eNSP下园区网综合实验分布配置(3)OSPF、NAT
OSPF配置:
OSPF协议运行在SW1、SW2、R1及所有分支的路由器上(本案例中仅R4)。
SW3、SW4及SW8做二层交换机使用。
这两行写在概述中。(OSPF用在网关及网关以上设备即可)
在核心设备上查看当前有哪些网段,宣告OSPF网段:
SW1(核心):
[HeXin-SW1]dis ip int bri
*down: administratively down
^down: standby
(l): loopback
(s): spoofing
The number of interface that is UP in Physical is 8
The number of interface that is DOWN in Physical is 1
The number of interface that is UP in Protocol is 7
The number of interface that is DOWN in Protocol is 2
Interface IP Address/Mask Physical Protocol
MEth0/0/1 unassigned down down
NULL0 unassigned up up(s)
Vlanif1 unassigned up down
Vlanif2 192.168.2.254/24 up up
Vlanif3 192.168.3.254/24 up up
Vlanif4 192.168.4.254/24 up up
Vlanif5 192.168.5.254/24 up up
Vlanif200 192.168.200.254/24 up up
Vlanif800 192.168.12.2/24 up up
//如上网段可全部宣告至OSPF中
[HeXin-SW1]ospf 1
[HeXin-SW1-ospf-1]area 0.0.0.0
[HeXin-SW1-ospf-1-area-0.0.0.0]net 192.168.2.0 0.0.0.255
[HeXin-SW1-ospf-1-area-0.0.0.0]net 192.168.3.0 0.0.0.255
[HeXin-SW1-ospf-1-area-0.0.0.0]net 192.168.4.0 0.0.0.255
[HeXin-SW1-ospf-1-area-0.0.0.0]net 192.168.5.0 0.0.0.255
[HeXin-SW1-ospf-1-area-0.0.0.0]net 192.168.200.0 0.0.0.255
[HeXin-SW1-ospf-1-area-0.0.0.0]net 192.168.12.0 0.0.0.255
SW2(核心):
(也建议根据display ip interface brief命令进行网段宣告)
[HeXin-SW2]ospf 1
[HeXin-SW2-ospf-1]area 0.0.0.0
[HeXin-SW2-ospf-1-area-0.0.0.0]net 192.168.2.0 0.0.0.255
[HeXin-SW2-ospf-1-area-0.0.0.0]net 192.168.3.0 0.0.0.255
[HeXin-SW2-ospf-1-area-0.0.0.0]net 192.168.4.0 0.0.0.255
[HeXin-SW2-ospf-1-area-0.0.0.0]net 192.168.5.0 0.0.0.255
[HeXin-SW2-ospf-1-area-0.0.0.0]net 192.168.200.0 0.0.0.255
[HeXin-SW2-ospf-1-area-0.0.0.0]net 192.168.23.0 0.0.0.255
R1
//R1无需宣告运营商(公网)网段,运营商不会给该设备传递公网路由
//该设备依靠缺省路由访问百度搜狐(互联网)
分支机构设备预配置:
sys
[Huawei]sysname Branch
[Branch]un in en
[Branch]int GigabitEthernet 0/0/0
[Branch-GigabitEthernet0/0/0]ip add 14.1.1.2 24
[Branch-GigabitEthernet0/0/0]qu
[Branch]int GigabitEthernet 0/0/1
[Branch-GigabitEthernet0/0/1]ip add 192.168.100.1 24
[Branch-GigabitEthernet0/0/1]qu
R1配置OSPF:
[R1]ospf 1
[R1-ospf-1]area 0。0.0.0
[R1-ospf-1-area-0.0.0.0]net 192.168.12.0 0.0.0.255
[R1-ospf-1-area-0.0.0.0]net 192.168.23.0 0.0.0.255
[R1-ospf-1-area-0.0.0.0]net 14.1.1.0 0.0.0.255 //可以认作专线R4(分支机构)配置OSPF:
[Branch]ospf 1
[Branch-ospf-1]area 0.0.0.0
[Branch-ospf-1-area-0.0.0.0]net 14.1.1.0 0.0.0.255
[Branch-ospf-1-area-0.0.0.0]net 192.168.100.0 0.0.0.255此时R4(Branch)能学习到内网的所有路由(通过display ip routing-table命令查看)。
如上配置后,内网与分支机构可以互相访问(在PC1上ping 192.168.100.2验证)。
DHCP服务器预配置:
sys
[Huawei]sysname DHCP-Server
[DHCP-Server]un in en
[DHCP-Server]int GigabitEthernet 0/0/0
[DHCP-Server-GigabitEthernet0/0/0]ip add 192.168.200.3 24
[DHCP-Server-GigabitEthernet0/0/0]qu
[DHCP-Server]ip route-static 0.0.0.0 0 192.168.200.1 //网关指向虚地址 运营商IGP配置:
运营商之间有路由交互,本实验假设运营商的IGP协议为OSPF。
运营商设备配置:
R2(电信):
sys
[Huawei]sysname China-Telecom
[China-Telecom]un in en
[China-Telecom]int GigabitEthernet 0/0/1
[China-Telecom-GigabitEthernet0/0/1]ip add 25.1.1.2 24
[China-Telecom-GigabitEthernet0/0/1]qu
[China-Telecom]ospf 2
[China-Telecom-ospf-2]area 0
[China-Telecom-ospf-2-area-0.0.0.0]net 25.1.1.0 0.0.0.255
R3(联通):
sys
[Huawei]sysname China-Unicom
[China-Unicom]un in en
[China-Unicom]int GigabitEthernet 0/0/0
[China-Unicom-GigabitEthernet0/0/0]ip add 13.1.1.2 24
[China-Unicom-GigabitEthernet0/0/0]qu
[China-Unicom]int GigabitEthernet 0/0/1
[China-Unicom-GigabitEthernet0/0/1]ip add 35.1.1.2 24
[China-Unicom-GigabitEthernet0/0/1]qu
[China-Unicom]ospf 2
[China-Unicom-ospf-2]a 0
[China-Unicom-ospf-2-area-0.0.0.0]net 14.1.1.0 0.0.0.255
[China-Unicom-ospf-2-area-0.0.0.0]net 35.1.1.0 0.0.0.255
R5:
sys
[Huawei]sysname R5
[R5]un in en
[R5]int GigabitEthernet 0/0/0
[R5-GigabitEthernet0/0/0]ip add 25.1.1.3 24
[R5-GigabitEthernet0/0/0]qu
[R5]int GigabitEthernet 0/0/1
[R5-GigabitEthernet0/0/1]ip add 35.1.1.3 24
[R5-GigabitEthernet0/0/1]qu
[R5]int LoopBack 0
[R5-LoopBack0]ip add 5.5.5.5 24
[R5-LoopBack0]qu
[R5]ospf 2
[R5-ospf-2]a 0
[R5-ospf-2-area-0.0.0.0]net 25.1.1.0 0.0.0.255
[R5-ospf-2-area-0.0.0.0]net 35.1.1.0 0.0.0.255
[R5-ospf-2-area-0.0.0.0]net 5.5.5.5 0.0.0.0
如上配置后,R2(联通)、R3(电信)可以ping通5.5.5.5(百度)。
NAT配置:
核心设备上配置默认路由:
SW1(核心):
[HeXin-SW1]ip route-static 0.0.0.0 0 192.168.12.1
[HeXin-SW1]ip route-static 0.0.0.0 0 192.168.23.1 preference 65 //备选路由
SW2(核心):
[HeXin-SW2]ip route-static 0.0.0.0 0 192.168.23.1
[HeXin-SW2]ip route-static 0.0.0.0 0 192.168.12.1 preference 65出口路由器R1配置默认路由:
R1:
[R1]ip route-static 0.0.0.0 0 13.1.1.2此时R1可以ping通5.5.5.5(百度)。
出口路由器R1配置NAT:
[R1]acl 2000
[R1-acl-basic-2000]rule 5 permit source 192.168.0.0 0.0.255.255
[R1-acl-basic-2000]qu
[R1]int GigabitEthernet 2/0/0
[R1-GigabitEthernet2/0/0]nat outbound 2000此时内网可以ping通5.5.5.5(百度)。
验证选路及冗余:
两台核心设备调整OSPF Cost确保来回路由一致且最短。
SW1(核心):
[HeXin-SW1]int vlanif 4
[HeXin-SW1-Vlanif4]ospf cost 4
[HeXin-SW1-Vlanif4]qu
[HeXin-SW1]int vlanif 5
[HeXin-SW1-Vlanif5]ospf cost 4
[HeXin-SW1-Vlanif5]qu
SW2(核心):
[HeXin-SW2]int vlanif 2
[HeXin-SW2-Vlanif2]ospf cost 4
[HeXin-SW2-Vlanif2]qu
[HeXin-SW2]int vlanif 3
[HeXin-SW2-Vlanif3]ospf cost 4
[HeXin-SW2-Vlanif3]qu
[HeXin-SW2]int vlanif 200
[HeXin-SW2-Vlanif200]ospf cost 4
[HeXin-SW2-Vlanif200]quPC1上ping 5.5.5.5 -t,SW3(汇聚)上Gigabitethernet 0/0/4 down后,观察PC1的ping信息。
由于线路Down,生成树重新收敛,需要等待30s-50s的收敛时间完成重新选路。