实验需求
本实验模拟大规模BGP网络部署,使用4字节AS号,传递IPv6路由。
预配说明:
各设备已启用ipv6,都有Loopback0接口,AS内部已配置OSPFv3,AS边界之间已配置ISIS。
一、部署BGP4+
1.1 建立IBGP邻居。
1.1.1 R7与R1-6建立IBGP邻居。
1.1.2 R5与R8/9建立IBGP邻居。
1.1.3 R12与R10/11建立IBGP邻居。
1.1.4 R7要求使用对等体组配置,组名称为IBGP。
1.1.5 AS号如图所示。
1.1.6 确认邻居关系。
1.2 部署反射器
1.2.1 R7为反射器,R1-6是客户端。
1.2.2 R5为反射器,R8/9是客户端。
1.3 建立EBGP邻居>SM
1.3.1 R2和R10使用Loopback0建立EBGP邻居.
1.3.2 已运行ISIS,请确认Loopback0可互通。
1.3.3 使用GTSM防止伪装者攻击,TTL有效跳数为1。
1.3.4 使用md5认证邻居的合法性,password为GT,在配置文件中可查看到明文口令。
1.3.5 确认邻居关系
1.4 建立EBGP邻居&keychain
1.4.1 R6和R11使用Loopback0建立EBGP邻居。
1.4.2已运行ISIS,请确认Loopback0可互通。
1.4.3 EBGP邻居最大跳数为2。
1.4.4 使用keychain认证邻居的合法性:
名称:GT
模式:日周期
key-id 1:算法hmac-md5;口令GT123,明文可查;发送和接收时间0点-11点59
key-id 2:算法hmac-md5;口令GT321,明文可查;发送和接收时间12点-23点59
二、路由聚合
2.1 发布路由
在R12上使用BGP发布Loopback12上4个地址的路由。
2.2 指定明细路由聚合
2.2.1 在R2上将3012::/112和3012::1:0/112聚合为3012::/64
2.2.2 聚合路由保留AS号,且抑制所有明细。
2.2.3 不要将其他路由聚合或抑制。
2.2.4 前缀列表的名称为P1,index 10 匹配3012::/112,index 20匹配3012::1:0/112。
2.2.5 路由策略的名称为RP1,node 10 匹配前缀列表。
2.2.6 在聚合路由时调用策略。
2.3 聚合抑制部分路由
2.3.1 在R11上将R12发布的四条路由聚合为3012::/64。
2.3.2 聚合后抑制3012::/112和3012::1:0/112两条路由。
2.3.3 前缀列表的名称为P1,index 10 匹配3012::/112,index 20匹配3012::1:0/112。
2.3.4 路由策略的名称为RP1,node 10 匹配前缀列表。
2.3.5 在聚合路由时调用策略。
三、BGP特性
3.1 路由衰减
R6为维持bgp路由稳定,部署衰减功能。
3.1.1 半衰期为10分钟
3.1.2 再使用值为1500
3.1.3 路由抑制值为3000
3.1.4 最大惩罚值为8000
3.1.5 尝试频繁更新R12路由信息,查看R6的路由抑制是否生效。
3.2 活跃路由通告
3.2.1 在R8上使用BGP通告Loobapck8的路由2008::1/128。
3.2.2 在R8的Looback8上运行OSPFv3,进程1,区域0.
3.2.3 确认R7的BGP可收到该路由,并反射给客户端。
3.2.4 在R5上启用BGP活跃路由通告。
3.2.5 确认R7的BGP路由表中收不到该路由。
3.2.6 把R8的Looback8从ospfv3中删除。
3.2.7 确认R7的BGP重新收到该路由,AS200.1的BGP也能收到该路由。
3.3 团体属性
3.3.1 在R9的BGP中通告Loopback9的两条路由。
3.3.2 使用路由策略,名称RP1,通告3009::/112时携带团体属性100:9。
3.3.3 除了R8和R12,其他路由器都能收到该团体属性。
3.3.4 在R10中部署基础团体属性过滤器,名称C1,拒绝100:9的路由,接收其他所有路由。
3.3.5 路由策略调用团体属性过滤器,名称RP1,node 10。
3.3.6 R10从R2接收路由时调用该策略。
3.3.6 确认策略生效。
四. 代码
<R1>dis cu
[V200R003C00]
#
sysname R1
#
board add 0/1 2SA
#
snmp-agent local-engineid 800007DB03000000000000
snmp-agent
#
clock timezone China-Standard-Time minus 08:00:00
#
portal local-server load flash:/portalpage.zip
#
drop illegal-mac alarm
#
ipv6
#
wlan ac-global carrier id other ac id 0
#
set cpu-usage threshold 80 restore 75
#
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password cipher %$%$K8m.Nt84DZ}e#<0`8bmE3Uw}%$%$
local-user admin service-type http
#
ospfv3 1
router-id 1.1.1.1
#
firewall zone Local
priority 15
#
interface Serial1/0/0
link-protocol ppp
ipv6 enable
ipv6 address auto link-local
ospfv3 1 area 0.0.0.0
#
interface Serial1/0/1
link-protocol ppp
#
interface GigabitEthernet0/0/0
ipv6 enable
ipv6 address auto link-local
ospfv3 1 area 0.0.0.0
#
interface GigabitEthernet0/0/1
ipv6 enable
ipv6 address auto link-local
ospfv3 1 area 0.0.0.0
#
interface GigabitEthernet0/0/2
ipv6 enable
ipv6 address auto link-local
#
interface NULL0
#
interface LoopBack0
ipv6 enable
ipv6 address 2000::1/128
ospfv3 1 area 0.0.0.0
#
bgp 100.1
router-id 1.1.1.1
peer 2000::7 as-number 100.1
peer 2000::7 connect-interface LoopBack0
#
ipv4-family unicast
undo synchronization
#
ipv6-family unicast
undo synchronization
peer 2000::7 enable
#
user-interface con 0
authentication-mode password
user-interface vty 0 4
user-interface vty 16 20
#
wlan ac
#
return
<R2>dis cu
[V200R003C00]
#
sysname R2
#
board add 0/1 2SA
#
snmp-agent local-engineid 800007DB03000000000000
snmp-agent
#
clock timezone China-Standard-Time minus 08:00:00
#
portal local-server load flash:/portalpage.zip
#
drop illegal-mac alarm
#
ipv6
#
wlan ac-global carrier id other ac id 0
#
set cpu-usage threshold 80 restore 75
#
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password cipher %$%$K8m.Nt84DZ}e#<0`8bmE3Uw}%$%$
local-user admin service-type http
#
isis 1
is-level level-2
cost-style wide
network-entity 49.0100.0000.0000.0002.00
is-name R2
#
ipv6 enable topology standard
#
#
ospfv3 1
router-id 2.2.2.2
#
firewall zone Local
priority 15
#
interface Serial1/0/0
link-protocol ppp
ipv6 enable
ipv6 address auto link-local
ospfv3 1 area 0.0.0.0
#
interface Serial1/0/1
link-protocol ppp
#
interface GigabitEthernet0/0/0
ipv6 enable
ipv6 address auto link-local
ospfv3 1 area 0.0.0.0
#
interface GigabitEthernet0/0/1
ipv6 enable
ipv6 address auto link-local
ospfv3 1 area 0.0.0.0
#
interface GigabitEthernet0/0/2
ipv6 enable
ipv6 address auto link-local
isis ipv6 enable 1
#
interface NULL0
#
interface LoopBack0
ipv6 enable
ipv6 address 2000::2/128
ospfv3 1 area 0.0.0.0
isis ipv6 enable 1
#
bgp 100.1
router-id 2.2.2.2
peer 2000::7 as-number 100.1
peer 2000::7 connect-interface LoopBack0
peer 2000::10 as-number 200.1
peer 2000::10 connect-interface LoopBack0
peer 2000::10 password simple GT
peer 2000::10 valid-ttl-hops 1
#
ipv4-family unicast
undo synchronization
#
ipv6-family unicast
undo synchronization
aggregate 3012:: 64 as-set detail-suppressed origin-policy RP1
peer 2000::7 enable
peer 2000::7 next-hop-local
peer 2000::10 enable
peer 2000::10 advertise-community
#
route-policy RP1 permit node 10
if-match ipv6 address prefix-list P1
#
ip ipv6-prefix P1 index 10 permit 3012:: 112
ip ipv6-prefix P1 index 20 permit 3012::1:0 112
#
user-interface con 0
authentication-mode password
user-interface vty 0 4
user-interface vty 16 20
#
wlan ac
#
return
<R3>dis cu
[V200R003C00]
#
sysname R3
#
board add 0/1 2SA
#
snmp-agent local-engineid 800007DB03000000000000
snmp-agent
#
clock timezone China-Standard-Time minus 08:00:00
#
portal local-server load flash:/portalpage.zip
#
drop illegal-mac alarm
#
ipv6
#
wlan ac-global carrier id other ac id 0
#
set cpu-usage threshold 80 restore 75
#
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password cipher %$%$K8m.Nt84DZ}e#<0`8bmE3Uw}%$%$
local-user admin service-type http
#
ospfv3 1
router-id 3.3.3.3
#
firewall zone Local
priority 15
#
interface Serial1/0/0
link-protocol ppp
ipv6 enable
ipv6 address auto link-local
ospfv3 1 area 0.0.0.0
#
interface Serial1/0/1
link-protocol ppp
#
interface GigabitEthernet0/0/0
ipv6 enable
ipv6 address auto link-local
ospfv3 1 area 0.0.0.0
#
interface GigabitEthernet0/0/1
ipv6 enable
ipv6 address auto link-local
ospfv3 1 area 0.0.0.0
#
interface GigabitEthernet0/0/2
ipv6 enable
ipv6 address auto link-local
#
interface NULL0
#
interface LoopBack0
ipv6 enable
ipv6 address 2000::3/128
ospfv3 1 area 0.0.0.0
#
bgp 100.1
router-id 3.3.3.3
peer 2000::7 as-number 100.1
peer 2000::7 connect-interface LoopBack0
#
ipv4-family unicast
undo synchronization
#
ipv6-family unicast
undo synchronization
peer 2000::7 enable
#
user-interface con 0
authentication-mode password
user-interface vty 0 4
user-interface vty 16 20
#
wlan ac
#
return
<R4>dis cu
[V200R003C00]
#
sysname R4
#
board add 0/1 2SA
#
snmp-agent local-engineid 800007DB03000000000000
snmp-agent
#
clock timezone China-Standard-Time minus 08:00:00
#
portal local-server load flash:/portalpage.zip
#
drop illegal-mac alarm
#
ipv6
#
wlan ac-global carrier id other ac id 0
#
set cpu-usage threshold 80 restore 75
#
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password cipher %$%$K8m.Nt84DZ}e#<0`8bmE3Uw}%$%$
local-user admin service-type http
#
ospfv3 1
router-id 4.4.4.4
#
firewall zone Local
priority 15
#
interface Serial1/0/0
link-protocol ppp
ipv6 enable
ipv6 address auto link-local
ospfv3 1 area 0.0.0.0
#
interface Serial1/0/1
link-protocol ppp
#
interface GigabitEthernet0/0/0
ipv6 enable
ipv6 address auto link-local
ospfv3 1 area 0.0.0.0
#
interface GigabitEthernet0/0/1
ipv6 enable
ipv6 address auto link-local
ospfv3 1 area 0.0.0.0
#
interface GigabitEthernet0/0/2
ipv6 enable
ipv6 address auto link-local
#
interface NULL0
#
interface LoopBack0
ipv6 enable
ipv6 address 2000::4/128
ospfv3 1 area 0.0.0.0
#
bgp 100.1
router-id 4.4.4.4
peer 2000::7 as-number 100.1
peer 2000::7 connect-interface LoopBack0
#
ipv4-family unicast
undo synchronization
#
ipv6-family unicast
undo synchronization
peer 2000::7 enable
#
user-interface con 0
authentication-mode password
user-interface vty 0 4
user-interface vty 16 20
#
wlan ac
#
return
<R5>dis cu
[V200R003C00]
#
sysname R5
#
board add 0/1 2SA
board add 0/2 1GEC
#
snmp-agent local-engineid 800007DB03000000000000
snmp-agent
#
clock timezone China-Standard-Time minus 08:00:00
#
portal local-server load flash:/portalpage.zip
#
drop illegal-mac alarm
#
ipv6
#
wlan ac-global carrier id other ac id 0
#
set cpu-usage threshold 80 restore 75
#
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password cipher %$%$K8m.Nt84DZ}e#<0`8bmE3Uw}%$%$
local-user admin service-type http
#
ospfv3 1
router-id 5.5.5.5
#
firewall zone Local
priority 15
#
interface Serial1/0/0
link-protocol ppp
ipv6 enable
ipv6 address auto link-local
ospfv3 1 area 0.0.0.0
#
interface Serial1/0/1
link-protocol ppp
#
interface GigabitEthernet0/0/0
ipv6 enable
ipv6 address auto link-local
ospfv3 1 area 0.0.0.0
#
interface GigabitEthernet0/0/1
ipv6 enable
ipv6 address auto link-local
ospfv3 1 area 0.0.0.0
#
interface GigabitEthernet0/0/2
ipv6 enable
ipv6 address auto link-local
ospfv3 1 area 0.0.0.0
#
interface GigabitEthernet2/0/0
ipv6 enable
ipv6 address auto link-local
ospfv3 1 area 0.0.0.0
#
interface NULL0
#
interface LoopBack0
ipv6 enable
ipv6 address 2000::5/128
ospfv3 1 area 0.0.0.0
#
bgp 100.1
router-id 5.5.5.5
peer 2000::7 as-number 100.1
peer 2000::7 connect-interface LoopBack0
peer 2000::8 as-number 100.1
peer 2000::8 connect-interface LoopBack0
peer 2000::9 as-number 100.1
peer 2000::9 connect-interface LoopBack0
#
ipv4-family unicast
undo synchronization
#
ipv6-family unicast
undo synchronization
active-route-advertise
peer 2000::7 enable
peer 2000::7 advertise-community
peer 2000::8 enable
peer 2000::8 reflect-client
peer 2000::9 enable
peer 2000::9 reflect-client
#
user-interface con 0
authentication-mode password
user-interface vty 0 4
user-interface vty 16 20
#
wlan ac
#
return
<R6>dis cu
[V200R003C00]
#
sysname R6
#
board add 0/1 2SA
board add 0/2 1GEC
#
snmp-agent local-engineid 800007DB03000000000000
snmp-agent
#
clock timezone China-Standard-Time minus 08:00:00
#
portal local-server load flash:/portalpage.zip
#
drop illegal-mac alarm
#
ipv6
#
wlan ac-global carrier id other ac id 0
#
set cpu-usage threshold 80 restore 75
#
keychain GT mode periodic daily
key-id 1
algorithm hmac-md5
key-string plain GT123
send-time daily 00:00 to 11:59
receive-time daily 00:00 to 11:59
key-id 2
algorithm hmac-md5
key-string plain GT321
send-time daily 12:00 to 23:59
receive-time daily 12:00 to 23:59
#
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password cipher %$%$K8m.Nt84DZ}e#<0`8bmE3Uw}%$%$
local-user admin service-type http
#
isis 1
is-level level-2
cost-style wide
network-entity 49.0100.0000.0000.0006.00
is-name R6
#
ipv6 enable topology standard
#
#
ospfv3 1
router-id 6.6.6.6
#
firewall zone Local
priority 15
#
interface Serial1/0/0
link-protocol ppp
ipv6 enable
ipv6 address auto link-local
ospfv3 1 area 0.0.0.0
#
interface Serial1/0/1
link-protocol ppp
#
interface GigabitEthernet0/0/0
ipv6 enable
ipv6 address auto link-local
ospfv3 1 area 0.0.0.0
#
interface GigabitEthernet0/0/1
ipv6 enable
ipv6 address auto link-local
ospfv3 1 area 0.0.0.0
#
interface GigabitEthernet0/0/2
ipv6 enable
ipv6 address auto link-local
isis ipv6 enable 1
#
interface GigabitEthernet2/0/0
ipv6 enable
ipv6 address auto link-local
#
interface NULL0
#
interface LoopBack0
ipv6 enable
ipv6 address 2000::6/128
ospfv3 1 area 0.0.0.0
isis ipv6 enable 1
#
bgp 100.1
router-id 6.6.6.6
peer 2000::7 as-number 100.1
peer 2000::7 connect-interface LoopBack0
peer 2000::11 as-number 200.1
peer 2000::11 ebgp-max-hop 2
peer 2000::11 connect-interface LoopBack0
peer 2000::11 keychain GT
#
ipv4-family unicast
undo synchronization
#
ipv6-family unicast
undo synchronization
dampening 10 1500 3000 8000
peer 2000::7 enable
peer 2000::7 next-hop-local
peer 2000::11 enable
peer 2000::11 advertise-community
#
user-interface con 0
authentication-mode password
user-interface vty 0 4
user-interface vty 16 20
#
wlan ac
#
return
<R7>dis cu
[V200R003C00]
#
sysname R7
#
board add 0/1 2SA
board add 0/2 2SA
board add 0/3 2SA
board add 0/4 2SA
#
snmp-agent local-engineid 800007DB03000000000000
snmp-agent
#
clock timezone China-Standard-Time minus 08:00:00
#
portal local-server load flash:/portalpage.zip
#
drop illegal-mac alarm
#
ipv6
#
wlan ac-global carrier id other ac id 0
#
set cpu-usage threshold 80 restore 75
#
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password cipher %$%$K8m.Nt84DZ}e#<0`8bmE3Uw}%$%$
local-user admin service-type http
#
ospfv3 1
router-id 7.7.7.7
#
firewall zone Local
priority 15
#
interface Serial1/0/0
link-protocol ppp
ipv6 enable
ipv6 address auto link-local
ospfv3 1 area 0.0.0.0
#
interface Serial1/0/1
link-protocol ppp
ipv6 enable
ipv6 address auto link-local
ospfv3 1 area 0.0.0.0
#
interface Serial2/0/0
link-protocol ppp
ipv6 enable
ipv6 address auto link-local
ospfv3 1 area 0.0.0.0
#
interface Serial2/0/1
link-protocol ppp
ipv6 enable
ipv6 address auto link-local
ospfv3 1 area 0.0.0.0
#
interface Serial3/0/0
link-protocol ppp
ipv6 enable
ipv6 address auto link-local
ospfv3 1 area 0.0.0.0
#
interface Serial3/0/1
link-protocol ppp
ipv6 enable
ipv6 address auto link-local
ospfv3 1 area 0.0.0.0
#
interface Serial4/0/0
link-protocol ppp
#
interface Serial4/0/1
link-protocol ppp
#
interface GigabitEthernet0/0/0
ipv6 enable
ipv6 address auto link-local
#
interface GigabitEthernet0/0/1
ipv6 enable
ipv6 address auto link-local
#
interface GigabitEthernet0/0/2
ipv6 enable
ipv6 address auto link-local
#
interface NULL0
#
interface LoopBack0
ipv6 enable
ipv6 address 2000::7/128
ospfv3 1 area 0.0.0.0
#
bgp 100.1
router-id 7.7.7.7
group IBGP internal
peer IBGP connect-interface LoopBack0
peer 2000::1 as-number 100.1
peer 2000::1 group IBGP
peer 2000::2 as-number 100.1
peer 2000::2 group IBGP
peer 2000::3 as-number 100.1
peer 2000::3 group IBGP
peer 2000::4 as-number 100.1
peer 2000::4 group IBGP
peer 2000::5 as-number 100.1
peer 2000::5 group IBGP
peer 2000::6 as-number 100.1
peer 2000::6 group IBGP
#
ipv4-family unicast
undo synchronization
peer IBGP enable
#
ipv6-family unicast
undo synchronization
peer IBGP enable
peer IBGP reflect-client
peer IBGP advertise-community
peer 2000::1 enable
peer 2000::1 group IBGP
peer 2000::2 enable
peer 2000::2 group IBGP
peer 2000::3 enable
peer 2000::3 group IBGP
peer 2000::4 enable
peer 2000::4 group IBGP
peer 2000::5 enable
peer 2000::5 group IBGP
peer 2000::6 enable
peer 2000::6 group IBGP
#
user-interface con 0
authentication-mode password
user-interface vty 0 4
user-interface vty 16 20
#
wlan ac
#
return
<R8>dis cu
[V200R003C00]
#
sysname R8
#
snmp-agent local-engineid 800007DB03000000000000
snmp-agent
#
clock timezone China-Standard-Time minus 08:00:00
#
portal local-server load flash:/portalpage.zip
#
drop illegal-mac alarm
#
ipv6
#
wlan ac-global carrier id other ac id 0
#
set cpu-usage threshold 80 restore 75
#
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password cipher %$%$K8m.Nt84DZ}e#<0`8bmE3Uw}%$%$
local-user admin service-type http
#
ospfv3 1
router-id 8.8.8.8
#
firewall zone Local
priority 15
#
interface GigabitEthernet0/0/0
ipv6 enable
ipv6 address auto link-local
ospfv3 1 area 0.0.0.0
#
interface GigabitEthernet0/0/1
ipv6 enable
ipv6 address auto link-local
#
interface GigabitEthernet0/0/2
ipv6 enable
ipv6 address auto link-local
#
interface NULL0
#
interface LoopBack0
ipv6 enable
ipv6 address 2000::8/128
ospfv3 1 area 0.0.0.0
#
interface LoopBack8
ipv6 enable
ipv6 address 2008::1/128
#
bgp 100.1
router-id 8.8.8.8
peer 2000::5 as-number 100.1
peer 2000::5 connect-interface LoopBack0
#
ipv4-family unicast
undo synchronization
#
ipv6-family unicast
undo synchronization
network 2008::1 128
peer 2000::5 enable
#
user-interface con 0
authentication-mode password
user-interface vty 0 4
user-interface vty 16 20
#
wlan ac
#
return
<R9>dis cu
[V200R003C00]
#
sysname R9
#
snmp-agent local-engineid 800007DB03000000000000
snmp-agent
#
clock timezone China-Standard-Time minus 08:00:00
#
portal local-server load flash:/portalpage.zip
#
drop illegal-mac alarm
#
ipv6
#
wlan ac-global carrier id other ac id 0
#
set cpu-usage threshold 80 restore 75
#
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password cipher %$%$K8m.Nt84DZ}e#<0`8bmE3Uw}%$%$
local-user admin service-type http
#
ospfv3 1
router-id 9.9.9.9
#
firewall zone Local
priority 15
#
interface GigabitEthernet0/0/0
ipv6 enable
ipv6 address auto link-local
ospfv3 1 area 0.0.0.0
#
interface GigabitEthernet0/0/1
ipv6 enable
ipv6 address auto link-local
#
interface GigabitEthernet0/0/2
ipv6 enable
ipv6 address auto link-local
#
interface NULL0
#
interface LoopBack0
ipv6 enable
ipv6 address 2000::9/128
ospfv3 1 area 0.0.0.0
#
interface LoopBack9
ipv6 enable
ipv6 address 3009::1/112
ipv6 address 3009::1:1/112
#
bgp 100.1
router-id 9.9.9.9
peer 2000::5 as-number 100.1
peer 2000::5 connect-interface LoopBack0
#
ipv4-family unicast
undo synchronization
#
ipv6-family unicast
undo synchronization
network 3009:: 112 route-policy RP1
network 3009::1:0 112
peer 2000::5 enable
peer 2000::5 advertise-community
#
route-policy RP1 permit node 10
apply community 100:9
#
user-interface con 0
authentication-mode password
user-interface vty 0 4
user-interface vty 16 20
#
wlan ac
#
return
<R10>dis cu
[V200R003C00]
#
sysname R10
#
snmp-agent local-engineid 800007DB03000000000000
snmp-agent
#
clock timezone China-Standard-Time minus 08:00:00
#
portal local-server load flash:/portalpage.zip
#
drop illegal-mac alarm
#
ipv6
#
wlan ac-global carrier id other ac id 0
#
set cpu-usage threshold 80 restore 75
#
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password cipher %$%$K8m.Nt84DZ}e#<0`8bmE3Uw}%$%$
local-user admin service-type http
#
isis 1
is-level level-2
cost-style wide
network-entity 49.0200.0000.0000.0010.00
is-name R10
#
ipv6 enable topology standard
#
#
ospfv3 1
router-id 10.10.10.10
#
firewall zone Local
priority 15
#
interface GigabitEthernet0/0/0
ipv6 enable
ipv6 address auto link-local
isis ipv6 enable 1
#
interface GigabitEthernet0/0/1
ipv6 enable
ipv6 address auto link-local
ospfv3 1 area 0.0.0.0
#
interface GigabitEthernet0/0/2
#
interface NULL0
#
interface LoopBack0
ipv6 enable
ipv6 address 2000::10/128
ospfv3 1 area 0.0.0.0
isis ipv6 enable 1
#
bgp 200.1
router-id 10.10.10.10
peer 2000::2 as-number 100.1
peer 2000::2 connect-interface LoopBack0
peer 2000::2 password simple GT
peer 2000::2 valid-ttl-hops 1
peer 2000::12 as-number 200.1
peer 2000::12 connect-interface LoopBack0
#
ipv4-family unicast
undo synchronization
#
ipv6-family unicast
undo synchronization
peer 2000::2 enable
peer 2000::2 route-policy RP1 import
peer 2000::12 enable
peer 2000::12 next-hop-local
#
route-policy RP1 permit node 10
if-match community-filter C1
#
ip community-filter basic C1 deny 100:9
ip community-filter basic C1 permit internet
#
user-interface con 0
authentication-mode password
user-interface vty 0 4
user-interface vty 16 20
#
wlan ac
#
return
<R11>dis cu
[V200R003C00]
#
sysname R11
#
snmp-agent local-engineid 800007DB03000000000000
snmp-agent
#
clock timezone China-Standard-Time minus 08:00:00
#
portal local-server load flash:/portalpage.zip
#
drop illegal-mac alarm
#
ipv6
#
wlan ac-global carrier id other ac id 0
#
set cpu-usage threshold 80 restore 75
#
keychain GT mode periodic daily
key-id 1
algorithm hmac-md5
key-string plain GT123
send-time daily 00:00 to 11:59
receive-time daily 00:00 to 11:59
key-id 2
algorithm hmac-md5
key-string plain GT321
send-time daily 12:00 to 23:59
receive-time daily 12:00 to 23:59
#
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password cipher %$%$K8m.Nt84DZ}e#<0`8bmE3Uw}%$%$
local-user admin service-type http
#
isis 1
is-level level-2
cost-style wide
network-entity 49.0200.0000.0000.0011.00
is-name R11
#
ipv6 enable topology standard
#
#
ospfv3 1
router-id 11.11.11.11
#
firewall zone Local
priority 15
#
interface GigabitEthernet0/0/0
ipv6 enable
ipv6 address auto link-local
isis ipv6 enable 1
#
interface GigabitEthernet0/0/1
ipv6 enable
ipv6 address auto link-local
ospfv3 1 area 0.0.0.0
#
interface GigabitEthernet0/0/2
#
interface NULL0
#
interface LoopBack0
ipv6 enable
ipv6 address 2000::11/128
ospfv3 1 area 0.0.0.0
isis ipv6 enable 1
#
bgp 200.1
router-id 11.11.11.11
peer 2000::6 as-number 100.1
peer 2000::6 ebgp-max-hop 2
peer 2000::6 connect-interface LoopBack0
peer 2000::6 keychain GT
peer 2000::12 as-number 200.1
peer 2000::12 connect-interface LoopBack0
#
ipv4-family unicast
undo synchronization
#
ipv6-family unicast
undo synchronization
aggregate 3012:: 64 suppress-policy RP1
peer 2000::6 enable
peer 2000::12 enable
peer 2000::12 next-hop-local
#
route-policy RP1 permit node 10
if-match ipv6 address prefix-list P1
#
ip ipv6-prefix P1 index 10 permit 3012:: 112
ip ipv6-prefix P1 index 20 permit 3012::1:0 112
#
user-interface con 0
authentication-mode password
user-interface vty 0 4
user-interface vty 16 20
#
wlan ac
#
return
<R12>dis cu
[V200R003C00]
#
sysname R12
#
snmp-agent local-engineid 800007DB03000000000000
snmp-agent
#
clock timezone China-Standard-Time minus 08:00:00
#
portal local-server load flash:/portalpage.zip
#
drop illegal-mac alarm
#
ipv6
#
wlan ac-global carrier id other ac id 0
#
set cpu-usage threshold 80 restore 75
#
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password cipher %$%$K8m.Nt84DZ}e#<0`8bmE3Uw}%$%$
local-user admin service-type http
#
ospfv3 1
router-id 12.12.12.12
#
firewall zone Local
priority 15
#
interface GigabitEthernet0/0/0
ipv6 enable
ipv6 address auto link-local
ospfv3 1 area 0.0.0.0
#
interface GigabitEthernet0/0/1
ipv6 enable
ipv6 address auto link-local
ospfv3 1 area 0.0.0.0
#
interface GigabitEthernet0/0/2
#
interface NULL0
#
interface LoopBack0
ipv6 enable
ipv6 address 2000::12/128
ospfv3 1 area 0.0.0.0
#
interface LoopBack12
ipv6 enable
ipv6 address 3012::1/112
ipv6 address 3012::1:1/112
ipv6 address 3012::2:1/112
ipv6 address 3012::3:1/112
#
bgp 200.1
router-id 12.12.12.12
peer 2000::10 as-number 200.1
peer 2000::10 connect-interface LoopBack0
peer 2000::11 as-number 200.1
peer 2000::11 connect-interface LoopBack0
#
ipv4-family unicast
undo synchronization
#
ipv6-family unicast
undo synchronization
network 3012:: 112
network 3012::1:0 112
network 3012::2:0 112
network 3012::3:0 112
peer 2000::10 enable
peer 2000::11 enable
#
user-interface con 0
authentication-mode password
user-interface vty 0 4
user-interface vty 16 20
#
wlan ac
#
return