Lab Guide 内文

Huawei Datacom Certifications-HCDA
Huawei Networking Technology and Device

Lab Guide
Edition. 1.2
Huawei Technologies Co.,Ltd
Copyright Huawei Technologies Co., Ltd. 2010. All rights reserved.

No part of this document may be reproduced or transmitted in any form or by any means
without prior written consent of Huawei Technologies Co., Ltd.
Trademarks and Permissions

and other Huawei trademarks are trademarks of Huawei Technologies Co., Ltd.
All other trademarks and trade names mentioned in this document are the property of
their respective holders.
Notice
The information in this document is subject to change without notice. Every effort has
been made in the preparation of this document to ensure accuracy of the contents, but all
statements, information, and recommendations in this document do not constitute the
warranty of any kind, express or implied.
Huawei Datacom Certifications-HCDA

Huawei Networking Technology and Device Lab Guide
Huawei Datacom Certification System

IP technology is adopted widely in global telecom networks as network convergence
becomes reality. Operators who want to implement the IP network technology quickly
have realized that the best way to maximize their investment and reduce implementation
time, costs, and risks, is to train up the competence and qualification of their technical staff.
In addition, proficiency of IP skills has become a major selection criterion in recruiting new
staff.
For quality assurance, it would be beneficial to benchmark IP skills development
and assessment.
IP certification hence gives a solution for benchmarking.
IP Certification Solution
This solution is developed by the joint effort of nearly a hundred training experts who
contribute their rich experience in the design and maintenance of IP Networks, and the
skills models of one thousand datacom engineers from Huawei and our partners in the
industry. The solution aims to provide comprehensive, specialized, and authoritative
certification on network technologies for global customers.
Huawei Datacom Certification consists of three kinds of certification:
1) Career Certification
This is a three-tier certification levels which aim to provide IP skills development and
assessment for typical job positions in the telecom industry.
A. Huawei Certified Datacom Associate (HCDA) is a basic level certification. It is for
IP network maintenance engineers and other interested professionals who are
working with the carrier IP networks. After certification, the certified practitioners are
able to follow the norms of the industry, possess skills to apply routing and switching
technology, and network security basics into IP network access layer equipment
maintenance.
There are two different tracks of Huawei Certified Datacom Professional and Huawei Certified
Datacom Expert.
B.
i.
Huawei Certified Datacom Professional-Carrier IP (HCDP-Carrier IP) is an

intermediate level certification. It is designed for IP network commissioning
engineers, IP network O&M engineers, IP network design engineers and
interested professionals who intend to gain a comprehensive and extensive

proficiency of related technologies in routing, switching and accessing control in
carrier IP networks. After obtaining the certification, one is expected to be able
to implement, maintain and trouble-shoot carrier IP networks that execute routing,
switching and accessing technologies. To obtain the certification, candidates
need to pass the three examinations: Building Carrier Routing Network (BCRN),
Building Carrier Access Network (BCAN), and Building IP Telecom Network
(BITN).
ii.
Huawei Certified Datacom Expert-Carrier IP (HCDE-Carrier IP) is an

advanced level certification. It is for IP network design engineers and interested
professionals who target to gain a comprehensive and extensive proficiency in
the design, optimization and support of related technologies in carrier IP
networks. The certified professional is expected to perform expert planning and
optimizing of the large scale carrier IP networks, and be an authority in carrier IP
networking technologies who can provide technical guidance.
(HCDE-Carrier IP certification is to be offered in August 2011.)
i.
Huawei Certified Datacom Professional-Enterprise IP (HCDP-Enterprise IP)

is an intermediate level certification. It is designed for IP network
commissioning engineers, IP network O&M engineers, IP network design
engineers and interested professionals who intend to gain a comprehensive and
extensive proficiency of related technologies in routing and switching in
enterprise IP networks. After obtaining the certification, one is expected to be
able to implement, maintain and trouble-shoot enterprise IP networks that
execute routing and switching technologies. To obtain the certification,
candidates need to pass the three examinations: Implementing Enterprise
Routing Network (IERN), Implementing Enterprise Switching Network (IESN),
and Improving Enterprise Network Performance (IENP).
C)
ii.
Huawei Certified Datacom Expert-Enterprise IP (HCDE-Enterprise IP) is an

advanced level certification. It is for IP network design engineers and interested
professionals who target to gain a comprehensive and extensive proficiency in
the design, optimization and support of related technologies in enterprise IP
networks. The certified professional is expected to perform expert planning and
optimizing of the large scale enterprise IP networks, and be an authority in
enterprise IP networking technologies who can provide technical guidance.
(HCDE-Enterprise IP certification is to be offered in August 2011.)
2) Specialist Certification is targeted for those who desire to acquire specific technical
skills, such as installation, configuration and troubleshooting on Huawei datacom
products.
3) Compatibility Certification is a fast-track certification. It accommodates the
certifications issued by other networking vendors and allows those certification holders to
attain the Huawei datacom certification within the shortest feasible period.
Table of Contents
Lab Environment Description
Section 1: VRP Basic Laboratory Guide
Section 2: Routing Technology Laboratory Guide
Section 3: Switching Technology Laboratory Guide
Section 4: WAN Protocol Laboratory Guide
Section 5:Firewall Eudemon Laboratory Guide

Networking Instruction
This lab environment faces to the engineer who prepare for HCDA-HNTD
exam. The contents of HCDA-HNTD include the lab of VRP basic operation,
Routing protocol principle, Ethernet switching technical, WAN technical
and network security.
All the labs above are base on the topology as follow:
C 2010 Huawei Technologies Co.Ltd. , All Rights Reserved.

Copyright
There are four routers, five switches, one firewall and several PCs. One set
of lab environment can support four trainees hand on exercise at the same
time.
IP address Planning
The suggested IP address of the device to plan as follow:
RT1
RT1
RT2
RT3
RT4
RT2
RT3
RT4
Loopback
12.1.1.0/30 13.1.1.0/30 14.1.1.0/30 1.1.1.1/32
12.1.1.0/30
23.1.1.0/30 24.1.1.0/30 2.2.2.2/32
13.1.1.0/30 23.1.1.0/30
34.1.1.0/30 3.3.3.3/32
14.1.1.0/30 24.1.1.0/30 34.1.1.0/30
4.4.4.4/32
The device with smaller number in the name uses the smaller IP address of
the segment. For example, for the connection between RT1 and RT2, RT1
uses 12.1.1.1/30 and RT2 uses 12.1.1.2/30.
Devices Introduction
To meet the requirement of HCDA-HNTD,.We suggest every set of
environment to adopt the configuration as follow:
Devices
Name
Choice
Devices
Types
Software
Version
Interface Number of Suggest the least

Type
Interface Number of number of
Interfaces devices
S3500
series
switch or
over above.
VRP3
Ethernet
24
AR18 or
AR28
RT1
series
RT4
router or
over above
VRP3\
VRP5
Ethernet\
Serial
2\2
Eudemon
100/
200/500/
1000
VRP3
Ethernet
SW1
SW5
FW1
We also need several PCs

The relationship between lab devices and lab contents is as follows:
2

Copyright
Devices Name
SW1SW5
RT1RT5
FW1
Content
VRP basic operationethernet basic
configuration, port aggregation, VLAN, VLAN
routing, route on stick, STP.
VRP basic operation, PPP, HDLCFRstatic
routeRIPOSPFVRRP
firewall configurationNATACL

Copyright
Huawei Certified Datacom Associate
Section 1
VRP Basic Laboratory Guide
Table of Contents
Section 1 VRP Basic
Table of Contents
Lab Description .................................................................................................................1
Introduction................................................................................................................1
Version ......................................................................................................................1
Objectives..................................................................................................................1
Tasks .........................................................................................................................1
References ................................................................................................................1
Chapter1 Configure the router by Console port.................................................................2
1.1 Networking and service description.....................................................................2
1.2 Configuration and Verification..............................................................................2
Chapter2 Configure the router via telnet ...........................................................................4
2.1 Networking and Service description ....................................................................4
Chapter3 Ping....................................................................................................................6
3.1 Networking and Service description ....................................................................6
3.3 FAQ .....................................................................................................................9
Chapter4 FTP/TFTP ..........................................................................................................10
4.1 Networking and Service Description....................................................................10

Copyright
Lab Description
Section 1 VRP Basic
Lab Description
Introduction
The Versatile Routing Platform (VRP) is a versatile operating system
platform, developed for all data communication products of Huawei.
With the IP service as its core, the VRP adopts the componentized
architecture. The VRP realizes rich functions and provides tailorability
and scalability based on applications.
This
Laboratory
Guide
covers
some
important
and
basic
configurations which include how to configure a router through console

port, how to configure a router through telnet, how to configure
FTP/TFTP and how to use some basic commands to do
troubleshooting.
Version
This Guide is applicable to VRP 5.10
Objectives
z
To grasp how to configure a router via console
To grasp how to configure a router through telnet
To know how to use Ping, Tracert, FTP/TFTP
Establishing the Configuration Environment by the Console Port
Configuring the Router Through Telnet
Use Ping, tracert, FTP/TFTP command
Tasks
References
VRP Configuration Guide 5.10

Copyright
Chapter1Configure the router by Console
Section 1 VRP Basic
Chapter1
Configure the router by Console
1.1 Networking and service description
Figure 1-1 Console connection between PC and router

z
To set up the configuration environment, just connect the serial

port of the PC (or terminal) to the Console interface on the
routers active MPU through a console cable.
1.2 Configuration and Verification

(1)
Run the terminal emulation program on the PC. Set the terminal
communication parameters to be 9600 bps, data bit to be 8, stop
bit to be 1. Specify no parity and no flow control as shown in the
following figure.

Copyright
Chapter1Configure the router by Console
Section 1 VRP Basic
(2)
Power on the router. The prompt <Quidway> will appear after

self-check is finished.
C
Copyright2010
Huawei Technologies Co.Ltd. , All Rights Reserved.
Chapter2Configure the router via telnet
Section 1 VRP Basic
Chapter2
Configure the router via telnet
2.1 Networking and Service description
Figure 2-1 Configure the router via telnet

z
PC1 connects to RT4s Ethernet 0/0 through SW1.

2.2.1 Configure Telnet
Configure router via console firstly.
z
configure IP address of the router and PC
<Quidway>system-view
[Quidway]interface Ethernet 0/0
[Quidway-Ethernet0/0]ip address 10.1.1.4 255.0.0.0
Also need to configure IP address of the PC after you have finished
the IP configuration of the router.
There are three login methods via telnet and two of them will be shown
as follow:
z
configure telnet login with password
[Quidway] User-interface vty 0 4

[Quidway-ui-vty0-4] authentication-mode password
[Quidway-ui-vty0-4] set authentication password simple Huawei
[Quidway-ui-vty0-4] user privilege level 3
z
configure telnet login with username and password
[Quidway]user-interface vty 0 4
[Quidway-ui-vty0-4]authentication-mode scheme
[Quidway]local-user test\\Create one local user: test
[Quidway-luser-test]password cipher test
[Quidway-luser-test]service-type telnet
\\Set user service type
C
Copyright2010
Section 1 VRP Basic
Chapter2Configure the router via telnet
[Quidway-luser-test]level 3
The router will ask for username and password when you telnet to
router.
2.2.2 Configure access right for telnet users

You may set the password at different levels using the command
super password [ level user-level ] { simple | cipher } password :
[Quidway]super password level 1 cipher jack
[Quidway]super password level 2 cipher black
[Quidway]super password level 3 cipher brown
With the following commands,we configure the user level as 0 when
login the router.
[Quidway]user-interface vty 0
\\to set the default access
level to 0
Using the super command, you can change the user's current level.
User level indicates the type of the login user. There are four user
levels. Different from the use of command level, a login user can only
use the commands with the levels no higher than the user level.
2.2.3 Check the communication between PC and router

Confirm the communication between PC and router is OK with ping.
2.2.4 Run telnet program on PC to login router
C
Copyright2010
Chapter3Ping
Section 1 VRP Basic
Chapter3 Ping
3.1 Networking and Service description
Figure 3-1 How to use Ping command

z
The ping command can be used to check the network connection

failure. The host running ping sends ICMP ECHO-REQUEST to
the destination host. The destination host will receive ICMP
ECHO-REQUEST and reply with ICMP ECHO-REPLY when the
connectivity is OK.
PC1 connects with RT4s Ethernet 0/0 through SW1.

3.2.1 Command Explanation
Ping command is not only used on VRP platform but also in Windows
platform.
(1)
On VRP
ping [ -c
number ] [ -t
address ]
ip-address
number ] [ -s
number ] [ -a
source ip
-a source-ip-address: sets the source IP address for sending the ICMP

echo-request packet.
-c count: indicates the number of ICMP echo-request packet
transmission events. The value is in the range of 1 to 4294967295.
The default value is 5.
-s packetsize: specifies the length of the echo-request packet
(excluding IP and ICMP headers) in bytes, ranging from 20 to 8100.
The default value is 56 bytes.
C
Copyright2010
Chapter3Ping
Section 1 VRP Basic
[Quidway-luser-test]level 3
The router will ask for username and password when you telnet to
router.
2.2.2 Configure access right for telnet users

You may set the password at different levels using the command
super password [ level user-level ] { simple | cipher } password :
[Quidway]super password level 1 cipher jack
[Quidway]super password level 2 cipher black
[Quidway]super password level 3 cipher brown
With the following commands,we configure the user level as 0 when
login the router.
[Quidway]user-interface vty 0
\\to set the default access
level to 0
Using the super command, you can change the user's current level.
User level indicates the type of the login user. There are four user
levels. Different from the use of command level, a login user can only
use the commands with the levels no higher than the user level.
2.2.3 Check the communication between PC and router

Confirm the communication between PC and router is OK with ping.
2.2.4 Run telnet program on PC to login router
C
Copyright2010
Chapter3Ping
Section 1 VRP Basic
3.2.2 Configure IP address

configure IP address of the router and the PC
[quidway]sysname RT4
[RT4]interface Ethernet 0/0
[RT4-Ethernet0/0]ip address 10.1.1.4 255.255.255.0
3.2.3 Verification
(1)
Check the reachability of IP 10.1.1.2
<RT4> ping 10.1.1.2

ping 10.1.1.2 : 56 data bytes , press CTRL-C to break
Reply from 10.1.1.2 : bytes=56 sequence=1 ttl=255 time = 1ms
--10.1.1.2 ping statistics-5 packets transmitted
5 packets received
0% packet loss
round-trip min/avg/max = 1/2/3 ms
(2)
Check the reachability of IP 10.1.1.2 and specifies 8 echo

requests to be sent with source address 10.1.1.4.
[RT4]ping -a 10.1.1.4 -c 8 10.1.1.2

PING 10.1.1.2: 56
data bytes, press CTRL_C to break
Reply from 10.1.1.2: bytes=56 Sequence=1 ttl=255 time=32 ms

--- 10.1.1.2 ping statistics --8 packet(s) transmitted
8
C
Copyright2010
Chapter3Ping
Section 1 VRP Basic
8 packet(s) received
0.00% packet loss
(3)
Check the reach ability of IP 10.1.1.2 and specifies timeout is

3000 milliseconds, the length of echo requests is 300 Bytes.
[RT4] ping -t 3000 -s 300 10.1.1.2

PING 10.1.1.2: 300

--- 10.1.1.2 ping statistics --5 packet(s) transmitted
0.00% packet loss
3.3 FAQ
QAs shown in the figure 3-1, what is the result if we use Tracert
command?
AUsing the tracert command, you can test the gateways that
datagram pass along from sending host to the destination. This
command is mainly used to check whether the network connection
is reachable and locate failures that have occurred in the network.
[RT4]tracert 10.1.1.2
traceroute to
10.1.1.2(10.1.1.2) 30 hops max,40 bytes packet
1 10.1.1.2 31 ms
31 ms
32 ms
C
Copyright2010
Chapter4FTP/TFTP
Section 1 VRP Basic
Chapter4 FTP/TFTP
4.1 Networking and Service Description
Figure 4-1 FTP/TFTP application

z
FTP and TFTP are file transfer protocols which are used to
transfer files between the host and the equipment. VRP platform
supports software update and configuration file backup via
FTP/TFTP.
RT1s E0/0 port connects with PC1.
RT1s console port connects with PC2.

4.2.1 Configure FTP/TFTP
There are three methods to transfer files between hosts and routers.
(1)
The router is configured as FTP server.
[RT1]interface Ethernet 0/0

[RT1-Ethernet0/0]ip address 10.1.1.1 255.255.255.0
[RT1]ftp server enable
[RT1] local-user quidway
[RT1-luser-quidway]password simple huawei
[RT1-luser-quidway]service-type
ftp-directory
flash:/ftp/quidway
\\modify the default directory

(2)
The router is configured as FTP client.
In this case, you just need to configure interface IP address for the
router.
10
C
Copyright2010
Chapter4FTP/TFTP
Section 1 VRP Basic
(3)
The router is configured as TFTP client.
In this case, you just need to configure interface IP address for the
router.
FTP/TFTP transfers the files in two formats:
z
The binary format: transfers program files.
The ASCII format: transfers text files.
4.2.2 Verification
(1)
The router is FTP Server
FTP client accesses the FTP server and transfers files.

Note: In this example, we have to use binary mode when .bin file
has been transmitted.
(2)
The router is FTP Client
<Quidway> ftp 10.1.1.2

Trying 10.1.1.2 ...
Connected to 10.1.1.2
User(10.1.1.2:(none)):quidway
331 Give me your password, please
Password:
230 Logged in successfully
[ftp] get vrp.txt
150 "D:\system\vrp.txt" file ready to send (5805100 bytes) in IMAGE /
Binary mode
226 Transfer finished successfully.
C
Copyright2010
11
Chapter4FTP/TFTP
Section 1 VRP Basic
FTP:
5805100
byte(s)
received
in
19.898
second(s)
291.74Kbyte(s)/sec.
Access to FTP Server via FTP Client and transmit file.
(3)
Tthe router is TFTP Client
<Quidway>
tftp 10.1.1.2 get vrp.cc flash:/vrp.cc
150 "D:\system\vrp.cc" file ready to send (5805100 bytes) in IMAGE /

Binary mode
226 Transfer finished successfully.
TFTP:
5805100
byte(s)
received
in
19.898
second(s)
291.74Kbyte(s)/sec
12
C
Copyright2010
Section 2
Routing Tech. Laboratory Guide
Table of Contents
Section 2 Routing Technology
Table of Contents
Table of Contents .............................................................................................................1
Lab Description..................................................................................................................3
Introduction................................................................................................................3
Version ......................................................................................................................3
Objectives ..................................................................................................................3
Tasks .........................................................................................................................3
References ................................................................................................................3
Chapter 1 Static Route Lab Guide .................................................................................... ..4
1.1 Networking and Service Description .....................................................................4
1.2 Configuration Flow ................................................................................................4
1.3 Configuration Steps ..............................................................................................4
1.4 Configuration and Verification...............................................................................5
Chapter 2 Default Route Configuration...............................................................................8
2.1 Networking and Service Description .....................................................................8
2.2 Configuration Flow ................................................................................................ 8
2.3 Configuration Steps ..............................................................................................8
2.4 Configuration and Verification...............................................................................9
Chapter 3 Route Backup of static route ............................................................................1 1
3.1 Networking and Service Description ...................................................................1 1
3.2 Configuration Flows ............................................................................................1 1
3.3 Configuration Steps ............................................................................................1 1
3.4 Configuration and Verification.............................................................................1 2
3.5 Additional Tasks.................................................................................................. 1 4
Chapter 4 Basic Configuration of RIPv2 ...........................................................................1 6
4.1 Networking and Service Descriptions .................................................................1 6
4.2 Configuration Flows ............................................................................................1 6
C
Copyright2010
Lab Description
4.3 Configuration Steps ............................................................................................ 1 7

4.4 Configuration and Verification............................................................................. 1 7
4.5 FAQ..................................................................................................................... 2 2
Chapter 5 Route Aggregation of RIP ................................................................................ 2 4
5.1 Networking and Description ................................................................................ 2 4
5.2 Configuration Flows ............................................................................................ 2 5
Chapter 6 RIP Redistribution ............................................................................................ 3 0
6.1 Networking and Description ................................................................................ 3 0
6.2 Configuration Flow .............................................................................................. 3 1
6.5 FAQ..................................................................................................................... 3 6
Chapter 7 OSPF Single Area Configuration ..................................................................... 3 7
7.1 Networking and Service Description ................................................................... 3 7
7.2 Configuration Flow .............................................................................................. 3 8
7.5 FAQ..................................................................................................................... 4 2
Chapter 8 OSPF Multi-Area Configuration........................................................................ 4 3
8.1 Networking and Service Description ................................................................... 4 3
8.2 Configuration Flows ............................................................................................ 4 3
8.5 FAQ..................................................................................................................... 4 8
C
Copyright2010
Lab Description
Lab Description
Introduction
This Lab Guide introduces the configuration and operation of routing
protocol for HCDA-HNTD, including static routing, RIP and OSPF. The
trainees can get familiarity with the configuration of Huawei products
through these exercises, so as to grasp the routing protocol part of HNTD
and pass the HCDA exam.
Version
This Guide is applicable to VRP versions 3.4.
Objectives
z
Review the basic principle of routing protocol
Grasp the configuration of static route and default route
Grasp the configuration of RIPv2.
Grasp the configuration of OSPF.
Configure static route
Configure default route
Backup route by using static route
Achieve load sharing using static route
Basic Configuration of RIPv2
Route Aggregation of RIP
Configure the External Route Redistribution of RIP
Configure Single Area of OSPF
Configure Multiple Area of OSPF
Tasks
References
VRP 3.4 Operation Manual
C
Copyright2010
Chapter 1 Static Route Lab Guide

figture 1-1 Network Topology of Static Route Configuration

Router RT1 connect with RT2 through Ethernet. L1 is one of the loopback
interfaces of router. Configure static route to make two loopback interfaces
can communicate with each other.
1.2 Configuration Flow
Assign IP address to interfaces
Configure Static Route

figture 1-2 Static Route Configuration Flow
1.3 Configuration Steps

(1)
Configure Interfaces
Create Loopback1 interface in RT1 with IP address 1.1.1.1/32. Configure IP

address 12.1.1.1/30 for E0 interface.
Create Loopback1 interface in RT2 with IP address 2.2.2.2/32. Configure IP
address 12.1.1.2/30 for E0 interface.
(2)
C
Copyright2010
In RT1, configure a static route to the loopback address of RT2; meanwhile,

configure a static route to the loopback address of RT1 in RT2.

1.4.1 Configure interface address and verify.
1. Configure RT1:
[RT1] interface Ethernet 0
[RT1-Ethernet0] ip address 12.1.1.1 255.255.255.252
[RT1] interface LoopBack 1
[RT1-LoopBack1] ip address 1.1.1.1 255.255.255.255
2. Configure RT2
1.4.2 Configure static route

1. Configure RT1
[RT1] ip route-static 2.2.2.2 255.255.255.255 12.1.1.2
2. Configure RT2
1.4.3 Check routing information

[RT1] display ip routing-table
Routing Tables: Public
Destinations : 6
Destination/Mask
Routes : 6
Proto Pre Cost
NextHop
Interface
1.1.1.1/32 Direct 0
127.0.0.1
12.1.1.2
InLoopBack0
2.2.2.2/32 Static 60
Ethernet0
12.1.1.0/30 Direct 0
12.1.1.1
Ethernet0
C
Copyright2010

12.1.1.1/32 Direct 0
127.0.0.1
InLoopBack0
127.0.0.0/8
Direct 0
127.0.0.1
InLoopBack0
127.0.0.1/32 Direct 0
127.0.0.1
InLoopBack0
Destinations : 6
Destination/Mask
Routes : 6
Proto Pre Cost
NextHop
Interface
1.1.1.1/32 Static 60
12.1.1.1
127.0.0.1
Ethernet0
2.2.2.2/32 Direct 0
InLoopBack0
12.1.1.0/30 Direct 0
12.1.1.2
127.0.0.1
Ethernet0
12.1.1.2/32 Direct 0
InLoopBack0
127.0.0.0/8
Direct 0
127.0.0.1
127.0.0.1/32 Direct 0
127.0.0.1
InLoopBack0
InLoopBack0
1.4.4 Use ping command to check the connectivity

[RT1] ping -a 1.1.1.1 2.2.2.2
PING 2.2.2.2: 56 data bytes, press CTRL_C to break
2.2.2.2 ping statistics
5 packet(s) transmitted
0.00% packet loss
C
Copyright2010

[RT2] ping -a 2.2.2.2 1.1.1.1
0.00% packet loss
C
Copyright2010
Chapter 2 Default Route Configuration

figture 2-1 Default Route Configuration Networking Topology

Router RT1 connects RT2 through Ethernet interface. L1 is one of the
loopback interfaces of the routers. Configure static route so that the two
loopback interfaces can communicate with each other.
Configure IP address
Configure default route and static route
figture 2-2 Default Route Configuration Flow

(1)
Configure Interface
In RT1, create loopback 1 interface and configure IP address 1.1.1.1/32;

Configure IP address 12.1.1.1/30 for interface Ethernet interface 0.
In RT2, create loopback 1 interface and configure IP address 2.2.2.2/32;
Configure IP address 12.1.1.2/30 for interface Ethernet interface 0.
(2)
Configure default route and static route
C
Copyright2010
In RT1, configure a static route with the destination address as the loopback
address of RT2; In RT2, configure a static route with the destination address
as the loopback address of RT1.

2.4.1 Configure IP address and verify
1. Configure RT1:
[RT1 ]interface LoopBack 1
2. Configure RT2:
2.4.2 Configure default route

1. Configure RT1
2. Configure RT2
3. Check IP routing table

Destinations : 6
Destination/Mask
Routes : 6
Proto
Pre
Cost
NextHop
Interface
1.1.1.1/32
Direct 0
127.0.0.1
InLoopBack0
0.0.0.0/0
Static 60
12.1.1.2
Ethernet0
12.1.1.0/30
Direct 0
12.1.1.1
Ethernet0
12.1.1.1/32
Direct 0
127.0.0.1
InLoopBack0
127.0.0.0/8
Direct 0
127.0.0.1
InLoopBack0
127.0.0.1/32
Direct 0
127.0.0.1
InLoopBack0
C
Copyright2010

Destinations : 6
Destination/Mask
Routes : 6
Proto
1.1.1.1/32
Pre
NextHop
12.1.1.1
Ethernet0
127.0.0.1
InLoopBack0
Static 60
Cost
2.2.2.2/32
Direct 0
Interface
12.1.1.0/30
Direct 0
12.1.1.2
Ethernet0
12.1.1.2/32
Direct 0
127.0.0.1
InLoopBack0
127.0.0.0/8
Direct 0
127.0.0.1
InLoopBack0
127.0.0.1/32
Direct 0
127.0.0.1
InLoopBack0
2.4.3 Use ping command to check the connectivity

[RT1] ping -a 1.1.1.1 2.2.2.2
PING 2.2.2.2: 56

0.00% packet loss
[RT2] ping -a 2.2.2.2 1.1.1.1
PING 1.1.1.1: 56

0.00% packet loss
10
C
Copyright2010
Chapter 3 Route Backup of static route

RT1
L1:
1.1.1.1/32
E0
.1
12.1.1.0/30
E0
.2
.5
12.1.1.0/30
.6
RT2
L1:
2.2.2.2/32
S0
S0
figture 3-1 Networking topology for route backup of static route configuration
z
Router RT1 and Rt2 are connected through Ethernet interface and
serial port interface. L1 is the loopback interface in the router.
Configure the static route so that 1.1.1.1/32 and 2.2.2.2/32 can

communicate through a default route; they can also use the backup
route to communicate if the primary route is down.
3.2 Configuration Flows

Configure IP address

figture 3-2 Configuration flow of backup route of static route

(1)
Configure Interface
In RT1, create interface Loopback 1 with IP address 1.1.1.1/32; configure IP

address 12.1.1.1/30 for interface Ethernet 0; configure 12.1.1.5/30 for
interface serial 0.
C
Copyright2010
11
In RT2, create interface Loopback 1 with IP address 2.2.2.2/32;

configure IP address 12.1.1.2/30 for interface Ethernet 0; configure
12.1.1.6/30 for interface serial 0.
(2) Configure Static Route
In RT1, configure the primary static route and the backup static route which
destination address as the loopback address of RT2; In RT2,
configure the
primary static route and the backup static route with destination address as
the loopback address of RT1.

3.4.1 Configure IP address and check the connectivity
1. Configure RT1:
[RT1] interface Serial 0
[RT1-Serial0] ip address 12.1.1.5 255.255.255.252
2. Configure RT2:
[RT2]interface Ethernet 0
[RT2-Ethernet0]ip address 12.1.1.2 255.255.255.252
[RT2] interface Serial 0
[RT2-Serial0] ip address 12.1.1.6 255.255.255.252
[RT2]interface LoopBack 1
[RT2-LoopBack1]ip address 2.2.2.2 255.255.255.255
3. Configure Static Route

[RT1] ip route-static 2.2.2.2 255.255.255.255 12.1.1.6 preference 100
3.4.2 Check IP Routing Table

[RT1]display ip routing-table
12
C
Copyright2010

Destinations : 6
Destination/Mask
Routes : 6
Proto
Pre
Cost
NextHop
Interface
1.1.1.1/32
Direct 0
127.0.0.1
InLoopBack0
2.2.2.2/32
Static 60
12.1.1.2
Ethernet0
12.1.1.0/30
Direct 0
12.1.1.1
Ethernet0
12.1.1.1/32
Direct 0
127.0.0.1
InLoopBack0
127.0.0.0/8
Direct 0
127.0.0.1
InLoopBack0
127.0.0.1/32
Direct 0
127.0.0.1
InLoopBack0
Destinations : 6
Destination/Mask
Routes : 6
Proto
Pre
1.1.1.1/32
Static 60
2.2.2.2/32
Direct 0
Cost
NextHop
12.1.1.1
Ethernet0
Interface
127.0.0.1
InLoopBack0
12.1.1.0/30
Direct 0
12.1.1.2
Ethernet0
12.1.1.2/32
Direct 0
127.0.0.1
InLoopBack0
127.0.0.0/8
Direct 0
127.0.0.1
InLoopBack0
127.0.0.1/32
Direct 0
127.0.0.1
InLoopBack0
3.4.3 Use TRACERT command to check the connectivity and the route
used
[RT1] tracert -a 1.1.1.1
traceroute to
2.2.2.2
1 12.1.1.2 40 ms
30 ms
70 ms
[RT2]tracert -a 2.2.2.2 1.1.1.1

traceroute to
1 12.1.1.1 50 ms
60 ms
60 ms
3.4.4 Shutdown the primary interface, then check IP routing table again
[RT1-Ethernet0]shutdown
Destinations : 6
Destination/Mask
Proto
Routes : 6
Pre
Cost
NextHop
Interface
C
Copyright2010
13

1.1.1.1/32
Direct 0
127.0.0.1
InLoopBack0
2.2.2.2/32
Static 100
12.1.1.6
Serial0
12.1.1.0/30
Direct 0
12.1.1.1
Ethernet0
12.1.1.1/32
Direct 0
127.0.0.1
InLoopBack0
127.0.0.0/8
Direct 0
127.0.0.1
InLoopBack0
127.0.0.1/32
Direct 0
127.0.0.1
InLoopBack0
Destinations : 6
Destination/Mask
Proto
Routes : 6
NextHop
Interface
1.1.1.1/32
Static 100
Pre
0
Cost
12.1.1.5
Serial0
2.2.2.2/32
Direct 0
127.0.0.1
InLoopBack0
12.1.1.0/30
Direct 0
12.1.1.2
Ethernet0
12.1.1.2/32
Direct 0
127.0.0.1
InLoopBack0
127.0.0.0/8
Direct 0
127.0.0.1
InLoopBack0
127.0.0.1/32
Direct 0
127.0.0.1
InLoopBack0
The current active route is the backup route according to pre and next
hop field.
3.4.5 Use command tracert to check the connectivity and the used route
[RT1]tracert -a 1.1.1.1 2.2.2.2
traceroute to 2.2.2.2(2.2.2.2) 30 hops max,40 bytes packet
1 12.1.1.6 50 ms 60 ms 70 ms
[RT2]tracert -a 2.2.2.2 1.1.1.1
traceroute to 1.1.1.1(1.1.1.1) 30 hops max,40 bytes packet
1 12.1.1.5 40 ms 30 ms 30 ms
Seen from above, network 1.1.1.1/32 can communicate with network

2.2.2.2/32 through the backup static route.
3.5 Additional Tasks

QStatic route can not only implement backup solution but also implement
load sharing, please achieve load sharing base on the backup solution.
AThe backup route is not added to the IP routing table because the
preference value of the backup route is lower than the primary route.
14
C
Copyright2010
Loading sharing of the two static routes will be taken effect if two preference
value are the same.
C
Copyright2010
15
Chapter 4 Basic Configuration of RIPv2

4.1 Networking and Service Descriptions
figture 4-1 RIPv2 basic configuration networking topology

Router RT1, RT2, RT3 and RT4 are connected through Ethernet and serial
interface, L1 is the loopback interface of each router. Configure RIPv2 on
the routers so that network 3.3.3.3/32 can communicate with network
4.4.4.4/32.

Configure Interface
Run RIPv2
Enable RIPv2 on the

specified subnet
Configure RIPv2
figture 4-2 RIPV2 basic configuration flow

16
C
Copyright2010

(1) Configure Interface address
configure interface Ethernet 0/0/0 with IP address 12.1.1.1/30; configure
interface Serial 0/0/1 with IP address 13.1.1.1/30.
configure interface Ethernet 0/0/0 with IP address 12.1.1.2/30; configure
configure interface Serial 0/0/0 with IP address 13.1.1.2/30.
configure interface Serial 0/0/0 with IP address 24.1.1.2/30.
(2) Run RIP
Enable RIP in system-view.
(3)
Enable RIP on the specified subnet
Enable RIP on the specified subnet in RIP view.
(4)
Modify RIP version to 2 on the specified interface
Configure RIPv2 in the interface view and disable auto summary.

4.4.1 Configure Interface Address
1. Configure RT1:
[RT1] interface Ethernet 0/0/0
[RT1-Ethernet0/0/0] ip address 12.1.1.1 255.255.255.252
[RT1] interface Serial 0/0/1
[RT1-Serial0/0/1] ip address 13.1.1.1 255.255.255.252
2. Configure RT2:
[RT2]interface Ethernet 0/0/0
[RT2-Ethernet0/0/0]ip address 12.1.1.2 255.255.255.252
C
Copyright2010
17

3. Configure RT3:
4. Configure RT4:
4.4.2 Enable RIP and Enable RIP for the Specified Prefix
1. Configure RT1
[RT1] rip
[RT1-rip] network 1.0.0.0
2. Configure RT2
[RT2] rip
3. Configure RT3
[RT3] rip
4. Configure RT4
[RT4] rip
18
C
Copyright2010
4.4.3 Enable RIPv2 on the specified interfaces

1. Configure RT1
[RT1-Ethernet0/0/0]rip version 2
[RT1]interface Serial 0/0/1
[RT1-Serial0/0/1]rip version 2
[RT1]nterface loopback 1
[RT1-loopback1]rip version 2
2. Configure RT2
[RT1]interface loopback 1
3. Configure RT3
[RT3]interface serial 0/0/1
4. Configure RT4
4.4.4 Disable route summary

[RT1-rip]undo summary
4.4.5 Check IP Routing Table

C
Copyright2010
19

Destinations : 12
Destination/Mask
Routes : 12
Proto
Pre
Cost
0
NextHop
Interface
127.0.0.1
InLoopBack0
1.1.1.1/32
Direct 0
2.2.2.2/32
RIP
100
12.1.1.2
Ethernet0/0/0
3.3.3.3/32
RIP
100
13.1.1.2
Serial0/0/1
4.4.4.4/32
RIP
100
12.1.1.2
Ethernet0/0/0
12.1.1.0/30
Direct 0
12.1.1.1
Ethernet0/0/0
12.1.1.1/32
Direct 0
127.0.0.1
InLoopBack0
13.1.1.0/30
Direct 0
13.1.1.1
Serial0/0/1
13.1.1.1/32
Direct 0
127.0.0.1
InLoopBack0
13.1.1.2/32
Direct 0
13.1.1.2
Serial0/0/1
24.1.1.0/30
RIP
100
12.1.1.2
Ethernet0/0/0
127.0.0.0/8
Direct 0
127.0.0.1
InLoopBack0
127.0.0.1/32
Direct 0
127.0.0.1
InLoopBack0
Destinations : 12
Destination/Mask
Routes : 12
Proto
Pre
100
Cost
1
NextHop
12.1.1.1
Interface
1.1.1.1/32
RIP
2.2.2.2/32
Direct 0
3.3.3.3/32
RIP
100
12.1.1.1
Ethernet0/0/0
4.4.4.4/32
RIP
100
24.1.1.2
Serial0/0/1
127.0.0.1
Ethernet0/0/0
InLoopBack0
12.1.1.0/30
Direct 0
12.1.1.2
Ethernet0/0/0
12.1.1.2/32
Direct 0
127.0.0.1
InLoopBack0
13.1.1.0/30
RIP
24.1.1.0/30
Direct 0
24.1.1.1
Serial0/0/1
24.1.1.1/32
Direct 0
127.0.0.1
InLoopBack0
24.1.1.2/32
Direct 0
24.1.1.2
Serial0/0/1
100
12.1.1.1
Ethernet0/0/0
127.0.0.0/8
Direct 0
127.0.0.1
InLoopBack0
127.0.0.1/32
Direct 0
127.0.0.1
InLoopBack0
Destinations : 11
Destination/Mask
20
Proto
Routes : 11
Pre
Cost
NextHop
Interface
C
Copyright2010

1.1.1.1/32
RIP
100
24.1.1.1
Serial0/0/1
2.2.2.2/32
RIP
100
24.1.1.1
Serial0/0/1
3.3.3.3/32
RIP
100
24.1.1.1
Serial0/0/1
4.4.4.4/32
Direct 0
127.0.0.1
InLoopBack0
12.1.1.0/30
RIP
100
24.1.1.1
Serial0/0/1
13.1.1.0/30
RIP
100
24.1.1.1
Serial0/0/1
24.1.1.0/30
Direct 0
24.1.1.2
Serial0/0/1
24.1.1.1/32
Direct 0
24.1.1.1
Serial0/0/1
24.1.1.2/32
Direct 0
127.0.0.1
InLoopBack0
127.0.0.0/8
Direct 0
127.0.0.1
InLoopBack0
127.0.0.1/32
Direct 0
127.0.0.1
InLoopBack0
Destinations : 11
Destination/Mask
Routes : 11
Proto
Pre
Cost
NextHop
Interface
1.1.1.1/32
RIP
100
13.1.1.1
Serial0/0/1
2.2.2.2/32
RIP
100
13.1.1.1
Serial0/0/1
3.3.3.3/32
Direct 0
127.0.0.1
InLoopBack0
4.4.4.4/32
RIP
13.1.1.1
Serial0/0/1
100
12.1.1.0/30
RIP
100
13.1.1.0/30
Direct 0
13.1.1.2
Serial0/0/1
13.1.1.1/32
Direct 0
13.1.1.1
Serial0/0/1
13.1.1.2/32
Direct 0
127.0.0.1
InLoopBack0
24.1.1.0/30
RIP
13.1.1.1
Serial0/0/1
100
13.1.1.1
Serial0/0/1
127.0.0.0/8
Direct 0
127.0.0.1
InLoopBack0
127.0.0.1/32
Direct 0
127.0.0.1
InLoopBack0
4.4.6 Use command PING to check the connectivity

[RT3]ping -a 3.3.3.3 4.4.4.4
PING 4.4.4.4: 56

C
Copyright2010
21

0.00% packet loss

[RT4]ping -a 4.4.4.4 3.3.3.3
PING 3.3.3.3: 56

0.00% packet loss
4.5
FAQ
QIf you use RIPv1 to finish the exercise above, what are the difference
between the final IP routing table with RIPv2? Why?
AUsing RIPv1 to finish the exercise above, get the routing table as follow:
Destinations : 12
Destination/Mask
22
Routes : 12
Proto
Pre
Cost
0
NextHop
Interface
127.0.0.1
InLoopBack0
1.1.1.1/32
Direct 0
2.0.0.0/8
RIP
100
12.1.1.2
Ethernet0/0/0
3.0.0.0/8
RIP
100
13.1.1.2
Serial0/0/1
4.0.0.0/8
RIP
100
12.1.1.2
Ethernet0/0/0
12.1.1.0/30
Direct 0
12.1.1.1
Ethernet0/0/0
12.1.1.1/32
Direct 0
127.0.0.1
InLoopBack0
13.1.1.0/30
Direct 0
13.1.1.1
13.1.1.1/32
Direct 0
127.0.0.1
13.1.1.2/32
Direct 0
13.1.1.2
Serial0/0/1
InLoopBack0
Serial0/0/1
C
Copyright2010

24.0.0.0/8
RIP
100
12.1.1.2
Ethernet0/0/0
127.0.0.0/8
Direct 0
127.0.0.1
InLoopBack0
127.0.0.1/32
Direct 0
127.0.0.1
InLoopBack0
Because RIPv1 is one of the classful routing protocol, it will auto summary
the route into class, the route learned through RIPv1 are classful.
C
Copyright2010
23
Chapter 5 Route Aggregation of RIP

5.1 Networking and Description
figture 5-1 Route aggregation of RIP networking topology

Routers RT1, RT2, RT3 and RT4 are interconnected through Ethernet and
serial interfaces; L1 is the loopback interface of each router;
Configure RIPv2 on the routers and use auto route aggregation and manual
route aggregation so that network 3.3.3.1/32, 3.3.3.2/32 and 3.3.3.3/32 can
be summarized and send to the network.
This exercise is implemented on VRP5 platform.
24
C
Copyright2010

Configure Interface
Enable RIP
Enable RIP on the specified
Configure RIPv2
Configure RIP aggregation
figture 5-2 Configuration flow of RIPv2 summary

(1)
Configure Interface Address
In RT1, create interface Loopback1 with IP address 1.1.1.1/32; configure

interface Ethernet 0/0/0 with IP address 12.1.1.1/30; configure interface
Serial 0/0/1 with IP address 13.1.1.1/30.
In RT3, create interface Loopback1 with IP address 3.3.3.3/32; create
interface Loopback2 with IP address 3.3.3.1/32; create interface Loopback3
with IP address 3.3.3.2/32; configure interface Serial 0/0/0 with IP address
13.1.1.2/30.
(2)
Enable RIP
Enable RIP in the system-view.
C
Copyright2010
25
(3)
Enable RIP on the specified subnet
Enable RIP on the specified subnet in RIP view.
(4)
Modify RIP version to 2
Configure RIP version 2 in the interface view.
(5)
Configure RIP auto summary
RIP has already enable auto summary function by default.
(6)
Configure manual summary
Use command undo summary in the RIP view, use command ip

summary-address to configure manual summary.

5.4.1 Configure Interface IP address
1. Configure RT1:
2. Configure RT2:
3. Configure RT3:
[RT3] interface Loopback2
[RT3] interface Loopback3
26
C
Copyright2010
4. Configure RT4:
5.4.2 Enable RIP

1. Configure RT1
[RT1] rip
[RT1-rip-1] network 1.0.0.0
2. Configure RT2
[RT2] rip
3. Configure RT3
[RT3] rip
4. Configure RT4
[RT4] rip
5.4.3 Configure RIPv2 and disable auto summary on RT1, RT2 and RT4
1. Configure RT1
[RT1-rip-1] version 2
[RT1-rip-1] undo summary
2. Configure RT2
3. Configure RT3
C
Copyright2010
27
4. Configure RT4
5.4.4 RIP enable auto summary by default

Destinations : 12
Destination/Mask
Routes : 12
Proto
Pre
Cost
NextHop
Interface
127.0.0.1
InLoopBack0
1.1.1.1/32
Direct 0
2.2.2.2/32
RIP
100
12.1.1.2
Ethernet0/0/0
3.0.0.0/8
RIP
100
13.1.1.2
Serial0/0/1
4.4.4.4/32
RIP
100
12.1.1.2
Ethernet0/0/0
12.1.1.0/30
Direct 0
12.1.1.1
Ethernet0/0/0
12.1.1.1/32
Direct 0
127.0.0.1
InLoopBack0
13.1.1.0/30
Direct 0
13.1.1.1
Serial0/0/1
13.1.1.1/32
Direct 0
127.0.0.1
InLoopBack0
13.1.1.2/32
Direct 0
13.1.1.2
Serial0/0/1
24.1.1.0/30
RIP
100
12.1.1.2
127.0.0.0/8
Direct 0
127.0.0.1
127.0.0.1/32
Direct 0
127.0.0.1
Ethernet0/0/0
InLoopBack0
InLoopBack0
Seen from above, the route sent from RT3 has already been auto
summarized into classful route. But the routes sent from other routes are
still classless.
Similarly, network 3.0.0.0/32 can be seen after aggregation on RT2 and
RT4, other subnet are still classless.
5.4.5 Disable auto summary on RT3 and configure manual summary in the
interface view by using command rip summary, then check the IP routing
table on RT1
[RT3] interface serial 0/0/1
[RT3-Serial0/0/1] rip summary 3.3.3.0 255.255.255.0
28
C
Copyright2010

Destinations : 12
Destination/Mask
Routes : 12
Proto
Pre
Cost
NextHop
Interface
127.0.0.1
InLoopBack0
1.1.1.1/32
Direct 0
2.2.2.2/32
RIP
100
12.1.1.2
Ethernet0/0/0
3.3.3.0/24
RIP
100
13.1.1.2
Serial0/0/1
4.4.4.4/32
RIP
100
12.1.1.2
Ethernet0/0/0
12.1.1.0/30
Direct 0
12.1.1.1
Ethernet0/0/0
12.1.1.1/32
Direct 0
127.0.0.1
InLoopBack0
13.1.1.0/30
Direct 0
13.1.1.1
Serial0/0/1
13.1.1.1/32
Direct 0
127.0.0.1
InLoopBack0
13.1.1.2/32
Direct 0
13.1.1.2
Serial0/0/1
24.1.1.0/30
RIP
100
12.1.1.2
127.0.0.0/8
Direct 0
127.0.0.1
127.0.0.1/32
Direct 0
127.0.0.1
Ethernet0/0/0
InLoopBack0
InLoopBack0
Routes from RT3 have been aggregated, but the routes from other routers
are still classless.
Similarly, network 3.3.3.0/24 in the routing table of RT2 and RT4 is
summarized; all the other routes are still classless.
C
Copyright2010
29
Chapter 6 RIP Redistribution

6.1 Networking and Description
figture 6-1 RIP routing redistribution configuration network topology

z
RT1, RT2, RT3 and RT4 are connected through Ethernet cable and
serial cable; L1 is the loopback interface of each router.
RT1 communicates with RT3 through static route. RT1, RT2 and RT4
run RIPv2, import the static route on RT1 into RIPv2 in order that
network 3.3.3.3/32 and 4.4.4.4/32 can access each other.
30
C
Copyright2010

Configure Interface
Run RIP
Enable RIP on the specified
Configure RIPv2 in specified interfaces
Import the external

figture 6-2 configuration flow for RIP redistribution

(1) Configure IP address
In RT1, create interface Loopback 1 with IP address 1.1.1.1/32; configure
(2) Configure static route for RT1 and RT3
C
Copyright2010
31
In RT1, configure a static route with RT3 as the destination. In RT3,

configure a default route.
(3) Run RIP

Run RIP in the system-view.
(4) Enable RIP on the specified subnet

Enable RIP on the specified Subnet in the RIP view.
(5) Modify RIP version to 2 in specified interfaces

Configure RIP version 2 in the interface view.
(6) Import the external routes

Import the static route into RIP on RT1 and set the cost value to 5.

6.4.1 Configure IP address
1. Configure RT1:
2. Configure RT2:
3. Configure RT3:
4. Configure RT4:
32
C
Copyright2010

6.4.2 Configure static route

6.4.3 Enable RIP and disable auto summary

1. Configure RT1
[RT1] rip
[RT1-rip] undo summary
2. Configure RT2
[RT2] rip
3. Configure RT4
[RT4] rip
6.4.4 Configure RIP version 2

1. Configure RT1
[RT1]nterface loopback 1
2. Configure RT2
C
Copyright2010
33

3. Configure RT4
6.4.5 Import the external router

[RT1-rip] import-route static cost 5
6.4.6 Check routing table

[RT1]display ip
routing-table

Destinations : 12
Destination/Mask
Routes : 12
Proto
Pre
Cost
1.1.1.1/32
Direct 0
2.2.2.2/32
RIP
3.3.3.3/32
Static
4.4.4.4/32
RIP
100
Interface
127.0.0.1
InLoopBack0
12.1.1.2
60
100
NextHop
13.1.1.2
12.1.1.2
Ethernet0/0/0
Serial0/0/1
Ethernet0/0/0
12.1.1.0/30
Direct 0
12.1.1.1
Ethernet0/0/0
12.1.1.1/32
Direct 0
127.0.0.1
InLoopBack0
13.1.1.0/30
Direct 0
13.1.1.1
Serial0/0/1
13.1.1.1/32
Direct 0
127.0.0.1
InLoopBack0
13.1.1.2/32
Direct 0
13.1.1.2
Serial0/0/1
24.1.1.0/30
RIP
100
12.1.1.2
Ethernet0/0/0
127.0.0.0/8
Direct 0
127.0.0.1
InLoopBack0
127.0.0.1/32
Direct 0
127.0.0.1
InLoopBack0
Destinations : 11
34
Routes : 11
C
Copyright2010

Destination/Mask
Proto
Pre
100
Cost
1
NextHop
12.1.1.1
Interface
1.1.1.1/32
RIP
2.2.2.2/32
Direct 0
3.3.3.3/32
RIP
100
12.1.1.1
Ethernet0/0/0
4.4.4.4/32
RIP
100
24.1.1.2
Serial0/0/1
127.0.0.1
Ethernet0/0/0
InLoopBack0
12.1.1.0/30
Direct 0
12.1.1.2
Ethernet0/0/0
12.1.1.2/32
Direct 0
127.0.0.1
InLoopBack0
24.1.1.0/30
Direct 0
24.1.1.1
Serial0/0/1
24.1.1.1/32
Direct 0
127.0.0.1
InLoopBack0
24.1.1.2/32
Direct 0
24.1.1.2
Serial0/0/1
127.0.0.0/8
Direct 0
127.0.0.1
InLoopBack0
127.0.0.1/32
Direct 0
127.0.0.1
InLoopBack0
The routing table of RT4 is similar to RT2, seen from the routing table above;
RT1 import the static route into RIPv2 and announce them.

[RT3] ping -a 3.3.3.3 4.4.4.4
PING 4.4.4.4: 56

0.00% packet loss
[RT4]ping -a 4.4.4.4 3.3.3.3
PING 3.3.3.3: 56

C
Copyright2010
35
0.00% packet loss
6.5
FAQ
QHow to control the router to import only one static route if RT1 have more
than one static route?
AUse route-policy to import the specified route when the route redistributed,
or use command filter-policy to filter the undesired route when the routes
are announced.
36
C
Copyright2010
Chapter 7 OSPF Single Area Configuration
Chapter 7 OSPF Single Area Configuration

figture 7-1 Network topology for OSPF single area configuration

z
RT1, RT2, RT3 and RT4 are connected through Ethernet cable and
serial cable; L1 is one of the loopback interfaces of each router.
All routers run OSPF and all interfaces of the routers belong to OSPF
AREA 0.
As a result, all subnets can access each other.
C
Copyright2010
37
Chapter 7
OSPF Single Area Configurati on

Configure Interface
Configure Router ID
Enable OSPF
Create Area 0
Announce the Subnet

figture 7-2 OSPF single area configuration flow

(1) Configure interface
(2) Configure Router ID

Configure 1.1.1.1 as Router ID of RT1.
38
C
Copyright2010
Chapter 7
(3) Enable OSPF

Enable OSPF in the system-view.
(4) Create OSPF area 0

Create OSPF area 0 in the OSPF view.
(5) Announce the subnets

Announce the corresponding subnets in the OSPF area view.

7.4.1 Configure interface address
1. Configure RT1
2. Configure RT2
3. Configure RT3
4. Configure RT4
C
Copyright2010
39
Chapter 7
7.4.2 Configure Router ID

[RT1] router id 1.1.1.1
7.4.3 Run OSPF and announce the subnet in the specified area
1. Configure RT1
[RT1] ospf
[RT1-ospf-1]area 0
[RT1-ospf-1-area-0.0.0.0] network 1.1.1.1 0.0.0.0
2. Configure RT2
[RT2] ospf
[RT2-ospf-1]area 0
3. Configure RT3
[RT3] ospf
[RT3-ospf-1]area 0
4. Configure RT4
[RT4] ospf
[RT4-ospf-1]area 0
7.4.4 Check OSPF neighbor relationship

[RT1]display ospf peer
OSPF Process 1 with Router ID 1.1.1.1
Neighbors
40
C
Copyright2010
Chapter 7
Area 0.0.0.0 interface 12.1.1.1(Ethernet0/0/0)'s neighbors

Router ID: 2.2.2.2
State: Full
Address: 12.1.1.2
Mode:Nbr is
DR: 12.1.1.1
Master
BDR: 12.1.1.2
Dead timer due in 36
GR State: Normal
Priority: 1
MTU: 0
sec
Neighbor is up for 00:14:13

Authentication Sequence: [ 0 ]
Neighbors
Area 0.0.0.0 interface 13.1.1.1(Serial0/0/1)'s neighbors
Router ID: 3.3.3.3
State: Full
DR: None
Address: 13.1.1.2
Mode:Nbr is
BDR: None
Master
GR State: Normal
Priority: 1
MTU: 0
sec

RT2, RT3 and RT4 are similar to RT1.

The status of neighbor is FULL; that means the neighbor relationship has
been established.
7.4.5 Check IP routing table

Destinations : 12
Destination/Mask
Routes : 12
Proto
Pre
Cost
NextHop
127.0.0.1
Interface
1.1.1.1/32
Direct
2.2.2.2/32
OSPF
10
12.1.1.2
InLoopBack0
3.3.3.3/32
OSPF
10
1563
13.1.1.2
Serial0/0/1
4.4.4.4/32
OSPF
10
1564
12.1.1.2
Ethernet0/0/0
Ethernet0/0/0
12.1.1.0/30
Direct
12.1.1.1
Ethernet0/0/0
12.1.1.1/32
Direct
127.0.0.1
InLoopBack0
13.1.1.0/30
Direct
13.1.1.1
Serial0/0/1
13.1.1.1/32
Direct
127.0.0.1
InLoopBack0
13.1.1.2/32
Direct
24.1.1.0/30
OSPF
127.0.0.0/8
10
Direct
13.1.1.2
1563
0
12.1.1.2
127.0.0.1
Serial0/0/1
Ethernet0/0/0
InLoopBack0
C
Copyright2010
41
Chapter 7
127.0.0.1/32
Direct
127.0.0.1
InLoopBack0

RT1 has already learned all the other routes by using OSPF.

[RT3] ping -a 3.3.3.3 4.4.4.4
PING 4.4.4.4: 56

0.00% packet loss
All the other subnets can be verified by command ping.
7.5
FAQ
QFor OSPF practice, if you find the neighbor relationship between two
routers is abnormal, what commands are used to find the trouble?
AUse display ospf error to display all OSPF error information, user can
locate the trouble according to the error information.
42
C
Copyright2010
Chapter 8 OSPF Multi-Area Configuration
Chapter 8 OSPF Multi-Area Configuration

figture 8-1 Network topology for OSPF Multi-Area configuration

z
RT1, RT2, RT3 and RT4 run the OSPF concurrently. All routers are
connect with eath other through Ethernet and serial cable. L1 is the
Loopback interface.
All routers can learn the routing information through OSPF.

Configure Interface
Configure Router
Enable OSPF
Create Area
Announce Subnets
figture 8-2 OSPF Multi-Area Configuration Flows
C
Copyright2010
43
Chapter 8
OSPF Multi-AreaConfigurati on

(1)
Configure interface

(2)
Configure Router ID

(3)
Enable OSPF
Enable OSPF in the system-view.
(4)
Create OSPF area
Create areas in the OSPF view.
(5)
Announce the subnets
Announce the subnet in corresponding area view.

8.4.1 Configure interface address
1. Configure RT1
44
C
Copyright2010
Chapter 8
2. Configure RT2
3. Configure RT3
4. Configure RT4
8.4.2 Configure Router ID

8.4.3 Enable OSPF

1. Configure RT1
[RT1] ospf
[RT1-ospf-1]area 0
\\Create the backbone area
[RT1-ospf-1]area 1
\\Create the normal area 1
2. Configure RT2
[RT2] ospf
[RT2-ospf-1]area 0
[RT2-ospf-1]area 2
C
Copyright2010
45
Chapter 8
3. Configure RT3
[RT3] ospf
[RT3-ospf-1]area 1
4. Configure RT4
[RT4] ospf
[RT4-ospf-1]area 2
8.4.4 Announce the segment in the specified area

1. Configure RT1
2. Configure RT2
3. Configure RT3
4. Configure RT4
8.4.5 Check OSPF neighbor relationship

[RT1]display ospf peer
OSPF Process 1 with Router ID 1.1.1.1
Neighbors
Area 0.0.0.0 interface 12.1.1.1(Ethernet0/0/0)'s neighbors
Router ID: 2.2.2.2
State: Full
DR: 12.1.1.1
Address: 12.1.1.2
Mode:Nbr is
Master
BDR: 12.1.1.2
GR State: Normal
Priority: 1
MTU: 0
sec

Neighbors
46
C
Copyright2010
Chapter 8
Area 0.0.0.1 interface 13.1.1.1(Serial0/0/1)'s neighbors

Router ID: 3.3.3.3
State: Full
DR: None
Address: 13.1.1.2
Mode:Nbr is
BDR: None
Master
GR State: Normal
Priority: 1
MTU: 0
sec


As ABR, RT1 connect Area 0 and Area 1, and form neighborhood with the
routers in the corresponding areas; the neighbor state machine is full.
8.4.6 Check IP routing table

Destinations : 12
Destination/Mask
Routes : 12
Proto
Pre
Cost
NextHop
127.0.0.1
Interface
1.1.1.1/32
Direct
2.2.2.2/32
OSPF
10
12.1.1.2
InLoopBack0
3.3.3.3/32
OSPF
10
1563
13.1.1.2
Serial0/0/1
4.4.4.4/32
OSPF
10
1564
12.1.1.2
Ethernet0/0/0
Ethernet0/0/0
12.1.1.0/30
Direct
12.1.1.1
Ethernet0/0/0
12.1.1.1/32
Direct
127.0.0.1
InLoopBack0
13.1.1.0/30
Direct
13.1.1.1
Serial0/0/1
13.1.1.1/32
Direct
127.0.0.1
InLoopBack0
13.1.1.2/32
Direct
24.1.1.0/30
OSPF
10
13.1.1.2
1563
12.1.1.2
Serial0/0/1
Ethernet0/0/0
127.0.0.0/8
Direct
127.0.0.1
InLoopBack0
127.0.0.1/32
Direct
127.0.0.1
InLoopBack0
RT2, RT3 and RT4 are similar RT1.

RT1 learn the route to other subnets through OSPF.

[RT3] ping -a 3.3.3.3 4.4.4.4
PING 4.4.4.4: 56
C
Copyright2010
47
Chapter 8

0.00% packet loss
Seemingly, ping the other subnets to check the connectivity.
8.5
FAQ
QFor OSPF labs, Single area experiment and multi-area experiment get
the same routing information, so what is the advantage of multi-area?
AUse multiple areas to reduce the size of LSDB, and also reduce the
calculation of SPF. Use display ospf lsdb to check the difference.
48
C
Copyright2010
Section 3
Switching Tech. Laboratory Guide
Section 3 Switching Technology
Table of Contents
Table of Contents
Lab Description ............................................................................................................... 1
Introductions ........................................................................................................... 1
Version .................................................................................................................... 1
Objectives ............................................................................................................... 1
Tasks....................................................................................................................... 1
References.............................................................................................................. 1
Chapter 1 Ethernet Port Auto Negotiation ...................................................................... 2
1.1 Networking and Service Description ................................................................. 2
1.2 Configuration Flow ............................................................................................ 2
1.3 Configuration Steps .......................................................................................... 2
1.4 Configuration and Verification ........................................................................... 3
Chapter 2 Manual Port Aggregation ............................................................................... 7
2.3 Configuration Steps .......................................................................................... 7
Chapter 3 Basic Configuration of VLAN........................................................................ 10
3.1 Networking and Service Description ............................................................... 10
3.2 Configuration Flow .......................................................................................... 10
3.3 Configuration Steps ........................................................................................ 10
3.4 Configuration and Verification ......................................................................... 11
Chapter 4 Route on Stick Configuration ....................................................................... 14
C
Copyright2010
Table of Contents
Chapter 5 Inter-VLAN Routing Configuration................................................................ 18

Chapter 6 STP Configuration........................................................................................ 24
6.2 Configuration Flows ........................................................................................ 24
Chapter 7 VRRP Configuration ..................................................................................... 36
ii

Copyright
Lab Description
Lab Description
Introductions
This Lab Guide introduces the configuration and operation of Ethernet
switching technology for HCDA-HNTD, including the technology of
Ethernet port, VLAN, VLAN routing, STP and VRRP; the trainees can get
familiarity with the configuration of Huawei products through these
exercises, so as to grasp the technology of HNTD and pass the HCDA
exam.
Version
This guide is applicable to VRP versions 3.
Objectives
z
To grasp Ethernet principle
To grasp the configuration of VLAN and VLAN Routing
To grasp the configuration of STP
To grasp the configuration of VRRP
Ethernet port auto negotiation
Static port aggregation
VLAN Basic configuration
Route on stick configuration
VLAN Routing Configuration
STP Basic Configuration and Root Bridge Configuration
Configuration of VRRP Single Backup Group
Configuration of VRRP Multiple Backup Group
Configuration of VRRP Up-link Port Monitoring
Tasks
References
VRP 3 Operation Manual
C
Copyright2010
Chapter 1
Ethernet Port AutoNegotiation
Chapter 1 Ethernet Port Auto Negotiation

figture 1-1 Ethernet Port Auto Negotiation Topology

z
SW2 connect SW3 through Ethernet interface; modify the speed and
duplex mode of interface Ethernet 0/6 of SW2, then check the status
of interface Ethernet 0/6 of SW3. The objective is to get familiar with
the principle of Ethernet auto negotiation.

Configure the speed and
duplex mode
Check the status of

remote interface
figture 1-2 Configuration flow for Ethernet Auto Negotiation

(1)
Configure Ethernet Port
Use the command speed to configure the operating speed of the interface
Ethernet 0/6 on SW2.
Use the command duplex to configure the operating mode of the interface
Ethernet0/6 on SW3.
Check the status of interface Ethernet 0/6 in RT3
2
C
Copyright2010
Chapter 1

1. Display the default status of the ethernet port 0/6 of SW2 and SW3.
[SW2]display interface e0/0/6
Ethernet0/0/6 current state : UP
Description : Huawei, Quidway Series, Ethernet0/0/6 Interface,
Switch Port
PVID :
The Maximum Transmit Unit is 1500 bytes, The Maximum Frame

Length is 1600
Internet protocol processing : disabled
IP Sending Frames' Format is PKTFMT_ETHNT_2, Hardware address
is 0025-9e74-19c9
AUTO NEGOTIATION, SPEED 100M, DUPLEX FULL, LOOPBACK NOT SET;
The status of Ethernet 0/6 of SW3 is the same with Ethernet 0/6 of SW2,
both of them are 100M Full duplex mode after auto negotiation.
1.4.2 Configure Port

1. Configure the operation speed of ethernet 0/6 of SW2
[SW2-Ethernet0/0/6]undo negotiation auto
[SW2-Ethernet0/0/6]speed 100
[SW2-Ethernet0/0/6]display interface Ethernet 0/0/6
Switch Port
PVID :

Length is 1600
is 0025-9e74-19c9
NO AUTO NEGOTIATION, SPEED 100M, DUPLEX FULL, LOOPBACK NOT SET;
Now, the operation speed of interface Ethernet 0/6 of SW2 is 100M and the
Duplex mode is Full duplex.
Check the status of interface Ethernet 0/6 of SW3:
C
Copyright2010
Chapter 1
[SW3]display interface Ethernet 0/0/6

Switch Port
PVID :
The Maximum Transmit Unit is 1500 bytes

is 0018-82d7-81a5
The interface status of Ethernet 0/6 of SW3 is 100M and Full duplex after
negotiation.
Try to modify the operation speed of Ethernet 0/6 of SW2 to 10M:
[SW2]interface Ethernet 0/6
[SW2-Ethernet0/6]speed 10
Switch Port
PVID :

Length is 1600
is 0025-9e74-19c9
NO AUTO NEGOTIATION, SPEED 10M, DUPLEX FULL, LOOPBACK NOT SET;
The interface status of Ethernet 0/6 of SW2 is 10M and the duplex mode is
Full duplex.
Check the status of Ethernet 0/6 of SW3:
Switch Port
PVID :
C
Copyright2010
Chapter 1

is 0018-82d7-81a5
The status of interface Ethernet 0/6 of SW3 is 10M and full duplex.
2. Configure the operation mode of ethernet 0/6 of SW2:
[SW2-Ethernet0/6]duplex half
Switch Port
PVID :

Length is 1600
is 0025-9e74-19c9
NO AUTO NEGOTIATION, SPEED 10M, DUPLEX HALF, LOOPBACK NOT SET;
The interface operation speed of Ethernet 0/6 of SW2 is set to 10M and the
duplex mode is half duplex.
Check the status of interface Ethernet 0/6 of SW3:
Switch Port
PVID :

is 0018-82d7-81a5
AUTO NEGOTIATION, SPEED 10M, DUPLEX HALF, LOOPBACK NOT SET;
The interface status of Ethernet 0/6 of SW3 is set to 10M and the operation
mode is half duplex after auto negotiation.
C
Copyright2010
Chapter 1
Seen from above, the result of auto negotiation is the best operation mode
of two sides, which they can support. The fiber does not support
negotiation.
C
Copyright2010
Chapter 2 Manual Port Aggregation

figture 2-1 Manual port aggregation network topology

SW2 and SW3 connect through two twist pair cables, aggregate the two
links to increase the bandwidth and realize loading-balance.

Create Eth-Trunk Interface
Delete the default configuration on ports
Associate the ports with the Eth-Trunk
figture 2-2 Configuration flow of manual port aggregation

(1)
Configure Ether-trunk interface
Configure virtual Ether-trunk Interface on both switches

(2)
Delete default configuration on proper ports of both switches
(3)
Add the ports into the ether-trunk
Associate the configured ports with the Ether-trunk
C
Copyright2010

2.4.1 Create Ether-trunk interface on both SW2 and SW3
[SW2]interface Eth-trunk 1
[SW2-Eth-Trunk1]quit
[SW3]interface Eth-trunk 1
[SW3-Eth-Trunk1]quit
2.4.2 Delete default configuration on proper ports of both switches

1. Configure on SW2
[SW2-Ethernet0/0/6]undo port default vlan
[SW2-Ethernet0/0/6]bpdu disable
[SW2-Ethernet0/0/6]undo ntdp enable
[SW2-Ethernet0/0/6]undo ndp enable
[SW2-Ethernet0/0/6]interface Ethernet 0/7
2. Configure on SW3
[SW2-Ethernet0/0/6]interface Ethernet 0/7
C
Copyright2010
2.4.3 Associate the configured ports with the Ether-trunk on both SW2 and
SW3
1. Configure on SW2
[SW2]interface Ethernet0/0/6
[SW2-Ethernet0/0/6]eth-trunk 1
2. Configure on SW3
2.4.4 Verify Port Aggregation

<SW3>display eth-trunk 1
Eth-Trunk1's state information is:
WorkingMode: NORMAL
Hash arithmetic: According to MAC
Least Active-linknumber: 1 Max

Bandwidth-affected-linknumber: 8
Operate status: up
Number Of Up Port In Trunk: 2
--------------------------------------------------------PortName
Status
Weight
Ethernet0/0/6
Up
Ethernet0/0/7
Up
The verification on SW3 and SW2 are the same

With the verification information above, the aggregation of E0/6 and
E0/7 is successful. E0/6 is the main port, and E0/7 is the sub-port.
C
Copyright2010
Chapter 3 Basic Configuration of VLAN

E0/1
E0/1
SW2
SW3
E0/8
E0/9
E0/8
PC21:VLAN10 PC22:VLAN20
IP:172.16.1.21 IP:172.16.1.22
PC31:VLAN10
IP:172.16.1.31
E0/9
PC32:VLAN20
IP:172.16.1.32
figture 3-1 VLAN configuration network topology

z
SW2SW3 are connected with a twisted pair cable. User PC in

VLAN10 and VLAN20 connect to SW2 and SW3 respectively as
shown in the above figure. PC21 and PC31 in VLAN10 need to be
interconnected; meanwhile, PCs in VLAN10 cannot access to PCs in
VLAN20.
Create VLAN
Configure Port VLAN

figture 3-2 Configure flow of VLAN

(1)
10
Create VLAN
C
Copyright2010
Create VLAN10, VLAN20 on SW2 and SW3

(2)
Configure
Port VLAN
Two methods to configure access port

z
Add the corresponding port in the VLAN view. For example, add
interface E0/8 in VLAN 10, add interface E0/9 in VLAN 20.
Configure the VLAN of the port in the local port view. For example,
configure VLAN 10 in the port view of E0/8 on SW2.
This experiment uses the first method.

The interfaces of the switches need to permit many VLANs to pass, so the
link-type of the port should set to be trunk at first, and then configure the
VLAN ID permitted on the port.

3.4.1 Create VLAN
1. Configure SW2
//Add the corresponding port in the VLAN view
[SW2] vlan10
[SW2-vlan10] port Ethernet 0/8
[SW2] vlan20
2. Configure SW3
//add the corresponding port in the VLAN view
[SW3] vlan10
[SW3] vlan 20
[SW3-vlan20]port Ethernet 0/9
3.4.2 Configure Trunk port

1. Configure SW2
//Configure the link-type of the port to be trunk and permit the passing of
VLAN10 and VLAN 20
[SW2-Ethernet0/0/1] undo port default vlan
[SW2-Ethernet0/0/1] port link-type trunk
[SW2-Ethernet0/0/1] port trunk allow-pass vlan 10 20
C
Copyright2010
11
2. Configure SW3
//Configure the link-type of the port to be trunk and permit the passing of
VLAN10 and VLAN 20
[SW3-Ethernet0/0/1] undo port default vlan
[SW3-Ethernet0/0/1] port link-type trunk
[SW3-Ethernet0/0/1] port trunk allow-pass vlan 10 20
3.4.3 Verification
1. Display the state of the interface
[SW3]display interface Ethernet 0/8
Ethernet0/8 current state : UP
is 000f-e221-3780
The Maximum Transmit Unit is 1500
Media type is twisted pair, loopback not set
Port hardware type is 100_BASE_TX
100Mbps-speed mode, full-duplex mode
Link speed type is autonegotiation, link duplex type is
autonegotiation
Flow-control is not enabled
Port-flow-constrain has not been configured completely
The Maximum Frame Length is 1552
Broadcast MAX-ratio: 100%
PVID: 10
Mdi type: auto
Port link-type: access
Tagged
VLAN ID : none
Untagged VLAN ID : 10
With the verification information shown above, the link-type of E0/8 on SW3
is access, and this port only permits the passing of VLAN10. For other
access ports, such as E0/9 on SW3, E0/8,E0/9 on SW2, the interface
information are similar to E0/8 on SW3.
[SW2]display port allow-vlan Ethernet0/0/1
Port
Status
PVID
allowed on trunk
12
C
Copyright2010
vlans
---------------------------------------------------------Ethernet0/0/1
trunking
0
10
Ethernet0/0/1
trunking
20
From above, the link-type of E0/1 on SW2 is Trunk, and it permits traffic of
VLAN10 and VLAN20 to pass. For other trunk port, such as E0/1 on SW3,
the interface information is similar to E0/1 on SW3.
2. Check the connectivity of PC21,PC22,PC31,PC32
Use ping to check the connectivity between different VLANs.
PC21 and PC31 of VLAN10 can access each other through switches;
PC22 and PC32 of VLAN20 can access each other through switches; but
PCs in different VLAN cannot access each other.
C
Copyright2010
13
Chapter 4 Route on Stick Configuration

figture 4-1 network topology for route on stick configuration

SW1 and RT1 connect through a twisted cable. User PCs in VLAN10 and
VLAN20 connect to SW1, as shown above. PC21 in VLAN10 and PC20 in
VLAN20 access each other through RT3.
14
C
Copyright2010

Create VLAN
Configure VLAN
on the port
Configure sub-interface
on the router
figture 4-2 Configure flow of route on a stick

(1)
Create VLAN
Create VLAN10,VLAN20 on SW1

(2)
Configure VLAN on the port
Add the corresponding port in the VLAN view: Add E0/8 in the view of
VLAN10 on SW1; add E0/9 in the view of VLAN20.
The port linking the switch and the router permits several VLAN to pass, so
configure the link-type of the port to be TRUNK and then configure the
VLAN ID permitted.
(3)
Configure the sub-interface in the router
Create sub-interface on the port E0/0 linking to SW1, and configure the
corresponding VLAN ID and IP address of the sub-interface.

4.4.1 Create VLAN
1. Configure SW1
[SW1] vlan10
C
Copyright2010
15

[SW1] vlan20
4.4.2 Configure trunk port

1. Configure SW2
//Configure the port to be trunk
[SW2-Ethernet0/1] undo port default vlan
[SW2-Ethernet0/1] port link-type trunk
//The port permits VLAN10 and VLAN20 to pass
[SW2-Ethernet0/1] port trunk allow-pass vlan 10 20
4.4.3 Configure the sub-interface in the router

[RT3]interface Ethernet 0/0/0.1
[RT3-Ethernet0/0/0.1]vlan-type dot1q vid 10
[RT3-Ethernet0/0/0.1]ip address 172.16.10.1 255.255.255.0
[RT3]interface Ethernet 0/0/0.2
[RT3-Ethernet0/0/0.2]vlan-type dot1q vid 20
[RT3-Ethernet0/0/0.2]ip address 172.16.20.1 255.255.255.0
Check the IP routing table on the router

Routing Table: public net
Destination/Mask
Protocol Pre Cost
Nexthop
Interface
127.0.0.0/8
DIRECT
127.0.0.1
InLoopBack0
127.0.0.1/32
DIRECT
127.0.0.1
InLoopBack0
172.16.10.0/24
DIRECT
0 172.16.10.1
172.16.10.1/32
DIRECT
172.16.20.0/24
DIRECT
0 172.16.20.1
DIRECT
Ethernet0/0/0.1
127.0.0.1
InLoopBack0
Ethernet0/0/0.2
172.16.20.1/32
127.0.0.1
InLoopBack0
The sub-interface is in the ip routing table.
16
C
Copyright2010
4.4.4 Verification
1. Check of the connectivity of PC21 and PC22
Check the connectivity of PC21 and PC22 using ping.
PC21 in VLAN10 and PC22 in VLAN20 can access each other.
C
Copyright2010
17
Chapter 5 Inter-VLAN Routing Configuration
Chapter 5 Inter-VLAN Routing Configuration

figture 5-1 Network topology of inter-VLAN routing

SW2 and SW3 connect with a twist pair cable. User PCs connect to SW2
and SW3, as shown above. User PC21 and PC31 in VLAN10 and PC22 in
VLAN20 can access each other through static route.
18
C
Copyright2010
Chapter 5 Inter-VLAN Routi ngConfigurati on
Create VLAN
Configure port VLAN
Configure layer3
interface in the router

figture 5-2 Configure flow of inter-VLAN routing

(1)
Create VLAN
Create VLAN10, VLAN20 on SW2

Create VLAN10 on SW3
(2)
Configure port VLAN
Add E0/8 to VLAN10 on SW2, add E0/9 to VLAN20 on SW2

Add E0/8 to VLAN10 on SW3
(3)
Configure layer3 interface
On SW2, configure the IP address 172.16.10.1/24 for the layer3 interface

of VLAN10, 172.16.20.1/24 for the layer3 interface of VLAN20,
172.16.1.1/30 for the layer3 interface of VLAN1.
On SW3, configure the ip address 172.16.30.1/24 for the layer3 interface of
VLAN10, 172.16.1.2/30 for the layer3 interface of VLAN1.
(4)
On SW2, configure the static route to the network segment of

172.16.30.0/24 with the next-hop 172.16.1.2.
On SW3, configure the static route to the network segment of
172.16.10.0/24 and 172.16.20.0/24 with the next-hop 172.16.1.1.
C
Copyright2010
19

5.4.1 Create VLAN, add the ports to the corresponding VLAN
1. Configure SW2
[SW2] vlan10
[SW2] vlan20
2. Configure SW3
[SW3] vlan10
5.4.2 Configure layer3 interface

1. Configure SW2
[SW2]interface Vlan-interface 10
[SW2-Vlan-interface10] ip address 172.16.10.1 255.255.255.0
Check the state of layer3 interface

[SW2]display interface vlan 10
Vlan-interface10 current state : UP
Line protocol current state : UP
is 000f-e221-378a
Internet Address is 172.16.10.1/24 Primary
Description : HUAWEI, Quidway Series, Vlan-interface10
Interface
Attention: only when at least one interface in the VLAN is UP, the layer3
interface of the VLAN would be UP.
The states of the layer3 interface of VLAN20, VLAN1 are the same as
VLAN10, so all of the layer3 interfaces on SW2 are UP.
2. Configure SW3
20
C
Copyright2010

Check the state of layer3 interface

[SW3]display interface vlan 10
Vlan-interface10 current state : UP
is 000f-e253-031a
Internet Address is 172.16.30.1/24 Primary
Description : HUAWEI, Quidway Series, Vlan-interface10
Interface
The state of the layer3 interface of VLAN1 is the same as VLAN10, so all
the layer3 interface on SW3 are UP.
5.4.3 Configure the static route

1. Configure SW2
[SW2]ip route-static 172.16.30.0 255.255.255.0 172.16.1.2
Check the ip routing table

[SW2]dis ip routing-table
Destination/Mask Protocol Pre Cost
Nexthop
Interface
127.0.0.0/8
DIRECT 0
127.0.0.1
InLoopBack0
127.0.0.1/32
DIRECT 0
127.0.0.1
InLoopBack0
172.16.1.0/30
DIRECT 0
172.16.1.1
172.16.1.1/32
DIRECT 0
127.0.0.1
172.16.10.0/24
DIRECT 0
172.16.10.1
172.16.10.1/32
DIRECT 0
127.0.0.1
172.16.20.0/24
DIRECT 0
172.16.20.1
DIRECT 0
127.0.0.1
Vlan-interface1
InLoopBack0
Vlan-interface10
InLoopBack0
Vlan-interface20
172.16.20.1/32
172.16.30.0/24
STATIC 60 0
InLoopBack0
172.16.1.2
Vlan-interface1
Seen from above, the static route is active in the ip routing table.
C
Copyright2010
21
2. Configure SW3
Check the ip routing table

[SW3]display ip routing-table
Destination/Mask
Protocol Pre Cost
Nexthop
Interface
127.0.0.0/8
DIRECT
127.0.0.1
InLoopBack0
127.0.0.1/32
DIRECT
127.0.0.1
InLoopBack0
172.16.1.0/30
DIRECT
172.16.1.2
172.16.1.2/32
DIRECT
127.0.0.1
172.16.10.0/24
STATIC
60
0 172.16.1.1
STATIC
60
0 172.16.1.1
DIRECT
172.16.30.1
DIRECT
127.0.0.1
Vlan-interface1
InLoopBack0
Vlan-interface1
172.16.20.0/24
Vlan-interface1
172.16.30.0/24
Vlan-interface10
172.16.30.1/32
InLoopBack0
Seen from above, the static route is active in the ip routing table.
5.4.4 Verification
1. Check of the connectivity of PC21,PC22,PC31
Use ping command to check the connectivity of PC21,PC22 and PC31.
C:\>ping 172.16.30.31
Pinging 172.16.30.31 with 32 bytes of data:
Reply from 172.16.30.31: bytes=32 time=1ms TTL=254
Ping statistics for 172.16.30.31:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 1ms, Maximum = 2ms, Average = 1ms
22
C
Copyright2010
Same operation in PC21, PC22, PC31.

As a result, PC21, PC22, PC31 can access each other.
C
Copyright2010
23
Chapter 6 STP Configuration

figture 6-1 Network topology of STP configuration

z
SW1, SW2 and SW3 connect with each other through Ethernet, using
STP to prevent the loop.
Manipulate the selection of the root bridge through the change of the
priority of the bridges
Enable STP
Configure bridge priority
figture 6-2 Configure flow of STP

(1)
24
Enable STP.
C
Copyright2010
Configure the running mode of STP to be STP (RSTP by default) in the

system view, and enable STP.
(2)
Configure the bridge priority.
Change the bridge priority of SW1 to be 8192 to make SW1 the root switch

6.4.1 Enable STP
1. Configure SW1
[SW1]stp mode stp
[SW1]stp enable
2. Configure SW2
[SW2]stp mode stp
[SW2]stp enable
3. Configure SW3
[SW3]stp mode stp
[SW3]stp enable
After configuration, check the STP information in each switch.

[SW1]display stp
Protocol mode: IEEE compatible STP
The bridge ID (Pri.MAC): 32768.00e0-fc41-43b9 //local bridge
ID
The bridge times: Hello Time 2 sec, Max Age 20 sec, Forward
Delay 15 sec
Root bridge ID(Pri.MAC): 32768.00e0-fc18-05d0 //root bridge
ID
Root path cost: 200
Bridge bpdu-protection: disabled
Timeout factor: 3
Port 1 (Ethernet0/1) of bridge is Discarding //current port
state
Port spanning tree protocol: enabled
Port role: Alternate Port
//current port state
Port path cost: 200

Port priority: 128
Designated bridge ID(Pri.MAC): 32768.00e0-fc41-3e99
The Port is a non-edged port
C
Copyright2010
25
Connected to a point-to-point LAN segment

Maximum transmission limit is 3 Packets / hello time
Times: Hello Time 2 sec, Max Age 20 sec
Forward Delay 15 sec, Message Age 1
BPDU sent:
TCN: 0, RST: 0, Config BPDU: 4

BPDU received: 29
Port 2 (Ethernet0/2) of bridge is Forwarding
Port role: Root Port
Port path cost: 200
Port priority: 128
Designated bridge ID(Pri.MAC): 32768.00e0-fc18-05d0
BPDU sent:

BPDU received: 31
[SW2]display stp
The bridge ID (Pri.MAC): 32768.00e0-fc41-3e99
Delay 15 sec
Root bridge ID(Pri.MAC): 32768.00e0-fc18-05d0
Root path cost: 200
Timeout factor: 3
Port role: Designated Port
Port path cost: 200
26
C
Copyright2010

Port priority: 128
Designated bridge ID(Pri.MAC): 32768.00e0-fc41-3e99

BPDU sent:
417

BPDU received: 83
Port path cost: 200
Port priority: 128
BPDU sent:

BPDU received: 483
Port 7 (Ethernet0/7) of bridge is Discarding
Port path cost: 200
Port priority: 128
C
Copyright2010
27

BPDU sent:

BPDU received: 483
[SW3]display stp
The bridge ID (Pri.MAC): 32768.00e0-fc18-05d0
Delay 15 sec
Root bridge ID(Pri.MAC): 32768.00e0-fc18-05d0
Root path cost: 0
Port role: DesignatedPort
Port path cost: 200
Port priority: 128
BPDU sent:
598

BPDU received: 16
Port path cost: 200
Port priority: 128
28
C
Copyright2010


BPDU sent:
561

BPDU received: 43
Port path cost: 200
Port priority: 128
BPDU sent:
561

BPDU received: 38
From the above STP information, the converged network topology is

shown below:
C
Copyright2010
29

Bridge ID:
32768.00E0.FC41.43B9
Alternate
RP
SW1
E0/1
E0/2
DP
DP
E0/1
SW2
E0/6
E0/6
E0/7
E0/7
Bridge ID:
32768.00E0.FC41.3E99
Alternate
RP
DP
E0/2
ROOT
Bridge
SW3
DP
Bridge ID:
32768.00E0.FC18.05D0
figture 6-3 network topology after STP convergence

The solid lines in the figure present the calculated shortest path tree, and
the dotted lines present the pruned link.
RP is the root port, DP is the designated port, Alternate is the blocking port.
The process of the calculation of the shortest path tree is:
(1) Compare the bridge ID of every switch, and select the one with the
smallest ID to be the ROOT Bridge;
(2) Compare the Root Path Cost to select RP;

(3) Compare the Root Path Cost of the two switches connected with the
network segment to select the DP. If the Root Path Cost of the two
switches are the same, then compare the Bridge ID and Port ID of the
two switches, and select the port with the smaller ID;
(4) Non-root and non-designated ports are blocked to be Alternate Port.

Such ports do not forward data.
6.4.2 Configure the bridge priority

1. Configure SW1
//Change the local bridge priority to be 8192
[SW1]stp priority 8192
After configuration, check the STP information on every switch

[SW1]display stp
The bridge ID (Pri.MAC): 8192.00e0-fc41-43b9
30
C
Copyright2010
Delay 15 sec
Root bridge ID(Pri.MAC): 8192.00e0-fc41-43b9
Root path cost: 0
Timeout factor: 3
Port path cost: 200
Port priority: 128
Designated bridge ID(Pri.MAC): 8192.00e0-fc41-43b9
BPDU sent:
93

BPDU received: 1387
Port path cost: 200
Port priority: 128
BPDU sent:
93

BPDU received: 1389
C
Copyright2010
31
[SW2]display stp
The bridge ID (Pri.MAC): 32768.00e0-fc41-3e99
Delay 15 sec
Root path cost: 200
Timeout factor: 3
Port path cost: 200
Port priority: 128
BPDU sent:
1429

BPDU received: 334
Port path cost: 200
Port priority: 128
BPDU sent:
32
C
Copyright2010

BPDU received: 1746

Port path cost: 200
Port priority: 128
BPDU sent:

BPDU received: 1747
[SW3]display stp
The bridge ID (Pri.MAC): 32768.00e0-fc18-05d0
Delay 15 sec
Root path cost: 200
Port role: RootPort
Port path cost: 200
Port priority: 128
C
Copyright2010
33

BPDU sent:
1536

BPDU received: 497
Port path cost: 200
Port priority: 128
BPDU sent:
1978

BPDU received: 44
Port path cost: 200
Port priority: 128
BPDU sent:
1978

BPDU received: 39
34
C
Copyright2010
With the above STP information, the converged network topology is as

below:
figture 6-4 Network topology after chance of bridge priority and STP
convergence
The solid lines in the figure present the calculated shortest path tree, and
the dotted lines present the pruned link, RP is the root port, DP is the
designated port, Alternate is the blocking port.
C
Copyright2010
35
Chapter 7 VRRP Configuration

figture 7-1 Network topology of VRRP configuration

z
RT1RT3RT4 and SW1 connect through Ethernet, as shown in the

figure. Using single virtual router VRRP, loading-sharing VRRP and
up-link port track for PC1 and PC2 to access 1.1.1.1/32.
Single virtual router VRRP make all the users traffic go out through
RT3.
Loading-sharing VRRP make the traffic of PC1 go out through RT3,

and the traffic of PC2 go out through RT4.
36
C
Copyright2010
Up-link port track VRRP monitors the state of the up-link port to select
Master dynamically.

Configure the interface
Configure routing protocol
Configure VRRP group
Configure VRRP up-link

port tracking (optional)
figture 7-2 Configure flow of VRRP

(1)
Configure the interface
Create Loopback interface in RT1, RT3 and RT4; configure the IP address
of the loopback interfaces and the physical interfaces.
(2)
Configure routing protocol
Run OSPF in the entire network; enable OSPF on all the interfaces of the
routers and all the interfaces belong to area 0.
(3)
Configure VRRP group
Enable ping packet of the Master in the system view. Configure virtual
router ID, virtual IP address and priority in the interface view.
(4)
Configure the up-link port track
C
Copyright2010
37
Enable the track of the up-link port in the interface view. The backup works
not only when the router is down but also when the tracked interface of the
network is down.

7.4.1 Configure the port
1. Configure RT1
[RT1-LoopBack1]ip address 1.1.1.1 32
[RT1]interface ethernet 0
[RT1-Ethernet0]ip address 13.1.1.1 30
2. Configure RT3
3. Configure RT4
7.4.2 Configure routing protocol

1. Configure RT1
[RT1]ospf
[RT1-ospf-1]area 0
[RT1-ospf-1-area-0.0.0.0]network 1.1.1.1 0.0.0.0
38
C
Copyright2010
2. Configure RT3
[RT3]ospf
[RT3-ospf-1]area 0
3. Configure RT4
[RT4]ospf
[RT4-ospf-1]area 0
Check routing table after the configuring

Destinations : 10
Destination/Mask
Routes : 11
Proto Pre Cost
NextHop
Interface
1.1.1.1/32 Direct
127.0.0.1
InLoopBack0
3.3.3.3/32 OSPF
10
13.1.1.2
Ethernet0
4.4.4.4/32 OSPF
10
14.1.1.2
Ethernet1
10.1.1.0/24 OSPF
10
13.1.1.2
Ethernet0
OSPF
10
14.1.1.2
Ethernet1
13.1.1.0/30 Direct
13.1.1.1
127.0.0.1
14.1.1.1
127.0.0.1
Ethernet0
13.1.1.1/32 Direct
InLoopBack0
14.1.1.0/30 Direct
Ethernet1
14.1.1.1/32 Direct
InLoopBack0
127.0.0.0/8
Direct
127.0.0.1
127.0.0.1/32 Direct
127.0.0.1
InLoopBack0
InLoopBack0
C
Copyright2010
39
As shown in above, OSPF discovers all the network segments and ready
for the practice.
7.4.3 Configure VRRP group

Enable ping on the Master in the system view (the command various on
VRP versions)
[RT3]vrrp ping-enable
[RT4]vrrp ping-enable
1. configure single virtual router VRRP

//Create the virtual router with VRID 1, virtual ip address 10.1.1.253
[RT3-Ethernet1]vrrp vrid 1 virtual-ip 10.1.1.253
//Configure the priority of the virtual router to be 150 (100 by default)

[RT3-Ethernet1]vrrp vrid 1 priority 150
Check the current state of VRRP

[RT3]display vrrp
Ethernet1 | Virtual Router 1
state : Master
Virtual IP : 10.1.1.253
Priority : 150
Preempt : YES
Delay Time : 0
Timer : 1
Auth Type : NONE
[RT4]display vrrp
state : Backup
Virtual IP : 10.1.1.253
Priority : 100
Preempt : YES
Delay Time : 0
Timer : 1
Auth Type : NONE
As shown above, the priority of RT3 is higher; it is the Master of group 1,

RT4 is the Backup. The traffic from PC1 and PC2 to 1.1.1.1 is forwarded by
RT3.
[RT4]display vrrp
40
C
Copyright2010

state : Master
Virtual IP : 10.1.1.253
Priority : 100
Preempt : YES
Delay Time : 0
Timer : 1
Auth Type : NONE
The traffic from PC1,PC2 to 1.1.1.1 is forwarded by RT4.

2. Configuration of load-sharing VRRP-----multiple virtual routers
(1)
Configure RT3

//Configure the priority of the virtual router to be 150 (100 by default)


(2)
Configure RT4
\\Create the virtual router with VRID 2, virtual ip address 10.1.1.254

\\Configure the priority of the virtual router to be 150 (100 by default)

Check the current state of VRRP

[RT3]display vrrp
state : Master
Virtual IP : 10.1.1.253
Priority : 150
Preempt : YES
Delay Time : 0
Timer : 1
Auth Type : NONE
state : Backup
Virtual IP : 10.1.1.254
Priority : 100
C
Copyright2010
41

Preempt : YES
Delay Time : 0
Timer : 1
Auth Type : NONE
[RT4]display vrrp
state : Backup
Virtual IP : 10.1.1.253
Priority : 100
Preempt : YES
Delay Time : 0
Timer : 1
Auth Type : NONE
state : Master
Virtual IP : 10.1.1.254
Priority : 150
Preempt : YES
Delay Time : 0
Timer : 1
Auth Type : NONE
As shown above, for virtual router 1, RT3 has higher priority as the Master,
and RT4 as the Backup; for virtual router 2, RT4 has higher priority as the
Master, and RT3 is the Backup.
When configure default gateway on user PCs, the default gateway of PC1
should set to 10.1.1.253, and the default gateway of PC2 should set to
10.1.1.254. Thus, the traffic from PC1 to 1.1.1.1/32 is forwarded by RT3
and that of PC2 is forwarded by RT4. The load-sharing is realized.
If RT3 is out of the network, RT4 will become the Master of both group1
and group2.
[RT4]display vrrp
state : Master
Virtual IP : 10.1.1.253
Priority : 100
Preempt : YES
Delay Time : 0
Timer : 1
Auth Type : NONE
state : Master
42
C
Copyright2010

Virtual IP : 10.1.1.254
Priority : 150
Preempt : YES
Delay Time : 0
Timer : 1
Auth Type : NONE
All of the traffic from PC1,PC2 to 1.1.1.1 is forwarded by RT4. Thus,

multiple virtual router configuration not only realize backup function but
also load-sharing.
7.4.4 Configure up-link port track VRRP

Configure up-link port track
\\ Track the up-link port interface E0, reduce the priority by 100 if this port is
down
[RT3-Ethernet1]vrrp vrid 1 track Ethernet 0 reduced 100
[RT4-Ethernet1]vrrp vrid 2 track Ethernet 0 reduced 100
Display the current state of VRRP
[RT3]display vrrp
state : Master
Virtual IP : 10.1.1.253
Priority : 150
Preempt : YES
Delay Time : 0
Timer : 1
Auth Type : NONE
Track IF : Ethernet0
Priority reduced : 100

state : Backup
Virtual IP : 10.1.1.254
Priority : 100
Preempt : YES
Delay Time : 0
Timer : 1
Auth Type : NONE
[RT4]display vrrp
state : Backup
Virtual IP : 10.1.1.253
Priority : 100
C
Copyright2010
43

Preempt : YES
Delay Time : 0
Timer : 1
Auth Type : NONE
state : Master
Virtual IP : 10.1.1.254
Priority : 150
Preempt : YES
Delay Time : 0
Timer : 1
Auth Type : NONE
If the up-link of RT3 is down, the state of VRRP will change

[RT3]display vrrp
state : Backup
Virtual IP : 10.1.1.253
Priority : 50
Preempt : YES
Delay Time : 0
Timer : 1
Auth Type : NONE

state : Backup
Virtual IP : 10.1.1.254
Priority : 100
Preempt : YES
Delay Time : 0
Timer : 1
Auth Type : NONE
[RT4]display vrrp
state : Master
Virtual IP : 10.1.1.253
Priority : 100
Preempt : YES
Delay Time : 0
Timer : 1
Auth Type : NONE
44
C
Copyright2010

state : Master
Virtual IP : 10.1.1.254
Priority : 150
Preempt : YES
Delay Time : 0
Timer : 1
Auth Type : NONE
Due to the inactivation of the up-link, system reduces the priority of RT3 for
virtual router 1 from 150 to 50, lower than the priority of RT4, so RT4
becomes the Master of virtual group 1.
All of the traffic is now forwarded by RT4 because of the automatic
selection of Master when the up-link is inactivated.
C
Copyright2010
45
Section 4
WAN Protocol Laboratory Guide
Table of Contents
Section 4 WAN Protoco
Table of Contents
Table of Contents ............................................................................................................1
Lab Description ...............................................................................................................3
Introduction..............................................................................................................3
Version ....................................................................................................................3
Objectives................................................................................................................3
Tasks.......................................................................................................................3
References ..............................................................................................................3
Chapter 1 HDLC Basic Configuration..............................................................................4
1.1 Networking and Service Description .................................................................4
1.2 Configuration Flow ............................................................................................4
1.3 Configuration and Verification ...........................................................................4
Chapter 2 IP unnumbered configuration of HDLC...........................................................6
2.1 Networking and Service Description .................................................................6
2.2 Configuration Flow ............................................................................................6
2.3 Configuration and Verification ...........................................................................7
Chapter 3 PPP Basic Configuration ................................................................................ 9
Chapter 4 Configuring PPP Authentication ...................................................................12
4.1 Networking and Service Description ...............................................................12
4.2 Configuration Flow ..........................................................................................12
4.3 Configuration and Verification .........................................................................13
Chapter 5 FR Basic Configuration.................................................................................15
C
Copyright2010
Table of Contents
Chapter 6 PVC Configuration of FR Switch ..................................................................18

C
Copyright2010
Lab Description
Lab Description
Introduction
This experiment guide introduces the configuration methods and
configuration procedure of the WAN protocol, and covers the currently
prevalent technologies of WAN, such as HDLC, PPP and FR.
Version
This guide is applicable to VRP versions 3.40.
Objectives
z
To grasp the basic principles and configurations of HDLC protocol;
To grasp the basic principles and configurations of PPP protocol;
To grasp the basic configurations of FR and Inverse ARP.
Basic configuration of HDLC and IP unnumbered.
Basic configuration of PPP, IP address negotiation and authentication
Tasks
method
z
Basic configuration of FR and Inverse ARP.
References
VRP 3.40 Operation Manual
C
Copyright2010
Chapter 1 HDLC Basic Configuration
Chapter 1 HDLC Basic Configuration

figture 1-1 HDLC Basic Configuration Topology

The basic configuration of HDLC on serial link is very simple, you need only
to define HDLC encapsulation in interface view and configure IP address.

Configure interface
Configure encapsulation type as HDLC
figture 1-2 HDLC basic configuration flow

1.3.1 Configure HDLC protocol
1. Configure RT1
[RT1-Serial0/0/1]link-protocol hdlc
[RT1-Serial0/0/1]ip address 10.1.1.1 30
2. Configure RT2
4
C
Copyright2010
Chapter 1
HDLC Basic Configuration
Note: The same encapsulation type must be configured on both parties.

By default, the serial port of Huawei router uses PPP protocol.
1.3.2 Verification
You can use PING command to check whether the configuration of the
router is correct.
[RT1]ping 10.1.1.2
0.00% packet loss
C
Copyright2010
Chapter 2 IP unnumbered configuration of HDLC

figture 2-1 Topology of IP unnumbered configuration of HDLC

z
As shown in the figure, Router1 connect to Router2 via serial

interface with encapsulation type HDLC. Serial 0/0/1 of Router1
borrows IP address from loopback 0.

Interface Configuration
Encapsulation an interface
with HDLC
IP unnumbered
configuration
figture 2-2 IP unnumbered configuration of HDLC flow
C
Copyright2010

2.3.1 IP unnumbered configuration
1. Configure RT1
[RT1-Serial0/0/1]ip address unnumbered interface LoopBack 0
[RT1]ip route-static 10.1.1.0 24 Serial 0/0/1
\\Static
Route
2. Configure RT2
2.3.2 Verification
1. Use display ip interface brief command to check the IP address
information of the interface.
In this example, you can see the same IP address was configured on Serial
0/0/1 and loopback 0. Normally, IP address duplication will occurre if you
dont configure IP unnumbered. For this example, there is no IP address
duplication as the interface serial 0/0/1 borrowed IP address from loopback
0.
[RT1]display ip interface brief
*down: administratively down
(l): loopback
(s): spoofing
Interface
IP Address
Physical
LoopBack0
10.1.1.1
up
Protocol Description
up(s)
HUAWEI,
Quidway
Serial0/0/0
unassigned
up
up
HUAWEI,
10.1.1.1
up
up
HUAWEI,
Quidway
Serial0/0/1
Quidway
2. Ping from RT1 to RT2.

[RT1]ping 10.1.1.2
C
Copyright2010

0.00% packet loss
C
Copyright2010
Chapter 3 PPP Basic Configuration

figture 3-1 PPP Basic Configuration Networking Topology

z
PPP encapsulation configuration.
PPP configuration of IP addresses negotiation.

Encapsulate the Interface with PPP
Configure IP address dynamic

negotiation (Optional)
figture 3-2 PPP configuration flow

The basic configuration of PPP on serial link is simple. You need to
encapsulate an interface with PPP as well as configure IP address.
3.3.1 PPP Basic Configuration

1. Configure RT1
C
Copyright2010
[RT1-Serial0/0/1]link-protocol ppp
2. Configure RT2
Note: The same encapsulation type must be configured on both

communication parties. The interface has already been encapsulated with
PPP protocol, which is known as the default encapsulation of Huawei
routers.
3.3.2 Verification
Use PING command to check whether the configuration of the routers is
correct.
[RT1]ping 10.1.1.2
0.00% packet loss
3.3.3 Configuration of IP address dynamic negotiation

1. Configure RT1
[RT1]interface Serial 0
[RT1Serial0]link-protocol ppp
[RT1Serial0]ip address ppp-negotiate
2. Configure RT2
[RT2-Serial0]link-protocol ppp
[RT2-Serial0]ip address 10.1.1.2 30
10
C
Copyright2010
[RT2-Serial0]remote address 10.1.1.1
3.3.4 Verification of IP address dynamic negotiation

1. Before Configuration
Destinations : 5
Routes : 5
Destination/Mask Proto Pre Cost
NextHop
Interface
10.1.1.0/30 Direct
10.1.1.2
10.1.1.1
127.0.0.1
127.0.0.1
Serial0
10.1.1.1/32 Direct
Serial0
10.1.1.2/32 Direct
InLoopBack0
127.0.0.0/8 Direct
InLoopBack0
127.0.0.1/32 Direct
127.0.0.1
InLoopBack0
Seen from the above routing-table, the remote PPP link is a host route in the
local routing-table as both communication parties can know IP address of
the remote link by using IPCP message.
2. After Configuration
Destinations : 4
Destination/Mask
Routes : 4
Proto Pre Cost NextHop
Interface
10.1.1.1/32
Direct 0
127.0.0.1
InLoopBack0
10.1.1.2/32
Direct 0
10.1.1.2
Serial0
127.0.0.0/8
Direct 0
127.0.0.1
InLoopBack0
127.0.0.1/32
Direct0
127.0.0.1
InLoopBack0
Notes:
1. IP address obtain by negotiation is a host address; the route entity will not
be added to IP routing-table.
2. You need to reset the interface of RT2.
C
Copyright2010
11
Chapter 4
Configuring PPP Authentication
Chapter 4 Configuring PPP Authentication

figture 4-1 PPP Authentication Networking Diagram

VRP platform support PAP and CHAP authentication. CHAP can provide
higher security. In this exercise, RT1 is authenticator and RT2 is requester.

Encapsulate an Interface with PPP
Enable PAP or CHAP Authentication
figture 4-2 PPP Authentication Configuration Flow
12
C
Copyright2010
Chapter 4

4.3.1 Configure PAP Authentication
PAP
(Password
Authentication
Protocol)
is
2-way
handshake
authentication protocol and it sends the password in plain text. The

configuration process of PAP authentication is as follows:
(1)
Enable PAP authentication in the authenticator; create a PPP user.
(2)
Configure username and password on the requester.
The detailed configuration is as follows:
1. Configuration on RT1:
[RT1]local-user huawei
[RT1-luser-huawei] password simple hello
[RT1-luser-huawei] service-type ppp
[RT1-Serial0/0/1]ppp authentication-mode pap
[RT2-Serial0]ppp pap local-user huawei password simple hello
4.3.2 Configure CHAP Authentication

CHAP
(Challenge-Handshake
Authentication
Protocol)
is
3-way
handshake authentication protocol and the password is sent in encrypted

text (key), which can provide higher security.
The detailed configuration is as follows:
1. Configuration on RT1 :
[RT1]local-user huawei
[RT1-luser-huawei] password cipher hello
[RT1-luser-huawei] service-type ppp
[RT1-Serial0]ppp authentication-mode chap
[RT1-Serial0]ip address 10.1.1.1
C
Copyright2010
13
Chapter 4
[RT2-Serial0]ppp chap user huawei
[RT2-Serial0]ppp chap password cipher hello
4.3.3 Verification
Use PING to check whether the configuration on the routers is correct.
[RT1ping 10.1.1.2
0.00% packet loss
14
C
Copyright2010
Chapter 5
FR Basic Configuration
Chapter 5 FR Basic Configuration

figture 5-1 FR basic configuration networking diagram

RTA connects to RTB with serial interface S0/0/0 and allocates IP address
in 10.1.1.0/30.

Encapsulate the Interface with FR
Configure FR working mode
Configuration DLCI
Configure FR address mapping or

Enable Inverse ARP
figture 5-2 FR configuration flow
C
Copyright2010
15
Chapter 5

5.3.1 Configuring Frame-Relay static address mapping
[RT1-Serial0/0/1]link-protocol fr ietf
[RT1-Serial0/0/1] undo fr inarp
\\disable Inverse ARP
[RT1-Serial0/0/1]fr interface-type dce

[RT1-Serial0/0/1]fr dlci 100
[RT1-Serial0/0/1]fr map ip 10.1.1.2 100
[RT2-Serial0/0/1] undo fr inarp
\\disable Inverse
ARP
[RT2-Serial0/0/1]fr interface-type dte
[RT2-Serial0/0/1]fr map ip 10.1.1.1 100
In frame relay, the two sides in communication are classified into user side
and network side. The user side is called DTE, and the network side is
called DCE. As shown in the figure, Interfaces need to be configured with
these two formats according to their own positions in the network.
5.3.2 Configure Frame-Relay Dynamic Address Mapping

[RT1-Serial0/0/1]fr inarp
[RT2-Serial0/0/1]fr inarp
16
C
Copyright2010
Chapter 5
For this example, the basic configuration of Frame-Relay is the same as

previous configure. The only difference is that the address mapping
between network address and Frame-Relay address is created by Inverse
ARP. By default, the Inverse ARP is enabled on Frame-Relay interface so
this step is optional.
5.3.3 Verification
1. Check the status of each FR interface, including the interface type,
physical status and link layer protocol status.
[RT1]display fr interface
Serial0/0/1, DCE, physical up, protocol up
2. Check the physical interface status, protocol status, IP address, link layer
encapsulation type and standard.
[RT2]display interface Serial 0/0/1
Serial0/0/1 current state : UP
Description
: HUAWEI, Quidway Series, Serial0/0/1 Interface
The Maximum Transmit Unit is 1500 bytes, Hold timer is 10(sec)

Internet Address is 10.1.1.2/30
Link layer protocol is FR IETF
LMI DLCI is 0, LMI type is Q.933a, frame relay DTE
3. Check the address mapping table between network address and Frame
Relay address.
[RT1]display fr map-info
Map Statistics for interface Serial0/0/1 (DCE)
DLCI = 100, IP 10.1.1.2, Serial0/0/1
create time = 2007/01/25 13:57:33, status = ACTIVE
encapsulation = ietf, vlink = 3
C
Copyright2010
17
Chapter 6
PVC Configuration of FR Switch
Chapter 6 PVC Configuration of FR Switch

figture 6-1 Frame-Relay Switching Configuration

z
Configure IP address 10.1.1.1/30 for the Serial 0/0/0 interface of RT3.
Configure IP address 10.1.1.2/30 for the Serial 0/0/0 interface of RT4
Use RT1 and RT2 as Frame-Relay Switch

Basic Configuration of FR
Enable Frame-Relay Switching
Configure switching PVC of FR
figture 6-2 Configuration flow of Frame-Relay Switching
18
C
Copyright2010
Chapter 6

6.3.1 Configure Frame-Relay Switch
1. Configuration on RT3
[RT1-Serial0/0/1]fr interface-type nni
\\Enable Frame-Relay Switching
[RT1] fr switching
\\Configure the switching PVC number of Frame-Relay//
[RT1] fr switch 1 interface Serial0/0/0 dlci 100 interface
Serial0/0/1 dlci 200
[RT2-Serial0/0/1]fr interface-type nni
//Enable Frame-Relay Switching Function
[RT2] fr switching
//Configure the switching PVC number of Frame-Relay //
[RT2] fr switch 2 interface Serial0/0/1 dlci 200 interface
Serial0/0/0 dlci 300
C
Copyright2010
19
Chapter 6
Note:
To Use FR switching function, you need to
1.
Enable a Frame Relay DCE or NNI interface;
2.
Enable PVC switching function by using command fr switching.
6.3.2 Verification
1. After the configuration, use the display fr switch-table all command to
check the information of frame relay switch table in the router.
[RT1]dis fr switch-table all
Total PVC switch records:1
PVC-Name
Status
Interface(Dlci) <----->
Interface(Dlci)
1
Active
Serial0/0/0(100)
Serial0/0/1(200)
[RT2]dis fr switch-table all

Total PVC switch records:1
PVC-Name
Status
Interface(Dlci) <----->
Interface(Dlci)
2
Active
Serial0/0/1(200)
Serial0/0/0(300)
2. After configuration, RT3 and RT4 can ping each other.

[RT3]ping 10.1.1.2
0.00% packet loss
20
C
Copyright2010
Section 5
Firewall Tech. Laboratory Guide
Table of Contents
Section 5 Firewall Eudemon
Table of Contents
Lab Description .................................................................................................................2
Introduction................................................................................................................2
Version ......................................................................................................................2
Objectives..................................................................................................................2
Tasks.........................................................................................................................2
References ................................................................................................................2
Chapter 1 Eudemon Security Policy..................................................................................3
1.1 Networking and Service Description ...................................................................3
1.2 Configuration Flow ..............................................................................................3
1.3 Configuration and Verification .............................................................................4
Chapter 2 Basic Configuration of NAT ..............................................................................6
2.1 Networking and Service Description ...................................................................6
2.4 FAQ .....................................................................................................................8
Chapter 3 The Application of NAT Server .......................................................................... 9
3.1 Networking and Service Description .................................................................... 9
C
Copyright2010
Lab Description
Lab Description
Introduction
This Lab Guide describes the technical theory and basic operations about
how Huawei Eudemon firewall applies the ACL, defending attacks and
backup technology HRP to ensure uninterrupted service of the default
firewall, so that the network can provide interrupted service.
Version
This Guide is applicable to VRP versions 3.30.
Objectives
z
To get familiar with the basic configuration and concepts of Huawei

Eudemon firewalls.
To grasp the inter-zone security policy and application of ACL.
To grasp the configuration of NAT.
Basic configuration of Eudemon
NAT configuration
Firewall operation manual
Tasks
References
C
Copyright2010
Chapter 1 Eudemon Security Policy

figture 1-1 Networking for basic configuration of Eudemon

z
Two interfaces are used in the firewall: Ethernet 0/0/0 in Trust zone and
Ethernet 0/0/1 in Untrust zone.
PC1 is located in the Trust Zone; PC2 is located in the Untrust Zone.
The IP address of PC1 and PC2 is 10.110.1.2/24 and 202.10.0.2/24

respectively.
C
Copyright2010
Configure PC
Configure working mode,

interface and security zone
Define ACL and security policy
Define an ACL rule to filter inter-zone packets

figture 1-2 Eudemon Basic Configuration Flow

1.3.1 Configure Security Policy
1. Configure PC
Configure PC1 with IP address: 10.110.1.2/24 Gateway: 10.110.1.254
Configure PC2 with IP address: 202.10.0.2/24 Gateway: 202.10.0.1
2. Configure the working mode, interface and security zone.

[Eudemon]firewall mode route
[Eudemon]interface ethernet 0/0/0
[Eudemon-Ethernet0/0/0]ip address 10.110.1.254 24
[Eudemon-Ethernet0/0/0]quit
[Eudemon]firewall zone trust
[Eudemon-zone-trust]add interface ethernet 0/0/0
[Eudemon-zone-trust]quit
[Eudemon]firewall zone untrust
[Eudemon-zone-untrust]add interface ethernet 0/0/1
[Eudemon-zone-untrust]quit
C
Copyright2010
By default, PC1 and PC2 can not ping each other.
3. Configure inter-zone ACL security policy

[Eudemon]acl 2000
[Eudemon-acl-basic-2000]rule permit source any
[Eudemon-acl-basic-2000]quit
[Eudemon]firewall packet-filter default deny all
[Eudemon]firewall interzone trust untrust
4. Deploy the ACL rule to filter interzone traffic; Pay attention to the
direction.
[Eudemon-interzone-trust-untrust] packet-filter 2000 inbound
5. After deploy the policy, try to ping from PC2 to PC1. PC2 can ping PC1
because the access from untrust zone to trust zone is permitted by the
deployed security policy.
C
Copyright2010
Chapter 2 Basic Configuration of NAT

figture 2-1 Networking for the Basic Configuration of NAT

NAT is to translate the IP address in IP data packet header into another IP
address. Practically, NAT is mainly used for private network to access
external network. This lab is about how to implement NAT in Eudemon.

Configure PC
Configure the working mode, interface and

security zone
Configure IP address pool and ACL
Associate ACL with IP pool

figture 2-2 Basic Configuration Flow of NAT
6
C
Copyright2010

2.3.1 Configure NAT
1. Configure PC
Configure PC1 with IP address 192.168.0.2/24, gateway address:
192.168.0.1;
Configure PC2 with IP address 202.168.0.7/24.
2. Configure the working mode, interfacer and security zone

3. Configure IP address pool and ACL

[Eudemon] nat address-group 1 202.168.0.2 202.168.0.6
[Eudemon] acl number 2001
[Eudemon-acl-basic-2001] rule 0 permit source 192.168.0.0
0.0.0.255
[Eudemon-acl-basic-2001] rule 1 deny any
[Eudemon] quit
4. Associate ACL with IP address pool. Permit network 192.168.0.0/24 to be

translated.
[Eudemon] firewall interzone trust untrust
[Eudemon-interzone-trust-untrust]
packet-filter
2001
outbound
[Eudemon-interzone-trust-untrust]nat
outbound
2001
address-group 1
C
Copyright2010
2.3.2 Verification
1. PC1 ping PC2 till manual termination with parameter -t.
2. Check the session table to get more information about NAT translation.
[Eudemon]display firewall session table
icmp:192.168.0.2:768[202.168.0.6:12889]-->202.168.0.7:768
icmp:202.168.0.7:768<--192.168.0.2:768
icmp:192.168.0.1:768<--192.168.0.2:768
NBT datagram:202.168.0.255:138<--202.168.0.7:138
2.4 FAQ
QPC1 and PC2 are belonging to different network segments. PC2 can
receive ICMP message from PC1 as PC1 has configured gateway
address. But how can PC1 receive ICMP message from PC2 which has
no gateway address?
A: This is one of the advantages of NAT, which guarantees the
confidentiality of NAT users. PC2 does not know that the users who access
to it are in the network of 192.168.0.0, but only see 202.168.0.6, which is in
the same network segment with itself. Thus, there is no need of the gateway.
C
Copyright2010
Chapter 3 The Application of NATServer
Chapter 3 The Application of NAT Server

figture 3-1 NAT Server Configuration Topology

z
PC1 connect Ethernet interface 0/0/1 of the Eudemon and no need to

configure gateway address.
PC2 connect Ethernet interface 0/0/0 of the Eudemon and need to

configure gateway address.
PC2 need to install ftp server software to act as FTP Server.
Configure NAT with IP address pool.
Configure Eudemon NAT Server address and bind with FTP Server.
PC1 can access to FTP Server.
C
Copyright2010
Configure PC
Configure working mode,

interface and security zone
Configure ACL
Configure Eudemon NAT Server

address and bind with FTP Server
address
NAT ALG Detection
figture 3-2 NAT Server Configuration Flow

3.3.1 Configure NAT Server
1. Configure PC
Configure PC1 with IP address 202.168.0.7/24.
Configure PC2 with IP address 192.168.0.2/24 Gateway 192.168.0.1
Configure the working mode, interface and security zone
10
C
Copyright2010
2. Configure ACL
[Eudemon]acl 2001
[Eudemon-acl-basic-2]rule permit source 202.168.0.0 0.0.0.255
[Eudemon]firewall interzone trust untrust
[Eudemon-interzone-trust-untrust]packet-filter 2001 inbound
3. Assign a public address 202.168.0.6 to the internal FTP server

192.168.0.2.
[Eudemon] nat server protocol tcp global 202.168.0.6 ftp inside
192.168.0.2 ftp
4. NAT ALG Detection

Eudemon-interzone-trust-untrust] detect ftp
The configuration of detection of ALG is use to establish data channel

between FTP Client and FTP Server, which is use to transmit data.
3.3.2 Verification
1. PC1 can access to ftp server 202.168.0.6 and carry out data transfering
service.
2. Check the session table.

[Eudemon]display firewall session table
FTP:192.168.0.2:21[202.168.0.6:21]<--202.168.0.7:1034
NBT datagram:202.168.0.255:138<--202.168.0.7:138
C
Copyright2010
11

Lab Guide 内文

Transféré par

Informations du document

Copyright

Formats disponibles

Partager ce document

Partager ou intégrer le document

Options de partage

Avez-vous trouvé ce document utile ?

Ce contenu est-il inapproprié ?

Droits d'auteur :

Formats disponibles

Lab Guide 内文

Transféré par

Droits d'auteur :

Formats disponibles

Huawei Datacom Certifications-HCDA

Huawei Networking Technology and Device

Huawei Technologies Co.,Ltd

Copyright Huawei Technologies Co., Ltd. 2010. All rights reserved.

Trademarks and Permissions

Huawei Datacom Certifications-HCDA

Huawei Datacom Certification System

Huawei Datacom Certification consists of three kinds of certification:

Huawei Certified Datacom Professional-Carrier IP (HCDP-Carrier IP) is an

interested professionals who intend to gain a comprehensive and extensive

Huawei Certified Datacom Expert-Carrier IP (HCDE-Carrier IP) is an

Huawei Certified Datacom Professional-Enterprise IP (HCDP-Enterprise IP)

Huawei Certified Datacom Expert-Enterprise IP (HCDE-Enterprise IP) is an

Lab Environment Description

Lab Environment Description

C 2010 Huawei Technologies Co.Ltd. , All Rights Reserved.

Lab Environment Description

Interface Number of Suggest the least

We also need several PCs

C 2010 Huawei Technologies Co.Ltd. , All Rights Reserved.

Lab Environment Description

C 2010 Huawei Technologies Co.Ltd. , All Rights Reserved.

Huawei Certified Datacom Associate

Section 1 VRP Basic

C 2010 Huawei Technologies Co.Ltd. , All Rights Reserved.

Section 1 VRP Basic

configurations which include how to configure a router through console

To grasp how to configure a router via console

To grasp how to configure a router through telnet

To know how to use Ping, Tracert, FTP/TFTP

Establishing the Configuration Environment by the Console Port

Configuring the Router Through Telnet

Use Ping, tracert, FTP/TFTP command

C 2010 Huawei Technologies Co.Ltd. , All Rights Reserved.

Chapter1Configure the router by Console

Section 1 VRP Basic

Configure the router by Console

1.1 Networking and service description

Figure 1-1 Console connection between PC and router

To set up the configuration environment, just connect the serial

1.2 Configuration and Verification

C 2010 Huawei Technologies Co.Ltd. , All Rights Reserved.

Chapter1Configure the router by Console

Section 1 VRP Basic

Power on the router. The prompt <Quidway> will appear after

Chapter2Configure the router via telnet

Section 1 VRP Basic

Configure the router via telnet

2.1 Networking and Service description

Figure 2-1 Configure the router via telnet

PC1 connects to RT4s Ethernet 0/0 through SW1.

2.2 Configuration and Verification

configure IP address of the router and PC

configure telnet login with password

[Quidway] User-interface vty 0 4

configure telnet login with username and password

\\Set user service type

Section 1 VRP Basic

Chapter2Configure the router via telnet

2.2.2 Configure access right for telnet users

[Quidway-ui-vty0-4] user privilege level 0

\\to set the default access

2.2.3 Check the communication between PC and router

2.2.4 Run telnet program on PC to login router