华为三层交换+双链路出口

公司的网络使用场景:原来公司使用USG2200的防火墙,申请的是联通的固定IP光纤作为上网出口,现公司增加了技术开发部门和线上业务运营部门,需使用ads多条l线路制作软路由为为上网出口,需将原来的的三层交换机华为S5700默认路由改为策略路由。

原三层配置:

dis cu
#
!Software Version V100R005C01SPC100
 sysname Active Switch
#
 vlan batch 2 to 13 100 200 300
#
 stp instance 0 root primary
 stp enable
#
 cluster enable
 ntdp enable
 ntdp hop 16
 ndp enable
#
 undo http server enable
#
 dhcp server group 1
#
vlan 100
 description to firewall
#
aaa
 authentication-scheme default
 authorization-scheme default
 accounting-scheme default
 domain default
 domain default_admin
 local-user admin password cipher #%YJO2E(@[2C"6@5+9/9:1!!
 local-user admin privilege level 3
 local-user admin service-type telnet terminal web http
 local-user niewd password cipher :/!T+]7*81C,UMD0PV(YO1!!
 local-user niewd privilege level 5
#
interface Vlanif1
 ip address 192.168.1.2 255.255.255.0
 vrrp vrid 1 virtual-ip 192.168.1.1
 vrrp vrid 1 priority 254
 vrrp vrid 1 preempt-mode timer delay 10
#
interface Vlanif2
 ip address 192.168.2.2 255.255.255.0
 vrrp vrid 1 virtual-ip 192.168.2.1
 vrrp vrid 1 priority 254
 vrrp vrid 1 preempt-mode timer delay 10
#
interface Vlanif3
 ip address 192.168.3.2 255.255.255.0
 vrrp vrid 1 virtual-ip 192.168.3.1
 vrrp vrid 1 priority 254
 vrrp vrid 1 preempt-mode timer delay 10
#
interface Vlanif4
 ip address 192.168.4.2 255.255.255.0
 vrrp vrid 1 virtual-ip 192.168.4.1
 vrrp vrid 1 priority 254
vrrp vrid 1 preempt-mode timer delay 10
#
interface Vlanif5
 ip address 192.168.5.2 255.255.255.0
 vrrp vrid 1 virtual-ip 192.168.5.1
 vrrp vrid 1 priority 254
 vrrp vrid 1 preempt-mode timer delay 10
#
interface Vlanif6
 ip address 192.168.6.2 255.255.255.0
 vrrp vrid 1 virtual-ip 192.168.6.1
 vrrp vrid 1 priority 254
 vrrp vrid 1 preempt-mode timer delay 10
#
interface Vlanif7
 ip address 192.168.7.2 255.255.255.0
 vrrp vrid 1 virtual-ip 192.168.7.1
 vrrp vrid 1 priority 254
 vrrp vrid 1 preempt-mode timer delay 10
#
interface Vlanif8
 ip address 192.168.8.2 255.255.255.0
 vrrp vrid 1 virtual-ip 192.168.8.1
vrrp vrid 1 priority 254
 vrrp vrid 1 preempt-mode timer delay 10
#
interface Vlanif9
 ip address 192.168.9.2 255.255.255.0
 vrrp vrid 1 virtual-ip 192.168.9.1
 vrrp vrid 1 priority 254
 vrrp vrid 1 preempt-mode timer delay 10
#
interface Vlanif10
 ip address 192.168.10.2 255.255.255.0
 vrrp vrid 1 virtual-ip 192.168.10.1
 vrrp vrid 1 priority 254
 vrrp vrid 1 preempt-mode timer delay 10
#
interface Vlanif11
 ip address 192.168.11.2 255.255.255.0
 vrrp vrid 1 virtual-ip 192.168.11.1
 vrrp vrid 1 priority 254
 vrrp vrid 1 preempt-mode timer delay 10
#
interface Vlanif12
 ip address 192.168.12.2 255.255.255.0
vrrp vrid 1 virtual-ip 192.168.12.1
 vrrp vrid 1 priority 254
 vrrp vrid 1 preempt-mode timer delay 10
#
interface Vlanif13
 ip address 192.168.13.2 255.255.255.0
 vrrp vrid 1 virtual-ip 192.168.13.1
 vrrp vrid 1 priority 254
 vrrp vrid 1 preempt-mode timer delay 10
#
interface Vlanif100
 ip address 10.0.0.2 255.255.255.0
#
interface Vlanif200
 ip address 192.168.200.1 255.255.255.0
#
interface Vlanif300
 ip address 192.168.100.2 255.255.255.0
#
interface MEth0/0/1
#
interface GigabitEthernet0/0/1
 port link-type trunk
port trunk allow-pass vlan 2 to 4094
 ntdp enable
 ndp enable
 bpdu enable
#
interface GigabitEthernet0/0/2
 port link-type trunk
 port trunk allow-pass vlan 2 to 4094
 ntdp enable
 ndp enable
 bpdu enable
#
interface GigabitEthernet0/0/3
 port link-type trunk
 port trunk allow-pass vlan 2 to 4094
 ntdp enable
 ndp enable
 bpdu enable
#
interface GigabitEthernet0/0/4
 port link-type trunk
 port trunk allow-pass vlan 2 to 4094
 ntdp enable
ndp enable
 bpdu enable
#
interface GigabitEthernet0/0/5
 port link-type trunk
 port trunk allow-pass vlan 2 to 4094
 ntdp enable
 ndp enable
 bpdu enable
#
interface GigabitEthernet0/0/6
 port link-type trunk
 port trunk allow-pass vlan 2 to 4094
 ntdp enable
 ndp enable
 bpdu enable
#
interface GigabitEthernet0/0/7
 port link-type trunk
 port trunk allow-pass vlan 2 to 4094
 ntdp enable
 ndp enable
 bpdu enable
#
interface GigabitEthernet0/0/8
 port link-type trunk
 port trunk allow-pass vlan 2 to 4094
 ntdp enable
 ndp enable
 bpdu enable
#
interface GigabitEthernet0/0/9
 port link-type trunk
 port trunk allow-pass vlan 2 to 4094
 ntdp enable
 ndp enable
 bpdu enable
#
interface GigabitEthernet0/0/10
 port link-type trunk
 port trunk allow-pass vlan 2 to 4094
 ntdp enable
 ndp enable
 bpdu enable
#
interface GigabitEthernet0/0/11
port link-type trunk
 port trunk allow-pass vlan 2 8 10 100 300
 ntdp enable
 ndp enable
 bpdu enable
#
interface GigabitEthernet0/0/12
 port link-type trunk
 port trunk allow-pass vlan 2 to 4094
 ntdp enable
 ndp enable
 bpdu enable
#
interface GigabitEthernet0/0/13
 port link-type access
 port default vlan 13
 ntdp enable
 ndp enable
 bpdu enable
#
interface GigabitEthernet0/0/14
 port link-type trunk
 port trunk allow-pass vlan 2 to 4094
ntdp enable
 ndp enable
 bpdu enable
#
interface GigabitEthernet0/0/15
 port link-type access
 port default vlan 5
 ntdp enable
 ndp enable
 bpdu enable
#
interface GigabitEthernet0/0/16
 port link-type access
 port default vlan 200
 ntdp enable
 ndp enable
 bpdu enable
#
interface GigabitEthernet0/0/17
 port link-type trunk
 port trunk allow-pass vlan 2 to 4094
 ntdp enable
 ndp enable
bpdu enable
#
interface GigabitEthernet0/0/18
 port link-type trunk
 port trunk allow-pass vlan 2 to 4094
 ntdp enable
 ndp enable
 bpdu enable
#
interface GigabitEthernet0/0/19
 port link-type trunk
 port trunk allow-pass vlan 2 to 4094
 ntdp enable
 ndp enable
 bpdu enable
#
interface GigabitEthernet0/0/20
 port link-type access
 port default vlan 100
 traffic-policy ecrouter inbound
 ntdp enable
 ndp enable
 bpdu enable
#
interface GigabitEthernet0/0/21
 port link-type access
 port default vlan 2
 ntdp enable
 ndp enable
 bpdu enable
#
interface GigabitEthernet0/0/22
 port link-type trunk
 port trunk allow-pass vlan 2 to 4094
 ntdp enable
 ndp enable
 bpdu enable
#
interface GigabitEthernet0/0/23
 port link-type access
 port default vlan 100
 ntdp enable
 ndp enable
 bpdu enable
#
interface GigabitEthernet0/0/24
port link-type trunk
 port trunk allow-pass vlan 2 to 99 101 to 4094
 ntdp enable
 ndp enable
 bpdu enable
#
interface NULL0
#
 ip route-static 0.0.0.0 0.0.0.0 10.0.0.1 
#
 snmp-agent
 snmp-agent local-engineid 000007DB7F000001000056F5
 snmp-agent community read  public
 snmp-agent community write  private
 snmp-agent sys-info version all
#
user-interface con 0
 idle-timeout 0 0
user-interface vty 0 4
 authentication-mode aaa
#
return

 后来查阅资料增加策略路由使用路由重定向指定下一跳地址,成功设定固定网段走指定路由。但后来又发现一个问题指定的网段不能和三层交换机的其它网段互通,经过测试最终找到问题是由由,没有设定访问192.168.0.0网段的路由,所有的路由都被默认指定重定向的下一跳路由接口10.0.0.3的地址上,下面附最终测试完成的三层路由。

dis cu
#
!Software Version V100R005C01SPC100
 sysname Active Switch
#
 vlan batch 2 to 13 100 200 300
#
 stp instance 0 root primary
 stp enable
#
 cluster enable
 ntdp enable
 ntdp hop 16
 ndp enable
#
 undo http server enable
#
 dhcp server group 1
#
acl number 3009
 rule 10 permit ip destination 192.168.0.0 0.0.255.255
acl number 3010
 rule 10 permit ip source 192.168.200.0 0.0.0.255
#
traffic classifier ecnet operator or
 if-match acl 3010
traffic classifier innernet operator or
 if-match acl 3009
#
traffic behavior yunxu
 permit
traffic behavior redirect
 redirect ip-nexthop 10.0.0.3
#
traffic policy EcRouter
 classifier innernet behavior yunxu
 classifier ecnet behavior redirect
#
vlan 100
 description to firewall
#
dhcp server group 1
#
aaa
 authentication-scheme default
 authorization-scheme default
 accounting-scheme default
 domain default
 domain default_admin
 local-user admin password cipher #%YJO2E(@[2C"6@5+9/9:1!!
 local-user admin privilege level 3
 local-user admin service-type telnet terminal web http
 local-user niewd password cipher :/!T+]7*81C,UMD0PV(YO1!!
 local-user niewd privilege level 5
#
interface Vlanif1
 ip address 192.168.1.2 255.255.255.0
 vrrp vrid 1 virtual-ip 192.168.1.1
 vrrp vrid 1 priority 254
 vrrp vrid 1 preempt-mode timer delay 10
#
interface Vlanif2
 ip address 192.168.2.2 255.255.255.0
 vrrp vrid 1 virtual-ip 192.168.2.1
 vrrp vrid 1 priority 254
 vrrp vrid 1 preempt-mode timer delay 10
#
interface Vlanif3
 ip address 192.168.3.2 255.255.255.0
 vrrp vrid 1 virtual-ip 192.168.3.1
 vrrp vrid 1 priority 254
 vrrp vrid 1 preempt-mode timer delay 10
#
interface Vlanif4
 ip address 192.168.4.2 255.255.255.0
 vrrp vrid 1 virtual-ip 192.168.4.1
 vrrp vrid 1 priority 254
 vrrp vrid 1 preempt-mode timer delay 10
#
interface Vlanif5
 ip address 192.168.5.2 255.255.255.0
 vrrp vrid 1 virtual-ip 192.168.5.1
 vrrp vrid 1 priority 254
 vrrp vrid 1 preempt-mode timer delay 10
#
interface Vlanif6
 ip address 192.168.6.2 255.255.255.0
 vrrp vrid 1 virtual-ip 192.168.6.1
 vrrp vrid 1 priority 254
 vrrp vrid 1 preempt-mode timer delay 10
#
interface Vlanif7
 ip address 192.168.7.2 255.255.255.0
 vrrp vrid 1 virtual-ip 192.168.7.1
 vrrp vrid 1 priority 254
 vrrp vrid 1 preempt-mode timer delay 10
#
interface Vlanif8
 ip address 192.168.8.2 255.255.255.0
 vrrp vrid 1 virtual-ip 192.168.8.1
 vrrp vrid 1 priority 254
 vrrp vrid 1 preempt-mode timer delay 10
#
interface Vlanif9
 ip address 192.168.9.2 255.255.255.0
 vrrp vrid 1 virtual-ip 192.168.9.1
 vrrp vrid 1 priority 254
 vrrp vrid 1 preempt-mode timer delay 10
#
interface Vlanif10
 ip address 192.168.10.2 255.255.255.0
 vrrp vrid 1 virtual-ip 192.168.10.1
 vrrp vrid 1 priority 254
 vrrp vrid 1 preempt-mode timer delay 10
#
interface Vlanif11
 ip address 192.168.11.2 255.255.255.0
 vrrp vrid 1 virtual-ip 192.168.11.1
 vrrp vrid 1 priority 254
 vrrp vrid 1 preempt-mode timer delay 10
#
interface Vlanif12
 ip address 192.168.12.2 255.255.255.0
 vrrp vrid 1 virtual-ip 192.168.12.1
 vrrp vrid 1 priority 254
 vrrp vrid 1 preempt-mode timer delay 10
#
interface Vlanif13
 ip address 192.168.13.2 255.255.255.0
 vrrp vrid 1 virtual-ip 192.168.13.1
 vrrp vrid 1 priority 254
 vrrp vrid 1 preempt-mode timer delay 10
#
interface Vlanif100
 ip address 10.0.0.2 255.255.255.0
#
interface Vlanif200
 ip address 192.168.200.2 255.255.255.0
 vrrp vrid 1 virtual-ip 192.168.200.1
 vrrp vrid 1 priority 254
 vrrp vrid 1 preempt-mode timer delay 10
#
interface Vlanif300
 ip address 192.168.100.2 255.255.255.0
#
interface MEth0/0/1
#
interface GigabitEthernet0/0/1
 port link-type trunk
 port trunk allow-pass vlan 2 to 4094
 ntdp enable
 ndp enable
 bpdu enable
#
interface GigabitEthernet0/0/2
 port link-type trunk
 port trunk allow-pass vlan 2 to 4094
 ntdp enable
 ndp enable
 bpdu enable
#
interface GigabitEthernet0/0/3
 port link-type trunk
 port trunk allow-pass vlan 2 to 4094
 ntdp enable
 ndp enable
 bpdu enable
#
interface GigabitEthernet0/0/4
 port link-type trunk
 port trunk allow-pass vlan 2 to 4094
 ntdp enable
 ndp enable
 bpdu enable
#
interface GigabitEthernet0/0/5
 port link-type trunk
 port trunk allow-pass vlan 2 to 4094
 ntdp enable
 ndp enable
 bpdu enable
#
interface GigabitEthernet0/0/6
 port link-type trunk
 port trunk allow-pass vlan 2 to 4094
 traffic-policy EcRouter inbound
 ntdp enable
 ndp enable
 bpdu enable
#
interface GigabitEthernet0/0/7
 port link-type trunk
 port trunk allow-pass vlan 2 to 4094
 ntdp enable
 ndp enable
 bpdu enable
#
interface GigabitEthernet0/0/8
 port link-type trunk
 port trunk allow-pass vlan 2 to 4094
 ntdp enable
 ndp enable
 bpdu enable
#
interface GigabitEthernet0/0/9
 port link-type trunk
 port trunk allow-pass vlan 2 to 4094
 ntdp enable
 ndp enable
 bpdu enable
#
interface GigabitEthernet0/0/10
 port link-type trunk
 port trunk allow-pass vlan 2 to 4094
 ntdp enable
 ndp enable
 bpdu enable
#
interface GigabitEthernet0/0/11
 port link-type trunk
 port trunk allow-pass vlan 2 8 10 100 300
 ntdp enable
 ndp enable
 bpdu enable
#
interface GigabitEthernet0/0/12
 port link-type trunk
 port trunk allow-pass vlan 2 to 4094
 ntdp enable
 ndp enable
 bpdu enable
#
interface GigabitEthernet0/0/13
 port link-type access
 port default vlan 13
 ntdp enable
 ndp enable
 bpdu enable
#
interface GigabitEthernet0/0/14
 port link-type trunk
 port trunk allow-pass vlan 2 to 4094
 ntdp enable
 ndp enable
 bpdu enable
#
interface GigabitEthernet0/0/15
 port link-type access
 port default vlan 5
 ntdp enable
 ndp enable
 bpdu enable
#
interface GigabitEthernet0/0/16
 port link-type access
 port default vlan 200
 ntdp enable
 ndp enable
 bpdu enable
#
interface GigabitEthernet0/0/17
 port link-type trunk
 port trunk allow-pass vlan 2 to 4094
 ntdp enable
 ndp enable
 bpdu enable
#
interface GigabitEthernet0/0/18
 port link-type trunk
 port trunk allow-pass vlan 2 to 4094
 ntdp enable
 ndp enable
 bpdu enable
#
interface GigabitEthernet0/0/19
 port link-type trunk
 port trunk allow-pass vlan 2 to 4094
 ntdp enable
 ndp enable
 bpdu enable
#
interface GigabitEthernet0/0/20
 port link-type access
 port default vlan 100
 ntdp enable
 ndp enable
 bpdu enable
#
interface GigabitEthernet0/0/21
 port link-type access
 port default vlan 2
 ntdp enable
 ndp enable
 bpdu enable
#
interface GigabitEthernet0/0/22
 port link-type trunk
 port trunk allow-pass vlan 2 to 4094
 ntdp enable
 ndp enable
 bpdu enable
#
interface GigabitEthernet0/0/23
 port link-type access
 port default vlan 100
 ntdp enable
 ndp enable
 bpdu enable
#
interface GigabitEthernet0/0/24
 port link-type trunk
 port trunk allow-pass vlan 2 to 99 101 to 4094
 ntdp enable
 ndp enable
 bpdu enable
#
interface NULL0
#
 ip route-static 0.0.0.0 0.0.0.0 10.0.0.1 preference 20
 ip route-static 0.0.0.0 0.0.0.0 10.0.0.3 preference 30
#
 snmp-agent
 snmp-agent local-engineid 000007DB7F000001000056F5
 snmp-agent community read  public
 snmp-agent community write  private
 snmp-agent sys-info version all
#
user-interface con 0
 idle-timeout 0 0
user-interface vty 0 4
 authentication-mode aaa
#
return

  

posted @ 2020-12-22 17:43  人生苦短,知足常乐!  阅读(544)  评论(0编辑  收藏  举报