diff --git a/experiment/labdisign.md b/experiment/labdesign.md
similarity index 100%
rename from experiment/labdisign.md
rename to experiment/labdesign.md
diff --git a/experiment/labdesignfinal-fix.md b/experiment/labdesignfinal-fix.md
new file mode 100644
index 0000000..dd8f76f
--- /dev/null
+++ b/experiment/labdesignfinal-fix.md
@@ -0,0 +1,73 @@
+------
+config:
+ layout: dagre
+---
+flowchart TD
+ subgraph Internet["外网区域 (Untrust)"]
+  InternetServer["fa:fa-server Internet(Pi)<br>Web服务 (8.8.8.8)"]
+  PC4["fa:fa-laptop PC4 - 外网用户<br>(172.16.1.0/24)"]
+ end
+
+ subgraph ISP["ISP 模拟"]
+  R3["fa:fa-route R3 - 模拟ISP"]
+ end
+
+ subgraph ExitLayer["出口层 - ECMP 负载分担"]
+  R1["fa:fa-route R1 (出口1)"]
+  R2["fa:fa-route R2 (出口2)"]
+ end
+
+ subgraph SecurityLayer["安全层 - FW1 (Trust, DMZ, Untrust)"]
+  FW1["fa:fa-shield-alt FW1<br>L3网关: V20 (DMZ)<br>NAT & 安全策略"]
+ end
+
+ subgraph CoreStack["核心层 - 堆叠系统 (Trust)"]
+  CORE["fa:fa-layer-group CORE (S1+S2)<br>L3网关: V10, V30"]
+ end
+
+ subgraph AccessLayer["接入层"]
+  S3["S3 - 员工区交换机"]
+  S4["S4 - 服务器/访客区交换机"]
+ end
+
+ subgraph EndUsers["终端用户区"]
+   PC1["fa:fa-computer PC1<br>员工区 - VLAN 10<br>(192.168.10.0/24)"]
+   PC3["fa:fa-wifi PC3<br>访客区 - VLAN 30<br>(192.168.30.0/24)"]
+   Server["fa:fa-server Web服务器(Pi)<br>服务器区 - VLAN 20<br>(192.168.20.0/24)"]
+ end
+
+ %% 1. 外网连接 (R3模拟外网网关)
+ InternetServer -- "8.8.8.0/24" --> R3
+ PC4 -- "172.16.1.0/24" --> R3
+
+ %% 2. ISP 到 出口
+ R3 -- "链路 A (203.0.113.0/30)" --> R1
+ R3 -- "链路 B (203.0.113.4/30)" --> R2
+
+ %% 3. 出口 到 防火墙 (Untrust 接口, ECMP)
+ R1 -- "L3 链路 A (10.0.2.0/30)" --> FW1
+ R2 -- "L3 链路 B (10.0.3.0/30)" --> FW1
+
+ %% 4. 防火墙 到 核心 (Trust 接口)
+ FW1 -- "L3 Eth-Trunk 2<br>(10.0.1.0/30)" --> CORE
+
+ %% 5. 防火墙 到 DMZ (DMZ 接口) - 关键变更点
+ FW1 -- "L2 链路 (VLAN 20)" --> S4
+
+ %% 6. 核心 到 接入 (Trust 接口)
+ CORE -- "Trunk (VLAN 10)" --> S3
+ CORE -- "Trunk (VLAN 30)" --> S4
+
+ %% 7. 接入 到 终端
+ S3 -- "Access (VLAN 10)" --> PC1
+ S4 -- "Access (VLAN 30)" --> PC3
+ S4 -- "Access (VLAN 20)" --> Server
+
+ %% 样式
+ style Internet fill:#E6F3FF,stroke:#99CCFF
+ style ISP fill:#E0E0E0,stroke:#A0A0A0
+ style ExitLayer fill:#E6FFE6,stroke:#99FF99
+ style SecurityLayer fill:#FFECE6,stroke:#FFB399
+ style CoreStack fill:#FFF5E6,stroke:#FFCC99
+ style AccessLayer fill:#F0E6FF,stroke:#D1B3FF
+ style EndUsers fill:#FFFFE6,stroke:#FFCC66
diff --git a/experiment/labdesignfinal-fix.png b/experiment/labdesignfinal-fix.png
new file mode 100644
index 0000000..3dff540
Binary files /dev/null and b/experiment/labdesignfinal-fix.png differ
diff --git a/experiment/labdisignfinal.md b/experiment/labdesignfinal.md
similarity index 100%
rename from experiment/labdisignfinal.md
rename to experiment/labdesignfinal.md