华为IP综合实验

实验拓扑

实验需求

  1. 全网依照拓扑图配置vlan和IP地址
  2. 总公司:

a) SW3和SW4的互连接口启用eth-trunk,最大带宽为2G

b) SW1、SW2、SW3、和SW4运行MSTP,SW1为VLAN10的Root,SW2为VLAN20的Root

c) PC1-PC4需要提供网关冗余,为了提高安全性,需要做认证,并使用BFD动态检查上行链路状态,实现自动切换

\3. AS100需求:

a) 每台设备都需要配置Loopback接口,地址为X.X.X.X(X为设备编号)

b) AS100底层IGP协议为IS-IS,区域类型为level-2,确保各路由器的loopback接口互通

c) R1与R4建立IBGP邻居(使用loopback接口)

d) MPLS-VPN需求:

\1. 总公司的PC能访问分公司1/2的PC,分公司之间不能互访

\2. R1和SW3、SW4之间运行OSPF协议

\3. R4和R5之间运行BGP协议

\4. R4和R6之间运行OSPF协议

\5. R1和R4建立MP-BGP邻居

\4. 分公司1需求:

a) SW5为二层交换机,PC5与PC6配置不同VLAN(属于不同网段),确保两台PC能互访

\5. 分公司2需求:

a) PC8与PC7属于不同VLAN(相同网段),通过VLANIF技术让两台PC正常访问总公司,但是不能互访

b) 内部IGP运行OSPF协议,为了加快收敛速度,每网段不允许存在DR

实验步骤

1.配置IP地址和环回口地址

2.在总公司上进行相应VLAN划分与配置

SW1

[Huawei]INT E0/0/3
[Huawei-Ethernet0/0/3]P L A 
[Huawei-Ethernet0/0/3]p d v 100
[Huawei]INT E0/0/4
[Huawei-Ethernet0/0/4P L A 
[Huawei-Ethernet0/0/4]p d v 200
[Huawei-Ethernet0/0/3]int e0/0/1
[Huawei-Ethernet0/0/1]p l t
[Huawei-Ethernet0/0/1]p t a v a 
[Huawei-Ethernet0/0/1]int e0/0/1
[Huawei-Ethernet0/0/21]p l t
[Huawei-Ethernet0/0/2]p t a v a 

SW2

[Huawei]INT E0/0/3
[Huawei-Ethernet0/0/3]P L A 
[Huawei-Ethernet0/0/3]p d v 100
[Huawei]INT E0/0/4
[Huawei-Ethernet0/0/4P L A 
[Huawei-Ethernet0/0/4]p d v 200
[Huawei-Ethernet0/0/3]int e0/0/1
[Huawei-Ethernet0/0/1]p l t
[Huawei-Ethernet0/0/1]p t a v a 
[Huawei-Ethernet0/0/1]int e0/0/1
[Huawei-Ethernet0/0/21]p l t
[Huawei-Ethernet0/0/2]p t a v a 

SW3

[Huawei]VLAN B 100 200
[Huawei]INT G0/0/2
[Huawei-GigabitEthernet0/0/2] p l t
[Huawei-GigabitEthernet0/0/2] p t a v a 
[Huawei]INT G0/0/3
[Huawei-GigabitEthernet0/0/3] p l t
[Huawei-GigabitEthernet0/0/3] p t a v a 
[Huawei]INT G0/0/6
[Huawei-GigabitEthernet0/0/6]p l a
[Huawei-GigabitEthernet0/0/6]p d v 2
[Huawei]int vlan 2
[Huawei-Vlanif2]ip address 192.168.13.1 24
[Huawei]int vlan 100
[Huawei-Vlanif100]ip add 192.168.10.252 24
[Huawei]int vlan 200
[Huawei-Vlanif100]ip add 192.168.20.252 24

SW4

[Huawei]VLAN B 100 200
[Huawei]INT G0/0/2
[Huawei-GigabitEthernet0/0/2] p l t
[Huawei-GigabitEthernet0/0/2] p t a v a 
[Huawei]INT G0/0/3
[Huawei-GigabitEthernet0/0/3] p l t
[Huawei-GigabitEthernet0/0/3] p t a v a 
[Huawei]INT G0/0/6
[Huawei-GigabitEthernet0/0/6]p l a
[Huawei-GigabitEthernet0/0/6]p d v 2
[Huawei]int vlan 2
[Huawei-Vlanif2]ip address 192.168.14.1 24
[Huawei]int vlan 100
[Huawei-Vlanif100]ip add 192.168.10.253 24
[Huawei]int vlan 200
[Huawei-Vlanif100]ip add 192.168.20.253 24

3. SW3和SW4的互连接口启用eth-trunk,最大带宽为2G

SW3

[Huawei]int Eth-Trunk 1
[Huawei-Eth-Trunk1]trunkport GigabitEthernet 0/0/1
[Huawei-Eth-Trunk1]trunkport GigabitEthernet 0/0/4
[Huawei-Eth-Trunk1]trunkport GigabitEthernet 0/0/5
[Huawei-Eth-Trunk1] port link-type trunk
[Huawei-Eth-Trunk1] port trunk allow-pass vlan all
[Huawei-Eth-Trunk1] max bandwidth-affected-linknumber 2  //最大带宽 2G

SW4

[Huawei]int Eth-Trunk 1
[Huawei-Eth-Trunk1]trunkport GigabitEthernet 0/0/1
[Huawei-Eth-Trunk1]trunkport GigabitEthernet 0/0/4
[Huawei-Eth-Trunk1]trunkport GigabitEthernet 0/0/6
[Huawei-Eth-Trunk1] port link-type trunk
[Huawei-Eth-Trunk1] port trunk allow-pass vlan all
[Huawei-Eth-Trunk1] max bandwidth-affected-linknumber 2

4. SW1、SW2、SW3、和SW4运行MSTP,SW1为VLAN10的Root,SW2为VLAN20的Root

SW1

[Huawei]stp mode mstp 
[Huawei]stp region-configuration 1
[Huawei-mst-region]instance 1 vlan 100
[Huawei-mst-region] instance 2 vlan 200
[Huawei-mst-region] active region-configuration //激活配置

SW2

[Huawei]stp mode mstp 
[Huawei]stp region-configuration 1
[Huawei-mst-region]instance 1 vlan 100
[Huawei-mst-region] instance 2 vlan 200
[Huawei-mst-region] active region-configuration

SW3

[Huawei]stp mode mstp 
[Huawei]stp region-configuration 1
[Huawei-mst-region]instance 1 vlan 100
[Huawei-mst-region] instance 2 vlan 200
[Huawei-mst-region] active region-configuration

[Huawei]stp instance 1 root primary   // VLAN 100 为主根
[Huawei]stp instance 2 root secondary

SW4

[Huawei]stp mode mstp 
[Huawei]stp region-configuration 1
[Huawei-mst-region]instance 1 vlan 100
[Huawei-mst-region] instance 2 vlan 200
[Huawei-mst-region] active region-configuration

[Huawei]stp instance 2 root primary   // VLAN 200 为主根
[Huawei]stp instance 1 root secondary

5. PC1-PC4需要提供网关冗余,为了提高安全性,需要做认证,并使用BFD动态检查上行链路状态,实现自动切换

SW3

[Huawei]int vlan 100
[Huawei-Vlanif100]vrrp vrid 100 virtual-ip 192.168.10.254
[Huawei-Vlanif100] vrrp vrid 100 priority 150
[Huawei-Vlanif100]vrrp vrid 100 track interface g0/0/6 reduced 200
[Huawei-Vlanif100]vrrp vrid 100 authentication-mode md5 123

[Huawei]int vlan 200
[Huawei-Vlanif200]vrrp vrid 200 virtual-ip 192.168.20.254
[Huawei-Vlanif200]vrrp vrid 200 authentication-mode md5 123

SW4

[Huawei]int vlan 100
[Huawei-Vlanif100]vrrp vrid 100 virtual-ip 192.168.10.254
[Huawei-Vlanif100]vrrp vrid 100 authentication-mode md5 123

[Huawei]int vlan 200
[Huawei-Vlanif200]vrrp vrid 200 virtual-ip 192.168.20.254
[Huawei-Vlanif200] vrrp vrid 200 priority 150
[Huawei-Vlanif200]vrrp vrid 200 authentication-mode md5 123
5-1. 查看VRRP
[Huawei-Vlanif100]dis vrrp brief
VRID  State        Interface                Type     Virtual IP     
----------------------------------------------------------------
100   Master       Vlanif100                Normal   192.168.10.254 
200   Backup       Vlanif200                Normal   192.168.20.254 
----------------------------------------------------------------
Total:2     Master:1     Backup:1     Non-active:0     

6. 配置BFD 联动

在SW3上配置

[Huawei]bfd
[Huawei]bfd 123 bind peer-ip 192.168.13.2 source-ip 192.168.13.1 auto  
[Huawei-bfd-session-123]commit

SW4

[Huawei]bfd
[Huawei]bfd 456 bind peer-ip 192.168.14.2 source-ip 192.168.14.1 auto 
[Huawei-bfd-session-456]commit

R1

[Huawei]bfd 	
[Huawei]bfd 123 bind peer-ip 192.168.13.1 vpn-instance vpn1 source-ip 192.168.13.2 auto
[Huawei-bfd-session-123]commit

[Huawei]bfd 456 bind peer-ip 192.168.14.1 vpn-instance vpn1 source-ip 192.168.14.2 auto
[Huawei-bfd-session-456]commit

6-1. 在R1上查看BFID 的会话信息
[Huawei]dis bfd session all 
--------------------------------------------------------------------------------
Local Remote     PeerIpAddr      State     Type        InterfaceName            
--------------------------------------------------------------------------------

8192  8192       192.168.13.1    Up        S_AUTO_PEER       -                  
8194  8192       192.168.14.1    Up        S_AUTO_PEER       -                  
--------------------------------------------------------------------------------
     Total UP/DOWN Session Number : 2/0

7. R1-R4配置ISIS

 环回口一定要开启ISIS

R1

[Huawei] isis 1
[Huawei-isis-1] network-entity 49.0010.0000.0001.00
[Huawei-isis-1] is-level level-2

[Huawei-LoopBack0] isis enable 1
[Huawei-GigabitEthernet0/0/2]isis enable 1
[Huawei-GigabitEthernet4/0/0]isis enable 1

R2

[Huawei] isis 1
[Huawei-isis-1] network-entity 49.0010.0000.0002.00
[Huawei-isis-1] is-level level-2

[Huawei-LoopBack0] isis enable 1
[Huawei-GigabitEthernet0/0/0]isis enable 1
[Huawei-GigabitEthernet0/0/1]isis enable 1

R3

[Huawei] isis 1
[Huawei-isis-1] network-entity 49.0010.0000.0003.00
[Huawei-isis-1] is-level level-2

[Huawei-LoopBack0] isis enable 1
[Huawei-GigabitEthernet0/0/0]isis enable 1
[Huawei-GigabitEthernet0/0/1]isis enable 1


R4

[Huawei] isis 1
[Huawei-isis-1] network-entity 49.0010.0000.0003.00
[Huawei-isis-1] is-level level-2

[Huawei-LoopBack0] isis enable 1   
[Huawei-GigabitEthernet0/0/0]isis enable 1
[Huawei-GigabitEthernet0/0/1]isis enable 1

8. 配置MPLS

R1

[Huawei]mpls lsr-id 1.1.1.1
[Huawei]mpls
[Huawei]mpls ldp
[Huawei]int g0/0/2
[Huawei-GigabitEthernet0/0/2]mpls 
[Huawei-GigabitEthernet0/0/2]mpls ldp
[Huawei-GigabitEthernet0/0/2]int g4/0/0
[Huawei-GigabitEthernet4/0/0]mpls 
[Huawei-GigabitEthernet4/0/0]mpls ldp

R2

[Huawei]mpls lsr-id 2.2.2.2
[Huawei]mpls
[Huawei]mpls ldp
[Huawei]int g0/0/0
[Huawei-GigabitEthernet0/0/0]mpls 
[Huawei-GigabitEthernet0/0/0]mpls ldp
[Huawei]int g0/0/1
[Huawei-GigabitEthernet0/0/1]mpls 
[Huawei-GigabitEthernet0/0/1]mpls ldp

R3

[Huawei]mpls lsr-id 3.3.3.3
[Huawei]mpls
[Huawei]mpls ldp
[Huawei]int g0/0/0
[Huawei-GigabitEthernet0/0/0]mpls 
[Huawei-GigabitEthernet0/0/0]mpls ldp
[Huawei]int g0/0/1
[Huawei-GigabitEthernet0/0/1]mpls 
[Huawei-GigabitEthernet0/0/1]mpls ldp

R4

[Huawei]mpls lsr-id 4.4.4.4
[Huawei]mpls
[Huawei]mpls ldp
[Huawei]int g0/0/0
[Huawei-GigabitEthernet0/0/0]mpls 
[Huawei-GigabitEthernet0/0/0]mpls ldp
[Huawei]int g0/0/1
[Huawei-GigabitEthernet0/0/1]mpls 
[Huawei-GigabitEthernet0/0/1]mpls ldp

9. 配置VPN实例

R1

[Huawei]ip vpn-instance vpn1
[Huawei-vpn-instance-vpn1]vpn-target 2:1 export-extcommunity 
[Huawei-vpn-instance-vpn1]vpn-target 1:2 import-extcommunity 

[Huawei-GigabitEthernet0/0/0]ip binding vpn-instance vpn1  
[Huawei-GigabitEthernet0/0/0]ip address 192.168.13.2 24
[Huawei-GigabitEthernet0/0/1]ip binding vpn-instance vpn1
[Huawei-GigabitEthernet0/0/1]ip address 192.168.14.2 24

R4

[Huawei]ip vpn-instance vpn2
[Huawei-vpn-instance-vpn2]route-distinguisher 2:2
[Huawei-vpn-instance-vpn2]vpn-target 1:2 export-extcommunity 
[Huawei-vpn-instance-vpn2]vpn-target 2:1 import-extcommunity 

[Huawei]ip vpn-instance vpn3
[Huawei-vpn-instance-vpn3]route-distinguisher 3:3
[Huawei-vpn-instance-vpn3-af-ipv4]vpn-target 1:2 export-extcommunity 
[Huawei-vpn-instance-vpn3-af-ipv4]vpn-target 2:1 import-extcommunity 

[Huawei-GigabitEthernet4/0/0]ip binding vpn-instance vpn2
[Huawei-GigabitEthernet4/0/0]ip address 10.1.46.2 24

[Huawei-GigabitEthernet0/0/2]ip binding vpn-instance vpn3
[Huawei-GigabitEthernet0/0/2]ip address 10.1.45.2 24

10. R1和R4建立BGP邻居

[Huawei]bgp 100
[Huawei-bgp]peer 4.4.4.4 as-number 100  //建立普通的BGP邻居
[Huawei-bgp]peer 4.4.4.4 connect-interface LoopBack 0 
[Huawei-bgp]ipv4 vpnv4	  //进入到VPNV4视图
[Huawei-bgp-af-vpnv4]peer 4.4.4.4 enable  //建立与开启mp-bgp邻居

[Huawei]bgp 100
[Huawei-bgp]peer 1.1.1.1 as-number 100
[Huawei-bgp]peer 1.1.1.1 connect-interface LoopBack 0 
[Huawei-bgp]ipv4 vpnv4	
[Huawei-bgp-af-vpnv4]peer 1.1.1.1 enable 

11. R1和SW3、SW4之间运行OSPF协议

R1

[Huawei]ospf 1 vpn-instance vpn1
[Huawei-ospf-1]a 0
[Huawei-ospf-1-area-0.0.0.0]192.168.13.0 0.0.0.255
[Huawei-ospf-1-area-0.0.0.0]192.168.14.0 0.0.0.255

SW3

[Huawei]OSPF 
[Huawei-ospf-1]A 0
[Huawei-ospf-1]network 192.168.13.0 0.0.0.255
[Huawei-ospf-1]network 192.168.10.0 0.0.0.255
[Huawei-ospf-1]network 192.168.20.0 0.0.0.255

SW4

[Huawei]OSPF 
[Huawei-ospf-1]A 0
[Huawei-ospf-1]network 192.168.13.0 0.0.0.255
[Huawei-ospf-1]network 192.168.10.0 0.0.0.255
[Huawei-ospf-1]network 192.168.20.0 0.0.0.255

12. R4和R5之间运行BGP协议

在R4上建立EBGP 邻居

[Huawei]BGP 100
[Huawei-bgp]ipv4-family vpn-instance vpn3
[Huawei-bgp-vpn3] peer 10.1.45.1 as-number 200

R5

[Huawei]bgp 200
[Huawei-bgp]peer 10.1.45.2 as-number 100 
[Huawei-bgp]network 10.1.45.0 24

13. 在R4上查看BGP VPN4 邻居关系

[Huawei]dis bgp vpnv4 all peer

 BGP local router ID : 10.1.24.2
 Local AS number : 100
 Total number of peers : 2		  Peers in established state : 2

  Peer            V          AS  MsgRcvd  MsgSent  OutQ  Up/Down       State Pre
fRcv

  1.1.1.1         4         100      315      311     0 04:49:05 Established    
   6

  Peer of IPv4-family for vpn instance :

 VPN-Instance vpn3, Router ID 10.1.24.2:
  10.1.45.1       4         200      134      136     0 02:11:36 Established    
   1



15. R4和R6之间运行OSPF协议

R4

[Huawei]ospf 1 vpn-instance vpn2
[Huawei-ospf-1]a 0
[Huawei-ospf-1-area-0.0.0.0]network 10.1.46.0 0.0.0.255

R6

[Huawei]ospf 1
[Huawei-ospf-1]a 0
[Huawei-ospf-1]network 10.1.46.0 0.0.0.255 
[Huawei-ospf-1]network 192.168.67.0 0.0.0.255 

16. 双向引入操作

R1

[Huawei]bgp 100
[Huawei-bgp]ipv4 vpn-instance vpn1
[Huawei-bgp-vpn1]import-route ospf 1

R4

[Huawei]bgp 100
[Huawei-bgp]ipv4 vpn-instance vpn2
[Huawei-bgp-vpn1]import-route ospf 1

R1

[Huawei]ospf 1 vpn-instance vpn1
[Huawei-ospf-1]import-route bgp

R4

[Huawei]ospf 1 vpn-instance vpn2
[Huawei-ospf-1]import-route bgp

分公司1需求:

17. SW5为二层交换机,PC5与PC6配置不同VLAN(属于不同网段),确保两台PC能互访

SW5

[Huawei]vlan b 10 20
[Huawei]int e0/0/2
[Huawei-Ethernet0/0/2]p l a
[Huawei-Ethernet0/0/2]p d v 10
[Huawei-Ethernet0/0/2]int  e0/0/3
[Huawei-Ethernet0/0/3]p l a 
[Huawei-Ethernet0/0/3]p d v 20
[Huawei-Ethernet0/0/3]int e0/0/1
[Huawei-Ethernet0/0/1]p l t 
[Huawei-Ethernet0/0/1]p t a v 10 20

R5

[Huawei]int g0/0/1.1
[Huawei-GigabitEthernet0/0/1.1]dot1q termination vid 10
[Huawei-GigabitEthernet0/0/1.1]int g0/0/1.2
[Huawei-GigabitEthernet0/0/1.2]dot1q termination vid 20
[Huawei-GigabitEthernet0/0/1.2]ip address 10.1.26.254 24

[Huawei-GigabitEthernet0/0/1.1]arp broadcast enable 
[Huawei-GigabitEthernet0/0/1.1]int g0/0/1.2
[Huawei-GigabitEthernet0/0/1.2]arp broadcast enable 


分公司2需求:

18. PC8与PC7属于不同VLAN(相同网段),通过VLANIF技术让两台PC正常访问总公司,但是不能互访

19. 内部IGP运行OSPF协议,为了加快收敛速度,每网段不允许存在DR

   在SW7上配置super vlan  

[Huawei]vlan batch 10 20 30 40
[Huawei-GigabitEthernet0/0/3]port link-type access
[Huawei-GigabitEthernet0/0/3]port default vlan 10
[Huawei-GigabitEthernet0/0/2]port link-type access
[Huawei-GigabitEthernet0/0/2]port default vlan 20

[Huawei-GigabitEthernet0/0/1]port link-type access 
[Huawei-GigabitEthernet0/0/1]port default vlan 40    

[Huawei]vlan 30
[Huawei-vlan30]aggregate-vlan      //super vlan
[Huawei-vlan30]access-vlan 10 20   //从vlan
[Huawei-Vlanif30]ip address 192.168.68.254 24  /网关
[Huawei-Vlanif30]int vlan 40
[Huawei-Vlanif40]ip address 192.168.67.2 24

SW7

[Huawei]ospf 
[Huawei-ospf-1]a 0
[Huawei-ospf-1] network 192.168.67.0 0.0.0.255
[Huawei-ospf-1] network 192.168.68.0 0.0.0.255
[Huawei]INT VLAN 30
[Huawei-Vlanif30]ospf network-type p2p  //接口改成点到点网络类型
[Huawei]INT VLAN 40
[Huawei-Vlanif40]ospf network-type p2p  //接口改成点到点网络类型

R6

[Huawei]int g0/0/1
[Huawei-GigabitEthernet0/0/1]ospf network-type p2p  //接口改成点到点网络类型

验证阶段

分公司1上没有分公司2的私网路由条目

[Huawei-bgp]dis ip routing-table protocol bgp 
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Public routing table : BGP
         Destinations : 6        Routes : 6        

BGP routing table status : <Active>
         Destinations : 6        Routes : 6

Destination/Mask    Proto   Pre  Cost      Flags NextHop         Interface

   192.168.10.0/24  EBGP    255  0           D   10.1.45.2       GigabitEthernet
0/0/0
 192.168.10.254/32  EBGP    255  0           D   10.1.45.2       GigabitEthernet
0/0/0
   192.168.13.0/24  EBGP    255  0           D   10.1.45.2       GigabitEthernet
0/0/0
   192.168.14.0/24  EBGP    255  0           D   10.1.45.2       GigabitEthernet
0/0/0
   192.168.20.0/24  EBGP    255  0           D   10.1.45.2       GigabitEthernet
0/0/0
 192.168.20.254/32  EBGP    255  0           D   10.1.45.2       GigabitEthernet
0/0/0

2.分公司1 不能访问分公司2

PC>ping 192.168.67.3

Ping 192.168.67.3: 32 data bytes, Press Ctrl_C to break
Request timeout!
Request timeout!
Request timeout!
Request timeout!
Request timeout!

--- 192.168.67.3 ping statistics ---
  5 packet(s) transmitted
  0 packet(s) received
  100.00% packet loss


3.总公司可以访问分公司 1

PC>ping 10.1.25.1

Ping 10.1.25.1: 32 data bytes, Press Ctrl_C to break
From 10.1.25.1: bytes=32 seq=1 ttl=123 time=110 ms
From 10.1.25.1: bytes=32 seq=2 ttl=123 time=94 ms
From 10.1.25.1: bytes=32 seq=3 ttl=123 time=93 ms
From 10.1.25.1: bytes=32 seq=4 ttl=123 time=110 ms
From 10.1.25.1: bytes=32 seq=5 ttl=123 time=93 ms

--- 10.1.25.1 ping statistics ---
  5 packet(s) transmitted
  5 packet(s) received
  0.00% packet loss
  round-trip min/avg/max = 93/100/110 ms

4.总公司可以访问分公司 2

PC>ping 192.168.68.3

Ping 192.168.68.3: 32 data bytes, Press Ctrl_C to break
From 192.168.68.3: bytes=32 seq=1 ttl=122 time=141 ms
From 192.168.68.3: bytes=32 seq=2 ttl=122 time=94 ms
From 192.168.68.3: bytes=32 seq=3 ttl=122 time=109 ms
From 192.168.68.3: bytes=32 seq=4 ttl=122 time=109 ms
From 192.168.68.3: bytes=32 seq=5 ttl=122 time=110 ms

--- 192.168.68.3 ping statistics ---
  5 packet(s) transmitted
  5 packet(s) received
  0.00% packet loss
  round-trip min/avg/max = 94/112/141 ms

posted @ 2019-08-20 11:03  向往C  阅读(4202)  评论(0编辑  收藏  举报