1.

1
Course Title:Data Communication and Computer Network Course Code: SWEG2106
GROUP ASSIGNMENT

GROUP MEMBER NAME: ID

YEABSIRA AYELE ETS1426/16

YIBELTAL MARIE ETS1453/16
YIDNEKACHEW ZERIHUN ETS1455/16
YISAK ASRAT ETS1458/16
YITBAREK YONAS ETS1465/16
YONAS BEGASHAW ETS1494/16

Due to: MR Getnet

Due date: 14 May 2025 G.C
Academic year: 2025
UNIT 1 Huawei VRP and Configuration Basics

1.1 Networking Topology

1.2 Lab Configuration

Step 1 Log in to the CLI of the router through the console port.
Step 2 Display the basic device information.
.
 Step 3 Complete basic device configurations.

# Enter the interface view and configure the IP address of the interface.
# Display the current device configuration.
Step 4 Save the current configuration of the device.

Step 5 Perform operations on the file system.

# Save the running configuration and name the configuration file test.cfg.

# List all the files in the current directory again.

# Set the file as the startup configuration file.

# Display the startup configuration file.

# Clear the configuration file.

Step 6 Restart the device.
UNIT 2 Creating an Interconnected IP Network
2.1 Lab 1: IPv4 Addressing and Routing

2.1.1.Introduction
2.1.1.1.About This Lab
Internet Protocol version 4 (IPv4) is a core protocol of the TCP/IP protocol suite and works at the Internet layer in the
TCP/IP model or the network layer in the Open System Interconnection (OSI) model. The network layer provides
connectionless data transmission. Each IP datagram is transmitted independently, removing the need to establish a
connection before IP datagrams are sent.
Routing is the basic element of data communication networks. It is the process of selecting paths on a network along
which packets are sent from a source to a destination.
In this lab activity, you will configure IPv4 addresses and static IPv4 routes, and understand basic routing principles in
the process.
2.1.1.2.Objectives
Upon completion of this task, you will be able to:

● Learn how to configure an IPv4 address on an interface

● Understand the functions and meanings of loopback interfaces

● Understand how direct routes are generated

● Learn how to configure static routes and understand the conditions for the static routes to
take effect

● Learn how to test the connectivity of the network layer by using the ping tool

● Learn how to configure static routes and understand their application scenarios
2.1.1.3.Networking Topology
R1, R2, and R3 are gateways of their networks. You need to configure these gateways to connect these networks.
 Figure 2.1.Lab topology for IPv4 addressing and routing

2.1.2.Lab Configuration
2.1.2.1.Configuration Roadmap
Configure IP addresses for the interfaces on the routers.
Configure static routes to interconnect the routers.
2.1.2.2.Configuration Procedure
Step 7 Complete basic device configuration.
# Name the devices.
R1:

R2:

R3:
Step 8 Display the IP address of the current interface and the routing table of the router.
# Display the interface status on the router.
R1:

R2:

R3:
The display ip interface brief command displays the brief information about interface IP addresses, including the IP
addresses, subnet masks, physical status, link-layer protocol status, and number of interfaces in different states.
GigabitEthernet0/0/1 and GigabitEthernet0/0/3 on R1 are not configured with IP addresses. Therefore, the IP
Address/Mask field is in the unassigned state, the Protocol field is in the down state, and the Physical field is in the up
state.
# Display the routing table on the router (R2 in this example).
R1:

R2:

R3:
InLoopBack0 is a default loopback interface.
InLoopBack0 uses the fixed loopback address 127.0.0.1/8 to receive data packets destined for the host where
InLoopBack0 resides. The IP address of the InLoopBack0 interface cannot be changed or advertised using a routing
protocol.
Step 9 Configure IP addresses for physical interfaces.
# Configure IP addresses for physical interfaces based on the following table.

Table 1-1 IP addresses of physical interfaces

Router Interface IP Address/Mask

R1 GigabitEthernet0/0/1 10.0.13.1/24

GigabitEthernet0/0/3 10.0.12.1/24

R2 GigabitEthernet0/0/3 10.0.12.2/24

GigabitEthernet0/0/4 10.0.23.2/24

R3 GigabitEthernet0/0/1 10.0.13.3/24

GigabitEthernet0/0/3 10.0.23.3/24

R1:
R2:

R3:

# Use the ping tool to test the connectivity.

Example on R3 then repeat for all:
# Display the routing table of R3.

The preceding command output shows that three direct routes are automatically generated for each interface after
the IP addresses of the interfaces are configured, which are

1. A route to the network where the interface resides

The host route to the interface
The host route to the broadcast address of the network where the interface resides

A host route is a route with a 32-bit mask.

Step 10 Create a loopback interface.

# Configure the loopback interface according to the following table.
 Table 1-2 IP addresses of loopback interfaces

Router Interface IP Address/Mask

R1 LoopBack0 10.0.1.1/32

R2 LoopBack0 10.0.1.2/32

R3 LoopBack0 10.0.1.3/32

Loopback interfaces are logical interfaces manually configured and do not exist physically. Logical interfaces can be
used to exchange data. A loopback interface is always Up at the physical layer and link layer unless it is manually shut
down. Generally, a loopback interface uses a 32-bit mask. Loopback interfaces are used for the following purposes:

1. Used as the address for identifying and managing the router

Used as the router ID in OSPF
Used for improving network reliability
In this lab activity, the loopback interfaces are used to simulate clients.

# Display the routing table on the router (R3 in this example).

# Test the connectivity between the loopback interfaces.

 Using the ping –a source-ip-address destination-ip-address command to specify the source and destination IP
addresses of ping packets. At this point, the router does not have a route to the destination IP address. Therefore, the
ping operation fails.
Step 11 Configure static routes.
# On R3, configure a route to the loopback0 interfaces of R1 and R2.

# Display the routing table of R3.

The configured static routes are added to the IP routing table.

# Test connectivity.
# Test the connectivity between the loopback0 interfaces of the routers by referring to the proceeding description.
Step 12 Configure a path from R3 to R2 via R1 as the backup path from LoopBack0 of R3 to LoopBack0 of R2.
# Configure static routes on R2 and R3.

# Display the routing tables of R2 and R3.

R2:

R3:
# Shut down GigabitEthernet0/0/3 interface on R1 and R2 to invalidate the route with the highest priority.

# Display the routing table on R2 and R3. The command output shows that the routes with a lower priority are
activated when the routes with a higher priority are invalidated.
R2:

R3:
In this case, the original static route becomes invalid and the static route with a lower priority is activated.
# Test connectivity.
R3:

# Trace the path of the data packets.

The tracert command displays the path of packets from the source to the destination.
The command output shows that the data packets pass through GigabitEthernet0/0/1 and GigabitEthernet0/0/3 of R3
and are then forwarded to GigabitEthernet0/0/4 of R2.

In some lab environments, the devices may not respond to ICMP packets for security reasons.
Therefore, the results may vary. You can press Ctrl+C to end the tracert operation.

Step 7 Configure default routes to connect the LoopBack0 interface of R1 and the LoopBack0 interface of R2.
# Restore the interfaces and delete the configured routes.

# Display the routing table of R1.

R1 does not have a route to LoopBack0 (10.1.1.2/32) of R2.
# Configure a default route on R1.

# Display the routing table of R1.

The default route has been activated.

# Test the connectivity between LoopBack0 of R1 and LoopBack0 of R2.
----End

2.2.Lab 2: OSPF Routing

2.2.1.Introduction
2.2.1.1About This Lab
The Open Shortest Path First (OSPF) protocol is a link-state Interior Gateway Protocol (IGP) developed by the Internet
Engineering Task Force (IETF). Currently, OSPF Version 2 (RFC2328) is used for IPv4. As a link-state protocol, OSPF has
the following advantages:

● Multicast packet transmission to reduce load on the switches that are not running OSPF

● Classless Inter-Domain Routing (CIDR)

● Load balancing among equal-cost routes

● Packet authentication
With the preceding advantages, OSPF is widely accepted and used as an IGP.
In the lab activity, you will understand basic OSPF configurations and principles by configuring single-area OSPF.
2.2.1.2.Objectives
Upon completion of this task, you will be able to:

● Learn the basic commands of OSPF

● Learn how to check the OSPF running status

● Learn how to control OSPF route selection using costs

● Understand the advertisement of default routes in OSPF

● Learn how to configure OSPF authentication

2.2.1.3.Networking Topology
R1, R2, and R3 are gateways of their networks. You need to configure OSPF to enable connectivity between the
networks. Figure 2.2 Lab topology for configuring OSPF
1.1.2 Lab Configuration
1.1.2.1 Configuration Roadmap
Create OSPF processes on the devices and enable OSPF on the interfaces.
Configure OSPF authentication.
Configure OSPF to advertise default routes.
Control OSPF route selection using costs.

1.1.2.2 Configuration Procedure

Step 1 Complete basic device configuration.
# Follow steps 1, 2, 3, and 4 in lab 1 to name the routers and configure the IP addresses of the physical and loopback
interfaces.
# Display the routing table on the router.

R1:

R2:
R3:

Step 2 Complete the basic OSPF configuration.

You can set OSPF parameters only after creating an OSPF process. OSPF supports multiple independent processes on
one device. Route exchange between different OSPF processes is similar to that between different routing protocols.
You can specify a process ID when creating an OSPF process. If no process ID is specified, the default process ID 1 is
used.
# Create an OSPF area and specify the interfaces on which OSPF is to be enabled.

The area command creates an OSPF area and displays the OSPF area view.
The network network-address wildcard-mask command specifies the interfaces on which OSPF is to be enabled. OSPF
can run on an interface only when the following two conditions are met:
The mask length of the interface's IP address is not shorter than that specified in the network
command. OSPF uses reverse mask. For example 0.0.0.255 indicates that the mask length is
24 bits.
The address of the interface must be within the network range specified in the network
command.
-In this example, OSPF can be enabled on the three interfaces, and they are all added to area 0.
-If the wildcard mask in the network command is all 0s and the IP address of the interface is the same as the IP
address specified in the network-address command, the interface also runs OSPF.

Step 3 Display the OSPF status.

# Displays the OSPF neighbor information.
R1:
The display ospf peer command displays information about neighbors in each OSPF area. The information includes
the area to which the neighbor belongs, router ID of the neighbor, neighbor status, DR, and BDR.
# Display the routes learned from OSPF.

Step 4 Configure OSPF authentication.

# Configure interface authentication on R1.
The password is displayed in cipher text when you view the configuration because cipher means cipher-text.
# Display OSPF neighbors.

Authentication is not configured on other routers. Therefore, the authentication fails and no neighbor is available.
# Configuring interface authentication on R2.

# Display OSPF neighbors on R2.

R2 has established a neighbor relationship with R1.

# Configure area authentication on R3.

# Display OSPF neighbors on R3.

R3 has established a neighbor relationship with R1 and R2. Note: OSPF interface authentication and area authentication
implement OSPF packet authentication on OSPF interfaces.
Step 5 Assume that R1 is the egress of all networks. Therefore, R1 advertises the default route to OSPF.
# Advertise the default route on R1.

The default-route-advertise command advertises the default route to a common OSPF area. If the always argument is
not specified, the default route is advertised to other routers only when there are active non-OSPF default routes in
the routing table of the local router. In this example, no default route exists in the local routing table. Therefore, the
always argument needs to be used.
# Display the IP routing tables of R2 and R3.
R2:

R3:
 Step 6 Change the cost values of interfaces on R1 so that LoopBack0 on R1 can reach LoopBack0 on R2 via R3.
# According to the routing table of R1, the cost of the route from R1 to LoopBack0 of R2 is 1, and the cost of the route
from R1 to R2 via R3 is 2. Therefore, you only need to change the cost of the route from R1 to LoopBack0 of R2 to
ensure that the value is greater than 2.

# Display the routing table of R1.

In this case, the next hop of the route from R1 to LoopBack0 on R2 is GigabitEthernet0/0/1 on R3.
# Verify the result by issuing Tracert commands.

----End
UNIT 3 Creating a Switched Ethernet
Network

3.1 Lab 1: Ethernet Basics and VLAN Configuration

3.1.1 Introduction
3.1.1.1 Networking Topology
A company needs to divide a Layer 2 network into multiple VLANs based on service requirements. In addition,
VLAN 10 requires a higher level of security and only specified PCs can be added to VLAN 10.
To meet this requirement, user ports of identical services on S1 and S2 can be assigned to the same VLAN, and
ports with specified MAC addresses on S2 can be assigned to a VLAN.

Lab topology for VLAN configuration

3.1.2 Lab Configuration

3.1.2.1 Configuration Roadmap
Create a VLAN.
Configure a port-based VLAN.
Configure a MAC address-based VLAN.
3.1.2.2 Configuration Procedure
Configure names for S1 and S2 and disable unnecessary ports.
# Name the devices.
# Shut down GE0/0/11 and GE0/0/12 on S1. This step applies only to the environment described in HCIA-Datacom
Lab Construction Guide V1.0.
# Shut down GE0/0/11 and GE0/0/12 on S2.

Configure the device IP addresses.

# Set the IP addresses for R1 and R3 to 10.1.2.1/24 and 10.1.10.1/24, respectively.

[R3]interface GigabitEthernet0/0/2
[R3-GigabitEthernet0/0/2]ip address 10.1.10.1 24

# Set the IP addresses of S3 and S4 to 10.1.3.1/24 and 10.1.3.2/24, respectively. (For scenario 1: S3 and S4 support
switching from Layer 2 interfaces to Layer 3 interfaces.)
[S3]interface GigabitEthernet0/0/1
[S3-GigabitEthernet0/0/1]undo portswitch
The interface changes to Layer 3 mode.
The undo portswitch command changes the working mode of Ethernet interfaces from Layer 2 mode to Layer 3
mode.
[S3-GigabitEthernet0/0/1]ip address 10.1.3.1 24
[S4]interface GigabitEthernet0/0/2
[S4-GigabitEthernet0/0/2]undo portswitch
[S4-GigabitEthernet0/0/2]ip address 10.1.3.2 24
# Set the IP addresses of VLANIF3 on S3 and S4 to 10.1.3.1/24 and 10.1.3.2/24, respectively. (For scenario 2: S3
and S4 do not support switching from Layer 2 interfaces to Layer 3 interfaces.)
Create VLAN 3 on S3 and S4.

Configure ports on S3 and S4 as access ports and assign them to corresponding VLANs.

# Create VLANIF interfaces and configure IP addresses.

 [S4] interface Vlanif 3
[S4-Vlanif3]ip address 10.1.3.2 24

Create a VLAN.
Create VLANs 2, 3, and 10 on S1 and S2.
[S1]vlan batch 2 to 3 10
Info: This operation may take a few seconds. Please wait for a moment...done.
VLANs 2, 3, and 10 are created successfully.

The vlan vlan-id command creates a VLAN and displays the VLAN view. If the VLAN exists, the VLAN view is
displayed.
The vlan batch { vlan-id1 [ to vlan-id2 ] } command creates VLANs in batches.
[S2]vlan batch 2 to 3 10

Configure port-based VLANs.

# Configure user ports on S3 and S4 as access ports and assign them to corresponding VLANs.
The port link-type { access | hybrid | trunk } command specifies the link type of an interface, which can be Access,
Trunk, or Hybrid.
The port default vlan vlan-id command configures the default VLAN of an interface and assigns the interface to
the VLAN.
# Configure the ports connecting S1 and S2 as trunk ports and allow only packets from VLAN 2 and VLAN 3 to
pass through.
The port trunk allow-pass vlan command assigns a trunk port to the specified VLANs.
[S1-GigabitEthernet0/0/10]undo port trunk allow-pass vlan 1

The undo port trunk allow-pass vlan command deletes a trunk port from the specified VLANs.
By default, VLAN 1 is in the allowed list. If VLAN 1 is not used for any service, it needs to be deleted for security
purposes.
Configure MAC address-based VLANs.
As shown in the networking diagram, R3 simulates a special service PC. Assume that the MAC address of the PC is
a008-6fe1-0c46. The PC is expected to connect to the network through any of GigabitEthernet0/0/1,
GigabitEthernet0/0/2, and GigabitEthernet0/0/3 on S2 and transmit data through VLAN 10.
# Configure S2 to associate the MAC address of the PC with VLAN 10.
The VLAN membership depends on the source MAC addresses of packets, and VLAN tags are added accordingly.
This VLAN assignment method is independent of the location, providing a higher level of security and flexibility.
[S2] vlan 10
[S2-vlan10] mac-vlan mac-address a008-6fe1-0c46
The mac-vlan mac-address command associates a MAC address with a VLAN.
# Set GigabitEthernet0/0/1, GigabitEthernet0/0/2, and GigabitEthernet0/0/3 on S2 to hybrid ports and configure
them to allow packets from MAC address-based VLANs to pass through.
On access and trunk ports, MAC address-based VLAN assignment can be used only when the VLAN is the same as
the PVID. Therefore, it is recommended that you configure MAC address-based VLAN assignment on a hybrid port
to receive untagged packets from multiple VLANs.
The port hybrid untagged vlan command assigns a hybrid port to the specified VLANs to allow untagged frames
to pass through.

# Configure the ports connecting S1 and S2 to allow packets from VLAN 10 to pass through.
The ports need to allow tagged frames from multiple VLANs to pass through. Therefore, the ports can be configured
as trunk ports.

# Configure S2 and enable MAC address-based VLAN assignment on GE0/0/1, GE0/0/2, and GE0/0/3.
To enable a port to forward packets based on associations between MAC addresses and VLANs, you must run the
mac-vlan enable command.
The mac-vlan enable command enables MAC address-based VLAN assignment on a port.
Display the configuration information.
# Display the VLAN information on the switch.
[S1]display vlan
The display vlan command displays information about VLANs.
The display vlan verbose command displays detailed information about a specified VLAN, including the ID, type,
description, and status of the VLAN, status of the traffic statistics function, ports in the VLAN, and mode in which
the ports are assigned to the VLAN.
# Display the MAC address-based VLAN configuration on the switch.

The display mac-vlan command displays the configuration of MAC address-based VLAN assignment.

3.1.3 Verification
Test the device connectivity and verify the VLAN configuration.
Ping S4 from S3 and ensure that the ping operation is successful.
Ping other devices from R1 and ensure that the ping operation fails.
Run the display mac-address verbose command on S1 and S2 to check the MAC address tables on the
switches.

3.2 Lab 2: Spanning Tree

3.2.1 Introduction
On a switched Ethernet network, redundant links are used to implement link backup and enhance network
availability. However, redundant links may produce loops, leading to broadcast storms and an unstable MAC
address table, deteriorating or even interrupting communications. To prevent loops, IEEE introduced the Spanning
Tree Protocol (STP).
STP defined in IEEE 802.1D has evolved to the Rapid Spanning Tree Protocol (RSTP) defined in IEEE 802.1W,
and the Multiple Spanning Tree Protocol (MSTP) defined in IEEE 802.1S.
3.2.1.1 Networking Topology
A company need to deploy redundant links on its Layer 2 switched network to improve network availability. In the
meantime, the company also needs to deploy STP to prevent redundant links from forming loops and causing
broadcast storms and MAC address flapping.
 Lab topology for configuring STP

3.2.2 Lab Configuration

3.2.2.1 Configuration Roadmap
Enable STP.
Change bridge priorities to control the root bridge election.
Modify port parameters to determine the port role.
Change the protocol to RSTP.
Configure edge ports.
3.2.2.2 Configuration Procedure
# Shut down unnecessary ports. This step applies only to the environment described in HCIA-Datacom Lab
Construction Guide V1.0.
# Shut down GigabitEthernet0/0/12 between S1 and S2.

Enable STP.
# Enable STP globally.
The stp enable command enables STP, RSTP, or MSTP on a switching device or a port. By default, STP, RSTP, or
MSTP is enabled on switches.
# Change the spanning tree mode to STP.
The stp mode{mstp | rstp | stp} command sets the operation mode of the spanning tree protocol on a switching
device. By default, the switching device operates in MSTP mode. The spanning tree mode of the current device has
been changed to STP.

The displayed information also includes port status information, which is not included in the preceding output.

# Display the brief spanning tree information on each switch.

[S1]display stp brief
MSTID Port Role STP State Protection
0 GigabitEthernet0/0/10 DESI FORWARDING NONE
0 GigabitEthernet0/0/11 DESI FORWARDING NONE
0 GigabitEthernet0/0/13 DESI FORWARDING NONE
0 GigabitEthernet0/0/14 ROOT FORWARDING NONE

[S2]display stp brief

MSTID Port Role STP State Protection
 0 GigabitEthernet0/0/10 ALTE DISCARDING NONE
0 GigabitEthernet0/0/11 ALTE DISCARDING NONE
0 GigabitEthernet0/0/13 DESI FORWARDING NONE
0 GigabitEthernet0/0/14 ROOT FORWARDING NONE

[S3]display stp brief

MSTID Port Role STP State Protection
0 GigabitEthernet0/0/1 ALTE DISCARDING NONE
0 GigabitEthernet0/0/2 ALTE DISCARDING NONE
0 GigabitEthernet0/0/3 ROOT FORWARDING NONE

# Based on the root bridge ID and port information on each switch, the current topology is as follows:

The dotted line indicates that the link does not forward service data.

This topology is for reference only and may not be the same as the actual spanning tree topology in the lab environment.
Modify device parameters to make S1 the root bridge and S2 the secondary root bridge.
# Change the bridge priorities of S1 and S2.
[S1]stp root primary
Owning to the importance of the root bridge, the switch with high performance and network hierarchy is generally
chosen as a root bridge. The priority of such a device, however, may be not that high. Therefore, setting a high
priority for the switch is necessary so that the switch can be elected as the root bridge. The stp root command
configures the switch as a root bridge or secondary root bridge of a spanning tree.
● The stp root primary command specifies a switch as the root switching device. In
this case, the priority value of the switch is 0 in the spanning tree and the priority
cannot be changed.
● The stp root secondary command specifies a switch as the secondary root bridge. In
this case, the priority value of the switch is 4096 and the priority cannot be changed.

[S2]stp root secondary

# Display the STP status on S1.

In this case, the bridge ID of S1 is the same as the root bridge ID, and the root path cost is 0, indicating that S1 is the
root bridge of the current network.
# Display the brief STP status information on all devices.
[S2]display stp brief
MSTID Port Role STP State Protection
0 GigabitEthernet0/0/10 ROOT FORWARDING NONE
0 GigabitEthernet0/0/11 ALTE DISCARDING NONE
0 GigabitEthernet0/0/13 DESI FORWARDING NONE
0 GigabitEthernet0/0/14 DESI FORWARDING NONE

[S3]display stp brief

MSTID Port Role STP State Protection
0 GigabitEthernet0/0/1 ROOT FORWARDING NONE
0 GigabitEthernet0/0/2 ALTE DISCARDING NONE
0 GigabitEthernet0/0/3 ALTE DISCARDING NONE

[S4]display stp brief

MSTID Port Role STP State Protection
0 GigabitEthernet0/0/1 ROOT FORWARDING NONE
0 GigabitEthernet0/0/2 ALTE DISCARDING NONE
0 GigabitEthernet0/0/3 DESI FORWARDING NONE

# Based on the root bridge ID and port information on each switch, the current topology is as follows:

Modify device parameters to make GigabitEthernet0/0/2 of S4 the root port.

# Display the STP information on S4.
The cost of the root path from S4 to S1 is 20000.

# Change the STP cost of GigabitEthernet 0/0/1 on S4 to 50000.

[S4]interface GigabitEthernet 0/0/1
[S4-GigabitEthernet0/0/1]stp cost 50000
# Display the brief STP status information.
[S4]display stp brief
MSTID Port Role STP State Protection
0 GigabitEthernet0/0/1 ALTE DISCARDING NONE
0 GigabitEthernet0/0/2 ROOT FORWARDING NONE
0 GigabitEthernet0/0/3 ALTE DISCARDING NONE
GigabitEthernet0/0/2 on S4 has become the root port.

# Display the current STP status information.

# The current topology is as follows:

Change the spanning tree mode to RSTP.

# Change the spanning tree mode on all devices.

# Display the spanning tree status. S1 is used as an example.

After the mode is changed, the topology of the spanning tree is not affected.
Configure edge ports.
# GigabitEthernet 0/0/10-0/0/24 of S3 are connected only to terminals and need to be configured as edge ports.
[S3]interface range GigabitEthernet 0/0/10 to GigabitEthernet 0/0/24
A device provides multiple Ethernet ports, many of which have the same configuration. Configuring them one by
one is tedious and error-prone. An easy way is to add such ports to a port group and configure the group. The system
will automatically execute the commands on all ports in the group.

This function may not be available on some products.

[S3-port-group]stp edged-port enable

The stp edged-port enable command sets the current port as an edge port. If a port of a switching device receives a
BPDU after being configured as an edge port, the switching device will automatically set the port as a non-edge port
and recalculate the spanning tree.
----End

3.2.3 Verification
Mark the root bridge and the role of each port in the lab environment based on the actual network
convergence.
 Disable any port on any switch and check whether the traffic can reach all other switches through the backup
links.

3.3 Lab 3: Ethernet Link Aggregation

3.3.1 Introduction
3.3.1.1 About This Lab
As networks grow in scale, users require Ethernet backbone networks to provide higher bandwidth and availability.
In the past, the only way to increase bandwidth was to upgrade the network with high-speed LPUs, which is costly
and inflexible.
In contrast, link aggregation increases bandwidth by bundling a group of physical port into a single logical port,
without the need to upgrade hardware. In addition, link aggregation provides link backup mechanisms, greatly
improving link availability. Link aggregation has the following advantages:
Improving bandwidth: The maximum bandwidth of a link aggregation group (LAG) is the combined
bandwidth of all member links.
Improving availability: If a link is faulty, the traffic can be switched to other available member links.
Load balancing: The traffic load can be balanced among the active member links in a LAG.
In this lab activity, you will learn how to configure Ethernet link aggregation in manual and LACP modes.
3.3.1.2 Networking Topology
In the spanning tree lab activity, the two links between S1 and S2 cannot be in the data forwarding state at the same
time. To make full use of the bandwidth of the two links, you need to configure Ethernet link aggregation between
S1 and S2.
 Lab topology for configuring Ethernet link aggregation

3.3.2 Lab Configuration

3.3.2.1 Configuration Roadmap
Configure link aggregation manually.
Configure link aggregation in LACP mode.
Modify parameters to determine active links.
Change the load balancing mode.
3.3.2.2 Configuration Procedure
Configure link aggregation manually.
# Create an Eth-Trunk.
The interface eth-trunk command displays the view of an existing Eth-Trunk or creates an Eth-Trunk and displays
its view. The number 1 in this example indicates the port number.
# Configure the link aggregation mode of the Eth-Trunk.
[S1-Eth-Trunk1]mode manual load-balance

The mode command configures the working mode of the Eth-Trunk, which can be LACP or manual load balancing.
By default, the manual load balancing mode is used. Therefore, the preceding operation is unnecessary and is
provided for demonstration purpose only.
# Add a port to the Eth-Trunk.

You can enter the interface view of an individual port and add it to an Eth-Trunk. You can also run the trunkport
command in the Eth-Trunk interface view to add multiple ports to the Eth-Trunk.

Note the following points when adding physical ports to an Eth-Trunk:

● An Eth-Trunk contains a maximum of 8 member ports.
 ● An Eth-Trunk cannot be added to another Eth-Trunk.
● An Ethernet port can be added to only one Eth-Trunk. To add an Ethernet port to
another Eth-Trunk, delete it from the original one first.
● The remote ports directly connected to the local Eth-Trunk member ports must also
be added to an Eth-Trunk; otherwise, the two ends cannot communicate.
● Both endpoints of an Eth-Trunk must use the same number of physical ports, port rate,
and duplex mode.
# Display the status of an Eth-Trunk.

Configure link aggregation in LACP mode.

# Delete member ports from an Eth-Trunk.

Before changing the working mode of an Eth-Trunk, ensure that the Eth-Trunk has no member port.
# Change the aggregation mode.

The mode lacp command sets the working mode of an Eth-Trunk to LACP.
Note: The command is mode lacp-static in some versions.

# Add a port to the Eth-Trunk.

# Display the status of the Eth-Trunk.

 Step 7
In normal cases, only GigabitEthernet0/0/11 and GigabitEthernet0/0/12 need to be in the forwarding state, and
GigabitEthernet0/0/10 is used as the backup. When the number of active ports falls bellow 2, the Eth-Trunk is shut
down.
# Set the LACP priority of S1 to make S1 an active device.
[S1]lacp priority 100
# Configure port priorities so that GigabitEthernet0/0/11 and GigabitEthernet0/0/12 can have a higher priority.

Link Aggregation Control Protocol data units (LACPDUs) are sent and received by both endpoints of a link
aggregation group in LACP mode.
First, the actor is elected.
The system priority field is compared. The default priority value is 32768, and a lower value indicates a
higher priority. The endpoint with a higher priority is elected as the LACP actor.
If there is a tie in priority, the endpoint with a smaller MAC address becomes the actor.
After the actor is elected, the devices at both ends select active ports according to the port priority settings on the
actor.
# Set the upper and lower thresholds of active ports.

The bandwidth and status of an Eth-Trunk depend on the number of active ports. The bandwidth of an Eth-Trunk is
the total bandwidth of all member ports in Up state. You can set the following thresholds to stabilize an Eth-Trunk's
status and bandwidth as well as reduce the impact brought by frequent changes of member link status.
● Lower threshold: When the number of active ports falls below this threshold, the Eth-
Trunk goes Down. This threshold determines the minimum bandwidth of an Eth-
Trunk and is configured using the least active-linknumber command.
● Upper threshold: When the number of active ports reaches this threshold, the
bandwidth of the Eth-Trunk will not increase even if more member links go Up. The
upper threshold ensures network availability and is configured using the max active-
linknumber command.
# Enable the preemption function.

In LACP mode, when an active link fails, the system selects the backup link with the highest priority to replace the
faulty one. If the faulty link is recovered and has a higher priority than the backup link, the recovered link can
restore the active status if preemption is enabled. The lacp preempt enable command enables LACP preemption.
By default, this function is disabled.
# Display the status of the current Eth-Trunk.

# Shut down GigabitEthernet0/0/12 to simulate a link fault.

# Shut down GigabitEthernet 0/0/11 to simulate a link fault.

The lower threshold for the number of active links is set to 2. Therefore, the Eth-Trunk is shut down. Although
GigabitEthernet0/0/10 is Up, it is still in Unselect state.
Change the load balancing mode.
# Enable the ports disabled in the previous step.

[S1-GigabitEthernet0/0/12]undo shutdown

# Wait about 30 seconds and check the status of Eth-Trunk 1.

The preemption function is enabled on the Eth-Trunk. Therefore, when GigabitEthernet0/0/11 and
GigabitEthernet0/0/12 enter the Up state, GigabitEthernet0/0/11 and GigabitEthernet0/0/12 have a higher priority
than GigabitEthernet0/0/10. As a result, GigabitEthernet0/0/10 enters the Unselect state. In addition, to ensure link
stability, the default preemption hold time is 30 seconds. Therefore, preemption occurs 30 seconds after the ports are
enabled.
# Change the load balancing mode of the Eth-Trunk to destination IP address-based load balancing.

To ensure proper load balancing between physical links of an Eth-Trunk and avoid link congestion, use the load-
balance command to set the load balancing mode of the Eth-Trunk. Load balancing is valid only for outgoing traffic;
therefore, the load balancing modes for the ports at both Verification ends can be different.
3.4 Lab 4: Inter-VLAN Communication
3.4.1 Introduction
3.4.1.1 About This Lab
VLANs are separated at Layer 2 to minimize broadcast domains. To enable the communication between
VLANs,Huawei provides a variety of technologies. The following two technologies are commonly used:
● Dot1q termination subinterface: Such subinterfaces are Layer 3 logical interfaces.
Similar to a VLANIF interface, after a dot1q termination subinterface and its IP
address are configured, the device adds the corresponding MAC address entry and
sets the Layer 3 forwarding flag to implement Layer 3 communication between
VLANs. A Dot1q termination subinterface applies to scenarios where a Layer 3
Ethernet port connects to multiple VLANs.
● VLANIF interface: VLANIF interfaces are Layer 3 logical interfaces. After a
VLANIF interface and its IP address are configured, the device adds the MAC
address and VID of the VLANIF interface to the MAC address table and sets the
Layer 3 forwarding flag of the MAC address entry. When the destination MAC
address of a packet matches the entry, the packet is forwarded at Layer 3 to
implement Layer 3 communication between VLANs.
In this lab activity, you will use two methods to implement inter-VLAN
communication.
3.4.1.2 Networking Topology
R2 and R3 belong to different VLANs and they need to communicate with each other through VLANIF interfaces
and Dot1q termination subinterfaces.

Lab topology for inter-VLAN

communication

Simulate terminal users on R2 and R3 and assign IP addresses 192.168.2.1/24 and 192.168.3.1/24 to the
interfaces.
The gateway addresses of R2 and R3 are 192.168.2.254 and 192.168.3.254 respectively.
On S1, assign GigabitEthernet0/0/2 and GigabitEthernet0/0/3 to VLAN 2 and VLAN 3, respectively.

3.4.2 Lab Configuration

3.4.2.1 Configuration Roadmap
Configure Dot1q termination subinterfaces to implement inter-VLAN communication.
 Configure VLANIF interfaces to implement inter-VLAN communication.
3.4.2.2 Configuration Procedure
Complete basic device configuration.
# Name R1, R2, R3, and S1.
The details are not provided here.
# Configure IP addresses and gateways for R2 and R3.
Configure a default route (equivalent to a gateway) for the device.

<R3>system-view
Enter system view, return user view with Ctrl+Z.

# On S1, assign R2 and R3 to different VLANs.

Configure Dot1q termination subinterfaces to implement INter-VLAN communication.
# Configure a trunk port on S1.
The link between S1 and R1 must allow packets from VLAN 2 and VLAN 3 to pass through because R1 needs to
terminate the VLAN tags of packets exchanged between VLANs.

# Configure a dot1q termination subinterface on R1.

[R1]interface GigabitEthernet 0/0/1.2
A subinterface is created and the subinterface view is displayed. In this example, 2 indicates the subinterface number.
It is recommended that the subinterface number be the same as the VLAN ID.
[R1-GigabitEthernet0/0/1.2]dot1q termination vid 2
The dot1q termination vid vlan-id command configures the VLAN ID for Dot1q termination on a subinterface.

In this example, when GigabitEthernet0/0/1 receives data tagged with VLAN 2, it sends the data to subinterface 2
for VLAN termination and subsequent processing. The data sent from subinterface 2 is also tagged with VLAN 2.
[R1-GigabitEthernet0/0/1.2]arp broadcast enable
Subinterfaces for VLAN tag termination cannot forward broadcast packets and automatically discard them upon
receiving. To allow such subinterfaces to forward broadcast packets, the ARP broadcast function must be enabled
using the arp broadcast enable command. By default, this function is enabled on some devices.
# Test the connectivity between VLANs.

Configure VLANIF interfaces to enable

inte

r-VLAN communication.
# Delete the configuration in the previous step.

# Create a VLANIF interface on S1.

[S1]interface Vlanif 2
The interface vlanif vlan-id command creates a VLANIF interface and displays the VLANIF interface view. You
must create a VLAN
[S1]interface Vlanif 3
[S1-Vlanif3]ip address 192.168.3.254 24 before configuring a VLANIF interface.
# Test the connectivity between VLANs.

VLAN 2 and VLAN 3 can communicate with each other.

----End
 UNIT 4 Network Security Basics and
Network Access

4.1 ACL Configuration

4.1.1 Introduction

An Access Control List (ACL) is a powerful network security feature used to filter
traffic based on defined rules. In networking, ACLs are applied to router or switch
interfaces to control which packets are allowed or denied based on criteria such as
source or destination IP address, protocol type, or port numbers. This allows
administrators to enforce security policies, limit network access, and protect sensitive
resources from unauthorized users.

There are two main types of ACLs: standard and extended. Standard ACLs filter
traffic only by source IP address, while extended ACLs can filter by source and
destination IP, protocol type (like TCP or UDP), and port numbers, giving much finer
control. ACLs can be applied inbound (on traffic entering an interface) or outbound
(on traffic leaving an interface), and they process rules in sequence—once a match is
found, the corresponding action (permit or deny) is applied. Proper use of ACLs helps
enhance security, manage bandwidth, and restrict access to critical network segments.

4.1.3 Network Topology

4.2 Lab Configuration

4.2.1.2 Configuration Procedures

Step-1: Configure Ip address for R1, R2, R3

For R1:
For R2:
 For R3:

Step 8 Step-2: Configure OSPF to ensure network connectivity

Step 9 # Configure OSPF on R1, R2, and R3 and assign them to area 0 to enable
connectivity
A. OSPF on R1
Step 10
Step 11
Step 12
Step 13
Step 14
Step 15
Step 16
Step 17
Step 18
Step 19
Step 20
Step 21
Step 22
Step 23
Step 24
Step 25
B. OSPF on R2
C. OSPF on R3
# Run the ping command on R3 to test network connectivity.
Step-3: Configure R3 as Server
Step-4: Configure an ACL to match desire traffic
Method 1: Configure an ACL on the VTY interface of R3 to allow R1 to log in to R3 through Telnet
using the IP address of loopback 1.
# Configure an ACL on R3

# Filter traffic on the VTY interface of R3.

# Display the ACL configuration on R3.

Method 2: Configure an ACL on the physical interface of R2 to allow R1 to log in to R3 through Telnet
from the IP address of the physical interface.
# Display ACL configuration on R2

4.1.3 Verification
1. On R1, telnet to the server with the source IP address 10.1.1.1 specified.

2. On R1, telnet to the server with the source IP address 10.1.4.1 specified.
4.2 Lab 2: Local AAA Configuration
4.2.1 Introduction
AAA (Authentication, Authorization, and Accounting) configuration is a security framework
used in network devices to control user access and track user activity. In the context of router or
switch configuration, AAA helps ensure that only authorized users can log in to the device
(Authentication), assigns specific permissions to each user based on their role (Authorization),
and records what each user does during their session (Accounting). By configuring AAA, network
administrators can integrate login access with a central server like RADIUS or TACACS+, apply
fine-grained control over administrative privileges, and maintain logs for auditing and
troubleshooting. This enhances the overall security and accountability of network operations.
4.2.1.2 Networking Topology

4.2.2 Lab Configuration

4.2.2.1 Configuration Procedure
Step-1: Complete Basic Device Configurations
# Name R1 and R2
# Configure ip addresses for R1 and R2
For R1:

For R2:
Step-2: Configure an AAA shcema
# Configure authentication and authorization

Step-3: Create the domain and apply the AAA schema to the domain
Step-4: Configure local users
# Create a local user and password

Step-5: Enable the telnet function on R2

6. Verify the configuration

# Telnet R2 from R1.

There is Error due to the system not let me enter the password I set up.
# Display the online users on R2.
Due to the above Error, the ‘AuthenStatus’ = ‘not pass’ since the system let not me
enter password.

4.3 Lab-3: NAT Configuration

4.3.1 Introduction
NAT (Network Address Translation) is a technique used in computer
networking to allow multiple devices on a local private network to access external
networks, such as the internet, using a single public IP address. NAT helps conserve
global IP address space and enhances network security by hiding internal IP addresses.
It operates by translating private IP addresses of internal hosts to a public IP address
as traffic leaves the network and vice versa for incoming traffic. There are different
types of NAT, including static NAT (one-to-one mapping), dynamic NAT (many-to-
many using a pool), and PAT (Port Address Translation, also called NAT overload,
which maps many private IPs to one public IP using port numbers).

To configure NAT on a Huawei router using eNSP, for example, you typically define
an ACL to specify the internal IP addresses, then configure a NAT address pool (for
dynamic NAT) or specify interfaces (for easy NAT or PAT), and finally apply NAT
to the outbound interface.

4.3.1.2 Networking Topology

4.3.2 Lab Configuration

4.3.2.1 Configuration Roadmap

1. Configure dynamic NAT.

2. Configure Easy IP.

 3. Configure NAT server

4.3.2.2 Configuration Procedure

Step-1: Complete basic configurations.

# Configure IP addresses and routes
For R1:

For R2:
For R3:

# Configure the Telnet function on R1 and R3 for subsequent verification.

# Test connectivity.

Step-2: The enterprise obtains the public IP addresses ranging from 1.2.3.10 to 1.2.3.20 and needs the
dynamic NAT function.
# Test connectivity.

Step-2: The IP address of GigabitEthernet0/0/4 on R2 is dynamically assigned (e.g. through DHCP or

PPPoE dialup), you need to configure Easy IP.

# Test Connectivity
Step 26 Step-4: R3 needs to provide network services (telnet in this example) for users
on the public network. Because R3 does not have a public IP address, you need to configure NAT
server on the outbound interface of R2.

Step 27
 UNIT 5 Basic Network Service and
Application Configuration

5.1 Lab 1: FTP Configuration

1.1.3 5.1.1Introduction
This lab exercise focuses on the configuration and management of file transfer
services using multiple supported protocols, including File Transfer Protocol (FTP),
Trivial File Transfer Protocol (TFTP), and Secure File Transfer Protocol (SFTP).
These protocols provide flexible options for file management depending on specific
service requirements and security considerations.

Network devices can operate in either server or client mode:In server mode, the
device allows remote clients to access and manage files stored on it, facilitating file
transfers between the device and client systems.

In client mode, the device connects to a remote server to perform file management
tasks and transfer files as necessary.

Through this lab, learners will gain practical experience in configuring file transfer
functions on network devices and understand the appropriate use cases for each
protocol based on operational needs.

The network topology for this looks like:

5.1.2 Lab Configuration

Step 1 Complete basic device configuration.
# Name the devices.
# Configure the device IP addresses.

# Save the configuration file for subsequent verification.

#Display the current file list

Step 2 Configure the FTP server function and parameters on R2 :

step 3Configure local FTP user:

Step 4 Log in to the FTP server from the FTP client.

# Log in to the FTP client.
Step 5 Perform operations on the file systems on R2

# Configure the transmission mode:

# download the configuration file:

# delete the configuration file:

# upload the configuration file:

# close the FTP connection:

# All operations together:

5.1.3 Verification
#Display the file directories of R1 and R2.

1.1.4 5.1.5 Quiz

1. Does FTP work in active or passive mode by default?

Answer:
FTP works in active mode by default.

In active mode, the client opens a random port, and the server connects back to the
client using port 20 for data transfer.

In passive mode, the server opens a random port, and the client connects to that port
for data transfer

5.2 Lab 2: DHCP Configuration

Lab Configuration
Step 1 Complete basic configurations
# Configure interface addresses on R2.
Step 2 Enable DHCP.

Step 3 Configure an address pool:

# Configure an IP address pool on GE 0/0/3 of R2 to assign an IP address to R1.

# Configure a global address pool.

# Create an IP address pool named GlobalPool.

# All process together:

Step 4 Enable the DHCP server function on GigabitEthernet 0/0/4 of R2 to assign an

IP address to R3.
Step 5 Configure a DHCP client.

5.2.3 Verification
5.2.3.1 Display the IP addresses and routes of R1 and R3

5.2.3.2 Display the address allocation on R2.

5.2.3.2 Display the address allocation on R2.
1.1.5 5.2.5 Quiz
1. What are the differences between the application scenarios of a global address pool
and those of an interface address pool?
Feature Global Address Pool Interface Address Pool
Applies to all interfaces unless
Scope Applies to a specific interface
overridden
Configuration Defined once globally on the Defined under a specific
location router/switch interface
Useful when multiple interfaces Used when each interface needs
Usage scenario
share the same pool a different IP range
Lower priority if interface pool is Higher priority (overrides
Priority
configured global pool if both exist)

2. If there are multiple global address pools, how do you determine

the global address pool for a DHCP client?

-The DHCP server selects the first matching global address pool based on the client’s
request IP subnet.
- The device checks the giaddr (Gateway IP Address) field or the source interface of
the DHCP request.

- It matches the address pool's network statement with the client’s network segment.

- The first matching pool is selected.

UNIT 6 Creating a WLAN
6.1.3 Networking Topology

Complete basic device configurations.

Step 1 Configure the wired network.

# Configure VLANs.
# Configure interface IP addresses.
# Configure DHCP.

Step 2 Configure the APs to bring them online.

# Create an AP group and name it ap-group1.

Step 3 Configure WLAN service parameters.
6.4 Configuration Reference
UNIT 7 Creating an IPv6
Network

Networking Topology

Step 1: Complete basic device configuration

Step 2: Configure IPv6 functions on the devices and interfaces
Enable Ipv6

Step 3: Configure a link local address for the interface and test the
configuration.
# Configure an interface to automatically generate a link-local address.
# Display the IPv6 status of the interface and test the connectivity.
# Test network connectivity between R1 and R2.

Step 4: Configure static IPv6 addresses on R2.

Step 5: Configure the DHCPv6 server function on R2 and configure

R3 to obtain IPv6 addresses through DHCPv6.

# Configure the DHCPv6 server function.
#Configure the DHCPv6 client function.

# Configure DHCPv6 server to allocate the gateway address to clients.[R2]

# Configure the client to learn the default route through RA messages

Step 6 Configure R1 to obtain an IPv6 address in stateless

mode.

# Enable RA on GigabitEthernet0/0/3 of R2.

# Enable stateless address autoconfiguration on GigabitEthernet0/0/03 of R1

# Display the IP address configuration of R1

Step 7: Configure an IPv6 static route.

# Configure a static route on R1 to enable connectivity between
GigabitEthernet0/0/3 on R1 and GigabitEthernet0/0/3 on R3.

# Test connectivity

# Display the routes of R3.