HUAWEI——路由基础

路由基础

一、配置链路聚合

目的：使用链路聚合将两条物理线路聚合成一条逻辑线路，用于实现链路负载分担和备份。

1、trunk的配置

<Huawei>system-view
[Huawei]vlan batch 2 to 6   //批量创建vlan2-6
[Huawei]int g0/0/1
[Huawei-GigabitEthernet0/0/1]port link-type trunk   //配置链路聚合模式为trunk
[Huawei-GigabitEthernet0/0/1]port trunk allow-pass vlan all   //允许所有vlan
[Huawei-GigabitEthernet0/0/1]quit

2、vlan的配置

[Huawei]int g0/0/3
[Huawei-GigabitEthernet0/0/3]port link access   //配置链路聚合模式为access
[Huawei-GigabitEthernet0/0/3]port default vlan 2    //接口加入vlan2
[Huawei-GigabitEthernet0/0/3]quit

查看vlan信息

[Huawei]display vlan

3、lacp（链路聚合协议）配置

[SW1]lacp priority 1000  //设置设备的系统LACP优先级
[SW1]int Eth-Trunk 12    //创建链路聚合逻辑接口，设置名称为Eth-Trunk 12
[SW1-Eth-Trunk12]mode lacp-static    //配置静态LACP模式
[SW1-Eth-Trunk12]load-balance dst-mac    //配置负载均衡模式为目标MAC地址
[SW1-Eth-Trunk12]trunkport GigabitEthernet 0/0/23    //添加成员接口g0/0/23
Info: This operation may take a few seconds. Please wait for a moment...done.
[SW1-Eth-Trunk12]trunkport GigabitEthernet 0/0/24
Info: This operation may take a few seconds. Please wait for a moment...done.
[SW1-Eth-Trunk12]quit

4、vlan间配置

1、S1配置

[SW1]vlan batch 2 to 9    //批量创建vlan2-9
Info: This operation may take a few seconds. Please wait for a moment...done.
[SW1]interface Eth-Trunk 12    //进入链路聚合接口
[SW1-Eth-Trunk12]port link-type trunk    //配置链路聚合接口为trunk
[SW1-Eth-Trunk12]port trunk allow-pass vlan all    //允许所有vlan
[SW1-Eth-Trunk12]quit
[SW1]int g0/0/2
[SW1-GigabitEthernet0/0/2]port link trunk
[SW1-GigabitEthernet0/0/2]port trunk allow-pass vlan all
[SW1-GigabitEthernet0/0/2]int g0/0/3
[SW1-GigabitEthernet0/0/3]port link trunk
[SW1-GigabitEthernet0/0/3]port trunk allow-pass vlan all
[SW1-GigabitEthernet0/0/3]int g0/0/1
[SW1-GigabitEthernet0/0/1]port link access
[SW1-GigabitEthernet0/0/1]port def	
[SW1-GigabitEthernet0/0/1]port default vlan 7
[SW1-GigabitEthernet0/0/1]quit
[SW1]interface Vlanif 2
[SW1-Vlanif2]ip add 192.168.2.1 255.255.255.0
[SW1-Vlanif2]interface Vlanif 3
[SW1-Vlanif3]ip add 192.168.3.1 255.255.255.0
[SW1-Vlanif3]interface Vlanif 4
[SW1-Vlanif4]ip add 192.168.4.1 255.255.255.0
[SW1-Vlanif4]interface Vlanif 7
[SW1-Vlanif7]ip add 192.168.7.1 255.255.255.0
[SW1-Vlanif7]interface Vlanif 9
[SW1-Vlanif9]ip add 192.168.9.1 255.255.255.0

2、S2配置

[Huawei]int Eth-Trunk 12
[Huawei-Eth-Trunk12]mode lacp-static
[Huawei-Eth-Trunk12]trunkport GigabitEthernet 0/0/23
Info: This operation may take a few seconds. Please wait for a moment...done.
[Huawei-Eth-Trunk12]trunkport GigabitEthernet 0/0/24
Info: This operation may take a few seconds. Please wait for a moment...done.
[Huawei-Eth-Trunk12]quit
[Huawei]vlan batch 2 to 9
Info: This operation may take a few seconds. Please wait for a moment...done.
[Huawei]interface Eth-Trunk 12
[Huawei-Eth-Trunk12]port link trunk
[Huawei-Eth-Trunk12]port trunk allow vlan all
[Huawei-Eth-Trunk12]int g0/0/2
[Huawei-GigabitEthernet0/0/2]port link trunk
[Huawei-GigabitEthernet0/0/2]port trunk allow vlan all
[Huawei-GigabitEthernet0/0/2]int g0/0/3
[Huawei-GigabitEthernet0/0/3]port link trunk
[Huawei-GigabitEthernet0/0/3]port trunk allow vlan all
[Huawei-GigabitEthernet0/0/3]int g0/0/1
[Huawei-GigabitEthernet0/0/1]port link access
[Huawei-GigabitEthernet0/0/1]port default vlan 8
[Huawei-GigabitEthernet0/0/1]quit
[Huawei]interface Vlanif 5
[Huawei-Vlanif5]ip add 192.168.5.1 24
[Huawei-Vlanif5]interface Vlanif 6
[Huawei-Vlanif6]ip add 192.168.6.1 24
[Huawei-Vlanif6]interface Vlanif 8
[Huawei-Vlanif8]ip add 192.168.8.1 24
[Huawei-Vlanif8]interface Vlanif 9
[Huawei-Vlanif9]ip add 192.168.9.1 24

二、OSPF 的配置

[R2]ospf 110    //进入ospf进程模式，进程ID号为110
[R2-ospf-110]area 0    //进入area 0区域
[R2-ospf-110-area-0.0.0.0]network 192.168.7.0 0.0.0.255    //宣告网络
[R2-ospf-110-area-0.0.0.0]network 192.168.8.0 0.0.0.255
[R2-ospf-110-area-0.0.0.0]quit
[R2-ospf-110]quit

[SW1]ospf 110
[SW1-ospf-110]area 0
[SW1-ospf-110-area-0.0.0.0]network 192.168.7.0 0.0.0.255
[SW1-ospf-110-area-0.0.0.0]network 192.168.2.0 0.0.0.255
[SW1-ospf-110-area-0.0.0.0]network 192.168.3.0 0.0.0.255
[SW1-ospf-110-area-0.0.0.0]network 192.168.4.0 0.0.0.255
[SW1-ospf-110-area-0.0.0.0]network 192.168.9.0 0.0.0.255
[SW1-ospf-110-area-0.0.0.0]quit
[SW1-ospf-110]quit

[SW2]ospf 110
[SW2-ospf-110]area 0
[SW2-ospf-110-area-0.0.0.0]network 192.168.8.0 0.0.0.255
[SW2-ospf-110-area-0.0.0.0]network 192.168.9.0 0.0.0.255
[SW2-ospf-110-area-0.0.0.0]network 192.168.5.0 0.0.0.255
[SW2-ospf-110-area-0.0.0.0]network 192.168.6.0 0.0.0.255
[SW2-ospf-110-area-0.0.0.0]quit
[SW2-ospf-110]quit

查看ospf学习到的路由表

[SW2]display ospf routing 

	 OSPF Process 110 with Router ID 192.168.5.1
		  Routing Tables 

 Routing for Network 
 Destination        Cost  Type       NextHop         AdvRouter       Area
 192.168.5.0/24     1     Stub       192.168.5.1     192.168.5.1     0.0.0.0
 192.168.6.0/24     1     Stub       192.168.6.1     192.168.5.1     0.0.0.0
 192.168.8.0/24     1     Transit    192.168.8.1     192.168.5.1     0.0.0.0
 192.168.9.0/24     1     Stub       192.168.9.1     192.168.5.1     0.0.0.0
 192.168.2.0/24     3     Stub       192.168.8.2     192.168.2.1     0.0.0.0
 192.168.3.0/24     3     Stub       192.168.8.2     192.168.2.1     0.0.0.0
 192.168.4.0/24     3     Stub       192.168.8.2     192.168.2.1     0.0.0.0
 192.168.7.0/24     2     Transit    192.168.8.2     192.168.7.2     0.0.0.0

 Total Nets: 8  
 Intra Area: 8  Inter Area: 0  ASE: 0  NSSA: 0 

三、单臂路由配置

[R4]int g0/0/0.10    //进入子接口
[R4-GigabitEthernet0/0/0.10]dot1q termination vid 10    //子接口和vlan10关联
[R4-GigabitEthernet0/0/0.10]ip add 192.168.10.1 24    //配置子接口IP
[R4-GigabitEthernet0/0/0.10]arp broadcast enable    //子接口打开arp开关
[R4-GigabitEthernet0/0/0.10]int g0/0/0.11
[R4-GigabitEthernet0/0/0.11]dot1q termination vid 11
[R4-GigabitEthernet0/0/0.11]ip add 192.168.11.1 24
[R4-GigabitEthernet0/0/0.11]arp broadcast enable

四、RIP的配置

[R3]rip    //进入RIP进程模式，默认ID为1
[R3-rip-1]undo summary     //关闭RIP的自动汇总
[R3-rip-1]version 2    //指定RIP版本
[R3-rip-1]network 192.168.12.0    //宣告网络
[R3-rip-1]network 192.168.13.0

五、配置路由器重分发

[R2]ospf 110    //进入ospf进程模式
[R2-ospf-110]import-route rip 1    //将RIP协议重分发到OSPF中
[R2-ospf-110]rip    //进入RIP进程模式
[R2-rip-1]import-route ospf 110    //将OSPF协议重分发到RIP中
[R2-rip-1]quit

查看路由表

[R2]display ip routing-table

查看接口配置IP地址

[R2]display ip interface brief

六、配置NAT及访问控制

1、配置默认路由去往internet

[R2]ip route-static 0.0.0.0 0.0.0.0 200.0.0.2    //配置静态路由

2、默认路由重分发

[R2]ospf 110
[R2-ospf-110]default-route-advertise     //向OSPF注入静态路由
[R2-ospf-110]quit
[R2]rip
[R2-rip-1]default-route originate     //向RIP注入一条默认路由
[R2-rip-1]quit

3、配置PAT实现内网能访问internet

[R2]nat address-group 1 200.0.0.100 200.0.0.100    //配置NAT组
[R2]acl 2000    //编写编号为2000的ACL
[R2-acl-basic-2000]rule 0 permit source any    //规则0：允许所有通过
[R2-acl-basic-2000]quit
[R2]int g3/0/0
[R2-GigabitEthernet3/0/0]nat outbound 2000 address-group 1    //NAT转换，2000为address-group 1
[R2-GigabitEthernet3/0/0]quit

4、配置静态NAT，将服务器发布到internet

[R2]int g3/0/0
[R2-GigabitEthernet3/0/0]nat server global 200.0.0.200 inside 192.168.2.10    //配置NAT映射，将服务器映射为公网地址200.0.0.200
[R2-GigabitEthernet3/0/0]quit

5、ACL控制192.168.10.0网段不能访问internet

[R2]acl 3000    //配置编号为2000的ACL
[R2-acl-adv-3000]rule 0 deny ip source 192.168.10.0 0.0.0.255 destination 200.0.0.0 0.0.0.255    //规则0：拒绝IP为源地址192.168.10.0网段去往200.0.0.0网段
[R2-acl-adv-3000]rule 5 deny ip source 192.168.10.0 0.0.0.255 destination 201.0.0.0 0.0.0.255
//规则5：拒绝IP为源地址192.168.10.0网段去往201.0.0.0网段
[R2-acl-adv-3000]quit
[R2]int g0/0/2
[R2-GigabitEthernet0/0/2]traffic-filter inbound acl 3000    //接口调用ACL3000
[R2-GigabitEthernet0/0/2]quit

查看NAT转换条目

[R2]display nat session all

查看ACL信息

[R2]display acl all

查看ospf邻居信息

[R2]display acl all