防火墙双机热备实验

发布于:2025-08-17 ⋅ 阅读:(15) ⋅ 点赞:(0)

实验拓扑及要求

部分接口号不太一样!

一、传统MSTP+VRRP架构

<Huawei>undo terminal monitor
<Huawei>sys
[Huawei]sysname LSW3
[LSW3]vlan batch 2 3
[LSW3]interface g0/0/4
[LSW3-GigabitEthernet0/0/4]port link-type trunk
[LSW3-GigabitEthernet0/0/4]port trunk allow-pass vlan 2 3
[LSW3-GigabitEthernet0/0/4]q
[LSW3]interface g0/0/3
[LSW3-GigabitEthernet0/0/3]port link-type trunk
[LSW3-GigabitEthernet0/0/3]port trunk allow-pass vlan 2 3
[LSW3-GigabitEthernet0/0/3]q

[LSW3]stp region-configuration 
[LSW3-mst-region]region-name aa
[LSW3-mst-region]instance 1 vlan 2
[LSW3-mst-region]instance 2 vlan 3
[LSW3-mst-region]active region-configuration 

[LSW3]stp instance 1 root primary 
[LSW3]stp instance 2 root secondary 

[LSW3]interface vlanif 2
[LSW3-Vlanif2]ip add 192.168.2.1 24
[LSW3-Vlanif2]vrrp vrid 1 virtual-ip 192.168.2.254

[LSW3-Vlanif2]vrrp vrid 1 priority 120
[LSW3-Vlanif2]vrrp vrid 1 preempt-mode timer delay 20

[LSW3-Vlanif2]vrrp vrid 1 track interface g0/0/1 reduced 15
[LSW3-Vlanif2]vrrp vrid 1 track interface g0/0/2 reduced 15

[LSW3-Vlanif2]interface vlanif3
[LSW3-Vlanif3]ip add 192.168.3.1 24
[LSW3-Vlanif3]vrrp vrid 1 virtual-ip 192.168.3.254
[LSW3-Vlanif3]q

<Huawei>undo terminal monitor
<Huawei>sys
[Huawei]sysname LSW4
[LSW4]vlan  batch 2 3
[LSW4]interface g0/0/3
[LSW4-GigabitEthernet0/0/3]p l t
[LSW4-GigabitEthernet0/0/3]p t a v 2 3
[LSW4-GigabitEthernet0/0/3]q
[LSW4]interface g0/0/4
[LSW4-GigabitEthernet0/0/4]p l t
[LSW4-GigabitEthernet0/0/4]p t a vlan 2 3
[LSW4-GigabitEthernet0/0/4]q

[LSW4]dis port vlan active

[LSW4]stp region-configuration 
[LSW4-mst-region]region-name aa
[LSW4-mst-region]instance 1 vlan 2
[LSW4-mst-region]instance 2 vlan 3
[LSW4-mst-region]active region-configuration 
[LSW4-mst-region]q
[LSW4]stp instance 1 root secondary 
[LSW4]stp instance 2 root primary 

[LSW4]stp region-configuration 
[LSW4-mst-region]region-name aa
[LSW4-mst-region]instance 1 vlan 2
[LSW4-mst-region]instance 2 vlan 3
[LSW4-mst-region]active region-configuration 
[LSW4-mst-region]q
[LSW4]stp instance 1 root secondary 
[LSW4]stp instance 2 root primary 
[LSW4]interface vlanif2
[LSW4-Vlanif2]ip add 192.168.2.2 24
[LSW4-Vlanif2]vrrp vrid 1 virtual-ip 192.168.2.254
[LSW4-Vlanif2]q
[LSW4]interface vlanif 3
[LSW4-Vlanif3]ip add 192.168.3.2 24
[LSW4-Vlanif3]vrrp vrid 1 virtual-ip 192.168.3.254
[LSW4-Vlanif3]vrrp vrid 1 priority 120
[LSW4-Vlanif3]vrrp vrid 1 preempt-mode timer delay 20
[LSW4-Vlanif3]vrrp vrid 1 track interface g0/0/1 reduced 15
[LSW4-Vlanif3]vrrp vrid 1 track interface g0/0/2 reduced 15

<Huawei>undo terminal monitor
<Huawei>sys
[Huawei]sysname LSW5
[LSW5]vlan batch 2 3
[LSW5]interface g0/0/3
[LSW5-GigabitEthernet0/0/3]port link-type access
[LSW5-GigabitEthernet0/0/3]port default vlan 2
[LSW5-GigabitEthernet0/0/3]q
[LSW5]interface g0/0/4
[LSW5-GigabitEthernet0/0/4]p l a
[LSW5-GigabitEthernet0/0/4]p d v 3
[LSW5-GigabitEthernet0/0/4]q
[LSW5]interface g0/0/1
[LSW5-GigabitEthernet0/0/1]p l t
[LSW5-GigabitEthernet0/0/1]p t a v 2 3
[LSW5-GigabitEthernet0/0/1]q
[LSW5]interface g0/0/2
[LSW5-GigabitEthernet0/0/2]p l t
[LSW5-GigabitEthernet0/0/2]p t a v 2 3
[LSW5-GigabitEthernet0/0/2]q
[LSW5]dis port vlan active

[LSW5]stp region-configuration
[LSW5-mst-region]region-name a
[LSW5-mst-region]instance 1 vlan 2
[LSW5-mst-region]instance 2 vlan 3
[LSW5-mst-region]active region-configuration 
[LSW5-mst-region]q

[LSW3]dis stp brief        //查看生成树角色

二、汇聚层到核心路由配置

[LSW3]vlan batch 103 203
[LSW3]interface g0/0/2
[LSW3-GigabitEthernet0/0/2]p l a
[LSW3-GigabitEthernet0/0/2]p d v 103
[LSW3-GigabitEthernet0/0/2]undo stp enable
[LSW3-GigabitEthernet0/0/2]dis this

[LSW3-GigabitEthernet0/0/2]q
[LSW3]interface g0/0/1
[LSW3-GigabitEthernet0/0/1]p l a
[LSW3-GigabitEthernet0/0/1]p d v 203
[LSW3-GigabitEthernet0/0/1]undo stp enable

[LSW3]interface vlanif 103
[LSW3-Vlanif103]ip add 10.10.3.3 24
[LSW3-Vlanif103]q
[LSW3]interface v 203
[LSW3-Vlanif203]ip add 10.20.3.3 24

[LSW3]ospf 1 router-id 3.3.3.3
[LSW3-ospf-1]a 0
[LSW3-ospf-1-area-0.0.0.0]network 10.10.3.3 0.0.0.0
[LSW3-ospf-1-area-0.0.0.0]network 10.20.3.3 0.0.0.0
[LSW3-ospf-1-area-0.0.0.0]q
[LSW3-ospf-1]q

[LSW3]dis ip interface brief

[LSW4]vlan batch 104 204
[LSW4]interface g0/0/1
[LSW4-GigabitEthernet0/0/1]port link-type access
[LSW4-GigabitEthernet0/0/1]port default vlan 104
[LSW4-GigabitEthernet0/0/1]undo stp enable
[LSW4-GigabitEthernet0/0/1]q
[LSW4]interface g0/0/2
[LSW4-GigabitEthernet0/0/2]p l a
[LSW4-GigabitEthernet0/0/2]p d v 204
[LSW4-GigabitEthernet0/0/2]undo stp enable
[LSW4-GigabitEthernet0/0/2]q
[LSW4]interface vlanif 104
[LSW4-Vlanif104]ip add 10.10.4.4 24
[LSW4-Vlanif104]q
[LSW4]interface v 204
[LSW4-Vlanif204]ip add 10.20.4.4 24
[LSW4-Vlanif204]q
[LSW4]ospf 1 router-id 4.4.4.4
[LSW4-ospf-1]a 0
[LSW4-ospf-1-area-0.0.0.0]network 10.10.4.4 0.0.0.0
[LSW4-ospf-1-area-0.0.0.0]network 10.20.4.4 0.0.0.0
[LSW4-ospf-1-area-0.0.0.0]q
[LSW4-ospf-1]q

<Huawei>undo terminal monitor
<Huawei>sys
[Huawei]sysname LSW1
[LSW1]ip vpn-instance VRF
[LSW1-vpn-instance-VRF]route-distinguisher 100:1
[LSW1-vpn-instance-VRF-af-ipv4]vpn-target 100:1
[LSW1-vpn-instance-VRF-af-ipv4]dis this

[LSW2]ip vpn-instance VRF
[LSW2-vpn-instance-VRF] ipv4-family
[LSW2-vpn-instance-VRF-af-ipv4]  route-distinguisher 100:1
[LSW2-vpn-instance-VRF-af-ipv4]  vpn-target 100:1 export-extcommunity
[LSW2-vpn-instance-VRF-af-ipv4]  vpn-target 100:1 import-extcommunity

[LSW1]vlan batch 102 103 104
[LSW1]interface g0/0/4
[LSW1-GigabitEthernet0/0/4]p l t
[LSW1-GigabitEthernet0/0/4]p t a v 102
[LSW1-GigabitEthernet0/0/4]undo stp enable
[LSW1-GigabitEthernet0/0/4]dis this
[LSW1-GigabitEthernet0/0/4]q

[LSW1]interface g0/0/6
[LSW1-GigabitEthernet0/0/6]p l a
[LSW1-GigabitEthernet0/0/6]p d v 104
[LSW1-GigabitEthernet0/0/6]undo stp enable
[LSW1-GigabitEthernet0/0/6]dis this
[LSW1-GigabitEthernet0/0/6]q

[LSW1]interface g0/0/7
[LSW1-GigabitEthernet0/0/7]p l a 
[LSW1-GigabitEthernet0/0/7]p d v 103
[LSW1-GigabitEthernet0/0/7]undo stp enable
[LSW1-GigabitEthernet0/0/7]dis this

[LSW2]vlan batch 203 204
[LSW2]interface g0/0/6
[LSW2-GigabitEthernet0/0/6]port l a
[LSW2-GigabitEthernet0/0/6]p d v 203
[LSW2-GigabitEthernet0/0/6]undo stp enable
[LSW2-GigabitEthernet0/0/6]dis this
[LSW2-GigabitEthernet0/0/6]q

[LSW2]interface g0/0/7
[LSW2-GigabitEthernet0/0/7]p l a
[LSW2-GigabitEthernet0/0/7]p d v 204
[LSW2-GigabitEthernet0/0/7]undo stp enable
[LSW2-GigabitEthernet0/0/7]dis this

[LSW1-GigabitEthernet0/0/4]undo port trunk allow-pass vlan 1

[LSW2]interface g0/0/4
[LSW2-GigabitEthernet0/0/4]p l t
[LSW2-GigabitEthernet0/0/4]p t a v 102
[LSW2-GigabitEthernet0/0/4]undo p t a v 1
[LSW2-GigabitEthernet0/0/4]undo stp enable
[LSW2-GigabitEthernet0/0/4]dis this

<LSW1>sys
[LSW1]inter v 102
[LSW1-Vlanif102]ip binding vpn-instance VRF
[LSW1-Vlanif102]ip add 10.10.2.1 24
[LSW1-Vlanif102]q

[LSW1]interface v 103
[LSW1-Vlanif103]ip binding vpn-instance VRF
[LSW1-Vlanif103]ip add 10.10.3.1 24
[LSW1-Vlanif103]q

[LSW1]interface v 104
[LSW1-Vlanif104]ip binding vpn-instance VRF
[LSW1-Vlanif104]ip add 10.10.4.1 24

<LSW2>undo terminal monitor
<LSW2>sys
[LSW2]interface v 203
[LSW2-Vlanif203]ip binding vpn-instance VRF
[LSW2-Vlanif203]IP ADD 10.20.3.2 24
[LSW2-Vlanif203]q
[LSW2]interface v 204
[LSW2-Vlanif204]ip binding vpn-instance VRF
[LSW2-Vlanif204]ip add 10.20.4.2 24
[LSW2-Vlanif204]q


[LSW2]interface v 102
[LSW2-Vlanif102]ip binding vpn-instance VRF
[LSW2-Vlanif102]ip add 10.10.2.2 24
[LSW2-Vlanif102]dis this

[LSW1]ospf 1 router-id 1.1.1.1 vpn-instance VRF
[LSW1-ospf-1]a 0
[LSW1-ospf-1-area-0.0.0.0]network 10.10.2.1 0.0.0.0
[LSW1-ospf-1-area-0.0.0.0]network 10.10.3.1 0.0.0.0
[LSW1-ospf-1-area-0.0.0.0]network 10.10.4.1 0.0.0.0

[LSW1-Vlanif103]dis ospf peer brief

[LSW2]ospf 1 router-id 2.2.2.2 vpn-instance VRF
[LSW2-ospf-1]a 0
[LSW2-ospf-1-area-0.0.0.0]network 10.10.2.2 0.0.0.0
[LSW2-ospf-1-area-0.0.0.0]network 10.20.3.2 0.0.0.0
[LSW2-ospf-1-area-0.0.0.0]network 10.20.4.2 0.0.0.0

[LSW2-Vlanif203]dis ospf peer brief

查IP并测试连通

[LSW1]dis ip routing-table    
[LSW1]dis ip routing-table vpn-instance VRF
[LSW1]ping -vpn-instance VRF 10.20.4.2

[LSW3]interface v 203
[LSW3-Vlanif203]dis ospf interface vlanif 203
[LSW3-Vlanif203]ospf cost 5
[LSW3-Vlanif203]dis ospf interface vlanif 203

[LSW4]interface v 104
[LSW4-Vlanif104]dis ospf interface vlanif 104
[LSW4-Vlanif104]ospf cost 5
[LSW4-Vlanif104]dis ospf interface vlanif 104

[LSW3]ip ip-prefix aa permit 192.168.3.0 24
[LSW3]ip ip-prefix bb permit 192.168.2.0 24
[LSW3]route-policy aa permit node 10
[LSW3-route-policy]if-m    
[LSW3-route-policy]if-match ip-p    
[LSW3-route-policy]if-match ip-prefix aa
[LSW3-route-policy]apply cost 5
[LSW3-route-policy]q

[LSW3]route-policy aa permit node 20
[LSW3-route-policy]if-match ip-prefix bb
[LSW3-route-policy]q

[LSW3]ospf 1
[LSW3-ospf-1]import-route direct  route-policy aa

[LSW4]ip ip-prefix aa permit 192.168.2.0 24    
[LSW4]ip ip-prefix bb permit 192.168.3.0 24

[LSW4]route-policy aa permit node 10
[LSW4-route-policy]if-match ip-prefix aa
[LSW4-route-policy]apply cost 5
[LSW4-route-policy] q

[LSW4]route-policy aa permit  node  20
[LSW4-route-policy]if-match ip-prefix bb
[LSW4-route-policy]q

[LSW4]ospf 1
[LSW4-ospf-1]import-route  direct  route-policy aa
[LSW4-ospf-1]q

<LSW1>dis ip routing-table vpn-instance VRF
<LSW1>dis ospf routing
<LSW1>dis ospf lsdb

<LSW2>dis ip routing-table vpn-instance VRF

[LSW1]vlan batch 401 402
[LSW1]interface g0/0/1
[LSW1-GigabitEthernet0/0/1]dis this
[LSW1-GigabitEthernet0/0/1]p l t
[LSW1-GigabitEthernet0/0/1]p t a v 401 402
[LSW1-GigabitEthernet0/0/1]q
[LSW1]interface g0/0/4
[LSW1-GigabitEthernet0/0/4]p l t
[LSW1-GigabitEthernet0/0/4]p t a v 401 402
[LSW1-GigabitEthernet0/0/4]q

[LSW1]interface v 401
[LSW1-Vlanif401]ip binding vpn-instance VRF
[LSW1-Vlanif401]ip add 10.40.1.1 24
[LSW1-Vlanif401]vrrp vrid 1 virtual-ip 10.40.1.100
[LSW1-Vlanif401]vrrp vrid 1 priority 120
[LSW1-Vlanif401]vrrp vrid 1 preempt-mode timer delay 60
[LSW1-Vlanif401]vrrp vrid 1 track interface g0/0/1 reduce 30
[LSW1-Vlanif401]q

[LSW1]interface v 402
[LSW1-Vlanif402]ip binding vpn-instance VRF
[LSW1-Vlanif402]ip add 10.40.2.1 24
[LSW1-Vlanif402]vrrp vrid 2 virtual-ip 10.40.2.100

[LSW2]vlan batch  401 402
[LSW2]interface g0/0/3
[LSW2-GigabitEthernet0/0/3]p l t
[LSW2-GigabitEthernet0/0/3]p t a v 401 402
[LSW2-GigabitEthernet0/0/3]q
[LSW2]interface g0/0/4
[LSW2-GigabitEthernet0/0/4]p l t
[LSW2-GigabitEthernet0/0/4]p t a v 401 402
[LSW2-GigabitEthernet0/0/4]q

[LSW2]interface v 401    
[LSW2-Vlanif401]ip binding vpn-instance VRF
[LSW2-Vlanif401]ip add 10.40.1.2 24
[LSW2-Vlanif401]vrrp vrid 1 virtual-ip 10.40.1.100
[LSW2-Vlanif401]q

[LSW2]interface v 402
[LSW2-Vlanif402]ip binding vpn-instance VRF
[LSW2-Vlanif402]ip add 10.40.2.2 24
[LSW2-Vlanif402]vrrp vrid 2 virtual-ip 10.40.2.100    
[LSW2-Vlanif402]vrrp vrid 2 priority 120    
[LSW2-Vlanif402]vrrp vrid 2 preempt-mode timer delay 60
[LSW2-Vlanif402]vrrp  vrid 2 track interface g0/0/3 reduce 30

三、VRF交换机与防火墙的路由交互

<USG6000V1>undo terminal monitor 
<USG6000V1>sys
[USG6000V1]sysname FW1
[FW1]vlan batch 401 402 403 404

[FW1]interface g0/0/0
[FW1-GigabitEthernet0/0/0]ip add 10.10.10.1 30
[FW1-GigabitEthernet0/0/0]q

[FW1]interface g1/0/0
[FW1-GigabitEthernet1/0/0]interface g1/0/0.401
[FW1-GigabitEthernet1/0/0.401]ip add 10.40.1.10 24
[FW1-GigabitEthernet1/0/0.401]vlan-type dot1q 401
[FW1-GigabitEthernet1/0/0.401]q

[FW1]interface g1/0/0.402
[FW1-GigabitEthernet1/0/0.402]ip add 10.40.2.10 24
[FW1-GigabitEthernet1/0/0.402]vlan-type dot1q 402
[FW1-GigabitEthernet1/0/0.402]q

[FW1]interface g1/0/1.403
[FW1-GigabitEthernet1/0/1.403]ip add 10.40.3.10 24 
[FW1-GigabitEthernet1/0/1.403]vlan-type dot1q 403
[FW1-GigabitEthernet1/0/1.403]q 

[FW1]interface g1/0/1.404
[FW1-GigabitEthernet1/0/1.404]ip add 10.40.4.10 24
[FW1-GigabitEthernet1/0/1.404]vlan-type dot1q 404
[FW1-GigabitEthernet1/0/1.404]q

[FW1]firewall zone trust
[FW1-zone-trust]add interface g1/0/0.401
[FW1-zone-trust]add interface g1/0/0.402
[FW1-zone-trust]q

[FW1]firewall zone untrust
[FW1-zone-untrust]add int g1/0/1.404
[FW1-zone-untrust]add int g1/0/1.403
[FW1-zone-untrust]dis this
[FW1-zone-untrust]q

[FW1]firewall zone dmz
[FW1-zone-dmz]add int g0/0/0
[FW1-zone-dmz]q

[FW1]interface g1/0/0.401    
[FW1-GigabitEthernet1/0/0.401]vrrp vrid 5 virtual-ip 10.40.1.200 active 
[FW1-GigabitEthernet1/0/0.401]q 
[FW1]interface g1/0/0.402
[FW1-GigabitEthernet1/0/0.402]vrrp vrid 6 virtual-ip 10.40.2.200 standby
[FW1-GigabitEthernet1/0/0.402]q
[FW1]interface g1/0/1.403
[FW1-GigabitEthernet1/0/1.403]vrrp vrid 7 virtual-ip 10.40.3.200 active 
[FW1-GigabitEthernet1/0/1.403]q
[FW1]interface g1/0/1.404
[FW1-GigabitEthernet1/0/1.404]vrrp vrid 8 virtual-ip 10.40.4.200 standby
[FW1-GigabitEthernet1/0/1.404]q

[FW1]hrp int g0/0/0 remote 10.10.10.2
[FW1]hrp enable

HRP_M[FW1]ip route-static 192.168.0.0 16 10.40.1.100
HRP_M[FW1]ip route-static 192.168.0.0 16 10.40.2.100 preference 70
HRP_M[FW1]ip route-static 0.0.0.0 0 10.40.3.100
HRP_M[FW1]ip route-static 0.0.0.0 0 10.40.4.100 preference 70

<USG6000V1>undo terminal monitor 
<USG6000V1>sys
[USG6000V1]sysname FW2
[FW2]vlan batch 401 402 403 404
[FW2]interface g0/0/0
[FW2-GigabitEthernet0/0/0]ip add 10.10.10.2 30
[FW2-GigabitEthernet0/0/0]q
[FW2]interface g1/0/1.401
[FW2-GigabitEthernet1/0/1.401]ip add 10.40.1.20 24
[FW2-GigabitEthernet1/0/1.401]q
[FW2]interface g1/0/1.401
[FW2-GigabitEthernet1/0/1.401]vlan-type dot1q 401
[FW2-GigabitEthernet1/0/1.401]q
[FW2]interface g1/0/1.402
[FW2-GigabitEthernet1/0/1.402]ip add 10.40.2.20 24
[FW2-GigabitEthernet1/0/1.402]vlan-type dot1q 402
[FW2-GigabitEthernet1/0/1.402]q
[FW2]interface g1/0/0.403
[FW2-GigabitEthernet1/0/0.403]ip add 10.40.3.20 24
[FW2-GigabitEthernet1/0/0.403]vlan-type dot1q  403
[FW2-GigabitEthernet1/0/0.403]q
[FW2]interface g1/0/0.404
[FW2-GigabitEthernet1/0/0.404]ip add 10.40.4.20 24     
[FW2-GigabitEthernet1/0/0.404]vlan-type dot1q 404
[FW2-GigabitEthernet1/0/0.404]q

[FW2]firewall zone trust
[FW2-zone-trust]add int g1/0/1.401
[FW2-zone-trust]add int g1/0/1.402
[FW2-zone-trust]q
[FW2]firewall zone untrust 
[FW2-zone-untrust]add int g1/0/0.403
[FW2-zone-untrust]add int g1/0/0.404
[FW2-zone-untrust]q
[FW2]firewall zone dmz
[FW2-zone-dmz]add int g0/0/0
[FW2-zone-dmz]q

[FW2]interface g1/0/1.401
[FW2-GigabitEthernet1/0/1.401]vrrp vrid 5 virtual-ip 10.40.1.200 standby
[FW2]interface g1/0/1.402
[FW2-GigabitEthernet1/0/1.402]vrrp vrid 6 virtual-ip 10.40.2.200 active
[FW2-GigabitEthernet1/0/1.402]q

[FW2]interface g1/0/0.403
[FW2-GigabitEthernet1/0/0.403]vrrp vrid 7 virtual-ip 10.40.3.200 standby
[FW2-GigabitEthernet1/0/0.403]q
[FW2]interface g1/0/0.404
[FW2-GigabitEthernet1/0/0.404]vrrp vrid 8 virtual-ip 10.40.4.200 active
[FW2-GigabitEthernet1/0/0.404]q

[FW2]hrp interface g0/0/0 remote 10.10.10.1
[FW2]hrp enable

HRP_M[FW1]hrp mirror session enable

FW1开启会话同步功能

HRP_M[FW1]dis vrrp brief

[LSW1]interface g0/0/2
[LSW1-GigabitEthernet0/0/2]p l t
[LSW1-GigabitEthernet0/0/2]p t a v 403 404
[LSW1-GigabitEthernet0/0/2]q
[LSW1]interface g0/0/5
[LSW1-GigabitEthernet0/0/5]p l t
[LSW1-GigabitEthernet0/0/5]p t a v 403 404
[LSW1-GigabitEthernet0/0/5]q

[LSW1]vlan 403
[LSW1-vlan403]
[LSW1-vlan403]q
[LSW1]interface vlanif 403
[LSW1-Vlanif403]ip add 10.40.3.1 24
[LSW1-Vlanif403]vrrp vrid 3 virtual-ip 10.40.3.100
[LSW1-Vlanif403]vrrp vrid 3 priority 120
[LSW1-Vlanif403]vrrp vrid 3 preempt-mode timer delay 20
[LSW1-Vlanif403]vrrp vrid 3 track interface g0/0/2 reduced 30
[LSW1-Vlanif403]q

[LSW1]vlan 404
[LSW1-vlan404]q
[LSW1]interface v 404
[LSW1-Vlanif404]ip add 10.40.4.1 24
[LSW1-Vlanif404]vrrp vrid 4 virtual-ip 10.40.4.100

[LSW2]vlan batch 403 404
[LSW2]inter g0/0/2
[LSW2-GigabitEthernet0/0/2]p l t
[LSW2-GigabitEthernet0/0/2]p t a v 403 404
[LSW2-GigabitEthernet0/0/2]q
[LSW2]inter g0/0/5
[LSW2-GigabitEthernet0/0/5]p l t
[LSW2-GigabitEthernet0/0/5]p t a v 403 404
[LSW2-GigabitEthernet0/0/5]q

[LSW2]inter v 403
[LSW2-Vlanif403]ip add 10.40.3.2 24
[LSW2-Vlanif403]vrrp vrid 3 virtual-ip 10.40.3.100
[LSW2-Vlanif403]q
[LSW2]int  v 404
[LSW2-Vlanif404]ip add 10.40.4.2 24
[LSW2-Vlanif404]vrrp vrid 4 virtual-ip 10.40.4.100
[LSW2-Vlanif404]vrrp vrid 4 priority 120
[LSW2-Vlanif404]vrrp vrid 4 preempt-mode timer delay 20
[LSW2-Vlanif404]vrrp vrid 4 track interface g0/0/2 reduced 30

[LSW1]ip route-static vpn-instance VRF 0.0.0.0 0 10.40.1.200    
[LSW1]ip route-static vpn-instance VRF 0.0.0.0 0 10.40.2.200 preference 70
[LSW1]ip route-static vpn-instance VRF 0.0.0.0 0 10.40.4.200 preference 70
[LSW1]ip route-static vpn-instance VRF 0.0.0.0 0 10.40.3.200

[LSW2]ip route-static vpn-instance VRF 0.0.0.0 0 10.40.2.200
[LSW2]ip route-static vpn-instance VRF 0.0.0.0 0 10.40.1.200 preference 70
[LSW2]ip route-static vpn-instance VRF 0.0.0.0 0 10.40.3.200 preference 70
[LSW2]ip route-static vpn-instance VRF 0.0.0.0 0 10.40.4.200

HRP_M[FW1]int g1/0/0 (+B)
HRP_M[FW1-GigabitEthernet1/0/0]ip add 1.1.1.1 24
HRP_M[FW1-GigabitEthernet1/0/0]undo ip addres
HRP_M[FW1-GigabitEthernet1/0/0]q
HRP_M[FW1]int g1/0/1 (+B)
HRP_M[FW1-GigabitEthernet1/0/1]ip add 1.1.1.1 24
HRP_M[FW1-GigabitEthernet1/0/1]undo ip addres
HRP_M[FW1-GigabitEthernet1/0/1]q

HRP_S[FW2]inte g1/0/0
HRP_S[FW2-GigabitEthernet1/0/0]ip add 1.1.1.1 24
HRP_S[FW2-GigabitEthernet1/0/0]undo ip a    
HRP_S[FW2-GigabitEthernet1/0/0]undo ip address 
HRP_S[FW2-GigabitEthernet1/0/0]q
HRP_S[FW2]int g1/0/1
HRP_S[FW2-GigabitEthernet1/0/1]ip add 1.1.1.1 24
HRP_S[FW2-GigabitEthernet1/0/1]undo ip a    
HRP_S[FW2-GigabitEthernet1/0/1]undo ip address 
HRP_S[FW2-GigabitEthernet1/0/1

四、核心到边界

[LSW1]vlan batch  201 105
[LSW1]int g0/0/3
[LSW1-GigabitEthernet0/0/3]p l a
[LSW1-GigabitEthernet0/0/3]p d v 105
[LSW1-GigabitEthernet0/0/3]undo stp enable
[LSW1-GigabitEthernet0/0/3]q
[LSW1]int g0/0/5
[LSW1-GigabitEthernet0/0/5]dis this
#
interface GigabitEthernet0/0/5
 port link-type trunk
 port trunk allow-pass vlan 403 to 404
#
return
[LSW1-GigabitEthernet0/0/5]p t a v 201
[LSW1-GigabitEthernet0/0/5]q
[LSW1]int v 105
[LSW1-Vlanif105]ip address 10.10.5.1 24
[LSW1-Vlanif105]q
[LSW1]int v 201
[LSW1-Vlanif201]ip add 10.20.1.1 24
[LSW1-Vlanif201]q
    
[LSW1]ospf 2 router-id 1.1.1.1 
[LSW1-ospf-2]a 0
[LSW1-ospf-2-area-0.0.0.0]ne    
[LSW1-ospf-2-area-0.0.0.0]network 10.10.5.1 0.0.0.0
[LSW1-ospf-2-area-0.0.0.0]network 10.10.20.1 0.0.0.0
[LSW1-ospf-2-area-0.0.0.0]q

[LSW2]vlan batch 201 206
[LSW2]int g0/0/1
[LSW2-GigabitEthernet0/0/1]p l a
[LSW2-GigabitEthernet0/0/1]p d v 206
[LSW2-GigabitEthernet0/0/1]undo stp enable 
[LSW2-GigabitEthernet0/0/1]q
[LSW2]int g0/0/5
[LSW2-GigabitEthernet0/0/5]p t a v 201
[LSW2-GigabitEthernet0/0/5]q
[LSW2]int v 201
[LSW2-Vlanif201]ip add 10.20.1.2 24
[LSW2-Vlanif201]q
[LSW2]int v 206
[LSW2-Vlanif206]ip add 10.20.6.2 24
[LSW2-Vlanif206]q

[LSW2]ospf 2 router-id 2.2.2.2
[LSW2-ospf-2]a 0
[LSW2-ospf-2-area-0.0.0.0]network 10.20.6.2 0.0.0.0
[LSW2-ospf-2-area-0.0.0.0]network 10.20.1.2 0.0.0.0
[LSW2-ospf-2-area-0.0.0.0]q

[Huawei]int g0/0/0
[Huawei-GigabitEthernet0/0/0]ip add 10.10.5.5 24
[Huawei-GigabitEthernet0/0/0]q
[Huawei]int e0/0/1
[Huawei-Ethernet0/0/1]ip add 10.56.0.5 24
[Huawei-Ethernet0/0/1]q
[Huawei]ospf 2 router-id 5.5.5.5
[Huawei-ospf-2]a 0
[Huawei-ospf-2-area-0.0.0.0]network 10.56.0.5 0.0.0.0
[Huawei-ospf-2-area-0.0.0.0]network 10.10.5.5 0.0.0.0

[Huawei]int g0/0/0
[Huawei-GigabitEthernet0/0/0]ip add 10.20.6.6 24
[Huawei-GigabitEthernet0/0/0]q
[Huawei]int e0/0/1
[Huawei-Ethernet0/0/1]ip add 10.56.0.6 24
[Huawei-Ethernet0/0/1]q
[Huawei]ospf 2 router-id 6.6.6.6
[Huawei-ospf-2]a 0
[Huawei-ospf-2-area-0.0.0.0]n    
[Huawei-ospf-2-area-0.0.0.0]nssa    
[Huawei-ospf-2-area-0.0.0.0]network 10.20.6.6 0.0.0.0
[Huawei-ospf-2-area-0.0.0.0]network 10.56.0.6 0.0.0.0

[R5]ospf 2    
[R5-ospf-2]default-route-advertise
[R5-ospf-2]q
[R5]dis current-configuration configuration ospf


[Huawei]int e0/0/0
[Huawei-Ethernet0/0/0]ip add 13.0.0.6 24
[Huawei-Ethernet0/0/0]q
[Huawei]ospf 2     
[Huawei-ospf-2]default-route-advertise
[Huawei-ospf-2]q
[Huawei]dis current-configuration configuration ospf

 

网站公告

今日签到

点亮在社区的每一天
去签到

热门文章

最新发布