2023年全国职业院校技能大赛
GZ073网络系统管理赛项
模块A:网络构建
卷II
一. 拓扑图
二.有线网络配置
三.无线网络配置
四.出口网络配置
二、有线配置
S1.txt
S1#show running-config
Building configuration...
Current configuration : 5008 bytes
!
version RGOS 10.4(3b126)p3 Release(233492)(Thu Jun 24 17:06:37 CST 2021 -10x-62)
hostname S1
webmaster level 0 username admin password 7 111323081b44
!
!
!
!
!
!
diffserv domain default
!
!
!
!
!
!
no cwmp
!
!
mpls ip
!
!
!
ip vrf BG
rd 100:2
route-target both 1:2
route-target import 1:3
!
ip vrf GL
rd 100:3
route-target both 1:3
route-target import 1:2
route-target import 1:1
!
ip vrf SC
rd 100:1
route-target both 1:1
route-target import 1:3
!
!
!
!
vlan 1
!
vlan 11
!
vlan 12
!
vlan 13
!
vlan 14
!
!
no service password-encryption
!
!
!
!
!
!
!
!
!
!
!
!
!
!
ip ref tcp adjust-mss
!
!
!
!
!
control-plane
!
control-plane protocol
acpp bw-rate 1250 bw-burst-rate 2500
!
control-plane manage
port-filter
arp-car 5
acpp bw-rate 1250 bw-burst-rate 2500
!
control-plane data
glean-car 5
acpp bw-rate 1250 bw-burst-rate 2500
!
!
!
!
!
!
!
web-auth mac-check enable
!
!
!
!
!
enable secret 5 $1$ScLd$v41ut7vs6BxvF860
enable service web-server http
enable service web-server https
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface GigabitEthernet 0/0
ip ospf network point-to-point
ip address 10.1.0.1 255.255.255.252
label-switching
mpls ip
ipv6 address 2001:10:1::1/64
ipv6 enable
ipv6 ospf network point-to-point
ipv6 ospf 14 area 0
duplex auto
speed auto
!
interface GigabitEthernet 0/1
duplex auto
speed auto
!
interface GigabitEthernet 0/2
duplex auto
speed auto
!
interface GigabitEthernet 0/3
duplex auto
speed auto
!
interface GigabitEthernet 1/0
switchport mode trunk
!
interface GigabitEthernet 1/1
!
interface GigabitEthernet 1/2
!
interface GigabitEthernet 1/3
!
interface GigabitEthernet 1/4
!
interface GigabitEthernet 1/5
!
interface GigabitEthernet 1/6
!
interface GigabitEthernet 1/7
!
interface GigabitEthernet 1/8
!
interface GigabitEthernet 1/9
!
interface GigabitEthernet 1/10
!
interface GigabitEthernet 1/11
!
interface GigabitEthernet 1/12
!
interface GigabitEthernet 1/13
!
interface GigabitEthernet 1/14
!
interface GigabitEthernet 1/15
!
interface GigabitEthernet 1/16
!
interface GigabitEthernet 1/17
!
interface GigabitEthernet 1/18
!
interface GigabitEthernet 1/19
!
interface GigabitEthernet 1/20
!
interface GigabitEthernet 1/21
!
interface GigabitEthernet 1/22
!
interface GigabitEthernet 1/23
!
interface Loopback 0
ip address 10.0.0.1 255.255.255.255
!
interface Loopback 11
ip vrf forwarding SC
ip address 10.1.4.1 255.255.255.255
!
interface Loopback 12
ip vrf forwarding BG
ip address 10.1.4.2 255.255.255.255
!
interface Loopback 13
ip vrf forwarding GL
ip address 10.1.4.3 255.255.255.255
!
interface VLAN 11
ip vrf forwarding SC
ip ospf network point-to-point
ip address 10.1.1.1 255.255.255.252
!
interface VLAN 12
ip vrf forwarding BG
ip ospf network point-to-point
ip address 10.1.2.1 255.255.255.252
!
interface VLAN 13
ip vrf forwarding GL
ip ospf network point-to-point
ip address 10.1.3.1 255.255.255.252
!
interface VLAN 14
ipv6 address 2001:10:1:4::1/64
ipv6 enable
ipv6 ospf network point-to-point
ipv6 ospf 14 area 1
!
!
!
!
!
!
!
ipv6 router ospf 14
router-id 10.1.3.1
!
!
!
!
!
!
!
router bgp 100
no bgp default ipv4-unicast
bgp log-neighbor-changes
neighbor 10.0.0.22 remote-as 100
neighbor 10.0.0.22 update-source Loopback 0
!
address-family vpnv4 unicast
neighbor 10.0.0.22 activate
neighbor 10.0.0.22 send-community extended
exit-address-family
!
address-family ipv4 vrf SC
maximum-prefix 10000
redistribute ospf 11 match internal external
exit-address-family
!
address-family ipv4 vrf BG
maximum-prefix 10000
redistribute ospf 12 match internal external
exit-address-family
!
address-family ipv4 vrf GL
maximum-prefix 10000
redistribute ospf 13 match internal external
exit-address-family
!
!
!
!
router ospf 10
router-id 10.0.0.1
network 10.0.0.1 0.0.0.0 area 0
network 10.1.0.0 0.0.0.3 area 0
!
router ospf 11 vrf SC
router-id 10.1.4.1
redistribute bgp metric-type 1 subnets
network 10.1.1.0 0.0.0.3 area 0
network 10.1.3.0 0.0.0.3 area 0
network 10.1.4.1 0.0.0.0 area 0
network 10.1.4.3 0.0.0.0 area 0
!
router ospf 12 vrf BG
router-id 10.1.4.2
redistribute bgp metric-type 1 subnets
network 10.1.2.0 0.0.0.3 area 0
network 10.1.4.2 0.0.0.0 area 0
default-information originate always metric-type 1
!
router ospf 13 vrf GL
router-id 10.1.4.3
redistribute bgp metric-type 1 subnets
network 10.1.3.0 0.0.0.3 area 0
network 10.1.4.3 0.0.0.0 area 0
!
!
!
!
!
!
!
!
!
!
!
!
mpls router ldp
ldp router-id interface Loopback 0 force
exit
!
!
!
!
snmp-server host 192.1.100.100 traps version 2c Test@123
snmp-server enable traps
snmp-server community Test@123 rw
!
!
ref parameter 75 100
line con 0
line vty 0 4
login
!
!
end
S1#
S2.txt
S2#show running-config
Building configuration...
Current configuration : 4940 bytes
!
version RGOS 10.4(3b126)p3 Release(233492)(Thu Jun 24 17:06:37 CST 2021 -10x-62)
hostname S2
webmaster level 0 username admin password 7 092e111f2e0b
!
!
!
!
!
!
diffserv domain default
!
!
!
!
!
!
no cwmp
!
!
mpls ip
!
!
!
ip vrf BG
rd 100:2
route-target both 1:2
route-target import 1:3
!
ip vrf GL
rd 100:3
route-target both 1:3
route-target import 1:2
route-target import 1:1
!
ip vrf SC
rd 100:1
route-target both 1:1
route-target import 1:3
!
!
!
!
vlan 1
!
vlan 11
!
vlan 12
!
vlan 13
!
vlan 14
!
!
no service password-encryption
!
!
!
!
!
!
!
!
!
!
!
!
!
!
ip ref tcp adjust-mss
!
!
!
!
!
control-plane
!
control-plane protocol
acpp bw-rate 1250 bw-burst-rate 2500
!
control-plane manage
port-filter
arp-car 5
acpp bw-rate 1250 bw-burst-rate 2500
!
control-plane data
glean-car 5
acpp bw-rate 1250 bw-burst-rate 2500
!
!
!
!
!
!
!
web-auth mac-check enable
!
!
!
!
!
enable secret 5 $1$jhds$w4qutEt05D8A8srA
enable service web-server http
enable service web-server https
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface GigabitEthernet 0/0
ip ospf network point-to-point
ip address 10.2.0.1 255.255.255.252
label-switching
mpls ip
ipv6 address 2001:10:2::1/64
ipv6 enable
ipv6 ospf network point-to-point
ipv6 ospf 14 area 0
duplex auto
speed auto
!
interface GigabitEthernet 0/1
duplex auto
speed auto
!
interface GigabitEthernet 0/2
duplex auto
speed auto
!
interface GigabitEthernet 0/3
duplex auto
speed auto
!
interface GigabitEthernet 1/0
switchport mode trunk
!
interface GigabitEthernet 1/1
!
interface GigabitEthernet 1/2
!
interface GigabitEthernet 1/3
!
interface GigabitEthernet 1/4
!
interface GigabitEthernet 1/5
!
interface GigabitEthernet 1/6
!
interface GigabitEthernet 1/7
!
interface GigabitEthernet 1/8
!
interface GigabitEthernet 1/9
!
interface GigabitEthernet 1/10
!
interface GigabitEthernet 1/11
!
interface GigabitEthernet 1/12
!
interface GigabitEthernet 1/13
!
interface GigabitEthernet 1/14
!
interface GigabitEthernet 1/15
!
interface GigabitEthernet 1/16
!
interface GigabitEthernet 1/17
!
interface GigabitEthernet 1/18
!
interface GigabitEthernet 1/19
!
interface GigabitEthernet 1/20
!
interface GigabitEthernet 1/21
!
interface GigabitEthernet 1/22
!
interface GigabitEthernet 1/23
!
interface Loopback 0
ip address 10.0.0.2 255.255.255.255
!
interface Loopback 11
ip vrf forwarding SC
ip address 10.2.4.1 255.255.255.255
!
interface Loopback 12
ip vrf forwarding BG
ip address 10.2.4.2 255.255.255.255
!
interface Loopback 13
ip vrf forwarding GL
ip address 10.2.4.3 255.255.255.255
!
interface VLAN 11
ip vrf forwarding SC
ip ospf network point-to-point
ip address 10.2.1.1 255.255.255.252
!
interface VLAN 12
ip vrf forwarding BG
ip ospf network point-to-point
ip address 10.2.2.1 255.255.255.252
!
interface VLAN 13
ip vrf forwarding GL
ip ospf network point-to-point
ip address 10.2.3.1 255.255.255.252
!
interface VLAN 14
ipv6 address 2001:10:2:4::1/64
ipv6 enable
ipv6 ospf network point-to-point
ipv6 ospf 14 area 2
!
!
!
!
!
!
!
ipv6 router ospf 14
router-id 10.2.0.1
!
!
!
!
!
!
!
router bgp 100
no bgp default ipv4-unicast
bgp log-neighbor-changes
neighbor 10.0.0.22 remote-as 100
neighbor 10.0.0.22 update-source Loopback 0
!
address-family vpnv4 unicast
neighbor 10.0.0.22 activate
neighbor 10.0.0.22 send-community extended
exit-address-family
!
address-family ipv4 vrf SC
maximum-prefix 10000
redistribute ospf 11 match internal external
exit-address-family
!
address-family ipv4 vrf BG
maximum-prefix 10000
redistribute ospf 12 match internal external
exit-address-family
!
address-family ipv4 vrf GL
maximum-prefix 10000
redistribute ospf 13 match internal external
exit-address-family
!
!
!
!
router ospf 10
router-id 10.0.0.2
network 10.0.0.2 0.0.0.0 area 0
network 10.2.0.0 0.0.0.3 area 0
!
router ospf 11 vrf SC
router-id 10.2.4.1
redistribute bgp metric-type 1 subnets
network 10.2.1.0 0.0.0.3 area 0
network 10.2.4.1 0.0.0.0 area 0
!
router ospf 12 vrf BG
router-id 10.2.4.2
redistribute bgp metric-type 1 subnets
network 10.2.2.0 0.0.0.3 area 0
network 10.2.4.2 0.0.0.0 area 0
default-information originate always metric-type 1
!
router ospf 13 vrf GL
router-id 10.2.4.3
redistribute bgp metric-type 1 subnets
network 10.2.3.0 0.0.0.3 area 0
network 10.2.4.3 0.0.0.0 area 0
!
!
!
!
!
!
!
!
!
!
!
!
mpls router ldp
ldp router-id interface Loopback 0 force
exit
!
!
!
!
snmp-server host 192.1.100.100 traps version 2c Test@123
snmp-server enable traps
snmp-server community Test@123 rw
!
!
ref parameter 75 100
line con 0
line vty 0 4
login
!
!
end
S2#
S3.txt
S3#show running-config
Building configuration...
Current configuration: 4704 bytes
version S5310_RGOS 12.5(3)B0901P1
hostname S3
!
ip vrf BG
rd 100:2
route-target both 1:2
route-target import 1:3
!
ip vrf GL
rd 100:
route-target both 1:3
route-target import 1:1
route-target import 1:2
!
ip vrf SC
rd 100:1
route-target both 1:1
route-target import 1:3
!
no cwmp
!
service dhcp
!
ip dhcp pool vlan30
option 138 ip 10.3.1.12
network 10.1.30.0 255.255.255.0
default-router 10.1.30.254
!
ip dhcp pool vlan10
network 10.1.10.0 255.255.255.0
default-router 10.1.10.254
!
ip dhcp pool vlan20
network 10.1.20.0 255.255.255.0
default-router 10.1.20.254
!
install 0 S5310-24GT4XS-E
!
sysmac c470.abe6.4292
!
enable service web-server http
enable service web-server https
webmaster level 0 username admin secret 8 $1c$7eyy23uMQk$>`$|.d8$t,zzx>xl0$$:*`jt>:2tbdzl,zv8z2.x$
!
macc dhcp option 43 enable
!
nfpp
!
password policy printable-character-check
password policy min-size 8
password policy strong
service password-encryption
!
redundancy
!
enable service snmp-agent
ip ssh key-exchange dh_group_exchange_sha1 dh_group14_sha1 ecdh_sha2_nistp256 ecdh_sha2_nistp384 ecdh_sha2_nistp521
ip ssh cipher-mode ctr gcm
ip ssh hmac-algorithm sha2-256 sha2-512
!
login privilege log
enable secret 8 $1c$7eyy23uMQk$>`$|.d8$tzzx>xl0$$:*`jt>:2tbdzl,zv8z2.x$
no enable service telnet-server
!
vlan range 1,10-14,20,30,40
!
interface GigabitEthernet 0/1
!
interface GigabitEthernet 0/2
!
interface GigabitEthernet 0/3
!
interface GigabitEthernet 0/4
!
interface GigabitEthernet 0/5
!
interface GigabitEthernet 0/6
!
interface GigabitEthernt 0/7
!
interface GigabitEthernet 0/8
!
interface GigabitEthernet 0/9
!
interface GigabitEthernet 0/10
!
interface GigabitEthernet 0/11
!
interface GigabitEthernet 0/12
!
interface GigabitEthernet 0/13
!
interface GigabitEthernet 0/14
!
interface GigabitEthernet 0/15
!
interface GigabitEthernet 0/16
!
interface GigabitEthernet 0/17
!
interface GigabitEthernet 0/18
!
interface GigabitEthernet 0/19
!
interface GigabitEthernet 0/20
!
interface GigabitEthernet 0/21
switchport mode trunk
switchport trunk native vlan 30
switchport trunk allowed vlan only 10,20,30
!
interface GigabitEthernet 0/22
!
interface GigabitEthernet 0/23
!
interface GigabitEthernet 0/24
switchport mode trunk
!
interface TenGigabitEthernet 0/25
!
interface TenGigabitEthernet 0/26
!
interface TenGigabitEthernet 0/27
!
interface TenGigabitEthernet 0/28
!
interface Loopback 11
ip vrf forwarding SC
ip address 10.1.4.4 255.255.255.255
!
interface Loopback 12
ip vrf forwarding BG
ip address 10.1.4.5 255.255.255.255
!
interface Loopback 13
ip vrf forwarding GL
ip address 10.1.4.6 255.255.255.255
!
interface Loopback 14
ip address 10.1.4.7 255.255.255.255
!
interface VLAN 10
ip vrf forwarding SC
ip address 10.1.10.254 255.255.255.0
!
interface VLAN 11
ip vrf forwarding SC
ip address 10.1.1.2 255.255.255.252
ip ospf network point-to-point
!
interface VLAN 12
ip vrf forwarding BG
ip address 10.1.2.2 255.255.255.252
ip ospf network point-to-point
!
interface VLAN 13
ip vrf forwarding GL
ip address 10.1.3.2 255.255.255.252
ip ospf network point-to-point
!
interface VLAN 14
ipv6 address 2001:10:1:4::2/64
ipv6 enable
ipv6 ospf network point-to-point
ipv6 ospf 14 area 1
!
interface VLAN 20
ip vrf forwarding BG
ip address 10.1.20.254 255.255.255.0
!
interface VLAN 30
ip vrf forwarding GL
ip address 10.1.30.254 255.255.255.0
!
interface VLAN 40
ipv6 address 2001:10:1:40::254/64
ipv6 enable
ipv6 ospf 14 area 1
!
interface Mgmt 0
ip address mix dhcp
ip address mix 192.168.1.200 255.255.255.0
!
router ospf 11 vrf SC
router-id 10.1.4.4
graceful-restart
network 10.1.1.0 0.0.0.3 area 0
network 10.1.4.4 0.0.0.0 area 0
network 10.1.10.0 0.0.0.255 area 0
!
router ospf 12 vrf BG
router-id 10.1.4.5
graceful-restart
network 10.1.2.0 0.0.0.3 area 0
network 10.1.4.5 0.0.0.0 area 0
network 10.1.20.0 0.0.0.255 area 0
!
router ospf 13 vrf GL
router-id 10.1.4.6
graceful-restart
network 10.1.3.0 0.0.0.3 area 0
network 10.1.4.6 0.0.0.0 area 0
network 10.1.30.0 0.0.0.255 area 0
!
ipv6 router ospf 14
router-id 10.1.4.7
graceful-restart
!
snmp-server logging set-operation
snmp-server host 192.1.100.100 traps version 2c 7 $10$36e$wrJrIyqr9Zk=$
snmp-server enable traps
no snmp-server enable version v1
snmp-server enable version v2c
snmp-server enable version v3
snmp-server enable secret-dictionary-check
snmp-server community 7 $10$1ec$XUMd206AIQM=$ rw
!
line console 0
line vty 0 4
login
!
end
S3#
S4.txt
S4#show running-config
Building configuration...
Current configuration: 5022 bytes
version S5300_RGOS 12.5(3)B0901P1
hostname S4
!
errdisable recovery interval 300
!
rldp enable
!
ip vrf BG
rd 100:2
route-target both 1:2
route-target import 1:3
!
ip vrf GL
rd 100:3
route-target both 1:3
route-target import 1:1
route-target import 1:2
!
ip vrf SC
rd 100:1
route-target both 1:1
route-target import 1:3
!
username admin password 7 $10$293$aMS77G0GL/sHcnE=$
!
no cwmp
!
service dhcp
!
ip dhcp pool vlan30
option 138 ip 10.3.1.12
network 10.2.30.0 255.255.255.0
default-router 10.2.30.254
!
ip dhcp pool vlan10
network 10.2.10.0 255.255.255.0
default-router 10.2.10.254
!
ip dhcp pool vlan20
network 10.2.20.0 255.255.255.0
default-router 10.2.20.254
!
install 0 S5300-24GT4XS-E
!
sysmac c470.abee.3002
!
enable service web-server http
enable service web-server https
webmaster level 0 username admin secret 8 $1c$7eyy23uMQk$>`$|.d8$t,zzx>xl0$$:*`jt>:2tbdzl,zv8z2.x$
!
macc dhcp option 43 enable
!
nfpp
!
password policy printable-character-check
password policy min-size 8
password policy strong
service password-encryption
!
redundancy
!
enable service snmp-agent
ip ssh key-exchange dh_group_exchange_sha1 dh_group14_sha1 ecdh_sha2_nistp256 ecdh_sha2_nistp384 ecdh_sha2_nistp521
ip ssh cipher-mode ctr gcm
ip ssh hmac-algorithm sha2-256 sha2-512
!
login privilege log
enable secret 8 $1c$7eyy23uMQk$>`$|.d8$t,zzx>xl0$$:*`jt>:2tbdzl,zv8z2.x$
enable password 7 $10$1e4$uHvVz2nwIMcofth4$
enable service ssh-server
no enable service telnet-server
!
vlan range 1,10-14,20,30,40
!
interface GigabitEthernet 0/1
errdisable recovery interval 200
spanning-tree bpduguard enable
spanning-tree portfast
rldp port loop-detect shutdown-port
!
interface GigabitEthernet 0/2
!
interface GigabitEthernet 0/3
!
interface GigabitEthernet 0/4
!
interface GigabitEthernet 0/5
!
interface GigabitEthernet 0/6
!
interface GigabitEthernet 0/7
!
interface GigabitEthernet 0/8
!
interface GigabitEthernet 0/9
!
interface GigabitEthernet 0/10
!
interface GigabitEthernet 0/11
!
interface GigabitEthernet 0/12
!
interface GigabitEthernet 0/13
!
interface GigabitEthernet 0/14
!
interface GigabitEthernet 0/15
!
interface GigabitEthernet 0/16
!
interface GigabitEthernet 0/17
!
interface GigabitEthernet 0/18
!
interface GigabitEthernet 0/19
!
interface GigabitEthernet 0/20
!
interface GigabitEthernet 0/21
switchport mode trunk
switchport trunk native vlan 30
switchport trunk allowed vlan only 10,20,30
!
interface GigabitEthernet 0/22
!
interface GigabitEthernet 0/23
!
interface GigabitEthernet 0/24
switchport mode trunk
!
interface TenGigabitEthernet 0/25
!
interface TenGigabitEthernet 0/26
!
interface TenGigabitEthernet 0/27
!
interface TenGigabitEthernet 0/28
!
interface Loopback 11
ip vrf forwarding SC
ip address 10.2.4.4 255.255.255.255
!
interface Loopback 12
ip vrf forwarding BG
ip address 10.2.4.5 255.255.255.255
!
interface Loopback 13
ip vrf forwarding GL
ip address 10.2.4.6 255.255.255.255
!
interface Loopback 14
ip address 10.2.4.7 255.255.255.255
!
interface VLAN 10
ip vrf forwarding SC
ip address 10.2.10.254 255.255.255.0
!
interface VLAN 11
ip vrf forwarding SC
ip address 10.2.1.2 255.255.255.252
ip ospf network point-to-point
!
interface VLAN 12
ip vrf forwarding BG
ip address 10.2.2.2 255.255.255.252
ip ospf network point-to-point
!
interface VLAN 13
ip vrf forwarding GL
ip address 10.2.3.2 255.255.255.252
ip ospf network point-to-point
!
interface VLAN 14
ipv6 address 2001:10:2:4::2/64
ipv6 enable
ipv6 ospf network point-to-point
ipv6 ospf 14 area 2
!
interface VLAN 20
ip vrf forwarding BG
ip address 10.2.20.254 255.255.255.0
!
interface VLAN 30
ip vrf forwarding GL
ip address 10.2.30.254 255.255.255.0
!
interface VLAN 40
ipv6 address 2001:10:2:40::254/64
ipv6 enable
ipv6 ospf 14 area 2
!
interface Mgmt 0
ip address mix dhcp
ip address mix 192.168.1.200 255.255.255.0
!
router ospf 11 vrf SC
router-id 10.2.4.4
graceful-restart
network 10.2.1.0 0.0.0.3 area 0
network 10.2.4.4 0.0.0.0 area 0
network 10.2.10.0 0.0.0.255 area 0
!
router ospf 12 vrf BG
router-id 10.2.4.5
graceful-restart
network 10.2.2.0 0.0.0.3 area 0
network 10.2.4.5 0.0.0.0 area 0
network 10.2.20.0 0.0.0.255 area 0
!
router ospf 13 vrf GL
router-id 10.2.4.6
graceful-restart
network 10.2.3.0 0.0.0.3 area 0
network 10.2.4.6 0.0.0.0 area 0
network 10.2.30.0 0.0.0.255 area 0
!
ipv6 router ospf 14
router-id 10.2.4.7
graceful-restart
!
snmp-server logging set-operation
snmp-server host 192.1.100.100 traps version 2c 7 $10$185$RVOwUtYRQqk=$
snmp-server enable traps
no snmp-server enable version v1
snmp-server enable version v2c
snmp-server enable version v3
snmp-server enable secret-dictionary-check
snmp-server community 7 $10$1c6$ryWzcIOS6V8=$ rw
!
line console 0
line vty 0 4
login local
!
end
S4#
S5.txt
S5#show running-config
Building configuration...
Current configuration: 3163 bytes
version S5300_RGOS 12.5(3)B0901P1
hostname S5
!
ip vrf GL
rd 100:3
route-target both 1:3
route-target import 1:1
route-target import 1:2
!
no cwmp
!
install 0 S5300-24GT4XS-E
!
sysmac c470.abee.2e88
!
enable service web-server http
enable service web-server https
webmaster level 0 username admin secret 8 $1c$7eyy23uMQk$>`$|.d8$t,zzx>xl0$$:*`jt>:2tbdzl,zv8z2.x$
!
macc dhcp option 43 enable
!
nfpp
!
password policy printable-character-check
password policy min-size 8
password policy strong
service password-encryption
!
redundancy
!
enable service snmp-agent
ip ssh key-exchange dh_group_exchange_sha1 dh_group14_sha1 ecdh_sha2_nistp256 ecdh_sha2_nistp384 ecdh_sha2_nistp521
ip ssh cipher-mode ctr gcm
ip ssh hmac-algorithm sha2-256 sha2-512
!
login privilege log
enable secret 8 $1c$7eyy23uMQk$>`$|.d8$t,zzx>xl0$$:*`jt>:2tbdzl,zv8z2.x$
no enable service telnet-server
!
vlan 1
!
interface GigabitEthernet 0/1
no switchport
port-group 1 mode active
!
interface GigabitEthernet 0/2
no switchport
port-group 1 mode active
!
interface GigabitEthernet 0/3
!
interface GigabitEthernet 0/4
!
interface GigabitEthernet 0/5
!
interface GigabitEthernet 0/6
!
interface GigabitEthernet 0/7
!
interface GigabitEthernet 0/8
!
interface GigabitEthernet 0/9
!
interface GigabitEthernet 0/10
!
interface GigabitEthernet 0/11
!
interface GigabitEthernet 0/12
!
interface GigabitEthernet 0/13
!
interface GigabitEthernet 0/14
!
interface GigabitEthernet 0/15
!
interface GigabitEthernet 0/16
!
interface GigabitEthernet 0/17
!
interface GigabitEthernet 0/18
!
interface GigabitEthernet 0/19
!
interface GigabitEthernet 0/20
!
interface GigabitEthernet 0/21
no switchport
ip vrf forwarding GL
ip address 192.1.100.254 255.255.255.0
!
interface GigabitEthernet 0/22
!
interface GigabitEthernet 0/23
!
interface GigabitEthernet 0/24
no switchport
ip vrf forwarding GL
ip address 10.3.0.2 255.255.255.252
ip ospf network point-to-point
!
interface TenGigabitEthernet 0/25
!
interface TenGigabitEthernet 0/26
!
interface TenGigabitEthernet 0/27
!
interface TenGigabitEthernet 0/28
!
interface AggregatePort 1
no switchport
ip vrf forwarding GL
ip address 10.3.0.10 255.255.255.252
ip ospf network point-to-point
!
interface Loopback 0
ip vrf forwarding GL
ip address 10.3.1.5 255.255.255.255
!
interface Mgmt 0
ip address mix dhcp
ip address mix 192.168.1.200 255.255.255.0
!
router ospf 20 vrf GL
graceful-restart
redistribute static metric-type 1 subnets
network 10.3.0.0 0.0.0.3 area 0
network 10.3.0.8 0.0.0.3 area 0
network 10.3.1.5 0.0.0.0 area 0
network 192.1.100.0 0.0.0.255 area 0
!
ip route vrf GL 10.3.1.12 255.255.255.255 10.3.0.9
!
snmp-server logging set-operation
snmp-server host 192.1.100.100 traps version 2c 7 $10$050$qRM6ulo4LQ4=$
snmp-server enable traps
no snmp-server enable version v1
snmp-server enable version v2c
snmp-server enable version v3
snmp-server enable secret-dictionary-check
snmp-server community 7 $10$0df$HhKJgQFE4xM=$ rw
!
line console 0
line vty 0 4
login
!
end
S5#
S6.txt
S6#show running-config
Building configuration...
Current configuration: 2544 bytes
version S5300_RGOS 12.5(3)B0901P1
hostname S6
!
no cwmp
!
install 0 S5300-24GT4XS-E
!
sysmac c470.abee.2f5d
!
enable service web-server http
enable service web-server https
webmaster level 0 username admin secret 8 $1c$7eyy23uMQk$>`$|.d8$t,zzx>xl0$$:*`jt>:2tbdzl,zv8z2.x$
!
macc dhcp option 43 enable
!
nfpp
!
password policy printable-character-check
password policy min-size 8
password policy strong
service password-encryption
!
redundancy
!
enable service snmp-agent
ip ssh key-exchange dh_group_exchange_sha1 dh_group14_sha1 ecdh_sha2_nistp256 ecdh_sha2_nistp384 ecdh_sha2_nistp521
ip ssh cipher-mode ctr gcm
ip ssh hmac-algorithm sha2-256 sha2-512
!
login privilege log
enable secret 8 $1c$7eyy23uMQk$>`$|.d8$t,zzx>xl0$$:*`jt>:2tbdzl,zv8z2.x$
no enable service telnet-server
!
vlan range 1,10-11,20,30
!
interface GigabitEthernet 0/1
!
interface GigabitEthernet 0/2
!
interface GigabitEthernet 0/3
!
interface GigabitEthernet 0/4
!
interface GigabitEthernet 0/5
!
interface GigabitEthernet 0/6
!
interface GigabitEthernet 0/7
!
interface GigabitEthernet 0/8
!
interface GigabitEthernet 0/9
!
interface GigabitEthernet 0/10
!
interface GigabitEthernet 0/11
switchport mode trunk
switchport trunk native vlan 20
switchport trunk allowed vlan only 10-11,20
!
interface GigabitEthernet 0/12
!
interface GigabitEthernet 0/13
!
interface GigabitEthernet 0/14
!
interface GigabitEthernet 0/15
!
interface GigabitEthernet 0/16
!
interface GigabitEthernet 0/17
!
interface GigabitEthernet 0/18
!
interface GigabitEthernet 0/19
!
interface GigabitEthernet 0/20
!
interface GigabitEthernet 0/21
!
interface GigabitEthernet 0/22
!
interface GigabitEthernet 0/23
switchport mode trunk
!
interface GigabitEthernet 0/24
switchport mode trunk
!
interface TenGigabitEthernet 0/25
!
interface TenGigabitEthernet 0/26
!
interface TenGigabitEthernet 0/27
!
interface TenGigabitEthernet 0/28
!
interface VLAN 30
ip address 10.4.30.1 255.255.255.0
!
interface Mgmt 0
ip address mix dhcp
ip address mix 192.168.1.200 255.255.255.0
!
ip route 0.0.0.0 0.0.0.0 10.4.30.254
!
snmp-server logging set-operation
snmp-server host 192.1.100.100 traps version 2c 7 $10$0be$T3mo/4a8QBQ=$
snmp-server enable traps
no snmp-server enable version v1
snmp-server enable version v2c
snmp-server enable version v3
snmp-server enable secret-dictionary-check
snmp-server community 7 $10$378$P25zWkXTAwI=$ rw
!
line console 0
line vty 0 4
login
!
end
S6#
S7.txt
S7#show running-config
Building configuration...
Current configuration: 2443 bytes
version S5310_RGOS 12.5(3)B0901P1
hostname S7
!
no cwmp
!
install 0 S5310-24GT4XS-E
!
sysmac c470.abed.0ab1
!
enable service web-server http
enable service web-server https
webmaster level 0 username admin secret 8 $1c$7eyy23uMQk$>`$|.d8$t,zzx>xl0$$:*`jt>:2tbdzl,zv8z2.x$
!
macc dhcp option 43 enable
!
nfpp
!
password policy printable-character-check
password policy min-size 8
password policy strong
service password-encryption
!
redundancy
!
enable service snmp-agent
ip ssh key-exchange dh_group_exchange_sha1 dh_group14_sha1 ecdh_sha2_nistp256 ecdh_sha2_nistp384 ecdh_sha2_nistp521
ip ssh cipher-mode ctr gcm
ip ssh hmac-algorithm sha2-256 sha2-512
!
login privilege log
enable secret 8 $1c$7eyy23uMQk$>`$|.d8$t,zzx>xl0$$:*`jt>:2tbdzl,zv8z2.x$
no enable service telnet-server
!
vlan 1
!
interface GigabitEthernet 0/1
switchport mode trunk
!
interface GigabitEthernet 0/2
switchport mode trunk
!
interface GigabitEthernet 0/3
switchport mode trunk
!
interface GigabitEthernet 0/4
!
interface GigabitEthernet 0/5
!
interface GigabitEthernet 0/6
!
interface GigabitEthernet 0/7
!
interface GigabitEthernet 0/8
!
interface GigabitEthernet 0/9
!
interface GigabitEthernet 0/10
!
interface GigabitEthernet 0/11
!
interface GigabitEthernet 0/12
!
interface GigabitEthernet 0/13
!
interface GigabitEthernet 0/14
!
interface GigabitEthernet 0/15
!
interface GigabitEthernet 0/16
!
interface GigabitEthernet 0/17
!
interface GigabitEthernet 0/18
!
interface GigabitEthernet 0/19
!
interface GigabitEthernet 0/20
!
interface GigabitEthernet 0/21
!
interface GigabitEthernet 0/22
!
interface GigabitEthernet 0/23
!
interface GigabitEthernet 0/24
!
interface TenGigabitEthernet 0/25
!
interface TenGigabitEthernet 0/26
!
interface TenGigabitEthernet 0/27
!
interface TenGigabitEthernet 0/28
!
interface VLAN 1
ip address 17.1.1.4 255.255.255.248
!
interface Mgmt 0
ip address mix dhcp
ip address mix 192.168.1.200 255.255.255.0
!
ip route 0.0.0.0 0.0.0.0 17.1.1.1
!
snmp-server logging set-operation
snmp-server host 192.1.100.100 traps version 2c 7 $10$1e2$XJRsyxGJb1Y=$
snmp-server enable traps
no snmp-server enable version v1
snmp-server enable version v2c
snmp-server enable version v3
snmp-server enable secret-dictionary-check
snmp-server community 7 $10$2fb$VEuzX+aVd7c=$ rw
!
line console 0
line vty 0 4
login
!
end
S7#
R1.txt
R1#show running-config
Building configuration...
Current configuration : 2535 bytes
!
version RGOS 10.4(3b126)p3 Release(233492)(Thu Jun 24 17:06:37 CST 2021 -10x-62)
hostname R1
webmaster level 0 username admin password 7 092e111f2e0b
!
!
!
!
!
!
diffserv domain default
!
!
!
!
!
!
no cwmp
!
!
!
!
!
!
!
!
vlan 1
!
!
no service password-encryption
!
!
!
!
!
!
!
!
!
!
!
!
!
!
ip ref tcp adjust-mss
!
!
!
!
!
control-plane
!
control-plane protocol
acpp bw-rate 1250 bw-burst-rate 2500
!
control-plane manage
port-filter
arp-car 5
acpp bw-rate 1250 bw-burst-rate 2500
!
control-plane data
glean-car 5
acpp bw-rate 1250 bw-burst-rate 2500
!
!
!
!
!
!
!
web-auth mac-check enable
!
!
!
!
!
enable secret 5 $1$AXVk$2Fsqr9FCvxz414z9
enable service web-server http
enable service web-server https
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface GigabitEthernet 0/0
ip address 17.1.1.1 255.255.255.248
duplex auto
speed auto
!
interface GigabitEthernet 0/1
ip address 12.1.1.1 255.255.255.248
duplex auto
speed auto
!
interface GigabitEthernet 0/1.21
encapsulation dot1Q 21
ip address 21.1.1.1 255.255.255.248
!
interface GigabitEthernet 0/2
ip address 13.1.1.1 255.255.255.248
duplex auto
speed auto
!
interface GigabitEthernet 0/3
duplex auto
speed auto
!
interface GigabitEthernet 1/0
!
interface GigabitEthernet 1/1
!
interface GigabitEthernet 1/2
!
interface GigabitEthernet 1/3
!
interface GigabitEthernet 1/4
!
interface GigabitEthernet 1/5
!
interface GigabitEthernet 1/6
!
interface GigabitEthernet 1/7
!
interface GigabitEthernet 1/8
!
interface GigabitEthernet 1/9
!
interface GigabitEthernet 1/10
!
interface GigabitEthernet 1/11
!
interface GigabitEthernet 1/12
!
interface GigabitEthernet 1/13
!
interface GigabitEthernet 1/14
!
interface GigabitEthernet 1/15
!
interface GigabitEthernet 1/16
!
interface GigabitEthernet 1/17
!
interface GigabitEthernet 1/18
!
interface GigabitEthernet 1/19
!
interface GigabitEthernet 1/20
!
interface GigabitEthernet 1/21
!
interface GigabitEthernet 1/22
!
interface GigabitEthernet 1/23
!
interface Loopback 20
ip address 20.0.0.1 255.255.255.255
!
interface Loopback 30
ip address 30.0.0.1 255.255.255.255
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
snmp-server host 192.1.100.100 traps version 2c Test@123
snmp-server enable traps
snmp-server community Test@123 rw
!
!
ref parameter 75 100
line con 0
line vty 0 4
login
!
!
end
R1#
R2.txt
R2#show running-config
Building configuration...
Current configuration : 6679 bytes
!
version RGOS 10.4(3b126)p3 Release(233492)(Thu Jun 24 17:06:37 CST 2021 -10x-62)
hostname R2
webmaster level 0 username admin password 7 14134e00281c
!
!
!
!
!
!
diffserv domain default
!
!
!
!
!
!
no cwmp
!
!
mpls ip
!
!
!
ip vrf BG
rd 100:2
route-target both 1:2
route-target import 1:3
!
ip vrf GL
rd 100:3
route-target both 1:3
route-target import 1:2
route-target import 1:1
!
ip vrf SC
rd 100:1
route-target both 1:1
route-target import 1:3
!
!
!
!
vlan 1
!
!
username Test@123 password Test@123
no service password-encryption
!
!
!
!
!
!
!
!
!
!
!
!
!
!
ip ref tcp adjust-mss
!
!
ip access-list extended 101
30 permit ip host 12.1.1.2 host 17.1.1.2
40 permit ip host 12.1.1.2 host 17.1.1.3
50 permit ip host 12.1.1.2 host 13.1.1.2
!
!
ip access-list extended 110
10 permit ip any any
!
!
ipv6 access-list v6
10 permit ipv6 any any
!
ip local pool l2tp 172.16.0.3 172.16.0.254
!
!
!
!
!
control-plane
!
control-plane protocol
acpp bw-rate 1250 bw-burst-rate 2500
!
control-plane manage
port-filter
arp-car 5
acpp bw-rate 1250 bw-burst-rate 2500
!
control-plane data
glean-car 5
acpp bw-rate 1250 bw-burst-rate 2500
!
!
!
!
sip-ua
mode phone
sip-id RG-GATEWAY password RG-GATEWAY-SIP
!
!
!
!
!
web-auth mac-check enable
!
!
!
!
!
enable secret 5 $1$dF87$v810q2wp4uzEx21q
enable service web-server http
enable service web-server https
!
crypto isakmp policy 10
encryption 3des
authentication pre-share
hash md5
group 2
!
!
crypto isakmp key 7 14264f1e35327a7e56 address 17.1.1.3
crypto isakmp key 7 04031d152a237e4741 address 17.1.1.2
crypto isakmp key 7 011446502338576c50 address 13.1.1.2
crypto ipsec transform-set myset esp-3des esp-md5-hmac
mode transport
!
crypto map mymap 10 ipsec-isakmp
set peer 13.1.1.2
set peer 17.1.1.2
set peer 17.1.1.3
set transform-set myset
match address 101
!
!
!
!
!
vpdn enable
vpdn authorize domain
vpdn domain-delimiter @ prefix
!
vpdn-group 1
! Default L2TP VPDN group
domain Test vrf SC
accept-dialin
protocol l2tp
virtual-template 1
local name R1
source-ip 12.1.1.2
!
!
!
!
!
!
!
!
!
!
interface GigabitEthernet 0/0
ip address 12.1.1.2 255.255.255.248
crypto map mymap
ipv6 nat
duplex auto
speed auto
!
interface GigabitEthernet 0/0.21
encapsulation dot1Q 21
ip vrf forwarding BG
ip nat outside
ip address 21.1.1.2 255.255.255.248
!
interface GigabitEthernet 0/1
ip nat inside
ip ospf network point-to-point
ip address 10.1.0.2 255.255.255.252
label-switching
mpls ip
ipv6 address 2001:10:1::2/64
ipv6 enable
ipv6 ospf network point-to-point
ipv6 ospf 14 area 0
ipv6 nat
duplex auto
speed auto
!
interface GigabitEthernet 0/2
ip nat inside
ip ospf network point-to-point
ip address 10.2.0.2 255.255.255.252
label-switching
mpls ip
ipv6 address 2001:10:2::2/64
ipv6 enable
ipv6 ospf network point-to-point
ipv6 ospf 14 area 0
ipv6 nat
duplex auto
speed auto
!
interface GigabitEthernet 0/3
duplex auto
speed auto
!
interface GigabitEthernet 1/0
!
interface GigabitEthernet 1/1
!
interface GigabitEthernet 1/2
!
interface GigabitEthernet 1/3
!
interface GigabitEthernet 1/4
!
interface GigabitEthernet 1/5
!
interface GigabitEthernet 1/6
!
interface GigabitEthernet 1/7
!
interface GigabitEthernet 1/8
!
interface GigabitEthernet 1/9
!
interface GigabitEthernet 1/10
!
interface GigabitEthernet 1/11
!
interface GigabitEthernet 1/12
!
interface GigabitEthernet 1/13
!
interface GigabitEthernet 1/14
!
interface GigabitEthernet 1/15
!
interface GigabitEthernet 1/16
!
interface GigabitEthernet 1/17
!
interface GigabitEthernet 1/18
!
interface GigabitEthernet 1/19
!
interface GigabitEthernet 1/20
!
interface GigabitEthernet 1/21
!
interface GigabitEthernet 1/22
!
interface GigabitEthernet 1/23
!
interface Loopback 0
ip address 10.0.0.22 255.255.255.255
!
interface Loopback 1
ip vrf forwarding SC
ip address 172.16.0.2 255.255.255.0
!
interface Loopback 13
ip address 10.1.4.22 255.255.255.255
!
interface Virtual-Template 1
ppp authentication chap
ip unnumbered Loopback 1
peer default ip address pool l2tp
!
interface Tunnel 0
tunnel source GigabitEthernet 0/0
tunnel destination 13.1.1.2
ip vrf forwarding GL
ip address 172.17.0.2 255.255.255.0
!
ip nat inside source list 110 interface GigabitEthernet 0/0.21 vrf BG
!
!
!
!
!
!
ipv6 router ospf 14
router-id 10.1.4.22
default-information originate always metric-type 1
!
!
!
!
ipv6 nat prefix 2001:21:1::/96
ipv6 nat v6v4 pool v4 12.1.1.3 12.1.1.5 prefix-length 29
ipv6 nat v6v4 source list v6 pool v4
ipv6 nat v4v6 source 30.0.0.1 2001:21:1::2
!
!
!
router bgp 100
no bgp default ipv4-unicast
bgp log-neighbor-changes
neighbor 10.0.0.1 remote-as 100
neighbor 10.0.0.1 update-source Loopback 0
neighbor 10.0.0.2 remote-as 100
neighbor 10.0.0.2 update-source Loopback 0
!
address-family ipv4
redistribute ospf 20 match internal
exit-address-family
!
address-family vpnv4 unicast
neighbor 10.0.0.1 activate
neighbor 10.0.0.1 route-reflector-client
neighbor 10.0.0.1 send-community extended
neighbor 10.0.0.2 activate
neighbor 10.0.0.2 route-reflector-client
neighbor 10.0.0.2 send-community extended
exit-address-family
!
address-family ipv4 vrf BG
maximum-prefix 10000
network 0.0.0.0
exit-address-family
!
address-family ipv4 vrf SC
maximum-prefix 10000
redistribute ospf 30 match internal external
exit-address-family
!
address-family ipv4 vrf GL
maximum-prefix 10000
redistribute ospf 20 match internal external
redistribute ospf 30 match internal external
exit-address-family
!
!
!
!
router ospf 10
router-id 10.0.0.22
network 10.0.0.22 0.0.0.0 area 0
network 10.1.0.0 0.0.0.3 area 0
network 10.2.0.0 0.0.0.3 area 0
!
router ospf 20 vrf GL
redistribute bgp metric-type 1 subnets
network 10.1.4.22 0.0.0.0 area 0
network 172.17.0.0 0.0.0.255 area 0
!
router ospf 30 vrf SC
redistribute bgp metric-type 1 subnets
network 172.16.0.0 0.0.0.255 area 0
!
!
!
!
!
!
!
!
!
!
!
!
mpls router ldp
ldp router-id interface Loopback 0 force
exit
!
!
ip route 0.0.0.0 0.0.0.0 12.1.1.1
ip route vrf BG 0.0.0.0 0.0.0.0 GigabitEthernet 0/0.21 21.1.1.1
!
!
!
snmp-server host 192.1.100.100 traps version 2c Test@123
snmp-server enable traps
snmp-server community Test@123 rw
!
!
ref parameter 75 100
line con 0
line vty 0 4
login
!
!
end
R2#
R3.txt
R3#show running-config
Building configuration...
Current configuration : 3525 bytes
!
version RGOS 10.4(3b126)p3 Release(233492)(Thu Jun 24 17:06:37 CST 2021 -10x-62)
hostname R3
webmaster level 0 username admin password 7 0121474e3e16
!
!
!
!
!
!
diffserv domain default
!
!
!
!
!
!
no cwmp
!
!
!
!
!
ip vrf GL
rd 100:3
route-target both 1:3
route-target import 1:2
route-target import 1:1
!
!
!
!
vlan 1
!
!
no service password-encryption
!
!
!
!
!
!
!
!
!
!
!
!
!
!
ip ref tcp adjust-mss
!
!
ip access-list extended 101
10 permit ip host 13.1.1.2 host 12.1.1.2
!
!
ip access-list extended 110
10 permit ip any any
!
!
!
!
!
control-plane
!
control-plane protocol
acpp bw-rate 1250 bw-burst-rate 2500
!
control-plane manage
port-filter
arp-car 5
acpp bw-rate 1250 bw-burst-rate 2500
!
control-plane data
glean-car 5
acpp bw-rate 1250 bw-burst-rate 2500
!
!
!
!
!
!
!
web-auth mac-check enable
!
!
!
!
!
enable secret 5 $1$Qedj$65Dt0qAx084822zF
enable service web-server http
enable service web-server https
!
crypto isakmp policy 10
encryption 3des
authentication pre-share
hash md5
group 2
!
!
crypto isakmp key 7 13311759190143797f address 12.1.1.2
crypto ipsec transform-set myset esp-3des esp-md5-hmac
mode transport
!
crypto map mymap 10 ipsec-isakmp
set peer 12.1.1.2
set transform-set myset
match address 101
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface GigabitEthernet 0/0
duplex auto
speed auto
!
interface GigabitEthernet 0/1
ip vrf forwarding GL
ip nat outside
ip address 13.1.1.2 255.255.255.248
crypto map mymap
duplex auto
speed auto
!
interface GigabitEthernet 0/2
ip vrf forwarding GL
ip nat inside
ip ospf network point-to-point
ip address 10.3.0.1 255.255.255.252
duplex auto
speed auto
!
interface GigabitEthernet 0/3
duplex auto
speed auto
!
interface GigabitEthernet 1/0
!
interface GigabitEthernet 1/1
!
interface GigabitEthernet 1/2
!
interface GigabitEthernet 1/3
!
interface GigabitEthernet 1/4
!
interface GigabitEthernet 1/5
!
interface GigabitEthernet 1/6
!
interface GigabitEthernet 1/7
!
interface GigabitEthernet 1/8
!
interface GigabitEthernet 1/9
!
interface GigabitEthernet 1/10
!
interface GigabitEthernet 1/11
!
interface GigabitEthernet 1/12
!
interface GigabitEthernet 1/13
!
interface GigabitEthernet 1/14
!
interface GigabitEthernet 1/15
!
interface GigabitEthernet 1/16
!
interface GigabitEthernet 1/17
!
interface GigabitEthernet 1/18
!
interface GigabitEthernet 1/19
!
interface GigabitEthernet 1/20
!
interface GigabitEthernet 1/21
!
interface GigabitEthernet 1/22
!
interface GigabitEthernet 1/23
!
interface Loopback 0
ip vrf forwarding GL
ip address 10.3.1.3 255.255.255.255
!
interface Tunnel 0
tunnel vrf GL
tunnel source GigabitEthernet 0/1
tunnel destination 12.1.1.2
ip vrf forwarding GL
ip address 172.17.0.3 255.255.255.0
!
ip nat inside source list 110 interface GigabitEthernet 0/1 vrf GL
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
router ospf 20 vrf GL
network 10.3.0.0 0.0.0.3 area 0
network 10.3.1.3 0.0.0.0 area 0
network 172.17.0.0 0.0.0.255 area 0
default-information originate always metric-type 1
!
!
!
!
!
!
!
!
!
!
!
!
!
ip route vrf GL 0.0.0.0 0.0.0.0 13.1.1.1
!
!
!
snmp-server host 192.1.100.100 traps version 2c Test@123
snmp-server enable traps
snmp-server community Test@123 rw
!
!
ref parameter 75 100
line con 0
line vty 0 4
login
!
!
end
R3#
三、无线配置
VAC.txt
VAC#show running-config
Building configuration...
Current configuration: 3298 bytes
version AC_RGOS 11.9(2)B2P15, Release(09182118)
hostname VAC
!
wlan-config 1 BJ_SC_DOT1X_XX
ssid-code utf-8
wlan-based per-user-limit up-streams average-data-rate 1000 burst-data-rate 1600
tunnel local
!
wlan-config 2 BJ_BG_WEB_XX
ssid-code utf-8
wlan-based per-user-limit up-streams average-data-rate 1000 burst-data-rate 1600
tunnel local
!
wlan-config 3 GZ_SC_DOT1X_XX
ssid-code utf-8
wlan-based per-user-limit up-streams average-data-rate 1000 burst-data-rate 1600
tunnel local
!
wlan-config 4 GZ_SC_WEB_XX
ssid-code utf-8
wlan-based per-user-limit up-streams average-data-rate 1000 burst-data-rate 1600
tunnel local
!
ap-group Admin_BJ
interface-mapping 1 10 ap-wlan-id 1
interface-mapping 2 20 ap-wlan-id 2
!
ap-group Admin_GZ
interface-mapping 3 10 ap-wlan-id 1
interface-mapping 4 11 ap-wlan-id 2
!
ap-group default
!
ap-config all
!
ac-controller
country CN
802.11g network rate 1 disabled
802.11g network rate 2 isabled
802.11g network rate 5 disabled
802.11g network rate 6 supported
802.11g network rate 9 supported
802.11g network rate 11 mandatory
802.11g network rate 12 supported
802.11g network rate 18 supported
802.11g network rate 24 supported
802.11g network rate 36 supported
802.11g network rate 48 supported
802.11g network rate 54 supported
802.11b network rate 1 disabled
802.11b network rate 2 disabled
802.11b network rate 5 disabled
802.11b network rate 11 mandatory
802.11a network rate 6 mandatory
802.11a network rate 9 supported
802.11a network rate 12 mandatory
802.11a network rate 18 supported
802.11a network rate 24 mandatory
802.11a network rate 36 supported
802.11a network rate 48 supported
802.11a network rate 54 supported
!
no identify-application enable
!
cwmp
acs url http://devicereg.ruijienetworks.com/service/tr069servlet
cpe inform
!
install switch 1 WS6008
install switch 2 WS6008
install 1/0 WS6008
install 2/0 WS6008
!
sysmac c470.abe7.3825
!
enable service web-server http
enable service web-server https
webmaster level 0 username admin password 7 0242473a11086f517c41
no service password-encryption
!
redundancy
!
link-check disable
!
nfpp
!
wids
!
frn
!
vlan 1
!
interface GigabitEthernet 1/0/1
!
interface GigabitEthernet 1/0/2
no switchport
port-group 1 mode active
!
interface GigabitEthernet 1/0/3
!
interface GigabitEthernet 1/0/4
!
interface GigabitEthernet 1/0/5
!
interface GigabitEthernet 1/0/6
!
interface GigabitEthernet 1/0/7
!
interface GigabitEthernet 1/0/8
!
interface GigabitEthernet 2/0/1
!
interface GigabitEthernet 2/0/2
no switchport
port-group 1 mode active
!
interface GigabitEthernet 2/0/3
!
interface GigabitEthernet 2/0/4
!
interface GigabitEthernet 2/0/5
!
interface GigabitEthernet 2/0/6
!
interface GigabitEthernet 2/0/7
!
interface GigabitEthernet 2/0/8
!
interface AggregatePort 1
no switchport
ip address 10.3.0.9 255.255.255.252
!
interface Loopback 0
ip address 10.3.1.12 255.255.255.255
!
virtual-ac domain 1
!
ip route 0.0.0.0 0.0.0.0 10.3.0.10
!
snmp-server host 192.1.100.100 traps version 2c Test@123
snmp-server enable traps
snmp-server community Test@123 rw
!
line console 0
line vty 0 4
login
!
end
VAC#show ap-config running
Building configuration...
Current configuration: 209 bytes
!
ap-config AP1
ap-mac 300d.9e8a.37c2
ap-group Admin_BJ
sta-limit 25
!
ap-config AP2
ap-mac 300d.9e8a.38d2
ap-group Admin_BJ
!
ap-config AP3
ap-mac 300d.9e8a.379a
ap-group Admin_GZ
!
end
VAC#
四、出口网络配置
GW1.txt
GW1#show running-config
Building configuration...
Current configuration: 8492 bytes
version EG_RGOS 11.9(4)B12P5
hostname GW1
!
ap-group default
!
ap-config all
!
ac-controller
ac-control disable
country CN
802.11g network rate 1 disabled
802.11g network rate 2 disabled
802.11g network rate 5 disabled
802.11g network rate 6 supported
802.11g network rate 9 supported
802.11g network rate 11 mandatory
802.11g network rate 12 supported
802.11g network rate 18 supported
802.11g network rate 24 supported
802.11g network rate 36 supported
802.11g network rate 48 supported
802.11g network rate 54 supported
802.11b network rate 1 disabled
802.11b network rate 2 disabled
802.11b network rate 5 disabled
802.11b network rate 11 mandatory
802.11a network rate 6 mandatory
802.11a network rate 9 supported
802.11a network rate 12 mandatory
802.11a network rate 18 supported
802.11a network rate 24 mandatory
802.11a network rate 36 supported
802.11a network rate 48 supported
802.11a network rate 54 supported
!
app-auth offline-detect
!
app-auth cfg-opt id-mac
app-auth cfg-optsyn-proxy
app-auth cfg-opt tup-pass
!
app-auth set-mode business
!
app-auth local-auth subscriber mac-limit 0
!
app-auth wx-state direct
ip session filter 0
flow-pre-mgr enable
flow-pre-mgr protocol-enable
!
flow-pre-mgr upload-pps-limit virtual-host limit 5000
flow-pre-mgr upload-pps-limit 5000
!
flow-pre-mgr new-session-limit start-up limit 0
flow-pre-mgr new-session-limit virtual-host limit 1000
flow-pre-mgr new-session-limit real-host limit 300
!
flow-pre-mgr total-limit 0
flow-pre-mgr 1 subscriber any action trust total-limit 0 per-ip-limit 3000
!
ip access-list standard 1
10 permit any
!
ip access-list extended 101
10 permit ip host 17.1.1.2 host 12.1.1.2
!
ip access-list extended 110
10 permit ip any any
!
ip access-list extended 2397
10 deny ospf any any
20 deny 112 any any
30 deny icmp any any
40 deny udp any eq domain any
50 deny tcp any any eq www
60 deny tcp any any eq 443
1000 permit ip any any
list-remark
!
servctl service police_log off
servctl service npm off
servctl service sslvpn off
servctl service rlog off
servctl service was off
servctl service apm off
wids
!
ip tcp keepalive
!
identify-application enable
!
identify-application custom-group Ӧoute
app-add WEBӦ
app-add WEBӦ
app-add PC
app-add HTTP
app-add HTTP
app-add WEB
app-add WEB
app-add
app-add ƽ
app-add
app-add
app-add ͨѶ
app-add
app-add Զ
app-add
app-add ͨѶ_MOBILE
app-add _MOBILE
app-add WEB_MOBILE
app-add _MOBILE
!
identify-application custom-group oute
app-add
app-add P2PӦ
!
identify-application custom-group Ӧoute
app-add HTTP
app-add |ӰOBILE
!
identify-application custom-group Ӧoute
app-add HTTP
app-add HTTP
app-add
app-add Ӳ
app-add _MOBILE
app-add _MOBILE
!
identify-application custom-group ~route
app-add
app-add
app-add
!
identify-application custom-group QQӦoute
app-add Ӣ
app-add Ӣ¼
!
app-proxy expect enable
no ssl-audit mode
!
anti-pap set-node 0
url-filter-notice display Ա
no url-audit exact-filter
no url-rule apply-referer
!
no report-function enable
!
no cwmp
!
dev-audit enable
service dhcp
!
ip dhcp pool pool_Gi0/0
lease 0 0 1
network 192.168.1.0 255.255.255.0 192.168.1.17 192.168.1.254
dns-server 114.114.114.114
default-router 192.168.1.1
!
ip dhcp pool vlan10
network 10.4.10.0 255.255.255.0
default-router 10.4.10.254
!
ip dhcp pool vlan11
network 10.4.11.0 255.255.255.0
default-router 10.4.11.254
!
ip dhcp pool vlan20
option 138 ip 10.3.1.12
network 10.4.20.0 255.255.255.0
default-router 10.4.20.254
!
ip name-server 114.114.114.114
!
dns-proxy
!
mail-service enable
feedback frequency 60
flow-audit enable
flow-audit intf-rt refresh 1
flow-audit intf-rt storage 10 max
link-sam flowrate 22
ipfix syn-del 1
!
multi-ace
mode master
master ip 0.0.0.0
master port 2010
listen-port 2010
!
crypto isakmp policy 10
encryption 3des
authentication pre-share
hash md5
group 2
!
crypto isakmp key 7 0377320b121e527d46 address 12.1.1.2
crypto ipsec transform-set myset esp-3des esp-md5-hmac
mode transport
!
crypto map mymap 10 ipsec-isakmp
set peer 12.1.1.2
set transform-set myset
match address 101
!
layer23 classify enable
!
layer23 scc-attention enable
!
network-group name "Out_Server" parent "/"
!
line-quality enable
!
sys-mode gateway
!
specify interface GigabitEthernet 0/0 wan
specify interface GigabitEthernet 0/1 lan
specify interface GigabitEthernet 0/2 lan
specify interface GigabitEthernet 0/3 lan
specify interface GigabitEthernet 0/4 lan
specify interface GigabitEthernet 0/5 lan
specify interface GigabitEthernet 0/6 wan
specify interface GigabitEthernet 0/7 wan
specify interface GigabitEthernet 0/8 wan
!
no nat-log enable
no ip nat-log on
!
password policy min-size 6
password policy strong
no service password-encryption
!
ip http port 80
ip http secure-port 4430
enable service web-server all
enable service web-server http
enable service web-server https
no rnfp-ping-reply enable
!
control-plane
ef-rnfp enable
security deny wan-web
security deny wan-telnet-ssh
anti-arp-spoof scan 20
attack threshold 500
!
control-plane protocol
scpp list 2397 bw-rate 3600 bw-burst-rate 3600
no acpp
!
control-plane manage
port-filter
arp-car 20 log
scpp list 2397 bw-rate 3600 bw-burst-rate 3600
no acpp
!
control-plane data
no glean-car
scpp list 2397 bw-rate 3600 bw-burst-rate 3600
no acpp
!
no upnp-proxy offline-detect
no defend-zone global
!
no seczone enable
no seczone syslog enable
!
l2tp-class l2x
hostname GW1
!
pseudowire-class pw
encapsulation l2tpv2
protocol l2tpv2 l2x
ip local interface GigabitEthernet 0/0
!
vpdn limit_rate 15
!
link-check disable
!
webmaster username admin password 7 154b092c1b25
frn
!
interface GigabitEthernet 0/0
ip address 17.1.1.2 255.255.255.248
crypto map mymap
ip nat outside
!
interface GigabitEthernet 0/1
!
interface GigabitEthernet 0/1.10
encapsulation dot1Q 10
ip address 10.4.10.254 255.255.255.0
vrrp 10 ip 10.4.10.254
ip ospf network point-to-point
ip ospf cost 5
ip nat inside
!
interface GigabitEthernet 0/1.11
encapsulation dot1Q 11
ip address 10.4.11.254 255.255.255.0
vrrp 11 ip 10.4.11.253
ip ospf network point-to-point
ip ospf cost 10
ip nat inside
!
interface GigabitEthernet 0/1.20
encapsulation dot1Q 20
ip address 10.4.20.254 255.255.255.0
vrrp 20 ip 10.4.20.254
ip ospf network point-to-point
ip ospf cost 5
ip nat inside
!
interface GigabitEthernet 0/1.30
encapsulation dot1Q 30
ip address 10.4.30.254 255.255.255.0
vrrp 30 ip 10.4.30.254
ip ospf network point-to-point
ip ospf cost 5
ip nat inside
!
interface GigabitEthernet 0/2
!
interface GigabitEthernet 0/3
!
interface GigabitEthernet 0/4
!
interface GigabitEthernet 0/5
!
interface GigabitEthernet 0/6
!
interface GigabitEthernet 0/7
!
interface GigabitEthernet 0/8
!
interface Loopback 0
ip address 10.4.1.1 255.255.255.255
!
interface Virtual-ppp 1
ip address 172.16.0.3 255.255.255.0
ppp chap hostname Test@123
ppp chap password 0 Test@123
pseudowire 12.1.1.2 12 encapsulation l2tpv2 pw-class pw
!
interface SSLVPN 0
!
interface SSLVPN 1
!
app route switch
app route mode new-flow
!
router ospf 30
graceful-restart
network 10.4.1.1 0.0.0.0 area 0
network 10.4.10.0 0.0.0.255 area 0
network 10.4.11.0 0.0.0.255 area 0
network 10.4.20.0 0.0.0.255 area 0
network 10.4.30.0 0.0.0.255 area 0
network 172.16.0.0 0.0.0.255 area 0
!
ip nat pool nat_pool prefix-length 29
address interface GigabitEthernet 0/0 match interface GigabitEthernet 0/0
!
ip nat inside source list 110 pool nat_pool overload
!
ip route 0.0.0.0 0.0.0.0 17.1.1.1
!
snmp-server host 192.1.100.100 traps version 2c Test@123
snmp-server enable traps
snmp-server community Test@123 rw
!
line console 0
line vty 0 4
login
!
end
GW1#
GW2.txt
GW2#show running-config
Building configuration...
Current configuration: 8510 bytes
version EG_RGOS 11.9(4)B12P5
hostname GW2
!
ap-group default
!
ap-config all
!
ac-controller
ac-control disable
country CN
802.11g network rate 1 disabled
802.11g network rate 2 disabled
802.11g network rate 5 disabled
802.11g network rate 6 supported
802.11g network rate 9 supported
802.11g network rate 11 mandatory
802.11g network rate 12 supported
802.11g network rate 18 supported
802.11g network rate 24 supported
802.11g network rate 36 supported
802.11g network rate 48 supported
802.11g network rate 54 supported
802.11b network rate 1 disabled
802.11b network rate 2 disabled
802.11b network rate 5 disabled
802.11b network rate 11 mandatory
802.11a network rate 6 mandatory
802.11a network rate 9 supported
802.11a network rate 12 mandatory
802.11a network rate 18 supported
802.11a network rate 24 mandatory
802.11a network rate 36 supported
802.11a network rate 48 supported
802.11a network rate 54 supported
!
app-auth offline-detect
!
app-auth cfg-opt id-mac
app-auth cfg-opt syn-proxy
app-auth cfg-opt tup-pass
!
app-auth set-mode business
!
app-auth local-auth subscriber mac-limit 0
!
app-auth wx-state direct
ip session filter 0
flow-pre-mgr enable
flow-pre-mgr protocol-enable
!
flow-pre-mgr upload-pps-limit virtual-host limit 5000
flow-pre-mgr upload-pps-limit 5000
!
flow-pre-mgr new-session-limit start-up limit 0
flow-pre-mgr new-session-limit virtual-host limit 1000
flow-pre-mgr new-session-limit real-host limit 300
!
flow-pre-mgr total-limit 0
flow-pre-mgr 1 subscriber any action trust total-limit 0 per-ip-limit 3000
!
ip access-list standard 1
10 permit any
!
ip access-list extended 101
10 permit ip host 17.1.1.3 host 12.1.1.2
!
ip access-list extended 110
10 permit ip any any
!
ip access-list extended 2397
10 deny ospf any any
20 deny 112 any any
30 deny icmp any any
40 deny udp any eq domain any
50 deny tcp any any eq www
60 deny tcp any any eq 443
1000 permit ip any any
list-remark
!
servctl service was off
servctl service police_log off
servctl service rlog off
servctl service npm off
servctl service apm off
servctl service sslvpn off
wids
!
ip tcp keepalive
!
identify-application enable
!
identify-application custom-group Ӧoute
app-add WEBӦ
app-add WEBӦ
app-add PC
app-add HTTP
app-add HTTP
app-add WEB
app-add WEB
app-add
app-add ƽ
app-add
app-add
app-add ͨѶ
app-add
app-add Զ
app-add
app-add ͨѶ_MOBILE
app-add _MOBILE
app-add WEB_MOBILE
app-add _MOBILE
!
identify-application custom-group oute
app-add
app-add P2PӦ
!
identify-application custom-group Ӧoute
app-add HTTP
app-add |ӰOBILE
!
identify-application custom-group Ӧoute
app-add HTTP
app-add HTTP
app-add
app-add Ӳ
app-add _MOBILE
app-add _MOBILE
!
identify-application custom-group ~route
app-add
app-add
app-add
!
identify-application custom-group QQӦoute
app-add Ӣ
app-add Ӣ¼
!
app-proxy expect enable
no ssl-audit mode
!
anti-pap set-node 0
url-filter-notice display Ա
no url-audit exact-filter
no url-rule apply-referer
!
no report-function enable
!
no cwmp
!
dev-audit enable
service dhcp
!
ip dhcp pool pool_Gi0/0
lease 0 0 1
network 192.168.1.0 255.255.255.0 192.168.1.17 192.168.1.254
dns-server 114.114.114.114
default-router 192.168.1.1
!
ip dhcp pool vlan10
network 10.4.10.0 255.255.255.0
default-router 10.4.10.254
!
ip dhcp pool vlan11
network 10.4.11.0 255.255.255.0
default-router 10.4.11.254
!
ip dhcp pool vlan20
opton 138 ip 10.3.1.12
network 10.4.20.0 255.255.255.0
default-router 10.4.20.254
!
ip name-server 114.114.114.114
!
dns-proxy
!
mail-service enable
feedback frequency 60
flow-audit enable
flow-audit intf-rt refresh 1
flow-audit intf-rt storage 10 max
link-sam flowrate 22
ipfix syn-del 1
!
multi-ace
mode master
master ip 0.0.0.0
master port 2010
listen-port 2010
!
crypto isakmp policy 10
encryption 3des
authentication pre-share
hash md5
group 2
!
crypto isakmp key 7 091b1001332543185e address 12.1.1.2
crypto ipsec transform-set myset esp-3des esp-md5-hmac
mode transport
!
crypto map mymap 10 ipsec-isakmp
set peer 12.1.1.2
set transform-set myset
match address 101
!
layer23 classify enable
!
layer23 scc-attention enable
!
network-group name "Out_Server" parent "/"
!
line-quality enable
!
sys-mode gateway
!
specify interface GigabitEthernet 0/0 wan
specify interface GigabitEthernet 0/1 lan
specify interface GigabitEthernet 0/2 lan
specify interface GigabitEthernet 0/3 lan
specify interface GigabitEthernet 0/4 lan
specify interface GigabitEthernet 0/5 lan
specify interface GigabitEthernet 0/6 wan
specify interface GigabitEthernet 0/7 wan
specify interface GigabitEthernet 0/8 wan
!
no nat-log enable
no ip nat-log on
!
password policy min-size 6
password policy strong
no service password-encryption
!
ip http port 80
ip http secure-port 4430
enable service web-server all
enable service web-server http
enable service web-server https
no rnfp-ping-reply enable
!
control-plane
ef-rnfp enable
security deny wan-web
security deny wan-telnet-ssh
anti-arp-spoof scan 20
attack threshold 500
!
control-plane protocol
scpp list 2397 bw-rate 3600 bw-burst-rate 3600
no acpp
!
control-plane manage
port-filter
arp-car 20 log
scpp list 2397 bw-rate 3600 bw-burst-rate 3600
no acpp
!
control-plane data
no glean-car
scpp list 2397 bw-rate 3600 bw-burst-rate 3600
no acpp
!
no upnp-proxy offline-detect
no defend-zone global
!
no seczone enable
no seczone syslog enable
!
l2tp-class l2x
hostname GW2
!
pseudowire-class pw
encapsulation l2tpv2
protocol l2tpv2 l2x
ip local interface GigabitEthernet 0/0
!
vpdn limit_rate 15
!
link-check disable
!
webmaster username admin password 7 092e111f2e0b
frn
!
interface GigabitEthernet 0/0
ip address 17.1.1.3 255.255.255.248
crypto map mymap
ip nat outside
!
interface GigabitEthernet 0/1
ip nat inside
!
interface GigabitEthernet 0/1.10
encapsulation dot1Q 10
ip address 10.4.10.253 255.255.255.0
vrrp 10 ip 10.4.10.254
ip ospf network point-to-point
ip ospf cost 10
ip nat inside
!
interface GigabitEthernet 0/1.11
encapsulation dot1Q 11
ip address 10.4.11.253 255.255.255.0
vrrp 11 ip 10.4.11.253
ip ospf network point-to-point
ip ospf cost 5
ip nat inside
!
interface GigabitEthernet 0/1.20
encapsulation dot1Q 20
ip address 10.4.20.253 255.255.255.0
vrrp 20 ip 10.4.20.254
ip ospf network point-to-point
ip ospf cost 10
ip nat inside
!
interface GigabitEthernet 0/1.30
encapsulation dot1Q 30
ip address 10.4.30.253 255.255.255.0
vrrp 30 ip 10.4.30.254
ip ospf network point-to-point
ip ospf cost 10
ip nat inside
!
interface GigabitEthernet 0/2
!
interface GigabitEthernet 0/3
!
interface GigabitEthernet 0/4
!
interface GigabitEthernet 0/5
!
interface GigabitEthernet 0/6
!
interface GigabitEthernet 0/7
!
interface GigabitEthernet 0/8
!
interface Loopback 0
ip address 10.4.1.2 255.255.255.255
!
interface Virtual-ppp 1
ip address 172.16.0.4 255.255.255.0
ppp chap hostname Test@123
ppp chap password 0 Test@123
pseudowire 12.1.1.2 12 encapsulation l2tpv2 pw-class pw
!
interface SSLVPN 0
!
interface SSLVPN 1
!
app route switch
app route mode new-flow
!
router ospf 30
graceful-restart
network 10.4.1.2 0.0.0.0 area 0
network 10.4.10.0 0.0.0.255 area 0
network 10.4.11.0 0.0.0.255 area 0
network 10.4.20.0 0.0.0.255 area 0
network 10.4.30.0 0.0.0.255 area 0
network 172.16.0.0 0.0.0.255 area 0
!
ip nat pool nat_pool prefix-length 29
address interface GigabitEthernet 0/0 match interface GigabitEthernet 0/0
!
ip nat inside source list 110 pool nat_pool overload
!
ip route 0.0.0.0 0.0.0.0 17.1.1.1
!
snmp-server host 192.1.100.100 traps version 2c Test@123
snmp-server enable traps
snmp-server community Test@123 rw
!
line console 0
line vty 0 4
login
!
end
GW2#