华为 1+X 中级试题（二）《网络系统建设与运维》-做题详解

喝茶我喜欢喝大杯的

已于 2024-06-27 11:39:52 修改

阅读量1.2k

点赞数 12

文章标签：学习华为运维笔记

于 2024-06-03 20:19:04 首次发布

本文链接：https://blog.csdn.net/P5093/article/details/139423069

版权

一、前言

通过博客记录学习成长，如有侵权，可私信联系删除

该内容为华为1+x 认证试卷题解，有不正确的地方还希望各位指出，以此改正。

二、拓扑结构图

三、设备命名（任务1）

1. 设备命名

为了方便后期维护和故障定位及网络的规范性，需要对网络设备进行规范化命名，请根据 Figure3-1 实验考试拓扑对设备进行命名。命名规则为：城市-设备的设置地点-设备的功能属性和序号-设备型号。

命令：

system-v = system-view

//进入系统模式

sy = sysname+设备名称

其中任意一个即可

详细命令展示：

HZ-HZXiaoYuan-Acc01-S5731

sy

sy HZ-HZXiaoYuan-Acc01-S5731（注意sy 后加空格了）

HZ-HZXiaoYuan-Acc02-S5731

sy

sy HZ-HZXiaoYuan-Acc02-S5731

sy

sy HZ-HZXiaoYuan-Agg01-S5731

sy

sy HZ-HZXiaoYuan-Agg02-S5731

sy

sy HZ-HZXiaoYuan-Core01-AR6140

sy

sy HZ-HZXiaoYuan-Core02-AR6140

sy

syHZ-HZXiaoYuan-Edge01-AR6140

sy

sy HZ-HZEDU-Edge01-AR6140

四、链路聚合（任务2）

链路聚合校园网中用户密度极大，在学生上网的高峰阶段，会产生大量的网络流量，为了保证汇聚层链路的稳定性，在不升级硬件设备的前提下最大限度的提升带宽，在 Agg01 与 Agg02 之间配置链路聚合，请通过手工模式实现二层链路聚合，成员接口为 GE0/0/21,GE0/0/22,GE0/0/23，聚合组 ID 为 1

HZ-HZXiaoYuan-Agg01-S5731

[HZ-HZXiaoYuan-Agg01-S5731]int Eth-Trunk 1
[HZ-HZXiaoYuan-Agg01-S5731-Eth-Trunk1]t
[HZ-HZXiaoYuan-Agg01-S5731-Eth-Trunk1]trunkport g0/0/21
[HZ-HZXiaoYuan-Agg01-S5731-Eth-Trunk1]trunkport g0/0/22
[HZ-HZXiaoYuan-Agg01-S5731-Eth-Trunk1]trunkport g0/0/23

方法二，适合追求速度的人

[HZ-HZXiaoYuan-Agg01-S5731]int et 1
[HZ-HZXiaoYuan-Agg01-S5731-Eth-Trunk1]
[HZ-HZXiaoYuan-Agg01-S5731-Eth-Trunk1]trunkport g0/0/21 to g0/0/23

做完检查

HZ-HZXiaoYuan-Agg02-S5731

[HZ-HZXiaoYuan-Agg02-S5731]int Eth-Trunk 1
[HZ-HZXiaoYuan-Agg02-S5731-Eth-Trunk1]t
[HZ-HZXiaoYuan-Agg02-S5731-Eth-Trunk1]trunkport g0/0/21
[HZ-HZXiaoYuan-Agg02-S5731-Eth-Trunk1]trunkport g0/0/22
[HZ-HZXiaoYuan-Agg02-S5731-Eth-Trunk1]trunkport g0/0/23
[HZ-HZXiaoYuan-Agg02-S5731-Eth-Trunk1]

检查

五、VLAN（任务3）

为了确保网络的稳定与安全，避免二层网络过大可能带来的问题，在本网络中进行VLAN的规划部署。

请根据Figure 3-1实验考试拓扑和Table 3-1 VLAN信息，在对应交换机上配置所需的VLAN。

注意:为了保证网络的连通性，交换机只允许题目中规定的VLAN通过。

HZ-HZXiaoYuan-Agg01-S5731

[HZ-HZXiaoYuan-Agg01-S5731]

[HZ-HZXiaoYuan-Agg01-S5731]v b 1 10 20 100 #1是什么意思，咱们

[HZ-HZXiaoYuan-Agg01-S5731]int g0/0/1

[HZ-HZXiaoYuan-Agg01-S5731-GigabitEthernet0/0/1]port link-type trunk

[HZ-HZXiaoYuan-Agg01-S5731-GigabitEthernet0/0/1]port trunk allow-pass vlan 10 20

[HZ-HZXiaoYuan-Agg01-S5731-GigabitEthernet0/0/1]int g0/0/3

[HZ-HZXiaoYuan-Agg01-S5731-GigabitEthernet0/0/3]port link-type trunk

[HZ-HZXiaoYuan-Agg01-S5731-GigabitEthernet0/0/3]port trunk allow-pass vlan 10 20

[HZ-HZXiaoYuan-Agg01-S5731-GigabitEthernet0/0/3]int g0/0/24

[HZ-HZXiaoYuan-Agg01-S5731-GigabitEthernet0/0/24]port link-type access

[HZ-HZXiaoYuan-Agg01-S5731-GigabitEthernet0/0/24]port default vlan 100

[HZ-HZXiaoYuan-Agg01-S5731-GigabitEthernet0/0/24]int et 1

[HZ-HZXiaoYuan-Agg01-S5731-Eth-Trunk1]port link-type trunk

[HZ-HZXiaoYuan-Agg01-S5731-Eth-Trunk1]po t a v 10 20

[HZ-HZXiaoYuan-Agg01-S5731-Eth-Trunk1]

检查

dis vlan

HZ-HZXiaoYuan-Agg02-S5731

[HZ-HZXiaoYuan-Agg02-S5731]

[HZ-HZXiaoYuan-Agg02-S5731]v b 10 20 101

[HZ-HZXiaoYuan-Agg02-S5731]int g0/0/2

[HZ-HZXiaoYuan-Agg02-S5731-GigabitEthernet0/0/2]port link-t t

[HZ-HZXiaoYuan-Agg02-S5731-GigabitEthernet0/0/2]po t a v 10 20

[HZ-HZXiaoYuan-Agg02-S5731-GigabitEthernet0/0/2]int g0/0/4

[HZ-HZXiaoYuan-Agg02-S5731-GigabitEthernet0/0/4]po link-t t

[HZ-HZXiaoYuan-Agg02-S5731-GigabitEthernet0/0/4]po t a v 10 20

[HZ-HZXiaoYuan-Agg02-S5731-GigabitEthernet0/0/4]int g0/0/24

[HZ-HZXiaoYuan-Agg02-S5731-GigabitEthernet0/0/24]po link-t a

[HZ-HZXiaoYuan-Agg02-S5731-GigabitEthernet0/0/24]po de v 101

[HZ-HZXiaoYuan-Agg02-S5731-GigabitEthernet0/0/24]int et 1

[HZ-HZXiaoYuan-Agg02-S5731-Eth-Trunk1]po link-t t

[HZ-HZXiaoYuan-Agg02-S5731-Eth-Trunk1]po t a v 10 20

[HZ-HZXiaoYuan-Agg02-S5731-Eth-Trunk1]

检查

dis vlan

HZ-HZXiaoYuan-Acc01-S5731

[HZ-HZXiaoYuan-Acc01-S5731]v b 10 20

[HZ-HZXiaoYuan-Acc01-S5731]int g0/0/3

[HZ-HZXiaoYuan-Acc01-S5731-GigabitEthernet0/0/3]po link-t t

[HZ-HZXiaoYuan-Acc01-S5731-GigabitEthernet0/0/3]po t a v 10 20

[HZ-HZXiaoYuan-Acc01-S5731-GigabitEthernet0/0/3]int g0/0/4

[HZ-HZXiaoYuan-Acc01-S5731-GigabitEthernet0/0/4]po link-t t

[HZ-HZXiaoYuan-Acc01-S5731-GigabitEthernet0/0/4]po t a v 10 20

[HZ-HZXiaoYuan-Acc01-S5731-GigabitEthernet0/0/4]int g0/0/24

[HZ-HZXiaoYuan-Acc01-S5731-GigabitEthernet0/0/24]po link-t h

[HZ-HZXiaoYuan-Acc01-S5731-GigabitEthernet0/0/24]port hybrid pvid vlan 20

[HZ-HZXiaoYuan-Acc01-S5731-GigabitEthernet0/0/24]port hybrid pvid vlan 20

[HZ-HZXiaoYuan-Acc01-S5731-GigabitEthernet0/0/24]

检查

dis vlan

HZ-HZXiaoYuan-Acc02-S5731

[HZ-HZXiaoYuan-Acc02-S5731]v b 10 20

[HZ-HZXiaoYuan-Acc02-S5731]int g0/0/1

[HZ-HZXiaoYuan-Acc02-S5731-GigabitEthernet0/0/1]po link-t t

[HZ-HZXiaoYuan-Acc02-S5731-GigabitEthernet0/0/1]po t a v 10 20

[HZ-HZXiaoYuan-Acc02-S5731-GigabitEthernet0/0/1]int g0/0/2

[HZ-HZXiaoYuan-Acc02-S5731-GigabitEthernet0/0/2]po link-t t

[HZ-HZXiaoYuan-Acc02-S5731-GigabitEthernet0/0/2]po t a v 10 20

[HZ-HZXiaoYuan-Acc02-S5731-GigabitEthernet0/0/2]int g0/0/23

[HZ-HZXiaoYuan-Acc02-S5731-GigabitEthernet0/0/23]po link-t a

[HZ-HZXiaoYuan-Acc02-S5731-GigabitEthernet0/0/23]po de v 10

[HZ-HZXiaoYuan-Acc02-S5731-GigabitEthernet0/0/23]int g0/0/24

[HZ-HZXiaoYuan-Acc02-S5731-GigabitEthernet0/0/24]po link-t a

[HZ-HZXiaoYuan-Acc02-S5731-GigabitEthernet0/0/24]po de v 10

[HZ-HZXiaoYuan-Acc02-S5731-GigabitEthernet0/0/24]

检查

dis vlan

任务四、IP 编址

请根据 Figure 3-1 实验考试拓扑和 Table 3-2 IP 地址规划给出的信息，配置对应网络设备接口的 IP 地址

HZ-HZXiaoYuan-Edge01-AR6140

[HZ-HZXiaoYuan-Edge01-AR6140]int g0/0/0

[HZ-HZXiaoYuan-Edge01-AR6140-GigabitEthernet0/0/0]ip ad 10.1.12.1 24

[HZ-HZXiaoYuan-Edge01-AR6140-GigabitEthernet0/0/0]int g0/0/1

[HZ-HZXiaoYuan-Edge01-AR6140-GigabitEthernet0/0/1]ip ad 10.1.13.1 24

[HZ-HZXiaoYuan-Edge01-AR6140-GigabitEthernet0/0/1]int g0/0/2

[HZ-HZXiaoYuan-Edge01-AR6140-GigabitEthernet0/0/2]ip ad 10.1.15.1 24

[HZ-HZXiaoYuan-Edge01-AR6140-GigabitEthernet0/0/2]int s 4/0/0

[HZ-HZXiaoYuan-Edge01-AR6140-Serial4/0/0]ip ad 10.2.15.1 24

[HZ-HZXiaoYuan-Edge01-AR6140-Serial4/0/0]int lo 0

[HZ-HZXiaoYuan-Edge01-AR6140-LoopBack0]ip ad 10.1.1.1 32

[HZ-HZXiaoYuan-Edge01-AR6140-LoopBack0]

检查

display ip int brief

HZ-HZXiaoYuan-Core01-AR6140

[HZ-HZXiaoYuan-Core01-AR6140]int g0/0/0

[HZ-HZXiaoYuan-Core01-AR6140-GigabitEthernet0/0/0]ip ad 10.1.12.2 24

[HZ-HZXiaoYuan-Core01-AR6140-GigabitEthernet0/0/0]int g0/0/1

[HZ-HZXiaoYuan-Core01-AR6140-GigabitEthernet0/0/1]ip ad 10.1.26.2 24

[HZ-HZXiaoYuan-Core01-AR6140-GigabitEthernet0/0/1]int g0/0/2

[HZ-HZXiaoYuan-Core01-AR6140-GigabitEthernet0/0/2]ip ad 10.1.23.2 24

[HZ-HZXiaoYuan-Core01-AR6140-GigabitEthernet0/0/2]int lo 0

[HZ-HZXiaoYuan-Core01-AR6140-LoopBack0]ip ad 10.1.2.2 32

[HZ-HZXiaoYuan-Core01-AR6140-LoopBack0]

检查

display ip int brief

HZ-HZXiaoYuan-Core02-AR6140

[HZ-HZXiaoYuan-Core02-AR6140]int g0/0/0

[HZ-HZXiaoYuan-Core02-AR6140-GigabitEthernet0/0/0]ip ad 10.1.37.3 24

[HZ-HZXiaoYuan-Core02-AR6140-GigabitEthernet0/0/0]int g0/0/1

[HZ-HZXiaoYuan-Core02-AR6140-GigabitEthernet0/0/1]ip ad 10.1.13.3 24

[HZ-HZXiaoYuan-Core02-AR6140-GigabitEthernet0/0/1]int g0/0/2

[HZ-HZXiaoYuan-Core02-AR6140-GigabitEthernet0/0/2]ip ad 10.1.23.3 24

[HZ-HZXiaoYuan-Core02-AR6140-GigabitEthernet0/0/2]int lo 0

[HZ-HZXiaoYuan-Core02-AR6140-LoopBack0]ip ad 10.1.3.3 32

[HZ-HZXiaoYuan-Core02-AR6140-LoopBack0]

检查

dis IP int b

HZ-HZEDU-Edge01-AR6140

[HZ-HZEDU-Edge01-AR6140]int g0/0/0

[HZ-HZEDU-Edge01-AR6140-GigabitEthernet0/0/0]ip ad 192.168.4.254 24

[HZ-HZEDU-Edge01-AR6140-GigabitEthernet0/0/0]int s 4/0/0

[HZ-HZEDU-Edge01-AR6140-Serial4/0/0]ip ad 10.2.14.4 24

[HZ-HZEDU-Edge01-AR6140-Serial4/0/0]int lo 0

[HZ-HZEDU-Edge01-AR6140-LoopBack0]ip ad 10.1.4.4 32

[HZ-HZEDU-Edge01-AR6140-LoopBack0]

SH-SHXiaoYuan-Edge01-AR6140

[SH-SHXiaoYuan-Edge01-AR6140]int g0/0/0

[SH-SHXiaoYuan-Edge01-AR6140-GigabitEthernet0/0/0]ip ad 10.1.15.5 24

[SH-SHXiaoYuan-Edge01-AR6140-GigabitEthernet0/0/0]int g0/0/1

[SH-SHXiaoYuan-Edge01-AR6140-GigabitEthernet0/0/1]ip ad 192.168.5.254 24

[SH-SHXiaoYuan-Edge01-AR6140-GigabitEthernet0/0/1]int lo 0

[SH-SHXiaoYuan-Edge01-AR6140-LoopBack0]ip ad 10.1.5.5 32

[SH-SHXiaoYuan-Edge01-AR6140-LoopBack0]

HZ-HZXiaoYuan-Agg01-S5731

[HZ-HZXiaoYuan-Agg01-S5731]int v 10

[HZ-HZXiaoYuan-Agg01-S5731-Vlanif10]ip ad 192.168.10.100 24

[HZ-HZXiaoYuan-Agg01-S5731-Vlanif10]int v 20

[HZ-HZXiaoYuan-Agg01-S5731-Vlanif20]ip ad 192.168.20.101 24

[HZ-HZXiaoYuan-Agg01-S5731-Vlanif20]int v100

[HZ-HZXiaoYuan-Agg01-S5731-Vlanif100]ip a 10.1.26.6 24

[HZ-HZXiaoYuan-Agg01-S5731-Vlanif100]int lo 0

[HZ-HZXiaoYuan-Agg01-S5731-LoopBack0]ip ad 10.1.6.6 32

[HZ-HZXiaoYuan-Agg01-S5731-LoopBack0]

HZ-HZXiaoYuan-Agg02-S5731

[HZ-HZXiaoYuan-Agg02-S5731]int v 10

[HZ-HZXiaoYuan-Agg02-S5731-Vlanif10]ip ad 192.168.10.101 24

[HZ-HZXiaoYuan-Agg02-S5731-Vlanif10]int v 20

[HZ-HZXiaoYuan-Agg02-S5731-Vlanif20]ip ad 192.168.20.100 24

[HZ-HZXiaoYuan-Agg02-S5731-Vlanif20]int v 101

[HZ-HZXiaoYuan-Agg02-S5731-Vlanif101]ip ad 10.1.37.7 24

[HZ-HZXiaoYuan-Agg02-S5731-Vlanif101]int lo 0

[HZ-HZXiaoYuan-Agg02-S5731-LoopBack0]ip ad 10.1.7.7 32

[HZ-HZXiaoYuan-Agg02-S5731-LoopBack0]

做完后检查一下，ip地址配置

display ip interface brief

任务五、RSTP

为了防止二层网络中出现环路，导致广播风暴等问题， Acc01,Acc02,Agg01,Agg02 之间配置 STP 协议

1. STP 模式为 RSTP，要求通过使用“stp root primary/secondary”命令，使得 Agg01 为根桥，Agg02 为备根桥

2. 为了保证网络连通性，在不改变交换机角色的前提下，通过修改接入层交换机接口的开销值使得 Acc01-Agg01,Acc02-Agg02 这两条链路被阻塞，必要的接口开销值都改为 200000。

3. 为了最大限度的保证网络的稳定性，避免主机频繁重启导致的网络波动，要求所有与 PC 相连的交换机端口，不参加 STP 计算，直接进入 Forwarding。

1、

HZ-HZXiaoYuan-Agg01-S5731

[HZ-HZXiaoYuan-Agg01-S5731]stp mode rstp

[HZ-HZXiaoYuan-Agg01-S5731]stp root primary

HZ-HZXiaoYuan-Agg02-S5731

[HZ-HZXiaoYuan-Agg02-S5731]stp mode rstp

[HZ-HZXiaoYuan-Agg02-S5731]stp root secondary

HZ-HZXiaoYuan-Acc02-S5731

[HZ-HZXiaoYuan-Acc02-S5731]stp mode rstp

HZ-HZXiaoYuan-Acc01-S5731

[HZ-HZXiaoYuan-Acc01-S5731]stp mode rstp

2、

HZ-HZXiaoYuan-Acc01-S5731

[HZ-HZXiaoYuan-Acc01-S5731] int g0/0/3

[HZ-HZXiaoYuan-Acc01-S5731-GigabitEthernet0/0/3] stp instance 0 cost 200000

3、

HZ-HZXiaoYuan-Acc02-S5731

[HZ-HZXiaoYuan-Acc02-S5731]int g0/0/24

[HZ-HZXiaoYuan-Acc02-S5731-GigabitEthernet0/0/24]stp edged-port enable

[HZ-HZXiaoYuan-Acc02-S5731-GigabitEthernet0/0/24]int g0/0/23

[HZ-HZXiaoYuan-Acc02-S5731-GigabitEthernet0/0/23]stp edged-port enable

HZ-HZXiaoYuan-Acc01-S573

[HZ-HZXiaoYuan-Acc01-S5731]int g0/0/24

[HZ-HZXiaoYuan-Acc01-S5731-GigabitEthernet0/0/24]stp edged-port enable

[HZ-HZXiaoYuan-Acc01-S5731-GigabitEthernet0/0/24]

八、VRRP（任务6）

单一网关的设置，在物理设备与链路出现故障时，会导致大量用户无法上网的情况，为了保证校园网中宿舍楼及教学楼的终端访问网络的稳定性，在校园网的网关位置进行冗余备份配置，通过在 Agg01， Agg02 上部署 VRRP 协议，满足上述要求。

1. VLAN 10 使用 VRRP 备份组

1，VRRP 备份组 1 虚拟 IP 地址为 192.168.10.254. VLAN 20 使用 VRRP 备份组

2，VRRP 备份组 2 虚拟 IP 地址为 192.168.20.254.

2. VRRP 备份组 1 以 Agg01 为主网关，（优先级为 120），Agg02 作为备份网关（优先级为缺省）；

VRRP 备份组 2 以 Agg02 为主网关（优先级为 120），Agg01 作为备份网关（优先级为缺省）

3. 分别在两个备份组中监测上行接口，当上行接口出现故障时主网关优先级降低 30，主动完成切换

HZ-HZXiaoYuan-Agg01-S5731

[HZ-HZXiaoYuan-Agg01-S5731]int v 10

[HZ-HZXiaoYuan-Agg01-S5731-Vlanif10]vrrp vrid 1 virtual-ip 192.168.10.254

[HZ-HZXiaoYuan-Agg01-S5731-Vlanif10]int v 20

[HZ-HZXiaoYuan-Agg01-S5731-Vlanif20]vrrp vrid 2 virtual-ip 192.168.20.254

[HZ-HZXiaoYuan-Agg01-S5731-Vlanif20]int v10

[HZ-HZXiaoYuan-Agg01-S5731-Vlanif10]vrrp vrid 1 priority 120

[HZ-HZXiaoYuan-Agg01-S5731-Vlanif10]vrrp vrid 1 track int g0/0/24 reduced 30

HZ-HZXiaoYuan-Agg02-S5731

[HZ-HZXiaoYuan-Agg02-S5731]int v 10

[HZ-HZXiaoYuan-Agg02-S5731-Vlanif10]vrrp vrid 1 virtual-ip 192.168.10.254

[HZ-HZXiaoYuan-Agg02-S5731-Vlanif10]int v 20

[HZ-HZXiaoYuan-Agg02-S5731-Vlanif20]vrrp vrid 2 virtual-ip 192.168.20.254

[HZ-HZXiaoYuan-Agg02-S5731-Vlanif20]vrrp vrid 2 priority 120

[HZ-HZXiaoYuan-Agg02-S5731-Vlanif20]vrrp vrid 2 track int g0/0/24 reduced 30

九、OSPF（任务7）

为了满足校园网中众多设备之间的三层访问，且避免路由环路的出现，保证后期校园网络的扩展性，选用动态路由协议 OSPF 作为本校园网络的 IGP。

1. Agg01，Agg02，Core01，Gore02，HZ-HZXiaoYuan-Edge01-AR6140(除 S4/0/0),SH-SHXiaoYuan-Edge01-AR6140 之间运行 OSPF，配置 OSPF 进程号为 1，SHXiaoYuan-Edge01 的所有接口及 HZXiaoYuan 的 GE0/0/2 接口在区域

1，其他都在骨干区域。多区域配置的命令为：area 1 network x.x.x.x x.x.x.x

2. 在创建 OSPF 进程时手动设定 Router ID 与环回地址一致，要求所有网段采用 32 位精确宣告。例如：将 1.2.3.4/24 此地址进行 32 宣告的命令位 network 1.2.3.4 0.0.0.0。例：ospf 1 router-id 10.1.6.6 area 0.0.0.0 network 10.1.6.6 0.0.0.0 network 192.168.10.100 0.0.0.0 network 192.168.20.101 0.0.0.0 network 10.1.26.6 0.0.0.0

3.修改 HZXiaoYuan-Edge01 的 G0/0/0 口 DR 优先级为最大值，保证此接口为相应网段的 DR 例：ospf dr-priority 255

4.为了加强对攻击行为的防范，在 HZ-HZXiaoYuan-Edgc01、Core01、 Core02 三台设备的互联接口上配置接口认证，选择 md5 加密算法，认证密钥ID为1，密钥类型为cipher，密码为huawei" 例：ospf authentication-mode md5 1 cipher huawei

HZ-HZXiaoYuan-Agg01-S5731

[HZ-HZXiaoYuan-Agg01-S5731]ospf

[HZ-HZXiaoYuan-Agg01-S5731-ospf-1]a 0

[HZ-HZXiaoYuan-Agg01-S5731-ospf-1-area-0.0.0.0] network 10.1.6.6 0.0.0.0

[HZ-HZXiaoYuan-Agg01-S5731-ospf-1-area-0.0.0.0] net 192.168.10.100 0.0.0.0

[HZ-HZXiaoYuan-Agg01-S5731-ospf-1-area-0.0.0.0] net 192.168.20.101 0.0.0.0

[HZ-HZXiaoYuan-Agg01-S5731-ospf-1-area-0.0.0.0] net 10.1.26.6 0.0.0.0

[HZ-HZXiaoYuan-Agg01-S5731-ospf-1-area-0.0.0.0]

检查

dis ospf routing

HZ-HZXiaoYuan-Agg02-S5731

[HZ-HZXiaoYuan-Agg02-S5731] ospf 1 router-id 10.1.7.7

[HZ-HZXiaoYuan-Agg02-S5731-ospf-1]a 0

[HZ-HZXiaoYuan-Agg02-S5731-ospf-1-area-0.0.0.0] network 10.1.7.7 0.0.0.0

[HZ-HZXiaoYuan-Agg02-S5731-ospf-1-area-0.0.0.0] net 192.168.10.101 0.0.0.0

[HZ-HZXiaoYuan-Agg02-S5731-ospf-1-area-0.0.0.0] net 192.168.20.100 0.0.0.0

[HZ-HZXiaoYuan-Agg02-S5731-ospf-1-area-0.0.0.0] net 10.1.37.7 0.0.0.0

检查

dis ospf routing

HZ-HZXiaoYuan-Core01-AR6140

[HZ-HZXiaoYuan-Core01-AR6140] ospf 1 router-id 10.1.2.2

[HZ-HZXiaoYuan-Core01-AR6140-ospf-1]a 0

[HZ-HZXiaoYuan-Core01-AR6140-ospf-1-area-0.0.0.0] network 10.1.2.2 0.0.0.0

[HZ-HZXiaoYuan-Core01-AR6140-ospf-1-area-0.0.0.0] net 10.1.12.2 0.0.0.0

[HZ-HZXiaoYuan-Core01-AR6140-ospf-1-area-0.0.0.0] net 10.1.26.2 0.0.0.0

[HZ-HZXiaoYuan-Core01-AR6140-ospf-1-area-0.0.0.0] net 10.1.23.2 0.0.0.0

HZ-HZXiaoYuan-Core02-AR6140

[HZ-HZXiaoYuan-Core02-AR6140]ospf 1 r 10.1.3.3

[HZ-HZXiaoYuan-Core02-AR6140-ospf-1]a 0

[HZ-HZXiaoYuan-Core02-AR6140-ospf-1-area-0.0.0.0] network 10.1.3.3 0.0.0.0

[HZ-HZXiaoYuan-Core02-AR6140-ospf-1-area-0.0.0.0] net 10.1.37.3 0.0.0.0

[HZ-HZXiaoYuan-Core02-AR6140-ospf-1-area-0.0.0.0] net 10.1.13.3 0.0.0.0

[HZ-HZXiaoYuan-Core02-AR6140-ospf-1-area-0.0.0.0] net 10.1.23.3 0.0.0.0

[HZ-HZXiaoYuan-Core02-AR6140-ospf-1-area-0.0.0.0]

HZ-HZXiaoYuan-Edge01-AR614a0

[HZ-HZXiaoYuan-Edge01-AR6140] ospf 1 router-id 10.1.1.1

[HZ-HZXiaoYuan-Edge01-AR6140-ospf-1] a 1

[HZ-HZXiaoYuan-Edge01-AR6140-ospf-1-area-0.0.0.1] net 10.1.15.1 0.0.0.0

[HZ-HZXiaoYuan-Edge01-AR6140-ospf-1-area-0.0.0.1] q

[HZ-HZXiaoYuan-Edge01-AR6140-ospf-1] a 0

[HZ-HZXiaoYuan-Edge01-AR6140-ospf-1-area-0.0.0.0] network 10.1.1.1 0.0.0.0

[HZ-HZXiaoYuan-Edge01-AR6140-ospf-1-area-0.0.0.0] network 10.1.12.1 0.0.0.0

[HZ-HZXiaoYuan-Edge01-AR6140-ospf-1-area-0.0.0.0] network 10.1.13.1 0.0.0.0

SH-SHXiaoYuan-Edge01-AR6140

[SH-SHXiaoYuan-Edge01-AR6140] ospf 1 router-id 10.1.5.5

[SH-SHXiaoYuan-Edge01-AR6140-ospf-1]a 1

[SH-SHXiaoYuan-Edge01-AR6140-ospf-1-area-0.0.0.1] network 10.1.5.5 0.0.0.0

[SH-SHXiaoYuan-Edge01-AR6140-ospf-1-area-0.0.0.1] net 10.1.15.5 0.0.0.0

[SH-SHXiaoYuan-Edge01-AR6140-ospf-1-area-0.0.0.1] net 192.168.5.254 0.0.0.0

HZ-HZXiaoYuan-Edge01-AR6140

[HZ-HZXiaoYuan-Edge01-AR6140] int g0/0/0

[HZ-HZXiaoYuan-Edge01-AR6140-GigabitEthernet0/0/0] ospf dr-priority 255

[HZ-HZXiaoYuan-Edge01-AR6140] int g0/0/0

[HZ-HZXiaoYuan-Edge01-AR6140-GigabitEthernet0/0/0] ospf authentication-mode md5 1 cipher huawei

[HZ-HZXiaoYuan-Edge01-AR6140-GigabitEthernet0/0/0] int g0/0/1

[HZ-HZXiaoYuan-Edge01-AR6140-GigabitEthernet0/0/1] ospf authentication-mode md5 1 cipher huawei

HZ-HZXiaoYuan-Core01-AR6140

[HZ-HZXiaoYuan-Core01-AR6140] int g0/0/0

[HZ-HZXiaoYuan-Core01-AR6140-GigabitEthernet0/0/0] ospf authentication-mode md5 1 cipher huawei

[HZ-HZXiaoYuan-Core01-AR6140-GigabitEthernet0/0/0] int g0/0/2

[HZ-HZXiaoYuan-Core01-AR6140-GigabitEthernet0/0/2] ospf authentication-mode md5 1 cipher huawei

HZ-HZXiaoYuan-Core02-AR6140

[HZ-HZXiaoYuan-Core02-AR6140] int g0/0/2

[HZ-HZXiaoYuan-Core02-AR6140-GigabitEthernet0/0/2] ospf authentication-mode md5 1 cipher huawei

[HZ-HZXiaoYuan-Core02-AR6140-GigabitEthernet0/0/2] int g0/0/1

[HZ-HZXiaoYuan-Core02-AR6140-GigabitEthernet0/0/1] ospf authentication-mode md5 1 cipher huawei

十、出口设计（任务8）

1. 为保证网络出口的安全性， HZXiaoYuan-Edge01与HZEDU-Edge01之间的PPP链路采用CHAP方式进行验证，HZEDU-Edge01作为验证方，用户名为huawei，密码为Huawei123。

2. HZ-HZXiaoYuan-Edge01-AR6140配置明细静态路由使得校园网内 PC 可以访问教育网中终端PC4所在的网段( 192.168.4.0/24 )，下一跳为HZ-HZEDU-Edge01-AR6140的S4/0/0口。HZ-HZEDU-Edge01-AR6140配置缺省路由访问校园网内部，下一跳为HZ-HZXiaoYuan-Edge01-AR6140的S4/0/0口。

HZ-HZEDU-Edge01-AR6140

[HZ-HZEDU-Edge01-AR6140] aaa

[HZ-HZEDU-Edge01-AR6140-aaa] local-user huawei password cipher Huawei123

[HZ-HZEDU-Edge01-AR6140-aaa] local-user huawei service-type ppp

[HZ-HZEDU-Edge01-AR6140-aaa] int s 4/0/0

[HZ-HZEDU-Edge01-AR6140-Serial4/0/0] ppp authentication-mode chap

HZ-HZXiaoYuan-Edge01-AR6140

[HZ-HZXiaoYuan-Edge01-AR6140] int s4/0/0

[HZ-HZXiaoYuan-Edge01-AR6140-Serial4/0/0] ppp chap password cipher Huawei123

[HZ-HZEDU-Edge01-AR6140] ip route-static 0.0.0.0 0.0.0.0 10.2.14.1

[HZ-HZXiaoYuan-Edge01-AR6140] ip route-static 192.168.4.0 255.255.255.0 10.2.14.4