BGP拓扑错误模拟配置

R1配置

---------------------------------------------

version 5.20, ESS 2207P45
#
sysname RT1
#
super password level 3 simple h3c
#
domain default enable system
#
telnet server enable
#
acl number 2000
rule 0 permit source 192.168.200.0 0.0.0.255
acl number 2030
rule 0 permit source 192.168.200.1 0
#
vlan 1
#
domain system
access-limit disable
state active
idle-cut disable
self-service-url disable
#
user-group system
group-attribute allow-guest
#
local-user rt1
password simple rt1
authorization-attribute level 2
service-type telnet
local-user useradmin
authorization-attribute level 2
#
wlan rrm
dot11b mandatory-rate 1 2
dot11b supported-rate 5.5 11
dot11g mandatory-rate 1 2 5.5 11
dot11g supported-rate 6 9 12 18 24 36 48 54
#
attack-defense policy 1
#
interface Aux0
async mode flow
link-protocol ppp
#
interface Cellular0/0
async mode protocol
link-protocol ppp
attack-defense apply policy 1
#
interface Ethernet0/0
port link-mode route
ip address 172.16.0.9 255.255.255.252
attack-defense apply policy 1
#
interface Ethernet0/1
port link-mode route
ip address 172.16.0.2 255.255.255.252
attack-defense apply policy 1
#
interface Ethernet0/2
port link-mode route
ip address 172.16.1.1 255.255.255.252
attack-defense apply policy 1
#
interface NULL0
#
interface LoopBack0
ip address 1.1.1.1 255.255.255.255
#
interface Ethernet0/3
port link-mode bridge
#
interface Ethernet0/4
port link-mode bridge
#
interface WLAN-Radio2/0
#
bgp 65000
undo synchronization
peer 172.16.1.2 as-number 65001
peer 2.2.2.2 as-number 65000
peer 6.6.6.6 as-number 65000
peer 7.7.7.7 as-number 65000
peer 172.16.1.2 route-policy fk export
peer 172.16.1.2 route-policy fa import
peer 2.2.2.2 connect-interface LoopBack0
peer 6.6.6.6 connect-interface LoopBack0
peer 7.7.7.7 connect-interface LoopBack0
#
ospf 1 router-id 1.1.1.1
area 0.0.0.0
network 172.16.0.2 0.0.0.0
network 172.16.0.9 0.0.0.0
network 1.1.1.1 0.0.0.0
network 172.16.1.1 0.0.0.0
#
route-policy fa permit node 10
if-match acl 2000
apply as-path 400 600
route-policy fk permit node 10
if-match as-path 1
route-policy fk permit node 20
#
snmp-agent
snmp-agent local-engineid 800063A203000FE2D06060
snmp-agent community read h3c-read
snmp-agent sys-info version v2c v3
snmp-agent target-host trap address udp-domain 192.168.200.1 params securityname h3c-read
undo snmp-agent trap enable voice dial
snmp-agent trap source LoopBack0
#
load xml-configuration
#
load tr069-configuration
#
user-interface tty 12
user-interface aux 0
user-interface vty 0 4
acl 2030 inbound
authentication-mode scheme
idle-timeout 0 0
protocol inbound telnet
#
return

R2配置

-----------------------------------------------------------

#
version 5.20, ESS 2207P45
#
sysname RT2
#
super password level 3 simple h3c
#
domain default enable system
#
telnet server enable
#
acl number 2000
rule 0 permit source 192.168.100.0 0.0.0.255
acl number 2030
rule 0 permit source 192.168.200.1 0
#
vlan 1
#
domain system
access-limit disable
state active
idle-cut disable
self-service-url disable
#
ike proposal 1
#
ike peer rt4
pre-shared-key simple h3c
remote-address 172.16.1.6
#
ipsec proposal 1
#
ipsec policy-template huawei 1
ike-peer rt4
proposal 1
#
ipsec policy h3c 1 isakmp template huawei
#
user-group system
group-attribute allow-guest
#
local-user rt2
password simple rt2
authorization-attribute level 2
service-type telnet
local-user useradmin
authorization-attribute level 2
#
wlan rrm
dot11b mandatory-rate 1 2
dot11b supported-rate 5.5 11
dot11g mandatory-rate 1 2 5.5 11
dot11g supported-rate 6 9 12 18 24 36 48 54
#
attack-defense policy 1
#
interface Aux0
async mode flow
link-protocol ppp
#
interface Cellular0/0
async mode protocol
link-protocol ppp
attack-defense apply policy 1
#
interface Ethernet0/0
port link-mode route
ip address 172.16.0.6 255.255.255.252
attack-defense apply policy 1
#
interface Ethernet0/1
port link-mode route
ip address 172.16.0.10 255.255.255.252
#
interface Ethernet0/2
port link-mode route
ip address 100.0.0.1 255.255.255.0
ipsec policy h3c
#
interface NULL0
#
interface LoopBack0
ip address 2.2.2.2 255.255.255.255
#
interface Ethernet0/3
port link-mode bridge
#
interface Ethernet0/4
port link-mode bridge
#
interface Tunnel1
ip address 172.16.1.5 255.255.255.252
source 100.0.0.1
destination 200.0.0.1
#
interface WLAN-Radio2/0
#
bgp 65000
undo synchronization
peer 1.1.1.1 as-number 65000
peer 172.16.1.6 as-number 65001
peer 6.6.6.6 as-number 65000
peer 7.7.7.7 as-number 65000
peer 1.1.1.1 connect-interface LoopBack0
peer 172.16.1.6 route-policy fk export
peer 172.16.1.6 route-policy fa import
peer 6.6.6.6 connect-interface LoopBack0
peer 7.7.7.7 connect-interface LoopBack0
#
ospf 1 router-id 2.2.2.2
area 0.0.0.0
network 2.2.2.2 0.0.0.0
network 172.16.0.6 0.0.0.0
network 172.16.0.10 0.0.0.0
network 172.16.1.5 0.0.0.0
#
route-policy fa permit node 10
if-match acl 2000
apply as-path 400 600
route-policy fk permit node 10
if-match as-path 1
route-policy fk permit node 20
#
ip route-static 0.0.0.0 0.0.0.0 100.0.0.2
#
snmp-agent
snmp-agent local-engineid 800063A203000FE2E62FC0
snmp-agent community read h3c-read
snmp-agent sys-info version v2c v3
snmp-agent target-host trap address udp-domain 192.168.200.1 params securityname h3c-read
undo snmp-agent trap enable voice dial
snmp-agent trap source LoopBack0
#
load xml-configuration
#
load tr069-configuration
#
user-interface tty 12
user-interface aux 0
user-interface vty 0 4
acl 2030 inbound
authentication-mode scheme
idle-timeout 0 0
protocol inbound telnet
#

R3配置

----------------------------------------------------------

#
sysname RT3
#
super password level 3 simple 123
#
domain default enable system
#
ip ttl-expires enable
ip unreachables enable
#
dar p2p signature-file flash:/p2p_default.mtd
#
port-security enable
#
acl number 2000
rule 0 permit source 192.168.20.0 0.0.0.255
acl number 2008
rule 0 deny source 0.0.0.0 0
rule 5 permit
#
vlan 1
#
domain system
access-limit disable
state active
idle-cut disable
self-service-url disable
#
user-group system
group-attribute allow-guest
#
local-user admin
password cipher .]@USE=B,53Q=^Q`MAF4<1!!
authorization-attribute level 3
service-type telnet
#
wlan rrm
dot11b mandatory-rate 1 2
dot11b supported-rate 5.5 11
dot11g mandatory-rate 1 2 5.5 11
dot11g supported-rate 6 9 12 18 24 36 48 54
#
cwmp
undo cwmp enable
#
bgp 65001
undo synchronization
peer 4.4.4.4 as-number 65001
peer 172.16.1.1 as-number 65000
peer 5.5.5.5 as-number 65001
peer 4.4.4.4 connect-interface LoopBack0
peer 172.16.1.1 filter-policy 2008 export
peer 172.16.1.1 route-policy fa import
peer 5.5.5.5 connect-interface LoopBack0
#
ospf 1 router-id 3.3.3.3
area 0.0.0.0
network 3.3.3.3 0.0.0.0
network 172.16.2.1 0.0.0.0
network 172.16.2.5 0.0.0.0
network 172.16.1.2 0.0.0.0
#
route-policy fa permit node 10
if-match acl 2000
apply as-path 400 600
#
#
voice-setup
#
sip
#
sip-server
#
call-rule-set
#
call-route
#
dial-program
default entity fax protocol standard-t38
default entity fax protocol standard-t38 hb-redundancy 0
default entity fax protocol standard-t38 lb-redundancy 0
#
aaa-client
#
gk-client
#
load xml-configuration
#
load tr069-configuration
#
user-interface tty 12
user-interface aux 0
user-interface vty 0 4
authentication-mode scheme
#
return

R4配置

--------------------------------------------------------

#
sysname RT4
#
ipsec cpu-backup enable
#
undo cryptoengine enable
#
domain default enable system
#
acl number 2000
rule 0 permit source 192.168.10.0 0.0.0.255
#
acl number 3000
rule 0 permit ip source 192.168.200.0 0.0.0.255 destination 192.168.20.0 0.0.0.255
acl number 3030
rule 0 permit ip source 192.168.20.0 0.0.0.255 destination 192.168.200.0 0.0.0.255
#
vlan 1
#
domain system
access-limit disable
state active
idle-cut disable
self-service-url disable
#
ike proposal 1
#
ike peer rt2
pre-shared-key simple h3c
remote-address 172.16.1.5
#
ipsec proposal 1
#
ipsec policy h3c 1 isakmp
security acl 3000
ike-peer rt2
proposal 1
#
traffic classifier oa operator and
if-match acl 3030
#
traffic behavior oa
queue af bandwidth pct 50
#
qos policy h3c
classifier oa behavior oa
#
local-user rt4
password simple h3c
#
bgp 65001
undo synchronization
peer 5.5.5.5 as-number 65001
peer 172.16.1.5 as-number 65000
peer 3.3.3.3 as-number 65001
peer 5.5.5.5 default-route-advertise
peer 5.5.5.5 connect-interface LoopBack0
peer 172.16.1.5 route-policy fa import
peer 3.3.3.3 default-route-advertise
peer 3.3.3.3 connect-interface LoopBack0
#
ospf 1 router-id 4.4.4.4
area 0.0.0.0
network 4.4.4.4 0.0.0.0
network 172.16.2.2 0.0.0.0
network 172.16.2.9 0.0.0.0
network 172.16.1.6 0.0.0.0
#
route-policy fa permit node 10
if-match acl 2000
apply as-path 400 600
#
ip route-static 0.0.0.0 0.0.0.0 200.0.0.2
#
user-interface con 0
user-interface aux 0
user-interface vty 0 4
#
return
R5配置

-------------------------------------------------------------------

#
sysname RT5
#
ipsec cpu-backup enable
#
undo cryptoengine enable
#
domain default enable system
#
acl number 2000
rule 0 permit source 192.168.20.0 0.0.0.255
acl number 2001
rule 0 permit source 192.168.10.0 0.0.0.255
#
acl number 3030
rule 5 permit ip source 192.168.200.0 0.0.0.255 destination 192.168.20.0 0.0.0.255
#
vlan 1
#
domain system
access-limit disable
state active
idle-cut disable
self-service-url disable
#
traffic classifier oa operator and
if-match acl 3030
#
traffic behavior oa
queue af bandwidth pct 50
#
qos policy h3c
classifier oa behavior oa
#
local-user rt5
password simple rt5
service-type ppp
#
bgp 65001
network 192.168.100.1 255.255.255.255
network 192.168.200.1 255.255.255.255
undo synchronization
peer 4.4.4.4 as-number 65001
peer 3.3.3.3 as-number 65001
peer 4.4.4.4 route-policy fk import
peer 4.4.4.4 connect-interface LoopBack0
peer 3.3.3.3 route-policy fk import
peer 3.3.3.3 connect-interface LoopBack0
#
ospf 1 router-id 5.5.5.5
area 0.0.0.0
network 5.5.5.5 0.0.0.0
network 172.16.2.6 0.0.0.0
network 172.16.2.10 0.0.0.0
#
route-policy fa permit node 10
if-match acl 2000
apply local-preference 400
route-policy fa permit node 20
route-policy fk permit node 10
if-match acl 2001
apply local-preference 400
route-policy fk permit node 20
#
user-interface con 0
user-interface aux 0
user-interface vty 0 4
#
return

SW1配置

-----------------------------------------------------------

#
sysname SW1
#
domain default enable system
#
burst-mode enable
#
undo ip http enable
#
password-recovery enable
#
vlan 1
#
vlan 10
#
vlan 20
#
vlan 30
#
domain system
access-limit disable
state active
idle-cut disable
self-service-url disable
#
user-group system
#
stp region-configuration
region-name h3c
instance 1 vlan 10
instance 2 vlan 20
active region-configuration
#
stp instance 0 root primary
stp enable
#
bgp 65000
network 192.168.10.0 route-policy fa
network 192.168.20.0
undo synchronization
peer 1.1.1.1 as-number 65000
peer 2.2.2.2 as-number 65000
peer 1.1.1.1 connect-interface LoopBack0
peer 2.2.2.2 connect-interface LoopBack0
#
ospf 1 router-id 6.6.6.6
area 0.0.0.0
network 6.6.6.6 0.0.0.0
network 172.16.0.1 0.0.0.0
#
route-policy fa permit node 10
if-match acl 2000
apply local-preference 400
#
user-interface aux 0
user-interface vty 0 4
#
return

SW2配置

-----------------------------------------------------------

#
sysname SW2
#
super password level 3 cipher $c$3$nbNypWi5fBQG/0cezZ0kQlLgfhZBVkx+anDhOHBaSwsLC8U=
#
domain default enable system
#
burst-mode enable
#
undo ip http enable
#
password-recovery enable
#
vlan 1
#
vlan 10
#
vlan 20
#
vlan 30
#
domain system
access-limit disable
state active
idle-cut disable
self-service-url disable
#
user-group system
#
stp region-configuration
region-name h3c
instance 1 vlan 10
instance 2 vlan 20
active region-configuration
#
stp instance 0 root secondary
stp enable
#
bgp 65000
network 192.168.10.0
network 192.168.20.0 route-policy fa
undo synchronization
peer 1.1.1.1 as-number 65000
peer 2.2.2.2 as-number 65000
peer 1.1.1.1 connect-interface LoopBack0
peer 2.2.2.2 connect-interface LoopBack0
#
ospf 1 router-id 7.7.7.7
area 0.0.0.0
network 7.7.7.7 0.0.0.0
network 172.16.0.5 0.0.0.0
#
route-policy fa permit node 10
if-match acl 2000
apply local-preference 400
#
user-interface aux 0
user privilege level 2
user-interface vty 0 4
#
return

SW3配置

--------------------------------------------------------

#
sysname SW3
#
super password level 3 cipher *\Y0``CC]'I.BI/aC,8H/Q!!
#
radius scheme system
#
domain system
#
stp bpdu-protection
stp enable
stp region-configuration
instance 1 vlan 10
instance 2 vlan 20
active region-configuration
#
vlan 1
#
vlan 10
#
vlan 20
#
user-interface aux 0
user privilege level 2
idle-timeout 0 0
user-interface vty 0 4
#
return

秒客网

BGP拓扑错误模拟配置

相关文章