中型园区网络构建(总部与分支之间的通信)-华为ENSP

拓扑图

一、实验目的

1.总部和分部之间使用MPLS/BGP 虚拟专用网络和OSPF通信

二、注意事项

1.PE-1上去往CE-5NAT地址的静态路由的目的地址掩码可以不做限制
有去往CE-5的路由就可以了
2.配置DHCPDHCP-relay的路由要通

三、简单的查询命令

 1.display ip -instance verbose  查看VPN实例是否正确
 2.display current-configuration  configuration  bgp命令查看
   BGP配置
3.display bgp  v4 all routing-table ipv4-address[ 
  mask| mask-length] 命令查看目标路由确认VPNv4路由是否
  可以迭代到隧道  显示信息中 Relay Tunnel Out-Interface
  和Relay token字段不为空表示该路由可以迭代到隧道
4.display bgp v4 all routing-table ipv4-address[
 mask| mask-length]查看目标路由,确定该目标路由是否分到私网标签
5.dis bgp v4 all routing-table label 查看BGP为私网分配的标签
6.dis mpls lsp verbose  [ip  addrss  mask ]  verbose详情
 信息  下一跳标签转发表项(LFIB7.display current-configuration configuration  [特定的协
 议]  查看一些特定的协议的配置 
8.display firewall session table 检查会话

四、简单配置

AR3

sysname AR3
#
interface Ethernet0/0/0
 ip address 10.0.134.3 255.255.255.0 
#
interface GigabitEthernet0/0/0
 ip address 10.0.13.3 255.255.255.0 
#
interface GigabitEthernet0/0/1
 ip address 10.0.34.3 255.255.255.0 
#
interface GigabitEthernet0/0/2
 ip address 10.0.35.3 255.255.255.0 
#
ospf 1 
 area 0.0.0.0 
  network 10.0.35.0 0.0.0.255 
  network 10.0.134.0 0.0.0.255 
  network 10.0.13.0 0.0.0.255 
  network 10.0.34.0 0.0.0.255 
#
return 

AR4

sysname AR4
#
interface Ethernet0/0/0
 ip address 10.0.134.4 255.255.255.0 
#
interface GigabitEthernet0/0/0
 ip address 10.0.24.4 255.255.255.0 
#
interface GigabitEthernet0/0/1
 ip address 10.0.34.4 255.255.255.0 
#
interface GigabitEthernet0/0/2
 ip address 10.0.45.4 255.255.255.0 
#
ospf 1 
 area 0.0.0.0 
  network 10.0.45.0 0.0.0.255 
  network 10.0.134.0 0.0.0.255 
  network 10.0.24.0 0.0.0.255 
  network 10.0.34.0 0.0.0.255 
#
return 

CE-5

sysname CE-5
#
interface GigabitEthernet1/0/0
 ip address 10.0.45.5 255.255.255.0
#
interface GigabitEthernet1/0/1
 ip address 10.0.35.5 255.255.255.0
#
interface GigabitEthernet1/0/2
 ip address 10.0.15.5 255.255.255.0
#
firewall zone trust
 set priority 85
 add interface GigabitEthernet0/0/0
 add interface GigabitEthernet1/0/0
 add interface GigabitEthernet1/0/1
#
firewall zone untrust
 set priority 5
 add interface GigabitEthernet1/0/2
#
bgp 100
 peer 10.0.15.1 as-number 200
 #
 ipv4-family unicast
  undo synchronization
  network 10.0.1.0 255.255.255.0
  network 10.0.2.0 255.255.255.0
  network 10.0.3.0 255.255.255.0
  peer 10.0.15.1 enable
#
ospf 1
 default-route-advertise
 import-route bgp
 area 0.0.0.0
  network 10.0.35.0 0.0.0.255
  network 10.0.45.0 0.0.0.255
#
ip route-static 0.0.0.0 0.0.0.0 10.0.15.1
ip route-static 200.0.1.1 0.0.0.0  NULL 0
#
nat address-group 1 0
 mode pat
 section 0 200.0.1.1 200.0.1.2
#
security-policy
 rule name policy1
  source-zone trust
  source-zone untrust
  destination-zone trust
  destination-zone untrust
  action permit
 rule name policy2
  source-zone local
  source-zone untrust
  destination-zone local
  destination-zone untrust
  action permit
#
nat-policy
 rule name nat-policy1
  source-zone trust
  destination-zone untrust
  destination-address-exclude 10.0.6.0 mask 255.255.255.0
  action source-nat address-group 1
#
return  

CE-6

sysname 
#
interface GigabitEthernet0/0/0
 ip address 10.0.26.6 255.255.255.0 
#
interface LoopBack1
 ip address 10.0.6.1 255.255.255.0 
#
bgp 300
 peer 10.0.26.2 as-number 200 
 #
 ipv4-family unicast
  undo synchronization
  network 10.0.6.0 255.255.255.0 
  peer 10.0.26.2 enable
#
return 

DHCP-Server

sysname DHCP-Server
#
dhcp enable
#
ip pool vlan10
 gateway-list 10.0.1.254 
 network 10.0.1.0 mask 255.255.255.0 
#
ip pool vlan20
 gateway-list 10.0.2.254 
 network 10.0.2.0 mask 255.255.255.0 
#
ip pool vlan30
 gateway-list 10.0.3.254 
 network 10.0.3.0 mask 255.255.255.0 
#
interface Ethernet0/0/0
 ip address 10.0.134.1 255.255.255.0 
 dhcp select global
#
ospf 1 
 area 0.0.0.0 
  network 10.0.134.0 0.0.0.255 
#
return 

LSW1

sysname LSW1
#
vlan batch 2 to 3 10 20 30
#
stp instance 0 priority 4096
stp instance 10 root primary
stp instance 20 root secondary
stp instance 30 root secondary
#
stp region-configuration
 region-name vlan
 instance 10 vlan 10 
 instance 20 vlan 20 
 instance 30 vlan 30 
 active region-configuration
#
interface Vlanif2
 ip address 10.0.12.1 255.255.255.0 
#
interface Vlanif3
 ip address 10.0.13.1 255.255.255.0 
#
interface Vlanif10
 ip address 10.0.1.2 255.255.255.0 
 vrrp vrid 1 virtual-ip 10.0.1.254
 vrrp vrid 1 priority 120
 vrrp vrid 1 preempt-mode timer delay 10
 dhcp select relay
 dhcp relay server-ip 10.0.134.1
#
interface Vlanif20
 ip address 10.0.2.2 255.255.255.0 
 vrrp vrid 2 virtual-ip 10.0.2.254
 dhcp select relay
 dhcp relay server-ip 10.0.134.1
#
interface Vlanif30
 ip address 10.0.3.2 255.255.255.0 
 vrrp vrid 3 virtual-ip 10.0.3.254
 dhcp select relay
 dhcp relay server-ip 10.0.134.1
#
interface Eth-Trunk1
 port link-type trunk
 port trunk pvid vlan 2
 port trunk allow-pass vlan 2 to 4094
#
interface GigabitEthernet0/0/1
 port link-type trunk
 port trunk allow-pass vlan 10
#
interface GigabitEthernet0/0/2
 port link-type trunk
 port trunk allow-pass vlan 20
#
interface GigabitEthernet0/0/3
 port link-type trunk
 port trunk allow-pass vlan 30
#
interface GigabitEthernet0/0/4
 eth-trunk 1
#
interface GigabitEthernet0/0/5
 eth-trunk 1
#
interface GigabitEthernet0/0/6
 port link-type access
 port default vlan 3
#
ospf 1 
 area 0.0.0.0 
  network 10.0.1.0 0.0.0.255 
  network 10.0.2.0 0.0.0.255 
  network 10.0.3.0 0.0.0.255 
  network 10.0.12.0 0.0.0.255 
  network 10.0.13.0 0.0.0.255 
#
return 

LSW2

sysname LSW2
#
vlan batch 2 to 3 10 20 30
#
stp instance 10 root secondary
stp instance 20 root primary
stp instance 30 root primary
#
dhcp enable
#
stp region-configuration
 region-name vlan
 instance 10 vlan 10 
 instance 20 vlan 20 
 instance 30 vlan 30 
 active region-configuration
#
interface Vlanif2
 ip address 10.0.12.2 255.255.255.0 
#
interface Vlanif3
 ip address 10.0.24.2 255.255.255.0 
#
interface Vlanif10
 ip address 10.0.1.3 255.255.255.0 
 vrrp vrid 1 virtual-ip 10.0.1.254
 dhcp select relay
 dhcp relay server-ip 10.0.134.1
#
interface Vlanif20
 ip address 10.0.2.3 255.255.255.0 
 vrrp vrid 2 virtual-ip 10.0.2.254
 vrrp vrid 2 priority 120
 vrrp vrid 2 preempt-mode timer delay 10
 dhcp select relay
 dhcp relay server-ip 10.0.134.1
#
interface Vlanif30
 ip address 10.0.3.3 255.255.255.0 
 vrrp vrid 3 virtual-ip 10.0.3.254
 vrrp vrid 3 priority 120
 vrrp vrid 3 preempt-mode timer delay 10
 dhcp select relay
 dhcp relay server-ip 10.0.134.1
#
interface Eth-Trunk1
 port link-type trunk
 port trunk pvid vlan 2
 port trunk allow-pass vlan 2 to 4094
#
interface GigabitEthernet0/0/1
 port link-type trunk
 port trunk allow-pass vlan 10
#
interface GigabitEthernet0/0/2
 port link-type trunk
 port trunk allow-pass vlan 20
#
interface GigabitEthernet0/0/3
 port link-type trunk
 port trunk allow-pass vlan 30
#
interface GigabitEthernet0/0/4
 eth-trunk 1
#
interface GigabitEthernet0/0/5
 eth-trunk 1
#
interface GigabitEthernet0/0/6
 port link-type access
 port default vlan 3
#
ospf 1 
 area 0.0.0.0 
  network 10.0.1.0 0.0.0.255 
  network 10.0.2.0 0.0.0.255 
  network 10.0.3.0 0.0.0.255 
  network 10.0.12.0 0.0.0.255 
  network 10.0.24.0 0.0.0.255 
#
return 

LSW3

sysname LSW3
#
vlan batch 10
#
stp region-configuration
 region-name vlan
 instance 10 vlan 10 
 instance 20 vlan 20 
 instance 30 vlan 30 
 active region-configuration
#
interface Ethernet0/0/1
 port link-type trunk
 port trunk allow-pass vlan 10
#
interface Ethernet0/0/2
 port link-type trunk
 port trunk allow-pass vlan 10
#
interface Ethernet0/0/3
 port link-type access
 port default vlan 10
#
interface Ethernet0/0/4
 port link-type access
 port default vlan 10
#
return 

LSW4

sysname LSW4
#
vlan batch 20
#
stp region-configuration
 region-name vlan
 instance 10 vlan 10 
 instance 20 vlan 20 
 instance 30 vlan 30 
 active region-configuration
#
interface Ethernet0/0/1
 port link-type trunk
 port trunk allow-pass vlan 20
#
interface Ethernet0/0/2
 port link-type trunk
 port trunk allow-pass vlan 20
#
interface Ethernet0/0/3
 port link-type access
 port default vlan 20
#
interface Ethernet0/0/4
 port link-type access
 port default vlan 20
#
return 

LSW5

sysname LSW5
#
vlan batch 30
#
stp region-configuration
 region-name vlan
 instance 10 vlan 10 
 instance 20 vlan 20 
 instance 30 vlan 30 
 active region-configuration
#
interface Ethernet0/0/1
 port link-type trunk
 port trunk allow-pass vlan 30
#
interface Ethernet0/0/2
 port link-type trunk
 port trunk allow-pass vlan 30
#
interface Ethernet0/0/3
 port link-type access
 port default vlan 30
#
interface Ethernet0/0/4
 port link-type access
 port default vlan 30
#
return 

P-3

sysname P-3
#
mpls lsr-id 3.3.3.3
mpls
#
mpls ldp
#
interface GigabitEthernet0/0/0
 ip address 100.0.23.3 255.255.255.0 
 mpls
 mpls ldp
#
interface GigabitEthernet0/0/1
 ip address 100.0.13.3 255.255.255.0 
 mpls
 mpls ldp
#
interface LoopBack1
 ip address 3.3.3.3 255.255.255.255 
#
ospf 1 
 area 0.0.0.0 
  network 3.3.3.3 0.0.0.0 
  network 100.0.13.0 0.0.0.255 
  network 100.0.23.0 0.0.0.255 
#
return 

PE-1

sysname PE-1
#
ip -instance a
 ipv4-family
  route-distinguisher 1:2
  -target 1:1 export-extcommunity
  -target 1:1 import-extcommunity
#
mpls lsr-id 1.1.1.1
mpls
#
mpls ldp
#
interface Ethernet0/0/0
 ip address 100.0.1.2 255.255.255.0 
#
interface GigabitEthernet0/0/0
 ip binding -instance a
 ip address 10.0.15.1 255.255.255.0 
#
interface GigabitEthernet0/0/1
 ip address 100.0.13.1 255.255.255.0 
 mpls
 mpls ldp
#
interface LoopBack1
 ip address 1.1.1.1 255.255.255.255 
#
bgp 200
 peer 2.2.2.2 as-number 200 
 peer 2.2.2.2 connect-interface LoopBack1
 #
 ipv4-family unicast
  undo synchronization
  peer 2.2.2.2 enable
  peer 2.2.2.2 next-hop-local 
 # 
 ipv4-family v4
  policy -target
  peer 2.2.2.2 enable
 #
 ipv4-family -instance a 
  peer 10.0.15.5 as-number 100 
#
ospf 1 
 area 0.0.0.0 
  network 100.0.13.0 0.0.0.255 
  network 1.1.1.1 0.0.0.0 
#
ip route-static 200.0.1.0 255.255.255.248 GigabitEthernet0/0/0
ip route-static 200.0.1.1 255.255.255.255 GigabitEthernet0/0/0
ip route-static 200.0.1.2 255.255.255.255 GigabitEthernet0/0/0
//上面三条路由都可以生效,因为从CE-5访问公网的源地址的掩码不确定,只要有指向NAT地址的路由即可。
ip route-static -instance a 0.0.0.0 0.0.0.0 100.0.1.1 public
//这个VPN实例中,没有的路由,会查找这个公共的路由
#
return 

PE-2

sysname PE-2
#
ip -instance b
 ipv4-family
  route-distinguisher 2:1
  -target 1:1 export-extcommunity
  -target 1:1 import-extcommunity
#
mpls lsr-id 2.2.2.2
mpls
#
mpls ldp
#
interface GigabitEthernet0/0/0
 ip address 100.0.23.2 255.255.255.0 
 mpls
 mpls ldp
#
interface GigabitEthernet0/0/1
 ip binding -instance b
 ip address 10.0.26.2 255.255.255.0 
#
interface LoopBack1
 ip address 2.2.2.2 255.255.255.255 
#
bgp 200
 peer 1.1.1.1 as-number 200 
 peer 1.1.1.1 connect-interface LoopBack1
 #
 ipv4-family unicast
  undo synchronization
  peer 1.1.1.1 enable
  peer 1.1.1.1 next-hop-local 
 # 
 ipv4-family v4
  policy -target
  peer 1.1.1.1 enable
 #
 ipv4-family -instance b 
  peer 10.0.26.6 as-number 300 
#
ospf 1 
 area 0.0.0.0 
  network 100.0.23.0 0.0.0.255 
  network 2.2.2.2 0.0.0.0 
#
return 

你可能感兴趣的:(园区网构建,OSPF,MPLS/BGP,路由交换,数通,DHCP)