h3cte D图 搭建

sysname sw1

vlan 10

vlan 20

interface Vlan-interface10

  ip address 192.168.10.1 255.255.255.0

interface Vlan-interface20

  ip address 192.168.20.1 255.255.255.0

interface Ethernet0/4/0

  port link-mode bridge

  port link-type trunk

  port trunk permit vlan 1 10 20

interface Ethernet0/4/1

  port link-mode bridge

port link-type trunk

  port trunk permit vlan 1 10 20



sysname SW2

vlan 10

vlan 20

vlan 30

vlan 40

interface LoopBack0

 ip address 6.6.6.6 255.255.255.255

interface Vlan-interface10

  ip address 192.168.10.251 255.255.255.0

interface Vlan-interface20

  ip address 192.168.20.251 255.255.255.0

interface Vlan-interface30

  ip address 10.0.0.13 255.255.255.252

interface Vlan-interface40

  ip address 10.0.0.1 255.255.255.252

interface Ethernet0/4/0

  port link-mode bridge

  port link-type trunk

  port trunk permit vlan 1 10 20

interface Ethernet0/4/2

  port link-mode bridge

  port link-type trunk

  port trunk permit vlan 1 10 20 30

interface Ethernet0/4/3

  port link-mode bridge

  port access vlan 40



sysname sw3

vlan 10

vlan 20

vlan 30

vlan 40

interface LoopBack0

  ip address 7.7.7.7 255.255.255.255

interface Vlan-interface10

  ip address 192.168.10.252 255.255.255.0

interface Vlan-interface20

  ip address 192.168.20.252 255.255.255.0

interface Vlan-interface30

  ip address 10.0.0.14 255.255.255.252

interface Vlan-interface40

  ip address 10.0.0.5 255.255.255.252

interface Ethernet0/4/1

  port link-mode bridge

  port link-type trunk

  port trunk permit vlan 1 10 20             

interface Ethernet0/4/2

port link-mode bridge

port link-type trunk

port trunk permit vlan 1 10 20 30

interface Ethernet0/4/3

  port link-mode bridge

  port access vlan 40


sysname SW4

vlan 20

vlan 40

interface Vlan-interface20

  ip address 100.0.0.2 255.255.255.252

interface Vlan-interface40

ip address 200.0.0.1 255.255.255.252

interface Ethernet0/4/4

port link-mode bridge

  port access vlan 40

interface Ethernet0/4/2

  port link-mode bridge

  port access vlan 20







sysname R1

interface Serial0/1/0

  link-protocol ppp

  ip address 10.1.0.1 255.255.255.252

interface LoopBack0

  ip address 1.1.1.1 255.255.255.255

interface GigabitEthernet0/0/0

  ip address 10.0.0.2 255.255.255.252

interface GigabitEthernet0/0/1

  ip address 10.2.0.1 255.255.255.252



sysname R2

interface Serial0/1/0

  ip address 10.1.0.2 255.255.255.252

interface LoopBack0

  ip address 2.2.2.2 255.255.255.255

interface GigabitEthernet0/0/0

ip address 10.0.0.6 255.255.255.252

interface GigabitEthernet0/0/1

ip address 100.0.0.1 255.255.255.252



sysname R3

interface LoopBack0

  ip address 3.3.3.3 255.255.255.255

interface GigabitEthernet0/0/1

ip address 10.2.0.2 255.255.255.252

interface GigabitEthernet0/0/2

  ip address 10.3.0.1 255.255.255.252

interface GigabitEthernet0/0/3

  ip address 10.4.0.1 255.255.255.252




sysname R4

interface LoopBack0

  ip address 4.4.4.4 255.255.255.255

interface GigabitEthernet0/0/1

  ip address 200.0.0.2 255.255.255.252

interface GigabitEthernet0/0/2

ip address 10.3.0.2 255.255.255.252



sysname R5

interface LoopBack0

  ip address 5.5.5.5 255.255.255.255

interface LoopBack10

  ip address 192.168.100.1 255.255.255.255

interface LoopBack20

  ip address 192.168.200.1 255.255.255.255

interface GigabitEthernet0/0/3

  ip address 10.4.0.2 255.255.255.252




STP 配置

sw2作为业务A的master,sw3作为业务B的master并监控上行链路


sw1

 stp enable

stp region-configuration

 region-name h3c

 instance 1 vlan 10

 instance 2 vlan 20

 active region-configuration



sw2

stp region-configuration

 region-name h3c

 instance 1 vlan 10

 instance 2 vlan 20

 active region-configuration

 stp instance 1 root primary

 stp instance 2 root secondary

 stp enable

interface Ethernet0/4/2

 stp instance 2 cost 1000



sw3

stp region-configuration

 region-name h3c

 instance 1 vlan 10

 instance 2 vlan 20

 active region-configuration

 stp instance 0 root primary

 stp instance 1 root secondary

 stp instance 2 root primary

 stp enable

interface Ethernet0/4/2

 stp instance 1 cost 1000


VRRP

sw2作为业务A的master,sw3作为业务B的master并监控上行链路

sw2

int vl 10

 vrrp vrid 10 virtual-ip 192.168.10.254

 vrrp vrid 10 priority 120

 vrrp vrid 10 track interface Vlan-interface30 reduced 30

interface Vlan-interface20

 vrrp vrid 20 virtual-ip 192.168.20.254


sw3

interface Vlan-interface10

 vrrp vrid 10 virtual-ip 192.168.10.254

interface Vlan-interface20

 vrrp vrid 20 virtual-ip 192.168.20.254

 vrrp vrid 20 priority 120

 vrrp vrid 20 track interface Vlan-interface40 reduced 30


链路聚合


OSPF

SW2

ospf 100 router-id 6.6.6.6

 area 0.0.0.0

  network 10.0.0.13 0.0.0.0

  network 6.6.6.6 0.0.0.0

  network 10.0.0.1 0.0.0.0


SW3

ospf 100 router-id 7.7.7.7

 area 0.0.0.0

  network 7.7.7.7 0.0.0.0

  network 10.0.0.5 0.0.0.0

  network 10.0.0.14 0.0.0.0


R1

ospf 100 router-id 1.1.1.1

 area 0.0.0.0

  network 1.1.1.1 0.0.0.0

  network 10.0.0.2 0.0.0.0

  network 10.1.0.1 0.0.0.0



R2

ospf 100 router-id 2.2.2.2

 area 0.0.0.0

  network 2.2.2.2 0.0.0.0

  network 10.0.0.6 0.0.0.0

  network 10.1.0.2 0.0.0.0


R3

ospf 100 router-id 3.3.3.3

 area 0.0.0.0

  network 3.3.3.3 0.0.0.0

  network 10.3.0.1 0.0.0.0

  network 10.4.0.1 0.0.0.0



R4

ospf 100 router-id 4.4.4.4

 area 0.0.0.0

  network 4.4.4.4 0.0.0.0

  network 10.3.0.2 0.0.0.0

  network 10.5.0.1 0.0.0.0


R5

ospf 100 router-id 5.5.5.5

 area 0.0.0.0

  network 5.5.5.5 0.0.0.0

  network 10.4.0.2 0.0.0.0

  network 10.5.0.2 0.0.0.0



BGP

SW2

bgp 65000

group in internal

 peer in connect-interface LoopBack0

 peer 1.1.1.1 group in

 peer 2.2.2.2 group in

 undo synchronization



SW3

bgp 65000

 group in internal

 peer in connect-interface LoopBack0

 peer 1.1.1.1 group in

 peer 2.2.2.2 group in

 undo synchronization



R1

bgp 65000

 group in internal

 peer in next-hop-local

 peer in connect-interface LoopBack0

 peer 2.2.2.2 group in

 peer 6.6.6.6 group in

 peer 7.7.7.7 group in

 undo synchronization

 peer 10.2.0.2 as-number 65001




R2

bgp 65000

 group in internal

 peer in next-hop-local

 peer in connect-interface LoopBack0

 peer 1.1.1.1 group in

 peer 6.6.6.6 group in

 peer 7.7.7.7 group in

 undo synchronization

 peer 10.0.0.10 as-number 65001

 


R3

bgp 65001

 group in internal

 peer in next-hop-local

 peer in connect-interface LoopBack0

 peer 4.4.4.4 group in

 peer 5.5.5.5 group in

 undo synchronization

 peer 10.2.0.1 as-number 65000

 

R4

bgp 65001

 network 0.0.0.0

 undo synchronization

 peer 10.0.0.9 as-number 65000

 group in internal

 peer in next-hop-local

 peer in connect-interface LoopBack0

 peer 3.3.3.3 group in

 peer 5.5.5.5 group in





BGP 反射器

R1

bgp 65000

peer in reflect-client

R2

bgp 65000

peer in reflect-client




PPP-CHAP-MP

r4与r5之间使用chap双向验证,无需配置chap密码

R4

local-user r4

 password simple h3c

 service-type ppp

interface Serial0/1/0

 link-protocol ppp

 ppp authentication-mode chap

 ppp chap user r5

 ppp mp Mp-group 1

interface Serial0/1/1

 link-protocol ppp

 ppp authentication-mode chap

 ppp chap user r5

 ppp mp Mp-group 1

interface Mp-group1

 ip address 10.5.0.1 255.255.255.252


R5

local-user r5

 password simple h3c

 service-type ppp

interface Serial0/1/0

 link-protocol ppp

 ppp authentication-mode chap

 ppp chap user r4

 ppp mp Mp-group 1

interface Serial0/1/1

 link-protocol ppp

 ppp authentication-mode chap

 ppp chap user r4

 ppp mp Mp-group 1

interface Mp-group1

 ip address 10.5.0.2 255.255.255.252


ipsec over gre

r2与r4通过公网建立ipsec over gre来保护业务B,并要求业务A不能上网。GRE隧道需要实时感知链路变化。

R2

 ike local-name r2

 ike peer r2

  pre-shared-key simple h3c

  remote-name r4

  remote-address 10.0.0.10

acl number 3000

  rule 0 permit ip source 192.168.0.0 0.0.31.255 destination 192.168.0.0 0.0.255.255

ipsec proposal 1

ipsec policy peer 10 isakmp

  security acl 3000

  ike-peer r2

  proposal 1

interface Tunnel0

ip address 10.0.0.9 255.255.255.252

  source 100.0.0.1

  destination 200.0.0.2

  ipsec policy peer


R4

 ike local-name r4

 ike peer r4

 pre-shared-key simple h3c

 remote-name r2

 remote-address 10.0.0.9

ipsec proposal 1

acl number 3000

 rule 0 permit ip source 192.168.0.0 0.0.255.255 destination 192.168.0.0 0.0.31.255

ipsec policy peer 10 isakmp

 security acl 3000

 ike-peer r4

 proposal 1

interface Tunnel0

 ip address 10.0.0.10 255.255.255.252

 source 200.0.0.2

 destination 100.0.0.1

 ipsec policy peer




NETWORK-BGP

两端业务通过bgp network方式来发布,不能将ospf引入bgp

SW2

bgp 65000

 network 192.168.10.0 

 network 192.168.20.0



SW3

bgp 65000

 network 192.168.10.0

 network 192.168.20.0 




AS-PATH+

总部与分部A业务互访通过r1- r3、B业务互访通过r2-r4,当主链路断开时,通过相应广域网链路互访,要求通过修改AS-PATH属性来实现





只做始发路由,总部不能发布分部间路由

R1-R2

ip as-path 1 permit ^$

bgp []

 peer []as-path-acl 1 export



local-preferenace 保证路径一致

S2-S3


S2

 ip ip-prefix ayw index 10 permit 192.168.10.0 24

route-policy ayw permit node 10

 if-match ip-prefix ayw

 apply local-preference 200

bgp 65000

 network 192.168.10.0 route-policy ayw


S3

ip ip-prefix byw index 10 permit 192.168.20.0 24

route-policy byw permit node 10

 if-match ip-prefix byw

 apply local-preference 200

bgp 65000

 network 192.168.20.0 route-policy byw






R3过滤默认路由

acl number 2000

 rule 0 deny source 0.0.0.0 0

 rule 5 permit

bgp 65001

 peer 10.2.0.1 filter-policy 2000 export


QOS

R4和R5之间用2M链路捆绑 要求让A业务在网络拥塞时不低于50%的带宽应用


R4

acl number 3001

 rule 0 permit ip source 192.168.0.0 0.0.31.255 destination 192.168.200.0 0.0.0.255

traffic classifier BYW operator and

 if-match acl 3001              

traffic behavior BYW

 queue af bandwidth pct 50

qos policy BYW

 classifier BYW behavior BYW

interface Mp-group1

 qos apply policy BYW outbound




NAT

R4

acl number 2001

 rule 0 permit source 192.168.200.0 0.0.0.255

interface GigabitEthernet0/0/1

 nat outbound 2001


引入默认路由

acl number 2000

 rule 0 deny source 0.0.0.0 0

 rule 5 permit

bgp 65001

 peer 10.0.0.9 filter-policy 2000 export




RT4发布缺省路由

peer rt3 default-route-advertise 

peer rt5 default-route-advertise


group in default-route-advertise



你可能感兴趣的:(bridge,Address,H3CTE)