一、技术概述
1. Easy IP
华为Easy IP是一种特殊的NAT实现方式,它允许将内部网络的私有IP地址直接映射到路由器出接口的公网IP地址上,无需配置NAT地址池。
2. NAT (网络地址转换)
NAT用于将私有IP地址转换为公有IP地址,解决IPv4地址不足的问题,同时隐藏内部网络结构。
3. DHCP中继
DHCP中继允许DHCP服务器为不同子网的客户端分配IP地址,解决DHCP广播无法跨网段传输的问题。
4. OSPF (开放式最短路径优先)
OSPF是一种链路状态路由协议,用于在自治系统内部动态学习路由信息。
二、典型应用场景
这种组合技术常用于以下场景:
- 企业分支机构通过专线/互联网连接总部
- 多部门网络互联并共享互联网出口
- 需要为多个VLAN提供IP地址分配服务
- 网络需要动态路由实现自动路径选择
三、详细配置步骤
网络拓扑情况
1. # R4作为DHCP服务器OSPF相关配置
#
sysname R4Dhcp_Ser
#
dhcp enable
# 配置vlan相关地址池
ip pool vlan1
gateway-list 192.168.1.1
network 192.168.1.0 mask 255.255.255.0
static-bind ip-address 192.168.1.100 mac-address 5489-98d9-7902
dns-list 8.8.8.8 192.168.1.1
#
ip pool vlan2
gateway-list 192.168.2.1
network 192.168.2.0 mask 255.255.255.0
static-bind ip-address 192.168.2.100 mac-address 5489-98bd-1ec5
dns-list 8.8.8.8 192.168.2.1
#
ip pool vlan3
gateway-list 192.168.3.1
network 192.168.3.0 mask 255.255.255.0
static-bind ip-address 192.168.3.100 mac-address 5489-98f2-5254
dns-list 8.8.8.8 192.168.3.1
#
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password cipher uj~Q%10=#N3@9_G-B0Y2H:"#
local-user admin service-type http
#
firewall zone Local
priority 16
#
interface Ethernet0/0/0
#
interface Ethernet0/0/1
#
interface Serial0/0/0
link-protocol ppp
#
interface Serial0/0/1
link-protocol ppp
#
interface Serial0/0/2
link-protocol ppp
#
interface Serial0/0/3
link-protocol ppp
# 记得开启DHCP服务,在接口上开启dhcp select global
interface GigabitEthernet0/0/0
ip address 192.168.40.2 255.255.255.0
dhcp select global
#
interface GigabitEthernet0/0/1
#
interface GigabitEthernet0/0/2
#
interface GigabitEthernet0/0/3
#
wlan
#
interface NULL0
#
interface LoopBack0
ip address 4.4.4.4 255.255.255.0
# ospf相关配置
ospf 1 router-id 4.4.4.4
area 0.0.0.0
authentication-mode md5 1 cipher hdy^:,\s9X;BH^68NhwO|Uj#
network 4.4.4.4 0.0.0.0
network 192.168.40.0 0.0.0.255 #反掩码
# 记得写一条静态路由
ip route-static 0.0.0.0 0.0.0.0 192.168.40.1
#
user-interface con 0
user-interface vty 0 4
user-interface vty 16 20
#
return
2. # R2 DHCP中继OSPF相关配置
[V200R003C00]
#
snmp-agent local-engineid 800007DB03000000000000
snmp-agent
#
clock timezone China-Standard-Time minus 08:00:00
#
portal local-server load portalpage.zip
#
drop illegal-mac alarm
#
set cpu-usage threshold 80 restore 75
# NAT ACL 规则
acl number 2000
rule 5 permit
#
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password cipher %$%$K8m.Nt84DZ}e#<0`8bmE3Uw}%$%$
local-user admin service-type http
#
firewall zone Local
priority 15
#
interface GigabitEthernet0/0/0
ip address 10.1.1.2 255.255.255.0
#在接口上启动Easy IP
interface GigabitEthernet0/0/1
ip address 20.1.1.1 255.255.255.0
nat outbound 2000
#
interface GigabitEthernet0/0/2
ip address 192.168.40.1 255.255.255.0
#
interface NULL0
#
interface LoopBack0
ip address 2.2.2.2 255.255.255.0
# ospf相关配置
ospf 1 router-id 2.2.2.2
area 0.0.0.0
authentication-mode md5 1 cipher %$%$kX{s5d&pn07.(LC$)\(75<8F%$%$
network 2.2.2.2 0.0.0.0
network 10.1.1.0 0.0.0.255
network 20.1.1.0 0.0.0.255
network 192.168.40.0 0.0.0.255
# 记得写一条静态路由
ip route-static 0.0.0.0 0.0.0.0 20.1.1.2
#
user-interface con 0
authentication-mode password
user-interface vty 0 4
user-interface vty 16 20
#
wlan ac
#
return
3. # R1 OSPF相关配置
#
sysname R1
#
vlan batch 2 to 3
#
dhcp enable
#
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password cipher ;j.vTe-U0HajUn1vMEIBU:|#
local-user admin service-type http
#
firewall zone Local
priority 16
#记得开启DHCP服务,在虚拟接口下指向远程DHCP地址192.168.40.2
interface Vlanif1
ip address 192.168.1.1 255.255.255.0
dhcp select relay
dhcp relay server-ip 192.168.40.2
#
interface Vlanif2
ip address 192.168.2.1 255.255.255.0
#
interface Vlanif3
ip address 192.168.3.1 255.255.255.0
dhcp select relay
dhcp relay server-ip 192.168.40.2
#
interface Ethernet0/0/0
ip address 10.1.1.1 255.255.255.0
#
interface Ethernet0/0/1
#
interface Serial0/0/0
link-protocol ppp
#
interface Serial0/0/1
link-protocol ppp
#
interface Serial0/0/2
link-protocol ppp
#
interface Serial0/0/3
link-protocol ppp
#
interface GigabitEthernet0/0/0
#
interface GigabitEthernet0/0/1
#
interface GigabitEthernet0/0/2
#设置成Trunk口,允许需要通过的的Vlan
interface GigabitEthernet0/0/3
portswitch
port link-type trunk
port trunk allow-pass vlan 2 to 4094
#
wlan
#
interface NULL0
#
interface LoopBack0
ip address 1.1.1.1 255.255.255.0
#ospf相关配置
ospf 1 router-id 1.1.1.1
area 0.0.0.0
authentication-mode md5 1 cipher ^:9ERHt;m$@X,k6.E\Z,+k;#
network 1.1.1.1 0.0.0.0
network 10.1.1.0 0.0.0.255
network 192.168.1.0 0.0.0.255
network 192.168.2.0 0.0.0.255
network 192.168.3.0 0.0.0.255
#
ip route-static 0.0.0.0 0.0.0.0 10.1.1.2
#
user-interface con 0
user-interface vty 0 4
user-interface vty 16 20
#
return
4. # LSW1交换机 相关配置
#
sysname LSW1
#
vlan batch 2 to 3
#
cluster enable
ntdp enable
ndp enable
#
lldp enable
#
drop illegal-mac alarm
#
diffserv domain default
#
drop-profile default
#
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password simple admin
local-user admin service-type http
#
interface Vlanif1
#
interface Vlanif2
#
interface MEth0/0/1
#
interface GigabitEthernet0/0/1
port link-type access
#把相应的端口划入vlan
interface GigabitEthernet0/0/2
port link-type access
port default vlan 3
#
interface GigabitEthernet0/0/3
port link-type access
port default vlan 2
#设置成Trunk口,允许需要通过的的Vlan
interface GigabitEthernet0/0/4
port link-type trunk
port trunk allow-pass vlan 2 to 4094
#
interface GigabitEthernet0/0/5
#
interface GigabitEthernet0/0/6
#
interface GigabitEthernet0/0/7
#
interface GigabitEthernet0/0/8
#
interface GigabitEthernet0/0/9
#
interface GigabitEthernet0/0/10
#
interface GigabitEthernet0/0/11
#
interface GigabitEthernet0/0/12
#
interface GigabitEthernet0/0/13
#
interface GigabitEthernet0/0/14
#
interface GigabitEthernet0/0/15
#
interface GigabitEthernet0/0/16
#
interface GigabitEthernet0/0/17
#
interface GigabitEthernet0/0/18
#
interface GigabitEthernet0/0/19
#
interface GigabitEthernet0/0/20
#
interface GigabitEthernet0/0/21
#
interface GigabitEthernet0/0/22
#
interface GigabitEthernet0/0/23
#
interface GigabitEthernet0/0/24
#
interface NULL0
#
user-interface con 0
user-interface vty 0 4
#
return
5. # ISP 相关配置
#
sysname R3
#
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password cipher qaX<2};UT3pe}@HMNPn@c:!#
local-user admin service-type http
#
firewall zone Local
priority 16
#
interface Ethernet0/0/0
ip address 31.1.1.254 255.255.255.0
#
interface Ethernet0/0/1
ip address 20.1.1.2 255.255.255.0
#
interface Serial0/0/0
link-protocol ppp
#
interface Serial0/0/1
link-protocol ppp
#
interface Serial0/0/2
link-protocol ppp
#
interface Serial0/0/3
link-protocol ppp
#
interface GigabitEthernet0/0/0
ip address 30.1.1.254 255.255.255.0
#
interface GigabitEthernet0/0/1
#
interface GigabitEthernet0/0/2
#
interface GigabitEthernet0/0/3
#
wlan
#
interface NULL0
#
user-interface con 0
user-interface vty 0 4
user-interface vty 16 20
#
return 四、配置验证命令
- 检查NAT转换状态display nat session all
- 验证DHCP中继display dhcp relay statistics
- 检查OSPF邻居状态display ospf peer
- 查看路由表display ip routing-table
- 测试PC1到30.1.1.1可能通信,抓包看NAT可正常
- 从上图可以看出正常通信,源地址192.168.1.254已经被替换成NAT地址20.1.1.1
五、常见问题及解决方案
- NAT不生效
- 检查ACL是否匹配内部网络
- 验证出接口是否正确配置nat outbound
- 检查路由是否可达
- DHCP客户端无法获取IP
- 确认DHCP中继配置的服务器IP正确
- 检查中间网络是否允许DHCP报文通过
- 验证DHCP服务器地址池是否配置正确
- OSPF邻居无法建立
- 检查接口是否加入正确的OSPF区域
- 验证网络类型是否匹配(广播/点对点)
- 检查认证配置是否一致
- 记得R1,R2要写一条静态路由
华为OSPF路由协议配置案例:https://www.hao0564.com/5194.html