg02-S5731-GigabitEthernet0/0/4]po t a v 10 20?

[HZ-HZXiaoYuan-Agg02-S5731-GigabitEthernet0/0/4]int g0/0/24?

[HZ-HZXiaoYuan-Agg02-S5731-GigabitEthernet0/0/24]po link-t a?

[HZ-HZXiaoYuan-Agg02-S5731-GigabitEthernet0/0/24]po de v 101?

[HZ-HZXiaoYuan-Agg02-S5731-GigabitEthernet0/0/24]int et 1?

[HZ-HZXiaoYuan-Agg02-S5731-Eth-Trunk1]po link-t t?

[HZ-HZXiaoYuan-Agg02-S5731-Eth-Trunk1]po t a v 10 20?

[HZ-HZXiaoYuan-Agg02-S5731-Eth-Trunk1]?

[HZ-HZXiaoYuan-Acc01-S5731]v b 10 20?

[HZ-HZXiaoYuan-Acc01-S5731]int g0/0/3?

[HZ-HZXiaoYuan-Acc01-S5731-GigabitEthernet0/0/3]po link-t t?

[HZ-HZXiaoYuan-Acc01-S5731-GigabitEthernet0/0/3]po t a v 10 20?

[HZ-HZXiaoYuan-Acc01-S5731-GigabitEthernet0/0/3]int g0/0/4?

[HZ-HZXiaoYuan-Acc01-S5731-GigabitEthernet0/0/4]po link-t t?

[HZ-HZXiaoYuan-Acc01-S5731-GigabitEthernet0/0/4]po t a v 10 20?

[HZ-HZXiaoYuan-Acc01-S5731-GigabitEthernet0/0/4]int g0/0/24?

[HZ-HZXiaoYuan-Acc01-S5731-GigabitEthernet0/0/24]po link-t h?

[HZ-HZXiaoYuan-Acc01-S5731-GigabitEthernet0/0/24]port hybrid pvid vlan 20?

[HZ-HZXiaoYuan-Acc01-S5731-GigabitEthernet0/0/24]port hybrid untagged vlan 20?

[HZ-HZXiaoYuan-Acc01-S5731-GigabitEthernet0/0/24]?

[HZ-HZXiaoYuan-Acc02-S5731]v b 10 20?

[HZ-HZXiaoYuan-Acc02-S5731]int g0/0/1?

[HZ-HZXiaoYuan-Acc02-S5731-GigabitEthernet0/0/1]po link-t t?

[HZ-HZXiaoYuan-Acc02-S5731-GigabitEthernet0/0/1]po t a v 10 20?

[HZ-HZXiaoYuan-Acc02-S5731-GigabitEthernet0/0/1]int g0/0/2?

[HZ-HZXiaoYuan-Acc02-S5731-GigabitEthernet0/0/2]po link-t t?

[HZ-HZXiaoYuan-Acc02-S5731-GigabitEthernet0/0/2]po t a v 10 20?

[HZ-HZXiaoYuan-Acc02-S5731-GigabitEthernet0/0/2]int g0/0/23?

[HZ-HZXiaoYuan-Acc02-S5731-GigabitEthernet0/0/23]po link-t a?

[HZ-HZXiaoYuan-Acc02-S5731-GigabitEthernet0/0/23]po de v 10?

[HZ-HZXiaoYuan-Acc02-S5731-GigabitEthernet0/0/23]int g0/0/24?

[HZ-HZXiaoYuan-Acc02-S5731-GigabitEthernet0/0/24]po link-t a?

[HZ-HZXiaoYuan-Acc02-S5731-GigabitEthernet0/0/24]po de v 10?

[HZ-HZXiaoYuan-Acc02-S5731-GigabitEthernet0/0/24]?

任務(wù)4：IP 編址

請(qǐng)根據(jù)Figure 3-1實(shí)驗(yàn)考試拓?fù)浜蚑able 3-2 IP地址規(guī)劃給出的信息，配置對(duì)應(yīng)網(wǎng)絡(luò)設(shè)備接口的IP地址。

[HZ-HZXiaoYuan-Edge01-AR6140]int g0/0/0?

[HZ-HZXiaoYuan-Edge01-AR6140-GigabitEthernet0/0/0]ip ad 10.1.12.1 24?

[HZ-HZXiaoYuan-Edge01-AR6140-GigabitEthernet0/0/0]int g0/0/1?

[HZ-HZXiaoYuan-Edge01-AR6140-GigabitEthernet0/0/1]ip ad 10.1.13.1 24?

[HZ-HZXiaoYuan-Edge01-AR6140-GigabitEthernet0/0/1]int g0/0/2?

[HZ-HZXiaoYuan-Edge01-AR6140-GigabitEthernet0/0/2]ip ad 10.1.15.1 24?

[HZ-HZXiaoYuan-Edge01-AR6140-GigabitEthernet0/0/2]int s 4/0/0?

[HZ-HZXiaoYuan-Edge01-AR6140-Serial4/0/0]ip ad 10.2.15.1 24?

[HZ-HZXiaoYuan-Edge01-AR6140-Serial4/0/0]int lo 0?

[HZ-HZXiaoYuan-Edge01-AR6140-LoopBack0]ip ad 10.1.1.1 32?

[HZ-HZXiaoYuan-Edge01-AR6140-LoopBack0]?

[HZ-HZXiaoYuan-Core01-AR6140]int g0/0/0?

[HZ-HZXiaoYuan-Core01-AR6140-GigabitEthernet0/0/0]ip ad 10.1.12.2 24?

[HZ-HZXiaoYuan-Core01-AR6140-GigabitEthernet0/0/0]int g0/0/1?

[HZ-HZXiaoYuan-Core01-AR6140-GigabitEthernet0/0/1]ip ad 10.1.26.2 24?

[HZ-HZXiaoYuan-Core01-AR6140-GigabitEthernet0/0/1]int g0/0/2?

[HZ-HZXiaoYuan-Core01-AR6140-GigabitEthernet0/0/2]ip ad 10.1.23.2 24?

[HZ-HZXiaoYuan-Core01-AR6140-GigabitEthernet0/0/2]int lo 0?

[HZ-HZXiaoYuan-Core01-AR6140-LoopBack0]ip ad 10.1.2.2 32?

[HZ-HZXiaoYuan-Core01-AR6140-LoopBack0]?

[HZ-HZXiaoYuan-Core02-AR6140]int g0/0/0?

[HZ-HZXiaoYuan-Core02-AR6140-GigabitEthernet0/0/0]ip ad 10.1.37.3 24?

[HZ-HZXiaoYuan-Core02-AR6140-GigabitEthernet0/0/0]int g0/0/1?

[HZ-HZXiaoYuan-Core02-AR6140-GigabitEthernet0/0/1]ip ad 10.1.13.3 24?

[HZ-HZXiaoYuan-Core02-AR6140-GigabitEthernet0/0/1]int g0/0/2?

[HZ-HZXiaoYuan-Core02-AR6140-GigabitEthernet0/0/2]ip ad 10.1.23.3 24?

[HZ-HZXiaoYuan-Core02-AR6140-GigabitEthernet0/0/2]int lo 0?

[HZ-HZXiaoYuan-Core02-AR6140-LoopBack0]ip ad 10.1.3.3 32?

[HZ-HZXiaoYuan-Core02-AR6140-LoopBack0]?

[HZ-HZEDU-Edge01-AR6140]int g0/0/0?

[HZ-HZEDU-Edge01-AR6140-GigabitEthernet0/0/0]ip ad 192.168.4.254 24?

[HZ-HZEDU-Edge01-AR6140-GigabitEthernet0/0/0]int s 4/0/0?

[HZ-HZEDU-Edge01-AR6140-Serial4/0/0]ip ad 10.2.14.4 24?

[HZ-HZEDU-Edge01-AR6140-Serial4/0/0]int lo 0?

[HZ-HZEDU-Edge01-AR6140-LoopBack0]ip ad 10.1.4.4 32?

[HZ-HZEDU-Edge01-AR6140-LoopBack0]?

[SH-SHXiaoYuan-Edge01-AR6140]int g0/0/0?

[SH-SHXiaoYuan-Edge01-AR6140-GigabitEthernet0/0/0]ip ad 10.1.15.5 24?

[SH-SHXiaoYuan-Edge01-AR6140-GigabitEthernet0/0/0]int g0/0/1?

[SH-SHXiaoYuan-Edge01-AR6140-GigabitEthernet0/0/1]ip ad 192.168.5.254 24?

[SH-SHXiaoYuan-Edge01-AR6140-GigabitEthernet0/0/1]int lo 0?

[SH-SHXiaoYuan-Edge01-AR6140-LoopBack0]ip ad 10.1.5.5 32?

[SH-SHXiaoYuan-Edge01-AR6140-LoopBack0]?

[HZ-HZXiaoYuan-Agg01-S5731]int v 10?

[HZ-HZXiaoYuan-Agg01-S5731-Vlanif10]ip ad 192.168.10.100 24?

[HZ-HZXiaoYuan-Agg01-S5731-Vlanif10]int v 20?

[HZ-HZXiaoYuan-Agg01-S5731-Vlanif20]ip ad 192.168.20.101 24?

[HZ-HZXiaoYuan-Agg01-S5731-Vlanif20]int v100?

[HZ-HZXiaoYuan-Agg01-S5731-Vlanif100]ip a 10.1.26.6 24?

[HZ-HZXiaoYuan-Agg01-S5731-Vlanif100]int lo 0?

[HZ-HZXiaoYuan-Agg01-S5731-LoopBack0]ip ad 10.1.6.6 32?

[HZ-HZXiaoYuan-Agg01-S5731-LoopBack0]?

[HZ-HZXiaoYuan-Agg02-S5731]int v 10?

[HZ-HZXiaoYuan-Agg02-S5731-Vlanif10]ip ad 192.168.10.101 24?

[HZ-HZXiaoYuan-Agg02-S5731-Vlanif10]int v 20?

[HZ-HZXiaoYuan-Agg02-S5731-Vlanif20]ip ad 192.168.20.100 24?

[HZ-HZXiaoYuan-Agg02-S5731-Vlanif20]int v 101?

[HZ-HZXiaoYuan-Agg02-S5731-Vlanif101]ip ad 10.1.37.7 24?

[HZ-HZXiaoYuan-Agg02-S5731-Vlanif101]int lo 0?

[HZ-HZXiaoYuan-Agg02-S5731-LoopBack0]ip ad 10.1.7.7 32?

[HZ-HZXiaoYuan-Agg02-S5731-LoopBack0]?

任務(wù)5：RSTP

為了防止二層網(wǎng)絡(luò)中出現(xiàn)環(huán)路，導(dǎo)致廣播風(fēng)暴等問(wèn)題。在Acc01、Acc02、Agg01、Agg02之間配置STP協(xié)議。

1. STP模式為RSTP。要求通過(guò)使用“stp root primary/secondary" 命令，使得Agg01為根橋，Agg02為備份根橋。
2. 為了保證網(wǎng)絡(luò)連通性，在不改變交換機(jī)角色的前提下，通過(guò)修改接入層交換機(jī)接口的開(kāi)銷值使得Acc01-Agg01、Acc02-Agg02 這兩條鏈路被阻塞，必要的接口開(kāi)銷值改為200000。
3. 為了最大限度的保證網(wǎng)絡(luò)的穩(wěn)定性，避免主機(jī)頻繁重啟導(dǎo)致的網(wǎng)絡(luò)波動(dòng)。要求所有與PC相連的交換機(jī)端口，不參加STP計(jì)算，直接進(jìn)入Forwarding狀態(tài)轉(zhuǎn)發(fā)。

[HZ-HZXiaoYuan-Agg01-S5731]stp mode rstp ?

[HZ-HZXiaoYuan-Agg01-S5731]stp root primary ?

[HZ-HZXiaoYuan-Agg02-S5731]stp mode rstp?

[HZ-HZXiaoYuan-Agg02-S5731]stp root secondary ?

[HZ-HZXiaoYuan-Acc02-S5731]stp mode rstp?

[HZ-HZXiaoYuan-Acc01-S5731]stp mode rstp?

[HZ-HZXiaoYuan-Acc01-S5731-GigabitEthernet0/0/3] stp instance 0 cost 200000?

[HZ-HZXiaoYuan-Acc02-S5731]int g0/0/24?

[HZ-HZXiaoYuan-Acc02-S5731-GigabitEthernet0/0/24]stp edged-port enable ?

[HZ-HZXiaoYuan-Acc02-S5731-GigabitEthernet0/0/24]int g0/0/23?

[HZ-HZXiaoYuan-Acc02-S5731-GigabitEthernet0/0/23]stp edged-port enable?

[HZ-HZXiaoYuan-Acc01-S5731]int g0/0/24?

[HZ-HZXiaoYuan-Acc01-S5731-GigabitEthernet0/0/24]stp edged-port enable ?

[HZ-HZXiaoYuan-Acc01-S5731-GigabitEthernet0/0/24]?

任務(wù)6：VRRP

單一網(wǎng)關(guān)的設(shè)置，在物理設(shè)備與鏈路出現(xiàn)故障時(shí)，會(huì)導(dǎo)致大量用戶無(wú)法上網(wǎng)的情況。為了保證校園網(wǎng)中宿舍樓及教學(xué)樓的終端訪問(wèn)網(wǎng)絡(luò)的穩(wěn)定性，在校園網(wǎng)絡(luò)的網(wǎng)關(guān)位置進(jìn)行冗余備份配置，通過(guò)在Agg01、Agg02 上部署VRRP協(xié)議，滿足上述要求。

1. VLAN 10使用VRRP備份組1, VRRP備份組1虛擬IP地址為192.168.10.254。VLAN 20使用VRRP備份組2, VRRP 備份組2虛擬IP地址為192.168.20.254。
2. VRRP 備份組1以Agg01為主網(wǎng)關(guān)(優(yōu)先級(jí)為120) ，Agg02作為備份網(wǎng)關(guān)(優(yōu)先級(jí)為缺省); VRRP備份組2以Agg02為主網(wǎng)關(guān)(優(yōu)先級(jí)為120)，Agg01 作為備份網(wǎng)關(guān)(優(yōu)先級(jí)為缺省)。
3. 分別在兩個(gè)備份組中監(jiān)測(cè)上行接口，當(dāng)上行接口出現(xiàn)故障時(shí)主網(wǎng)關(guān)優(yōu)先級(jí)降低30，主動(dòng)完成切換。

[HZ-HZXiaoYuan-Agg01-S5731]int v 10?

[HZ-HZXiaoYuan-Agg01-S5731-Vlanif10]vrrp vrid 1 virtual-ip 192.168.10.254?

[HZ-HZXiaoYuan-Agg01-S5731-Vlanif10]int v 20?

[HZ-HZXiaoYuan-Agg01-S5731-Vlanif20]vrrp vrid 2 virtual-ip 192.168.20.254?

[HZ-HZXiaoYuan-Agg01-S5731-Vlanif20]int v10?

[HZ-HZXiaoYuan-Agg01-S5731-Vlanif10]vrrp vrid 1 priority 120?

[HZ-HZXiaoYuan-Agg01-S5731-Vlanif10]vrrp vrid 1 track int g0/0/24 reduced 30?

[HZ-HZXiaoYuan-Agg02-S5731]int v 10?

[HZ-HZXiaoYuan-Agg02-S5731-Vlanif10]vrrp vrid 1 virtual-ip 192.168.10.254?

[HZ-HZXiaoYuan-Agg02-S5731-Vlanif10]int v 20?

[HZ-HZXiaoYuan-Agg02-S5731-Vlanif20]vrrp vrid 2 virtual-ip 192.168.20.254 ?

[HZ-HZXiaoYuan-Agg02-S5731-Vlanif20]vrrp vrid 2 priority 120?

[HZ-HZXiaoYuan-Agg02-S5731-Vlanif20]vrrp vrid 2 track int g0/0/24 reduced 30?

任務(wù)7：OSPF

為了滿足校園網(wǎng)中眾多設(shè)備之間的三層訪問(wèn)，且避免路由環(huán)路的出現(xiàn)，保證后期校園網(wǎng)絡(luò)的擴(kuò)展性，選用動(dòng)態(tài)路由協(xié)議OSPF作為本校園網(wǎng)絡(luò)的IGP。

1. Agg01、 Agg02、Core01、Core02、HZ-HZXiaoYuan-Edge01-AR6140 (除S4/0/0 )、SH-SHXiaoYuan-Edge01-AR6140之間運(yùn)行OSPF，配置OSPF進(jìn)程號(hào)為1，SHXiaoYuan- Edge01的所有接口及HZXiaoYuan的GE0/0/2接口在區(qū)域1，其他都在骨干區(qū)域。多區(qū)域配置的命令：area 1 network x.x.x.x x.x.x.x
2. 在創(chuàng)建OSPF進(jìn)程時(shí)手動(dòng)設(shè)定Router ID與環(huán)回口地址一致。要求所有網(wǎng)段采用32位精確宣告。例如：將1.2.3.4/24 此地址進(jìn)行32位宣告的命令為Network 1.2.3.4 0.0.0.0。
3. 修改
4. 為了加強(qiáng)攻擊行為的防范性，在HZXiaoYuan-Edge01、Core01、Core02 三臺(tái)設(shè)備的互聯(lián)接口上配置接口認(rèn)證，選擇md5加密算法，認(rèn)證密鑰ID為1，密鑰類型為cipher，密碼為huawei。

[HZ-HZXiaoYuan-Agg01-S5731]ospf 1 r 10.1.6.6?

[HZ-HZXiaoYuan-Agg01-S5731-ospf-1]a 0?

[HZ-HZXiaoYuan-Agg01-S5731-ospf-1-area-0.0.0.0] network 10.1.6.6 0.0.0.0?

[HZ-HZXiaoYuan-Agg01-S5731-ospf-1-area-0.0.0.0]net 192.168.10.100 0.0.0.0?

[HZ-HZXiaoYuan-Agg01-S5731-ospf-1-area-0.0.0.0]net 192.168.20.101 0.0.0.0?

[HZ-HZXiaoYuan-Agg01-S5731-ospf-1-area-0.0.0.0]net 10.1.26.6 0.0.0.0?

[HZ-HZXiaoYuan-Agg01-S5731-ospf-1-area-0.0.0.0]?

[HZ-HZXiaoYuan-Agg02-S5731] ospf 1 router-id 10.1.7.7 ?

[HZ-HZXiaoYuan-Agg02-S5731-ospf-1]a 0?

[HZ-HZXiaoYuan-Agg02-S5731-ospf-1-area-0.0.0.0] network 10.1.7.7 0.0.0.0?

[HZ-HZXiaoYuan-Agg02-S5731-ospf-1-area-0.0.0.0]net 192.168.10.101 0.0.0.0?

[HZ-HZXiaoYuan-Agg02-S5731-ospf-1-area-0.0.0.0]net 192.168.20.100 0.0.0.0?

[HZ-HZXiaoYuan-Agg02-S5731-ospf-1-area-0.0.0.0]net 10.1.37.7 0.0.0.0?

[HZ-HZXiaoYuan-Core01-AR6140] ospf 1 router-id 10.1.2.2?

[HZ-HZXiaoYuan-Core01-AR6140-ospf-1]a 0?

[HZ-HZXiaoYuan-Core01-AR6140-ospf-1-area-0.0.0.0] network 10.1.2.2 0.0.0.0?

[HZ-HZXiaoYuan-Core01-AR6140-ospf-1-area-0.0.0.0]net 10.1.12.2 0.0.0.0?

[HZ-HZXiaoYuan-Core01-AR6140-ospf-1-area-0.0.0.0]net 10.1.26.2 0.0.0.0?

[HZ-HZXiaoYuan-Core01-AR6140-ospf-1-area-0.0.0.0]net 10.1.23.2 0.0.0.0?

[HZ-HZXiaoYuan-Core02-AR6140]ospf 1 r 10.1.3.3?

[HZ-HZXiaoYuan-Core02-AR6140-ospf-1]a 0?

[HZ-HZXiaoYuan-Core02-AR6140-ospf-1-area-0.0.0.0] network 10.1.3.3 0.0.0.0?

[HZ-HZXiaoYuan-Core02-AR6140-ospf-1-area-0.0.0.0]net 10.1.37.3 0.0.0.0?

[HZ-HZXiaoYuan-Core02-AR6140-ospf-1-area-0.0.0.0]net 10.1.13.3 0.0.0.0?

[HZ-HZXiaoYuan-Core02-AR6140-ospf-1-area-0.0.0.0]net 10.1.23.3 0.0.0.0?

[HZ-HZXiaoYuan-Core02-AR6140-ospf-1-area-0.0.0.0]?

[HZ-HZXiaoYuan-Edge01-AR6140] ospf 1 router-id 10.1.1.1?

[HZ-HZXiaoYuan-Edge01-AR6140-ospf-1]a 1?

[HZ-HZXiaoYuan-Edge01-AR6140-ospf-1-area-0.0.0.1]net 10.1.15.1 0.0.0.0?

[HZ-HZXiaoYuan-Edge01-AR6140-ospf-1-area-0.0.0.1]q ?

[HZ-HZXiaoYuan-Edge01-AR6140-ospf-1]a 0?

[HZ-HZXiaoYuan-Edge01-AR6140-ospf-1-area-0.0.0.0] network 10.1.1.1 0.0.0.0?

[HZ-HZXiaoYuan-Edge01-AR6140-ospf-1-area-0.0.0.0] network 10.1.12.1 0.0.0.0?

[HZ-HZXiaoYuan-Edge01-AR6140-ospf-1-area-0.0.0.0]network 10.1.13.1 0.0.0.0?

[SH-SHXiaoYuan-Edge01-AR6140] ospf 1 router-id 10.1.5.5?

[SH-SHXiaoYuan-Edge01-AR6140-ospf-1]a 1?

[SH-SHXiaoYuan-Edge01-AR6140-ospf-1-area-0.0.0.1] network 10.1.5.5 0.0.0.0?

[SH-SHXiaoYuan-Edge01-AR6140-ospf-1-area-0.0.0.1]net 10.1.15.5 0.0.0.0?

[SH-SHXiaoYuan-Edge01-AR6140-ospf-1-area-0.0.0.1]net 192.168.5.254 0.0.0.0?

[HZ-HZXiaoYuan-Edge01-AR6140]int g0/0/0?

[HZ-HZXiaoYuan-Edge01-AR6140-GigabitEthernet0/0/0]ospf dr-priority 255?

[HZ-HZXiaoYuan-Edge01-AR6140]int g0/0/0?

[HZ-HZXiaoYuan-Edge01-AR6140-GigabitEthernet0/0/0]ospf authentication-mode md5 1 cipher huawei?

[HZ-HZXiaoYuan-Edge01-AR6140-GigabitEthernet0/0/0]int g0/0/1?

[HZ-HZXiaoYuan-Edge01-AR6140-GigabitEthernet0/0/1]ospf authentication-mode md5 1 cipher huawei?

[HZ-HZXiaoYuan-Core01-AR6140]int g0/0/0?

[HZ-HZXiaoYuan-Core01-AR6140-GigabitEthernet0/0/0]ospf authentication-mode md5 1 cipher huawei?

[HZ-HZXiaoYuan-Core01-AR6140-GigabitEthernet0/0/0]int g0/0/2?

[HZ-HZXiaoYuan-Core01-AR6140-GigabitEthernet0/0/2]ospf authentication-mode md5 1 cipher huawei?

[HZ-HZXiaoYuan-Core02-AR6140]int g0/0/2?

[HZ-HZXiaoYuan-Core02-AR6140-GigabitEthernet0/0/2]ospf authentication-mode md5 1 cipher huawei?

[HZ-HZXiaoYuan-Core02-AR6140-GigabitEthernet0/0/2]int g0/0/1?

[HZ-HZXiaoYuan-Core02-AR6140-GigabitEthernet0/0/1]ospf authentication-mode md5 1 cipher huawei?

任務(wù)8：出口設(shè)計(jì)

1. 為保證網(wǎng)絡(luò)出口的安全性， HZXiaoYuan-Edge01與HZEDU-Edge01之間的PPP鏈路采用CHAP方式進(jìn)行驗(yàn)證，HZEDU-Edge01作為驗(yàn)證方，用戶名為huawei，密碼為Huawei123。

2. HZ-HZXiaoYuan-Edge01-AR6140配置明細(xì)靜態(tài)路由使得校園網(wǎng)內(nèi) PC 可以訪問(wèn)教育網(wǎng)中終端PC4所在的網(wǎng)段( 192.168.4.0/24 )，下一跳為HZ-HZEDU-Edge01-AR6140的S4/0/0口。HZ-HZEDU-Edge01-AR6140配置缺省路由訪問(wèn)校園網(wǎng)內(nèi)部，下一跳為HZ-HZXiaoYuan-Edge01-AR6140的S4/0/0口。

[HZ-HZEDU-Edge01-AR6140]aaa?

[HZ-HZEDU-Edge01-AR6140-aaa]local-user huawei password cipher Huawei123?

[HZ-HZEDU-Edge01-AR6140-aaa]local-user huawei service-type ppp?

[HZ-HZEDU-Edge01-AR6140-aaa]int s 4/0/0?

[HZ-HZEDU-Edge01-AR6140-Serial4/0/0]ppp authentication-mode chap?

[HZ-HZXiaoYuan-Edge01-AR6140]int s4/0/0?

[HZ-HZXiaoYuan-Edge01-AR6140-Serial4/0/0]ppp chap password cipher Huawei123?

[HZ-HZEDU-Edge01-AR6140] ip route-static 0.0.0.0 0.0.0.0 10.2.14.1?

[HZ-HZXiaoYuan-Edge01-AR6140] ip route-static 192.168.4.0 255.255.255.0 10.2.14.4?

任務(wù)9：路由引入

為了使內(nèi)網(wǎng)用戶能夠訪問(wèn)教育網(wǎng)，需要將教育網(wǎng)中的路由條目引入校園網(wǎng)，且在計(jì)算開(kāi)銷時(shí)最大限度的保證精確，在HZ-HZXiaoYuan-Edge01-AR6140上將靜態(tài)路由引入OSPF，并設(shè)置為1類外部路由。

路由引入的命令為: Import-route <protocol> type <1/2>

[HZ-HZXiaoYuan-Edge01-AR6140]ospf ?

[HZ-HZXiaoYuan-Edge01-AR6140-ospf-1]import-route static type 1?文章來(lái)源地址http://www.zghlxwxcb.cn/news/detail-453901.html

到了這里，關(guān)于華為1+X認(rèn)證網(wǎng)絡(luò)系統(tǒng)管理與運(yùn)維中級(jí)實(shí)驗(yàn)的文章就介紹完了。如果您還想了解更多內(nèi)容，請(qǐng)?jiān)谟疑辖撬阉鱐OY模板網(wǎng)以前的文章或繼續(xù)瀏覽下面的相關(guān)文章，希望大家以后多多支持TOY模板網(wǎng)！