ospf路由协议与交换机远程管理设置
说明:
1.lsw3和lsw4,lsw5之间上联和下联运行ospf
2.我们项目中需要通过远程管理汇聚交换机lsw3和lsw4,lsw5我们为了把业务和管理vlan区分开默认用vlan1当做管理vlan分别配ip为1.1,1.2, 1.3
3.由于pc1模拟器不支持telnet所以我们用一台路由器模拟终端给其配默认路由为网关,ip地址为192.168.10.2 /24
lsw1配置如下:
<lsw1>dis cu
#
sysname lsw1
#
undo info-center enable
#
vlan batch 20 30
#
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 20 30
#
interface GigabitEthernet0/0/2
port link-type access
port default vlan 20
#
interface GigabitEthernet0/0/3
port link-type access
port default vlan 30
lsw2配置如下:
<lsw2>dis cu
#
sysname lsw2
#
undo info-center enable
#
vlan batch 50 60
#
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 50 60
#
interface GigabitEthernet0/0/2
port link-type access
port default vlan 50
#
interface GigabitEthernet0/0/3
port link-type access
port default vlan 60
lsw3配置如下:
<lsw3>dis cu
#
sysname lsw3
#
undo info-center enable
#
vlan batch 10 20 30 102
#
interface Vlanif1
ip address 192.168.1.2 255.255.255.0
#
interface Vlanif10
ip address 192.168.10.254 255.255.255.0
#
interface Vlanif20
ip address 192.168.20.254 255.255.255.0
#
interface Vlanif30
ip address 192.168.30.254 255.255.255.0
#
interface Vlanif102
ip address 192.168.102.2 255.255.255.0
#
interface GigabitEthernet0/0/1
port link-type access
port default vlan 10
#
interface GigabitEthernet0/0/2
port link-type trunk
port trunk allow-pass vlan 20 30
#
interface GigabitEthernet0/0/3
port link-type trunk
port trunk allow-pass vlan 102
#
ospf 1 router-id 2.2.2.2
area 0.0.0.0
network 192.168.102.2 0.0.0.0
network 192.168.10.254 0.0.0.0
network 192.168.20.254 0.0.0.0
network 192.168.30.254 0.0.0.0
user-interface vty 0 4
authentication-mode none
lsw4配置如下:
<lsw4>dis cu
#
sysname lsw4
#
undo info-center enable
#
vlan batch 40 50 60 103
#
aaa
local-user admin123 password cipher “=LP!6$^-IYNZPO3JBXBHA!!
local-user admin123 privilege level 15
local-user admin123 service-type telnet
#
interface Vlanif1
ip address 192.168.1.3 255.255.255.0
#
interface Vlanif40
ip address 192.168.40.254 255.255.255.0
#
interface Vlanif50
ip address 192.168.50.254 255.255.255.0
#
interface Vlanif60
ip address 192.168.60.254 255.255.255.0
#
interface Vlanif103
ip address 192.168.103.3 255.255.255.0
#
interface GigabitEthernet0/0/1
port link-type access
port default vlan 40
#
interface GigabitEthernet0/0/2
port link-type trunk
port trunk allow-pass vlan 50 60
#
interface GigabitEthernet0/0/3
port link-type trunk
port trunk allow-pass vlan 103
#
ospf 1 router-id 3.3.3.3
area 0.0.0.0
network 192.168.103.3 0.0.0.0
network 192.168.40.254 0.0.0.0
network 192.168.50.254 0.0.0.0
network 192.168.60.254 0.0.0.0
#
user-interface vty 0 4
authentication-mode aaa
lsw5配置如下:
<lsw5>dis cu
#
sysname lsw5
#
undo info-center enable
#
vlan batch 102 to 103
#
aaa
local-user admin123 password cipher “=LP!6$^-IYNZPO3JBXBHA!!
local-user admin123 privilege level 15
local-user admin123 service-type telnet
#
interface Vlanif1
ip address 192.168.1.1 255.255.255.0
#
interface Vlanif102
ip address 192.168.102.1 255.255.255.0
#
interface Vlanif103
ip address 192.168.103.1 255.255.255.0
#
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 102
#
interface GigabitEthernet0/0/2
port link-type trunk
port trunk allow-pass vlan 103
#
ospf 1 router-id 1.1.1.1
area 0.0.0.0
network 192.168.103.1 0.0.0.0
network 192.168.102.1 0.0.0.0
#
user-interface vty 0 4
authentication-mode aaa
AR1配置如下:
<test-pc>dis cu
#
sysname test-pc
#
interface GigabitEthernet0/0/0
ip address 192.168.10.2 255.255.255.0
#
ip route-static 0.0.0.0 0.0.0.0 192.168.10.254
配置时候注意:交换机与交换机之间的一定要配置为trunk口,否则后期容易出问题,导致很多的vlan放行不了。(交换机之所以可以管理就是因为交换机默认放行了vlan1,所以可以互相管理设备,如果这里我们设置的管理为vlan 100,那么交换机之间的trunk口,需要放行vlan 100通过,要不然通不了,管理不了)
电脑ip分配情况:
vlan10 20 30 40 50 60 ip分别对应为10.1,20.1,30.1,40.1,50.1,60.1
配置好vlan和ospf动态路由后,我们查看一下是不是达到全网互通。
在全网互联互通的基础上,我们来配置交换机远程管理:
第一步:配管理vlan1
[lsw5-aaa]interface vlanif1
[lsw5-Vlanif1]ip add 192.168.1.1 24
第二步:系统视图下输入命令:
[lsw5]user-interface vty 0 4
[lsw5-ui-vty0-4]authentication-mode aaa
第三步:
[lsw5]aaa
[lsw5-aaa]local-user admin123 privilege level 15
[lsw5-aaa]local-user admin123 service-type telnet
[lsw5-aaa]local-user admin123 password cipher admin123
第四步:在路由器AR1进行远程验证
注意是在用户试图下>括号下
<test-pc>telnet 192.168.1.1
Press CTRL_] to quit telnet mode
Trying 192.168.1.1 …
Connected to 192.168.1.1 …
Login authentication
Username:admin123
Password:
Info: The max number of VTY users is 5, and the number
of current VTY users on line is 1.
The current login time is 2024-06-18 09:48:51.
<lsw5>
我们现在远程管理到lsw5这台交换机
我们最后看看ospf学习到的路由: