关键配置：
1、出口为ospf区域0，下联汇聚依次区域1、2…，非骨干全部为完全nssa区域
2、核心（abr）上对非骨干区域进行路由汇总，用于解决出口两台路由的条目数量
3、ospf静默接口配置在汇聚下联接接入交换机的vlan
4、核心交换机配置黑洞路由，防止内网用户探测不存在的192网段的地址，造成核心和出口路由一直循环转发这个不存在的地址。

AR1：

dis current-configuration
[V200R003C00]

snmp-agent local-engineid 800007DB03000000000000
snmp-agent

clock timezone China-Standard-Time minus 08:00:00

portal local-server load portalpage.zip

drop illegal-mac alarm

set cpu-usage threshold 80 restore 75

interface GigabitEthernet0/0/0
ip address 10.0.0.100 255.255.255.0

interface GigabitEthernet0/0/1
ip address 10.1.0.100 255.255.255.0

interface GigabitEthernet0/0/2

interface NULL0

interface LoopBack0
ip address 100.1.1.1 255.255.255.255

user-interface con 0
authentication-mode password
user-interface vty 0 4
user-interface vty 16 20

wlan ac

return

AR2：

dis current-configuration
[V200R003C00]

sysname r2

snmp-agent local-engineid 800007DB03000000000000
snmp-agent

clock timezone China-Standard-Time minus 08:00:00

portal local-server load portalpage.zip

drop illegal-mac alarm

set cpu-usage threshold 80 restore 75

acl number 2000
rule 5 permit source 192.168.0.0 0.0.255.255

interface GigabitEthernet0/0/0
ip address 10.0.0.2 255.255.255.0
nat outbound 2000

interface GigabitEthernet0/0/1
ip address 21.1.1.2 255.255.255.248

interface GigabitEthernet0/0/2

interface NULL0

interface LoopBack0
ip address 2.2.2.2 255.255.255.255

ospf 1 router-id 2.2.2.2
default-route-advertise
area 0.0.0.0
network 21.1.1.0 0.0.0.7

ip route-static 0.0.0.0 0.0.0.0 10.0.0.100

user-interface con 0
authentication-mode password
user-interface vty 0 4
user-interface vty 16 20

wlan ac

return

AR3:

dis current-configuration
[V200R003C00]

sysname r3

snmp-agent local-engineid 800007DB03000000000000
snmp-agent

clock timezone China-Standard-Time minus 08:00:00

portal local-server load portalpage.zip

drop illegal-mac alarm

set cpu-usage threshold 80 restore 75

acl number 2000
rule 5 permit source 192.168.0.0 0.0.255.255

interface GigabitEthernet0/0/0
ip address 10.1.0.3 255.255.255.0
nat outbound 2000

interface GigabitEthernet0/0/1
ip address 31.1.1.3 255.255.255.248
ospf cost 100

interface GigabitEthernet0/0/2

interface NULL0

interface LoopBack0
ip address 3.3.3.3 255.255.255.255

ospf 1 router-id 3.3.3.3
default-route-advertise
area 0.0.0.0
network 31.1.1.0 0.0.0.7

ip route-static 0.0.0.0 0.0.0.0 10.1.0.100

user-interface con 0
authentication-mode password
user-interface vty 0 4
user-interface vty 16 20

wlan ac

return

LSW1：

dis current-configuration

sysname hx

undo info-center enable

vlan batch 10 20 50 60

cluster enable
ntdp enable
ndp enable

drop illegal-mac alarm

diffserv domain default

drop-profile default

interface Vlanif1

interface Vlanif10
ip address 12.1.1.1 255.255.255.248

interface Vlanif20
ip address 13.1.1.1 255.255.255.248

interface Vlanif50
ip address 21.1.1.1 255.255.255.248

interface Vlanif60
ip address 31.1.1.1 255.255.255.248
ospf cost 100

interface MEth0/0/1

interface Eth-Trunk1
port link-type trunk
port trunk allow-pass vlan 10
mode lacp-static

interface Eth-Trunk2
port link-type trunk
port trunk allow-pass vlan 20
mode lacp-static

interface GigabitEthernet0/0/1
port link-type access
port default vlan 50

interface GigabitEthernet0/0/2
port link-type access
port default vlan 60

interface GigabitEthernet0/0/3
eth-trunk 1

interface GigabitEthernet0/0/4
eth-trunk 2

interface GigabitEthernet0/0/5

interface GigabitEthernet0/0/6

interface GigabitEthernet0/0/7
eth-trunk 1

interface GigabitEthernet0/0/8
eth-trunk 2

interface LoopBack0
ip address 1.1.1.1 255.255.255.255

ospf 1 router-id 1.1.1.1
area 0.0.0.0
network 21.1.1.0 0.0.0.7
network 31.1.1.0 0.0.0.7
area 0.0.0.1
abr-summary 192.168.100.0 255.255.254.0
network 12.1.1.0 0.0.0.7
nssa no-summary
area 0.0.0.2
abr-summary 192.168.200.0 255.255.254.0
network 13.1.1.0 0.0.0.7
nssa no-summary

ip route-static 192.0.0.0 255.0.0.0 NULL0 //黑洞路由，防攻击

user-interface con 0
user-interface vty 0 4

LSW2：

dis current-configuration

sysname sw2

undo info-center enable

vlan batch 10 100 110

cluster enable
ntdp enable
ndp enable

drop illegal-mac alarm

dhcp enable

diffserv domain default

drop-profile default

interface Vlanif1

interface Vlanif10
ip address 12.1.1.2 255.255.255.248

interface Vlanif100
ip address 192.168.100.1 255.255.255.0
dhcp select interface

interface Vlanif110
ip address 192.168.101.1 255.255.255.0
dhcp select interface

interface MEth0/0/1

interface Eth-Trunk1
port link-type trunk
port trunk allow-pass vlan 10
mode lacp-static

interface GigabitEthernet0/0/1
eth-trunk 1

interface GigabitEthernet0/0/2
port link-type trunk
port trunk allow-pass vlan 100

interface GigabitEthernet0/0/3
port link-type trunk
port trunk allow-pass vlan 110

interface GigabitEthernet0/0/4
eth-trunk 1

interface LoopBack0
ip address 22.22.22.22 255.255.255.255

ospf 1
silent-interface Vlanif100
silent-interface Vlanif110
area 0.0.0.1
network 12.1.1.0 0.0.0.7
network 192.168.100.0 0.0.0.255
network 192.168.101.0 0.0.0.255
nssa no-summary

user-interface con 0
user-interface vty 0 4

LSW3：

dis current-configuration

sysname sw3

vlan batch 20 200 210

cluster enable
ntdp enable
ndp enable

drop illegal-mac alarm

dhcp enable

diffserv domain default

drop-profile default

interface Vlanif1

interface Vlanif20
ip address 13.1.1.3 255.255.255.248

interface Vlanif200
ip address 192.168.200.1 255.255.255.0
dhcp select interface

interface Vlanif210
ip address 192.168.201.1 255.255.255.0
dhcp select interface

interface MEth0/0/1

interface Eth-Trunk2
port link-type trunk
port trunk allow-pass vlan 20
mode lacp-static

interface GigabitEthernet0/0/1
eth-trunk 2

interface GigabitEthernet0/0/2
port link-type trunk
port trunk allow-pass vlan 200

interface GigabitEthernet0/0/3
port link-type trunk
port trunk allow-pass vlan 210

interface GigabitEthernet0/0/4
eth-trunk 2

interface LoopBack0
ip address 33.33.33.33 255.255.255.255

ospf 1
silent-interface Vlanif200
silent-interface Vlanif210
area 0.0.0.2
network 13.1.1.0 0.0.0.7
network 192.168.200.0 0.0.0.255
network 192.168.201.0 0.0.0.255
nssa no-summary

user-interface con 0
user-interface vty 0 4

return

LSW4：

dis current-configuration

sysname Huawei

vlan batch 100

cluster enable
ntdp enable
ndp enable

drop illegal-mac alarm

diffserv domain default

drop-profile default

interface Vlanif1

interface MEth0/0/1

interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 100

interface GigabitEthernet0/0/2
port link-type access
port default vlan 100

return

LSW5：

dis current-configuration

sysname Huawei

vlan batch 110

cluster enable
ntdp enable
ndp enable

drop illegal-mac alarm

diffserv domain default

drop-profile default

interface Vlanif1

interface MEth0/0/1

interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 110

interface GigabitEthernet0/0/2
port link-type access
port default vlan 110

user-interface con 0
user-interface vty 0 4

return

LSW6:

dis current-configuration

sysname Huawei

vlan batch 200

cluster enable
ntdp enable
ndp enable

drop illegal-mac alarm

diffserv domain default

drop-profile default

interface Vlanif1

interface MEth0/0/1

interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 200

interface GigabitEthernet0/0/2
port link-type access
port default vlan 200

return

LSW7:

dis current-configuration

sysname Huawei

vlan batch 210

cluster enable
ntdp enable
ndp enable

drop illegal-mac alarm

diffserv domain default

drop-profile default

interface Vlanif1

interface MEth0/0/1

interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 210

interface GigabitEthernet0/0/2
port link-type access
port default vlan 210

return