华为IP综合实验
目录
- 实验拓扑
- 实验需求
- 实验步骤
- 1.配置IP地址和环回口地址
- 2.在总公司上进行相应VLAN划分与配置
- 3. SW3和SW4的互连接口启用eth-trunk,最大带宽为2G
- 4. SW1、SW2、SW3、和SW4运行MSTP,SW1为VLAN10的Root,SW2为VLAN20的Root
- 5. PC1-PC4需要提供网关冗余,为了提高安全性,需要做认证,并使用BFD动态检查上行链路状态,实现自动切换
- 6. 配置BFD 联动
- 7. R1-R4配置ISIS
- 8. 配置MPLS
- 9. 配置VPN实例
- 10. R1和R4建立BGP邻居
- 11. R1和SW3、SW4之间运行OSPF协议
- 12. R4和R5之间运行BGP协议
- 13. 在R4上查看BGP VPN4 邻居关系
- 15. R4和R6之间运行OSPF协议
- 16. 双向引入操作
- 分公司1需求:
- 分公司2需求:
- 验证阶段
实验拓扑
实验需求
- 全网依照拓扑图配置vlan和IP地址
- 总公司:
a) SW3和SW4的互连接口启用eth-trunk,最大带宽为2G
b) SW1、SW2、SW3、和SW4运行MSTP,SW1为VLAN10的Root,SW2为VLAN20的Root
c) PC1-PC4需要提供网关冗余,为了提高安全性,需要做认证,并使用BFD动态检查上行链路状态,实现自动切换
\3. AS100需求:
a) 每台设备都需要配置Loopback接口,地址为X.X.X.X(X为设备编号)
b) AS100底层IGP协议为IS-IS,区域类型为level-2,确保各路由器的loopback接口互通
c) R1与R4建立IBGP邻居(使用loopback接口)
d) MPLS-VPN需求:
\1. 总公司的PC能访问分公司1/2的PC,分公司之间不能互访
\2. R1和SW3、SW4之间运行OSPF协议
\3. R4和R5之间运行BGP协议
\4. R4和R6之间运行OSPF协议
\5. R1和R4建立MP-BGP邻居
\4. 分公司1需求:
a) SW5为二层交换机,PC5与PC6配置不同VLAN(属于不同网段),确保两台PC能互访
\5. 分公司2需求:
a) PC8与PC7属于不同VLAN(相同网段),通过VLANIF技术让两台PC正常访问总公司,但是不能互访
b) 内部IGP运行OSPF协议,为了加快收敛速度,每网段不允许存在DR
实验步骤
1.配置IP地址和环回口地址
2.在总公司上进行相应VLAN划分与配置
SW1
[Huawei]INT E0/0/3
[Huawei-Ethernet0/0/3]P L A
[Huawei-Ethernet0/0/3]p d v 100
[Huawei]INT E0/0/4
[Huawei-Ethernet0/0/4P L A
[Huawei-Ethernet0/0/4]p d v 200
[Huawei-Ethernet0/0/3]int e0/0/1
[Huawei-Ethernet0/0/1]p l t
[Huawei-Ethernet0/0/1]p t a v a
[Huawei-Ethernet0/0/1]int e0/0/1
[Huawei-Ethernet0/0/21]p l t
[Huawei-Ethernet0/0/2]p t a v a
SW2
[Huawei]INT E0/0/3
[Huawei-Ethernet0/0/3]P L A
[Huawei-Ethernet0/0/3]p d v 100
[Huawei]INT E0/0/4
[Huawei-Ethernet0/0/4P L A
[Huawei-Ethernet0/0/4]p d v 200
[Huawei-Ethernet0/0/3]int e0/0/1
[Huawei-Ethernet0/0/1]p l t
[Huawei-Ethernet0/0/1]p t a v a
[Huawei-Ethernet0/0/1]int e0/0/1
[Huawei-Ethernet0/0/21]p l t
[Huawei-Ethernet0/0/2]p t a v a
SW3
[Huawei]VLAN B 100 200
[Huawei]INT G0/0/2
[Huawei-GigabitEthernet0/0/2] p l t
[Huawei-GigabitEthernet0/0/2] p t a v a
[Huawei]INT G0/0/3
[Huawei-GigabitEthernet0/0/3] p l t
[Huawei-GigabitEthernet0/0/3] p t a v a
[Huawei]INT G0/0/6
[Huawei-GigabitEthernet0/0/6]p l a
[Huawei-GigabitEthernet0/0/6]p d v 2
[Huawei]int vlan 2
[Huawei-Vlanif2]ip address 192.168.13.1 24
[Huawei]int vlan 100
[Huawei-Vlanif100]ip add 192.168.10.252 24
[Huawei]int vlan 200
[Huawei-Vlanif100]ip add 192.168.20.252 24
SW4
[Huawei]VLAN B 100 200
[Huawei]INT G0/0/2
[Huawei-GigabitEthernet0/0/2] p l t
[Huawei-GigabitEthernet0/0/2] p t a v a
[Huawei]INT G0/0/3
[Huawei-GigabitEthernet0/0/3] p l t
[Huawei-GigabitEthernet0/0/3] p t a v a
[Huawei]INT G0/0/6
[Huawei-GigabitEthernet0/0/6]p l a
[Huawei-GigabitEthernet0/0/6]p d v 2
[Huawei]int vlan 2
[Huawei-Vlanif2]ip address 192.168.14.1 24
[Huawei]int vlan 100
[Huawei-Vlanif100]ip add 192.168.10.253 24
[Huawei]int vlan 200
[Huawei-Vlanif100]ip add 192.168.20.253 24
3. SW3和SW4的互连接口启用eth-trunk,最大带宽为2G
SW3
[Huawei]int Eth-Trunk 1
[Huawei-Eth-Trunk1]trunkport GigabitEthernet 0/0/1
[Huawei-Eth-Trunk1]trunkport GigabitEthernet 0/0/4
[Huawei-Eth-Trunk1]trunkport GigabitEthernet 0/0/5
[Huawei-Eth-Trunk1] port link-type trunk
[Huawei-Eth-Trunk1] port trunk allow-pass vlan all
[Huawei-Eth-Trunk1] max bandwidth-affected-linknumber 2 //最大带宽 2G
SW4
[Huawei]int Eth-Trunk 1
[Huawei-Eth-Trunk1]trunkport GigabitEthernet 0/0/1
[Huawei-Eth-Trunk1]trunkport GigabitEthernet 0/0/4
[Huawei-Eth-Trunk1]trunkport GigabitEthernet 0/0/6
[Huawei-Eth-Trunk1] port link-type trunk
[Huawei-Eth-Trunk1] port trunk allow-pass vlan all
[Huawei-Eth-Trunk1] max bandwidth-affected-linknumber 2
4. SW1、SW2、SW3、和SW4运行MSTP,SW1为VLAN10的Root,SW2为VLAN20的Root
SW1
[Huawei]stp mode mstp
[Huawei]stp region-configuration 1
[Huawei-mst-region]instance 1 vlan 100
[Huawei-mst-region] instance 2 vlan 200
[Huawei-mst-region] active region-configuration //激活配置
SW2
[Huawei]stp mode mstp
[Huawei]stp region-configuration 1
[Huawei-mst-region]instance 1 vlan 100
[Huawei-mst-region] instance 2 vlan 200
[Huawei-mst-region] active region-configuration
SW3
[Huawei]stp mode mstp
[Huawei]stp region-configuration 1
[Huawei-mst-region]instance 1 vlan 100
[Huawei-mst-region] instance 2 vlan 200
[Huawei-mst-region] active region-configuration
[Huawei]stp instance 1 root primary // VLAN 100 为主根
[Huawei]stp instance 2 root secondary
SW4
[Huawei]stp mode mstp
[Huawei]stp region-configuration 1
[Huawei-mst-region]instance 1 vlan 100
[Huawei-mst-region] instance 2 vlan 200
[Huawei-mst-region] active region-configuration
[Huawei]stp instance 2 root primary // VLAN 200 为主根
[Huawei]stp instance 1 root secondary
5. PC1-PC4需要提供网关冗余,为了提高安全性,需要做认证,并使用BFD动态检查上行链路状态,实现自动切换
SW3
[Huawei]int vlan 100
[Huawei-Vlanif100]vrrp vrid 100 virtual-ip 192.168.10.254
[Huawei-Vlanif100] vrrp vrid 100 priority 150
[Huawei-Vlanif100]vrrp vrid 100 track interface g0/0/6 reduced 200
[Huawei-Vlanif100]vrrp vrid 100 authentication-mode md5 123
[Huawei]int vlan 200
[Huawei-Vlanif200]vrrp vrid 200 virtual-ip 192.168.20.254
[Huawei-Vlanif200]vrrp vrid 200 authentication-mode md5 123
SW4
[Huawei]int vlan 100
[Huawei-Vlanif100]vrrp vrid 100 virtual-ip 192.168.10.254
[Huawei-Vlanif100]vrrp vrid 100 authentication-mode md5 123
[Huawei]int vlan 200
[Huawei-Vlanif200]vrrp vrid 200 virtual-ip 192.168.20.254
[Huawei-Vlanif200] vrrp vrid 200 priority 150
[Huawei-Vlanif200]vrrp vrid 200 authentication-mode md5 123
5-1. 查看VRRP
[Huawei-Vlanif100]dis vrrp brief
VRID State Interface Type Virtual IP
----------------------------------------------------------------
100 Master Vlanif100 Normal 192.168.10.254
200 Backup Vlanif200 Normal 192.168.20.254
----------------------------------------------------------------
Total:2 Master:1 Backup:1 Non-active:0
6. 配置BFD 联动
在SW3上配置
[Huawei]bfd
[Huawei]bfd 123 bind peer-ip 192.168.13.2 source-ip 192.168.13.1 auto
[Huawei-bfd-session-123]commit
SW4
[Huawei]bfd
[Huawei]bfd 456 bind peer-ip 192.168.14.2 source-ip 192.168.14.1 auto
[Huawei-bfd-session-456]commit
R1
[Huawei]bfd
[Huawei]bfd 123 bind peer-ip 192.168.13.1 vpn-instance vpn1 source-ip 192.168.13.2 auto
[Huawei-bfd-session-123]commit
[Huawei]bfd 456 bind peer-ip 192.168.14.1 vpn-instance vpn1 source-ip 192.168.14.2 auto
[Huawei-bfd-session-456]commit
6-1. 在R1上查看BFID 的会话信息
[Huawei]dis bfd session all
--------------------------------------------------------------------------------
Local Remote PeerIpAddr State Type InterfaceName
--------------------------------------------------------------------------------
8192 8192 192.168.13.1 Up S_AUTO_PEER -
8194 8192 192.168.14.1 Up S_AUTO_PEER -
--------------------------------------------------------------------------------
Total UP/DOWN Session Number : 2/0
7. R1-R4配置ISIS
环回口一定要开启ISIS
R1
[Huawei] isis 1
[Huawei-isis-1] network-entity 49.0010.0000.0001.00
[Huawei-isis-1] is-level level-2
[Huawei-LoopBack0] isis enable 1
[Huawei-GigabitEthernet0/0/2]isis enable 1
[Huawei-GigabitEthernet4/0/0]isis enable 1
R2
[Huawei] isis 1
[Huawei-isis-1] network-entity 49.0010.0000.0002.00
[Huawei-isis-1] is-level level-2
[Huawei-LoopBack0] isis enable 1
[Huawei-GigabitEthernet0/0/0]isis enable 1
[Huawei-GigabitEthernet0/0/1]isis enable 1
R3
[Huawei] isis 1
[Huawei-isis-1] network-entity 49.0010.0000.0003.00
[Huawei-isis-1] is-level level-2
[Huawei-LoopBack0] isis enable 1
[Huawei-GigabitEthernet0/0/0]isis enable 1
[Huawei-GigabitEthernet0/0/1]isis enable 1
R4
[Huawei] isis 1
[Huawei-isis-1] network-entity 49.0010.0000.0003.00
[Huawei-isis-1] is-level level-2
[Huawei-LoopBack0] isis enable 1
[Huawei-GigabitEthernet0/0/0]isis enable 1
[Huawei-GigabitEthernet0/0/1]isis enable 1
8. 配置MPLS
R1
[Huawei]mpls lsr-id 1.1.1.1
[Huawei]mpls
[Huawei]mpls ldp
[Huawei]int g0/0/2
[Huawei-GigabitEthernet0/0/2]mpls
[Huawei-GigabitEthernet0/0/2]mpls ldp
[Huawei-GigabitEthernet0/0/2]int g4/0/0
[Huawei-GigabitEthernet4/0/0]mpls
[Huawei-GigabitEthernet4/0/0]mpls ldp
R2
[Huawei]mpls lsr-id 2.2.2.2
[Huawei]mpls
[Huawei]mpls ldp
[Huawei]int g0/0/0
[Huawei-GigabitEthernet0/0/0]mpls
[Huawei-GigabitEthernet0/0/0]mpls ldp
[Huawei]int g0/0/1
[Huawei-GigabitEthernet0/0/1]mpls
[Huawei-GigabitEthernet0/0/1]mpls ldp
R3
[Huawei]mpls lsr-id 3.3.3.3
[Huawei]mpls
[Huawei]mpls ldp
[Huawei]int g0/0/0
[Huawei-GigabitEthernet0/0/0]mpls
[Huawei-GigabitEthernet0/0/0]mpls ldp
[Huawei]int g0/0/1
[Huawei-GigabitEthernet0/0/1]mpls
[Huawei-GigabitEthernet0/0/1]mpls ldp
R4
[Huawei]mpls lsr-id 4.4.4.4
[Huawei]mpls
[Huawei]mpls ldp
[Huawei]int g0/0/0
[Huawei-GigabitEthernet0/0/0]mpls
[Huawei-GigabitEthernet0/0/0]mpls ldp
[Huawei]int g0/0/1
[Huawei-GigabitEthernet0/0/1]mpls
[Huawei-GigabitEthernet0/0/1]mpls ldp
9. 配置VPN实例
R1
[Huawei]ip vpn-instance vpn1
[Huawei-vpn-instance-vpn1]vpn-target 2:1 export-extcommunity
[Huawei-vpn-instance-vpn1]vpn-target 1:2 import-extcommunity
[Huawei-GigabitEthernet0/0/0]ip binding vpn-instance vpn1
[Huawei-GigabitEthernet0/0/0]ip address 192.168.13.2 24
[Huawei-GigabitEthernet0/0/1]ip binding vpn-instance vpn1
[Huawei-GigabitEthernet0/0/1]ip address 192.168.14.2 24
R4
[Huawei]ip vpn-instance vpn2
[Huawei-vpn-instance-vpn2]route-distinguisher 2:2
[Huawei-vpn-instance-vpn2]vpn-target 1:2 export-extcommunity
[Huawei-vpn-instance-vpn2]vpn-target 2:1 import-extcommunity
[Huawei]ip vpn-instance vpn3
[Huawei-vpn-instance-vpn3]route-distinguisher 3:3
[Huawei-vpn-instance-vpn3-af-ipv4]vpn-target 1:2 export-extcommunity
[Huawei-vpn-instance-vpn3-af-ipv4]vpn-target 2:1 import-extcommunity
[Huawei-GigabitEthernet4/0/0]ip binding vpn-instance vpn2
[Huawei-GigabitEthernet4/0/0]ip address 10.1.46.2 24
[Huawei-GigabitEthernet0/0/2]ip binding vpn-instance vpn3
[Huawei-GigabitEthernet0/0/2]ip address 10.1.45.2 24
10. R1和R4建立BGP邻居
[Huawei]bgp 100
[Huawei-bgp]peer 4.4.4.4 as-number 100 //建立普通的BGP邻居
[Huawei-bgp]peer 4.4.4.4 connect-interface LoopBack 0
[Huawei-bgp]ipv4 vpnv4 //进入到VPNV4视图
[Huawei-bgp-af-vpnv4]peer 4.4.4.4 enable //建立与开启mp-bgp邻居
[Huawei]bgp 100
[Huawei-bgp]peer 1.1.1.1 as-number 100
[Huawei-bgp]peer 1.1.1.1 connect-interface LoopBack 0
[Huawei-bgp]ipv4 vpnv4
[Huawei-bgp-af-vpnv4]peer 1.1.1.1 enable
11. R1和SW3、SW4之间运行OSPF协议
R1
[Huawei]ospf 1 vpn-instance vpn1
[Huawei-ospf-1]a 0
[Huawei-ospf-1-area-0.0.0.0]192.168.13.0 0.0.0.255
[Huawei-ospf-1-area-0.0.0.0]192.168.14.0 0.0.0.255
SW3
[Huawei]OSPF
[Huawei-ospf-1]A 0
[Huawei-ospf-1]network 192.168.13.0 0.0.0.255
[Huawei-ospf-1]network 192.168.10.0 0.0.0.255
[Huawei-ospf-1]network 192.168.20.0 0.0.0.255
SW4
[Huawei]OSPF
[Huawei-ospf-1]A 0
[Huawei-ospf-1]network 192.168.13.0 0.0.0.255
[Huawei-ospf-1]network 192.168.10.0 0.0.0.255
[Huawei-ospf-1]network 192.168.20.0 0.0.0.255
12. R4和R5之间运行BGP协议
在R4上建立EBGP 邻居
[Huawei]BGP 100
[Huawei-bgp]ipv4-family vpn-instance vpn3
[Huawei-bgp-vpn3] peer 10.1.45.1 as-number 200
R5
[Huawei]bgp 200
[Huawei-bgp]peer 10.1.45.2 as-number 100
[Huawei-bgp]network 10.1.45.0 24
13. 在R4上查看BGP VPN4 邻居关系
[Huawei]dis bgp vpnv4 all peer
BGP local router ID : 10.1.24.2
Local AS number : 100
Total number of peers : 2 Peers in established state : 2
Peer V AS MsgRcvd MsgSent OutQ Up/Down State Pre
fRcv
1.1.1.1 4 100 315 311 0 04:49:05 Established
6
Peer of IPv4-family for vpn instance :
VPN-Instance vpn3, Router ID 10.1.24.2:
10.1.45.1 4 200 134 136 0 02:11:36 Established
1
15. R4和R6之间运行OSPF协议
R4
[Huawei]ospf 1 vpn-instance vpn2
[Huawei-ospf-1]a 0
[Huawei-ospf-1-area-0.0.0.0]network 10.1.46.0 0.0.0.255
R6
[Huawei]ospf 1
[Huawei-ospf-1]a 0
[Huawei-ospf-1]network 10.1.46.0 0.0.0.255
[Huawei-ospf-1]network 192.168.67.0 0.0.0.255
16. 双向引入操作
R1
[Huawei]bgp 100
[Huawei-bgp]ipv4 vpn-instance vpn1
[Huawei-bgp-vpn1]import-route ospf 1
R4
[Huawei]bgp 100
[Huawei-bgp]ipv4 vpn-instance vpn2
[Huawei-bgp-vpn1]import-route ospf 1
R1
[Huawei]ospf 1 vpn-instance vpn1
[Huawei-ospf-1]import-route bgp
R4
[Huawei]ospf 1 vpn-instance vpn2
[Huawei-ospf-1]import-route bgp
分公司1需求:
17. SW5为二层交换机,PC5与PC6配置不同VLAN(属于不同网段),确保两台PC能互访
SW5
[Huawei]vlan b 10 20
[Huawei]int e0/0/2
[Huawei-Ethernet0/0/2]p l a
[Huawei-Ethernet0/0/2]p d v 10
[Huawei-Ethernet0/0/2]int e0/0/3
[Huawei-Ethernet0/0/3]p l a
[Huawei-Ethernet0/0/3]p d v 20
[Huawei-Ethernet0/0/3]int e0/0/1
[Huawei-Ethernet0/0/1]p l t
[Huawei-Ethernet0/0/1]p t a v 10 20
R5
[Huawei]int g0/0/1.1
[Huawei-GigabitEthernet0/0/1.1]dot1q termination vid 10
[Huawei-GigabitEthernet0/0/1.1]int g0/0/1.2
[Huawei-GigabitEthernet0/0/1.2]dot1q termination vid 20
[Huawei-GigabitEthernet0/0/1.2]ip address 10.1.26.254 24
[Huawei-GigabitEthernet0/0/1.1]arp broadcast enable
[Huawei-GigabitEthernet0/0/1.1]int g0/0/1.2
[Huawei-GigabitEthernet0/0/1.2]arp broadcast enable
分公司2需求:
18. PC8与PC7属于不同VLAN(相同网段),通过VLANIF技术让两台PC正常访问总公司,但是不能互访
19. 内部IGP运行OSPF协议,为了加快收敛速度,每网段不允许存在DR
在SW7上配置super vlan
[Huawei]vlan batch 10 20 30 40
[Huawei-GigabitEthernet0/0/3]port link-type access
[Huawei-GigabitEthernet0/0/3]port default vlan 10
[Huawei-GigabitEthernet0/0/2]port link-type access
[Huawei-GigabitEthernet0/0/2]port default vlan 20
[Huawei-GigabitEthernet0/0/1]port link-type access
[Huawei-GigabitEthernet0/0/1]port default vlan 40
[Huawei]vlan 30
[Huawei-vlan30]aggregate-vlan //super vlan
[Huawei-vlan30]access-vlan 10 20 //从vlan
[Huawei-Vlanif30]ip address 192.168.68.254 24 /网关
[Huawei-Vlanif30]int vlan 40
[Huawei-Vlanif40]ip address 192.168.67.2 24
SW7
[Huawei]ospf
[Huawei-ospf-1]a 0
[Huawei-ospf-1] network 192.168.67.0 0.0.0.255
[Huawei-ospf-1] network 192.168.68.0 0.0.0.255
[Huawei]INT VLAN 30
[Huawei-Vlanif30]ospf network-type p2p //接口改成点到点网络类型
[Huawei]INT VLAN 40
[Huawei-Vlanif40]ospf network-type p2p //接口改成点到点网络类型
R6
[Huawei]int g0/0/1
[Huawei-GigabitEthernet0/0/1]ospf network-type p2p //接口改成点到点网络类型
验证阶段
分公司1上没有分公司2的私网路由条目
[Huawei-bgp]dis ip routing-table protocol bgp
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Public routing table : BGP
Destinations : 6 Routes : 6
BGP routing table status : <Active>
Destinations : 6 Routes : 6
Destination/Mask Proto Pre Cost Flags NextHop Interface
192.168.10.0/24 EBGP 255 0 D 10.1.45.2 GigabitEthernet
0/0/0
192.168.10.254/32 EBGP 255 0 D 10.1.45.2 GigabitEthernet
0/0/0
192.168.13.0/24 EBGP 255 0 D 10.1.45.2 GigabitEthernet
0/0/0
192.168.14.0/24 EBGP 255 0 D 10.1.45.2 GigabitEthernet
0/0/0
192.168.20.0/24 EBGP 255 0 D 10.1.45.2 GigabitEthernet
0/0/0
192.168.20.254/32 EBGP 255 0 D 10.1.45.2 GigabitEthernet
0/0/0
2.分公司1 不能访问分公司2
PC>ping 192.168.67.3
Ping 192.168.67.3: 32 data bytes, Press Ctrl_C to break
Request timeout!
Request timeout!
Request timeout!
Request timeout!
Request timeout!
--- 192.168.67.3 ping statistics ---
5 packet(s) transmitted
0 packet(s) received
100.00% packet loss
3.总公司可以访问分公司 1
PC>ping 10.1.25.1
Ping 10.1.25.1: 32 data bytes, Press Ctrl_C to break
From 10.1.25.1: bytes=32 seq=1 ttl=123 time=110 ms
From 10.1.25.1: bytes=32 seq=2 ttl=123 time=94 ms
From 10.1.25.1: bytes=32 seq=3 ttl=123 time=93 ms
From 10.1.25.1: bytes=32 seq=4 ttl=123 time=110 ms
From 10.1.25.1: bytes=32 seq=5 ttl=123 time=93 ms
--- 10.1.25.1 ping statistics ---
5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 93/100/110 ms
4.总公司可以访问分公司 2
PC>ping 192.168.68.3
Ping 192.168.68.3: 32 data bytes, Press Ctrl_C to break
From 192.168.68.3: bytes=32 seq=1 ttl=122 time=141 ms
From 192.168.68.3: bytes=32 seq=2 ttl=122 time=94 ms
From 192.168.68.3: bytes=32 seq=3 ttl=122 time=109 ms
From 192.168.68.3: bytes=32 seq=4 ttl=122 time=109 ms
From 192.168.68.3: bytes=32 seq=5 ttl=122 time=110 ms
--- 192.168.68.3 ping statistics ---
5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 94/112/141 ms