2021年新华三杯全国总决赛赛题解析（随手记）

本文主要是介绍2021年新华三杯全国总决赛赛题解析（随手记），希望对大家解决编程问题提供一定的参考价值，需要的开发者们随着小编来一起学习吧！

赛题

在这里插入图片描述

解法

sw和ro连接的端口用三层互通sw：port link-mode routefw登陆密码admin adminppp配置r1：local-user 123456 class networkpassword simple 123456service-type pppint s1/0ppp authen chapr3：int s1/0ppp chap user 123456ppp chap password simple 123456		shutdownundo shutdown聚合
dis link-aggregation summarys1:int Bridge-Aggregation 1quitint range g1/0/23 to g1/0/24port link-aggregation group 1s2:int  Bridge-Aggregation 1quitint range g1/0/23 to g1/0/24port link-aggregation group 1vlans1:vlan batch 10 20int bri 1port link-type trunkport trunk permit vlan 10 20int g1/0/3port link-type trunkport trunk permit vlan 10 20s2:vlan batch 10 20int bri 1port link-type trunkport trunk permit vlan 10 20int g1/0/3port link-type trunk  port trunk permit vlan 10 20l2sw:vlan 10port g1/0/1 to g1/0/4vlan 20port g1/0/5 to g1/0/8int range g1/0/23 to g1/0/24port link-type trunkport trunk permit vlan 10 20mstp
dis stp brief
dis stp roots1:stp region-configurationregion-name 2021instance 1 vlan 10instance 2 vlan 20active region-configurationstp instance 1 root pri	 #示例1的根stp instance 2 root sec  #示例2的备int g1/0/3stp root-protections2:stp region-configurationregion-name 2021instance 1 vlan 10instance 2 vlan 20active region-configuration stp instance 1 root pri	 #示例1的备stp instance 2 root sec  #示例2的根int g1/0/3stp root-protection #根保护l2sw:stp region-configurationregion-name 2021instance 1 vlan 10instance 2 vlan 20active region-configuration  int range g1/0/1 to g1/0/8 stp edged-port #边缘端口vrrp
dis vrrp   s1：int vlan 10vrrp vrid 10 virtual-ip 172.0.10.254vrrp vrid 10 priority 150int vlan 20vrrp vrid 20 virtual-ip 172.0.20.254vrrp vrid 20 priority 110s2：int vlan 10vrrp vrid 10 virtual-ip 172.0.10.254vrrp vrid 10 priority 110int vlan 20vrrp vrid 20 virtual-ip 172.0.20.254vrrp vrid 20 priority 150ospfr1:ospf router-id 9.9.9.1area 0network 100.0.0.0 0.0.0.3 #精确掩码network 100.0.0.8 0.0.0.3network 9.9.9.1 0.0.0.0ospf 10 vpn-instance vpn1 router-id 9.9.9.1  #需要跑mpls示例，在创建完vpn后创建a 0net 10.0.0.0 0.0.0.3net 10.0.0.4 0.0.0.3	import-route bgp #引入路由r2:ospf router-id 9.9.9.2area 0network 100.0.0.0 0.0.0.3network 100.0.0.4 0.0.0.3network 9.9.9.2 0.0.0.0r3:ospf router-id 9.9.9.3area 0network 100.0.0.4 0.0.0.3network 100.0.0.8 0.0.0.3network 9.9.9.3 0.0.0.0s1：ospf 10 router-id 9.9.9.101a 0net 10.0.0.0 0.0.0.3net 9.9.9.101 0.0.0.0net 172.0.10.0 0.0.0.255net 172.0.20.0 0.0.0.255silent-interface vlan 10  #不准将协议报文发送到业务网段，禁没silent-interface vlan 20 s2:ospf 10 router-id 9.9.9.102a 0net 10.0.0.4 0.0.0.3net 9.9.9.102 0.0.0.0net 172.0.10.0 0.0.0.255net 172.0.20.0 0.0.0.255silent-interface vlan 10  #不准将协议报文发送到业务网段，禁没silent-interface vlan 20 静态r3:ip route-static vpn-instance vpn1 172.0.0.0 24 10.0.0.14ip route-static vpn-instance vpn2 192.0.0.0 24 10.0.0.18f1:	ip route-static 172.0.10.0 24 10.0.0.13ip route-static 172.0.20.0 24 10.0.0.13f2:ip route-static 192.0.10.0 24 10.0.0.17VPNr1：ip vpn-instance vpn1 #该部分需要在ospf 10之前配置route-distinguisher 100:1vpn-target 100:1 bothint g0/0ip binding vpn-instance vpn1ip add 10.0.0.1 30 #绑定vpn后，接口ip配置自动清除，需要重新配置int g0/1ip binding vpn-instance vpn1ip add 10.0.0.5 30r2:ip vpn-instance vpn2route-distinguisher 200:1vpn-target 200:1 bothint g0/2ip binding vpn-instance vpn2ip add 10.0.0.9 30r3：ip vpn-instance vpn1route-distinguisher 100:1vpn-target 100:1 bothip vpn-instance vpn2route-distinguisher 200:1vpn-target 200:1 bothint g0/1ip binding vpn-instance vpn1ip add 10.0.0.13 30int g0/2 ip binding vpn-instance vpn2ip add 10.0.0.17 30BGP/MPLSVPN:
dis bgp routing-table ipv4 vpn-instance vpn2r4:bgp 300peer 10.0.0.9 as 100add ipv4peer 10.0.0.9 enablenet 192.0.10.0 24r2:bgp 100ip vpn-instance vpn2   #对端为r4-ce,ebgp需要进入vpn示例peer 10.0.0.10 as 300address-family ipv4peer 10.0.0.10 enable #启用vpn2示例的ipv4功能peer 9.9.9.1 as-number 100peer 9.9.9.3 as-number 100address-family vpnv4   #mplsvpn,bgp使能vpnv4peer 9.9.9.1 enablepeer 9.9.9.3 enable	mpls ldp  #启用ldplsr-id 9.9.9.2int g0/0mpls enablempls ldp enableint g0/1mpls enablempls ldp enabler1:bgp 100peer 9.9.9.2 as-number 100peer 9.9.9.3 as-number 100address-family vpnv4   #mplsvpn,bgp使能vpnv4peer 9.9.9.2 enablepeer 9.9.9.3 enableip vpn-instance vpn1 #引用vpn1示例路由表中的两条路由address-family ipv4net 172.0.10.0 24net 172.0.20.0 24mpls ldp  #启用ldplsr-id 9.9.9.1int g0/2mpls enablempls ldp enableint s1/0mpls enablempls ldp enabler3:bgp 100peer 9.9.9.1 as-number 100peer 9.9.9.2 as-number 100address-family vpnv4   #mplsvpn,bgp使能vpnv4peer 9.9.9.1 enablepeer 9.9.9.2 enableip vpn-instance vpn1 #引用vpn1示例路由表中的路由address-family ipv4net 172.0.0.0 24ip vpn-instance vpn2 #引用vpn2示例路由表中的路由address-family ipv4net 192.0.0.0 24mpls ldp  #启用ldplsr-id 9.9.9.1int g0/0 mpls enablempls ldp enableint s1/0mpls enablempls ldp enable防火墙：f1:#安全域security-zone name untrustimport interface g1/0/1security-zone name trustimport interface g1/0/0#安全策略object-group ip address server1network host address 172.0.0.1security-policy iprule 0 name ap1source-zone untrustdestination-zone trustdestination-ip server1 #上面的ogacction pass#ipsapp-profile secips apply policy default mode protectsecurity-policy ip rule 0profile sec#攻击防范attack-defense policy ad1syn-flood threshold 2000syn-flood detect ip 172.0.0.1syn-flood action drop loggingsecurity-zone name untrustattack-defense apply policy ad1f2:#安全域security-zone name untrustimport interface g1/0/1security-zone name trustimport interface g1/0/0#安全策略object-group ip address server2network host address 192.0.0.10security-policy iprule 0 name ap1source-zone untrustdestination-zone trustdestination-ip server2action pass#ipsapp-profile secips apply policy default mode protectsecurity-policy ip rule 0profile sec#攻击防范attack-defense policy ad1syn-flood threshold 2000syn-flood detect ip 192.0.0.1syn-flood action drop loggingsecurity-zone name untrustattack-defense apply policy ad1ipv6s1:int vlan 10ipv6 address 172:10::254 64int vlan 20ipv6 address 172:20::253 64int lo0ipv6 address 9::101 128ospfv3 1 router-id 9.9.9.101quitint vlan 10ospfv3 1 area 0int vlan 20ospfv3 1 area 0s2:int vlan 10ipv6 address 172:10::253 64int vlan 20ipv6 address 172:20::254 64int lo0ipv6 address 9::102 128ospfv3 1 router-id 9.9.9.101quitint vlan 10ospfv3 1 area 0int vlan 20ospfv3 1 area 0