路由器构建园区网
1.模型搭建
2.基础配置过程
2.1交换机配置
法1:使用access、trunk接口配置
<Huawei>system-view
Enter system view, return user view with Ctrl+Z.
[Huawei]undo info-center enable
Info: Information center is disabled.
[Huawei]vlan batch 11 12
Info: This operation may take a few seconds. Please wait for a moment...done.
[Huawei]interface Ethernet 0/0/1
[Huawei-Ethernet0/0/1]port link-type access
[Huawei-Ethernet0/0/1]port default vlan 11
[Huawei-Ethernet0/0/1]quit
[Huawei]interface Ethernet 0/0/2
[Huawei-Ethernet0/0/2]port link-type access
[Huawei-Ethernet0/0/2]port default vlan 12
[Huawei-Ethernet0/0/2]quit
[Huawei]interface GIgabitEthernet 0/0/1
[Huawei-GigabitEthernet0/0/1]port link-type trunk
[Huawei-GigabitEthernet0/0/1]port trunk allow-pass vlan 11 12
[Huawei-GigabitEthernet0/0/1]quit测试配置是否正确:
[Huawei]display port vlan
Port Link Type PVID Trunk VLAN List
-------------------------------------------------------------------------------
Ethernet0/0/1 access 11 -
Ethernet0/0/2 access 12 -
Ethernet0/0/3 hybrid 1 -
Ethernet0/0/4 hybrid 1 -
Ethernet0/0/5 hybrid 1 -
Ethernet0/0/6 hybrid 1 -
Ethernet0/0/7 hybrid 1 -
Ethernet0/0/8 hybrid 1 -
Ethernet0/0/9 hybrid 1 -
Ethernet0/0/10 hybrid 1 -
Ethernet0/0/11 hybrid 1 -
Ethernet0/0/12 hybrid 1 -
Ethernet0/0/13 hybrid 1 -
Ethernet0/0/14 hybrid 1 -
Ethernet0/0/15 hybrid 1 -
Ethernet0/0/16 hybrid 1 -
Ethernet0/0/17 hybrid 1 -
Ethernet0/0/18 hybrid 1 -
Ethernet0/0/19 hybrid 1 -
Ethernet0/0/20 hybrid 1 -
Ethernet0/0/21 hybrid 1 -
Ethernet0/0/22 hybrid 1 -
GigabitEthernet0/0/1 trunk 1 1 11-12
GigabitEthernet0/0/2 hybrid 1 - 法2:使用hybrid接口进行配置
<Huawei>system-view
Enter system view, return user view with Ctrl+Z.
[Huawei]undo info-center enable
Info: Information center is disabled.
[Huawei]vlan batch 15 16
Info: This operation may take a few seconds. Please wait for a moment...done.
[Huawei]interface Ethernet 0/0/1
[Huawei-Ethernet0/0/1]port hybrid pvid vlan 15
[Huawei-Ethernet0/0/1]port hybrid untagged vlan 15
[Huawei-Ethernet0/0/1]quit
[Huawei]interface Ethernet 0/0/2
[Huawei-Ethernet0/0/2]port hybrid pvid vlan 16
[Huawei-Ethernet0/0/2]port hybrid untagged vlan 16
[Huawei-Ethernet0/0/2]quit
[Huawei]interface GIgabitEthernet 0/0/1
[Huawei-GigabitEthernet0/0/1]port hybrid tagged vlan 15 16
[Huawei-GigabitEthernet0/0/1]quit测试配置是否正确:
[Huawei]display port vlan
Port Link Type PVID Trunk VLAN List
-------------------------------------------------------------------------------
Ethernet0/0/1 hybrid 15 -
Ethernet0/0/2 hybrid 16 -
Ethernet0/0/3 hybrid 1 -
Ethernet0/0/4 hybrid 1 -
Ethernet0/0/5 hybrid 1 -
Ethernet0/0/6 hybrid 1 -
Ethernet0/0/7 hybrid 1 -
Ethernet0/0/8 hybrid 1 -
Ethernet0/0/9 hybrid 1 -
Ethernet0/0/10 hybrid 1 -
Ethernet0/0/11 hybrid 1 -
Ethernet0/0/12 hybrid 1 -
Ethernet0/0/13 hybrid 1 -
Ethernet0/0/14 hybrid 1 -
Ethernet0/0/15 hybrid 1 -
Ethernet0/0/16 hybrid 1 -
Ethernet0/0/17 hybrid 1 -
Ethernet0/0/18 hybrid 1 -
Ethernet0/0/19 hybrid 1 -
Ethernet0/0/20 hybrid 1 -
Ethernet0/0/21 hybrid 1 -
Ethernet0/0/22 hybrid 1 -
GigabitEthernet0/0/1 hybrid 1 15-16
GigabitEthernet0/0/2 hybrid 1 -
[Huawei] User interface con0 is available注:两种方法可以混用。
2.2 路由交换机配置
以RS1为例:
1)配置向下接口,允许下面vlan数据上到RS1;
<Huawei>system-view
Enter system view, return user view with Ctrl+Z.
[Huawei]undo info-center enable
Info: Information center is disabled.
[Huawei]vlan batch 11 12
Info: This operation may take a few seconds. Please wait for a moment...done.
[Huawei]interface GigabitEthernet 0/0/1
[Huawei-GigabitEthernet0/0/1]port link-type trunk
[Huawei-GigabitEthernet0/0/1]port trunk allow-pass vlan 11 12
[Huawei-GigabitEthernet0/0/1]quit2)创建虚拟接口,创建vlan 11,12的虚拟接口并配置ip地址;
[Huawei]vlan 11
[Huawei-vlan11]quit
[Huawei]interface vlanif 11
[Huawei-Vlanif11]ip address 192.168.64.254 255.255.255.0
[Huawei-Vlanif11]quit
[Huawei]interface vlanif 12
[Huawei-Vlanif12]ip address 192.168.65.254 255.255.255.0
[Huawei-Vlanif12]quit
[Huawei] User interface con0 is available测试结果:
| pc1 | pc2 | 通 |
| pc1 | pc3 | 不通 |
3)路由交换机上没有真正的三层接口,所以通过创建vlan100,构建虚拟接口并给定ip地址来实现向上通信,
[Huawei]vlan 100
[Huawei-vlan100]quit
[Huawei]interface vlanif 100
[Huawei-Vlanif100]ip address 10.0.1.1 255.255.255.252
[Huawei-Vlanif100]quit4)同时物理上需要将RS1向上与路由器R1连接的接口连接方式进行修改,也就是将RS1下面的所有设备当成一个主机,向上时统一出口是10.0.1.1(虚拟成一台主机)
法1:使用access接口配置
[Huawei]interface GigabitEthernet 0/0/2
[Huawei-GigabitEthernet0/0/2]port link-type access
[Huawei-GigabitEthernet0/0/2]port default vlan 100
[Huawei-GigabitEthernet0/0/2]quit
[Huawei]display port vlan
Port Link Type PVID Trunk VLAN List
-------------------------------------------------------------------------------
GigabitEthernet0/0/1 trunk 1 1 11-12
GigabitEthernet0/0/2 access 100 -
GigabitEthernet0/0/3 hybrid 1 -
GigabitEthernet0/0/4 hybrid 1 -
GigabitEthernet0/0/5 hybrid 1 -
GigabitEthernet0/0/6 hybrid 1 -
GigabitEthernet0/0/7 hybrid 1 -
GigabitEthernet0/0/8 hybrid 1 -
GigabitEthernet0/0/9 hybrid 1 -
GigabitEthernet0/0/10 hybrid 1 -
GigabitEthernet0/0/11 hybrid 1 -
GigabitEthernet0/0/12 hybrid 1 -
GigabitEthernet0/0/13 hybrid 1 -
GigabitEthernet0/0/14 hybrid 1 -
GigabitEthernet0/0/15 hybrid 1 -
GigabitEthernet0/0/16 hybrid 1 -
GigabitEthernet0/0/17 hybrid 1 -
GigabitEthernet0/0/18 hybrid 1 -
GigabitEthernet0/0/19 hybrid 1 -
GigabitEthernet0/0/20 hybrid 1 -
GigabitEthernet0/0/21 hybrid 1 -
GigabitEthernet0/0/22 hybrid 1 -
GigabitEthernet0/0/23 hybrid 1 -
GigabitEthernet0/0/24 hybrid 1 - 法2:使用hybrid接口配置
[Huawei-GigabitEthernet0/0/2]port hybrid pvid vlan 100
[Huawei-GigabitEthernet0/0/2]port hybrid untagged vlan 100
[Huawei-GigabitEthernet0/0/2]quit
[Huawei] User interface con0 is available2.3 路由器配置
需要为路由器使用的每一个接口配置ip地址。
<Huawei>system-view
Enter system view, return user view with Ctrl+Z.
[Huawei]undo info-center enable
Info: Information center is disabled.
[Huawei]interface GigabitEthernet 0/0/1
[Huawei-GigabitEthernet0/0/1]ip address 10.0.1.2 255.255.255.252
[Huawei-GigabitEthernet0/0/1]quit
[Huawei]interface GigabitEthernet 0/0/2
[Huawei-GigabitEthernet0/0/2]ip address 10.0.2.2 255.255.255.252
[Huawei-GigabitEthernet0/0/2]quit
[Huawei]interface GigabitEthernet 0/0/0
[Huawei-GigabitEthernet0/0/0]ip address 10.0.0.1 255.255.255.252
[Huawei-GigabitEthernet0/0/0]quit查看配置情况:
[Huawei]display ip routing-table
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Routing Tables: PublicDestinations : 8 Routes : 8 Destination/Mask Proto Pre Cost Flags NextHop Interface10.0.0.0/30 Direct 0 0 D 10.0.0.1 GigabitEthernet
0/0/010.0.0.1/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/010.0.1.0/30 Direct 0 0 D 10.0.1.2 GigabitEthernet
0/0/110.0.1.2/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/110.0.2.0/30 Direct 0 0 D 10.0.2.2 GigabitEthernet
0/0/210.0.2.2/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/2127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0[Huawei] User interface con0 is available最终ip地址配置如下 :
3.路由配置
虽然基本配置已经完成,但是目前测试结果并不能够实现所有主机通信,测试结果:
| pc1 | pc2 | 通 |
| pc1 | pc3 | 不通 |
| pc1 | pc5 | 不通 |
| pc1 | pc7 | 不通 |
| pc3 | pc4 | 通 |
| pc5 | pc6 | 通 |
| pc7 | pc8 | 通 |
结果显示目前只有同一交换机下的主机可以互通,其它无法直接通信。所以需要进行路由配置。
3.1 路由交换机静态路由配置
以RS1为例:配置静态默认路由,使所有不知道目的地的数据全部发到下一跳也就是R1的GE0/0/1(10.0.1.2)
<Huawei>system-view
Enter system view, return user view with Ctrl+Z.
[Huawei]ip route-static 0.0.0.0 0.0.0.0 10.0.1.2
[Huawei]display ip routing-table
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Routing Tables: PublicDestinations : 9 Routes : 9 Destination/Mask Proto Pre Cost Flags NextHop Interface0.0.0.0/0 Static 60 0 RD 10.0.1.2 Vlanif10010.0.1.0/30 Direct 0 0 D 10.0.1.1 Vlanif10010.0.1.1/32 Direct 0 0 D 127.0.0.1 Vlanif100127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0192.168.64.0/24 Direct 0 0 D 192.168.64.254 Vlanif11192.168.64.254/32 Direct 0 0 D 127.0.0.1 Vlanif11192.168.65.0/24 Direct 0 0 D 192.168.65.254 Vlanif12192.168.65.254/32 Direct 0 0 D 127.0.0.1 Vlanif12[Huawei] User interface con0 is available3.2 路由器R1,R2静态路由配置
3.2.1 R1配置
1) pc1,pc2的数据能够到达pc3、pc4,需要经过R1的GE0/0/2(10.0.2.2)到达RS2的vlanif100(10.0.2.1),同样的,pc3、pc4的数据要发送到pc1、pc2需要经过R1的GE0/0/1(10.0.1.2)到达RS1的vlanif100(10.0.1.1),所以需要配置两个静态路由
R1上配置
<Huawei>system-view
Enter system view, return user view with Ctrl+Z.
[Huawei]ip route-static 192.168.66.0 255.255.254.0 10.0.2.1 (到达pc3、pc4的下一跳)
[Huawei]ip route-static 192.168.64.0 255.255.254.0 10.0.1.1 (到达pc1、pc2的下一跳)2)左侧pc1-pc4的数据还需要到达右边pc5-pc8,所以需要经过R1到达下一个目的地R3的GE0/0/1(10.0.0.2)
R1上配置
[Huawei]ip route-static 192.168.68.0 255.255.252.0 10.0.0.23.2.2 R2配置
1) pc5,pc6的数据能够到达pc7、pc8,需要经过R2的GE0/0/2(10.0.4.2)到达RS4的vlanif100(10.0.4.1),同样的,pc3、pc4的数据要发送到pc1、pc2需要经过R2的GE0/0/1(10.0.3.2)到达RS3的vlanif100(10.0.3.1),所以需要配置两个静态路由
R2上配置
[Huawei]ip route-static 192.168.68.0 255.255.254.0 10.0.3.1
[Huawei]ip route-static 192.168.70.0 255.255.254.0 10.0.4.12)左侧pc1-pc4的数据还需要到达右边pc5-pc8,所以需要经过R2到达下一个目的地R3的GE0/0/2(10.0.0.5)
R2上配置
[Huawei]ip route-static 192.168.64.0 255.255.252.0 10.0.0.53.2.3 R3配置
左侧pc1-pc4的数据需要与右边pc5-pc8互通,同时右边目的地网段应该包含pc5-pc8的所有ip (192.168.68.0/22)到达右边下个目的地为R2的GE0/0/0(10.0.0.6),左边需要包含pc1-pc4的所有ip地址(192.168.64.0/22),从该路由器R3到达左边所有主机的下个目的地为R1的GE0/0/0(10.0.0.1)因此静态路由中网段为
R3上配置
[Huawei]ip route-static 192.168.64.0 255.255.252.0 10.0.0.1
[Huawei]ip route-static 192.168.68.0 255.255.252.0 10.0.0.64.通信测试
| pc1 | pc2 | 通 |
| pc1 | pc3 | 通 |
| pc1 | pc5 | 通 |
| pc1 | pc7 | 通 |
| pc5 | pc6 | 通 |
| pc5 | pc8 | 通 |
5. 拓展
如何简化以上模型?有几种方法,最简单的如何实现 ?