路由器

首页 路由器设置 192.168 路由器大全 电脑教程 软件下载

华为ensp路由器双网络互为冗余,提高网络的可靠性配置实验

小编:大闷头 更新时间:2022-04-19 14:45
华为ensp路由器双网络互为冗余,提高网络的可靠性配置实验

拓扑图

搭建个网络,让AB两个公司的网络相互冗余,当任意一边出现故障无法访问互联网时可以保持网络的连通性,来达到提高网络稳定性的需求。

基本信息:

AR1与AR2通过Ethernet2/0/0、Ethernet2/0/1相互互联

配置案例

AR1基本网络配置,使得PC1通过DHCP自动获取到IP地址及DNS,并且可以正常访问互联网。

The device is running! system-view #进入系统视图 Enter system view, return user view with Ctrl+Z. [Huawei]sysname AR1 #修改设备名称 [AR1]undo info-center enable #关闭信息中心提示 Info: Information center is disabled. [AR1]interface GigabitEthernet 0/0/0 #进入端口0/0/0 [AR1-GigabitEthernet0/0/0]ip address 10.11.12.10 24 #配置上联端口的IP地址及子网掩码 [AR1-GigabitEthernet0/0/0]ping 10.11.12.1 #检测与上联网关连通性 PING 10.11.12.1: 56 data bytes, press CTRL_C to break Reply from 10.11.12.1: bytes=56 Sequence=1 ttl=128 time=60 ms Reply from 10.11.12.1: bytes=56 Sequence=2 ttl=128 time=10 ms Reply from 10.11.12.1: bytes=56 Sequence=3 ttl=128 time=10 ms Reply from 10.11.12.1: bytes=56 Sequence=4 ttl=128 time=10 ms Reply from 10.11.12.1: bytes=56 Sequence=5 ttl=128 time=10 ms --- 10.11.12.1 ping statistics --- 5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 10/20/60 ms [AR1-GigabitEthernet0/0/0]quit #退出端口 [AR1]dhcp enable #开启dhcp功能 Info: The operation may take a few seconds. Please wait for a moment.done. [AR1]ip pool huawei #创建IP地址,并命名为huawei Info: It's successful to create an IP address pool. [AR1-ip-pool-huawei]network 192.168.10.0 mask 24 #配置A公司网段以及子网长度 [AR1-ip-pool-huawei]gateway-list 192.168.10.1 #配置网关 [AR1-ip-pool-huawei]dns-list 114.114.114.114 #配置dhcp分配的dns服务器地址 [AR1-ip-pool-huawei]quit #退出 [AR1]dns server 114.114.114.114 #配置AR1路由器的dns服务器地址 [AR1]dns resolve #开启dns功能 [AR1]ip route-static 0.0.0.0 0 10.11.12.1 #配置默认路由指向上联网关 [AR1]ping www.baidu.com #检测AR1路由器能否访问互联网 PING www.a.shifen.com: 56 data bytes, press CTRL_C to break Reply from 182.61.200.7: bytes=56 Sequence=1 ttl=128 time=80 ms Reply from 182.61.200.7: bytes=56 Sequence=2 ttl=128 time=80 ms Reply from 182.61.200.7: bytes=56 Sequence=3 ttl=128 time=70 ms Reply from 182.61.200.7: bytes=56 Sequence=4 ttl=128 time=70 ms Reply from 182.61.200.7: bytes=56 Sequence=5 ttl=128 time=80 ms --- www.a.shifen.com ping statistics --- 5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 70/76/80 ms [AR1]interface GigabitEthernet 0/0/1 #进入端口0/0/1 [AR1-GigabitEthernet0/0/1]ip address 192.168.10.1 24 #配置AR1内网网关及子网掩码 [AR1-GigabitEthernet0/0/1]dhcp select global #配置dhcp分配方式为全局(使用上面的IP地址池) [AR1-GigabitEthernet0/0/1]quit #退出端口 [AR1]acl 2001 #创建编号2001的基本acl [AR1-acl-basic-2001]rule permit source 192.168.10.0 255.255.255.0 #配置允许源IP地址及长度 [AR1-acl-basic-2001]quit #退出acl [AR1]interface GigabitEthernet 0/0/0 #进入端口0/0/0 [AR1-GigabitEthernet0/0/0]nat outbound 2001 #配置nat方向匹配acl 2001 [AR1-GigabitEthernet0/0/0]quit #退出端口

AR2基本网络配置,同时也要让PC2通过DHCP自动获取到IP地址及DNS,并且可以正常访问互联网。

The device is running! system-view #进入系统视图 Enter system view, return user view with Ctrl+Z. [Huawei]sysname AR2 #修改设备名称 [AR2]undo info-center enable #关闭信息中心提示 Info: Information center is disabled. [AR2]interface GigabitEthernet 0/0/0 #进入端口0/0/0 [AR2-GigabitEthernet0/0/0]ip address 10.11.12.20 24 #配置上联端口的IP地址及子网掩码 [AR2-GigabitEthernet0/0/0]ping 10.11.12.1 #检测与上联端口的连通性 PING 10.11.12.1: 56 data bytes, press CTRL_C to break Reply from 10.11.12.1: bytes=56 Sequence=1 ttl=128 time=70 ms Reply from 10.11.12.1: bytes=56 Sequence=2 ttl=128 time=10 ms Reply from 10.11.12.1: bytes=56 Sequence=3 ttl=128 time=10 ms Reply from 10.11.12.1: bytes=56 Sequence=4 ttl=128 time=10 ms Reply from 10.11.12.1: bytes=56 Sequence=5 ttl=128 time=10 ms --- 10.11.12.1 ping statistics --- 5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 10/22/70 ms [AR2-GigabitEthernet0/0/0]quit #退出端口 [AR2]dhcp enable #开启dhcp功能 Info: The operation may take a few seconds. Please wait for a moment.done. [AR2]ip pool huawei #创建IP地址池,并命名为huawei Info: It's successful to create an IP address pool. [AR2-ip-pool-huawei]network 192.168.20.0 mask 24 #配置A公司网段以及子网长度 [AR2-ip-pool-huawei]gateway-list 192.168.20.1 #配置网关 [AR2-ip-pool-huawei]dns-list 114.114.114.114 #配置dhcp分配的dns服务器地址 [AR2-ip-pool-huawei]quit #退出 [AR2]dns server 114.114.114.114 #配置AR2路由器的DNS服务器地址 [AR2]dns resolve #开启dns功能 [AR2]ip route-static 0.0.0.0 0 10.11.12.1 #配置默认路由并执行上联网关 [AR2]ping www.baidu.com #检测AR2路由器能否访问到互联网 PING www.a.shifen.com: 56 data bytes, press CTRL_C to break Reply from 182.61.200.6: bytes=56 Sequence=1 ttl=128 time=60 ms Reply from 182.61.200.6: bytes=56 Sequence=2 ttl=128 time=60 ms Reply from 182.61.200.6: bytes=56 Sequence=3 ttl=128 time=60 ms Reply from 182.61.200.6: bytes=56 Sequence=4 ttl=128 time=60 ms Reply from 182.61.200.6: bytes=56 Sequence=5 ttl=128 time=80 ms --- www.a.shifen.com ping statistics --- 5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 60/64/80 ms [AR2]interface GigabitEthernet 0/0/1 #进入端口0/0/1 [AR2-GigabitEthernet0/0/1]ip address 192.168.20.1 24 #配置AR1内网网关及子网掩码 [AR2-GigabitEthernet0/0/1]dhcp select global #配置dhcp分配方式为全局(使用上面的IP地址池) [AR2-GigabitEthernet0/0/1]quit #退出端口 [AR2]acl 2001 #创建编号2001的基本acl [AR2-acl-basic-2001]rule permit source 192.168.20.0 0.0.0.255 #配置允许源IP地址及长度 [AR2-acl-basic-2001]quit #退出端口 [AR2]interface GigabitEthernet 0/0/0 #进入端口0/0/0 [AR2-GigabitEthernet0/0/0]nat outbound 2001 #配置nat方向匹配acl 2001 [AR2-GigabitEthernet0/0/0]quit #退出端口

以上基本的路由就完成了,A公司B公司内部的PC1以及PC2都可以获取到地址并且可以访问到互联网

华为ensp路由器双网络互为冗余,提高网络的可靠性配置实验华为ensp路由器双网络互为冗余,提高网络的可靠性配置实验

开始配置两个网络的静态路由互通,这样就可以从另一台路由器访问到互联网

AR1互联配置,配置访问AR2时数据包通过2/0/0端口出去,返回时通过2/0/1端口回来,并添加NAT的匹配地址

[AR1]interface Ethernet 2/0/0 #进入端口2/0/0 [AR1-Ethernet2/0/0]ip address 10.12.1.1 24 #配置与AR2的互联地址及子网掩码 [AR1-Ethernet2/0/0]quit #退出端口 [AR1]interface Ethernet 2/0/1 #进入端口2/0/1 [AR1-Ethernet2/0/1]ip address 10.12.2.2 24 #配置与AR2的互联地址及子网掩码 [AR1-Ethernet2/0/1]quit #退出端口 [AR1]ip route-static 192.168.20.0 255.255.255.0 10.12.2.1 #配置访问AR2内部网络的路由 #如果不想AB两个内网可以相互访问,可以将上面这条路由删除,我这里就保留 [AR1]ip route-static 0.0.0.0 0 10.12.2.1 preference 100 #配置优先级为100的默认路由并指向AR2 [AR1]ping 192.168.20.254 #检测与PC2的联通性 PING 192.168.20.254: 56 data bytes, press CTRL_C to break Request time out Reply from 192.168.20.254: bytes=56 Sequence=2 ttl=127 time=20 ms Reply from 192.168.20.254: bytes=56 Sequence=3 ttl=127 time=20 ms Reply from 192.168.20.254: bytes=56 Sequence=4 ttl=127 time=20 ms Reply from 192.168.20.254: bytes=56 Sequence=5 ttl=127 time=20 ms --- 192.168.20.254 ping statistics --- 5 packet(s) transmitted 4 packet(s) received 20.00% packet loss round-trip min/avg/max = 20/20/20 ms [AR1]acl 2001 #进入ACL 2001 [AR1-acl-basic-2001]rule permit source 192.168.20.0 0.0.0.255 #添加AR2内网的源IP地址及长度 [AR1-acl-basic-2001]quit #退出

AR2互联配置,与AR1的相反,配置访问AR1时数据包通过2/0/1端口出去,返回时通过2/0/0端口回来,并添加NAT的匹配地址

[AR2]interface Ethernet 2/0/0 #进入端口2/0/0 [AR2-Ethernet2/0/0]ip address 10.12.2.1 24 #配置与AR1的互联IP地址及子网掩码 [AR2-Ethernet2/0/0]ping 10.12.2.2 #检测网络连通性 PING 10.12.2.2: 56 data bytes, press CTRL_C to break Reply from 10.12.2.2: bytes=56 Sequence=1 ttl=255 time=40 ms Reply from 10.12.2.2: bytes=56 Sequence=2 ttl=255 time=10 ms Reply from 10.12.2.2: bytes=56 Sequence=3 ttl=255 time=10 ms Reply from 10.12.2.2: bytes=56 Sequence=4 ttl=255 time=20 ms Reply from 10.12.2.2: bytes=56 Sequence=5 ttl=255 time=20 ms --- 10.12.2.2 ping statistics --- 5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 10/20/40 ms [AR2-Ethernet2/0/0]quit #退出端口 [AR2]interface Ethernet 2/0/1 #进入端口2/0/1 [AR2-Ethernet2/0/1]ip address 10.12.1.2 24 #配置与AR2的互联IP地址及子网掩码 [AR2-Ethernet2/0/1]ping 10.12.1.1 #检测网络连通性 PING 10.12.1.1: 56 data bytes, press CTRL_C to break Reply from 10.12.1.1: bytes=56 Sequence=1 ttl=255 time=30 ms Reply from 10.12.1.1: bytes=56 Sequence=2 ttl=255 time=30 ms Reply from 10.12.1.1: bytes=56 Sequence=3 ttl=255 time=20 ms Reply from 10.12.1.1: bytes=56 Sequence=4 ttl=255 time=20 ms Reply from 10.12.1.1: bytes=56 Sequence=5 ttl=255 time=20 ms --- 10.12.1.1 ping statistics --- 5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 20/24/30 ms [AR2-Ethernet2/0/1]quit #退出端口 [AR2]ip route-static 192.168.10.0 255.255.255.0 10.12.1.1 #配置访问AR1内部网络的路由 #如果不想AB两个内网可以相互访问,可以将上面这条路由删除,我这里就保留 [AR2]ip route-static 0.0.0.0 0 10.12.1.1 preference 100 #配置优先级为100的默认路由并指向AR1 [AR2]ping 192.168.10.254 #检测与PC1的连通性 PING 192.168.10.254: 56 data bytes, press CTRL_C to break Request time out Reply from 192.168.10.254: bytes=56 Sequence=2 ttl=127 time=20 ms Reply from 192.168.10.254: bytes=56 Sequence=3 ttl=127 time=20 ms Reply from 192.168.10.254: bytes=56 Sequence=4 ttl=127 time=20 ms Reply from 192.168.10.254: bytes=56 Sequence=5 ttl=127 time=30 ms --- 192.168.10.254 ping statistics --- 5 packet(s) transmitted 4 packet(s) received 20.00% packet loss round-trip min/avg/max = 20/22/30 ms [AR2]acl 2001 #进入ACL 2001 [AR2-acl-basic-2001]rule permit source 192.168.10.0 0.0.0.255 添加AR2内网的源IP地址及长度 [AR2-acl-basic-2001]quit #退出

配置完成后我们模拟一下AR1以及AR2出口线路故障后,PC1以及PC2能否正常访问网络

检测

关闭AR1的出口,模拟线路故障

[AR1]interface GigabitEthernet 0/0/0 #进入端口0/0/0 [AR1-GigabitEthernet0/0/0]shutdown #关闭端口 [AR1-GigabitEthernet0/0/0]quit #退出

查看AR1的路由表信息

华为ensp路由器双网络互为冗余,提高网络的可靠性配置实验

优先级100指向AR2的默认路由生效

PC1访问网络

华为ensp路由器双网络互为冗余,提高网络的可靠性配置实验

路由追踪时多了一跳路由

通过对去往AR2的出入端口抓包

PC1发送的数据包

华为ensp路由器双网络互为冗余,提高网络的可靠性配置实验

AR2 Ethernet2/0/1

百度回传的数据包

华为ensp路由器双网络互为冗余,提高网络的可靠性配置实验

AR1 Ethernet2/0/1

这样当AR1无法正常连接互联网时就可以让流量走到AR2访问

恢复AR1的出接口,并禁用AR2出接口模拟线路故障

[AR1]interface GigabitEthernet 0/0/0 #进入端口0/0/0 [AR1-GigabitEthernet0/0/0]undo shutdown #取消关闭端口 [AR1-GigabitEthernet0/0/0]quit #退出

[AR2]interface GigabitEthernet 0/0/0 #进入端口0/0/0 [AR2-GigabitEthernet0/0/0]shutdown #关闭端口 [AR2-GigabitEthernet0/0/0]quit #退出

查看下AR2的路由表

华为ensp路由器双网络互为冗余,提高网络的可靠性配置实验

优先级100指向AR1的默认路由生效

PC2访问网络

华为ensp路由器双网络互为冗余,提高网络的可靠性配置实验

路由追踪也是多了一跳

通过对去往AR1的出入端口抓包

PC2发送的数据包

华为ensp路由器双网络互为冗余,提高网络的可靠性配置实验

AR1 Ethernet2/0/0

百度回传的数据表

华为ensp路由器双网络互为冗余,提高网络的可靠性配置实验

AR2 Ethernet2/0/0

至此,我们的需求就配置完成了,达到了当AR1外网故障时会切换到AR2的出口进行访问互联网,同理AR2的外网故障时也会自动切换到AR1的出口进行访问,虽然切换的会有短暂的丢包,但是可以马上恢复网络访问。

上一篇:路由器保护你的所有家用设备网络安全(路由器安全防护) 下一篇:华为路由器H6怎么样(华为路由H6怎么样)
相关推荐
最新文章
热门文章

Copyright © 2016-2025 路由器 All Rights Reserved

联系我们:luyouqicom@126.com 粤ICP备2021105330号-2