eNSP—综合实验
实验拓扑图如下:
LSW2的配置:
<Huawei>sys
[Huawei]undo info-center enable
[Huawei]sysname LSW1
[LSW2]vlan batch 10 20
[LSW2]int g0/0/1
[LSW2-GigabitEthernet0/0/1]port link-type access
[LSW2-GigabitEthernet0/0/1]port default vlan 10
[LSW2-GigabitEthernet0/0/1]quit
[LSW2]int g0/0/2
[LSW2-GigabitEthernet0/0/2]port link-type access
[LSW2-GigabitEthernet0/0/2]port default vlan 20
[LSW2-GigabitEthernet0/0/2]quit
[LSW2]int g0/0/3
[LSW2-GigabitEthernet0/0/3]port link-type trunk
[LSW2-GigabitEthernet0/0/3]port trunk allow-pass vlan all
LSW1的配置:
(1)、vlan的配置:
[LSW1]vlan batch 10 20 30
[LSW1]int g0/0/3
[LSW1-GigabitEthernet0/0/3]port link-type trunk
[LSW1-GigabitEthernet0/0/3]port trunk allow-pass vlan 10 20
[LSW1-GigabitEthernet0/0/3]quit
[LSW1]int vlanif 10
[LSW1-Vlanif10]ip add 192.168.10.254 24
[LSW1-Vlanif10]quit
[LSW1]int vlanif 20
[LSW1-Vlanif20]ip add 192.168.20.254 24
[LSW1-Vlanif20]quit
(2)、DHCP配置:
PC1的配置:
[LSW1]ip pool vlan10
[LSW1-ip-pool-vlan10]network 192.168.10.0 mask 255.255.255.0
[LSW1-ip-pool-vlan10]gateway-list 192.168.10.254
[LSW1-ip-pool-vlan10]dns-list 8.8.8.8
[LSW1-ip-pool-vlan10]excluded-ip-address 192.168.10.2 192.168.10.253
[LSW1-ip-pool-vlan10]lease day 3
[LSW1-ip-pool-vlan10]quit
[LSW1]int vlanif 10
[LSW1-Vlanif10]dhcp select global
PC2的配置:
[LSW1]ip pool vlan20
[LSW1-ip-pool-vlan20]network 192.168.20.0 mask 255.255.255.0
[LSW1-ip-pool-vlan20]gateway-list 192.168.20.254
[LSW1-ip-pool-vlan20]dns-list 8.8.8.8
[LSW1-ip-pool-vlan20]excluded-ip-address 192.168.20.2 192.168.20.253
[LSW1-ip-pool-vlan20]lease day 3
[LSW1-ip-pool-vlan20]quit
[LSW1]int vlanif 20
[LSW1-Vlanif20]dhcp select global
PC1 ping PC2 结果
LSW1接口配置:
[LSW1]int g0/0/1
[LSW1-GigabitEthernet0/0/1]port link-type access
[LSW1-GigabitEthernet0/0/1]port default vlan 30
[LSW1-GigabitEthernet0/0/1]quit
[LSW1]int vlanif 30
[LSW1-Vlanif30]ip add 192.168.30.254 24
(3)、内网全通配置:
[LSW1]rip
[LSW1-rip-1]net 192.168.30.0
[LSW1-rip-1]net 192.168.10.0
[LSW1-rip-1]net 192.168.20.0
(4)、实现访问公网
[LSW1]ip route-static 0.0.0.0 0.0.0.0 192.168.30.3
AR1的配置:
(1)、接口配置:
[AR1]int g0/0/1
[AR1-GigabitEthernet0/0/1]ip add 192.168.30.3 24
[AR1-GigabitEthernet0/0/1]undo shut
[AR1-GigabitEthernet0/0/1]quit
[AR1]int g0/0/0
[AR1-GigabitEthernet0/0/0]ip add 12.1.1.3 24
[AR1-GigabitEthernet0/0/0]undo shut
[AR1-GigabitEthernet0/0/0]quit
[AR1]int g0/0/2
[AR1-GigabitEthernet0/0/2]ip add 23.1.1.3 24
[AR1-GigabitEthernet0/0/2]undo shut
(2)、内网全通配置:
[AR1]rip
[AR1-rip-1]net 192.168.30.0
(3)、NAT的配置(192.168.10.0和192.168.20.0网段可以访问电信):
[AR1]acl 2000
[AR1-acl-basic-2000]rule 10 permit source 192.168.10.0 0.0.0.255
[AR1-acl-basic-2000]rule 20 permit source 192.168.20.0 0.0.0.255
[AR1-acl-basic-2000]quit
[AR1]int g0/0/0
[AR1-GigabitEthernet0/0/0]nat outbound 2000 \\使用出口的IP访问
[AR1-GigabitEthernet0/0/0]quit
[AR1]int g0/0/2
[AR1-GigabitEthernet0/0/2]nat ou
[AR1-GigabitEthernet0/0/2]nat outbound 2000
[AR1-GigabitEthernet0/0/2]
(4)、实现访问公网的配置:
[AR1]ip route-static 0.0.0.0 0.0.0.0 12.1.1.1 preference 50 \\优先通过访问电信 默认优先级60,路由优先级越小,先选择该路由
[AR1]ip route-static 0.0.0.0 0.0.0.0 23.1.1.2
(5)、策略路由1,实现电信挂机,走联通的配置:
bfd去监测去电信的默认路由是否正常,不正常就从路由表中删除
[AR1]undo ip route-static 0.0.0.0 0.0.0.0 12.1.1.1 preference 50
[AR1]bfd
[AR1-bfd]quit
[AR1]bfd dianxin bind peer-ip 12.1.1.1 source-ip 12.1.1.3 auto
[AR1-bfd-session-dianxin]quit
[AR1]ip route-static 0.0.0.0 0.0.0.0 12.1.1.1 preference 50 track bfd-s
[AR1]ip route-static 0.0.0.0 0.0.0.0 12.1.1.1 preference 50 track bfd-session dianxin
当去电信的默认路由正常的时候,无论访问电信的1.1.1.1还是联通的2.2.2.2
,路由都是从电信那边走的。
模拟电信出故障:
改变AR1的g0/0/0接口IP,可以方向bfd 的状态是down
再次tracert一下2.2.2.2,发现不走电信,而是走联通。
(6)、策略路由2,教学楼走电信出口,宿舍楼走联通出口
前提:
- 配置ACL,匹配流量
[AR1]acl 2010
[AR1-acl-basic-2010]rule 10 permit source 192.168.10.0 0.0.0.255
[AR1-acl-basic-2010]quit
[AR1]acl 2020
[AR1-acl-basic-2020]rule 10 permit source 192.168.20.0 0.0.0.255
- 流分类
[AR1]traffic classifier jiaoxue
[AR1-classifier-jiaoxue]if-match acl 2010
[AR1-classifier-jiaoxue]quit
[AR1]traffic classifier sushe
[AR1-classifier-sushe]if-match acl 2020
- 流行为
[AR1]traffic behavior re-dianxin
[AR1-behavior-re-dianxin]redirect ip-nexthop 12.1.1.1
[AR1-behavior-re-dianxin]quit
[AR1]traffic behavior re-liantong
[AR1-behavior-re-liantong]redirect ip-nexthop 23.1.1.2
- 流策略
[AR1]traffic policy p
[AR1-trafficpolicy-p]classifier jiaoxue behavior re-dianxin \\流分类和流行为绑定,教学楼和电信绑定,实现教学楼走电信网
[AR1-trafficpolicy-p]classifier sushe behavior re-liantong \\流分类和流行为绑定,宿舍楼和联通绑定,实现宿舍楼走联通网
- 入接口应用策略路由
[AR1]int g0/0/1
[AR1-GigabitEthernet0/0/1]traffic-policy p inbound
实验结果发现PC1(教学楼)只会从电信出
实验结果发现PC2(宿舍楼)只会从联通出
AR2 的配置:
<AR2>sys
[AR2]int g0/0/0
[AR2-GigabitEthernet0/0/0]ip add 12.1.1.1 24
[AR2-GigabitEthernet0/0/0]undo shut
[AR2-GigabitEthernet0/0/0]quit
[AR2]int g0/0/1
[AR2-GigabitEthernet0/0/1]ip add 100.1.1.1 24
[AR2-GigabitEthernet0/0/1]undo shut
[AR2-GigabitEthernet0/0/1]quit
[AR2]int LoopBack 0
[AR2-LoopBack0]ip add 1.1.1.1 24
AR3的配置:
<AR3>sys
[AR3]int g0/0/1
[AR3-GigabitEthernet0/0/1]ip add 100.1.1.2 24
[AR3-GigabitEthernet0/0/1]undo shut
[AR3-GigabitEthernet0/0/1]quit
[AR3]int g0/0/2
[AR3-GigabitEthernet0/0/2]ip add 23.1.1.2 24
[AR3-GigabitEthernet0/0/2]undo shut
[AR3-GigabitEthernet0/0/2]quit
[AR3]int LoopBack 0
[AR3-LoopBack0]ip add 2.2.2.2 24
[AR3-LoopBack0]quit
使电信与联通可以学习到彼此的路由:
AR2的配置:
[AR2]rip
[AR2-rip-1]vers
[AR2-rip-1]version 2
[AR2-rip-1]net 100.0.0.0
[AR2-rip-1]net 12.0.0.0
[AR2-rip-1]net 1.0.0.0
AR3的配置:
[AR3]rip
[AR3-rip-1]vers
[AR3-rip-1]version 2
[AR3-rip-1]net 100.0.0.0
[AR3-rip-1]net 23.0.0.0
[AR3-rip-1]net 2.0.0.0