Scribd
Upload
148 views32 pages

Network Configuration for CE and PE Devices

This document contains configuration files for several network devices, including CE1, CE2, CE3, CE4, PE1, and PE2. CE1 and CE2 contain ACL and interface configurations. PE1 connects CE1 and CE2 through VPN instances and BGP routing, with MPLS enabled on its interfaces. PE2 is also configured for VPNs and BGP routing to connect to other devices.

Uploaded by

Adnan Khan
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
148 views32 pages

Network Configuration for CE and PE Devices

This document contains configuration files for several network devices, including CE1, CE2, CE3, CE4, PE1, and PE2. CE1 and CE2 contain ACL and interface configurations. PE1 connects CE1 and CE2 through VPN instances and BGP routing, with MPLS enabled on its interfaces. PE2 is also configured for VPNs and BGP routing to connect to other devices.

Uploaded by

Adnan Khan
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as TXT, PDF, TXT or read online on Scribd

Lab 1

*** CE1
#
bfd
#
acl number 2000
rule 5 deny source [Link] 0
rule 10 permit source [Link] [Link]
rule 15 deny
#
acl number 3000
rule 5 permit tcp destination-port range 6881 6999 time-range worktime
#

#
nat address-group 1 [Link] [Link]
#
interface GigabitEthernet0/0/0
ip address [Link] [Link]
#
interface GigabitEthernet0/0/1
#
interface GigabitEthernet0/0/1.1
dot1q termination vid 10
ip address [Link] [Link]
arp broadcast enable
#
interface GigabitEthernet0/0/1.2
dot1q termination vid 20
ip address [Link] [Link]
arp broadcast enable
#
interface GigabitEthernet0/0/2
#
interface GigabitEthernet0/0/2.10
dot1q termination vid 10
ip address [Link] [Link]
vrrp vrid 1 virtual-ip [Link]
vrrp vrid 1 priority 110
vrrp vrid 1 preempt-mode timer delay 60
arp broadcast enable
#
interface GigabitEthernet0/0/2.20
dot1q termination vid 20
ip address [Link] [Link]
vrrp vrid 2 virtual-ip [Link]
arp broadcast enable
#
interface GigabitEthernet2/0/0
#
interface GigabitEthernet2/0/1
ip address [Link] [Link]
qos gts cir 1000 cbs 25000
qos car outbound acl 3000 cir 1000 cbs 188000 pbs 313000 green pass yellow pass
red discard
nat outbound 2000 address-group 1
#
interface GigabitEthernet2/0/2
#
interface GigabitEthernet2/0/3
#
interface NULL0
#
interface LoopBack0
ip address [Link] [Link]
#
interface LoopBack1
ip address [Link] [Link]
#
bfd 1 bind peer-ip [Link] interface GigabitEthernet2/0/1 one-arm-echo
discriminator local 100
min-echo-rx-interval 40
commit
#
bgp 65000
peer [Link] as-number 100
peer [Link] as-number 100
#
ipv4-family unicast
undo synchronization
preference 120 255 255
import-route ospf 1 route-policy tag100
peer [Link] enable
peer [Link] enable
peer [Link] default-route-advertise
#
ospf 1 router-id [Link]
default-route-advertise
import-route bgp tag 200
silent-interface GigabitEthernet0/0/2.10
silent-interface GigabitEthernet0/0/2.20
area [Link]
network [Link] [Link]
network [Link] [Link]
network [Link] [Link]
network [Link] [Link]
#
route-policy tag100 deny node 10
if-match tag 100
#
route-policy tag100 permit node 999
#
ip route-static [Link] [Link] [Link] track bfd-session 1
#

*** CE2
[V200R003C00]
#
sysname CE2
#

#
time-range worktime 08:00 to 18:00 working-day
#
wlan ac-global carrier id other ac id 0
#
set cpu-usage threshold 80 restore 75
#
acl number 2000
rule 5 deny source [Link] 0
rule 10 permit source [Link] [Link]
rule 15 deny
#
acl number 3000
rule 5 permit tcp destination-port range 6881 6999 time-range worktime
#

#
nat address-group 1 [Link] [Link]
#
interface GigabitEthernet0/0/0
ip address [Link] [Link]
#
interface GigabitEthernet0/0/1
#
interface GigabitEthernet0/0/1.1
dot1q termination vid 1
ip address [Link] [Link]
arp broadcast enable
#
interface GigabitEthernet0/0/1.2
dot1q termination vid 2
ip address [Link] [Link]
arp broadcast enable
#
interface GigabitEthernet0/0/2
#
interface GigabitEthernet0/0/2.10
dot1q termination vid 10
ip address [Link] [Link]
vrrp vrid 1 virtual-ip [Link]
arp broadcast enable
#
interface GigabitEthernet0/0/2.20
dot1q termination vid 20
ip address [Link] [Link]
vrrp vrid 2 virtual-ip [Link]
vrrp vrid 2 priority 110
vrrp vrid 2 preempt-mode timer delay 60
arp broadcast enable
#
interface GigabitEthernet2/0/0
#
interface GigabitEthernet2/0/1
#
interface GigabitEthernet2/0/2
ip address [Link] [Link]
qos car outbound acl 3000 cir 1000 cbs 188000 pbs 313000 green pass yellow pass
red discard
nat server protocol tcp global [Link] ftp inside [Link] ftp
nat server protocol tcp global [Link] www inside [Link] www
nat outbound 2000 address-group 1
#
interface GigabitEthernet2/0/3
#
interface NULL0
#
interface LoopBack0
ip address [Link] [Link]
#
interface LoopBack1
ip address [Link] [Link]
#
bgp 65000
peer [Link] as-number 100
peer [Link] as-number 100
#
ipv4-family unicast
undo synchronization
preference 120 255 255
import-route ospf 1 route-policy tag200
peer [Link] enable
peer [Link] enable
peer [Link] default-route-advertise
#
ospf 1 router-id [Link]
default-route-advertise
import-route bgp tag 100
silent-interface GigabitEthernet0/0/2.10
silent-interface GigabitEthernet0/0/2.20
area [Link]
network [Link] [Link]
network [Link] [Link]
network [Link] [Link]
network [Link] [Link]
#
route-policy tag200 deny node 10
if-match tag 200
#
route-policy tag200 permit node 999
#
ip route-static [Link] [Link] [Link] track nqa yeslab test
#
nqa test-instance yeslab test
test-type icmp
destination-address ipv4 [Link]
frequency 3
start now
#

*** CE3

#
sysname CE3
#

#
interface Mp-group0/0/1
ip address [Link] [Link]
#

#
interface Pos5/0/0
link-protocol ppp
ppp mp Mp-group 0/0/1
#
interface Pos6/0/0
link-protocol ppp
ppp mp Mp-group 0/0/1
#
interface NULL0
#
interface LoopBack0
ip address [Link] [Link]
#
interface LoopBack1
ip address [Link] [Link]
#
ospf 1
area [Link]
network [Link] [Link]
network [Link] [Link]
network [Link] [Link]
#

*** CE4
[V200R003C00]
#
sysname CE4
#

#
ip vpn-instance 1
ipv4-family
route-distinguisher 100:144
#
acl number 3000
rule 5 permit ip destination [Link] [Link]
acl number 3001
rule 5 permit ip destination [Link] [Link]
acl number 3002
rule 5 permit ip destination [Link] [Link]
acl number 3003
rule 5 permit ip destination [Link] [Link]
#
traffic classifier Signal operator or
if-match acl 3001
traffic classifier Realtime operator or
if-match acl 3000
traffic classifier Office operator or
if-match acl 3003
traffic classifier Monitor operator or
if-match acl 3002
#
traffic behavior 100
remark 8021p 4
traffic behavior 000
remark 8021p 0
traffic behavior 011
remark 8021p 3
traffic behavior 101
remark 8021p 5
traffic behavior 010
remark 8021p 2
#
traffic policy mark
classifier Realtime behavior 101
classifier Signal behavior 100
classifier Monitor behavior 011
classifier Office behavior 010
classifier default-class behavior 000
#
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password cipher %$%$K8m.Nt84DZ}e#<0`8bmE3Uw}%$%$
local-user admin service-type http
#
firewall zone Local
priority 15
#
interface GigabitEthernet0/0/0
#
interface GigabitEthernet0/0/1
ip binding vpn-instance 1
ip address [Link] [Link]
traffic-policy mark outbound
#
interface GigabitEthernet0/0/2
#
interface NULL0
#
interface LoopBack0
ip binding vpn-instance 1
ip address [Link] [Link]
#
interface LoopBack1
ip binding vpn-instance 1
ip address [Link] [Link]
#
ospf 1 vpn-instance 1
dn-bit-check disable ase
area [Link]
network [Link] [Link]
network [Link] [Link]
network [Link] [Link]
#

*** PE1
sysname PE1
#
ipv6
#
router id [Link]
#
ip vpn-instance VPN_IN
ipv4-family
route-distinguisher 100:11
vpn-target 100:1 200:1 import-extcommunity
#
ip vpn-instance VPN_OUT
ipv4-family
route-distinguisher 100:111
vpn-target 200:1 export-extcommunity
#
mpls lsr-id [Link]
mpls
#
mpls ldp
#

#
isis 1
is-level level-2
cost-style wide
network-entity 47.0001.1720.1600.1001.00
#
ipv6 enable topology ipv6
#
#

#
interface Ip-Trunk1
ipv6 enable
ip address [Link] [Link]
ipv6 address [Link]/127
isis enable 1
isis ipv6 enable 1
isis cost 1500
mpls
mpls ldp

#
interface Serial0/0/0
link-protocol hdlc
ip-trunk 1
#
interface Serial0/0/1
link-protocol hdlc
ip-trunk 1
#

#
interface GigabitEthernet0/0/0
ipv6 enable
ip address [Link] [Link]
ipv6 address [Link]/127
isis enable 1
isis ipv6 enable 1
isis cost 20
mpls
mpls ldp
#
interface GigabitEthernet0/0/1
#
interface GigabitEthernet0/0/1.1
dot1q termination vid 10
ip binding vpn-instance VPN_IN
ip address [Link] [Link]
arp broadcast enable
#
interface GigabitEthernet0/0/1.2
dot1q termination vid 20
ip binding vpn-instance VPN_OUT
ip address [Link] [Link]
arp broadcast enable
#

#
interface LoopBack0
ipv6 enable
ip address [Link] [Link]
ipv6 address [Link]/128
isis enable 1
isis ipv6 enable 1
#
bgp 100
peer [Link] as-number 100
peer [Link] connect-interface LoopBack0
peer [Link] as-number 100
peer [Link] connect-interface LoopBack0
#
ipv4-family unicast
undo synchronization
peer [Link] enable
peer [Link] label-route-capability
#
ipv6-family unicast
undo synchronization
peer [Link] enable
#
ipv4-family vpnv4
policy vpn-target
peer [Link] enable
#
ipv4-family vpn-instance VPN_IN
peer [Link] as-number 65000
#
ipv4-family vpn-instance VPN_OUT
peer [Link] as-number 65000
peer [Link] allow-as-loop
#

*** PE2
sysname PE2
#
ipv6
#
router id [Link]
#
ip vpn-instance VPN_IN
ipv4-family
route-distinguisher 100:12
vpn-target 100:1 200:1 import-extcommunity
#
ip vpn-instance VPN_OUT
ipv4-family
route-distinguisher 100:122
vpn-target 200:1 export-extcommunity
#
mpls lsr-id [Link]
mpls
#
mpls ldp
#

#
isis 1
is-level level-2
cost-style wide
network-entity 47.0001.1720.1600.1020.00
#
ipv6 enable topology ipv6
#
#
interface GigabitEthernet0/0/0
ipv6 enable
ip address [Link] [Link]
ipv6 address [Link]/127
isis enable 1
isis ipv6 enable 1
isis cost 20
mpls
mpls ldp
#
interface GigabitEthernet0/0/1
#
interface GigabitEthernet0/0/1.1
dot1q termination vid 1
ip binding vpn-instance VPN_IN
ip address [Link] [Link]
arp broadcast enable
#
interface GigabitEthernet0/0/1.2
dot1q termination vid 2
ip binding vpn-instance VPN_OUT
ip address [Link] [Link]
arp broadcast enable
#
interface GigabitEthernet0/0/2
ipv6 enable
ip address [Link] [Link]
ipv6 address [Link]/127
isis enable 1
isis ipv6 enable 1
isis cost 1500
mpls
mpls ldp
#
interface GigabitEthernet0/0/3
#
wlan
#
interface NULL0
#
interface LoopBack0
ipv6 enable
ip address [Link] [Link]
ipv6 address [Link]/128
isis enable 1
isis ipv6 enable 1
#
bgp 100
peer [Link] as-number 100
peer [Link] connect-interface LoopBack0
peer [Link] as-number 100
peer [Link] connect-interface LoopBack0
#
ipv4-family unicast
undo synchronization
peer [Link] enable
peer [Link] label-route-capability
#
ipv6-family unicast
undo synchronization
peer [Link] enable
#
ipv4-family vpnv4
policy vpn-target
peer [Link] enable
#
ipv4-family vpn-instance VPN_IN
peer [Link] as-number 65000
#
ipv4-family vpn-instance VPN_OUT
peer [Link] as-number 65000
peer [Link] allow-as-loop
#

#
return
*** RR1
sysname RR1
#
ipv6
#
router id [Link]
#
mpls lsr-id [Link]
mpls
#
mpls ldp
#

#
isis 1
cost-style wide
network-entity 47.0001.1720.1600.1003.00
#
ipv6 enable topology ipv6
#

#
interface Ip-Trunk1
ipv6 enable
ip address [Link] [Link]
ipv6 address [Link]/127
isis enable 1
isis ipv6 enable 1
isis cost 1500
mpls
mpls ldp
#

#
interface Serial0/0/0
link-protocol hdlc
ip-trunk 1
#
interface Serial0/0/1
link-protocol hdlc
ip-trunk 1
#

#
interface GigabitEthernet0/0/0
ipv6 enable
ip address [Link] [Link]
ipv6 address [Link]/127
isis enable 1
isis ipv6 enable 1
isis cost 100
mpls
mpls ldp
#
interface GigabitEthernet0/0/1
ipv6 enable
ip address [Link] [Link]
ipv6 address [Link]/127
isis enable 1
isis ipv6 enable 1
isis cost 1000
mpls
mpls ldp
#

#
interface LoopBack0
ipv6 enable
ip address [Link] [Link]
ipv6 address [Link]/128
isis enable 1
isis ipv6 enable 1
#
bgp 100
peer [Link] as-number 100
peer [Link] connect-interface LoopBack0
peer [Link] as-number 100
peer [Link] connect-interface LoopBack0
peer [Link] as-number 100
peer [Link] connect-interface LoopBack0
peer [Link] as-number 100
peer [Link] connect-interface LoopBack0
peer [Link] as-number 200
peer [Link] ebgp-max-hop 255
peer [Link] connect-interface LoopBack0
peer [Link] as-number 100
peer [Link] connect-interface LoopBack0
peer [Link] as-number 100
peer [Link] connect-interface LoopBack0
peer [Link] as-number 100
peer [Link] connect-interface LoopBack0
peer [Link] as-number 100
peer [Link] as-number 100
peer [Link] connect-interface LoopBack0
peer [Link] as-number 100
peer [Link] connect-interface LoopBack0
peer [Link] as-number 100
peer [Link] connect-interface LoopBack0
#
ipv4-family unicast
undo synchronization
peer [Link] enable
peer [Link] reflect-client
peer [Link] label-route-capability
peer [Link] enable
peer [Link] reflect-client
peer [Link] enable
peer [Link] reflect-client
peer [Link] label-route-capability
peer [Link] enable
peer [Link] reflect-client
peer [Link] label-route-capability
undo peer [Link] enable
peer [Link] enable
peer [Link] reflect-client
peer [Link] label-route-capability
#
ipv6-family unicast
undo synchronization
peer [Link] enable
peer [Link] reflect-client
peer [Link] enable
peer [Link] reflect-client
peer [Link] enable
peer [Link] reflect-client
peer [Link] enable
peer [Link] reflect-client
peer [Link] enable
peer [Link] reflect-client
#
ipv4-family vpnv4
undo policy vpn-target
peer [Link] enable
peer [Link] next-hop-invariable
peer [Link] enable
peer [Link] next-hop-invariable
peer [Link] enable
peer [Link] next-hop-invariable
#

*** P1
sysname P1
#
ipv6
#
router id [Link]
#
mpls lsr-id [Link]
mpls
#
mpls ldp
#

#
isis 1
cost-style wide
timer lsp-generation 1 50 50 level-1
timer lsp-generation 1 50 50 level-2
network-entity 47.0001.1720.1600.1004.00
timer spf 1 100 100
#
ipv6 enable topology ipv6
#

#
interface GigabitEthernet0/0/0
ipv6 enable
ip address [Link] [Link]
ipv6 address [Link]/127
isis enable 1
isis ipv6 enable 1
isis cost 100
mpls
mpls ldp
#
interface GigabitEthernet0/0/1
ipv6 enable
ip address [Link] [Link]
ipv6 address [Link]/127
isis enable 1
isis ipv6 enable 1
isis cost 1000
mpls
mpls ldp
#
interface GigabitEthernet0/0/2
ipv6 enable
ip address [Link] [Link]
ipv6 address [Link]/127
isis enable 1
isis ipv6 enable 1
isis cost 1500
mpls
mpls ldp
#
interface GigabitEthernet0/0/3
#
wlan
#
interface NULL0
#
interface LoopBack0
ipv6 enable
ip address [Link] [Link]
ipv6 address [Link]/128
isis enable 1
isis ipv6 enable 1
#
bgp 100
peer [Link] as-number 100
peer [Link] connect-interface LoopBack0
peer [Link] as-number 100
peer [Link] connect-interface LoopBack0
#
ipv4-family unicast
undo synchronization
peer [Link] enable
#
ipv6-family unicast
undo synchronization
peer [Link] enable
#

*** ASBR1
sysname ASBR1
#
ipv6
#
router id [Link]
#
mpls lsr-id [Link]
mpls
#
mpls ldp
#

#
isis 1
is-level level-2
cost-style wide
network-entity 47.0002.1720.1600.1005.00
#
ipv6 enable topology ipv6
ipv6 import-route isis level-2 into level-1 filter-policy ipv6-prefix yeslab
#
#

#
interface GigabitEthernet0/0/0
ipv6 enable
ip address [Link] [Link]
ipv6 address [Link]/127
isis enable 1
isis ipv6 enable 1
isis cost 50
mpls
mpls ldp
#
interface GigabitEthernet0/0/1
ipv6 enable
ip address [Link] [Link]
ipv6 address [Link]/127
isis enable 1
isis ipv6 enable 1
isis cost 1000
mpls
mpls ldp
#
interface GigabitEthernet0/0/2
ipv6 enable
ip address [Link] [Link]
ipv6 address [Link]/127
#
interface GigabitEthernet0/0/3
#
wlan
#
interface NULL0
#
interface LoopBack0
ipv6 enable
ip address [Link] [Link]
ipv6 address [Link]/128
isis enable 1
isis ipv6 enable 1
#
bgp 100
peer [Link] as-number 200
peer [Link] as-number 100
peer [Link] connect-interface LoopBack0
peer [Link] as-number 100
peer [Link] connect-interface LoopBack0
peer [Link] as-number 200
#
ipv4-family unicast
undo synchronization
import-route isis 1 route-policy isis_bgp
peer [Link] enable
peer [Link] route-policy set_label export
peer [Link] label-route-capability
peer [Link] enable
peer [Link] route-policy if_set export
peer [Link] next-hop-local
peer [Link] label-route-capability
#
ipv6-family unicast
undo synchronization
aggregate [Link] 120 suppress-policy supp
import-route isis 1
peer [Link] enable
peer [Link] next-hop-local
peer [Link] enable
peer [Link] ipv6-prefix yeslab export
#
route-policy isis_bgp permit node 10
if-match ip-prefix loop0
#
route-policy set_label permit node 10
apply mpls-label
#
route-policy if_set permit node 10
if-match mpls-label
apply mpls-label
#
route-policy supp permit node 10
if-match ipv6 address prefix-list hcie
#
ip ip-prefix loop0 index 10 permit [Link] 24 greater-equal 32 less-equal 32
#
ip ipv6-prefix yeslab index 10 permit [Link] 12
8
ip ipv6-prefix hcie index 10 deny [Link] 128 gr
eater-equal 128 less-equal 128
ip ipv6-prefix hcie index 20 permit :: 0 greater-equal 128 less-equal 128

*** ASBR2
sysname ASBR2
#
ipv6
#
router id [Link]
#
mpls lsr-id [Link]
mpls
#
mpls ldp
#

#
isis 1
is-level level-2
cost-style wide
network-entity 47.0002.1720.1600.1006.00
#
ipv6 enable topology ipv6
ipv6 import-route isis level-2 into level-1 filter-policy ipv6-prefix yeslab
#

#
interface GigabitEthernet0/0/0
ipv6 enable
ip address [Link] [Link]
ipv6 address [Link]/127
isis enable 1
isis ipv6 enable 1
isis cost 50
mpls
mpls ldp
#
interface GigabitEthernet0/0/1
ipv6 enable
ip address [Link] [Link]
ipv6 address [Link]/127
isis enable 1
isis ipv6 enable 1
isis cost 1000
mpls
mpls ldp
#
interface GigabitEthernet0/0/2
ip address [Link] [Link]
#
interface GigabitEthernet0/0/3
#
wlan
#
interface NULL0
#
interface LoopBack0
ipv6 enable
ip address [Link] [Link]
ipv6 address [Link]/128
isis enable 1
isis ipv6 enable 1
#
bgp 100
peer [Link] as-number 200
peer [Link] as-number 100
peer [Link] connect-interface LoopBack0
#
ipv4-family unicast
undo synchronization
import-route isis 1 route-policy isis_bgp
peer [Link] enable
peer [Link] route-policy set_label export
peer [Link] label-route-capability
peer [Link] enable
peer [Link] route-policy if_set export
peer [Link] next-hop-local
peer [Link] label-route-capability
#
route-policy isis_bgp permit node 10
if-match ip-prefix loop0
#
route-policy set_label permit node 10
apply mpls-label
#
route-policy if_set permit node 10
if-match mpls-label
apply mpls-label
#
ip ip-prefix loop0 index 10 permit [Link] 24 greater-equal 32 less-equal 32
#
ip ipv6-prefix yeslab index 10 permit [Link] 12
8
#

*** ASBR3
[V200R003C00]
#
sysname ASBR3

#
ipv6
#
router id [Link]
#
wlan ac-global carrier id other ac id 0
#
set cpu-usage threshold 80 restore 75
#
mpls lsr-id [Link]
mpls
#
mpls ldp
#

#
isis 1
is-level level-2
cost-style wide
network-entity 49.0002.1720.1600.1007.00
#

#
interface GigabitEthernet0/0/0
ip address [Link] [Link]
isis enable 1
isis cost 100
mpls
mpls ldp
#
interface GigabitEthernet0/0/1
ip address [Link] [Link]
isis enable 1
isis cost 1000
mpls
mpls ldp
#
interface GigabitEthernet0/0/2
ipv6 enable
ip address [Link] [Link]
ipv6 address [Link]/127
#
interface NULL0
#
interface LoopBack0
ipv6 enable
ip address [Link] [Link]
ipv6 address [Link]/128
isis enable 1
#
bgp 200
peer [Link] as-number 100
peer [Link] as-number 200
peer [Link] connect-interface LoopBack0
peer [Link] as-number 100
#
ipv4-family unicast
undo synchronization
import-route isis 1 route-policy isis_bgp
peer [Link] enable
peer [Link] route-policy set_label export
peer [Link] label-route-capability
peer [Link] enable
peer [Link] route-policy if_set export
peer [Link] next-hop-local
peer [Link] label-route-capability
#
ipv6-family unicast
undo synchronization
network [Link] 128
peer [Link] enable
#
route-policy isis_bgp permit node 10
if-match ip-prefix loop0
#
route-policy if_set permit node 10
if-match mpls-label
apply mpls-label
#
route-policy set_label permit node 10
apply mpls-label
#
ip ip-prefix loop0 index 10 permit [Link] 24 greater-equal 32 less-equal 32
#
user-interface con 0
authentication-mode password
user-interface vty 0 4
user-interface vty 16 20
#

*** ASBR4
[V200R003C00]
#
sysname ASBR4
#

#
router id [Link]
#
wlan ac-global carrier id other ac id 0
#
set cpu-usage threshold 80 restore 75
#
mpls lsr-id [Link]
mpls
#
mpls ldp
#
#
isis 1
is-level level-2
cost-style wide
network-entity 49.0002.1720.1600.1008.00
#
firewall zone Local
priority 15
#
interface GigabitEthernet0/0/0
ip address [Link] [Link]
isis enable 1
isis cost 100
mpls
mpls ldp
#
interface GigabitEthernet0/0/1
ip address [Link] [Link]
isis enable 1
isis cost 1000
mpls
mpls ldp
#
interface GigabitEthernet0/0/2
ip address [Link] [Link]
#

#
interface LoopBack0
ip address [Link] [Link]
isis enable 1
#
bgp 200
peer [Link] as-number 100
peer [Link] as-number 200
peer [Link] connect-interface LoopBack0
#
ipv4-family unicast
undo synchronization
import-route isis 1 route-policy isis_bgp
peer [Link] enable
peer [Link] route-policy set_label export
peer [Link] label-route-capability
peer [Link] enable
peer [Link] route-policy if_set export
peer [Link] label-route-capability
#
route-policy isis_bgp permit node 10
if-match ip-prefix loop0
#
route-policy if_set permit node 10
if-match mpls-label
apply mpls-label
#
route-policy set_label permit node 10
apply mpls-label
#
ip ip-prefix loop0 index 10 permit [Link] 24 greater-equal 32 less-equal 32
#
user-interface con 0
authentication-mode password
user-interface vty 0 4
user-interface vty 16 20

*** RR2
[V200R003C00]
#
sysname RR2

#
router id [Link]
#
wlan ac-global carrier id other ac id 0
#
set cpu-usage threshold 80 restore 75
#
mpls lsr-id [Link]
mpls
#
mpls ldp
#

#
isis 1
is-level level-2
cost-style wide
network-entity 49.0002.1720.1600.1009.00
import-route ospf 1 inherit-cost route-policy import
#

#
interface GigabitEthernet0/0/0
ip address [Link] [Link]
isis enable 1
isis circuit-type p2p
isis cost 50
ospf cost 50
mpls
mpls ldp
#
interface GigabitEthernet0/0/1
ip address [Link] [Link]
isis enable 1
isis cost 1000
mpls
mpls ldp
#
interface GigabitEthernet0/0/2
ip address [Link] [Link]
ospf cost 1500
mpls
mpls ldp
#

#
interface LoopBack0
ip address [Link] [Link]
isis enable 1
#
bgp 200
peer [Link] as-number 200
peer [Link] connect-interface LoopBack0
peer [Link] as-number 100
peer [Link] ebgp-max-hop 255
peer [Link] connect-interface LoopBack0
peer [Link] as-number 200
peer [Link] connect-interface LoopBack0
peer [Link] as-number 200
peer [Link] connect-interface LoopBack0
peer [Link] as-number 200
peer [Link] connect-interface LoopBack0
peer [Link] as-number 200
peer [Link] connect-interface LoopBack0
#
ipv4-family unicast
undo synchronization
peer [Link] enable
peer [Link] reflect-client
peer [Link] label-route-capability
undo peer [Link] enable
peer [Link] enable
peer [Link] reflect-client
peer [Link] label-route-capability
peer [Link] enable
peer [Link] reflect-client
peer [Link] label-route-capability
peer [Link] enable
peer [Link] reflect-client
peer [Link] enable
peer [Link] reflect-client
peer [Link] label-route-capability
#
ipv4-family vpnv4
undo policy vpn-target
peer [Link] enable
peer [Link] next-hop-invariable
peer [Link] enable
peer [Link] next-hop-invariable
peer [Link] allow-as-loop
peer [Link] enable
peer [Link] next-hop-invariable
#
ospf 1
default cost inherit-metric type 1
import-route isis 1 type 1 route-policy import
preference ase route-policy tag200 150
area [Link]
network [Link] [Link]
network [Link] [Link]
network [Link] [Link]
#
route-policy import deny node 5
if-match tag 400
#
route-policy import permit node 10
if-match ip-prefix loop0
apply tag 400
#
route-policy tag200 permit node 10
if-match tag 200
apply preference 14
#
ip ip-prefix loop0 index 10 permit [Link] 16 greater-equal 32 less-equal 32
#
user-interface con 0
authentication-mode password
user-interface vty 0 4
user-interface vty 16 20
#

*** P2
[V200R003C00]
#
sysname P2
#

#
router id [Link]
#
wlan ac-global carrier id other ac id 0
#
set cpu-usage threshold 80 restore 75
#
mpls lsr-id [Link]
mpls
#
mpls ldp
#

isis 1
is-level level-2
cost-style wide
network-entity 49.0002.1720.1600.1010.00
import-route ospf 1 inherit-cost route-policy import
#
firewall zone Local
priority 15
#
interface GigabitEthernet0/0/0
ip address [Link] [Link]
isis enable 1
isis circuit-type p2p
isis cost 50
ospf cost 50
mpls
mpls ldp
#
interface GigabitEthernet0/0/1
ip address [Link] [Link]
isis enable 1
isis cost 1000
mpls
mpls ldp
#
interface GigabitEthernet0/0/2
ip address [Link] [Link]
ospf cost 1500
mpls
mpls ldp
#

#
interface LoopBack0
ip address [Link] [Link]
#
bgp 200
peer [Link] as-number 200
peer [Link] connect-interface LoopBack0
#
ipv4-family unicast
undo synchronization
peer [Link] enable
#
ospf 1
default cost inherit-metric type 1
import-route isis 1 type 1 route-policy import
preference ase route-policy tag200 150
area [Link]
network [Link] [Link]
network [Link] [Link]
network [Link] [Link]
#
route-policy import deny node 5
if-match tag 400
#
route-policy import permit node 10
if-match ip-prefix loop0
apply tag 400
#
route-policy tag200 permit node 10
if-match tag 200
apply preference 14
#
ip ip-prefix loop0 index 10 permit [Link] 16 greater-equal 32 less-equal 32
#

*** PE3
[V200R003C00]
#
sysname PE3

#
router id [Link]
#

#
ip vpn-instance VPN1
ipv4-family
route-distinguisher 100:13
vpn-target 100:1 export-extcommunity
vpn-target 200:1 import-extcommunity
#
mpls lsr-id [Link]
mpls
#
mpls ldp
#
#
acl number 2000
rule 5 permit source [Link] [Link]
acl number 2001
rule 5 permit source [Link] 0
acl number 2002
rule 5 permit source [Link] [Link]
acl number 2003
rule 5 permit source [Link] 0
#

#
interface Mp-group0/0/1
ip binding vpn-instance VPN1
ip address [Link] [Link]
#
interface GigabitEthernet0/0/0
ip address [Link] [Link]
ospf cost 20
ospf network-type p2p
mpls
mpls ldp
#
interface GigabitEthernet0/0/1
#
interface GigabitEthernet0/0/2
ip address [Link] [Link]
ospf cost 1500
mpls
mpls ldp
#

#
interface Pos5/0/0
link-protocol ppp
ppp mp Mp-group 0/0/1
#
interface Pos6/0/0
link-protocol ppp
ppp mp Mp-group 0/0/1
#
#
interface LoopBack0
ip address [Link] [Link]
#
bgp 200
peer [Link] as-number 200
peer [Link] connect-interface LoopBack0
#
ipv4-family unicast
undo synchronization
peer [Link] enable
peer [Link] label-route-capability
#
ipv4-family vpnv4
policy vpn-target
peer [Link] enable
peer [Link] route-policy lp import
#
ipv4-family vpn-instance VPN1
import-route ospf 2
#
ospf 1
area [Link]
network [Link] [Link]
network [Link] [Link]
network [Link] [Link]
#
ospf 2 vpn-instance VPN1
default-route-advertise
import-route bgp
area [Link]
network [Link] [Link]
#
route-policy lp permit node 10
if-match acl 2000
if-match ip next-hop acl 2001
apply local-preference 200
#
route-policy lp permit node 20
if-match acl 2002
if-match ip next-hop acl 2003
apply local-preference 200
#
route-policy lp permit node 999
#

*** PE4
[V200R003C00]
#
sysname PE4
#

#
router id [Link]
#
#
ip vpn-instance VPN1
ipv4-family
route-distinguisher 100:14
vpn-target 100:1 export-extcommunity
vpn-target 200:1 import-extcommunity
#
mpls lsr-id [Link]
mpls
#
mpls ldp
#
#
acl number 2000
rule 5 permit source [Link] [Link]
acl number 2001
rule 5 permit source [Link] 0
acl number 2002
rule 5 permit source [Link] [Link]
acl number 2003
rule 5 permit source [Link] 0
#
drop-profile CS4
wred dscp
dscp cs4 low-limit 70 high-limit 100 discard-percentage 50
drop-profile CS3
wred dscp
dscp cs3 low-limit 50 high-limit 90 discard-percentage 50
drop-profile CS2
wred dscp
dscp cs2 low-limit 50 high-limit 80 discard-percentage 50
drop-profile BE
wred dscp
dscp default low-limit 50 high-limit 80 discard-percentage 50
#
qos queue-profile qos
queue 0 weight 1
queue 2 weight 9
queue 3 weight 21
queue 4 weight 63
schedule wfq 0 to 4 pq 5
queue 0 drop-profile BE
queue 2 drop-profile CS2
queue 3 drop-profile CS3
queue 4 drop-profile CS4
#
qos map-table dot1p-dscp
input 5 output 46
#

#
interface GigabitEthernet0/0/0
ip address [Link] [Link]
qos queue-profile qos
ospf cost 20
ospf network-type p2p
mpls
mpls ldp
#
interface GigabitEthernet0/0/1
ip binding vpn-instance VPN1
ip address [Link] [Link]
trust 8021p override
#
interface GigabitEthernet0/0/2
ip address [Link] [Link]
qos queue-profile qos
ospf cost 1500
mpls
mpls ldp
#

#
interface LoopBack0
ip address [Link] [Link]
#
bgp 200
peer [Link] as-number 200
peer [Link] connect-interface LoopBack0
#
ipv4-family unicast
undo synchronization
peer [Link] enable
peer [Link] label-route-capability
#
ipv4-family vpnv4
policy vpn-target
peer [Link] enable
peer [Link] route-policy lp import
#
ipv4-family vpn-instance VPN1
import-route ospf 2
#
ospf 1
import-route direct type 1 route-policy yeslab
area [Link]
network [Link] [Link]
network [Link] [Link]
#
ospf 2 vpn-instance VPN1
default-route-advertise
import-route bgp
area [Link]
network [Link] [Link]
#
route-policy yeslab permit node 10
if-match ip-prefix loop0
apply tag 200
#
route-policy lp permit node 10
if-match acl 2000
if-match ip next-hop acl 2001
apply local-preference 200
#
route-policy lp permit node 20
if-match acl 2002
if-match ip next-hop acl 2003
apply local-preference 200
#
route-policy lp permit node 999
#
ip ip-prefix loop0 index 10 permit [Link] 32
#

*** LSW1
sysname LSW1
#
vlan 10
vlan 20
#
stp instance 10 root primary
stp instance 20 root secondary
#

#
stp region-configuration
region-name HUAWEI
revision-level 12
instance 10 vlan 10
instance 20 vlan 20
active region-configuration
#

#
interface Eth-Trunk12
port link-type trunk
undo port trunk allow-pass vlan 1
port trunk allow-pass vlan 2 to 4094
load-balance src-dst-mac
#

#
interface GigabitEthernet0/0/2
port link-type trunk
undo port trunk allow-pass vlan 1
port trunk allow-pass vlan 2 to 4094
stp edged-port enable
#

#
interface GigabitEthernet0/0/10
port link-type trunk
undo port trunk allow-pass vlan 1
port trunk allow-pass vlan 2 to 4094
#
interface GigabitEthernet0/0/11
port link-type trunk
undo port trunk allow-pass vlan 1
port trunk allow-pass vlan 2 to 4094
#

#
interface GigabitEthernet0/0/23
eth-trunk 12
#
interface GigabitEthernet0/0/24
eth-trunk 12
#

#
return
*** LSW2
sysname LSW2
#
vlan 10
vlan 20
#
stp instance 10 root secondary
stp instance 20 root primary
#

#
stp region-configuration
region-name HUAWEI
revision-level 12
instance 10 vlan 10
instance 20 vlan 20
active region-configuration
#

#
interface Eth-Trunk12
port link-type trunk
undo port trunk allow-pass vlan 1
port trunk allow-pass vlan 2 to 4094
load-balance src-dst-mac
#

#
interface GigabitEthernet0/0/3
port link-type trunk
undo port trunk allow-pass vlan 1
port trunk allow-pass vlan 2 to 4094
stp edged-port enable
#

#
interface GigabitEthernet0/0/10
port link-type trunk
undo port trunk allow-pass vlan 1
port trunk allow-pass vlan 2 to 4094
#
interface GigabitEthernet0/0/11
port link-type trunk
undo port trunk allow-pass vlan 1
port trunk allow-pass vlan 2 to 4094
#
#
interface GigabitEthernet0/0/23
eth-trunk 12
#
interface GigabitEthernet0/0/24
eth-trunk 12
#

return
*** LSW3
sysname LSW3
#
vlan 10
vlan 20
#

#
stp region-configuration
region-name HUAWEI
revision-level 12
instance 10 vlan 10
instance 20 vlan 20
active region-configuration
#

#
interface GigabitEthernet0/0/1
port link-type access
port default vlan 10
stp edged-port enable
#

#
interface GigabitEthernet0/0/10
port link-type trunk
undo port trunk allow-pass vlan 1
port trunk allow-pass vlan 2 to 4094
#
interface GigabitEthernet0/0/11
port link-type trunk
undo port trunk allow-pass vlan 1
port trunk allow-pass vlan 2 to 4094
#

*** LSW4
sysname LSW4
#
vlan 10
vlan 20
#

#
stp region-configuration
region-name HUAWEI
revision-level 12
instance 10 vlan 10
instance 20 vlan 20
active region-configuration
#

#
interface GigabitEthernet0/0/1
port link-type access
port defualt vlan 20
stp edged-port enable
#

#
interface GigabitEthernet0/0/10
port link-type trunk
undo port trunk allow-pass vlan 1
port trunk allow-pass vlan 2 to 4094
#
interface GigabitEthernet0/0/11
port link-type trunk
undo port trunk allow-pass vlan 1
port trunk allow-pass vlan 2 to 4094
#

#
return

You might also like