|
华为单臂路由实战详解
SW1 配置接口/vlan(24口作为上联口) <Huawei>system-view //用户视图 [Huawei]sysname sw1 //设备命名为 [sw1]vlan batch 10 20 30 //批量创建vlan [sw1]interface gigabitethernet0/0/24 //进入接口视图 [sw1-GigabitEthernet0/0/24]port link-typetrunk //接口类型骨干 [sw1-GigabitEthernet0/0/24]porttrunk allow-pass vlan all //接口放行所有vlan通过 [sw1-GigabitEthernet0/0/24]quit [sw1]port-group group-member gigabitethernet0/0/1 to gigabitethernet 0/0/8 //接口组 组成员 [sw1-port-group]port link-type access //接口类型访问 [sw1-GigabitEthernet0/0/1]port default vlan10 //接口默认vlan为10 [sw1-port-group]quit [sw1]port-group group-member gigabitethernet0/0/9 to gigabitethernet 0/0/16 [sw1-port-group]port link-type access [sw1-port-group]port default vlan 20 [sw1-port-group]quit [sw1]port-group group-member gigabitethernet0/0/17 to gigabitethernet 0/0/23 [sw1-port-group]port link-type access [sw1-port-group]port default vlan 30 [sw1-port-group]quit
校验接口vlan活动状态 [sw1]display port vlan active //显示接口vlan活动状态 T=TAG U=UNTAG ------------------------------------------------------------------------------- Port Link Type PVID VLAN List ------------------------------------------------------------------------------- GE0/0/1 access 10 U: 10 GE0/0/2 access 10 U: 10 GE0/0/3 access 10 U: 10 GE0/0/4 access 10 U: 10 GE0/0/5 access 10 U: 10 GE0/0/6 access 10 U: 10 GE0/0/7 access 10 U: 10 GE0/0/8 access 10 U: 10 GE0/0/9 access 20 U: 20 GE0/0/10 access 20 U: 20 GE0/0/11 access 20 U: 20 GE0/0/12 access 20 U: 20 GE0/0/13 access 20 U: 20 GE0/0/14 access 20 U: 20 GE0/0/15 access 20 U: 20 GE0/0/16 access 20 U: 20 GE0/0/17 access 30 U: 30 GE0/0/18 access 30 U: 30 GE0/0/19 access 30 U: 30 GE0/0/20 access 30 U: 30 GE0/0/21 access 30 U: 30 GE0/0/22 access 30 U: 30 GE0/0/23 access 30 U: 30 GE0/0/24 trunk 1 U: 1 T: 1020 30 配置环回口(用于telnet管理地址) [sw1]interface loopback 0 //创建环回口 0 [sw1-LoopBack0]ip address 1.1.1.132 //配置环回口地址 [sw1-LoopBack0]quit 配置Telnet管理用户 [sw1]user-interface vty 0 4 //用户视图vty 0 4 [sw1-ui-vty0-4]authentication aaa //认证模式 aaa [sw1-ui-vty0-4]quit [sw1]aaa //进入aaa视图 [sw1-aaa]local-user zurkj password cipheradmin1234 //本地用户 密码 [sw1-aaa]local-user zurkj service-type telnet //本地用户 服务类型 telnet [sw1-aaa]local-user zurkjprivilege level 15 //本地用户 特权级别 15 [sw1]return <sw1>save all The current configuration willbe written to the device. Are you sure to continue?[Y/N]y
Gateway 配置接口 <Huawei>system-view [Huawei]sysname Gateway [Gateway]interface gigabitethernet0/0/0.1 //创建子接口 [Gateway-GigabitEthernet0/0/0.1]dot1qtermination vid 10 //配置子接口与vlan相关联 [Gateway-GigabitEthernet0/0/0.1]ip address192.168.10.1 24 //配置网关地址 [Gateway-GigabitEthernet0/0/0.1]arp broadcastenable //开启arp广播功能 [Gateway-GigabitEthernet0/0/0.1]quit [Gateway]interfacegigabitethernet 0/0/0.2 [Gateway-GigabitEthernet0/0/0.2]dot1qtermination vid 20 [Gateway-GigabitEthernet0/0/0.2]ip address192.168.20.1 24 [Gateway-GigabitEthernet0/0/0.2]arpbroadcast enable [Gateway-GigabitEthernet0/0/0.2]quit [Gateway]interfacegigabitethernet 0/0/0.3 [Gateway-GigabitEthernet0/0/0.3]dot1qtermination vid 30 [Gateway-GigabitEthernet0/0/0.3]ip address192.168.30.1 24 [Gateway-GigabitEthernet0/0/0.3]arpbroadcast enable [Gateway-GigabitEthernet0/0/0.3]quit [Gateway]display ip interfacebrief //显示IP接口简介
配置DHCP [Gateway]dhcp enable //全局开启DHCP [Gateway]ip pool vlan10 //创建名为vlan10的地址池 [Gateway-ip-pool-vlan10]gateway-list192.168.10.1 //配置网关 [Gateway-ip-pool-vlan10]network192.168.10.0 mask 24 //配置网段 [Gateway-ip-pool-vlan10]excluded-ip-address192.168.10.200 192.168.10.254 //配置不参与分配地址 [Gateway-ip-pool-vlan10]leaseday 0 hour 12 minute 0 //配置租约时间 [Gateway-ip-pool-vlan10]dns-list114.114.114.114 8.8.8.8 //配置DNS [Gateway-ip-pool-vlan10]quit [Gateway-ip-pool-vlan20]gateway-list192.168.20.1 [Gateway-ip-pool-vlan20]network192.168.20.0 mask 24 [Gateway-ip-pool-vlan20]excluded-ip-address192.168.20.200 192.168.20.254 [Gateway-ip-pool-vlan20]leaseday 0 hour 12 minute 0 [Gateway-ip-pool-vlan20]dns-list114.114.114.114 8.8.8.8 [Gateway-ip-pool-vlan20]quit [Gateway-ip-pool-vlan30]gateway-list192.168.30.1 [Gateway-ip-pool-vlan30]network192.168.30.0 mask 24 [Gateway-ip-pool-vlan30]excluded-ip-address192.168.30.200 192.168.30.254 [Gateway-ip-pool-vlan30]leaseday 0 hour 12 minute 0 [Gateway-ip-pool-vlan30]dns-list114.114.114.114 8.8.8.8 [Gateway-ip-pool-vlan30]quit [Gateway]display ip pool ----------------------------------------------------------------------- Pool-name : vlan10 Pool-No : 0 Position : Local Status : Unlocked Gateway-0 : 192.168.10.1 Mask : 255.255.255.0 VPN instance : -- ----------------------------------------------------------------------- Pool-name : vlan20 Pool-No : 1 Position : Local Status : Unlocked Gateway-0 : 192.168.20.1 Mask : 255.255.255.0 VPN instance : -- ----------------------------------------------------------------------- Pool-name : vlan30 Pool-No : 2 Position : Local Status : Unlocked Gateway-0 : 192.168.30.1 Mask : 255.255.255.0 VPN instance : -- IP address Statistic Total :759 Used :0 Idle :594 Expired :0 Conflict :0 Disable :165 [Gateway]interfacegigabitethernet 0/0/0.1 [Gateway-GigabitEthernet0/0/0.1]dhcpselect global //子接口DHCP选择全局 [Gateway-GigabitEthernet0/0/0.1]quit [Gateway]interfacegigabitethernet 0/0/0.2 [Gateway-GigabitEthernet0/0/0.2]dhcpselect global [Gateway-GigabitEthernet0/0/0.2]quit [Gateway]interfacegigabitethernet 0/0/0.3 [Gateway-GigabitEthernet0/0/0.3]dhcpselect global [Gateway-GigabitEthernet0/0/0.3]quit [Gateway]return <Gateway>save all The current configuration will be written tothe device. Are you sure to continue? (y/n)[n]:y
检验端终获取DHCP情况 除服务器外终端使用DHCP自动获取,server手动配置地址。 内网检验OK,下面先配置运营商设备,再做Gateway连接公网。
ISP 配置PPPoE服务端(ISP只是为了配合Gateway拨号测试需要,不见得一定要掌握的技术) <Huawei>system-view [Huawei]sysname ISP 配置环回口用于模拟internet [ISP]interface loopback 1 [ISP-LoopBack1]ip address100.100.100.100 32 [ISP-LoopBack1]quit 配置提供PPPoE服务的地址池 [ISP]ip pool zurkj //创建服务端地址池 [ISP-ip-pool-zurkj]gateway-list200.1.1.1 //配置网关 [ISP-ip-pool-zurkj]network200.1.1.0 mask 29 //配置网段 掩码 [ISP-ip-pool-zurkj]dns-list114.114.114.114 8.8.8.8 //配置DNS [ISP-ip-pool-zurkj]quit 配置虚拟接口模板 [ISP]interface virtual-template1 //创建虚拟接口模板 编号1 [ISP-Virtual-Template1]pppauthentication-mode pap //PPP认证方式为PAP [ISP-Virtual-Template1]ipaddress 200.1.1.1 29 //配置地址 掩码 [ISP-Virtual-Template1]remoteaddress pool zurkj //远程地址池调用创建的zurkj地址池(此地址池用于为PPPoE Client分配地址) [ISP-Virtual-Template1]displaythis //检验虚拟接口模板配置内容 [V200R003C00] # interface Virtual-Template1 ppp authentication-mode pap remote address pool zurkj ip address 200.1.1.1 255.255.255.248 # return [ISP-Virtual-Template1]quit 配置虚拟模板绑定物理接口 [ISP]interfaceGigabitEthernet 0/0/0 [ISP-GigabitEthernet0/0/0]pppoe-serverbind virtual-template 1 //PPPoE服务绑定上虚拟接口模板1 [ISP-GigabitEthernet0/0/0]quit 配置PPPoE认证用户(提供给Client使用的认证用户) [ISP]aaa //进入aaa模式 [ISP-aaa]local-user ad123456password cipher admin1234 //创建本地用户X 密码为X [ISP-aaa]local-user ad123456service-type ppp //本地用户 服务类型为PPP用户 [ISP-aaa]return <ISP>save all The current configuration will be written tothe device. Are you sure to continue? (y/n)[n]:y
Gateway 配置网关连接外网/telnet 配置Loopback 0作为管理地址 <Gateway>system-view [Gateway]interface LoopBack 0 [Gateway-LoopBack0]ip address2.2.2.2 32 [Gateway-LoopBack0]quit 配置telnet管理用户 [Gateway]user-interface vty 0 4 //进入用户视图VTY 0 4 [Gateway-ui-vty0-4]authentication-modeaaa //认证模式为aaa [Gateway-ui-vty0-4]quit [Gateway-aaa]local-user zurkjpassword cipher admin1234 //本地用户X 密码X [Gateway-aaa]local-user zurkjservice-type telnet //本地用户 服务类型telnet [Gateway-aaa]local-user zurkjprivilege level 15 //本地用户 特权等级15 [Gateway-aaa]quit 配置拨号规则 [Gateway]dialer-rule //创建拨号规则 [Gateway-dialer-rule]dialer-rule1 ip permit //拨号规则1 请允IP触发 [Gateway-dialer-rule]quit 配置PPP [Gateway]interfacedialer 1 //创建一个拨号接口 编号1 [Gateway-Dialer1]dialer userzurkj //创建拨号用户 zurkj [Gateway-Dialer1]dialer-group1 //创建拨号组 组号1 [Gateway-Dialer1]dialerbundle 1 //拨号绑定规则 1 [Gateway-Dialer1]ppp paplocal-user ad123456 password simple admin1234 //配置拨号用户名 密码 [Gateway-Dialer1]ip addressppp-negotiate //配置IP地址由PPP自协商得来 [Gateway-Dialer1]display this //校验配置 [V200R003C00] # interface Dialer1 link-protocol ppp ppp pap local-user ad123456 password simpleadmin1234 ip address ppp-negotiate dialer user zurkj dialer bundle 1 dialer-group 1 # Return [Gateway-Dialer1]quit 配置物理接口调用dialer规则 [Gateway]interfacegigabitethernet 0/0/1 [Gateway-GigabitEthernet0/0/1]pppoe-clientdial-bundle-number 1 //配置接口为PPPoE客户端 拨号规则绑定前面创建的1号规则 [Gateway-GigabitEthernet0/0/1]quit [Gateway]display ip interfacebrief //显示IP接口简介 *down: administratively down ^down: standby (l): loopback (s): spoofing The number of interface that isUP in Physical is 8 The number of interface that isDOWN in Physical is 1 The number of interface that isUP in Protocol is 6 The number of interface that isDOWN in Protocol is 3 Interface IP Address/Mask Physical Protocol Dialer1 200.1.1.6/32 up up(s) GigabitEthernet0/0/0 unassigned up down GigabitEthernet0/0/0.1 192.168.10.1/24 up up GigabitEthernet0/0/0.2 192.168.20.1/24 up up GigabitEthernet0/0/0.3 192.168.30.1/24 up up GigabitEthernet0/0/1 unassigned up down GigabitEthernet0/0/2 unassigned down down LoopBack0 2.2.2.2/32 up up(s) NULL0 unassigned up up(s) Dilaer1已顺利从PPPoE服务端协商到了IP地址200.1.1.6/32 配置默认路由 [Gateway]ip route-static0.0.0.0 0 dialer 1 //默认路由下一跳指向出接口dialer 1 [Gateway]display iprouting-table //显示IP路由表 配置NAT转换(easy ip) [Gateway]acl 2000 //访问控制例表 2000 [Gateway-acl-basic-2000]rule 5permit source any //规则5 允许所有源通过 [Gateway-acl-basic-2000]quit [Gateway]interface dialer 1 //进入拨号接口1 [Gateway-Dialer1]nat outbound2000 //NAT转换在出站方向调用ACL2000规则 [Gateway-Dialer1]quit <Gateway>save all The current configuration will be written tothe device. Are you sure to continue? (y/n)[n]:y
最终测试:
PS:如果ISP设备为自带网关无需拨号怎么办,则无需配置拨号规则,直接在配置默认路由时把下一跳地址指向本路由获取的IP地址即可。
| 
|Archiver|手机版|小黑屋|祖瑞科技 全国计算机 网络IT运维社区!
( 沪ICP备16021636号-2 )
发表于 2021-2-5 23:33:04
