总部分公司SD-WAN+IPSEC双链路互联配置实例(2)
目录:
- 网络规划和VLAN、Trunk、网关配置
- SD-WAN设备配置(OSPF动态路由协议)<<
- 总部与分公司GRE over IPSEC配置
- BGP配置和路由引入
SD-WAN设备配置(OSPF动态路由协议)
一、SD-WAN路由器IP地址配置
1.1-路由器R10配置:
<H3C>sys
[H3C]sysn SD-WAN-R10
[SD-WAN-R10]int g0/0
[SD-WAN-R10-GigabitEthernet0/0]ip add 192.168.20.1 30
[SD-WAN-R10-GigabitEthernet0/0]int g0/1
[SD-WAN-R10-GigabitEthernet0/1]ip add 202.202.202.1 24
[SD-WAN-R10-GigabitEthernet0/1]int g0/2
[SD-WAN-R10-GigabitEthernet0/2]ip add 173.173.173.1 241.2-路由器R11配置:
<H3C>sys
[H3C]sysn SD-WAN-R11
[SD-WAN-R11]int g0/0
[SD-WAN-R11-GigabitEthernet0/0]ip add 202.202.202.2 24
[SD-WAN-R11-GigabitEthernet0/0]int g0/1
[SD-WAN-R11-GigabitEthernet0/1]ip add 213.213.213.2 241.3-路由器R12配置:
<H3C>sys
[H3C]sysn SD-WAN-R12
[SD-WAN-R12]int g0/0
[SD-WAN-R12-GigabitEthernet0/0]ip add 173.173.173.2 24
[SD-WAN-R12-GigabitEthernet0/0]int g0/1
[SD-WAN-R12-GigabitEthernet0/1]ip add 172.172.172.2 241.4-路由器R13配置:
<H3C>sys
[H3C]sysn SD-WAN-R13
[SD-WAN-R13]int g0/2
[SD-WAN-R13-GigabitEthernet0/2]ip add 172.20.253.1 30
[SD-WAN-R13-GigabitEthernet0/2]int g0/0
[SD-WAN-R13-GigabitEthernet0/0]ip add 213.213.213.1 24
[SD-WAN-R13-GigabitEthernet0/0]int g0/1
[SD-WAN-R13-GigabitEthernet0/1]ip add 172.172.172.1 24二、启用OSPF动态路由协议
2.1-路由器R10配置:
RID设置为10.10.10.10,区域1采用精确宣告。
[SD-WAN-R10]router id 10.10.10.10
[SD-WAN-R10]ospf 1
[SD-WAN-R10-ospf-1]area 0
[SD-WAN-R10-ospf-1-area-0.0.0.0]network 202.202.202.0 0.0.0.255
[SD-WAN-R10-ospf-1-area-0.0.0.0]network 173.173.173.0 0.0.0.255
[SD-WAN-R10-ospf-1-area-0.0.0.0]
[SD-WAN-R10-ospf-1-area-0.0.0.0]qu
[SD-WAN-R10-ospf-1]area 1
[SD-WAN-R10-ospf-1-area-0.0.0.1]network 192.168.20.1 0.0.0.02.2-路由器R11配置:
RID设置为11.11.11.11。
[SD-WAN-R11]router id 11.11.11.11
[SD-WAN-R11]ospf 1
[SD-WAN-R11-ospf-1]area 0
[SD-WAN-R11-ospf-1-area-0.0.0.0]net 202.202.202.0 0.0.0.255
[SD-WAN-R11-ospf-1-area-0.0.0.0]net 213.213.213.0 0.0.0.255
[SD-WAN-R11-ospf-1-area-0.0.0.0]qu2.3-路由器R12配置:
RID设置为12.12.12.12。
[SD-WAN-R12]router id 12.12.12.12
[SD-WAN-R12]ospf 1
[SD-WAN-R12-ospf-1]area 0
[SD-WAN-R12-ospf-1-area-0.0.0.0]net 173.173.173.0 0.0.0.255
[SD-WAN-R12-ospf-1-area-0.0.0.0]net 172.172.172.0 0.0.0.2552.4-路由器R13配置:
RID设置为13.13.13.13,同样区域2精确宣告。
[SD-WAN-R13]router id 13.13.13.13
[SD-WAN-R13]ospf 1
[SD-WAN-R13-ospf-1]area 0
[SD-WAN-R13-ospf-1-area-0.0.0.0]net 213.213.213.0 0.0.0.255
[SD-WAN-R13-ospf-1-area-0.0.0.0]net 172.172.172.0 0.0.0.255
[SD-WAN-R13-ospf-1-area-0.0.0.0]qu
[SD-WAN-R13-ospf-1]area 2
[SD-WAN-R13-ospf-1-area-0.0.0.2]net 172.20.253.1 0.0.0.02.5-总部内网防火墙-R1配置:
RID设置为1.1.1.1。
[R1]router id 1.1.1.1
[R1]ospf 1
[R1-ospf-1]area 1
[R1-ospf-1-area-0.0.0.1]net 192.168.20.2 0.0.0.0
[R1-ospf-1-area-0.0.0.1]net 192.168.4.0 0.0.0.255
[R1-ospf-1-area-0.0.0.1]net 192.168.2.0 0.0.0.2552.6-分公司核心交换机SW2配置:
RID设置为2.2.2.2。
[HX-SW2]router id 2.2.2.2
[HX-SW2]ospf 1
[HX-SW2-ospf-1]area 2
[HX-SW2-ospf-1-area-0.0.0.2]net 172.20.253.2 0.0.0.0
[HX-SW2-ospf-1-area-0.0.0.2]net 172.18.2.0 0.0.0.255
[HX-SW2-ospf-1-area-0.0.0.2]net 172.18.95.0 0.0.0.255
[HX-SW2-ospf-1-area-0.0.0.2]net 192.168.101.0 0.0.0.255
[HX-SW2-ospf-1-area-0.0.0.2]三、配置验证
此时,分公司的任意一台终端均可以ping通总部的终端。总部与分公司通过SD-WAN(OSPF动态路由协议)的链路已经打通。ping测试,如图1
