拓扑图
一.接入交换机ACSW配置
<Huawei>
<Huawei>system-view
Enter system view, return user view with Ctrl+Z.
[Huawei]undo info-center enable
Info: Information center is disabled.
[Huawei]sysname acsw
[acsw]vlan batch 10 20
Info: This operation may take a few seconds. Please wait for a moment...done.
[acsw]interface gigabitether 0/0/1
[acsw-GigabitEthernet0/0/1]port link-type access
[acsw-GigabitEthernet0/0/1]port default vlan 10
[acsw-GigabitEthernet0/0/1]quit
[acsw]interface gigabitether 0/0/2
[acsw-GigabitEthernet0/0/2]port link-type access
[acsw-GigabitEthernet0/0/2]port default vlan 20
[acsw-GigabitEthernet0/0/2]quit
[acsw]interface gigabitether 0/0/3
[acsw-GigabitEthernet0/0/3]port link-type trunk
[acsw-GigabitEthernet0/0/3]port trunk allow-pass vlan all
[acsw-GigabitEthernet0/0/3]quit
[acsw]2.核心交换机配置
配置vlan
开启DHCP
创建ip-pool并设置DHCP信息(也可以使用接口DHCP)
<Huawei>system-view
Enter system view, return user view with Ctrl+Z.
[Huawei]undo info-center enable
Info: Information center is disabled.
[Huawei]sysname coresw
[coresw]dhcp enable
Info: The operation may take a few seconds. Please wait for a moment.done.
[coresw]vlan batch 10 20 30
Info: This operation may take a few seconds. Please wait for a moment...done.
[coresw]interface vlanif 10
[coresw-Vlanif10]ip address 192.168.10.254 24
[coresw-Vlanif10]quit
[coresw]interface vlanif 20
[coresw-Vlanif20]ip address 192.168.20.254 24
[coresw-Vlanif20]quit
[coresw]ip pool 10
Info:It's successful to create an IP address pool.
[coresw-ip-pool-10]network 192.168.10.0 mask 24
[coresw-ip-pool-10]gateway-list 192.168.10.254
[coresw-ip-pool-10]dns-list 114.114.114.114
[coresw-ip-pool-10]lease day 8
[coresw-ip-pool-10]excluded-ip-address 192.168.10.2 192.168.10.253
[coresw-ip-pool-10]quit
[coresw]
[coresw]ip pool 20
Info:It's successful to create an IP address pool.
[coresw-ip-pool-20]network 192.168.20.0 mask 24
[coresw-ip-pool-20]gateway-list 192.168.20.254
[coresw-ip-pool-20]dns-list 8.8.8.8
[coresw-ip-pool-20]lease day 8
[coresw-ip-pool-20]excluded-ip-address 192.168.20.2 192.168.20.253
[coresw-ip-pool-20]quit
[coresw]interface vlanif 10
[coresw-Vlanif10]dhcp select global
[coresw-Vlanif10]quit
[coresw]interface vlanif 20
[coresw-Vlanif20]dhcp select global
[coresw-Vlanif20]quit
[coresw]
[coresw]interface gigabitether 0/0/1
[coresw-GigabitEthernet0/0/1]port link-type trunk
[coresw-GigabitEthernet0/0/1]port trunk allow-pass vlan all
[coresw-GigabitEthernet0/0/1]quit
[coresw]3.测试DHCP
开启PC1和PC2的DHCP功能,获取IP地址
PC1:
PC>ipconfig
Link local IPv6 address...........: fe80::5689:98ff:fe28:70f9
IPv6 address......................: :: / 128
IPv6 gateway......................: ::
IPv4 address......................: 192.168.10.1
Subnet mask.......................: 255.255.255.0
Gateway...........................: 192.168.10.254
Physical address..................: 54-89-98-28-70-F9
DNS server........................: 114.114.114.114PC2:
PC>ipconfig
Link local IPv6 address...........: fe80::5689:98ff:fe74:7408
IPv6 address......................: :: / 128
IPv6 gateway......................: ::
IPv4 address......................: 192.168.20.1
Subnet mask.......................: 255.255.255.0
Gateway...........................: 192.168.20.254
Physical address..................: 54-89-98-74-74-08
DNS server........................: 8.8.8.8检测PC1和PC2是否互通
4.核心交换机配置
模拟器不这次给芥末配置IP地址,用vlan30进行互联
PC>ipconfig
Link local IPv6 address...........: fe80::5689:98ff:fe28:70f9
IPv6 address......................: :: / 128
IPv6 gateway......................: ::
IPv4 address......................: 192.168.10.1
Subnet mask.......................: 255.255.255.0
Gateway...........................: 192.168.10.254
Physical address..................: 54-89-98-28-70-F9
DNS server........................: 114.114.114.1145.route路由器配置回程路由
<Huawei>system-view
Enter system view, return user view with Ctrl+Z.
[Huawei]undo info-center enable
Info: Information center is disabled.
[Huawei]sysname route
[route]interface gigabitether 0/0/0
[route-GigabitEthernet0/0/0]ip address 192.168.30.3 24
[route-GigabitEthernet0/0/0]quit
[route]ping 192.168.30.254
PING 192.168.30.254: 56 data bytes, press CTRL_C to break
Reply from 192.168.30.254: bytes=56 Sequence=1 ttl=255 time=80 ms
Reply from 192.168.30.254: bytes=56 Sequence=2 ttl=255 time=40 ms
Reply from 192.168.30.254: bytes=56 Sequence=3 ttl=255 time=30 ms
Reply from 192.168.30.254: bytes=56 Sequence=4 ttl=255 time=30 ms
Reply from 192.168.30.254: bytes=56 Sequence=5 ttl=255 time=20 ms
--- 192.168.30.254 ping statistics ---
5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 20/40/80 ms
[route]route和corese已通,vlan10和vlan20不通,因为没有配置回城路由
静态路由配置
[route]ip route-static 192.168.10.0 255.255.255.0 192.168.30.254
[route]ip route-static 192.168.20.0 255.255.255.0 192.168.30.254再次尝试pingPC1,PC2,已经ping通
[route]ping 192.168.10.1
PING 192.168.10.1: 56 data bytes, press CTRL_C to break
Request time out
Reply from 192.168.10.1: bytes=56 Sequence=2 ttl=127 time=70 ms
Reply from 192.168.10.1: bytes=56 Sequence=3 ttl=127 time=70 ms
Reply from 192.168.10.1: bytes=56 Sequence=4 ttl=127 time=70 ms
Reply from 192.168.10.1: bytes=56 Sequence=5 ttl=127 time=80 ms
--- 192.168.10.1 ping statistics ---
5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 70/72/80 ms
[route]ping 192.168.20.1
PING 192.168.20.1: 56 data bytes, press CTRL_C to break
Request time out
Reply from 192.168.20.1: bytes=56 Sequence=2 ttl=127 time=70 ms
Reply from 192.168.20.1: bytes=56 Sequence=3 ttl=127 time=80 ms
Reply from 192.168.20.1: bytes=56 Sequence=4 ttl=127 time=80 ms
Reply from 192.168.20.1: bytes=56 Sequence=5 ttl=127 time=60 ms
--- 192.168.20.1 ping statistics ---
5 packet(s) transmitted
4 packet(s) received
20.00% packet loss
round-trip min/avg/max = 60/72/80 ms
[route]尝试OSPF学习路由,先删除配置过的coresw,route的RIP
[coresw]undo rip 1
Warning: The RIP process will be deleted. Continue?[Y/N]y
[coresw]
[route]undo rip 1
Warning: The RIP process will be deleted. Continue?[Y/N]y
[route]coresw配置OSPF
同时宣告10,20,30网段
[coresw]ospf
[coresw-ospf-1]area 0
[coresw-ospf-1-area-0.0.0.0]network 192.168.10.0 0.0.0.255
[coresw-ospf-1-area-0.0.0.0]network 192.168.20.0 0.0.0.255
[coresw-ospf-1-area-0.0.0.0]network 192.168.30.0 0.0.0.255
[coresw-ospf-1-area-0.0.0.0]quit
[coresw-ospf-1]quit
[coresw]route配置ospf
宣告30网段
ping测试 vlan10 vlan20
[route]ospf
[route-ospf-1]area 0
[route-ospf-1-area-0.0.0.0]network 192.168.30.0 0.0.0.255
[route-ospf-1-area-0.0.0.0]quit
[route-ospf-1]quit
[route]
[route]ping 192.168.10.1
PING 192.168.10.1: 56 data bytes, press CTRL_C to break
Request time out
Reply from 192.168.10.1: bytes=56 Sequence=2 ttl=127 time=70 ms
Reply from 192.168.10.1: bytes=56 Sequence=3 ttl=127 time=70 ms
Reply from 192.168.10.1: bytes=56 Sequence=4 ttl=127 time=60 ms
Reply from 192.168.10.1: bytes=56 Sequence=5 ttl=127 time=70 ms
--- 192.168.10.1 ping statistics ---
5 packet(s) transmitted
4 packet(s) received
20.00% packet loss
round-trip min/avg/max = 60/67/70 ms
[route]ping 192.168.20.1
PING 192.168.20.1: 56 data bytes, press CTRL_C to break
Request time out
Reply from 192.168.20.1: bytes=56 Sequence=2 ttl=127 time=70 ms
Reply from 192.168.20.1: bytes=56 Sequence=3 ttl=127 time=60 ms
Reply from 192.168.20.1: bytes=56 Sequence=4 ttl=127 time=70 ms
Reply from 192.168.20.1: bytes=56 Sequence=5 ttl=127 time=60 ms
--- 192.168.20.1 ping statistics ---
5 packet(s) transmitted
4 packet(s) received
20.00% packet loss
round-trip min/avg/max = 60/65/70 ms
[route]6.配置对外的3台路由器地址
[route]interface gigabitether 0/0/1
[route-GigabitEthernet0/0/1]ip address 12.1.1.3 24
[route-GigabitEthernet0/0/1]quit
[route]interface gigabitether 0/0/2
[route-GigabitEthernet0/0/2]ip address 23.1.1.3 24
[route-GigabitEthernet0/0/2]quit
[route]电信路由器配置:
g0/0/0:12.1.1.1/24
g0/0/1: 100.1.1.1/24
lo0:1.1.1.1/24
<Huawei>system-view
Enter system view, return user view with Ctrl+Z.
[Huawei]undo info-center enable
Info: Information center is disabled.
[Huawei]sysname dianxin
[dianxin]interface gigabitether 0/0/0
[dianxin-GigabitEthernet0/0/0]ip address 12.1.1.1 24
[dianxin-GigabitEthernet0/0/0]quit
[dianxin]interface gigabitether 0/0/1
[dianxin-GigabitEthernet0/0/1]ip address 100.1.1.1 24
[dianxin-GigabitEthernet0/0/1]quit
[dianxin]interface LoopBack 0
[dianxin-LoopBack0]ip address 1.1.1.1 24
[dianxin-LoopBack0]quit
[dianxin]联通路由配置
g0/0/0:23.1.1.1/24
g0/0/1: 100.1.1.2/24
lo0:2.2.2.2/24
<Huawei>system-view
Enter system view, return user view with Ctrl+Z.
[Huawei]undo info-center enable
Info: Information center is disabled.
[Huawei]sysname liantong
[liantong]interface gigabitether 0/0/0
[liantong-GigabitEthernet0/0/0]ip address 23.1.1.2 24
[liantong-GigabitEthernet0/0/0]quit
[liantong]interface gigabitether 0/0/1
[liantong-GigabitEthernet0/0/1]ip address 100.1.1.2 24
[liantong-GigabitEthernet0/0/1]quit
[liantong]interface LoopBack 0
[liantong-LoopBack0]ip address 2.2.2.2 24
[liantong-LoopBack0]quit
[liantong]此时,3台路由器可互通,测试ping
但电信和联通的虚拟接口地址是不通的,1.1.1.1和2.2.2.2
配置rip相互学习地址
电信路由器配置RIP
[dianxin]rip
[dianxin-rip-1]version 2
[dianxin-rip-1]network 1.0.0.0
[dianxin-rip-1]network 12.0.0.0
[dianxin-rip-1]network 100.0.0.0
[dianxin-rip-1]quit联通路由器配置RIP
[liantong]rip
[liantong-rip-1]version 2
[liantong-rip-1]network 2.0.0.0
[liantong-rip-1]network 23.0.0.0
[liantong-rip-1]network 100.0.0.0
[liantong-rip-1]quit
[liantong]ping 1.1.1.1
PING 1.1.1.1: 56 data bytes, press CTRL_C to break
Reply from 1.1.1.1: bytes=56 Sequence=1 ttl=255 time=60 ms
Reply from 1.1.1.1: bytes=56 Sequence=2 ttl=255 time=20 ms
Reply from 1.1.1.1: bytes=56 Sequence=3 ttl=255 time=20 ms
Reply from 1.1.1.1: bytes=56 Sequence=4 ttl=255 time=20 ms
Reply from 1.1.1.1: bytes=56 Sequence=5 ttl=255 time=30 ms
--- 1.1.1.1 ping statistics ---
5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 20/30/60 ms
[liantong]电信联通已经互通,相当于模拟显示中的电信和联通运营商互通。
但是vlan10 和vlan20目前无法访问互联网,也就是联通、电信路由器,需要在在出口路由器中配置nat
7.网络地址转换,NAT配置
创建acl
匹配规则,允许vlan10和vlan20的地址通过
应用到接口中
[route]acl 2000
[route-acl-basic-2000]rule 5 permit source 192.168.10.0 0.0.0.255
[route-acl-basic-2000]rule 10 permit source 192.168.20.0 0.0.0.255
[route-acl-basic-2000]quit
[route]interface gigabitether 0/0/1
[route-GigabitEthernet0/0/1]nat outbound 2000
[route-GigabitEthernet0/0/1]quit
[route]interface gigabitether 0/0/2
[route-GigabitEthernet0/0/2]nat outbound 2000
[route-GigabitEthernet0/0/2]quit
[route]此时还是无法访问互联通,需在核心和路由中配置静态路由
8.核心交换机coresw配置路由
[coresw]ip route-static 0.0.0.0 0 192.168.30.39.出口路由器route配置静态路由
配置两条静态路由,对应电信和联通
优先走电信,优先级设置50,联通优先级设置60(数值越小越优先)
[route]ip route-static 0.0.0.0 0 12.1.1.1 preference 50
[route]ip route-static 0.0.0.0 0 23.1.1.2
[route]quit至此,vlan10和vlan20可以访问互联网
10.电信线路故障自动走联通
[route]bfd
[route-bfd]quit
[route]bfd dianxin bind peer-ip 12.1.1.1 source-ip 12.1.1.3 auto
[route-bfd-session-dianxin]quit
[route][dianxin]bfd
[dianxin-bfd]quit
[dianxin]bfd dianxin bind peer-ip 12.1.1.3 source-ip 12.1.1.1 auto
[dianxin-bfd-session-dianxin]quit
[dianxin][route]ip route-static 0.0.0.0 0 12.1.1.1 preference 50 track bfd-session dianxin
Info: Succeeded in modifying route.
[route]11.策略路由配置
[route]undo ip route-static 0.0.0.0 0.0.0.0 12.1.1.1
[route]undo ip route-static 0.0.0.0 0.0.0.0 23.1.1.2[route]acl 2001
[route-acl-basic-2001]rule 10 permit source 192.168.10.0 0.0.0.255
[route-acl-basic-2001]quit
[route]acl 2002
[route-acl-basic-2002]rule 20 permit source 192.168.20.0 0.0.0.255
[route-acl-basic-2002]quit
[route][route]traffic classifier jiaoxue
[route-classifier-jiaoxue]if-match acl 2001
[route-classifier-jiaoxue]quit
[route]traffic classifier sushe
[route-classifier-sushe]if-match acl 2002
[route-classifier-sushe]quit
[route][route]traffic behavior re-dianixn
[route-behavior-re-dianixn]redirect ip-nexthop 12.1.1.1
[route-behavior-re-dianixn]quit
[route]traffic behavior re-liantong
[route-behavior-re-liantong]redirect ip-nexthop 23.1.1.2
[route-behavior-re-liantong]quit
[route][route]traffic policy p
[route-trafficpolicy-p]classifier jiaoxue behavior re-dianixn
[route-trafficpolicy-p]classifier sushe behavior re-liantong
[route-trafficpolicy-p]quit
[route][route]interface gigabitether 0/0/0
[route-GigabitEthernet0/0/0]traffic-policy p inbound
[route-GigabitEthernet0/0/0]quit
[route]PC>
PC>tracert 12.1.1.1
traceroute to 12.1.1.1, 8 hops max
(ICMP), press Ctrl+C to stop
1 192.168.10.254 32 ms 46 ms 32 ms
2 * * *
3 12.1.1.1 62 ms 63 ms 62 ms
PC>tracert 23.1.1.2
traceroute to 23.1.1.2, 8 hops max
(ICMP), press Ctrl+C to stop
1 192.168.10.254 31 ms 47 ms 31 ms
2 * * *
3 12.1.1.1 78 ms 63 ms 62 ms
4 23.1.1.2 94 ms 78 ms 94 ms
PC>PC>tracert 12.1.1.1
traceroute to 12.1.1.1, 8 hops max
(ICMP), press Ctrl+C to stop
1 192.168.20.254 32 ms 46 ms 47 ms
2 * * *
3 23.1.1.2 47 ms 94 ms 62 ms
4 12.1.1.1 63 ms 94 ms 109 ms
PC>tracert 23.1.1.2
traceroute to 23.1.1.2, 8 hops max
(ICMP), press Ctrl+C to stop
1 192.168.20.254 47 ms 31 ms 47 ms
2 * * *
3 23.1.1.2 47 ms 78 ms 62 ms
12.线路分流,访问联通走联通,访问电信走电信
[route]acl 3001
[route-acl-adv-3001]rule 10 permit ip source 0.0.0.0 255.255.255.255 destination
1.1.1.1 0.0.0.0
[route-acl-adv-3001]quit
[route]acl 3002
[route-acl-adv-3002]rule 20 permit ip source 0.0.0.0 255.255.255.255 destination
2.2.2.2 0.0.0.0[route]traffic classifier jiaoxue
[route-classifier-jiaoxue]undo if-match acl 2001
[route-classifier-jiaoxue]if-match acl 3001
[route-classifier-jiaoxue]quit
[route]traffic classifier sushe
[route-classifier-sushe]undo if-match acl 2002
[route-classifier-sushe]if-match acl 3002
[route-classifier-sushe]quit
[route][route]traffic classifier jiaoxue
[route-classifier-jiaoxue]undo if-match acl 2001
[route-classifier-jiaoxue]if-match acl 3001
[route-classifier-jiaoxue]quit
[route]traffic classifier sushe
[route-classifier-sushe]undo if-match acl 2002
[route-classifier-sushe]if-match acl 3002
[route-classifier-sushe]quit
[route]PC>tracert 1.1.1.1
traceroute to 1.1.1.1, 8 hops max
(ICMP), press Ctrl+C to stop
1 192.168.20.254 32 ms 47 ms 46 ms
2 * * *
3 1.1.1.1 47 ms 63 ms 62 ms
PC>tracert 2.2.2.2
traceroute to 2.2.2.2, 8 hops max
(ICMP), press Ctrl+C to stop
1 192.168.20.254 31 ms 47 ms 47 ms
2 * * *
3 2.2.2.2 78 ms 63 ms 78 ms
PC>
评论区