华为ENSP--ISIS路由协议
请注意,本文编写于 55 天前,最后修改于 5 天前,其中某些信息可能已经过时。
目录
项目背景
为了确保资源共享、办公自动化和节省人力成本,公司E申请两条专线将深圳总部和广州、北京两家分公司网络连接起来。公司原来运行OSFP路由协议,现打算迁移到IS-IS路由协议,张同学正在该公司实习,为了提高实际工作的准确性和工作效率,项目经理安排他在实验室环境下完成测试,为设备上线运行奠定坚实的基础。张同学用1台路由器模拟ISP的网络,总部通过静态默认路由实现到ISP的连接。分公司和总部内部网络通过三层交换机实现VLAN间路由,总部和分公司运行IS-IS路由协议实现网络互联
实验拓扑
项目目标
前期准备
- **VLAN部署:**在总部和分公司相应交换机上完成VLAN相关配置,包括VLAN创建和端口划分、Trunk配置等。在交换机S1和S2之间链路配置链路聚合
- **MSTP部署:**在交换机S1、S2和S3上配置MSTP,通过实例1(VLAN12和VLAN13)和实例2(VLAN14和VLAN15)选举不同的根桥实现负载分担。交换机S1是实例1的根桥(优先级为4096),是实例2的次根桥(优先级为8192);交换机S2是实例1的次根桥(优先级为8192),是实例2的根桥(优先级为4096)
- **IP地址部署:**在总部和分公司设备上完成IP地址配置,包括配置路由器接口的IP地址、三层交换机创建VLANIF并配置IP地址以及配置计算机和服务器的IP地址、子网掩码和网关
- **VRRP部署:**总部核心交换机S1和S2配置VRRP,为各个VLAN主机提供冗余网关。通过配置使得交换机S1作为VLAN12和VLAN13的Master,交换机S2作为VLAN14和VLAN15的Master。确保每个VLAN的VRRP的Master和MSTP的根一致
- **NAT部署:**配置NAT,使得总部和分公司的主机可以通过路由器SZ访问Internet
项目核心(ISIS)
- **配置IS-IS功能:**创建IS-IS进程,配置开销类型、配置NET、动态主机名、激活运行IS-IS进程的路由器接口等。广州网络划分到IS-IS区域40.0002,北京网络划分到IS-IS区域49.0003,深圳总部网络到分公司的两条链路上修改IS-IS电路类型为Level-2。为了减少向局域网发送不必要的IS-IS更新,将分公司交换机适当接口配置为静默接口
- **配置IS-IS验证:**为了提高网络安全性,在深圳总部到分公司的两条链路上,配置IS-IS接口MD5验证。在深圳总部的IS-IS区域49.0001配置区域MD5验证
- **配置IS-IS路由聚合:**在三地边界路由器上分别配置路由聚合,以便减少路由表大小,提高路由表找效率
- **配置IS-IS 默认路由注入:**在深圳总部路由器上配置只想ISP的静态默认路由,并向IS-IS网络注入默认路由
- **控制DIS选举:**控制路由器SZ成为连接三层交换机S1和S2的相应网段的DIS
- **调整IS-IS计时器:**在深圳和北京连接的链路上,将接口发送Hello报文周期改为5秒,邻居保持时间为Hello报文的发送间隔时间的4倍
| 设备 | VLAN ID | IP地址段 | VLAN接口地址 |
|---|---|---|---|
| S1 | VLAN 2 | 10.2.2.0/30 | 10.2.2.2/30 |
| VLAN 12 | 10.1.12.0/24 | 10.1.12.252/24 | |
| VLAN 13 | 10.1.13.0/24 | 10.1.13.252/24 | |
| VLAN 14 | 10.1.14.0/24 | 10.1.14.252/24 | |
| VLAN 15 | 10.1.15.0/24 | 10.1.15.252/24 | |
| S2 | VLAN 3 | 10.2.3.0/30 | 10.2.3.2/30 |
| VLAN 12 | 10.1.12.0/24 | 10.1.12.253/24 | |
| VLAN 13 | 10.1.13.0/24 | 10.1.13.253/24 | |
| VLAN 14 | 10.1.14.0/24 | 10.1.14.253/24 | |
| VLAN 15 | 10.1.15.0/24 | 10.1.15.253/24 | |
| S3 | VLAN 12 | 10.1.12.0/24 | 10.1.12.254/24 |
| VLAN 13 | 10.1.13.0/24 | 10.1.13.254/24 | |
| VLAN 14 | 10.1.14.0/24 | 10.1.14.254/24 | |
| VLAN 15 | 10.1.15.0/24 | 10.1.15.254/24 | |
| S5 | VLAN 22 | 172.16.8.0/24 | 172.16.8.254/24 |
| VLAN 33 | 172.16.9.0/24 | 172.16.9.254/24 | |
| VLAN 44 | 172.16.10.0/24 | 172.16.10.254/24 | |
| VLAN 55 | 172.16.11.0/24 | 172.16.11.254/24 | |
| VLAN 66 | 172.16.6.0/30 | 172.16.6.2/30 | |
| S6 | VLAN 223 | 192.168.2.0/24 | 192.168.2.254/24 |
| VLAN 333 | 192.168.3.0/24 | 192.168.3.254/24 | |
| VLAN 666 | 192.168.6.0/30 | 192.168.6.2/30 |
| 设备 | 接口 | 接口类型 | VLAN | 链路聚合 | 对端设备及接口 |
|---|---|---|---|---|---|
| S1 | G0/0/1 | Access | VLAN 2 | SZ G0/0/2 | |
| G0/0/2 | Trunk | S3 G0/0/2 | |||
| G0/0/10 | Trunk | 是 | S2 G0/0/10 | ||
| G0/0/11 | Trunk | 是 | S2 G0/0/11 | ||
| S2 | G0/0/1 | Access | VLAN 3 | SZ G0/0/2 | |
| G0/0/2 | Trunk | S3 G0/0/2 | |||
| G0/0/10 | Trunk | 是 | S2 G0/0/10 | ||
| G0/0/11 | Trunk | 是 | S2 G0/0/11 | ||
| S3 | Ethernet0/0/1 | Access | VLAN 12 | PC1 | |
| Ethernet0/0/2 | Access | VLAN 13 | PC9 | ||
| Ethernet0/0/3 | Access | VLAN 14 | PC10 | ||
| Ethernet0/0/4 | Access | VLAN 15 | Server1 | ||
| G0/0/1 | Trunk | S2 G0/0/2 | |||
| G0/0/2 | Trunk | S1 G0/0/2 | |||
| S5 | G0/0/1 | Access | VLAN 66 | GZ G0/0/1 | |
| G0/0/2 | Access | VLAN 22 | PC2 | ||
| G0/0/3 | Access | VLAN 33 | PC3 | ||
| G0/0/4 | Access | VLAN 44 | PC7 | ||
| G0/0/5 | Access | VLAN 55 | PC8 | ||
| S6 | G0/0/1 | Access | VLAN 666 | BJ G0/0/0 | |
| G0/0/2 | Access | VLAN 222 | PC4 | ||
| G0/0/3 | Access | VLAN 333 | PC5 | ||
| SZ | G0/0/0 | GZ G0/0/0 | |||
| G0/0/1 | BJ G0/0/1 | ||||
| G0/0/2 | S1 G0/0/1 | ||||
| G4/0/1 | S2 G0/0/1 | ||||
| G4/0/0 | LSP G0/0/1 | ||||
| GZ | G0/0/0 | SZ G0/0/0 | |||
| G0/0/1 | S5 G0/0/1 | ||||
| BJ | G0/0/0 | S6 G0/0/0 | |||
| G0/0/1 | SZ G0/0/1 | ||||
| LSP | G0/0/0 | SZ G4/0/0 | |||
| LoopBack0 |
| 设备 | 接口 | IP地址 | 备注 |
|---|---|---|---|
| SZ | G0/0/0 | 172.16.12.2/30 | |
| G0/0/1 | 192.168.12.1/30 | ||
| G0/0/2 | 10.2.2.1/30 | ||
| G4/0/1 | 10.2.3.1/30 | ||
| G4/0/0 | 218.18.12.1/30 | ||
| GZ | G0/0/0 | 172.16.12.1/30 | |
| G0/0/1 | 172.16.6.2/30 | ||
| BJ | G0/0/0 | 192.168.6.1/30 | |
| G0/0/1 | 192.168.12.2/30 | ||
| LSP | G0/0/1 | 218.18.12.2/30 | |
| LoopBack0 | 8.8.8.8/24 | 模拟Internet上主机 | |
| PC1 | 10.1.12.100/24 | 网关:10.1.12.254 | |
| PC2 | 172.16.8.100/24 | 网关:172.16.8.254 | |
| PC3 | 172.16.9.100/24 | 网关:172.16.9.254 | |
| PC4 | 192.168.2.100/24 | 网关:192.168.2.254 | |
| PC5 | 192.168.3.100/24 | 网关:192.168.3.254 | |
| PC7 | 172.16.10.100/24 | 网关:172.16.10.254 | |
| PC8 | 172.16.11.100/24 | 网关:172.16.11.254 | |
| PC9 | 10.1.13.100/24 | 网关:10.1.13.254 | |
| PC10 | 10.1.14.100/24 | 网关:10.1.14.254 | |
| Server1 | 10.1.15.100/24 | 网关:10.1.15.254 |
别问为什么PC机的序号是乱的,因为我是乱放的。。。
呃呃呃,上面的跟OSPF的那篇博客的内容,除了核心那一部分外,其他都一样,因为懒人就是这样啦
项目步骤
准备工作
(1)配置VLAN
在总部和分公司相应交换机上完成VLAN相关配置,包括VLAN创建和端口划分、Trunk配置。在交换机S1和S2之间链路配置链路聚合
S1配置
展开代码[S1]vlan batch 2 12 to 15 [S1]interface Eth-Trunk1 [S1-Eth-Trunk1]port link-type trunk [S1-Eth-Trunk1]port trunk allow-pass vlan 2 to 4094 # 设置负载均衡策略为源MAC和目的MAC [S1-Eth-Trunk1]load-balance src-dst-mac [S1-Eth-Trunk1]quit [S1]interface GigabitEthernet0/0/1 [S1-GigabitEthernet0/0/1]port link-type access [S1-GigabitEthernet0/0/1]port default vlan 2 [S1-GigabitEthernet0/0/1]quit [S1]interface GigabitEthernet0/0/2 [S1-GigabitEthernet0/0/2]port link-type trunk [S1-GigabitEthernet0/0/2]port trunk allow-pass vlan 2 to 4094 [S1-GigabitEthernet0/0/2]quit # 将G0/0/10和G0/0/11接口加入链路聚合组1 [S1]interface GigabitEthernet0/0/10 [S1-GigabitEthernet0/0/10]eth-trunk 1 [S1-GigabitEthernet0/0/10]quit [S1]interface GigabitEthernet0/0/11 [S1-GigabitEthernet0/0/11]eth-trunk 1 [S1-GigabitEthernet0/0/11]quit
S2配置
展开代码[S2]vlan batch 2 to 3 12 to 15 [S2]interface Eth-Trunk1 [S2-Eth-Trunk1]port link-type trunk [S2-Eth-Trunk1]port trunk allow-pass vlan 2 to 4094 [S2-Eth-Trunk1]load-balance src-dst-mac [S2-Eth-Trunk1]quit [S2]interface GigabitEthernet0/0/1 [S2-GigabitEthernet0/0/1]port link-type access [S2-GigabitEthernet0/0/1]port default vlan 3 [S2-GigabitEthernet0/0/1]quit [S2]interface GigabitEthernet0/0/2 [S2-GigabitEthernet0/0/2]port link-type trunk [S2-GigabitEthernet0/0/2]port trunk allow-pass vlan 2 to 4094 [S2-GigabitEthernet0/0/2]quit # 将G0/0/10和G0/0/11加入链路聚合组1 [S2]interface GigabitEthernet0/0/10 [S2-GigabitEthernet0/0/10]eth-trunk 1 [S2-GigabitEthernet0/0/10]quit [S2]interface GigabitEthernet0/0/11 [S2-GigabitEthernet0/0/11]eth-trunk 1 [S2-GigabitEthernet0/0/11]quit
S3配置
其实这里的S3交换机就是二层(傻瓜)交换机
展开代码[S3]vlan batch 12 to 15 [S3]interface Ethernet0/0/1 [S3-Ethernet0/0/1]port link-type access [S3-Ethernet0/0/1]port default vlan 12 [S3-Ethernet0/0/1]quit [S3]interface Ethernet0/0/2 [S3-Ethernet0/0/2]port link-type access [S3-Ethernet0/0/2]port default vlan 13 [S3-Ethernet0/0/2]quit [S3]interface Ethernet0/0/3 [S3-Ethernet0/0/3]port link-type access [S3-Ethernet0/0/3]port default vlan 14 [S3-Ethernet0/0/3]quit [S3]interface Ethernet0/0/4 [S3-Ethernet0/0/4]port link-type access [S3-Ethernet0/0/4]port default vlan 15 [S3-Ethernet0/0/4]quit [S3]interface GigabitEthernet0/0/1 [S3-GigabitEthernet0/0/1]port link-type trunk [S3-GigabitEthernet0/0/1]port trunk allow-pass vlan 2 to 4094 [S3-GigabitEthernet0/0/1]quit [S3]interface GigabitEthernet0/0/2 [S3-GigabitEthernet0/0/2]port link-type trunk [S3-GigabitEthernet0/0/2]port trunk allow-pass vlan 2 to 4094 [S3-GigabitEthernet0/0/2]quit
S5配置
展开代码[S5]vlan batch 22 33 44 55 66 [S5]interface GigabitEthernet0/0/1 [S5-GigabitEthernet0/0/1]port link-type access [S5-GigabitEthernet0/0/1]port default vlan 66 [S5-GigabitEthernet0/0/1]quit [S5]interface GigabitEthernet0/0/2 [S5-GigabitEthernet0/0/2]port link-type access [S5-GigabitEthernet0/0/2]port default vlan 22 [S5-GigabitEthernet0/0/2]quit [S5]interface GigabitEthernet0/0/3 [S5-GigabitEthernet0/0/3]port link-type access [S5-GigabitEthernet0/0/3]port default vlan 33 [S5-GigabitEthernet0/0/3]quit [S5]interface GigabitEthernet0/0/4 [S5-GigabitEthernet0/0/4]port link-type access [S5-GigabitEthernet0/0/4]port default vlan 44 [S5-GigabitEthernet0/0/4]quit [S5]interface GigabitEthernet0/0/5 [S5-GigabitEthernet0/0/5]port link-type access [S5-GigabitEthernet0/0/5]port default vlan 55 [S5-GigabitEthernet0/0/5]quit
S6配置
展开代码[S6]vlan batch 222 333 666 [S6]interface GigabitEthernet0/0/1 [S6-GigabitEthernet0/0/1]port link-type access [S6-GigabitEthernet0/0/1]port default vlan 666 [S6-GigabitEthernet0/0/1]quit [S6]interface GigabitEthernet0/0/2 [S6-GigabitEthernet0/0/2]port link-type access [S6-GigabitEthernet0/0/2]port default vlan 222 [S6-GigabitEthernet0/0/2]quit [S6]interface GigabitEthernet0/0/3 [S6-GigabitEthernet0/0/3]port link-type access [S6-GigabitEthernet0/0/3]port default vlan 333 [S6-GigabitEthernet0/0/3]quit
验证
可以用以下三个命令验证是否配置好
展开代码# 验证VLAN配置 [S1]display vlan # 验证Eth-Trunk配置 [S1]display eth-trunk 1 # 验证Trunk配置 [S1]display port vlan
(2)配置MSTP
在交换机S1、S2和S3上配置MSTP,通过实例1(VLAN12和VLAN13)和实例2(VLAN14和VLAN15)选举不同的根桥实现负载分担。交换机S1是实例1的根桥(优先级为4096),是实例2的次根桥(优先级为8192);交换机S2是实例1的次根桥(优先级为8192),是实例2的根桥(优先级为4096)
S1配置
展开代码# 配置实例优先级 [S1]stp instance 1 priority 4096 [S1]stp instance 2 priority 8192 # 进入STP区域配置模式 [S1]stp region-configuration # 设置MSTP区域名称为HQ [S1-mst-region]region-name HQ # 将VLAN 12和13分配到实例1 [S1-mst-region]instance 1 vlan 12 to 13 # 将VLAN 14和15分配到实例2 [S1-mst-region]instance 2 vlan 14 to 15 # 激活MSTP区域配置 [S1-mst-region]active region-configuration [S1-mst-region]quit
S2配置
展开代码# 配置实例优先级 [S2]stp instance 1 priority 8192 [S2]stp instance 2 priority 4096 # 进入STP区域配置模式 [S2]stp region-configuration # 设置MSTP区域名称为HQ [S2-mst-region]region-name HQ # 将VLAN 12和13分配到实例1 [S2-mst-region]instance 1 vlan 12 to 13 # 将VLAN 14和15分配到实例2 [S2-mst-region]instance 2 vlan 14 to 15 # 激活MSTP区域配置 [S2-mst-region]active region-configuration [S2-mst-region]quit
S3配置
展开代码[S3]stp region-configuration [S3-mst-region]region-name HQ [S3-mst-region]instance 1 vlan 12 to 13 [S3-mst-region]instance 2 vlan 14 to 15 [S3-mst-region]active region-configuration [S3-mst-region]
验证
展开代码[S1]display stp brief MSTID Port Role STP State Protection 0 GigabitEthernet0/0/1 DESI FORWARDING NONE 0 GigabitEthernet0/0/2 DESI FORWARDING NONE 0 Eth-Trunk1 ROOT FORWARDING NONE 1 GigabitEthernet0/0/2 DESI FORWARDING NONE 1 Eth-Trunk1 DESI FORWARDING NONE 2 GigabitEthernet0/0/2 DESI FORWARDING NONE 2 Eth-Trunk1 ROOT FORWARDING NONE
(3)配置IP地址
在总部和分公司设备上完成IP地址配置,包括配置路由器接口的IP地址、三层交换机创建VLANIF并配置IP地址以及配置计算机和服务器的IP地址、子网掩码和网关
SZ配置
展开代码[SZ]interface GigabitEthernet0/0/0 [SZ-GigabitEthernet0/0/0]ip address 172.16.12.2 255.255.255.252 [SZ-GigabitEthernet0/0/0]quit [SZ]interface GigabitEthernet0/0/1 [SZ-GigabitEthernet0/0/1]ip address 192.168.12.1 255.255.255.252 [SZ-GigabitEthernet0/0/1]quit [SZ]interface GigabitEthernet0/0/2 [SZ-GigabitEthernet0/0/2]ip address 10.2.2.1 255.255.255.252 [SZ-GigabitEthernet0/0/2]quit [SZ]interface GigabitEthernet4/0/1 [SZ-GigabitEthernet1/0/0]ip address 10.2.3.1 255.255.255.252 [SZ-GigabitEthernet1/0/0]quit [SZ]interface GigabitEthernet4/0/0 [SZ-GigabitEthernet2/0/0]ip address 218.18.12.1 255.255.255.252 [SZ-GigabitEthernet2/0/0]quit
GZ配置
展开代码[GZ]interface GigabitEthernet0/0/0 [GZ-GigabitEthernet0/0/0]ip address 172.16.12.1 255.255.255.252 [GZ-GigabitEthernet0/0/0]quit [GZ]interface GigabitEthernet0/0/1 [GZ-GigabitEthernet0/0/1]ip address 172.16.6.2 255.255.255.252 [GZ-GigabitEthernet0/0/1]quit
BJ配置
展开代码[BJ]interface GigabitEthernet0/0/0 [BJ-GigabitEthernet0/0/0]ip address 192.168.6.1 255.255.255.252 [BJ-GigabitEthernet0/0/0]quit [BJ]interface GigabitEthernet0/0/1 [BJ-GigabitEthernet0/0/1]ip address 192.168.12.2 255.255.255.252 [BJ-GigabitEthernet0/0/1]quit
LSP配置
展开代码[ISP]interface GigabitEthernet0/0/0 [ISP-GigabitEthernet0/0/0]ip address 218.18.12.2 255.255.255.252 [ISP-GigabitEthernet0/0/0]quit # 配置环回地址 [ISP]interface LoopBack0 [ISP-LoopBack0]ip address 8.8.8.8 255.255.255.0 [ISP-LoopBack0]quit
S1配置
展开代码[S1]interface Vlanif2 [S1-Vlanif2]ip address 10.2.2.2 255.255.255.252 [S1-Vlanif2]quit [S1]interface Vlanif12 [S1-Vlanif12]ip address 10.1.12.252 255.255.255.0 [S1-Vlanif12]quit [S1]interface Vlanif13 [S1-Vlanif13]ip address 10.1.13.252 255.255.255.0 [S1-Vlanif13]quit [S1]interface Vlanif14 [S1-Vlanif14]ip address 10.1.14.252 255.255.255.0 [S1-Vlanif14]quit [S1]interface Vlanif15 [S1-Vlanif15]ip address 10.1.15.252 255.255.255.0 [S1-Vlanif15]quit
S2配置
展开代码[S2]interface Vlanif3 [S2-Vlanif3]ip address 10.2.3.2 255.255.255.252 [S2-Vlanif3]quit [S2]interface Vlanif12 [S2-Vlanif12]ip address 10.1.12.253 255.255.255.0 [S2-Vlanif12]quit [S2]interface Vlanif13 [S2-Vlanif13]ip address 10.1.13.253 255.255.255.0 [S2-Vlanif13]quit [S2]interface Vlanif14 [S2-Vlanif14]ip address 10.1.14.253 255.255.255.0 [S2-Vlanif14]quit [S2]interface Vlanif15 [S2-Vlanif15]ip address 10.1.15.253 255.255.255.0 [S2-Vlanif15]quit
S5配置
展开代码[S5]interface Vlanif22 [S5-Vlanif2]ip address 172.16.8.254 255.255.255.0 [S5-Vlanif2]quit [S5]interface Vlanif33 [S5-Vlanif3]ip address 172.16.9.254 255.255.255.0 [S5-Vlanif3]quit [S5]interface Vlanif44 [S5-Vlanif4]ip address 172.16.10.254 255.255.255.0 [S5-Vlanif4]quit [S5]interface Vlanif55 [S5-Vlanif5]ip address 172.16.11.254 255.255.255.0 [S5-Vlanif5]quit [S5]interface Vlanif66 [S5-Vlanif6]ip address 172.16.6.1 255.255.255.252 [S5-Vlanif6]quit
S6配置
展开代码[S6]interface Vlanif222 [S6-Vlanif2]ip address 192.168.2.254 255.255.255.0 [S6-Vlanif2]quit [S6]interface Vlanif333 [S6-Vlanif3]ip address 192.168.3.254 255.255.255.0 [S6-Vlanif3]quit [S6]interface Vlanif666 [S6-Vlanif6]ip address 192.168.6.2 255.255.255.252 [S6-Vlanif6]quit
以PC1为例,配置IP地址、掩码、网关
验证
(4)配置VRRP
总部核心交换机S1和S2配置VRRP,为各个VLAN主机提供冗余网关。通过配置使得交换机S1作为VLAN12和VLAN13的Master,交换机S2作为VLAN14和VLAN15的Master。确保每个VLAN的VRRP的Master和MSTP的根一致
S1配置
展开代码# 配置VLAN 12接口的VRRP组 [S1]interface Vlanif12 [S1-Vlanif12]vrrp vrid 12 virtual-ip 10.1.12.254 [S1-Vlanif12]vrrp vrid 12 priority 120 [S1-Vlanif12]quit # 配置VLAN 13接口的VRRP组 [S1]interface Vlanif13 [S1-Vlanif13]vrrp vrid 13 virtual-ip 10.1.13.254 [S1-Vlanif13]vrrp vrid 13 priority 120 [S1-Vlanif13]quit # 配置VLAN 14接口的VRRP组 [S1]interface Vlanif14 [S1-Vlanif14]vrrp vrid 14 virtual-ip 10.1.14.254 [S1-Vlanif14]quit # 配置VLAN 15接口的VRRP组 [S1]interface Vlanif15 [S1-Vlanif15]vrrp vrid 15 virtual-ip 10.1.15.254 [S1-Vlanif15]quit
S2配置
展开代码[S2]interface Vlanif12 [S2-Vlanif12]vrrp vrid 12 virtual-ip 10.1.12.254 [S2-Vlanif12]quit [S2]interface Vlanif13 [S2-Vlanif13]vrrp vrid 13 virtual-ip 10.1.13.254 [S2-Vlanif13]quit [S2]interface Vlanif14 [S2-Vlanif14]vrrp vrid 14 virtual-ip 10.1.14.254 [S2-Vlanif14]vrrp vrid 14 priority 120 [S2-Vlanif14]quit [S2]interface Vlanif15 [S2-Vlanif15]vrrp vrid 15 virtual-ip 10.1.15.254 [S2-Vlanif15]vrrp vrid 15 priority 120 [S2-Vlanif15]quit
验证
(5)配置NAT
配置NAT使得总部和分公司的主机可以通过路由器SZ访问Internet
SZ配置
展开代码[SZ]acl number 2000 [SZ-acl-basic-2000]rule 10 permit source 192.168.2.0 0.0.1.255 [SZ-acl-basic-2000]rule 20 permit source 172.16.8.0 0.0.3.255 [SZ-acl-basic-2000]rule 30 permit source 10.1.12.0 0.0.3.255 [SZ-acl-basic-2000]quit [SZ]interface GigabitEthernet4/0/0 [SZ-GigabitEthernet4/0/0]nat outbound 2000 [SZ-GigabitEthernet4/0/0]quit
项目核心(IS-IS)
(1)配置IS-IS基本功能
核心项目主要是完成IS-IS部署,针对IS-IS部署任务对项目整体拓扑进行简化,只保留运行IS-IS的设备,如图:
3台路由器和4台交换机配置基本IS-IS进程、配置开销类型、配置NET、动态主机名、激活运行IS-IS的路由器接口等,修改S1、S2、S5、S6的IS-IS路由器类型为Level-1。在深圳总部到分公司的两条链路上修改IS-IS电路类型为Level-2。将分公司交换机适当接口配置为静默接口
SZ配置
展开代码[SZ]isis 1 [SZ-isis-1]cost-style wide # 设置成本样式为 "wide",允许使用更宽范围的度量值 [SZ-isis-1]network-entity 49.0001.1111.1111.1111.00 [SZ-isis-1]is-name SZ [SZ-isis-1]q [SZ]interface GigabitEthernet 0/0/0 [SZ-GigabitEthernet0/0/0]isis enable 1 [SZ-GigabitEthernet0/0/0]isis circuit-level level-2 [SZ-GigabitEthernet0/0/0]q [SZ]interface GigabitEthernet 0/0/1 [SZ-GigabitEthernet0/0/1]isis enable 1 [SZ-GigabitEthernet0/0/1]isis circuit-level level-2 [SZ-GigabitEthernet0/0/1]q [SZ]interface GigabitEthernet 0/0/2 [SZ-GigabitEthernet0/0/2]isis enable 1 [SZ-GigabitEthernet0/0/2]isis circuit-level level-1 [SZ-GigabitEthernet0/0/2]q [SZ]interface GigabitEthernet 4/0/1 [SZ-GigabitEthernet4/0/1]isis enable 1 [SZ-GigabitEthernet4/0/1]isis circuit-level level-1 [SZ-GigabitEthernet4/0/1]q [SZ]
GZ配置
展开代码[GZ]isis 1 [GZ-isis-1]cost-style wide [GZ-isis-1]network-entity 49.0002.2222.2222.2222.00 [GZ-isis-1]is-name GZ [GZ-isis-1]q [GZ]interface GigabitEthernet 0/0/0 [GZ-GigabitEthernet0/0/0]isis enable 1 [GZ-GigabitEthernet0/0/0]isis circuit-level level-2 [GZ-GigabitEthernet0/0/0]q [GZ]interface GigabitEthernet 0/0/1 [GZ-GigabitEthernet0/0/1]isis enable 1 [GZ-GigabitEthernet0/0/1]isis circuit-level level-1 [GZ-GigabitEthernet0/0/1]q [GZ]
BJ配置
展开代码[BJ]isis 1 [BJ-isis-1]cost-style wide [BJ-isis-1]network-entity 49.0003.3333.3333.3333.00 [BJ-isis-1]is-name BJ [BJ-isis-1]q [BJ]interface GigabitEthernet 0/0/0 [BJ-GigabitEthernet0/0/0]isis enable 1 [BJ-GigabitEthernet0/0/0]isis circuit-level level-1 [BJ-GigabitEthernet0/0/0]q [BJ]interface GigabitEthernet 0/0/1 [BJ-GigabitEthernet0/0/1]isis enable 1 [BJ-GigabitEthernet0/0/1]isis circuit-level level-2 [BJ-GigabitEthernet0/0/1]q [BJ]q
S1配置
展开代码[S1]isis 1 [S1-isis-1]is-level level-1 [S1-isis-1]cost-style wide [S1-isis-1]network-entity 49.0001.4444.4444.4444.00 [S1-isis-1]is-name S1 [S1-isis-1]q [S1]interface Vlanif 2 [S1-Vlanif2]isis enable 1 [S1-Vlanif2]q [S1]interface Vlanif 12 [S1-Vlanif12]isis enable 1 [S1-Vlanif12]q [S1]interface Vlanif 13 [S1-Vlanif13]isis enable 1 [S1-Vlanif13]q [S1]interface Vlanif 14 [S1-Vlanif14]isis enable 1 [S1-Vlanif14]q [S1]interface Vlanif 15 [S1-Vlanif15]isis enable 1 [S1-Vlanif15]q [S1]q
S2配置
展开代码[S2]isis 1 [S2-isis-1]is-level level-1 [S2-isis-1]cost-style wide [S2-isis-1]network-entity 49.0001.5555.5555.5555.00 [S2-isis-1]is-name S2 [S2-isis-1]q [S2]interface Vlanif 3 [S2-Vlanif3]isis enable 1 [S2-Vlanif3]q [S2]interface Vlanif 12 [S2-Vlanif12]isis enable 1 [S2-Vlanif12]q [S2]interface Vlanif 13 [S2-Vlanif13]isis enable 1 [S2-Vlanif13]q [S2]interface Vlanif 14 [S2-Vlanif14]isis enable 1 [S2-Vlanif14]q [S2]interface Vlanif 15 [S2-Vlanif15]isis enable 1 [S2-Vlanif15]q [S2]q
S5配置
展开代码[S5]isis 1 [S5-isis-1]is-level level-1 [S5-isis-1]cost-style wide [S5-isis-1]network-entity 49.0002.6666.6666.6666.00 [S5-isis-1]is-name S5 [S5-isis-1]q [S5]interface Vlanif 22 [S5-Vlanif22]isis enable 1 [S5-Vlanif22]isis silent # 静默模式 [S5-Vlanif22]q [S5]interface Vlanif 33 [S5-Vlanif33]isis enable 1 [S5-Vlanif33]isis silent [S5-Vlanif33]q [S5]interface Vlanif 44 [S5-Vlanif44]isis enable 1 [S5-Vlanif44]isis silent [S5-Vlanif44]q [S5]interface Vlanif 55 [S5-Vlanif55]isis enable 1 [S5-Vlanif55]isis silent [S5-Vlanif55]q [S5]interface Vlanif 66 [S5-Vlanif66]isis enable 1 [S5-Vlanif66]q [S5]q
S6配置
展开代码[S6]isis 1 [S6-isis-1]is-level level-1 [S6-isis-1]cost-style wide [S6-isis-1]network-entity 49.0003.7777.7777.7777.00 [S6-isis-1]is-name S6 [S6-isis-1]q [S6]interface Vlanif 222 [S6-Vlanif222]isis enable [S6-Vlanif222]isis silent [S6-Vlanif222]q [S6]interface Vlanif 333 [S6-Vlanif333]isis enable 1 [S6-Vlanif333]isis silent [S6-Vlanif333]q [S6]interface Vlanif 666 [S6-Vlanif666]isis enable 1 [S6-Vlanif666]q [S6]q
(2)配置IS-IS验证
为了安全性,在深圳总部到分公司的两条链路中,配置IS-IS接口MD5验证。在深圳总部的IS-IS区域49.0001配置区域MD5验证
在深圳总部到分公司的两条链路中,配置IS-IS接口MD5验证
展开代码[SZ]interface GigabitEthernet 0/0/0 [SZ-GigabitEthernet0/0/0]isis authentication-mode md5 cipher 123456 [SZ-GigabitEthernet0/0/0]q [SZ]interface GigabitEthernet 0/0/1 [SZ-GigabitEthernet0/0/1]isis authentication-mode md5 cipher 123456 [SZ-GigabitEthernet0/0/1]q [GZ]interface GigabitEthernet 0/0/0 [GZ-GigabitEthernet0/0/0]isis authentication-mode md5 cipher 123456 [GZ-GigabitEthernet0/0/0]q [BJ]interface GigabitEthernet 0/0/1 [BJ-GigabitEthernet0/0/1]isis authentication-mode md5 cipher 123456 [BJ-GigabitEthernet0/0/1]q
在深圳总部的IS-IS区域49.0001配置区域MD5验证
展开代码[SZ]isis 1 [SZ-isis-1]area-authentication-mode md5 cipher 123456 [SZ-isis-1]q [S1]isis 1 [S1-isis-1]area-authentication-mode md5 123456 [S1-isis-1]q [S2]isis 1 [S2-isis-1]area-authentication-mode md5 123456 [S2-isis-1]q
(3)配置IS-IS路由聚合
配置IS-IS路由聚合,在深圳、广州和北京三地边界路由器上分别配置路由聚合,减少路由表大小
展开代码[SZ]isis 1 [SZ-isis-1]summary10.1.12.0 255.255.252.0 avoid-feedback generate_null0_route [GZ]isis 1 [GZ-isis-1]summary 172.16.8.0 255.255.252.0 avoid-feedback generate_null0_route [BJ]isis 1 [BJ-isis-1]summary 192.168.2.0 255.255.254.0 avoid-feedback generate_null0_route
(4)配置IS-IS默认路由注入
在深证路由器上配置指向ISP的静态默认路由,并指向IS-IS网络注入默认路由
展开代码[SZ]ip route-static 0.0.0.0 0.0.0.0 218.18.12.2 [SZ]isis 1 [SZ-isis-1]default-route-advertise always cost 20 tag 1111 [SZ-isis-1]q [SZ]
(5)控制IS-IS DIS选举
控制路由器SZ成功连接三层交换机S1和S2的相应网段的DIS.交换机S1和S2成为Level-1路由器,只需要更改Level-1的优先级
展开代码[SZ]interface GigabitEthernet 0/0/2 [SZ-GigabitEthernet0/0/2]isis dis-priority 96 level-1 [SZ-GigabitEthernet0/0/2]q [SZ]interface GigabitEthernet 4/0/1 [SZ-GigabitEthernet4/0/1]isis dis-priority 96 level-1 [SZ-GigabitEthernet4/0/1]q [SZ]
(6)调整IS-IS接口计时器
在路由器SZ和BJ之间链路上调整IS-IS计时参数,将接口发送Hello报文周期改为5秒,邻居保存时间为Hello报文的发送间隔时间的4倍
展开代码[SZ]interface GigabitEthernet 0/0/1 [SZ-GigabitEthernet0/0/1]isis timer hello 5 level-2 [SZ-GigabitEthernet0/0/1]isi timer holding-multiplier 4 level-2 [SZ-GigabitEthernet0/0/1]q [SZ] [BJ]interface GigabitEthernet 0/0/1 [BJ-GigabitEthernet0/0/1]isis timer hello 5 level-2 [BJ-GigabitEthernet0/0/1]isis timer holding-multiplier 4 level-2 [BJ-GigabitEthernet0/0/1]q [BJ]
配置暂时就是这样
验证(以SZ为例)
查看IS-IS邻居信息
展开代码<SZ>display isis peer
查看IS-IS邻居的详细信息
展开代码<SZ>display isis peer interface GigabitEthernet 0/0/2 verbose
查看IS-IS接口的摘要信息
展开代码<SZ>display isis interface
查看IS-IS接口的摘要信息
展开代码<SZ>display isis interface GigabitEthernet 0/0/1 verbose
查看IS-IS的LSDB信息
展开代码<SZ>display isis lsdb
查看IS-IS LSDB LSP信息
展开代码<SZ>display isis lsdb 3333.3333.3333.00-00 verbose
ok,搞到这里,我就完了。
实验包
https://www.alipan.com/s/k8vDypR3Juw本文作者:zzz
本文链接:
版权声明:本博客所有文章除特别声明外,均采用 BY-NC-SA 许可协议。转载请注明出处!
目录