ISP Network Deployment for Internet Access of Home Users and Enterprise Users

S300, S500, S2700, S3700, S5700, S6700, S7700, and S9700 Series Switches Typical Configuration Examples(V100 and V200)

This document provides campus networks typical configuration examples and feature typical configuration examples. "Campus Networks Typical Configuration Examples" provides typical campus network networking modes and a variety of deployment examples."Feature Typical Configuration Examples" provides typical configuration examples of a single feature on a switch. You can configure required features after deploying a campus network.

Rate and give feedback:

Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).

ISP Network Deployment for Internet Access of Home Users and Enterprise Users

Application Scenario and Service Requirements
Solution Design
Deployment Roadmap and Data Plan
Deployment Procedure
Verifying the Deployment
Configuration Files

Application Scenario and Service Requirements

Application Scenario

This example applies to small-scale access scenarios where home users and enterprise users require Internet access in residential buildings and enterprise office buildings respectively. This deployment solution can be replicated at multiple sites.

Service Requirements

Residential buildings and office buildings are the places where people live and work, and have the following characteristics:

Users are densely distributed, and the required egress bandwidth is increasing.
Users of various types may have different bandwidth requirements and consumption levels.
There are diverse service types and access modes.
There are a large number of routes.
The bandwidth usage is subject to user activities. Network congestion may occur during peak hours.

The following lists the specific network requirements:

Access requirements
Provide wired access for IPv4/IPv6 dual-stack services.

Provide differentiated multi-GE access, such as 10 Gbit/s and 1 Gbit/s, for different types of users.

Reuse existing third-party access switches at some sites.
Refined bandwidth requirements
Provide customized bandwidths for different users based on their payment levels.

Guarantee the bandwidth of VIP users upon network congestion.
Route control requirements
Flexibly control route forwarding and reduce the number of routes on devices, mitigating the pressure on device performance.
Reliability requirements
Provide device-level, card-level, and link-level reliability.
Security requirements
Prevent access from unauthorized devices, as well as malicious attacks.

Control user access to ensure network security.

Solution Design

Networking Diagram

Figure 2-109 shows the networking diagram for Internet access of home users and enterprise users in a project.

Figure 2-109 Networking diagram for Internet access of home users and enterprise users

Network Design Analysis

Access requirements

The Internet service provider (ISP) backbone network uses S series switches to provide Internet access services for home users and enterprise users.

On the network, the third-party access switch is retained and connected to a stack of aggregation switches, that is, S5731-H-5. A VLAN stacking sub-interface is configured on the interface of S5731-H-5 connected to the third-party access switch and is bound to a Virtual Switch Instance (VSI) for connecting to the virtual private LAN service (VPLS) network, so that S5731-H-5 adds the same outer VLAN tag to the service packets in different VLANs sent from the third-party access switch. This configuration saves VLAN IDs on the public network. S5731-H-5 is configured with Martini VPLS and uses the Multiprotocol Label Switching (MPLS) Label Distribution Protocol (LDP) as the signaling protocol.

On the new network to be built, S6730-H switches are deployed at the aggregation layer to reduce the number of egress gateway interfaces, and the access switch S5735-L-6 is deployed as the user gateway at the access layer to provide 10GE interfaces for Internet access.

S6730-H switches function as egress gateways and are connected to the ISP backbone network.

IPv4/IPv6 dual-stack is enabled on the entire network. The Border Gateway Protocol (BGP) and BGP for IPv6 (BGP4+) are configured to advertise routes, while Open Shortest Path First version 2 (OSPFv2) and OSPFv3 are configured to calculate and select routes.
Refined bandwidth requirements

The access switch S5735-L-6 is configured with traffic policing to provide different access bandwidths for users of different payment levels.
Route control requirements

The downstream area of the egress gateways and is configured as an OSPF stub area to reduce the number of routes in the area.

The access switch S5735-L-6 selects routes through OSPF and establishes a BGP peer relationship with the remote route reflector (RR) to advertise and receive routes. S5735-L-6 forwards traffic to upstream devices through the default routes generated in the OSPF stub area and to downstream devices through direct routes and static routes.

The egress gateways S6730-H establish Internal Border Gateway Protocol (IBGP) peer relationships with the remote RR to receive and advertise routes, and establish OSPFv2 and OSPFv3 neighbor relationships with the access switch S5735-L-6 to exchange routing information. The egress gateways forward traffic to upstream devices through default routes and OSPF routes and to downstream devices through BGP routes.

S5731-H-5 imports static routes and direct routes to the BGP routing table and advertise them to the RR on the ISP backbone network. Routing policies are configured to flexibly control route import and filter out unwanted routes.
Reliability requirements

S5731-H switches set up a stack to ensure device-level reliability. The switches are configured with multi-active detection (MAD) to detect multi-master conflicts if the stack splits. An inter-card downlink Eth-Trunk is configured between S5731-H-5 and the downstream third-party access switch to ensure link-level reliability.

The access switch S5735-L-6 connects to aggregation switches through dual uplinks and uses active/standby OSPF routes to ensure device-level and link-level reliability. Bidirectional Forwarding Detection (BFD) for OSPF is configured on the switch to accelerate convergence of OSPF routes. OSPF Graceful Restart (GR) is also configured to ensure proper data forwarding when OSPF restarts.
Security requirements

HMAC-SHA256 authentication is enabled on OSPFv2-enabled interfaces, and Internet Protocol Security (IPSec) is enabled in the OSPFv3 process.

MD5 authentication is performed for TCP connections over which BGP sessions are established. This improves the security of BGP peer connections.

MD5 authentication is performed for TCP connections over which LDP sessions are established. This improves the security of LDP session connections.

IBGP peer relationships are established through loopback interfaces and password authentication is enabled.

Device Requirements and Versions

Table 2-153 lists the products and their software versions used in this example.

Table 2-153 Products and their software versions

Product	Software Version
S6730-H	V200R019C10SPC500 + latest patch
S5731-H	V200R019C10SPC500 + latest patch
S5735-L	V200R019C10SPC500 + latest patch

Deployment Roadmap and Data Plan

Deployment Roadmap

The configuration roadmap is as follows:

Configure interfaces, add them to corresponding VLANs, and assign IPv4 and IPv6 addresses to interfaces.
Configure S5731-H aggregation switches to set up a stack (S5731-H-5) to ensure device-level reliability.
Configure OSPFv2 and OSPFv3 on the egress gateways S6730-H-1 and S6730-H-2, the access switch S5735-L-6, as well as the aggregation switch stack S5731-H-5 to implement Layer 3 communication. Configure BGP so that all the preceding devices can establish BGP peer relationships with the RR on the ISP backbone network.
Configure Layer 2 transparent transmission in a VLAN on the aggregation switches S6730-H-3 and S6730-H-4.
Enable HMAC-SHA256 authentication on OSPFv2-enabled interfaces, enable IPSec in the OSPFv3 process, and configure BGP peers to perform MD5 authentication when setting up TCP connections.
Configure the downstream area of the egress gateways as an OSPF stub area to reduce the size of the routing table in the area.
On S5735-L-6 and S5731-H-5, import direct routes and static routes of downstream devices to the BGP routing table and advertise them to the RR. Configure a routing policy to filter out unwanted routes.
Enable MPLS LDP on the egress gateways and establish local sessions with MPLS LDP-enabled neighboring devices.
Enable MPLS LDP on S5731-H-5, establish local sessions with MPLS LDP-enabled neighboring devices, and configure remote peer relationships to establish remote sessions.
Configure VPLS on S5731-H-5 for communication with remote peers.
Enable MD5 authentication on each device for TCP connections over which LDP sessions are established.
Enable MD5 authentication on each device for TCP connections over which BGP sessions are established.
Configure traffic policing on the access switch S5735-L-6 to provide different access bandwidths for users of different payment levels.

Data Plan

The following tables describe the data plans for VLANs, interfaces, IP addresses, routes, and services.

Table 2-154 VLAN plan

Device	Data	Description
Egress gateway S6730-H-1	VLANs 200 and 201	VLANs to which S6730-H-1 and S6730-H-2 belong
	VLAN 2350	VLAN for connecting to the ISP backbone network
	VLAN 210	VLAN for connecting to the downstream aggregation switch S6730-H-3
	VLAN 280	VLAN for connecting to S5731-H-5
Egress gateway S6730-H-2	VLANs 200 and 201	VLANs to which S6730-H-1 and S6730-H-2 belong
	VLAN 2355	VLAN for connecting to the ISP backbone network
	VLAN 250	VLAN for connecting to the downstream aggregation switch S6730-H-4
	VLAN 290	VLAN for connecting to S5731-H-5
Aggregation switch S6730-H-3	VLAN 210	VLAN for connecting to the egress gateways and the access switch S5735-L-6
Aggregation switch S6730-H-4	VLAN 250	VLAN for connecting to the egress gateways and the access switch S5735-L-6
Aggregation switch stack S5731-H-5	VLAN 2401	VLAN for connecting to the upstream egress gateway S6730-H-1
	VLAN 2402	VLAN for connecting to the upstream egress gateway S6730-H-2
	VLANs 2601 to 2605	VLANs for connecting to the downstream third-party access switch
Access gateway S5735-L-6	VLAN 210	VLAN for connecting to the upstream aggregation switch S6730-H-3
	VLAN 250	VLAN for connecting to the upstream aggregation switch S6730-H-4
	VLAN 502	VLAN for connecting to downstream terminals

Table 2-155 Interface and IP address plan

Device	Interface Number	VLAN to Which the Interface Belongs	IP Address	Description
Egress gateway S6730-H-1	Eth-Trunk 1	200	VLANIF 200: 1.1.1.193/30	Interface connected to the egress gateway S6730-H-2
			2001:F60::A39/126
			FE80:F60::A39 (link-local address)
		201	VLANIF 201: 1.1.1.197/30	Interface connected to the egress gateway S6730-H-2
			2001:F60::A3D/126
			FE80:F60::A3D (link-local address)
	Eth-Trunk 2	2350	VLANIF 2350: 1.1.1.186/30	Interface connected to the ISP backbone network
			2001:F60::A32/126
			FE80:F60::A32 (link-local address)
	Eth-Trunk 3	210	VLANIF 210: 1.1.1.209/30	Interface connected to the downstream aggregation switch S6730-H-3
			2001:F60::A41/126
			FE80:F60::A41 (link-local address)
	Eth-Trunk 4	280	VLANIF 280: 1.1.1.213/30	Interface connected to S5731-H-5
	Loopback 0	-	1.1.1.104/32	-
	Loopback 0	-	2001:F60::66/128	-
Egress gateway S6730-H-2	Eth-Trunk 1	200	VLANIF 200: 1.1.1.194/30	Interface connected to the egress gateway S6730-H-1
			2001:F60::A3A/126
			FE80:F60::A3A (link-local address)
		201	VLANIF 201: 1.1.1.198/30	Interface connected to the egress gateway S6730-H-1
			2001:F60::A3E/126
			FE80:F60::A3E (link-local address)
	Eth-Trunk 2	2355	VLANIF 2355: 1.1.1.190/30	Interface connected to the ISP backbone network
			2001:F60::A36/126
			FE80:F60::A36 (link-local address)
	Eth-Trunk 3	250	VLANIF 250: 1.1.1.217/30	Interface connected to the downstream aggregation switch S6730-H-4
			2001:F60::A45/126
			FE80:F60::A45 (link-local address)
	Eth-Trunk 4	290	VLANIF 290: 1.1.1.221/30	Interface connected to S5731-H-5
	Loopback 0	-	1.1.1.105/32	-
	Loopback 0	-	2001:F60::67/128	-
Aggregation switch S6730-H-3	Eth-Trunk 2	210	-	Interface connected to the upstream egress gateways
Aggregation switch S6730-H-3	XGE0/0/1	210	-	Interface connected to the downstream access gateways
Aggregation switch S6730-H-4	Eth-Trunk 2	250	-	Interface connected to the upstream egress gateways
Aggregation switch S6730-H-4	XGE0/0/1	250	-	Interface connected to the downstream access gateways
Aggregation switch stack S5731-H-5	Eth-Trunk 101	2401	VLANIF 2401: 1.1.1.214/30	Interface connected to the upstream egress gateways
	Eth-Trunk 102	2402	VLANIF 2402: 1.1.1.222/30	Interface connected to the upstream egress gateways
	Eth-Trunk 1	2601	VLANIF 2601: 2.2.1.113/28	Interface connected to the downstream third-party access switch
		2602	VLANIF 2602: 2.2.2.113/28	Interface connected to the downstream third-party access switch
		2603	VLANIF 2603: 2.2.3.117/30	Interface connected to the downstream third-party access switch
		2604	VLANIF 2604: 2.2.4.25/30	Interface connected to the downstream third-party access switch
		2605	VLANIF 2605: 2.2.5.109/30	Interface connected to the downstream third-party access switch
	Loopback 0	-	1.1.1.107/32	-
Access gateway S5735-L-6	XGE0/0/1 and XGE0/0/2	502	VLANIF 502: 3.3.3.173/30	Interfaces connected to downstream terminals or other network devices
			2002:F60::113/64
			FE80:F60::113 (link-local address)
	XGE0/0/47	210	VLANIF 210: 1.1.1.210/30	Interface connected to the upstream aggregation switch S6730-H-3
			2001:F60::A42/126
			FE80:F60::A42 (link-local address)
	XGE0/0/48	250	VLANIF 25: 1.1.1.218/30	Interface connected to the upstream aggregation switch S6730-H-4
			2001:F60::A46/126
			FE80:F60::A46 (link-local address)
	Loopback 0	-	1.1.1.106/32	-
	Loopback 0	-	2001:F60::68/128	-

Deployment Procedure

Configuring Egress Gateways (S6730-H)

The following uses S6730-H-1 as an example. The configuration of S6730-H-2 is similar to that of S6730-H-1.

Configure VLANs and interfaces on S6730-H-1.

# Create Eth-Trunks and add them to corresponding VLANs.

<S6730-H-1> system-view
[S6730-H-1] vlan batch 200 to 201 210 280 2350
[S6730-H-1] stp disable
[S6730-H-1] interface Eth-Trunk 1
[S6730-H-1-Eth-Trunk1] mode lacp
[S6730-H-1-Eth-Trunk1] port link-type trunk
[S6730-H-1-Eth-Trunk1] undo port trunk allow-pass vlan 1
[S6730-H-1-Eth-Trunk1] port trunk allow-pass vlan 200 to 201
[S6730-H-1-Eth-Trunk1] quit
[S6730-H-1] interface Eth-Trunk 2
[S6730-H-1-Eth-Trunk2] mode lacp
[S6730-H-1-Eth-Trunk2] port link-type trunk
[S6730-H-1-Eth-Trunk2] undo port trunk allow-pass vlan 1
[S6730-H-1-Eth-Trunk2] port trunk allow-pass vlan 2350
[S6730-H-1-Eth-Trunk2] quit
[S6730-H-1] interface Eth-Trunk 3
[S6730-H-1-Eth-Trunk3] mode lacp
[S6730-H-1-Eth-Trunk3] port link-type trunk
[S6730-H-1-Eth-Trunk3] undo port trunk allow-pass vlan 1
[S6730-H-1-Eth-Trunk3] port trunk allow-pass vlan 210
[S6730-H-1-Eth-Trunk3] quit
[S6730-H-1] interface Eth-Trunk 4
[S6730-H-1-Eth-Trunk4] mode lacp
[S6730-H-1-Eth-Trunk4] port link-type trunk
[S6730-H-1-Eth-Trunk4] undo port trunk allow-pass vlan 1
[S6730-H-1-Eth-Trunk4] port trunk allow-pass vlan 280
[S6730-H-1-Eth-Trunk4] quit

# Add member interfaces to the Eth-Trunks.

[S6730-H-1] interface 40GE 0/0/1
[S6730-H-1-40GE0/0/1] eth-trunk 1
[S6730-H-1-40GE0/0/1] quit
[S6730-H-1] interface 40GE 0/0/2
[S6730-H-1-40GE0/0/2] eth-trunk 1
[S6730-H-1-40GE0/0/2] quit
[S6730-H-1] interface XGigabitEthernet 0/0/24
[S6730-H-1-XGigabitEthernet0/0/24] eth-trunk 2
[S6730-H-1-XGigabitEthernet0/0/24] quit
[S6730-H-1] interface XGigabitEthernet 0/0/1
[S6730-H-1-XGigabitEthernet0/0/1] eth-trunk 3
[S6730-H-1-XGigabitEthernet0/0/1] quit
[S6730-H-1] interface XGigabitEthernet 0/0/15
[S6730-H-1-XGigabitEthernet0/0/15] eth-trunk 4
[S6730-H-1-XGigabitEthernet0/0/15] quit

# Assign IP addresses to VLANIF interfaces and loopback 0.

[S6730-H-1] ipv6
[S6730-H-1] interface Vlanif 200
[S6730-H-1-Vlanif200] ipv6 enable
[S6730-H-1-Vlanif200] ip address 1.1.1.193 30
[S6730-H-1-Vlanif200] ipv6 address 2001:F60::A39/126
[S6730-H-1-Vlanif200] ipv6 address FE80:F60::A39 link-local
[S6730-H-1-Vlanif200] quit
[S6730-H-1] interface Vlanif 201
[S6730-H-1-Vlanif201] ipv6 enable
[S6730-H-1-Vlanif201] ip address 1.1.1.197 30
[S6730-H-1-Vlanif201] ipv6 address 2001:F60::A3D/126
[S6730-H-1-Vlanif201] ipv6 address FE80:F60::A3D link-local
[S6730-H-1-Vlanif201] quit
[S6730-H-1] interface Vlanif 210
[S6730-H-1-Vlanif210] ipv6 enable
[S6730-H-1-Vlanif210] ip address 1.1.1.209 30
[S6730-H-1-Vlanif210] ipv6 address 2001:F60::A41/126
[S6730-H-1-Vlanif210] ipv6 address FE80:F60::A41 link-local
[S6730-H-1-Vlanif210] quit
[S6730-H-1] interface Vlanif 280
[S6730-H-1-Vlanif280] ip address 1.1.1.213 30
[S6730-H-1-Vlanif280] quit
[S6730-H-1] interface Vlanif 2350
[S6730-H-1-Vlanif2350] ipv6 enable
[S6730-H-1-Vlanif2350] ip address 1.1.1.186 30
[S6730-H-1-Vlanif2350] ipv6 address 2001:F60::A32/126
[S6730-H-1-Vlanif2350] ipv6 address FE80:F60::A32 link-local
[S6730-H-1-Vlanif2350] quit
[S6730-H-1] interface LoopBack 0
[S6730-H-1-LoopBack0] ipv6 enable
[S6730-H-1-LoopBack0] ip address 1.1.1.104 32
[S6730-H-1-LoopBack0] ipv6 address 2001:F60::66/128
[S6730-H-1-LoopBack0] quit

Configure OSPF on S6730-H-1.

# Configure IPSec.

[S6730-H-1] ipsec proposal 1
[S6730-H-1-ipsec-proposal-1] encapsulation-mode transport 
[S6730-H-1-ipsec-proposal-1] transform ah
[S6730-H-1-ipsec-proposal-1] ah authentication-algorithm sha2-256 
[S6730-H-1-ipsec-proposal-1] quit
[S6730-H-1] ipsec sa area0 
[S6730-H-1-ipsec-sa-area0] proposal 1
[S6730-H-1-ipsec-sa-area0] sa spi inbound ah 256
[S6730-H-1-ipsec-sa-area0] sa authentication-hex inbound ah cipher 112233445566778899aabbccddeeff00 
[S6730-H-1-ipsec-sa-area0] sa spi outbound ah 256
[S6730-H-1-ipsec-sa-area0] sa authentication-hex outbound ah cipher aabbccddeeff001100aabbccddeeff00 
[S6730-H-1-ipsec-sa-area0] quit
[S6730-H-1] ipsec sa stub
[S6730-H-1-ipsec-sa-stub] proposal 1
[S6730-H-1-ipsec-sa-stub] sa spi inbound ah 1256
[S6730-H-1-ipsec-sa-stub] sa authentication-hex inbound ah cipher 112233445566778899aabbccddeeff00
[S6730-H-1-ipsec-sa-stub] sa spi outbound ah 1256
[S6730-H-1-ipsec-sa-stub] sa authentication-hex outbound ah cipher aabbccddeeff001100aabbccddeeff00
[S6730-H-1-ipsec-sa-stub] quit

# Create an OSPFv2 process.

[S6730-H-1] bfd
[S6730-H-1-bfd] quit
[S6730-H-1] ospf 1 router-id 1.1.1.104
[S6730-H-1-ospf-1] bfd all-interfaces enable
[S6730-H-1-ospf-1] opaque-capability enable
[S6730-H-1-ospf-1] graceful-restart
[S6730-H-1-ospf-1] area 0.0.0.0
[S6730-H-1-ospf-1-area-0.0.0.0] quit
[S6730-H-1-ospf-1] area 1.1.1.104
[S6730-H-1-ospf-1-area-1.1.1.104] stub no-summary
[S6730-H-1-ospf-1-area-1.1.1.104] quit
[S6730-H-1-ospf-1] quit

# Create an OSPFv3 process.

[S6730-H-1] ospfv3 1
[S6730-H-1-ospfv3-1] router-id 1.1.1.104
[S6730-H-1-ospfv3-1] graceful-restart
[S6730-H-1-ospfv3-1] bfd all-interfaces enable
[S6730-H-1-ospfv3-1] ipsec sa area0
[S6730-H-1-ospfv3-1] area 1.1.1.104
[S6730-H-1-ospfv3-1-area-1.1.1.104] stub no-summary
[S6730-H-1-ospfv3-1-area-1.1.1.104] ipsec sa stub
[S6730-H-1-ospfv3-1-area-1.1.1.104] quit
[S6730-H-1-ospfv3-1] quit

# Enable OSPFv2 and OSPFv3 on VLANIF 200, VLANIF 201, VLANIF 210, VLANIF 280, VLANIF 2350, and loopback 0. Enable OSPFv2 and OSPFv3 on VLANIF 200, VLANIF 2350, and loopback 0 in area 0, and on other interfaces in the stub area. The following example enables OSPFv2 and OSPFv3 on VLANIF 200:

[S6730-H-1] interface Vlanif 200
[S6730-H-1-Vlanif200] ospf authentication-mode hmac-sha256 1 cipher YsHsjx_202206
[S6730-H-1-Vlanif200] ospf network-type p2p
[S6730-H-1-Vlanif200] ospf enable 1 area 0.0.0.0
[S6730-H-1-Vlanif200] ospfv3 1 area 0.0.0.0 
[S6730-H-1-Vlanif200] ospfv3 network-type p2p
[S6730-H-1-Vlanif200] quit

Configure BGP on S6730-H-1.

# Create a BGP process and configure peer relationships. Assume that RRs working in active/standby mode are deployed on the ISP backbone network, and their IPv4 addresses are 1.1.1.3 and 1.1.1.4 and their IPv6 addresses are 2001:F60::3 and 2001:F60::4, respectively.

[S6730-H-1] bgp 64700
[S6730-H-1-bgp] router-id 1.1.1.104
[S6730-H-1-bgp] peer 1.1.1.3 as-number 64700
[S6730-H-1-bgp] peer 1.1.1.3 connect-interface LoopBack0
[S6730-H-1-bgp] peer 1.1.1.3 password cipher YsHsjx_202206
[S6730-H-1-bgp] peer 1.1.1.4 as-number 64700
[S6730-H-1-bgp] peer 1.1.1.4 connect-interface LoopBack0
[S6730-H-1-bgp] peer 1.1.1.4 password cipher YsHsjx_202206
[S6730-H-1-bgp] peer 2001:F60::3 as-number 64700
[S6730-H-1-bgp] peer 2001:F60::3 connect-interface LoopBack0
[S6730-H-1-bgp] peer 2001:F60::3 password cipher YsHsjx_202206
[S6730-H-1-bgp] peer 2001:F60::4 as-number 64700
[S6730-H-1-bgp] peer 2001:F60::4 connect-interface LoopBack0
[S6730-H-1-bgp] peer 2001:F60::4 password cipher YsHsjx_202206
[S6730-H-1-bgp] ipv4-family unicast
[S6730-H-1-bgp-af-ipv4] peer 1.1.1.3 enable
[S6730-H-1-bgp-af-ipv4] peer 1.1.1.4 enable
[S6730-H-1-bgp-af-ipv4] quit
[S6730-H-1-bgp] ipv6-family unicast
[S6730-H-1-bgp-af-ipv6] peer 2001:F60::3 enable 
[S6730-H-1-bgp-af-ipv6] peer 2001:F60::4 enable 
[S6730-H-1-bgp-af-ipv6] quit
[S6730-H-1-bgp] quit

Configure MPLS LDP on S6730-H-1.

[S6730-H-1] mpls lsr-id 1.1.1.104 
[S6730-H-1] mpls
[S6730-H-1-mpls] quit
[S6730-H-1] mpls ldp
[S6730-H-1-mpls-ldp] longest-match
[S6730-H-1-mpls-ldp] md5-password cipher all YsHsjx_202206
[S6730-H-1-mpls-ldp] quit 
[S6730-H-1] interface Vlanif 200
[S6730-H-1-Vlanif200] mpls
[S6730-H-1-Vlanif200] mpls ldp
[S6730-H-1-Vlanif200] quit
[S6730-H-1] interface Vlanif 201
[S6730-H-1-Vlanif201] mpls
[S6730-H-1-Vlanif201] mpls ldp
[S6730-H-1-Vlanif201] quit
[S6730-H-1] interface Vlanif 210
[S6730-H-1-Vlanif210] mpls
[S6730-H-1-Vlanif210] mpls ldp
[S6730-H-1-Vlanif210] quit
[S6730-H-1] interface Vlanif 280
[S6730-H-1-Vlanif280] mpls
[S6730-H-1-Vlanif280] mpls ldp
[S6730-H-1-Vlanif280] quit
[S6730-H-1] interface Vlanif 2350
[S6730-H-1-Vlanif2350] mpls
[S6730-H-1-Vlanif2350] mpls ldp
[S6730-H-1-Vlanif2350] quit

Configuring a Stack of Aggregation Switches (S5731-H-5)

Configure two S5731-H aggregation switches to set up a stack (S5731-H-5).
For details about how to set up a stack, see Stack Assistant.

Configure VLANs and interfaces on S5731-H-5.

# Create Eth-Trunks and add them to corresponding VLANs.

<S5731-H-5> system-view
[S5731-H-5] vlan batch 2401 to 2402 2601 to 2605
[S5731-H-5] stp disable
[S5731-H-5] interface Eth-Trunk 1
[S5731-H-5-Eth-Trunk1] mode lacp
[S5731-H-5-Eth-Trunk1] port link-type trunk
[S5731-H-5-Eth-Trunk1] undo port trunk allow-pass vlan 1
[S5731-H-5-Eth-Trunk1] port trunk allow-pass vlan 2601 to 2605  
[S5731-H-5-Eth-Trunk1] quit
[S5731-H-5] interface Eth-Trunk 101
[S5731-H-5-Eth-Trunk101] mode lacp
[S5731-H-5-Eth-Trunk101] port link-type trunk
[S5731-H-5-Eth-Trunk101] undo port trunk allow-pass vlan 1
[S5731-H-5-Eth-Trunk101] port trunk allow-pass vlan 2401
[S5731-H-5-Eth-Trunk101] quit
[S5731-H-5] interface Eth-Trunk 102
[S5731-H-5-Eth-Trunk102] mode lacp
[S5731-H-5-Eth-Trunk102] port link-type trunk
[S5731-H-5-Eth-Trunk102] undo port trunk allow-pass vlan 1
[S5731-H-5-Eth-Trunk102] port trunk allow-pass vlan 2402
[S5731-H-5-Eth-Trunk102] quit

# Add member interfaces to the Eth-Trunks.

[S5731-H-5] interface GigabitEthernet 0/0/1
[S5731-H-5-GigabitEthernet0/0/1] eth-trunk 1
[S5731-H-5-GigabitEthernet0/0/1] quit
[S5731-H-5] interface GigabitEthernet 1/0/1
[S5731-H-5-GigabitEthernet1/0/1] eth-trunk 1
[S5731-H-5-GigabitEthernet1/0/1] quit
[S5731-H-5] interface XGigabitEthernet 0/0/4
[S5731-H-5-XGigabitEthernet0/0/4] eth-trunk 101
[S5731-H-5-XGigabitEthernet0/0/4] quit
[S5731-H-5] interface XGigabitEthernet 1/0/4
[S5731-H-5-XGigabitEthernet1/0/4] eth-trunk 102
[S5731-H-5-XGigabitEthernet1/0/4] quit

# Assign IP addresses to VLANIF interfaces and loopback 0.

[S5731-H-5] interface Vlanif 2401
[S5731-H-5-Vlanif2401] ip address 1.1.1.214 30
[S5731-H-5-Vlanif2401] quit
[S5731-H-5] interface Vlanif 2402
[S5731-H-5-Vlanif2402] ip address 1.1.1.222 30
[S5731-H-5-Vlanif2402] quit
[S5731-H-5] interface Vlanif 2601
[S5731-H-5-Vlanif2601] ip address 2.2.1.113 28
[S5731-H-5-Vlanif2601] quit
[S5731-H-5] interface Vlanif 2602
[S5731-H-5-Vlanif2602] ip address 2.2.2.113 28
[S5731-H-5-Vlanif2602] quit
[S5731-H-5] interface Vlanif 2603
[S5731-H-5-Vlanif2603] ip address 2.2.3.117 30
[S5731-H-5-Vlanif2603] quit
[S5731-H-5] interface Vlanif 2604
[S5731-H-5-Vlanif2604] ip address 2.2.4.25 30
[S5731-H-5-Vlanif2604] quit
[S5731-H-5] interface Vlanif 2605
[S5731-H-5-Vlanif2605] ip address 2.2.5.109 30
[S5731-H-5-Vlanif2605] quit
[S5731-H-5] interface LoopBack 0
[S5731-H-5-LoopBack0] ip address 1.1.1.107 32
[S5731-H-5-LoopBack0] quit

Configure OSPF on S5731-H-5.

# Create an OSPFv2 process.

[S5731-H-5] bfd
[S5731-H-5-bfd] quit
[S5731-H-5] ospf 1 router-id 1.1.1.107
[S5731-H-5-ospf-1] bfd all-interfaces enable
[S5731-H-5-ospf-1] opaque-capability enable
[S5731-H-5-ospf-1] graceful-restart
[S5731-H-5-ospf-1] area 1.1.1.104
[S5731-H-5-ospf-1-area-1.1.1.104] stub no-summary
[S5731-H-5-ospf-1-area-1.1.1.104] quit
[S5731-H-5-ospf-1] quit

# Enable OSPFv2 on VLANIF 2401, VLANIF 2402, and loopback 0. The following example enables OSPFv2 on VLANIF 2401.

[S5731-H-5] interface Vlanif 2401
[S5731-H-5-Vlanif2401] ospf authentication-mode hmac-sha256 1 cipher YsHsjx_202206
[S5731-H-5-Vlanif2401] ospf network-type p2p
[S5731-H-5-Vlanif2401] ospf enable 1 area 1.1.1.104
[S5731-H-5-Vlanif2401] quit

Configure BGP on S5731-H-5.

# Create a routing policy to import direct routes and static routes on downstream devices to the BGP routing table and advertise them to the RR, and create another routing policy to filter out unneeded routes.

[S5731-H-5] route-policy STATIC-to-BGP permit node 10
[S5731-H-5-route-policy] if-match tag 647000
[S5731-H-5-route-policy] route-policy STATIC-to-BGP permit node 20
[S5731-H-5-route-policy] if-match tag 647001
[S5731-H-5-route-policy] route-policy STATIC-to-BGP deny node 30
[S5731-H-5-route-policy] quit

# Create a BGP process and configure peer relationships. Assume that RRs working in active/standby mode are deployed on the ISP backbone network and their IPv4 addresses are 1.1.1.3 and 1.1.1.4, respectively.

[S5731-H-5] bgp 64700
[S5731-H-5-bgp] router-id 1.1.1.107
[S5731-H-5-bgp] peer 1.1.1.3 as-number 64700
[S5731-H-5-bgp] peer 1.1.1.3 connect-interface LoopBack0
[S5731-H-5-bgp] peer 1.1.1.3 password cipher YsHsjx_202206
[S5731-H-5-bgp] peer 1.1.1.4 as-number 64700
[S5731-H-5-bgp] peer 1.1.1.4 connect-interface LoopBack0
[S5731-H-5-bgp] peer 1.1.1.4 password cipher YsHsjx_202206
[S5731-H-5-bgp] ipv4-family unicast
[S5731-H-5-bgp-af-ipv4] import-route static route-policy STATIC-to-BGP
[S5731-H-5-bgp-af-ipv4] peer 1.1.1.3 enable 
[S5731-H-5-bgp-af-ipv4] peer 1.1.1.4 enable
[S5731-H-5-bgp-af-ipv4] quit
[S5731-H-5-bgp] quit

Configure MPLS LDP on S5731-H-5.

[S5731-H-5] mpls lsr-id 1.1.1.107 
[S5731-H-5] mpls
[S5731-H-5-mpls] quit
[S5731-H-5] mpls ldp
[S5731-H-5-mpls-ldp] longest-match
[S5731-H-5-mpls-ldp] md5-password cipher all YsHsjx_202206
[S5731-H-5-mpls-ldp] quit 
[S5731-H-5] interface Vlanif 2401
[S5731-H-5-Vlanif2401] mpls
[S5731-H-5-Vlanif2401] mpls ldp
[S5731-H-5-Vlanif2401] quit
[S5731-H-5] interface Vlanif 2402
[S5731-H-5-Vlanif2402] mpls
[S5731-H-5-Vlanif2402] mpls ldp
[S5731-H-5-Vlanif2402] quit
[S5731-H-5] mpls ldp remote-peer 1.1.1.9
[S5731-H-5-mpls-ldp-remote-1.1.1.9] remote-ip 1.1.1.9 
[S5731-H-5-mpls-ldp-remote-1.1.1.9] quit
[S5731-H-5] mpls ldp remote-peer 1.1.1.10
[S5731-H-5-mpls-ldp-remote-1.1.1.10] remote-ip 1.1.1.10
[S5731-H-5-mpls-ldp-remote-1.1.1.10] quit

Configure VPLS on S5731-H-5.

[S5731-H-5] mpls l2vpn 
[S5731-H-5-l2vpn] quit
[S5731-H-5] vsi v2 static 
[S5731-H-5-vsi-v2] pwsignal ldp
[S5731-H-5--vsi-v2-ldp] vsi-id 1035
[S5731-H-5--vsi-v2-ldp] peer 1.1.1.9
[S5731-H-5--vsi-v2-ldp] quit
[S5731-H-5-vsi-v2] quit
[S5731-H-5] vcmp role silent
[S5731-H-5] interface Eth-Trunk 1.1035
[S5731-H-5-Eth-Trunk1.1035] qinq stacking vid 3400 to 3999 pe-vid 1035
[S5731-H-5-Eth-Trunk1.1035] l2 binding vsi v2
[S5731-H-5-Eth-Trunk1.1035] quit

VLAN termination sub-interfaces cannot be created on a VLAN Central Management Protocol (VCMP) client. In this example, S5731-H-5 is configured as a VCMP silent switch.

Configuring Aggregation Switches (S6730-H)

The following uses S6730-H-3 as an example. The configuration of S6730-H-4 is similar to that of S6730-H-3.

Configure a VLAN and an interface on S6730-H-3.

# Create an Eth-Trunk, and add the Eth-Trunk and a physical interface to a VLAN.

<S6730-H-3> system-view
[S6730-H-3] vlan batch 210
[S6730-H-3] interface Eth-Trunk 2
[S6730-H-3-Eth-Trunk2] mode lacp
[S6730-H-3-Eth-Trunk2] port link-type trunk
[S6730-H-3-Eth-Trunk2] undo port trunk allow-pass vlan 1
[S6730-H-3-Eth-Trunk2] port trunk allow-pass vlan 210  
[S6730-H-3-Eth-Trunk2] quit
[S6730-H-3] interface XGigabitEthernet 0/0/1
[S6730-H-3-XGigabitEthernet0/0/1] port link-type trunk
[S6730-H-3-XGigabitEthernet0/0/1] undo port trunk allow-pass vlan 1
[S6730-H-3-XGigabitEthernet0/0/1] port trunk allow-pass vlan 210
[S6730-H-3-XGigabitEthernet0/0/1] quit

# Add a member interface to the Eth-Trunk.

[S6730-H-3] interface XGigabitEthernet 0/0/24
[S6730-H-3-XGigabitEthernet0/0/24] eth-trunk 2
[S6730-H-3-XGigabitEthernet0/0/24] quit

Configuring the Access Switch S5735-L-6

Configure VLANs and interfaces on S5735-L-6.

# Create VLANs and add physical interfaces to the corresponding VLANs.

<S5735-L-6> system-view
[S5735-L-6] vlan batch 210 250 502
[S5735-L-6] stp disable
[S5735-L-6] interface XGigabitEthernet 0/0/1
[S5735-L-6-XGigabitEthernet0/0/2] port link-type access
[S5735-L-6-XGigabitEthernet0/0/2] port default vlan 502
[S5735-L-6-XGigabitEthernet0/0/2] quit
[S5735-L-6] interface XGigabitEthernet 0/0/2
[S5735-L-6-XGigabitEthernet0/0/2] port link-type access
[S5735-L-6-XGigabitEthernet0/0/2] port default vlan 502
[S5735-L-6-XGigabitEthernet0/0/2] quit
[S5735-L-6] interface XGigabitEthernet 0/0/47
[S5735-L-6-XGigabitEthernet0/0/47] port link-type trunk
[S5735-L-6-XGigabitEthernet0/0/47] undo port trunk allow-pass vlan 1
[S5735-L-6-XGigabitEthernet0/0/47] port trunk allow-pass vlan 210
[S5735-L-6-XGigabitEthernet0/0/47] quit
[S5735-L-6] interface XGigabitEthernet 0/0/48
[S5735-L-6-XGigabitEthernet0/0/48] port link-type trunk
[S5735-L-6-XGigabitEthernet0/0/48] undo port trunk allow-pass vlan 1
[S5735-L-6-XGigabitEthernet0/0/48] port trunk allow-pass vlan 250
[S5735-L-6-XGigabitEthernet0/0/48] quit

# Assign IP addresses to VLANIF interfaces and loopback 0.

[S5735-L-6] ipv6
[S5735-L-6] interface Vlanif 210
[S5735-L-6-Vlanif210] ipv6 enable
[S5735-L-6-Vlanif210] ip address 1.1.1.210 30
[S5735-L-6-Vlanif210] ipv6 address 2001:F60::A42/126
[S5735-L-6-Vlanif210] ipv6 address FE80:F60::A42 link-local 
[S5735-L-6-Vlanif210] quit
[S5735-L-6] interface Vlanif 250
[S5735-L-6-Vlanif250] ipv6 enable
[S5735-L-6-Vlanif250] ip address 1.1.1.218 30
[S5735-L-6-Vlanif250] ipv6 address 2001:F60::A46/126
[S5735-L-6-Vlanif250] ipv6 address FE80:F60::A46 link-local
[S5735-L-6-Vlanif250] quit
[S5735-L-6] interface Vlanif 502
[S5735-L-6-Vlanif502] ipv6 enable
[S5735-L-6-Vlanif502] ip address 3.3.3.173 30
[S5735-L-6-Vlanif502] ipv6 address 2002:F60::113/64 
[S5735-L-6-Vlanif502] ipv6 address FE80:F60::113 link-local
[S5735-L-6-Vlanif502] quit
[S5735-L-6] interface LoopBack 0
[S5735-L-6-LoopBack0] ipv6 enable
[S5735-L-6-LoopBack0] ip address 1.1.1.106 32
[S5735-L-6-LoopBack0] ipv6 address 2001:F60::68/128
[S5735-L-6-LoopBack0] quit

Configure OSPF on S5735-L-6.

# Configure IPSec.

[S5735-L-6] ipsec proposal 1 
[S5735-L-6-ipsec-proposal-1] encapsulation-mode transport 
[S5735-L-6-ipsec-proposal-1] transform ah
[S5735-L-6-ipsec-proposal-1] ah authentication-algorithm sha2-256 
[S5735-L-6-ipsec-proposal-1] quit
[S5735-L-6] ipsec sa area0 
[S5735-L-6-ipsec-sa-area0] proposal 1
[S5735-L-6-ipsec-sa-area0] sa spi inbound ah 256
[S5735-L-6-ipsec-sa-area0] sa authentication-hex inbound ah cipher 112233445566778899aabbccddeeff00 
[S5735-L-6-ipsec-sa-area0] sa spi outbound ah 256
[S5735-L-6-ipsec-sa-area0] sa authentication-hex outbound ah cipher aabbccddeeff001100aabbccddeeff00 
[S5735-L-6-ipsec-sa-area0] quit
[S5735-L-6] ipsec sa stub
[S5735-L-6-ipsec-sa-stub] proposal 1
[S5735-L-6-ipsec-sa-stub] sa spi inbound ah 1256
[S5735-L-6-ipsec-sa-stub] sa authentication-hex inbound ah cipher 112233445566778899aabbccddeeff00
[S5735-L-6-ipsec-sa-stub] sa spi outbound ah 1256
[S5735-L-6-ipsec-sa-stub] sa authentication-hex outbound ah cipher aabbccddeeff001100aabbccddeeff00
[S5735-L-6-ipsec-sa-stub] quit

# Create an OSPFv2 process.

[S5735-L-6] bfd
[S5735-L-6-bfd] quit
[S5735-L-6] ospf 1 router-id 1.1.1.106
[S5735-L-6-ospf-1] bfd all-interfaces enable
[S5735-L-6-ospf-1] opaque-capability enable
[S5735-L-6-ospf-1] graceful-restart
[S5735-L-6-ospf-1] area 1.1.1.104
[S5735-L-6-ospf-1-area-1.1.1.104] stub no-summary
[S5735-L-6-ospf-1-area-1.1.1.104] quit
[S5735-L-6-ospf-1] quit

# Create an OSPFv3 process.

[S5735-L-6] ospfv3 1
[S5735-L-6-ospfv3-1] router-id 1.1.1.106
[S5735-L-6-ospfv3-1] graceful-restart
[S5735-L-6-ospfv3-1] bfd all-interfaces enable
[S5735-L-6-ospfv3-1] area 1.1.1.104
[S5735-L-6-ospfv3-1-area-1.1.1.104] stub no-summary
[S5735-L-6-ospfv3-1-area-1.1.1.104] ipsec sa stub
[S5735-L-6-ospfv3-1-area-1.1.1.104] quit
[S5735-L-6-ospfv3-1] quit

# Enable OSPFv2 and OSPFv3 on VLANIF 210, VLANIF 250, and loopback 0. The following example enables OSPFv2 and OSPFv3 on VLANIF 210:

[S5735-L-6] interface Vlanif 210
[S5735-L-6-Vlanif210] ospf authentication-mode hmac-sha256 1 cipher YsHsjx_202206
[S5735-L-6-Vlanif210] ospf network-type p2p
[S5735-L-6-Vlanif210] ospf enable 1 area 1.1.1.104
[S5735-L-6-Vlanif210] ospfv3 1 area 1.1.1.104 
[S5735-L-6-Vlanif210] ospfv3 network-type p2p
[S5735-L-6-Vlanif210] quit

Configure BGP on S5735-L-6 to import specified static routes (such as the routes carrying tags 6000 and 6001) from the user side to the BGP routing table.

# Create routing policies.

[S5735-L-6] route-policy STATIC-to-BGP permit node 10
[S5735-L-6-route-policy] if-match tag 6000
[S5735-L-6-route-policy] route-policy STATIC-to-BGP permit node 20
[S5735-L-6-route-policy] if-match tag 6001
[S5735-L-6-route-policy] route-policy STATIC-to-BGP deny node 30
[S5735-L-6-route-policy] quit

[S5735-L-6] bgp 64700
[S5735-L-6-bgp] router-id 1.1.1.106
[S5735-L-6-bgp] peer 1.1.1.3 as-number 64700
[S5735-L-6-bgp] peer 1.1.1.3 connect-interface LoopBack0
[S5735-L-6-bgp] peer 1.1.1.3 password cipher YsHsjx_202206
[S5735-L-6-bgp] peer 1.1.1.4 as-number 64700
[S5735-L-6-bgp] peer 1.1.1.4 connect-interface LoopBack0
[S5735-L-6-bgp] peer 1.1.1.4 password cipher YsHsjx_202206
[S5735-L-6-bgp] peer 2001:F60::3  as-number 64700
[S5735-L-6-bgp] peer 2001:F60::3 connect-interface LoopBack0
[S5735-L-6-bgp] peer 2001:F60::3 password cipher YsHsjx_202206
[S5735-L-6-bgp] peer 2001:F60::4 as-number 64700
[S5735-L-6-bgp] peer 2001:F60::4 connect-interface LoopBack0
[S5735-L-6-bgp] peer 2001:F60::4 password cipher YsHsjx_202206
[S5735-L-6-bgp] ipv4-family unicast
[S5735-L-6-bgp-af-ipv4] import-route static route-policy STATIC-to-BGP
[S5735-L-6-bgp-af-ipv4] peer 1.1.1.3 enable
[S5735-L-6-bgp-af-ipv4] peer 1.1.1.4 enable
[S5735-L-6-bgp-af-ipv4] quit
[S5735-L-6-bgp] ipv6-family unicast
[S5735-L-6-bgp-af-ipv6] import-route static route-policy STATIC-to-BGP
[S5735-L-6-bgp-af-ipv6] peer 2001:F60::3 enable
[S5735-L-6-bgp-af-ipv6] peer 2001:F60::4 enable
[S5735-L-6-bgp-af-ipv6] quit
[S5735-L-6-bgp] quit

Configure QoS on S5735-L-6 to enable different interfaces to provide differentiated bandwidths for users.

[S5735-L-6] traffic classifier ANYINT operator or
[S5735-L-6-classifier-ANYINT] if-match any 
[S5735-L-6-classifier-ANYINT] quit
[S5735-L-6] traffic behavior PREMIUM10
[S5735-L-6-behavior-PREMIUM10] car cir 10000 pir 1000000 cbs 1250000 pbs 125000000 share green pass remark-8021p 4 yellow pass remark-8021p 1 red discard
[S5735-L-6-behavior-PREMIUM10] quit
[S5735-L-6] traffic behavior PREMIUM100
[S5735-L-6-behavior-PREMIUM100] car cir 100000 pir 1000000 cbs 12500000 pbs 125000000 share green pass remark-8021p 4 yellow pass remark-8021p 1 red discard
[S5735-L-6-behavior-PREMIUM100] quit
[S5735-L-6] traffic policy PREMIUM10 match-order config
[S5735-L-6-trafficpolicy-PREMIUM10] classifier ANYINT behavior PREMIUM10
[S5735-L-6-trafficpolicy-PREMIUM10] quit
[S5735-L-6] traffic policy PREMIUM100 match-order config
[S5735-L-6-trafficpolicy-PREMIUM100] classifier ANYINT behavior PREMIUM100
[S5735-L-6-trafficpolicy-PREMIUM100] quit
[S5735-L-6] interface XGigabitEthernet 0/0/1
[S5735-L-6-XGigabitEthernet0/0/1] traffic-policy PREMIUM10 inbound
[S5735-L-6-XGigabitEthernet0/0/1] quit
[S5735-L-6] interface XGigabitEthernet 0/0/2
[S5735-L-6-XGigabitEthernet0/0/2] traffic-policy PREMIUM100 inbound
[S5735-L-6-XGigabitEthernet0/0/2] quit

Verifying the Deployment

Verify that a PC connected to the aggregation switch S5731-H-5 can successfully ping the IP address of a remote server on the ISP backbone network.
Verify that a PC connected to the access switch S5735-L-6 can successfully ping the IP address of a remote server on the ISP backbone network.

Configuration Files

Egress gateway S6730-H-1	Egress gateway S6730-H-2
# sysname S6730-H-1 # ipv6 # vlan batch 200 to 201 210 280 2350 # stp disable # bfd # mpls lsr-id 1.1.1.104 mpls # mpls ldp longest-match md5-password cipher all %^%#r-cY&8yb<(u#B}3bmEoRd6qkX.GNMPEiY2D^bVA%^%# # ipsec proposal 1 encapsulation-mode transport transform ah ah authentication-algorithm sha2-256 # ipsec sa area0 proposal 1 sa spi inbound ah 256 sa authentication-hex inbound ah cipher %^%#Hs`fE9Kd_92D<#M^CGDSwqjQFrgB~@q,\&NzzsD,xF>0UP%>5+H&q6Vj8ilG%^%# sa spi outbound ah 256 sa authentication-hex outbound ah cipher %^%#"sFYHYf[9Mz\|GW;ko4d<`%DjK-OBR$^<Dt!Hx#FYZ:oDR:\BEGkIsK$LtsnQ%^%# # ipsec sa stub proposal 1 sa spi inbound ah 1256 sa authentication-hex inbound ah cipher %^%#Hs`fE9Kd_92D<#M^CGDSwqjQFrgB~@q,\&NzzsD,xF>0UP%>5+H&q6Vj8ilG%^%# sa spi outbound ah 1256 sa authentication-hex outbound ah cipher %^%#"sFYHYf[9Mz\|GW;ko4d<`%DjK-OBR$^<Dt!Hx#FYZ:oDR:\BEGkIsK$LtsnQ%^%# # ospfv3 1 router-id 1.1.1.104 graceful-restart bfd all-interfaces enable ipsec sa area0 area 1.1.1.104 stub no-summary ipsec sa stub # interface Vlanif200 ipv6 enable ip address 1.1.1.193 255.255.255.252 ipv6 address 2001:F60::A39/126 ipv6 address FE80:F60::A39 link-local ospfv3 1 area 0.0.0.0 ospfv3 network-type p2p ospf authentication-mode hmac-sha256 1 cipher %^%#^3hAD4{>9Tof;&4U1.0Up#B'7=%G6Cfs5YT1iV;%^%# ospf network-type p2p ospf enable 1 area 0.0.0.0 mpls mpls ldp # interface Vlanif201 ipv6 enable ip address 1.1.1.197 255.255.255.252 ipv6 address 2001:F60::A3D/126 ipv6 address FE80:F60::A3D link-local ospfv3 1 area 1.1.1.104 ospfv3 network-type p2p ospf authentication-mode hmac-sha256 1 cipher %^%#^3hAD4{>9Tof;&4U1.0Up#B'7=%G6Cfs5YT1iV;%^%# ospf network-type p2p ospf enable 1 area 1.1.1.104 mpls mpls ldp # interface Vlanif210 ipv6 enable ip address 1.1.1.209 255.255.255.252 ipv6 address 2001:F60::A41/126 ipv6 address FE80:F60::A41 link-local ospfv3 1 area 1.1.1.104 ospfv3 network-type p2p ospf authentication-mode hmac-sha256 1 cipher %^%#^3hAD4{>9Tof;&4U1.0Up#B'7=%G6Cfs5YT1iV;%^%# ospf network-type p2p ospf enable 1 area 1.1.1.104 mpls mpls ldp # interface Vlanif280 ip address 1.1.1.213 255.255.255.252 ospf authentication-mode hmac-sha256 1 cipher %^%#^3hAD4{>9Tof;&4U1.0Up#B'7=%G6Cfs5YT1iV;%^%# ospf network-type p2p ospf enable 1 area 1.1.1.104 mpls mpls ldp # interface Vlanif2350 ipv6 enable ip address 1.1.1.186 255.255.255.252 ipv6 address 2001:F60::A32/126 ipv6 address FE80:F60::A32 link-local ospfv3 1 area 0.0.0.0 ospfv3 network-type p2p ospf authentication-mode hmac-sha256 1 cipher %^%#^3hAD4{>9Tof;&4U1.0Up#B'7=%G6Cfs5YT1iV;%^%# ospf network-type p2p ospf enable 1 area 0.0.0.0 mpls mpls ldp # interface Eth-Trunk1 port link-type trunk undo port trunk allow-pass vlan 1 port trunk allow-pass vlan 200 to 201 mode lacp # interface Eth-Trunk2 port link-type trunk undo port trunk allow-pass vlan 1 port trunk allow-pass vlan 2350 mode lacp # interface Eth-Trunk3 port link-type trunk undo port trunk allow-pass vlan 1 port trunk allow-pass vlan 210 mode lacp # interface Eth-Trunk4 port link-type trunk undo port trunk allow-pass vlan 1 port trunk allow-pass vlan 280 mode lacp # interface XGigabitEthernet0/0/1 eth-trunk 3 # interface XGigabitEthernet0/0/15 eth-trunk 4 # interface XGigabitEthernet0/0/24 eth-trunk 2 # interface 40GE0/0/1 eth-trunk 1 # interface 40GE0/0/2 eth-trunk 1 # interface LoopBack0 ipv6 enable ip address 1.1.1.104 255.255.255.255 ipv6 address 2001:F60::66/128 ospfv3 1 area 0.0.0.0 ospf enable 1 area 0.0.0.0 # bgp 64700 router-id 1.1.1.104 peer 1.1.1.3 as-number 64700 peer 1.1.1.3 connect-interface LoopBack0 peer 1.1.1.3 password cipher %^%#r- cY&8yb<(u#B}3bmEoRd6qkX.GNMPEiY2D^bVA%^%# peer 1.1.1.4 as-number 64700 peer 1.1.1.4 connect-interface LoopBack0 peer 1.1.1.4 password cipher %^%#r-cY&8yb<(u#B}3bmEoRd6qkX.GNMPEiY2D^bVA%^%# peer 2001:F60::3 as-number 64700 peer 2001:F60::3 connect-interface LoopBack0 peer 2001:F60::3 password cipher %^%#r-cY&8yb<(u#B}3bmEoRd6qkX.GNMPEiY2D^bVA%^%# peer 2001:F60::4 as-number 64700 peer 2001:F60::4 connect-interface LoopBack0 peer 2001:F60::4 password cipher %^%#r-cY&8yb<(u#B}3bmEoRd6qkX.GNMPEiY2D^bVA%^%# # ipv4-family unicast undo synchronization peer 1.1.1.3 enable peer 1.1.1.4 enable # ipv6-family unicast undo synchronization peer 2001:F60::3 enable peer 2001:F60::4 enable # ospf 1 router-id 1.1.1.104 bfd all-interfaces enable opaque-capability enable graceful-restart area 0.0.0.0 area 1.1.1.104 stub no-summary # return	# sysname S6730-H-2 # ipv6 # vlan batch 200 to 201 250 290 2355 # stp disable # bfd # mpls lsr-id 1.1.1.105 mpls # mpls ldp longest-match md5-password cipher all %^%#r-cY&8yb<(u#B}3bmEoRd6qkX.GNMPEiY2D^bVA%^%# # ipsec proposal 1 encapsulation-mode transport transform ah ah authentication-algorithm sha2-256 # ipsec sa area0 proposal 1 sa spi inbound ah 256 sa authentication-hex inbound ah cipher %^%#Hs`fE9Kd_92D<#M^CGDSwqjQFrgB~@q,\&NzzsD,xF>0UP%>5+H&q6Vj8ilG%^%# sa spi outbound ah 256 sa authentication-hex outbound ah cipher %^%#"sFYHYf[9Mz\|GW;ko4d<`%DjK-OBR$^<Dt!Hx#FYZ:oDR:\BEGkIsK$LtsnQ%^%# # ipsec sa stub proposal 1 sa spi inbound ah 1256 sa authentication-hex inbound ah cipher %^%#Hs`fE9Kd_92D<#M^CGDSwqjQFrgB~@q,\&NzzsD,xF>0UP%>5+H&q6Vj8ilG%^%# sa spi outbound ah 1256 sa authentication-hex outbound ah cipher %^%#"sFYHYf[9Mz\|GW;ko4d<`%DjK-OBR$^<Dt!Hx#FYZ:oDR:\BEGkIsK$LtsnQ%^%# # ospfv3 1 router-id 1.1.1.105 graceful-restart bfd all-interfaces enable ipsec sa area0 area 1.1.1.104 stub no-summary ipsec sa stub # interface Vlanif200 ipv6 enable ip address 1.1.1.194 255.255.255.252 ipv6 address 2001:F60::A3A/126 ipv6 address FE80:F60::A3A link-local ospfv3 1 area 0.0.0.0 ospfv3 network-type p2p ospf authentication-mode hmac-sha256 1 cipher %^%#^3hAD4{>9Tof;&4U1.0Up#B'7=%G6Cfs5YT1iV;%^%# ospf network-type p2p ospf enable 1 area 0.0.0.0 mpls mpls ldp # interface Vlanif201 ipv6 enable ip address 1.1.1.198 255.255.255.252 ipv6 address 2001:F60::A3E/126 ipv6 address FE80:F60::A3E link-local ospfv3 1 area 1.1.1.104 ospfv3 network-type p2p ospf authentication-mode hmac-sha256 1 cipher %^%#^3hAD4{>9Tof;&4U1.0Up#B'7=%G6Cfs5YT1iV;%^%# ospf network-type p2p ospf enable 1 area 1.1.1.104 mpls mpls ldp # interface Vlanif250 ipv6 enable ip address 1.1.1.217 255.255.255.252 ipv6 address 2001:F60::A45/126 ipv6 address FE80:F60::A45 link-local ospfv3 1 area 1.1.1.104 ospfv3 network-type p2p ospf authentication-mode hmac-sha256 1 cipher %^%#^3hAD4{>9Tof;&4U1.0Up#B'7=%G6Cfs5YT1iV;%^%# ospf network-type p2p ospf enable 1 area 1.1.1.104 mpls mpls ldp # interface Vlanif290 ip address 1.1.1.221 255.255.255.252 ospf authentication-mode hmac-sha256 1 cipher %^%#^3hAD4{>9Tof;&4U1.0Up#B'7=%G6Cfs5YT1iV;%^%# ospf network-type p2p ospf enable 1 area 1.1.1.104 mpls mpls ldp # interface Vlanif2355 ipv6 enable ip address 1.1.1.190 255.255.255.252 ipv6 address 2001:F60::A36/126 ipv6 address FE80:F60::A36 link-local ospfv3 1 area 0.0.0.0 ospfv3 network-type p2p ospf authentication-mode hmac-sha256 1 cipher %^%#^3hAD4{>9Tof;&4U1.0Up#B'7=%G6Cfs5YT1iV;%^%# ospf network-type p2p ospf enable 1 area 0.0.0.0 mpls mpls ldp # interface Eth-Trunk1 port link-type trunk undo port trunk allow-pass vlan 1 port trunk allow-pass vlan 200 to 201 mode lacp # interface Eth-Trunk2 port link-type trunk undo port trunk allow-pass vlan 1 port trunk allow-pass vlan 2355 mode lacp # interface Eth-Trunk3 port link-type trunk undo port trunk allow-pass vlan 1 port trunk allow-pass vlan 250 mode lacp # interface Eth-Trunk4 port link-type trunk undo port trunk allow-pass vlan 1 port trunk allow-pass vlan 290 mode lacp # interface XGigabitEthernet0/0/1 eth-trunk 3 # interface XGigabitEthernet0/0/15 eth-trunk 4 # interface XGigabitEthernet0/0/24 eth-trunk 2 # interface 40GE0/0/1 eth-trunk 1 # interface 40GE0/0/2 eth-trunk 1 # interface LoopBack0 ipv6 enable ip address 1.1.1.105 255.255.255.255 ipv6 address 2001:F60::67/128 ospfv3 1 area 0.0.0.0 ospf enable 1 area 0.0.0.0 # bgp 64700 router-id 1.1.1.105 peer 1.1.1.3 as-number 64700 peer 1.1.1.3 connect-interface LoopBack0 peer 1.1.1.3 password cipher %^%#r-cY&8yb<(u#B}3bmEoRd6qkX.GNMPEiY2D^bVA%^%# peer 1.1.1.4 as-number 64700 peer 1.1.1.4 connect-interface LoopBack0 peer 1.1.1.4 password cipher %^%#r-cY&8yb<(u#B}3bmEoRd6qkX.GNMPEiY2D^bVA%^%# peer 2001:F60::3 as-number 64700 peer 2001:F60::3 connect-interface LoopBack0 peer 2001:F60::3 password cipher %^%#r-cY&8yb<(u#B}3bmEoRd6qkX.GNMPEiY2D^bVA%^%# peer 2001:F60::4 as-number 64700 peer 2001:F60::4 connect-interface LoopBack0 peer 2001:F60::4 password cipher %^%#r-cY&8yb<(u#B}3bmEoRd6qkX.GNMPEiY2D^bVA%^%# # ipv4-family unicast undo synchronization peer 1.1.1.3 enable peer 1.1.1.4 enable # ipv6-family unicast undo synchronization peer 2001:F60::3 enable peer 2001:F60::4 enable # ospf 1 router-id 1.1.1.105 bfd all-interfaces enable opaque-capability enable graceful-restart area 0.0.0.0 area 1.1.1.104 stub no-summary # return

Egress gateway S6730-H-1

Egress gateway S6730-H-2

#
sysname S6730-H-1
#
ipv6
#
vlan batch 200 to 201 210 280 2350
#
stp disable
#
bfd
#
mpls lsr-id 1.1.1.104
mpls
#
mpls ldp
 longest-match
 md5-password cipher all %^%#r-cY&8yb<(u#B}3bmEoRd6qkX.GNMPEiY2D^bV*A%^%#
#
ipsec proposal 1
 encapsulation-mode transport
 transform ah
 ah authentication-algorithm sha2-256
#
ipsec sa area0
 proposal 1
 sa spi inbound ah 256
 sa authentication-hex inbound ah cipher %^%#Hs`fE9Kd_92D<#M^CGDSwqjQFrgB~@q,\&NzzsD,xF>0UP%>5+H&q6Vj8ilG%^%#
 sa spi outbound ah 256
 sa authentication-hex outbound ah cipher %^%#"sFYHYf[9Mz|GW;ko4d<`%DjK-OBR$^<Dt!Hx#FYZ:oDR:\BEGkIsK$LtsnQ%^%#
#
ipsec sa stub
 proposal 1
 sa spi inbound ah 1256
 sa authentication-hex inbound ah cipher %^%#Hs`fE9Kd_92D<#M^CGDSwqjQFrgB~@q,\&NzzsD,xF>0UP%>5+H&q6Vj8ilG%^%#
 sa spi outbound ah 1256
 sa authentication-hex outbound ah cipher %^%#"sFYHYf[9Mz|GW;ko4d<`%DjK-OBR$^<Dt!Hx#FYZ:oDR:\BEGkIsK$LtsnQ%^%#
#
ospfv3 1
 router-id 1.1.1.104
 graceful-restart
 bfd all-interfaces enable
 ipsec sa area0
 area 1.1.1.104
  stub no-summary
  ipsec sa stub
#
interface Vlanif200
 ipv6 enable
 ip address 1.1.1.193 255.255.255.252
 ipv6 address 2001:F60::A39/126
 ipv6 address FE80:F60::A39 link-local
 ospfv3 1 area 0.0.0.0
 ospfv3 network-type p2p
 ospf authentication-mode hmac-sha256 1 cipher %^%#^3hAD4{>*9Tof;&4U1.0Up#B'7=%G6Cfs5YT1iV;%^%#
 ospf network-type p2p
 ospf enable 1 area 0.0.0.0
 mpls
 mpls ldp
#
interface Vlanif201
 ipv6 enable
 ip address 1.1.1.197 255.255.255.252
 ipv6 address 2001:F60::A3D/126
 ipv6 address FE80:F60::A3D link-local
 ospfv3 1 area 1.1.1.104
 ospfv3 network-type p2p
 ospf authentication-mode hmac-sha256 1 cipher %^%#^3hAD4{>*9Tof;&4U1.0Up#B'7=%G6Cfs5YT1iV;%^%#
 ospf network-type p2p
 ospf enable 1 area 1.1.1.104
 mpls
 mpls ldp
#
interface Vlanif210
 ipv6 enable
 ip address 1.1.1.209 255.255.255.252
 ipv6 address 2001:F60::A41/126
 ipv6 address FE80:F60::A41 link-local
 ospfv3 1 area 1.1.1.104
 ospfv3 network-type p2p
 ospf authentication-mode hmac-sha256 1 cipher %^%#^3hAD4{>*9Tof;&4U1.0Up#B'7=%G6Cfs5YT1iV;%^%#
 ospf network-type p2p
 ospf enable 1 area 1.1.1.104
 mpls
 mpls ldp
#
interface Vlanif280
 ip address 1.1.1.213 255.255.255.252
 ospf authentication-mode hmac-sha256 1 cipher %^%#^3hAD4{>*9Tof;&4U1.0Up#B'7=%G6Cfs5YT1iV;%^%#
 ospf network-type p2p
 ospf enable 1 area 1.1.1.104
 mpls
 mpls ldp
#
interface Vlanif2350
 ipv6 enable
 ip address 1.1.1.186 255.255.255.252
 ipv6 address 2001:F60::A32/126
 ipv6 address FE80:F60::A32 link-local
 ospfv3 1 area 0.0.0.0
 ospfv3 network-type p2p
 ospf authentication-mode hmac-sha256 1 cipher %^%#^3hAD4{>*9Tof;&4U1.0Up#B'7=%G6Cfs5YT1iV;%^%#
 ospf network-type p2p
 ospf enable 1 area 0.0.0.0
 mpls
 mpls ldp
#
interface Eth-Trunk1
 port link-type trunk
 undo port trunk allow-pass vlan 1
 port trunk allow-pass vlan 200 to 201
 mode lacp
#
interface Eth-Trunk2
 port link-type trunk
 undo port trunk allow-pass vlan 1
 port trunk allow-pass vlan 2350
 mode lacp
#
interface Eth-Trunk3
 port link-type trunk
 undo port trunk allow-pass vlan 1
 port trunk allow-pass vlan 210
 mode lacp
#
interface Eth-Trunk4
 port link-type trunk
 undo port trunk allow-pass vlan 1
 port trunk allow-pass vlan 280
 mode lacp
#
interface XGigabitEthernet0/0/1
 eth-trunk 3
#
interface XGigabitEthernet0/0/15
 eth-trunk 4
#
interface XGigabitEthernet0/0/24
 eth-trunk 2
#
interface 40GE0/0/1
 eth-trunk 1
#
interface 40GE0/0/2
 eth-trunk 1
#
interface LoopBack0
 ipv6 enable
 ip address 1.1.1.104 255.255.255.255
 ipv6 address 2001:F60::66/128
 ospfv3 1 area 0.0.0.0
 ospf enable 1 area 0.0.0.0
#
bgp 64700
 router-id 1.1.1.104
 peer 1.1.1.3 as-number 64700
 peer 1.1.1.3 connect-interface LoopBack0
 peer 1.1.1.3 password cipher %^%#r- cY&8yb<(u#B}3bmEoRd6qkX.GNMPEiY2D^bV*A%^%#
 peer 1.1.1.4 as-number 64700
 peer 1.1.1.4 connect-interface LoopBack0
 peer 1.1.1.4 password cipher %^%#r-cY&8yb<(u#B}3bmEoRd6qkX.GNMPEiY2D^bV*A%^%#
 peer 2001:F60::3 as-number 64700
 peer 2001:F60::3 connect-interface LoopBack0
 peer 2001:F60::3 password cipher %^%#r-cY&8yb<(u#B}3bmEoRd6qkX.GNMPEiY2D^bV*A%^%#
 peer 2001:F60::4 as-number 64700
 peer 2001:F60::4 connect-interface LoopBack0
 peer 2001:F60::4 password cipher %^%#r-cY&8yb<(u#B}3bmEoRd6qkX.GNMPEiY2D^bV*A%^%#
 #
 ipv4-family unicast
  undo synchronization
  peer 1.1.1.3 enable
  peer 1.1.1.4 enable
 #
  ipv6-family unicast
  undo synchronization
  peer 2001:F60::3 enable
  peer 2001:F60::4 enable
#
ospf 1 router-id 1.1.1.104
 bfd all-interfaces enable
 opaque-capability enable
 graceful-restart
 area 0.0.0.0
 area 1.1.1.104
 stub no-summary
#
return

#
sysname S6730-H-2
#
ipv6
#
vlan batch 200 to 201 250 290 2355
#
stp disable
#
bfd
#
mpls lsr-id 1.1.1.105
mpls
#
mpls ldp
 longest-match
 md5-password cipher all %^%#r-cY&8yb<(u#B}3bmEoRd6qkX.GNMPEiY2D^bV*A%^%#
#
ipsec proposal 1
 encapsulation-mode transport
 transform ah
 ah authentication-algorithm sha2-256
#
ipsec sa area0
 proposal 1
 sa spi inbound ah 256
 sa authentication-hex inbound ah cipher %^%#Hs`fE9Kd_92D<#M^CGDSwqjQFrgB~@q,\&NzzsD,xF>0UP%>5+H&q6Vj8ilG%^%#
 sa spi outbound ah 256
 sa authentication-hex outbound ah cipher %^%#"sFYHYf[9Mz|GW;ko4d<`%DjK-OBR$^<Dt!Hx#FYZ:oDR:\BEGkIsK$LtsnQ%^%#
#
ipsec sa stub
 proposal 1
 sa spi inbound ah 1256
 sa authentication-hex inbound ah cipher %^%#Hs`fE9Kd_92D<#M^CGDSwqjQFrgB~@q,\&NzzsD,xF>0UP%>5+H&q6Vj8ilG%^%#
 sa spi outbound ah 1256
 sa authentication-hex outbound ah cipher %^%#"sFYHYf[9Mz|GW;ko4d<`%DjK-OBR$^<Dt!Hx#FYZ:oDR:\BEGkIsK$LtsnQ%^%#
#
ospfv3 1
 router-id 1.1.1.105
 graceful-restart
 bfd all-interfaces enable
 ipsec sa area0
 area 1.1.1.104
  stub no-summary
  ipsec sa stub
#
interface Vlanif200
 ipv6 enable
 ip address 1.1.1.194 255.255.255.252
 ipv6 address 2001:F60::A3A/126
 ipv6 address FE80:F60::A3A link-local
 ospfv3 1 area 0.0.0.0
 ospfv3 network-type p2p
 ospf authentication-mode hmac-sha256 1 cipher %^%#^3hAD4{>*9Tof;&4U1.0Up#B'7=%G6Cfs5YT1iV;%^%#
 ospf network-type p2p
 ospf enable 1 area 0.0.0.0
 mpls
 mpls ldp
#
interface Vlanif201
 ipv6 enable
 ip address 1.1.1.198 255.255.255.252
 ipv6 address 2001:F60::A3E/126
 ipv6 address FE80:F60::A3E link-local
 ospfv3 1 area 1.1.1.104
 ospfv3 network-type p2p
 ospf authentication-mode hmac-sha256 1 cipher %^%#^3hAD4{>*9Tof;&4U1.0Up#B'7=%G6Cfs5YT1iV;%^%#
 ospf network-type p2p
 ospf enable 1 area 1.1.1.104
 mpls
 mpls ldp
#
interface Vlanif250
 ipv6 enable
 ip address 1.1.1.217 255.255.255.252
 ipv6 address 2001:F60::A45/126
 ipv6 address FE80:F60::A45 link-local
 ospfv3 1 area 1.1.1.104
 ospfv3 network-type p2p
 ospf authentication-mode hmac-sha256 1 cipher %^%#^3hAD4{>*9Tof;&4U1.0Up#B'7=%G6Cfs5YT1iV;%^%#
 ospf network-type p2p
 ospf enable 1 area 1.1.1.104
 mpls
 mpls ldp
#
interface Vlanif290
 ip address 1.1.1.221 255.255.255.252
 ospf authentication-mode hmac-sha256 1 cipher %^%#^3hAD4{>*9Tof;&4U1.0Up#B'7=%G6Cfs5YT1iV;%^%#
 ospf network-type p2p
 ospf enable 1 area 1.1.1.104
 mpls
 mpls ldp
#
interface Vlanif2355
 ipv6 enable
 ip address 1.1.1.190 255.255.255.252
 ipv6 address 2001:F60::A36/126
 ipv6 address FE80:F60::A36 link-local
 ospfv3 1 area 0.0.0.0
 ospfv3 network-type p2p
 ospf authentication-mode hmac-sha256 1 cipher %^%#^3hAD4{>*9Tof;&4U1.0Up#B'7=%G6Cfs5YT1iV;%^%#
 ospf network-type p2p
 ospf enable 1 area 0.0.0.0
 mpls
 mpls ldp
#
interface Eth-Trunk1
 port link-type trunk
 undo port trunk allow-pass vlan 1
 port trunk allow-pass vlan 200 to 201
 mode lacp
#
interface Eth-Trunk2
 port link-type trunk
 undo port trunk allow-pass vlan 1
 port trunk allow-pass vlan 2355
 mode lacp
#
interface Eth-Trunk3
 port link-type trunk
 undo port trunk allow-pass vlan 1
 port trunk allow-pass vlan 250
 mode lacp
#
interface Eth-Trunk4
 port link-type trunk
 undo port trunk allow-pass vlan 1
 port trunk allow-pass vlan 290
 mode lacp
#
interface XGigabitEthernet0/0/1
 eth-trunk 3
#
interface XGigabitEthernet0/0/15
 eth-trunk 4
#
interface XGigabitEthernet0/0/24
 eth-trunk 2
#
interface 40GE0/0/1
 eth-trunk 1
#
interface 40GE0/0/2
 eth-trunk 1
#
interface LoopBack0
ipv6 enable
 ip address 1.1.1.105 255.255.255.255
 ipv6 address 2001:F60::67/128
 ospfv3 1 area 0.0.0.0
 ospf enable 1 area 0.0.0.0
#
bgp 64700
 router-id 1.1.1.105
 peer 1.1.1.3 as-number 64700
 peer 1.1.1.3 connect-interface LoopBack0
 peer 1.1.1.3 password cipher %^%#r-cY&8yb<(u#B}3bmEoRd6qkX.GNMPEiY2D^bV*A%^%#
 peer 1.1.1.4 as-number 64700
 peer 1.1.1.4 connect-interface LoopBack0
 peer 1.1.1.4 password cipher %^%#r-cY&8yb<(u#B}3bmEoRd6qkX.GNMPEiY2D^bV*A%^%#
 peer 2001:F60::3 as-number 64700
 peer 2001:F60::3 connect-interface LoopBack0
 peer 2001:F60::3 password cipher %^%#r-cY&8yb<(u#B}3bmEoRd6qkX.GNMPEiY2D^bV*A%^%#
 peer 2001:F60::4 as-number 64700
 peer 2001:F60::4 connect-interface LoopBack0
 peer 2001:F60::4 password cipher %^%#r-cY&8yb<(u#B}3bmEoRd6qkX.GNMPEiY2D^bV*A%^%#
 #
 ipv4-family unicast
  undo synchronization
  peer 1.1.1.3 enable
  peer 1.1.1.4 enable
 #
 ipv6-family unicast
  undo synchronization
  peer 2001:F60::3 enable
  peer 2001:F60::4 enable
#
ospf 1 router-id 1.1.1.105
 bfd all-interfaces enable
 opaque-capability enable
 graceful-restart
 area 0.0.0.0
 area 1.1.1.104
 stub no-summary
#
return

Aggregation switch S6730-H-3	Aggregation switch S6730-H-4
# sysname S6730-H-3 # vlan batch 210 # interface Eth-Trunk2 port link-type trunk undo port trunk allow-pass vlan 1 port trunk allow-pass vlan 210 mode lacp # interface XGigabitEthernet0/0/1 port link-type trunk undo port trunk allow-pass vlan 1 port trunk allow-pass vlan 210 # interface XGigabitEthernet0/0/24 eth-trunk 2 # return	# sysname S6730-H-4 # vlan batch 250 # interface Eth-Trunk2 port link-type trunk undo port trunk allow-pass vlan 1 port trunk allow-pass vlan 250 mode lacp # interface XGigabitEthernet0/0/1 port link-type trunk undo port trunk allow-pass vlan 1 port trunk allow-pass vlan 250 # interface XGigabitEthernet0/0/24 eth-trunk 2 # return

Aggregation switch S6730-H-3

Aggregation switch S6730-H-4

#
sysname S6730-H-3
#
vlan batch 210
#
interface Eth-Trunk2
 port link-type trunk
 undo port trunk allow-pass vlan 1
 port trunk allow-pass vlan 210
 mode lacp
#
interface XGigabitEthernet0/0/1
 port link-type trunk
 undo port trunk allow-pass vlan 1
 port trunk allow-pass vlan 210
#
interface XGigabitEthernet0/0/24
 eth-trunk 2
#
return

#
sysname S6730-H-4
#
vlan batch 250
#
interface Eth-Trunk2
 port link-type trunk
 undo port trunk allow-pass vlan 1
 port trunk allow-pass vlan 250
 mode lacp
#
interface XGigabitEthernet0/0/1
 port link-type trunk
 undo port trunk allow-pass vlan 1
 port trunk allow-pass vlan 250
#
interface XGigabitEthernet0/0/24
 eth-trunk 2
#
return

Access gateway S5735-L-6
# sysname S5735-L-6 # ipv6 # vlan batch 210 250 502 # stp disable # bfd # ipsec proposal 1 encapsulation-mode transport transform ah ah authentication-algorithm sha2-256 # ipsec sa stub proposal 1 sa spi inbound ah 1256 sa authentication-hex inbound ah cipher %^%#Hs`fE9Kd_92D<#M^CGDSwqjQFrgB~@q,\&NzzsD,xF>0UP%>5+H&q6Vj8ilG%^%# sa spi outbound ah 1256 sa authentication-hex outbound ah cipher %^%#"sFYHYf[9Mz\|GW;ko4d<`%DjK-OBR$^<Dt!Hx#FYZ:oDR:\BEGkIsK$LtsnQ%^%# # traffic classifier ANYINT operator or if-match any # traffic behavior PREMIUM10 car cir 10000 pir 1000000 cbs 1250000 pbs 125000000 share green pass remark-8021p 4 yellow pass remark-8021p 1 red discard traffic behavior PREMIUM100 car cir 100000 pir 1000000 cbs 12500000 pbs 125000000 share green pass remark-8021p 4 yellow pass remark-8021p 1 red discard # traffic policy PREMIUM10 match-order config classifier ANYINT behavior PREMIUM10 traffic policy PREMIUM100 match-order config classifier ANYINT behavior PREMIUM100 # ospfv3 1 router-id 1.1.1.106 graceful-restart bfd all-interfaces enable area 1.1.1.104 stub no-summary ipsec sa stub # interface Vlanif210 ipv6 enable ip address 1.1.1.210 255.255.255.252 ipv6 address 2001:F60::A42/126 ipv6 address FE80:F60::A42 link-local ospfv3 1 area 1.1.1.104 ospfv3 network-type p2p ospf authentication-mode hmac-sha256 1 cipher %^%#^3hAD4{>9Tof;&4U1.0Up#B'7=%G6Cfs5YT1iV;%^%# ospf network-type p2p ospf enable 1 area 1.1.1.104 # interface Vlanif250 ipv6 enable ip address 1.1.1.218 255.255.255.252 ipv6 address 2001:F60::A46/126 ipv6 address FE80:F60::A46 link-local ospfv3 1 area 1.1.1.104 ospfv3 network-type p2p ospf authentication-mode hmac-sha256 1 cipher %^%#^3hAD4{>9Tof;&4U1.0Up#B'7=%G6Cfs5YT1iV;%^%# ospf network-type p2p ospf enable 1 area 1.1.1.104 # interface Vlanif502 ipv6 enable ip address 3.3.3.173 255.255.255.252 ipv6 address 2002:F60::113/64 ipv6 address FE80:F60::113 link-local # interface XGigabitEthernet0/0/1 port link-type access port default vlan 502 traffic-policy PREMIUM10 inbound # interface XGigabitEthernet0/0/2 port link-type access port default vlan 502 traffic-policy PREMIUM100 inbound # interface XGigabitEthernet0/0/47 port link-type trunk undo port trunk allow-pass vlan 1 port trunk allow-pass vlan 210 # interface XGigabitEthernet0/0/48 port link-type trunk undo port trunk allow-pass vlan 1 port trunk allow-pass vlan 250 # interface LoopBack0 ipv6 enable ip address 1.1.1.106 255.255.255.255 ipv6 address 2001:F60::68/128 ospfv3 1 area 1.1.1.104 ospf enable 1 area 1.1.1.104 # bgp 64700 router-id 1.1.1.106 peer 1.1.1.3 as-number 64700 peer 1.1.1.3 connect-interface LoopBack0 peer 1.1.1.3 password cipher %^%#r-cY&8yb<(u#B}3bmEoRd6qkX.GNMPEiY2D^bVA%^%# peer 1.1.1.4 as-number 64700 peer 1.1.1.4 connect-interface LoopBack0 peer 1.1.1.4 password cipher %^%#r-cY&8yb<(u#B}3bmEoRd6qkX.GNMPEiY2D^bVA%^%# peer 2001:F60::3 as-number 64700 peer 2001:F60::3 connect-interface LoopBack0 peer 2001:F60::3 password cipher %^%#r-cY&8yb<(u#B}3bmEoRd6qkX.GNMPEiY2D^bVA%^%# peer 2001:F60::4 as-number 64700 peer 2001:F60::4 connect-interface LoopBack0 peer 2001:F60::4 password cipher %^%#r-cY&8yb<(u#B}3bmEoRd6qkX.GNMPEiY2D^bVA%^%# # ipv4-family unicast undo synchronization import-route static route-policy STATIC-to-BGP peer 1.1.1.3 enable peer 1.1.1.4 enable # ipv6-family unicast undo synchronization import-route static route-policy STATIC-to-BGP peer 2001:F60::3 enable peer 2001:F60::4 enable # ospf 1 router-id 1.1.1.106 bfd all-interfaces enable opaque-capability enable graceful-restart area 1.1.1.104 stub no-summary # route-policy STATIC-to-BGP permit node 10 if-match tag 6000 # route-policy STATIC-to-BGP permit node 20 if-match tag 6001 # route-policy STATIC-to-BGP deny node 30 # return

Access gateway S5735-L-6

#
sysname S5735-L-6
#
ipv6
#
vlan batch 210 250 502
#
stp disable
#
bfd
#
ipsec proposal 1
 encapsulation-mode transport
 transform ah
 ah authentication-algorithm sha2-256
#
ipsec sa stub
 proposal 1
 sa spi inbound ah 1256
 sa authentication-hex inbound ah cipher %^%#Hs`fE9Kd_92D<#M^CGDSwqjQFrgB~@q,\&NzzsD,xF>0UP%>5+H&q6Vj8ilG%^%#
 sa spi outbound ah 1256
 sa authentication-hex outbound ah cipher %^%#"sFYHYf[9Mz|GW;ko4d<`%DjK-OBR$^<Dt!Hx#FYZ:oDR:\BEGkIsK$LtsnQ%^%#
#
traffic classifier ANYINT operator or
 if-match any
#
traffic behavior PREMIUM10
 car cir 10000 pir 1000000 cbs 1250000 pbs 125000000 share green pass remark-8021p 4 yellow pass remark-8021p 1 red discard
traffic behavior PREMIUM100
 car cir 100000 pir 1000000 cbs 12500000 pbs 125000000 share green pass remark-8021p 4 yellow pass remark-8021p 1 red discard
#
traffic policy PREMIUM10 match-order config
 classifier ANYINT behavior PREMIUM10
traffic policy PREMIUM100 match-order config
 classifier ANYINT behavior PREMIUM100
#
ospfv3 1
 router-id 1.1.1.106
 graceful-restart
 bfd all-interfaces enable
 area 1.1.1.104
  stub no-summary
  ipsec sa stub
#
interface Vlanif210
 ipv6 enable
 ip address 1.1.1.210 255.255.255.252
 ipv6 address 2001:F60::A42/126
 ipv6 address FE80:F60::A42 link-local
 ospfv3 1 area 1.1.1.104
 ospfv3 network-type p2p
 ospf authentication-mode hmac-sha256 1 cipher %^%#^3hAD4{>*9Tof;&4U1.0Up#B'7=%G6Cfs5YT1iV;%^%#
 ospf network-type p2p
 ospf enable 1 area 1.1.1.104
#
interface Vlanif250
 ipv6 enable
 ip address 1.1.1.218 255.255.255.252
 ipv6 address 2001:F60::A46/126
 ipv6 address FE80:F60::A46 link-local
 ospfv3 1 area 1.1.1.104
 ospfv3 network-type p2p
 ospf authentication-mode hmac-sha256 1 cipher %^%#^3hAD4{>*9Tof;&4U1.0Up#B'7=%G6Cfs5YT1iV;%^%#
 ospf network-type p2p
 ospf enable 1 area 1.1.1.104
#
interface Vlanif502
 ipv6 enable
 ip address 3.3.3.173 255.255.255.252
 ipv6 address 2002:F60::113/64
 ipv6 address FE80:F60::113 link-local
#
interface XGigabitEthernet0/0/1
 port link-type access
 port default vlan 502
 traffic-policy PREMIUM10 inbound
#
interface XGigabitEthernet0/0/2
 port link-type access
 port default vlan 502
 traffic-policy PREMIUM100 inbound
#
interface XGigabitEthernet0/0/47
 port link-type trunk
 undo port trunk allow-pass vlan 1
 port trunk allow-pass vlan 210
#
interface XGigabitEthernet0/0/48
 port link-type trunk
 undo port trunk allow-pass vlan 1
 port trunk allow-pass vlan 250
#
interface LoopBack0
 ipv6 enable
 ip address 1.1.1.106 255.255.255.255
 ipv6 address 2001:F60::68/128
 ospfv3 1 area 1.1.1.104
 ospf enable 1 area 1.1.1.104
#
bgp 64700
 router-id 1.1.1.106
 peer 1.1.1.3 as-number 64700
 peer 1.1.1.3 connect-interface LoopBack0
 peer 1.1.1.3 password cipher %^%#r-cY&8yb<(u#B}3bmEoRd6qkX.GNMPEiY2D^bV*A%^%#
 peer 1.1.1.4 as-number 64700
 peer 1.1.1.4 connect-interface LoopBack0
 peer 1.1.1.4 password cipher %^%#r-cY&8yb<(u#B}3bmEoRd6qkX.GNMPEiY2D^bV*A%^%#
 peer 2001:F60::3 as-number 64700
 peer 2001:F60::3 connect-interface LoopBack0
 peer 2001:F60::3 password cipher %^%#r-cY&8yb<(u#B}3bmEoRd6qkX.GNMPEiY2D^bV*A%^%#
 peer 2001:F60::4 as-number 64700
 peer 2001:F60::4 connect-interface LoopBack0
 peer 2001:F60::4 password cipher %^%#r-cY&8yb<(u#B}3bmEoRd6qkX.GNMPEiY2D^bV*A%^%#
 #
 ipv4-family unicast
  undo synchronization
  import-route static route-policy STATIC-to-BGP
  peer 1.1.1.3 enable
  peer 1.1.1.4 enable
 #
 ipv6-family unicast
  undo synchronization
  import-route static route-policy STATIC-to-BGP
  peer 2001:F60::3 enable
  peer 2001:F60::4 enable
#
ospf 1 router-id 1.1.1.106
 bfd all-interfaces enable
 opaque-capability enable
 graceful-restart
 area 1.1.1.104
  stub no-summary
#
route-policy STATIC-to-BGP permit node 10
 if-match tag 6000
#
route-policy STATIC-to-BGP permit node 20
 if-match tag 6001
#
route-policy STATIC-to-BGP deny node 30
#
return

Aggregation switch stack S5731-H-5
# sysname S5731-H-5 # vcmp role silent # vlan batch 2401 to 2402 2601 to 2605 # stp disable # bfd # mpls lsr-id 1.1.1.107 mpls # mpls l2vpn # vsi v2 static pwsignal ldp vsi-id 1035 peer 1.1.1.9 # mpls ldp longest-match md5-password cipher all %^%#r-cY&8yb<(u#B}3bmEoRd6qkX.GNMPEiY2D^bVA%^%# # mpls ldp remote-peer 1.1.1.9 remote-ip 1.1.1.9 # mpls ldp remote-peer 1.1.1.10 remote-ip 1.1.1.10 # interface Vlanif2401 ip address 1.1.1.214 255.255.255.252 ospf authentication-mode hmac-sha256 1 cipher %^%#^3hAD4{>9Tof;&4U1.0Up#B'7=%G6Cfs5YT1iV;%^%# ospf network-type p2p ospf enable 1 area 1.1.1.104 mpls mpls ldp # interface Vlanif2402 ip address 1.1.1.222 255.255.255.252 ospf authentication-mode hmac-sha256 1 cipher %^%#^3hAD4{>9Tof;&4U1.0Up#B'7=%G6Cfs5YT1iV;%^%# ospf network-type p2p ospf enable 1 area 1.1.1.104 mpls mpls ldp # interface Vlanif2601 ip address 2.2.1.113 255.255.255.240 # interface Vlanif2602 ip address 2.2.2.113 255.255.255.240 # interface Vlanif2603 ip address 2.2.3.117 255.255.255.252 # interface Vlanif2604 ip address 2.2.4.25 255.255.255.252 # interface Vlanif2605 ip address 2.2.5.109 255.255.255.252 # interface Eth-Trunk1 port link-type trunk undo port trunk allow-pass vlan 1 port trunk allow-pass vlan 2601 to 2605 mode lacp # interface Eth-Trunk1.1035 qinq stacking vid 3400 to 3999 pe-vid 1035 l2 binding vsi v2 # interface Eth-Trunk101 port link-type trunk undo port trunk allow-pass vlan 1 port trunk allow-pass vlan 2401 mode lacp # interface Eth-Trunk102 port link-type trunk undo port trunk allow-pass vlan 1 port trunk allow-pass vlan 2402 mode lacp # interface GigabitEthernet0/0/1 eth-trunk 1 # interface GigabitEthernet1/0/1 eth-trunk 1 # interface XGigabitEthernet0/0/4 eth-trunk 101 # interface XGigabitEthernet1/0/4 eth-trunk 102 # interface LoopBack0 ip address 1.1.1.107 255.255.255.255 ospf enable 1 area 1.1.1.104 # bgp 64700 router-id 1.1.1.107 peer 1.1.1.3 as-number 64700 peer 1.1.1.3 connect-interface LoopBack0 peer 1.1.1.3 password cipher %^%#r-cY&8yb<(u#B}3bmEoRd6qkX.GNMPEiY2D^bVA%^%# peer 1.1.1.4 as-number 64700 peer 1.1.1.4 connect-interface LoopBack0 peer 1.1.1.4 password cipher %^%#r-cY&8yb<(u#B}3bmEoRd6qkX.GNMPEiY2D^bV*A%^%# # ipv4-family unicast undo synchronization import-route static route-policy STATIC-to-BGP peer 1.1.1.3 enable peer 1.1.1.4 enable # ospf 1 router-id 1.1.1.107 bfd all-interfaces enable opaque-capability enable graceful-restart area 1.1.1.104 stub no-summary # route-policy STATIC-to-BGP permit node 10 if-match tag 647000 # route-policy STATIC-to-BGP permit node 20 if-match tag 647001 # route-policy STATIC-to-BGP deny node 30 # return

Aggregation switch stack S5731-H-5

#
sysname S5731-H-5
#
vcmp role silent
#
vlan batch 2401 to 2402 2601 to 2605
#
stp disable
#
bfd
#
mpls lsr-id 1.1.1.107
mpls
#
mpls l2vpn
#
vsi v2 static
 pwsignal ldp
 vsi-id 1035
 peer 1.1.1.9
#
mpls ldp
 longest-match
 md5-password cipher all %^%#r-cY&8yb<(u#B}3bmEoRd6qkX.GNMPEiY2D^bV*A%^%#
#
mpls ldp remote-peer 1.1.1.9
 remote-ip 1.1.1.9
#
mpls ldp remote-peer 1.1.1.10
 remote-ip 1.1.1.10
#
interface Vlanif2401
 ip address 1.1.1.214 255.255.255.252
 ospf authentication-mode hmac-sha256 1 cipher %^%#^3hAD4{>*9Tof;&4U1.0Up#B'7=%G6Cfs5YT1iV;%^%#
 ospf network-type p2p
 ospf enable 1 area 1.1.1.104
 mpls
 mpls ldp
#
interface Vlanif2402
 ip address 1.1.1.222 255.255.255.252
 ospf authentication-mode hmac-sha256 1 cipher %^%#^3hAD4{>*9Tof;&4U1.0Up#B'7=%G6Cfs5YT1iV;%^%#
 ospf network-type p2p
 ospf enable 1 area 1.1.1.104
 mpls
 mpls ldp
#
interface Vlanif2601
 ip address 2.2.1.113 255.255.255.240
#
interface Vlanif2602
 ip address 2.2.2.113 255.255.255.240
#
interface Vlanif2603
 ip address 2.2.3.117 255.255.255.252
#
interface Vlanif2604
 ip address 2.2.4.25 255.255.255.252
#
interface Vlanif2605
 ip address 2.2.5.109 255.255.255.252
#
interface Eth-Trunk1
 port link-type trunk
 undo port trunk allow-pass vlan 1
 port trunk allow-pass vlan 2601 to 2605
 mode lacp
#
interface Eth-Trunk1.1035
 qinq stacking vid 3400 to 3999 pe-vid 1035
 l2 binding vsi v2
#
interface Eth-Trunk101
 port link-type trunk
 undo port trunk allow-pass vlan 1
 port trunk allow-pass vlan 2401
 mode lacp
#
interface Eth-Trunk102
 port link-type trunk
 undo port trunk allow-pass vlan 1
 port trunk allow-pass vlan 2402
 mode lacp
#
interface GigabitEthernet0/0/1
 eth-trunk 1
#
interface GigabitEthernet1/0/1
 eth-trunk 1
#
interface XGigabitEthernet0/0/4
 eth-trunk 101
#
interface XGigabitEthernet1/0/4
 eth-trunk 102
#
interface LoopBack0
 ip address 1.1.1.107 255.255.255.255
 ospf enable 1 area 1.1.1.104
#
bgp 64700
 router-id 1.1.1.107
 peer 1.1.1.3 as-number 64700
 peer 1.1.1.3 connect-interface LoopBack0
 peer 1.1.1.3 password cipher %^%#r-cY&8yb<(u#B}3bmEoRd6qkX.GNMPEiY2D^bV*A%^%#
 peer 1.1.1.4 as-number 64700
 peer 1.1.1.4 connect-interface LoopBack0
 peer 1.1.1.4 password cipher %^%#r-cY&8yb<(u#B}3bmEoRd6qkX.GNMPEiY2D^bV*A%^%#
 #
 ipv4-family unicast
  undo synchronization
  import-route static route-policy STATIC-to-BGP
  peer 1.1.1.3 enable
  peer 1.1.1.4 enable
#
ospf 1 router-id 1.1.1.107
 bfd all-interfaces enable
 opaque-capability enable
 graceful-restart
 area 1.1.1.104
  stub no-summary
#
route-policy STATIC-to-BGP permit node 10
 if-match tag 647000
#
route-policy STATIC-to-BGP permit node 20
 if-match tag 647001
#
route-policy STATIC-to-BGP deny node 30
#
return

Application Scenario and Service Requirements
Solution Design
Deployment Roadmap and Data Plan
Deployment Procedure
Verifying the Deployment
Configuration Files

Translation

Español 日本語 Русский 简体中文

Download

Updated: 2023-07-29

Document ID: EDOC1000069520

Downloads: 41246

Average rating:

This Document Applies to these Products

Related Version

Digital Signature File

Digital Signature Authentication Mode

Enterprise

Huawei Cloud

Carrier

Consumer

Corporate

Application Scenario and Service Requirements

Application Scenario

Service Requirements

Solution Design

Networking Diagram

Network Design Analysis

Device Requirements and Versions

Deployment Roadmap and Data Plan

Deployment Roadmap

Data Plan

Deployment Procedure

Configuring Egress Gateways (S6730-H)

Configuring a Stack of Aggregation Switches (S5731-H-5)

Configuring Aggregation Switches (S6730-H)

Configuring the Access Switch S5735-L-6

Verifying the Deployment

Configuration Files

Related Version

Related Documents

Digital Signature File