Function of the network
messaging system resource sharing to improve the processing performance increase reliability
60s packet switched
70 ~ 80 tcp / ip
topology
point wan
star lan
mesh lan
OSI seven-layer reference model
tcp / ip five-layer reference model
application layer
transport layer firewall
router network layer
data link layer switch
physical layer network card
user view
system view
interface view,
protocol view
switch works
learning, broadcast, forward, updated
broadcast flooding
broadcast domain
vlan vLAN
virtual
control of broadcasting
increase security
and improve the bandwidth utilization
to reduce data transfer delayed
50 ~ 100ms 60ms
20ms
1S = 1000ms
vlan maximum number of 4096
vlan1 default vlan, no need to create, you can not delete
1, create vlan
system view
vlan 2 // create vlan2
undo vlan 2 // delete vlan 2
2, addition of the relevant interface vlan
in E0 / 0 /. 3 // enter the interface. 3
Port Access Link-type // change the access interface type, showing a vlan about to transmit a data
port default vlan 2 // modify the interface and services vlan
previous display vlan vlan view listing verification operation
vlan BATCH 20 is 10 30
Use the undo vlan BATCH 10 20 is 30
[the Huawei] vlan BATCH 2. 3 // Create VLAN2,3
[the Huawei] Port-Group. 1 / / build group, a group number. 1
[the Huawei. 1-port-group-] group Member-Ethernet0 / 0 /. 3 Ethernet0 / 0 /. 4 // group 3 and 4 were added
[Huawei-port-group-1 ] port link-type access // command group in a knock is equal to knock all interfaces in the group
[Huawei-port-group-1 ] port default vlan 2
segments
VLAN1
192.168.1.1
192.168.1.2
VLAN2
192.168.2.1
192.168 .2.2
vlan3
192.168.3.1
192.168.3.2
Access access link carries a vlan
Trunk carrying a plurality of relay link vlan vlan tag hit
in E0 / 0 /. 7
Port default. 1 // restore default vlan vlan
Port Link Trunk-type // Review for the relay link
port trunk allow-pass vlan all // allows all vlan
aggregation links, increase reliability, increase the bandwidth of
system view is
clear configuration interface ethernet0 / 0/7 // clear all configuration, restore the default, then the interface will automatically turn off
[the Huawei] interface Ethernet0 / 0 /. 7
Use the undo the shutdown // open interfaces ##########################
[the Huawei] interface Eth- trunk 1 // enter (create) Interface link Aggregation. 1
[Huawei- the Eth-Trunk1] trunkport 0/0/7 0/0/8 E // bundle 7 and 8, this step is not the default state if the interface will given prompt, restoration of default.
Port link Trunk-type // link Aggregation interface modification of the relay link
port trunk allow-pass vlan all // release all the vlan
network layer router ip
The data link layer switch mac
different sectors = = VLAN different network segments of different broadcast domains =
2 ^ n -2
A 1677 127 ~. 1 million +
255.0.0.0
B 128 191 65534 ~
255.255.0.0
C 192 ~ 223 254
255.255 .255.0
192.168.0.1 ~ 192.168.0.254
each segment address is a first network id, a last address is the broadcast address
192.168.0.1
172.16.0.0 172.16.255.255
172.16.0.1 ~ 172.16.255.254
ICMP Internet control message protocol can query the network status and the corresponding feedback data
undo ip add into the interface ip delete
the display this interface to view the configuration of ip address
routing table
is automatically generated after direct routes ip router interface configuration, and open the
static routes manually configured small-scale network is suitable
R1
ip route-static 192.168.3.0 24-192.168.2.2
ip route-static 192.168.2.2 192.168.4.0 24-
R2
route-static ip 192.168.1.0 Use the undo 24 192.168.2.3
ip route-static 192.168.1.0 24 192.168.2.1
Run the display ip routing-the Table | the include / routing table contains rows 24/24
########## ################################################## #####
switch Layer
vlan
controls the broadcast, increase safety, improve bandwidth utilization, reduce data transfer latency
routers implement different network link, the physical interface configuration ip
three switches + = Layer three routing switching, in the ip virtual interface
to build the network using three switches:
1, Layer 2 switches. 3 create VLAN
VLAN 2. 3 BATCH
2, was added the corresponding interface VLAN
in G0 / 0/2
Port-type Link Access
Port default VLAN 2
DIS VLAN
. 3 into vlan interface (virtual interface) ip address configuration, this ip as
a gateway terminal device
in vlan. 1
ip 192.168.1.254 the Add 24
DIS CUR
added S3700 switches, three switches to achieve a more rational use of the object
1, created in S3700. 3 VLAN2
2, the pc linked interfaces to corresponding vlan in S3700
. 3, the configuration of the link between the two switches a relay link
Port Link-type Trunk
Port Trunk Pass the allow-vlan All
rows wrong
1, check the ip, gateway
2, belongs to vlan
3, link test and the gateway
network segment, vlan
is thinking ip interface configuration of three switches:
1, S5700 create vlan4
2, enter vlan4 virtual interface configuration ip
in 4 vlan
ip the Add 24 192.168.4.1
. 3, the g0 / 0/2 inlet with a mixture vlan4
object of some dynamic routing is performed by the network-wide dynamic routing protocol interworking for large networks
rip, isis, eigrp, bgp, ospf
declared
three switches arranged:
ospf // Enable dynamic routing ospf
area 0 // into the first area, usually only large networks require multiple regions, only the first small scale is 0 to regional
network 192.168.1.0 0.0.0.255 // declare the device itself is linked segment
network 192.168.2.0 0.0.0.255
network 192.168.3.0 0.0.0.255
network 192.168.4.0 0.0.0.255
router:
ospf
Area 0
network 192.168.4.0 0.0.0.255
Network 192.168.5.0 0.0.0.255
Run the display ip routing-the Table | the include / 24-see the final result of
direct routing configuration ip, and turn on the interface automatically generates
static routing manually configure 192.168.1.0 24 192.168.1.X
dynamic routing
default route is a special static route, will match any network segment, the routing table is used when the target network can not be queried, usually when the internal device to the public network use.
three switches
ip route-static 0.0.0.0 0 192.168.4.2 // match any network
router
ip route-static 0.0.0.0 0 192.168.5.1
transport layer port numbers to-end
network layer router ip point
data link Trunk Road mac layer switch vlan
HTTP 80 tcp
HTTPS 443
MySQL 3306 tcp
tcp transmission control protocol
high reliability, low efficiency, for the link
syn intends to establish links with each other
ack confirm
fin intend to break the link with the other
three-way handshake syn -> ack, syn -> ack
four off fin -> ack -> fin -> ack
udp User Datagram Protocol
low reliability, high efficiency no links
acl access control lists, matching data limit.
the basic acl 2000 ~ 2999 can restrict the source ip
senior acl 3000 ~ 3999 can be the source ip, target ip, protocol, port restrictions
acl exercise 1:
[Huawei] interface 0/0/0 GigabitEthernet
[Huawei-GigabitEthernet0 / 0/0] ip address 192.168.1.254 24-
[Huawei] acl 2000 // create acl, list number is 2000, represent about to use basic acl
[Huawei-acl-basic-2000] rule deny source 192.168.2.1 0 // create a rule, it is rejected ip 192.168.2.1 data source by
[the Huawei] interface of GigabitEthernet 0/0/1
[the Huawei-the GigabitEthernet0 / 0 /. 1] ip address 192.168.2.254 24
[Huawei- GigabitEthernet0 / 0/1] traffic- filter inbound acl 2000
// After entering g0 / 0/1 interfaces, placed acl 2000, is about to enter data for filtering router.
Acl Exercise 2:
acl 2000 // re-enter list 2000
Run the display to view the this // 4
before undo rule 5 // Deleted entry, based on the serial number deleted
permit source 192.168.2.1 0 // create a new entry rule, allow 2.1 by
rule deny // rejected by everyone
in the same direction with the interface, you can only put a acl
######### ################################################## ######
NAT network address Translation
1, save public ip address
2, to increase the safety
A 1 ~ 127
B 191 128 ~
C 192 ~ 223
internal private addresses
A 10.0.0.0 ~ 10.255.255.255
B 172.16.0.0 ~ 172.31 .255.255
C 192.168.0.0 ~ 192.168.255.255
ipv4 address the total number of versions 4.2 billion +
ipv6
192.168.0.1 200.0.0.1 200.0.0.2 192.168.0.1
192.168.0.2
192.168.0.3
server build a service nat static converters 1-on-1
only access to external networks for multi-nat easy ip 1
acl
configure a static nat, to achieve internal and external communications 1 1
[Huawei] interface G 0/0/1 // external network into the router Interface
[the Huawei-the GigabitEthernet0 / 0 /. 1] IP address 100.0.0.1. 8
[the Huawei-the GigabitEthernet0 / 0 /. 1] nat static Global 100.0.0.2 // 192.168.2.1 inside open nat static converter, the internal source host out 2.1 ip 100.0.0.2 converted to
ponder:
1, how to find an external device inside the device?
2,2.2 also want to go out how to do?
[Huawei-GigabitEthernet0 / 0/1] static NAT inside, Ltd. Free Join 100.0.0.3 192.168.2.2 // open static nat conversion, the internal source host out ip 2.2 convert 100.0.0.3
feature list of transformations to promptly delete wrong
undo nat static global 100.0.0.3 inside 192.168.2.2
using Easy ip achieve save public network ip
[Huawei] acl 2000
[the Huawei-acl-Basic-2000] // use the any rule Source the permit any internal address defined acl
Or
[Huawei-acl-basic-2000 ] rule permit source 192.168.2.0 0.0.0.255 // allow only hosts 192.168.2.0 segment
[the Huawei-Basic-ACL-2000] the deny rule
[the Huawei] interface G0 / 0 /. 1
[Huawei-GigabitEthernet0 / 0/1 ] nat outbound 2000 // ip can be used to access the Internet g0 / 0/1 is, acl 2000 list defines who is permitted by who can access the Internet
stp spanning Tree protocol
broadcast storm, provide link redundancy function
vrrp virtual Router redundancy protocol
gateway backup, automatically switches
SWl
in VLAN. 1
IP 24 192.168.1.252 the Add
VLAN 2
in VLAN 2
IP 192.168.2.2 the Add 24
in G0 / 0/2
Port-type link Access
Port 2 VLAN default
OSPF
Area 0
Network 192.168.1.0 0.0.0.255
Network 192.168.2.0 0.0.0.255
SW2
in VLAN. 1
24 192.168.1.253 the Add IP
VLAN. 3
in. 3 VLAN
IP 192.168.3.2 the Add 24
in G0 / 0/2
Port-type Link Access
Port default VLAN. 3
OSPF
Area 0
Network 192.168.1.0 0.0.0.255
Network 192.168.3.0 0.0.0.255
router
OSPF
Area 0
Network 192.168.2.0 0.0.0.255
Network 192.168.3.0 0.0.0.255
Network 192.168.4.0 0.0.0.255
the display-IP routing Table | the include / 24
troubleshooting
arranged in two three switches VRRP
in VLAN. 1
VRRP vrid. 1 Virtual 192.168.1.254 -ip
Run the display vrrp the Brief
master router master
backup router backup
achieve load balancing through multiple vrrp vlan configuration of
all switches create vlan 10 20
VLAN BATCH 10 20 is
the S5700
Port-Group. 1
Group-Member G0 / 0 /. 1 to G0 / 0 /. 3
Port Link-type Trunk
Port Trunk the allow-Pass VLAN All
the S3700
Port-Group. 1
Group-Member E0 / 0 /. 1 E0 / 0/2
Port Link-type Trunk
Port VLAN Trunk the allow All-Pass
two S5700 configured VRRP
in VLAN 10
VRRP Virtual-IP 192.168.10.254 vrid 10
in VLAN 20 is
VRRP vrid 20 is 192.168.20.254 IP Virtual-
enters the first stage 5700
in 10 VLAN
VRRP priority vrid 10 105
enters the second stage 5700
in VLAN 20 is
VRRP vrid priority 20 is 105
the display VRRP // Brief final check result, the first station 1 is a front vlan10 5700, the backup vlan20, and the second stage 5700 of the main vlan20 , vlan10 of the correct equipment
################################################## #######################
1, all the switches 20 is 10 to create VLAN
2, the link between all the switches provided Trunk
. 3, SWl virtual interface IP configuration
VLAN 192.168.10.252 10
VLAN 20 is 192.168.20.252
SW2 configure the virtual interface IP
VLAN 10 192.168.10.253
VLAN 20 is 192.168.20.253
. 4, configured VRRP
SWl 10 primary router VLAN 105
VLAN 20 is a backup router
SW2 vlan 20 primary router 105
VLAN backup router 10
== =========================================
establishment of large enterprise networks:
1, all switches 30 40 10 20 is created VLAN
VLAN BATCH 10 30 40 20 is
the display VLAN
2, the link between all the switches provided Trunk
the S5700
Port-Group. 1
Group Member-G0 / 0 / G0. 4/0 /. 5
Port Link-type Trunk
Port Trunk the allow-Pass VLAN All
the S3700
Port-Group. 1
Group-Member E0 / 0 /. 1 E0 / 0/2
Port Link-type Trunk
Port Trunk the allow-Pass VLAN All
. 3, modifying the device name SW1 ~ SW6
4, SW1 and SW2 are arranged virtual interface address
SW1
in VLAN 30
IP 192.168.30.252 the Add 24
in VLAN 40
IP 24 the Add 192.168.40.252
SW2
in VLAN 30
IP 192.168.30.253 the Add 24
in VLAN 40
IP 24 the Add 192.168.40.253
. 5, Configuring VRRP
SWl
VLAN primary router 10:
in VLAN 10
VRRP vrid 192.168.10.254 IP-10 Virtual
VRRP priority 105 10 vrid
VLAN backup router 20 is:
in VLAN 20 is
Virtual IP-20 is vrid VRRP 192.168.20.254
VLAN primary router 30:
in VLAN 30
VRRP vrid 30 Virtual-IP 192.168.30.254
VRRP priority 105 30 vrid
VLAN backup router 40:
in VLAN 40
VRRP vrid 40 Virtual-IP 192.168.40.254
SW2
VLAN 10 backup router:
in VLAN 10
VRRP vrid 192.168.10.254 IP-10 Virtual
VLAN primary router 20 is:
in VLAN 20 is
VRRP vrid 192.168.20.254 IP-20 is Virtual
VRRP priority 20 is 105 vrid
VLAN backup router 30:
in VLAN 30
VRRP Virtual vrid 30 192.168.30.254 - IP
VLAN primary router 40:
in VLAN 40
VRRP vrid 40 Virtual-IP 192.168.40.254
vrid 40 priority 105 VRRP
Run the display VRRP the Brief view the results
for the pc configuration corresponding to the vlan Gateway (192.168.X.254), to test whether the whole network interoperability
6, add and configure the router and three switches interconnected ip
7, three switches and routers open ospf entire network interworking
10.0.0.0 ~ 10.255.255.255
172.16.0.0 ~ 172.31.255.255
192.168.0.0 ~ 192.168.255.255
. 8, router interface configuration ip address outside the network,
additional networks outside the switch disposed in vlan1 ip
address 100.0.0.10
. 9, arranged two routers NAT
. 1, release all ACL
ACL 2000
rule the permit the any Source
2, open interface NAT
in G0 / 0/2
NAT outbound 2000
10, two routers configured default route
ip route-static 0.0 .0.0 0 100.0.0.10
declares the default route ospf
[the Huawei] ospf
[-ospf-the Huawei. 1] default-route-advertise
Huawei command and learning ideas for self-study
Guess you like
Origin www.cnblogs.com/liujiab/p/11411506.html
Recommended
Ranking