华为单臂路由实战详解
华为单臂路由实战详解SW1配置接口/vlan(24口作为上联口)<Huawei>system-view//用户视图sysname sw1//设备命名为vlan batch 10 20 30//批量创建vlaninterface gigabitethernet0/0/24//进入接口视图port link-typetrunk//接口类型骨干porttrunk allow-pass vlan all//接口放行所有vlan通过quitport-group group-member gigabitethernet0/0/1 to gigabitethernet 0/0/8//接口组 组成员port link-type access//接口类型访问port default vlan10//接口默认vlan为10quitport-group group-member gigabitethernet0/0/9 to gigabitethernet 0/0/16port link-type accessport default vlan 20quitport-group group-member gigabitethernet0/0/17 to gigabitethernet 0/0/23port link-type accessport default vlan 30quit
校验接口vlan活动状态display port vlan active//显示接口vlan活动状态T=TAG U=UNTAG-------------------------------------------------------------------------------Port Link Type PVID VLAN List-------------------------------------------------------------------------------GE0/0/1 access 10 U: 10GE0/0/2 access 10 U: 10GE0/0/3 access 10 U: 10GE0/0/4 access 10 U: 10GE0/0/5 access 10 U: 10GE0/0/6 access 10 U: 10GE0/0/7 access 10 U: 10GE0/0/8 access 10 U: 10GE0/0/9 access 20 U: 20GE0/0/10 access 20 U: 20GE0/0/11 access 20 U: 20GE0/0/12 access 20 U: 20GE0/0/13 access 20 U: 20GE0/0/14 access 20 U: 20GE0/0/15 access 20 U: 20GE0/0/16 access 20 U: 20GE0/0/17 access 30 U: 30GE0/0/18 access 30 U: 30GE0/0/19 access 30 U: 30GE0/0/20 access 30 U: 30GE0/0/21 access 30 U: 30GE0/0/22 access 30 U: 30GE0/0/23 access 30 U: 30GE0/0/24 trunk 1 U: 1 T: 1020 30配置环回口(用于telnet管理地址)interface loopback 0 //创建环回口 0ip address 1.1.1.132//配置环回口地址quit配置Telnet管理用户user-interface vty 0 4//用户视图vty 0 4authentication aaa//认证模式 aaaquitaaa//进入aaa视图local-user zurkj password cipheradmin1234//本地用户 密码local-user zurkj service-type telnet//本地用户 服务类型 telnetlocal-user zurkjprivilege level 15//本地用户 特权级别 15return<sw1>save allThe current configuration willbe written to the device.Are you sure to continue?y
Gateway配置接口<Huawei>system-viewsysname Gatewayinterface gigabitethernet0/0/0.1//创建子接口dot1qtermination vid 10//配置子接口与vlan相关联ip address192.168.10.1 24//配置网关地址arp broadcastenable//开启arp广播功能quitinterfacegigabitethernet 0/0/0.2dot1qtermination vid 20ip address192.168.20.1 24arpbroadcast enablequitinterfacegigabitethernet 0/0/0.3dot1qtermination vid 30ip address192.168.30.1 24arpbroadcast enablequitdisplay ip interfacebrief//显示IP接口简介
配置DHCPdhcp enable//全局开启DHCPip pool vlan10//创建名为vlan10的地址池gateway-list192.168.10.1//配置网关network192.168.10.0 mask 24//配置网段excluded-ip-address192.168.10.200 192.168.10.254//配置不参与分配地址leaseday 0 hour 12 minute 0//配置租约时间dns-list114.114.114.114 8.8.8.8//配置DNSquitgateway-list192.168.20.1network192.168.20.0 mask 24excluded-ip-address192.168.20.200 192.168.20.254leaseday 0 hour 12 minute 0dns-list114.114.114.114 8.8.8.8quitgateway-list192.168.30.1network192.168.30.0 mask 24excluded-ip-address192.168.30.200 192.168.30.254leaseday 0 hour 12 minute 0dns-list114.114.114.114 8.8.8.8quitdisplay ip pool -----------------------------------------------------------------------Pool-name : vlan10Pool-No : 0Position : Local Status : UnlockedGateway-0 : 192.168.10.1 Mask : 255.255.255.0VPN instance: -- -----------------------------------------------------------------------Pool-name : vlan20Pool-No : 1Position : Local Status : UnlockedGateway-0 : 192.168.20.1 Mask : 255.255.255.0VPN instance: -- -----------------------------------------------------------------------Pool-name : vlan30Pool-No : 2Position : Local Status : UnlockedGateway-0 : 192.168.30.1 Mask : 255.255.255.0VPN instance: -- IP address Statistic Total :759 Used :0 Idle :594Expired :0 Conflict :0 Disable :165interfacegigabitethernet 0/0/0.1dhcpselect global//子接口DHCP选择全局quitinterfacegigabitethernet 0/0/0.2 dhcpselect globalquitinterfacegigabitethernet 0/0/0.3dhcpselect globalquitreturn<Gateway>save allThe current configuration will be written tothe device. Are you sure to continue? (y/n):y
检验端终获取DHCP情况除服务器外终端使用DHCP自动获取,server手动配置地址。 内网检验OK,下面先配置运营商设备,再做Gateway连接公网。
ISP配置PPPoE服务端(ISP只是为了配合Gateway拨号测试需要,不见得一定要掌握的技术)<Huawei>system-viewsysname ISP配置环回口用于模拟internetinterface loopback 1 ip address100.100.100.100 32quit配置提供PPPoE服务的地址池ip pool zurkj//创建服务端地址池gateway-list200.1.1.1//配置网关network200.1.1.0 mask 29//配置网段 掩码dns-list114.114.114.114 8.8.8.8//配置DNSquit配置虚拟接口模板interface virtual-template1//创建虚拟接口模板 编号1pppauthentication-mode pap//PPP认证方式为PAPipaddress 200.1.1.1 29//配置地址 掩码remoteaddress pool zurkj//远程地址池调用创建的zurkj地址池(此地址池用于为PPPoE Client分配地址)displaythis//检验虚拟接口模板配置内容#interface Virtual-Template1 ppp authentication-mode pap remote address pool zurkj ip address 200.1.1.1 255.255.255.248 #returnquit配置虚拟模板绑定物理接口interfaceGigabitEthernet 0/0/0 pppoe-serverbind virtual-template 1//PPPoE服务绑定上虚拟接口模板1quit配置PPPoE认证用户(提供给Client使用的认证用户)aaa//进入aaa模式local-user ad123456password cipher admin1234//创建本地用户X 密码为Xlocal-user ad123456service-type ppp//本地用户 服务类型为PPP用户return<ISP>save allThe current configuration will be written tothe device. Are you sure to continue? (y/n):y
Gateway配置网关连接外网/telnet配置Loopback 0作为管理地址<Gateway>system-viewinterface LoopBack 0ip address2.2.2.2 32quit配置telnet管理用户user-interface vty 0 4//进入用户视图VTY 0 4authentication-modeaaa//认证模式为aaaquitlocal-user zurkjpassword cipher admin1234//本地用户X 密码Xlocal-user zurkjservice-type telnet//本地用户 服务类型telnetlocal-user zurkjprivilege level 15//本地用户 特权等级15quit配置拨号规则dialer-rule//创建拨号规则dialer-rule1 ip permit//拨号规则1 请允IP触发quit配置PPPinterfacedialer 1//创建一个拨号接口 编号1dialer userzurkj//创建拨号用户 zurkjdialer-group1//创建拨号组 组号1dialerbundle 1//拨号绑定规则 1ppp paplocal-user ad123456 password simple admin1234 //配置拨号用户名 密码ip addressppp-negotiate//配置IP地址由PPP自协商得来display this//校验配置#interface Dialer1 link-protocol ppp ppp pap local-user ad123456 password simpleadmin1234 ip address ppp-negotiate dialer user zurkj dialer bundle 1 dialer-group 1#Returnquit配置物理接口调用dialer规则interfacegigabitethernet 0/0/1pppoe-clientdial-bundle-number 1//配置接口为PPPoE客户端 拨号规则绑定前面创建的1号规则quitdisplay ip interfacebrief//显示IP接口简介 *down: administratively down^down: standby(l): loopback(s): spoofingThe number of interface that isUP in Physical is 8The number of interface that isDOWN in Physical is 1The number of interface that isUP in Protocol is 6The number of interface that isDOWN in Protocol is 3 Interface IP Address/Mask PhysicalProtocolDialer1 200.1.1.6/32 up up(s) GigabitEthernet0/0/0 unassigned up down GigabitEthernet0/0/0.1 192.168.10.1/24 up up GigabitEthernet0/0/0.2 192.168.20.1/24 up up GigabitEthernet0/0/0.3 192.168.30.1/24 up up GigabitEthernet0/0/1 unassigned up down GigabitEthernet0/0/2 unassigned down down LoopBack0 2.2.2.2/32 up up(s) NULL0 unassigned up up(s)Dilaer1已顺利从PPPoE服务端协商到了IP地址200.1.1.6/32配置默认路由ip route-static0.0.0.0 0 dialer 1//默认路由下一跳指向出接口dialer 1display iprouting-table//显示IP路由表配置NAT转换(easy ip)acl 2000//访问控制例表 2000rule 5permit source any//规则5 允许所有源通过quitinterface dialer 1//进入拨号接口1nat outbound2000//NAT转换在出站方向调用ACL2000规则quit<Gateway>save allThe current configuration will be written tothe device. Are you sure to continue? (y/n):y
最终测试:PS:如果ISP设备为自带网关无需拨号怎么办,则无需配置拨号规则,直接在配置默认路由时把下一跳地址指向本路由获取的IP地址即可。
页:
[1]
