环境介绍
设备类型 | 设备名称 | 设备型号 |
---|---|---|
SH-SHEDU-Backbone01-AR6140 | ||
SH-SHEDU-Backbone02-AR6140 | ||
路由器 | SH-SHEDU-Backbone03-AR6140 | AR6140 |
HZ-HZCampus-Core01-AR6140 | ||
Internet | ||
– | – | – |
HZ-HZCampus-Acc01-S5731 | ||
交换机 | HZ-HZCampus-Acc02-S5731 | S5731 |
HZ-HZCampus-Acc03-S5731 | ||
HZ-HZCampus-Agg01-S5731 |
任务一:设备命名
- 为方便后期维护和故障定位及网络的规范性,需要对网络设备进行规范化命名。
system-view
sysname <设备名称>
任务二:链路聚合
- 园区本地服务器区,为校园用户提供内网服务。为了保证链路的稳定性,同时在不升级硬件设备的前提下最大限度的提升带宽。在 Agg01 与 Acc03 之间配置链路聚合。请通过 Lacp 模式实现二层链路聚合,成员接口为 GE0/0/3、GE0/0/4,链路聚合接口 ID 为1。
# Acc03
[HZ-HZCampus-Acc03-S5731]interface Eth-Trunk 1
[HZ-HZCampus-Acc03-S5731-Eth-Trunk1]mode lacp-static
[HZ-HZCampus-Acc03-S5731-Eth-Trunk1]trunkport GigabitEthernet 0/0/3 to 0/0/4
[HZ-HZCampus-Acc03-S5731-Eth-Trunk1]quit
[HZ-HZCampus-Acc03-S5731]display eth-trunk 1
# Agg01
[HZ-HZCampus-Agg01-S5731]interface Eth-Trunk 1
[HZ-HZCampus-Agg01-S5731-Eth-Trunk1]mode lacp-static
[HZ-HZCampus-Agg01-S5731-Eth-Trunk1]trunkport GigabitEthernet 0/0/3 to 0/0/4
[HZ-HZCampus-Agg01-S5731-Eth-Trunk1]quit
[HZ-HZCampus-Agg01-S5731]display eth-trunk 1
[HZ-HZCampus-Agg01-S5731]display stp brief
任务三:VLAN
- 全网设备按照要求配置所需的VLAN。
- 为保证连通性,交换机只允许规定的VLAN通过。
设别名称 | 端口 | 链路类型 | VLAN参数 |
---|---|---|---|
GE0/0/1 | Trunk | PVID:1 Allow pass:1 10 20 | |
HZ-HZCampus-Acc01-S5731 | GE0/0/2 | Access | PVID:10 |
GE0/0/3 | Trunk | PVID:1 Allow pass:1 10 20 | |
– | – | – | – |
GE0/0/1 | Trunk | PVID:1 Allow pass:1 10 20 | |
HZ-HZCampus-Acc02-S5731 | GE0/0/2 | Access | PVID:20 |
GE0/0/3 | Trunk | PVID:1 Allow pass:1 10 20 | |
– | – | – | – |
GE0/0/1 | Trunk | PVID:1 Allow pass:1 10 20 | |
HZ-HZCampus-Agg01-S5731 | GE0/0/2 | Trunk | PVID:1 Allow pass:1 10 20 |
GE0/0/5 | Trunk | PVID:1 Allow pass:1 10 20 | |
Eth-Trunk1 | Trunk | PVID:1 Allow pass:10 20 | |
– | – | – | – |
HZ-HZCampus-Acc03-S5731 | Eth-Trunk1 | Trunk | PVID:1 Allow pass:10 20 |
# Agg01 先设置vlan
[HZ-HZCampus-Agg01-S5731]vlan batch 10 20
# 0/0/5、0/02设置与0/0/1一样
[HZ-HZCampus-Agg01-S5731]interface GigabitEthernet 0/0/1
[HZ-HZCampus-Agg01-S5731-GigabitEthernet0/0/1]port link-type trunk
[HZ-HZCampus-Agg01-S5731-GigabitEthernet0/0/1]port trunk allow-pass vlan 10 20
# Eth-Trunk 1
[HZ-HZCampus-Agg01-S5731]interface Eth-Trunk 1
[HZ-HZCampus-Agg01-S5731-Eth-Trunk1]port link-type trunk
[HZ-HZCampus-Agg01-S5731-Eth-Trunk1]port trunk allow-pass vlan 10 20
[HZ-HZCampus-Agg01-S5731-Eth-Trunk1]undo port trunk allow-pass vlan 1
[HZ-HZCampus-Agg01-S5731-Eth-Trunk1]display port vlan
- 查看结果
# Acc01
# 0/0/1与0/0/3设置相同
[HZ-HZCampus-Acc01-S5731]interface GigabitEthernet 0/0/1
[HZ-HZCampus-Acc01-S5731-GigabitEthernet0/0/1]port link-type trunk
[HZ-HZCampus-Acc01-S5731-GigabitEthernet0/0/1]port trunk allow-pass vlan 10 20
[HZ-HZCampus-Acc01-S5731-GigabitEthernet0/0/1]quit
# 0/0/2
[HZ-HZCampus-Acc01-S5731]interface GigabitEthernet 0/0/2
[HZ-HZCampus-Acc01-S5731-GigabitEthernet0/0/2]port link-type access
[HZ-HZCampus-Acc01-S5731-GigabitEthernet0/0/2]port default vlan 20
[HZ-HZCampus-Acc01-S5731-GigabitEthernet0/0/2]quit
[HZ-HZCampus-Acc01-S5731]display port vlan
- 查看结果
# Acc03
# Eth-Trunk 1
[HZ-HZCampus-Acc03-S5731]interface Eth-Trunk 1
[HZ-HZCampus-Acc03-S5731-Eth-Trunk1]port link-type trunk.
[HZ-HZCampus-Acc03-S5731-Eth-Trunk1]port trunk allow-pass vlan 10 20
[HZ-HZCampus-Acc03-S5731-Eth-Trunk1]undo port trunk allow-pass vlan 1
[HZ-HZCampus-Acc03-S5731-Eth-Trunk1]display port vlan
- 查看结果
# Acc02
# 0/0/1与0/0/3设置相同
[HZ-HZCampus-Acc02-S5731]interface GigabitEthernet 0/0/1
[HZ-HZCampus-Acc02-S5731-GigabitEthernet0/0/1]port link-type trunk
[HZ-HZCampus-Acc02-S5731-GigabitEthernet0/0/1]port trunk allow-pass 10 20
[HZ-HZCampus-Acc02-S5731-GigabitEthernet0/0/1]quit
# 0/0/2
[HZ-HZCampus-Acc02-S5731]interface GigabitEthernet 0/0/2
[HZ-HZCampus-Acc02-S5731-GigabitEthernet0/0/2]port link-type access
[HZ-HZCampus-Acc02-S5731-GigabitEthernet0/0/2]port default vlan 20
[HZ-HZCampus-Acc02-S5731-GigabitEthernet0/0/2]quit
[HZ-HZCampus-Acc02-S5731]display port vlan
- 查看结果
任务四:IP 编址
- 配置对应网络设备接口的 IP 地址。
设备名称 | 接口 | IP地址 |
---|---|---|
GE0/0/0.1 | 192.168.10.254/24 | |
HZ-HZCampus-Core01-AR6140 | GE0/0/0.2 | 192.168.20.254/24 |
GE0/0/1 | 1.2.3.1/30 | |
GE0/0/2 | 3.2.1.1/30 | |
– | – | – |
Internet | GE0/0/1 | 1.2.3.2/30 |
– | – | – |
GE0/0/1 | 10.2.34.3/24 | |
SH-SHEDU-Backbone01-AR6140 | GE0/0/2 | 3.2.1.2/30 |
Loopback 0 | 3.3.3.3/32 | |
– | – | – |
GE0/0/0 | 10.2.34.4/24 | |
SH-SHEDU-Backbone02-AR6140 | GE0/0/1 | 10.2.45.4/24 |
Loopback 0 | 4.4.4.4/32 | |
– | – | – |
GE0/0/0 | 10.2.45.5/24 | |
SH-SHEDU-Backbone03-AR6140 | Loopback 0 | 5.5.5.5/32 |
[HZ-HZCampus-Core01-AR6140]interface GigabitEthernet 0/0/1
[HZ-HZCampus-Core01-AR6140-GigabitEthernet0/0/1]ip address 1.2.3.1 30
[HZ-HZCampus-Core01-AR6140-GigabitEthernet0/0/1]interface GigabitEthernet 0/0/2
[HZ-HZCampus-Core01-AR6140-GigabitEthernet0/0/2]ip address 3.2.1.1 30
[HZ-HZCampus-Core01-AR6140-GigabitEthernet0/0/2]quit
[HZ-HZCampus-Core01-AR6140]interface GigabitEthernet 0/0/0.1
[HZ-HZCampus-Core01-AR6140-GigabitEthernet0/0/0.1]dot1q termination vid 10
[HZ-HZCampus-Core01-AR6140-GigabitEthernet0/0/0.1]ip address 192.168.10.254 24
[HZ-HZCampus-Core01-AR6140-GigabitEthernet0/0/0.1]arp broadcast enable
[HZ-HZCampus-Core01-AR6140-GigabitEthernet0/0/0.1]quit
[HZ-HZCampus-Core01-AR6140]interface GigabitEthernet 0/0/0.2
[HZ-HZCampus-Core01-AR6140-GigabitEthernet0/0/0.2]dot1q termination vid 20
[HZ-HZCampus-Core01-AR6140-GigabitEthernet0/0/0.2]ip address 192.168.20.254 24
[HZ-HZCampus-Core01-AR6140-GigabitEthernet0/0/0.2]arp broadcast enable
[HZ-HZCampus-Core01-AR6140-GigabitEthernet0/0/0.2]quit
[HZ-HZCampus-Core01-AR6140]display ip interface brief
- 查看结果
[SH-SHEDU-Backbone01-AR6140]interface GigabitEthernet 0/0/1
[SH-SHEDU-Backbone01-AR6140-GigabitEthernet0/0/1]ip address 10.2.34.3 24
[SH-SHEDU-Backbone01-AR6140-GigabitEthernet0/0/1]quit
[SH-SHEDU-Backbone01-AR6140]interface GigabitEthernet 0/0/2
[SH-SHEDU-Backbone01-AR6140-GigabitEthernet0/0/2]ip address 3.2.1.2 30
[SH-SHEDU-Backbone01-AR6140-GigabitEthernet0/0/2]quit
[SH-SHEDU-Backbone01-AR6140]interface LoopBack 0
[SH-SHEDU-Backbone01-AR6140-LoopBack0]ip address 3.3.3.3 32
[SH-SHEDU-Backbone01-AR6140-LoopBack0]quit
[SH-SHEDU-Backbone01]display
- 查看结果
[SH-SHEDU-Backbone02-AR6140]interface GigabitEthernet 0/0/0
[SH-SHEDU-Backbone02-AR6140-GigabitEthernet0/0/0]ip address 10.2.34.4 24
[SH-SHEDU-Backbone02-AR6140-GigabitEthernet0/0/0]quit
[SH-SHEDU-Backbone02-AR6140]interface GigabitEthernet 0/0/1
[SH-SHEDU-Backbone02-AR6140-GigabitEthernet0/0/1]ip address 10.2.45.4 24
[SH-SHEDU-Backbone02-AR6140-GigabitEthernet0/0/1]quit
[SH-SHEDU-Backbone02-AR6140]interface LoopBack 0
[SH-SHEDU-Backbone02-AR6140-LoopBack0]ip address 4.4.4.4 32
[SH-SHEDU-Backbone02-AR6140-LoopBack0]quit
[SH-SHEDU-Backbone02-AR6140]display ip interface brief
- 查看结果
[SH-SHEDU-Backbone03-AR6140]interface GigabitEthernet 0/0/0
[SH-SHEDU-Backbone03-AR6140-GigabitEthernet0/0/0]ip address 10.2.45.5 24
[SH-SHEDU-Backbone03-AR6140-GigabitEthernet0/0/0]quit
[SH-SHEDU-Backbone03-AR6140]interface LoopBack 0
[SH-SHEDU-Backbone03-AR6140-LoopBack0]ip address 5.5.5.5 32
[SH-SHEDU-Backbone03-AR6140-LoopBack0]display ip interface brief
- 查看结果
[Internet]interface GigabitEthernet 0/0/1
[Internet-GigabitEthernet0/0/1]ip address 1.2.3.2 30
[Internet-GigabitEthernet0/0/1]display ip interface brief
- 查看结果
任务五:RSTP
- 为了防止二层网络中出现环路和提高网络可靠性,在 Acc01、Acc02、Agg01之间配置STP协议。
- STP模式为 RSTP,设置Agg01的优先级为4096 使其成为根桥。
- 为了最大限度的保证网络的稳定性,避免主机频繁重启导致的网络波动。要求所有与PC相连的交换机端口,不参加STP计算,直接进入Forwarding状态转发。
[HZ-HZCampus-Agg01-S5731]stp mode rstp
[HZ-HZCampus-Agg01-S5731]stp priority 4096
[HZ-HZCampus-Agg01-S5731]display stp brief
- 查看结果
[HZ-HZCampus-Acc01-S5731]stp mode rstp
[HZ-HZCampus-Acc01-S5731]interface GigabitEthernet 0/0/2
[HZ-HZCampus-Acc01-S5731-GigabitEthernet0/0/2]stp edged-port enable
[HZ-HZCampus-Acc01-S5731-GigabitEthernet0/0/2]quit
[HZ-HZCampus-Acc01-S5731]display stp brief
- 查看结果
[HZ-HZCampus-Acc02-S5731]stp mode rstp
[HZ-HZCampus-Acc02-S5731]interface GigabitEthernet 0/0/2
[HZ-HZCampus-Acc02-S5731-GigabitEthernet0/0/2]stp edged-port enable
[HZ-HZCampus-Acc02-S5731-GigabitEthernet0/0/2]quit
[HZ-HZCampus-Acc02-S5731]display stp brief
- 查看结果
任务六:出口设计
- 为了能够让校园用户访问互联网和通过教育骨干网访问其他学校资源库。在Core01上部署两条缺省的静态路由,下一跳分别指向Internet 和Backbone01。在Backbone01 上部署明细静态路由,目的网段是192.168.20.0,下一跳指向Core01;在Internet 上部署明细静态路由,目的网段是192.168.10.0,下一跳指向Core01。
- 为了实现内网192.168.10.0/24,网段用户能够访问外网(Internet),在Core01 上配置NAT,结合ACL permit 语句,使用Easy IP实现。
- 为保证教育骨干网的安全,只允许内网192168.20.0/24网段用户能够访问其他学校的资源库。结合ACL permit语句,在Core01接口的出方向实现。
- 以上ACL均使用 基本ACL,编号 2000匹配192.168.10.0/24网段。编号为2001匹配192.168.20.0/24网段,rule编号从5开始,采用默认步长。
[HZ-HZCampus-Core01-AR6140]ip route-static 0.0.0.0 0.0.0.0 1.2.3.2
[HZ-HZCampus-Core01-AR6140]ip route-static 0.0.0.0 0.0.0.0 3.2.1.2
[HZ-HZCampus-Core01-AR6140]display ip routing-table
[HZ-HZCampus-Core01-AR6140]acl 2000
[HZ-HZCampus-Core01-AR6140-acl-basic-2000]rule permit source 192.168.10.0 0.0.0.255
[HZ-HZCampus-Core01-AR6140-acl-basic-2000]quit
[HZ-HZCampus-Core01-AR6140]interface GigabitEthernet 0/0/1
[HZ-HZCampus-Core01-AR6140-GigabitEthernet0/0/1]nat outbound 2000
[HZ-HZCampus-Core01-AR6140-GigabitEthernet0/0/1]quit
[HZ-HZCampus-Core01-AR6140]display nat outbound
[HZ-HZCampus-Core01-AR6140]display acl 2000
[HZ-HZCampus-Core01-AR6140]acl 2001
[HZ-HZCampus-Core01-AR6140-acl-basic-2001]rule permit source 192.168.20.0 0.0.0.
255
[HZ-HZCampus-Core01-AR6140-acl-basic-2001]display acl 2001
[HZ-HZCampus-Core01-AR6140-acl-basic-2001]rule deny source any
[HZ-HZCampus-Core01-AR6140-acl-basic-2001]display acl 2001
[HZ-HZCampus-Core01-AR6140-acl-basic-2001]quit
[HZ-HZCampus-Core01-AR6140]interface GigabitEthernet 0/0/2
[HZ-HZCampus-Core01-AR6140-GigabitEthernet0/0/2]traffic-filter outbound acl 2001
[HZ-HZCampus-Core01-AR6140-GigabitEthernet0/0/2]
[Internet]ip route-static 192.168.10.0 255.255.255.0 1.2.3.1
[Internet]
[SH-SHEDU-Backbone01-AR6140]ip route-static 192.168.20.0 255.255.255.0 3.2.1.1
[SH-SHEDU-Backbone01-AR6140]
任务七:OSPF
- 为了保证教育骨干网之间的通信,选用动态路由协议OSPF作为教育骨干网的IGP。
- Backbone 01、Backbone 02和Backbone 03之间运行OSPF,配置OSPF进程号为1,都在骨干区域0内。
- 在创建OSPF进程时手动设定Router ID与换回扣地址一致。要求互联接口和Loopback 接口所在的网段采用32位精确宣告。
- 为了保证路由交互的安全性,在Backbone01、Backbone 02 和Backbone 03上采用区域认证,选择md5加密算法,认证秘钥ID为1,秘钥类型为cipher,密码为:“huawei@123”。
# Backbone01
[SH-SHEDU-Backbone01-AR6140]ospf 1 router-id 3.3.3.3
[SH-SHEDU-Backbone01-AR6140-ospf-1]area 0
[SH-SHEDU-Backbone01-AR6140-ospf-1-area-0.0.0.0]authentication-mode md5 1 cipher huawei@123
[SH-SHEDU-Backbone01-AR6140-ospf-1-area-0.0.0.0]network 10.2.34.3 0.0.0.0
[SH-SHEDU-Backbone01-AR6140-ospf-1-area-0.0.0.0]network 3.3.3.3 0.0.0.0
# Backbone02
[SH-SHEDU-Backbone02-AR6140]ospf 1 router-id 4.4.4.4
[SH-SHEDU-Backbone02-AR6140-ospf-1]area 0
[SH-SHEDU-Backbone02-AR6140-ospf-1-area-0.0.0.0]authentication-mode md5 1 cipher huawei@123
[SH-SHEDU-Backbone02-AR6140-ospf-1-area-0.0.0.0]network 4.4.4.4 0.0.0.0
[SH-SHEDU-Backbone02-AR6140-ospf-1-area-0.0.0.0]network 10.2.45.4 0.0.0.0
[SH-SHEDU-Backbone02-AR6140-ospf-1-area-0.0.0.0]network 10.2.34.4 0.0.0.0
# Backbone03
[SH-SHEDU-Backbone03-AR6140]ospf 1 router-id 5.5.5.5
[SH-SHEDU-Backbone03-AR6140-ospf-1-area-0.0.0.0]authentication-mode md5 1 cipher huawei@123
[SH-SHEDU-Backbone03-AR6140-ospf-1-area-0.0.0.0]network 5.5.5.5 0.0.0.0
[SH-SHEDU-Backbone03-AR6140-ospf-1-area-0.0.0.0]network 10.2.45.5 0.0.0.0
- 验证
[SH-SHEDU-Backbone01-AR6140]dis ospf peer brief
OSPF Process 1 with Router ID 3.3.3.3
Peer Statistic Information
----------------------------------------------------------------------------
Area Id Interface Neighbor id State
0.0.0.0 GigabitEthernet0/0/1 4.4.4.4 Full
----------------------------------------------------------------------------
[SH-SHEDU-Backbone02-AR6140]dis ospf peer brief
OSPF Process 1 with Router ID 4.4.4.4
Peer Statistic Information
----------------------------------------------------------------------------
Area Id Interface Neighbor id State
0.0.0.0 GigabitEthernet0/0/0 3.3.3.3 Full
0.0.0.0 GigabitEthernet0/0/1 5.5.5.5 Full
----------------------------------------------------------------------------
[SH-SHEDU-Backbone03-AR6140]dis ospf peer brief
OSPF Process 1 with Router ID 5.5.5.5
Peer Statistic Information
----------------------------------------------------------------------------
Area Id Interface Neighbor id State
0.0.0.0 GigabitEthernet0/0/0 4.4.4.4 Full
----------------------------------------------------------------------------
任务八:路由引入
- 为了使内网用户能够通过教育骨干网和其他校区正常通信,在Backbone01上将静态路由引入OSPF。
- 路由引入的命令为:import-route
[SH-SHEDU-Backbone01-AR6140]ospf 1
[SH-SHEDU-Backbone01-AR6140-ospf-1]import-route static
任务九:Telnet
- 为了方便后期对Core01 进行远程管理,需在设备上配置远程登录设置。
- 用户认证方式为AAA 认证,用户名为 huawei,密码为Huawei@123,加密形式Cipher,服务类型为:Telnet,配置服务器的用户权限等级为3级,设置同时在线人数为5人,认证方式为:aaa。
[HZ-HZCampus-Core01-AR6140]user-interface vty 0 4
[HZ-HZCampus-Core01-AR6140-ui-vty0-4]authentication-mode aaa
[HZ-HZCampus-Core01-AR6140-ui-vty0-4]q
[HZ-HZCampus-Core01-AR6140]aaa
[HZ-HZCampus-Core01-AR6140-aaa]local-user huawei password cipher Huawei@123
[HZ-HZCampus-Core01-AR6140-aaa]local-user huawei privilege level 3
[HZ-HZCampus-Core01-AR6140-aaa]local-user huawei service-type telnet
[HZ-HZCampus-Core01-AR6140-aaa]