當(dāng)前位置:首頁 > IT技術(shù) > 其他 > 正文

華為設(shè)備配置SA消息過濾
2022-05-11 11:03:04

華為設(shè)備配置SA消息過濾_f5


1. 配置各接口IP ?

[LSW1]vlan batch 10 30 100

[LSW1-GigabitEthernet0/0/2]port link-type trunk ?

[LSW1-GigabitEthernet0/0/2]port trunk allow-pass vlan 10

[LSW1-GigabitEthernet0/0/3]port link-type trunk ?

[LSW1-GigabitEthernet0/0/3]port trunk allow-pass vlan 30

[LSW1-GigabitEthernet0/0/1]port link-type hybrid ?

[LSW1-GigabitEthernet0/0/1]port hybrid untagged vlan 100

[LSW1-GigabitEthernet0/0/1]port hybrid pvid vlan 100

[LSW1-Vlanif10]ip add 10.1.1.1 24

[LSW1-Vlanif30]ip add 10.1.3.1 24

[LSW1-Vlanif100]ip add 192.168.1.1 24

[LSW1-LoopBack0]ip add 1.1.1.1 32

[LSW2]vlan batch 10 20 200

[LSW2-GigabitEthernet0/0/1]port link-type trunk ?

[LSW2-GigabitEthernet0/0/1]port trunk allow-pass vlan 10

[LSW2-GigabitEthernet0/0/3]port link-type trunk ?

[LSW2-GigabitEthernet0/0/3]port trunk allow-pass vlan 20

[LSW2-GigabitEthernet0/0/2]port link-type hybrid ?

[LSW2-GigabitEthernet0/0/2]port hybrid untagged vlan 200

[LSW2-GigabitEthernet0/0/2]port hybrid pvid vlan 200

[LSW2-Vlanif10]ip add 10.1.1.2 24

[LSW2-Vlanif20]ip add 10.1.2.2 24

[LSW2-Vlanif200]ip add 192.168.2.2 24

[LSW3]vlan batch 20 30 40 300

[LSW3-GigabitEthernet0/0/2]port link-type trunk ?

[LSW3-GigabitEthernet0/0/2]port trunk allow-pass vlan 20

[LSW3-GigabitEthernet0/0/1]port link-type trunk ?

[LSW3-GigabitEthernet0/0/1]port trunk allow-pass vlan 30

[LSW3-GigabitEthernet0/0/4]port link-type trunk ?

[LSW3-GigabitEthernet0/0/4]port trunk allow-pass vlan 40

[LSW3-GigabitEthernet0/0/3]port link-type hybrid ?

[LSW3-GigabitEthernet0/0/3]port hybrid untagged vlan 300

[LSW3-GigabitEthernet0/0/3]port hybrid pvid vlan 300

[LSW3-Vlanif20]ip add 10.1.2.3 24

[LSW3-Vlanif20]ip add 10.1.3.3 24

[LSW3-Vlanif40]ip add 10.1.4.3 24

[LSW3-Vlanif300]ip add 192.168.3.3 24

[LSW3-LoopBack0]ip add 3.3.3.3 32

[LSW4]vlan batch 40 400 500

[LSW4-GigabitEthernet0/0/3]port link-type trunk

[LSW4-GigabitEthernet0/0/3]port trunk allow-pass vlan 40

[LSW4-GigabitEthernet0/0/1]port link-type hybrid ?

[LSW4-GigabitEthernet0/0/1]port hybrid untagged vlan 400

[LSW4-GigabitEthernet0/0/1]port hybrid pvid vlan 400

[LSW4-GigabitEthernet0/0/2]port link-type hybrid ?

[LSW4-GigabitEthernet0/0/2]port hybrid pvid vlan 500

[LSW4-GigabitEthernet0/0/2]port hybrid untagged vlan 500

[LSW4-Vlanif40]ip add 10.1.4.4 24

[LSW4-Vlanif400]ip add 192.168.4.4 24

[LSW4-Vlanif500]ip add 192.168.5.4 24

[LSW4-LoopBack0]ip add 4.4.4.4 32

華為設(shè)備配置SA消息過濾_組播_02

華為設(shè)備配置SA消息過濾_f5_03

華為設(shè)備配置SA消息過濾_f5_04

華為設(shè)備配置SA消息過濾_單播_05

華為設(shè)備配置SA消息過濾_單播_06

2. 配置單播路由協(xié)議-OSPF

[LSW1]stp disable

[LSW2]stp disable

[LSW3]stp disable

[LSW4]stp disable

[LSW1]ospf 1

[LSW1-ospf-1]area 0

[LSW1-ospf-1-area-0.0.0.0]network 10.1.1.0 0.0.0.255

[LSW1-ospf-1-area-0.0.0.0]network 10.1.3.0 0.0.0.255

[LSW1-ospf-1-area-0.0.0.0]network 192.168.1.0 0.0.0.255

[LSW1-ospf-1-area-0.0.0.0]network 1.1.1.1 0.0.0.0

[LSW2]ospf 1

[LSW2-ospf-1]area 0

[LSW2-ospf-1-area-0.0.0.0]network 10.1.1.0 0.0.0.255

[LSW2-ospf-1-area-0.0.0.0]network 10.1.2.0 0.0.0.255

[LSW2-ospf-1-area-0.0.0.0]network 192.168.2.0 0.0.0.255

[LSW3]ospf 1

[LSW3-ospf-1]area 0

[LSW3-ospf-1-area-0.0.0.0]network 10.1.2.0 0.0.0.255

[LSW3-ospf-1-area-0.0.0.0]network 10.1.3.0 0.0.0.255

[LSW3-ospf-1-area-0.0.0.0]network 10.1.4.0 0.0.0.255

[LSW3-ospf-1-area-0.0.0.0]network 192.168.3.0 0.0.0.255

[LSW3-ospf-1-area-0.0.0.0]network 3.3.3.3 0.0.0.0

[LSW4]ospf 1

[LSW4-ospf-1]area 0

[LSW4-ospf-1-area-0.0.0.0]network 10.1.4.0 0.0.0.255

[LSW4-ospf-1-area-0.0.0.0]network 192.168.4.0 0.0.0.255

[LSW4-ospf-1-area-0.0.0.0]network 192.168.5.0 0.0.0.255

[LSW4-ospf-1-area-0.0.0.0]network 4.4.4.4 0.0.0.0

3. 使能組播路由功能,并配置PIM-SM功能

[LSW1]multicast routing-enable ?

[LSW1-Vlanif10]pim sm

[LSW1-Vlanif30]pim sm

[LSW1-Vlanif100]pim sm

[LSW2]multicast routing-enable ?

[LSW2-Vlanif10]pim sm

[LSW2-Vlanif20]pim sm ?

[LSW2-Vlanif200]pim sm

[LSW3]multicast routing-enable ?

[LSW3-Vlanif20]pim sm

[LSW3-Vlanif30]pim sm

[LSW3-Vlanif40]pim sm ?

[LSW3-Vlanif300]pim sm

[LSW4]multicast routing-enable ?

[LSW4-Vlanif40]pim sm

[LSW4-Vlanif400]pim sm ?

[LSW4-Vlanif500]pim sm

4. 在主機(jī)側(cè)接口使能IGMP功能

[LSW1-Vlanif100]igmp enable

[LSW3-Vlanif300]igmp enable

[LSW4-Vlanif400]igmp enable

5. 配置BSR的服務(wù)邊界,劃分PIM-SM域

[LSW1-Vlanif30]pim bsr-boundary

[LSW2-Vlanif20]pim bsr-boundary

[LSW3-Vlanif20]pim bsr-boundary

[LSW3-Vlanif30]pim bsr-boundary

[LSW3-Vlanif40]pim bsr-boundary

[LSW4-Vlanif40]pim bsr-boundary

6. 配置C-BSR、C-RP的位置:loopback0

[LSW1-LoopBack0]pim sm

[LSW1]pim

[LSW1-pim]c-bsr LoopBack 0

[LSW1-pim]c-rp LoopBack 0

[LSW3-LoopBack0]pim sm

[LSW3]pim

[LSW3-pim]c-bsr LoopBack 0

[LSW3-pim]c-rp LoopBack 0

[LSW4-LoopBack0]pim sm

[LSW4]pim

[LSW4-pim]c-bsr LoopBack 0

[LSW4-pim]c-rp LoopBack 0

7. 配置MSDP對等體

[LSW1]msdp ?

[LSW1-msdp]peer 10.1.3.3 connect-interface Vlanif 30 ?

[LSW3]msdp ?

[LSW3-msdp]peer 10.1.3.1 connect-interface Vlanif 30

[LSW3-msdp]peer 10.1.4.4 connect-interface Vlanif 40

[LSW4]msdp ?

[LSW4-msdp]peer 10.1.4.3 connect-interface Vlanif 40

8. 配置SA消息過濾規(guī)則

[LSW3]acl 3001

[LSW3-acl-adv-3001]rule deny ip source 192.168.2.30 0 destination 225.1.1.0 0.0.0.3 ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ?

[LSW3-acl-adv-3001]rule permit ip source any destination any ?

[LSW3]msdp ?

[LSW3-msdp]peer 10.1.4.4 sa-policy export acl 3001 ?//在LSW3上配置不向LSW4轉(zhuǎn)發(fā)有關(guān)(MCS1,225.1.1.0/30)的SA消息

[LSW4]acl 2001

[LSW4-acl-basic-2001]rule deny source 192.168.5.50 0

[LSW4]msdp ?

[LSW4-msdp]import-source acl 2001 ?//在LSW4上配置不創(chuàng)建有關(guān)MCS2的SA消息

9. 驗證配置

華為設(shè)備配置SA消息過濾_單播_07

華為設(shè)備配置SA消息過濾_f5_08

本文摘自 :https://blog.51cto.com/u

開通會員,享受整站包年服務(wù)立即開通 >