HCNP_Router

路由

策略路由

 

静态路由

 

 

R1和R2之间，直接通讯不了，所以需要添加一条静态路由

静态路由的配置方法：

[R1]ip route-static 192.168.2.0 24 192.168.3.2

[R2]ip route-static 192.168.1.0 24 192.168.3.1  

 

注：ip route-static 目的IP 子掩网码 下一跳IP preference 优先级

 

两条静态路由的优先级可以不一样，按照自己的需求更改优先参数

 

 

RIP

 

 

1.RIP实现全网互通：                                                    

[R3] rip 1

[R3-rip-1] version 2

[R3-rip-1] network 192.168.1.0

 

[R1]rip 1

[R1-rip-1] version 2

[R1-rip-1] network 192.168.1.0

[R1-rip-1] network 192.168.2.0

[R1-rip-1] quit

 

[R2] rip 1

[R2-rip-1] version 2

[R2-rip-1] network 192.168.2.0

 

注：version 2     开启RIPv2协议

    network 0.0.0.0     宣告自己直连网段

························································

 

2.更改rip优先级

[R2] rip 1

[R2-rip-1]preference 60   

························································

 

3.对接口做RIP认证

[R1]interface Eth 0/0/1

[R1-Ethernet0/0/1]rip authentication-mode simple huawei

注：rip  认证  认证方式 （明文；MD5） 密码 

[R2]interface Eth 0/0/1

[R2-Ethernet0/0/1]rip authentication-mode simple huawei

························································

 

4.更改rip跳数

[R3-Ethernet0/0/0]rip metric  

[R3-Ethernet0/0/0]rip metricin 3

注：metricin/metricout  进/出

默认情况下进接口跳数为0，出接口跳数为1

 

················································

[R3-rip-1]silent-interface Ethernet 0/0/0      ·

抑制状态（不发送RIP信息，只接收）              ·

[R3-Ethernet0/0/0]undo rip input/output        ·

禁止接收/出去RIP报文                           ·

················································

 

 

 

 

OSPF

 

 

OSPF配置方法：                                 

[R1]ospf 1

[R1-ospf-1]area 0

[R1-ospf-1-area-0.0.0.0]network 192.168.1.0 0.0.0.255

[R1-ospf-1-area-0.0.0.0]authentication-mode simple 520

类似于认证的一种效果，更改报文时间和响应时间（相连接口都要设置）

[R1-Ethernet0/0/0]ospf timer hello 15

[R1-Ethernet0/0/0]ospf timer dead 60

 

[R2]ospf 1

[R2-ospf-1]area 0

[R2-ospf-1-area-0.0.0.0]network 192.168.1.0 0.0.0.255

[R2-ospf-1-area-0.0.0.0]network 192.168.2.0 0.0.0.255

[R2-ospf-1-area-0.0.0.0]authentication-mode simple 520    区域认证

[R2-Ethernet0/0/1]ospf authentication-mode simple 5200    接口认证

类似于认证的一种效果，更改报文时间和响应时间（相连接口都要设置）

[R2-Ethernet0/0/0]ospf timer hello 15

[R2-Ethernet0/0/0]ospf timer dead 60

 R3划分区域：

[R3]ospf 1

[R3-ospf-1]area 0

[R3-ospf-1-area-0.0.0.0]network 192.168.2.0 0.0.0.255

[R3-ospf-1-area-0.0.0.0]authentication-mode simple 520    区域认证

[R3-Ethernet0/0/1]ospf authentication-mode simple 5200    接口认证

[R3-ospf-1-area-0.0.0.0]area 1

[R3-ospf-1-area-0.0.0.1]network 192.168.3.0 0.0.0.255

 

[R4]ospf 1

[R4-ospf-1]area 1

[R4-ospf-1-area-0.0.0.1]network 192.168.3.0 0.0.0.255

[R4]rip 1

[R4-rip-1]network 10.0.0.0

[R4-rip-1]version 2

[R4-rip-1]import-route ospf 1

[R4-ospf-1]import-route rip 1

[R4-ospf-1]preference 110     更改ospf优先级

 

[R5]rip 1

[R5-rip-1]network 10.0.0.0

[R5-rip-1]version 2

 更改DR的选举：

[R2-Ethernet0/0/1]ospf cost 20     改接口cost值

[R2-ospf-1]bandwidth-reference 10000     改参考带宽值

 

 

ACL

 

ACL配置：

1.IP地址基础配置

2.配置路由，实现全网互通

3.选择在那台路由器实施ACL

 

定义ACL

[Huawei]acl 3000

[Huawei-acl-adv-3000]rule 2 deny tcp source 192.168.1.10 0 destination 192.168.5.10 0 destination-port eq ftp

[Huawei-acl-adv-3000]rule 4 deny tcp source 192.168.1.10 0 destination 192.168.5.10 0 destination-port eq www

[Huawei-acl-adv-3000]rule deny icmp source 192.168.1.20 0 destination 192.168.5.10 0 icmp-type echo

[Huawei-acl-adv-3000]rule deny icmp source 192.168.1.20 0 destination 192.168.4.10 0

应用ACL

[Huawei-acl-adv-3000]int g 0/0/0

[Huawei-GigabitEthernet0/0/0]traffic-filter inbound acl 3000

 

 

ISIS

 

 

IS-IS的基本配置:

[R1]isis 100

[R1-isis-100]network-entity 49.0001.0000.0000.0001.00

[R1-isis-100]is-level level-1

[R1-GigabitEthernet0/0/0]isis enable 100

 

[R2]isis 100

[R2-isis-100]network-entity 94.0001.0000.0000.0002.00

[R2-GigabitEthernet0/0/0]isis enable 100

注：isis协议默认level-1-2

 

[R4]isis 100

[R4-isis-100]network-entity 49.0002.0000.0000.0001.00

[R4-isis-100]is-level level-2

[R4-GigabitEthernet0/0/0]isis enable 100

[R4-GigabitEthernet0/0/1]isis enable 100

[R4-Serial0/0/0]isis enable 100

 

 

R1在Area49.0001区域为DIS 更改逻辑PRI为100 ISIS选择PRI大的作DIS

[R1-GigabitEthernet0/0/0]isis dis-priority 100 level-1

 

R4与R5之间要求采用P2P网络类型

[R4-GigabitEthernet0/0/0]isis circuit-type p2p

[R5-GigabitEthernet0/0/0]isis circuit-type p2p

 

R5引入直连链路1.1.X.X

[R5-isis-100]import-route direct level-2

 

将level-2引进level-1(手工引入使其R1访问Area49.0002走最优路径) ISIS协议level-1的路由会自动到level-2，儿level-2得手工引进level-1

[R2-isis-100]import-route isis level-2 into level-1

 

修改cost值

[R4-Serial0/0/0]isis cost 15

 

 

VRRP

 

VRRP虚拟路由器配置：

[R2]interface Eth0/0/0

[R2-Ethernet0/0/0]vrrp vrid 1 virtual-ip 192.168.1.100

[R2-Ethernet0/0/0]vrrp vrid 1 priority 200

[R2-Ethernet0/0/0]vrrp vrid 1 track interface GigabitEthernet 0/0/0  reduced 150

[R2-Ethernet0/0/0]vrrp vrid 2 virtual-ip 192.168.1.200

 

[R3-Ethernet0/0/0]vrrp vrid 2 virtual-ip 192.168.1.200

[R3-Ethernet0/0/0]vrrp vrid 2 priority 200

[R3-Ethernet0/0/0]vrrp vrid 2 track interface GigabitEthernet 0/0/1  reduced 150

[R3-Ethernet0/0/0]vrrp vrid 1 virtual-ip 192.168.1.100