两地互联通信实验

互联通信实验"/>

两地互联通信实验

假设有一公司公司总部在上海在福州有一办事处，你是网络管理员，要使两地通信，为两地内部网络配置，上方模仿LSP网络。

要求

• 给设备配置地址如图所示
• 为SW1,SW4，R1,R2配置环回地址，SW1：10.1.1.1/32 ，SW4: 10.4.4.4/32， R1：1.1.1.1/32，R2：2.2.2.2/32
• 在SW1上配置vlanif，在交换机上配置对应vlan，交换机与PC机互联选择access口。交换机与交换机互联选择trunk口。
• SW1与R1,R1与R2，R2与SW4，使用ospf，SW1环回口宣告在区域1，R1，R2环回口宣告在区域0,SW4环回口宣告在区域2，上海网络属于区域2，福州网络属于区域1。
• 要使内部主机能访问外部网络，做nat转换R1转换为R1端口GE 0/0/1的ip，R2转换为GE 0/0/0的IP
• R1与R2互联做ppp链路，R2地址由R1指定。做网络优化当LSP断时使用该路通信。
• SW4作为DHCP服务器，为PC6提供地址。
• 使每台设备之间都能互相通信

开始配置为PC3,PC4,PC5配置IP网关掩码设备配置如下

<SW3>system-view 
[SW3]vlan batch 10 20
[SW3]interface GigabitEthernet 0/0/1
[SW3-GigabitEthernet0/0/1]port link-type access   //配置端口模式
[SW3-GigabitEthernet0/0/1]port default vlan 10
[SW3]interface GigabitEthernet 0/0/2
[SW3-GigabitEthernet0/0/2]port link-type trunk     //配置端口模式
[SW3-GigabitEthernet0/0/2]port trunk allow-pass vlan 10 20
[SW3]interface GigabitEthernet 0/0/3
[SW3-GigabitEthernet0/0/3]port link-type trunk       //配置端口模式
[SW3-GigabitEthernet0/0/3]port trunk allow-pass vlan 10 20    //绑定允许通过的vlan

<SW2>system-view 
[SW2]vlan batch 10 20
[SW2]interface GigabitEthernet 0/0/1
[SW2-GigabitEthernet0/0/1]port link-type access 
[SW2-GigabitEthernet0/0/1]port default vlan 20
[SW2]interface GigabitEthernet 0/0/2
[SW2-GigabitEthernet0/0/2]port link-type trunk 
[SW2-GigabitEthernet0/0/2]port trunk allow-pass vlan 10 20
[SW2]interface GigabitEthernet 0/0/3
[SW2-GigabitEthernet0/0/3]port link-type trunk
[SW2-GigabitEthernet0/0/3]port trunk allow-pass vlan 10 20

<SW1>system-view 
[SW1]vlan batch 10 20 100 172
[SW1]interface GigabitEthernet 0/0/1
[SW1-GigabitEthernet0/0/1]port link-type trunk  
[SW1-GigabitEthernet0/0/1]port default vlan 10 20
[SW1]interface GigabitEthernet 0/0/2
[SW1-GigabitEthernet0/0/2]port link-type trunk 
[SW1-GigabitEthernet0/0/2]port trunk allow-pass vlan 10 20
[SW1]interface GigabitEthernet 0/0/4
[SW1-GigabitEthernet0/0/4]port link-type access 
[SW1-GigabitEthernet0/0/4]port default vlan 172
[SW1]interface GigabitEthernet 0/0/3
[SW1-GigabitEthernet0/0/3]port link-type trunk 
[SW1-GigabitEthernet0/0/3]port trunk allow-pass vlan 10 20 100 172
[SW1]interface Vlanif 10    //配置网关ip
[SW1-Vlanif10]ip address 192.168.10.254 24
[SW1]interface Vlanif 20
[SW1-Vlanif20]ip address 192.168.20.254 24
[SW1]interface Vlanif 100
[SW1-Vlanif100]ip address 192.168.2.2 24
[SW1]interface Vlanif 172
[SW1-Vlanif172]ip address 172.16.1.254 24
[SW1]interface LoopBack 0
[SW1-LoopBack0]ip address 10.1.1.1 32
[SW1]ospf 1 router-id 10.1.1.1 
[SW1-ospf-1]area 1 
[SW1-ospf-1-area-0.0.0.1]network 192.168.10.0 0.0.0.255    //宣告地址
[SW1-ospf-1-area-0.0.0.1]network 192.168.20.0 0.0.0.255
[SW1-ospf-1-area-0.0.0.1]network 192.168.2.0 0.0.0.255
[SW1-ospf-1-area-0.0.0.1]network 172.16.1.254 0.0.0.255
[SW1-ospf-1-area-0.0.0.1]network 10.1.1.1 0.0.0.0
[SW1]ip route-static 0.0.0.0 0 192.168.2.1    //配置缺省路由
[SW1]stp enable             //使能生成树
[SW1]stp priority 0          //优先级为0

<R1>system-view 
[R1]interface LoopBack 0
[R1-LoopBack0]ip address 1.1.1.1 32
[R1]interface GigabitEthernet 0/0/0.100
[R1-GigabitEthernet0/0/0.100]dot1q termination vid 100    //设置单臂路由
[R1-GigabitEthernet0/0/0.100]ip address 192.168.2.1 24
[R1-GigabitEthernet0/0/0.100]arp broadcast enable       //使能arp广播
[R1]interface GigabitEthernet 0/0/1
[R1-GigabitEthernet0/0/1]ip address 101.1.1.1 24
[R1]ip route-static 8.8.8.8 32 101.1.1.3          //配置静态路由
[R1]ospf 1 router-id 1.1.1.1
[R1-ospf-1]area 1 
[R1-ospf-1-area-0.0.0.1]network 192.168.2.0 0.0.0.255
[R1-ospf-1]area 0
[R1-ospf-1-area-0.0.0.0]network 1.1.1.1 0.0.0.0
[R1]acl number 2000
[R1-acl-basic-2000]rule 5 permit source 192.168.10.0 0.0.0.255     //配置规则
[R1-acl-basic-2000]rule 10 permit source 192.168.20.0 0.0.0.255
[R1-acl-basic-2000]rule 20 permit source 172.16.1.0 0.0.0.255 
[R1-acl-basic-2000]rule 1000 permit source 192.168.30.0 0.0.0.255
[R1]interface GigabitEthernet 0/0/1
[R1-GigabitEthernet0/0/1]nat outbound 2000         //配置nat转换
[R1]aaa
[R1-aaa]local-user yhx password cipher 123456      //设置用户密码
[R1-aaa]local-user yhx service-type ppp   //配置模式为ppp
[R1]interface Serial 4/0/0                  
[R1-Serial4/0/0]ip address 192.168.12.1 30
[R1-Serial4/0/0]ppp authentication-mode chap  //配置chap模式传输
[R1-Serial4/0/0]remote address 192.168.12.2    //为远端指定ip
[R1]ospf 1 router-id 1.1.1.1	
[R1-ospf-1]area 0
[R1-ospf-1-area-0.0.0.0]network 192.168.12.0 0.0.0.255

<LSP>system-view 
[LSP]interface LoopBack 0
[LSP-LoopBack0]ip address 8.8.8.8 32
[LSP]interface GigabitEthernet 0/0/0	
[LSP-GigabitEthernet0/0/0]ip address 101.1.1.3 24
[LSP]interface GigabitEthernet 0/0/1
[LSP-GigabitEthernet0/0/1]ip address 101.1.2.3 24

到此步福州内部网络已经能互相通信也能与LSP网络通信

接下来配置上海网络

<SW4>system-view 
[SW4]vlan batch 30 100
[SW4]interface GigabitEthernet 0/0/2
[SW4-GigabitEthernet0/0/2]port link-type access 
[SW4-GigabitEthernet0/0/2]port default vlan 30
[SW4]interface GigabitEthernet 0/0/1
[SW4-GigabitEthernet0/0/1]port link-type trunk 
[SW4-GigabitEthernet0/0/1]port trunk allow-pass vlan 30 100
[SW4]interface Vlanif 30
[SW4-Vlanif30]ip address 192.168.30.254 24
[SW4]interface Vlanif 100
[SW4-Vlanif100]ip address 192.168.4.2 24
[SW4]dhcp enable
[SW4]ip pool 30
[SW4-ip-pool-30]network 192.168.30.0
[SW4-ip-pool-30]gateway-list 192.168.30.254
[SW4]interface Vlanif 30
[SW4-Vlanif30]dhcp select global
[SW4]interface LoopBack 0	
[SW4-LoopBack0]ip address 10.4.4.4 32
[SW4]ospf 1 router-id 10.4.4.4
[SW4-ospf-1-area-0.0.0.2]network 10.4.4.4 0.0.0.0
[SW4-ospf-1-area-0.0.0.2]network 192.168.30.0 0.0.0.255
[SW4-ospf-1-area-0.0.0.2]network 192.168.4.0 0.0.0.255
[SW4]ip route-static 0.0.0.0 0 192.168.4.1

已能自动获取ip

<R2>system-view 
[R2]interface LoopBack 0
[R2-LoopBack0]ip address 2.2.2.2 32
[R2]interface GigabitEthernet 0/0/1.100
[R2-GigabitEthernet0/0/1.100]dot1q termination vid 100   //配置单臂路由
[R2-GigabitEthernet0/0/1.100]ip address 192.168.4.1 24
[R2-GigabitEthernet0/0/1.100]arp broadcast enable    //使能arp广播
[R2]ospf 1 router-id 2.2.2.2
[R2-ospf-1]area 2
[R2-ospf-1-area-0.0.0.2]network 192.168.4.0 0.0.0.255
[R2-ospf-1]area 0
[R2-ospf-1-area-0.0.0.0]network 192.168.12.0 0.0.0.255
[R2-ospf-1-area-0.0.0.0]network 2.2.2.2 0.0.0.0
[R2]ip route-static 8.8.8.8 32 101.1.2.3
[R2]acl number 2000
[R2-acl-basic-2000]rule 5 permit source 192.168.30.0 0.0.0.255  //配置规则
[R2]interface GigabitEthernet 0/0/0
[R2-GigabitEthernet0/0/0]nat outbound 2000   //配置nat转换
[R2]interface Serial 4/0/0
[R2-Serial4/0/0]ppp chap user yhx      //用户名
[R2-Serial4/0/0]ppp chap password cipher 123456  //密码
[R2-Serial4/0/0]ip address ppp-negotiate     //获取ip
[R2]interface GigabitEthernet 0/0/0
[R2-GigabitEthernet0/0/0]ip address 101.1.2.2 24

ppp指定获取成功

配置完毕，上海公司内部网络也能访问福州内部网络也能访问外网

测试当外部网络断开时PC6能否走ppp链路长ping192.168.10.1

将AR2端口G0/0/0关闭

可以发现当链路断开时短暂丢包，但马上启用备路，恢复通信。