一.ip地址配置
1,每个设备配置loopback0:x.x.x.x/32
2,设备之间互联接口地址为10.1.xy.x/24
3,R2的g0/0/1接口与BB g0/0/1相连,地址位157.68.3.1/24
二.OSPF配置
- R1/R4/R5工作与Area0,各自loopback0通告到Area0
- R1/S3/R5工作于Area15
- R4/R3工作于Area34,R3loopback0通告到Area34
- R3/R5工作于Area35
- R5/R6工作于Area56,R6loopback0通告到Area56
- 所有运行OSPF设备开销参考带宽设置为10000
三.ISIS配置
-
R1/R2/R4运行ISIS,
NET为49.0001.0000.0000.000x.00
将R2的loopback0通告到isis -
所有运行ISIS的路由器都为Level-2
-
ISIS路由器之间只通过可靠的技术建立邻居关系;R2和R4之间不允许有DIS;
[R4-GigabitEthernet0/0/0]isis circuit-type p2p
[R4-GigabitEthernet0/0/0]isis ppp-negotiation 3-way only -
R2的G0/0/1接口不运行ISIS协议,但接口所在网段能被ISIS区域访问到.
route-policy g0/0/1 permit node 10
if-match interface GigabitEthernet0/0/1
isis 1
import-route direct route-policy g0/0/1
四.RIP配置
- R6通过G0/0/0接口与BB设备相连,接口地址位157.68.2.1/24
- BB设备将自己的网络212.18.0.0/24、212.18.1.0/24、212.18.2.0/24、212.18.3.0/24,通过ripv2通告给R6
<R6>dis cu conf rip
#
rip 1
undo summary
version 2
network 157.68.0.0
五.OSPF高级配置
- Area35/Area56数据访问R1经过S1的网络,S1网络不稳定,需要S3网络作备份。
[R1-ospf-1-area-0.0.0.15]vlink-peer 5.5.5.5
dis ospf vlink
OSPF Process 1 with Router ID 5.5.5.5
Virtual Links
Virtual-link Neighbor-id -> 1.1.1.1, Neighbor-State: Full
Interface: 10.1.15.5 (GigabitEthernet0/0/0)
Cost: 10 State: P-2-P Type: Virtual
Transit Area: 0.0.0.15
Timers: Hello 10 , Dead 40 , Retransmit 5 , Transmit Delay 1
===================================================================
[R5-GigabitEthernet0/0/0]ospf cost 101
<R6>tracert -a 6.6.6.6 1.1.1.1
- vlan30访问VLAN 15并非最优路径,调整相应的参数使vlan30访问vlan15走最优路径。
[R3-ospf-1-area-0.0.0.35]vlink-peer 5.5.5.5
- OSPF Area 0是区域认证,需要使用MD5,认证密码是Huahua。
R1/R4/R5/R3(虚连接属于区域0)
ospf 1
area 0
authentication-mode md5 1 cipher Huahua
- Area 34不接受任何OSPF其它区域引入的外部路由,SW4只把Vlan10所在IP网段引入到OSPF中,使用默认类型,tag为100.
[R4-ospf-1-area-0.0.0.34]nssa no-import-route
SW4
route-policy vlan10 permit node 10
if-match interface Vlanif10
[S4-ospf-1] import-route direct tag 100 route-policy vlan10
int e0/0/16
port link trunk
port trunk allow-pass vlan 10
六. RIP和OSPF互通
- 在R6运行的RIP和OSPF需要相互进行路由引入;
- 在R6上OSPF会从RIP学来的路由做最优汇总,在Area0内能看到R6引入的所有路由cost 为100,tag为100.
ospf 1
import-route rip 1 cost 100 type 2 tag 100
asbr-summary 212.18.0.0 255.255.252.0 tag 100
RIP
import-route OSPF
- RIP路由汇总:R6只向BB发送一条10.1.0.0/16的汇总路由与各设备的x.x.x.x环回口0的路由;
interface GigabitEthernet0/0/0
rip summary-address 10.1.0.0 255.255.0.0
七.OSPF和ISIS互通
- 在R1和R4上分别进行OSPF和ISIS的相互引入,ISIS引入到OSPF的路由类型是2;
R1:
OSPF→ISIS:tag 104
deny 204
ISIS→OSPF:tag 401
deny 402
R4:
OSPF→ISIS:tag 402
deny 401
ISIS→OSPF:tag 204
deny 104
R2:
Isis 1
Cost-style wide
R1:
Isis 1
Cost-style wide
route-policy O2I deny node 10
if-match tag 204
route-policy O2I permit node 20
apply tag 104
route-policy I2O deny node 10
if-match tag 402
route-policy I2O permit node 20
apply tag 401
OSPF 1
import-route Isis route-policy I2O
ISIS 1
import-route ospf route-policy O2I
R4:
Isis 1
Cost-style wide
route-policy O2I deny node 10
if-match tag 401
route-policy O2I permit node 20
apply tag 402
route-policy I2O deny node 10
if-match tag 104
route-policy I2O permit node 20
apply tag 204
OSPF 1
import-route Isis route-policy I2O
ISIS 1
import-route ospf route-policy O2I
- 所有网络路由全网可见;
- R1和R4访问外部路由要走最优路径,配置要求有最好的扩展性;
Route-policy ase permit node 10
If-match tag 100
Apply preference 14
Ospf 1
preference ase route-policy ase
- 同时area 34内看不到isis的路由.
ospf 1 router-id 4.4.4.4
area 0.0.0.34
nssa no-import-route
- R2和R5的往返路径一致。
R2
interface GigabitEthernet0/0/0
isis cost 11
R4
ospf 1 router-id 4.4.4.4
import-route isis 1 cost 2 route-policy I2O
[R4]DIS CU
#
sysname R4
#
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password cipher ID6WN#rRO~ani^>"qh^;h;}#
local-user admin service-type http
#
isis 1
is-level level-2
cost-style wide
network-entity 49.0001.0000.0000.0004.00
import-route ospf 1 route-policy O2I
#
firewall zone Local
priority 16
#
interface Ethernet0/0/0
ip address 10.1.145.4 255.255.255.0
#
interface Ethernet0/0/1
#
interface Serial0/0/0
link-protocol ppp
ip address 10.1.34.4 255.255.255.0
#
interface Serial0/0/1
link-protocol ppp
#
interface Serial0/0/2
link-protocol ppp
#
interface Serial0/0/3
link-protocol ppp
#
interface GigabitEthernet0/0/0
ip address 10.1.24.4 255.255.255.0
isis enable 1
isis circuit-type p2p
isis ppp-negotiation 3-way only
#
interface GigabitEthernet0/0/1
#
interface GigabitEthernet0/0/2
#
interface GigabitEthernet0/0/3
#
wlan
#
interface NULL0
#
interface LoopBack0
ip address 4.4.4.4 255.255.255.255
#
ospf 1 router-id 4.4.4.4
import-route isis 1 cost 2 route-policy I2O
preference ase route-policy ase 150
bandwidth-reference 10000
area 0.0.0.0
authentication-mode md5 1 cipher 9t1X-BbJx1ani^>"qh^;yml#
network 4.4.4.4 0.0.0.0
network 10.1.145.4 0.0.0.0
area 0.0.0.34
network 10.1.34.4 0.0.0.0
nssa no-import-route
#
route-policy O2I deny node 10
if-match tag 401
#
route-policy O2I permit node 20
apply tag 402
#
route-policy I2O deny node 10
if-match tag 104
#
route-policy I2O permit node 20
apply tag 204
#
route-policy ase permit node 10
if-match tag 100
apply preference 14
#
user-interface con 0
user-interface vty 0 4
user-interface vty 16 20
#
return
八.BGP基础配置
- R1/S3属于AS10
R2属于AS20
R3/R4/R5属于AS 345
R6属于AS 60
BB设备属于AS 254 - R1/R2;R1/BB;R2/R4;R5/R6;R6/BB建立EBGP邻居关系;
所有EBGP邻居关系都通过直连接口建立;
BB邻居认为R1在AS100内
[R1-bgp]/
bgp 10
peer 157.68.1.254 as-number 254
peer 157.68.1.254 fake-as 100
- IBGP邻居:R1和SW3通过直连接口建立BGP邻居;
在AS345内的路由器建立稳定可靠的BGP邻居关系,R4和R5不建立邻居关系;
[R3-bgp]dis th
#
bgp 345
peer 4.4.4.4 as-number 345
peer 4.4.4.4 connect-interface LoopBack0
peer 5.5.5.5 as-number 345
peer 5.5.5.5 connect-interface LoopBack0
#
ipv4-family unicast
undo synchronization
peer 4.4.4.4 enable
peer 4.4.4.4 reflect-client
peer 5.5.5.5 enable
peer 5.5.5.5 reflect-client
- BB设备配置还回接口地址,并通告到BGP网络中,其中60段网络携带团体属性1:254;
156网段追加AS-path 250
interface LoopBack60
ip address 60.0.0.1 255.255.255.0
interface LoopBack61
ip address 60.0.1.1 255.255.255.0
interface LoopBack62
ip address 60.0.2.1 255.255.255.0
interface LoopBack63
ip address 60.0.3.1 255.255.255.0
interface LoopBack64
ip address 156.8.0.1 255.255.255.0
interface LoopBack65
ip address 156.9.0.1 255.255.255.0
interface LoopBack66
ip address 156.10.0.1 255.255.255.0
interface LoopBack67
ip address 156.11.0.1 255.255.255.0
Route-policy Comm permit node 10
Apply community 1:254
Bgp 254
network 60.0.0.0 255.255.255.0 route-policy Comm
network 60.0.1.0 255.255.255.0 route-policy Comm
network 60.0.2.0 255.255.255.0 route-policy Comm
network 60.0.3.0 255.255.255.0 route-policy Comm
peer 157.68.1.1 advertise-community
peer 157.68.2.1 advertise-community
<R1>dis bgp routing-table community
route-policy as-path permit node 10
apply as-path 250 additive
Bgp 254
network 156.8.0.0 255.255.255.0 route-policy as-path
network 156.9.0.0 255.255.255.0 route-policy as-path
network 156.10.0.0 255.255.255.0 route-policy as-path
network 156.11.0.0 255.255.255.0 route-policy as-path
<R1>dis bgp routing-table
- R6把BB2学来的EBGP路由发给R5;
[R6-bgp]peer 10.1.56.5 advertise-community
- R5把community-number为1:254的路由汇总一条最优汇总路由,并继承明细路由的团体属性
这条聚合路由不能传出AS345,不能使用路由过滤.
R5:
ip community-filter 1 permit 1:254
Route-policy agg per no 10
If-match community-filter 1
route-policy Comm permit node 10
if-match community-filter 1
apply community no-export additive
bgp 345
peer 3.3.3.3 advertise-community
aggregate 60.0.0.0 255.255.252.0 as-set origin-policy agg attribute-policy Comm
R3:
peer 4.4.4.4 advertise-community
- R4上的接口loop1, 地址为10.1.40.4/24, 通告进BGP
R1需要汇总为一条10.1.0.0/16的BGP路由,明细路由不通告,
R2不能看到这条汇总路由,不能使用路由汇总过滤方式
[R1-BGP]aggregate 10.1.0.0 255.255.0.0 as-set detail-suppressed
- AS10、AS20、AS345和AS60优先从R6学到的BB来的路由,
若R6学到的BB路由不可达需要通过R1到达,只能在R1上配置
R1:
route-policy as-path permit node 10
apply as-path 254 254 254 254 additive
Bgp 10
peer 157.68.1.254 route-policy as-path import
DIS BGP ROUT
- R1和SW3之间通过以太网段建立IBGP连接,如果中间网络出现问题,
要求IBGP能够在1s内检测到,并能立即收效.
R1:
bfd
Bgp 10
peer 10.1.15.1 bfd min-tx-interval 300 min-rx-interval 300
peer 10.1.15.1 bfd enable
八.交换配置
- S2与S3通过G0/0/13、G0/0/14、G0/0/15互连;
S2的G0/0/16连接S4的E0/0/16,G0/0/19连接S1的E0/0/19;
S3的G0/0/16连接S1的E0/0/16,G0/0/19连接S1的E0/0/19;
S2与S3做链路聚合,把三个接口捆绑成一个逻辑接口。
SW2为主动端,两台设备之间最大可用的带宽为2G,
GE0/0/13接口所连接的是备份链路。
当SW2中的活动接口GE0/0/014或者接口GE0/0/15 Down掉后,GE0/0/13立刻成为活动接口。
如果故障接口恢复,GE0/0/13延时10s后进入备份状态。
S2:
lacp priority 0
Interface eth-trunk 1
Mode lacp-static
trunkport GigabitEthernet 0/0/13 to 0/0/15
lacp preempt enable
max active-linknumber 2
lacp preempt delay 10
- 在SW1,SW2,SW3,SW4上互联的接口修改为Trunk类型,允许除vlan 1 外的所有VLAN通过;
- SW1,SW2,SW3, SW4 都运行MSTP.
VLAN 10,VLAN 15,VLAN 24 在Instance 1,SW2作为Primary Root,SW3为Secondary Root,
VLAN 30在Instance 2,SW3作为Primary Root,SW2为Secondary Root;
MSTP的Region-name是HW,Revion-level为1。
S2:
VLAN B 10 15 24 30
stp instance 1 root primary
stp instance 2 root secondary
stp region-configuration
region-name HW
revision-level 1
instance 1 vlan 10 15 24
instance 2 vlan 30
active region-configuration
在这里欢迎大家的点赞、关注、评论,以此来促进大家互相学习交流,同时可以让新加入的小伙伴更快的了解新知识!!!
文章内容如有侵权,请联系作者进行删除
≧◠◡◠≦ 1分2分都是爱,感谢已经打赏的老板,和正在打赏的老板们 ≧◠◡◠≦