网易首页 > 网易号 > 正文 申请入驻

H3C交换机 路由器,搭建内网,并实现内外网互通

0
分享至

  前言:

  最近公司新办公区机房基本已经升级完成,整体网络布局如下图 【新办公区网络拓扑图初稿】

  

  为此进行了一次网络模拟,具体如下图

  

  网络要求:

  vlan划分:

  vlan1:192.168.1.1

  vlan2:192.168.2.1

  vlan3:192.168.3.1

  vlan4:192.168.4.1

  vlan5:192.168.5.1

  两条外网专线【光纤】:

  电信专线:200.1.1.88

  移动专线:202.1.1.100

  其中

  1、 通过NAT 实现 vlan4 和vlan5 两个网段通过 移动专线连接外网,vlan2和vlan3两个网段通过电信连接外网

  2、内网间互通

  具体配置过程:

  二层汇聚交换机

  1、创建多个vlan

  [SW_HUIJU_1]hostname SW_HUIJU_1

  "[SW_HUIJU_1]"

  [SW_HUIJU_1]vlan 2

  [SW_HUIJU_1-vlan2]quit

  [SW_HUIJU_1]vlan 3

  [SW_HUIJU_1-vlan3]quit

  [SW_HUIJU_1]vlan 4

  [SW_HUIJU_1-vlan4]quit

  [SW_HUIJU_1]vlan 5

  [SW_HUIJU_1-vlan5]quit

  "[SW_HUIJU_1]"

  2、将不同的端口加入到不同的vlan 中,接口模式为access

  #修改接口模式:

  #注意H3C设备的接口默认为access ,如果不是access 可以通过如下命令来进行更改

  [SW_HUIJU_1]interface GigabitEthernet 1/0/2

  [SW_HUIJU_1-GigabitEthernet1/0/2]port link-type access

  "[SW_HUIJU_1-GigabitEthernet1/0/2]"

  #将接口加入到相应的vlan中

  [SW_HUIJU_1]vlan 2

  [SW_HUIJU_1-vlan2]prot gi

  [SW_HUIJU_1-vlan2]port GigabitEthernet 1/0/2

  #--------------------------------------------------------------

  #或者通过如下方式将端口加入到vlan中

  [SW_HUIJU_1]interface GigabitEthernet 1/0/2

  [SW_HUIJU_1-GigabitEthernet1/0/2]port access vlan 2

  [SW_HUIJU_1-GigabitEthernet1/0/2]quit

  "[SW_HUIJU_1]"

  "[SW_HUIJU_1]"

  #---------------------------------------------------------------

  [SW_HUIJU_1]interface GigabitEthernet 1/0/3

  "[SW_HUIJU_1-GigabitEthernet1/0/3]"

  [SW_HUIJU_1-GigabitEthernet1/0/3]port link-type access

  [SW_HUIJU_1-GigabitEthernet1/0/3]quit

  [SW_HUIJU_1]vlan 3

  "[SW_HUIJU_1-vlan3]"

  [SW_HUIJU_1-vlan3]port GigabitEthernet 1/0/2

  [SW_HUIJU_1-vlan3]quit

  "[SW_HUIJU_1]"

  [SW_HUIJU_1]interface GigabitEthernet 1/0/4

  "[SW_HUIJU_1-GigabitEthernet1/0/4]"

  [SW_HUIJU_1-GigabitEthernet1/0/4]port link-type access

  [SW_HUIJU_1-GigabitEthernet1/0/4]quit

  "[SW_HUIJU_1]"

  [SW_HUIJU_1]vlan 4

  [SW_HUIJU_1-vlan4]port GigabitEthernet 1/0/4

  [SW_HUIJU_1-vlan4]qu

  "[SW_HUIJU_1]"

  [SW_HUIJU_1]interface GigabitEthernet 1/0/5

  "[SW_HUIJU_1-GigabitEthernet1/0/5]"

  [SW_HUIJU_1-GigabitEthernet1/0/5]port link-type access

  [SW_HUIJU_1-GigabitEthernet1/0/5]quit

  [SW_HUIJU_1]vlan 5

  "[SW_HUIJU_1-vlan5]"

  [SW_HUIJU_1-vlan5]port GigabitEthernet 1/0/5

  [SW_HUIJU_1-vlan5]quit

  "[SW_HUIJU_1]"

  "[SW_HUIJU_1]"

  3、设置与 三层核心交换机相连的端口为trunk ,并允许 通过相关vlan

  [SW_HUIJU_1]interface GigabitEthernet 1/0/1

  [SW_HUIJU_1-GigabitEthernet1/0/1]port link-type trunk

  [SW_HUIJU_1-GigabitEthernet1/0/1]port trunk permit vlan 1 to 5

  "[SW_HUIJU_1-GigabitEthernet1/0/1]"

  "[SW_HUIJU_1-GigabitEthernet1/0/1]"

  三层核心交换机

  1、创建不同的vlan

  "[SW_HEXIN]"

  [SW_HEXIN]vlan 2

  [SW_HEXIN-vlan2]vlan 3

  [SW_HEXIN-vlan3]vlan 4

  [SW_HEXIN-vlan4]vlan 5

  [SW_HEXIN-vlan5]quit

  "[SW_HEXIN]"

  2、给vlan 配置ip地址

  [SW_HEXIN]interface Vlan-interface 1

  [SW_HEXIN-Vlan-interface1]ip address 192.168.1.1 24

  [SW_HEXIN-Vlan-interface1]quit

  "[SW_HEXIN]"

  [SW_HEXIN]interface Vlan-interface 2

  [SW_HEXIN-Vlan-interface2]ip address 192.168.2.1 24

  [SW_HEXIN-Vlan-interface2]quit

  "[SW_HEXIN]"

  [SW_HEXIN]interface Vlan-interface 3

  [SW_HEXIN-Vlan-interface3]ip address 192.168.3.1 24

  [SW_HEXIN-Vlan-interface3]quit

  "[SW_HEXIN]"

  [SW_HEXIN]interface Vlan-interface 4

  [SW_HEXIN-Vlan-interface4]ip address 192.168.4.1 24

  [SW_HEXIN-Vlan-interface4]quit

  "[SW_HEXIN]"

  [SW_HEXIN]interface Vlan-interface 5

  [SW_HEXIN-Vlan-interface5]ip address 192.168.5.1 24

  [SW_HEXIN-Vlan-interface5]quit

  "[SW_HEXIN]"

  [SW_HEXIN] dis interface vlan br

  Brief information on interfaces in route mode:

  Link: ADM - administratively down; Stby - standby

  Protocol: (s) - spoofing

  Interface Link Protocol Primary IP Description

  Vlan1 UP UP 192.168.1.1

  Vlan2 UP UP 192.168.2.1

  Vlan3 UP UP 192.168.3.1

  Vlan4 UP UP 192.168.4.1

  Vlan5 UP UP 192.168.5.1

  "[SW_HEXIN]"

  3、设置与二层交换机相连的端口为trunk ,并允许通过相关的vlan

  [SW_HEXIN]interface GigabitEthernet 1/0/2

  "[SW_HEXIN-GigabitEthernet1/0/2]"

  [SW_HEXIN-GigabitEthernet1/0/2]port link-type trunk

  [SW_HEXIN-GigabitEthernet1/0/2]port trunk permit vlan 2 3 4 5

  [SW_HEXIN-GigabitEthernet1/0/2]dis th

  #

  interface GigabitEthernet1/0/2

  port link-mode bridge

  port link-type trunk

  port trunk permit vlan 1 to 5

  combo enable fiber

  #

  return

  "[SW_HEXIN-GigabitEthernet1/0/2]"

  [SW_HEXIN-GigabitEthernet1/0/2]quit

  "[SW_HEXIN]"

  4、设置静态路由条目

  [SW_HEXIN]ip route-static 0.0.0.0 0 192.168.1.2(出三层交换机的下一跳地址,即对端路由器接口地址)

  核心路由器

  1、设置与三层交换机相连的接口ip

  [ROUTE]interface GigabitEthernet 0/1

  "[ROUTE-GigabitEthernet0/1]"

  [ROUTE-GigabitEthernet0/1]ip address 192.168.1.2 24

  2、设置外网出口ip【即运营商给分配的ip 地址】

  [ROUTE]interface GigabitEthernet 0/0

  "[ROUTE-GigabitEthernet0/0]"

  [ROUTE-GigabitEthernet0/0]ip address 200.1.1.88 24

  [ROUTE]interface GigabitEthernet 0/2

  "[ROUTE-GigabitEthernet0/2]"

  [ROUTE-GigabitEthernet0/2]ip address 202.1.1.100 24

  3、设置路由条目

  [ROUTE]ip route-static 0.0.0.0 0 200.1.1.1【外网网关即外网下一跳地址】

  [ROUTE]ip route-static 0.0.0.0 0 202.1.1.1【外网网关即外网下一跳地址】 preference 70

  [ROUTE]ip route-static 192.168.2.0 24 192.168.1.1

  [ROUTE]ip route-static 192.168.3.0 24 192.168.1.1

  [ROUTE]ip route-static 192.168.4.0 24 192.168.1.1

  [ROUTE]ip route-static 192.168.5.0 24 192.168.1.1

  4、NAT转换

  [ROUTE]acl basic 2000

  "[ROUTE-acl-ipv4-basic-2000]"

  [ROUTE-acl-ipv4-basic-2000]rule 0 permit source 192.168.2.0 0.0.0.255

  [ROUTE-acl-ipv4-basic-2000]rule 1 permit source 192.168.3.0 0.0.0.255

  "[ROUTE-acl-ipv4-basic-2000]"

  [ROUTE-acl-ipv4-basic-2000]acl basc 2001

  "[ROUTE-acl-ipv4-basic-2001]"

  [ROUTE-acl-ipv4-basic-2001]rule 0 permit source 192.168.4.0 0.0.0.255

  [ROUTE-acl-ipv4-basic-2001]rule 1 permit source 192.168.5.0 0.0.0.255

  [ROUTE-acl-ipv4-basic-2001]quit

  "[ROUTE]"

  [ROUTE]nat address-group 0

  [ROUTE-address-group-0] address 200.1.1.88 200.1.1.88

  [ROUTE-address-group-0]quit

  [ROUTE]nat address-group 1

  [ROUTE-address-group-1] address 202.1.1.100 202.1.1.100

  [ROUTE-address-group-1]quit

  "[ROUTE]"

  [ROUTE]interface GigabitEthernet 0/0

  [ROUTE-GigabitEthernet0/0] nat outbound 2000 address-group 0

  [ROUTE-GigabitEthernet0/0]quit

  "[ROUTE]"

  [ROUTE]interface GigabitEthernet 0/2

  [ROUTE-GigabitEthernet0/2] nat outbound 2001 address-group 1

  [ROUTE-GigabitEthernet0/2]quit

  "[ROUTE]"

  =============================================

  [ROUTE]int GigabitEthernet 0/0

  [ROUTE-GigabitEthernet0/0]dis thi

  #

  interface GigabitEthernet0/0

  port link-mode route

  combo enable copper

  ip address 200.1.1.88 255.255.255.0

  nat outbound 2000 address-group 0

  #

  return

  "[ROUTE-GigabitEthernet0/0]"

  ==============================================

  [ROUTE]int GigabitEthernet 0/2

  [ROUTE-GigabitEthernet0/2]dis this

  #

  interface GigabitEthernet0/2

  port link-mode route

  combo enable copper

  ip address 202.1.1.100 255.255.255.0

  nat outbound 2001 address-group 1

  #

  return

  "[ROUTE-GigabitEthernet0/2]"

  ===========================

  [ROUTE]dis nat session verbose

  测试

  #测试内网互通

  #通过192.168.2.2 主机来进行测试

  ping 192.168.3.2

  Ping 192.168.3.2 (192.168.3.2): 56 data bytes, press CTRL_C to break

  56 bytes from 192.168.3.2: icmp_seq=0 ttl=254 time=2.000 ms

  56 bytes from 192.168.3.2: icmp_seq=1 ttl=254 time=3.000 ms

  56 bytes from 192.168.3.2: icmp_seq=2 ttl=254 time=2.000 ms

  56 bytes from 192.168.3.2: icmp_seq=3 ttl=254 time=2.000 ms

  56 bytes from 192.168.3.2: icmp_seq=4 ttl=254 time=2.000 ms

  --- Ping statistics for 192.168.3.2 ---

  5 packet(s) transmitted, 5 packet(s) received, 0.0% packet loss

  round-trip min/avg/max/std-dev = 2.000/2.200/3.000/0.400 ms

  %Apr 12 15:24:44:112 2021 H3C PING/6/PING_STATISTICS: Ping statistics for 192.168.3.2: 5 packet(s) transmitted, 5 packet(s) received, 0.0% packet loss, round-trip min/avg/max/std-dev = 2.000/2.200/3.000/0.400 ms.

  ping 192.168.4.2

  Ping 192.168.4.2 (192.168.4.2): 56 data bytes, press CTRL_C to break

  56 bytes from 192.168.4.2: icmp_seq=0 ttl=254 time=2.000 ms

  56 bytes from 192.168.4.2: icmp_seq=1 ttl=254 time=2.000 ms

  56 bytes from 192.168.4.2: icmp_seq=2 ttl=254 time=2.000 ms

  56 bytes from 192.168.4.2: icmp_seq=3 ttl=254 time=1.000 ms

  56 bytes from 192.168.4.2: icmp_seq=4 ttl=254 time=2.000 ms

  --- Ping statistics for 192.168.4.2 ---

  5 packet(s) transmitted, 5 packet(s) received, 0.0% packet loss

  round-trip min/avg/max/std-dev = 1.000/1.800/2.000/0.400 ms

  %Apr 12 15:24:49:254 2021 H3C PING/6/PING_STATISTICS: Ping statistics for 192.168.4.2: 5 packet(s) transmitted, 5 packet(s) received, 0.0% packet loss, round-trip min/avg/max/std-dev = 1.000/1.800/2.000/0.400 ms.

  ping 192.168.5.2

  Ping 192.168.5.2 (192.168.5.2): 56 data bytes, press CTRL_C to break

  56 bytes from 192.168.5.2: icmp_seq=0 ttl=254 time=1.000 ms

  56 bytes from 192.168.5.2: icmp_seq=1 ttl=254 time=2.000 ms

  56 bytes from 192.168.5.2: icmp_seq=2 ttl=254 time=2.000 ms

  56 bytes from 192.168.5.2: icmp_seq=3 ttl=254 time=2.000 ms

  56 bytes from 192.168.5.2: icmp_seq=4 ttl=254 time=2.000 ms

  --- Ping statistics for 192.168.5.2 ---

  5 packet(s) transmitted, 5 packet(s) received, 0.0% packet loss

  round-trip min/avg/max/std-dev = 1.000/1.800/2.000/0.400 ms

  %Apr 12 15:24:54:244 2021 H3C PING/6/PING_STATISTICS: Ping statistics for 192.168.5.2: 5 packet(s) transmitted, 5 packet(s) received, 0.0% packet loss, round-trip min/avg/max/std-dev = 1.000/1.800/2.000/0.400 ms.

  #=================================================================

  # vlan4 和vlan5 两个网段通过 移动专线连接外网,vlan2和vlan3两个网段通过电信连接外网

  # 两条外网专线【光纤】:

  # 电信专线:200.1.1.88

  # 移动专线:202.1.1.100

  #vlan2和vlan3 走 电信专线 200.1.1.88

  ping 200.1.1.1

  Ping 200.1.1.1 (200.1.1.1): 56 data bytes, press CTRL_C to break

  56 bytes from 200.1.1.1: icmp_seq=0 ttl=253 time=2.000 ms

  56 bytes from 200.1.1.1: icmp_seq=1 ttl=253 time=2.000 ms

  56 bytes from 200.1.1.1: icmp_seq=2 ttl=253 time=2.000 ms

  56 bytes from 200.1.1.1: icmp_seq=3 ttl=253 time=2.000 ms

  56 bytes from 200.1.1.1: icmp_seq=4 ttl=253 time=2.000 ms

  --- Ping statistics for 200.1.1.1 ---

  5 packet(s) transmitted, 5 packet(s) received, 0.0% packet loss

  round-trip min/avg/max/std-dev = 2.000/2.000/2.000/0.000 ms

  %Apr 12 15:28:03:574 2021 H3C PING/6/PING_STATISTICS: Ping statistics for 200.1.1.1: 5 packet(s) transmitted, 5 packet(s) received, 0.0% packet loss, round-trip min/avg/max/std-dev = 2.000/2.000/2.000/0.000 ms.

  #核心路由器上查看2段和3段走电信200.1.1.88

  [ROUTE]dis nat session verbose

  Slot 0:

  Initiator:

  Source IP/port: 192.168.2.2/198

  Destination IP/port: 200.1.1.1/2048

  DS-Lite tunnel peer: -

  VPN instance/VLAN ID/Inline ID: -/-/-

  Protocol: ICMP(1)

  Inbound interface: GigabitEthernet0/1

  Responder:

  Source IP/port: 200.1.1.1/17

  Destination IP/port: 200.1.1.88/0

  DS-Lite tunnel peer: -

  VPN instance/VLAN ID/Inline ID: -/-/-

  Protocol: ICMP(1)

  Inbound interface: GigabitEthernet0/0

  State: ICMP_REPLY

  Application: OTHER

  Role: -

  Failover group ID: -

  Start time: 2021-04-12 15:30:00 TTL: 24s

  Initiator->Responder: 0 packets 0 bytes

  Responder->Initiator: 0 packets 0 bytes

  Total sessions found: 1

  "[ROUTE]"

  #vlan4和vlan5 走 移动专线 202.1.1.100

  ping 202.1.1.1

  Ping 202.1.1.1 (202.1.1.1): 56 data bytes, press CTRL_C to break

  56 bytes from 202.1.1.1: icmp_seq=0 ttl=253 time=2.000 ms

  56 bytes from 202.1.1.1: icmp_seq=1 ttl=253 time=3.000 ms

  56 bytes from 202.1.1.1: icmp_seq=2 ttl=253 time=2.000 ms

  56 bytes from 202.1.1.1: icmp_seq=3 ttl=253 time=2.000 ms

  56 bytes from 202.1.1.1: icmp_seq=4 ttl=253 time=1.000 ms

  --- Ping statistics for 202.1.1.1 ---

  5 packet(s) transmitted, 5 packet(s) received, 0.0% packet loss

  round-trip min/avg/max/std-dev = 1.000/2.000/3.000/0.632 ms

  %Apr 12 15:29:27:489 2021 H3C PING/6/PING_STATISTICS: Ping statistics for 202.1.1.1: 5 packet(s) transmitted, 5 packet(s) received, 0.0% packet loss, round-trip min/avg/max/std-dev = 1.000/2.000/3.000/0.632 ms.

  #核心路由器上查看2段和3段走移动202.1.1.100

  [ROUTE]dis nat session verbose

  Slot 0:

  Initiator:

  Source IP/port: 192.168.4.2/181

  Destination IP/port: 202.1.1.1/2048

  DS-Lite tunnel peer: -

  VPN instance/VLAN ID/Inline ID: -/-/-

  Protocol: ICMP(1)

  Inbound interface: GigabitEthernet0/1

  Responder:

  Source IP/port: 202.1.1.1/11

  Destination IP/port: 202.1.1.100/0

  DS-Lite tunnel peer: -

  VPN instance/VLAN ID/Inline ID: -/-/-

  Protocol: ICMP(1)

  Inbound interface: GigabitEthernet0/2

  State: ICMP_REPLY

  Application: OTHER

  Role: -

  Failover group ID: -

  Start time: 2021-04-12 15:31:51 TTL: 25s

  Initiator->Responder: 0 packets 0 bytes

  Responder->Initiator: 0 packets 0 bytes

  Total sessions found: 1

  "[ROUTE]"

  我是 肥肥运维 码字不易,如果觉得本文能够帮到你,请 关注 点赞 收藏,也许以后能用得到,谢谢。

特别声明:以上内容(如有图片或视频亦包括在内)为自媒体平台“网易号”用户上传并发布,本平台仅提供信息存储服务。

Notice: The content above (including the pictures and videos if any) is uploaded and posted by a user of NetEase Hao, which is a social media platform and only provides information storage services.

相关推荐
热点推荐

车子被刮找不到人怎么办?交警:牢记这3招,让他乖乖回来找你

汽车报价所
2021-05-14 16:31:57

周琦去意已决?新疆男篮宣布重大决定,中国男篮超巨去向已定

山东体育资讯
2021-05-15 12:56:44

安徽、辽宁传播链拉长,感染到底如何发生的?会不会出现失控?

健康养生plus
2021-05-15 11:31:30

86岁老中医“天然伟哥”发现了,男人睡前撒一口,回到18

小伊伊的体育
2021-05-15 15:52:38

5-0!李影用4粒进球向贾秀全发出灵魂拷问:为啥国家队不要我?

你懂个球
2021-05-15 20:16:58

被陈道明称母老虎,敢骂陈建斌脏话,三婚失败的刘蓓为啥这么牛?

轩铭观娱
2021-05-15 04:18:15

默克尔对美强势发声后,德媒突然发现不对劲,多国目光看向中国

海拔新观察
2021-05-14 21:52:57

土耳其黑老大拥有后宫无数,称她们“小猫”,终因犯罪被判刑1075年

溪水娱乐
2021-05-14 12:15:51

离开工不远啦!今年这4条铁路(含高铁)已获批,与4个省市有关

视怀
2021-05-15 22:20:02

这才是格局!瑞典限期5年拆除华为设备,爱立信在国内却被开绿灯

第一军事说
2021-05-15 05:43:58

尽快卖掉惠州和中山的房子

专属定制财经日报
2021-05-14 03:21:36

哈马斯武装迎来最大外援!伊朗和真主党武装发动袭击,警告以色列

南国军情
2021-05-15 22:54:53

10位开国大将都已离世,但有1位夫人还在,99岁高龄现状如何?

吴比乐娱乐社
2021-05-15 18:52:36

《自然》子刊:打工人必看——常喝咖啡可改变大脑功能连接,且改变程度与咖啡摄入频率密切相关!| 临床大发现

奇点网
2021-05-15 23:52:37

都说杜母能否为合格被告今日出结果,为何还没有?原因可能在这里

生活直通车
2021-05-16 03:41:18

拜登一语震动西方世界,默克尔反应强烈,美媒:原来欧盟才是小丑

苗家少女
2021-05-15 12:15:12

医学论文遭严查,南京医科大学SCI论文发表当天就主动要求撤稿!

学而不思则忘
2021-05-15 22:49:24

打了70年 以色列成了人均4万美元富国!巴勒斯坦为啥还是老样子

无法明明
2021-05-15 03:07:37

一个江苏大学生打女友,扯头发下楼打了一个小时,说她不让我进去

松鼠爱美食
2021-05-15 14:53:56

保利尼奥、塔利斯卡或双双离队,足协:高水平外援无用

开球咯
2021-05-15 21:51:15
2021-05-16 07:44:51
一首悲歌
一首悲歌
娱乐方面的资讯
466文章数 20149关注度
往期回顾 全部

科技要闻

骄傲!祝融号成功着陆 五星红旗闪耀火星

头条要闻

办公楼遭以军空袭?美联社发声明:员工安全撤离!

头条要闻

马伊琍道歉上热搜!代言奶茶店爆雷涉案7亿 雇人排队

体育要闻

天赋!胖虎转型打控卫 首战数据就炸裂

娱乐要闻

天仙攻!刘亦菲梳大背头气场凌厉

财经要闻

汽车要闻

或为纯电动力 雪佛兰发布全新两厢车型

态度原创

家居
艺术
时尚
数码
军事航空

家居要闻

港男月入过万只能带妻儿住7平蜗居 在洗衣机上做饭

艺术要闻

在没有“内卷”的艺术馆探索生活内核吧

某内衣品牌逐渐重口味?竟然选了她

数码要闻

华为Mate新品大爆发!不止一款,5月19日亮相

军事要闻

俄罗斯反制!“没有挽回余地”