分享是一种生活态度,求知,求真,分享工作,分享生活!

华为防火墙可靠性-Eth-Trunk实验

华为 iqianyue 2142次浏览 0个评论 扫描二维码

实验目的

配置三层手工负载分担模式Eth-Trunk接口,该组网的特点是Eth-Trunk的建立,成员接口的加入,以及哪些接口作为活动接口完全由手工来配置,没有链路聚合控制协议的参与。该模式下所有活动接口都参与数据的转发,分担负载流量。

组网设备

USG系列防火墙2台。

实验拓扑图

eth-trunk

实验步骤(命令行 )

配置USG_A

  1. 创建Eth-Trunk接口,并配置IP地址。

[USG_A] interface eth-trunk 1

[USG_A-Eth-Trunk1] ip address 100.1.1.1 255.255.255.0

[USG_A-Eth-Trunk1] quit

  1. 将接口GE1/0/0、GE2/0/0加入到Eth-Trunk 1中。

[USG_A] interface gigabitethernet 1/0/0

[USG_A-GigabitEthernet1/0/0] undo shutdown

[USG_A-GigabitEthernet1/0/0] eth-trunk 1

[USG_A-GigabitEthernet1/0/0] quit

[USG_A] interface gigabitethernet 2/0/0

[USG_A-GigabitEthernet2/0/0] undo shutdown

[USG_A-GigabitEthernet2/0/0] eth-trunk 1

[USG_A-GigabitEthernet2/0/0] quit

  1. 配置Eth-Trunk 1加入Trust安全区域。

[USG_A] firewall zone trust

[USG_A-zone-trust] add interface eth-trunk 1

[USG_A-zone-trust] quit

  1. 配置域间安全策略。

[USG_A] policy interzone local trust outbound

[USG_A-policy-interzone-local-trust-outbound] policy 0

[USG_A-policy-interzone-local-trust-outbound-0] policy source any

[USG_A-policy-interzone-local-trust-outbound-0] action permit

[USG_A-policy-interzone-local-trust-outbound-0] quit

[USG_A-policy-interzone-local-trust-outbound] quit

[USG_A] policy interzone local trust inbound

[USG_A-policy-interzone-local-trust-inbound] policy 0

[USG_A-policy-interzone-local-trust-inbound-0] policy source any

[USG_A-policy-interzone-local-trust-inbound-0] action permit

[USG_A-policy-interzone-local-trust-inbound-0] quit

[USG_A-policy-interzone-local-trust-inbound] quit

配置USG_B

  1. 创建Eth-Trunk接口,并配置IP地址。

[USG_B] interface eth-trunk 1

[USG_B-Eth-Trunk1] ip address 100.1.1.2 255.255.255.0

[USG_B-Eth-Trunk1] quit

  1. 将接口GE1/0/0、GE2/0/0加入到Eth-Trunk 1中。

[USG_B] interface gigabitethernet 1/0/0

[USG_B-GigabitEthernet1/0/0] undo shutdown

[USG_B-GigabitEthernet1/0/0] eth-trunk 1

[USG_B-GigabitEthernet1/0/0] quit

[USG_B] interface gigabitethernet 2/0/0

[USG_B-GigabitEthernet2/0/0] undo shutdown

[USG_B-GigabitEthernet2/0/0] eth-trunk 1

[USG_B-GigabitEthernet2/0/0] quit

  1. 配置Eth-Trunk 1加入Trust安全区域。

[USG_B] firewall zone trust

[USG_B-zone-trust] add interface eth-trunk 1

[USG_B-zone-trust] quit

  1. 配置域间安全策略。

[USG_B] policy interzone local trust outbound

[USG_B-policy-interzone-local-trust-outbound] policy 0

[USG_B-policy-interzone-local-trust-outbound-0] policy source any

[USG_B-policy-interzone-local-trust-outbound-0] action permit

[USG_B-policy-interzone-local-trust-outbound-0] quit

[USG_B-policy-interzone-local-trust-outbound] quit

[USG_B] policy interzone local trust inbound

[USG_B-policy-interzone-local-trust-inbound] policy 0

[USG_B-policy-interzone-local-trust-inbound-0] policy source any

[USG_B-policy-interzone-local-trust-inbound-0] action permit

[USG_B-policy-interzone-local-trust-inbound-0] quit

[USG_B-policy-interzone-local-trust-inbound] quit

验证结果

在USG_A或USG_B上执行display interface eth-trunk命令,可以看到接口状态为UP。

以USG_A的显示为例。

[USG_A] display interface eth-trunk 1

Eth-Trunk1 current state : UP

Line protocol current state : UP

Last line protocol up time : 2011-08-10 03:57:08 UTC+08:00

Description: Eth-Trunk1 Interface

Route Port,Hash arithmetic : According to flow,Maximal BW: 2G, Current BW: 2G, T

he Maximum Transmit Unit is 1500

Internet Address is 100.1.1.1/24

IP Sending Frames’ Format is PKTFMT_ETHNT_2, Hardware address is 0018-8249-2a8d

Physical is ETH_TRUNK

Last 300 seconds input rate 0 bits/sec, 0 packets/sec

Last 300 seconds output rate 0 bits/sec, 0 packets/sec

Realtime 0 seconds input rate 0 bits/sec, 0 packets/sec

Realtime 0 seconds output rate 0 bits/sec, 0 packets/sec

Input: 0 packets,0 bytes,

0 unicast,0 broadcast,0 multicast

0 errors,0 drops,

Output:1 packets,64 bytes,

0 unicast,1 broadcast,0 multicast

0 errors,0 drops

Input bandwidth utilization  : 0.00%

Output bandwidth utilization : 0.01%

—————————————————–

PortName                Status              Weight

—————————————————–

GigabitEthernet1/0/0    UP                  1

GigabitEthernet2/0/0    UP                  1

—————————————————–

The Number of Ports in Trunk : 2

The Number of UP Ports in Trunk : 2

# USG_A和USG_B的Eth-Trunk接口能够互相Ping通。

[USG_A] ping -a 100.1.1.1 100.1.1.2

PING 100.1.1.2: 56  data bytes, press CTRL_C to break

Reply from 100.1.1.2: bytes=56 Sequence=1 ttl=255 time=31 ms

Reply from 100.1.1.2: bytes=56 Sequence=2 ttl=255 time=31 ms

Reply from 100.1.1.2: bytes=56 Sequence=3 ttl=255 time=62 ms

Reply from 100.1.1.2: bytes=56 Sequence=4 ttl=255 time=62 ms

Reply from 100.1.1.2: bytes=56 Sequence=5 ttl=255 time=62 ms

— 100.1.1.2 ping statistics —

5 packet(s) transmitted

5 packet(s) received

0.00% packet loss

round-trip min/avg/max = 31/49/62 ms

 


iqianyue , 版权所有丨如未注明 , 均为原创,转载请注明iqianyue
喜欢 (1)
[]
分享 (0)
发表我的评论
取消评论

表情 加粗 删除线 居中 斜体 签到

Hi,您需要填写昵称和邮箱!

  • 昵称 (必填)
  • 邮箱 (必填)
  • 网址