组网需求:
1、这里模拟两条电话拨号上网,分别为电信和联通
电信:
user:huawei1
pass:huawei
联通
user:hauwei2
pass:huawei
2、内网各个网段均能互通
3、内网各个网段均能访问外网百度
组网拓扑:
注意:
在真实生产环境中电信和联通部分,不要我们来配置,这部分均由ISP运营商来管理配置,我们只要办理好相应的业务,运营商就会将相应的光纤线缆布放到企业出口,同时提供给我们拨号的用户名和密码,在本实验中,为了能够真实模拟具体网络环境,这里简单的对运营商进行配置,来实现为我们分配相应外网ip地址即可。关于这部分,这里不做过多的介绍,感兴趣的朋友,了解一下即可。
电信运营商:
<telecom>sys
Enter system view, return user view with Ctrl+Z.
[telecom]dis cur
[V200R003C00]
#
sysname telecom
#
#
ip pool HCIE
gateway-list 100.1.1.1
network 100.1.1.0 mask 255.255.255.0
#
aaa
local-user huawei1 password cipher %$%$bpG|W+6MMJ>mkbWo{bdJTr%p%$%$
local-user huawei1 service-type ppp
#
interface Virtual-Template10
ppp authentication-mode chap
remote address pool HCIE
ip address 100.1.1.1 255.255.255.0
#
interface GigabitEthernet0/0/0
pppoe-server bind Virtual-Template 10
#
interface LoopBack0
ip address 8.8.8.8 255.255.255.255
#
[telecom]联通运营商:
<unicom>sys
Enter system view, return user view with Ctrl+Z.
[unicom]dis cur
[V200R003C00]
#
sysname unicom
#
#
ip pool HCIE
gateway-list 200.1.1.1
network 200.1.1.0 mask 255.255.255.0
#
aaa
local-user huawei2 password cipher %$%$~aOV>~pq8H;7oHVP{]#0TzOl%$%$
local-user huawei2 service-type ppp
#
interface Virtual-Template10
ppp authentication-mode chap
remote address pool HCIE
ip address 200.1.1.1 255.255.255.0
#
interface GigabitEthernet0/0/0
pppoe-server bind Virtual-Template 10
#
interface LoopBack0
ip address 8.8.8.8 255.255.255.255
#
[unicom] 配置思路:
1、在出口网关设备上,配置两条电话拨号上网,使其能够与百度【8.8.8.8】互通。
2、在汇聚交换机上创建vlan 并配置网关ip,同时将接口加入到相应的vlan中,配置静态路由到出口网关
3、在接入交换机上创建vlan ,将接口加入到相应的vlan中,
配置过程:
出口COre-1 配置:
1、配置电信拨号上网
<Huawei>
<Huawei>sys
Enter system view, return user view with Ctrl+Z.
[Huawei]sysna
[Huawei]sysname Core-1
[Core-1]
#建立拨号窗口
[Core-1]int Dialer 1
[Core-1-Dialer1]
[Core-1-Dialer1]dialer user hcie1
#进程号,取值范围(1-255)可任意,作为绑定物理接口使用
[Core-1-Dialer1]dialer bundle 1
#配置电信给分配的用户名和密码
[Core-1-Dialer1]ppp chap user huawei1
[Core-1-Dialer1]ppp chap password cipher huawei
#动态获取电信给分配的外网ip
[Core-1-Dialer1]ip address ppp-negotiate
[Core-1-Dialer1]q
[Core-1]
#绑定到相应的物理接口,这里绑定到001口
[Core-1]int GigabitEthernet 0/0/1
[Core-1-GigabitEthernet0/0/1]pppoe-client dial-bundle-number 1
[Core-1-GigabitEthernet0/0/1]q
[Core-1]
#配置静态路由
[Core-1]ip route-static 0.0.0.0 0.0.0.0 Dialer 12、配置联通拨号上网
<Huawei>
<Huawei>sys
Enter system view, return user view with Ctrl+Z.
[Huawei]sysna
[Huawei]sysname Core-1
[Core-1]
#建立拨号窗口
[Core-1]int Dialer 2
[Core-1-Dialer2]
[Core-1-Dialer2]dialer user hcie2
#进程号,取值范围(1-255)可任意,作为绑定物理接口使用
[Core-1-Dialer2]dialer bundle 2
#配置电信给分配的用户名和密码
[Core-1-Dialer2]ppp chap user huawei2
[Core-1-Dialer2]ppp chap password cipher huawei
#动态获取电信给分配的外网ip
[Core-1-Dialer2]ip address ppp-negotiate
[Core-1-Dialer2]q
[Core-1]
#绑定到相应的物理接口,这里绑定到002口
[Core-1]int GigabitEthernet 0/0/2
[Core-1-GigabitEthernet0/0/2]pppoe-client dial-bundle-number 2
[Core-1-GigabitEthernet0/0/2]q
[Core-1]
#配置静态路由
[Core-1]ip route-static 0.0.0.0 0.0.0.0 Dialer 23、查看出口网关获取到ip(该ip为电信和联通给企业网关动态分配的)
[Core-1]dis ip int brief
*down: administratively down
^down: standby
(l): loopback
(s): spoofing
The number of interface that is UP in Physical is 6
The number of interface that is DOWN in Physical is 0
The number of interface that is UP in Protocol is 3
The number of interface that is DOWN in Protocol is 3
Interface IP Address/Mask Physical Protocol
Dialer1 100.1.1.254/32 up up(s)
Dialer2 200.1.1.254/32 up up(s)
GigabitEthernet0/0/0 unassigned up down
GigabitEthernet0/0/1 unassigned up down
GigabitEthernet0/0/2 unassigned up down
NULL0 unassigned up up(s)
[Core-1]
[Core-1]4、查看静态路由
[Core-1]dis ip routing-table
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Routing Tables: Public
Destinations : 9 Routes : 10
Destination/Mask Proto Pre Cost Flags NextHop Interface
0.0.0.0/0 Static 60 0 D 100.1.1.254 Dialer1
Static 60 0 D 200.1.1.254 Dialer2
100.1.1.1/32 Direct 0 0 D 100.1.1.1 Dialer1
100.1.1.254/32 Direct 0 0 D 127.0.0.1 Dialer1
127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0
127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0
127.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
200.1.1.1/32 Direct 0 0 D 200.1.1.1 Dialer2
200.1.1.254/32 Direct 0 0 D 127.0.0.1 Dialer2
255.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
[Core-1]
[Core-1]5、配置下行ip(与HJ-1相连接的接口)和回路 静态路由
[Core-1]int gi 0/0/0
[Core-1-GigabitEthernet0/0/0]ip add 192.168.20.1 24
Nov 7 2023 13:33:30-08:00 Core-1 %%01IFNET/4/LINK_STATE(l)[0]:The line protocol
IP on the interface GigabitEthernet0/0/0 has entered the UP state.
[Core-1-GigabitEthernet0/0/0]
[Core-1-GigabitEthernet0/0/0]q
[Core-1]
#配置回路 静态路由
[Core-1]ip route-static 192.168.2.0 255.255.255.0 192.168.20.2
[Core-1]ip route-static 192.168.3.0 255.255.255.0 192.168.20.2
[Core-1]ip route-static 192.168.4.0 255.255.255.0 192.168.20.2
[Core-1]ip route-static 192.168.10.0 255.255.255.0 192.168.20.2
[Core-1]6、查看回路 静态路由
[Core-1]dis ip routing-table
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Routing Tables: Public
Destinations : 16 Routes : 17
Destination/Mask Proto Pre Cost Flags NextHop Interface
0.0.0.0/0 Static 60 0 D 100.1.1.254 Dialer1
Static 60 0 D 200.1.1.254 Dialer2
100.1.1.1/32 Direct 0 0 D 100.1.1.1 Dialer1
100.1.1.254/32 Direct 0 0 D 127.0.0.1 Dialer1
127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0
127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0
127.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
192.168.2.0/24 Static 60 0 RD 192.168.20.2 GigabitEthernet
0/0/0
192.168.3.0/24 Static 60 0 RD 192.168.20.2 GigabitEthernet
0/0/0
192.168.4.0/24 Static 60 0 RD 192.168.20.2 GigabitEthernet
0/0/0
192.168.10.0/24 Static 60 0 RD 192.168.20.2 GigabitEthernet
0/0/0
192.168.20.0/24 Direct 0 0 D 192.168.20.1 GigabitEthernet
0/0/0
192.168.20.1/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/0
192.168.20.255/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/0
200.1.1.1/32 Direct 0 0 D 200.1.1.1 Dialer2
200.1.1.254/32 Direct 0 0 D 127.0.0.1 Dialer2
255.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
[Core-1]7、配置NAT,出外网
#创建acl 并允许所有网段通过
[Core-1]acl 2000
[Core-1-acl-basic-2000]rule permit source any
[Core-1-acl-basic-2000]q
[Core-1]
#绑定到接口
[Core-1]int Dialer 1
[Core-1-Dialer1]nat outbound 2000
[Core-1-Dialer1]q
[Core-1]int Dialer 2
[Core-1-Dialer2]nat outbound 2000
[Core-1-Dialer2]q
[Core-1]HJ-1交换机配置
#创建vlan 并给各自vlan 配置ip
[HJ-1]
[HJ-1]vlan bat
[HJ-1]vlan batch 2 3 4 10 20
Info: This operation may take a few seconds. Please wait for a moment...done.
[HJ-1]
[HJ-1]int Vlanif 2
[HJ-1-Vlanif2]ip add 192.168.2.1 24
[HJ-1-Vlanif2]q
[HJ-1]
[HJ-1]int Vlanif 3
[HJ-1-Vlanif3]ip add 192.168.3.1 24
[HJ-1-Vlanif3]q
[HJ-1]
[HJ-1]int Vlanif 4
[HJ-1-Vlanif4]ip add 192.168.4.1 24
[HJ-1-Vlanif4]q
[HJ-1]
[HJ-1]int Vlanif 10
[HJ-1-Vlanif10]ip add 192.168.10.1 24
[HJ-1-Vlanif10]q
[HJ-1]
[HJ-1]int Vlanif 20
[HJ-1-Vlanif20]ip add 192.168.20.2 24
[HJ-1-Vlanif20]
#将接口划分到各自vlan
[HJ-1]
[HJ-1]int gi 0/0/2
[HJ-1-GigabitEthernet0/0/2]port link-type trunk
[HJ-1-GigabitEthernet0/0/2]port trunk allow-pass vlan 2 3 4 10 20
[HJ-1-GigabitEthernet0/0/2]q
[HJ-1]
[HJ-1]int gi 0/0/3
[HJ-1-GigabitEthernet0/0/3]port link-type trunk
[HJ-1-GigabitEthernet0/0/3]port trunk allow-pass vlan 2 3 4 10 20
[HJ-1-GigabitEthernet0/0/3]q
[HJ-1]
[HJ-1]
[HJ-1]int gi 0/0/1
[HJ-1-GigabitEthernet0/0/1]port link-type access
[HJ-1-GigabitEthernet0/0/1]port default vlan 20
[HJ-1-GigabitEthernet0/0/1]q
[HJ-1]
#配置静态路由
[HJ-1]ip route-static 0.0.0.0 0.0.0.0 192.168.20.1JR交换机配置
1、JR-1交换机 划分vlan,并将相应接口加入到各自的vlan中
[Huawei]
[Huawei]vlan batc
[Huawei]vlan batch 2 3 4 10 20
Info: This operation may take a few seconds. Please wait for a moment...done.
[Huawei]int gi 0/0/4
[Huawei-GigabitEthernet0/0/4]port link-type access
[Huawei-GigabitEthernet0/0/4]port default vlan 2
[Huawei-GigabitEthernet0/0/4]q
[Huawei]
[Huawei]int gi 0/0/1
[Huawei-GigabitEthernet0/0/1]port link-type access
[Huawei-GigabitEthernet0/0/1]port default vlan 3
[Huawei-GigabitEthernet0/0/1]q
[Huawei]
[Huawei]int gi 0/0/3
[Huawei-GigabitEthernet0/0/3]port link-type access
[Huawei-GigabitEthernet0/0/3]port default vlan 4
[Huawei-GigabitEthernet0/0/3]q
[Huawei]int gi 0/0/2
[Huawei-GigabitEthernet0/0/2]port link-type trunk
[Huawei-GigabitEthernet0/0/2]port trunk allow-pass vlan 2 3 4 10 20
[Huawei-GigabitEthernet0/0/2]q
[Huawei]
2、JR-2交换机 划分vlan ,并将相应的接口加入到各自的vlan中
[Huawei]
[Huawei]int gi 0/0/1
[Huawei-GigabitEthernet0/0/1]port link-type access
[Huawei-GigabitEthernet0/0/1]port default vlan 10
[Huawei-GigabitEthernet0/0/1]q
[Huawei]
[Huawei]int gi 0/0/2
[Huawei-GigabitEthernet0/0/2]port link-type access
[Huawei-GigabitEthernet0/0/2]port default vlan 10
[Huawei-GigabitEthernet0/0/2]q
[Huawei]
[Huawei]int gi 0/0/4
[Huawei-GigabitEthernet0/0/4]port link-type access
[Huawei-GigabitEthernet0/0/4]port default vlan 10
[Huawei-GigabitEthernet0/0/4]q
[Huawei]
[Huawei]int gi 0/0/3
[Huawei-GigabitEthernet0/0/3]port link-type trunk
[Huawei-GigabitEthernet0/0/3]port trunk allow-pass vlan 2 3 4 10 20
[Huawei-GigabitEthernet0/0/3]q
[Huawei]
测试
PC1 ping 百度ip 8.8.8.8
测试内网之间均能互通。
到此,局域网内的所有主机均能通过 两条拨号线路上网。
注意:
1、后续,将对该实验进行拓展,假如两条拨号线路,其中一条因外部原因发生故障时,如何能快速【秒切】切换到另一线路,感兴趣的朋友可以关注下。
2、本实验中,两条线路实现的是负载均衡,内网中的终端均能通过两条线路出外网,但需要注意的是,当内网中的流量比较大时,才会表现出负载均衡的作用。当然,如果希望10网段走联通,其他的网段走 电信,可以通过策略路由来实现,这个后续会给大家呈现出来,感兴趣的朋友可以关注下。
3、如果需要本实验配置过程的电子书,可以私信我,发你。。。。
作者简介:
我是“网络系统技艺者”,系统运维工程师一枚,持续分享【网络技术+系统运维技术】干货。码字不易,如果您觉得文章还可以,就关注+收藏吧,也许在以后某个时间能够用得到。
本文暂时没有评论,来添加一个吧(●'◡'●)