您当前的位置： 首页 > 学无止境 > 心得笔记 网站首页心得笔记

华为HCDA认证教学视频 华为数据通信工程师初级视频19-广域网

发布时间：2020-12-10 17:13:47编辑：雪饮阅读（）

 广域网基础拓扑结构


图中AR0到AR1与AR0到AR2分别是两个骨干广域网，广域网就比如从北京某处与天津某处的一种物理网络并非局域网，具有点到点特性。
广域网需要用串行端口进行连线。
广域网连通利用HDLC
图中AR0如果要与AR1进行连通，仅仅连线肯定不行的，需要有地址。广域网常见用HDLC协议在接口上进行配置。
对于AR0配置HDLC并配置s000接口ip地址
[AR0]interface s0/0/0
[AR0-Serial0/0/0]link-protocol hdlc
Warning: The encapsulation protocol of the link will be changed.
Continue? [Y/N]:y
Dec 10 2020 15:05:06-08:00 AR0 %%01IFNET/4/CHANGE_ENCAP(l)[0]:The user performed
 the configuration that will change the encapsulation protocol of the link and t
hen selected Y.
[AR0-Serial0/0/0]dis this
#
interface Serial0/0/0
 link-protocol hdlc
#
return
[AR0-Serial0/0/0]ip address 192.168.1.1 24
对于AR1仅仅配置s000接口的ip地址
[AR1]interface s0/0/0
[AR1-Serial0/0/0]ip address 192.168.1.2 24
[AR1-Serial0/0/0]
Dec 10 2020 15:09:48-08:00 AR1 DS/4/DATASYNC_CFGCHANGE:OID 1.3.6.1.4.1.2011.5.25
.191.3.1 configurations have been changed. The current change number is 2, the c
hange loop count is 0, and the maximum number of records is 4095.
此时AR1是无法ping通AR0的，因为AR1的协议还没有配置，而AR0的协议是HDLC
[AR1-Serial0/0/0]ping 192.168.1.1
 PING 192.168.1.1: 56 data bytes, press CTRL_C to break
    Request time out
    Request time out
    Request time out
    Request time out
    Request time out
 
 --- 192.168.1.1 ping statistics ---
    5 packet(s) transmitted
    0 packet(s) received
100.00% packet loss
所以当AR1也配置HDLC后。其就能ping通AR0了
[AR1-Serial0/0/0]link-protocol hdlc
Warning: The encapsulation protocol of the link will be changed.
Continue? [Y/N]:y
Dec 10 2020 15:12:42-08:00 AR1 %%01IFNET/4/CHANGE_ENCAP(l)[1]:The user performed
 the configuration that will change the encapsulation protocol of the link and t
hen selected Y.
Dec 10 2020 15:12:42-08:00 AR1 %%01PHY/1/PHY(l)[2]:    Serial0/0/0: change statu
s to down
[AR1-Serial0/0/0]
Dec 10 2020 15:12:42-08:00 AR1 %%01PHY/1/PHY(l)[3]:    Serial0/0/0: change statu
s to up
Dec 10 2020 15:12:42-08:00 AR1 %%01IFNET/4/LINK_STATE(l)[4]:The line protocol IP
 on the interface Serial0/0/0 has entered the UP state.
[AR1-Serial0/0/0]ping 192.168.1.1
 PING 192.168.1.1: 56 data bytes, press CTRL_C to break
Dec 10 2020 15:12:48-08:00 AR1 DS/4/DATASYNC_CFGCHANGE:OID 1.3.6.1.4.1.2011.5.25
.191.3.1 configurations have been changed. The current change number is 3, the c
hange loop count is 0, and the maximum number of records is 4095.
    Request time out
    Request time out
    Request time out
    Reply from 192.168.1.1: bytes=56 Sequence=4 ttl=255 time=50 ms
    Reply from 192.168.1.1: bytes=56 Sequence=5 ttl=255 time=30 ms
 
 --- 192.168.1.1 ping statistics ---
    5 packet(s) transmitted
    2 packet(s) received
    60.00% packet loss
round-trip min/avg/max = 30/40/50 ms
借用ip地址
当某接口不是长期使用IP地址时，为了节省IP地址，可以配置该接口借用其他接口的IP地址。通常配置为借用Loopback接口的地址，以保持接口的稳定性。
这里以AR0进行实现ip地址借用
规划下loopback的ip地址为192.168.1.1 24
当前192.168.1.1 24已经被接口s000所用，所以要先将该ip地址从s000接口中卸载
[AR0-Serial0/0/0]undo ip add
[AR0-Serial0/0/0]
Dec 10 2020 15:32:43-08:00 AR0 DS/4/DATASYNC_CFGCHANGE:OID 1.3.6.1.4.1.2011.5.25
.191.3.1 configurations have been changed. The current change number is 5, the c
hange loop count is 0, and the maximum number of records is 4095.
[AR0-Serial0/0/0]quit
[AR0]interface LoopBack 0
[AR0-LoopBack0]ip address 192.168.1.1 24
[AR0-LoopBack0]
Dec 10 2020 15:35:53-08:00 AR0 DS/4/DATASYNC_CFGCHANGE:OID 1.3.6.1.4.1.2011.5.25
.191.3.1 configurations have been changed. The current change number is 6, the c
hange loop count is 0, and the maximum number of records is 4095.
然后在接口s000上借用LoopBack0的ip地址
[AR0-Serial0/0/0]ip address unnumbered interface LoopBack 0
[AR0-Serial0/0/0]dis ip interface brief
*down: administratively down
!down: FIB overload down
^down: standby
(l): loopback
(s): spoofing
(d): Dampening Suppressed
The number of interface that is UP in Physical is 3
The number of interface that is DOWN in Physical is 9
The number of interface that is UP in Protocol is 3
The number of interface that is DOWN in Protocol is 9
 
Interface                         IP Address/Mask      Physical   Protocol 
Ethernet0/0/0                     unassigned           down       down     
Ethernet0/0/1                     unassigned           down       down     
GigabitEthernet0/0/0              unassigned           down       down     
GigabitEthernet0/0/1              unassigned           down       down     
GigabitEthernet0/0/2              unassigned           down       down     
GigabitEthernet0/0/3              unassigned           down       down     
LoopBack0                         192.168.1.1/24       up         up(s)    
NULL0                             unassigned           up         up(s)    
Serial0/0/0                       192.168.1.1/24       up         up        
Serial0/0/1                       unassigned           down       down     
Serial0/0/2                       unassigned           down       down     
Serial0/0/3                       unassigned           down       down 
借用ip地址后发现AR1再次无法ping通AR0了
<AR1>ping 192.168.1.1
 PING 192.168.1.1: 56 data bytes, press CTRL_C to break
    Request time out
    Request time out
    Request time out
    Request time out
    Request time out
 
 --- 192.168.1.1 ping statistics ---
    5 packet(s) transmitted
    0 packet(s) received
100.00% packet loss
需要添加静态路由，而这里LoopBack0接口到s000与另外一端的s000接口所在网络的下一跳自然就是AR0的s000接口，另外关于在配置IP地址借用时，使用路由协议来学习到对端的路由需要遵循以下原则：
(1)如果使用动态路由协议，由于路由查找采用最长匹配原则，应确保学到路由的掩码长度大于被借用方IP地址的掩码长度。
(2)如果使用静态路由协议，且被借用方的IP地址使用32位掩码，静态路由的掩码长度应小于被借用方IP地址的掩码长度。
(3)如果使用静态路由协议，且被借用方的IP地址掩码小于32位，静态路由的掩码长度应大于被借用方IP地址的掩码长度。
而这里采用手动的静态路由学习方式，并且被借用方LoopBack0接口上面配置的是24位掩码，那么接下来静态路由配置时候的掩码，这里就设置位32吧。
[AR0]ip route-static 192.168.1.2 255.255.255.255 s0/0/0
所以此时AR1就再次恢复了对AR0的访问
<AR1>ping 192.168.1.1
 PING 192.168.1.1: 56 data bytes, press CTRL_C to break
    Reply from 192.168.1.1: bytes=56 Sequence=1 ttl=255 time=50 ms
    Reply from 192.168.1.1: bytes=56 Sequence=2 ttl=255 time=30 ms
    Reply from 192.168.1.1: bytes=56 Sequence=3 ttl=255 time=50 ms
    Reply from 192.168.1.1: bytes=56 Sequence=4 ttl=255 time=50 ms
    Reply from 192.168.1.1: bytes=56 Sequence=5 ttl=255 time=50 ms
 
 --- 192.168.1.1 ping statistics ---
    5 packet(s) transmitted
    5 packet(s) received
    0.00% packet loss
    round-trip min/avg/max = 30/46/50 ms
ppp协议配置
点对点协议（Point to Point Protocol，PPP）为在点对点连接上传输多协议数据包提供了一个标准方法。
PPP具有身份验证功能。
对于AR0配置ppp协议
[AR0-Serial0/0/0]link-protocol ppp
Warning: The encapsulation protocol of the link will be changed.
Continue? [Y/N]:y
Dec 10 2020 15:52:46-08:00 AR0 %%01IFNET/4/CHANGE_ENCAP(l)[0]:The user performed
 the configuration that will change the encapsulation protocol of the link and t
hen selected Y.
Dec 10 2020 15:52:46-08:00 AR0 %%01PHY/1/PHY(l)[1]:    Serial0/0/0: change statu
s to down
Dec 10 2020 15:52:46-08:00 AR0 %%01IFNET/4/LINK_STATE(l)[2]:The line protocol IP
 on the interface Serial0/0/0 has entered the DOWN state.
[AR0-Serial0/0/0]
Dec 10 2020 15:52:47-08:00 AR0 %%01PHY/1/PHY(l)[3]:    Serial0/0/0: change statu
s to up
[AR0-Serial0/0/0]
Dec 10 2020 15:52:53-08:00 AR0 DS/4/DATASYNC_CFGCHANGE:OID 1.3.6.1.4.1.2011.5.25
.191.3.1 configurations have been changed. The current change number is 9, the c
hange loop count is 0, and the maximum number of records is 4095.
不用说此时AR1又丢失了对AR0的访问
<AR1>ping 192.168.1.1
 PING 192.168.1.1: 56 data bytes, press CTRL_C to break
    Request time out
    Request time out
    Request time out
    Request time out
    Request time out
 
 --- 192.168.1.1 ping statistics ---
    5 packet(s) transmitted
    0 packet(s) received
100.00% packet loss
毕竟协议不同了，这里需要注意这里不通与借用地址无关。
然后对AR1再配送ppp协议，然后再次恢复对AR0的访问。
[AR1]interface s0/0/0
[AR1-Serial0/0/0]link-protocol ppp
Warning: The encapsulation protocol of the link will be changed.
Continue? [Y/N]:y
Dec 10 2020 15:59:31-08:00 AR1 %%01IFNET/4/CHANGE_ENCAP(l)[1]:The user performed
 the configuration that will change the encapsulation protocol of the link and t
hen selected Y.
Dec 10 2020 15:59:31-08:00 AR1 %%01PHY/1/PHY(l)[2]:    Serial0/0/0: change statu
s to down
[AR1-Serial0/0/0]
Dec 10 2020 15:59:31-08:00 AR1 %%01PHY/1/PHY(l)[3]:    Serial0/0/0: change statu
s to up
Dec 10 2020 15:59:32-08:00 AR1 %%01IFNET/4/LINK_STATE(l)[4]:The line protocol PP
P on the interface Serial0/0/0 has entered the UP state.
[AR1-Serial0/0/0]
Dec 10 2020 15:59:35-08:00 AR1 %%01IFNET/4/LINK_STATE(l)[5]:The line protocol PP
P IPCP on the interface Serial0/0/0 has entered the UP state.
[AR1-Serial0/0/0]p
Dec 10 2020 15:59:40-08:00 AR1 DS/4/DATASYNC_CFGCHANGE:OID 1.3.6.1.4.1.2011.5.25
.191.3.1 configurations have been changed. The current change number is 4, the c
hange loop count is 0, and the maximum number of records is 4095.in
                     ^
Error:Incomplete command found at '^' position.
[AR1-Serial0/0/0]ping 192.168.1.1
 PING 192.168.1.1: 56 data bytes, press CTRL_C to break
    Reply from 192.168.1.1: bytes=56 Sequence=1 ttl=255 time=40 ms
    Reply from 192.168.1.1: bytes=56 Sequence=2 ttl=255 time=30 ms
    Reply from 192.168.1.1: bytes=56 Sequence=3 ttl=255 time=50 ms
    Reply from 192.168.1.1: bytes=56 Sequence=4 ttl=255 time=50 ms
    Reply from 192.168.1.1: bytes=56 Sequence=5 ttl=255 time=50 ms
 
 --- 192.168.1.1 ping statistics ---
    5 packet(s) transmitted
    5 packet(s) received
    0.00% packet loss
round-trip min/avg/max = 30/44/50 ms
ppp协议下的连通性有两个属性来决定，LCP与IPCP都必须是opened状态
[AR0]display interface s0/0/0
Serial0/0/0 current state : UP
Line protocol current state : UP
Last line protocol up time : 2020-12-10 15:59:35 UTC-08:00
Description:
Route Port,The Maximum Transmit Unit is 1500, Hold timer is 10(sec)
Internet Address is unnumbered, using address of LoopBack0(192.168.1.1/24)
Link layer protocol is PPP
LCP opened, IPCP opened
Last physical up time   : 2020-12-10 15:52:47 UTC-08:00
Last physical down time : 2020-12-10 15:52:46 UTC-08:00
Current system time: 2020-12-10 16:02:34-08:00Interface is V35
    Last 300 seconds input rate 2 bytes/sec, 0 packets/sec
    Last 300 seconds output rate 1 bytes/sec, 0 packets/sec
    Input: 10196 bytes, 381 Packets
    Ouput: 9460 bytes, 375 Packets
    Input bandwidth utilization : 0.02%
Output bandwidth utilization : 0.01%
对ppp配置pap认证
这里对AR0的访问增加鉴权，先进入aaa控制台中建立用于鉴权的用户
[AR0]aaa
[AR0-aaa]local-user majority password cipher 220807
然后将该用户服务于ppp
[AR0-aaa]local-user majority service-type ppp
最后在AR0的出口/入口接口中启用pap认证
[AR0]interface s0/0/0
[AR0-Serial0/0/0]ppp authentication-mode pap
但此时接口状态并没有刷新，竟然LCP与IPCP都是open
[AR0]display interface s0/0/0
Serial0/0/0 current state : UP
Line protocol current state : UP
Last line protocol up time : 2020-12-10 15:59:35 UTC-08:00
Description:
Route Port,The Maximum Transmit Unit is 1500, Hold timer is 10(sec)
Internet Address is unnumbered, using address of LoopBack0(192.168.1.1/24)
Link layer protocol is PPP
LCP opened, IPCP opened
Last physical up time   : 2020-12-10 15:52:47 UTC-08:00
Last physical down time : 2020-12-10 15:52:46 UTC-08:00
Current system time: 2020-12-10 16:17:13-08:00Interface is V35
    Last 300 seconds input rate 2 bytes/sec, 0 packets/sec
    Last 300 seconds output rate 2 bytes/sec, 0 packets/sec
    Input: 12308 bytes, 557 Packets
    Ouput: 11572 bytes, 551 Packets
    Input bandwidth utilization : 0.02%
Output bandwidth utilization : 0.02%
此时需要把接口重启下才能刷新接口状态
[AR0]interface s0/0/0
[AR0-Serial0/0/0]shutdown
[AR0-Serial0/0/0]undo shutdown
[AR0]display interface s0/0/0
Serial0/0/0 current state : UP
Line protocol current state : DOWN
Description:
Route Port,The Maximum Transmit Unit is 1500, Hold timer is 10(sec)
Internet Address is unnumbered, using address of LoopBack0(192.168.1.1/24)
Link layer protocol is PPP
LCP closed
Last physical up time   : 2020-12-10 16:17:50 UTC-08:00
Last physical down time : 2020-12-10 16:17:42 UTC-08:00
Current system time: 2020-12-10 16:18:11-08:00Interface is V35
    Last 300 seconds input rate 2 bytes/sec, 0 packets/sec
    Last 300 seconds output rate 2 bytes/sec, 0 packets/sec
    Input: 12444 bytes, 567 Packets
    Ouput: 11726 bytes, 561 Packets
    Input bandwidth utilization : 0.02%
Output bandwidth utilization : 0.02%
此时AR1对AR0肯定再次丢失了访问
<AR1>ping 192.168.1.1
 PING 192.168.1.1: 56 data bytes, press CTRL_C to break
    Request time out
    Request time out
    Request time out
    Request time out
Dec 10 2020 16:26:24-08:00 AR1 %%01IFNET/4/LINK_STATE(l)[0]:The line protocol PP
P on the interface Serial0/0/0 has entered the UP state.
Dec 10 2020 16:26:24-08:00 AR1 %%01IFNET/4/LINK_STATE(l)[1]:The line protocol PP
P on the interface Serial0/0/0 has entered the DOWN state.
    Request time out
 
 --- 192.168.1.1 ping statistics ---
    5 packet(s) transmitted
    0 packet(s) received
100.00% packet loss
并且AR1已经提示了访问失败的原因
<AR1>
Dec 10 2020 16:26:54-08:00 AR1 %%01IFNET/4/LINK_STATE(l)[2]:The line protocol PP
P on the interface Serial0/0/0 has entered the UP state.
Dec 10 2020 16:26:54-08:00 AR1 %%01IFNET/4/LINK_STATE(l)[3]:The line protocol PP
P on the interface Serial0/0/0 has entered the DOWN state.
Dec 10 2020 16:27:24-08:00 AR1 %%01IFNET/4/LINK_STATE(l)[4]:The line protocol PP
P on the interface Serial0/0/0 has entered the UP state.
Dec 10 2020 16:27:24-08:00 AR1 %%01IFNET/4/LINK_STATE(l)[5]:The line protocol PP
P on the interface Serial0/0/0 has entered the DOWN state.
Dec 10 2020 16:27:54-08:00 AR1 %%01IFNET/4/LINK_STATE(l)[6]:The line protocol PP
P on the interface Serial0/0/0 has entered the UP state.
Dec 10 2020 16:27:54-08:00 AR1 %%01IFNET/4/LINK_STATE(l)[7]:The line protocol PP
P on the interface Serial0/0/0 has entered the DOWN state.
Dec 10 2020 16:28:24-08:00 AR1 %%01IFNET/4/LINK_STATE(l)[8]:The line protocol PP
P on the interface Serial0/0/0 has entered the UP state.
Dec 10 2020 16:28:24-08:00 AR1 %%01IFNET/4/LINK_STATE(l)[9]:The line protocol PP
P on the interface Serial0/0/0 has entered the DOWN state.
此时AR1需要拿着AR1刚才AR0建立的鉴权用户信息才能继续访问AR0
在AR1接口中提供AR0建立的鉴权用户信息获取pap授权
[AR1-Serial0/0/0]ppp pap local-user majority password cipher 220807
然后AR1就再次恢复了对AR0的访问。
[AR1-Serial0/0/0]ping 192.168.1.1
 PING 192.168.1.1: 56 data bytes, press CTRL_C to break
    Reply from 192.168.1.1: bytes=56 Sequence=1 ttl=255 time=20 ms
    Reply from 192.168.1.1: bytes=56 Sequence=2 ttl=255 time=40 ms
    Reply from 192.168.1.1: bytes=56 Sequence=3 ttl=255 time=40 ms
    Reply from 192.168.1.1: bytes=56 Sequence=4 ttl=255 time=10 ms
    Reply from 192.168.1.1: bytes=56 Sequence=5 ttl=255 time=50 ms
 
 --- 192.168.1.1 ping statistics ---
    5 packet(s) transmitted
    5 packet(s) received
    0.00% packet loss
round-trip min/avg/max = 10/32/50 ms
挑战握手认证协议CHAP
和pap一样，也是鉴权的一种模式。
这里以AR0配置CHAP鉴权模式，由于PAP鉴权模式配置过程中已经配置好了用户账号等信息，所以这里可以直接借用
对于AR0认证方
[AR0]interface s0/0/0
开启ppp鉴权模式为chap
[AR0-Serial0/0/0]ppp authentication-mode chap
chap模式所用用户账号可以直接用上面pap鉴权的用户账号
[AR0-Serial0/0/0]ppp chap user majority
网上查找资料发现有的还要开启ip协商功能，但我这里没有开启也可以（可能我的默认就是开启的吧）
对应接口同样需要重启才能生效。
[AR0-Serial0/0/0]shutdown
[AR0-Serial0/0/0]undo shutdown
对于AR1被认证方
提供chap用户名
[AR1-Serial0/0/0]ppp chap user majority
提供chap用户对应的密码
[AR1-Serial0/0/0]ppp chap password cipher 220807
然后AR1又可以访问AR0了
[AR1-Serial0/0/0]ping 192.168.1.1
 PING 192.168.1.1: 56 data bytes, press CTRL_C to break
    Reply from 192.168.1.1: bytes=56 Sequence=1 ttl=255 time=50 ms
    Reply from 192.168.1.1: bytes=56 Sequence=2 ttl=255 time=30 ms
    Reply from 192.168.1.1: bytes=56 Sequence=3 ttl=255 time=30 ms
    Reply from 192.168.1.1: bytes=56 Sequence=4 ttl=255 time=30 ms
    Reply from 192.168.1.1: bytes=56 Sequence=5 ttl=255 time=30 ms
 
 --- 192.168.1.1 ping statistics ---
    5 packet(s) transmitted
    5 packet(s) received
    0.00% packet loss
    round-trip min/avg/max = 30/34/50 ms