这是比较上一篇内容进行简化修改
企业背景
一家跨国企业,总部位于纽约市,在伦敦和东京都设有分支机构。由于公司业务的不断扩张,为了适应市场变化,提高企业竞争力,实现信息交流和资源共享,我们需要建立一套高效的网络系统,整合公司所有相关业务流程,以实现各个分支机构之间的无缝连接和信息共享。
为了保证项目顺利实施,总公司采用双核心的网络架构模式,采用专线接入互联网,两个子公司分别租用两条专线光纤线路进行连接。特向ISP供应商取得如下公网IP地址:202.16.10.2~17/27。
企业要求
- 为保证网络稳定、可靠,采用双核心网络架构和专线光纤连接。
- 使用网络地址转换(NAT)技术实现内外网互通,节省公网IP资源,保护网络安全。
- 应用虚拟局域网(VLAN)技术实现部门隔离,提高网络性能;利用访问控制列表(ACL)设定权限,保证资源安全。
项目建立FTP服务器便于文件传输共享,提高效率。创建公司主页展示公司信息,提供在线服务,增强品牌知名度和信誉。
项目要求
1.作出某商场公司网络拓扑结构图。
2.作出具体IP地址规划和VLAN规划写出网络设备连接表给所有的设备进行命名,命令规则:姓名部门简称_设备名_编号
3.在所有设备上开启 telnet 管理功能,管理设备使用 cjnet做为用户名,口令为 telnet123。
4.总部的交换网络中,在两台三层核心交换机通过端口聚合进行冗余备份,各交换机间采用MSTP,核心交换机作为根桥,并作流量均衡。
5.全网采用专门的DHCP服务器进行IP统一分配。
6.全公司均能访问FTP服务器和WEB服务器。
7.总公司各部门均能相互访问,子公司各部门亦能相互访问,但只有总公司的经理部能访问公司各部门的数据。
制作网络工程实施文档以供查阅与维护,以便后期工作。
企业网络项目规划设计
表1 设备命名与设备连接表
部门名称 |
设备名称 |
互联接口 |
连接至 |
设备名称 |
互联接口 |
网络中心 |
ZB_LSW1 |
G0/0/1 |
-> |
ZB_AR1 |
G0/0/1 |
G0/0/2 |
-> |
jlb_LSW3 |
G0/0/1 |
||
G0/0/3 |
-> |
cwb_LSW4 |
G0/0/1 |
||
G0/0/4 |
-> |
rsb_LSW5 |
G0/0/1 |
||
G0/0/5 |
-> |
kfb_LSW6 |
G0/0/1 |
||
G0/0/21 |
-> |
ZB_LSW2 |
G0/0/21 |
||
G0/0/22 |
-> |
ZB_LSW2 |
G0/0/22 |
||
G0/0/23 |
-> |
ZB_LSW2 |
G0/0/23 |
||
G0/0/24 |
-> |
ZB_LSW2 |
G0/0/24 |
||
ZB_LSW2 |
G0/0/2 |
-> |
ZB_AR1 |
G0/0/2 |
|
G0/0/3 |
-> |
jlb_LSW3 |
G0/0/2 |
||
G0/0/4 |
-> |
cwb_LSW4 |
G0/0/2 |
||
G0/0/5 |
-> |
rsb_LSW5 |
G0/0/2 |
||
G0/0/6 |
-> |
kfb_LSW6 |
G0/0/2 |
||
G0/0/21 |
-> |
ZB_LSW1 |
G0/0/21 |
||
G0/0/22 |
-> |
ZB_LSW1 |
G0/0/22 |
||
G0/0/23 |
-> |
ZB_LSW1 |
G0/0/23 |
||
G0/0/24 |
-> |
ZB_LSW1 |
G0/0/24 |
||
ZB_AR1 |
S1/0/0 |
-> |
AR4 |
S1/0/0 |
|
G4/0/0 |
-> |
Zgs_AR2 |
G0/0/0 |
||
G4/0/1 |
-> |
Zgs2_AR3 |
G0/0/1 |
||
G0/0/1 |
-> |
ZB_LSW1 |
G0/0/1 |
||
G0/0/2 |
-> |
ZB_LSW2 |
G0/0/2 |
||
G0/0/0 |
-> |
fwq_LSW7 |
G0/0/1 |
||
jlb_LSW3 |
G0/0/1 |
-> |
ZB_LSW1 |
G0/0/2 |
|
G0/0/2 |
-> |
ZB_LSW2 |
G0/0/3 |
||
E0/0/1 |
-> |
jlb_PC3 |
E0/0/1 |
||
cwb_LSW4 |
G0/0/1 |
-> |
ZB_LSW1 |
G0/0/3 |
|
G0/0/2 |
-> |
ZB_LSW2 |
G0/0/4 |
||
E0/0/1 |
-> |
cwb_PC4 |
E0/0/1 |
||
rsb_LSW5 |
G0/0/1 |
-> |
ZB_LSW1 |
G0/0/4 |
|
G0/0/2 |
-> |
ZB_LSW2 |
G0/0/5 |
||
E0/0/1 |
-> |
rsb_PC5 |
E0/0/1 |
||
kfb_LSW6 |
G0/0/1 |
-> |
ZB_LSW1 |
G0/0/5 |
|
G0/0/2 |
-> |
ZB_LSW2 |
G0/0/6 |
||
E0/0/1 |
-> |
kfb_PC6 |
E0/0/1 |
||
fwq_LSW7 |
G0/0/4 |
-> |
fwq_FTP |
E0/0/0 |
|
G0/0/3 |
-> |
fwq_HTTP |
E0/0/0 |
||
G0/0/2 |
-> |
fwq_DHCP |
G0/0/0 |
||
G0/0/1 |
-> |
ZB_AR1 |
G0/0/0 |
||
Zgs_AR2 |
G0/0/0 |
-> |
ZB_AR1 |
G4/0/0 |
|
G0/0/1 |
-> |
Zgs_LSW9 |
G0/0/1 |
||
Zgs2_AR3 |
G0/0/1 |
-> |
ZB_AR1 |
G4/0/1 |
|
G0/0/2 |
-> |
Zgs2_LSW10 |
G0/0/2 |
||
Zgs_LSW9 |
G0/0/1 |
-> |
Zgs_AR2 |
G0/0/1 |
|
E0/0/1 |
-> |
xsb_PC1 |
E0/0/1 |
||
E0/0/2 |
-> |
glb_PC2 |
E0/0/1 |
||
Zgs2_LSW10 |
G0/0/2 |
-> |
Zgs2_AR3 |
G0/0/2 |
|
E0/0/1 |
-> |
xsb2_PC7 |
E0/0/1 |
||
E0/0/2 |
-> |
glb2_PC8 |
E0/0/1 |
||
外网 |
AR4 |
S1/0/0 |
-> |
ZB_AR1 |
S1/0/0 |
网络中心 |
xsb_PC1 |
E0/0/1 |
-> |
Zgs_LSW9 |
E0/0/1 |
glb_PC2 |
E0/0/1 |
-> |
Zgs_LSW9 |
E0/0/2 |
|
jlb_PC3 |
E0/0/1 |
-> |
jlb_LSW3 |
E0/0/1 |
|
_cwb_PC4 |
E0/0/1 |
-> |
cwb_LSW4 |
E0/0/1 |
|
rsb_PC5 |
E0/0/1 |
-> |
rsb_LSW5 |
E0/0/1 |
|
kfb_PC6 |
E0/0/1 |
-> |
kfb_LSW6 |
E0/0/1 |
|
fwq_DHCP |
G0/0/0 |
-> |
fwq_LSW7 |
G0/0/2 |
|
fwq_HTTP |
E0/0/0 |
-> |
fwq_LSW7 |
G0/0/3 |
|
fwq_FTP |
E0/0/0 |
-> |
fwq_LSW7 |
G0/0/4 |
|
xsb2_PC7 |
E0/0/1 |
-> |
Zgs2_LSW10 |
E0/0/1 |
|
glb2_PC8 |
E0/0/1 |
-> |
Zgs2_LSW10 |
E0/0/2 |
表2 设备IP地址规划表
部门名称 |
设备名称 |
接口 |
IP地址 |
子网掩码 |
总部 |
ZB_AR1 |
G4/0/0 |
10.10.20.2 |
30 |
G4/0/1 |
10.10.10.1 |
30 |
||
G0/0/1 |
10.10.30.1 |
30 |
||
G0/0/2 |
10.10.40.1 |
30 |
||
G0/0/0 |
10.10.50.1 |
30 |
||
S1/0/0 |
202.16.10.17 |
27 |
||
ZB_LSW1 |
G0/0/1 |
10.10.30.2 |
30 |
|
G0/0/2 |
192.168.10.252 |
24 |
||
G0/0/3 |
192.168.20.252 |
24 |
||
G0/0/4 |
192.168.30.253 |
24 |
||
G0/0/5 |
192.168.40.253 |
24 |
||
ZB_LSW2 |
G0/0/2 |
10.10.40.2 |
30 |
|
G0/0/3 |
192.168.10.253 |
24 |
||
G0/0/4 |
192.168.20.253 |
24 |
||
G0/0/5 |
192.168.30.252 |
24 |
||
G0/0/6 |
192.168.40.252 |
24 |
||
服务区 |
fwq_LSW7 |
G0/0/1 |
10.10.50.2 |
30 |
G0/0/0/2-4 |
172.16.1.254 |
24 |
||
子公司1 |
Zgs_AR2 |
G0/0/0 |
10.10.20.1 |
30 |
G0/0/1.100 |
192.168.100.254 |
24 |
||
G0/0/1.110 |
192.168.110.254 |
24 |
||
子公司2 |
Zgs2_AR3 |
G0/0/1 |
10.10.10.2 |
30 |
G0/0/2.200 |
192.168.200.254 |
24 |
||
G0/0/2.210 |
192.168.210.254 |
24 |
||
外网 |
AR4 |
S1/0/0 |
202.16.10.1 |
27 |
表3 Vlan规划表
序号 |
部门名称 |
VLAN编号 |
VLAN名称 |
IP地址 |
子网掩码 |
备注 |
1 |
经理部 |
10 |
Jingli |
DHCP自动获取 |
255.255.255.0 |
网关:192.168.10.254 |
2 |
财务部 |
20 |
DHCP自动获取 |
255.255.255.0 |
192.168.20.254 |
|
3 |
人事部 |
30 |
DHCP自动获取 |
255.255.255.0 |
192.168.30.254 |
|
4 |
开发部 |
40 |
DHCP自动获取 |
255.255.255.0 |
192.168.40.254 |
|
5 |
管理部1 |
100 |
DHCP自动获取 |
255.255.255.0 |
192.168.100.254 |
|
6 |
销售部1 |
110 |
DHCP自动获取 |
255.255.255.0 |
192.168.110.254 |
|
7 |
管理部2 |
200 |
DHCP自动获取 |
255.255.255.0 |
192.168.200.254 |
|
8 |
销售部2 |
210 |
DHCP自动获取 |
255.255.255.0 |
192.168.210.254 |
|
9 |
子公司2AR3 |
10 |
10.10.10.2 |
255.255.255.252 |
||
10 |
子公司1AR2 |
20 |
10.10.20.1 |
255.255.255.252 |
||
11 |
ZBAR1-SW1 |
70 |
10.10.30.2 |
255.255.255.252 |
||
12 |
ZBAR1-SW2 |
80 |
10.10.40.2 |
255.255.255.252 |
||
13 |
服务器区 |
50 |
10.10.50.2 |
255.255.255.252 |
企业网络设备项目配置实施
开启telnet功能
路由器
ZB_AR1:
<ZB_AR1>sys
Enter system view, return user view with Ctrl+Z.
[ZB_AR1]telnet server enable
Error: TELNET server has been enabled
[ZB_AR1]user-interface vty 0 4
[ZB_AR1-ui-vty0-4]authentication-mode aaa
[ZB_AR1-ui-vty0-4]aaa
[ZB_AR1-aaa]local-user cjnet password cipher telnet123
Info: Add a new user.
[ZB_AR1-aaa]user-interface vty 0 4
[ZB_AR1-ui-vty0-4]authentication-mode aaa
[ZB_AR1-ui-vty0-4]user privilege level 15 [ZB_AR1-ui-vty0-4]
Zgs_AR2:
<Zgs_AR2>sys
Enter system view, return user view with Ctrl+Z.
[Zgs_AR2]telnet server enable
Error: TELNET server has been enabled
[Zgs_AR2]user-interface vty 0 4
[Zgs_AR2-ui-vty0-4]authentication-mode aaa
[Zgs_AR2-ui-vty0-4]aaa
[Zgs_AR2-aaa]local-user cjnet password cipher telnet123
Info: Add a new user.
[Zgs_AR2]user-interface vty 0 4
[Zgs_AR2-ui-vty0-4]user privilege level 15
[Zgs_AR2-ui-vty0-4]authentication-mode aaa
Zgs2_AR3:
<Zgs2_AR3>sys
Enter system view, return user view with Ctrl+Z.
[Zgs2_AR3]telnet server enable
Error: TELNET server has been enabled
[Zgs2_AR3]user-interface vty 0 4
[Zgs2_AR3-ui-vty0-4]authentication-mode aaa
[Zgs2_AR3-ui-vty0-4]aaa
[Zgs2_AR3-aaa]local-user cjnet password cipher telnet123
Info: Add a new user.
[Zgs2_AR3-aaa]user-interface vty 0 4
[Zgs2_AR3-ui-vty0-4]user privilege level 15
[Zgs2_AR3-ui-vty0-4]authentication-mode aaa
交换机
ZB_LSW1:
<ZB_LSW1>sys
Enter system view, return user view with Ctrl+Z.
[ZB_LSW1]telnet server enable
Info: The Telnet server has been enabled.
[ZB_LSW1]user-interface vty 0 4
[ZB_LSW1-ui-vty0-4]protocol inbound telnet
[ZB_LSW1-ui-vty0-4]authentication-mode aaa
[ZB_LSW1-ui-vty0-4]aaa
[ZB_LSW1-aaa]local-user cjnet password cipher telnet123
Info: Add a new user.
[ZB_LSW1-aaa]local-user cjnet privilege level 15
[ZB_LSW1-aaa]local-user cjnet service-type telnet
ZB_LSW2:
<ZB_LSW2>sys
Enter system view, return user view with Ctrl+Z.
[ZB_LSW2]telnet server enable
Info: The Telnet server has been enabled.
[ZB_LSW2]user-interface vty 0 4
[ZB_LSW2-ui-vty0-4]protocol inbound telnet
[ZB_LSW2-ui-vty0-4]authentication-mode aaa
[ZB_LSW2-ui-vty0-4]aaa
[ZB_LSW2-aaa]local-user cjnet password cipher telnet123
Info: Add a new user.
[ZB_LSW2-aaa]local-user cjnet privilege level 15
[ZB_LSW2-aaa]local-user cjnet service-type telnet
fwq_LSW7:
<fwq_LSW7>sys
Enter system view, return user view with Ctrl+Z.
[fwq_LSW7]telnet server enable
Info: The Telnet server has been enabled.
[fwq_LSW7]user-interface vty 0 4
[fwq_LSW7-ui-vty0-4]protocol inbound telnet
[fwq_LSW7-ui-vty0-4]authentication-mode aaa
[fwq_LSW7-ui-vty0-4]local-user cjnet password cipher telnet123
[fwq_LSW7-ui-vty0-4]aaa
[fwq_LSW7-aaa]local-user cjnet password cipher telnet123
Info: Add a new user.
[fwq_LSW7-aaa]local-user cjnet privilege level 15
[fwq_LSW7-aaa]local-user cjnet service-type telnet
配置链路聚合
ZB_LSW1:
<ZB_LSW1>sys
Enter system view, return user view with Ctrl+Z.
[ZB_LSW1]int Eth-Trunk 1
[ZB_LSW1-Eth-Trunk1]trunkport g0/0/21
Info: This operation may take a few seconds. Please wait for a moment...done.
[ZB_LSW1-Eth-Trunk1]trunkport g0/0/22
Info: This operation may take a few seconds. Please wait for a moment...done.
[ZB_LSW1-Eth-Trunk1]trunkport g0/0/23
Info: This operation may take a few seconds. Please wait for a moment...done.
[ZB_LSW1-Eth-Trunk1]trunkport g0/0/24
Info: This operation may take a few seconds. Please wait for a moment...done.
[ZB_LSW1-Eth-Trunk1]port link-type trunk
[ZB_LSW1-Eth-Trunk1]port trunk allow-pass vlan all
ZB_LSW2:
<ZB_LSW2>sys
Enter system view, return user view with Ctrl+Z.
[ZB_LSW2]int Eth-Trunk 1
[ZB_LSW2-Eth-Trunk1]trunkport g0/0/21
Info: This operation may take a few seconds. Please wait for a moment...done.
[ZB_LSW2-Eth-Trunk1]trunkport g0/0/22
Info: This operation may take a few seconds. Please wait for a moment...done.
[ZB_LSW2-Eth-Trunk1]trunkport g0/0/23
Info: This operation may take a few seconds. Please wait for a moment...done.
[ZB_LSW2-Eth-Trunk1]trunkport g0/0/24
Info: This operation may take a few seconds. Please wait for a moment...done.
[ZB_LSW2-Eth-Trunk1]port link-type trunk
[ZB_LSW2-Eth-Trunk1]port trunk allow-pass vlan all
VRRP交换机冗余备份
ZB_LSW1
<ZB_LSW1>sys
Enter system view, return user view with Ctrl+Z.
[ZB_LSW1]dhcp enable
Info: The operation may take a few seconds. Please wait for a moment.done.
[ZB_LSW1]int vlan10
[ZB_LSW1-Vlanif10]vrrp vrid 10 virtual-ip 192.27.10.254
[ZB_LSW1-Vlanif10]vrrp vrid 1 priority 120
[ZB_LSW1-Vlanif10]dhcp sel relay
[ZB_LSW1-Vlanif10]dhcp relay server-ip 172.16.1.1
[ZB_LSW1]int vlan 20
[ZB_LSW1-Vlanif20]vrrp vrid 20 virtual-ip 192.27.20.254
[ZB_LSW1-Vlanif20]vrrp vrid 1 priority 120
[ZB_LSW1-Vlanif20]dhcp select relay
[ZB_LSW1-Vlanif20]dhcp relay server-ip 172.16.1.1
[ZB_LSW1-Vlanif20]int vlan 30
[ZB_LSW1-Vlanif30]vrrp vrid 30 virtual-ip 192.27.30.254
[ZB_LSW1-Vlanif30]dhcp select relay
[ZB_LSW1-Vlanif30]dhcp relay server-ip 172.16.1.1
[ZB_LSW1-Vlanif30]int vlan 40
[ZB_LSW1-Vlanif40]vrrp vrid 40 virtual-ip 192.27.40.254
[ZB_LSW1-Vlanif40]dhcp select relay
[ZB_LSW1-Vlanif40]dhcp relay server-ip 172.16.1.1
ZB_LSW2
<ZB_LSW2>sys
Enter system view, return user view with Ctrl+Z.
[ZB_LSW2]dhcp enable
Info: The operation may take a few seconds. Please wait for a moment.done.
[ZB_LSW2]int vlan 10
[ZB_LSW2-Vlanif10]vrrp vrid 10 virtual-ip 192.27.10.254
[ZB_LSW2-Vlanif10]dhcp select relay
[ZB_LSW2-Vlanif10]dhcp relay server-ip 172.16.1.1
[ZB_LSW2-Vlanif10]int vlan 20
[ZB_LSW2-Vlanif20]vrrp vrid 20 virtual-ip 192.27.20.254
[ZB_LSW2-Vlanif20]dhcp select relay
[ZB_LSW2-Vlanif20]dhcp relay server-ip 172.16.1.1
[ZB_LSW2-Vlanif20]int vlan 30
[ZB_LSW2-Vlanif30]vrrp vrid 30 virtual-ip 192.27.30.254
[ZB_LSW2-Vlanif30]vrrp vrid 1 priority 120
[ZB_LSW2-Vlanif30]dhcp select relay
[ZB_LSW2-Vlanif30]dhcp relay server-ip 172.16.1.1
[ZB_LSW2-Vlanif30]int vlan 40
[ZB_LSW2-Vlanif40]vrrp vrid 40 virtual-ip 192.27.40.254
[ZB_LSW2-Vlanif40]vrrp vrid 1 priority 120
[ZB_LSW2-Vlanif40]dhcp select relay
[ZB_LSW2-Vlanif40]dhcp relay server-ip 172.16.1.1
配置子公司单臂路由
子公司
[Zgs_AR2]int g0/0/1.100
[Zgs_AR2-GigabitEtherne0/0/1.100]ip add 192.27.100.254 24
[Zgs_AR2-GigabitEtherne0/0/1.100]dot1q termination vid 100
[Zgs_AR2-GigabitEthernet0/0/1.100]arp broadcast enable
[Zgs_AR2-GigabitEthernet0/0/0.10]int g0/0/1.110
[Zgs_AR2-GigabitEthernet0/0/1.110]ip add 192.27.110.254 24
[Zgs_AR2-GigabitEthernet0/0/1.110]dot1q termination vid 110
[Zgs_AR2-GigabitEthernet0/0/1.110]arp broadcast enable
Zgs_LSW9:
[Zgs_LSW9]vlan 100
[Zgs_LSW9-vlan100]vlan 110
[Zgs_LSW9]int e0/0/1
[Zgs_LSW9-Ethernet0/0/1]port link-type access
[Zgs_LSW9-Ethernet0/0/1]port default vlan 100
[Zgs_LSW9]int e0/0/2
[Zgs_LSW9-Ethernet0/0/2]port link-type access
[Zgs_LSW9-Ethernet0/0/2]port default vlan 110
[Zgs_LSW9]int g0/0/3
[Zgs_LSW9-GigabitEthernet0/0/1]port link-type trunk
[Zgs_LSW9- GigabitEthernet0/0/1]port trunk allow-pass vlan 100 110
子公司2
Zgs2_AR3:
[Zgs2_AR3]int g0/0/2.200
[Zgs2_AR3-GigabitEtherne0/0/2.200]ip add 192.27.200.254 24
[Zgs2_AR3-GigabitEtherne0/0/2.200]dot1q termination vid 200
[Zgs2_AR3-GigabitEthernet0/0/2.200]arp broadcast enable
[Zgs2_AR3-GigabitEthernet0/0/2.210]int g0/0/2.210
[Zgs2_AR3-GigabitEthernet0/0/2.210]]ip add 192.27.210.254 24
[Zgs2_AR3-GigabitEthernet0/0/2.210]]dot1q termination vid 210
[Zgs2_AR3-GigabitEthernet0/0/2.210]]arp broadcast enable
Zgs2_LSW10:
[Zgs2_LSW10]vlan 200
[Zgs2_LSW10-vlan200]vlan 210
[Zgs2_LSW10]int e0/0/1
[Zgs2_LSW10-Ethernet0/0/1]port link-type access
[Zgs2_LSW10-Ethernet0/0/1]port default vlan 200
[Zgs2_LSW10]int e0/0/2
[Zgs2_LSW10-Ethernet0/0/2]port link-type access
[Zgs2_LSW10-Ethernet0/0/2]port default vlan 210
[Zgs2_LSW10]int g0/0/2
[Zgs2_LSW10-GigabitEthernet0/0/2]port link-type trunk
[Zgs2_LSW10- GigabitEthernet0/0/2]port trunk allow-pass vlan 200 210
配置总公司子公司DHCP自动获取ip服务
配置分公司1
[fwq_DHCP]dhcp enable
Info: The operation may take a few seconds. Please wait for a moment.done.
[fwq_DHCP]ip pool fgs1
Info: It's successful to create an IP address pool.
[fwq_DHCP-ip-pool-fgs1]network 192.27.100.0 mask 255.255.255.0
[fwq_DHCP-ip-pool-fgs1]network 192.27.110.0 mask 255.255.255.0
Error:Please delete the network section first.
[fwq_DHCP-ip-pool-fgs1]gateway-list 192.27.100.254
[fwq_DHCP]ip pool fgs1glb1
Info: It's successful to create an IP address pool.
[fwq_DHCP-ip-pool-fgs1glb1]network 192.27.110.0 mask 255.255.255.0
[fwq_DHCP-ip-pool-fgs1glb1]gateway-list 192.27.110.254
配置分公司2:
<fwq_DHCP>sys
Enter system view, return user view with Ctrl+Z.
[fwq_DHCP]ip pool fgs2xsb2
Info: It's successful to create an IP address pool.
[fwq_DHCP-ip-pool-fgs2xsb2]network 192.27.200.0 mask 255.255.255.0
[fwq_DHCP-ip-pool-fgs2xsb2]gateway-list 192.27.200.254
[fwq_DHCP-ip-pool-fgs2xsb2]ip pool fgs2glb2
Info: It's successful to create an IP address pool.
[fwq_DHCP-ip-pool-fgs2glb2]network 192.27.210.0 mask 255.255.255.0
[fwq_DHCP-ip-pool-fgs2glb2]gateway-list 192.27.210.254
配置分公司1销售部1
<Zgs_AR2>sys
Enter system view, return user view with Ctrl+Z.
[Zgs_AR2]dhcp en
[Zgs_AR2]dhcp enable
Info: The operation may take a few seconds. Please wait for a moment.done.
[Zgs_AR2]int g0/0/1.100
[Zgs_AR2-GigabitEthernet0/0/1.100]dhcp select relay
[Zgs_AR2-GigabitEthernet0/0/1.100]dhcp relay server-ip 172.16.1.1
分公司1管理部1
[Zgs_AR2]int g0/0/1.110
[Zgs_AR2-GigabitEthernet0/0/1.110]dhcp select relay
[Zgs_AR2-GigabitEthernet0/0/1.110]dhcp relay server-ip 172.16.1.1
配置分公司2
<Zgs2_AR3>sys
Enter system view, return user view with Ctrl+Z.
[Zgs2_AR3]dhcp enable
Info: The operation may take a few seconds. Please wait for a moment.done.
[Zgs2_AR3]int g0/0/2.200
[Zgs2_AR3-GigabitEthernet0/0/2.200]dhcp select relay
[Zgs2_AR3-GigabitEthernet0/0/2.200]dhcp relay server-ip 172.16.1.1
[Zgs2_AR3-GigabitEthernet0/0/2.200]int g0/0/2.210
[Zgs2_AR3-GigabitEthernet0/0/2.210]dhcp select relay
[Zgs2_AR3-GigabitEthernet0/0/2.210]dhcp relay server-ip 172.16.1.1
配置总部
<fwq_DHCP> sys
Enter system view, return user view with Ctrl+Z.
[fwq_DHCP]dhcp enable
[fwq_DHCP]ip pool zbjlb
Info: It's successful to create an IP address pool.
[fwq_DHCP-ip-pool-zbjlb]network 192.27.10.0 mask 255.255.255.0
[fwq_DHCP-ip-pool-zbjlb]gateway-list 192.27.10.254
[fwq_DHCP-ip-pool-zbjlb]excluded-ip-address 192.27.10.252 192.27.10.253
[fwq_DHCP]ip pool zbcwb
Info: It's successful to create an IP address pool.
[fwq_DHCP-ip-pool-zbcwb]network 192.27.20.0 mask 255.255.255.0
[fwq_DHCP-ip-pool-zbcwb]gateway-list 192.27.20.254
[fwq_DHCP-ip-pool-zbcwb]excluded-ip-address 192.27.20.252 192.27.20.253
[fwq_DHCP-ip-pool-zbcwb]ip pool zbrsb
Info: It's successful to create an IP address pool.
[fwq_DHCP-ip-pool-zbrsb]network 192.27.30.0 mask 255.255.255.0
[fwq_DHCP-ip-pool-zbrsb]gateway-list 192.27.30.254
[fwq_DHCP-ip-pool-zbrsb]excluded-ip-address 192.27.30.252 192.27.30.253
[fwq_DHCP-ip-pool-zbrsb]ip pool zbkfb
Info: It's successful to create an IP address pool.
[fwq_DHCP-ip-pool-zbkfb]network 192.27.40.0 mask 255.255.255.0
[fwq_DHCP-ip-pool-zbkfb]gateway-list 192.27.40.254
[fwq_DHCP-ip-pool-zbkfb]excluded-ip-address 192.27.40.252 192.27.40.253
[fwq_DHCP-ip-pool-zbkfb]int g0/0/0
[fwq_DHCP-GigabitEthernet0/0/0]dhcp select global
配置MSTP生成树协议
ZB_LSW1
<ZB_LSW1>sys
Enter system view, return user view with Ctrl+Z.
[ZB_LSW1]stp mode mstp
[ZB_LSW1]stp region-configuration
[ZB_LSW1-mst-region]region-name huawei
[ZB_LSW1-mst-region]revision-level 1
[ZB_LSW1-mst-region]instance 1 vlan 10
[ZB_LSW1-mst-region]instance 2 vlan 20
[ZB_LSW1-mst-region]instance 3 vlan 30
[ZB_LSW1-mst-region]instance 4 vlan 40
[ZB_LSW1-mst-region]active region-configuration
Info: This operation may take a few seconds. Please wait for a moment...done.
[ZB_LSW1-mst-region]q
[ZB_LSW1]stp instance 1 root primary
[ZB_LSW1]stp instance 2 root primary
[ZB_LSW1]stp instance 3 root secondary
[ZB_LSW1]stp instance 4 root secondary
ZB_LSW2
<ZB_LSW2>
<ZB_LSW2>sys
Enter system view, return user view with Ctrl+Z.
[ZB_LSW2]stp mode mstp
[ZB_LSW2]stp region-configuration
[ZB_LSW2-mst-region]region-name huawei
[ZB_LSW2-mst-region]revision-level 1
[ZB_LSW2-mst-region]instance 1 vlan 10
[ZB_LSW2-mst-region]instance 2 vlan 20
[ZB_LSW2-mst-region]instance 3 vlan 30
[ZB_LSW2-mst-region]instance 4 vlan 40
[ZB_LSW2-mst-region]active region-configuration
Info: This operation may take a few seconds. Please wait for a moment...done.
[ZB_LSW2-mst-region]q
[ZB_LSW2]stp instance 1 root secondary
[ZB_LSW2]stp instance 2 root secondary
[ZB_LSW2]stp instance 3 root primary
[ZB_LSW2]stp instance 4 root primary
配置OSPF协议
Zgs_AR2:
<Zgs_AR2>sys
Enter system view, return user view with Ctrl+Z.
[Zgs_AR2]ospf 1
[Zgs_AR2-ospf-1]area 0
[Zgs_AR2-ospf-1-area-0.0.0.0]network 10.10.20.0 0.0.0.3
[Zgs_AR2-ospf-1-area-0.0.0.0]network 192.27.100.0 0.0.0.255
[Zgs_AR2-ospf-1-area-0.0.0.0]network 192.27.110.0 0.0.0.255
ZB_AR1:
<ZB_AR1>sys
Enter system view, return user view with Ctrl+Z.
[ZB_AR1]ospf 1
[ZB_AR1-ospf-1]area 0
[ZB_AR1-ospf-1-area-0.0.0.0] network 10.10.20.0 0.0.0.3
[ZB_AR1-ospf-1-area-0.0.0.2] network 10.10.10.0 0.0.0.3
[ZB_AR1-ospf-1-area-0.0.0.0]network10.10.30.0 0.0.0.3
[ZB_AR1-ospf-1-area-0.0.0.0]network10.10.40.0 0.0.0.3
[ZB_AR1-ospf-1-area-0.0.0.0]network10.10.50.0 0.0.0.3
ZB_LSW1:
<ZB_LSW1> sys
Enter system view, return user view with Ctrl+Z.
[ZB_LSW1]ospf 1
[ZB_LSW1-ospf-1]area 0
[ZB_LSW1-ospf-1-area-0.0.0.0]network 10.10.30.0 0.0.0.3
[ZB_LSW1-ospf-1-area-0.0.0.0]network192.27.10.0 0.0.0.255
[ZB_LSW1-ospf-1-area-0.0.0.0]network 192.27.20.0 0.0.0.255
[ZB_LSW1-ospf-1-area-0.0.0.0]network 192.27.30.0 0.0.0.255
[ZB_LSW1-ospf-1-area-0.0.0.0]network 192.27.40.0 0.0.0.255
ZB_LSW2
<ZB_LSW2> sys
Enter system view, return user view with Ctrl+Z.
[ZB_LSW2]ospf 1
[ZB_LSW2-ospf-1]area 0
[ZB_LSW2-ospf-1-area-0.0.0.0]network 10.10.40.0 0.0.0.3
[ZB_LSW2-ospf-1-area-0.0.0.0]network 192.27.10.0 0.0.0.255
[ZB_LSW2-ospf-1-area-0.0.0.0]network 192.27.20.0 0.0.0.255
[ZB_LSW2-ospf-1-area-0.0.0.0]network 192.27.30.0 0.0.0.255
[ZB_LSW2-ospf-1-area-0.0.0.0]network 192.27.40.0 0.0.0.255
fwq_LSW7:
<fwq_LSW7> sys
Enter system view, return user view with Ctrl+Z.
[fwq_LSW7]ospf 1
[fwq_LSW7-ospf-1]area 0
[fwq_LSW7-ospf-1-area-0.0.0.0]network10.10.50.0 0.0.0.3
[fwq_LSW7-ospf-1-area-0.0.0.0]network172.16.1.0 0.0.0.255
fwq_DHCP:
<fwq_DHCP>sys
Enter system view, return user view with Ctrl+Z.
[fwq_DHCP]ospf 1
[fwq_DHCP-ospf-1]area 0
[fwq_DHCP-ospf-1-area-0.0.0.0]netw
[fwq_DHCP-ospf-1-area-0.0.0.0]network 172.16.1.0 0.0.0.255
Zgs2_AR3:
<Huawei>sys
Enter system view, return user view with Ctrl+Z.
[Huawei]sysname Zgs2_AR3
[Zgs2_AR3]ospf 1
[Zgs2_AR3-ospf-1]area 2
[Zgs2_AR3-ospf-1-area-0.0.0.2] network 10.10.10.0 0.0.0.3
[Zgs2_AR3-ospf-1-area-0.0.0.2] network 192.27.200.0 0.0.0.255
[Zgs2_AR3-ospf-1-area-0.0.0.2] network 192.27.210.0 0.0.0.255
配置默认路由
Zgs_AR2:
<Zgs_AR2>sys
Enter system view, return user view with Ctrl+Z.
[Zgs_AR2]ip route-static 0.0.0.0 0.0.0.0 10.10.20.2
Zgs2_AR3:
<Zgs2_AR3>sys
Enter system view, return user view with Ctrl+Z.
[Zgs2_AR3]ip route-static 0.0.0.0 0.0.0.0 10.10.10.1
fwq_DHCP:
<fwq_DHCP>sys
Enter system view, return user view with Ctrl+Z.
[fwq_DHCP]ip route-static 0.0.0.0 0.0.0.0 172.16.1.254
[fwq_LSW7]ip route-static 202.16.10.1 27 10.10.50.1
ZB_AR1:
<ZB_AR1>sys
Enter system view, return user view with Ctrl+Z.
[ZB_AR1]ip route-static 0.0.0.0 0.0.0.0 202.16.10.1
ZB_LSW1:
<ZB_LSW1>sys
Enter system view, return user view with Ctrl+Z.
[ZB_LSW1]ip route-static 0.0.0.0 0.0.0.0 10.10.30.1
ZB_LSW2:
<ZB_LSW2>sys
Enter system view, return user view with Ctrl+Z.
[ZB_LSW2]ip route-static 0.0.0.0 0.0.0.0 10.10.40.1
Zgs_AR2:
<Zgs_AR2>sys
Enter system view, return user view with Ctrl+Z.
[Zgs_AR2]ip route-static 0.0.0.0 0.0.0.0 10.10.20.2
Zgs2_AR3
<Zgs2_AR3>sys
Enter system view, return user view with Ctrl+Z.
[Zgs2_AR3]ip route-static 0.0.0.0 0.0.0.0 10.10.10.1
fwq_LSW7:
<fwq_LSW7>sys
Enter system view, return user view with Ctrl+Z.
[fwq_LSW7]ip route-static 0.0.0.0 0.0.0.0 10.10.50.1
AR4:
<Huawei>sys
[Huawei]ip route-static 172.16.1.0 255.255.255.0 202.16.10.2
配置NAT
ZB_AR1:
<ZB_AR1>sys
Enter system view, return user view with Ctrl+Z.
[ZB_AR1]int s1/0/0
[ZB_AR1-Serial1/0/0]ip add 202.16.10.2 27
[ZB_AR1-Serial1/0/0]nat address-group 1 202.16.10.3 202.16.10.16
[ZB_AR1]acl 2001
[ZB_AR1-acl-basic-2001]rule 5 permit source 192.27.100.0 0.0.0.255
[ZB_AR1-acl-basic-2001]rule 10 permit source 192.27.110.0 0.0.0.255
[ZB_AR1-acl-basic-2001]rule 15 permit source 192.27.200.0 0.0.0.255
[ZB_AR1-acl-basic-2001]rule 20 permit source 192.27.210.0 0.0.0.255
[ZB_AR1-acl-basic-2001]rule 25 permit source 192.27.10.0 0.0.0.255
[ZB_AR1-acl-basic-2001]rule 30 permit source 192.27.20.0 0.0.0.255
[ZB_AR1-acl-basic-2001]rule 35 permit source 192.27.30.0 0.0.0.255
[ZB_AR1-acl-basic-2001]rule 40 permit source 192.27.40.0 0.0.0.25
[ZB_AR1-acl-basic-2001]rule 40 permit source 192.27.40.0 0.0.0.255
[ZB_AR1-acl-basic-2001]int s1/0/0
[ZB_AR1-Serial1/0/0]nat outbound 2001 address-group 1 no-pat
[ZB_AR1-Serial1/0/0]ip route-static 0.0.0.0 0.0.0.0 202.16.10.1
[ZB_AR1]int s1/0/0
[ZB_AR1-Serial1/0/0]nat server protocol tcp global 202.16.10.17 www inside 172.16.1.2 8080
配置ACL子公司对总公司访问控制列表
ZB_AR1
[ZB_AR1]acl 2000
[ZB_AR1-acl-basic-2000]rule 5 deny source 192.27.20.0 0.0.0.255
[ZB_AR1-acl-basic-2000]rule 10 deny source 192.27.30.0 0.0.0.255
[ZB_AR1-acl-basic-2000]rule 15 deny source 192.27.40.0 0.0.0.255
[ZB_AR1-acl-basic-2000]rule 20 permit source 192.27.10.0 0.0.0.255
[ZB_AR1-acl-basic-2000]int g4/0/0
[ZB_AR1-GigabitEthernet4/0/0]traffic-filter outbound acl 2000
[ZB_AR1-GigabitEthernet4/0/0]int g4/0/1
[ZB_AR1-GigabitEthernet4/0/1]traffic-filter outbound acl 2000
设备维护测试
开启设备的telnet管理功能,并为交换机配置管理IP(交换机使用vlan 1做管理vlan),实现远程登录控制网络设备
VRRP是一种容错协议,它保证当主机的下一跳路由器出现故障时,由另一台路由器来代替出现故障的路由器进行工作,从而保持网络通信的连续性和可靠性
MSTP技术是多种技术形式和集成的结果,其充分的利用了GFP(Generic Frame Protocol)数据封装、虚级联(Virtual Concatenation)映射、RPR等技术的集成应用,通过这些形式的推动作用,MSTP技术具备了广泛的带宽和对于带宽的适配能力,同时更是支持更多的功能,将ATM业务也进行了涵盖,同时有效的进行网络利用。
采用链路聚合技术可以在不进行硬件升级的条件下,通过将多个物理接口捆绑为一个逻辑接口,达到增加链路带宽的目的。在实现增大带宽目的的同时,链路聚合采用备份链路的机制,可以有效的提高设备之间链路的可靠性。
优点:
- 网络设计符合层次化的原则,利于管理和维护。
- 网络设计考虑了安全性和隔离性,通过地址转换和VLAN技术,可以防止外部攻击和内部
泄露。
- 网络设计提高了网络性能和效率,通过VLAN技术,可以控制广播风暴和减少冲突域。
- 网络设计支持了多种业务需求,如文件传输、网页访问等,提高了用户
满意度。
缺点:
- 网络设计可能需要较高的设备成本和配置复杂度,如路由器、
交换机、VLAN划分等。
- 网络设计可能存在一定的风险和局限性,如地址转换可能影响
某些应用的正常运行,VLAN划分可能导致网络拓扑的不灵活性等。