HCIE-R&S Huawei Certified Internetwork Expert-Routing and Switching Training Lab Guide 228 Pages
December 22, 2016 | Author: Chua Hian Koon | Category: N/A
Short Description
HCIE R&S Huawei Certified Internetwork Expert-Routing and Switching Training Lab Guide 228 Pages...
Description
RIP Hands-on Exercise Guide
Confidentiality Level
HCIE-R&S Exercise Guide Chapter 1 RIP Hands-on Exercise Guide...................................................................................... 4 Overview ................................................................................................................................... 4 Objectives.................................................................................................................................. 4 Tasks .......................................................................................................................................... 4 Topology .................................................................................................................................... 5 IP Address Table ........................................................................................................................ 5 Configuration and Verification .................................................................................................. 6 Questions ................................................................................................................................ 14 Configuration List .................................................................................................................... 14 Chapter 2 OSPF Hands-on Exercise Guide ................................................................................ 20 Overview ................................................................................................................................. 20 Objectives................................................................................................................................ 21 Tasks ........................................................................................................................................ 21 Topology .................................................................................................................................. 22 IP Address Table ...................................................................................................................... 22 Configuration and Verification ................................................................................................ 23 Questions ................................................................................................................................ 32 Configuration List .................................................................................................................... 33 Chapter 3 IS-IS Hands-on Exercise Guide ................................................................................. 42 Overview ................................................................................................................................. 42 Objectives................................................................................................................................ 43 Tasks ........................................................................................................................................ 43 Topology .................................................................................................................................. 44 IP Address Table ...................................................................................................................... 44 Configuration and Verification ................................................................................................ 45 Questions ................................................................................................................................ 53 Configuration List .................................................................................................................... 53 Chapter 4 BGP Basics Hands-on Exercise Guide ....................................................................... 62 Overview ................................................................................................................................. 62 Objectives................................................................................................................................ 62 Tasks ........................................................................................................................................ 62 Topology .................................................................................................................................. 63 IP Address Table ...................................................................................................................... 63 Configuration and Verification ................................................................................................ 64 Questions ................................................................................................................................ 70 Configuration List .................................................................................................................... 70 Chapter 5 BGP Advanced Hands-on Exercise Guide ................................................................ 77 Overview ................................................................................................................................. 77 Objectives................................................................................................................................ 78 2015-8-31
Huawei Confidential
Page 1 of 226
RIP Hands-on Exercise Guide
Confidentiality Level
Tasks ........................................................................................................................................ 78 Topology .................................................................................................................................. 79 IP Address Table ...................................................................................................................... 79 Configuration and Verification ................................................................................................ 80 Questions ................................................................................................................................ 89 Configuration List .................................................................................................................... 89 Chapter 6 Route Import and Control Hands-on Exercise Guide ........................................... 101 Overview ...............................................................................................................................101 Objectives..............................................................................................................................101 Tasks ......................................................................................................................................101 Topology ................................................................................................................................102 IP Address Table ....................................................................................................................102 Configuration and Verification ..............................................................................................103 Questions ..............................................................................................................................107 Configuration List ..................................................................................................................107 Chapter 7 VLAN Hands-on Exercise Guide ............................................................................. 117 Overview ...............................................................................................................................117 Objectives..............................................................................................................................117 Tasks ......................................................................................................................................117 Topology ................................................................................................................................119 IP Address Table ....................................................................................................................119 Configuration and Verification ..............................................................................................120 Questions ..............................................................................................................................128 Configuration List ..................................................................................................................128 Chapter 8 LAN Layer 2 Technology Hands-on Exercise Guide ............................................. 135 Overview ...............................................................................................................................135 Objectives..............................................................................................................................135 Tasks ......................................................................................................................................135 Topology ................................................................................................................................136 IP Address Table ....................................................................................................................136 Configuration and Verification ..............................................................................................136 Questions ..............................................................................................................................141 Configuration List ..................................................................................................................141 Chapter 9 WAN Layer 2 Technology Hands-on Exercise Guide ............................................. 146 Overview ...............................................................................................................................146 Objectives..............................................................................................................................146 Tasks ......................................................................................................................................146 Topology ................................................................................................................................147 IP Address Table ....................................................................................................................147 Configuration and Verification ..............................................................................................147 Questions ..............................................................................................................................149 Configuration List ..................................................................................................................149 Chapter 10 STP Hands-on Exercise Guide ............................................................................... 155 Overview ...............................................................................................................................155 2015-8-31
Huawei Confidential
Page 2 of 226
RIP Hands-on Exercise Guide
Confidentiality Level
Objectives..............................................................................................................................155 Tasks ......................................................................................................................................155 Topology ................................................................................................................................156 IP Address Table ....................................................................................................................156 Configuration and Verification ..............................................................................................157 Questions ..............................................................................................................................161 Configuration List ..................................................................................................................161 Chapter 11 Multicast Hands-on Exercise Guide ...................................................................... 168 Overview ...............................................................................................................................168 Objectives..............................................................................................................................169 Tasks ......................................................................................................................................169 Topology ................................................................................................................................170 IP Address Table ....................................................................................................................170 Configuration and Verification ..............................................................................................171 Questions ..............................................................................................................................175 Configuration List ..................................................................................................................175 Chapter 12 IPv6 Hands-on Exercise Guide .............................................................................. 185 Overview ...............................................................................................................................185 Objectives..............................................................................................................................186 Tasks ......................................................................................................................................186 Topology ................................................................................................................................187 IP Address Table ....................................................................................................................187 Configuration and Verification ..............................................................................................187 Configuration List ..................................................................................................................192 Chapter 13 Hands-on Exercise Guide to Other Features ........................................................ 203 Overview ...............................................................................................................................203 Objectives..............................................................................................................................205 Tasks ......................................................................................................................................205 Topology ................................................................................................................................206 IP Address Table ....................................................................................................................206 Configuration and Verification ..............................................................................................207 Questions ..............................................................................................................................213 Configuration List ..................................................................................................................213
2015-8-31
Huawei Confidential
Page 3 of 226
RIP Hands-on Exercise Guide
Confidentiality Level
Chapter 1 RIP Hands-on Exercise Guide Overview The Routing Information Protocol (RIP) is a simple Interior Gateway Protocol (IGP). It is used on small-scale networks such as campus networks and simple regional networks. It is not suitable for complex and large networks. As a distance-vector routing protocol, RIP exchanges routing information through User Datagram Protocol (UDP) packets with port 520. RIP measures the distance from a source to a destination by a metric known as hop count. In RIP, by default, the hop count from a device to its directly connected network is 0, and the hop count from a device to a network that is reachable through another device is 1. That is, the hop count (metric) equals the number of devices along the path from the local network to the destination network. To restrict the route convergence time, RIP requires that the hop count be an integer ranging from 0 to 15. A hop count of 16 is defined as infinite. That is, the destination network or host is unreachable. Due to this restriction, RIP cannot be used in large networks. To improve performance and prevent routing loops, RIP supports split horizon and poison reverse. As one of the earliest forms of IGP, RIP is designed for small and medium-scale networks. RIP implementation, configuration, and maintenance are easier than those of OSPF and IS-IS, and so RIP is widely used on networks.
Objectives Upon completion of this exercise guide, you will be able to: Configure RIP. Learn about application scenarios of route summarization and perform the correct configuration. Modify the metrics of routes. Understand the compatibility of RIPv1 and RIPv2. Control the advertising and receiving of RIP routes. Configure advertisement of RIP default routes. Optimize a RIP network by adjusting parameters including authentication and timers. Troubleshoot RIP faults on RIP networks.
Tasks The following topology shows the network of Company A. Deploy the network according to the following requirements: (1) Run the default RIP version on R1 since R1 is a legacy device, and run RIPv2 on all other devices. Advertise the interfaces identified in the topology, and avoid advertising service networks 1.0.0.0/24, 2.0.0.0/24, 5.0.X.0/24, and 6.0.X.0/24 into RIP because traffic transmitted on these service networks is special. (2) Import service networks 1.0.0.0/24 and 2.0.0.0/24 into RIP, using the default metric. Prevent R2 from receiving the RIP packets sent by R1 to ensure security. (3) Avoid the impact of malicious users connecting to E0/0/1 of R2 on the network, but enable E0/0/1 to learn current network routes as it may connect to legitimate routers. (4) Ensure that the metric of routes to service network 1.0.0.0/8 learned on R4 is 4 and retain the default metric for all other routes. Do not perform the configuration on R4 for security purposes. (5) Import only service network segments 6.0.0.0/24 and 6.0.2.0/24 into RIP, and use the default metric for the imported routes. Use the least number of commands to meet this requirement. 2015-8-31
Huawei Confidential
Page 4 of 226
RIP Hands-on Exercise Guide
Confidentiality Level
(6) Import service network 5.0.X.0/24 into RIP, and summarize routes to improve efficiency. To prevent routing loops, do not use static routes. (7) Prevent R5 and R6 from directly exchanging routes for security purposes, but allow their networks to be reachable by one another. (8) Enable R4 that connects to the Internet as well as all the other devices to access the Internet. (9) Adjust RIP timers on the entire network to speed up RIP convergence. For example, set the update and aging timers to 20s and 100s respectively, and adjust the garbage-collect timer according to service requirements. (10) Configure plain-text authentication on some devices to ensure security, and set the password to Huawei.
Topology
IP Address Table Default
Device
Interface
IP Address
Subnet Mask
R1
E0/0/0
192.168.1.1
255.255.255.0
N/A
E0/0/0
192.168.1.2
255.255.255.0
N/A
E0/0/1
20.0.0.2
255.255.255.0
N/A
E0/0/0
192.168.1.3
255.255.255.0
N/A
G0/0/0
34.1.1.3
255.255.255.0
N/A
G0/0/0
34.1.1.4
255.255.255.0
N/A
E0/0/0
192.168.2.4
255.255.255.0
N/A
G0/0/1
40.0.0.4
255.255.255.0
N/A
E0/0/0
192.168.2.5
255.255.255.0
N/A
R2
R3
R4
R5 2015-8-31
Huawei Confidential
Gateway
Page 5 of 226
RIP Hands-on Exercise Guide
R6
Confidentiality Level
E0/0/0
192.168.2.6
255.255.255.0
N/A
Configuration and Verification 1. Run the default RIP version on R1 since R1 is a legacy device, and run RIPv2 on all other devices. Advertise the interfaces identified in the topology, and avoid advertising service networks 1.0.0.0/24, 2.0.0.0/24, 5.0.X.0/24, and 6.0.X.0/24 into RIP because traffic transmitted on these service networks is special. Perform basic configuration according to the address table, and then run the display rip 1 interface command to check whether RIP is enabled on related interfaces and whether interface addresses are configured correctly. The following uses the display of R2 as an example. [R2]display rip
1 interface
Interface
IP Address
Eth0/0/1
20.0.0.2
Eth0/0/0
192.168.1.2
State UP
Protocol
MTU
RIPv2 Multicast
UP
500
RIPv2 Multicast
500
During the configuration, advertise addresses of R2 interface (E0/0/1) and R4 interface (G0/0/1) in RIP to meet the requirement that interfaces identified in the experimental topology be advertised. You can also run the following commands to verify the results: display ip routing-table display rip 1 neighbor
2.
Import service networks 1.0.0.0/24 and 2.0.0.0/24 into RIP, using the default metric. Prevent R2 from receiving the RIP packets sent by R1 to ensure security. RIP can enable the function of silent-interface to limit the packet sending from this interface, also we can use the command "undo rip input/output "under interface. What’s more, filter-policy can be also used in the situation. After completing this task, run the display ip routing-table protocol rip command to view the RIP routing tables of R1 and R2. The following RIP routing tables show only key information, while other information is omitted. [R1]display ip routing-table protocol rip RIP routing table status : Destinations : 4 Destination/Mask
Proto
Routes : 4 Pre
Cost
Flags NextHop
Interface
2.0.0.0/24
RIP
100
1
D
192.168.1.2
Ethernet0/0/0
20.0.0.0/24
RIP
100
1
D
192.168.1.2
Ethernet0/0/0
34.1.1.0/24
RIP
100
1
D
192.168.1.3
Ethernet0/0/0
2015-8-31
Huawei Confidential
Page 6 of 226
RIP Hands-on Exercise Guide 192.168.2.0/24
RIP
Confidentiality Level
100
2
D
192.168.1.3
Ethernet0/0/0
[R2]display ip routing-table protocol rip RIP routing table status : Destinations : 2 Destination/Mask 34.1.1.0/24 192.168.2.0/24
Proto RIP RIP
Routes : 2 Pre 100 100
Cost 1
Flags NextHop D
2
D
192.168.1.3 192.168.1.3
Interface Ethernet0/0/0 Ethernet0/0/0
During the configuration, control the routes to be imported to meet the requirement that only external network routes 1.0.0.0/24 and 2.0.0.0/24 are imported. Therefore, other external routes must be filtered. R1 runs the default version, while R2 and R3 run RIPv2. Version compatibility must be considered. When RIP version is not specified for a Huawei device, the device can receive both RIPv1 and RIPv2 packets but can send only RIPv1 packets. To meet the requirement that R2 not receive the RIP packets sent by R1, R1 should unicast Update packets to R3, but R2 can accept RIPv2 broadcast packets, so R3 must update by RIPv2 broadcast . When RIP version is not specified for a Huawei device, the device broadcasts update packets. You can also run the following command to verify the results: display rip 1 route display rip 1 database
3.
Avoid the impact of malicious users connecting to E0/0/1 of R2 on the network, but enable E0/0/1 to learn current network routes as it may connect to legitimate routers. After completing this task, run the debugging rip 1 receive Ethernet 0/0/1 command. The command output is empty. According to the requirement, R2 interface E0/0/1 has been advertised in RIP. Therefore, the command output includes RIP information on this interface. How to filter RIP update packets when E0/0/1 is advertised should be considered.
4.
Ensure that the metric of routes to service network 1.0.0.0/8 learned on R4 is 4 and retain the default metric for all other routes. Do not perform the configuration on R4 for security purposes. After completing this task, run the display ip routing-table command to view the IP routing table of R4. The following IP routing table shows only key information, while other information is omitted. [R4]display ip routing-table Destination/Mask
Proto
Pre
Cost
Flags NextHop
Interface
1.0.0.0/8
RIP
100
4
D
34.1.1.3
GigabitEthernet0/0/0
2.0.0.0/24
RIP
100
2
D
34.1.1.3
GigabitEthernet0/0/0
20.0.0.0/24
RIP
100
2
D
34.1.1.3
GigabitEthernet0/0/0
2015-8-31
Huawei Confidential
Page 7 of 226
RIP Hands-on Exercise Guide 192.168.1.0/24
RIP
100
Confidentiality Level 1
D
34.1.1.3
GigabitEthernet0/0/0
During the configuration, to meet the requirement that the metric of route to 1.0.0.0/8 learned on R4 be 4, ensure that the cost of other RIP routes learned on R4 remains unchanged. You can also run the following command to verify the results: display rip 1 route
5.
Import only service network segments 6.0.0.0/24 and 6.0.2.0/24 into RIP, and use the default metric for the imported routes. Use the least number of commands to meet this requirement. After completing this task, run the display ip routing-table protocol rip command to view the RIP routing table of R4. The following RIP routing table shows only key information, while other information is omitted. [R4]display ip routing-table protocol rip RIP routing table status : Destinations : 6 Destination/Mask
Proto
Routes : 6 Pre
Cost
Flags NextHop
Interface
1.0.0.0/8
RIP
100
4
D
34.1.1.3
GigabitEthernet0/0/0
2.0.0.0/24
RIP
100
2
D
34.1.1.3
GigabitEthernet0/0/0
6.0.0.0/24
RIP
100
1
D
192.168.2.6
Ethernet0/0/0
6.0.2.0/24
RIP
100
1
D
192.168.2.6
Ethernet0/0/0
20.0.0.0/24
RIP
100
2
D
34.1.1.3
GigabitEthernet0/0/0
192.168.1.0/24
RIP
100
1
D
34.1.1.3
GigabitEthernet0/0/0
The default metric of routes imported in RIP on a Huawei device is 1. Additionally, ensure that the least number of commands are used. You can also run the following commands to verify the results: display acl all display ip ip-prefix
6.
Import service network 5.0.X.0/24 into RIP, and summarize routes to improve efficiency. To prevent routing loops, do not use static routes. After completing this task, run the display ip routing-table command to view the RIP routing table of R4. The following IP routing table shows only key information, while other information is omitted. [R4]display ip routing-table Destination/Mask
2015-8-31
Proto
Pre
Cost
Flags NextHop
Interface
1.0.0.0/8
RIP
100
4
D
34.1.1.3
GigabitEthernet0/0/0
2.0.0.0/24
RIP
100
2
D
34.1.1.3
GigabitEthernet0/0/0
Huawei Confidential
Page 8 of 226
RIP Hands-on Exercise Guide 5.0.0.0/8
RIP
100
Confidentiality Level
1
D
192.168.2.5
Ethernet0/0/0
6.0.0.0/24
RIP
100
1
D
192.168.2.6
Ethernet0/0/0
6.0.2.0/24
RIP
100
1
D
192.168.2.6
Ethernet0/0/0
20.0.0.0/24
RIP
100
2
D
34.1.1.3
GigabitEthernet0/0/0
192.168.1.0/24
RIP
100
1
D
34.1.1.3
GigabitEthernet0/0/0
To perform classful route summarization, summarize 5.0.X.0/24 into 5.0.0.0/8. When a Huawei device performs automatic or manual summarization, the device does not generate routes pointing to Null0. Therefore, consider how to prevent routing loops after route summarization is performed. You can also run the following commands to verify the results: display ip ip-prefix display route-policy
7.
Prevent R5 and R6 from directly exchanging routes for security purposes, but allow their networks to be reachable by one another. After completing this task, run the display rip 1 neighbor and display ip routing-table commands to view the neighbors and IP routing tables of R5 and R6, and perform ping tests between them. Only key information is displayed, while other information is omitted. [R5]display rip 1 neighbor --------------------------------------------------------------------IP Address
Interface
Type
Last-Heard-Time
--------------------------------------------------------------------192.168.2.4
Ethernet0/0/0
Number of RIP routes
[R6]display rip
RIP
0:0:15
: 2
1 neighbor
--------------------------------------------------------------------IP Address
Interface
Type
Last-Heard-Time
--------------------------------------------------------------------192.168.2.4
Ethernet0/0/0
Number of RIP routes
RIP
0:0:6
: 3
[R5]display ip routing-table Destination/Mask
2015-8-31
Proto
Pre
Cost
Flags NextHop
Huawei Confidential
Interface
Page 9 of 226
RIP Hands-on Exercise Guide
Confidentiality Level
1.0.0.0/8
RIP
100
5
D
192.168.2.4
Ethernet0/0/0
2.0.0.0/8
RIP
100
3
D
192.168.2.4
Ethernet0/0/0
6.0.0.0/8
RIP
100
2
D
192.168.2.4
Ethernet0/0/0
20.0.0.0/8
RIP
100
3
D
192.168.2.4
Ethernet0/0/0
34.0.0.0/8
RIP
100
1
D
192.168.2.4
Ethernet0/0/0
192.168.1.0/24
RIP
100
2
D
192.168.2.4
Ethernet0/0/0
[R6]display ip routing-table Destination/Mask
Proto
Pre
Cost
Flags NextHop
Interface
1.0.0.0/8
RIP
100
5
D
192.168.2.4
Ethernet0/0/0
2.0.0.0/8
RIP
100
3
D
192.168.2.4
Ethernet0/0/0
5.0.0.0/8
RIP
100
2
D
192.168.2.4
Ethernet0/0/0
6.0.0.0/8
RIP
100
2
D
192.168.2.4
Ethernet0/0/0
20.0.0.0/8
RIP
100
3
D
192.168.2.4
Ethernet0/0/0
34.0.0.0/8
RIP
100
1
D
192.168.2.4
Ethernet0/0/0
192.168.1.0/24
RIP
100
2
D
192.168.2.4
Ethernet0/0/0
[R5]ping 6.0.0.1 PING 6.0.0.1: 56
data bytes, press CTRL_C to break
Reply from 6.0.0.1: bytes=56 Sequence=1 ttl=255 time=70 ms Reply from 6.0.0.1: bytes=56 Sequence=2 ttl=255 time=70 ms Reply from 6.0.0.1: bytes=56 Sequence=3 ttl=255 time=80 ms Reply from 6.0.0.1: bytes=56 Sequence=4 ttl=255 time=100 ms Reply from 6.0.0.1: bytes=56 Sequence=5 ttl=255 time=80 ms
[R6]ping 5.0.0.1 PING 5.0.0.1: 56
data bytes, press CTRL_C to break
Reply from 5.0.0.1: bytes=56 Sequence=1 ttl=255 time=90 ms Reply from 5.0.0.1: bytes=56 Sequence=2 ttl=255 time=60 ms
2015-8-31
Huawei Confidential
Page 10 of 226
RIP Hands-on Exercise Guide
Confidentiality Level
Reply from 5.0.0.1: bytes=56 Sequence=3 ttl=255 time=80 ms Reply from 5.0.0.1: bytes=56 Sequence=4 ttl=255 time=90 ms Reply from 5.0.0.1: bytes=56 Sequence=5 ttl=255 time=40 ms
By default, R5 and R6 multicast update packets. That is, R5 and R6 receive update packets from one another. When R5 and R6 send RIP update packets only to R4, R4 does not send the update packets back to R5 or R6 via the inbound interface of the update packets due to the loop prevention mechanism. You can also run the following command to verify the results: debugging rip 1
8.
Enable R4 that connects to the Internet as well as all the other devices to access the Internet. RIP must combine the static default route to advertise dynamic default route. After completing this task, run the display ip routing-table command to view the IP routing tables of R1 and R4. The following IP routing table shows only key information, while other information is omitted. [R1]display ip routing-table Destination/Mask
Proto
Pre
Cost
Flags NextHop
Interface
0.0.0.0/0
RIP
100
2
D
192.168.1.3
Ethernet0/0/0
2.0.0.0/24
RIP
100
1
D
192.168.1.2
Ethernet0/0/0
5.0.0.0/8
RIP
100
3
D
192.168.1.3
Ethernet0/0/0
6.0.0.0/24
RIP
100
3
D
192.168.1.3
Ethernet0/0/0
6.0.2.0/24
RIP
100
3
D
192.168.1.3
Ethernet0/0/0
20.0.0.0/24
RIP
100
1
D
192.168.1.2
Ethernet0/0/0
34.1.1.0/24
RIP
100
1
D
192.168.1.3
Ethernet0/0/0
40.0.0.0/24
RIP
100
2
D
192.168.1.3
Ethernet0/0/0
192.168.2.0/24
RIP
100
2
D
192.168.1.3
Ethernet0/0/0
[R4]display ip routing-table Destination/Mask
Proto
0.0.0.0/0
Static
1.0.0.0/8
2015-8-31
Pre
Cost
Flags NextHop
Interface
60
0
D
40.0.0.4
GigabitEthernet0/0/1
RIP
100
4
D
34.1.1.3
GigabitEthernet0/0/0
2.0.0.0/24
RIP
100
2
D
34.1.1.3
GigabitEthernet0/0/0
5.0.0.0/8
RIP
100
1
D
192.168.2.5
Ethernet0/0/0
Huawei Confidential
Page 11 of 226
RIP Hands-on Exercise Guide 6.0.0.0/24
RIP
100
1
D
192.168.2.6
Ethernet0/0/0
6.0.2.0/24
RIP
100
1
D
192.168.2.6
Ethernet0/0/0
20.0.0.0/24
RIP
100
2
D
34.1.1.3
GigabitEthernet0/0/0
192.168.1.0/24
9.
Confidentiality Level
RIP
100
1
D
34.1.1.3
GigabitEthernet0/0/0
Adjust RIP timers on the entire network to speed up RIP convergence. For example, set the update and aging timers to 20s and 100s respectively, and adjust the garbage-collect timer according to service requirements. After completing this task, run the display rip 1 command to view the settings of timers. The following uses the display of R1 as an example. Only key information is displayed, while other information is omitted. [R1]display rip 1 Public VPN-instance RIP process : 1 RIP version
: 1
Preference
: 100
Checkzero
: Enabled
Default-cost Summary
: 0 : Enabled
Host-route
: Enabled
Maximum number of balanced paths : 32 Update time
: 20 sec
Age time : 100 sec
Garbage-collect time : 30 sec
Actually, there is no direct relationship between the update and garbage-collect timers. However, the test experience tells us that the update timer value should be smaller than the garbage-collect timer value.
10. Configure plain-text authentication on some devices to ensure security, and set the password to Huawei. After completing this task, run the display rip 1 interface command to view the authentication settings. The following uses the display of R4 as an example. [R4]display
rip
1 interface verbose
GigabitEthernet0/0/0(34.1.1.4) State
2015-8-31
: UP
MTU
: 500
Huawei Confidential
Page 12 of 226
RIP Hands-on Exercise Guide Metricin
: 0
Metricout
: 1
Input Protocol Send version
: Enabled
Confidentiality Level
Output : Enabled
: RIPv2 Multicast : RIPv2 Multicast Packets
Receive version : RIPv2 Multicast and Broadcast Packets Poison-reverse
: Disabled
Split-Horizon
: Enabled
Authentication type
: Simple
Replay Protection
: Disabled
GigabitEthernet0/0/1(40.0.0.4) State
: UP
Metricin
: 0
Metricout
: 1
Input Protocol Send version
MTU
: Enabled
: 500
Output : Enabled
: RIPv2 Multicast : RIPv2 Multicast Packets
Receive version : RIPv2 Multicast and Broadcast Packets Poison-reverse
: Disabled
Split-Horizon
: Enabled
Authentication type
: Simple
Replay Protection
: Disabled
Ethernet0/0/0(192.168.2.4) State
: UP
Metricin
: 0
Metricout
: 1
Input Protocol Send version
2015-8-31
: Enabled
MTU
: 500
Output : Enabled
: RIPv2 Multicast : RIPv2 Multicast Packets
Huawei Confidential
Page 13 of 226
RIP Hands-on Exercise Guide
Confidentiality Level
Receive version : RIPv2 Multicast and Broadcast Packets Poison-reverse
: Disabled
Split-Horizon
: Disabled
Authentication type
: Simple
Replay Protection
: Disabled
The authentication password is case-sensitive. R1 runs the Huawei default version, which does not support authentication. Therefore, pay more attention when performing configurations on R1, R2, and R3.
Questions In requirement 2, when version compatibility is not considered, can R2 learn routes to 1.0.0.0/24 based on the existing configuration? R2 can’t receive R3’s update about 1.0.0.0/24 even if RIPv1 compatible with RIPv2. RIP has default rule of split-horizon under interface so the segment network 1.0.0.0 will never send again from the interface E3/0/0 in R3 unless we disable split-horizon. In requirement 4, why does 1.0.0.0/8 but not 1.0.0.0/24 exist? RIP doesn’t support VLSM by using RIPv1. RIPv1 processes packets based on the main class network segment mask or interface address mask so R3 gets 1.0.0.0/8 In requirement 7, does any problem occur when you ping 6.1.1.1 from R5, if so, how to solve the problem, and why are routes to the peer end learned by R5 and R6? When R5 tries to ping 6.1.1.1, the request will send to R4, R4 will choose G0/0/1 as output interface via default route. But the route can’t arrive because it’s not real in this topology so we need to configure a static route with Null0 as next hop to avoid loop. Because RIPv2 enable the feature of summary by default so R5 and R6 all get /8 routes. If we want to get detail routes we just use command of undo summary.
Configuration List display current-configuration # sysname R1 # interface Ethernet0/0/0 ip address 192.168.1.1 255.255.255.0 # interface LoopBack0 ip address 1.0.0.1 255.255.255.0 # rip 1
2015-8-31
Huawei Confidential
Page 14 of 226
RIP Hands-on Exercise Guide
Confidentiality Level
peer 192.168.1.3 network 192.168.1.0 silent-interface Ethernet0/0/0 timers rip 20 100 30 import-route direct route-policy DIRECT # route-policy DIRECT permit node 10 if-match ip-prefix 10 # ip ip-prefix 10 index 10 permit 1.0.0.0 24 # return
display current-configuration # sysname R2 # interface Ethernet0/0/0 ip address 192.168.1.2 255.255.255.0 interface Ethernet0/0/1 ip address 20.0.0.2 255.255.255.0 undo rip input # interface LoopBack0 ip address 2.0.0.1 255.255.255.0 # rip 1 version 2 network 192.168.1.0
2015-8-31
Huawei Confidential
Page 15 of 226
RIP Hands-on Exercise Guide
Confidentiality Level
network 20.0.0.0 timers rip 20 100 30 import-route direct route-policy DIRECT # route-policy DIRECT permit node 10 if-match ip-prefix 10 # ip ip-prefix 10 index 10 permit 2.0.0.0 24 # return
display current-configuration # sysname R3 # interface Ethernet0/0/0 ip address 192.168.1.3 255.255.255.0 rip version 2 broadcast # interface GigabitEthernet0/0/0 ip address 34.1.1.3 255.255.255.0 rip authentication-mode simple plain Huawei rip metricout ip-prefix 10 3 # rip 1 version 2 network 192.168.1.0 network 34.0.0.0 timers rip 20 100 30
2015-8-31
Huawei Confidential
Page 16 of 226
RIP Hands-on Exercise Guide
Confidentiality Level
# ip ip-prefix 10 index 10 permit 1.0.0.0 8 # return
display current-configuration # sysname R4 # interface Ethernet0/0/0 ip address 192.168.2.4 255.255.255.0 rip authentication-mode simple plain Huawei # interface GigabitEthernet0/0/0 ip address 34.1.1.4 255.255.255.0 rip authentication-mode simple plain Huawei # interface GigabitEthernet0/0/1 ip address 40.0.0.4 255.255.255.0 rip authentication-mode simple plain Huawei # rip 1 default-route originate version 2 network 192.168.2.0 network 34.0.0.0 network 40.0.0.0 timers rip 20 100 30 #
2015-8-31
Huawei Confidential
Page 17 of 226
RIP Hands-on Exercise Guide
Confidentiality Level
ip route-static 0.0.0.0 0.0.0.0 GigabitEthernet0/0/1 # return
display current-configuration # sysname R5 # interface Ethernet0/0/0 ip address 192.168.2.5 255.255.255.0 rip authentication-mode simple plain Huawei rip summary-address 5.0.0.0 255.0.0.0 avoid-feedback # interface LoopBack0 ip address 5.0.0.1 255.255.255.0 # interface LoopBack1 ip address 5.0.1.1 255.255.255.0 # interface LoopBack2 ip address 5.0.2.1 255.255.255.0 # interface LoopBack3 ip address 5.0.3.1 255.255.255.0 # rip 1 version 2 peer 192.168.2.4 network 192.168.2.0
2015-8-31
Huawei Confidential
Page 18 of 226
RIP Hands-on Exercise Guide
Confidentiality Level
silent-interface Ethernet0/0/0 timers rip 20 100 30 import-route direct route-policy FILTER # route-policy FILTER permit node 10 if-match ip-prefix 10 # ip ip-prefix 10 index 10 permit 5.0.0.0 22 greater-equal 24 less-equal 24 # return
display current-configuration # sysname R6 # acl number 2000 rule 5 permit source 6.0.0.0 0.0.254.255 # interface Ethernet0/0/0 ip address 192.168.2.6 255.255.255.0 rip authentication-mode simple plain Huawei # interface LoopBack0 ip address 6.0.0.1 255.255.255.0 # interface LoopBack1 ip address 6.0.1.1 255.255.255.0 # interface LoopBack2
2015-8-31
Huawei Confidential
Page 19 of 226
RIP Hands-on Exercise Guide
Confidentiality Level
ip address 6.0.2.1 255.255.255.0 # interface LoopBack3 ip address 6.0.3.1 255.255.255.0 # rip 1 version 2 peer 192.168.2.4 network 192.168.2.0 silent-interface Ethernet0/0/0 timers rip 20 100 30 import-route direct route-policy FILTER # route-policy FILTER permit node 10 if-match acl 2000 # return
Chapter 2 OSPF Hands-on Exercise Guide Overview IETF developed Open Shortest Path First (OSPF), a link state Internal Gateway Protocol (IGP), as an enhancement to distance-vector routing protocols in the late 1980s. OSPF version 1 (OSPFv1) was first defined in RFC 113 but was soon replaced by OSPF version 2 (OSPFv2) defined in RFC 1247. OSPFv2 made great improvements in stability and functionality, and is used on existing IPv4 networks,but OSPFv3 is mainly used for IPv6 network. With advantages of fast convergence, no loop, and good scalability, OSPF as a link state routing protocol is widely applied. A link state routing protocol advertises link state information. Each router on a network sends its own link state information (including the IP address and subnet mask of the interface, network type, and link cost) to other routers. After all routers collect all link state information on the network, they know the entire network topology and use the shortest path first (SPF) algorithm to calculate the shortest paths to all network segments. OSPF allows multiple areas on a network. An area is regarded as a logical group, and each group is identified by a 32 bit area ID. A network segment or a link belongs to only one 2015-8-31
Huawei Confidential
Page 20 of 226
RIP Hands-on Exercise Guide
Confidentiality Level
area. That is, you must specific the area to which each OSPF-enabled interface belongs. Area 0 is the OSPF backbone area and is responsible for advertising routing information between non-backbone areas. There is only one backbone area on an OSPF network. In a single OSPF area, each router needs to collect link state information from all other routers. When a large number of routers run OSPF, there is much link state information and the sizes of link state databases (LSDBs) on routers become large accordingly, increasing loads on the routers and complicating maintenance and management. To resolve this issue, OSPF partitions the Autonomous System (AS) into different areas. Link state information is flooded only within the local area. Routers advertise only the number of routes among areas, greatly reducing loads on routers. A router that belongs to different areas is called the Area Border Router (ABR). The ABR is used to transmit inter-area routing information. The way in which inter-area routing information is transmitted is similar to the distance-vector algorithm. To prevent loops between areas, ensure that routing information between non-backbone areas is forwarded through the backbone area. That is, each non-backbone area is connected to the backbone area, and routers in non-backbone areas cannot exchange routing information with each other.
Objectives
Upon completion of this exercise guide, you will be able to: Configure a single OSPF area and multiple OSPF areas. Configure Not-So-Stubby Area (NSSA) areas. Configure OSPF route filtering. Configure OSPF route summarization. Configure OSPF authentication. Configure OSPF to advertise default routes. Adjust OSPF timers. Configure virtual links. Configure link-state advertisement (LSA) filtering.
Tasks The following topology shows the network of Company A. Deploy the network according to the following requirements: (1) Configure multiple OSPF areas. Configure Routing Information Protocol Version 2 (RIPv2) between R3 and R6, and between R4 and R6. Configure Loopback 0 interfaces on R1, R2, R3, and R4 to advertise routes to Area 0. Configure R5 to advertise routes to Area 1 and R6’s direct-connected interfaces to advertise routes to RIP. (2) Configure R6 to advertise routes of internal network segments 192.168.10.0/24 and 192.168.20.0/24 to RIP. Configure R5 to import routes of external network segments 172.16.10.0/24 and 172.16.20.0/24 to OSPF. (3) On R3 and R4, configure OSPF and RIP to import routes from each other, and import routes of network segments 192.168.10.0/24 and 192.168.20.0/24 to OSPF. (4) Configure Area 2 as an NSSA area to reduce the number of LSAs (including Type 3 and Type 5 LSAs) in Area 2. (5) Perform the configurations only on R3 to ensure that R5 accesses network segment 192.168.10.0/24 through R1 and accesses network segment 192.168.20.0/24 through R2. (6) Eliminate existing suboptimal paths on the OSPF network. (7) Improve robustness of the OSPF network to ensure that the physical link between R1 and R2 is stable. (8) Optimize the OSPF routing table on R5, reduce the number of LSAs to maintain, and summarize the two network segments on R5. (9) Adjust OSPF timers based on the status of the link between R2 and R4. (10) Configure cipher text authentication in OSPF areas to improve security of the OSPF 2015-8-31
Huawei Confidential
Page 21 of 226
RIP Hands-on Exercise Guide
Confidentiality Level
network.
Topology
IP Address Table Device
R1
R2
R3
R4 2015-8-31
Default
Interface
IP Address
Subnet Mask
G0/0/0
10.0.12.1
255.255.255.0
N/A
G0/0/1
10.0.13.1
255.255.255.0
N/A
G0/0/2
10.0.15.1
255.255.255.0
N/A
Loopback 0
10.0.1.1
255.255.255.255
N/A
G0/0/1
10.0.12.2
255.255.255.0
N/A
G0/0/2
10.0.25.2
255.255.255.0
N/A
S1/0/0
10.0.24.2
255.255.255.0
N/A
Loopback 0
10.0.2.2
255.255.255.255
N/A
G0/0/0
10.0.13.3
255.255.255.0
N/A
G0/0/1
10.0.34.3
255.255.255.0
N/A
G0/0/2
10.0.36.3
255.255.255.0
N/A
Loopback 0
10.0.3.3
255.255.255.255
N/A
G0/0/0
10.0.34.4
255.255.255.0
N/A
Huawei Confidential
Gateway
Page 22 of 226
RIP Hands-on Exercise Guide
Confidentiality Level
G0/0/2
10.0.46.4
255.255.255.0
N/A
S1/0/0
10.0.24.4
255.255.255.0
N/A
Loopback 0
10.0.4.4
255.255.255.255
N/A
G0/0/0
10.0.15.5
255.255.255.0
N/A
G0/0/1
10.0.25.5
255.255.255.0
N/A
Loopback 0
10.0.5.5
255.255.255.255
N/A
G0/0/0
10.0.36.6
255.255.255.0
N/A
G0/0/1
10.0.46.6
255.255.255.0
N/A
Loopback 0
10.0.6.6
255.255.255.255
N/A
R5
R6
Configuration and Verification 1.
Configure multiple OSPF areas. Configure RIPv2 between R3 and R6, and between R4 and R6. Configure Loopback 0 interfaces on R1, R2, R3, and R4 to advertise routes to Area 0. Configure R5 to advertise routes to Area 1 and R6’s direct-connected interfaces to advertise routes to RIP. Perform basic configurations according to the IP address table, and then check whether OSPF neighbor relationships are established, whether devices can receive routes from Loopback 0 interfaces on other devices, and whether the RIP routing domain is properly working. The following uses the display of R3 as an example. (The following table lists only key information, and as such some information is omitted.) [R3]display ip routing-table Route Flags: R - relay, D - download to fib ------------------------------------------------------------------------Routing Tables: Public Destinations : 28 Destination/Mask
Proto
Routes : 29
Pre Cost
Flags
NextHop
Interface
10.0.1.1/32
OSPF
10
1
D
10.0.13.1
GigabitEthernet0/0/0
10.0.2.2/32
OSPF
10
2
D
10.0.13.1
GigabitEthernet0/0/0
10.0.4.4/32
OSPF
10
50
D
10.0.13.1
GigabitEthernet0/0/0
10.0.5.5/32
OSPF
10
2
D
10.0.13.1
GigabitEthernet0/0/0
10.0.6.6/32
RIP
100
1
D
10.0.36.6
GigabitEthernet0/0/2
10.0.12.0/24
OSPF
10
2
D
10.0.13.1
GigabitEthernet0/0/0
10.0.15.0/24
OSPF
10
2
D
10.0.13.1
GigabitEthernet0/0/0
10.0.24.0/24
OSPF
10
50
D
10.0.13.1
GigabitEthernet0/0/0
2015-8-31
Huawei Confidential
Page 23 of 226
RIP Hands-on Exercise Guide
Confidentiality Level
10.0.25.0/24
OSPF
10
3
D
10.0.13.1
GigabitEthernet0/0/0
10.0.46.0/24
RIP
100
1
D
10.0.36.6
GigabitEthernet0/0/2
RIP
100
1
D
10.0.34.4
GigabitEthernet0/0/1
172.16.10.0/24
O_ASE
150
1
D
10.0.13.1
GigabitEthernet0/0/0
172.16.20.0/24
O_ASE
150
1
D
10.0.13.1
GigabitEthernet0/0/0
192.168.10.0/24
RIP
100
1
D
10.0.36.6
GigabitEthernet0/0/2
192.168.20.0/24
RIP
100
1
D
10.0.36.6
GigabitEthernet0/0/2
You can also run the following commands to verify the result: display ospf peer brief display ip routing-table protocol ospf display rip 1 route display ospf routingdisplay ip routing-table protocol rip
2.
Configure R6 to advertise routes of internal network segments 192.168.10.0/24 and 192.168.20.0/24 to RIP. Configure R5 to import routes of external network segments 172.16.10.0/24 and 172.16.20.0/24 to OSPF. RIP only supports advertise routes in classful format, but it can be identified in RIPv2 by using VLSM. Note that only network segments 172.16.10.0/24 and 172.16.20.0/24 on R5 need to be added. After completing this task, run the display ip routing-table command to view the routing table of R1. (The following table lists only key information, and as such some information is omitted.) [R1]display ip routing-table Route Flags: R - relay, D - download to fib ------------------------------------------------------------------------Routing Tables: Public Destinations : 23
3.
Routes : 23
Destination/Mask
Proto
Pre
Cost
Flags NextHop
Interface
172.16.10.0/24
O_ASE
150
1
D
10.0.15.5
GigabitEthernet0/0/2
172.16.20.0/24
O_ASE
150
1
D
10.0.15.5
GigabitEthernet0/0/2
On R3 and R4, configure OSPF and RIP to import routes from each other, and import routes of network segments 192.168.10.0/24 and 192.168.20.0/24 to OSPF. After completing this task, run the display ospf routing command to view the OSPF routing table of R3 & R4. (The following table lists only key information, and as such some information is omitted.) 2015-8-31
Huawei Confidential
Page 24 of 226
RIP Hands-on Exercise Guide
Confidentiality Level
[R3]display ospf routing OSPF Process 1 with Router ID 10.0.3.3 Routing Tables Routing for ASEs Destination
Cost
Type
Tag
NextHop
AdvRouter
172.16.0.0/16
2
Type2
1
10.0.13.1
10.0.5.5
192.168.10.0/24
1
Type2
1
202.101.34.4
10.0.4.4
192.168.20.0/24
1
Type2
1
202.101.34.4
10.0.4.4
Type
Tag
NextHop
AdvRouter
Routing for NSSAs Destination
Cost
192.168.10.0/24
1
Type2
1
10.0.34.4
10.0.4.4
192.168.20.0/24
1
Type2
1
10.0.34.4
10.0.4.4
AdvRouter
display ospf routing OSPF Process 1 with Router ID 10.0.4.4 Routing Tables Routing for ASEs Destination
Cost
Type
Tag
NextHop
172.16.0.0/16
2
Type2
1
202.101.34.3
10.0.5.5
192.168.10.0/24
1
Type2
1
202.101.34.3
10.0.3.3
192.168.20.0/24
1
Type2
1
202.101.34.3
10.0.3.3
Type
Tag
NextHop
AdvRouter
Routing for NSSAs Destination
Cost
192.168.10.0/24
1
Type2
1
10.0.34.3
10.0.3.3
192.168.20.0/24
1
Type2
1
10.0.34.3
10.0.3.3
Only network segments 192.168.10.0/24 and 192.168.20.0/24 need to be added to OSPF. After completing this task, run the display ip routing-table command to view the routing table of R5. (The following table lists only key information, and as such some information is omitted.) [R5]display ip routing-
2015-8-31
Huawei Confidential
Page 25 of 226
RIP Hands-on Exercise Guide
Confidentiality Level
Route Flags: R - relay, D - download to fib ------------------------------------------------------------------------Routing Tables: Public Destinations : 27
4.
Routes : 28
Destination/Mas
Proto
Pre
Cost
Flags
NextHop
Interface
192.168.10.0/24
O_ASE
150
1
D
10.0.15.1
GigabitEthernet0/0/0
192.168.20.0/24
O_ASE
150
1
D
10.0.15.1
GigabitEthernet0/0/0
Configure Area 2 as an NSSA area to reduce the number of LSAs (including Type 3 and Type 5 LSAs) in Area 2. Totally Stub and totally NSSA can achieve this. NSSA achieves this task here, only the owner of the biggest Router-ID ABR can carry out LSA-7 into LSA-5, but it can be modified by command then more than one ABR can execute this operation. Because R4’s Router-ID is bigger than R3, R4 carries out this transform by default. R3 and R4 in Area 2 function as Autonomous System Boundary Routers (ASBRs). Therefore, the task can be completed after Area 2 is configured as an NSSA area. After completing this task, run the display ospf lsdb command to view the routing table of R3. (The following table lists only key information, and as such some information is omitted.) [R3]display ospf lsdb OSPF Process 1 with Router ID 10.0.3.3 Link State Database Area: 0.0.0.2 Type
LinkState ID
AdvRouter
Age
Len
Sequence
Metric
Router
10.0.3.3
10.0.3.3
162
36
80000005
1
Router
10.0.4.4
10.0.4.4
159
36
80000005
1
Network
10.0.34.4
10.0.4.4
159
32
80000002
0
Sum-Net
0.0.0.0
10.0.3.3
233
28
80000001
1
Sum-Net
0.0.0.0
10.0.4.4
215
28
80000001
1
NSSA
0.0.0.0
10.0.3.3
233
36
80000001
1
NSSA
192.168.10.0
10.0.3.3
233
36
80000001
1
NSSA
192.168.20.0
10.0.3.3
233
36
80000001
1
NSSA
0.0.0.0
10.0.4.4
215
36
80000001
1
2015-8-31
Huawei Confidential
Page 26 of 226
RIP Hands-on Exercise Guide
5.
Confidentiality Level
NSSA
192.168.10.0
10.0.4.4
216
36
80000001
1
NSSA
192.168.20.0
10.0.4.4
216
36
80000001
1
Perform the configurations only on R3 to ensure that R5 accesses network segment 192.168.10.0/24 through R1 and accesses network segment 192.168.20.0/24 through R2. OSPF imports external routes with Type-2 format by default and they keep metric 1 in the whole process, but the type and metric can be changed. Type-1 is higher than Type-2. OSPF needs to choice the nearest path to arrive the ASBR as next-hop by using LSA-4 when receive many same external routes. Based on the configuration result in the default situation and the requirement for the configuration only on R3, adjust costs of default routes on R3 to perform the task. After completing this task, run the display ip routing-table & display ospf routing command to view the routing table of R5. (The following table lists only key information, and as such some information is omitted.) [R5]display ip routingRoute Flags: R - relay, D - download to fib ------------------------------------------------------------------------Routing Tables: Public Destinations : 27 Destination/Mas
Proto
192.168.10.0/24 192.168.20.0/24
Routes : 28 Pre
O_ASE
Cost
150
O_ASE
150
1 1
Flags D D
NextHop
Interface
10.0.15.1 10.0.25.2
GigabitEthernet0/0/0 GigabitEthernet0/0/1
display ospf routing OSPF Process 1 with Router ID 10.0.5.5 Routing Tables Routing for Network Destination
Cost
10.0.5.5/32
0
Stub
10.0.15.0/24
1
Transit
10.0.15.5
10.0.5.5
0.0.0.1
10.0.25.0/24
1
Transit
10.0.25.5
10.0.5.5
0.0.0.1
10.0.1.1/32
1
Inter-area 10.0.15.1
10.0.1.1
0.0.0.1
10.0.2.2/32
1
Inter-area 10.0.25.2
10.0.2.2
0.0.0.1
2015-8-31
Type
NextHop 10.0.5.5
Huawei Confidential
AdvRouter 10.0.5.5
Area 0.0.0.1
Page 27 of 226
RIP Hands-on Exercise Guide 10.0.3.3/32
2
10.0.4.4/32
1563
Confidentiality Level
Inter-area 10.0.15.1 Inter-area 10.0.25.2
10.0.1.1 10.0.2.2
0.0.0.1 0.0.0.1
Routing for ASEs Destination
Cost
Type
Tag
NextHop
AdvRouter
192.168.10.0/24
1
Type2
1
10.0.15.1
10.0.3.3
192.168.20.0/24
1
Type2
1
10.0.25.2
10.0.4.4
Total Nets: 9 Intra Area: 3
Inter Area: 4
ASE: 2
NSSA: 0
tracert -a 172.16.10.1 192.168.10.1 traceroute to
192.168.10.1(192.168.10.1), max hops: 30 ,packet length: 40,press
CTRL_C to break 1 10.0.15.1 50 ms
10 ms
50 ms
2 10.0.13.3 50 ms
60 ms
90 ms
3 10.0.36.6 140 ms
70 ms
120 ms
tracert -a 172.16.10.1 192.168.20.1 traceroute to
192.168.20.1(192.168.20.1), max hops: 30 ,packet length: 40,press
CTRL_C to break 1 10.0.25.2 20 ms
20 ms
40 ms
2 10.0.24.4 60 ms
80 ms
70 ms
3 10.0.46.6 120 ms
6.
110 ms
90 ms
Eliminate existing suboptimal paths on the OSPF network. R2 and R4 are connected through a serial link which bandwidth is much smaller than that of an Ethernet link. Test loopback 0 as an example so that routes mapping network segments where loopback 0 interfaces of other devices reside are optimal. R3’s Loopback0 and R4’s Loopback0 all stay on Area 0 and inter route better than intra route, so R4’s Loopback0 wants to access R3’s Loopback0 must be transferred by R2. Here must set up a virtual link to connect R3 and R4 and GRE tunnel can be used to finish them with suitable cost. After completing this task, run the display ip routing-table command to view the routing table of R5 and R3. (The following table lists only key information, and as such some information is omitted.) 2015-8-31
Huawei Confidential
Page 28 of 226
RIP Hands-on Exercise Guide
Confidentiality Level
[R5]display ip routing-table protocol ospf Route Flags: R - relay, D - download to fib ------------------------------------------------------------------------Public routing table : OSPF Destinations : 15
Routes : 16
OSPF routing table status : Destinations : 15
Routes : 16
Destination/Mask
Proto
Pre
Cost Flags NextHop
Interface
10.0.1.1/32
OSPF
10
1
D
10.0.15.1
GigabitEthernet0/0/0
10.0.2.2/32
OSPF
10
1
D
10.0.25.2
GigabitEthernet0/0/1
10.0.3.3/32
OSPF
10
2
D
10.0.15.1
GigabitEthernet0/0/0
10.0.4.4/32
OSPF
10
3
D
10.0.15.1
GigabitEthernet0/0/0
tracert -a 10.0.3.3 10.0.4.4 traceroute to
10.0.4.4(10.0.4.4), max hops: 30 ,packet length: 40,press CTRL_C to
break 1 202.101.34.4 20 ms
50 ms
40 ms
display ip routing-table Destination/Mask
7.
Proto
Pre
Cost
Flags NextHop
Interface
10.0.0.0/8
RIP
100
1
D
10.0.36.6
GigabitEthernet0/0/2
10.0.1.1/32
OSPF
10
1
D
10.0.13.1
GigabitEthernet0/0/0
10.0.2.2/32
OSPF
10
2
D
10.0.13.1
GigabitEthernet0/0/0
10.0.3.3/32
Direct
0
0
D
127.0.0.1
LoopBack0
10.0.4.4/32
OSPF
10
1
D
202.101.34.4
Tunnel0/0/0
10.0.5.5/32
OSPF
10
2
D
10.0.13.1
GigabitEthernet0/0/0
10.0.6.6/32
RIP
100
1
D
10.0.36.6
GigabitEthernet0/0/2
Improve robustness of the OSPF network to ensure that the physical link between R1 and R2 is stable. 2015-8-31
Huawei Confidential
Page 29 of 226
RIP Hands-on Exercise Guide
Confidentiality Level
OSPF rules backbone area can’t be divided, Area 0 will be divided into two isolated areas when the physical link between R1 and R2 has a breakdown. Virtual-link is a virtual link used to fix a divided backbone area to keep it complete and resolve discontinuous area; it also can be used as a backup link. Analyze the result of the physical link disconnection between R1 and R2. Perform OSPF configurations to improve network robustness based on the analysis result. After completing this task, run the display ospf vlink command to view the OSPF vlink of R1. (The following table lists only key information, and as such some information is omitted.) display ospf vlink OSPF Process 1 with Router ID 10.0.1.1 Virtual Links Virtual-link Neighbor-id
-> 10.0.2.2, Neighbor-State: Full
Interface: 10.0.15.1 (GigabitEthernet0/0/2) Cost: 2
State: P-2-P
Type: Virtual
Transit Area: 0.0.0.1 Timers: Hello 10 , Dead 40 , Retransmit 5 , Transmit Delay 1
8.
Optimize the OSPF routing table on R5, reduce the number of LSAs to maintain, and summarize the two network segments on R5. OSPF and ISIS are all link-state protocols so they transfer route by LSA and LSP and the real route information can’t see. But OSPF transfers real routes in flooding LSA-3, LSA-5 and LSA-7. R1 and R2 all need to filter LSA-3 with filter-policy in area 1. Know differences between route filtering and LSA filtering. Run proper commands to perform the task. After completing this task, run the display ip routing-table command to view the routing table of R5. (The following table lists only key information, and as such some information is omitted.) [R5]display ip routing-table protocol ospf Route Flags: R - relay, D - download to fib ------------------------------------------------------------------------Public routing table : OSPF Destinations : 6
Routes : 6
OSPF routing table status : Destinations : 6 Destination/Mask 10.0.1.1/32
2015-8-31
Routes : 6
Proto Pre Cost Flags NextHop OSPF
10
1
D
10.0.15.1
Huawei Confidential
Interface GigabitEthernet0/0/0
Page 30 of 226
RIP Hands-on Exercise Guide 10.0.2.2/32
OSPF
10.0.3.3/32
OSPF
10
OSPF
192.168.10.0/24
O_ASE 150
192.168.20.0/24
1
10
10.0.4.4/32
Confidentiality Level D
2
10
O_ASE 150
10.0.25.2
D
3
D
1
D
1
10.0.15.1 10.0.15.1 10.0.15.1
D
GigabitEthernet0/0/1 GigabitEthernet0/0/0 GigabitEthernet0/0/0 GigabitEthernet0/0/0
10.0.15.1
GigabitEthernet0/0/0
OSPF routing table status : Destinations : 0
9.
Routes : 0
Adjust OSPF timers based on the status of the link between R2 and R4. Understand rules for setting up OSPF neighbor relationships and adjust OSPF timers based on the actual situation. Serial link is a low-speed line, OSPF keep the default Hello and Dead interval as 10s and 40s by default. After completing this task, run the display ospf interface all command to view the Hello interval of R2. (The following table lists only key information, and as such some information is omitted.) display ospf interface all OSPF Process 1 with Router ID 10.0.2.2 Interfaces Area: 0.0.0.0
(MPLS TE not enabled)
Interface: 10.0.24.2 (Serial0/0/1) --> 10.0.24.4 Cost: 1562
State: P-2-P
Type: P2P
Timers: Hello 60 , Dead 240 , Poll
MTU: 1500
120 , Retransmit 5 , Transmit Delay 1
10. Configure cipher text authentication in OSPF areas to improve security of the OSPF network. Configure cipher text authentication in the three OSPF areas and set the key to huawei. After completing this task, run the display ospf peer GigabitEthernet 0/0/1 command to view the authentication of R2. (The following table lists only key information, and as such some information is omitted.) display ospf peer GigabitEthernet 0/0/1 OSPF Process 1 with Router ID 10.0.2.2 Neighbors Area 0.0.0.0 interface 10.0.12.2(GigabitEthernet0/0/1)'s neighbors Router ID: 10.0.1.1
2015-8-31
Address: 10.0.12.1
Huawei Confidential
Page 31 of 226
RIP Hands-on Exercise Guide State: Full
Mode:Nbr is
DR: 10.0.12.2
Slave
BDR: 10.0.12.1
Dead timer due in 37
Confidentiality Level Priority: 1 MTU: 0
sec
Retrans timer interval: 5 Neighbor is up for 00:14:13 Authentication Sequence: [ 95]
Questions After requirement 6 is met, is requirement 5 still met? If not, analyze the reason and work out a solution. When request 6 is met, R5 will refer to LSA-4 to choose the best route to ASBR-R4. Now, we can compare the OSPF routing-table before and after creating the tunnel0/0/0. After completing this task, run the display ospf routing command to view the OSPF routing of R5. (The following table lists only key information, and as such some information is omitted.) Tunnel unestablished: display ospf routing OSPF Process 1 with Router ID 10.0.5.5 Routing Tables Routing for Network Destination
Cost
10.0.4.4/32
1563
Type
NextHop
Inter-area 10.0.25.2
AdvRouter 10.0.2.2
Area 0.0.0.1
Routing for ASEs Destination
Cost
Type
Tag
NextHop
AdvRouter
192.168.10.0/24
1
Type2
1
10.0.15.1
10.0.3.3
192.168.20.0/24
1
Type2
1
10.0.25.2
10.0.4.4
Tunnel established: display ospf routing OSPF Process 1 with Router ID 10.0.5.5 Routing Tables Routing for Network
2015-8-31
Huawei Confidential
Page 32 of 226
RIP Hands-on Exercise Guide Destination 10.0.4.4/32
Cost 3
Type
Confidentiality Level NextHop
Inter-area 10.0.15.1
AdvRouter
Area
10.0.1.1
0.0.0.1
Routing for ASEs Destination
Cost
Type
Tag
NextHop
AdvRouter
192.168.10.0/24
1
Type2
1
10.0.15.1
10.0.3.3
192.168.20.0/24
1
Type2
1
10.0.15.1
10.0.4.4
Path can be chosen by setting policy-based-route on R5 and modifying output interface or next hop.
Configuration List display current-configuration # sysname R1 # acl number 2000 rule 5 permit source 10.0.12.0 0.0.0.255 rule 10 permit source 10.0.13.0 0.0.0.255 rule 15 permit source 10.0.24.0 0.0.0.255 rule 20 permit source 10.0.34.0 0.0.0.255 rule 25 permit source 202.101.34.0 0.0.0.255 # interface GigabitEthernet0/0/0 ip address 10.0.12.1 255.255.255.0 # interface GigabitEthernet0/0/1 ip address 10.0.13.1 255.255.255.0 # interface GigabitEthernet0/0/2 ip address 10.0.15.1 255.255.255.0 #
2015-8-31
Huawei Confidential
Page 33 of 226
RIP Hands-on Exercise Guide
Confidentiality Level
interface LoopBack0 ip address 10.0.1.1 255.255.255.255 # ospf 1 router-id 10.0.1.1 area 0.0.0.0 authentication-mode md5 1 plain huawei network 10.0.1.1 0.0.0.0 network 10.0.12.1 0.0.0.0 network 10.0.13.1 0.0.0.0 area 0.0.0.1 authentication-mode md5 1 plain huawei filter route-policy R1 import network 10.0.15.1 0.0.0.0 vlink-peer 10.0.2.2 md5 1 plain huawei # route-policy R1 deny node 10 if-match acl 2000 # route-policy R1 permit node 20 # return
display current-configuration # sysname R2 # acl number 2000 rule 5 permit source 10.0.12.0 0.0.0.255 rule 10 permit source 10.0.13.0 0.0.0.255
2015-8-31
Huawei Confidential
Page 34 of 226
RIP Hands-on Exercise Guide
Confidentiality Level
rule 15 permit source 10.0.24.0 0.0.0.255 rule 20 permit source 10.0.34.0 0.0.0.255 rule 25 permit source 202.101.34.0 0.0.0.255 # interface Serial1/0/0 link-protocol ppp ip address 10.0.24.2 255.255.255.0 ospf timer hello 60 # interface GigabitEthernet0/0/1 ip address 10.0.12.2 255.255.255.0 # interface GigabitEthernet0/0/2 ip address 10.0.25.2 255.255.255.0 # interface LoopBack0 ip address 10.0.2.2 255.255.255.255 # ospf 1 router-id 10.0.2.2 area 0.0.0.0 authentication-mode md5 1 plain huawei network 10.0.2.2 0.0.0.0 network 10.0.12.2 0.0.0.0 network 10.0.24.2 0.0.0.0 area 0.0.0.1 authentication-mode md5 1 plain huawei filter route-policy R2 import network 10.0.25.2 0.0.0.0 vlink-peer 10.0.1.1 md5 1 plain huawei
2015-8-31
Huawei Confidential
Page 35 of 226
RIP Hands-on Exercise Guide
Confidentiality Level
# route-policy R2 deny node 10 if-match acl 2000 # route-policy R2 permit node 20 # user-interface con 0 authentication-mode password idle-timeout 0 0 user-interface vty 0 4 user-interface vty 16 20 # return
display current-configuration # sysname R3 # acl number 2000 rule 5 permit source 192.168.10.0 0.0.0.255 acl number 2001 rule 5 permit source 192.168.20.0 0.0.0.255 # interface GigabitEthernet0/0/0 ip address 10.0.13.3 255.255.255.0 # interface GigabitEthernet0/0/1 ip address 10.0.34.3 255.255.255.0 #
2015-8-31
Huawei Confidential
Page 36 of 226
RIP Hands-on Exercise Guide
Confidentiality Level
interface GigabitEthernet0/0/2 ip address 10.0.36.3 255.255.255.0 # interface LoopBack0 ip address 10.0.3.3 255.255.255.255 # interface Tunnel0/0/0 ip address 202.101.34.3 255.255.255.0 tunnel-protocol gre source 10.0.34.3 destination 10.0.34.4 ospf cost 1 ospf network-type broadcast # ospf 1 router-id 10.0.3.3 import-route rip 1 route-policy R2O area 0.0.0.0 authentication-mode md5 1 plain huawei network 10.0.3.3 0.0.0.0 network 10.0.13.3 0.0.0.0 network 202.101.34.3 0.0.0.0 area 0.0.0.2 authentication-mode md5 1 plain huawei network 10.0.34.3 0.0.0.0 nssa no-summary # rip 1 version 2 network 10.0.0.0
2015-8-31
Huawei Confidential
Page 37 of 226
RIP Hands-on Exercise Guide
Confidentiality Level
import-route ospf 1 # route-policy R2O permit node 10 if-match acl 2000 # route-policy R2O permit node 20 if-match acl 2001 apply cost 50 # return
display current-configuration # sysname R4 # acl number 2000 rule 5 permit source 192.168.10.0 0.0.0.255 rule 10 permit source 192.168.20.0 0.0.0.255 # interface Serial1/0/0 link-protocol ppp ip address 10.0.24.4 255.255.255.0 ospf timer hello 60 # interface GigabitEthernet0/0/0 ip address 10.0.34.4 255.255.255.0 # interface GigabitEthernet0/0/2 ip address 10.0.46.4 255.255.255.0
2015-8-31
Huawei Confidential
Page 38 of 226
RIP Hands-on Exercise Guide
Confidentiality Level
# interface LoopBack0 ip address 10.0.4.4 255.255.255.255 # interface Tunnel0/0/0 ip address 202.101.34.4 255.255.255.0 tunnel-protocol gre source 10.0.34.4 destination 10.0.34.3 ospf cost 1 ospf network-type broadcast # ospf 1 router-id 10.0.4.4 import-route rip 1 route-policy R2O area 0.0.0.0 authentication-mode md5 1 plain huawei network 10.0.4.4 0.0.0.0 network 10.0.24.4 0.0.0.0 network 202.101.34.4 0.0.0.0 area 0.0.0.2 authentication-mode md5 1 plain huawei network 10.0.34.4 0.0.0.0 nssa no-summary # rip 1 version 2 network 10.0.0.0 import-route ospf 1 #
2015-8-31
Huawei Confidential
Page 39 of 226
RIP Hands-on Exercise Guide
Confidentiality Level
route-policy R2O permit node 10 if-match acl 2000 # return
display current-configuration # sysname R5 # ip local policy-based-route R5 #acl number 2000 rule 5 permit source 172.16.10.0 0.0.0.255 rule 10 permit source 172.16.20.0 0.0.0.255 # acl number 3001 rule 5 permit ip source 172.16.0.0 0.0.255.255 destination 192.168.20.0 0.0.0.2 55 # interface GigabitEthernet0/0/0 ip address 10.0.15.5 255.255.255.0 # interface GigabitEthernet0/0/1 ip address 10.0.25.5 255.255.255.0 # interface LoopBack0 ip address 10.0.5.5 255.255.255.255 # interface LoopBack1 ip address 172.16.10.1 255.255.255.0 #
2015-8-31
Huawei Confidential
Page 40 of 226
RIP Hands-on Exercise Guide
Confidentiality Level
interface LoopBack2 ip address 172.16.20.1 255.255.255.0 # ospf 1 router-id 10.0.5.5 asbr-summary 172.16.0.0 255.255.0.0 import-route direct route-policy D2O area 0.0.0.1 authentication-mode md5 1 plain huawei network 10.0.5.5 0.0.0.0 network 10.0.15.5 0.0.0.0 network 10.0.25.5 0.0.0.0 # route-policy D2O permit node 10 if-match acl 2000 # policy-based-route R5 permit node 10 if-match acl 3001 apply ip-address next-hop 10.0.25.2 policy-based-route R5 permit node 20 # return
display current-configuration # sysname R6 # interface GigabitEthernet0/0/0 ip address 10.0.36.6 255.255.255.0 #
2015-8-31
Huawei Confidential
Page 41 of 226
RIP Hands-on Exercise Guide
Confidentiality Level
interface GigabitEthernet0/0/1 ip address 10.0.46.6 255.255.255.0 # interface LoopBack0 ip address 10.0.6.6 255.255.255.255 # interface LoopBack1 ip address 192.168.10.1 255.255.255.0 # interface LoopBack2 ip address 192.168.20.1 255.255.255.0 # rip 1 version 2 network 10.0.0.0 network 192.168.10.0 network 192.168.20.0 # return
Chapter 3 IS-IS Hands-on Exercise Guide Overview Intermediate System to Intermediate System (IS-IS) is a dynamic routing protocol initially designed by the International Organization for Standardization (ISO) for its Connectionless Network Protocol (CLNP). To support IP routing, the Internet Engineering Task Force (IETF) extended and modified IS-IS in RFC 1195. This modification enables IS-IS to apply to TCP/IP and OSI environments. This version of IS-IS is called Integrated IS-IS or Dual IS-IS. IS-IS is an Interior Gateway Protocol (IGP) that runs within an autonomous system (AS). IS-IS is a link state protocol and uses the shortest path first (SPF) algorithm to calculate routes. It is similar to OSPF in many aspects. IS-IS uses a two-level hierarchy in a routing domain to support large-scale routing networks. A large routing domain is divided into one or more areas. Level-1 routers manage intra-area routes. Level-2 routers manage inter-area routes. 2015-8-31
Huawei Confidential
Page 42 of 226
RIP Hands-on Exercise Guide
Confidentiality Level
The topology of an IS-IS network is similar to the multi-area topology of an OSPF network. Generally, all devices in the backbone area are Level-2 routers. Non-backbone areas contain Level-1 routers and connect to the backbone area through Level-1-2 routers. The backbone area in IS-IS is not a fixed area, that is, the area ID varies. The networking is one of the differences between IS-IS and OSPF. In OSPF, inter-area routes must be forwarded through the backbone area, and only routers in the same area use the SPF algorithm. In IS-IS, both Level-1 and Level-2 routes are calculated using the SPF algorithm to generate the shortest path tree (SPT).
Objectives
Upon completion of this exercise guide, you will be able to: Configure IS-IS. Use IS-IS in different network environments. Change the IS-IS cost. Configure IS-IS authentication modes. Configure IS-IS route aggregation. Configure route leaking in different areas. Configure a router to advertise default routes.
Tasks
(1) (2)
(3) (4) (5) (6) (7) (8) (9)
(10)
(11)
The following topology shows the network of Company A. Deploy the network according to the following requirements: Add R1 to area 49.0001, add R2, R3, R4, and R5 to area 49.0002, and add R6 to area 49.0006. Set the system ID of each router to 0000.0000.000X. Configure IS-IS on interfaces according to the topology. Run IS-IS on E1/0/0 of R6 and disable E1/0/0 from sending any IS-IS packets to its directly connected network segment. Enable routers in the IS-IS area to learn addresses of the network segment directly connected to E1/0/0. Configure R1 as a Level-2 router, R2 and R3 as Level-1-2 routers, R4 and R5 as Level-1 routers, and interfaces on R6 as Level-2 interfaces. Run proper commands to configure the names (such as R1, R2, and R3) of the routers because routers are difficult to maintain when identified using only system IDs. Ensure that no DIS exists between R4 and R5, and establish a neighbor relationship between them. Configure IS-IS to automatically calculate the cost. Use a proper authentication mode to authenticate LSPs and SNPs in area 49.0002. Set the authentication password to HUAWEI and authentication type to MD5. Disable R4 and R5 from sending Hello packets with the padding field to each other to improve bandwidth usage between them. Only configure R4 to import directly connected network segment 4.0.X.0/24 to the IS-IS area and do not summary, configure R1 to import directly connected network segment 1.0.X.0/24 to the IS-IS area, and perform optimal aggregation. Use as few commands as possible. Disable R2 and R3 from advertising 4.0.0.0/24 and 4.0.2.0/24 to area 49.0001, configure ACLs and disable routing policies on R2 and R3. Ensure that R4 and R5 can learn the aggregated network segment 1.0.X.0/24, and disable routing policies on R4 and R5. Disable R6 from adding aggregated routes generated by R1 to the routing table. Enable R6 to advertise a default route when routing information for network segment 1.0.X.0/24 exists on R1.
2015-8-31
Huawei Confidential
Page 43 of 226
RIP Hands-on Exercise Guide
Confidentiality Level
Topology
IP Address Table Device
R1
R2
R3
R4
R5
R6
2015-8-31
Default
Interface
IP Address
Subnet Mask
S2/0/0.2
12.1.1.1
255.255.255.0
N/A
S2/0/0.3
13.1.1.1
255.255.255.0
N/A
G0/0/0
16.1.1.1
255.255.255.0
N/A
Loopback 0
10.1.1.1
255.255.255.255
N/A
S2/0/0.2
12.1.1.2
255.255.255.0
N/A
S2/0/1
24.1.1.2
255.255.255.0
N/A
Loopback 0
10.2.2.2
255.255.255.255
N/A
S2/0/0.3
13.1.1.3
255.255.255.0
N/A
S2/0/1
35.1.1.3
255.255.255.0
N/A
Loopback 0
10.3.3.3
255.255.255.255
N/A
S2/0/1
24.1.1.4
255.255.255.0
N/A
E1/0/0
45.1.1.4
255.255.255.0
N/A
Loopback 0
10.4.4.4
255.255.255.255
N/A
S2/0/1
35.1.1.5
255.255.255.0
N/A
E1/0/0
45.1.1.5
255.255.255.255
N/A
Loopback 0
10.5.5.5
255.255.255.255
N/A
G0/0/0
16.1.1.6
255.255.255.0
N/A
Huawei Confidential
Gateway
Page 44 of 226
RIP Hands-on Exercise Guide
Confidentiality Level
E1/0/0
6.0.0.1
255.255.255.0
N/A
Loopback 0
10.6.6.6
255.255.255.255
N/A
Configuration and Verification 1.
Add R1 to area 49.0001, add R2, R3, R4, and R5 to area 49.0002, and add R6 to area 49.0006. Set the system ID of each router to 0000.0000.000X. Perform basic configuration according to the "IP Address Table", and then run the display isis 1 brief command to view brief IS-IS information. The following uses the display of R1 as an example. The table shows only key information, while other information is omitted. [R1]display isis 1 brief ISIS Protocol Information for ISIS(1) ------------------------------------SystemId: 0000.0000.0001
System Level: L12
Area-Authentication-mode: NULL Domain-Authentication-mode: NULL Ipv6 is not enabled ISIS is in invalid restart status ISIS is in protocol hot standby state: Real-Time Backup
During the configuration, view and understand the requirements to avoid incorrect configuration.
2.
Configure IS-IS on interfaces according to the topology. Run IS-IS on E1/0/0 of R6 and disable E1/0/0 from sending any IS-IS packets to its directly connected network segment. Enable routers in the IS-IS area to learn addresses of the network segment directly connected to E1/0/0. After completing this task, run the display isis interface command to view interfaces that have IS-IS enabled, run the display isis peer command to view IS-IS neighbors, and run the display ip routing-table protocol isis command to view the IS-IS routing table. The following uses the display of R1 as an example. The table shows only key information, while other information is omitted. [R1]display isis interface Interface information for ISIS(1) Interface GE0/0/0 Loop0
2015-8-31
Id 001 001
IPV4.State Up
IPV6.State Down
Up
Down
Huawei Confidential
MTU
Type
DIS
1497 L1/L2 No/No 1500 L1/L2 --
Page 45 of 226
RIP Hands-on Exercise Guide
Confidentiality Level
S2/0/0.2
002
Up
Down
1500 L1/L2 --
S2/0/0.3
003
Up
Down
1500 L1/L2 –
[R1]display isis peer Peer information for ISIS(1) System Id
Interface
Circuit Id
State HoldTime Type
PRI
------------------------------------------------------------------------------0000.0000.0006
GE0/0/0
0000.0000.0006.01 Up
8s
L2(L1L2) 64
0000.0000.0002
S2/0/0.2
0000000002
Up
22s
L2
--
0000.0000.0003
S2/0/0.3
0000000001
Up
23s
L2
--
[R1]display ip routing-table protocol isis Destination/Mask
Proto
Pre
Cost
Flags NextHop
Interface
6.0.0.0/24
ISIS-L2 15
74
D
16.1.1.6
GigabitEthernet0/0/0
10.2.2.2/32
ISIS-L2 15
10
D
12.1.1.2
Serial2/0/0.2
10.3.3.3/32
ISIS-L2 15
10
D
13.1.1.3
Serial2/0/0.3
10.4.4.4/32
ISIS-L2 15
20
D
12.1.1.2
Serial2/0/0.2
10.5.5.5/32
ISIS-L2 15
20
D
13.1.1.3
Serial2/0/0.3
10.6.6.6/32
ISIS-L2 15
10
D
16.1.1.6
GigabitEthernet0/0/0
24.1.1.0/24
ISIS-L2 15
20
D
12.1.1.2
Serial2/0/0.2
35.1.1.0/24
ISIS-L2 15
20
D
13.1.1.3
Serial2/0/0.3
45.1.1.0/24
ISIS-L2 15
30
D
13.1.1.3
Serial2/0/0.3
ISIS-L2 15
30
D
12.1.1.2
Serial2/0/0.2
When IS-IS runs in a frame relay (FR) network, you need to configure FR interfaces as sub-interfaces that work in P2P mode, otherwise, IS-IS neighbor relationships cannot be established even if the network type is changed. IS-IS only support broadcast and P2P network type by default. In addition, you should understand IS-IS features when configuring IS-IS on E1/0/0 of R6. IS-IS can disable a certain interface to receive and send data, so the build of the IS-IS neighbor and transfer of route information can be controlled. You can also run the following command to verify the results: display isis lsdb display isis route display isis peer 2015-8-31
Huawei Confidential
Page 46 of 226
RIP Hands-on Exercise Guide
3.
Confidentiality Level
Configure R1 as a Level-2 router, R2 and R3 as Level-1-2 routers, R4 and R5 as Level-1 routers, and interfaces on R6 as Level-2 interfaces. After completing this task, run the display isis brief command to view the level at which a device works. The following uses the display of R1 as an example. The table shows only key information, while other information is omitted. [R1]display isis 1 brief ISIS Protocol Information for ISIS(1) ------------------------------------SystemId: 0000.0000.0001
System Level: L2
Area-Authentication-mode: NULL Domain-Authentication-mode: NULL Ipv6 is not enabled ISIS is in invalid restart status ISIS is in protocol hot standby state: Real-Time Backup
According to the requirement, interfaces on R6 should be configured as Level-2 interfaces. You cannot run the is-level command to configure R6 as a Level-2 router. You can also run the following command to verify the results: display isis peer
4.
Run proper commands to configure the names (such as R1, R2, and R3) of the routers because routers are difficult to maintain when identified using only system IDs. After completing this task, run the display isis name-table command to view the mapping between the host name and system ID of local and remote IS-IS routers. The following uses the display of R1 as an example. The table shows only key information, while other information is omitted. [R1]display isis name-table Name table information for ISIS(1) System ID
Hostname
Type
------------------------------------------------------------------------------0000.0000.0001
R1
DYNAMIC
0000.0000.0002
R2
DYNAMIC
0000.0000.0003
R3
DYNAMIC
0000.0000.0006
R6
DYNAMIC
The host name is delivered to each router running IS-IS through LSPs. Note that the length of a specified dynamic host name is limited within 64 bits IS-IS can name the remote device by the command “is-name 0001.0001.0001 R1”, so 2015-8-31
Huawei Confidential
Page 47 of 226
RIP Hands-on Exercise Guide
Confidentiality Level
that it is easy to check the LSDB. You can also run the following commands to verify the results: display isis peerdisplay isis lsdb
5.
Ensure that no DIS exists between R4 and R5, and establish a neighbor relationship between them. After completing this task, view the network type of connected interfaces on R4 and R5. The following uses the display of R5 as an example. The table shows only key information, while other information is omitted. [R5]display isis interface Ethernet 1/0/0 verbose Interface information for ISIS(1) --------------------------------Interface
Id
Eth1/0/0
003
IPV4.State
IPV6.State
Up
Down
Circuit MT State
: Standard
Circuit Parameters
: p2p
MTU
Type
DIS
1497 L1/L2 --
Description
: HUAWEI, AR Series, Ethernet1/0/0 Interface
SNPA Address
: 00e0-fc04-31d5
IP Address
: 45.1.1.5
In a P2P network, a three-way handshake is forcibly performed when an IS-IS neighbor relationship is established. The three-way handshake ensures that the neighbor relationship is established successfully and prevents unidirectional communication. ISIS provides default support for Ethernet and P2P, but here we need to adjust it to reliable 3-way handshake P2P network. You can also run the following command to verify the results: display isis peer display isis interface
6.
Configure IS-IS to automatically calculate the cost. After completing this task, run the display isis cost interface command to view the cost of each interface. The following uses the display of R1 as an example. The table shows only key information, while other information is omitted. [R1]display isis cost interface GigabitEthernet 0/0/0 Interface: GE0/0/0 Level-2 interface cost Topology base(0): Link effective cost: 1(A)
enabled by auto cost
IP prefix effective cost:
2015-8-31
Huawei Confidential
Page 48 of 226
RIP Hands-on Exercise Guide 16.1.1.0/24
Confidentiality Level cost: 1
Flags: R-Relative cost
enabled by auto cost A-Absolute cost
By default, the IS-IS link cost is 10. To enable automatic link cost calculation, the cost style must be Wide or Wide-Compatible. You can also run the following command to verify the results: display isis interface GigabitEthernet 0/0/0 verbose | include cost
7.
Use a proper authentication mode to authenticate LSPs and SNPs in area 49.0002. Set the authentication password to HUAWEI and authentication type to MD5. After completing this task, run the display isis error command to verify whether the configuration succeeds. The following uses the display of R5 as an example. The table shows only key information, while other information is omitted. [R5]display isis error | include Authentication Statistics of error packets for ISIS(1) --------------------------------------LSP packet errors: Bad Authentication
: 0
Bad Auth Count
: 0
Hello packet errors: Mismatched Max Area Addr: 0
Bad Authentication
: 0
During the configuration, note that there are three IS-IS authentication modes that have different functions. Default packet of ISIS has 3 formats: IHH、SNP、LSP, among which SNP includes CSNP and PSNP of Level-1 and Level-2. Domain authentication is used to encrypt Level-2 packet ,area authentication is used to encrypt Level-1 packet and interface authentication is used to encrypt Hello packet. You can also run the following command to verify the results: display isis brief
8.
Disable R4 and R5 from sending Hello packets with the padding field to each other to improve bandwidth usage between them. Default Hello packet carries huge number of useless padding field, as shown below:
2015-8-31
Huawei Confidential
Page 49 of 226
RIP Hands-on Exercise Guide
Confidentiality Level
After completing this task, view detailed information about E1/0/0 on R4 and R5. The following uses the display of R5 as an example. The table shows only key information, while other information is omitted. [R5]display isis interface Ethernet 1/0/0 verbose Interface information for ISIS(1) --------------------------------Interface
Id
Eth1/0/0
003
IPV4.State
IPV6.State
Up
Down
Circuit MT State
: Standard
Circuit Parameters
: small-hello
Description
MTU
Type
DIS
1497 L1/L2 --
p2p
: HUAWEI, AR Series, Ethernet1/0/0 Interface
SNPA Address
: 00e0-fc04-31d5
IP Address
: 45.1.1.5
Different types of networks process Hello packets in different ways.
9.
Only configure R4 to import directly connected network segment 4.0.X.0/24 to the IS-IS area and do not summary, configure R1 to import directly connected network segment 1.0.X.0/24 to the IS-IS area, and perform optimal aggregation. Use as few commands as possible. After completing this task, run the display ip routing-table protocol isis command to view IS-IS routes. The following uses the display of R6 as an example. The table shows only key information, while other information is omitted. [R6]display ip routing-table protocol isis Destination/Mask
2015-8-31
Proto
Pre
Cost
Flags NextHop
Huawei Confidential
Interface
Page 50 of 226
RIP Hands-on Exercise Guide
Confidentiality Level
1.0.0.0/22
ISIS-L2 15
1
D
16.1.1.1
GigabitEthernet0/0/0
4.0.0.0/24
ISIS-L2 15
987
D
16.1.1.1
GigabitEthernet0/0/0
4.0.1.0/24
ISIS-L2 15
987
D
16.1.1.1
GigabitEthernet0/0/0
4.0.2.0/24
ISIS-L2 15
987
D
16.1.1.1
GigabitEthernet0/0/0
4.0.3.0/24
ISIS-L2 15
987
D
16.1.1.1
GigabitEthernet0/0/0
During the configuration, note that only required network segments can be imported to the IS-IS Area. Do not import irrelevant network segments. During IS-IS route aggregation, a route to the Null0 interface is not generated by default.
10. Disable R2 and R3 from advertising 4.0.0.0/24 and 4.0.2.0/24 to area 49.0001, configure ACLs and disable routing policies on R2 and R3. Ensure that R4 and R5 can learn the aggregated network segment 1.0.X.0/24, and disable routing policies on R4 and R5. After completing this task, run the display ip routing-table protocol isis command to view IS-IS routes. The following table shows information of R1 and R4. Only key information is displayed, while other information is omitted. [R1]display ip routing-table Destination/Mask
Proto
protocol
Pre
Cost
isis Flags NextHop
Interface
4.0.1.0/24
ISIS-L2 15
976
D
12.1.1.2
Serial2/0/0.2
4.0.3.0/24
ISIS-L2 15
976
D
12.1.1.2
Serial2/0/0.2
6.0.0.0/24
ISIS-L2 15
11
D
16.1.1.6
GigabitEthernet0/0/0
10.2.2.2/32
ISIS-L2 15
488
D
12.1.1.2
Serial2/0/0.2
10.3.3.3/32
ISIS-L2 15
488
D
13.1.1.3
Serial2/0/0.3
10.4.4.4/32
ISIS-L2 15
976
D
12.1.1.2
Serial2/0/0.2
10.5.5.5/32
ISIS-L2 15
976
D
13.1.1.3
Serial2/0/0.3
10.6.6.6/32
ISIS-L2 15
1
D
16.1.1.6
GigabitEthernet0/0/0
24.1.1.0/24
ISIS-L2 15
976
D
12.1.1.2
Serial2/0/0.2
35.1.1.0/24
ISIS-L2 15
976
D
13.1.1.3
Serial2/0/0.3
45.1.1.0/24
ISIS-L2 15
986
D
12.1.1.2
Serial2/0/0.2
ISIS-L2 15
986
D
13.1.1.3
Serial2/0/0.3
[R4]display ip routing-table protocol isis Destination/Mask
2015-8-31
Proto
Pre
Cost
Flags NextHop
Huawei Confidential
Interface
Page 51 of 226
RIP Hands-on Exercise Guide
Confidentiality Level
0.0.0.0/0
ISIS-L1 15
488
D
24.1.1.2
Serial2/0/1
1.0.0.0/22
ISIS-L1 15
976
D
24.1.1.2
Serial2/0/1
10.2.2.2/32
ISIS-L1 15
488
D
24.1.1.2
Serial2/0/1
10.3.3.3/32
ISIS-L1 15
498
D
45.1.1.5
Ethernet1/0/0
10.5.5.5/32
ISIS-L1 15
10
D
45.1.1.5
Ethernet1/0/0
12.1.1.0/24
ISIS-L1 15
976
D
24.1.1.2
Serial2/0/1
13.1.1.0/24
ISIS-L1 15
986
D
45.1.1.5
Ethernet1/0/0
35.1.1.0/24
ISIS-L1 15
498
D
45.1.1.5
Ethernet1/0/0
This task requires bidirectional route leaking between Level-1 and Level-2 areas. Filter routes according to the requirement.
11. Disable R6 from adding aggregated routes generated by R1 to the routing table. Enable R6 to advertise a default route when routing information for network segment 1.0.X.0/24 exists on R1. After completing this task, run the display ip routing-table protocol isis command to view IS-IS routes. The following uses the display of R6 as an example. The table shows only key information, while other information is omitted. [R6]display ip routing-table protocol isis Destination/Mask
Proto
Pre
Cost
Flags NextHop
0.0.0.0/0
ISIS-L2 15
1
4.0.1.0/24
ISIS-L2 15
977
D
16.1.1.1
GigabitEthernet0/0/0
4.0.3.0/24
ISIS-L2 15
977
D
16.1.1.1
GigabitEthernet0/0/0
10.1.1.1/32
ISIS-L2 15
1
D
16.1.1.1
GigabitEthernet0/0/0
10.2.2.2/32
ISIS-L2 15
489
D
16.1.1.1
GigabitEthernet0/0/0
10.3.3.3/32
ISIS-L2 15
489
D
16.1.1.1
GigabitEthernet0/0/0
10.4.4.4/32
ISIS-L2 15
977
D
16.1.1.1
GigabitEthernet0/0/0
10.5.5.5/32
ISIS-L2 15
977
D
16.1.1.1
GigabitEthernet0/0/0
12.1.1.0/24
ISIS-L2 15
489
D
16.1.1.1
GigabitEthernet0/0/0
13.1.1.0/24
ISIS-L2 15
489
D
16.1.1.1
GigabitEthernet0/0/0
24.1.1.0/24
ISIS-L2 15
977
D
16.1.1.1
GigabitEthernet0/0/0
35.1.1.0/24
ISIS-L2 15
977
D
16.1.1.1
GigabitEthernet0/0/0
45.1.1.0/24
ISIS-L2 15
987
D
16.1.1.1
GigabitEthernet0/0/0
2015-8-31
D
Huawei Confidential
16.1.1.1
Interface GigabitEthernet0/0/0
Page 52 of 226
RIP Hands-on Exercise Guide
Confidentiality Level
Questions In requirement 1, if the interfaces are not FR sub-interfaces or the sub-interface type is not P2MP, can IS-IS neighbor relationships be established? Yes, IS-IS support P2P network type, but doesn’t support NBMA and P2MP network. In requirement 2, why do R2 and R3 not use the default routes they advertise? R4 and R5 will generate default route after receive the LSP-level-1 of ATT bit is set and they will choose the nearest Level-1-2 router as next hop. R2 and R3 as Level-1-2 routers, they will ignore this LSP. In requirement 11, are corresponding LSPs filtered when route filtering is implemented on R6, and what are the considerations that should be taken for advertising default routes? Because ISIS and OSPF are Link-state protocol, R6 can’t use filter-policy to filter LSP in inbound direction. The filter-policy will effect in the process of LSP into routing-table, but can’t deny LSP into LSDB. When advertising routes under a certain condition, it is required detailed routes and the summary route to avoid the unknown loop. When the edge device’s routing table contains the external route to meet route policy, R4 released a default route to ISIS domain, avoid due to link failures and other reasons caused the equipment to do not exist already some important external routing, still advertise default route resulting in routing loop. The routing strategy here does not affect the introduction of external ISIS routing.
Configuration List display current-configuration # sysname R1 # acl number 2010 rule 5 permit source 1.0.0.0 0.0.252.255 # isis 1 is-level level-2 cost-style wide auto-cost enable network-entity 49.0001.0000.0000.0001.00 is-name R1 import-route direct route-policy SUMM default-route-advertise route-policy OTHERROUTE summary 1.0.0.0 255.255.252.0
2015-8-31
Huawei Confidential
Page 53 of 226
RIP Hands-on Exercise Guide
Confidentiality Level
# interface Serial2/0/0 link-protocol fr undo fr inarp # interface Serial2/0/0.2 fr dlci 102 ip address 12.1.1.1 255.255.255.0 fr map ip 12.1.1.2 102 broadcast isis enable 1 # interface Serial2/0/0.3 fr dlci 103 ip address 13.1.1.1 255.255.255.0 fr map ip 13.1.1.3 103 broadcast isis enable 1 # interface GigabitEthernet0/0/0 ip address 16.1.1.1 255.255.255.0 isis enable 1 # interface LoopBack0 ip address 10.1.1.1 255.255.255.255 isis enable 1 # interface LoopBack10 ip address 1.0.0.1 255.255.255.0 # interface LoopBack11
2015-8-31
Huawei Confidential
Page 54 of 226
RIP Hands-on Exercise Guide
Confidentiality Level
ip address 1.0.1.1 255.255.255.0 # interface LoopBack12 ip address 1.0.2.1 255.255.255.0 # interface LoopBack13 ip address 1.0.3.1 255.255.255.0 # route-policy SUMM permit node 10 if-match ip-prefix SUMM # route-policy OTHERROUTE permit node 10 if-match acl 2010 # ip ip-prefix SUMM index 10 permit 1.0.0.0 22 greater-equal 24 less-equal 24 # return
display current-configuration # sysname R2 # acl number 2000 rule 5 deny source 4.0.0.0 0.0.254.255 rule 10 permit # isis 1 cost-style wide auto-cost enable
2015-8-31
Huawei Confidential
Page 55 of 226
RIP Hands-on Exercise Guide
Confidentiality Level
network-entity 49.0002.0000.0000.0002.00 is-name R2 import-route isis level-2 into level-1 filter-policy ip-prefix LEAKSUMM import-route isis level-1 into level-2 filter-policy 2000 area-authentication-mode md5 plain HUAWEI # interface Serial2/0/0 link-protocol fr undo fr inarp # interface Serial2/0/0.2 fr dlci 201 ip address 12.1.1.2 255.255.255.0 fr map ip 12.1.1.1 201 broadcast isis enable 1 # interface Serial2/0/1 link-protocol ppp ip address 24.1.1.2 255.255.255.0 isis enable 1 # interface LoopBack0 ip address 10.2.2.2 255.255.255.255 isis enable 1 # ip ip-prefix LEAKSUMM index 10 permit 1.0.0.0 22 # return
2015-8-31
Huawei Confidential
Page 56 of 226
RIP Hands-on Exercise Guide
Confidentiality Level
display current-configuration # sysname R3 # acl number 2000 rule 5 deny source 4.0.0.0 0.0.254.255 rule 10 permit # isis 1 cost-style wide auto-cost enable network-entity 49.0002.0000.0000.0003.00 is-name R3 import-route isis level-2 into level-1 filter-policy ip-prefix LEAKSUMM import-route isis level-1 into level-2 filter-policy 2000 area-authentication-mode md5 plain HUAWEI # interface Serial2/0/0 link-protocol fr undo fr inarp # interface Serial2/0/0.3 fr dlci 301 ip address 13.1.1.3 255.255.255.0 fr map ip 13.1.1.1 301 broadcast isis enable 1 # interface Serial2/0/1 link-protocol ppp
2015-8-31
Huawei Confidential
Page 57 of 226
RIP Hands-on Exercise Guide
Confidentiality Level
ip address 35.1.1.3 255.255.255.0 isis enable 1 # interface LoopBack0 ip address 10.3.3.3 255.255.255.255 isis enable 1 # ip ip-prefix LEAKSUMM index 10 permit 1.0.0.0 22 # return
display current-configuration # sysname R4 # isis 1 is-level level-1 cost-style wide auto-cost enable network-entity 49.0002.0000.0000.0004.00 is-name R4 import-route direct level-1 route-policy SUMM area-authentication-mode md5 plain HUAWEI # interface Ethernet1/0/0 ip address 45.1.1.4 255.255.255.0 isis enable 1 isis circuit-type p2p isis small-hello
2015-8-31
Huawei Confidential
Page 58 of 226
RIP Hands-on Exercise Guide
Confidentiality Level
# interface Serial2/0/1 link-protocol ppp ip address 24.1.1.4 255.255.255.0 isis enable 1 # interface LoopBack0 ip address 10.4.4.4 255.255.255.255 isis enable 1 # interface LoopBack10 ip address 4.0.0.1 255.255.255.0 # interface LoopBack11 ip address 4.0.1.1 255.255.255.0 # interface LoopBack12 ip address 4.0.2.1 255.255.255.0 # interface LoopBack13 ip address 4.0.3.1 255.255.255.0 # route-policy SUMM permit node 10 if-match ip-prefix SUMM # ip ip-prefix SUMM index 10 permit 4.0.0.0 22 greater-equal 24 less-equal 24 # return
2015-8-31
Huawei Confidential
Page 59 of 226
RIP Hands-on Exercise Guide
Confidentiality Level
display current-configuration # sysname R5 # isis 1 is-level level-1 cost-style wide auto-cost enable network-entity 49.0002.0000.0000.0005.00 is-name R5 area-authentication-mode md5 plain HUAWEI summary 1.0.0.0 255.255.252.0 # interface Ethernet1/0/0 ip address 45.1.1.5 255.255.255.0 isis enable 1 isis circuit-type p2p isis small-hello # interface Serial2/0/1 link-protocol ppp ip address 35.1.1.5 255.255.255.0 isis enable 1 # interface LoopBack0 ip address 10.5.5.5 255.255.255.255 isis enable 1 # return
2015-8-31
Huawei Confidential
Page 60 of 226
RIP Hands-on Exercise Guide
Confidentiality Level
display current-configuration # sysname R6 # isis 1 cost-style wide auto-cost enable network-entity 49.0006.0000.0000.0006.00 is-name R6 filter-policy ip-prefix FILTERR1SUMM import # interface Ethernet1/0/0 ip address 6.0.0.1 255.255.255.0 isis enable 1 isis silent # interface GigabitEthernet0/0/0 ip address 16.1.1.6 255.255.255.0 isis enable 1 isis circuit-level level-2 # interface LoopBack0 ip address 10.6.6.6 255.255.255.255 isis enable 1 # ip ip-prefix FILTERR1SUMM index 5 deny 1.0.0.0 22 ip ip-prefix FILTERR1SUMM index 10 permit 0.0.0.0 0 less-equal 32 #
2015-8-31
Huawei Confidential
Page 61 of 226
RIP Hands-on Exercise Guide
Confidentiality Level
return
Chapter 4 BGP Basics Hands-on Exercise Guide Overview The Border Gateway Protocol (BGP) is a dynamic routing protocol used between Autonomous Systems (ASs). Three earlier BGP versions are BGP-1 defined in RFC 1105, BGP-2 defined in RFC 1163, and BGP-3 defined in RFC 1267, and the currently used BGP version is BGP-4 defined in RFC 4271. As an external routing protocol on the Internet, BGP-4 is widely used among Internet Service Providers (ISPs). BGP is an EGP. Different from Interior Gateway Protocols (IGPs) such as Open Shortest Path First (OSPF) and Routing Information Protocol (RIP), BGP controls route advertisement and selects optimal routes between ASs rather than discover or calculate routes. BGP uses the Transport Control Protocol (TCP) with listening port 179 as the transport layer protocol. TCP ensures high reliability and efficiency when BGP advertises, and improves the capability to manage, a large number of routes. BGP supports Classless Inter-Domain Routing (CIDR) and uses triggered incremental updates, greatly reducing the bandwidth consumed by route propagation. Therefore, BGP can be used on the Internet to propagate a large amount of routing information. BGP routes carry the AS-Path attribute to prevent routing loops between ASs. BGP provides rich route attributes and uses these attributes to flexibly filter and control routes. BGP supports a variety of protocols, including IPv4, IPv6, multicast, and VPNv4, has good scalability, and applies to network development. There are two types of BGP peer relationships: Internal BGP (IBGP) and External BGP (EBGP). BGP routers with the same AS number are IBGP peers, while BGP routers with different AS numbers are EBGP peers. BGP peer relationships are established on TCP sessions and must be manually specified.
Objectives
Upon completion of this exercise guide, you will be able to: Configure IBGP and EBGP peer relationships. Change the origin and next hop and configure EBGP multi-hop. Configure BGP authentication. Configure BGP route summarization. Filter BGP routes. Modify the BGP Community attribute. Configure BGP suppression.
Tasks The following topology shows the network of Company A. Deploy the network according to the following requirements: (1) Build the network according to the topology, establish an IBGP peer relationship between R1 and R2 through loopback interfaces, and deploy OSPF. Establish an IBGP peer relationship between R3 and R4 through physical interfaces, establish an EBGP peer relationship between R2 and R5 through loopback interfaces using static routes, and establish an EBGP peer relationship between R1 and R3. (2) Advertise or import the loopback interface of each device into BGP processes, and enable loopback interfaces of all the devices to communicate with each other. 2015-8-31
Huawei Confidential
Page 62 of 226
RIP Hands-on Exercise Guide
Confidentiality Level
(3) Advertise service network segments of R4 and R5 into BGP, and enable these network segments to communicate normally. (4) Optimize BGP routing tables on all the devices so that devices only need to maintain routing entries of service network segments and network segments where loopback interfaces reside. (5) Summarize two service network segments 192.168.20.0/24 and 192.168.30.0/24, and suppress the advertisement of specific routes of service network segment 192.168.30.0/24. The service network segment 192.168.10.0/24 should be advertised. (6) Summarize two service network segments 172.16.10.0/24 and 172.16.20.0/24 on R3, and suppress the advertisement of all the specific routes. (7) Observe communication between service network segments, and solve the sub-optimal route problem on the network. (8) Configure the Community attribute to prevent AS 200 from receiving the routes to service network segment 192.168.20.0/24. (9) Assume that service network segment 172.16.10.0/24 is unstable and often interrupted. Perform the correct configuration to reduce the impact of such interruptions on the entire network. (10) Configure authentication between EBGP peers to improve BGP network security. (11) Change the BGP Keepalive timer to 30 seconds and adjust the BGP Holdtime accordingly on R2.
Topology
IP Address Table Device
R1
R2 2015-8-31
Interface
IP Address
Subnet Mask
Default Gateway
G 0/0/0
10.0.12.1
255.255.255.0
N/A
G 0/0/1
10.0.134.1
255.255.255.0
N/A
Loopback 0
10.0.1.1
255.255.255.255
N/A
G 0/0/0
10.0.25.2
255.255.255.0
N/A
Huawei Confidential
Page 63 of 226
RIP Hands-on Exercise Guide
R3
R4
R5
Confidentiality Level
G 0/0/1
10.0.12.2
255.255.255.0
N/A
Loopback 0
10.0.2.2
255.255.255.255
N/A
G 0/0/1
10.0.134.3
255.255.255.0
N/A
Loopback 0
10.0.3.3
255.255.255.255
N/A
G 0/0/1
10.0.134.4
255.255.255.0
N/A
Loopback 0
10.0.4.4
255.255.255.255
N/A
G 0/0/0
10.0.25.5
255.255.255.0
N/A
Loopback 0
10.0.5.5
255.255.255.255
N/A
Configuration and Verification 1.
Build the network according to the topology, establish an IBGP peer relationship between R1 and R2 through loopback interfaces, and deploy OSPF. Establish an IBGP peer relationship between R3 and R4 through physical interfaces, establish an EBGP peer relationship between R2 and R5 through loopback interfaces using static routes, and establish an EBGP peer relationship between R1 and R3. Perform basic configuration according to the address table, and then check the establishment of BGP peer relationships. After completing this task, run the display bgp peer command to view the BGP peer status. The following uses the display of R1 as an example. Only key information is displayed, while other information is omitted. display bgp peer BGP local router ID : 10.0.1.1 Local AS number : 100 Total number of peers : 2
2.
Peers in established state : 2
Peer
V
AS
MsgRcvd
MsgSent OutQ
Up/Down
State
PrefRcv
10.0.2.2
4
100
64
69
0
01:01:52
Established
1
10.0.134.3
4
200
66
67
0
01:02:35
Established
2
Advertise the loopback interface of each device into BGP processes, and enable loopback interfaces of all the devices to communicate with each other. Default BGP compares routers with IGP when advertising routers. To remind, BGP doesn’t set the route as the best route since default route preference is 255 if there are same routes. Perform configuration to ensure that all of the devices have BGP routes to the loopback interfaces of the devices. After completing this task, run the display bgp routing-table command to view the BGP routing table. The following uses the display of R1 as an example. Only key information is displayed, while other information is omitted.
2015-8-31
Huawei Confidential
Page 64 of 226
RIP Hands-on Exercise Guide
Confidentiality Level
display bgp routing-table BGP Local router ID is 10.0.1.1 Status codes: * - valid, > - best, d - damped, h - history,
i - internal, s - suppressed, S - Stale
Origin : i - IGP, e - EGP, ? - incomplete Total Number of Routes: 14 Network *>
10.0.1.1/32
* i *>
MED
0.0.0.0
0
10.0.2.2 10.0.2.2/32
i
3.
NextHop
1
0.0.0.0 10.0.2.2
*>
10.0.3.3/32
10.0.134.3
*>
10.0.4.4/32
10.0.134.4
*>i
10.0.5.5/32
10.0.2.2
LocPrf
PrefVal Path/Ogn
100
0
i
0
?
1 0
0 100
0
0
0
? i
0
200i
0
200i
0
?
100
Advertise service network segments of R4 and R5 into BGP, and enable these network segments to communicate normally. After completing this task, run the display bgp routing-table command to view the BGP routing table. The following uses the display of R5 as an example. Only key information is displayed, while other information is omitted. [R5]display bgp routing-table BGP Local router ID is 10.0.5.5 Status codes: * - valid, > - best, d - damped, h - history,
i - internal, s - suppressed, S - Stale
Origin : i - IGP, e - EGP, ? - incomplete Total Number of Routes: 11 Network
4.
*>
172.16.10.0/24
*>
172.16.20.0/24
NextHop
MED
10.0.2.2 10.0.2.2
LocPrf
PrefVal Path/Ogn 0 0
100 200i 100 200i
Optimize BGP routing tables on all the devices so that devices only need to maintain routing entries of service network segments and network segments 2015-8-31
Huawei Confidential
Page 65 of 226
RIP Hands-on Exercise Guide
Confidentiality Level
where loopback interfaces reside. After completing this task, run the display bgp routing-table command to view the BGP routing table. The following uses the display of R1 as an example. Only key information is displayed, while other information is omitted. display bgp routing-table BGP Local router ID is 10.0.1.1 Status codes: * - valid, > - best, d - damped, h - history,
i - internal, s - suppressed, S - Stale
Origin : i - IGP, e - EGP, ? - incomplete Total Number of Routes: 11 Network *>
10.0.1.1/32
* i *>
MED
0.0.0.0
0
10.0.2.2 10.0.2.2/32
i
5.
NextHop
1
0.0.0.0 10.0.2.2
*>
10.0.3.3/32
10.0.134.3
*>
10.0.4.4/32
10.0.134.4
*>i
10.0.5.5/32
10.0.2.2
*>
172.16.10.0/24
*>
LocPrf
100
PrefVal Path/Ogn 0
i
0
?
1 0
0 100
0
?
0
i 0
200i
0
200i
0
?
10.0.134.4
0
200i
172.16.20.0/24
10.0.134.4
0
200i
*>i
192.168.10.0
10.0.2.2
0
100
0
300i
*>i
192.168.20.0
10.0.2.2
0
100
0
300i
*>i
192.168.30.0
10.0.2.2
0
100
0
300i
0
100
Summarize two service network segments 192.168.20.0/24 and 192.168.30.0/24, and suppress the advertisement of specific routes of service network segment 192.168.30.0/24.The service network segment 192.168.10.0/24 should be advertised. BGP can use aggregate to filter all the detailed routes which can be released via suppress-policy. Origin-policy can be used to select and advertise summary route, all of which can be implanted via aggregate command. Understand BGP route summarization principles, and configure route summarization using routing policies according to requirements. After completing this task, run the display bgp routing-table command to view the BGP routing table. The following uses the display of R4 as an example. Only key 2015-8-31
Huawei Confidential
Page 66 of 226
RIP Hands-on Exercise Guide
Confidentiality Level
information is displayed, while other information is omitted. display bgp routing-table BGP Local router ID is 10.0.4.4 Status codes: * - valid, > - best, d - damped, h - history,
i - internal, s - suppressed, S - Stale
Origin : i - IGP, e - EGP, ? - incomplete Total Number of Routes: 10 Network *>i
6.
NextHop
192.168.0.0/16
MED
LocPrf
10.0.134.1
PrefVal Path/Ogn
100
0
100 300i
*>i
192.168.10.0
10.0.134.1
100
0
100 300i
*>i
192.168.20.0
10.0.134.1
100
0
100 300i
Summarize two service network segments 172.16.10.0/24 and 172.16.20.0/24 on R3, and suppress the advertisement of all the specific routes. After completing this task, run the display bgp routing-table command to view the BGP routing table. The following uses the display of R5 as an example. Only key information is displayed, while other information is omitted. display bgp routing-table BGP Local router ID is 10.0.5.5 Status codes: * - valid, > - best, d - damped, h - history,
i - internal, s - suppressed, S - Stale
Origin : i - IGP, e - EGP, ? - incomplete Total Number of Routes: 12 Network *>
7.
172.16.0.0
NextHop
MED
10.0.2.2
LocPrf
PrefVal Path/Ogn 0
100 200i
Observe communication between service network segments, and solve the sub-optimal route problem on the network. Under a MA and FR environment, BGP will report the real source of the route to its neighbor if the advertise route and the source route are in the same network. Since R3 has replaced R4 to aggregate detailed routes, R1 cannot arrive R4 and next hop must be adjusted to avoid a sub-optimal route. Check the path along which traffic is transmitted during communication between service network segments, analyze the physical network topology, and avoid affecting other requirements during the configuration. 2015-8-31
Huawei Confidential
Page 67 of 226
RIP Hands-on Exercise Guide
8.
Confidentiality Level
Configure the Community attribute to prevent AS 200 from receiving the routes to service network segment 192.168.20.0/24. Transfer of route can be limited via set the community, including Internet、No-advertise、 No-export、No-export-subconfed, etc. After completing this task, run the display bgp routing-table community command to view the BGP Community attribute. The following uses the display of R1 as an example. Only key information is displayed, while other information is omitted. display bgp routing-table community BGP Local router ID is 10.0.1.1 Status codes: * - valid, > - best, d - damped, h - history,
i - internal, s - suppressed, S - Stale
Origin : i - IGP, e - EGP, ? - incomplete Total Number of Routes: 1
*>i
9.
Network
NextHop
MED
LocPrf
192.168.20.0
10.0.5.5
0
100
PrefVal Community 0
no-export
Assume that service network segment 172.16.10.0/24 is unstable and often interrupted. Perform the correct configuration to reduce the impact of such interruptions on the entire network. Dampening of BGP can be used to reduce route fluctuation. Analyze the requirement, add correct configuration, and verify the configuration. After completing this task, run the display bgp routing-table dampening parameter command to view the BGP dampening. The following uses the display of R4 as an example. Only key information is displayed, while other information is omitted. display bgp routing-table dampening parameter Maximum Suppress Time(in
second) : 3973
Ceiling Value
: 16000
Reuse Value
: 750
HalfLife Time(in
second)
: 900
Suppress-Limit
: 2000
Route-policy
: damp
10. Configure authentication between EBGP peers to improve BGP network security. Configure authentication between two EBGP peers, and set the password to huawei. After completing this task, run the display bgp peer 10.0.5.5 verbose command to view the BGP peer. The following uses the display of R2 as an example. Only key information is 2015-8-31
Huawei Confidential
Page 68 of 226
RIP Hands-on Exercise Guide
Confidentiality Level
displayed, while other information is omitted. [R2]display bgp peer 10.0.5.5 verbose BGP Peer is 10.0.5.5,
remote AS 300
Type: EBGP link BGP version 4, Remote router ID 10.0.5.5 Update-group ID: 0 BGP current state: Established, Up for 00h08m00s BGP current event: KATimerExpired BGP last state: OpenConfirm Authentication type configured: MD5
11. Change the BGP Keepalive timer to 30 seconds and adjust the BGP Holdtime accordingly on R2. Learn about the working principles of BGP timers and know how to adjust the timers. After completing this task, run the display bgp peer 10.0.2.2 verbose command to view the BGP peer. The following uses the display of R1 as an example. Only key information is displayed, while other information is omitted. display bgp peer 10.0.2.2 verbose BGP Peer is 10.0.2.2,
remote AS 100
Type: IBGP link BGP version 4, Remote router ID 10.0.2.2 Update-group ID: 1 BGP current state: Established, Up for 00h03m28s BGP current event: RecvKeepalive BGP last state: OpenConfirm BGP Peer Up count: 1 Received total routes: 6 Received active routes total: 4 Advertised total routes: 5 Port:
Local - 179
Remote - 49184
Configured: Connect-retry Time: 32 sec Configured: Active Hold Time: 180 sec
2015-8-31
Huawei Confidential
Keepalive Time:60 sec
Page 69 of 226
RIP Hands-on Exercise Guide Received
Confidentiality Level
: Active Hold Time: 90 sec
Negotiated: Active Hold Time: 90 sec
Keepalive Time:30 sec
Questions If the sub-optimal route is found in requirement 7, how many methods are available to solve this problem? If no such problem occurs, do you know why? To ensure R3 give priority to aggregate route from R4, R4 must aggregate routes and restrain detailed routes. Because of the default character of BGP, A true next hop from R3 to R1 will ensure the generation of a sub-optimal route. R1 can use route-policy to modify the router’s next hop from R3, but output interface cannot be used since there is only one.
Configuration List display current-configuration # sysname R1 # acl number 2000 rule 5 permit source 10.0.2.2 0 # interface GigabitEthernet0/0/0 ip address 10.0.12.1 255.255.255.0 # interface GigabitEthernet0/0/1 ip address 10.0.134.1 255.255.255.0 # interface LoopBack0 ip address 10.0.1.1 255.255.255.255 # bgp 100 router-id 10.0.1.1 peer 10.0.2.2 as-number 100
2015-8-31
Huawei Confidential
Page 70 of 226
RIP Hands-on Exercise Guide
Confidentiality Level
peer 10.0.2.2 connect-interface LoopBack0 peer 10.0.134.3 as-number 200 peer 10.0.134.3 password simple huawei # ipv4-family unicast undo synchronization network 10.0.1.1 255.255.255.255 import-route ospf 1 route-policy O2B peer 10.0.2.2 enable peer 10.0.2.2 next-hop-local peer 10.0.134.3 enable peer 10.0.134.3 advertise-community # ospf 1 router-id 10.0.1.1 area 0.0.0.0 network 10.0.1.1 0.0.0.0 network 10.0.12.1 0.0.0.0 # route-policy O2B permit node 10 if-match acl 2000 # return
display current-configuration # sysname R2 # acl number 2000 rule 5 permit source 10.0.5.5 0
2015-8-31
Huawei Confidential
Page 71 of 226
RIP Hands-on Exercise Guide
Confidentiality Level
acl number 2001 rule 5 permit source 10.0.1.1 0 # interface GigabitEthernet0/0/0 ip address 10.0.25.2 255.255.255.0 # interface GigabitEthernet0/0/1 ip address 10.0.12.2 255.255.255.0 # interface LoopBack0 ip address 10.0.2.2 255.255.255.255 # bgp 100 router-id 10.0.2.2 timer keepalive 30 hold 90 peer 10.0.1.1 as-number 100 peer 10.0.1.1 connect-interface LoopBack0 peer 10.0.5.5 as-number 300 peer 10.0.5.5 ebgp-max-hop 2 peer 10.0.5.5 connect-interface LoopBack0 peer 10.0.5.5 password simple huawei # ipv4-family unicast undo synchronization network 10.0.2.2 255.255.255.255 import-route static route-policy S2B import-route ospf 1 route-policy O2B peer 10.0.1.1 enable peer 10.0.1.1 advertise-community
2015-8-31
Huawei Confidential
Page 72 of 226
RIP Hands-on Exercise Guide
Confidentiality Level
peer 10.0.5.5 enable # ospf 1 router-id 10.0.2.2 area 0.0.0.0 network 10.0.2.2 0.0.0.0 network 10.0.12.2 0.0.0.0 # route-policy S2B permit node 10 if-match acl 2000 route-policy O2B permit node 10 if-match acl 2001 # ip route-static 10.0.5.5 255.255.255.255 10.0.25.5 # return
display current-configuration # sysname R3 # interface GigabitEthernet0/0/1 ip address 10.0.134.3 255.255.255.0 # interface LoopBack0 ip address 10.0.3.3 255.255.255.255 # bgp 200 router-id 10.0.3.3 peer 10.0.134.1 as-number 100
2015-8-31
Huawei Confidential
Page 73 of 226
RIP Hands-on Exercise Guide
Confidentiality Level
peer 10.0.134.1 password simple huawei peer 10.0.134.4 as-number 200 # ipv4-family unicast undo synchronization aggregate 172.16.0.0 255.255.0.0 detail-suppressed network 10.0.3.3 255.255.255.255 peer 10.0.134.1 enable peer 10.0.134.4 enable peer 10.0.134.4 next-hop-local # return
display current-configuration # sysname R4 # acl number 2000 rule 5 permit source 172.16.10.0 0.0.0.255 # interface GigabitEthernet0/0/1 ip address 10.0.134.4 255.255.255.0 # interface LoopBack0 ip address 10.0.4.4 255.255.255.255 # interface LoopBack1 ip address 172.16.10.1 255.255.255.0 #
2015-8-31
Huawei Confidential
Page 74 of 226
RIP Hands-on Exercise Guide
Confidentiality Level
interface LoopBack2 ip address 172.16.20.1 255.255.255.0 # bgp 200 router-id 10.0.4.4 peer 10.0.134.3 as-number 200 # ipv4-family unicast undo synchronization dampening route-policy damp aggregate 172.16.0.0 255.255.0.0 detail-suppressed network 10.0.4.4 255.255.255.255 network 172.16.10.0 255.255.255.0 network 172.16.20.0 255.255.255.0 peer 10.0.134.3 enable # route-policy damp permit node 10 if-match acl 2000 # return
display current-configuration # sysname R5 # acl number 2000 rule 5 permit source 192.168.20.0 0.0.0.255 acl number 2001 rule 5 permit source 192.168.30.0 0.0.0.255
2015-8-31
Huawei Confidential
Page 75 of 226
RIP Hands-on Exercise Guide
Confidentiality Level
# interface GigabitEthernet0/0/0 ip address 10.0.25.5 255.255.255.0 # interface LoopBack0 ip address 10.0.5.5 255.255.255.255 # interface LoopBack1 ip address 192.168.10.1 255.255.255.0 # interface LoopBack2 ip address 192.168.20.1 255.255.255.0 # interface LoopBack3 ip address 192.168.30.1 255.255.255.0 # bgp 300 router-id 10.0.5.5 peer 10.0.2.2 as-number 100 peer 10.0.2.2 ebgp-max-hop 2 peer 10.0.2.2 connect-interface LoopBack0 peer 10.0.2.2 password simple huawei # ipv4-family unicast undo synchronization aggregate 192.168.0.0 255.255.0.0 suppress-policy sup origin-policy ori network 10.0.5.5 255.255.255.255 network 192.168.10.0 network 192.168.20.0
2015-8-31
Huawei Confidential
Page 76 of 226
RIP Hands-on Exercise Guide
Confidentiality Level
network 192.168.30.0 import-route static peer 10.0.2.2 enable peer 10.0.2.2 route-policy comm_r5 export peer 10.0.2.2 advertise-community # route-policy sup permit node 10 if-match acl 2001 # route-policy ori deny node 10 if-match acl 2000 # route-policy ori permit node 20 # route-policy comm_r5 permit node 10 if-match acl 2000 apply community no-export # route-policy comm_r5 permit node 20 # ip route-static 10.0.2.2 255.255.255.255 10.0.25.2 # return
Chapter 5 BGP Advanced Hands-on Exercise Guide Overview Multiple routes to the same destination may exist in a BGP routing table. BGP selects the optimal route from the multiple routes and sends only the optimal route to peers. To select the optimal route, BGP compares the BGP attributes of the routes according to BGP route selection rules. BGP attributes are a set of parameters that describe routes. 2015-8-31
Huawei Confidential
Page 77 of 226
RIP Hands-on Exercise Guide
Confidentiality Level
BGP attributes are classified into four types: Well-known mandatory attributes: This type of attribute can be identified by all the BGP routers and must be carried in Update messages. Without this type of attribute, errors occur in routing information. For example, the Origin, AS-Path, and Next_Hop attributes are well-known mandatory attributes. Well-known discretionary attributes: This type of attribute can be identified by all the BGP routers and is not necessarily carried in Update messages. Errors do not occur in routing information even if this type of attribute is not available. For example, the Local_Pref attribute is a well-known discretionary attribute. Optional transitive attributes: A BGP router may not recognize this type of attribute, but it still accepts these attributes and advertises them to other peers. For example, the Community attribute is an optional transitive attribute. Optional non-transitive attributes: If a BGP router does not recognize this type of attribute, it ignores these attributes and does not advertise them to other peers. For example, the MED attribute is an optional non-transitive attribute. When there are multiple routes to the same destination, BGP compares the following attributes in sequence to select the optimal route: Prefers the route with the largest PrefVal value. Prefers the route with the highest Local_Pref. Prefers the manually summarized route, automatically summarized route, route imported using the network command, route imported using the import-route command, and route learned from peers in sequence. Prefers the route with the shortest AS-Path. Prefers the route with the lowest origin type. IGP is lower than EGP, and EGP is lower than Incomplete. Prefers the route with the lowest MED among the routes from the same AS. Prefers an EBGP route (the preference of an EBGP route is higher than that of an IBGP route). Prefers the route with the lowest IGP metric to the BGP next hop. Prefers the route with the shortest Cluster_List. Prefers the route advertised by the router with the smallest router ID. Prefers the route learned from the peer with the lowest IP address. The PrefVal attribute is a Huawei proprietary attribute and is valid only on the device where it is configured. If a route does not have the local preference, BGP calculates its local preference as the default value of 100. When there are multiple equal-cost routes to the same destination, you can perform load balancing among these routes to load balance traffic. Equal-cost BGP routes can be generated for traffic load balancing only when the first eight attributes described in "BGP Route Selection Rules" are the same.
Objectives
Upon completion of this exercise guide, you will be able to: Understand BGP route advertisement rules. Understand BGP route selection rules. Explain BGP route reflector functions. Modify the AS-Path attribute. Modify the MED attribute. Modify the Next_Hop attribute. Configure a BGP route reflector.
Tasks The following topology shows the network of a company. In the topology, R4, R5, R6, and R7 are routers in the headquarters. R1 and R3 are routers in two different branches. R2 is a carrier's network device. Different service network segments are defined on R1 and R3. 2015-8-31
Huawei Confidential
Page 78 of 226
RIP Hands-on Exercise Guide
(1) (2) (3) (4)
(5)
(6)
(7)
Confidentiality Level
Network segments 192.168.10.0/24 and 172.16.10.0/24 are used by service A, and network segments 192.168.20.0/24 and 172.16.20.0/24 are used by service B. Leased lines are deployed between two branches and the headquarters so that service network segments on devices in two branches can access each other through the carrier's network device or through the headquarters' devices over leased lines. Deploy the network according to the following requirements: Build the network according to the topology, and establish EBGP peer relationships between devices in different ASs through directly connected interfaces. Establish IBGP peer relationships between R4 and R5, between R5 and R7, between R7 and R6, and between R6 and R4 through loopback interfaces. Deploy OSPF as an IGP. Ensure that all service network segments, and the network segments where loopback interfaces Loopback 0 of all devices reside, access each other through BGP routes. Enable traffic of service network segment A to be forwarded by the carrier's network device, and traffic of service network segment B to be forwarded by leased lines, in order to make full use of network resources. Make the network administrator periodically check lines. After the link costs of IGPs are adjusted, all the traffic that passes through the AS of the headquarters is forwarded along the path R4->R5->R7->R6. Forward traffic of service network segment B along the path R4->R6, because this network segment has a high volume of traffic. Ensure that the optimal route selected by BGP is the same as the actual forwarding path. Reconstruct the headquarters' network, retain the existing configuration, and add configuration to disable R5 and R7 from participating in BGP route selection.
Topology
IP Address Table Device
Interface
R1
G 0/0/0
2015-8-31
IP Address 10.0.14.1
Huawei Confidential
Subnet Mask 255.255.255.0
Default Gateway N/A Page 79 of 226
RIP Hands-on Exercise Guide
Confidentiality Level
G 0/0/1
10.0.12.1
255.255.255.0
N/A
Loopback 0
10.0.1.1
255.255.255.255
N/A
G 0/0/0
10.0.12.2
255.255.255.0
N/A
G 0/0/1
10.0.23.2
255.255.255.0
N/A
Loopback 0
10.0.2.2
255.255.255.255
N/A
G 0/0/0
10.0.23.3
255.255.255.0
N/A
G 0/0/1
10.0.36.3
255.255.255.0
N/A
Loopback 0
10.0.3.3
255.255.255.255
N/A
G 0/0/0
10.0.45.4
255.255.255.0
N/A
G 0/0/1
10.0.14.4
255.255.255.0
N/A
G 0/0/2
10.0.46.4
255.255.255.0
N/A
Loopback 0
10.0.4.4
255.255.255.255
N/A
G 0/0/0
10.0.57.5
255.255.255.0
N/A
G 0/0/1
10.0.45.5
255.255.255.0
N/A
Loopback 0
10.0.5.5
255.255.255.255
N/A
G 0/0/0
10.0.36.6
255.255.255.0
N/A
G 0/0/1
10.0.67.6
255.255.255.0
N/A
G 0/0/2
10.0.46.6
255.255.255.0
N/A
Loopback 0
10.0.6.6
255.255.255.255
N/A
G 0/0/0
10.0.67.7
255.255.255.0
N/A
G 0/0/1
10.0.57.7
255.255.255.0
N/A
Loopback 0
10.0.5.5
255.255.255.255
N/A
R2
R3
R4
R5
R6
R7
Configuration and Verification 1.
Build the network according to the topology, and establish EBGP peer relationships between devices in different ASs through directly connected interfaces. Perform basic configuration according to the address table, and then check the establishment of BGP peer relationships. After completing this task, run the display bgp peer command to view BGP peer information. The following uses the display of R1 as an example. Only key information is displayed, while other information is omitted. display bgp peer BGP local router ID : 10.0.1.1 Local AS number : 100 Total number of peers : 2
2015-8-31
Peers in established state : 2
Huawei Confidential
Page 80 of 226
RIP Hands-on Exercise Guide
2.
MsgRcvd
Confidentiality Level
Peer
V
AS
MsgSent OutQ
Up/Down
State
PrefRcv
10.0.12.2
4
100
22
23
0
00:15:16
Established
3
10.0.14.4
4
400
17
22
0
00:14:24
Established
1
Establish IBGP peer relationships between R4 and R5, between R5 and R7, between R7 and R6, and between R6 and R4 through loopback interfaces. Deploy OSPF as an IGP. Configuration commands are required when peer relationships are established through loopback interfaces. After completing this task, run the display ospf peer brief command to view OSPF peer information, run the display bgp peer command to view BGP peer information. The following uses the display of R4 as an example. Only key information is displayed, while other information is omitted. [R4]display ospf peer brief OSPF Process 1 with Router ID 10.0.4.4 Peer Statistic Information ---------------------------------------------------------------------------Area Id
Interface
Neighbor id
State
0.0.0.0
GigabitEthernet0/0/0
10.0.5.5
Full
0.0.0.0
GigabitEthernet0/0/2
10.0.6.6
Full
----------------------------------------------------------------------------
[R4]display bgp peer BGP local router ID : 10.0.4.4 Local AS number : 400 Total number of peers : 3 Peer
3.
V
AS
Peers in established state : 2 MsgRcvd
MsgSent
OutQ
Up/Down
State PrefRcv
10.0.5.5
4
400
0
0
0 00:04:19 Established
0
10.0.6.6
4
400
12
13
0 00:03:15 Established
0
10.0.14.1
4
100
18
12
0 00:03:47 Established
0
Ensure that all service network segments, and the network segments where loopback interfaces Loopback 0 of all devices reside, access each other through BGP routes. 2015-8-31
Huawei Confidential
Page 81 of 226
RIP Hands-on Exercise Guide
Confidentiality Level
After completing this task, run the display bgp routing-table command to view the BGP routing table. The following uses the display of R1 as an example. Only key information is displayed, while other information is omitted. display bg routing-table BGP Local router ID is 10.0.1.1 Status codes: * - valid, > - best, d - damped, h - history,
i - internal, s - suppressed, S - Stale
Origin : i - IGP, e - EGP, ? - incomplete Total Number of Routes: 14 Network
MED
LocPrf
PrefVal Path/Ogn
*>
10.0.1.1/32
0.0.0.0
0
0
i
*>
10.0.2.2/32
10.0.12.2
0
0
200i
*>
10.0.3.3/32
10.0.12.2
0
200 300i
*
10.0.14.4
0
400 300i
*>
10.0.4.4/32
10.0.14.4
0
0
400i
*>
10.0.5.5/32
10.0.14.4
1
0
400?
*>
10.0.6.6/32
10.0.12.2
0
200 300 400i
*>
10.0.7.7/32
10.0.14.4
0
400?
*>
172.16.10.0/24
* *>
172.16.20.0/24
*
4.
NextHop
10.0.12.2
0
200 300i
10.0.14.4
0
400 300i
10.0.12.2
0
200 300i
10.0.14.4
0
400 300i
*>
192.168.10.0
0.0.0.0
0
0
i
*>
192.168.20.0
0.0.0.0
0
0
i
Enable traffic of service network segment A to be forwarded by the carrier's network device, and traffic of service network segment B to be forwarded by leased lines, in order to make full use of network resources. Understand the AS-Path attribute principles and modify the attribute accordingly. After completing this task, run the display bgp routing-table command to view the BGP routing table. The following uses the display of R1 as an example. Only key information is displayed, while other information is omitted. display bgp routing-table
2015-8-31
Huawei Confidential
Page 82 of 226
RIP Hands-on Exercise Guide
Confidentiality Level
BGP Local router ID is 10.0.1.1 Status codes: * - valid, > - best, d - damped, h - history,
i - internal, s - suppressed, S - Stale
Origin : i - IGP, e - EGP, ? - incomplete Total Number of Routes: 14 Network *>
NextHop
172.16.10.0/24
172.16.20.0/24
*
LocPrf
10.0.12.2
* *>
MED
PrefVal Path/Ogn 0
200 300i
10.0.14.4
0
400 300i
10.0.14.4
0
400 300i
10.0.12.2
0
200 200 200 300i
tracert -a 192.168.10.1 172.16.10.1 traceroute to
172.16.10.1(172.16.10.1), max hops: 30 ,packet length: 40,press
CTRL_C to break 1 10.0.12.2 90 ms 2 10.0.23.3 120 ms
50 ms
50 ms
60 ms
50 ms
tracert -a 192.168.20.1 172.16.20.1 traceroute to
172.16.20.1(172.16.20.1), max hops: 30 ,packet length: 40,press
CTRL_C to break 1 10.0.14.4 40 ms
30 ms
50 ms
2 10.0.46.6 60 ms
80 ms
60 ms
3 10.0.36.3 100 ms
120 ms
80 ms
MED is used to control the channel of inbound traffic from external AS, compare of MED is limited in only one AS by default, but it can be modified to compare among different AS. The less MED is, the better. BGP can modify the value of MED. Understand the MED attribute principles, learn how to configure the attribute, and modify the attribute accordingly. After completing this task, run the display bgp routing-table command to view the BGP routing table. The following uses the display of R3 as an example. Only key information is displayed, while other information is omitted. display bgp routing-table
2015-8-31
Huawei Confidential
Page 83 of 226
RIP Hands-on Exercise Guide
Confidentiality Level
BGP Local router ID is 10.0.3.3 Status codes: * - valid, > - best, d - damped, h - history,
i - internal, s - suppressed, S - Stale
Origin : i - IGP, e - EGP, ? - incomplete Total Number of Routes: 16 Network *>
192.168.10.0
* *>
192.168.20.0
*
NextHop
MED
10.0.23.2
LocPrf PrefVal Path/Ogn 0
200 100i
10.0.36.6
0
400 100i
10.0.36.6
0
400 100i
0
200 100i
10.0.23.2
200
tracert -a 172.16.10.1 192.168.10.1 traceroute to
192.168.10.1(192.168.10.1), max hops: 30 ,packet length: 40,press
CTRL_C to break 1 10.0.23.2 10 ms
40 ms
40 ms
2 10.0.12.1 70 ms
60 ms
40 ms
tracert -a 172.16.20.1 192.168.20.1 traceroute to
192.168.20.1(192.168.20.1), max hops: 30 ,packet length: 40,press
CTRL_C to break 1 10.0.36.6 10 ms
50 ms
30 ms
2 10.0.46.4 80 ms
60 ms
80 ms
3 10.0.14.1 110 ms
5.
80 ms
70 ms
Make the network administrator periodically check lines. After the link costs of IGPs are adjusted, all the traffic that passes through the AS of the headquarters is forwarded along the path R4->R5->R7->R6. Based on the principle of split-horizon among IBGP neighbors, R5 has no access to the service network segment 172.16.20.0, R7 has no access to the service network segment 192.168.20.0. We can import BGP routes into OSPF so that R5 and R7 can get access under IGP. When OSPF imports BGP as external route, the other OSPF routers will choose the nearest ASBR by default, during which path can be modified by cost of interface, which is 2015-8-31
Huawei Confidential
Page 84 of 226
RIP Hands-on Exercise Guide
Confidentiality Level
one by default. After completing this task, run the display ip routing-table command to view routing-table information. The following uses the display of R4 and R6 as an example. Only key information is displayed, while other information is omitted. [R4]display ip routing-table Route Flags: R - relay, D - download to fib ----------------------------------------------------------------------------Routing Tables: Public Destinations : 21 Destination/Mask 172.16.10.0/24
Proto
Routes : 22 Pre
Cost
Flags NextHop
IBGP
255
0
RD
O_ASE
150
1
D
Interface
10.0.6.6
GigabitEthernet0/0/2 172.16.20.0/24
10.0.45.5
GigabitEthernet0/0/0
[R4]display ospf routing OSPF Process 1 with Router ID 10.0.4.4 Routing Tables Routing for ASEs Destination
Cost
172.16.20.0/24
1
Type
Tag
NextHop
AdvRouter
Type2
1
10.0.46.6
10.0.6.6
[R4]display ospf interface OSPF Process 1 with Router ID 10.0.4.4 Interfaces Area: 0.0.0.0
(MPLS TE not enabled)
IP Address
Type
10.0.45.4
Broadcast
10.0.46.4
Broadcast
2015-8-31
State
Cost
Pri
BDR
1
1
10.0.45.5
10.0.45.4
BDR
100
1
10.0.46.6
10.0.46.4
Huawei Confidential
DR
BDR
Page 85 of 226
RIP Hands-on Exercise Guide 10.0.4.4
Confidentiality Level
P2P
P-2-P
0
1
0.0.0.0
0.0.0.0
[R6]display ospf routing OSPF Process 1 with Router ID 10.0.6.6 Routing Tables Routing for ASEs Destination
Cost
192.168.20.0/24
1
Type
Tag
NextHop
AdvRouter
Type2
1
10.0.67.7
10.0.4.4
tracert -a 192.168.20.1 172.16.20.1 traceroute to
172.16.20.1(172.16.20.1), max hops: 30 ,packet length: 40,press
CTRL_C to break
6.
1 10.0.14.4 30 ms
30 ms
30 ms
2 10.0.45.5 80 ms
70 ms
40 ms
3 10.0.57.7 130 ms
110 ms
70 ms
4 10.0.67.6 100 ms
120 ms
160 ms
5 10.0.36.3 120 ms
210 ms
110 ms
Forward traffic of service network segment B along the path R4->R6, because this network segment has a high volume of traffic. Ensure that the optimal route selected by BGP is the same as the actual forwarding path. IBGP cannot transfer route because of the principle of split-horizon, so we need to use full mesh topology or router-reflector to realize. Since the default route preference of BGP is 255 and OSPF is 150, we must decrease the BGP’s route preference to choose path. Understand BGP route selection rules and route-reflectors, analyze the routing table, and perform configuration based on routing policies. After completing this task, run the display bgp routing-table command to view the BGP routing table. The following uses the display of R6 and R4as an example. Only key information is displayed, while other information is omitted. [R4]display bgp routing-table BGP Local router ID is 10.0.4.4 Status codes: * - valid, > - best, d - damped, h - history,
2015-8-31
i - internal, s - suppressed, S - Stale
Huawei Confidential
Page 86 of 226
RIP Hands-on Exercise Guide
Confidentiality Level
Origin : i - IGP, e - EGP, ? - incomplete Total Number of Routes: 18 Network *>i
NextHop
172.16.10.0/24
10.0.6.6
* i
10.0.6.6
*
10.0.14.1
*>i
MED
172.16.20.0/24
* i
LocPrf
0
PrefVal Path/Ogn
100
0
100
0
300i
0
300i
0
10.0.46.6 10.0.6.6
0
100 200 300i
100
0
100
0 0
300i 300i
*>
192.168.10.0
10.0.14.1
0
0
100i
*>
192.168.20.0
10.0.14.1
0
0
100i
[R4]display ip routing-table Route Flags: R - relay, D - download to fib ----------------------------------------------------------------------------Routing Tables: Public Destinations : 21 Destination/Mask 172.16.20.0/24
Routes : 21
Proto
IBGP
Pre
100
Cost
0
Flags NextHop RD
10.0.46.6
Interface GigabitEthernet0/0/2
[R6]display bgp routing-table BGP Local router ID is 10.0.6.6 Status codes: * - valid, > - best, d - damped, h - history,
i - internal, s - suppressed, S - Stale
Origin : i - IGP, e - EGP, ? - incomplete Total Number of Routes: 18 Network *> *>
2015-8-31
172.16.10.0/24 172.16.20.0/24
NextHop 10.0.36.3
MED 0
10.0.36.3
Huawei Confidential
0
LocPrf
PrefVal Path/Ogn 0 0
300i 300i
Page 87 of 226
RIP Hands-on Exercise Guide *>i
192.168.10.0
Confidentiality Level
10.0.4.4
* i
10.0.4.4
*
10.0.36.3
*>i
192.168.20.0
* i
0
100
0
100
0 0
100i
0
10.0.46.4 10.0.4.4
0
100
0
100
300 200 100i 0
0
100i
100i 100i
[R6-ospf-1]display ip routing-table Route Flags: R - relay, D - download to fib ----------------------------------------------------------------------------Routing Tables: Public Destinations : 21 Destination/Mask 192.168.20.0/24
Routes : 21
Proto
Pre
Cost
Flags NextHop
IBGP
100
0
RD
Interface
10.0.46.4
GigabitEthernet0/0/2
tracert -a 192.168.20.1 172.16.20.1 traceroute to
172.16.20.1(172.16.20.1), max hops: 30 ,packet length: 40,press
CTRL_C to break 1 10.0.14.4 30 ms
50 ms
60 ms
2 10.0.46.6 30 ms
80 ms
90 ms
3 10.0.36.3 100 ms
7.
70 ms
70 ms
Reconstruct the headquarters' network, retain the existing configuration, and add configuration to disable R5 and R7 from participating in BGP route selection. BGP can use the command peer ignore to suspend the neighbor relationship with other BGP routers. BGP establishes neighbors with three-hands mechanism, one side has to initiate TCP connection. Otherwise, TCP connection will fail. Peer listen-only command is passive to TCP connection, so both sides must be enabled at the same time. After completing this task, run the display bgp peer command on R4 and R6 to view BGP peer information. Only key information is displayed, while other information is omitted. 2015-8-31
Huawei Confidential
Page 88 of 226
RIP Hands-on Exercise Guide
Confidentiality Level
display bgp peer BGP local router ID : 10.0.4.4 Local AS number : 400 Total number of peers : 3 Peer
V
AS
Peers in established state : 2
MsgRcvd
10.0.5.5
4
400
0
10.0.6.6
4
400
65
10.0.14.1
4
100
253
MsgSent
OutQ
0
0
69
0
206
0
Up/Down 00:59:43
State
PrefRcv
Idle(Admin)
0
00:53:18
Established
6
03:00:59
Established
6
display bgp peer BGP local router ID : 10.0.6.6 Local AS number : 400 Total number of peers : 3 Peer
Peers in established state : 2
V
AS
MsgRcvd
MsgSent
OutQ
10.0.4.4
4
400
69
66
10.0.7.7
4
400
0
0
0
00:54:00
10.0.36.3
4
300
88
65
0
00:53:29
0
Up/Down
State
PrefRcv
00:53:28
Established Idle Established
6 0 6
Questions Why BGP routes to service network segments on the devices in AS 400 have two routing entries with the same next hop? Since R5 and R7 in AS400 are both router reflector, they don’t modify the next hop adds when reflecting routers, that is, the router is all the same. Are there multiple methods to meet requirement 6 and which method is the best one? Imported from BGP to OSPF can be cancelled, after which BGP will have no need to modify the router preference, and only the next hop adds is needed to modified, so that the suboptimal route can b avoided. Comparatively, Cancelling importing BGP to OSPF is better. What problems occur on the network after requirement 7 is met and why do these problems occur? When R5 and R7 are not involved in election, Business B must transfer traffic via AS200 other than AS200 if the connection between R4 and R6 is broken down.
Configuration List display current-configuration #
2015-8-31
Huawei Confidential
Page 89 of 226
RIP Hands-on Exercise Guide
Confidentiality Level
sysname R1 # interface GigabitEthernet0/0/0 ip address 10.0.14.1 255.255.255.0 # interface GigabitEthernet0/0/1 ip address 10.0.12.1 255.255.255.0 # interface LoopBack0 ip address 10.0.1.1 255.255.255.255 # interface LoopBack1 ip address 192.168.10.1 255.255.255.0 # interface LoopBack2 ip address 192.168.20.1 255.255.255.0 # bgp 100 router-id 10.0.1.1 peer 10.0.12.2 as-number 200 peer 10.0.14.4 as-number 400 # ipv4-family unicast undo synchronization network 10.0.1.1 255.255.255.255 network 192.168.10.0 network 192.168.20.0 peer 10.0.12.2 enable peer 10.0.14.4 enable
2015-8-31
Huawei Confidential
Page 90 of 226
RIP Hands-on Exercise Guide
Confidentiality Level
# return
display current-configuration # sysname R2 # acl number 2000 rule 5 permit source 172.16.20.0 0.0.0.255 acl number 2001 rule 5 permit source 192.168.20.0 0.0.0.255 # interface GigabitEthernet0/0/0 ip address 10.0.12.2 255.255.255.0 # interface GigabitEthernet0/0/1 ip address 10.0.23.2 255.255.255.0 # interface LoopBack0 ip address 10.0.2.2 255.255.255.255 # bgp 200 router-id 10.0.2.2 peer 10.0.12.1 as-number 100 peer 10.0.12.1 timer keepalive 30 hold 90 peer 10.0.23.3 as-number 300 peer 10.0.23.3 timer keepalive 30 hold 90 # ipv4-family unicast
2015-8-31
Huawei Confidential
Page 91 of 226
RIP Hands-on Exercise Guide
Confidentiality Level
undo synchronization network 10.0.2.2 255.255.255.255 peer 10.0.12.1 enable peer 10.0.12.1 route-policy AS export peer 10.0.23.3 enable peer 10.0.23.3 route-policy MED export # route-policy AS permit node 10 if-match acl 2000 apply as-path 200 200 additive # route-policy AS permit node 20 # route-policy MED permit node 10 if-match acl 2001 apply cost 200 # route-policy MED permit node 20 # return
display current-configuration # sysname R3 # interface GigabitEthernet0/0/0 ip address 10.0.23.3 255.255.255.0 # interface GigabitEthernet0/0/1
2015-8-31
Huawei Confidential
Page 92 of 226
RIP Hands-on Exercise Guide
Confidentiality Level
ip address 10.0.36.3 255.255.255.0 # interface LoopBack0 ip address 10.0.3.3 255.255.255.255 # interface LoopBack1 ip address 172.16.10.1 255.255.255.0 # interface LoopBack2 ip address 172.16.20.1 255.255.255.0 # bgp 300 router-id 10.0.3.3 peer 10.0.23.2 as-number 200 peer 10.0.36.6 as-number 400 # ipv4-family unicast undo synchronization compare-different-as-med network 10.0.3.3 255.255.255.255 network 172.16.10.0 255.255.255.0 network 172.16.20.0 255.255.255.0 peer 10.0.23.2 enable peer 10.0.36.6 enable # return
display current-configuration #
2015-8-31
Huawei Confidential
Page 93 of 226
RIP Hands-on Exercise Guide
Confidentiality Level
sysname R4 # acl number 2000 rule 5 permit source 10.0.5.5 0 acl number 2001 rule 5 permit source 192.168.20.0 0.0.0.255 # interface GigabitEthernet0/0/0 ip address 10.0.45.4 255.255.255.0 # interface GigabitEthernet0/0/1 ip address 10.0.14.4 255.255.255.0 # interface GigabitEthernet0/0/2 ip address 10.0.46.4 255.255.255.0 ospf cost 100 # interface LoopBack0 ip address 10.0.4.4 255.255.255.255 # bgp 400 router-id 10.0.4.4 peer 10.0.5.5 as-number 400 peer 10.0.5.5 ignore peer 10.0.5.5 connect-interface LoopBack0 peer 10.0.6.6 as-number 400 peer 10.0.6.6 connect-interface LoopBack0 peer 10.0.14.1 as-number 100 #
2015-8-31
Huawei Confidential
Page 94 of 226
RIP Hands-on Exercise Guide
Confidentiality Level
ipv4-family unicast undo synchronization preference 255 100 255 network 10.0.4.4 255.255.255.255 import-route ospf 1 route-policy O2B peer 10.0.5.5 enable peer 10.0.5.5 next-hop-local peer 10.0.6.6 enable peer 10.0.6.6 route-policy local export peer 10.0.6.6 next-hop-local peer 10.0.14.1 enable # ospf 1 router-id 10.0.4.4 import-route bgp route-policy B2O area 0.0.0.0 network 10.0.4.4 0.0.0.0 network 10.0.45.4 0.0.0.0 network 10.0.46.4 0.0.0.0 # route-policy O2B permit node 10 if-match acl 2000 # route-policy local permit node 10 if-match acl 2001 apply ip-address next-hop 10.0.46.4 # route-policy local permit node 20 # route-policy B2O permit node 10
2015-8-31
Huawei Confidential
Page 95 of 226
RIP Hands-on Exercise Guide
Confidentiality Level
if-match acl 2001 # return
display current-configuration # sysname R5 # interface GigabitEthernet0/0/0 ip address 10.0.57.5 255.255.255.0 # interface GigabitEthernet0/0/1 ip address 10.0.45.5 255.255.255.0 # interface LoopBack0 ip address 10.0.5.5 255.255.255.255 # bgp 400 router-id 10.0.5.5 peer 10.0.4.4 as-number 400 peer 10.0.4.4 connect-interface LoopBack0 peer 10.0.7.7 as-number 400 peer 10.0.7.7 connect-interface LoopBack0 # ipv4-family unicast undo synchronization reflector cluster-id 1 network 10.0.5.5 255.255.255.255 peer 10.0.4.4 enable
2015-8-31
Huawei Confidential
Page 96 of 226
RIP Hands-on Exercise Guide
Confidentiality Level
peer 10.0.4.4 reflect-client peer 10.0.7.7 enable peer 10.0.7.7 reflect-client # ospf 1 router-id 10.0.5.5 area 0.0.0.0 network 10.0.5.5 0.0.0.0 network 10.0.45.5 0.0.0.0 network 10.0.57.5 0.0.0.0 # return
display current-configuration # sysname R6 # acl number 2000 rule 5 permit source 10.0.7.7 0 acl number 2001 rule 5 permit source 172.16.20.0 0.0.0.255 # interface GigabitEthernet0/0/0 ip address 10.0.36.6 255.255.255.0 # interface GigabitEthernet0/0/1 ip address 10.0.67.6 255.255.255.0 # interface GigabitEthernet0/0/2 ip address 10.0.46.6 255.255.255.0
2015-8-31
Huawei Confidential
Page 97 of 226
RIP Hands-on Exercise Guide
Confidentiality Level
ospf cost 100 # interface LoopBack0 ip address 10.0.6.6 255.255.255.255 # bgp 400 router-id 10.0.6.6 peer 10.0.4.4 as-number 400 peer 10.0.4.4 connect-interface LoopBack0 peer 10.0.7.7 as-number 400 peer 10.0.7.7 connect-interface LoopBack0 peer 10.0.7.7 listen-only peer 10.0.36.3 as-number 300 # ipv4-family unicast undo synchronization preference 255 100 255 network 10.0.6.6 255.255.255.255 import-route ospf 1 route-policy O2B peer 10.0.4.4 enable peer 10.0.4.4 next-hop-local peer 10.0.4.4 route-policy local export peer 10.0.7.7 enable peer 10.0.7.7 next-hop-local peer 10.0.36.3 enable # ospf 1 router-id 10.0.6.6 import-route bgp route-policy B2O area 0.0.0.0
2015-8-31
Huawei Confidential
Page 98 of 226
RIP Hands-on Exercise Guide
Confidentiality Level
network 10.0.6.6 0.0.0.0 network 10.0.46.6 0.0.0.0 network 10.0.67.6 0.0.0.0 # route-policy O2B permit node 10 if-match acl 2000 # route-policy B2O permit node 10 if-match acl 2001 # route-policy local permit node 10 if-match acl 2001 apply ip-address next-hop 10.0.46.6 # route-policy local permit node 20 # return
display current-configuration # sysname R7 # acl number 2000 rule 5 permit source 192.168.20.0 0.0.0.255 # interface GigabitEthernet0/0/0 ip address 10.0.67.7 255.255.255.0 # interface GigabitEthernet0/0/1
2015-8-31
Huawei Confidential
Page 99 of 226
RIP Hands-on Exercise Guide
Confidentiality Level
ip address 10.0.57.7 255.255.255.0 # interface LoopBack0 ip address 10.0.7.7 255.255.255.255 # bgp 400 router-id 10.0.7.7 peer 10.0.5.5 as-number 400 peer 10.0.5.5 connect-interface LoopBack0 peer 10.0.6.6 as-number 400 peer 10.0.6.6 connect-interface LoopBack0 peer 10.0.6.6 listen-only # ipv4-family unicast undo synchronization reflector cluster-id 2 reflect change-path-attribute network 10.0.7.7 255.255.255.255 peer 10.0.5.5 enable peer 10.0.5.5 reflect-client peer 10.0.6.6 enable peer 10.0.6.6 route-policy next export peer 10.0.6.6 reflect-client # ospf 1 router-id 10.0.7.7 area 0.0.0.0 network 10.0.7.7 0.0.0.0 network 10.0.57.7 0.0.0.0 network 10.0.67.7 0.0.0.0
2015-8-31
Huawei Confidential
Page 100 of 226
RIP Hands-on Exercise Guide
Confidentiality Level
# route-policy next permit node 10 if-match acl 2000 apply ip-address next-hop 10.0.7.7 # route-policy next permit node 20 # return
Chapter 6 Route Import and Control Hands-on Exercise Guide Overview You can configure route importing to enable protocols to exchange routing information. Due to ever changing network environments, design defects, or misoperations, routing loops may occur and sub-optimal routes may be generated. In this situation, network resources are wasted, and communication failures may even occur. To prevent these problems, add some matching conditions during route importing and use route policies for route control. Route policies use different matching conditions and matching modes to select routes and change route attributes. A route policy may consist of multiple nodes. Each node has the permit or deny action. A route policy can reference other route selection tools such as ACL and IP prefix list.
Objectives
Upon completion of this exercise guide, you will be able to: Configure an ACL and an IP prefix list. Configure a route policy. Filter routes in OSPF. Filter routes in IS-IS. Configure route importing in different scenarios. Understand why routing loops occur. Prevent routing loops.
Tasks The topology shows the network of a company. OSPF runs in the company's headquarters, and IS-IS runs in the company's branch. The headquarters and branch have some service network segments. Network segments 172.16.1.0/24, 172.16.3.0/24, 192.168.1.0/24, and 192.168.3.0/24 are service A network segments, and network segments 172.16.2.0/24, 172.16.4.0/24, 192.168.2.0/24, and 192.168.43.0/24 are service B network segments. Deploy the network according to the following requirements: (1) Build an OSPF network for the headquarters and an IS-IS network for the branch according to the topology. Minimize the number of routing entries to be maintained by the devices in OSPF 2015-8-31
Huawei Confidential
Page 101 of 226
RIP Hands-on Exercise Guide
Confidentiality Level
Area 1. (2) Import IS-IS routes on R1 into OSPF, and import OSPF routes on R2 into IS-IS. Perform correct commissioning to ensure that service network segments communicate normally. (3) Deploy bidirectional route importing on R1 and R2 to prevent single-point failures between the headquarters and branch from resulting in network disconnection. Perform correct commissioning to ensure that service network segments communicate normally. (4) Implement load balancing on traffic between the headquarters and branch to ensure that traffic of service A is forwarded through R1, and traffic of service B is forwarded through R2. (5) Forward traffic of service A and traffic of service B in OSPF Area 1 of the headquarters using different links to implement load balancing. Do not use any route policy.
Topology
IP Address Table Device
R1
R2
R3
R4
2015-8-31
Default
Interface
IP Address
Subnet Mask
G 0/0/0
10.0.13.1
255.255.255.0
N/A
G 0/0/1
10.0.14.1
255.255.255.0
N/A
Loopback 0
10.0.1.1
255.255.255.255
N/A
G 0/0/0
10.0.23.2
255.255.255.0
N/A
G 0/0/1
10.0.24.2
255.255.255.0
N/A
Loopback 0
10.0.2.2
255.255.255.255
N/A
G 0/0/0
10.0.13.3
255.255.255.0
N/A
G 0/0/1
10.0.23.3
255.255.255.0
N/A
Loopback 0
10.0.3.3
255.255.255.255
N/A
G 0/0/0
10.0.14.4
255.255.255.0
N/A
G 0/0/1
10.0.24.4
255.255.255.0
N/A
S 1/0/0
10.0.45.4
255.255.255.0
N/A
Huawei Confidential
Gateway
Page 102 of 226
RIP Hands-on Exercise Guide
Confidentiality Level
S 1/0/1
10.0.54.4
255.255.255.0
N/A
Loopback 0
10.0.4.4
255.255.255.255
N/A
S 1/0/0
10.0.45.5
255.255.255.0
N/A
S 1/0/1
10.0.54.5
255.255.255.0
N/A
Loopback 0
10.0.5.5
255.255.255.255
N/A
R5
Configuration and Verification 1.
Build an OSPF network for the headquarters and an IS-IS network for the branch according to the topology. Minimize the number of routing entries to be maintained by the devices in OSPF Area 1. Perform basic configuration according to the IP address table, and then check the establishment of OSPF and IS-IS neighbor relationships. display ospf peer OSPF Process 1 with Router ID 10.0.1.1 Neighbors Area 0.0.0.0 interface 10.0.14.1(GigabitEthernet0/0/1)'s neighbors Router ID: 10.0.4.4 State: Full
Address: 10.0.14.4
Mode:Nbr is
DR: 10.0.14.1
Master
BDR: 10.0.14.4
Dead timer due in 39
Priority: 1
MTU: 0
sec
Retrans timer interval: 5 Neighbor is up for 03:13:21 Authentication Sequence: [ 0 ]
display isis peer Peer information for ISIS(1) System Id
Interface
Circuit Id
State HoldTime Type
PRI
------------------------------------------------------------------------0000.0000.0003
GE0/0/0
0000.0000.0003.01 Up
8s
L1(L1L2) 64
0000.0000.0003
GE0/0/0
0000.0000.0003.01 Up
7s
L2(L1L2) 64
Total Peer(s): 2
2015-8-31
Huawei Confidential
Page 103 of 226
RIP Hands-on Exercise Guide
2.
Confidentiality Level
Import IS-IS routes on R1 into OSPF, and import OSPF routes on R2 into IS-IS. Perform correct commissioning to ensure that service network segments communicate normally. Note: ISIS need wide metric to carry tag with route. Pay attention to the external ospf route imported by R5. After configuration, we can see that R1 has imported the ISIS route by check the LSDB on R4 ; also we can see R2 has imported the OSPF route . display ospf lsdb OSPF Process 1 with Router ID 10.0.4.4 AS External Database Type
LinkState ID
AdvRouter
Age
Len
Sequence
Metric
External
172.16.4.0
10.0.4.4
1558
36
80000001
1
External
172.16.2.0
10.0.4.4
1558
36
80000001
1
External
172.16.3.0
10.0.4.4
1558
36
80000001
1
External
172.16.1.0
10.0.4.4
1558
36
80000001
1
External
192.168.4.0
10.0.1.1
824
36
80000001
1
External
192.168.2.0
10.0.1.1
824
36
80000001
1
External
192.168.3.0
10.0.1.1
824
36
80000001
1
External
192.168.1.0
10.0.1.1
825
36
80000001
1
……
display isis lsdb level-2 Database information for ISIS(1) Level-2 Link State Database LSPID
Seq Num
Checksum
Holdtime
Length
ATT/P/OL
0000.0000.0002.00-00
0x0000001b
0x23f
1024
80
0/0/0
0000.0000.0002.00-01
0x00000002
0x375f
1024
213
0/0/0
……
display isis lsdb level-2 0000.0000.0002.00-01 ver Database information for ISIS(1) Level-2 Link State Database
2015-8-31
Huawei Confidential
Page 104 of 226
RIP Hands-on Exercise Guide LSPID
Seq Num
0000.0000.0002.00-01 SOURCE
Confidentiality Level Checksum
0x00000002
Holdtime
0x375f
865
Length 213
ATT/P/OL 0/0/0
0000.0000.0002.00
……. +IP-Extended
172.16.1.0
255.255.255.0
COST: 0
Tag: 200
+IP-Extended
172.16.2.0
255.255.255.0
COST: 0
Tag: 200
+IP-Extended
172.16.3.0
255.255.255.0
COST: 0
Tag: 200
+IP-Extended
172.16.4.0
255.255.255.0
COST: 0
Tag: 200
Total LSP(s): 1 *(In TLV)-Leaking Route, *(By LSPID)-Self LSP, +-Self LSP(Extended), ATT-Attached, P-Partition, OL-Overload
3.
Deploy bidirectional route importing on R1 and R2 to prevent single-point failures between the headquarters and branch from resulting in network disconnection. Perform correct commissioning to ensure that service network segments communicate normally. Note: the solution is the same as the before.
4.
Implement load balancing on traffic between the headquarters and branch to ensure that traffic of service A is forwarded through R1, and traffic of service B is forwarded through R2. Note: we can apply cost to specified routes when import route. display ip routing-table Destination/Mask
Proto
Pre
Cost
Flags NextHop
Interface
172.16.1.0/24
ISIS-L2 15
110
D
10.0.13.1
GigabitEthernet0/0/0
172.16.2.0/24
ISIS-L2 15
110
D
10.0.23.2
GigabitEthernet0/0/1
172.16.3.0/24
ISIS-L2 15
110
D
10.0.13.1
GigabitEthernet0/0/0
172.16.4.0/24
ISIS-L2 15
110
D
10.0.23.2
GigabitEthernet0/0/1
……
display ip routing-table Destination/Mask 192.168.1.0/24
2015-8-31
Proto O_ASE
Pre 150
Cost
100
Flags NextHop D
Huawei Confidential
10.0.14.1
Interface GigabitEthernet0/0/0
Page 105 of 226
RIP Hands-on Exercise Guide
Confidentiality Level
192.168.2.0/24
O_ASE
150
100
D
10.0.24.2
GigabitEthernet0/0/1
192.168.3.0/24
O_ASE
150
100
D
10.0.14.1
GigabitEthernet0/0/0
192.168.4.0/24
O_ASE
150
100
D
10.0.24.2
GigabitEthernet0/0/1
……
5.
Forward traffic of service A and traffic of service B in OSPF Area 1 of the headquarters using different links to implement load balancing. Do not use any route policy. Note: Use policy route. In this requirement we need to use interface policy route. display traffic policy user-defined User Defined Traffic Policy Information: Policy: loadbalance Classifier: serviceA Operator: OR Behavior: SAbeh Redirect: Redirect ip-nexthop 10.0.45.5 Classifier: serviceB Operator: OR Behavior: SBbeh Redirect: Redirect ip-nexthop 10.0.54.5
display traffic policy user-defined User Defined Traffic Policy Information: Policy: loadbalance Classifier: serviceA Operator: OR Behavior: SAbeh Redirect:
2015-8-31
Huawei Confidential
Page 106 of 226
RIP Hands-on Exercise Guide
Confidentiality Level
Redirect ip-nexthop 10.0.45.4 Classifier: serviceB Operator: OR Behavior: SBbeh Redirect: Redirect ip-nexthop 10.0.54.4
Questions Which problems will occur on the network after requirement 2 is met and how many methods are available to solve the problems? Which problems will occur on the network after requirement 3 is met? Why do these problems occur? What are the differences between the problems in requirement 2 and requirement 3? How many methods are available to meet requirement 4 and how to select a correct method? What problem occurs on the network after requirement 5 is met and why do these problems occur?
Configuration List display current-configuration # sysname R1 # router id 10.0.1.1 # acl number 2000 rule 10 permit source 172.16.1.0 0.0.2.0 acl number 2001 rule 10 permit source 172.16.0.0 0.0.6.0 acl number 2010 rule 10 permit source 192.168.1.0 0.0.2.0 acl number 2011 rule 10 permit source 192.168.0.0 0.0.6.0
2015-8-31
Huawei Confidential
Page 107 of 226
RIP Hands-on Exercise Guide
Confidentiality Level
# isis 1 cost-style wide network-entity 10.0000.0000.0001.00 import-route ospf 1 route-policy OSPF-TO-ISIS # interface GigabitEthernet0/0/0 ip address 10.0.13.1 255.255.255.0 isis enable 1 # interface GigabitEthernet0/0/1 ip address 10.0.14.1 255.255.255.0 # interface LoopBack0 ip address 10.0.1.1 255.255.255.255 # ospf 1 import-route isis 1 route-policy ISIS-TO-OSPF preference ase route-policy OSPF-PREFERENCE 150 area 0.0.0.0 network 10.0.1.1 0.0.0.0 network 10.0.14.0 0.0.0.255 # route-policy ISIS-TO-OSPF deny node 10 if-match tag 200 # route-policy ISIS-TO-OSPF permit node 20 if-match acl 2010 apply cost 100
2015-8-31
Huawei Confidential
Page 108 of 226
RIP Hands-on Exercise Guide
Confidentiality Level
apply tag 100 # route-policy ISIS-TO-OSPF permit node 30 if-match acl 2011 apply cost 500 apply tag 100 # route-policy ISIS-TO-OSPF permit node 40 apply tag 100 # route-policy OSPF-TO-ISIS deny node 10 if-match tag 400 # route-policy OSPF-TO-ISIS permit node 20 if-match acl 2000 apply cost 100 apply tag 300 # route-policy OSPF-TO-ISIS permit node 30 if-match acl 2001 apply cost 500 apply tag 300 # route-policy OSPF-TO-ISIS permit node 40 apply tag 300 # route-policy OSPF-PREFERENCE permit node 10 if-match tag 55 apply preference 12
2015-8-31
Huawei Confidential
Page 109 of 226
RIP Hands-on Exercise Guide
Confidentiality Level
# return
display current-configuration # sysname R2 # acl number 2000 rule 10 permit source 172.16.1.0 0.0.2.0 acl number 2001 rule 10 permit source 172.16.0.0 0.0.6.0 acl number 2010 rule 10 permit source 192.168.1.0 0.0.2.0 acl number 2011 rule 10 permit source 192.168.0.0 0.0.6.0 # isis 1 cost-style wide network-entity 10.0000.0000.0002.00 import-route ospf 1 route-policy OSPF-TO-ISIS # interface GigabitEthernet0/0/0 ip address 10.0.23.2 255.255.255.0 isis enable 1 # interface GigabitEthernet0/0/1 ip address 10.0.24.2 255.255.255.0 # interface LoopBack0
2015-8-31
Huawei Confidential
Page 110 of 226
RIP Hands-on Exercise Guide
Confidentiality Level
ip address 10.0.2.2 255.255.255.255 # ospf 1 import-route isis 1 route-policy ISIS-TO-OSPF preference ase route-policy OSPF-PREFERENCE 150 area 0.0.0.0 network 10.0.2.2 0.0.0.0 network 10.0.24.0 0.0.0.255 # route-policy OSPF-TO-ISIS deny node 10 if-match tag 100 # route-policy OSPF-TO-ISIS permit node 20 if-match acl 2000 apply cost 500 apply tag 200 # route-policy OSPF-TO-ISIS permit node 30 if-match acl 2001 apply cost 100 apply tag 200 # route-policy OSPF-TO-ISIS permit node 40 apply tag 200 # route-policy ISIS-TO-OSPF deny node 10 if-match tag 300 # route-policy ISIS-TO-OSPF permit node 20
2015-8-31
Huawei Confidential
Page 111 of 226
RIP Hands-on Exercise Guide
Confidentiality Level
if-match acl 2010 apply cost 500 apply tag 400 # route-policy ISIS-TO-OSPF permit node 30 if-match acl 2011 apply cost 100 apply tag 400 # route-policy ISIS-TO-OSPF permit node 40 apply tag 400 # route-policy OSPF-PREFERENCE permit node 10 if-match tag 55 apply preference 12 return
display current-configuration # sysname R3 # isis 1 cost-style wide network-entity 10.0000.0000.0003.00 import-route direct route-policy dirin # interface GigabitEthernet0/0/0 ip address 10.0.13.3 255.255.255.0 isis enable 1
2015-8-31
Huawei Confidential
Page 112 of 226
RIP Hands-on Exercise Guide
Confidentiality Level
# interface GigabitEthernet0/0/1 ip address 10.0.23.3 255.255.255.0 isis enable 1 # interface GigabitEthernet0/0/2 ip address 192.168.1.1 255.255.255.0 ip address 192.168.2.1 255.255.255.0 sub ip address 192.168.3.1 255.255.255.0 sub ip address 192.168.4.1 255.255.255.0 sub # interface LoopBack0 ip address 10.0.3.3 255.255.255.255 isis enable 1 # route-policy dirin permit node 20 if-match interface GigabitEthernet0/0/2 # return
display current-configuration # sysname R4 # acl number 2000 rule 10 permit source 192.168.1.0 0.0.2.255 acl number 2001 rule 10 permit source 192.168.0.0 0.0.6.255 #
2015-8-31
Huawei Confidential
Page 113 of 226
RIP Hands-on Exercise Guide
Confidentiality Level
traffic classifier serviceA operator or if-match acl 2000 traffic classifier serviceB operator or if-match acl 2001 # traffic behavior SAbeh redirect ip-nexthop 10.0.45.5 traffic behavior SBbeh redirect ip-nexthop 10.0.54.5 # traffic policy loadbalance classifier serviceA behavior SAbeh classifier serviceB behavior SBbeh # interface Serial1/0/0 link-protocol ppp ip address 10.0.45.4 255.255.255.0 # interface Serial1/0/1 link-protocol ppp ip address 10.0.54.4 255.255.255.0 # interface GigabitEthernet0/0/0 ip address 10.0.14.4 255.255.255.0 traffic-policy loadbalance inbound # interface GigabitEthernet0/0/1 ip address 10.0.24.4 255.255.255.0 traffic-policy loadbalance inbound
2015-8-31
Huawei Confidential
Page 114 of 226
RIP Hands-on Exercise Guide
Confidentiality Level
# interface LoopBack0 ip address 10.0.4.4 255.255.255.255 # ospf 1 area 0.0.0.0 network 10.0.4.4 0.0.0.0 network 10.0.14.0 0.0.0.255 network 10.0.24.0 0.0.0.255 area 0.0.0.1 network 10.0.45.0 0.0.0.255 network 10.0.54.0 0.0.0.255 nssa no-summary # return
display current-configuration # sysname R5 # acl number 2000 rule 10 permit source 172.16.1.0 0.0.2.255 acl number 2001 rule 10 permit source 172.16.0.0 0.0.6.255 # traffic classifier serviceA operator or if-match acl 2000 traffic classifier serviceB operator or if-match acl 2001
2015-8-31
Huawei Confidential
Page 115 of 226
RIP Hands-on Exercise Guide
Confidentiality Level
# traffic behavior SAbeh redirect ip-nexthop 10.0.45.4 traffic behavior SBbeh redirect ip-nexthop 10.0.54.4 # traffic policy loadbalance classifier serviceA behavior SAbeh classifier serviceB behavior SBbeh # interface Serial1/0/0 link-protocol ppp ip address 10.0.45.5 255.255.255.0 # interface Serial1/0/1 link-protocol ppp ip address 10.0.54.5 255.255.255.0 # interface GigabitEthernet0/0/2 ip address 172.16.1.1 255.255.255.0 ip address 172.16.2.1 255.255.255.0 sub ip address 172.16.3.1 255.255.255.0 sub ip address 172.16.4.1 255.255.255.0 sub traffic-policy loadbalance inbound # interface LoopBack0 ip address 10.0.5.5 255.255.255.255 # ospf 1
2015-8-31
Huawei Confidential
Page 116 of 226
RIP Hands-on Exercise Guide
Confidentiality Level
import-route direct route-policy dirin area 0.0.0.1 network 10.0.5.5 0.0.0.0 network 10.0.45.0 0.0.0.255 network 10.0.54.0 0.0.0.255 nssa no-summary # route-policy dirin permit node 10 if-match interface GigabitEthernet0/0/2 apply tag 55 # return
Chapter 7 VLAN Hands-on Exercise Guide Overview The Virtual Local Area Network (VLAN) technology divides a physical LAN into multiple broadcast domains (VLANs). Hosts within a VLAN can communicate with each other, whereas hosts in different VLANs cannot communicate with each other. As a result, broadcast packets are limited into each VLAN. VLANs can be assigned based on ports, MAC addresses, IP subnets, network protocols, and policies. Different VLAN packets are encapsulated using 802.1Q, differentiated based on the tag field, and processed according to port attributes. There are enhanced features such as VLAN aggregation and MUX VLAN.
Objectives
Upon completion of this exercise guide, you will be able to: Explain VLAN assignment modes. Configure VLAN aggregation. Configure MUX VLAN. Configure inter-VLAN communication. Configure port isolation.
Tasks The following topology shows the network of company A. Deploy the network according to the following requirements: (1) Create VLANs 12, 13, 24, 112, 103, 212, 312, 334, 305, 401, and 402 on SW1, SW2, SW3, and SW4. (2) Add E0/0/1 and E0/0/2 on SW1 to VLAN 112 and E0/0/3 to VLAN 103. 2015-8-31
Huawei Confidential
Page 117 of 226
RIP Hands-on Exercise Guide
Confidentiality Level
(3) Add E0/0/1 and E0/0/2 on SW2 to VLAN 212. (4) Add E0/0/1 and E0/0/2 on SW3 to VLAN 312, E0/0/3 and E0/0/4 to VLAN 334, and E0/0/5 to VLAN 305. (5) On SW4, add PC41 with the MAC address of 5489-98CF-447F and IP address of 4.1.1.1 to VLAN 401, and PC42 with the MAC address of 5489-98CF-E17D and IP address of 4.2.2.2 to VLAN 402. (6) On SW1, implement Layer 2 isolation and Layer 3 forwarding between VLAN 112 and VLAN 103. Create VLAN 104 and assign the IP address of 1.0.0.254/24 to VLANIF 104. (7) On SW2, implement Layer 2 isolation and Layer 3 connectivity between PC21 and PC22 in VLAN 212. Create VLAN 212 and assign the IP address of 2.0.0.254/24 to VLANIF 212. (8) On SW3, enable devices in VLAN 312 and VLAN 334 to communicate with devices in VLAN 305. Enable isolation between VLAN 312 and VLAN 334, and prevent PC33 and PC34 in VLAN 334 from communicating with one another. (9) On SW4, implement communication between VLAN 401 and VLAN 402. Assign IP addresses of 4.1.1.254/24 and 4.2.2.254/24 to VLANIF 401 and VLANIF 402. (10) Enable PCs in VLAN 312, VLAN 334, and VLAN 305 to exchange information with VLANIF 305 on SW4. (11) Create VLANIF interfaces according to the network topology. Configure interface attributes, and configure interfaces to allow VLANs 12, 13, 24, 112, 103, 212, 312, 334, 305, 、401 and 402. (12) Run RIPv2 and disable RIP summarization on SW1, SW2, SW3, and SW4. Enable SW1 to advertise routes of VLANIF 12, VLANIF 13, and VLANIF 104 to RIPv2. Enable SW2 to advertise routes of VLANIF 12, VLANIF 24, and VLANIF 202 to RIPv2. Enable SW3 to advertise routes of VLANIF 13 to RIP, and enable SW4 to advertise routes of VLANIF 24, VLANIF 305, VLANIF 401, and VLANIF 402 to RIPv2. Implement communication between the different network segments.
2015-8-31
Huawei Confidential
Page 118 of 226
RIP Hands-on Exercise Guide
Confidentiality Level
Topology
IP Address Table Device
Default
Interface
IP Address
Subnet Mask
VLANIF 12
12.1.1.1
255.255.255.0
N/A
VLANIF 13
13.1.1.1
255.255.255.0
N/A
VLANIF 104
1.0.0.254
255.255.255.0
N/A
VLANIF 12
12.1.1.2
255.255.255.0
N/A
VLANIF 24
24.1.1.2
255.255.255.0
N/A
VLANIF 212
2.0.0.254
255.255.255.0
N/A
VLANIF 13
13.1.1.3
255.255.255.0
N/A
VLANIF 24
24.1.1.4
255.255.255.0
N/A
VLANIF 305
3.0.0.254
255.255.255.0
N/A
VLANIF 401
4.1.1.254
255.255.255.0
N/A
VLANIF 402
4.2.2.254
255.255.255.0
N/A
PC11
E0/0/1
1.0.0.1
255.255.255.0
N/A
PC12
E0/0/1
1.0.0.2
255.255.255.0
N/A
PC13
E0/0/1
1.0.0.3
255.255.255.0
N/A
SW1
SW2
SW3
SW4
2015-8-31
Huawei Confidential
Gateway
Page 119 of 226
RIP Hands-on Exercise Guide
Confidentiality Level
PC21
E0/0/1
2.0.0.1
255.255.255.0
N/A
PC22
E0/0/1
2.0.0.2
255.255.255.0
N/A
PC31
E0/0/1
3.0.0.1
255.255.255.0
N/A
PC32
E0/0/1
3.0.0.2
255.255.255.0
N/A
PC33
E0/0/1
3.0.0.3
255.255.255.0
N/A
PC34
E0/0/1
3.0.0.4
255.255.255.0
N/A
PC35
E0/0/1
3.0.0.5
255.255.255.0
N/A
PC41
E0/0/1
4.1.1.1
255.255.255.0
4.1.1.254
PC42
E0/0/1
4.2.2.2
255.255.255.0
4.2.2.254
Configuration and Verification 1.
Create VLANs 12, 13, 24, 112, 103, 212, 312, 334, 305, 、401 and 402 on SW1, SW2, SW3, and SW4. Configure VLANs and run the display vlan summary command to check the summary of VLANs. The display on SW1 is used as an example. (The following table lists only key information, and as such some information is omitted.) [SW1]display vlan summary static vlan: Total 12 static vlan. 1 12 to 13 24 103 112 212 305 312 334 401 to 402 dynamic vlan: Total 0 dynamic vlan. reserved vlan: Total 0 reserved vlan.
Perform the configuration according to the requirements and prevent configuration errors.
2.
Add E0/0/1 and E0/0/2 on SW1 to VLAN 112 and E0/0/3 to VLAN 103. After this operation is performed, run the display vlan command to check information about interfaces in VLANs. The display on SW1 is used as an example. (The following table lists only key information, and as such some information is omitted.) [SW1]display vlan VID
Type
Ports
--------------------------------------------------------------------------------
2015-8-31
Huawei Confidential
Page 120 of 226
RIP Hands-on Exercise Guide 1
common
UT:Eth0/0/2(U)
Confidentiality Level Eth0/0/4(D)
Eth0/0/5(D)
Eth0/0/6(D)
Eth0/0/7(D)
Eth0/0/8(D)
Eth0/0/9(D)
Eth0/0/11(U)
Eth0/0/12(D)
Eth0/0/13(D)
Eth0/0/14(D)
Eth0/0/15(D)
Eth0/0/16(D)
Eth0/0/17(D)
Eth0/0/18(D)
Eth0/0/19(D)
Eth0/0/20(D)
Eth0/0/21(D)
Eth0/0/22(D)
GE0/0/1(D)
GE0/0/2(D)
12
common
13
common
24
common
103
common
UT:Eth0/0/3(U)
112
common
UT:Eth0/0/1(U)
Eth0/0/10(U)
Eth0/0/2(U)
To meet the requirements, use interface-based VLAN assignment. Run the display vlan vlan id command to verify the result.
3.
Add E0/0/1 and E0/0/2 on SW2 to VLAN 212. After this operation is performed, run the display vlan command to check information about interface-based VLAN assignment. The display on SW2 is used as an example. [SW2]display vlan VID
Type
Ports
-------------------------------------------------------------------------------1
common
12
common
13
common
24
common
103
common
112
common
2015-8-31
UT:Eth0/0/3(D)
Eth0/0/4(D)
Eth0/0/5(D)
Eth0/0/6(D)
Eth0/0/7(D)
Eth0/0/8(D)
Eth0/0/9(D)
Eth0/0/11(U)
Eth0/0/12(D)
Eth0/0/13(D)
Eth0/0/14(D)
Eth0/0/15(D)
Eth0/0/16(D)
Eth0/0/17(D)
Eth0/0/18(D)
Eth0/0/19(D)
Eth0/0/20(D)
Eth0/0/21(D)
Eth0/0/22(D)
GE0/0/1(D)
GE0/0/2(D)
Huawei Confidential
Eth0/0/10(U)
Page 121 of 226
RIP Hands-on Exercise Guide 212
common
UT:Eth0/0/1(U)
Confidentiality Level Eth0/0/2(U)
Run the display vlan vlan id command to verify the result.
4.
Add E0/0/1 and E0/0/2 on SW3 to VLAN 312, E0/0/3 and E0/0/4 to VLAN 334, and E0/0/5 to VLAN 305. After this operation is performed, run the display vlan command to check information about VLAN assignment. The display on SW3 is used as an example. [SW3]display vlan The total number of vlans is : 12 -------------------------------------------------------------------------------U: Up;
D: Down;
TG: Tagged;
MP: Vlan-mapping;
UT: Untagged;
ST: Vlan-stacking;
#: ProtocolTransparent-vlan;
*: Management-vlan;
-------------------------------------------------------------------------------VID
Type
Ports
-------------------------------------------------------------------------------1
5.
common
UT:Eth0/0/6(D)
Eth0/0/7(D)
Eth0/0/8(D)
Eth0/0/9(D)
Eth0/0/10(U)
Eth0/0/11(U)
Eth0/0/12(D)
Eth0/0/13(D)
Eth0/0/14(D)
Eth0/0/15(D)
Eth0/0/16(D)
Eth0/0/17(D)
Eth0/0/18(D)
Eth0/0/19(D)
Eth0/0/20(D)
Eth0/0/21(D)
Eth0/0/22(D)
GE0/0/1(D)
GE0/0/2(D)
12
common
13
common
24
common
103
common
112
common
212
common
305
common
UT:Eth0/0/5(U)
312
common
UT:Eth0/0/1(U)
Eth0/0/2(U)
334
common
UT:Eth0/0/3(U)
Eth0/0/4(U)
On SW4, add PC41 with the MAC address of 5489-98CF-447F and IP 2015-8-31
Huawei Confidential
Page 122 of 226
RIP Hands-on Exercise Guide
Confidentiality Level
address of 4.1.1.1 to VLAN 401, and PC42 with the MAC address of 5489-98CF-E17D and IP address of 4.2.2.2 to VLAN 402. After this operation is performed, run the display policy-vlan all command on SW4 to check the current policy-based VLAN assignment. [SW4]display policy-vlan all -----------------------------------------------------------------------MacAddress
IPAddress
Port
Vlan
Priority
-----------------------------------------------------------------------5489-98cf-447f
4.1.1.1
NA
401
0
5489-98cf-e17d
4.2.2.2
NA
402
0
------------------------------------------------------------------------
VLANs can be assigned based on ports, MAC addresses, IP subnets, network protocols, and policies. Determine the VLAN assignment mode according to the requirements. During VLAN assignment, pay attention to interface attributes. Run the display vlan command to verify the result.
6.
On SW1, implement Layer 2 isolation and Layer 3 forwarding between VLAN 112 and VLAN 103. Create VLAN 104 and assign the IP address of 1.0.0.254/24 to VLANIF 104. Note:when we want to forward packet between two separated different vlans, inter-vlan arp-proxy need to be enabled. After this operation is performed, run the display sub-vlan or display super-vlan command on SW4 to check sub-VLANs or super-VLANs. [SW1]display sub-vlan VLAN ID
Super-vlan
-------------------------------------------------------------------------------103
104
112
104
[SW1]display super-vlan VLAN ID
Sub-vlan
-------------------------------------------------------------------------------104
103 112
After the configuration is complete, perform connectivity test for VLAN 112 and VLAN 103.
7.
On SW2, implement Layer 2 isolation and Layer 3 connectivity between 2015-8-31
Huawei Confidential
Page 123 of 226
RIP Hands-on Exercise Guide
Confidentiality Level
PC21 and PC22 in VLAN 212. Create VLAN 212 and assign the IP address of 2.0.0.254/24 to VLANIF 212. Note:when we want to forward packet between two separated ports inside one vlan, inner-vlan arp-proxy need to be enabled. After this operation is performed, run the display port-isolate command to verify the configuration. [SW2]display port-isolate group all The ports in isolate group 1: Ethernet0/0/1
Ethernet0/0/2
According to the requirement, isolation between VLANs needs to be configured. After this operation is performed, check whether PC21 can communicate with PC22.
8.
On SW3, enable devices in VLAN 312 and VLAN 334 to communicate with devices in VLAN 305. Enable isolation between VLAN 312 and VLAN 334, implement communication between PC31 and PC32 in VLAN 312, and prevent PC33 and PC34 in VLAN 334 from communicating with one another. After this operation is performed, check the results on SW4. [SW3]display mux-vlan Principal Subordinate Type
Interface
----------------------------------------------------------------------------305
-
principal
305
334
separate
305
312
group
Ethernet0/0/5 Ethernet0/0/3 Ethernet0/0/4 Ethernet0/0/1 Ethernet0/0/2
-----------------------------------------------------------------------------
Run the display vlan command to verify the result.
9.
On SW4, implement communication between VLAN 401 and VLAN 402. Assign IP addresses of 4.1.1.254/24 and 4.2.2.254/24 to VLANIF 401 and VLANIF 402. Note: for a PC to send packet to a destination out of the same network, the gateway address should be configured on the PC. After this operation is performed, run the ping command to check connectivity between VLANs. [PC41]ping 4.2.2.2 PING 4.2.2.2: 32
data bytes, press CTRL_C to break
Reply from 4.2.2.2: bytes=32 Sequence=1 ttl=127 time=16 ms Reply from 4.2.2.2: bytes=32 Sequence=2 ttl=127 time=16 ms
2015-8-31
Huawei Confidential
Page 124 of 226
RIP Hands-on Exercise Guide
Confidentiality Level
Reply from 4.2.2.2: bytes=32 Sequence=3 ttl=127 time=31 ms Reply from 4.2.2.2: bytes=32 Sequence=4 ttl=127 time=31 ms Reply from 4.2.2.2: bytes=32 Sequence=5 ttl=127 time=16 ms --- 4.2.2.2 ping statistics --5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 16/22/31 ms
You can use the router-on-a-stick and VLANIF interface to implement communication between VLANs.
10. Enable PCs in VLAN 312, VLAN 334, and VLAN 305 to exchange information with VLANIF 305 on SW4. After this operation is performed, run the ping command to check connectivity between VLANs. [PC31]ping 3.0.0.254 PING 3.0.0.254: 32
data bytes, press CTRL_C to break
Reply from 3.0.0.254: bytes=32 Sequence=1 ttl=255 time=63 ms Reply from 3.0.0.254: bytes=32 Sequence=2 ttl=255 time=62 ms Reply from 3.0.0.254: bytes=32 Sequence=3 ttl=255 time=47 ms Reply from 3.0.0.254: bytes=32 Sequence=4 ttl=255 time=47 ms Reply from 3.0.0.254: bytes=32 Sequence=5 ttl=255 time=31 ms --- 3.0.0.254 ping statistics --5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 31/50/63 ms
S4 becomes the gateway of the MUX VLAN to meet this requirement.
11. Create VLANIF interfaces according to the network topology. Configure interface attributes, and configure the interfaces to allow VLANs 12, 13, 24, 112, 103, 212, 312, 334, 305, 401 and 402. After this operation is performed, run the display vlan and display ip interface commands to check information about VLANs and IP addresses. The display on SW1 is used 2015-8-31
Huawei Confidential
Page 125 of 226
RIP Hands-on Exercise Guide
Confidentiality Level
as an example. (The following table lists only key information, and as such some information is omitted.) [SW1]display vlan The total number of vlans is : 13 -------------------------------------------------------------------------------U: Up;
D: Down;
TG: Tagged;
MP: Vlan-mapping;
UT: Untagged;
ST: Vlan-stacking;
#: ProtocolTransparent-vlan;
*: Management-vlan;
-------------------------------------------------------------------------------VID
Type
Ports
-------------------------------------------------------------------------------1
common
UT:Eth0/0/4(D)
Eth0/0/5(D)
Eth0/0/6(D)
Eth0/0/7(D)
Eth0/0/8(D)
Eth0/0/9(D)
Eth0/0/10(U)
Eth0/0/11(U)
Eth0/0/12(D)
Eth0/0/13(D)
Eth0/0/14(D)
Eth0/0/15(D)
Eth0/0/16(D)
Eth0/0/17(D)
Eth0/0/18(D)
Eth0/0/19(D)
Eth0/0/20(D)
Eth0/0/21(D)
Eth0/0/22(D)
GE0/0/1(D)
GE0/0/2(D) 12
common
TG:Eth0/0/10(U)
Eth0/0/11(U)
13
common
TG:Eth0/0/10(U)
Eth0/0/11(U)
24
common
TG:Eth0/0/10(U)
Eth0/0/11(U)
103
sub
UT:Eth0/0/3(U)
104
super
112
sub
TG:Eth0/0/10(U)
Eth0/0/11(U)
UT:Eth0/0/1(U)
Eth0/0/2(U)
TG:Eth0/0/10(U)
Eth0/0/11(U)
212
common
TG:Eth0/0/10(U)
Eth0/0/11(U)
305
common
TG:Eth0/0/10(U)
Eth0/0/11(U)
312
common
TG:Eth0/0/10(U)
Eth0/0/11(U)
334
common
TG:Eth0/0/10(U)
Eth0/0/11(U)
2015-8-31
Huawei Confidential
Page 126 of 226
RIP Hands-on Exercise Guide
Confidentiality Level
401
common
TG:Eth0/0/10(U)
Eth0/0/11(U)
402
common
TG:Eth0/0/10(U)
Eth0/0/11(U)
[SW1]display ip interface brief Interface
IP Address/Mask
Physical
Protocol
Vlanif12
12.1.1.1/24
up
up
Vlanif13
13.1.1.1/24
up
up
Vlanif104
1.0.0.254/24
up
up
12. Run RIPv2 and disable RIP summarization on SW1, SW2, SW3, and SW4. Enable SW1 to advertise routes of VLANIF 12, VLANIF 13, and VLANIF 104 to RIPv2. Enable SW2 to advertise routes of VLANIF 12, VLANIF 24, and VLANIF 202 to RIPv2. Enable SW3 to advertise routes of VLANIF 13 to RIP, and enable SW4 to advertise routes of VLANIF 24, VLANIF 305, VLANIF 401, and VLANIF 402 to RIPv2. Implement communication of different network segments. After this operation is performed, run the display ip routing-table command to check information about routes. The display on SW1 is used as an example. (The following table lists only key information, and as such some information is omitted.) Once verified, perform the ping operation. [SW1]display ip routing-table Destination/Mask
Proto
1.0.0.0/24
Direct
2.0.0.0/24
RIP
3.0.0.0/24
Pre 0
Cost
Flags NextHop
Interface
0
D
1.0.0.254
Vlanif104
100
1
D
12.1.1.2
Vlanif12
RIP
100
2
D
12.1.1.2
Vlanif12
4.1.1.0/24
RIP
100
2
D
12.1.1.2
Vlanif12
4.2.2.0/24
RIP
100
2
D
12.1.1.2
Vlanif12
12.1.1.0/24
Direct
0
0
D
12.1.1.1
Vlanif12
13.1.1.0/24
Direct
0
0
D
13.1.1.1
Vlanif13
24.1.1.0/24
RIP
1
D
12.1.1.2
Vlanif12
100
[PC11]ping 3.0.0.2 PING 3.0.0.2: 32
2015-8-31
data bytes, press CTRL_C to break
Huawei Confidential
Page 127 of 226
RIP Hands-on Exercise Guide
Confidentiality Level
Reply from 3.0.0.2: bytes=32 Sequence=1 ttl=125 time=140 ms Reply from 3.0.0.2: bytes=32 Sequence=2 ttl=125 time=125 ms Reply from 3.0.0.2: bytes=32 Sequence=3 ttl=125 time=125 ms Reply from 3.0.0.2: bytes=32 Sequence=4 ttl=125 time=94 ms Reply from 3.0.0.2: bytes=32 Sequence=5 ttl=125 time=109 ms --- 3.0.0.2 ping statistics --5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 94/118/140 ms
Questions Can multiple MAC addresses and IP addresses be associated with one VLAN for requirement 5? For requirement 10, why is VLANIF 305 on SW4 used as the gateway? Can an IP address be configured in the MUX VLAN?
Configuration List display current-configuration # sysname SW1 # vlan batch 12 to 13 24 103 to 104 112 212 305 312 334 401 to 402 # vlan 104 aggregate-vlan access-vlan 103 112 # interface Vlanif12 ip address 12.1.1.1 255.255.255.0 #
2015-8-31
Huawei Confidential
Page 128 of 226
RIP Hands-on Exercise Guide
Confidentiality Level
interface Vlanif13 ip address 13.1.1.1 255.255.255.0 # interface Vlanif104 ip address 1.0.0.254 255.255.255.0 arp-proxy inter-sub-vlan-proxy enable # interface Ethernet0/0/1 port link-type access port default vlan 112 # interface Ethernet0/0/2 port link-type access port default vlan 112 # interface Ethernet0/0/3 port link-type access port default vlan 103 # interface Ethernet0/0/10 port link-type trunk port trunk allow-pass vlan 12 to 13 24 103 112 212 305 312 334 401 to 402 # interface Ethernet0/0/11 port link-type trunk port trunk allow-pass vlan 12 to 13 24 103 112 212 305 312 334 401 to 402 # rip 1 undo summary
2015-8-31
Huawei Confidential
Page 129 of 226
RIP Hands-on Exercise Guide
Confidentiality Level
version 2 network 12.0.0.0 network 13.0.0.0 network 1.0.0.0 # return
display current-configuration # sysname SW2 # vlan batch 12 to 13 24 103 112 212 305 312 334 401 to 402 # interface Vlanif12 ip address 12.1.1.2 255.255.255.0 # interface Vlanif24 ip address 24.1.1.2 255.255.255.0 # interface Vlanif212 ip address 2.0.0.254 255.255.255.0 arp-proxy inner-sub-vlan-proxy enable # interface Ethernet0/0/1 port link-type access port default vlan 212 port-isolate enable group 1 # interface Ethernet0/0/2
2015-8-31
Huawei Confidential
Page 130 of 226
RIP Hands-on Exercise Guide
Confidentiality Level
port link-type access port default vlan 212 port-isolate enable group 1 # interface Ethernet0/0/10 port link-type trunk port trunk allow-pass vlan 12 to 13 24 103 112 212 305 312 334 401 to 402 # interface Ethernet0/0/11 port link-type trunk port trunk allow-pass vlan 12 to 13 24 103 112 212 305 312 334 401 to 402 # rip 1 undo summary version 2 network 12.0.0.0 network 24.0.0.0 network 2.0.0.0 # return
display current-configuration # sysname SW3 # vlan batch 12 to 13 24 103 112 212 305 312 334 401 to 402 # vlan 305 mux-vlan
2015-8-31
Huawei Confidential
Page 131 of 226
RIP Hands-on Exercise Guide
Confidentiality Level
subordinate separate 334 subordinate group 312 # interface Vlanif13 ip address 13.1.1.3 255.255.255.0 # interface Ethernet0/0/1 port link-type access port default vlan 312 port mux-vlan enable # interface Ethernet0/0/2 port link-type access port default vlan 312 port mux-vlan enable # interface Ethernet0/0/3 port link-type access port default vlan 334 port mux-vlan enable # interface Ethernet0/0/4 port link-type access port default vlan 334 port mux-vlan enable # interface Ethernet0/0/5 port link-type access port default vlan 305
2015-8-31
Huawei Confidential
Page 132 of 226
RIP Hands-on Exercise Guide
Confidentiality Level
port mux-vlan enable # interface Ethernet0/0/10 port link-type access port default vlan 305 port mux-vlan enable # interface Ethernet0/0/11 port link-type trunk port trunk allow-pass vlan 12 to 13 24 103 112 212 305 312 334 401 to 402 # rip 1 undo summary version 2 network 13.0.0.0 # return
display current-configuration # sysname SW4 # vlan batch 12 to 13 24 103 112 212 305 312 334 401 to 402 # vlan 401 policy-vlan mac-address 5489-98cf-447f ip 4.1.1.1 vlan 402 policy-vlan mac-address 5489-98cf-e17d ip 4.2.2.2 #
2015-8-31
Huawei Confidential
Page 133 of 226
RIP Hands-on Exercise Guide
Confidentiality Level
interface Vlanif24 ip address 24.1.1.4 255.255.255.0 # interface Vlanif305 ip address 3.0.0.254 255.255.255.0 # interface Vlanif401 ip address 4.1.1.254 255.255.255.0 # interface Vlanif402 ip address 4.2.2.254 255.255.255.0 # interface Ethernet0/0/1 port hybrid pvid vlan 401 port hybrid untagged vlan 401 # interface Ethernet0/0/2 port hybrid pvid vlan 402 port hybrid untagged vlan 402 # interface Ethernet0/0/10 port link-type access port default vlan 305 # interface Ethernet0/0/11 port link-type trunk port trunk allow-pass vlan 12 to 13 24 103 112 212 305 312 334 401 to 402 # rip 1
2015-8-31
Huawei Confidential
Page 134 of 226
RIP Hands-on Exercise Guide
Confidentiality Level
undo summary version 2 network 24.0.0.0 network 3.0.0.0 network 4.0.0.0 # return
Chapter 8 LAN Layer 2 Technology Hands-on Exercise Guide Overview LAN Layer 2 technologies include the Address Resolution Protocol (ARP), Media Access Control (MAC), Ethernet link aggregation, and Generic Attribute Registration Protocol (GARP) VLAN Registration Protocol (GVRP). ARP maps IP addresses to MAC addresses. Proxy ARP solves network connectivity problems. Gratuitous ARP enables a host to send an ARP Request packet using its own IP address as the destination address. A MAC address defines the position of a network device. A MAC address consists of 48 bits and is displayed as a 12-digit hexadecimal number. Bits 0 to 23 are assigned by IETF and other institutions to identify vendors, and bits 24 to 47 are the unique ID assigned by vendors to identify their network adapters. Ethernet link aggregation bundles multiple physical links to form a logical link to increase link bandwidth, improve reliability, and implement load balancing. Through GARP, GVRP is used to dynamically maintain VLAN attributes on devices. GVRP propagates VLAN attributes of one device throughout the entire switching network. GVRP enables network devices to dynamically deliver, register, and propagate VLAN attributes, thereby reducing workload of the network administrator and ensuring correct configuration.
Objectives
Upon completion of this exercise guide, you will be able to: Configure ARP broadcast. Configure the MAC address table. Configure link aggregation. Configure GVRP.
Tasks The following topology shows the network of company A. Deploy the network according to the following requirements: (1) Create VLAN 12 and VLAN 21 on SW1 and SW2, and create VLAN 34 on SW3 and SW4. (2) On SW2, add E0/0/11 to VLAN 12 and E0/0/12 to VLAN 21; add E0/0/13 on SW3 to VLAN 34; add E0/0/14 on SW4 to VLAN 34. 2015-8-31
Huawei Confidential
Page 135 of 226
RIP Hands-on Exercise Guide
Confidentiality Level
(3) Configure static LACP between SW1 and SW2, configure SW1 as the Actor and the link connected to E0/0/2 as the backup link, and set the timeout interval to 3 seconds. (4) Configure interconnected interfaces of switches as trunk interfaces and configure them to allow all VLANs. (5) Enable GVRP on each switch, SW3 never learn the VLAN information carried by GVRP, and implement communication between PC3 and PC4. (6) Implement communication between PC1 and PC2 through R1. (7) Set the maximum number of MAC addresses learned by E0/0/13 on SW3 to 2, and configure an interface in error-down state and enable the device to generate alarms when the number of learned MAC addresses reaches the limit. There is no need to consider MAC address loss after device restart.
Topology
IP Address Table Default
Interface
IP Address
Subnet Mask
G0/0/1.1
12.1.1.254
255.255.255.0
N/A
G0/0/1.2
21.1.1.254
255.255.255.0
N/A
PC1
/
12.1.1.1
255.255.255.0
12.1.1.254
PC2
/
21.1.1.1
255.255.255.0
21.1.1.254
PC3
/
34.1.1.3
255.255.255.0
N/A
PC4
/
34.1.1.4
255.255.255.0
N/A
Device
R1
Gateway
Configuration and Verification 1.
Create VLAN 12 and VLAN 21 on SW1 and SW2, and create VLAN 34 on SW3 and SW4. 2015-8-31
Huawei Confidential
Page 136 of 226
RIP Hands-on Exercise Guide
Confidentiality Level
After this operation is performed, run the display vlan summary command to check the summary of VLANs. The display on SW2 is used as an example. [SW2]display vlan summary static vlan: Total 3 static vlan. 1 12 21 dynamic vlan: Total 0 dynamic vlan. reserved vlan: Total 0 reserved vlan.
2.
On SW2, add E0/0/11 to VLAN 12 and E0/0/12 to VLAN 21; add E0/0/13 on SW3 to VLAN 34; add E0/0/14 on SW4 to VLAN 34. After this operation is performed, run the display vlan command to check information about interfaces and VLANs. The display on SW2 is used as an example. (The following table lists only key information, and as such some information is omitted.) [SW2]display vlan The total number of vlans is : 3 -------------------------------------------------------------------------------U: Up;
D: Down;
TG: Tagged;
MP: Vlan-mapping;
UT: Untagged;
ST: Vlan-stacking;
#: ProtocolTransparent-vlan;
*: Management-vlan;
-------------------------------------------------------------------------------VID
Type
Ports
-------------------------------------------------------------------------------1
12
common
common
2015-8-31
UT:Eth0/0/1(U)
Eth0/0/2(U)
Eth0/0/3(U)
Eth0/0/4(U)
Eth0/0/5(D)
Eth0/0/6(D)
Eth0/0/7(D)
Eth0/0/8(D)
Eth0/0/9(D)
Eth0/0/10(D)
Eth0/0/13(D)
Eth0/0/14(D)
Eth0/0/15(D)
Eth0/0/16(D)
Eth0/0/17(D)
Eth0/0/18(D)
Eth0/0/19(D)
Eth0/0/20(D)
Eth0/0/21(D)
Eth0/0/22(D)
GE0/0/1(D)
GE0/0/2(D)
UT:Eth0/0/11(U)
Huawei Confidential
Page 137 of 226
RIP Hands-on Exercise Guide 21
3.
common
Confidentiality Level
UT:Eth0/0/12(U)
Configure static LACP between SW1 and SW2, configure SW1 as the Actor and the link connected to E0/0/2 as the backup link, and set the timeout interval to 3 seconds. After this operation is performed, run the display eth-trunk command to check link aggregation information. The display on SW1 is used as an example. [SW1]display eth-trunk 12 Eth-Trunk12's state information is: Local: LAG ID: 12
WorkingMode: STATIC
Preempt Delay: Disabled
Hash arithmetic: According to SIP-XOR-DIP
System Priority: 0
System ID: 4c1f-cc3f-01c3
Least Active-linknumber: 1 Operate status: up
Max Active-linknumber: 1 Number Of Up Port In Trunk: 1
-------------------------------------------------------------------------------ActorPortName
Status
PortType PortPri PortNo PortKey PortState Weight
Ethernet0/0/1
Selected 1000TG
32768
2
3217
11111100
1
Ethernet0/0/2
Unselect 1000TG
65535
3
3217
11100000
1
Partner: -------------------------------------------------------------------------------ActorPortName
SysPri
SystemID
PortPri PortNo PortKey PortState
Ethernet0/0/1
32768
4c1f-cc3b-8582
32768
2
3217
11111100
Ethernet0/0/2
32768
4c1f-cc3b-8582
32768
3
3217
11110000
When configuring link aggregation, notice that the LACP timeout interval can use fast and slow modes. Run the display interface eth-trunk and display trunkfwdtbl eth-trunk commands to verify the result:
4.
Configure interconnected interfaces of switches as trunk interfaces and configure them to allow all VLANs. After this operation is performed, run the display vlan command to check VLAN information of SW2. [SW2]display vlan
2015-8-31
Huawei Confidential
Page 138 of 226
RIP Hands-on Exercise Guide
Confidentiality Level
The total number of vlans is : 3 -------------------------------------------------------------------------------U: Up;
D: Down;
TG: Tagged;
MP: Vlan-mapping;
UT: Untagged;
ST: Vlan-stacking;
#: ProtocolTransparent-vlan;
*: Management-vlan;
-------------------------------------------------------------------------------VID
Type
Ports
-------------------------------------------------------------------------------1
common
UT:Eth0/0/3(U)
Eth0/0/4(U)
Eth0/0/5(D)
Eth0/0/6(D)
Eth0/0/7(D)
Eth0/0/8(D)
Eth0/0/9(D)
Eth0/0/10(D)
Eth0/0/13(D)
Eth0/0/14(D)
Eth0/0/15(D)
Eth0/0/16(D)
Eth0/0/17(D)
Eth0/0/18(D)
Eth0/0/19(D)
Eth0/0/20(D)
Eth0/0/21(D)
Eth0/0/22(D)
GE0/0/1(D)
GE0/0/2(D)
Eth0/0/4(U)
Eth-Trunk12(U)
Eth0/0/4(U)
Eth-Trunk12(U)
Eth-Trunk12(U) 12
common
UT:Eth0/0/11(U) TG:Eth0/0/3(U)
21
common
UT:Eth0/0/12(U) TG:Eth0/0/3(U)
5.
Enable GVRP on each switch, SW3 never learn the vlan information carried by GVRP, and implement communication between PC3 and PC4. After this operation is performed, run the display gvrp statistics command to check GVRP statistics about SW3. [SW3]display gvrp statistics GVRP statistics on port Ethernet0/0/3 GVRP status
: Enabled
GVRP registrations failed
: 46
GVRP last PDU origin
: 4c1f-cc3b-8582
GVRP registration type
: Fixed
2015-8-31
Huawei Confidential
Page 139 of 226
RIP Hands-on Exercise Guide
Confidentiality Level
[PC4]ping 34.1.1.3 PING 34.1.1.3: 32
data bytes, press CTRL_C to break
Reply from 34.1.1.3: bytes=32 Sequence=1 ttl=128 time=79 ms Reply from 34.1.1.3: bytes=32 Sequence=2 ttl=128 time=62 ms Reply from 34.1.1.3: bytes=32 Sequence=3 ttl=128 time=63 ms Reply from 34.1.1.3: bytes=32 Sequence=4 ttl=128 time=62 ms Reply from 34.1.1.3: bytes=32 Sequence=5 ttl=128 time=31 ms --- 34.1.1.3 ping statistics --5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 31/59/79 ms
Notice that GVRP provides three registration modes. GVRP provides different functions in different modes. Configure a registration mode according to the requirements. Run the following command to verify the result: display gvrp status
6.
Implement communication between PC1 and PC2 through R1. After this operation is performed, perform the ping operation on PC1. [PC1]ping 21.1.1.1 PING 21.1.1.1: 32
data bytes, press CTRL_C to break
Reply from 21.1.1.1: bytes=32 Sequence=1 ttl=127 time=109 ms Reply from 21.1.1.1: bytes=32 Sequence=2 ttl=127 time=94 ms Reply from 21.1.1.1: bytes=32 Sequence=3 ttl=127 time=109 ms Reply from 21.1.1.1: bytes=32 Sequence=4 ttl=127 time=94 ms Reply from 21.1.1.1: bytes=32 Sequence=5 ttl=127 time=78 ms --- 21.1.1.1 ping statistics --5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 79/96/109 ms
You can use the router-on-a-stick and VLANIF interface to implement communication 2015-8-31
Huawei Confidential
Page 140 of 226
RIP Hands-on Exercise Guide
Confidentiality Level
between VLANs. Select a technique according to the requirements.
7.
Set the maximum number of MAC addresses learned by E0/0/13 on SW3 to 2, and configure an interface in error-down state and enable the device to generate alarms when the number of learned MAC addresses reaches the limit. There is no need to consider MAC address loss after device restart. After this operation is performed, perform the ping operation on PC3. [SW3]display mac-address security vlan 34 MAC address table of slot 0: ------------------------------------------------------------------------------MAC Address
VLAN/ VSI/SI
PEVLAN CEVLAN Port
Type
LSP/LSR-ID
MAC-Tunnel
------------------------------------------------------------------------------5489-98cf-3447 34
-
-
Eth0/0/13
security
-
------------------------------------------------------------------------------Total matching items on slot 0 displayed = 1
The port security function changes MAC addresses learned on an interface into secure dynamic MAC addresses and sticky MAC addresses. There are differences between secure dynamic MAC addresses and sticky MAC addresses in terms of aging and MAC address loss after device restart.
Questions How are packets forwarded when the router-on-a-stick method is used?
Configuration List display current-configuration # sysname R1 # interface GigabitEthernet0/0/1 # interface GigabitEthernet0/0/1.1 dot1q termination vid 12 ip address 12.1.1.254 255.255.255.0
2015-8-31
Huawei Confidential
Page 141 of 226
RIP Hands-on Exercise Guide
Confidentiality Level
arp broadcast enable # interface GigabitEthernet0/0/1.2 dot1q termination vid 21 ip address 21.1.1.254 255.255.255.0 arp broadcast enable # return
display current-configuration # sysname SW1 # vlan batch 12 21 # gvrp # lacp priority 0 # interface Eth-Trunk12 port link-type trunk port trunk allow-pass vlan 2 to 4094 mode lacp-static lacp timeout fast max active-linknumber 1 gvrp # interface Ethernet0/0/1 eth-trunk 12
2015-8-31
Huawei Confidential
Page 142 of 226
RIP Hands-on Exercise Guide
Confidentiality Level
# interface Ethernet0/0/2 eth-trunk 12 lacp priority 65535 # interface GigabitEthernet0/0/1 port link-type trunk port trunk allow-pass vlan 2 to 4094 # return
display current-configuration # sysname SW2 # vlan batch 12 21 # gvrp # interface Eth-Trunk12 port link-type trunk port trunk allow-pass vlan 2 to 4094 mode lacp-static lacp timeout fast gvrp # interface Ethernet0/0/1 eth-trunk 12 #
2015-8-31
Huawei Confidential
Page 143 of 226
RIP Hands-on Exercise Guide
Confidentiality Level
interface Ethernet0/0/2 eth-trunk 12 # interface Ethernet0/0/3 port link-type trunk port trunk allow-pass vlan 2 to 4094 gvrp # interface Ethernet0/0/4 port link-type trunk port trunk allow-pass vlan 2 to 4094 gvrp # interface Ethernet0/0/11 port link-type access port default vlan 12 # interface Ethernet0/0/12 port link-type access port default vlan 21 # return
display current-configuration # sysname SW3 # vlan batch 34 #
2015-8-31
Huawei Confidential
Page 144 of 226
RIP Hands-on Exercise Guide
Confidentiality Level
gvrp # interface Ethernet0/0/3 port link-type trunk port trunk allow-pass vlan 2 to 4094 gvrp gvrp registration fixed # interface Ethernet0/0/13 port link-type access port default vlan 34 port-security enable port-security protect-action shutdown port-security max-mac-num 2 # return
display current-configuration # sysname SW4 # vlan batch 34 # gvrp # interface Ethernet0/0/4 port link-type trunk port trunk allow-pass vlan 2 to 4094 gvrp
2015-8-31
Huawei Confidential
Page 145 of 226
RIP Hands-on Exercise Guide
Confidentiality Level
# interface Ethernet0/0/14 port link-type access port default vlan 34 # return
Chapter 9 WAN Layer 2 Technology Hands-on Exercise Guide Overview This document introduces Wide Area Network (WAN) Layer 2 technologies, including Point-to-Point Protocol (PPP), Multilink PPP (MP), PPP over Ethernet (PPPoE), and Frame Relay (FR). PPP is used at the data link layer for point-to-point data transmission over full-duplex synchronous and asynchronous links. It consists of the Link Control Protocol (LCP), Network Control Protocol (NCP), Challenge-Handshake Authentication Protocol (CHAP), and Password Authentication Protocol (PAP). MP binds multiple PPP links to increase link bandwidth. MP fragments the packets whose length is greater than the minimum packet length and then sends the fragments to the peer device over multiple PPP links in the MP-Group. After receiving these fragments, the peer device assembles these packets and then sends them to the network layer. MP can be implemented by using virtual template (VT) interfaces or MP-Group interfaces. PPPoE is a network protocol that encapsulates PPP frames into Ethernet frames. PPPoE enables multiple hosts on an Ethernet to connect to a broadband remote access server (BRAS), implementing access control and charging on a per-host basis. FR is a statistical multiplexing protocol that is applicable to charge burst traffic. In addition, FR can also dynamically allocate network resources.
Objectives
Upon completion of this exercise guide, you will be able to: Configure MP. Configure PPPoE. Configure FR.
Tasks The following topology shows the network of Company A. Deploy the network according to the following requirements: (1) Bind PPP links between R1 and R4, and disable the MP-Group mode. For details about the interface name and IP address, see the "IP Address Table". (2) Configure R1 as the PPPoE server and R5 as the PPPoE client. Enable the PPPoE server to allocate the IP address 15.1.1.5 to the PPPoE client. Configure the PPPoE server to authenticate the PPPoE client using PAP, with the user name R5 and password HUAWEI. 2015-8-31
Huawei Confidential
Page 146 of 226
RIP Hands-on Exercise Guide
Confidentiality Level
(3) Disable InARP on FR links between R1 and R2 and between R1 and R3. R1 and R2 can communicate over the network segment 12.1.1.0/24, while R1 and R3 can communicate over the network segment 23.1.1.0/24. Sub-interfaces cannot be created. (4) Run Intermediate System to Intermediate System (IS-IS) on R1, R2, R3, and R4, set the area to 47.0000, the system ID to 0000.0000.000X, and the IS-IS level to Level-2, implementing interworking between addresses in the "IP Address Table".
Topology
IP Address Table Device
R1
R2
R3
R4
Default
Interface
IP Address
Subnet Mask
VT12
12.1.1.1
255.255.255.0
N/A
VT13
13.1.1.1
255.255.255.0
N/A
VT14
14.1.1.1
255.255.255.0
N/A
VT15
15.1.1.1
255.255.255.0
N/A
Loopback 0
10.1.1.1
255.255.255.255
N/A
VT12
12.1.1.2
255.255.255.0
N/A
Loopback 0
10.2.2.2
255.255.255.255
N/A
VT13
13.1.1.3
255.255.255.0
N/A
Loopback 0
10.3.3.3
255.255.255.255
N/A
VT14
14.1.1.4
255.255.255.0
N/A
Loopback 0
10.4.4.4
255.255.255.255
N/A
Gateway
Configuration and Verification 1.
Bind PPP links between R1 and R4, and disable the MP-Group mode. For details about the interface name and IP address, see the "IP Address Table." 2015-8-31
Huawei Confidential
Page 147 of 226
RIP Hands-on Exercise Guide
Confidentiality Level
After completing this task, run the display ppp mp command to view the MP binding information. The following uses the display of R1 as an example. The table shows only key information, while other information is omitted. [R1]display ppp mp Template is Virtual-Template14 Bundle 22645b08be91, 2 members, slot 0, Master link is Virtual-Template14:0 0 lost fragments, 0 reordered, 0 unassigned, sequence 0/0 rcvd/sent The bundled sub channels are: Serial2/0/0 Serial2/0/1
MP can be implemented by using MP-Group interfaces or VT interfaces. You can also run the following command to verify the results: display interface virtual-template
2.
Configure R1 as the PPPoE server and R5 as the PPPoE client. Enable the PPPoE server to allocate the IP address 15.1.1.5 to the PPPoE client. Configure the PPPoE server to authenticate the PPPoE client using PAP, with the user name R5 and password HUAWEI. After completing this task, run the display pppoe-server session/display ip interface brief command to view information about the PPPoE server and IP address of the client. The following table shows information of R1 and R5. The table shows only key information, while other information is omitted. [R1]display pppoe-server session SID Intf 1
Virtual-Template15:0
all
State OIntf UP
GE0/0/0
RemMAC
LocMAC
00e0.fc03.b392 00e0.fc03.ab7f
[R5]display ip interface brief Interface
IP Address/Mask
Dialer15
15.1.1.5/32
GigabitEthernet0/0/0
unassigned
Physical up up
Protocol up(s) down
You can also run the following command to verify the results: display pppoe-client session
3.
Disable InARP on FR links between R1 and R2 and between R1 and R3. R1 and R2 can communicate over the network segment 12.1.1.0/24, while R1 and R3 can communicate over the network segment 23.1.1.0/24. Sub-interfaces cannot be created. 2015-8-31
Huawei Confidential
Page 148 of 226
RIP Hands-on Exercise Guide
Confidentiality Level
After completing this task, run the display fr map-info command to view FR address mapping information. The following table shows information on R1. [R1]display fr map-info Map Statistics for interface Serial1/0/0 (DTE) DLCI = 102, PPP over FR Virtual-Template12, Serial1/0/0 create time = 2013/09/18 19:22:33, status = ACTIVE encapsulation = ietf, vlink = 0 DLCI = 103, PPP over FR Virtual-Template13, Serial1/0/0 create time = 2013/09/18 19:22:41, status = ACTIVE encapsulation = ietf, vlink = 0
FR links can transmit multiple types of packets, such as IP packets and PPP packets. As sub-interfaces cannot be created, another method should be used to meet the requirement in this task.
4.
Run IS-IS on R1, R2, R3, and R4, set the area to 47.0000, the system ID to 0000.0000.000X, and the IS-IS level to Level-2, implementing interworking between addresses in the "IP Address Table". After completing this task, run the display ip routing-table protocol isis command to view IS-IS routing information on R1. [R1]display ip routing-table protocol isis Destination/Mask
Proto
Pre
Cost
Flags NextHop
Interface
10.2.2.2/32
ISIS-L2 15
10
D
12.1.1.2
Virtual-Template12
10.3.3.3/32
ISIS-L2 15
10
D
13.1.1.3
Virtual-Template13
10.4.4.4/32
ISIS-L2 15
10
D
14.1.1.4
Virtual-Template14
IS-IS does not apply to FR links. To enable IS-IS on FR links, you need to configure sub-interfaces or PPP over FR (PPPoFR).
Questions What are the characteristics of VT interfaces?
Configuration List display current-configuration # sysname R1 #
2015-8-31
Huawei Confidential
Page 149 of 226
RIP Hands-on Exercise Guide
Confidentiality Level
aaa authentication-scheme default authorization-scheme default accounting-scheme default domain default domain default_admin local-user r5 password cipher %$%$wgCcG9i@%B0!z/SzyC&,S2fp%$%$ local-user r5 service-type ppp local-user admin password cipher %$%$K8m.Nt84DZ}e#*9p9daA=1eVjFUnm!D9,Q[3%$%$ ip address ppp-negotiate dialer user R5 dialer bundle 1 # interface GigabitEthernet0/0/0 pppoe-client dial-bundle-number 1 # return
2015-8-31
Huawei Confidential
Page 154 of 226
RIP Hands-on Exercise Guide
Confidentiality Level
Chapter 10 STP Hands-on Exercise Guide Overview STP prevents loops at the data link layer. It uses BPDUs to transmit STP information, calculate a loop-free tree network topology and block a specified port. When a network fault occurs, STP can detect the fault and use another path to transmit data. STP exchanges BPDUs to select the root switch; each non-root-switch selects the root port to communicate with the root switch; the designated port is selected on each network segment to forward data to the root switch; the remaining ports, that is, ports not selected as the root and designated ports, are blocked. STP can prevent loops, but there are disadvantages. STP does not differentiate port statuses and roles in a fine-granular manner. It defines five ports statuses and has slow convergence. For users, there are no differences between ports in Listening, Learning, and Blocking states. Ports in Listening, Learning, and Blocking states do not forward traffic. RSTP is an extension based on STP, and when compared to STP has two additional port roles. RSTP defines four port rules: root port, designated port, alternate port, and backup port. RSTP defines the port status based on whether the port forwards user traffic and learns MAC addresses. If a port neither forwards user traffic nor learns MAC addresses, the port is in Discarding state. If a port does not forward user traffic but learns MAC addresses, the port is in Learning state. If a port forwards user traffic and learns MAC addresses, the port is in Forwarding state. RSTP uses the Proposal/Agreement mechanism, fast switching of the root port, and edge port to implement fast convergence. RSTP, an enhancement to STP, implements fast convergence of the network topology. There is a defect for both RSTP and STP: All VLANs on a LAN use one spanning tree, and VLAN-based load balancing cannot be performed. Once a link is blocked, it will no longer transmit traffic, wasting bandwidth and causing the failure in forwarding certain VLAN packets. MSTP can be used to address this issue. MSTP divides a switching network into multiple regions, each of which has multiple spanning trees that are independent of one another. Each region is called MST region and each spanning tree is called an MSTI. An MSTI can contain multiple VLANs. Binding multiple VLANs to one MSTI reduces communication costs and resource usage. The topology of each MSTI is calculated independently, and traffic can be balanced among MSTIs.
Objectives Upon completion of this exercise guide, you will be able to: Perform basic configurations of STP, RSTP, and MSTP. Configure MSTIs. Configure multiple MST regions. Configure protection functions. Configure BPDU filtering. Explain election principles of STP, RSTP, and MSTP.
Tasks The following topology shows the Layer 2 network of a company. SW1 and SW2 are core switches. Deploy the network according to the following requirements: (1) Configure the latest spanning tree protocol on the four switches, configure VLAN 10 and VLAN 20 for service A, configure VLAN 30 and VLAN 40 for service B, and configure management VLANs 50 and 60. Configure the four switches to allow the preceding VLANs. 2015-8-31
Huawei Confidential
Page 155 of 226
RIP Hands-on Exercise Guide
Confidentiality Level
Service A, Service B and management VLANs calculate the path separately. (2) Optimize the network to implement load balancing. Ensure that different topologies are used for services A and B:ServiceA use SW1 as root, Service B use SW2 as root, when the root switch in any topology fails, the new root switch should be the core device (SW1, SW2 works as the core device, SW3, SW4 works as the access device.) (3) The spanning tree region configuration on SW1, SW2, and SW3 are different from that on SW4 due to configuration errors or other causes. Ensure that SW4 can access VLANs on other switches through SW1 user the link with even number. (4) Use port priority to Configure SW1 and SW2 to use different links to transmit services A and B, implementing redundancy. (5) Ensure that SW3 and SW4 will never be the root switch of the network. (6) Configure the ports eth0/0/7 of SW2 operate in Forwarding state when faulty links recover, and provide solutions if there are risks to devices such as rogue switches connected to user ports. (7) To save the CPU resources, configure the two core switches to respond the TC-BPDU twice during one hello interval. (8) To reduce the convergence time of MSTP, configure the link between switches as point-to-point.
Topology
IP Address Table Default
Device
Interface
IP Address
Subnet Mask
PC1
G 0/0/7
10.0.1.1
255.255.255.0
N/A
PC2
G 0/0/7
10.0.1.2
255.255.255.0
N/A
PC3
G 0/0/7
20.0.1.1
255.255.255.0
N/A
2015-8-31
Huawei Confidential
Gateway
Page 156 of 226
RIP Hands-on Exercise Guide
Confidentiality Level
Configuration and Verification 1.
Configure the latest spanning tree protocol on the four switches, configure VLAN 10 and VLAN 20 for service A, configure VLAN 30 and VLAN 40 for service B, and configure management VLANs 50 and 60. Configure the four switches to allow the preceding VLANs. Service A, Service B and management VLANs calculate the path separately. Note: Latest STP means MSTP, configure links as trunk links, and configure the links to allow all VLANs. Need to use multi-instance. [SW1] display stp region-configuration Oper configuration Format selector Region name
:0 :1
Revision level Instance
2.
:0
VLANs Mapped
0
1 to 9, 11 to 19, 21 to 29, 31 to 39, 41 to 4094
1
10, 20
2
30, 40
Optimize the network to implement load balancing. Ensure that different topologies are used for services A and B:ServiceA use SW1 as root, Service B use SW2 as root, when the root switch in any topology fails, the new root switch should be the core device (SW1, SW2 works as the core device, SW3, SW4 works as the access device.) Note: Configure multiple MSTIs and adjust the root switch in different MSTIs.
3.
The spanning tree region configuration on SW1, SW2, and SW3 are different from that on SW4 due to configuration errors or other causes. Ensure that SW4 can access VLANs on other switches through SW1 user the link with even number. Note: Configure multiple MST regions. Use port priority to choose the blocking link. [SW4]display stp region-configuration Oper configuration Format selector Region name Revision level
2015-8-31
:0 :2 :0
Huawei Confidential
Page 157 of 226
RIP Hands-on Exercise Guide Instance
Confidentiality Level
VLANs Mapped
0
1 to 9, 11 to 19, 21 to 29, 31 to 39, 41 to 4094
1
10, 20
2
30, 40
display stp brief MSTID
4.
Port
Role
STP State
Protection
0
Ethernet0/0/3
ALTE
DISCARDING
NONE
0
Ethernet0/0/4
ALTE
DISCARDING
NONE
0
Ethernet0/0/5
ALTE
DISCARDING
NONE
0
Ethernet0/0/6
ROOT
FORWARDING
NONE
0
Ethernet0/0/7
DESI
FORWARDING
NONE
1
Ethernet0/0/3
ALTE
DISCARDING
NONE
1
Ethernet0/0/4
ALTE
DISCARDING
NONE
1
Ethernet0/0/5
ALTE
DISCARDING
NONE
1
Ethernet0/0/6
MAST
FORWARDING
NONE
2
Ethernet0/0/3
ALTE
DISCARDING
NONE
2
Ethernet0/0/4
ALTE
DISCARDING
NONE
2
Ethernet0/0/5
ALTE
DISCARDING
NONE
2
Ethernet0/0/6
MAST
FORWARDING
NONE
Use port priority to Configure SW1 and SW2 to use different links to transmit services A and B, implementing redundancy. After the configuration is performed, different services are transmitted using different links. [SW1]dis stp brief MSTID
Port
Role
STP State
Protection
0
Ethernet0/0/1
DESI
FORWARDING
NONE
0
Ethernet0/0/2
DESI
FORWARDING
NONE
1
Ethernet0/0/1
DESI
FORWARDING
NONE
……
2015-8-31
Huawei Confidential
Page 158 of 226
RIP Hands-on Exercise Guide 1
Ethernet0/0/2
2
Ethernet0/0/1
2
Ethernet0/0/2
Confidentiality Level DESI
FORWARDING
NONE
…… ALTE ROOT
DISCARDING FORWARDING
NONE NONE
……
5.
Ensure that SW3 and SW4 will never be the root switch of the network. Note: Adjust the configuration and consider using root protection. [SW1]dis stp brief MSTID
6.
Port
Role
STP State
Protection
0
Ethernet0/0/1
DESI
FORWARDING
NONE
0
Ethernet0/0/2
DESI
FORWARDING
NONE
0
Ethernet0/0/3
DESI
FORWARDING
ROOT
0
Ethernet0/0/4
DESI
FORWARDING
ROOT
0
Ethernet0/0/5
DESI
FORWARDING
ROOT
0
Ethernet0/0/6
DESI
FORWARDING
ROOT
1
Ethernet0/0/1
DESI
FORWARDING
NONE
1
Ethernet0/0/2
DESI
FORWARDING
NONE
1
Ethernet0/0/3
DESI
FORWARDING
ROOT
1
Ethernet0/0/4
DESI
FORWARDING
ROOT
1
Ethernet0/0/5
DESI
FORWARDING
ROOT
1
Ethernet0/0/6
DESI
FORWARDING
ROOT
2
Ethernet0/0/1
ALTE
DISCARDING
NONE
2
Ethernet0/0/2
ROOT
FORWARDING
NONE
2
Ethernet0/0/3
DESI
FORWARDING
ROOT
2
Ethernet0/0/4
DESI
FORWARDING
ROOT
2
Ethernet0/0/5
DESI
FORWARDING
ROOT
2
Ethernet0/0/6
DESI
FORWARDING
ROOT
Configure the ports eth0/0/7 of SW2 operate in Forwarding state when faulty links recover, and provide solutions if there are risks to devices such as rogue 2015-8-31
Huawei Confidential
Page 159 of 226
RIP Hands-on Exercise Guide
Confidentiality Level
switches connected to user ports. Note: Use the edge port and consider how to prevent risks caused by the edge port. [SW2]display stp interface Ethernet 0/0/7 -------[CIST Global Info][Mode MSTP]------CIST Bridge
:32768.4c1f-ccfa-13b8
…… CIST RootPortId
:128.3
BPDU-Protection
:Enabled
TC or TCN received
:634
…… ----[Port7(Ethernet0/0/7)][FORWARDING]---Port Protocol
:Enabled
….. Port Edged
:Config=enabled / Active=enabled
BPDU-Protection
:Enabled
Point-to-point
:Config=auto / Active=true
……
7.
To save the CPU resources, configure the two core switches to respond the TC-BPDU twice during one hello interval. Note: Enable TC-BPDU protection and Adjust parameters on switches.
8.
To reduce the convergence time of MSTP, configure the link between switches as point-to-point. After configuration, we can see the following information on the switch. [SW4]display stp interface Ethernet 0/0/1 -------[CIST Global Info][Mode MSTP]------…… ----[Port1(Ethernet0/0/1)][FORWARDING]---Port Protocol
:Enabled
……
2015-8-31
Huawei Confidential
Page 160 of 226
RIP Hands-on Exercise Guide Point-to-point
Confidentiality Level
:Config=ForceTrue
……
Questions For requirement 9, why p2p link can accelerate the convergence of STP? When traffic in VLAN 10/20/30/40/50/60 on SW4 needs to be transmitted in VLANs on core switches, can the link between SW2 and SW4 be used?
Configuration List display current-configuration # sysname SW1 # vlan batch 10 20 30 40 50 60 # stp instance 0 root primary stp instance 1 root primary stp instance 2 root secondary stp tc-protection stp tc-protection threshold 2 # stp region-configuration region-name 1 instance 1 vlan 10 20 instance 2 vlan 30 40 active region-configuration # interface Ethernet0/0/1 port link-type trunk port trunk allow-pass vlan 2 to 4094 stp point-to-point force-true
2015-8-31
Huawei Confidential
Page 161 of 226
RIP Hands-on Exercise Guide
Confidentiality Level
# interface Ethernet0/0/2 port link-type trunk port trunk allow-pass vlan 2 to 4094 stp point-to-point force-true # interface Ethernet0/0/3 port link-type trunk port trunk allow-pass vlan 2 to 4094 stp root-protection stp point-to-point force-true # interface Ethernet0/0/4 port link-type trunk port trunk allow-pass vlan 2 to 4094 stp root-protection stp point-to-point force-true # interface Ethernet0/0/5 port link-type trunk port trunk allow-pass vlan 2 to 4094 stp root-protection stp point-to-point force-true # interface Ethernet0/0/6 port link-type trunk port trunk allow-pass vlan 2 to 4094 stp root-protection stp point-to-point force-true
2015-8-31
Huawei Confidential
Page 162 of 226
RIP Hands-on Exercise Guide
Confidentiality Level
stp instance 0 port priority 16 # return
display current-configuration # sysname SW2 # vlan batch 10 20 30 40 50 60 # stp instance 0 root secondary stp instance 1 root secondary stp instance 2 root primary stp bpdu-protection stp tc-protection stp tc-protection threshold 2 # stp region-configuration region-name 1 instance 1 vlan 10 20 instance 2 vlan 30 40 active region-configuration # interface Ethernet0/0/1 port link-type trunk port trunk allow-pass vlan 2 to 4094 stp point-to-point force-true # interface Ethernet0/0/2
2015-8-31
Huawei Confidential
Page 163 of 226
RIP Hands-on Exercise Guide
Confidentiality Level
port link-type trunk port trunk allow-pass vlan 2 to 4094 stp point-to-point force-true stp instance 2 port priority 16 # interface Ethernet0/0/3 port link-type trunk port trunk allow-pass vlan 2 to 4094 stp root-protection stp point-to-point force-true # interface Ethernet0/0/4 port link-type trunk port trunk allow-pass vlan 2 to 4094 stp root-protection stp point-to-point force-true # interface Ethernet0/0/5 port link-type trunk port trunk allow-pass vlan 2 to 4094 stp root-protection stp point-to-point force-true # interface Ethernet0/0/6 port link-type trunk port trunk allow-pass vlan 2 to 4094 stp root-protection stp point-to-point force-true #
2015-8-31
Huawei Confidential
Page 164 of 226
RIP Hands-on Exercise Guide
Confidentiality Level
interface Ethernet0/0/7 port link-type access port default vlan 50 stp edged-port enable # return
display
current-configuration
# sysname SW3 # vlan batch 10 20 30 40 50 60 70 # stp region-configuration region-name 1 instance 1 vlan 10 20 instance 2 vlan 30 40 active region-configuration # interface Ethernet0/0/1 port link-type trunk undo port trunk allow-pass vlan 1 port trunk allow-pass vlan 70 stp point-to-point force-true # interface Ethernet0/0/2 port link-type trunk undo port trunk allow-pass vlan 1 port trunk allow-pass vlan 70
2015-8-31
Huawei Confidential
Page 165 of 226
RIP Hands-on Exercise Guide
Confidentiality Level
stp point-to-point force-true # interface Ethernet0/0/3 port link-type trunk port trunk allow-pass vlan 2 to 4094 stp point-to-point force-true # interface Ethernet0/0/4 port link-type trunk port trunk allow-pass vlan 2 to 4094 stp point-to-point force-true # interface Ethernet0/0/5 port link-type trunk port trunk allow-pass vlan 2 to 4094 stp point-to-point force-true # interface Ethernet0/0/6 port link-type trunk port trunk allow-pass vlan 2 to 4094 stp point-to-point force-true # return
display current-configuration # sysname SW4 # vlan batch 10 20 30 40 50 60 70
2015-8-31
Huawei Confidential
Page 166 of 226
RIP Hands-on Exercise Guide
Confidentiality Level
# stp region-configuration region-name 2 instance 1 vlan 10 20 instance 2 vlan 30 40 active region-configuration # interface Ethernet0/0/1 port link-type trunk undo port trunk allow-pass vlan 1 port trunk allow-pass vlan 70 stp point-to-point force-true # interface Ethernet0/0/2 port link-type trunk undo port trunk allow-pass vlan 1 port trunk allow-pass vlan 70 stp point-to-point force-true # interface Ethernet0/0/3 port link-type trunk port trunk allow-pass vlan 2 to 4094 stp point-to-point force-true # interface Ethernet0/0/4 port link-type trunk port trunk allow-pass vlan 2 to 4094 stp point-to-point force-true #
2015-8-31
Huawei Confidential
Page 167 of 226
RIP Hands-on Exercise Guide
Confidentiality Level
interface Ethernet0/0/5 port link-type trunk port trunk allow-pass vlan 2 to 4094 stp point-to-point force-true # interface Ethernet0/0/6 port link-type trunk port trunk allow-pass vlan 2 to 4094 stp point-to-point force-true # return
Chapter 11 Multicast Hands-on Exercise Guide Overview As the Internet is developing rapidly, increasing data, voice, and video streams are transmitted on networks. Emerging services, such as e-commerce, teleconferencing, online auction, video on demand (VoD), and distance education are becoming more and more popular. These services often use the multipoint-to-multipoint transmission model and require high information security, paid service, and high bandwidth. The IP protocol supports three transmission modes: IP unicast, IP broadcast, and IP multicast. A multicast packet uses a multicast address as the destination address, which identifies a multicast group. A multicast source sends only one copy of packets to a multicast address. The multicast routing protocol running on the network establishes a multicast distribution tree from the multicast source to all members of the multicast group. Multicast data packets are replicated to all group members. Hosts can join a group to receive data sent to the group. In multicast transmission mode, a data flow is transmitted to a group of users along the multicast distribution tree. Each link transmits only one copy of multicast data packets. Compared with the unicast mode, the multicast mode reduces loads on servers and CPUs of network devices. The increase in the number of users will not significantly increase network loads. Multicast packets can be transmitted across different network segments and will not be sent to users who do not need the packets. Compared with the broadcast mode, the multicast mode can transmit data over a long distance. In addition, data is transmitted only to network segments with receivers, ensuring information security. In a summary, the multicast mode has advantages over the unicast and broadcast modes in the multipoint-to-multipoint transmission model. A multicast group is identified by an IP multicast address. It represents a collection of systems but not a specific host. If a host joins a multicast group, it means that the host wants to receive packets destined for the IP multicast address. Multicast addresses are class D IP addresses in the range of 224.0.0.0 to 239.255.255.255. IP addresses 224.0.0.0 to 224.0.0.255 are reserved as permanent group addresses by the Internet Assigned Numbers Authority (IANA). In this address range, 224.0.0.0 is not allocated, and the other addresses are used by 2015-8-31
Huawei Confidential
Page 168 of 226
RIP Hands-on Exercise Guide
Confidentiality Level
routing protocols for topology discovery and maintenance.
Objectives Upon completion of this exercise guide, you will be able to: Understand multicast application scenarios and working mechanisms. Configure multicast sources. Configure IGMP. Configure PIM-DM. Configure PIM-SM. Configure static and dynamic RP. Understand the RPF working mechanism. Configure static multicast routes.
Tasks
(1)
(2)
(3)
(4) (5) (6)
The following topology shows the network of Company A. The network runs the OSPF protocol. Routers R2, R3, R4, and R5 work in area 0. Routers R1, R2, and R3 in area 1 form a frame relay (FR) network and adopt a hub-spoke structure. Do not change the default network type or the link costs unless you are required to. R6/R7 locate in area 2. Ensure that reachable routes are available among the network devices. The company needs to deploy the multicast service on the network. There are three multicast sources on the network. Source 1 and Source 3 connect to R1. Source 2 needs to send multicast data to PC2 in group 239.2.2.2 using the PIM-SM mode. PC3-1 and PC3-2 need to join group 239.3.3.3. Multicast data should be transmitted without a rendezvous point tree (RPT). The link between R5 and R7 and the link between R4 and R6 need to transmit a large amount of multicast data, so PIM cannot be enabled on the two links. Deploy the network according to the following requirements: Make R4 and R5 the RPs and ensure that the RP address is 45.45.45.45 on all multicast devices. The RPs must be determined through dynamic RP election. Make R2 the bootstrap router (BSR) and use IP address of loopback 0 (20.1.1.2) as the BSR address. Ensure that 20.1.1.2 is in area 1. R2 is the designated router (DR) on the Ethernet network. For Source 1 (10.1.1.1) connecting to R1, receiver is PC1. PC1 runs IGMPv2, when R7 receive membership report message, just join multicast group 239.1.1.1 from S1. The two RPs implement load balancing and back each other up. The RPs run the Multicast Source Discovery Protocol (MSDP), and only Source-Active (SA) messages with the (70.0.0.7, 239.2.2.2) mapping are allowed between the RPs. Ensure that Source 2 will not receive multicast data packets from other multicast sources. Ensure that the multicast stream sent from Source 2 (70.0.0.7) to the downstream receiver PC2 is forwarded along the best path. When the IGMP querier on the Ethernet network in area 0 fails, a new querier must be available as fast as possible.
2015-8-31
Huawei Confidential
Page 169 of 226
RIP Hands-on Exercise Guide
Confidentiality Level
Topology
IP Address Table Device
R1
R2
R3
R4
2015-8-31
Default
Interface
IP Address
Subnet Mask
G 0/0/0
10.1.1.254
255.255.255.0
N/A
G 0/0/1
10.3.3.254
255.255.255.0
N/A
S 1/0/0
1.1.123.1
255.255.255.0
N/A
G 0/0/2
192.168.1.2
255.255.255.0
N/A
S 1/0/0
1.1.123.2
255.255.255.0
N/A
Loopback 0
20.1.1.2
255.255.255.255
N/A
G 0/0/2
192.168.1.3
255.255.255.0
N/A
S 1/0/0
1.1.123.3
255.255.255.0
N/A
G 0/0/0
1.1.45.4
255.255.255.0
N/A
G 1/0/0
1.1.46.4
255.255.255.0
N/A
G 0/0/2
192.168.1.4
255.255.255.0
N/A
Huawei Confidential
Gateway
Page 170 of 226
RIP Hands-on Exercise Guide
Confidentiality Level
G 0/0/1
1.1.47.4
255.255.255.0
N/A
Loopback 1
45.45.45.45
255.255.255.255
N/A
G 0/0/0
1.1.45.5
255.255.255.0
N/A
G 0/0/1
1.1.56.5
255.255.255.0
N/A
G 0/0/2
192.168.1.5
255.255.255.0
N/A
G 1/0/0
1.1.57.5
255.255.255.0
N/A
Loopback 1
45.45.45.45
255.255.255.255
N/A
G1/0/0
1.1.46.6
255.255.255.0
N/A
G 0/0/1
1.1.56.6
255.255.255.0
N/A
G 0/0/0
60.0.1.254
255.255.255.0
N/A
G 0/0/2
60.0.2.254
255.255.255.0
N/A
G 0/0/1
1.1.47.7
255.255.255.0
N/A
G 1/0/0
1.1.57.7
255.255.255.0
N/A
G 0/0/2
70.0.0.254
255.255.255.0
N/A
Source 1
E 0/0/1
10.1.1.1
255.255.255.0
10.1.1.254
Source 2
E 0/0/1
70.0.0.7
255.255.255.0
70.0.0.254
Source 3
E 0/0/1
10.3.3.3
255.255.255.0
10.3.3.254
PC 1
E 0/0/1
70.0.0.1
255.255.255.0
70.0.0.254
PC 2
E 0/0/1
60.0.1.1
255.255.255.0
60.0.1.254
PC 3-1
E 0/0/1
60.0.2.1
255.255.255.0
60.0.2.254
PC 3-2
E 0/0/1
192.168.1.10
255.255.255.0
192.168.1.2
R5
R6
SW1
Configuration and Verification 1.
Make R4 and R5 the RPs and ensure that the RP address is 45.45.45.45 on all multicast devices. The RPs must be determined through dynamic RP election. Make R2 the bootstrap router (BSR) and use the IP address of loopback 0 (20.1.1.2) as the BSR address. Ensure that 20.1.1.2 is in area 1. Bootstrap messages sent from the BSR must be spread throughout the network. Ensure that all multicast devices, especially R3can receive Bootstrap messages. dis pim rp VPN-Instance: public net PIM-SM BSR RP Number:1 Group/MaskLen: 224.0.0.0/4 RP: 45.45.45.45 Priority: 0
2015-8-31
Huawei Confidential
Page 171 of 226
RIP Hands-on Exercise Guide
Confidentiality Level
Uptime: 00:00:13 Expires: 00:02:17
2.
R2 is the DR on the Ethernet network. For Source 1 (10.1.1.1) connecting to R1, receivers is PC1. PC1 runs IGMPv2, when R7 receive membership report message, just join multicast group 239.1.1.1 from S1. Note that if SSM and SSM mapping are used and Join messages with the (S, G) mapping are transmitted in the FR network, the downstream receiver may receive the first multicast data packets but fail to receive the subsequent multicast data packets. [R2]display pim interface GigabitEthernet 0/0/2 VPN-Instance: public net Interface
State NbrCnt HelloInt
GE0/0/2
up
3
30
DR-Pri
100
DR-Address
192.168.1.2
(local)
display igmp ssm-mapping group IGMP SSM-Mapping conversion table of VPN-Instance: public net Total 1 entry
1 entry matched
00001. (10.1.1.1, 239.1.1.1/32) Total 1 entry matched
3.
The two RPs implement load balancing and back each other up. The RPs run MSDP, and only SA messages with the (70.0.0.7, 239.2.2.2) mapping are allowed between the RPs. You need to configure MSDP on the RPs. As the anycast-RP mode is used, pay attention to MSDP peer authentication. Configure SA filtering between the MSDP peers to allow only the specified (S, G) mapping. [R5]display msdp brief MSDP Peer Brief Information of VPN-Instance: public net Configured 1
Up 1
0
Peer's Address 1.1.45.4
4.
Listen
State
Up
Connect 0
0
Up/Down time 00:01:26
Shutdown 0
AS ?
Down
SA Count 0
Reset Count 0
Ensure that Source 2 will not receive multicast data packets from other multicast sources. 2015-8-31
Huawei Confidential
Page 172 of 226
RIP Hands-on Exercise Guide
Confidentiality Level
SW1 connects to Source 2 and receiver PC1. PC1 needs to receive multicast data from Source 1. To prevent Source 2 from receiving multicast data packets from other multicast sources, configure IGMP snooping. [Sw1]dis igmp-snooping configuration IGMP Snooping Configuration for VLAN 1 igmp-snooping enable
5.
Ensure that the multicast stream sent from Source 2 (70.0.0.7) to the downstream receiver PC2 is forwarded along the best path. R4 is the RP for the source and R5 is the RP for the receiver. Configure an MSDP session and enable switchover between the two RPs. There are equal paths from S2 (70.0.0.7) on R7 to R6. But PIM is not enabled on the link between R7 and R5, R4 and R6. Be sure RPT and SPT can be established successfully. [R5]dis multicast rpf-info 70.0.0.0 VPN-Instance: public net RPF information about source: 70.0.0.0 RPF interface: GigabitEthernet0/0/0, RPF neighbor: 1.1.45.4 Referenced route/mask: 70.0.0.0/24 Referenced route type: mstatic Route selection rule: preference-preferred Load splitting rule: disable
display pim routing-table VPN-Instance: public net Total 1 (*, G) entry; 1 (S, G) entry
(*, 239.2.2.2) RP: 45.45.45.45 (local) Protocol: pim-sm, Flag: WC UpTime: 00:13:10 Upstream interface: Register Upstream neighbor: NULL RPF prime neighbor: NULL
2015-8-31
Huawei Confidential
Page 173 of 226
RIP Hands-on Exercise Guide
Confidentiality Level
Downstream interface(s) information: Total number of downstreams: 1 1: GigabitEthernet0/0/1 Protocol: pim-sm, UpTime: 00:13:10, Expires: 00:03:20
(70.0.0.7, 239.2.2.2) RP: 45.45.45.45 (local) Protocol: pim-sm, Flag: SPT 2MSDP ACT UpTime: 00:03:08 Upstream interface: GigabitEthernet0/0/0 Upstream neighbor: 1.1.45.4 RPF prime neighbor: 1.1.45.4 Downstream interface(s) information: Total number of downstreams: 1 1: GigabitEthernet0/0/1 Protocol: pim-sm, UpTime: 00:03:08, Expires: 00:03:22
6.
When the IGMP querier on the Ethernet network in area 0 fails, a new querier must be available as fast as possible. There is a receiver on the backbone network. R2 has the smallest IP address on the backbone network and should be elected as the querier. If the querier fails, R3 should act as the querier. However, the default querier re-election interval is a long time. To enable R3 to preempt as the new querier as fast as possible, you can change the Other Querier Present Timer value. [R4]display igmp interface GigabitEthernet 0/0/2 Interface information of VPN-Instance: public net GigabitEthernet0/0/2(192.168.1.4): IGMP is enabled Current IGMP version is 2 IGMP state: up IGMP group policy: none IGMP limit: -
2015-8-31
Huawei Confidential
Page 174 of 226
RIP Hands-on Exercise Guide
Confidentiality Level
Value of query interval for IGMP (negotiated): Value of query interval for IGMP (configured): 20 s Value of other querier timeout for IGMP: 51 s Value of maximum query response time for IGMP: 10 s Querier for IGMP: 192.168.1.2 Total 1 IGMP Group reported
Questions When use anycast to implement load balance between RPs, what will happen and how to resolve the problem?
Configuration List display current-configuration # sysname R1 # multicast routing-enable # interface Serial1/0/0 link-protocol fr ip address 1.1.123.1 255.255.255.0 pim sm # interface GigabitEthernet0/0/0 ip address 10.1.1.254 255.255.255.0 pim sm # interface GigabitEthernet0/0/1 ip address 10.3.3.254 255.255.255.0 pim sm
2015-8-31
Huawei Confidential
Page 175 of 226
RIP Hands-on Exercise Guide
Confidentiality Level
# ospf 1 peer 1.1.123.2 peer 1.1.123.3 area 0.0.0.1 network 1.1.123.0 0.0.0.255 network 10.1.1.0 0.0.0.255 network 10.3.3.0 0.0.0.255 network 10.5.5.0 0.0.0.255 # pim # return
display current-configuration # sysname R2 # multicast routing-enable # interface Serial1/0/0 link-protocol fr ip address 1.1.123.2 255.255.255.0 pim sm ospf dr-priority 0 # interface Serial1/0/1 link-protocol ppp #
2015-8-31
Huawei Confidential
Page 176 of 226
RIP Hands-on Exercise Guide
Confidentiality Level
interface GigabitEthernet0/0/2 ip address 192.168.1.2 255.255.255.0 pim hello-option dr-priority 100 pim sm igmp enable igmp version 3 igmp timer query 20 igmp timer other-querier-present 60 # interface LoopBack0 ip address 20.1.1.2 255.255.255.255 pim sm # ospf 1 peer 1.1.123.1 area 0.0.0.0 network 192.168.1.0 0.0.0.255 area 0.0.0.1 network 1.1.123.0 0.0.0.255 network 20.1.1.0 0.0.0.255 # pim c-bsr LoopBack0 # return
display current-configuration # sysname R3
2015-8-31
Huawei Confidential
Page 177 of 226
RIP Hands-on Exercise Guide
Confidentiality Level
# multicast routing-enable # interface Serial1/0/0 link-protocol fr ip address 1.1.123.3 255.255.255.0 pim sm ospf dr-priority 0 # interface GigabitEthernet0/0/2 ip address 192.168.1.3 255.255.255.0 pim sm igmp enable igmp version 3 igmp timer query 20 igmp timer other-querier-present 60 # ospf 1 peer 1.1.123.1 area 0.0.0.0 network 192.168.1.0 0.0.0.255 area 0.0.0.1 network 1.1.123.0 0.0.0.255 # ip rpf-route-static 20.1.1.2 32 1.1.123.1 # return
display current-configuration
2015-8-31
Huawei Confidential
Page 178 of 226
RIP Hands-on Exercise Guide
Confidentiality Level
# sysname R4 # multicast routing-enable # acl number 3001 rule 5 permit ip source 70.0.0.7 0 destination 239.2.2.2 0 rule 10 deny ip # interface GigabitEthernet0/0/0 ip address 1.1.45.4 255.255.255.0 pim sm # interface GigabitEthernet0/0/1 ip address 1.1.47.4 255.255.255.0 pim sm # interface GigabitEthernet0/0/2 ip address 192.168.1.4 255.255.255.0 pim hello-option dr-priority 20 pim sm igmp enable igmp version 3 igmp timer query 20 igmp timer other-querier-present 60 # interface GigabitEthernet1/0/0 ip address 1.1.46.4 255.255.255.0 #
2015-8-31
Huawei Confidential
Page 179 of 226
RIP Hands-on Exercise Guide
Confidentiality Level
interface LoopBack1 ip address 45.45.45.45 255.255.255.255 pim sm # ospf 1 area 0.0.0.0 network 1.1.45.0 0.0.0.255 network 45.45.45.45 0.0.0.0 network 192.168.1.0 0.0.0.255 area 0.0.0.2 network 1.1.46.0 0.0.0.255 network 1.1.47.0 0.0.0.255 # pim c-rp LoopBack1 # pim c-rp LoopBack1 anycast-rp 45.45.45.45 local-address 1.1.45.4 peer 1.1.45.5 # return
display current-configuration # sysname R5 # multicast routing-enable
2015-8-31
Huawei Confidential
Page 180 of 226
RIP Hands-on Exercise Guide
Confidentiality Level
# acl number 3001 rule 5 permit ip source 70.0.0.7 0 destination 239.2.2.2 0 rule 10 deny ip # interface GigabitEthernet0/0/0 ip address 1.1.45.5 255.255.255.0 pim sm # interface GigabitEthernet0/0/1 ip address 1.1.56.5 255.255.255.0 pim sm # interface GigabitEthernet0/0/2 ip address 192.168.1.5 255.255.255.0 pim sm igmp enable igmp version 3 igmp timer query 20 igmp timer other-querier-present 60 # interface GigabitEthernet1/0/0 ip address 1.1.57.5 255.255.255.0 # interface LoopBack1 ip address 45.45.45.45 255.255.255.255 pim sm # ospf 1
2015-8-31
Huawei Confidential
Page 181 of 226
RIP Hands-on Exercise Guide
Confidentiality Level
area 0.0.0.0 network 1.1.45.0 0.0.0.255 network 45.45.45.45 0.0.0.0 network 192.168.1.0 0.0.0.255 area 0.0.0.2 network 1.1.56.0 0.0.0.255 network 1.1.57.0 0.0.0.255 # pim c-rp LoopBack1 # pim c-rp LoopBack1 anycast-rp 45.45.45.45 local-address 1.1.45.5 peer 1.1.45.4 # ip rpf-route-static 70.0.0.0 24 1.1.45.4 # return
display current-configuration # sysname R6 # multicast routing-enable # interface GigabitEthernet0/0/0 ip address 60.0.1.254 255.255.255.0
2015-8-31
Huawei Confidential
Page 182 of 226
RIP Hands-on Exercise Guide
Confidentiality Level
pim sm igmp enable # interface GigabitEthernet0/0/1 ip address 1.1.56.6 255.255.255.0 pim sm # interface GigabitEthernet0/0/2 ip address 60.0.2.254 255.255.255.0 pim sm igmp enable igmp version 3 # interface GigabitEthernet1/0/0 ip address 1.1.46.6 255.255.255.0 # ospf 1 area 0.0.0.2 network 1.1.46.0 0.0.0.255 network 1.1.56.0 0.0.0.255 network 60.0.1.0 0.0.0.255 network 60.0.2.0 0.0.0.255 # return
display current-configuration # sysname R7 #
2015-8-31
Huawei Confidential
Page 183 of 226
RIP Hands-on Exercise Guide
Confidentiality Level
multicast routing-enable # interface GigabitEthernet0/0/1 ip address 1.1.47.7 255.255.255.0 pim sm # interface GigabitEthernet0/0/2 ip address 70.0.0.254 255.255.255.0 pim sm igmp enable igmp ssm-mapping enable # interface GigabitEthernet1/0/0 ip address 1.1.57.7 255.255.255.0 # ospf 1 area 0.0.0.2 network 1.1.47.0 0.0.0.255 network 1.1.57.0 0.0.0.255 network 70.0.0.0 0.0.0.255 # igmp ssm-mapping 239.1.1.1 255.255.255.255 10.1.1.1 # pim # return
display current-configuration
2015-8-31
Huawei Confidential
Page 184 of 226
RIP Hands-on Exercise Guide
Confidentiality Level
# sysname Sw1 # igmp-snooping enable # vlan 1 igmp-snooping enable # return
Chapter 12 IPv6 Hands-on Exercise Guide Overview Internet Protocol Version 6 (IPv6) is the next-generation IP protocol designed by the Internet Engineering Task Force (IETF) as an upgraded version of the current Internet Protocol Version 4 (IPv4). Compared with IPv4, IPv6 has the following advantages: 1. Huge address space: An IPv6 address is 128 bits long. The 128-bit address structure increases the number of possible addresses by 2 96 times. 2. Flexible IP packet header: IPv6 uses a series of extension headers of fixed formats to replace the options fields of variable lengths in the IPv4 header. 3. Simple IPv6 packet header format: An IPv6 packet header carries only eight fields. The simplified packet header facilitates packet forwarding and improves throughput. 4. Enhanced security: IPv6 supports identity authentication and data encryption. 5. Support for more service types. 6. Continuous protocol evolution: IPv6 adds support for new functions and caters for future technology development requirements. Due to the large scale of the Internet and large number of IPv4 users and terminals, transition from IPv4 to IPv6 cannot be completed in a short time. In addition, enterprises and users become increasingly dependent on the Internet in their daily work and cannot tolerate service disruption brought by the transition. Therefore, IPv4 needs to gradually transit to IPv6 so that users can experience the advantages brought by IPv6 while still be able to communicate with IPv4 users. Smooth transition from IPv4 to IPv6 is a key factor determining IPv6 success. Many solutions have been proposed in the industry for smooth migration from IPv4 to IPv6. IETF organized the research team NGTrans focused on IPv4-to-IPv6 transition. The team has drafted several transition solutions and tried to standardize them. The transition solutions mainly cover the following technologies: 1. Dual-stack technology 2. Tunneling technology (including manual tunneling and automatic tunneling technologies) 3. Tunnel proxy 4. NAT-PAT 2015-8-31
Huawei Confidential
Page 185 of 226
RIP Hands-on Exercise Guide
Confidentiality Level
Objectives Upon completion of this exercise guide, you will be able to master the method to: Use stateless IPv6 address auto configuration. Configure OSPFv3. Configure IS-ISv6. Configure BGPv4+. Configure BGPv4+ to advertise default routes. Configure BGPv4+ routing policy. Configure a manual tunnel and an automatic tunnel (6to4).
Tasks
(1) (2) (3) (4) (5)
(6)
(7) (8)
(9)
The following figure shows the IPv6 network topology. Deploy the network according to the following requirements: Run OSPFv3 among R1, R2, and R3, and set the area ID of the three routers to 0 and router IDs of R1, R2, and R3 to 10.1.1.1, 10.2.2.2, and 10.3.3.3 respectively. Run IS-ISv6 among R4, R5, and R6, set the area ID of the three routers to 49.0001, and ensure that the three routers are all Level-2 routers. Run OSPFv2 on the IPv4 network between R2 and R4 and set the area ID of the two routers to 0, include loopback interfaces. Set up an IS-ISv4 neighbor relationship between R6 and R7 (an IPv4 network is deployed between R6 and R7) and set the area ID of the two routers to 49.0001. Set up full-mesh IBGP4+ IPv6 neighbor relationships among R1, R2, and R3, set the AS number of the three routers to 100, and configure R2 to advertise default routes to AS100. Set up an IBGP4+ IPv6 neighbor relationship between R4 and R5 and set the AS number of the two routers to 200. Set up an GRE manual tunnel between R2 and R4 with the tunnel address 2001:db8:24::/64 ,Set up an EBGP IPv6 neighbor relationship between R2 and R4 using IPv6 addresses, and configure R2 to advertise the route 2001:db8:100:00 of AS100 to AS200. Import IS-ISv6 routes to BGP on R4 and R5. Ensure that all IPv6 networks that connect to AS100 and AS200 can communicate with each other. Configure users connected to GE0/0/1 of R7 to automatically obtain IPv6 addresses, DNS(R1) information in state auto configuration mode. In this example, R8 is used to simulate an IPv6 terminal. Establish a 6to4 tunnel between R6 and R7. Ensure R7 can ping the IPv6 networks inside AS200.
2015-8-31
Huawei Confidential
Page 186 of 226
RIP Hands-on Exercise Guide
Confidentiality Level
Topology
IPv4 network Autoconfiguration
IPv4 network
IP Address Table Device R1 R2
R3
R4
R5
R6
R7
Interface
IP Address
Subnet Mask
G 0/0/1 Loopback 0 G 0/0/0 G 0/0/2 Loopback 0 G 0/0/0 S 4/0/0 Loopback 0 G 0/0/0 G 0/0/1 Loopback 0 G 0/0/0 S 4/0/0 Loopback 0 G 0/0/0 G 0/0/1 G 0/0/2 Loopback 0 G 0/0/0 G 0/0/1 Loopback 0
2001:db8:100::1 10.1.1.1 192.168.24.2 2001:db8:100::2 10.2.2.2 2001:db8:100::3 192.168.35.3 10.3.3.3 192.168.24.4 2002:0A06:0606:46::4 10.4.4.4 2002:0A06:0606:56::5 192.168.35.5 10.5.5.5 2002:0A06:0606:46::6 2002:0A06:0606:56::6 192.168.67.6 10.6.6.6 192.168.67.7 2002:0A07:0707::7 10.7.7.7
64 32 24 64 32 64 24 32 24 64 32 64 24 32 64 64 24 32 24 64 32
Default Gateway N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A
Configuration and Verification 1.
Run OSPFv3 among R1, R2, and R3, and set the area ID of the three routers to 0 and router IDs of R1, R2, and R3 to 10.1.1.1, 10.2.2.2, and 10.3.3.3 respectively. 2015-8-31
Huawei Confidential
Page 187 of 226
RIP Hands-on Exercise Guide
Confidentiality Level
Perform basic configurations according to the address table, and then run the display ospfv3 peer command to check information about OSPF neighbor relationships and routes on network segments where the loopback interfaces 0 reside. display ospfv3 peer OSPFv3 Process (1) OSPFv3 Area (0.0.0.0) Neighbor ID
2.
Pri
State
Dead Time Interface
Instance ID
10.2.2.2
1
Full/Backup
00:00:40
GE0/0/1
0
10.3.3.3
1
Full/DROther
00:00:31
GE0/0/1
0
Run IS-ISv6 among R4, R5, and R6, set the area ID of the three routers to 49.0001, and ensure that the three routers are all Level-2 routers. After completing this task, check information about IS-IS neighbor relationships. [R6]display isis 1 peer Peer information for ISIS(1) System Id
Interface
Circuit Id
State HoldTime Type
PRI
-------------------------------------------------------------------------------0000.0000.0004
GE0/0/0
0000.0000.0004.01 Up
8s
L2
64
0000.0000.0005
GE0/0/1
0000.0000.0006.02 Up
30s
L2
64
Total Peer(s): 2
3.
Run OSPFv2 on the IPv4 network between R2 and R4 and set the area ID of the two routers to 0, include loopback interfaces. After completing this task, check information about the OSPF neighbor relationship. [R2]display ospf peer brief OSPF Process 1 with Router ID 10.2.2.2 Peer Statistic Information -------------------------------------------------------------------------------Area Id
Interface
Neighbor id
0.0.0.0
GigabitEthernet0/0/0
10.4.4.4
State Full
-------------------------------------------------------------------------------
4.
Set up an IS-ISv4 neighbor relationship between R6 and R7 (an IPv4 network is deployed between R6 and R7) and set the area ID of the two 2015-8-31
Huawei Confidential
Page 188 of 226
RIP Hands-on Exercise Guide
Confidentiality Level
routers to 49.0001. After completing this task, check information about the IS-IS neighbor relationship. display isis peer Peer information for ISIS(1) System Id
Interface
Circuit Id
State HoldTime Type
PRI
------------------------------------------------------------------------------0000.0000.0006
GE0/0/0
0000.0000.0006.03 Up
8s
L2
64
Total Peer(s): 1
5.
Set up full-mesh IBGP4+ IPv6 neighbor relationships among R1, R2, and R3, set the AS number of the three routers to 100, and configure R2 to advertise default routes to AS100. Set up an IBGP4+ IPv6 neighbor relationship between R4 and R5 and set the AS number of the two routers to 200. Configure R2 to advertise default routes to AS100. [R1]display bgp ipv6 peer BGP local router ID : 10.1.1.1 Local AS number : 100 Total number of peers : 2 Peer
V
AS
Peers in established state : 2
MsgRcvd
MsgSent
OutQ
Up/Down
State PrefRcv
2001:DB8:100::2
4
100
2
2
0
00:00:24
Established
0
2001:DB8:100::3
4
100
2
2
0
00:00:19
Established
0
display bgp ipv6 routing-table BGP Local router ID is 10.1.1.1 Status codes: * - valid, > - best, d - damped, h - history,
i - internal, s - suppressed, S - Stale
Origin : i - IGP, e - EGP, ? - incomplete Total Number of Routes: 1 *>i Network NextHop MED
2015-8-31
: ::
PrefixLen
: 2001:DB8:100::2 : 0
LocPrf PrefVal
Huawei Confidential
: 0 : 100
: 0
Page 189 of 226
RIP Hands-on Exercise Guide Label
Confidentiality Level
:
Path/Ogn
: i
display bgp ipv6 peer BGP local router ID : 10.4.4.4 Local AS number : 200 Total number of peers : 1 Peer
V
AS
Peers in established state : 1
MsgRcvd
MsgSent
OutQ
Up/Down
State PrefRcv
2002:A06:606:56::5 4
6.
200
2
2
0
00:00:16
Established
0
Set up an GRE manual tunnel between R2 and R4 with the tunnel address 2001:db8:24::/64.Set up an EBGP IPv6 neighbor relationship between R2 and R4 using IPv6 addresses, and configure R2 to advertise the route 2001:db8:100:00 of AS100 to AS200. After completing this task, check route learning information. display bgp ipv6 routing-table BGP Local router ID is 10.4.4.4 *>
Network
: 2001:DB8:100::
NextHop MED
: 2001:DB8:24::2 : 0
Label
PrefixLen : 64 LocPrf PrefVal
:
: 0
:
Path/Ogn
: 100
i
display bgp ipv6 routing-table *>i
Network NextHop MED
PrefixLen : 64
: 2002:A06:606:46::4 : 0
Label Path/Ogn
2015-8-31
: 2001:DB8:100::
LocPrf refVal
: 100
: 0
: : 100
i
Huawei Confidential
Page 190 of 226
RIP Hands-on Exercise Guide
7.
Confidentiality Level
Import IS-ISv6 routes to BGP on R4 and R5. Ensure that all IPv6 networks that connect to AS100 and AS200 can communicate with each other. Run the import-route command on R4 and R5 to import IS-IS routes to BGP and enable communication between AS100 and AS200. Since BGP+ does not run on R6, R6 does not know the forwarding path of the data packets. It is recommended that you configure IS-IS on R4 to advertise default IPv6 routes. [R5]ping ipv6 -c 1 2001:db8:100::1 PING 2001:db8:100::1 : 56
data bytes, press CTRL_C to break
Reply from 2001:DB8:100::1 bytes=56 Sequence=1 hop limit=61
time = 60 ms
--- 2001:db8:100::1 ping statistics --1 packet(s) transmitted 1 packet(s) received 0.00% packet loss round-trip min/avg/max = 60/60/60 ms
8.
Configure users connected to GE0/0/1 of R7 to automatically obtain IPv6 addresses and DNS (R1) information in state auto configuration mode. In this example, R8 is used to simulate an IPv6 terminal. It is required that DHCP be deployed together with NDP state auto configuration. display dhcpv6 client GigabitEthernet0/0/0 is in stateful DHCPv6 client mode. State is BOUND. Preferred server DUID Reachable via address
: 0003000100E0FC2902A2 : FE80::2E0:FCFF:FE29:2A3
IA NA IA ID 0x00000031 T1 43200 T2 69120 Obtained Renews
: 2015-05-20 09:20:14 : 2015-05-20 21:20:14
Rebinds
: 2015-05-21 04:32:14
Address
: 2002:A07:707::100
Lifetime valid 172800 seconds, preferred 86400 seconds Expires at 2015-05-22 09:20:14(171706 seconds left)
2015-8-31
Huawei Confidential
Page 191 of 226
RIP Hands-on Exercise Guide DNS server
9.
Confidentiality Level
: 2001:DB8:100::1
Establish a 6to4 tunnel between R6 and R7. Ensure R7 can ping the IPv6 networks inside AS200. R2 and R4 communicate through a GRE tunnel, and R6 and R7 communicate through a 6to4 tunnel.
Configuration List display current-configuration # sysname R1 # ipv6 # router id 10.1.1.1 # ospfv3 1 router-id 10.1.1.1 # interface GigabitEthernet0/0/1 ipv6 enable ipv6 address 2001:DB8:100::1/64 ospfv3 1 area 0.0.0.0 # interface LoopBack0 ip address 10.1.1.1 255.255.255.255 # bgp 100 router-id 10.1.1.1 undo default ipv4-unicast peer 2001:DB8:100::2 as-number 100
2015-8-31
Huawei Confidential
Page 192 of 226
RIP Hands-on Exercise Guide
Confidentiality Level
peer 2001:DB8:100::3 as-number 100 # ipv4-family unicast undo synchronization # ipv6-family unicast undo synchronization peer 2001:DB8:100::2 enable peer 2001:DB8:100::3 enable # return
display current-configuration # sysname R2 # ipv6 # router id 10.2.2.2 # ospfv3 1 router-id 10.2.2.2 # interface GigabitEthernet0/0/0 ip address 192.168.24.2 255.255.255.0 # interface GigabitEthernet0/0/2 ipv6 enable ipv6 address 2001:DB8:100::2/64
2015-8-31
Huawei Confidential
Page 193 of 226
RIP Hands-on Exercise Guide
Confidentiality Level
ospfv3 1 area 0.0.0.0 # interface LoopBack0 ip address 10.2.2.2 255.255.255.255 # interface Tunnel0/0/0 ipv6 enable ipv6 address 2001:DB8:24::2/64 tunnel-protocol gre source 10.2.2.2 destination 10.4.4.4 # bgp 100 router-id 10.2.2.2 peer 2001:DB8:24::4 as-number 200 peer 2001:DB8:100::1 as-number 100 peer 2001:DB8:100::3 as-number 100 # ipv4-family unicast undo synchronization # ipv6-family unicast undo synchronization network 2001:DB8:100:: 64 peer 2001:DB8:24::4 enable peer 2001:DB8:100::1 enable peer 2001:DB8:100::1 default-route-advertise peer 2001:DB8:100::3 enable peer 2001:DB8:100::3 default-route-advertise
2015-8-31
Huawei Confidential
Page 194 of 226
RIP Hands-on Exercise Guide
Confidentiality Level
# ospf 1 area 0.0.0.0 network 10.2.2.2 0.0.0.0 network 192.168.24.0 0.0.0.255 # ipv6 route-static :: 0 NULL0 # return
display current-configuration # sysname R3 # ipv6 # router id 10.3.3.3 # ospfv3 1 router-id 10.3.3.3 # interface Serial4/0/0 link-protocol ppp ip address 192.168.35.3 255.255.255.0 # interface GigabitEthernet0/0/0 ipv6 enable ipv6 address 2001:DB8:100::3/64 ospfv3 1 area 0.0.0.0
2015-8-31
Huawei Confidential
Page 195 of 226
RIP Hands-on Exercise Guide
Confidentiality Level
# interface LoopBack0 ip address 10.3.3.3 255.255.255.255 # bgp 100 router-id 10.3.3.3 undo default ipv4-unicast peer 2001:DB8:100::1 as-number 100 peer 2001:DB8:100::2 as-number 100 # ipv4-family unicast undo synchronization # ipv6-family unicast undo synchronization peer 2001:DB8:100::1 enable peer 2001:DB8:100::2 enable # return
display current-configuration # sysname R4 # ipv6 # router id 10.4.4.4 # isis 1
2015-8-31
Huawei Confidential
Page 196 of 226
RIP Hands-on Exercise Guide
Confidentiality Level
is-level level-2 cost-style wide network-entity 49.0001.0000.0000.0004.00 # ipv6 enable topology standard ipv6 default-route-advertise always # firewall zone Local priority 15 # interface GigabitEthernet0/0/0 ip address 192.168.24.4 255.255.255.0 # interface GigabitEthernet0/0/1 ipv6 enable ipv6 address 2002:A06:606:46::4/64 isis ipv6 enable 1 # interface LoopBack0 ip address 10.4.4.4 255.255.255.255 # interface Tunnel0/0/0 ipv6 enable ipv6 address 2001:DB8:24::4/64 tunnel-protocol gre source 10.4.4.4 destination 10.2.2.2 # bgp 200
2015-8-31
Huawei Confidential
Page 197 of 226
RIP Hands-on Exercise Guide
Confidentiality Level
router-id 10.4.4.4 undo default ipv4-unicast peer 2001:DB8:24::2 as-number 100 peer 2002:A06:606:56::5 as-number 200 # ipv4-family unicast undo synchronization # ipv6-family unicast undo synchronization import-route isis 1 peer 2001:DB8:24::2 enable peer 2002:A06:606:56::5 enable peer 2002:A06:606:56::5 next-hop-local # ospf 1 area 0.0.0.0 network 10.4.4.4 0.0.0.0 network 192.168.24.0 0.0.0.255 # return
display current-configuration # sysname R5 # ipv6 # router id 10.5.5.5
2015-8-31
Huawei Confidential
Page 198 of 226
RIP Hands-on Exercise Guide
Confidentiality Level
# isis 1 is-level level-2 cost-style wide network-entity 49.0001.0000.0000.0005.00 # ipv6 enable topology standard # interface Serial4/0/0 link-protocol ppp ip address 192.168.35.5 255.255.255.0 # interface GigabitEthernet0/0/0 ipv6 enable ipv6 address 2002:A06:606:56::5/64 isis ipv6 enable 1 # interface LoopBack0 ip address 10.5.5.5 255.255.255.255 # bgp 200 router-id 10.5.5.5 undo default ipv4-unicast peer 2002:A06:606:46::4 as-number 200 # ipv4-family unicast undo synchronization # ipv6-family unicast
2015-8-31
Huawei Confidential
Page 199 of 226
RIP Hands-on Exercise Guide
Confidentiality Level
undo synchronization import-route isis 1 peer 2002:A06:606:46::4 enable # return
display current-configuration # sysname R6 # ipv6 # isis 1 is-level level-2 cost-style wide network-entity 49.0001.0000.0000.0006.00 # ipv6 enable topology standard # interface GigabitEthernet0/0/0 ipv6 enable ipv6 address 2002:A06:606:46::6/64 isis ipv6 enable 1 # interface GigabitEthernet0/0/1 ipv6 enable ipv6 address 2002:A06:606:56::6/64 isis ipv6 enable 1 #
2015-8-31
Huawei Confidential
Page 200 of 226
RIP Hands-on Exercise Guide
Confidentiality Level
interface GigabitEthernet0/0/2 ip address 192.168.67.6 255.255.255.0 isis enable 1 # interface LoopBack0 ip address 10.6.6.6 255.255.255.255 isis enable 1 # interface Tunnel0/0/0 ipv6 enable ipv6 address 2002:A06:606::6/64 tunnel-protocol ipv6-ipv4 6to4 source GigabitEthernet0/0/2 # ipv6 route-static 2001:DB8:700:: 64 2002:A07:707::7 ipv6 route-static 2002:: 16 Tunnel0/0/0 # return
display current-configuration # sysname R7 # ipv6 # dhcp enable # dhcpv6 pool HCIE address prefix 2002:A07:707::/64
2015-8-31
Huawei Confidential
Page 201 of 226
RIP Hands-on Exercise Guide
Confidentiality Level
dns-server 2001:DB8:100::1 # isis 1 cost-style wide is-level level-2 network-entity 49.0001.0000.0000.0007.00 # interface GigabitEthernet0/0/0 ip address 192.168.67.7 255.255.255.0 isis enable 1 # interface GigabitEthernet0/0/1 ipv6 enable ipv6 address 2002:A07:707::7/64 undo ipv6 nd ra halt ipv6 nd autoconfig other-flag dhcpv6 server HCIE # interface LoopBack0 ip address 10.7.7.7 255.255.255.255 isis enable 1 # interface Tunnel0/0/0 ipv6 enable ipv6 address 2002:A07:707:67::7/64 tunnel-protocol ipv6-ipv4 6to4 source LoopBack 0 # ipv6 route-static :: 0 2002:A06:606::6
2015-8-31
Huawei Confidential
Page 202 of 226
RIP Hands-on Exercise Guide
Confidentiality Level
ipv6 route-static 2002:: 16 Tunnel0/0/0 # return
display current-configuration # sysname PC # ipv6 # dns resolve # dhcp enable # interface GigabitEthernet0/0/0 ipv6 enable ipv6 address auto link-local ipv6 address auto dhcp # return
Chapter 13 Hands-on Exercise Guide to Other Features Overview MPLS The Multiprotocol Label Switching (MPLS) protocol can be used to deploy an IP network with low cost. Similar to ATM technology, MPLS uses labels to implement fast packet forwarding. BGP/MPLS VPN is a technique that implements VPN on MPLS networks by using the MP-BGP protocol. On a BGP/MPLS VPN, network devices are classified into Provider Edge (PE), Provider (P), and Customer Edge (CE). P devices are internally located on the Service Provider's (SP) network and only run IGP and MPLS. PE devices are the edge devices on the SP's network, and connect to the CE. PE devices run MP-BGP, and VPN instances for users are configured on PE devices. In addition, PE devices need to run IGP and MPLS. CE devices are the edge devices connected to customer devices. They connect 2015-8-31
Huawei Confidential
Page 203 of 226
RIP Hands-on Exercise Guide
Confidentiality Level
customer devices to PE devices. The only requirement on CE devices is that the CE devices must be able to communicate with PE devices. The BGP protocol can maintain only a single routing table, so it cannot serve the customers with overlapping addresses or separate data of different users. To address this problem, MP-BGP is used on the BGP/MPLS VPN. MP-BGP uses VPNv4 address family to differentiate the network-layer protocols of different customers and uses VPN instances to separate the routes and traffic of different customers. SNMP To cope with fast growing network services, a large number of network devices need to be deployed. In most situations, there is a long distance between these network devices and the center equipment room where the network administrator stays. It is very difficult for a network administrator to detect, locate and rectify the fault in real time if the devices do not report the fault. This lowers maintenance efficiency and increases maintenance workload. Simple Network Management Protocol (SNMP) is introduced to address this problem. Based on the concept of "network manages network", SNMP effectively manages network devices in batches. In addition, by using the SNMP protocol, the network management system can manage the devices of different vendors. BFD A network device must be able to detect a communication fault between adjacent devices quickly so that the network administrator can rectify the fault and prevent service interruption. In practice, hardware detection is used to detect link faults. For example, Synchronous Digital Hierarchy (SDH) alarms are used to report link faults. However, not all media can provide the hardware detection mechanism. Applications use the Hello mechanism of the upper-layer protocol to detect faults. The detection duration is more than 1 second, which is intolerable for some applications. If no routing protocols are deployed on a small-scale Layer 3 network, the Hello mechanism cannot be used. Bidirectional Forwarding Detection (BFD) provides a fast fault detection mechanism that is independent of media and protocols. NTP As network topologies become increasingly complex, clock synchronization becomes more important for devices on the entire network. If a system clock is manually modified by network administrators, the workload is heavy and the modification is error-prone, which affects clock precision. The Network Time Protocol (NTP) is formulated for clock synchronization between devices on a network. NTP is an application-layer protocol in the TCP/IP protocol suite. It synchronizes time among a set of distributed time servers and clients. NTP is implemented based on IP and UDP, and transmits data through UDP. The port number of NTP is 123. NQA Network Quality Analysis (NQA) is located at the link layer, and covers the network, transport, and application layers. It is independent of the bottom-layer hardware. NQA monitors network quality indicators in real time, and effectively diagnoses and locates network faults. QoS On traditional IP networks, each network device handles all packets in an undifferentiated manner and follows the First In First Out (FIFO) rule to transmit packets. The devices try their best to transmit packets to the destination (Best-Effort). This Best-Effort mode, however, does not ensure performance such as delay and reliability. Along with the emergence of new applications on IP networks, new requirements are raised for the Quality of Service (QoS) of IP networks. For example, voice over IP (VoIP) and video services are delay-sensitive. A long delay in packet transmission is intolerable by customers (for which email and FTP services are considered delay-insensitive). To support different services such 2015-8-31
Huawei Confidential
Page 204 of 226
RIP Hands-on Exercise Guide
Confidentiality Level
as voice, video, and data services, the network is required to distinguish different service types before providing corresponding QoS. The Best-Effort mode cannot distinguish between different service types on the network, and so it cannot provide differentiated QoS. The Best-Effort mode therefore cannot meet the requirements of applications. QoS is introduced to address this problem. QoS can control network traffic, avoid and manage network congestion, and reduce packet loss. In addition, QoS provides dedicated bandwidth for specific users and differentiated quality for different services.
Objectives Upon completion of this exercise guide, you will be able to: Explain what BGP MPLS VPN is. Configure LDP. Configure MP-BGP. Configure SNMP. Configure BFD. Configure QoS. Configure NQA. Configure NTP.
Tasks The following topology shows the network of Company A. Deploy the network according to the following requirements: (1) Run OSPF and LDP on AR1, AR2, and AR3. Configure area 0 between AR1 and AR2, and area 2 between AR2 and AR3. To reduce the number of routing entries in area 0, configure OSPF route aggregation on AR2 to summarize R3’s loopback address. (2) A backup router AR4 has been added to the SP's network. The links between AR1 and AR4, between AR3 and AR4 are low-speed links, and run IS-IS. Ensure that the traffic is preferentially transmitted through AR1-AR2-AR3 and uses AR1-AR4-AR3 as the backup link. (3) Connect the customer devices AR5 and AR6 to the SP's network as VPN1 to implement mutual access, and configure static routes between the CE and PE devices. (4) With the growth of services, the customer leases lines from other SPs. The customer prefers MPLS VPN. If the link between AR1 and AR6 or between AR3 and AR5 fails, ensure that the traffic can be switched to the link between R5 and R6. Static routes are still used on the customer's network. (5) With the further growth of company's services, the CE devices on the headquarters network need to be dual homed to PE devices and run BGP. Tear down the original backup link. Ensure that the traffic is preferentially transmitted through AR6-AR1-AR3-AR5, and uses AR6-AR4-AR3-AR5 as the backup path. Configure only on router AR6. Static routes are still used between AR3 and AR5. (6) Add a new NMS to the VPN and ensure the connectivity between the NMS and other network devices. Configure LSW3 in the NMS as the NTP server and other devices as NTP clients; LSW2 use network 11.1.5.0/24 to connect to PE. (7) Run SNMPv2 on network devices; public as RO community, private as RW community. (8) Configure NQA on the link between AR5 and AR6. Ensure that AR5 and AR6 can send traps to the NMS server when three consecutive ICMP packets are dropped. The address of NMS is 11.1.5.254. (9) Configure traffic classifiers on AR6’s interface Ge0/0/1, Mark traffic of http/telnet as DSCP AF41 and set the CAR for other traffic. Ensure the bandwidth of other traffic under 2M. 2015-8-31
Huawei Confidential
Page 205 of 226
RIP Hands-on Exercise Guide
Confidentiality Level
Topology
IP Address Table Device
R1
R2
R3
R4
R5
R6
2015-8-31
Default
Interface
IP Address
Subnet Mask
G 0/0/0
10.1.1.1
255.255.255.0
N/A
G 0/0/2
11.1.1.1
255.255.255.0
N/A
S 1/0/1
10.2.1.1
255.255.255.0
N/A
Loopback 0
1.1.1.1
255.255.255.255
N/A
G 0/0/0
10.1.1.2
255.255.255.0
N/A
G 0/0/1
10.1.2.1
255.255.255.0
N/A
Loopback 0
2.2.2.2
255.255.255.255
N/A
G 0/0/1
10.1.2.2
255.255.255.0
N/A
G 0/0/2
11.1.2.1
255.255.255.0
N/A
S 1/0/1
10.2.2.2
255.255.255.0
N/A
Loopback 0
3.3.3.3
255.255.255.255
N/A
S 1/0/0
10.2.1.2
255.255.255.0
N/A
S 1/0/1
10.2.2.1
255.255.255.0
N/A
Loopback 0
4.4.4.4
255.255.255.255
N/A
G 0/0/0
11.1.2.2
255.255.255.0
N/A
Loopback 0
5.5.5.5
255.255.255.255
N/A
G 0/0/0
11.1.1.2
255.255.255.0
N/A
G 0/0/1
11.1.3.1
255.255.255.0
N/A
Huawei Confidential
Gateway
Page 206 of 226
RIP Hands-on Exercise Guide
Confidentiality Level
Loopback 0
6.6.6.6
255.255.255.255
N/A
Configuration and Verification 1.
Run OSPF and LDP on AR1, AR2, and AR3. Configure area 0 between AR1 and AR2, and area 2 between AR2 and AR3. To reduce the number of routing entries in area 0, configure OSPF route aggregation on AR2 to summarize R3’s loopback address. The Loopback interface address of AR3 is in the routing table on AR1, but does not use the 32-bit mask. Therefore, LDP cannot distribute labels. Add static routes. [R1]display ip routing-table Destination/Mask Proto 1.1.1.1/32
Direct
2.2.2.2/32
Pre
Cost
Flags NextHop
Interface
0
0
D
127.0.0.1
LoopBack0
OSPF
10
1
D
10.1.1.2
GigabitEthernet0/0/0
3.3.3.0/24
OSPF
10
2
D
10.1.1.2
GigabitEthernet0/0/0
3.3.3.3/32
Static
60
0
RD
10.1.1.2
GigabitEthernet0/0/0
10.1.1.0/24
Direct
0
0
D
10.1.1.1
GigabitEthernet0/0/0
10.1.1.1/32
Direct
0
0
D
127.0.0.
GigabitEthernet0/0/0
10.1.1.255/32
Direct
0
0
D
127.0.0.1
GigabitEthernet0/0/0
10
2
D
10.1.1.2
10.1.2.0/24
OSPF
GigabitEthernet0/0/0
…… [R1]display mpls lsp ------------------------------------------------------------------------------LSP Information: LDP LSP ------------------------------------------------------------------------------FEC
2.
In/Out Label
In/Out IF
1.1.1.1/32
3/NULL
-/-
2.2.2.2/32
NULL/3
-/GE0/0/0
2.2.2.2/32
1024/3
-/GE0/0/0
3.3.3.3/32
NULL/1025
-/GE0/0/0
3.3.3.3/32
1025/1025
-/GE0/0/0
Vrf Name
A backup router AR4 has been added to the SP's network. The links between 2015-8-31
Huawei Confidential
Page 207 of 226
RIP Hands-on Exercise Guide
Confidentiality Level
AR1 and AR4, between AR3 and AR4 are low-speed links, and run IS-IS. Ensure that the traffic is preferentially transmitted through AR1-AR2-AR3 and uses AR1-AR4-AR3 as the backup link. The static routes are configured for the path AR1-AR2-AR3 and IS-IS is configured on the path AR1-AR4-AR3. IS-IS advertises the specific routes. IS-IS has a higher priority than static routes and so traffic is transmitted to AR4. To meet the task requirements, change the priority of static routes to be lower than the IS-IS priority. dis isis peer Peer information for ISIS(1) System Id
Interface
Circuit Id
State HoldTime Type
PRI
------------------------------------------------------------------------------0000.0000.0001
S1/0/0
0000000002
Up
24s
L2
--
0000.0000.0003
S1/0/1
0000000001
Up
26s
L2
--
Total Peer(s): 2
3.
Connect the customer devices AR5 and AR6 to the SP's network as VPN1 to implement mutual access, and configure static routes between the CE and PE devices. After configuration, we can see the route information of VPN1, and CE routers can ping each other. display ip routing-table vpn-instance VPN1 Routing Tables: VPN1 Destination/Mask
Proto
Pre
Cost
Flags NextHop
Interface
5.5.5.5/32
Static
60
0
RD
11.1.2.2
6.6.6.6/32
IBGP
255
0
RD
1.1.1.1
GigabitEthernet0/0/1
11.1.1.0/24
IBGP
255
0
RD
1.1.1.1
GigabitEthernet0/0/1
11.1.2.0/24
Direct
0
0
D
11.1.2.1
11.1.3.0/24
IBGP
255
0
RD
1.1.1.1
255.255.255.255/32
Direct
0
0
D
127.0.0.1
GigabitEthernet0/0/2
GigabitEthernet0/0/2 GigabitEthernet0/0/1 InLoopBack0
[R5]ping -a 5.5.5.5 6.6.6.6 PING 6.6.6.6: 56
data bytes, press CTRL_C to break
Reply from 6.6.6.6: bytes=56 Sequence=1 ttl=252 time=30 ms
2015-8-31
Huawei Confidential
Page 208 of 226
RIP Hands-on Exercise Guide
Confidentiality Level
Reply from 6.6.6.6: bytes=56 Sequence=2 ttl=252 time=30 ms Reply from 6.6.6.6: bytes=56 Sequence=3 ttl=252 time=30 ms Reply from 6.6.6.6: bytes=56 Sequence=4 ttl=252 time=30 ms Reply from 6.6.6.6: bytes=56 Sequence=5 ttl=252 time=40 ms --- 6.6.6.6 ping statistics --5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 30/32/40 ms
4.
With the growth of services, the customer leases lines from other SPs. The customer prefers MPLS VPN. If the link between AR1 and AR6 or between AR3 and AR5 fails, ensure that the traffic can be switched to the link between R5 and R6. Static routes are still used on the customer's network.
Configure a static route on the backup link between R5 and R6 and reduce the priority of the static route. Create a BFD session between the ISP interfaces of R5 and R6 and associate the BFD session with the static route. When the BFD session is down, the static route should be deleted.R5 and R6 use 11.2.1.x/24 to connect together. [R5]display bfd session all -------------------------------------------------------------------------------Local Remote
PeerIpAddr
State
Type
InterfaceName
--------------------------------------------------------------------------------
2015-8-31
Huawei Confidential
Page 209 of 226
RIP Hands-on Exercise Guide 8192
8192
11.1.1.2
Confidentiality Level Up
S_AUTO_PEER
-
-------------------------------------------------------------------------------Total UP/DOWN Session Number : 1/0
5.
With the further growth of company's services, the CE devices on the headquarters network need to be dual homed to PE devices and run BGP. Tear down the original backup link. Ensure that the traffic is preferentially transmitted through AR6-AR1-AR3-AR5, and uses AR6-AR4-AR3-AR5 as the backup path. Configure only on router AR6.Static routes are still used between AR3 and AR5.
Add R4 to MPLS VPN. Set up an MP-IBGP peer relationship between R4 and R3.Establish BGP connection between R6 and PEs. Use network address 11.1.4.0/24 between R4 and R6, the Headquarter use AS number as 65001. [R6]display bgp routing-table Network *>
5.5.5.5/32
*
NextHop
MED
LocPrf
11.1.1.1
PrefVal Path/Ogn
200
11.1.4.1
0 0
100? 100?
*>
6.6.6.6/32
0.0.0.0
0
0
i
*>
11.1.1.0/24
0.0.0.0
0
0
i
*>
11.1.2.0/24
11.1.1.1
0
100?
* *>
200
11.1.4.1 11.1.3.0/24
2015-8-31
0.0.0.0
0 0
Huawei Confidential
100? 0
i
Page 210 of 226
RIP Hands-on Exercise Guide *>
11.1.4.0/24
Confidentiality Level
0.0.0.0
0
0
i
display bgp vpnv4 vpn-instance VPN1 routing-table VPN-Instance VPN1, Router ID 10.1.2.2: Total Number of Routes: 11 Network
NextHop
LocPrf
PrefVal Path/Ogn
*>
5.5.5.5/32
0.0.0.0
0
*>i
6.6.6.6/32
1.1.1.1
0
100
0
65001i
4.4.4.4
200
100
0
65001i
1.1.1.1
0
100
0
65001i
4.4.4.4
200
100
0
65001i
* i *>i
11.1.1.0/24
* i
0
?
*>
11.1.2.0/24
0.0.0.0
0
0
?
*>
11.1.2.1/32
0.0.0.0
0
0
?
*>i
11.1.3.0/24
1.1.1.1
0
100
0
65001i
4.4.4.4
200
100
0
65001i
1.1.1.1
0
100
0
65001i
4.4.4.4
200
100
0
65001i
* i *>i
11.1.4.0/24
* i
6.
MED
Add a new NMS to the VPN and ensure the connectivity between the NMS and other network devices. Configure LSW3 in the NMS as the NTP server and other devices as NTP clients. LSW2 use network 11.1.5.0/24 to connect to PE. Add SW2 to the VPN and configure NTP. [R5]display ntp-service status clock status: synchronized clock stratum: 3 reference clock ID: 11.1.5.2 nominal frequency: 100.0000 Hz actual frequency: 100.0000 Hz clock precision: 2^16 clock offset: -28799419.5995 ms
2015-8-31
Huawei Confidential
Page 211 of 226
RIP Hands-on Exercise Guide
Confidentiality Level
root delay: 109.89 ms root dispersion: 0.77 ms peer dispersion: 0.24 ms reference time: 15:52:20.935 UTC May 18 2015(D9048934.EF648C71)
7.
Run SNMPv2 on network devices. Use string ‘public’ as RO community, “private” as RW community. Configure SNMP on the routers inside VPN1.
8.
Configure NQA on the link between AR5 and AR6. Ensure that AR5 and AR6 can send traps to the NMS server when three consecutive ICMP packets are dropped. The address of NMS is 11.1.5.254. Configure NQA. Configure appropriate NQA test instances. [R6]dis nqa results NQA entry(admin, R5R6) :testflag is active ,testtype is icmp 1 . Test 5 result
The test is finished
Send operation times: 2
Receive response times: 2
Completion:no result
RTD OverThresholds number: 0
Attempts number:1
Drop operation number:0
Disconnect operation number:0
Operation timeout number:0
System busy operation number:0
Connection fail number:0
Operation sequence errors number:0
RTT Status errors number:0
Destination ip address:5.5.5.5 Min/Max/Average Completion Time: 20/30/25 Sum/Square-Sum
Completion Time: 50/1300
Last Good Probe Time: 2015-05-18 16:58:57.4 Lost packet ratio: 0 %
9.
Configure traffic classifiers on AR6‘s interface Ge0/0/1, Mark traffic of http/telnet as DSCP AF41 and set the CAR for other traffic. Ensure the bandwidth of other traffic under 2M. Configure class-based QoS.
2015-8-31
Huawei Confidential
Page 212 of 226
RIP Hands-on Exercise Guide
Confidentiality Level
Questions To implement step 2, which methods can be used? Why?
Configuration List display current-configuration # sysname R1 # ip vpn-instance VPN1 ipv4-family route-distinguisher 100:1 vpn-target 100:1 export-extcommunity vpn-target 100:1 import-extcommunity # mpls lsr-id 1.1.1.1 mpls # mpls ldp # isis 1 is-level level-2 network-entity 47.0001.0000.0000.0001.00 # interface Serial1/0/1 link-protocol ppp ip address 10.2.1.1 255.255.255.0 isis enable 1 mpls mpls ldp
2015-8-31
Huawei Confidential
Page 213 of 226
RIP Hands-on Exercise Guide
Confidentiality Level
# interface GigabitEthernet0/0/0 ip address 10.1.1.1 255.255.255.0 mpls mpls ldp # interface GigabitEthernet0/0/1 ip binding vpn-instance VPN1 ip address 11.1.5.1 255.255.255.0 trust dscp # interface GigabitEthernet0/0/2 ip binding vpn-instance VPN1 ip address 11.1.1.1 255.255.255.0 trust dscp # interface LoopBack0 ip address 1.1.1.1 255.255.255.255 isis enable 1 # bgp 100 peer 3.3.3.3 as-number 100 peer 3.3.3.3 connect-interface LoopBack0 # ipv4-family unicast undo synchronization undo peer 3.3.3.3 enable # ipv4-family vpnv4
2015-8-31
Huawei Confidential
Page 214 of 226
RIP Hands-on Exercise Guide
Confidentiality Level
policy vpn-target peer 3.3.3.3 enable # ipv4-family vpn-instance VPN1 import-route direct peer 11.1.1.2 as-number 65001 # ospf 1 area 0.0.0.0 network 1.1.1.1 0.0.0.0 network 10.1.1.0 0.0.0.255 # ip route-static 3.3.3.3 255.255.255.255 10.1.1.2 preference 14 # return
display current-configuration # sysname R2 # mpls lsr-id 2.2.2.2 mpls # mpls ldp # interface GigabitEthernet0/0/0 ip address 10.1.1.2 255.255.255.0 mpls mpls ldp
2015-8-31
Huawei Confidential
Page 215 of 226
RIP Hands-on Exercise Guide
Confidentiality Level
# interface GigabitEthernet0/0/1 ip address 10.1.2.1 255.255.255.0 mpls mpls ldp # interface LoopBack0 ip address 2.2.2.2 255.255.255.255 # ospf 1 area 0.0.0.0 network 2.2.2.2 0.0.0.0 network 10.1.1.0 0.0.0.255 area 0.0.0.1 abr-summary 3.3.3.0 255.255.255.0 network 10.1.2.0 0.0.0.255 # return
display current-configuration # sysname R3 # ip vpn-instance VPN1 ipv4-family route-distinguisher 100:1 vpn-target 100:1 export-extcommunity vpn-target 100:1 import-extcommunity #
2015-8-31
Huawei Confidential
Page 216 of 226
RIP Hands-on Exercise Guide
Confidentiality Level
mpls lsr-id 3.3.3.3 mpls # mpls ldp # isis 1 is-level level-2 network-entity 47.0001.0000.0000.0003.00 # interface Serial1/0/1 link-protocol ppp ip address 10.2.2.2 255.255.255.0 isis enable 1 mpls mpls ldp # interface GigabitEthernet0/0/1 ip address 10.1.2.2 255.255.255.0 mpls mpls ldp # interface GigabitEthernet0/0/2 ip binding vpn-instance VPN1 ip address 11.1.2.1 255.255.255.0 # interface LoopBack0 ip address 3.3.3.3 255.255.255.255 isis enable 1 #
2015-8-31
Huawei Confidential
Page 217 of 226
RIP Hands-on Exercise Guide
Confidentiality Level
bgp 100 peer 1.1.1.1 as-number 100 peer 1.1.1.1 connect-interface LoopBack0 peer 4.4.4.4 as-number 100 peer 4.4.4.4 connect-interface LoopBack0 # ipv4-family unicast undo synchronization undo peer 1.1.1.1 enable undo peer 4.4.4.4 enable # ipv4-family vpnv4 policy vpn-target peer 1.1.1.1 enable peer 4.4.4.4 enable # ipv4-family vpn-instance VPN1 import-route direct import-route static # ospf 1 area 0.0.0.1 network 3.3.3.3 0.0.0.0 network 10.1.2.0 0.0.0.255 # ip route-static vpn-instance VPN1 5.5.5.5 255.255.255.255 11.1.2.2 # return
2015-8-31
Huawei Confidential
Page 218 of 226
RIP Hands-on Exercise Guide
Confidentiality Level
display current-configuration # sysname R4 # ip vpn-instance VPN1 ipv4-family route-distinguisher 100:1 vpn-target 100:1 export-extcommunity vpn-target 100:1 import-extcommunity # mpls lsr-id 4.4.4.4 mpls # mpls ldp # isis 1 is-level level-2 network-entity 47.0001.0000.0000.0004.00 # interface Serial1/0/0 link-protocol ppp ip address 10.2.1.4 255.255.255.0 isis enable 1 mpls mpls ldp # interface Serial1/0/1 link-protocol ppp ip address 10.2.2.1 255.255.255.0
2015-8-31
Huawei Confidential
Page 219 of 226
RIP Hands-on Exercise Guide
Confidentiality Level
isis enable 1 mpls mpls ldp # interface GigabitEthernet0/0/1 ip binding vpn-instance VPN1 ip address 11.1.4.1 255.255.255.0 trust dscp # interface LoopBack0 ip address 4.4.4.4 255.255.255.255 isis enable 1 # bgp 100 peer 3.3.3.3 as-number 100 peer 3.3.3.3 connect-interface LoopBack0 # ipv4-family unicast undo synchronization undo peer 3.3.3.3 enable # ipv4-family vpnv4 policy vpn-target peer 3.3.3.3 enable # ipv4-family vpn-instance VPN1 peer 11.1.4.2 as-number 65001 # return
2015-8-31
Huawei Confidential
Page 220 of 226
RIP Hands-on Exercise Guide
display
Confidentiality Level
current-configuration
# sysname R5 # snmp-agent local-engineid 800007DB03000000000000 snmp-agent community read %$%$myajH5!e}TA{{B(PGDg',.Vy%$%$ snmp-agent community write %$%$1\z;+o/>^)PB+`/Y\,\,,.Vy%$%$ snmp-agent sys-info version v2c snmp-agent # ntp-service unicast-server 11.1.5.2 # interface GigabitEthernet0/0/0 ip address 11.1.2.2 255.255.255.0 # interface LoopBack0 ip address 5.5.5.5 255.255.255.255 # ip route-static 0.0.0.0 0.0.0.0 11.1.2.1 # return
display current-configuration # sysname R6 # snmp-agent local-engineid 800007DB03000000000000 snmp-agent community read %$%$y>=d@L0sHJu!w)XjJSO>,"/t%$%$
2015-8-31
Huawei Confidential
Page 221 of 226
RIP Hands-on Exercise Guide
Confidentiality Level
snmp-agent community write %$%$Y~~T6i`k&K\A0=RU0U7A,"/t%$%$ snmp-agent sys-info version v2c snmp-agent target-host trap-hostname NMS address 11.1.5.254 udp-port 162 trap-pa ramsname TRAPWORD snmp-agent target-host trap-paramsname TRAPWORD v2c securityname Huawei snmp-agent trap enable snmp-agent # ntp-service unicast-server 11.1.5.2 # acl number 3001 rule 10 permit tcp source-port eq www destination-port eq www rule 20 permit tcp destination-port eq www rule 30 permit tcp source-port eq telnet rule 40 permit tcp destination-port eq telnet # traffic classifier httptelnet operator or if-match acl 3001 traffic classifier OTHER operator or if-match any # traffic behavior httptelnet remark dscp af41 traffic behavior OTHER car cir 2000 cbs 376000 pbs 626000 green pass yellow pass red discard # traffic policy POL6 classifier httptelnet behavior httptelnet #
2015-8-31
Huawei Confidential
Page 222 of 226
RIP Hands-on Exercise Guide
Confidentiality Level
interface GigabitEthernet0/0/0 ip address 11.1.1.2 255.255.255.0 # interface GigabitEthernet0/0/1 ip address 11.1.3.1 255.255.255.0 traffic-policy POL6 inbound # interface GigabitEthernet0/0/2 ip address 11.1.4.2 255.255.255.0 # interface LoopBack0 ip address 6.6.6.6 255.255.255.255 # bgp 65001 peer 11.1.1.1 as-number 100 peer 11.1.4.1 as-number 100 # ipv4-family unicast undo synchronization network 6.6.6.6 255.255.255.255 network 11.1.1.0 255.255.255.0 network 11.1.3.0 255.255.255.0 network 11.1.4.0 255.255.255.0 peer 11.1.1.1 enable peer 11.1.1.1 route-policy setpref import peer 11.1.4.1 enable peer 11.1.4.1 route-policy setmet export # route-policy setpref permit node 10
2015-8-31
Huawei Confidential
Page 223 of 226
RIP Hands-on Exercise Guide
Confidentiality Level
apply local-preference 200 # route-policy setmet permit node 10 apply cost 200 # nqa test-instance admin R5R6 test-type icmp destination-address ipv4 5.5.5.5 test-failtimes 3 send-trap testfailure frequency 5 timeout 1 start now # return
display current-configuration # sysname LSW1 # ntp-service unicast-server 11.1.5.2 # interface Vlanif1 ip address 11.1.3.2 255.255.255.0 # ip route-static 0.0.0.0 0.0.0.0 11.1.3.1 # snmp-agent snmp-agent local-engineid 800007DB034C1FCC8032F5
2015-8-31
Huawei Confidential
Page 224 of 226
RIP Hands-on Exercise Guide snmp-agent community read snmp-agent community write
Confidentiality Level
public private
snmp-agent sys-info version v2c v3 # return
display current-configuration # sysname SW2 # ntp-service refclock-master 2 # interface Vlanif1 ip address 11.1.5.2 255.255.255.0 # interface MEth0/0/1 # interface Ethernet0/0/1 port link-type access # ip route-static 0.0.0.0 0.0.0.0 11.1.5.1 # snmp-agent snmp-agent local-engineid 800007DB034C1FCCF266EE snmp-agent community read snmp-agent community write
public private
snmp-agent sys-info version v2c v3 # return
2015-8-31
Huawei Confidential
Page 225 of 226
RIP Hands-on Exercise Guide
2015-8-31
Huawei Confidential
Confidentiality Level
Page 226 of 226
View more...
Comments
