本文详细介绍了一个包含OSPF、链路聚合、DHCP、STP、VRRP等多种网络技术的复杂网络配置案例。通过具体步骤展示了如何实现不同网络需求,包括自动获取IP地址、提高链路可靠性及数据转发效率等。
一、根据拓扑要求完成IP地址基本配置,修改设备名称 如R1修改为R1+姓名缩写
二、内网需求--整个网络运行OSPF协议,使用默认进程号,默认router id
分支1需求:
1.VLAN10\VLAN20的网关在SW3设备上,地址获取方式为自动获取,DHCP server 为R6设备
vlan 10-地址池名称:vlan 10, 网关为192.168.1.1,网段为192.168.1.0/24,dns为8.8.8.8,租期为2天
vlan 20-地址池名称:vlan 20, 网关为192.168.2.1,网段为192.168.2.0/24,dns为8.8.8.8,租期为1天
2.SW3与SW4之间配置链路聚合技术,编号为12,模式为LACP模式,SW4为主设备(优先级修改为4000),G0/0/3-G0/0/4为活跃链路(优先级修改为2000)
3.SW1-SW2-SW3运行STP协议,模式为STP,SW3为根设备(4096)
4.按照拓扑要求进行OSPF配置
分支2需求:
1.VLAN50、VLAN 60的网关在SW7\SW8设备上,保证网关的可靠性(VRRP参数要求如下)
vlan50--vird 5, vip:192.168.5.100
vlan60--vrid 6, vip:192.168.6.100
VLAN50优先从SW7设备转发(优先级修改为120),VLAN60数据优先从SW8设备转发(优先级修改为120)
2.Vrid 5的主设备SW7上行链路发生故障时(联动值为30),SW8可以快速切换成主设备
(BFD 名称为huawei,SW7本地标识为1,R3本地标识为2)
3.按照拓扑要求进行OSPF配置
三、总部需求
1. 配置区域0认证,认证方式为明文,密码为HICE@12
2. 开启区域0的快速检测技术
四、运营商网络:运行ISIS协议,设备全部为L1-2设备,area id为49.0001
五、边界配置
AR8为边界设备,采用双出口方式访问,要求内网数据可以优先从电信访问外网(电信优先级修改为50):
VLAN10、VLAN20主机使用NAPT方式访问200.1.3.100,转换的外网地址池为200.1.2.120(ACL编号为2000)
VLAN50主机使用Easy IP方式200.1.3.100(ACL编号为2001)
LSW1
sysname SW1
vlan batch 10 20
interface Ethernet0/0/1
port link-type access
port default vlan 10
interface Ethernet0/0/2
port link-type access
port default vlan 20
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 10 20
interface GigabitEthernet0/0/2
port link-type trunk
port trunk allow-pass vlan 10 20
LSW2
sysname SW2
vlan batch 10 20
interface Ethernet0/0/1
port link-type access
port default vlan 10
interface Ethernet0/0/2
port link-type access
port default vlan 20
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 10 20
interface GigabitEthernet0/0/2
port link-type trunk
port trunk allow-pass vlan 10 20
LSW3
sysname SW3
vlan batch 10 20 70
stp mode stp
stp instance 0 priority 4096
dhcp enable
interface Vlanif10
ip address 192.168.1.1 24
dhcp select relay
dhcp relay server-ip 10.1.16.6
interface Vlanif20
ip address 192.168.2.1 24
dhcp select relay
dhcp relay server-ip 10.1.16.6
interface Vlanif70
ip address 10.1.7.3 24
interface Eth-Trunk12
port link-type access
port default vlan 70
mode lacp-static
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 10 20
interface GigabitEthernet0/0/2
port link-type trunk
port trunk allow-pass vlan 10 20
interface GigabitEthernet0/0/3
eth-trunk 12
interface GigabitEthernet0/0/4
eth-trunk 12
interface GigabitEthernet0/0/5
eth-trunk 12
ospf 1
area 0.0.0.1
network 192.168.1.0 0.0.0.255
network 192.168.2.0 0.0.0.255
network 10.1.7.0 0.0.0.255
ip route-static 0.0.0.0 0.0.0.0 10.1.7.4
LSW4
sysname SW4
vlan batch 70 80
lacp priority 4000
interface Vlanif70
ip address 10.1.7.4 24
interface Vlanif80
ip address 10.1.8.4 24
interface Eth-Trunk12
port link-type access
port default vlan 70
mode lacp-static
max active-linknumber 2
interface GigabitEthernet0/0/3
eth-trunk 12
lacp priority 2000
interface GigabitEthernet0/0/4
eth-trunk 12
lacp priority 2000
interface GigabitEthernet0/0/5
eth-trunk 12
interface GigabitEthernet0/0/1
port link-type access
port default vlan 80
ospf 1
area 0.0.0.1
network 10.1.7.0 0.0.0.255
network 10.1.8.0 0.0.0.255
ip route-static 0.0.0.0 0.0.0.0 10.1.8.1
R1
sysname R1
bfd
interface GigabitEthernet0/0/0
ip address 10.1.16.1 24
interface GigabitEthernet0/0/1
ip address 10.1.8.1 24
interface GigabitEthernet0/0/2
ip address 10.1.18.1 24
ospf 1
bfd all-interfaces enable
area 0.0.0.0
authentication-mode simple HCIE@12
network 10.1.16.0 0.0.0.255
network 10.1.18.0 0.0.0.255
area 0.0.0.1
network 10.1.8.0 0.0.0.255
ip route-static 0.0.0.0 0.0.0.0 10.1.18.8
R6
sysname R6
dhcp enable
bfd
ip pool vlan10
gateway-list 192.168.1.1
network 192.168.1.0 mask 24
lease day 2
dns-list 8.8.8.8
ip pool vlan20
gateway-list 192.168.2.1
network 192.168.2.0 mask 24
dns-list 8.8.8.8
interface GigabitEthernet0/0/0
ip address 10.1.16.6 24
dhcp select global
interface GigabitEthernet0/0/1
ip address 10.1.36.6 24
ospf 1
bfd all-interfaces enable
area 0.0.0.0
authentication-mode simple HCIE@12
network 10.1.16.0 0.0.0.255
network 10.1.36.0 0.0.0.255
R3
sysname R3
bfd
interface GigabitEthernet0/0/0
ip address 10.1.9.3 24
interface GigabitEthernet0/0/1
ip address 10.1.38.3 24
interface GigabitEthernet0/0/2
ip address 10.1.36.3 24
interface GigabitEthernet0/0/3
ip address 10.1.10.3 24
bfd huawei bind peer-ip 10.1.9.7 source-ip 10.1.9.3
discriminator local 2
discriminator remote 1
commit
ospf 1
bfd all-interfaces enable
area 0.0.0.0
authentication-mode simple HCIE@12
network 10.1.38.0 0.0.0.255
network 10.1.36.0 0.0.0.255
area 0.0.0.2
network 10.1.9.0 0.0.0.255
network 10.1.10.0 0.0.0.255
ip route-static 0.0.0.0 0.0.0.0 10.1.38.8
LSW7
sysname SW7
vlan batch 50 60 90
bfd
interface Vlanif50
ip address 192.168.5.254 24
vrrp vrid 5 virtual-ip 192.168.5.100
vrrp vrid 5 priority 120
vrrp vrid 5 track bfd-session 1 reduced 30
interface Vlanif60
ip address 192.168.6.254 24
vrrp vrid 6 virtual-ip 192.168.6.100
interface Vlanif90
ip address 10.1.9.7 24
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 50 60
interface GigabitEthernet0/0/2
port link-type access
port default vlan 90
bfd huawei bind peer-ip 10.1.9.3 source-ip 10.1.9.7
discriminator local 1
discriminator remote 2
commit
ospf 1
area 0.0.0.2
network 192.168.5.0 0.0.0.255
network 192.168.6.0 0.0.0.255
network 10.1.9.0 0.0.0.255
ip route-static 0.0.0.0 0.0.0.0 10.1.9.3
LSW8
sysname SW8
vlan batch 50 60 100
interface Vlanif50
ip address 192.168.5.253 24
vrrp vrid 5 virtual-ip 192.168.5.100
interface Vlanif60
ip address 192.168.6.253 24
vrrp vrid 6 virtual-ip 192.168.6.100
vrrp vrid 6 priority 120
interface Vlanif100
ip address 10.1.10.8 24
interface GigabitEthernet0/0/2
port link-type trunk
port trunk allow-pass vlan 50 60
interface GigabitEthernet0/0/3
port link-type access
port default vlan 100
ospf 1
area 0.0.0.2
network 192.168.5.0 0.0.0.255
network 192.168.6.0 0.0.0.255
network 10.1.10.0 0.0.0.255
ip route-static 0.0.0.0 0.0.0.0 10.1.10.3
LSW5
sysname SW5
vlan batch 50 60
interface Ethernet0/0/1
port link-type access
port default vlan 50
interface Ethernet0/0/2
port link-type access
port default vlan 60
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 50 60
interface GigabitEthernet0/0/2
port link-type trunk
port trunk allow-pass vlan 50 60
AR8
sysname R8
bfd
acl number 2000
rule 5 permit source 192.168.1.0 0.0.0.255
rule 10 permit source 192.168.2.0 0.0.0.255
acl number 2001
rule 5 permit source 192.168.5.0 0.0.0.255
isis 1
network-entity 49.0001.0000.0000.0008.00
nat address-group 1 200.1.2.120 200.1.2.120
nterface GigabitEthernet0/0/0
ip address 10.1.18.8 24
interface GigabitEthernet0/0/1
ip address 10.1.38.8 24
interface GigabitEthernet4/0/0
ip address 200.1.1.8 24
isis enable 1
interface GigabitEthernet4/0/1
ip address 200.1.2.8 24
isis enable 1
nat outbound 2000 address-group 1
nat outbound 2001
ospf 1
bfd all-interfaces enable
area 0.0.0.0
authentication-mode simple HCIE@12
network 10.1.18.0 0.0.0.255
network 10.1.38.0 0.0.0.255
ip route-static 0.0.0.0 0.0.0.0 200.1.1.5
ip route-static 0.0.0.0 0.0.0.0 200.1.2.4 preference 50
ospf 1
bfd all-interfaces enable
area 0.0.0.0
authentication-mode simple HCIE@12
network 10.1.18.0 0.0.0.255
network 10.1.38.0 0.0.0.255
ip route-static 0.0.0.0 0.0.0.0 200.1.1.5
ip route-static 0.0.0.0 0.0.0.0 200.1.2.4 preference 50
R4
sysname R4
isis 1
network-entity 49.0001.0000.0000.0004.00
interface GigabitEthernet0/0/0
ip address 200.1.4.4 24
isis enable 1
interface GigabitEthernet0/0/1
ip address 200.1.5.4 24
isis enable 1
R5
sysname R5
isis 1
network-entity 49.0001.0000.0000.0005.00
interface GigabitEthernet0/0/0
ip address 200.1.1.5 24
isis enable 1
interface GigabitEthernet0/0/1
ip address 200.1.4.5 24
isis enable 1
R7
sysname R7
isis 1
network-entity 49.0001.0000.0000.0007.00
interface GigabitEthernet0/0/0
ip address 200.1.4.7 24
isis enable 1
interface GigabitEthernet0/0/1
ip address 200.1.5.7 24
isis enable 1
interface GigabitEthernet0/0/2
ip address 200.1.3.254 24
isis enable 1
扫一扫
2361
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
