溫馨提示×

溫馨提示×

您好,登錄后才能下訂單哦!

密碼登錄×
登錄注冊×
其他方式登錄
點擊 登錄注冊 即表示同意《億速云用戶服務(wù)條款》

企業(yè)項目拓撲3

發(fā)布時間:2020-03-03 14:52:01 來源:網(wǎng)絡(luò) 閱讀:478 作者:愛草坪 欄目:網(wǎng)絡(luò)管理 
某知名企業(yè)及運營商網(wǎng)絡(luò)拓撲圖如下:

企業(yè)項目拓撲3

企業(yè)項目要如下:

實驗要求:
1.如圖所示藍色區(qū)域為企業(yè)內(nèi)網(wǎng),紅色區(qū)域為供應(yīng)商網(wǎng)絡(luò);
2.運行MSTP協(xié)議,使得VLAN流量負載均衡;
3.SW1為vlan 10和20的主網(wǎng)關(guān),SW1為30和40的備份網(wǎng)關(guān);
4.SW2為vlan 30和40的主網(wǎng)關(guān),SW2為10和20的備份網(wǎng)關(guān);
5.DHCP服務(wù)器在vlan 66,網(wǎng)關(guān)在SW2上面;
6.企業(yè)內(nèi)網(wǎng)運行靜態(tài)路由協(xié)議或者OSPF路由協(xié)議;
7.所有PC機自動獲取ip地址且可以與Server1互相ping通;
8.Client1僅可以訪問Server1的www服務(wù);
9.企業(yè)內(nèi)網(wǎng)設(shè)備僅允許被IT部門遠程管理。

第一步:配置基礎(chǔ)網(wǎng)絡(luò);

SW1配置如下:
sysname SW1
vlan batch 10 20 30 40 66 100
interface GigabitEthernet 0/0/1
port link-type trunk
port trunk allow-pass vlan all
interface GigabitEthernet 0/0/2
port link-type trunk
port trunk allow-pass vlan all
interface GigabitEthernet 0/0/3
port link-type trunk
port trunk allow-pass vlan all
interface GigabitEthernet 0/0/4
port link-type access
port default vlan 100
interface Vlanif 100
ip address 192.168.100.2 24
interface Vlanif 66
ip address 192.168.66.251 24
quit
SW2配置如下:
sysname SW2
vlan batch 10 20 30 40 66 200
interface GigabitEthernet 0/0/1
port link-type trunk
port trunk allow-pass vlan all
interface GigabitEthernet 0/0/2
port link-type trunk
port trunk allow-pass vlan all
interface GigabitEthernet 0/0/3
port link-type trunk
port trunk allow-pass vlan all
interface GigabitEthernet 0/0/4
port link-type access
port default vlan 200
interface Vlanif 200
ip address 192.168.200.2 24
interface GigabitEthernet 0/0/5
port link-type access
port default vlan 66
interface Vlanif 66
ip address 192.168.66.252 24
quit
SW3配置如下
sysname SW3
vlan batch 10 20 30 40
interface Ethernet0/0/1
port link-type trunk
port trunk allow-pass vlan all
interface Ethernet0/0/2
port link-type trunk
port trunk allow-pass vlan all
interface Ethernet0/0/3
port link-type access
port default vlan 10
interface Ethernet0/0/4
port link-type access
port default vlan 20
interface Ethernet0/0/5
port link-type trunk
port trunk allow-pass vlan all
quit
SW4配置如下:
sysname SW4
vlan batch 10 20 30 40
interface Ethernet0/0/1
port link-type trunk
port trunk allow-pass vlan all
interface Ethernet0/0/2
port link-type trunk
port trunk allow-pass vlan all
interface Ethernet0/0/3
port link-type access
port default vlan 30
interface Ethernet0/0/4
port link-type access
port default vlan 40
interface Ethernet0/0/5
port link-type trunk
port trunk allow-pass vlan all
quit
R1配置如下:
sysname R1
interface g0/0/0
ip address 192.168.100.1 24
interface g0/0/1
ip address 192.168.200.1 24
interface g0/0/2
ip address 100.1.1.2 24
quit
R2配置如下:
sysname R2
interface g0/0/0
ip address 100.1.1.1 24
interface g0/0/1
ip address 200.1.1.254 24
quit
DHCP
sysname DHCP
dhcp enable
interface g0/0/0
ip address 192.168.66.1 24
quit

第二步:配置接入層網(wǎng)絡(luò);
配置STP

SW1
stp region-configuration
region-name ntd
instance 12 vlan 10 20
instance 34 vlan 30 40
active region-configuration
quit
stp instance 12 priority 4096
stp instance 34 priority 8192
SW2
stp region-configuration
region-name ntd
instance 12 vlan 10 20
instance 34 vlan 30 40
active region-configuration
quit
stp instance 12 priority 8192
stp instance 34 priority 4096
SW3
stp region-configuration
region-name ntd
instance 12 vlan 10 20
instance 34 vlan 30 40
active region-configuration
quit
SW4
stp region-configuration
region-name ntd
instance 12 vlan 10 20
instance 34 vlan 30 40
active region-configuration
quit

第三步:配置匯聚層網(wǎng)絡(luò);

配置VRRP
SW1
interface Vlanif10
ip address 192.168.10.251 255.255.255.0
vrrp vrid 10 virtual-ip 192.168.10.250
vrrp vrid 10 priority 200
interface Vlanif20
ip address 192.168.20.251 255.255.255.0
vrrp vrid 20 virtual-ip 192.168.20.250
vrrp vrid 20 priority 200
interface Vlanif30
ip address 192.168.30.251 255.255.255.0
vrrp vrid 30 virtual-ip 192.168.30.250
interface Vlanif40
ip address 192.168.40.251 255.255.255.0
vrrp vrid 40 virtual-ip 192.168.40.250
SW2
interface Vlanif10
ip address 192.168.10.252 255.255.255.0
vrrp vrid 10 virtual-ip 192.168.10.250
interface Vlanif20
ip address 192.168.20.252 255.255.255.0
vrrp vrid 20 virtual-ip 192.168.20.250
interface Vlanif30
ip address 192.168.30.252 255.255.255.0
vrrp vrid 30 virtual-ip 192.168.30.250
vrrp vrid 30 priority 200
interface Vlanif40
ip address 192.168.40.252 255.255.255.0
vrrp vrid 40 virtual-ip 192.168.40.250
vrrp vrid 40 priority 200
驗證查看VRRP配置:
SW1
企業(yè)項目拓撲3
SW2
企業(yè)項目拓撲3
配置DHCP
SW1
dhcp enable
interface Vlanif 10
dhcp select relay
dhcp relay server-ip 192.168.66.1
interface Vlanif 20
dhcp select relay
dhcp relay server-ip 192.168.66.1
interface Vlanif 30
dhcp select relay
dhcp relay server-ip 192.168.66.1
interface Vlanif 40
dhcp select relay
dhcp relay server-ip 192.168.66.1
SW2
dhcp enable
interface Vlanif 10
dhcp select relay
dhcp relay server-ip 192.168.66.1
interface Vlanif 20
dhcp select relay
dhcp relay server-ip 192.168.66.1
interface Vlanif 30
dhcp select relay
dhcp relay server-ip 192.168.66.1
interface Vlanif 40
dhcp select relay
dhcp relay server-ip 192.168.66.1
配置DHCP
SW1
dhcp enable
interface Vlanif 10
dhcp select relay
dhcp relay server-ip 192.168.66.1
interface Vlanif 20
dhcp select relay
dhcp relay server-ip 192.168.66.1
interface Vlanif 30
dhcp select relay
dhcp relay server-ip 192.168.66.1
interface Vlanif 40
dhcp select relay
dhcp relay server-ip 192.168.66.1
SW2
dhcp enable
interface Vlanif 10
dhcp select relay
dhcp relay server-ip 192.168.66.1
interface Vlanif 20
dhcp select relay
dhcp relay server-ip 192.168.66.1
interface Vlanif 30
dhcp select relay
dhcp relay server-ip 192.168.66.1
interface Vlanif 40
dhcp select relay
dhcp relay server-ip 192.168.66.1
DHCP
interface g0/0/0
dhcp select global
ip pool p1
gateway-list 192.168.10.250
network 192.168.10.0 mask 255.255.255.0
excluded-ip-address 192.168.10.251 192.168.10.252
dns-list 8.8.8.8
ip pool p2
gateway-list 192.168.20.250
network 192.168.20.0 mask 255.255.255.0
excluded-ip-address 192.168.20.251 192.168.20.252
dns-list 8.8.8.8
ip pool p3
gateway-list 192.168.30.250
network 192.168.30.0 mask 255.255.255.0
excluded-ip-address 192.168.30.251 192.168.30.252
dns-list 8.8.8.8
ip pool p4
gateway-list 192.168.40.250
network 192.168.40.0 mask 255.255.255.0
excluded-ip-address 192.168.40.251 192.168.40.252
dns-list 8.8.8.8 

第四步:配置核心層網(wǎng)絡(luò);

配置OSPF
R1配置:
ospf 1
area 0
network 192.168.100.0 0.0.0.255
network 192.168.200.0 0.0.0.255
default-route-advertise always
quit
quit
ip route-static 0.0.0.0 0.0.0.0 100.1.1.1
SW1配置:
ospf 1
area 0
network 192.168.100.0 0.0.0.255
area 10
network 192.168.10.0 0.0.0.255
area 20
network 192.168.20.0 0.0.0.255
area 30
network 192.168.30.0 0.0.0.255
area 40
network 192.168.40.0 0.0.0.255
area 66
network 192.168.66.0 0.0.0.255
stub no-summary
quit
quit
SW2配置:
ospf 1
area 0
network 192.168.10.0 0.0.0.255
area 10
network 192.168.10.0 0.0.0.255
area 20
network 192.168.20.0 0.0.0.255
area 30
network 192.168.30.0 0.0.0.255
area 40
network 192.168.40.0 0.0.0.255
area 66
network 192.168.66.0 0.0.0.255
stub no-summary
quit
quit
stp instance 0 root primary
DHCP
ospf 1
area 66
network 192.168.66.0 0.0.0.255
stub
quit
quit
配置NAT和ACL
R1
acl number 3000
rule 10 permit tcp source 192.168.20.0 0.0.0.255 destination 200.1.1.1 0 destin
ation-port eq www
rule 15 deny ip source 192.168.20.0 0.0.0.255 destination 200.1.1.1 0
rule 20 permit ip
interface GigabitEthernet0/0/2
nat outbound 3000
acl number 2000
rule 10 permit source 192.168.10.0 0.0.0.255
interface GigabitEthernet0/0/2
acl 2000 inbound
quit
user-interface vty 0 4
acl 2000 inbound
authentication-mode password
123
user privilege level 15

第五步:進行驗證。

驗證PC自動獲取ip地址,且可以ping通server1服務(wù)器:
企業(yè)項目拓撲3

企業(yè)項目拓撲3

驗證Client1可以訪問Server1的www服務(wù),但不可以ping通服務(wù)器
企業(yè)項目拓撲3

企業(yè)項目拓撲3

 至此項目配置并驗證成功。。。。。。
向AI問一下細節(jié)

免責(zé)聲明:本站發(fā)布的內(nèi)容(圖片、視頻和文字)以原創(chuàng)、轉(zhuǎn)載和分享為主,文章觀點不代表本網(wǎng)站立場,如果涉及侵權(quán)請聯(lián)系站長郵箱:is@yisu.com進行舉報,并提供相關(guān)證據(jù),一經(jīng)查實,將立刻刪除涉嫌侵權(quán)內(nèi)容。

AI