【网工】华为配置专题进阶篇②

目录

■DHCP NAT BFD 策略路由

▲掩码与反掩码总结

▲综合实验

■DHCP NAT BFD 策略路由

▲掩码与反掩码总结

• 使用掩码的场景：IP地址强相关

场景一：IP地址配置

ip address 192.168.1.1 255.255.255.0 或ip address 192.168.1.1 24

场景二：DHCP配置

network 192.168.1.0 mask 255.255.255.0或network 192.168.1.0 mask 24 

• 使用反掩码的场景

场景一：ACL

rule 10 permit source 192.168.1.1 0 或rule 10 permit source 192.168.1.1 0.0.0.0

rule 10 permit source 192.168.1.0  0.0.0.255

场景二：OSPF路由宣告

network 192.168.1.0 0.0.0.255 //宣告192.168.1.0网段

• RIP路由宣告不需要掩码或反掩码，宣告主类网络（ABC类主类IP地址掩码分别为/8/16/24）：

network 10.0.0.0

network 172.16.0.0

network 192.168.1.0

▲综合实验

• 接入交换机ACSW配置

<Huawei>system-view

[Huawei]sysname Acsw

[Acsw]vlan batch 10 20

[Acsw]interface GigabitEthernet 0/0/1

[Acsw-GigabitEthernet0/0/1]port link-type access

[Acsw-GigabitEthernet0/0/1]port default vlan 10 

[Acsw-GigabitEthernet0/0/1]quit 

[Acsw]interface GigabitEthernet 0/0/2

[Acsw-GigabitEthernet0/0/2]port link-type access

[Acsw-GigabitEthernet0/0/2]port default vlan 20

[Acsw-GigabitEthernet0/0/2]quit

[Acsw]interface GigabitEthernet 0/0/3

[Acsw-GigabitEthernet0/0/3]port link-type trunk 

[Acsw-GigabitEthernet0/0/3]port trunk allow-pass vlan all

• 核心交换机的配置

下行接口以及网关

[Coresw]vlan batch 10 20 30

[Coresw]interface Vlanif 10

[Coresw-Vlanif10]ip address 192.168.10.254 24

[Coresw-Vlanif10]quit

[Coresw]interface Vlanif 20

[Coresw-Vlanif20]ip address 192.168.20.254 24

[Coresw-Vlanif20]quit

[Coresw]interface GigabitEthernet 0/0/3

[Coresw-GigabitEthernet0/0/3]port link-type trunk 

[Coresw-GigabitEthernet0/0/3]port trunk allow-pass vlan all

配置DHCP

vlanif10 全局模式

[Coresw]dhcp enable 

[Coresw]ip pool 10

[Coresw-ip-pool-10]network 192.168.10.0 mask 24

[Coresw-ip-pool-10]gateway-list 192.168.10.254

[Coresw-ip-pool-10]dns-list 8.8.8.8

[Coresw-ip-pool-10]lease day 5  

[Coresw-ip-pool-10]excluded-ip-address 192.168.10.2 192.168.10.253

[Coresw-ip-pool-10]quit               

[Coresw]interface Vlanif 10      

[Coresw-Vlanif10]dhcp select global 

vlanif20 接口模式

[Coresw-Vlanif20]dhcp select interface

[Coresw-Vlanif20]dhcp server excluded-ip-address 192.168.20.2 192.168.20.253

[Coresw-Vlanif20]dhcp server dns-list 114.114.114.114

[Coresw-Vlanif20]dhcp server lease day 4 hour 4 minute 4

• 核心交换机上层接口

[Coresw]interface GigabitEthernet 0/0/1

[Coresw-GigabitEthernet0/0/1]port link-type access 

[Coresw-GigabitEthernet0/0/1]port default vlan 30

[Coresw-GigabitEthernet0/0/1]quit

[Coresw]interface Vlanif 30

[Coresw-Vlanif30]ip address 192.168.30.254 24

指定核心交换机的默认路由 出口路由器无法nat设置完之后

[Coresw]ip route-static 0.0.0.0 0 192.168.30.3

• 出口路由器配置（下行口）

<Route>system-view

[Route]interface GigabitEthernet 0/0/1

[Route-GigabitEthernet0/0/1]ip address 192.168.30.3 24

可以使用静态路由来使route有返回到主机的路由条目（但本实验不这么做，选用动态路由协议）

[route]ip route-static 192.168.10.0 255.255.255.0 192.168.30.254

动态路由协议：RIP

[Route]rip          

[Route-rip-1]version 2

[Route-rip-1]network 192.168.30.0

[Coresw]rip          

[Coresw-rip-1]version 2

[Coresw-rip-1]network 192.168.10.0

[Coresw-rip-1]network 192.168.20.0

[Coresw-rip-1]network 192.168.30.0

[Route]undo rip 1

[Coresw]undo rip 1

动态路由协议：OSPF

[Route]ospf 1

[Route-ospf-1]area 0

[Route-ospf-1-area-0.0.0.0]network 192.168.30.0 0.0.0.255

[Coresw]ospf 1

[Coresw-ospf-1]area 0

[Coresw-ospf-1-area-0.0.0.0]network 192.168.10.0 0.0.0.255

[Coresw-ospf-1-area-0.0.0.0]network 192.168.20.0 0.0.0.255

[Coresw-ospf-1-area-0.0.0.0]network 192.168.30.0 0.0.0.255

• 路由器的两个上行接口

上行接口IP地址配置：

[Route]interface GigabitEthernet 0/0/0

[Route-GigabitEthernet0/0/0]ip address 12.1.1.3 24

[Route-GigabitEthernet0/0/0]quit

[Route]interface GigabitEthernet 0/0/2

[Route-GigabitEthernet0/0/2]ip address 23.1.1.3 24

出口路由器做NAT在电信和联通配置RIP之后

[Route]acl 2000

[Route-acl-basic-2000]rule 5 permit source 192.168.10.0 0.0.0.255

[Route-acl-basic-2000]rule 10 permit source 192.168.20.0 0.0.0.255

[Route-acl-basic-2000]quit

[Route]interface GigabitEthernet 0/0/0

[Route-GigabitEthernet0/0/0]nat outbound 2000

[Route]interface GigabitEthernet 0/0/2

[Route-GigabitEthernet0/0/2]nat outbound 2000

• 电信路由器

电信路由器配置IP地址：

[dianxin]interface GigabitEthernet 0/0/0

[dianxin-GigabitEthernet0/0/0]ip address 12.1.1.1 24

[dianxin-GigabitEthernet0/0/0]quit

[dianxin]interface GigabitEthernet 0/0/1

[dianxin-GigabitEthernet0/0/1]ip address 100.1.1.1 24

[dianxin-GigabitEthernet0/0/1]quit

[dianxin]interface LoopBack 0

[dianxin-LoopBack0]ip address 1.1.1.1 24

配置rip...

• 联通路由器

联通路由器配置IP地址：

<liantong>system-view

[liantong]interface GigabitEthernet 0/0/1

[liantong-GigabitEthernet0/0/1]ip address 100.1.1.2 24

[liantong-GigabitEthernet0/0/1]quit

[liantong]interface GigabitEthernet 0/0/2

[liantong-GigabitEthernet0/0/2]ip address 23.1.1.2 24

[liantong-GigabitEthernet0/0/2]quit

[liantong]interface LoopBack 0         

[liantong-LoopBack0]ip address 2.2.2.2 24

配置rip...

给核心交换机配置默认路由完成之后还是无法通信，是因为出口路由器没有做默认路由，如果要做浮动路由，需要更改两条路由的优先级

静态路由和默认路由的优先级都是60    

[Route]ip route

[Route]ip route-static 0.0.0.0 0 12.1.1.1 preference 50

[Route]ip route-static 0.0.0.0 0 23.1.1.2

要使用BGF所以默认路由先不用了，实际上只有默认路由也无法完成需求

[Route]undo ip route-static 0.0.0.0 0 12.1.1.1

[Route]undo ip route-static 0.0.0.0 0 23.1.1.2

• 出口路由器BFD的配置，为了保证电信挂了以后可以走联通的网络

[Route]bfd     

[Route-bfd]quit

[Route]bfd dianxin bind peer-ip 12.1.1.1 source-ip 12.1.1.3 auto   

[Route-bfd-session-dianxin]quit

电信那一边配置bfd （因为不支持单臂回声，实际项目可以配置单边）

[dianxin]bfd

[dianxin-bfd]quit

[dianxin]bfd dianxin bind peer-ip 12.1.1.3 source-ip 12.1.1.1 auto 

[dianxin-bfd-session-dianxin]display bfd session all 

track追踪，BFD两边配置，两边ping不通的时候就是挂了，该链路的路由会被删除

[Route]ip route-static 0.0.0.0 0 12.1.1.1 preference 50 track bfd-session dianxin

[Route]ip route-static 0.0.0.0 0.0.0.0 23.1.1.2 #bfd链路挂了就走这个

• 策略路由配置

首先删除两个默认路由

[Route]undo ip route-static 0.0.0.0 0 23.1.1.2

[Route]undo ip route-static 0.0.0.0 0 12.1.1.1

• 策略路由设置

策略路由vlan10走电信出口，vlan20走联通出口

具体步骤：

①配置ACL，匹配流量

②流分类

③流行为

④流策略（绑定流分类流行为）

⑤入接口应用策略路由

策略路由配置在入接口是因为要匹配两个网段的地址 放在任意一个出接口都不能对另一个网段进行匹配

<Route>system-view

配置ACL

[Route]acl 2010

[Route-acl-basic-2010]rule 10 permit source 192.168.10.0 0.0.0.255

[Route-acl-basic-2010]quit  

[Route]acl 2020

[Route-acl-basic-2020]rule 10 permit source 192.168.20.0 0.0.0.255  

配置流分类

[Route]traffic classifier vlan10

[Route-classifier-vlan10]if-match acl 2010

[Route-classifier-vlan10]quit

[Route]traffic classifier vlan20

[Route-classifier-vlan20]if-match acl 2020

[Route-classifier-vlan20]quit

配置流行为

[Route]traffic behavior dianxin

[Route-behavior-dianxin]redirect ip-nexthop 12.1.1.1

[Route-behavior-dianxin]quit

[Route]traffic behavior liantong

[Route-behavior-liantong]redirect ip-nexthop 23.1.1.2

[Route-behavior-liantong]quit

配置流策略

[Route]traffic policy 10,20-dl

[Route-trafficpolicy-10,20-dl]classifier vlan10 behavior dianxin

[Route-trafficpolicy-10,20-dl]classifier vlan20 behavior liantong

[Route-trafficpolicy-10,20-dl]quit

入接口应用策略路由

[Route-GigabitEthernet0/0/1]traffic-policy 10,20-dl inbound 

Step1:配置ACL,匹配流量

[router] acl 3010

[router-acl-adv-3010] rule 10 permit ip source any destination 1.1.1.0 0.0.0.255 //匹配任意源地址去往电信服务器1.1.1.1的流量

[router-acl-adv-3010] acl 3020

[router-acl-adv-3020] rule 10 permit ip source any destination 2.2.2.0 0.0.0.255 //匹配任意源地址去往联通服务器2.2.2.2的流量其他配置略，与实验三一样。

至此，本文分享的内容就结束了。