Académique Documents
Professionnel Documents
Culture Documents
Configuration
www.huawei.com
expect to:
Develop an understanding of the
HDLC frame structure
Acquire the skills necessary to
configure HDLC
Flag Flag
Address Control Information FCS
01111110 01111110
Supervisory (S frame)
S0/0/1 S0/0/1
HDLC
RTA 10.1.1.1/30 10.1.1.2/30 RTB
S0/0/1 S0/0/1
HDLC
RTA 10.1.1.1/30 10.1.1.2/30 RTB
[RTA]ping 10.1.1.2
PING 10.1.1.2: 56 data bytes, press CTRL_C to break
Reply from 10.1.1.2: bytes=56 Sequence=1 ttl=255 time=31 ms
Reply from 10.1.1.2: bytes=56 Sequence=2 ttl=255 time=31 ms
Reply from 10.1.1.2: bytes=56 Sequence=3 ttl=255 time=31 ms
Reply from 10.1.1.2: bytes=56 Sequence=4 ttl=255 time=31 ms
Reply from 10.1.1.2: bytes=56 Sequence=5 ttl=255 time=31 ms
10.1.1.1/32
Loop0
[RTA]ping 10.1.1.2
PING 10.1.1.2: 56 data bytes, press CTRL_C to break
Reply from 10.1.1.2: bytes=56 Sequence=1 ttl=255 time=31 ms
Reply from 10.1.1.2: bytes=56 Sequence=2 ttl=255 time=1 ms
Reply from 10.1.1.2: bytes=56 Sequence=3 ttl=255 time=1 ms
Reply from 10.1.1.2: bytes=56 Sequence=4 ttl=255 time=1 ms
Reply from 10.1.1.2: bytes=56 Sequence=5 ttl=255 time=31 ms
--- 10.1.1.2 ping statistics ---
5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 1/13/31 ms
What is HDLC?
The HDLC frame structure is
comprised of which fields?
www.huawei.com
Encapsulation
TCP UDP
IP
Ethernet FR PPP
BIT
Name Function
Encapsulation
Configure-Request
Configure-Ack
Configure-Request
Configure-Nak
Configure-Request (modify
parameter value)
Configure-Request
Configure-Reject
Configure-Request (delete some
parameters)
Terminate-Request
Terminate-Ack
Echo-Request
Echo-Reply
Encapsulation
Authenticator Authenticated
S0 PPP S0
RTA 10.1.1.1/30 10.1.1.2/30 RTB
Username = "huawei"
Password="hello"
[RTB]interface Serial 0
[RTB-Serial0]link-protocol ppp
[RTB-Serial0]ppp pap local-user huawei password simple hello
[RTB-Serial0]ip address 10.1.1.2 30
Authenticate-Request
Check whether Send user name and password by plain text
the user name
and password are Authenticate-Ack/Authenticate/Nak
correct or not Authenticate successfully/ unsuccessfully
Authenticator Authenticated
S0 PPP S0
RTA 10.1.1.1/30 10.1.1.2/30 RTB
Username = "huawei"
Password="hello"
[RTB]interface Serial 0
[RTB-Serial0]link-protocol ppp
[RTB-Serial0]ppp chap user huawei
[RTB-Serial0]ppp chap password cipher hello
[RTB-Serial0]ip address 10.1.1.2 30
Encapsulation
Protocol Function
S0 PPP S0
RTA 10.1.1.1/30 10.1.1.2/30 RTB
Configure-Request10.1.1.1
Configure-Ack
Configure-Request10.1.1.2
Configure-Ack
S0 PPP S0
RTA 10.1.1.1/30 10.1.1.2/30 RTB
[RTB]display ip routing-table
Routing Tables: Public
Destinations : 5 Routes : 5
S0 PPP S0
RTA Request for 10.1.1.2/30 RTB
assignment
Configure-Request0.0.0.0
Configure-Nak10.1.1.1
Configure-Request10.1.1.1
Configure-Ack
Configure-Request10.1.1.2
Configure-Ack
S0 PPP S0
RTA Request for 10.1.1.2/30 RTB
assignment
[RTA]display ip routing-table
Routing Tables: Public
Destinations : 4 Routes : 4
Destination/Mask Proto Pre Cost NextHop Interface
10.1.1.1/32 Direct 0 0 127.0.0.1 InLoopBack0
10.1.1.2/32 Direct 0 0 10.1.1.2 Serial0
127.0.0.0/8 Direct 0 0 127.0.0.1 InLoopBack0
127.0.0.1/32 Direct 0 0 127.0.0.1 InLoopBack0
CHAP?
www.huawei.com
Chapter 2 FR Configuration
LAN
FR LAN
LAN
LAN
Virtual circuit
Application layer
Representation layer
Session layer IP, IPX
Transport layer
Frame Relay
Network layer
Data link layer
FR IP Packet FR
Physical layer
prevention mechanisms
Nonstandard
Router B
Router B forwards routing
update information to
Router C via serial0 of
Router A
DLCI 16 to C
S0
Router C Router A
Router D
Router B
Subnet2 S0.1
S0.2
S0.3
Router C Router A
Router D
Chapter 2 FR Configuration
[RTA-Serial0]link-protocol fr ietf
[RTA-Serial0]fr interface-type dce
[RTA-Serial0]fr dlci 100
[RTA-Serial0]ip address 10.1.1.1 30
[RTA-Serial0]fr inarp
S0 FR S0
RTA 10.1.1.1/30 10.1.1.2/30 RTB
[RTA-Serial0]link-protocol fr ietf
[RTB-Serial0]fr interface-type dte
[RTB-Serial0]ip address 10.1.1.2 30
[RTB-Serial0]fr inarp
[RTA]display fr interface
Serial0, DCE, physical up, protocol up
[RTA-Serial0]link-protocol fr ietf
[RTA-Serial0]fr interface-type dce
[RTA-Serial0]fr dlci 100
[RTA-Serial0]undo fr inarp
[RTA-Serial0]ip address 10.1.1.1 30
[RTA-Serial0]fr map ip 10.1.1.2 100
S0 FR S0
RTA 10.1.1.1/30 10.1.1.2/30 RTB
[RTB-Serial0]link-protocol fr ietf
[RTB-Serial0]fr interface-type dte
[RTB-Serial0]ip address 10.1.1.2 30
[RTB-Serial0]undo fr inarp
[RTB-Serial0]fr map ip 10.1.1.1 100
S0 FR S0
RTA 10.1.1.1/30 10.1.1.2/30 RTB
[RTB]display fr map-info
Map Statistics for interface Serial0 (DTE)
DLCI = 100, IP 10.1.1.1, Serial0
create time = 2007/06/04 16:45:10, status = ACTIVE
encapsulation = ietf, vlink = 9
DCE DTE
[RTB-Serial0]ping 10.1.1.1
PING 10.1.1.1: 56 data bytes, press CTRL_C to break
Reply from 10.1.1.1: bytes=56 Sequence=1 ttl=255 time=31 ms
Reply from 10.1.1.1: bytes=56 Sequence=2 ttl=255 time=31 ms
Reply from 10.1.1.1: bytes=56 Sequence=3 ttl=255 time=31 ms
Reply from 10.1.1.1: bytes=56 Sequence=4 ttl=255 time=31 ms
Reply from 10.1.1.1: bytes=56 Sequence=5 ttl=255 time=31 ms
--- 10.1.1.1 ping statistics ---
5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
[RTA]interface Serial0
[RTA-Serial0]link-protocol fr ietf
[RTA-Serial0]fr interface-type dte
[RTA-Serial0]ip address 10.1.1.1 30
RTA FR RTC
S0 S0 RTB
S2 S2 S0 S0 RTD
10.1.1.1/30 10.1.1.2/30
DLCI 100 DLCI 200 DLCI 300
dte dce nni nni dce dte
[RTB]interface Serial0
[RTB-Serial0]link-protocol fr ietf
[RTB-Serial0]fr interface-type dce
[RTB-Serial0]fr dlci 100
[RTB]fr switching
[RTB-Serial0]fr dlci-switch 100 interface Serial 2 dlci 200
[RTB]interface serial2
[RTB-Serial2]link-protocol fr ietf
[RTB-Serial2]fr interface-type nni
[RTB-Serial2]fr dlci 200
[RTB-Serial2]fr dlci-switch 200 interface Serial 0 dlci 100
[RTC]interface Serial2
[RTC-Serial2]link-protocol fr ietf
[RTC-Serial2]fr interface-type nni
[RTC-Serial2]fr dlci 200
[RTC]fr switching
[RTC-Serial2]fr dlci-switch 200 interface Serial 0 dlci 300
[RTC]interface serial0
[RTC-Serial0]link-protocol fr ietf
[RTC-Serial0]fr interface-type dce
[RTC-Serial0]fr dlci 300
[RTC-Serial0]fr dlci-switch 300 interface Serial 2 dlci 200
[RTD]interface Serial0
[RTD-Serial0]link-protocol fr ietf
[RTD-Serial0]fr interface-type dte
[RTD-Serial0]ip address 10.1.1.2 30
[RTB]dis fr dlci-switch
Frame relay switch statistics
Status Interface(Dlci) ----------> Interface(Dlci)
Active Serial0(100) Serial2(200)
Active Serial2(200) Serial0(100)
[RTC]display fr dlci-switch
Frame relay switch statistics
Status Interface(Dlci) ----------> Interface(Dlci)
Active Serial0(300) Serial2(200)
Active Serial2(200) Serial0(300)
[RTD]dis fr map-info
Map Statistics for interface Serial0 (DTE)
DLCI = 300, IP INARP 10.1.1.1, Serial0
create time = 2007/06/04 17:34:59, status = ACTIVE
encapsulation = ietf, vlink = 1, broadcast
RTA FR RTC
S0 S0 RTB
S2 S2 S0 S0 RTD
10.1.1.1/30 10.1.1.2/30
DLCI 100 DLCI 200 DLCI 300
dte dce nni nni dce dte
[RTB]fr switching
[RTB]fr switch 1 interface Serial0 dlci 100
interface Serial2 dlci 200
[RTC]fr switching
[RTC]fr switch 2 interface Serial2 dlci 200
interface Serial0 dlci 300
RTA FR RTC
S0 S0 RTB
S2 S2 S0 S0 RTD
10.1.1.1/30 10.1.1.2/30
DLCI 100 DLCI 200 DLCI 300
dte dce nni nni dce dte
www.huawei.com
Internet
Local office
Packet from
202.110.10.0/24
ACL rule rejected
Headquarters of company Unauthorized user
WWW, FTP,
Emailpr oxy
Security policy,
audit supervise,
alarm
Protected External
User A network network
Eudemon 300/500/1000
Eudemon 200
Eudemon 100
PCI card
PCI CPU
PCI card 1
shield System
bridge
Fan group1
Power 2
Power 1 Fan group2
www.huawei.com
Interface 2
Local Zone Trust Zone
100 85
Zone defined
by user
DMZ Zone
50 UnTrust Zone Interface 3
5
Interface 1 Interface 4
outbound
Eudemon
Local
Trust
E1/0/0 E1/0/2 External network
Eth1/0/1 Untrust
outbound
outbound
inbound
inbound
Server
Server
DMZ
priority is 60
interface of the zone is (1):
Ethernet0/0/1
[Eudemon]acl 3000
[Eudemon-acl-adv-3000] rule permit ip
[Eudemon]firewall interzone trust untrust
[Eudemon-interzone-trust-untrust]packet-filter 3000 inbound
PC PC PC
Trust Zone
Untrust Zone
Eudemon
Server Server
10.110.1.254 202.10.0.1
PC PC PC
Trust Zone Untrust Zone
Eudemon
Server Server
PC PC PC
Trust
Untrust
Eudemon
Server Server
Eudemonactive
PC PC PC
Trust
VRRP Untrust
Server Server
202.10.0.0/24 202.10.0.0/24
<Eudemon>reboot
E0/0/0 129.38.1.5
Special PC in external network
Special PC in internal network Eudemon
202.39.2.3
129.38.1.4 E1/0/0
202.38.160.1
WAN
192.168.0.2
192.168.0.1
LAN2
LAN1
Internet
192.168.0.1
Private address range:
10.0.0.0-10.255.255.255
LAN3
172.16.0.0-172.31.255.255
192.168.0.0-192.168.255.255
Server B
Data packet 2 Data packet2
PC A source 192.168.1.3 source 202.169.10.1 202.120.10.2
192.168.1.3 Source port 2468 Source port 2468
Internet
Untrust Data packet 1
Data packet 2
source 202.168.0,2
source 202.168.0.11
E0/0/1 202.168.0.1/26 Destination destination 202.168.0.2
202.168.0.11
Data packet 1 Data packet 2
source 202.168.0,2 source 192.168.0.101
E1/0/0 192.168.1.1/24
ALG function destination destination 202.168.0.2
192.168.0.101
202.168.0.11-192.168.1.101 DMZ
Eudemon
Internet
Untrust
202.168.0.1/24 E0/0/1
202.168.0.10-192.168.1.100
Internal network E0/0/0
192.168.0.0/24 202.168.0.11:80-192.168.1.101:8080
192.168.0.1/24
202.168.0.12:1021-192.168.1.102:ftp
192.168.1.1/24 E1/0/0
Trust
DMZ