职业院校技能大赛资料--网络排障（答案）.docx

计算机网络应用竞赛网络排障报告文件模板第一部分 故障排除报告注意：考生在进行故障排除的同时，需完成此报告，对相关的故障现象信息，故障原因分析和具体的排除故障操作进行详细的记录。1.1.1 故障现象列举及其分析、处理过程：表1-1 故障排除表项目描述故障一故障现象VRRP状态不正确；STP状态不正确故障分析在S2与S3的互连接口上配置了STP的根保护，导致端口处于DISCARDING状态。解决方案在S2与S3的互连接口（XG1/0/52）上去掉根保护原配置为：interface Ten-GigabitEthernet1/0/52stp root-protection直接将命令 stp root-protection删除即可。故障二故障现象R2与R4间PPP认证不通过，线路DOWN故障分析R4上的用户123456类型错误，且 service-type不是PPP解决方案在R4上将用户123456的 class从 manage改成network，且service-type改为PPP原配置为：local-user 123456 class manageservice-type ssh改为：local-user 123456 class networkservice-type ppp故障三故障现象R1、R2与R5间的IPSEC无法建立连接。故障分析R5上IPSEC中所引用的ACL配置错误，ACL上的反掩码应该是0.0.255.255，不是0.0.0.255解决方案修改ACL 3000中的反掩码。原配置为：acl advanced 3000 rule 10 permit ip source 172.40.0.0 0.0.0.255 destination 172.10.0.0 0.0.0.255 rule 20 permit ip source 172.40.0.0 0.0.0.255 destination 172.20.0.0 0.0.0.255改为：acl advanced 3000rule 10 permit ip source 172.40.0.0 0.0.0.255 destination 172.10.0.0 0.0.255.255 rule 20 permit ip source 172.40.0.0 0.0.0.255 destination 172.20.0.0 0.0.255.255故障四故障现象R2与R5间的IPSEC建立不起来。故障分析R5的接口 Serial3/0上未应用IPSEC POLICY，导致IPSEC无法被触发。解决方案在R5的接口 Serial3/0上应用已经配置好的IPSEC POLICY。即：interface Serial3/0ipsec apply policy H3C-2故障五故障现象S4上的OSPF中未配置禁止向接口发送协议报文，不符合试题要求。 故障分析未在OSPF中配置，导致不符合题意。解决方案在S4的OSPF中增加配置禁止向业务网段中发布OSPF协议报文即可。ospf 10 router-id 9.9.9.204silent-interface GigabitEthernet1/0/1故障六故障现象总部和分中心互相学习不到对方路由。故障分析R1和R2作为ASBR，在路由引入时，配置了错误的 route-policy，导致路由不能被引入到OSPF进程中。解决方案原 route-policy为：route-policy ospf2ospf deny node 10 if-match tag 10#route-policy ospf2ospf permit node 20if-match ip address acl 2001#route-policy ospf2ospf deny node 30改成：route-policy ospf2ospf deny node 10 if-match tag 10#route-policy ospf2ospf permit node 20故障七故障现象S1的接口 GigabitEthernet1/0/47的VLAN配置错误。故障分析S1的接口 GigabitEthernet1/0/47的VLAN配置错误，接口并没有允许VLAN 40通过。解决方案在S1上将原配置：interface GigabitEthernet1/0/47port trunk permit vlan 10 20 30 50改成：interface GigabitEthernet1/0/47port trunk permit vlan 10 20 30 40故障八故障现象办事处R5中到总部的所有业务路由（ 172.10.10.0/24、 172.10.20.0/24、 172.20.30.0/24、 172.20.40.0/24）的下一跳都是 Ser2/0，导致办事处到总部无法进行负载分担。故障分析总部发给办事处的路由中的MED值不合理，导致R5路由表不正确。解决方案在R2上将原配置：route-policy ospf2bgp permit node 10 if-match ip address acl 2002 apply cost 10#route-policy ospf2bgp permit node 20 if-match ip address acl 2003 apply cost 100更改为：route-policy ospf2bgp permit node 10 if-match ip address acl 2002 apply cost 100#route-policy ospf2bgp permit node 20 if-match ip address acl 2003 apply cost 10故障九故障现象交换机S2无法进行TELNET。故障分析进行TELNET时，发现无法通过认证，因无法查看密码，所以直接将密码修改。解决方案将用户000000的密码修改为000000：local-user 000000 class managepassword simple 000000故障十故障现象总部内VLAN30、40的数据流会通过R1到达办事处，造成次优路径及来回路径不一致。故障分析由于R2所配置的OSPF外部路由优先级为5，大于BGP路由，导致R2学习到错误的下一跳。解决方案在R2上的OSPF 10视图下将优先级命令删除即可。undo preference ospf ase第二部分 设备配置结果注意：考生在进行故障排除后，需将设备上的最终配置文件拷贝到下面，以作为故障是否排除完成的重要依据。第1章 第2章 2.1.1 路由器R1配置请在下面插入路由器R1配置。配置要求从display current-configuration输出内容后开始，至“return”结束。# version 7.1.059, Alpha 7159# sysname R1#ospf 10 router-id 9.9.9.1 import-route ospf 20 cost 10 tag 10 route-policy ospf2ospf import-route bgp tag 10 area 0.0.0.0 network 9.9.9.1 0.0.0.0 network 10.0.0.4 0.0.0.3 network 10.0.0.12 0.0.0.3 network 10.0.0.36 0.0.0.3#ospf 20 router-id 9.9.9.1 import-route ospf 10 cost 10 tag 10 route-policy ospf2ospf import-route bgp tag 10 area 0.0.0.0 network 10.0.0.16 0.0.0.3# system-working-mode standard xbar load-single password-recovery enable lpu-type f-series#vlan 1#interface Serial1/0 ppp authentication-mode chap ppp chap password cipher $c$3$Q/VfxwoA/0+KZOI6MqwK8L82AaL304fhnQ= ppp chap user 123456 ppp mp MP-group0#interface Serial2/0 ppp authentication-mode chap ppp chap password cipher $c$3$Xcx9h6dol6+GkbJLf1cp5Opg6zHHO6NE0A= ppp chap user 123456 ppp mp MP-group0#interface Serial3/0 ppp authentication-mode chap ppp chap password cipher $c$3$Xcx9h6dol6+GkbJLf1cp5Opg6zHHO6NE0A= ppp chap user 123456 ip address 10.0.0.37 255.255.255.252 ipsec apply policy H3C#interface Serial4/0#interface MP-group0 bandwidth 4000 ip address 10.0.0.17 255.255.255.252#interface NULL0#interface LoopBack0 ip address 9.9.9.1 255.255.255.255#interface GigabitEthernet0/0 port link-mode route combo enable copper ip address 10.0.0.13 255.255.255.252#interface GigabitEthernet0/1 port link-mode route combo enable copper ip address 10.0.0.6 255.255.255.252#interface GigabitEthernet0/2 port link-mode route combo enable copper#interface GigabitEthernet5/0 port link-mode route combo enable copper#interface GigabitEthernet5/1 port link-mode route combo enable copper#interface GigabitEthernet6/0 port link-mode route combo enable copper#interface GigabitEthernet6/1 port link-mode route combo enable copper#bgp 100 router-id 9.9.9.1 peer 10.0.0.14 as-number 100 peer 10.0.0.14 connect-interface GigabitEthernet0/0 peer 10.0.0.38 as-number 200 peer 10.0.0.38 connect-interface Serial3/0 # address-family ipv4 unicast import-route direct import-route ospf 10 import-route ospf 20 peer 10.0.0.14 enable peer 10.0.0.38 enable peer 10.0.0.38 route-policy ospf2bgp export#route-policy ospf2bgp permit node 10 if-match ip address acl 2002 apply cost 10#route-policy ospf2bgp permit node 20 if-match ip address acl 2003 apply cost 100#route-policy ospf2ospf deny node 10 if-match tag 10#route-policy ospf2ospf permit node 20# scheduler logfile size 16#line class aux user-role network-admin#line class tty user-role network-operator#line class vty user-role network-operator#line aux 0 user-role network-admin#line vty 0 63 user-role network-operator# ssh server enable ssh user admin service-type stelnet authentication-type password ssh server acl 2000#acl basic 2000 rule 10 permit source 172.10.10.0 0.0.0.255#acl basic 2002 rule 0 permit source 172.10.0.0 0.0.255.255#acl basic 2003 rule 0 permit source 172.20.0.0 0.0.255.255#acl advanced 3000 rule 10 permit ip source 172.10.0.0 0.0.255.255 destination 172.40.0.0 0.0.0.255 rule 20 permit ip source 172.20.0.0 0.0.255.255 destination 172.40.0.0 0.0.0.255#domain system# domain default enable system#role name level-0 description Predefined level-0 role#role name level-1 description Predefined level-1 role#role name level-2 description Predefined level-2 role#role name level-3 description Predefined level-3 role#role name level-4 description Predefined level-4 role#role name level-5 description Predefined level-5 role#role name level-6 description Predefined level-6 role#role name level-7 description Predefined level-7 role#role name level-8 description Predefined level-8 role#role name level-9 description Predefined level-9 role#role name level-10 description Predefined level-10 role#role name level-11 description Predefined level-11 role#role name level-12 description Predefined level-12 role#role name level-13 description Predefined level-13 role#role name level-14 description Predefined level-14 role#user-group system#local-user admin class manage password hash $h$6$mtnUK+DvhXRJ1Rbo$fCTdPOI3W+P1JI6fVKNalWw0ia9gBY9ooYJFnbHO7ogKK66nz0JUYfFHCpMDx2Qe8L/ndtZUJDRSJmavVdqDiw= service-type ssh authorization-attribute user-role network-admin authorization-attribute user-role network-operator#local-user 123456 class network password cipher $c$3$i2agKiud4+7ZpCdVIJC6NtZfcTrMKwDFyw= service-type ppp authorization-attribute user-role network-operator#ipsec transform-set H3C protocol ah-esp esp encryption-algorithm 3des-cbc esp authentication-algorithm md5 ah authentication-algorithm md5#ipsec policy-template H3C 10 transform-set H3C security acl 3000 ike-profile H3C#ipsec policy H3C 10 isakmp template H3C#ike profile H3C keychain H3C local-identity address 10.0.0.37 match remote identity address 0.0.0.0 0.0.0.0#ike keychain H3C pre-shared-key address 0.0.0.0 0.0.0.0 key cipher $c$3$GlCgrZwoNic7/3XlXdutvJG76lYRG50s4w=#return2.1.2 路由器R2配置请在下面插入路由器R2配置。配置要求从display current-configuration输出内容后开始，至“return”结束。# version 7.1.059, Alpha 7159# sysname R2#ospf 10 router-id 9.9.9.2 import-route ospf 20 cost 100 tag 10 route-policy ospf2ospf import-route bgp tag 10area 0.0.0.0 network 9.9.9.2 0.0.0.0 network 10.0.0.8 0.0.0.3 network 10.0.0.12 0.0.0.3 network 10.0.0.40 0.0.0.3#ospf 20 router-id 9.9.9.2 import-route ospf 10 cost 100 tag 10 route-policy ospf2ospf import-route bgp tag 10 area 0.0.0.0 network 10.0.0.20 0.0.0.3# system-working-mode standard xbar load-single password-recovery enable lpu-type f-series#vlan 1#interface Serial1/0 ppp authentication-mode chap ppp chap password cipher $c$3$Nm5xPLk/Av50TCVg1YiGbXrBPJudYHD1Pw= ppp chap user 123456 ppp mp MP-group0#interface Serial2/0 ppp authentication-mode chap ppp chap password cipher $c$3$Nm5xPLk/Av50TCVg1YiGbXrBPJudYHD1Pw= ppp chap user 123456 ppp mp MP-group0#interface Serial3/0 ppp authentication-mode chap ppp chap password cipher $c$3$u0ki8vUuv1WfivJScMuSibak4TM8YkUoOg= ppp chap user 123456 ip address 10.0.0.41 255.255.255.252 ipsec apply policy H3C#interface Serial4/0#interface MP-group0 bandwidth 256 ip address 10.0.0.21 255.255.255.252#interface NULL0#interface LoopBack0 ip address 9.9.9.2 255.255.255.255#interface GigabitEthernet0/0 port link-mode route combo enable copper ip address 10.0.0.14 255.255.255.252 ospf cost 5#interface GigabitEthernet0/1 port link-mode route combo enable copper ip address 10.0.0.10 255.255.255.252#interface GigabitEthernet0/2 port link-mode route combo enable copper#interface GigabitEthernet5/0 port link-mode route combo enable copper#interface GigabitEthernet5/1 port link-mode route combo enable copper#interface GigabitEthernet6/0 port link-mode route combo enable copper#interface GigabitEthernet6/1 port link-mode route combo enable copper#bgp 100 router-id 9.9.9.2 peer 10.0.0.13 as-number 100 peer 10.0.0.13 connect-interface GigabitEthernet0/0 peer 10.0.0.42 as-number 200 peer 10.0.0.42 connect-interface Serial3/0 # address-family ipv4 unicast preference 3 3 3 import-route direct import-route ospf 10 import-route ospf 20 peer 10.0.0.13 enable peer 10.0.0.42 enable peer 10.0.0.42 route-policy ospf2bgp export#route-policy ospf2bgp permit node 10 if-match ip address acl 2002 apply cost 100#route-policy ospf2bgp permit node 20 if-match ip address acl 2003 apply cost 10#route-policy ospf2ospf deny node 10 if-match tag 10#route-policy ospf2ospf permit node 20# scheduler logfile size 16#line class aux user-role network-admin#line class tty user-role network-operator#line class vty user-role network-operator#line aux 0 user-role network-admin#line vty 0 63 authentication-mode scheme user-role network-operator# ssh server enable ssh user admin service-type stelnet authentication-type password ssh server acl 2000#acl basic 2000 rule 10 permit source 172.10.10.0 0.0.0.255#acl basic 2002 rule 0 permit source 172.10.0.0 0.0.255.255#acl basic 2003 rule 0 permit source 172.20.0.0 0.0.255.255#acl advanced 3000 rule 10 permit ip source 172.10.0.0 0.0.255.255 destination 172.40.0.0 0.0.0.255 rule 20 permit ip source 172.20.0.0 0.0.255.255 destination 172.40.0.0 0.0.0.255#domain system# domain default enable system#role name level-0 description Predefined level-0 role#role name level-1 description Predefined level-1 role#role name level-2 description Predefined level-2 role#role name level-3 description Predefined level-3 role#role name level-4 description Predefined level-4 role#role name level-5 description Predefined level-5 role#role name level-6 description Predefined level-6 role#role name level-7 description Predefined level-7 role#role name level-8 description Predefined level-8 role#role name level-9 description Predefined level-9 role#role name level-10 description Predefined level-10 role#role name level-11 description Predefined level-11 role#role name level-12 description Predefined level-12 role#role name level-13 description Predefined level-13 role#role name level-14 description Predefined level-14 role#user-group system#local-user 123456 class manage authorization-attribute user-role network-operator#local-user admin class manage password hash $h$6$nyCjEvRI0vOKslKE$5gRZi2QPgLmS1Fz1FNd548Pf1YmDIjI0eyI4GKsw29n92GfJKW+cB+JsaR0GF+4VR5eNSXFUeu0Kj6z4IAHaTg= service-type ssh authorization-attribute user-role network-admin authorization-attribute user-role network-operator#local-user 123456 class network password cipher $c$3$/hMTHzBq1Dxgd1zH7/HHUThgtn7vVvqs8Q= service-type ppp authorization-attribute user-role network-operator#ipsec transform-set H3C protocol ah-esp esp encryption-algorithm 3des-cbc esp authentication-algorithm md5 ah authentication-algorithm md5#ipsec policy-template H3C 10 transform-set H3C security acl 3000 ike-profile H3C#ipsec policy H3C 10 isakmp template H3C#ike profile H3C keychain H3C local-identity address 10.0.0.41 match remote identity address 0.0.0.0 0.0.0.0#ike keychain H3C pre-shared-key address 0.0.0.0 0.0.0.0 key cipher $c$3$GlCgrZwoNic7/3XlXdutvJG76lYRG50s4w=#return2.1.3 路由器R3配置请在下面插入路由器R3配置。配置要求从display current-configuration输出内容后开始，至“return”结束。# version 7.1.059, Alpha 7159# sysname R3#ospf 10 router-id 9.9.9.3 area 0.0.0.0 network 9.9.9.3 0.0.0.0 network 10.0.0.16 0.0.0.3 network 10.0.0.24 0.0.0.3 network 10.0.0.28 0.0.0.3# system-working-mode standard xbar load-single password-recovery enable lpu-type f-series#vlan 1#interface Serial1/0 ppp authentication-mode chap ppp chap password cipher $c$3$61jktbTRVisi32Rcn86uStxG6fWFSvO0sQ= ppp chap user 123456 ppp mp MP-group0#interface Serial2/0 ppp authentication-mode chap ppp chap password cipher $c$3$61jktbTRVisi32Rcn86uStxG6fWFSvO0sQ= ppp chap user 123456 ppp mp MP-group0#interface Serial3/0#interface Serial4/0#interface MP-group0 bandwidth 4000 ip address 10.0.0.18 255.255.255.252#interface NULL0#interface LoopBack0 ip address 9.9.9.3 255.255.255.255#interface GigabitEthernet0/0 port link-mode route combo enable copper ip address 10.0.0.25 255.255.255.252 ospf cost 5#interface GigabitEthernet0/1 port link-mode route combo enable copper ip address 10.0.0.29 255.255.255.252#interface GigabitEthernet0/2 port link-mode route combo enable copper#interface GigabitEthernet5/0 port link-mode route combo enable copper#interface GigabitEthernet5/1 port link-mode route combo enable copper#interface GigabitEthernet6/0 port link-mode route combo enable copper#interface GigabitEthernet6/1 port link-mode route combo enable copper# scheduler logfile size 16#line class aux user-role network-admin#line class tty user-role network-operator#line class vty user-role network-operator#line aux 0 user-role network-admin#line vty 0 63 authentication-mode scheme user-role network-operator# ssh server enable ssh user admin service-type stelnet authentication-type password ssh server acl 2000#acl basic 2000 rule 10 permit source 172.10.10.0 0.0.0.255#domain system# domain default enable system#role name level-0 description Predefined level-0 role#role name level-1 description Predefined level-1 role#role name level-2 description Predefined level-2 role#role name level-3 description Predefined level-3 role#role name level-4 description Predefined level-4 role#role name level-5 description Predefined level-5 role#role name level-6 description Predefined level-6 role#role name level-7 description Predefined level-7 role#role name level-8 description Predefined level-8 role#role name level-9 description Predefined level-9 role#role name level-10 description Predefined level-10 role#role name level-11 description Predefined level-11 role#role name level-12 description Predefined level-12 role#role name level-13 description Predefined level-13 role#role name level-14 description Predefined level-14 role#user-group system#local-user admin class manage password hash $h$6$Ig2mjRCQaxm15GAe$1yFhc5P98w8IoKGNY5yEIZ7QfkkcVQFS0wYSTUob9uzzO5rP8szd666MWMqh7p2agSxQEtNoP LsI0hb01j3t3w= service-type ssh authorization-attribute user-role network-admin authorization-attribute user-role network-operator#local-user 123456 class network password cipher $c$3$VpVhMMv46UC95pedpbZ9zjEG3nLcBDS2qw= service-type ppp authorization-attribute user-role network-operator#return2.1.4 路由器R4配置请在下面插入路由器R4配置。配置要求从display current-configuration输出内容后开始，至“return”结束。# version 7.1.059, Alpha 7159# sysname R4#ospf 10 router-id 9.9.9.4 area 0.0.0.0 network 9.9.9.4 0.0.0.0 network 10.0.0.20 0.0.0.3 network 10.0.0.24 0.0.0.3 network 10.0.0.32 0.0.0.3# system-working-mode standard xbar load-single password-recovery enable lpu-type f-series#vlan 1#interface Serial1/0 ppp au