1. 拓扑图
2. VLAN划分、IP配置
SW1
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
| system-view
sysname SW1
vlan 10 20 100
int vl10
ip add 192.168.10.252 24
int vl20
ip add 192.168.20.252 24
int vl100
ip add 192.168.100.1 30
int g1/0/1
port link-type trunk
port trunk permit vlan 10 20
undo port trunk permit vlan 1
int g1/0/2
port link-type trunk
port trunk permit vlan 10 20
undo port trunk permit vlan 1
int g1/0/3
port link-type trunk
port trunk permit vlan 10 20
undo port trunk permit vlan 1
int g1/0/4
port link-type trunk
port trunk permit vlan 10 20
undo port trunk permit vlan 1
int g1/0/48
port access vlan 100
save
|
SW2
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
| system-view
sysname SW2
vlan 10 20 200
int vl10
ip add 192.168.10.253 24
int vl20
ip add 192.168.20.253 24
int vl200
ip add 192.168.200.1 30
int g1/0/1
port link-type trunk
port trunk permit vlan 10 20
undo port trunk permit vlan 1
int g1/0/2
port link-type trunk
port trunk permit vlan 10 20
undo port trunk permit vlan 1
int g1/0/3
port link-type trunk
port trunk permit vlan 10 20
undo port trunk permit vlan 1
int g1/0/4
port link-type trunk
port trunk permit vlan 10 20
undo port trunk permit vlan 1
int g1/0/48
port access vlan 200
save
|
SW3
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
| system-view
sysname SW3
vlan 10 20
int g1/0/1
port access vlan 10
int g1/0/2
port access vlan 20
int g1/0/47
port link-type trunk
port trunk permit vlan 10 20
undo port trunk permit vlan 1
int g1/0/48
port link-type trunk
port trunk permit vlan 10 20
undo port trunk permit vlan 1
save
|
SW4
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
| system-view
sysname SW4
vlan 10 20
int g1/0/1
port access vlan 10
int g1/0/2
port access vlan 20
int g1/0/47
port link-type trunk
port trunk permit vlan 10 20
undo port trunk permit vlan 1
int g1/0/48
port link-type trunk
port trunk permit vlan 10 20
undo port trunk permit vlan 1
save
|
R1
1
2
3
4
5
6
7
8
9
10
11
12
13
14
| system-view
sysname R1
int g0/0/0
ip add 192.168.100.2 30
int g0/0/1
ip add 192.168.200.2 30
int g0/0/10
ip add 100.0.0.2 24
save
|
ISP1
1
2
3
4
5
6
7
8
9
10
11
12
| system-view
sysname ISP1
int g0/0/0
ip add 100.0.0.1 24
int g0/0/7
ip add 6.6.6.6 24
int g0/0/9
ip add 7.7.7.7 24
|
ISP2
1
2
3
4
5
6
7
8
9
10
11
12
| system-view
sysname ISP2
int g0/0/0
ip add 200.0.0.1 24
int g0/0/7
ip add 6.6.6.7 24
int g0/0/8
ip add 5.5.5.5 24
|
ISP3
1
2
3
4
5
6
7
8
9
| system-view
sysname ISP3
int g0/0/8
ip add 5.5.5.6 24
int g0/0/9
ip add 7.7.7.8 24
|
SW20
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
| system-view
sysname SW20
ip route-static 0.0.0.0 0.0.0.0 30.0.10.254
ip route-static 0.0.0.0 0.0.0.0 30.0.20.254
vlan 10
port g1/0/1
int vl10
ip add 30.0.10.253 24
vlan20
port g1/0/2
int vl20
ip add 30.0.20.253 24
int g1/0/48
port link-type trunk
port trunk permit vlan 10 20
undo port trunk permit vlan 1
|
SW30
1
2
3
4
5
6
7
8
9
10
11
12
| system-view
sysname SW30
int g1/0/1
port link-mode route
ip add 200.0.1.1 24
int g1/0/48
port link-mode route
ip add 200.0.0.2 24
|
SW40
1
2
3
4
5
6
7
| system-view
sysname SW40
int g1/0/48
port link-mode route
ip add 200.0.1.2 24
|
3. Link Aggregation
SW1和SW2之间配置二层链路聚合以提高带宽以及链路冗余,2者聚合后的接口都为Bridge-Aggregation1,且只允许VLAN 10和VLAN 20通过。
SW1
1
2
3
4
5
6
7
8
9
10
11
12
| int Bridge-Aggregation1
port link-type trunk
port trunk permit vlan 10 20
undo port trunk permit vlan 1
int g1/0/3
port link-aggregation group 1
int g1/0/4
port link-aggregation group 1
|
SW2
1
2
3
4
5
6
7
8
9
10
| int Bridge-Aggregation 1
port link-type trunk
port trunk permit vlan 10 20
undo port trunk permit vlan 1
int g1/0/3
port link-aggregation group 1
int g1/0/4
port link-aggregation group 1
|
4. MSTP
SW1、SW2、SW3、SW4分别配置多实例生成树(MSTP),其中vlan10属于实例1,vlan20属于实例2。SW1为vlan10的根桥,SW2为vlan20的根桥。
SW1
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
| system-view
stp region-configuration
region-name mkbk
instance 1 vlan 10
instance 2 vlan 20
active region-configuration
stp instance 1 root primary
stp instance 2 root secondary
save
|
SW2
1
2
3
4
5
6
7
8
9
10
11
12
| system-view
stp region-configuration
region-name mkbk
instance 1 vlan 10
instance 2 vlan 20
active region-configuration
stp instance 2 root primary
stp instance 1 root secondary
save
|
SW3
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
| system-view
stp region-configuration
region-name mkbk
instance 1 vlan 10
instance 2 vlan 20
active region-configuration
int g1/0/1
stp edge-port
int g1/0/2
stp edge-port
save
|
SW4
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
| system-view
stp region-configuration
region-name mkbk
instance 1 vlan 10
instance 2 vlan 20
active region-configuration
int g1/0/1
stp edge-port
int g1/0/2
stp edge-port
save
|
5. VRRP
SW1和SW2分别配置虚拟网关冗余协议(VRRP),其中SW1为vlan10的主网关(master),vlan20的备用网关(backup);SW2为vlan20的主网关(master),vlan10的备用网关(backup)。同时配置检测到上行端口故障时,降低主网关的优先级,从而切换到备用网关。
SW1
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
| system-view
track 1 int g1/0/48
int vl10
vrrp vrid 10 virtual-ip 192.168.10.254
vrrp vrid 10 priority 101
vrrp vrid 10 track 1 priority reduced 2
int vl20
vrrp vrid 20 virtual-ip 192.168.20.254
|
SW2
1
2
3
4
5
6
7
8
9
10
11
| system-view
track 1 int g1/0/48
int vl10
vrrp vrid 10 virtual-ip 192.168.10.254
int vl20
vrrp vrid 20 virtual-ip 192.168.20.254
vrrp vrid 20 priority 101
vrrp vrid 20 track 1 priority reduced 2
|
6. OSPF
R1、SW1、SW2之间配置开放式最短路径优先(ospf)协议,其中R1为指定路由器DR(Router-ID最大者),SW1和SW2为备份指定路由器(BDR),同时由R1下发默认路由。
R1
1
2
3
4
5
6
7
8
9
10
11
12
13
14
| system-view
ip route-static 0.0.0.0 0.0.0.0 100.0.0.1
ospf 1 router-id 3.3.3.3
default-route-advertise
area 0
network 192.168.100.2 0.0.0.3
network 192.168.200.2 0.0.0.3
|
SW1
1
2
3
4
5
6
| system-view
ospf 1 router-id 1.1.1.1
area 0
network 192.168.100.1 0.0.0.3
network 192.168.10.254 0.0.0.255
|
SW2
1
2
3
4
5
6
| system-view
ospf 1 router-id 2.2.2.2
area 0
network 192.168.200.1 0.0.0.3
network 192.168.20.254 0.0.0.255
|
7. NAPT
R1配置网络地址端口转换(NATP),将vlan10和vlan20的内网IP地址转换为出接口g0/0/10的公网IP地址。
R1
1
2
3
4
5
6
7
8
9
10
11
12
| system-view
acl basic 2000
rule 0 permit source 192.168.10.0 0.0.0.255
rule 1 permit source 192.168.20.0 0.0.0.255
rule 2 permit source 192.168.100.0 0.0.0.255
rule 3 permit source 192.168.200.0 0.0.0.255
int g0/0/10
nat outbound 2000
|
8. DHCP
SW1和SW2上配置DHCP服务器,分别为vlan10和vlan20的客户端分配IP地址。
注意:vlan必须配置虚拟IP地址,并且必须和dhcp分配IP地址在同一个网段,这样才可正常给dhcp客户端分配IP地址。
SW1
1
2
3
4
5
6
7
8
9
10
11
12
| system-view
dhcp enable
dhcp server forbidden-ip 192.168.10.254
dhcp server ip-pool vlan10
network 192.168.10.0 24
gateway-list 192.168.10.254
dns-list 119.29.29.29
int vl10
dhcp server apply ip-pool vlan10
|
SW2
1
2
3
4
5
6
7
8
9
10
11
12
13
| system-view
dhcp enable
dhcp server ip-pool vlan20
network 192.168.20.0 24
gateway-list 192.168.20.254
forbidden-ip 192.168.20.254
dns-list 119.29.29.29
int vl10
dhcp server apply ip-pool vlan20
|
9. 单臂路由
ISP3上配置单臂路由,g0/0/0物理接口下的2个子接口分别作为vlan10和vlan20的网关接口。
ISP3
1
2
3
4
5
6
7
| int g0/0/0.1
ip add 30.0.10.254 24
vlan-type dot1q vid 10
int g0/0/0.2
ip add 30.0.20.254 24
vlan-type dot1q vid 20
|
10. RIP
ISP2、SW30、SW40之间配置RIP(路由信息协议),使ISP2和SW40之间能够互相访问。
ISP2
1
2
3
4
5
| system-view
rip 1
version 2
network 200.0.0.1
|
SW30
1
2
3
4
5
6
| system-view
rip 1
version 2
network 200.0.0.2
network 200.0.1.1
|
SW40
1
2
3
4
5
| system-view
rip 1
version 2
network 200.0.1.2
|
11. BGP
11.1 IBGP
ISP2、SW30、SW40之间配置IBGP(内部边界网关协议),其中SW40直接指定ISP2为对端路由器,因为rip协议已经使ISP2和SW40能够互相访问。这里配IBGP的主要目的是让ISP2为SW30和SW40下发默认路由。
ISP2
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
| system-view
bgp 200
router-id 2.2.2.2
peer 200.0.0.2 as-number 200
peer 200.0.1.2 as-number 200
address-family ipv4 unicast
peer 200.0.0.2 enable
peer 200.0.0.2 default-route-advertise
peer 200.0.1.2 enable
peer 200.0.1.2 default-route-advertise
|
SW30
1
2
3
4
5
6
7
| system-view
bgp 200
router-id 30.0.0.0
peer 200.0.0.1 as-number 200
address-family ipv4 unicast
peer 200.0.0.1 enable
|
SW40
1
2
3
4
5
6
7
| system-view
bgp 200
router-id 40.0.0.0
peer 200.0.0.1 as-number 200
address-family ipv4 unicast
peer 200.0.0.1 enable
|
11.2 EBGP
ISP1、ISP2、ISP3之间配置EBGP(外部边界网关协议),使各个AS(自治系统)直接能够互相访问。
ISP1
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
| system-view
bgp 100
router-id 1.1.1.1
peer 6.6.6.7 as-number 200
peer 7.7.7.8 as-number 300
address-family ipv4 unicast
network 100.0.0.1 24
peer 6.6.6.7 enable
peer 7.7.7.8 enable
|
ISP2
1
2
3
4
5
6
7
8
9
10
11
| system-view
bgp 200
router-id 2.2.2.2
peer 6.6.6.6 as-number 100
peer 5.5.5.6 as-number 300
address-family ipv4 unicast
network 200.0.0.1 24
network 200.0.1.2 24
peer 6.6.6.6 enable
peer 5.5.5.6 enable
|
ISP3
1
2
3
4
5
6
7
8
9
10
11
| system-view
bgp 300
router-id 3.3.3.3
peer 5.5.5.5 as-number 200
peer 7.7.7.7 as-number 100
address-family ipv4 unicast
network 30.0.10.254 24
network 30.0.20.254 24
peer 5.5.5.5 enable
peer 7.7.7.7 enable
|
注意: ISP3如果bgp对等体关系都已成功建立,而display ip routing-table却没有显示其他AS的路由,则需要重启ISP3路由器。
12. DHCP Relay
SW20上做dhcp relay(中继),将vlan10和vlan20的dhcp请求转发到dhcp服务器SW30上。
注意:确保bgp正常运行,SW30和SW20之间能通信。
SW30
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
| system-view
dhcp enable
dhcp server ip-pool vlan10
network 30.0.10.0 24
gateway-list 30.0.10.254
forbidden-ip 30.0.10.254
dns-list 119.29.29.29
dhcp server ip-pool vlan20
network 30.0.20.0 24
gateway-list 30.0.20.254
forbidden-ip 30.0.20.254
dns-list 119.29.29.29
|
SW20
1
2
3
4
5
6
7
8
9
10
11
12
13
| system-view
dhcp enable
int vl10
dhcp select relay
dhcp relay server-address 200.0.0.1
int vl20
dhcp select relay
dhcp relay server-address 200.0.0.1
|
