综合项目实施需求分析（共计70分）//含配置文件某公司总部设在，分别在市、市设有分支机构，根据公司业务不断发展需要，公司要进行信息化建设，完成总部与分支机构的互通互联，保证通信网络的安全可靠传输。

项目拓扑图：项目需求如下：1、要现总部与分公司和分公司互通互联，总部包含vlan2 和vlan 3两个虚拟局域网，分公司包含vlan 4和vlan5两个虚拟局域网，分公司包含vlan6和vlan7两个虚拟局域网。

（10分）2、根据项目拓扑图合理规划ip地址，包括（设备的管理ip、设备互联ip地址、vlan子网ip地址、ospf router id的规划），提交ip地址规划文档。

要求在192.168.1.0/24的这个网段上划分6个子网，分别分配给以上6个虚拟局域网使用。

（10分）3、总部要现双核心双链路互联（eth-trunk技术），保证链路级可靠性和网关级可靠性（mstp+vrrp技术）。

（10分）4、总部到分支机构采用ppp链路互联，并且实现设备的认证（chap认证技术）。

（10分）5、总部到分支机构采用FR帧中继链路互联，总部端设为DCE端，分公司设为DTE端。

（10分）6、分支机构部互通互联，分支机构部互通互联。

（10分）7、全网使用ospf路由协议完成全网路由，其中总部划分在area 0区域、分公司划分在area 1区域并且设置成为totally stub区域、分公司划分在area 2区域并且设置成为totally stub区域。

（10分）二、踩坑注意点：1、totally Stub 需要用HCNP中的OSPF特殊区域知识点；2、帧中继默认属于非广播型网络，在配置OSPF的时候，需要配置静态映射，并广播。

同时在OSPF中手动添加邻居。

三、配置文件：《herb-AR0》#sysname herb_AR0#router id 3.3.3.3#aaaauthentication-scheme defaultauthorization-scheme defaultaccounting-scheme defaultdomain defaultdomain default_adminlocal-user admin password cipher 7GbD!EkMQ%]l3D+mKgUl>k# local-user admin service-type httplocal-user huawei password cipher Izn3*-jWu1dlx3Fo4OGL7/# local-user huawei service-type ppp#firewall zone Localpriority 16#interface Ethernet0/0/0#interface Ethernet0/0/1#interface Serial0/0/0link-protocol pppppp authentication-mode chapip address 192.168.3.253 255.255.255.252#interface Serial0/0/1link-protocol frfr interface-type dcefr dlci 100fr map ip 192.168.4.254 100 broadcastfastfeelingip address 192.168.4.253 255.255.255.252#interface Serial0/0/2link-protocol ppp#interface Serial0/0/3link-protocol ppp#interface GigabitEthernet0/0/0description herb_AR0 to herb_s5700-lsw0ip address 192.168.1.254 255.255.255.252#interface GigabitEthernet0/0/1description herb_AR0 to herb_s5700-lsw1ip address 192.168.2.254 255.255.255.252#interface GigabitEthernet0/0/2#interface GigabitEthernet0/0/3#wlan#interface NULL0#interface LoopBack0ip address 10.1.1.1 255.255.255.0 #ospf 1peer 192.168.4.254area 0.0.0.0network 192.168.1.254 0.0.0.0 network 192.168.2.254 0.0.0.0 network 10.1.1.1 0.0.0.0area 0.0.0.1network 192.168.3.253 0.0.0.0 stub no-summaryarea 0.0.0.2network 192.168.4.253 0.0.0.0 stub no-summary#user-interface con 0user-interface vty 0 4user-interface vty 16 20#Return《herb-lsw0》#sysname herb_s5700-lsw0#router id 1.1.1.1#vlan batch 2 to 3 100#stp instance 1 root primarystp instance 2 root secondary#cluster enablentdp enablendp enable#drop illegal-mac alarm#dhcp enable#diffserv domain default#stp region-configurationregion-name RG1instance 1 vlan 2instance 2 vlan 3active region-configuration#drop-profile default#aaaauthentication-scheme defaultauthorization-scheme defaultaccounting-scheme defaultdomain defaultdomain default_adminlocal-user admin password simple adminlocal-user admin service-type http#interface Vlanif1#interface Vlanif2ip address 192.168.1.2 255.255.255.224vrrp vrid 1 virtual-ip 192.168.1.1vrrp vrid 1 priority 120vrrp vrid 1 track interface GigabitEthernet0/0/1 reduced 60 dhcp select interfacedhcp server excluded-ip-address 192.168.1.3dhcp server lease day 3 hour 0 minute 0dhcp server dns-list 192.168.1.1#interface Vlanif3ip address 192.168.1.34 255.255.255.224vrrp vrid 1 virtual-ip 192.168.1.33dhcp select interfacedhcp server excluded-ip-address 192.168.1.35dhcp server lease day 3 hour 0 minute 0 dhcp server dns-list 192.168.1.33#interface Vlanif100ip address 192.168.1.253 255.255.255.252 #interface MEth0/0/1#interface Eth-Trunk1port link-type trunkport trunk allow-pass vlan 2 to 3stp root-protection#interface GigabitEthernet0/0/1port link-type accessport default vlan 100#interface GigabitEthernet0/0/2 description s5700-lsw0-to-AR1200-AR0 port link-type accessport default vlan 100#interface GigabitEthernet0/0/3port link-type trunkport trunk allow-pass vlan 2 to 4094#interface GigabitEthernet0/0/4eth-trunk 1#interface GigabitEthernet0/0/5eth-trunk 1#interface GigabitEthernet0/0/6#interface GigabitEthernet0/0/7#interface GigabitEthernet0/0/8#interface GigabitEthernet0/0/9#interface GigabitEthernet0/0/10#interface GigabitEthernet0/0/11#interface GigabitEthernet0/0/12#interface GigabitEthernet0/0/13#interface GigabitEthernet0/0/14#interface GigabitEthernet0/0/15#interface GigabitEthernet0/0/16#interface GigabitEthernet0/0/17#interface GigabitEthernet0/0/18#interface GigabitEthernet0/0/19#interface GigabitEthernet0/0/20#interface GigabitEthernet0/0/21#interface GigabitEthernet0/0/22#interface GigabitEthernet0/0/23description hero_s5700_lsw0 to hero_s3700_lsw2 port link-type trunkport trunk allow-pass vlan 2 to 3#interface GigabitEthernet0/0/24#interface NULL0#ospf 1area 0.0.0.0description baerb_zongbu_area0network 192.168.1.253 0.0.0.0network 192.168.1.0 0.0.0.31network 192.168.1.32 0.0.0.31#user-interface con 0user-interface vty 0 4#Return《herb-lsw1》#sysname herb_s5700-lsw1#router id 2.2.2.2#vlan batch 2 to 3 200#stp instance 1 root secondarystp instance 2 root primary#cluster enablentdp enablendp enable#drop illegal-mac alarm#dhcp enable#diffserv domain default#stp region-configurationregion-name RG1instance 1 vlan 2instance 2 vlan 3active region-configuration#drop-profile default#aaaauthentication-scheme default authorization-scheme default accounting-scheme defaultdomain defaultdomain default_adminlocal-user admin password simple admin local-user admin service-type http#interface Vlanif1#interface Vlanif2ip address 192.168.1.3 255.255.255.224vrrp vrid 1 virtual-ip 192.168.1.1vrrp vrid 1 track interface GigabitEthernet0/0/1 reduced 60 dhcp select interfacedhcp server excluded-ip-address 192.168.1.2dhcp server lease day 3 hour 0 minute 0dhcp server dns-list 192.168.1.1#interface Vlanif3ip address 192.168.1.35 255.255.255.224vrrp vrid 1 virtual-ip 192.168.1.33vrrp vrid 1 priority 120vrrp vrid 1 track interface GigabitEthernet0/0/1 reduced 60 dhcp select interfacedhcp server excluded-ip-address 192.168.1.34dhcp server lease day 3 hour 0 minute 0dhcp server dns-list 192.168.1.33#interface Vlanif200ip address 192.168.2.253 255.255.255.252#interface MEth0/0/1#interface Eth-Trunk1port link-type trunkport trunk allow-pass vlan 2 to 3#interface GigabitEthernet0/0/1port link-type accessport default vlan 200#interface GigabitEthernet0/0/2#interface GigabitEthernet0/0/3#interface GigabitEthernet0/0/4eth-trunk 1#interface GigabitEthernet0/0/5eth-trunk 1#interface GigabitEthernet0/0/6#interface GigabitEthernet0/0/7#interface GigabitEthernet0/0/8#interface GigabitEthernet0/0/9#interface GigabitEthernet0/0/10#interface GigabitEthernet0/0/11#interface GigabitEthernet0/0/12#interface GigabitEthernet0/0/13#interface GigabitEthernet0/0/14#interface GigabitEthernet0/0/15#interface GigabitEthernet0/0/16#interface GigabitEthernet0/0/17#interface GigabitEthernet0/0/18#interface GigabitEthernet0/0/19#interface GigabitEthernet0/0/20#interface GigabitEthernet0/0/21#interface GigabitEthernet0/0/22#interface GigabitEthernet0/0/23#interface GigabitEthernet0/0/24port link-type trunkport trunk allow-pass vlan 2 to 4094 #interface NULL0#ospf 1area 0.0.0.0network 192.168.2.253 0.0.0.0 network 192.168.1.0 0.0.0.31 network 192.168.1.32 0.0.0.31#user-interface con 0user-interface vty 0 4#Return《herb-lsw2》#sysname herb_s3700_lsw2#vlan batch 2 to 3#cluster enablentdp enablendp enable#drop illegal-mac alarm#diffserv domain default#stp region-configurationregion-name RG1instance 1 vlan 2instance 2 vlan 3active region-configuration#drop-profile default#aaaauthentication-scheme default authorization-scheme default accounting-scheme defaultdomain defaultdomain default_adminlocal-user admin password simple admin local-user admin service-type http#interface Vlanif1#interface MEth0/0/1#interface Ethernet0/0/1port link-type accessport default vlan 2#interface Ethernet0/0/2 port link-type access port default vlan 3#interface Ethernet0/0/3 #interface Ethernet0/0/4 #interface Ethernet0/0/5 #interface Ethernet0/0/6 #interface Ethernet0/0/7 #interface Ethernet0/0/8 #interface Ethernet0/0/9 #interface Ethernet0/0/10 #interface Ethernet0/0/11 #interface Ethernet0/0/12 #interface Ethernet0/0/13 #interface Ethernet0/0/14 #interface Ethernet0/0/15 #interface Ethernet0/0/16 #interface Ethernet0/0/17 #interface Ethernet0/0/18 #interface Ethernet0/0/19 #interface Ethernet0/0/20 #interface Ethernet0/0/21 #interface Ethernet0/0/22#interface GigabitEthernet0/0/1port link-type trunkport trunk allow-pass vlan 2 to 3#interface GigabitEthernet0/0/2port link-type trunkport trunk allow-pass vlan 2 to 3#interface NULL0#user-interface con 0user-interface vty 0 4#port-group disc#Return《changc-AR1》#sysname changc-AR1#router id 4.4.4.4#aaaauthentication-scheme defaultauthorization-scheme defaultaccounting-scheme defaultdomain defaultdomain default_adminlocal-user admin password cipher OOCM4m($F4ajUn1vMEIBNUw# local-user admin service-type http#firewall zone Localpriority 16#interface Ethernet0/0/0#interface Ethernet0/0/1#interface Serial0/0/0link-protocol pppppp chap user huaweippp chap password cipher JS,[51EA,'%B,.\#C3YB91!! ip address 192.168.3.254 255.255.255.252#interface Serial0/0/1link-protocol ppp#interface Serial0/0/2link-protocol ppp#interface Serial0/0/3link-protocol ppp#interface GigabitEthernet0/0/0ip address 192.168.5.254 255.255.255.252#interface GigabitEthernet0/0/1#interface GigabitEthernet0/0/2#interface GigabitEthernet0/0/3#wlan#interface NULL0#interface LoopBack0ip address 10.1.1.2 255.255.255.0#ospf 1area 0.0.0.1network 192.168.5.254 0.0.0.0network 10.1.1.2 0.0.0.0network 192.168.3.254 0.0.0.0stub no-summary#user-interface con 0user-interface vty 0 4user-interface vty 16 20#Return《changc-lsw4》#sysname changc-lsw4#router id 5.5.5.5#vlan batch 4 to 5 300#cluster enablentdp enablendp enable#drop illegal-mac alarm#dhcp enable#diffserv domain default#drop-profile default#aaaauthentication-scheme default authorization-scheme default accounting-scheme defaultdomain defaultdomain default_adminlocal-user admin password simple admin local-user admin service-type http#interface Vlanif1#interface Vlanif4ip address 192.168.1.65 255.255.255.224 dhcp select interfacedhcp server dns-list 192.168.1.65#interface Vlanif5ip address 192.168.1.97 255.255.255.224 dhcp select interfacedhcp server dns-list 192.168.1.97#interface Vlanif300ip address 192.168.5.253 255.255.255.252interface MEth0/0/1#interface Ethernet0/0/1 port link-type access port default vlan 4#interface Ethernet0/0/2 port link-type access port default vlan 5#interface Ethernet0/0/3 #interface Ethernet0/0/4 #interface Ethernet0/0/5 #interface Ethernet0/0/6 #interface Ethernet0/0/7 #interface Ethernet0/0/8 #interface Ethernet0/0/9 #interface Ethernet0/0/10 #interface Ethernet0/0/11 #interface Ethernet0/0/12 #interface Ethernet0/0/13 #interface Ethernet0/0/14 #interface Ethernet0/0/15 #interface Ethernet0/0/16 #interface Ethernet0/0/17 #interface Ethernet0/0/18 #interface Ethernet0/0/19interface Ethernet0/0/20#interface Ethernet0/0/21#interface Ethernet0/0/22#interface GigabitEthernet0/0/1port link-type accessport default vlan 300#interface GigabitEthernet0/0/2#interface NULL0#ospf 1area 0.0.0.1network 192.168.5.253 0.0.0.0network 192.168.1.64 0.0.0.31network 192.168.1.96 0.0.0.3stub no-summary#user-interface con 0user-interface vty 0 4#Return《shengy-AR2》#sysname shengy-AR2#router id 6.6.6.6#aaaauthentication-scheme defaultauthorization-scheme defaultaccounting-scheme defaultdomain defaultdomain default_adminlocal-user admin password cipher OOCM4m($F4ajUn1vMEIBNUw# local-user admin service-type http#firewall zone Localpriority 16#interface Ethernet0/0/0#interface Ethernet0/0/1#interface Serial0/0/0link-protocol frfr dlci 100fr map ip 192.168.4.253 100 broadcastip address 192.168.4.254 255.255.255.252 #interface Serial0/0/1link-protocol ppp#interface Serial0/0/2link-protocol ppp#interface Serial0/0/3link-protocol ppp#interface GigabitEthernet0/0/0ip address 192.168.6.254 255.255.255.252 #interface GigabitEthernet0/0/1#interface GigabitEthernet0/0/2#interface GigabitEthernet0/0/3#wlan#interface NULL0#ospf 1peer 192.168.4.253area 0.0.0.2network 192.168.6.254 0.0.0.0 network 192.168.4.254 0.0.0.0stub no-summary#user-interface con 0user-interface vty 0 4user-interface vty 16 20#Return《shengy-lsw5》#sysname shengy-LSW5#router id 7.7.7.7#vlan batch 6 to 7 400#cluster enablentdp enablendp enable#drop illegal-mac alarm#dhcp enable#diffserv domain default#drop-profile default#aaaauthentication-scheme default authorization-scheme default accounting-scheme defaultdomain defaultdomain default_adminlocal-user admin password simple admin local-user admin service-type http#interface Vlanif1#interface Vlanif6ip address 192.168.1.129 255.255.255.224 dhcp select interfacedhcp server dns-list 192.168.1.129#interface Vlanif7ip address 192.168.1.161 255.255.255.224dhcp select interfacedhcp server dns-list 192.168.1.161#interface Vlanif400ip address 192.168.6.253 255.255.255.252 #interface MEth0/0/1#interface Ethernet0/0/1port link-type accessport default vlan 6#interface Ethernet0/0/2port link-type accessport default vlan 7#interface Ethernet0/0/3#interface Ethernet0/0/4#interface Ethernet0/0/5#interface Ethernet0/0/6#interface Ethernet0/0/7#interface Ethernet0/0/8#interface Ethernet0/0/9#interface Ethernet0/0/10#interface Ethernet0/0/11#interface Ethernet0/0/12#interface Ethernet0/0/13#interface Ethernet0/0/14#interface Ethernet0/0/15#interface Ethernet0/0/16#interface Ethernet0/0/17#interface Ethernet0/0/18#interface Ethernet0/0/19#interface Ethernet0/0/20#interface Ethernet0/0/21#interface Ethernet0/0/22#interface GigabitEthernet0/0/1 port link-type accessport default vlan 400#interface GigabitEthernet0/0/2#interface NULL0#ospf 1area 0.0.0.2network 192.168.6.253 0.0.0.0 network 192.168.1.128 0.0.0.31 network 192.168.1.160 0.0.0.31 stub no-summary#user-interface con 0user-interface vty 0 4#return。