2018年华三杯山东省赛决赛实验
拓扑图
配置需求
请考生根据以下配置需求在 HCL中的设备上进行相关配置。
网络设备虚拟化
数据中心交换机需要实现虚拟化。支持的虚拟化技术 IRF,所配置的参数要求如下:
-
链形堆叠,IRF Domain 值为 10;
-
IRF1的 member ID 为 1,IRF2的 member ID 为 2;
-
IRF1为 IRF 中的主设备,优先级值为10;
虚拟局域网 VLAN
为了减少广播,需要规划并配置 VLAN。具体要求如下:
-
配置合理,链路上不允许不必要的数据流通过。
-
交换防火墙间的互连物理端口直接使用三层模式互连。
-
S1和 S2间的 G1/0/11 端口为 trunk 链路。
-
IRF(IRF1和IRF2)交换机的第23、24端口与S1和S2互连的23、24端口分别设置聚合。
链路聚合要求如下:
-
IRF、S1、S2聚合接口组分别为 1和2。
-
链路类型为 Trunk 类型 23,24。
-
链路上不允许不必要的数据流通过。
根据上述信息及表2-1,在交换机上完成 VLAN配置和端口分配。
表 2-1 VLAN 分配表
| 设备 | VLAN 编号 | VLAN 名称 | 端口划分 |
|---|---|---|---|
| IRF 1/IRF 2 | VLAN 10 | RD | 1 至 4 |
| VLAN 20 | Sales | 5 至 8 | |
| VLAN 30 | Supply | 9 至 12 | |
| VLAN 40 | Service | 13 至 16 |
IPv4 地址部署
根据表 2-2,为网络设备分配 IPv4 地址。
表2-2. IPv4 地址分配表
| 设备 | 接口 | IPv4 地址 |
|---|---|---|
| S 1 | VLAN 10 | 192.168.10.252/24 |
| VLAN 20 | 192.168.20.252/24 | |
| VLAN 30 | 192.168.30.252/24 | |
| VLAN 40 | 192.168.40.252/24 | |
| G 1/0/1 | 10.0.0.5/30 | |
| G 1/0/10 | 10.0.0.1/30 | |
| LoopBack 0 | 9.9.9.201/32 | |
| S 2 | Vlan 10 | 192.168.10.253/24 |
| Vlan 20 | 192.168.20.253/24 | |
| Vlan 30 | 192.168.30.253/24 | |
| Vlan 40 | 192.168.40.253/24 | |
| G 1/0/1 | 10.0.0.9/30 | |
| G 1/0/10 | 10.0.0.2/30 | |
| Fw | G 1/0/0 | 10.0.0.13/30 |
| G 1/0/1 | 10.0.0.6/30 | |
| G 1/0/2 | 10.0.0.10/30 | |
| LoopBack 0 | 9.9.9.2/32 | |
| LoopBack 100 | 192.16.100.254/24 |
OSPF 协议部署
总部使用 OSPF协议作为 IGP/内部网关协议以达到互通。具体要求如下:
-
OSPF 进程 10,总部为区域 0, router-id为 loopback0 口地址
-
要求业务网段中不出现协议报文
-
修改接口网络类型,加快 OSPF 收敛速度
-
为了管理方便,需要发布 Loopback地址;
IPv4 BGP 路由部署
总部与分部间使用 BGP 协议。具体要求如下:
-
分部为 AS200,总部为 AS100;
-
总部内 FW与 S1、S2 需要以 Lo 1、S2 需要以 LoopBack 0 为源地址使用对等体组 as100 建立 IBGP 连接;
-
总部与分部用物理接口建立 EBGP连接;
-
总部与分部用物理接口建立 EBGP 连接
-
配置BGP 的下一跳(NEXT_HOP)属性,以避免路由黑洞;
-
总部和分部的所有业务流必须通过 network 命令来发布
-
通过配置 BGP 路由优先级值为 80(EBGP)、100(IBGP)、130(本地 BGP) 从而避免路由环路。
-
分部向总部发布缺省路由。最终,要求全网路由互通。
防火墙安全域部署
FW上配置安全域和域间策略。具体要求如下:
-
FW1与 R1 互联接口处于 Untrust 安全域,其余接口处于 Trust 安全域;
-
配置域间策略,允许所有 IP流量通过
-
域间策略通过 ACL 实现,ACL 编号为 3100。
路由优化部署
在S1、S2上配置路由策略以达到路由优化目的。VLAN10、VLAN20 的数据流经过 S1-FW转发,当FW-S1 不可用时, 通过 S1-S2-FW 转发;VLAN30、VLAN40 的数据流经过S2-FW转发,当 S2-FW 不可用时,通过 S2-S1-FW 转发。
通过发布路由时配置 route-policy 来实现,具体要求如下: 本要求如下:
-
Route-policy名称为 12100,节点必须为 10、20、30等依此类推;
-
使用 ACL 来匹配路由,ACL 编号必须为 2001(对应 VLAN10、VLAN20 的路由)和 2002(对应VLAN30、 VLAN40 的路由) ;
-
policy 设定的 local-preference 值分别为 100和200(分别对应主路由和备路由)。
IPv6 路由配置
考虑到总部有部分主机需要通过IPv6访问总部防火墙,所以需要配置 IPv6 网络
地址分配如下表所示:
IPv6 地址分配表
| 设备 | 接口 | IPV6 地址 |
|---|---|---|
| S 1 | VLAN 10 | 2001:172:10::252/64 |
| VLAN 20 | 2001:172:20::252/64 | |
| VLAN 30 | 2001:172:30::252/64 | |
| VLAN 40 | 2001:172:40::252/64 | |
| G 1/0/1 | FE80:11::1 link-local | |
| G 1/0/10 | FE80:10::2 link-local | |
| S 2 | ||
| VLAN 10 | 2001:172:10::253/64 | |
| VLAN 20 | 2001:172:20::253/64 | |
| VLAN 30 | 2001:172:30::253/64 | |
| VLAN 40 | 2001:172:30::253/64 | |
| G 1/0/1 | FE80:12::1 link-local | |
| G 1/0/10 | FE80:10::1 link-local | |
| FW | G 1/0/1 | FE80:11::2 link-local |
| G 1/0/2 | FE80:12::2 link-local |
-
规划使用动态路由协议,所配置的参数要求如下:
-
使用 OSPFv3 路由协议,进程号为 100 ,区域为 0;
-
Router-id 用Loopback 0 接口 IP;
-
FW的域间策略与IPV4的相同;
-
IPV6 的ACL 编号为: 3100,允许所有 IPV6 流量通过;
-
VLAN 内主机(host) 使用无状态自动配置地址技术自动获得 IPv6前缀。
MSTP 及 VRRP 部署
在总部交换机 S1、S2、IRF 上配置 MSTP 防止二层环路;要求VLAN10、VLAN20 所有数据流经过 S1 转发,VLAN30、VLAN40 所有数据流经过S2 转发。所配置的参数要求如下:
-
region-name 为 H3C;
-
实例值为1和2
-
S1 作为实例1中的主根, S2作为从根;
在S1 和 S2 上配置 VRRP,实现主机的网关冗余。所配置的参数要求如表2-3
表 2-3 52 和 53 的 VRRP 参数表
| VLAN | VRRP 备份组号(VRID) | VRRP 虚拟 IP |
|---|---|---|
| VLAN10 | 10 | 192.168.10.254 |
| VLAN20 | 20 | 192.168.20.254 |
| VLAN30 | 30 | 192.168.30.254 |
| VLAN40 | 40 | 192.168.40.254 |
-
S1 作为 VLAN 10, VLAN 20 所有主机的实际网关, S2 作为备份网关;S2 作为 VLAN 30, VLAN 40 中所有主机的实际网关, S1 作为备份网关
-
各 VRRP组中高优先级设置为150,低优先级设置为 120。
设备配置
基础 IP 配置
//S1
Sys
Sysname S1
Vlan 10
Name RD
Vlan 20
Name Sales
Vlan 30
Name Supply
Vlan 40
Name Service
Quit
Int vlan 10
Ip add 192.168.10.252 24
Undo shutdown
Quit
Int vlan 20
Ip add 192.168.20.252 24
Undo shutdown
Quit
Int vlan 30
Ip add 192.168.30.252 24
Undo shutdown
Quit
Int vlan 40
Ip add 192.168.40.252 24
Undo shutdown
Quit
Int ge 1/0/1
Port link-mode route
Ip add 10.0.0.5 30
Undo shutdown
Quit
Int ge 1/0/10
Port link-mode route
Ip add 10.0.0.1 30
Undo shutdown
Quit
Int lo 0
Ip add 9.9.9.201 32
Quit
//S2
Sys
Sysname S2
Vlan 10
Name RD
Vlan 20
Name Sales
Vlan 30
Name Supply
Vlan 40
Name Service
Quit
Int vlan 10
Ip add 192.168.10.253 24
Undo shutdown
Quit
Int vlan 20
Ip add 192.168.20.253 24
Undo shutdown
Quit
Int vlan 30
Ip add 192.168.30.253 24
Undo shutdown
Quit
Int vlan 40
Ip add 192.168.40.253 24
Undo shutdown
Quit
Int ge 1/0/1
Port link-mode route
Ip add 10.0.0.9 30
Undo shutdown
Quit
Int ge 1/0/10
Port link-mode route
Ip add 10.0.0.2 30
Undo shutdown
Quit
Int lo 0
Ip add 9.9.9.202 32
Quit
//FW
Sys
Sysname FW
Int ge 1/0/0
Ip add 10.0.0.13 30
Undo shutdown
Quit
Int ge 1/0/1
Ip add 10.0.0.6 30
Undo shutdown
Quit
Int ge 1/0/2
Ip add 10.0.0.10 30
Undo shutdown
Quit
Int lo 0
Ip add 9.9.9.1 32
Int lo 100
Ip add 192.16.100.254 24
Quit
//R1
Sys
Sysname R 1
Int ge 0/0
Ip add 10.0.0.14 30
Undo shutdown
Quit
Int lo 0
Ip add 9.9.9.2 32
Quit
二层部分
IRF 堆叠
//IRF 1
Sys
Sysname IRF1
//IRF 2
Sys
Sysname IRF2
Irf member 1 renumber 2
Y
Quit
Save
Y
Reboot
//IRF 1
Sys
Irf domian 10
Int range ten-gi 1/0/50 ten-gi 1/0/51
Shutdown
Quit
Irf-port 1/1
Port group int ten-gi 1/0/50
Port group int ten-gi 1/0/51
Quit
Int range ten-gi 1/0/50 ten-gi 1/0/51
Undo shutdown
Quit
Irf member 1 priority 10
Save
Y
Irf-port-configuration active
//IRF 2
Sys
Irf domian 10
Int range ten-gi 2/0/50 ten-gi 2/0/51
Shutdown
Quit
Irf-port 2/2
Port group int ten-gi 2/0/50
Port group int ten-gi 2/0/51
Quit
Int range ten-gi 2/0/50 ten-gi 2/0/51
Undo shutdown
Quit
Save
Y
Irf-port-configuration active
VLAN 划分+VLAN 修剪+链路聚合
//IRF
Sys
Sysname IRF
Vlan 10
Name RD
Vlan 20
Name Sales
Vlan 30
Name Supply
Vlan 40
Name Service
Quit
Int bridge-aggregation 1
Quit
Int range ge 1/0/24 ge 2/0/24
Port link-aggregation group 1
Quit
Int bridge-aggregation 1
Port link-type trunk
Port trunk permit vlan 10 20 30 40
Quit
Int bridge-aggregation 2
Quit
Int range ge 1/0/23 ge 2/0/23
Port link-aggregation group 2
Quit
Int bridge-aggregation 2
Port link-type trunk
Port trunk permit vlan 10 20 30 40
Quit
Int range ge 1/0/1 to ge 1/0/4 ge 2/0/1 to ge 2/0/4
Port link-type access
Port access vlan 10
Quit
Int range ge 1/0/5 to ge 1/0/8 ge 2/0/5 to ge 2/0/8
Port link-type access
Port access vlan 20
Quit
Int range ge 1/0/9 to ge 1/0/12 ge 2/0/9 to ge 2/0/12
Port link-type access
Port access vlan 30
Quit
Int range ge 1/0/13 to ge 1/0/16 ge 2/0/13 to ge 2/0/16
Port link-type access
Port access vlan 10
Quit
//S 1
Sys
Int bridge-aggregation 1
Quit
Int range ge 1/0/23 ge 1/0/24
Port link-aggregation group 1
Quit
Int range bridge-aggregation 1 ge 1/0/11
Port link-type trunk
Port trunk permit vlan 10 20 30 40
Quit
//S 2
Sys
Int bridge-aggregation 2
Quit
Int range ge 1/0/23 ge 1/0/24
Port link-aggregation group 2
Quit
Int range bridge-aggregation 2 ge 1/0/11
Port link-type trunk
Port trunk permit vlan 10 20 30 40
Quit
MSTP +VRRP
//S 1
Sys
Stp mode mstp
Stp region
Region-name H 3 C
Instance 1 vlan 10 20
Instance 2 vlan 30 40
Active region-configuration
Quit
Stp instance 1 root primary
Stp instance 2 root secondary
Int vlan 10
Vrrp vrid 10 virtual-ip 192.168.10.254
Vrrp vrid 10 priority 150
Quit
Int vlan 20
Vrrp vrid 20 virtual-ip 192.168.20.254
Vrrp vrid 20 priority 150
Quit
Int vlan 30
Vrrp vrid 30 virtual-ip 192.168.30.254
Vrrp vrid 30 priority 120
Quit
Int vlan 40
Vrrp vrid 40 virtual-ip 192.168.40.254
Vrrp vrid 40 priority 120
Quit
//S 2
Sys
Stp mode mstp
Stp region
Region-name H 3 C
Instance 1 vlan 10 20
Instance 2 vlan 30 40
Active region-configuration
Quit
Stp instance 1 root secondary
Stp instance 2 root primary
Int vlan 10
Vrrp vrid 10 virtual-ip 192.168.10.254
Vrrp vrid 10 priority 120
Quit
Int vlan 20
Vrrp vrid 20 virtual-ip 192.168.20.254
Vrrp vrid 20 priority 120
Quit
Int vlan 30
Vrrp vrid 30 virtual-ip 192.168.30.254
Vrrp vrid 30 priority 150
Quit
Int vlan 40
Vrrp vrid 40 virtual-ip 192.168.40.254
Vrrp vrid 40 priority 150
Quit
//IRF
Sys
Stp mode mstp
Stp region
Region-name H 3 C
Instance 1 vlan 10 20 di
Instance 2 vlan 30 40
Active region-configuration
Quit
三层网络配置
防火墙安全部署
//FW
Sys
Security-zone name Trust
Import int ge 1/0/1
Import int ge 1/0/2
Quit
Security-zone name Untrust
Import int ge 1/0/0
Quit
Acl advanced 3100
Rule permit ip source any destination any
Quit
Zone-pair security source trust destination untrust
Packet-filter 3100
Quit
Zone-pair security source untrust destination trust
Packet-filter 3100
Quit
Zone-pair security source trust destination local
Packet-filter 3100
Quit
Zone-pair security source local destination trust
Packet-filter 3100
Quit
Zone-pair security source untrust destination local
Packet-filter 3100
Quit
Zone-pair security source local destination untrust
Packet-filter 3100
Quit
Ospf+接口 P 2 P
//S 1
Ospf 10 router-id 9.9.9.201
Silent-interface vlan 10
Silent-interface vlan 20
Silent-interface vlan 30
Silent-interface vlan 40
Area 0
Network 9.9.9.201 0.0.0.0
Network 10.0.0.4 0.0.0.3
Network 10.0.0.0 0.0.0.3
Network 192.168.10.0 0.0.0.255
Network 192.168.20.0 0.0.0.255
Network 192.168.30.0 0.0.0.255
Network 192.168.40.0 0.0.0.255
Quit
Quit
Int range ge 1/0/1 ge 1/0/10
Ospf network-type p 2 p
Quit
//S 2
Ospf 10 router-id 9.9.9.202
Silent-interface vlan 10
Silent-interface vlan 20
Silent-interface vlan 30
Silent-interface vlan 40
Area 0
Network 9.9.9.202 0.0.0.0
Network 10.0.0.8 0.0.0.3
Network 10.0.0.0 0.0.0.3
Network 192.168.10.0 0.0.0.255
Network 192.168.20.0 0.0.0.255
Network 192.168.30.0 0.0.0.255
Network 192.168.40.0 0.0.0.255
Quit
Quit
Int range ge 1/0/1 ge 1/0/10
Ospf network-type p 2 p
Quit
//FW
Ospf 10 router-id 9.9.9.1
Area 0
Network 9.9.9.1 0.0.0.0
Network 10.0.0.8 0.0.0.3
Network 10.0.0.4 0.0.0.3
Quit
Quit
Int range ge 1/0/1 ge 1/0/2
Ospf network-type p 2 p
Quit
BGP 路由部署
BGP 邻居建立+next-hop-local
//FW
Sys
Bgp 100
Peer 9.9.9.201 as 100
Peer 9.9.9.201 connect-int lo 0
Peer 9.9.9.202 as 100
Peer 9.9.9.202 connect-int lo 0
Peer 10.0.0.14 as 200
Address ipv 4 unicast
Peer 9.9.9.201 enable
Peer 9.9.9.202 enable
Peer 10.0.0.14 enable
Peer 9.9.9.201 next-hop-local
Peer 9.9.9.202 next-hop-local
Network 9.9.9.1 255.255.255.255
Quit
Quit
//S 1
Sys
Bgp 100
Peer 9.9.9.1 as 100
Peer 9.9.9.1 connect-int lo 0
Address ipv 4 unicast
Peer 9.9.9.1 enable
Quit
Quit
//S 2
Sys
Bgp 100
Peer 9.9.9.1 as 100
Peer 9.9.9.1 connect-int lo 0
Address ipv 4 unicast
Peer 9.9.9.1 enable
Quit
Quit
//R 1
Sys
Bgp 200
Peer 10.0.0.13 as 100
Address ipv 4 unicast
Peer 10.0.0.13 enable
Network 9.9.9.2 255.255.255.255
Network 192.16.100.0 255.255.255.0
Quit
Quit
BGP 路由策略+发布缺省路由
//S 1
Sys
Route-policy 12000 permit node 10
If-match as 200
Apply local-preference 80
Quit
Route-policy 12000 permit node 20
If-match as 100
Apply local-preference 100
Quit
Bgp 100
Address ipv 4 unicast
Peer 9.9.9.1 route-policy 12000 im
Default local-preference 130
Quit
Quit
//S 2
Sys
Route-policy 12000 permit node 10
If-match as 200
Apply local-preference 80
Quit
Route-policy 12000 permit node 20
If-match as 100
Apply local-preference 100
Quit
Bgp 100
Address ipv 4 unicast
Peer 9.9.9.1 route-policy 12000 im
Default local-preference 130
Quit
Quit
//FW
Sys
Route-policy 12000 permit node 10
If-match as 200
Apply local-preference 80
Quit
Route-policy 12000 permit node 20
If-match as 100
Apply local-preference 100
Quit
Bgp 100
Address ipv 4 unicast
Peer 9.9.9.201 route-policy 12000 im
Peer 9.9.9.202 route-policy 12000 im
Peer 10.0.0.14 route-policy 12000 im
Default local-preference 130
Quit
Quit
//R 1
Sys
Route-policy 12000 permit node 10
If-match as 200
Apply local-preference 80
Quit
Route-policy 12000 permit node 20
If-match as 100
Apply local-preference 100
Quit
Bgp 200
Address ipv 4 unicast
Peer 10.0.0.13 route-policy 12000 im
Default local-preference 130
Peer 10.0.0.13 default-route-advertise
Quit
Quit
路由优化部署
//S 1
Sys
Acl basic 2001
Rule 5 permit source 192.168.10.0 0.0.0.255
Rule 10 permit source 192.168.20.0 0.0.0.255
Quit
Acl basic 2002
Rule 5 permit source 192.168.30.0 0.0.0.255
Rule 10 permit source 192.168.40.0 0.0.0.255
Quit
Route-policy 12100 permit node 10
If-match ip address acl 2001
Apply local-preference 200
Quit
Route-policy 12100 permit node 20
If-match ip address acl 2002
Apply local-preference 100
Quit
Bgp 100
Address ipv 4 unicast
Import direct route-policy 12100
Quit
Quit
//S 2
Sys
Acl basic 2001
Rule 5 permit source 192.168.10.0 0.0.0.255
Rule 10 permit source 192.168.20.0 0.0.0.255
Quit
Acl basic 2002
Rule 5 permit source 192.168.30.0 0.0.0.255
Rule 10 permit source 192.168.40.0 0.0.0.255
Quit
Route-policy 12100 permit node 10
If-match ip address acl 2001
Apply local-preference 100
Quit
Route-policy 12100 permit node 20
If-match ip address acl 2002
Apply local-preference 200
Quit
Bgp 100
Address ipv 4 unicast
Import direct route-policy 12100
Quit
Quit
IPv 6 路由配置
IPv 6 地址配置
//S 1
Sys
Int vlan 10
ipv6 add 2001:172:10:: 252 64
Undo shutdown
Quit
Int vlan 20
ipv6 add 2001:172:20:: 252 64
Undo shutdown
Quit
Int vlan 30
ipv6 add 2001:172:30:: 252 64
Undo shutdown
Quit
Int vlan 40
ipv6 add 2001:172:40:: 252 64
Undo shutdown
Quit
Int ge 1/0/1
ipv6 add FE80:11:: 1 link-local
Undo shutdown
Quit
Int ge 1/0/10
ipv6 add FE80:10:: 2 link-local
Undo shutdown
Quit
//S 2
Sys
Int vlan 10
ipv6 add 2001:172:10:: 253 64
Undo shutdown
Quit
Int vlan 20
ipv6 add 2001:172:20:: 253 64
Undo shutdown
Quit
Int vlan 30
ipv6 add 2001:172:30:: 253 64
Undo shutdown
Quit
Int vlan 40
ipv6 add 2001:172:40:: 253 64
Undo shutdown
Quit
Int ge 1/0/1
ipv6 add FE80:12:: 1 link-local
Undo shutdown
Quit
Int ge 1/0/10
ipv6 add FE80:10:: 1 link-local
Undo shutdown
Quit
//FW
Sys
Int ge 1/0/1
ipv6 add FE80:11:: 2 link-local
Undo shutdown
Quit
Int ge 1/0/2
ipv6 add FE80:12:: 2 link-local
Undo shutdown
Quit
VRRPv3
//S 1
Sys
Int vlan 10
Vrrp ipv6 vrid 10 virtual-ip FE80:: 10 link-local
vrrp ipv6 vrid 10 virtual-ip 20 01:172:10::254
Vrrp ipv6 vrid 10 priority 150
Quit
Int vlan 20
Vrrp ipv6 vrid 20 virtual-ip FE80:: 20 link-local
vrrp ipv 6 vrid 20 virtual-ip 20 01:172:20::254
Vrrp ipv 6 vrid 20 priority 150
Quit
Int vlan 30
Vrrp ipv6 vrid 30 virtual-ip FE80:: 30 link-local
vrrp ipv6 vrid 30 virtual-ip 20 01:172:30::254
Vrrp ipv6 vrid 30 priority 120
Quit
Int vlan 40
Vrrp ipv6 vrid 40 virtual-ip FE80:: 40 link-local
vrrp ipv6 vrid 40 virtual-ip 20 01:172:40::254
Vrrp ipv6 vrid 40 priority 120
Quit
//S 2
Sys
Int vlan 10
Vrrp ipv6 vrid 10 virtual-ip FE80:: 10 link-local
vrrp ipv6 vrid 10 virtual-ip 20 01:172:10::254
Vrrp ipv6 vrid 10 priority 120
Quit
Int vlan 20
Vrrp ipv6 vrid 20 virtual-ip FE80:: 20 link-local
vrrp ipv6 vrid 20 virtual-ip 20 01:172:20::254
Vrrp ipv6 vrid 20 priority 120
Quit
Int vlan 30
Vrrp ipv6 vrid 30 virtual-ip FE80:: 30 link-local
vrrp ipv6 vrid 30 virtual-ip 20 01:172:30::254
Vrrp ipv6 vrid 30 priority 150
Quit
Int vlan 40
Vrrp ipv6 vrid 40 virtual-ip FE80:: 40 link-local
vrrp ipv6 vrid 40 virtual-ip 20 01:172:40::254
Vrrp ipv6 vrid 40 priority 150
Quit
OSPFv3
//S 1
Sys
Ospfv 3 100
Router-id 9.9.9.201
Silent-interface vlan 10
Silent-interface vlan 20
Silent-interface vlan 30
Silent-interface vlan 40
Area 0
Quit
Int range vlan 10 vlan 20 vlan 30 vlan 40 ge 1/0/1 ge 1/0/10
Ospfv 3 100 area 0
Quit
//S 2
Sys
Ospfv 3 100
Router-id 9.9.9.202
Silent-interface vlan 10
Silent-interface vlan 20
Silent-interface vlan 30
Silent-interface vlan 40
Area 0
Quit
Int range vlan 10 vlan 20 vlan 30 vlan 40 ge 1/0/1 ge 1/0/10
Ospfv 3 100 area 0
Quit
//FW
Sys
Ospfv 3 100
Router-id 9.9.9.1
Area 0
Quit
Int range ge 1/0/1 ge 1/0/2
Ospfv 3 100 area 0
Quit
基于 IPv 6 的 FW 域间策略
//FW
Sys
Acl ipv6 advanced 3100
Rule permit ipv6 source any destination any
Quit
Zone-pair security source trust destination untrust
Packet-filter ipv6 3100
Quit
Zone-pair security source untrust destination trust
Packet-filter ipv6 3100
Quit
Zone-pair security source trust destination local
Packet-filter ipv6 3100
Quit
Zone-pair security source local destination trust
Packet-filter ipv6 3100
Quit
Zone-pair security source untrust destination local
Packet-filter ipv6 3100
Quit
Zone-pair security source local destination untrust
Packet-filter ipv6 3100
Quit
IPv 6 无状态自动获取 IPv 6 前缀
//S 1
Sys
Int range vlan 10 vlan 20 vlan 30 vlan 40
Ipv6 address auto
Quit
//S 2
Sys
Int range vlan 10 vlan 20 vlan 30 vlan 40
Ipv6 address auto
Quit
