ensp站点A与站点B之间互通（中小型网络）

最新推荐文章于 2023-12-11 23:54:20 发布

βØ

最新推荐文章于 2023-12-11 23:54:20 发布

阅读量374

点赞数 2

分类专栏： ensp网络运维实操文章标签：网络

本文链接：https://blog.csdn.net/weixin_62868636/article/details/134319659

版权

ensp网络运维实操专栏收录该内容

2 篇文章 0 订阅

订阅专栏

需求：

站点A：
（1）链路聚合
LSW1与LSW2之间做LACP链路聚合，最多活动链路数为2条，主动端为LSW1，并允许抢占
（2）VRRP
LSW1作为vlan10的网关，LSW2作为VLAN20的网关；
（3）VLAN
为了保证安全与可靠性，交换机之间互联链路允许相应的VLAN通行
（4）MSTP
站点A内所有交换设运行MPTP协议，一个VLAN对应一个实例；
LSW1作为instance10的根桥，instance20为备份根桥
LSW2作为instance20的根桥，instance10为备份根桥
连接终端的连接口配置为边缘端口，并开启BPDU保护功能
（5）OSPF
站点A内网使用OSPF协议
（6）telnet
telnet-sever设备作为内网的telnet服务器；
使用AAA方式，用户名hcia，密码hcia，设置最高权限
（7）DHCP
LSW1作为VLAN10的DHCP服务器，当LSW1设备故障，选择LSW2作为DHCP服务器
LSW2作为VLAN20的DHCP服务器，当LSW2设备故障，选择LSW1作为DHCP服务器
采用全局地址池方式为终端分配IP地址
（8）NAT
出口设备为NAT设备，使用NAPT访问外网。
（9）OSPF COST
AR3与出口设备互联，G0/0/1接口作为主路径；G0/0/2接口作为备份路径；考虑来回路径一致
（10）默认路由
出口设备配置一条默认路由通向外网，并将默认路由下发至OSPF区域内

LSW1
interface GigabitEthernet0/0/1
 port link-type access
 port default vlan 11
interface GigabitEthernet0/0/10
 port link-type trunk
 port trunk allow-pass vlan 10 20
#
interface GigabitEthernet0/0/11
 port link-type trunk
 port trunk allow-pass vlan 10 20

interface Eth-Trunk1
 mode lacp-static
 lacp preempt enable
 max active-linknumber 2

interface GigabitEthernet0/0/20
 eth-trunk 1
#
interface GigabitEthernet0/0/21
 eth-trunk 1
#
interface GigabitEthernet0/0/22
 eth-trunk 1
#
lacp priority 4096
#

interface Vlanif10
 ip address 192.168.10.1 255.255.255.0
 vrrp vrid 10 virtual-ip 192.168.10.254
 vrrp vrid 10 priority 120
 dhcp select global
#
interface Vlanif11
 ip address 11.1.1.2 255.255.255.0
#
interface Vlanif20
 ip address 192.168.20.1 255.255.255.0
 vrrp vrid 20 virtual-ip 192.168.20.254
 dhcp select global
#
#
ospf 1
 area 0.0.0.0
  network 192.168.10.0 0.0.0.255
  network 192.168.20.0 0.0.0.255
  network 11.1.1.0 0.0.0.255
#

MSTP
[LSW1]stp mode mstp
stp region-configuration
 region-name HUAWEI
 instance 10 vlan 10
 instance 20 vlan 20
 active region-configuration
#
#
stp instance 10 root primary
stp instance 20 root secondary

LSW2
interface Vlanif10
 ip address 192.168.10.2 255.255.255.0
 vrrp vrid 10 virtual-ip 192.168.10.254
 dhcp select global
#
interface Vlanif20
 ip address 192.168.20.2 255.255.255.0
 vrrp vrid 20 virtual-ip 192.168.20.254
 vrrp vrid 20 priority 120
 dhcp select global

#
interface Eth-Trunk1
 mode lacp-static
 lacp preempt enable
 max active-linknumber 2
#
[LSW2-Eth-Trunk1]trunkport GigabitEthernet 0/0/20 0/0/21 0/0/22
interface Vlanif22
 ip address 22.1.1.2 255.255.255.0
#
interface GigabitEthernet0/0/10
 port link-type trunk
 port trunk allow-pass vlan 10 20
#
interface GigabitEthernet0/0/11
 port link-type trunk
 port trunk allow-pass vlan 10 20
#
ospf 1
 area 0.0.0.0
  network 192.168.10.0 0.0.0.255
  network 192.168.20.0 0.0.0.255
  network 22.1.1.0 0.0.0.255


LSW3
interface Vlanif12
 ip address 22.1.1.2 255.255.255.0

interface Ethernet0/0/1
 port link-type access
 port default vlan 10
 stp edged-port enable
#
interface Ethernet0/0/2
 port link-type access
 port default vlan 20
 stp edged-port enable
#

interface Ethernet0/0/10
 port link-type trunk
 port trunk allow-pass vlan 10 20
#
interface Ethernet0/0/11
 port link-type trunk
 port trunk allow-pass vlan 10 20
#
interface GigabitEthernet0/0/1
 port link-type access
 port default vlan 12
#

LSW4
#
interface Ethernet0/0/1
 port link-type access
 port default vlan 10
 stp edged-port enable
#
interface Ethernet0/0/2
 port link-type access
 port default vlan 20
 stp edged-port enable

interface Ethernet0/0/10
 port link-type trunk
 port trunk allow-pass vlan 10 20
#
interface Ethernet0/0/11
 port link-type trunk
 port trunk allow-pass vlan 10 20

AR1
#
interface GigabitEthernet0/0/0
 ip address 11.1.1.1 255.255.255.0 
#
interface GigabitEthernet0/0/1
ip address 22.1.1.1 255.255.255.0
#
interface GigabitEthernet0/0/2
 ip address 12.1.1.1 255.255.255.0 
#
interface GigabitEthernet1/0/0
 ip address 10.1.13.1 255.255.255.0 

ospf 1 
 area 0.0.0.0 
  network 10.1.13.0 0.0.0.255 
  network 11.1.1.0 0.0.0.255 
  network 12.1.1.0 0.0.0.255 
  network 22.1.1.0 0.0.0.255 
#

Telnet
user-interface vty 0 4
 authentication-mode aaa

local-user hcia password cipher huawei
 local-user hcia privilege level 3
 local-user admin password cipher %$%$K8m.Nt84DZ}e#<0`8bmE3Uw}%$%$
 local-user admin service-type telnet

#
ospf 1 
 area 0.0.0.0 
  network 12.1.1.0 0.0.0.255 
#


AR3
#
interface GigabitEthernet0/0/0
 ip address 2.2.2.3 255.255.255.0 
 ospf cost 100
#
interface GigabitEthernet0/0/1
 ip address 1.1.1.3 255.255.255.0 
#
interface GigabitEthernet0/0/2
#
interface GigabitEthernet1/0/0
 ip address 10.1.13.3 255.255.255.0 
#

ospf 1 
 area 0.0.0.0 
  network 1.1.1.0 0.0.0.255 
  network 2.2.2.0 0.0.0.255 
  network 10.1.13.0 0.0.0.255 
#


出口路由器out1
acl number 2000  
 rule 5 permit source 192.168.10.0 0.0.0.255 
 rule 10 permit source 192.168.20.0 0.0.0.255 

nat address-group 1 100.1.1.10 100.1.1.10
#
interface GigabitEthernet0/0/0
 ip address 2.2.2.2 255.255.255.0 
 ospf cost 100
#
interface GigabitEthernet0/0/1
 ip address 1.1.1.2 255.255.255.0 
#
interface GigabitEthernet0/0/2
 ip address 100.1.1.2 255.255.255.0 
 nat outbound 2000

interface Tunnel0/0/0
 ip address 101.1.1.1 255.255.255.0 
 tunnel-protocol gre
 source 100.1.1.1
 destination 100.1.2.1
#
ospf 1 
 default-route-advertise
 area 0.0.0.0 
  network 1.1.1.0 0.0.0.255 
  network 2.2.2.0 0.0.0.255 
#
ospf 2 
 import-route ospf 1
 area 0.0.0.0 
  network 100.1.1.0 0.0.0.255 
  network 101.1.1.0 0.0.0.255 
#
ip route-static 0.0.0.0 0.0.0.0 100.1.1.5

站点B：
（1）NAT
内网用户访问外网时，选择出口IP地址作为NAT转换
出口设备2配置一条默认路由通向外网，并将默认路由下发内网中；
（2）VLAN间通信
PC5与PC6通过单臂路由技术使网络互联
（3）OSPF
内网中网络互联使用OSPF进程1，area 0

B
out2

ospf 1 
 default-route-advertise
 area 0.0.0.0 
  network 10.1.1.0 0.0.0.255 
  network 100.1.2.0 0.0.0.255 
#
ospf 2 
 import-route ospf 1
 area 0.0.0.0 
  network 101.1.1.0 0.0.0.255 
#

interface GigabitEthernet0/0/0
 ip address 100.1.2.1 255.255.255.0 
#
interface GigabitEthernet0/0/1
 ip address 10.1.1.100 255.255.255.0 
#
interface GigabitEthernet0/0/2
#
interface NULL0
#
interface Tunnel0/0/0
 ip address 101.1.1.2 255.255.255.0 
 tunnel-protocol gre
 source 100.1.2.1
 destination 100.1.1.1
#

AR10
#
interface GigabitEthernet0/0/0
 ip address 10.1.1.10 255.255.255.0 
#
interface GigabitEthernet0/0/0.1
#
interface GigabitEthernet0/0/0.2
#
interface GigabitEthernet0/0/1
#
interface GigabitEthernet0/0/1.1
 dot1q termination vid 50
 ip address 192.168.50.254 255.255.255.0 
 arp broadcast enable
#
interface GigabitEthernet0/0/1.2
 dot1q termination vid 60
 ip address 192.168.60.254 255.255.255.0 
 arp broadcast enable
#
ospf 1 
 area 0.0.0.0 
  network 10.1.1.0 0.0.0.255 
  network 192.168.50.0 0.0.0.255 
  network 192.168.60.0 0.0.0.255 
#


LSW5
interface Ethernet0/0/1
 port link-type trunk
 port trunk allow-pass vlan 50 60
#
interface Ethernet0/0/2
 port link-type access
 port default vlan 50
#
interface Ethernet0/0/3
 port link-type access
 port default vlan 60

ospf 1
 area 0.0.0.0
  network 192.168.50.0 0.0.0.255
  network 192.168.60.0 0.0.0.255

ISP运营商：
（1）OSPF
整个网络采用OSPF进程2互联，区域0；

ISP
AR5
interface GigabitEthernet0/0/0
 ip address 100.1.1.5 255.255.255.0 
#
interface GigabitEthernet0/0/1
 ip address 100.1.56.5 255.255.255.0 
#
interface GigabitEthernet0/0/2
 ip address 100.1.57.5 255.255.255.0 
#
#
ospf 2 
 area 0.0.0.0 
  network 100.1.1.0 0.0.0.255 
  network 100.1.56.0 0.0.0.255 
  network 100.1.57.0 0.0.0.255 
#
AR7
interface GigabitEthernet0/0/0
 ip address 100.1.57.7 255.255.255.0 
#
interface GigabitEthernet0/0/1
 ip address 100.1.78.7 255.255.255.0
#
ospf 2 
 area 0.0.0.0 
  network 100.1.57.0 0.0.0.255 
  network 100.1.78.0 0.0.0.255 
#
AR8
[AR8]dis current-configuration int
[V200R003C00]
#
interface GigabitEthernet0/0/0
 ip address 100.1.68.8 255.255.255.0 
#
interface GigabitEthernet0/0/1
 ip address 100.1.78.8 255.255.255.0 
#
interface GigabitEthernet0/0/2
 ip address 100.1.2.8 255.255.255.0 
#
interface NULL0
#
return
[AR8]ospf 2
[AR8-ospf-2]dis th
[V200R003C00]
#
ospf 2 
 area 0.0.0.0 
  network 100.1.2.0 0.0.0.255 
  network 100.1.68.0 0.0.0.255 
  network 100.1.78.0 0.0.0.255 
#

AR6
[AR6]dis current-configuration int
[V200R003C00]
#
interface GigabitEthernet0/0/0
 ip address 100.1.56.6 255.255.255.0 
#
interface GigabitEthernet0/0/1
 ip address 100.1.68.6 255.255.255.0 
#
interface GigabitEthernet0/0/2
#
interface NULL0
#
return
[AR6]ospf 2
[AR6-ospf-2]dis th
[V200R003C00]
#
ospf 2 
 area 0.0.0.0 
  network 100.1.56.0 0.0.0.255 
  network 100.1.68.0 0.0.0.255 
#

GRE隧道：
站点内的出口设备之间部署GRE隧道，承载内网之间的流量；将隧道口加入OSPF内网进程1中
tunnel口网段102.1.1.xy（xy设备编号）
站点A与站点B之间私网互通，优先走GRE隧道，当GRE隧道故障，才选择ISP路径访问

整体效果：
站点A与站点B之间通信
PC>tracert 192.168.50.1

traceroute to 192.168.50.1, 8 hops max
(ICMP), press Ctrl+C to stop
 1  192.168.10.1   63 ms  31 ms  47 ms
 2  11.1.1.1   93 ms  63 ms  78 ms
 3  10.1.13.3   63 ms  93 ms  63 ms
 4  1.1.1.2   78 ms  109 ms  94 ms
 5  102.1.1.2   109 ms  110 ms  109 ms
 6  10.1.1.10   125 ms  110 ms  125 ms
 7  192.168.50.1   140 ms  156 ms  141 ms

当tunnel口故障：
PC>tracert 192.168.50.1

traceroute to 192.168.50.1, 8 hops max
(ICMP), press Ctrl+C to stop
 1  192.168.10.1   47 ms  47 ms  47 ms
 2  11.1.1.1   78 ms  78 ms  78 ms
 3  10.1.13.3   94 ms  94 ms  78 ms
 4    *  *  *
 5  100.1.1.5   63 ms  125 ms  109 ms
 6  100.1.57.7   109 ms  110 ms  93 ms
 7  100.1.78.8   125 ms  110 ms  109 ms
 8  100.1.2.1   110 ms  109 ms  125 ms