[系统运维] 中型园区网络构建（总部与分支之间的通信）-华为ENSP

开发: C++知识库 Java知识库 JavaScript Python PHP知识库人工智能区块链大数据移动开发嵌入式开发工具数据结构与算法开发测试游戏开发网络协议系统运维
教程: HTML教程 CSS教程 JavaScript教程 Go语言教程 JQuery教程 VUE教程 VUE3教程 Bootstrap教程 SQL数据库教程 C语言教程 C++教程 Java教程 Python教程 Python3教程 C#教程
数码: 电脑笔记本显卡显示器固态硬盘硬盘耳机手机 iphone vivo oppo 小米华为单反装机图拉丁

-> 系统运维 -> 中型园区网络构建（总部与分支之间的通信）-华为ENSP -> 正文阅读

[系统运维]中型园区网络构建（总部与分支之间的通信）-华为ENSP

拓扑图

一、实验目的

1.总部和分部之间使用MPLS/BGP 虚拟专用网络和OSPF通信

二、注意事项

1.PE-1上去往CE-5的NAT地址的静态路由的目的地址掩码可以不做限制
有去往CE-5的路由就可以了
2.配置DHCP时DHCP-relay的路由要通
3.

三、简单的查询命令

 1.display?ip?vpn-instance verbose  查看VPN实例是否正确
 2.display?current-configuration  configuration  bgp命令查看
   BGP配置
3.display?bgp? vpnv4 all routing-table ipv4-address[?
  mask|?mask-length] 命令查看目标路由确认VPNv4路由是否
  可以迭代到隧道  显示信息中 Relay?Tunnel?Out-Interface
  和Relay?token字段不为空表示该路由可以迭代到隧道
4.display?bgp?vpnv4 all routing-table ipv4-address[
?mask|?mask-length]查看目标路由，确定该目标路由是否分到私网标签
5.dis bgp vpnv4 all routing-table label 查看BGP为私网分配的标签
6.dis mpls lsp verbose  [ip  addrss  mask ]  verbose详情
 信息  下一跳标签转发表项（LFIB）
7.display current-configuration configuration  [特定的协
 议]  查看一些特定的协议的配置 
8.display firewall session table 检查会话

四、简单配置

AR3

sysname AR3
#
interface Ethernet0/0/0
 ip address 10.0.134.3 255.255.255.0 
#
interface GigabitEthernet0/0/0
 ip address 10.0.13.3 255.255.255.0 
#
interface GigabitEthernet0/0/1
 ip address 10.0.34.3 255.255.255.0 
#
interface GigabitEthernet0/0/2
 ip address 10.0.35.3 255.255.255.0 
#
ospf 1 
 area 0.0.0.0 
  network 10.0.35.0 0.0.0.255 
  network 10.0.134.0 0.0.0.255 
  network 10.0.13.0 0.0.0.255 
  network 10.0.34.0 0.0.0.255 
#
return

AR4

sysname AR4
#
interface Ethernet0/0/0
 ip address 10.0.134.4 255.255.255.0 
#
interface GigabitEthernet0/0/0
 ip address 10.0.24.4 255.255.255.0 
#
interface GigabitEthernet0/0/1
 ip address 10.0.34.4 255.255.255.0 
#
interface GigabitEthernet0/0/2
 ip address 10.0.45.4 255.255.255.0 
#
ospf 1 
 area 0.0.0.0 
  network 10.0.45.0 0.0.0.255 
  network 10.0.134.0 0.0.0.255 
  network 10.0.24.0 0.0.0.255 
  network 10.0.34.0 0.0.0.255 
#
return

CE-5

sysname CE-5
#
interface GigabitEthernet1/0/0
 ip address 10.0.45.5 255.255.255.0
#
interface GigabitEthernet1/0/1
 ip address 10.0.35.5 255.255.255.0
#
interface GigabitEthernet1/0/2
 ip address 10.0.15.5 255.255.255.0
#
firewall zone trust
 set priority 85
 add interface GigabitEthernet0/0/0
 add interface GigabitEthernet1/0/0
 add interface GigabitEthernet1/0/1
#
firewall zone untrust
 set priority 5
 add interface GigabitEthernet1/0/2
#
bgp 100
 peer 10.0.15.1 as-number 200
 #
 ipv4-family unicast
  undo synchronization
  network 10.0.1.0 255.255.255.0
  network 10.0.2.0 255.255.255.0
  network 10.0.3.0 255.255.255.0
  peer 10.0.15.1 enable
#
ospf 1
 default-route-advertise
 import-route bgp
 area 0.0.0.0
  network 10.0.35.0 0.0.0.255
  network 10.0.45.0 0.0.0.255
#
ip route-static 0.0.0.0 0.0.0.0 10.0.15.1
ip route-static 200.0.1.1 0.0.0.0  NULL 0
#
nat address-group 1 0
 mode pat
 section 0 200.0.1.1 200.0.1.2
#
security-policy
 rule name policy1
  source-zone trust
  source-zone untrust
  destination-zone trust
  destination-zone untrust
  action permit
 rule name policy2
  source-zone local
  source-zone untrust
  destination-zone local
  destination-zone untrust
  action permit
#
nat-policy
 rule name nat-policy1
  source-zone trust
  destination-zone untrust
  destination-address-exclude 10.0.6.0 mask 255.255.255.0
  action source-nat address-group 1
#
return

CE-6

sysname 
#
interface GigabitEthernet0/0/0
 ip address 10.0.26.6 255.255.255.0 
#
interface LoopBack1
 ip address 10.0.6.1 255.255.255.0 
#
bgp 300
 peer 10.0.26.2 as-number 200 
 #
 ipv4-family unicast
  undo synchronization
  network 10.0.6.0 255.255.255.0 
  peer 10.0.26.2 enable
#
return

DHCP-Server

sysname DHCP-Server
#
dhcp enable
#
ip pool vlan10
 gateway-list 10.0.1.254 
 network 10.0.1.0 mask 255.255.255.0 
#
ip pool vlan20
 gateway-list 10.0.2.254 
 network 10.0.2.0 mask 255.255.255.0 
#
ip pool vlan30
 gateway-list 10.0.3.254 
 network 10.0.3.0 mask 255.255.255.0 
#
interface Ethernet0/0/0
 ip address 10.0.134.1 255.255.255.0 
 dhcp select global
#
ospf 1 
 area 0.0.0.0 
  network 10.0.134.0 0.0.0.255 
#
return

LSW1

sysname LSW1
#
vlan batch 2 to 3 10 20 30
#
stp instance 0 priority 4096
stp instance 10 root primary
stp instance 20 root secondary
stp instance 30 root secondary
#
stp region-configuration
 region-name vlan
 instance 10 vlan 10 
 instance 20 vlan 20 
 instance 30 vlan 30 
 active region-configuration
#
interface Vlanif2
 ip address 10.0.12.1 255.255.255.0 
#
interface Vlanif3
 ip address 10.0.13.1 255.255.255.0 
#
interface Vlanif10
 ip address 10.0.1.2 255.255.255.0 
 vrrp vrid 1 virtual-ip 10.0.1.254
 vrrp vrid 1 priority 120
 vrrp vrid 1 preempt-mode timer delay 10
 dhcp select relay
 dhcp relay server-ip 10.0.134.1
#
interface Vlanif20
 ip address 10.0.2.2 255.255.255.0 
 vrrp vrid 2 virtual-ip 10.0.2.254
 dhcp select relay
 dhcp relay server-ip 10.0.134.1
#
interface Vlanif30
 ip address 10.0.3.2 255.255.255.0 
 vrrp vrid 3 virtual-ip 10.0.3.254
 dhcp select relay
 dhcp relay server-ip 10.0.134.1
#
interface Eth-Trunk1
 port link-type trunk
 port trunk pvid vlan 2
 port trunk allow-pass vlan 2 to 4094
#
interface GigabitEthernet0/0/1
 port link-type trunk
 port trunk allow-pass vlan 10
#
interface GigabitEthernet0/0/2
 port link-type trunk
 port trunk allow-pass vlan 20
#
interface GigabitEthernet0/0/3
 port link-type trunk
 port trunk allow-pass vlan 30
#
interface GigabitEthernet0/0/4
 eth-trunk 1
#
interface GigabitEthernet0/0/5
 eth-trunk 1
#
interface GigabitEthernet0/0/6
 port link-type access
 port default vlan 3
#
ospf 1 
 area 0.0.0.0 
  network 10.0.1.0 0.0.0.255 
  network 10.0.2.0 0.0.0.255 
  network 10.0.3.0 0.0.0.255 
  network 10.0.12.0 0.0.0.255 
  network 10.0.13.0 0.0.0.255 
#
return

LSW2

sysname LSW2
#
vlan batch 2 to 3 10 20 30
#
stp instance 10 root secondary
stp instance 20 root primary
stp instance 30 root primary
#
dhcp enable
#
stp region-configuration
 region-name vlan
 instance 10 vlan 10 
 instance 20 vlan 20 
 instance 30 vlan 30 
 active region-configuration
#
interface Vlanif2
 ip address 10.0.12.2 255.255.255.0 
#
interface Vlanif3
 ip address 10.0.24.2 255.255.255.0 
#
interface Vlanif10
 ip address 10.0.1.3 255.255.255.0 
 vrrp vrid 1 virtual-ip 10.0.1.254
 dhcp select relay
 dhcp relay server-ip 10.0.134.1
#
interface Vlanif20
 ip address 10.0.2.3 255.255.255.0 
 vrrp vrid 2 virtual-ip 10.0.2.254
 vrrp vrid 2 priority 120
 vrrp vrid 2 preempt-mode timer delay 10
 dhcp select relay
 dhcp relay server-ip 10.0.134.1
#
interface Vlanif30
 ip address 10.0.3.3 255.255.255.0 
 vrrp vrid 3 virtual-ip 10.0.3.254
 vrrp vrid 3 priority 120
 vrrp vrid 3 preempt-mode timer delay 10
 dhcp select relay
 dhcp relay server-ip 10.0.134.1
#
interface Eth-Trunk1
 port link-type trunk
 port trunk pvid vlan 2
 port trunk allow-pass vlan 2 to 4094
#
interface GigabitEthernet0/0/1
 port link-type trunk
 port trunk allow-pass vlan 10
#
interface GigabitEthernet0/0/2
 port link-type trunk
 port trunk allow-pass vlan 20
#
interface GigabitEthernet0/0/3
 port link-type trunk
 port trunk allow-pass vlan 30
#
interface GigabitEthernet0/0/4
 eth-trunk 1
#
interface GigabitEthernet0/0/5
 eth-trunk 1
#
interface GigabitEthernet0/0/6
 port link-type access
 port default vlan 3
#
ospf 1 
 area 0.0.0.0 
  network 10.0.1.0 0.0.0.255 
  network 10.0.2.0 0.0.0.255 
  network 10.0.3.0 0.0.0.255 
  network 10.0.12.0 0.0.0.255 
  network 10.0.24.0 0.0.0.255 
#
return

LSW3

sysname LSW3
#
vlan batch 10
#
stp region-configuration
 region-name vlan
 instance 10 vlan 10 
 instance 20 vlan 20 
 instance 30 vlan 30 
 active region-configuration
#
interface Ethernet0/0/1
 port link-type trunk
 port trunk allow-pass vlan 10
#
interface Ethernet0/0/2
 port link-type trunk
 port trunk allow-pass vlan 10
#
interface Ethernet0/0/3
 port link-type access
 port default vlan 10
#
interface Ethernet0/0/4
 port link-type access
 port default vlan 10
#
return

LSW4

sysname LSW4
#
vlan batch 20
#
stp region-configuration
 region-name vlan
 instance 10 vlan 10 
 instance 20 vlan 20 
 instance 30 vlan 30 
 active region-configuration
#
interface Ethernet0/0/1
 port link-type trunk
 port trunk allow-pass vlan 20
#
interface Ethernet0/0/2
 port link-type trunk
 port trunk allow-pass vlan 20
#
interface Ethernet0/0/3
 port link-type access
 port default vlan 20
#
interface Ethernet0/0/4
 port link-type access
 port default vlan 20
#
return

LSW5

sysname LSW5
#
vlan batch 30
#
stp region-configuration
 region-name vlan
 instance 10 vlan 10 
 instance 20 vlan 20 
 instance 30 vlan 30 
 active region-configuration
#
interface Ethernet0/0/1
 port link-type trunk
 port trunk allow-pass vlan 30
#
interface Ethernet0/0/2
 port link-type trunk
 port trunk allow-pass vlan 30
#
interface Ethernet0/0/3
 port link-type access
 port default vlan 30
#
interface Ethernet0/0/4
 port link-type access
 port default vlan 30
#
return

P-3

sysname P-3
#
mpls lsr-id 3.3.3.3
mpls
#
mpls ldp
#
interface GigabitEthernet0/0/0
 ip address 100.0.23.3 255.255.255.0 
 mpls
 mpls ldp
#
interface GigabitEthernet0/0/1
 ip address 100.0.13.3 255.255.255.0 
 mpls
 mpls ldp
#
interface LoopBack1
 ip address 3.3.3.3 255.255.255.255 
#
ospf 1 
 area 0.0.0.0 
  network 3.3.3.3 0.0.0.0 
  network 100.0.13.0 0.0.0.255 
  network 100.0.23.0 0.0.0.255 
#
return

PE-1

sysname PE-1
#
ip vpn-instance a
 ipv4-family
  route-distinguisher 1:2
  vpn-target 1:1 export-extcommunity
  vpn-target 1:1 import-extcommunity
#
mpls lsr-id 1.1.1.1
mpls
#
mpls ldp
#
interface Ethernet0/0/0
 ip address 100.0.1.2 255.255.255.0 
#
interface GigabitEthernet0/0/0
 ip binding vpn-instance a
 ip address 10.0.15.1 255.255.255.0 
#
interface GigabitEthernet0/0/1
 ip address 100.0.13.1 255.255.255.0 
 mpls
 mpls ldp
#
interface LoopBack1
 ip address 1.1.1.1 255.255.255.255 
#
bgp 200
 peer 2.2.2.2 as-number 200 
 peer 2.2.2.2 connect-interface LoopBack1
 #
 ipv4-family unicast
  undo synchronization
  peer 2.2.2.2 enable
  peer 2.2.2.2 next-hop-local 
 # 
 ipv4-family vpnv4
  policy vpn-target
  peer 2.2.2.2 enable
 #
 ipv4-family vpn-instance a 
  peer 10.0.15.5 as-number 100 
#
ospf 1 
 area 0.0.0.0 
  network 100.0.13.0 0.0.0.255 
  network 1.1.1.1 0.0.0.0 
#
ip route-static 200.0.1.0 255.255.255.248 GigabitEthernet0/0/0
ip route-static 200.0.1.1 255.255.255.255 GigabitEthernet0/0/0
ip route-static 200.0.1.2 255.255.255.255 GigabitEthernet0/0/0
//上面三条路由都可以生效，因为从CE-5访问公网的源地址的掩码不确定，只要有指向NAT地址的路由即可。
ip route-static vpn-instance a 0.0.0.0 0.0.0.0 100.0.1.1 public
//这个VPN实例中，没有的路由，会查找这个公共的路由
#
return

PE-2

sysname PE-2
#
ip vpn-instance b
 ipv4-family
  route-distinguisher 2:1
  vpn-target 1:1 export-extcommunity
  vpn-target 1:1 import-extcommunity
#
mpls lsr-id 2.2.2.2
mpls
#
mpls ldp
#
interface GigabitEthernet0/0/0
 ip address 100.0.23.2 255.255.255.0 
 mpls
 mpls ldp
#
interface GigabitEthernet0/0/1
 ip binding vpn-instance b
 ip address 10.0.26.2 255.255.255.0 
#
interface LoopBack1
 ip address 2.2.2.2 255.255.255.255 
#
bgp 200
 peer 1.1.1.1 as-number 200 
 peer 1.1.1.1 connect-interface LoopBack1
 #
 ipv4-family unicast
  undo synchronization
  peer 1.1.1.1 enable
  peer 1.1.1.1 next-hop-local 
 # 
 ipv4-family vpnv4
  policy vpn-target
  peer 1.1.1.1 enable
 #
 ipv4-family vpn-instance b 
  peer 10.0.26.6 as-number 300 
#
ospf 1 
 area 0.0.0.0 
  network 100.0.23.0 0.0.0.255 
  network 2.2.2.2 0.0.0.0 
#
return