目錄
■DHCP NAT BFD 策略路由
▲掩碼與反掩碼總結
▲綜合實驗
■DHCP NAT BFD 策略路由
▲掩碼與反掩碼總結
- 使用掩碼的場景:IP地址強相關
場景一:IP地址配置
ip address 192.168.1.1?255.255.255.0?或ip address 192.168.1.1?24
場景二:DHCP配置
network 192.168.1.0 mask?255.255.255.0或network 192.168.1.0 mask?24?
- 使用反掩碼的場景
場景一:ACL
rule 10 permit source 192.168.1.1 0?或rule 10 permit source 192.168.1.1?0.0.0.0
rule 10 permit source 192.168.1.0 ?0.0.0.255
場景二:OSPF路由宣告
network 192.168.1.0?0.0.0.255?//宣告192.168.1.0網段
- RIP路由宣告不需要掩碼或反掩碼,宣告主類網絡(ABC類主類IP地址掩碼分別為/8/16/24):
network?10.0.0.0
network?172.16.0.0
network?192.168.1.0
▲綜合實驗
- 接入交換機ACSW配置
<Huawei>system-view
[Huawei]sysname?Acsw
[Acsw]vlan batch?10 20
[Acsw]interface?GigabitEthernet 0/0/1
[Acsw-GigabitEthernet0/0/1]port link-type?access
[Acsw-GigabitEthernet0/0/1]port default vlan 10?
[Acsw-GigabitEthernet0/0/1]quit?
[Acsw]interface?GigabitEthernet 0/0/2
[Acsw-GigabitEthernet0/0/2]port link-type access
[Acsw-GigabitEthernet0/0/2]port default vlan 20
[Acsw-GigabitEthernet0/0/2]quit
[Acsw]interface?GigabitEthernet 0/0/3
[Acsw-GigabitEthernet0/0/3]port link-type trunk?
[Acsw-GigabitEthernet0/0/3]port trunk allow-pass vlan all
- 核心交換機的配置
下行接口以及網關
[Coresw]vlan batch?10 20 30
[Coresw]interface?Vlanif 10
[Coresw-Vlanif10]ip address?192.168.10.254 24
[Coresw-Vlanif10]quit
[Coresw]interface?Vlanif 20
[Coresw-Vlanif20]ip address?192.168.20.254 24
[Coresw-Vlanif20]quit
[Coresw]interface?GigabitEthernet 0/0/3
[Coresw-GigabitEthernet0/0/3]port link-type trunk?
[Coresw-GigabitEthernet0/0/3]port trunk allow-pass vlan all
配置DHCP
vlanif10 全局模式
[Coresw]dhcp enable?
[Coresw]ip pool?10
[Coresw-ip-pool-10]network?192.168.10.0 mask 24
[Coresw-ip-pool-10]gateway-list?192.168.10.254
[Coresw-ip-pool-10]dns-list?8.8.8.8
[Coresw-ip-pool-10]lease?day 5 ?
[Coresw-ip-pool-10]excluded-ip-address?192.168.10.2 192.168.10.253
[Coresw-ip-pool-10]quit ??????????????
[Coresw]interface Vlanif 10 ?????
[Coresw-Vlanif10]dhcp select global?
vlanif20 接口模式
[Coresw-Vlanif20]dhcp select interface
[Coresw-Vlanif20]dhcp server excluded-ip-address 192.168.20.2 192.168.20.253
[Coresw-Vlanif20]dhcp server dns-list 114.114.114.114
[Coresw-Vlanif20]dhcp server lease day 4 hour 4 minute 4
- 核心交換機上層接口
[Coresw]interface GigabitEthernet 0/0/1
[Coresw-GigabitEthernet0/0/1]port link-type access?
[Coresw-GigabitEthernet0/0/1]port default vlan 30
[Coresw-GigabitEthernet0/0/1]quit
[Coresw]interface Vlanif 30
[Coresw-Vlanif30]ip address 192.168.30.254 24
指定核心交換機的默認路由 出口路由器無法nat設置完之后
[Coresw]ip route-static 0.0.0.0 0 192.168.30.3
- 出口路由器配置(下行口)
<Route>system-view
[Route]interface GigabitEthernet 0/0/1
[Route-GigabitEthernet0/0/1]ip address 192.168.30.3 24
可以使用靜態路由來使route有返回到主機的路由條目(但本實驗不這么做,選用動態路由協議)
[route]ip route-static?192.168.10.0 255.255.255.0 192.168.30.254
動態路由協議:RIP
[Route]rip ?????????
[Route-rip-1]version 2
[Route-rip-1]network?192.168.30.0
[Coresw]rip ?????????
[Coresw-rip-1]version 2
[Coresw-rip-1]network?192.168.10.0
[Coresw-rip-1]network?192.168.20.0
[Coresw-rip-1]network?192.168.30.0
[Route]undo rip 1
[Coresw]undo rip 1
動態路由協議:OSPF
[Route]ospf?1
[Route-ospf-1]area?0
[Route-ospf-1-area-0.0.0.0]network?192.168.30.0 0.0.0.255
[Coresw]ospf?1
[Coresw-ospf-1]area?0
[Coresw-ospf-1-area-0.0.0.0]network?192.168.10.0 0.0.0.255
[Coresw-ospf-1-area-0.0.0.0]network?192.168.20.0 0.0.0.255
[Coresw-ospf-1-area-0.0.0.0]network?192.168.30.0 0.0.0.255
- 路由器的兩個上行接口
上行接口IP地址配置:
[Route]interface?GigabitEthernet 0/0/0
[Route-GigabitEthernet0/0/0]ip address 12.1.1.3 24
[Route-GigabitEthernet0/0/0]quit
[Route]interface?GigabitEthernet 0/0/2
[Route-GigabitEthernet0/0/2]ip address 23.1.1.3 24
出口路由器做NAT在電信和聯通配置RIP之后
[Route]acl 2000
[Route-acl-basic-2000]rule 5 permit?source 192.168.10.0 0.0.0.255
[Route-acl-basic-2000]rule 10 permit?source 192.168.20.0 0.0.0.255
[Route-acl-basic-2000]quit
[Route]interface GigabitEthernet 0/0/0
[Route-GigabitEthernet0/0/0]nat outbound 2000
[Route]interface GigabitEthernet 0/0/2
[Route-GigabitEthernet0/0/2]nat outbound 2000
- 電信路由器
電信路由器配置IP地址:
[dianxin]interface GigabitEthernet 0/0/0
[dianxin-GigabitEthernet0/0/0]ip address 12.1.1.1 24
[dianxin-GigabitEthernet0/0/0]quit
[dianxin]interface GigabitEthernet 0/0/1
[dianxin-GigabitEthernet0/0/1]ip address 100.1.1.1 24
[dianxin-GigabitEthernet0/0/1]quit
[dianxin]interface LoopBack 0
[dianxin-LoopBack0]ip address 1.1.1.1 24
配置rip...
- 聯通路由器
聯通路由器配置IP地址:
<liantong>system-view
[liantong]interface GigabitEthernet 0/0/1
[liantong-GigabitEthernet0/0/1]ip address 100.1.1.2 24
[liantong-GigabitEthernet0/0/1]quit
[liantong]interface GigabitEthernet 0/0/2
[liantong-GigabitEthernet0/0/2]ip address 23.1.1.2 24
[liantong-GigabitEthernet0/0/2]quit
[liantong]interface LoopBack 0?????????
[liantong-LoopBack0]ip address 2.2.2.2 24
配置rip...
給核心交換機配置默認路由完成之后還是無法通信,是因為出口路由器沒有做默認路由,如果要做浮動路由,需要更改兩條路由的優先級
靜態路由和默認路由的優先級都是60 ???
[Route]ip route
[Route]ip route-static?0.0.0.0 0 12.1.1.1 preference?50
[Route]ip route-static?0.0.0.0 0 23.1.1.2
要使用BGF所以默認路由先不用了,實際上只有默認路由也無法完成需求
[Route]undo ip route-static 0.0.0.0 0 12.1.1.1
[Route]undo ip route-static 0.0.0.0 0 23.1.1.2
- 出口路由器BFD的配置,為了保證電信掛了以后可以走聯通的網絡
[Route]bfd?????
[Route-bfd]quit
[Route]bfd dianxin bind peer-ip 12.1.1.1 source-ip 12.1.1.3 auto???
[Route-bfd-session-dianxin]quit
電信那一邊配置bfd (因為不支持單臂回聲,實際項目可以配置單邊)
[dianxin]bfd
[dianxin-bfd]quit
[dianxin]bfd dianxin bind peer-ip 12.1.1.3 source-ip 12.1.1.1 auto?
[dianxin-bfd-session-dianxin]display bfd session all?
track追蹤,BFD兩邊配置,兩邊ping不通的時候就是掛了,該鏈路的路由會被刪除
[Route]ip route-static 0.0.0.0 0 12.1.1.1 preference 50 track bfd-session dianxin
[Route]ip route-static 0.0.0.0 0.0.0.0 23.1.1.2?#bfd鏈路掛了就走這個
- 策略路由配置
首先刪除兩個默認路由
[Route]undo ip route-static 0.0.0.0 0 23.1.1.2
[Route]undo ip route-static 0.0.0.0 0 12.1.1.1
- 策略路由設置
策略路由vlan10走電信出口,vlan20走聯通出口
具體步驟:
①配置ACL,匹配流量
②流分類
③流行為
④流策略(綁定流分類流行為)
⑤入接口應用策略路由
策略路由配置在入接口是因為要匹配兩個網段的地址 放在任意一個出接口都不能對另一個網段進行匹配
<Route>system-view
配置ACL
[Route]acl?2010
[Route-acl-basic-2010]rule 10 permit source?192.168.10.0 0.0.0.255
[Route-acl-basic-2010]quit ?
[Route]acl?2020
[Route-acl-basic-2020]rule 10 permit source?192.168.20.0 0.0.0.255 ?
配置流分類
[Route]traffic classifier?vlan10
[Route-classifier-vlan10]if-match acl?2010
[Route-classifier-vlan10]quit
[Route]traffic classifier?vlan20
[Route-classifier-vlan20]if-match acl?2020
[Route-classifier-vlan20]quit
配置流行為
[Route]traffic behavior?dianxin
[Route-behavior-dianxin]redirect ip-nexthop 12.1.1.1
[Route-behavior-dianxin]quit
[Route]traffic behavior?liantong
[Route-behavior-liantong]redirect ip-nexthop 23.1.1.2
[Route-behavior-liantong]quit
配置流策略
[Route]traffic policy?10,20-dl
[Route-trafficpolicy-10,20-dl]classifier?vlan10 behavior?dianxin
[Route-trafficpolicy-10,20-dl]classifier?vlan20 behavior?liantong
[Route-trafficpolicy-10,20-dl]quit
入接口應用策略路由
[Route-GigabitEthernet0/0/1]traffic-policy?10,20-dl inbound?
Step1:配置ACL,匹配流量
[router]?acl 3010
[router-acl-adv-3010] rule 10 permit ip source any destination 1.1.1.0 0.0.0.255?//匹配任意源地址去往電信服務器1.1.1.1的流量
[router-acl-adv-3010] acl 3020
[router-acl-adv-3020] rule 10 permit ip source any destination 2.2.2.0 0.0.0.255?//匹配任意源地址去往聯通服務器2.2.2.2的流量其他配置略,與實驗三一樣。
至此,本文分享的內容就結束了。
)
 版本與 LabVIEW 2019 兼容性)
)
