基于eNSP的IPv4/IPv6双栈网络规划设计【基于IPv4/IPv6的过渡解决方案设计】
作者:BSXY_19计科_陈永跃
BSXY_信息学院_公众号于结尾处
注:未经允许禁止转发任何内容
注:资源说明,请看前言及资源下载说明
基于eNSP的IPv4/IPv6双栈网络规划设计【基于IPv4/IPv6的过渡解决方案设计】
- 前言及技术/资源下载说明( **未经允许禁止转发任何内容** )
- 一、设计topo图与设计要求
- 二、相应地址规划表
- 三、基于MPLS VPN与IPsec VPN的双重保障规划设计(综合实验/大作业)(可不看)
- 四、该网络规划过程
- Site a
- 1、Eth-Trunk
- 2、VLAN的划分
- 3、MSTP
- 4、Vlan-if网关
- 5、管理VRRP&VRRP6
- 6、VRRP&VRRP6双活网关
- 7、DHCP中继
- 8、无线WLAN
- 9、无线AC冗余
- 10、双机热备
- 11、安全策略
- 12、OSPF&OSPFv3
- 13、路由策略
- 14、OSPF路由发布
- 15、BGP
- 16、BGP路由发布
- 17、6to4隧道
- 18、分支路由发布
- 19、4to6隧道
- 20、NAT44
- 21、NAT server
- 22、流量路径
- Site DMZ
- 1、vlan划分
- 2、OSPF&OSPFv3
- 3、路由策略
- 4、DHCP服务
- Site b
- 1、VLAN划分&STP优化
- 2、DHCP&IPv4接入
- 3、NAT44
- 4、6to4隧道
- Site c
- 1、VLAN划分&STP优化
- 2、DHCP&IPv6接入
- 3、4to6隧道
- ISP
- 1、ISIS
- 2、路由策略
- 3、BGP
- 4、配对AR BGP互联
- 5、发布虚拟下一跳路由策略
- 6、业务路由策略
前言及技术/资源下载说明( 未经允许禁止转发任何内容 )
可根据以下所提供的设计与实现步骤过程一步一步自行实现(每一条命令都是关键的命令);但是如果有需要的也可以根据以下地址进行下载完整的topo图和完整的配置进行参考与借鉴,如若拿到topo图可多display查看配置,查看相应的命令,获取配套资源方式如下,相应的内容如下图所示:
公众号(小猿网),回复“网络规划”即可
注:只是资源为消费资源,如不符合
您的消费观,还请您见谅
内容包含:
包含了该中基于eNSP的IPv4/IPv6双栈
网络规划设计的完整的topo图和配置
+来自eNSP模拟器粘贴出来完整的命令
+可直接在eNSP中粘贴的命令+详细的
网络规划地址表+实验的规划要求+一
步一步的测试文档(带视频简单配置测试)
模拟器中防火墙用户名:admin 密码:admin@123
topo图也就是这样子的,相应的地址规划和路由规划大部分都在图中明确的标注了
该topo网络中用到的技术有VLAN的划分、MSTP、VRRP、VRRP6、DHCP、DHCPv4/DHCPv6中继、无线WLAN、无线双机双链路热备份、防火墙双机热备、安全策略、默认路由、路由引入、ISIS、OSPF、OSPFv3、BGP、BGP4+、6to4隧道、4to6隧道、NAT、NAT server等。
该实验非常适合于把相应的单个技术学完想把这些技术综合起来的小伙伴,特别适合于想搞IPv6或者IPv4过渡到IPv6这一块的设计图,且对于毕设课设的小伙伴可以进行参考,进行自己的规划与设计。使用场景适用于毕业设计、校园网络规划、企业网络规划、政府网络规划等场合。
有什么问题可以在平台私信博主,博主看到都会第一时间回复的,最后说明该topo规划最后的作者权归于:BSXY_信息学院_19计科_陈永跃
一、设计topo图与设计要求
设计要求:
- 完成服务器、防火墙、路由器相应的接口地址的配置
- 合理规划地址且让相应地址可读性强和容易记忆
- 采用IPv4/IPv6双栈技术进行网络规划部署
- Spine交换机之间、Spine交换机和AC之间配置Eth-Trunk链路捆绑来提高链路的冗余
- 根据不同的地域划分多个不同的vlan,减小广播域大小,提高网络的可靠性和安全性
- 配置MSTP+VRRP/VRRP6,同时实现冗余,划分实例,让不同的vlan优先选择相应的交换机,并减少stp震荡
- 部署VRRP/VRRP6时需引入管理vlan统一管理
- 所有的有线用户和无线用户均是自动获取地址
- Site a的用户通过DHCPv4/v6中继自动获取地址,DHCP_SRV作为为Site a分配地址的服务器,Spine交换机作为中继代理服务器
- Site b和Site c的用户通过FZ路由器的DHCPv4/v6服务自动获取地址
- Site a的用户有的只能有IPv4地址,有的只能有IPv6地址,有的用户同时拥有IPv4和IPv6地址
- Site a和Site c的用户同时拥有IPv4地址和IPv6地址
- 内网内运行OSPF/OSPFv3路由
- 防火墙双机热备使用两个心跳线并做链路捆绑提高网络的可靠性
- 无线双机双链路实现AP1优先加入AC1,AC2作为备份,保证一个AP可由两个AC进行管理提高网络的可靠性
- ISP运营商部署BGP/BGP4+模拟
- Site a与Site b之间部署6to4隧道,使得两个站点的IPv6能通信
- Site a将地址为10.1.11.254通过NAT server映射为223.73.54.100地址使得Site b能通过映射地址访问10.1.11.254
- Site a与Site c之间部署4to6隧道,使得两个长点的IPv4能通信
*部署相应的NAT使得Site a、Site b、Site c的用户都能通过IPv4和IPv6地址访问公网(8.8.8.8/8::8)
二、相应地址规划表
三、基于MPLS VPN与IPsec VPN的双重保障规划设计(综合实验/大作业)(可不看)
插曲部分:基于MPLS VPN与IPsec VPN的双重保障规划设计(综合实验/大作业) 如下图所示(但是并不在该篇文章中做详细介绍和说明,如查看可点击连接自行查看阅读):
设计要求:
- 完成服务器、防火墙、路由器相应的接口地址的配置
- 慧源楼配置Eth-Trunk链路捆绑来提高链路的冗余
- 根据不同的地域划分多个不同的vlan,减小广播域大小,提高网络的可靠性和安全性
- 在明诚楼配置MSTP+VRRP,同时实现冗余,划分实例,让不同的vlan优先选择相应的交换机,并减少stp震荡
- 明诚楼、慧源楼、德润楼的所有用户通过配置相应的DHCP中继能自动获取地址,且DHCP服务器为DHCPserver
- 配置相应的ospf,多区域区域0中OSPF激活MD5认证,SW1/SW2采用接口方式配置
- 区域0内的设备启用BFD快速检测链路故障
- 分校区用户也需要要自动获取地址,相应服务器为AR4,AR4配置相应的子接口为相应终端分配地址
- 配置端口安全,且接口能够自动学习MAC地址
- 配置端口隔离实现PC6,PC7同VLAN内不能互访
- 分校区/分部的无线用的地址和AP的地址都由SW8来分配
- FW2作为PPPoE客户端,AR5作为PPPoE服务端,进行相应的拨号上网
- R1,R2,R3部署ISIS Level-2,区域ID 49.0000
- 部署MPLS VPN,其中R1,R3作为PE设备,R2作为路由放射器
- FW1,FW2作为CE端与PE端建立eBGP邻居关系
- 运营商AS 100,总部/主校区在65430,分支都在AS65000
- FW1,FW2之间部署IPSec VPN 实现总部/主校区与分支之间通信
- 其中总部和分支之间通信优先使用MPLS VPN若MPLS VPN故障使用IPSec VPN实现通信
- 若FW1中NQA检测10.1.5.5不可达则停止下发缺省到内网
- NAT配置总部/主校区用户方位外网用地址池10.1.22.100~10.1.22.110
- 分支用户访问外网采用EASY-IP实现
- 外网用户访问内网WEB服务——用100.100.100.100来做相应的地址映射
- 财务部服务器只能由内网的vlan 10用户访问
- 配置DHCP Snooping防止DHCP欺骗与非法dhcp服务器的接入
- 内部的所有交换机都可以被telnet进行远程管理
- 主校区/总部用户可以通过域名(www.baidu.com)访问外网百度,无线用户也可以
- ipv6中对于AS100内互联地址采用link-local地址
- R1,R2,R3的lo0地址2001:10:1:X::X/128
- 激活ISISv6,并保障v4与v6的拓扑分离
- SW1 SW2新增Lo0接口地址为2001:192:168:X::X/128
- FW1,SW1,SW2部署OSPFv3区域0,其中互联地址采用Link-local地址
- 分支FW2与AR4部署OSPFv3,互联地址采用link-local地址
- FW1,FW2利用MPLS VPN网络建立6to4隧道
- 对于6to4隧道基础上部署BGP4+,实现总部与分支的IPv6互通
四、该网络规划过程
Site a
1、Eth-Trunk
Spine_01:
<Huawei>sys
[Huawei]un in en
[Huawei]sys Spine_01
[Spine_01]int eth-trunk 1
[Spine_01-Eth-Trunk1]mode lacp-static
[Spine_01-Eth-Trunk1]lacp timeout fast
[Spine_01-Eth-Trunk1]trunkport g0/0/1
[Spine_01-Eth-Trunk1]trunkport g0/0/2
[Spine_01-Eth-Trunk1]qui
[Spine_01]int eth-trunk 31
[Spine_01-Eth-Trunk31]mode lacp-static
[Spine_01-Eth-Trunk31]lacp timeout fast
[Spine_01-Eth-Trunk31]trunkport g0/0/3
[Spine_01-Eth-Trunk31]trunkport g0/0/4
[Spine_01-Eth-Trunk31]qui
[Spine_01]
-------------------------
Spine_02:
<Huawei>sys
[Huawei]un in en
[Huawei]sys Spine_02
[Spine_02]int eth-trunk 1
[Spine_02-Eth-Trunk1]mode lacp-static
[Spine_02-Eth-Trunk1]lacp timeout fast
[Spine_02-Eth-Trunk1]trunkport g0/0/1
[Spine_02-Eth-Trunk1]trunkport g0/0/2
[Spine_02-Eth-Trunk1]qui
[Spine_02]int eth-trunk 31
[Spine_02-Eth-Trunk31]mode lacp-static
[Spine_02-Eth-Trunk31]lacp timeout fast
[Spine_02-Eth-Trunk31]trunkport g0/0/3
[Spine_02-Eth-Trunk31]trunkport g0/0/4
[Spine_02-Eth-Trunk31]qui
[Spine_02]
2、VLAN的划分
Spine_01:
[Spine_01]vlan batch 121 to 122 254 to 255 1001 to 1005
[Spine_01]int eth 1
[Spine_01-Eth-Trunk1]port link-type trunk
[Spine_01-Eth-Trunk1]port trunk allow vlan 254 to 255 1001 to 1005
[Spine_01-Eth-Trunk1]int eth 31
[Spine_01-Eth-Trunk31]port hybrid tagged vlan 1005
[Spine_01-Eth-Trunk31]int g0/0/5
[Spine_01-GigabitEthernet0/0/5]port link-type trunk
[Spine_01-GigabitEthernet0/0/5]undo port trunk allow-pass vlan 1
[Spine_01-GigabitEthernet0/0/5]port trunk allow-pass vlan 1001
[Spine_01-GigabitEthernet0/0/5]int g0/0/6
[Spine_01-GigabitEthernet0/0/6]port link-type trunk
[Spine_01-GigabitEthernet0/0/6]undo port trunk allow-pass vlan 1
[Spine_01-GigabitEthernet0/0/6]port trunk allow-pass vlan 1002
[Spine_01-GigabitEthernet0/0/6]int g0/0/7
[Spine_01-GigabitEthernet0/0/7]port link-type trunk
[Spine_01-GigabitEthernet0/0/7]undo port trunk allow-pass vlan 1
[Spine_01-GigabitEthernet0/0/7]port trunk allow-pass vlan 1003 to 1004
[Spine_01-GigabitEthernet0/0/7]int g0/0/8
[Spine_01-GigabitEthernet0/0/8]port link-type access
[Spine_01-GigabitEthernet0/0/8]port default vlan 121
[Spine_01-GigabitEthernet0/0/8]int g0/0/9
[Spine_01-GigabitEthernet0/0/9]port link-type access
[Spine_01-GigabitEthernet0/0/9]port default vlan 122
[Spine_01-GigabitEthernet0/0/9]qui
[Spine_01]
-------------------------
Spine_02:
[Spine_02]vlan batch 123 to 124 254 to 255 1001 to 1005
[Spine_02]int eth 1
[Spine_02-Eth-Trunk1]port link-type trunk
[Spine_02-Eth-Trunk1]port trunk allow vlan 254 to 255 1001 to 1005
[Spine_02-Eth-Trunk1]int eth 31
[Spine_02-Eth-Trunk31]port hybrid tagged vlan 1005
[Spine_02-Eth-Trunk31]int g0/0/5
[Spine_02-GigabitEthernet0/0/5]port link-type trunk
[Spine_02-GigabitEthernet0/0/5]undo port trunk allow-pass vlan 1
[Spine_02-GigabitEthernet0/0/5]port trunk allow-pass vlan 1001
[Spine_02-GigabitEthernet0/0/5]int g0/0/6
[Spine_02-GigabitEthernet0/0/6]port link-type trunk
[Spine_02-GigabitEthernet0/0/6]undo port trunk allow-pass vlan 1
[Spine_02-GigabitEthernet0/0/6]port trunk allow-pass vlan 1002
[Spine_02-GigabitEthernet0/0/6]int g0/0/7
[Spine_02-GigabitEthernet0/0/7]port link-type trunk
[Spine_02-GigabitEthernet0/0/7]undo port trunk allow-pass vlan 1
[Spine_02-GigabitEthernet0/0/7]port trunk allow-pass vlan 1003 to 1004
[Spine_02-GigabitEthernet0/0/7]int g0/0/8
[Spine_02-GigabitEthernet0/0/8]port link-type access
[Spine_02-GigabitEthernet0/0/8]port default vlan 123
[Spine_02-GigabitEthernet0/0/8]int g0/0/9
[Spine_02-GigabitEthernet0/0/9]port link-type access
[Spine_02-GigabitEthernet0/0/9]port default vlan 124
[Spine_02-GigabitEthernet0/0/9]qui
[Spine_02]
-------------------------
leaf_01:
<Huawei>sys
[Huawei]un in en
[Huawei]sys leaf_01
[leaf_01]vlan batch 1001 to 1004
[leaf_01]int g0/0/1
[leaf_01-GigabitEthernet0/0/1]port link-type trunk
[leaf_01-GigabitEthernet0/0/1]undo port trunk allow-pass vlan 1
[leaf_01-GigabitEthernet0/0/1]port trunk allow-pass vlan 1001
[leaf_01-GigabitEthernet0/0/1]int g0/0/2
[leaf_01-GigabitEthernet0/0/2]port link-type trunk
[leaf_01-GigabitEthernet0/0/2]undo port trunk allow-pass vlan 1
[leaf_01-GigabitEthernet0/0/2]port trunk allow-pass vlan 1001
[leaf_01-GigabitEthernet0/0/2]int g0/0/3
[leaf_01-GigabitEthernet0/0/3]port link-type access
[leaf_01-GigabitEthernet0/0/3]port default vlan 1001
[leaf_01-GigabitEthernet0/0/3]qui
[leaf_01]
-------------------------
leaf_02:
<Huawei>sys
[Huawei]un in en
[Huawei]sys leaf_02
[leaf_02]vlan batch 1001 to 1004
[leaf_02]int g0/0/1
[leaf_02-GigabitEthernet0/0/1]port link-type trunk
[leaf_02-GigabitEthernet0/0/1]undo port trunk allow-pass vlan 1
[leaf_02-GigabitEthernet0/0/1]port trunk allow-pass vlan 1002
[leaf_02-GigabitEthernet0/0/1]int g0/0/2
[leaf_02-GigabitEthernet0/0/2]port link-type trunk
[leaf_02-GigabitEthernet0/0/2]undo port trunk allow-pass vlan 1
[leaf_02-GigabitEthernet0/0/2]port trunk allow-pass vlan 1002
[leaf_02-GigabitEthernet0/0/2]int g0/0/3
[leaf_02-GigabitEthernet0/0/3]port link-type access
[leaf_02-GigabitEthernet0/0/3]port default vlan 1002
[leaf_02-GigabitEthernet0/0/3]qui
[leaf_02]
-------------------------
leaf_03:
<Huawei>sys
[Huawei]un in en
Info: Information center is disabled.
[Huawei]sys leaf_03
[leaf_03]vlan batch 1001 to 1004
[leaf_03]int g0/0/1
[leaf_03-GigabitEthernet0/0/1]port link-type trunk
[leaf_03-GigabitEthernet0/0/1]undo port trunk allow-pass vlan 1
[leaf_03-GigabitEthernet0/0/1]port trunk allow-pass vlan 1003 to 1004
[leaf_03-GigabitEthernet0/0/1]int g0/0/2
[leaf_03-GigabitEthernet0/0/2]port link-type trunk
[leaf_03-GigabitEthernet0/0/2]undo port trunk allow-pass vlan 1
[leaf_03-GigabitEthernet0/0/2]port trunk allow-pass vlan 1003 to 1004
[leaf_03-GigabitEthernet0/0/2]int g0/0/3
[leaf_03-GigabitEthernet0/0/3]port link-type access
[leaf_03-GigabitEthernet0/0/3]port default vlan 1003
[leaf_03-GigabitEthernet0/0/3]int g0/0/4
[leaf_03-GigabitEthernet0/0/4]interface GigabitEthernet0/0/24
[leaf_03-GigabitEthernet0/0/24]port link-type trunk
[leaf_03-GigabitEthernet0/0/24]port trunk pvid vlan 1004
[leaf_03-GigabitEthernet0/0/24]undo port trunk allow-pass vlan 1
[leaf_03-GigabitEthernet0/0/24]port trunk allow-pass vlan 1003 to 1004
[leaf_03-GigabitEthernet0/0/24]qui
[leaf_03]
3、MSTP
Spine_01:
[Spine_01]stp region-configuration
[Spine_01-mst-region]region-name MSTP_Domain
[Spine_01-mst-region]revision-level 10
[Spine_01-mst-region]instance 11 vlan 1001
[Spine_01-mst-region]instance 12 vlan 1002
[Spine_01-mst-region]instance 13 vlan 1003
[Spine_01-mst-region]instance 14 vlan 1004
[Spine_01-mst-region]active region-configuration
[Spine_01-mst-region]qui
[Spine_01]stp instance 0 root primary
[Spine_01]stp instance 11 root primary
[Spine_01]stp instance 12 root primary
[Spine_01]stp instance 13 root secondary
[Spine_01]stp instance 14 root secondary
[Spine_01]stp bpdu-protection
[Spine_01]stp tc-protection
[Spine_01]port group g0/0/5 to g0/0/7
[Spine_01-port-group]stp root-protection
[Spine_01-GigabitEthernet0/0/5]stp root-protection
[Spine_01-GigabitEthernet0/0/6]stp root-protection
[Spine_01-GigabitEthernet0/0/7]stp root-protection
[Spine_01-port-group]qui
[Spine_01]
-------------------------
Spine_02:
[Spine_02]stp region-configuration
[Spine_02-mst-region]region-name MSTP_Domain
[Spine_02-mst-region]revision-level 10
[Spine_02-mst-region]instance 11 vlan 1001
[Spine_02-mst-region]instance 12 vlan 1002
[Spine_02-mst-region]instance 13 vlan 1003
[Spine_02-mst-region]instance 14 vlan 1004
[Spine_02-mst-region]active region-configuration
[Spine_02-mst-region]qui
[Spine_02]stp instance 0 root secondary
[Spine_02]stp instance 11 root secondary
[Spine_02]stp instance 12 root secondary
[Spine_02]stp instance 13 root primary
[Spine_02]stp instance 14 root primary
[Spine_02]stp bpdu-protection
[Spine_02]stp tc-protection
[Spine_02]port group g0/0/5 to g0/0/7
[Spine_02-port-group]stp root-protection
[Spine_02-GigabitEthernet0/0/5]stp root-protection
[Spine_02-GigabitEthernet0/0/6]stp root-protection
[Spine_02-GigabitEthernet0/0/7]stp root-protection
[Spine_02-port-group]qui
[Spine_02]
-------------------------
leaf_01:
[leaf_01]stp region-configuration
[leaf_01-mst-region]region-name MSTP_Domain
[leaf_01-mst-region]revision-level 10
[leaf_01-mst-region]instance 11 vlan 1001
[leaf_01-mst-region]instance 12 vlan 1002
[leaf_01-mst-region]instance 13 vlan 1003
[leaf_01-mst-region]instance 14 vlan 1004
[leaf_01-mst-region]active region-configuration
[leaf_01-mst-region]qui
[leaf_01]stp bpdu-protection
[leaf_01]stp tc-protection
[leaf_01]int g0/0/3
[leaf_01-GigabitEthernet0/0/3]stp bpdu-filter enable
[leaf_01-GigabitEthernet0/0/3]stp edged-port enable
[leaf_01-GigabitEthernet0/0/3]qui
[leaf_01]
-------------------------
leaf_02:
[leaf_02]stp region-configuration
[leaf_02-mst-region]region-name MSTP_Domain
[leaf_02-mst-region]revision-level 10
[leaf_02-mst-region]instance 11 vlan 1001
[leaf_02-mst-region]instance 12 vlan 1002
[leaf_02-mst-region]instance 13 vlan 1003
[leaf_02-mst-region]instance 14 vlan 1004
[leaf_02-mst-region]active region-configuration
[leaf_02-mst-region]qui
[leaf_02]stp bpdu-protection
[leaf_02]stp tc-protection
[leaf_02]int g0/0/3
[leaf_02-GigabitEthernet0/0/3]stp bpdu-filter enable
[leaf_02-GigabitEthernet0/0/3]stp edged-port enable
[leaf_02-GigabitEthernet0/0/3]qui
[leaf_02]
-------------------------
leaf_03:
[leaf_03]stp region-configuration
[leaf_03-mst-region]region-name MSTP_Domain
[leaf_03-mst-region]revision-level 10
[leaf_03-mst-region]instance 11 vlan 1001
[leaf_03-mst-region]instance 12 vlan 1002
[leaf_03-mst-region]instance 13 vlan 1003
[leaf_03-mst-region]instance 14 vlan 1004
[leaf_03-mst-region]active region-configuration
[leaf_03-mst-region]qui
[leaf_03]stp bpdu-protection
[leaf_03]stp tc-protection
[leaf_03]port group g0/0/3 g0/0/24
[leaf_03-port-group]stp bpdu-filter enable
[leaf_03-GigabitEthernet0/0/3]stp bpdu-filter enable
[leaf_03-GigabitEthernet0/0/24]stp bpdu-filter enable
[leaf_03-port-group]stp edged-port enable
[leaf_03-GigabitEthernet0/0/3]stp edged-port enable
[leaf_03-GigabitEthernet0/0/24]stp edged-port enable
[leaf_03-port-group]qui
[leaf_03]
4、Vlan-if网关
Spine_01:
[Spine_01]ipv6
[Spine_01]int vlan 1001
[Spine_01-Vlanif1001]ip address 10.1.11.2 255.255.255.0
[Spine_01-Vlanif1001]int vlan 1002
[Spine_01-Vlanif1002]ipv6 enable
[Spine_01-Vlanif1002]ipv6 address 2409:8086:5A0A:10:1:12:0:2/112
[Spine_01-Vlanif1002]ipv6 address auto link-local
[Spine_01-Vlanif1002]int vlan 1003
[Spine_01-Vlanif1003]ipv6 enable
[Spine_01-Vlanif1003]ip address 10.1.13.2 255.255.255.0
[Spine_01-Vlanif1003]ipv6 address 2409:8086:5A0A:10:1:13:0:2/112
[Spine_01-Vlanif1003]ipv6 address auto link-local
[Spine_01-Vlanif1003]int vlan 1004
[Spine_01-Vlanif1004]ip address 10.1.14.2 255.255.255.0
[Spine_01-Vlanif1004]int vlan 1005
[Spine_01-Vlanif1005]ip address 10.1.15.2 255.255.255.248
[Spine_01-Vlanif1005]qui
[Spine_01]
-------------------------
Spine_02:
[Spine_02]ipv6
[Spine_02]int vlan 1001
[Spine_02-Vlanif1001]ip address 10.1.11.3 255.255.255.0
[Spine_02-Vlanif1001]int vlan 1002
[Spine_02-Vlanif1002]ipv6 enable
[Spine_02-Vlanif1002]ipv6 address 2409:8086:5A0A:10:1:12:0:3/112
[Spine_02-Vlanif1002]ipv6 address auto link-local
[Spine_02-Vlanif1002]int vlan 1003
[Spine_02-Vlanif1003]ipv6 enable
[Spine_02-Vlanif1003]ip address 10.1.13.3 255.255.255.0
[Spine_02-Vlanif1003]ipv6 address 2409:8086:5A0A:10:1:13:0:3/112
[Spine_02-Vlanif1003]ipv6 address auto link-local
[Spine_02-Vlanif1003]int vlan 1004
[Spine_02-Vlanif1004]ip address 10.1.14.3 255.255.255.0
[Spine_02-Vlanif1004]int vlan 1005
[Spine_02-Vlanif1005]ip address 10.1.15.3 255.255.255.248
[Spine_02-Vlanif1005]qui
[Spine_02]
5、管理VRRP&VRRP6
这一部分要不我就先不放在文章中,
配置的设备主要是Spine的VRRP和VRRP6
用vlan254和vlan255作为管理vlan
vlan254
Spine_01管理VRRP主使用
Spine_02管理VRRP备使用
vlan255
Spine_02管理VRRP主使用
Spine_01管理VRRP备使用
这一部分在文章中省了,但是如果是
自己确实是小白没法自己配置出来那
可能就没有办法了,下载资源的话需要
收取一些费用,那里的order命令是没有省略的
一条一条一步一步的命令都是有的,也都是全的。
公众号(小猿网),回复“网络规划”即可
注:只是资源为消费资源,如不符合
您的消费观,还请您见谅
6、VRRP&VRRP6双活网关
Spine_01:
[Spine_01]int vlan 1001
[Spine_01-Vlanif1001]vrrp vrid 1 virtual-ip 10.1.11.1
[Spine_01-Vlanif1001]vrrp vrid 1 track admin-vrrp interface Vlanif254 vrid 254 unflowdown
[Spine_01-Vlanif1001]int vlan 1002
[Spine_01-Vlanif1002]vrrp6 vrid 2 virtual-ip FE80:8086:5A0A:10:1:12:0:1 link-local
[Spine_01-Vlanif1002]vrrp6 vrid 2 virtual-ip 2409:8086:5A0A:10:1:12:0:1
[Spine_01-Vlanif1002]vrrp6 vrid 2 track admin-vrrp6 interface Vlanif254 vrid 255 unflowdown
[Spine_01-Vlanif1002]int vlan 1003
[Spine_01-Vlanif1003]vrrp vrid 1 virtual-ip 10.1.13.1
[Spine_01-Vlanif1003]vrrp6 vrid 2 virtual-ip FE80:8086:5A0A:10:1:13:0:1 link-local
[Spine_01-Vlanif1003]vrrp6 vrid 2 virtual-ip 2409:8086:5A0A:10:1:13:0:1
[Spine_01-Vlanif1003]int vlan 1004
[Spine_01-Vlanif1004]vrrp vrid 1 virtual-ip 10.1.14.1
[Spine_01-Vlanif1004]vrrp vrid 1 track admin-vrrp interface Vlanif255 vrid 254 unflowdown
[Spine_01-Vlanif1004]int vlan 1005
[Spine_01-Vlanif1005]vrrp vrid 1 virtual-ip 10.1.15.1
[Spine_01-Vlanif1005]vrrp vrid 1 track admin-vrrp interface Vlanif254 vrid 254 unflowdown
[Spine_01-Vlanif1005]qui
[Spine_01]
-------------------------
Spine_02:
[Spine_02]int vlan 1001
[Spine_02-Vlanif1001]vrrp vrid 1 virtual-ip 10.1.11.1
[Spine_02-Vlanif1001]vrrp vrid 1 track admin-vrrp interface Vlanif254 vrid 254 unflowdown
[Spine_02-Vlanif1001]int vlan 1002
[Spine_02-Vlanif1002]vrrp6 vrid 2 virtual-ip FE80:8086:5A0A:10:1:12:0:1 link-local
[Spine_02-Vlanif1002]vrrp6 vrid 2 virtual-ip 2409:8086:5A0A:10:1:12:0:1
[Spine_02-Vlanif1002]vrrp6 vrid 2 track admin-vrrp6 interface Vlanif254 vrid 255 unflowdown
[Spine_02-Vlanif1002]int vlan 1003
[Spine_02-Vlanif1003]vrrp vrid 1 virtual-ip 10.1.13.1
[Spine_02-Vlanif1003]vrrp vrid 1 priority 120
[Spine_02-Vlanif1003]vrrp6 vrid 2 virtual-ip FE80:8086:5A0A:10:1:13:0:1 link-local
[Spine_02-Vlanif1003]vrrp6 vrid 2 virtual-ip 2409:8086:5A0A:10:1:13:0:1
[Spine_02-Vlanif1003]vrrp6 vrid 2 priority 120
[Spine_02-Vlanif1003]int vlan 1004
[Spine_02-Vlanif1004]vrrp vrid 1 virtual-ip 10.1.14.1
[Spine_02-Vlanif1004]vrrp vrid 1 track admin-vrrp interface Vlanif255 vrid 254 unflowdown
[Spine_02-Vlanif1004]int vlan 1005
[Spine_02-Vlanif1005]vrrp vrid 1 virtual-ip 10.1.15.1
[Spine_02-Vlanif1005]vrrp vrid 1 track admin-vrrp interface Vlanif254 vrid 254 unflowdown
[Spine_02-Vlanif1005]qui
[Spine_02]
7、DHCP中继
Spine_01:
[Spine_01]dhcp enable
[Spine_01]dhcp server group dhcp_srv
[Spine_01-dhcp-server-group-dhcp_srv]dhcp-server 192.168.112.2
[Spine_01-dhcp-server-group-dhcp_srv]dhcp-server 192.168.113.2
[Spine_01-dhcp-server-group-dhcp_srv]int vlan 1001
[Spine_01-Vlanif1001]dhcp select relay
[Spine_01-Vlanif1001]dhcp relay server-select dhcp_srv
[Spine_01-Vlanif1001]int vlan 1002
[Spine_01-Vlanif1002]undo ipv6 nd ra halt
[Spine_01-Vlanif1002]ipv6 nd autoconfig managed-address-flag
[Spine_01-Vlanif1002]ipv6 nd autoconfig other-flag
[Spine_01-Vlanif1002]dhcpv6 relay destination 2409:8086:5A0A:192:168:112:0:1
[Spine_01-Vlanif1002]int vlan 1003
[Spine_01-Vlanif1003]undo ipv6 nd ra halt
[Spine_01-Vlanif1003]ipv6 nd autoconfig managed-address-flag
[Spine_01-Vlanif1003]ipv6 nd autoconfig other-flag
[Spine_01-Vlanif1003]dhcp select relay
[Spine_01-Vlanif1003]dhcp relay server-select dhcp_srv
[Spine_01-Vlanif1003]dhcpv6 relay destination 2409:8086:5A0A:192:168:113:0:1
[Spine_01-Vlanif1003]int vlan 1004
[Spine_01-Vlanif1004]dhcp select relay
[Spine_01-Vlanif1004]dhcp relay server-select dhcp_srv
[Spine_01-Vlanif1004]qui
[Spine_01]
-------------------------
Spine_02:
[Spine_02]dhcp enable
[Spine_02]dhcp server group dhcp_srv
[Spine_02-dhcp-server-group-dhcp_srv]dhcp-server 192.168.112.2
[Spine_02-dhcp-server-group-dhcp_srv]dhcp-server 192.168.113.2
[Spine_02-dhcp-server-group-dhcp_srv]int vlan 1001
[Spine_02-Vlanif1001]dhcp select relay
[Spine_02-Vlanif1001]dhcp relay server-select dhcp_srv
[Spine_02-Vlanif1001]int vlan 1002
[Spine_02-Vlanif1002]undo ipv6 nd ra halt
[Spine_02-Vlanif1002]ipv6 nd autoconfig managed-address-flag
[Spine_02-Vlanif1002]ipv6 nd autoconfig other-flag
[Spine_02-Vlanif1002]dhcpv6 relay destination 2409:8086:5A0A:192:168:112:0:1
[Spine_02-Vlanif1002]int vlan 1003
[Spine_02-Vlanif1003]undo ipv6 nd ra halt
[Spine_02-Vlanif1003]ipv6 nd autoconfig managed-address-flag
[Spine_02-Vlanif1003]ipv6 nd autoconfig other-flag
[Spine_02-Vlanif1003]dhcp select relay
[Spine_02-Vlanif1003]dhcp relay server-select dhcp_srv
[Spine_02-Vlanif1003]dhcpv6 relay destination 2409:8086:5A0A:192:168:113:0:1
[Spine_02-Vlanif1003]int vlan 1004
[Spine_02-Vlanif1004]dhcp select relay
[Spine_02-Vlanif1004]dhcp relay server-select dhcp_srv
[Spine_02-Vlanif1004]qui
[Spine_02]
8、无线WLAN
AC_01:
<AC6605>sys
[AC6605]un in en
[AC6605]sysname AC_01
[AC_01]vlan 1005
[AC_01-vlan1005]int vlan 1005
[AC_01-Vlanif1005]ip add 10.1.15.4 255.255.255.248
[AC_01-Vlanif1005]qui
[AC_01]int eth 3
[AC_01-Eth-Trunk3]port hybrid tagged vlan 1005
[AC_01-Eth-Trunk3]mode lacp-static
[AC_01-Eth-Trunk3]lacp timeout fast
[AC_01-Eth-Trunk3]trunkport g0/0/1
[AC_01-Eth-Trunk3]trunkport g0/0/2
[AC_01-Eth-Trunk3]qui
[AC_01]ip route-static 0.0.0.0 0.0.0.0 10.1.15.1
[AC_01]capwap source interface vlanif1005
[AC_01]wlan
[AC_01-wlan-view]ssid-profile name SSID_PRO
[AC_01-wlan-ssid-prof-SSID_PRO]ssid huawei
[AC_01-wlan-ssid-prof-SSID_PRO]qui
[AC_01-wlan-view]security-profile name SEC_PRO
[AC_01-wlan-sec-prof-SEC_PRO]security wpa2 psk pass-phrase huawei@123 aes
[AC_01-wlan-sec-prof-SEC_PRO]qui
[AC_01-wlan-view]ap-system-profile name AP1_PRO
[AC_01-wlan-ap-system-prof-AP1_PRO]primary-access ip-address 10.1.15.4
[AC_01-wlan-ap-system-prof-AP1_PRO]backup-access ip-address 10.1.15.5
[AC_01-wlan-ap-system-prof-AP1_PRO]qui
[AC_01-wlan-view]vap-profile name VAP1_PRO
[AC_01-wlan-vap-prof-VAP1_PRO]ssid-profile SSID_PRO
[AC_01-wlan-vap-prof-VAP1_PRO]security-profile SEC_PRO
[AC_01-wlan-vap-prof-VAP1_PRO]service-vlan vlan-id 1003
[AC_01-wlan-vap-prof-VAP1_PRO]qui
[AC_01-wlan-view]ap-id 1 ap-mac 00e0-fcae-1390
[AC_01-wlan-ap-1]qui
[AC_01-wlan-view]ap-id 1
[AC_01-wlan-ap-1]ap-name AREA_1
[AC_01-wlan-ap-1]ap-system-profile AP1_PRO
[AC_01-wlan-ap-1]vap-profile VAP1_PRO wlan 1 radio 0
[AC_01-wlan-ap-1]vap-profile VAP1_PRO wlan 1 radio 1
[AC_01-wlan-ap-1]qui
[AC_01-wlan-view]qui
[AC_01]
----------------------------------
AC_02:
<AC6605>sys
[AC6605]un in en
[AC6605]sysname AC_02
[AC_02]vlan 1005
[AC_02-vlan1005]int vlan 1005
[AC_02-Vlanif1005]ip add 10.1.15.5 255.255.255.248
[AC_02-Vlanif1005]qui
[AC_02]int eth 3
[AC_02-Eth-Trunk3]port hybrid tagged vlan 1005
[AC_02-Eth-Trunk3]mode lacp-static
[AC_02-Eth-Trunk3]lacp timeout fast
[AC_02-Eth-Trunk3]trunkport g0/0/1
[AC_02-Eth-Trunk3]trunkport g0/0/2
[AC_02-Eth-Trunk3]qui
[AC_02]ip route-static 0.0.0.0 0.0.0.0 10.1.15.1
[AC_02]capwap source interface vlanif1005
[AC_02]wlan
[AC_02-wlan-view]ssid-profile name SSID_PRO
[AC_02-wlan-ssid-prof-SSID_PRO]ssid huawei
[AC_02-wlan-ssid-prof-SSID_PRO]qui
[AC_02-wlan-view]security-profile name SEC_PRO
[AC_02-wlan-sec-prof-SEC_PRO]security wpa2 psk pass-phrase huawei@123 aes
[AC_02-wlan-sec-prof-SEC_PRO]qui
[AC_02-wlan-view]ap-system-profile name AP1_PRO
[AC_02-wlan-ap-system-prof-AP1_PRO]primary-access ip-address 10.1.15.4
[AC_02-wlan-ap-system-prof-AP1_PRO]backup-access ip-address 10.1.15.5
[AC_02-wlan-ap-system-prof-AP1_PRO]qui
[AC_02-wlan-view]vap-profile name VAP1_PRO
[AC_02-wlan-vap-prof-VAP1_PRO]ssid-profile SSID_PRO
[AC_02-wlan-vap-prof-VAP1_PRO]security-profile SEC_PRO
[AC_02-wlan-vap-prof-VAP1_PRO]service-vlan vlan-id 1003
[AC_02-wlan-vap-prof-VAP1_PRO]qui
[AC_02-wlan-view]ap-id 1 ap-mac 00e0-fcae-1390
[AC_02-wlan-ap-1]qui
[AC_02-wlan-view]ap-id 1
[AC_02-wlan-ap-1]ap-name AREA_1
[AC_02-wlan-ap-1]ap-system-profile AP1_PRO
[AC_02-wlan-ap-1]vap-profile VAP1_PRO wlan 1 radio 0
[AC_02-wlan-ap-1]vap-profile VAP1_PRO wlan 1 radio 1
[AC_02-wlan-ap-1]qui
[AC_02-wlan-view]qui
[AC_02]
9、无线AC冗余
AC1:
[AC_01]hsb-service 0
[AC_01-hsb-service-0]service-ip-port local-ip 10.1.15.4 peer-ip 10.1.15.5 local-data-port 10240 peer-data-port 10240
[AC_01-hsb-service-0]qui
[AC_01]hsb-service-type ap hsb-service 0
[AC_01]wlan
[AC_01-wlan-view]ac protect enable
Warning: This operation maybe cause AP reset, continue?[Y/N]:y
----------------------------------
AC2和AC1类似我就在文章里面不写了
这一部分在文章中省了,但是如果是
自己确实是小白没法自己配置出来那
可能就没有办法了,下载资源的话需要
收取一些费用,那里的order命令是没有省略的
一条一条一步一步的命令都是有的,也都是全的。
公众号(小猿网),回复“网络规划”即可
注:只是资源为消费资源,如不符合
您的消费观,还请您见谅
10、双机热备
admin
Admin@123
y
Admin@123
admin@123
admin@123
FW1:
<USG6000V1>sys
[USG6000V1]un in en
[USG6000V1]sys FW1
[FW1]firewall zone trust
[FW1-zone-trust]add interface GigabitEthernet1/0/1
[FW1-zone-trust]add interface GigabitEthernet1/0/2
[FW1-zone-trust]undo add interface GigabitEthernet0/0/0
[FW1-zone-trust]qui
[FW1]firewall zone untrust
[FW1-zone-untrust]add interface GigabitEthernet1/0/3
[FW1-zone-untrust]add interface GigabitEthernet1/0/4
[FW1-zone-untrust]qui
[FW1]firewall zone dmz
[FW1-zone-dmz]add interface GigabitEthernet1/0/5
[FW1-zone-dmz]add interface GigabitEthernet1/0/6
[FW1-zone-dmz]qui
[FW1]int g0/0/0
[FW1-GigabitEthernet0/0/0]undo ip binding vpn-instance default
[FW1-GigabitEthernet0/0/0]undo alias
[FW1-GigabitEthernet0/0/0]qui
[FW1]int eth 1
[FW1-Eth-Trunk1]mode lacp-static
[FW1-Eth-Trunk1]lacp timeout fast
[FW1-Eth-Trunk1]trunkport g0/0/0
[FW1-Eth-Trunk1]trunkport g1/0/0
[FW1-Eth-Trunk1]qui
[FW1]firewall zone dmz
[FW1-zone-dmz]add interface Eth-Trunk1
[FW1-zone-dmz]qui
[FW1]ipv6
[FW1]int eth 1
[FW1-Eth-Trunk1]ip add 1.1.1.1 30
[FW1-Eth-Trunk1]int g1/0/1
[FW1-GigabitEthernet1/0/1]ipv6 enable
[FW1-GigabitEthernet1/0/1]ip add 192.168.121.2 30
[FW1-GigabitEthernet1/0/1]ipv6 address auto link-local
[FW1-GigabitEthernet1/0/1]int g1/0/2
[FW1-GigabitEthernet1/0/2]ipv6 enable
[FW1-GigabitEthernet1/0/2]ip add 192.168.123.2 30
[FW1-GigabitEthernet1/0/2]ipv6 address auto link-local
[FW1-GigabitEthernet1/0/2]int g1/0/3
[FW1-GigabitEthernet1/0/3]ipv6 enable
[FW1-GigabitEthernet1/0/3]ip add 192.168.125.2 30
[FW1-GigabitEthernet1/0/3]ipv6 address auto link-local
[FW1-GigabitEthernet1/0/3]int g1/0/4
[FW1-GigabitEthernet1/0/4]ipv6 enable
[FW1-GigabitEthernet1/0/4]ip add 192.168.126.2 30
[FW1-GigabitEthernet1/0/4]ipv6 address auto link-local
[FW1-GigabitEthernet1/0/4]int g1/0/5
[FW1-GigabitEthernet1/0/5]ipv6 enable
[FW1-GigabitEthernet1/0/5]ip add 192.168.116.2 30
[FW1-GigabitEthernet1/0/5]ipv6 address auto link-local
[FW1-GigabitEthernet1/0/5]int g1/0/6
[FW1-GigabitEthernet1/0/6]ipv6 enable
[FW1-GigabitEthernet1/0/6]ip add 192.168.118.2 30
[FW1-GigabitEthernet1/0/6]ipv6 address auto link-local
[FW1-GigabitEthernet1/0/6]int loo0
[FW1-LoopBack0]ip add 172.16.0.102 32
[FW1-LoopBack0]int loo100
[FW1-LoopBack100]ip add 223.73.54.0 32
[FW1-LoopBack100]int loo101
[FW1-LoopBack101]ipv6 enable
[FW1-LoopBack101]ipv6 address 2409:8A55:936:1AE0:B04D:C0DD:94F7:0/128
[FW1-LoopBack101]qui
[FW1]hrp interface Eth-Trunk1 remote 1.1.1.2
[FW1]hrp mirror session enable
[FW1]hrp nat resource primary-group
[FW1]hrp standby config enable
[FW1]undo hrp track trunk-member enable
[FW1]hrp track interface GigabitEthernet1/0/1
[FW1]hrp track interface GigabitEthernet1/0/2
[FW1]hrp track interface GigabitEthernet1/0/3
[FW1]hrp track interface GigabitEthernet1/0/4
[FW1]hrp track interface GigabitEthernet1/0/5
[FW1]hrp track interface GigabitEthernet1/0/6
[FW1]hrp enable
HRP_S[FW1]
----------------------------------
FW2:
<USG6000V1>sys
[USG6000V1]un in en
[USG6000V1]sys FW2
[FW2]firewall zone trust
[FW2-zone-trust]add interface GigabitEthernet1/0/1
[FW2-zone-trust]add interface GigabitEthernet1/0/2
[FW2-zone-trust]undo add interface GigabitEthernet0/0/0
[FW2-zone-trust]qui
[FW2]firewall zone untrust
[FW2-zone-untrust]add interface GigabitEthernet1/0/3
[FW2-zone-untrust]add interface GigabitEthernet1/0/4
[FW2-zone-untrust]qui
[FW2]firewall zone dmz
[FW2-zone-dmz]add interface GigabitEthernet1/0/5
[FW2-zone-dmz]add interface GigabitEthernet1/0/6
[FW2-zone-dmz]qui
[FW2]int g0/0/0
[FW2-GigabitEthernet0/0/0]undo ip binding vpn-instance default
[FW2-GigabitEthernet0/0/0]undo alias
[FW2-GigabitEthernet0/0/0]qui
[FW2]int eth 1
[FW2-Eth-Trunk1]mode lacp-static
[FW2-Eth-Trunk1]lacp timeout fast
[FW2-Eth-Trunk1]trunkport g0/0/0
[FW2-Eth-Trunk1]trunkport g1/0/0
[FW2-Eth-Trunk1]qui
[FW2]firewall zone dmz
[FW2-zone-dmz]add interface Eth-Trunk1
[FW2-zone-dmz]qui
[FW2]ipv6
[FW2]int eth 1
[FW2-Eth-Trunk1]ip add 1.1.1.2 30
[FW2-Eth-Trunk1]int g1/0/1
[FW2-GigabitEthernet1/0/1]ipv6 enable
[FW2-GigabitEthernet1/0/1]ip add 192.168.122.2 30
[FW2-GigabitEthernet1/0/1]ipv6 address auto link-local
[FW2-GigabitEthernet1/0/1]int g1/0/2
[FW2-GigabitEthernet1/0/2]ipv6 enable
[FW2-GigabitEthernet1/0/2]ip add 192.168.124.2 30
[FW2-GigabitEthernet1/0/2]ipv6 address auto link-local
[FW2-GigabitEthernet1/0/2]int g1/0/3
[FW2-GigabitEthernet1/0/3]ipv6 enable
[FW2-GigabitEthernet1/0/3]ip add 192.168.127.2 30
[FW2-GigabitEthernet1/0/3]ipv6 address auto link-local
[FW2-GigabitEthernet1/0/3]int g1/0/4
[FW2-GigabitEthernet1/0/4]ipv6 enable
[FW2-GigabitEthernet1/0/4]ip add 192.168.128.2 30
[FW2-GigabitEthernet1/0/4]ipv6 address auto link-local
[FW2-GigabitEthernet1/0/4]int g1/0/5
[FW2-GigabitEthernet1/0/5]ipv6 enable
[FW2-GigabitEthernet1/0/5]ip add 192.168.117.2 30
[FW2-GigabitEthernet1/0/5]ipv6 address auto link-local
[FW2-GigabitEthernet1/0/5]int g1/0/6
[FW2-GigabitEthernet1/0/6]ipv6 enable
[FW2-GigabitEthernet1/0/6]ip add 192.168.119.2 30
[FW2-GigabitEthernet1/0/6]ipv6 address auto link-local
[FW2-GigabitEthernet1/0/6]int loo0
[FW2-LoopBack0]ip add 172.16.0.103 32
[FW2-LoopBack0]int loo100
[FW2-LoopBack100]ip add 223.73.54.0 32
[FW2-LoopBack100]int loo101
[FW2-LoopBack101]ipv6 enable
[FW2-LoopBack101]ipv6 address 2409:8A55:936:1AE0:B04D:C0DD:94F7:0/128
[FW2-LoopBack101]qui
[FW2]hrp standby-device
[FW2]hrp interface Eth-Trunk1 remote 1.1.1.1
[FW2]hrp mirror session enable
[FW2]hrp nat resource secondary-group
[FW2]hrp standby config enable
[FW2]undo hrp track trunk-member enable
[FW2]hrp track interface GigabitEthernet1/0/1
[FW2]hrp track interface GigabitEthernet1/0/2
[FW2]hrp track interface GigabitEthernet1/0/3
[FW2]hrp track interface GigabitEthernet1/0/4
[FW2]hrp track interface GigabitEthernet1/0/5
[FW2]hrp track interface GigabitEthernet1/0/6
[FW2]hrp enable
HRP_S[FW2]
11、安全策略
FW1(FW2一样的,双机热备自动同步至FW2):
HRP_M[FW1]security-policy (+B)
HRP_M[FW1-policy-security] rule name ospf (+B)
HRP_M[FW1-policy-security-rule-ospf] source-zone local (+B)
HRP_M[FW1-policy-security-rule-ospf] source-zone trust (+B)
HRP_M[FW1-policy-security-rule-ospf] source-zone untrust (+B)
HRP_M[FW1-policy-security-rule-ospf] destination-zone local (+B)
HRP_M[FW1-policy-security-rule-ospf] destination-zone trust (+B)
HRP_M[FW1-policy-security-rule-ospf] destination-zone untrust (+B)
HRP_M[FW1-policy-security-rule-ospf] source-address 192.168.121.0 mask 255.255.255.252 (+B)
HRP_M[FW1-policy-security-rule-ospf] source-address 192.168.122.0 mask 255.255.255.252 (+B)
HRP_M[FW1-policy-security-rule-ospf] source-address 192.168.123.0 mask 255.255.255.252 (+B)
HRP_M[FW1-policy-security-rule-ospf] source-address 192.168.124.0 mask 255.255.255.252 (+B)
HRP_M[FW1-policy-security-rule-ospf] source-address 192.168.125.0 mask 255.255.255.252 (+B)
HRP_M[FW1-policy-security-rule-ospf] source-address 192.168.126.0 mask 255.255.255.252 (+B)
HRP_M[FW1-policy-security-rule-ospf] source-address 192.168.127.0 mask 255.255.255.252 (+B)
HRP_M[FW1-policy-security-rule-ospf] source-address 192.168.128.0 mask 255.255.255.252 (+B)
HRP_M[FW1-policy-security-rule-ospf] source-address FE80:: 10 (+B)
HRP_M[FW1-policy-security-rule-ospf] destination-address 192.168.121.0 mask 255.255.255.252 (+B)
HRP_M[FW1-policy-security-rule-ospf] destination-address 192.168.122.0 mask 255.255.255.252 (+B)
HRP_M[FW1-policy-security-rule-ospf] destination-address 192.168.123.0 mask 255.255.255.252 (+B)
HRP_M[FW1-policy-security-rule-ospf] destination-address 192.168.124.0 mask 255.255.255.252 (+B)
HRP_M[FW1-policy-security-rule-ospf] destination-address 192.168.125.0 mask 255.255.255.252 (+B)
HRP_M[FW1-policy-security-rule-ospf] destination-address 192.168.126.0 mask 255.255.255.252 (+B)
HRP_M[FW1-policy-security-rule-ospf] destination-address 192.168.127.0 mask 255.255.255.252 (+B)
HRP_M[FW1-policy-security-rule-ospf] destination-address 192.168.128.0 mask 255.255.255.252 (+B)
HRP_M[FW1-policy-security-rule-ospf] destination-address FE80:: 10 (+B)
HRP_M[FW1-policy-security-rule-ospf] service ospf (+B)
HRP_M[FW1-policy-security-rule-ospf] action permit (+B)
HRP_M[FW1-policy-security-rule-ospf] rule name bfd (+B)
HRP_M[FW1-policy-security-rule-bfd] source-zone local (+B)
HRP_M[FW1-policy-security-rule-bfd] source-zone trust (+B)
HRP_M[FW1-policy-security-rule-bfd] source-zone untrust (+B)
HRP_M[FW1-policy-security-rule-bfd] destination-zone local (+B)
HRP_M[FW1-policy-security-rule-bfd] destination-zone trust (+B)
HRP_M[FW1-policy-security-rule-bfd] destination-zone untrust (+B)
HRP_M[FW1-policy-security-rule-bfd] source-address 192.168.121.0 mask 255.255.255.252 (+B)
HRP_M[FW1-policy-security-rule-bfd] source-address 192.168.122.0 mask 255.255.255.252 (+B)
HRP_M[FW1-policy-security-rule-bfd] source-address 192.168.123.0 mask 255.255.255.252 (+B)
HRP_M[FW1-policy-security-rule-bfd] source-address 192.168.124.0 mask 255.255.255.252 (+B)
HRP_M[FW1-policy-security-rule-bfd] source-address 192.168.125.0 mask 255.255.255.252 (+B)
HRP_M[FW1-policy-security-rule-bfd] source-address 192.168.126.0 mask 255.255.255.252 (+B)
HRP_M[FW1-policy-security-rule-bfd] source-address 192.168.127.0 mask 255.255.255.252 (+B)
HRP_M[FW1-policy-security-rule-bfd] source-address 192.168.128.0 mask 255.255.255.252 (+B)
HRP_M[FW1-policy-security-rule-bfd] source-address FE80:: 10 (+B)
HRP_M[FW1-policy-security-rule-bfd] destination-address 192.168.121.0 mask 255.255.255.252 (+B)
HRP_M[FW1-policy-security-rule-bfd] destination-address 192.168.122.0 mask 255.255.255.252 (+B)
HRP_M[FW1-policy-security-rule-bfd] destination-address 192.168.123.0 mask 255.255.255.252 (+B)
HRP_M[FW1-policy-security-rule-bfd] destination-address 192.168.124.0 mask 255.255.255.252 (+B)
HRP_M[FW1-policy-security-rule-bfd] destination-address 192.168.125.0 mask 255.255.255.252 (+B)
HRP_M[FW1-policy-security-rule-bfd] destination-address 192.168.126.0 mask 255.255.255.252 (+B)
HRP_M[FW1-policy-security-rule-bfd] destination-address 192.168.127.0 mask 255.255.255.252 (+B)
HRP_M[FW1-policy-security-rule-bfd] destination-address 192.168.128.0 mask 255.255.255.252 (+B)
HRP_M[FW1-policy-security-rule-bfd] destination-address FE80:: 10 (+B)
HRP_M[FW1-policy-security-rule-bfd] service protocol udp destination-port 3784 (+B)
HRP_M[FW1-policy-security-rule-bfd] action permit (+B)
HRP_M[FW1-policy-security-rule-bfd] rule name dhcp_srv (+B)
HRP_M[FW1-policy-security-rule-dhcp_srv] source-zone trust (+B)
HRP_M[FW1-policy-security-rule-dhcp_srv] destination-zone dmz (+B)
HRP_M[FW1-policy-security-rule-dhcp_srv] destination-address 192.168.112.2 mask 255.255.255.255 (+B)
HRP_M[FW1-policy-security-rule-dhcp_srv] destination-address 192.168.113.2 mask 255.255.255.255 (+B)
HRP_M[FW1-policy-security-rule-dhcp_srv] destination-address 2409:8086:5A0A:192:168:112:0:1 128 (+B)
HRP_M[FW1-policy-security-rule-dhcp_srv] destination-address 2409:8086:5A0A:192:168:113:0:1 128 (+B)
HRP_M[FW1-policy-security-rule-dhcp_srv] service icmp (+B)
HRP_M[FW1-policy-security-rule-dhcp_srv] service icmpv6 (+B)
HRP_M[FW1-policy-security-rule-dhcp_srv] service protocol udp destination-port 546 (+B)
HRP_M[FW1-policy-security-rule-dhcp_srv] service protocol udp destination-port 547 (+B)
HRP_M[FW1-policy-security-rule-dhcp_srv] service protocol udp destination-port 67 (+B)
HRP_M[FW1-policy-security-rule-dhcp_srv] service protocol udp destination-port 68 (+B)
HRP_M[FW1-policy-security-rule-dhcp_srv] action permit (+B)
HRP_M[FW1-policy-security-rule-dhcp_srv] rule name dhcp_srv (+B)
HRP_M[FW1-policy-security-rule-dhcp_srv] source-zone trust (+B)
HRP_M[FW1-policy-security-rule-dhcp_srv] destination-zone dmz (+B)
HRP_M[FW1-policy-security-rule-dhcp_srv] destination-address 192.168.112.2 mask 255.255.255.255 (+B)
HRP_M[FW1-policy-security-rule-dhcp_srv] destination-address 192.168.113.2 mask 255.255.255.255 (+B)
HRP_M[FW1-policy-security-rule-dhcp_srv] destination-address 2409:8086:5A0A:192:168:112:0:1 128 (+B)
HRP_M[FW1-policy-security-rule-dhcp_srv] destination-address 2409:8086:5A0A:192:168:113:0:1 128 (+B)
HRP_M[FW1-policy-security-rule-dhcp_srv] service icmp (+B)
HRP_M[FW1-policy-security-rule-dhcp_srv] service icmpv6 (+B)
HRP_M[FW1-policy-security-rule-dhcp_srv] service protocol udp destination-port 546 (+B)
HRP_M[FW1-policy-security-rule-dhcp_srv] service protocol udp destination-port 547 (+B)
HRP_M[FW1-policy-security-rule-dhcp_srv] service protocol udp destination-port 67 (+B)
HRP_M[FW1-policy-security-rule-dhcp_srv] service protocol udp destination-port 68 (+B)
HRP_M[FW1-policy-security-rule-dhcp_srv] action permit (+B)
HRP_M[FW1-policy-security-rule-dhcp_srv]qui
HRP_M[FW1-policy-security]qui
HRP_M[FW1]
12、OSPF&OSPFv3
这一部分要不我就先不放在文章中,
配置的设备主要是Spine_01/Spine_02/
FW1/FW2/RT_01/RT_02的OSPF/OSPFv3的配置
这一部分在文章中省了,但是如果是
自己确实是小白没法自己配置出来那
可能就没有办法了,下载资源的话需要
收取一些费用,那里的order命令是没有省略的
一条一条一步一步的命令都是有的,也都是全的。
公众号(小猿网),回复“网络规划”即可
注:只是资源为消费资源,如不符合
您的消费观,还请您见谅
13、路由策略
这一部分要不我就先不放在文章中,
配置的设备主要是Spine_01/Spine_02/
FW1/FW2的路由策略的配置,把下面的
路由引入到上面即可
这一部分在文章中省了,但是如果是
自己确实是小白没法自己配置出来那
可能就没有办法了,下载资源的话需要
收取一些费用,那里的order命令是没有省略的
一条一条一步一步的命令都是有的,也都是全的。
注:只是资源为消费资源,如不符合
您的消费观,还请您见谅
14、OSPF路由发布
FW1:
HRP_M[FW1]ip route-static 223.73.54.0 255.255.255.0 NULL0
HRP_M[FW1]ipv6 route-static 2409:8A55:936:1AE0:B04D:C0DD:94F7:0 112 NULL0
HRP_M[FW1]
-------------------------------------
FW2:
HRP_S[FW2]ip route-static 223.73.54.0 255.255.255.0 NULL0
HRP_S[FW2]ipv6 route-static 2409:8A55:936:1AE0:B04D:C0DD:94F7:0 112 NULL0
HRP_S[FW2]
15、BGP
RT_01:
[RT_01]bgp 65001
[RT_01-bgp] router-id 183.26.96.1
[RT_01-bgp] peer 172.16.0.105 as-number 65001
[RT_01-bgp] peer 172.16.0.105 connect-interface LoopBack0
[RT_01-bgp] peer 172.16.0.105 bfd min-tx-interval 300 min-rx-interval 300 detect 4
[RT_01-bgp] peer 172.16.0.105 bfd enable
[RT_01-bgp] peer 183.26.96.2 as-number 9808
[RT_01-bgp] peer 183.26.96.2 connect-interface Ethernet3/0/0
[RT_01-bgp] peer 183.26.96.2 password cipher huawei@123
[RT_01-bgp] peer 183.26.96.2 bfd min-tx-interval 300 min-rx-interval 300 detect 4
[RT_01-bgp] peer 183.26.96.2 bfd enable
[RT_01-bgp] peer 2409:8055:5C00:0:2800::1 as-number 9808
[RT_01-bgp] peer 2409:8055:5C00:0:2800::1 connect-interface Ethernet3/0/0
[RT_01-bgp] peer 2409:8055:5C00:0:2800::1 password cipher huawei@123
[RT_01-bgp] peer 2409:8086:5A0A:172:16::105 as-number 65001
[RT_01-bgp] peer 2409:8086:5A0A:172:16::105 connect-interface LoopBack0
[RT_01-bgp] ipv4-family unicast
[RT_01-bgp-af-ipv4] peer 172.16.0.105 enable
[RT_01-bgp-af-ipv4] peer 172.16.0.105 next-hop-local
[RT_01-bgp-af-ipv4] peer 183.26.96.2 enable
[RT_01-bgp-af-ipv4] ipv6-family unicast
[RT_01-bgp-af-ipv6] peer 2409:8055:5C00:0:2800::1 enable
[RT_01-bgp-af-ipv6] peer 2409:8086:5A0A:172:16::105 enable
[RT_01-bgp-af-ipv6] peer 2409:8086:5A0A:172:16::105 next-hop-local
[RT_01-bgp-af-ipv6] qui
[RT_01-bgp]qui
[RT_01]
-------------------------------------
RT_02:
[RT_02]bgp 65001
[RT_02-bgp] router-id 183.26.96.5
[RT_02-bgp] peer 172.16.0.104 as-number 65001
[RT_02-bgp] peer 172.16.0.104 connect-interface LoopBack0
[RT_02-bgp] peer 172.16.0.104 bfd min-tx-interval 300 min-rx-interval 300 detect 4
[RT_02-bgp] peer 172.16.0.104 bfd enable
[RT_02-bgp] peer 183.26.96.6 as-number 9808
[RT_02-bgp] peer 183.26.96.6 connect-interface Ethernet3/0/0
[RT_02-bgp] peer 183.26.96.6 password cipher huawei@123
[RT_02-bgp] peer 183.26.96.6 bfd min-tx-interval 300 min-rx-interval 300 detect 4
[RT_02-bgp] peer 183.26.96.6 bfd enable
[RT_02-bgp] peer 2409:8055:5C00:0:2800::3 as-number 9808
[RT_02-bgp] peer 2409:8055:5C00:0:2800::3 connect-interface Ethernet3/0/0
[RT_02-bgp] peer 2409:8055:5C00:0:2800::3 password cipher huawei@123
[RT_02-bgp] peer 2409:8086:5A0A:172:16::104 as-number 65001
[RT_02-bgp] peer 2409:8086:5A0A:172:16::104 connect-interface LoopBack0
[RT_02-bgp] ipv4-family unicast
[RT_02-bgp-af-ipv4] peer 172.16.0.104 enable
[RT_02-bgp-af-ipv4] peer 172.16.0.104 next-hop-local
[RT_02-bgp-af-ipv4] peer 183.26.96.6 enable
[RT_02-bgp-af-ipv4] ipv6-family unicast
[RT_02-bgp-af-ipv6] peer 2409:8055:5C00:0:2800::3 enable
[RT_02-bgp-af-ipv6] peer 2409:8086:5A0A:172:16::104 enable
[RT_02-bgp-af-ipv6] peer 2409:8086:5A0A:172:16::104 next-hop-local
[RT_02-bgp-af-ipv6]qui
[RT_02-bgp]qui
[RT_02]
16、BGP路由发布
RT_01:
[RT_01]bgp 65001
[RT_01-bgp]ipv4-family unicast
[RT_01-bgp-af-ipv4]network 223.73.54.0
[RT_01-bgp-af-ipv4]qui
[RT_01-bgp]ipv6-family unicast
[RT_01-bgp-af-ipv6]network 2409:8A55:936:1AE0:B04D:C0DD:94F7:0 112
[RT_01-bgp-af-ipv6]network 2409:8086:5A0A:10:1:12:: 112
[RT_01-bgp-af-ipv6]network 2409:8086:5A0A:10:1:13:: 112
[RT_01-bgp-af-ipv6]qui
[RT_01-bgp]qui
[RT_01]
-------------------------------------
RT_02:
[RT_02]bgp 65001
[RT_02-bgp]ipv4-family unicast
[RT_02-bgp-af-ipv4]network 223.73.54.0
[RT_02-bgp-af-ipv4]qui
[RT_02-bgp]ipv6-family unicast
[RT_02-bgp-af-ipv6]network 2409:8A55:936:1AE0:B04D:C0DD:94F7:0 112
[RT_02-bgp-af-ipv6]network 2409:8086:5A0A:10:1:12:: 112
[RT_02-bgp-af-ipv6]network 2409:8086:5A0A:10:1:13:: 112
[RT_02-bgp-af-ipv6]qui
[RT_02-bgp]qui
[RT_02]
17、6to4隧道
FW1:
HRP_M[FW1]interface Tunnel0 (+B)
HRP_M[FW1-Tunnel0] description 6TO4
HRP_M[FW1-Tunnel0] ipv6 enable (+B)
HRP_M[FW1-Tunnel0] ipv6 address FD00:100::1/64
HRP_M[FW1-Tunnel0] ipv6 address auto link-local (+B)
HRP_M[FW1-Tunnel0] tunnel-protocol ipv6-ipv4
HRP_M[FW1-Tunnel0] source LoopBack100
HRP_M[FW1-Tunnel0] destination 183.73.54.182
HRP_M[FW1-Tunnel0] undo service-manage enable (+B)
HRP_M[FW1-Tunnel0]qui
HRP_M[FW1]ipv6 route-static 2001:DB8:888:1:: 112 Tunnel0
HRP_M[FW1]firewall zone name FZ_01
HRP_M[FW1-zone-FZ_01] set priority 45 (+B)
HRP_M[FW1-zone-FZ_01] add interface Tunnel0 (+B)
HRP_M[FW1-zone-FZ_01]qui
HRP_M[FW1]security-policy (+B)
HRP_M[FW1-policy-security] rule name 6_to_4_tunnel (+B)
HRP_M[FW1-policy-security-rule-6_to_4_tunnel] source-zone local (+B)
HRP_M[FW1-policy-security-rule-6_to_4_tunnel] source-zone untrust (+B)
HRP_M[FW1-policy-security-rule-6_to_4_tunnel] destination-zone local (+B)
HRP_M[FW1-policy-security-rule-6_to_4_tunnel] destination-zone untrust (+B)
HRP_M[FW1-policy-security-rule-6_to_4_tunnel] source-address 183.73.54.182 mask 255.255.255.255 (+B)
HRP_M[FW1-policy-security-rule-6_to_4_tunnel] source-address 223.73.54.0 mask 255.255.255.255 (+B)
HRP_M[FW1-policy-security-rule-6_to_4_tunnel] destination-address 183.73.54.182 mask 255.255.255.255 (+B)
HRP_M[FW1-policy-security-rule-6_to_4_tunnel] destination-address 223.73.54.0 mask 255.255.255.255 (+B)
HRP_M[FW1-policy-security-rule-6_to_4_tunnel] action permit (+B)
HRP_M[FW1-policy-security-rule-6_to_4_tunnel] rule name 6_to_4_tunnel_ip (+B)
HRP_M[FW1-policy-security-rule-6_to_4_tunnel_ip] source-zone FZ_01 (+B)
HRP_M[FW1-policy-security-rule-6_to_4_tunnel_ip] source-zone local (+B)
HRP_M[FW1-policy-security-rule-6_to_4_tunnel_ip] destination-zone FZ_01 (+B)
HRP_M[FW1-policy-security-rule-6_to_4_tunnel_ip] destination-zone local (+B)
HRP_M[FW1-policy-security-rule-6_to_4_tunnel_ip] source-address FD00:100::1 128 (+B)
HRP_M[FW1-policy-security-rule-6_to_4_tunnel_ip] source-address FD00:100::2 128 (+B)
HRP_M[FW1-policy-security-rule-6_to_4_tunnel_ip] destination-address FD00:100::1 128 (+B)
HRP_M[FW1-policy-security-rule-6_to_4_tunnel_ip] destination-address FD00:100::2 128 (+B)
HRP_M[FW1-policy-security-rule-6_to_4_tunnel_ip] action permit (+B)
HRP_M[FW1-policy-security-rule-6_to_4_tunnel_ip] rule name 6_to_4_service_in (+B)
HRP_M[FW1-policy-security-rule-6_to_4_service_in] source-zone FZ_01 (+B)
HRP_M[FW1-policy-security-rule-6_to_4_service_in] destination-zone trust (+B)
HRP_M[FW1-policy-security-rule-6_to_4_service_in] source-address 2001:DB8:888:1:: 112 (+B)
HRP_M[FW1-policy-security-rule-6_to_4_service_in] destination-address 2409:8086:5A0A:10:1:12:: 112 (+B)
HRP_M[FW1-policy-security-rule-6_to_4_service_in] destination-address 2409:8086:5A0A:10:1:13:: 112 (+B)
HRP_M[FW1-policy-security-rule-6_to_4_service_in] action permit (+B)
HRP_M[FW1-policy-security-rule-6_to_4_service_in] rule name 6_to_4_service_out (+B)
HRP_M[FW1-policy-security-rule-6_to_4_service_out] source-zone trust (+B)
HRP_M[FW1-policy-security-rule-6_to_4_service_out] destination-zone FZ_01 (+B)
HRP_M[FW1-policy-security-rule-6_to_4_service_out] source-address 2409:8086:5A0A:10:1:12:: 112 (+B)
HRP_M[FW1-policy-security-rule-6_to_4_service_out] source-address 2409:8086:5A0A:10:1:13:: 112 (+B)
HRP_M[FW1-policy-security-rule-6_to_4_service_out] destination-address 2001:DB8:888:1:: 112 (+B)
HRP_M[FW1-policy-security-rule-6_to_4_service_out] action permit (+B)
HRP_M[FW1-policy-security-rule-6_to_4_service_out] rule name fz_01_to_untrust_out (+B)
HRP_M[FW1-policy-security-rule-fz_01_to_untrust_out] source-zone FZ_01 (+B)
HRP_M[FW1-policy-security-rule-fz_01_to_untrust_out] destination-zone untrust (+B)
HRP_M[FW1-policy-security-rule-fz_01_to_untrust_out] source-address 2001:DB8:888:1:: 112 (+B)
HRP_M[FW1-policy-security-rule-fz_01_to_untrust_out] action permit (+B)
HRP_M[FW1-policy-security-rule-fz_01_to_untrust_out]qui
HRP_M[FW1-policy-security]qui
HRP_M[FW1]
-------------------------------------
FW2:
HRP_S[FW2]interface Tunnel0 (+B)
HRP_S[FW2-Tunnel0] description 6TO4
HRP_S[FW2-Tunnel0] ipv6 enable (+B)
HRP_S[FW2-Tunnel0] ipv6 address FD00:100::1/64
HRP_S[FW2-Tunnel0] ipv6 address auto link-local (+B)
HRP_S[FW2-Tunnel0] tunnel-protocol ipv6-ipv4
HRP_S[FW2-Tunnel0] source LoopBack100
HRP_S[FW2-Tunnel0] destination 183.73.54.182
HRP_S[FW2-Tunnel0] undo service-manage enable (+B)
HRP_S[FW2-Tunnel0]qui
HRP_S[FW2]ipv6 route-static 2001:DB8:888:1:: 112 Tunnel0
HRP_S[FW2]firewall zone name FZ_01
HRP_S[FW2-zone-FZ_01] set priority 45 (+B)
HRP_S[FW2-zone-FZ_01] add interface Tunnel0 (+B)
HRP_S[FW2-zone-FZ_01]qui
HRP_S[FW2]security-policy (+B)
HRP_S[FW2-policy-security] rule name 6_to_4_tunnel (+B)
HRP_S[FW2-policy-security-rule-6_to_4_tunnel] source-zone local (+B)
HRP_S[FW2-policy-security-rule-6_to_4_tunnel] source-zone untrust (+B)
HRP_S[FW2-policy-security-rule-6_to_4_tunnel] destination-zone local (+B)
HRP_S[FW2-policy-security-rule-6_to_4_tunnel] destination-zone untrust (+B)
HRP_S[FW2-policy-security-rule-6_to_4_tunnel] source-address 183.73.54.182 mask 255.255.255.255 (+B)
HRP_S[FW2-policy-security-rule-6_to_4_tunnel] source-address 223.73.54.0 mask 255.255.255.255 (+B)
HRP_S[FW2-policy-security-rule-6_to_4_tunnel] destination-address 183.73.54.182 mask 255.255.255.255 (+B)
HRP_S[FW2-policy-security-rule-6_to_4_tunnel] destination-address 223.73.54.0 mask 255.255.255.255 (+B)
HRP_S[FW2-policy-security-rule-6_to_4_tunnel] action permit (+B)
HRP_S[FW2-policy-security-rule-6_to_4_tunnel] rule name 6_to_4_tunnel_ip (+B)
HRP_S[FW2-policy-security-rule-6_to_4_tunnel_ip] source-zone FZ_01 (+B)
HRP_S[FW2-policy-security-rule-6_to_4_tunnel_ip] source-zone local (+B)
HRP_S[FW2-policy-security-rule-6_to_4_tunnel_ip] destination-zone FZ_01 (+B)
HRP_S[FW2-policy-security-rule-6_to_4_tunnel_ip] destination-zone local (+B)
HRP_S[FW2-policy-security-rule-6_to_4_tunnel_ip] source-address FD00:100::1 128 (+B)
HRP_S[FW2-policy-security-rule-6_to_4_tunnel_ip] source-address FD00:100::2 128 (+B)
HRP_S[FW2-policy-security-rule-6_to_4_tunnel_ip] destination-address FD00:100::1 128 (+B)
HRP_S[FW2-policy-security-rule-6_to_4_tunnel_ip] destination-address FD00:100::2 128 (+B)
HRP_S[FW2-policy-security-rule-6_to_4_tunnel_ip] action permit (+B)
HRP_S[FW2-policy-security-rule-6_to_4_tunnel_ip] rule name 6_to_4_service_in (+B)
HRP_S[FW2-policy-security-rule-6_to_4_service_in] source-zone FZ_01 (+B)
HRP_S[FW2-policy-security-rule-6_to_4_service_in] destination-zone trust (+B)
HRP_S[FW2-policy-security-rule-6_to_4_service_in] source-address 2001:DB8:888:1:: 112 (+B)
HRP_S[FW2-policy-security-rule-6_to_4_service_in] destination-address 2409:8086:5A0A:10:1:12:: 112 (+B)
HRP_S[FW2-policy-security-rule-6_to_4_service_in] destination-address 2409:8086:5A0A:10:1:13:: 112 (+B)
HRP_S[FW2-policy-security-rule-6_to_4_service_in] action permit (+B)
HRP_S[FW2-policy-security-rule-6_to_4_service_in] rule name 6_to_4_service_out (+B)
HRP_S[FW2-policy-security-rule-6_to_4_service_out] source-zone trust (+B)
HRP_S[FW2-policy-security-rule-6_to_4_service_out] destination-zone FZ_01 (+B)
HRP_S[FW2-policy-security-rule-6_to_4_service_out] source-address 2409:8086:5A0A:10:1:12:: 112 (+B)
HRP_S[FW2-policy-security-rule-6_to_4_service_out] source-address 2409:8086:5A0A:10:1:13:: 112 (+B)
HRP_S[FW2-policy-security-rule-6_to_4_service_out] destination-address 2001:DB8:888:1:: 112 (+B)
HRP_S[FW2-policy-security-rule-6_to_4_service_out] action permit (+B)
HRP_S[FW2-policy-security-rule-6_to_4_service_out] rule name fz_01_to_untrust_out (+B)
HRP_S[FW2-policy-security-rule-fz_01_to_untrust_out] source-zone FZ_01 (+B)
HRP_S[FW2-policy-security-rule-fz_01_to_untrust_out] destination-zone untrust (+B)
HRP_S[FW2-policy-security-rule-fz_01_to_untrust_out] source-address 2001:DB8:888:1:: 112 (+B)
HRP_S[FW2-policy-security-rule-fz_01_to_untrust_out] action permit (+B)
HRP_S[FW2-policy-security-rule-fz_01_to_untrust_out]qui
HRP_S[FW2-policy-security]qui
HRP_S[FW2]
18、分支路由发布
FW1:
HRP_M[FW1]ip ipv6-prefix tic_static_to_ospfv3_100 index 20 permit 2001:DB8:888:1:: 112
HRP_M[FW1]
-------------------------------------
FW2:
HRP_S[FW2]ip ipv6-prefix tic_static_to_ospfv3_100 index 20 permit 2001:DB8:888:1:: 112
HRP_S[FW2]
-------------------------------------
RT_01:
[RT_01]bgp 65001
[RT_01-bgp] ipv6-family unicast
[RT_01-bgp-af-ipv6] network 2001:DB8:888:1:: 112
[RT_01-bgp-af-ipv6] qui
[RT_01-bgp]
-------------------------------------
RT_02:
[RT_02]bgp 65001
[RT_02-bgp] ipv6-family unicast
[RT_02-bgp-af-ipv6] network 2001:DB8:888:1:: 112
[RT_02-bgp-af-ipv6] qui
[RT_02-bgp]
19、4to6隧道
FW1:
HRP_M[FW1]interface Tunnel1 (+B)
HRP_M[FW1-Tunnel1] description 4TO6
HRP_M[FW1-Tunnel1] ip address 10.10.10.1 255.255.255.252
HRP_M[FW1-Tunnel1] tunnel-protocol ipv4-ipv6
HRP_M[FW1-Tunnel1] source 2409:8A55:936:1AE0:B04D:C0DD:94F7:0
HRP_M[FW1-Tunnel1] destination 2409:8A55:934:A7E0:5513:489C:8F5:1
HRP_M[FW1-Tunnel1] undo service-manage enable (+B)
HRP_M[FW1-Tunnel1]qui
HRP_M[FW1]ip route-static 172.16.89.0 255.255.255.0 Tunnel1
HRP_M[FW1]firewall zone name FZ_02
HRP_M[FW1-zone-FZ_02] set priority 46 (+B)
HRP_M[FW1-zone-FZ_02] add interface Tunnel1 (+B)
HRP_M[FW1-zone-FZ_02]qui
HRP_M[FW1]security-policy (+B)
HRP_M[FW1-policy-security] rule name 4_to_6_tunnel (+B)
HRP_M[FW1-policy-security-rule-4_to_6_tunnel] source-zone local (+B)
HRP_M[FW1-policy-security-rule-4_to_6_tunnel] source-zone untrust (+B)
HRP_M[FW1-policy-security-rule-4_to_6_tunnel] destination-zone local (+B)
HRP_M[FW1-policy-security-rule-4_to_6_tunnel] destination-zone untrust (+B)
HRP_M[FW1-policy-security-rule-4_to_6_tunnel] source-address 2409:8A55:934:A7E0:5513:489C:8F5:1 128 (+B)
HRP_M[FW1-policy-security-rule-4_to_6_tunnel] source-address 2409:8A55:936:1AE0:B04D:C0DD:94F7:0 128 (+B)
HRP_M[FW1-policy-security-rule-4_to_6_tunnel] destination-address 2409:8A55:934:A7E0:5513:489C:8F5:1 128 (+B)
HRP_M[FW1-policy-security-rule-4_to_6_tunnel] destination-address 2409:8A55:936:1AE0:B04D:C0DD:94F7:0 128 (+B)
HRP_M[FW1-policy-security-rule-4_to_6_tunnel] action permit (+B)
HRP_M[FW1-policy-security-rule-4_to_6_tunnel] rule name 4_to_6_tunnel_ip (+B)
HRP_M[FW1-policy-security-rule-4_to_6_tunnel_ip] source-zone FZ_02 (+B)
HRP_M[FW1-policy-security-rule-4_to_6_tunnel_ip] source-zone local (+B)
HRP_M[FW1-policy-security-rule-4_to_6_tunnel_ip] destination-zone FZ_02 (+B)
HRP_M[FW1-policy-security-rule-4_to_6_tunnel_ip] destination-zone local (+B)
HRP_M[FW1-policy-security-rule-4_to_6_tunnel_ip] source-address 10.10.10.1 mask 255.255.255.255 (+B)
HRP_M[FW1-policy-security-rule-4_to_6_tunnel_ip] source-address 10.10.10.2 mask 255.255.255.255 (+B)
HRP_M[FW1-policy-security-rule-4_to_6_tunnel_ip] destination-address 10.10.10.1 mask 255.255.255.255 (+B)
HRP_M[FW1-policy-security-rule-4_to_6_tunnel_ip] destination-address 10.10.10.2 mask 255.255.255.255 (+B)
HRP_M[FW1-policy-security-rule-4_to_6_tunnel_ip] action permit (+B)
HRP_M[FW1-policy-security-rule-4_to_6_tunnel_ip] rule name 4_to_6_service_in (+B)
HRP_M[FW1-policy-security-rule-4_to_6_service_in] source-zone FZ_02 (+B)
HRP_M[FW1-policy-security-rule-4_to_6_service_in] destination-zone trust (+B)
HRP_M[FW1-policy-security-rule-4_to_6_service_in] source-address 172.16.89.0 mask 255.255.255.0 (+B)
HRP_M[FW1-policy-security-rule-4_to_6_service_in] destination-address 10.1.11.0 mask 255.255.255.0 (+B)
HRP_M[FW1-policy-security-rule-4_to_6_service_in] destination-address 10.1.13.0 mask 255.255.255.0 (+B)
HRP_M[FW1-policy-security-rule-4_to_6_service_in] action permit (+B)
HRP_M[FW1-policy-security-rule-4_to_6_service_in] rule name 4_to_6_service_out (+B)
HRP_M[FW1-policy-security-rule-4_to_6_service_out] source-zone trust (+B)
HRP_M[FW1-policy-security-rule-4_to_6_service_out] destination-zone FZ_02 (+B)
HRP_M[FW1-policy-security-rule-4_to_6_service_out] source-address 10.1.11.0 mask 255.255.255.0 (+B)
HRP_M[FW1-policy-security-rule-4_to_6_service_out] source-address 10.1.13.0 mask 255.255.255.0 (+B)
HRP_M[FW1-policy-security-rule-4_to_6_service_out] destination-address 172.16.89.0 mask 255.255.255.0 (+B)
HRP_M[FW1-policy-security-rule-4_to_6_service_out] action permit (+B)
HRP_M[FW1-policy-security-rule-4_to_6_service_out] qui
HRP_M[FW1-policy-security]qui
HRP_M[FW1]
--------------------------------------
FW2:
HRP_S[FW2]interface Tunnel1 (+B)
HRP_S[FW2-Tunnel1] description 4TO6
HRP_S[FW2-Tunnel1] ip address 10.10.10.1 255.255.255.252
HRP_S[FW2-Tunnel1] tunnel-protocol ipv4-ipv6
HRP_S[FW2-Tunnel1] source 2409:8A55:936:1AE0:B04D:C0DD:94F7:0
HRP_S[FW2-Tunnel1] destination 2409:8A55:934:A7E0:5513:489C:8F5:1
HRP_S[FW2-Tunnel1] undo service-manage enable (+B)
HRP_S[FW2-Tunnel1]qui
HRP_S[FW2]ip route-static 172.16.89.0 255.255.255.0 Tunnel1
HRP_S[FW2]firewall zone name FZ_02
HRP_S[FW2-zone-FZ_02] set priority 46 (+B)
HRP_S[FW2-zone-FZ_02] add interface Tunnel1 (+B)
HRP_S[FW2-zone-FZ_02]qui
HRP_S[FW2]security-policy (+B)
HRP_S[FW2-policy-security] rule name 4_to_6_tunnel (+B)
HRP_S[FW2-policy-security-rule-4_to_6_tunnel] source-zone local (+B)
HRP_S[FW2-policy-security-rule-4_to_6_tunnel] source-zone untrust (+B)
HRP_S[FW2-policy-security-rule-4_to_6_tunnel] destination-zone local (+B)
HRP_S[FW2-policy-security-rule-4_to_6_tunnel] destination-zone untrust (+B)
HRP_S[FW2-policy-security-rule-4_to_6_tunnel] source-address 2409:8A55:934:A7E0:5513:489C:8F5:1 128 (+B)
HRP_S[FW2-policy-security-rule-4_to_6_tunnel] source-address 2409:8A55:936:1AE0:B04D:C0DD:94F7:0 128 (+B)
HRP_S[FW2-policy-security-rule-4_to_6_tunnel] destination-address 2409:8A55:934:A7E0:5513:489C:8F5:1 128 (+B)
HRP_S[FW2-policy-security-rule-4_to_6_tunnel] destination-address 2409:8A55:936:1AE0:B04D:C0DD:94F7:0 128 (+B)
HRP_S[FW2-policy-security-rule-4_to_6_tunnel] action permit (+B)
HRP_S[FW2-policy-security-rule-4_to_6_tunnel] rule name 4_to_6_tunnel_ip (+B)
HRP_S[FW2-policy-security-rule-4_to_6_tunnel_ip] source-zone FZ_02 (+B)
HRP_S[FW2-policy-security-rule-4_to_6_tunnel_ip] source-zone local (+B)
HRP_S[FW2-policy-security-rule-4_to_6_tunnel_ip] destination-zone FZ_02 (+B)
HRP_S[FW2-policy-security-rule-4_to_6_tunnel_ip] destination-zone local (+B)
HRP_S[FW2-policy-security-rule-4_to_6_tunnel_ip] source-address 10.10.10.1 mask 255.255.255.255 (+B)
HRP_S[FW2-policy-security-rule-4_to_6_tunnel_ip] source-address 10.10.10.2 mask 255.255.255.255 (+B)
HRP_S[FW2-policy-security-rule-4_to_6_tunnel_ip] destination-address 10.10.10.1 mask 255.255.255.255 (+B)
HRP_S[FW2-policy-security-rule-4_to_6_tunnel_ip] destination-address 10.10.10.2 mask 255.255.255.255 (+B)
HRP_S[FW2-policy-security-rule-4_to_6_tunnel_ip] action permit (+B)
HRP_S[FW2-policy-security-rule-4_to_6_tunnel_ip] rule name 4_to_6_service_in (+B)
HRP_S[FW2-policy-security-rule-4_to_6_service_in] source-zone FZ_02 (+B)
HRP_S[FW2-policy-security-rule-4_to_6_service_in] destination-zone trust (+B)
HRP_S[FW2-policy-security-rule-4_to_6_service_in] source-address 172.16.89.0 ma
sk 255.255.255.0 (+B)
HRP_S[FW2-policy-security-rule-4_to_6_service_in] destination-address 10.1.11.0
mask 255.255.255.0 (+B)
HRP_S[FW2-policy-security-rule-4_to_6_service_in] destination-address 10.1.13.0
mask 255.255.255.0 (+B)
HRP_S[FW2-policy-security-rule-4_to_6_service_in] action permit (+B)
HRP_S[FW2-policy-security-rule-4_to_6_service_in] rule name 4_to_6_service_out (+B)
HRP_S[FW2-policy-security-rule-4_to_6_service_out] source-zone trust (+B)
HRP_S[FW2-policy-security-rule-4_to_6_service_out] destination-zone FZ_02 (+B)
HRP_S[FW2-policy-security-rule-4_to_6_service_out] source-address 10.1.11.0 mask 255.255.255.0 (+B)
HRP_S[FW2-policy-security-rule-4_to_6_service_out] source-address 10.1.13.0 mask 255.255.255.0 (+B)
HRP_S[FW2-policy-security-rule-4_to_6_service_out] destination-address 172.16.89.0 mask 255.255.255.0 (+B)
HRP_S[FW2-policy-security-rule-4_to_6_service_out] action permit (+B)
HRP_S[FW2-policy-security-rule-4_to_6_service_out] qui
HRP_S[FW2-policy-security]qui
HRP_S[FW2]
20、NAT44
FW1:
HRP_M[FW1]nat address-group snat44 0
HRP_M[FW1-address-group-snat44] mode pat (+B)
HRP_M[FW1-address-group-snat44] section 0 223.73.54.128 223.73.54.140
HRP_M[FW1-address-group-snat44]qui
HRP_M[FW1]nat-policy (+B)
HRP_M[FW1-policy-nat] rule name snat44 (+B)
HRP_M[FW1-policy-nat-rule-snat44] source-zone FZ_02 (+B)
HRP_M[FW1-policy-nat-rule-snat44] source-zone trust (+B)
HRP_M[FW1-policy-nat-rule-snat44] destination-zone untrust (+B)
HRP_M[FW1-policy-nat-rule-snat44] source-address 10.1.11.0 mask 255.255.255.0 (+B)
HRP_M[FW1-policy-nat-rule-snat44] source-address 10.1.13.0 mask 255.255.255.0 (+B)
HRP_M[FW1-policy-nat-rule-snat44] source-address 172.16.89.0 mask 255.255.255.0 (+B)
HRP_M[FW1-policy-nat-rule-snat44] action source-nat address-group snat44 (+B)
HRP_M[FW1-policy-nat-rule-snat44]qui
HRP_M[FW1-policy-nat]qui
HRP_M[FW1]security-policy (+B)
HRP_M[FW1-policy-security] rule name fz_02_to_untrust_out (+B)
HRP_M[FW1-policy-security-rule-fz_02_to_untrust_out] source-zone FZ_02 (+B)
HRP_M[FW1-policy-security-rule-fz_02_to_untrust_out] destination-zone untrust (+B)
HRP_M[FW1-policy-security-rule-fz_02_to_untrust_out] source-address 172.16.89.0 mask 255.255.255.0 (+B)
HRP_M[FW1-policy-security-rule-fz_02_to_untrust_out] action permit (+B)
HRP_M[FW1-policy-security-rule-fz_02_to_untrust_out] rule name trust_to_untrust_out (+B)
HRP_M[FW1-policy-security-rule-trust_to_untrust_out] source-zone trust (+B)
HRP_M[FW1-policy-security-rule-trust_to_untrust_out] destination-zone untrust (+B)
HRP_M[FW1-policy-security-rule-trust_to_untrust_out] source-address 10.1.11.0 mask 255.255.255.0 (+B)
HRP_M[FW1-policy-security-rule-trust_to_untrust_out] source-address 10.1.13.0 mask 255.255.255.0 (+B)
HRP_M[FW1-policy-security-rule-trust_to_untrust_out] source-address 2409:8086:5A0A:10:1:12:: 112 (+B)
HRP_M[FW1-policy-security-rule-trust_to_untrust_out] source-address 2409:8086:5A0A:10:1:13:: 112 (+B)
HRP_M[FW1-policy-security-rule-trust_to_untrust_out] action permit (+B)
HRP_M[FW1-policy-security-rule-trust_to_untrust_out]qui
HRP_M[FW1-policy-security]qui
HRP_M[FW1]
--------------------------------------
FW2:
HRP_S[FW2]nat address-group snat44 0
HRP_S[FW2-address-group-snat44] mode pat (+B)
HRP_S[FW2-address-group-snat44] section 0 223.73.54.128 223.73.54.140
HRP_S[FW2-address-group-snat44]qui
HRP_S[FW2]nat-policy (+B)
HRP_S[FW2-policy-nat] rule name snat44 (+B)
HRP_S[FW2-policy-nat-rule-snat44] source-zone FZ_02 (+B)
HRP_S[FW2-policy-nat-rule-snat44] source-zone trust (+B)
HRP_S[FW2-policy-nat-rule-snat44] destination-zone untrust (+B)
HRP_S[FW2-policy-nat-rule-snat44] source-address 10.1.11.0 mask 255.255.255.0 (+B)
HRP_S[FW2-policy-nat-rule-snat44] source-address 10.1.13.0 mask 255.255.255.0 (+B)
HRP_S[FW2-policy-nat-rule-snat44] source-address 172.16.89.0 mask 255.255.255.0 (+B)
HRP_S[FW2-policy-nat-rule-snat44] action source-nat address-group snat44 (+B)
HRP_S[FW2-policy-nat-rule-snat44]qui
HRP_S[FW2-policy-nat]qui
HRP_S[FW2]security-policy (+B)
HRP_S[FW2-policy-security] rule name fz_02_to_untrust_out (+B)
HRP_S[FW2-policy-security-rule-fz_02_to_untrust_out] source-zone FZ_02 (+B)
HRP_S[FW2-policy-security-rule-fz_02_to_untrust_out] destination-zone untrust (+B)
HRP_S[FW2-policy-security-rule-fz_02_to_untrust_out] source-address 172.16.89.0 mask 255.255.255.0 (+B)
HRP_S[FW2-policy-security-rule-fz_02_to_untrust_out] action permit (+B)
HRP_S[FW2-policy-security-rule-fz_02_to_untrust_out] rule name trust_to_untrust_out (+B)
HRP_S[FW2-policy-security-rule-trust_to_untrust_out] source-zone trust (+B)
HRP_S[FW2-policy-security-rule-trust_to_untrust_out] destination-zone untrust (+B)
HRP_S[FW2-policy-security-rule-trust_to_untrust_out] source-address 10.1.11.0 mask 255.255.255.0 (+B)
HRP_S[FW2-policy-security-rule-trust_to_untrust_out] source-address 10.1.13.0 mask 255.255.255.0 (+B)
HRP_S[FW2-policy-security-rule-trust_to_untrust_out] source-address 2409:8086:5A0A:10:1:12:: 112 (+B)
HRP_S[FW2-policy-security-rule-trust_to_untrust_out] source-address 2409:8086:5A0A:10:1:13:: 112 (+B)
HRP_S[FW2-policy-security-rule-trust_to_untrust_out] action permit (+B)
HRP_S[FW2-policy-security-rule-trust_to_untrust_out]qui
HRP_S[FW2-policy-security]qui
HRP_S[FW2]
21、NAT server
FW1:
HRP_M[FW1]nat server 0 global 223.73.54.100 inside 10.1.11.254 no-reverse
HRP_M[FW1]security-policy (+B)
HRP_M[FW1-policy-security] rule name Untrust_to_Trust_dnat (+B)
HRP_M[FW1-policy-security-rule-Untrust_to_Trust_dnat] source-zone untrust (+B)
HRP_M[FW1-policy-security-rule-Untrust_to_Trust_dnat] destination-zone trust (+B)
HRP_M[FW1-policy-security-rule-Untrust_to_Trust_dnat] destination-address 10.1.11.254 mask 255.255.255.255 (+B)
HRP_M[FW1-policy-security-rule-Untrust_to_Trust_dnat] action permit (+B)
HRP_M[FW1-policy-security-rule-Untrust_to_Trust_dnat]qui
HRP_M[FW1-policy-security]qui
HRP_M[FW1]
--------------------------------------
FW2:
HRP_S[FW2]nat server 0 global 223.73.54.100 inside 10.1.11.254 no-reverse
HRP_S[FW2]security-policy (+B)
HRP_S[FW2-policy-security] rule name Untrust_to_Trust_dnat (+B)
HRP_S[FW2-policy-security-rule-Untrust_to_Trust_dnat] source-zone untrust (+B)
HRP_S[FW2-policy-security-rule-Untrust_to_Trust_dnat] destination-zone trust (+B)
HRP_S[FW2-policy-security-rule-Untrust_to_Trust_dnat] destination-address 10.1.11.254 mask 255.255.255.255 (+B)
HRP_S[FW2-policy-security-rule-Untrust_to_Trust_dnat] action permit (+B)
HRP_S[FW2-policy-security-rule-Untrust_to_Trust_dnat]qui
HRP_S[FW2-policy-security]qui
HRP_S[FW2]
22、流量路径
Site a访问DMZ
PC>Spine_01_or_Spine_02>FW1_or_FW2>DMZ_SW_or_DMZ_02
Site a访问Site b v6
PC>Spine_01_or_Spine_02>FW1_or_FW2>FZ1>FZ_01_SW>PC
Site a访问Site c v4
PC>Spine_01_or_Spine_02>FW1_or_FW2>FZ2>FZ_02_SW>PC
Site DMZ
1、vlan划分
DMZ_SW_01:
<Huawei>sys
[Huawei]un in en
[Huawei]sys DMZ_SW_01
[DMZ_SW_01]vlan batch 111 to 112 114 116 to 117
[DMZ_SW_01]int g0/0/1
[DMZ_SW_01-GigabitEthernet0/0/1] port link-type access
[DMZ_SW_01-GigabitEthernet0/0/1] port default vlan 116
[DMZ_SW_01-GigabitEthernet0/0/1]int g0/0/2
[DMZ_SW_01-GigabitEthernet0/0/2] port link-type access
[DMZ_SW_01-GigabitEthernet0/0/2] port default vlan 117
[DMZ_SW_01-GigabitEthernet0/0/2]int g0/0/3
[DMZ_SW_01-GigabitEthernet0/0/3] port link-type access
[DMZ_SW_01-GigabitEthernet0/0/3] port default vlan 111
[DMZ_SW_01-GigabitEthernet0/0/3]int g0/0/4
[DMZ_SW_01-GigabitEthernet0/0/4] port link-type access
[DMZ_SW_01-GigabitEthernet0/0/4] port default vlan 112
[DMZ_SW_01-GigabitEthernet0/0/4]int g0/0/5
[DMZ_SW_01-GigabitEthernet0/0/5] port link-type access
[DMZ_SW_01-GigabitEthernet0/0/5] port default vlan 114
[DMZ_SW_01-GigabitEthernet0/0/5]qui
[DMZ_SW_01]
--------------------------------------
DMZ_SW_02:
<Huawei>sys
[Huawei]un in en
[Huawei]sys DMZ_SW_02
[DMZ_SW_02]vlan batch 111 113 115 118 to 119
[DMZ_SW_02]int g0/0/1
[DMZ_SW_02-GigabitEthernet0/0/1] port link-type access
[DMZ_SW_02-GigabitEthernet0/0/1] port default vlan 118
[DMZ_SW_02-GigabitEthernet0/0/1]int g0/0/2
[DMZ_SW_02-GigabitEthernet0/0/2] port link-type access
[DMZ_SW_02-GigabitEthernet0/0/2] port default vlan 119
[DMZ_SW_02-GigabitEthernet0/0/2]int g0/0/3
[DMZ_SW_02-GigabitEthernet0/0/3] port link-type access
[DMZ_SW_02-GigabitEthernet0/0/3] port default vlan 111
[DMZ_SW_02-GigabitEthernet0/0/3]int g0/0/4
[DMZ_SW_02-GigabitEthernet0/0/4] port link-type access
[DMZ_SW_02-GigabitEthernet0/0/4] port default vlan 113
[DMZ_SW_02-GigabitEthernet0/0/4]int g0/0/5
[DMZ_SW_02-GigabitEthernet0/0/5] port link-type access
[DMZ_SW_02-GigabitEthernet0/0/5] port default vlan 115
[DMZ_SW_02-GigabitEthernet0/0/5]qui
[DMZ_SW_02]
2、OSPF&OSPFv3
DMZ_SW_01:
[DMZ_SW_01]ipv6
[DMZ_SW_01]int vlan 112
[DMZ_SW_01-Vlanif112] ipv6 enable
[DMZ_SW_01-Vlanif112] ip address 192.168.112.1 255.255.255.252
[DMZ_SW_01-Vlanif112] ipv6 address 2409:8086:5A0A:192:168:112::/127
[DMZ_SW_01-Vlanif112] ipv6 address auto link-local
[DMZ_SW_01-Vlanif112]int vlan 114
[DMZ_SW_01-Vlanif114] ipv6 enable
[DMZ_SW_01-Vlanif114] ip address 192.168.114.1 255.255.255.252
[DMZ_SW_01-Vlanif114] ipv6 address auto link-local
[DMZ_SW_01-Vlanif114]qui
[DMZ_SW_01]bfd
[DMZ_SW_01-bfd]qui
[DMZ_SW_01]ospf 10 router-id 172.16.0.98
[DMZ_SW_01-ospf-10] bfd all-interfaces enable
[DMZ_SW_01-ospf-10] bfd all-interfaces min-tx-interval 300 min-rx-interval 300 detect 4
[DMZ_SW_01-ospf-10] spf-schedule-interval intelligent-timer 1000 50 50
[DMZ_SW_01-ospf-10] lsa-originate-interval intelligent-timer 1000 50 50
[DMZ_SW_01-ospf-10] lsa-arrival-interval intelligent-timer 1000 50 50
[DMZ_SW_01-ospf-10] stub-router on-startup 600
[DMZ_SW_01-ospf-10] area 0.0.0.0
[DMZ_SW_01-ospf-10-area-0.0.0.0]qui
[DMZ_SW_01-ospf-10]qui
[DMZ_SW_01]ospfv3 10
[DMZ_SW_01-ospfv3-10] router-id 172.16.0.98
[DMZ_SW_01-ospfv3-10] spf-schedule-interval 50 50
[DMZ_SW_01-ospfv3-10] stub-router on-startup 600
[DMZ_SW_01-ospfv3-10]qui
[DMZ_SW_01]int vlan 111
[DMZ_SW_01-Vlanif111] ipv6 enable
[DMZ_SW_01-Vlanif111] ip address 192.168.111.1 255.255.255.252
[DMZ_SW_01-Vlanif111] ipv6 address auto link-local
[DMZ_SW_01-Vlanif111] ospfv3 10 area 0.0.0.0
[DMZ_SW_01-Vlanif111] ospfv3 network-type p2p
[DMZ_SW_01-Vlanif111] ospf network-type p2p
[DMZ_SW_01-Vlanif111] ospf enable 10 area 0.0.0.0
[DMZ_SW_01-Vlanif111]int vlan 116
[DMZ_SW_01-Vlanif116] ipv6 enable
[DMZ_SW_01-Vlanif116] ip address 192.168.116.1 255.255.255.252
[DMZ_SW_01-Vlanif116] ipv6 address auto link-local
[DMZ_SW_01-Vlanif116] ospfv3 10 area 0.0.0.0
[DMZ_SW_01-Vlanif116] ospfv3 network-type p2p
[DMZ_SW_01-Vlanif116] ospf network-type p2p
[DMZ_SW_01-Vlanif116] ospf enable 10 area 0.0.0.0
[DMZ_SW_01-Vlanif116]int vlan 117
[DMZ_SW_01-Vlanif117] ipv6 enable
[DMZ_SW_01-Vlanif117] ip address 192.168.117.1 255.255.255.252
[DMZ_SW_01-Vlanif117] ipv6 address auto link-local
[DMZ_SW_01-Vlanif117] ospfv3 10 area 0.0.0.0
[DMZ_SW_01-Vlanif117] ospfv3 network-type p2p
[DMZ_SW_01-Vlanif117] ospf network-type p2p
[DMZ_SW_01-Vlanif117] ospf enable 10 area 0.0.0.0
[DMZ_SW_01-Vlanif117]qui
[DMZ_SW_01]ip route-static 172.16.0.96 255.255.255.255 192.168.112.2
[DMZ_SW_01]ip route-static 172.16.0.97 255.255.255.255 192.168.114.2
[DMZ_SW_01]
--------------------------------------
DMZ_SW_02:
[DMZ_SW_02]ipv6
[DMZ_SW_02]int vlan 113
[DMZ_SW_02-Vlanif113] ipv6 enable
[DMZ_SW_02-Vlanif113] ip address 192.168.113.1 255.255.255.252
[DMZ_SW_02-Vlanif113] ipv6 address 2409:8086:5A0A:192:168:113::/127
[DMZ_SW_02-Vlanif113] ipv6 address auto link-local
[DMZ_SW_02-Vlanif113]int vlan 115
[DMZ_SW_02-Vlanif115] ipv6 enable
[DMZ_SW_02-Vlanif115] ip address 192.168.115.1 255.255.255.252
[DMZ_SW_02-Vlanif115] ipv6 address auto link-local
[DMZ_SW_02-Vlanif115]qui
[DMZ_SW_02]bfd
[DMZ_SW_02-bfd]qui
[DMZ_SW_02]ospf 10 router-id 172.16.0.99
[DMZ_SW_02-ospf-10] bfd all-interfaces enable
[DMZ_SW_02-ospf-10] bfd all-interfaces min-tx-interval 300 min-rx-interval 300 detect 4
[DMZ_SW_02-ospf-10] spf-schedule-interval intelligent-timer 1000 50 50
[DMZ_SW_02-ospf-10] lsa-originate-interval intelligent-timer 1000 50 50
[DMZ_SW_02-ospf-10] lsa-arrival-interval intelligent-timer 1000 50 50
[DMZ_SW_02-ospf-10] stub-router on-startup 600
[DMZ_SW_02-ospf-10] area 0.0.0.0
[DMZ_SW_02-ospf-10-area-0.0.0.0]qui
[DMZ_SW_02-ospf-10]qui
[DMZ_SW_02]ospfv3 10
[DMZ_SW_02-ospfv3-10] router-id 172.16.0.99
[DMZ_SW_02-ospfv3-10] spf-schedule-interval 50 50
[DMZ_SW_02-ospfv3-10] stub-router on-startup 600
[DMZ_SW_02-ospfv3-10]qui
[DMZ_SW_02]int vlan 111
[DMZ_SW_02-Vlanif111] ipv6 enable
[DMZ_SW_02-Vlanif111] ip address 192.168.111.2 255.255.255.252
[DMZ_SW_02-Vlanif111] ipv6 address auto link-local
[DMZ_SW_02-Vlanif111] ospfv3 10 area 0.0.0.0
[DMZ_SW_02-Vlanif111] ospfv3 network-type p2p
[DMZ_SW_02-Vlanif111] ospf network-type p2p
[DMZ_SW_02-Vlanif111] ospf enable 10 area 0.0.0.0
[DMZ_SW_02-Vlanif111]int vlan 118
[DMZ_SW_02-Vlanif118] ipv6 enable
[DMZ_SW_02-Vlanif118] ip address 192.168.118.1 255.255.255.252
[DMZ_SW_02-Vlanif118] ipv6 address auto link-local
[DMZ_SW_02-Vlanif118] ospfv3 10 area 0.0.0.0
[DMZ_SW_02-Vlanif118] ospfv3 network-type p2p
[DMZ_SW_02-Vlanif118] ospf network-type p2p
[DMZ_SW_02-Vlanif118] ospf enable 10 area 0.0.0.0
[DMZ_SW_02-Vlanif118]int vlan 119
[DMZ_SW_02-Vlanif119] ipv6 enable
[DMZ_SW_02-Vlanif119] ip address 192.168.119.1 255.255.255.252
[DMZ_SW_02-Vlanif119] ipv6 address auto link-local
[DMZ_SW_02-Vlanif119] ospfv3 10 area 0.0.0.0
[DMZ_SW_02-Vlanif119] ospfv3 network-type p2p
[DMZ_SW_02-Vlanif119] ospf network-type p2p
[DMZ_SW_02-Vlanif119] ospf enable 10 area 0.0.0.0
[DMZ_SW_02-Vlanif119]qui
[DMZ_SW_02]ip route-static 172.16.0.96 255.255.255.255 192.168.113.2
[DMZ_SW_02]ip route-static 172.16.0.97 255.255.255.255 192.168.115.2
[DMZ_SW_02]
3、路由策略
DMZ_SW_01:
[DMZ_SW_01]ip ip-prefix tic_static_to_ospfv2_10 index 10 permit 172.16.0.96 32
[DMZ_SW_01]ip ip-prefix tic_static_to_ospfv2_10 index 20 permit 172.16.0.97 32
[DMZ_SW_01]ip ip-prefix tic_direct_to_ospfv2_10 index 10 permit 192.168.112.0 30
[DMZ_SW_01]ip ipv6-prefix tic_dir_to_ospf10 index 10 permit 2409:8086:5A0A:192:168:112:: 127
[DMZ_SW_01]route-policy tic_static_to_ospfv2_10 permit node 10
[DMZ_SW_01-route-policy] if-match ip-prefix tic_static_to_ospfv2_10
[DMZ_SW_01-route-policy]qui
[DMZ_SW_01]route-policy tic_static_to_ospfv2_10 deny node 999
[DMZ_SW_01-route-policy]qui
[DMZ_SW_01]route-policy tic_direct_to_ospfv3_10 permit node 10
[DMZ_SW_01-route-policy] if-match ipv6 address prefix-list tic_dir_to_ospf10
[DMZ_SW_01-route-policy]qui
[DMZ_SW_01]route-policy tic_direct_to_ospfv3_10 deny node 999
[DMZ_SW_01-route-policy]qui
[DMZ_SW_01]route-policy tic_direct_to_ospfv2_10 permit node 10
[DMZ_SW_01-route-policy] if-match ip-prefix tic_direct_to_ospfv2_10
[DMZ_SW_01-route-policy]qui
[DMZ_SW_01]route-policy tic_direct_to_ospfv2_10 deny node 999
[DMZ_SW_01-route-policy]qui
[DMZ_SW_01]ospf 10
[DMZ_SW_01-ospf-10] import-route direct route-policy tic_direct_to_ospfv2_10
[DMZ_SW_01-ospf-10] import-route static route-policy tic_static_to_ospfv2_10
[DMZ_SW_01-ospf-10]qui
[DMZ_SW_01]ospfv3 10
[DMZ_SW_01-ospfv3-10] import-route direct route-policy tic_direct_to_ospfv3_10
[DMZ_SW_01-ospfv3-10]qui
[DMZ_SW_01]
--------------------------------------
DMZ_SW_02:
[DMZ_SW_02]ip ip-prefix tic_static_to_ospfv2_10 index 10 permit 172.16.0.96 32
[DMZ_SW_02]ip ip-prefix tic_static_to_ospfv2_10 index 20 permit 172.16.0.97 32
[DMZ_SW_02]ip ip-prefix tic_direct_to_ospfv2_10 index 10 permit 192.168.113.0 30
[DMZ_SW_02]ip ipv6-prefix tic_dir_to_ospf10 index 10 permit 2409:8086:5A0A:192:168:113:: 127
[DMZ_SW_02]route-policy tic_static_to_ospfv2_10 permit node 10
[DMZ_SW_02-route-policy] if-match ip-prefix tic_static_to_ospfv2_10
[DMZ_SW_02-route-policy]qui
[DMZ_SW_02]route-policy tic_static_to_ospfv2_10 deny node 999
[DMZ_SW_02-route-policy]qui
[DMZ_SW_02]route-policy tic_direct_to_ospfv3_10 permit node 10
[DMZ_SW_02-route-policy] if-match ipv6 address prefix-list tic_dir_to_ospf10
[DMZ_SW_02-route-policy]qui
[DMZ_SW_02]route-policy tic_direct_to_ospfv3_10 deny node 999
[DMZ_SW_02-route-policy]qui
[DMZ_SW_02]route-policy tic_direct_to_ospfv2_10 permit node 10
[DMZ_SW_02-route-policy] if-match ip-prefix tic_direct_to_ospfv2_10
[DMZ_SW_02-route-policy]qui
[DMZ_SW_02]route-policy tic_direct_to_ospfv2_10 deny node 999
[DMZ_SW_02-route-policy]qui
[DMZ_SW_02]ospf 10
[DMZ_SW_02-ospf-10] import-route direct route-policy tic_direct_to_ospfv2_10
[DMZ_SW_02-ospf-10] import-route static route-policy tic_static_to_ospfv2_10
[DMZ_SW_02-ospf-10]qui
[DMZ_SW_02]ospfv3 10
[DMZ_SW_02-ospfv3-10] import-route direct route-policy tic_direct_to_ospfv3_10
[DMZ_SW_02-ospfv3-10]qui
[DMZ_SW_02]
4、DHCP服务
DHCP_SRV:
<Huawei>sys
[Huawei]un in en
[Huawei]sys DHCP_SRV
[DHCP_SRV]ipv6
[DHCP_SRV]dhcp enable
[DHCP_SRV]ip pool vlan1001_pool
[DHCP_SRV-ip-pool-vlan1001_pool] gateway-list 10.1.11.1
[DHCP_SRV-ip-pool-vlan1001_pool] network 10.1.11.0 mask 255.255.255.0
[DHCP_SRV-ip-pool-vlan1001_pool] excluded-ip-address 10.1.11.2 10.1.11.3
[DHCP_SRV-ip-pool-vlan1001_pool] lease day 2 hour 0 minute 0
[DHCP_SRV-ip-pool-vlan1001_pool] dns-list 119.29.29.29
[DHCP_SRV-ip-pool-vlan1001_pool]qui
[DHCP_SRV]ip pool vlan1003_pool
[DHCP_SRV-ip-pool-vlan1003_pool] gateway-list 10.1.13.1
[DHCP_SRV-ip-pool-vlan1003_pool] network 10.1.13.0 mask 255.255.255.0
[DHCP_SRV-ip-pool-vlan1003_pool] excluded-ip-address 10.1.13.2 10.1.13.3
[DHCP_SRV-ip-pool-vlan1003_pool] lease day 2 hour 0 minute 0
[DHCP_SRV-ip-pool-vlan1003_pool] dns-list 119.29.29.29
[DHCP_SRV-ip-pool-vlan1003_pool]qui
[DHCP_SRV]ip pool vlan1004_pool
[DHCP_SRV-ip-pool-vlan1004_pool] gateway-list 10.1.14.1
[DHCP_SRV-ip-pool-vlan1004_pool] network 10.1.14.0 mask 255.255.255.0
[DHCP_SRV-ip-pool-vlan1004_pool] excluded-ip-address 10.1.14.2 10.1.14.3
[DHCP_SRV-ip-pool-vlan1004_pool] lease day 2 hour 0 minute 0
[DHCP_SRV-ip-pool-vlan1004_pool] dns-list 119.29.29.29
[DHCP_SRV-ip-pool-vlan1004_pool] option 43 sub-option 2 ip-address 10.1.15.4 10.1.15.5
[DHCP_SRV-ip-pool-vlan1004_pool]qui
[DHCP_SRV]dhcpv6 pool vlan1002_pool
[DHCP_SRV-dhcpv6-pool-vlan1002_pool] address prefix 2409:8086:5A0A:10:1:12::/112
[DHCP_SRV-dhcpv6-pool-vlan1002_pool] excluded-address 2409:8086:5A0A:10:1:12:0:1 to 2409:8086:5A0A:10:1:12:0:3
[DHCP_SRV-dhcpv6-pool-vlan1002_pool] dns-server 119:29:29::29
[DHCP_SRV-dhcpv6-pool-vlan1002_pool]qui
[DHCP_SRV]dhcpv6 pool vlan1003_pool
[DHCP_SRV-dhcpv6-pool-vlan1003_pool] address prefix 2409:8086:5A0A:10:1:13::/112
[DHCP_SRV-dhcpv6-pool-vlan1003_pool] excluded-address 2409:8086:5A0A:10:1:13:0:1
to 2409:8086:5A0A:10:1:13:0:3
[DHCP_SRV-dhcpv6-pool-vlan1003_pool] dns-server 119:29:29::29
[DHCP_SRV-dhcpv6-pool-vlan1003_pool]qui
[DHCP_SRV]int g0/0/0
[DHCP_SRV-GigabitEthernet0/0/0] ipv6 enable
[DHCP_SRV-GigabitEthernet0/0/0] ip address 192.168.112.2 255.255.255.252
[DHCP_SRV-GigabitEthernet0/0/0] ipv6 address 2409:8086:5A0A:192:168:112:0:1/127
[DHCP_SRV-GigabitEthernet0/0/0] ipv6 address auto link-local
[DHCP_SRV-GigabitEthernet0/0/0] dhcp select global
[DHCP_SRV-GigabitEthernet0/0/0] dhcpv6 server vlan1002_pool
[DHCP_SRV-GigabitEthernet0/0/0]int g0/0/1
[DHCP_SRV-GigabitEthernet0/0/1] ipv6 enable
[DHCP_SRV-GigabitEthernet0/0/1] ip address 192.168.113.2 255.255.255.252
[DHCP_SRV-GigabitEthernet0/0/1] ipv6 address 2409:8086:5A0A:192:168:113:0:1/127
[DHCP_SRV-GigabitEthernet0/0/1] ipv6 address auto link-local
[DHCP_SRV-GigabitEthernet0/0/1] dhcp select global
[DHCP_SRV-GigabitEthernet0/0/1] dhcpv6 server vlan1003_pool
[DHCP_SRV-GigabitEthernet0/0/1]qui
[DHCP_SRV]ip route-static 0.0.0.0 0.0.0.0 192.168.112.1
[DHCP_SRV]ip route-static 0.0.0.0 0.0.0.0 192.168.113.1
[DHCP_SRV]ipv6 route-static :: 0 2409:8086:5A0A:192:168:112::
[DHCP_SRV]ipv6 route-static :: 0 2409:8086:5A0A:192:168:113::
[DHCP_SRV]
Site b
1、VLAN划分&STP优化
FZ_01_SW:
<Huawei>
<Huawei>sys
[Huawei]un in en
[Huawei]sys FZ_01_SW
[FZ_01_SW]vlan batch 888
[FZ_01_SW]port group g0/0/1 to g0/0/3
[FZ_01_SW-port-group]port link-type access
[FZ_01_SW-GigabitEthernet0/0/1]port link-type access
[FZ_01_SW-GigabitEthernet0/0/2]port link-type access
[FZ_01_SW-GigabitEthernet0/0/3]port link-type access
[FZ_01_SW-port-group]port default vlan 888
[FZ_01_SW-GigabitEthernet0/0/1]port default vlan 888
[FZ_01_SW-GigabitEthernet0/0/2]port default vlan 888
[FZ_01_SW-GigabitEthernet0/0/3]port default vlan 888
[FZ_01_SW-port-group]stp bpdu-filter enable
[FZ_01_SW-GigabitEthernet0/0/1]stp bpdu-filter enable
[FZ_01_SW-GigabitEthernet0/0/2]stp bpdu-filter enable
[FZ_01_SW-GigabitEthernet0/0/3]stp bpdu-filter enable
[FZ_01_SW-port-group]stp edged-port enable
[FZ_01_SW-GigabitEthernet0/0/1]stp edged-port enable
[FZ_01_SW-GigabitEthernet0/0/2]stp edged-port enable
[FZ_01_SW-GigabitEthernet0/0/3]stp edged-port enable
[FZ_01_SW-port-group]qui
[FZ_01_SW]stp bpdu-protection
[FZ_01_SW]stp tc-protection
[FZ_01_SW]
2、DHCP&IPv4接入
FZ_01:
<Huawei>sys
[Huawei]un in en
[Huawei]sys FZ_01
[FZ_01]ipv6
[FZ_01]int g0/0/0
[FZ_01-GigabitEthernet0/0/0]ip address 183.73.54.182 255.255.255.252
[FZ_01-GigabitEthernet0/0/0]int g0/0/1
[FZ_01-GigabitEthernet0/0/1]ipv6 enable
[FZ_01-GigabitEthernet0/0/1]ip address 172.16.88.1 255.255.255.0
[FZ_01-GigabitEthernet0/0/1]ipv6 address 2001:DB8:888:1::FFFF/112
[FZ_01-GigabitEthernet0/0/1]ipv6 address auto link-local
[FZ_01-GigabitEthernet0/0/1]qui
[FZ_01]dhcp enable
[FZ_01]dhcpv6 pool vlan888_pool
[FZ_01-dhcpv6-pool-vlan888_pool] address prefix 2001:DB8:888:1::/112
[FZ_01-dhcpv6-pool-vlan888_pool] excluded-address 2001:DB8:888:1::FFFF
[FZ_01-dhcpv6-pool-vlan888_pool] dns-server 119:29:29::29
[FZ_01-dhcpv6-pool-vlan888_pool]qui
[FZ_01]interface GigabitEthernet0/0/1
[FZ_01-GigabitEthernet0/0/1] undo ipv6 nd ra halt
[FZ_01-GigabitEthernet0/0/1] ipv6 nd autoconfig managed-address-flag
[FZ_01-GigabitEthernet0/0/1] ipv6 nd autoconfig other-flag
[FZ_01-GigabitEthernet0/0/1] dhcp select interface
[FZ_01-GigabitEthernet0/0/1] dhcpv6 server vlan888_pool
[FZ_01-GigabitEthernet0/0/1]qui
[FZ_01]
3、NAT44
FZ_01:
[FZ_01]acl number 2000
[FZ_01-acl-basic-2000]rule 5 permit source 172.16.88.0 0.0.0.255
[FZ_01-acl-basic-2000]qui
[FZ_01]int g0/0/0
[FZ_01-GigabitEthernet0/0/0]nat outbound 2000
[FZ_01-GigabitEthernet0/0/0]qui
[FZ_01]
4、6to4隧道
FZ_01:
[FZ_01]int t0/0/0
[FZ_01-Tunnel0/0/0] ipv6 enable
[FZ_01-Tunnel0/0/0] ipv6 address FD00:100::2/64
[FZ_01-Tunnel0/0/0] ipv6 address auto link-local
[FZ_01-Tunnel0/0/0] tunnel-protocol ipv6-ipv4
[FZ_01-Tunnel0/0/0] source GigabitEthernet0/0/0
[FZ_01-Tunnel0/0/0] destination 223.73.54.0
[FZ_01-Tunnel0/0/0]qui
[FZ_01]ipv6 route-static :: 0 Tunnel0/0/0
[FZ_01]
Site c
1、VLAN划分&STP优化
FZ_02_SW:
<Huawei>sys
[Huawei]un in en
[Huawei]sys FZ_01_SW
[FZ_01_SW]vlan batch 889
[FZ_01_SW]port group g0/0/1 to g0/0/3
[FZ_01_SW-port-group]port link-type access
[FZ_01_SW-GigabitEthernet0/0/1]port link-type access
[FZ_01_SW-GigabitEthernet0/0/2]port link-type access
[FZ_01_SW-GigabitEthernet0/0/3]port link-type access
[FZ_01_SW-port-group]port default vlan 889
[FZ_01_SW-GigabitEthernet0/0/1]port default vlan 889
[FZ_01_SW-GigabitEthernet0/0/2]port default vlan 889
[FZ_01_SW-GigabitEthernet0/0/3]port default vlan 889
[FZ_01_SW-port-group]stp bpdu-filter enable
[FZ_01_SW-GigabitEthernet0/0/1]stp bpdu-filter enable
[FZ_01_SW-GigabitEthernet0/0/2]stp bpdu-filter enable
[FZ_01_SW-GigabitEthernet0/0/3]stp bpdu-filter enable
[FZ_01_SW-port-group]stp edged-port enable
[FZ_01_SW-GigabitEthernet0/0/1]stp edged-port enable
[FZ_01_SW-GigabitEthernet0/0/2]stp edged-port enable
[FZ_01_SW-GigabitEthernet0/0/3]stp edged-port enable
[FZ_01_SW-port-group]qui
[FZ_01_SW]stp bpdu-protection
[FZ_01_SW]stp tc-protection
[FZ_01_SW]
2、DHCP&IPv6接入
FZ_02:
<Huawei>sys
[Huawei]un in en
[Huawei]sys FZ_02
[FZ_02]ipv6
[FZ_02]int g0/0/0
[FZ_02-GigabitEthernet0/0/0]ipv6 enable
[FZ_02-GigabitEthernet0/0/0]ipv6 address 2409:8A55:934:A7E0:5513:489C:8F5:1/127
[FZ_02-GigabitEthernet0/0/0]int g0/0/1
[FZ_02-GigabitEthernet0/0/1]ipv6 enable
[FZ_02-GigabitEthernet0/0/1]ip address 172.16.89.1 255.255.255.0
[FZ_02-GigabitEthernet0/0/1]ipv6 address 2001:DB8:889:1::FFFF/112
[FZ_02-GigabitEthernet0/0/1]ipv6 address auto link-local
[FZ_02-GigabitEthernet0/0/1]qui
[FZ_02]dhcp enable
[FZ_02]dhcpv6 pool vlan889_pool
[FZ_02-dhcpv6-pool-vlan889_pool] address prefix 2001:DB8:889:1::/112
[FZ_02-dhcpv6-pool-vlan889_pool] excluded-address 2001:DB8:889:1::FFFF
[FZ_02-dhcpv6-pool-vlan889_pool] dns-server 119:29:29::29
[FZ_02-dhcpv6-pool-vlan889_pool]qui
[FZ_02]int g0/0/1
[FZ_02-GigabitEthernet0/0/1] ipv6 enable
[FZ_02-GigabitEthernet0/0/1] undo ipv6 nd ra halt
[FZ_02-GigabitEthernet0/0/1] ipv6 nd autoconfig managed-address-flag
[FZ_02-GigabitEthernet0/0/1] ipv6 nd autoconfig other-flag
[FZ_02-GigabitEthernet0/0/1] dhcp select interface
[FZ_02-GigabitEthernet0/0/1] dhcpv6 server vlan889_pool
[FZ_02-GigabitEthernet0/0/1]qui
[FZ_02]ipv6 route-static :: 0 2409:8A55:934:A7E0:5513:489C:8F5:0
[FZ_02]
3、4to6隧道
FZ_02:
[FZ_02]int t0/0/0
[FZ_02-Tunnel0/0/0] ip address 10.10.10.2 255.255.255.252
[FZ_02-Tunnel0/0/0] tunnel-protocol ipv4-ipv6
[FZ_02-Tunnel0/0/0] source GigabitEthernet0/0/0
[FZ_02-Tunnel0/0/0] destination 2409:8A55:936:1AE0:B04D:C0DD:94F7:0
[FZ_02-Tunnel0/0/0]qui
[FZ_02]ip route-static 0.0.0.0 0.0.0.0 Tunnel0/0/0
[FZ_02]
ISP
1、ISIS
AR_01:
<Huawei>sys
[Huawei]un in en
[Huawei]sys AR_01
[AR_01]ipv6
[AR_01]int loo0
[AR_01-LoopBack0] ipv6 enable
[AR_01-LoopBack0] ip address 100.0.0.1 255.255.255.255
[AR_01-LoopBack0] ipv6 address 2409:8055:5C00:0:100::1/128
[AR_01-LoopBack0] ipv6 address auto link-local
[AR_01-LoopBack0]int e4/0/0
[AR_01-Ethernet4/0/0] ipv6 enable
[AR_01-Ethernet4/0/0] ip address unnumbered interface LoopBack0
[AR_01-Ethernet4/0/0] ipv6 address auto link-local
[AR_01-Ethernet4/0/0]int e4/0/1
[AR_01-Ethernet4/0/1] ip address 183.73.54.181 255.255.255.252
[AR_01-Ethernet4/0/1]int g0/0/0
[AR_01-GigabitEthernet0/0/0] ipv6 enable
[AR_01-GigabitEthernet0/0/0] ip address unnumbered interface LoopBack0
[AR_01-GigabitEthernet0/0/0] ipv6 address auto link-local
[AR_01-GigabitEthernet0/0/0]int g0/0/1
[AR_01-GigabitEthernet0/0/1] ipv6 enable
[AR_01-GigabitEthernet0/0/1] ip address unnumbered interface LoopBack0
[AR_01-GigabitEthernet0/0/1] ipv6 address auto link-local
[AR_01-GigabitEthernet0/0/1]int g0/0/2
[AR_01-GigabitEthernet0/0/2] ipv6 enable
[AR_01-GigabitEthernet0/0/2] ip address unnumbered interface LoopBack0
[AR_01-GigabitEthernet0/0/2] ipv6 address auto link-local
[AR_01-GigabitEthernet0/0/2]qui
[AR_01]bfd
[AR_01-bfd]qui
[AR_01]isis 10
[AR_01-isis-10] is-level level-2
[AR_01-isis-10] cost-style wide
[AR_01-isis-10] timer lsp-generation 1 50 50 level-2
[AR_01-isis-10] flash-flood 15 level-2
[AR_01-isis-10] bfd all-interfaces enable
[AR_01-isis-10] bfd all-interfaces min-tx-interval 300 min-rx-interval 300 detect 4 frr-binding
[AR_01-isis-10] network-entity 49.0000.0000.0001.00
[AR_01-isis-10] lsp-fragments-extend mode-2 level-2
[AR_01-isis-10] virtual-system 5000.0000.0000
[AR_01-isis-10] timer spf 1 50 50
[AR_01-isis-10] set-overload on-startup
[AR_01-isis-10] frr
[AR_01-isis-10-frr] loop-free-alternate level-2
[AR_01-isis-10-frr] ipv6 enable topology standard
[AR_01-isis-10]qui
[AR_01]int loo0
[AR_01-LoopBack0] isis enable 10
[AR_01-LoopBack0] isis ipv6 enable 10
[AR_01-LoopBack0]int e4/0/0
[AR_01-Ethernet4/0/0] isis enable 10
[AR_01-Ethernet4/0/0] isis ipv6 enable 10
[AR_01-Ethernet4/0/0] isis circuit-type p2p
[AR_01-Ethernet4/0/0]int g0/0/0
[AR_01-GigabitEthernet0/0/0] isis enable 10
[AR_01-GigabitEthernet0/0/0] isis ipv6 enable 10
[AR_01-GigabitEthernet0/0/0] isis circuit-type p2p
[AR_01-GigabitEthernet0/0/0]int g0/0/1
[AR_01-GigabitEthernet0/0/1] isis enable 10
[AR_01-GigabitEthernet0/0/1] isis ipv6 enable 10
[AR_01-GigabitEthernet0/0/1] isis circuit-type p2p
[AR_01-GigabitEthernet0/0/1]int g0/0/2
[AR_01-GigabitEthernet0/0/2] isis enable 10
[AR_01-GigabitEthernet0/0/2] isis ipv6 enable 10
[AR_01-GigabitEthernet0/0/2] isis circuit-type p2p
[AR_01-GigabitEthernet0/0/2]qui
[AR_01]
--------------------------------------
AR_02:
<Huawei>sys
[Huawei]un in en
[Huawei]sys AR_02
[AR_02]ipv6
[AR_02]int loo0
[AR_02-LoopBack0] ipv6 enable
[AR_02-LoopBack0] ip address 100.0.0.2 255.255.255.255
[AR_02-LoopBack0] ipv6 address 2409:8055:5C00:0:100::2/128
[AR_02-LoopBack0] ipv6 address auto link-local
[AR_02-LoopBack0]int e4/0/0
[AR_02-Ethernet4/0/0] ipv6 enable
[AR_02-Ethernet4/0/0] ip address unnumbered interface LoopBack0
[AR_02-Ethernet4/0/0] ipv6 address auto link-local
[AR_02-Ethernet4/0/0]int e4/0/1
[AR_02-Ethernet4/0/1] ipv6 enable
[AR_02-Ethernet4/0/1] ipv6 address 2409:8A55:934:A7E0:5513:489C:8F5:0/127
[AR_02-Ethernet4/0/1]int g0/0/0
[AR_02-GigabitEthernet0/0/0] ipv6 enable
[AR_02-GigabitEthernet0/0/0] ip address unnumbered interface LoopBack0
[AR_02-GigabitEthernet0/0/0] ipv6 address auto link-local
[AR_02-GigabitEthernet0/0/0]int g0/0/1
[AR_02-GigabitEthernet0/0/1] ipv6 enable
[AR_02-GigabitEthernet0/0/1] ip address unnumbered interface LoopBack0
[AR_02-GigabitEthernet0/0/1] ipv6 address auto link-local
[AR_02-GigabitEthernet0/0/1]int g0/0/2
[AR_02-GigabitEthernet0/0/2] ipv6 enable
[AR_02-GigabitEthernet0/0/2] ip address unnumbered interface LoopBack0
[AR_02-GigabitEthernet0/0/2] ipv6 address auto link-local
[AR_02-GigabitEthernet0/0/2]qui
[AR_02]bfd
[AR_02-bfd]qui
[AR_02]isis 10
[AR_02-isis-10] is-level level-2
[AR_02-isis-10] cost-style wide
[AR_02-isis-10] timer lsp-generation 1 50 50 level-2
[AR_02-isis-10] flash-flood 15 level-2
[AR_02-isis-10] bfd all-interfaces enable
[AR_02-isis-10] bfd all-interfaces min-tx-interval 300 min-rx-interval 300 detect 4 frr-binding
[AR_02-isis-10] network-entity 49.0000.0000.0002.00
[AR_02-isis-10] lsp-fragments-extend mode-2 level-2
[AR_02-isis-10] virtual-system 5100.0000.0000
[AR_02-isis-10] timer spf 1 50 50
[AR_02-isis-10] set-overload on-startup
[AR_02-isis-10] frr
[AR_02-isis-10-frr] loop-free-alternate level-2
[AR_02-isis-10-frr] ipv6 enable topology standard
[AR_02-isis-10]qui
[AR_02]int loo0
[AR_02-LoopBack0] isis enable 10
[AR_02-LoopBack0] isis ipv6 enable 10
[AR_02-LoopBack0]int e4/0/0
[AR_02-Ethernet4/0/0] isis enable 10
[AR_02-Ethernet4/0/0] isis ipv6 enable 10
[AR_02-Ethernet4/0/0] isis circuit-type p2p
[AR_02-Ethernet4/0/0]int g0/0/0
[AR_02-GigabitEthernet0/0/0] isis enable 10
[AR_02-GigabitEthernet0/0/0] isis ipv6 enable 10
[AR_02-GigabitEthernet0/0/0] isis circuit-type p2p
[AR_02-GigabitEthernet0/0/0]int g0/0/1
[AR_02-GigabitEthernet0/0/1] isis enable 10
[AR_02-GigabitEthernet0/0/1] isis ipv6 enable 10
[AR_02-GigabitEthernet0/0/1] isis circuit-type p2p
[AR_02-GigabitEthernet0/0/1]int g0/0/2
[AR_02-GigabitEthernet0/0/2] isis enable 10
[AR_02-GigabitEthernet0/0/2] isis ipv6 enable 10
[AR_02-GigabitEthernet0/0/2] isis circuit-type p2p
[AR_02-GigabitEthernet0/0/2]qui
[AR_02]
--------------------------------------
AR_03:
<Huawei>sys
[Huawei]un in en
[Huawei]sys AR_03
[AR_03]ipv6
[AR_03]int loo0
[AR_03-LoopBack0] ipv6 enable
[AR_03-LoopBack0] ip address 100.0.0.3 255.255.255.255
[AR_03-LoopBack0] ipv6 address 2409:8055:5C00:0:100::3/128
[AR_03-LoopBack0] ipv6 address auto link-local
[AR_03-LoopBack0]int e4/0/0
[AR_03-Ethernet4/0/0] ipv6 enable
[AR_03-Ethernet4/0/0] ip address 183.26.96.2 255.255.255.252
[AR_03-Ethernet4/0/0] ipv6 address 2409:8055:5C00:0:2800::1/127
[AR_03-Ethernet4/0/0] ipv6 address auto link-local
[AR_03-Ethernet4/0/0]int e4/0/1
[AR_03-Ethernet4/0/1] ipv6 enable
[AR_03-Ethernet4/0/1] ip address unnumbered interface LoopBack0
[AR_03-Ethernet4/0/1] ipv6 address auto link-local
[AR_03-Ethernet4/0/1]int g0/0/0
[AR_03-GigabitEthernet0/0/0] ipv6 enable
[AR_03-GigabitEthernet0/0/0] ip address unnumbered interface LoopBack0
[AR_03-GigabitEthernet0/0/0] ipv6 address auto link-local
[AR_03-GigabitEthernet0/0/0]int g0/0/1
[AR_03-GigabitEthernet0/0/1] ipv6 enable
[AR_03-GigabitEthernet0/0/1] ip address unnumbered interface LoopBack0
[AR_03-GigabitEthernet0/0/1] ipv6 address auto link-local
[AR_03-GigabitEthernet0/0/1]int g0/0/2
[AR_03-GigabitEthernet0/0/2] ipv6 enable
[AR_03-GigabitEthernet0/0/2] ip address unnumbered interface LoopBack0
[AR_03-GigabitEthernet0/0/2] ipv6 address auto link-local
[AR_03-GigabitEthernet0/0/2]qui
[AR_03]bfd
[AR_03-bfd]qui
[AR_03]isis 10
[AR_03-isis-10] is-level level-2
[AR_03-isis-10] cost-style wide
[AR_03-isis-10] timer lsp-generation 1 50 50 level-2
[AR_03-isis-10] flash-flood 15 level-2
[AR_03-isis-10] bfd all-interfaces enable
[AR_03-isis-10] bfd all-interfaces min-tx-interval 300 min-rx-interval 300 detect 4 frr-binding
[AR_03-isis-10] network-entity 49.0000.0000.0003.00
[AR_03-isis-10] lsp-fragments-extend mode-2 level-2
[AR_03-isis-10] virtual-system 5200.0000.0000
[AR_03-isis-10] timer spf 1 50 50
[AR_03-isis-10] set-overload on-startup
[AR_03-isis-10] frr
[AR_03-isis-10-frr] loop-free-alternate level-2
[AR_03-isis-10-frr] ipv6 enable topology standard
[AR_03-isis-10]qui
[AR_03]int loo0
[AR_03-LoopBack0] isis enable 10
[AR_03-LoopBack0] isis ipv6 enable 10
[AR_03-LoopBack0]int e4/0/1
[AR_03-Ethernet4/0/1] isis enable 10
[AR_03-Ethernet4/0/1] isis ipv6 enable 10
[AR_03-Ethernet4/0/1] isis circuit-type p2p
[AR_03-Ethernet4/0/1]int g0/0/0
[AR_03-GigabitEthernet0/0/0] isis enable 10
[AR_03-GigabitEthernet0/0/0] isis ipv6 enable 10
[AR_03-GigabitEthernet0/0/0] isis circuit-type p2p
[AR_03-GigabitEthernet0/0/0]int g0/0/1
[AR_03-GigabitEthernet0/0/1] isis enable 10
[AR_03-GigabitEthernet0/0/1] isis ipv6 enable 10
[AR_03-GigabitEthernet0/0/1] isis circuit-type p2p
[AR_03-GigabitEthernet0/0/1]int g0/0/2
[AR_03-GigabitEthernet0/0/2] isis enable 10
[AR_03-GigabitEthernet0/0/2] isis ipv6 enable 10
[AR_03-GigabitEthernet0/0/2] isis circuit-type p2p
[AR_03-GigabitEthernet0/0/2]qui
[AR_03]
--------------------------------------
AR_04:
<Huawei>sys
[Huawei]un in en
[Huawei]sys AR_04
[AR_04]ipv6
[AR_04]int loo0
[AR_04-LoopBack0] ipv6 enable
[AR_04-LoopBack0] ip address 100.0.0.4 255.255.255.255
[AR_04-LoopBack0] ipv6 address 2409:8055:5C00:0:100::4/128
[AR_04-LoopBack0] ipv6 address auto link-local
[AR_04-LoopBack0]int e4/0/0
[AR_04-Ethernet4/0/0] ipv6 enable
[AR_04-Ethernet4/0/0] ip address 183.26.96.6 255.255.255.252
[AR_04-Ethernet4/0/0] ipv6 address 2409:8055:5C00:0:2800::3/127
[AR_04-Ethernet4/0/0] ipv6 address auto link-local
[AR_04-Ethernet4/0/0]int e4/0/1
[AR_04-Ethernet4/0/1] ipv6 enable
[AR_04-Ethernet4/0/1] ip address unnumbered interface LoopBack0
[AR_04-Ethernet4/0/1] ipv6 address auto link-local
[AR_04-Ethernet4/0/1]int g0/0/0
[AR_04-GigabitEthernet0/0/0] ipv6 enable
[AR_04-GigabitEthernet0/0/0] ip address unnumbered interface LoopBack0
[AR_04-GigabitEthernet0/0/0] ipv6 address auto link-local
[AR_04-GigabitEthernet0/0/0]int g0/0/1
[AR_04-GigabitEthernet0/0/1] ipv6 enable
[AR_04-GigabitEthernet0/0/1] ip address unnumbered interface LoopBack0
[AR_04-GigabitEthernet0/0/1] ipv6 address auto link-local
[AR_04-GigabitEthernet0/0/1]int g0/0/2
[AR_04-GigabitEthernet0/0/2] ipv6 enable
[AR_04-GigabitEthernet0/0/2] ip address unnumbered interface LoopBack0
[AR_04-GigabitEthernet0/0/2] ipv6 address auto link-local
[AR_04-GigabitEthernet0/0/2]qui
[AR_04]bfd
[AR_04-bfd]qui
[AR_04]isis 10
[AR_04-isis-10] is-level level-2
[AR_04-isis-10] cost-style wide
[AR_04-isis-10] timer lsp-generation 1 50 50 level-2
[AR_04-isis-10] flash-flood 15 level-2
[AR_04-isis-10] bfd all-interfaces enable
[AR_04-isis-10] bfd all-interfaces min-tx-interval 300 min-rx-interval 300 detect 4 frr-binding
[AR_04-isis-10] network-entity 49.0000.0000.0004.00
[AR_04-isis-10] lsp-fragments-extend mode-2 level-2
[AR_04-isis-10] virtual-system 5300.0000.0000
[AR_04-isis-10] timer spf 1 50 50
[AR_04-isis-10] set-overload on-startup
[AR_04-isis-10] frr
[AR_04-isis-10-frr] loop-free-alternate level-2
[AR_04-isis-10-frr] ipv6 enable topology standard
[AR_04-isis-10]qui
[AR_04]int loo0
[AR_04-LoopBack0] isis enable 10
[AR_04-LoopBack0] isis ipv6 enable 10
[AR_04-LoopBack0]int e4/0/1
[AR_04-Ethernet4/0/1] isis enable 10
[AR_04-Ethernet4/0/1] isis ipv6 enable 10
[AR_04-Ethernet4/0/1] isis circuit-type p2p
[AR_04-Ethernet4/0/1]int g0/0/0
[AR_04-GigabitEthernet0/0/0] isis enable 10
[AR_04-GigabitEthernet0/0/0] isis ipv6 enable 10
[AR_04-GigabitEthernet0/0/0] isis circuit-type p2p
[AR_04-GigabitEthernet0/0/0]int g0/0/1
[AR_04-GigabitEthernet0/0/1] isis enable 10
[AR_04-GigabitEthernet0/0/1] isis ipv6 enable 10
[AR_04-GigabitEthernet0/0/1] isis circuit-type p2p
[AR_04-GigabitEthernet0/0/1]int g0/0/2
[AR_04-GigabitEthernet0/0/2] isis enable 10
[AR_04-GigabitEthernet0/0/2] isis ipv6 enable 10
[AR_04-GigabitEthernet0/0/2] isis circuit-type p2p
[AR_04-GigabitEthernet0/0/2]qui
[AR_04]
2、路由策略
AR_03:
[AR_03]ip route-static 192.168.0.34 255.255.255.255 NULL0 preference 1 tag 192168034
[AR_03]ipv6 route-static 2409:8055:5C00:0:192:168:0:34 128 NULL0 preference 1 tag 192168034
[AR_03]route-policy tic_static_vhp_to_isis permit node 10
[AR_03-route-policy]if-match tag 192168034
[AR_03-route-policy]qui
[AR_03]route-policy tic_static_vhp_to_isis deny node 999
[AR_03-route-policy]qui
[AR_03]isis 10
[AR_03-isis-10] import-route static route-policy tic_static_vhp_to_isis
[AR_03-isis-10] ipv6 import-route static route-policy tic_static_vhp_to_isis
[AR_03-isis-10]qui
[AR_03]
--------------------------------------
AR_04:
[AR_04]ip route-static 192.168.0.34 255.255.255.255 NULL0 preference 1 tag 192168034
[AR_04]ipv6 route-static 2409:8055:5C00:0:192:168:0:34 128 NULL0 preference 1 tag 192168034
[AR_04]route-policy tic_static_vhp_to_isis permit node 10
[AR_04-route-policy] if-match tag 192168034
[AR_04-route-policy]qui
[AR_04]route-policy tic_static_vhp_to_isis deny node 999
[AR_04-route-policy]qui
[AR_04]isis 10
[AR_04-isis-10] import-route static route-policy tic_static_vhp_to_isis
[AR_04-isis-10] ipv6 import-route static route-policy tic_static_vhp_to_isis
[AR_04-isis-10]qui
[AR_04]
3、BGP
AR_01:
[AR_01]bgp 9808
[AR_01-bgp] router-id 221.179.3.1
[AR_01-bgp] peer 100.0.0.5 as-number 9808
[AR_01-bgp] peer 100.0.0.5 connect-interface LoopBack0
[AR_01-bgp] peer 100.0.0.5 bfd min-tx-interval 300 min-rx-interval 300 detect 4
[AR_01-bgp] peer 100.0.0.5 bfd enable
[AR_01-bgp] peer 2409:8055:5C00:0:100::5 as-number 9808
[AR_01-bgp] peer 2409:8055:5C00:0:100::5 connect-interface LoopBack0
[AR_01-bgp] ipv4-family unicast
[AR_01-bgp-af-ipv4] undo synchronization
[AR_01-bgp-af-ipv4] network 183.73.54.180 255.255.255.252
[AR_01-bgp-af-ipv4] network 223.73.54.180 255.255.255.252
[AR_01-bgp-af-ipv4] maximum load-balancing 8
[AR_01-bgp-af-ipv4] peer 100.0.0.5 enable
[AR_01-bgp-af-ipv4] peer 100.0.0.5 next-hop-local
[AR_01-bgp-af-ipv4] peer 100.0.0.5 advertise-community
[AR_01-bgp-af-ipv4] qui
[AR_01-bgp] ipv6-family unicast
[AR_01-bgp-af-ipv6] undo synchronization
[AR_01-bgp-af-ipv6] maximum load-balancing 8
[AR_01-bgp-af-ipv6] peer 2409:8055:5C00:0:100::5 enable
[AR_01-bgp-af-ipv6] peer 2409:8055:5C00:0:100::5 next-hop-local
[AR_01-bgp-af-ipv6] peer 2409:8055:5C00:0:100::5 advertise-community
[AR_01-bgp-af-ipv6]qui
[AR_01-bgp]
--------------------------------------
AR_02:
[AR_02]ipv6 route-static 2001:DB8:889:1:: 112 2409:8A55:934:A7E0:5513:489C:8F5:1
[AR_02]bgp 9808
[AR_02-bgp] router-id 221.179.3.2
[AR_02-bgp] peer 100.0.0.5 as-number 9808
[AR_02-bgp] peer 100.0.0.5 connect-interface LoopBack0
[AR_02-bgp] peer 100.0.0.5 bfd min-tx-interval 300 min-rx-interval 300 detect 4
[AR_02-bgp] peer 100.0.0.5 bfd enable
[AR_02-bgp] peer 2409:8055:5C00:0:100::5 as-number 9808
[AR_02-bgp] peer 2409:8055:5C00:0:100::5 connect-interface LoopBack0
[AR_02-bgp] ipv4-family unicast
[AR_02-bgp-af-ipv4] undo synchronization
[AR_02-bgp-af-ipv4] maximum load-balancing 8
[AR_02-bgp-af-ipv4] peer 100.0.0.5 enable
[AR_02-bgp-af-ipv4] peer 100.0.0.5 next-hop-local
[AR_02-bgp-af-ipv4] peer 100.0.0.5 advertise-community
[AR_02-bgp-af-ipv4] qui
[AR_02-bgp] ipv6-family unicast
[AR_02-bgp-af-ipv6] undo synchronization
[AR_02-bgp-af-ipv6] network 2001:DB8:889:1:: 112
[AR_02-bgp-af-ipv6] network 2409:8A55:934:A7E0:5513:489C:8F5:0 127
[AR_02-bgp-af-ipv6] maximum load-balancing 8
[AR_02-bgp-af-ipv6] peer 2409:8055:5C00:0:100::5 enable
[AR_02-bgp-af-ipv6] peer 2409:8055:5C00:0:100::5 next-hop-local
[AR_02-bgp-af-ipv6] peer 2409:8055:5C00:0:100::5 advertise-community
[AR_02-bgp-af-ipv6]qui
[AR_02-bgp]qui
[AR_02]
--------------------------------------
AR_03:
[AR_03]bgp 9808
[AR_03-bgp] router-id 221.179.3.3
[AR_03-bgp] peer 100.0.0.5 as-number 9808
[AR_03-bgp] peer 100.0.0.5 connect-interface LoopBack0
[AR_03-bgp] peer 100.0.0.5 bfd min-tx-interval 300 min-rx-interval 300 detect 4
[AR_03-bgp] peer 100.0.0.5 bfd enable
[AR_03-bgp] peer 183.26.96.1 as-number 65001
[AR_03-bgp] peer 183.26.96.1 connect-interface Ethernet4/0/0
[AR_03-bgp] peer 183.26.96.1 password cipher huawei@123
[AR_03-bgp] peer 183.26.96.1 bfd min-tx-interval 300 min-rx-interval 300 detect 4
[AR_03-bgp] peer 183.26.96.1 bfd enable
[AR_03-bgp] peer 2409:8055:5C00:0:100::5 as-number 9808
[AR_03-bgp] peer 2409:8055:5C00:0:100::5 connect-interface LoopBack0
[AR_03-bgp] peer 2409:8055:5C00:0:2800:: as-number 65001
[AR_03-bgp] peer 2409:8055:5C00:0:2800:: connect-interface Ethernet4/0/0
[AR_03-bgp] peer 2409:8055:5C00:0:2800:: password cipher huawei@123
[AR_03-bgp] ipv4-family unicast
[AR_03-bgp-af-ipv4] undo synchronization
[AR_03-bgp-af-ipv4] network 183.26.96.0 255.255.255.252
[AR_03-bgp-af-ipv4] maximum load-balancing 8
[AR_03-bgp-af-ipv4] peer 100.0.0.5 enable
[AR_03-bgp-af-ipv4] peer 100.0.0.5 next-hop-local
[AR_03-bgp-af-ipv4] peer 100.0.0.5 advertise-community
[AR_03-bgp-af-ipv4] peer 183.26.96.1 enable
[AR_03-bgp-af-ipv4] peer 183.26.96.1 default-route-advertise
[AR_03-bgp-af-ipv4] qui
[AR_03-bgp] ipv6-family unicast
[AR_03-bgp-af-ipv6] undo synchronization
[AR_03-bgp-af-ipv6] network 2409:8055:5C00:0:2800:: 127
[AR_03-bgp-af-ipv6] maximum load-balancing 8
[AR_03-bgp-af-ipv6] peer 2409:8055:5C00:0:100::5 enable
[AR_03-bgp-af-ipv6] peer 2409:8055:5C00:0:100::5 next-hop-local
[AR_03-bgp-af-ipv6] peer 2409:8055:5C00:0:100::5 advertise-community
[AR_03-bgp-af-ipv6] peer 2409:8055:5C00:0:2800:: enable
[AR_03-bgp-af-ipv6] peer 2409:8055:5C00:0:2800:: default-route-advertise
[AR_03-bgp-af-ipv6]qui
[AR_03-bgp]qui
[AR_03]
--------------------------------------
AR_04:
[AR_04]bgp 9808
[AR_04-bgp] router-id 221.179.3.4
[AR_04-bgp] peer 100.0.0.5 as-number 9808
[AR_04-bgp] peer 100.0.0.5 connect-interface LoopBack0
[AR_04-bgp] peer 100.0.0.5 bfd min-tx-interval 300 min-rx-interval 300 detect 4
[AR_04-bgp] peer 100.0.0.5 bfd enable
[AR_04-bgp] peer 183.26.96.5 as-number 65001
[AR_04-bgp] peer 183.26.96.5 connect-interface Ethernet4/0/0
[AR_04-bgp] peer 183.26.96.5 password cipher huawei@123
[AR_04-bgp] peer 183.26.96.5 bfd min-tx-interval 300 min-rx-interval 300 detect 4
[AR_04-bgp] peer 183.26.96.5 bfd enable
[AR_04-bgp] peer 2409:8055:5C00:0:100::5 as-number 9808
[AR_04-bgp] peer 2409:8055:5C00:0:100::5 connect-interface LoopBack0
[AR_04-bgp] peer 2409:8055:5C00:0:2800::2 as-number 65001
[AR_04-bgp] peer 2409:8055:5C00:0:2800::2 connect-interface Ethernet4/0/0
[AR_04-bgp] peer 2409:8055:5C00:0:2800::2 password cipher huawei@123
[AR_04-bgp] ipv4-family unicast
[AR_04-bgp-af-ipv4] undo synchronization
[AR_04-bgp-af-ipv4] network 183.26.96.4 255.255.255.252
[AR_04-bgp-af-ipv4] maximum load-balancing 8
[AR_04-bgp-af-ipv4] peer 100.0.0.5 enable
[AR_04-bgp-af-ipv4] peer 100.0.0.5 next-hop-local
[AR_04-bgp-af-ipv4] peer 100.0.0.5 advertise-community
[AR_04-bgp-af-ipv4] peer 183.26.96.5 enable
[AR_04-bgp-af-ipv4] peer 183.26.96.5 default-route-advertise
[AR_04-bgp-af-ipv4] qui
[AR_04-bgp] ipv6-family unicast
[AR_04-bgp-af-ipv6] undo synchronization
[AR_04-bgp-af-ipv6] network 2409:8055:5C00:0:2800::2 127
[AR_04-bgp-af-ipv6] maximum load-balancing 8
[AR_04-bgp-af-ipv6] peer 2409:8055:5C00:0:100::5 enable
[AR_04-bgp-af-ipv6] peer 2409:8055:5C00:0:100::5 next-hop-local
[AR_04-bgp-af-ipv6] peer 2409:8055:5C00:0:100::5 advertise-community
[AR_04-bgp-af-ipv6] peer 2409:8055:5C00:0:2800::2 enable
[AR_04-bgp-af-ipv6] peer 2409:8055:5C00:0:2800::2 default-route-advertise
[AR_04-bgp-af-ipv6] qui
[AR_04-bgp]qui
[AR_04]
--------------------------------------
BR_01:
[BR_01]bgp 9808
[BR_01-bgp] router-id 221.179.3.5
[BR_01-bgp] group AR_Group internal
[BR_01-bgp] peer AR_Group connect-interface LoopBack0
[BR_01-bgp] peer AR_Group bfd min-tx-interval 300 min-rx-interval 300 detect 4
[BR_01-bgp] peer AR_Group bfd enable
[BR_01-bgp] peer 100.0.0.1 as-number 9808
[BR_01-bgp] peer 100.0.0.1 group AR_Group
[BR_01-bgp] peer 100.0.0.2 as-number 9808
[BR_01-bgp] peer 100.0.0.2 group AR_Group
[BR_01-bgp] peer 100.0.0.3 as-number 9808
[BR_01-bgp] peer 100.0.0.3 group AR_Group
[BR_01-bgp] peer 100.0.0.4 as-number 9808
[BR_01-bgp] peer 100.0.0.4 group AR_Group
[BR_01-bgp] peer 2409:8055:5C00:0:100::1 as-number 9808
[BR_01-bgp] peer 2409:8055:5C00:0:100::1 group AR_Group
[BR_01-bgp] peer 2409:8055:5C00:0:100::2 as-number 9808
[BR_01-bgp] peer 2409:8055:5C00:0:100::2 group AR_Group
[BR_01-bgp] peer 2409:8055:5C00:0:100::3 as-number 9808
[BR_01-bgp] peer 2409:8055:5C00:0:100::3 group AR_Group
[BR_01-bgp] peer 2409:8055:5C00:0:100::4 as-number 9808
[BR_01-bgp] peer 2409:8055:5C00:0:100::4 group AR_Group
[BR_01-bgp] ipv4-family unicast
[BR_01-bgp-af-ipv4] undo synchronization
[BR_01-bgp-af-ipv4] network 8.8.8.8 255.255.255.255
[BR_01-bgp-af-ipv4] maximum load-balancing 8
[BR_01-bgp-af-ipv4] peer AR_Group enable
[BR_01-bgp-af-ipv4] peer AR_Group reflect-client
[BR_01-bgp-af-ipv4] peer AR_Group advertise-community
[BR_01-bgp-af-ipv4] peer 100.0.0.1 enable
[BR_01-bgp-af-ipv4] peer 100.0.0.1 group AR_Group
[BR_01-bgp-af-ipv4] peer 100.0.0.2 enable
[BR_01-bgp-af-ipv4] peer 100.0.0.2 group AR_Group
[BR_01-bgp-af-ipv4] peer 100.0.0.3 enable
[BR_01-bgp-af-ipv4] peer 100.0.0.3 group AR_Group
[BR_01-bgp-af-ipv4] peer 100.0.0.4 enable
[BR_01-bgp-af-ipv4] peer 100.0.0.4 group AR_Group
[BR_01-bgp-af-ipv4] qui
[BR_01-bgp] ipv6-family unicast
[BR_01-bgp-af-ipv6] undo synchronization
[BR_01-bgp-af-ipv6] network 8::8 128
[BR_01-bgp-af-ipv6] maximum load-balancing 8
[BR_01-bgp-af-ipv6] peer AR_Group enable
[BR_01-bgp-af-ipv6] peer AR_Group reflect-client
[BR_01-bgp-af-ipv6] peer AR_Group advertise-community
[BR_01-bgp-af-ipv6] peer 2409:8055:5C00:0:100::1 enable
[BR_01-bgp-af-ipv6] peer 2409:8055:5C00:0:100::1 group AR_Group
[BR_01-bgp-af-ipv6] peer 2409:8055:5C00:0:100::2 enable
[BR_01-bgp-af-ipv6] peer 2409:8055:5C00:0:100::2 group AR_Group
[BR_01-bgp-af-ipv6] peer 2409:8055:5C00:0:100::3 enable
[BR_01-bgp-af-ipv6] peer 2409:8055:5C00:0:100::3 group AR_Group
[BR_01-bgp-af-ipv6] peer 2409:8055:5C00:0:100::4 enable
[BR_01-bgp-af-ipv6] peer 2409:8055:5C00:0:100::4 group AR_Group
[BR_01-bgp-af-ipv6]qui
[BR_01-bgp]qui
[BR_01]
4、配对AR BGP互联
AR_03:
[AR_03]route-policy set_lp_attribute permit node 10
[AR_03-route-policy] apply local-preference 3000
[AR_03-route-policy]qui
[AR_03]bgp 9808
[AR_03-bgp] peer 100.0.0.4 as-number 9808
[AR_03-bgp] peer 100.0.0.4 connect-interface LoopBack0
[AR_03-bgp] peer 100.0.0.4 bfd min-tx-interval 300 min-rx-interval 300 detect 4
[AR_03-bgp] peer 100.0.0.4 bfd enable
[AR_03-bgp] peer 2409:8055:5C00:0:100::4 as-number 9808
[AR_03-bgp] peer 2409:8055:5C00:0:100::4 connect-interface LoopBack0
[AR_03-bgp] ipv4-family unicast
[AR_03-bgp-af-ipv4] peer 100.0.0.4 enable
[AR_03-bgp-af-ipv4] peer 100.0.0.4 route-policy set_lp_attribute import
[AR_03-bgp-af-ipv4] peer 100.0.0.4 next-hop-local
[AR_03-bgp-af-ipv4] peer 100.0.0.4 advertise-community
[AR_03-bgp-af-ipv4] qui
[AR_03-bgp] ipv6-family unicast
[AR_03-bgp-af-ipv6] peer 2409:8055:5C00:0:100::4 enable
[AR_03-bgp-af-ipv6] peer 2409:8055:5C00:0:100::4 route-policy set_lp_attribute import
[AR_03-bgp-af-ipv6] peer 2409:8055:5C00:0:100::4 next-hop-local
[AR_03-bgp-af-ipv6] peer 2409:8055:5C00:0:100::4 advertise-community
[AR_03-bgp-af-ipv6]qui
[AR_03-bgp]qui
[AR_03]
--------------------------------------
AR_04:
[AR_04]route-policy set_lp_attribute permit node 10
[AR_04-route-policy] apply local-preference 3000
[AR_04-route-policy]qui
[AR_04]bgp 9808
[AR_04-bgp] peer 100.0.0.3 as-number 9808
[AR_04-bgp] peer 100.0.0.3 connect-interface LoopBack0
[AR_04-bgp] peer 100.0.0.3 bfd min-tx-interval 300 min-rx-interval 300 detect 4
[AR_04-bgp] peer 100.0.0.3 bfd enable
[AR_04-bgp] peer 2409:8055:5C00:0:100::3 as-number 9808
[AR_04-bgp] peer 2409:8055:5C00:0:100::3 connect-interface LoopBack0
[AR_04-bgp] ipv4-family unicast
[AR_04-bgp-af-ipv4] peer 100.0.0.3 enable
[AR_04-bgp-af-ipv4] peer 100.0.0.3 route-policy set_lp_attribute import
[AR_04-bgp-af-ipv4] peer 100.0.0.3 next-hop-local
[AR_04-bgp-af-ipv4] peer 100.0.0.3 advertise-community
[AR_04-bgp-af-ipv4] qui
[AR_04-bgp] ipv6-family unicast
[AR_04-bgp-af-ipv6] peer 2409:8055:5C00:0:100::3 enable
[AR_04-bgp-af-ipv6] peer 2409:8055:5C00:0:100::3 route-policy set_lp_attribute import
[AR_04-bgp-af-ipv6] peer 2409:8055:5C00:0:100::3 next-hop-local
[AR_04-bgp-af-ipv6] peer 2409:8055:5C00:0:100::3 advertise-community
[AR_04-bgp-af-ipv6] qui
[AR_04-bgp]qui
[AR_04]
5、发布虚拟下一跳路由策略
AR_03:
[AR_03]ip ip-prefix ipv4_any index 10 permit 0.0.0.0 0 less-equal 32
[AR_03]ip ipv6-prefix ipv6_any index 10 permit :: 0 less-equal 128
[AR_03]ip community-filter basic bgp_next_virtual_hop permit 192168034
[AR_03]route-policy bgp_next_virtual_hop permit node 10
[AR_03-route-policy] if-match ip-prefix ipv4_any
[AR_03-route-policy] if-match ipv6 address prefix-list ipv6_any
[AR_03-route-policy] if-match community-filter bgp_next_virtual_hop
[AR_03-route-policy] apply ip-address next-hop 192.168.0.34
[AR_03-route-policy] apply ipv6 next-hop 2409:8055:5C00:0:192:168:0:34
[AR_03-route-policy] apply local-preference 500
[AR_03-route-policy]qui
[AR_03]route-policy bgp_next_virtual_hop permit node 20
[AR_03-route-policy]qui
[AR_03]bgp 9808
[AR_03-bgp] ipv4-family unicast
[AR_03-bgp-af-ipv4] peer 100.0.0.5 route-policy bgp_next_virtual_hop export
[AR_03-bgp-af-ipv4] qui
[AR_03-bgp] ipv6-family unicast
[AR_03-bgp-af-ipv6] peer 2409:8055:5C00:0:100::5 route-policy bgp_next_virtual_hop export
[AR_03-bgp-af-ipv6]qui
[AR_03-bgp]qui
[AR_03]
--------------------------------------
AR_04:
[AR_04]ip ip-prefix ipv4_any index 10 permit 0.0.0.0 0 less-equal 32
[AR_04]ip ipv6-prefix ipv6_any index 10 permit :: 0 less-equal 128
[AR_04]ip community-filter basic bgp_next_virtual_hop permit 192168034
[AR_04]route-policy bgp_next_virtual_hop permit node 10
[AR_04-route-policy] if-match ip-prefix ipv4_any
[AR_04-route-policy] if-match ipv6 address prefix-list ipv6_any
[AR_04-route-policy] if-match community-filter bgp_next_virtual_hop
[AR_04-route-policy] apply ip-address next-hop 192.168.0.34
[AR_04-route-policy] apply ipv6 next-hop 2409:8055:5C00:0:192:168:0:34
[AR_04-route-policy] apply local-preference 500
[AR_04-route-policy]qui
[AR_04]route-policy bgp_next_virtual_hop permit node 20
[AR_04-route-policy]qui
[AR_04]bgp 9808
[AR_04-bgp] ipv4-family unicast
[AR_04-bgp-af-ipv4] peer 100.0.0.5 route-policy bgp_next_virtual_hop export
[AR_04-bgp-af-ipv4] qui
[AR_04-bgp] ipv6-family unicast
[AR_04-bgp-af-ipv6] peer 2409:8055:5C00:0:100::5 route-policy bgp_next_virtual_hop export
[AR_04-bgp-af-ipv6]qui
[AR_04-bgp]qui
[AR_04]
6、业务路由策略
AR_03:
[AR_03]ip ip-prefix accepted_routes index 10 permit 223.73.54.0 24
[AR_03]ip ipv6-prefix accepted_routes index 10 permit 2409:8A55:936:1AE0:B04D:C0DD:94F7:0 112
[AR_03]ip ipv6-prefix accepted_routes index 20 permit 2001:DB8:888:1:: 112
[AR_03]ip ipv6-prefix accepted_routes index 30 permit 2409:8086:5A0A:10:1:12:: 112
[AR_03]ip ipv6-prefix accepted_routes index 40 permit 2409:8086:5A0A:10:1:13:: 112
[AR_03]route-policy accepted_routes permit node 10
[AR_03-route-policy] if-match ip-prefix accepted_routes
[AR_03-route-policy] if-match ipv6 address prefix-list accepted_routes
[AR_03-route-policy] apply community 192168034
[AR_03-route-policy] apply local-preference 5000
[AR_03-route-policy]qui
[AR_03]route-policy accepted_routes deny node 999
[AR_03-route-policy]qui
[AR_03]bgp 9808
[AR_03-bgp] ipv4-family unicast
[AR_03-bgp-af-ipv4] peer 183.26.96.1 route-policy accepted_routes import
[AR_03-bgp-af-ipv4] peer 183.26.96.1 default-route-advertise
[AR_03-bgp-af-ipv4] qui
[AR_03-bgp] ipv6-family unicast
[AR_03-bgp-af-ipv6] peer 2409:8055:5C00:0:2800:: route-policy accepted_routes import
[AR_03-bgp-af-ipv6] peer 2409:8055:5C00:0:2800:: default-route-advertise
[AR_03-bgp-af-ipv6]qui
[AR_03-bgp]qui
[AR_03]
--------------------------------------
AR_04:
[AR_04]ip ip-prefix accepted_routes index 10 permit 223.73.54.0 24
[AR_04]ip ipv6-prefix accepted_routes index 10 permit 2409:8A55:936:1AE0:B04D:C0DD:94F7:0 112
[AR_04]ip ipv6-prefix accepted_routes index 20 permit 2001:DB8:888:1:: 112
[AR_04]ip ipv6-prefix accepted_routes index 30 permit 2409:8086:5A0A:10:1:12:: 112
[AR_04]ip ipv6-prefix accepted_routes index 40 permit 2409:8086:5A0A:10:1:13:: 112
[AR_04]route-policy accepted_routes permit node 10
[AR_04-route-policy] if-match ip-prefix accepted_routes
[AR_04-route-policy] if-match ipv6 address prefix-list accepted_routes
[AR_04-route-policy] apply community 192168034
[AR_04-route-policy] apply local-preference 5000
[AR_04-route-policy]qui
[AR_04]route-policy accepted_routes deny node 999
[AR_04-route-policy]qui
[AR_04]bgp 9808
[AR_04-bgp] ipv4-family unicast
[AR_04-bgp-af-ipv4] peer 183.26.96.5 route-policy accepted_routes import
[AR_04-bgp-af-ipv4] peer 183.26.96.5 default-route-advertise
[AR_04-bgp-af-ipv4] qui
[AR_04-bgp] ipv6-family unicast
[AR_04-bgp-af-ipv6] peer 2409:8055:5C00:0:2800::2 route-policy accepted_routes import
[AR_04-bgp-af-ipv6] peer 2409:8055:5C00:0:2800::2 default-route-advertise
[AR_04-bgp-af-ipv6]qui
[AR_04-bgp]qui
[AR_04]
