Huawei Professional Certification Training

HCSA-Field-Datacom Campus Network

Lab Guide

ISSUE: 1.0

HUAWEI TECHNOLOGIES CO., LTD

1
Copyright © Huawei Technologies Co., Ltd. 2023. All rights reserved.
No part of this document may be reproduced or transmitted in any form or by any means without prior written
consent of Huawei Technologies Co., Ltd.

Trademarks and Permissions

and other Huawei trademarks are trademarks of Huawei Technologies Co., Ltd.
All other trademarks and trade names mentioned in this document are the property of their respective holders.

Notice
The purchased products, services and features are stipulated by the contract made between Huawei and the
customer. All or part of the products, services and features described in this document may not be within the
purchase scope or the usage scope. Unless otherwise specified in the contract, all statements, information, and
recommendations in this document are provided "AS IS" without warranties, guarantees or representations of any
kind, either express or implied.
The information in this document is subject to change without notice. Every effort has been made in the preparation
of this document to ensure accuracy of the contents, but all statements, information, and recommendations in this
document do not constitute a warranty of any kind, express or implied.

Huawei Technologies Co., Ltd.

Address: Huawei Industrial Base Bantian, Longgang Shenzhen 518129
People's Republic of China

Website: https://e.huawei.com
 HCSA Field Datacom Campus Network V1.0 Lab Guide Page 1

About This Document

Overview
This document is a training course for the HCSA-Field-Datacom Campus Network certification. It is
intended for trainees who are preparing to take the HCSA-Field-Datacom Campus Network exam or
readers who want to understand Huawei datacom devices, product features and protocols, and
installation guides and specifications of Huawei devices.

Background Knowledge Required

This course is a basic course for Huawei professional certification. To better master the contents of
this document, readers must meet the following basic requirements:
⚫ The intended audience should know basic datacom knowledge, Huawei switching devices, and
basic WLAN knowledge.

Common Icons

Experiment Environment Overview

Networking Introduction
This experiment environment is prepared for network engineers who are preparing for the HCSA-
Field-Datacom Campus Network exam.
Each suite of experiment environment includes 2 routers, 3 core switchs, 1 AC, 2 APs, 2 firewalls, 1
iMaster NCE-Campus, 2 wired terminals and 1 wireless terminal. Each suite of experiment
environment is applicable to 1 candidate.
Device Introduction
The following table lists devices recommended for HCSA-Field-Datacom Campus Network
experiments and the mappings between the device name, model, and software version.
 HCSA Field Datacom Campus Network V1.0 Lab Guide Page 2

Device Name Model Software Version

Router AR6121 V300R019C10SPC300

V200R019C10SPC500
Switch S7703 or S6720-32C
V200R019C10SPC500

AC AirEngine9700-M1 V200R020C00SPC300

AP AirEngine 8760R-X1 V200R020C00SPC300

 HCSA Field Datacom Campus Network V1.0 Lab Guide Page 3

Contents

About This Document ................................................................................................................. 1

Overview ............................................................................................................................................................................. 1
Background Knowledge Required....................................................................................................................................... 1
Common Icons .................................................................................................................................................................... 1
Experiment Environment Overview.................................................................................................................................... 1
1 Experiment Overview .............................................................................................................. 6
1.1 Introduction .................................................................................................................................................................. 6
1.1.1 About this Lab ............................................................................................................................................................ 6
1.1.2 Networking Introduction ........................................................................................................................................... 6
1.1.3 Experiment Configuration Process ............................................................................................................................ 8
1.1.4 Device Login ............................................................................................................................................................... 9
2 IP Routing Basics ................................................................................................................... 10
2.1 Introduction ................................................................................................................................................................ 10
2.1.1 About This Lab ......................................................................................................................................................... 10
2.1.2 Objectives ................................................................................................................................................................ 10
2.1.3 Networking Introduction ......................................................................................................................................... 10
2.1.4 Network Planning .................................................................................................................................................... 11
2.2 Configuration Procedure ............................................................................................................................................ 12
2.2.1 Configuration Roadmap ........................................................................................................................................... 12
2.2.2 Procedure ................................................................................................................................................................ 12
2.3 Verifying the Configuration ........................................................................................................................................ 15
2.3.1 Check VLAN Information on a Switch ...................................................................................................................... 15
2.3.2 Check IP Address Information on a Device .............................................................................................................. 16
3 Configure OSPF...................................................................................................................... 19
3.1 Introduction ................................................................................................................................................................ 19
3.1.1 About This Lab ......................................................................................................................................................... 19
3.1.2 Objectives ................................................................................................................................................................ 19
3.1.3 Networking Introduction ......................................................................................................................................... 19
3.1.4 Network Planning .................................................................................................................................................... 20
3.2 Configuration Procedure ............................................................................................................................................ 21
3.2.1 Configuration Roadmap ........................................................................................................................................... 21
3.2.2 Procedure ................................................................................................................................................................ 21
3.3 Verifying the Configuration ........................................................................................................................................ 22
3.3.1 Check OSPF Neighbor Status on a Router ................................................................................................................ 22
3.3.2 Check the Interface Cost on a Device ...................................................................................................................... 24
3.3.3 Check the IP Routing Table ...................................................................................................................................... 25
 HCSA Field Datacom Campus Network V1.0 Lab Guide Page 4

4 HQ Network Setup (Preconfigured) ........................................................................................ 28

4.1 Introduction ................................................................................................................................................................ 28
4.1.1 About This Lab ......................................................................................................................................................... 28
4.1.2 Networking Introduction ......................................................................................................................................... 28
4.1.3 Network Planning .................................................................................................................................................... 28
4.2 Configuration Procedure ............................................................................................................................................ 30
4.2.1 Configuration Roadmap ........................................................................................................................................... 30
4.2.2 Configuration Reference .......................................................................................................................................... 30
4.3 Verifying the Configuration ........................................................................................................................................ 34
4.3.1 Check OSPF Neighbor Status on a Router ................................................................................................................ 34
5 Configure the default route ................................................................................................... 36
5.1 Introduction ................................................................................................................................................................ 36
5.1.1 About This Lab ......................................................................................................................................................... 36
5.1.2 Objectives ................................................................................................................................................................ 36
5.1.3 Networking Introduction ......................................................................................................................................... 36
5.1.4 Network Planning .................................................................................................................................................... 37
5.2 Configuration Procedure ............................................................................................................................................ 37
5.2.1 Configuration Roadmap ........................................................................................................................................... 37
5.2.2 Procedure ................................................................................................................................................................ 37
5.3 Verifying the Configuration ........................................................................................................................................ 38
5.3.1 Check IP Routing Table Information on a Router .................................................................................................... 38
5.3.2 Ping the HQ Service Network................................................................................................................................... 39
6 Enable the DHCP Service ........................................................................................................ 42
6.1 Introduction ................................................................................................................................................................ 42
6.1.1 About This Lab ......................................................................................................................................................... 42
6.1.2 Objectives ................................................................................................................................................................ 42
6.1.3 Networking Introduction ......................................................................................................................................... 42
6.1.4 Network Planning .................................................................................................................................................... 43
6.2 Configuration Procedure ............................................................................................................................................ 43
6.2.1 Configuration Roadmap ........................................................................................................................................... 43
6.2.2 Procedure ................................................................................................................................................................ 44
6.3 Verifying the Configuration ........................................................................................................................................ 44
6.3.1 Check Address Pool Allocation Information on a Switch ......................................................................................... 44
6.3.2 Check IP Address Information on a Device .............................................................................................................. 47
6.3.3 Check the Connectivity with Analog Users in the HQ .............................................................................................. 47
7 AP Onboarding ...................................................................................................................... 49
7.1 Introduction ................................................................................................................................................................ 49
7.1.1 About This Lab ......................................................................................................................................................... 49
7.1.2 Objectives ................................................................................................................................................................ 49
7.1.3 Networking Introduction ......................................................................................................................................... 49
7.1.4 Network Planning .................................................................................................................................................... 50
 HCSA Field Datacom Campus Network V1.0 Lab Guide Page 5

7.2 Configuration Procedure ............................................................................................................................................ 50

7.2.1 Configuration Roadmap ........................................................................................................................................... 50
7.2.2 Procedure ................................................................................................................................................................ 51
7.3 Verifying the Configuration ........................................................................................................................................ 53
7.3.1 Check VLAN Information on the AC ......................................................................................................................... 53
7.3.2 Check the OSPF Neighbor Status on the AC............................................................................................................. 53
7.3.3 Check the Connectivity Between SW-01 and AC ..................................................................................................... 53
7.3.4 Check Whether an AP Goes Online .......................................................................................................................... 54
8 Configure WLAN Services ....................................................................................................... 55
8.1 Introduction ................................................................................................................................................................ 55
8.1.1 About This Lab ......................................................................................................................................................... 55
8.1.2 Objectives ................................................................................................................................................................ 55
8.1.3 Networking Introduction ......................................................................................................................................... 55
8.1.4 Network Planning .................................................................................................................................................... 56
8.2 Configuration Procedure ............................................................................................................................................ 56
8.2.1 Configuration Roadmap ........................................................................................................................................... 56
8.2.2 Procedure ................................................................................................................................................................ 56
8.3 Verifying the Configuration ........................................................................................................................................ 58
8.3.1 Check SSID Information on an AC ............................................................................................................................ 58
8.3.2 Associate the terminal with wireless signals and test the network connectivity .................................................... 58
 HCSA Field Datacom Campus Network V1.0 Lab Guide Page 6

1 Experiment Overview

1.1 Introduction
1.1.1 About this Lab
This experiment guide aims to construct a traditional campus network to implement network
communication, such as the internal network of a branch and the network between the branch and
the headquarters. This course introduces related configuration commands one by one, helping
trainees better understand and master the technical contents related to HCSA-Field-Datacom
Campus Network.

1.1.2 Networking Introduction

The networking in this lab consists of the HQ and branches. The HQ network has been
preconfigured. Trainees mainly complete the branch network setup. Finally, PC-01, PC-02, and PC-03
can communicate with each other. In addition, The three terminal users can access the simulated
users (LoopBack 10 and LoopBack 20) created on the HQ SW-Core.
This lab guide consists of the following labs:
1. On the HQ network, Core USG-01, Core USG-02, and SW-Core can communicate with each
other, and routes for communication with branches are available.
2. ACs at the HQ are factory settings. Trainees need to complete configurations for
communication with the HQ intranet and WLAN services.
3. AR-01 and AR-02 are branch network egress routers and are connected to the HQ firewall Core
USG-01 and Core USG-02 through Direct Connect 1 and Direct Connect 2, respectively.
4. To ensure network reliability and stability, the branch network adopts the square-shaped
networking mode to implement route backup.
5. The internal network of the branch is the same as that of the HQ. The OSPF dynamic routing
protocol is enabled on both the internal network to implement communication between the
internal network.
6. SW-01 and SW-02 function as aggregation switch and enable VLANIF Layer 3 interfaces to
connect to AR-01 and AR-02. In addition, enable OSPF to implement internal network
communication.
7. SW-01 and SW-02 function as access switches and enable the DHCP service to provide DHCP
services for users and APs.
8. Wireless services use the AC+ FIT AP networking mode. To facilitate management, the HQ AC
manages branch AP-01 and AP-02 in a unified manner, and the HQ AC delivers WLAN service
configurations.
9. AP-01 and AP-02 serve as wireless access points to provide wireless network access services for
PC-03.
 HCSA Field Datacom Campus Network V1.0 Lab Guide Page 7

Note: This exercise does not involve iMaster NCE-Campus. Trainees must strictly follow the lab
manual and do not perform any operations on iMaster NCE-Campus on the lab platform.

Network topology
 HCSA Field Datacom Campus Network V1.0 Lab Guide Page 8

1.1.3 Experiment Configuration Process

The following figure shows the configuration process for constructing a traditional campus network:

Process description:
⚫ Module 1 is the basis of IP routing. First, the intranet is divided into multiple virtual subnets
through VLANs to reduce the broadcast domain and isolate services. Second, the IP addresses of
network device interfaces are configured to lay a foundation for subsequent communication
between network devices. This module will help you master basic configuration commands such
as VLAN division and IP address division.
⚫ Module 2 configures OSPF and uses the OSPF dynamic routing protocol to implement routing
communication on the intranet. This module helps you master the configuration commands and
functions of OSPF dynamic routes.
⚫ Module 3 is used to set up the headquarters network. You can import the reference
configuration commands provided in to the corresponding devices to implement the
communication between the headquarters intranet and configure the routes between the
headquarters and branches.
⚫ Module 4 configures the default route on the branch gateway to implement route
communication between the branch and the headquarters. This module helps you master the
commands and functions related to default routes and OSPF default route delivery.
⚫ Module 5 enables the DHCP service and allocates network information such as IP addresses,
subnet masks, and gateways to users. This reduces manual configuration workload and avoids
manual operation errors. This module helps trainees master DHCP configuration commands and
application scenarios.
⚫ Module 6 describes how to configure APs to go online. To facilitate management, the AC+ FIT AP
networking mode is used. The headquarters AC centrally manages APs. This module helps
trainees master and understand the AP login process and related configuration commands.
 HCSA Field Datacom Campus Network V1.0 Lab Guide Page 9

⚫ Module 7: Configure the WLAN service to enable the AP to release SSID wireless signals so that
wireless users can access the intranet and access intranet resources. This module helps trainees
master and understand basic WLAN configuration commands and application scenarios.

1.1.4 Device Login

Login mode:
After you enter the lab platform, the eLabox software automatically starts and the complete
networking diagram is displayed.
Log in to the device based on the networking. If the device cannot be automatically logged in,
manually log in to the device based on the login mode listed in the preceding table.
Note: If no proxy has been added, you need to configure the proxy in the browser in advance and
add the controller network segment. Otherwise, the controller cannot be opened. (To add a proxy,
open the browser and choose Settings > Advanced > System > Open Proxy Settings > LAN Settings >
Advanced > Exceptions and write 10. *; 172.25. *.)
Note: Do not perform experiments that are not involved in this lab environment. Do not change
the login password of any device.

Device login methods

Login
Device Name Login Address:Port User Name/Password
Method

SW-01 Telnet 172.25.66.131:10022 sshadmin/Huawei@1234

SW-02 Telnet 172.25.66.131:10021 sshadmin/Huawei@1234

AR-01 Telnet 172.25.66.131:10032 sshadmin/Huawei@1234

AR-02 Telnet 172.25.66.131:10031 sshadmin/Huawei@1234

Core USG-01 Telnet 172.25.66.131:10030 sshadmin/Huawei@1234

Core USG-02 Telnet 172.25.66.131:10029 sshadmin/Huawei@1234

SW-Core Telnet 172.25.66.131:10020 sshadmin/Huawei@1234

AC Telnet 172.25.66.131:10026 sshadmin/Huawei@1234

Remote
PC-01 172.25.65.205 china\p_elab2022/HUAwei001
desktop

Remote
PC-02 172.25.65.213 huawei/Huawei12#$
desktop

Remote
PC-03 172.25.65.212 huawei/Huawei12#$
desktop
 HCSA Field Datacom Campus Network V1.0 Lab Guide Page 10

2 IP Routing Basics

2.1 Introduction
2.1.1 About This Lab
In this experiment, a branch network is logically divided into multiple virtual subnets through VLAN
division to isolate services, reduce broadcast domains, and enhance network security. In addition,
configure basic information such as IP addresses for branch network devices.

2.1.2 Objectives
⚫ Understand the basic principles of VLAN.
⚫ Understand the VLAN link type.
⚫ Master the configurations of different VLAN port types.
⚫ Learn how to divide VLANs based on ports.
⚫ Master basic configuration commands such as IP addresses.

2.1.3 Networking Introduction

Network topology
 HCSA Field Datacom Campus Network V1.0 Lab Guide Page 11

2.1.4 Network Planning

According to the VLAN configuration scenario on the campus network, SW-01 and SW-02 are access
switches, and wired terminals PC-01, PC-02, and wireless terminal PC-03 are connected to the
network as users. Create VLAN 10, VLAN 20, and VLAN 100 for connecting PC-01, PC-02, and AP.
The ports connecting switches and switches and the ports connecting switches and routers are of
the Access type and are used for Layer 3 interconnection. The interface connecting the switch to
hosts and APs is also an access interface, and the PVID is changed to the VLAN ID of each host.
After VLAN division is configured, configure IP addresses for ports to implement direct link
interconnection and VLAN service isolation.

VLAN and network segment planning

Service Address/Interconnection Address VLAN Network Segment

PC-01 VLAN 10 10.0.10.0/24

PC-02 VLAN 20 10.0.20.0/24

AP management network VLAN 100 10.0.100.0/24

Interconnection between SW-01 and AR-01 VLAN 12 172.200.5.0/30

Interconnection between SW-01 and SW-

VLAN 34 172.200.5.12/30
02

Interconnection between SW-02 and AR-02 VLAN 56 172.200.5.4/30

Interconnection between AR-01 and AR-02 / 172.200.5.8/30

Switch port planning

Device Port Port Type VLAN

GE0/0/1 Access 10

GE0/0/2 Access 34

SW-01 GE0/0/3 Access 12

GE0/0/4 Access 100

GE0/0/5 Access 100

GE0/0/1 Access 20

SW-02 GE0/0/2 Access 34

GE0/0/3 Access 56

IP address planning
Device Port IP Address

Vlanif 10 10.0.10.254/24
SW-01
Vlanif 12 172.200.5.2/30
 HCSA Field Datacom Campus Network V1.0 Lab Guide Page 12

Vlanif 34 172.200.5.13/30

Vlanif 100 10.0.100.254/24

Vlanif 20 10.0.20.254/24

SW-02 Vlanif 34 172.200.5.14/30

Vlanif 56 172.200.5.6/30

GE0/0/1 172.200.5.9/30

AR-01 GE0/0/2 172.200.108.1/30

GE0/0/3 172.200.5.1/30

GE0/0/1 172.200.5.10/30

AR-02 GE0/0/2 172.200.109.1/30

GE0/0/3 172.200.5.5/30

2.2 Configuration Procedure

2.2.1 Configuration Roadmap
1. Create VLANs. Create service VLANs and interconnection VLANs on SW-01 and SW-02 according to
the planning table.
2. Configure the switch port. Set the port type to Access according to the planning table, and
configure the corresponding default VLAN.
3. Configure the IP address of the device. Configure the IP address of the port according to the
planning table. Create the VLNAIF interface on the switch and then configure the corresponding IP
address.

2.2.2 Procedure
Step 1 Create VLANs.
# Create VLANs 10, 12, 34, and 100 on SW-01. The VLNAs 10 and 100 are configured to connect a
wired terminal PC-01 and an AP. VLANs 12 and 34 are used to connect AR-01 and SW-02.
<Huawei> system-view
[Huawei] sysname SW-01
[SW-01] vlan batch 10 12 34 100
# Create VLANs 20, 34, and 56 on SW-02. VLAN 20 is used to connect the wired terminal PC-02.
VLANs 34 and 56 are used to connect SW-01 and AR-02.
<Huawei> system-view
[Huawei] sysname SW-02
[SW-02] vlan batch 20 34 56

Step 2 Configure switch interfaces.

 HCSA Field Datacom Campus Network V1.0 Lab Guide Page 13

# Configure the link types and default VLANs for interfaces of SW-01.
[SW-01] interface GigabitEthernet 0/0/1
[SW-01-GigabitEthernet0/0/1] port link-type access
[SW-01-GigabitEthernet0/0/1] port default vlan 10
[SW-01-GigabitEthernet0/0/1] quit
[SW-01] interface GigabitEthernet 0/0/2
[SW-01-GigabitEthernet0/0/2] port link-type access
[SW-01-GigabitEthernet0/0/2] port default vlan 34
[SW-01-GigabitEthernet0/0/2] quit
[SW-01] interface GigabitEthernet 0/0/3
[SW-01-GigabitEthernet0/0/3] port link-type access
[SW-01-GigabitEthernet0/0/3] port default vlan 12
[SW-01-GigabitEthernet0/0/3] quit
[SW-01] interface GigabitEthernet 0/0/4
[SW-01-GigabitEthernet0/0/4] port link-type access
[SW-01-GigabitEthernet0/0/4] port default vlan 100
[SW-01-GigabitEthernet0/0/4] quit
[SW-01] interface GigabitEthernet 0/0/5
[SW-01-GigabitEthernet0/0/5] port link-type access
[SW-01-GigabitEthernet0/0/5] port default vlan 100
[SW-01-GigabitEthernet0/0/5] quit

# Configure the link types and default VLANs for interfaces of SW-02.
[SW-02] interface GigabitEthernet 0/0/1
[SW-02-GigabitEthernet0/0/1] port link-type access
[SW-02-GigabitEthernet0/0/1] port default vlan 20
[SW-02-GigabitEthernet0/0/1] quit
[SW-02] interface GigabitEthernet 0/0/2
[SW-02-GigabitEthernet0/0/2] port link-type access
[SW-02-GigabitEthernet0/0/2] port default vlan 34
[SW-02-GigabitEthernet0/0/2] quit
[SW-02] interface GigabitEthernet 0/0/3
[SW-02-GigabitEthernet0/0/3] port link-type access
[SW-02-GigabitEthernet0/0/3] port default vlan 56
[SW-02-GigabitEthernet0/0/3] quit

Step 3 Configure IP addresses for devices.

Create VLANIF interfaces on SW-01 and SW-02 for device interconnection, and assign IP addresses to
the interfaces for device communication.
# Configure IP addresses for SW-01.
[SW-01] interface vlanif 10
[SW-01-Vlanif10] ip address 10.0.10.254 24
[SW-01-Vlanif10] quit
[SW-01] interface vlanif 12
[SW-01-Vlanif12] ip address 172.200.5.2 30
[SW-01-Vlanif12] quit
[SW-01] interface vlanif 34
 HCSA Field Datacom Campus Network V1.0 Lab Guide Page 14

[SW-01-Vlanif34] ip address 172.200.5.13 30

[SW-01-Vlanif34] quit
[SW-01] interface vlanif 100
[SW-01-Vlanif100] ip address 10.0.100.254 24
[SW-01-Vlanif100] quit

# Configure IP addresses for SW-02.

[SW-02] interface vlanif 20
[SW-02-Vlanif20] ip address 10.0.20.254 24
[SW-02-Vlanif20] quit
[SW-02] interface vlanif 34
[SW-02-Vlanif34] ip address 172.200.5.14 30
[SW-02-Vlanif34] quit
[SW-02] interface vlanif 56
[SW-02-Vlanif56] ip address 172.200.5.6 30
[SW-02-Vlanif56] quit
Configure IP addresses on AR-01 and AR-02. In the lab environment, the interfaces of ARs work in
Layer 2 mode by default. Therefore, run the undo portswitch command in the interface view to
switch the Ethernet interfaces from Layer 2 mode to Layer 3 mode, and then configure IP addresses.
# Configure IP addresses for AR-01.
<Huawei> system-view
[Huawei] sysname AR-01
[AR-01] interface GigabitEthernet 0/0/1
[AR-01-GigabitEthernet0/0/1] undo portswitch
[AR-01-GigabitEthernet0/0/1] ip address 172.200.5.9 30
[AR-01-GigabitEthernet0/0/1] quit
[AR-01] interface GigabitEthernet 0/0/2
[AR-01-GigabitEthernet0/0/2] undo portswitch
[AR-01-GigabitEthernet0/0/2] ip address 172.200.108.1 30
[AR-01-GigabitEthernet0/0/2] quit
[AR-01] interface GigabitEthernet 0/0/3
[AR-01-GigabitEthernet0/0/3] undo portswitch
[AR-01-GigabitEthernet0/0/3] ip address 172.200.5.1 30
[AR-01-GigabitEthernet0/0/3] quit

# Configure IP addresses for AR-02.

<Huawei> system-view
[Huawei] sysname AR-02
[AR-02] interface GigabitEthernet 0/0/1
[AR-02-GigabitEthernet0/0/1] undo portswitch
[AR-02-GigabitEthernet0/0/1] ip address 172.200.5.10 30
[AR-02-GigabitEthernet0/0/1] quit
[AR-02] interface GigabitEthernet 0/0/2
[AR-02-GigabitEthernet0/0/2] undo portswitch
[AR-02-GigabitEthernet0/0/2] ip address 172.200.109.1 30
[AR-02-GigabitEthernet0/0/2] quit
[AR-02] interface GigabitEthernet 0/0/3
[AR-02-GigabitEthernet0/0/3] undo portswitch
 HCSA Field Datacom Campus Network V1.0 Lab Guide Page 15

[AR-02-GigabitEthernet0/0/3] ip address 172.200.5.5 30

[AR-02-GigabitEthernet0/0/3] quit

2.3 Verifying the Configuration

2.3.1 Check VLAN Information on a Switch
# Run the display vlan command on SW-01 and SW-02 to check the port status and the VLAN to
which the port belongs. The command output is as follows:
# SW-01
[SW-01] display vlan
The total number of VLANs is: 5
--------------------------------------------------------------------------------
U: Up; D: Down; TG: Tagged; UT: Untagged;
MP: Vlan-mapping; ST: Vlan-stacking;
#: ProtocolTransparent-vlan; *: Management-vlan;
--------------------------------------------------------------------------------

VID Type Ports

--------------------------------------------------------------------------------
1 common UT:GE0/0/6(D) GE0/0/7(D) GE0/0/8(D) GE0/0/9(D)
GE0/0/10(D) GE0/0/11(D) GE0/0/12(D) GE0/0/13(D)
GE0/0/14(D) GE0/0/15(U) GE0/0/16(D) GE0/0/17(D)
GE0/0/18(D) GE0/0/19(D) GE0/0/20(D) GE0/0/21(D)
GE0/0/22(D) GE0/0/23(D) GE0/0/24(D) XGE0/0/1(D)
XGE0/0/3(D) XGE0/0/4(D)
10 common UT:GE0/0/1(U)
12 common UT:GE0/0/3(U)
34 common UT:GE0/0/2(U)
100 common UT:GE0/0/4(U) GE0/0/5(U)

VID Status Property MAC-LRN Statistics Description

--------------------------------------------------------------------------------
1 enable default enable disable VLAN 0001
10 enable default enable disable VLAN 0010
12 enable default enable disable VLAN 0012
34 enable default enable disable VLAN 0034
100 enable default enable disable VLAN 0100

# SW-02
[SW-02] display vlan
The total number of VLANs is: 4
--------------------------------------------------------------------------------
U: Up; D: Down; TG: Tagged; UT: Untagged;
MP: Vlan-mapping; ST: Vlan-stacking;
#: ProtocolTransparent-vlan; *: Management-vlan;
--------------------------------------------------------------------------------
 HCSA Field Datacom Campus Network V1.0 Lab Guide Page 16

VID Type Ports

--------------------------------------------------------------------------------
1 common UT:GE0/0/4(D) GE0/0/5(D) GE0/0/6(D) GE0/0/7(D)
GE0/0/8(D) GE0/0/9(D) GE0/0/10(D) GE0/0/11(D)
GE0/0/12(D) GE0/0/13(D) GE0/0/14(D) GE0/0/15(D)
GE0/0/16(D) GE0/0/17(D) GE0/0/18(D) GE0/0/19(D)
GE0/0/20(D) GE0/0/21(D) GE0/0/22(D) GE0/0/23(D)
GE0/0/24(D) XGE0/0/1(D) XGE0/0/2(D) XGE0/0/3(D)
XGE0/0/4(D)
20 common UT:GE0/0/1(U)
34 common UT:GE0/0/2(U)
56 common UT:GE0/0/3(U)

VID Status Property MAC-LRN Statistics Description

--------------------------------------------------------------------------------
1 enable default enable disable VLAN 0001
20 enable default enable disable VLAN 0020
34 enable default enable disable VLAN 0034
56 enable default enable disable VLAN 0056

The preceding command output shows that VLANs 10, 12, 34, and 100 are successfully created on
SW-01. SW-02 successfully creates VLANs 20, 34, 56.

2.3.2 Check IP Address Information on a Device

Run the display ip interface brief command on SW-01, SW-02, AR-01, and AR-02 to check the IP
addresses and interface status. The command output is as follows:
# SW-01
<SW-01> display ip interface brief
*down: administratively down
^down: standby
(l): loopback
(s): spoofing
(E): E-Trunk down
The number of interface that is UP in Physical is 6
The number of interface that is DOWN in Physical is 1
The number of interface that is UP in Protocol is 6
The number of interface that is DOWN in Protocol is 1

Interface IP Address/Mask Physical Protocol

NULL0 unassigned up up(s)
Vlanif1 unassigned down down
Vlanif10 10.0.10.254/24 up up
Vlanif12 172.200.5.2/30 up up
Vlanif34 172.200.5.13/30 up up
Vlanif100 10.0.100.254/24 up up

# SW-02
 HCSA Field Datacom Campus Network V1.0 Lab Guide Page 17

<SW-02> display ip interface brief

*down: administratively down
^down: standby
(l): loopback
(s): spoofing
(E): E-Trunk down
The number of interface that is UP in Physical is 4
The number of interface that is DOWN in Physical is 2
The number of interface that is UP in Protocol is 4
The number of interface that is DOWN in Protocol is 2

Interface IP Address/Mask Physical Protocol

NULL0 unassigned up up(s)
Vlanif1 unassigned down down
Vlanif20 10.0.20.254/24 up up
Vlanif34 172.200.5.14/30 up up
Vlanif56 172.200.5.6/30 up up

# AR-01
<AR-01> display ip interface brief
*down: administratively down
^down: standby
(l): loopback
(s): spoofing
(E): E-Trunk down
The number of interface that is UP in Physical is 6
The number of interface that is DOWN in Physical is 4
The number of interface that is UP in Protocol is 5
The number of interface that is DOWN in Protocol is 5

Interface IP Address/Mask Physical Protocol

GigabitEthernet0/0/1 172.200.5.9/30 up up
GigabitEthernet0/0/2 172.200.108.1/30 up up
GigabitEthernet0/0/3 172.200.5.1/30 up up
GigabitEthernet0/0/9 unassigned down down
GigabitEthernet0/0/10 unassigned down down
GigabitEthernet0/0/11 unassigned up down
NULL0 unassigned up up(s)
Vlanif1 unassigned down down
XGigabitEthernet0/0/0 unassigned down down

# AR-02
<AR-02> display ip interface brief
*down: administratively down
^down: standby
(l): loopback
(s): spoofing
(E): E-Trunk down
 HCSA Field Datacom Campus Network V1.0 Lab Guide Page 18

The number of interface that is UP in Physical is 6

The number of interface that is DOWN in Physical is 4
The number of interface that is UP in Protocol is 5
The number of interface that is DOWN in Protocol is 5

Interface IP Address/Mask Physical Protocol

GigabitEthernet0/0/1 172.200.5.10/30 up up
GigabitEthernet0/0/2 172.200.109.1/30 up up
GigabitEthernet0/0/3 172.200.5.5/30 up up
GigabitEthernet0/0/9 unassigned down down
GigabitEthernet0/0/10 unassigned down down
GigabitEthernet0/0/11 unassigned up down
NULL0 unassigned up up(s)
Vlanif1 unassigned down down
XGigabitEthernet0/0/0 unassigned down down
The preceding command output shows that the IP addresses of the interfaces on SW-01, SW-02, AR-
01, and AR-02 are the same as those in the address planning table.
 HCSA Field Datacom Campus Network V1.0 Lab Guide Page 19

3 Configure OSPF

3.1 Introduction
3.1.1 About This Lab
This experiment uses the OSPF dynamic routing protocol to implement communication between
devices on the intranet of a branch. Configure the OSPF cost on an interface to control route
selection and implement OSPF route backup.

3.1.2 Objectives
⚫ Understand the basic principles of OSPF.
⚫ Understand the functions of different OSPF areas.
⚫ Master OSPF basic configuration commands.
⚫ Understand the functions of router IDs in OSPF.
⚫ Understand the effect of cost on OSPF route selection.

3.1.3 Networking Introduction

OSPF is used on the branch intranet so that intranet devices can communicate with each other. The
egress router of the branch uses static routes to communicate with devices in the HQ and imports
the static routes to OSPF so that other devices in the branch can communicate with devices in the
HQ.
Based on the OSPF configuration scenario on the campus network, OSPF needs to be enabled on AR-
01, AR-02, SW-01, and SW-02, and router IDs need to be set to uniquely identify the four devices.
AR-01 and AR-02 need to advertise the network segment connected to the switch and the network
segment connected to the switch into the OSPF area. Switches SW-01 and SW-02 need to advertise
the network segments used by terminals and APs in the OSPF area in addition to the network
segments connected to routers and the network segments used by terminals and APs. (Note: The
router should not advertise public network addresses to the intranet.)
 HCSA Field Datacom Campus Network V1.0 Lab Guide Page 20

Network topology

3.1.4 Network Planning

Router ID planning
Device Name Router-ID

AR-01 1.1.1.1

AR-02 2.2.2.2

SW-01 3.3.3.3

SW-02 4.4.4.4

Cost value planning

Device Name Device Interface Cost Value

GE0/0/1 1000
AR-01
GE0/0/3 100

GE0/0/1 1000
AR-02
GE0/0/3 100

SW-01 VLANIF 12 100

 HCSA Field Datacom Campus Network V1.0 Lab Guide Page 21

VLANIF 34 1000

VLANIF 56 100
SW-02
VLANIF 34 1000

3.2 Configuration Procedure

3.2.1 Configuration Roadmap
1. Enable OSPF on all network devices in the branch and set router IDs.
2. Enter the OSPF area and declare the device interconnection and service network segments.
3. Set the OSPF cost in the interface view to control OSPF route selection.

3.2.2 Procedure
Step 1 Enable OSPF.
# Enable OSPF on AR-01 and advertise the branch interconnection network segments to the OSPF
area.
[AR-01] ospf 1 router-id 1.1.1.1
[AR-01-ospf-1] area 0
[AR-01-ospf-1-area-0.0.0.0] network 172.200.5.1 0.0.0.0
[AR-01-ospf-1-area-0.0.0.0] network 172.200.5.9 0.0.0.0
[AR-01-ospf-1-area-0.0.0.0] quit
[AR-01-ospf-1] quit
# Enable OSPF on AR-02 and advertise the branch interconnection network segments to the OSPF
area.
[AR-02] ospf 1 router-id 2.2.2.2
[AR-02-ospf-1] area 0
[AR-02-ospf-1-area-0.0.0.0] network 172.200.5.5 0.0.0.0
[AR-02-ospf-1-area-0.0.0.0] network 172.200.5.10 0.0.0.0
[AR-02-ospf-1-area-0.0.0.0] quit
[AR-02-ospf-1] quit
# Enable OSPF on SW-01 and advertise the branch interconnection and service network segments to
the OSPF area.
[SW-01] ospf 1 router-id 3.3.3.3
[SW-01-ospf-1] area 0
[SW-01-ospf-1-area-0.0.0.0] network 172.200.5.2 0.0.0.0
[SW-01-ospf-1-area-0.0.0.0] network 172.200.5.13 0.0.0.0
[SW-01-ospf-1-area-0.0.0.0] network 10.0.10.0 0.0.0.255
[SW-01-ospf-1-area-0.0.0.0] network 10.0.100.0 0.0.0.255
[SW-01-ospf-1-area-0.0.0.0] quit
[SW-01-ospf-1] quit
# Enable OSPF on SW-02 and advertise the branch interconnection and service network segments to
the OSPF area.
 HCSA Field Datacom Campus Network V1.0 Lab Guide Page 22

[SW-02] ospf 1 router-id 4.4.4.4

[SW-02-ospf-1] area 0
[SW-02-ospf-1-area-0.0.0.0] network 172.200.5.6 0.0.0.0
[SW-02-ospf-1-area-0.0.0.0] network 172.200.5.14 0.0.0.0
[SW-02-ospf-1-area-0.0.0.0] network 10.0.20.0 0.0.0.255
[SW-02-ospf-1-area-0.0.0.0] quit
[SW-02-ospf-1] quit

Step 2 Configure the OSPF cost.

# Configure the OSPF cost value for AR-01.
[AR-01] interface GigabitEthernet 0/0/1
[AR-01-GigabitEthernet0/0/1] ospf cost 1000
[AR-01-GigabitEthernet0/0/1] quit
[AR-01] interface GigabitEthernet 0/0/3
[AR-01-GigabitEthernet0/0/3] ospf cost 100
[AR-01-GigabitEthernet0/0/3] quit

# Configure the OSPF cost value for AR-02.

[AR-02] interface GigabitEthernet 0/0/1
[AR-02-GigabitEthernet0/0/1] ospf cost 1000
[AR-02-GigabitEthernet0/0/1] quit
[AR-02] interface GigabitEthernet 0/0/3
[AR-02-GigabitEthernet0/0/3] ospf cost 100
[AR-02-GigabitEthernet0/0/3] quit

# Configure the OSPF cost value for SW-01.

[SW-01] interface Vlanif 12
[SW-01-Vlanif12] ospf cost 100
[SW-01-Vlanif12] quit
[SW-01] interface Vlanif 34
[SW-01-Vlanif34] ospf cost 1000
[SW-01-Vlanif34] quit

# Configure the OSPF cost value for SW-02.

[SW-02] interface Vlanif 56
[SW-02-Vlanif56] ospf cost 100
[SW-02-Vlanif56] quit
[SW-02] interface Vlanif 34
[SW-02-Vlanif34] ospf cost 1000
[SW-02-Vlanif34] quit

3.3 Verifying the Configuration

3.3.1 Check OSPF Neighbor Status on a Router
Run the display ospf peer brief command on SW-01, SW-02, AR-01, and AR-02 to view the OSPF
neighbor status. The command output is as follows:
 HCSA Field Datacom Campus Network V1.0 Lab Guide Page 23

# SW-01
[SW-01] display ospf peer brief

OSPF Process 1 with Router ID 3.3.3.3

Peer Statistic Information
----------------------------------------------------------------------------
Area Id Interface Neighbor id State
0.0.0.0 Vlanif12 1.1.1.1 Full
0.0.0.0 Vlanif34 4.4.4.4 Full
----------------------------------------------------------------------------
Total Peer(s): 2

# SW-02
[SW-02] display ospf peer brief

OSPF Process 1 with Router ID 4.4.4.4

Peer Statistic Information
----------------------------------------------------------------------------
Area Id Interface Neighbor id State
0.0.0.0 Vlanif34 3.3.3.3 Full
0.0.0.0 Vlanif56 2.2.2.2 Full
----------------------------------------------------------------------------
Total Peer(s): 2

# AR-01
[AR-01] display ospf peer brief

OSPF Process 1 with Router ID 1.1.1.1

Peer Statistic Information
----------------------------------------------------------------------------
Area Id Interface Neighbor id State
0.0.0.0 GigabitEthernet0/0/1 2.2.2.2 Full
0.0.0.0 GigabitEthernet0/0/3 3.3.3.3 Full
----------------------------------------------------------------------------
Total Peer(s): 2

# AR-02
[AR-02] display ospf peer brief

OSPF Process 1 with Router ID 2.2.2.2

Peer Statistic Information
----------------------------------------------------------------------------
Area Id Interface Neighbor id State
0.0.0.0 GigabitEthernet0/0/1 1.1.1.1 Full
0.0.0.0 GigabitEthernet0/0/3 4.4.4.4 Full
----------------------------------------------------------------------------
Total Peer(s): 2
 HCSA Field Datacom Campus Network V1.0 Lab Guide Page 24

In the preceding command output, State is Full, indicating that OSPF adjacencies have been
established between SW-01, SW-02, AR-01, and AR-02.

3.3.2 Check the Interface Cost on a Device

Run the display ospf interface command on SW-01, SW-02, AR-01, and AR-02 to check the OSPF cost
configuration. The command output is as follows:
# SW-01
[SW-01] display ospf interface

OSPF Process 1 with Router ID 3.3.3.3

Interfaces

Area: 0.0.0.0
IP Address Type State Cost Pri DR BDR
10.0.10.254 Broadcast DR 1 1 10.0.10.254 0.0.0.0
172.200.5.2 Broadcast DR 100 1 172.200.5.2 172.200.5.1
172.200.5.13 Broadcast BDR 1000 1 172.200.5.14 172.200.5.13
10.0.100.254 Broadcast DR 1 1 10.0.100.254 0.0.0.0

# SW-02
[SW-02] display ospf interface

OSPF Process 1 with Router ID 4.4.4.4

Interfaces

Area: 0.0.0.0
IP Address Type State Cost Pri DR BDR
10.0.20.254 Broadcast DR 1 1 10.0.20.254 0.0.0.0
172.200.5.14 Broadcast BDR 1000 1 172.200.5.14 172.200.5.13
172.200.5.6 Broadcast BDR 100 1 172.200.5.6 172.200.5.5

# AR-01
[AR-01] display ospf interface

OSPF Process 1 with Router ID 1.1.1.1

Interfaces

Area: 0.0.0.0 (MPLS TE not enabled)

IP Address Type State Cost Pri DR BDR
172.200.5.9 Broadcast DR 1000 1 172.200.5.10 172.200.5.9
172.200.5.1 Broadcast DR 100 1 172.200.5.2 172.200.5.1

# AR-02
[AR-02] display ospf interface

OSPF Process 1 with Router ID 2.2.2.2

Interfaces
 HCSA Field Datacom Campus Network V1.0 Lab Guide Page 25

Area: 0.0.0.0 (MPLS TE not enabled)

IP Address Type State Cost Pri DR BDR
172.200.5.10 Broadcast BDR 1000 1 172.200.5.10 172.200.5.9
172.200.5.5 Broadcast DR 100 1 172.200.5.6 172.200.5.5
The preceding command output shows that the OSPF cost of the interconnected interfaces SW-01,
SW-02, AR-01, and AR-02 is consistent with the cost planning table.

3.3.3 Check the IP Routing Table

Run the display ip routing-table command on SW-01, SW-02, AR-01, and AR-02 to check route
learning. The command output is as follows:
# SW-01
[SW-01] display ip routing-table
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Routing Tables: Public
Destinations : 15 Routes : 15

Destination/Mask Proto Pre Cost Flags NextHop Interface

10.0.10.0/24 Direct 0 0 D 10.0.10.254 Vlanif10

10.0.10.254/32 Direct 0 0 D 127.0.0.1 Vlanif10
10.0.20.0/24 OSPF 10 1001 D 172.200.5.14 Vlanif34
10.0.100.0/24 Direct 0 0 D 10.0.100.254 Vlanif100
10.0.100.254/32 Direct 0 0 D 127.0.0.1 Vlanif100
127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0
127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0
172.200.5.0/30 Direct 0 0 D 172.200.5.2 Vlanif12
172.200.5.2/32 Direct 0 0 D 127.0.0.1 Vlanif12
172.200.5.4/30 OSPF 10 1100 D 172.200.5.14 Vlanif34
172.200.5.8/30 OSPF 10 1100 D 172.200.5.1 Vlanif12
172.200.5.12/30 Direct 0 0 D 172.200.5.13 Vlanif34
172.200.5.13/32 Direct 0 0 D 127.0.0.1 Vlanif34
192.168.1.0/24 Direct 0 0 D 192.168.1.253 MEth0/0/1
192.168.1.253/32 Direct 0 0 D 127.0.0.1 MEth0/0/1

# SW-02
[SW-02] display ip routing-table
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Routing Tables: Public
Destinations : 14 Routes : 14

Destination/Mask Proto Pre Cost Flags NextHop Interface

10.0.10.0/24 OSPF 10 1001 D 172.200.5.13 Vlanif34

10.0.20.0/24 Direct 0 0 D 10.0.20.254 Vlanif20
10.0.20.254/32 Direct 0 0 D 127.0.0.1 Vlanif20
 HCSA Field Datacom Campus Network V1.0 Lab Guide Page 26

10.0.100.0/24 OSPF 10 1001 D 172.200.5.13 Vlanif34

127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0
127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0
172.200.5.0/30 OSPF 10 1100 D 172.200.5.13 Vlanif34
172.200.5.4/30 Direct 0 0 D 172.200.5.6 Vlanif56
172.200.5.6/32 Direct 0 0 D 127.0.0.1 Vlanif56
172.200.5.8/30 OSPF 10 1100 D 172.200.5.5 Vlanif56
172.200.5.12/30 Direct 0 0 D 172.200.5.14 Vlanif34
172.200.5.14/32 Direct 0 0 D 127.0.0.1 Vlanif34
192.168.1.0/24 Direct 0 0 D 192.168.1.253 MEth0/0/1
192.168.1.253/32 Direct 0 0 D 127.0.0.1 MEth0/0/1

# AR-01
[AR-01] display ip routing-table
Route Flags: R - relay, D - download to fib, T - to vpn-instance
------------------------------------------------------------------------------
Routing Tables: Public
Destinations : 21 Routes : 22

Destination/Mask Proto Pre Cost Flags NextHop Interface

10.0.10.0/24 OSPF 10 101 D 172.200.5.2 GigabitEthernet0/0/3

10.0.20.0/24 OSPF 10 1101 D 172.200.5.2 GigabitEthernet0/0/3
OSPF 10 1101 D 172.200.5.10 GigabitEthernet0/0/1
10.0.100.0/24 OSPF 10 101 D 172.200.5.2 GigabitEthernet0/0/3
127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0
127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0
127.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
172.200.5.0/30 Direct 0 0 D 172.200.5.1 GigabitEthernet0/0/3
172.200.5.1/32 Direct 0 0 D 127.0.0.1 GigabitEthernet0/0/3
172.200.5.3/32 Direct 0 0 D 127.0.0.1 GigabitEthernet0/0/3
172.200.5.4/30 OSPF 10 1100 D 172.200.5.10 GigabitEthernet0/0/1
172.200.5.8/30 Direct 0 0 D 172.200.5.9 GigabitEthernet0/0/1
172.200.5.9/32 Direct 0 0 D 127.0.0.1 GigabitEthernet0/0/1
172.200.5.11/32 Direct 0 0 D 127.0.0.1 GigabitEthernet0/0/1
172.200.5.12/30 OSPF 10 1100 D 172.200.5.2 GigabitEthernet0/0/3
172.200.108.0/30 Direct 0 0 D 172.200.106.1 GigabitEthernet0/0/2
172.200.108.1/32 Direct 0 0 D 127.0.0.1 GigabitEthernet0/0/2
172.200.108.3/32 Direct 0 0 D 127.0.0.1 GigabitEthernet0/0/2
192.168.1.0/24 Direct 0 0 D 192.168.1.1 Vlanif1
192.168.1.1/32 Direct 0 0 D 127.0.0.1 Vlanif1
192.168.1.255/32 Direct 0 0 D 127.0.0.1 Vlanif1
255.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0

# AR-02
[AR-02]display ip routing-table
Route Flags: R - relay, D - download to fib, T - to vpn-instance
------------------------------------------------------------------------------
Routing Tables: Public
 HCSA Field Datacom Campus Network V1.0 Lab Guide Page 27

Destinations : 21 Routes : 23

Destination/Mask Proto Pre Cost Flags NextHop Interface

10.0.10.0/24 OSPF 10 1101 D 172.200.5.9 GigabitEthernet0/0/1

OSPF 10 1101 D 172.200.5.6 GigabitEthernet0/0/3
10.0.20.0/24 OSPF 10 101 D 172.200.5.6 GigabitEthernet0/0/3
10.0.100.0/24 OSPF 10 1101 D 172.200.5.9 GigabitEthernet0/0/1
OSPF 10 1101 D 172.200.5.6 GigabitEthernet0/0/3
127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0
127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0
127.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
172.200.5.0/30 OSPF 10 1100 D 172.200.5.9 GigabitEthernet0/0/1
172.200.5.4/30 Direct 0 0 D 172.200.5.5 GigabitEthernet0/0/3
172.200.5.5/32 Direct 0 0 D 127.0.0.1 GigabitEthernet0/0/3
172.200.5.7/32 Direct 0 0 D 127.0.0.1 GigabitEthernet0/0/3
172.200.5.8/30 Direct 0 0 D 172.200.5.10 GigabitEthernet0/0/1
172.200.5.10/32 Direct 0 0 D 127.0.0.1 GigabitEthernet0/0/1
172.200.5.11/32 Direct 0 0 D 127.0.0.1 GigabitEthernet0/0/1
172.200.5.12/30 OSPF 10 1100 D 172.200.5.6 GigabitEthernet0/0/3
172.200.109.0/30 Direct 0 0 D 172.200.107.1 GigabitEthernet0/0/2
172.200.109.1/32 Direct 0 0 D 127.0.0.1 GigabitEthernet0/0/2
172.200.109.3/32 Direct 0 0 D 127.0.0.1 GigabitEthernet0/0/2
192.168.1.0/24 Direct 0 0 D 192.168.1.1 Vlanif1
192.168.1.1/32 Direct 0 0 D 127.0.0.1 Vlanif1
192.168.1.255/32 Direct 0 0 D 127.0.0.1 Vlanif1
255.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
The preceding command output shows that SW-01, SW-02, AR-01, and AR-02 have learned the
corresponding routes through OSPF.
 HCSA Field Datacom Campus Network V1.0 Lab Guide Page 28

4 HQ Network Setup (Preconfigured)

4.1 Introduction
4.1.1 About This Lab
In this lab, you only need to import the reference configuration commands to the corresponding
devices.

4.1.2 Networking Introduction

The headquarters network uses the OSPF dynamic routing protocol to implement intranet
communication, and the headquarters egress firewall uses static routes to implement
communication with branch networks.

Network topology

4.1.3 Network Planning

VLAN and network segment planning
Service Address/Interconnection Address VLAN Network Segment
 HCSA Field Datacom Campus Network V1.0 Lab Guide Page 29

Private line 1 / 172.200.108.0/30

Private line 2 / 172.200.109.0/30

Interconnection between SW-Core and

/ 172.201.5.0/30
Core USG-01

Interconnection between SW-Core and

/ 172.201.5.4/30
Core USG-02

Interconnection between SW-Core and the

VLAN 99 172.201.5.8/30
AC

Interconnection between Core USG-01 and

/ 172.201.5.12/30
Core USG-02

Switch port planning

Device Port Port Type VLAN

XGE1/0/5 Trunk 99
SW-Core
XGE1/0/31 Access 4094

IP address planning
Device Port IP Address

GE0/0/0 172.201.5.13/30

Core USG-01 GE0/0/1 172.200.108.2/30

10GE0/0/0 172.201.5.2/30

GE0/0/0 172.201.5.14/30

Core USG-02 GE0/0/1 172.200.109.2/30

10GE0/0/0 172.201.5.6/30

XGE1/0/2 172.201.5.1/30

XGE2/0/2 172.201.5.5/30

VLANIF 99 172.201.5.9/30

VLANIF 4094 172.25.65.57/24

SW-Core
LoopBack 10
10.10.10.10/32
(Simulate the service)

LoopBack 20
20.20.20.20/32
(Simulate the service)

Router ID Planning
Device Name Router-ID
 HCSA Field Datacom Campus Network V1.0 Lab Guide Page 30

Core USG-01 5.5.5.5

Core USG-02 6.6.6.6

SW-Core 7.7.7.7

AC 8.8.8.8

4.2 Configuration Procedure

4.2.1 Configuration Roadmap

1. Create VLANs on SW-Core.
2. Configure IP addresses for network devices to ensure network connectivity.
3. Enable OSPF on each network device to ensure communication on the HQ intranet.
4. Create Loopback 10 and Loopback 20 on the SW-Core to simulate users in the headquarters.

4.2.2 Configuration Reference

Import the following configurations to the corresponding network devices in the HQ.
# Core USG-01
system-view
sysname Core USG-01
#
acl number 2010
rule 5 permit source 10.0.10.0 0.0.0.255
rule 10 permit source 10.0.100.0 0.0.0.255
rule 15 permit source 172.200.5.0 0.0.0.3
#
acl number 2020
rule 5 permit source 10.0.20.0 0.0.0.255
rule 10 permit source 172.200.5.4 0.0.0.3
#
interface GE0/0/0
ip address 172.201.5.13 255.255.255.252
service-manage ping permit
#
interface GE0/0/1
ip address 172.200.108.2 255.255.255.252
service-manage ping permit
#
interface 10GE0/0/0
ip address 172.201.5.2 255.255.255.252
service-manage ping permit
device transceiver 10GBASE-FIBER
#
 HCSA Field Datacom Campus Network V1.0 Lab Guide Page 31

route-policy pre-10 permit node 10

if-match acl 2010
apply cost 100
#
route-policy pre-10 permit node 20
if-match acl 2020
apply cost 1000
#
route-policy pre-10 permit node 30
#
ospf 1 router-id 5.5.5.5
import-route static type 1 route-policy pre-10
area 0.0.0.0
network 172.201.5.2 0.0.0.0
network 172.201.5.13 0.0.0.0
#
ip route-static 10.0.10.0 255.255.255.0 172.200.108.1
ip route-static 10.0.20.0 255.255.255.0 172.200.108.1
ip route-static 10.0.100.0 255.255.255.0 172.200.108.1
ip route-static 172.200.5.0 255.255.255.252 172.200.108.1
ip route-static 172.200.5.4 255.255.255.252 172.200.108.1
#
lldp enable
#
firewall zone trust
add interface 10GE0/0/0
add interface GE0/0/0
add interface GE0/0/1
#
security-policy
default action permit
y
#
quit

# Core USG-02
system-view
sysname Core USG-02
#
acl number 2010
rule 5 permit source 10.0.10.0 0.0.0.255
rule 10 permit source 10.0.100.0 0.0.0.255
rule 15 permit source 172.200.5.0 0.0.0.3
#
acl number 2020
rule 5 permit source 10.0.20.0 0.0.0.255
rule 10 permit source 172.200.5.4 0.0.0.3
 HCSA Field Datacom Campus Network V1.0 Lab Guide Page 32

#
interface GE0/0/0
ip address 172.201.5.14 255.255.255.252
service-manage ping permit
#
interface GE0/0/1
ip address 172.200.109.2 255.255.255.252
service-manage ping permit
#
interface 10GE0/0/0
ip address 172.201.5.6 255.255.255.252
service-manage ping permit
device transceiver 10GBASE-FIBER
#
interface LoopBack1
ip address 172.17.8.4 255.255.255.255
#
route-policy pre-20 permit node 10
if-match acl 2010
apply cost 1000
#
route-policy pre-20 permit node 20
if-match acl 2020
apply cost 100
#
route-policy pre-20 permit node 30
#
ospf 1 router-id 6.6.6.6
import-route static type 1 route-policy pre-20
area 0.0.0.0
network 172.201.5.6 0.0.0.0
network 172.201.5.14 0.0.0.0
#
ip route-static 10.0.10.0 255.255.255.0 172.200.109.1
ip route-static 10.0.20.0 255.255.255.0 172.200.109.1
ip route-static 10.0.100.0 255.255.255.0 172.200.109.1
ip route-static 172.200.5.0 255.255.255.252 172.200.109.1
ip route-static 172.200.5.4 255.255.255.252 172.200.109.1
#
lldp enable
#
firewall zone trust
add interface 10GE0/0/0
add interface GE0/0/0
add interface GE0/0/1
#
security-policy
default action permit
 HCSA Field Datacom Campus Network V1.0 Lab Guide Page 33

y
#
quit

# SW-Core
system-view
sysname SW-Core
#
vlan batch 99 4094
#
interface Vlanif99
ip address 172.201.5.9 255.255.255.252
#
interface Vlanif4094
ip address 172.25.65.57 255.255.255.0
#
interface XGigabitEthernet1/0/2
undo portswitch
ip address 172.201.5.1 255.255.255.252
#
interface XGigabitEthernet1/0/5
port link-type trunk
port trunk allow-pass vlan 99
#
interface XGigabitEthernet1/0/31
port link-type access
port default vlan 4094
stp disable
#
interface XGigabitEthernet2/0/2
undo portswitch
ip address 172.201.5.5 255.255.255.252
#
interface LoopBack10
ip address 10.10.10.10 255.255.255.255
#
interface LoopBack20
ip address 20.20.20.20 255.255.255.255
#
ospf 1 router-id 7.7.7.7
import-route static
area 0.0.0.0
network 10.10.10.10 0.0.0.0
network 20.20.20.20 0.0.0.0
network 172.201.5.1 0.0.0.0
network 172.201.5.5 0.0.0.0
network 172.201.5.9 0.0.0.0
#
 HCSA Field Datacom Campus Network V1.0 Lab Guide Page 34

ip route-static 172.25.11.0 255.255.255.0 172.25.65.254

#
return

4.3 Verifying the Configuration

4.3.1 Check OSPF Neighbor Status on a Router
Run the display ospf peer brief command on Core USG-01、Core USG-02, and SW-Core to view the
OSPF neighbor status. The command output is as follows:
# Core USG-01
<Core USG-01>display ospf peer brief
XXXX-XX-XX 18:36:39.329
OSPF Process 1 with Router ID 5.5.5.5
Peer Statistic Information
Total number of peer(s): 2
Peer(s) in full state: 2
-----------------------------------------------------------------------------
Area Id Interface Neighbor id State
0.0.0.0 10GE0/0/0 7.7.7.7 Full
0.0.0.0 GE0/0/0 6.6.6.6 Full
-----------------------------------------------------------------------------

# Core USG-02
<Core USG-02>display ospf peer brief
XXX-XX-XX 18:35:19.568
OSPF Process 1 with Router ID 6.6.6.6
Peer Statistic Information
Total number of peer(s): 2
Peer(s) in full state: 2
-----------------------------------------------------------------------------
Area Id Interface Neighbor id State
0.0.0.0 10GE0/0/0 7.7.7.7 Full
0.0.0.0 GE0/0/0 5.5.5.5 Full
-----------------------------------------------------------------------------

# SW-Core
<SW-Core>display ospf peer brief

OSPF Process 1 with Router ID 7.7.7.7

Peer Statistic Information
----------------------------------------------------------------------------
Area Id Interface Neighbor id State
0.0.0.0 XGigabitEthernet1/0/2 5.5.5.5 Full
0.0.0.0 XGigabitEthernet2/0/2 6.6.6.6 Full
----------------------------------------------------------------------------
Total Peer(s): 2
 HCSA Field Datacom Campus Network V1.0 Lab Guide Page 35

The preceding command output shows that OSPF adjacencies are established between Core USG-01,
Core USG-02, and SW-Core.
 HCSA Field Datacom Campus Network V1.0 Lab Guide Page 36

5 Configure the default route

5.1 Introduction
5.1.1 About This Lab
In this experiment, configure default routes on AR-01 and AR-02 to enable communication between
the egress router of the branch and the headquarters. Configure the OSPF processes on AR-01 and
AR-02 to deliver default routes so that other devices on the branch network can access resources of
the headquarters.

5.1.2 Objectives
⚫ Understand the basic principles of default routes.
⚫ Understand the application scenario of the default route.
⚫ Master the method of configuring the default route.
⚫ Understand the function of OSPF delivering default routes.
⚫ Learn how to configure OSPF to deliver default routes.

5.1.3 Networking Introduction

According to the campus network configuration scenario, AR-01 and AR-02 are egress routers of the
branch network. In this experiment, default routes are configured for the egress routers of the
branch network to communicate with the headquarters.
To enable other network devices in the branch to access resources of the headquarters, you can
configure OSPF on the egress router to automatically deliver default routes.
 HCSA Field Datacom Campus Network V1.0 Lab Guide Page 37

Network topology

5.1.4 Network Planning

Next-hop address planning
Next-Hop Address to the Headquarters
Device Name
Network

AR-01 172.200.108.2/30

AR-02 172.200.109.2/30

5.2 Configuration Procedure

5.2.1 Configuration Roadmap
1. Configure a default route to enable communication between the branch and headquarters.
2. In OSPF, deliver default routes so that other network devices in the branch can communicate with
the headquarters.

5.2.2 Procedure
Step 1 Configure the default route.
 HCSA Field Datacom Campus Network V1.0 Lab Guide Page 38

# On AR-01, configure a default route with the next hop set to Direct Connect 1.
[AR-01] ip route-static 0.0.0.0 0 172.200.108.2

# On AR-02, configure a default route with the next hop set to Direct Connect 2.
[AR-02] ip route-static 0.0.0.0 0 172.200.109.2

Step 2 Deliver the default route.

# In the OSPF process view on AR-01, deliver the default route.
[AR-01] ospf 1
[AR-01-ospf-1] default-route-advertise always

# In the OSPF process view on AR-02, deliver the default route.

[AR-02] ospf 1
[AR-02-ospf-1] default-route-advertise always

5.3 Verifying the Configuration

5.3.1 Check IP Routing Table Information on a Router
# Run the display ip routing-table command on SW-01, SW-02, AR-01, and AR-02 to view static
routes learned. The command output is as follows:
# AR-01
[AR-01] display ip routing-table
Route Flags: R - relay, D - download to fib, T - to vpn-instance
------------------------------------------------------------------------------
Routing Tables: Public
Destinations : 22 Routes : 23

Destination/Mask Proto Pre Cost Flags NextHop Interface

0.0.0.0/0 Static 60 0 RD 172.200.108.2 GigabitEthernet0/0/2

10.0.10.0/24 OSPF 10 101 D 172.200.5.2 GigabitEthernet0/0/3
10.0.20.0/24 OSPF 10 1101 D 172.200.5.10 GigabitEthernet0/0/1
OSPF 10 1101 D 172.200.5.2 GigabitEthernet0/0/3
10.0.100.0/24 OSPF 10 101 D 172.200.5.2 GigabitEthernet0/0/3
---- More ----

# AR-02
[AR-02] display ip routing-table
Route Flags: R - relay, D - download to fib, T - to vpn-instance
------------------------------------------------------------------------------
Routing Tables: Public
Destinations : 22 Routes : 24

Destination/Mask Proto Pre Cost Flags NextHop Interface

0.0.0.0/0 Static 60 0 RD 172.200.109.2 GigabitEthernet0/0/2

 HCSA Field Datacom Campus Network V1.0 Lab Guide Page 39

10.0.10.0/24 OSPF 10 1101 D 172.200.5.6 GigabitEthernet0/0/3

OSPF 10 1101 D 172.200.5.9 GigabitEthernet0/0/1
10.0.20.0/24 OSPF 10 101 D 172.200.5.6 GigabitEthernet0/0/3
---- More ----

# SW-01
<SW-01> display ip routing-table
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Routing Tables: Public
Destinations : 16 Routes : 16

Destination/Mask Proto Pre Cost Flags NextHop Interface

0.0.0.0/0 O_ASE 150 1 D 172.200.5.1 Vlanif12

10.0.10.0/24 Direct 0 0 D 10.0.10.254 Vlanif10
10.0.10.254/32 Direct 0 0 D 127.0.0.1 Vlanif10
---- More ----
# SW-02
<SW-02>display ip routing-table
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Routing Tables: Public
Destinations : 15 Routes : 15

Destination/Mask Proto Pre Cost Flags NextHop Interface

0.0.0.0/0 O_ASE 150 1 D 172.200.5.5 Vlanif56

10.0.10.0/24 OSPF 10 1001 D 172.200.5.13 Vlanif34
10.0.20.0/24 Direct 0 0 D 10.0.20.254 Vlanif20
---- More ----

The preceding command output shows that a default route is added to the routing tables of SW-01,
SW-02, AR-01, and AR-02. If the priority of the new default route is 60 and the Proto value is Static,
the route is manually configured. If the priority of the new default routes on SW-01 and SW-02 is
150 and the Proto value is O_ASE, the routes are external default routes delivered by OSPF.

5.3.2 Ping the HQ Service Network

# Ping the simulated users (10.10.10.10 and 20.20.20.20) of the SW-Core from SW-01 and SW-02 to
check whether the communication is normal. The result is as follows:
# SW-01
<SW-01>ping 10.10.10.10
PING 10.10.10.10: 56 data bytes, press CTRL_C to break
Reply from 10.10.10.10: bytes=56 Sequence=1 ttl=252 time=1 ms
Reply from 10.10.10.10: bytes=56 Sequence=2 ttl=252 time=1 ms
Reply from 10.10.10.10: bytes=56 Sequence=3 ttl=252 time=1 ms
Reply from 10.10.10.10: bytes=56 Sequence=4 ttl=252 time=1 ms
Reply from 10.10.10.10: bytes=56 Sequence=5 ttl=252 time=1 ms
 HCSA Field Datacom Campus Network V1.0 Lab Guide Page 40

--- 10.10.10.10 ping statistics ---

5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 1/1/1 ms

<SW-01>ping 20.20.20.20
PING 20.20.20.20: 56 data bytes, press CTRL_C to break
Reply from 20.20.20.20: bytes=56 Sequence=1 ttl=252 time=1 ms
Reply from 20.20.20.20: bytes=56 Sequence=2 ttl=252 time=1 ms
Reply from 20.20.20.20: bytes=56 Sequence=3 ttl=252 time=1 ms
Reply from 20.20.20.20: bytes=56 Sequence=4 ttl=252 time=1 ms
Reply from 20.20.20.20: bytes=56 Sequence=5 ttl=252 time=1 ms

--- 20.20.20.20 ping statistics ---

5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 1/1/1 ms

# SW-02
<SW-02>ping 10.10.10.10
PING 10.10.10.10: 56 data bytes, press CTRL_C to break
Reply from 10.10.10.10: bytes=56 Sequence=1 ttl=252 time=1 ms
Reply from 10.10.10.10: bytes=56 Sequence=2 ttl=252 time=1 ms
Reply from 10.10.10.10: bytes=56 Sequence=3 ttl=252 time=1 ms
Reply from 10.10.10.10: bytes=56 Sequence=4 ttl=252 time=1 ms
Reply from 10.10.10.10: bytes=56 Sequence=5 ttl=252 time=1 ms

--- 10.10.10.10 ping statistics ---

5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 1/1/1 ms

<SW-02>ping 20.20.20.20
PING 20.20.20.20: 56 data bytes, press CTRL_C to break
Reply from 20.20.20.20: bytes=56 Sequence=1 ttl=252 time=1 ms
Reply from 20.20.20.20: bytes=56 Sequence=2 ttl=252 time=1 ms
Reply from 20.20.20.20: bytes=56 Sequence=3 ttl=252 time=1 ms
Reply from 20.20.20.20: bytes=56 Sequence=4 ttl=252 time=1 ms
Reply from 20.20.20.20: bytes=56 Sequence=5 ttl=252 time=1 ms

--- 20.20.20.20 ping statistics ---

5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
 HCSA Field Datacom Campus Network V1.0 Lab Guide Page 41

round-trip min/avg/max = 1/1/1 ms

The preceding command output shows that the communication between the branch user gateways
(SW-01 and SW-02) and the analog user at the headquarters is normal.
 HCSA Field Datacom Campus Network V1.0 Lab Guide Page 42

6 Enable the DHCP Service

6.1 Introduction
6.1.1 About This Lab
In this experiment, the DHCP service is used to automatically assign network parameters such as IP
addresses, subnet masks, and gateways to wired terminals and APs. In addition, when SW-01
provides DHCP services for APs, you need to configure WLAN parameters and specify the AC
address.

6.1.2 Objectives
⚫ Understand the basic principles of DHCP.
⚫ Understand the application scenarios of DHCP.
⚫ Master the method of configuring DHCP.
⚫ Learn how to configure the AC address specified by DHCP.

6.1.3 Networking Introduction

Based on the campus network configuration scenario, SW-01 and SW-02 are DHCP servers and
deliver network parameters such as IP addresses to wired terminals PC-01 and PC-02, respectively.
When SW-01 provides the DHCP service for the AP, the AC address must be specified for the AP. In
this experiment, the DHCP service is implemented by configuring the interface address pool.
 HCSA Field Datacom Campus Network V1.0 Lab Guide Page 43

Network topology

6.1.4 Network Planning

VLAN and Network Segment Planning
Device Name VLAN Network Segment

PC-01 VLAN 10 10.0.10.0/24

PC-02 VLAN 20 10.0.20.0/24

AP management network VLAN 100 10.0.100.0/24

AC address Planning
Device Name IP Address

AC 172.201.5.10/30

6.2 Configuration Procedure

6.2.1 Configuration Roadmap
1. DHCP is enabled globally.
2. (Optional) Configure a DHCP address pool.
3. Enter the interface view and enable DHCP.
 HCSA Field Datacom Campus Network V1.0 Lab Guide Page 44

6.2.2 Procedure
# Enable the DHCP service on SW-01 and configure VLANIF 100 to allocate IP addresses to APs.
(When the DHCP service is provided for APs, you need to configure Option 43 to specify the AC
address.)
[SW-01] dhcp enable
[SW-01] interface vlanif 100
[SW-01-Vlanif100] dhcp select interface
[SW-01-Vlanif100] dhcp server gateway-list 10.0.100.254
[SW-01-Vlanif100] dhcp server option 43 sub-option 2 ip-address 172.201.5.10
[SW-01-Vlanif100] quit

# Enable the DHCP service on SW-01 and Configure VLANIF 10 to provide IP addresses for wired
users.
[SW-01] interface vlanif 10
[SW-01-Vlanif10] dhcp select interface
[SW-01-Vlanif10] quit

# Configure VLANIF 20 on SW-02 to provide IP addresses for wired users.

[SW-02] dhcp enable
[SW-02] interface vlanif 20
[SW-02-Vlanif20] dhcp select interface
[SW-02-Vlanif20] quit

6.3 Verifying the Configuration

6.3.1 Check Address Pool Allocation Information on a Switch
# Run the display ip pool interface VlanifXX used command on SW-01 and SW-02 to check IP
address allocation in the VLANIF address pool. The command output is as follows:
# SW-01
<SW-01> display ip pool interface Vlanif10 used
Pool-name : Vlanif10
Pool-No :1
Lease : 1 Days 0 Hours 0 Minutes
Domain-name :-
DNS-server0 :-
NBNS-server0 :-
Netbios-type :-
Position : Interface
Status : Unlocked
Gateway-0 :-
Network : 10.0.10.0
Mask : 255.255.255.0
VPN instance : --
Logging : Disable
Conflicted address recycle interval: -
 HCSA Field Datacom Campus Network V1.0 Lab Guide Page 45

Address Statistic: Total :254 Used :1

Idle :253 Expired :0
Conflict :0 Disabled :0

-------------------------------------------------------------------------------------
Network section
Start End Total Used Idle(Expired) Conflict Disabled
-------------------------------------------------------------------------------------
10.0.10.1 10.0.10.254 254 1 253(0) 0 0
-------------------------------------------------------------------------------------
Client-ID format as follows:
DHCP : mac-address PPPoE : mac-address
IPSec : user-id/portnumber/vrf PPP : interface index
L2TP : cpu-slot/session-id SSL-VPN : user-id/session-id
-------------------------------------------------------------------------------------
Index IP Client-ID Type Left Status
-------------------------------------------------------------------------------------
224 10.0.10.225 6c0b-8493-a4d9 DHCP 85844 Used
-------------------------------------------------------------------------------------
The preceding command output shows that the interface address pool of Vlanif 10 has used one IP
address. That is, PC-01 has obtained the IP address 10.0.10.225.
<SW-01> display ip pool interface Vlanif100 used
Pool-name : Vlanif100
Pool-No :0
Lease : 1 Days 0 Hours 0 Minutes
Domain-name :-
Option-code : 43
Option-subcode : 2
Option-type : ip-address
Option-value : 172.201.5.10
DNS-server0 :-
NBNS-server0 :-
Netbios-type :-
Position : Interface
Status : Unlocked
Gateway-0 : 10.0.100.254
Network : 10.0.100.0
Mask : 255.255.255.0
VPN instance : --
Logging : Disable
Conflicted address recycle interval: -
Address Statistic: Total :253 Used :2
Idle :251 Expired :0
Conflict :0 Disabled :0

-------------------------------------------------------------------------------------
Network section
 HCSA Field Datacom Campus Network V1.0 Lab Guide Page 46

Start End Total Used Idle(Expired) Conflict Disabled

-------------------------------------------------------------------------------------
10.0.100.1 10.0.100.254 253 2 251(0) 0 0
-------------------------------------------------------------------------------------
Client-ID format as follows:
DHCP : mac-address PPPoE : mac-address
IPSec : user-id/portnumber/vrf PPP : interface index
L2TP : cpu-slot/session-id SSL-VPN : user-id/session-id
-------------------------------------------------------------------------------------
Index IP Client-ID Type Left Status
-------------------------------------------------------------------------------------
191 10.0.100.192 8446-fefa-c260 DHCP 86335 Used
237 10.0.100.238 684a-aea2-4900 DHCP 86234 Used
-------------------------------------------------------------------------------------

The preceding command output shows that the interface address pool of VLANIF 100 has used two
IP addresses. That is, AP-01 and AP-02 have obtained IP addresses 10.0.100.192 and 10.0.100.238.
# SW-02
<SW-02> display ip pool interface Vlanif20 used
Pool-name : Vlanif20
Pool-No :0
Lease : 1 Days 0 Hours 0 Minutes
Domain-name :-
DNS-server0 :-
NBNS-server0 :-
Netbios-type :-
Position : Interface
Status : Unlocked
Gateway-0 :-
Network : 10.0.20.0
Mask : 255.255.255.0
VPN instance : --
Logging : Disable
Conflicted address recycle interval: -
Address Statistic: Total :254 Used :1
Idle :253 Expired :0
Conflict :0 Disabled :0

-------------------------------------------------------------------------------------
Network section
Start End Total Used Idle(Expired) Conflict Disabled
-------------------------------------------------------------------------------------
10.0.20.1 10.0.20.254 254 1 253(0) 0 0
-------------------------------------------------------------------------------------
Client-ID format as follows:
DHCP : mac-address PPPoE : mac-address
IPSec : user-id/portnumber/vrf PPP : interface index
L2TP : cpu-slot/session-id SSL-VPN : user-id/session-id
 HCSA Field Datacom Campus Network V1.0 Lab Guide Page 47

-------------------------------------------------------------------------------------
Index IP Client-ID Type Left Status
-------------------------------------------------------------------------------------
244 10.0.20.245 286e-d489-6da3 DHCP 86283 Used
-------------------------------------------------------------------------------------

The preceding command output shows that one IP address is used by the interface address pool of
Vlanif 20, that is, PC-02 has obtained the IP address 10.0.20.245.

6.3.2 Check IP Address Information on a Device

Run the ipconfig command in the command prompts of PC-01 and PC-02 to check whether the IP
addresses are obtained. The command output is as follows:
# Take PC-02 as an example:

As shown in the preceding figure, the IP address obtained by PC-02 is the same as the used IP
address of the switch. PC-01 should be the same.
(Note: If the PC does not obtain an IP address, log in to the PC remotely and reset the network
adapter.)

6.3.3 Check the Connectivity with Analog Users in the HQ

# On PC-01 and PC-02, ping the simulated users of the headquarters from the command prompts to
check the connectivity. The results are as follows:
# Take PC-02 as an example:
 HCSA Field Datacom Campus Network V1.0 Lab Guide Page 48

The preceding command output shows that the wired terminal can communicate with the analog
user in the headquarters normally. PC-01 should be the same.
 HCSA Field Datacom Campus Network V1.0 Lab Guide Page 49

7 AP Onboarding

7.1 Introduction
7.1.1 About This Lab
This section describes how to configure the AC so that APs can go online on the AC.

7.1.2 Objectives
⚫ Understand the basic principles of AP online.
⚫ Understand the working principle of the AC.
⚫ Master the AP online process.
⚫ Configure APs to go online.

7.1.3 Networking Introduction

All configurations except the AC have been configured at the headquarters. You need to create a
VLAN on the AC, configure an IP address for the VLANIF interface, enable OSPF, and enable the AC to
communicate with the SW-Core. In addition, configure APs to go online.

Network topology
 HCSA Field Datacom Campus Network V1.0 Lab Guide Page 50

7.1.4 Network Planning

VLAN and network segment planning
Service Address/Interconnection Address VLAN Network Segment

AP management network VLAN 100 10.0.100.0/24

Interconnection between the AC and SW-

VLAN 99 172.201.5.8/30
Core

AC port planning
Device Port Port Type VLAN

AC XGE0/0/5 Trunk Allow-pass: VLAN 99

IP address planning
Device Port IP Address

AC VLANIF 99 172.201.5.10/30

Router ID Planning
Device Name Router-ID

SW-Core 7.7.7.7

AC 8.8.8.8

WLAN planning
WLAN Service Setting

CAPWAP source VLAN 99

AP group ap-group1

AP authentication mode MAC address authentication

MAC address of AP-01 8446-fefa-c260

MAC address of AP-02 684a-aea2-4900

7.2 Configuration Procedure

7.2.1 Configuration Roadmap
1. Create a VLNA, set the port type to Trunk according to the planning table, and allow the
corresponding VLANs to pass through.
2. Configure the device IP address. Configure the IP address of the port according to the planning
table. Create a VLNAIF interface on the switch and then configure the corresponding IP address.
 HCSA Field Datacom Campus Network V1.0 Lab Guide Page 51

3. Configure OSPF to communicate with the SW-Core.

4. Configure the CAPWAP source port or source IP address and AP authentication mode.

7.2.2 Procedure
Step 1 Create a VLAN.
# Create VLAN 99 on the AC.
<AirEngine9700-M1> system-view
[AirEngine9700-M1] sysname AC
[AC] vlan batch 99

# Configure the link type of XGE0/0/5 on the AC and the allowed VLAN for the interface.
[AC] interface XGigabitEthernet 0/0/5
[AC-XGigabitEthernet /0/5] port link-type trunk
[AC-XGigabitEthernet /0/5] port trunk allow-pass vlan 99
[AC-XGigabitEthernet /0/5] quit

Step 2 Create a VLANIF interface.

# Assign an IP address to a VLANIF interface.
[AC]interface Vlanif 99
[AC-Vlanif99] ip address 172.201.5.10 255.255.255.252

Step 3 Configure OSPF.

# Configure OSPF to implement communication with SW-Core.
[AC]ospf 1 router-id 8.8.8.8
[AC-ospf-1] area 0
[AC-ospf-1-area-0.0.0.0] network 172.201.5.10 0.0.0.0
[AC-ospf-1-area-0.0.0.0] quit

Step 4 (Optional) Enable CAPWAP DTLS non-authentication.

# Enable the function of establishing CAPWAP DTLS sessions in none authentication mode.
(V200R021C00 and later versions)
[AC] capwap dtls no-auth enable
Warning: This operation allows for device access in non-DTLS encryption mode even when DTLS is enabled and brings
security risks. After the device goes online for the first time, disable this function to prevent security risks. Continue?
[Y/N]: y
# Configure the CAPWAP source interface on the AC. Ensure that the following parameters have
been configured in advance (these parameters need to be set only when the CAPWAP source
interface is configured for the first time):
DTLS PSK: a1234567
Inter-AC DTLS PSK: a1234567
Fit AP management parameters (user name/password): admin/Huawei@123
Global login password of the offline management VAP: a1234567
[AC] capwap dtls psk a1234567
[AC] capwap dtls inter-controller psk a1234567
 HCSA Field Datacom Campus Network V1.0 Lab Guide Page 52

[AC] capwap source interface vlanif 99

Set the user name for FIT APs(The value is a string of 4 to 31 characters, which can contain letters, underscores, and
digits, and must start with a letter):admin
Set the password for FIT APs(plain-text password of 8-128 characters or cipher-text password of 48-188 characters
that must be a combination of at least three of the following: lowercase letters a to z, uppercase letters A to Z, digits,
and special characters):Huawei@123
Confirm password:Huawei@123
Set the global temporary-management psk(contains 8-63 plain-text characters, or 48-108 cipher-text characters that
must be a combination of at least two of the following: lowercase letters a to z, uppercase letters A to Z, digits, and
special characters):a1234567
Confirm PSK:a1234567
Warning: Ensure that the management VLAN and service VLAN are different. Otherwise, services may be interrupted.
Warning: Before an added device goes online for the first time, enable DTLS no-auth if it runs a version earlier than
V200R021C00 or enable DTLS certificate-mandatory-match if it runs V200R021C00 or later.

Step 5 Create an AP group.

# Create an AP group.
[AC] wlan
[AC-wlan-view] ap-group name ap-group1
[AC-wlan-ap-group-ap-group1] quit
[AC-wlan-view] quit

Step 6 Configure the AP authentication mode.

# On the AC, set the AP authentication mode to MAC address authentication.
[AC] wlan
[AC-wlan-view] ap auth-mode mac-auth
[AC-wlan-view] quit

Step 7 Add an AP.

# Add APs on the AC. (The APs' MAC addresses here are for reference only. Replace them as
required.)
[AC] wlan
[AC-wlan-view] ap-id 0 ap-mac 8446-fefa-c260
[AC-wlan-ap-0] ap-group ap-group1
[AC-wlan-ap-0] ap-name AP1
[AC-wlan-ap-0] quit
[AC-wlan-view] ap-id 1 ap-mac 684a-aea2-4900
[AC-wlan-ap-1] ap-group ap-group1
[AC-wlan-ap-1] ap-name AP2
[AC-wlan-ap-1] quit
 HCSA Field Datacom Campus Network V1.0 Lab Guide Page 53

7.3 Verifying the Configuration

7.3.1 Check VLAN Information on the AC
# Run the display vlan brief command on the AC to check VLAN information. The command output is
as follows:
[AC] display vlan brief
U:Up;D:Down;TG:Tagged;UT:Untagged;

VID Name Status Ports

--------------------------------------------------------------------------------
1 enable UT: 40GE0/0/1(D) 40GE0/0/2(D) GE0/0/1(D)
GE0/0/2(D) GE0/0/3(D) GE0/0/4(D) GE0/0/5(D)
GE0/0/6(D) GE0/0/7(D) GE0/0/8(D) GE0/0/9(D)
GE0/0/10(D) GE0/0/11(D) GE0/0/12(D)
XGE0/0/5(U) XGE0/0/6(D) XGE0/0/7(D)
XGE0/0/8(D) XGE0/0/9(D) XGE0/0/10(D)
XGE0/0/11(D) XGE0/0/12(U)
99 enable TG: XGE0/0/5(U)
The preceding command output shows that VLAN 99 has been created on the AC and XGE0/0/5 has
permitted packets from VLAN 99.

7.3.2 Check the OSPF Neighbor Status on the AC

Run the display ospf peer brief command on the AC to check the OSPF neighbor status. The
command output is as follows:
[AC] display ospf peer brief

OSPF Process 1 with Router ID 8.8.8.8

Peer Statistic Information
----------------------------------------------------------------------------
Area Id Interface Neighbor id State
0.0.0.0 Vlanif99 7.7.7.7 Full
----------------------------------------------------------------------------
Total Peer(s): 1

The preceding command output shows that the neighbor relationship has been established between
the AC and SW-Core (Router-ID: 7.7.7.7).

7.3.3 Check the Connectivity Between SW-01 and AC

# Run the ping 172.201.5.10 command on SW-01 to check whether the connectivity between SW-01
and the AC is normal. The command output is as follows:
<SW-01>ping 172.201.5.10
PING 172.201.5.10: 56 data bytes, press CTRL_C to break
Reply from 172.201.5.10: bytes=56 Sequence=1 ttl=252 time=1 ms
Reply from 172.201.5.10: bytes=56 Sequence=2 ttl=252 time=1 ms
Reply from 172.201.5.10: bytes=56 Sequence=3 ttl=252 time=1 ms
Reply from 172.201.5.10: bytes=56 Sequence=4 ttl=252 time=1 ms
 HCSA Field Datacom Campus Network V1.0 Lab Guide Page 54

Reply from 172.201.5.10: bytes=56 Sequence=5 ttl=252 time=1 ms

--- 172.201.5.10 ping statistics ---

5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 1/1/1 ms
The preceding command output indicates that the communication between SW-01 and AC is
normal.

7.3.4 Check Whether an AP Goes Online

# Run the display ap all command on the AC to check AP information. The command output is as
follows:
[AC] display ap all
Total AP information:
nor : normal [2]
ExtraInfo : Extra information
P : insufficient power supply
----------------------------------------------------------------------------------------------
ID MAC Name Group IP Type State STA Uptime ExtraInfo
----------------------------------------------------------------------------------------------
0 8446-fefa-c260 AP1 ap-group1 10.0.100.192 AP7052DE nor 0 1M:10S -
1 684a-aea2-4900 AP2 ap-group1 10.0.100.238 AP7052DE nor 0 26S P
----------------------------------------------------------------------------------------------
Total: 2

The preceding command output shows that the status of the two APs is nor, indicating that AP-01
and AP-02 have gone online on the AC.
 HCSA Field Datacom Campus Network V1.0 Lab Guide Page 55

8 Configure WLAN Services

8.1 Introduction
8.1.1 About This Lab
In this experiment, the AC is configured so that the AP can deliver the SSID so that PC-03 can access
the WLAN and access the resources of the branch and headquarters.

8.1.2 Objectives
⚫ Understand WLAN service configurations.
⚫ Understand the meanings of profiles in WLAN services.
⚫ Master the process of configuring WLAN services.
⚫ Learn how to configure WLAN services.

8.1.3 Networking Introduction

After branch AP-01 and AP-02 go online on the headquarters AC, complete WLAN service
configurations on the AC. Create a service VLAN, configure an IP address for the VLANIF interface,
enable the DHCP service, and deliver network parameters such as the IP address to PC-03. In
addition, configure the security profile, VAP profile, and SSID profile for WLAN services.
 HCSA Field Datacom Campus Network V1.0 Lab Guide Page 56

Network topology

8.1.4 Network Planning

WLAN service parameter planning
WLAN Service Setting

Forwarding mode Tunnel forwarding

Service VLAN 200

Service network segment 192.168.200.254/24

AP group ap-group1

VAP profile wlan-net

Security profile wlan-net

Security policy WPA/WPA2+PSK+AES

Password a12345678

SSID profile wlan-net

SSID wlan-net

8.2 Configuration Procedure

8.2.1 Configuration Roadmap
1. Create a WLAN service VLAN, enable the DHCP function, and allocate network information such as
IP addresses to wireless users.
2. Create a regulatory domain profile, configure a country code, and bind the profile to the AP group.
3. Create a security profile and configure a security policy.
4. Create an SSID profile and configure the SSID name.
5. Create a VAP profile, configure the service data forwarding mode and service VLAN, and bind the
security profile and SSID profile to the VAP profile.
6. Bind the VAP profile to the AP group and configure radios.

8.2.2 Procedure
Step 1 Configure the DHCP server.
# Configure the AC as a DHCP server to assign IP addresses to STAs. Enable the DHCP service on the
AC and configure VLANIF 200 on the AC to assign IP addresses to STAs.
[AC] dhcp enable
[AC] vlan 200
[AC-vlan200] quit
 HCSA Field Datacom Campus Network V1.0 Lab Guide Page 57

[AC] interface vlanif 200

[AC-Vlanif200] ip address 192.168.200.254 24
[AC-Vlanif200] dhcp select interface
[AC-Vlanif200] quit

Step 2 Advertise to OSPF.

# On the AC, advertise the service network segment 192.168. 200.0/24 to OSPF so that virtual users
in the headquarters can communicate with the service network segment.
[AC]ospf
[AC-ospf-1] area 0
[AC-ospf-1-area-0.0.0.0] network 192.168.200.0 0.0.0.255

Step 3 Create a domain management template.

# On the AC, configure the country code in the regulatory domain profile. The default country code
is China. (If the device is outside China, change the country code to the corresponding country code.)
[AC] wlan
[AC-wlan-view] regulatory-domain-profile name domain1
[AC-wlan-regulate-domain-domain1] country-code CN
[AC-wlan-regulate-domain-domain1] quit

# Apply the regulatory domain profile to the ap-group.

[AC-wlan-view] ap-group name ap-group1
[AC-wlan-ap-group-ap-group1] regulatory-domain-profile domain1
Warning: This configuration change will clear the channel and power configurations of radios, and may restart APs.
Continue?[Y/N]: y
[AC-wlan-ap-group-ap-group1] quit

Step 4 Create a security profile.

# Create a security profile wlan-net and configure a security policy.
[AC] wlan
[AC-wlan-view] security-profile name wlan-net
[AC-wlan-sec-prof-wlan-net] security wpa-wpa2 psk pass-phrase a12345678 aes
[AC-wlan-sec-prof-wlan-net] quit

Step 5 Configure an SSID profile.

# Create an SSID profile wlan-net and set the SSID name to wlan-net.
[AC-wlan-view] ssid-profile name wlan-net
[AC-wlan-ssid-prof-wlan-net] ssid wlan-net
[AC-wlan-ssid-prof-wlan-net] quit

Step 6 Create a VAP profile.

# Create a VAP profile named wlan-net, configure the service data forwarding mode and service
VLAN, and bind the security profile and SSID profile to the VAP profile.
[AC-wlan-view] vap-profile name wlan-net
[AC-wlan-vap-prof-wlan-net] forward-mode tunnel
[AC-wlan-vap-prof-wlan-net] service-vlan vlan-id 200
 HCSA Field Datacom Campus Network V1.0 Lab Guide Page 58

[AC-wlan-vap-prof-wlan-net] security-profile wlan-net

[AC-wlan-vap-prof-wlan-net] ssid-profile wlan-net
[AC-wlan-vap-prof-wlan-net] quit

Step 7 Apply the VAP profile.

# Bind the VAP profile to the AP group. Use the VAP profile wlan-net for radio 0 and radio 1 on the
AP.
[AC-wlan-view] ap-group name ap-group1
[AC-wlan-ap-group-ap-group1] vap-profile wlan-net wlan 1 radio 0
[AC-wlan-ap-group-ap-group1] vap-profile wlan-net wlan 1 radio 1
[AC-wlan-ap-group-ap-group1] quit
[AC-wlan-view] quit

8.3 Verifying the Configuration

8.3.1 Check SSID Information on an AC
# Run the display vap all command on the AC to check VAP information. The command output is as
follows:
[AC]display vap all
Info: This operation may take a few seconds, please wait.
WID : WLAN ID
------------------------------------------------------------------------------
AP ID AP name RfID WID BSSID Status Auth type STA SSID
------------------------------------------------------------------------------
0 AP1 0 1 8446-FEFA-C260 ON WPA/WPA2-PSK 0 wlan-net
0 AP1 1 1 8446-FEFA-C270 ON WPA/WPA2-PSK 0 wlan-net
1 AP2 0 1 684A-AEA2-4900 ON WPA/WPA2-PSK 0 wlan-net
1 AP2 1 1 684A-AEA2-4910 ON WPA/WPA2-PSK 0 wlan-net
------------------------------------------------------------------------------
Total: 4
The preceding command output shows the AP name, BSSID name, SSID name, and authentication
mode associated with the VAP.

8.3.2 Associate the terminal with wireless signals and test the network
connectivity
# On PC-03, scan and connect to the wireless network wlan-net. Run the ipconfig command in the
command prompt to check whether the wireless network adapter obtains an IP address. The result
is as follows:
(Note: If the PC does not obtain an IP address, log in to the PC remotely and reset the wireless
network adapter.)
 HCSA Field Datacom Campus Network V1.0 Lab Guide Page 59

The preceding information indicates that the wireless network adapter of PC-03 has obtained the IP
address (192.168. 200.221/24) and gateway (192.168. 200.254).
# Ping the simulated users (loopback 10 and loopback 20) of the headquarters from PC-03. The
result is as follows:

The preceding information indicates that PC-03 can communicate with the analog users 10.10.10.10
and 20.20.20.20 in the headquarters.
# Run the display ip pool interface Vlanif200 used command on the AC to check the usage of the
interface address pool VLANIF200. The command output is as follows:
[AC]display ip pool interface Vlanif200 used
 HCSA Field Datacom Campus Network V1.0 Lab Guide Page 60

Pool-name : Vlanif200
Pool-No :0
Lease : 1 Days 0 Hours 0 Minutes
Domain-name :-
DNS-server0 :-
NBNS-server0 :-
Netbios-type :-
Position : Interface
Status : Unlocked
Gateway-0 :-
Network : 192.168.200.0
Mask : 255.255.255.0
Logging : Disable
Conflicted address recycle interval: -
Address Statistic: Total :254 Used :1
Idle :253 Expired :0
Conflict :0 Disabled :0

-------------------------------------------------------------------------------------
Network section
Start End Total Used Idle(Expired) Conflict Disabled
-------------------------------------------------------------------------------------
192.168.200.1 192.168.200.254 254 1 253(0) 0 0
-------------------------------------------------------------------------------------
Client-ID format as follows:
DHCP : mac-address PPPoE : mac-address
IPSec : user-id/portnumber/vrf PPP : interface index
L2TP : cpu-slot/session-id SSL-VPN : user-id/session-id
-------------------------------------------------------------------------------------
Index IP Client-ID Type Left Status
-------------------------------------------------------------------------------------
220 192.168.200.221 f46d-2f96-0b92 DHCP 86064 Used
-------------------------------------------------------------------------------------
The preceding command output shows that the used IP address in the AC address pool is the same
as the IP address obtained by PC-03.