当前位置:首页 > IT技术 > 其他 > 正文

华为设备配置SA消息过滤
2022-05-11 11:03:04

华为设备配置SA消息过滤_f5


1. 配置各接口IP  

[LSW1]vlan batch 10 30 100

[LSW1-GigabitEthernet0/0/2]port link-type trunk  

[LSW1-GigabitEthernet0/0/2]port trunk allow-pass vlan 10

[LSW1-GigabitEthernet0/0/3]port link-type trunk  

[LSW1-GigabitEthernet0/0/3]port trunk allow-pass vlan 30

[LSW1-GigabitEthernet0/0/1]port link-type hybrid  

[LSW1-GigabitEthernet0/0/1]port hybrid untagged vlan 100

[LSW1-GigabitEthernet0/0/1]port hybrid pvid vlan 100

[LSW1-Vlanif10]ip add 10.1.1.1 24

[LSW1-Vlanif30]ip add 10.1.3.1 24

[LSW1-Vlanif100]ip add 192.168.1.1 24

[LSW1-LoopBack0]ip add 1.1.1.1 32

[LSW2]vlan batch 10 20 200

[LSW2-GigabitEthernet0/0/1]port link-type trunk  

[LSW2-GigabitEthernet0/0/1]port trunk allow-pass vlan 10

[LSW2-GigabitEthernet0/0/3]port link-type trunk  

[LSW2-GigabitEthernet0/0/3]port trunk allow-pass vlan 20

[LSW2-GigabitEthernet0/0/2]port link-type hybrid  

[LSW2-GigabitEthernet0/0/2]port hybrid untagged vlan 200

[LSW2-GigabitEthernet0/0/2]port hybrid pvid vlan 200

[LSW2-Vlanif10]ip add 10.1.1.2 24

[LSW2-Vlanif20]ip add 10.1.2.2 24

[LSW2-Vlanif200]ip add 192.168.2.2 24

[LSW3]vlan batch 20 30 40 300

[LSW3-GigabitEthernet0/0/2]port link-type trunk  

[LSW3-GigabitEthernet0/0/2]port trunk allow-pass vlan 20

[LSW3-GigabitEthernet0/0/1]port link-type trunk  

[LSW3-GigabitEthernet0/0/1]port trunk allow-pass vlan 30

[LSW3-GigabitEthernet0/0/4]port link-type trunk  

[LSW3-GigabitEthernet0/0/4]port trunk allow-pass vlan 40

[LSW3-GigabitEthernet0/0/3]port link-type hybrid  

[LSW3-GigabitEthernet0/0/3]port hybrid untagged vlan 300

[LSW3-GigabitEthernet0/0/3]port hybrid pvid vlan 300

[LSW3-Vlanif20]ip add 10.1.2.3 24

[LSW3-Vlanif20]ip add 10.1.3.3 24

[LSW3-Vlanif40]ip add 10.1.4.3 24

[LSW3-Vlanif300]ip add 192.168.3.3 24

[LSW3-LoopBack0]ip add 3.3.3.3 32

[LSW4]vlan batch 40 400 500

[LSW4-GigabitEthernet0/0/3]port link-type trunk

[LSW4-GigabitEthernet0/0/3]port trunk allow-pass vlan 40

[LSW4-GigabitEthernet0/0/1]port link-type hybrid  

[LSW4-GigabitEthernet0/0/1]port hybrid untagged vlan 400

[LSW4-GigabitEthernet0/0/1]port hybrid pvid vlan 400

[LSW4-GigabitEthernet0/0/2]port link-type hybrid  

[LSW4-GigabitEthernet0/0/2]port hybrid pvid vlan 500

[LSW4-GigabitEthernet0/0/2]port hybrid untagged vlan 500

[LSW4-Vlanif40]ip add 10.1.4.4 24

[LSW4-Vlanif400]ip add 192.168.4.4 24

[LSW4-Vlanif500]ip add 192.168.5.4 24

[LSW4-LoopBack0]ip add 4.4.4.4 32

华为设备配置SA消息过滤_组播_02

华为设备配置SA消息过滤_f5_03

华为设备配置SA消息过滤_f5_04

华为设备配置SA消息过滤_单播_05

华为设备配置SA消息过滤_单播_06

2. 配置单播路由协议-OSPF

[LSW1]stp disable

[LSW2]stp disable

[LSW3]stp disable

[LSW4]stp disable

[LSW1]ospf 1

[LSW1-ospf-1]area 0

[LSW1-ospf-1-area-0.0.0.0]network 10.1.1.0 0.0.0.255

[LSW1-ospf-1-area-0.0.0.0]network 10.1.3.0 0.0.0.255

[LSW1-ospf-1-area-0.0.0.0]network 192.168.1.0 0.0.0.255

[LSW1-ospf-1-area-0.0.0.0]network 1.1.1.1 0.0.0.0

[LSW2]ospf 1

[LSW2-ospf-1]area 0

[LSW2-ospf-1-area-0.0.0.0]network 10.1.1.0 0.0.0.255

[LSW2-ospf-1-area-0.0.0.0]network 10.1.2.0 0.0.0.255

[LSW2-ospf-1-area-0.0.0.0]network 192.168.2.0 0.0.0.255

[LSW3]ospf 1

[LSW3-ospf-1]area 0

[LSW3-ospf-1-area-0.0.0.0]network 10.1.2.0 0.0.0.255

[LSW3-ospf-1-area-0.0.0.0]network 10.1.3.0 0.0.0.255

[LSW3-ospf-1-area-0.0.0.0]network 10.1.4.0 0.0.0.255

[LSW3-ospf-1-area-0.0.0.0]network 192.168.3.0 0.0.0.255

[LSW3-ospf-1-area-0.0.0.0]network 3.3.3.3 0.0.0.0

[LSW4]ospf 1

[LSW4-ospf-1]area 0

[LSW4-ospf-1-area-0.0.0.0]network 10.1.4.0 0.0.0.255

[LSW4-ospf-1-area-0.0.0.0]network 192.168.4.0 0.0.0.255

[LSW4-ospf-1-area-0.0.0.0]network 192.168.5.0 0.0.0.255

[LSW4-ospf-1-area-0.0.0.0]network 4.4.4.4 0.0.0.0

3. 使能组播路由功能,并配置PIM-SM功能

[LSW1]multicast routing-enable  

[LSW1-Vlanif10]pim sm

[LSW1-Vlanif30]pim sm

[LSW1-Vlanif100]pim sm

[LSW2]multicast routing-enable  

[LSW2-Vlanif10]pim sm

[LSW2-Vlanif20]pim sm  

[LSW2-Vlanif200]pim sm

[LSW3]multicast routing-enable  

[LSW3-Vlanif20]pim sm

[LSW3-Vlanif30]pim sm

[LSW3-Vlanif40]pim sm  

[LSW3-Vlanif300]pim sm

[LSW4]multicast routing-enable  

[LSW4-Vlanif40]pim sm

[LSW4-Vlanif400]pim sm  

[LSW4-Vlanif500]pim sm

4. 在主机侧接口使能IGMP功能

[LSW1-Vlanif100]igmp enable

[LSW3-Vlanif300]igmp enable

[LSW4-Vlanif400]igmp enable

5. 配置BSR的服务边界,划分PIM-SM域

[LSW1-Vlanif30]pim bsr-boundary

[LSW2-Vlanif20]pim bsr-boundary

[LSW3-Vlanif20]pim bsr-boundary

[LSW3-Vlanif30]pim bsr-boundary

[LSW3-Vlanif40]pim bsr-boundary

[LSW4-Vlanif40]pim bsr-boundary

6. 配置C-BSR、C-RP的位置:loopback0

[LSW1-LoopBack0]pim sm

[LSW1]pim

[LSW1-pim]c-bsr LoopBack 0

[LSW1-pim]c-rp LoopBack 0

[LSW3-LoopBack0]pim sm

[LSW3]pim

[LSW3-pim]c-bsr LoopBack 0

[LSW3-pim]c-rp LoopBack 0

[LSW4-LoopBack0]pim sm

[LSW4]pim

[LSW4-pim]c-bsr LoopBack 0

[LSW4-pim]c-rp LoopBack 0

7. 配置MSDP对等体

[LSW1]msdp  

[LSW1-msdp]peer 10.1.3.3 connect-interface Vlanif 30  

[LSW3]msdp  

[LSW3-msdp]peer 10.1.3.1 connect-interface Vlanif 30

[LSW3-msdp]peer 10.1.4.4 connect-interface Vlanif 40

[LSW4]msdp  

[LSW4-msdp]peer 10.1.4.3 connect-interface Vlanif 40

8. 配置SA消息过滤规则

[LSW3]acl 3001

[LSW3-acl-adv-3001]rule deny ip source 192.168.2.30 0 destination 225.1.1.0 0.0.0.3                                                                          

[LSW3-acl-adv-3001]rule permit ip source any destination any  

[LSW3]msdp  

[LSW3-msdp]peer 10.1.4.4 sa-policy export acl 3001  //在LSW3上配置不向LSW4转发有关(MCS1,225.1.1.0/30)的SA消息

[LSW4]acl 2001

[LSW4-acl-basic-2001]rule deny source 192.168.5.50 0

[LSW4]msdp  

[LSW4-msdp]import-source acl 2001  //在LSW4上配置不创建有关MCS2的SA消息

9. 验证配置

华为设备配置SA消息过滤_单播_07

华为设备配置SA消息过滤_f5_08

本文摘自 :https://blog.51cto.com/u

开通会员,享受整站包年服务立即开通 >