拓扑图
搭建个网络,让AB两个公司的网络相互冗余,当任意一边出现故障无法访问互联网时可以保持网络的连通性,来达到提高网络稳定性的需求。
基本信息:
AR1与AR2通过Ethernet2/0/0、Ethernet2/0/1相互互联
配置案例
AR1基本网络配置,使得PC1通过DHCP自动获取到IP地址及DNS,并且可以正常访问互联网。
The device is running!
system-view #进入系统视图
Enter system view, return user view with Ctrl+Z.
[Huawei]sysname AR1 #修改设备名称
[AR1]undo info-center enable #关闭信息中心提示
Info: Information center is disabled.
[AR1]interface GigabitEthernet 0/0/0 #进入端口0/0/0
[AR1-GigabitEthernet0/0/0]ip address 10.11.12.10 24 #配置上联端口的IP地址及子网掩码
[AR1-GigabitEthernet0/0/0]ping 10.11.12.1 #检测与上联网关连通性
PING 10.11.12.1: 56 data bytes, press CTRL_C to break
Reply from 10.11.12.1: bytes=56 Sequence=1 ttl=128 time=60 ms
Reply from 10.11.12.1: bytes=56 Sequence=2 ttl=128 time=10 ms
Reply from 10.11.12.1: bytes=56 Sequence=3 ttl=128 time=10 ms
Reply from 10.11.12.1: bytes=56 Sequence=4 ttl=128 time=10 ms
Reply from 10.11.12.1: bytes=56 Sequence=5 ttl=128 time=10 ms
--- 10.11.12.1 ping statistics ---
5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 10/20/60 ms
[AR1-GigabitEthernet0/0/0]quit #退出端口
[AR1]dhcp enable #开启dhcp功能
Info: The operation may take a few seconds. Please wait for a moment.done.
[AR1]ip pool huawei #创建IP地址,并命名为huawei
Info: It's successful to create an IP address pool.
[AR1-ip-pool-huawei]network 192.168.10.0 mask 24 #配置A公司网段以及子网长度
[AR1-ip-pool-huawei]gateway-list 192.168.10.1 #配置网关
[AR1-ip-pool-huawei]dns-list 114.114.114.114 #配置dhcp分配的dns服务器地址
[AR1-ip-pool-huawei]quit #退出
[AR1]dns server 114.114.114.114 #配置AR1路由器的dns服务器地址
[AR1]dns resolve #开启dns功能
[AR1]ip route-static 0.0.0.0 0 10.11.12.1 #配置默认路由指向上联网关
[AR1]ping www.baidu.com #检测AR1路由器能否访问互联网
PING www.a.shifen.com: 56 data bytes, press CTRL_C to break
Reply from 182.61.200.7: bytes=56 Sequence=1 ttl=128 time=80 ms
Reply from 182.61.200.7: bytes=56 Sequence=2 ttl=128 time=80 ms
Reply from 182.61.200.7: bytes=56 Sequence=3 ttl=128 time=70 ms
Reply from 182.61.200.7: bytes=56 Sequence=4 ttl=128 time=70 ms
Reply from 182.61.200.7: bytes=56 Sequence=5 ttl=128 time=80 ms
--- www.a.shifen.com ping statistics ---
5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 70/76/80 ms
[AR1]interface GigabitEthernet 0/0/1 #进入端口0/0/1
[AR1-GigabitEthernet0/0/1]ip address 192.168.10.1 24 #配置AR1内网网关及子网掩码
[AR1-GigabitEthernet0/0/1]dhcp select global #配置dhcp分配方式为全局(使用上面的IP地址池)
[AR1-GigabitEthernet0/0/1]quit #退出端口
[AR1]acl 2001 #创建编号2001的基本acl
[AR1-acl-basic-2001]rule permit source 192.168.10.0 255.255.255.0 #配置允许源IP地址及长度
[AR1-acl-basic-2001]quit #退出acl
[AR1]interface GigabitEthernet 0/0/0 #进入端口0/0/0
[AR1-GigabitEthernet0/0/0]nat outbound 2001 #配置nat方向匹配acl 2001
[AR1-GigabitEthernet0/0/0]quit #退出端口
AR2基本网络配置,同时也要让PC2通过DHCP自动获取到IP地址及DNS,并且可以正常访问互联网。
The device is running!
system-view #进入系统视图
Enter system view, return user view with Ctrl+Z.
[Huawei]sysname AR2 #修改设备名称
[AR2]undo info-center enable #关闭信息中心提示
Info: Information center is disabled.
[AR2]interface GigabitEthernet 0/0/0 #进入端口0/0/0
[AR2-GigabitEthernet0/0/0]ip address 10.11.12.20 24 #配置上联端口的IP地址及子网掩码
[AR2-GigabitEthernet0/0/0]ping 10.11.12.1 #检测与上联端口的连通性
PING 10.11.12.1: 56 data bytes, press CTRL_C to break
Reply from 10.11.12.1: bytes=56 Sequence=1 ttl=128 time=70 ms
Reply from 10.11.12.1: bytes=56 Sequence=2 ttl=128 time=10 ms
Reply from 10.11.12.1: bytes=56 Sequence=3 ttl=128 time=10 ms
Reply from 10.11.12.1: bytes=56 Sequence=4 ttl=128 time=10 ms
Reply from 10.11.12.1: bytes=56 Sequence=5 ttl=128 time=10 ms
--- 10.11.12.1 ping statistics ---
5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 10/22/70 ms
[AR2-GigabitEthernet0/0/0]quit #退出端口
[AR2]dhcp enable #开启dhcp功能
Info: The operation may take a few seconds. Please wait for a moment.done.
[AR2]ip pool huawei #创建IP地址池,并命名为huawei
Info: It's successful to create an IP address pool.
[AR2-ip-pool-huawei]network 192.168.20.0 mask 24 #配置A公司网段以及子网长度
[AR2-ip-pool-huawei]gateway-list 192.168.20.1 #配置网关
[AR2-ip-pool-huawei]dns-list 114.114.114.114 #配置dhcp分配的dns服务器地址
[AR2-ip-pool-huawei]quit #退出
[AR2]dns server 114.114.114.114 #配置AR2路由器的DNS服务器地址
[AR2]dns resolve #开启dns功能
[AR2]ip route-static 0.0.0.0 0 10.11.12.1 #配置默认路由并执行上联网关
[AR2]ping www.baidu.com #检测AR2路由器能否访问到互联网
PING www.a.shifen.com: 56 data bytes, press CTRL_C to break
Reply from 182.61.200.6: bytes=56 Sequence=1 ttl=128 time=60 ms
Reply from 182.61.200.6: bytes=56 Sequence=2 ttl=128 time=60 ms
Reply from 182.61.200.6: bytes=56 Sequence=3 ttl=128 time=60 ms
Reply from 182.61.200.6: bytes=56 Sequence=4 ttl=128 time=60 ms
Reply from 182.61.200.6: bytes=56 Sequence=5 ttl=128 time=80 ms
--- www.a.shifen.com ping statistics ---
5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 60/64/80 ms
[AR2]interface GigabitEthernet 0/0/1 #进入端口0/0/1
[AR2-GigabitEthernet0/0/1]ip address 192.168.20.1 24 #配置AR1内网网关及子网掩码
[AR2-GigabitEthernet0/0/1]dhcp select global #配置dhcp分配方式为全局(使用上面的IP地址池)
[AR2-GigabitEthernet0/0/1]quit #退出端口
[AR2]acl 2001 #创建编号2001的基本acl
[AR2-acl-basic-2001]rule permit source 192.168.20.0 0.0.0.255 #配置允许源IP地址及长度
[AR2-acl-basic-2001]quit #退出端口
[AR2]interface GigabitEthernet 0/0/0 #进入端口0/0/0
[AR2-GigabitEthernet0/0/0]nat outbound 2001 #配置nat方向匹配acl 2001
[AR2-GigabitEthernet0/0/0]quit #退出端口
以上基本的路由就完成了,A公司B公司内部的PC1以及PC2都可以获取到地址并且可以访问到互联网
开始配置两个网络的静态路由互通,这样就可以从另一台路由器访问到互联网
AR1互联配置,配置访问AR2时数据包通过2/0/0端口出去,返回时通过2/0/1端口回来,并添加NAT的匹配地址
[AR1]interface Ethernet 2/0/0 #进入端口2/0/0
[AR1-Ethernet2/0/0]ip address 10.12.1.1 24 #配置与AR2的互联地址及子网掩码
[AR1-Ethernet2/0/0]quit #退出端口
[AR1]interface Ethernet 2/0/1 #进入端口2/0/1
[AR1-Ethernet2/0/1]ip address 10.12.2.2 24 #配置与AR2的互联地址及子网掩码
[AR1-Ethernet2/0/1]quit #退出端口
[AR1]ip route-static 192.168.20.0 255.255.255.0 10.12.2.1 #配置访问AR2内部网络的路由
#如果不想AB两个内网可以相互访问,可以将上面这条路由删除,我这里就保留
[AR1]ip route-static 0.0.0.0 0 10.12.2.1 preference 100 #配置优先级为100的默认路由并指向AR2
[AR1]ping 192.168.20.254 #检测与PC2的联通性
PING 192.168.20.254: 56 data bytes, press CTRL_C to break
Request time out
Reply from 192.168.20.254: bytes=56 Sequence=2 ttl=127 time=20 ms
Reply from 192.168.20.254: bytes=56 Sequence=3 ttl=127 time=20 ms
Reply from 192.168.20.254: bytes=56 Sequence=4 ttl=127 time=20 ms
Reply from 192.168.20.254: bytes=56 Sequence=5 ttl=127 time=20 ms
--- 192.168.20.254 ping statistics ---
5 packet(s) transmitted
4 packet(s) received
20.00% packet loss
round-trip min/avg/max = 20/20/20 ms
[AR1]acl 2001 #进入ACL 2001
[AR1-acl-basic-2001]rule permit source 192.168.20.0 0.0.0.255 #添加AR2内网的源IP地址及长度
[AR1-acl-basic-2001]quit #退出
AR2互联配置,与AR1的相反,配置访问AR1时数据包通过2/0/1端口出去,返回时通过2/0/0端口回来,并添加NAT的匹配地址
[AR2]interface Ethernet 2/0/0 #进入端口2/0/0
[AR2-Ethernet2/0/0]ip address 10.12.2.1 24 #配置与AR1的互联IP地址及子网掩码
[AR2-Ethernet2/0/0]ping 10.12.2.2 #检测网络连通性
PING 10.12.2.2: 56 data bytes, press CTRL_C to break
Reply from 10.12.2.2: bytes=56 Sequence=1 ttl=255 time=40 ms
Reply from 10.12.2.2: bytes=56 Sequence=2 ttl=255 time=10 ms
Reply from 10.12.2.2: bytes=56 Sequence=3 ttl=255 time=10 ms
Reply from 10.12.2.2: bytes=56 Sequence=4 ttl=255 time=20 ms
Reply from 10.12.2.2: bytes=56 Sequence=5 ttl=255 time=20 ms
--- 10.12.2.2 ping statistics ---
5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 10/20/40 ms
[AR2-Ethernet2/0/0]quit #退出端口
[AR2]interface Ethernet 2/0/1 #进入端口2/0/1
[AR2-Ethernet2/0/1]ip address 10.12.1.2 24 #配置与AR2的互联IP地址及子网掩码
[AR2-Ethernet2/0/1]ping 10.12.1.1 #检测网络连通性
PING 10.12.1.1: 56 data bytes, press CTRL_C to break
Reply from 10.12.1.1: bytes=56 Sequence=1 ttl=255 time=30 ms
Reply from 10.12.1.1: bytes=56 Sequence=2 ttl=255 time=30 ms
Reply from 10.12.1.1: bytes=56 Sequence=3 ttl=255 time=20 ms
Reply from 10.12.1.1: bytes=56 Sequence=4 ttl=255 time=20 ms
Reply from 10.12.1.1: bytes=56 Sequence=5 ttl=255 time=20 ms
--- 10.12.1.1 ping statistics ---
5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 20/24/30 ms
[AR2-Ethernet2/0/1]quit #退出端口
[AR2]ip route-static 192.168.10.0 255.255.255.0 10.12.1.1 #配置访问AR1内部网络的路由
#如果不想AB两个内网可以相互访问,可以将上面这条路由删除,我这里就保留
[AR2]ip route-static 0.0.0.0 0 10.12.1.1 preference 100 #配置优先级为100的默认路由并指向AR1
[AR2]ping 192.168.10.254 #检测与PC1的连通性
PING 192.168.10.254: 56 data bytes, press CTRL_C to break
Request time out
Reply from 192.168.10.254: bytes=56 Sequence=2 ttl=127 time=20 ms
Reply from 192.168.10.254: bytes=56 Sequence=3 ttl=127 time=20 ms
Reply from 192.168.10.254: bytes=56 Sequence=4 ttl=127 time=20 ms
Reply from 192.168.10.254: bytes=56 Sequence=5 ttl=127 time=30 ms
--- 192.168.10.254 ping statistics ---
5 packet(s) transmitted
4 packet(s) received
20.00% packet loss
round-trip min/avg/max = 20/22/30 ms
[AR2]acl 2001 #进入ACL 2001
[AR2-acl-basic-2001]rule permit source 192.168.10.0 0.0.0.255 添加AR2内网的源IP地址及长度
[AR2-acl-basic-2001]quit #退出
配置完成后我们模拟一下AR1以及AR2出口线路故障后,PC1以及PC2能否正常访问网络
检测
关闭AR1的出口,模拟线路故障
[AR1]interface GigabitEthernet 0/0/0 #进入端口0/0/0
[AR1-GigabitEthernet0/0/0]shutdown #关闭端口
[AR1-GigabitEthernet0/0/0]quit #退出
查看AR1的路由表信息
优先级100指向AR2的默认路由生效
PC1访问网络
路由追踪时多了一跳路由
通过对去往AR2的出入端口抓包
PC1发送的数据包
AR2 Ethernet2/0/1
百度回传的数据包
AR1 Ethernet2/0/1
这样当AR1无法正常连接互联网时就可以让流量走到AR2访问
恢复AR1的出接口,并禁用AR2出接口模拟线路故障
[AR1]interface GigabitEthernet 0/0/0 #进入端口0/0/0
[AR1-GigabitEthernet0/0/0]undo shutdown #取消关闭端口
[AR1-GigabitEthernet0/0/0]quit #退出
[AR2]interface GigabitEthernet 0/0/0 #进入端口0/0/0
[AR2-GigabitEthernet0/0/0]shutdown #关闭端口
[AR2-GigabitEthernet0/0/0]quit #退出
查看下AR2的路由表
优先级100指向AR1的默认路由生效
PC2访问网络
路由追踪也是多了一跳
通过对去往AR1的出入端口抓包
PC2发送的数据包
AR1 Ethernet2/0/0
百度回传的数据表
AR2 Ethernet2/0/0
至此,我们的需求就配置完成了,达到了当AR1外网故障时会切换到AR2的出口进行访问互联网,同理AR2的外网故障时也会自动切换到AR1的出口进行访问,虽然切换的会有短暂的丢包,但是可以马上恢复网络访问。
最后#谢谢##华为##路由器#
#元宵节#
#在头条看世界#
……