need:
Site A:
(1) Link aggregation
LACP link aggregation is performed between LSW1 and LSW2. The maximum number of active links is 2, the active end is LSW1, and preemption is allowed.
(2)VRRP
LSW1 serves as the gateway of vlan10, and LSW2 serves as the gateway of VLAN20;
(3)VLAN
In order to ensure security and reliability, the interconnection links between switches allow corresponding VLANs to pass.
(4) MSTP
All switching equipment in site A runs the MPTP protocol, and one VLAN corresponds to one instance;
LSW1 serves as the root bridge of instance10, and instance20 serves as the backup root bridge.
LSW2 serves as the root bridge of instance20, and instance10 serves as the backup root bridge.
The connection port connected to the terminal is configured as an edge port and the BPDU protection function is enabled.
(5) OSPF
The intranet of site A uses the OSPF protocol.
(6) telnet
The telnet-sever device serves as the telnet server of the intranet;
Use AAA mode, user name hcia, password hcia, set the highest authority
(7)DHCP
LSW1 serves as the DHCP server of VLAN10. When the LSW1 device fails, LSW2 is selected as the DHCP server.
LSW2 serves as the DHCP server of VLAN20. When the LSW2 device fails, LSW1 is selected as the DHCP server.
Use global address pool to assign IP addresses to terminals
(8)NAT
The egress device is a NAT device, and NAPT is used to access the external network.
(9) OSPF COST
AR3 is interconnected with the egress device, and the G0/0/1 interface is used as the main path; the G0/0/2 interface is used as the backup path; consider that the round-trip paths are consistent.
(10)Default route
The egress device configures a default route to the external network and delivers the default route to the OSPF area.
LSW1 interface GigabitEthernet0/0/1 port link-type access port default vlan 11 interface GigabitEthernet0/0/10 port link-type trunk port trunk allow-pass vlan 10 20 # interface GigabitEthernet0/0/11 port link-type trunk port trunk allow-pass vlan 10 20 interface Eth-Trunk1 mode lacp-static lacp preempt enable max active-linknumber 2 interface GigabitEthernet0/0/20 eth-trunk 1 # interface GigabitEthernet0/0/21 eth-trunk 1 # interface GigabitEthernet0/0/22 eth-trunk 1 # lacp priority 4096 # interfaceVlanif10 IP address 192.168.10.1 255.255.255.0 vrrp vrid 10 virtual-ip 192.168.10.254 vrrp vrid 10 priority 120 dhcp select global # interfaceVlanif11 IP address 11.1.1.2 255.255.255.0 # interfaceVlanif20 IP address 192.168.20.1 255.255.255.0 vrrp vrid 20 virtual-ip 192.168.20.254 dhcp select global # # ospf 1 area 0.0.0.0 network 192.168.10.0 0.0.0.255 network 192.168.20.0 0.0.0.255 network 11.1.1.0 0.0.0.255 # MSTP [LSW1]stp mode mstp stp region-configuration region-nameHUAWEI instance 10 vlan 10 instance 20 vlan 20 active region-configuration # # stp instance 10 root primary stp instance 20 root secondary LSW2 interfaceVlanif10 IP address 192.168.10.2 255.255.255.0 vrrp vrid 10 virtual-ip 192.168.10.254 dhcp select global # interfaceVlanif20 IP address 192.168.20.2 255.255.255.0 vrrp vrid 20 virtual-ip 192.168.20.254 vrrp vrid 20 priority 120 dhcp select global # interface Eth-Trunk1 mode lacp-static lacp preempt enable max active-linknumber 2 # [LSW2-Eth-Trunk1]trunkport GigabitEthernet 0/0/20 0/0/21 0/0/22 interface Vlanif22 IP address 22.1.1.2 255.255.255.0 # interface GigabitEthernet0/0/10 port link-type trunk port trunk allow-pass vlan 10 20 # interface GigabitEthernet0/0/11 port link-type trunk port trunk allow-pass vlan 10 20 # ospf 1 area 0.0.0.0 network 192.168.10.0 0.0.0.255 network 192.168.20.0 0.0.0.255 network 22.1.1.0 0.0.0.255 LSW3 interfaceVlanif12 IP address 22.1.1.2 255.255.255.0 interface Ethernet0/0/1 port link-type access port default vlan 10 stp edged-port enable # interface Ethernet0/0/2 port link-type access port default vlan 20 stp edged-port enable # interface Ethernet0/0/10 port link-type trunk port trunk allow-pass vlan 10 20 # interface Ethernet0/0/11 port link-type trunk port trunk allow-pass vlan 10 20 # interface GigabitEthernet0/0/1 port link-type access port default vlan 12 # LSW4 # interface Ethernet0/0/1 port link-type access port default vlan 10 stp edged-port enable # interface Ethernet0/0/2 port link-type access port default vlan 20 stp edged-port enable interface Ethernet0/0/10 port link-type trunk port trunk allow-pass vlan 10 20 # interface Ethernet0/0/11 port link-type trunk port trunk allow-pass vlan 10 20 AR1 # interface GigabitEthernet0/0/0 IP address 11.1.1.1 255.255.255.0 # interface GigabitEthernet0/0/1 IP address 22.1.1.1 255.255.255.0 # interface GigabitEthernet0/0/2 IP address 12.1.1.1 255.255.255.0 # interface GigabitEthernet1/0/0 IP address 10.1.13.1 255.255.255.0 ospf 1 area 0.0.0.0 network 10.1.13.0 0.0.0.255 network 11.1.1.0 0.0.0.255 network 12.1.1.0 0.0.0.255 network 22.1.1.0 0.0.0.255 # Telnet user-interface vty 0 4 authentication-mode aaa local-user hcia password cipher huawei local-user hcia privilege level 3 local-user admin password cipher %$%$K8m.Nt84DZ}e#<0`8bmE3Uw}%$%$ local-user admin service-type telnet # ospf 1 area 0.0.0.0 network 12.1.1.0 0.0.0.255 # AR3 # interface GigabitEthernet0/0/0 IP address 2.2.2.3 255.255.255.0 ospf cost 100 # interface GigabitEthernet0/0/1 IP address 1.1.1.3 255.255.255.0 # interface GigabitEthernet0/0/2 # interface GigabitEthernet1/0/0 IP address 10.1.13.3 255.255.255.0 # ospf 1 area 0.0.0.0 network 1.1.1.0 0.0.0.255 network 2.2.2.0 0.0.0.255 network 10.1.13.0 0.0.0.255 # Egress router out1 acl number 2000 rule 5 permit source 192.168.10.0 0.0.0.255 rule 10 permit source 192.168.20.0 0.0.0.255 nat address-group 1 100.1.1.10 100.1.1.10 # interface GigabitEthernet0/0/0 IP address 2.2.2.2 255.255.255.0 ospf cost 100 # interface GigabitEthernet0/0/1 IP address 1.1.1.2 255.255.255.0 # interface GigabitEthernet0/0/2 IP address 100.1.1.2 255.255.255.0 nat outbound 2000 interfaceTunnel0/0/0 IP address 101.1.1.1 255.255.255.0 tunnel-protocolgre source 100.1.1.1 destination 100.1.2.1 # ospf 1 default-route-advertise area 0.0.0.0 network 1.1.1.0 0.0.0.255 network 2.2.2.0 0.0.0.255 # ospf 2 import-route ospf 1 area 0.0.0.0 network 100.1.1.0 0.0.0.255 network 101.1.1.0 0.0.0.255 # ip route-static 0.0.0.0 0.0.0.0 100.1.1.5
Site B:
(1) NAT
When intranet users access the external network, select the egress IP address for NAT translation.
Exit device 2 configures a default route to the external network and delivers the default route to the internal network;
(2) Communication between VLANs
PC5 and PC6 interconnect the network through single-arm routing technology
(3) OSPF
Network interconnection in the intranet uses OSPF process 1, area 0
B out2 ospf 1 default-route-advertise area 0.0.0.0 network 10.1.1.0 0.0.0.255 network 100.1.2.0 0.0.0.255 # ospf 2 import-route ospf 1 area 0.0.0.0 network 101.1.1.0 0.0.0.255 # interface GigabitEthernet0/0/0 IP address 100.1.2.1 255.255.255.0 # interface GigabitEthernet0/0/1 IP address 10.1.1.100 255.255.255.0 # interface GigabitEthernet0/0/2 # interface NULL0 # interfaceTunnel0/0/0 IP address 101.1.1.2 255.255.255.0 tunnel-protocolgre source 100.1.2.1 destination 100.1.1.1 # AR10 # interface GigabitEthernet0/0/0 IP address 10.1.1.10 255.255.255.0 # interface GigabitEthernet0/0/0.1 # interface GigabitEthernet0/0/0.2 # interface GigabitEthernet0/0/1 # interface GigabitEthernet0/0/1.1 dot1q termination vid 50 IP address 192.168.50.254 255.255.255.0 arp broadcast enable # interface GigabitEthernet0/0/1.2 dot1q termination vid 60 IP address 192.168.60.254 255.255.255.0 arp broadcast enable # ospf 1 area 0.0.0.0 network 10.1.1.0 0.0.0.255 network 192.168.50.0 0.0.0.255 network 192.168.60.0 0.0.0.255 # LSW5 interface Ethernet0/0/1 port link-type trunk port trunk allow-pass vlan 50 60 # interface Ethernet0/0/2 port link-type access port default vlan 50 # interface Ethernet0/0/3 port link-type access port default vlan 60 ospf 1 area 0.0.0.0 network 192.168.50.0 0.0.0.255 network 192.168.60.0 0.0.0.255
ISP operator:
(1) OSPF
The entire network is interconnected using OSPF process 2, area 0;
ISP AR5 interface GigabitEthernet0/0/0 IP address 100.1.1.5 255.255.255.0 # interface GigabitEthernet0/0/1 IP address 100.1.56.5 255.255.255.0 # interface GigabitEthernet0/0/2 IP address 100.1.57.5 255.255.255.0 # # ospf 2 area 0.0.0.0 network 100.1.1.0 0.0.0.255 network 100.1.56.0 0.0.0.255 network 100.1.57.0 0.0.0.255 # AR7 interface GigabitEthernet0/0/0 IP address 100.1.57.7 255.255.255.0 # interface GigabitEthernet0/0/1 IP address 100.1.78.7 255.255.255.0 # ospf 2 area 0.0.0.0 network 100.1.57.0 0.0.0.255 network 100.1.78.0 0.0.0.255 # AR8 [AR8]dis current-configuration int [V200R003C00] # interface GigabitEthernet0/0/0 IP address 100.1.68.8 255.255.255.0 # interface GigabitEthernet0/0/1 IP address 100.1.78.8 255.255.255.0 # interface GigabitEthernet0/0/2 IP address 100.1.2.8 255.255.255.0 # interface NULL0 # return [AR8]ospf 2 [AR8-ospf-2]dis th [V200R003C00] # ospf 2 area 0.0.0.0 network 100.1.2.0 0.0.0.255 network 100.1.68.0 0.0.0.255 network 100.1.78.0 0.0.0.255 # AR6 [AR6]dis current-configuration int [V200R003C00] # interface GigabitEthernet0/0/0 IP address 100.1.56.6 255.255.255.0 # interface GigabitEthernet0/0/1 IP address 100.1.68.6 255.255.255.0 # interface GigabitEthernet0/0/2 # interface NULL0 # return [AR6]ospf 2 [AR6-ospf-2]dis th [V200R003C00] # ospf 2 area 0.0.0.0 network 100.1.56.0 0.0.0.255 network 100.1.68.0 0.0.0.255 #
GRE tunnel:
Deploy GRE tunnels between egress devices in the site to carry traffic between intranets; add the tunnel port to OSPF intranet process 1
Tunnel port network segment 102.1.1.xy (xy device number)
For private network communication between site A and site B, the GRE tunnel is used first. When the GRE tunnel fails, the ISP path is selected for access.
Overall effect: Communication between site A and site B PC>tracert 192.168.50.1 traceroute to 192.168.50.1, 8 hops max (ICMP), press Ctrl + C to stop 1 192.168.10.1 63 ms 31 ms 47 ms 2 11.1.1.1 93 ms 63 ms 78 ms 3 10.1.13.3 63 ms 93 ms 63 ms 4 1.1.1.2 78 ms 109 ms 94 ms 5 102.1.1.2 109 ms 110 ms 109 ms 6 10.1.1.10 125 ms 110 ms 125 ms 7 192.168.50.1 140 ms 156 ms 141 ms When the tunnel port fails: PC>tracert 192.168.50.1 traceroute to 192.168.50.1, 8 hops max (ICMP), press Ctrl + C to stop 1 192.168.10.1 47 ms 47 ms 47 ms 2 11.1.1.1 78 ms 78 ms 78 ms 3 10.1.13.3 94 ms 94 ms 78 ms 4 * * * 5 100.1.1.5 63 ms 125 ms 109 ms 6 100.1.57.7 109 ms 110 ms 93 ms 7 100.1.78.8 125 ms 110 ms 109 ms 8 100.1.2.1 110 ms 109 ms 125 ms