配置脚本及测试步骤.docx

1、配置脚本及测试步骤第1章 实施步骤1.1数据中心1.1.1BGP配置4.1.1.2 BJ-R7609-1 因该链路属于点到多点的链路，所以BGP协议配置已经配置完成，无需再配置4.1.1.3 BJ-R7609-21） 配置静态路由实现7609-2与XX2811-1的loopback地址互通ip route 10.18.254.248 255.255.255.255 10.2.6.90ip route 10.18.254.248 255.255.255.255 10.2.7.90 2）配置BGP协议router bgp 65535neighbor 10.18.254.248 remote-as

2、64152 neighbor 10.18.254.248 ebgp-multihop 2 neighbor 10.18.254.248 update-source Loopback0! address-family ipv4 neighbor 10.18.254.248 activateno auto-summary no synchronizationexit-address-family1.1.2策略路由配置1）BJ-R7609-1ip access-list extended BGP_DianXiaopermit ip 10.18.30.0 0.0.0.255 any permit ip

3、 10.18.31.0 0.0.0.255 any permit ip 10.18.32.0 0.0.0.255 any2)BJ-R7609-2ip access-list extended SD_DianXiaopermit ip 10.18.30.0 0.0.0.255 any permit ip 10.18.31.0 0.0.0.255 any permit ip 10.18.32.0 0.0.0.255 any!route-map SD_DianXiao permit 10 match ip address SD_DianXiao set local-preference 300!ro

4、ute-map SD_DianXiao permit 20 set local-preference 2003)策略应用router bgp 65535address-family ipv4 neighbor 10.18.254.248 route-map SD_DianXiao in1.2XX省分公司1.2.1现在网络情况泰康人寿XX省分公司目前网络两台2811作为广域网接入路由器，与数据中心采用两条2M SDH线路，与灾备中心采用一条2M SDH链路。1.2.2改造后网络情况泰康人寿山省分公司网络改造后，将增加一台Cisco2911路由器为广域网接入路由器，共计三台广域网接入路由器一台29

5、11通过联通MPLS VPN链路至数据中心7609-1；一台2811通过2X2M SDH连接至数据中心7609-2路由器。一台2811通过2M SDH链路连接至灾备中心。割接后的网络拓扑如下所示：1.2.3实施步骤4.2.3.1配置2911路由器 1）配置与联通互联地址interface GigabitEthernet0/0 ip address 10.2.9.89 255.255.255.2522）配置与SD-CS3750-01互联interface GigabitEthernet0/1ip address 10.18.253.249 255.255.255.2523）配置与SD-CS375

6、0-02互联interface GigabitEthernet0/2ip address 10.18.253.253 255.255.255.2524）配置loopback地址interface loopback 0 ip address 10.18.254.250 255.255.255.2555) OSPF协议配置router ospf 531 router-id 10.18.254.250 redistribute static subnetsredistribute bgp 64152 subnetsnetwork 10.18.253.0 0.0.0.255 area 0network

7、 10.18.254.250 0.0.0.0 area 06）BGP协议配置router bgp 64152 bgp router-id 10.18.254.250 neighbor 10.2.9.90 remote-as 9929 neighbor 10.18.254.248 remote-as 64152 neighbor 10.18.254.248 update-source Loopback0 ! address-family ipv4 no synchronizationnetwork 10.2.9.88 mask 255.255.255.252 neighbor 10.2.9.90

8、 activate neighbor 10.18.254.248 activate neighbor 10.18.254.248 next-hop-selfnetwork 10.18.30.0 mask 255.255.0.0network 10.18.32.0 mask 255.255.0.0network 10.18.33.0 mask 255.255.0.0network 10.18.0.0 mask 255.255.0.0还有一写银行的地址需要network，需要和用户确认，即需要和互除了10.18.0.0/16之外的地址段no auto-summaryexit-address-fam

9、ily7）发布汇总路由ip route 10.18.0.0 255.255.0.0 Null08）配置路由选路策略ip access-list extended Core_DianXiaopermit ip 10.1.30.0 0.0.0.255 any permit ip 10.1.31.0 0.0.0.255 anyroute-map DianXiao permit 10 match ip address Core_DianXiao set local-preference 200！route-map DianXiao permit 20 set local-preference 300

10、！router bgp 64152address-family ipv4neighbor 10.2.9.90 route-map DianXiao in4.2.3.2配置HN-CR2811-011)配置loopback地址interface loopback 0 ip address 10.18.254.248 255.255.255.2552）配置与BJ-R7609-2路由器loopback地址互通ip route 10.254.254.253 255.255.255.255 10.2.6.89ip route 10.254.254.253 255.255.255.255 10.2.7.89

11、3) OSPF协议配置 A 将AREA 531改成AREA 0network 10.18.253.0 0.0.0.3 area 531network 10.18.253.8 0.0.0.3 area 531 B 正确配置router ospf 531router-id 10.18.254.248redistribute static subnetsredistribute bgp 64152 subnetsnetwork 10.18.254.248 0.0.0.0 area 0network 10.18.253.0 0.0.0.255 area 04）发布汇总路由ip route 10.18.

12、0.0 255.255.0.0 Null05）配置静态路由实现7609-2与XX2811-1的loopback地址互通ip route 10.254.254.253 255.255.255.255 10.2.6.89ip route 10.254.254.253 255.255.255.255 10.2.7.896）BGP协议配置router bgp 64152 bgp router-id 10.18.254.248 bgp log-neighbor-changesneighbor 10.18.254.250 remote-as 64152 neighbor 10.18.254.250 upd

13、ate-source Loopback0neighbor 10.254.254.253 remote-as 65535neighbor 10.254.254.253 ebgp-multihop 2 neighbor 10.254.254.253 update-source Loopback0 ! address-family ipv4 neighbor 10.18.254.250 activate neighbor 10.18.254.250 next-hop-self neighbor 10.254.254.253 activate no auto-summaryno synchroniza

14、tion network 10.18.0.0 mask 255.255.0.0network 10.18.30.0 mask 255.255.0.0network 10.18.32.0 mask 255.255.0.0network 10.18.33.0 mask 255.255.0.0还有一些银行的地址需要network，需要和用户确认，即需要和互通除10.18.0.0/16之外的地址段 exit-address-family9）配置路由选路策略ip access-list extended Core_DianXiaopermit ip 10.1.30.0 0.0.0.255 any per

15、mit ip 10.1.31.0 0.0.0.255 any！route-map DianXiao permit 10 match ip address Core_DianXiao set local-preference 300！route-map DianXiao permit 20 set local-preference 200 ！router bgp 64152address-family ipv4neighbor 10.254.254.253 route-map DianXiao in4.2.3.3配置3750-01交换机1）配置与2911互联地址interface Gigabit

16、Ethernet1/0/Xip address 10.18.253.253 255.255.255.252 2)配置loopback地址interface loopback 0 ip address 10.18.254.254 255.255.255.2553) OSPF协议配置更改router ospf 531router-id 10.18.254.254redistribute static subnetsnetwork 10.18.254.254 0 0.0.0 area 0network 10.18.253.00 0.0.255 area 0network 10.18.253.0 0

17、0.0.3 area 0network 10.18.253.4 0 0.0.3 area 0network 10.18.2.0 0 0.0.255 area 0network 10.18.6.0 0 0.0.255 area 0network 10.18.8.0 0 0.0.255 area 0network 10.18.9.0 0 0.0.255 area 0network 10.18.1.0 0 0.0.255 area 0network 10.18.128.0 0 0.0.255 area 04.2.3.4配置3750-02交换机1）配置与2911互联地址interface Gigabi

18、tEthernet1/0/19ip address 10.18.253.249 255.255.255.2522)配置loopback地址interface loopback 0 ip address 10.18.254.253 255.255.255.2553) OSPF协议配置更改router ospf 531router-id 10.18.254.253network 10.18.254.253 0.0.0.0 area 0network 10.18.253.00 0.0.255 area 0network 10.18.253.0 0 0.0.3 area 0network 10.18.

19、253.4 0 0.0.3 area 0network 10.18.2.0 0 0.0.255 area 0network 10.18.6.0 0 0.0.255 area 0network 10.18.8.0 0 0.0.255 area 0network 10.18.9.0 0 0.0.255 area 0network 10.18.1.0 0 0.0.255 area 0network 10.18.128.0 0 0.0.255 area 04.2.3.5配置HN-CR72001) 配置loopback地址interface loopback 0 ip address 10.18.254

20、.251 255.255.255.2552) OSPF协议配置更改区域由Arearouter ospf 531router-id 10.18.254.251network 10.18.241.0 0.0.0.255 area 531network10.18.253.0 0.0.0.255 area 0第2章 测试及检查步骤一、检查内网loopback地址是否冲突1.先按照实施方案中loopback地址，配置好设备loopback地址，在查找下全网loopback 是否有重复的，这项工作可以在网络割接前检查。如果有冲突将冲突的地址删除二、配置2911路由器2911加电配置，配置与运营商互通，配置

21、和两台3750互通。Ospf、bgp三、配置分公司核心设备互联及ospf路由协议四、配置2811-1bgp协议等1.bgp路由协议查看HN-CR2811-02# show ip bgp summary BGP router identifier 10.19.254.248, local AS number 64162BGP table version is 302, main routing table version 30248 network entries using 5760 bytes of memory93 path entries using 4836 bytes of memo

22、ry17/7 BGP path/bestpath attribute entries using 2108 bytes of memory4 BGP AS-PATH entries using 96 bytes of memory0 BGP route-map cache entries using 0 bytes of memory0 BGP filter-list cache entries using 0 bytes of memoryBitfield cache entries: current 3 (at peak 4) using 96 bytes of memoryBGP usi

23、ng 12896 total bytes of memoryBGP activity 494/446 prefixes, 2657/2564 paths, scan interval 60 secsNeighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd10.19.254.250 4 64162 1150 1183 302 0 0 01:35:59 4617（此处一定不是never）2. OSPF协议查看# show ip os neighbor Neighbor ID Pri State Dead Time Addr

24、ess Interface10.44.254.252 0 FULL/ - 00:00:39 10.2.7.246 Serial1/1/0.1/2/5/1:010.20.241.53 0 FULL/ - 00:00:39 10.2.7.106 Serial1/1/0.1/2/4/2:0在2911 上 show ip route 10.1.30.1 下一条是2811路由器 2811上看10.7.1.1 下一条是2911 路由器五如果以上测试没问题 1. ping 10.2.1.1 t 在一台用户客户机上 长ping 总部地址10.2.1.1 然后手动shutdown 2911与运营商互联的端口，测试链路冗余性。Shutdown后大约中断三分钟后恢复，2.然后再打开该端口 几秒钟后恢复