Professional Documents
Culture Documents
2020 Huawei ICT Competition Network Lab Exam For The Middle East
2020 Huawei ICT Competition Network Lab Exam For The Middle East
2020 Huawei ICT Competition Network Lab Exam For The Middle East
1.1 Weighting
This exam consists of four parts: Routing & Switching, Security, WLAN, and
Cloud Computing. The total score is 1000.
GE0/0/2
Trunk VLAN 10,20,100, 200
SW2 GE0/0/3
Loopback0 1.1.1.1/32
G0/0/0 100.1.12.1/30
R1
G0/0/1 100.1.14.1/30
G0/0/2 10.1.11.2/30
Loopback0 2.2.2.2/32
G0/0/0 100.1.12.2/30
R2
G0/0/1 100.1.23.1/30
G0/0/2 100.1.25.1/30
Loopback0 3.3.3.3/32
G0/0/0 100.1.36.1/30
R3
G0/0/1 100.1.23.2/30
S1/0/0 10.1.37.1/30
R4 Loopback0 4.4.4.4/32
G0/0/0 100.1.45.1/30
G0/0/1 100.1.14.2/30
G0/0/2 10.1.24.2/30
Loopback0 5.5.5.5/32
G0/0/0 100.1.45.2/30
R5
G0/0/1 100.1.56.1/30
G0/0/2 100.1.25.2/30
Loopback0 6.6.6.6/32
G0/0/0 100.1.36.2/30
R6
G0/0/1 100.1.56.2/30
G0/0/2 10.1.68.1/30
Loopback0 7.7.7.7/32
R7 Loopback1 10.1.70.1/32
S1/0/0 10.1.37.2/30
Loopback0 8.8.8.8/32
R8 Loopback1 10.1.80.1/32
G0/0/2 10.1.68.2/30
Loopback0 9.9.9.9/32
VLANIF 21 10.1.21.2/30
VLANIF 23 10.1.23.2/30
SW1
VLANIF 111 10.1.111.1/30
Loopback0 10.10.10.10/32
VLANIF 22 10.1.22.2/30
VLANIF 24 10.1.25.1/30
SW2
VLANIF 111 10.1.111.2/30
VLANIF 10 192.168.10.254/24
VLANIF 23 10.1.23.1/30
G1/0/1 10.1.21.1/30
G1/0/2 10.1.11.1/30
Loopback0 12.12.12.12/32
G1/0/0 10.1.12.2/30
FW2
G1/0/1 10.1.22.1/30
G1/0/2 10.1.24.1/30
Server1 - 10.1.25.2/30
https://192.168.0.1:84 ICT@Huawei2020
FW1 admin
43
https://192.168.0.2:84 ICT@Huawei2020
FW2 admin
43
2.3.4 MSTP,VRRP
Task 1: MSTP
1. Add SW1, SW2, SW3 and Sw4 to region HUAWEI, the Revision level is
10 and create instances MSTI1 and MSTI2 Map VLAN 10 , 100, 111 to MSTI1,
and map VLAN 20 , 200 to MSTI2 to load balance traffic.
2. Set SW1 as the root bridge of MSTI1, Set SW2 as the backup bridge of
MSTI1.
3. Set SW2 as the root bridge of MSTI2, Set SW1 as the backup bridge of
MSTI2.
4. Except for the ports interconnected by switches, ensure that other
ports do not participate in MSTP calculations going to Forwarding state directly.
Enable the protection function on each root bridge.
Task 2: VRRP
5. Create VRRP group 1 on SW1 and SW2 for VLAN 100. Set SW1 as the
master device, priority to 120, virtual ip to 192.168.100.254 and preemption
delay to 20 seconds. Set SW2 as the backup device and retain the default
priority.
6. Create VRRP group 2 on SW1 and SW2 for VLAN 200. Set SW2 as the
master device, priority to 120, virtual ip to 192.168.200.254 and preemption
delay to 20 seconds. Set SW1 as the backup device and retain the default
priority.
7. Associate VRRP group 1 with VLANIF 100 on SW1 and
set reduced value-reduced to 30 when VLANIF 21 becomes down. Associate
VRRP group 2 with VLANIF 200 on SW2 and set reduced value-reduced to 30
when VLANIF 22 becomes down.
2.3.5 DHCP
1. The aggregation switch (SW1 and SW2) functions as a DHCP server to
assign IP addresses to PC1 and PC2.
2. configure IP pool (Name:Pool1)to assign IP addresses to PC1 on SW1
and SW2,and the default gateways address is 192.168.100.254.
3. configure IP pool (Name:Pool2)to assign IP addresses to PC2 on SW1
and SW2,and the default gateways address is 192.168.200.254.
2.3.6 OSPF
1. At the headquarters, use the information in the table 3-4 to configure
OSPF. Configure Loopback0’s IP addresses as their router ID. Set the ospf
process ID to 1.and use Network command to advertise routes .All the 32 bits
must be exactly matched.
Table 2.3.6.1.1.1.1.1.1 OSPF Planning
Device
Interface Area
Name
Loopback0 0
VLANIF 21 0
VLANIF 111 1
VLANIF 200
Loopback0
0
VLANIF 22
VLANIF 25
SW2
VLANIF 100
1
VLANIF 111
VLANIF 200
Loopback0
FW1 0
G1/0/1
Loopback0
FW2 0
G1/0/1
2. SW1 and SW2 are not allow to transmit OSPF packets with each other
in VLAN 100 and VLAN 200.
3. To ensure the security of the backbone network, configure area
authentication on the devices in the backbone area, and set the authentication
mode to MD5 plain text authentication and the password to ICT@Huawei2020.
1. Configure network interworking of the AC, AP, and other network device
2. Configure the AP to go online. Configure the AP mac authentication mode
and import the AP offline to allow the AP to go online.
3. Configure WLAN service parameters for STAs to access the WLAN. Ensure
the interconnection within the headquarters so that STA1 can communicate with
PC1 and PC2.
Table 2.4.1.1.1.1.3.1.1 WLAN Data Planning
Configuration Item Data
AP name AP1
Name: Employee-ICT
SSID profile SSID name: Employee-X (X indicates your group
name.)
Name: Employee-ICT
Security profile Security policy: WPA-WPA2
Password: ICT@Huawei2020
Name: Employee-ICT
Forwarding mode: Tunnel
VAP profile
Service VLAN: 20
Binding SSID profile, Security profile,
2.5 Multicast
2.5.1 PIM
1. Server1 is the multicast source, PC1-2 is the receiver, and the
loopback0 address of SW1 is the RP address.
2. OSPF has been used on the entire network for interworking. PIM-SM
has been configured on SW1 and SW2.
2.5.2 IGMPV2 and IGMP snooping
1. SW2 is connected to the user network through the Layer 2 switch (SW3
and SW4) and runs IGMPv2.
2. The multicast source sends data to multicast groups 225.1.1.1 to
225.1.1.3. There are two receivers on the network: PC1 and PC2. They are
interested in only the data from 225.1.1.1. Enable IGMP snooping globally and in
VLAN 100 and VLAN 200 on all switches. Configure SW2 as a querier and enable
all switches to discard unknown multicast packets.
G0/0/1 2001:23::1/64
Loopback 0 2001:2::2/128
G0/0/1 2001:23::2/64
Loopback 0 2001:3::3/128
G0/0/1 2001:56::1/64
G0/0/0 2001:36::2/64
Loopback 0 2001:6::6/128
Task 2: BGP4+
3. Using loopback0 to establish BGP4+ full mesh peer between R2, R3 , R5
and R6 in AS 100.
4. Ensure that all the four routers can learn the IPv6 routes of all Loopback0s
from each other, and that the Origin attribute of the routes is incomplete.
1. Configure the G1/0/1 belong to trust zone, G1/0/2 belong to untrust zone
and the G1/0/0 belongs to DMZ zone.
2. Establish hot standby between FW1 and FW2 and heartbeats interface.
3. Configure security policy rule Trust to allow PC1 and PC2 in the HQs can
communicate with Branch1 and Brach2.
2.7.2 Configuring MPLS VPN
Task 1: Implement MPLS VPN in the ISP, provide the links to
connect HQs and branches.
1. Configure FW1 as CE1 and FW2 as CE2 to connect to the Branches through
R1 (PE1), R4(PE4), R3 (PE3) and R6 (PE6) in AS100, R7 is the CE3, R8 is the CE4.
CE1 and CE2 are Hub-CEs of vpn1, PE1 and PE4 are Hub-PEs. CE3 and CE4 are
Spoke sites of vpn1, and PE3 and PE6 are Spoke PEs.
2. Enable MPLS and MPLS LDP on the routers, set the loopback0 as the
LSR-ID to establish an MPLS LSP public network tunnel, and transmit VPN data.
3. The RD of R1, R3, R4 and R6 are 100:1, 100:3, 100:4 and 100:6,
respectively.
4. CE1 and CE2 are Hub-CEs of VPN1, PE1 and PE2 are Hub-CEs. CE3 and CE4
are Spoke sites of VPN1, and PE3 and PE4 are Spoke PEs.
5. Create a VPN instance on R1, R4, R3 and R6. R1 vpn1's RD is 100:1, Export
RT is 100:1, and Import RT is 200:1.The interface connected to the CE is bound to
the corresponding VPN instance to access the VPN user. Properly set vpn1 VPN-
target to ensure that the data transmitted between spoke sites passes through
the Hub-PE.
6. Configure Full-mesh MP-IBGP between PE1 , PE3, PE4 and PE6 to exchange
VPN routing information.
7. Run BGP AS 65001 on FW1 to establish EBGP peers with R1 vpn-instance
vpn1, Run BGP AS 65001 on FW2 to establish EBGP peers with R3 vpn-instance
vpn1 ,Configure bidirectional route import between ospf and bgp on FW1 and
FW2.
2.8 Feature
2.8.1 SNMP
Create the following alarm notification rule: Huawei-ICT.
1. Configure SNMP v2c on SW1, SW2.
2. Set read community as Admin@123, write community as Huawei@123.
3. The network management server address is 10.1.24.2.
4. Security name is Huawei-ICT.
5. snmp-agent trap enable.
2.8.2 QoS
In the outbound interface (GE 0/0/2 on PE1 and PE2), 8:00–18:00 from Monday
to Friday The committed average rate is 1 Mbit/s for the traffic with UDP
destination port numbers ranging from 7888 to 7999.