目录
一、配置IP地址
[R1]int g0/0/0 (进入接口)
[R1-GigabitEthernet0/0/0]ip add 192.168.1.1 30 (IP + 掩码)
查看:dis ip int b
二、配置DHCP
[R3]dhcp enable
[R3]ip pool aa
[R3-ip-pool-aa]network 192.168.1.96 mask 27 (网段 mask 掩码)
[R3-ip-pool-aa]gateway-list 192.168.1.97 (PC网关)
[R3-ip-pool-aa]dns-list 114.114.114.114 8.8.8.8 (固定)
[R3]int g0/0/2 (进入接口/vlanif)
[R3-GigabitEthernet0/0/2]dhcp select global (选择全局配置)
查看PC获取IP:ipconfig
三、配置静态路由(内网通)
[R1]ip route-static 192.168.1.64 27 192.168.1.2 (到达网段 下一跳)
若有等价链路,两条都写
查看:dis ip routing-table protocol static
可以测试内部是否ping通
四、配置缺省路由 (外网通)
[R5]ip route-static 0.0.0.0 0 12.0.0.6 (0.0.0.0 0 下一跳)
查看:dis ip routing-table protocol static
可以测试内部是否ping通
五、配置缺省 (全网通)
在没有其他协议时用
[R1]ip route-static 0.0.0.0 0 192.168.1.2 (0.0.0.0 0 下一跳)
若有等价链路,两条都写
查看:dis ip routing-table protocol static
可以测试内部是否ping通
六、防环配置
[R1]ip route-static 192.168.1.32 27 NULL 0 (网段 掩码 NULL 0)
一般在有环的路由器上
七、配置远程登录
[R1]aaa (进入aaa视图)
[R1-aaa]local-user gujiangshan password cipher gjs12345 privilege level 15 (创建用户密码)
[R1-aaa]local-user gujiangshan service-type telnet (定义类型)
[R1]user-interface vty 0 4 (创建VTY虚拟登陆端口)
[R1-ui-vty0-4]authentication-mode aaa (定义认证模式)
[R5]int g0/0/1 (进入对方连接口)
[R5-GigabitEthernet0/0/1]nat server protocol tcp global current-interface 23 ins
ide 192.168.1.1 23
八、修改优先级
(正常通过1000M链路,故障时通过100m链路)
静态路由默认优先级:60
[R4]ip route-static 0.0.0.0 0 192.168.1.22 preference 61
[R5]ip route-static 192.168.1.0 30 192.168.1.21 pre 61 (其他要通过的IP 掩码 下一跳 pre 61)
若还有等价路径可关闭接口查看:
[R4]int g0/0/2
[R4-GigabitEthernet0/0/2]shutdown
查看路径经过:<R1>tracert 192.168.1.161
九、配置MP-GROUP
用MP-GROUP配置将2条PPP链路捆绑为PPP MP直连
[R2]int Mp-group 0/0/0 (创建组)
[R2]int Serial 3/0/1
[R2-Serial3/0/1]ppp mp Mp-group 0/0/0 (加入组)
[R2]int Serial 4/0/0
[R2-Serial4/0/0]ppp mp Mp-group 0/0/0
十、配置ppp进行单向chap验证
分清主动和被动
主:
[R2]aaa (进入aaa视图)
[R2-aaa]local-user gujiangshan password cipher gjs12345 (创建用户密码)
[R2-aaa]local-user gujiangshan service-type ppp (选择类型)
[R2]int Serial 3/0/0 (进入接口)
[R2-Serial3/0/0]ppp authentication-mode chap (调用)
被:
[R1]int Serial 3/0/0
[R1-Serial3/0/0]ppp chap user gujiangshan
[R1-Serial3/0/0]ppp chap password cipher gjs12345
测试:将接口关闭再启动后 ping
[R1]int Serial 3/0/0
[R1-Serial3/0/0]shutdown
[R1]int Serial 3/0/0
[R1-Serial3/0/0]undo shutdown
十一、配置ppp进行双向chap验证
分清主动和被动
(1)
主:
[R2]aaa
[R2-aaa]local-user bianboxian password cipher bbx1234
[R2-aaa]local-user bianboxian service-type ppp
[R2]int Serial 3/0/1
[R2-Serial3/0/1]ppp authentication-mode chap
[R2]int Serial 4/0/0
[R2-Serial4/0/0]ppp authentication-mode chap
被:
[R3]int Serial 3/0/0
[R3-Serial3/0/0]ppp chap user bianboxian
[R3-Serial3/0/0]ppp chap password cipher bbx1234
[R3]int Serial 3/0/1
[R3-Serial3/0/1]ppp chap user bianboxian
[R3-Serial3/0/1]ppp chap password cipher bbx1234
(2)与上面反过来配主被,命令相同
测试:将接口关闭再启动后 ping
[R2]int Serial 3/0/1
[R2-Serial3/0/1]shutdown
[R2]int Serial 4/0/0
[R2-Serial4/0/0]shutdown
[R2]int Serial 4/0/0
[R2-Serial4/0/0]undo shutdown
[R2]int Serial 3/0/1
[R2-Serial3/0/1]undo shutdown
十二、配置ppp的PAP认证
分清主动和被动
主:
[R5]aaa
[R5-aaa]local-user wangdaye password cipher wdy1234
[R5-aaa]int s4/0/1
[R5-Serial4/0/1]ppp authentication-mode pap
被:
[R1]int s4/0/0
[R1-Serial4/0/0]ppp pap local-user wangdaye password cipher wdy1234
测试:将接口关闭再启动后 ping
十三、配置GRE VPN
[R1]int Tunnel 0/0/0 (创建隧道)
[R1-Tunnel0/0/0]ip add 192.168.3.1 24 (配置IP 掩码)
[R1-Tunnel0/0/0]tunnel-protocol gre (定义类型)
[R1-Tunnel0/0/0]source 100.1.1.1 (源地址)
[R1-Tunnel0/0/0]destination 100.2.2.3 (目标地址)
十四、配置RIPv2
[R1]rip 1
[R1-rip-1]v 2
[R1-rip-1]undo summary
[R1-rip-1]network 192.168.3.0 (直连地址)
[R1-rip-1]network 192.168.1.0
查看:dis ip routing-table protocol rip
十五、配置OSPF(内网通)
[R1]ospf 1 router-id 1.1.1.1
[R1-ospf-1]a 0
[R1-ospf-1-area-0.0.0.0]network 192.168.3.0 0.0.0.255 (直连地址 反掩码)
[R1-ospf-1-area-0.0.0.0]network 192.168.1.0 0.0.0.255
查看关系建立:dis ospf peer brief
查看:dis ip routing-table protocol ospf
十六、修改链路类型
[R5-Serial4/0/0]link-protocol hdlc (进入接口改)
[R3-Serial4/0/0]link-protocol hdlc
十七、配置MGRE
总部:
[R1]int Tunnel 0/0/0 (创建隧道)
[R1-Tunnel0/0/0]ip add 10.1.2.1 24 (配置IP 掩码)
[R1-Tunnel0/0/0]tunnel-protocol gre p2mp (定义类型)
[R1-Tunnel0/0/0]source 15.1.1.1 (源地址)
[R1-Tunnel0/0/0]nhrp network-id 100 (创建域100 )
[R1-Tunnel0/0/0]nhrp entry multicast dynamic ---- 让RIP实现伪广播
([R1-Tunnel0/0/0]undo rip split-horizon ----- 关闭水平分割,避免环路)
其他分部:
[R2]int Tunnel 0/0/0
[R2-Tunnel0/0/0]ip add 10.1.2.2 24
[R2-Tunnel0/0/0]tunnel-protocol gre p2mp
[R2-Tunnel0/0/0]source 25.1.1.2
[R2]int t0/0/0
[R2-Tunnel0/0/0]nhrp network-id 100
[R2-Tunnel0/0/0]nhrp entry 10.1.2.1 15.1.1.1 register (注册信息)(总部IP 总部隧道接口IP)
十八、配置NAT(全网通)
[R1]acl 2000
[R1-acl-basic-2000]rule permit source 192.168.1.0 0.0.0.255 (抓取需要的流量,总的或多条分的)
[R1]int s4/0/0
[R1-Serial4/0/0]nat outbound 2000
十九、引入
[R12]ospf 1
[R12-ospf-1]import-route rip
双向引入:
[R9]ospf 1
[R9-ospf-1]import-route ospf 2
[R9]ospf 2
[R9-ospf-2]import-route ospf 1
二十、将P2P类型改为broadcast
分部都需要
[R1]int t0/0/0
[R1-Tunnel0/0/0]ospf network-type broadcast
二十一、取消分部的DB选举权
分部都需要
[R5]int t0/0/0
[R5-Tunnel0/0/0]ospf dr-priority 0
二十二、聚合
ARB聚合(非特殊区域,与area0相连):
[R3]ospf 1
[R3-ospf-1]a 1
[R3-ospf-1-area-0.0.0.1]abr-summary 172.16.32.0 255.255.224.0 (网段 掩码)
ASBR聚合(特殊区域,与area0不相连):
[R9]ospf 1
[R9-ospf-1]asbr-summary 172.16.128.0 255.255.224.0 (网段 掩码)
查看:dis ip routing-table protocol ospf
二十三、配置特殊区域
骨干区域和不规则区域,不能设置为特殊区域、
totally stub区域:
[R1]ospf 1
[R1-ospf-1]a 1
[R1-ospf-1-area-0.0.0.1]stub no-summary
totally nass区域:
[R6]ospf 1
[R6-ospf-1]a 2
[R6-ospf-1-area-0.0.0.2]nssa no-summary
查看:dis ospf lsdb
查看:dis ip routing-table protocol ospf
二十四、下发一条缺省
[R9]ospf 2
[R9-ospf-2]default-route-advertise
二十五、加快收敛,修改hello时间
[R3]int t0/0/0
[R3-Tunnel0/0/0]ospf timer hello 5
二十六、区域认证
[R5]ospf 1
[R5-ospf-1]a 0
[R5-ospf-1-area-0.0.0.0]authentication-mode md5 1 cipher 12345
二十七、路由过滤(acl)
因为默认拒绝,所以要允许其他路由通过
抓取流量:
[R2]acl 2000
[R2-acl-basic-2000]rule deny source 192.168.4.0 0.0.1.255 (有聚合用聚合IP)
[R2-acl-basic-2000]rule permit source 0.0.0.0 255.255.255.255
写路由策略:
[R2]route-policy abc permit node 10
[R2-route-policy]if-match acl 2000
调用路由策略:
[R2]rip 1
[R2-rip-1]im
[R2-rip-1]import-route ospf 1 rou
[R2-rip-1]import-route ospf 1 route-policy abc
二十八、配置地址前缀列表
因为默认拒绝,所以要允许其他路由通过
[R4]ip ip-prefix aa index 10 deny 192.168.0.0 23 less-equal 32
[R4]ip ip-prefix aa index 20 permit 0.0.0.0 0 less-equal 32
调用路由策略:
[R4-ospf-1]filter-policy ip-prefix aa import
二十九、配置静默接口
[R2]rip 1
[R2-rip-1]silent-interface GigabitEthernet 0/0/1
三十、配置BGP
重启BGP进程:reset bgp all
EBGP用物理口
IBGP用环回口
[R1]bgp 1
[R1-bgp]peer 12.1.1.2 as 2
[R2]bgp 64512 (子AS)
[R2-bgp]confederation id 2 (总AS)
[R2-bgp]confederation peer-as 64513 (AS内邻居)
[R2-bgp]peer 12.1.1.1 as 1 (EBGP:物理口)
[R2-bgp]
[R2-bgp]peer 172.16.0.3 as 64512 (IBGP:环回口)
[R2-bgp]peer 172.16.0.3 connect-interface l0 (修改更新源为环回)
[R2-bgp]peer 172.16.0.3 next-hop-local (修改下一跳为本机;只有EBGP、IBGP都配的才有)
[R2-bgp]
[R2-bgp]peer 172.16.1.22 as 64513 (EBGP:AS内邻居)
[R2-bgp]peer 172.16.1.22 next-hop-local (修改下一跳为本机;也需要)
[R3]bgp 64512
[R3-bgp]confederation id 2
[R3-bgp]peer 172.16.0.2 as 64512
[R3-bgp]peer 172.16.0.2 connect-interface l0(IBGP:环回口)
[R3-bgp]
[R3-bgp]peer 172.16.0.4 as 64512
[R3-bgp]peer 172.16.0.4 connect-interface l0
查看:dis bgp peer
宣告网段:
[R1]bgp 1
[R1-bgp]network 172.16.0.1 32
三十一、配置反射器
[R3]bgp 64512
[R3-bgp]peer 172.16.0.2 reflect-client (客户机环回地址)
[R3-bgp]peer 172.16.0.4 reflect-client
查看:dis bgp routing-table
三十二、配置一条空节点
避免环路出现,我们可以先配置一条空节点
[R2]ip route-static 172.16.0.0 16 NULL 0
[R2]bgp 64512
[R2-bgp]network 172.16.0.0 16
三十三、创建VLAN
[SW1]vlan batch 2 to 6 (批量创建)
三十四、划分接口
access :
[SW1-GigabitEthernet0/0/1]port link-type access
[SW1-GigabitEthernet0/0/1]port default vlan 2
trunk:
[SW1-GigabitEthernet0/0/3]port link-type trunk
[SW1-GigabitEthernet0/0/3]port trunk allow-pass vlan 2 to 6
hybrid:华为默认接口类型为hybird,所以不用定义接口类型
[SW1-GigabitEthernet0/0/2]port hybrid pvid vlan 3
[SW1-GigabitEthernet0/0/2]port hybrid untagged vlan 3 to 6 (撕标签)
[SW1-GigabitEthernet0/0/4]port hybrid tagged vlan 2 (带标签)
三十五、VLAN配置IP
物理口:(不识别标签)
[R1]int g0/0/0
[R1-GigabitEthernet0/0/0]ip add 192.168.1.1 24
子接口:(相反)
[R1]int g0/0/0.1
[R1-GigabitEthernet0/0/0.1]ip add 192.168.2.1 24
[R1-GigabitEthernet0/0/0.1]dot1q termination vid 2
[R1-GigabitEthernet0/0/0.1]arp broadcast enable
VLANif:
[SW1]int Vlanif 2
[SW1-Vlanif2]ip address 172.16.0.1 26
三十六、链路聚合
[SW1]interface Eth-Trunk 0
[SW1-Eth-Trunk0]mode manual load-balance (手工模式)
[SW1-Eth-Trunk2]mode lacp-static (lacp模式)
[SW1-Eth-Trunk0]trunkport g 0/0/1 to 0/0/2
[SW1-Eth-Trunk0]port link-type trunk
[SW1-Eth-Trunk0]port trunk allow-pass vlan 2 3
三十七、创建组
[SW2]port-group group-member g0/0/3 to g0/0/4
三十八、配置MSTP
[SW1]stp enable
[SW1]stp mode mstp
[SW1]stp region-configuration
[SW1-mst-region]region-name aa
[SW1-mst-region]instance 1 vlan 2
[SW1-mst-region]instance 2 vlan 3
[SW1-mst-region]active region-configuration
[SW1]stp instance 1 root primary (分主根、备分根)
[SW1]stp instance 2 root secondary
[SW3]stp enable
[SW3]stp mode mstp
[SW3]stp region-configuration
[SW3-mst-region]region-name aa
[SW3-mst-region]instance 1 vlan 2
[SW3-mst-region]instance 2 vlan 3
[SW3-mst-region]active region-configuration
[SW3]port-group group-member g0/0/1 to g0/0/2
[SW3-port-group]stp edged-port enable
[SW3-GigabitEthernet0/0/1]stp edged-port enable (将与PC相连接口设为边缘接口)
[SW3-GigabitEthernet0/0/2]stp edged-port enable
[SW3]stp bpdu-protection (保护机制)
三十九、配置VRRP组
[SW1]int Vlanif 2
[SW1-Vlanif2]vrrp vrid 1 virtual-ip 172.16.0.62
[SW1-Vlanif2]vrrp vrid 1 priority 120 (将优先级改大,作主网关)
[SW1]int Vlanif 3
[SW1-Vlanif3]vrrp vrid 2 virtual-ip 172.16.0.126
[SW1]int Vlanif 2
[SW1-Vlanif2]vrrp vrid 1 track interface g0/0/5 reduced 30 ()
[SW2]int Vlanif 2
[SW2-Vlanif2]vrrp vrid 1 virtual-ip 172.16.0.62
[SW2-Vlanif3]vrrp vrid 2 virtual-ip 172.16.0.126
[SW2-Vlanif3]vrrp vrid 2 priority 120
[SW2-Vlanif3]vrrp vrid 2 track interface Vlanif 20 reduced 30
四十、团体属性
抓取流量:
[R1]acl 2000
[R1-acl-basic-2000]rule permit source 192.168.0.0 0.0.0.255
创建路由策略
[R1]route-policy tuanti permit node 10
[R1-route-policy]if-match acl 2000
[R1-route-policy]apply community no-export
[R1]route-policy tuanti permit node 20
调用:
[R1-bgp]peer 100.1.1.2 route-policy tuanti export
在R1上开启对 R2传递团体属性,在R2上开启对R4传递团体属性:
[R1-bgp]peer 100.1.1.2 advertise-community
[R2-bgp]peer 100.2.2.4 advertise-community
143
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
