Thanks to visit codestin.com
Credit goes to www.scribd.com

Scribd
Upload
1K views292 pages

HCIP-Datacom-Core Technology V1.0 Lab Guide

HCIP-Datacom-Core Technology V1.0 Lab Guide

Uploaded by

Ghallab Alsadeh
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
1K views292 pages

HCIP-Datacom-Core Technology V1.0 Lab Guide

HCIP-Datacom-Core Technology V1.0 Lab Guide

Uploaded by

Ghallab Alsadeh
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 292

Huawei Certification Training

HCIP-Datacom-Core Technology

Data Communication Senior Engineer

Lab Guide
Issue: 1.0

Huawei Technologies Co., Ltd.


Copyright © Huawei Technologies Co., Ltd. 2020. All rights reserved.
No part of this document may be reproduced or transmitted in any form or by any means without prior
written consent of Huawei Technologies Co., Ltd.

Trademarks and Permissions

and other Huawei trademarks are trademarks of Huawei Technologies Co., Ltd.
All other trademarks and trade names mentioned in this document are the property of their respective
holders.

Notice
The purchased products, services and features are stipulated by the contract made between Huawei and
the customer. All or part of the products, services and features described in this document may not be
within the purchase scope or the usage scope. Unless otherwise specified in the contract, all statements,
information, and recommendations in this document are provided "AS IS" without warranties, guarantees
or representations of any kind, either express or implied.
The information in this document is subject to change without notice. Every effort has been made in
the preparation of this document to ensure accuracy of the contents, but all statements,
information, and recommendations in this document do not constitute a warranty of any kind,
express or implied.

Huawei Technologies Co., Ltd.

Address: Huawei Industrial Base


Bantian, Longgang
Shenzhen 518129
People's Republic of China

Website: https://e.huawei.com/
HCIP-Datacom-Core Technology Lab Guide Page 1

Huawei Certification System


Huawei Certification follows the "platform + ecosystem" development strategy,
which is a new collaborative architecture of ICT infrastructure based on "Cloud-Pipe-
Terminal". Huawei has set up a complete certification system consisting of three
categories: ICT infrastructure certification, platform and service certification, and ICT
vertical certification. It is the only certification system that covers all ICT technical fields
in the industry. Huawei offers three levels of certification: Huawei Certified ICT
Associate (HCIA), Huawei Certified ICT Professional (HCIP), and Huawei Certified ICT
Expert (HCIE). Huawei Certification covers all ICT fields and adapts to the industry
trend of ICT convergence. With its leading talent development system and certification
standards, it is committed to fostering new ICT talent in the digital era, and building a
sound ICT talent ecosystem.
Huawei Certified ICT Professional-Datacom-Core Technology (HCIP-Datacom-Core
Technology) is designed for Huawei's frontline engineers and anyone who want to
understand Huawei's datacom products and technologies. HCIP-Datacom-Core
Technology certification covers advanced routing, advanced Ethernet switching, large-
scale WLAN networking, multicast technology, IPv6 technology, network security,
network reliability, network service and management, and enterprise network solutions.
The Huawei certification system introduces the industry, fosters innovation, and
imparts cutting-edge datacom knowledge.
HCIP-Datacom-Core Technology Lab Guide Page 2
HCIP-Datacom-Core Technology Lab Guide Page 3

About This Document

Overview
This document is an HCIP-Datacom-Core Technology certification training course. It is
intended for trainees who are going to take the HCIP-Datacom-Core Technology exams
or readers who want to learn advanced technologies, such as routing, Ethernet switching,
large-scale WLAN networking, multicast, IPv6, network security, network reliability, and
network service and management.

Background Knowledge Required


This course is for Huawei's advanced certification. To better understand this course,
familiarize yourself with the following requirements:
1. Have basic computer skills.
2. Have participated in HCIA-Datacom training.
3. Have passed the HCIA-Datacom exams.
4. Be familiar with the principles of the TCP/IP protocol stack.
5. Be familiar with the basic working principles of Ethernet switches and routers.

Symbol Conventions
HCIP-Datacom-Core Technology Lab Guide Page 4

Lab Environment
Networking
This lab environment is intended for datacom network engineers who are preparing for
the HCIP-Datacom-Core Technology exam. Each lab environment includes three switches
(not supporting PoE), two PoE switches, two APs, five routers, and one firewall.

Device Introduction
To meet exercise requirements, the recommended configurations of the environment are
as follows:
The following table describes the mapping among devices, models, and versions.

Device
Device Model Software version
Name

CloudEngine S5731-
Switch V200R019C00 or later
H24T4XC

CloudEngine S5731-
PoE switch V200R019C00 or later
H24P4XC

AP AirEngine 5760-10 V200R019C00 or later

Router NetEngine AR6120 V300R019 or later

Firewall USG6307E V500R001C50 or later

The port, output, and configuration information of devices in this document is


provided based on the recommended topology. The actual information may vary
according to the lab environment.
HCIP-Datacom-Core Technology Lab Guide Page 5

Contents

Overview ............................................................................................................................................................................................. 3
Background Knowledge Required .............................................................................................................................................. 3
Symbol Conventions ....................................................................................................................................................................... 3
Lab Environment .............................................................................................................................................................................. 4
1 Basic OSPF Configurations ................................................................................................... 8
1.1 Lab 1: Single-Area OSPF ........................................................................................................................................................ 8
1.1.1 Introduction............................................................................................................................................................................. 8
1.1.2 Lab Configuration ................................................................................................................................................................. 9
1.1.3 Quiz ..........................................................................................................................................................................................22
1.1.4 Configuration Reference ...................................................................................................................................................22
1.2 Lab 2: Multi-Area OSPF........................................................................................................................................................23
1.2.1 Introduction...........................................................................................................................................................................23
1.2.2 Lab Configuration ...............................................................................................................................................................25
1.2.3 Quiz ..........................................................................................................................................................................................37
1.2.4 Configuration Reference ...................................................................................................................................................37
1.3 Lab 3: OSPF Adjacencies and LSAs ..................................................................................................................................40
1.3.1 Introduction...........................................................................................................................................................................40
1.3.2 Lab Configuration ...............................................................................................................................................................41
1.3.3 Quiz ..........................................................................................................................................................................................57
1.3.4 Configuration Reference ...................................................................................................................................................57
1.4 Lab 4: OSPF Stub Area and NSSA ....................................................................................................................................59
1.4.1 Introduction...........................................................................................................................................................................59
1.4.2 Lab Configuration ...............................................................................................................................................................60
1.4.3 Quiz ..........................................................................................................................................................................................73
1.4.4 Configuration Reference ...................................................................................................................................................73
2 IS-IS Basics Experiment .......................................................................................................76
2.1 IS-IS Configuration Experiment .........................................................................................................................................76
2.1.1 Introduction...........................................................................................................................................................................76
2.1.2 Lab Configuration ...............................................................................................................................................................77
2.1.3 Quiz ..........................................................................................................................................................................................87
2.1.4 Configuration Reference ...................................................................................................................................................87
3 BGP Configurations ..............................................................................................................90
3.1 Lab 1: Basic BGP Configurations .......................................................................................................................................90
3.1.1 Introduction...........................................................................................................................................................................90
3.1.2 Lab Configuration ...............................................................................................................................................................91
HCIP-Datacom-Core Technology Lab Guide Page 6

3.1.3 Quiz ..........................................................................................................................................................................................99


3.1.4 Configuration Reference ...................................................................................................................................................99
3.2 Lab 2: BGP Route Summarization ................................................................................................................................. 103
3.2.1 Introduction........................................................................................................................................................................ 103
3.2.2 Lab Configuration ............................................................................................................................................................ 103
3.2.3 Quiz ....................................................................................................................................................................................... 110
3.2.4 Configuration Reference ................................................................................................................................................ 111
3.3 Lab 3: BGP RR ....................................................................................................................................................................... 112
3.3.1 Introduction........................................................................................................................................................................ 112
3.3.2 Lab Configuration ............................................................................................................................................................ 113
3.3.3 Quiz ....................................................................................................................................................................................... 126
3.3.4 Configuration Reference ................................................................................................................................................ 126
3.4 Lab 4: BGP Route Selection ............................................................................................................................................. 129
3.4.1 Introduction........................................................................................................................................................................ 129
3.4.2 Lab Configuration ............................................................................................................................................................ 130
3.4.3 Quiz ....................................................................................................................................................................................... 149
3.4.4 Configuration Reference ................................................................................................................................................ 149
4 Routing Policy and Routing Control ............................................................................. 155
4.1 Route Import and Control ................................................................................................................................................ 155
4.1.1 Introduction........................................................................................................................................................................ 155
4.1.2 Lab Configuration ............................................................................................................................................................ 156
4.1.3 Quiz ....................................................................................................................................................................................... 165
4.1.4 Configuration Reference ................................................................................................................................................ 165
5 RSTP and MSTP .................................................................................................................. 168
5.1 Basic RSTP and MSTP Configurations .......................................................................................................................... 168
5.1.1 Introduction........................................................................................................................................................................ 168
5.1.2 Lab Configuration ............................................................................................................................................................ 169
5.1.3 Quiz ....................................................................................................................................................................................... 176
5.1.4 Configuration Reference ................................................................................................................................................ 176
6 Multicast.............................................................................................................................. 180
6.1 IGMP, IGMP Snooping, and PIM-DM............................................................................................................................ 180
6.1.1 Introduction........................................................................................................................................................................ 180
6.1.2 Lab Configuration ............................................................................................................................................................ 181
6.1.3 Quiz ....................................................................................................................................................................................... 192
6.1.4 Configuration Reference ................................................................................................................................................ 192
6.2 PIM-SM, BSR, and PIM-SSM ............................................................................................................................................ 194
6.2.1 Introduction........................................................................................................................................................................ 194
6.2.2 Lab Configuration ............................................................................................................................................................ 195
HCIP-Datacom-Core Technology Lab Guide Page 7

6.2.3 Quiz ....................................................................................................................................................................................... 205


6.2.4 Configuration Reference ................................................................................................................................................ 205
7 Firewall Technology .......................................................................................................... 209
7.1 Firewall Security Policy ...................................................................................................................................................... 209
7.1.1 Introduction........................................................................................................................................................................ 209
7.1.2 Lab Configuration ............................................................................................................................................................ 210
7.1.3 Quiz ....................................................................................................................................................................................... 216
7.1.4 Configuration Reference ................................................................................................................................................ 216
8 VRRP ..................................................................................................................................... 220
8.1 Basic VRRP Configurations ............................................................................................................................................... 220
8.1.1 Introduction........................................................................................................................................................................ 220
8.1.2 Lab Configuration ............................................................................................................................................................ 221
8.1.3 Quiz ....................................................................................................................................................................................... 227
8.1.4 Configuration Reference ................................................................................................................................................ 227
9 DHCP .................................................................................................................................... 231
9.1 DHCP Relay Configuration ............................................................................................................................................... 231
9.1.1 Introduction........................................................................................................................................................................ 231
9.1.2 Lab Configuration ............................................................................................................................................................ 232
9.1.3 Quiz ....................................................................................................................................................................................... 239
9.1.4 Configuration Reference ................................................................................................................................................ 239
10 WLAN ................................................................................................................................. 242
10.1 Inter-AC Roaming on a Large-Scale WLAN ............................................................................................................. 242
10.1.1 Introduction ..................................................................................................................................................................... 242
10.1.2 Lab Configuration .......................................................................................................................................................... 244
10.1.3 Quiz .................................................................................................................................................................................... 252
10.1.4 Configuration Reference ............................................................................................................................................. 252
10.2 VRRP HSB Configuration ................................................................................................................................................ 256
10.2.1 Introduction ..................................................................................................................................................................... 256
10.2.2 Lab Configuration .......................................................................................................................................................... 258
10.2.3 Quiz .................................................................................................................................................................................... 270
10.2.4 Configuration Reference ............................................................................................................................................. 270
10.3 Dual-Link Cold Backup Configuration ....................................................................................................................... 274
10.3.1 Introduction ..................................................................................................................................................................... 274
10.3.2 Lab Configuration .......................................................................................................................................................... 276
10.3.3 Quiz .................................................................................................................................................................................... 284
10.3.4 Configuration Reference ............................................................................................................................................. 284
Reference Answers ............................................................................................................... 288
HCIP-Datacom-Core Technology Lab Guide Page 8

1 Basic OSPF Configurations

1.1 Lab 1: Single-Area OSPF


1.1.1 Introduction
1.1.1.1 Objectives
Upon completion of this task, you will be able to:
⚫ Configure OSPF in a single area.
⚫ Configure OSPF area authentication.
⚫ Describe the process of establishing OSPF neighbor relationships on a multi-access
network.
⚫ Change the cost of an OSPF interface.
⚫ Illustrate how to configure silent interfaces in OSPF.
⚫ Run the display commands to check various OSPF states.

1.1.1.2 Networking Topology


Figure 1-1 Single-area OSPF

R1, R2, and R3 are connected through S1, and their interfaces and IP addresses are shown
in the figure. Loopback0 is created on each of R1, R2, and R3, and its IP address is in the
format of 10.0.x.x/24, where x indicates the device number.
All interfaces of R1, R2, and R3 belong to area 0, and OSPF is activated on the
interconnection and Loopback0 interfaces.
HCIP-Datacom-Core Technology Lab Guide Page 9

1.1.1.3 Background
You are a network administrator of a company. Currently, there are three AR routers on
the company's network, which communicate with each other through an Ethernet. On
broadcast multi-access networks such as Ethernet, there may be security risks. To prevent
malicious routing attacks, you choose to use OSPF area authentication.

1.1.2 Lab Configuration


1.1.2.1 Configuration Roadmap
1. Configure IP addresses for the devices.
2. Configure OSPF on R1, R2, and R3, manually specify router IDs, and activate OSPF on
the interconnection and Loopback0 interfaces.
3. After the configuration is complete, check the OSPF neighbor relationship status and
OSPF routing table on each of R1, R2, and R3, and check the connectivity between
the loopback interfaces of R1, R2, and R3.
4. Manually shut down the interconnection interfaces of R1, R2, and R3 and enable the
debugging function to check the establishment of OSPF neighbor relationships. Then,
enable the interconnection interfaces again and observe the debugging information
on the devices.
5. Manually change the network type of Loopback0 on R2 and observe the change in
the mask length of the OSPF route.
6. Manually change the costs of OSPF interfaces.
7. Configure the interconnection and Loopback0 interfaces as silent interfaces.

1.1.2.2 Configuration Procedure


Step 1 Configure IP addresses for the interconnection and loopback interfaces.

# Name the devices.


The configuration details are not provided.
# Disable the interfaces that are not used in this experiment.
The configuration details are not provided.
# Configure IP addresses for GE0/0/3 and the loopback interface on R1.

<R1>system-view
Enter system view, return user view with Ctrl+Z.
[R1]interface GigabitEthernet 0/0/3
[R1-GigabitEthernet0/0/3] ip address 10.0.123.1 24
[R1-GigabitEthernet0/0/3] quit
[R1]interface LoopBack 0
[R1-LoopBack0] ip address 10.0.1.1 24
[R1-LoopBack0] quit

# Configure IP addresses for GE0/0/4 and the loopback interface on R2.

<R2>system-view
Enter system view, return user view with Ctrl+Z.
HCIP-Datacom-Core Technology Lab Guide Page 10

[R2]interface GigabitEthernet 0/0/4


[R2-GigabitEthernet0/0/4] ip address 10.0.123.2 24
[R2-GigabitEthernet0/0/4] quit
[R2]interface LoopBack 0
[R2-LoopBack0] ip address 10.0.2.2 24
[R2-LoopBack0] quit

# Configure IP addresses for GE0/0/4 and the loopback interface on R3.

<R3>system-view
Enter system view, return user view with Ctrl+Z.
[R3]interface GigabitEthernet 0/0/4
[R3-GigabitEthernet0/0/4] ip address 10.0.123.3 24
[R3-GigabitEthernet0/0/4] quit
[R3]interface LoopBack 0
[R3-LoopBack0] ip address 10.0.3.3 24
[R3-LoopBack0] quit

# Verify the connectivity on R1.

<R1>ping -c 1 10.0.123.2
PING 10.0.123.2: 56 data bytes, press CTRL_C to break
Reply from 10.0.123.2: bytes=56 Sequence=1 ttl=255 time=2 ms

--- 10.0.123.2 ping statistics ---


1 packet(s) transmitted
1 packet(s) received
0.00% packet loss
round-trip min/avg/max = 2/2/2 ms
<R1>ping -c 1 10.0.123.3
PING 10.0.123.3: 56 data bytes, press CTRL_C to break
Reply from 10.0.123.3: bytes=56 Sequence=1 ttl=255 time=2 ms

--- 10.0.123.3 ping statistics ---


1 packet(s) transmitted
1 packet(s) received
0.00% packet loss
round-trip min/avg/max = 2/2/2 ms

Step 2 Configure OSPF in a single area.

# Configure the Loopback0 IP addresses of R1, R2, and R3 as their OSPF router IDs, and
set the OSPF process ID to 1.

[R1]ospf 1 router-id 10.0.1.1

[R2]ospf 1 router-id 10.0.2.2

[R3]ospf 1 router-id 10.0.3.3

# Activate OSPF on the interconnection and Loopback0 interfaces of R1, R2, and R3.

[R1]ospf 1
[R1-ospf-1]area 0
[R1-ospf-1-area-0.0.0.0] network 10.0.123.1 0.0.0.0
HCIP-Datacom-Core Technology Lab Guide Page 11

[R1-ospf-1-area-0.0.0.0] network 10.0.1.1 0.0.0.0

[R2]ospf 1
[R2-ospf-1]area 0
[R2-ospf-1-area-0.0.0.0] network 10.0.123.2 0.0.0.0
[R2-ospf-1-area-0.0.0.0] network 10.0.2.2 0.0.0.0

[R3]ospf 1
[R3-ospf-1]area 0
[R3-ospf-1-area-0.0.0.0] network 10.0.123.3 0.0.0.0
[R3-ospf-1-area-0.0.0.0] network 10.0.3.3 0.0.0.0

# To ensure security, configure OSPF area authentication, use the cleartext mode, and set
the password to huawei.

[R1]ospf 1
[R1-ospf-1]area 0
[R1-ospf-1-area-0.0.0.0] authentication-mode simple plain huawei

[R2]ospf 1
[R2-ospf-1]area 0
[R2-ospf-1-area-0.0.0.0] authentication-mode simple plain huawei

[R3]ospf 1
[R3-ospf-1]area 0
[R3-ospf-1-area-0.0.0.0] authentication-mode simple plain huawei

Step 3 Verify the OSPF configuration.

# Check the OSPF neighbor information on R1, R2, and R3.

<R1>display ospf peer

OSPF Process 1 with Router ID 10.0.1.1


Neighbors

Area 0.0.0.0 interface 10.0.123.1(GigabitEthernet0/0/3)'s neighbors


Router ID : 10.0.2.2 Address: 10.0.123.2
State: Full Mode :Nbr is Master Priority: 1
DR: 10.0.123.1 BDR: 10.0.123.2 MTU: 0
Dead timer due in 39 sec
Retrans timer interval: 5
Neighbor is up for 00:24:56
Authentication Sequence: [ 0 ]

Router ID: 10.0.3.3 Address: 10.0.123.3


State: Full Mode:Nbr is Slave Priority: 1
DR: 10.0.123.1 BDR: 10.0.123.2 MTU: 0
Dead timer due in 38 sec
Retrans timer interval: 5
Neighbor is up for 00:24:32
Authentication Sequence: [ 0 ]

The command output shows that R1 has established OSPF neighbor relationships with R2
and R3.
HCIP-Datacom-Core Technology Lab Guide Page 12

<R2>display ospf peer

OSPF Process 1 with Router ID 10.0.2.2


Neighbors

Area 0.0.0.0 interface 10.0.123.2(GigabitEthernet0/0/4)'s neighbors


Router ID: 10.0.1.1 Address: 10.0.123.1
State: Full Mode:Nbr is Slave Priority: 1
DR: 10.0.123.1 BDR: 10.0.123.2 MTU: 0
Dead timer due in 34 sec
Retrans timer interval: 0
Neighbor is up for 00:27:10
Authentication Sequence: [ 0 ]

Router ID: 10.0.3.3 Address: 10.0.123.3


State: Full Mode:Nbr is Slave Priority: 1
DR: 10.0.123.1 BDR: 10.0.123.2 MTU: 0
Dead timer due in 36 sec
Retrans timer interval: 5
Neighbor is up for 00:26:50
Authentication Sequence: [ 0 ]

The command output shows that R2 has established OSPF neighbor relationships with R1
and R3.

<R3>display ospf peer

OSPF Process 1 with Router ID 10.0.3.3


Neighbors

Area 0.0.0.0 interface 10.0.123.3(GigabitEthernet0/0/4)'s neighbors


Router ID: 10.0.1.1 Address: 10.0.123.1
State: Full Mode:Nbr is Master Priority: 1
DR: 10.0.123.1 BDR: 10.0.123.2 MTU: 0
Dead timer due in 31 sec
Retrans timer interval: 0
Neighbor is up for 00:28:06
Authentication Sequence: [ 0 ]

Router ID: 10.0.2.2 Address: 10.0.123.2


State: Full Mode:Nbr is Master Priority: 1
DR: 10.0.123.1 BDR: 10.0.123.2 MTU: 0
Dead timer due in 34 sec
Retrans timer interval: 5
Neighbor is up for 00:28:09
Authentication Sequence: [ 0 ]

The command output shows that R3 has established OSPF neighbor relationships with R1
and R2.
# Check the OSPF routing tables of R1, R2, and R3.

[R1]display ospf routing

OSPF Process 1 with Router ID 10.0.1.1


HCIP-Datacom-Core Technology Lab Guide Page 13

Routing Tables

Routing for Network


Destination Cost Type NextHop AdvRouter Area
10.0.1.1/32 0 Stub 10.0.1.1 10.0.1.1 0.0.0.0
10.0.123.0/24 1 Transit 10.0.123.1 10.0.1.1 0.0.0.0
10.0.2.2/32 1 Stub 10.0.123.2 10.0.2.2 0.0.0.0
10.0.3.3/32 1 Stub 10.0.123.3 10.0.3.3 0.0.0.0

Total Nets: 4
Intra Area: 4 Inter Area: 0 ASE: 0 NSSA: 0

The command output shows that R1 has learned the Loopback0 routes from R2 and R3.

[R2]display ospf routing

OSPF Process 1 with Router ID 10.0.2.2


Routing Tables

Routing for Network


Destination Cost Type NextHop AdvRouter Area
10.0.2.2/32 0 Stub 10.0.2.2 10.0.2.2 0.0.0.0
10.0.123.0/24 1 Transit 10.0.123.2 10.0.2.2 0.0.0.0
10.0.1.1/32 1 Stub 10.0.123.1 10.0.1.1 0.0.0.0
10.0.3.3/32 1 Stub 10.0.123.3 10.0.3.3 0.0.0.0

Total Nets: 4
Intra Area: 4 Inter Area: 0 ASE: 0 NSSA: 0

The command output shows that R2 has learned the Loopback0 routes from R1 and R3.

[R3]display ospf routing

OSPF Process 1 with Router ID 3.3.3.3


Routing Tables

Routing for Network


Destination Cost Type NextHop AdvRouter Area
10.0.3.3/32 0 Stub 10.0.3.3 10.0.3.3 0.0.0.0
10.0.123.0/24 1 Transit 10.0.123.3 10.0.3.3 0.0.0.0
10.0.1.1/32 1 Stub 10.0.123.1 10.0.1.1 0.0.0.0
10.0.2.2/32 1 Stub 10.0.123.2 10.0.2.2 0.0.0.0

Total Nets: 4
Intra Area: 4 Inter Area: 0 ASE: 0 NSSA: 0

The command output shows that R3 has learned the Loopback0 routes from R1 and R2.
# Check the connectivity between the loopback interfaces.

<R1>ping -c 1 -a 10.0.1.1 10.0.2.2


PING 10.0.2.2: 56 data bytes, press CTRL_C to break
Reply from 10.0.2.2: bytes=56 Sequence=1 ttl=255 time=50 ms

--- 10.0.2.2 ping statistics ---


1 packet(s) transmitted
HCIP-Datacom-Core Technology Lab Guide Page 14

1 packet(s) received
0.00% packet loss
round-trip min/avg/max = 50/50/50 ms

<R1>ping -c 1 -a 10.0.1.1 10.0.3.3


PING 10.0.3.3: 56 data bytes, press CTRL_C to break
Reply from 10.0.3.3: bytes=56 Sequence=1 ttl=255 time=60 ms

--- 10.0.3.3 ping statistics ---


1 packet(s) transmitted
1 packet(s) received
0.00% packet loss
round-trip min/avg/max = 60/60/60 ms

On R1, use the IP address of Loopback0 as the source address to ping the Loopback0
interfaces of R2 and R3.
# Check the OSPF LSDB on R1.

<R1>display ospf lsdb

OSPF Process 1with Router ID 10.0.1.1


Link State Database

Area: 0.0.0.0
Type LinkState ID AdvRouter Age Len Sequence Metric
Router 10.0.3.3 10.0.3.3 468 48 80000005 0
Router 10.0.2.2 10.0.2.2 472 48 8000000B 0
Router 10.0.1.1 10.0.1.1 467 48 8000000D 0
Network 10.0.123.1 10.0.1.1 467 36 80000008 0

The command output shows four LSAs, among which the first three are Type 1 LSAs
generated by R1, R2, and R3 separately. The AdvRouter field for each LSA indicates the
router that generates the LSA. The fourth LSA is a Type 2 LSA, which is generated by the
DR on a network segment. In this scenario, R1 is the DR on the network segment
10.0.123.0/24. Therefore, the AdvRouter field value of the Type 2 LSA is 10.0.1.1.
# Check the Type 1 LSA generated by R1.

[R1]display ospf lsdb router self-originate

OSPF Process 1 with Router ID 10.0.1.1


Area: 0.0.0.0
Link State Database

Type : Router
Ls id : 10.0.1.1
Adv rtr : 10.0.1.1
Ls age : 430
Len : 48
Options : E
seq# : 80000009
chksum : 0x8188
Link count : 2
* Link ID : 10.0.1.1
HCIP-Datacom-Core Technology Lab Guide Page 15

Data : 255.255.255.255
Link Type: StubNet
Metric : 0
Priority : Medium
* Link ID : 10.0.123.1
Data : 10.0.123.1
Link Type: TransNet
Metric : 1

The command output shows that this LSA describes two Links. The first Link indicates the
network segment where the loopback interface resides. The value of Link Type is
StubNet, and the values of Link ID and Data are the IP address and mask of the stub
network segment, respectively. The second Link describes the network segment on which
the three routers are interconnected. The value of Link Type is TransNet. The value of
Link ID is the DR's interface address 10.0.123.1, and the value of Data is the IP address of
the local interface on the network segment, 10.0.123.1.
# Check the Type 2 LSA generated by R1.

[R1]display ospf lsdb network self-originate

OSPF Process 1 with Router ID 10.0.1.1


Area: 0.0.0.0
Link State Database

Type : Network
Ls id : 10.0.123.1
Adv rtr : 10.0.1.1
Ls age : 1662
Len : 36
Options : E
seq# : 80000005
chksum : 0x3d58
Netmask : 255.255.255.0
Priority : Low
Attached Router 10.0.1.1
Attached Router 10.0.2.2
Attached Router 10.0.3.3

The Attached Router field in the Type 2 LSA describes the neighbor information of the
network segment where the DR resides.

Step 4 Check the process of establishing OSPF neighbor relationships.

Based on the preceding OSPF neighbor information, the interface IP address of the DR is
10.0.123.1, which is different from the expected result obtained based on DR election
rules. In OSPF, the non-preemption mode is used for DR election. When a DR or BDR
exists on a network, a newly deployed router on the network cannot preempt the role of
the DR or BDR. However, if OSPF is configured at different time on the network devices,
the elected DR may be the device that starts first.
To prevent this issue, you can shut down the interconnection interfaces of R1, R2, and R3,
and run the debugging ospf 1 event command to observe the process of establishing
the OSPF neighbor relationships. Then, try to re-enable the interfaces of R1, R2, and R3
HCIP-Datacom-Core Technology Lab Guide Page 16

at the same time, and check the DR and BDR election process based on the debugging
information.
# Shut down the interconnection interfaces of R1, R2, and R3.

[R1] interface GigabitEthernet0/0/3


[R1-GigabitEthernet0/0/3] shutdown

[R2] interface GigabitEthernet0/0/4


[R2-GigabitEthernet0/0/4] shutdown

[R3] interface GigabitEthernet0/0/4


[R3-GigabitEthernet0/0/4] shutdown

# Enable the debugging function on R1, R2, and R3, and enable OSPF event debugging.

<R1>terminal debugging
Info: Current terminal debugging is on.
<R1>terminal monitor
<R1>debugging ospf 1 event

The operations on R2 and R3 are the same as that on R1, and are not provided here.
# Re-enable the interconnection interfaces of R1, R2, and R3.

[R1] interface GigabitEthernet0/0/3


[R1-GigabitEthernet0/0/3] undo shutdown

[R2] interface GigabitEthernet0/0/4


[R2-GigabitEthernet0/0/4] undo shutdown

[R3] interface GigabitEthernet0/0/4


[R3-GigabitEthernet0/0/4] undo shutdown

# Observe the debugging information on R3.

May 22 2020 14:32:25-08:00 R3 %%01PHY/1/PHY(l)[20]: GigabitEthernet0/0/4: change status to up


May 22 2020 14:32:25-08:00 R3 %%01IFNET/4/LINK_STATE(l)[21]:The line protocol IP on the interface
GigabitEthernet0/0/4 has entered the UP state.
May 22 2020 14:32:25.650.5-08:00 R3 RM/6/RMDEBUG:
FileID: 0x7017802c Line: 1281 Level: 0x20
OSPF 1: Intf 10.0.123.3 Rcv InterfaceUp State Down -> Waiting.
May 22 2020 14:32:25.650.6-08:00 R3 RM/6/RMDEBUG:
FileID: 0x7017802c Line: 1395 Level: 0x20
OSPF 1 Send Hello Interface Up on 10.0.123.3
May 22 2020 14:32:29-08:00 R3 DS/4/DATASYNC_CFGCHANGE:OID 1.3.6.1.4.1.2011.5.25.191.3.1 configurations have
been changed. The current change number is 20, the change loop count is 0, and the maximum number of records is
4095.
May 22 2020 14:33:06-08:00 R3 %%01OSPF/4/NBR_CHANGE_E(l)[22]:Neighbor changes event: neighbor status
changed. (ProcessId=1, NeighborAddress=10.0.123.2, NeighborEvent=HelloReceived, NeighborPreviousState=Down,
NeighborCurrentState=Init)
May 22 2020 14:33:06.320.2-08:00 R3 RM/6/RMDEBUG:
FileID: 0x7017802d Line: 1119 Level: 0x20
OSPF 1: Nbr 10.0.123.2 Rcv HelloReceived State Down -> Init.
May 22 2020 14:33:08.390.1-08:00 R3 RM/6/RMDEBUG:
FileID: 0x7017802c Line: 2061 Level: 0x20
HCIP-Datacom-Core Technology Lab Guide Page 17

OSPF 1 Send Hello Interface State Changed on 10.0.123.3


May 22 2020 14:33:08.390.2-08:00 R3 RM/6/RMDEBUG:
FileID: 0x7017802c Line: 2072 Level: 0x20
OSPF 1: Intf 10.0.123.3 Rcv WaitTimer State Waiting -> DR.
May 22 2020 14:33:08-08:00 R3 %%01OSPF/4/NBR_CHANGE_E(l)[23]:Neighbor changes event: neighbor status
changed. (ProcessId=1, NeighborAddress=10.0.123.2, NeighborEvent=2WayReceived, NeighborPreviousState=Init,
NeighborCurrentState=ExStart)
May 22 2020 14:33:08-08:00 R3 %%01OSPF/4/NBR_CHANGE_E(l)[24]:Neighbor changes event: neighbor status
changed. (ProcessId=1, NeighborAddress=10.0.123.2, NeighborEvent=NegotiationDone,
NeighborPreviousState=ExStart, NeighborCurrentState=Exchange)
May 22 2020 14:33:08.480.1-08:00 R3 RM/6/RMDEBUG:
FileID: 0x7017802d Line: 1715 Level: 0x20
OSPF 1: Nbr 10.0.123.2 Rcv 2WayReceived State Init -> ExStart.
May 22 2020 14:33:08.530.1-08:00 R3 RM/6/RMDEBUG:
FileID: 0x7017802d Line: 1828 Level: 0x20
OSPF 1: Nbr 10.0.123.2 Rcv NegotiationDone State ExStart -> Exchange.
May 22 2020 14:33:08-08:00 R3 %%01OSPF/4/NBR_CHANGE_E(l)[25]:Neighbor changes event: neighbor status
changed. (ProcessId=1, NeighborAddress=10.0.123.2, NeighborEvent=ExchangeDone,
NeighborPreviousState=Exchange, NeighborCurrentState=Loading)
May 22 2020 14:33:08-08:00 R3 %%01OSPF/4/NBR_CHANGE_E(l)[26]:Neighbor changes event: neighbor status
changed. (ProcessId=1, NeighborAddress=10.0.123.2, NeighborEvent=LoadingDone, NeighborPreviousState=Loading,
NeighborCurrentState=Full)
May 22 2020 14:33:08.590.3-08:00 R3 RM/6/RMDEBUG:
FileID: 0x7017802d Line: 1940 Level: 0x20
OSPF 1: Nbr 10.0.123.2 Rcv ExchangeDone State Exchange -> Loading.
May 22 2020 14:33:08.590.4-08:00 R3 RM/6/RMDEBUG:
FileID: 0x7017802d Line: 2339 Level: 0x20
OSPF 1: Nbr 10.0.123.2 Rcv LoadingDone State Loading -> Full.
May 22 2020 14:33:10-08:00 R3 %%01OSPF/4/NBR_CHANGE_E(l)[27]:Neighbor changes event: neighbor status
changed. (ProcessId=1, NeighborAddress=10.0.123.1, NeighborEvent=HelloReceived, NeighborPreviousState=Down,
NeighborCurrentState=Init)
May 22 2020 14:33:10-08:00 R3 %%01OSPF/4/NBR_CHANGE_E(l)[28]:Neighbor changes event: neighbor status
changed. (ProcessId=1, NeighborAddress=10.0.123.1, NeighborEvent=2WayReceived, NeighborPreviousState=Init,
NeighborCurrentState=ExStart)
May 22 2020 14:33:10-08:00 R3 %%01OSPF/4/NBR_CHANGE_E(l)[29]:Neighbor changes event: neighbor status
changed. (ProcessId=1, NeighborAddress=10.0.123.1, NeighborEvent=NegotiationDone,
NeighborPreviousState=ExStart, NeighborCurrentState=Exchange)
May 22 2020 14:33:10.340.1-08:00 R3 RM/6/RMDEBUG:
FileID: 0x7017802d Line: 1119 Level: 0x20
OSPF 1: Nbr 10.0.123.1 Rcv HelloReceived State Down -> Init.
May 22 2020 14:33:10.340.2-08:00 R3 RM/6/RMDEBUG:
FileID: 0x7017802d Line: 1715 Level: 0x20
OSPF 1: Nbr 10.0.123.1 Rcv 2WayReceived State Init -> ExStart.
May 22 2020 14:33:10.420.1-08:00 R3 RM/6/RMDEBUG:
FileID: 0x7017802d Line: 1828 Level: 0x20
OSPF 1: Nbr 10.0.123.1 Rcv NegotiationDone State ExStart -> Exchange.
May 22 2020 14:33:10-08:00 R3 %%01OSPF/4/NBR_CHANGE_E(l)[30]:Neighbor changes event: neighbor status
changed. (ProcessId=1, NeighborAddress=10.0.123.1, NeighborEvent=ExchangeDone,
NeighborPreviousState=Exchange, NeighborCurrentState=Loading)
May 22 2020 14:33:10-08:00 R3 %%01OSPF/4/NBR_CHANGE_E(l)[31]:Neighbor changes event: neighbor status
changed. (ProcessId=1, NeighborAddress=10.0.123.1, NeighborEvent=LoadingDone, NeighborPreviousState=Loading,
NeighborCurrentState=Full)
May 22 2020 14:33:10.460.3-08:00 R3 RM/6/RMDEBUG:
FileID: 0x7017802d Line: 1940 Level: 0x20
OSPF 1: Nbr 10.0.123.1 Rcv ExchangeDone State Exchange -> Loading.
HCIP-Datacom-Core Technology Lab Guide Page 18

May 22 2020 14:33:10.460.4-08:00 R3 RM/6/RMDEBUG:


FileID: 0x7017802d Line: 2339 Level: 0x20
OSPF 1: Nbr 10.0.123.1 Rcv LoadingDone State Loading -> Full.

When OSPF is enabled almost at the same time, the debugging information shows that
R3 has become the DR.
# Observe the debugging information on R2.

May 22 2020 14:32:29-08:00 R2 DS/4/DATASYNC_CFGCHANGE:OID 1.3.6.1.4.1.2011.5.25.191.3.1 configurations have


been changed. The current change number is 15, the change loop count is 0, and the maximum number of records is
4095.
May 22 2020 14:32:29-08:00 R2 %%01PHY/1/PHY(l)[18]: GigabitEthernet0/0/4: change status to up
May 22 2020 14:32:29-08:00 R2 %%01IFNET/4/LINK_STATE(l)[19]:The line protocol IP on the interface
GigabitEthernet0/0/4 has entered the UP state.
May 22 2020 14:32:29.760.5-08:00 R2 RM/6/RMDEBUG:
FileID: 0x7017802c Line: 1281 Level: 0x20
OSPF 1: Intf 10.0.123.2 Rcv InterfaceUp State Down -> Waiting.
May 22 2020 14:32:29.760.6-08:00 R2 RM/6/RMDEBUG:
FileID: 0x7017802c Line: 1395 Level: 0x20
OSPF 1 Send Hello Interface Up on 10.0.123.2
May 22 2020 14:33:06.310.1-08:00 R2 RM/6/RMDEBUG:
FileID: 0x7017802c Line: 2061 Level: 0x20
OSPF 1 Send Hello Interface State Changed on 10.0.123.2
May 22 2020 14:33:06.310.2-08:00 R2 RM/6/RMDEBUG:
FileID: 0x7017802c Line: 2072 Level: 0x20
OSPF 1: Intf 10.0.123.2 Rcv WaitTimer State Waiting -> DR.
May 22 2020 14:33:08-08:00 R2 %%01OSPF/4/NBR_CHANGE_E(l)[20]:Neighbor changes event: neighbor status
changed. (ProcessId=1, NeighborAddress=10.0.123.3, NeighborEvent=HelloReceived, NeighborPreviousState=Down,
NeighborCurrentState=Init)
May 22 2020 14:33:08-08:00 R2 %%01OSPF/4/NBR_CHANGE_E(l)[21]:Neighbor changes event: neighbor status
changed. (ProcessId=1, NeighborAddress=10.0.123.3, NeighborEvent=2WayReceived, NeighborPreviousState=Init,
NeighborCurrentState=ExStart)
May 22 2020 14:33:08-08:00 R2 %%01OSPF/4/NBR_CHANGE_E(l)[22]:Neighbor changes event: neighbor status
changed. (ProcessId=1, NeighborAddress=10.0.123.3, NeighborEvent=NegotiationDone,
NeighborPreviousState=ExStart, NeighborCurrentState=Exchange)
May 22 2020 14:33:08.420.1-08:00 R2 RM/6/RMDEBUG:
FileID: 0x7017802d Line: 1119 Level: 0x20
OSPF 1: Nbr 10.0.123.3 Rcv HelloReceived State Down -> Init.
May 22 2020 14:33:08.420.2-08:00 R2 RM/6/RMDEBUG:
FileID: 0x7017802d Line: 1715 Level: 0x20
OSPF 1: Nbr 10.0.123.3 Rcv 2WayReceived State Init -> ExStart.
May 22 2020 14:33:08.420.3-08:00 R2 RM/6/RMDEBUG:
FileID: 0x7017802c Line: 2501 Level: 0x20
OSPF 1: Intf 10.0.123.2 Rcv NeighborChange State DR -> BackupDR.

The debugging information shows that R2 has become the BDR.

Step 5 Configure the network type of an OSPF interface.

# In the OSPF routing table on R1, check the Loopback0 routes learned from R2 and R3.

<R1>display ospf routing 10.0.2.2

OSPF Process 1 with Router ID 10.0.1.1


HCIP-Datacom-Core Technology Lab Guide Page 19

Destination : 10.0.2.2/32
AdverRouter : 10.0.2.2 Area : 0.0.0.0
Cost :1 Type : Stub
NextHop : 10.0.123.2 Interface : GigabitEthernet0/0/3
Priority : Medium Age : 00h09m02s

<R1>display ospf routing 10.0.3.3

OSPF Process 1 with Router ID 10.0.1.1

Destination : 10.0.3.3/32
AdverRouter : 10.0.3.3 Area : 0.0.0.0
Cost :1 Type : Stub
NextHop : 10.0.123.3 Interface : GigabitEthernet0/0/3
Priority : Medium Age : 00h09m13s

The command output shows that the masks of the Loopback0 routes are both 32 bits,
not 24 bits.
# Take R2 as an example, and check the Type 1 LSA on R2.

<R2>display ospf lsdb router 10.0.2.2

OSPF Process 1 with Router ID 10.0.2.2


Area: 0.0.0.0
Link State Database

Type : Router
Ls id : 10.0.2.2
Adv rtr : 10.0.2.2
Ls age : 1528
Len : 48
Options : E
seq# : 80000020
chksum : 0x9653
Link count : 2
* Link ID : 10.0.2.2
Data : 255.255.255.255
Link Type : StubNet
Metric : 0
Priority : Medium
* Link ID : 10.0.123.3
Data : 10.0.123.2
Link Type : TransNet
Metric : 1

The command output shows that the mask of the LSA describing Loopback0 on R2 has
been set to 32 bits. OSPF considers a loopback interface as a stub network, which is
connected to only one node. Therefore, no matter how many bits are actually set for the
network mask of the loopback interface, OSPF uses a 32-bit network mask (host mask)
when advertising the Type 1 LSA to describe this interface.
For details about OSPF loopback interfaces, see section 9.1 in RFC 2328.
# Change the network type of Loopback0 on R2.
HCIP-Datacom-Core Technology Lab Guide Page 20

[R2]interface LoopBack 0
[R2-LoopBack0] ospf network-type broadcast

After the network type of the loopback interface is changed to broadcast, OSPF uses the
actual mask of the interface to advertise its network information. In this example, OSPF
uses Loopback0's actual mask length of 24 bits.
# In the OSPF routing table on R1, check the Loopback0 route learned from R2 again.

<R1>display ospf routing 10.0.2.2

OSPF Process 1 with Router ID 10.0.1.1

Destination : 10.0.2.0/24
AdverRouter : 10.0.2.2 Area : 0.0.0.0
Cost : 1 Type : Stub
NextHop : 10.0.123.2 Interface : GigabitEthernet0/0/3
Priority : Low Age : 00h04m10s

The command output shows that the mask length of the route has changed to 24 bits.

Step 6 Change the costs of OSPF interfaces.

# In the OSPF routing table on R1, check the Loopback0 route learned from R3.

<R1>display ospf routing 10.0.3.3

OSPF Process 1 with Router ID 10.0.1.1

Destination : 10.0.3.3/32
AdverRouter : 10.0.3.3 Area : 0.0.0.0
Cost : 1 Type : Stub
NextHop : 10.0.123.3 Interface : GigabitEthernet0/0/3
Priority : Medium Age : 00h46m56s

The command output shows that the route cost is 1.


# Change the OSPF cost of GE0/0/3 on R1 to 20 and that of GE0/0/4 on R3 to 10.

[R1]interface GigabitEthernet0/0/3
[R1-GigabitEthernet0/0/3] ospf cost 20

[R3]interface GigabitEthernet0/0/4
[R3-GigabitEthernet0/0/4] ospf cost 10

# In the OSPF routing table on R1, check the Loopback0 route learned from R2 again.

<R1>display ospf routing 10.0.2.2


OSPF Process 1 with Router ID 10.0.1.1

Destination : 10.0.2.0/24
AdverRouter : 10.0.2.2 Area : 0.0.0.0
Cost : 20 Type : Stub
NextHop : 10.0.123.2 Interface : GigabitEthernet0/0/3
Priority : Low Age : 00h04m19s
HCIP-Datacom-Core Technology Lab Guide Page 21

The command output shows that the cost is 20.


# In the OSPF routing table on R3, check the Loopback0 route learned from R1.

<R3>display ospf routing 10.0.1.1

OSPF Process 1 with Router ID 10.0.3.3

Destination : 10.0.1.1/32
AdverRouter : 10.0.1.1 Area : 0.0.0.0
Cost : 10 Type : Stub
NextHop : 10.0.123.1 Interface : GigabitEthernet0/0/4
Priority : Medium Age : 00h06m07s

The command output shows that the cost is 10.

Step 7 Configure an OSPF silent interface.

# Configure GE0/0/3 of R1 as a silent interface.

[R1]ospf 1
[R1-ospf-1] silent-interface GigabitEthernet 0/0/3

# Check the OSPF neighbor information on R1.

<R1>display ospf peer

OSPF Process 1 with Router ID 10.0.1.1

After the configuration is completed, the interconnection interface no longer sends or


receives Hello packets. The neighbor relationship that has been established using this
interface disappears.
# Check information about the OSPF interface GE0/0/3 on R1.

<R1>display ospf interface GigabitEthernet 0/0/3

OSPF Process 1 with Router ID 10.0.1.1


Interfaces

Interface: 10.0.123.1 (GigabitEthernet0/0/3)


Cost: 20 State: DR Type: Broadcast MTU: 1500
Priority: 1
Designated Router: 10.0.123.1
Backup Designated Router: 0.0.0.0
Timers: Hello 10 , Dead 40 , Poll 120 , Retransmit 5 , Transmit Delay 1
Silent interface, No hellos

The command output shows that the interface is configured as a silent interface and no
Hello packet exists on the interface.
# Delete the silent interface configuration on R1.
The configuration details are not provided.
# Configure the Loopback0 interfaces on R2 and R3 as silent interfaces.
HCIP-Datacom-Core Technology Lab Guide Page 22

[R2]ospf 1
[R2-ospf-1] silent-interface LoopBack 0

[R3]ospf 1
[R3-ospf-1] silent-interface LoopBack 0

# Check the OSPF routing table on R1.

<R1>display ospf routing

OSPF Process 1 with Router ID 10.0.1.1


Routing Tables

Routing for Network


Destination Cost Type NextHop AdvRouter Area
10.0.1.1/32 0 Stub 10.0.1.1 10.0.1.1 0.0.0.0
10.0.123.0/24 20 Transit 10.0.123.1 10.0.1.1 0.0.0.0
10.0.2.0/24 20 Stub 10.0.123.2 10.0.2.2 0.0.0.0
10.0.3.3/32 20 Stub 10.0.123.3 10.0.3.3 0.0.0.0

Total Nets: 4
Intra Area: 4 Inter Area: 0 ASE: 0 NSSA: 0

The command output shows that routes the Loopback0 routes learned from R2 and R3
still exist.
----End

1.1.3 Quiz
Analyze which interfaces can be configured as silent interfaces in actual networking
scenarios.

1.1.4 Configuration Reference


Configuration on R1

#
sysname R1
#
interface GigabitEthernet0/0/3
ip address 10.0.123.1 255.255.255.0
ospf cost 20
#
interface LoopBack0
ip address 10.0.1.1 255.255.255.0
#
ospf 1 router-id 10.0.1.1
area 0.0.0.0
authentication-mode simple plain huawei
network 10.0.123.1 0.0.0.0
network 10.0.1.1 0.0.0.0
#
return
HCIP-Datacom-Core Technology Lab Guide Page 23

Configuration on R2

#
sysname R2
#
interface GigabitEthernet0/0/4
ip address 10.0.123.2 255.255.255.0
#
interface LoopBack0
ip address 10.0.2.2 255.255.255.0
ospf network-type broadcast
#
ospf 1 router-id 10.0.2.2
silent-interface LoopBack0
area 0.0.0.0
authentication-mode simple plain huawei
network 10.0.123.2 0.0.0.0
network 10.0.2.2 0.0.0.0
#
return

Configuration on R3

#
sysname R3
#
interface GigabitEthernet0/0/4
ip address 10.0.123.3 255.255.255.0
ospf cost 10
#
interface LoopBack0
ip address 10.0.3.3 255.255.255.0
#
ospf 1 router-id 10.0.3.3
silent-interface LoopBack0
area 0.0.0.0
authentication-mode simple plain huawei
network 10.0.3.3 0.0.0.0
network 10.0.123.3 0.0.0.0
user-interface vty 16 20
#
Return

1.2 Lab 2: Multi-Area OSPF


1.2.1 Introduction
1.2.1.1 Objectives
Upon completion of this task, you will be able to:
⚫ Manually specify OSPF router IDs.
⚫ Configure OSPF in multiple areas.
HCIP-Datacom-Core Technology Lab Guide Page 24

⚫ Illustrate how to configure route summarization between OSPF areas.


⚫ Illustrate how to configure an OSPF bandwidth reference value.
⚫ Illustrate how to configure OSPF to import external routes.
⚫ Illustrate how to perform route summarization when OSPF imports external routes.
⚫ Illustrate how to import default routes to the OSPF routing table.
⚫ Illustrate how to change the preferences of different types of OSPF routes.

1.2.1.2 Networking Topology


Figure 1-2 OSPF multi-area

The preceding figure shows the interconnection interfaces and their IP addresses.
Loopback0 is created on each device, and its IP address is in the format of 10.0.x.x/24,
where x indicates the device number.
All interfaces of R1 and R3 and GE0/0/4 of R2 belong to OSPF area 2. The Loopback0 and
interconnection interfaces between R2 and R4 belong to OSPF area 0. The
interconnection interfaces between R4 and R5 and the loopback interfaces 0, 1, and 2 of
R5 belong to OSPF area 1.
Loopback1 and Loopback2 are created on R2 to simulate external network segments.

1.2.1.3 Background
You are a network administrator of a company. The company's network now has five AR
routers, among which R2 and R4 reside in the headquarters, and R1, R3, and R5 reside in
branches. To control LSA flooding on the large-scale network, multi-area OSPF is
designed.
To specify the router ID of each device, the devices are configured to use fixed IP
addresses as their router IDs.
To improve the efficiency of forwarding routes on the devices, automatic route
summarization is configured on the ABR.
R1 is connected to the Internet. You need to configure a default route and import it to
the OSPF areas so that all routers in the OSPF areas know how to access the Internet.
In addition, the OSPF routing information is classifies as internal routes or external
routes. The preferences of these routes are changed to prevent potential risks.
In OSPF, the cost of a specific route is the sum of the costs of all the links that the route
passes through before reaching the destination network. The cost of a link is obtained by
HCIP-Datacom-Core Technology Lab Guide Page 25

dividing the bandwidth reference value by the interface bandwidth. The default
bandwidth reference value is 100 Mbit/s. The actual interface bandwidth may be 1000
Mbit/s, and cost values are integers. As a result, the OSPF costs of an FE interface and a
GE interface are both 1. To differentiate these links, you can set the bandwidth reference
value to 10 Gbit/s.

1.2.2 Lab Configuration


1.2.2.1 Configuration Roadmap
1. Configure IP addresses for the devices.
2. Configure OSPF areas as planned.
3. Verify the OSPF configuration by checking the OSPF neighbor relationship status and
the OSPF LSDBs on the ABR.
4. Configure route summarization on ABRs and ASBRs to reduce the number of inter-
area and AS external routes.
5. Change the bandwidth reference value of OSPF.
6. Import a default route to the OSPF routing table.
7. Change the default preferences of intra-area, inter-area, and AS external OSPF
routes.

1.2.2.2 Configuration Procedure


Step 1 Configure IP addresses for interconnection interfaces and loopback interfaces.

# Name the devices.


The configuration details are not provided.
# Disable the interfaces that are not used in this experiment.
The configuration details are not provided.
# Configure IP addresses for GE0/0/3 and Loopback0 of R1.

[R1]interface GigabitEthernet0/0/3
[R1-GigabitEthernet0/0/3] ip address 10.0.123.1 24
[R1-GigabitEthernet0/0/3] quit
[R1]interface LoopBack 0
[R1-LoopBack0] ip address 10.0.1.1 24
[R1-LoopBack0] quit

# Configure IP addresses for GE0/0/4 and GE0/0/2 as well as the loopback interfaces on
R2.

[R2]interface GigabitEthernet0/0/4
[R2-GigabitEthernet0/0/4] ip address 10.0.123.2 24
[R2-GigabitEthernet0/0/4] quit
[R2] interface GigabitEthernet0/0/2
[R2-GigabitEthernet0/0/2] ip address 10.0.24.2 24
[R2-GigabitEthernet0/0/2] quit
[R2]interface LoopBack 0
[R2-LoopBack0] ip address 10.0.2.2 24
[R2-LoopBack0] quit
HCIP-Datacom-Core Technology Lab Guide Page 26

[R2]interface LoopBack1
[R2-LoopBack1] ip address 10.2.0.1 255.255.255.0
[R2-LoopBack1] quit
[R2]interface LoopBack2
[R2-LoopBack2] ip address 10.2.1.1 255.255.255.0
[R2-LoopBack2] quit

# Configure IP addresses for GE0/0/4 and the loopback interfaces on R3.

[R3]interface GigabitEthernet0/0/4
[R3-GigabitEthernet0/0/4] ip address 10.0.123.3 24
[R3-GigabitEthernet0/0/4] quit
[R3]interface LoopBack 0
[R3-LoopBack0] ip address 10.0.3.3 24
[R3-LoopBack0] quit
[R3]interface LoopBack 1
[R3-LoopBack1] ip address 10.3.0.1 24
[R3-LoopBack1] quit
[R3]interface LoopBack 2
[R3-LoopBack2] ip address 10.3.1.1 24
[R3-LoopBack2] quit

# Configure IP addresses for GE0/0/3, GE0/0/2, and Loopback0 of R4.

[R4]interface GigabitEthernet0/0/3
[R4-GigabitEthernet0/0/3] ip address 10.0.24.4 24
[R4-GigabitEthernet0/0/3] quit
[R4]interface GigabitEthernet0/0/2
[R4-GigabitEthernet0/0/2] ip address 10.0.45.4 24
[R4-GigabitEthernet0/0/2] quit
[R4]interface LoopBack 0
[R4-LoopBack0] ip address 10.0.4.4 24
[R4-LoopBack0] quit

# Configure IP addresses for GE0/0/3 and the loopback interfaces on R5.

[R5]interface GigabitEthernet0/0/3
[R5-GigabitEthernet0/0/3] ip address 10.0.45.5 24
[R5-GigabitEthernet0/0/3] quit
[R5]interface LoopBack 0
[R5-LoopBack0] ip address 10.0.5.5 24
[R5-LoopBack0] quit
[R5]interface LoopBack 1
[R5-LoopBack1] ip address 10.5.0.1 24
[R5-LoopBack1] quit
[R5]int LoopBack 2
[R5-LoopBack2] ip address 10.5.1.1 24
[R5-LoopBack2] quit

# On R2, ping the IP addresses of R1, R3, and R4 to test the connectivity.

<R2>ping -c 1 10.0.123.1
PING 10.0.123.1: 56 data bytes, press CTRL_C to break
Reply from 10.0.123.1: bytes=56 Sequence=1 ttl=255 time=70 ms
HCIP-Datacom-Core Technology Lab Guide Page 27

--- 10.0.123.1 ping statistics ---


1 packet(s) transmitted
1 packet(s) received
0.00% packet loss
round-trip min/avg/max = 70/70/70 ms

<R2>ping -c 1 10.0.123.3
PING 10.0.123.3: 56 data bytes, press CTRL_C to break
Reply from 10.0.123.3: bytes=56 Sequence=1 ttl=255 time=110 ms

--- 10.0.123.3 ping statistics ---


1 packet(s) transmitted
1 packet(s) received
0.00% packet loss
round-trip min/avg/max = 110/110/110 ms

<R2>ping -c 1 10.0.24.4
PING 10.0.24.4: 56 data bytes, press CTRL_C to break
Reply from 10.0.24.4: bytes=56 Sequence=1 ttl=255 time=40 ms

--- 10.0.24.4 ping statistics ---


1 packet(s) transmitted
1 packet(s) received
0.00% packet loss
round-trip min/avg/max = 40/40/40 ms

# On R4, ping the IP address of R5 to test the connectivity.

<R4>ping -c 1 10.0.45.5
PING 10.0.45.5: 56 data bytes, press CTRL_C to break
Reply from 10.0.45.5: bytes=56 Sequence=1 ttl=255 time=80 ms

--- 10.0.45.5 ping statistics ---


1 packet(s) transmitted
1 packet(s) received
0.00% packet loss
round-trip min/avg/max = 80/80/80 ms

Step 2 Configure multi-area OSPF.

# Configure OSPF on R1, activate OSPF on GE0/0/3 and Loopback0, and change the
network type of Loopback0 to broadcast.

[R1]ospf 1 router-id 10.0.1.1


[R1-ospf-1]area 2
[R1-ospf-1-area-0.0.0.2] network 10.0.123.1 0.0.0.0
[R1-ospf-1-area-0.0.0.2] network 10.0.1.1 0.0.0.0
[R1-ospf-1-area-0.0.0.2] quit
[R1-ospf-1]quit
[R1]interface LoopBack 0
[R1-LoopBack0] ospf network-type broadcast
[R1-LoopBack0] quit

# Configure OSPF on R2, activate OSPF on GE0/0/2, GE0/0/4, and Loopback0, and change
the network type of Loopback0 to broadcast.
HCIP-Datacom-Core Technology Lab Guide Page 28

[R2]ospf 1 router-id 10.0.2.2


[R2-ospf-1]area 0
[R2-ospf-1-area-0.0.0.0] network 10.0.24.2 0.0.0.0
[R2-ospf-1-area-0.0.0.0] network 10.0.2.2 0.0.0.0
[R2-ospf-1-area-0.0.0.0] quit
[R2-ospf-1]area 2
[R2-ospf-1-area-0.0.0.2] network 10.0.123.2 0.0.0.0
[R2-ospf-1-area-0.0.0.2] quit
[R2-ospf-1]quit
[R2]interface LoopBack 0
[R2-LoopBack0] ospf network-type broadcast
[R2-LoopBack0] quit

# Configure OSPF on R3, activate OSPF on GE0/0/4, Loopback0, Loopback1, and


Loopback2, and change the network types of Loopback0, Loopback1, and Loopback2 to
broadcast.

[R3]ospf 1 router-id 10.0.3.3


[R3-ospf-1]area 2
[R3-ospf-1-area-0.0.0.2] network 10.0.123.3 0.0.0.0
[R3-ospf-1-area-0.0.0.2] network 10.0.3.3 0.0.0.0
[R3-ospf-1-area-0.0.0.2] network 10.3.0.1 0.0.0.0
[R3-ospf-1-area-0.0.0.2] network 10.3.1.1 0.0.0.0
[R3-ospf-1-area-0.0.0.2] quit
[R3-ospf-1]quit
[R3]interface LoopBack 0
[R3-LoopBack0] ospf network-type broadcast
[R3-LoopBack0] quit
[R3]interface LoopBack 1
[R3-LoopBack1] ospf network-type broadcast
[R3-LoopBack1] quit
[R3]interface LoopBack 2
[R3-LoopBack2] ospf network-type broadcast
[R3-LoopBack2] quit

# Configure OSPF on R4, activate OSPF on GE0/0/2, GE0/0/3, and Loopback0, and change
the network type of Loopback0 to broadcast.

[R4]ospf 1 router-id 10.0.4.4


[R4-ospf-1]area 0
[R4-ospf-1-area-0.0.0.0] network 10.0.24.4 0.0.0.0
[R4-ospf-1-area-0.0.0.0] network 10.0.4.4 0.0.0.0
[R4-ospf-1-area-0.0.0.0] quit
[R4-ospf-1]area 1
[R4-ospf-1-area-0.0.0.1] network 10.0.45.4 0.0.0.0
[R4-ospf-1-area-0.0.0.1] quit
[R4-ospf-1]quit
[R4]interface LoopBack 0
[R4-LoopBack0] ospf network-type broadcast
[R4-LoopBack0] quit

# Configure OSPF on R5, activate OSPF on GE0/0/3, Loopback0, Loopback1, and


Loopback2, and change the network types of Loopback0, Loopback1, and Loopback2 to
broadcast.
HCIP-Datacom-Core Technology Lab Guide Page 29

[R5]ospf 1 router-id 10.0.5.5


[R5-ospf-1]area 1
[R5-ospf-1-area-0.0.0.1] network 10.0.5.5 0.0.0.0
[R5-ospf-1-area-0.0.0.1] network 10.5.0.1 0.0.0.0
[R5-ospf-1-area-0.0.0.1] network 10.5.1.1 0.0.0.0
[R5-ospf-1-area-0.0.0.1] network 10.0.45.5 0.0.0.0
[R5-ospf-1-area-0.0.0.1] quit
[R5-ospf-1]quit
[R5]interface LoopBack 0
[R5-LoopBack0] ospf network-type broadcast
[R5-LoopBack0] quit
[R5]interface LoopBack 1
[R5-LoopBack1] ospf network-type broadcast
[R5-LoopBack1] quit
[R5]interface LoopBack 2
[R5-LoopBack2] ospf network-type broadcast
[R5-LoopBack2] quit

Step 3 Verify the OSPF configuration.

# Check the brief information about OSPF neighbor relationships on R2.

<R2>display ospf peer brief

OSPF Process 1 with Router ID 10.0.2.2


Peer Statistic Information
----------------------------------------------------------------------------
Area Id Interface Neighbor id State
0.0.0.0 GigabitEthernet0/0/2 10.0.4.4 Full
0.0.0.2 GigabitEthernet0/0/4 10.0.1.1 Full
0.0.0.2 GigabitEthernet0/0/4 10.0.3.3 Full
----------------------------------------------------------------------------

# Check the brief information about neighbor relationships and the OSPF routing table
on R5.

<R5>display ospf peer brief

OSPF Process 1 with Router ID 10.0.5.5


Peer Statistic Information
----------------------------------------------------------------------------
Area Id Interface Neighbor id State
0.0.0.1 GigabitEthernet0/0/3 10.0.4.4 Full
----------------------------------------------------------------------------
<R5>display ospf routing

OSPF Process 1 with Router ID 10.0.5.5


Routing Tables

Routing for Network


Destination Cost Type NextHop AdvRouter Area
10.0.5.0/24 0 Stub 10.0.5.5 10.0.5.5 0.0.0.1
10.0.45.0/24 1 Transit 10.0.45.5 10.0.5.5 0.0.0.1
10.5.0.0/24 0 Stub 10.5.0.1 10.0.5.5 0.0.0.1
10.5.1.0/24 0 Stub 10.5.1.1 10.0.5.5 0.0.0.1
HCIP-Datacom-Core Technology Lab Guide Page 30

10.0.1.0/24 3 Inter-area 10.0.45.4 10.0.4.4 0.0.0.1


10.0.2.0/24 2 Inter-area 10.0.45.4 10.0.4.4 0.0.0.1
10.0.3.0/24 3 Inter-area 10.0.45.4 10.0.4.4 0.0.0.1
10.0.4.0/24 1 Inter-area 10.0.45.4 10.0.4.4 0.0.0.1
10.0.24.0/24 2 Inter-area 10.0.45.4 10.0.4.4 0.0.0.1
10.0.123.0/24 3 Inter-area 10.0.45.4 10.0.4.4 0.0.0.1
10.3.0.0/24 3 Inter-area 10.0.45.4 10.0.4.4 0.0.0.1
10.3.1.0/24 3 Inter-area 10.0.45.4 10.0.4.4 0.0.0.1

Total Nets: 12
Intra Area: 4 Inter Area: 8 ASE: 0 NSSA: 0

# Check the OSPF LSDBs on R2.

<R2>display ospf lsdb

OSPF Process 1with Router ID 10.0.2.2


Link State Database

Area: 0.0.0.0
Type LinkState ID AdvRouter Age Len Sequence Metric
Router 10.0.4.4 10.0.4.4 54 48 8000000B 0
Router 10.0.2.2 10.0.2.2 54 48 80000008 0
Network 10.0.24.4 10.0.4.4 54 32 80000003 0
Sum-Net 10.3.1.0 10.0.2.2 1332 28 80000001 1
Sum-Net 10.3.0.0 10.0.2.2 1332 28 80000001 1
Sum-Net 10.5.1.0 10.0.4.4 259 28 80000002 1
Sum-Net 10.0.3.0 10.0.2.2 1332 28 80000001 1
Sum-Net 10.5.0.0 10.0.4.4 268 28 80000002 1
Sum-Net 10.0.1.0 10.0.2.2 244 28 80000001 1
Sum-Net 10.0.5.0 10.0.4.4 278 28 80000002 1
Sum-Net 10.0.45.0 10.0.4.4 500 28 80000002 1
Sum-Net 10.0.123.0 10.0.2.2 45 28 80000002 1

Area: 0.0.0.2
Type LinkState ID AdvRouter Age Len Sequence Metric
Router 10.0.3.3 10.0.3.3 247 72 80000017 0
Router 10.0.2.2 10.0.2.2 247 36 80000008 1
Router 10.0.1.1 10.0.1.1 246 48 80000008 1
Network 10.0.123.3 10.0.3.3 247 36 80000006 0
Sum-Net 10.0.24.0 10.0.2.2 45 28 80000002 1
Sum-Net 10.5.1.0 10.0.2.2 45 28 80000002 2
Sum-Net 10.5.0.0 10.0.2.2 45 28 80000002 2
Sum-Net 10.0.2.0 10.0.2.2 45 28 80000002 0
Sum-Net 10.0.5.0 10.0.2.2 45 28 80000002 2
Sum-Net 10.0.4.0 10.0.2.2 45 28 80000002 1
Sum-Net 10.0.45.0 10.0.2.2 45 28 80000002 2

R2 functions as an ABR to maintain the LSDBs of area 0 and area 2. The LSAs in the
LSDBs are used to describe routes in these two areas.

Step 4 Configure route summarization for OSPF inter-area routes and AS external routes.

# Check the OSPF routing tables on R2 and R4.


HCIP-Datacom-Core Technology Lab Guide Page 31

<R2>display ospf routing

OSPF Process 1 with Router ID 10.0.2.2


Routing Tables

Routing for Network


Destination Cost Type NextHop AdvRouter Area
10.0.2.0/24 0 Stub 10.0.2.2 10.0.2.2 0.0.0.0
10.0.24.0/24 1 Transit 10.0.24.2 10.0.2.2 0.0.0.0
10.0.123.0/24 1 Transit 10.0.123.2 10.0.2.2 0.0.0.2
10.0.1.0/24 1 Stub 10.0.123.1 10.0.1.1 0.0.0.2
10.0.3.0/24 1 Stub 10.0.123.3 10.0.3.3 0.0.0.2
10.0.4.0/24 1 Stub 10.0.24.4 10.0.4.4 0.0.0.0
10.0.5.0/24 2 Inter-area 10.0.24.4 10.0.4.4 0.0.0.0
10.0.45.0/24 2 Inter-area 10.0.24.4 10.0.4.4 0.0.0.0
10.3.0.0/24 1 Stub 10.0.123.3 10.0.3.3 0.0.0.2
10.3.1.0/24 1 Stub 10.0.123.3 10.0.3.3 0.0.0.2
10.5.0.0/24 2 Inter-area 10.0.24.4 10.0.4.4 0.0.0.0
10.5.1.0/24 2 Inter-area 10.0.24.4 10.0.4.4 0.0.0.0

Total Nets: 12

<R4>display ospf routing

OSPF Process 1 with Router ID 10.0.4.4


Routing Tables

Routing for Network


Destination Cost Type NextHop AdvRouter Area
10.0.4.0/24 0 Stub 10.0.4.4 10.0.4.4 0.0.0.0
10.0.24.0/24 1 Transit 10.0.24.4 10.0.4.4 0.0.0.0
10.0.45.0/24 1 Transit 10.0.45.4 10.0.4.4 0.0.0.1
10.0.1.0/24 2 Inter-area 10.0.24.2 10.0.2.2 0.0.0.0
10.0.2.0/24 1 Stub 10.0.24.2 10.0.2.2 0.0.0.0
10.0.3.0/24 2 Inter-area 10.0.24.2 10.0.2.2 0.0.0.0
10.0.5.0/24 1 Stub 10.0.45.5 10.0.5.5 0.0.0.1
10.0.123.0/24 2 Inter-area 10.0.24.2 10.0.2.2 0.0.0.0
10.3.0.0/24 2 Inter-area 10.0.24.2 10.0.2.2 0.0.0.0
10.3.1.0/24 2 Inter-area 10.0.24.2 10.0.2.2 0.0.0.0
10.5.0.0/24 1 Stub 10.0.45.5 10.0.5.5 0.0.0.1
10.5.1.0/24 1 Stub 10.0.45.5 10.0.5.5 0.0.0.1

Total Nets: 12
Intra Area: 7 Inter Area: 5 ASE: 0 NSSA: 0

The OSPF inter-area routes of Loopback1 and Loopback2 on R5 in the OSPF routing table
of R2 as well as those of Loopback1 and Loopback2 on R3 in the OSPF routing table of
R4 can be summarized before being advertised to other areas. This reduces the number
of routing entries in other areas and the possibility of route flapping.
# On R4, summarize the Loopback1 and Loopback2 routes learned from R5.

[R4]ospf 1
[R4-ospf-1]area 1
[R4-ospf-1-area-0.0.0.1] abr-summary 10.5.0.0 255.255.254.0
HCIP-Datacom-Core Technology Lab Guide Page 32

[R4-ospf-1-area-0.0.0.1] quit

# Check the OSPF routing table on R2.

<R2>display ospf routing

OSPF Process 1 with Router ID 10.0.2.2


Routing Tables

Routing for Network


Destination Cost Type NextHop AdvRouter Area
10.0.2.0/24 0 Stub 10.0.2.2 10.0.2.2 0.0.0.0
10.0.24.0/24 1 Transit 10.0.24.2 10.0.2.2 0.0.0.0
10.0.123.0/24 1 Transit 10.0.123.2 10.0.2.2 0.0.0.2
10.0.1.0/24 1 Stub 10.0.123.1 10.0.1.1 0.0.0.2
10.0.3.0/24 1 Stub 10.0.123.3 10.0.3.3 0.0.0.2
10.0.4.0/24 1 Stub 10.0.24.4 10.0.4.4 0.0.0.0
10.0.5.0/24 2 Inter-area 10.0.24.4 10.0.4.4 0.0.0.0
10.0.45.0/24 2 Inter-area 10.0.24.4 10.0.4.4 0.0.0.0
10.3.0.0/24 1 Stub 10.0.123.3 10.0.3.3 0.0.0.2
10.3.1.0/24 1 Stub 10.0.123.3 10.0.3.3 0.0.0.2
10.5.0.0/23 2 Inter-area 10.0.24.4 10.0.4.4 0.0.0.0

Total Nets: 11
Intra Area: 8 Inter Area: 3 ASE: 0 NSSA: 0

The command output shows that the Loopback1 and Loopback2 routes of R5 are
summarized into an inter-area summary route.
# On R2, summarize the Loopback1 and Loopback2 routes learned from R3.

[R2]ospf 1
[R2-ospf-1]area 2
[R2-ospf-1-area-0.0.0.2] abr-summary 10.3.0.0 255.255.254.0

# Check the OSPF routing table on R4.

<R4>display ospf routing

OSPF Process 1 with Router ID 10.0.4.4


Routing Tables

Routing for Network


Destination Cost Type NextHop AdvRouter Area
10.0.4.0/24 0 Stub 10.0.4.4 10.0.4.4 0.0.0.0
10.0.24.0/24 1 Transit 10.0.24.4 10.0.4.4 0.0.0.0
10.0.45.0/24 1 Transit 10.0.45.4 10.0.4.4 0.0.0.1
10.0.1.0/24 2 Inter-area 10.0.24.2 10.0.2.2 0.0.0.0
10.0.2.0/24 1 Stub 10.0.24.2 10.0.2.2 0.0.0.0
10.0.3.0/24 2 Inter-area 10.0.24.2 10.0.2.2 0.0.0.0
10.0.5.0/24 1 Stub 10.0.45.5 10.0.5.5 0.0.0.1
10.0.123.0/24 2 Inter-area 10.0.24.2 10.0.2.2 0.0.0.0
10.3.0.0/23 2 Inter-area 10.0.24.2 10.0.2.2 0.0.0.0
10.5.0.0/24 1 Stub 10.0.45.5 10.0.5.5 0.0.0.1
10.5.1.0/24 1 Stub 10.0.45.5 10.0.5.5 0.0.0.1
HCIP-Datacom-Core Technology Lab Guide Page 33

Total Nets: 11
Intra Area: 7 Inter Area: 4 ASE: 0 NSSA: 0

The command output shows that the Loopback1 and Loopback2 routes of R3 are
summarized into an inter-area summary route.
# Import the Loopback1 and Loopback2 routes to the OSPF routing table on R2.

[R2]ospf 1
[R2-ospf-1] import-route direct

# Check the OSPF routing table on R4.

<R4>display ospf routing

OSPF Process 1with Router ID 10.0.4.4


Routing Tables

Routing for Network


Destination Cost Type NextHop AdvRouter Area
10.0.4.0/24 0 Stub 10.0.4.4 10.0.4.4 0.0.0.0
10.0.24.0/24 1 Transit 10.0.24.4 10.0.4.4 0.0.0.0
10.0.45.0/24 1 Transit 10.0.45.4 10.0.4.4 0.0.0.1
10.0.1.0/24 2 Inter-area 10.0.24.2 10.0.2.2 0.0.0.0
10.0.2.0/24 1 Stub 10.0.24.2 10.0.2.2 0.0.0.0
10.0.3.0/24 2 Inter-area 10.0.24.2 10.0.2.2 0.0.0.0
10.0.5.0/24 1 Stub 10.0.45.5 10.0.5.5 0.0.0.1
10.0.123.0/24 2 Inter-area 10.0.24.2 10.0.2.2 0.0.0.0
10.3.0.0/23 2 Inter-area 10.0.24.2 10.0.2.2 0.0.0.0
10.5.0.0/24 1 Stub 10.0.45.5 10.0.5.5 0.0.0.1
10.5.1.0/24 1 Stub 10.0.45.5 10.0.5.5 0.0.0.1

Routing for ASEs


Destination Cost Type Tag NextHop AdvRouter
10.2.0.0/24 1 Type2 1 10.0.24.2 10.0.2.2
10.2.1.0/24 1 Type2 1 10.0.24.2 10.0.2.2

Total Nets: 13
Intra Area: 7 Inter Area: 4 ASE: 2 NSSA: 0

The OSPF routing table of R4 contains the Loopback1 and Loopback2 routes of R2.
# Configure AS external route summarization on R2.

[R2]ospf 1
[R2-ospf-1] asbr-summary 10.2.0.0 255.255.254.0

# Check the OSPF routing table on R4 again.

<R4>display ospf routing

OSPF Process 1with Router ID 10.0.4.4


Routing Tables

Routing for Network


HCIP-Datacom-Core Technology Lab Guide Page 34

Destination Cost Type NextHop AdvRouter Area


10.0.4.0/24 0 Stub 10.0.4.4 10.0.4.4 0.0.0.0
10.0.24.0/24 1 Transit 10.0.24.4 10.0.4.4 0.0.0.0
10.0.45.0/24 1 Transit 10.0.45.4 10.0.4.4 0.0.0.1
10.0.1.0/24 2 Inter-area 10.0.24.2 10.0.2.2 0.0.0.0
10.0.2.0/24 1 Stub 10.0.24.2 10.0.2.2 0.0.0.0
10.0.3.0/24 2 Inter-area 10.0.24.2 10.0.2.2 0.0.0.0
10.0.5.0/24 1 Stub 10.0.45.5 10.0.5.5 0.0.0.1
10.0.123.0/24 2 Inter-area 10.0.24.2 10.0.2.2 0.0.0.0
10.3.0.0/23 2 Inter-area 10.0.24.2 10.0.2.2 0.0.0.0
10.5.0.0/24 1 Stub 10.0.45.5 10.0.5.5 0.0.0.1
10.5.1.0/24 1 Stub 10.0.45.5 10.0.5.5 0.0.0.1

Routing for ASEs


Destination Cost Type Tag NextHop AdvRouter
10.2.0.0/23 2 Type2 1 10.0.24.2 10.0.2.2

Total Nets: 12
Intra Area: 7 Inter Area: 4 ASE: 1 NSSA: 0

The command output shows that the Loopback1 and Loopback2 routes of R2 are
summarized into an AS external summary route.

Step 5 Change the bandwidth reference value of OSPF.

Gigabit or even 10-Gigabit Ethernet may be used in actual networking scenarios. The
default bandwidth reference value of OSPF is 100 Mbit/s, and an interface cost is an
integer. As a result, OSPF cannot distinguish an FE interface from a GE interface in terms
of bandwidth.
Multiple OSPF areas must use the same bandwidth reference value. Otherwise, OSPF
cannot work properly.
# Change the OSPF bandwidth reference value of each router to 10 Gbit/s.

[R1]ospf 1
[R1-ospf-1] bandwidth-reference 10000
[R1-ospf-1] quit

[R2]ospf 1
[R2-ospf-1] bandwidth-reference 10000
[R2-ospf-1] quit

[R3]ospf 1
[R3-ospf-1] bandwidth-reference 10000
[R3-ospf-1] quit

[R4]ospf 1
[R4-ospf-1] bandwidth-reference 10000
[R4-ospf-1] quit

[R5]ospf 1
[R5-ospf-1] bandwidth-reference 10000
[R5-ospf-1] quit

# Take R2 as an example to check its OSPF routing table.


HCIP-Datacom-Core Technology Lab Guide Page 35

[R2]display ospf routing

OSPF Process 1with Router ID 10.0.2.2


Routing Tables

Routing for Network


Destination Cost Type NextHop AdvRouter Area
10.0.2.0/24 0 Stub 10.0.2.2 10.0.2.2 0.0.0.0
10.0.24.0/24 10 Transit 10.0.24.2 10.0.2.2 0.0.0.0
10.0.123.0/24 10 Transit 10.0.123.2 10.0.2.2 0.0.0.2
10.0.1.0/24 10 Stub 10.0.123.1 10.0.1.1 0.0.0.2
10.0.3.0/24 10 Stub 10.0.123.3 10.0.3.3 0.0.0.2
10.0.4.0/24 10 Stub 10.0.24.4 10.0.4.4 0.0.0.0
10.0.5.0/24 20 Inter-area 10.0.24.4 10.0.4.4 0.0.0.0
10.0.45.0/24 20 Inter-area 10.0.24.4 10.0.4.4 0.0.0.0
10.3.0.0/24 10 Stub 10.0.123.3 10.0.3.3 0.0.0.2
10.3.1.0/24 10 Stub 10.0.123.3 10.0.3.3 0.0.0.2
10.5.0.0/23 20 Inter-area 10.0.24.4 10.0.4.4 0.0.0.0

Total Nets: 11
Intra Area: 8 Inter Area: 3 ASE: 0 NSSA: 0

The command output shows that the costs of the routes have changed.

Step 6 Configure OSPF to import a default route.

# Use Loopback0 of R1 to simulate an interface accessing the Internet, and configure a


default route on R1, with Loopback0 specified as the outbound interface.

[R1]ip route-static 0.0.0.0 0.0.0.0 LoopBack 0

# Import the default route to the OSPF routing table and set the type of the AS external
route to Type 1.

[R1]ospf 1
[R1-ospf-1] default-route-advertise always type 1
[R1-ospf-1] quit

# Check the OSPF routing table on R2.

[R2]display ospf routing

OSPF Process 1 with Router ID 10.0.2.2


Routing Tables

Routing for Network


Destination Cost Type NextHop AdvRouter Area
10.0.2.0/24 0 Stub 10.0.2.2 10.0.2.2 0.0.0.0
10.0.24.0/24 10 Transit 10.0.24.2 10.0.2.2 0.0.0.0
10.0.123.0/24 10 Transit 10.0.123.2 10.0.2.2 0.0.0.2
10.0.1.0/24 10 Stub 10.0.123.1 10.0.1.1 0.0.0.2
10.0.3.0/24 10 Stub 10.0.123.3 10.0.3.3 0.0.0.2
10.0.4.0/24 10 Stub 10.0.24.4 10.0.4.4 0.0.0.0
10.0.5.0/24 20 Inter-area 10.0.24.4 10.0.4.4 0.0.0.0
10.0.45.0/24 20 Inter-area 10.0.24.4 10.0.4.4 0.0.0.0
HCIP-Datacom-Core Technology Lab Guide Page 36

10.3.0.0/24 10 Stub 10.0.123.3 10.0.3.3 0.0.0.2


10.3.1.0/24 10 Stub 10.0.123.3 10.0.3.3 0.0.0.2
10.5.0.0/23 20 Inter-area 10.0.24.4 10.0.4.4 0.0.0.0

Routing for ASEs


Destination Cost Type Tag NextHop AdvRouter
0.0.0.0/0 11 Type1 1 10.0.123.1 10.0.1.1

Total Nets: 12
Intra Area: 8 Inter Area: 3 ASE: 1 NSSA: 0

The command output shows that R2 has learned the default route with R1 as the next
hop through a Type 5 LSA.

Step 7 Change the preferences of the two types of OSPF routes.

By default, the preference of intra-area and inter-area OSPF routes is 10; the preference
of AS external routes is 150.
# On R1 and R3, change the preference of intra-area and inter-area routes to 20, and
change the preference of AS external routes to 50.

[R1]ospf 1
[R1-ospf-1] preference 20
[R1-ospf-1] preference ase 50
[R1-ospf-1] quit

[R3]ospf 1
[R3-ospf-1] preference 20
[R3-ospf-1] preference ase 50
[R3-ospf-1] quit

The operation in this step only shows how to change the preferences of internal and
external routes, and does not have actual meaning in this experiment.
# Check the OSPF routes in the IP routing table on R3.

<R3>display ip routing-table protocol ospf


Route Flags: R - relay, D - downloadto fib
------------------------------------------------------------------------------
Public routing table : OSPF
Destinations : 9 Routes : 9

OSPF routing table status : <Active>


Destinations : 9 Routes : 9

Destination/Mask Proto Pre Cost Flags NextHop Interface

0.0.0.0/0 O_ASE 50 11 D 10.0.123.1 GigabitEthernet0/0/3


10.0.1.0/24 OSPF 20 10 D 10.0.123.1 GigabitEthernet0/0/3
10.0.2.0/24 OSPF 20 10 D 10.0.123.2 GigabitEthernet0/0/3
10.0.4.0/24 OSPF 20 20 D 10.0.123.2 GigabitEthernet0/0/3
10.0.5.0/24 OSPF 20 30 D 10.0.123.2 GigabitEthernet0/0/3
10.0.24.0/24 OSPF 20 20 D 10.0.123.2 GigabitEthernet0/0/3
10.0.45.0/24 OSPF 20 30 D 10.0.123.2 GigabitEthernet0/0/3
10.2.0.0/23 O_ASE 50 2 D 10.0.123.2 GigabitEthernet0/0/3
HCIP-Datacom-Core Technology Lab Guide Page 37

10.5.0.0/23 OSPF 20 30 D 10.0.123.2 GigabitEthernet0/0/3

OSPF routing table status : <Inactive>


Destinations : 0 Routes : 0

The command output shows that the preferences of the OSPF routes have changed.
----End

1.2.3 Quiz
OSPF can import two types of AS external routes: Type 1 and Type 2. What are their
differences?

1.2.4 Configuration Reference


Configuration on R1

#
sysname R1
#
interface GigabitEthernet0/0/3
ip address 10.0.123.1 255.255.255.0
#
interface LoopBack0
ip address 10.0.1.1 255.255.255.0
ospf network-type broadcast
#
ospf 1 router-id 10.0.1.1
default-route-advertise always type 1
preference 20
preference ase 50
bandwidth-reference 10000
area 0.0.0.2
network 10.0.1.1 0.0.0.0
network 10.0.123.1 0.0.0.0
#
ip route-static 0.0.0.0 0.0.0.0 LoopBack0
#

Configuration on R2

#
sysname R2
#
interface GigabitEthernet0/0/2
ip address 10.0.24.2 255.255.255.0
#
interface GigabitEthernet0/0/4
ip address 10.0.123.2 255.255.255.0
#
interface LoopBack0
ip address 10.0.2.2 255.255.255.0
ospf network-type broadcast
#
HCIP-Datacom-Core Technology Lab Guide Page 38

interface LoopBack1
ip address 10.2.0.1 255.255.255.0
#
interface LoopBack2
ip address 10.2.1.1 255.255.255.0
#
ospf 1 router-id 10.0.2.2
asbr-summary 10.2.0.0 255.255.254.0
import-route direct
bandwidth-reference 10000
area 0.0.0.0
network 10.0.2.2 0.0.0.0
network 10.0.24.2 0.0.0.0
area 0.0.0.2
abr-summary 10.3.0.0 255.255.254.0
network 10.0.123.2 0.0.0.0
#

Configuration on R3

#
sysname R3
#
interface GigabitEthernet0/0/4
ip address 10.0.123.3 255.255.255.0
#
interface LoopBack0
ip address 10.0.3.3 255.255.255.0
ospf network-type broadcast
#
interface LoopBack1
ip address 10.3.0.1 255.255.255.0
ospf network-type broadcast
#
interface LoopBack2
ip address 10.3.1.1 255.255.255.0
ospf network-type broadcast
#
ospf 1 router-id 10.0.3.3
preference 20
preference ase 50
bandwidth-reference 10000
area 0.0.0.2
network 10.0.123.3 0.0.0.0
network 10.0.3.3 0.0.0.0
network 10.3.0.1 0.0.0.0
network 10.3.1.1 0.0.0.0
#

Configuration on R4

#
sysname R4
#
interface GigabitEthernet0/0/2
HCIP-Datacom-Core Technology Lab Guide Page 39

ip address 10.0.45.4 255.255.255.0


#
interface GigabitEthernet0/0/3
ip address 10.0.24.4 255.255.255.0
#
interface LoopBack0
ip address 10.0.4.4 255.255.255.0
ospf network-type broadcast
#
ospf 1 router-id 10.0.4.4
bandwidth-reference 10000
area 0.0.0.0
network 10.0.24.4 0.0.0.0
network 10.0.4.4 0.0.0.0
area 0.0.0.1
abr-summary 10.5.0.0 255.255.254.0
network 10.0.45.4 0.0.0.0
#

Configuration on R5

#
sysname R5
#
interface GigabitEthernet0/0/3
ip address 10.0.45.5 255.255.255.0
#
interface LoopBack0
ip address 10.0.5.5 255.255.255.0
ospf network-type broadcast
#
interface LoopBack1
ip address 10.5.0.1 255.255.255.0
ospf network-type broadcast
#
interface LoopBack2
ip address 10.5.1.1 255.255.255.0
ospf network-type broadcast
#
ospf 1 router-id 10.0.5.5
bandwidth-reference 10000
area 0.0.0.0
area 0.0.0.1
network 10.0.5.5 0.0.0.0
network 10.5.0.1 0.0.0.0
network 10.5.1.1 0.0.0.0
network 10.0.45.5 0.0.0.0
#
HCIP-Datacom-Core Technology Lab Guide Page 40

1.3 Lab 3: OSPF Adjacencies and LSAs


1.3.1 Introduction
1.3.1.1 Objectives
Upon completion of this task, you will be able to:
⚫ Illustrate the process of establishing neighbor relationships when multiple routers are
connected to a multi-access network.
⚫ Control OSPF DR election.
⚫ Describe the contents and functions of the five types of LSAs.

1.3.1.2 Networking Topology


Figure 1-3 OSPF adjacencies and LSAs

The preceding figure shows the device interconnection mode and IP address plan.
Loopback0 of R1 belongs to OSPF area 2, GE0/0/2 of R4 belongs to OSPF area 1, and the
other interfaces of R1, R2, R3, and R4 belong to OSPF area 0.
GE0/0/3 on R5 belongs to OSPF area 1, and Loopback0 on R5 does not belong to any
OSPF area.

1.3.1.3 Background
You are a network administrator of a company. The company's network has five AR
routers, among which R1, R2, R3, and R4 reside in the headquarters and are connected
through an Ethernet. R5 resides in a branch and is connected to R4 in the headquarters.
To control LSA flooding on the large-scale network, multi-area OSPF is designed.
To specify the router ID of each device, the devices are configured to use fixed IP
addresses as their router IDs.
On the network where R1, R2, R3, and R4 are interconnected, you need to intervene in
the election of the DR and BDR. In practice, R3 is defined as the DR, R2 as the BDR, and
R1 and R4 as DR others.
HCIP-Datacom-Core Technology Lab Guide Page 41

1.3.2 Lab Configuration


1.3.2.1 Configuration Roadmap
1. Configure IP addresses for the devices.
2. Configure multiple OSPF areas as planned.
3. Verify the OSPF configuration by checking the OSPF neighbor relationship status,
OSPF routing tables, and OSPF LSDBs.
4. Manually change the DR priorities of the OSPF interfaces to affect the DR and BDR
election results.
5. Configure R5 to import the direct route to the OSPF routing table, and observe Type
5 LSAs on R1.
6. Observe the Type 1, Type 2, Type 3, and Type 4 LSAs separately.
7. Run the debugging commands on R1 to observe the OSPF LSU, LSAck, and LSR
packets.

1.3.2.2 Configuration Procedure


Step 1 Configure IP addresses for interconnection interfaces and loopback interfaces.

# Name the devices.


The configuration details are not provided.
# Disable the interfaces that are not used in this experiment.
The configuration details are not provided.
# Configure IP addresses for GE0/0/1 and Loopback0 of R1.

[R1]interface GigabitEthernet0/0/1
[R1-GigabitEthernet0/0/1] ip address 10.0.123.1 24
[R1-GigabitEthernet0/0/1] quit
[R1]interface LoopBack 0
[R1-LoopBack0] ip address 10.0.1.1 24
[R1-LoopBack0] quit

# Configure IP addresses for GE0/0/1 and Loopback0 of R2.

[R2]interface GigabitEthernet0/0/1
[R2-GigabitEthernet0/0/1] ip address 10.0.123.2 24
[R2-GigabitEthernet0/0/1] quit
[R2]interface LoopBack 0
[R2-LoopBack0] ip address 10.0.2.2 24
[R2-LoopBack0] quit

# Configure IP addresses for GE0/0/1 and Loopback0 of R3.

[R3]interface GigabitEthernet0/0/1
[R3-GigabitEthernet0/0/1] ip address 10.0.123.3 24
[R3-GigabitEthernet0/0/1] quit
[R3]interface LoopBack 0
[R3-LoopBack0] ip address 10.0.3.3 24
[R3-LoopBack0] quit
HCIP-Datacom-Core Technology Lab Guide Page 42

# Configure IP addresses for GE0/0/1, GE0/0/2, and Loopback0 of R4.

[R4]interface GigabitEthernet0/0/1
[R4-GigabitEthernet0/0/1] ip address 10.0.123.4 24
[R4-GigabitEthernet0/0/1] quit
[R4] interface GigabitEthernet0/0/2
[R4-GigabitEthernet0/0/2] ip address 10.0.45.4 24
[R4-GigabitEthernet0/0/2] quit
[R4]interface LoopBack 0
[R4-LoopBack0] ip address 10.0.4.4 24
[R4-LoopBack0] quit

# Configure IP addresses for GE0/0/3 and Loopback0 of R5.

[R5]interface GigabitEthernet0/0/3
[R5-GigabitEthernet0/0/3] ip address 10.0.45.5 24
[R5-GigabitEthernet0/0/3] quit
[R5]interface LoopBack 0
[R5-LoopBack0] ip address 10.0.5.5 24
[R5-LoopBack0] quit

# On R4, ping the IP addresses of the interconnected devices to test the connectivity.

<R4>ping -c 1 10.0.123.1
PING 10.0.123.1: 56 data bytes, press CTRL_C to break
Reply from 10.0.123.1: bytes=56 Sequence=1 ttl=255 time=100 ms

--- 10.0.123.1 ping statistics ---


1 packet(s) transmitted
1 packet(s) received
0.00% packet loss
round-trip min/avg/max = 100/100/100 ms

<R4>ping -c 1 10.0.123.2
PING 10.0.123.2: 56 data bytes, press CTRL_C to break
Reply from 10.0.123.2: bytes=56 Sequence=1 ttl=255 time=110 ms

--- 10.0.123.2 ping statistics ---


1 packet(s) transmitted
1 packet(s) received
0.00% packet loss
round-trip min/avg/max = 110/110/110 ms

<R4>ping -c 1 10.0.123.3
PING 10.0.123.3: 56 data bytes, press CTRL_C to break
Reply from 10.0.123.3: bytes=56 Sequence=1 ttl=255 time=110 ms

--- 10.0.123.3 ping statistics ---


1 packet(s) transmitted
1 packet(s) received
0.00% packet loss
round-trip min/avg/max = 110/110/110 ms

<R4>ping -c 1 10.0.45.5
PING 10.0.45.5: 56 data bytes, press CTRL_C to break
HCIP-Datacom-Core Technology Lab Guide Page 43

Reply from 10.0.45.5: bytes=56 Sequence=1 ttl=255 time=60 ms

--- 10.0.45.5 ping statistics ---


1 packet(s) transmitted
1 packet(s) received
0.00% packet loss
round-trip min/avg/max = 60/60/60 ms

Step 2 Configure multi-area OSPF.

Configure multi-area OSPF as planned and change the network type of Loopback0 to
broadcast.
# Configure R1.

[R1]ospf 1 router-id 10.0.1.1


[R1-ospf-1]area 0
[R1-ospf-1-area-0.0.0.0] network 10.0.123.1 0.0.0.0
[R1-ospf-1-area-0.0.0.0] quit
[R1-ospf-1]area 2
[R1-ospf-1-area-0.0.0.2] network 10.0.1.1 0.0.0.0
[R1-ospf-1-area-0.0.0.2] quit
[R1-ospf-1]quit
[R1]interface LoopBack 0
[R1-LoopBack0] ospf network-type broadcast
[R1-LoopBack0] quit

# Configure R2.

[R2]ospf 1 router-id 10.0.2.2


[R2-ospf-1]area 0
[R2-ospf-1-area-0.0.0.0] network 10.0.123.2 0.0.0.0
[R2-ospf-1-area-0.0.0.0] network 10.0.2.2 0.0.0.0
[R2-ospf-1-area-0.0.0.0] quit
[R2-ospf-1]quit
[R2]interface LoopBack 0
[R2-LoopBack0] ospf network-type broadcast
[R2-LoopBack0] quit

# Configure R3.

[R3]ospf 1 router-id 10.0.3.3


[R3-ospf-1]area 0
[R3-ospf-1-area-0.0.0.0] network 10.0.123.3 0.0.0.0
[R3-ospf-1-area-0.0.0.0] network 10.0.3.3 0.0.0.0
[R3-ospf-1-area-0.0.0.0] quit
[R3-ospf-1]quit
[R3]interface LoopBack 0
[R3-LoopBack0] ospf network-type broadcast
[R3-LoopBack0] quit

# Configure R4.

[R4]ospf 1 router-id 10.0.4.4


[R4-ospf-1]area 0
HCIP-Datacom-Core Technology Lab Guide Page 44

[R4-ospf-1-area-0.0.0.0] network 10.0.4.4 0.0.0.0


[R4-ospf-1-area-0.0.0.0] network 10.0.123.4 0.0.0.0
[R4-ospf-1-area-0.0.0.0] quit
[R4-ospf-1]area 1
[R4-ospf-1-area-0.0.0.1] network 10.0.45.4 0.0.0.0
[R4-ospf-1-area-0.0.0.1] quit
[R4-ospf-1]quit
[R4]interface LoopBack 0
[R4-LoopBack0] ospf network-type broadcast
[R4-LoopBack0] quit

# Configure R5.

[R5]ospf 1 router-id 10.0.5.5


[R5-ospf-1]area 1
[R5-ospf-1-area-0.0.0.1] network 10.0.45.5 0.0.0.0
[R5-ospf-1-area-0.0.0.1] quit
[R5-ospf-1]quit

Step 3 Verify the OSPF configuration.

# Check the brief information about OSPF neighbor relationships on R4.

[R4]display ospf peer brief

OSPF Process 1 with Router ID 10.0.4.4


Peer Statistic Information
----------------------------------------------------------------------------
Area Id Interface Neighbor id State
0.0.0.0 GigabitEthernet0/0/1 10.0.1.1 Full
0.0.0.0 GigabitEthernet0/0/1 10.0.2.2 Full
0.0.0.0 GigabitEthernet0/0/1 10.0.3.3 2-Way
0.0.0.1 GigabitEthernet0/0/2 10.0.5.5 Full
----------------------------------------------------------------------------

The command output shows that R3 and R4 have established only a neighbor
relationship instead of an adjacency.
# Check the OSPF routing table on R4.

[R4]display ospf routing

OSPF Process 1 with Router ID 10.0.4.4


Routing Tables

Routing for Network


Destination Cost Type NextHop AdvRouter Area
10.0.4.0/24 0 Stub 10.0.4.4 10.0.4.4 0.0.0.0
10.0.45.0/24 1 Transit 10.0.45.4 10.0.4.4 0.0.0.1
10.0.123.0/24 1 Transit 10.0.123.4 10.0.4.4 0.0.0.0
10.0.1.0/24 1 Inter-area 10.0.123.1 10.0.1.1 0.0.0.0
10.0.2.0/24 1 Stub 10.0.123.2 10.0.2.2 0.0.0.0
10.0.3.0/24 1 Stub 10.0.123.3 10.0.3.3 0.0.0.0

Total Nets: 6
Intra Area: 5 Inter Area: 1 ASE: 0 NSSA: 0
HCIP-Datacom-Core Technology Lab Guide Page 45

# Check the OSPF LSDB on R5.

[R5]display ospf lsdb

OSPF Process 1with Router ID 10.0.5.5


Link State Database

Area: 0.0.0.1
Type LinkState ID AdvRouter Age Len Sequence Metric
Router 10.0.5.5 10.0.5.5 470 36 80000008 1
Router 10.0.4.4 10.0.4.4 1660 36 80000005 1
Network 10.0.45.4 10.0.4.4 1660 32 80000002 0
Sum-Net 10.0.3.0 10.0.4.4 1710 28 80000001 1
Sum-Net 10.0.2.0 10.0.4.4 1710 28 80000001 1
Sum-Net 10.0.1.0 10.0.4.4 1710 28 80000001 1
Sum-Net 10.0.4.0 10.0.4.4 1700 28 80000001 0
Sum-Net 10.0.123.0 10.0.4.4 1710 28 80000001 1

As only two routers exist in area 1, only two Type 1 LSAs exist in the LSDB of R5, and the
five Type-3 LSAs are inter-area routes advertised by R4 to R5.
# Check the OSPF LSDB on R2.

[R2]display ospf lsdb

OSPF Process 1with Router ID 10.0.2.2


Link State Database

Area: 0.0.0.0
Type LinkState ID AdvRouter Age Len Sequence Metric
Router 10.0.3.3 10.0.3.3 256 48 8000000B 1
Router 10.0.4.4 10.0.4.4 211 48 8000000A 1
Router 10.0.2.2 10.0.2.2 268 48 8000000C 1
Router 10.0.1.1 10.0.1.1 270 36 8000000B 1
Network 10.0.123.1 10.0.1.1 270 40 80000007 0
Sum-Net 10.0.1.0 10.0.1.1 399 28 80000002 0
Sum-Net 10.0.45.0 10.0.4.4 265 28 80000002 1

The LSDB on R2 contains not only four Type 1 LSAs, but also one Type 2 LSA. GE0/0/1 of
R2 connects to a broadcast network, on which the DR generates a Type 2 LSA to describe
all neighbors. Based on the AdvRouter field, the router that generates the LSA is R1,
which matches the result that R1 is the DR on this network segment.

Step 4 Change the DR priorities of the device interfaces to affect DR election.

# Change the DR priority of GE0/0/1 on R4 to 255 to ensure that R4 becomes the DR on


the network segment 10.0.123.0/24.

[R4]interface GigabitEthernet0/0/1
[R4-GigabitEthernet0/0/1] ospf dr-priority 255
[R4-GigabitEthernet0/0/1] quit

# Change the DR priority of GE0/0/1 on R3 to 254 to ensure that R3 becomes the BDR on
the network segment 10.0.123.0/24.
HCIP-Datacom-Core Technology Lab Guide Page 46

[R3]interface GigabitEthernet0/0/1
[R3-GigabitEthernet0/0/1] ospf dr-priority 254
[R3-GigabitEthernet0/0/1] quit

# Change the DR priority of GE0/0/1 on R2 to 0 to ensure that R2 does not participate in


DR election.

[R2]interface GigabitEthernet0/0/1
[R2-GigabitEthernet0/0/1] ospf dr-priority 0
[R2-GigabitEthernet0/0/1] quit

# Shut down and then re-enable GE0/0/1 of R1, R2, R3, and R4 to trigger DR and BDR re-
election.

[R1]interface GigabitEthernet 0/0/1


[R1-GigabitEthernet0/0/1] shutdown

[R2]interface GigabitEthernet 0/0/1


[R2-GigabitEthernet0/0/1] shutdown

[R3]interface GigabitEthernet 0/0/1


[R3-GigabitEthernet0/0/1] shutdown

[R4]interface GigabitEthernet 0/0/1


[R4-GigabitEthernet0/0/1] shutdown

[R1]interface GigabitEthernet 0/0/1


[R1-GigabitEthernet0/0/1] undo shutdown
[R1-GigabitEthernet0/0/1] quit

[R2]interface GigabitEthernet 0/0/1


[R2-GigabitEthernet0/0/1] undo shutdown
[R2-GigabitEthernet0/0/1] quit

[R3]interface GigabitEthernet 0/0/1


[R3-GigabitEthernet0/0/1] undo shutdown
[R3-GigabitEthernet0/0/1] quit

[R4]interface GigabitEthernet 0/0/1


[R4-GigabitEthernet0/0/1] undo shutdown
[R4-GigabitEthernet0/0/1] quit

To ensure that the election result is determined based on the configured priorities, you
are advised to enable the interfaces at the same time. Otherwise, the router whose
interface is enabled first may become the DR or BDR.
# Check the DR and BDR election results on R3.

<R3>display ospf peer

OSPF Process 1 with Router ID 10.0.3.3


Neighbors

Area 0.0.0.0 interface 10.0.123.3(GigabitEthernet0/0/1)'s neighbors


Router ID: 10.0.1.1 Address: 10.0.123.1
HCIP-Datacom-Core Technology Lab Guide Page 47

State: Full Mode:Nbr is Slave Priority: 1


DR: 10.0.123.4 BDR: 10.0.123.3 MTU: 0
Dead timer due in 40 sec
Retrans timer interval: 5
Neighbor is up for 00:59:26
Authentication Sequence: [ 0 ]

Router ID: 10.0.2.2 Address: 10.0.123.2


State: Full Mode:Nbr is Slave Priority: 0
DR: 10.0.123.4 BDR: 10.0.123.3 MTU: 0
Dead timer due in 36 sec
Retrans timer interval: 4
Neighbor is up for 00:59:36
Authentication Sequence: [ 0 ]

Router ID: 10.0.4.4 Address: 10.0.123.4


State: Full Mode:Nbr is Master Priority: 255
DR: 10.0.123.4 BDR: 10.0.123.3 MTU: 0
Dead timer due in 34 sec
Retrans timer interval: 0
Neighbor is up for 00:59:53
Authentication Sequence: [ 0 ]

The command output shows that R4 is the DR and R3 is the BDR.


# Check the neighbor relationship between R1 and R2 on R1.

<R1>display ospf peer brief

OSPF Process 1 with Router ID 10.0.1.1


Peer Statistic Information
----------------------------------------------------------------------------
Area Id Interface Neighbor id State
0.0.0.0 GigabitEthernet0/0/1 10.0.2.2 2-Way
0.0.0.0 GigabitEthernet0/0/1 10.0.3.3 Full
0.0.0.0 GigabitEthernet0/0/1 10.0.4.4 Full
----------------------------------------------------------------------------

R1 and R2 are both DR others, and their neighbor relationship remains in the 2-way state.
This means that R1 and R2 has established only a neighbor relationship and no
adjacency.

Step 5 Import direct routes to OSPF.

# Configure R5 to import the Loopback0 route to its OSPF routing table. As previously
described, R5's Loopback0 does not belong to any OSPF area.

[R5]ospf 1
[R5-ospf-1] import-route direct

# Check the imported external route on R1.

<R1>display ospf routing

OSPF Process 1 with Router ID 10.0.1.1


HCIP-Datacom-Core Technology Lab Guide Page 48

Routing Tables

Routing for Network


Destination Cost Type NextHop AdvRouter Area
10.0.1.0/24 0 Stub 10.0.1.1 10.0.1.1 0.0.0.2
10.0.123.0/24 1 Transit 10.0.123.1 10.0.1.1 0.0.0.0
10.0.2.0/24 1 Stub 10.0.123.2 10.0.2.2 0.0.0.0
10.0.3.0/24 1 Stub 10.0.123.3 10.0.3.3 0.0.0.0
10.0.4.0/24 1 Stub 10.0.123.4 10.0.4.4 0.0.0.0
10.0.45.0/24 2 Inter-area 10.0.123.4 10.0.4.4 0.0.0.0

Routing for ASEs


Destination Cost Type Tag NextHop AdvRouter
10.0.5.0/24 1 Type2 1 10.0.123.4 10.0.5.5

Total Nets: 7
Intra Area: 5 Inter Area: 1 ASE: 1 NSSA: 0

The Loopback0 route has been successfully imported to the OSPF routing table as an
external route.
# Check Type 5 LSAs on R1.

<R1>display ospf lsdb ase

OSPF Process 1 with Router ID 10.0.1.1


Link State Database

Type : External
Ls id : 10.0.5.0
Adv rtr : 10.0.5.5
Ls age : 429
Len : 36
Options :E
seq# : 80000001
chksum : 0xa904
Netmask : 255.255.255.0
TOS 0 Metric :1
Etype :2
Forwarding Address : 0.0.0.0
Tag : 1
Priority : Low

Type : External
Ls id : 10.0.45.0
Adv rtr : 10.0.5.5
Ls age : 429
Len : 36
Options :E
seq# : 80000001
chksum : 0xef95
Netmask : 255.255.255.0
TOS 0 Metric :1
Etype :2
Forwarding Address : 0.0.0.0
HCIP-Datacom-Core Technology Lab Guide Page 49

Tag :1
Priority : Low

The command output shows two Type 5 LSAs, but there is only one external route
10.0.5.0/24 in the OSPF routing table of R1. This is because an inter-area route to the
destination 10.0.45.0/24 exists in addition to the AS external route, and the preference of
the inter-area route is higher than that of the AS external route.
# Check Type 3 LSAs on R1. (The following command output shows Type 3 LSAs only in
area 0.)

<R1>display ospf lsdb summary

OSPF Process 1 with Router ID 10.0.1.1


Area: 0.0.0.0
Link State Database

Type : Sum-Net
Ls id : 10.0.1.0
Adv rtr : 10.0.1.1
Ls age : 1487
Len : 28
Options :E
seq# : 80000003
chksum : 0x72d1
Netmask : 255.255.255.0
Tos 0 metric: 0
Priority : Low

Type : Sum-Net
Ls id : 10.0.45.0
Adv rtr : 10.0.4.4
Ls age : 1506
Len : 28
Options :E
seq# : 80000003
chksum : 0x6fa1
Netmask : 255.255.255.0
Tos 0 metric: 1
Priority : Low

The command output shows that a Type 3 LSA also describes a route to the destination
10.0.45.0/24. If the route prefixes and masks described in a Type 3 LSA and a Type 5 LSA
are the same, OSPF preferentially selects the route calculated using the Type 3 LSA and
installs the route into its routing table.

Step 6 Observe the various types of LSAs.

# Check Type 1 LSAs 10.0.1.1 on R1.

<R1>display ospf lsdb router 10.0.1.1

OSPF Process 1 with Router ID 10.0.1.1


Area: 0.0.0.0
HCIP-Datacom-Core Technology Lab Guide Page 50

Link State Database

Type : Router
Ls id : 10.0.1.1
Adv rtr : 10.0.1.1
Ls age : 202
Len : 36
Options : ABR E
seq# : 80000015
chksum : 0x31e4
Link count :1
* Link ID : 10.0.123.4
Data : 10.0.123.1
Link Type : TransNet
Metric :1
Area : 0.0.0.2
Link State Database

Type : Router
Ls id : 10.0.1.1
Adv rtr : 10.0.1.1
Ls age : 180
Len : 36
Options : ABR E
seq# : 80000005
chksum : 0x1615
Link count : 1
* Link ID : 10.0.1.0
Data : 255.255.255.0
Link Type : StubNet
Metric : 0
Priority : Low

In a Type 1 LSA, the Ls id field indicates the router ID of the router that generates the
LSA.
The command output shows that R1 has generated two Type 1 LSAs: one flooded in area
0, and the other flooded in area 2.
In area 0, R1 is connected to a network segment of the transit type. The value of the Link
ID field in the LSA is the interface IP address of the DR on the network segment, and the
value of the Data field is the IP address of the local interface connected to the DR.
In area 2, R1's Loopback0 belongs to this area. The value of the Link Type field in the
LSA is StubNet, the value of the Link ID field is the IP address of the stub network
segment, and the value of the Data field is the network mask of the stub network
segment.
# Check the Type 2 LSA on R2.

<R2>display ospf lsdb network

OSPF Process 1 with Router ID 10.0.2.2


Area : 0.0.0.0
HCIP-Datacom-Core Technology Lab Guide Page 51

Link State Database

Type : Network
Ls id : 10.0.123.4
Adv rtr : 10.0.4.4
Ls age : 817
Len : 40
Options : E
seq# : 80000007
chksum : 0x373d
Netmask : 255.255.255.0
Priority : Low
Attached Router 10.0.4.4
Attached Router 10.0.1.1
Attached Router 10.0.2.2
Attached Router 10.0.3.3

The Type 2 LSA is generated by the DR. This can be proved by the Adv rtr field, whose
value is 10.0.4.4 (that is, the DR). For a Type 2 LSA, the value of the Ls id field is the
interface IP address of the DR on the network segment, and the values of the Attached
Router fields are the router IDs of all routers on the network segment.
# Check Type 3 LSAs 10.0.45.0 on R1.

<R1>display ospf lsdb summary 10.0.45.0

OSPF Process 1 with Router ID 10.0.1.1


Area: 0.0.0.0
Link State Database

Type : Sum-Net
Ls id : 10.0.45.0
Adv rtr : 10.0.4.4
Ls age : 1290
Len : 28
Options :E
seq# : 80000004
chksum : 0x6da2
Netmask : 255.255.255.0
Tos 0 metric: 1
Priority : Low
Area : 0.0.0.2
Link State Database

Type : Sum-Net
Ls id : 10.0.45.0
Adv rtr : 10.0.1.1
Ls age : 1250
Len : 28
Options : E
seq# : 80000004
chksum : 0x9e76
HCIP-Datacom-Core Technology Lab Guide Page 52

Netmask : 255.255.255.0
Tos 0 metric: 2
Priority : Low

The Ls id field in a Type 3 LSA indicates a network prefix, and the Net mask field carries
the network mask. Two Type 3 LSAs are displayed on R1. One is in the LSDB of area 0.
Based on the Adv rtr field, this LSA is generated by R4, which advertises it from area 1 to
area 0. The other is in the LSDB of area 2. Based on the Adv rtr field, this LSA is
generated by R1 itself. R1 functions as the ABR connecting area 0 and area 2, and
generates the Type 3 LSA to advertise it to area 2.
# Check the Type 4 LSAs on R1.

<R1>display ospf lsdb asbr 10.0.5.5

OSPF Process 1 with Router ID 10.0.1.1


Area: 0.0.0.0
Link State Database

Type : Sum-Asbr
Ls id : 10.0.5.5
Adv rtr : 10.0.4.4
Ls age : 1257
Len : 28
Options :E
seq# : 80000002
chksum : 0xea49
Tos 0 metric :1
Area: 0.0.0.2
Link State Database

Type : Sum-Asbr
Ls id : 10.0.5.5
Adv rtr : 10.0.1.1
Ls age : 1256
Len : 28
Options :E
seq# : 80000002
chksum : 0x1c1d
Tos 0 metric: 2

Type 4 LSAs are used to describe routes to ASBRs. The command output shows that R1
has two Type 4 LSAs. One is in the LSDB of area 0, and is generated by R4 based on the
Adv rtr field. The other is generated by R1 itself as the value of the Adv rtr field is R1's
own router ID. R1 functions as the ABR connecting area 0 and area 2.

Step 7 Observe the LSR, LSU, and LSAck packets.

By default, an OSPF router sends LSU packets at the interval of 30 minutes when the
network runs stably. To trigger OSPF to send LSR and LSU packets, cancel the OSPF
activation on Loopback0 of R4. Then, observe the OSPF packets on R1.
HCIP-Datacom-Core Technology Lab Guide Page 53

# Run the debugging ospf packet update and debugging ospf packet ack commands
on R1.

<R1>terminal debugging
Info: Current terminal debugging is on.
<R1>terminal monitor
Info: Current terminal monitor is on.
<R1>debugging ospf packet update
<R1>debugging ospf packet ack

# Cancel the OSPF activation on Loopback0 of R4.

[R4]ospf 1
[R4-ospf-1]area 0
[R4-ospf-1-area-0.0.0.0] undo network 10.0.4.4 0.0.0.0

# Observe the debugging information on R1.

May 25 2020 20:27:47.210.1-08:00 R1 RM/6/RMDEBUG:


FileID: 0x70178024 Line: 2218 Level: 0x20
OSPF 1: RECV Packet. Interface: GigabitEthernet0/0/1
May 25 2020 20:27:47.210.2-08:00 R1 RM/6/RMDEBUG: Source Address: 10.0.123.4
May 25 2020 20:27:47.210.3-08:00 R1 RM/6/RMDEBUG: Destination Address: 224.0.0.5
May 25 2020 20:27:47.210.4-08:00 R1 RM/6/RMDEBUG: Ver# 2, Type: 4 (Link-State Update)
May 25 2020 20:27:47.210.5-08:00 R1 RM/6/RMDEBUG: Length: 64, Router: 10.0.4.4
May 25 2020 20:27:47.210.6-08:00 R1 RM/6/RMDEBUG: Area: 0.0.0.0, Chksum: 5451
May 25 2020 20:27:47.210.7-08:00 R1 RM/6/RMDEBUG: AuType: 00
May 25 2020 20:27:47.210.8-08:00 R1 RM/6/RMDEBUG: Key(ascii): 0 0 0 0 0 0 0 0
May 25 2020 20:27:47.210.9-08:00 R1 RM/6/RMDEBUG: # LSAS: 1
May 25 2020 20:27:47.210.10-08:00 R1 RM/6/RMDEBUG: LSA Type 1
May 25 2020 20:27:47.210.11-08:00 R1 RM/6/RMDEBUG: LS ID: 10.0.4.4
May 25 2020 20:27:47.210.12-08:00 R1 RM/6/RMDEBUG: Adv Rtr: 10.0.4.4
May 25 2020 20:27:47.210.13-08:00 R1 RM/6/RMDEBUG: LSA Age: 1
May 25 2020 20:27:47.210.14-08:00 R1 RM/6/RMDEBUG: Options: ExRouting:ON
May 25 2020 20:27:47.210.15-08:00 R1 RM/6/RMDEBUG: Length: 36, Seq# 80000017
May 25 2020 20:27:47.210.16-08:00 R1 RM/6/RMDEBUG: CheckSum: f014
May 25 2020 20:27:47.210.17-08:00 R1 RM/6/RMDEBUG: NtBit: 0 VBit: 0 EBit: 0 BBit: 1
May 25 2020 20:27:47.210.18-08:00 R1 RM/6/RMDEBUG: # Links: 1
May 25 2020 20:27:47.210.19-08:00 R1 RM/6/RMDEBUG: LinkID: 10.0.123.4
May 25 2020 20:27:47.210.20-08:00 R1 RM/6/RMDEBUG: LinkData: 10.0.123.4
May 25 2020 20:27:47.210.21-08:00 R1 RM/6/RMDEBUG: LinkType: 2
May 25 2020 20:27:47.210.22-08:00 R1 RM/6/RMDEBUG: TOS# 0 Metric 1
May 25 2020 20:27:47.210.23-08:00 R1 RM/6/RMDEBUG:
May 25 2020 20:27:47.570.1-08:00 R1 RM/6/RMDEBUG:
FileID: 0x70178024 Line: 2218 Level: 0x20
OSPF 1: RECV Packet. Interface: GigabitEthernet0/0/1
May 25 2020 20:27:47.570.2-08:00 R1 RM/6/RMDEBUG: Source Address: 10.0.123.3
May 25 2020 20:27:47.570.3-08:00 R1 RM/6/RMDEBUG: Destination Address: 224.0.0.5
May 25 2020 20:27:47.570.4-08:00 R1 RM/6/RMDEBUG: Ver# 2, Type: 5 (Link-State Ack)
May 25 2020 20:27:47.570.5-08:00 R1 RM/6/RMDEBUG: Length: 44, Router: 10.0.3.3
May 25 2020 20:27:47.570.6-08:00 R1 RM/6/RMDEBUG: Area: 0.0.0.0, Chksum: 6271
May 25 2020 20:27:47.570.7-08:00 R1 RM/6/RMDEBUG: AuType: 00
May 25 2020 20:27:47.570.8-08:00 R1 RM/6/RMDEBUG: Key(ascii): 0 0 0 0 0 0 0 0
May 25 2020 20:27:47.570.9-08:00 R1 RM/6/RMDEBUG: # LSA Headers: 1
May 25 2020 20:27:47.570.10-08:00 R1 RM/6/RMDEBUG: LSA Type 1
HCIP-Datacom-Core Technology Lab Guide Page 54

May 25 2020 20:27:47.570.11-08:00 R1 RM/6/RMDEBUG: LS ID: 10.0.4.4


May 25 2020 20:27:47.570.12-08:00 R1 RM/6/RMDEBUG: Adv Rtr: 10.0.4.4
May 25 2020 20:27:47.570.13-08:00 R1 RM/6/RMDEBUG: LSA Age: 1
May 25 2020 20:27:47.570.14-08:00 R1 RM/6/RMDEBUG: Options: ExRouting:ON
May 25 2020 20:27:47.570.15-08:00 R1 RM/6/RMDEBUG: Length: 36, Seq# 80000017
May 25 2020 20:27:47.570.16-08:00 R1 RM/6/RMDEBUG: CheckSum: f014
May 25 2020 20:27:47.570.17-08:00 R1 RM/6/RMDEBUG:
May 25 2020 20:27:47.990.1-08:00 R1 RM/6/RMDEBUG:
FileID: 0x70178025 Line: 4427 Level: 0x20
OSPF 1: SEND Packet. Interface: GigabitEthernet0/0/1
May 25 2020 20:27:47.990.2-08:00 R1 RM/6/RMDEBUG: Source Address: 10.0.123.1
May 25 2020 20:27:47.990.3-08:00 R1 RM/6/RMDEBUG: Destination Address: 224.0.0.6
May 25 2020 20:27:47.990.4-08:00 R1 RM/6/RMDEBUG: Ver# 2, Type: 5 (Link-State Ack)
May 25 2020 20:27:47.990.5-08:00 R1 RM/6/RMDEBUG: Length: 44, Router: 10.0.1.1
May 25 2020 20:27:47.990.6-08:00 R1 RM/6/RMDEBUG: Area: 0.0.0.0, Chksum: 6472
May 25 2020 20:27:47.990.7-08:00 R1 RM/6/RMDEBUG: AuType: 00
May 25 2020 20:27:47.990.8-08:00 R1 RM/6/RMDEBUG: Key(ascii): 0 0 0 0 0 0 0 0
May 25 2020 20:27:47.990.9-08:00 R1 RM/6/RMDEBUG: # LSA Headers: 1
May 25 2020 20:27:47.990.10-08:00 R1 RM/6/RMDEBUG: LSA Type 1
May 25 2020 20:27:47.990.11-08:00 R1 RM/6/RMDEBUG: LS ID: 10.0.4.4
May 25 2020 20:27:47.990.12-08:00 R1 RM/6/RMDEBUG: Adv Rtr: 10.0.4.4
May 25 2020 20:27:47.990.13-08:00 R1 RM/6/RMDEBUG: LSA Age: 2
May 25 2020 20:27:47.990.14-08:00 R1 RM/6/RMDEBUG: Options: ExRouting:ON
May 25 2020 20:27:47.990.15-08:00 R1 RM/6/RMDEBUG: Length: 36, Seq# 80000017
May 25 2020 20:27:47.990.16-08:00 R1 RM/6/RMDEBUG: CheckSum: f014

The debugging information shows three packets. The first is an LSU packet, which is sent
by R4 (the DR). The destination address of the packet is 224.0.0.5, and the packet
contains only one network segment. Therefore, the value of the Links field is 1.
The second is an LSAck packet, which is sent by R3 (the BDR). The destination address of
the packet is 224.0.0.5. The third is also an LSAck packet, which is sent by R1 to the DR
and BDR. The destination address of the packet is 224.0.0.6.
# Re-activate OSPF on the Loopback0 interface.

[R4]ospf 1
[R4-ospf-1]area 0
[R4-ospf-1-area-0.0.0.0] network 10.0.4.4 0.0.0.0

# Observe the debugging information on R1.

May 25 2020 20:39:26.150.1-08:00 R1 RM/6/RMDEBUG:


FileID: 0x70178024 Line: 2218 Level: 0x20
OSPF 1: RECV Packet. Interface: GigabitEthernet0/0/1
May 25 2020 20:39:26.150.2-08:00 R1 RM/6/RMDEBUG: Source Address: 10.0.123.4
May 25 2020 20:39:26.150.3-08:00 R1 RM/6/RMDEBUG: Destination Address: 224.0.0.5
May 25 2020 20:39:26.150.4-08:00 R1 RM/6/RMDEBUG: Ver# 2, Type: 4 (Link-State Update)
May 25 2020 20:39:26.150.5-08:00 R1 RM/6/RMDEBUG: Length: 76, Router: 10.0.4.4
May 25 2020 20:39:26.150.6-08:00 R1 RM/6/RMDEBUG: Area: 0.0.0.0, Chksum: c8cf
May 25 2020 20:39:26.150.7-08:00 R1 RM/6/RMDEBUG: AuType: 00
May 25 2020 20:39:26.150.8-08:00 R1 RM/6/RMDEBUG: Key(ascii): 0 0 0 0 0 0 0 0
May 25 2020 20:39:26.150.9-08:00 R1 RM/6/RMDEBUG: # LSAS: 1
May 25 2020 20:39:26.150.10-08:00 R1 RM/6/RMDEBUG: LSA Type 1
May 25 2020 20:39:26.150.11-08:00 R1 RM/6/RMDEBUG: LS ID: 10.0.4.4
May 25 2020 20:39:26.150.12-08:00 R1 RM/6/RMDEBUG: Adv Rtr: 10.0.4.4
HCIP-Datacom-Core Technology Lab Guide Page 55

May 25 2020 20:39:26.150.13-08:00 R1 RM/6/RMDEBUG: LSA Age: 2


May 25 2020 20:39:26.150.14-08:00 R1 RM/6/RMDEBUG: Options: ExRouting:ON
May 25 2020 20:39:26.150.15-08:00 R1 RM/6/RMDEBUG: Length: 48, Seq# 8000001b
May 25 2020 20:39:26.150.16-08:00 R1 RM/6/RMDEBUG: CheckSum: 6b77
May 25 2020 20:39:26.150.17-08:00 R1 RM/6/RMDEBUG: NtBit: 0 VBit: 0 EBit: 0 BBit: 1
May 25 2020 20:39:26.150.18-08:00 R1 RM/6/RMDEBUG: # Links: 2
May 25 2020 20:39:26.150.19-08:00 R1 RM/6/RMDEBUG: LinkID: 10.0.123.4
May 25 2020 20:39:26.150.20-08:00 R1 RM/6/RMDEBUG: LinkData: 10.0.123.4
May 25 2020 20:39:26.150.21-08:00 R1 RM/6/RMDEBUG: LinkType: 2
May 25 2020 20:39:26.150.22-08:00 R1 RM/6/RMDEBUG: TOS# 0 Metric 1
May 25 2020 20:39:26.150.23-08:00 R1 RM/6/RMDEBUG: LinkID: 10.0.4.0
May 25 2020 20:39:26.150.24-08:00 R1 RM/6/RMDEBUG: LinkData: 255.255.255.0
May 25 2020 20:39:26.150.25-08:00 R1 RM/6/RMDEBUG: LinkType: 3
May 25 2020 20:39:26.150.26-08:00 R1 RM/6/RMDEBUG: TOS# 0 Metric 0
May 25 2020 20:39:26.150.27-08:00 R1 RM/6/RMDEBUG:
May 25 2020 20:39:26.580.1-08:00 R1 RM/6/RMDEBUG:
FileID: 0x70178024 Line: 2218 Level: 0x20
OSPF 1: RECV Packet. Interface: GigabitEthernet0/0/1
May 25 2020 20:39:26.580.2-08:00 R1 RM/6/RMDEBUG: Source Address: 10.0.123.3
May 25 2020 20:39:26.580.3-08:00 R1 RM/6/RMDEBUG: Destination Address: 224.0.0.5
May 25 2020 20:39:26.580.4-08:00 R1 RM/6/RMDEBUG: Ver# 2, Type: 5 (Link-State Ack)
May 25 2020 20:39:26.580.5-08:00 R1 RM/6/RMDEBUG: Length: 44, Router: 10.0.3.3
May 25 2020 20:39:26.580.6-08:00 R1 RM/6/RMDEBUG: Area: 0.0.0.0, Chksum: e6fd
May 25 2020 20:39:26.580.7-08:00 R1 RM/6/RMDEBUG: AuType: 00
May 25 2020 20:39:26.580.8-08:00 R1 RM/6/RMDEBUG: Key(ascii): 0 0 0 0 0 0 0 0
May 25 2020 20:39:26.580.9-08:00 R1 RM/6/RMDEBUG: # LSA Headers: 1
May 25 2020 20:39:26.580.10-08:00 R1 RM/6/RMDEBUG: LSA Type 1
May 25 2020 20:39:26.580.11-08:00 R1 RM/6/RMDEBUG: LS ID: 10.0.4.4
May 25 2020 20:39:26.580.12-08:00 R1 RM/6/RMDEBUG: Adv Rtr: 10.0.4.4
May 25 2020 20:39:26.580.13-08:00 R1 RM/6/RMDEBUG: LSA Age: 2
May 25 2020 20:39:26.580.14-08:00 R1 RM/6/RMDEBUG: Options: ExRouting:ON
May 25 2020 20:39:26.580.15-08:00 R1 RM/6/RMDEBUG: Length: 48, Seq# 8000001b
May 25 2020 20:39:26.580.16-08:00 R1 RM/6/RMDEBUG: CheckSum: 6b77
May 25 2020 20:39:26.580.17-08:00 R1 RM/6/RMDEBUG:
May 25 2020 20:39:26.910.1-08:00 R1 RM/6/RMDEBUG:
FileID: 0x70178025 Line: 4427 Level: 0x20
OSPF 1: SEND Packet. Interface: GigabitEthernet0/0/1
May 25 2020 20:39:26.910.2-08:00 R1 RM/6/RMDEBUG: Source Address: 10.0.123.1
May 25 2020 20:39:26.910.3-08:00 R1 RM/6/RMDEBUG: Destination Address: 224.0.0.6
May 25 2020 20:39:26.910.4-08:00 R1 RM/6/RMDEBUG: Ver# 2, Type: 5 (Link-State Ack)
May 25 2020 20:39:26.910.5-08:00 R1 RM/6/RMDEBUG: Length: 44, Router: 10.0.1.1
May 25 2020 20:39:26.910.6-08:00 R1 RM/6/RMDEBUG: Area: 0.0.0.0, Chksum: e8fe
May 25 2020 20:39:26.910.7-08:00 R1 RM/6/RMDEBUG: AuType: 00
May 25 2020 20:39:26.910.8-08:00 R1 RM/6/RMDEBUG: Key(ascii): 0 0 0 0 0 0 0 0
May 25 2020 20:39:26.910.9-08:00 R1 RM/6/RMDEBUG: # LSA Headers: 1
May 25 2020 20:39:26.910.10-08:00 R1 RM/6/RMDEBUG: LSA Type 1
May 25 2020 20:39:26.910.11-08:00 R1 RM/6/RMDEBUG: LS ID: 10.0.4.4
May 25 2020 20:39:26.910.12-08:00 R1 RM/6/RMDEBUG: Adv Rtr: 10.0.4.4
May 25 2020 20:39:26.910.13-08:00 R1 RM/6/RMDEBUG: LSA Age: 3
May 25 2020 20:39:26.910.14-08:00 R1 RM/6/RMDEBUG: Options: ExRouting:ON
May 25 2020 20:39:26.910.15-08:00 R1 RM/6/RMDEBUG: Length: 48, Seq# 8000001b
May 25 2020 20:39:26.910.16-08:00 R1 RM/6/RMDEBUG: CheckSum: 6b77
May 25 2020 20:39:26.910.17-08:00 R1 RM/6/RMDEBUG:
HCIP-Datacom-Core Technology Lab Guide Page 56

The first remains an LSU packet, which is generated by R4 (the DR). The value of the
Links field is 2, indicating that a Loopback0 route is added. The second and third packets
remain the same as before: the LSAck packet replied by the BDR and that replied by R1
itself.
# Run the debugging ospf packet request command on R1, and then reset the OSPF
process.

<R1>debugging ospf packet request


<R1>reset ospf process 1

# Observe the debugging information on R1.

FileID: 0x70178025 Line: 2886 Level: 0x20


OSPF 1: SEND Packet. Interface: GigabitEthernet0/0/1
May 25 2020 21:18:01.400.2-08:00 R1 RM/6/RMDEBUG: Source Address: 10.0.123.1
May 25 2020 21:18:01.400.3-08:00 R1 RM/6/RMDEBUG: Destination Address: 10.0.123
.3
May 25 2020 21:18:01.400.4-08:00 R1 RM/6/RMDEBUG: Ver# 2, Type: 3 (Link-State Req)
May 25 2020 21:18:01.400.5-08:00 R1 RM/6/RMDEBUG: Length: 108, Router: 10.0.1.1
May 25 2020 21:18:01.400.6-08:00 R1 RM/6/RMDEBUG: Area: 0.0.0.0, Chksum: e85a
May 25 2020 21:18:01.400.7-08:00 R1 RM/6/RMDEBUG: AuType: 00
May 25 2020 21:18:01.400.8-08:00 R1 RM/6/RMDEBUG: Key(ascii): 0 0 0 0 0 0 0 0
May 25 2020 21:18:01.400.9-08:00 R1 RM/6/RMDEBUG: # Requesting LSAs: 7
May 25 2020 21:18:01.400.10-08:00 R1 RM/6/RMDEBUG: LSA Type 1
May 25 2020 21:18:01.400.11-08:00 R1 RM/6/RMDEBUG: LS ID: 10.0.1.1
May 25 2020 21:18:01.400.12-08:00 R1 RM/6/RMDEBUG: Adv Rtr: 10.0.1.1
May 25 2020 21:18:01.400.13-08:00 R1 RM/6/RMDEBUG: LSA Type 1
May 25 2020 21:18:01.400.14-08:00 R1 RM/6/RMDEBUG: LS ID: 10.0.2.2
May 25 2020 21:18:01.400.15-08:00 R1 RM/6/RMDEBUG: Adv Rtr: 10.0.2.2
May 25 2020 21:18:01.400.16-08:00 R1 RM/6/RMDEBUG: LSA Type 3
May 25 2020 21:18:01.400.17-08:00 R1 RM/6/RMDEBUG: LS ID: 10.0.45.0
May 25 2020 21:18:01.400.18-08:00 R1 RM/6/RMDEBUG: Adv Rtr: 10.0.4.4
May 25 2020 21:18:01.400.19-08:00 R1 RM/6/RMDEBUG: LSA Type 3
May 25 2020 21:18:01.400.20-08:00 R1 RM/6/RMDEBUG: LS ID: 10.0.1.0
May 25 2020 21:18:01.400.21-08:00 R1 RM/6/RMDEBUG: Adv Rtr: 10.0.1.1
May 25 2020 21:18:01.400.22-08:00 R1 RM/6/RMDEBUG: LSA Type 4
May 25 2020 21:18:01.400.23-08:00 R1 RM/6/RMDEBUG: LS ID: 10.0.5.5
May 25 2020 21:18:01.400.24-08:00 R1 RM/6/RMDEBUG: Adv Rtr: 10.0.4.4
May 25 2020 21:18:01.400.25-08:00 R1 RM/6/RMDEBUG: LSA Type 5
May 25 2020 21:18:01.400.26-08:00 R1 RM/6/RMDEBUG: LS ID: 10.0.5.0
May 25 2020 21:18:01.400.27-08:00 R1 RM/6/RMDEBUG: Adv Rtr: 10.0.5.5
May 25 2020 21:18:01.400.28-08:00 R1 RM/6/RMDEBUG: LSA Type 5
May 25 2020 21:18:01.400.29-08:00 R1 RM/6/RMDEBUG: LS ID: 10.0.45.0
May 25 2020 21:18:01.400.30-08:00 R1 RM/6/RMDEBUG: Adv Rtr: 10.0.5.5
May 25 2020 21:18:01.400.31-08:00 R1 RM/6/RMDEBUG:
May 25 2020 21:18:01.430.1-08:00 R1 RM/6/RMDEBUG:
FileID: 0x70178025 Line: 2886 Level: 0x20
OSPF 1: SEND Packet. Interface: GigabitEthernet0/0/1
May 25 2020 21:18:01.430.2-08:00 R1 RM/6/RMDEBUG: Source Address: 10.0.123.1
May 25 2020 21:18:01.430.3-08:00 R1 RM/6/RMDEBUG:
May 25 2020 21:18:01.430.4-08:00 R1 RM/6/RMDEBUG: Ver# 2, Type: 3 (Link-State R
eq)
May 25 2020 21:18:01.430.5-08:00 R1 RM/6/RMDEBUG: Length: 108, Router: 10.0.1.1
May 25 2020 21:18:01.430.6-08:00 R1 RM/6/RMDEBUG: Area: 0.0.0.0, Chksum: e85a
HCIP-Datacom-Core Technology Lab Guide Page 57

May 25 2020 21:18:01.430.7-08:00 R1 RM/6/RMDEBUG: AuType: 00


May 25 2020 21:18:01.430.8-08:00 R1 RM/6/RMDEBUG: Key(ascii): 0 0 0 0 0 0 0 0
May 25 2020 21:18:01.430.9-08:00 R1 RM/6/RMDEBUG: # Requesting LSAs: 7
May 25 2020 21:18:01.430.10-08:00 R1 RM/6/RMDEBUG: LSA Type 1
May 25 2020 21:18:01.430.11-08:00 R1 RM/6/RMDEBUG: LS ID: 10.0.1.1
May 25 2020 21:18:01.430.12-08:00 R1 RM/6/RMDEBUG: Adv Rtr: 10.0.1.1
May 25 2020 21:18:01.430.13-08:00 R1 RM/6/RMDEBUG: LSA Type 1
May 25 2020 21:18:01.430.14-08:00 R1 RM/6/RMDEBUG: LS ID: 10.0.2.2
May 25 2020 21:18:01.430.15-08:00 R1 RM/6/RMDEBUG: Adv Rtr: 10.0.2.2
May 25 2020 21:18:01.430.16-08:00 R1 RM/6/RMDEBUG: LSA Type 3
May 25 2020 21:18:01.430.17-08:00 R1 RM/6/RMDEBUG: LS ID: 10.0.1.0
May 25 2020 21:18:01.430.18-08:00 R1 RM/6/RMDEBUG: Adv Rtr: 10.0.1.1
May 25 2020 21:18:01.430.19-08:00 R1 RM/6/RMDEBUG: LSA Type 3
May 25 2020 21:18:01.430.20-08:00 R1 RM/6/RMDEBUG: LS ID: 10.0.45.0
May 25 2020 21:18:01.430.21-08:00 R1 RM/6/RMDEBUG: Adv Rtr: 10.0.4.4
May 25 2020 21:18:01.430.22-08:00 R1 RM/6/RMDEBUG: LSA Type 4
May 25 2020 21:18:01.430.23-08:00 R1 RM/6/RMDEBUG: LS ID: 10.0.5.5
May 25 2020 21:18:01.430.24-08:00 R1 RM/6/RMDEBUG: Adv Rtr: 10.0.4.4
May 25 2020 21:18:01.430.25-08:00 R1 RM/6/RMDEBUG: LSA Type 5
May 25 2020 21:18:01.430.26-08:00 R1 RM/6/RMDEBUG: LS ID: 10.0.5.0
May 25 2020 21:18:01.430.27-08:00 R1 RM/6/RMDEBUG: Adv Rtr: 10.0.5.5
May 25 2020 21:18:01.430.28-08:00 R1 RM/6/RMDEBUG: LSA Type 5
May 25 2020 21:18:01.430.29-08:00 R1 RM/6/RMDEBUG: LS ID: 10.0.45.0
May 25 2020 21:18:01.430.30-08:00 R1 RM/6/RMDEBUG: Adv Rtr: 10.0.5.5

The debugging information shows that R1 has sent LSR packets to R3 (the BDR) and R4
(the DR).
----End

1.3.3 Quiz
When does a Type 4 LSA exist, and what is its function?

1.3.4 Configuration Reference


Configuration on R1

#
sysname R1
#
interface GigabitEthernet0/0/1
ip address 10.0.123.1 255.255.255.0
#
interface LoopBack0
ip address 10.0.1.1 255.255.255.0
ospf network-type broadcast
#
ospf 1 router-id 10.0.1.1
area 0.0.0.0
network 10.0.123.1 0.0.0.0
area 0.0.0.2
network 10.0.1.1 0.0.0.0
#
HCIP-Datacom-Core Technology Lab Guide Page 58

Configuration on R2

#
sysname R2
#
interface GigabitEthernet0/0/1
ip address 10.0.123.2 255.255.255.0
ospf dr-priority 0
#
interface LoopBack0
ip address 10.0.2.2 255.255.255.0
ospf network-type broadcast
#
ospf 1 router-id 10.0.2.2
area 0.0.0.0
network 10.0.123.2 0.0.0.0
network 10.0.2.2 0.0.0.0
#

Configuration on R3

#
sysname R3
#
interface GigabitEthernet0/0/1
ip address 10.0.123.3 255.255.255.0
ospf dr-priority 254
#
interface LoopBack0
ip address 10.0.3.3 255.255.255.0
ospf network-type broadcast
#
ospf 1 router-id 10.0.3.3
area 0.0.0.0
network 10.0.123.3 0.0.0.0
network 10.0.3.3 0.0.0.0
#

Configuration on R4

#
sysname R4
#
interface GigabitEthernet0/0/1
ip address 10.0.123.4 255.255.255.0
ospf dr-priority 255
#
interface GigabitEthernet0/0/2
ip address 10.0.45.4 255.255.255.0
#
interface LoopBack0
ip address 10.0.4.4 255.255.255.0
ospf network-type broadcast
#
HCIP-Datacom-Core Technology Lab Guide Page 59

ospf 1 router-id 10.0.4.4


area 0.0.0.0
network 10.0.123.4 0.0.0.0
network 10.0.4.4 0.0.0.0
area 0.0.0.1
network 10.0.45.4 0.0.0.0
#

Configuration on R5

#
sysname R5
#
interface GigabitEthernet0/0/3
ip address 10.0.45.5 255.255.255.0
#
interface LoopBack0
ip address 10.0.5.5 255.255.255.0
ospf network-type broadcast
#
ospf 1 router-id 10.0.5.5
import-route direct
area 0.0.0.1
network 10.0.45.5 0.0.0.0
#

1.4 Lab 4: OSPF Stub Area and NSSA


1.4.1 Introduction
1.4.1.1 Objectives
Upon completion of this task, you will be able to:
⚫ Configure an OSPF stub area.
⚫ Configure an OSPF NSSA.
⚫ Describe the content in a Type 7 LSA.
⚫ Describe the process of translating Type 7 LSAs into Type 5 LSAs.
HCIP-Datacom-Core Technology Lab Guide Page 60

1.4.1.2 Networking Topology


Figure 1-4 OSPF stub area and NSSA

The preceding figure shows the device interconnection mode and IP address plan. The
OSPF areas are planned as follows:
1. The interconnection interfaces between R1 and R3 and R1's Loopback0 belong to
OSPF area 2.
2. The interconnection interfaces between R3 and R4 and their Loopback0 interfaces
belong to OSPF area 0.
3. The interconnection interfaces between R4 and R5 belong to OSPF area 1, and R5's
Loopback0 does not belong to any area.
4. The interconnection interfaces between R2 and R3 belong to OSPF area 3, and R2's
Loopback0 does not belong to any area.

1.4.1.3 Background
You are a network administrator of a company. The company's network has five AR
routers, among which R2, R3, and R4 reside in the headquarters. R5 and R1 reside in
different branches of the company.
To reduce the pressure on the devices in branches, area 1 is configured as an NSSA and
area 2 as a stub area.
To specify the router ID of each device, the devices are configured to use fixed IP
addresses as their router IDs.

1.4.2 Lab Configuration


1.4.2.1 Configuration Roadmap
1. Configure IP addresses for the devices.
2. Configure OSPF areas as planned.
3. Verify the OSPF configuration by checking the OSPF neighbor relationship status and
OSPF routing tables.
4. Configure R2 and R5 to import AS external routes to their OSPF routing tables.
5. Configure area 2 as a stub area, and observe the changes of the OSPF routing table
and LSDB in area 2.
HCIP-Datacom-Core Technology Lab Guide Page 61

6. Configure area 1 as an NSSA, and observe the changes of the OSPF routing table
and LSDB in area 1.
7. Check the OSPF role of R4, and observe the translation from Type 7 LSAs into Type 5
LSAs on R4.

1.4.2.2 Configuration Procedure


Step 1 Configure IP addresses for interconnection interfaces and loopback interfaces.

# Name the devices.


The configuration details are not provided.
# Disable the interfaces that are not used in this experiment.
The configuration details are not provided.
# Configure IP addresses for GE0/0/1 and Loopback0 of R1.

[R1]interface LoopBack0
[R1-LoopBack0] ip address 10.0.1.1 255.255.255.0
[R1-LoopBack0] quit
[R1]interface GigabitEthernet0/0/1
[R1-GigabitEthernet0/0/1] ip address 10.0.13.1 255.255.255.0
[R1-GigabitEthernet0/0/1] quit

# Configure IP addresses for GE0/0/2 and Loopback0 of R2.

[R2]interface GigabitEthernet0/0/2
[R2-GigabitEthernet0/0/2] ip address 10.0.23.2 255.255.255.0
[R2-GigabitEthernet0/0/2] quit
[R2]interface LoopBack0
[R2-LoopBack0] ip address 10.0.2.2 255.255.255.0
[R2-LoopBack0] quit

# Configure IP addresses for GE0/0/1, GE0/0/2, GE0/0/3, and Loopback0 of R3.

[R3]interface LoopBack0
[R3-LoopBack0] ip address 10.0.3.3 255.255.255.0
[R3-LoopBack0] quit
[R3]interface GigabitEthernet0/0/1
[R3-GigabitEthernet0/0/1] ip address 10.0.13.3 255.255.255.0
[R3-GigabitEthernet0/0/1] quit
[R3]interface GigabitEthernet0/0/2
[R3-GigabitEthernet0/0/2] ip address 10.0.34.3 255.255.255.0
[R3-GigabitEthernet0/0/2] quit
[R3]interface GigabitEthernet0/0/3
[R3-GigabitEthernet0/0/3] ip address 10.0.23.3 255.255.255.0
[R3-GigabitEthernet0/0/3] quit

# Configure IP addresses for GE0/0/2, GE0/0/3, and Loopback0 of R4.

[R4]interface LoopBack0
[R4-LoopBack0] ip address 10.0.4.4 255.255.255.0
[R4-LoopBack0] quit
[R4]interface GigabitEthernet0/0/2
[R4-GigabitEthernet0/0/2] ip address 10.0.45.4 255.255.255.0
HCIP-Datacom-Core Technology Lab Guide Page 62

[R4-GigabitEthernet0/0/2] quit
[R4]interface GigabitEthernet0/0/3
[R4-GigabitEthernet0/0/3] ip address 10.0.34.4 255.255.255.0
[R4-GigabitEthernet0/0/3] quit

# Configure IP addresses for GE0/0/3 and Loopback0 of R5.

[R5]interface LoopBack0
[R5-LoopBack0] ip address 10.0.5.5 255.255.255.0
[R5-LoopBack0] quit
[R5]interface GigabitEthernet0/0/3
[R5-GigabitEthernet0/0/3] ip address 10.0.45.5 255.255.255.0
[R5-GigabitEthernet0/0/3] quit

# On R3 and R5, ping the IP addresses of the interconnected devices to test the
connectivity.

<R3>ping -c 1 10.0.13.1
PING 10.0.13.1: 56 data bytes, press CTRL_C to break
Reply from 10.0.13.1: bytes=56 Sequence=1 ttl=255 time=40 ms

--- 10.0.13.1 ping statistics ---


1 packet(s) transmitted
1 packet(s) received
0.00% packet loss
round-trip min/avg/max = 40/40/40 ms

<R3>ping -c 1 10.0.23.2
PING 10.0.23.2: 56 data bytes, press CTRL_C to break
Reply from 10.0.23.2: bytes=56 Sequence=1 ttl=255 time=60 ms

--- 10.0.23.2 ping statistics ---


1 packet(s) transmitted
1 packet(s) received
0.00% packet loss
round-trip min/avg/max = 60/60/60 ms

<R3>ping -c 1 10.0.34.4
PING 10.0.34.4: 56 data bytes, press CTRL_C to break
Reply from 10.0.34.4: bytes=56 Sequence=1 ttl=255 time=60 ms

--- 10.0.34.4 ping statistics ---


1 packet(s) transmitted
1 packet(s) received
0.00% packet loss
round-trip min/avg/max = 60/60/60 ms

<R5>ping -c 1 10.0.45.4
PING 10.0.45.4: 56 data bytes, press CTRL_C to break
Reply from 10.0.45.4: bytes=56 Sequence=1 ttl=255 time=70 ms

--- 10.0.45.4 ping statistics ---


1 packet(s) transmitted
1 packet(s) received
0.00% packet loss
HCIP-Datacom-Core Technology Lab Guide Page 63

round-trip min/avg/max = 70/70/70 ms

Step 2 Configure multi-area OSPF.

Configure OSPF as planned. Manually specify the IP address of Loopback0 as the OSPF
router ID on each device, and change the network type of Loopback0 to broadcast.
# Configure R1.

[R1] ospf 1 router-id 10.0.1.1


[R1-ospf-1] area 0.0.0.2
[R1-ospf-1-area-0.0.0.2] network 10.0.1.1 0.0.0.0
[R1-ospf-1-area-0.0.0.2] network 10.0.13.1 0.0.0.0
[R1-ospf-1-area-0.0.0.2] quit
[R1-ospf-1] quit
[R1] interface LoopBack0
[R1-LoopBack0] ospf network-type broadcast

# Configure R2.

[R2] ospf 1 router-id 10.0.2.2


[R2-ospf-1] area 0.0.0.3
[R2-ospf-1-area-0.0.0.3] network 10.0.23.2 0.0.0.0
[R2-ospf-1-area-0.0.0.3] quit
[R2-ospf-1] quit
[R2] interface LoopBack0
[R2-LoopBack0] ospf network-type broadcast

# Configure R3.

[R3] ospf 1 router-id 10.0.3.3


[R3-ospf-1] area 0.0.0.0
[R3-ospf-1-area-0.0.0.0] network 10.0.3.3 0.0.0.0
[R3-ospf-1-area-0.0.0.0] network 10.0.34.3 0.0.0.0
[R3-ospf-1-area-0.0.0.0] area 0.0.0.2
[R3-ospf-1-area-0.0.0.2] network 10.0.13.3 0.0.0.0
[R3-ospf-1-area-0.0.0.2] area 0.0.0.3
[R3-ospf-1-area-0.0.0.3] network 10.0.23.3 0.0.0.0
[R3-ospf-1-area-0.0.0.3] quit
[R3-ospf-1] quit
[R3] interface LoopBack0
[R3-LoopBack0] ospf network-type broadcast

# Configure R4.

[R4] ospf 1 router-id 10.0.4.4


[R4-ospf-1] area 0.0.0.0
[R4-ospf-1-area-0.0.0.0] network 10.0.4.4 0.0.0.0
[R4-ospf-1-area-0.0.0.0] network 10.0.34.4 0.0.0.0
[R4-ospf-1-area-0.0.0.0] area 0.0.0.1
[R4-ospf-1-area-0.0.0.1] network 10.0.45.4 0.0.0.0
[R4-ospf-1-area-0.0.0.1] quit
[R4-ospf-1] quit
[R4] interface LoopBack0
[R4-LoopBack0] ospf network-type broadcast
HCIP-Datacom-Core Technology Lab Guide Page 64

# Configure R5.

[R5] ospf 1 router-id 10.0.5.5


[R5-ospf-1] area 1
[R5-ospf-1-area-0.0.0.1] network 10.0.45.5 0.0.0.0
[R5-ospf-1-area-0.0.0.1] quit
[R5-ospf-1] quit
[R5] interface LoopBack0
[R5-LoopBack0] ospf network-type broadcast

Step 3 Verify the multi-area OSPF configuration.

# Check the brief information about OSPF neighbor relationships on R3.

<R3>display ospf peer brief

OSPF Process 1 with Router ID 10.0.3.3


Peer Statistic Information
----------------------------------------------------------------------------
Area Id Interface Neighbor id State
0.0.0.0 GigabitEthernet0/0/2 10.0.4.4 Full
0.0.0.2 GigabitEthernet0/0/1 10.0.1.1 Full
0.0.0.3 GigabitEthernet0/0/3 10.0.2.2 Full
----------------------------------------------------------------------------

# Check the brief information about OSPF neighbor relationships on R5.

<R5>display ospf peer brief

OSPF Process 1 with Router ID 10.0.5.5


Peer Statistic Information
----------------------------------------------------------------------------
Area Id Interface Neighbor id State
0.0.0.1 GigabitEthernet0/0/3 10.0.4.4 Full
----------------------------------------------------------------------------

The command outputs show that the OSPF neighbor relationships between all devices
are normal.
# Check the OSPF routing table on R3.

<R3>display ospf routing

OSPF Process 1 with Router ID 10.0.3.3


Routing Tables

Routing for Network


Destination Cost Type NextHop AdvRouter Area
10.0.3.0/24 0 Stub 10.0.3.3 10.0.3.3 0.0.0.0
10.0.13.0/24 1 Transit 10.0.13.3 10.0.3.3 0.0.0.2
10.0.23.0/24 1 Transit 10.0.23.3 10.0.3.3 0.0.0.3
10.0.34.0/24 1 Transit 10.0.34.3 10.0.3.3 0.0.0.0
10.0.1.0/24 1 Stub 10.0.13.1 10.0.1.1 0.0.0.2
10.0.4.0/24 1 Stub 10.0.34.4 10.0.4.4 0.0.0.0
10.0.45.0/24 2 Inter-area 10.0.34.4 10.0.4.4 0.0.0.0
HCIP-Datacom-Core Technology Lab Guide Page 65

Total Nets: 7
Intra Area: 6 Inter Area: 1 ASE: 0 NSSA: 0

R3 has learned the routes to all interfaces except R2's Loopback0 and R5's Loopback0
because the two Loopback0 interfaces do not have OSPF activated.

Step 4 Import AS external routes into the OSPF routing tables.

# Configure R5 to import the Loopback0 route to its OSPF routing table.

[R5] ospf 1
[R5-ospf-1] import-route direct

# Configure a default route on R2, with Loopback0 specified as the outbound interface.
Configure R2 to import the default route to its OSPF routing table, with the type of the
external route being set to type 1, cost being set to 20, and the always parameter not
specified.

[R2] ip route-static 0.0.0.0 0.0.0.0 LoopBack 0


[R2] ospf 1
[R2-ospf-1] default-route-advertise type 1 cost 20

# Check the imported external routes on R3 and test their connectivity.

<R3>display ospf routing 0.0.0.0

OSPF Process 1 with Router ID 10.0.3.3

Destination : 0.0.0.0/0
AdverRouter : 10.0.2.2 Tag :1
Cost : 21 Type : Type1
NextHop : 10.0.23.2 Interface : GigabitEthernet0/0/3
Priority : Low Age : 00h01m15s

<R3>display ospf routing 10.0.5.5

OSPF Process 1 with Router ID 10.0.3.3

Destination : 10.0.5.0/24
AdverRouter : 10.0.5.5 Tag :1
Cost : 1 Type : Type2
NextHop : 10.0.34.4 Interface : GigabitEthernet0/0/2
Priority : Low Age : 00h05m20s

<R3>ping -c 1 10.0.5.5
PING 10.0.5.5: 56 data bytes, press CTRL_C to break
Reply from 10.0.5.5: bytes=56 Sequence=1 ttl=254 time=50 ms

--- 10.0.5.5 ping statistics ---


1 packet(s) transmitted
1 packet(s) received
0.00% packet loss
round-trip min/avg/max = 50/50/50 ms
HCIP-Datacom-Core Technology Lab Guide Page 66

<R3>ping -c 1 10.0.2.2
PING 10.0.2.2: 56 data bytes, press CTRL_C to break
Reply from 10.0.2.2: bytes=56 Sequence=1 ttl=255 time=50 ms

--- 10.0.2.2 ping statistics ---


1 packet(s) transmitted
1 packet(s) received
0.00% packet loss
round-trip min/avg/max = 50/50/50 ms

Step 5 Configure area 2 as a stub area.

# Check the OSPF routing table on R1.

<R1>display ospf routing

OSPF Process 1 with Router ID 10.0.1.1


Routing Tables

Routing for Network


Destination Cost Type NextHop AdvRouter Area
10.0.1.0/24 0 Stub 10.0.1.1 10.0.1.1 0.0.0.2
10.0.13.0/24 1 Transit 10.0.13.1 10.0.1.1 0.0.0.2
10.0.3.0/24 1 Inter-area 10.0.13.3 10.0.3.3 0.0.0.2
10.0.4.0/24 2 Inter-area 10.0.13.3 10.0.3.3 0.0.0.2
10.0.23.0/24 2 Inter-area 10.0.13.3 10.0.3.3 0.0.0.2
10.0.34.0/24 2 Inter-area 10.0.13.3 10.0.3.3 0.0.0.2
10.0.45.0/24 3 Inter-area 10.0.13.3 10.0.3.3 0.0.0.2

Routing for ASEs


Destination Cost Type Tag NextHop AdvRouter
0.0.0.0/0 22 Type1 1 10.0.13.3 10.0.2.2
10.0.5.0/24 1 Type2 1 10.0.13.3 10.0.5.5

Total Nets: 9
Intra Area: 2 Inter Area: 5 ASE: 2 NSSA: 0

The command output shows that the default route is an OSPF external route.
# Configure area 2 as a stub area on R1 and R3.

[R1] ospf 1
[R1-ospf-1] area 0.0.0.2
[R1-ospf-1-area-0.0.0.2] stub

[R3] ospf 1
[R3-ospf-1] area 0.0.0.2
[R3-ospf-1-area-0.0.0.2] stub

# Check the OSPF routing table on R1 again.

<R1>display ospf routing

OSPF Process 1 with Router ID 10.0.1.1


Routing Tables
HCIP-Datacom-Core Technology Lab Guide Page 67

Routing for Network


Destination Cost Type NextHop AdvRouter Area
10.0.1.0/24 0 Stub 10.0.1.1 10.0.1.1 0.0.0.2
10.0.13.0/24 1 Transit 10.0.13.1 10.0.1.1 0.0.0.2
0.0.0.0/0 2 Inter-area 10.0.13.3 10.0.3.3 0.0.0.2
10.0.3.0/24 1 Inter-area 10.0.13.3 10.0.3.3 0.0.0.2
10.0.4.0/24 2 Inter-area 10.0.13.3 10.0.3.3 0.0.0.2
10.0.23.0/24 2 Inter-area 10.0.13.3 10.0.3.3 0.0.0.2
10.0.34.0/24 2 Inter-area 10.0.13.3 10.0.3.3 0.0.0.2
10.0.45.0/24 3 Inter-area 10.0.13.3 10.0.3.3 0.0.0.2

Total Nets: 8
Intra Area: 2 Inter Area: 6 ASE: 0 NSSA: 0

In this case, R1 does not have any OSPF external route. The original OSPF external routes
0.0.0.0/0 and 10.0.5.0/24 have been replaced by a default OSPF inter-area route.
# Check the OSPF LSDB on R1.

<R1>display ospf lsdb

OSPF Process 1with Router ID 10.0.1.1


Link State Database

Area: 0.0.0.2
Type LinkState ID AdvRouter Age Len Sequence Metric
Router 10.0.3.3 10.0.3.3 628 36 80000004 1
Router 10.0.1.1 10.0.1.1 619 48 80000007 0
Network 10.0.13.1 10.0.1.1 619 32 80000002 0
Sum-Net 0.0.0.0 10.0.3.3 631 28 80000001 1
Sum-Net 10.0.34.0 10.0.3.3 631 28 80000001 1
Sum-Net 10.0.3.0 10.0.3.3 631 28 80000001 0
Sum-Net 10.0.4.0 10.0.3.3 631 28 80000001 1
Sum-Net 10.0.45.0 10.0.3.3 631 28 80000001 2
Sum-Net 10.0.23.0 10.0.3.3 631 28 80000001 1

R1 does not have Type 4 or Type 5 LSAs. The default route carried in the Type 3 LSA
generated by the ABR is used to reach a destination outside the OSPF domain. In
addition, Type 3 LSAs destined for other areas still exist.
This proves that an ABR blocks the transmission of Type 4 and Type 5 LSAs to the area
that has been configured as a stub area and instead floods a default route destined for
the ABR itself in this area through a Type 3 LSA.
# Configure area 2 as a totally stubby area on R3.

[R3] ospf 1
[R3-ospf-1] area 0.0.0.2
[R3-ospf-1-area-0.0.0.2] stub no-summary

# Check the OSPF routing table and LSDB on R1 again.

<R1>display ospf routing

OSPF Process 1 with Router ID 10.0.1.1


Routing Tables
HCIP-Datacom-Core Technology Lab Guide Page 68

Routing for Network


Destination Cost Type NextHop AdvRouter Area
10.0.1.0/24 0 Stub 10.0.1.1 10.0.1.1 0.0.0.2
10.0.13.0/24 1 Transit 10.0.13.1 10.0.1.1 0.0.0.2
0.0.0.0/0 2 Inter-area 10.0.13.3 10.0.3.3 0.0.0.2

Total Nets: 3
Intra Area: 2 Inter Area: 1 ASE: 0 NSSA: 0

<R1>display ospf lsdb

OSPF Process 1with Router ID 10.0.1.1


Link State Database

Area: 0.0.0.2
Type LinkState ID AdvRouter Age Len Sequence Metric
Router 10.0.3.3 10.0.3.3 125 36 80000005 1
Router 10.0.1.1 10.0.1.1 121 48 8000000C 0
Network 10.0.13.1 10.0.1.1 121 32 80000002 0
Sum-Net 0.0.0.0 10.0.3.3 961 28 80000001 1

The originally multiple OSPF inter-area routes have been replaced with only one default
route 0.0.0.0/0, and the LSDB contains only one Type 3 LSA 0.0.0.0.
This proves that the ABR in a totally stubby area blocks Type 3, Type 4, and Type 5 LSAs
and instead generates a Type 3 LSA to advertise a default route destined for the ABR
itself.

Step 6 Configure area 1 as an NSSA.

# Check the OSPF routing table on R4.

<R4>display ospf routing

OSPF Process 1 with Router ID 10.0.4.4


Routing Tables

Routing for Network


Destination Cost Type NextHop AdvRouter Area
10.0.4.0/24 0 Stub 10.0.4.4 10.0.4.4 0.0.0.0
10.0.34.0/24 1 Transit 10.0.34.4 10.0.4.4 0.0.0.0
10.0.45.0/24 1 Transit 10.0.45.4 10.0.4.4 0.0.0.1
10.0.1.0/24 2 Inter-area 10.0.34.3 10.0.3.3 0.0.0.0
10.0.3.0/24 1 Stub 10.0.34.3 10.0.3.3 0.0.0.0
10.0.13.0/24 2 Inter-area 10.0.34.3 10.0.3.3 0.0.0.0
10.0.23.0/24 2 Inter-area 10.0.34.3 10.0.3.3 0.0.0.0

Routing for ASEs


Destination Cost Type Tag NextHop AdvRouter
0.0.0.0/0 22 Type1 1 10.0.34.3 10.0.2.2
10.0.5.0/24 1 Type2 1 10.0.45.5 10.0.5.5

Total Nets: 9
Intra Area: 4 Inter Area: 3 ASE: 2 NSSA: 0
HCIP-Datacom-Core Technology Lab Guide Page 69

The command output shows that R5 has an external route 10.0.5.0/24 described by a
Type 5 LSA.
# Check the OSPF routing table on R5.

<R5>display ospf routing

OSPF Process 1 with Router ID 10.0.5.5


Routing Tables

Routing for Network


Destination Cost Type NextHop AdvRouter Area
10.0.45.0/24 1 Transit 10.0.45.5 10.0.5.5 0.0.0.1
10.0.1.0/24 3 Inter-area 10.0.45.4 10.0.4.4 0.0.0.1
10.0.3.0/24 2 Inter-area 10.0.45.4 10.0.4.4 0.0.0.1
10.0.4.0/24 1 Inter-area 10.0.45.4 10.0.4.4 0.0.0.1
10.0.13.0/24 3 Inter-area 10.0.45.4 10.0.4.4 0.0.0.1
10.0.23.0/24 3 Inter-area 10.0.45.4 10.0.4.4 0.0.0.1
10.0.34.0/24 2 Inter-area 10.0.45.4 10.0.4.4 0.0.0.1

Routing for ASEs


Destination Cost Type Tag NextHop AdvRouter
0.0.0.0/0 23 Type1 1 10.0.45.4 10.0.2.2

Total Nets: 8
Intra Area: 1 Inter Area: 6 ASE: 1 NSSA: 0

The default route in the OSPF routing table of R5 is described by a Type 5 LSA, which is
generated by R2.
# Configure area 1 as an NSSA on R4 and R5.

[R4]ospf 1
[R4-ospf-1] area 0.0.0.1
[R4-ospf-1-area-0.0.0.1] nssa

[R5]ospf 1
[R5-ospf-1] area 0.0.0.1
[R5-ospf-1-area-0.0.0.1] nssa

# Check the OSPF routing table on R5 again.

<R5>display ospf routing

OSPF Process 1 with Router ID 10.0.5.5


Routing Tables

Routing for Network


Destination Cost Type NextHop AdvRouter Area
10.0.45.0/24 1 Transit 10.0.45.5 10.0.5.5 0.0.0.1
10.0.1.0/24 3 Inter-area 10.0.45.4 10.0.4.4 0.0.0.1
10.0.3.0/24 2 Inter-area 10.0.45.4 10.0.4.4 0.0.0.1
10.0.4.0/24 1 Inter-area 10.0.45.4 10.0.4.4 0.0.0.1
10.0.13.0/24 3 Inter-area 10.0.45.4 10.0.4.4 0.0.0.1
10.0.23.0/24 3 Inter-area 10.0.45.4 10.0.4.4 0.0.0.1
10.0.34.0/24 2 Inter-area 10.0.45.4 10.0.4.4 0.0.0.1
HCIP-Datacom-Core Technology Lab Guide Page 70

Routing for NSSAs


Destination Cost Type Tag NextHop AdvRouter
0.0.0.0/0 1 Type2 1 10.0.45.4 10.0.4.4

Total Nets: 8
Intra Area: 1 Inter Area: 6 ASE: 0 NSSA: 1

The command output shows that there is no default route advertised by R2. Instead,
there is an OSPF default route described by a Type 7 LSA, which is advertised by R4.
# Check the LSDB on R5.

<R5>display ospf lsdb

OSPF Process 1with Router ID 10.0.5.5


Link State Database

Area: 0.0.0.1
Type LinkState ID AdvRouter Age Len Sequence Metric
Router 10.0.5.5 10.0.5.5 100 36 80000005 1
Router 10.0.4.4 10.0.4.4 105 36 80000005 1
Network 10.0.45.5 10.0.5.5 100 32 80000002 0
Sum-Net 10.0.34.0 10.0.4.4 151 28 80000001 1
Sum-Net 10.0.13.0 10.0.4.4 151 28 80000001 2
Sum-Net 10.0.3.0 10.0.4.4 151 28 80000001 1
Sum-Net 10.0.1.0 10.0.4.4 151 28 80000001 2
Sum-Net 10.0.4.0 10.0.4.4 151 28 80000001 0
Sum-Net 10.0.23.0 10.0.4.4 151 28 80000001 2
NSSA 10.0.5.0 10.0.5.5 143 36 80000001 1
NSSA 10.0.45.0 10.0.5.5 143 36 80000002 1
NSSA 0.0.0.0 10.0.4.4 151 36 80000001 1

The command output shows no Type 4 or Type 5 LSAs. Instead, external routes exist in
the form of Type 7 LSAs (NSSA-LSAs).
# Check the OSPF routing table on R4.

[R4]display ospf routing

OSPF Process 1 with Router ID 10.0.4.4


Routing Tables

Routing for Network


Destination Cost Type NextHop AdvRouter Area
10.0.4.0/24 0 Stub 10.0.4.4 10.0.4.4 0.0.0.0
10.0.34.0/24 1 Transit 10.0.34.4 10.0.4.4 0.0.0.0
10.0.45.0/24 1 Transit 10.0.45.4 10.0.4.4 0.0.0.1
10.0.1.0/24 2 Inter-area 10.0.34.3 10.0.3.3 0.0.0.0
10.0.3.0/24 1 Stub 10.0.34.3 10.0.3.3 0.0.0.0
10.0.13.0/24 2 Inter-area 10.0.34.3 10.0.3.3 0.0.0.0
10.0.23.0/24 2 Inter-area 10.0.34.3 10.0.3.3 0.0.0.0

Routing for ASEs


Destination Cost Type Tag NextHop AdvRouter
0.0.0.0/0 22 Type1 1 10.0.34.3 10.0.2.2
HCIP-Datacom-Core Technology Lab Guide Page 71

Routing for NSSAs


Destination Cost Type Tag NextHop AdvRouter
10.0.5.0/24 1 Type2 1 10.0.45.5 10.0.5.5

Total Nets: 9
Intra Area: 4 Inter Area: 3 ASE: 1 NSSA: 1

The external route 10.0.5.0/24 imported by R5 is described in a Type 7 LSA.


This proves that the ABR in the NSSA blocks external Type 4 and Type 5 LSAs from being
transmitted to this area and the ABR delivers a default route described by a Type 7 LSA to
the NSSA. The ASBR delivers Type 7 LSAs to the NSSA to describe the AS external routes
imported to this area.

Step 7 Observe the impact of the NSSA on OSPF.

# Check the brief OSPF information on R4.

<R4>display ospf brief

OSPF Process 1 with Router ID 10.0.4.4


OSPF Protocol Information

RouterID: 10.0.4.4 Border Router: AREA AS NSSA


Multi-VPN-Instance is not enabled
Global DS-TE Mode : Non-Standard IETF Mode
Spf-schedule-interval : max 10000ms, start 500ms, hold 1000ms
DefaultASE parameters : Metric: 1Tag: 1Type: 2
Route Preference : 10
ASE Route Preference : 150
SPF Computation Count : 22
RFC 1583Compatible
Retransmission limitation is disabled
Area Count: 2 Nssa Area Count : 1
ExChange/Loading Neighbors : 0

Area: 0.0.0.0 (MPLS TE not enabled)


Authtype: None Area flag : Normal
SPF scheduled Count : 22
ExChange/Loading Neighbors : 0
Router ID conflict state : Normal

Interface: 10.0.4.4 (LoopBack0)


Cost: 0 State: DR Type: Broadcast MTU: 1500
Priority :1
Designated Router : 10.0.4.4
Backup Designated Router : 0.0.0.0
Timers: Hello 10 , Dead 40 , Poll 120 , Retransmit 5 , Transmit Delay 1

Interface: 10.0.34.4 (GigabitEthernet0/0/3)


Cost:1 State: BDR Type : Broadcast MTU: 1500
Priority :1
Designated Router : 10.0.34.3
Backup Designated Router : 10.0.34.4
Timers: Hello 10 , Dead 40 , Poll 120 , Retransmit 5 , Transmit Delay 1
HCIP-Datacom-Core Technology Lab Guide Page 72

Area: 0.0.0.1 (MPLS TE not enabled)


Authtype: None Area flag : NSSA
SPF scheduled Count :6
ExChange/Loading Neighbors : 0
NSSA Translator State : Elected
Router ID conflict state : Normal

Interface: 10.0.45.4 (GigabitEthernet0/0/2)


Cost: 1 State: BDR Type: Broadcast MTU: 1500
Priority: 1
Designated Router : 10.0.45.5
Backup Designated Router : 10.0.45.4
Timers: Hello 10 , Dead 40, Poll 120 , Retransmit 5 , Transmit Delay 1

The Border Router field is displayed as AREA AS NSSA, indicating that R4 is both an
ABR and an ASBR and has one or more interfaces belonging to the NSSA.
# On R4, observe the process of translating Type 7 LSAs into Type 5 LSAs. The following
uses the LSA 10.0.5.0/24 as an example to describe how routing information is
transmitted.

<R4>display ospf lsdb nssa 10.0.5.0

OSPF Process 1 with Router ID 10.0.4.4


Area: 0.0.0.0
Link State Database

Area: 0.0.0.1
Link State Database

Type : NSSA
Ls id : 10.0.5.0
Adv rtr : 10.0.5.5
Ls age : 587
Len : 36
Options : NP
seq# : 80000001
chksum : 0x3336
Netmask : 255.255.255.0
TOS 0 Metric: 1
Etype :2
Forwarding Address : 10.0.45.5
Tag :1
Priority : Low

In the Type 7 LSA that describes the route 10.0.5.0/24, the value of the Options field is
NP, indicating that the LSA can be translated into a Type 5 LSA by the ABR.
# Check the Type 5 LSA generated on R4 to describe the route 10.0.5.0/24.

<R4>display ospf lsdb ase 10.0.5.0

OSPF Process 1 with Router ID 10.0.4.4


Link State Database
HCIP-Datacom-Core Technology Lab Guide Page 73

Type : External
Ls id : 10.0.5.0
Adv rtr : 10.0.4.4
Ls age : 753
Len : 36
Options :E
seq# : 80000001
chksum : 0xb6bc
Netmask : 255.255.255.0
TOS 0 Metric: 1
Etype :2
Forwarding Address : 10.0.45.5
Tag :1
Priority : Low

The Type 5 LSA carries the same Ls id, Net mask, and Forwarding Address fields as
those in the Type 7 LSA. However, the value of the Adv rtr field is changed from 10.0.5.5
to 10.0.4.4, indicating that the Type 5 LSA is generated by R4.
----End

1.4.3 Quiz
In which scenarios is an NSSA applicable?

1.4.4 Configuration Reference


Configuration on R1

#
sysname R1
#
interface GigabitEthernet0/0/1
ip address 10.0.13.1 255.255.255.0
#
interface LoopBack0
ip address 10.0.1.1 255.255.255.0
ospf network-type broadcast
#
ospf 1 router-id 10.0.1.1
area 0.0.0.2
network 10.0.1.1 0.0.0.0
network 10.0.13.1 0.0.0.0
stub
#

Configuration on R2

#
sysname R2
#
interface GigabitEthernet0/0/2
HCIP-Datacom-Core Technology Lab Guide Page 74

ip address 10.0.23.2 255.255.255.0


#
interface LoopBack0
ip address 10.0.2.2 255.255.255.0
ospf network-type broadcast
#
ospf 1 router-id 10.0.2.2
default-route-advertise cost 20 type 1
area 0.0.0.3
network 10.0.23.2 0.0.0.0
#
ip route-static 0.0.0.0 0.0.0.0 LoopBack0
#

Configuration on R3

#
sysname R3
#
interface GigabitEthernet0/0/1
ip address 10.0.13.3 255.255.255.0
#
interface GigabitEthernet0/0/2
ip address 10.0.34.3 255.255.255.0
#
interface GigabitEthernet0/0/3
ip address 10.0.23.3 255.255.255.0
#
interface LoopBack0
ip address 10.0.3.3 255.255.255.0
ospf network-type broadcast
#
ospf 1 router-id 10.0.3.3
area 0.0.0.0
network 10.0.3.3 0.0.0.0
network 10.0.34.3 0.0.0.0
area 0.0.0.2
network 10.0.13.3 0.0.0.0
stub no-summary
area 0.0.0.3
network 10.0.23.3 0.0.0.0
#

Configuration on R4

#
sysname R4
#
interface GigabitEthernet0/0/2
ip address 10.0.45.4 255.255.255.0
#
interface GigabitEthernet0/0/3
ip address 10.0.34.4 255.255.255.0
#
interface LoopBack0
HCIP-Datacom-Core Technology Lab Guide Page 75

ip address 10.0.4.4 255.255.255.0


ospf network-type broadcast
#
ospf 1 router-id 10.0.4.4
area 0.0.0.0
network 10.0.4.4 0.0.0.0
network 10.0.34.4 0.0.0.0
area 0.0.0.1
network 10.0.45.4 0.0.0.0
nssa
#

Configuration on R5

#
sysname R5
#
interface GigabitEthernet0/0/3
ip address 10.0.45.5 255.255.255.0
#
interface LoopBack0
ip address 10.0.5.5 255.255.255.0
ospf network-type broadcast
#
ospf 1 router-id 10.0.5.5
import-route direct
area 0.0.0.1
network 10.0.45.5 0.0.0.0
nssa
#
HCIP-Datacom-Core Technology Lab Guide Page 76

2 IS-IS Basics Experiment

2.1 IS-IS Configuration Experiment


2.1.1 Introduction
2.1.1.1 Objectives
Upon completion of this task, you will be able to:
⚫ Perform basic IS-IS configurations.
⚫ Change the IS-IS DIS priority.
⚫ Change the IS-IS network type.
⚫ Import external routes to IS-IS.
⚫ Change the IS-IS interface cost.
⚫ Configure IS-IS route leaking.

2.1.1.2 Networking Topology


Figure 2-1 IS-IS topology

The preceding figure shows the IP addresses, IS-IS areas, and IS-IS router levels. R1, R2,
and R3 belong to area 49.0001, and R4 and R5 belong to area 49.0002. Loopback0
interfaces are created on all routers, and their IP addresses are in the format of
10.0.x.x/32, where x indicates the device ID.

2.1.1.3 Background
A customer's network uses IS-IS as an IGP. R4 and R5 are Level-2 routers and run in area
49.0002. R1, R2, and R3 belong to area 49.0001. R1 is a Level-1 router, whereas R2 and
R3 are Level-1-2 routers. R5 imports an external route 192.168.1.0/24.
HCIP-Datacom-Core Technology Lab Guide Page 77

Requirements: R1 can access the destination of the external route imported by R5.
GE0/0/1 of R1 functions as the DIS. Bidirectional traffic between R1 and R5 is forwarded
along the path between R3 and R4. You can control the route selection result by
changing the cost or configuring route leaking as required.

2.1.2 Lab Configuration


2.1.2.1 Configuration Roadmap
1. Configure IP addresses for the devices.
2. Configure IS-IS as planned.
3. Check IS-IS configurations and IS-IS neighbor information on R1 and R4.
4. Manually change the DIS priority of R1's GE0/0/1 so that R1 becomes the DIS.
5. Create Loopback1 on R5 and import Loopback1's route as an external route to IS-IS.
Check the IS-IS routing tables on R4 and R1, and test the connectivity between R1
and the destination address of the external route.
6. Manually change the IS-IS cost of GE0/0/3 on R4 so that R4 preferentially selects the
route with R2 as the next hop to R1.
7. Configure IS-IS route leaking on R3 so that R1 learns specific routes in the Level-2
area from R3. Based on the longest match rule, R1 preferentially selects the specific
route with the next hop being R3 to the Level-2 area.

2.1.2.2 Configuration Procedure


Step 1 Configure IP addresses for the interconnection and loopback interfaces.

# Name the devices.


The configuration details are not provided.
# Disable the interfaces that are not used in this experiment.
The configuration details are not provided.
# Configure IP addresses for GE0/0/1 and Loopback0 of R1.

[R1]interface LoopBack0
[R1-LoopBack0] ip address 10.0.1.1 255.255.255.255
[R1-LoopBack0] quit
[R1]interface GigabitEthernet0/0/1
[R1-GigabitEthernet0/0/1] ip address 10.0.123.1 255.255.255.0
[R1-GigabitEthernet0/0/1] quit

# Configure IP addresses for GE0/0/1, GE0/0/5, and Loopback0 of R2.

[R2]interface LoopBack0
[R2-LoopBack0] ip address 10.0.2.2 255.255.255.255
[R2-LoopBack0] quit
[R2]interface GigabitEthernet0/0/1
[R2-GigabitEthernet0/0/1] ip address 10.0.123.2 255.255.255.0
[R2-GigabitEthernet0/0/1] quit
[R2]interface GigabitEthernet0/0/5
[R2-GigabitEthernet0/0/5] ip address 10.0.24.2 255.255.255.0
[R2-GigabitEthernet0/0/5] quit
HCIP-Datacom-Core Technology Lab Guide Page 78

# Configure IP addresses for GE0/0/1, GE0/0/2, and Loopback0 of R3.

[R3]interface LoopBack0
[R3-LoopBack0] ip address 10.0.3.3 255.255.255.255
[R3-LoopBack0] quit
[R3]interface GigabitEthernet0/0/1
[R3-GigabitEthernet0/0/1] ip address 10.0.123.3 255.255.255.0
[R3-GigabitEthernet0/0/1] quit
[R3]interface GigabitEthernet0/0/2
[R3-GigabitEthernet0/0/2] ip address 10.0.34.3 255.255.255.0
[R3-GigabitEthernet0/0/2] quit

# Configure IP addresses for GE0/0/2, GE0/0/3, GE0/0/5, and Loopback0 of R4.

[R4]interface LoopBack0
[R4-LoopBack0] ip address 10.0.4.4 255.255.255.255
[R4-LoopBack0] quit
[R4]interface GigabitEthernet0/0/2
[R4-GigabitEthernet0/0/2] ip address 10.0.45.4 255.255.255.0
[R4-GigabitEthernet0/0/2] quit
[R4]interface GigabitEthernet0/0/5
[R4-GigabitEthernet0/0/5] ip address 10.0.24.4 255.255.255.0
[R4-GigabitEthernet0/0/5] quit
[R4]interface GigabitEthernet0/0/3
[R4-GigabitEthernet0/0/3] ip address 10.0.34.4 255.255.255.0
[R4-GigabitEthernet0/0/3] quit

# Configure IP addresses for GE0/0/3 and Loopback0 of R5.

[R5]interface LoopBack0
[R5-LoopBack0] ip address 10.0.5.5 255.255.255.255
[R5-LoopBack0] quit
[R5]interface GigabitEthernet0/0/3
[R5-GigabitEthernet0/0/3] ip address 10.0.45.5 255.255.255.0
[R5-GigabitEthernet0/0/3] quit

# On R1 and R4, ping the IP addresses of the interconnected devices to test the
connectivity.

<R1>ping -c 1 10.0.123.2
PING 10.0.123.2: 56 data bytes, press CTRL_C to break
Reply from 10.0.123.2: bytes=56 Sequence=1 ttl=255 time=90 ms

--- 10.0.123.2 ping statistics ---


1 packet(s) transmitted
1 packet(s) received
0.00% packet loss
round-trip min/avg/max = 90/90/90 ms

<R1>ping -c 1 10.0.123.3
PING 10.0.123.3: 56 data bytes, press CTRL_C to break
Reply from 10.0.123.3: bytes=56 Sequence=1 ttl=255 time=140 ms

--- 10.0.123.3 ping statistics ---


1 packet(s) transmitted
HCIP-Datacom-Core Technology Lab Guide Page 79

1 packet(s) received
0.00% packet loss
round-trip min/avg/max = 140/140/140 ms

<R4>ping -c 1 10.0.24.2
PING 10.0.24.2: 56 data bytes, press CTRL_C to break
Reply from 10.0.24.2: bytes=56 Sequence=1 ttl=255 time=70 ms

--- 10.0.24.2 ping statistics ---


1 packet(s) transmitted
1 packet(s) received
0.00% packet loss
round-trip min/avg/max = 70/70/70 ms

<R4>ping -c 1 10.0.34.3
PING 10.0.34.3: 56 data bytes, press CTRL_C to break
Reply from 10.0.34.3: bytes=56 Sequence=1 ttl=255 time=60 ms

--- 10.0.34.3 ping statistics ---


1 packet(s) transmitted
1 packet(s) received
0.00% packet loss
round-trip min/avg/max = 60/60/60 ms

<R4>ping -c 1 10.0.45.5
PING 10.0.45.5: 56 data bytes, press CTRL_C to break
Reply from 10.0.45.5: bytes=56 Sequence=1 ttl=255 time=50 ms

--- 10.0.45.5 ping statistics ---


1 packet(s) transmitted
1 packet(s) received
0.00% packet loss
round-trip min/avg/max = 50/50/50 ms

Step 2 Configure IS-IS.

Configure IS-IS process 1 on each router, and use the device ID of each device when
setting NETs. For example, set the NET of R1 to 49.0001.0000.0000.0001.00.
# Configure R1.

[R1]isis 1
[R1-isis-1] is-level level-1
[R1-isis-1] network-entity 49.0001.0000.0000.0001.00
[R1-isis-1] quit
[R1]interface LoopBack0
[R1-LoopBack0] isis enable 1
[R1-LoopBack0] quit
[R1]interface GigabitEthernet0/0/1
[R1-GigabitEthernet0/0/1] isis enable 1
[R1-GigabitEthernet0/0/1] quit

# Configure R2.

[R2]isis 1
[R2-isis-1] network-entity 49.0001.0000.0000.0002.00
HCIP-Datacom-Core Technology Lab Guide Page 80

[R2-isis-1] quit
[R2]interface LoopBack0
[R2-LoopBack0] isis enable 1
[R2-LoopBack0] quit
[R2]interface GigabitEthernet0/0/1
[R2-GigabitEthernet0/0/1] isis enable 1
[R2-GigabitEthernet0/0/1] quit
[R2]interface GigabitEthernet0/0/5
[R2-GigabitEthernet0/0/5] isis enable 1
[R2-GigabitEthernet0/0/5] quit

# Configure R3.

[R3]isis
[R3-isis-1] network-entity 49.0001.0000.0000.0003.00
[R3-isis-1] quit
[R3]interface LoopBack0
[R3-LoopBack0] ip address 10.0.3.3 255.255.255.255
[R3-LoopBack0] isis enable 1
[R3-LoopBack0] quit
[R3]interface GigabitEthernet0/0/1
[R3-GigabitEthernet0/0/1] isis enable 1
[R3-GigabitEthernet0/0/1] quit
[R3]interface GigabitEthernet0/0/2
[R3-GigabitEthernet0/0/2] isis enable 1
[R3-GigabitEthernet0/0/2] quit

# Configure R4.

[R4]isis 1
[R4-isis-1] is-level level-2
[R4-isis-1] network-entity 49.0002.0000.0000.0004.00
[R4-isis-1] quit
[R4]interface LoopBack0
[R4-LoopBack0] isis enable 1
[R4-LoopBack0] quit
[R4]interface GigabitEthernet0/0/2
[R4-GigabitEthernet0/0/2] isis enable 1
[R4-GigabitEthernet0/0/2] quit
[R4]interface GigabitEthernet0/0/3
[R4-GigabitEthernet0/0/3] isis enable 1
[R4-GigabitEthernet0/0/3] quit
[R4]interface GigabitEthernet0/0/5
[R4-GigabitEthernet0/0/5] isis enable 1
[R4-GigabitEthernet0/0/5] quit

# Configure R5.

[R5]isis 1
[R5-isis-1] is-level level-2
[R5-isis-1] network-entity 49.0002.0000.0000.0005.00
[R5-isis-1] quit
[R5]interface LoopBack0
[R5-LoopBack0] isis enable 1
[R5-LoopBack0] quit
HCIP-Datacom-Core Technology Lab Guide Page 81

[R5]interface GigabitEthernet0/0/3
[R5-GigabitEthernet0/0/3] isis enable 1
[R5-GigabitEthernet0/0/3] quit

# To ensure security, configure IS-IS interface authentication, with the authentication


mode being MD5, and the password being huawei.

[R1]interface GigabitEthernet0/0/1
[R1-GigabitEthernet0/0/1] isis authentication-mode md5 huawei
[R1-GigabitEthernet0/0/1] quit

[R2]interface GigabitEthernet0/0/1
[R2-GigabitEthernet0/0/1] isis authentication-mode md5 huawei
[R2-GigabitEthernet0/0/1] quit
[R2]interface GigabitEthernet0/0/5
[R2-GigabitEthernet0/0/5] isis authentication-mode md5 huawei
[R2-GigabitEthernet0/0/5] quit

[R3]interface GigabitEthernet0/0/1
[R3-GigabitEthernet0/0/1] isis authentication-mode md5 huawei
[R3-GigabitEthernet0/0/1] quit
[R3]interface GigabitEthernet0/0/2
[R3-GigabitEthernet0/0/2] isis authentication-mode md5 huawei
[R3-GigabitEthernet0/0/2] quit

[R4]interface GigabitEthernet0/0/2
[R4-GigabitEthernet0/0/2] isis authentication-mode md5 huawei
[R4-GigabitEthernet0/0/2] quit
[R4]interface GigabitEthernet0/0/3
[R4-GigabitEthernet0/0/3] isis authentication-mode md5 huawei
[R4-GigabitEthernet0/0/3] quit
[R4]interface GigabitEthernet0/0/5
[R4-GigabitEthernet0/0/5] isis authentication-mode md5 huawei
[R4-GigabitEthernet0/0/5] quit

[R5]interface GigabitEthernet0/0/3
[R5-GigabitEthernet0/0/3] isis authentication-mode md5 huawei
[R5-GigabitEthernet0/0/3] quit

Step 3 Check IS-IS configurations.

# Check the IS-IS neighbor relationships on R1 and R4.

<R1>display isis peer

Peer information for ISIS(1)

System Id Interface Circuit Id State HoldTime Type PRI


-------------------------------------------------------------------------------
0000.0000.0002 GE0/0/1 0000.0000.0002.01 Up 8s L1 64
0000.0000.0003 GE0/0/1 0000.0000.0002.01 Up 29s L1 64

Total Peer(s): 2
HCIP-Datacom-Core Technology Lab Guide Page 82

According to the preceding command output, R1 has established Level-1 IS-IS neighbor
relationships with R2 and R3.

<R4>display isis peer

Peer information for ISIS(1)

System Id Interface Circuit Id State HoldTime Type PRI


-------------------------------------------------------------------------------
0000.0000.0005 GE0/0/2 0000.0000.0004.01 Up 24s L2 64
0000.0000.0003 GE0/0/3 0000.0000.0004.02 Up 27s L2 64
0000.0000.0002 GE0/0/5 0000.0000.0004.03 Up 23s L2 64

Total Peer(s): 3

According to the preceding command output, R4 has established Level-2 IS-IS neighbor
relationships with R2, R3, and R5.
# Check the IS-IS routing table on R4.

<R4>display isis route

Route information for ISIS(1)


-----------------------------

ISIS(1) Level-2 Forwarding Table


--------------------------------

IPV4Destination IntCost ExtCost ExitInterface NextHop Flags


-------------------------------------------------------------------------------
10.0.24.0/24 10 NULL GE0/0/5 Direct D/-/L/-
10.0.3.3/32 10 NULL GE0/0/3 10.0.34.3 A/-/-/-
10.0.2.2/32 10 NULL GE0/0/5 10.0.24.2 A/-/-/-
10.0.5.5/32 10 NULL GE0/0/2 10.0.45.5 A/-/-/-
10.0.123.0/24 20 NULL GE0/0/3 10.0.34.3 A/-/-/-
GE0/0/5 10.0.24.2
10.0.45.0/24 10 NULL GE0/0/2 Direct D/-/L/-
10.0.1.1/32 20 NULL GE0/0/3 10.0.34.3 A/-/-/-
GE0/0/5 10.0.24.2
10.0.4.4/32 0 NULL Loop0 Direct D/-/L/-
10.0.34.0/24 10 NULL GE0/0/3 Direct D/-/L/-
Flags: D-Direct, A-Added to URT, L-Advertisedin LSPs, S-IGP Shortcut,U-Up/Down Bit Set

According to the preceding command output, R4 has learned the routes on the entire
network, the routes to 10.0.123.0/24 and 10.0.1.1/32 are in the load balancing state.

Step 4 Change the DIS priority of GE0/0/1 on R1.

Change the DIS priority of GE0/0/1 on R1 so that R1 is elected as the DIS among R1, R2,
and R3 that are on the same broadcast network.
# Check the IS-IS interface status on R1.

<R1>display isis interface

Interface information for ISIS(1)


HCIP-Datacom-Core Technology Lab Guide Page 83

---------------------------------
Interface Id IPV4.State IPV6.State MTU Type DIS
Loop0 001 Up Down 1500 L1/L2 --
GE0/0/1 001 Up Down 1497 L1/L2 No/No

According to the preceding command output, GE0/0/1 on R1 is not the DIS.


# Change the DIS priority of GE0/0/1 on R1.

[R1]interface GigabitEthernet0/0/1
[R1-GigabitEthernet0/0/1] isis dis-priority 127

# Check the IS-IS interface status on R1.

<R1>display isis interface

Interface information for ISIS(1)


---------------------------------
Interface Id IPV4.State IPV6.State MTU Type DIS
Loop0 001 Up Down 1500 L1/L2 --
GE0/0/1 001 Up Down 1497 L1/L2 Yes/No

According to the preceding command output, GE0/0/1 on R1 becomes the DIS.

Step 5 Import the external route.

# Create Loopback1 on R5, set the IP address to 192.168.1.1, and import the route
192.168.1.1 as an external route to IS-IS.

[R5]interface LoopBack 1
[R5-LoopBack1] ip address 192.168.1.1 32
[R5-LoopBack1] quit
[R5]isis 1
[R5-isis-1] import-route direct
[R5-isis-1] quit

# Check the IS-IS routing table on R5.

<R5>display isis route

Route information for ISIS(1)


-----------------------------

ISIS(1) Level-2 Forwarding Table


--------------------------------

IPV4Destination IntCost ExtCost ExitInterface NextHop Flags


-------------------------------------------------------------------------------
10.0.24.0/24 20 NULL GE0/0/3 10.0.45.4 A/-/-/-
10.0.3.3/32 20 NULL GE0/0/3 10.0.45.4 A/-/-/-
10.0.2.2/32 20 NULL GE0/0/3 10.0.45.4 A/-/-/-
10.0.5.5/32 0 NULL Loop0 Direct D/-/L/-
10.0.123.0/24 30 NULL GE0/0/3 10.0.45.4 A/-/-/-
10.0.45.0/24 10 NULL GE0/0/3 Direct D/-/L/-
10.0.1.1/32 30 NULL GE0/0/3 10.0.45.4 A/-/-/-
10.0.4.4/32 10 NULL GE0/0/3 10.0.45.4 A/-/-/-
HCIP-Datacom-Core Technology Lab Guide Page 84

10.0.34.0/24 20 NULL GE0/0/3 10.0.45.4 A/-/-/-


Flags: D-Direct, A-Added to URT, L-Advertisedin LSPs, S-IGP Shortcut,U-Up/Down Bit Set

ISIS(1) Level-2 Redistribute Table


----------------------------------

Type IPV4 Destination IntCost ExtCost Tag


-------------------------------------------------------------------------------
D 192.168.1.1/32 0 0

Type: D-Direct, I-ISIS, S-Static, O-OSPF, B-BGP, R-RIP, U-UNR

According to the preceding command output, the imported external route is displayed in
the routing table.
# Check the IS-IS route 192.168.1.1 on R4.

<R4>display isis route 192.168.1.1

Route information for ISIS(1)


-----------------------------

ISIS(1) Level-2 Forwarding Table


--------------------------------

IPV4Destination IntCost ExtCost ExitInterface NextHop Flags


-------------------------------------------------------------------------------
192.168.1.1/32 10 0 GE0/0/2 10.0.45.5 A/-/-/-
Flags: D-Direct, A-Added to URT, L-Advertised in LSPs, S-IGP Shortcut,U-Up/Down Bit Set

According to the preceding command output, R4 has learned the IS-IS route
192.168.1.1/32.
# Check the IS-IS routing table on R1.

<R1>display isis route

Route information for ISIS(1)


-----------------------------

ISIS(1) Level-1 Forwarding Table


--------------------------------

IPV4Destination IntCost ExtCost ExitInterface NextHop Flags


-------------------------------------------------------------------------------
0.0.0.0/0 10 NULL GE0/0/1 10.0.123.3 A/-/-/-
GE0/0/1 10.0.123.2
10.0.24.0/24 20 NULL GE0/0/1 10.0.123.2 A/-/-/-
10.0.3.3/32 10 NULL GE0/0/1 10.0.123.3 A/-/-/-
10.0.2.2/32 10 NULL GE0/0/1 10.0.123.2 A/-/-/-
10.0.123.0/24 10 NULL GE0/0/1 Direct D/-/L/-
10.0.1.1/32 0 NULL Loop0 Direct D/-/L/-
10.0.34.0/24 20 NULL GE0/0/1 10.0.123.3 A/-/-/-
Flags: D-Direct, A-Added to URT, L-Advertisedin LSPs, S-IGP Shortcut,U-Up/Down Bit Set
HCIP-Datacom-Core Technology Lab Guide Page 85

According to the preceding command output, the IS-IS routing table on R1 does not
contain the route 192.168.1.1/32 because Level-1-2 routers do not leak Level-2 routes to
Level-1 routers by default. Therefore, R1 does not have the imported external route to
192.168.1.1/32. However, R1 has two default routes to the backbone area, and the two
routes are in the load balancing state.
# On R1, ping R5's Loopback1.

<R1>ping -c 1 192.168.1.1
PING 192.168.1.1: 56 data bytes, press CTRL_C to break
Reply from 192.168.1.1: bytes=56 Sequence=1 ttl=253 time=90 ms

--- 192.168.1.1 ping statistics ---


1 packet(s) transmitted
1 packet(s) received
0.00% packet loss
round-trip min/avg/max = 90/90/90 ms

According to the preceding command output, R1 can communicate with Loopback1 of


R5.

Step 6 Change the cost of an IS-IS interface.

The traffic from R4 to R1 is balanced by R2 and R3 (the conclusion can be drawn


according to the routing table). To enable the traffic from R4 to R1 to pass through R2,
change the interface cost on R4.
# Check the IS-IS route 10.0.1.1/32 on R4.

<R4>display isis route 10.0.1.1

Route information for ISIS(1)


-----------------------------

ISIS(1) Level-2 Forwarding Table


--------------------------------

IPV4Destination IntCost ExtCost ExitInterface NextHop Flags


-------------------------------------------------------------------------------
10.0.1.1/32 20 NULL GE0/0/5 10.0.24.2 A/-/-/-
GE0/0/3 10.0.34.3
Flags: D-Direct, A-Added to URT, L-Advertisedin LSPs, S-IGP Shortcut,U-Up/Down Bit Set

The routes from R4 to Loopback0 of R1 work in load balancing mode, and the next hops
are 10.0.24.2 and 10.0.34.3.
# Change the IS-IS cost of GE0/0/3 on R4.

[R4]interface GigabitEthernet0/0/3
[R4-GigabitEthernet0/0/3] isis cost 15

# Check the IS-IS route 10.0.1.1/32 on R4 again.

<R4>display isis route 10.0.1.1 32

Route information for ISIS(1)


HCIP-Datacom-Core Technology Lab Guide Page 86

-----------------------------

ISIS(1) Level-2 Forwarding Table


--------------------------------

IPV4 Destination IntCost ExtCost ExitInterface NextHop Flags


-------------------------------------------------------------------------------
10.0.1.1/32 20 NULL GE0/0/5 10.0.24.2 A/-/-/-
Flags: D-Direct, A-Added to URT, L-Advertised in LSPs, S-IGP Shortcut,
U-Up/Down Bit Set

According to the preceding command output, there is only one next hop (10.0.24.2) from
R4 to Loopback0 of R1.

Step 7 Configure IS-IS route leaking.

By default, R1 does not have specific routes to the Level-2 area and forwards packets to
the Level-2 area only through the default routes advertised by Level-1-2 routers. In this
example, R1 uses R2 and R3 as equal-cost next hops to reach the Level-2 area. To divert
the traffic sent from R1 to R5 to R3, you can configure route leaking on R3 so that R3 can
leak the routes destined for the Level-2 area to the Level-1 area. In this way, R1 can learn
desired routes through IS-IS.
# Check the route to Loopback0 on R5 in the IP routing table of R1.

<R1>display ip routing-table 10.0.5.5


Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Routing Table : Public
Summary Count : 2
Destination/Mask Proto Pre Cost Flags NextHop Interface

0.0.0.0/0 ISIS-L1 15 10 D 10.0.123.3 GigabitEthernet0/0/1


ISIS-L1 15 10 D 10.0.123.2 GigabitEthernet0/0/1

According to the preceding command output, traffic from R1 to 10.0.5.5 is balanced


between R2 and R3.
# Configure IS-IS route leaking on R3.

[R3]isis 1
[R3-isis-1] import-route isis level-2 into level-1
[R3-isis-1] quit

# Check the route to Loopback0 on R5 in the IP routing table of R1 again.

<R1>display ip routing-table 10.0.5.5


Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Routing Table : Public
Summary Count : 1
Destination/Mask Proto Pre Cost Flags NextHop Interface

10.0.5.5/32 ISIS-L1 15 30 D 10.0.123.3 GigabitEthernet0/0/1


HCIP-Datacom-Core Technology Lab Guide Page 87

According to the preceding command output, the next hop of the route from R1 to
10.0.5.5 is 10.0.123.3, that is, R3. In addition, this route is a specific route rather than a
default route.
----End

2.1.3 Quiz
What are the conditions for establishing an IS-IS neighbor relationship between Ethernet
interfaces?

2.1.4 Configuration Reference


Configuration on R1

#
sysname R1
#
isis 1
is-level level-1
network-entity 49.0001.0000.0000.0001.00
#
interface GigabitEthernet0/0/1
ip address 10.0.123.1 255.255.255.0
isis enable 1
isis authentication-mode md5 huawei
isis dis-priority 127
#
interface LoopBack0
ip address 10.0.1.1 255.255.255.255
isis enable 1
#
return

Configuration on R2

sysname R2
#
isis 1
network-entity 49.0001.0000.0000.0002.00
#
interface GigabitEthernet0/0/1
ip address 10.0.123.2 255.255.255.0
isis enable 1
isis authentication-mode md5 huawei
#
interface GigabitEthernet0/0/5
ip address 10.0.24.2 255.255.255.0
isis enable 1
isis authentication-mode md5 huawei
#
interface LoopBack0
ip address 10.0.2.2 255.255.255.255
isis enable 1
#
HCIP-Datacom-Core Technology Lab Guide Page 88

Configuration on R3

#
sysname R3
#
isis 1
network-entity 49.0001.0000.0000.0003.00
import-route isis level-2 into level-1
#
interface GigabitEthernet0/0/1
ip address 10.0.123.3 255.255.255.0
isis enable 1
isis authentication-mode md5 huawei
#
interface GigabitEthernet0/0/2
ip address 10.0.34.3 255.255.255.0
isis enable 1
isis authentication-mode md5 huawei
#
interface LoopBack0
ip address 10.0.3.3 255.255.255.255
isis enable 1
#

Configuration on R4

#
sysname R4
#
isis 1
is-level level-2
network-entity 49.0002.0000.0000.0004.00
#
interface GigabitEthernet0/0/2
ip address 10.0.45.4 255.255.255.0
isis enable 1
isis authentication-mode md5 huawei
#
interface GigabitEthernet0/0/3
ip address 10.0.34.4 255.255.255.0
isis enable 1
isis authentication-mode md5 huawei
isis cost 15
#
interface GigabitEthernet0/0/5
ip address 10.0.24.4 255.255.255.0
isis enable 1
isis authentication-mode md5 huawei
#
interface LoopBack0
ip address 10.0.4.4 255.255.255.255
isis enable 1
#

Configuration on R5
HCIP-Datacom-Core Technology Lab Guide Page 89

#
sysname R5
#
isis 1
is-level level-2
network-entity 49.0002.0000.0000.0005.00
import-route direct
#
interface GigabitEthernet0/0/3
ip address 10.0.45.5 255.255.255.0
isis enable 1
isis authentication-mode md5 huawei
#
interface LoopBack0
ip address 10.0.5.5 255.255.255.255
isis enable 1
isis authentication-mode md5 huawei
#
interface LoopBack1
ip address 192.168.1.1 255.255.255.255
#
HCIP-Datacom-Core Technology Lab Guide Page 90

3 BGP Configurations

3.1 Lab 1: Basic BGP Configurations


3.1.1 Introduction
Upon completion of this task, you will be able to:
⚫ Configure IBGP.
⚫ Configure EBGP.
⚫ Observe the BGP peer table.
⚫ Specify the source interface for sending BGP messages.
⚫ Configure EBGP multi-hop.
⚫ Observe the changes in the next hops of IBGP and EBGP routes.

3.1.1.1 Networking Topology


Figure 3-1 Basic BGP configurations

The preceding figure shows the device interconnection mode, IP address plan, and BGP
AS numbers. Loopback0 is created on each device, and its IP address is in the format of
10.0.x.x/32, where x indicates the device number. The IP address of Loopback0 on each
device is used as the BGP router ID of the device. Loopback1 is configured on R1 and R5
to simulate a user network segment.
HCIP-Datacom-Core Technology Lab Guide Page 91

OSPF runs on R2, R3, and R4, and is activated on the interconnection and Loopback0
interfaces of R2, R3, and R4.

3.1.1.2 Background
You are a network administrator of a company. The company's network uses BGP as the
routing protocol. The network consists of multiple ASs, with different branches using
different AS numbers. Now, you need to complete the establishment of the company's
network. OSPF is used as the IGP in the headquarters, and private BGP AS numbers are
used in different branches. After the network is set up, you need to observe the
transmission of BGP routing information.

3.1.2 Lab Configuration


3.1.2.1 Configuration Roadmap
1. Configure IP addresses for the devices.
2. Configure OSPF in AS 64512.
3. Configure full-mesh IBGP peer relationships in AS 64512.
4. Establish EBGP peer relationships between AS 64512, AS 64513, and AS 64514.
5. Configure R1 and R5 to advertise their Loopback1 routes to their BGP routing tables.
Configure R2 and R4 to change the next-hop addresses of BGP routes to the IP
addresses of their source interfaces when advertising the routes to specified peers.

3.1.2.2 Configuration Procedure


Step 1 Configure IP addresses for interconnection interfaces and loopback interfaces.

# Name the devices.


The configuration details are not provided.
# Disable the interfaces that are not used in this experiment.
The configuration details are not provided.
# Configure IP addresses for GE0/0/2, Loopback0, and Loopback1 of R1.

[R1]interface GigabitEthernet0/0/2
[R1-GigabitEthernet0/0/2] ip address 10.0.12.1 255.255.255.0
[R1-GigabitEthernet0/0/2] quit
[R1]interface LoopBack0
[R1-LoopBack0] ip address 10.0.1.1 255.255.255.255
[R1-LoopBack0] quit
[R1]interface LoopBack1
[R1-LoopBack1] ip address 10.1.1.1 255.255.255.0
[R1-LoopBack1] quit

# Configure IP addresses for GE0/0/2, GE0/0/3, and Loopback0 of R2.

[R2]interface LoopBack0
[R2-LoopBack0] ip address 10.0.2.2 255.255.255.255
[R2-LoopBack0] quit
[R2]interface GigabitEthernet0/0/2
[R2-GigabitEthernet0/0/2] ip address 10.0.23.2 255.255.255.0
HCIP-Datacom-Core Technology Lab Guide Page 92

[R2-GigabitEthernet0/0/2] quit
[R2]interface GigabitEthernet0/0/3
[R2-GigabitEthernet0/0/3] ip address 10.0.12.2 255.255.255.0
[R2-GigabitEthernet0/0/3] quit

# Configure IP addresses for GE0/0/2, GE0/0/3, and Loopback0 of R3.

[R3]interface LoopBack0
[R3-LoopBack0] ip address 10.0.3.3 255.255.255.255
[R3-LoopBack0] quit
[R3]interface GigabitEthernet0/0/2
[R3-GigabitEthernet0/0/2] ip address 10.0.34.3 255.255.255.0
[R3-GigabitEthernet0/0/2] quit
[R3]interface GigabitEthernet0/0/3
[R3-GigabitEthernet0/0/3] ip address 10.0.23.3 255.255.255.0
[R3-GigabitEthernet0/0/3] quit

# Configure IP addresses for GE0/0/2, GE0/0/3, and Loopback0 of R4.

[R4]interface GigabitEthernet0/0/2
[R4-GigabitEthernet0/0/2] ip address 10.0.45.4 255.255.255.0
[R4-GigabitEthernet0/0/2] quit
[R4]interface GigabitEthernet0/0/3
[R4-GigabitEthernet0/0/3] ip address 10.0.34.4 255.255.255.0
[R4-GigabitEthernet0/0/3] quit
[R4]interface LoopBack0
[R4-LoopBack0] ip address 10.0.4.4 255.255.255.255
[R4-LoopBack0] quit

# Configure IP addresses for GE0/0/3, Loopback0, and Loopback1 of R5.

[R5]interface LoopBack0
[R5-LoopBack0] ip address 10.0.5.5 255.255.255.255
[R5-LoopBack0] quit
[R5]interface LoopBack1
[R5-LoopBack1] ip address 10.1.5.5 255.255.255.0
[R5-LoopBack1] quit
[R5]interface GigabitEthernet0/0/3
[R5-GigabitEthernet0/0/3] ip address 10.0.45.5 255.255.255.0
[R5-GigabitEthernet0/0/3] quit

# On R2 and R4, ping the IP addresses of the interconnected devices to test the
connectivity.

<R2>ping -c 1 10.0.12.1
PING 10.0.12.1: 56 data bytes, press CTRL_C to break
Reply from 10.0.12.1: bytes=56 Sequence=1 ttl=255 time=80 ms

--- 10.0.12.1 ping statistics ---


1 packet(s) transmitted
1 packet(s) received
0.00% packet loss
round-trip min/avg/max = 80/80/80 ms

<R2>ping -c 1 10.0.23.3
HCIP-Datacom-Core Technology Lab Guide Page 93

PING 10.0.23.3: 56 data bytes, press CTRL_C to break


Reply from 10.0.23.3: bytes=56 Sequence=1 ttl=255 time=20 ms

--- 10.0.23.3 ping statistics ---


1 packet(s) transmitted
1 packet(s) received
0.00% packet loss
round-trip min/avg/max = 20/20/20 ms

<R4>ping -c 1 10.0.34.3
PING 10.0.34.3: 56 data bytes, press CTRL_C to break
Reply from 10.0.34.3: bytes=56 Sequence=1 ttl=255 time=50 ms

--- 10.0.34.3 ping statistics ---


1 packet(s) transmitted
1 packet(s) received
0.00% packet loss
round-trip min/avg/max = 50/50/50 ms

<R4>ping -c 1 10.0.45.5
PING 10.0.45.5: 56 data bytes, press CTRL_C to break
Reply from 10.0.45.5: bytes=56 Sequence=1 ttl=255 time=30 ms

--- 10.0.45.5 ping statistics ---


1 packet(s) transmitted
1 packet(s) received
0.00% packet loss
round-trip min/avg/max = 30/30/30 ms

Step 2 Configure OSPF in AS 64512.

Configure the IP address of Loopback0 as the router ID on each of R2, R3, and R4.
# Configure R2, and activate OSPF on Loopback0 and GE0/0/2.

[R2]ospf 1 router-id 10.0.2.2


[R2-ospf-1] area 0.0.0.0
[R2-ospf-1-area-0.0.0.0] network 10.0.2.2 0.0.0.0
[R2-ospf-1-area-0.0.0.0] network 10.0.23.2 0.0.0.0
[R2-ospf-1-area-0.0.0.0] quit
[R2-ospf-1] quit

# Configure R3, and activate OSPF on Loopback0, GE0/0/2, and GE0/0/3.

[R3]ospf 1 router-id 10.0.3.3


[R3-ospf-1] area 0.0.0.0
[R3-ospf-1-area-0.0.0.0] network 10.0.3.3 0.0.0.0
[R3-ospf-1-area-0.0.0.0] network 10.0.23.3 0.0.0.0
[R3-ospf-1-area-0.0.0.0] network 10.0.34.3 0.0.0.0
[R3-ospf-1-area-0.0.0.0] quit
[R3-ospf-1] quit

# Configure R4, and activate OSPF on Loopback0 and GE0/0/3.

[R4]ospf 1 router-id 10.0.4.4


[R4-ospf-1] area 0.0.0.0
HCIP-Datacom-Core Technology Lab Guide Page 94

[R4-ospf-1-area-0.0.0.0] network 10.0.4.4 0.0.0.0


[R4-ospf-1-area-0.0.0.0] network 10.0.34.4 0.0.0.0
[R4-ospf-1-area-0.0.0.0] quit
[R4-ospf-1]quit

# Check the brief information about OSPF neighbor relationships on R3.

<R3>display ospf peer brief

OSPF Process 1 with Router ID 10.0.3.3


Peer Statistic Information
----------------------------------------------------------------------------
Area Id Interface Neighbor id State
0.0.0.0 GigabitEthernet0/0/2 10.0.4.4 Full
0.0.0.0 GigabitEthernet0/0/3 10.0.2.2 Full
----------------------------------------------------------------------------

The command output shows that R3 has established OSPF neighbor relationships with R2
and R4.
# Check the OSPF routing table on R3.

<R3>display ospf routing

OSPF Process 1 with Router ID 10.0.3.3


Routing Tables

Routing for Network


Destination Cost Type NextHop AdvRouter Area
10.0.3.3/32 0 Stub 10.0.3.3 10.0.3.3 0.0.0.0
10.0.23.0/24 1 Transit 10.0.23.3 10.0.3.3 0.0.0.0
10.0.34.0/24 1 Transit 10.0.34.3 10.0.3.3 0.0.0.0
10.0.2.2/32 1 Stub 10.0.23.2 10.0.2.2 0.0.0.0
10.0.4.4/32 1 Stub 10.0.34.4 10.0.4.4 0.0.0.0

Total Nets: 5
Intra Area: 5 Inter Area: 0 ASE: 0 NSSA: 0

The command output shows that R3 has learned the Loopback0 routes from R2 and R4.

Step 3 Configure IBGP peers.

Establish full-mesh IBGP peer relationships between Loopback0 interfaces of R2, R3, and
R4.
# Configure BGP on R2.

[R2]bgp 64512
[R2-bgp] router-id 10.0.2.2
[R2-bgp] peer 10.0.3.3 as-number 64512
[R2-bgp] peer 10.0.3.3 connect-interface LoopBack0
[R2-bgp] peer 10.0.4.4 as-number 64512
[R2-bgp] peer 10.0.4.4 connect-interface LoopBack0

# Configure BGP on R3.


HCIP-Datacom-Core Technology Lab Guide Page 95

[R3]bgp 64512
[R3-bgp] router-id 10.0.3.3
[R3-bgp] peer 10.0.2.2 as-number 64512
[R3-bgp] peer 10.0.2.2 connect-interface LoopBack0
[R3-bgp] peer 10.0.4.4 as-number 64512
[R3-bgp] peer 10.0.4.4 connect-interface LoopBack0

# Configure BGP on R4.

[R4]bgp 64512
[R4-bgp] peer 10.0.2.2 as-number 64512
[R4-bgp] peer 10.0.2.2 connect-interface LoopBack0
[R4-bgp] peer 10.0.3.3 as-number 64512
[R4-bgp] peer 10.0.3.3 connect-interface LoopBack0

# Check the status of BGP peer relationships on R2, R3, and R4.

<R2>display bgp peer

BGP local router ID : 10.0.2.2


Local AS number : 64512
Total number of peers : 2 Peers in established state : 2

Peer V AS MsgRcvd MsgSentOutQ Up/Down State PrefRcv

10.0.3.3 4 64512 3 3 0 00:01:57 Established 0


10.0.4.4 4 64512 3 4 0 00:01:56 Established 0

<R3>display bgp peer

BGP local router ID : 10.0.3.3


Local AS number : 64512
Total number of peers : 2 Peers in established state : 2

Peer V AS MsgRcvd MsgSentOutQ Up/Down State PrefRcv

10.0.2.2 4 64512 3 3 0 00:02:23 Established 0


10.0.4.4 4 64512 3 4 0 00:02:25 Established 0

<R4>display bgp peer

BGP local router ID : 10.0.4.4


Local AS number : 64512
Total number of peers : 2 Peers in established state : 2

Peer V AS MsgRcvd MsgSentOutQ Up/Down State PrefRcv

10.0.2.2 4 64512 3 3 0 00:06:33 Established 0


10.0.3.3 4 64512 3 4 0 00:06:38 Established 0

The command outputs show that R2, R3, and R4 have established full-mesh IBGP peer
relationships with each other.

Step 4 Configure EBGP peers.


HCIP-Datacom-Core Technology Lab Guide Page 96

Establish EBGP peer relationships between Loopback0 interfaces of R1 and R2 and


between Loopback0 interfaces of R4 and R5. To ensure proper establishment, configure
static routes on R1 and R2 to ensure routing reachability between Loopback0 interfaces.
Perform the same operation on R4 and R5.
# Configure static routes on R1 and R2.

[R1]ip route-static 10.0.2.2 32 10.0.12.2

[R2]ip route-static 10.0.1.1 32 10.0.12.1

# Configure static routes on R4 and R5.

[R4]ip route-static 10.0.5.5 32 10.0.45.5

[R5]ip route-static 10.0.4.4 32 10.0.45.4

# Test the connectivity between the loopback interfaces.

<R1>ping -c 1 -a 10.0.1.1 10.0.2.2


PING 10.0.2.2: 56 data bytes, press CTRL_C to break
Reply from 10.0.2.2: bytes=56 Sequence=1 ttl=255 time=50 ms

--- 10.0.2.2 ping statistics ---


1 packet(s) transmitted
1 packet(s) received
0.00% packet loss
round-trip min/avg/max = 50/50/50 ms

<R5>ping -c 1 -a 10.0.5.5 10.0.4.4


PING 10.0.4.4: 56 data bytes, press CTRL_C to break
Reply from 10.0.4.4: bytes=56 Sequence=1 ttl=255 time=50 ms

--- 10.0.4.4 ping statistics ---


1 packet(s) transmitted
1 packet(s) received
0.00% packet loss
round-trip min/avg/max = 50/50/50 ms

# Configure an EBGP peer relationship between R1 and R2.

[R1]bgp 64513
[R1-bgp] router-id 10.0.1.1
[R1-bgp] peer 10.0.2.2 as-number 64512
[R1-bgp] peer 10.0.2.2 ebgp-max-hop 2
[R1-bgp] peer 10.0.2.2 connect-interface LoopBack0

[R2]bgp 64512
[R2-bgp] peer 10.0.1.1 as-number 64513
[R2-bgp] peer 10.0.1.1 ebgp-max-hop 2
[R2-bgp] peer 10.0.1.1 connect-interface LoopBack0

By default, the maximum number of hops allowed for an EBGP connection is 1. In this
case, EBGP peers can establish a peer relationship only through a direct link. To use a
HCIP-Datacom-Core Technology Lab Guide Page 97

loopback interface as the source interface to send BGP messages, you need to manually
change the maximum number of hops allowed for an EBGP connection.
# Configure an EBGP peer relationship between R4 and R5.

[R4]bgp 64512
[R4-bgp] peer 10.0.5.5 as-number 64514
[R4-bgp] peer 10.0.5.5 ebgp-max-hop 2
[R4-bgp] peer 10.0.5.5 connect-interface LoopBack0

[R5]bgp 64514
[R5-bgp] router-id 10.0.5.5
[R5-bgp] peer 10.0.4.4 as-number 64512
[R5-bgp] peer 10.0.4.4 ebgp-max-hop 2
[R5-bgp] peer 10.0.4.4 connect-interface LoopBack0

# Check the EBGP peer relationship status on R1 and R5.

<R1>display bgp peer

BGP local router ID : 10.0.1.1


Local AS number : 64513
Total number of peers : 1 Peers in established state : 1

Peer V AS MsgRcvd MsgSent OutQ Up/Down State PrefRcv

10.0.2.2 4 64512 7 10 0 00:05:47 Established 0

<R5>display bgp peer

BGP local router ID : 10.0.5.5


Local AS number : 64514
Total number of peers : 1 Peers in established state : 1

Peer V AS MsgRcvd MsgSent OutQ Up/Down State PrefRcv

10.0.4.4 4 64512 7 10 0 00:03:25 Established 0

The preceding command outputs show that R1 and R2 as well as R4 and R5 have
successfully established EBGP peer relationships.

Step 5 Configure devices to advertise routes to their BGP routing tables.

Configure R1 and R5 to advertise their Loopback1 routes to their BGP routing tables.
# Run the network command on R1 and R5 to advertise the routes.

[R1]bgp 64513
[R1-bgp] network 10.1.1.1 24

[R5]bgp 64514
[R5-bgp] network 10.1.5.5 24

# Check the BGP routing table on R3.


HCIP-Datacom-Core Technology Lab Guide Page 98

<R3>display bgp routing-table

BGP Local router ID is 10.0.3.3


Status codes: * - valid, > - best, d - damped,
h - history, i - internal, s - suppressed, S - Stale
Origin : i - IGP, e - EGP, ? - incomplete

Total Number of Routes: 2


Network NextHop MED LocPrf PrefVal Path/Ogn

i 10.1.1.0/24 10.0.1.1 0 100 0 64513i


i 10.1.5.0/24 10.0.5.5 0 100 0 64514i

The command output shows that R3 has learned the BGP routes advertised by R1 and R5,
but the routes are invalid because their next hops are unreachable to R3. To resolve this
issue, run the peer next-hop-local command on R2 and R4 to configure the devices to
change the next-hop addresses of BGP routes to the IP addresses of their source
interfaces when advertising these routes.
# Configure R2 and R4 to change the next-hop addresses of BGP routes to their own IP
addresses when advertising these routes.

[R2]bgp 64512
[R2-bgp] peer 10.0.3.3 next-hop-local
[R2-bgp] peer 10.0.4.4 next-hop-local

[R4]bgp 64512
[R4-bgp] peer 10.0.2.2 next-hop-local
[R4-bgp] peer 10.0.3.3 next-hop-local

# Check the BGP routing table on R3 again.

<R3>display bgp routing-table

BGP Local router ID is 10.0.3.3


Status codes: * - valid, > - best, d - damped,
h - history, i - internal, s - suppressed, S - Stale
Origin : i - IGP, e - EGP, ? - incomplete

Total Number of Routes: 2


Network NextHop MED LocPrf PrefVal Path/Ogn

*>i 10.1.1.0/24 10.0.2.2 0 100 0 64513i


*>i 10.1.5.0/24 10.0.4.4 0 100 0 64514i

The command output shows that the two BGP routes have become valid and the optimal.
# Check the BGP routing tables on R1 and R5.

<R1>display bgp routing-table

BGP Local router ID is 10.0.1.1


Status codes: * - valid, > - best, d - damped,
HCIP-Datacom-Core Technology Lab Guide Page 99

h - history, i - internal, s - suppressed, S - Stale


Origin : i - IGP, e - EGP, ? - incomplete

Total Number of Routes: 2


Network NextHop MED LocPrf PrefVal Path/Ogn

*> 10.1.1.0/24 0.0.0.0 0 0 i


*> 10.1.5.0/24 10.0.2.2 0 64512 64514i

<R5>display bgp routing-table

BGP Local router ID is 10.0.5.5


Status codes: * - valid, > - best, d - damped,
h - history, i - internal, s - suppressed, S - Stale
Origin : i - IGP, e - EGP, ? - incomplete

Total Number of Routes: 2


Network NextHop MED LocPrf PrefVal Path/Ogn

*> 10.1.1.0/24 10.0.4.4 0 64512 64513i


*> 10.1.5.0/24 0.0.0.0 0 0 i

The command outputs show that R1 and R5 have learned the Loopback1 routes from
each other.
# Test the connectivity between Loopback 1 interfaces on R1 and R5.

<R1>ping -c 1 -a 10.1.1.1 10.1.5.5


PING 10.1.5.5: 56 data bytes, press CTRL_C to break
Reply from 10.1.5.5: bytes=56 Sequence=1 ttl=252 time=130 ms

--- 10.1.5.5 ping statistics ---


1 packet(s) transmitted
1 packet(s) received
0.00% packet loss
round-trip min/avg/max = 130/130/130 ms

----End

3.1.3 Quiz
What are the advantages of using loopback interface addresses to establish EBGP peer
relationships compared with using physical interface addresses?

3.1.4 Configuration Reference


Configuration on R1

#
sysname R1
#
interface GigabitEthernet0/0/2
HCIP-Datacom-Core Technology Lab Guide Page 100

ip address 10.0.12.1 255.255.255.0


#
interface LoopBack0
ip address 10.0.1.1 255.255.255.255
#
interface LoopBack1
ip address 10.1.1.1 255.255.255.0
#
bgp 64513
router-id 10.0.1.1
peer 10.0.2.2 as-number 64512
peer 10.0.2.2 ebgp-max-hop 2
peer 10.0.2.2 connect-interface LoopBack0
#
ipv4-family unicast
undo synchronization
network 10.0.1.0 255.255.255.0
network 10.1.1.0 255.255.255.0
peer 10.0.2.2 enable
#
ip route-static 10.0.2.2 255.255.255.255 10.0.12.2
#

Configuration on R2

#
sysname R2
#
interface GigabitEthernet0/0/2
ip address 10.0.23.2 255.255.255.0
#
interface GigabitEthernet0/0/3
ip address 10.0.12.2 255.255.255.0
#
interface LoopBack0
ip address 10.0.2.2 255.255.255.255
#
bgp 64512
router-id 10.0.2.2
peer 10.0.1.1 as-number 64513
peer 10.0.1.1 ebgp-max-hop 2
peer 10.0.1.1 connect-interface LoopBack0
peer 10.0.3.3 as-number 64512
peer 10.0.3.3 connect-interface LoopBack0
peer 10.0.4.4 as-number 64512
peer 10.0.4.4 connect-interface LoopBack0
#
ipv4-family unicast
undo synchronization
peer 10.0.1.1 enable
peer 10.0.3.3 enable
peer 10.0.3.3 next-hop-local
peer 10.0.4.4 enable
peer 10.0.4.4 next-hop-local
#
HCIP-Datacom-Core Technology Lab Guide Page 101

ospf 1 router-id 10.0.2.2


area 0.0.0.0
network 10.0.2.2 0.0.0.0
network 10.0.23.2 0.0.0.0
#
ip route-static 10.0.1.1 255.255.255.255 10.0.12.1
#
return

Configuration on R3

#
sysname R3
#
interface GigabitEthernet0/0/2
ip address 10.0.34.3 255.255.255.0
#
interface GigabitEthernet0/0/3
ip address 10.0.23.3 255.255.255.0
#
interface LoopBack0
ip address 10.0.3.3 255.255.255.255
#
bgp 64512
router-id 10.0.3.3
peer 10.0.2.2 as-number 64512
peer 10.0.2.2 connect-interface LoopBack0
peer 10.0.4.4 as-number 64512
peer 10.0.4.4 connect-interface LoopBack0
#
ipv4-family unicast
undo synchronization
peer 10.0.2.2 enable
peer 10.0.4.4 enable
#
ospf 1 router-id 10.0.3.3
area 0.0.0.0
network 10.0.3.3 0.0.0.0
network 10.0.23.3 0.0.0.0
network 10.0.34.3 0.0.0.0
#
return

Configuration on R4

#
sysname R4
#
interface GigabitEthernet0/0/2
ip address 10.0.45.4 255.255.255.0
#
interface GigabitEthernet0/0/3
ip address 10.0.34.4 255.255.255.0
#
interface LoopBack0
HCIP-Datacom-Core Technology Lab Guide Page 102

ip address 10.0.4.4 255.255.255.255


#
bgp 64512
router-id 10.0.4.4
peer 10.0.2.2 as-number 64512
peer 10.0.2.2 connect-interface LoopBack0
peer 10.0.3.3 as-number 64512
peer 10.0.3.3 connect-interface LoopBack0
peer 10.0.5.5 as-number 64514
peer 10.0.5.5 ebgp-max-hop 2
peer 10.0.5.5 connect-interface LoopBack0
#
ipv4-family unicast
undo synchronization
peer 10.0.2.2 enable
peer 10.0.2.2 next-hop-local
peer 10.0.3.3 enable
peer 10.0.3.3 next-hop-local
peer 10.0.5.5 enable
#
ospf 1 router-id 10.0.4.4
area 0.0.0.0
network 10.0.4.4 0.0.0.0
network 10.0.34.4 0.0.0.0
#
ip route-static 10.0.5.5 255.255.255.255 10.0.45.5
#
return

Configuration on R5

#
sysname R5
#
interface GigabitEthernet0/0/3
ip address 10.0.45.5 255.255.255.0
#
interface LoopBack0
ip address 10.0.5.5 255.255.255.255
#
interface LoopBack1
ip address 10.1.5.5 255.255.255.0
#
bgp 64514
router-id 10.0.5.5
peer 10.0.4.4 as-number 64512
peer 10.0.4.4 ebgp-max-hop 2
peer 10.0.4.4 connect-interface LoopBack0
#
ipv4-family unicast
undo synchronization
network 10.1.5.0 255.255.255.0
peer 10.0.4.4 enable
#
ip route-static 10.0.4.4 255.255.255.255 10.0.45.4
HCIP-Datacom-Core Technology Lab Guide Page 103

#
Return

3.2 Lab 2: BGP Route Summarization


3.2.1 Introduction
3.2.1.1 Objectives
Upon completion of this task, you will be able to:
⚫ Implement automatic summarization for routes imported using the import-route
command.
⚫ Implement manual route summarization using the aggregate command.
⚫ Use the as-set parameter for manual route summarization to prevent routing loops.

3.2.1.2 Networking Topology


Figure 3-2 BGP route summarization

The preceding figure shows the BGP AS numbers and IP addresses of interconnection
interfaces. Loopback0 is created on each device, and its IP address is in the format of
10.0.x.x/32, where x indicates the device number.
R1, R2, and R3 use the IP addresses of Loopback0 as their BGP router IDs and establish
EBGP peer relationships through directly connected interfaces.
Loopback1 and Loopback2 are created on each of R1 and R3 to simulate user network
segments.

3.2.1.3 Background
You are a network administrator of a company. The company's network uses BGP as the
routing protocol. The network consists of multiple ASs, with different branches using
different AS numbers. As the network scale expands, more and more routing entries are
stored in the routing tables on the routers, making it urgent to summarize BGP routes.
After testing several methods of route summarization, you have finally selected a proper
method to implement route summarization.

3.2.2 Lab Configuration


3.2.2.1 Configuration Roadmap
1. Configure IP addresses for the devices.
2. Configure EBGP peer relationships between R1, R2, and R3 as planned.
HCIP-Datacom-Core Technology Lab Guide Page 104

3. Configure R1 to advertise its Loopback1 and Loopback2 routes to the BGP routing
table and implement automatic route summarization. Check detailed information
about the summary route on R2.
4. Configure R3 to advertise its Loopback1 and Loopback2 routes to the BGP routing
table, and manually summarize the routes on R2. Check detailed information about
the summary route on R2 and R3. Perform manual summarization on R2 again, and
this time configure the as-set parameter. Then, check detailed information about the
summary route on R2.

3.2.2.2 Configuration Procedure


Step 1 Configure IP addresses for interconnection interfaces and loopback interfaces.

# Name the devices.


The configuration details are not provided.
# Disable the interfaces that are not used in this experiment.
The configuration details are not provided.
# Configure IP addresses for GE0/0/2, Loopback0, Loopback1, and Loopback2 of R1.

[R1]interface GigabitEthernet0/0/2
[R1-GigabitEthernet0/0/2] ip address 10.0.12.1 255.255.255.0
[R1-GigabitEthernet0/0/2] quit
[R1]interface LoopBack0
[R1-LoopBack0] ip address 10.0.1.1 255.255.255.255
[R1-LoopBack0] quit
[R1]interface LoopBack1
[R1-LoopBack1] ip address 172.16.1.1 255.255.255.0
[R1-LoopBack1] quit
[R1]interface LoopBack2
[R1-LoopBack1] ip address 172.16.2.1 255.255.255.0
[R1-LoopBack1] quit

# Configure IP addresses for GE0/0/2, GE0/0/3, and Loopback0 of R2.

[R2]interface LoopBack0
[R2-LoopBack0] ip address 10.0.2.2 255.255.255.255
[R2-LoopBack0] quit
[R2]interface GigabitEthernet0/0/2
[R2-GigabitEthernet0/0/2] ip address 10.0.23.2 255.255.255.0
[R2-GigabitEthernet0/0/2] quit
[R2]interface GigabitEthernet0/0/3
[R2-GigabitEthernet0/0/3] ip address 10.0.12.2 255.255.255.0
[R2-GigaitEthernet0/0/3] quit

# Configure IP addresses for GE0/0/3, Loopback0, Loopback1, and Loopback2 of R3.

[R3]interface LoopBack0
[R3-LoopBack0] ip address 10.0.3.3 255.255.255.255
[R3-LoopBack0] quit
[R3]interface GigabitEthernet0/0/3
[R3-GigabitEthernet0/0/3] ip address 10.0.23.3 255.255.255.0
[R3-GigabitEthernet0/0/3] quit
HCIP-Datacom-Core Technology Lab Guide Page 105

[R3]interface LoopBack1
[R3-LoopBack1] ip address 172.17.1.1 255.255.255.0
[R3-LoopBack1] quit
[R3]interface LoopBack2
[R3-LoopBack1] ip address 172.17.2.1 255.255.255.0
[R3-LoopBack1] quit

# On R2, ping the IP addresses of the interconnected devices to test the connectivity.

<R2>ping -c 1 10.0.12.1
PING 10.0.12.1: 56 data bytes, press CTRL_C to break
Reply from 10.0.12.1: bytes=56 Sequence=1 ttl=255 time=80 ms

--- 10.0.12.1 ping statistics ---


1 packet(s) transmitted
1 packet(s) received
0.00% packet loss
round-trip min/avg/max = 80/80/80 ms

<R2>ping -c 1 10.0.23.3
PING 10.0.23.3: 56 data bytes, press CTRL_C to break
Reply from 10.0.23.3: bytes=56 Sequence=1 ttl=255 time=20 ms

--- 10.0.23.3 ping statistics ---


1 packet(s) transmitted
1 packet(s) received
0.00% packet loss
round-trip min/avg/max = 20/20/20 ms

Step 2 Configure EBGP peer relationships.

Configure EBGP peer relationships between R1 and R2, and between R2 and R3 through
directly connected interfaces.
# Configure R1.

[R1]bgp 64511
[R1-bgp] router-id 10.0.1.1
[R1-bgp] peer 10.0.12.2 as-number 64512

# Configure R2.

[R2]bgp 64512
[R2-bgp] router-id 10.0.2.2
[R2-bgp] peer 10.0.12.1 as-number 64511
[R2-bgp] peer 10.0.23.3 as-number 64513

# Configure R3.

[R3]bgp 64513
[R3-bgp] router-id 10.0.3.3
[R3-bgp] peer 10.0.23.2 as-number 64512

# Check the BGP peer relationship status on R2.


HCIP-Datacom-Core Technology Lab Guide Page 106

<R2>display bgp peer

BGP local router ID : 10.0.2.2


Local AS number : 64512
Total number of peers : 2 Peers in established state : 2

Peer V AS MsgRcvd MsgSent OutQ Up/Down State PrefRcv

10.0.12.1 4 64511 3 3 0 00:02:41 Established 0


10.0.23.3 4 64513 3 4 0 00:01:20 Established 0

The command output shows that EBGP peer relationships have been successfully
established between R1 and R2, and between R2 and R3.

Step 3 Configure automatic BGP route summarization.

Enable automatic BGP route summarization on R1, and configure R1 to advertise its
Loopback1 and Loopback2 routes to the BGP routing table so that R1 automatically
summarizes these routes.
# Create IP prefix list 1 to match the Loopback1 and Loopback2 routes.

[R1]ip ip-prefix 1 permit 172.16.0.0 16 greater-equal 24 less-equal 24

# Create a route-policy named hcip, create node 10, and configure an if-match clause
with IP prefix list 1 specified.

[R1]route-policy hcip permit node 10


[R1-route-policy] if-match ip-prefix 1
[R1-route-policy] quit

# Configure R1 to advertise the Loopback1 and Loopback2 routes to the BGP routing
table, and enable automatic BGP route summarization on R1.

[R1]bgp 64511
[R1-bgp] import-route direct route-policy hcip
[R1-bgp] summary automatic
Info: Automatic summarization is valid only for the routes imported through the import-route command.

Automatic summarization takes effect only on the routes imported using the import-
route command.
# Check the BGP routing table on R1.

<R1>display bgp routing-table

BGP Local routerID is 10.0.1.1


Status codes:* - valid, > - best, d - damped,
h - history, i - internal, s - suppressed, S- Stale
Origin : i - IGP,e - EGP, ? - incomplete

Total Number of Routes : 3


Network NextHop MED LocPrf PrefVal Path/Ogn
HCIP-Datacom-Core Technology Lab Guide Page 107

*> 172.16.0.0 127.0.0.1 0 ?


s> 172.16.1.0/24 0.0.0.0 0 0 ?
s> 172.16.2.0/24 0.0.0.0 0 0 ?

The Loopback1 and Loopback2 routes have been advertised to the BGP routing table. As
automatic BGP route summarization is enabled on R1, R1 summarizes these routes into
the summary route 172.16.0.0/16 and suppresses all the specific routes. In the routing
table, the s flag displayed before each specific route indicates that the route is
suppressed. As a result, R1 advertises only the summary route 172.16.0.0/16.
# Check the BGP routing table on R2.

<R2>display bgp routing-table

BGP Local router ID is 10.0.2.2


Status codes: * - valid, > - best, d - damped,
h - history, i - internal, s - suppressed, S - Stale
Origin : i - IGP, e - EGP, ? - incomplete

Total Number of Routes: 1


Network NextHop MED LocPrf PrefVal Path/Ogn

*> 172.16.0.0 10.0.12.1 0 64511?

The command output shows only the summary route 172.16.0.0/16 on R2.
# Check detailed information about the BGP summary route 172.16.0.0 on R2.

<R2>display bgp routing-table 172.16.0.0

BGP local router ID : 10.0.2.2


Local AS number : 64512
Paths: 1 available, 1 best, 1 select
BGP routing table entry information of 172.16.0.0/16:
From: 10.0.12.1 (10.0.1.1)
Route Duration: 01h09m27s
Direct Out-interface: GigabitEthernet0/0/3
Original nexthop: 10.0.12.1
Qos information : 0x0
AS-path 64511, origin incomplete, pref-val 0, valid, external, best, select, active, pre 255
Aggregator: AS 64511, Aggregator ID 10.0.1.1
Advertised to such 2 peers:
10.0.12.1
10.0.23.3

The path attributes of this route include the Aggregator attribute, which carries the AS
number and router ID of the device that generates the summary route.

Step 4 Configure manual BGP route summarization.

Configure R3 to advertise its Loopback1 and Loopback2 routes to the BGP routing table.
Run the aggregate command on R2 to manually summarize these routes and suppress
the advertisement of the specific routes.
# Create IP prefix list 1 to match the Loopback1 and Loopback2 routes.
HCIP-Datacom-Core Technology Lab Guide Page 108

[R3]ip ip-prefix 1 permit 172.17.0.0 16 greater-equal 24 less-equal 24

# Create a route-policy named hcip, create node 10, and configure an if-match clause
with IP prefix list 1 specified.

[R3]route-policy hcip permit node 10


[R3-route-policy] if-match ip-prefix 1
[R3-route-policy] quit

# Configure R3 to advertise its Loopback1 and Loopback2 routes to the BGP routing
table.

[R3]bgp 64513
[R3-bgp] import-route direct route-policy hcip

# Check the BGP routing table on R2.

<R2>display bgp routing-table

BGP Local routerID is 10.0.2.2


Status codes:* - valid, > - best, d - damped,
h - history, i - internal, s - suppressed, S- Stale
Origin : i - IGP,e - EGP, ? - incomplete

Total Number of Routes: 3


Network NextHop MED LocPrf PrefVal Path/Ogn

*> 172.16.0.0 10.0.12.1 0 64511?


*> 172.17.1.0/24 10.0.23.3 0 0 64513?
*> 172.17.2.0/24 10.0.23.3 0 0 64513?

The BGP routing table of R2 contains the BGP routes 172.17.1.0/24 and 172.17.2.0/24
advertised by R3.
# On R2, manually summarize the routes 172.17.1.0/24 and 172.17.2.0/24 into the
summary route 172.17.0.0/22, and suppress the advertisement of the specific routes.

[R2]bgp 64512
[R2-bgp] aggregate 172.17.0.0 22 detail-suppressed

# Check the BGP routing table on R2.

<R2>display bgp routing-table

BGP Local routerID is 10.0.2.2


Status codes:* - valid, > - best, d - damped,
h - history, i - internal, s - suppressed, S- Stale
Origin : i - IGP,e - EGP, ? - incomplete

Total Number of Routes: 4


Network NextHop MED LocPrf PrefVal Path/Ogn

*> 172.16.0.0 10.0.12.1 0 64511?


HCIP-Datacom-Core Technology Lab Guide Page 109

*> 172.17.0.0/22 127.0.0.1 0 ?


s> 172.17.1.0/24 10.0.23.3 0 0 64513?
s> 172.17.2.0/24 10.0.23.3 0 0 64513?

The summary route is displayed in the BGP routing table of R2.


# Check detailed information about the BGP summary route 172.16.0.0/22 on R2.

<R2>display bgp routing-table 172.17.0.0 22

BGP local router ID : 10.0.2.2


Local AS number : 64512
Paths: 1 available, 1 best, 1 select
BGP routing table entry information of 172.17.0.0/22:
Aggregated route.
Route Duration: 00h02m44s
Direct Out-interface: NULL0
Original nexthop: 127.0.0.1
Qos information : 0x0
AS-path Nil, origin incomplete, pref-val 0, valid, local, best, select, active, pre 255
Aggregator: AS 64512, Aggregator ID 10.0.2.2, Atomic-aggregate
Advertised to such 2 peers:
10.0.12.1
10.0.23.3

The command output shows that the AS-path field value is Nil, indicating that the
AS_Path attribute is empty. This means that the AS_Path attribute values of the specific
routes are lost. BGP depends on the AS_Path attribute to prevent routing loops.
Therefore, the loss of the AS_Path attribute value may cause a routing loop. The
command output also shows the BGP peers to which the summary route is advertised,
and these peers include the peer 10.0.23.3 (R3).
# Check the BGP routing table on R3.

<R3>display bgp routing-table

BGP Local routerID is 10.0.3.3


Status codes:* - valid, > - best, d - damped,
h - history, i - internal, s - suppressed, S- Stale
Origin : i - IGP,e - EGP, ? - incomplete

Total Number of Routes : 4


Network NextHop MED LocPrf PrefVal Path/Ogn

*> 172.16.0.0 10.0.23.2 0 64512 64511?


*> 172.17.0.0/22 10.0.23.2 0 64512?
*> 172.17.1.0/24 0.0.0.0 0 0 ?
*> 172.17.2.0/24 0.0.0.0 0 0 ?

The BGP routing table of R3 contains the summary route 172.17.0.0/22.


# To prevent routing loops, specify the as-set parameter when performing manual route
summarization on R2.

[R2]bgp 64512
HCIP-Datacom-Core Technology Lab Guide Page 110

[R2-bgp] aggregate 172.17.0.0 255.255.252.0 detail-suppressed as-set

# Check detailed information about the BGP summary route 172.17.0.0/22 on R2 again.

[R2]display bgp routing-table 172.17.0.0 22

BGP local router ID : 10.0.2.2


Local AS number : 64512
Paths: 1 available, 1 best, 1 select
BGP routing table entry information of 172.17.0.0/22:
Aggregated route.
Route Duration: 00h09m31s
Direct Out-interface: NULL0
Original nexthop: 127.0.0.1
Qos information : 0x0
AS-path 64513, origin incomplete, pref-val 0, valid, local, best, select, active, pre 255
Aggregator: AS 64512, Aggregator ID 10.0.2.2, Atomic-aggregate
Advertised to such 2 peers:
10.0.12.1
10.0.23.3

The command output shows that the value of the AS_Path attribute in the summary
route is 64513, and the route is still advertised to the peer 10.0.23.3 (R3).
# Check the BGP routing table on R3 again.

<R3>display bgp routing-table

BGP Local routerID is 10.0.3.3


Status codes:* - valid, > - best, d - damped,
h - history, i - internal, s - suppressed, S- Stale
Origin : i - IGP,e - EGP, ? - incomplete

Total Number of Routes: 4


Network NextHop MED LocPrf PrefVal Path/Ogn

*> 172.16.0.0 10.0.23.2 0 6451264511?


*> 172.17.1.0/24 0.0.0.0 0 0 ?
*> 172.17.2.0/24 0.0.0.0 0 0 ?

After R3 receives the summary route 172.17.0.0/22, it finds its own AS number (64153) in
the AS_Path attribute of the route and ignores this route. In this case, the summary route
172.17.0.0/22 does not exist in the BGP routing table of R3. Therefore, using the as-set
parameter for manual route summarization effectively prevents a routing loop.
----End

3.2.3 Quiz
What are the differences between the path attributes carried in a summary route
generated using the aggregate command and that generated using the summary
automatic command?
HCIP-Datacom-Core Technology Lab Guide Page 111

3.2.4 Configuration Reference


Configuration on R1

#
sysname R1
#
interface GigabitEthernet0/0/2
ip address 10.0.12.1 255.255.255.0
#
interface NULL0
#
interface LoopBack0
ip address 10.0.1.1 255.255.255.255
#
interface LoopBack1
ip address 172.16.1.1 255.255.255.0
#
interface LoopBack2
ip address 172.16.2.1 255.255.255.0
#
bgp 64511
router-id 10.0.1.1
peer 10.0.12.2 as-number 64512
#
ipv4-family unicast
undo synchronization
summary automatic
import-route direct route-policy hcip
peer 10.0.12.2 enable
#
route-policy hcip permit node 10
if-match ip-prefix 1
#
ip ip-prefix 1 index 10 permit 172.16.0.0 16 greater-equal 24 less-equal 24
#
return

Configuration on R2

#
sysname R2
#
interface GigabitEthernet0/0/2
ip address 10.0.23.2 255.255.255.0
#
interface GigabitEthernet0/0/3
ip address 10.0.12.2 255.255.255.0
#
interface LoopBack0
ip address 10.0.2.2 255.255.255.255
#
bgp 64512
router-id 10.0.2.2
peer 10.0.12.1 as-number 64511
HCIP-Datacom-Core Technology Lab Guide Page 112

peer 10.0.23.3 as-number 64513


#
ipv4-family unicast
undo synchronization
aggregate 172.17.0.0 255.255.252.0 as-set detail-suppressed
peer 10.0.12.1 enable
peer 10.0.23.3 enable
#
return

Configuration on R3

#
sysname R3
#
interface LoopBack0
ip address 10.0.3.3 255.255.255.255
#
interface LoopBack1
ip address 172.17.1.1 255.255.255.0
#
interface LoopBack2
ip address 172.17.2.1 255.255.255.0
#
bgp 64513
router-id 10.0.3.3
peer 10.0.23.2 as-number 64512
#
ipv4-family unicast
undo synchronization
import-route direct route-policy hcip
peer 10.0.23.2 enable
#
route-policy hcip permit node 10
if-match ip-prefix 1
#
ip ip-prefix 1 index 10 permit 172.17.0.0 16 greater-equal 24 less-equal 24
#
return

3.3 Lab 3: BGP RR


3.3.1 Introduction
3.3.1.1 Objectives
Upon completion of this task, you will be able to:
⚫ Deploy RRs in an AS.
⚫ Analyze how the BGP path attribute Originator_ID implements routing loop
prevention in an RR environment.
HCIP-Datacom-Core Technology Lab Guide Page 113

⚫ Analyze how the BGP path attribute Cluster_List implements routing loop prevention
in an RR environment.

3.3.1.2 Networking Topology


Figure 3-3 BGP RR

R1, R2, R3, and R4 belong to AS 64511. The preceding figure shows the device
interconnection mode and IP addresses of interconnection interfaces. Loopback0 is
created on each device, and its IP address is in the format of 10.0.x.x/32, where x
indicates the device number. The Loopback1 addresses of R1 and R2 are 10.1.1.1/24 and
10.2.2.2/24, respectively. The loopback interfaces are used to simulate user network
segments.
All devices use the IP addresses of Loopback0 as their BGP router IDs. IBGP peer
relationships are established between R1 and R2, R2 and R3, R3 and R4, and R4 and R2
through directly connected interfaces. R1 is the RR client of R2, R2 is the RR client of R3,
and R3 is the RR client of R4.

3.3.1.3 Background
The headquarters network of a company uses BGP as the routing protocol. The four
routers in the headquarters establish IBGP peer relationships (not fully meshed). To
enable the four routers to learn complete BGP routes, BGP RRs need to be deployed on
the network.

3.3.2 Lab Configuration


3.3.2.1 Configuration Roadmap
1. Configure IP addresses for the devices.
2. Configure OSPF in the AS, and activate OSPF on the interconnection and Loopback0
interfaces.
3. Establish IBGP peer relationships through directly connected interfaces in the AS.
4. Configure RRs, and specify R1 as the RR client of R2, R2 as the RR client of R3, and
R3 as the RR client of R4.
HCIP-Datacom-Core Technology Lab Guide Page 114

5. Configure R2 to advertise its Loopback1 route to the BGP routing table, and observe
how the Originator_ID attribute is used to prevent a routing loop.
6. Configure R1 to advertise its Loopback1 route to the BGP routing table, and observe
how the Cluster_List attribute is used to prevent a routing loop.

3.3.2.2 Configuration Procedure


Step 1 Configure IP addresses for interconnection interfaces and loopback interfaces.

# Name the devices.


The configuration details are not provided.
# Disable the interfaces that are not used in this experiment.
The configuration details are not provided.
# Configure IP addresses for GE0/0/2, Loopback0, and Loopback1 of R1.

[R1]interface GigabitEthernet0/0/2
[R1-GigabitEthernet0/0/2] ip address 10.0.12.1 255.255.255.0
[R1-GigabitEthernet0/0/2] quit
[R1]interface LoopBack0
[R1-LoopBack0] ip address 10.0.1.1 255.255.255.255
[R1-LoopBack0] quit
[R1]interface LoopBack1
[R1-LoopBack1] ip address 10.1.1.1 255.255.255.0
[R1-LoopBack1] quit

# Configure IP addresses for GE0/0/1, GE0/0/2, GE0/0/3, and Loopback0 of R2.

[R2]interface LoopBack0
[R2-LoopBack0] ip address 10.0.2.2 255.255.255.255
[R2-LoopBack0] quit
[R2]interface GigabitEthernet0/0/1
[R2-GigabitEthernet0/0/1] ip address 10.0.24.2 255.255.255.0
[R2-GigabitEthernet0/0/1] quit
[R2]interface GigabitEthernet0/0/2
[R2-GigabitEthernet0/0/2] ip address 10.0.23.2 255.255.255.0
[R2-GigabitEthernet0/0/2] quit
[R2]interface GigabitEthernet0/0/3
[R2-GigabitEthernet0/0/3] ip address 10.0.12.2 255.255.255.0
[R2-GigabitEthernet0/0/3] quit

# Configure IP addresses for GE0/0/2, GE0/0/3, and Loopback0 of R3.

[R3]interface LoopBack0
[R3-LoopBack0] ip address 10.0.3.3 255.255.255.255
[R3-LoopBack0] quit
[R3]interface GigabitEthernet0/0/2
[R3-GigabitEthernet0/0/2] ip address 10.0.34.3 255.255.255.0
[R3-GigabitEthernet0/0/2] quit
[R3]interface GigabitEthernet0/0/3
[R3-GigabitEthernet0/0/3] ip address 10.0.23.3 255.255.255.0
[R3-GigabitEthernet0/0/3] quit

# Configure IP addresses for GE0/0/1, GE0/0/3, and Loopback0 of R4.


HCIP-Datacom-Core Technology Lab Guide Page 115

[R4]interface LoopBack0
[R4-LoopBack0] ip address 10.0.4.4 255.255.255.255
[R4-LoopBack0] quit
[R4]interface GigabitEthernet0/0/1
[R4-GigabitEthernet0/0/1] ip address 10.0.24.4 255.255.255.0
[R4-GigabitEthernet0/0/1] quit
[R4]interface GigabitEthernet0/0/3
[R4-GigabitEthernet0/0/3] ip address 10.0.34.4 255.255.255.0
[R4-GigabitEthernet0/0/3] quit

# On R2 and R3, ping the IP addresses of the interconnected devices to test the
connectivity.

<R2>ping -c 1 10.0.12.1
PING 10.0.12.1: 56 data bytes, press CTRL_C to break
Reply from 10.0.12.1: bytes=56 Sequence=1 ttl=255 time=40 ms

--- 10.0.12.1 ping statistics ---


1 packet(s) transmitted
1 packet(s) received
0.00% packet loss
round-trip min/avg/max = 40/40/40 ms

<R2>ping -c 1 10.0.23.3
PING 10.0.23.3: 56 data bytes, press CTRL_C to break
Reply from 10.0.23.3: bytes=56 Sequence=1 ttl=255 time=10 ms

--- 10.0.23.3 ping statistics ---


1 packet(s) transmitted
1 packet(s) received
0.00% packet loss
round-trip min/avg/max = 10/10/10 ms

<R2>ping -c 1 10.0.24.4
PING 10.0.24.4: 56 data bytes, press CTRL_C to break
Reply from 10.0.24.4: bytes=56 Sequence=1 ttl=255 time=80 ms

--- 10.0.24.4 ping statistics ---


1 packet(s) transmitted
1 packet(s) received
0.00% packet loss
round-trip min/avg/max = 80/80/80 ms

<R3>ping -c 1 10.0.34.4
PING 10.0.34.4: 56 data bytes, press CTRL_C to break
Reply from 10.0.34.4: bytes=56 Sequence=1 ttl=255 time=10 ms

--- 10.0.34.4 ping statistics ---


1 packet(s) transmitted
1 packet(s) received
0.00% packet loss
round-trip min/avg/max = 10/10/10 ms

Step 2 Configure OSPF in AS 64511.


HCIP-Datacom-Core Technology Lab Guide Page 116

Configure R1, R2, R3, and R4 to use the IP addresses of Loopback0 as their router IDs,
and activate OSPF on the interconnection and Loopback0 interfaces.
# Configure R1.

[R1]ospf 1 router-id 10.0.1.1


[R1-ospf-1] area 0.0.0.0
[R1-ospf-1-area-0.0.0.0] network 10.0.1.1 0.0.0.0
[R1-ospf-1-area-0.0.0.0] network 10.0.12.1 0.0.0.0

# Configure R2.

[R2]ospf 1 router-id 10.0.2.2


[R2-ospf-1]area 0
[R2-ospf-1-area-0.0.0.0] network 10.0.2.2 0.0.0.0
[R2-ospf-1-area-0.0.0.0] network 10.0.12.2 0.0.0.0
[R2-ospf-1-area-0.0.0.0] network 10.0.23.2 0.0.0.0
[R2-ospf-1-area-0.0.0.0] network 10.0.24.2 0.0.0.0

# Configure R3.

[R3]ospf 1 router-id 10.0.3.3


[R3-ospf-1]area 0
[R3-ospf-1-area-0.0.0.0] network 10.0.3.3 0.0.0.0
[R3-ospf-1-area-0.0.0.0] network 10.0.23.3 0.0.0.0
[R3-ospf-1-area-0.0.0.0] network 10.0.34.3 0.0.0.0

# Configure R4.

[R4]ospf 1 router-id 10.0.4.4


[R4-ospf-1]area 0
[R4-ospf-1-area-0.0.0.0] network 10.0.4.4 0.0.0.0
[R4-ospf-1-area-0.0.0.0] network 10.0.24.4 0.0.0.0
[R4-ospf-1-area-0.0.0.0] network 10.0.34.4 0.0.0.0

# Check the brief information about OSPF neighbor relationships on R2 and R3.

<R2>display ospf peer brief

OSPF Process 1 with Router ID 10.0.2.2


Peer Statistic Information
----------------------------------------------------------------------------
Area Id Interface Neighbor id State
0.0.0.0 GigabitEthernet0/0/2 10.0.3.3 Full
0.0.0.0 GigabitEthernet0/0/3 10.0.1.1 Full
0.0.0.0 GigabitEthernet0/0/1 10.0.4.4 Full
----------------------------------------------------------------------------
<R3>display ospf peer brief

OSPF Process 1 with Router ID 10.0.3.3


Peer Statistic Information
----------------------------------------------------------------------------
Area Id Interface Neighbor id State
0.0.0.0 GigabitEthernet0/0/3 10.0.2.2 Full
0.0.0.0 GigabitEthernet0/0/2 10.0.4.4 Full
HCIP-Datacom-Core Technology Lab Guide Page 117

----------------------------------------------------------------------------

The command outputs show that all the OSPF neighbor relationships have been
established properly.
# Check the OSPF routing table on R4.

<R4>display ospf routing

OSPF Process 1 with Router ID 10.0.4.4


Routing Tables

Routing for Network


Destination Cost Type NextHop AdvRouter Area
10.0.4.4/32 0 Stub 10.0.4.4 10.0.4.4 0.0.0.0
10.0.24.0/24 1 Transit 10.0.24.4 10.0.4.4 0.0.0.0
10.0.34.0/24 1 Transit 10.0.34.4 10.0.4.4 0.0.0.0
10.0.1.1/32 2 Stub 10.0.24.2 10.0.1.1 0.0.0.0
10.0.2.2/32 1 Stub 10.0.24.2 10.0.2.2 0.0.0.0
10.0.3.3/32 1 Stub 10.0.34.3 10.0.3.3 0.0.0.0
10.0.12.0/24 2 Transit 10.0.24.2 10.0.1.1 0.0.0.0
10.0.23.0/24 2 Transit 10.0.24.2 10.0.2.2 0.0.0.0
10.0.23.0/24 2 Transit 10.0.34.3 10.0.2.2 0.0.0.0

Total Nets: 9
Intra Area: 9 Inter Area: 0 ASE: 0 NSSA: 0

The command output shows that R4 has learned the routes on the entire network.

Step 3 Configure IBGP peer relationships.

Establish IBGP peer relationships between Loopback0 interfaces in the AS.


# Configure R1.

[R1]bgp 64511
[R1-bgp] router-id 10.0.1.1
[R1-bgp] peer 10.0.12.2 as-number 64511

# Configure R2.

[R2-bgp] router-id 10.0.2.2


[R2-bgp] peer 10.0.12.1 as-number 64511
[R2-bgp] peer 10.0.23.3 as-number 64511
[R2-bgp] peer 10.0.24.4 as-number 64511

# Configure R3.

[R3]bgp 64511
[R3-bgp] router-id 10.0.3.3
[R3-bgp] peer 10.0.23.2 as-number 64511
[R3-bgp] peer 10.0.34.4 as-number 64511

# Configure R4.
HCIP-Datacom-Core Technology Lab Guide Page 118

[R4]bgp 64511
[R4-bgp] router-id 10.0.4.4
[R4-bgp] peer 10.0.24.2 as-number 64511
[R4-bgp] peer 10.0.34.3 as-number 64511

# Check the IBGP peer relationship status on R2 and R3.

<R2>display bgp peer

BGP local router ID : 10.0.2.2


Local AS number : 64511
Total number of peers : 3 Peers in established state : 3

Peer V AS MsgRcvd MsgSentOutQ Up/Down State PrefRcv

10.0.12.1 4 64511 3 3 0 00:05:39 Established 0


10.0.23.3 4 64511 3 4 0 00:05:23 Established 0
10.0.24.4 4 64511 3 4 0 00:05:16 Established 0

<R3>display bgp peer

BGP local router ID : 10.0.3.3


Local AS number : 64511
Total number of peers : 2 Peers in established state : 2

Peer V AS MsgRcvd MsgSent OutQ Up/Down State PrefRcv

10.0.23.2 4 64511 7 8 0 00:04:33 Established 0


10.0.34.4 4 64511 8 9 0 00:04:32 Established 0

The command outputs show that the IBGP peer relationships have been successfully
established in the AS.

Step 4 Configure RRs.

# Configure R1 as an RR client on R2.

[R2]bgp 64511
[R2-bgp] peer 10.0.12.1 reflect-client

# Configure R2 as an RR client on R3.

[R3]bgp 64511
[R3-bgp] peer 10.0.23.2 reflect-client

# Configure R3 as an RR client on R4.

[R4]bgp 64511
[R4-bgp] peer 10.0.34.3 reflect-client

Step 5 Verify that the Originator_ID attribute can prevent routing loops.

In this step, configure R2 to advertise the BGP route 10.2.2.0/24. Observe whether the
route is advertised back to R2 after being reflected by R3 and R4 in sequence. If so, a
routing loop may occur.
HCIP-Datacom-Core Technology Lab Guide Page 119

By default, after R2 advertises a BGP route, the route is directly advertised by R2 to R4. In
addition, the route is reflected by R3 to R4. In this case, R4 preferentially selects the route
directly advertised by R2 and does not reflect the route reflected by R3 back to R2. For
the purpose of this experiment, a route-policy needs to be configured on R2 to prevent
R2 from directly advertising the route 10.2.2.0/24 to R4.
# Configure a route-policy.

[R2]acl number 2000


[R2-acl-basic-2000] rule 5 permit
[R2-acl-basic-2000] quit

[R2]route-policy bgp deny node 10


[R2-route-policy] if-match acl 2000

# Apply the route-policy to filter routes to be advertised to the specified BGP peer.

[R2]bgp 64511
[R2-bgp] peer 10.0.24.4 route-policy bgp export

# Configure R2 to advertise the route 10.2.2.0/24.

[R2]bgp 64511
[R2-bgp] network 10.2.2.0 24

# Check detailed information about the route 10.2.2.0/24 on R2.

<R2>display bgp routing-table 10.2.2.0 24

BGP local router ID : 10.0.2.2


Local AS number : 64511
Paths : 1 available, 1 best, 1 select
BGP routing table entry information of 10.2.2.0/24:
Network route.
From : 0.0.0.0 (0.0.0.0)
Route Duration : 00h00m36s
Direct Out-interface : LoopBack1
Original nexthop : 10.2.2.2
Qos information : 0x0
AS-path Nil, origin igp, MED 0, pref-val 0, valid, local, best, select, pre 0
Advertised to such 2 peers:
10.0.23.3 #R3
10.0.12.1 #R1

The command output shows that R2 has advertised this route to R3 and R1, but not to
R4.
# Check detailed information about the BGP route 10.2.2.0/24 on R3.

<R3>display bgp routing-table 10.2.2.0 24

BGP local router ID : 10.0.3.3


Local AS number : 64511
Paths : 1 available, 1 best, 1 select
BGP routing table entry information of 10.2.2.0/24:
HCIP-Datacom-Core Technology Lab Guide Page 120

RR-client route.
From : 10.0.23.2 (10.0.2.2)
Route Duration : 00h31m14s
Relay IP Nexthop : 0.0.0.0
Relay IP Out-Interface: GigabitEthernet0/0/3
Original nexthop : 10.0.23.2
Qos information : 0x0
AS-path Nil, origin igp, MED 0, localpref 100, pref-val 0, valid, internal, best, select, active, pre 255
Advertised to such 1 peers:
10.0.34.4

R3 has reflected the BGP route 10.2.2.0/24 from its RR client to the peer 10.0.34.4 (R4). In
addition, the next-hop address of the BGP route is 10.0.23.2.
# Check detailed information about the BGP route 10.2.2.0/24 on R4.

<R4>display bgp routing-table 10.2.2.0 24

BGP local routerID : 10.0.4.4


Local AS number : 64511
Paths : 1available, 1best, 1select
BGP routing table entry information of 10.2.2.0/24:
RR-client route.
From : 10.0.34.3 (10.0.3.3)
Route Duration : 00h23m59s
Relay IP Nexthop : 10.0.24.2
Relay IP Out-Interface : GigabitEthernet0/0/1
Original nexthop : 10.0.23.2
Qos information : 0x0
AS-path Nil, origin igp, MED 0, localpref 100, pref-val 0, valid, internal, best, select, active, pre 255, IGP cost 2
Originator : 10.0.2.2
Cluster list : 10.0.3.3
Advertised to such 1 peers:
10.0.24.2

The route is received from the RR client R3. When R3 reflects the original route, the next-
hop address of the route remains unchanged, and R3 adds the Originator_ID attribute
with the value of 10.0.2.2 to the route. After receiving this route from R3, R4 reflects it to
R2.
# Check detailed information about the BGP route 10.2.2.0/24 on R2 again.

<R2>display bgp routing-table 10.2.2.0 24

BGP local routerID : 10.0.2.2


Local AS number : 64511
Paths : 1available, 1best, 1select
BGP routing table entry information of 10.2.2.0/24:
Networkroute.
From: 0.0.0.0 (0.0.0.0)
Route Duration : 00h57m17s
Direct Out-interface : LoopBack1
Original nexthop : 10.2.2.2
Qos information : 0x0
AS-path Nil, origin igp, MED 0, pref-val 0, valid, local, best, select, pre 0
Advertised to such 2 peers:
HCIP-Datacom-Core Technology Lab Guide Page 121

10.0.23.3
10.0.12.1

Only the locally advertised BGP route exists in the routing table, and the BGP route
advertised by R4 does not exist.
# Check detailed information about the BGP peer 10.0.24.4 on R2.

<R2>display bgp peer 10.0.24.4 verbose

BGP Peer is 10.0.24.4, remote AS 64511


Type: IBGP link
BGP version 4, Remote router ID 10.0.4.4
Update-group ID :2
BGP current state : Established, Up for 00h27m44s
BGP current event : RecvKeepalive
BGP last state : OpenConfirm
BGP Peer Up count :2
Received total routes :0
Received active routes total: 0
Advertised total routes :0
Port: Local - 179 Remote - 64495
Configured: Connect-retry Time : 32 sec
Configured: Active Hold Time : 180 sec Keepalive Time:60 sec
Received : Active Hold Time : 180 sec
Negotiated: Active Hold Time : 180 sec Keepalive Time:60 sec
Peer optional capabilities:
Peer supports bgp multi-protocol extension
Peer supports bgp route refresh capability
Peer supports bgp 4-byte-as capability
Address family IPv4 Unicast: advertised and received
Received: Total 30 messages
Update messages 1
Open messages 1
KeepAlive messages 28
Notification messages 0
Refresh messages 0
Sent: Total 30 messages
Update messages 0
Open messages 2
KeepAlive messages 28
Notification messages 0
Refresh messages 0
Authentication type configured: None
Last keepalive received: 2020-06-02 14:12:02-08:00
Minimum route advertisement interval is 15 seconds
Optional capabilities:
Route refresh capability has been enabled
4-byte-as capability has been enabled
Peer Preferred Value: 0
Routing policy configured:
No import update filter list
No export update filter list
No import prefix list
No export prefix list
No import route policy
HCIP-Datacom-Core Technology Lab Guide Page 122

Export route policy is: bgp


No import distribute policy
No export distribute policy

The command output shows that R2 receives an Update message from R4 and does not
send an Update message to R4 (due to routing filtering by the route-policy). However,
the BGP route 10.2.2.0/24 advertised by R4 does not exist in R2's BGP routing table.
# Trigger an import soft reset on R2 to allow R4 to re-send Update messages.

<R2>refresh bgp 10.0.24.4 import

# Check the number of Update messages sent and received on R2 again.

<R2>display bgp peer 10.0.24.4 verbose | in Update


Update-group ID : 2
BGP current event : RecvUpdate
Update messages 2
Update messages 0

The number of received Update messages increases. R2 receives the BGP route
10.2.2.0/24 from R4.
# Check detailed information about the BGP route 10.2.2.0/24 on R2 again.

<R2>display bgp routing-table 10.2.2.0 24

BGP local router ID : 10.0.2.2


Local AS number : 64511
Paths : 1 available, 1 best, 1 select
BGP routing table entry information of 10.2.2.0/24:
Network route.
From : 0.0.0.0 (0.0.0.0)
Route Duration : 01h07m12s
Direct Out-interface : LoopBack1
Original nexthop : 10.2.2.2
Qos information : 0x0
AS-path Nil, origin igp, MED 0, pref-val 0, valid, local, best, select, pre 0
Advertised to such 2 peers:
10.0.23.3
10.0.12.1

Still only the locally advertised BGP route exists in the routing table. The value of the
Originator_ID attribute of the BGP route advertised by R4 is the same as the local router
ID. As a result, R2 ignores the route advertised by R4.

Step 6 Verify that the Cluster_List attribute can prevent routing loops.

To facilitate observation, cancel BGP route advertisement on R2. Configure R1 to


advertise its Loopback1 route to the BGP routing table. Observe how the Cluster_List
attribute prevents routing loops.
# Delete the BGP route advertised by R2.

[R2]bgp 64511
[R2-bgp] undo network 10.2.2.0 255.255.255.0
HCIP-Datacom-Core Technology Lab Guide Page 123

# Configure R1 to advertise its Loopback1 route to the BGP routing table.

[R1]bgp 64511
[R1-bgp] network 10.1.1.0 24

# Check detailed information about the BGP route 10.1.1.0 /24 on R1, R2, R3, and R4 in
sequence.

[R1]display bgp routing-table 10.1.1.0 24

BGP local router ID : 10.0.1.1


Local AS number : 64511
Paths : 1 available, 1 best, 1 select
BGP routing table entry information of 10.1.1.0/24:
Network route.
From : 0.0.0.0 (0.0.0.0)
Route Duration : 00h01m41s
Direct Out-interface : LoopBack1
Original nexthop : 10.1.1.1
Qos information : 0x0
AS-path Nil, origin igp, MED 0, pref-val 0, valid, local, best, select, pre 0
Advertised to such 1 peers:
10.0.12.2

R1 is the originator of the BGP route 10.1.1.0/24 and advertises it to R2 (10.0.12.2).

<R2>display bgp routing-table 10.1.1.0 24

BGP local router ID : 10.0.2.2


Local AS number : 64511
Paths : 1 available, 1 best, 1 select
BGP routing table entry information of 10.1.1.0/24:
RR-client route.
From : 10.0.12.1 (10.0.1.1)
Route Duration : 00h02m03s
Relay IP Nexthop : 0.0.0.0
Relay IP Out-Interface: GigabitEthernet0/0/3
Original nexthop : 10.0.12.1
Qos information : 0x0
AS-path Nil, origin igp, MED 0, localpref 100, pref-val 0, valid, internal, best, select, active, pre 255
Advertised to such 1 peers:
10.0.23.3

R2 receives the BGP route 10.1.1.0/24 from its RR client R1 and reflects it to R3
(10.0.23.3).

<R3>display bgp routing-table 10.1.1.0 24

BGP local router ID : 10.0.3.3


Local AS number : 64511
Paths : 1 available, 1 best, 1 select
BGP routing table entry information of 10.1.1.0/24:
RR-client route.
From : 10.0.23.2 (10.0.2.2)
Route Duration : 00h02m21s
HCIP-Datacom-Core Technology Lab Guide Page 124

Relay IP Nexthop : 10.0.23.2


Relay IP Out-Interface: GigabitEthernet0/0/3
Original nexthop : 10.0.12.1
Qos information : 0x0
AS-path Nil, origin igp, MED 0, localpref 100, pref-val 0, valid, internal, best, select, active, pre 255, IGP cost 2
Originator : 10.0.1.1
Cluster list : 10.0.2.2
Advertised to such 1 peers:
10.0.34.4

R3 receives the BGP route 10.1.1.0/24 from its RR client R2, which added the Cluster_List
attribute with the value of 10.0.2.2 to the route when reflecting it. R3 then reflects the
received route to R4 (10.0.34.4).

<R4>display bgp routing-table 10.1.1.0 24

BGP local router ID : 10.0.4.4


Local AS number : 64511
Paths : 1 available, 1 best, 1 select
BGP routing table entry information of 10.1.1.0/24:
RR-client route.
From : 10.0.34.3 (10.0.3.3)
Route Duration : 00h02m44s
Relay IP Nexthop : 10.0.24.2
Relay IP Out-Interface: GigabitEthernet0/0/1
Original nexthop : 10.0.12.1
Qos information : 0x0
AS-path Nil, origin igp, MED 0, localpref 100, pref-val 0, valid, internal, best, select, active, pre 255, IGP cost 2
Originator : 10.0.1.1
Cluster list : 10.0.3.3, 10.0.2.2
Advertised to such 1 peers:
10.0.24.2

R4 receives the BGP route 10.1.1.0/24 from its RR client R3, which added the Cluster_List
attribute with the values of 10.0.3.3 and 10.0.2.2 to the route when reflecting it. R4 then
reflects the received route to R2 (10.0.24.2).
# Check the BGP routing table on R2 again.

<R2>display bgp routing-table

BGP Local router ID is 10.0.2.2


Status codes: * - valid, > - best, d - damped,
h - history, i - internal, s - suppressed, S - Stale
Origin : i - IGP, e - EGP, ? - incomplete

Total Number of Routes: 1


Network NextHop MED LocPrf PrefVal Path/Ogn

*>i 10.1.1.0/24 10.0.12.1 0 100 0 i

The BGP routing table of R2 still contains only the BGP route 10.1.1.0/24 received from
the peer 10.0.12.1.
HCIP-Datacom-Core Technology Lab Guide Page 125

# Check detailed information about the BGP peer 10.0.24.4 on R2.

<R2>display bgp peer 10.0.24.4 verbose

BGP Peer is 10.0.24.4, remote AS 64511


Type: IBGP link
BGP version 4, Remote router ID 10.0.4.4
Update-group ID :2
BGP current state : Established, Up for 00h29m13s
BGP current event : RecvKeepalive
BGP last state : OpenConfirm
BGP Peer Up count :2
Received total routes :0
Received active routes total :0
Advertised total routes :0
Port: Local - 179Remote - 64495
Configured: Connect-retry Time : 32sec
Configured: Active Hold Time 180sec Keepalive Time:60 sec
Received : Active Hold Time : 180sec
Negotiated: Active Hold Time : 180sec Keepalive Time:60 sec
Peer optional capabilities:
Peer supports bgp multi-protocol extension
Peer supports bgp route refresh capability
Peer supports bgp 4-byte-as capability
Address family IPv4 Unicast: advertised and received
Received: Total 32 messages
Update messages 1
Open messages 1
KeepAlive messages 30
Notification messages 0
Refresh messages 0
Sent: Total 32 messages
Update messages 0
Open messages 2
KeepAlive messages 30
Notification messages 0
Refresh messages 0
Authentication type configured: None
Last keepalive received: 2020-06-02 14:14:03-08:00
Minimum route advertisement interval is 15 seconds
Optional capabilities:
Route refresh capability has been enabled
4-byte-as capability has been enabled
Peer Preferred Value: 0
Routing policy configured:
No import update filter list
No export update filter list
No import prefix list
No export prefix list
No import route policy
Export route policy is: bgp
No import distribute policy
No export distribute policy
HCIP-Datacom-Core Technology Lab Guide Page 126

R2 receives an Update message from R4 and does not send an Update message to R4
(due to route filtering by the route-policy). However, the local BGP routing table does not
contain the BGP route 10.1.1.0/24 advertised by R4.
# Trigger an import soft reset on R2 to allow R4 to re-send Update messages.

<R2>refresh bgp 10.0.24.4 import

# Check the number of Update messages sent and received on R2 again.

<R2>display bgp peer 10.0.24.4 verbose | in Update


Update-group ID: 2
BGP current event: RecvUpdate
Update messages 2
Update messages 0

The number of received Update messages increases. R2 receives the BGP route
10.1.1.0/24 from R4.
# Check detailed information about the BGP route 10.1.1.0 24 on R2 again.

<R2>display bgp routing-table 10.1.1.0 24

BGP local routerID : 10.0.2.2


Local AS number : 64511
Paths : 1available, 1best, 1select
BGP routing table entry information of 10.1.1.0/24:
RR-client route.
From : 10.0.12.1 (10.0.1.1)
Route Duration : 00h31m20s
Relay IP Nexthop : 0.0.0.0
Relay IP Out-Interface : GigabitEthernet0/0/3
Original nexthop : 10.0.12.1
Qos information : 0x0
AS-path Nil, origin igp, MED 0, localpref 100, pref-val 0, valid, internal, best, select, active, pre 255
Advertised to such 1 peers:
10.0.23.3

Still only the BGP route advertised by R1 exists in the routing table. The Cluster_List
attribute of the BGP route advertised by R4 contains the cluster ID of R2. As a result, R2
ignores the route advertised by R4.

3.3.3 Quiz
Do the routes advertised by BGP to EBGP peers carry the Originator_ID and Cluster_List
attributes?

3.3.4 Configuration Reference


Configuration on R1

#
sysname R1
#
interface GigabitEthernet0/0/2
HCIP-Datacom-Core Technology Lab Guide Page 127

ip address 10.0.12.1 255.255.255.0


#
interface LoopBack0
ip address 10.0.1.1 255.255.255.255
#
interface LoopBack1
ip address 10.1.1.1 255.255.255.0
#
bgp 64511
router-id 10.0.1.1
peer 10.0.12.2 as-number 64511
#
ipv4-family unicast
undo synchronization
summary automatic
network 10.1.1.0 255.255.255.0
peer 10.0.12.2 enable
#
ospf 1 router-id 10.0.1.1
area 0.0.0.0
network 10.0.1.1 0.0.0.0
network 10.0.12.1 0.0.0.0
#
#
return

Configuration on R2

<R2>display current-configuration
#
sysname R2
#
acl number 2000
rule 5 permit
#
interface GigabitEthernet0/0/1
ip address 10.0.24.2 255.255.255.0
#
interface GigabitEthernet0/0/2
ip address 10.0.23.2 255.255.255.0
#
interface GigabitEthernet0/0/3
ip address 10.0.12.2 255.255.255.0
#
interface LoopBack0
ip address 10.0.2.2 255.255.255.255
#
interface LoopBack1
ip address 10.2.2.2 255.255.255.0
#
bgp 64511
router-id 10.0.2.2
peer 10.0.12.1 as-number 64511
peer 10.0.23.3 as-number 64511
peer 10.0.24.4 as-number 64511
HCIP-Datacom-Core Technology Lab Guide Page 128

#
ipv4-family unicast
undo synchronization
peer 10.0.12.1 enable
peer 10.0.12.1 reflect-client
peer 10.0.23.3 enable
peer 10.0.24.4 enable
peer 10.0.24.4 route-policy bgp export
#
ospf 1 router-id 10.0.2.2
area 0.0.0.0
network 10.0.2.2 0.0.0.0
network 10.0.12.2 0.0.0.0
network 10.0.23.2 0.0.0.0
network 10.0.24.2 0.0.0.0
#
route-policy bgp deny node 10
if-match acl 2000
#
return

Configuration on R3

<R3>display current-configuration
#
sysname R3
#
interface GigabitEthernet0/0/2
ip address 10.0.34.3 255.255.255.0
#
interface GigabitEthernet0/0/3
ip address 10.0.23.3 255.255.255.0
#
interface LoopBack0
ip address 10.0.3.3 255.255.255.255
#
bgp 64511
router-id 10.0.3.3
peer 10.0.23.2 as-number 64511
peer 10.0.34.4 as-number 64511
#
ipv4-family unicast
undo synchronization
peer 10.0.23.2 enable
peer 10.0.23.2 reflect-client
peer 10.0.34.4 enable
#
ospf 1 router-id 10.0.3.3
area 0.0.0.0
network 10.0.3.3 0.0.0.0
network 10.0.23.3 0.0.0.0
network 10.0.34.3 0.0.0.0
#
return
HCIP-Datacom-Core Technology Lab Guide Page 129

Configuration on R4

<R4>display current-configuration
#
sysname R4
#
interface GigabitEthernet0/0/1
ip address 10.0.24.4 255.255.255.0
#
interface GigabitEthernet0/0/3
ip address 10.0.34.4 255.255.255.0
#
interface LoopBack0
ip address 10.0.4.4 255.255.255.255
#
bgp 64511
router-id 10.0.4.4
peer 10.0.24.2 as-number 64511
peer 10.0.34.3 as-number 64511
#
ipv4-family unicast
undo synchronization
peer 10.0.24.2 enable
peer 10.0.34.3 enable
peer 10.0.34.3 reflect-client
#
ospf 1 router-id 10.0.4.4
area 0.0.0.0
network 10.0.4.4 0.0.0.0
network 10.0.24.4 0.0.0.0
network 10.0.34.4 0.0.0.0
#
return

3.4 Lab 4: BGP Route Selection


3.4.1 Introduction
3.4.1.1 Objectives
Upon completion of this task, you will be able to:
⚫ Change the AS_Path attribute to affect route selection.
⚫ Change the Local_Pref attribute to affect route selection.
⚫ Change the MED attribute to affect route selection.
⚫ Change the PrefVal attribute to affect route selection.
HCIP-Datacom-Core Technology Lab Guide Page 130

3.4.1.2 Networking Topology


Figure 3-4 BGP route selection

The preceding figure shows the device interconnection mode and IP addresses of
interconnection interfaces. Loopback0 is created on each device, and its IP address is in
the format of 10.0.x.x/32, where x indicates the device number. All devices use the IP
addresses of Loopback0 as their BGP router IDs.
R1 resides in AS 100; R5 resides in AS 200; R2, R3, and R4 reside in AS 64512. OSPF runs
in AS 64512, and OSPF is activated on the interconnection interfaces (excluding the
interfaces connected to external ASs) and Loopback0 interfaces.
EBGP peer relationships are established through directly connected interfaces, and IBGP
peer relationships are established through Loopback0 interfaces.
R1 and R5 share the following network segments: 172.16.1.0/24, 172.16.2.0/24,
172.16.3.0/24, and 172.16.4.0/24. R1 and R5 are configured to advertise routes destined
for these network segments to their BGP routing tables for route selection.

3.4.1.3 Background
You are a network administrator of a company. The company's network uses BGP to
access two service providers, ISP1 and ISP2. The company uses the private AS number
64512. The AS number of ISP1 is 100, and that of ISP2 is 200. The same network can be
reached through AS 100 and AS 200. You can adjust the route direction by changing
various BGP attributes.

3.4.2 Lab Configuration


3.4.2.1 Configuration Roadmap
1. Configure IP addresses for the devices.
2. Configure OSPF in AS 64512, and activate OSPF on the interconnection interfaces
(excluding the interfaces connected to external ASs) and Loopback0 interfaces.
3. Configure BGP peer relationships as planned, and configure R1 and R5 to advertise
network segment routes to their BGP routing tables.
HCIP-Datacom-Core Technology Lab Guide Page 131

4. On R1, configure a route-policy to change the AS_Path attribute of the BGP route
172.16.1.0/24 so that R3 preferentially selects the BGP route 172.16.1.0/24 advertised
by R5.
5. On R4, configure a route-policy to change the Local_Pref attribute of the BGP route
172.16.2.0/24 so that R3 preferentially selects the BGP route 172.16.2.0/24 advertised
by R4.
6. On R2, configure a route-policy to change the MED attribute of the BGP route
172.16.3.0/24 so that R3 preferentially selects the BGP route 172.16.3.0/24 advertised
by R5.
7. On R3, configure a route-policy to change the PrefVal attribute of the BGP route
172.16.4.0/24 so that R3 preferentially selects the BGP route 172.16.4.0/24 advertised
by R4.

3.4.2.2 Configuration Procedure


Step 1 Configure IP addresses for interconnection interfaces and loopback interfaces.

# Name the devices.


The configuration details are not provided.
# Disable the interfaces that are not used in this experiment.
The configuration details are not provided.
# Configure IP addresses for GE0/0/2 and Loopback0 of R1.

[R1]interface GigabitEthernet0/0/2
[R1-GigabitEthernet0/0/2] ip address 10.0.12.1 255.255.255.0
[R1-GigabitEthernet0/0/2] quit
[R1]interface LoopBack0
[R1-LoopBack0] ip address 10.0.1.1 255.255.255.255
[R1-LoopBack0] quit

# Create multiple loopback interfaces on R1 so that R1 can advertise the loopback routes
to the BGP routing table.

[R1]interface LoopBack1
[R1-LoopBack1] ip address 172.16.1.1 255.255.255.0
[R1-LoopBack1] quit
[R1]interface LoopBack2
[R1-LoopBack2] ip address 172.16.2.1 255.255.255.0
[R1-LoopBack2] quit
[R1]interface LoopBack3
[R1-LoopBack3] ip address 172.16.3.1 255.255.255.0
[R1-LoopBack3] quit
[R1]interface LoopBack4
[R1-LoopBack4] ip address 172.16.4.1 255.255.255.0
[R1-LoopBack4] quit

# Configure IP addresses for GE0/0/2, GE0/0/3, and Loopback0 of R2.

[R2]interface LoopBack0
[R2-LoopBack0] ip address 10.0.2.2 255.255.255.255
[R2-LoopBack0] quit
HCIP-Datacom-Core Technology Lab Guide Page 132

[R2]interface GigabitEthernet0/0/2
[R2-GigabitEthernet0/0/2] ip address 10.0.23.2 255.255.255.0
[R2-GigabitEthernet0/0/2] quit
[R2]interface GigabitEthernet0/0/3
[R2-GigabitEthernet0/0/3] ip address 10.0.12.2 255.255.255.0
[R2-GigabitEthernet0/0/3] quit

# Configure IP addresses for GE0/0/2, GE0/0/3, and Loopback0 of R3.

[R3]interface LoopBack0
[R3-LoopBack0] ip address 10.0.3.3 255.255.255.255
[R3-LoopBack0] quit
[R3]interface GigabitEthernet0/0/2
[R3-GigabitEthernet0/0/2] ip address 10.0.34.3 255.255.255.0
[R3-GigabitEthernet0/0/2] quit
[R3]interface GigabitEthernet0/0/3
[R3-GigabitEthernet0/0/3] ip address 10.0.23.3 255.255.255.0
[R3-GigabitEthernet0/0/3] quit

# Configure IP addresses for GE0/0/2, GE0/0/3, and Loopback0 of R4.

[R4]interface GigabitEthernet0/0/2
[R4-GigabitEthernet0/0/2] ip address 10.0.45.4 255.255.255.0
[R4-GigabitEthernet0/0/2] quit
[R4]interface GigabitEthernet0/0/3
[R4-GigabitEthernet0/0/3] ip address 10.0.34.4 255.255.255.0
[R4-GigabitEthernet0/0/3] quit
[R4]interface LoopBack0
[R4-LoopBack0] ip address 10.0.4.4 255.255.255.255
[R4-LoopBack0] quit

# Configure IP addresses for GE0/0/3 and Loopback0 of R5.

[R5]interface LoopBack0
[R5-LoopBack0] ip address 10.0.5.5 255.255.255.255
[R5-LoopBack0] quit
[R5]interface GigabitEthernet0/0/3
[R5-GigabitEthernet0/0/3] ip address 10.0.45.5 255.255.255.0
[R5-GigabitEthernet0/0/3] quit

# Create multiple loopback interfaces on R5 so that R5 can advertise the loopback routes
to the BGP routing table.

[R5]interface LoopBack1
[R5-LoopBack1] ip address 172.16.1.1 255.255.255.0
[R5-LoopBack1] quit
[R5]interface LoopBack2
[R5-LoopBack2] ip address 172.16.2.1 255.255.255.0
[R5-LoopBack2] quit
[R5]interface LoopBack3
[R5-LoopBack3] ip address 172.16.3.1 255.255.255.0
[R5-LoopBack3] quit
[R5]interface LoopBack4
[R5-LoopBack4] ip address 172.16.4.1 255.255.255.0
[R5-LoopBack4] quit
HCIP-Datacom-Core Technology Lab Guide Page 133

# On R2 and R4, ping the IP addresses of the interconnected devices to test the
connectivity.

<R2>ping -c 1 10.0.12.1
PING 10.0.12.1: 56 data bytes, press CTRL_C to break
Reply from 10.0.12.1: bytes=56 Sequence=1 ttl=255 time=80 ms

--- 10.0.12.1 ping statistics ---


1 packet(s) transmitted
1 packet(s) received
0.00% packet loss
round-trip min/avg/max = 80/80/80 ms

<R2>ping -c 1 10.0.23.3
PING 10.0.23.3: 56 data bytes, press CTRL_C to break
Reply from 10.0.23.3: bytes=56 Sequence=1 ttl=255 time=20 ms

--- 10.0.23.3 ping statistics ---


1 packet(s) transmitted
1 packet(s) received
0.00% packet loss
round-trip min/avg/max = 20/20/20 ms

<R4>ping -c 1 10.0.34.3
PING 10.0.34.3: 56 data bytes, press CTRL_C to break
Reply from 10.0.34.3: bytes=56 Sequence=1 ttl=255 time=50 ms

--- 10.0.34.3 ping statistics ---


1 packet(s) transmitted
1 packet(s) received
0.00% packet loss
round-trip min/avg/max = 50/50/50 ms

<R4>ping -c 1 10.0.45.5
PING 10.0.45.5: 56 data bytes, press CTRL_C to break
Reply from 10.0.45.5: bytes=56 Sequence=1 ttl=255 time=30 ms

--- 10.0.45.5 ping statistics ---


1 packet(s) transmitted
1 packet(s) received
0.00% packet loss
round-trip min/avg/max = 30/30/30 ms

Step 2 Configure OSPF in AS 64512.

Configure R2, R3, and R4 use the IP addresses of Loopback0 as their router IDs, and
activate OSPF on the interconnection interfaces (excluding the interfaces connected to
external ASs) and Loopback0 interfaces.
# Configure R2, and activate OSPF on Loopback0 and GE0/0/2.

[R2]ospf 1 router-id 10.0.2.2


[R2-ospf-1] area 0.0.0.0
[R2-ospf-1-area-0.0.0.0] network 10.0.2.2 0.0.0.0
[R2-ospf-1-area-0.0.0.0] network 10.0.23.2 0.0.0.0
HCIP-Datacom-Core Technology Lab Guide Page 134

[R2-ospf-1-area-0.0.0.0] quit
[R2-ospf-1] quit

# Configure R3, and activate OSPF on Loopback0, GE0/0/2, and GE0/0/3.

[R3]ospf 1 router-id 10.0.3.3


[R3-ospf-1] area 0.0.0.0
[R3-ospf-1-area-0.0.0.0] network 10.0.3.3 0.0.0.0
[R3-ospf-1-area-0.0.0.0] network 10.0.23.3 0.0.0.0
[R3-ospf-1-area-0.0.0.0] network 10.0.34.3 0.0.0.0
[R3-ospf-1-area-0.0.0.0] quit
[R3-ospf-1] quit

# Configure R4, and activate OSPF on Loopback0 and GE0/0/3.

[R4]ospf 1 router-id 10.0.4.4


[R4-ospf-1] area 0.0.0.0
[R4-ospf-1-area-0.0.0.0] network 10.0.4.4 0.0.0.0
[R4-ospf-1-area-0.0.0.0] network 10.0.34.4 0.0.0.0
[R4-ospf-1-area-0.0.0.0] quit
[R4-ospf-1] quit

# Check the brief information about OSPF neighbor relationships on R3.

<R3>display ospf peer brief

OSPF Process 1 with Router ID 10.0.3.3


Peer Statistic Information
----------------------------------------------------------------------------
Area Id Interface Neighbor id State
0.0.0.0 GigabitEthernet0/0/2 10.0.4.4 Full
0.0.0.0 GigabitEthernet0/0/3 10.0.2.2 Full
----------------------------------------------------------------------------

The command output shows that R3 has established neighbor relationships with R2 and
R4.
# Check the OSPF routing table on R3.

<R3>display ospf routing

OSPF Process 1 with Router ID 10.0.3.3


Routing Tables

Routing for Network


Destination Cost Type NextHop AdvRouter Area
10.0.3.3/32 0 Stub 10.0.3.3 10.0.3.3 0.0.0.0
10.0.23.0/24 1 Transit 10.0.23.3 10.0.3.3 0.0.0.0
10.0.34.0/24 1 Transit 10.0.34.3 10.0.3.3 0.0.0.0
10.0.2.2/32 1 Stub 10.0.23.2 10.0.2.2 0.0.0.0
10.0.4.4/32 1 Stub 10.0.34.4 10.0.4.4 0.0.0.0

Total Nets: 5
Intra Area: 5 Inter Area: 0 ASE: 0 NSSA: 0
HCIP-Datacom-Core Technology Lab Guide Page 135

The command output shows that R3 has learned the Loopback0 routes from R2 and R4.

Step 3 Configure BGP peer relationships.

Establish IBGP peer relationships through loopback interfaces, and establish EBGP peer
relationships through interconnection interfaces.
# Configure R1.

[R1]bgp 100
[R1-bgp] router-id 10.0.1.1
[R1-bgp] peer 10.0.12.2 as 64512

# Configure R2.

[R2]bgp 64512
[R2-bgp] router-id 10.0.2.2
[R2-bgp] peer 10.0.3.3 as-number 64512
[R2-bgp] peer 10.0.3.3 connect-interface LoopBack0
[R2-bgp] peer 10.0.3.3 next-hop-local
[R2-bgp] peer 10.0.12.1 as-number 100

As OSPF is not activated on interconnection interfaces between ASs, R2 needs to be


configured to change the next-hop address of routes to the IP address of its source
interface when advertising them to the IBGP peer R3.
# Configure R3.

[R3]bgp 64512
[R3-bgp] router-id 10.0.3.3
[R3-bgp] peer 10.0.2.2 as-number 64512
[R3-bgp] peer 10.0.2.2 connect-interface LoopBack0
[R3-bgp] peer 10.0.4.4 as-number 64512
[R3-bgp] peer 10.0.4.4 connect-interface LoopBack0

# Configure R4.

[R4]bgp 64512
[R4-bgp] router-id 10.0.4.4
[R4-bgp] peer 10.0.3.3 as-number 64512
[R4-bgp] peer 10.0.3.3 connect-interface LoopBack0
[R4-bgp] peer 10.0.3.3 next-hop-local
[R4-bgp] peer 10.0.45.5 as-number 200

As OSPF is not activated on interconnection interfaces between ASs, R4 needs to be


configured to change the next-hop address of routes to the IP address of its source
interface when advertising them to the IBGP peer R3.
# Configure R5.

[R5]bgp 200
[R5-bgp] router-id 10.0.5.5
[R5-bgp] peer 10.0.45.4 as 64512

# Check the BGP peer relationship status on R2 and R4.


HCIP-Datacom-Core Technology Lab Guide Page 136

<R2>display bgp peer

BGP local router ID : 10.0.2.2


Local AS number : 64512
Total number of peers : 2 Peers in established state : 2

Peer V AS MsgRcvd MsgSent OutQ Up/Down State PrefRcv

10.0.3.3 4 64512 27 30 0 00:03:49 Established 0


10.0.12.1 4 100 11 11 0 00:03:54 Established 0
<R4>display bgp peer

BGP local router ID : 10.0.4.4


Local AS number : 64512
Total number of peers : 2 Peers in established state : 2

Peer V AS MsgRcvd MsgSent OutQ Up/Down State PrefRcv

10.0.3.3 4 64512 39 33 0 00:03:39 Established 0


10.0.45.5 4 200 4 6 0 00:02:54 Established 0

All the BGP peer relationships have been successfully established.


# Configure each of R1 and R5 to advertise the Loopback1, Loopback2, Loopback3, and
Loopback4 routes to the BGP routing table.

[R1]bgp 100
[R1-bgp] network 172.16.1.0 24
[R1-bgp] network 172.16.2.0 24
[R1-bgp] network 172.16.3.0 24
[R1-bgp] network 172.16.4.0 24

[R5]bgp 200
[R5-bgp] network 172.16.1.0 24
[R5-bgp] network 172.16.2.0 24
[R5-bgp] network 172.16.3.0 24
[R5-bgp] network 172.16.4.0 24

# Check the BGP routing table on R3 to check whether R3 has learned these BGP routes
successfully.

<R3>display bgp routing-table

BGP Local routerID is 10.0.3.3


Status codes:* - valid, > - best, d - damped,
h - history, i - internal, s - suppressed, S- Stale
Origin : i - IGP,e - EGP, ? - incomplete

Total Number of Routes: 8


Network NextHop MED LocPrf PrefVal Path/Ogn

*>i 172.16.1.0/24 10.0.2.2 0 100 0 100i


*i 10.0.4.4 0 100 0 200i
HCIP-Datacom-Core Technology Lab Guide Page 137

*>i 172.16.2.0/24 10.0.2.2 0 100 0 100i


*i 10.0.4.4 0 100 0 200i
*>i 172.16.3.0/24 10.0.2.2 0 100 0 100i
*i 10.0.4.4 0 100 0 200i
*>i 172.16.4.0/24 10.0.2.2 0 100 0 100i
*i 10.0.4.4 0 100 0 200i

R3 has learned the routes advertised by R1 and R5, and preferentially selects the route
advertised by R2.

Step 4 Change the AS_Path attribute.

On R1, configure a route-policy to change the AS_Path attribute of the BGP route
172.16.1.0/24 so that R3 preferentially selects the BGP route 172.16.1.0/24 advertised by
R5.
# Create IP prefix list 1 to match the Loopback1 route.

[R1]ip ip-prefix 1 permit 172.16.1.0 24 greater-equal 24 less-equal 24

# Create a route-policy named hcip, create node 10, configure an if-match clause with IP
prefix list 1 specified, and configure an apply clause to modify the AS_Path attribute of
the matched route.

[R1]route-policy hcip permit node 10


[R1-route-policy] if-match ip-prefix 1
[R1-route-policy] apply as-path 300 400 additive
[R1-route-policy] quit
[R1]route-policy hcip permit node 20

Create an empty node in the route-policy to ensure that no operation is performed on


the other three BGP routes.
# Apply the route-policy to the BGP routes to be advertised to the BGP peer R2.

[R1]bgp 100
[R1-bgp] peer 10.0.12.2 route-policy hcip export

# Trigger an export soft reset on R1 to update the advertised BGP routes.

<R1>refresh bgp all export

# Check detailed information about the BGP routes 172.16.1.0/24 on R3.

<R3>display bgp routing-table 172.16.1.0 24

BGP local routerID : 10.0.3.3


Local AS number : 64512
Paths : 2available, 1best, 1select
BGP routing table entry information of 172.16.1.0/24:
From: 10.0.4.4 (10.0.4.4)
Route Duration : 00h46m54s
Relay IP Nexthop : 10.0.34.4
Relay IP Out-Interface: GigabitEthernet0/0/2
Original nexthop : 10.0.4.4
HCIP-Datacom-Core Technology Lab Guide Page 138

Qos information : 0x0


AS-path 200, origin igp, MED 0, localpref 100, pref-val 0, valid, internal, best, select, active, pre 255, IGP cost 1
Not advertised to any peer yet

BGP routing table entry information of 172.16.1.0/24:


From: 10.0.2.2 (10.0.2.2)
Route Duration : 00h04m54s
Relay IP Nexthop : 10.0.23.2
Relay IP Out-Interface: GigabitEthernet0/0/3
Original nexthop : 10.0.2.2
Qos information : 0x0
AS-path 100 300 400, origin igp, MED 0, localpref 100, pref-val 0, valid, internal, pre 255, IGP cost 1, not preferred
for AS-Path
Not advertised to any peer yet

R3 preferentially selects the BGP route 172.16.1.0/24 advertised by R4. This is because the
AS_Path length in the route advertised by R2 is longer than that of the route advertised
by R4.

Step 5 Change the Local_Pref attribute.

On R4, configure a route-policy to change the Local_Pref attribute of the BGP route
172.16.2.0/24 so that R3 preferentially selects the BGP route 172.16.2.0/24 advertised by
R4.
# Create IP prefix list 1 to match the BGP route 172.16.2.0/24.

[R4]ip ip-prefix 1 permit 172.16.2.0 24 greater-equal 24 less-equal 24

# Create a route-policy named hcip, create node 10, configure an if-match clause with IP
prefix list 1 specified, and configure an apply clause to modify the Local_Pref attribute of
the matched route.

[R4]route-policy hcip permit node 10


[R4-route-policy] if-match ip-prefix 1
[R4-route-policy] apply local-preference 200
[R4-route-policy] quit
[R4]route-policy hcip permit node 20

Create an empty node in the route-policy to ensure that no operation is performed on


the other three BGP routes.
# Apply the route-policy to the BGP routes to be advertised to the BGP peer R3.

[R4]bgp 64512
[R4-bgp] peer 10.0.3.3 route-policy hcip export

# Trigger an export soft reset on R4 to update the advertised BGP routes.

<R4>refresh bgp all export

# Check detailed information about the BGP routes 172.16.2.0/24 on R3.

<R3>display bgp routing-table 172.16.2.0 24


HCIP-Datacom-Core Technology Lab Guide Page 139

BGP local router ID : 10.0.3.3


Local AS number : 64512
Paths : 2 available, 1 best, 1 select
BGP routing table entry information of 172.16.2.0/24:
From : 10.0.4.4 (10.0.4.4)
Route Duration : 00h01m00s
Relay IP Nexthop : 10.0.34.4
Relay IP Out-Interface : GigabitEthernet0/0/2
Original nexthop : 10.0.4.4
Qos information : 0x0
AS-path 200, origin igp, MED 0, localpref 200, pref-val 0, valid, internal, best, select, active, pre 255, IGP cost 1
Not advertised to any peer yet

BGP routing table entry information of 172.16.2.0/24:


From: 10.0.2.2 (10.0.2.2)
Route Duration : 00h07m09s
Relay IP Nexthop : 10.0.23.2
Relay IP Out-Interface : GigabitEthernet0/0/3
Original nexthop : 10.0.2.2
Qos information : 0x0
AS-path 100, origin igp, MED 0, localpref 100, pref-val 0, valid, internal, pre 255, IGP cost 1, not preferred for
Local_Pref
Not advertised to any peer yet

R3 preferentially selects the BGP route 172.16.2.0/24 advertised by R4. The Local_Pref
value of the BGP route advertised by R2 is 100, which is smaller than the Local_Pref value
200 of the BGP route advertised by R3. As a result, the BGP route advertised by R2 is not
preferentially selected.

Step 6 Change the MED attribute.

On R2, configure a route-policy to change the MED attribute of the BGP route
172.16.3.0/24 so that R3 preferentially selects the BGP route 172.16.3.0/24 advertised by
R5.
# Create IP prefix list 1 to match the BGP route 172.16.3.0/24.

[R2]ip ip-prefix 1 permit 172.16.3.0 24 greater-equal 24 less-equal 24

# Create a route-policy named hcip, create node 10, configure an if-match clause with IP
prefix list 1 specified, and configure an apply clause to modify the MED attribute of the
matched route.

[R2]route-policy hcip permit node 10


[R2-route-policy] if-match ip-prefix 1
[R2-route-policy] apply cost 200
[R2-route-policy] quit
[R2]route-policy hcip permit node 20

Create an empty node in the route-policy to ensure that no operation is performed on


the other three BGP routes.
# Apply the route-policy to the BGP routes received from the BGP peer R1.

[R2]bgp 64512
HCIP-Datacom-Core Technology Lab Guide Page 140

[R2-bgp] peer 10.0.12.1 route-policy hcip import

# Trigger an import soft reset on R2 to update the received BGP routes.

<R2>refresh bgp all import

# Configure R3 to compare the MED values of the BGP routes received from peers in
different ASs.

[R3]bgp 64512
[R3-bgp] compare-different-as-med

By default, BGP does not compare the MED values of routes received from peers in
different ASs.
# Check detailed information about the BGP routes 172.16.3.0/24 on R3.

<R3>display bgp routing-table 172.16.3.0 24

BGP local router ID : 10.0.3.3


Local AS number : 64512
Paths : 2 available, 1 best, 1 select
BGP routing table entry information of 172.16.3.0/24:
From : 10.0.4.4 (10.0.4.4)
Route Duration : 00h14m27s
Relay IP Nexthop : 10.0.34.4
Relay IP Out-Interface : GigabitEthernet0/0/2
Original nexthop : 10.0.4.4
Qos information : 0x0
AS-path 200, origin igp, MED 0, localpref 100, pref-val 0, valid, internal, best, select, active, pre 255, IGP cost 1
Not advertised to any peer yet

BGP routing table entry information of 172.16.3.0/24:


From: 10.0.2.2 (10.0.2.2)
Route Duration : 00h03m00s
Relay IP Nexthop : 10.0.23.2
Relay IP Out-Interface : GigabitEthernet0/0/3
Original nexthop : 10.0.2.2
Qos information : 0x0
AS-path 100, origin igp, MED 200, localpref 100, pref-val 0, valid, internal, pre 255, IGP cost 1, not preferred for MED
Not advertised to any peer yet

The MED value of the BGP route 172.16.3.0/24 advertised by R2 is 200, and that of the
BGP route advertised by R4 is 0. In this case, R3 preferentially selects the BGP route with
a smaller MED value. As a result, the BGP route advertised by R2 is not preferentially
selected.

Step 7 Change the PrefVal attribute.

On R3, configure a route-policy to change the PrefVal attribute of the BGP route
172.16.4.0/24 so that R3 preferentially selects the BGP route 172.16.4.0/24 advertised by
R4.
# Create IP prefix list 1 to match the BGP route 172.16.4.0/24.
HCIP-Datacom-Core Technology Lab Guide Page 141

[R3]ip ip-prefix 1 permit 172.16.4.0 24 greater-equal 24 less-equal 24

# Create a route-policy named hcip, create node 10, configure an if-match clause with IP
prefix list 1 specified, and configure an apply clause to modify the PrefVal attribute of the
matched route.

[R3]route-policy hcip permit node 10


[R3-route-policy] if-match ip-prefix 1
[R3-route-policy] apply preferred-value 300
[R3-route-policy] quit
[R3]route-policy hcip permit node 20

Create an empty node in the route-policy to ensure that no operation is performed on


the other three BGP routes.
# Apply the route-policy to the BGP routes received from the BGP peer R4.

[R3]bgp 64512
[R3-bgp] peer 10.0.4.4 route-policy hcip import

# Trigger an import soft reset on R3 to update the received BGP routes.

<R3>refresh bgp all import

# Check detailed information about the BGP routes 172.16.4.0/24 on R3.

<R3>display bgp routing-table 172.16.4.0 24

BGP local router ID : 10.0.3.3


Local AS number : 64512
Paths : 2 available, 1 best, 1 select
BGP routing table entry information of 172.16.4.0/24:
From : 10.0.4.4 (10.0.4.4)
Route Duration : 00h01m22s
Relay IP Nexthop : 10.0.34.4
Relay IP Out-Interface : GigabitEthernet0/0/2
Original nexthop : 10.0.4.4
Qos information : 0x0
AS-path 200, origin igp, MED 0, localpref 100, pref-val 300, valid, internal, best, select, active, pre 255, IGP cost 1
Not advertised to any peer yet

BGP routing table entry information of 172.16.4.0/24:


From: 10.0.2.2 (10.0.2.2)
Route Duration : 00h00m04s
Relay IP Nexthop : 10.0.23.2
Relay IP Out-Interface : GigabitEthernet0/0/3
Original nexthop : 10.0.2.2
Qos information : 0x0
AS-path 100, origin igp, MED 0, localpref 100, pref-val 0, valid, internal, pre255, IGP cost 1, not preferred for PreVal
Not advertised to any peer yet

The PrefVal value of the BGP route 172.16.3.0/24 advertised by R4 is 300, and that of the
route advertised by R2 is 0. In this case, R3 preferentially selects the BGP route with a
larger PrefVal value. As a result, R3 preferentially selects the BGP route advertised by R4.
HCIP-Datacom-Core Technology Lab Guide Page 142

# Check the BGP routing table on R3.

<R3>display bgp routing-table

BGP Local routerID is 10.0.3.3


Status codes:* - valid, > - best, d - damped,
h - history, i - internal, s - suppressed, S- Stale
Origin : i - IGP,e - EGP, ? - incomplete

Total Number of Routes: 8


Network NextHop MED LocPrf PrefVal Path/Ogn

*>i 172.16.1.0/24 10.0.4.4 0 100 0 200i


*i 10.0.2.2 0 100 0 100300400i
*>i 172.16.2.0/24 10.0.4.4 0 200 0 200i
*i 10.0.2.2 0 100 0 100i
*>i 172.16.3.0/24 10.0.4.4 0 100 0 200i
*i 10.0.2.2 200 100 0 100i
*>i 172.16.4.0/24 10.0.4.4 0 100 300 200i
*i 10.0.2.2 0 100 0 100i

The command output show that all the routes advertised by R4 are preferentially
selected.

Step 8 (Optional) Verify that a locally originated BGP route takes precedence over a BGP route
learned from a peer.

Create Loopback1 on R2 and configure R2 to advertise the Loopback1 route to the OSPF
routing table. Then, configure R2 and R3 to advertise the Loopback1 route to their BGP
routing tables. In this case, the BGP routing table of R3 will contain two BGP routes to
Loopback1 on R2.
# Create Loopback1 on R2 and set its IP address to 10.2.2.2/32.

[R2]interface LoopBack1
[R2-LoopBack1] ip address 10.2.2.2 255.255.255.255
[R2-LoopBack1] quit

# Activate OSPF on Loopback1.

[R2]ospf 1
[R2-ospf-1]area 0
[R2-ospf-1-area-0.0.0.0] network 10.2.2.2 0.0.0.0
[R2-ospf-1-area-0.0.0.0] quit
[R2-ospf-1] quit

# Check the OSPF route 10.2.2.2/32 on R3.

<R3>display ospf routing 10.2.2.2

OSPF Process 1 with Router ID 10.0.3.3

Destination : 10.2.2.2/32
AdverRouter : 10.0.2.2 Area : 0.0.0.0
HCIP-Datacom-Core Technology Lab Guide Page 143

Cost :1 Type : Stub


NextHop : 10.0.23.2 Interface : GigabitEthernet0/0/3
Priority : Medium Age : 00h01m19s

R3 has learned the Loopback1 route from R2.


# Configure R2 and R3 to advertise their Loopback1 routes to their BGP routing tables.

[R2]bgp 64512
[R2-bgp] network 10.2.2.2 32

[R3]bgp 64512
[R3-bgp] network 10.2.2.2 32

# Check detailed information about the BGP routes 10.2.2.2/32 on R3.

<R3>display bgp routing-table 10.2.2.2 32

BGP local router ID : 10.0.3.3


Local AS number : 64512
Paths : 2 available, 1 best, 1 select
BGP routing table entry information of 10.2.2.2/32:
Network route.
From : 0.0.0.0 (0.0.0.0)
Route Duration : 00h00m21s
Direct Out-interface : GigabitEthernet0/0/3
Original nexthop : 10.0.23.2
Qos information : 0x0
AS-path Nil, origin igp, MED 1, pref-val 0, valid, local, best, select, pre 10
Advertised to such 2 peers:
10.0.2.2
10.0.4.4
BGP routing table entry information of 10.2.2.2/32:
From : 10.0.2.2 (10.0.2.2)
Route Duration : 00h00m50s
Relay IP Nexthop : 10.0.23.2
Relay IP Out-Interface : GigabitEthernet0/0/3
Original nexthop : 10.0.2.2
Qos information : 0x0
AS-path Nil, origin igp, MED 0, localpref 100, pref-val 0, valid, internal, pre 255, IGP cost 1, not preferred for route
type
Not advertised to any peer yet

R3 preferentially selects the locally advertised BGP route 10.2.2.2/32. The BGP route
10.2.2.2/32 advertised by R1 is not preferentially selected because its route type is not
preferred. A locally originated route takes precedence over a route learned from a BGP
peer.

Step 9 (Optional) Change the Origin attribute.

Create Loopback5 on R1 and R5, and configure the devices to advertise the Loopback5
routes to their BGP routing tables. Verify that the BGP route whose Origin attribute is IGP
takes precedence over the BGP route whose Origin attribute is Incomplete.
# Create Loopback5 on R1 and R5 and set its IP address to 172.16.5.1/24.
HCIP-Datacom-Core Technology Lab Guide Page 144

[R1]interface LoopBack 5
[R1-LoopBack5] ip address 172.16.5.1 24
[R1-LoopBack5] quit

[R5]interface LoopBack 5
[R5-LoopBack5] ip address 172.16.5.1 24
[R5-LoopBack5] quit

# Configure R1 and R5 to advertise Loopback5 routes to their BGP routing tables using
the network command.

[R1]bgp 100
[R1-bgp] network 172.16.5.0 24

[R5]bgp 200
[R5-bgp] network 172.16.5.0 24

# Check the BGP routing table on R3.

<R3>display bgp routing-table

BGP Local routerID is 10.0.3.3


Status codes:* - valid, > - best, d - damped,
h - history, i - internal, s - suppressed, S- Stale
Origin : i - IGP,e - EGP, ? - incomplete

Total Number of Routes: 12


Network NextHop MED LocPrf PrefVal Path/Ogn

*> 10.2.2.2/32 0.0.0.0 1 0 i


*i 10.0.2.2 0 100 0 i
*>i 172.16.1.0/24 10.0.4.4 0 100 0 200i
*i 10.0.2.2 0 100 0 10030040
0i
*>i 172.16.2.0/24 10.0.4.4 0 200 0 200i
*i 10.0.2.2 0 100 0 100i
*>i 172.16.3.0/24 10.0.4.4 0 100 0 200i
*i 10.0.2.2 200 100 0 100i
*>i 172.16.4.0/24 10.0.4.4 0 100 300 200i
*i 10.0.2.2 0 100 0 100i
*>i 172.16.5.0/24 10.0.2.2 0 100 0 100i
*i 10.0.4.4 0 100 0 200i

R3 preferentially selects the BGP route 172.16.5.0/24 received from R2 (and originally
advertised by R1). In this case, the Origin attribute of the BGP routes advertised by R2
and R4 is IGP.
# Delete the Loopback5 route advertised by R1 to the BGP routing table.

[R1]bgp 100
[R1-bgp] undo network 172.16.5.0 24

# Create IP prefix list 2 to match the Loopback5 route 172.16.5.0/24 of R1.


HCIP-Datacom-Core Technology Lab Guide Page 145

[R1]ip ip-prefix 2 permit 172.16.5.0 24 greater-equal 24 less-equal 24

# Create a route-policy named origin, create node 10, and configure an if-match clause
with IP prefix list 2 specified.

[R1]route-policy origin permit node 10


[R1-route-policy] if-match ip-prefix 2
[R1-route-policy] quit

# Run the import-route direct command on R1 to advertise direct routes to the BGP
routing table, and specify route-policy origin to import only the Loopback5 route.

[R1]bgp 100
[R1-bgp] import-route direct route-policy origin

# Check detailed information about the BGP routes 172.16.5.0/24 on R3.

<R3>display bgp routing-table 172.16.5.0 24

BGP local routerID : 10.0.3.3


Local AS number : 64512
Paths : 2available, 1best, 1select
BGP routing table entry information of 172.16.5.0/24:
From : 10.0.4.4 (10.0.4.4)
Route Duration : 00h03m53s
Relay IP Nexthop : 10.0.34.4
Relay IP Out-Interface: GigabitEthernet0/0/2
Original nexthop : 10.0.4.4
Qos information : 0x0
AS-path 200, origin igp, MED 0, localpref 100, pref-val 0, valid, internal, bes
t, select, active, pre 255, IGP cost 1
Not advertised to any peer yet

BGP routing table entry information of 172.16.5.0/24:


From : 10.0.2.2 (10.0.2.2)
Route Duration : 00h01m27s
Relay IP Nexthop : 10.0.23.2
Relay IP Out-Interface : GigabitEthernet0/0/3
Original nexthop : 10.0.2.2
Qos information : 0x0
AS-path 100, origin incomplete, MED 0, localpref 100, pref-val 0, valid, internal, pre 255, IGP cost 1, not preferred for
Origin
Not advertised to any peer yet

R3 preferentially selects the BGP route 172.16.5.0/24 advertised by R4.


The Origin attribute of the BGP route 172.16.5.0/24 received from R2 (and originally
advertised by R1) is incomplete (advertised to the BGP routing table using the import-
route command). Due to the Origin attribute value, this route is not preferentially
selected.

Step 10 (Optional) Verify that an EBGP route takes precedence over an IBGP route.

Create Loopback6 on R1 and R3, and configure the devices to advertise the Loopback6
routes to their BGP routing tables. Observe the route selection result on R2.
HCIP-Datacom-Core Technology Lab Guide Page 146

# Create Loopback6 on R1 and R3.

[R1]interface LoopBack 6
[R1-LoopBack6] ip address 172.16.6.1 24
[R1-LoopBack6] quit

[R3]interface LoopBack 6
[R3-LoopBack6] ip address 172.16.6.1 24
[R3-LoopBack6] quit

# Configure R1 and R3 to advertise their Loopback6 routes to the BGP routing tables.

[R1]bgp 100
[R1-bgp] network 172.16.6.0 24

[R3]bgp 64512
[R3-bgp]network 172.16.6.0 24

# Check detailed information about the BGP routes 172.16.6.0/24 on R2.

<R2>display bgp routing-table 172.16.6.0 24

BGP local router ID : 10.0.2.2


Local AS number : 64512
Paths : 2 available, 1 best, 1 select
BGP routing table entry information of 172.16.6.0/24:
From : 10.0.3.3 (10.0.3.3)
Route Duration : 00h03m13s
Relay IP Nexthop : 10.0.23.3
Relay IP Out-Interface: GigabitEthernet0/0/2
Original nexthop : 10.0.3.3
Qos information : 0x0
AS-path Nil, origin igp, MED 0, localpref 100, pref-val 0, valid, internal, best, select, active, pre 255, IGP cost 1
Advertised to such 1 peers:
10.0.12.1
BGP routing table entry information of 172.16.6.0/24:
From : 10.0.12.1 (10.0.1.1)
Route Duration : 00h03m13s
Direct Out-interface : GigabitEthernet0/0/3
Original nexthop : 10.0.12.1
Qos information : 0x0
AS-path 100, origin igp, MED 0, pref-val 0, valid, external, pre 255, not preferred for AS-Path
Not advertised to any peer yet

R2 preferentially selects the BGP route 172.16.6.0/24 advertised by R3 due to the AS_Path
value.
# On R3, configure a route-policy to add an AS_Path value to the BGP route
172.16.6.0/24.

[R3]ip ip-prefix 2 permit 172.16.6.0 24 greater-equal 24 less-equal 24

[R3]route-policy as_path permit node 10


[R3-route-policy] if-match ip-prefix 2
[R3-route-policy] apply as-path 300 additive
HCIP-Datacom-Core Technology Lab Guide Page 147

[R3-route-policy] quit
[R3]route-policy as_path permit node 20

[R3]bgp 64512
[R3-bgp] peer 10.0.2.2 route-policy as_path export

# Trigger an export soft reset on R3 to update the advertised BGP routes.

<R3>refresh bgp all export

# Check detailed information about the BGP routes 172.16.6.0/24 on R2 again.

<R2>display bgp routing-table 172.16.6.0 24

BGP local router ID : 10.0.2.2


Local AS number : 64512
Paths : 2 available, 1 best, 1 select
BGP routing table entry information of 172.16.6.0/24:
From : 10.0.12.1 (10.0.1.1)
Route Duration : 00h23m46s
Direct Out-interface : GigabitEthernet0/0/3
Original nexthop : 10.0.12.1
Qos information : 0x0
AS-path 100, origin igp, MED 0, pref-val 0, valid, external, best, select, active, pre 255
Advertised to such 1 peers:
10.0.3.3
BGP routing table entry information of 172.16.6.0/24:
From : 10.0.3.3 (10.0.3.3)
Route Duration : 00h00m29s
Relay IP Nexthop : 10.0.23.3
Relay IP Out-Interface: GigabitEthernet0/0/2
Original nexthop : 10.0.3.3
Qos information : 0x0
AS-path 300, origin igp, MED 0, localpref 100, pref-val 0, valid, internal, pre 255, IGP cost 1, not preferred for peer
type
Not advertised to any peer yet

The BGP route from R3 is not preferentially selected because BGP preferentially selects
the route from an EBGP peer when the other route attributes are the same.

Step 11 (Optional) Verify that BGP preferentially selects the route with the smallest IGP cost to
the next hop.

Establish an IBGP peer relationship between R2 and R4 through loopback interfaces.


Create Loopback7 on R2 and R3, and configure the devices to advertise the Loopback7
routes to their BGP routing tables. Then, observe the BGP route selection result on R4.
# Establish an IBGP peer relationship between R2 and R4.

[R2]bgp 64512
[R2-bgp] peer 10.0.4.4 as-number 64512
[R2-bgp] peer 10.0.4.4 connect-interface LoopBack 0

[R4]bgp 64512
[R4-bgp] peer 10.0.2.2 as-number 64512
HCIP-Datacom-Core Technology Lab Guide Page 148

[R4-bgp] peer 10.0.2.2 connect-interface LoopBack0

# Check the IBGP peer relationship status.

[R4]display bgp peer

BGP local routerID : 10.0.4.4


Local AS number : 64512
Total number of peers : 3 Peers in established state: 3

Peer V AS MsgRcvd MsgSent OutQ Up/Down State PrefRcv

10.0.2.2 4 64512 7 3 0 00:00:01 Established 7


10.0.3.3 4 64512 37 36 0 00:31:57 Established 2
10.0.45.5 4 200 38 36 0 00:31:58 Established 5

The command output shows that the IBGP peer relationship has been successfully
established.
# Create Loopback7 on R2 and R4, and configure the devices to advertise the Loopback7
routes to their BGP routing tables.

[R2]interface LoopBack 7
[R2-LoopBack7] ip address 172.16.7.1 24
[R2-LoopBack7] quit
[R2]bgp 64512
[R2-bgp] network 172.16.7.0 24

[R3]interface LoopBack 7
[R3-LoopBack7] ip address 172.16.7.1 24
[R3-LoopBack7] quit
[R3]bgp 64512
[R3-bgp] network 172.16.7.0 24

# Check detailed information about the BGP routes 172.16.7.0/24 on R4.

[R4]dis bgp routing-table 172.16.7.0 24

BGP local router ID : 10.0.4.4


Local AS number : 64512
Paths : 2 available, 1 best, 1 select
BGP routing table entry information of 172.16.7.0/24:
From : 10.0.3.3 (10.0.3.3)
Route Duration : 00h10m48s
Relay IP Nexthop : 10.0.34.3
Relay IP Out-Interface: GigabitEthernet0/0/3
Original nexthop : 10.0.3.3
Qos information : 0x0
AS-path Nil, origin igp, MED 0, localpref 100, pref-val 0, valid, internal, best, select, active, pre 255, IGP cost 1
Advertised to such 1 peers:
10.0.45.5
BGP routing table entry information of 172.16.7.0/24:
From : 10.0.2.2 (10.0.2.2)
Route Duration : 00h11m00s
Relay IP Nexthop : 10.0.34.3
HCIP-Datacom-Core Technology Lab Guide Page 149

Relay IP Out-Interface: GigabitEthernet0/0/3


Original nexthop : 10.0.2.2
Qos information : 0x0
AS-path Nil, origin igp, MED 0, localpref 100, pref-val 0, valid, internal, pre 255, IGP cost 2, not preferred for IGP cost
Not advertised to any peer yet

R4 preferentially selects the BGP route advertised by R3 because its IGP cost is 1, which is
lower than the IGP cost 2 of the BGP route advertised by R2.
The BGP route advertised by R2 is not preferentially selected due to the IGP cost.
----End

3.4.3 Quiz
Consider whether a routing policy can be used to delete an AS number from the AS_Path
attribute.

3.4.4 Configuration Reference


Configuration on R1

#
sysname R1
#
interface GigabitEthernet0/0/2
ip address 10.0.12.1 255.255.255.0
#
interface LoopBack0
ip address 10.0.1.1 255.255.255.255
#
interface LoopBack1
ip address 172.16.1.1 255.255.255.0
#
interface LoopBack2
ip address 172.16.2.1 255.255.255.0
#
interface LoopBack3
ip address 172.16.3.1 255.255.255.0
#
interface LoopBack4
ip address 172.16.4.1 255.255.255.0
#
interface LoopBack5
ip address 172.16.5.1 255.255.255.0
#
interface LoopBack6
ip address 172.16.6.1 255.255.255.0
#
bgp 100
router-id 10.0.1.1
peer 10.0.12.2 as-number 64512
#
ipv4-family unicast
undo synchronization
HCIP-Datacom-Core Technology Lab Guide Page 150

network 172.16.1.0 255.255.255.0


network 172.16.2.0 255.255.255.0
network 172.16.3.0 255.255.255.0
network 172.16.4.0 255.255.255.0
network 172.16.6.0 255.255.255.0
import-route direct route-policy origin
peer 10.0.12.2 enable
peer 10.0.12.2 route-policy hcip export
#
route-policy hcip permit node 10
if-match ip-prefix 1
apply as-path 300 400 additive
#
route-policy hcip permit node 20
#
route-policy origin permit node 10
if-match ip-prefix 2
#
ip ip-prefix 1 index 10 permit 172.16.1.0 24 greater-equal 24 less-equal 24
ip ip-prefix 2 index 10 permit 172.16.5.0 24 greater-equal 24 less-equal 24
#
Return

Configuration on R2

#
sysname R2
#
interface GigabitEthernet0/0/2
ip address 10.0.23.2 255.255.255.0
#
interface GigabitEthernet0/0/3
ip address 10.0.12.2 255.255.255.0
#
interface LoopBack0
ip address 10.0.2.2 255.255.255.255
#
interface LoopBack1
ip address 10.2.2.2 255.255.255.255
#
interface LoopBack7
ip address 172.16.7.1 255.255.255.0
#
bgp 64512
router-id 10.0.2.2
peer 10.0.3.3 as-number 64512
peer 10.0.3.3 connect-interface LoopBack0
peer 10.0.4.4 as-number 64512
peer 10.0.4.4 connect-interface LoopBack0
peer 10.0.12.1 as-number 100
#
ipv4-family unicast
undo synchronization
network 10.2.2.2 255.255.255.255
network 172.16.7.0 255.255.255.0
HCIP-Datacom-Core Technology Lab Guide Page 151

peer 10.0.3.3 enable


peer 10.0.3.3 next-hop-local
peer 10.0.4.4 enable
peer 10.0.12.1 enable
peer 10.0.12.1 route-policy hcip import
#
ospf 1 router-id 10.0.2.2
area 0.0.0.0
network 10.0.2.2 0.0.0.0
network 10.0.23.2 0.0.0.0
network 10.2.2.2 0.0.0.0
#
route-policy hcip permit node 10
if-match ip-prefix 1
apply cost 200
#
route-policy hcip permit node 20
#
ip ip-prefix 1 index 10 permit 172.16.3.0 24 greater-equal 24 less-equal 24
#
ip route-static 10.0.1.1 255.255.255.255 10.0.12.1
#
return

Configuration on R3

#
sysname R3
#
interface GigabitEthernet0/0/2
ip address 10.0.34.3 255.255.255.0
#
interface GigabitEthernet0/0/3
ip address 10.0.23.3 255.255.255.0
#
interface LoopBack0
ip address 10.0.3.3 255.255.255.255
#
interface LoopBack6
ip address 172.16.6.1 255.255.255.0
#
interface LoopBack7
ip address 172.16.7.1 255.255.255.0
#
bgp 64512
router-id 10.0.3.3
peer 10.0.2.2 as-number 64512
peer 10.0.2.2 connect-interface LoopBack0
peer 10.0.4.4 as-number 64512
peer 10.0.4.4 connect-interface LoopBack0
#
ipv4-family unicast
undo synchronization
compare-different-as-med
network 10.2.2.2 255.255.255.255
HCIP-Datacom-Core Technology Lab Guide Page 152

network 172.16.6.0 255.255.255.0


network 172.16.7.0 255.255.255.0
peer 10.0.2.2 enable
peer 10.0.2.2 route-policy as_path export
peer 10.0.4.4 enable
peer 10.0.4.4 route-policy hcip import
#
ospf 1 router-id 10.0.3.3
area 0.0.0.0
network 10.0.3.3 0.0.0.0
network 10.0.23.3 0.0.0.0
network 10.0.34.3 0.0.0.0
#
route-policy hcip permit node 10
if-match ip-prefix 1
apply preferred-value 300
#
route-policy hcip permit node 20
#
route-policy as_path permit node 10
if-match ip-prefix 2
apply as-path 300 additive
#
route-policy as_path permit node 20
#
ip ip-prefix 1 index 10 permit 172.16.4.0 24 greater-equal 24 less-equal 24
ip ip-prefix 2 index 10 permit 172.16.6.0 24 greater-equal 24 less-equal 24
#
return

Configuration on R4

#
sysname R4
#
interface GigabitEthernet0/0/2
ip address 10.0.45.4 255.255.255.0
#
interface GigabitEthernet0/0/3
ip address 10.0.34.4 255.255.255.0
#
interface LoopBack0
ip address 10.0.4.4 255.255.255.255
#
bgp 64512
router-id 10.0.4.4
peer 10.0.2.2 as-number 64512
peer 10.0.2.2 connect-interface LoopBack0
peer 10.0.3.3 as-number 64512
peer 10.0.3.3 connect-interface LoopBack0
peer 10.0.45.5 as-number 200
#
ipv4-family unicast
undo synchronization
peer 10.0.2.2 enable
HCIP-Datacom-Core Technology Lab Guide Page 153

peer 10.0.3.3 enable


peer 10.0.3.3 route-policy hcip export
peer 10.0.3.3 next-hop-local
peer 10.0.45.5 enable
#
ospf 1 router-id 10.0.4.4
area 0.0.0.0
network 10.0.4.4 0.0.0.0
network 10.0.34.4 0.0.0.0
#
route-policy hcip permit node 10
if-match ip-prefix 1
apply local-preference 200
#
route-policy hcip permit node 20
#
ip ip-prefix 1 index 10 permit 172.16.2.0 24 greater-equal 24 less-equal 24
#
ip route-static 10.0.5.5 255.255.255.255 10.0.45.5
#
return

Configuration on R5

#
sysname R5
#
interface GigabitEthernet0/0/3
ip address 10.0.45.5 255.255.255.0
#
interface LoopBack0
ip address 10.0.5.5 255.255.255.255
#
interface LoopBack1
ip address 172.16.1.1 255.255.255.0
#
interface LoopBack2
ip address 172.16.2.1 255.255.255.0
#
interface LoopBack3
ip address 172.16.3.1 255.255.255.0
#
interface LoopBack4
ip address 172.16.4.1 255.255.255.0
#
interface LoopBack5
ip address 172.16.5.1 255.255.255.0
#
bgp 200
router-id 10.0.5.5
peer 10.0.45.4 as-number 64512
#
ipv4-family unicast
undo synchronization
network 172.16.1.0 255.255.255.0
HCIP-Datacom-Core Technology Lab Guide Page 154

network 172.16.2.0 255.255.255.0


network 172.16.3.0 255.255.255.0
network 172.16.4.0 255.255.255.0
network 172.16.5.0 255.255.255.0
peer 10.0.45.4 enable
#
ip route-static 10.0.4.4 255.255.255.255 10.0.45.4
#
return
HCIP-Datacom-Core Technology Lab Guide Page 155

4 Routing Policy and Routing Control

4.1 Route Import and Control


4.1.1 Introduction
4.1.1.1 Objectives
Upon completion of this task, you will be able to:
⚫ Use a route-policy to filter routes to be imported.
⚫ Use a route-policy to set route flags and filter labeled routes.
⚫ Use a filter-policy to filter routes to be imported into the OSPF routing table.

4.1.1.2 Networking Topology


Figure 4-1 Route import and control

The preceding figure shows the device interconnection mode and interconnection
addresses. Loopback0 is created for each device. The IP address of Loopback0 is
10.0.x.x/32, where x indicates a device ID. OSPF is configured on interconnection
interfaces and Loopback0 interfaces of R1, R2, and R3.
R3 and R4 belong to IS-IS area 49.0001 and both are Level-1 routers. The system IDs of
R3 and R4 are in the format of 0000.0000.000x, where x indicates a device ID.
On R1, there are three network segments of services A, B, and C (simulated using routes
destined for Loopback1, Loopback2, and Loopback3, respectively). On R1, direct routes
are imported to the OSPF routing table. Routers within an OSPF area, however, do not
need to import the route destined for the network segment of service C. Configure a
route-policy on R1 to filter direct routes to be imported.
R2 does not need the route destined for service A's network segment; R3 needs the
routes destined for network segments of services A and B. A filter-policy needs to be
configured on R2 to filter the routes to be accepted by OSPF.
HCIP-Datacom-Core Technology Lab Guide Page 156

Routers in the IS-IS domain need to access service A. Therefore, route re-distribution
needs to be performed on R3 to import OSPF routes to IS-IS. Routers in the IS-IS domain
do not need to access service B. Therefore, when direct routes are imported on R1, the
routes of the network segment of service B are marked with different route tags. When
re-distribution is performed on R3, the route destined for the network segment of service
B are filtered according to the route tags.

4.1.1.3 Background
The local enterprise network has two routing areas. One area runs OSPF, and the other
area runs IS-IS. The border router in the OSPF area is connected to some service network
segments of other enterprises. To allow the local enterprise network device to access
these service network segments of other enterprises, import routes destined for the
service network segments into the OSPF area. To enable devices in the IS-IS area to
access those service network segments, import OSPF external routes to the IS-IS routing
table. Different departments on the local enterprise network have different requirements
for service network segment access. Therefore, route-policies and filter-policies need to be
deployed to filter routes to be accepted and advertised.

4.1.2 Lab Configuration


4.1.2.1 Configuration Roadmap
1. Configure IP addresses for the devices.
2. Configure OSPF on each Loopback0 interface and the interfaces that connect R1, R2,
R3, and R4. Configure an IS-IS neighbor relationship between R3 and R4.
3. On R1, import direct routes to the OSPF routing table; configure a route-policy not to
import routes destined for the service C network segment; add route tags 10 and 20
to the routes destined for network segments of services A and B, respectively.
4. Configure a filter-policy on R2 to filter OSPF routes to be accepted. Only the routes
destined for the service B network segment can be accepted.
5. Import OSPF routes to the IS-IS routing table on R3. Use a route-policy to match
route flags and import only OSPF external route destined for the service A network
segment.

4.1.2.2 Procedure
Step 1 Configure IP addresses for interconnection interfaces and loopback interfaces.

# Name the devices.


The configuration details are not provided.
# Disable the interfaces that are not used in this experiment.
The configuration details are not provided.
# Configure IP addresses for GE0/0/2 and Loopback0 on R1.

[R1]interface GigabitEthernet0/0/2
[R1-GigabitEthernet0/0/2] ip address 10.0.12.1 255.255.255.0
[R1-GigabitEthernet0/0/2] quit
[R1]interface LoopBack0
[R1-LoopBack0] ip address 10.0.1.1 255.255.255.255
HCIP-Datacom-Core Technology Lab Guide Page 157

[R1-LoopBack0] quit

# Create multiple loopback interfaces on R1 to simulate network segments of services A,


B, and C.

[R1]interface LoopBack1
[R1-LoopBack1] ip address 172.16.1.1 255.255.255.0
[R1-LoopBack1] quit
[R1]interface LoopBack2
[R1-LoopBack2] ip address 172.16.2.1 255.255.255.0
[R1-LoopBack2] quit
[R1]interface LoopBack3
[R1-LoopBack3] ip address 172.16.3.1 255.255.255.0
[R1-LoopBack3] quit

# Configure IP addresses for GE0/0/2, GE0/0/3, and Loopback0 on R2.

[R2]interface LoopBack0
[R2-LoopBack0] ip address 10.0.2.2 255.255.255.255
[R2-LoopBack0] quit
[R2]interface GigabitEthernet0/0/2
[R2-GigabitEthernet0/0/2] ip address 10.0.23.2 255.255.255.0
[R2-GigabitEthernet0/0/2] quit
[R2]interface GigabitEthernet0/0/3
[R2-GigabitEthernet0/0/3] ip address 10.0.12.2 255.255.255.0
[R2-GigabitEthernet0/0/3] quit

# Configure IP addresses for GE0/0/2, GE0/0/3, and Loopback0 on R3.

[R3]interface LoopBack0
[R3-LoopBack0] ip address 10.0.3.3 255.255.255.255
[R3-LoopBack0] quit
[R3]interface GigabitEthernet0/0/2
[R3-GigabitEthernet0/0/2] ip address 10.0.34.3 255.255.255.0
[R3-GigabitEthernet0/0/2] quit
[R3]interface GigabitEthernet0/0/3
[R3-GigabitEthernet0/0/3] ip address 10.0.23.3 255.255.255.0
[R3-GigabitEthernet0/0/3] quit

# Configure IP addresses for GE0/0/3 and Loopback0 on R4.

[R4]interface GigabitEthernet0/0/3
[R4-GigabitEthernet0/0/3] ip address 10.0.34.4 255.255.255.0
[R4-GigabitEthernet0/0/3] quit
[R4]interface LoopBack0
[R4-LoopBack0] ip address 10.0.4.4 255.255.255.255
[R4-LoopBack0] quit

# Check IP address connectivity on R2 and R4.

<R2>ping -c 1 10.0.12.1
PING 10.0.12.1: 56 data bytes, press CTRL_C to break
Reply from 10.0.12.1: bytes=56 Sequence=1 ttl=255 time=80 ms

--- 10.0.12.1 ping statistics ---


HCIP-Datacom-Core Technology Lab Guide Page 158

1 packet(s) transmitted
1 packet(s) received
0.00% packet loss
round-trip min/avg/max = 80/80/80 ms

<R2>ping -c 1 10.0.23.3
PING 10.0.23.3: 56 data bytes, press CTRL_C to break
Reply from 10.0.23.3: bytes=56 Sequence=1 ttl=255 time=20 ms

--- 10.0.23.3 ping statistics ---


1 packet(s) transmitted
1 packet(s) received
0.00% packet loss
round-trip min/avg/max = 20/20/20 ms

<R4>ping -c 1 10.0.34.3
PING 10.0.34.3: 56 data bytes, press CTRL_C to break
Reply from 10.0.34.3: bytes=56 Sequence=1 ttl=255 time=50 ms

--- 10.0.34.3 ping statistics ---


1 packet(s) transmitted
1 packet(s) received
0.00% packet loss
round-trip min/avg/max = 50/50/50 ms

Step 2 Configure OSPF and IS-IS.

On R1, R2, and R3, use the IP address of Loopback0 as a router ID, and activate OSPF on
the interconnected interfaces and Loopback0 interfaces.
# Configure R1.

[R1]ospf 1 router-id 10.0.1.1


[R1-ospf-1] area 0
[R1-ospf-1-area-0.0.0.0] network 10.0.1.1 0.0.0.0
[R1-ospf-1-area-0.0.0.0] network 10.0.12.1 0.0.0.0
[R1-ospf-1-area-0.0.0.0] quit
[R1-ospf-1] quit

# Configure R2.

[R2]ospf 1 router-id 10.0.2.2


[R2-ospf-1] area 0.0.0.0
[R2-ospf-1-area-0.0.0.0] network 10.0.2.2 0.0.0.0
[R2-ospf-1-area-0.0.0.0] network 10.0.12.2 0.0.0.0
[R2-ospf-1-area-0.0.0.0] network 10.0.23.2 0.0.0.0
[R2-ospf-1-area-0.0.0.0] quit
[R2-ospf-1] quit

# Configure R3.
[R3]ospf 1 router-id 10.0.3.3
[R3-ospf-1] area 0.0.0.0
[R3-ospf-1-area-0.0.0.0] network 10.0.3.3 0.0.0.0
[R3-ospf-1-area-0.0.0.0] network 10.0.23.3 0.0.0.0
[R3-ospf-1-area-0.0.0.0] quit
HCIP-Datacom-Core Technology Lab Guide Page 159

[R3-ospf-1] quit
# Check brief information about OSPF neighbors on R2.

<R2>display ospf peer brief

OSPF Process 1 with Router ID 10.0.2.2


Peer Statistic Information
----------------------------------------------------------------------------
Area Id Interface Neighbor id State
0.0.0.0 GigabitEthernet0/0/2 10.0.3.3 Full
0.0.0.0 GigabitEthernet0/0/3 10.0.1.1 Full
----------------------------------------------------------------------------

OSPF neighbor relationships have been established between R1 and R2, and between R2
and R3.
Configure IS-IS on R3 and R4. Set the area ID to 49.0001. Set a system ID in the format of
0000.0000.000x (x indicates a device ID). Configure R3 and R4 as Level-1 routers. Activate
IS-IS on the interconnected interfaces and R4's Loopback0 interface.
# Configure R3.

[R3]isis 1
[R3-isis-1] is-level level-1
[R3-isis-1] network-entity 49.0001.0000.0000.0003.00
[R3-isis-1] quit
[R3]interface GigabitEthernet0/0/2
[R3-GigabitEthernet0/0/2] isis enable 1
[R3-GigabitEthernet0/0/2] quit

# Configure R4.

[R4]isis 1
[R4-isis-1] is-level level-1
[R4-isis-1] network-entity 49.0001.0000.0000.0004.00
[R4-isis-1] quit
[R4]interface GigabitEthernet0/0/3
[R4-GigabitEthernet0/0/3] isis enable 1
[R4-GigabitEthernet0/0/3] quit
[R4]interface LoopBack 0
[R4-LoopBack0] isis enable 1
[R4-LoopBack0] quit

# Check the IS-IS neighbor status on R3.

<R3>display isis peer

Peer information for ISIS(1)

System Id Interface Circuit Id State HoldTime Type PRI


-------------------------------------------------------------------------------
0000.0000.0004 GE0/0/2 0000.0000.0001.01 Up 22s L1 64

Total Peer(s): 1
HCIP-Datacom-Core Technology Lab Guide Page 160

Step 3 Import direct routes on R1.

On R1, import direct routes to the OSPF routing table, configure a route-policy to filter
out the routes destined for the network segment of service C, and add route flags 10 and
20 to the routes to the network segments of services A and B, respectively.
# Create IP prefix list 1 to match the route destined for Loopback1 (network segment of
service A).

[R1]ip ip-prefix 1 index 10 permit 172.16.1.0 24 greater-equal 24 less-equal 24

# Create IP prefix list 2 to match the route destined for Loopback2 (network segment of
service B).

[R1]ip ip-prefix 2 index 10 permit 172.16.2.0 24 greater-equal 24 less-equal 24

# Create a route-policy named hcip, create nodes 10 and 20, apply IP prefix lists 1 and 2
to the two nodes, respectively, and add route flags.

[R1]route-policy hcip permit node 10


[R1-route-policy] if-match ip-prefix 1
[R1-route-policy] apply tag 10
[R1-route-policy] quit
[R1]route-policy hcip permit node 20
[R1-route-policy] if-match ip-prefix 2
[R1-route-policy] apply tag 20
[R1-route-policy] quit

# Import direct routes to the OSPF routing table on R1 and apply the route-policy named
hcip.

[R1]ospf 1
[R1-ospf-1] import-route direct route-policy hcip

# Check the OSPF LSDB on R1.

[R1]display ospf lsdb

OSPF Process 1 with Router ID 10.0.1.1


Link State Database

Area: 0.0.0.0
Type LinkState ID AdvRouter Age Len Sequence Metric
Router 10.0.3.3 10.0.3.3 1333 48 8000000C 1
Router 10.0.4.4 10.0.4.4 1639 48 80000006 1
Router 10.0.2.2 10.0.2.2 777 60 8000000D 1
Router 10.0.12.1 10.0.12.1 1373 48 80000006 1
Router 10.0.1.1 10.0.1.1 24 48 80000008 1
Network 10.0.23.3 10.0.3.3 1643 32 80000001 0
Network 10.0.12.2 10.0.2.2 777 32 80000002 0
Network 10.0.34.4 10.0.4.4 1639 32 80000002 0

AS External Database
HCIP-Datacom-Core Technology Lab Guide Page 161

Type LinkState ID AdvRouter Age Len Sequence Metric


External 172.16.2.0 10.0.1.1 24 36 80000001 1
External 172.16.1.0 10.0.1.1 24 36 80000001 1

Routes to Loopback1 and Loopback2 have been imported to the OSPF routing table.
# Check the AS-external LSA 172.16.1.0 in the OSPF LSDB on R1.

[R1]display ospf lsdb ase 172.16.1.0

OSPF Process 1 with Router ID 10.0.1.1


Link State Database

Type : External
Ls id : 172.16.1.0
Adv rtr : 10.0.1.1
Ls age : 165
Len : 36
Options :E
seq# : 80000001
chksum : 0xa954
Netmask : 255.255.255.0
TOS 0 Metric : 1
Etype :2
Forwarding Address : 0.0.0.0
Tag : 10
Priority : Low

The external route destined for 172.16.1.0/24 has been tagged 10.
# Check AS-external LSA 172.16.2.0 in the OSPF LSDB on R1.

[R1]display ospf lsdb ase 172.16.2.0

OSPF Process 1 with Router ID 10.0.1.1


Link State Database

Type : External
Ls id : 172.16.2.0
Adv rtr : 10.0.1.1
Ls age : 355
Len : 36
Options :E
seq# : 80000001
chksum : 0x539f
Netmask : 255.255.255.0
TOS 0 Metric: 1
Etype :2
Forwarding Address : 0.0.0.0
Tag : 20
Priority : Low

The external route destined for 172.16.2.0/24 has been tagged 20.
HCIP-Datacom-Core Technology Lab Guide Page 162

Step 4 Configure a filter-policy on R2.

Configure a filter-policy on R2 to filter OSPF routes to be accepted so that only the route
destined for network segment of service B can be accepted.
# Check the OSPF routing table before the filter-policy is configured.

<R2>display ospf routing

OSPF Process 1 with Router ID 10.0.2.2


Routing Tables

Routing for Network


Destination Cost Type NextHop AdvRouter Area
10.0.2.2/32 0 Stub 10.0.2.2 10.0.2.2 0.0.0.0
10.0.12.0/24 1 Transit 10.0.12.2 10.0.2.2 0.0.0.0
10.0.23.0/24 1 Transit 10.0.23.2 10.0.2.2 0.0.0.0
10.0.1.1/32 1 Stub 10.0.12.1 10.0.1.1 0.0.0.0
10.0.3.3/32 1 Stub 10.0.23.3 10.0.3.3 0.0.0.0

Routing for ASEs


Destination Cost Type Tag NextHop AdvRouter
172.16.1.0/24 1 Type2 10 10.0.12.1 10.0.1.1
172.16.2.0/24 1 Type2 20 10.0.12.1 10.0.1.1

# Check the OSPF routes in the IP routing table before the filter-policy is configured.

<R2>display ip routing-table protocol ospf


Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Public routing table : OSPF
Destinations :4 Routes : 4

OSPF routing table status : <Active>


Destinations :4 Routes : 4

Destination/Mask Proto Pre Cost Flags NextHop Interface

10.0.1.1/32 OSPF 10 1 D 10.0.12.1 GigabitEthernet0/0/3


10.0.3.3/32 OSPF 10 1 D 10.0.23.3 GigabitEthernet0/0/2
172.16.1.0/24 O_ASE 150 1 D 10.0.12.1 GigabitEthernet0/0/3
172.16.2.0/24 O_ASE 150 1 D 10.0.12.1 GigabitEthernet0/0/3

OSPF external routes destined for 172.16.1.0/24 and 172.16.2.0/24 are displayed in the
OSPF routing table and IP routing table.
# Configure a basic ACL.

[R2]acl number 2000


[R2-acl-basic-2000] rule 5 deny source 172.16.1.0 0.0.0.255
[R2-acl-basic-2000] rule 10 permit

# Configure an import filter-policy for OSPF and apply ACL 2000.

[R2]ospf 1
[R2-ospf-1] filter-policy 2000 import
HCIP-Datacom-Core Technology Lab Guide Page 163

# Check the OSPF routing table after the filter-policy is configured.

<R2>display ospf routing

OSPF Process 1 with Router ID 10.0.2.2


Routing Tables

Routing for Network


Destination Cost Type NextHop AdvRouter Area
10.0.2.2/32 0 Stub 10.0.2.2 10.0.2.2 0.0.0.0
10.0.12.0/24 1 Transit 10.0.12.2 10.0.2.2 0.0.0.0
10.0.23.0/24 1 Transit 10.0.23.2 10.0.2.2 0.0.0.0
10.0.1.1/32 1 Stub 10.0.12.1 10.0.1.1 0.0.0.0
10.0.3.3/32 1 Stub 10.0.23.3 10.0.3.3 0.0.0.0

Routing for ASEs


Destination Cost Type Tag NextHop AdvRouter
172.16.1.0/24 1 Type2 10 10.0.12.1 10.0.1.1
172.16.2.0/24 1 Type2 20 10.0.12.1 10.0.1.1

# Check the OSPF routes in the IP routing table after the filter-policy is configured.

<R2>display ip routing-table protocol ospf


Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Public routing table : OSPF
Destination :4 Routes : 4

OSPF routing table status : <Active>


Destinations :4 Routes : 4

Destination/Mask Proto Pre Cost Flags NextHop Interface

10.0.1.1/32 OSPF 10 1 D 10.0.12.1 GigabitEthernet0/0/3


10.0.3.3/32 OSPF 10 1 D 10.0.23.3 GigabitEthernet0/0/2
172.16.2.0/24 O_ASE 150 1 D 10.0.12.1 GigabitEthernet0/0/3

The route destined for 172.16.2.0/24 does not exist in the IP routing table but exists in
the OSPF routing table. This proves that for OSPF, the filter-policy only restricts routes to
be added to the IP routing table, but does not affect the local LSDB and LSA transmission.
# Check the OSPF routes in the IP routing table on R3.

<R3>display ip routing-table protocol ospf


Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Public routing table : OSPF
Destinations :5 Routes : 5

OSPF routing table status : <Active>


Destinations :5 Routes : 5

Destination/Mask Proto Pre Cost Flags NextHop Interface

10.0.1.1/32 OSPF 10 2 D 10.0.23.2 GigabitEthernet0/0/3


HCIP-Datacom-Core Technology Lab Guide Page 164

10.0.2.2/32 OSPF 10 1 D 10.0.23.2 GigabitEthernet0/0/3


10.0.12.0/24 OSPF 10 2 D 10.0.23.2 GigabitEthernet0/0/3
172.16.1.0/24 O_ASE 150 1 D 10.0.23.2 GigabitEthernet0/0/3
172.16.2.0/24 O_ASE 150 1 D 10.0.23.2 GigabitEthernet0/0/3

The OSPF external routes destined for 172.16.1.0/24 and 172.16.2.0/24 still exist in the IP
routing table of R3.

Step 5 Import OSPF routes to the IS-IS routing table on R3.

Import OSPF routes to the IS-IS routing table on R3. Use a route-policy to match route
flags and import only OSPF external route destined for network segment of service A.
# Create a route-policy named hcip.

[R3]route-policy hcip permit node 10


[R3-route-policy] if-match tag 10
[R3-route-policy] quit

# Import OSPF routes to the IS-IS routing table and apply the route-policy named hcip to
import only OSPF external routes of the network segment of service A.

[R3]isis 1
[R3-isis-1] import-route ospf 1 level-1 route-policy hcip

# Check the IS-IS routing table of R3.

<R3>display isis route

Route information for ISIS(1)


-----------------------------

ISIS(1) Level-1 Forwarding Table


--------------------------------

IPV4Destination IntCost ExtCost ExitInterface NextHop Flags


-------------------------------------------------------------------------------
10.0.4.4/32 10 NULL GE0/0/2 10.0.34.4 A/-/-/-
10.0.34.0/24 10 NULL GE0/0/2 Direct D/-/L/-
Flags: D-Direct, A-Added to URT, L-Advertised in LSPs, S-IGP Shortcut,
U-Up/Down Bit Set

ISIS(1) Level-1 Redistribute Table


----------------------------------

Type IPV4 Destination IntCost ExtCost Tag


-------------------------------------------------------------------------------
O 172.16.1.0/24 0 0

Type: D-Direct, I-ISIS, S-Static, O-OSPF, B-BGP, R-RIP, U-UNR

The Level-1 route redistribution table contains only a route destined for 172.16.1.0/24.
----End
HCIP-Datacom-Core Technology Lab Guide Page 165

4.1.3 Quiz
What are the differences when the filter-policy is used in distance-vector and link-state
routing protocols?

4.1.4 Configuration Reference


Configuration on R1

#
sysname R1
#
interface GigabitEthernet0/0/2
ip address 10.0.12.1 255.255.255.0
#
interface LoopBack0
ip address 10.0.1.1 255.255.255.255
#
interface LoopBack1
ip address 172.16.1.1 255.255.255.0
#
interface LoopBack2
ip address 172.16.2.1 255.255.255.0
#
interface LoopBack3
ip address 172.16.3.1 255.255.255.0
#
ospf 1 router-id 10.0.1.1
import-route direct route-policy hcip
area 0.0.0.0
network 10.0.1.1 0.0.0.0
network 10.0.12.1 0.0.0.0
#
route-policy hcip permit node 10
if-match ip-prefix 1
apply tag 10
#
route-policy hcip permit node 20
if-match ip-prefix 2
apply tag 20
#
ip ip-prefix 1 index 10 permit 172.16.1.0 24 greater-equal 24 less-equal 24
ip ip-prefix 2 index 10 permit 172.16.2.0 24 greater-equal 24 less-equal 24
#
return

Configuration on R2

#
sysname R2
#
acl number 2000
rule 5 deny source 172.16.1.0 0.0.0.255
rule 10 permit
#
HCIP-Datacom-Core Technology Lab Guide Page 166

interface GigabitEthernet0/0/2
ip address 10.0.23.2 255.255.255.0
#
interface GigabitEthernet0/0/3
ip address 10.0.12.2 255.255.255.0
#
interface LoopBack0
ip address 10.0.2.2 255.255.255.255
#
ospf 1 router-id 10.0.2.2
filter-policy 2000 import
area 0.0.0.0
network 10.0.2.2 0.0.0.0
network 10.0.23.2 0.0.0.0
network 10.0.12.2 0.0.0.0
#
return

Configuration on R3

#
sysname R3
#
isis 1
is-level level-1
network-entity 49.0001.0000.0000.0003.00
import-route ospf 1 level-1 route-policy hcip
#
interface GigabitEthernet0/0/2
ip address 10.0.34.3 255.255.255.0
isis enable 1
#
interface GigabitEthernet0/0/3
ip address 10.0.23.3 255.255.255.0
#
interface LoopBack0
ip address 10.0.3.3 255.255.255.255
#
ospf 1 router-id 10.0.3.3
area 0.0.0.0
network 10.0.3.3 0.0.0.0
network 10.0.23.3 0.0.0.0
#
route-policy hcip permit node 10
if-match tag 10
#
return

Configuration on R4

#
sysname R4
#
isis 1
is-level level-1
HCIP-Datacom-Core Technology Lab Guide Page 167

network-entity 49.0001.0000.0000.0004.00
#
interface GigabitEthernet0/0/3
ip address 10.0.34.4 255.255.255.0
isis enable 1
#
interface LoopBack0
ip address 10.0.4.4 255.255.255.255
isis enable 1
#
return
HCIP-Datacom-Core Technology Lab Guide Page 168

5 RSTP and MSTP

5.1 Basic RSTP and MSTP Configurations


5.1.1 Introduction
5.1.1.1 Objectives
Upon completion of this task, you will be able to:
⚫ Manually change a bridge priority to affect root bridge election.
⚫ Manually change a port cost value to control root port election.
⚫ Manually change a port priority value to control root port election.
⚫ Configure MSTP to implement load balancing among VLANs.

5.1.1.2 Networking Topology


Figure 5-1 Basic RSTP and MSTP configurations

The preceding figure shows connections between switches. Configure RSTP and MSTP to
break Layer 2 loops, and manually specify the primary root bridge and secondary root
bridge.

5.1.1.3 Background
You are a network administrator of a company. The enterprise network uses a backup
network. To prevent loops, RSTP is deployed. All VLANs share the same STP spanning
tree. To load balancing data traffic between VLANs, MSTP needs to be deployed on the
network.
HCIP-Datacom-Core Technology Lab Guide Page 169

5.1.2 Lab Configuration


5.1.2.1 Configuration Roadmap
1. Enable STP and change the STP mode to RSTP.
2. Manually specify S1 as the primary root bridge and S2 as the secondary root bridge.
3. Change the interface cost so that S4's GE0/0/1 becomes the root port.
4. Change the priority value of S1's GE0/0/11 so that S2's GE0/0/11 becomes the root
port.
5. Change the STP mode to MSTP, create MSTI1 and MSTI2. Specify SW1 as the root
bridge of MSTI1 and secondary root bridge of MSTI2, and specify SW2 as the root
bridge of MSTI2 and secondary root bridge of MSTI1.

5.1.2.2 Procedure
Step 1 Perform basic RSTP configurations.

Enable STP on S1, S2, S3, and S4, and switch the STP mode to RSTP.
# Name the devices.
The configuration details are not provided.
# Disable the interfaces that are not used in this experiment.
The configuration details are not provided.
# Configure S1.

[S1]stp enable
[S1]stp mode rstp

# Configure S2.

[S2]stp enable
[S2]stp mode rstp

# Configure S3.

[S3]stp enable
[S3]stp mode rstp

# Configure S4.

[S4]stp enable
[S4]stp mode rstp

# Check the STP status and statistics.

<S1>display stp instance 0 brief


MSTID Port Role STPState Protection
0 GigabitEthernet0/0/10 DESI FORWARDING NONE
0 GigabitEthernet0/0/11 DESI FORWARDING NONE
0 GigabitEthernet0/0/12 DESI FORWARDING NONE
0 GigabitEthernet0/0/13 DESI FORWARDING NONE
HCIP-Datacom-Core Technology Lab Guide Page 170

[S2]display stp brief


MSTID Port Role STPState Protection
0 GigabitEthernet0/0/10 ROOT FORWARDING NONE
0 GigabitEthernet0/0/11 ALTE DISCARDING NONE
0 GigabitEthernet0/0/12 ALTE DISCARDING NONE
0 GigabitEthernet0/0/13 DESI FORWARDING NONE

[S3]display stp brief


MSTID Port Role STPState Protection
0 GigabitEthernet0/0/1 ROOT FORWARDING NONE
0 GigabitEthernet0/0/2 ALTE DISCARDING NONE
0 GigabitEthernet0/0/3 ALTE DISCARDING NONE

[S4]display stp brief


MSTID Port Role STPState Protection
0 GigabitEthernet0/0/1 DESI FORWARDING NONE
0 GigabitEthernet0/0/2 ROOT FORWARDING NONE
0 GigabitEthernet0/0/3 DESI FORWARDING NONE

All ports on S1 are designated ports, and S1 is the root bridge. In practice, the actual test
result may be different from the preceding result because the MAC address of a switch is
uncertain.
# Check the STP status and statistics on S1. The following information is displayed:

<S1>display stp
-------[CIST Global Info][Mode RSTP]-------
CIST Bridge :32768.4c1f-cc1d-61a8
Config Times :Hello 2s MaxAge 20s FwDly15s MaxHop 20
Active Times :Hello 2s MaxAge 20s FwDly15s MaxHop 20
CIST Root/ERPC :32768.4c1f-cc1d-61a8 / 0
CIST RegRoot/IRPC :32768.4c1f-cc1d-61a8 / 0
CIST RootPortId :0.0
BPDU-Protection :Disabled
TC or TCN received :15
TC count per hello :0
STP Converge Mode :Normal
Time sincelast TC :0 days 0h:11m:14s
Numberof TC :17
Last TC occurred :GigabitEthernet0/0/13

S1 is the root bridge.

Step 2 Control root bridge election.

Configure S1 as the primary root bridge and S2 as the secondary root bridge.
# Manually adjust the STP priority and specify S1 as the primary root bridge and S2 as
the secondary root bridge.

[S1]stp priority 4096

[S2]stp priority 8192


HCIP-Datacom-Core Technology Lab Guide Page 171

When the other two switches retain the default bridge priority (32768), S1 has the lowest
bridge priority, followed by S2.
# Check the STP status and statistics on S1. The following information is displayed:

[S1]display stp
-------[CIST Global Info][Mode RSTP]-------
CIST Bridge :4096 .4c1f-cc1d-61a8
Config Times :Hello 2s MaxAge 20s FwDly15s MaxHop 20
Active Times :Hello 2s MaxAge 20s FwDly15s MaxHop 20
CIST Root/ERPC :4096 .4c1f-cc1d-61a8 / 0
CIST RegRoot/IRPC :4096 .4c1f-cc1d-61a8 / 0
CIST RootPortId :0.0
BPDU-Protection :Disabled
TC or TCN received :75
TC count per hello :0
STP Converge Mode :Normal
Time sincelast TC :0 days 0h:1m:16s
Numberof TC :45
Last TC occurred :GigabitEthernet0/0/10

The bridge priority of S1 is 4096 and S1 is still the root bridge.


# Delete the configuration of manually adjusting the bridge priority on S1 and S2, and
run the stp root command to specify the primary root bridge and secondary root bridge.

[S1]undo stp priority


[S1]stp root primary

[S2]undo stp priority


[S2]stp root secondary

# Check the STP status and statistics on S1 and S2. The following information is
displayed:

[S1]display stp
-------[CIST Global Info][Mode RSTP]-------
CIST Bridge :0 .4c1f-cc1d-61a8
Config Times :Hello 2s MaxAge 20s FwDly15s MaxHop 20
Active Times :Hello 2s MaxAge 20s FwDly15s MaxHop 20
CIST Root/ERPC :0 .4c1f-cc1d-61a8 / 0
CIST RegRoot/IRPC :0 .4c1f-cc1d-61a8 / 0
CIST RootPortId :0.0
BPDU-Protection :Disabled
CIST Root Type :Primary root
TC or TCN received :85
TC count per hello :0
STP Converge Mode :Normal
Time sincelast TC :0 days 0h:0m:9s
Numberof TC :51
Last TC occurred :GigabitEthernet0/0/10

[S2]display stp
-------[CIST Global Info][Mode RSTP]-------
CIST Bridge :4096 .4c1f-cc69-5bf7
Config Times :Hello 2s MaxAge 20s FwDly15s MaxHop 20
HCIP-Datacom-Core Technology Lab Guide Page 172

Active Times :Hello 2s MaxAge 20s FwDly15s MaxHop 20


CIST Root/ERPC :0 .4c1f-cc1d-61a8 / 20000
CIST RegRoot/IRPC :4096 .4c1f-cc69-5bf7 / 0
CIST RootPortId :128.10
BPDU-Protection :Disabled
CIST Root Type :Secondary root
TC or TCN received :213
TC count per hello :0
STP Converge Mode :Normal
Time sincelast TC :0 days 0h:0m:35s
Numberof TC :44
Last TC occurred :GigabitEthernet0/0/12

The bridge priority of S1 is 0 and that of S2 is 4096. S1 is the primary root bridge and S2
is the secondary root bridge.

Step 3 Change the interface cost to control root port election.

# Check the STP status and statistics on S4.

[S4]display stp brief


MSTID Port Role STPState Protection
0 GigabitEthernet0/0/1 ALTE DISCARDING NONE
0 GigabitEthernet0/0/2 ROOT FORWARDING NONE
0 GigabitEthernet0/0/3 DESI FORWARDING NONE

GE0/0/2 on S4 has a smaller root path cost (RPC) and becomes the root port.
# Check the STP status and statistics on GE0/0/2 of S4.

[S4]display stp interface GigabitEthernet 0/0/2


-------[CIST Global Info][Mode RSTP]-------
CIST Bridge :32768.4c1f-cc49-4c7c
Config Times :Hello 2s MaxAge 20s FwDly15s MaxHop 20
Active Times :Hello 2s MaxAge 20s FwDly15s MaxHop 20
CIST Root/ERPC :0 .4c1f-cc1d-61a8 / 20000
CIST RegRoot/IRPC :32768.4c1f-cc49-4c7c / 0
CIST RootPortId :128.2
BPDU-Protection :Disabled
TC or TCN received :98
TC count per hello :0
STP Converge Mode :Normal
Time sincelast TC :0 days 0h:8m:35s
Numberof TC :47
Last TC occurred :GigabitEthernet0/0/2
----[Port2(GigabitEthernet0/0/2)][FORWARDING]----
Port Protocol :Enabled
Port Role :Root Port
Port Priority :128
Port Cost(Dot1T ) :Config=auto / Active=20000
Designated Bridge/Port :0.4c1f-cc1d-61a8 / 128.13
Port Edged :Config=default / Active=disabled
Point-to-point :Config=auto / Active=true
Transit Limit :147 packets/hello-time
Protection Type :None
Port STPMode :RSTP
HCIP-Datacom-Core Technology Lab Guide Page 173

Port Protocol Type :Config=auto / Active=dot1s


BPDU Encapsulation :Config=stp / Active=stp
PortTimes :Hello 2s MaxAge 20s FwDly15s RemHop 0
TC or TCN send :26
TC or TCN received :40
BPDU Sent :1747
TCN: 0, Config: 0, RST: 1747, MST: 0
BPDU Received :1048
TCN: 0, Config: 0, RST: 1048, MST: 0

In this case, the RPC calculation method is dot1t, and the STP cost of the interface is
20000.
# Change the STP cost of GE0/0/2 on S4 to 40001.

[S4]interface GigabitEthernet 0/0/2


[S4-GigabitEthernet0/0/2] stp cost 40001

# Check the STP status and statistics on S4 again.

<S4>display stp brief


MSTID Port Role STPState Protection
0 GigabitEthernet0/0/1 ROOT FORWARDING NONE
0 GigabitEthernet0/0/2 ALTE DISCARDING NONE
0 GigabitEthernet0/0/3 ALTE DISCARDING NONE

The RPC of GE0/0/1 is 40000, smaller than RPC 40001 of GE0/0/2. GE0/0/1 of S4
becomes the root port.

Step 4 Change the interface priority to control root port election.

# Check the STP status and statistics on S2.

[S2]display stp brief


MSTID Port Role STPState Protection
0 GigabitEthernet0/0/10 ROOT FORWARDING NONE
0 GigabitEthernet0/0/11 ALTE DISCARDING NONE
0 GigabitEthernet0/0/12 DESI FORWARDING NONE
0 GigabitEthernet0/0/13 DESI FORWARDING NONE

The BPDUs received on GE0/0/10 and GE0/0/11 of S2 have the same RPC, bridge ID, and
interface priority. Therefore, S2 compares interface numbers in the received BPDU
interface IDs.
# Enable LLDP on S1 and S2 and check interface connections.

[S1]lldp enable

[S2]lldp enable

[S2]display lldp neighbor brief


Local Intf Neighbor Dev Neighbor Intf Exptime
GE0/0/10 S1 GE0/0/10 102
GE0/0/11 S1 GE0/0/11 102
GE0/0/12 S4 GE0/0/1 108
GE0/0/13 S3 GE0/0/2 103
HCIP-Datacom-Core Technology Lab Guide Page 174

The peer end of S2's GE0/0/10 is S1's GE0/0/10, and the peer end of S2's GE0/0/11 is S1's
GE0/0/11. The BPDU received by GE0/0/10 on S2 has a smaller interface number, which is
why GE0/0/10 becomes the root port.
# Change the STP priority of S1's GE0/0/11 so that the priority of BPDUs sent by
GE0/0/11 becomes higher than that of BPDUs sent by GE0/0/10.

[S1]interface GigabitEthernet 0/0/11


[S1-GigabitEthernet0/0/11] stp port priority 64

The priority value of the STP interface is 128. The smaller the value, the higher the
priority.
# Check the STP status and statistics on S2 again.

[S2]display stp brief


MSTID Port Role STPState Protection
0 GigabitEthernet0/0/10 ROOT FORWARDING NONE
0 GigabitEthernet0/0/11 ALTE DISCARDING NONE
0 GigabitEthernet0/0/12 DESI FORWARDING NONE
0 GigabitEthernet0/0/13 DESI FORWARDING NONE

S2's GE0/0/1 becomes the root port.

Step 5 Basic MSTP Configurations

Create VLANs 10, 20, 30, 40, 50, 60, 70 and 80 on all switches. Configure an MSTP
domain named hcip. Create two instances named Instance 1 and Instance 2. Map
VLANs 10, 30, 50, and 70 to Instance 1. Map VLANs 20, 40, 60, and 80 to Instance 2. In
addition, SW1 is configured as the primary root bridge of MSTI1 and the secondary root
bridge of MSTI2, and SW2 is configured as the primary root bridge of MSTI2 and the
secondary root bridge of MSTI1.
# Create VLANs.

[S1]vlan batch 10 20 30 40 50 60 70 80

[S2]vlan batch 10 20 30 40 50 60 70 80

[S3]vlan batch 10 20 30 40 50 60 70 80

[S4]vlan batch 10 20 30 40 50 60 70 80

# Configure all interconnection interfaces as trunk interfaces and allow packets from all
VLANs to pass.
The configuration details are not provided.
# Change the STP mode to MSTP.

[S1]stp mode mstp

[S2]stp mode mstp

[S3]stp mode mstp


HCIP-Datacom-Core Technology Lab Guide Page 175

[S4]stp mode mstp

# Configure MSTP.

[S1]stp region-configuration
[S1-mst-region] region-name hcip
[S1-mst-region] revision-level 1
[S1-mst-region] instance 1 vlan 10 30 50 70
[S1-mst-region] instance 2 vlan 20 40 60 80
[S1-mst-region] active region-configuration
Info: This operation may take a few seconds. Please wait for a moment...done.
[S1-mst-region] quit

[S2]stp region-configuration
[S2-mst-region] region-name hcip
[S2-mst-region] revision-level 1
[S2-mst-region] instance 1 vlan 10 30 50 70
[S2-mst-region] instance 2 vlan 20 40 60 80
[S2-mst-region] active region-configuration
Info: This operation may take a few seconds. Please wait for a moment...done.
[S2-mst-region] quit

[S3]stp region-configuration
[S3-mst-region] region-name hcip
[S3-mst-region] revision-level 1
[S3-mst-region] instance 1 vlan 10 30 50 70
[S3-mst-region] instance 2 vlan 20 40 60 80
[S3-mst-region] active region-configuration
Info: This operation may take a few seconds. Please wait for a moment...done.
[S3-mst-region] quit

[S4]stp region-configuration
[S4-mst-region] region-name hcip
[S4-mst-region] revision-level 1
[S4-mst-region] instance 1 vlan 10 30 50 70
[S4-mst-region] instance 2 vlan 20 40 60 80
[S4-mst-region] active region-configuration
Info: This operation may take a few seconds. Please wait for a moment...done.
[S4-mst-region] quit

# Check mappings between MSTIs and VLANs on S1.

[S1]display stp region-configuration


Oper configuration
Format selector :0
Region name :hcip
Revision level :1

Instance VLANs Mapped


0 1 to 9, 11 to 19, 21 to 29, 31 to 39, 41 to 49, 51 to 59, 61 to
69, 71 to 79, 81 to 4094
1 10, 30, 50, 70
2 20, 40, 60, 80

# Configure SW1 as the root bridge of MSTI1 and the secondary root bridge of MSTI2.
HCIP-Datacom-Core Technology Lab Guide Page 176

[S1]stp instance 1 root primary


[S1]stp instance 2 root secondary

# Configure SW2 as the primary root bridge of MSTI2 and the secondary root bridge of
MSTI1.

[S2]stp instance 1 root secondary


[S2]stp instance 2 root primary

# Check the status and statistics of MSTI1 on S1.

[S1]display stp instance 1 brief


MSTID Port Role STP State Protection
1 GigabitEthernet0/0/10 DESI FORWARDING NONE
1 GigabitEthernet0/0/11 DESI FORWARDING NONE
1 GigabitEthernet0/0/12 DESI FORWARDING NONE
1 GigabitEthernet0/0/13 DESI FORWARDING NONE

All ports on S1 are designated ports, and S1 is the root bridge of MSTI1.
# Check the status and statistics of MSTI2 on S2.

[S2]display stp instance 2 brief


MSTID Port Role STP State Protection
2 GigabitEthernet0/0/10 DESI FORWARDING NONE
2 GigabitEthernet0/0/11 DESI FORWARDING NONE
2 GigabitEthernet0/0/12 DESI FORWARDING NONE
2 GigabitEthernet0/0/13 DESI FORWARDING NONE

All ports on S2 are designated ports, and S2 is the root bridge of MSTI2.
----End

5.1.3 Quiz
Compared with STP, which improvements are made in RTSP?

5.1.4 Configuration Reference


Configuration on S1

sysname S1
#
vlan batch 10 20 30 40 50 60 70 80
#
lldp enable
#
stp instance 0 root primary
stp instance 1 root primary
stp instance 2 root secondary
#
stp region-configuration
region-name hcip
revision-level 1
instance 1 vlan 10 30 50 70
HCIP-Datacom-Core Technology Lab Guide Page 177

instance 2 vlan 20 40 60 80
active region-configuration
#
interface GigabitEthernet0/0/10
port link-type trunk
port trunk allow-pass vlan 10 20 30 40 50 60 70 80
#
interface GigabitEthernet0/0/11
port link-type trunk
port trunk allow-pass vlan 10 20 30 40 50 60 70 80
stp instance 0 port priority 64
#
interface GigabitEthernet0/0/12
port link-type trunk
port trunk allow-pass vlan 10 20 30 40 50 60 70 80
#
interface GigabitEthernet0/0/13
port link-type trunk
port trunk allow-pass vlan 10 20 30 40 50 60 70 80
#
return

Configuration on S2

sysname S2
#
vlan batch 10 20 30 40 50 60 70 80
#
lldp enable
#
stp instance 0 root secondary
stp instance 1 root secondary
stp instance 2 root primary
#
stp region-configuration
region-name hcip
revision-level 1
instance 1 vlan 10 30 50 70
instance 2 vlan 20 40 60 80
active region-configuration
#
interface GigabitEthernet0/0/10
port link-type trunk
port trunk allow-pass vlan 10 20 30 40 50 60 70 80
#
interface GigabitEthernet0/0/11
port link-type trunk
port trunk allow-pass vlan 10 20 30 40 50 60 70 80
stp instance 0 port priority 64
#
interface GigabitEthernet0/0/12
port link-type trunk
port trunk allow-pass vlan 10 20 30 40 50 60 70 80
#
interface GigabitEthernet0/0/13
HCIP-Datacom-Core Technology Lab Guide Page 178

port link-type trunk


port trunk allow-pass vlan 10 20 30 40 50 60 70 80
#
return

Configuration on S3

#
sysname S3
#
vlan batch 10 20 30 40 50 60 70 80
#
lldp enable
#
stp region-configuration
region-name hcip
revision-level 1
instance 1 vlan 10 30 50 70
instance 2 vlan 20 40 60 80
active region-configuration
#
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 10 20 30 40 50 60 70 80
#
interface GigabitEthernet0/0/2
port link-type trunk
port trunk allow-pass vlan 10 20 30 40 50 60 70 80
#
interface GigabitEthernet0/0/3
port link-type trunk
port trunk allow-pass vlan 10 20 30 40 50 60 70 80
#
return

Configuration on S4

#
sysname S4
#
vlan batch 10 20 30 40 50 60 70 80
#
lldp enable
#
stp region-configuration
region-name hcip
revision-level 1
instance 1 vlan 10 30 50 70
instance 2 vlan 20 40 60 80
active region-configuration
#
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 10 20 30 40 50 60 70 80
#
HCIP-Datacom-Core Technology Lab Guide Page 179

interface GigabitEthernet0/0/2
port link-type trunk
port trunk allow-pass vlan 10 20 30 40 50 60 70 80
stp instance 0 cost 40001
#
interface GigabitEthernet0/0/3
port link-type trunk
port trunk allow-pass vlan 10 20 30 40 50 60 70 80
#
return
HCIP-Datacom-Core Technology Lab Guide Page 180

6 Multicast

6.1 IGMP, IGMP Snooping, and PIM-DM


6.1.1 Introduction
6.1.1.1 Objectives
Upon completion of this task, you will be able to:
⚫ Know how to enable multicast routing for multicast traffic forwarding.
⚫ Know how to enable IGMP snooping on a switch and manually configure a static
router port and member port.
⚫ Know how to use PIM-DM to forward multicast traffic.
⚫ Know how to control the election result of the Assert mechanism by changing the
IGP cost.

6.1.1.2 Networking Topology


Figure 6-1 Lab topology for IGMP, IGMP snooping, and PIM-DM

In the preceding figure, OSPF runs on four routers. Loopback0 is created on each router.
The IP address of Loopback0 is 10.0.x.x/32, where x is the device number.
The four routers form a multicast network. R1 is the first-hop router and is connected to
multicast source 239.0.0.12. R4 is the last-hop router and is connected to receivers of
multicast group 239.0.0.12. To ensure that the traffic from the multicast source can be
received by multicast group members connected to R4, deploy PIM-DM on each router
and activate IGMPv2 on GE0/0/5 of R4.
HCIP-Datacom-Core Technology Lab Guide Page 181

To optimize multicast traffic forwarding on S2, configure IGMP snooping on S2 and


manually specify a static router port and member port.

6.1.1.3 Background
You are a network administrator of a company. Multicast needs to be configured to
forward some services. The network size is small, so you can configure PIM-DM to
implement multicast route learning. To improve network efficiency and security, you can
manually control the election result of the PIM-DM Assert mechanism. To optimize
multicast traffic forwarding on the switch connected to multicast receivers, you can
enable IGMP snooping on the switch.

6.1.2 Lab Configuration


6.1.2.1 Configuration Roadmap
1. Configure IP addresses for the devices.
2. Configure OSPF on each Loopback0 interface and the interfaces that connect R1, R2,
R3, and R4.
3. Enable the multicast routing function on the routers, and enable PIM-DM on
involved interfaces.
4. On R1, simulate traffic of the multicast source, and then check the PIM routing table
of each router.
5. Change the OSPF cost of GE0/0/1 on R3 to control the election result of the Assert
mechanism. Then, check the PIM routing tables of R2 and R3 again.
6. Configure IGMP snooping on S2 and manually configure a static router port and
member port.

6.1.2.2 Configuration Procedure


Step 1 Configure IP addresses for interconnection interfaces and loopback interfaces.

# Name the devices.


The configuration details are not provided.
# Disable the interfaces that are not used in this experiment.
The configuration details are not provided.
# Configure R1.

[R1]interface LoopBack0
[R1-LoopBack0] ip address 10.0.1.1 255.255.255.255
[R1-LoopBack0] quit
[R1]interface GigabitEthernet0/0/2
[R1-GigabitEthernet0/0/2] ip address 10.0.12.1 255.255.255.0
[R1-GigabitEthernet0/0/2] quit
[R1]interface GigabitEthernet0/0/1
[R1-GigabitEthernet0/0/1] ip address 10.0.13.1 255.255.255.0
[R1-GigabitEthernet0/0/1] quit

# Configure R2.
HCIP-Datacom-Core Technology Lab Guide Page 182

[R2]interface GigabitEthernet0/0/4
[R2-GigabitEthernet0/0/4] ip address 10.0.234.2 255.255.255.0
[R2-GigabitEthernet0/0/4] quit
[R2]interface GigabitEthernet0/0/3
[R2-GigabitEthernet0/0/3] ip address 10.0.12.2 255.255.255.0
[R2-GigabitEthernet0/0/3] quit
[R2]interface LoopBack0
[R2-LoopBack0] ip address 10.0.2.2 255.255.255.255
[R2-LoopBack0] quit

# Configure R3.

[R3]interface GigabitEthernet0/0/1
[R3-GigabitEthernet0/0/1] ip address 10.0.13.3 24
[R3-GigabitEthernet0/0/1] quit
[R3]interface GigabitEthernet0/0/4
[R3-GigabitEthernet0/0/4] ip address 10.0.234.3 255.255.255.0
[R3-GigabitEthernet0/0/4] quit
[R3]interface LoopBack 0
[R3-LoopBack0] ip address 10.0.3.3 32
[R3-LoopBack0] quit

# Configure R4.

[R4]interface GigabitEthernet0/0/4
[R4-GigabitEthernet0/0/4] ip address 10.0.234.4 255.255.255.0
[R4-GigabitEthernet0/0/4] quit
[R4]interface GigabitEthernet0/0/5
[R4-GigabitEthernet0/0/5] ip address 192.168.1.1 255.255.255.0
[R4-GigabitEthernet0/0/5] quit
[R4]interface LoopBack0
[R4-LoopBack0] ip address 10.0.4.4 255.255.255.255
[R4-LoopBack0] quit

# Check IP connectivity on R1 and R4.

<R1>ping -c 1 10.0.12.2
PING 10.0.12.2: 56 data bytes, press CTRL_C to break
Reply from 10.0.12.2: bytes=56 Sequence=1 ttl=255 time=50 ms

--- 10.0.12.2 ping statistics ---


1 packet(s) transmitted
1 packet(s) received
0.00% packet loss
round-trip min/avg/max = 50/50/50 ms

<R1>ping -c 1 10.0.13.3
PING 10.0.13.3: 56 data bytes, press CTRL_C to break
Reply from 10.0.13.3: bytes=56 Sequence=1 ttl=255 time=50 ms

--- 10.0.13.3 ping statistics ---


1 packet(s) transmitted
1 packet(s) received
0.00% packet loss
round-trip min/avg/max = 50/50/50 ms
HCIP-Datacom-Core Technology Lab Guide Page 183

<R4>ping -c 1 10.0.234.2
PING 10.0.234.2: 56 data bytes, press CTRL_C to break
Reply from 10.0.234.2: bytes=56 Sequence=1 ttl=255 time=70 ms

--- 10.0.234.2 ping statistics ---


1 packet(s) transmitted
1 packet(s) received
0.00% packet loss
round-trip min/avg/max = 70/70/70 ms

<R4>ping -c 1 10.0.234.3
PING 10.0.234.3: 56 data bytes, press CTRL_C to break
Reply from 10.0.234.3: bytes=56 Sequence=1 ttl=255 time=80 ms

--- 10.0.234.3 ping statistics ---


1 packet(s) transmitted
1 packet(s) received
0.00% packet loss
round-trip min/avg/max = 80/80/80 ms

Step 2 Configure OSPF.

Use the IP address of the Loopback0 interface as the router ID of each router and
activate OSPF on the interconnection interfaces and each Loopback0 interface.
# Configure R1.

[R1]ospf 1 router-id 10.0.1.1


[R1-ospf-1] area 0
[R1-ospf-1-area-0.0.0.0] network 10.0.1.1 0.0.0.0
[R1-ospf-1-area-0.0.0.0] network 10.0.12.1 0.0.0.0
[R1-ospf-1-area-0.0.0.0] network 10.0.13.1 0.0.0.0
[R1-ospf-1-area-0.0.0.0] quit
[R1-ospf-1] quit

# Configure R2.

[R2]ospf 1 router-id 10.0.2.2


[R2-ospf-1] area 0
[R2-ospf-1-area-0.0.0.0] network 10.0.2.2 0.0.0.0
[R2-ospf-1-area-0.0.0.0] network 10.0.12.2 0.0.0.0
[R2-ospf-1-area-0.0.0.0] network 10.0.234.2 0.0.0.0
[R2-ospf-1-area-0.0.0.0] quit
[R2-ospf-1] quit

# Configure R3.

[R3]ospf 1 router-id 10.0.3.3


[R3-ospf-1] area 0
[R3-ospf-1-area-0.0.0.0] network 10.0.3.3 0.0.0.0
[R3-ospf-1-area-0.0.0.0] network 10.0.13.3 0.0.0.0
[R3-ospf-1-area-0.0.0.0] network 10.0.234.3 0.0.0.0
[R3-ospf-1-area-0.0.0.0] quit
[R3-ospf-1] quit
HCIP-Datacom-Core Technology Lab Guide Page 184

# Configure R4.

[R4]ospf 1 router-id 10.0.4.4


[R4-ospf-1]area 0
[R4-ospf-1-area-0.0.0.0] network 10.0.234.4 0.0.0.0
[R4-ospf-1-area-0.0.0.0] network 10.0.4.4 0.0.0.0
[R4-ospf-1-area-0.0.0.0] network 192.168.1.1 0.0.0.0
[R4-ospf-1-area-0.0.0.0] quit
[R4-ospf-1] quit

# Check the OSPF neighbor status on R1 and R4.

<R1>display ospf peer brief

OSPF Process 1 with Router ID 10.0.1.1


Peer Statistic Information
----------------------------------------------------------------------------
Area Id Interface Neighbor id State
0.0.0.0 GigabitEthernet0/0/2 10.0.2.2 Full
0.0.0.0 GigabitEthernet0/0/1 10.0.3.3 Full
----------------------------------------------------------------------------

<R4>display ospf peer brief

OSPF Process 1 with Router ID 10.0.4.4


Peer Statistic Information
----------------------------------------------------------------------------
Area Id Interface Neighbor id State
0.0.0.0 GigabitEthernet0/0/4 10.0.2.2 Full
0.0.0.0 GigabitEthernet0/0/4 10.0.3.3 Full
----------------------------------------------------------------------------

OSPF neighbor relationships have been established between routers.


# Check the OSPF routing table on R4.

[R4]display ospf routing

OSPF Process 1 with Router ID 10.0.4.4


Routing Tables

Routing for Network


Destination Cost Type NextHop AdvRouter Area
10.0.4.4/32 0 Stub 10.0.4.4 10.0.4.4 0.0.0.0
10.0.234.0/24 1 Transit 10.0.234.4 10.0.4.4 0.0.0.0
192.168.1.0/24 1 Stub 192.168.1.1 10.0.4.4 0.0.0.0
10.0.1.1/32 2 Stub 10.0.234.3 10.0.1.1 0.0.0.0
10.0.1.1/32 2 Stub 10.0.234.2 10.0.1.1 0.0.0.0
10.0.2.2/32 1 Stub 10.0.234.2 10.0.2.2 0.0.0.0
10.0.3.3/32 1 Stub 10.0.234.3 10.0.3.3 0.0.0.0
10.0.12.0/24 2 Transit 10.0.234.2 10.0.1.1 0.0.0.0
10.0.13.0/24 2 Transit 10.0.234.3 10.0.1.1 0.0.0.0

Total Nets: 9
Intra Area: 9 Inter Area: 0 ASE: 0 NSSA: 0
HCIP-Datacom-Core Technology Lab Guide Page 185

R4 has learned OSPF routes on the entire network.

Step 3 Configure PIM-DM.

Enable multicast routing on all routers and enable PIM-DM on involved interfaces.
# Enable multicast routing.

[R1]multicast routing-enable

[R2]multicast routing-enable

[R3]multicast routing-enable

[R4]multicast routing-enable

# Enable PIM-DM on involved interfaces of R1.

[R1]interface GigabitEthernet0/0/1
[R1-GigabitEthernet0/0/1] pim dm
[R1-GigabitEthernet0/0/1] quit
[R1]interface GigabitEthernet0/0/2
[R1-GigabitEthernet0/0/2] pim dm
[R1-GigabitEthernet0/0/2] quit

# Enable PIM-DM on involved interfaces of R2.

[R2]interface GigabitEthernet0/0/4
[R2-GigabitEthernet0/0/4] pim dm
[R2-GigabitEthernet0/0/4] quit
[R2]interface GigabitEthernet0/0/3
[R2-GigabitEthernet0/0/3] pim dm
[R2-GigabitEthernet0/0/3] quit

# Enable PIM-DM on involved interfaces of R3.

[R3]interface GigabitEthernet0/0/4
[R3-GigabitEthernet0/0/4] pim dm
[R3-GigabitEthernet0/0/4] quit
[R3]interface GigabitEthernet0/0/1
[R3-GigabitEthernet0/0/1] pim dm
[R3-GigabitEthernet0/0/1] quit

# Enable PIM-DM on involved interfaces of R4.

[R4]interface GigabitEthernet0/0/4
[R4-GigabitEthernet0/0/4] pim dm
[R4-GigabitEthernet0/0/4] quit
[R4]interface GigabitEthernet0/0/5
[R4-GigabitEthernet0/0/5] pim dm
[R4-GigabitEthernet0/0/5] quit

# Check the PIM neighbor relationships on R1 and R4.

[R1]display pim neighbor


HCIP-Datacom-Core Technology Lab Guide Page 186

VPN-Instance: public net


Total Number of Neighbors = 2

Neighbor Interface Uptime Expires Dr-Priority BFD-Session


10.0.13.3 GE0/0/1 00:04:14 00:01:31 1 N
10.0.12.2 GE0/0/2 00:04:50 00:01:26 1 N

[R4]display pim neighbor


VPN-Instance: public net
Total Number of Neighbors = 2

Neighbor Interface Uptime Expires Dr-Priority BFD-Session


10.0.234.2 GE0/0/4 00:03:09 00:01:41 1 N
10.0.234.3 GE0/0/4 00:03:08 00:01:19 1 N

PIM neighbor relationships have been established between R1 and R2, between R1 and
R3, between R4 and R2, and between R4 and R3.
# Enable IGMP on GE0/0/5 of R4 and configure GE0/0/5 to join the multicast group in
static mode.

[R4]interface GigabitEthernet0/0/5
[R4-GigabitEthernet0/0/5] igmp enable
[R4-GigabitEthernet0/0/5] igmp static-group 239.0.0.12

# Check IGMP interface information on R4.

[R4]display igmp interface GigabitEthernet 0/0/5


Interface information of VPN-Instance: public net
GigabitEthernet0/0/5(192.168.1.1):
IGMP is enabled
Current IGMP version is 2
IGMP state: up
IGMP group policy: none
IGMP limit: -
Value of query interval for IGMP (negotiated): -
Value of query interval for IGMP (configured): 60 s
Value of other querier timeout for IGMP: 0 s
Value of maximum query response time for IGMP: 10 s
Querier for IGMP: 192.168.1.1 (this router)

The default IGMP version (IGMPv2) is used, and R4 is the IGMP querier.

Step 4 Check the PIM routing table.

On R1, use the address of Loopback0 as the source address to send ICMP packets to
239.0.0.12 to simulate traffic of the multicast source. Then, check the PIM routing table
on each router.
# Use R1 to send packets to simulate traffic of the multicast source.

ping -a 10.0.1.1 -c 10 239.0.0.12


HCIP-Datacom-Core Technology Lab Guide Page 187

After this command is run, R1 does not send multicast traffic, but it triggers PIM-DM
State-Refresh messages.
# Query the content of the PIM-DM State-Refresh messages.

Frame 45: 70 bytes on wire (560 bits), 70 bytes captured (560 bits) on interface 0
Ethernet II, Src: HuaweiTe_0c:16:0a (54:89:98:0c:16:0a), Dst: IPv4mcast_0d (01:00:5e:00:00:0d)
Internet Protocol Version 4, Src: 10.0.12.1, Dst: 224.0.0.13
Protocol Independent Multicast
0010 .... = Version: 2
.... 1001 = Type: State-Refresh (9)
Reserved byte(s): 00
Checksum: 0x8295 [correct]
[Checksum Status: Good]
PIM Options
Group: 239.0.0.12/32
Source: 10.0.1.1
Originator: 10.0.12.1
0... .... = RP Tree: False
.000 0000 0000 0000 0000 0000 0000 0000 = Metric Preference: 0
Metric: 0
Masklen: 32
TTL: 255
0... .... = Prune indicator: Not set
.0.. .... = Prune now: Not set
..1. .... = Assert override: Set
Interval: 60

The State-Refresh messages carry the multicast source address (10.0.1.1) and multicast
group address (239.0.0.12). After receiving the messages, the downstream device creates
an (S, G) entry and forwards the State-Refresh messages downstream.
# Check statistics about the State-Refresh messages sent by R1.

<R1>display pim control-message counters message-type state-refresh interface GigabitEthernet 0/0/2


VPN-Instance: public net
PIM control-message counters for interface: GigabitEthernet0/0/2
Message Type Received Sent Invalid Filtered
State-Refresh 0 8 0 0

If the value of Sent is not 0, check the (S, G) entry on the downstream device. If the
value of Sent is 0, you will find no (S, G) entry on the downstream device.
PIM-SM does not have State-Refresh messages. Therefore, this method cannot be used in
PIM-SM scenarios.
# Check the PIM routing tables of the four routers.

<R1>display pim routing-table


VPN-Instance: public net
Total 0 (*, G) entry; 1 (S, G) entry

(10.0.1.1, 239.0.0.12)
Protocol : pim-dm, Flag: LOC ACT
UpTime : 00:04:19
Upstream interface : LoopBack0
HCIP-Datacom-Core Technology Lab Guide Page 188

Upstream neighbor: NULL


RPF prime neighbor: NULL
Downstream interface(s) information:
Total number of downstreams: 1
1: GigabitEthernet0/0/1
Protocol: pim-dm, UpTime: 00:04:19, Expires: never

On R1, the inbound interface of the (S, G) entry is Loopback0. Because the multicast
source is directly connected to R1, PRF prime neighbor is Null. The downstream
interface is GE0/0/1, and R1 forwards the multicast traffic to R3.

<R2>display pim routing-table


VPN-Instance: public net
Total 0 (*, G) entry; 1 (S, G) entry

(10.0.1.1, 239.0.0.12)
Protocol : pim-dm, Flag:
UpTime : 00:01:25
Upstream interface : GigabitEthernet0/0/3
Upstream neighbor: 10.0.12.1
RPF prime neighbor: 10.0.12.1
Downstream interface(s) information: None

On R2, the (S, G) entry does not have any downstream interface.

<R3>display pim routing-table


VPN-Instance: public net
Total 0 (*, G) entry; 1 (S, G) entry

(10.0.1.1, 239.0.0.12)
Protocol : pim-dm, Flag:
UpTime : 00:02:55
Upstream interface : GigabitEthernet0/0/1
Upstream neighbor: 10.0.13.1
RPF prime neighbor: 10.0.13.1
Downstream interface(s) information:
Total number of downstreams: 1
1: GigabitEthernet0/0/4
Protocol: pim-dm, UpTime: 00:02:55, Expires: never

On R3, the downstream interface of the (S, G) entry is GE0/0/4.


The downstream interfaces of R2 and R3 and the upstream interface of R4 are on the
same network segment. Therefore, the Assert mechanism is triggered. R2 and R3 send
Assert messages through their respective GE0/0/4 for election. The unicast routes from R2
and R3 to the multicast source have the same preference and cost. However, GE0/0/4 of
R3 has a higher IP address (10.0.234.3) than that (10.0.234.2) of R2. Therefore, R3 wins
the Assert election and continues to forward multicast traffic to R4. R2 no longer
forwards multicast traffic downstream through its GE0/0/4. This is why there is no
downstream interface in the (S, G) entry in the PIM routing table of R2.

[R4]display pim routing-table


VPN-Instance: public net
Total 1 (*, G) entry; 1 (S, G) entry
HCIP-Datacom-Core Technology Lab Guide Page 189

(*, 239.0.0.12)
Protocol : pim-dm, Flag: WC
UpTime : 00:05:41
Upstream interface : NULL
Upstream neighbor: NULL
RPF prime neighbor: NULL
Downstream interface(s) information:
Total number of downstreams: 1
1: GigabitEthernet0/0/5
Protocol: static, UpTime: 00:05:41, Expires: never

(10.0.1.1, 239.0.0.12)
Protocol : pim-dm, Flag:
UpTime : 00:01:52
Upstream interface : GigabitEthernet0/0/4
Upstream neighbor: 10.0.234.2
RPF prime neighbor: 10.0.234.2
Downstream interface(s) information:
Total number of downstreams: 1
1: GigabitEthernet0/0/5
Protocol: pim-dm, UpTime: 00:01:52, Expires: -

The upstream neighbor of R4 is R3, and R4 is the last-hop router.

Step 5 Change the IGP cost to control the Assert election result.

Change the OSPF cost of GE0/0/1 on R3 so that the unicast route from R3 to the
multicast source address has a higher cost. Consequently, R2 wins the Assert election and
becomes the Assert winner.
# On R2 and R3, check the cost of the route to the multicast source address 10.0.1.1.

<R2>display ip routing-table 10.0.1.1


Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Routing Table : Public
Summary Count : 1
Destination/Mask Proto Pre Cost Flags NextHop Interface

10.0.1.1/32 OSPF 10 1 D 10.0.12.1 GigabitEthernet0/0/3

<R3>display ip routing-table 10.0.1.1


Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Routing Table : Public
Summary Count : 1
Destination/Mask Proto Pre Cost Flags NextHop Interface

10.0.1.1/32 OSPF 10 1 D 10.0.13.1 GigabitEthernet0/0/1

The costs of the routes from R2 and R3 to 10.0.1.1 are both 1.


# Change the OSPF cost of GE0/0/1 on R3.

[R3]interface GigabitEthernet0/0/1
HCIP-Datacom-Core Technology Lab Guide Page 190

[R3-GigabitEthernet0/0/1] ospf cost 2

# On R3, check the cost of the route to the multicast source address 10.0.1.1.

<R3>display ip routing-table 10.0.1.1


Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Routing Table : Public
Summary Count : 2
Destination/Mask Proto Pre Cost Flags NextHop Interface

10.0.1.1/32 OSPF 10 2 D 10.0.13.1 GigabitEthernet0/0/1


OSPF 10 2 D 10.0.234.2 GigabitEthernet0/0/4

The cost of the route from R3 to 10.0.1.1 becomes 2.


# Change the Assert timeout period on GE0/0/4 of R2 and R3 to 10s.

[R2]interface GigabitEthernet0/0/4
[R2-GigabitEthernet0/0/4] pim holdtime assert 10

[R3]interface GigabitEthernet0/0/4
[R3-GigabitEthernet0/0/4] pim holdtime assert 10

# Run the debugging pim join-prune receive command on R1 and then observe the
prune process.

<R1>terminal debugging
<R1>terminal monitor
<R1>debugging pim join-prune receive

# Re-trigger multicast traffic on R1.

<R1>ping -a 10.0.1.1 -c 10 239.0.0.12

# Check the PIM routing tables of R2 and R3.

[R2]display pim routing-table


VPN-Instance: public net
Total 0 (*, G) entry; 1 (S, G) entry

(10.0.1.1, 239.0.0.12)
Protocol : pim-dm, Flag:
UpTime : 00:00:01
Upstream interface : GigabitEthernet0/0/3
Upstream neighbor: 10.0.12.1
RPF prime neighbor: 10.0.12.1
Downstream interface(s) information:
Total number of downstreams: 1
1: GigabitEthernet0/0/4
Protocol: pim-dm, UpTime: 00:00:01, Expires: never

[R3]display pim routing-table


VPN-Instance: public net
Total 0 (*, G) entry; 1 (S, G) entry
HCIP-Datacom-Core Technology Lab Guide Page 191

(10.0.1.1, 239.0.0.12)
Protocol : pim-dm, Flag:
UpTime : 00:00:08
Upstream interface : GigabitEthernet0/01
Upstream neighbor: 10.0.234.2
RPF prime neighbor: 10.0.234.2
Downstream interface(s) information: None

In this case, R3 does not have a downstream interface, and R2 becomes the Assert
winner.
# Check the debugging information on R1.

Jul 2 2020 09:49:03.520.1-08:00 R1 PIM/7/JP:(public net): PIM ver 2 JP receiving 10.0.13.3 -> 224.0.0.13 on
GigabitEthernet0/0/1 (P012998)
Jul 2 2020 09:49:03.520.2-08:00 R1 PIM/7/JP:(public net): Upstream 10.0.13.1, Groups 1, Holdtime 180 (P013002)
Jul 2 2020 09:49:03.520.3-08:00 R1 PIM/7/JP:(public net): Group: 239.0.0.12/32 --- 0 join 1 prune (P013011)
Jul 2 2020 09:49:03.520.4-08:00 R1 PIM/7/JP:(public net): Prune: 10.0.1.1/32 (P013021)
Jul 2 2020 09:49:05.790.1-08:00 R1 PIM/7/JP:(public net): PIM ver 2 JP receiving 10.0.12.2 -> 224.0.0.13 on
GigabitEthernet0/0/2 (P012933)
Jul 2 2020 09:49:05.790.2-08:00 R1 PIM/7/JP:(public net): Upstream 10.0.12.1, Groups 1, Holdtime 0 (P012939)
Jul 2 2020 09:49:05.790.3-08:00 R1 PIM/7/JP:(public net): Group: 239.0.0.12/32 --- 1 join 0 prune (P012949)
Jul 2 2020 09:49:05.790.4-08:00 R1 PIM/7/JP:(public net): Join: 10.0.1.1/32 (P012959)

The debugging information shows that R1 received a Prune message from R3 with the
group address being 239.0.0.12 and the multicast source address being 10.0.1.1.

Step 6 Configure IGMP snooping.

To optimize multicast traffic forwarding on S2, enable IGMP snooping on S2 and


manually configure a static router port and member port.
# Enable IGMP snooping globally and in VLAN 1.

[S2]igmp-snooping enable
[S2]vlan 1
[S2-vlan1] igmp-snooping enable
[S2-vlan1] quit

# Manually configure GE0/0/4 as a static router port.

[S2]interface GigabitEthernet0/0/4
[S2-GigabitEthernet0/0/4] igmp-snooping static-router-port vlan 1

# Manually configure GE0/0/10 as a static member port of the multicast group


239.0.0.12.

[S2]interface GigabitEthernet0/0/10
[S2-GigabitEthernet0/0/10] l2-multicast static-group group-address 239.0.0.12 vlan 1
[S2-GigabitEthernet0/0/10] quit

# Check the L2 multicast forwarding table on S2.

[S2]display l2-multicast forwarding-table vlan 1


HCIP-Datacom-Core Technology Lab Guide Page 192

VLAN ID : 1, Forwarding Mode : IP


----------------------------------------------------------------------
(Source, Group) Interface Out-Vlan
----------------------------------------------------------------------
Router-port GigabitEthernet0/0/4 1
(*, 239.0.0.12) GigabitEthernet0/0/4 1
GigabitEthernet0/0/10 1
----------------------------------------------------------------------
Total Group(s) : 1

GE0/0/4 is a static router port, and GE0/0/10 is a static member port. The static member
port must be connected to a device and is up.
----End

6.1.3 Quiz
What are the disadvantages of configuring PIM-DM on a large-sized network?

6.1.4 Configuration Reference


Configuration on R1

#
sysname R1
#
multicast routing-enable
#
interface GigabitEthernet0/0/1
ip address 10.0.13.1 255.255.255.0
pim dm
#
interface GigabitEthernet0/0/2
ip address 10.0.12.1 255.255.255.0
pim dm
#
interface LoopBack0
ip address 10.0.1.1 255.255.255.255
#
ospf 1 router-id 10.0.1.1
area 0.0.0.0
network 10.0.1.1 0.0.0.0
network 10.0.12.1 0.0.0.0
network 10.0.13.1 0.0.0.0
#
return

Configuration on R2

#
sysname R2
#
multicast routing-enable
#
HCIP-Datacom-Core Technology Lab Guide Page 193

interface GigabitEthernet0/0/3
ip address 10.0.12.2 255.255.255.0
pim dm
#
interface GigabitEthernet0/0/4
ip address 10.0.234.2 255.255.255.0
pim holdtime assert 10
pim dm
#
interface LoopBack0
ip address 10.0.2.2 255.255.255.255
#
ospf 1 router-id 10.0.2.2
area 0.0.0.0
network 10.0.2.2 0.0.0.0
network 10.0.12.2 0.0.0.0
network 10.0.234.2 0.0.0.0
#
return

Configuration on R3

#
sysname R3
#
multicast routing-enable
#
interface GigabitEthernet0/0/1
ip address 10.0.13.3 255.255.255.0
pim dm
ospf cost 2
#
interface GigabitEthernet0/0/4
ip address 10.0.234.3 255.255.255.0
pim holdtime assert 10
pim dm
#
interface LoopBack0
ip address 10.0.3.3 255.255.255.255
#
ospf 1 router-id 10.0.3.3
area 0.0.0.0
network 10.0.3.3 0.0.0.0
network 10.0.13.3 0.0.0.0
network 10.0.234.3 0.0.0.0
#
return

Configuration on R4

#
sysname R4
#
multicast routing-enable
#
HCIP-Datacom-Core Technology Lab Guide Page 194

interface GigabitEthernet0/0/4
ip address 10.0.234.4 255.255.255.0
pim dm
#
interface GigabitEthernet0/0/5
ip address 192.168.1.1 255.255.255.0
igmp enable
igmp static-group 239.0.0.12
#
interface LoopBack0
ip address 10.0.4.4 255.255.255.255
#
ospf 1 router-id 10.0.4.4
area 0.0.0.0
network 10.0.234.4 0.0.0.0
network 10.0.4.4 0.0.0.0
network 192.168.1.1 0.0.0.0
#
return

Configuration on S2

#
sysname S2
#
igmp-snooping enable
#
vlan 1
igmp-snooping enable
#
interface GigabitEthernet0/0/4
igmp-snooping static-router-port vlan 1
#
interface GigabitEthernet0/0/10
l2-multicast static-group group-address 239.0.0.12 vlan 1

6.2 PIM-SM, BSR, and PIM-SSM


6.2.1 Introduction
6.2.1.1 Objectives
Upon completion of this task, you will be able to:
⚫ Know how to use PIM-SM to forward multicast traffic.
⚫ Know how to configure a BSR for RP election.
⚫ Know how to configure PIM-SM SSM to forward multicast traffic.
⚫ Know how to use the ping multicast command to send multicast traffic.
HCIP-Datacom-Core Technology Lab Guide Page 195

6.2.1.2 Networking Topology


Figure 6-2 Lab topology for PIM-SM, BSR, and PIM-SSM

OSPF runs on four routers. Loopback0 is created on each router. The IP address of
Loopback0 is 10.0.x.x/32, where x is the device number. Use R1 to simulate the source of
multicast group 239.0.0.12, and use GE0/0/0 on R4 to simulate a receiver of multicast
group 239.0.0.12.
R3 is planned as the RP of the network and is elected as the RP through the BSR mode.

6.2.1.3 Background
You are a network administrator of a company. PIM-DM has been configured on the
company's network. However, when more and more multicast users are dispersed on the
network, multicast service quality degrades. To improve multicast reliability and
efficiency, you can configure PIM-SM.
In the PIM-SM mode, an RP is required and is used as the root of RPTs.

6.2.2 Lab Configuration


6.2.2.1 Configuration Roadmap
1. Configure IP addresses for the devices.
2. Configure OSPF on each Loopback0 interface and the interfaces that connect R1, R2,
R3, and R4.
3. Enable the multicast routing function on the routers, and enable PIM-SM on involved
interfaces.
4. Configure Loopback0 on R2 as the BSR and Loopback0 on R3 as the RP.
5. Check the PIM-SM routing table on each device. Run the ping multicast command
to trigger the RPT-to-SPT switchover. Then check the PIM-SM routing table again.
HCIP-Datacom-Core Technology Lab Guide Page 196

6. Change the IGMP version on GE0/0/0 of R4 to version 3, configure an interface to


join multicast group 232.0.0.12 in static mode, and check the PIM-SM SSM routing
table.

6.2.2.2 Configuration Procedure


Step 1 Configure IP addresses for interconnection interfaces and loopback interfaces.

# Name the devices.


The configuration details are not provided.
# Disable the interfaces that are not used in this experiment.
The configuration details are not provided.
# Configure R1.

[R1]interface GigabitEthernet0/0/2
[R1-GigabitEthernet0/0/2] ip address 10.0.12.1 255.255.255.0
[R1-GigabitEthernet0/0/2] quit
[R1]interface LoopBack0
[R1-LoopBack0] ip address 10.0.1.1 255.255.255.255
[R1-LoopBack0] quit

# Configure R2.

[R2]interface LoopBack0
[R2-LoopBack0] ip address 10.0.2.2 255.255.255.255
[R2-LoopBack0] quit
[R2]interface GigabitEthernet0/0/1
[R2-GigabitEthernet0/0/1] ip address 10.0.24.2 255.255.255.0
[R2-GigabitEthernet0/0/1] quit
[R2]interface GigabitEthernet0/0/2
[R2-GigabitEthernet0/0/2] ip address 10.0.23.2 255.255.255.0
[R2-GigabitEthernet0/0/2] quit
[R2]interface GigabitEthernet0/0/3
[R2-GigabitEthernet0/0/3] ip address 10.0.12.2 255.255.255.0
[R2-GigabitEthernet0/0/3] quit

# Configure R3.

[R3]interface LoopBack0
[R3-LoopBack0] ip address 10.0.3.3 255.255.255.255
[R3-LoopBack0] quit
[R3]interface GigabitEthernet0/0/2
[R3-GigabitEthernet0/0/2] ip address 10.0.34.3 255.255.255.0
[R3-GigabitEthernet0/0/2] quit
[R3]interface GigabitEthernet0/0/3
[R3-GigabitEthernet0/0/3] ip address 10.0.23.3 255.255.255.0
[R3-GigabitEthernet0/0/3] quit

# Configure R4.

[R4]interface LoopBack0
[R4-LoopBack0] ip address 10.0.4.4 255.255.255.255
[R4-LoopBack0]quit
HCIP-Datacom-Core Technology Lab Guide Page 197

[R4]interface GigabitEthernet0/0/1
[R4-GigabitEthernet0/0/1] ip address 10.0.24.4 255.255.255.0
[R4-GigabitEthernet0/0/1]quit
[R4]interface GigabitEthernet0/0/3
[R4-GigabitEthernet0/0/3] ip address 10.0.34.4 255.255.255.0
[R4-GigabitEthernet0/0/3]quit

# Check the connectivity of interconnection interfaces on R2 and R3.

<R2>ping -c 1 10.0.12.1
PING 10.0.12.1: 56 data bytes, press CTRL_C to break
Reply from 10.0.12.1: bytes=56 Sequence=1 ttl=255 time=40 ms

--- 10.0.12.1 ping statistics ---


1 packet(s) transmitted
1 packet(s) received
0.00% packet loss
round-trip min/avg/max = 40/40/40 ms

<R2>ping -c 1 10.0.23.3
PING 10.0.23.3: 56 data bytes, press CTRL_C to break
Reply from 10.0.23.3: bytes=56 Sequence=1 ttl=255 time=10 ms

--- 10.0.23.3 ping statistics ---


1 packet(s) transmitted
1 packet(s) received
0.00% packet loss
round-trip min/avg/max = 10/10/10 ms

<R2>ping -c 1 10.0.24.4
PING 10.0.24.4: 56 data bytes, press CTRL_C to break
Reply from 10.0.24.4: bytes=56 Sequence=1 ttl=255 time=80 ms

--- 10.0.24.4 ping statistics ---


1 packet(s) transmitted
1 packet(s) received
0.00% packet loss
round-trip min/avg/max = 80/80/80 ms

<R3>ping -c 1 10.0.34.4
PING 10.0.34.4: 56 data bytes, press CTRL_C to break
Reply from 10.0.34.4: bytes=56 Sequence=1 ttl=255 time=10 ms

--- 10.0.34.4 ping statistics ---


1 packet(s) transmitted
1 packet(s) received
0.00% packet loss
round-trip min/avg/max = 10/10/10 ms

Step 2 Configure OSPF on R1, R2, R3, and R4.

Configure R1, R2, R3, and R4 to use their Loopback0 IP addresses as their router ID, and
activate OSPF on the interconnected interfaces and Loopback0 interfaces of each device.
# Configure R1.
HCIP-Datacom-Core Technology Lab Guide Page 198

[R1]ospf 1 router-id 10.0.1.1


[R1-ospf-1] area 0.0.0.0
[R1-ospf-1-area-0.0.0.0] network 10.0.1.1 0.0.0.0
[R1-ospf-1-area-0.0.0.0] network 10.0.12.1 0.0.0.0

# Configure R2.

[R2]ospf 1 router-id 10.0.2.2


[R2-ospf-1]area 0
[R2-ospf-1-area-0.0.0.0] network 10.0.2.2 0.0.0.0
[R2-ospf-1-area-0.0.0.0] network 10.0.12.2 0.0.0.0
[R2-ospf-1-area-0.0.0.0] network 10.0.23.2 0.0.0.0
[R2-ospf-1-area-0.0.0.0] network 10.0.24.2 0.0.0.0

# Configure R3.

[R3]ospf 1 router-id 10.0.3.3


[R3-ospf-1]area 0
[R3-ospf-1-area-0.0.0.0] network 10.0.3.3 0.0.0.0
[R3-ospf-1-area-0.0.0.0] network 10.0.23.3 0.0.0.0
[R3-ospf-1-area-0.0.0.0] network 10.0.34.3 0.0.0.0

# Configure R4.

[R4]ospf 1 router-id 10.0.4.4


[R4-ospf-1]area 0
[R4-ospf-1-area-0.0.0.0] network 10.0.4.4 0.0.0.0
[R4-ospf-1-area-0.0.0.0] network 10.0.24.4 0.0.0.0
[R4-ospf-1-area-0.0.0.0] network 10.0.34.4 0.0.0.0

# Check the OSPF neighbor status on R2 and R3.

<R2>display ospf peer brief

OSPF Process 1 with Router ID 10.0.2.2


Peer Statistic Information
----------------------------------------------------------------------------
Area Id Interface Neighbor id State
0.0.0.0 GigabitEthernet0/0/2 10.0.3.3 Full
0.0.0.0 GigabitEthernet0/0/3 10.0.1.1 Full
0.0.0.0 GigabitEthernet0/0/1 10.0.4.4 Full
----------------------------------------------------------------------------
<R3>display ospf peer brief

OSPF Process 1 with Router ID 10.0.3.3


Peer Statistic Information
----------------------------------------------------------------------------
Area Id Interface Neighbor id State
0.0.0.0 GigabitEthernet0/0/3 10.0.2.2 Full
0.0.0.0 GigabitEthernet0/0/2 10.0.4.4 Full
----------------------------------------------------------------------------

The preceding command outputs show that OSPF neighbor relationships have been
established.
HCIP-Datacom-Core Technology Lab Guide Page 199

# Check the OSPF routing table on R4.

<R4>display ospf routing

OSPF Process 1with Router ID 10.0.4.4


Routing Tables

Routing for Network


Destination Cost Type NextHop AdvRouter Area
10.0.4.4/32 0 Stub 10.0.4.4 10.0.4.4 0.0.0.0
10.0.24.0/24 1 Transit 10.0.24.4 10.0.4.4 0.0.0.0
10.0.34.0/24 1 Transit 10.0.34.4 10.0.4.4 0.0.0.0
10.0.1.1/32 2 Stub 10.0.24.2 10.0.1.1 0.0.0.0
10.0.2.2/32 1 Stub 10.0.24.2 10.0.2.2 0.0.0.0
10.0.3.3/32 1 Stub 10.0.34.3 10.0.3.3 0.0.0.0
10.0.12.0/24 2 Transit 10.0.24.2 10.0.1.1 0.0.0.0
10.0.23.0/24 2 Transit 10.0.24.2 10.0.2.2 0.0.0.0
10.0.23.0/24 2 Transit 10.0.34.3 10.0.2.2 0.0.0.0

Total Nets: 9
Intra Area: 9 Inter Area: 0 ASE: 0 NSSA: 0

The preceding command output shows that R4 has learned the routes on the entire
network.

Step 3 Configure PIM-SM.

Enable multicast routing on all routers and enable PIM-SM on involved interfaces.
# Enable multicast routing.

[R1]multicast routing-enable

[R2]multicast routing-enable

[R3]multicast routing-enable

[R4]multicast routing-enable

# Enable PIM-SM on involved interfaces of R1.

[R1]interface LoopBack 0
[R1-LoopBack0] pim sm
[R1-LoopBack0] quit
[R1]interface GigabitEthernet0/0/2
[R1-GigabitEthernet0/0/2] pim sm
[R1-GigabitEthernet0/0/2] quit

# Enable PIM-SM on involved interfaces of R2.

[R2]interface GigabitEthernet0/0/1
[R2-GigabitEthernet0/0/1] pim sm
[R2-GigabitEthernet0/0/1] quit
[R2]interface GigabitEthernet0/0/2
[R2-GigabitEthernet0/0/2] pim sm
[R2-GigabitEthernet0/0/2] quit
HCIP-Datacom-Core Technology Lab Guide Page 200

[R2]interface GigabitEthernet0/0/3
[R2-GigabitEthernet0/0/3] pim sm
[R2-GigabitEthernet0/0/3] quit

# Enable PIM-SM on involved interfaces of R3.

[R3]interface GigabitEthernet0/0/2
[R3-GigabitEthernet0/0/2] pim sm
[R3-GigabitEthernet0/0/2] quit
[R3]interface GigabitEthernet0/0/3
[R3-GigabitEthernet0/0/3] pim sm
[R3-GigabitEthernet0/0/3] quit

# Enable PIM-SM on involved interfaces of R4.

[R4]interface GigabitEthernet0/0/1
[R4-GigabitEthernet0/0/1] pim sm
[R4-GigabitEthernet0/0/1] quit
[R4]interface GigabitEthernet0/0/3
[R4-GigabitEthernet0/0/3] pim sm
[R4-GigabitEthernet0/0/3] quit
[R4]interface GigabitEthernet0/0/0
[R4-GigabitEthernet0/0/0] pim sm
[R4-GigabitEthernet0/0/0] quit

# Check PIM neighbor relationships on R2 and R3.

<R2>display pim neighbor


VPN-Instance: public net
Total Number of Neighbors = 3

Neighbor Interface Uptime Expires Dr-Priority BFD-Session


10.0.24.4 GE0/0/1 00:08:19 00:01:26 1 N
10.0.23.3 GE0/0/2 00:09:09 00:01:37 1 N
10.0.12.1 GE0/0/3 00:10:07 00:01:42 1 N

<R3>display pim neighbor


VPN-Instance: public net
Total Number of Neighbors = 2

Neighbor Interface Uptime Expires Dr-Priority BFD-Session


10.0.34.4 GE0/0/2 00:08:35 00:01:39 1 N
10.0.23.2 GE0/0/3 00:09:25 00:01:21 1 N

PIM neighbor relationships have been established between routers.

Step 4 Deploy a BSR.

Adjust the C-BSR priority of R2 to enable R2 to become the BSR, and configure R3 as a C-
RP.
# Adjust the C-BSR priority of R2 to enable Loopback0 of R2 to become the BSR.

[R2]interface LoopBack0
[R2-LoopBack0] pim sm
[R2-LoopBack0] quit
HCIP-Datacom-Core Technology Lab Guide Page 201

[R2]pim
[R2-pim] c-bsr priority 100
[R2-pim] c-bsr LoopBack0
[R2-pim] quit

Note that PIM-SM must be enabled on Loopback0.


# Configure Loopback0 of R3 as a C-RP and set the multicast group address to 239.0.0.12.

[R3]interface LoopBack 0
[R3-LoopBack0] pim sm
[R3-LoopBack0] quit
[R3]acl 2000
[R3-acl-basic-2000] rule 1 permit source 239.0.0.12 0.0.0.0
[R3-acl-basic-2000] quit
[R3]pim
[R3-pim] c-rp LoopBack 0 group-policy 2000 priority 100
[R3-pim] quit

Note that PIM-SM must be enabled on Loopback0.


# Check information about the BSR and RP on R4.

<R4>display pim bsr-info


VPN-Instance : public net
Elected AdminScoped BSR Count: 0
Elected BSR Address : 10.0.2.2
Priority : 100
Hash mask length : 30
State : Accept Preferred
Scope : Not scoped
Uptime : 00:03:35
Expires : 00:02:06
C-RP Count :1

<R4>display pim rp-info


VPN-Instance : public net
PIM-SM BSR RP Number :2
Group/MaskLen : 224.0.0.0/4
RP : 10.0.3.3
Priority : 100
Uptime : 00:04:15
Expires : 00:02:15
Group/MaskLen : 239.0.0.12/32
RP : 10.0.3.3
Priority : 100
Uptime : 00:00:15
Expires : 00:02:15

There is only one C-BSR and one C-RP. Therefore, R2 and R3 function as the BSR and RP,
respectively. The IP address of the RP corresponding to the multicast group 239.0.0.12 is
10.0.3.3.

Step 5 Check the PIM routing table.


HCIP-Datacom-Core Technology Lab Guide Page 202

On R4, use GE0/0/0 to simulate a receiver of multicast group 239.0.0.12 and check the
PIM routing tables of R3 and R4. Change the RPT-to-SPT switchover threshold and trigger
multicast traffic forwarding again. Then, check the PIM routing table again.
# Enable IGMP on GE0/0/0 of R4 and configure GE0/0/0 to join the multicast group in
static mode.

[R4]interface GigabitEthernet0/0/0
[R4-GigabitEthernet0/0/0] ip address 192.168.1.1 24
[R4-GigabitEthernet0/0/0] igmp enable
[R4-GigabitEthernet0/0/0] igmp static-group 239.0.0.12

Note that the interface must be configured with an IP address and be up.
# Check the PIM routing table of R4.

<R4>display pim routing-table


VPN-Instance: public net
Total 1 (*, G) entry; 0 (S, G) entry

(*, 239.0.0.12)
RP : 10.0.3.3
Protocol : pim-sm, Flag: WC EXT
UpTime : 00:01:18
Upstream interface : GigabitEthernet0/0/3
Upstream neighbor: 10.0.34.3
RPF prime neighbor: 10.0.34.3
Downstream interface(s) information:
Total number of downstreams: 1
1: GigabitEthernet0/0/0
Protocol: static, UpTime: 00:01:29, Expires: -

The outbound interface of the route to the RP (10.0.3.3) on R4 is GE0/0/3. Therefore, R4


uses GE0/0/3 as the upstream interface of (*, 239.0.0.12) and sends PIM Join messages
through this interface.
# Check the PIM routing table of R3.

<R3>display pim routing-table


VPN-Instance: public net
Total 1 (*, G) entry; 0 (S, G) entry

(*, 239.0.0.12)
RP : 10.0.3.3 (local)
Protocol : pim-sm, Flag: WC
UpTime : 00:08:05
Upstream interface : Register
Upstream neighbor: NULL
RPF prime neighbor: NULL
Downstream interface(s) information:
Total number of downstreams: 1
1: GigabitEthernet0/0/2
Protocol: pim-sm, UpTime: 00:08:05, Expires: 00:03:25
HCIP-Datacom-Core Technology Lab Guide Page 203

R3 is the RP and does not need to send the Join message upstream. Currently, no
multicast source has registered with the RP. Therefore, the upstream interface is still null.
# Run the ping multicast command on R1 to simulate the multicast source of the
multicast group 239.0.0.12 and send multicast data.

<R1>ping multicast -c 10 239.0.0.12

# After the network becomes stable, check the PIM routing table of R4.

[R4]display pim routing-table


VPN-Instance: public net
Total 1 (*, G) entry; 1 (S, G) entry

(*, 239.0.0.12)
RP : 10.0.3.3
Protocol : pim-sm, Flag: WC EXT
UpTime : 00:03:38
Upstream interface : GigabitEthernet0/0/3
Upstream neighbor: 10.0.34.3
RPF prime neighbor: 10.0.34.3
Downstream interface(s) information:
Total number of downstreams: 1
1: GigabitEthernet0/0/0
Protocol: static, UpTime: 00:02:27, Expires: -

(10.0.1.1, 239.0.0.12)
RP: 10.0.3.3
Protocol : pim-sm, Flag: SPT ACT
UpTime : 00:00:05
Upstream interface : GigabitEthernet0/0/1
Upstream neighbor: 10.0.24.2
RPF prime neighbor: 10.0.24.2
Downstream interface(s) information:
Total number of downstreams: 1
1: GigabitEthernet0/0/0
Protocol: pim-sm, UpTime: 00:00:03, Expires: -

On R4, the entry with the Flag being SPT ACT is an (S, G) entry, indicating that the (S, G)
entry is used to guide multicast packet forwarding. In addition, the upstream interface is
GE0/0/1 that is connected to R2, rather than GE0/0/3 that is connected to R3. In this case,
the RPT-to-SPT switchover has been performed.
# Change the RPT-to-SPT switchover threshold on R4.

[R4]pim
[R4-pim] spt-switch-threshold infinity

The command configures R4 never to initiate an RPT-to-SPT switchover.


# Run the ping multicast command on R1 to simulate the multicast source of the
multicast group 239.0.0.12 and send multicast data.

<R1>ping multicast -c 10 239.0.0.12


HCIP-Datacom-Core Technology Lab Guide Page 204

# Check the PIM routing table on R4.

<R4>display pim routing-table


VPN-Instance: public net
Total 1 (*, G) entry; 1 (S, G) entry

(*, 239.0.0.12)
RP : 10.0.3.3
Protocol : pim-sm, Flag: WC
UpTime : 00:13:27
Upstream interface : GigabitEthernet0/0/3
Upstream neighbor: 10.0.34.3
RPF prime neighbor: 10.0.34.3
Downstream interface(s) information:
Total number of downstreams: 1
1: GigabitEthernet0/0/0
Protocol: static, UpTime: 00:13:27, Expires: -

(10.0.1.1, 239.0.0.12)
RP : 10.0.3.3
Protocol : pim-sm, Flag: ACT
UpTime : 00:00:12
Upstream interface : GigabitEthernet0/0/3
Upstream neighbor: 10.0.34.3
RPF prime neighbor: 10.0.34.3
Downstream interface(s) information:
Total number of downstreams: 1
1: GigabitEthernet0/0/0
Protocol: pim-sm, UpTime: 00:00:12, Expires: -

In this case, the upstream interface of R4 is still GE0/0/3, and the path of the (S, G) entry
to the multicast source is still by way of the RP, indicating that no RPT-to-SPT switchover
is performed.

Step 6 Deploy PIM-SSM.

Change the IGMP version on R4's GE0/0/0 to version 3 and configure GE0/0/0 to join SSM
group 232.0.0.12 in static mode.
# Modify the configurations of GE0/0/0.

[R4]interface GigabitEthernet0/0/0
[R4-GigabitEthernet0/0/0] igmp version 3
[R4-GigabitEthernet0/0/0] igmp static-group 232.0.0.12 source 10.0.1.1

By default, the address range of multicast groups in an SSM group policy is 232.0.0.0/8. If
the address of the multicast group that an interface joins in static mode is not in this
range, PIM-SSM entries cannot be generated.
# Check the PIM routing table of R4.

<R4>display pim routing-table


VPN-Instance: public net
Total 1 (*, G) entry; 1 (S, G) entry
...
...
HCIP-Datacom-Core Technology Lab Guide Page 205

(10.0.1.1, 232.0.0.12)
Protocol: pim-ssm, Flag: SG_RCVR
UpTime: 00:01:58
Upstream interface: GigabitEthernet0/0/1
Upstream neighbor: 10.0.24.2
RPF prime neighbor: 10.0.24.2
Downstream interface(s) information:
Total number of downstreams: 1
1: GigabitEthernet0/0/0
Protocol: static, UpTime: 00:01:58, Expires: -

The command output on R4 shows that no traffic is triggered, an (S, G) entry is


generated, the protocol is PIM-SSM, and the upstream device is R2.
# Check the PIM routing table of R2.

<R2>display pim routing-table


VPN-Instance: public net
Total 0 (*, G) entry; 2 (S, G) entries

...
...

(10.0.1.1, 232.0.0.12)
Protocol: pim-ssm, Flag:
UpTime: 00:03:30
Upstream interface: GigabitEthernet0/0/3
Upstream neighbor: 10.0.12.1
RPF prime neighbor: 10.0.12.1
Downstream interface(s) information:
Total number of downstreams: 1
1: GigabitEthernet0/0/1
Protocol: pim-ssm, UpTime: 00:03:30, Expires: 00:03:00

The protocol is PIM-SSM, and the upstream device is R1.


----End

6.2.3 Quiz
What are the advantages of PIM-SM over PIM-DM?

6.2.4 Configuration Reference


Configuration on R1

#
sysname R1
#
multicast routing-enable
#
interface GigabitEthernet0/0/2
ip address 10.0.12.1 255.255.255.0
pim sm
#
interface LoopBack0
HCIP-Datacom-Core Technology Lab Guide Page 206

ip address 10.0.1.1 255.255.255.255


pim sm
#
ospf 1 router-id 10.0.1.1
area 0.0.0.0
network 10.0.1.1 0.0.0.0
network 10.0.12.1 0.0.0.0
#
return

Configuration on R2

#
sysname R2
#
multicast routing-enable
#
interface GigabitEthernet0/0/1
ip address 10.0.24.2 255.255.255.0
pim sm
#
interface GigabitEthernet0/0/2
ip address 10.0.23.2 255.255.255.0
pim sm
#
interface GigabitEthernet0/0/3
ip address 10.0.12.2 255.255.255.0
pim sm
#
interface LoopBack0
ip address 10.0.2.2 255.255.255.255
pim sm
#
ospf 1 router-id 10.0.2.2
area 0.0.0.0
network 10.0.2.2 0.0.0.0
network 10.0.12.2 0.0.0.0
network 10.0.23.2 0.0.0.0
network 10.0.24.2 0.0.0.0
#
pim
c-bsr priority 100
c-bsr LoopBack0
#
return

Configuration on R3

#
sysname R3
#
HCIP-Datacom-Core Technology Lab Guide Page 207

multicast routing-enable
#
acl number 2000
rule 1 permit source 239.0.0.12 0
#
interface GigabitEthernet0/0/2
ip address 10.0.34.3 255.255.255.0
pim sm
#
interface GigabitEthernet0/0/3
ip address 10.0.23.3 255.255.255.0
pim sm
#
interface LoopBack0
ip address 10.0.3.3 255.255.255.255
pim sm
#
ospf 1 router-id 10.0.3.3
area 0.0.0.0
network 10.0.3.3 0.0.0.0
network 10.0.23.3 0.0.0.0
network 10.0.34.3 0.0.0.0
#
pim
c-rp LoopBack0 group-policy 2000 priority 100
#
return

Configuration on R4

#
sysname R4
#
multicast routing-enable
#
interface GigabitEthernet0/0/0
ip address 192.168.1.1 255.255.255.0
pim sm
igmp enable
igmp version 3
igmp static-group 239.0.0.12
igmp static-group 232.0.0.12 source 10.0.1.1
#
interface GigabitEthernet0/0/1
ip address 10.0.24.4 255.255.255.0
pim sm
#
interface GigabitEthernet0/0/3
ip address 10.0.34.4 255.255.255.0
pim sm
#
interface LoopBack0
ip address 10.0.4.4 255.255.255.255
#
HCIP-Datacom-Core Technology Lab Guide Page 208

ospf 1 router-id 10.0.4.4


area 0.0.0.0
network 10.0.4.4 0.0.0.0
network 10.0.24.4 0.0.0.0
network 10.0.34.4 0.0.0.0
#
pim
spt-switch-threshold infinity
#
Return
HCIP-Datacom-Core Technology Lab Guide Page 209

7 Firewall Technology

7.1 Firewall Security Policy


7.1.1 Introduction
7.1.1.1 Objectives
Upon completion of this task, you will be able to:
⚫ Understand how a security policy works
⚫ Learn how to configure a security policy on the firewall using the CLI
⚫ Observe server mapping entries to understand how NAT ALG works

7.1.1.2 Networking Topology


Figure 7-1 Firewall security policy

The preceding figure shows how the devices are connected and their IP address planning.
Routers R1 and R2 communicate with the firewall FW1 at Layer 3 through switch S1. On
S1, its interfaces (GE0/0/1 and GE0/0/2) connected to R1 and R2 are assigned to VLAN 10
and VLAN 20 respectively, and the interfaces (GE0/0/14 and GE0/0/15) connected to FW1
are assigned to VLAN 10 and VLAN 20 respectively.
R1 belongs to the Demilitarized Zone (DMZ), and R2 to the untrusted zone. Configure
source NAT on FW1 so that R1 can access the untrusted zone through GE0/0/2 of FW1.
Configure NAT Server on FW1, enabling R2 to access the FTP service enabled on R1
through GE0/0/2 of FW1.
In addition, configure security policies on FW1 to restrict the access between R1 and R2
as follows: R1 in the DMZ can access the untrusted zone, but R2 in the untrusted zone
can only access the FTP service on R1 in the DMZ.
HCIP-Datacom-Core Technology Lab Guide Page 210

7.1.1.3 Background
To protect enterprise network security, you (the enterprise network administrator) decide
to deploy a firewall at the border of the enterprise network to prevent external users
from proactively accessing the internal network. In addition, as an egress device, the
firewall needs to be configured with source NAT (for internal users to access the Internet)
and NAT Server (mapping intranet servers to the public network).
The FTP service is provided for external access. FTP is a multi-channel protocol, which
requires NAT ALG in addition to security policies to ensure normal communication after
NAT is performed on the firewall.

7.1.2 Lab Configuration


7.1.2.1 Configuration Roadmap
1. Complete basic device configurations for connectivity.
2. Add interfaces to security zones and configure a security policy to allow access from
the local zone to the external zones.
3. Configure source NAT and NAT Server.
4. Configure a security policy to restrict the access between the untrusted zone and
DMZ.
5. Check the session entries generated for the access traffic between the untrusted zone
and DMZ on FW1.
6. Enable the FTP service on R1. Simulate FTP service access on R1 from R2, and run the
dir command to transmit data through the FTP data channel. Then check the server
mapping entries on FW1.

7.1.2.2 Configuration Procedure


Step 1 Complete basic device configurations for connectivity.

Configure IP addresses for interconnected interfaces, configure VLANs on S1, and


configure default routes on R1 and FW1.
# Name the devices.
The configuration details are not provided.
# Disable the interfaces that are not used in this experiment.
The configuration details are not provided.
# Perform basic configurations on S1.

[S1]vlan 10
[S1-vlan10] description DMZ
[S1-vlan10] quit
[S1]interface GigabitEthernet0/0/1
[S1-GigabitEthernet0/0/1] port link-type access
[S1-GigabitEthernet0/0/1] port default vlan 10
[S1-GigabitEthernet0/0/1] quit
[S1]interface GigabitEthernet0/0/14
[S1-GigabitEthernet0/0/14] port link-type access
[S1-GigabitEthernet0/0/14] port default vlan 10
HCIP-Datacom-Core Technology Lab Guide Page 211

[S1-GigabitEthernet0/0/14] quit

[S1]vlan 20
[S1-vlan20] description Untrust
[S1-vlan20] quit
[S1]interface GigabitEthernet0/0/2
[S1-GigabitEthernet0/0/2] port link-type access
[S1-GigabitEthernet0/0/2] port default vlan 20
[S1-GigabitEthernet0/0/2] quit
[S1]interface GigabitEthernet0/0/15
[S1-GigabitEthernet0/0/15] port link-type access
[S1-GigabitEthernet0/0/15] port default vlan 20
[S1-GigabitEthernet0/0/15] quit

# Configure R1.

[R1]interface GigabitEthernet0/0/3
[R1-GigabitEthernet0/0/3] ip address 10.0.11.11 24
[R1-GigabitEthernet0/0/3] quit

[R1]ip route-static 0.0.0.0 0.0.0.0 10.0.11.1

Configure the default route for accessing the Internet.


# Configure R2.

[R2]interface GigabitEthernet0/0/4
[R2-GigabitEthernet0/0/3] ip address 10.0.12.2 255.255.255.0
[R2-GigabitEthernet0/0/3] quit

# Configure login data for FW1.

Login authentication
Username:admin
Password:
The password needs to be changed. Change now? [Y/N]: Y
Please enter old password:
Please enter new password:
Please confirm new password:

By default, login authentication is enabled for the console port of the firewall. The
default user name and password are admin and Admin@123, respectively. After the first
login to the firewall, you need to change the password to ensure subsequent successful
login.
# Configure interface IP addresses and the default route on FW1.

[FW1]interface GigabitEthernet0/0/1
[FW1-GigabitEthernet0/0/1] ip address 10.0.11.1 255.255.255.0
[FW1-GigabitEthernet0/0/1] quit
[FW1]interface GigabitEthernet0/0/2
[FW1-GigabitEthernet0/0/2] ip address 10.0.12.1 255.255.255.0
[FW1-GigabitEthernet0/0/2] quit
[FW1]ip route-static 0.0.0.0 0.0.0.0 10.0.12.2
HCIP-Datacom-Core Technology Lab Guide Page 212

# Configure FW1 interfaces to permit ping packets.

[FW1]interface GigabitEthernet0/0/1
[FW1-GigabitEthernet0/0/1] service-manage ping permit
[FW1-GigabitEthernet0/0/1] quit
[FW1]interface GigabitEthernet0/0/2
[FW1-GigabitEthernet0/0/2] service-manage ping permit
[FW1-GigabitEthernet0/0/2] quit

By default, access control is enabled (using the service-manage command) on firewall


interfaces, which implements security control at the interface layer and determines
whether users can manage or access the firewall through a specific interface (for
example, through ping, SSH, Telnet, or SNMP). GE0/0/0 is the NMS interface of the
device. By default, the service-manage ping permit and service-manage ssh permit
commands are configured on this interface. Therefore, users can manage the firewall
through this interface. For other interfaces, the firewall does not allow users to manage
or access the firewall through these interfaces by default, unless the service-manage
command is manually configured. For example, to allow users to ping GE1/0/1, run the
service-manage ping permit command on GE1/0/1. Similarly, to allow users to access
GE1/0/1 using SSH, run the service-manage ssh permit command.

Step 2 Configure a security policy for access from the local zone to other zones.

Add interfaces to security zones and create a security policy named local_to.
1. Do not restrict source and destination IP addresses.
2. Do not restrict the destination security zone.
3. Do not restrict services.
4. Set the source security zone to local.
5. Set the action to permit.
# Add interfaces to security zones.

[FW1]firewall zone dmz


[FW1-zone-dmz] description DMZ
[FW1-zone-dmz] add interface GigabitEthernet0/0/1
[FW1-zone-dmz] quit
[FW1]firewall zone untrust
[FW1-zone-untrust] description Untrust
[FW1-zone-untrust] add interface GigabitEthernet0/0/2
[FW1-zone-untrust] quit

# Create a security policy named local_to.

[FW1]security-policy
[FW1-policy-security] rule name local_to
[FW1-policy-security-rule-local_to] source-zone local
[FW1-policy-security-rule-local_to] action permit

Since the source IP address, destination IP address, destination security zone, and services
are not restricted, retain the default setting any for these parameters.
HCIP-Datacom-Core Technology Lab Guide Page 213

# Test the connectivity between FW1 and R1 interface IP addresses and between FW1
and R2 interface IP addresses.

<FW1>ping -c 1 10.0.11.11
PING 10.0.11.11: 56 data bytes, press CTRL_C to break
Reply from 10.0.11.11: bytes=56 Sequence=1 ttl=255 time=40 ms

--- 10.0.11.11 ping statistics ---


1 packet(s) transmitted
1 packet(s) received
0.00% packet loss
round-trip min/avg/max = 40/40/40 ms

<FW1>ping -c 1 10.0.12.2
PING 10.0.12.2: 56 data bytes, press CTRL_C to break
Reply from 10.0.12.2: bytes=56 Sequence=1 ttl=255 time=27 ms

--- 10.0.12.2 ping statistics ---


1 packet(s) transmitted
1 packet(s) received
0.00% packet loss
round-trip min/avg/max = 27/27/27 ms

Step 3 Configure source NAT and NAT Server.

Configure NAPT for intranet users (R1) to access the Internet and configure NAT Server
to map the FTP service of R1 to the public network.
# Configure a NAT address pool and enable port address translation for reuse of public
addresses.

[FW1]nat address-group 1
[FW1-address-group-1] mode pat
[FW1-address-group-1] section 0 10.0.12.1 10.0.12.1
[FW1-address-group-1] quit

# Configure a source NAT policy to enable source address translation for intranet users on
a specified network segment when they access the Internet.

[FW1]nat-policy
[FW1-policy-nat] rule name 1
[FW1-policy-nat-rule-1] source-zone dmz
[FW1-policy-nat-rule-1] destination-zone untrust
[FW1-policy-nat-rule-1] source-address 10.0.11.0 24
[FW1-policy-nat-rule-1] action source-nat address-group 1
[FW1-policy-nat-rule-1] quit

# Configure NAT Server and create a static mapping to map the FTP service of R1.

[FW1]nat server policy_ftp protocol tcp global 10.0.12.1 ftp inside 10.0.11.11 ftp

# Enable NAT ALG for FTP.

[FW1]firewall zone dmz


[FW1-zone-dmz] detect ftp
HCIP-Datacom-Core Technology Lab Guide Page 214

[FW1-zone-dmz] quit
[FW1]firewall interzone dmz untrust
[FW1-interzone-dmz-untrust] detect ftp
[FW1-interzone-dmz-untrust] quit

Step 4 Configure security policies for the DMZ-untrusted interzone.

Configure a security policy named DMZtoUntrust, limit the source address to


10.0.11.0/24, and set the action to permit. Configure a security policy named
Untrust_DMZ to allow R2 to access only the FTP service provided by R1.
#Create a security policy named DMZtoUntrust.

[FW1]security-policy
[FW1-policy-security] rule name DMZtoUntrust
[FW1-policy-security-rule-DMZtoUntrust] source-zone dmz
[FW1-policy-security-rule-DMZtoUntrust] destination-zone untrust
[FW1-policy-security-rule-DMZtoUntrust] source-address 10.0.11.0 24
[FW1-policy-security-rule-DMZtoUntrust] action permit

# Create a security policy named Untrust_DMZ.

[FW1]security-policy
[FW1-policy-security-rule] rule name Untrust_DMZ
[FW1-policy-security-rule-Untrust_DMZ] source-zone untrust
[FW1-policy-security-rule-Untrust_DMZ] destination-zone dmz
[FW1-policy-security-rule-Untrust_DMZ] destination-address 10.0.11.11 24
[FW1-policy-security-rule-Untrust_DMZ] service ftp
[FW1-policy-security-rule-Untrust_DMZ] action permit

Note that the destination IP address is the mapped internal address. The security policy
processes a packet after NAT Server changes the destination IP address of the packet.

Step 5 Check sessions on FW1.

Ping R2 from R1 and check detailed session information on FW1.


# Test the access from R1 to R2.

<R1>ping -c 100 10.0.12.2


PING 10.0.12.2: 56 data bytes, press CTRL_C to break
Reply from 10.0.12.2: bytes=56 Sequence=1 ttl=254 time=60 ms
Reply from 10.0.12.2: bytes=56 Sequence=2 ttl=254 time=60 ms

R1 can access R2 through FW1. In this case, you can view detailed information about the
related session on FW1.
# Check sessions on FW1.

<FW1>display firewall session table verbose destination global 10.0.12.2


2020-07-01 10:00:22.100
Current Total Sessions : 1
icmp VPN: public --> public ID: c487f0653c0805017ce5efc5e84
Zone: dmz --> untrust TTL: 00:00:20 Left: 00:00:20
Recv Interface: GigabitEthernet0/0/1
Interface: GigabitEthernet0/0/2 NextHop: 10.0.12.2 MAC: 5489-98c8-4a33
HCIP-Datacom-Core Technology Lab Guide Page 215

<--packets: 80 bytes: 6,720 --> packets: 80 bytes: 6,720


10.0.11.11:52651[10.0.12.1:2048] --> 10.0.12.2:2048 PolicyName: DMZtoUntrust

View details about the session with the destination global IP address of 10.0.12.2. In the
command output, you can view the direction of the session regarding the security zone,
which is from DMZ to the untrusted zone; the aging time (TTL) of the session is 20s, the
interface that receives packets is GigabitEthernet0/0/1, and the interface that sends
packets is GigabitEthernet0/0/2. There are a total of 100 packets that match the session,
and the total size of the packets is 8400 bytes. The name of the security policy matching
the session is DMZtoUntrust.
According to the session, we can learn that the source IP address of the packets is
translated from 10.0.11.11 to 10.0.12.1 (IP address of GE0/0/2 on FW1).

Step 6 Observe the working process of NAT ALG.

Enable the FTP service on R1. Use R2 that serves as the FTP client to access the FTP
service of R1 through the IP address mapped by FW1, and run the dir command to view
the file list. Check how ASPF of FW1 processes multi-channel protocols.
# Enable the FTP service on R1.

[R1]aaa
[R1-aaa] local-user ftp service-type ftp
[R1-aaa] local-user ftp password cipher ftp@123
[R1-aaa] local-user ftp privilege level 15
[R1-aaa] local-user ftp ftp-directory flash:
[R1-aaa] quit
[R1] ftp server enable

# Have R2 access the FTP service enabled on R1 through the address mapped by FW1.

<R2>ftp 10.0.12.1
Trying 10.0.12.1 ...
Press CTRL+K to abort
Connected to 10.0.12.1.
220 FTP service ready.
User(10.0.12.1:(none)):ftp
331 Password required for ftp.
Enter password:
230 User logged in.

R2 can access the FTP service enabled on R1 through NAT Server mapping of FW1.
# Check the session table on FW1.

<FW1>display firewall session table verbose protocol tcp destination-port global


21
2020-07-01 10:08:32.300
Current Total Sessions : 1
ftp VPN: public --> public ID: c487f0653c081382bee5efc6046
Zone: untrust --> dmz TTL: 00:20:00 Left: 00:19:54
Recv Interface: GigabitEthernet1/0/2
Interface: GigabitEthernet1/0/1 NextHop: 10.0.11.11 MAC: 5489-98d9-4e30
<--packets: 11 bytes: 558 --> packets: 14 bytes: 598
10.0.12.2:64505 +-> 10.0.12.1:21[10.0.11.11:21] PolicyName: Untrust_DMZ
HCIP-Datacom-Core Technology Lab Guide Page 216

TCP State: established

The command output shows that the FTP control channel has been established.
# Run the dir command on R2.

[ftp]dir
200 Port command okay.
150 Opening ASCII mode data connection for *.
drwxrwxrwx 1noone nogroup 0 Aug 07 2015 src
drwxrwxrwx 1noone nogroup 0 Jun 07 16:46 pmdata
drwxrwxrwx 1noone nogroup 0 Jun 07 16:46 dhcp
-rwxrwxrwx 1noone nogroup 603 Jun 07 18:12 private-data.txt
drwxrwxrwx 1noone nogroup 0 Jun 07 17:01 mplstpoam
-rwxrwxrwx 1noone nogroup 482 Jun 07 17:51 vrpcfg.zip
226 Transfer complete.

The file list of R1 is displayed. In this case, the FTP transmission channel is used.
# Check the session table on FW1 again.

<FW1>display firewall session table


2020-07-01 10:14:10.310
Current Total Sessions : 1
ftp VPN: public --> public 10.0.12.2:64505 +-> 10.0.12.1:21[10.0.11.11:21]

Only the FTP control channel session exists, and no transmission channel session exists.
# Check the server mapping entries generated by NAT ALG.

<FW1>display firewall server-map


2020-07-01 10:15:24.830
Current Total Server-map : 2
Type: Nat Server, ANY -> 10.0.12.1:21[10.0.11.11:21], Zone:---, protocol:tcp
Vpn : public -> public
Type: Nat Server Reverse, 10.0.11.11[10.0.12.1] -> ANY, Zone:---, protocol:tcp
Vpn : public -> public, counter: 1

The server mapping entry of the FTP data channel is generated on FW1.
Note that you need to run the dir command on R2 to trigger traffic on the transmission
channel before checking the server mapping entry.
----End

7.1.3 Quiz
What is the purpose of permitting traffic from the local zone to other zones on the
firewall?

7.1.4 Configuration Reference


Configuration on R1

#
sysname R1
HCIP-Datacom-Core Technology Lab Guide Page 217

#
FTP server enable
#
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user ftp password cipher iA7kS$rR@T=H)H2[EInBK@O#
local-user ftp privilege level 15
local-user ftp ftp-directory flash:
local-user ftp service-type ftp
local-user admin password cipher BJB3#A}[;JZypQCee$t3@bJ#
local-user admin service-type http
#
interface GigabitEthernet0/0/3
ip address 10.0.11.11 255.255.255.0
#
ip route-static 0.0.0.0 0.0.0.0 10.0.11.1
#
return

Configuration on R2

#
sysname R2
#
interface GigabitEthernet0/0/4
ip address 10.0.12.2 255.255.255.0
#
return

Configuration on S1

#
sysname S1
#
vlan batch 10 20
#
vlan 10
description DMZ
vlan 20
description Untrust
#
interface GigabitEthernet0/0/1
port link-type access
port default vlan 10
#
interface GigabitEthernet0/0/2
port link-type access
port default vlan 20
#
interface GigabitEthernet0/0/14
port link-type access
HCIP-Datacom-Core Technology Lab Guide Page 218

port default vlan 10


#
interface GigabitEthernet0/0/15
port link-type access
port default vlan 20
#
return

Configuration on FW1

#
sysname FW1
#
interface GigabitEthernet0/0/1
undo shutdown
ip address 10.0.11.1 255.255.255.0
service-manage ping permit
#
interface GigabitEthernet0/0/2
undo shutdown
ip address 10.0.12.1 255.255.255.0
service-manage ping permit
#
firewall zone local
set priority 100
#
firewall zone untrust
description Untrust
set priority 5
add interface GigabitEthernet0/0/2
#
firewall zone dmz
description DMZ
set priority 50
add interface GigabitEthernet0/0/1
detect ftp
#
firewall interzone dmz untrust
detect ftp
#
ip route-static 0.0.0.0 0.0.0.0 10.0.12.2
#
nat server policy_ftp protocol tcp global 10.0.12.1 ftp inside 10.0.11.11 ftp
#
nat address-group 1 0
mode pat
route enable
section 0 10.0.12.1 10.0.12.1
#
security-policy
rule name local_to
source-zone local
action permit
rule name DMZtoUntrust
source-zone dmz
HCIP-Datacom-Core Technology Lab Guide Page 219

destination-zone untrust
source-address 10.0.11.0 mask 255.255.255.0
action permit
rule name Untrust_DMZ
source-zone untrust
destination-zone dmz
destination-address 10.0.11.11 mask 255.255.255.255
service ftp
action permit
#
nat-policy
rule name 1
source-zone dmz
destination-zone untrust
source-address 10.0.11.0 mask 255.255.255.0
action source-nat address-group 1
#
Return
HCIP-Datacom-Core Technology Lab Guide Page 220

8 VRRP

8.1 Basic VRRP Configurations


8.1.1 Introduction
8.1.1.1 Objectives
Upon completion of this task, you will be able to:
⚫ Deploy VRRP.
⚫ Implement collaboration between VRRP and MSTP.
⚫ Configure association between BFD and VRRP.

8.1.1.2 Networking Topology


Figure 8-1 Basic VRRP configurations

Devices are connected as shown in the figure. VLAN 10 and VLAN 20 exist on the
network, each with a VRRP group configured. The IDs of the VLANs are used as the VRIDs
for their respective VRRP groups. S1 is configured as the master of the VRRP group in
VLAN 10, and S2 as the master of the VRRP group in VLAN 20.
In addition, MSTP is deployed on S1, S2, and S3, and instances 1 and 2 are created. VLAN
10 is mapped to MSTI1, and VLAN 20 is mapped to MSTI2. S1 is configured as the
primary root bridge of MSTI1 and the secondary root bridge of MSTI2. S2 is configured as
the secondary root bridge of MSTI1 and the primary root bridge of MSTI2.
The IP address of each VLANIF interface is 10.0.x.y/24, where x indicates the VRID and y
indicates the device ID. The virtual IP address is set to 10.0.x.254/24.

8.1.1.3 Background
To implement gateway redundancy, you as the network administrator need to deploy
VRRP on two aggregation switches. To balance user-to-network traffic of terminal users,
HCIP-Datacom-Core Technology Lab Guide Page 221

you need to deploy a VRRP group in each VLAN. To prevent loops, MSTP is deployed on
the switching network and works with VRRP to implement load balancing.

8.1.2 Lab Configuration


8.1.2.1 Configuration Roadmap
1. Create VLANs and configure MSTP on all switches. Manually specify S1 as the
primary root bridge of MSTI1 and the secondary root bridge of MSTI2, and specify S2
as the secondary root bridge of MSTI1 and the primary root bridge of MSTI2.
2. Create VLANIF 10 and VLANIF 20 and deploy VRRP groups 10 and 20 on both S1 and
S2. Manually adjust VRRP priorities so that S1 functions as the master in VRRP group
10 and S2 functions as the master in VRRP group 20.
3. Deploy single-hop BFD to detect the connectivity between VLANIF interfaces on S1
and S2. Associate BFD with VRRP to implement fast master/backup VRRP
switchovers.

8.1.2.2 Configuration Procedure


Step 1 Perform basic MSTP configurations.

Create VLANs 10 and 20 on all switches. Configure an MSTP region named hcip, and
create two instances Instance 1 and Instance 2. Map VLAN 10 to Instance 1 and VLAN
20 to Instance 2. Plan S1 as the primary root bridge of MSTI1 and secondary root bridge
of MSTI2; plan S2 as the primary root bridge of MSTI2 and the secondary root bridge of
MSTI1.
# Name the devices.
The configuration details are not provided.
# Disable the interfaces that are not used in this experiment.
The configuration details are not provided.
# Create VLANs.

[S1]vlan batch 10 20

[S2]vlan batch 10 20

[S3]vlan batch 10 20

[S4]vlan batch 10 20

# Configure all interconnection interfaces as trunk interfaces and allow packets from the
corresponding VLANs to pass through.
The configuration details are not provided.
# Change the working mode from STP to MSTP.

[S1]stp mode mstp

[S2]stp mode mstp


HCIP-Datacom-Core Technology Lab Guide Page 222

[S3]stp mode mstp

[S4]stp mode mstp

# Configure MSTP.

[S1]stp region-configuration
[S1-mst-region] region-name hcip
[S1-mst-region] revision-level 1
[S1-mst-region] instance 1 vlan 10
[S1-mst-region] instance 2 vlan 20
[S1-mst-region] active region-configuration
Info: This operation may take a few seconds. Please wait for a moment...done.
[S1-mst-region] quit

[S2]stp region-configuration
[S2-mst-region] region-name hcip
[S2-mst-region] revision-level 1
[S2-mst-region] instance 1 vlan 10
[S2-mst-region] instance 2 vlan 20
[S2-mst-region] active region-configuration
Info: This operation may take a few seconds. Please wait for a moment...done.
[S2-mst-region] quit

[S3]stp region-configuration
[S3-mst-region] region-name hcip
[S3-mst-region] revision-level 1
[S3-mst-region] instance 1 vlan 10
[S3-mst-region] instance 2 vlan 20
[S3-mst-region] active region-configuration
Info: This operation may take a few seconds. Please wait for a moment...done.
[S3-mst-region] quit

[S4]stp region-configuration
[S4-mst-region] region-name hcip
[S4-mst-region] revision-level 1
[S4-mst-region] instance 1 vlan 10
[S4-mst-region] instance 2 vlan 20
[S4-mst-region] active region-configuration
Info: This operation may take a few seconds. Please wait for a moment...done.
[S4-mst-region] quit

# Check the mappings between MSTI instances and VLANs on S1.

[S1]display stp region-configuration


Oper configuration
Format selector :0
Region name :hcip
Revision level :1

Instance VLANs Mapped


0 1 to 9, 11 to 19, 21 to 29, 31 to 39, 41 to 49, 51 to 59, 61 to
69, 71 to 79, 81 to 4094
1 10,
2 20
HCIP-Datacom-Core Technology Lab Guide Page 223

# Configure S1 as the primary root bridge of MSTI1 and the secondary root bridge of
MSTI2.

[S1]stp instance 1 root primary


[S1]stp instance 2 root secondary

# Configure S2 as the primary root bridge of MSTI2 and the secondary root bridge of
MSTI1.

[S2]stp instance 1 root secondary


[S2]stp instance 2 root primary

# Check the status and statistics of MSTI1 on S1.

[S1]display stp instance 1 brief


MSTID Port Role STP State Protection
1 GigabitEthernet0/0/10 DESI FORWARDING NONE
1 GigabitEthernet0/0/11 DESI FORWARDING NONE
1 GigabitEthernet0/0/12 DESI FORWARDING NONE

All interfaces on S1 are designated interfaces, and S1 is the primary root bridge of MSTI1.
# Check the status and statistics of MSTI2 on S2.

[S2]display stp instance 2 brief


MSTID Port Role STP State Protection
2 GigabitEthernet0/0/10 DESI FORWARDING NONE
2 GigabitEthernet0/0/11 DESI FORWARDING NONE
2 GigabitEthernet0/0/13 DESI FORWARDING NONE

All interfaces on S2 are designated interfaces, and S2 is the secondary root bridge of
MSTI1.

Step 2 Perform basic VRRP configurations.

Create VLANIF 10 and VLANIF 20 on both S1 and S2, and add VLANIF 10 to VRRP group
10 and VLANIF 20 to VRRP group 20. Configure VRRP priorities so that S1 in VLAN 10 and
S2 in VLAN 20 both function as the VRRP master.
# Create VLANIF interfaces.

[S1]interface Vlanif10
[S1-Vlanif10] ip address 10.0.10.1 255.255.255.0
[S1-Vlanif10] quit
[S1]interface Vlanif20
[S1-Vlanif20] ip address 10.0.20.1 255.255.255.0
[S1-Vlanif20] quit

[S2]interface Vlanif10
[S2-Vlanif10] ip address 10.0.10.2 255.255.255.0
[S2-Vlanif10] quit
[S2]interface Vlanif20
[S2-Vlanif20] ip address 10.0.20.2 255.255.255.0
[S2-Vlanif20] quit
HCIP-Datacom-Core Technology Lab Guide Page 224

# Configure VRRP groups on S1.

[S1]interface Vlanif 10
[S1-Vlanif10] vrrp vrid 10 virtual-ip 10.0.10.254
[S1-Vlanif10] vrrp vrid 10 priority 120
[S1-Vlanif10] quit
[S1]interface Vlanif 20
[S1-Vlanif20] vrrp vrid 20 virtual-ip 10.0.20.254
[S1-Vlanif20] quit

Set the VRRP priority to 120 for S1 in VLAN 10, and use the default priority 100 for S1 in
VLAN 20.
# Configure VRRP groups on S2.

[S2]interface Vlanif10
[S2-Vlanif10] vrrp vrid 10 virtual-ip 10.0.10.254
[S2-Vlanif10] quit
[S2]interface Vlanif20
[S2-Vlanif20] vrrp vrid 20 virtual-ip 10.0.20.254
[S2-Vlanif20] vrrp vrid 20 priority 120
[S2-Vlanif20] quit

Set the VRRP priority to 120 for S2 in VLAN 20, and use the default priority 100 for S2 in
VLAN 10.
# Check the VRRP status.

<S1>display vrrp brief


VRID State Interface Type Virtual IP
----------------------------------------------------------------
10 Master Vlanif10 Normal 10.0.10.254
20 Backup Vlanif20 Normal 10.0.20.254
----------------------------------------------------------------
Total:2 Master:1 Backup:1 Non-active:0

[S2]display vrrp brief


VRID State Interface Type Virtual IP
----------------------------------------------------------------
10 Backup Vlanif10 Normal 10.0.10.254
20 Master Vlanif20 Normal 10.0.20.254
----------------------------------------------------------------
Total:2 Master:1 Backup:1 Non-active:0

The VRRP status is the same as expected.

Step 3 Configure association between VRRP and BFD to implement rapid master/backup VRRP
switchovers.

Configure single-hop BFD on S1 and S2 to detect the connectivity between VLANIF


interfaces. Associate VRRP with BFD so that the backup device increases its VRRP priority
when the BFD session goes down.
# Create BFD sessions on S1.

[S1]bfd
HCIP-Datacom-Core Technology Lab Guide Page 225

[S1-bfd] quit
[S1]bfd vlanif10 bind peer-ip 10.0.10.2 interface Vlanif10
[S1-bfd-session-vlanif10] discriminator local 1
[S1-bfd-session-vlanif10] discriminator remote 2
[S1-bfd-session-vlanif10] min-tx-interval 100
[S1-bfd-session-vlanif10] min-rx-interval 100
[S1-bfd-session-vlanif10] commit
[S1-bfd-session-vlanif10] quit
[S1]bfd vlanif20 bind peer-ip 10.0.20.2 interface Vlanif20
[S1-bfd-session-vlanif20] discriminator local 11
[S1-bfd-session-vlanif20] discriminator remote 22
[S1-bfd-session-vlanif20] min-tx-interval 100
[S1-bfd-session-vlanif20] min-rx-interval 100
[S1-bfd-session-vlanif20] commit
[S1-bfd-session-vlanif20] quit

# Create BFD sessions on S2.

[S2]bfd
[S2-bfd] quit
[S2]bfd vlanif10 bind peer-ip 10.0.10.1 interface Vlanif10
[S2-bfd-session-vlanif10] discriminator local 2
[S2-bfd-session-vlanif10] discriminator remote 1
[S2-bfd-session-vlanif10] min-tx-interval 100
[S2-bfd-session-vlanif10] min-rx-interval 100
[S2-bfd-session-vlanif10] commit
[S2-bfd-session-vlanif10] quit
[S2]bfd vlanif20 bind peer-ip 10.0.20.1 interface Vlanif20
[S2-bfd-session-vlanif20] discriminator local 22
[S2-bfd-session-vlanif20] discriminator remote 11
[S2-bfd-session-vlanif20] min-tx-interval 100
[S2-bfd-session-vlanif20] min-rx-interval 100
[S2-bfd-session-vlanif20] commit
[S2-bfd-session-vlanif20] quit

# Check the BFD session status.

[S1]display bfd session all


--------------------------------------------------------------------------------
Local Remote PeerIpAddr State Type InterfaceName
--------------------------------------------------------------------------------

1 2 10.0.10.2 Up S_IP_IF Vlanif10


11 22 10.0.20.2 Up S_IP_IF Vlanif20
--------------------------------------------------------------------------------
Total UP/DOWN Session Number : 2/0

[S2]display bfd session all


--------------------------------------------------------------------------------
Local Remote PeerIpAddr State Type InterfaceName
--------------------------------------------------------------------------------

2 1 10.0.10.1 Up S_IP_IF Vlanif10


22 11 10.0.20.1 Up S_IP_IF Vlanif20
--------------------------------------------------------------------------------
HCIP-Datacom-Core Technology Lab Guide Page 226

Total UP/DOWN Session Number : 2/0

The BFD sessions on S1 and S2 are in the Up state.


# Configure association between VRRP and BFD.

[S1]interface Vlanif20
[S1-Vlanif20] vrrp vrid 20 track bfd-session 11 increased 30
[S1-Vlanif20] quit

[S2]interface Vlanif10
[S2-Vlanif10] vrrp vrid 10 track bfd-session 2 increased 30
[S2-Vlanif10] quit

Note that bfd-session-id specifies the local discriminator of a BFD session. You only need
to configure the backup device to track the BFD session. In this way, the backup device
increases its local VRRP priority when the BFD session goes down.
# Shut down all interfaces on S1 to simulate a link fault.

[S1]interface GigabitEthernet0/0/10
[S1-GigabitEthernet0/0/10] shutdown
[S1-GigabitEthernet0/0/10] quit
[S1]interface GigabitEthernet0/0/11
[S1-GigabitEthernet0/0/11] shutdown
[S1-GigabitEthernet0/0/11] quit
[S1]interface GigabitEthernet0/0/12
[S1-GigabitEthernet0/0/12] shutdown
[S1-GigabitEthernet0/0/12] quit

# Check the BFD session status on S2.

<S2>display bfd session all


--------------------------------------------------------------------------------
Local Remote PeerIpAddr State Type InterfaceName
--------------------------------------------------------------------------------

2 1 10.0.10.1 Down S_IP_IF Vlanif10


22 11 10.0.20.1 Down S_IP_IF Vlanif20
--------------------------------------------------------------------------------
Total UP/DOWN Session Number : 0/2

The two BFD sessions immediately enter the Down state.


# Check the VRRP status on S2.

<S2>display vrrp brief


VRID State Interface Type Virtual IP
----------------------------------------------------------------
10 Master Vlanif10 Normal 10.0.10.254
20 Master Vlanif20 Normal 10.0.20.254
----------------------------------------------------------------
Total:2 Master:2 Backup:0 Non-active:0

S2 functions as the master in both VRRP groups 10 and 20.


HCIP-Datacom-Core Technology Lab Guide Page 227

# Check the VRRP status and configuration parameters on S2.

[S2]display vrrp
Vlanif10 | Virtual Router 10
State : Master
Virtual IP : 10.0.10.254
Master IP : 10.0.10.2
PriorityRun : 130
PriorityConfig : 100
MasterPriority : 130
Preempt : YES Delay Time : 0s
TimerRun : 1s
TimerConfig : 1s
Auth type : NONE
Virtual MAC : 0000-5e00-010a
Check TTL : YES
Config type : normal-vrrp
Track BFD : 2 Priority increased : 30
BFD-session state: DOWN
Create time : 2020-06-05 11:01:54 UTC-08:00
Last change time : 2020-06-05 11:31:15 UTC-08:00

Vlanif20 | Virtual Router 20


State : Master
Virtual IP : 10.0.20.254
Master IP : 10.0.20.2
PriorityRun : 120
PriorityConfig : 120
MasterPriority : 120
Preempt : YES Delay Time : 0s
TimerRun : 1s
TimerConfig : 1s
Auth type : NONE
Virtual MAC : 0000-5e00-0114
Check TTL : YES
Config type : normal-vrrp
Create time : 2020-06-05 11:01:54 UTC-08:00
Last change time : 2020-06-05 11:01:55 UTC-08:00

The priority of VRRP group 10 is 130, and the BFD session is in the Down state. The BFD
down event triggers S2 to increase the priority of VRRP group 10 by 30.
----End

8.1.3 Quiz
In what situation does a device send VRRP packets carrying a priority of 255?

8.1.4 Configuration Reference


Configuration on S1

#
sysname S1
#
HCIP-Datacom-Core Technology Lab Guide Page 228

vlan batch 10 20
#
stp instance 1 root primary
stp instance 2 root secondary
#
stp region-configuration
region-name hcip
revision-level 1
instance 1 vlan 10
instance 2 vlan 20
active region-configuration
#
bfd
#
interface Vlanif10
ip address 10.0.10.1 255.255.255.0
vrrp vrid 10 virtual-ip 10.0.10.254
vrrp vrid 10 priority 120
#
interface Vlanif20
ip address 10.0.20.1 255.255.255.0
vrrp vrid 20 virtual-ip 10.0.20.254
vrrp vrid 20 track bfd-session 11 increased 30
#
interface GigabitEthernet0/0/10
shutdown
port link-type trunk
port trunk allow-pass vlan 10 20
#
interface GigabitEthernet0/0/11
shutdown
port link-type trunk
port trunk allow-pass vlan 10 20
#
interface GigabitEthernet0/0/12
shutdown
port link-type trunk
port trunk allow-pass vlan 10 20
#
bfd vlanif10 bind peer-ip 10.0.10.2 interface Vlanif10
discriminator local 1
discriminator remote 2
min-tx-interval 100
min-rx-interval 100
commit
#
bfd vlanif20 bind peer-ip 10.0.20.2 interface Vlanif20
discriminator local 11
discriminator remote 22
min-tx-interval 100
min-rx-interval 100
commit
#
return
HCIP-Datacom-Core Technology Lab Guide Page 229

Configuration on S2

#
sysname S2
#
vlan batch 10 20
#
stp instance 1 root secondary
stp instance 2 root primary
#
stp region-configuration
region-name hcip
revision-level 1
instance 1 vlan 10
instance 2 vlan 20
active region-configuration
#
bfd
#
interface Vlanif10
ip address 10.0.10.2 255.255.255.0
vrrp vrid 10 virtual-ip 10.0.10.254
vrrp vrid 10 track bfd-session 2 increased 30
#
interface Vlanif20
ip address 10.0.20.2 255.255.255.0
vrrp vrid 20 virtual-ip 10.0.20.254
vrrp vrid 20 priority 120
#
interface GigabitEthernet0/0/10
port link-type trunk
port trunk allow-pass vlan 10 20
#
interface GigabitEthernet0/0/11
port link-type trunk
port trunk allow-pass vlan 10 20
#
interface GigabitEthernet0/0/13
port link-type trunk
port trunk allow-pass vlan 10 20
#
bfd vlanif10 bind peer-ip 10.0.10.1 interface Vlanif10
discriminator local 2
discriminator remote 1
min-tx-interval 100
min-rx-interval 100
commit
#
bfd vlanif20 bind peer-ip 10.0.20.1 interface Vlanif20
discriminator local 22
discriminator remote 11
min-tx-interval 100
min-rx-interval 100
commit
#
HCIP-Datacom-Core Technology Lab Guide Page 230

return

Configuration on S3

#
sysname S3
#
vlan batch 10 20
#
stp region-configuration
region-name hcip
revision-level 1
instance 1 vlan 10
instance 2 vlan 20
active region-configuration
#
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 10 20
#
interface GigabitEthernet0/0/2
port link-type trunk
port trunk allow-pass vlan 10 20
#
return
HCIP-Datacom-Core Technology Lab Guide Page 231

9 DHCP

9.1 DHCP Relay Configuration


9.1.1 Introduction
9.1.1.1 Objectives
Upon completion of this task, you will be able to:
⚫ Deploy a DHCP relay agent to enable terminals to dynamically obtain IP addresses.
⚫ Configure DHCP static address binding.
⚫ Analyze the debugging information of a DHCP relay agent.

9.1.1.2 Networking Topology


Figure 9-1 DHCP relay configuration

VLANIF 10, VLANIF 20, and VLANIF 30 are created on S4 to simulate DHCP clients. S3
and S1 function as a DHCP relay agent and DHCP server, respectively. A global address
pool is created on S1 to allocate IP addresses to the three VLANIF interfaces of S4.
The interfaces between S3 and S4 are configured to work in trunk mode to allow VLANs
10, 20, and 30 to pass through; the interfaces between S1 and S3 are configured to work
in access mode. The PVID is set to 40.

9.1.1.3 Background
You are a network administrator of a company. Because there are a large number of
hosts on the network, static address allocation is difficult to manage. Therefore, a DHCP
server needs to be deployed.
The core switch S1 functions as a DHCP server, S4 as a DHCP client, and S3 as the
gateway of each network segment. DHCPDISCOVER messages are broadcast ones and
cannot traverse routers. Therefore, DHCP relay needs to be deployed on S3 to unicast the
messages to S1.
In addition, DHCP is required to allocate fixed IP addresses to special clients, such as
servers and printers.
HCIP-Datacom-Core Technology Lab Guide Page 232

9.1.2 Lab Configuration


9.1.2.1 Configuration Roadmap
1. Create VLANs on each switch, configure interfaces to work in the corresponding
mode, and allow the corresponding VLANs to pass through.
2. Create an address pool on the DHCP server to allocate IP addresses to terminals, and
configure static address allocation.
3. Configure the IP address of the DHCP server on the DHCP relay agent's interface.
4. Enable the DHCP client to obtain an IP address through DHCP.
5. Observe the DHCP packet relay process on the DHCP relay agent through debugging.

9.1.2.2 Configuration Procedure


Step 1 Perform basic configurations.

Create VLANs and VLANIF interfaces on the three switches, and configure interfaces to
allow the corresponding VLANs to pass through. The IP address of the VLANIF interface is
10.0.x.y/24, where x and y indicate the VLAN ID and device number, respectively. IP
addresses do not need to be configured for the VLANIF interfaces on S4.
# Create VLANs.

[S1]vlan 40

[S3]vlan batch 10 20 30 40

[S4]vlan batch 10 20 30

# Configure interfaces to allow the corresponding VLANs to pass through.

[S4]interface GigabitEthernet0/0/3
[S4-GigabitEthernet0/0/3] port link-type trunk
[S4-GigabitEthernet0/0/3] port trunk allow-pass vlan 10 20 30
[S4-GigabitEthernet0/0/3] quit

[S3]interface GigabitEthernet0/0/1
[S3-GigabitEthernet0/0/1] port link-type access
[S3-GigabitEthernet0/0/1] port default vlan 40
[S3-GigabitEthernet0/0/1] quit
[S3]interface GigabitEthernet0/0/3
[S3-GigabitEthernet0/0/3] port link-type trunk
[S3-GigabitEthernet0/0/3] port trunk allow-pass vlan 10 20 30
[S3-GigabitEthernet0/0/3] quit

[S1]interface GigabitEthernet0/0/12
[S1-GigabitEthernet0/0/12] port link-type access
[S1-GigabitEthernet0/0/12] port default vlan 40
[S1-GigabitEthernet0/0/12] quit

# Configure VLANIF interfaces.

[S4]interface Vlanif 10
HCIP-Datacom-Core Technology Lab Guide Page 233

[S4-Vlanif10] quit
[S4]interface Vlanif 20
[S4-Vlanif20] quit
[S4]interface Vlanif 30
[S4-Vlanif30] quit

[S3]interface Vlanif 10
[S3-Vlanif10] ip address 10.0.10.3 24
[S3-Vlanif10] quit
[S3]interface Vlanif 20
[S3-Vlanif20] ip address 10.0.20.3 24
[S3-Vlanif20] quit
[S3]interface Vlanif 30
[S3-Vlanif30] ip address 10.0.30.3 24
[S3-Vlanif30] quit
[S3]interface Vlanif 40
[S3-Vlanif40] ip address 10.0.40.3 24
[S3-Vlanif40] quit

[S1]interface Vlanif 40
[S1-Vlanif40] ip address 10.0.40.1 24
[S1-Vlanif40] quit

# Check the connectivity of VLANIF 40 between S1 and S3.

[S1]ping -c 1 10.0.40.3
PING 10.0.40.3: 56 data bytes, press CTRL_C to break
Reply from 10.0.40.3: bytes=56 Sequence=1 ttl=255 time=60 ms

--- 10.0.40.3 ping statistics ---


1 packet(s) transmitted
1 packet(s) received
0.00% packet loss
round-trip min/avg/max = 60/60/60 ms

The DHCP server and relay agent can communicate with each other.

Step 2 Configure the DHCP server.

Enable the DHCP service, configure a global address pool, and allocate a static IP address
to VLANIF 30 on S4.
# Enable the DHCP service.

[S1]dhcp enable

# Create an IP address pool named vlan10 to allocate an IP address to VLANIF 10 of S4.

[S1]ip pool vlan10


[S1-ip-pool-vlan10] gateway-list 10.0.10.3
[S1-ip-pool-vlan10] network 10.0.10.0 mask 255.255.255.0
[S1-ip-pool-vlan10] dns-list 10.0.10.3
[S1-ip-pool-vlan10] quit

# Create an IP address pool named vlan20 to allocate an IP address to VLANIF 20 of S4.


HCIP-Datacom-Core Technology Lab Guide Page 234

[S1]ip pool vlan20


[S1-ip-pool-vlan20] gateway-list 10.0.20.3
[S1-ip-pool-vlan20] network 10.0.20.0 mask 255.255.255.0
[S1-ip-pool-vlan20] dns-list 10.0.20.3
[S1-ip-pool-vlan20] quit

# Create an IP address pool named vlan30 to allocate an IP address to VLANIF 30 of S4.

[S1]ip pool vlan30


[S1-ip-pool-vlan30] gateway-list 10.0.30.3
[S1-ip-pool-vlan30] network 10.0.30.0 mask 255.255.255.0
[S1-ip-pool-vlan30] dns-list 10.0.30.3
[S1-ip-pool-vlan30] quit

# Check the MAC address of VLANIF 30 on S4.

[S4]display interface Vlanif 30


Vlanif30 current state : UP
Line protocol current state : DOWN
Description:
Route Port,The Maximum Transmit Unit is 1500
Internet protocol processing : disabled
IP Sending Frames' Format is PKTFMT_ETHNT_2, Hardware address is 4c1f-cc49-4c7c
Current system tim3 : 2020-06-05 16:51:20-08:00
Input bandwidth utilization : --
Output bandwidth utilization : --

The actual MAC address is subject to the device in the lab environment.
# On S1, configure static address allocation for VLANIF 30 of S4.

[S1]ip pool vlan30


[S1-ip-pool-vlan30] static-bind ip-address 10.0.30.2 mac-address 4c1f-cc49-4c7c

Allocate the fixed IP address 10.0.30.2 to VLANIF 30 of S4.


# Enable the DHCP server function on VLANIF 40.

[S1]interface Vlanif 40
[S1-Vlanif40] dhcp select global

# Check the IP address pool configurations.

[S1]display ip pool name vlan10


Pool-name : vlan10
Pool-No :0
Lease : 1Days 0Hours 0Minutes
Domain-name : -
DNS-server0 : 10.0.10.3
NBNS-server0 :-
Netbios-type :-
Position : Local Status : Unlocked
Gateway-0 : 10.0.10.3
Mask : 255.255.255.0
VPN instance : --
-----------------------------------------------------------------------------
HCIP-Datacom-Core Technology Lab Guide Page 235

Start End Total Used Idle(Expired) Conflict Disable


-----------------------------------------------------------------------------
10.0.10.1 10.0.10.254 253 0 253(0) 0 0
-----------------------------------------------------------------------------

[S1]display ip pool name vlan20


Pool-name : vlan20
Pool-No :1
Lease : 1Days 0Hours 0Minutes
Domain-name : -
DNS-server0 : 10.0.20.3
NBNS-server0 :-
Netbios-type :-
Position : Local Status : Unlocked
Gateway-0 : 10.0.20.3
Mask : 255.255.255.0
VPN instance : --
-----------------------------------------------------------------------------
Start End Total Used Idle(Expired) Conflict Disable
-----------------------------------------------------------------------------
10.0.20.1 10.0.20.254 253 0 253(0) 0 0
-----------------------------------------------------------------------------

[S1]display ip pool name vlan30


Pool-name : vlan30
Pool-No :2
Lease : 1Days 0Hours 0Minutes
Domain-name : -
DNS-server0 : 10.0.30.3
NBNS-server0 :-
Netbios-type :-
Position : Local Status : Unlocked
Gateway-0 : 10.0.30.3
Mask : 255.255.255.0
VPN instance : --
-----------------------------------------------------------------------------
Start End Total Used Idle(Expired) Conflict Disable
-----------------------------------------------------------------------------
10.0.30.1 10.0.30.254 253 1 252(0) 0 0
-----------------------------------------------------------------------------

The address pool vlan30 already has a used IP address, which is a static one.
# Configure routes to user network segments.

[S1]ip route-static 10.0.10.0 24 10.0.40.3


[S1]ip route-static 10.0.20.0 24 10.0.40.3
[S1]ip route-static 10.0.30.0 24 10.0.40.3

After receiving a DHCP message from the DHCP client, the DHCP relay agent uses the
interface IP address to relay the message to the DHCP server. Therefore, the connectivity
between the interface IP address and DHCP server must be ensured.
# Check the connectivity between the DHCP server and relay interface.

<S1>ping -c 1 10.0.10.3
HCIP-Datacom-Core Technology Lab Guide Page 236

PING 10.0.10.3: 56 data bytes, press CTRL_C to break


Reply from 10.0.10.3: bytes=56 Sequence=1 ttl=255 time=50 ms

--- 10.0.10.3 ping statistics ---


1 packet(s) transmitted
1 packet(s) received
0.00% packet loss
round-trip min/avg/max = 50/50/50 ms

<S1>ping -c 1 10.0.20.3
PING 10.0.20.3: 56 data bytes, press CTRL_C to break
Reply from 10.0.20.3: bytes=56 Sequence=1 ttl=255 time=40 ms

--- 10.0.20.3 ping statistics ---


1 packet(s) transmitted
1 packet(s) received
0.00% packet loss
round-trip min/avg/max = 40/40/40 ms

<S1>ping -c 1 10.0.30.3
PING 10.0.30.3: 56 data bytes, press CTRL_C to break
Reply from 10.0.30.3: bytes=56 Sequence=1 ttl=255 time=30 ms

--- 10.0.30.3 ping statistics ---


1 packet(s) transmitted
1 packet(s) received
0.00% packet loss
round-trip min/avg/max = 30/30/30 ms

Step 3 Configure the DHCP relay agent.

Configure DHCP relay on S3.


# Enable the DHCP service.

[S3]dhcp enable

# Configure DHCP relay on interfaces and specify the DHCP server.

[S3]interface Vlanif10
[S3-Vlanif10] dhcp select relay
[S3-Vlanif10] dhcp relay server-ip 10.0.40.1
[S3-Vlanif10] quit
[S3]interface Vlanif20
[S3-Vlanif20] dhcp select relay
[S3-Vlanif20] dhcp relay server-ip 10.0.40.1
[S3-Vlanif20] quit
[S3]interface Vlanif30
[S3-Vlanif30] dhcp select relay
[S3-Vlanif30] dhcp relay server-ip 10.0.40.1
[S3-Vlanif30] quit

# Verify the DHCP relay configuration.

[S3]display dhcp relay all


DHCP relay agent running information of interface Vlanif10 :
HCIP-Datacom-Core Technology Lab Guide Page 237

Server IP address [01] : 10.0.40.1


Gateway address in use : 10.0.10.3

DHCP relay agent running information of interface Vlanif20 :


Server IP address [01] : 10.0.40.1
Gateway address in use : 10.0.20.3

DHCP relay agent running information of interface Vlanif30 :


Server IP address [01] : 10.0.40.1
Gateway address in use : 10.0.30.3

Step 4 Configure the DHCP client.

Configure VLANIF 10, VLANIF 20, and VLANIF 30 on S4 to obtain IP addresses through
DHCP.
# Enable the DHCP service.

[S4]dhcp enable

# Enable the interfaces to obtain IP addresses through DHCP.

[S4]interface Vlanif10
[S4-Vlanif10] ip address dhcp-alloc
[S4-Vlanif10] quit
[S4]interface Vlanif20
[S4-Vlanif20] ip address dhcp-alloc
[S4-Vlanif20] quit
[S4]interface Vlanif30
[S4-Vlanif30] ip address dhcp-alloc
[S4-Vlanif30] quit

# Check the IP address allocated to each interface.

<S4>display interface Vlanif 10


Vlanif10 current state : UP
Line protocol current state : UP
Last line protocol up time : 2020-06-05 17:37:57 UTC-08:00
Description:
Route Port,The Maximum Transmit Unit is 1500
Internet Address is allocated by DHCP, 10.0.10.254/24

[S4]display interface Vlanif 20


Vlanif20 current state : UP
Line protocol current state : UP
Last line protocol up time : 2020-06-05 17:41:23 UTC-08:00
Description:
Route Port,The Maximum Transmit Unit is 1500
Internet Address is allocated by DHCP, 10.0.20.254/24

[S4]display interface Vlanif 30


Vlanif30 current state : UP
Line protocol current state : UP
Last line protocol up time : 2020-06-05 17:43:22 UTC-08:00
Description:
Route Port,The Maximum Transmit Unit is 1500
HCIP-Datacom-Core Technology Lab Guide Page 238

Internet Address is allocated by DHCP, 10.0.30.2/24

The interfaces have obtained IP addresses through DHCP, and the IP address of VLANIF
30 is the static IP address 10.0.30.2.

Step 5 Observe the DHCP relay process.

Run the debugging dhcp relay info and debugging dhcp relay packet commands on
S3. Disable the DHCP client function on VLANIF 30 of S4, and then enable it again. Check
the debugging information.
# Enable debugging on S3.

<S3>debugging dhcp relay info


<S3>debugging dhcp relay packet
<S3>terminal debugging
Info: Current terminal debugging is on.
<S3>terminal monitor
Info: Current terminal monitor is on.

# Disable the DHCP client function on VLANIF 30 of S4.

[S4]interface Vlanif 30
[S4-Vlanif30] undo ip address dhcp-alloc

# Check the debugging information on S3.

Jun 5 2020 18:41:41.510.1-08:00 S3 DHCP/7/DEBUG:[dhcpr-pkt]:Receives DHCP RELEASE message from interface


Vlanif30.
Jun 5 2020 18:41:41.510.2-08:00 S3 DHCP/7/DEBUG:[dhcpr-info]:srcip:10.0.30.2 dstip:10.0.40.1 vpnid:0
Jun 5 2020 18:41:41.510.3-08:00 S3 DHCP/7/DEBUG:[dhcpr-info]:msgtype:BOOT-REQUEST dhcp msgtype:DHCP
RELEASE bflag:uc chaddr:4c1f-cc49-4c7c ciaddr:10.0.30.2 reqip:0.0.0.0 giaddr:0.0.0.0 serverid:10.0.40.1
Jun 5 2020 18:41:41.510.4-08:00 S3 DHCP/7/DEBUG:[dhcpr-info]:Select 10.0.30.3 as giaddr.
Jun 5 2020 18:41:41.510.5-08:00 S3 DHCP/7/DEBUG:[dhcpr-pkt]:Relay DHCP RELEASE to server 10.0.40.1.

S3 receives a DHCPRELEASE message from VLANIF 30. The source and destination IP
addresses of the message are 10.0.30.2 and 10.0.40.1, respectively, and the value of the
giaddr field is 0.0.0.0. S3 sets the giaddr field in the message to 10.0.30.3 (IP address of
VLANIF 30) and then sends the message to the DHCP server.
# Enable the DHCP client function on VLANIF 30 of S4 again.

[S4]interface Vlanif 30
[S4-Vlanif30] ip address dhcp-alloc

# Check the debugging information on S3.

Jun 5 2020 18:38:42.600.1-08:00 S3 DHCP/7/DEBUG:[dhcpr-pkt]:Receives DHCP DISCOVER message from interface


Vlanif30.
Jun 5 2020 18:38:42.600.2-08:00 S3 DHCP/7/DEBUG:[dhcpr-info]:srcip:0.0.0.0 dstip:255.255.255.255 vpnid:0
Jun 5 2020 18:38:42.600.3-08:00 S3 DHCP/7/DEBUG:[dhcpr-info]:msgtype:BOOT-REQUEST dhcp msgtype:DHCP
DISCOVER bflag:uc chaddr:4c1f-cc49-4c7c ciaddr:0.0.0.0 reqip:0.0.0.0 giaddr:0.0.0.0 serverid:0.0.0.0
Jun 5 2020 18:38:42.600.4-08:00 S3 DHCP/7/DEBUG:[dhcpr-info]:Select 10.0.30.3 as giaddr.
Jun 5 2020 18:38:42.600.5-08:00 S3 DHCP/7/DEBUG:[dhcpr-pkt]:Relay DHCP DISCOVER to server 10.0.40.1.
HCIP-Datacom-Core Technology Lab Guide Page 239

S3 receives a DHCPDISCOVER message from the client. The source and destination IP
addresses of the message are 0.0.0.0 and 255.255.255.255, respectively. After setting the
giaddr field in the message to 10.0.30.3, S3 unicasts the message to the DHCP server at
10.0.40.1. In this case, the source IP address of the message is 10.0.30.3.

Jun 5 2020 18:38:42.610.1-08:00 S3 DHCP/7/DEBUG:[dhcpr-pkt]:Receives DHCP OFFER message from interface


Vlanif40.
Jun 5 2020 18:38:42.610.2-08:00 S3 DHCP/7/DEBUG:[dhcpr-info]:srcip:10.0.40.1 dstip:10.0.30.3 vpnid:0
Jun 5 2020 18:38:42.610.3-08:00 S3 DHCP/7/DEBUG:[dhcpr-info]:msgtype:BOOT-REPLY dhcp msgtype:DHCP OFFER
bflag:uc chaddr:4c1f-cc49-4c7c ciaddr:0.0.0.0 reqip:0.0.0.0 giaddr:10.0.30.3 serverid:10.0.40.1
Jun 5 2020 18:38:42.610.4-08:00 S3 DHCP/7/DEBUG:[dhcpr-pkt]:Unicast DHCP OFFER to client. (Chaddr=4c1f-cc49-
4c7c, Ciaddr=10.0.30.2)

S3 receives a DHCPOFFER message from the DHCP server. The source and destination IP
addresses of the message are 10.0.40.1 and 10.0.30.3, respectively, and the message
carries the DHCP server ID (DHCP Option 54). S3 then unicasts the message to the client.

Jun 5 2020 18:38:42.650.1-08:00 S3 DHCP/7/DEBUG:[dhcpr-pkt]:Receives DHCP REQUEST message from interface


Vlanif30.
Jun 5 2020 18:38:42.650.2-08:00 S3 DHCP/7/DEBUG:[dhcpr-info]:srcip:0.0.0.0 dstip:255.255.255.255 vpnid:0
Jun 5 2020 18:38:42.650.3-08:00 S3 DHCP/7/DEBUG:[dhcpr-info]:msgtype:BOOT-REQUEST dhcp msgtype:DHCP
REQUEST bflag:uc chaddr:4c1f-cc49-4c7c ciaddr:0.0.0.0 reqip:10.0.30.2 giaddr:0.0.0.0 serverid:10.0.40.1
Jun 5 2020 18:38:42.650.4-08:00 S3 DHCP/7/DEBUG:[dhcpr-info]:Select 10.0.30.3 as giaddr.
Jun 5 2020 18:38:42.650.5-08:00 S3 DHCP/7/DEBUG:[dhcpr-pkt]:Relay DHCP REQUEST to server 10.0.40.1.

After receiving a DHCPREQUEST broadcast message from the client, S3 converts the
message into a unicast one and then sends it to the DHCP server.

Jun 5 2020 18:38:42.660.1-08:00 S3 DHCP/7/DEBUG:[dhcpr-pkt]:Receives DHCP ACK message from interface


Vlanif40.
Jun 5 2020 18:38:42.660.2-08:00 S3 DHCP/7/DEBUG:[dhcpr-info]:srcip:10.0.40.1 dstip:10.0.30.3 vpnid:0
Jun 5 2020 18:38:42.660.3-08:00 S3 DHCP/7/DEBUG:[dhcpr-info]:msgtype:BOOT-REPLY dhcp msgtype:DHCP ACK
bflag:uc chaddr:4c1f-cc49-4c7c ciaddr:0.0.0.0 reqip:0.0.0.0 giaddr:10.0.30.3 serverid:10.0.40.1
Jun 5 2020 18:38:42.660.4-08:00 S3 DHCP/7/DEBUG:[dhcpr-pkt]:Unicast DHCP ACK to client. (Chaddr=4c1f-cc49-
4c7c, Ciaddr=10.0.30.2)

After receiving a DHCPACK message with the source IP address 10.0.40.1 and destination
IP address 10.0.30.3 from the DHCP server, S3 unicasts the message to the DHCP client.
----End

9.1.3 Quiz
How does a DHCP server select an address pool after receiving a DHCP message from a
DHCP relay agent?

9.1.4 Configuration Reference


Configuration on S1

#
sysname S1
HCIP-Datacom-Core Technology Lab Guide Page 240

#
vlan batch 40
#
dhcp enable
#
ip pool vlan10
gateway-list 10.0.10.3
network 10.0.10.0 mask 255.255.255.0
dns-list 10.0.10.3
#
ip pool vlan20
gateway-list 10.0.20.3
network 10.0.20.0 mask 255.255.255.0
dns-list 10.0.20.3
#
ip pool vlan30
gateway-list 10.0.30.3
network 10.0.30.0 mask 255.255.255.0
static-bind ip-address 10.0.30.2 mac-address 4c1f-cc49-4c7c
dns-list 10.0.30.3
#
interface Vlanif40
ip address 10.0.40.1 255.255.255.0
dhcp select global
#
interface GigabitEthernet0/0/12
port link-type access
port default vlan 40
#
ip route-static 10.0.10.0 255.255.255.0 10.0.40.3
ip route-static 10.0.20.0 255.255.255.0 10.0.40.3
ip route-static 10.0.30.0 255.255.255.0 10.0.40.3
#
return

Configuration on S3

#
sysname S3
#
vlan batch 10 20 30 40
#
dhcp enable
#
interface Vlanif10
ip address 10.0.10.3 255.255.255.0
dhcp select relay
dhcp relay server-ip 10.0.40.1
#
interface Vlanif20
ip address 10.0.20.3 255.255.255.0
dhcp select relay
dhcp relay server-ip 10.0.40.1
#
HCIP-Datacom-Core Technology Lab Guide Page 241

interface Vlanif30
ip address 10.0.30.3 255.255.255.0
dhcp select relay
dhcp relay server-ip 10.0.40.1
#
interface Vlanif40
ip address 10.0.40.3 255.255.255.0
#
interface GigabitEthernet0/0/1
port link-type access
port default vlan 40
#
interface GigabitEthernet0/0/3
port link-type trunk
port trunk allow-pass vlan 10 20 30
#
user-interface con 0
user-interface vty 0 4
#
return

Configuration on S4

#
sysname S4
#
vlan batch 10 20 30
#
dhcp enable
#
interface Vlanif10
ip address dhcp-alloc
#
interface Vlanif20
ip address dhcp-alloc
#
interface Vlanif30
ip address dhcp-alloc
#
interface GigabitEthernet0/0/3
port link-type trunk
port trunk allow-pass vlan 10 20 30
#
Return
HCIP-Datacom-Core Technology Lab Guide Page 242

10 WLAN

10.1 Inter-AC Roaming on a Large-Scale WLAN


10.1.1 Introduction
10.1.1.1 Objectives
Upon completion of this task, you will be able to:
⚫ Implement inter-AC Layer 3 roaming by configuring a mobility group.
⚫ Describe how to configure APs to go online.
⚫ Know the basic WLAN configuration process.

10.1.1.2 Networking Topology


Figure 10-1 Inter-AC roaming on a large-scale WLAN

The preceding figure shows the device connection mode. AP1 is managed by AC1, and
AP2 is managed by AC2. All APs use the direct forwarding mode.
S4 transparently transmits packets from AP2 at Layer 2. S3 serves as the gateway for APs
and STAs.
S3 is enabled with DHCP to allocate IP addresses to AP1, AP2, and STAs associated with
them. APs obtain ACs' addresses from Option 43 in DHCP packets.

10.1.1.3 Background
To meet the increasing STA access requirements, an enterprise needs to deploy a batch of
APs. As AC1 is managing APs of its maximum specifications, the enterprise purchases a
HCIP-Datacom-Core Technology Lab Guide Page 243

new AC (AC2) to manage the newly deployed APs. In addition, inter-AC roaming is
required to minimize the service interruption time when STAs move between the
coverage areas of APs managed by different ACs.

10.1.1.4 Data Planning

Table 10-1 AC's data planning

Item Configuration

Management VLAN for APs VLANs 10 and 20

Service VLAN for STAs VLANs 11 and 21

DHCP server S3 functions as a DHCP server to allocate IP


addresses to APs and STAs.

IP address pool for APs 10.0.10.0/24 and 10.0.20.0/24

IP address pool for STAs 10.0.11.0/24 and 10.0.21.0/24

AC's source interface address VLANIF 100 (10.0.100.254) and VLANIF 200
(10.0.200.254)

AP group Name: ap-group1 and ap-group2

Referenced profile: VAP profile departX

Regulatory domain profile Name: default

Country code: CN

SSID profile Name: departX

SSID name: roam

Security profile Name: departX

Security policy: WPA-WPA2+PSK+AES

Password: huawei123

VAP profile Name: departX

Forwarding mode: direct forwarding

Service VLANs: VLANs 11 and 21

Referenced profiles: SSID profile departX and


security profile departX

X in departX indicates the AC number, that is, depart1 on AC1 and depart2 on
AC2.
HCIP-Datacom-Core Technology Lab Guide Page 244

10.1.2 Lab Configuration


10.1.2.1 Configuration Roadmap
1. Shut down unnecessary ports and enable the PoE function on switches.
2. Configure wired-side functions so that S3 serves as the gateway for APs and STAs,
and AC1 and AC2 communicate with S3 at Layer 3 through VLANIF interfaces.
3. Configure WLAN services on AC1 and enable AP1 to go online.
4. Configure WLAN services on AC2 and enable AP2 to go online.
5. Configure a mobility group on AC1 and AC2 to implement inter-AC roaming.

10.1.2.2 Configuration Procedure


Step 1 Complete basic device configurations.

# Name the devices.


The configuration details are not provided.
# Shut down unnecessary ports.
The configuration details are not provided.
# Enable the PoE function on S3 and S4 ports connected to APs.

[S3]interface GigabitEthernet 0/0/4


[S3-GigabitEthernet0/0/4] poe enable

[S4]interface GigabitEthernet 0/0/4


[S4-GigabitEthernet0/0/4] poe enable

The poe enable command enables the PoE function on a port. When a port detects a
powered device (PD) connected, the port supplies power to the PD. By default, the PoE
function is enabled on a port. Therefore, this command is unnecessary and is provided for
demonstration purpose only.

Step 2 Configure the wired network.

Configure the wired network of the switches and ACs as planned.


# Create VLANs on S3, S4, AC1, and AC2, and assign ports to the VLANs.

[S3]vlan batch 10 11 20 21 100 200


[S3]interface GigabitEthernet0/0/1
[S3-GigabitEthernet0/0/1] port link-type trunk
[S3-GigabitEthernet0/0/1] port trunk allow-pass vlan 100
[S3-GigabitEthernet0/0/1] quit
[S3]interface GigabitEthernet0/0/2
[S3-GigabitEthernet0/0/2] port link-type trunk
[S3-GigabitEthernet0/0/2] port trunk allow-pass vlan 200
[S3-GigabitEthernet0/0/2] quit
[S3]interface GigabitEthernet0/0/3
[S3-GigabitEthernet0/0/3] port link-type trunk
[S3-GigabitEthernet0/0/3] port trunk allow-pass vlan 20 to 21
[S3-GigabitEthernet0/0/3] quit
[S3]interface GigabitEthernet0/0/4
HCIP-Datacom-Core Technology Lab Guide Page 245

[S3-GigabitEthernet0/0/4] port link-type trunk


[S3-GigabitEthernet0/0/4] port trunk pvid vlan 10
[S3-GigabitEthernet0/0/4] port trunk allow-pass vlan 10 to 11
[S3-GigabitEthernet0/0/4] quit

The PVID of the S3 port connected to AP1 is set to VLAN 10, and packets in the service
VLAN and management VLAN from AP2 are allowed to pass on the S3 port connected to
S4.

[S4]vlan batch 20 21
Info: This operation may take a few seconds. Please wait for a moment...done.
[S4]interface GigabitEthernet0/0/3
[S4-GigabitEthernet0/0/3] port link-type trunk
[S4-GigabitEthernet0/0/3] port trunk allow-pass vlan 20 to 21
[S4-GigabitEthernet0/0/3] quit
[S4]interface GigabitEthernet0/0/4
[S4-GigabitEthernet0/0/4] port link-type trunk
[S4-GigabitEthernet0/0/4] port trunk pvid vlan 20
[S4-GigabitEthernet0/0/4] port trunk allow-pass vlan 20 to 21
[S4-GigabitEthernet0/0/4] quit

The PVID of the S4 port connected to AP2 is set to VLAN 20, and the uplink port of S4 is
configured to transparently transmit packets in VLANs 20 (management VLAN) and 21
(service VLAN).

[AC1]vlan batch 100


[AC1]interface GigabitEthernet0/0/12
[AC1-GigabitEthernet0/0/12] port link-type trunk
[AC1-GigabitEthernet0/0/12] port trunk allow-pass vlan 100
[AC1-GigabitEthernet0/0/12] quit

The interface is configured to allow packets in VLAN 100 to pass through because VLANIF
100 serves as the CAPWAP source interface of AC1.

[AC2]vlan batch 200


[AC2]interface GigabitEthernet0/0/13
[AC2-GigabitEthernet0/0/13] port link-type trunk
[AC2-GigabitEthernet0/0/13] port trunk allow-pass vlan 200
[AC2-GigabitEthernet0/0/13] quit

The interface is configured to allow packets in VLAN 200 to pass through because VLANIF
200 serves as the CAPWAP source interface of AC2.
# Create VLANIF interfaces on S3, AC1, and AC2.

[S3]interface Vlanif10
[S3-Vlanif10] description ap1_mgnt
[S3-Vlanif10] ip address 10.0.10.1 255.255.255.0
[S3-Vlanif10] quit
[S3]interface Vlanif11
[S3-Vlanif11] description ap1_service
[S3-Vlanif11] ip address 10.0.11.1 255.255.255.0
[S3-Vlanif11] quit
[S3]interface Vlanif20
HCIP-Datacom-Core Technology Lab Guide Page 246

[S3-Vlanif20] description ap2_mgnt


[S3-Vlanif20] ip address 10.0.20.1 255.255.255.0
[S3-Vlanif20] quit
[S3]interface Vlanif21
[S3-Vlanif21] description ap2_service
[S3-Vlanif21] ip address 10.0.21.1 255.255.255.0
[S3-Vlanif21] quit
[S3]interface Vlanif100
[S3-Vlanif100] description to_AC1
[S3-Vlanif100] ip address 10.0.100.1 255.255.255.0
[S3-Vlanif100] quit
[S3]interface Vlanif200
[S3-Vlanif200] description to_AC2
[S3-Vlanif200] ip address 10.0.200.1 255.255.255.0
[S3-Vlanif200] quit

On S3, VLANIF 10 and VLANIF 20 are configured as the management VLAN gateways of
AP1 and AP2, respectively; VLANIF 11 and VLANIF 21 are configured as the service VLAN
gateways of STAs connected to AP1 and AP2, respectively; and VLANIF 100 and VLANIF
200 are used for Layer 3 communication with AC1 and AC2, respectively.

[AC1]interface Vlanif100
[AC1-Vlanif100] description to_S3_CAPWAP
[AC1-Vlanif100] ip address 10.0.100.254 255.255.255.0
[AC1-Vlanif100] quit

VLANIF 100 is configured as the CAPWAP source interface of AC1.

[AC2]interface Vlanif200
[AC2-Vlanif200] description to_S3_CAPWAP
[AC2-Vlanif200] ip address 10.0.200.254 255.255.255.0
[AC2-Vlanif200] quit

VLANIF 200 is configured as the CAPWAP source interface of AC2.


# Configure routes to the AP management network segments on AC1 and AC2.

[AC1]ip route-static 10.0.10.0 255.255.255.0 10.0.100.1

[AC2]ip route-static 10.0.20.0 255.255.255.0 10.0.200.1

Static routes to the AP management network segments for communication with APs.
# Configure the DHCP service on S3.

[S3]dhcp enable

The DHCP service is enabled.

[S3]ip pool ap1


[S3-ip-pool-ap1] gateway-list 10.0.10.1
[S3-ip-pool-ap1] network 10.0.10.0 mask 255.255.255.0
[S3-ip-pool-ap1] option 43 sub-option 3 ascii 10.0.100.254
[S3-ip-pool-ap1] quit
[S3]ip pool ap2
HCIP-Datacom-Core Technology Lab Guide Page 247

[S3-ip-pool-ap2] gateway-list 10.0.20.1


[S3-ip-pool-ap2] network 10.0.20.0 mask 255.255.255.0
[S3-ip-pool-ap2] option 43 sub-option 3 ascii 10.0.200.254
[S3-ip-pool-ap2] quit
[S3]ip pool service_a
[S3-ip-pool-service_a] gateway-list 10.0.11.1
[S3-ip-pool-service_a] network 10.0.11.0 mask 255.255.255.0
[S3-ip-pool-service_a] dns-list 10.0.11.1
[S3-ip-pool-service_a] quit
[S3]ip pool service_b
[S3-ip-pool-service_b] gateway-list 10.0.21.1
[S3-ip-pool-service_b] network 10.0.21.0 mask 255.255.255.0
[S3-ip-pool-service_b] dns-list 10.0.21.1
[S3-ip-pool-service_b] quit

The address pools ap1 and ap2 are configured to allocate IP addresses to APs and carry
Option 43 specifying the AC's IP address in DHCP packets. The address pools service_a
and service_b are configured to allocate IP addresses to STAs on AP1 and AP2,
respectively. The gateways for all address pools are set to the addresses of VLANIF
interfaces on S3.

[S3]interface Vlanif10
[S3-Vlanif10] dhcp select global
[S3-Vlanif10] quit
[S3]interface Vlanif11
[S3-Vlanif11] dhcp select global
[S3-Vlanif11] quit
[S3]interface Vlanif20
[S3-Vlanif20] dhcp select global
[S3-Vlanif20] quit
[S3]interface Vlanif21
[S3-Vlanif21] dhcp select global
[S3-Vlanif21] quit

The global address pool is selected on the VLANIF interfaces.

Step 3 Configure AC1.

On AC1, specify VLANIF 100 as the CAPWAP source interface, create the AP group
depart1, configure MAC address authentication for APs, name the AP ap1, add it to the
AP group depart1, associate parameter profiles with the VAP profile depart1, and bind
the VAP profile to the AP group depart1.
# Specify the CAPWAP source interface.

[AC1]capwap source interface vlanif100

# Create an AP group named depart1.

[AC1]wlan
[AC1-wlan-view] ap-group name depart1
[AC1-wlan-ap-group-depart1] quit

# Create a regulatory domain profile and configure the AC's country code in the profile.
HCIP-Datacom-Core Technology Lab Guide Page 248

[AC1]wlan
[AC1-wlan-view] regulatory-domain-profile name default
[AC1-wlan-regulate-domain-default] country-code cn
Info: The current country code is same with the input country code.
[AC1-wlan-regulate-domain-default] quit

A regulatory domain profile provides configurations of the country code, calibration


channel set, and calibration bandwidth for an AP.
By default, the system provides the regulatory domain profile default. Therefore, the
default regulatory domain profile is displayed.
A country code identifies the country where AP radios work. Different countries require
different AP radio attributes, including the transmit power and supported channels. The
correct country code configuration ensures that radio attributes of APs comply with local
laws and regulations of countries and regions to which the APs are delivered. By default,
the country code CN is configured.
# Bind the regulatory domain profile to the AP group.

[AC1]wlan
[AC1-wlan-view]ap-group name depart1
[AC1-wlan-ap-group- depart1]regulatory-domain-profile default
Warning: Modifying the country code will clear channel, power and antenna gain configurations of the radio and
reset the AP. Continue?[Y/N]:y
[AC1-wlan-ap-group- depart1]quit

In the AP group view, the regulatory-domain-profile command binds a regulatory


domain profile to an AP or AP group. By default, the regulatory domain profile default is
bound to an AP group, but no regulatory domain profile is bound to an AP. In the
regulatory domain profile default, the country code is CN, 2.4G calibration channels
include channels 1, 6, and 11, and 5G calibration channels include channels 149, 153,
157, 161, and 165. Therefore, you can skip this step and the previous step in actual
operations.
# Add an AP.

[AC1]wlan
[AC1-wlan-view] ap auth-mode mac-auth
[AC1-wlan-view] ap-id 0 ap-mac 00e0-fc6e-2890 //Set the AP's MAC address as required in the lab
environment.
[AC1-wlan-ap-0] ap-name ap1
[AC1-wlan-ap-0] ap-group depart1

Three AP authentication modes are supported. By default, MAC address authentication is


used. The AP is added on the AC before it goes online, named ap1, and added to the AP
group depart1.
# Configure parameter profiles.

[AC1]wlan
[AC1-wlan-view] security-profile name depart1
[AC1-wlan-sec-prof-depart1] security wpa2 psk pass-phrase huawei123 aes
[AC1-wlan-sec-prof- depart1] quit
[AC1-wlan-view] ssid-profile name depart1
HCIP-Datacom-Core Technology Lab Guide Page 249

[AC1-wlan-ssid-prof-depart1] ssid roam


[AC1-wlan-ssid-prof-depart1] quit
[AC1-wlan-view] vap-profile name depart1
[AC1-wlan-vap-prof-depart1] forward-mode direct-forward
[AC1-wlan-vap-prof-depart1] service-vlan vlan-id 11
[AC1-wlan-vap-prof-depart1] ssid-profile depart1
[AC1-wlan-vap-prof-depart1] security-profile depart1
[AC1-wlan-vap-prof-depart1] quit
[AC1-wlan-view] ap-group name depart1
[AC1-wlan-ap-group-depart1] vap-profile depart1 wlan 1 radio all
[AC1-wlan-ap-group-depart1] quit

The security profile depart1 is configured, with the authentication mode of WPA2-PSK
and the pre-shared key of huawei123.
The SSID profile depart1 is configured, and the SSID is set to roam.
The VAP profile depart1 is configured, with the direct forwarding mode and the service
VLAN 11, and has the SSID profile depart1 and security profile depart1 bound.
The VAP profile depart1 is bound to the AP group depart1.
# Check the AP online status.

<AC1>display ap all
Info: This operation may take afew seconds. Please wait for amoment.done.
Total AP information:
nor : normal [1]
--------------------------------------------------------------------------------------------
ID MAC Name Group IP Type State STA Uptime
--------------------------------------------------------------------------------------------
0 00e0-fc6e-2890 ap1 depart1 10.0.10.254 AirEngine5760-10 nor 0 50S
--------------------------------------------------------------------------------------------
Total: 1

Wait for a period of time and check the AP online status. If the AP status is nor, the AP
goes online successfully and works properly. The AP has obtained the IP address
10.0.10.254 and has no STA associated.

Step 4 Configure AC2.

On AC2, specify VLANIF 200 as the CAPWAP source interface, create the AP group
depart2, configure MAC address authentication for APs, name the AP ap2, add it to the
AP group depart2, associate parameter profiles with the VAP profile depart2, and bind
the VAP profile to the AP group depart2.
# Specify the CAPWAP source interface.

[AC2]capwap source interface vlanif200

# Create an AP group named depart2.

[AC2]wlan
[AC2-wlan-view] ap-group name depart2
[AC2-wlan-ap-group-depart2] quit

# Create a regulatory domain profile and configure the AC's country code in the profile.
HCIP-Datacom-Core Technology Lab Guide Page 250

[AC2]wlan
[AC2-wlan-view] regulatory-domain-profile name default
[AC2-wlan-regulate-domain-default] country-code cn
Info: The current country code is same with the input country code.
[AC2-wlan-regulate-domain-default] quit

# Bind the regulatory domain profile to the AP group.

[AC2]wlan
[AC2-wlan-view] ap-group name depart2
[AC2-wlan-ap-group- depart2] regulatory-domain-profile default
Warning: Modifying the country code will clear channel, power and antenna gain configurations of the radio and
reset the AP. Continue?[Y/N]:y
[AC2-wlan-ap-group- depart2] quit

# Add an AP.

[AC2]wlan
[AC2-wlan-view] ap auth-mode mac-auth
[AC2-wlan-view] ap-id 0 ap-mac 00e0-fcde-1990 //Set the AP's MAC address as required in the lab
environment.
[AC2-wlan-ap-0] ap-name ap2
[AC2-wlan-ap-0] ap-group depart2

# Configure parameter profiles.

[AC2]wlan
[AC2-wlan-view] security-profile name depart2
[AC2-wlan-sec-prof-depart2] security wpa2 psk pass-phrase huawei123 aes
[AC2-wlan-sec-prof- depart2] quit
[AC2-wlan-view] ssid-profile name depart2
[AC2-wlan-ssid-prof-depart2] ssid roam
[AC2-wlan-ssid-prof-depart2] quit
[AC2-wlan-view] vap-profile name depart2
[AC2-wlan-vap-prof-depart2] forward-mode direct-forward
[AC2-wlan-vap-prof-depart2] service-vlan vlan-id 21
[AC2-wlan-vap-prof-depart2] ssid-profile depart2
[AC2-wlan-vap-prof-depart2] security-profile depart2
[AC2-wlan-vap-prof-depart2] quit
[AC2-wlan-view] ap-group name depart2
[AC2-wlan-ap-group-depart2] vap-profile depart2 wlan 1 radio all
[AC2-wlan-ap-group-depart2] quit

The security profile depart2 is configured, with the authentication mode of WPA2-PSK
and the pre-shared key of huawei123.
The SSID profile depart2 is configured, and the SSID is set to roam.
The VAP profile depart2 is configured, with the direct forwarding mode and the service
VLAN 21, and has the SSID profile depart2 and security profile depart1 bound.
The VAP profile depart2 is bound to the AP group depart2.
# Check the AP online status.

<AC2>display ap all
Info: This operation may take afew seconds. Please wait for amoment.done.
HCIP-Datacom-Core Technology Lab Guide Page 251

Total AP information:
nor : normal [1]
--------------------------------------------------------------------------------------------
ID MAC Name Group IP Type State STA Uptime
--------------------------------------------------------------------------------------------
0 00e0-fcde-1990 ap2 depart2 10.0.20.254 AirEngine5760-10 nor 0 1M:13S
--------------------------------------------------------------------------------------------
Total: 1

Wait for a period of time and check the AP online status. If the AP status is nor, the AP
goes online successfully and works properly. The AP has obtained the IP address
10.0.20.254 and has no STA associated.

Step 5 Configure Layer 3 roaming.

Configure static routes between the CAPWAP source interfaces on AC1 and AC2. Create
the mobility group mobility and add AC1 and AC2 to the mobility group, without
specifying a mobility server.
#Configure static routes.

[AC1]ip route-static 10.0.200.0 255.255.255.0 10.0.100.1

[AC2]ip route-static 10.0.100.0 255.255.255.0 10.0.200.1

# Configure AC1.

[AC1]wlan
[AC1 -wlan-view] mobility-group name mobility
[AC1-mc-mg-mobility] member ip-address 10.0.100.254
[AC1-mc-mg-mobility] member ip-address 10.0.200.254

The mobility group mobility is created on AC1, and AC1 and AC2 are added to the
mobility group as members.
# Configure AC2.

[AC2]wlan
[AC2 -wlan-view] mobility-group name mobility
[AC2-mc-mg-mobility] member ip-address 10.0.100.254
[AC2-mc-mg-mobility] member ip-address 10.0.200.254

The mobility group mobility is created on AC2, and AC1 and AC2 are added to the
mobility group as members.
# Check the mobility group status.

[AC1]display mobility-group name mobility


--------------------------------------------------------------------------------
State IP address Description
--------------------------------------------------------------------------------

normal 10.0.100.254 -
normal 10.0.200.254 -
--------------------------------------------------------------------------------
Total: 2
HCIP-Datacom-Core Technology Lab Guide Page 252

Members AC1 and AC2 in the mobility group are both in normal state.
# Check STA information on AC1.

[AC1]display station ssid roam


Rf/WLAN: Radio ID/WLAN ID
Rx/Tx: link receive rate/link transmit rate(Mbps)
-----------------------------------------------------------------------------------------
STA MAC AP ID Ap name Rf/WLAN Band Type Rx/Tx RSSI VLAN IP address
-----------------------------------------------------------------------------------------
5489-986f-73ad 0 ap1 0/1 2.4G - -/- - 11 10.0.11.254
-----------------------------------------------------------------------------------------
Total: 1 2.4G: 1 5G: 0

After detecting the WLAN with the SSID roam in the coverage area of AP1, the STA is
associated with the WLAN through the password huawei123. After the display station
ssid roam command is run on AC1 to check STA access information, the command
output shows that the STA (MAC address: 5489-986f-73) is associated with AP1.
Move the STA to the coverage area of AP2 while still associating with AP1 and then
power off AP1 to enable the STA to roam to AP2.
# Check the inter-AC roaming track.

<AC2>display station roam-tracksta-mac 5489-986f-73ad


Access SSID:roam
Rx/Tx: link receive rate/link transmit rate(Mbps)
z: Zero Roam c:PMKCache Roam r:802.11r Roam
------------------------------------------------------------------
L2/L3 AC IP AP name Radio ID
BSSID TIME In Rx/Tx RSSI Out Rx/Tx RSSI
------------------------------------------------------------------
10.0.100.254 ap1 1
00e0-fc6e-2890 2020/06/08 07:27:06 130/130 -44 130/130 -44
L3 10.0.200.254 ap2 1
00e0-fcde-1990 2020/06/08 07:27:24 130/6 -42 -/-
------------------------------------------------------------------
Numberof roam track: 1

The STA with the MAC address 5489-986f-73ad has roamed from AP1 to AP2, which is an
inter-AC roaming process.
----End

10.1.3 Quiz
What are the differences in forwarding between inter-AC Layer 2 roaming and inter-AC
Layer 3 roaming?

10.1.4 Configuration Reference


Configuration on S3

#
sysname S3
HCIP-Datacom-Core Technology Lab Guide Page 253

#
vlan batch 10 to 11 20 to 21 100 200
#
dhcp enable
#
ip pool ap1
gateway-list 10.0.10.1
network 10.0.10.0 mask 255.255.255.0
option 43 sub-option 3 ascii 10.0.100.254
#
ip pool ap2
gateway-list 10.0.20.1
network 10.0.20.0 mask 255.255.255.0
option 43 sub-option 3 ascii 10.0.200.254
#
ip pool service_a
gateway-list 10.0.11.1
network 10.0.11.0 mask 255.255.255.0
dns-list 10.0.11.1
#
ip pool service_b
gateway-list 10.0.21.1
network 10.0.21.0 mask 255.255.255.0
dns-list 10.0.21.1
#
interface Vlanif10
description ap1_mgnt
ip address 10.0.10.1 255.255.255.0
dhcp select global
#
interface Vlanif11
description ap1_service
ip address 10.0.11.1 255.255.255.0
dhcp select global
#
interface Vlanif20
description ap2_mgnt
ip address 10.0.20.1 255.255.255.0
dhcp select global
#
interface Vlanif21
description ap2_service
ip address 10.0.21.1 255.255.255.0
dhcp select global
#
interface Vlanif100
description to_AC1
ip address 10.0.100.1 255.255.255.0
#
interface Vlanif200
description to_AC2
ip address 10.0.200.1 255.255.255.0
#
interface GigabitEthernet0/0/1
port link-type trunk
HCIP-Datacom-Core Technology Lab Guide Page 254

port trunk allow-pass vlan 100


#
interface GigabitEthernet0/0/2
port link-type trunk
port trunk allow-pass vlan 200
#
interface GigabitEthernet0/0/3
port link-type trunk
port trunk allow-pass vlan 20 to 21
#
interface GigabitEthernet0/0/4
port link-type trunk
port trunk pvid vlan 10
port trunk allow-pass vlan 10 to 11
#
return

Configuration on S4

#
sysname S4
#
vlan batch 20 to 21
#
interface GigabitEthernet0/0/3
port link-type trunk
port trunk allow-pass vlan 20 to 21
#
interface GigabitEthernet0/0/4
port link-type trunk
port trunk pvid vlan 20
port trunk allow-pass vlan 20 to 21
#
return

Configuration on AC1

#
sysname AC1
#
vlan batch 100
#
interface Vlanif100
description to_S3_CAPWAP
ip address 10.0.100.254 255.255.255.0
#
interface GigabitEthernet0/0/12
port link-type trunk
port trunk allow-pass vlan 100
#
ip route-static 10.0.10.0 255.255.255.0 10.0.100.1
ip route-static 10.0.200.0 255.255.255.0 10.0.100.1
HCIP-Datacom-Core Technology Lab Guide Page 255

#
capwap source interface vlanif100
#
wlan
security-profile name depart1
security wpa2 psk pass-phrase huawei123 aes
aes
ssid-profile name depart1
ssid roam
vap-profile name depart1
service-vlan vlan-id 11
ssid-profile depart1
security-profile depart1
regulatory-domain-profile name default
mobility-group name mobility
member ip-address 10.0.100.254
member ip-address 10.0.200.254
ap-group name depart1
radio 0
vap-profile depart1 wlan 1
radio 1
vap-profile depart1 wlan 1
radio 2
vap-profile depart1 wlan 1
ap-id 0 type-id 56 ap-mac 00e0-fc6e-2890 ap-sn 210235448310F30CF56D
ap-name ap1
ap-group depart1
provision-ap
#
return

Configuration on AC2

#
sysname AC2
#
vlan batch 200
#
interface Vlanif200
description to_S3_CAPWAP
ip address 10.0.200.254 255.255.255.0
#
interface GigabitEthernet0/0/13
port link-type trunk
port trunk allow-pass vlan 200
#
ip route-static 10.0.20.0 255.255.255.0 10.0.200.1
ip route-static 10.0.100.0 255.255.255.0 10.0.200.1
#
capwap source interface vlanif200
#
wlan
security-profile name depart2
security wpa-wpa2 psk pass-phrase huawei123 aes
HCIP-Datacom-Core Technology Lab Guide Page 256

ssid-profile name default


ssid-profile name depart2
ssid roam
vap-profile name depart2
service-vlan vlan-id 21
ssid-profile depart2
security-profile depart2
regulatory-domain-profile name default
mobility-group name mobility
member ip-address 10.0.100.254
member ip-address 10.0.200.254
ap-group name depart2
radio 0
vap-profile depart2 wlan 1
radio 1
vap-profile depart2 wlan 1
radio 2
vap-profile depart2 wlan 1
ap-id 0 type-id 56 ap-mac 00e0-fcde-1990 ap-sn 210235448310FA145341
ap-name ap2
ap-group depart2
provision-ap
#
Return

10.2 VRRP HSB Configuration


10.2.1 Introduction
10.2.1.1 Objectives
Upon completion of this task, you will be able to:
⚫ Improve AC reliability through VRRP HSB.
⚫ Configure VRRP HSB.
⚫ Describe the technical implementation of VRRP HSB.
HCIP-Datacom-Core Technology Lab Guide Page 257

10.2.1.2 Networking Topology

Figure 10-2 VRRP HSB configuration

As shown in the figure, AC1 and AC2 form an HSB group, and VRRP HSB is configured for
AC backup. AP1 and AP2 are managed by AC1 and AC2 in active/standby mode, and both
use the direct forwarding mode.
S4 transparently transmits packets from AP2 at Layer 2. S3 serves as the gateway for APs
and STAs.
S3 is enabled with DHCP to allocate IP addresses to AP1, AP2, and STAs associated with
them. APs obtain the ACs' virtual IP address from Option 43 in DHCP packets.

10.2.1.3 Background
As the number of STAs on the enterprise intranet keeps increasing, to ensure the stability
of wireless services, you, a network engineer, decide to purchase a new AC (AC2) to form
an HSB group with the existing AC (AC1) and configure the HSB group to work with
VRRP to implement AC HSB and improve the reliability of wireless services.

10.2.1.4 Data Planning

Table 10-2 AC's data planning

Item Configuration

Management VLAN for APs VLAN 10

Service VLAN for STAs VLAN 11

DHCP server S3 functions as a DHCP server to allocate IP


addresses to APs and STAs.

IP address pool for APs 10.0.10.0/24


HCIP-Datacom-Core Technology Lab Guide Page 258

Item Configuration

IP address pool for STAs 10.0.11.0/24

AC's source interface address 10.0.100.254 (VRRP virtual address)

AP group Name: depart

Referenced profile: VAP profile depart

Regulatory domain profile Name: default

Country code: CN

SSID profile Name: depart

SSID name: HSB

Security profile Name: depart

Security policy: WPA-WPA2+PSK+AES

Password: huawei123

VAP profile Name: depart

Forwarding mode: direct forwarding

Service VLAN: VLAN 11

Referenced profiles: SSID profile depart and security


profile depart

VRRP group VRRP group ID: 1

Virtual IP address: 10.0.100.254

HSB IP address and port number of the HSB channel for


AC1: 10.0.100.1 and 10241

IP address and port number of the HSB channel for


AC2: 10.0.100.2 and 10241

10.2.2 Lab Configuration


10.2.2.1 Configuration Roadmap
1. Shut down unnecessary ports and enable the PoE function on switches.
2. Configure wired-side functions so that S3 serves as the gateway for APs and STAs,
and AC1 and AC2 communicate with S3 at Layer 3 through VLANIF 100.
3. Configure WLAN services on AC1 and AC2. Note that you do not need to configure
the CAPWAP source address now. Perform this configuration after HSB and VRRP
configurations are completed.
HCIP-Datacom-Core Technology Lab Guide Page 259

4. Configure HSB on AC1, specify AC1 as the master device in VRRP group 1 and the
active device in HSB mode, and set the CAPWAP source address to the VRRP virtual
IP address.
5. Configure HSB on AC1, specify AC1 as the standby device in HSB mode, and set the
CAPWAP source address to the VRRP virtual IP address.
6. Verify the VRRP HSB configuration. Shut down the downlink interface on AC1, and
check the states of APs and STAs on AC2.

10.2.2.2 Configuration Procedure


Step 1 Complete basic device configurations.

# Name the devices.


The configuration details are not provided.
# Shut down unnecessary ports.
The configuration details are not provided.
# Enable the PoE function on S3 and S4 ports connected to APs.

[S3]interface GigabitEthernet 0/0/4


[S3-GigabitEthernet0/0/4] poe enable

[S4]interface GigabitEthernet 0/0/4


[S4-GigabitEthernet0/0/4] poe enable

The poe enable command enables the PoE function on a port. When a port detects a PD
connected, the port supplies power to the PD. By default, the PoE function is enabled on
a port. Therefore, this command is unnecessary and is provided for demonstration
purpose only.

Step 2 Configure the wired network.

Configure the wired network of the switches and ACs as planned.


# Create VLANs on S3, S4, AC1, and AC2, and assign ports to the VLANs.

[S3]vlan batch 10 11 100


[S3]interface GigabitEthernet0/0/1
[S3-GigabitEthernet0/0/1] port link-type trunk
[S3-GigabitEthernet0/0/1] port trunk allow-pass vlan 100
[S3-GigabitEthernet0/0/1] quit
[S3]interface GigabitEthernet0/0/2
[S3-GigabitEthernet0/0/2] port link-type trunk
[S3-GigabitEthernet0/0/2] port trunk allow-pass vlan 100
[S3-GigabitEthernet0/0/2] quit
[S3]interface GigabitEthernet0/0/3
[S3-GigabitEthernet0/0/3] port link-type trunk
[S3-GigabitEthernet0/0/3] port trunk allow-pass vlan 10 to 11
[S3-GigabitEthernet0/0/3] quit
[S3]interface GigabitEthernet0/0/4
[S3-GigabitEthernet0/0/4] port link-type trunk
[S3-GigabitEthernet0/0/4] port trunk pvid vlan 10
[S3-GigabitEthernet0/0/4] port trunk allow-pass vlan 10 to 11
[S3-GigabitEthernet0/0/4] quit
HCIP-Datacom-Core Technology Lab Guide Page 260

The PVID of the S3 port connected to AP1 is set to VLAN 10, packets in the service VLANs
and management VLANs are allowed to pass on the S3 port connected to S4, and the S3
ports connected to ACs are configured to allow packets in VLAN 100 to pass through.

[S4]vlan batch 10 11
Info: This operation may take a few seconds. Please wait for a moment...done.
[S4]interface GigabitEthernet0/0/3
[S4-GigabitEthernet0/0/3] port link-type trunk
[S4-GigabitEthernet0/0/3] port trunk allow-pass vlan 10 to 11
[S4-GigabitEthernet0/0/3] quit
[S4]interface GigabitEthernet0/0/4
[S4-GigabitEthernet0/0/4] port link-type trunk
[S4-GigabitEthernet0/0/4] port trunk pvid vlan 10
[S4-GigabitEthernet0/0/4] port trunk allow-pass vlan 10 to 11
[S4-GigabitEthernet0/0/4] quit

The PVID of the S4 port connected to AP2 is set to VLAN 10, and the uplink port of S4 is
configured to transparently transmit packets in VLANs 10 (management VLAN) and 11
(service VLAN).

[AC1]vlan batch 100


[AC1]interface GigabitEthernet0/0/12
[AC1-GigabitEthernet0/0/12] port link-type trunk
[AC1-GigabitEthernet0/0/12] port trunk allow-pass vlan 100
[AC1-GigabitEthernet0/0/12] quit

The interface is configured to allow packets in VLAN 100 to pass through.

[AC2]vlan batch 100


[AC2]interface GigabitEthernet0/0/13
[AC2-GigabitEthernet0/0/13] port link-type trunk
[AC2-GigabitEthernet0/0/13] port trunk allow-pass vlan 100
[AC2-GigabitEthernet0/0/13] quit

The interface is configured to allow packets in VLAN 100 to pass through.


# Create VLANIF interfaces on S3, AC1, and AC2.

[S3]interface Vlanif10
[S3-Vlanif10] description ap_mgnt
[S3-Vlanif10] ip address 10.0.10.1 255.255.255.0
[S3-Vlanif10] quit
[S3]interface Vlanif11
[S3-Vlanif11] description ap_service
[S3-Vlanif11] ip address 10.0.11.1 255.255.255.0
[S3-Vlanif11] quit
[S3]interface Vlanif100
[S3-Vlanif100] description to_AC
[S3-Vlanif100] ip address 10.0.100.3 255.255.255.0
[S3-Vlanif100] quit

On S3, VLANIF 10 is configured as the management VLAN gateway of AP1 and AP2;
VLANIF 11 is configured as the service VLAN gateway of STAs connected to AP1 and AP2;
and VLANIF 100 is used for Layer 3 communication with AC1 and AC2.
HCIP-Datacom-Core Technology Lab Guide Page 261

[AC1]interface Vlanif100
[AC1-Vlanif100] description to_S3_CAPWAP
[AC1-Vlanif100] ip address 10.0.100.1 255.255.255.0
[AC1-Vlanif100] quit

VLANIF 100 of AC1 is configured as the CAPWAP communication interface (instead of the
CAPWAP source interface).

[AC2]interface Vlanif100
[AC2-Vlanif100] description to_S3_CAPWAP
[AC2-Vlanif100] ip address 10.0.100.2 255.255.255.0
[AC2-Vlanif100] quit

VLANIF 100 of AC2 is configured as the CAPWAP communication interface (instead of the
CAPWAP source interface).
# Configure routes to the AP management network segments on AC1 and AC2.

[AC1]ip route-static 10.0.10.0 255.255.255.0 10.0.100.3

[AC2]ip route-static 10.0.10.0 255.255.255.0 10.0.100.3

Static routes to the AP management network segments are configured on ACs for
CAPWAP communication with APs.
# Configure the DHCP service on S3.

[S3]dhcp enable

The DHCP service is enabled.

[S3]ip pool ap
[S3-ip-pool-ap] gateway-list 10.0.10.1
[S3-ip-pool-ap] network 10.0.10.0 mask 255.255.255.0
[S3-ip-pool-ap] option 43 sub-option 3 ascii 10.0.100.254
[S3-ip-pool-ap] quit
[S3]ip pool service
[S3-ip-pool-service] gateway-list 10.0.11.1
[S3-ip-pool-service] network 10.0.11.0 mask 255.255.255.0
[S3-ip-pool-service] dns-list 10.0.11.1
[S3-ip-pool-service] quit

The address pool ap is configured to allocate IP addresses to APs. Option 43 is configured


to specify the AC's IP address (VRRP virtual IP address).
The address pool service is configured to allocate IP addresses to STAs connected to AP1
and AP2. VLANIF interfaces on S3 are configured as the gateways for all address pools.

[S3]interface Vlanif10
[S3-Vlanif10] dhcp select global
[S3-Vlanif10] quit
[S3]interface Vlanif11
[S3-Vlanif11] dhcp select global
[S3-Vlanif11] quit
HCIP-Datacom-Core Technology Lab Guide Page 262

The global address pool is selected on the VLANIF interfaces.

Step 3 Configure ACs.

Create the AP group depart, configure MAC address authentication for APs, name the
APs ap1 and ap2, add them to the AP group depart, and associate parameter profiles
with the VAP profile depart.
The WLAN configurations on AC1 and AC2 are the same. The following uses AC1 as an
example.
# Create an AP group named depart.

[AC1]wlan
[AC1-wlan-view] ap-group name depart
[AC1-wlan-ap-group-depart] quit

# Create a regulatory domain profile and configure the AC's country code in the profile.

[AC1]wlan
[AC1-wlan-view] regulatory-domain-profile name default
[AC1-wlan-regulate-domain-default] country-code cn
Info: The current country code is same with the input country code.
[AC1-wlan-regulate-domain-default] quit

A regulatory domain profile provides configurations of the country code, calibration


channel set, and calibration bandwidth for an AP.
By default, the system provides the regulatory domain profile default. Therefore, the
default regulatory domain profile is displayed.
A country code identifies the country where AP radios work. Different countries require
different AP radio attributes, including the transmit power and supported channels. The
correct country code configuration ensures that radio attributes of APs comply with local
laws and regulations of countries and regions to which the APs are delivered. By default,
the country code CN is configured.
# Bind the regulatory domain profile to the AP group.

[AC1]wlan
[AC1-wlan-view]ap-group name depart
[AC1-wlan-ap-group- depart]regulatory-domain-profile default
Warning: Modifying the country code will clear channel, power and antenna gain configurations of the radio and
reset the AP. Continue?[Y/N]:y
[AC1-wlan-ap-group- depart]quit

In the AP group view, the regulatory-domain-profile command binds a regulatory


domain profile to an AP or AP group. By default, the regulatory domain profile default is
bound to an AP group, but no regulatory domain profile is bound to an AP. In the
regulatory domain profile default, the country code is CN, 2.4G calibration channels
include channels 1, 6, and 11, and 5G calibration channels include channels 149, 153,
157, 161, and 165. Therefore, you can skip this step and the previous step in actual
operations.
# Add APs.
HCIP-Datacom-Core Technology Lab Guide Page 263

[AC1]wlan
[AC1-wlan-view] ap auth-mode mac-auth
[AC1-wlan-view] ap-id 0 ap-mac 00e0-fc6e-2890 //Set the AP's MAC address as required in the lab
environment.
[AC1-wlan-ap-0] ap-name ap1
[AC1-wlan-ap-0] ap-group depart
[AC1-wlan-ap-0] quit
[AC1-wlan-view] ap-id 1 ap-mac 00e0-fcde-1990 //Set the AP's MAC address as required in the lab
environment.
[AC1-wlan-ap-1] ap-name ap2
[AC1-wlan-ap-1] ap-group depart
[AC1-wlan-ap-1] quit

Three AP authentication modes are supported. By default, MAC address authentication is


used. APs are added on the AC before they go online, named ap1 and ap2, and added to
the AP group depart.
# Configure parameter profiles.

[AC1]wlan
[AC1-wlan-view] security-profile name depart
[AC1-wlan-sec-prof-depart] security wpa2 psk pass-phrase huawei123 aes
[AC1-wlan-sec-prof- depart] quit
[AC1-wlan-view] ssid-profile name depart
[AC1-wlan-ssid-prof-depart] ssid HSB
[AC1-wlan-ssid-prof-depart] quit
[AC1-wlan-view] vap-profile name depart
[AC1-wlan-vap-prof-depart] forward-mode direct-forward
[AC1-wlan-vap-prof-depart] service-vlan vlan-id 11
[AC1-wlan-vap-prof-depart] ssid-profile depart
[AC1-wlan-vap-prof-depart] security-profile depart
[AC1-wlan-vap-prof-depart] quit
[AC1-wlan-view] ap-group name depart
[AC1-wlan-ap-group-depart] vap-profile depart wlan 1 radio all
[AC1-wlan-ap-group-depart] quit

The security profile depart is configured, with the authentication mode of WPA2-PSK and
the pre-shared key of huawei123.
The SSID profile depart is configured, and the SSID is set to HSB.
The VAP profile depart is configured, with the direct forwarding mode and the service
VLAN 11, and has the SSID profile depart and security profile depart bound.
The VAP profile depart is bound to the AP group depart.

Step 4 Configure VRRP HSB on AC1.

Configure AC1 as the master in VRRP group 1. Configure the hot standby (HSB) function
on AC1 so that service information on AC1 is backed up to AC2 in real time or in batches,
ensuring seamless service switchover.
# Set the recovery delay of the VRRP group to 60 seconds.

[AC1] vrrp recover-delay 60


HCIP-Datacom-Core Technology Lab Guide Page 264

# Create a management VRRP group on AC1. Set the VRRP priority of AC1 to 120 and the
preemption delay to 1800 seconds.

[AC1] interface vlanif 100


[AC1-Vlanif100] vrrp vrid 1 virtual-ip 10.0.100.254
[AC1-Vlanif100] vrrp vrid 1 priority 120
[AC1-Vlanif100] vrrp vrid 1 preempt-mode timer delay 1800
[AC1-Vlanif100] admin-vrrp vrid 1
[AC1-Vlanif100] quit

The VRRP priority of AC1 is adjusted, and AC1 is specified as the master device in VRRP
group 1.
# Create HSB service 0 on AC1, and configure the IP addresses and port numbers for
establishing an HSB channel. Set the retransmission time and interval of HSB packets.

[AC1] hsb-service 0
[AC1-hsb-service-0] service-ip-port local-ip 10.0.100.1 peer-ip 10.0.100.2 local-data-port 10241 peer-data-port 10241
[AC1-hsb-service-0] service-keep-alive detect retransmit 3 interval 6
[AC1-hsb-service-0] quit

# Create HSB group 0 on AC1, and bind HSB service 0 and the management VRRP group
to the HSB group.

[AC1] hsb-group 0
[AC1-hsb-group-0] bind-service 0
[AC1-hsb-group-0] track vrrp vrid 1 interface vlanif 100
[AC1-hsb-group-0] quit

# Bind the NAC service to the HSB group.

[AC1] hsb-service-type access-user hsb-group 0

# Bind the WLAN service to the HSB group.

[AC1] hsb-service-type ap hsb-group 0

# Enable the HSB function.

[AC1]hsb-group 0
[AC1-hsb-group-0] hsb enable
[AC1-hsb-group-0] quit

# Configure the CAPWAP source address of AC1.

[AC1]undo capwap source ip-address


[AC1]capwap source ip-address 10.0.100.254

Note that this IP address must be set to the VRRP virtual IP address.

Step 5 Configure VRRP HSB on AC2.

Configure AC2 as the backup in VRRP group 1. Configure the HSB function on AC2 to
back up service information from AC1, ensuring seamless service switchover.
HCIP-Datacom-Core Technology Lab Guide Page 265

# Set the recovery delay of the VRRP group to 60 seconds.

[AC2] vrrp recover-delay 60

# Create a management VRRP group on AC2 and set the preemption delay to 1800
seconds.

[AC2] interface vlanif 100


[AC2-Vlanif100] vrrp vrid 1 virtual-ip 10.0.100.254
[AC2-Vlanif100] vrrp vrid 1 preempt-mode timer delay 1800
[AC2-Vlanif100] admin-vrrp vrid 1
[AC2-Vlanif100] quit

# Create HSB service 0 on AC2, and configure the IP addresses and port numbers for
establishing an HSB channel. Set the retransmission time and interval of HSB packets.

[AC2] hsb-service 0
[AC2-hsb-service-0] service-ip-port local-ip 10.0.100.2 peer-ip 10.0.100.1 local-data-port 10241 peer-data-port 10241
[AC2-hsb-service-0] service-keep-alive detect retransmit 3 interval 6
[AC2-hsb-service-0] quit

# Create HSB group 0 on AC2, and bind HSB service 0 and the management VRRP group
to the HSB group.

[AC2] hsb-group 0
[AC2-hsb-group-0] bind-service 0
[AC2-hsb-group-0] track vrrp vrid 1 interface vlanif 100
[AC2-hsb-group-0] quit

# Bind the NAC service to the HSB group.

[AC2] hsb-service-type access-user hsb-group 0

# Bind the WLAN service to the HSB group.

[AC2] hsb-service-type ap hsb-group 0

# Enable the HSB function.

[AC2]hsb-group 0
[AC2-hsb-group-0] hsb enable
[AC2-hsb-group-0] quit

# Configure the CAPWAP source address of AC2.

[AC2]undo capwap source ip-address


[AC2]capwap source ip-address 10.0.100.254

Note that this IP address must be set to the VRRP virtual IP address.

Step 6 Verify the configuration.

# Check the VRRP status on AC1 and AC2. The State field of AC1 is Master and that of
AC2 is Backup.
HCIP-Datacom-Core Technology Lab Guide Page 266

<AC1>display vrrp
Vlanif100 | Virtual Router 1
State : Master
Virtual IP : 10.0.100.254
Master IP : 10.0.100.1
PriorityRun : 120
PriorityConfig : 120
MasterPriority : 120
Preempt : YES Delay Time : 1800s
TimerRun : 1s
TimerConfig : 1s
Auth type : NONE
Virtual MAC : 0000-5e00-0101
Check TTL : YES
Config type : admin-vrrp
Backup-forward : disabled
Create time : 2020-06-12 08:26:33 UTC-05:13
Last change time : 2020-06-12 08:26:36 UTC-05:13

<AC2>display vrrp
Vlanif100 | Virtual Router 1
State : Backup
Virtual IP : 10.0.100.254
Master IP : 10.0.100.1
PriorityRun : 100
PriorityConfig : 100
MasterPriority : 120
Preempt : YES Delay Time : 0s
TimerRun : 1s
TimerConfig : 1s
Auth type : NONE
Virtual MAC : 0000-5e00-0101
Check TTL : YES
Config type : admin-vrrp
Backup-forward : disabled
Create time : 2020-06-12 08:41:15 UTC-05:13
Last change time : 2020-06-12 08:41:15 UTC-05:13

AC1 is the owner of the virtual IP address 10.0.100.254.


# Run the display hsb-service 0 command on AC1 and AC2 to check the status of the
HSB service.

<AC1>display hsb-service 0
Hot Standby Service Information:
----------------------------------------------------------
Local IP Address : 10.0.100.1
Peer IP Address : 10.0.100.2
Source Port : 10241
Destination Port : 10241
KeepAlive Times :3
KeepAlive Interval :6
Service State : Connected
Service Batch Modules :
----------------------------------------------------------
HCIP-Datacom-Core Technology Lab Guide Page 267

<AC2>display hsb-service0
Hot Standby Service Information:
----------------------------------------------------------
Local IP Address : 10.0.100.2
Peer IP Address : 10.0.100.1
Source Port : 10241
Destination Port : 10241
KeepAlive Times :3
KeepAlive Interval :6
Service State : Connected
Service Batch Modules :
----------------------------------------------------------

The value of the Service State field is Connected, indicating that the HSB channel has
been established.
# Run the display hsb-group 0 command on AC1 and AC2 to check the running status of
the HSB group.

[AC1] display hsb-group 0


Hot Standby Group Information:
----------------------------------------------------------
HSB-group ID :0
Vrrp GroupID :1
Vrrp Interface : Vlanif100
Service Index :0
GroupVrrp Status : Master
GroupStatus : Active
GroupBackup Process : Realtime
Peer GroupDevice Name : AC2
Peer GroupSoftware Version : V200R019C00
GroupBackup Modules : Access-user
AP
----------------------------------------------------------

[AC2] display hsb-group 0


Hot Standby GroupInformation:
----------------------------------------------------------
HSB-group ID :0
Vrrp GroupID :1
Vrrp Interface : Vlanif100
Service Index :0
GroupVrrp Status : Backup
GroupStatus : Inactive
GroupBackup Process : Realtime
Peer GroupDevice Name : AC1
Peer GroupSoftware Version : V200R019C00
GroupBackup Modules : Access-user
AP
----------------------------------------------------------

# Check the AP online status on AC1 and AC2.

<AC1>display ap all
HCIP-Datacom-Core Technology Lab Guide Page 268

Info: This operation may take afew seconds. Please wait for amoment.done.
Total AP information:
nor : normal [2]
----------------------------------------------------------------------------------------
ID MAC Name Group IP Type State STAUptime
----------------------------------------------------------------------------------------
0 00e0-fc6e-2890 ap1 depart 10.0.10.254 AirEngine5760-10 nor 1 12M:27S
1 00e0-fcde-1990 ap2 depart 10.0.10.253 AirEngine5760-10 nor 0 12M:29S
----------------------------------------------------------------------------------------
Total: 2

<AC2>dis ap all
Info: This operation may take afew seconds. Please wait for amoment.done.
Total AP information:
stdby: standby [2]
---------------------------------------------------------------------------------------
ID MAC Name Group IP Type State STA Uptime
---------------------------------------------------------------------------------------
0 00e0-fc6e-2890 ap1 depart 10.0.10.254 AirEngine5760-10 stdby 1 -
1 00e0-fcde-1990 ap2 depart 10.0.10.253 AirEngine5760-10 stdby 0 -
---------------------------------------------------------------------------------------
Total: 2

The AP status is normal on AC1 and standby on AC2. AP information on AC2 is


synchronized from the HSB group.
# Enable the STA to search for the WLAN with the SSID HSB and go online. Check STA
information on AC1 and AC2.

<AC1>display station all


Rf/WLAN: Radio ID/WLAN ID
Rx/Tx : link receive rate/link transmit rate(Mbps)
--------------------------------------------------------------------------------------------------
STA MAC AP ID Ap name Rf/WLAN Band Type Rx/Tx RSSI VLAN IP address SSID
--------------------------------------------------------------------------------------------------
5489-986f-73ad 0 ap1 0/1 2.4G - -/- - 11 10.0.11.254 HSB
--------------------------------------------------------------------------------------------------
Total: 1 2.4G: 1 5G: 0

<AC2>display station all


Rf/WLAN: Radio ID/WLAN ID
Rx/Tx : link receive rate/link transmit rate(Mbps)
-------------------------------------------------------------------------------------------------
STA MAC AP ID Ap name Rf/WLAN Band Type Rx/Tx RSSI VLAN IP address SSID
--------------------------------------------------------------------------------------------------
5489-986f-73ad 0 ap1 0/1 2.4G - -/- - 11 10.0.11.254 HSB
--------------------------------------------------------------------------------------------------
Total: 1 2.4G: 1 5G: 0

STA information is displayed on both AC1 and AC2.


# Shut down the interface on AC1 to simulate an AC fault.

[AC1]interface GigabitEthernet 0/0/12


[AC1-GigabitEthernet0/0/12] shutdown
HCIP-Datacom-Core Technology Lab Guide Page 269

# Check brief VRRP information on AC2.

<AC2>display vrrp brief


Total:1 Master:1 Backup:0 Non-active:0
VRID State Interface Type Virtual IP
----------------------------------------------------------------
1 Master Vlanif100 Admin 10.0.100.254

VLANIF 100 of AC2 is the master in VRRP group 1.


# Check the running status of the HSB group on AC2.

<AC2>display hsb-group 0
Hot Standby Group Information:
----------------------------------------------------------
HSB-group ID :0
Vrrp GroupID :1
Vrrp Interface : Vlanif100
Service Index :0
GroupVrrp Status : Master
GroupStatus : Independent
GroupBackup Process : Independent
Peer GroupDevice Name : AC1
Peer GroupSoftware Version : V200R019C00
GroupBackup Modules : Access-user
AP
----------------------------------------------------------

AC2 is the master in VRRP group 1 that is in the independent running state (indicating
that the connection to AC1 is interrupted).
# Check AP online information on AC2.

<AC2>display ap all
Info: This operation may take afew seconds. Please wait for amoment.done.
Total AP information:
nor : normal [2]
----------------------------------------------------------------------------------------
ID MAC Name Group IP Type State STA Uptime
----------------------------------------------------------------------------------------
0 00e0-fc6e-2890 ap1 depart 10.0.10.254 AirEngine5760-10 nor 1 39M:53S
1 00e0-fcde-1990 ap2 depart 10.0.10.253 AirEngine5760-10 nor 0 39M:55S
----------------------------------------------------------------------------------------
Total: 2

The AP status on AC2 is normal, and the Uptime value is not null (-).
# Check STA information on AC2.

<AC2>display station all


Rf/WLAN: Radio ID/WLAN ID
Rx/Tx: link receive rate/link transmit rate(Mbps)
-------------------------------------------------------------------------------------------------
STA MAC AP ID Ap name Rf/WLAN Band Type Rx/Tx RSSI VLAN IP address SSID
--------------------------------------------------------------------------------------------------
5489-986f-73ad 0 ap1 0/1 2.4G - -/- - 11 10.0.11.254 HSB
HCIP-Datacom-Core Technology Lab Guide Page 270

--------------------------------------------------------------------------------------------------
Total: 1 2.4G: 1 5G: 0

STA information is still displayed on AC2.


----End

10.2.3 Quiz
How many CAPWAP control channels are established between an AP and ACs when VRRP
HSB is deployed?

10.2.4 Configuration Reference


Configuration on S3

#
sysname S3
#
vlan batch 10 to 11 100
#
dhcp enable
#
ip pool ap
gateway-list 10.0.10.1
network 10.0.10.0 mask 255.255.255.0
option 43 sub-option 3 ascii 10.0.100.254
#
ip pool service
gateway-list 10.0.11.1
network 10.0.11.0 mask 255.255.255.0
dns-list 10.0.11.1
#
interface Vlanif10
description ap_mgnt
ip address 10.0.10.1 255.255.255.0
dhcp select global
#
interface Vlanif11
description ap_service
ip address 10.0.11.1 255.255.255.0
dhcp select global
#
interface Vlanif100
description to_AC
ip address 10.0.100.3 255.255.255.0
#
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 100
#
interface GigabitEthernet0/0/2
port link-type trunk
port trunk allow-pass vlan 100
#
HCIP-Datacom-Core Technology Lab Guide Page 271

interface GigabitEthernet0/0/3
port link-type trunk
port trunk allow-pass vlan 10 to 11
#
interface GigabitEthernet0/0/4
port link-type trunk
port trunk pvid vlan 10
port trunk allow-pass vlan 10 to 11
#
return

Configuration on S4

#
sysname S4
#
vlan batch 10 to 11
#
#
interface GigabitEthernet0/0/3
port link-type trunk
port trunk allow-pass vlan 10 to 11
#
interface GigabitEthernet0/0/4
port link-type trunk
port trunk pvid vlan 10
port trunk allow-pass vlan 10 to 11
#
return

Configuration on AC1

#
sysname AC1
#
vrrp recover-delay 60
#
vlan batch 100
#
interface Vlanif100
description to_S3_CAPWAP
ip address 10.0.100.1 255.255.255.0
vrrp vrid 1 virtual-ip 10.0.100.254
admin-vrrp vrid 1
vrrp vrid 1 priority 120
vrrp vrid 1 preempt-mode timer delay 1800
#
interface GigabitEthernet0/0/12
port link-type trunk
port trunk allow-pass vlan 100
#
ip route-static 10.0.10.0 255.255.255.0 10.0.100.3
HCIP-Datacom-Core Technology Lab Guide Page 272

#
capwap source ip-address 10.0.100.254
#
hsb-service 0
service-ip-port local-ip 10.0.100.1 peer-ip 10.0.100.2 local-data-port 10241 pe
er-data-port 10241
service-keep-alive detect retransmit 3 interval 6
#
hsb-group 0
track vrrp vrid 1 interface Vlanif100
bind-service 0
hsb enable
#
hsb-service-type access-user hsb-group 0
#
hsb-service-type ap hsb-group 0
#
wlan
traffic-profile name default
security-profile name depart
security wpa2 psk pass-phrase huawei123 aes
ssid-profile name depart
ssid HSB
vap-profile name depart
service-vlan vlan-id 11
ssid-profile depart
security-profile depart
regulatory-domain-profile name default
ap-group name depart
radio 0
vap-profile depart wlan 1
radio 1
vap-profile depart wlan 1
radio 2
vap-profile depart wlan 1
ap-group name default
ap-group name ap-group1
ap-id 0 type-id 56 ap-mac 00e0-fc6e-2890 ap-sn 210235448310F30CF56D
ap-name ap1
ap-group depart
ap-id 1 type-id 56 ap-mac 00e0-fcde-1990 ap-sn 210235448310FA145341
ap-name ap2
ap-group depart
provision-ap
#
Return

Configuration on AC2

#
sysname AC2
#
vrrp recover-delay 60
#
HCIP-Datacom-Core Technology Lab Guide Page 273

vlan batch 100


#
interface Vlanif100
description to_S3_CAPWAP
ip address 10.0.100.2 255.255.255.0
vrrp vrid 1 virtual-ip 10.0.100.254
admin-vrrp vrid 1
#
interface GigabitEthernet0/0/13
port link-type trunk
port trunk allow-pass vlan 100
#
ip route-static 10.0.10.0 255.255.255.0 10.0.100.3
#
capwap source ip-address 10.0.100.254
#
hsb-service 0
service-ip-port local-ip 10.0.100.2 peer-ip 10.0.100.1 local-data-port 10241 pe
er-data-port 10241
service-keep-alive detect retransmit 3 interval 6
#
hsb-group 0
track vrrp vrid 1 interface Vlanif100
bind-service 0
hsb enable
#
hsb-service-type access-user hsb-group 0
#
hsb-service-type ap hsb-group 0
#
wlan
traffic-profile name default
security-profile name depart
security wpa2 psk pass-phrase huawei123 aes
ssid-profile name depart
ssid HSB
vap-profile name depart
service-vlan vlan-id 11
ssid-profile depart
security-profile depart
regulatory-domain-profile name default
ap-group name depart
radio 0
vap-profile depart wlan 1
radio 1
vap-profile depart wlan 1
radio 2
vap-profile depart wlan 1
ap-group name default
ap-id 0 type-id 56 ap-mac 00e0-fc6e-2890 ap-sn 210235448310F30CF56D
ap-name ap1
ap-group depart
ap-id 1 type-id 56 ap-mac 00e0-fcde-1990 ap-sn 210235448310FA145341
ap-name ap2
ap-group depart
HCIP-Datacom-Core Technology Lab Guide Page 274

provision-ap
#
return

10.3 Dual-Link Cold Backup Configuration


10.3.1 Introduction
10.3.1.1 Objectives
Upon completion of this task, you will be able to:
⚫ Configure dual-link cold backup.
⚫ Improve AC reliability through dual-link cold backup.
⚫ Explain the technical implementation of dual-link cold backup.
⚫ Specify the IP addresses of the active and standby ACs through DHCP Option 43.

10.3.1.2 Networking Topology

Figure 10-3 Dual-Link cold backup configuration


AC1 (S1) AC2 (S2)
VLANIF 100 VLANIF 100
Active AC Standby AC
GE0/0/12 GE0/0/13

GE0/0/1 GE0/0/2
GE0/0/3 GE0/0/3
S3 S4
GE0/0/4 GE0/0/4

GE0/0/1 GE0/0/1

AP1 AP2

As shown in the figure, AC1 is the active AC, and AC2 is the standby AC. APs establish
CAPWAP links with the active and standby ACs, and periodically exchange CAPWAP
packets with the ACs to monitor the link status. When the AP detects a failure of the link
with the active AC, the AP instructs the standby AC to perform an active/standby
switchover. The standby AC becomes the active AC and controls STA access, thereby
improving WLAN reliability.
S4 transparently transmits packets from AP2 at Layer 2. S3 serves as the gateway for APs
and STAs.
S3 is enabled with DHCP to allocate IP addresses to AP1, AP2, and STAs associated with
them. APs obtain the IP addresses of AC1 and AC2 from Option 43 in DHCP packets. The
direct forwarding mode is configured for all APs.
HCIP-Datacom-Core Technology Lab Guide Page 275

10.3.1.3 Background
As the number of STAs on the enterprise intranet keeps increasing, to ensure the stability
of wireless services, you, a network engineer, decide to purchase a new AC and deploy
dual-link cold backup so that the new AC works as a backup of the existing AC, thereby
improving the reliability of wireless services.

10.3.1.4 Data Planning

Table 10-3 AC's data planning

Item Configuration

Management VLAN for APs VLAN 10

Service VLAN for STAs VLAN 11

DHCP server S3 functions as a DHCP server to allocate IP


addresses to APs and STAs.

IP address pool for APs 10.0.10.0/24

IP address pool for STAs 10.0.11.0/24

AC's source interface address 10.0.100.1 and 10.0.100.2

AP group Name: depart

Referenced profile: VAP profile depart

Regulatory domain profile Name: default

Country code: CN

SSID profile Name: depart

SSID name: LB

Security profile Name: depart

Security policy: WPA-WPA2+PSK+AES

Password: huawei123

VAP profile Name: depart

Forwarding mode: direct forwarding

Service VLAN: VLAN 11

Referenced profiles: SSID profile depart and


security profile depart

Dual-link cold backup AC1 priority: 0

AC2 priority: 1
HCIP-Datacom-Core Technology Lab Guide Page 276

10.3.2 Lab Configuration


10.3.2.1 Configuration Roadmap
Shut down unnecessary ports and enable the PoE function on switches.
Configure wired-side functions so that S3 serves as the gateway for APs and STAs, and
AC1 and AC2 communicate with S3 at Layer 3 through VLANIF 100 working as the
CAPWAP source interface.
Configure WLAN services on AC1 and AC2.
Configure dual-link cold backup. Set the priority of AC1 to 0 and that of AC2 to 1 so that
AC1 and AC2 become the active and standby ACs, respectively.
Verify dual-link cold backup. Shut down the downlink interface on AC1, and check the
states of APs and STAs on AC2.

10.3.2.2 Configuration Procedure


Step 1 Complete basic device configurations.

# Name the devices.


The configuration details are not provided.
# Shut down unnecessary ports.
The configuration details are not provided.
# Enable the PoE function on S3 and S4 ports connected to APs.

[S3]interface GigabitEthernet 0/0/4


[S3-GigabitEthernet0/0/4] poe enable

[S4]interface GigabitEthernet 0/0/4


[S4-GigabitEthernet0/0/4] poe enable

The poe enable command enables the PoE function on a port. When a port detects a PD
connected, the port supplies power to the PD. By default, the PoE function is enabled on
a port. Therefore, this command is unnecessary and is provided for demonstration
purpose only.

Step 2 Configure the wired network.

Configure the wired network of the switches and ACs as planned.


# Create VLANs on S3, S4, AC1, and AC2, and assign ports to the VLANs.

[S3]vlan batch 10 11 100


[S3]interface GigabitEthernet0/0/1
[S3-GigabitEthernet0/0/1] port link-type trunk
[S3-GigabitEthernet0/0/1] port trunk allow-pass vlan 100
[S3-GigabitEthernet0/0/1] quit
[S3]interface GigabitEthernet0/0/2
[S3-GigabitEthernet0/0/2] port link-type trunk
[S3-GigabitEthernet0/0/2] port trunk allow-pass vlan 100
[S3-GigabitEthernet0/0/2] quit
HCIP-Datacom-Core Technology Lab Guide Page 277

[S3]interface GigabitEthernet0/0/3
[S3-GigabitEthernet0/0/3] port link-type trunk
[S3-GigabitEthernet0/0/3] port trunk allow-pass vlan 10 to 11
[S3-GigabitEthernet0/0/3] quit
[S3]interface GigabitEthernet0/0/4
[S3-GigabitEthernet0/0/4] port link-type trunk
[S3-GigabitEthernet0/0/4] port trunk pvid vlan 10
[S3-GigabitEthernet0/0/4] port trunk allow-pass vlan 10 to 11
[S3-GigabitEthernet0/0/4] quit

The PVID of the S3 port connected to AP1 is set to VLAN 10, packets in the service VLANs
and management VLANs are allowed to pass on the S3 port connected to S4, and the S3
ports connected to ACs are configured to allow packets in VLAN 100 to pass through.

[S4]vlan batch 10 11
Info: This operation may take a few seconds. Please wait for a moment...done.
[S4]interface GigabitEthernet0/0/3
[S4-GigabitEthernet0/0/3] port link-type trunk
[S4-GigabitEthernet0/0/3] port trunk allow-pass vlan 10 to 11
[S4-GigabitEthernet0/0/3] quit
[S4]interface GigabitEthernet0/0/4
[S4-GigabitEthernet0/0/4] port link-type trunk
[S4-GigabitEthernet0/0/4] port trunk pvid vlan 10
[S4-GigabitEthernet0/0/4] port trunk allow-pass vlan 10 to 11
[S4-GigabitEthernet0/0/4] quit

The PVID of the S4 port connected to AP2 is set to VLAN 10, and the uplink port of S4 is
configured to transparently transmit packets in VLANs 10 (management VLAN) and 11
(service VLAN).

[AC1]vlan batch 100


[AC1]interface GigabitEthernet0/0/12
[AC1-GigabitEthernet0/0/12] port link-type trunk
[AC1-GigabitEthernet0/0/12] port trunk allow-pass vlan 100
[AC1-GigabitEthernet0/0/12] quit

The interface is configured to allow packets in VLAN 100 to pass through.

[AC2]vlan batch 100


[AC2]interface GigabitEthernet0/0/13
[AC2-GigabitEthernet0/0/13] port link-type trunk
[AC2-GigabitEthernet0/0/13] port trunk allow-pass vlan 100
[AC2-GigabitEthernet0/0/13] quit

The interface is configured to allow packets in VLAN 100 to pass through.


# Create VLANIF interfaces on S3, AC1, and AC2.

[S3]interface Vlanif10
[S3-Vlanif10] description ap_mgnt
[S3-Vlanif10] ip address 10.0.10.1 255.255.255.0
[S3-Vlanif10] quit
[S3]interface Vlanif11
[S3-Vlanif11] description ap_service
[S3-Vlanif11] ip address 10.0.11.1 255.255.255.0
HCIP-Datacom-Core Technology Lab Guide Page 278

[S3-Vlanif11] quit
[S3]interface Vlanif100
[S3-Vlanif100] description to_AC
[S3-Vlanif100] ip address 10.0.100.3 255.255.255.0
[S3-Vlanif100] quit

On S3, VLANIF 10 is configured as the management VLAN gateway of AP1 and AP2;
VLANIF 11 is configured as the service VLAN gateway of STAs connected to AP1 and AP2;
and VLANIF 100 is used for Layer 3 communication with AC1 and AC2.

[AC1]interface Vlanif100
[AC1-Vlanif100] description to_S3_CAPWAP
[AC1-Vlanif100] ip address 10.0.100.1 255.255.255.0
[AC1-Vlanif100] quit
[AC1] capwap source interface vlanif100

VLANIF 100 is configured as the CAPWAP source interface of AC1.

[AC2]interface Vlanif100
[AC2-Vlanif100] description to_S3_CAPWAP
[AC2-Vlanif100] ip address 10.0.100.2 255.255.255.0
[AC2-Vlanif100] quit
[AC2] capwap source interface vlanif100

VLANIF 100 is configured as the CAPWAP source interface of AC2.


# Configure routes to the AP management network segments on AC1 and AC2.

[AC1]ip route-static 10.0.10.0 255.255.255.0 10.0.100.3

[AC2]ip route-static 10.0.10.0 255.255.255.0 10.0.100.3

Static routes to the AP management network segments are configured on ACs for
CAPWAP communication with APs.
# Configure the DHCP service on S3.

[S3]dhcp enable

The DHCP service is enabled.

[S3]ip pool ap
[S3-ip-pool-ap] gateway-list 10.0.10.1
[S3-ip-pool-ap] network 10.0.10.0 mask 255.255.255.0
[S3-ip-pool-ap] option 43 sub-option 2 ip-address 10.0.100.1 10.0.100.2
[S3-ip-pool-ap] quit
[S3]ip pool service
[S3-ip-pool-service] gateway-list 10.0.11.1
[S3-ip-pool-service] network 10.0.11.0 mask 255.255.255.0
[S3-ip-pool-service] dns-list 10.0.11.1
[S3-ip-pool-service] quit

The address pool ap is configured to allocate IP addresses to APs. Option 43 is configured


to specify the AC's IP address, and sub-option 2 is configured to specify the IP addresses
of the active and standby ACs.
HCIP-Datacom-Core Technology Lab Guide Page 279

The address pool service is configured to allocate IP addresses to STAs connected to AP1
and AP2. VLANIF interfaces on S3 are configured as the gateways for all address pools.

[S3]interface Vlanif10
[S3-Vlanif10] dhcp select global
[S3-Vlanif10] quit
[S3]interface Vlanif11
[S3-Vlanif11] dhcp select global
[S3-Vlanif11] quit

The global address pool is selected on the VLANIF interfaces.

Step 3 Configure ACs.

Create the AP group depart, configure MAC address authentication for APs, name the
APs ap1 and ap2, add them to the AP group depart, and associate parameter profiles
with the VAP profile depart.
The WLAN configurations on AC1 and AC2 are the same. The following uses AC1 as an
example.
# Create an AP group named depart.

[AC1]wlan
[AC1-wlan-view] ap-group name depart
[AC1-wlan-ap-group-depart] quit

# Create a regulatory domain profile and configure the AC's country code in the profile.

[AC1]wlan
[AC1-wlan-view] regulatory-domain-profile name default
[AC1-wlan-regulate-domain-default] country-code cn
Info: The current country code is same with the input country code.
[AC1-wlan-regulate-domain-default] quit

A regulatory domain profile provides configurations of the country code, calibration


channel set, and calibration bandwidth for an AP.
By default, the system provides the regulatory domain profile default. Therefore, the
default regulatory domain profile is displayed.
A country code identifies the country where AP radios work. Different countries require
different AP radio attributes, including the transmit power and supported channels. The
correct country code configuration ensures that radio attributes of APs comply with local
laws and regulations of countries and regions to which the APs are delivered. By default,
the country code CN is configured.
# Bind the regulatory domain profile to the AP group.

[AC1]wlan
[AC1-wlan-view]ap-group name depart
[AC1-wlan-ap-group- depart]regulatory-domain-profile default
Warning: Modifying the country code will clear channel, power and antenna gain configurations of the radio and
reset the AP. Continue?[Y/N]:y
[AC1-wlan-ap-group- depart]quit
HCIP-Datacom-Core Technology Lab Guide Page 280

In the AP group view, the regulatory-domain-profile command binds a regulatory


domain profile to an AP or AP group. By default, the regulatory domain profile default is
bound to an AP group, but no regulatory domain profile is bound to an AP. In the
regulatory domain profile default, the country code is CN, 2.4G calibration channels
include channels 1, 6, and 11, and 5G calibration channels include channels 149, 153,
157, 161, and 165. Therefore, you can skip this step and the previous step in actual
operations.
# Add APs.

[AC1]wlan
[AC1-wlan-view] ap auth-mode mac-auth
[AC1-wlan-view] ap-id 0 ap-mac 00e0-fc6e-2890 //Set the AP's MAC address as required in the lab
environment.
[AC1-wlan-ap-0] ap-name ap1
[AC1-wlan-ap-0] ap-group depart
[AC1-wlan-ap-0] quit
[AC1-wlan-view] ap-id 1 ap-mac 00e0-fcde-1990 //Set the AP's MAC address as required in the lab
environment.
[AC1-wlan-ap-1] ap-name ap2
[AC1-wlan-ap-1] ap-group depart
[AC1-wlan-ap-1] quit

Three AP authentication modes are supported. By default, MAC address authentication is


used. APs are added on the AC before they go online, named ap1 and ap2, and added to
the AP group depart.
# Configure parameter profiles.

[AC1]wlan
[AC1-wlan-view] security-profile name depart
[AC1-wlan-sec-prof-depart] security wpa2 psk pass-phrase huawei123 aes
[AC1-wlan-sec-prof- depart] quit
[AC1-wlan-view] ssid-profile name depart
[AC1-wlan-ssid-prof-depart] ssid LB
[AC1-wlan-ssid-prof-depart] quit
[AC1-wlan-view] vap-profile name depart
[AC1-wlan-vap-prof-depart] forward-mode direct-forward
[AC1-wlan-vap-prof-depart] service-vlan vlan-id 11
[AC1-wlan-vap-prof-depart] ssid-profile depart
[AC1-wlan-vap-prof-depart] security-profile depart
[AC1-wlan-vap-prof-depart] quit
[AC1-wlan-view] ap-group name depart
[AC1-wlan-ap-group-depart] vap-profile depart wlan 1 radio all
[AC1-wlan-ap-group-depart] quit

The security profile depart is configured, with the authentication mode of WPA2-PSK and
the pre-shared key of huawei123.
The SSID profile depart is configured, and the SSID is set to LB.
The VAP profile depart is configured, with the direct forwarding mode and the service
VLAN 11, and has the SSID profile depart and security profile depart bound.
The VAP profile depart is bound to the AP group depart.
HCIP-Datacom-Core Technology Lab Guide Page 281

Step 4 Configure dual-link cold backup.

Specify the IP address of the peer AC for APs on the active and standby ACs. Set the
priority of AC1 to 0 and that of AC2 to 1 so that AC1 and AC2 become the active and
standby ACs, respectively.
# Configure AC1.

[AC1]wlan
[AC1-wlan-view]ac protect protect-ac 10.0.100.2 priority 0
Warning: Operation successful. It will take effect after AP reset.
[AC1-wlan-view]undo ac protect restore disable
Info: Protect restore has already enabled.
[AC1-wlan-view]ac protect enable
Warning: This operation maybe cause AP reset, continue?[Y/N]:y
Info: This operation may take a few seconds. Please wait for a moment.done.
Info: Capwap echo interval has changed to default value 25, capwap echo times to 3.

By default, dual-link backup is disabled. When the ac protect enable command is


executed, a message is displayed indicating that all APs will be restarted. After the APs
are restarted, the dual-link backup function takes effect.
# Configure AC2.

[AC2]wlan
[AC2-wlan-view]ac protect protect-ac 10.0.100.1 priority 1
Warning: Operation successful. It will take effect after AP reset.
[AC2-wlan-view]undo ac protect restore disable
Info: Protect restore has already enabled.
[AC2-wlan-view]ac protect enable
Warning: This operation maybe cause AP reset, continue?[Y/N]:y
Info: This operation may take a few seconds. Please wait for a moment.done.
Info: Capwap echo interval has changed to default value 25, capwap echo times to 3.

By default, dual-link backup is disabled. When the ac protect enable command is


executed, a message is displayed indicating that all APs will be restarted. After the APs
are restarted, the dual-link backup function takes effect.

Step 5 Verify the configuration.

# Run the display ac protect command on AC1 to check the dual-link information and
AC priority.

<AC1>display ac protect
------------------------------------------------------------
Protect state : enable
Protect AC : 10.0.100.2
Priority :0
Protect restore : enable
Coldbackup kickoff station: disable
------------------------------------------------------------

The peer IP address is 10.0.100.2, and the local priority is 0.


# Run the display ac protect command on AC2 to check the dual-link information and
AC priority.
HCIP-Datacom-Core Technology Lab Guide Page 282

<AC2>display ac protect
------------------------------------------------------------
Protect state : enable
Protect AC : 10.0.100.1
Priority :1
Protect restore : enable
Coldbackup kickoff station: disable
------------------------------------------------------------

The peer IP address is 10.0.100.1, and the local priority is 1.


# Check the AP online status on AC1 and AC2.

<AC1>display ap all
Info: This operation may take afew seconds. Please wait for amoment.done.
Total AP information:
nor : normal [2]
----------------------------------------------------------------------------------------
ID MAC Name Group IP Type State STA Uptime
----------------------------------------------------------------------------------------
0 00e0-fc6e-2890 ap1 depart 10.0.10.254 AirEngine5760-10 nor 0 12M:27S
1 00e0-fcde-1990 ap2 depart 10.0.10.253 AirEngine5760-10 nor 0 12M:29S
----------------------------------------------------------------------------------------
Total: 2
<AC2>dis ap all
Info: This operation may take afew seconds. Please wait for amoment.done.
Total AP information:
stdby: standby [2]
---------------------------------------------------------------------------------------
ID MAC Name Group IP Type State STA Uptime
---------------------------------------------------------------------------------------
0 00e0-fc6e-2890 ap1 depart 10.0.10.254 AirEngine5760-10 stdby 0 -
1 00e0-fcde-1990 ap2 depart 10.0.10.253 AirEngine5760-10 stdby 0 -
---------------------------------------------------------------------------------------
Total: 2

The AP status is normal on AC1 and standby on AC2. The APs have established CAPWAP
tunnels with AC1 and AC2.
# Enable the STA to search for the WLAN with the SSID LB and go online. Check STA
information on AC1 and AC2.

<AC1>display station all


Rf/WLAN: Radio ID/WLAN ID
Rx/Tx : link receive rate/link transmit rate(Mbps)
--------------------------------------------------------------------------------------------------
STA MAC AP ID Ap name Rf/WLAN Band Type Rx/Tx RSSI VLAN IP address SSID
--------------------------------------------------------------------------------------------------
5489-986f-73ad 0 ap1 0/1 2.4G - -/- - 11 10.0.11.254 LB
--------------------------------------------------------------------------------------------------
Total: 1 2.4G: 1 5G: 0

<AC2>display station all


Rf/WLAN: Radio ID/WLAN ID
Rx/Tx : link receive rate/link transmit rate(Mbps)
--------------------------------------------------------------------------------------------------
HCIP-Datacom-Core Technology Lab Guide Page 283

STA MAC AP ID Ap name Rf/WLAN Band Type Rx/Tx RSSI VLAN IP address SSID
--------------------------------------------------------------------------------------------------
--------------------------------------------------------------------------------------------------

In this case, STA information is displayed only on AC1.


# Shut down the interface on AC1 to simulate an AC fault.

[AC1]interface GigabitEthernet 0/0/12


[AC1-GigabitEthernet0/0/12] shutdown

# After 75 seconds, check the AP online status on AC2.

<AC2>display ap all
Info: This operation may take a few seconds. Please wait for a moment.done.
Total AP information:
nor : normal [2]
---------------------------------------------------------------------------------------
ID MAC Name Group IP Type State STA Uptime
---------------------------------------------------------------------------------------
0 00e0-fc6e-2890 ap1 depart 10.0.10.253 AirEngine5760-10 nor 0 2S
1 00e0-fcde-1990 ap2 depart 10.0.10.254 AirEngine5760-10 nor 0 2S
---------------------------------------------------------------------------------------
Total: 2

The CAPWAP heartbeat detection time is 25s. If no response is received after three
heartbeat timeouts, the peer end is considered faulty. Therefore, the AP status change
can be displayed on the standby AC at least 75 seconds later.
The AP status on AC2 changes from standby to normal, but no STA goes online. When an
active/standby switchover is implemented between two ACs, STAs using open system
authentication remain connected to APs while STAs using other authentication modes are
disconnected and need to go online again by default.
In this case, reassociate the STA with the SSID LB.
# Check STA information on AC2.

<AC2>display station all


Rf/WLAN: Radio ID/WLAN ID
Rx/Tx: link receive rate/link transmit rate(Mbps)
--------------------------------------------------------------------------------------------------
STA MAC AP ID Ap name Rf/WLAN Band Type Rx/Tx RSSI VLAN IP address SSID
--------------------------------------------------------------------------------------------------
5489-986f-73ad 0 ap1 0/1 2.4G - -/- - 11 10.0.11.254 LB
--------------------------------------------------------------------------------------------------
Total: 1 2.4G: 1 5G: 0

STA information is displayed on AC2.


----End
HCIP-Datacom-Core Technology Lab Guide Page 284

10.3.3 Quiz
How many CAPWAP control channels are established between an AP and ACs when dual-
link cold backup is deployed?

10.3.4 Configuration Reference


Configuration on S3

#
sysname S3
#
vlan batch 10 to 11 100
#
dhcp enable
#
ip pool ap
gateway-list 10.0.10.1
network 10.0.10.0 mask 255.255.255.0
option 43 sub-option 3 ascii 10.0.100.254
#
ip pool service
gateway-list 10.0.11.1
network 10.0.11.0 mask 255.255.255.0
dns-list 10.0.11.1
#
interface Vlanif10
description ap_mgnt
ip address 10.0.10.1 255.255.255.0
dhcp select global
#
interface Vlanif11
description ap_service
ip address 10.0.11.1 255.255.255.0
dhcp select global
#
interface Vlanif100
description to_AC
ip address 10.0.100.3 255.255.255.0
#
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 100
#
interface GigabitEthernet0/0/2
port link-type trunk
port trunk allow-pass vlan 100
#
interface GigabitEthernet0/0/3
port link-type trunk
port trunk allow-pass vlan 10 to 11
#
interface GigabitEthernet0/0/4
port link-type trunk
port trunk pvid vlan 10
HCIP-Datacom-Core Technology Lab Guide Page 285

port trunk allow-pass vlan 10 to 11


#
return

Configuration on S4

#
sysname S4
#
vlan batch 10 to 11
#
#
interface GigabitEthernet0/0/3
port link-type trunk
port trunk allow-pass vlan 10 to 11
#
interface GigabitEthernet0/0/4
port link-type trunk
port trunk pvid vlan 10
port trunk allow-pass vlan 10 to 11
#
return

Configuration on AC1

#
sysname AC1
#
vlan batch 100
#
interface Vlanif100
description to_S3_CAPWAP
ip address 10.0.100.1 255.255.255.0
#
interface GigabitEthernet0/0/12
port link-type trunk
port trunk allow-pass vlan 100
#
ip route-static 10.0.10.0 255.255.255.0 10.0.100.3
#
capwap source interface vlanif100
#
wlan
ac protect enable protect-ac 10.0.100.2
traffic-profile name default
security-profile name depart
security wpa2 psk pass-phrase huawei123 aes
ssid-profile name depart
ssid LB
vap-profile name depart
service-vlan vlan-id 11
ssid-profile depart
security-profile depart
regulatory-domain-profile name default
ap-group name depart
HCIP-Datacom-Core Technology Lab Guide Page 286

radio 0
vap-profile depart wlan 1
radio 1
vap-profile depart wlan 1
radio 2
vap-profile depart wlan 1
ap-group name default
ap-group name ap-group1
ap-id 0 type-id 56 ap-mac 00e0-fc6e-2890 ap-sn 210235448310F30CF56D
ap-name ap1
ap-group depart
ap-id 1 type-id 56 ap-mac 00e0-fcde-1990 ap-sn 210235448310FA145341
ap-name ap2
ap-group depart
provision-ap
#
Return

Configuration on AC2

#
sysname AC2
#
vlan batch 100
#
interface Vlanif100
description to_S3_CAPWAP
ip address 10.0.100.2 255.255.255.0
#
interface GigabitEthernet0/0/13
port link-type trunk
port trunk allow-pass vlan 100
#
ip route-static 10.0.10.0 255.255.255.0 10.0.100.3
#
capwap source interface vlanif100
#
wlan
ac protect enable protect-ac 10.0.100.1 priority 1
traffic-profile name default
security-profile name depart
security wpa2 psk pass-phrase huawei123 aes
ssid-profile name depart
ssid LB
vap-profile name depart
service-vlan vlan-id 11
ssid-profile depart
security-profile depart
regulatory-domain-profile name default
ap-group name depart
radio 0
vap-profile depart wlan 1
radio 1
vap-profile depart wlan 1
radio 2
HCIP-Datacom-Core Technology Lab Guide Page 287

vap-profile depart wlan 1


ap-group name default
ap-id 0 type-id 56 ap-mac 00e0-fc6e-2890 ap-sn 210235448310F30CF56D
ap-name ap1
ap-group depart
ap-id 1 type-id 56 ap-mac 00e0-fcde-1990 ap-sn 210235448310FA145341
ap-name ap2
ap-group depart
provision-ap
#
Return
HCIP-Datacom-Core Technology Lab Guide Page 288

Reference Answers
Answers to the basic OSPF experiment
1. You can configure an interface a silent interface if this interface does not need to
establish an OSPF neighbor relationship, which reduces unnecessary OSPF packets
sending. In addition, the silent interface does not need to send OSPF packets.
2. The cost of a Type 2 external route remains unchanged within the OSPF area and is
equal to the cost (the default value is 1) configured when such a route is imported
into the OSPF area. The cost of a Type 1 external route within the OSPF area is the
sum of the cost of the Type 1 route and the cost of the route from the router to the
ASBR in the OSPF area.
3. When external routes are imported to the OSPF routing table on an ASBR, a Type 4
LSA is generated by an ABR in the area to which the ASBR belongs. The Type 4 LSA is
used to calculate the route destined for the ASBR.
4. A non-backbone area on the border of an AS can be configured as an NSSA if this
area needs to import external routes and has to avoid resource consumption caused
by the external routes.
5. A non-backbone area must be connected to backbone area 0. In addition, due to the
OSPF loop prevention mechanism, if area 0 is not contiguous, routes between non-
backbone areas may be missing, causing communication failures.

Answers to the basic IS-IS experiments


1. The following conditions must be met: The routers to which the interfaces belong
must be of the same level; the interfaces must be of the same level; the area IDs of
the devices must be the same; the IP addresses of the interfaces must be on the
same network segment.

Answers to the basic BGP experiments


1. Compared with physical interfaces, loopback interfaces are stable. Route redundancy
between peers can be used to ensure the reliability of a peer relationship. If a
physical interface is faulty, a BGP session is interrupted, even if IP connectivity
between peers is normal.
2. Summary routes automatically generated using the summarization route command
carry only the Aggregator attribute, but not the Atomic-Aggregate attribute.
Summary routes manually generated using the aggregate command carry the
Atomic-Aggregate attribute.
3. No, the Originator_ID and Cluster_List attributes are not carried. They are used to
prevent routing loops when RRs exist within an AS. EBGP peers use the AS_Path
attribute to prevent routing loops, which is independent of the Originator_ID and
Cluster_List attributes.
4. A route-policy can be used to implement this function, which is not recommended.
Deleting an AS number from the AS_Path attribute may cause routing loops between
ASs.
HCIP-Datacom-Core Technology Lab Guide Page 289

Answers to the routing policy and routing control experiments


1. Distance-vector routing protocols generate routes based on routing tables. Filter-
policies affect the routes to be accepted from neighbors and the routes to be
advertised to neighbors. Link-state routing protocols generate routes based on LSDBs,
and routing information is contained in link-state LSAs. The filter-policy, however,
cannot filter LSAs to be advertised and accepted. Therefore, the filter-policy affects
only the local routing table, but does not affect the LSA and LSDB integrity or the
protocol routing table. In addition, only the routes that match the filter-policy can be
added to the routing table, and the routes that do not match the filter-policy are not
added to the routing table.

Answers to the RSTP and MSTP experiments


1. Improvements in RSTP, compared with STP:
a) RSTP defines more port roles to simplify the learning and deployment of STP.
b) RSTP redefines port states.
c) RSTP changes the configuration BPDU format and uses the Flags field to
describe port roles.
d) RSTP processes configuration BPDUs differently from STP.
e) RSTP uses the P/A mechanism to implement fast convergence.
f) The protection function is added.

Answers to the multicast experiments


1. PIM-DM applies only to small-scale networks where multicast receivers are densely
distributed. PIM-DM spreads multicast traffic to the entire network in a harsh way. If
leaf nodes do not need multicast traffic, they do not need to use protocol packets to
prune themselves from the SPT. Consequently, on a large-scale network where
receivers are scattered, a large amount of unnecessary multicast traffic is generated,
and multicast protocol packets are frequently exchanged, wasting link bandwidth
and device resources.
2. PIM-SM uses the "push" mode. Multicast paths are established only when multicast
receivers exist. This mode consumes less device resources and link bandwidth.

Answers to the firewall technology experiments


1. The local zone defines a device itself, covering interfaces on the device. Adding an
interface to another security zone only indicates that the network connected to the
interface belongs to the zone. The traffic forwarded by the interface belongs to the
security zone that the interface joins. When the interface address of the device is
used as the source address to access an extranet, the source security zone is still the
local zone.

Answer to the VRRP experiments


HCIP-Datacom-Core Technology Lab Guide Page 290

1. If the actual IP address of an interface is the same as the virtual IP address of a VRRP
group, the priority of the VRRP group is 255.

Answer to the DHCP experiments


1. After receiving the DHCP Discover message from the DHCP relay agent, the DHCP
server selects an address pool on the same network segment as the GIADDR field
value in the message and assigns parameters, such as an IP address, to the client.

Answers to the WLAN experiments


1. After Layer 2 roaming is performed, STA remains in the original subnet. The FAP/FAC
forwards packets of Layer 2 roaming STAs in the same way as it forwards packets of
new online STAs. That is, packets of Layer 2 roaming STAs are directly forwarded on
the local network of the FAP/FAC and do not need to be forwarded back to the
HAP/HAC through the inter-AC tunnel. After Layer 3 roaming is performed, STAs
switch to different subnets. To enable the STAs to access the original network after
Layer 3 roaming is performed, ensure that user traffic is forwarded to the original
subnets over CAPWAP tunnels.
2. Only one CAPWAP tunnel exists. No CAPWAP tunnel exists between the AP and the
standby AC. Information on the standby AC is synchronized from the HSB.

You might also like