HCIE-RS3.0-LAB1-OptionC1考题考试认证

HCIE-R&S-v3.0-LAB题库题目需求一、考试说明HCIE-R&S-v3.0版本所有题目都在模拟器上完成，无需连接真实机架。（模拟器版本\heNSPV100R003C00）二、考试要求不要删除或添加端口，严格按照拓扑完成题目需求。三、考试题目1、（16）链路聚合（21.S1和S2之间配置链路聚合，使用手动负载分担模式，基于源目MAC地址负载分担。（2分）解法：分别在S1,S2上配置Eth-Trunk。S1配置如下：interfaceEth-Trunk12modemanualload-balanceload-balancesrc-dst-mactrunkportGigabitEthernet0/0/230/0/24S2intEth-Trunk12modemanualload-balanceload-balancesrc-dst-mactrunkportGigabitEthernet0/0/230/0/24Link-type（7S1、S2S3S4VLAN1外的所有VLAN（3）解法：在S1,S2,S3,S4上分别创建vlan10,vlan20,配置交换机之间的链路为Trunk，并放行除VLAN1之外的VLAN通过。S1配置如下：vlanbatch1020interfaceGigabitEthernet0/0/1portlink-typetrunkporttrunkallow-passvlanallundoporttrunkallow-passvlan1interfaceGigabitEthernet0/0/2portlink-typetrunkporttrunkallow-passvlanallundoporttrunkallow-passvlan1interfaceGigabitEthernet0/0/12portlink-typetrunkporttrunkallow-passvlanallundoporttrunkallow-passvlan1interfaceeth-trunk12portlink-typetrunkporttrunkallow-passvlanallundoporttrunkallow-passvlan1S2配置如下：vlanbatch1020interfaceGigabitEthernet0/0/1portlink-typetrunkporttrunkallow-passvlanallundoporttrunkallow-passvlan1interfaceGigabitEthernet0/0/2portlink-typetrunkporttrunkallow-passvlanallundoporttrunkallow-passvlan1interfaceGigabitEthernet0/0/12portlink-typetrunkporttrunkallow-passvlanallundoporttrunkallow-passvlan1interfaceeth-trunk12portlink-typetrunkporttrunkallow-passvlanallundoporttrunkallow-passvlan1S3配置如下：vlanbatch1020interfaceGigabitEthernet0/0/1portlink-typetrunkporttrunkallow-passvlanallundoporttrunkallow-passvlan1interfaceGigabitEthernet0/0/2portlink-typetrunkporttrunkallow-passvlanallundoporttrunkallow-passvlan1interfaceEthernet0/0/1portlink-typeaccessportdefaultvlan10S4配置如下：vlanbatch1020interfaceGigabitEthernet0/0/1portlink-typetrunkporttrunkallow-passvlanallundoporttrunkallow-passvlan1interfaceGigabitEthernet0/0/2portlink-typetrunkporttrunkallow-passvlanallundoporttrunkallow-passvlan1interfaceEthernet0/0/1portlink-typeaccessportdefaultvlan20CE1、CE2的VRRPIP54，为PC1CE1SenderIP54MAC00-00-5E-00-01-01ARP。PC1VLAN10（PC1untag。CE1、CE2VRRPIP54Server1CE2SenderIP54MAC00-00-5E-00-01-02ARP。Server1与网关之间的数据包封装在VLAN20（Server1untag。VRRPmaster设备重启时，在G0/0/2up1master（4解法：在CE1的G0/0/2.10和G0/0/2.20接口上配置VRRP协议，接口地址已经预配。interfaceGigabitEthernet0/0/2.10vrrpvrid1virtual-ip54vrrpvrid1priority120vrrpvrid1preempt-modetimerdelay60arpbroadcastenableinterfaceGigabitEthernet0/0/2.20vrrpvrid2virtual-ip54arpbroadcastenableCE2G0/0/2.10G0/0/2.20接口上配置VRRPinterfaceGigabitEthernet0/0/2.10vrrpvrid1virtual-ip54arpbroadcastenableinterfaceGigabitEthernet0/0/2.20vrrpvrid2virtual-ip54vrrpvrid2priority120vrrpvrid2preempt-modetimerdelay60arpbroadcastenable使用disvrrp查看CE1和CE2上VRRP备份组状态，CE1为vrid1的Master，vrid2的Backup，CE2为vrid2的Master,vrid1的Backup。如果不是请完成MSTP配置后再次查看，如果还不是，请查看Trunk接口是否配置有误。MSTP（5）S1、S2S3S4MSTPVLAN10在Instance10，S1PrimaryRoot，S2Secondary。VLAN20在Instance20，S2PrimaryRoot，S1SecondaryMSTP的regionname是12（3MSTPDisabled会直接转到Forwarding（2）解法：分别在S1,S2,S3,S4上配置MSTP，配置如下：stpregion-configurationregion-nameHUAWEIrevision-level12instance10vlan10instance20vlan20activeregion-configuration在S1上配置Instance10和Instance20的根桥和备份根桥。stpinstance10rootprimarystpinstance20rootsecondary在S2上配置Instance10和Instance20的根桥和备份根桥。stpinstance10rootsecondarystpinstance20rootprimary在S3,S4上分别以下命令查看MSTP实例端口角色是否正确，S3的G0/0/1是Instance10的RP,是Instance20的AP,G0/0/2是Instance10的AP,是Instance20的RP,S4的G0/0/1是Instance10的AP，Instance20的RP，G0/0/2是Instance10的RP，Instance20的AP。[S3]disstpinstance10briefMSTIDPort RoleSTPStateProtection10GigabitEthernet0/0/1 ROOTFORWARDING NONE10GigabitEthernet0/0/2 ALTEDISCARDING NONE[S3]disstpinstance20briefMSTIDPort RoleSTPStateProtection20GigabitEthernet0/0/1ALTEDISCARDINGNONE20GigabitEthernet0/0/2ROOTFORWARDINGNONE[S4]disstpinstance10briefMSTIDPortRoleSTPStateProtection10GigabitEthernet0/0/1ALTEDISCARDINGNONE10GigabitEthernet0/0/2ROOTFORWARDINGNONE[S4]disstpinstance20briefMSTIDPortRoleSTPStateProtection20GigabitEthernet0/0/1ROOTFORWARDINGNONE20GigabitEthernet0/0/2ALTEDISCARDINGNONE分别在S1,S2,S3,S4配置边缘端口。[S1]stpedged-portdefault[S2]stpedged-portdefault[S3]stpedged-portdefault[S4]stpedged-portdefault分别在S1,S2的Trunk接口配置非边缘端口。interfaceEth-Trunk12stpedged-portdisableinterfaceGigabitEthernet0/0/1stpedged-portdisableinterfaceGigabitEthernet0/0/12stpedged-portdisable分别在S3,S4的Trunk接口配置非边缘端口。interfaceGigabitEthernet0/0/1stpedged-portdisableinterfaceGigabitEthernet0/0/2stpedged-portdisable）PE1—RR1SerialIpv4Ipv615（1解法：在PE1上配置IP-Trunk，并配置IPv4和IPv6地址。ints0/0/0link-protocolhdlcyints0/0/1link-protocolhdlcyinterfaceIp-Trunk1trunkportSerial0/0/00/0/1ipaddressipv6enableipv6address2000:EAD8:99EF:CC3E:B2AD:9EFF:32DD:1300127在RR1上配置IP-Trunk，并配置IPv4和IPv6地址。ints0/0/0link-protocolhdlcyints0/0/1link-protocolhdlcyinterfaceIp-Trunk1trunkportSerial0/0/00/0/1ipaddressipv6enableipv6address2000:EAD8:99EF:CC3E:B2AD:9EFF:32DD:1301127PE3—CE3的互连POSPPPIpv41（1）解法：在PE3上配置MP-Group接口，并配置IPv4地址。interfaceMp-group0/0/1ipaddress30intPos4/0/0pppmpMp-group0/0/1intPos6/0/0pppmpmp-group0/0/1在CE3上配置MP-Group接口，并配置IPv4地址。interfaceMp-group0/0/1ipaddress30intPos4/0/0pppmpMp-group0/0/1intPos6/0/0pppmpmp-group0/0/12、Ipv4IGP（18分）基本配置所有设备的接口Ipv41（PE1—RR1）Loopback0Ipv4MPLSLoopback0/1632MPLSLoopback0/161/32AS100AS200。OSPF（6）CE1CE2Loopback0OSPF0（）CE1GE0/0/2.10GE0/0/2.20，CE2GE0/0/2.10GE0/0/2.20OSPF0OSPF（2）解法：在CE1上配置将接口加入到OSPFospf1router-idsilent-interfaceGigabitEthernet0/0/2.10silent-interfaceGigabitEthernet0/0/2.20areanetworknetwork在CE2上配置将接口加入到OSPF协议中：ospf1route-idsilent-interfaceGigabitEthernet0/0/2.10silent-interfaceGigabitEthernet0/0/2.20areanetworknetworkRR2、P2、PE3、PE4在OSPF区域0中，cost如图2配置。（已预配置）PE3—PE4的OSPFP2P（1解法：分别在PE3和PE4的G0/0/0接口配置OSPF链路为P2P。interfaceGigabitEthernet0/0/0ospfnetwork-typep2pPE4Loopback0OSPFAS200中，各OSPFPE4Loopback0的路由，要包含内部cost（3）解法：在PE4上引入Loopback0接口的直连路由，由于route-policy不支持匹配Loopback接口，使用前缀列表来匹配loopback0接口的路由。ipip-prefix1index10permit32greater-equal32less-equal32route-policyimportpermitnode10if-matchip-prefix1ospf1import-routedirecttype1route-policyimport注意：P2PE4loopback0LDPP2Loopback0ISISP2PE4LDPRR2PE3ISIS（12）A10内opa0SP1P29011112490；ASBR1ASBR249.0002System-ID2（除PE1—RR1（1解法：分别在PE1和RR1之间的逻辑接口启用ISIS协议，并设置链路的开销。interfaceIp-Trunk1isisenable1isiscost1500RR2—P2ISISP2P（1解法：分别在RR2-P2的G0/0/0接口配置链路类型为P2P。interfaceGigabitEthernet0/0/0isiscircuit-typep2p为了保证后续MPLSVPN中AS100公网LSP的可达，在RR1和P1上做/16主机路由L2向L1路由的泄漏。RR1上配置路由泄漏。ipip-prefix1index10permit16greater-equal32less-equal32isis1import-routeisislevel-2intolevel-1filter-policyip-prefix1P1上配置路由泄漏ipip-prefix1index10permit16greater-equal32less-equal32isis1import-routeisislevel-2intolevel-1filter-policyip-prefix1RR2P2和OSPF/16cost和PE4Loopback0（8解法：为了将ISIS协议引入OSPF后能继承cost，在RR2和P2上的OSPF进程下先执行如下命令：ospf1defaultcostinherit-metric在RR2上将OSPF的路由引入到ISIS协议，添加Tag为100，并拒绝引入Tag为300的OSPF路由，即从P2上引入到OSPF的路由。ipip-prefix32index10permit16greater-equal32less-equal32route-policyotidenynode10if-matchtag300route-policyotipermitnode20if-matchip-prefix32applytag100isis1import-routeospf1inherit-costroute-policyotiP2ISIS的路由引入到OSPF300100的ISISRR2上引入到ISISipip-prefix32index10permit16greater-equal32less-equalroute-policyitodenynode10if-matchtag100route-policyitopermitnode20if-matchip-prefix32applytag300ospf1importisis1type1route-policyito在RR2上将Tag为300的OSPF路由优先级配置为150，即从P2上引入到OSPF协议中的ISIS路由。route-policyprepermitnode10if-matchtag300applypreference150ospf1preferenceaseroute-policypre10在P2上将OSPF的路由引入到ISIS协议，添加Tag为200，并拒绝引入Tag为400的OSPF路由，即从RR2上引入到OSPF的路由。route-policyotidenynode10if-matchtag400route-policyotipermitnode20if-matchip-prefix32applytag200isis1import-routeospf1inherit-costroute-policyoti在RR2上将ISIS的路由引入到OSPF协议，添加Tag为400，并拒绝引入Tag为200的ISIS路由，即从P2上引入到ISIS的路由。route-policyitodenynode10if-matchtag200route-policyitopermitnode20if-matchip-prefix32applytag400ospf1importisis1type1route-policyito在P2上将Tag为400的OSPF路由优先级配置为150，即从RR2上引入到OSPF协议中的ISIS路由。route-policyprepermitnode10if-matchtag400applypreference150ospf1preferenceaseroute-policypre10P1ISISLSP1s50ms50msLSPSPF1s，初100ms100ms（2）解法：在P1上配置LSP的优化isis1timerlsp-generation15050timerspf1100100flash-flood3、MPLSVPN（35分）CE1、CE2为VPN1Hub-CE，PE1、PE2Hub-PE；CE3、CE4为VPN1SpokePE3PE4Spoke-PE。CE4Multi-VPN-instanceCE，CE4的VPNVPN1GE0/0/1PE4。解法：在CE4上创建VPN实例VPN1，其中RD为100:14,将所有直连接口都绑定到该实例中。ipvpn-instanceVPN1route-distinguisher100:14interfaceGigabitEthernet0/0/1ipbindingvpn-instanceVPN1ipaddress52interfaceLoopBack0ipbindingvpn-instanceVPN1ipaddress55interfaceLoopBack1ipbindingvpn-instanceVPN1ipaddress55VPN1SpokeHub-CE当CE1—PE1PE1CE1P3上V1的D为03，xprtT为101，IprtT为01（2分）解法：分别在PE1，PE2上创建2个VPN实例，其中VPN1_IN用于接收Spoke站点的路由，VPN1_OUT用于发送路由。VPN1_ING0/0/0.1RD100:10,Import100:1，VPN1_OUTG0/0/1.2RD100:12，Export200:1。PE1ipvpn-instanceVPN1_INroute-distinguisher100:10vpn-target100:1import-extcommunityvpn-target400:1import-extcommunityipvpn-instanceVPN1_OUTroute-distinguisher100:12vpn-target200:1export-extcommunityvpn-target300:1import-extcommunityinterfaceGigabitEthernet0/0/1.1ipbindingvpn-instanceVPN1_INipaddress52arpbroadcastenableinterfaceGigabitEthernet0/0/1.2ipbindingvpn-instanceVPN1_OUTipaddress52arpbroadcastenable在PE1上配置与CE1的EBGP邻居关系。bgp100ipv4-familyvpn-instanceVPN1_INpeeras-number65000ipv4-familyvpn-instanceVPN1_OUTpeeras-number65000在CE1上配置与PE1的EBGP邻居关系,在CE1的子接口开启arp广播功能。interfaceGigabitEthernet0/0/1.1arpbroadcastenableinterfaceGigabitEthernet0/0/1.2arpbroadcastenablebgp65000peeras-number100peeras-number100PE2配置如下：ipvpn-instanceVPN1_INroute-distinguisher100:11vpn-target100:1import-extcommunityvpn-target400:1export-extcommunityipvpn-instanceVPN1_OUTroute-distinguisher100:15vpn-target200:1export-extcommunityvpn-target300:1export-extcommunityinterfaceGigabitEthernet0/0/1.1ipbindingvpn-instanceVPN1_INipaddress52arpbroadcastenableinterfaceGigabitEthernet0/0/1.2ipbindingvpn-instanceVPN1_OUTipaddress52arpbroadcastenable在PE2上配置与CE2的EBGP邻居关系。bgp100ipv4-familyvpn-instanceVPN1_INpeeras-number65000ipv4-familyvpn-instanceVPN1_OUTpeeras-number65000在CE2上配置与PE2的EBGP邻居关系interfaceGigabitEthernet0/0/1.1arpbroadcastenableinterfaceGigabitEthernet0/0/1.2arpbroadcastenablebgp65000peeras-number100peeras-number100如图4，CE1GE0/0/1.1和GE0/0/1.2EBGPPE1。CE1GE0/0/0.2，向PE1BGPupdate200CE1OSPFBGP（2）解法：在CE1将OSPF路由引入到BGP中,为了避免PE1访问CE2的Loopback0的路由走MPLSVPN网络，引入时MED配置为0。bgp65000import-routeospf1med0在PE1上为了保证CE1传递的路由正常被PE1接收，针对CE1传递的路由关闭EBGP路由AS-PATH防环检测功能。bgp100ipv4-familyvpn-instanceVPN1_OUTpeerallow-as-loopCE2GE0/0/1.1GE0/0/1.2EBGPPE2CE2PE2BGPAS-Path200CE2OSPFBGP（2解法：在CE2上将OSPF路由引入到BGP中，为了避免PE2访问CE1的Loopback0的路由走MPLSVPN网络，引入时MED配置为0。bgp65000import-routeospf1med0在PE2上为了保证CE2传递的路由正常被PE2接收，针对CE2传递的路由关闭EBGP路由AS-PATH防环检测功能。bgp100ipv4-familyvpn-instanceVPN1_OUTpeerallow-as-loopCE3OSPF1PE3PE3—CE3CE3CE4OSPF0PE4PE4—CE4的GE0/0/1接口互通，通告CE4（2）解法：在PE3上创建VPN实例VPN1，绑定Mp-group0/0/1口，RD为100:13,ExportRT为100:1,ImportRT为200:1.ipvpn-instanceVPN1route-distinguisher100:13vpn-target100:1export-extcommunityvpn-target200:1import-extcommunityinterfaceMp-group0/0/1ipbindingvpn-instanceVPN1ipaddress52配置PE3上VPN1的OSPF协议。ospf2vpn-instanceVPN1areanetwork配置CE3上的OSPF协议。ospf2areanetworknetworknetwork在PE4上配置VPN实例VPN1，RD为100:14,ExportRT为100:1,ImportRT为200:1，绑定G0/0/1接口，并配置OSPF协议。ipvpn-instanceVPN1route-distinguisher100:14vpn-target100:1export-extcommunityvpn-target200:1import-extcommunityinterfaceGigabitEthernet0/0/1ipbindingvpn-instanceVPN1ipaddress52ospf2vpn-instanceVPN1areanetwork配置CE4上的OSPF协议ospf2vpn-instanceVPN1vpn-instance-capabilitysimpleareanetworknetworknetwork4AS100、AS200IBGPIpv4RR1PE1、、P1ASBR1ASBR2RR2PE4、P2ASBR3、ASBR4ASBR1—ASBR3、ASBR2—ASBR4EBGPIpv4（）ASBR上，将ISISLoopback0（2解法：分别在ASBR1,ASBR2上将ISIS协议中Loopback0路由引入到BGP协议中，命令如下:ipip-prefixisisindex10permit16greater-equal32less-equal32route-policyimport_bgppermitnode10if-matchip-prefixisisbgp100import-routeisis1route-policyimport_bgp分别在ASBR3,ASBR4上将ISIS协议中Loopback0路由引入到BGP协议中，命令如下:ipip-prefixisisindex10permit16greater-equal32less-equal32route-policyimport_bgppermitnode10if-matchip-prefixisisbgp200import-routeisis1route-policyimport_bgp3，AS100、AS200内各网元配置MPLSLSR-IDMPLS，MPLSLDP（。AS100AS200内各直连链路建立LDP（除PE1—RR1（1解法：分别在PE1和RR1互联逻辑接口启用MPLS以及LDP协议，配置如下：interfaceIp-Trunk1mplsmplsldp4，各站点通过MPLSBGPVPNOptionCMPLS（15）解法：在AS100、AS200内建立MP-IBGPIPv4邻居关系，RR1是PE1、PE2、P1、ASBR1、ASBR2的反射器。在RR1上配置和客户机传递标签IPv4路由的能力,RR1分别和PE1,PE2，P1,ASBR1,ASBR2做为客户机激活VPNv4邻居关系,并传递VPNv4路由时保持下一跳不变。(要求这样做)bgp100peerlabel-route-capabilitypeerlabel-route-capabilitypeerlabel-route-capabilitypeerlabel-route-capabilitypeer0label-route-capabilityipv4-familyvpnv4undopolicyvpn-targetpeerenablepeerreflect-clientpeernext-hop-invariablepeerenablepeerreflect-clientpeernext-hop-invariablepeerenablepeerreflect-clientpeernext-hop-invariablepeerenablepeerreflect-clientpeernext-hop-invariablepeer0enablepeer0reflect-clientpeer0next-hop-invariable分别在PE1、PE2、P1、ASBR1、ASBR2上配置和RR1传递标签IPv4路由的能力以及传递vpnv4路由的能力，配置如下:bgp100peerlabel-route-capabilityipv4-familyvpnv4peerenable在RR2上配置和客户机传递标签IPv4路由的能力，RR2分别和ASBR3,ASBR4,P2,PE3,PE4做为客户机激活VPNv4邻居关系，并传递VPNv4路由时保持下一跳不变。bgp200peerlabel-route-capabilitypeerlabel-route-capabilitypeerlabel-route-capabilitypeer0label-route-capabilitypeer1label-route-capabilityipv4-familyvpnv4undopolicyvpn-targetpeerenablepeerreflect-clientpeernext-hop-invariablepeerenablepeerreflect-clientpeernext-hop-invariablepeerenablepeerreflect-clientpeernext-hop-invariablepeer0enablepeer0reflect-clientpeer0next-hop-invariablepeer1enablepeer1reflect-clientpeer1next-hop-invariable分别在PE3、PE4、P2、ASBR3、ASBR4上配置和RR2传递标签IPv4路由的能力，以及传递vpnv4路由的能力，配置如下:bgp200peerlabel-route-capabilityipv4-familyvpnv4peerenable在ASBR1上配置与ASBR3之间开启传递标签IPv4路由的能力，并互联接口启用MPLS，配置如下：bgp100peerlabel-route-capabilityinterfaceGigabitEthernet0/0/2mpls在ASBR3上配置与ASBR1之间开启传递标签IPv4路由的能力，并互联接口启用MPLS，配置如下：bgp200peerlabel-route-capabilityinterfaceGigabitEthernet0/0/2mpls在ASBR2上配置与ASBR4之间开启传递标签IPv4路由的能力，并互联接口启用MPLS，配置如下：bgp100peerlabel-route-capabilityinterfaceGigabitEthernet0/0/2mpls在ASBR4上配置与ASBR2之间开启传递标签IPv4路由的能力，并互联接口启用MPLS，配置如下：bgp200peerlabel-route-capabilityinterfaceGigabitEthernet0/0/2mpls在RR1上配置RR2之间的MP-EBGP邻居关系，激活VPNv4邻居传递路由下一跳不变,并禁用RR2的IPv4的EBGP邻居。bgp100peeras-number200peerebgp-max-hop10peerconnect-interfaceLoopBack0undopeerenableipv4-familyvpnv4peerenablepeernext-hop-invariable在RR2上配置RR1之间的MP-EBGP邻居关系，激活VPNv4邻居关系传递路由下一跳不变，并禁用RR1的IPv4的EBGP邻居，关闭和RR1的AS-PATH防环检测机制。bgp200peeras-number100peerebgp-max-hop10peerconnect-interfaceLoopBack0undopeerenableipv4-familyvpnv4peerenablepeernext-hop-invariablepeerallow-as-loop在ASBR1针对RR1和ASBR3配置路由策略控制标签分配。route-policyRRpermitnode10if-matchmpls-labelapplympls-labelroute-policyASBRpermitnode10applympls-labelbgp100peerroute-policyASBRexportpeerroute-policyRRexport在ASBR2针对RR1和ASBR4配置路由策略控制标签分配。route-policyRRpermitnode10if-matchmpls-labelapplympls-labelroute-policyASBRpermitnode10applympls-labelbgp100peerroute-policyASBRexportpeerroute-policyRRexport在ASBR3针对RR2和ASBR1配置路由策略控制标签分配。route-policyRRpermitnode10if-matchmpls-labelapplympls-labelroute-policyASBRpermitnode10applympls-labelbgp200peerroute-policyASBRexportpeerroute-policyRRexport在ASBR4针对RR2和ASBR2配置路由策略控制标签分配。route-policyRRpermitnode10if-matchmpls-labelapplympls-labelroute-policyASBRpermitnode10applympls-labelbgp200peerroute-policyASBRexportpeerroute-policyRRexport在PE3上将VPNv4路由引入到OSPF中，将OSPF路由引入到MP-BGP成为VPNv4路由。ospf2vpn-instanceVPN1import-routebgpbgp200ipv4-familyvpn-instanceVPN1import-routeospf2在PE4上将VPNv4路由引入到OSPF中，将OSPF路由引入到MP-BGP成为VPNv4路由。ospf2vpn-instanceVPN1import-routebgpbgp200ipv4-familyvpn-instanceVPN1import-routeospf2CE1—PE1Spoke业务网段；当CE2—PE2Spoke（6解法：在CE1上将BGP路由引入到CE1的OSPF协议中，并配置路由的Tag为100,并拒绝Tag为200的OSPF路由再次引入到BGP协议中。route-policytagpermitnode10applytag100ospf1import-routebgproute-policytagroute-policyimport_bgpdenynode10if-matchtag200route-policyimport_bgppermitnode20bgp65000import-routeospf1med0route-policyimport_bgp在CE2上将BGP路由引入到CE2的OSPF协议中，并配置路由的Tag为200，并拒绝Tag为100的OSPF路由再次引入到BGP协议中。route-policytagpermitnode10applytag200ospf1import-routebgproute-policytagroute-policyimport_bgpdenynode10if-matchtag100route-policyimport_bgppermitnode20bgp65000import-routeospf1med0route-policyimport_bgp在拓扑正常的情况下，要求CE1CE2Spoke业务网段时，不从本AS（1解法:分别在CE1和CE2上将EBGP路由的优先级修改为120。bgp65000preference120255255PE3/PE4BGPLocal-preferenceCE3/CE410.3.X.0/24XPE3/PE4PE1；XPE3/PE4优选的下一跳为PE2（3）解法：分别在PE3/PE4上配置以下命令。ipip-prefixPE1index10permitgreater-equal32less-equal32ipip-prefixPE2index10permit032greater-equal32less-equal32aclnumber2000rule5permitsourceaclnumber2001rule5permitsourceroute-policylocal-prfpermitnode10if-matchacl2000if-matchipnext-hopip-prefixPE1applylocal-preference1000route-policylocal-prfpermitnode20if-matchacl2001if-matchipnext-hopip-prefixPE2applylocal-preference1000route-policylocal-prfpermitnode10000bgp200ipv4-familyvpnv4peerroute-policylocal-prfimport4、Feature（17分）HA（8）C1配置静态的默认路由访问IPIP为0.012。该默认路由要与CISPFDC1的对端设备不支持F150ms（2解法：在CE1上配置静态路由，并配置BFD单臂回声功能。bfdbfdispbindpeer-ipinterfaceGigabitEthernet2/0/1one-arm-echodiscriminatorlocal1detect-multiplier4min-echo-rx-interval30commitiproute-static0trackbfd-sessionispCE2配置静态的默认路由访问ISP，下一跳IP。默认路由要与CE2—ISP链路的NQAICMP3s1注意由于目前考试CE2和ISP和BFD（2）解法：在CE2上配置NQA测试实例，并关联默认路由。iproute-statictracknqaadminicmpnqatest-instanceadminicmptest-typeicmpdestination-addressipv4frequency3startnowCE3、CE4能够通过默认路由访问ISP。CE1—ISPCE1ISP；CE2—ISPCE2ISP（4）由于CE2-ISPCE2CE1解法：分别在CE1,CE2（CE2上不用配置该命令）的OSPF进程下发布缺省路由。ospf1default-route-advertise在CE1向BGP邻居条件下发缺省路由。bgp65000peerdefault-route-advertiseconditional-route-match-all0为了防止CE1的G0/0/0和G2/0/1接口都失效导致PC1无法访问ISP，在CE1的VRRPVRID1上启用trackinterface功能。由于目前CE2-ISP的链路不存在了，故在CE1上就不在需要做接口track，故以下命令不用配置。interfaceGigabitEthernet0/0/2.10vrrpvrid1trackinterfaceGigabitEthernet2/0/1reduced15vrrpvrid1trackinterfaceGigabitEthernet0/0/0reduced15CE2BGPCE2PE3,PE4优先使用CE1ISP。route-policyorgpermitnode10applyoriginincompletebgp65000peerdefault-route-advertiseroute-policyorgconditional-route-match-all0为了防止CE2的G0/0/0和G2/0/2接口都失效导致Server-1无法访问ISP，在CE2的VRRPVRID2上启用trackinterface功能。由于目前CE2-ISP没有链路，所以该步骤不用配置，只需要跟踪G0/0/0接口即可，解法参考“##”部分。interfaceGigabitEthernet0/0/2.20vrrpvrid2trackinterfaceGigabitEthernet2/0/2reduced15vrrpvrid2trackinterfaceGigabitEthernet0/0/0reduced15##由于目前CE2-ISP没有链路，故CE2只需要跟踪G0/0/0接口的状态，减少VRRPVRID2优先级，切换到CE1作为MASTER。##interfaceGigabitEthernet0/0/2.20vrrpvrid2trackinterfaceGigabitEthernet0/0/0reduced30在PE3上向CE3发布缺省路由。ospfvpn-instanceVPN1default-route-advertise在PE4上向CE4发布缺省路由。ospfvpn-instanceVPN1default-route-advertise）1.在C11030.1（03.202.0121201.2/1访问IPC20.30.1（103.20）GE2/0/2ISPServer1ISPFTPHTTP（2解法：在CE1上配置基于地址池的NAPT以及NATServer。nataddress-group1aclnumber2000rule5denysource00rule10permitsource55interfaceGigabitEthernet2/0/1natoutbound2000address-group1natserverprotocoltcpglobalwwwinside0wwwnatserverprotocoltcpglobalftpinside0ftp在CE2上配置基于地址池的NAPT以及NATServer。在CE2上配置基于地址池的NAPT以及NATServer，由于CE2-ISP之间没有链路，故该步骤不用配置。nataddress-group1aclnumber2000rule5denysource00rule10permitsource55interfaceGigabitEthernet2/0/2natoutbound2000address-group1natserverprotocoltcpglobalwwwinside0wwwnatserverprotocoltcpglobalftpinside0ftpQoS（7）在CE1的GE2/0/1CE2的GE2/0/28:00—18:006881—69991Mbps。(3解法：在CE1上的GE2/0/1接口配置流量监管.time-rangework08:00to18:00working-dayaclnumber3000rule5permittcpdestination-portrange68816999time-rangewrokinterfaceGigabitEthernet2/0/1qoscaroutboundacl3000cir1024在CE2上的GE2/0/2接口配置流量监管。time-rangeworktime08:00to18:00working-dayaclnumber3000rule5permittcpdestination-portrange68816999time-rangewrokinterfaceGigabitEthernet2/0/2qoscaroutboundacl3000cir1024CE4—PE4的QoS业务地址前缀业务类别802.1pDSCP队列调度拥塞避免调度策略Weight值拥塞避免机制低门限高门限丢包概率/24RealTime101EF46 5PQ不丢包/24Signal100CS432 4WFQ63WRED70%100%50%/24Monitor011CS324 3WFQ21WRED50%90%50%/24Office010CS216 2WFQ9WRED50%80%50%其它BE000BE0 0WFQ1WRED50%80%50%表-1CE4G0/0/1802.1p标记。在PE4G0/0/1入方向，继承CE4802.1p802.1pDSCP（2）解法：在CE4G0/0/1802.1paclnameoffice3996rule5permitipdestination55aclnamemonitor3997rule5permitipdestination55aclnamesignal3998rule5permitipdestination55aclnamerealtime3999rule5permitipdestination55trafficclassifierSignalif-matchaclsignaltrafficclassifierOfficeif-matchaclofficetrafficclassifierMonitorif-matchaclmonitortrafficclassifierRealTimeif-matchaclrealtimetrafficbehaviorSignalremark8021ptrafficbehaviorOfficeremark8021p2trafficbehaviorMonitorremark8021p3trafficbehaviorRealTimeremark8021ptrafficbehaviorOtherremark8021p0trafficpolicyremarkclassifierRealTimebehaviorRealTimeclassifierSignalbehaviorSignalclassifierMonitorbehaviorMonitorclassifierOfficebehaviorOfficeclassifierdefault-classbehaviorOtherinterfaceGigabitEthernet0/0/1traffic-policyremarkoutbound在PE4上的GE0/0/1的入方向，继承CE4的802.1p值，并将802.1p映射为DSCP。qosmap-tabledot1p-dscpinput5output46input4output32input3output24input2output16input0output0interfaceGigabitEthernet0/0/1trust8021poverridePE4GE0/0/0GE0/0/2DSCP1（2解法：在PE4上配置WRED丢弃模版。drop-profilecs4wreddscpdscpcs4low-limit70high-limit100discard-percentage50drop-profilecs3wreddscpdscpcs3low-limit50high-limit90discard-percentage50drop-profilecs2wreddscpdscpcs2low-limit50high-limit80discard-percentage50drop-profiledefaultwreddscpdscpdefaultlow-limit50high-limit80discard-percentage50配置队列权重和套用WRED模版qosqueue-profiletestqueue0weightqueue2weightqueue3weightqueue4weightqueue0drop-profiledefaultschedulewfq0to4pqqueue2drop-profilecs2queue3drop-profilecs3queue4drop-profilecs4interfaceGigabitEthernet0/0/0qosqueue-profiletestinterfaceGigabitEthernet0/0/2qosqueue-profiletest5、Ipv6（14分）5.1基本配置1. 所有设备的接口Ipv65（PE1—RR1）解法：配置PE1和RR1互联接口的IPv6地址，在RR1上配置IPv6地址。interfaceIp-Trunk1ipv6address2000:EAD8:99EF:CC3E:B2AD:9EFF:32DD:1301/127在PE1上配置IPv6地址。interfaceIp-Trunk1ipv6address2000:EAD8:99EF:CC3E:B2AD:9EFF:32DD:1300/127Ipv6ISIS（3）1.如图6，PE1、PE2、、P1ASBR1ASBR2ISISISIScost（3解法：在PE1上配置ISIS协议，并配置链路开销。isis1ipv6enabletopologyipv6interfaceloopback0isisipv6enableinterfaceGigabitEthernet0/0/0isisipv6enableisisipv6cost20interfaceIp-Trunk1isisipv6enable1isisipv6cost1550在PE2上配置ISIS协议，并配置链路开销。isis1ipv6enabletopologyipv6interfaceloopback0isisipv6enableinterfaceGigabitEthernet0/0/0isisipv6enableisisipv6cost20interfaceGigabitEthernet0/0/2isisipv6enable1isisipv6cost1500在RR1上配置ISIS协议，并配置链路开销。isis1ipv6enabletopologyipv6interfaceloopback0isisipv6enableinterfaceGigabitEthernet0/0/0isisipv6enableisisipv6cost80interfaceGigabitEthernet0/0/1isisipv6enable1isisipv6cost860interfaceIp-Trunk1isisipv6enable1isisipv6cost1550在P1上配置ISIS协议，并配置链路开销。isis1ipv6enabletopologyipv6interfaceloopback0isisipv6enableinterfaceGigabitEthernet0/0/0isisipv6enableisisipv6cost80interfaceGigabitEthernet0/0/1isisipv6enable1isisipv6cost1000interfaceGigabitEthernet0/0/2isisipv6enable1isisipv6cost1500在ASBR1上配置ISIS协议，并配置链路开销。isis1ipv6enabletopologyipv6interfaceloopback0isisipv6enableinterfaceGigabitEthernet0/0/0isisipv6enableisisipv6cost100interfaceGigabitEthernet0/0/1isisipv6enableisisipv6cost860在ASBR2上配置ISIS协议，并配置链路开销。isis1ipv6enabletopologyipv6interfaceloopback0isisipv6enableinterfaceGigabitEthernet0/0/0isisipv6enableisisipv6cost100interfaceGigabitEthernet0/0/1isisipv6enableisisipv6cost1000为了防止IPv6的ISIS路由的次优路径，在RR1上配置路由泄漏，不泄漏也会导致IPv6BGP路由下一跳不可达后续需求无法实现。isis1ipv6import-routeisislevel-2intolevel-1为了防止IPv6的ISIS路由的次优路径，在RR1上配置路由泄漏，不泄漏也会导致IPv6BGP路由下一跳不可达后续需求无法实现。isis