掩码与反掩码总结
- 使用掩码的场景:IP地址强相关
- 场景一:IP地址配置 ip address 192.168.1.1 255.255.255.0 或 ip address192.168.1.1 24
- 场景二:DHCP配置network 192.168.1.0 mask 255.255.255.0 或network 192.168.1.0 mask 24
- 使用反掩码的场景
- 场景一:ACL rule 10 permit source 192.168.1.1 0 或 rule 10 permit source 192.168.1.1 0.0.0.0
rule 10 permit source 192.168.1.0 0.0.0.255 - 场景二:OSPF路由宣告
- network 192.168.1.0 0.0.0.255 //宣告192.168.1.0网段
- 场景一:ACL rule 10 permit source 192.168.1.1 0 或 rule 10 permit source 192.168.1.1 0.0.0.0
- RIP路由宣告不需要掩码或反掩码,宣告主类网络(ABC类主类IP地址掩码分别为/8/16/24):
- network 10.0.0.0
- network 172.16.0.0
- network 192.168.1.0
综合实验
1.拓扑图
配置VLAN
配置truck口
<acsw>
<acsw>sys
[acsw]interface GigabitEthernet 0/0/3
[acsw-GigabitEthernet0/0/3]port link-type ?
access Access port
dot1q-tunnel QinQ port
hybrid Hybrid port
trunk Trunk port
[acsw-GigabitEthernet0/0/3]port link-type trunk
[acsw-GigabitEthernet0/0/3]port trunk allow-pass vlan ?
INTEGER<1-4094> VLAN ID
all All
[acsw-GigabitEthernet0/0/3]port trunk allow-pass vlan 10 20
<Huawei>sys
[Huawei]sysname acsw
[acsw]undo info-center enable
批量创建VLAN
[acsw]vlan batch 10 20
[acsw]dis vlan summary
[acsw]
进入VLAN10视图
[acsw]interface Vlanif 10
配置VLAN10的IP地址网关
[acsw-Vlanif10]ip address 192.168.10.254 24
[acsw-Vlanif10]q
进入VLAN20视图
[acsw]interface Vlanif 20
配置VLAN20的IP地址网关
[acsw-Vlanif20]ip address 192.168.20.254 24
[acsw-Vlanif20]q
进入接口视图
[acsw]int g0/0/1
配置接口类型
[acsw-GigabitEthernet0/0/1]port link-type access
配置接口默认VLAN
[acsw-GigabitEthernet0/0/1]port default vlan 10
[acsw-GigabitEthernet0/0/1]int g0/0/2
[acsw-GigabitEthernet0/0/2]port link-type access
[acsw-GigabitEthernet0/0/2]port default vlan 20
[acsw-GigabitEthernet0/0/2]q
[acsw]q
<acsw>save
<acsw>ping 192.168.10.1
<acsw>dis ip routing-table
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Routing Tables: Public
Destinations : 6 Routes : 6
Destination/Mask Proto Pre Cost Flags NextHop Interface
127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0
127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0
192.168.10.0/24 Direct 0 0 D 192.168.10.254 Vlanif10
192.168.10.254/32 Direct 0 0 D 127.0.0.1 Vlanif10
192.168.20.0/24 Direct 0 0 D 192.168.20.254 Vlanif20
192.168.20.254/32 Direct 0 0 D 127.0.0.1 Vlanif20
<acsw>
测试PC1和PC2是否连通。
2.DHCP配置(自己做实验时在接入交换机配置)
基于接口的DHCP配置
<acsw>sys
[acsw]dhcp enable
[acsw]interface Vlanif 10
[acsw-Vlanif10]dhcp select interface
[acsw-Vlanif10]dhcp server dns-list 8.8.8.8
[acsw-Vlanif10]dhcp server excluded-ip-address 192.168.10.11 192.168.10.252
[acsw-Vlanif10]dhcp server lease day 30
[acsw-Vlanif10]display this
#
interface Vlanif10
ip address 192.168.10.254 255.255.255.0
dhcp select interface
dhcp server excluded-ip-address 192.168.10.11 192.168.10.253
dhcp server lease day 30 hour 0 minute 0
dhcp server dns-list 8.8.8.8
#
return
[acsw-Vlanif10]
查看PC1的地址信息
PC>ipconfig /renew
IP Configuration
Link local IPv6 address...........: fe80::5689:98ff:fe9a:822
IPv6 address......................: :: / 128
IPv6 gateway......................: ::
IPv4 address......................: 192.168.10.10
Subnet mask.......................: 255.255.255.0
Gateway...........................: 192.168.10.254
Physical address..................: 54-89-98-9A-08-22
DNS server........................: 8.8.8.8
基于全局的DHCP配置
<acsw>sys
[acsw]interface Vlanif 20
[acsw-Vlanif20]dhcp select global
[acsw-Vlanif20]q
[acsw]ip pool 20
Info:It's successful to create an IP address pool.
[acsw-ip-pool-20]network 192.168.20.0 mask 24
[acsw-ip-pool-20]gateway-list 192.168.20.254
[acsw-ip-pool-20]dns-list 8.8.8.8
[acsw-ip-pool-20]lease 30
[acsw-ip-pool-20]excluded-ip-address 192.168.20.11 192.168.20.253
[acsw-ip-pool-20]q
[acsw]interface Vlanif 20
[acsw-Vlanif20]dis this
#
interface Vlanif20
ip address 192.168.20.254 255.255.255.0
dhcp select global
#
return
[acsw-Vlanif20]
查看PC2的IP信息
PC>ipconfig
Link local IPv6 address...........: fe80::5689:98ff:fe3c:6cdd
IPv6 address......................: :: / 128
IPv6 gateway......................: ::
IPv4 address......................: 192.168.20.10
Subnet mask.......................: 255.255.255.0
Gateway...........................: 192.168.20.254
Physical address..................: 54-89-98-3C-6C-DD
DNS server........................: 8.8.8.8
3.DHCP配置(课程是在核心交换机中配置)
配置truck口
<Huawei>system-view
[Huawei]sysname coresw
[coresw]undo info-center enable
[coresw]vlan batch 10 20 30
[coresw]int g0/0/1
[coresw-GigabitEthernet0/0/1]port link-type trunk
[coresw-GigabitEthernet0/0/1]port trunk allow-pass vlan 10 20
[coresw-GigabitEthernet0/0/1]q
配置VLAN
[coresw]interface vlan
[coresw]interface Vlanif 10
[coresw-Vlanif10]ip address 192.168.10.254 24
[coresw-Vlanif10]int vlan 20
[coresw-Vlanif20]ip add 192.168.20.254 24
[coresw-Vlanif20]int vlan 30
[coresw-Vlanif30]ip add 192.168.30.254 24
[coresw-Vlanif30]
删除acsw的DHCP配置
<acsw>sys
Enter system view, return user view with Ctrl+Z.
[acsw]int vlan 10
[acsw-Vlanif10]undo dhcp select interface
[acsw-Vlanif10]q
[acsw]int vlan 20
[acsw-Vlanif20]undo dhcp select global
[acsw-Vlanif20]q
配置DHCP
[coresw]dhcp enable
[coresw]ip pool vlan10
[coresw-ip-pool-vlan10]network 192.168.10.0 mask 24
[coresw-ip-pool-vlan10]gateway-list 8.8.8.8
[coresw-ip-pool-vlan10]lease day 30
[coresw-ip-pool-vlan10]excluded-ip-address 192.168.10.2 192.168.10.253
[coresw-ip-pool-vlan10]q
[coresw]int vlanif 10
[coresw-Vlanif10]dhcp select global
[coresw-Vlanif10]q
<coresw>system-view
[coresw]ip pool vlan20
[coresw-ip-pool-vlan20]network 192.168.20.0 mask 24
[coresw-ip-pool-vlan20]gateway-list 192.168.20.254
[coresw-ip-pool-vlan20]dns-list 8.8.8.8
[coresw-ip-pool-vlan20]lease day 30
[coresw-ip-pool-vlan20]excluded-ip-address 192.168.20.2 192.168.20.253
[coresw-ip-pool-vlan20]q
[coresw]int vlanif 20
[coresw-Vlanif20]dhcp select global
[coresw-Vlanif20]q
PC1获得的新IP地址
PC>ipconfig /renew
IP Configuration
Link local IPv6 address...........: fe80::5689:98ff:fe9a:822
IPv6 address......................: :: / 128
IPv6 gateway......................: ::
IPv4 address......................: 192.168.10.1
Subnet mask.......................: 255.255.255.0
Gateway...........................: 192.168.10.254
Physical address..................: 54-89-98-9A-08-22
DNS server........................: 8.8.8.8
PC2获得的新IP地址
PC>ipconfig /renew
IP Configuration
Link local IPv6 address...........: fe80::5689:98ff:fe3c:6cdd
IPv6 address......................: :: / 128
IPv6 gateway......................: ::
IPv4 address......................: 192.168.20.1
Subnet mask.......................: 255.255.255.0
Gateway...........................: 192.168.20.254
Physical address..................: 54-89-98-3C-6C-DD
DNS server........................: 8.8.8.8
PC1 ping PC2的通信过程是怎样的?
1.PC1判断目的IP是否在同一个网段。
192.168.10.1 ping 192.168.20.1的原理
192.168.20.1 /24 = 192.168.20.0
192.168.10.1/24 = 192.168.10.0
判断不在同一个网段,扔给网关(核心交换机)作判断,查询路由表dis ip routing-table
2.PC2进行回包。
原理同上。
4.配置出口路由器(router)
4.1配置出口路由器IP地址
在核心交换机中进行配置:
[coresw]int g0/0/2
[coresw-GigabitEthernet0/0/2]port link-type access
[coresw-GigabitEthernet0/0/2]port default vlan 30
[coresw-GigabitEthernet0/0/2]q
[coresw]int vlan 30
[coresw-Vlanif30]ip add 192.168.30.254 24
在router中配置IP地址
[router]int g0/0/0
[router-GigabitEthernet0/0/0]ip add 192.168.30.3 24
[router-GigabitEthernet0/0/0]int g0/0/1
[router-GigabitEthernet0/0/1]ip add 12.1.1.3 24
[router-GigabitEthernet0/0/1]int g0/0/2
[router-GigabitEthernet0/0/2]ip add 23.1.1.3 24
[router-GigabitEthernet0/0/2]q
测试一下直连
[coresw]ping 192.168.30.254
PING 192.168.30.254: 56 data bytes, press CTRL_C to break
Reply from 192.168.30.254: bytes=56 Sequence=1 ttl=255 time=10 ms
5.连通路由器和核心交换机
在PC1中ping 192.168.30.3 报文可以到达router 但是没有回去的路由,下面查看router和核心交换机的路由表
查看router的路由表:没有10.0和20.0网段的路由
<router>dis ip routing-table
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Routing Tables: Public
Destinations : 13 Routes : 13
Destination/Mask Proto Pre Cost Flags NextHop Interface
12.1.1.0/24 Direct 0 0 D 12.1.1.3 GigabitEthernet
0/0/1
12.1.1.3/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/1
12.1.1.255/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/1
23.1.1.0/24 Direct 0 0 D 23.1.1.3 GigabitEthernet
0/0/2
23.1.1.3/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/2
23.1.1.255/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/2
127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0
127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0
127.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
192.168.30.0/24 Direct 0 0 D 192.168.30.3 GigabitEthernet
0/0/0
192.168.30.3/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/0
192.168.30.255/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/0
255.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
核心交换机的路由表:
[coresw]dis ip routing-table
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Routing Tables: Public
Destinations : 8 Routes : 8
Destination/Mask Proto Pre Cost Flags NextHop Interface
127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0
127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0
192.168.10.0/24 Direct 0 0 D 192.168.10.254 Vlanif10
192.168.10.254/32 Direct 0 0 D 127.0.0.1 Vlanif10
192.168.20.0/24 Direct 0 0 D 192.168.20.254 Vlanif20
192.168.20.254/32 Direct 0 0 D 127.0.0.1 Vlanif20
192.168.30.0/24 Direct 0 0 D 192.168.30.254 Vlanif30
192.168.30.254/32 Direct 0 0 D 127.0.0.1 Vlanif30
方法一:在router中配置静态路由
[router]ip route-static 192.168.10.0 24 192.168.30.254
[router]ip route-static 192.168.20.0 24 192.168.30.254
[router]dis ip routing-table
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Routing Tables: Public
Destinations : 14 Routes : 14
Destination/Mask Proto Pre Cost Flags NextHop Interface
12.1.1.0/24 Direct 0 0 D 12.1.1.3 GigabitEthernet
0/0/1
12.1.1.3/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/1
12.1.1.255/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/1
23.1.1.0/24 Direct 0 0 D 23.1.1.3 GigabitEthernet
0/0/2
23.1.1.3/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/2
23.1.1.255/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/2
127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0
127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0
127.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
192.168.10.0/24 Static 60 0 RD 192.168.30.254 GigabitEthernet
0/0/0
192.168.30.0/24 Direct 0 0 D 192.168.30.3 GigabitEthernet
0/0/0
192.168.30.3/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/0
192.168.30.255/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/0
255.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
方法二:使用动态路由之RIP
先删除之前的静态路由
[router]undo ip route-static 192.168.10.0 24 192.168.30.254
在出口路由器中配置
[router]rip 1
[router-rip-1]version 2
[router-rip-1]network 192.168.30.0
在核心交换机中配置
[coresw]rip
[coresw-rip-1]version 2
[coresw-rip-1]network 192.168.10.0
[coresw-rip-1]network 192.168.20.0
[coresw-rip-1]network 192.168.30.0
[coresw-rip-1]q
测试:
PC>ping 192.168.30.3
Ping 192.168.30.3: 32 data bytes, Press Ctrl_C to break
From 192.168.30.3: bytes=32 seq=1 ttl=254 time=63 ms
From 192.168.30.3: bytes=32 seq=2 ttl=254 time=78 ms
数据通信的本质就是有路由信息
方法三:使用动态路由之OSPF
先删除之前的RIP配置
[router]undo rip 1
Warning: The RIP process will be deleted. Continue?[Y/N]y
[router]
[coresw]undo rip 1
Warning: The RIP process will be deleted. Continue?[Y/N]y
[coresw]
配置OSPF
1.核心交换机配置OSPF
[coresw]ospf
[coresw-ospf-1]area 0
[coresw-ospf-1-area-0.0.0.0]network 192.168.10.0 0.0.0.255
[coresw-ospf-1-area-0.0.0.0]network 192.168.20.0 0.0.0.255
[coresw-ospf-1-area-0.0.0.0]network 192.168.30.0 0.0.0.255
[coresw-ospf-1-area-0.0.0.0]q
2.在出口路由器上配置OSPF
[router]ospf 1
[router-ospf-1]area 0
[router-ospf-1-area-0.0.0.0]network 192.168.30.0 0.0.0.255
[router-ospf-1-area-0.0.0.0]q
[router]dis ospf peer brief
OSPF Process 1 with Router ID 192.168.30.3
Peer Statistic Information
----------------------------------------------------------------------------
Area Id Interface Neighbor id State
0.0.0.0 GigabitEthernet0/0/0 192.168.10.254 Full
----------------------------------------------------------------------------
[router]
在PC中测试
PC>ping 192.168.30.3 -t
Ping 192.168.30.3: 32 data bytes, Press Ctrl_C to break
From 192.168.30.3: bytes=32 seq=1 ttl=254 time=63 ms
From 192.168.30.3: bytes=32 seq=2 ttl=254 time=62 ms
经过上述的配置,内外部分已经配置完成。
6.配置外网部分
6.1.配置IP地址
配置电信dianxin的IP地址
<Huawei>sys
[Huawei]undo info-center enable
[Huawei]sysname dianxin
[dianxin]int g0/0/0
[dianxin-GigabitEthernet0/0/0]ip add 12.1.1.1 24
[dianxin-GigabitEthernet0/0/0]int g0/0/1
[dianxin-GigabitEthernet0/0/1]ip add 100.1.1.1 24
[dianxin-GigabitEthernet0/0/1]q
配置测试地址,回环口
[dianxin]int LoopBack 0
[dianxin-LoopBack0]ip add 1.1.1.1 24
[dianxin-LoopBack0]q
配置联通liantong的IP地址
<Huawei>sys
[Huawei]sysname liantong
[liantong]int g0/0/0
[liantong-GigabitEthernet0/0/0]ip add 23.1.1.2 24
[liantong-GigabitEthernet0/0/0]int g0/0/1
[liantong-GigabitEthernet0/0/1]ip add 100.1.1.2 24
[liantong-GigabitEthernet0/0/1]q
[liantong]int LoopBack 0
[liantong-LoopBack0]ip add 2.2.2.2 24
[liantong-LoopBack0]q
配置完毕之后测试直连是否连通。
6.2配置电信、联通之间的路由
实现彼此之间能学到路由信息
通过RIP协议实现路由自动学习
[dianxin]rip
[dianxin-rip-1]version 2
[dianxin-rip-1]network 100.0.0.0
[dianxin-rip-1]network 12.0.0.0
[dianxin-rip-1]undo network 2.0.0.0
[dianxin-rip-1]network 1.0.0.0
[dianxin-rip-1]q
[liantong]rip 1
[liantong-rip-1]ver 2
[liantong-rip-1]net 100.0.0.0
[liantong-rip-1]network 23.0.0.0
[liantong-rip-1]network 2.0.0.0
[liantong-rip-1]q
6.3配置NAT
在出口路由器上配置
[router]acl 2000
[router-acl-basic-2000]rule 10 permit source 192.168.10.0 0.0.0.255
[router-acl-basic-2000]rule 20 permit source 192.168.20.0 0.0.0.255
[router-acl-basic-2000]q
[router]int g0/0/1
[router-GigabitEthernet0/0/1]nat outbound 2000
[router-GigabitEthernet0/0/1]int g0/0/2
[router-GigabitEthernet0/0/2]nat outbound 2000
[router-GigabitEthernet0/0/2]q
测试:
PC>ping 1.1.1.1
Ping 1.1.1.1: 32 data bytes, Press Ctrl_C to break
Request timeout!
Request timeout!
Request timeout!
Request timeout!
Request timeout!
不通的原因:
在核心交换机中查询路由信息,没有1.1.1.1的路由
<coresw>dis ip routing-table
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Routing Tables: Public
Destinations : 8 Routes : 8
Destination/Mask Proto Pre Cost Flags NextHop Interface
127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0
127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0
192.168.10.0/24 Direct 0 0 D 192.168.10.254 Vlanif10
192.168.10.254/32 Direct 0 0 D 127.0.0.1 Vlanif10
192.168.20.0/24 Direct 0 0 D 192.168.20.254 Vlanif20
192.168.20.254/32 Direct 0 0 D 127.0.0.1 Vlanif20
192.168.30.0/24 Direct 0 0 D 192.168.30.254 Vlanif30
192.168.30.254/32 Direct 0 0 D 127.0.0.1 Vlanif30
解决方案第一步:在核心交换机配置静态路由
[coresw]ip route-static 0.0.0.0 0 192.168.30.3
测试之后还是不通,查看出口路由表,没有1.1.1.1的路由信息
<router>dis ip routing-table
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Routing Tables: Public
Destinations : 15 Routes : 15
Destination/Mask Proto Pre Cost Flags NextHop Interface
12.1.1.0/24 Direct 0 0 D 12.1.1.3 GigabitEthernet0/0/1
12.1.1.3/32 Direct 0 0 D 127.0.0.1 GigabitEthernet0/0/1
12.1.1.255/32 Direct 0 0 D 127.0.0.1 GigabitEthernet0/0/1
23.1.1.0/24 Direct 0 0 D 23.1.1.3 GigabitEthernet0/0/2
23.1.1.3/32 Direct 0 0 D 127.0.0.1 GigabitEthernet0/0/2
23.1.1.255/32 Direct 0 0 D 127.0.0.1 GigabitEthernet0/0/2
127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0
127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0
127.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
192.168.10.0/24 OSPF 10 2 D 192.168.30.254 GigabitEthernet0/0/0
192.168.20.0/24 OSPF 10 2 D 192.168.30.254 GigabitEthernet0/0/0
192.168.30.0/24 Direct 0 0 D 192.168.30.3 GigabitEthernet0/0/0
192.168.30.3/32 Direct 0 0 D 127.0.0.1 GigabitEthernet0/0/0
192.168.30.255/32 Direct 0 0 D 127.0.0.1 GigabitEthernet0/0/0
255.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
<router>
在出口路由器配置静态路由,默认优先级是60,修改成50更加优先,默认走dianxin这条路由
[router]ip route-static 0.0.0.0 0 12.1.1.1 preference 50
[router]ip route-static 0.0.0.0 0 23.1.1.2
[router]dis ip routing-table
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Routing Tables: Public
Destinations : 16 Routes : 16
Destination/Mask Proto Pre Cost Flags NextHop Interface
0.0.0.0/0 Static 50 0 RD 12.1.1.1 GigabitEthernet0/0/1
12.1.1.0/24 Direct 0 0 D 12.1.1.3 GigabitEthernet0/0/1
12.1.1.3/32 Direct 0 0 D 127.0.0.1 GigabitEthernet0/0/1
12.1.1.255/32 Direct 0 0 D 127.0.0.1 GigabitEthernet0/0/1
23.1.1.0/24 Direct 0 0 D 23.1.1.3 GigabitEthernet0/0/2
23.1.1.3/32 Direct 0 0 D 127.0.0.1 GigabitEthernet0/0/2
23.1.1.255/32 Direct 0 0 D 127.0.0.1 GigabitEthernet0/0/2
127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0
127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0
127.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
192.168.10.0/24 OSPF 10 2 D 192.168.30.254 GigabitEthernet0/0/0
192.168.20.0/24 OSPF 10 2 D 192.168.30.254 GigabitEthernet0/0/0
192.168.30.0/24 Direct 0 0 D 192.168.30.3 GigabitEthernet0/0/0
192.168.30.3/32 Direct 0 0 D 127.0.0.1 GigabitEthernet0/0/0
192.168.30.255/32 Direct 0 0 D 127.0.0.1 GigabitEthernet0/0/0
255.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
测试之后:
PC>ping 1.1.1.1 -t
Ping 1.1.1.1: 32 data bytes, Press Ctrl_C to break
From 1.1.1.1: bytes=32 seq=1 ttl=253 time=62 ms
From 1.1.1.1: bytes=32 seq=2 ttl=253 time=47 ms
From 1.1.1.1: bytes=32 seq=3 ttl=253 time=62 ms
6.4配置BFD监测
在出口路由器配置
[router]bfd
[router-bfd]q
[router]bfd dianxin bind peer-ip 12.1.1.1 source-ip 12.1.1.3 ?
auto Auto-negotiate discriminator
<cr> Please press ENTER to execute command
[router]bfd dianxin bind peer-ip 12.1.1.1 source-ip 12.1.1.3 auto
[router-bfd-session-dianxin]q
模拟器不支持单边监测,需要配置双边
[dianxin]bfd
[dianxin-bfd]q
[dianxin]bfd dianxin bind peer-ip 12.1.1.3 source-ip 12.1.1.1 auto
[dianxin-bfd-session-dianxin]q
[dianxin]dis bfd session all
--------------------------------------------------------------------------------
Local Remote PeerIpAddr State Type InterfaceName
--------------------------------------------------------------------------------
8192 8192 12.1.1.3 Up S_AUTO_PEER -
--------------------------------------------------------------------------------
Total UP/DOWN Session Number : 1/0
在出口路由器进行跟踪
[router]ip route-static 0.0.0.0 0 12.1.1.1 preference 50 track bfd-session dianxin
[router]dis ip routing-table
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Routing Tables: Public
Destinations : 16 Routes : 16
Destination/Mask Proto Pre Cost Flags NextHop Interface
0.0.0.0/0 Static 50 0 RD 12.1.1.1 GigabitEthernet0/0/1
12.1.1.0/24 Direct 0 0 D 12.1.1.3 GigabitEthernet0/0/1
12.1.1.3/32 Direct 0 0 D 127.0.0.1 GigabitEthernet0/0/1
12.1.1.255/32 Direct 0 0 D 127.0.0.1 GigabitEthernet0/0/1
23.1.1.0/24 Direct 0 0 D 23.1.1.3 GigabitEthernet0/0/2
23.1.1.3/32 Direct 0 0 D 127.0.0.1 GigabitEthernet0/0/2
23.1.1.255/32 Direct 0 0 D 127.0.0.1 GigabitEthernet0/0/2
127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0
127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0
127.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
192.168.10.0/24 OSPF 10 2 D 192.168.30.254 GigabitEthernet0/0/0
192.168.20.0/24 OSPF 10 2 D 192.168.30.254 GigabitEthernet0/0/0
192.168.30.0/24 Direct 0 0 D 192.168.30.3 GigabitEthernet0/0/0
192.168.30.3/32 Direct 0 0 D 127.0.0.1 GigabitEthernet0/0/0
192.168.30.255/32 Direct 0 0 D 127.0.0.1 GigabitEthernet0/0/0
255.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
在PC上测试
PC>tracert 1.1.1.1
traceroute to 1.1.1.1, 8 hops max
(ICMP), press Ctrl+C to stop
1 192.168.10.254 32 ms 47 ms 46 ms
2 * * *
3 1.1.1.1 63 ms 62 ms 63 ms
PC>tracert 2.2.2.2
traceroute to 2.2.2.2, 8 hops max
(ICMP), press Ctrl+C to stop
1 192.168.10.254 47 ms 31 ms 47 ms
2 * * *
3 12.1.1.1 62 ms 63 ms 62 ms
4 2.2.2.2 78 ms 94 ms 63 ms
修改IP地址之后,状况BFD状态变为down
[dianxin]int g0/0/0
[dianxin-GigabitEthernet0/0/0]ip add 12.1.1.100 24
[dianxin-GigabitEthernet0/0/0]q
[dianxin]dis bfd session all
--------------------------------------------------------------------------------
Local Remote PeerIpAddr State Type InterfaceName
--------------------------------------------------------------------------------
8192 0 12.1.1.3 Down S_AUTO_PEER -
--------------------------------------------------------------------------------
Total UP/DOWN Session Number : 0/1
出口路由器路由表改变,优先级为60的静态路由信息
[router]dis ip routing-table
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Routing Tables: Public
Destinations : 17 Routes : 16
Destination/Mask Proto Pre Cost Flags NextHop Interface
0.0.0.0/0 Static 60 0 RD 23.1.1.2 GigabitEthernet0/0/2
12.1.1.0/24 Direct 0 0 D 12.1.1.3 GigabitEthernet0/0/1
12.1.1.3/32 Direct 0 0 D 127.0.0.1 GigabitEthernet0/0/1
在PC上测试
PC>tracert 1.1.1.1
traceroute to 1.1.1.1, 8 hops max
(ICMP), press Ctrl+C to stop
1 192.168.10.254 31 ms 32 ms 47 ms
2 * * *
3 23.1.1.2 46 ms 79 ms 62 ms
4 1.1.1.1 78 ms 94 ms 62 ms
PC>tracert 2.2.2.2
traceroute to 2.2.2.2, 8 hops max
(ICMP), press Ctrl+C to stop
1 192.168.10.254 31 ms 47 ms 31 ms
2 * * *
3 2.2.2.2 47 ms 94 ms 62 ms
恢复配置
[dianxin-GigabitEthernet0/0/0]ip add 12.1.1.1 24
[dianxin-GigabitEthernet0/0/0]q
[dianxin]dis bfd session all
--------------------------------------------------------------------------------
Local Remote PeerIpAddr State Type InterfaceName
--------------------------------------------------------------------------------
8192 8192 12.1.1.3 Up S_AUTO_PEER -
--------------------------------------------------------------------------------
Total UP/DOWN Session Number : 1/0
[router]undo ip route-static 0.0.0.0 0 23.1.1.2
[router]undo ip route-static 0.0.0.0 0 12.1.1.1
7.策略路由配置
场景2:教学楼流量走电信出口,宿舍楼流量走联通出口。
场景3:访问电信的服务器走电信出口,访问联通的服务器走联通出口。
7.1配置场景2
步骤1:配置ACL,匹配流量
[router]acl 2010
[router-acl-basic-2010]rule 10 permit source 192.168.10.0 0.0.0.255
[router-acl-basic-2010]acl 2020
[router-acl-basic-2020]rule 10 permit source 192.168.20.0 0.0.0.255
[router-acl-basic-2020]q
步骤2:流分类
[router]traffic cla
[router]traffic classifier ?
STRING<1-31> Name of classifier
[router]traffic classifier jiaoxue
[router-classifier-jiaoxue]if-match acl 2010
[router-classifier-jiaoxue]q
[router]traffic classifier sushe
[router-classifier-sushe]if-match acl 2020
[router-classifier-sushe]q
步骤3:流行为
[router]traffic behavior ?
STRING<1-31> Name of behavior
[router]traffic behavior re-dianxin
[router-behavior-re-dianxin]redirect ip-nexthop 12.1.1.1
[router-behavior-re-dianxin]q
[router]traffic behavior re-liantong
[router-behavior-re-liantong]redirect ip-nexthop 23.1.1.2
[router-behavior-re-liantong]q
步骤4:流策略
[router]traffic policy p
[router-trafficpolicy-p]classifier jiaoxue behavior re-dianxin
[router-trafficpolicy-p]classifier sushe behavior re-liantong
步骤5:入接口应用策略路由
[router]int g0/0/1
[router-GigabitEthernet0/0/1]traffic-policy p inbound
在PC上测试,结果不通,下面配置出错
#
interface GigabitEthernet0/0/1
ip address 12.1.1.3 255.255.255.0
traffic-policy p inbound
nat outbound 2000
删除相应的配置
[router]int g0/0/1
[router-GigabitEthernet0/0/1]undo traffic-policy inbound
[router-GigabitEthernet0/0/1]q
重新配置:换一个接口
[router]int g0/0/0
[router-GigabitEthernet0/0/0]traffic-policy p inbound
[router-GigabitEthernet0/0/0]q
PC1重新测试:
PC>tracert 1.1.1.1
traceroute to 1.1.1.1, 8 hops max
(ICMP), press Ctrl+C to stop
1 192.168.10.254 47 ms 31 ms 47 ms
2 * * *
3 1.1.1.1 63 ms 62 ms 63 ms
PC>tracert 2.2.2.2
traceroute to 2.2.2.2, 8 hops max
(ICMP), press Ctrl+C to stop
1 192.168.10.254 46 ms 47 ms 47 ms
2 * * *
3 12.1.1.1 47 ms 63 ms 78 ms
4 2.2.2.2 93 ms 94 ms 63 ms
PC2测试:
PC>tracert 1.1.1.1
traceroute to 1.1.1.1, 8 hops max
(ICMP), press Ctrl+C to stop
1 192.168.20.254 31 ms 47 ms 31 ms
2 * * *
3 23.1.1.2 78 ms 94 ms 63 ms
4 1.1.1.1 78 ms 94 ms 62 ms
PC>tracert 2.2.2.2
traceroute to 2.2.2.2, 8 hops max
(ICMP), press Ctrl+C to stop
1 192.168.20.254 47 ms 63 ms 47 ms
2 * * *
3 2.2.2.2 62 ms 63 ms 62 ms
7.2配置场景3
本实验与场景2高度雷同,唯一不同的是,ACL基于目的地址进行匹配,那么需要高级ACL。
步骤1:配置ACL,匹配流量
[router]acl 3010
匹配任意源地址去往电信服务器1.1.1.1的流量
[router-acl-adv-3010]rule 10 permit ip source any destination 1.1.1.0 0.0.0.255
[router-acl-adv-3010]acl 3020
匹配任意源地址去往联通服务器2.2.2.2的流量
[router-acl-adv-3020]rule 10 permit ip source any destination 2.2.2.0 0.0.0.255
[router-acl-adv-3020]q
其他配置与场景2配置一样