H3CIE实验C

原创 已于 2024-04-15 12:36:49 修改 · 2.9k 阅读 · 51 ·
CC 4.0 BY-SA版权
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
文章标签:

#网络 #运维

于 2024-04-15 12:34:20 首次发布
该博客围绕网络运维实验展开,涵盖总部、分支和办事处三部分。介绍了实验拓扑和需求,包括业务网段、链路聚合、VRRP等配置。详细阐述实验步骤,如总部的链路聚合、Smart - link配置,分支的MP - Group、CHAP配置,办事处的VPN、RIP配置,还涉及路由选路、QOS、SNMP和Telnet配置。
该文章已生成可运行项目,

文章目录

1 实验拓扑

在这里插入图片描述

2 实验需求

环境中共有三个部分:总部,分中心,办事处

每个部分有两个业务网段:A业务、B业务

所有设备上不允许有等价路由

  1. Internet

    通过一台三层交换机模拟因特网环境,这个设备上不允许配置任何路由,只有两条直连路由

  2. Vlan

    在S1是有VLAN 10(A业务),VLAN20(B业务),VLAN30(S1-S2间三层链路),VLAN2(S1,S2上分别用于上连到R1,R2)

    S3上用VLAN接口模拟主机,用两条静态路由模拟网关

    ip route-static 0.0.0.0 0 10.10.0.254
    ip route-static 0.0.0.0 0 10.20.0.254

  3. Smart-link

    S1\S2\S3用SmartLink防二层环路,通过MonitorLink监测上行链路

    VLAN 10是A业务,VLAN 20是B业务网段;分别映射到MSTP实例1、实例2

    连接S1的链路作为实例1的主链路,连接S2的链路作为实例1的备用链路

    连接S2的链路作为实例2的主链路,连接S1的链路作为实例2的备用链路

  4. 链路聚合

    S1\S2之间有二条物理链路,将这两条物理路由聚合成一条逻辑链路

  5. TRUNK

    S1\S2\S3之间的链路都是TRUNK链路,允许VLAN10 VLAN 20 VLAN 30,不用允许VLAN 2

  6. VRRP

    总部的A业务、B业务使用虚拟网关提供可靠性

    S1作为A业务的主网关,S2作为A业务的备份网关

    S2作为B业务的主网关,S1作为B业务的备份网关

    跟踪上行链路(端口)

    使用VRRP认证

  7. PPP CHAP\MP-GROUP

    ISP1电信 用双向CHAP验证

    ISP2联通 用MP-GROUP将两条链路捆绑

  8. GRE OVER IPSEC

    办事处到总部(R1到 R5)通过GRE OVER IPSEC保护业务流

    R1 IKE用野蛮模式,用IP地址识别对端;R1上通过安全策略模版实现

    TUNNEL接口启用keepalive

    TUNNEL接口用LO接口作为隧道源

  9. OSPF

    总部和分中心通过OSPF路由协议实现互通

    总部在AREA 1;分中心在AREA 100(STUP)

    总部和分中心通过AREA 0互通,所有设备不允许有等价路由

    在业务网段中不能有协议报文;也不能出现RIP协议报文

  10. RIP

    办事处与总部通过RIP路由协议学习路由

    RIP协议报文不能出现在OSPF域和业务网段中

  11. 路由选路

    办事处只有A业务,没有B业务

    总部和分中心有两条链路

    ​ ISP1电信, R1-R3(链路只有64K带宽,只作为A业务的备份链路,不作为B业务的备份链路)

    ​ ISP2联通, R2-R4(链路是两条串行线路捆绑成4M,作为两个业务的主链路)

    总部和办事处的流量不允许通过RIP\OSPF相互引入,在R1上用两条黑洞路由来完成

    ​ 一条是办事处A业务,引入到ospf中;一条总部和分支A业务,引入到RIP中,通过ACL+路由策略实现

  12. QOS

    在ISP2联通链路上总部和分中心的两个业务流保证至少为128K的带宽

    为了防止办事处的流量对总部产生冲击,要求使用LR在R5对办事处流量进行限速500K

  13. SNMP

    只允许源地址10.20.0.100的用户通过SNMP访问R2,团体字自拟

  14. Telnet

    只允许源地址为10.10.0.100的用户Telnet R1,采用用户名加密码的方式验证

3 实验步骤

3-1 总部

3-1-1 链路聚合
[S1]interface Bridge-Aggregation 1

[S1]interface GigabitEthernet 1/0/47
[S1-GigabitEthernet1/0/47]port link-aggregation group 1

[S1]interface GigabitEthernet 1/0/48
[S1-GigabitEthernet1/0/48]port link-aggregation group 1

[H3C]sysname S2
[S2]interface Bridge-Aggregation 1
    
[S2]interface GigabitEthernet 1/0/47
[S2-GigabitEthernet1/0/47]port link-aggregation group 1

[S2]interface GigabitEthernet 1/0/48
[S2-GigabitEthernet1/0/48]port link-aggregation group 1
3-1-2 基础配置
[S1]vlan 2
[S1-vlan2]vlan 10
[S1-vlan10]vlan 20
[S1-vlan20]vlan 30
[S1-vlan30]vlan 100
[S1-vlan100]vlan 200
    
[S1]interface LoopBack 0
[S1-LoopBack0]ip address 10.1.255.6 32

[S1]interface Vlan-interface 2
[S1-Vlan-interface2]ip address 10.1.0.1 30

[S1]interface Vlan-interface 10
[S1-Vlan-interface10]ip address 10.10.0.252 24

[S1]interface Vlan-interface 20
[S1-Vlan-interface20]ip address 10.20.0.252 24

[S1]interface Vlan-interface 30
[S1-Vlan-interface30]ip address 10.1.0.9 30
    
[S1]interface GigabitEthernet 1/0/2
[S1-GigabitEthernet1/0/2]port access vlan 2

[S2]vlan 2
[S2-vlan2]vlan 10
[S2-vlan10]vlan 20
[S2-vlan20]vlan 30
[S2-vlan30]vlan 100
[S2-vlan100]vlan 200
    
[S2]interface LoopBack 0
[S2-LoopBack0]ip address 10.1.255.7 32


[S2]interface Vlan-interface 2
[S2-Vlan-interface2]ip address 10.1.0.5 30

[S2]interface Vlan-interface 10
[S2-Vlan-interface10]ip address 10.10.0.253 24

[S2]interface Vlan-interface 20
[S2-Vlan-interface20]ip address 10.20.0.253 24

[S2]interface Vlan-interface 30
[S2-Vlan-interface30]ip address 10.1.0.10 30

[S2]interface GigabitEthernet 1/0/1
[S2-GigabitEthernet1/0/1]port access vlan 2

[S3]vlan 10
[S3-vlan10]vlan 20
[S3-vlan20]vlan 100
[S3-vlan100]vlan 200
    
[S3]interface Vlan-interface 10
[S3-Vlan-interface10]ip address 10.10.0.1 24

[S3]interface Vlan-interface 20
[S3-Vlan-interface20]ip address 10.20.0.1 24

[R1]interface LoopBack 0
[R1-LoopBack0]ip address 10.1.255.1 32

[R1]interface GigabitEthernet 0/1
[R1-GigabitEthernet0/1]ip address 10.1.0.2 30

[R2]interface LoopBack 0
[R2-LoopBack0]ip address 10.1.255.2 32

[R2]interface GigabitEthernet 0/2
[R2-GigabitEthernet0/2]ip address 10.1.0.6 30
3-1-3 配置Trunk
[S1]interface Bridge-Aggregation 1
[S1-Bridge-Aggregation1]port link-type trunk 
[S1-Bridge-Aggregation1]port trunk permit vlan 10 20 30 100 200
[S1-Bridge-Aggregation1]undo port trunk permit vlan 1

[S1]interface GigabitEthernet 1/0/1
[S1-GigabitEthernet1/0/1]port link-type trunk 
[S1-GigabitEthernet1/0/1]port trunk permit vlan 10 20 100 200
[S1-GigabitEthernet1/0/1]undo port trunk permit vlan 1

[S2]interface Bridge-Aggregation 1
[S2-Bridge-Aggregation1]port link-type trunk 
[S2-Bridge-Aggregation1]port trunk permit vlan 10 20 30
[S2-Bridge-Aggregation1]undo port trunk permit vlan 1

[S2]interface GigabitEthernet 1/0/2
[S2-GigabitEthernet1/0/2]port link-type trunk 
[S2-GigabitEthernet1/0/2]port trunk permit vlan 10 20 200 300
[S2-GigabitEthernet1/0/2]undo port trunk permit vlan 1

[S3]interface GigabitEthernet 1/0/1
[S3-GigabitEthernet1/0/1]port link-type trunk 
[S3-GigabitEthernet1/0/1]port trunk permit vlan 10 20 100 200
[S3-GigabitEthernet1/0/1]undo port trunk permit vlan 1

[S3]interface GigabitEthernet 1/0/2
[S3-GigabitEthernet1/0/2]port link-type trunk 
[S3-GigabitEthernet1/0/2]port trunk permit vlan 10 20 100 200
[S3-GigabitEthernet1/0/2]undo port trunk permit vlan 1
3-1-4 Smart-link
[S1]monitor-link group 1                                               --->创建monitor组1
[S1-mtlk-group1]qu

[S1]interface GigabitEthernet 1/0/2
[S1-GigabitEthernet1/0/2]port monitor-link group 1 uplink              --->接口以上联链路的角色加入备份组1

[S1]interface GigabitEthernet 1/0/1
[S1-GigabitEthernet1/0/1]undo stp enable
[S1-GigabitEthernet1/0/1]smart-link flush enable control-vlan 100 200  --->端口上开启接收Flush报文的功能,并指定接收Flush报文的控制VLANVLAN100200
[S1-GigabitEthernet1/0/1]port monitor-link group 1 downlink            --->接口以下联链路的角色加入备份组1
    
[S1]interface Bridge-Aggregation 1
[S1-Bridge-Aggregation1]undo stp enable
[S1-Bridge-Aggregation1]smart-link flush enable control-vlan 100 200

[S2]monitor-link group 1

[S2]interface GigabitEthernet 1/0/1
[S2-GigabitEthernet1/0/1]port monitor-link group 1 uplink 

[S2]interface GigabitEthernet 1/0/2
[S2-GigabitEthernet1/0/2]undo stp enable
[S2-GigabitEthernet1/0/2]smart-link flush enable control-vlan 100 200
[S2-GigabitEthernet1/0/2]port monitor-link group 1 downlink 
    
[S2]interface Bridge-Aggregation 1
[S2-Bridge-Aggregation1]undo stp enable
[S2-Bridge-Aggregation1]smart-link flush enable control-vlan 100 200

检查

<S1>display monitor-link group all
Monitor link protocol status: Enabled
Monitor link group 1 information:
Group status     : UP
Downlink up delay: 0(s)
Last up time     : 11:37:04 2024/03/22
Last down time   : -
Up port threshold: 1

Member                    Role       Status

GE1/0/2                   UPLINK     UP 
GE1/0/1                   DOWNLINK   UP

注意:交换机的monitor技术只能监测UPLINK链路状态,DOWNLINK断掉后进程是无感知的

<S2>display monitor-link group all
Monitor link protocol status: Enabled
Monitor link group 1 information:
Group status     : UP
Downlink up delay: 0(s)
Last up time     : 11:44:19 2024/03/22
Last down time   : -
Up port threshold: 1

Member                    Role       Status

GE1/0/1                   UPLINK     UP
GE1/0/2                   DOWNLINK   UP  

[S3]stp region-configuration 
[S3-mst-region]instance 1 vlan 10
[S3-mst-region]instance 2 vlan 20
[S3-mst-region]active region-configuration 
    
[S3]interface range GigabitEthernet 1/0/1 GigabitEthernet 1/0/2
[S3-if-rang]shutdown

[S3]smart-link group 1
[S3-smlk-group1]flush enable control-vlan 10                    --->flush刷新报文
[S3-smlk-group1]protected-vlan reference-instance 0 to 1        --->保护实例1,一个组只能保护一个实例
[S3-smlk-group1]port GigabitEthernet 1/0/1 primary
[S3-smlk-group1]port GigabitEthernet 1/0/2 secondary
[S3-smlk-group1]preemption mode role                            --->开启抢占模式

[S3]smart-link group 2
[S3-smlk-group2]flush enable control-vlan 20
[S3-smlk-group2]protected-vlan reference-instance 2
[S3-smlk-group2]port GigabitEthernet 1/0/2 primary
[S3-smlk-group2]port GigabitEthernet 1/0/1 secondary
[S3-smlk-group2]preemption mode role
    
[S3]interface range GigabitEthernet 1/0/1 GigabitEthernet 1/0/2
[S3-if-rang]undo stp enable
[S3-if-rang]undo shutdown
    
--->第二种配置方法<---

[S3]smart-link group 1
[S3-smlk-group1]flush enable control-vlan 100                   --->flush刷新报文
[S3-smlk-group1]protected-vlan reference-instance 0 to 1        --->保护实例1,一个组只能保护一个实例
[S3-smlk-group1]preemption mode role                            --->开启抢占模式
    
[S3]smart-link group 2
[S3-smlk-group2]flush enable control-vlan 200
[S3-smlk-group2]protected-vlan reference-instance 2
[S3-smlk-group2]preemption mode role
    
[S3]interface GigabitEthernet 1/0/1
[S3-GigabitEthernet1/0/1]undo stp enable 
[S3-GigabitEthernet1/0/1]port smart-link group 1 primary        --->指定0/1端口为主端口
[S3-GigabitEthernet1/0/1]port smart-link group 2 secondary      --->指定0/2端口为备份端口

[S3]interface GigabitEthernet 1/0/2
[S3-GigabitEthernet1/0/2]undo stp enable 
[S3-GigabitEthernet1/0/2]port smart-link group 1 secondary 
[S3-GigabitEthernet1/0/2]port smart-link group 2 primary 

[S3]interface range GigabitEthernet 1/0/1 GigabitEthernet 1/0/2
[S3-if-rang]undo shutdown

检查

[S3]display smart-link group all
Smart link group 1 information:
Device ID       : 7807-90f6-0300
Preemption mode : Role
Preemption delay: 1(s)
Control VLAN    : 100
Protected VLAN  : Reference Instance 1

Member                  Role      State     Flush-count   Last-flush-time

GE1/0/1                 PRIMARY   ACTIVE    4             17:13:04 2024/03/27 
GE1/0/2                 SECONDARY STANDBY   3             17:10:03 2024/03/27 

Smart link group 2 information:
Device ID       : 7807-90f6-0300
Preemption mode : Role
Preemption delay: 1(s)
Control VLAN    : 200
Protected VLAN  : Reference Instance 2

Member                  Role      State     Flush-count   Last-flush-time

GE1/0/2                 PRIMARY   ACTIVE    4             17:08:39 2024/03/27 
GE1/0/1                 SECONDARY STANDBY   3             13:09:53 2024/03/27    

[S1]display smart-link flush
Received flush packets                       : 146800
Receiving interface of the last flush packet : GigabitEthernet1/0/1
Receiving time of the last flush packet      : 17:13:22 2024/03/27
Device ID of the last flush packet           : 7807-90f6-0300
Control VLAN of the last flush packet        : 100

[S1]display smart-link flush
Received flush packets                       : 148287
Receiving interface of the last flush packet : GigabitEthernet1/0/1
Receiving time of the last flush packet      : 17:13:24 2024/03/27
Device ID of the last flush packet           : 7807-90f6-0300
Control VLAN of the last flush packet        : 100

<S2>display smart-link flush 
Received flush packets                       : 137756
Receiving interface of the last flush packet : GigabitEthernet1/0/2
Receiving time of the last flush packet      : 17:10:09 2024/03/27
Device ID of the last flush packet           : 7807-90f6-0300
Control VLAN of the last flush packet        : 100
   
<S2>display smart-link flush
Received flush packets                       : 167525
Receiving interface of the last flush packet : Bridge-Aggregation1
Receiving time of the last flush packet      : 17:13:47 2024/03/27
Device ID of the last flush packet           : 7807-90f6-0300
Control VLAN of the last flush packet        : 100

这种情况存在广播风暴,解决办法

[S3]smart-link group 1
[S3-smlk-group1]protected-vlan reference-instance 0

<S1>display smart-link flush 
Received flush packets                       : 394846
Receiving interface of the last flush packet : GigabitEthernet1/0/1
Receiving time of the last flush packet      : 17:18:25 2024/03/27
Device ID of the last flush packet           : 7807-90f6-0300
Control VLAN of the last flush packet        : 100

<S1>display smart-link flush
Received flush packets                       : 394846
Receiving interface of the last flush packet : GigabitEthernet1/0/1
Receiving time of the last flush packet      : 17:18:25 2024/03/27
Device ID of the last flush packet           : 7807-90f6-0300
Control VLAN of the last flush packet        : 100

<S2>display smart-link flush 
Received flush packets                       : 394845
Receiving interface of the last flush packet : Bridge-Aggregation1
Receiving time of the last flush packet      : 17:18:24 2024/03/27
Device ID of the last flush packet           : 7807-90f6-0300
Control VLAN of the last flush packet        : 100

<S2>display smart-link flush 

Received flush packets                       : 394845
Receiving interface of the last flush packet : Bridge-Aggregation1
Receiving time of the last flush packet      : 17:18:24 2024/03/27
Device ID of the last flush packet           : 7807-90f6-0300
Control VLAN of the last flush packet        : 100
3-1-5 配置Vrrp
[S1]interface Vlan-interface 10
[S1-Vlan-interface10]vrrp vrid 10 virtual-ip 10.10.0.254 24
[S1-Vlan-interface10]vrrp vrid 10 priority 120
[S1-Vlan-interface10]vrrp version 2
[S1-Vlan-interface10]vrrp vrid 10 authentication-mode simple plain h3c
 
[S1]interface Vlan-interface 20
[S1-Vlan-interface20]vrrp vrid 20 virtual-ip 10.20.0.254
[S1-Vlan-interface20]vrrp version 2
[S1-Vlan-interface20]vrrp vrid 20 authentication-mode simple plain h3c

[S2]interface Vlan-interface 10
[S2-Vlan-interface10]vrrp vrid 10 virtual-ip 10.10.0.254
[S2-Vlan-interface10]vrrp version 2
[S2-Vlan-interface10]vrrp vrid 10 authentication-mode simple plain h3c

[S2]interface Vlan-interface 20
[S2-Vlan-interface20]vrrp vrid 20 virtual-ip 10.20.0.254
[S2-Vlan-interface20]vrrp vri
[S2-Vlan-interface20]vrrp vrid 20 priority 120
[S2-Vlan-interface20]vrrp version 2
[S2-Vlan-interface20]vrrp vrid 20 authentication-mode simple plain h3c

检查

<S1>display vrrp
IPv4 Virtual Router Information: 
Running mode : Standard
Total number of virtual routers : 2
Interface          VRID  State        Running Adver   Auth             Virtual

                                      Pri     Timer   Type             IP

Vlan10             10    Master       120     100     Simple           10.10.0.254
Vlan20             20    Backup       100     100     Simple           10.20.0.254
    
<S2>display vrrp
IPv4 Virtual Router Information:
Running mode : Standard
Total number of virtual routers : 2
Interface          VRID  State        Running Adver   Auth             Virtual

                                      Pri     Timer   Type             IP

Vlan10             10    Backup       100     100     Simple           10.10.0.254 
Vlan20             20    Master       120     100     Simple           10.20.0.254

<S3>ping -a 10.10.0.1 10.10.0.254
Ping 10.10.0.254 (10.10.0.254) from 10.20.0.1: 56 data bytes, press CTRL+C to break
56 bytes from 10.10.0.254: icmp_seq=0 ttl=255 time=2.992 ms
56 bytes from 10.10.0.254: icmp_seq=1 ttl=255 time=1.278 ms
56 bytes from 10.10.0.254: icmp_seq=2 ttl=255 time=1.026 ms
56 bytes from 10.10.0.254: icmp_seq=3 ttl=255 time=1.020 ms
56 bytes from 10.10.0.254: icmp_seq=4 ttl=255 time=1.306 ms
   
<S3>ping -a 10.20.0.1 10.20.0.254
Ping 10.20.0.254 (10.20.0.254) from 10.20.0.1: 56 data bytes, press CTRL+C to break
56 bytes from 10.20.0.254: icmp_seq=0 ttl=255 time=0.846 ms
56 bytes from 10.20.0.254: icmp_seq=1 ttl=255 time=0.594 ms
56 bytes from 10.20.0.254: icmp_seq=2 ttl=255 time=0.492 ms
56 bytes from 10.20.0.254: icmp_seq=3 ttl=255 time=0.786 ms
56 bytes from 10.20.0.254: icmp_seq=4 ttl=255 time=0.395 ms
3-1-6 链路追踪
[S1]track 1 interface vlan 2
    
[S1]interface vlan 10
[S1-Vlan-interface10]vrrp vrid 10 track 1 priority reduced 50

[S2]track 1 interface vlan 2

[S2]interface vlan 20
[S2-Vlan-interface20]vrrp vrid 20 track 1 priority reduced 50

检查

[S1]interface vlan 2
[S1-Vlan-interface2]shutdown
[S1-Vlan-interface2]exit

[S1]display vrrp    
IPv4 Virtual Router Information:
Running mode : Standard
Total number of virtual routers : 2
Interface          VRID  State        Running Adver   Auth             Virtual

                                      Pri     Timer   Type                IP

Vlan10             10    Backup       70      100     Simple           10.10.0.254 
Vlan20             20    Backup       100     100     Simple           10.20.0.254 

[S1]interface vlan 2
[S1-Vlan-interface2]no shut

[S1]display vrrp
IPv4 Virtual Router Information: 
Running mode : Standard
Total number of virtual routers : 2
Interface          VRID  State        Running Adver   Auth             Virtual

                                      Pri     Timer   Type                IP

Vlan10             10    Master       120     100     Simple           10.10.0.254 
Vlan20             20    Backup       100     100     Simple           10.20.0.254
3-1-7 配置路由

  1. 配置ospf及静默

    [S1]ospf 1 router-id 10.1.255.6
[S1-ospf-1]silent-interface Vlan-interface 10
[S1-ospf-1]silent-interface Vlan-interface 20
[S1-ospf-1]area 1
[S1-ospf-1-area-0.0.0.1]network 10.1.255.6 0.0.0.0
[S1-ospf-1-area-0.0.0.1]network 10.10.0.0 0.0.0.255
[S1-ospf-1-area-0.0.0.1]network 10.20.0.0 0.0.0.255
[S1-ospf-1-area-0.0.0.1]network 10.1.0.9 0.0.0.3
[S1-ospf-1-area-0.0.0.1]network 10.1.0.1 0.0.0.3

    [S2]ospf 1 router-id 10.1.255.7
[S2-ospf-1]silent-interface Vlan-interface 10
[S2-ospf-1]silent-interface Vlan-interface 20
[S2-ospf-1]area 1
[S2-ospf-1-area-0.0.0.1]network 10.1.255.7 0.0.0.0
[S2-ospf-1-area-0.0.0.1]network 10.1.0.5 0.0.0.3
[S2-ospf-1-area-0.0.0.1]network 10.1.0.8 0.0.0.3
[S2-ospf-1-area-0.0.0.1]network 10.10.0.0 0.0.0.255
[S2-ospf-1-area-0.0.0.1]network 10.20.0.0 0.0.0.255



    [R1]ospf 1 router-id 10.1.255.1
[R1-ospf-1]area 1
[R1-ospf-1-area-0.0.0.1]network 10.1.0.0 0.0.0.3
[R1-ospf-1-area-0.0.0.1]network 10.1.255.1 0.0.0.0

    [R2]ospf 1 router-id 10.1.255.2
[R2-ospf-1]area 1
[R2-ospf-1-area-0.0.0.1]network 10.1.255.2 0.0.0.0
[R2-ospf-1-area-0.0.0.1]network 10.1.0.6 0.0.0.3

  2. 配置静态及网络类型

    [S3]ip route-static 0.0.0.0 0 10.10.0.254
[S3]ip route-static 0.0.0.0 0 10.20.0.254

  3. 消除等价

    [S1]interface Vlan-interface 20
[S1-Vlan-interface20]ospf cost 100
    
[S1]interface Vlan-interface 30
[S1-Vlan-interface30]ospf cost 3000
 
[S2]interface Vlan-interface 10
[S2-Vlan-interface10]ospf cost 100
    
[S2]interface Vlan-interface 30
[S2-Vlan-interface30]ospf cost 3000

  4. 配置验证

<S1>display ip routing-table protocol ospf
Summary count : 7

OSPF Routing table status : <Active>
Summary count : 2

Destination/Mask   Proto   Pre Cost        NextHop         Interface
10.1.0.4/30        O_INTRA 10  2           10.1.0.10       Vlan30
10.1.255.7/32      O_INTRA 10  1           10.1.0.10       Vlan30

OSPF Routing table status : <Inactive>
Summary count : 5

Destination/Mask   Proto   Pre Cost        NextHop         Interface
10.1.0.0/30        O_INTRA 10  1           0.0.0.0         Vlan2
10.1.0.8/30        O_INTRA 10  1           0.0.0.0         Vlan30
10.1.255.6/32      O_INTRA 10  0           0.0.0.0         Loop0
10.10.0.0/24       O_INTRA 10  1           0.0.0.0         Vlan10
10.20.0.0/24       O_INTRA 10  1           0.0.0.0         Vlan20

<S2>display ip routing-table protocol ospf
Summary count : 7

OSPF Routing table status : <Active>
Summary count : 2

Destination/Mask   Proto   Pre Cost        NextHop         Interface
10.1.0.0/30        O_INTRA 10  2           10.1.0.9        Vlan30
10.1.255.6/32      O_INTRA 10  1           10.1.0.9        Vlan30

OSPF Routing table status : <Inactive>
Summary count : 5

Destination/Mask   Proto   Pre Cost        NextHop         Interface
10.1.0.4/30        O_INTRA 10  1           0.0.0.0         Vlan2
10.1.0.8/30        O_INTRA 10  1           0.0.0.0         Vlan30
10.1.255.7/32      O_INTRA 10  0           0.0.0.0         Loop0
10.10.0.0/24       O_INTRA 10  1           0.0.0.0         Vlan10
10.20.0.0/24       O_INTRA 10  1           0.0.0.0         Vlan20

3-2 分支

3-2-1 基础配置
[R1]interface GigabitEthernet 0/2
[R1-GigabitEthernet0/2]ip address 61.0.0.1 30

[R1]interface Serial 1/0
[R1-Serial1/0]ip address 10.0.0.1 30

[R1]interface Serial 3/0
[R1-Serial3/0]ip address 10.0.0.5 30

[R3]interface LoopBack 0
[R3-LoopBack0]ip address 10.1.255.3 32

[R3]interface Serial 3/0
[R3-Serial3/0]ip address 10.0.0.6 30

[R3]interface GigabitEthernet 0/1
[R3-GigabitEthernet0/1]ip address 10.2.0.1 30

[R3]interface GigabitEthernet 0/2
[R3-GigabitEthernet0/2]ip address 10.2.0.5 30

[S4]interface LoopBack 0
[S4-LoopBack0]ip address 10.1.255.8 32

[S4]interface LoopBack 10
[S4-LoopBack10]ip address 10.100.0.1 24

[S4]interface LoopBack 20
[S4-LoopBack20]ip address 10.200.0.1 24

[S4]vlan 100
[S4-vlan100]vlan 200

[S4]interface Vlan-interface 100
[S4-Vlan-interface100]ip address 10.2.0.6 30

[S4]interface Vlan-interface 200
[S4-Vlan-interface200]ip address 10.2.0.10 30

[S4]interface GigabitEthernet 1/0/1
[S4-GigabitEthernet1/0/1]port access vlan 100

[S4]interface GigabitEthernet 1/0/2
[S4-GigabitEthernet1/0/2]port access vlan 200
3-2-2 MP-Group
[R2]interface Serial 1/0
[R2-Serial1/0]ip address 10.0.0.2 30

[R2]interface MP-group 1

[R2]interface Serial 3/0
[R2-Serial3/0]bandwidth 2048
[R2-Serial3/0]ppp mp MP-group 1

[R2]interface Serial 4/0
[R2-Serial4/0]bandwidth 2048
[R2-Serial4/0]ppp mp mp-group 1

[R2]interface MP-group 1
[R2-MP-group1]bandwidth 4096
[R2-MP-group1]ip address 10.0.0.9 30

[R4]interface LoopBack 0
[R4-LoopBack0]ip address 10.1.255.4 32

[R4]interface GigabitEthernet 0/1
[R4-GigabitEthernet0/1]ip address 10.2.0.2 30

[R4]interface GigabitEthernet 0/2
[R4-GigabitEthernet0/2]ip address 10.2.0.9 30

[R4]interface MP-group 1
[R4-MP-group1]bandwidth 4096
[R4-MP-group1]ip address 10.0.0.10 30

[R4]interface Serial 3/0
[R4-Serial3/0]bandwidth 2048
[R4-Serial3/0]ppp mp MP-group 1

[R4]interface Serial 4/0
[R4-Serial4/0]bandwidth 2048
[R4-Serial4/0]ppp mp MP-group 1

配置验证

<R2>display interface MP-group 1
MP-group1
Current state: UP
Line protocol state: UP
Description: MP-group1 Interface
Bandwidth: 4096 kbps
Maximum transmission unit: 1500
Hold timer: 10 seconds, retry times: 5
Internet address: 10.0.0.9/30 (Primary)
Link layer protocol: PPP
LCP: opened, MP: opened, IPCP: opened
Physical: MP, baudrate: 128000 bps
Output queue - Urgent queuing: Size/Length/Discards 0/1024/0
Output queue - Protocol queuing: Size/Length/Discards 0/500/0
Output queue - FIFO queuing: Size/Length/Discards 0/75/0
Last clearing of counters: Never
Last 300 seconds input rate: 7 bytes/sec, 56 bits/sec, 0 packets/sec
Last 300 seconds output rate: 7 bytes/sec, 56 bits/sec, 0 packets/sec
Input: 1076 packets, 76844 bytes, 0 drops
Output: 1090 packets, 79392 bytes, 0 drops
3-2-3 配置CHAP

注意端口切记关闭在开启才能生效

[R1]local-user r1 class network 
New local user added.
[R1-luser-network-r3]password simple 123
[R1-luser-network-r3]service-type ppp
[R1-luser-network-r3]authorization-attribute user-role network-operator 
    
[R1]interface Serial 3/0
[R1-Serial3/0]ppp authentication-mode chap
[R1-Serial3/0]ppp chap password simple 123
[R1-Serial3/0]ppp chap user r1  

[R3]local-user r1 class network 
New local user added.
[R3-luser-network-r1]password simple 123
[R3-luser-network-r1]service-type ppp
[R3-luser-network-r1]authorization-attribute user-role network-operator 

[R3]interface Serial 3/0
[R3-Serial3/0]ppp authentication-mode chap
[R3-Serial3/0]ppp chap password simple 123
[R3-Serial3/0]ppp chap user r1
    
[R3-Serial3/0]shutdown
[R3-Serial3/0]undo shutdown

配置验证

Crrren stateLine protocol state 都为UP则表示配置成功

<R1>display interface Serial 3/0
Serial3/0
Current state: UP
Line protocol state: UP
Description: Serial3/0 Interface
Bandwidth: 64 kbps
Maximum transmission unit: 1500
Hold timer: 10 seconds, retry times: 5
Internet address: 10.0.0.5/30 (Primary)
Link layer protocol: PPP
LCP: opened, IPCP: opened
Output queue - Urgent queuing: Size/Length/Discards 0/1024/0
Output queue - Protocol queuing: Size/Length/Discards 0/500/0
Output queue - FIFO queuing: Size/Length/Discards 0/75/0
Last link flapping: 2 hours 48 minutes 39 seconds
Last clearing of counters: Never
Current system time:2024-03-29 13:56:49
Last time when physical state changed to up:2024-03-29 11:08:11
Last time when physical state changed to down:2024-03-29 11:07:38        

<R1>ping 10.0.0.6
Ping 10.0.0.6 (10.0.0.6): 56 data bytes, press CTRL+C to break
56 bytes from 10.0.0.6: icmp_seq=0 ttl=255 time=0.614 ms
56 bytes from 10.0.0.6: icmp_seq=1 ttl=255 time=0.737 ms
56 bytes from 10.0.0.6: icmp_seq=2 ttl=255 time=0.852 ms
56 bytes from 10.0.0.6: icmp_seq=3 ttl=255 time=0.945 ms
56 bytes from 10.0.0.6: icmp_seq=4 ttl=255 time=1.233 ms
3-2-4 配置路由

  1. 配置ospf及静默

    [R1]ospf 1
[R1-ospf-1]area 0
[R1-ospf-1-area-0.0.0.0]network 10.0.0.0 0.0.0.3
[R1-ospf-1-area-0.0.0.0]network 10.0.0.4 0.0.0.3
    
[R2]ospf 1
[R2-ospf-1]area 0
[R2-ospf-1-area-0.0.0.0]network 10.0.0.0 0.0.0.3
[R2-ospf-1-area-0.0.0.0]network 10.0.0.8 0.0.0.3
    
[R3]ospf 1 router-id 10.1.255.3
[R3-ospf-1]area 0
[R3-ospf-1-area-0.0.0.0]network 10.0.0.4 0.0.0.3
    
[R3-ospf-1]area 100
[R3-ospf-1-area-0.0.0.100]network 10.2.0.0 0.0.0.3
[R3-ospf-1-area-0.0.0.100]network 10.2.0.4 0.0.0.3
[R3-ospf-1-area-0.0.0.100]stub

[R4]ospf 1 router-id 10.1.255.4
[R4-ospf-1]area 0
[R4-ospf-1-area-0.0.0.0]network 10.0.0.8 0.0.0.3

[R4-ospf-1]area 100
[R4-ospf-1-area-0.0.0.100]network 10.2.0.0 0.0.0.3
[R4-ospf-1-area-0.0.0.100]network 10.2.0.8 0.0.0.3
[R4-ospf-1-area-0.0.0.100]stub
    
[S4]ospf 1 router-id 10.1.255.8
[S4-ospf-1]silent-interface LoopBack 10
[S4-ospf-1]silent-interface LoopBack 20
[S4-ospf-1]area 100
[S4-ospf-1-area-0.0.0.100]network 10.2.0.4 0.0.0.3
[S4-ospf-1-area-0.0.0.100]network 10.2.0.8 0.0.0.3
[S4-ospf-1-area-0.0.0.100]network 10.100.0.0 0.0.0.255
[S4-ospf-1-area-0.0.0.100]network 10.200.0.0 0.0.0.255
[S4-ospf-1-area-0.0.0.100]stub

  2. 配置网络类型

    [R3]interface GigabitEthernet 0/2
[R3-GigabitEthernet0/2]ospf network-type p2p

[R3]interface GigabitEthernet 0/1
[R3-GigabitEthernet0/1]ospf network-type p2p

[R4]interface GigabitEthernet 0/2
[R4-GigabitEthernet0/2]ospf network-type p2p

[R4]interface GigabitEthernet 0/1
[R4-GigabitEthernet0/1]ospf network-type p2p

[S4]interface VLAN 100
[S4-Vlan-interface100]ospf network-type p2p

[S4]interface VLAN 200
[S4-Vlan-interface200]ospf network-type p2p

  3. 消除等价

    <S4>display ip routing-table

Destinations : 39       Routes : 41

Destination/Mask   Proto   Pre Cost        NextHop         Interface

    [S4]interface Vlan-interface 100
[S4-Vlan-interface100]ospf cost 5

[S4]interface Vlan-interface 200
[S4-Vlan-interface200]ospf cost 5
    
[R3]interface GigabitEthernet 0/2
[R3-GigabitEthernet0/2]ospf cost 5

[R3]interface GigabitEthernet 0/1
[R3-GigabitEthernet0/1]ospf cost 10
    
[R4]interface GigabitEthernet 0/2
[R4-GigabitEthernet0/2]ospf cost 5

[R4]interface GigabitEthernet 0/1
[R4-GigabitEthernet0/1]ospf cost 10

  4. 验证配置

    <S4>display ip routing-table

Destinations : 39       Routes : 39

Destination/Mask   Proto   Pre Cost        NextHop         Interface

3-3 办事处

3-3-1 基础配置
[R5]interface LoopBack 0
[R5-LoopBack0]ip address 10.1.255.5 32

[R5]interface LoopBack 50
[R5-LoopBack50]ip address 10.50.0.1 24
    
[R5]interface GigabitEthernet 0/1
[R5-GigabitEthernet0/1]ip address 202.0.0.1 30  

[S5]vlan 100
[S5-vlan100]vlan 200

[S5]interface Vlan-interface 200
[S5-Vlan-interface200]ip address 61.0.0.2 30

[S5]interface Vlan-interface 100
[S5-Vlan-interface100]ip address 202.0.0.2 30

[S5]interface GigabitEthernet 1/0/2
[S5-GigabitEthernet1/0/2]port access vlan 200

[S5]interface GigabitEthernet 1/0/1
[S5-GigabitEthernet1/0/1]port access vlan 100

配置验证

<R5>display interface brief 
Brief information on interfaces in route mode:
Link: ADM - administratively down; Stby - standby
Protocol: (s) - spoofing
Interface            Link Protocol Primary IP      Description                
GE0/0                DOWN DOWN     --              
GE0/1                UP   UP       202.0.0.1       
GE0/2                DOWN DOWN     --              
GE5/0                DOWN DOWN     --              
GE5/1                DOWN DOWN     --              
GE6/0                DOWN DOWN     --              
GE6/1                DOWN DOWN     --              
InLoop0              UP   UP(s)    --              
Loop0                UP   UP(s)    10.1.255.5      
Loop50               UP   UP(s)    10.50.0.1       
NULL0                UP   UP(s)    --              
REG0                 UP   --       --              
Ser1/0               DOWN DOWN     --              
Ser2/0               DOWN DOWN     --              
Ser3/0               DOWN DOWN     --              
Ser4/0               DOWN DOWN     --  

<S5>display interface brief 
Brief information on interfaces in route mode:
Link: ADM - administratively down; Stby - standby
Protocol: (s) - spoofing
Interface            Link Protocol Primary IP        Description              
InLoop0              UP   UP(s)    --                
MGE0/0/0             DOWN DOWN     --                
NULL0                UP   UP(s)    --                
REG0                 UP   --       --                
Vlan100              UP   UP       202.0.0.2         
Vlan200              UP   UP       61.0.0.2 

Brief information on interfaces in bridge mode:
Link: ADM - administratively down; Stby - standby
Speed: (a) - auto
Duplex: (a)/A - auto; H - half; F - full
Type: A - access; T - trunk; H - hybrid
Interface            Link Speed     Duplex Type PVID Description              
FGE1/0/53            DOWN 40G       A      A    1    
FGE1/0/54            DOWN 40G       A      A    1    
GE1/0/1              UP   1G(a)     F(a)   A    100  
GE1/0/2              UP   1G(a)     F(a)   A    200
3-3-2 配置VPN
3-3-2-1 IPSec vpn
[R5]ip route-static 0.0.0.0 0.0.0.0 202.0.0.2

[R1]ip route-static 0.0.0.0 0.0.0.0 61.0.0.2

[R1]ping 202.0.0.1
Ping 202.0.0.1 (202.0.0.1): 56 data bytes, press CTRL+C to break
56 bytes from 202.0.0.1: icmp_seq=0 ttl=254 time=1.936 ms
56 bytes from 202.0.0.1: icmp_seq=1 ttl=254 time=0.995 ms
56 bytes from 202.0.0.1: icmp_seq=2 ttl=254 time=1.295 ms
56 bytes from 202.0.0.1: icmp_seq=3 ttl=254 time=1.201 ms
56 bytes from 202.0.0.1: icmp_seq=4 ttl=254 time=1.363 ms

  1. 配置感兴趣流量

    [R5]acl advanced 3000
[R5-acl-ipv4-adv-3000]rule 0 permit ip source 10.1.255.5 0 destination 10.1.255.1 0

    [R1]acl advanced 3000
[R1-acl-ipv4-adv-3000]rule 0 permit ip source 10.1.255.1 0 destination 10.1.255.5 0

  2. 配置密匙

    [R5]ike keychain k1
[R5-ike-keychain-k1]pre-shared-key address 61.0.0.1 255.255.255.255 key simple 123

    [R1]ike keychain k1
[R1-ike-keychain-k1]pre-shared-key address 202.0.0.1 255.255.255.255 key simple 123

  3. 配置profile文件

    [R5]ike profile r5
[R5-ike-profile-r5]keychain k1
[R5-ike-profile-r5]match remote identity address 61.0.0.1 255.255.255.255

    [R1]ike profile r1
[R1-ike-profile-r1]keychain k1
[R1-ike-profile-r1]match remote identity address 202.0.0.1 255.255.255.255

  4. 配置数据加密方式

    [R5]ipsec transform-set t1
[R5-ipsec-transform-set-t1]esp encryption-algorithm 3des-cbc 
[R5-ipsec-transform-set-t1]esp authentication-algorithm md5

    [R1]ipsec transform-set t1
[R1-ipsec-transform-set-t1]esp encryption-algorithm 3des-cbc 
[R1-ipsec-transform-set-t1]esp authentication-algorithm md5

  5. R5采用非模板方式关联策略

    [R5]ipsec policy h3c 1 isakmp 
[R5-ipsec-policy-isakmp-h3c-1]transform-set t1
[R5-ipsec-policy-isakmp-h3c-1]security acl 3000
[R5-ipsec-policy-isakmp-h3c-1]remote-address 61.0.0.1
[R5-ipsec-policy-isakmp-h3c-1]ike-profile r5

    R1采用模板方式关联策略

    [R1]ipsec policy-template tem 1
[R1-ipsec-policy-template-tem-1]transform-set t1
[R1-ipsec-policy-template-tem-1]security acl 3000
[R1-ipsec-policy-template-tem-1]remote-address 202.0.0.1
[R1-ipsec-policy-template-tem-1]ike-profile r1
[R1-ipsec-policy-template-tem-1]qu

[R1]ipsec policy h3c 1 isakmp template tem

  6. 接口调用

    [R5]interface GigabitEthernet 0/1
[R5-GigabitEthernet0/1]ipsec apply policy h3c

    [R1]interface GigabitEthernet 0/2
[R1-GigabitEthernet0/2]ipsec apply policy h3c

  7. 验证配置,注意因为R1是template端,触发流量是不成功的,必须在R5测试

    <R5>ping -a 10.1.255.5 10.1.255.1
Ping 10.1.255.1 (10.1.255.1) from 10.1.255.5: 56 data bytes, press CTRL+C to break
56 bytes from 10.1.255.1: icmp_seq=0 ttl=255 time=1.951 ms
56 bytes from 10.1.255.1: icmp_seq=1 ttl=255 time=1.521 ms
56 bytes from 10.1.255.1: icmp_seq=2 ttl=255 time=1.164 ms
56 bytes from 10.1.255.1: icmp_seq=3 ttl=255 time=1.361 ms
56 bytes from 10.1.255.1: icmp_seq=4 ttl=255 time=1.131 ms

    IKE第一阶段协商

    <R5>display ike sa
Connection-ID   Local               Remote              Flag      DOI    

1               202.0.0.1           61.0.0.1            RD        IPsec  

Flags:
RD--READY RL--REPLACED FD-FADING RK-REKEY

    <R1>display ike sa
Connection-ID   Local               Remote              Flag      DOI    

1               61.0.0.1            202.0.0.1           RD        IPsec  

Flags:
RD--READY RL--REPLACED FD-FADING RK-REKEY

    第二阶段协商

    <R5>display ipsec sa brief 
Interface/Global          Dst Address       SPI         Protocol    Status      

GE0/1                     61.0.0.1          2879439289  ESP         Active      
GE0/1                     202.0.0.1         3361905271  ESP         Active 

    <R1>display ipsec sa brief 
Interface/Global          Dst Address       SPI         Protocol    Status      

GE0/2                     202.0.0.1         3361905271  ESP         Active      
GE0/2                     61.0.0.1          2879439289  ESP         Active
3-3-2-2 GRE Tunnel
[R5]interface Tunnel 0 mode gre
[R5-Tunnel0]ip address 15.1.1.1 30
[R5-Tunnel0]source 10.1.255.5
[R5-Tunnel0]destination 10.1.255.1
[R5-Tunnel0]keeepalive 10 3

[R1]interface Tunnel 0 mode gre
[R1-Tunnel0]ip address 15.1.1.1 30
[R1-Tunnel0]source 10.1.255.1
[R1-Tunnel0]destination 10.1.255.5
[R1-Tunnel0]keepalive 10 3

验证配置

<R5>display interface brief 
Brief information on interfaces in route mode:
Link: ADM - administratively down; Stby - standby
Protocol: (s) - spoofing
Interface            Link Protocol Primary IP      Description                
GE0/0                DOWN DOWN     --              
GE0/1                UP   UP       202.0.0.1       
GE0/2                DOWN DOWN     --              
GE5/0                DOWN DOWN     --              
GE5/1                DOWN DOWN     --              
GE6/0                DOWN DOWN     --              
GE6/1                DOWN DOWN     --              
InLoop0              UP   UP(s)    --              
Loop0                UP   UP(s)    10.1.255.5      
Loop50               UP   UP(s)    10.50.0.1       
NULL0                UP   UP(s)    --              
REG0                 UP   --       --              
Ser1/0               DOWN DOWN     --              
Ser2/0               DOWN DOWN     --              
Ser3/0               DOWN DOWN     --              
Ser4/0               DOWN DOWN     --              
Tun0                 UP   UP       15.1.1.2

<R1>display interface brief 
Brief information on interfaces in route mode:
Link: ADM - administratively down; Stby - standby
Protocol: (s) - spoofing
Interface            Link Protocol Primary IP      Description                
GE0/0                DOWN DOWN     --              
GE0/1                UP   UP       10.1.0.2        
GE0/2                UP   UP       61.0.0.1        
GE5/0                DOWN DOWN     --              
GE5/1                DOWN DOWN     --              
GE6/0                DOWN DOWN     --              
GE6/1                DOWN DOWN     --              
InLoop0              UP   UP(s)    --              
Loop0                UP   UP(s)    10.1.255.1      
NULL0                UP   UP(s)    --              
REG0                 UP   --       --              
Ser1/0               UP   UP       10.0.0.1        
Ser2/0               DOWN DOWN     --              
Ser3/0               UP   UP       10.0.0.5        
Ser4/0               DOWN DOWN     --              
Tun0                 UP   UP       15.1.1.1

<R1>ping 15.1.1.2
Ping 15.1.1.2 (15.1.1.2): 56 data bytes, press CTRL+C to break
56 bytes from 15.1.1.2: icmp_seq=0 ttl=255 time=1.233 ms
56 bytes from 15.1.1.2: icmp_seq=1 ttl=255 time=1.416 ms
56 bytes from 15.1.1.2: icmp_seq=2 ttl=255 time=0.786 ms
56 bytes from 15.1.1.2: icmp_seq=3 ttl=255 time=1.156 ms
56 bytes from 15.1.1.2: icmp_seq=4 ttl=255 time=1.475 ms
3-3-3 配置RIP

  1. rip及静默

    [R1]rip 1
[R1-rip-1]undo summary
[R1-rip-1]version 2
[R1-rip-1]network 15.0.0.0   
[R1-rip-1]silent-interface GigabitEthernet 0/1
[R1-rip-1]silent-interface Serial 1/0
[R1-rip-1]silent-interface Serial 3/0

[R5]rip 1
[R5-rip-1]undo summary
[R5-rip-1]version 2
[R5-rip-1]network 10.0.0.0
[R5-rip-1]network 15.0.0.0
[R5-rip-1]silent-interface LoopBack 50

  2. 由于RIP宣告的规则把Looback0端口宣告进入RIP协议中去造成环路,需要添加一条静态路由

    [R1]ip route-static 10.1.255.5 32 61.0.0.2
    
[R5]ip route-static 10.1.255.1 32 202.0.0.2

3-4 路由选路

  1. R1-R3只作为A业务的备份链路,不作为B业务的备份链路

    [R3]ospf 1
[R3-ospf-1]area 100
[R3-ospf-1-area-0.0.0.100]abr-summary 10.200.0.0 255.255.0.0 not-advertise         --->聚合不发布

    配置验证

    --->配置前路由
<R1>display ip routing-table

Destinations : 40       Routes : 40

Destination/Mask   Proto   Pre Cost        NextHop         Interface
10.200.0.1/32      O_INTER 10  1567        10.0.0.6        Ser3/0

--->配置后路由
<R1>display ip routing-table

Destinations : 40       Routes : 40

Destination/Mask   Proto   Pre Cost        NextHop         Interface
10.200.0.1/32      O_INTER 10  1587        10.0.0.2        Ser1/0

  2. 路由黑洞

    • 配置静态路由指向NULL 0 端口

      [R1]ip route-static 10.10.0.0 16 NULL 0   --->总部业务A
[R1]ip route-static 10.100.0.0 16 NULL 0  --->分支业务A
[R1]ip route-static 10.50.0.0 16 NULL 0   --->办事处业务A

    • 定义ACL策略

      [R1]acl number 2000
[R1-acl-ipv4-basic-2000]rule 0 permit source 10.10.0.0 0.0.0.255
[R1-acl-ipv4-basic-2000]rule 5 permit source 10.100.0.0 0.0.0.255

[R1]acl number 2001
[R1-acl-ipv4-basic-2001]rule 0 permit source 10.50.0.0 0.0.0.255

    • 定义测试关联ACL

      [R1]route-policy 2o permit node 10                    --->定义重分布OSPF策略2r,命中10.50.0.0
[R1-route-policy-2o-10]if-match ip address acl 2001

[R1]route-policy 2r permit node 10                    --->定义重分布OSPF策略2o,命中10.10.0.010.100.0.0
[R1-route-policy-2r-10]if-match ip address acl 2000

    • 引入策略

      [R1]rip 1
[R1-rip-1]import-route static route-policy 2r

[R1]ospf 1
[R1-ospf-1]import-route static route-policy 2o

    • 配置验证

      <R5>display ip routing-table protocol rip

Summary count : 5

RIP Routing table status : <Active>
Summary count : 2

Destination/Mask   Proto   Pre Cost        NextHop         Interface
10.10.0.0/16       RIP     100 1           15.1.1.1        Tun0
10.100.0.0/16      RIP     100 1           15.1.1.1        Tun0

RIP Routing table status : <Inactive>
Summary count : 3

Destination/Mask   Proto   Pre Cost        NextHop         Interface
10.1.255.5/32      RIP     100 0           0.0.0.0         Loop0
10.50.0.0/24       RIP     100 0           0.0.0.0         Loop50
15.1.1.0/30        RIP     100 0           0.0.0.0         Tun0
    
<S3>ping -a 10.10.0.1 10.50.0.1
Ping 10.50.0.1 (10.50.0.1) from 10.10.0.1: 56 data bytes, press CTRL+C to break
56 bytes from 10.50.0.1: icmp_seq=0 ttl=253 time=2.351 ms
56 bytes from 10.50.0.1: icmp_seq=1 ttl=253 time=2.127 ms
56 bytes from 10.50.0.1: icmp_seq=2 ttl=253 time=1.931 ms
56 bytes from 10.50.0.1: icmp_seq=3 ttl=253 time=2.504 ms
56 bytes from 10.50.0.1: icmp_seq=4 ttl=253 time=2.243 ms

<S4>ping -a 10.100.0.1 10.50.0.1
Ping 10.50.0.1 (10.50.0.1) from 10.100.0.1: 56 data bytes, press CTRL+C to break
56 bytes from 10.50.0.1: icmp_seq=0 ttl=253 time=3.043 ms
56 bytes from 10.50.0.1: icmp_seq=1 ttl=253 time=2.127 ms
56 bytes from 10.50.0.1: icmp_seq=2 ttl=253 time=3.227 ms
56 bytes from 10.50.0.1: icmp_seq=3 ttl=253 time=2.026 ms
56 bytes from 10.50.0.1: icmp_seq=4 ttl=253 time=3.152 ms

3-5 配置QOS

  1. 定义感兴趣流量

    [R2]acl number 3000
[R2-acl-ipv4-adv-3000]rule 0 permit ip source 10.20.0.0 0.0.0.255 destination 10.200.0.0 0.0.0.255

[R4]acl number 3000
[R4-acl-ipv4-adv-3000]rule 0 permit ip source 10.200.0.0 0.0.0.255 destination 10.20.0.0 0.0.0.255

  2. 关联流量模板

    [R2]traffic classifier 1 operator and
[R2-classifier-1]if-match acl 3000
    
[R4]traffic classifier 1 operator and
[R4-classifier-1]if-match acl 3000

  3. 定义带宽

    [R2]traffic behavior 1
[R2-behavior-1]queue af bandwidth 128
    
[R4]traffic behavior 1
[R4-behavior-1]queue af bandwidth 128

  4. 定义策略关联behavior

    [R2]qos policy 1
[R2-qospolicy-1]classifier 1 behavior 1
    
[R4]qos policy 1
[R4-qospolicy-1]classifier 1 behavior 1

  5. 进入接口调用QOS策略

    [R2]interface MP-group 1
[R2-MP-group1]qos apply policy 1 outbound、    

[R4]interface MP-group 1
[R4-MP-group1]qos apply policy 1 outbound

  6. 在R5的Tunnel接口配置QOS的LR设置

    [R5]interface Tunnel 0 mode gre
[R5-Tunnel0]qos lr outbound cir 500

3-6 配置SNMP

  1. 定义ACL命中流量

    [R2]acl number 2000
[R2-acl-ipv4-basic-2000]rule 0 permit source 10.20.0.100 0

  2. SNMP全局开启及相关策略

    [R2]snmp-agent 
[R2]snmp-agent community read simple 123 acl 2000
[R2]snmp-agent community write simple 123 acl 2000
[R2]snmp-agent sys-info version v2c 
    
[R2]undo snmp-agent sys-info version v3
All versions of SNMP will be disabled. Continue?[Y/N]:y

3-7 配置Telnet

  1. 定义命中流量

    [R1]acl number 2100
[R1-acl-ipv4-basic-2100]rule 0 permit source 10.10.0.100 0

  2. 启用Telnet

    [R1]telnet server enable
[R1]telnet server acl 2100

  3. 企业VTY配置

    [R1]line vty 0 4
[R1-line-vty0-4]authentication-mode scheme 
[R1-line-vty0-4]user-role network-operator

  4. 创建Telnet 用户账号和密码

    [R1]local-user h3c class manage 
New local user added.
[R1-luser-manage-h3c]password simple admin@1234
[R1-luser-manage-h3c]service-type telnet
本文章已经生成可运行项目
A陌路A
关注
H3CSE实验手册
09-27
本课程内容覆盖了当前构建高性能园区网络的主要技术。通过对本课程的学习,学员将能理解高性能园区网络中的主要需求和常用技术,掌握如何运用这些技术设计和构建高速、可靠、安全的园区网络
八位大牛带你见证H3CIE认证之旅
11-24
八位大牛带你见证H3CIE认证之旅,值得看看!
H3C 华三 H3CIE RS LAB 实验 版本 解法 排错 考题 拓扑 A图 C图 D图
07-06
H3C H3CIE-RS+ Lab实验备考及排错 A图 C图 D图
H3CIE-R&S Lab考试综合实验参考.rar
08-07
H3CIE-R&S Lab考试综合实验参考
H3C H3CIE-RS+ Lab实验备考.rar
08-01
H3C H3CIE-RS+ Lab实验备考 A图 C图 D图
H3CIE实验A
weixin_44458315的博客
03-20 3550
1 实验拓扑 2 实验需求 环境中共有三个部分:总部,分部一,分部二。 每个部分有两个业务网段:A业务、B业务。 VLAN 在SW1上有VLAN 10(A业务),VLAN20(B业务),VLAN30(S1-S2间三层链路),VLAN40(S1,S2上分别用于上连到RT1,RT2)MSTP SW1\SW2\SW3用MSTP防二层环路,三台交换机运行在同一个MSTP域中 VLAN 10是A业务,VLAN 20是B业务网段;分别映射到MSTP实例1、实例2 SW1作为实例1的根交换机,S2作为实例1的从根
记一次H3CIE实验考试
呦菜呦爱玩的博客
12-30 5942
IE机试在12月19号考的,为避免成为小羊人,没去北京/杭州这2个固定地点,就在本省的协办单位考的。但是,还是中招了,5个同学一起去考的,全阳了。 华三机试一共有三套图,ACD,全是排错。 AC较简单,D较难(`耗得时间太多了`)。 我到考场一看,第一位,当时就不慌了(`再怎么抽也抽不到D套吧`)。 结果抽到了A,还是蛮幸运的,3个小时就做完了。 # 二、A套错误点 这是我排A套的错误点,12月19日IE3A2卷,仅供参考;`快点考,23年4月份要改版了` 链路聚合:做了根保护 MSTP:mast多域
H3CIE实验-D
weixin_44458315的博客
04-23 2963
VLAN配置MSTP配置链路聚合Trunk配置VRRP配置Tunnel 24配置IPSec vpnPPP认证和MP-Goup配置 3.2.2 链路聚合 3.2.3 Trunk配置 2.2.4 Vlan配置 SW1、SW2、SW3配置业务流和OA流 SW1、SW2配置对应vlan关联R1和R2 SW5配置模拟VLAN 10、VLAN 20并且关闭STP 2.2.5 MSTP配置 SW1、SW2、SW3交换机MSTP配置 修改STP实例优先级 2.2.6 VRRP配置 SW
精选资源
H3CIE-RS+实验指南.zip
12-02
【H3CIE-RS+实验指南】是针对H3C认证中的顶级专家级认证——H3C Internetworking Expert Routing & Switching(H3CIE-RS)的一份详尽指南。这份2021年的最新版指南包含了丰富的学习材料,旨在帮助考生准备H3CIE-RS的...
精选资源
H3CIE-LAB资料.zip
01-05
此外,考虑到文件名称为“H3CIE-LAB资料”,这暗示了该压缩包内的所有材料都是专门为H3CIE实验室考试准备的。H3CIE是H3C公司推出的网络技术认证,它认证了考生在网络技术领域的专业技能和实操能力。通过提供上述各种...
H3CIE
weixin_34247299的博客
02-23 607
截止2010年5月14日 编 号 ...
H3CIE 2023 年最新版本LAB-A版本分解-末班车(年底变题)
h13351的博客
04-03 1175
3、考试分解option-X的实验验证,这个也是目前IT行业没有的。我逐个做了细化的分解。2、针对考试的需求我逐个的分解为单一的 option-X,逐一的分解。(保护考试的重点、要点、知识点)
H3CIE故障排查重点技术参考资料汇总集.rar
10-14
目录: 11-安全配置指导-PKI配置 802.1x与EAD故障排查 AM接口故障排查 ARP-DETECTION故障排查 BGP MPLS故障排查 BGP故障排查 BPDU Tunnel故障排查 DHCP Server故障排查 DVPN HUB-HUB DVPN HUB-SPOKE 2 DVPN HUB-SPOKE DVPN DVPN故障排查 E1POS故障排查 E1接口故障排查 FCM故障排查 HDLC故障排查 IPSEC VPN NAT IPSec VPN故障排查 IRF II故障排查 MPLS L2VPN故障排查 MSTP故障排查 NAT outbound故障排查 NQA OSPF故障排查 PKI portal认证故障排查 POS PPPoE Client故障排查 PPPoE Server故障排查 PPPOE会话阶段 PPPOE发现阶段 PPP故障排查 QinQ故障排查 Radius故障排查 RIPv2故障排查 RRPP故障排查 RSTP故障排查 Smart Link故障处理过程 TRACK故障排查 VRRP故障排查 串口故障排查 以太网链路聚合故障排查 公钥管理故障排查 导入证书失败原因 拥塞管理故障排查 策略路由 配置策略路由后业务不通故障排查 问答 静态路由故障排查
华三H3CIE-RS+面试指南
12-07
华三H3CIE-RS+面试
H3CIE机试C套需求
七汣的博客
02-17 841
h3cie上机考试c套
H3CIE(WLAN)学习笔记(2)——通信原理基础
weixin_44520227的博客
08-17 690
通信原理基础 白噪声 所有频率具有相同能量密度的随机噪声,表现为整个功率谱频域内为常数,能够影响整个频域,带宽无限。 窄带噪声 只干扰某一频段的噪声。 由于白噪声能干扰全频段,而窄带噪声只干扰某些信道,因此可以通过修改信道来避开干扰。 模拟带宽 电磁信号在频域中的宽度,单位Hz。 数字带宽 某一信道单位时间发送的信息量,单位bps。 香农公式 C=Blog2(1+SN)C=Blog_2(1+\frac{S}{N})C=Blog2​(1+NS​) C:信道容量(数字带宽),单位bps B:模拟带宽,单位Hz
H3CIE怎么样?和HCIE比,哪个更香?
hcie-0001
05-21 2576
而H3CIE认证肯定是主打在国内市场,尤其是在政府、教育和金融等行业中,或者一些专门使用华三设备的厂和企业,那肯定是具有更高的认可度和应用价值。H3CIE和HCIE一样,不仅考验你的理论知识,更看重你的实战能力。而且,HCIE的考试难度也不小,能考过的都是精英中的精英,这在求职时绝对是个亮点。与华为的HCIE认证相比,H3CIE认证同样具有高含金量,但在不同的市场和行业中可能会有不同的认可度。华为的HCIE认证在全球范围内具有更广泛的认可度,尤其是在国际市场中。H3CIE,是新华三的顶级认证。
HCIE vs H3CIE,哪个证书更适合你?
最新发布
mengmeng_921的博客
07-25 817
大家好,这里是G-LAB IT实验室。在网络工程师的职业路上,证书的选择常常成为人们热议的话题。其中,华为的HCIE(华为认证互联网专家)与新华三的H3CIE(H3C互联网专家认证)这两者特别引人注目。那么,HCIE与H3CIE究竟哪个更香,更值得考取呢?本文将深入分析这两者的特点与现实表现,以助于广大网络工程师作出明智的选择。
HCIE vs H3CIE,哪个更香?网工圈真实评价
hcie-0001
07-08 884
是华为认证体系中最高级别,偏向“大而全”的架构思路,实验内容多、题型也逐渐标准化。在很多新华三代理商、政企网络建设项目中,对H3CIE的要求反而更高——因为少。如果你更注重实操能力与就业落地,H3CIE确实是个被低估的“香饽饽”;在网络工程师的考证路线里,“厂商IE认证”常被视作顶级技术力的象征。,数通、安全、云计算、AI等方向都有,适合想拓展多领域能力的人;两者在最大的差异,其实还是厂商设备差异,没有说谁就高出一截。到底H3CIE值不值得考?而市场是稀缺决定价值的,尤其在H3C设备广泛使用的背景下,
H3CIE-R&S Lab考试实验操作指南
标题中提到的“H3CIE-R&S Lab考试综合实验参考”指向的是一项专业的网络技术认证考试——H3CIE(H3C Certified Internetwork Expert)的R&S(Routing & Switching,路由与交换)方向的实验室考试参考资料。H3CIE是H3...
评论 1
成就一亿技术人!
拼手气红包6.0元
还能输入1000个字符
 
红包 添加红包
表情包 插入表情
表情包 代码片
 条评论被折叠 查看
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值