运维做开发

这个屌丝很懒，什么也没留下！

热门标签

基于EVE-NG仿真环境建立多种冗余方案的内部网络

作者：运维做开发 | 2024-07-01 19:46:04

踩

eve-ng

基于EVE-NG仿真环境建立多种冗余方案内部网络

EVE-NG介绍

EVE-NG全称为Emulated Virtual Environment - NextGeneration,原名是UnifiedNetworking Lab,中文名为统一网络实验室，是一个基于Ubuntu Linux的一个网络仿真环境，可以同时模拟多个厂商的多个设备，并可以互相通信与互相协作，除了模拟网络设备外，EVE-NG还能够使用QEMU/KVM虚拟化技术虚拟各种系统(Windows,Linux,BSD等)，与仿真网络设备通信与测试。

本文介绍

采用EVE-NG制作一个采用思科网络设备，并采用链路聚合、MSTP、VRRP多种热备冗余环境的三个分支的企业内部网络，并具有网络出口的环境。

环境介绍

仿真环境：EVE-NG 5.0.1-13
模拟外网设备：Huawei AR1000v
内网路由器：Cisco vIOS Router
内网交换机：Cisco vIOS Switch
模拟部门设备：VPCS

网络拓扑图

接线表

设备名称	接口	对端设备与接口
AR1000v	G0/0/0	[Gateway]Gi0/0
Gateway	Gi0/0	[AR1000v]G0/0/0
Gateway	Gi0/2	[SWCoreA]Gi0/0
Gateway	Gi0/3	[SWCoreB]Gi0/0
SWCoreA	Gi0/0	[Gateway]Gi0/2
SWCoreA	Gi0/1	[SWCoreB]Gi0/1
SWCoreA	Gi0/2	[BranchA]Gi1/0
SWCoreA	Gi0/3	[BranchA]Gi1/1
SWCoreA	Gi1/0	[BranchB]Gi1/2
SWCoreA	Gi1/1	[BranchC]Gi1/0
SWCoreB	Gi0/0	[Gateway]Gi0/3
SWCoreB	Gi0/1	[SWCoreA]Gi0/1
SWCoreB	Gi0/2	[BranchB]Gi1/0
SWCoreB	Gi0/3	[BranchB]Gi1/1
SWCoreB	Gi1/0	[BranchA]Gi1/2
SWCoreB	Gi1/1	[BranchC]Gi1/1
BrachA	Gi0/0	[PC1]eth0
BrachA	Gi1/0	[SWCoreA]Gi0/2
BrachA	Gi1/1	[SWCoreA]Gi0/3
BrachA	Gi1/2	[SWCoreB]Gi1/0
BrachB	Gi0/0	[PC2]eth0
BrachB	Gi1/0	[SWCoreB]Gi0/2
BrachB	Gi1/1	[SWCoreB]Gi0/3
BrachB	Gi1/2	[SWCoreA]Gi1/0
BrachC	Gi0/0	[PC3]eth0
BrachC	Gi1/0	[SWCoreA]Gi1/1
BrachC	Gi1/1	[SWCoreB]Gi1/1

项目要求

AR1000v配置IP并模拟公网设备
在Gateway设备上配置IP以及默认路由，并且配置NAT
在SWCoreA与SWCoreB设备上配置IP，与交换机互联的接口配置为Trunk，配置VRRP用于网关热备，配置MSTP作为冗余链路，配置链路聚合连接接入层设备
内网使用OSPF来联通不同设备与网段

配置实例

基础配置

配置任何机器都是先从设备名以及IP等开始的

AR1000v

system-view
sysname Internet
interface GigabitEthernet 0/0/0
ip address 123.123.123.1 255.255.255.0
return
save all
1
2
3
4
5
6

Gateway

enable
configure terminal
hostname Gateway
interface gigabitEthernet 0/0
ip address 123.123.123.2 255.255.255.0
no shutdown
exit
interface gigabitEthernet 0/2
ip address 10.1.1.1 255.255.255.252
no shutdown
exit
interface gigabitEthernet 0/3
ip address 10.1.2.1 255.255.255.252
no shutdown
exit
end
write
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17

SWCoreA

enable
configure terminal
hostname SWCoreA
ip routing
vlan 10
vlan 20
vlan 30
vlan 100
interface vlan 10
ip address 192.168.10.251 255.255.255.0
no shutdown
exit
interface vlan 20
ip address 192.168.20.251 255.255.255.0
no shutdown
exit
interface vlan 30
ip address 192.168.30.251 255.255.255.0
no shutdown
exit
interface vlan 100
ip address 10.1.1.2 255.255.255.252
no shutdown
exit
interface range gigabitEthernet 0/2-3
channel-group 1 mode active
exit
interface port-channel 1
switchport trunk encap dot1q
switchport mode trunk
exit
interface gigabitEthernet 0/0
switchport mode access
switchport access vlan 100
exit
interface gigabitEthernet 0/1
switchport trunk encap dot1q
switchport mode trunk
exit
interface gigabitEthernet 1/0
switchport trunk encap dot1q
switchport mode trunk
exit
interface gigabitEthernet 1/1
switchport trunk encap dot1q
switchport mode trunk
exit
end
write

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50

SWCoreB

enable
configure terminal
hostname SWCoreB
ip routing
vlan 10
vlan 20
vlan 30
vlan 100
interface vlan 10
ip address 192.168.10.252 255.255.255.0
no shutdown
exit
interface vlan 20
ip address 192.168.20.252 255.255.255.0
no shutdown
exit
interface vlan 30
ip address 192.168.30.252 255.255.255.0
no shutdown
exit
interface vlan 100
ip address 10.1.2.2 255.255.255.252
no shutdown
exit
interface range gigabitEthernet 0/2-3
channel-group 1 mode active
exit
interface port-channel 1
switchport trunk encap dot1q
switchport mode trunk
exit
interface gigabitEthernet 0/0
switchport mode access
switchport access vlan 100
exit
interface gigabitEthernet 0/1
switchport trunk encap dot1q
switchport mode trunk
exit
interface gigabitEthernet 1/0
switchport trunk encap dot1q
switchport mode trunk
exit
interface gigabitEthernet 1/1
switchport trunk encap dot1q
switchport mode trunk
exit
end
write
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49

BranchA

enable
configure terminal
hostname BranchA
vlan 10
vlan 20
vlan 30
interface range gigabitEthernet 1/0-1
channel-group 1 mode active
exit
interface port-channel 1
switchport trunk encap dot1q
switchport mode trunk
exit
interface gigabitEthernet 1/2
switchport trunk encap dot1q
switchport mode trunk
exit
interface gigabitEthernet gigabitEthernet 0/0
switchport mode access
switchport access vlan 10
exit
end
write
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23

BranchB

enable
configure terminal
hostname BranchB
vlan 10
vlan 20
vlan 30
interface range gigabitEthernet 1/0-1
channel-group 1 mode active
exit
interface port-channel 1
switchport trunk encap dot1q
switchport mode trunk
exit
interface gigabitEthernet 1/2
switchport trunk encap dot1q
switchport mode trunk
exit
interface gigabitEthernet 0/0
switchport mode access
switchport access vlan 20
exit
end
write
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23

BranchC

enable
configure terminal
hostname BranchC
vlan 10
vlan 20
vlan 30
interface gigabitEthernet 1/0
switchport trunk encap dot1q
switchport mode trunk
exit
interface gigabitEthernet 1/1
switchport trunk encap dot1q
switchport mode trunk
exit
interface gigabitEthernet 0/0
switchport mode access
switchport access vlan 30
exit
end
write
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20

到此基础配置就结束了，不配置好基础配置后面的配置几乎都做不了

NAT配置

NAT是用于网络地址转换的，在现在的IPv4网络来说没有NAT可以说几乎无法上网

Gateway

enable
configure terminal
interface gigabitEthernet 0/0
ip nat outside
exit
interface gigabitEthernet 0/2
ip nat inside
exit
interface gigabitEthernet 0/3
ip nat inside
exit
access-list 1 permit 10.1.1.0 0.0.0.3
access-list 1 permit 10.1.2.0 0.0.0.3
access-list 1 permit 192.168.10.0 0.0.0.255
access-list 1 permit 192.168.20.0 0.0.0.255
access-list 1 permit 192.168.30.0 0.0.0.255
ip nat inside source list 1 interface gigabitEthernet 0/0 overload
end
write
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19

路由配置

外网使用缺省路由联通
内网联通使用OSPF，并分发默认路由

RouteID

Gateway 10.10.10.1
SWCoreA 10.10.10.2
SWCoreB 10.10.10.3

Gateway

enable
configure terminal
ip route 0.0.0.0 0.0.0.0 123.123.123.1
interface loopback 0
ip address 10.10.10.1 255.255.255.255
exit
router ospf 1
router-id 10.10.10.1
network 10.10.10.1 0.0.0.0 area 0
network 10.1.1.0 0.0.0.3 area 0
network 10.1.2.0 0.0.0.3 area 0
default-information originate
exit
end
write
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15

SWCoreA

enable
configure terminal
interface loopback 0
ip address 10.10.10.2 255.255.255.255
exit
router ospf 1
router-id 10.10.10.2
network 10.10.10.2 0.0.0.0 area 0
network 10.1.1.0 0.0.0.3 area 0
network 192.168.10.0 0.0.0.255 area 1
network 192.168.20.0 0.0.0.255 area 1
network 192.168.30.0 0.0.0.255 area 1
exit
end
write
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15

SWCoreB

enable
configure terminal
interface loopback 0
ip address 10.10.10.3 255.255.255.255
exit
router ospf 1
router-id 10.10.10.3
network 10.10.10.3 0.0.0.0 area 0
network 10.1.2.0 0.0.0.3 area 0
network 192.168.10.0 0.0.0.255 area 1
network 192.168.20.0 0.0.0.255 area 1
network 192.168.30.0 0.0.0.255 area 1
exit
end
write
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15

VRRP

VRRP是用于多个设备间，虚拟一个IP作为业务IP，在这是作为一个虚拟的网关
Master的优先级为200，Backup的优先级为150，追踪gi0/1接口
SWCoreA作为Vlan10的Master，Vlan20和Vlan30的Backup
SWCoreB作为Vlan20和Vlan30的Master，Vlan10的Backup

SWCoreA

enable
configure terminal
track 1 interface gigabitEthernet 0/0 line-protocol
exit
interface vlan 10
vrrp 1 ip 192.168.10.254
vrrp 1 priority 200
vrrp 1 preempt
vrrp 1 track 1 decrement 100
exit
interface vlan 20
vrrp 2 ip 192.168.20.254
vrrp 2 priority 150
vrrp 2 preempt
vrrp 2 track 1 decrement 100
exit
interface vlan 30
vrrp 3 ip 192.168.30.254
vrrp 3 priority 150
vrrp 3 preempt
vrrp 3 track 1 decrement 100
exit
end
write
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24

SWCoreB

enable
configure terminal
track 1 interface gigabitEthernet 0/0 line-protocol
exit
interface vlan 10
vrrp 1 ip 192.168.10.254
vrrp 1 priority 150
vrrp 1 preempt
vrrp 1 track 1 decrement 100
exit
interface vlan 20
vrrp 2 ip 192.168.20.254
vrrp 2 priority 200
vrrp 2 preempt
vrrp 2 track 1 decrement 100
exit
interface vlan 30
vrrp 3 ip 192.168.30.254
vrrp 3 priority 200
vrrp 3 preempta
vrrp 3 track 1 decrement 100
exit
end
write
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24

MSTP

MSTP是用于制作冗余链路同时也可以防止环路的功能，在此处用于核心层到汇聚层的链路冗余以及选路
BranchA与B优先选择聚合端口作为转发接口，BranchC优先使用BranchB方向的接口作为转发接口
SWCoreA作为Vlan10的根桥，SWCoreB作为Vlan20与30的根桥

SWCoreA

enable
configure terminal
spanning-tree mode mst
spanning-tree mst configuration
name wtf
revision 1
instance 1 vlan 10
instance 2 vlan 20,30
exit
spanning-tree mst 1 root primary
spanning-tree mst 2 root secondary
end
write
1
2
3
4
5
6
7
8
9
10
11
12
13

SWCoreB

enable
configure terminal
spanning-tree mode mst
spanning-tree mst configuration
name wtf
revision 1
instance 1 vlan 10
instance 2 vlan 20,30
exit
spanning-tree mst 1 root secondary
spanning-tree mst 2 root primary
end
write
1
2
3
4
5
6
7
8
9
10
11
12
13

BranchA

enable
configure terminal
spanning-tree mode mst
spanning-tree mst configuration
name wtf
revision 1
instance 1 vlan 10
instance 2 vlan 20,30
exit
end
write
1
2
3
4
5
6
7
8
9
10
11

BranchB

enable
configure terminal
spanning-tree mode mst
spanning-tree mst configuration
name wtf
revision 1
instance 1 vlan 10
instance 2 vlan 20,30
exit
end
write
1
2
3
4
5
6
7
8
9
10
11

BranchC

enable
configure terminal
spanning-tree mode mst
spanning-tree mst configuration
name wtf
revision 1
instance 1 vlan 10
instance 2 vlan 20,30
exit
end
write
1
2
3
4
5
6
7
8
9
10
11

配置PC并测试

PC1

set pcname PC1
ip 192.168.10.10 255.255.255.0 192.168.10.254
save
1
2
3

PC2

set pcname PC2
ip 192.168.20.10 255.255.255.0 192.168.20.254
save
1
2
3

PC3

set pcname PC3
ip 192.168.30.10 255.255.255.0 192.168.30.254
save
1
2
3

配置好PC后进行测试，ping外网ip

ping 123.123.123.1
1

PC1联通外网

声明：本文内容由网友自发贡献，转载请注明出处：【wpsshop博客】