需求:
站点A:
(1)链路聚合
LSW1与LSW2之间做LACP链路聚合,最多活动链路数为2条,主动端为LSW1,并允许抢占
(2)VRRP
LSW1作为vlan10的网关,LSW2作为VLAN20的网关;
(3)VLAN
为了保证安全与可靠性,交换机之间互联链路允许相应的VLAN通行
(4)MSTP
站点A内所有交换设运行MPTP协议,一个VLAN对应一个实例;
LSW1作为instance10的根桥,instance20为备份根桥
LSW2作为instance20的根桥,instance10为备份根桥
连接终端的连接口配置为边缘端口,并开启BPDU保护功能
(5)OSPF
站点A内网使用OSPF协议
(6)telnet
telnet-sever设备作为内网的telnet服务器;
使用AAA方式,用户名hcia,密码hcia,设置最高权限
(7)DHCP
LSW1作为VLAN10的DHCP服务器,当LSW1设备故障,选择LSW2作为DHCP服务器
LSW2作为VLAN20的DHCP服务器,当LSW2设备故障,选择LSW1作为DHCP服务器
采用全局地址池方式为终端分配IP地址
(8)NAT
出口设备为NAT设备,使用NAPT访问外网。
(9)OSPF COST
AR3与出口设备互联,G0/0/1接口作为主路径;G0/0/2接口作为备份路径;考虑来回路径一致
(10)默认路由
出口设备配置一条默认路由通向外网,并将默认路由下发至OSPF区域内
LSW1
interface GigabitEthernet0/0/1
port link-type access
port default vlan 11
interface GigabitEthernet0/0/10
port link-type trunk
port trunk allow-pass vlan 10 20
#
interface GigabitEthernet0/0/11
port link-type trunk
port trunk allow-pass vlan 10 20
interface Eth-Trunk1
mode lacp-static
lacp preempt enable
max active-linknumber 2
interface GigabitEthernet0/0/20
eth-trunk 1
#
interface GigabitEthernet0/0/21
eth-trunk 1
#
interface GigabitEthernet0/0/22
eth-trunk 1
#
lacp priority 4096
#
interface Vlanif10
ip address 192.168.10.1 255.255.255.0
vrrp vrid 10 virtual-ip 192.168.10.254
vrrp vrid 10 priority 120
dhcp select global
#
interface Vlanif11
ip address 11.1.1.2 255.255.255.0
#
interface Vlanif20
ip address 192.168.20.1 255.255.255.0
vrrp vrid 20 virtual-ip 192.168.20.254
dhcp select global
#
#
ospf 1
area 0.0.0.0
network 192.168.10.0 0.0.0.255
network 192.168.20.0 0.0.0.255
network 11.1.1.0 0.0.0.255
#
MSTP
[LSW1]stp mode mstp
stp region-configuration
region-name HUAWEI
instance 10 vlan 10
instance 20 vlan 20
active region-configuration
#
#
stp instance 10 root primary
stp instance 20 root secondary
LSW2
interface Vlanif10
ip address 192.168.10.2 255.255.255.0
vrrp vrid 10 virtual-ip 192.168.10.254
dhcp select global
#
interface Vlanif20
ip address 192.168.20.2 255.255.255.0
vrrp vrid 20 virtual-ip 192.168.20.254
vrrp vrid 20 priority 120
dhcp select global
#
interface Eth-Trunk1
mode lacp-static
lacp preempt enable
max active-linknumber 2
#
[LSW2-Eth-Trunk1]trunkport GigabitEthernet 0/0/20 0/0/21 0/0/22
interface Vlanif22
ip address 22.1.1.2 255.255.255.0
#
interface GigabitEthernet0/0/10
port link-type trunk
port trunk allow-pass vlan 10 20
#
interface GigabitEthernet0/0/11
port link-type trunk
port trunk allow-pass vlan 10 20
#
ospf 1
area 0.0.0.0
network 192.168.10.0 0.0.0.255
network 192.168.20.0 0.0.0.255
network 22.1.1.0 0.0.0.255
LSW3
interface Vlanif12
ip address 22.1.1.2 255.255.255.0
interface Ethernet0/0/1
port link-type access
port default vlan 10
stp edged-port enable
#
interface Ethernet0/0/2
port link-type access
port default vlan 20
stp edged-port enable
#
interface Ethernet0/0/10
port link-type trunk
port trunk allow-pass vlan 10 20
#
interface Ethernet0/0/11
port link-type trunk
port trunk allow-pass vlan 10 20
#
interface GigabitEthernet0/0/1
port link-type access
port default vlan 12
#
LSW4
#
interface Ethernet0/0/1
port link-type access
port default vlan 10
stp edged-port enable
#
interface Ethernet0/0/2
port link-type access
port default vlan 20
stp edged-port enable
interface Ethernet0/0/10
port link-type trunk
port trunk allow-pass vlan 10 20
#
interface Ethernet0/0/11
port link-type trunk
port trunk allow-pass vlan 10 20
AR1
#
interface GigabitEthernet0/0/0
ip address 11.1.1.1 255.255.255.0
#
interface GigabitEthernet0/0/1
ip address 22.1.1.1 255.255.255.0
#
interface GigabitEthernet0/0/2
ip address 12.1.1.1 255.255.255.0
#
interface GigabitEthernet1/0/0
ip address 10.1.13.1 255.255.255.0
ospf 1
area 0.0.0.0
network 10.1.13.0 0.0.0.255
network 11.1.1.0 0.0.0.255
network 12.1.1.0 0.0.0.255
network 22.1.1.0 0.0.0.255
#
Telnet
user-interface vty 0 4
authentication-mode aaa
local-user hcia password cipher huawei
local-user hcia privilege level 3
local-user admin password cipher %$%$K8m.Nt84DZ}e#<0`8bmE3Uw}%$%$
local-user admin service-type telnet
#
ospf 1
area 0.0.0.0
network 12.1.1.0 0.0.0.255
#
AR3
#
interface GigabitEthernet0/0/0
ip address 2.2.2.3 255.255.255.0
ospf cost 100
#
interface GigabitEthernet0/0/1
ip address 1.1.1.3 255.255.255.0
#
interface GigabitEthernet0/0/2
#
interface GigabitEthernet1/0/0
ip address 10.1.13.3 255.255.255.0
#
ospf 1
area 0.0.0.0
network 1.1.1.0 0.0.0.255
network 2.2.2.0 0.0.0.255
network 10.1.13.0 0.0.0.255
#
出口路由器out1
acl number 2000
rule 5 permit source 192.168.10.0 0.0.0.255
rule 10 permit source 192.168.20.0 0.0.0.255
nat address-group 1 100.1.1.10 100.1.1.10
#
interface GigabitEthernet0/0/0
ip address 2.2.2.2 255.255.255.0
ospf cost 100
#
interface GigabitEthernet0/0/1
ip address 1.1.1.2 255.255.255.0
#
interface GigabitEthernet0/0/2
ip address 100.1.1.2 255.255.255.0
nat outbound 2000
interface Tunnel0/0/0
ip address 101.1.1.1 255.255.255.0
tunnel-protocol gre
source 100.1.1.1
destination 100.1.2.1
#
ospf 1
default-route-advertise
area 0.0.0.0
network 1.1.1.0 0.0.0.255
network 2.2.2.0 0.0.0.255
#
ospf 2
import-route ospf 1
area 0.0.0.0
network 100.1.1.0 0.0.0.255
network 101.1.1.0 0.0.0.255
#
ip route-static 0.0.0.0 0.0.0.0 100.1.1.5
站点B:
(1)NAT
内网用户访问外网时,选择出口IP地址作为NAT转换
出口设备2配置一条默认路由通向外网,并将默认路由下发内网中;
(2)VLAN间通信
PC5与PC6通过单臂路由技术使网络互联
(3)OSPF
内网中网络互联使用OSPF进程1,area 0
B
out2
ospf 1
default-route-advertise
area 0.0.0.0
network 10.1.1.0 0.0.0.255
network 100.1.2.0 0.0.0.255
#
ospf 2
import-route ospf 1
area 0.0.0.0
network 101.1.1.0 0.0.0.255
#
interface GigabitEthernet0/0/0
ip address 100.1.2.1 255.255.255.0
#
interface GigabitEthernet0/0/1
ip address 10.1.1.100 255.255.255.0
#
interface GigabitEthernet0/0/2
#
interface NULL0
#
interface Tunnel0/0/0
ip address 101.1.1.2 255.255.255.0
tunnel-protocol gre
source 100.1.2.1
destination 100.1.1.1
#
AR10
#
interface GigabitEthernet0/0/0
ip address 10.1.1.10 255.255.255.0
#
interface GigabitEthernet0/0/0.1
#
interface GigabitEthernet0/0/0.2
#
interface GigabitEthernet0/0/1
#
interface GigabitEthernet0/0/1.1
dot1q termination vid 50
ip address 192.168.50.254 255.255.255.0
arp broadcast enable
#
interface GigabitEthernet0/0/1.2
dot1q termination vid 60
ip address 192.168.60.254 255.255.255.0
arp broadcast enable
#
ospf 1
area 0.0.0.0
network 10.1.1.0 0.0.0.255
network 192.168.50.0 0.0.0.255
network 192.168.60.0 0.0.0.255
#
LSW5
interface Ethernet0/0/1
port link-type trunk
port trunk allow-pass vlan 50 60
#
interface Ethernet0/0/2
port link-type access
port default vlan 50
#
interface Ethernet0/0/3
port link-type access
port default vlan 60
ospf 1
area 0.0.0.0
network 192.168.50.0 0.0.0.255
network 192.168.60.0 0.0.0.255
ISP运营商:
(1)OSPF
整个网络采用OSPF进程2互联,区域0;
ISP
AR5
interface GigabitEthernet0/0/0
ip address 100.1.1.5 255.255.255.0
#
interface GigabitEthernet0/0/1
ip address 100.1.56.5 255.255.255.0
#
interface GigabitEthernet0/0/2
ip address 100.1.57.5 255.255.255.0
#
#
ospf 2
area 0.0.0.0
network 100.1.1.0 0.0.0.255
network 100.1.56.0 0.0.0.255
network 100.1.57.0 0.0.0.255
#
AR7
interface GigabitEthernet0/0/0
ip address 100.1.57.7 255.255.255.0
#
interface GigabitEthernet0/0/1
ip address 100.1.78.7 255.255.255.0
#
ospf 2
area 0.0.0.0
network 100.1.57.0 0.0.0.255
network 100.1.78.0 0.0.0.255
#
AR8
[AR8]dis current-configuration int
[V200R003C00]
#
interface GigabitEthernet0/0/0
ip address 100.1.68.8 255.255.255.0
#
interface GigabitEthernet0/0/1
ip address 100.1.78.8 255.255.255.0
#
interface GigabitEthernet0/0/2
ip address 100.1.2.8 255.255.255.0
#
interface NULL0
#
return
[AR8]ospf 2
[AR8-ospf-2]dis th
[V200R003C00]
#
ospf 2
area 0.0.0.0
network 100.1.2.0 0.0.0.255
network 100.1.68.0 0.0.0.255
network 100.1.78.0 0.0.0.255
#
AR6
[AR6]dis current-configuration int
[V200R003C00]
#
interface GigabitEthernet0/0/0
ip address 100.1.56.6 255.255.255.0
#
interface GigabitEthernet0/0/1
ip address 100.1.68.6 255.255.255.0
#
interface GigabitEthernet0/0/2
#
interface NULL0
#
return
[AR6]ospf 2
[AR6-ospf-2]dis th
[V200R003C00]
#
ospf 2
area 0.0.0.0
network 100.1.56.0 0.0.0.255
network 100.1.68.0 0.0.0.255
#
GRE隧道:
站点内的出口设备之间部署GRE隧道,承载内网之间的流量;将隧道口加入OSPF内网进程1中
tunnel口网段102.1.1.xy(xy设备编号)
站点A与站点B之间私网互通,优先走GRE隧道,当GRE隧道故障,才选择ISP路径访问
整体效果:
站点A与站点B之间通信
PC>tracert 192.168.50.1
traceroute to 192.168.50.1, 8 hops max
(ICMP), press Ctrl+C to stop
1 192.168.10.1 63 ms 31 ms 47 ms
2 11.1.1.1 93 ms 63 ms 78 ms
3 10.1.13.3 63 ms 93 ms 63 ms
4 1.1.1.2 78 ms 109 ms 94 ms
5 102.1.1.2 109 ms 110 ms 109 ms
6 10.1.1.10 125 ms 110 ms 125 ms
7 192.168.50.1 140 ms 156 ms 141 ms
当tunnel口故障:
PC>tracert 192.168.50.1
traceroute to 192.168.50.1, 8 hops max
(ICMP), press Ctrl+C to stop
1 192.168.10.1 47 ms 47 ms 47 ms
2 11.1.1.1 78 ms 78 ms 78 ms
3 10.1.13.3 94 ms 94 ms 78 ms
4 * * *
5 100.1.1.5 63 ms 125 ms 109 ms
6 100.1.57.7 109 ms 110 ms 93 ms
7 100.1.78.8 125 ms 110 ms 109 ms
8 100.1.2.1 110 ms 109 ms 125 ms