- 积分
- 16840
在线时间 小时
最后登录1970-1-1
|
马上注册,结交更多好友,享用更多功能,让你轻松玩转社区。
您需要 登录 才可以下载或查看,没有账号?开始注册
x
(1)实验需求:
4 l+ z& x3 P. _: [" e) B1)链路聚合" h4 T/ ^1 Y$ y- j: H2 G, {
S1和S2使用链路聚合将两条物理链路组成一个逻辑链路,用于实现链路负载分担和备份,设置S1为LCAP主动端,要求逻辑链路基于目的MAC方式进行负载分担;( [ Q1 b/ u" T
2)VALN及VLAN间路由
1 `( P! Q$ g, \2 v1 Y! E" i要求所有VLAN客户端和服务器之间互通;
R' `0 n# F1 j. H3)OSPF和RIP部分
. T* |. ]: W3 b# s7 s/ F5 aR2、R3、S1、S2使用OSPF;R3、R4、R5开启RIP;
" k% h% w4 Z5 U" v3 G4)路由重分发. Y6 g: r- n% S# w! }5 \
要求OSPF与RIP进行充分发,实现可以相互通信;% Y" R7 G6 x% o; L/ u( g+ k' H3 T
5)NAT及访问控制
: d0 l- n P. E" Q; W, f要求192.168.20~21.0/24网段的主机不可以访问互联网,服务器以202.106.0.200地址发布到互联网,互联网用户PC1可以通过这个地址访问服务器!
* K0 Z d! a; y) Q$ @8 L该拓扑图涉及的命令如下:8 |% }4 e5 v% t- l6 u+ _ R/ _
链路聚合;
]( u7 A* o1 g% Y, T/ o @vlan划分;3 q4 G2 f( k7 c% S
单臂路由及三层交换;
4 _+ ~. V1 U* i; o9 |$ v+ I/ q1 fOSPF及RIP的动态路由配置;; D# b- o) b# O: Y% [- w& f
路由重分发;
2 g# m/ J s& {. w6 ~' CPAT及静态NAT的配置;; o, t( X1 `& U& \) Q
基本ACL及高级ACL配置;
. @$ w* b$ N8 Y8 ~5 C(2)案例实施
" o3 R" Q! W( V a9 O1)pc、server自行配置IP地址9 z* K: w# J- j+ s- S: S
2)配置链路聚合, i3 Z0 z7 k) A* p \6 l" F
华为的链路聚合主要通过LACP进行实现。在配置时,需要指定优先级、工作模式、负载均衡模式以及所需的成员接口。6 q; ^" @9 y. Z v& ~* E
S1的配置如下:
. [1 C2 ^, c) R+ A<Huawei>system-view //进入系统视图模式
9 z. ^1 x9 d9 t( ?6 I, Q K& _" WEnter system view, return user view with Ctrl+Z.
6 F5 B1 J: L2 d" x+ H[Huawei]undo info enable //关闭回显信息,避免打乱, u3 B% W7 q" g* f
Info: Information center is disabled.- E1 [' e4 |0 G( V o1 e1 `/ h Q; C
[Huawei]sysname S1 //配置设备名称为S1, p, I8 J% i! `9 n Q7 F [
[S1]lacp priority 1000 //设置S1设备的系统LACP优先级% ? B8 [- N5 y8 X- @5 ~5 Z
[S1]interface Eth-Trunk 12 //创建链路聚合逻辑接口,名称为 Eth-Trunk 12
: h' }! ?* M" y+ X4 b[S1-Eth-Trunk12]mode lacp-static //配置静态LACP模式
* U. C" m0 [: w w, w% O, O[S1-Eth-Trunk12]load-balance dst-mac //配置负载均衡模式为目标MAC地址 }+ y1 s0 V2 L( a J) C2 ]0 b' S
[S1-Eth-Trunk12]trunkport GigabitEthernet 0/0/2 //添加成员接口G0/0/2. [1 S+ B9 C4 B1 C- G* ~4 |5 V: Q ]
Info: This operation may take a few seconds. Please wait for a moment...done.# y4 K8 S. h5 @: W/ O3 @
[S1-Eth-Trunk12]trunkport GigabitEthernet 0/0/3 //添加成员接口G0/0/3
" O- D/ R5 ]) R) A% w* f! QInfo: This operation may take a few seconds. Please wait for a moment...done.9 b" C: Q8 a7 Y% z$ w
[S1-Eth-Trunk12]quit //退回系统视图模式" @0 D2 @0 d- H; f) o* v
/ T- k( m; e* t3 ^
; h ]# b! j) p+ \3 K
3 \" c- P- A9 h+ f- X**注意:**LACP优先级值越小,优先级越高。默认情况下,系统LACP优先级的值为32768。在两端设备中选择系统LACP优先级较小的一端作为主动端,如果LACP优先级值相同,则选择MAC地址较小的一端作为主动端。
- u W5 |3 m- i$ ~! m( wS2的配置如下:8 j. ?8 K: t# P" d! l
<Huawei>system-view
~% |( C7 E1 y" \1 m. T[Huawei]undo info enable . g4 o: @- ]) Q. J
Info: Information center is disabled.
1 X2 P) R5 k6 S' T9 t+ L3 C: M* a[Huawei]sysname S2
0 F# W+ h& X) p3 B# c* ^$ A8 p) j[S2]interface Eth-Trunk 12* ?; u( p" E6 u) h' O2 Z7 ]6 e1 W" P
[S2-Eth-Trunk12]mode lacp-static " E l# ]$ v H) C
[S2-Eth-Trunk12]trunkport GigabitEthernet 0/0/2
: u. A& l- c8 W) v8 `Info: This operation may take a few seconds. Please wait for a moment...done.
) q3 Z1 X* F3 \" P* a: |# f[S2-Eth-Trunk12]trunkport GigabitEthernet 0/0/3+ f1 c& N1 r" d
Info: This operation may take a few seconds. Please wait for a moment...done.
) X9 ^: _. r0 w; k; h: s[S2-Eth-Trunk12]quit2 |( c% `, F% p; g) ?" G5 h
//由于配置命令与S1设备差不多,这里就不多做解释了
* ~ F0 m# d* J: B* h1 J' X" F, ^3 a& v# q2 ^) |
( v. t, f: ?6 k( \* i6 t% w8 @$ P8 ? A; l
3)配置VLAN间路由
6 B; e' {, H- |VLAN之间的路由主要通过S1和S2实现,需要注意的是,即使S1和S2上面的接口都是trunk模式,也需要创建相应的VLAN,因为交换机收到来自某VLAN的数据包时,如果它本身没有改VLAN时,那么将会丢弃该数据包。. L& }# t8 @/ `
S1的配置如下:
" I' S" n1 Q2 X4 e[S1]vlan batch 10 to 13 //一次性创建VLAN10~VLAN13. V- v- }! S& L% B: v$ T8 |
Info: This operation may take a few seconds. Please wait for a moment...done.
% X( Q1 o% F$ l3 p. S+ q[S1]interface Eth-Trunk 12 //进入链路聚合接口
$ r A+ L; |. {. m) O7 z- S[S1-Eth-Trunk12]port link-type trunk //配置链路聚合接口模式为trunk* p) u* G7 I! T% b6 ?
[S1-Eth-Trunk12]port trunk allow-pass vlan all //trunk链路允许所有VLAN通过
+ g( Q# q4 g! l7 Z1 n[S1-GigabitEthernet0/0/4]int g0/0/4
2 ?9 S, X2 y* v3 m% V3 {[S1-GigabitEthernet0/0/5]port link-type trunk //链路聚合模式为trunk% ?! D* x+ @1 J
[S1-GigabitEthernet0/0/5]port trunk allow-pass vlan all //允许所有VLAN通过
/ H# r6 ~8 `# b* W* t* H1 X/ l[S1-GigabitEthernet0/0/4]int g0/0/5
* E+ R2 T: \( L- Z7 y z[S1-GigabitEthernet0/0/5]port link-type trunk( D' M7 q* ?' @0 `- F- ?
[S1-GigabitEthernet0/0/5]port trunk allow-pass vlan all% l1 g1 J! a5 J0 R
[S1-GigabitEthernet0/0/5]int vlan 10 //进入VLAN10' G4 s9 c' G( r' p
[S1-Vlanif10]ip add 192.168.10.1 24 //设置IP地址
g$ j5 F8 n3 k# J' |3 Q[S1-Vlanif10]int vlan 11" q% X) x0 o4 W. I' G
[S1-Vlanif11]ip add 192.168.11.1 24/ ^- H* R* y, V# O2 ?
[S1-Vlanif11]quit5 e4 a2 S& i" {' V% F% D" @9 x, `
4 [8 s7 J2 z% a4 i" N5 P. m
" ^4 [, u% \: k9 V7 B( U9 q
' t U% \6 s' s H q
) i/ `6 C# b/ z
**注意:**华为设备的Trunk通道默认不允许除VLAN1以外的所有VLAN,而Cisco设备默认则允许所有VLAN通过。所以在配置华为设备时,在配置完成基本的Trunk配置后,一定要加上允许相关VLAN通过Trunk的命令。& e) @+ [; V7 |$ O$ N9 y' \
S2的配置如下:$ B5 k' Q' a+ L5 w$ w* E
[S2]vlan batch 10 to 13
1 W6 r% w" Z# R' y+ ~- i8 W3 ?1 v( `Info: This operation may take a few seconds. Please wait for a moment...done.
- s7 T3 p6 q" I, j0 m) E* h$ L) s[S2]interface eth-trunk 12- ]* `+ B- P; A
[S2-Eth-Trunk12]port link-type trunk4 P$ q; o& D; e2 ^4 _8 X
[S2-Eth-Trunk12]port trunk allow-pass vlan all
* n* o$ @& Q0 S, P+ D4 A: _) j! \[S2-Eth-Trunk12]interface g0/0/4
1 ^ `3 N, y' M8 i2 w# a. ?: a[S2-GigabitEthernet0/0/4]port link-type trunk8 V7 ]& _* N7 L. S7 v( d
[S2-GigabitEthernet0/0/4]port trunk allow-pass vlan all" Y% w5 p; ~3 B: B$ e9 W) _
[S2-GigabitEthernet0/0/4]interface g0/0/55 u3 b# o2 r" ?+ g+ a
[S2-GigabitEthernet0/0/5]port link-type trunk/ M5 l: y( Z# t
[S2-GigabitEthernet0/0/5]port trunk allow-pass vlan all" @" b6 y5 b, D' J/ Z1 [
[S2-GigabitEthernet0/0/5]int vlan 12+ F" ?$ C. a' X, F c0 i2 N. g0 _
[S2-Vlanif12]ip add 192.168.12.1 24
5 f! |7 A2 @* ~& [% z[S2-Vlanif12]int vlan 13
1 n$ H- u8 q: b5 _, L+ z J2 R[S2-Vlanif13]ip add 192.168.13.1 244 | i3 g7 u% f. x
[S2-Vlanif13]quit
3 g- T5 b, i: n9 _' V' Z//与S1 命令基本一致,这里就不多做解释了!
( K' M. L7 z* v7 t) f- P8 {( T/ l5 }- K7 v" ?6 g& Z2 k
y9 C: U8 s3 A
( c, N& f8 J! A. s: |1 M. x7 m% ?' t- P1 i) C* d0 t
4 R, I8 }, U, Y; B% }6 \$ B' C& Z5 k
SW1的配置如下:$ V5 Y. F4 w4 R- z
<Huawei>system-view
P6 d, y( t& A6 [& p. ?Enter system view, return user view with Ctrl+Z.
0 N" N$ C$ p0 w w, o) ~' {3 {% Z[Huawei]undo info enable 1 }: s! W7 S& q5 {3 B) J, \3 q
Info: Information center is disabled.3 r& d2 S) [/ B6 } i+ ], J; b
[Huawei]sysname sw14 A {2 |! o) r1 [
[sw1]vlan 10
2 v" I# h( |& E# T' ^$ R4 G$ t- p[sw1-vlan10]interface g0/0/1
! ^" e8 [0 u6 v* U+ M! U( N& a* D[sw1-GigabitEthernet0/0/1]port link-type trunk
. a4 |- D G- h: Q) A$ S9 a[sw1-GigabitEthernet0/0/1]port trunk allow-pass vlan all
9 `9 E- h% k s; s7 a[sw1-GigabitEthernet0/0/1]int g0/0/2 & J( s4 K5 e& C P9 `
[sw1-GigabitEthernet0/0/2]port link-type access //配置端口模式为access
s. o; v5 T: _& s: e3 f% b[sw1-GigabitEthernet0/0/2]port default vlan 10 //接口加入VLAN 10
" m9 e; M S" q2 p6 C4 x }[sw1-GigabitEthernet0/0/2]quit
, y' k2 P9 @% b# v# U* B/ @, b$ j$ M7 j! {4 r @
% U+ x+ z0 O% K+ a% r5 ]1 b
. k7 J1 k1 C, {( z' U% p |: mSW2的配置如下:6 Q: l$ d C% ^: d# e
<Huawei>system-view % F& {3 Y3 {8 M/ F9 U8 B
Enter system view, return user view with Ctrl+Z.+ }- |, b a! _: v# D
[Huawei]undo info enable
! P- G4 N. Z. t; O0 p- T0 lInfo: Information center is disabled.1 O9 R, X2 G |7 Z. l
[Huawei]sysname sw2 8 { w$ E( p! g. H n7 _
[sw2]vlan 11
! d1 k7 `" J& s" u[sw2-vlan11]interface g0/0/1
" H3 |9 y) D1 U9 b. B* Y3 `8 |$ e" l[sw2-GigabitEthernet0/0/1]port link-type trunk
& r5 c: H: v( V9 u$ ]5 V[sw2-GigabitEthernet0/0/1]port trunk allow-pass vlan all
) P+ }/ e- [! j* ?, W[sw2-GigabitEthernet0/0/1]int g0/0/2
* u4 l5 F2 K" U2 V; T' `[sw2-GigabitEthernet0/0/2]port link-type access
/ o: b/ C* `6 A, G[sw2-GigabitEthernet0/0/2]port default vlan 11
% U' O2 f2 u, Z3 r[sw2-GigabitEthernet0/0/2]quit2 A% p, n4 \ c. d
8 e( e5 q! w' w& h( C& T7 q! P/ l
, M4 w8 E# P B: n: \2 F- V4 @* Q6 D! k" n' {9 K1 T* }) K
SW3的配置如下:7 L$ C5 ]' M, p! Y% |! Y
<Huawei>system-view
* H7 D7 u' v1 |1 Q, j$ PEnter system view, return user view with Ctrl+Z.% P3 g B) o. V5 V% P
[Huawei]undo info enable
' F' k) A" X8 W s% xInfo: Information center is disabled.
5 |0 I3 x6 \! K. y[Huawei]sysname sw3
8 k# ^2 n9 T, |$ Q; I+ q* J[sw3]vlan 12- `; d8 m9 T6 G* X0 n+ b. Q* X. A% c
[sw3-vlan12]interface g0/0/1
" e6 e2 ^0 g; j: ^, F0 ~/ F) U. E; O$ K[sw3-GigabitEthernet0/0/1]port link-type trunk
6 q5 F2 b1 r9 X$ F% M) B* B[sw3-GigabitEthernet0/0/1]port trunk allow-pass vlan all
1 Y2 ]5 E" A6 C1 z- l[sw3-GigabitEthernet0/0/1]interface g0/0/2
5 f8 g1 J- {0 Z: v; L% ?8 X[sw3-GigabitEthernet0/0/2]port link-type access
6 s Z1 I, @! a4 L' ~: ^[sw3-GigabitEthernet0/0/2]port default vlan 12
$ _$ S4 f( |2 ?) v4 S[sw3-GigabitEthernet0/0/2]quit
) _- d, d" [6 z, n9 L% b6 _, a" \% z
$ I) f/ U0 A) O! ?$ y* B8 N
: a6 i; |# u' a9 l0 f" \6 J$ \0 R& l
SW4的配置如下:
( U4 S. O& r% @+ c+ H* D; a3 u<Huawei>system-view / P# y& q/ z; E1 o: n) T& K$ D' y; H
Enter system view, return user view with Ctrl+Z.
: X0 a: k" n! w6 c& f" r. A. ~[Huawei]undo info enable
2 J! b4 f' ~1 UInfo: Information center is disabled.0 J1 E" E6 e' u! f; H* e
[Huawei]sysname sw4
# k' p+ f, A: p6 v% E/ u7 I( E. I M[sw4]vlan 13
0 `4 h8 W: a6 j( b+ z# y[sw4-vlan13]interface g0/0/16 P1 ?5 m2 C; v1 H6 r
[sw4-GigabitEthernet0/0/1]port link-type trunk# C( P/ F2 i" i* h( R$ U* k# O
[sw4-GigabitEthernet0/0/1]port trunk allow-pass vlan all+ R8 J6 y3 Z. m; s, [
[sw4-GigabitEthernet0/0/1]interface g0/0/2/ s0 W/ [# j. r
[sw4-GigabitEthernet0/0/2]port link-type access
$ @. J# B; ]/ W[sw4-GigabitEthernet0/0/2]port default vlan 13& W8 e' M& }+ F9 i' w
[sw4-GigabitEthernet0/0/2]quit
) X8 z( J+ b+ E: u% S9 P' X
) u* [+ F5 G' c; V4 T* f2 U8 v0 Z; `( k! `, @
/ u o2 i/ f- V" r! U4)配置单臂路由# X1 U. ^, f) t; ?) _7 b! R
华为的单臂路由与Cisco几乎没有差别。主要有两项配置,一项是交换机与路由器之间的Trunk配置,另外一项是路由器的子接口配置及关联相应的VLAN。
9 N. V& ~- j, sR4的配置如下:
0 q* u: j/ l: o) F0 h& u$ g<Huawei>system-view ' A* y" U6 K. n7 B. e0 p1 E
Enter system view, return user view with Ctrl+Z.
& b6 t% o- I6 m* c6 K$ u: ~- U[Huawei]undo info enable
7 m1 I, i& X4 i3 y9 W2 GInfo: Information center is disabled.( w7 d, U& X# Q( N$ H% |
[Huawei]sysname R4; k [! R+ X9 L
[R4]int g0/0/03 ^6 ^$ B5 ^5 Y! J, q% h2 g
[R4-GigabitEthernet0/0/0]ip add 192.168.101.2 24
& J3 X# l3 w7 N) [2 k; N; E9 f& {[R4-GigabitEthernet0/0/0]int g0/0/1.1 //进入子接口
4 e3 X; l, X, g; `* w) r[R4-GigabitEthernet0/0/1.1]ip add 192.168.20.1 24 //子接口配置IP地址
* B1 x, F5 j+ o: y, k5 p[R4-GigabitEthernet0/0/1.1]dot1q termination vid 20 //使子接口与vlan 20关联
, H, {, ^3 |; g1 x[R4-GigabitEthernet0/0/1.1]arp broadcast enable //子接口打开ARP广播
) ^3 d& N# F& u: ?[R4-GigabitEthernet0/0/1.1]int g0/0/1.2* t# l, Y' O0 g7 R+ Z; Z- x
[R4-GigabitEthernet0/0/1.2]ip add 192.168.21.1 24
2 D' U9 X/ `: O4 o[R4-GigabitEthernet0/0/1.2]dot1q termination vid 21
) y/ c2 ]+ U3 P. I {( B7 H6 ~[R4-GigabitEthernet0/0/1.2]arp broadcast enable4 s4 G$ @4 i9 @: [. g/ r
[R4-GigabitEthernet0/0/1.2]int g0/0/2( N9 F: v) l8 H2 e' }6 V7 H' c/ V7 |
[R4-GigabitEthernet0/0/2]ip add 192.168.102.1 24
, Y3 _2 e* T' z; }4 p[R4-GigabitEthernet0/0/2]quit
6 V# _5 n1 u! [/ w/ c
1 U3 w/ ]$ B4 j( K' |3 M8 p$ J" B
L' P# Q; D+ s$ x# v" e6 Z$ K( {0 u! V" t- A) f
SW5的配置如下:
. p9 @3 l$ {& m; p2 d<Huawei>system-view
1 U: r( o6 b. G4 e) lEnter system view, return user view with Ctrl+Z.# K# E- t' Y# O6 ?; o6 M
[Huawei]undo info enable
3 l0 e$ x+ k0 e* N9 w) kInfo: Information center is disabled.
2 i$ X n# r2 ]4 _0 ?" V[Huawei]sysname sw5
' G% Q; d8 U: W- I2 p5 I0 m" v[sw5]vlan 20( M `* B7 q# t
[sw5-vlan20]vlan 21 //VLAN也可以一个一个的创建
3 H% q \) F2 Q: v0 \! g[sw5-vlan21]int g0/0/1
; |6 i) j8 N! r+ O$ m8 a9 {[sw5-GigabitEthernet0/0/1]port link-type trunk
9 [- {3 ^6 p% S3 C% l+ g- M[sw5-GigabitEthernet0/0/1]port trunk allow-pass vlan all% t4 p& _# L( V0 ^
[sw5-GigabitEthernet0/0/2]int g0/0/21 b8 y) U% Z4 V8 |) L1 V
[sw5-GigabitEthernet0/0/3]port link-type access
$ \% f3 {' S! @0 P, O" Y$ U; Z6 ^. n[sw5-GigabitEthernet0/0/3]port default vlan 20
$ p6 ]7 F7 b9 |5 q[sw5-GigabitEthernet0/0/2]int g0/0/3
B) t, F+ G$ [& C8 B# N- u[sw5-GigabitEthernet0/0/3]port link-type access3 [# K/ e/ f, t
[sw5-GigabitEthernet0/0/3]port default vlan 21
4 G) ]! Q+ z* a% j. A7 l! S3 N& K
5 {6 {, X# ~! I' ~* u& y$ s1 A( d- h9 A2 x8 P8 y, z
7 g5 \; o3 y0 E2 V+ y5 b* t
9 l6 n; i' Y( T) r, u8 |
5)配置OSPF与RIP( w8 k+ s% Y# n
华为的RIP配置与Cisco命令几乎一致,注意把no变成undo即可;配置OSPF时与Cisco不同,它不是一条network命令同时宣告网络和区域,而是在某个区域下的子模式宣告相应的网络。
1 i$ i. ^4 C' R( m( T, ~! o% XS1的配置如下:% [% O% d6 J: x9 \1 D
[S1]vlan 50
0 w" B8 j& T+ r8 m4 s+ f[S1-vlan50]int g0/0/1* y" Q) i3 f [1 F7 O
[S1-GigabitEthernet0/0/1]port link-type access
7 [. c) v- z9 t o( V; }% l[S1-GigabitEthernet0/0/1]port default vlan 50 //物理接口加入VLAN) D& X, U' d. w1 j s
[S1-GigabitEthernet0/0/1]int vlan 50
9 I, c4 K6 S& d% w/ C$ _) U[S1-Vlanif50]ip add 192.168.50.10 24# e; O3 r' G' ~# x3 I
[S1-Vlanif50]ospf 1 //进入OSPF进程
3 U: ^+ K* `% ^2 q1 {3 R9 x[S1-ospf-1]area 0 //进入区域0: ? e. W6 Y2 W4 [" G/ L
[S1-ospf-1-area-0.0.0.0]network 0.0.0.0 255.255.255.255 //简单起见,宣告所有网段8 K M# R, b5 O6 g( W K3 b5 z
[S1-ospf-1-area-0.0.0.0]quit2 J1 `, f" _: |
% Y1 H! X+ R) i& E& O4 V
; e* h" o! i5 a& ]/ n) `4 `" ], e1 E$ P8 ^( B* A* J' g
**注意:**在配置OSPF时,如果想要指定router-id,可以在进入进程模式时追加router-id,如[S1] ospf 1 router-id 1.1.1.1 。另外,华为三层交换机的二层接口没有直接提升为三层接口的命令,类似于Cisco下的no switchport命令。所以在做VLAN间路或者和路由器直连时,只能配置VLAN虚接口,物理接口与VLAN做个绑定!, s9 n* N5 E& A) Q) F
S2的配置如下:" g5 v6 h \. T3 K8 b9 k/ {
[S2]vlan 60
P4 n, B1 k6 H' ^+ W( u[S2-vlan60]int g0/0/1
' F6 s5 J, n9 w8 `( `[S2-GigabitEthernet0/0/1]port link-type access
8 p5 Y( X* K. |) R[S2-GigabitEthernet0/0/1]port default vlan 60
# A% P& A# L+ N1 j" i( Y[S2-GigabitEthernet0/0/1]int vlan 60+ V8 }+ r! J4 o$ E# v8 e; \
[S2-Vlanif60]ip add 192.168.60.10 247 ^: n, P& |) x* c
[S2-Vlanif60]ospf 17 U5 J l9 K+ H; N& ^
[S2-ospf-1]area 0( y! o, A& A( w' @1 t/ O5 w
[S2-ospf-1-area-0.0.0.0]network 0.0.0.0 255.255.255.2553 Z2 d' K; Z2 s0 L/ N, [
8 N/ V4 J6 @: G) X8 n
8 w+ W5 ?6 Z( f4 ?; o. G& N y' q6 J
R2的配置如下:
& F& ]4 y# v; O* Z- ]! J<Huawei>system-view % R) D3 E; F3 Q8 K: _
Enter system view, return user view with Ctrl+Z.
" `, {$ b+ x" V( L[Huawei]undo info enable / i7 L- E" F. K% U5 q* ]
Info: Information center is disabled.
$ l+ A- S4 y. W. `[Huawei]sysname R2# Q, K. J3 h: W9 T0 a
[R2]int g4/0/0& U% _9 a4 ?, V; |- B, i
[R2-GigabitEthernet4/0/0]ip add 202.106.0.10 24
- Y; f9 }* K3 D! M4 h8 a[R2-GigabitEthernet4/0/0]int g0/0/1& k% Q6 p6 C$ G3 |5 l
[R2-GigabitEthernet0/0/1]ip add 192.168.50.1 243 [0 a/ U; }3 ?; L
[R2-GigabitEthernet0/0/1]int g0/0/29 L+ X6 [2 q$ |% K Y7 S
[R2-GigabitEthernet0/0/2]ip add 192.168.60.1 24; {$ T, H8 b |, c D; G
[R2-GigabitEthernet0/0/2]int g0/0/0
" ]" `# A9 X' W4 v* J- k" _! a1 z[R2-GigabitEthernet0/0/0]ip add 192.168.100.1 240 ^7 v( V2 ^. R: [
[R2-GigabitEthernet0/0/0]ospf 1" [: m/ m' {' Q6 [& f
[R2-ospf-1]area 0/ C5 p- B# f1 R3 L9 G6 C6 x
[R2-ospf-1-area-0.0.0.0]netw
. u: I/ }2 a1 Q# r: b! N: O[R2-ospf-1-area-0.0.0.0]network 192.168.50.0 0.0.0.255
3 I- S' O/ X) ^+ e# k[R2-ospf-1-area-0.0.0.0]network 192.168.60.0 0.0.0.255
. i/ t4 D* U4 ]( o1 _9 P[R2-ospf-1-area-0.0.0.0]network 192.168.100.0 0.0.0.255
. h; v. N7 @2 b/ |# F+ T//注意这里OSPF就不可以声明所有网段了,否则实验外网与内网通信就没有意义了!
7 b$ Z: q s( |# k* T5 _[R2-ospf-1-area-0.0.0.0]quit
* h- c7 [6 h" \& t, D4 }% V3 ~! a5 P+ D" S. Z$ J1 R& M
2 R# e" c7 J% p6 R( x
( ]1 v, T7 D* N' M4 cR3的配置如下:
/ _) x2 G0 B8 `! O! B" C2 I, D<Huawei>system-view
9 A0 R& B9 Z6 C3 ?8 |% V6 \Enter system view, return user view with Ctrl+Z.
' ]: K5 j6 q' Y: Q# J[Huawei]undo info enable
, \ M2 w+ P2 a8 N2 e4 D) HInfo: Information center is disabled. `7 m4 S' b" f
[Huawei]sysname R36 F. Q9 X5 t; M) [
[R3]int g0/0/0
2 d* U2 f( E+ w9 J, {0 L( ][R3-GigabitEthernet0/0/0]ip add 192.168.100.2 247 C8 F) y9 Z' A9 F3 @3 \
[R3-GigabitEthernet0/0/0]int g0/0/1% J" R3 g/ w% p
[R3-GigabitEthernet0/0/1]ip add 192.168.101.1 24
" }( z) O3 m" P9 N[R3-GigabitEthernet0/0/1]ospf 1+ |5 G+ c8 W. s
[R3-ospf-1]area 0
2 {% k( g/ s5 t" F+ U C[R3-ospf-1-area-0.0.0.0]network 192.168.100.0 0.0.0.255
+ z- {+ Q4 f* x0 X/ ^[R3-ospf-1-area-0.0.0.0]rip //进入RIP进程模式,默认进程ID为1
+ y: j( K6 B% J( b[R3-rip-1]version 2 //指定RIP版本
# E+ R4 A( F- D( l$ V# P[R3-rip-1]undo summary //关闭RIP的自动汇总
5 k# F# `7 L7 f2 Y[R3-rip-1]network 192.168.101.0 //宣告网段5 }1 [8 D: R( H& E) m9 g
[R3-rip-1]quit, F3 k7 F" w! }
" n! z0 R D& V7 w/ L
: d4 g9 a" g4 s1 b3 ~& L u$ K; R$ J8 T+ x
注意:在Cisco的IOS中配置RIP时,及可以通过标准的类宣告网络,也可以根据实际网络来宣告。比如:10.1.1.1/24,那么在宣告时,命令10.1.1.0和命令10.0.0.0都可以,但是Cisco将其纠正为10.0.0.0(为标准的宣告方式)。在华为设备中,只能以标准的方式宣告RIP网络。即根据主类的掩码来宣告!# W# _" g5 z( m9 z* {. m
R4的配置如下:8 |" s# \( M9 [& J8 P
[R4]rip
g' {. }0 s" @& y/ D[R4-rip-1]version 2
- U0 [. ~, ?3 e[R4-rip-1]undo summary
9 J, G& w+ x: d) h+ O8 \( p[R4-rip-1]network 192.168.101.0( t8 Z6 g5 C8 e) ~! ^4 ]# {
[R4-rip-1]network 192.168.20.0
, R* V" @. n* V& F+ ~ N[R4-rip-1]network 192.168.21.0
2 X! [# x8 ]8 U0 q[R4-rip-1]network 192.168.102.0
9 \, s3 J2 j% K& V# j4 P7 W- ]% ?+ U2 s3 a- G: f; z
1 J. ^$ n: D+ V; ], ~: H; ~$ z
R5的配置如下:2 Y, j3 Y/ _, G: f$ L
<Huawei>system-view * }8 E: t+ r0 A1 y' X7 }- j
Enter system view, return user view with Ctrl+Z.2 X1 F) X* Q \3 d
[Huawei]undo info enable # J8 u: v4 S5 u4 o
Info: Information center is disabled.( g* P! m% |- ]
[Huawei]sysname R5
- K) i9 {# K. Y* }; L5 B$ K& K[R5]int g0/0/02 ~6 S2 a. X$ r! k6 w- G- @; B
[R5-GigabitEthernet0/0/0]ip add 192.168.102.2 2
7 @+ N3 `3 Q$ a0 j4 m[R5-GigabitEthernet0/0/0]int g0/0/1$ Q: o% n( E% B8 i5 s2 l
[R5-GigabitEthernet0/0/1]ip add 10.0.0.1 24, {' v* n; J7 H$ r) l' I0 X6 F
[R5-GigabitEthernet0/0/1]rip( N% W6 ?7 Y# [( k9 a) a6 p1 H
[R5-rip-1]version 2 X6 ^; j& S( m1 }' Z. x
[R5-rip-1]undo summary
, t/ B6 r* P7 ]' A+ C: k[R5-rip-1]network 192.168.102.09 V3 ?/ o4 {. @. C/ ^: _# ~
[R5-rip-1]network 10.0.0.0" c: U% X I% L6 `. ?( q
2 y `: G; N6 R, O1 v3 E
# z: ^+ S; n8 o6 }2 E
$ M& _& A* L7 p2 T% d! H3 v+ I0 ~6)配置路由重分发
Q* g, t5 a2 g华为设备的路由重发分是通过import-route命令实现的,不管导入的是什么协议,都要就上进程ID号,和Cisco一样,如果把A协议导入B协议中,那么首先要进入B的路由进程中,执行导入A的命令,反之同理!
" @1 ~$ r3 Z1 t2 H$ }- a) U/ O* mR3的配置如下:, J5 t0 u& y* A4 W, k9 f* z: I( g
[R3]ospf 1
* U7 J7 ]: p! D2 Z" T[R3-ospf-1]import-route rip 1 //进入OSPF进程宣告RIP进程$ W9 l! k% f: X p9 N
[R3-ospf-1]rip+ |* P- Z, |( B; |, E' T
[R3-rip-1]import-route ospf 1 //进入RIP宣告OSPF进程
& v- }: J) i$ n[R3-rip-1]quit
3 s+ W, p3 N6 f% @ t+ H# D! p9 n2 L
, o) [9 | i! l+ {( I% H' UR2的配置如下:
% a, |' f/ m; K5 g9 v[R2]ip route-static 0.0.0.0 0.0.0.0 202.106.0.1$ A# _2 {! ^' C6 g1 S0 l
//真实环境中,内网连接外网的服务器肯定是一条默认路由1 J' O- b% j M' }+ b; s
[R2]ospf 14 }: k% d* T: g2 K& h! T9 S
[R2-ospf-1]default-route-advertise8 A, X7 Q1 U" G% U
//宣告默认路由(前提是有默认路由) m5 h! n5 |$ F
9 }# a3 t+ D0 a& X& A
% c6 C7 W; ?4 H G& N; ]; L# `7 ]: z% g$ \8 a" C0 D
7)配置NAT及访问控制
x0 B% K# J4 l5 R$ u华为的NAT转换直接配置在外部接口模式下,需要转换的内部流量通过ACL抓取,而转换后的内部全局地址通过配置NAT组实现。# C9 j4 w V, b9 b% n3 M z
R2的配置如下:
/ C% g" F8 g2 q9 F) D[R2]nat address-group 1 202.106.0.100 202.106.0.100 //定义NAT组(池)
( }3 u! s. J/ }- d[R2]acl 2000 //编写编号为2000的acl规则
* _0 u# X: b3 D* Y# [+ f: F[R2-acl-basic-2000]rule 0 permit source 192.168.50.0 0.0.0.25( c. U" I; `# c! ^4 J
[R2-acl-basic-2000]rule 10 permit source 192.168.60.0 0.0.0.255) P3 e& p" i0 X+ ?+ F9 ?4 b0 `
[R2-acl-basic-2000]rule 20 permit source 192.168.10.0 0.0.0.255
) p) Q. h# n# n; B0 O. V3 d9 |. C[R2-acl-basic-2000]rule 30 permit source 192.168.11.0 0.0.0.255
+ E) Z8 W7 R* l! _" G) t$ M$ n[R2-acl-basic-2000]rule 40 permit source 192.168.12.0 0.0.0.255
% S8 | h% z* C7 s6 [( e) H7 X' H; j: ?[R2-acl-basic-2000]rule 50 permit source 192.168.13.0 0.0.0.255
5 i/ } S& l# }//允许源地址访问,当然可以做路由汇总少写一些!
9 F. [( @0 C) `: R" |[R2-acl-basic-2000]int g4/0/0
u m# z; M z2 b' @1 [[R2-GigabitEthernet4/0/0]nat outbound 2000 address-group 1
( Z+ E) I' ? g8 Y+ Z7 P- g//定义PAT,将acl允许的地址映射到地址池中
- G, \# \$ g1 ~2 u: k7 |* ^[R2-GigabitEthernet4/0/0]nat server global 202.106.0.200 inside 10.0.0.103 U6 p5 F) P. ] M
//定义静态NAT,一对一!
) S( I( h7 Y( [9 e `" f[R2-GigabitEthernet4/0/0]quit1 r% s. N b) T
[R2]acl 3000
& ?; q: Y# l) F( m! }[R2-acl-adv-3000]rule 0 deny ip source 192.168.20.0 0.0.0.255' ~$ ]: K U1 B1 ~8 R# x1 v
[R2-acl-adv-3000]rule 10 deny ip source 192.168.21.0 0.0.0.255 destination 20.0.0.0 0.0.0.255 destination eq803 F. h5 ?) ]" y
//定义编号为3000的acl,拒绝源地址,可以加上目标地址和端口0 U: m. m5 k0 S( u# s; J" e# \6 ^
[R2-acl-adv-3000]int g4/0/0
; R& A' D- a. [5 L/ F: `[R2-GigabitEthernet4/0/0]traffic-filter inbound acl 3000! z4 ^7 [2 f9 s1 U/ W
//接口应用编号为3000的acl
- S3 Y" {" t7 w. j5 n* x5 \
3 i) i. l; c P1 v+ \: S
( R* ]5 {2 m- M5 X: D. E. D! N! m3 a: U" c( l2 w9 U% N6 Q" ]+ z8 P
**注意:**华为的ACL与Cisco类似,分别分为基本与高级,类似于Cisco的标准和扩展。其中基本的编号为20002999吗,高级的编号为30003999。rule后面的编号表示ACL规则的生效顺序!5 D/ s1 l# R6 F& n) w
R1 的配置如下:: ?" I7 s. Y: J) D
<Huawei>system-view $ d" i5 E' I' W
Enter system view, return user view with Ctrl+Z.) E$ a$ M$ W" ?$ w4 @# E
[Huawei]undo info enable ( a9 z& I: r& N5 j9 z9 |1 f
Info: Information center is disabled.
+ s$ W* J. ]0 N4 a+ ]3 U[Huawei]sysname R1
6 L; O' r) ]) _0 j ^1 H; A[R1]int g0/0/0$ q2 k5 g5 `+ a) _" F
[R1-GigabitEthernet0/0/0]ip add 202.106.0.1 24
) U* V" W2 H( ?[R1-GigabitEthernet0/0/0]int g0/0/1
- L8 j! {* T" q[R1-GigabitEthernet0/0/1]ip add 20.0.0.1 242 f Q Q" [$ g0 ~
//注意,R1只配置IP地址即可!
, \" z) _7 G4 C5 J4 H! X+ U- d& _; g! z6 F6 p" A: z& {
配置完成之后,可以自行进行验证,本次博文只是为了尽可能的展示命令而已!
% ^9 W3 ?) [& j7 B. S# w" o三、常用的排错命令- c' F; N( @6 A8 X+ n
[S1]display current-configuration //查看当前设备的所有配置& ]& Z* t* k' Q+ [' p
[S1]display ip routing-table //查看路由表6 r0 \) Z. U+ \# J
[S1]display vlan //查看vlan信息6 n9 c/ m! k( z$ L4 n/ T" G2 X, G
[S1]display ip interface brief //查看接口状态
6 ~$ Y- G/ ^$ j! [/ i) C" D! x[S1]display current-configuration interface vlan 10
~1 K* w0 l# S//查看某一个接口的当前配置信息 s! f. i; Y2 w
[S1]display nat session all //查看NAT转换条目
- C- G- a" |/ @ R[S1]display ospf peer brief //查看OSPF邻居信息$ ` i: F7 \( b& c8 e: v
[S1]display acl all //查看ACL信息% }) {" i" i- w: g' L- P
[S1]display eth-trunk 12 //查看链路聚合信息
* L/ k5 X$ M' t9 B, _' Z" ~
! w# y$ v" u( ^1 |$ {9 g |
|
/4 
窥视卡
雷达卡
发表于 2022-3-25 01:00:01
提升卡
置顶卡
沉默卡
喧嚣卡
变色卡
千斤顶
照妖镜
楼主
