首页 > 其他分享 >H3C OSPF+NAT+DHCP+PPP综合实验

H3C OSPF+NAT+DHCP+PPP综合实验

时间:2024-02-19 14:04:29浏览次数:18  
标签:H3C enable level PPP role NAT interface link port

H3C OSPF+NAT+DHCP+PPP综合实验

实验拓扑

image

实验需求

1.按照图示配置 IP 地址

2.SW1 和 SW2 之间的直连链路配置链路聚合

3.公司内部业务网段为 Vlan10 和 Vlan20;Vlan10 是市场部,Vlan20 是技术部,要求对 Vlan 进行命名以便识别;PC1属于Vlan10,PC2属于Vlan20,Vlan30用于SW1和SW2建立OSPF邻居;Vlan111 为 SW1和 R1的互联 Vlan,Vlan222 为 SW2 和 R2 的互联 Vlan

4.所有交换机相连的端口配置为 Trunk,允许相关流量通过

5.交换机连接 PC 的端口配置为边缘端口

6.在 SW1 上配置 DHCP 服务,为 Vlan10 和 Van20 的 PC 动态分配 IP 地址、网关和 DNS 地址;要求Vlan10的网关是192.168.1.252​​,Vlan20 的网关是​192.168.2.253​​

7.按图示分区域配置 OSPF 实现公司内部网络全网互通,ABR 的环回口宣告进骨干区域;业务网段不允许出现协议报文

8.R1上配置默认路由指向互联网,并引入到 OSPF

9.R1 通过双线连接到互联网,配置 PPP-MP,并配置双向 chap 验证

10.配置 EASYIP,只有业务网段192.168.1.0/24​和192.168.2.0/24​的数据流可以通过 R1 访问互联网

11.R1 开启 TELNET 远程管理,使用用户abc​登录,密码abc​ ,只允许技术部远程管理 R1

实验步骤

设备IP地址配置

R1 IP配置

#
interface MP-group1
 ip address 202.100.1.2 255.255.255.252
#
interface LoopBack0
 ip address 10.1.1.1 255.255.255.255
#
interface GigabitEthernet0/0
 ip address 10.0.0.5 255.255.255.252
#
interface GigabitEthernet0/1
 ip address 10.0.0.1 255.255.255.252
#
interface GigabitEthernet0/2
 ip address 10.0.0.14 255.255.255.252

R2 IP配置

#
interface LoopBack0
 ip address 10.1.1.2 255.255.255.255
#
interface GigabitEthernet0/0
 ip address 10.0.0.9 255.255.255.252
#
interface GigabitEthernet0/1
 ip address 10.0.0.2 255.255.255.252
#
interface GigabitEthernet0/2
 ip address 10.0.0.18 255.255.255.252

R3 IP配置

#
interface LoopBack0
 ip address 10.1.1.3 255.255.255.255
#
interface GigabitEthernet0/0
 ip address 10.0.0.13 255.255.255.252
#
interface GigabitEthernet0/1
 ip address 192.168.3.254 255.255.255.0
#
interface GigabitEthernet0/2
 ip address 10.0.0.17 255.255.255.252

SW1 IP配置

#
vlan 10
 description 市场部
#
vlan 20
 description 技术部
#
vlan 30
 description OSPF邻居VLAN
#
vlan 111
 description SW1和R1的互联VLAN
#
interface LoopBack0
 ip address 10.1.1.11 255.255.255.255
#
interface Vlan-interface10
 ip address 192.168.1.252 255.255.255.0
#
interface Vlan-interface20
 ip address 192.168.2.252 255.255.255.0
#
interface Vlan-interface30
 ip address 10.1.2.1 255.255.255.252
#
interface Vlan-interface111
 ip address 10.0.0.6 255.255.255.252

SW2 IP配置

#
vlan 10
 description 市场部
#
vlan 20
 description 技术部
#
vlan 30
 description OSPF邻居VLAN
#
vlan 222
 description SW2和R2的互联VLAN
#
interface LoopBack0
 ip address 10.1.1.12 255.255.255.255
#
interface Vlan-interface10
 ip address 192.168.1.253 255.255.255.0
#
interface Vlan-interface20
 ip address 192.168.2.253 255.255.255.0
#
interface Vlan-interface30
 ip address 10.1.2.2 255.255.255.252
#
interface Vlan-interface222
 ip address 10.0.0.10 255.255.255.252

Internet IP配置

#
interface MP-group1
 ip address 202.100.1.1 255.255.255.252
#
interface LoopBack0
 ip address 100.1.1.1 255.255.255.255

PC3 IP配置

image

业务网段配置

SW1作为DHCP服务器

依据需求配置:在 SW1 上配置 DHCP 服务,为 Vlan10 和 Van20 的 PC 动态分配 IP 地址、网关和 DNS 地址;要求Vlan10的网关是192.168.1.252​,Vlan20 的网关是192.168.2.253

#
dhcp server ip-pool 1
 gateway-list 192.168.1.252
 network 192.168.1.0 mask 255.255.255.0
 dns-list 202.101.224.69 202.101.224.68
#
dhcp server ip-pool 2
 gateway-list 192.168.2.253
 network 192.168.2.0 mask 255.255.255.0
 dns-list 202.101.224.69 202.101.224.68

SW1 和 SW2 之间的直连链路配置链路聚合

依据需求配置:SW1 和 SW2 之间的直连链路配置链路聚合

SW1配置链路聚合
#
interface Bridge-Aggregation1
#
interface GigabitEthernet1/0/1
 port link-aggregation group 1
#
interface GigabitEthernet1/0/2
 port link-aggregation group 1
SW2配置链路聚合
#
interface Bridge-Aggregation1
#
interface GigabitEthernet1/0/1
 port link-aggregation group 1
#
interface GigabitEthernet1/0/2
 port link-aggregation group 1

所有交换机互联端口放行对应VLAN

依据需求配置:所有交换机相连的端口配置为 Trunk,允许相关流量通过

SW1 端口配置
#
interface Bridge-Aggregation1
 port link-type trunk
 undo port trunk permit vlan 1
 port trunk permit vlan 10 20 30
#
interface GigabitEthernet1/0/3
 port link-type trunk
 undo port trunk permit vlan 1
 port trunk permit vlan 10 20
#
interface GigabitEthernet1/0/4
 port access vlan 111
SW2 端口配置
#
interface Bridge-Aggregation1
 port link-type trunk
 undo port trunk permit vlan 1
 port trunk permit vlan 10 20 30
#
interface GigabitEthernet1/0/3
 port link-type trunk
 undo port trunk permit vlan 1
 port trunk permit vlan 10 20
#
interface GigabitEthernet1/0/4
 port access vlan 222
SW3端口配置
#
interface GigabitEthernet1/0/1
 port link-type trunk
 undo port trunk permit vlan 1
 port trunk permit vlan 10 20
#
interface GigabitEthernet1/0/2
 port link-type trunk
 undo port trunk permit vlan 1
 port trunk permit vlan 10 20
#          
interface GigabitEthernet1/0/3
 port access vlan 10
#
interface GigabitEthernet1/0/4
 port access vlan 20

边缘端口配置

依据需求配置:交换机连接 PC 的端口配置为边缘端口

#          
interface GigabitEthernet1/0/3
 stp edged-port
#
interface GigabitEthernet1/0/4
 stp edged-port

PC1和PC2自动获取IP地址

PC1获取的IP地址

image

PC2获取的IP地址

image

骨干区域配置

依据需求配置:按图示分区域配置 OSPF 实现公司内部网络全网互通,ABR 的环回口宣告进骨干区域

R1 OSPF配置

#
ospf 1 router-id 10.1.1.1
 area 0.0.0.0
  network 10.0.0.1 0.0.0.0
  network 10.0.0.14 0.0.0.0
  network 10.1.1.1 0.0.0.0
 area 0.0.0.1
  network 10.0.0.5 0.0.0.0

R2 OSPF配置

#
ospf 1 router-id 10.1.1.2
 area 0.0.0.0
  network 10.0.0.2 0.0.0.0
  network 10.0.0.18 0.0.0.0
  network 10.1.1.2 0.0.0.0
 area 0.0.0.1
  network 10.0.0.9 0.0.0.0

R3 OSPF配置

#
ospf 1 router-id 10.1.1.3
 area 0.0.0.0
  network 10.0.0.13 0.0.0.0
  network 10.0.0.17 0.0.0.0
  network 10.1.1.3 0.0.0.0
  network 192.168.3.0 0.0.0.255

SW1 OSPF配置

#
ospf 1 router-id 10.1.1.11
 area 0.0.0.1
  network 10.0.0.6 0.0.0.0
  network 10.1.1.11 0.0.0.0
  network 10.1.2.1 0.0.0.0
  network 192.168.1.0 0.0.0.255
  network 192.168.2.0 0.0.0.255

SW2 OSPF配置

#
ospf 1 router-id 10.1.1.12
 area 0.0.0.1
  network 10.0.0.10 0.0.0.0
  network 10.1.1.12 0.0.0.0
  network 10.1.2.2 0.0.0.0
  network 192.168.1.0 0.0.0.255
  network 192.168.2.0 0.0.0.255

业务网段不允许出现协议报文

R3 配置

#
ospf 1 router-id 10.1.1.3
 silent-interface GigabitEthernet0/1

SW1 配置

#
ospf 1 router-id 10.1.1.11
 silent-interface Vlan-interface10
 silent-interface Vlan-interface20

SW2配置

#
ospf 1 router-id 10.1.1.12
 silent-interface Vlan-interface10
 silent-interface Vlan-interface20

R1上配置默认路由指向互联网,并引入到 OSPF

#
 ip route-static 0.0.0.0 0 202.100.1.1
#
ospf 1 router-id 10.1.1.1
 default-route-advertise

互联网区域配置

配置 PPP-MP,并配置双向 chap 验证

依据需求配置:R1 通过双线连接到互联网,配置 PPP-MP,并配置双向 chap 验证

R1配置PPP-MP
#
interface MP-group1
#          
interface Serial1/0
 ppp mp MP-group1 
#
interface Serial2/0
 ppp mp MP-group1 
R1配置双向 chap 验证
#
local-user user1 class network
 password simple 123
 service-type ppp
#            
interface Serial1/0
 ppp authentication-mode chap 
 ppp chap password simple 123
 ppp chap user user1 
#
interface Serial2/0
 ppp authentication-mode chap 
 ppp chap password simple 123 
 ppp chap user user1 
Internet 配置PPP-MP
#
interface MP-group1
#            
interface Serial1/0
 ppp mp MP-group1 
#
interface Serial2/0
 ppp mp MP-group1 
Internet 配置双向 chap 验证
#
local-user user1 class network
 password simple 123
 service-type ppp
#            
interface Serial1/0
 ppp authentication-mode chap 
 ppp chap password simple 123
 ppp chap user user1 
#
interface Serial2/0
 ppp authentication-mode chap 
 ppp chap password simple 123 
 ppp chap user user1 

配置 EASYIP

依据需求配置:配置 EASYIP,只有业务网段192.168.1.0/24​​和192.168.2.0/24​​的数据流可以通过 R1 访问互联网

#
acl basic 2000
 description NAT
 rule 0 permit source 192.168.1.0 0.0.0.255
 rule 5 permit source 192.168.2.0 0.0.0.255
#
interface MP-group1
 nat outbound 2000

R1 开启 TELNET 远程管理

依据需求配置:R1 开启 TELNET 远程管理,使用用户abc​​登录,密码abc​​ ,只允许技术部远程管理 R1

#
 undo password-control length enable 
 undo password-control composition enable 
 undo password-control complexity user-name check
#
local-user abc class manage
 password simple abc
 service-type telnet
 authorization-attribute user-role level-15
#
line vty 0 4
 authentication-mode scheme
 protocol inbound telnet
#          
acl basic 2001
 description acl telnet
 rule 0 permit source 192.168.2.0 0.0.0.255
#
 telnet server enable
 telnet server acl 2001

实验验证

测试是否只有业务网段192.168.1.0/24​和192.168.2.0/24​的数据流可以通过 R1 访问互联网

PC1测试可以访问互联网

<H3C>ping 100.1.1.1
Ping 100.1.1.1 (100.1.1.1): 56 data bytes, press CTRL_C to break
56 bytes from 100.1.1.1: icmp_seq=0 ttl=253 time=1.386 ms
56 bytes from 100.1.1.1: icmp_seq=1 ttl=253 time=1.077 ms
56 bytes from 100.1.1.1: icmp_seq=2 ttl=253 time=1.382 ms
56 bytes from 100.1.1.1: icmp_seq=3 ttl=253 time=1.437 ms
56 bytes from 100.1.1.1: icmp_seq=4 ttl=253 time=1.503 ms

--- Ping statistics for 100.1.1.1 ---
5 packet(s) transmitted, 5 packet(s) received, 0.0% packet loss
round-trip min/avg/max/std-dev = 1.077/1.357/1.503/0.147 ms
<H3C>%Feb 19 13:10:14:705 2024 H3C PING/6/PING_STATISTICS: Ping statistics for 100.1.1.1: 5 packet(s) transmitted, 5 packet(s) received, 0.0% packet loss, round-trip min/avg/max/std-dev = 1.077/1.357/1.503/0.147 ms.

PC2测试可以访问互联网

<H3C>ping 100.1.1.1
Ping 100.1.1.1 (100.1.1.1): 56 data bytes, press CTRL_C to break
56 bytes from 100.1.1.1: icmp_seq=0 ttl=253 time=2.000 ms
56 bytes from 100.1.1.1: icmp_seq=1 ttl=253 time=3.000 ms
56 bytes from 100.1.1.1: icmp_seq=2 ttl=253 time=2.000 ms
56 bytes from 100.1.1.1: icmp_seq=3 ttl=253 time=2.000 ms
56 bytes from 100.1.1.1: icmp_seq=4 ttl=253 time=3.000 ms

--- Ping statistics for 100.1.1.1 ---
5 packet(s) transmitted, 5 packet(s) received, 0.0% packet loss
round-trip min/avg/max/std-dev = 2.000/2.400/3.000/0.490 ms
<H3C>%Feb 19 13:10:35:094 2024 H3C PING/6/PING_STATISTICS: Ping statistics for 100.1.1.1: 5 packet(s) transmitted, 5 packet(s) received, 0.0% packet loss, round-trip min/avg/max/std-dev = 2.000/2.400/3.000/0.490 ms.

PC3测试不能访问互联网

<H3C>ping 100.1.1.1
Ping 100.1.1.1 (100.1.1.1): 56 data bytes, press CTRL_C to break
Request time out
Request time out
Request time out
Request time out
Request time out

--- Ping statistics for 100.1.1.1 ---
5 packet(s) transmitted, 0 packet(s) received, 100.0% packet loss
<H3C>%Feb 19 13:13:22:721 2024 H3C PING/6/PING_STATISTICS: Ping statistics for 100.1.1.1: 5 packet(s) transmitted, 0 packet(s) received, 100.0% packet loss.

R1 查询nat session 仅有业务网段192.168.1.0/24​​和192.168.2.0/24​​的数据流可以通过 R1 访问互联网

[R1]display nat session 
Slot 0:
Initiator:
  Source      IP/port: 192.168.2.1/156
  Destination IP/port: 100.1.1.1/2048
  DS-Lite tunnel peer: -
  VPN instance/VLAN ID/Inline ID: -/-/-
  Protocol: ICMP(1)
  Inbound interface: GigabitEthernet0/0

Initiator:
Source IP/port: 192.168.1.1/156
Destination IP/port: 100.1.1.1/2048
DS-Lite tunnel peer: -
VPN instance/VLAN ID/Inline ID: -/-/-
Protocol: ICMP(1)
Inbound interface: GigabitEthernet0/0

Total sessions found: 2

测试是否只允许技术部远程管理 R1

技术部PC2 允许远程管理 R1

<H3C>telnet 10.1.1.1
Trying 10.1.1.1 ...
Press CTRL+K to abort
Connected to 10.1.1.1 ...

<span style="font-weight: bold;" data-type="strong"></span><span style="font-weight: bold;" data-type="strong"></span><span style="font-weight: bold;" data-type="strong"></span><span style="font-weight: bold;" data-type="strong"></span><span style="font-weight: bold;" data-type="strong"></span><span style="font-weight: bold;" data-type="strong"></span><span style="font-weight: bold;" data-type="strong"></span><span style="font-weight: bold;" data-type="strong"></span><span style="font-weight: bold;" data-type="strong"></span><span style="font-weight: bold;" data-type="strong"></span><span style="font-weight: bold;" data-type="strong"></span><span style="font-weight: bold;" data-type="strong"></span><span style="font-weight: bold;" data-type="strong"></span><span style="font-weight: bold;" data-type="strong"></span><span style="font-weight: bold;" data-type="strong"></span><span style="font-weight: bold;" data-type="strong"></span><span style="font-weight: bold;" data-type="strong"></span><span style="font-weight: bold;" data-type="strong"></span><span style="font-weight: bold;" data-type="strong"></span>**

  • Copyright (c) 2004-2021 New H3C Technologies Co., Ltd. All rights reserved.*
  • Without the owner's prior written consent, *
  • no decompiling or reverse-engineering shall be allowed. *
    <span style="font-weight: bold;" data-type="strong"></span><span style="font-weight: bold;" data-type="strong"></span><span style="font-weight: bold;" data-type="strong"></span><span style="font-weight: bold;" data-type="strong"></span><span style="font-weight: bold;" data-type="strong"></span><span style="font-weight: bold;" data-type="strong"></span><span style="font-weight: bold;" data-type="strong"></span><span style="font-weight: bold;" data-type="strong"></span><span style="font-weight: bold;" data-type="strong"></span><span style="font-weight: bold;" data-type="strong"></span><span style="font-weight: bold;" data-type="strong"></span><span style="font-weight: bold;" data-type="strong"></span><span style="font-weight: bold;" data-type="strong"></span><span style="font-weight: bold;" data-type="strong"></span><span style="font-weight: bold;" data-type="strong"></span><span style="font-weight: bold;" data-type="strong"></span><span style="font-weight: bold;" data-type="strong"></span><span style="font-weight: bold;" data-type="strong"></span><span style="font-weight: bold;" data-type="strong"></span>**

Login: abc
Password:
<R1>

SW1 带源IP测试,仅技术部IP可以远程管理R1

<SW1>telnet 10.1.1.1 source ip 192.168.1.252
Trying 10.1.1.1 ...
Press CTRL+K to abort
Connected to 10.1.1.1 ...
Failed to connect to the remote host! 

<SW1>telnet 10.1.1.1 source ip 192.168.2.252
Trying 10.1.1.1 ...
Press CTRL+K to abort
Connected to 10.1.1.1 ...

<span style="font-weight: bold;" data-type="strong"></span><span style="font-weight: bold;" data-type="strong"></span><span style="font-weight: bold;" data-type="strong"></span><span style="font-weight: bold;" data-type="strong"></span><span style="font-weight: bold;" data-type="strong"></span><span style="font-weight: bold;" data-type="strong"></span><span style="font-weight: bold;" data-type="strong"></span><span style="font-weight: bold;" data-type="strong"></span><span style="font-weight: bold;" data-type="strong"></span><span style="font-weight: bold;" data-type="strong"></span><span style="font-weight: bold;" data-type="strong"></span><span style="font-weight: bold;" data-type="strong"></span><span style="font-weight: bold;" data-type="strong"></span><span style="font-weight: bold;" data-type="strong"></span><span style="font-weight: bold;" data-type="strong"></span><span style="font-weight: bold;" data-type="strong"></span><span style="font-weight: bold;" data-type="strong"></span><span style="font-weight: bold;" data-type="strong"></span><span style="font-weight: bold;" data-type="strong"></span>**

  • Copyright (c) 2004-2021 New H3C Technologies Co., Ltd. All rights reserved.*
  • Without the owner's prior written consent, *
  • no decompiling or reverse-engineering shall be allowed. *
    <span style="font-weight: bold;" data-type="strong"></span><span style="font-weight: bold;" data-type="strong"></span><span style="font-weight: bold;" data-type="strong"></span><span style="font-weight: bold;" data-type="strong"></span><span style="font-weight: bold;" data-type="strong"></span><span style="font-weight: bold;" data-type="strong"></span><span style="font-weight: bold;" data-type="strong"></span><span style="font-weight: bold;" data-type="strong"></span><span style="font-weight: bold;" data-type="strong"></span><span style="font-weight: bold;" data-type="strong"></span><span style="font-weight: bold;" data-type="strong"></span><span style="font-weight: bold;" data-type="strong"></span><span style="font-weight: bold;" data-type="strong"></span><span style="font-weight: bold;" data-type="strong"></span><span style="font-weight: bold;" data-type="strong"></span><span style="font-weight: bold;" data-type="strong"></span><span style="font-weight: bold;" data-type="strong"></span><span style="font-weight: bold;" data-type="strong"></span><span style="font-weight: bold;" data-type="strong"></span>**

Login: abc
Password:
<R1>

其余未能远程管理R1

PC1:
<H3C>telnet 10.1.1.1
Trying 10.1.1.1 ...
Press CTRL+K to abort
Connected to 10.1.1.1 ...
Failed to connect to the remote host! 

PC3:
<H3C>telnet 10.1.1.1
Trying 10.1.1.1 ...
Press CTRL+K to abort
Connected to 10.1.1.1 ...
Failed to connect to the remote host!

完整配置

R1 完整配置

[R1]display current-configuration 
#
 version 7.1.064, Release 0427P22
#
 sysname R1
#
 telnet server enable
 telnet server acl 2001
#
ospf 1 router-id 10.1.1.1
 default-route-advertise
 area 0.0.0.0
  network 10.0.0.1 0.0.0.0
  network 10.0.0.14 0.0.0.0
  network 10.1.1.1 0.0.0.0
 area 0.0.0.1
  network 10.0.0.5 0.0.0.0
#
 system-working-mode standard
 xbar load-single
 password-recovery enable
 lpu-type f-series
#
vlan 1
#          
interface Serial1/0
 ppp authentication-mode chap 
 ppp chap password cipher $c$3$9QFe8z/CzrvNTRj1xcdBKIa740Sjrg<span style="font-weight: bold;" class="mark"> 
 ppp chap user user1 
 ppp mp MP-group1 
#
interface Serial2/0
 ppp authentication-mode chap 
 ppp chap password cipher $c$3$m6NHOx8NLuwBZYB0lygNtBEhc2iSBw</span> 
 ppp chap user user1 
 ppp mp MP-group1 
#
interface Serial3/0
#
interface Serial4/0
#
interface MP-group1
 ip address 202.100.1.2 255.255.255.252
 nat outbound 2000
#
interface NULL0
#
interface LoopBack0
 ip address 10.1.1.1 255.255.255.255
#
interface GigabitEthernet0/0
 port link-mode route
 combo enable copper
 ip address 10.0.0.5 255.255.255.252
#
interface GigabitEthernet0/1
 port link-mode route
 combo enable copper
 ip address 10.0.0.1 255.255.255.252
#
interface GigabitEthernet0/2
 port link-mode route
 combo enable copper
 ip address 10.0.0.14 255.255.255.252
#
interface GigabitEthernet5/0
 port link-mode route
 combo enable copper
#
interface GigabitEthernet5/1
 port link-mode route
 combo enable copper
#
interface GigabitEthernet6/0
 port link-mode route
 combo enable copper
#
interface GigabitEthernet6/1
 port link-mode route
 combo enable copper
#
 scheduler logfile size 16
#
line class aux
 user-role network-operator
#
line class console
 user-role network-admin
#
line class tty
 user-role network-operator
#
line class vty
 user-role network-operator
#
line aux 0
 user-role network-operator
#
line con 0
 user-role network-admin
#
line vty 0 4
 authentication-mode scheme
 user-role network-admin
 user-role network-operator
 protocol inbound telnet
#
line vty 5 63
 user-role network-operator
#
 ip route-static 0.0.0.0 0 202.100.1.1
#
acl basic 2000
 description NAT
 rule 0 permit source 192.168.1.0 0.0.0.255
 rule 5 permit source 192.168.2.0 0.0.0.255
#          
acl basic 2001
 description acl telnet
 rule 0 permit source 192.168.2.0 0.0.0.255
#
 undo password-control length enable 
 undo password-control composition enable 
 undo password-control complexity user-name check
#
domain system
#
 domain default enable system
#
role name level-0
 description Predefined level-0 role
#
role name level-1
 description Predefined level-1 role
#
role name level-2
 description Predefined level-2 role
#
role name level-3
 description Predefined level-3 role
#
role name level-4
 description Predefined level-4 role
#
role name level-5
 description Predefined level-5 role
#
role name level-6
 description Predefined level-6 role
#
role name level-7
 description Predefined level-7 role
#
role name level-8
 description Predefined level-8 role
#
role name level-9
 description Predefined level-9 role
#
role name level-10
 description Predefined level-10 role
#
role name level-11
 description Predefined level-11 role
#
role name level-12
 description Predefined level-12 role
#
role name level-13
 description Predefined level-13 role
#
role name level-14
 description Predefined level-14 role
#
user-group system
#
local-user abc class manage
 password hash $h$6$tsrswDmxuoiSWbMI$A7XebS0Mtjt3ec9vHx6SkNL0MnheDitsIqi3Dm6I3CN44jA6K3saXTpxCbrASD2KAxlWAC/Dl4j7zGOlfpObwQ<span style="font-weight: bold;" class="mark">
 service-type telnet
 authorization-attribute user-role level-15
 authorization-attribute user-role network-operator
#
local-user user1 class network
 password cipher $c$3$C7453wFxHwXZ7el+WFzyfg4eLMdVdg</span>
 service-type ppp
 authorization-attribute user-role network-operator
#
return
[R1]   

R2 完整配置

[R2]display current-configuration 
#
 version 7.1.064, Release 0427P22
#
 sysname R2
#
ospf 1 router-id 10.1.1.2
 area 0.0.0.0
  network 10.0.0.2 0.0.0.0
  network 10.0.0.18 0.0.0.0
  network 10.1.1.2 0.0.0.0
 area 0.0.0.1
  network 10.0.0.9 0.0.0.0
#
 system-working-mode standard
 xbar load-single
 password-recovery enable
 lpu-type f-series
#
vlan 1
#
interface Serial1/0
#
interface Serial2/0
#          
interface Serial3/0
#
interface Serial4/0
#
interface NULL0
#
interface LoopBack0
 ip address 10.1.1.2 255.255.255.255
#
interface GigabitEthernet0/0
 port link-mode route
 combo enable copper
 ip address 10.0.0.9 255.255.255.252
#
interface GigabitEthernet0/1
 port link-mode route
 combo enable copper
 ip address 10.0.0.2 255.255.255.252
#
interface GigabitEthernet0/2
 port link-mode route
 combo enable copper
 ip address 10.0.0.18 255.255.255.252
#
interface GigabitEthernet5/0
 port link-mode route
 combo enable copper
#
interface GigabitEthernet5/1
 port link-mode route
 combo enable copper
#
interface GigabitEthernet6/0
 port link-mode route
 combo enable copper
#
interface GigabitEthernet6/1
 port link-mode route
 combo enable copper
#
 scheduler logfile size 16
#
line class aux
 user-role network-operator
#
line class console
 user-role network-admin
#
line class tty
 user-role network-operator
#
line class vty
 user-role network-operator
#
line aux 0
 user-role network-operator
#
line con 0
 user-role network-admin
#
line vty 0 63
 user-role network-operator
#
domain system
#
 domain default enable system
#
role name level-0
 description Predefined level-0 role
#
role name level-1
 description Predefined level-1 role
#
role name level-2
 description Predefined level-2 role
#
role name level-3
 description Predefined level-3 role
#
role name level-4
 description Predefined level-4 role
#
role name level-5
 description Predefined level-5 role
#
role name level-6
 description Predefined level-6 role
#
role name level-7
 description Predefined level-7 role
#
role name level-8
 description Predefined level-8 role
#
role name level-9
 description Predefined level-9 role
#
role name level-10
 description Predefined level-10 role
#
role name level-11
 description Predefined level-11 role
#
role name level-12
 description Predefined level-12 role
#
role name level-13
 description Predefined level-13 role
#
role name level-14
 description Predefined level-14 role
#
user-group system
#
return     
[R2]  

R3 完整配置

[R3]display current-configuration 
#
 version 7.1.064, Release 0427P22
#
 sysname R3
#
ospf 1 router-id 10.1.1.3
 silent-interface GigabitEthernet0/1
 area 0.0.0.0
  network 10.0.0.13 0.0.0.0
  network 10.0.0.17 0.0.0.0
  network 10.1.1.3 0.0.0.0
  network 192.168.3.0 0.0.0.255
#
 sysid R3
#
 system-working-mode standard
 xbar load-single
 password-recovery enable
 lpu-type f-series
#
vlan 1
#
interface Serial1/0
#          
interface Serial2/0
#
interface Serial3/0
#
interface Serial4/0
#
interface NULL0
#
interface LoopBack0
 ip address 10.1.1.3 255.255.255.255
#
interface GigabitEthernet0/0
 port link-mode route
 combo enable copper
 ip address 10.0.0.13 255.255.255.252
#
interface GigabitEthernet0/1
 port link-mode route
 combo enable copper
 ip address 192.168.3.254 255.255.255.0
#
interface GigabitEthernet0/2
 port link-mode route
 combo enable copper
 ip address 10.0.0.17 255.255.255.252
#
interface GigabitEthernet5/0
 port link-mode route
 combo enable copper
#
interface GigabitEthernet5/1
 port link-mode route
 combo enable copper
#
interface GigabitEthernet6/0
 port link-mode route
 combo enable copper
#
interface GigabitEthernet6/1
 port link-mode route
 combo enable copper
#
 scheduler logfile size 16
#
line class aux
 user-role network-operator
#
line class console
 user-role network-admin
#
line class tty
 user-role network-operator
#
line class vty
 user-role network-operator
#
line aux 0
 user-role network-operator
#
line con 0
 user-role network-admin
#
line vty 0 63
 user-role network-operator
#
domain system
#
 domain default enable system
#          
role name level-0
 description Predefined level-0 role
#
role name level-1
 description Predefined level-1 role
#
role name level-2
 description Predefined level-2 role
#
role name level-3
 description Predefined level-3 role
#
role name level-4
 description Predefined level-4 role
#
role name level-5
 description Predefined level-5 role
#
role name level-6
 description Predefined level-6 role
#
role name level-7
 description Predefined level-7 role
#
role name level-8
 description Predefined level-8 role
#
role name level-9
 description Predefined level-9 role
#
role name level-10
 description Predefined level-10 role
#
role name level-11
 description Predefined level-11 role
#
role name level-12
 description Predefined level-12 role
#
role name level-13
 description Predefined level-13 role
#
role name level-14
 description Predefined level-14 role
#
user-group system
#
return
[R3] 

SW1 完整配置

[SW1]display current-configuration 
#
 version 7.1.075, Alpha 7571
#
 sysname SW1
#
 irf mac-address persistent timer
 irf auto-update enable
 undo irf link-delay
 irf member 1 priority 1
#
ospf 1 router-id 10.1.1.11
 silent-interface Vlan-interface10
 silent-interface Vlan-interface20
 area 0.0.0.1
  network 10.0.0.6 0.0.0.0
  network 10.1.1.11 0.0.0.0
  network 10.1.2.1 0.0.0.0
  network 192.168.1.0 0.0.0.255
  network 192.168.2.0 0.0.0.255
#
 dhcp enable
#
 lldp global enable
#          
 system-working-mode standard
 xbar load-single
 password-recovery enable
 lpu-type f-series
#
vlan 1
#
vlan 10
 description 市场部
#
vlan 20
 description 技术部
#
vlan 30
 description OSPF邻居VLAN
#
vlan 111
 description SW1和R1的互联VLAN
#
 stp global enable
#
dhcp server ip-pool 1
 gateway-list 192.168.1.252
 network 192.168.1.0 mask 255.255.255.0
 dns-list 202.101.224.69 202.101.224.68
#
dhcp server ip-pool 2
 gateway-list 192.168.2.253
 network 192.168.2.0 mask 255.255.255.0
 dns-list 202.101.224.69 202.101.224.68
#
interface Bridge-Aggregation1
 port link-type trunk
 undo port trunk permit vlan 1
 port trunk permit vlan 10 20 30
#
interface NULL0
#
interface LoopBack0
 ip address 10.1.1.11 255.255.255.255
#
interface Vlan-interface10
 ip address 192.168.1.252 255.255.255.0
#
interface Vlan-interface20
 ip address 192.168.2.252 255.255.255.0
#
interface Vlan-interface30
 ip address 10.1.2.1 255.255.255.252
#
interface Vlan-interface111
 ip address 10.0.0.6 255.255.255.252
#
interface FortyGigE1/0/53
 port link-mode bridge
#
interface FortyGigE1/0/54
 port link-mode bridge
#
interface GigabitEthernet1/0/1
 port link-mode bridge
 port link-type trunk
 undo port trunk permit vlan 1
 port trunk permit vlan 10 20 30
 combo enable fiber
 port link-aggregation group 1
#
interface GigabitEthernet1/0/2
 port link-mode bridge
 port link-type trunk
 undo port trunk permit vlan 1
 port trunk permit vlan 10 20 30
 combo enable fiber
 port link-aggregation group 1
#
interface GigabitEthernet1/0/3
 port link-mode bridge
 port link-type trunk
 undo port trunk permit vlan 1
 port trunk permit vlan 10 20
 combo enable fiber
#
interface GigabitEthernet1/0/4
 port link-mode bridge
 port access vlan 111
 combo enable fiber
#
interface GigabitEthernet1/0/5
 port link-mode bridge
 combo enable fiber
#
interface GigabitEthernet1/0/6
 port link-mode bridge
 combo enable fiber
#
interface GigabitEthernet1/0/7
 port link-mode bridge
 combo enable fiber
#
interface GigabitEthernet1/0/8
 port link-mode bridge
 combo enable fiber
#
interface GigabitEthernet1/0/9
 port link-mode bridge
 combo enable fiber
#
interface GigabitEthernet1/0/10
 port link-mode bridge
 combo enable fiber
#
interface GigabitEthernet1/0/11
 port link-mode bridge
 combo enable fiber
#          
interface GigabitEthernet1/0/12
 port link-mode bridge
 combo enable fiber
#
interface GigabitEthernet1/0/13
 port link-mode bridge
 combo enable fiber
#
interface GigabitEthernet1/0/14
 port link-mode bridge
 combo enable fiber
#
interface GigabitEthernet1/0/15
 port link-mode bridge
 combo enable fiber
#
interface GigabitEthernet1/0/16
 port link-mode bridge
 combo enable fiber
#
interface GigabitEthernet1/0/17
 port link-mode bridge
 combo enable fiber
#
interface GigabitEthernet1/0/18
 port link-mode bridge
 combo enable fiber
#
interface GigabitEthernet1/0/19
 port link-mode bridge
 combo enable fiber
#
interface GigabitEthernet1/0/20
 port link-mode bridge
 combo enable fiber
#
interface GigabitEthernet1/0/21
 port link-mode bridge
 combo enable fiber
#
interface GigabitEthernet1/0/22
 port link-mode bridge
 combo enable fiber
#
interface GigabitEthernet1/0/23
 port link-mode bridge
 combo enable fiber
#
interface GigabitEthernet1/0/24
 port link-mode bridge
 combo enable fiber
#
interface GigabitEthernet1/0/25
 port link-mode bridge
 combo enable fiber
#
interface GigabitEthernet1/0/26
 port link-mode bridge
 combo enable fiber
#
interface GigabitEthernet1/0/27
 port link-mode bridge
 combo enable fiber
#
interface GigabitEthernet1/0/28
 port link-mode bridge
 combo enable fiber
#
interface GigabitEthernet1/0/29
 port link-mode bridge
 combo enable fiber
#
interface GigabitEthernet1/0/30
 port link-mode bridge
 combo enable fiber
#
interface GigabitEthernet1/0/31
 port link-mode bridge
 combo enable fiber
#
interface GigabitEthernet1/0/32
 port link-mode bridge
 combo enable fiber
#
interface GigabitEthernet1/0/33
 port link-mode bridge
 combo enable fiber
#
interface GigabitEthernet1/0/34
 port link-mode bridge
 combo enable fiber
#          
interface GigabitEthernet1/0/35
 port link-mode bridge
 combo enable fiber
#
interface GigabitEthernet1/0/36
 port link-mode bridge
 combo enable fiber
#
interface GigabitEthernet1/0/37
 port link-mode bridge
 combo enable fiber
#
interface GigabitEthernet1/0/38
 port link-mode bridge
 combo enable fiber
#
interface GigabitEthernet1/0/39
 port link-mode bridge
 combo enable fiber
#
interface GigabitEthernet1/0/40
 port link-mode bridge
 combo enable fiber
#
interface GigabitEthernet1/0/41
 port link-mode bridge
 combo enable fiber
#
interface GigabitEthernet1/0/42
 port link-mode bridge
 combo enable fiber
#
interface GigabitEthernet1/0/43
 port link-mode bridge
 combo enable fiber
#
interface GigabitEthernet1/0/44
 port link-mode bridge
 combo enable fiber
#
interface GigabitEthernet1/0/45
 port link-mode bridge
 combo enable fiber
#
interface GigabitEthernet1/0/46
 port link-mode bridge
 combo enable fiber
#
interface GigabitEthernet1/0/47
 port link-mode bridge
 combo enable fiber
#
interface GigabitEthernet1/0/48
 port link-mode bridge
 combo enable fiber
#
interface M-GigabitEthernet0/0/0
#
interface Ten-GigabitEthernet1/0/49
 port link-mode bridge
 combo enable fiber
#
interface Ten-GigabitEthernet1/0/50
 port link-mode bridge
 combo enable fiber
#
interface Ten-GigabitEthernet1/0/51
 port link-mode bridge
 combo enable fiber
#
interface Ten-GigabitEthernet1/0/52
 port link-mode bridge
 combo enable fiber
#
 scheduler logfile size 16
#
line class aux
 user-role network-operator
#
line class console
 user-role network-admin
#
line class tty
 user-role network-operator
#
line class vty
 user-role network-operator
#
line aux 0
 user-role network-operator
#
line con 0   
 user-role network-admin
#
line vty 0 63
 user-role network-operator
#
radius scheme system
 user-name-format without-domain
#
domain name system
#
 domain default enable system
#
role name level-0
 description Predefined level-0 role
#
role name level-1
 description Predefined level-1 role
#
role name level-2
 description Predefined level-2 role
#
role name level-3
 description Predefined level-3 role
#
role name level-4
 description Predefined level-4 role
#
role name level-5
 description Predefined level-5 role
#
role name level-6
 description Predefined level-6 role
#
role name level-7
 description Predefined level-7 role
#
role name level-8
 description Predefined level-8 role
#
role name level-9
 description Predefined level-9 role
#
role name level-10
 description Predefined level-10 role
#
role name level-11
 description Predefined level-11 role
#
role name level-12
 description Predefined level-12 role
#
role name level-13
 description Predefined level-13 role
#
role name level-14
 description Predefined level-14 role
#
user-group system
#
return
[SW1] 

SW2 完整配置

[SW2]display current-configuration 
#
 version 7.1.075, Alpha 7571
#
 sysname SW2
#
 irf mac-address persistent timer
 irf auto-update enable
 undo irf link-delay
 irf member 1 priority 1
#
ospf 1 router-id 10.1.1.12
 silent-interface Vlan-interface10
 silent-interface Vlan-interface20
 area 0.0.0.1
  network 10.0.0.10 0.0.0.0
  network 10.1.1.12 0.0.0.0
  network 10.1.2.2 0.0.0.0
  network 192.168.1.0 0.0.0.255
  network 192.168.2.0 0.0.0.255
#
 lldp global enable
#
 system-working-mode standard
 xbar load-single
 password-recovery enable
 lpu-type f-series
#
vlan 1
#
vlan 10
 description 市场部
#
vlan 20
 description 技术部
#
vlan 30
 description OSPF邻居VLAN
#
vlan 222
 description SW2和R2的互联VLAN
#
 stp global enable
#
interface Bridge-Aggregation1
 port link-type trunk
 undo port trunk permit vlan 1
 port trunk permit vlan 10 20 30
#
interface NULL0
#
interface LoopBack0
 ip address 10.1.1.12 255.255.255.255
#
interface Vlan-interface10
 ip address 192.168.1.253 255.255.255.0
#
interface Vlan-interface20
 ip address 192.168.2.253 255.255.255.0
#
interface Vlan-interface30
 ip address 10.1.2.2 255.255.255.252
#
interface Vlan-interface222
 ip address 10.0.0.10 255.255.255.252
#
interface FortyGigE1/0/53
 port link-mode bridge
#
interface FortyGigE1/0/54
 port link-mode bridge
#
interface GigabitEthernet1/0/1
 port link-mode bridge
 port link-type trunk
 undo port trunk permit vlan 1
 port trunk permit vlan 10 20 30
 combo enable fiber
 port link-aggregation group 1
#
interface GigabitEthernet1/0/2
 port link-mode bridge
 port link-type trunk
 undo port trunk permit vlan 1
 port trunk permit vlan 10 20 30
 combo enable fiber
 port link-aggregation group 1
#
interface GigabitEthernet1/0/3
 port link-mode bridge
 port link-type trunk
 undo port trunk permit vlan 1
 port trunk permit vlan 10 20
 combo enable fiber
#
interface GigabitEthernet1/0/4
 port link-mode bridge
 port access vlan 222
 combo enable fiber
#
interface GigabitEthernet1/0/5
 port link-mode bridge
 combo enable fiber
#
interface GigabitEthernet1/0/6
 port link-mode bridge
 combo enable fiber
#
interface GigabitEthernet1/0/7
 port link-mode bridge
 combo enable fiber
#
interface GigabitEthernet1/0/8
 port link-mode bridge
 combo enable fiber
#
interface GigabitEthernet1/0/9
 port link-mode bridge
 combo enable fiber
#
interface GigabitEthernet1/0/10
 port link-mode bridge
 combo enable fiber
#
interface GigabitEthernet1/0/11
 port link-mode bridge
 combo enable fiber
#
interface GigabitEthernet1/0/12
 port link-mode bridge
 combo enable fiber
#
interface GigabitEthernet1/0/13
 port link-mode bridge
 combo enable fiber
#
interface GigabitEthernet1/0/14
 port link-mode bridge
 combo enable fiber
#          
interface GigabitEthernet1/0/15
 port link-mode bridge
 combo enable fiber
#
interface GigabitEthernet1/0/16
 port link-mode bridge
 combo enable fiber
#
interface GigabitEthernet1/0/17
 port link-mode bridge
 combo enable fiber
#
interface GigabitEthernet1/0/18
 port link-mode bridge
 combo enable fiber
#
interface GigabitEthernet1/0/19
 port link-mode bridge
 combo enable fiber
#
interface GigabitEthernet1/0/20
 port link-mode bridge
 combo enable fiber
#
interface GigabitEthernet1/0/21
 port link-mode bridge
 combo enable fiber
#
interface GigabitEthernet1/0/22
 port link-mode bridge
 combo enable fiber
#
interface GigabitEthernet1/0/23
 port link-mode bridge
 combo enable fiber
#
interface GigabitEthernet1/0/24
 port link-mode bridge
 combo enable fiber
#
interface GigabitEthernet1/0/25
 port link-mode bridge
 combo enable fiber
#
interface GigabitEthernet1/0/26
 port link-mode bridge
 combo enable fiber
#
interface GigabitEthernet1/0/27
 port link-mode bridge
 combo enable fiber
#
interface GigabitEthernet1/0/28
 port link-mode bridge
 combo enable fiber
#
interface GigabitEthernet1/0/29
 port link-mode bridge
 combo enable fiber
#
interface GigabitEthernet1/0/30
 port link-mode bridge
 combo enable fiber
#
interface GigabitEthernet1/0/31
 port link-mode bridge
 combo enable fiber
#
interface GigabitEthernet1/0/32
 port link-mode bridge
 combo enable fiber
#
interface GigabitEthernet1/0/33
 port link-mode bridge
 combo enable fiber
#
interface GigabitEthernet1/0/34
 port link-mode bridge
 combo enable fiber
#
interface GigabitEthernet1/0/35
 port link-mode bridge
 combo enable fiber
#
interface GigabitEthernet1/0/36
 port link-mode bridge
 combo enable fiber
#
interface GigabitEthernet1/0/37
 port link-mode bridge
 combo enable fiber
#          
interface GigabitEthernet1/0/38
 port link-mode bridge
 combo enable fiber
#
interface GigabitEthernet1/0/39
 port link-mode bridge
 combo enable fiber
#
interface GigabitEthernet1/0/40
 port link-mode bridge
 combo enable fiber
#
interface GigabitEthernet1/0/41
 port link-mode bridge
 combo enable fiber
#
interface GigabitEthernet1/0/42
 port link-mode bridge
 combo enable fiber
#
interface GigabitEthernet1/0/43
 port link-mode bridge
 combo enable fiber
#
interface GigabitEthernet1/0/44
 port link-mode bridge
 combo enable fiber
#
interface GigabitEthernet1/0/45
 port link-mode bridge
 combo enable fiber
#
interface GigabitEthernet1/0/46
 port link-mode bridge
 combo enable fiber
#
interface GigabitEthernet1/0/47
 port link-mode bridge
 combo enable fiber
#
interface GigabitEthernet1/0/48
 port link-mode bridge
 combo enable fiber
#
interface M-GigabitEthernet0/0/0
#          
interface Ten-GigabitEthernet1/0/49
 port link-mode bridge
 combo enable fiber
#
interface Ten-GigabitEthernet1/0/50
 port link-mode bridge
 combo enable fiber
#
interface Ten-GigabitEthernet1/0/51
 port link-mode bridge
 combo enable fiber
#
interface Ten-GigabitEthernet1/0/52
 port link-mode bridge
 combo enable fiber
#
 scheduler logfile size 16
#
line class aux
 user-role network-operator
#
line class console
 user-role network-admin
#
line class tty
 user-role network-operator
#
line class vty
 user-role network-operator
#
line aux 0
 user-role network-operator
#
line con 0
 user-role network-admin
#
line vty 0 63
 user-role network-operator
#
radius scheme system
 user-name-format without-domain
#
domain name system
#
 domain default enable system
#          
role name level-0
 description Predefined level-0 role
#
role name level-1
 description Predefined level-1 role
#
role name level-2
 description Predefined level-2 role
#
role name level-3
 description Predefined level-3 role
#
role name level-4
 description Predefined level-4 role
#
role name level-5
 description Predefined level-5 role
#
role name level-6
 description Predefined level-6 role
#
role name level-7
 description Predefined level-7 role
#
role name level-8
 description Predefined level-8 role
#
role name level-9
 description Predefined level-9 role
#
role name level-10
 description Predefined level-10 role
#
role name level-11
 description Predefined level-11 role
#
role name level-12
 description Predefined level-12 role
#
role name level-13
 description Predefined level-13 role
#
role name level-14
 description Predefined level-14 role
#
user-group system
#
return
[SW2] 

SW3 完整配置

[SW3]display current-configuration 
#
 version 7.1.075, Alpha 7571
#
 sysname SW3
#
 irf mac-address persistent timer
 irf auto-update enable
 undo irf link-delay
 irf member 1 priority 1
#
 lldp global enable
#
 system-working-mode standard
 xbar load-single
 password-recovery enable
 lpu-type f-series
#
vlan 1
#
vlan 10
#
vlan 20
#
 stp global enable
#
interface NULL0
#
interface FortyGigE1/0/53
 port link-mode bridge
#
interface FortyGigE1/0/54
 port link-mode bridge
#
interface GigabitEthernet1/0/1
 port link-mode bridge
 port link-type trunk
 undo port trunk permit vlan 1
 port trunk permit vlan 10 20
 combo enable fiber
#
interface GigabitEthernet1/0/2
 port link-mode bridge
 port link-type trunk
 undo port trunk permit vlan 1
 port trunk permit vlan 10 20
 combo enable fiber
#          
interface GigabitEthernet1/0/3
 port link-mode bridge
 port access vlan 10
 combo enable fiber
 stp edged-port
#
interface GigabitEthernet1/0/4
 port link-mode bridge
 port access vlan 20
 combo enable fiber
 stp edged-port
#
interface GigabitEthernet1/0/5
 port link-mode bridge
 combo enable fiber
#
interface GigabitEthernet1/0/6
 port link-mode bridge
 combo enable fiber
#
interface GigabitEthernet1/0/7
 port link-mode bridge
 combo enable fiber
#
interface GigabitEthernet1/0/8
 port link-mode bridge
 combo enable fiber
#
interface GigabitEthernet1/0/9
 port link-mode bridge
 combo enable fiber
#
interface GigabitEthernet1/0/10
 port link-mode bridge
 combo enable fiber
#
interface GigabitEthernet1/0/11
 port link-mode bridge
 combo enable fiber
#
interface GigabitEthernet1/0/12
 port link-mode bridge
 combo enable fiber
#
interface GigabitEthernet1/0/13
 port link-mode bridge
 combo enable fiber
#
interface GigabitEthernet1/0/14
 port link-mode bridge
 combo enable fiber
#
interface GigabitEthernet1/0/15
 port link-mode bridge
 combo enable fiber
#
interface GigabitEthernet1/0/16
 port link-mode bridge
 combo enable fiber
#
interface GigabitEthernet1/0/17
 port link-mode bridge
 combo enable fiber
#
interface GigabitEthernet1/0/18
 port link-mode bridge
 combo enable fiber
#
interface GigabitEthernet1/0/19
 port link-mode bridge
 combo enable fiber
#
interface GigabitEthernet1/0/20
 port link-mode bridge
 combo enable fiber
#
interface GigabitEthernet1/0/21
 port link-mode bridge
 combo enable fiber
#
interface GigabitEthernet1/0/22
 port link-mode bridge
 combo enable fiber
#
interface GigabitEthernet1/0/23
 port link-mode bridge
 combo enable fiber
#
interface GigabitEthernet1/0/24
 port link-mode bridge
 combo enable fiber
#          
interface GigabitEthernet1/0/25
 port link-mode bridge
 combo enable fiber
#
interface GigabitEthernet1/0/26
 port link-mode bridge
 combo enable fiber
#
interface GigabitEthernet1/0/27
 port link-mode bridge
 combo enable fiber
#
interface GigabitEthernet1/0/28
 port link-mode bridge
 combo enable fiber
#
interface GigabitEthernet1/0/29
 port link-mode bridge
 combo enable fiber
#
interface GigabitEthernet1/0/30
 port link-mode bridge
 combo enable fiber
#
interface GigabitEthernet1/0/31
 port link-mode bridge
 combo enable fiber
#
interface GigabitEthernet1/0/32
 port link-mode bridge
 combo enable fiber
#
interface GigabitEthernet1/0/33
 port link-mode bridge
 combo enable fiber
#
interface GigabitEthernet1/0/34
 port link-mode bridge
 combo enable fiber
#
interface GigabitEthernet1/0/35
 port link-mode bridge
 combo enable fiber
#
interface GigabitEthernet1/0/36
 port link-mode bridge
 combo enable fiber
#
interface GigabitEthernet1/0/37
 port link-mode bridge
 combo enable fiber
#
interface GigabitEthernet1/0/38
 port link-mode bridge
 combo enable fiber
#
interface GigabitEthernet1/0/39
 port link-mode bridge
 combo enable fiber
#
interface GigabitEthernet1/0/40
 port link-mode bridge
 combo enable fiber
#
interface GigabitEthernet1/0/41
 port link-mode bridge
 combo enable fiber
#
interface GigabitEthernet1/0/42
 port link-mode bridge
 combo enable fiber
#
interface GigabitEthernet1/0/43
 port link-mode bridge
 combo enable fiber
#
interface GigabitEthernet1/0/44
 port link-mode bridge
 combo enable fiber
#
interface GigabitEthernet1/0/45
 port link-mode bridge
 combo enable fiber
#
interface GigabitEthernet1/0/46
 port link-mode bridge
 combo enable fiber
#
interface GigabitEthernet1/0/47
 port link-mode bridge
 combo enable fiber
#          
interface GigabitEthernet1/0/48
 port link-mode bridge
 combo enable fiber
#
interface M-GigabitEthernet0/0/0
#
interface Ten-GigabitEthernet1/0/49
 port link-mode bridge
 combo enable fiber
#
interface Ten-GigabitEthernet1/0/50
 port link-mode bridge
 combo enable fiber
#
interface Ten-GigabitEthernet1/0/51
 port link-mode bridge
 combo enable fiber
#
interface Ten-GigabitEthernet1/0/52
 port link-mode bridge
 combo enable fiber
#
 scheduler logfile size 16
#
line class aux
 user-role network-operator
#
line class console
 user-role network-admin
#
line class tty
 user-role network-operator
#
line class vty
 user-role network-operator
#
line aux 0
 user-role network-operator
#
line con 0
 user-role network-admin
#
line vty 0 63
 user-role network-operator
#
radius scheme system
 user-name-format without-domain
#
domain name system
#
 domain default enable system
#
role name level-0
 description Predefined level-0 role
#
role name level-1
 description Predefined level-1 role
#
role name level-2
 description Predefined level-2 role
#
role name level-3
 description Predefined level-3 role
#
role name level-4
 description Predefined level-4 role
#
role name level-5
 description Predefined level-5 role
#
role name level-6
 description Predefined level-6 role
#
role name level-7
 description Predefined level-7 role
#
role name level-8
 description Predefined level-8 role
#
role name level-9
 description Predefined level-9 role
#
role name level-10
 description Predefined level-10 role
#
role name level-11
 description Predefined level-11 role
#
role name level-12
 description Predefined level-12 role
#
role name level-13
 description Predefined level-13 role
#
role name level-14
 description Predefined level-14 role
#
user-group system
#
return
[SW3] 

Internet 完整配置

[Internet]display current-configuration 
#
 version 7.1.064, Release 0427P22
#
 sysname Internet
#
 system-working-mode standard
 xbar load-single
 password-recovery enable
 lpu-type f-series
#
vlan 1
#
interface Serial1/0
 ppp authentication-mode chap 
 ppp chap password cipher $c$3$lUdg99e/KnON+mSw3B6XeTksNRB9KQ<span style="font-weight: bold;" class="mark"> 
 ppp chap user user1 
 ppp mp MP-group1 
#
interface Serial2/0
 ppp authentication-mode chap 
 ppp chap password cipher $c$3$7OGuhIdMv8WPfS/a1oONHzrha2fezQ</span> 
 ppp chap user user1 
 ppp mp MP-group1 
#          
interface Serial3/0
#
interface Serial4/0
#
interface MP-group1
 ip address 202.100.1.1 255.255.255.252
#
interface NULL0
#
interface LoopBack0
 ip address 100.1.1.1 255.255.255.255
#
interface GigabitEthernet0/0
 port link-mode route
 combo enable copper
#
interface GigabitEthernet0/1
 port link-mode route
 combo enable copper
#
interface GigabitEthernet0/2
 port link-mode route
 combo enable copper
#
interface GigabitEthernet5/0
 port link-mode route
 combo enable copper
#
interface GigabitEthernet5/1
 port link-mode route
 combo enable copper
#
interface GigabitEthernet6/0
 port link-mode route
 combo enable copper
#
interface GigabitEthernet6/1
 port link-mode route
 combo enable copper
#
 scheduler logfile size 16
#
line class aux
 user-role network-operator
#
line class console
 user-role network-admin
#
line class tty
 user-role network-operator
#
line class vty
 user-role network-operator
#
line aux 0
 user-role network-operator
#
line con 0
 user-role network-admin
#
line vty 0 63
 user-role network-operator
#
domain system
#
 domain default enable system
#
role name level-0
 description Predefined level-0 role
#
role name level-1
 description Predefined level-1 role
#
role name level-2
 description Predefined level-2 role
#
role name level-3
 description Predefined level-3 role
#
role name level-4
 description Predefined level-4 role
#
role name level-5
 description Predefined level-5 role
#
role name level-6
 description Predefined level-6 role
#
role name level-7
 description Predefined level-7 role
#
role name level-8
 description Predefined level-8 role
#
role name level-9
 description Predefined level-9 role
#
role name level-10
 description Predefined level-10 role
#
role name level-11
 description Predefined level-11 role
#
role name level-12
 description Predefined level-12 role
#
role name level-13
 description Predefined level-13 role
#
role name level-14
 description Predefined level-14 role
#
user-group system
#
local-user user1 class network
 password cipher $c$3$UmDqupmNrsE8NUp3Q9Kbeh2P4FaHfw==
 service-type ppp
 authorization-attribute user-role network-operator
#
return
[Internet] 

注意

关于OSPD的路由注入使用import-route命令。

import-route命令只能注入明细路由,直连路由,外部协议路由;但是不能注入缺省路由,默认路由。

AR1有一条默认路由指向外部网络,import-route不能注入缺省路由,内部路由器不能学习到默认路由,即内部网络无法访问外部网络。

通过default-route-advertise​命令注入缺省路由

实验附件

基础综合实验1.zip

标签:H3C,enable,level,PPP,role,NAT,interface,link,port
From: https://www.cnblogs.com/caomojian/p/18020917/h3c-ospf-nat-dhcp-ppp-comprehensive-experimen

相关文章

  • nativeUI页面table列表显示,render渲染函数
    {key:'type',title:$t('cmdType'),width:150,align:'center',render(t){switch(t.type){case2:returnh('span',{......
  • itertools.combinations_with_replacement和itertools.combinations的区别
    itertools.combinations和itertools.combinations_with_replacement都是Python标准库中的工具,用于生成组合。它们的主要区别在于对元素的重复使用上。itertools.combinations(iterable,r):生成不含重复元素的组合。iterable是可迭代对象,例如列表或字符串。r是生成的......
  • VMware Workstation之虚拟机NAT模式
    【摘要】三台虚拟机配置成NAT模式,实现三台虚拟机互通并可以访问互联网。一、虚拟机配置为NAT,实现访问互联网和宿主机1、虚拟网络编辑器配置VMnat8为NAT的虚拟网卡,NAT模式可以基于DHCP为三台虚拟机自动分配IP。2、虚拟机网卡通过dhcp自动获取到IP3、宿主机配置二、VMw......
  • SIP NAT ALG
    SIPNATALG VoIP(VoiceonIP),从字面上看就是语音跑在IP网络上。具体来说就是将电话业务与web浏览,email等其它数据应用一样,承载在IP网络(例如互联网)上,将其语音数据以IP包的形式传输。与主流的web应用相比,VoIP具有以下特点媒体(内容数据)的传输是双向对称,实时的,基于单独的实时传......
  • 如何使用graalvm为带有反射功能的java代码生成native image
    译自ConfigureNativeImagewiththeTracingAgentgraal官方文档,以下所有命令需要在linux环境下操作,graalvm也支持windows。要为使用Java反射、动态代理对象、JNI或类路径资源的Java应用程序构建本机可执行文件,应为native-image工具提供JSON格式的配置文件或在代......
  • [969] Add a spatial reference (a coordinate reference system, CRS) to a GeoDataF
    Toaddaspatialreference(acoordinatereferencesystem,CRS)toaGeoDataFrameinGeoPandas,youcansetthecrsattributeoftheGeoDataFrametothedesiredCRS.Here'showyoucandoit:importgeopandasasgpdfromshapely.geometryimportPoint......
  • NAT
    网络地址转换(NetworkAddressTranslation,NAT)是网络层的功能,用于将私有的局域网地址转换为公共网络地址,实现多个局域网设备共享同一个公共IP地址,解决IPv4地址短缺的问题。NAT功能通过NAT设备来实现,路由器大都内置了NAT的功能,防火墙设备也经常集成了NAT功能,某些高级交换机可能包含......
  • h3c如何配置ospf
    在H3C交换机上配置OSPF(开放最短路径优先)路由协议需要以下步骤:进入系统视图:[Switch]system-view启用OSPF进程并配置RouterID:[Switch]ospf[Switch-ospf]router-id1.1.1.1这里的1.1.1.1是你希望设置的路由器ID,确保其在OSPF域内唯一。配置OSPF区域:[Switch-ospf]area0这里的"are......
  • SciTech-Anatomy-Tooth
    0.牙:成人牙:称为恒牙,上下各16颗,以牙科医师面对患者视角,对上下两排牙编号:-上排:从左到右编号1号~16号,-下排:从右到左编号17号~32号,儿童牙:称为乳牙,上下各10颗,1.Anatomy2.Number......
  • H3C 设备配置文件备份还原实验
    H3C设备配置文件备份还原实验H3C模拟器搭建实验,仅为参考(2024年1月14日)实验拓扑实验需求1、按照图示连接到真机,并配置IP地址(真机IP地址配置到VirtualBoxHost-OnlyEthernetAdapter网卡)2、R1保存当前配置3、在R1上开启FTP服务4、使用真机访问FTP服务,把R1的配置文件拷......