目录
在R1ospf进程中下发缺省路由,以确保内网中的设备能寻址到外网
实验要求
1、内网ip地址使用172.16.0.0/16
2、SW1和SW2之间互为备份
3、VRRP/stp/vlan/eth-trunk均使用
4、所有pc均通过DHCP获取IP地址
5、ISP只配置IP地址
6、所有电脑可以正常访问ISP路由器环回
IP配置
以LSW1和LSW2作为网关,需要使用vlanif接口。
LSW1:
<Huawei>sys
Enter system view, return user view with Ctrl+Z.
[Huawei]sysname LSW1
[LSW1]
[LSW1]vlan 2
[LSW1-vlan2]vlan 3
[LSW1-vlan3]vlan 10
[LSW1-vlan10]
[LSW1-vlan10]q
[LSW1]int Vlanif 2
[LSW1-Vlanif2]ip add 172.16.0.1 26
[LSW1-Vlanif2]q
[LSW1]int Vlanif 3
[LSW1-Vlanif3]ip add 172.16.0.65 26
[LSW1-Vlanif3]q
[LSW1]int Vlanif 10
[LSW1-Vlanif10]ip add 172.16.0.129 26
[LSW1-Vlanif10]q
[LSW1]dis ip int b
*down: administratively down
^down: standby
(l): loopback
(s): spoofing
The number of interface that is UP in Physical is 2
The number of interface that is DOWN in Physical is 4
The number of interface that is UP in Protocol is 1
The number of interface that is DOWN in Protocol is 5
Interface IP Address/Mask Physical Protocol
MEth0/0/1 unassigned down down
NULL0 unassigned up up(s)
Vlanif1 unassigned up down
Vlanif2 172.16.0.1/26 down down
Vlanif3 172.16.0.65/26 down down
Vlanif10 172.16.0.129/26 down down
[LSW1]LSW2:
<Huawei>sys
Enter system view, return user view with Ctrl+Z.
[Huawei]sysname LSW2
[LSW2]vlan 2
[LSW2-vlan2]vlan 3
[LSW2-vlan3]vlan 20
[LSW2-vlan20]q
[LSW2]int Vlanif 2
[LSW2-Vlanif2]ip add 172.16.0.2 26
[LSW2-Vlanif2]q
[LSW2]int Vlanif 3
[LSW2-Vlanif3]ip add 172.16.0.66 26
[LSW2-Vlanif3]q
[LSW2]int Vlanif 20
[LSW2-Vlanif20]ip add 172.16.0.193 26
[LSW2-Vlanif20]q
[LSW2]dis ip int b
*down: administratively down
^down: standby
(l): loopback
(s): spoofing
The number of interface that is UP in Physical is 2
The number of interface that is DOWN in Physical is 4
The number of interface that is UP in Protocol is 1
The number of interface that is DOWN in Protocol is 5
Interface IP Address/Mask Physical Protocol
MEth0/0/1 unassigned down down
NULL0 unassigned up up(s)
Vlanif1 unassigned up down
Vlanif2 172.16.0.2/26 down down
Vlanif3 172.16.0.66/26 down down
Vlanif20 172.16.0.193/26 down down
[LSW2]R1:
<Huawei>sys
Enter system view, return user view with Ctrl+Z.
[Huawei]sysname R1
[R1]int g0/0/1
[R1-GigabitEthernet0/0/1]ip add 172.16.0.130 26
[R1-GigabitEthernet0/0/1]int g0/0/2
[R1-GigabitEthernet0/0/2]ip add 172.16.0.194 26
[R1-GigabitEthernet0/0/2]int g0/0/0
[R1-GigabitEthernet0/0/0]ip add 12.0.0.1 24
[R1-GigabitEthernet0/0/0]q
[R1]dis ip int b
*down: administratively down
^down: standby
(l): loopback
(s): spoofing
The number of interface that is UP in Physical is 4
The number of interface that is DOWN in Physical is 0
The number of interface that is UP in Protocol is 4
The number of interface that is DOWN in Protocol is 0
Interface IP Address/Mask Physical Protocol
GigabitEthernet0/0/0 12.0.0.1/24 up up
GigabitEthernet0/0/1 172.16.0.130/26 up up
GigabitEthernet0/0/2 172.16.0.194/26 up up
NULL0 unassigned up up(s)
[R1]ISP:
<Huawei>sys
Enter system view, return user view with Ctrl+Z.
[Huawei]sysname ISP
[ISP]int g0/0/0
[ISP-GigabitEthernet0/0/0]ip add 12.0.0.2 24
[ISP-GigabitEthernet0/0/0]int l0
[ISP-LoopBack0]ip add 2.2.2.2 24
[ISP-LoopBack0]q
[ISP]dis ip int b
*down: administratively down
^down: standby
(l): loopback
(s): spoofing
The number of interface that is UP in Physical is 3
The number of interface that is DOWN in Physical is 2
The number of interface that is UP in Protocol is 3
The number of interface that is DOWN in Protocol is 2
Interface IP Address/Mask Physical Protocol
GigabitEthernet0/0/0 12.0.0.2/24 up up
GigabitEthernet0/0/1 unassigned down down
GigabitEthernet0/0/2 unassigned down down
LoopBack0 2.2.2.2/24 up up(s)
NULL0 unassigned up up(s)
[ISP]划分接口类型
LSW3:
<Huawei>sys
Enter system view, return user view with Ctrl+Z.
[Huawei]sysname LSW3
[LSW3]
[LSW3]vlan 2
[LSW3-vlan2]vlan 3
[LSW3-vlan3]q
[LSW3]int g0/0/3
[LSW3-GigabitEthernet0/0/3]port link-type access
[LSW3-GigabitEthernet0/0/3]port default vlan 2
[LSW3-GigabitEthernet0/0/3]int g0/0/4
[LSW3-GigabitEthernet0/0/4]port link-type access
[LSW3-GigabitEthernet0/0/4]port default vlan 3
[LSW3-GigabitEthernet0/0/4]q
[LSW3]port-group group-member GigabitEthernet 0/0/1 to GigabitEthernet 0/0/2
[LSW3-port-group]port link-type trunk
[LSW3-GigabitEthernet0/0/1]port link-type trunk
[LSW3-GigabitEthernet0/0/2]port link-type trunk
[LSW3-port-group]port trunk allow-pass vlan 2 3
[LSW3-GigabitEthernet0/0/1]port trunk allow-pass vlan 2 3
[LSW3-GigabitEthernet0/0/2]port trunk allow-pass vlan 2 3LSW4:
<Huawei>sys
Enter system view, return user view with Ctrl+Z.
[Huawei]sysname LSW4
[LSW4]vlan 2
[LSW4-vlan2]vlan 3
[LSW4-vlan3]q
[LSW4]int g0/0/3
[LSW4-GigabitEthernet0/0/3]port link-type access
[LSW4-GigabitEthernet0/0/3]port default vlan 2
[LSW4-GigabitEthernet0/0/3]int g0/0/4
[LSW4-GigabitEthernet0/0/4]port link-type access
[LSW4-GigabitEthernet0/0/4]port default vlan 3
[LSW4-GigabitEthernet0/0/4]q
[LSW4]port-group group-member GigabitEthernet 0/0/1 to GigabitEthernet 0/0/2
[LSW4-port-group]port link-type trunk
[LSW4-GigabitEthernet0/0/1]port link-type trunk
[LSW4-GigabitEthernet0/0/2]port link-type trunk
[LSW4-port-group]port trunk allow-pass vlan 2 3
[LSW4-GigabitEthernet0/0/1]port trunk allow-pass vlan 2 3
[LSW4-GigabitEthernet0/0/2]port trunk allow-pass vlan 2 3LSW1:
[LSW1]int g0/0/4
[LSW1-GigabitEthernet0/0/4]port link-type trunk
[LSW1-GigabitEthernet0/0/4]port trunk allow-pass vlan 2 3
[LSW1-GigabitEthernet0/0/4]int g0/0/1
[LSW1-GigabitEthernet0/0/1]port link-type access
[LSW1-GigabitEthernet0/0/1]port default vlan 10
[LSW1-GigabitEthernet0/0/1]
[LSW1-GigabitEthernet0/0/1]q
[LSW1]int Eth-Trunk 0
[LSW1-Eth-Trunk0]trunkport GigabitEthernet 0/0/2 to 0/0/3
[LSW1-Eth-Trunk0]port link-type trunk
[LSW1-Eth-Trunk0]port trunk allow-pass vlan 2 3
[LSW1]int g0/0/5
[LSW1-GigabitEthernet0/0/5]port link-type trunk
[LSW1-GigabitEthernet0/0/5]port trunk allow-pass vlan 2 3LSW2:
[LSW2]int g0/0/4
[LSW2-GigabitEthernet0/0/4]port link-type trunk
[LSW2-GigabitEthernet0/0/4]port trunk allow-pass vlan 2 3
[LSW2-GigabitEthernet0/0/4]int g0/0/1
[LSW2-GigabitEthernet0/0/1]port link-type access
[LSW2-GigabitEthernet0/0/1]port default vlan 20
[LSW2-GigabitEthernet0/0/1]q
[LSW2]int Eth-Trunk 0
[LSW2-Eth-Trunk0]trunkport GigabitEthernet 0/0/2 to 0/0/3
[LSW2-Eth-Trunk0]port link-type trunk
[LSW2-Eth-Trunk0]port trunk allow-pass vlan 2 3
[LSW2]int g0/0/5
[LSW2-GigabitEthernet0/0/5]port link-type trunk
[LSW2-GigabitEthernet0/0/5]port trunk allow-pass vlan 2 3配置MSTP服务
配置
LSW1:
[LSW1]stp enable
[LSW1]stp mode mstp //定义类型
[LSW1]stp region-configuration
[LSW1-mst-region]region-name a
[LSW1-mst-region]instance 2 vlan 2 //将实例2对应到vlan 2
[LSW1-mst-region]instance 3 vlan 3 //实例3对应到vlan 3
[LSW1-mst-region]active region-configuration //确认配置并激活
[LSW1-mst-region]q
[LSW1]stp instance 2 root primary //该路由器为实例2的主路由器
[LSW1]stp instance 3 root secondary //为实例3备用路由器LSW2:
[LSW2]stp enable
[LSW2]stp mode mstp
[LSW2]stp region-configuration
[LSW2-mst-region]instance 2 vlan 2
[LSW2-mst-region]instance 3 vlan 3
[LSW2-mst-region]active region-configuration
[LSW2-mst-region]q
[LSW2]stp instance 2 root secondary
[LSW2]stp instance 3 root primary 配置边缘设备
LSW3:
[LSW3]port-group group-member GigabitEthernet 0/0/3 to GigabitEthernet 0/0/4
[LSW3-port-group]stp edged-port enable //配置为边缘路由器
[LSW3-GigabitEthernet0/0/3]stp edged-port enable
[LSW3-GigabitEthernet0/0/4]stp edged-port enable
[LSW3-port-group]q
[LSW3]stp bpdu-protection //开启BPDU保护机制LSW4:
[LSW4]port-group group-member GigabitEthernet 0/0/3 to GigabitEthernet 0/0/4
[LSW4-port-group]stp edged-port enable
[LSW4-GigabitEthernet0/0/3]stp edged-port enable
[LSW4-port-group]q
[LSW4]stp bpdu-protection 查询
LSW1:
LSW2:
VRRP配置
配置
LSW1:
[LSW1]int Vlanif 2
[LSW1-Vlanif2]vrrp vrid 1 virtual-ip 172.16.0.62 //配置虚拟网关IP
[LSW1-Vlanif2]vrrp vrid 1 priority 120 //将其优先级设置为120,表示为vlan 2的主网关
[LSW1-Vlanif2]q
[LSW1]int Vlanif 3
[LSW1-Vlanif3]vrrp vrid 2 virtual-ip 172.16.0.126
[LSW1-Vlanif3]q
[LSW1]int Vlanif 2
[LSW1-Vlanif2]vrrp vrid 1 track interface GigabitEthernet 0/0/1 reduced 30 //监视接口的状态实现主备快速切换的功能LSW2:
[LSW2]int Vlanif 2
[LSW2-Vlanif2]vrrp vrid 1 virtual-ip 172.16.0.62
[LSW2-Vlanif2]q
[LSW2]int Vlanif 3
[LSW2-Vlanif3]vrrp vrid 2 virtual-ip 172.16.0.126
[LSW2-Vlanif3]vrrp vrid 2 priority 120
[LSW2-Vlanif3]vrrp vrid 2 track interface GigabitEthernet 0/0/1 reduced 30查询
LSW1:
LSW2:
DHCP配置
配置
LSW1:
[LSW1]dhcp enable
[LSW1]ip pool a
[LSW1-ip-pool-a]network 172.16.0.0 mask 26
[LSW1-ip-pool-a]gateway-list 172.16.0.1
[LSW1-ip-pool-a]dns-list 8.8.8.8
[LSW1-ip-pool-a]q
[LSW1]int Vlanif 2
[LSW1-Vlanif2]dhcp select global
[LSW1-Vlanif2]q
[LSW1]ip pool b
[LSW1-ip-pool-b]network 172.16.0.64 mask 26
[LSW1-ip-pool-b]gateway-list 172.16.0.65
[LSW1-ip-pool-b]dns-list 8.8.8.8
[LSW1-ip-pool-b]q
[LSW1]int Vlanif 3
[LSW1-Vlanif3]dhcp select global LSW2:
[LSW2]dhcp enable
[LSW2]ip pool a
[LSW2-ip-pool-a]network 172.16.0.0 mask 26
[LSW2-ip-pool-a]gateway-list 172.16.0.2
[LSW2-ip-pool-a]dns-list 8.8.8.8
[LSW2-ip-pool-a]q
[LSW2]int Vlanif 2
[LSW2-Vlanif2]dhcp select global
[LSW2-Vlanif2]q
[LSW2]ip pool b
[LSW2-ip-pool-b]network 172.16.0.64 mask 26
[LSW2-ip-pool-b]gateway-list 172.16.0.66
[LSW2-ip-pool-b]dns-list 8.8.8.8
[LSW2-ip-pool-b]q
[LSW2]int Vlanif 3
[LSW2-Vlanif3]dhcp select global 检测
先将PC获取IP的方式修改为DHCP:
PC1:
PC2:
PC3:
PC4:
全部PC均能正常获取IP地址。
达成全网通
内网全网通
这里采用ospf协议动态传递路由信息
R1:
[R1]ospf 1 rou
[R1]ospf 1 router-id 1.1.1.1
[R1-ospf-1]a 0
[R1-ospf-1-area-0.0.0.0]network 172.16.0.128 0.0.0.63
[R1-ospf-1-area-0.0.0.0]network 172.16.0.192 0.0.0.63LSW1:
[LSW1]ospf 1 router-id 2.2.2.2
[LSW1-ospf-1]a 0
[LSW1-ospf-1-area-0.0.0.0]network 172.16.0.0 0.0.0.63
[LSW1-ospf-1-area-0.0.0.0]network 172.16.0.64 0.0.0.63
[LSW1-ospf-1-area-0.0.0.0]network 172.16.0.128 0.0.0.63LSW2:
[LSW2]ospf 1 router-id 3.3.3.3
[LSW2-ospf-1]a 0
[LSW2-ospf-1-area-0.0.0.0]network 172.16.0.0 0.0.0.63
[LSW2-ospf-1-area-0.0.0.0]network 172.16.0.64 0.0.0.63
[LSW2-ospf-1-area-0.0.0.0]network 172.16.0.192 0.0.0.63查看建邻情况
R1:
LSW1:
LSW2:
ping测试
PC1pingPC2:
PC1pingPC3:
PC1pingPC4:
PC3pingPC2:
PC3pingPC4:
PC2pingPC4:
由此判定内网通。
外网通
在R1上配置一个静态缺省通向外网
[R1]ip route-static 0.0.0.0 0 12.0.0.2 在R1ospf进程中下发缺省路由,以确保内网中的设备能寻址到外网
[R1-ospf-1]default-route-advertise配置easy IP
[R1]acl 2000
[R1-acl-basic-2000]rule permit source 172.16.0.0 0.0.0.255
[R1-acl-basic-2000]q
[R1]int g 0/0/0
[R1-GigabitEthernet0/0/0]nat outbound 2000检测
PC1:
PC2:
PC3:
PC4:
438
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
