ENSP路由综合实验 + 思科(cisco)/华为(ensp)链路聚合实验

发布于:2025-07-20 ⋅ 阅读:(12) ⋅ 点赞:(0)

一、ENSP路由综合实验

实验拓扑图:

配置命令:

交换机SW2配置:

<Huawei>sys
[Huawei]sysname SW2
[SW2]vlan batch 10 20
[SW2]int e0/0/1
[SW2-Ethernet0/0/1]port link-type access
[SW2-Ethernet0/0/1]port default vlan 10
[SW2-Ethernet0/0/1]int e0/0/2
[SW2-Ethernet0/0/2]port link-type access

[SW2-Ethernet0/0/2]port default vlan 20
[SW2-Ethernet0/0/3]int e0/0/3
[SW2-Ethernet0/0/3]port link-type trunk
[SW2-Ethernet0/0/3]port trunk allow-pass vlan all

#华为设备Trunk接口默认仅允许VLAN1通过

交换机SW3配置:

<Huawei>sys
[Huawei]sysname SW3
[SW3]vlan batch 10 20
[SW3]int e0/0/1
[SW3-Ethernet0/0/1]port link-type access
[SW3-Ethernet0/0/1]port default vlan 10
[SW3-Ethernet0/0/1]int e0/0/2
[SW3-Ethernet0/0/2]port link-type access

[SW3-Ethernet0/0/2]port default vlan 20
[SW3-Ethernet0/0/3]int e0/0/3
[SW3-Ethernet0/0/3]port link-type trunk
[SW3-Ethernet0/0/3]port trunk allow-pass vlan all

<SW3>sys
[SW3]vlan 8
[SW3-vlan8]quit
[SW3]int e0/0/4  
[SW3-Ethernet0/0/4]port link-type access 
[SW3-Ethernet0/0/4]port default vlan 8
[SW3-Ethernet0/0/4]quit
[SW3]int vlan 8
[SW3-Vlanif8]ip address 192.168.8.2 24
[SW3-Vlanif8]quit

[SW3]user-interface vty 0 4
[SW3-ui-vty0-4]authentication-mode aaa        #设置认证模式为AAA
[SW3-ui-vty0-4]quit
[SW3]aaa
[SW3-aaa]local-user huawei password cipher huawei       #创建本地用户
[SW3-aaa]local-user huawei service-type telnet          #配置用户服务类型为Telnet
[SW3-aaa]local-user huawei privilege level 15        #设置用户特权级别为15(max)

[SW3]ip route-static 0.0.0.0 0 192.168.8.1

三层交换机配置:

<Huawei>sys
[Huawei]vlan batch 10 20 100 200
[Huawei]un in en
[Huawei]port-group group-member g0/0/1 to g0/0/3 
[Huawei-port-group]port link-type trunk
[Huawei-port-group]port trunk allow-pass vlan all 

— — 设置对应VLAN的网关:

[Huawei]int vlan 10
[Huawei-Vlanif10]ip address 192.168.10.254 24
[Huawei-Vlanif10]int vlan 20
[Huawei-Vlanif20]ip address 192.168.20.254 24
[Huawei-Vlanif20]int vlan 100
[Huawei-Vlanif100]ip address 192.168.100.254 24

— — DHCP中继:

[Huawei]dhcp enable
[Huawei]int vlan 10
[Huawei-Vlanif10]dhcp select relay  
[Huawei-Vlanif10]dhcp relay server-ip 192.168.100.1

[Huawei-Vlanif10]int vlan 20
[Huawei-Vlanif20]dhcp select relay
[Huawei-Vlanif20]dhcp relay server-ip 192.168.100.1

[Huawei]vlan 8
[Huawei-vlan8]quit
[Huawei]int vlan 8
[Huawei-Vlanif8]ip address 192.168.8.1 24

[Huawei]vlan 9
[Huawei-vlan9]quit
[Huawei]int g0/0/4
[Huawei-GigabitEthernet0/0/4]port link-type access    
[Huawei-GigabitEthernet0/0/4]port default vlan 9
[Huawei-GigabitEthernet0/0/4]quit
[Huawei]int vlan 9
[Huawei-Vlanif9]ip address 192.168.200.2 24

[Huawei]ip route-static 0.0.0.0 0 192.168.200.1

交换机SW4配置:

<Huawei>sys
[Huawei]sysname SW4
[SW4]un in en
[SW4]vlan 100
[SW4-vlan100]quit 
[SW4]port-group group-member e0/0/2 e0/0/4
[SW4-port-group]port link-type access 
[SW4-port-group]port default vlan 100
[SW4-port-group]quit
[SW4]int e0/0/1
[SW4-Ethernet0/0/1]port link-type trunk
[SW4-Ethernet0/0/1]port trunk allow-pass vlan all

路由器AR1配置:

<Huawei>sys
[Huawei]sysname AR1
[AR1]int g0/0/0
[AR1-GigabitEthernet0/0/0]undo shutdown
[AR1-GigabitEthernet0/0/0]ip address 192.168.100.1 24
[AR1-GigabitEthernet0/0/0]quit
[AR1]un in en
[AR1]dhcp enable
[AR1]ip pool vlan10
[AR1-ip-pool-vlan10]network 192.168.10.0 mask 24 
[AR1-ip-pool-vlan10]gateway-list 192.168.10.254
[AR1-ip-pool-vlan10]dns-list 192.168.100.2

[AR1-ip-pool-vlan10]quit

[AR1]ip pool vlan20 
[AR1-ip-pool-vlan20]network 192.168.20.0 mask 24 
[AR1-ip-pool-vlan20]gateway-list 192.168.20.254
[AR1-ip-pool-vlan20]dns-list 192.168.100.2

[AR1-ip-pool-vlan20]quit
[AR1]ip route-static 192.168.10.0 24 192.168.100.254
[AR1]ip route-static 192.168.20.0 24 192.168.100.254

[AR1]int g0/0/0
[AR1-GigabitEthernet0/0/0]dhcp select global

# 当满足以下两个条件时,必须配置 dhcp select global:

① 接口需要为下游客户端提供 DHCP 服务(如连接 PC、摄像头等终端)。

② 使用全局 DHCP 地址池(在全局视图下通过 ip pool 创建的地址池)。

Telnet客户端(AR4)配置:

<Huawei>sys
[Huawei]int g0/0/0
[Huawei-GigabitEthernet0/0/0]ip address 192.168.8.254 24
[Huawei-GigabitEthernet0/0/0]quit
[Huawei]un in en
[Huawei]ip route-static 0.0.0.0 0 192.168.8.1

路由器AR2配置:

[Huawei]sysname AR2
[AR2]int g0/0/0
[AR2-GigabitEthernet0/0/0]ip address 192.168.200.1 24
[AR2-GigabitEthernet0/0/0]int g0/0/1
[AR2-GigabitEthernet0/0/1]ip address 55.0.0.1 24
[AR2-GigabitEthernet0/0/1]quit
[AR2]ip route-static 0.0.0.0 0 55.0.0.2
[AR2]ip route-static 192.168.10.0 24 192.168.200.2
[AR2]ip route-static 192.168.20.0 24 192.168.200.2
[AR2]ip route-static 192.168.100.0 24 192.168.200.2

— — 通过 ACL(访问控制列表)结合 NAT outbound 实现特定内网网段访问公网的功能:

[AR2]acl 2000
[AR2-acl-basic-2000]rule 10 permit source 192.168.10.0 0.0.0.255
[AR2-acl-basic-2000]rule 20 permit source 192.168.20.0 0.0.0.255
[AR2-acl-basic-2000]quit
[AR2]int g0/0/1
[AR2-GigabitEthernet0/0/1]nat outbound 2000   #源地址转换

— — 将原有的 静态 NAT 转换(一对一) 升级为 基于地址池的动态 NAT 转换,实现多个内网 IP 共享一组公网 IP 访问外网的功能:

[AR2]nat address-group 1 55.0.0.5 55.0.0.8
[AR2]int g0/0/1
[AR2-GigabitEthernet0/0/1]undo nat outbound 2000 
[AR2-GigabitEthernet0/0/1]nat outbound 2000 address-group 1  

# 将匹配 ACL 2000 的内网 IP,动态映射到 address-group 1 中的公网 IP(55.0.0.5~55.0.0.8)

[AR2]int g0/0/1
[AR2-GigabitEthernet0/0/1]nat static global 55.0.0.9 inside 192.168.100.3

# 将公网 IP 55.0.0.9 与内网服务器 192.168.100.3 绑定,实现外网对特定内网资源的访问

[AR2-GigabitEthernet0/0/1]undo nat static global 55.0.0.9 inside 192.168.100.3 n
etmask 255.255.255.255
[AR2-GigabitEthernet0/0/1]nat static protocol tcp global 55.0.0.9 80 inside 19
2.168.100.3 80       # 基于协议和端口的静态 NAT 映射

路由器AR3配置:

[Huawei]sysname AR3
[AR3]int g0/0/0
[AR3-GigabitEthernet0/0/0]ip address 55.0.0.2 24
[AR3-GigabitEthernet0/0/0]int g0/0/1
[AR3-GigabitEthernet0/0/1]ip address 56.0.0.1 24

Server1配置:

Server2配置:

Client1配置:

Server3配置:

Client3配置:

测试:

1、DHCP自动获取地址

2、不同VLAN间通信

3、DNS域名服务和WEB测试

4、远程管理测试

5、内网上公网测试

6、公网使用内网的域名服务测试

二、思科(cisco) / 华为(ensp)链路聚合实验

(1)思科(cisco)链路聚合实验

实验拓扑图(手动链路捆绑):

SW0配置:

Switch>en

Switch#conf t

Switch(config)#int range f0/1-4

Switch(config-if-range)#sw trunk encap dot1Q

Switch(config-if-range)#sw mode trunk

Switch(config-if-range)#channel-group 1 mode on

#强制将多个物理接口捆绑为一个逻辑接口(以太通道),不依赖任何链路聚合协议(如 LACP 或 PAgP)。

SW1配置:

Switch>en

Switch#conf t

Switch(config)#int range f0/1-4

Switch(config-if-range)#sw trunk encap dot1Q

Switch(config-if-range)#sw mode trunk

Switch(config-if-range)#channel-group 2 mode on

#强制将多个物理接口捆绑为一个逻辑接口(以太通道),不依赖任何链路聚合协议(如 LACP 或 PAgP)。

SW0查看配置:

实验拓扑图(LACP链路捆绑):

SW0配置:

Switch>en

Switch#conf t

Switch(config)#int range f0/1-4

Switch(config-if-range)#sw mode trunk

Switch(config-if-range)#channel-group 3 mode active      # 主动协商LACP

SW1配置:

Switch>en

Switch#conf t

Switch(config)#int range f0/1-4

Switch(config-if-range)#sw mode trunk

Switch(config-if-range)#channel-group 3 mode passive     #设置为被动端

注意:

(2)华为(ensp)链路聚合实验

实验拓扑图(手动链路捆绑):

SW1配置:

[Huawei]sysname SW1

[SW1]un in en
[SW1]int Eth-Trunk 1
[SW1-Eth-Trunk1]q
[SW1]int g0/0/1 
[SW1-GigabitEthernet0/0/1]eth-trunk 1
[SW1-GigabitEthernet0/0/1]q
[SW1]int g0/0/2
[SW1-GigabitEthernet0/0/2]eth-trunk 1
[SW1-GigabitEthernet0/0/2]q
[SW1]int g0/0/3
[SW1-GigabitEthernet0/0/3]eth-trunk 1
[SW1-GigabitEthernet0/0/3]q

SW2配置:

[Huawei]sysname SW2
[SW2]un in en
[SW2]int Eth-Trunk 1
[SW2-Eth-Trunk1]q
[SW2]int g0/0/1  
[SW2-GigabitEthernet0/0/1]eth-trunk 1
[SW2-GigabitEthernet0/0/1]q
[SW2]int g0/0/2
[SW2-GigabitEthernet0/0/2]eth-trunk 1
[SW2-GigabitEthernet0/0/2]q
[SW2]int g0/0/3
[SW2-GigabitEthernet0/0/3]eth-trunk 1
[SW2-GigabitEthernet0/0/3]q

SW1、SW2 查看配置:

实验拓扑图(LACP链路聚合):

SW3 配置:

[Huawei]sysname SW3
[SW3]un in en  
[SW3]int Eth-Trunk 1
[SW3-Eth-Trunk1]mode lacp-static 
[SW3-Eth-Trunk1]q
[SW3]int e0/0/1
[SW3-Ethernet0/0/1]eth-trunk 1
[SW3-Ethernet0/0/1]q
[SW3]int e0/0/2
[SW3-Ethernet0/0/2]eth-trunk 1
[SW3-Ethernet0/0/2]q
[SW3]int e0/0/3
[SW3-Ethernet0/0/3]eth-trunk 1
[SW3-Ethernet0/0/3]q
[SW3]lacp priority 100
[SW3]int e0/0/1
[SW3-Ethernet0/0/1]lacp priority 100
[SW3-Ethernet0/0/1]q
[SW3]int e0/0/2
[SW3-Ethernet0/0/2]lacp priority 100
[SW3-Ethernet0/0/2]q
[SW3]int Eth-Trunk 1   
[SW3-Eth-Trunk1]max active-linknumber 2
[SW3-Eth-Trunk1]q

SW4 配置:

[Huawei]sysname SW4
[SW4]un in en
[SW4]int Eth-Trunk 1
[SW4-Eth-Trunk1]mode lacp-static
[SW4-Eth-Trunk1]q
[SW4]int e0/0/1
[SW4-Ethernet0/0/1]eth-trunk 1
[SW4-Ethernet0/0/1]q
[SW4]int e0/0/2
[SW4-Ethernet0/0/2]eth-trunk 1
[SW4-Ethernet0/0/2]q
[SW4]int e0/0/3
[SW4-Ethernet0/0/3]eth-trunk 1
[SW4-Ethernet0/0/3]q
[SW4]lacp priority 200
[SW4]int e0/0/1
[SW4-Ethernet0/0/1]lacp priority 100
[SW4-Ethernet0/0/1]q
[SW4]int e0/0/2
[SW4-Ethernet0/0/2]lacp priority 100
[SW4-Ethernet0/0/2]q  
[SW4]int Eth-Trunk 1
[SW4-Eth-Trunk1]max active-linknumber 2
[SW4-Eth-Trunk1]q

SW3 查看命令:

SW4 查看命令:

总结:

1、配置思路(LACP链路聚合)

      ① 创建Eth-Trunk,配置Eth-Trunk为LACP模式,实现链路聚合功能。

      ② 将成员接口加入Eth-Trunk。

           接口缺省都加入了VLAN1,因此加入Eth-Trunk前建议先将接口从VLAN1中退出或将接口Shutdown,避免出现广播风暴。

      ③ 配置系统优先级,确定主动端,按照主动端设备的接口选择活动接口。

      ④ 配置活动接口上限阈值,实现保证带宽的情况下提高网络的可靠性。

      ⑤ 配置接口优先级,确定活动链路接口,优先级高的接口将被选作活动接口。

2、在LACP配置实验中,优先级小的为主动端,并且上面的实验SW3的系统优先级为100,SW4为200,高于SW4的系统优先级。Eth-Trunk的成员接口中e0/0/1、e0/0/2成为活动接口,处于“Selected”状态,接口e0/0/3处于“Unselect”状态,同时实现M条链路的负载分担和N条链路的冗余备份功能。

网站公告

今日签到

点亮在社区的每一天
去签到

热门文章

最新发布