目录
■DHCP NAT BFD 策略路由
▲掩码与反掩码总结
▲综合实验
■DHCP NAT BFD 策略路由
▲掩码与反掩码总结
- 使用掩码的场景:IP地址强相关
场景一:IP地址配置
ip address 192.168.1.1 255.255.255.0 或ip address 192.168.1.1 24
场景二:DHCP配置
network 192.168.1.0 mask 255.255.255.0或network 192.168.1.0 mask 24
- 使用反掩码的场景
场景一:ACL
rule 10 permit source 192.168.1.1 0 或rule 10 permit source 192.168.1.1 0.0.0.0
rule 10 permit source 192.168.1.0 0.0.0.255
场景二:OSPF路由宣告
network 192.168.1.0 0.0.0.255 //宣告192.168.1.0网段
- RIP路由宣告不需要掩码或反掩码,宣告主类网络(ABC类主类IP地址掩码分别为/8/16/24):
network 10.0.0.0
network 172.16.0.0
network 192.168.1.0
▲综合实验
- 接入交换机ACSW配置
<Huawei>system-view
[Huawei]sysname Acsw
[Acsw]vlan batch 10 20
[Acsw]interface GigabitEthernet 0/0/1
[Acsw-GigabitEthernet0/0/1]port link-type access
[Acsw-GigabitEthernet0/0/1]port default vlan 10
[Acsw-GigabitEthernet0/0/1]quit
[Acsw]interface GigabitEthernet 0/0/2
[Acsw-GigabitEthernet0/0/2]port link-type access
[Acsw-GigabitEthernet0/0/2]port default vlan 20
[Acsw-GigabitEthernet0/0/2]quit
[Acsw]interface GigabitEthernet 0/0/3
[Acsw-GigabitEthernet0/0/3]port link-type trunk
[Acsw-GigabitEthernet0/0/3]port trunk allow-pass vlan all
- 核心交换机的配置
下行接口以及网关
[Coresw]vlan batch 10 20 30
[Coresw]interface Vlanif 10
[Coresw-Vlanif10]ip address 192.168.10.254 24
[Coresw-Vlanif10]quit
[Coresw]interface Vlanif 20
[Coresw-Vlanif20]ip address 192.168.20.254 24
[Coresw-Vlanif20]quit
[Coresw]interface GigabitEthernet 0/0/3
[Coresw-GigabitEthernet0/0/3]port link-type trunk
[Coresw-GigabitEthernet0/0/3]port trunk allow-pass vlan all
配置DHCP
vlanif10 全局模式
[Coresw]dhcp enable
[Coresw]ip pool 10
[Coresw-ip-pool-10]network 192.168.10.0 mask 24
[Coresw-ip-pool-10]gateway-list 192.168.10.254
[Coresw-ip-pool-10]dns-list 8.8.8.8
[Coresw-ip-pool-10]lease day 5
[Coresw-ip-pool-10]excluded-ip-address 192.168.10.2 192.168.10.253
[Coresw-ip-pool-10]quit
[Coresw]interface Vlanif 10
[Coresw-Vlanif10]dhcp select global
vlanif20 接口模式
[Coresw-Vlanif20]dhcp select interface
[Coresw-Vlanif20]dhcp server excluded-ip-address 192.168.20.2 192.168.20.253
[Coresw-Vlanif20]dhcp server dns-list 114.114.114.114
[Coresw-Vlanif20]dhcp server lease day 4 hour 4 minute 4
- 核心交换机上层接口
[Coresw]interface GigabitEthernet 0/0/1
[Coresw-GigabitEthernet0/0/1]port link-type access
[Coresw-GigabitEthernet0/0/1]port default vlan 30
[Coresw-GigabitEthernet0/0/1]quit
[Coresw]interface Vlanif 30
[Coresw-Vlanif30]ip address 192.168.30.254 24
指定核心交换机的默认路由 出口路由器无法nat设置完之后
[Coresw]ip route-static 0.0.0.0 0 192.168.30.3
- 出口路由器配置(下行口)
<Route>system-view
[Route]interface GigabitEthernet 0/0/1
[Route-GigabitEthernet0/0/1]ip address 192.168.30.3 24
可以使用静态路由来使route有返回到主机的路由条目(但本实验不这么做,选用动态路由协议)
[route]ip route-static 192.168.10.0 255.255.255.0 192.168.30.254
动态路由协议:RIP
[Route]rip
[Route-rip-1]version 2
[Route-rip-1]network 192.168.30.0
[Coresw]rip
[Coresw-rip-1]version 2
[Coresw-rip-1]network 192.168.10.0
[Coresw-rip-1]network 192.168.20.0
[Coresw-rip-1]network 192.168.30.0
[Route]undo rip 1
[Coresw]undo rip 1
动态路由协议:OSPF
[Route]ospf 1
[Route-ospf-1]area 0
[Route-ospf-1-area-0.0.0.0]network 192.168.30.0 0.0.0.255
[Coresw]ospf 1
[Coresw-ospf-1]area 0
[Coresw-ospf-1-area-0.0.0.0]network 192.168.10.0 0.0.0.255
[Coresw-ospf-1-area-0.0.0.0]network 192.168.20.0 0.0.0.255
[Coresw-ospf-1-area-0.0.0.0]network 192.168.30.0 0.0.0.255
- 路由器的两个上行接口
上行接口IP地址配置:
[Route]interface GigabitEthernet 0/0/0
[Route-GigabitEthernet0/0/0]ip address 12.1.1.3 24
[Route-GigabitEthernet0/0/0]quit
[Route]interface GigabitEthernet 0/0/2
[Route-GigabitEthernet0/0/2]ip address 23.1.1.3 24
出口路由器做NAT在电信和联通配置RIP之后
[Route]acl 2000
[Route-acl-basic-2000]rule 5 permit source 192.168.10.0 0.0.0.255
[Route-acl-basic-2000]rule 10 permit source 192.168.20.0 0.0.0.255
[Route-acl-basic-2000]quit
[Route]interface GigabitEthernet 0/0/0
[Route-GigabitEthernet0/0/0]nat outbound 2000
[Route]interface GigabitEthernet 0/0/2
[Route-GigabitEthernet0/0/2]nat outbound 2000
- 电信路由器
电信路由器配置IP地址:
[dianxin]interface GigabitEthernet 0/0/0
[dianxin-GigabitEthernet0/0/0]ip address 12.1.1.1 24
[dianxin-GigabitEthernet0/0/0]quit
[dianxin]interface GigabitEthernet 0/0/1
[dianxin-GigabitEthernet0/0/1]ip address 100.1.1.1 24
[dianxin-GigabitEthernet0/0/1]quit
[dianxin]interface LoopBack 0
[dianxin-LoopBack0]ip address 1.1.1.1 24
配置rip...
- 联通路由器
联通路由器配置IP地址:
<liantong>system-view
[liantong]interface GigabitEthernet 0/0/1
[liantong-GigabitEthernet0/0/1]ip address 100.1.1.2 24
[liantong-GigabitEthernet0/0/1]quit
[liantong]interface GigabitEthernet 0/0/2
[liantong-GigabitEthernet0/0/2]ip address 23.1.1.2 24
[liantong-GigabitEthernet0/0/2]quit
[liantong]interface LoopBack 0
[liantong-LoopBack0]ip address 2.2.2.2 24
配置rip...
给核心交换机配置默认路由完成之后还是无法通信,是因为出口路由器没有做默认路由,如果要做浮动路由,需要更改两条路由的优先级
静态路由和默认路由的优先级都是60
[Route]ip route
[Route]ip route-static 0.0.0.0 0 12.1.1.1 preference 50
[Route]ip route-static 0.0.0.0 0 23.1.1.2
要使用BGF所以默认路由先不用了,实际上只有默认路由也无法完成需求
[Route]undo ip route-static 0.0.0.0 0 12.1.1.1
[Route]undo ip route-static 0.0.0.0 0 23.1.1.2
- 出口路由器BFD的配置,为了保证电信挂了以后可以走联通的网络
[Route]bfd
[Route-bfd]quit
[Route]bfd dianxin bind peer-ip 12.1.1.1 source-ip 12.1.1.3 auto
[Route-bfd-session-dianxin]quit
电信那一边配置bfd (因为不支持单臂回声,实际项目可以配置单边)
[dianxin]bfd
[dianxin-bfd]quit
[dianxin]bfd dianxin bind peer-ip 12.1.1.3 source-ip 12.1.1.1 auto
[dianxin-bfd-session-dianxin]display bfd session all
track追踪,BFD两边配置,两边ping不通的时候就是挂了,该链路的路由会被删除
[Route]ip route-static 0.0.0.0 0 12.1.1.1 preference 50 track bfd-session dianxin
[Route]ip route-static 0.0.0.0 0.0.0.0 23.1.1.2 #bfd链路挂了就走这个
- 策略路由配置
首先删除两个默认路由
[Route]undo ip route-static 0.0.0.0 0 23.1.1.2
[Route]undo ip route-static 0.0.0.0 0 12.1.1.1
- 策略路由设置
策略路由vlan10走电信出口,vlan20走联通出口
具体步骤:
①配置ACL,匹配流量
②流分类
③流行为
④流策略(绑定流分类流行为)
⑤入接口应用策略路由
策略路由配置在入接口是因为要匹配两个网段的地址 放在任意一个出接口都不能对另一个网段进行匹配
<Route>system-view
配置ACL
[Route]acl 2010
[Route-acl-basic-2010]rule 10 permit source 192.168.10.0 0.0.0.255
[Route-acl-basic-2010]quit
[Route]acl 2020
[Route-acl-basic-2020]rule 10 permit source 192.168.20.0 0.0.0.255
配置流分类
[Route]traffic classifier vlan10
[Route-classifier-vlan10]if-match acl 2010
[Route-classifier-vlan10]quit
[Route]traffic classifier vlan20
[Route-classifier-vlan20]if-match acl 2020
[Route-classifier-vlan20]quit
配置流行为
[Route]traffic behavior dianxin
[Route-behavior-dianxin]redirect ip-nexthop 12.1.1.1
[Route-behavior-dianxin]quit
[Route]traffic behavior liantong
[Route-behavior-liantong]redirect ip-nexthop 23.1.1.2
[Route-behavior-liantong]quit
配置流策略
[Route]traffic policy 10,20-dl
[Route-trafficpolicy-10,20-dl]classifier vlan10 behavior dianxin
[Route-trafficpolicy-10,20-dl]classifier vlan20 behavior liantong
[Route-trafficpolicy-10,20-dl]quit
入接口应用策略路由
[Route-GigabitEthernet0/0/1]traffic-policy 10,20-dl inbound
Step1:配置ACL,匹配流量
[router] acl 3010
[router-acl-adv-3010] rule 10 permit ip source any destination 1.1.1.0 0.0.0.255 //匹配任意源地址去往电信服务器1.1.1.1的流量
[router-acl-adv-3010] acl 3020
[router-acl-adv-3020] rule 10 permit ip source any destination 2.2.2.0 0.0.0.255 //匹配任意源地址去往联通服务器2.2.2.2的流量其他配置略,与实验三一样。
至此,本文分享的内容就结束了。
)
 版本与 LabVIEW 2019 兼容性)
)
