您的位置:首页 > 其它

企业项目拓扑3

2019-10-19 15:24 751 查看 
某知名企业及运营商网络拓扑图如下:

企业项目要如下:

实验要求:
1.如图所示蓝色区域为企业内网,红色区域为供应商网络;
2.运行MSTP协议,使得VLAN流量负载均衡;
3.SW1为vlan 10和20的主网关,SW1为30和40的备份网关;
4.SW2为vlan 30和40的主网关,SW2为10和20的备份网关;
5.DHCP服务器在vlan 66,网关在SW2上面;
6.企业内网运行静态路由协议或者OSPF路由协议;
7.所有PC机自动获取ip地址且可以与Server1互相ping通;
8.Client1仅可以访问Server1的www服务;
9.企业内网设备仅允许被IT部门远程管理。

第一步:配置基础网络;

SW1配置如下:
sysname SW1
vlan batch 10 20 30 40 66 100
interface GigabitEthernet 0/0/1
port link-type trunk
port trunk allow-pass vlan all
interface GigabitEthernet 0/0/2
port link-type trunk
port trunk allow-pass vlan all
interface GigabitEthernet 0/0/3
port link-type trunk
port trunk allow-pass vlan all
interface GigabitEthernet 0/0/4
port link-type access
port default vlan 100
interface Vlanif 100
ip address 192.168.100.2 24
interface Vlanif 66
ip address 192.168.66.251 24
quit
SW2配置如下:
sysname SW2
vlan batch 10 20 30 40 66 200
interface GigabitEthernet 0/0/1
port link-type trunk
port trunk allow-pass vlan all
interface GigabitEthernet 0/0/2
port link-type trunk
port trunk allow-pass vlan all
interface GigabitEthernet 0/0/3
port link-type trunk
port trunk allow-pass vlan all
interface GigabitEthernet 0/0/4
port link-type access
port default vlan 200
interface Vlanif 200
ip address 192.168.200.2 24
interface GigabitEthernet 0/0/5
port link-type access
port default vlan 66
interface Vlanif 66
ip address 192.168.66.252 24
quit
SW3配置如下
sysname SW3
vlan batch 10 20 30 40
interface Ethernet0/0/1
port link-type trunk
port trunk allow-pass vlan all
interface Ethernet0/0/2
port link-type trunk
port trunk allow-pass vlan all
interface Ethernet0/0/3
port link-type access
port default vlan 10
interface Ethernet0/0/4
port link-type access
port default vlan 20
interface Ethernet0/0/5
port link-type trunk
port trunk allow-pass vlan all
quit
SW4配置如下:
sysname SW4
vlan batch 10 20 30 40
interface Ethernet0/0/1
port link-type trunk
port trunk allow-pass vlan all
interface Ethernet0/0/2
port link-type trunk
port trunk allow-pass vlan all
interface Ethernet0/0/3
port link-type access
port default vlan 30
interface Ethernet0/0/4
port link-type access
port default vlan 40
interface Ethernet0/0/5
port link-type trunk
port trunk allow-pass vlan all
quit
R1配置如下:
sysname R1
interface g0/0/0
ip address 192.168.100.1 24
interface g0/0/1
ip address 192.168.200.1 24
interface g0/0/2
ip address 100.1.1.2 24
quit
R2配置如下:
sysname R2
interface g0/0/0
ip address 100.1.1.1 24
interface g0/0/1
ip address 200.1.1.254 24
quit
DHCP
sysname DHCP
dhcp enable
interface g0/0/0
ip address 192.168.66.1 24
quit

第二步:配置接入层网络;
配置STP

SW1
stp region-configuration
region-name ntd
instance 12 vlan 10 20
instance 34 vlan 30 40
active region-configuration
quit
stp instance 12 priority 4096
stp instance 34 priority 8192
SW2
stp region-configuration
region-name ntd
instance 12 vlan 10 20
instance 34 vlan 30 40
active region-configuration
quit
stp instance 12 priority 8192
stp instance 34 priority 4096
SW3
stp region-configuration
region-name ntd
instance 12 vlan 10 20
instance 34 vlan 30 40
active region-configuration
quit
SW4
stp region-configuration
region-name ntd
instance 12 vlan 10 20
instance 34 vlan 30 40
active region-configuration
quit

第三步:配置汇聚层网络;

配置VRRP
SW1
interface Vlanif10
ip address 192.168.10.251 255.255.255.0
vrrp vrid 10 virtual-ip 192.168.10.250
vrrp vrid 10 priority 200
interface Vlanif20
ip address 192.168.20.251 255.255.255.0
vrrp vrid 20 virtual-ip 192.168.20.250
vrrp vrid 20 priority 200
interface Vlanif30
ip address 192.168.30.251 255.255.255.0
vrrp vrid 30 virtual-ip 192.168.30.250
interface Vlanif40
ip address 192.168.40.251 255.255.255.0
vrrp vrid 40 virtual-ip 192.168.40.250
SW2
interface Vlanif10
ip address 192.168.10.252 255.255.255.0
vrrp vrid 10 virtual-ip 192.168.10.250
interface Vlanif20
ip address 192.168.20.252 255.255.255.0
vrrp vrid 20 virtual-ip 192.168.20.250
interface Vlanif30
ip address 192.168.30.252 255.255.255.0
vrrp vrid 30 virtual-ip 192.168.30.250
vrrp vrid 30 priority 200
interface Vlanif40
ip address 192.168.40.252 255.255.255.0
vrrp vrid 40 virtual-ip 192.168.40.250
vrrp vrid 40 priority 200
验证查看VRRP配置:
SW1

SW2

配置DHCP
SW1
dhcp enable
interface Vlanif 10
dhcp select relay
dhcp relay server-ip 192.168.66.1
interface Vlanif 20
dhcp select relay
dhcp relay server-ip 192.168.66.1
interface Vlanif 30
dhcp select relay
dhcp relay server-ip 192.168.66.1
interface Vlanif 40
dhcp select relay
dhcp relay server-ip 192.168.66.1
SW2
dhcp enable
interface Vlanif 10
dhcp select relay
dhcp relay server-ip 192.168.66.1
interface Vlanif 20
dhcp select relay
dhcp relay server-ip 192.168.66.1
interface Vlanif 30
dhcp select relay
dhcp relay server-ip 192.168.66.1
interface Vlanif 40
dhcp select relay
dhcp relay server-ip 192.168.66.1
配置DHCP
SW1
dhcp enable
interface Vlanif 10
dhcp select relay
dhcp relay server-ip 192.168.66.1
interface Vlanif 20
dhcp select relay
dhcp relay server-ip 192.168.66.1
interface Vlanif 30
dhcp select relay
dhcp relay server-ip 192.168.66.1
interface Vlanif 40
dhcp select relay
dhcp relay server-ip 192.168.66.1
SW2
dhcp enable
interface Vlanif 10
dhcp select relay
dhcp relay server-ip 192.168.66.1
interface Vlanif 20
dhcp select relay
dhcp relay server-ip 192.168.66.1
interface Vlanif 30
dhcp select relay
dhcp relay server-ip 192.168.66.1
interface Vlanif 40
dhcp select relay
dhcp relay server-ip 192.168.66.1
DHCP
interface g0/0/0
dhcp select global
ip pool p1
gateway-list 192.168.10.250
network 192.168.10.0 mask 255.255.255.0
excluded-ip-address 192.168.10.251 192.168.10.252
dns-list 8.8.8.8
ip pool p2
gateway-list 192.168.20.250
network 192.168.20.0 mask 255.255.255.0
excluded-ip-address 192.168.20.251 192.168.20.252
dns-list 8.8.8.8
ip pool p3
gateway-list 192.168.30.250
network 192.168.30.0 mask 255.255.255.0
excluded-ip-address 192.168.30.251 192.168.30.252
dns-list 8.8.8.8
ip pool p4
gateway-list 192.168.40.250
network 192.168.40.0 mask 255.255.255.0
excluded-ip-address 192.168.40.251 192.168.40.252
dns-list 8.8.8.8 

第四步:配置核心层网络;

配置OSPF
R1配置:
ospf 1
area 0
network 192.168.100.0 0.0.0.255
network 192.168.200.0 0.0.0.255
default-route-advertise always
quit
quit
ip route-static 0.0.0.0 0.0.0.0 100.1.1.1
SW1配置:
ospf 1
area 0
network 192.168.100.0 0.0.0.255
area 10
network 192.168.10.0 0.0.0.255
area 20
network 192.168.20.0 0.0.0.255
area 30
network 192.168.30.0 0.0.0.255
area 40
network 192.168.40.0 0.0.0.255
area 66
network 192.168.66.0 0.0.0.255
stub no-summary
quit
quit
SW2配置:
ospf 1
area 0
network 192.168.10.0 0.0.0.255
area 10
network 192.168.10.0 0.0.0.255
area 20
network 192.168.20.0 0.0.0.255
area 30
network 192.168.30.0 0.0.0.255
area 40
network 192.168.40.0 0.0.0.255
area 66
network 192.168.66.0 0.0.0.255
stub no-summary
quit
quit
stp instance 0 root primary
DHCP
ospf 1
area 66
network 192.168.66.0 0.0.0.255
stub
quit
quit
配置NAT和ACL
R1
acl number 3000
rule 10 permit tcp source 192.168.20.0 0.0.0.255 destination 200.1.1.1 0 destin
ation-port eq www
rule 15 deny ip source 192.168.20.0 0.0.0.255 destination 200.1.1.1 0
rule 20 permit ip
interface GigabitEthernet0/0/2
nat outbound 3000
acl number 2000
rule 10 permit source 192.168.10.0 0.0.0.255
interface GigabitEthernet0/0/2
acl 2000 inbound
quit
user-interface vty 0 4
acl 2000 inbound
authentication-mode password
123
user privilege level 15

第五步:进行验证。

验证PC自动获取ip地址,且可以ping通server1服务器:

验证Client1可以访问Server1的www服务,但不可以ping通服务器

至此项目配置并验证成功。。。。。。
内容来自用户分享和网络整理,不保证内容的准确性,如有侵权内容,可联系管理员处理 点击这里给我发消息
标签: 
相关文章推荐
新的分享
章节导航