实验AR1200+S5700+S3700网络组网
AR1200+S5700+S3700访问外网的例子,其实也是我们公司实际的网络拓扑网,只是公司的还没有进行配置,AR2220做为路由访问外网,一台S5700是核心交换机,两台S3700做为接入层交换机使用,为每台S3700划分一个vlan,在本例中,一个是vlan 2,一个是vlan 4,只要这两个会了,再增加交换机也就没有问题了,希望对初学者有些帮助.网络拓扑图如下:https://forum.huawei.com/enterprise/zh/data/attachment/forum/dm/ecommunity/uploads/2014/0316/15/5325527305085.jpg画图水平不行, 凑活着看就行,下面配置主路由器AR1200,'号后面是备注信息,配置如下:
acl number 2000
rule 5 permit source 192.168.0.0 0.0.255.255 '做个acl,可以根据自己需要配置IP,
q
vlan 100
q
interface giga 0/0/0
ip address 192.168.1.3 24'配置外网IP地址,也就是联通呀,移动等运营商提供给你的IP址,24是掩码
q
interface giga 0/0/1
ip address 1.1.1.1 24
q
ip route-static 0.0.0.0 0.0.0.0 192.168.1.1 '静态路由,使内网的所有外部访问都指向外网网关,网关是运营商提供的.
ip route-static 192.168.2.0 255.255.255.0 1.1.1.3'静态路由,所有访问192.168.2.X的请求指向1.1.1.3
ip route-static 192.168.4.0 255.255.255.0 1.1.1.4'静态路由,所有访问192.168.4.X的请求指向1.1.1.4
'可以根据需要自己再增加
<Huawei>
刚开始搞不明白为什么路由器上的接口可以设置IP地址,交换机上的就不行,输入命令时经常搞错,所以遇到路由器就在接口上设置IP,交换机就在Vlanif接口上设置IP就行,也不知我的想法对不.
接下来配置S5700核心交换机,配置如下:undo info-center enable
Info: Information center is disabled.
vlan 100
q
interface vlanif 100
ip address 1.1.1.2 24
q
interface giga 0/0/22
port link-type trunk '交换机和交换机之间连接用trunk接口
port trunk allow-pass vlan 100 2 '允许通过vlan100和vlan2
q
ip route-static 0.0.0.0 0.0.0.0 1.1.1.1
interface giga 0/0/24
port link-type access
port default vlan 100
q
interface giga 0/0/23
port link-type trunk '同上面22接口
port trunk allow-pass vlan 100 4 '允许通过vlan100和vlan4
q
下面配置S3700交换机,属于vlan2undo info-center enable
Info: Information center is disabled.
vlan 100
q
interface eth 0/0/22
ip address 1.1.1.3 24'在这个地方出错了,不允许在接口上设置IP
^
Error: Unrecognized command found at '^' position.
port link-type trunk
port trunk allow-pass vlan 100 2
q
interface vlanif 100
ip address 1.1.1.3 24
q
vlan 2
q
interface vlanif 2
ip address 192.168.2.1 24
q
ip route-static 0.0.0.0 0.0.0.0 1.1.1.1
interface eth 0/0/1
port hybrid untagged vlan 2
port hybrid pvid vlan 2
port hybrid untagged vlan 100 2
dis this ' 查看一下接口信息
#
interface Ethernet0/0/1
port hybrid pvid vlan 2
port hybrid untagged vlan 2 100
#
return
下面配置S3700-2交换机,属于vlan4undo info-center enable
Info: Information center is disabled.
vlan 100
q
interface vlanif 100
ip address 1.1.1.4 24
q
interface eth 0/0/22
port link-type trunk
port trunk allow-pass vlan 100 4
dis this
#
interface Ethernet0/0/22
port link-type trunk
port trunk allow-pass vlan 4 100
#
return
q
vlan 4
q
interface vlanif 4
ip address 192.168.4.1 24
q
ip route-static 0.0.0.0 0.0.0.0 1.1.1.1
ping 192.168.4.1
PING 192.168.4.1: 56data bytes, press CTRL_C to break
Reply from 192.168.4.1: bytes=56 Sequence=1 ttl=255 time=20 ms
Reply from 192.168.4.1: bytes=56 Sequence=2 ttl=255 time=10 ms
Reply from 192.168.4.1: bytes=56 Sequence=3 ttl=255 time=1 ms
Reply from 192.168.4.1: bytes=56 Sequence=4 ttl=255 time=30 ms
Reply from 192.168.4.1: bytes=56 Sequence=5 ttl=255 time=1 ms
--- 192.168.4.1 ping statistics ---
5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 1/12/30 ms
interface eth 0/0/1
port hybrid untagged vlan 100 4
port hybrid pvid vlan 4
q
好了,交换机和路由器的设置就完成了,把两个PC客户端配置好IP地址就可以试试效果了,但由于是模拟器的原因,在长间没有使用时,有时候会有ping不通的情况,在我这里两个都能ping通外网,vlan2和vlan4之间也能互通.在真实的设备上我们可以启用web界面和telnet,然后通过1.1.1.1,1.1.1.2,1.1.1.3这些地址来访问和管理路由器和交换机了,端口隔离,mac黑洞之类的配置可以在web界面上操作,谁让咱会的太少了.下面是前两个例子的地址,从简到稍难
首先配置AR2220,设置GE0接口IP为固定外网地址,设置GE1接口IP为1.1.1.1,然后做两条静态路由,创建vlan 100,红色文本是需要特别多看几眼的,代码如下:vlan 100
q
acl number 2000
rule 5 permit source 192.168.0.0 0.0.255.255
q
interface giga 0/0/0
ip address 192.168.1.3 255.255.255.0
Mar 13 2014 07:34:12-05:13 Huawei %IFNET/4/LINK_STATE(l):The line protocol
IP on the interface GigabitEthernet0/0/0 has entered the UP state.
q
interface giga 0/0/1
ip address 1.1.1.1 255.255.255.0
q
ip route-static 0.0.0.0 0.0.0.0 192.168.1.1
ip route-static 192.168.0.0 255.255.0.0 1.1.1.2
q
save
The current configuration will be written to the device.
Are you sure to continue? (y/n):y
It will take several minutes to save configuration file, please wait..........
Configuration file had been saved successfully
Note: The configuration file will take effect after being activated
Mar 13 2014 07:37:25-05:13 Huawei ARP/4/ARP_IPCONFLICT_TRAP:OID 16777216.50331648
.100663296.16777216.67108864.16777216.3674669056.83886080.419430400.2063597568.33
554432.100663296 ARP detects IP conflict. (IP address=201.1.168.192, Local interf
ace=GigabitEthernet0/0/0, Local MAC=4437-e68c-b212, Local vlan=0, Local CE vlan=0
, Receive interface=GigabitEthernet0/0/0, Receive MAC=1c1a-c00f-253f, Receive vla
n=0, Receive CE vlan=0, IP conflict type=Remote IP conflict).
接下来配置S5700交换机,GE1接口IP为1.1.1.2,属于vlan100,GE2接口属于vlan1,GE3接口属于vlan2,代码如下 vlan batch 2 4 6 8 100Info: This operation may take a few seconds. Please wait for a moment...done.
Mar 13 2014 10:38:34-08:00 Huawei DS/4/DATASYNC_CFGCHANGE:OID 1.3.6.1.4.1.2011.5.
25.191.3.1 configurations have been changed. The current change number is 4, the
change loop count is 0, and the maximum number of records is 4095.
interface vlanif 100
ip address 1.1.1.2 255.255.255.0
Mar 13 2014 10:40:14-08:00 Huawei DS/4/DATASYNC_CFGCHANGE:OID 1.3.6.1.4.1.2011.5.
25.191.3.1 configurations have been changed. The current change number is 6, the
change loop count is 0, and the maximum number of records is 4095.
q
interface giga 0/0/1
port link-type access
port default vlan 100
q
ip route-static 0.0.0.0 0.0.0.0 1.1.1.1
Mar 13 2014 10:43:24-08:00 Huawei DS/4/DATASYNC_CFGCHANGE:OID 1.3.6.1.4.1.2011.5.
25.191.3.1 configurations have been changed. The current change number is 9, the
change loop count is 0, and the maximum number of records is 4095.
interface vlanif 1
ip address 192.168.0.1 255.255.255.0
q
interface vlanif 2
ip address 192.168.2.1 255.255.255.0
q
interface giga 0/0/3
port link-type access
port default vlan 2
q
save
The current configuration will be written to the device.
Are you sure to continue?y
Now saving the current configuration to the slot 0.
Mar 13 2014 11:02:44-08:00 Huawei %CFM/4/SAVE(l):The user chose Y when dec
iding whether to save the configuration to the device.
Save the configuration successfully.
然后设置PC1和PC2的IP地址,先ping 1.1.1.1,如果没有问题再ping 192.168.1.3,192.168.1.111,202.99.192.66,一路ping下来是不是感觉有点小成就感,如果PC2无法ping通,那么就像昨天一样,在自己的真实路由器上做个静态路由指向192.168.2.0便可以了.需要的可以下载附件导出配置文件看.
页:
[1]