eNSP HCIP-Datacom 园区综合实验（下）

→b站传送门，感谢大佬←

→eNSP HCIP-Datacom 园区综合实验（上）←

→eNSP HCIP-Datacom 园区综合实验（中）←

组播

CE-6

[CE-6]multicast routing-enable 

//开启pim-dm
[CE-6-GigabitEthernet0/0/1]pim
[CE-6-GigabitEthernet0/0/1]pim dm 

[CE-6-GigabitEthernet0/0/2]pim	
[CE-6-GigabitEthernet0/0/2]pim dm

[SW9]multicast routing-enable 
[SW9-Vlanif69]pim
[SW9-Vlanif69]pim dm

[SW9-Vlanif103]igmp  en
[SW9-Vlanif105]igmp  en

设置组播源并运行

配置PC10

加入并启动vlc

MP-BGP

PE-1

#
bgp 200
 peer 2.2.2.2 as-number 200 
 peer 2.2.2.2 connect-interface LoopBack0
 #
 ipv4-family unicast
  undo synchronization
  peer 2.2.2.2 enable
 # 
 ipv4-family vpnv4
  policy vpn-target
  peer 2.2.2.2 enable
#

PE-2

#
bgp 200
 peer 1.1.1.1 as-number 200 
 peer 1.1.1.1 connect-interface LoopBack0
 #
 ipv4-family unicast
  undo synchronization
  peer 1.1.1.1 enable
 # 
 ipv4-family vpnv4
  policy vpn-target
  peer 1.1.1.1 enable
#

#
 #
 ipv4-family vpn-instance vpna 
  peer 10.1.15.5 as-number 100 
#

CE-6

#
bgp 300
 peer 10.1.26.2 as-number 200 
 #
 ipv4-family unicast
  undo synchronization
  peer 10.1.26.2 enable
#

FW

#
bgp 100
 peer 10.1.15.1 as-number 200
 #
 ipv4-family unicast
  undo synchronization
  peer 10.1.15.1 enable
#

[FW1-bgp]import-route ospf 1

CE-6
isis引入bgp路由

[CE-6-isis-1]import-route bgp 

SW9有总部的路由

FW1
ospf引入bgp路由

[FW1-ospf-1]import-route bgp 

SW1也有分部的路由了

总部ping通分部

FW1

放行分部到总部的流量

[FW1-policy-security]rule name fen-to-zong

#
 rule name fen-to-zong
  source-zone untrust
  destination-zone trust
  source-address 192.168.103.0 mask 255.255.255.0
  source-address 192.168.104.0 mask 255.255.255.0
  (not configure the action)
  action permit
#

分部ping通总部

配置分部访问外网

CE-6

//访问外网默认路由
[CE-6]ip route-static 0.0.0.0 0 10.1.62.2

#
acl number 2000  
 rule 5 permit 
#

[CE-6-GigabitEthernet0/0/0.62]nat outbound 2000

//下发默认路由
[CE-6-isis-1]default-route-advertise

端口隔离与arp代理

使vlan10不能互相通信
SW3
配置二层隔离

[SW3-Ethernet0/0/3]port-isolate en
[SW3-Ethernet0/0/4]port-isolate en

但配置arp代理 仍可互相通信
SW1、SW2

[SW2-Vlanif10]arp-proxy inner-sub-vlan-proxy enable 

配置二层三层隔离
SW3

[SW3]port-isolate mode all

配置PC8与PC9互通
SW9

[SW9-Vlanif103]arp-proxy inter-sub-vlan-proxy enable