Scribd
Upload
76 views

Lab 1

This document contains configuration files for several network devices, including CE1, CE2, CE3, CE4, PE1, and PE2. CE1 and CE2 contain ACL and interface configurations. PE1 connects CE1 and CE2 through VPN instances and BGP routing, with MPLS enabled on its interfaces. PE2 is also configured for VPNs and BGP routing to connect to other devices.

Uploaded by

Adnan Khan
Copyright
© © All Rights Reserved
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
76 views

Lab 1

This document contains configuration files for several network devices, including CE1, CE2, CE3, CE4, PE1, and PE2. CE1 and CE2 contain ACL and interface configurations. PE1 connects CE1 and CE2 through VPN instances and BGP routing, with MPLS enabled on its interfaces. PE2 is also configured for VPNs and BGP routing to connect to other devices.

Uploaded by

Adnan Khan
Copyright
© © All Rights Reserved
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
You are on page 1/ 32

Lab 1

*** CE1
#
bfd
#
acl number 2000
rule 5 deny source 10.3.2.10 0
rule 10 permit source 10.3.0.0 0.0.255.255
rule 15 deny
#
acl number 3000
rule 5 permit tcp destination-port range 6881 6999 time-range worktime
#

#
nat address-group 1 102.0.1.2 102.0.1.6
#
interface GigabitEthernet0/0/0
ip address 10.2.12.1 255.255.255.252
#
interface GigabitEthernet0/0/1
#
interface GigabitEthernet0/0/1.1
dot1q termination vid 10
ip address 10.2.11.1 255.255.255.252
arp broadcast enable
#
interface GigabitEthernet0/0/1.2
dot1q termination vid 20
ip address 10.2.11.5 255.255.255.252
arp broadcast enable
#
interface GigabitEthernet0/0/2
#
interface GigabitEthernet0/0/2.10
dot1q termination vid 10
ip address 10.3.1.1 255.255.255.0
vrrp vrid 1 virtual-ip 10.3.1.254
vrrp vrid 1 priority 110
vrrp vrid 1 preempt-mode timer delay 60
arp broadcast enable
#
interface GigabitEthernet0/0/2.20
dot1q termination vid 20
ip address 10.3.2.1 255.255.255.0
vrrp vrid 2 virtual-ip 10.3.2.254
arp broadcast enable
#
interface GigabitEthernet2/0/0
#
interface GigabitEthernet2/0/1
ip address 100.0.1.1 255.255.255.252
qos gts cir 1000 cbs 25000
qos car outbound acl 3000 cir 1000 cbs 188000 pbs 313000 green pass yellow pass
red discard
nat outbound 2000 address-group 1
#
interface GigabitEthernet2/0/2
#
interface GigabitEthernet2/0/3
#
interface NULL0
#
interface LoopBack0
ip address 172.17.1.1 255.255.255.255
#
interface LoopBack1
ip address 102.0.1.123 255.255.255.0
#
bfd 1 bind peer-ip 100.0.1.2 interface GigabitEthernet2/0/1 one-arm-echo
discriminator local 100
min-echo-rx-interval 40
commit
#
bgp 65000
peer 10.2.11.2 as-number 100
peer 10.2.11.6 as-number 100
#
ipv4-family unicast
undo synchronization
preference 120 255 255
import-route ospf 1 route-policy tag100
peer 10.2.11.2 enable
peer 10.2.11.6 enable
peer 10.2.11.6 default-route-advertise
#
ospf 1 router-id 172.17.1.1
default-route-advertise
import-route bgp tag 200
silent-interface GigabitEthernet0/0/2.10
silent-interface GigabitEthernet0/0/2.20
area 0.0.0.0
network 10.2.12.1 0.0.0.0
network 10.3.1.1 0.0.0.0
network 10.3.2.1 0.0.0.0
network 172.17.1.1 0.0.0.0
#
route-policy tag100 deny node 10
if-match tag 100
#
route-policy tag100 permit node 999
#
ip route-static 0.0.0.0 0.0.0.0 100.0.1.2 track bfd-session 1
#

*** CE2
[V200R003C00]
#
sysname CE2
#

#
time-range worktime 08:00 to 18:00 working-day
#
wlan ac-global carrier id other ac id 0
#
set cpu-usage threshold 80 restore 75
#
acl number 2000
rule 5 deny source 10.3.2.10 0
rule 10 permit source 10.3.0.0 0.0.255.255
rule 15 deny
#
acl number 3000
rule 5 permit tcp destination-port range 6881 6999 time-range worktime
#

#
nat address-group 1 102.0.1.2 102.0.1.6
#
interface GigabitEthernet0/0/0
ip address 10.2.12.2 255.255.255.252
#
interface GigabitEthernet0/0/1
#
interface GigabitEthernet0/0/1.1
dot1q termination vid 1
ip address 10.2.22.1 255.255.255.252
arp broadcast enable
#
interface GigabitEthernet0/0/1.2
dot1q termination vid 2
ip address 10.2.22.5 255.255.255.252
arp broadcast enable
#
interface GigabitEthernet0/0/2
#
interface GigabitEthernet0/0/2.10
dot1q termination vid 10
ip address 10.3.1.2 255.255.255.0
vrrp vrid 1 virtual-ip 10.3.1.254
arp broadcast enable
#
interface GigabitEthernet0/0/2.20
dot1q termination vid 20
ip address 10.3.2.2 255.255.255.0
vrrp vrid 2 virtual-ip 10.3.2.254
vrrp vrid 2 priority 110
vrrp vrid 2 preempt-mode timer delay 60
arp broadcast enable
#
interface GigabitEthernet2/0/0
#
interface GigabitEthernet2/0/1
#
interface GigabitEthernet2/0/2
ip address 200.0.2.1 255.255.255.252
qos car outbound acl 3000 cir 1000 cbs 188000 pbs 313000 green pass yellow pass
red discard
nat server protocol tcp global 102.0.1.1 ftp inside 10.3.2.10 ftp
nat server protocol tcp global 102.0.1.1 www inside 10.3.2.10 www
nat outbound 2000 address-group 1
#
interface GigabitEthernet2/0/3
#
interface NULL0
#
interface LoopBack0
ip address 172.17.1.2 255.255.255.255
#
interface LoopBack1
ip address 102.0.1.124 255.255.255.0
#
bgp 65000
peer 10.2.22.2 as-number 100
peer 10.2.22.6 as-number 100
#
ipv4-family unicast
undo synchronization
preference 120 255 255
import-route ospf 1 route-policy tag200
peer 10.2.22.2 enable
peer 10.2.22.6 enable
peer 10.2.22.6 default-route-advertise
#
ospf 1 router-id 172.17.1.2
default-route-advertise
import-route bgp tag 100
silent-interface GigabitEthernet0/0/2.10
silent-interface GigabitEthernet0/0/2.20
area 0.0.0.0
network 10.2.12.2 0.0.0.0
network 10.3.1.2 0.0.0.0
network 10.3.2.2 0.0.0.0
network 172.17.1.2 0.0.0.0
#
route-policy tag200 deny node 10
if-match tag 200
#
route-policy tag200 permit node 999
#
ip route-static 0.0.0.0 0.0.0.0 200.0.2.2 track nqa yeslab test
#
nqa test-instance yeslab test
test-type icmp
destination-address ipv4 200.0.2.2
frequency 3
start now
#

*** CE3

#
sysname CE3
#

#
interface Mp-group0/0/1
ip address 10.2.33.1 255.255.255.252
#

#
interface Pos5/0/0
link-protocol ppp
ppp mp Mp-group 0/0/1
#
interface Pos6/0/0
link-protocol ppp
ppp mp Mp-group 0/0/1
#
interface NULL0
#
interface LoopBack0
ip address 172.17.1.3 255.255.255.255
#
interface LoopBack1
ip address 10.3.3.3 255.255.255.255
#
ospf 1
area 0.0.0.1
network 10.2.33.1 0.0.0.0
network 10.3.3.3 0.0.0.0
network 172.17.1.3 0.0.0.0
#

*** CE4
[V200R003C00]
#
sysname CE4
#

#
ip vpn-instance 1
ipv4-family
route-distinguisher 100:144
#
acl number 3000
rule 5 permit ip destination 10.3.1.0 0.0.0.255
acl number 3001
rule 5 permit ip destination 10.3.2.0 0.0.0.255
acl number 3002
rule 5 permit ip destination 10.3.3.0 0.0.0.255
acl number 3003
rule 5 permit ip destination 10.3.4.0 0.0.0.255
#
traffic classifier Signal operator or
if-match acl 3001
traffic classifier Realtime operator or
if-match acl 3000
traffic classifier Office operator or
if-match acl 3003
traffic classifier Monitor operator or
if-match acl 3002
#
traffic behavior 100
remark 8021p 4
traffic behavior 000
remark 8021p 0
traffic behavior 011
remark 8021p 3
traffic behavior 101
remark 8021p 5
traffic behavior 010
remark 8021p 2
#
traffic policy mark
classifier Realtime behavior 101
classifier Signal behavior 100
classifier Monitor behavior 011
classifier Office behavior 010
classifier default-class behavior 000
#
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password cipher %$%$K8m.Nt84DZ}e#<0`8bmE3Uw}%$%$
local-user admin service-type http
#
firewall zone Local
priority 15
#
interface GigabitEthernet0/0/0
#
interface GigabitEthernet0/0/1
ip binding vpn-instance 1
ip address 10.2.41.1 255.255.255.252
traffic-policy mark outbound
#
interface GigabitEthernet0/0/2
#
interface NULL0
#
interface LoopBack0
ip binding vpn-instance 1
ip address 172.17.1.4 255.255.255.255
#
interface LoopBack1
ip binding vpn-instance 1
ip address 10.3.3.4 255.255.255.255
#
ospf 1 vpn-instance 1
dn-bit-check disable ase
area 0.0.0.0
network 10.2.41.1 0.0.0.0
network 10.3.3.4 0.0.0.0
network 172.17.1.4 0.0.0.0
#

*** PE1
sysname PE1
#
ipv6
#
router id 172.16.1.1
#
ip vpn-instance VPN_IN
ipv4-family
route-distinguisher 100:11
vpn-target 100:1 200:1 import-extcommunity
#
ip vpn-instance VPN_OUT
ipv4-family
route-distinguisher 100:111
vpn-target 200:1 export-extcommunity
#
mpls lsr-id 172.16.1.1
mpls
#
mpls ldp
#

#
isis 1
is-level level-2
cost-style wide
network-entity 47.0001.1720.1600.1001.00
#
ipv6 enable topology ipv6
#
#

#
interface Ip-Trunk1
ipv6 enable
ip address 10.1.13.1 255.255.255.252
ipv6 address 2000:FAD8:99EF:C03E:B2AD:9EFF:32DD:DC10/127
isis enable 1
isis ipv6 enable 1
isis cost 1500
mpls
mpls ldp

#
interface Serial0/0/0
link-protocol hdlc
ip-trunk 1
#
interface Serial0/0/1
link-protocol hdlc
ip-trunk 1
#

#
interface GigabitEthernet0/0/0
ipv6 enable
ip address 10.1.12.1 255.255.255.252
ipv6 address 2000:EAD8:99EF:C03E:B2AD:9EFF:32DD:1220/127
isis enable 1
isis ipv6 enable 1
isis cost 20
mpls
mpls ldp
#
interface GigabitEthernet0/0/1
#
interface GigabitEthernet0/0/1.1
dot1q termination vid 10
ip binding vpn-instance VPN_IN
ip address 10.2.11.2 255.255.255.252
arp broadcast enable
#
interface GigabitEthernet0/0/1.2
dot1q termination vid 20
ip binding vpn-instance VPN_OUT
ip address 10.2.11.6 255.255.255.252
arp broadcast enable
#

#
interface LoopBack0
ipv6 enable
ip address 172.16.1.1 255.255.255.255
ipv6 address 2000:EAD8:99EF:C03E:B2AD:9EFF:32DD:DC01/128
isis enable 1
isis ipv6 enable 1
#
bgp 100
peer 172.16.1.3 as-number 100
peer 172.16.1.3 connect-interface LoopBack0
peer 2000:EAD8:99EF:C03E:B2AD:9EFF:32DD:DC03 as-number 100
peer 2000:EAD8:99EF:C03E:B2AD:9EFF:32DD:DC03 connect-interface LoopBack0
#
ipv4-family unicast
undo synchronization
peer 172.16.1.3 enable
peer 172.16.1.3 label-route-capability
#
ipv6-family unicast
undo synchronization
peer 2000:EAD8:99EF:C03E:B2AD:9EFF:32DD:DC03 enable
#
ipv4-family vpnv4
policy vpn-target
peer 172.16.1.3 enable
#
ipv4-family vpn-instance VPN_IN
peer 10.2.11.1 as-number 65000
#
ipv4-family vpn-instance VPN_OUT
peer 10.2.11.5 as-number 65000
peer 10.2.11.5 allow-as-loop
#

*** PE2
sysname PE2
#
ipv6
#
router id 172.16.1.20
#
ip vpn-instance VPN_IN
ipv4-family
route-distinguisher 100:12
vpn-target 100:1 200:1 import-extcommunity
#
ip vpn-instance VPN_OUT
ipv4-family
route-distinguisher 100:122
vpn-target 200:1 export-extcommunity
#
mpls lsr-id 172.16.1.20
mpls
#
mpls ldp
#

#
isis 1
is-level level-2
cost-style wide
network-entity 47.0001.1720.1600.1020.00
#
ipv6 enable topology ipv6
#
#
interface GigabitEthernet0/0/0
ipv6 enable
ip address 10.1.12.2 255.255.255.252
ipv6 address 2000:EAD8:99EF:C03E:B2AD:9EFF:32DD:1221/127
isis enable 1
isis ipv6 enable 1
isis cost 20
mpls
mpls ldp
#
interface GigabitEthernet0/0/1
#
interface GigabitEthernet0/0/1.1
dot1q termination vid 1
ip binding vpn-instance VPN_IN
ip address 10.2.22.2 255.255.255.252
arp broadcast enable
#
interface GigabitEthernet0/0/1.2
dot1q termination vid 2
ip binding vpn-instance VPN_OUT
ip address 10.2.22.6 255.255.255.252
arp broadcast enable
#
interface GigabitEthernet0/0/2
ipv6 enable
ip address 10.1.24.1 255.255.255.252
ipv6 address 2000:EAD8:99EF:C03E:B2AD:9EFF:32DD:2430/127
isis enable 1
isis ipv6 enable 1
isis cost 1500
mpls
mpls ldp
#
interface GigabitEthernet0/0/3
#
wlan
#
interface NULL0
#
interface LoopBack0
ipv6 enable
ip address 172.16.1.20 255.255.255.255
ipv6 address 2000:EAD8:99EF:C03E:B2AD:9EFF:32DD:DC02/128
isis enable 1
isis ipv6 enable 1
#
bgp 100
peer 172.16.1.3 as-number 100
peer 172.16.1.3 connect-interface LoopBack0
peer 2000:EAD8:99EF:C03E:B2AD:9EFF:32DD:DC03 as-number 100
peer 2000:EAD8:99EF:C03E:B2AD:9EFF:32DD:DC03 connect-interface LoopBack0
#
ipv4-family unicast
undo synchronization
peer 172.16.1.3 enable
peer 172.16.1.3 label-route-capability
#
ipv6-family unicast
undo synchronization
peer 2000:EAD8:99EF:C03E:B2AD:9EFF:32DD:DC03 enable
#
ipv4-family vpnv4
policy vpn-target
peer 172.16.1.3 enable
#
ipv4-family vpn-instance VPN_IN
peer 10.2.22.1 as-number 65000
#
ipv4-family vpn-instance VPN_OUT
peer 10.2.22.5 as-number 65000
peer 10.2.22.5 allow-as-loop
#

#
return
*** RR1
sysname RR1
#
ipv6
#
router id 172.16.1.3
#
mpls lsr-id 172.16.1.3
mpls
#
mpls ldp
#

#
isis 1
cost-style wide
network-entity 47.0001.1720.1600.1003.00
#
ipv6 enable topology ipv6
#

#
interface Ip-Trunk1
ipv6 enable
ip address 10.1.13.2 255.255.255.252
ipv6 address 2000:FAD8:99EF:C03E:B2AD:9EFF:32DD:DC11/127
isis enable 1
isis ipv6 enable 1
isis cost 1500
mpls
mpls ldp
#

#
interface Serial0/0/0
link-protocol hdlc
ip-trunk 1
#
interface Serial0/0/1
link-protocol hdlc
ip-trunk 1
#

#
interface GigabitEthernet0/0/0
ipv6 enable
ip address 10.1.34.1 255.255.255.252
ipv6 address 2000:EAD8:99EF:C03E:B2AD:9EFF:32DD:3440/127
isis enable 1
isis ipv6 enable 1
isis cost 100
mpls
mpls ldp
#
interface GigabitEthernet0/0/1
ipv6 enable
ip address 10.1.35.1 255.255.255.252
ipv6 address 2000:EAD8:99EF:C03E:B2AD:9EFF:32DD:3550/127
isis enable 1
isis ipv6 enable 1
isis cost 1000
mpls
mpls ldp
#

#
interface LoopBack0
ipv6 enable
ip address 172.16.1.3 255.255.255.255
ipv6 address 2000:EAD8:99EF:C03E:B2AD:9EFF:32DD:DC03/128
isis enable 1
isis ipv6 enable 1
#
bgp 100
peer 172.16.1.1 as-number 100
peer 172.16.1.1 connect-interface LoopBack0
peer 172.16.1.4 as-number 100
peer 172.16.1.4 connect-interface LoopBack0
peer 172.16.1.5 as-number 100
peer 172.16.1.5 connect-interface LoopBack0
peer 172.16.1.6 as-number 100
peer 172.16.1.6 connect-interface LoopBack0
peer 172.16.1.9 as-number 200
peer 172.16.1.9 ebgp-max-hop 255
peer 172.16.1.9 connect-interface LoopBack0
peer 172.16.1.20 as-number 100
peer 172.16.1.20 connect-interface LoopBack0
peer 2000:EAD8:99EF:C03E:B2AD:9EFF:32DD:DC01 as-number 100
peer 2000:EAD8:99EF:C03E:B2AD:9EFF:32DD:DC01 connect-interface LoopBack0
peer 2000:EAD8:99EF:C03E:B2AD:9EFF:32DD:DC02 as-number 100
peer 2000:EAD8:99EF:C03E:B2AD:9EFF:32DD:DC02 connect-interface LoopBack0
peer 2000:EAD8:99EF:C03E:B2AD:9EFF:32DD:DC03 as-number 100
peer 2000:EAD8:99EF:C03E:B2AD:9EFF:32DD:DC04 as-number 100
peer 2000:EAD8:99EF:C03E:B2AD:9EFF:32DD:DC04 connect-interface LoopBack0
peer 2000:EAD8:99EF:C03E:B2AD:9EFF:32DD:DC05 as-number 100
peer 2000:EAD8:99EF:C03E:B2AD:9EFF:32DD:DC05 connect-interface LoopBack0
peer 2000:EAD8:99EF:C03E:B2AD:9EFF:32DD:DC06 as-number 100
peer 2000:EAD8:99EF:C03E:B2AD:9EFF:32DD:DC06 connect-interface LoopBack0
#
ipv4-family unicast
undo synchronization
peer 172.16.1.1 enable
peer 172.16.1.1 reflect-client
peer 172.16.1.1 label-route-capability
peer 172.16.1.4 enable
peer 172.16.1.4 reflect-client
peer 172.16.1.5 enable
peer 172.16.1.5 reflect-client
peer 172.16.1.5 label-route-capability
peer 172.16.1.6 enable
peer 172.16.1.6 reflect-client
peer 172.16.1.6 label-route-capability
undo peer 172.16.1.9 enable
peer 172.16.1.20 enable
peer 172.16.1.20 reflect-client
peer 172.16.1.20 label-route-capability
#
ipv6-family unicast
undo synchronization
peer 2000:EAD8:99EF:C03E:B2AD:9EFF:32DD:DC01 enable
peer 2000:EAD8:99EF:C03E:B2AD:9EFF:32DD:DC01 reflect-client
peer 2000:EAD8:99EF:C03E:B2AD:9EFF:32DD:DC02 enable
peer 2000:EAD8:99EF:C03E:B2AD:9EFF:32DD:DC02 reflect-client
peer 2000:EAD8:99EF:C03E:B2AD:9EFF:32DD:DC04 enable
peer 2000:EAD8:99EF:C03E:B2AD:9EFF:32DD:DC04 reflect-client
peer 2000:EAD8:99EF:C03E:B2AD:9EFF:32DD:DC05 enable
peer 2000:EAD8:99EF:C03E:B2AD:9EFF:32DD:DC05 reflect-client
peer 2000:EAD8:99EF:C03E:B2AD:9EFF:32DD:DC06 enable
peer 2000:EAD8:99EF:C03E:B2AD:9EFF:32DD:DC06 reflect-client
#
ipv4-family vpnv4
undo policy vpn-target
peer 172.16.1.1 enable
peer 172.16.1.1 next-hop-invariable
peer 172.16.1.9 enable
peer 172.16.1.9 next-hop-invariable
peer 172.16.1.20 enable
peer 172.16.1.20 next-hop-invariable
#

*** P1
sysname P1
#
ipv6
#
router id 172.16.1.4
#
mpls lsr-id 172.16.1.4
mpls
#
mpls ldp
#

#
isis 1
cost-style wide
timer lsp-generation 1 50 50 level-1
timer lsp-generation 1 50 50 level-2
network-entity 47.0001.1720.1600.1004.00
timer spf 1 100 100
#
ipv6 enable topology ipv6
#

#
interface GigabitEthernet0/0/0
ipv6 enable
ip address 10.1.34.2 255.255.255.252
ipv6 address 2000:EAD8:99EF:C03E:B2AD:9EFF:32DD:3441/127
isis enable 1
isis ipv6 enable 1
isis cost 100
mpls
mpls ldp
#
interface GigabitEthernet0/0/1
ipv6 enable
ip address 10.1.46.1 255.255.255.252
ipv6 address 2000:EAD8:99EF:C03E:B2AD:9EFF:32DD:4660/127
isis enable 1
isis ipv6 enable 1
isis cost 1000
mpls
mpls ldp
#
interface GigabitEthernet0/0/2
ipv6 enable
ip address 10.1.24.2 255.255.255.252
ipv6 address 2000:EAD8:99EF:C03E:B2AD:9EFF:32DD:2431/127
isis enable 1
isis ipv6 enable 1
isis cost 1500
mpls
mpls ldp
#
interface GigabitEthernet0/0/3
#
wlan
#
interface NULL0
#
interface LoopBack0
ipv6 enable
ip address 172.16.1.4 255.255.255.255
ipv6 address 2000:EAD8:99EF:C03E:B2AD:9EFF:32DD:DC04/128
isis enable 1
isis ipv6 enable 1
#
bgp 100
peer 172.16.1.3 as-number 100
peer 172.16.1.3 connect-interface LoopBack0
peer 2000:EAD8:99EF:C03E:B2AD:9EFF:32DD:DC03 as-number 100
peer 2000:EAD8:99EF:C03E:B2AD:9EFF:32DD:DC03 connect-interface LoopBack0
#
ipv4-family unicast
undo synchronization
peer 172.16.1.3 enable
#
ipv6-family unicast
undo synchronization
peer 2000:EAD8:99EF:C03E:B2AD:9EFF:32DD:DC03 enable
#

*** ASBR1
sysname ASBR1
#
ipv6
#
router id 172.16.1.5
#
mpls lsr-id 172.16.1.5
mpls
#
mpls ldp
#

#
isis 1
is-level level-2
cost-style wide
network-entity 47.0002.1720.1600.1005.00
#
ipv6 enable topology ipv6
ipv6 import-route isis level-2 into level-1 filter-policy ipv6-prefix yeslab
#
#

#
interface GigabitEthernet0/0/0
ipv6 enable
ip address 10.1.56.1 255.255.255.252
ipv6 address 2000:EAD8:99EF:C03E:B2AD:9EFF:32DD:5670/127
isis enable 1
isis ipv6 enable 1
isis cost 50
mpls
mpls ldp
#
interface GigabitEthernet0/0/1
ipv6 enable
ip address 10.1.35.2 255.255.255.252
ipv6 address 2000:EAD8:99EF:C03E:B2AD:9EFF:32DD:3551/127
isis enable 1
isis ipv6 enable 1
isis cost 1000
mpls
mpls ldp
#
interface GigabitEthernet0/0/2
ipv6 enable
ip address 10.1.57.1 255.255.255.252
ipv6 address 2570:CCDD:CCBB:3CAF:EFFE:ACDD:CCDB:5701/127
#
interface GigabitEthernet0/0/3
#
wlan
#
interface NULL0
#
interface LoopBack0
ipv6 enable
ip address 172.16.1.5 255.255.255.255
ipv6 address 2000:EAD8:99EF:C03E:B2AD:9EFF:32DD:DC05/128
isis enable 1
isis ipv6 enable 1
#
bgp 100
peer 10.1.57.2 as-number 200
peer 172.16.1.3 as-number 100
peer 172.16.1.3 connect-interface LoopBack0
peer 2000:EAD8:99EF:C03E:B2AD:9EFF:32DD:DC03 as-number 100
peer 2000:EAD8:99EF:C03E:B2AD:9EFF:32DD:DC03 connect-interface LoopBack0
peer 2570:CCDD:CCBB:3CAF:EFFE:ACDD:CCDB:5700 as-number 200
#
ipv4-family unicast
undo synchronization
import-route isis 1 route-policy isis_bgp
peer 10.1.57.2 enable
peer 10.1.57.2 route-policy set_label export
peer 10.1.57.2 label-route-capability
peer 172.16.1.3 enable
peer 172.16.1.3 route-policy if_set export
peer 172.16.1.3 next-hop-local
peer 172.16.1.3 label-route-capability
#
ipv6-family unicast
undo synchronization
aggregate 2000:EAD8:99EF:C03E:B2AD:9EFF:32DD:DC00 120 suppress-policy supp
import-route isis 1
peer 2000:EAD8:99EF:C03E:B2AD:9EFF:32DD:DC03 enable
peer 2000:EAD8:99EF:C03E:B2AD:9EFF:32DD:DC03 next-hop-local
peer 2570:CCDD:CCBB:3CAF:EFFE:ACDD:CCDB:5700 enable
peer 2570:CCDD:CCBB:3CAF:EFFE:ACDD:CCDB:5700 ipv6-prefix yeslab export
#
route-policy isis_bgp permit node 10
if-match ip-prefix loop0
#
route-policy set_label permit node 10
apply mpls-label
#
route-policy if_set permit node 10
if-match mpls-label
apply mpls-label
#
route-policy supp permit node 10
if-match ipv6 address prefix-list hcie
#
ip ip-prefix loop0 index 10 permit 172.16.1.0 24 greater-equal 32 less-equal 32
#
ip ipv6-prefix yeslab index 10 permit 2000:EAD8:99EF:C03E:B2AD:9EFF:32DD:DC05 12
8
ip ipv6-prefix hcie index 10 deny 2000:EAD8:99EF:C03E:B2AD:9EFF:32DD:DC07 128 gr
eater-equal 128 less-equal 128
ip ipv6-prefix hcie index 20 permit :: 0 greater-equal 128 less-equal 128

*** ASBR2
sysname ASBR2
#
ipv6
#
router id 172.16.1.6
#
mpls lsr-id 172.16.1.6
mpls
#
mpls ldp
#

#
isis 1
is-level level-2
cost-style wide
network-entity 47.0002.1720.1600.1006.00
#
ipv6 enable topology ipv6
ipv6 import-route isis level-2 into level-1 filter-policy ipv6-prefix yeslab
#

#
interface GigabitEthernet0/0/0
ipv6 enable
ip address 10.1.56.2 255.255.255.252
ipv6 address 2000:EAD8:99EF:C03E:B2AD:9EFF:32DD:5671/127
isis enable 1
isis ipv6 enable 1
isis cost 50
mpls
mpls ldp
#
interface GigabitEthernet0/0/1
ipv6 enable
ip address 10.1.46.2 255.255.255.252
ipv6 address 2000:EAD8:99EF:C03E:B2AD:9EFF:32DD:4661/127
isis enable 1
isis ipv6 enable 1
isis cost 1000
mpls
mpls ldp
#
interface GigabitEthernet0/0/2
ip address 10.1.68.1 255.255.255.252
#
interface GigabitEthernet0/0/3
#
wlan
#
interface NULL0
#
interface LoopBack0
ipv6 enable
ip address 172.16.1.6 255.255.255.255
ipv6 address 2000:EAD8:99EF:C03E:B2AD:9EFF:32DD:DC06/128
isis enable 1
isis ipv6 enable 1
#
bgp 100
peer 10.1.68.2 as-number 200
peer 172.16.1.3 as-number 100
peer 172.16.1.3 connect-interface LoopBack0
#
ipv4-family unicast
undo synchronization
import-route isis 1 route-policy isis_bgp
peer 10.1.68.2 enable
peer 10.1.68.2 route-policy set_label export
peer 10.1.68.2 label-route-capability
peer 172.16.1.3 enable
peer 172.16.1.3 route-policy if_set export
peer 172.16.1.3 next-hop-local
peer 172.16.1.3 label-route-capability
#
route-policy isis_bgp permit node 10
if-match ip-prefix loop0
#
route-policy set_label permit node 10
apply mpls-label
#
route-policy if_set permit node 10
if-match mpls-label
apply mpls-label
#
ip ip-prefix loop0 index 10 permit 172.16.1.0 24 greater-equal 32 less-equal 32
#
ip ipv6-prefix yeslab index 10 permit 2000:EAD8:99EF:C03E:B2AD:9EFF:32DD:DC05 12
8
#

*** ASBR3
[V200R003C00]
#
sysname ASBR3

#
ipv6
#
router id 172.16.1.7
#
wlan ac-global carrier id other ac id 0
#
set cpu-usage threshold 80 restore 75
#
mpls lsr-id 172.16.1.7
mpls
#
mpls ldp
#

#
isis 1
is-level level-2
cost-style wide
network-entity 49.0002.1720.1600.1007.00
#

#
interface GigabitEthernet0/0/0
ip address 10.1.78.1 255.255.255.252
isis enable 1
isis cost 100
mpls
mpls ldp
#
interface GigabitEthernet0/0/1
ip address 10.1.79.1 255.255.255.252
isis enable 1
isis cost 1000
mpls
mpls ldp
#
interface GigabitEthernet0/0/2
ipv6 enable
ip address 10.1.57.2 255.255.255.252
ipv6 address 2570:CCDD:CCBB:3CAF:EFFE:ACDD:CCDB:5700/127
#
interface NULL0
#
interface LoopBack0
ipv6 enable
ip address 172.16.1.7 255.255.255.255
ipv6 address 2000:EAD8:99EF:C03E:B2AD:9EFF:32DD:DC07/128
isis enable 1
#
bgp 200
peer 10.1.57.1 as-number 100
peer 172.16.1.9 as-number 200
peer 172.16.1.9 connect-interface LoopBack0
peer 2570:CCDD:CCBB:3CAF:EFFE:ACDD:CCDB:5701 as-number 100
#
ipv4-family unicast
undo synchronization
import-route isis 1 route-policy isis_bgp
peer 10.1.57.1 enable
peer 10.1.57.1 route-policy set_label export
peer 10.1.57.1 label-route-capability
peer 172.16.1.9 enable
peer 172.16.1.9 route-policy if_set export
peer 172.16.1.9 next-hop-local
peer 172.16.1.9 label-route-capability
#
ipv6-family unicast
undo synchronization
network 2000:EAD8:99EF:C03E:B2AD:9EFF:32DD:DC07 128
peer 2570:CCDD:CCBB:3CAF:EFFE:ACDD:CCDB:5701 enable
#
route-policy isis_bgp permit node 10
if-match ip-prefix loop0
#
route-policy if_set permit node 10
if-match mpls-label
apply mpls-label
#
route-policy set_label permit node 10
apply mpls-label
#
ip ip-prefix loop0 index 10 permit 172.16.1.0 24 greater-equal 32 less-equal 32
#
user-interface con 0
authentication-mode password
user-interface vty 0 4
user-interface vty 16 20
#

*** ASBR4
[V200R003C00]
#
sysname ASBR4
#

#
router id 172.16.1.8
#
wlan ac-global carrier id other ac id 0
#
set cpu-usage threshold 80 restore 75
#
mpls lsr-id 172.16.1.8
mpls
#
mpls ldp
#
#
isis 1
is-level level-2
cost-style wide
network-entity 49.0002.1720.1600.1008.00
#
firewall zone Local
priority 15
#
interface GigabitEthernet0/0/0
ip address 10.1.78.2 255.255.255.252
isis enable 1
isis cost 100
mpls
mpls ldp
#
interface GigabitEthernet0/0/1
ip address 10.1.81.1 255.255.255.252
isis enable 1
isis cost 1000
mpls
mpls ldp
#
interface GigabitEthernet0/0/2
ip address 10.1.68.2 255.255.255.252
#

#
interface LoopBack0
ip address 172.16.1.8 255.255.255.255
isis enable 1
#
bgp 200
peer 10.1.68.1 as-number 100
peer 172.16.1.9 as-number 200
peer 172.16.1.9 connect-interface LoopBack0
#
ipv4-family unicast
undo synchronization
import-route isis 1 route-policy isis_bgp
peer 10.1.68.1 enable
peer 10.1.68.1 route-policy set_label export
peer 10.1.68.1 label-route-capability
peer 172.16.1.9 enable
peer 172.16.1.9 route-policy if_set export
peer 172.16.1.9 label-route-capability
#
route-policy isis_bgp permit node 10
if-match ip-prefix loop0
#
route-policy if_set permit node 10
if-match mpls-label
apply mpls-label
#
route-policy set_label permit node 10
apply mpls-label
#
ip ip-prefix loop0 index 10 permit 172.16.1.0 24 greater-equal 32 less-equal 32
#
user-interface con 0
authentication-mode password
user-interface vty 0 4
user-interface vty 16 20

*** RR2
[V200R003C00]
#
sysname RR2

#
router id 172.16.1.9
#
wlan ac-global carrier id other ac id 0
#
set cpu-usage threshold 80 restore 75
#
mpls lsr-id 172.16.1.9
mpls
#
mpls ldp
#

#
isis 1
is-level level-2
cost-style wide
network-entity 49.0002.1720.1600.1009.00
import-route ospf 1 inherit-cost route-policy import
#

#
interface GigabitEthernet0/0/0
ip address 10.1.91.1 255.255.255.252
isis enable 1
isis circuit-type p2p
isis cost 50
ospf cost 50
mpls
mpls ldp
#
interface GigabitEthernet0/0/1
ip address 10.1.79.2 255.255.255.252
isis enable 1
isis cost 1000
mpls
mpls ldp
#
interface GigabitEthernet0/0/2
ip address 10.1.119.1 255.255.255.252
ospf cost 1500
mpls
mpls ldp
#

#
interface LoopBack0
ip address 172.16.1.9 255.255.255.255
isis enable 1
#
bgp 200
peer 172.16.1.2 as-number 200
peer 172.16.1.2 connect-interface LoopBack0
peer 172.16.1.3 as-number 100
peer 172.16.1.3 ebgp-max-hop 255
peer 172.16.1.3 connect-interface LoopBack0
peer 172.16.1.7 as-number 200
peer 172.16.1.7 connect-interface LoopBack0
peer 172.16.1.8 as-number 200
peer 172.16.1.8 connect-interface LoopBack0
peer 172.16.1.10 as-number 200
peer 172.16.1.10 connect-interface LoopBack0
peer 172.16.1.11 as-number 200
peer 172.16.1.11 connect-interface LoopBack0
#
ipv4-family unicast
undo synchronization
peer 172.16.1.2 enable
peer 172.16.1.2 reflect-client
peer 172.16.1.2 label-route-capability
undo peer 172.16.1.3 enable
peer 172.16.1.7 enable
peer 172.16.1.7 reflect-client
peer 172.16.1.7 label-route-capability
peer 172.16.1.8 enable
peer 172.16.1.8 reflect-client
peer 172.16.1.8 label-route-capability
peer 172.16.1.10 enable
peer 172.16.1.10 reflect-client
peer 172.16.1.11 enable
peer 172.16.1.11 reflect-client
peer 172.16.1.11 label-route-capability
#
ipv4-family vpnv4
undo policy vpn-target
peer 172.16.1.2 enable
peer 172.16.1.2 next-hop-invariable
peer 172.16.1.3 enable
peer 172.16.1.3 next-hop-invariable
peer 172.16.1.3 allow-as-loop
peer 172.16.1.11 enable
peer 172.16.1.11 next-hop-invariable
#
ospf 1
default cost inherit-metric type 1
import-route isis 1 type 1 route-policy import
preference ase route-policy tag200 150
area 0.0.0.0
network 10.1.91.1 0.0.0.0
network 10.1.119.1 0.0.0.0
network 172.16.1.9 0.0.0.0
#
route-policy import deny node 5
if-match tag 400
#
route-policy import permit node 10
if-match ip-prefix loop0
apply tag 400
#
route-policy tag200 permit node 10
if-match tag 200
apply preference 14
#
ip ip-prefix loop0 index 10 permit 172.16.0.0 16 greater-equal 32 less-equal 32
#
user-interface con 0
authentication-mode password
user-interface vty 0 4
user-interface vty 16 20
#

*** P2
[V200R003C00]
#
sysname P2
#

#
router id 172.16.1.10
#
wlan ac-global carrier id other ac id 0
#
set cpu-usage threshold 80 restore 75
#
mpls lsr-id 172.16.1.10
mpls
#
mpls ldp
#

isis 1
is-level level-2
cost-style wide
network-entity 49.0002.1720.1600.1010.00
import-route ospf 1 inherit-cost route-policy import
#
firewall zone Local
priority 15
#
interface GigabitEthernet0/0/0
ip address 10.1.91.2 255.255.255.252
isis enable 1
isis circuit-type p2p
isis cost 50
ospf cost 50
mpls
mpls ldp
#
interface GigabitEthernet0/0/1
ip address 10.1.81.2 255.255.255.252
isis enable 1
isis cost 1000
mpls
mpls ldp
#
interface GigabitEthernet0/0/2
ip address 10.1.102.1 255.255.255.252
ospf cost 1500
mpls
mpls ldp
#

#
interface LoopBack0
ip address 172.16.1.10 255.255.255.255
#
bgp 200
peer 172.16.1.9 as-number 200
peer 172.16.1.9 connect-interface LoopBack0
#
ipv4-family unicast
undo synchronization
peer 172.16.1.9 enable
#
ospf 1
default cost inherit-metric type 1
import-route isis 1 type 1 route-policy import
preference ase route-policy tag200 150
area 0.0.0.0
network 10.1.91.2 0.0.0.0
network 10.1.102.1 0.0.0.0
network 172.16.1.10 0.0.0.0
#
route-policy import deny node 5
if-match tag 400
#
route-policy import permit node 10
if-match ip-prefix loop0
apply tag 400
#
route-policy tag200 permit node 10
if-match tag 200
apply preference 14
#
ip ip-prefix loop0 index 10 permit 172.16.0.0 16 greater-equal 32 less-equal 32
#

*** PE3
[V200R003C00]
#
sysname PE3

#
router id 172.16.1.11
#

#
ip vpn-instance VPN1
ipv4-family
route-distinguisher 100:13
vpn-target 100:1 export-extcommunity
vpn-target 200:1 import-extcommunity
#
mpls lsr-id 172.16.1.11
mpls
#
mpls ldp
#
#
acl number 2000
rule 5 permit source 10.3.1.0 0.0.254.0
acl number 2001
rule 5 permit source 172.16.1.1 0
acl number 2002
rule 5 permit source 10.3.0.0 0.0.254.0
acl number 2003
rule 5 permit source 172.16.1.20 0
#

#
interface Mp-group0/0/1
ip binding vpn-instance VPN1
ip address 10.2.33.2 255.255.255.252
#
interface GigabitEthernet0/0/0
ip address 10.1.112.1 255.255.255.252
ospf cost 20
ospf network-type p2p
mpls
mpls ldp
#
interface GigabitEthernet0/0/1
#
interface GigabitEthernet0/0/2
ip address 10.1.119.2 255.255.255.252
ospf cost 1500
mpls
mpls ldp
#

#
interface Pos5/0/0
link-protocol ppp
ppp mp Mp-group 0/0/1
#
interface Pos6/0/0
link-protocol ppp
ppp mp Mp-group 0/0/1
#
#
interface LoopBack0
ip address 172.16.1.11 255.255.255.255
#
bgp 200
peer 172.16.1.9 as-number 200
peer 172.16.1.9 connect-interface LoopBack0
#
ipv4-family unicast
undo synchronization
peer 172.16.1.9 enable
peer 172.16.1.9 label-route-capability
#
ipv4-family vpnv4
policy vpn-target
peer 172.16.1.9 enable
peer 172.16.1.9 route-policy lp import
#
ipv4-family vpn-instance VPN1
import-route ospf 2
#
ospf 1
area 0.0.0.0
network 10.1.112.1 0.0.0.0
network 10.1.119.2 0.0.0.0
network 172.16.1.11 0.0.0.0
#
ospf 2 vpn-instance VPN1
default-route-advertise
import-route bgp
area 0.0.0.1
network 10.2.33.2 0.0.0.0
#
route-policy lp permit node 10
if-match acl 2000
if-match ip next-hop acl 2001
apply local-preference 200
#
route-policy lp permit node 20
if-match acl 2002
if-match ip next-hop acl 2003
apply local-preference 200
#
route-policy lp permit node 999
#

*** PE4
[V200R003C00]
#
sysname PE4
#

#
router id 172.16.1.2
#
#
ip vpn-instance VPN1
ipv4-family
route-distinguisher 100:14
vpn-target 100:1 export-extcommunity
vpn-target 200:1 import-extcommunity
#
mpls lsr-id 172.16.1.2
mpls
#
mpls ldp
#
#
acl number 2000
rule 5 permit source 10.3.1.0 0.0.254.0
acl number 2001
rule 5 permit source 172.16.1.1 0
acl number 2002
rule 5 permit source 10.3.0.0 0.0.254.0
acl number 2003
rule 5 permit source 172.16.1.20 0
#
drop-profile CS4
wred dscp
dscp cs4 low-limit 70 high-limit 100 discard-percentage 50
drop-profile CS3
wred dscp
dscp cs3 low-limit 50 high-limit 90 discard-percentage 50
drop-profile CS2
wred dscp
dscp cs2 low-limit 50 high-limit 80 discard-percentage 50
drop-profile BE
wred dscp
dscp default low-limit 50 high-limit 80 discard-percentage 50
#
qos queue-profile qos
queue 0 weight 1
queue 2 weight 9
queue 3 weight 21
queue 4 weight 63
schedule wfq 0 to 4 pq 5
queue 0 drop-profile BE
queue 2 drop-profile CS2
queue 3 drop-profile CS3
queue 4 drop-profile CS4
#
qos map-table dot1p-dscp
input 5 output 46
#

#
interface GigabitEthernet0/0/0
ip address 10.1.112.2 255.255.255.252
qos queue-profile qos
ospf cost 20
ospf network-type p2p
mpls
mpls ldp
#
interface GigabitEthernet0/0/1
ip binding vpn-instance VPN1
ip address 10.2.41.2 255.255.255.252
trust 8021p override
#
interface GigabitEthernet0/0/2
ip address 10.1.102.2 255.255.255.252
qos queue-profile qos
ospf cost 1500
mpls
mpls ldp
#

#
interface LoopBack0
ip address 172.16.1.2 255.255.255.255
#
bgp 200
peer 172.16.1.9 as-number 200
peer 172.16.1.9 connect-interface LoopBack0
#
ipv4-family unicast
undo synchronization
peer 172.16.1.9 enable
peer 172.16.1.9 label-route-capability
#
ipv4-family vpnv4
policy vpn-target
peer 172.16.1.9 enable
peer 172.16.1.9 route-policy lp import
#
ipv4-family vpn-instance VPN1
import-route ospf 2
#
ospf 1
import-route direct type 1 route-policy yeslab
area 0.0.0.0
network 10.1.102.2 0.0.0.0
network 10.1.112.2 0.0.0.0
#
ospf 2 vpn-instance VPN1
default-route-advertise
import-route bgp
area 0.0.0.0
network 10.2.41.2 0.0.0.0
#
route-policy yeslab permit node 10
if-match ip-prefix loop0
apply tag 200
#
route-policy lp permit node 10
if-match acl 2000
if-match ip next-hop acl 2001
apply local-preference 200
#
route-policy lp permit node 20
if-match acl 2002
if-match ip next-hop acl 2003
apply local-preference 200
#
route-policy lp permit node 999
#
ip ip-prefix loop0 index 10 permit 172.16.1.2 32
#

*** LSW1
sysname LSW1
#
vlan 10
vlan 20
#
stp instance 10 root primary
stp instance 20 root secondary
#

#
stp region-configuration
region-name HUAWEI
revision-level 12
instance 10 vlan 10
instance 20 vlan 20
active region-configuration
#

#
interface Eth-Trunk12
port link-type trunk
undo port trunk allow-pass vlan 1
port trunk allow-pass vlan 2 to 4094
load-balance src-dst-mac
#

#
interface GigabitEthernet0/0/2
port link-type trunk
undo port trunk allow-pass vlan 1
port trunk allow-pass vlan 2 to 4094
stp edged-port enable
#

#
interface GigabitEthernet0/0/10
port link-type trunk
undo port trunk allow-pass vlan 1
port trunk allow-pass vlan 2 to 4094
#
interface GigabitEthernet0/0/11
port link-type trunk
undo port trunk allow-pass vlan 1
port trunk allow-pass vlan 2 to 4094
#

#
interface GigabitEthernet0/0/23
eth-trunk 12
#
interface GigabitEthernet0/0/24
eth-trunk 12
#

#
return
*** LSW2
sysname LSW2
#
vlan 10
vlan 20
#
stp instance 10 root secondary
stp instance 20 root primary
#

#
stp region-configuration
region-name HUAWEI
revision-level 12
instance 10 vlan 10
instance 20 vlan 20
active region-configuration
#

#
interface Eth-Trunk12
port link-type trunk
undo port trunk allow-pass vlan 1
port trunk allow-pass vlan 2 to 4094
load-balance src-dst-mac
#

#
interface GigabitEthernet0/0/3
port link-type trunk
undo port trunk allow-pass vlan 1
port trunk allow-pass vlan 2 to 4094
stp edged-port enable
#

#
interface GigabitEthernet0/0/10
port link-type trunk
undo port trunk allow-pass vlan 1
port trunk allow-pass vlan 2 to 4094
#
interface GigabitEthernet0/0/11
port link-type trunk
undo port trunk allow-pass vlan 1
port trunk allow-pass vlan 2 to 4094
#
#
interface GigabitEthernet0/0/23
eth-trunk 12
#
interface GigabitEthernet0/0/24
eth-trunk 12
#

return
*** LSW3
sysname LSW3
#
vlan 10
vlan 20
#

#
stp region-configuration
region-name HUAWEI
revision-level 12
instance 10 vlan 10
instance 20 vlan 20
active region-configuration
#

#
interface GigabitEthernet0/0/1
port link-type access
port default vlan 10
stp edged-port enable
#

#
interface GigabitEthernet0/0/10
port link-type trunk
undo port trunk allow-pass vlan 1
port trunk allow-pass vlan 2 to 4094
#
interface GigabitEthernet0/0/11
port link-type trunk
undo port trunk allow-pass vlan 1
port trunk allow-pass vlan 2 to 4094
#

*** LSW4
sysname LSW4
#
vlan 10
vlan 20
#

#
stp region-configuration
region-name HUAWEI
revision-level 12
instance 10 vlan 10
instance 20 vlan 20
active region-configuration
#

#
interface GigabitEthernet0/0/1
port link-type access
port defualt vlan 20
stp edged-port enable
#

#
interface GigabitEthernet0/0/10
port link-type trunk
undo port trunk allow-pass vlan 1
port trunk allow-pass vlan 2 to 4094
#
interface GigabitEthernet0/0/11
port link-type trunk
undo port trunk allow-pass vlan 1
port trunk allow-pass vlan 2 to 4094
#

#
return

You might also like