Huawei 1+x network communication and maintenance

1, Experimental topology

2, VLAN information

3, ip information

4, Equipment naming

In order to facilitate the later maintenance, fault location and network standardization, it is necessary to name the network equipment.
Please name the device according to Figure 3-1 experimental test topology.
The naming rules are: City - equipment setting location - equipment function attribute and serial number - equipment model.
For example, the router on the core layer of Hangzhou campus is named HZ-HZCampus-Core01-AR6140.
Please pay attention to case, and be sure to keep consistent with Figure 3-1 experimental examination topology.

[Huawei] sysname HZ- - HZCampus- - Acc01- - S5731
[Huawei] sysname HZ- - HZCampus- - Acc02- - S5731
[Huawei] sysname HZ- - HZCampus- - Acc03- - S5731
[Huawei] sysname HZ- - HZCampus- - Agg01- - S5731
[Huawei] sysname HZ- - HZCampus- - Core01- - AR6140
[Huawei] sysname SH- - SHEDU- - Backbone01- - AR6140
[Huawei] sysname SH- - SHEDU- - Backbone02- - AR6140
[Huawei] sysname SH- - SHEDU- - Backbone03- -

5, Link aggregation

The local server area of the park provides intranet services for campus users. In order to ensure the stability of the link, at the same time
Maximize bandwidth on the premise of class I hardware devices. Configure link aggregation between Agg01 and Acc03. please
Layer 2 link aggregation is realized through Lacp mode. The member interfaces are GE0/0/3 and GE0/0/4, and the link aggregation interface ID
Is 1

[HZ- - HZCampus- - Agg01- - S5731] : 
interface Eth-Trunk1
mode lacp-static
#
interface GigabitEthernet0/0/3
eth-trunk 1
#
interface GigabitEthernet0/0/4
eth-trunk 1
[HZ- - HZCampus- - Acc03- - S5731] : 
interface Eth-Trunk1
mode lacp-static
#
interface GigabitEthernet0/0/3
eth-trunk 1
#
interface GigabitEthernet0/0/4
eth-trunk 1

6, vlan configuration

The whole network equipment shall be configured with the required VLAN as required.
Please configure the required VLAN on the corresponding switch according to Figure 3-1 experimental test topology and Table 3-1 VLAN information
VLAN.
2020-11-11 Page 4 of 16
Note: in order to ensure network connectivity, the switch only allows the VLAN specified in the topic to pass through.

[ HZ- - HZCampus- - Acc01- - S5731] ] : 
vlan batch 10 20
# #
interface GigabitEthernet0/0/1
port link- - type trunk
port trunk allow- - pass vlan 10 20
# #
interface GigabitEthernet0/0/2
port link- - type access
port default vlan 10
# #
interface GigabitEthernet0/0/3
port link- - type trunk
port trunk allow- - pass vlan 10 20
[ [ HZ- - HZCampus- -A A cc02- - S5731] ]: 
vlan batch 10 20
#
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 10 20
#
interface GigabitEthernet0/0/2
port link-type access
port default vlan 20
#
interface GigabitEthernet0/0/3
2020-11-11 Page 5 of 16
port link-type trunk
port trunk allow-pass vlan 10 20
[ [ HZ- - HZCampus- - Agg01- - S5731] ] : 
vlan batch 10 20
#
interface Eth-Trunk1
port link-type trunk
undo port trunk allow-pass vlan 1
port trunk allow-pass vlan 10 20
#
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 10 20
#
interface GigabitEthernet0/0/2
port link-type trunk
port trunk allow-pass vlan 10 20
#
interface GigabitEthernet0/0/5
port link-type trunk
port trunk allow-pass vlan 10 20
[HZ- - HZCampus- - Acc03- - S5731] : 
interface Eth-Trunk1
port link-type trunk
undo port trunk allow-pass vlan 1
port trunk allow-pass vlan 10 20

7, IP addressing

[HZ- - HZCampus- - Core01- - AR6140] : 
interface GigabitEthernet0/0/0.1
dot1q termination vid 10
ip address 192.168.10.254 255.255.255.0
arp broadcast enable
#
interface GigabitEthernet0/0/0.2
dot1q termination vid 20
ip address 192.168.20.254 255.255.255.0
arp broadcast enable
#
interface GigabitEthernet0/0/1
ip address 1.2.3.1 255.255.255.252
#
interface GigabitEthernet0/0/2
ip address 3.2.1.1 255.255.255.252
[SH- - SHEDU- - Backbone01- - AR6140] : 
interface GigabitEthernet0/0/1
ip address 10.2.34.3 255.255.255.0
#
interface GigabitEthernet0/0/2
ip address 3.2.1.2 255.255.255.252
#
interface LoopBack0
2020-11-11 Page 7 of 16
ip address 3.3.3.3 255.255.255.255
[SH- - SHEDU- - Backbone02- - AR6140] : 
interface GigabitEthernet0/0/0
ip address 10.2.34.4 255.255.255.0
#
interface GigabitEthernet0/0/1
ip address 10.2.45.4 255.255.255.0
#
interface LoopBack0
ip address 4.4.4.4 255.255.255.255
[SH-SHEDU-Backbone03-AR6140]: 
interface GigabitEthernet0/0/0
ip address 10.2.45.5 255.255.255.0
#
interface LoopBack0
ip address 5.5.5.5 255.255.255.255
[Internet] : 
interface GigabitEthernet0/0/1
ip address 1.2.3.2 255.255.255.252

8, RSTP

In order to prevent loops in the layer-2 network and improve the network reliability, it is configured between Acc01, Acc02 and Agg01
Set STP protocol.

1. STP mode is RSTP. Set the priority of Agg01 to 4096 to make it the root bridge.

[HZ- - HZCampus- - Acc01- - S5731] : 
stp mode rstp
2020-11-11 Page 8 of 16
[HZ- - HZCampus- - Acc02- - S5731] : 
stp mode rstp
[HZ- - HZCampus- - Agg01- - S5731] : 
stp mode rstp
stp priority 4096

1. In order to ensure the stability of the network to the greatest extent and avoid the network fluctuation caused by frequent restart of the host. Required by
   If there is a switch port connected to the PC, it does not participate in STP calculation and directly enters the Forwarding state for Forwarding.

[HZ- - HZCampus- - Acc01- - S5731] : 
interface GigabitEthernet0/0/2
stp edged-port enable
[HZ- - HZCampus- - Acc02- - S5731] : 
interface GigabitEthernet0/0/2
stp edged-port enable

9, OSPF

In order to ensure the communication between education backbone networks, dynamic routing protocol OSPF is selected as the IGP of education backbone network.

1. Run OSPF between backbone 01, Backbone 02 and Backbone 03, and configure OSPF process number
   Is 1, all within backbone area 0.
2. When creating an OSPF process, manually set the Router ID to be consistent with the loopback address. Required interconnection interfaces and
   The network segment where Loopback interface is located adopts 32-bit precise declaration.
   For example, the command for 32-bit declaration of 1.2.3.4/24 is network 1.2.3.4 0.0.0
3. In order to ensure the security of routing interaction, on Backbone01, Backbone 02 and Backbone 03
   Regional authentication is adopted and md5 encryption algorithm is selected. The authentication key ID is 1, the key type is cipher, and the key is encrypted
   Code is“ huawei@123 ”.

[SH- - SHEDU- - Backbone01- - AR6140]: :
2020-11-11 Page 10 of 16
ospf 1 router-id 3.3.3.3
area 0.0.0.0
authentication-mod md5 1 cipher huawei@123
network 3.3.3.3 0.0.0.0
network 10.2.34.3 0.0.0.0

[SH- - SHEDU- - Backbone02- - AR6140]: :
ospf 1 router-id 4.4.4.4
area 0.0.0.0
authentication-mode md5 1 cipher huawei@123
network 4.4.4.4 0.0.0.0
network 10.2.34.4 0.0.0.0
network 10.2.45.4 0.0.0.0

[SH- - SHEDU- - Backbone03- - AR6140]: :
ospf 1 router-id 5.5.5.5
area 0.0.0.0
authentication-mode md5 1 cipher huawei@123
network 5.5.5.5 0.0.0.0
network 10.2.45.5 0.0.0.0

10, Export design

1. In order to enable campus users to access the Internet and access the databases of other schools through the education backbone network. stay
   Two default static routes are deployed on Core01, and the next hop points to the Internet and Backbone01 respectively.
   Deploy detailed static routing on Backbone01. The destination network segment is 192.168.20.0, and the next hop points to
   Core01.
   Deploy detailed static routing on the Internet. The destination network segment is 192.168.10.0, and the next hop points to
   Core01.

[SH- - SHEDU- - Backbone01- - AR6140] : 
ip route-static 192.168.20.0 255.255.255.0 3.2.1.1
[Internet] : 
ip route-static 192.168.10.0 255.255.255.0 1.2.3.1

1. In order to realize that users in the 192.168.10.0/24 intranet segment can access the external network (Internet), on Core01
   Configure NAT and use Easy IP in combination with ACL permit statement.

[HZ- - HZCampus- - Core01- - AR6140] : 
acl number 2000
rule 5 permit source 192.168.10.0 0.0.0.255
#
interface GigabitEthernet0/0/1
nat outbound 2000

1. In order to ensure the security of the education backbone network, only users in the intranet 192.168.20.0/24 segment are allowed to access other networks
   School database. Combined with ACL permit statement, it is implemented in the exit direction of Core01 interface.
   The above ACLS use the basic ACL. The number 2000 matches the 192.168.10.0/24 network segment. No. 2001
   192.168.20.0/24 network segment is configured, rule number starts from 5, and default step size is adopted.

[HZ- - HZCampus- - Core01- - AR6140] : 
acl number 2001
rule 5 permit source 192.168.20.0 0.0.0.255
#
interface GigabitEthernet0/0/2
traffic-filter outbound acl 2001

11, Route introduction

In order to enable intranet users to communicate normally with other campuses through the education backbone network, a static interface is installed on Backbone01
The route is introduced into OSPF.
The command of route introduction is: Import -- route

[SH- - SHEDU- - Backbone01- - AR6140]: :
ospf 1
import-route static

Finally, I need to add QQ: 2647996100 of the experimental topology and compilation software ensp to obtain it.