配置流程:
基础交换网络设计
问题:
1、如图连接网络设备
2、不同的设备属于不同的VLAN
3、配置交换机,确保相同VLAN的设备可以互通
DHCP服务器部署
问题:
1、如图配置IP地址
2、DHCP服务器属于VLAN 66,网关部署在SW6上
3、DHCP客户端分别属于vlan10/20/30/40,网关配置在SW6上
完成上面操作后,PC端可以自动获取到dhcp服务器上的地址
网络冗余方案实施
需求:
1、如图连接设备,规划好 VLAN信息
2、在交换网络中,存在大量冗余链路,需要确保没有环路,并提高设备利用率
3、对于每个VLAN而言,为提高网关稳定性,部署网关冗余技术
4、确保每个 VLAN 的数据转发路径是最优的
在所有交换机上创建实例,并将vlan加入实例,并为sw7/8vlan上的stp优先级
弹性路由网络设计
需求:
1、如图连接网络设备,规划 VLAN 信息
2、规划 OSPF 骨干区域
3、每个 VLAN 规划到不同的 OSPF 区域
4、通过 OSPF 产生默认路由
通过network将这些网段宣告给其他路由器
由于做的备份线路,需要为ospf设置(default-route-advertise)缺省路由的开销值
双出口Internet访问实现
需求:
1、如图连接设备,规划 VLAN 信息
2、R1作为内网的主出口,R2作为内网的备份出口
3、部署NAT,实现内网到外网的互通,确保节省公网IP地址
在路由器商创建acl,然后应用在接口上
内网服务器发布
需求:
1、内网服务器可以被外网用户直接访问
2、web服务器所在的区域,属于特殊区域,不受不稳定链路的影响
在路由器连接外部的接口上设置nat server地址转换
设置服务器和telnet的地址转换
设备远程管理
需求:
1、内网中的SW1/2/3/4需要被外网用户远程管理
2、内网交换设备的管理VLAN是99(192.168.99.0/24)
3、内网交换设备的远程管理账户和密码是:admin/Admin
在SW1/2/3/4上进入vty接口模式,配置认证模式为aaa
进入aaa视图配置,用户名、用户密码、用户访问权限、用户访问等级等|
在交换机上配置配置虚拟地址,默认路由
验证在外部网络访问
配置命令:
sw1
u t m
sy
sy sw1
v b 10 20 30 40 66 88 99
port-group group-member g0/0/11 g0/0/12
port link-type trunk
port trunk allow-pass vlan all
q
int g0/0/1
port link-type access
port default vlan 10
q
int g0/0/2
port link-type access
port default vlan 20
q
int v 99
i a 192.168.99.1 24
q
user-interface vty 0 4
authentication-mode aaa
q
aaa
local-user admin password cipher [email protected]
local-user admin service-type telnet
local-user admin privilege level 3
q
stp mode mstp
stp region-configuration
region-name yyx
instance 10 vlan 10
instance 20 vlan 20
instance 30 vlan 30
instance 40 vlan 40
active region-configuration
q
ip route-static 0.0.0.0 0 192.168.99.254
sw2
u t m
sy
sy sw2
v b 10 20 30 40 66 88 99
port-group group-member g0/0/12 g0/0/13
port link-type trunk
port trunk allow-pass vlan all
q
int g0/0/3
port link-type access
port default vlan 10
q
int g0/0/4
port link-type access
port default vlan 30
q
int v 99
i a 192.168.99.2 24
q
user-interface vty 0 4
authentication-mode aaa
q
aaa
local-user admin password cipher [email protected]
local-user admin service-type telnet
local-user admin privilege level 3
q
stp mode mstp
stp region-configuration
region-name yyx
instance 10 vlan 10
instance 20 vlan 20
instance 30 vlan 30
instance 40 vlan 40
active region-configuration
q
ip route-static 0.0.0.0 0 192.168.99.254
sw3
u t m
sy
sy sw3
v b 10 20 30 40 66 88 99
port-group group-member g0/0/13 g0/0/14
port link-type trunk
port trunk allow-pass vlan all
q
int g0/0/5
port link-type access
port default vlan 20
q
int g0/0/6
port link-type access
port default vlan 40
q
int v 99
i a 192.168.99.3 24
q
user-interface vty 0 4
authentication-mode aaa
q
aaa
local-user admin password cipher [email protected]
local-user admin service-type telnet
local-user admin privilege level 1
q
stp mode mstp
stp region-configuration
region-name yyx
instance 10 vlan 10
instance 20 vlan 20
instance 30 vlan 30
instance 40 vlan 40
active region-configuration
q
ip route-static 0.0.0.0 0 192.168.99.254
sw4
u t m
sy
sy sw4
v b 10 20 30 40 66 88 99
port-group group-member g0/0/14 g0/0/15 g0/0/22
port link-type trunk
port trunk allow-pass vlan all
q
int g0/0/7
port link-type access
port default vlan 40
q
int g0/0/8
port link-type access
port default vlan 30
q
int v 99
i a 192.168.99.4 24
q
user-interface vty 0 4
authentication-mode aaa
q
aaa
local-user admin password cipher [email protected]
local-user admin service-type telnet
local-user admin privilege level 1
q
stp mode mstp
stp region-configuration
region-name yyx
instance 10 vlan 10
instance 20 vlan 20
instance 30 vlan 30
instance 40 vlan 40
active region-configuration
q
ip route-static 0.0.0.0 0 192.168.99.254
sw5
u t m
sy
sy sw5
v b 10 15 20 25 30 40 66 88 99
dhcp enable
port-group group-member g0/0/10 to g0/0/14 g0/0/16 g0/0/19
port link-type trunk
port trunk allow-pass vlan all
q
int g0/0/8
port link-type access
port default vlan 88
q
int v 10
i a 192.168.10.251 24
dhcp select relay
dhcp relay server-ip 192.168.66.1
vrrp vrid 10 virtual-ip 192.168.10.254
q
int v 20
i a 192.168.20.251 24
dhcp select relay
dhcp relay server-ip 192.168.66.1
vrrp vrid 20 virtual-ip 192.168.20.254
q
int v 30
i a 192.168.30.251 24
dhcp select relay
dhcp relay server-ip 192.168.66.1
vrrp vrid 30 virtual-ip 192.168.30.254
vrrp vrid 30 priority 200
q
int v 40
i a 192.168.40.251 24
dhcp select relay
dhcp relay server-ip 192.168.66.1
vrrp vrid 40 virtual-ip 192.168.40.254
vrrp vrid 40 priority 200
q
int v 66
i a 192.168.66.253 24
q
int v 88
i a 192.168.88.254 24
q
int v 15
i a 192.168.15.251 24
q
int v 25
i a 192.168.25.251 24
q
int v 99
i a 192.168.99.251 24
vrrp vrid 99 virtual-ip 192.168.99.254
vrrp vrid 99 priority 200
ospf 1 router-id 5.5.5.5
area 0
n 192.168.15.0 0.0.0.255
n 192.168.25.0 0.0.0.255
q
a 10
n 192.168.10.0 0.0.0.255
q
a 20
n 192.168.20.0 0.0.0.255
q
a 30
n 192.168.30.0 0.0.0.255
q
a 40
n 192.168.40.0 0.0.0.255
q
a 88
n 192.168.88.0 0.0.0.255
stub no-summary
q
a 99
n 192.168.99.0 0.0.0.255
q
q
stp mode mstp
stp region-configuration
region-name yyx
instance 10 vlan 10
instance 20 vlan 20
instance 30 vlan 30
instance 40 vlan 40
active region-configuration
q
sw6
u t m
sy
sy sw6
v b 10 16 20 26 30 40 66 88 99
dhcp enable
port-group group-member g0/0/12 to g0/0/16 g0/0/10 g0/0/18 g0/0/23
port link-type trunk
port trunk allow-pass vlan all
q
int v 10
i a 192.168.10.252 24
dhcp select relay
dhcp relay server-ip 192.168.66.1
vrrp vrid 10 virtual-ip 192.168.10.254
vrrp vrid 10 priority 200
q
int v 20
i a 192.168.20.252 24
dhcp select relay
dhcp relay server-ip 192.168.66.1
vrrp vrid 20 virtual-ip 192.168.20.254
vrrp vrid 20 priority 200
q
int v 30
i a 192.168.30.252 24
dhcp select relay
dhcp relay server-ip 192.168.66.1
vrrp vrid 30 virtual-ip 192.168.30.254
q
int v 40
i a 192.168.40.252 24
dhcp select relay
dhcp relay server-ip 192.168.66.1
vrrp vrid 40 virtual-ip 192.168.40.254
q
int v 66
i a 192.168.66.254 24
q
int v 88
i a 192.168.88.252 24
q
int v 16
i a 192.168.16.252 24
q
int v 26
i a 192.168.26.252 24
q
int v 99
i a 192.168.99.252 24
vrrp vrid 99 virtual-ip 192.168.99.254
q
ospf 1 router-id 6.6.6.6
area 0
n 192.168.16.0 0.0.0.255
n 192.168.26.0 0.0.0.255
q
a 10
n 192.168.10.0 0.0.0.255
q
a 20
n 192.168.20.0 0.0.0.255
q
a 30
n 192.168.30.0 0.0.0.255
q
a 40
n 192.168.40.0 0.0.0.255
q
a 99
n 192.168.99.0 0.0.0.255
q
q
stp mode mstp
stp region-configuration
region-name yyx
instance 10 vlan 10
instance 20 vlan 20
instance 30 vlan 30
instance 40 vlan 40
active region-configuration
q
sw7
u t m
sy
sy sw7
v b 15 25
port-group group-member g0/0/16 to g0/0/18
port link-type trunk
port trunk allow-pass vlan all
q
int g0/0/1
port link-type access
port default vlan 15
q
int g0/0/2
port link-type access
port default vlan 25
q
stp instance 10 priority 0
stp instance 20 priority 0
stp instance 30 priority 4096
stp instance 40 priority 4096
stp mode mstp
stp region-configuration
region-name yyx
instance 10 vlan 10
instance 20 vlan 20
instance 30 vlan 30
instance 40 vlan 40
active region-configuration
q
sw8
u t m
sy
sy sw8
v b 16 26
port-group group-member g0/0/16 g0/0/17 g0/0/19
port link-type trunk
port trunk allow-pass vlan all
q
int g0/0/1
port link-type access
port default vlan 26
q
int g0/0/2
port link-type access
port default vlan 16
q
stp instance 10 priority 4096
stp instance 20 priority 4096
stp instance 30 priority 0
stp instance 40 priority 0
stp mode mstp
stp region-configuration
region-name yyx
instance 10 vlan 10
instance 20 vlan 20
instance 30 vlan 30
instance 40 vlan 40
active region-configuration
q
sw9
u t m
sy
sy sw9
v b 10 20 30 40 66 88
port-group group-member g0/0/22 g0/0/23
port link-type trunk
p t a v a
q
int g0/0/24
port link-type access
port default vlan 66
q
stp mode mstp
stp region-configuration
region-name yyx
instance 10 vlan 10
instance 20 vlan 20
instance 30 vlan 30
instance 40 vlan 40
active region-configuration
q
dhcp server
u t m
sy
sy dhcp-server
dhcp enable
int g0/0/1
ip address 192.168.66.1 24
dhcp select global
q
ip pool vlan10
network 192.168.10.0 mask 24
gateway-list 192.168.10.254
dns-list 8.8.8.8
excluded-ip-address 192.168.10.251 192.168.10.252
q
ip pool vlan20
network 192.168.20.0 mask 24
gateway-list 192.168.20.254
dns-list 8.8.8.8
excluded-ip-address 192.168.20.251 192.168.20.252
q
ip pool vlan30
network 192.168.30.0 mask 24
gateway-list 192.168.30.254
dns-list 8.8.8.8
excluded-ip-address 192.168.30.251 192.168.30.252
q
ip pool vlan40
network 192.168.40.0 mask 24
gateway-list 192.168.40.254
dns-list 8.8.8.8
excluded-ip-address 192.168.40.251 192.168.40.252
q
ip route-static 0.0.0.0 0 192.168.66.254
r1
u t m
sy
sy r1
acl 2001
rule 5 deny source 192.168.40.0 0.0.0.255
rule 10 permit source any
q
int g0/0/0
i a 100.100.100.1 24
nat server protocol tcp global 100.100.100.3 8080 inside 192.168.88.251 www
nat server protocol tcp global 100.100.100.3 2001 inside 192.168.99.1 23
nat server protocol tcp global 100.100.100.3 2002 inside 192.168.99.2 23
nat server protocol tcp global 100.100.100.3 2003 inside 192.168.99.3 23
nat server protocol tcp global 100.100.100.3 2004 inside 192.168.99.4 23
nat outbound 2001
q
int g0/0/1
i a 192.168.15.1 24
q
int g0/0/2
i a 192.168.16.1 24
ospf cost 10
q
ip route-static 0.0.0.0 0 100.100.100.2
ospf 1 router-id 1.1.1.1
a 0
n 192.168.15.0 0.0.0.255
n 192.168.16.0 0.0.0.255
q
default-route-advertise
q
r2
u t m
sy
sy r2
acl 2001
rule 5 deny source 192.168.40.0 0.0.0.255
rule 10 permit source any
q
int g0/0/0
i a 200.200.200.1 24
nat server protocol tcp global 200.200.200.3 8080 inside 192.168.88.251 www
nat server protocol tcp global 200.200.200.3 2001 inside 192.168.99.1 23
nat server protocol tcp global 200.200.200.3 2002 inside 192.168.99.2 23
nat server protocol tcp global 200.200.200.3 2003 inside 192.168.99.3 23
nat server protocol tcp global 200.200.200.3 2004 inside 192.168.99.4 23
nat outbound 2001
q
int g0/0/2
i a 192.168.25.1 24
q
int g0/0/1
i a 192.168.26.1 24
ospf cost 10
q
ip route-static 0.0.0.0 0 200.200.200.2
ospf 1 router-id 2.2.2.2
a 0
n 192.168.25.0 0.0.0.255
n 192.168.26.0 0.0.0.255
q
default-route-advertise cost 10
r3
u t m
sy
sy r3
int g0/0/0
ip address 100.100.100.2 24
q
int g0/0/1
ip address 200.200.200.2 24
q
int g0/0/2
ip address 210.10.10.254 24
q