華為三層交換+雙鏈路出口
阿新 • • 發佈:2020-12-22
公司的網路使用場景:原來公司使用USG2200的防火牆,申請的是聯通的固定IP光纖作為上網出口,現公司增加了技術開發部門和線上業務運營部門,需使用ads多條l線路製作軟路由為為上網出口,需將原來的的三層交換機華為S5700預設路由改為策略路由。
原三層配置:
dis cu # !Software Version V100R005C01SPC100 sysname Active Switch # vlan batch 2 to 13 100 200 300 # stp instance 0 root primary stp enable # cluster enable ntdp enable ntdp hop 16 ndp enable # undo http server enable # dhcp server group 1 # vlan 100 description to firewall # aaa authentication-scheme default authorization-scheme default accounting-scheme default domain default domain default_admin local-user admin password cipher #%YJO2E(@[2C"6@5+9/9:1!! local-user admin privilege level 3 local-user admin service-type telnet terminal web http local-user niewd password cipher :/!T+]7*81C,UMD0PV(YO1!! local-user niewd privilege level 5 # interface Vlanif1 ip address 192.168.1.2 255.255.255.0 vrrp vrid 1 virtual-ip 192.168.1.1 vrrp vrid 1 priority 254 vrrp vrid 1 preempt-mode timer delay 10 # interface Vlanif2 ip address 192.168.2.2 255.255.255.0 vrrp vrid 1 virtual-ip 192.168.2.1 vrrp vrid 1 priority 254 vrrp vrid 1 preempt-mode timer delay 10 # interface Vlanif3 ip address 192.168.3.2 255.255.255.0 vrrp vrid 1 virtual-ip 192.168.3.1 vrrp vrid 1 priority 254 vrrp vrid 1 preempt-mode timer delay 10 # interface Vlanif4 ip address 192.168.4.2 255.255.255.0 vrrp vrid 1 virtual-ip 192.168.4.1 vrrp vrid 1 priority 254 vrrp vrid 1 preempt-mode timer delay 10 # interface Vlanif5 ip address 192.168.5.2 255.255.255.0 vrrp vrid 1 virtual-ip 192.168.5.1 vrrp vrid 1 priority 254 vrrp vrid 1 preempt-mode timer delay 10 # interface Vlanif6 ip address 192.168.6.2 255.255.255.0 vrrp vrid 1 virtual-ip 192.168.6.1 vrrp vrid 1 priority 254 vrrp vrid 1 preempt-mode timer delay 10 # interface Vlanif7 ip address 192.168.7.2 255.255.255.0 vrrp vrid 1 virtual-ip 192.168.7.1 vrrp vrid 1 priority 254 vrrp vrid 1 preempt-mode timer delay 10 # interface Vlanif8 ip address 192.168.8.2 255.255.255.0 vrrp vrid 1 virtual-ip 192.168.8.1 vrrp vrid 1 priority 254 vrrp vrid 1 preempt-mode timer delay 10 # interface Vlanif9 ip address 192.168.9.2 255.255.255.0 vrrp vrid 1 virtual-ip 192.168.9.1 vrrp vrid 1 priority 254 vrrp vrid 1 preempt-mode timer delay 10 # interface Vlanif10 ip address 192.168.10.2 255.255.255.0 vrrp vrid 1 virtual-ip 192.168.10.1 vrrp vrid 1 priority 254 vrrp vrid 1 preempt-mode timer delay 10 # interface Vlanif11 ip address 192.168.11.2 255.255.255.0 vrrp vrid 1 virtual-ip 192.168.11.1 vrrp vrid 1 priority 254 vrrp vrid 1 preempt-mode timer delay 10 # interface Vlanif12 ip address 192.168.12.2 255.255.255.0 vrrp vrid 1 virtual-ip 192.168.12.1 vrrp vrid 1 priority 254 vrrp vrid 1 preempt-mode timer delay 10 # interface Vlanif13 ip address 192.168.13.2 255.255.255.0 vrrp vrid 1 virtual-ip 192.168.13.1 vrrp vrid 1 priority 254 vrrp vrid 1 preempt-mode timer delay 10 # interface Vlanif100 ip address 10.0.0.2 255.255.255.0 # interface Vlanif200 ip address 192.168.200.1 255.255.255.0 # interface Vlanif300 ip address 192.168.100.2 255.255.255.0 # interface MEth0/0/1 # interface GigabitEthernet0/0/1 port link-type trunk port trunk allow-pass vlan 2 to 4094 ntdp enable ndp enable bpdu enable # interface GigabitEthernet0/0/2 port link-type trunk port trunk allow-pass vlan 2 to 4094 ntdp enable ndp enable bpdu enable # interface GigabitEthernet0/0/3 port link-type trunk port trunk allow-pass vlan 2 to 4094 ntdp enable ndp enable bpdu enable # interface GigabitEthernet0/0/4 port link-type trunk port trunk allow-pass vlan 2 to 4094 ntdp enable ndp enable bpdu enable # interface GigabitEthernet0/0/5 port link-type trunk port trunk allow-pass vlan 2 to 4094 ntdp enable ndp enable bpdu enable # interface GigabitEthernet0/0/6 port link-type trunk port trunk allow-pass vlan 2 to 4094 ntdp enable ndp enable bpdu enable # interface GigabitEthernet0/0/7 port link-type trunk port trunk allow-pass vlan 2 to 4094 ntdp enable ndp enable bpdu enable # interface GigabitEthernet0/0/8 port link-type trunk port trunk allow-pass vlan 2 to 4094 ntdp enable ndp enable bpdu enable # interface GigabitEthernet0/0/9 port link-type trunk port trunk allow-pass vlan 2 to 4094 ntdp enable ndp enable bpdu enable # interface GigabitEthernet0/0/10 port link-type trunk port trunk allow-pass vlan 2 to 4094 ntdp enable ndp enable bpdu enable # interface GigabitEthernet0/0/11 port link-type trunk port trunk allow-pass vlan 2 8 10 100 300 ntdp enable ndp enable bpdu enable # interface GigabitEthernet0/0/12 port link-type trunk port trunk allow-pass vlan 2 to 4094 ntdp enable ndp enable bpdu enable # interface GigabitEthernet0/0/13 port link-type access port default vlan 13 ntdp enable ndp enable bpdu enable # interface GigabitEthernet0/0/14 port link-type trunk port trunk allow-pass vlan 2 to 4094 ntdp enable ndp enable bpdu enable # interface GigabitEthernet0/0/15 port link-type access port default vlan 5 ntdp enable ndp enable bpdu enable # interface GigabitEthernet0/0/16 port link-type access port default vlan 200 ntdp enable ndp enable bpdu enable # interface GigabitEthernet0/0/17 port link-type trunk port trunk allow-pass vlan 2 to 4094 ntdp enable ndp enable bpdu enable # interface GigabitEthernet0/0/18 port link-type trunk port trunk allow-pass vlan 2 to 4094 ntdp enable ndp enable bpdu enable # interface GigabitEthernet0/0/19 port link-type trunk port trunk allow-pass vlan 2 to 4094 ntdp enable ndp enable bpdu enable # interface GigabitEthernet0/0/20 port link-type access port default vlan 100 traffic-policy ecrouter inbound ntdp enable ndp enable bpdu enable # interface GigabitEthernet0/0/21 port link-type access port default vlan 2 ntdp enable ndp enable bpdu enable # interface GigabitEthernet0/0/22 port link-type trunk port trunk allow-pass vlan 2 to 4094 ntdp enable ndp enable bpdu enable # interface GigabitEthernet0/0/23 port link-type access port default vlan 100 ntdp enable ndp enable bpdu enable # interface GigabitEthernet0/0/24 port link-type trunk port trunk allow-pass vlan 2 to 99 101 to 4094 ntdp enable ndp enable bpdu enable # interface NULL0 # ip route-static 0.0.0.0 0.0.0.0 10.0.0.1 # snmp-agent snmp-agent local-engineid 000007DB7F000001000056F5 snmp-agent community read public snmp-agent community write private snmp-agent sys-info version all # user-interface con 0 idle-timeout 0 0 user-interface vty 0 4 authentication-mode aaa # return
後來查閱資料增加策略路由使用路由重定向指定下一跳地址,成功設定固定網段走指定路由。但後來又發現一個問題指定的網段不能和三層交換機的其它網段互通,經過測試最終找到問題是由由,沒有設定訪問192.168.0.0網段的路由,所有的路由都被預設指定重定向的下一跳路由介面10.0.0.3的地址上,下面附最終測試完成的三層路由。
dis cu # !Software Version V100R005C01SPC100 sysname Active Switch # vlan batch 2 to 13 100 200 300 # stp instance 0 root primary stp enable # cluster enable ntdp enable ntdp hop 16 ndp enable # undo http server enable # dhcp server group 1 # acl number 3009 rule 10 permit ip destination 192.168.0.0 0.0.255.255 acl number 3010 rule 10 permit ip source 192.168.200.0 0.0.0.255 # traffic classifier ecnet operator or if-match acl 3010 traffic classifier innernet operator or if-match acl 3009 # traffic behavior yunxu permit traffic behavior redirect redirect ip-nexthop 10.0.0.3 # traffic policy EcRouter classifier innernet behavior yunxu classifier ecnet behavior redirect # vlan 100 description to firewall # dhcp server group 1 # aaa authentication-scheme default authorization-scheme default accounting-scheme default domain default domain default_admin local-user admin password cipher #%YJO2E(@[2C"6@5+9/9:1!! local-user admin privilege level 3 local-user admin service-type telnet terminal web http local-user niewd password cipher :/!T+]7*81C,UMD0PV(YO1!! local-user niewd privilege level 5 # interface Vlanif1 ip address 192.168.1.2 255.255.255.0 vrrp vrid 1 virtual-ip 192.168.1.1 vrrp vrid 1 priority 254 vrrp vrid 1 preempt-mode timer delay 10 # interface Vlanif2 ip address 192.168.2.2 255.255.255.0 vrrp vrid 1 virtual-ip 192.168.2.1 vrrp vrid 1 priority 254 vrrp vrid 1 preempt-mode timer delay 10 # interface Vlanif3 ip address 192.168.3.2 255.255.255.0 vrrp vrid 1 virtual-ip 192.168.3.1 vrrp vrid 1 priority 254 vrrp vrid 1 preempt-mode timer delay 10 # interface Vlanif4 ip address 192.168.4.2 255.255.255.0 vrrp vrid 1 virtual-ip 192.168.4.1 vrrp vrid 1 priority 254 vrrp vrid 1 preempt-mode timer delay 10 # interface Vlanif5 ip address 192.168.5.2 255.255.255.0 vrrp vrid 1 virtual-ip 192.168.5.1 vrrp vrid 1 priority 254 vrrp vrid 1 preempt-mode timer delay 10 # interface Vlanif6 ip address 192.168.6.2 255.255.255.0 vrrp vrid 1 virtual-ip 192.168.6.1 vrrp vrid 1 priority 254 vrrp vrid 1 preempt-mode timer delay 10 # interface Vlanif7 ip address 192.168.7.2 255.255.255.0 vrrp vrid 1 virtual-ip 192.168.7.1 vrrp vrid 1 priority 254 vrrp vrid 1 preempt-mode timer delay 10 # interface Vlanif8 ip address 192.168.8.2 255.255.255.0 vrrp vrid 1 virtual-ip 192.168.8.1 vrrp vrid 1 priority 254 vrrp vrid 1 preempt-mode timer delay 10 # interface Vlanif9 ip address 192.168.9.2 255.255.255.0 vrrp vrid 1 virtual-ip 192.168.9.1 vrrp vrid 1 priority 254 vrrp vrid 1 preempt-mode timer delay 10 # interface Vlanif10 ip address 192.168.10.2 255.255.255.0 vrrp vrid 1 virtual-ip 192.168.10.1 vrrp vrid 1 priority 254 vrrp vrid 1 preempt-mode timer delay 10 # interface Vlanif11 ip address 192.168.11.2 255.255.255.0 vrrp vrid 1 virtual-ip 192.168.11.1 vrrp vrid 1 priority 254 vrrp vrid 1 preempt-mode timer delay 10 # interface Vlanif12 ip address 192.168.12.2 255.255.255.0 vrrp vrid 1 virtual-ip 192.168.12.1 vrrp vrid 1 priority 254 vrrp vrid 1 preempt-mode timer delay 10 # interface Vlanif13 ip address 192.168.13.2 255.255.255.0 vrrp vrid 1 virtual-ip 192.168.13.1 vrrp vrid 1 priority 254 vrrp vrid 1 preempt-mode timer delay 10 # interface Vlanif100 ip address 10.0.0.2 255.255.255.0 # interface Vlanif200 ip address 192.168.200.2 255.255.255.0 vrrp vrid 1 virtual-ip 192.168.200.1 vrrp vrid 1 priority 254 vrrp vrid 1 preempt-mode timer delay 10 # interface Vlanif300 ip address 192.168.100.2 255.255.255.0 # interface MEth0/0/1 # interface GigabitEthernet0/0/1 port link-type trunk port trunk allow-pass vlan 2 to 4094 ntdp enable ndp enable bpdu enable # interface GigabitEthernet0/0/2 port link-type trunk port trunk allow-pass vlan 2 to 4094 ntdp enable ndp enable bpdu enable # interface GigabitEthernet0/0/3 port link-type trunk port trunk allow-pass vlan 2 to 4094 ntdp enable ndp enable bpdu enable # interface GigabitEthernet0/0/4 port link-type trunk port trunk allow-pass vlan 2 to 4094 ntdp enable ndp enable bpdu enable # interface GigabitEthernet0/0/5 port link-type trunk port trunk allow-pass vlan 2 to 4094 ntdp enable ndp enable bpdu enable # interface GigabitEthernet0/0/6 port link-type trunk port trunk allow-pass vlan 2 to 4094 traffic-policy EcRouter inbound ntdp enable ndp enable bpdu enable # interface GigabitEthernet0/0/7 port link-type trunk port trunk allow-pass vlan 2 to 4094 ntdp enable ndp enable bpdu enable # interface GigabitEthernet0/0/8 port link-type trunk port trunk allow-pass vlan 2 to 4094 ntdp enable ndp enable bpdu enable # interface GigabitEthernet0/0/9 port link-type trunk port trunk allow-pass vlan 2 to 4094 ntdp enable ndp enable bpdu enable # interface GigabitEthernet0/0/10 port link-type trunk port trunk allow-pass vlan 2 to 4094 ntdp enable ndp enable bpdu enable # interface GigabitEthernet0/0/11 port link-type trunk port trunk allow-pass vlan 2 8 10 100 300 ntdp enable ndp enable bpdu enable # interface GigabitEthernet0/0/12 port link-type trunk port trunk allow-pass vlan 2 to 4094 ntdp enable ndp enable bpdu enable # interface GigabitEthernet0/0/13 port link-type access port default vlan 13 ntdp enable ndp enable bpdu enable # interface GigabitEthernet0/0/14 port link-type trunk port trunk allow-pass vlan 2 to 4094 ntdp enable ndp enable bpdu enable # interface GigabitEthernet0/0/15 port link-type access port default vlan 5 ntdp enable ndp enable bpdu enable # interface GigabitEthernet0/0/16 port link-type access port default vlan 200 ntdp enable ndp enable bpdu enable # interface GigabitEthernet0/0/17 port link-type trunk port trunk allow-pass vlan 2 to 4094 ntdp enable ndp enable bpdu enable # interface GigabitEthernet0/0/18 port link-type trunk port trunk allow-pass vlan 2 to 4094 ntdp enable ndp enable bpdu enable # interface GigabitEthernet0/0/19 port link-type trunk port trunk allow-pass vlan 2 to 4094 ntdp enable ndp enable bpdu enable # interface GigabitEthernet0/0/20 port link-type access port default vlan 100 ntdp enable ndp enable bpdu enable # interface GigabitEthernet0/0/21 port link-type access port default vlan 2 ntdp enable ndp enable bpdu enable # interface GigabitEthernet0/0/22 port link-type trunk port trunk allow-pass vlan 2 to 4094 ntdp enable ndp enable bpdu enable # interface GigabitEthernet0/0/23 port link-type access port default vlan 100 ntdp enable ndp enable bpdu enable # interface GigabitEthernet0/0/24 port link-type trunk port trunk allow-pass vlan 2 to 99 101 to 4094 ntdp enable ndp enable bpdu enable # interface NULL0 # ip route-static 0.0.0.0 0.0.0.0 10.0.0.1 preference 20 ip route-static 0.0.0.0 0.0.0.0 10.0.0.3 preference 30 # snmp-agent snmp-agent local-engineid 000007DB7F000001000056F5 snmp-agent community read public snmp-agent community write private snmp-agent sys-info version all # user-interface con 0 idle-timeout 0 0 user-interface vty 0 4 authentication-mode aaa # return