图1 某企业网络拓扑结构图
表1设备地址规划表
设备 |
接口 |
IP |
子网掩码 |
网关 |
PC1 |
E0/0/1 |
192.168.1.1 |
255.255.255.0 |
192.168.1.254 |
PC2 |
E0/0/1 |
192.168.2.1 |
255.255.255.0 |
192.168.2.254 |
R1 |
Loopback 0 |
10.0.1.1 |
255.255.255.255 |
N/A |
G0/0/0 |
10.0.13.1 |
255.255.255.0 |
N/A |
|
G0/0/1 |
10.0.12.1 |
255.255.255.0 |
N/A |
|
G0/0/2 |
192.168.11.1 |
255.255.255.0 |
N/A |
|
S1 |
VLANIF 11 |
192.168.11.2 |
255.255.255.0 |
N/A |
VLANIF 10 |
192.168.1.254 |
255.255.255.0 |
N/A |
|
VLANIF 20 |
192.168.2.254 |
255.255.255.0 |
N/A |
|
R2 |
Loopback 0 |
10.0.2.2 |
255.255.255.255 |
N/A |
G0/0/1 |
10.0.12.2 |
255.255.255.0 |
N/A |
|
G0/0/2 |
10.0.24.2 |
255.255.255.0 |
N/A |
|
NET:10.0000.0000.0002.00 |
||||
R3 |
Loopback 0 |
10.0.3.3 |
255.255.255.255 |
N/A |
G0/0/0 |
10.0.13.3 |
255.255.255.0 |
N/A |
|
G0/0/1 |
10.0.34.3 |
255.255.255.0 |
N/A |
|
NET:10.0000.0000.0003.00 |
||||
R4 |
Loopback 0 |
10.0.4.4 |
255.255.255.255 |
N/A |
Loopback 1 |
10.1.4.4 |
255.255.255.255 |
N/A |
|
Loopback 2 |
10.1.44.44 |
255.255.255.255 |
N/A |
|
G0/0/1 |
10.0.34.4 |
255.255.255.0 |
N/A |
|
G0/0/2 |
10.0.24.4 |
255.255.255.0 |
N/A |
|
NET:10.0000.0000.0004.00 |
要求:
1、按上图要求画好拓扑,配置好各PC地址;
2、设备名称如图1设置为学号最后2位+设备名称(如学号最后两位为05的同学,将设备分别取名为05S1、05S2、05S3、05S4、05R1、05R2……);
3、公司内网在S1、S2、S3配置相应vlan,trunk口允许所有vlan流量通过;S1与R1的网络为vlan 11,PC网关为S1的SVI接口,地址如表1
4、在S1、S2、S3交换机上运行MSTP,实例10中主根桥为S1,次根桥为S2,实例20中主根桥为S1,次根桥为S3;
5、配置各路由器接口地址,公司内S1、R1设备运行ospf,S1到R1链路是area 0,PC到核心交换机链路是area 1设计为完全STUB区域,S1通过下发的默认路由访问外网;这个需求不合理,区域1属于直连路由,不可能产生缺省路由
6、运营商内R2、R3、R4运行ISIS,NET见表1,所有路由器都是level 2,R4的loopback 1与loopback 2模拟需要访问的2个服务器;
7、R1、R2、R3、R4运行BGP,AS如图1,EBGP用物理接口建立邻居关系,IBGP用逻辑接口建立邻居关系,R1宣告2个PC所在网络路由进BGP,R4宣告2个服务器所在网络路由进BGP,要求用MED属性控制公司内网访问服务器1走R2的路径,公司内网访问服务器2走R3的路径;
配置
sysname 37S1
#
undo info-center enable
#
vlan batch 10 to 11 20
#
stp instance 10 root primary
stp instance 20 root primary
#
stp region-configuration
region-name huawei
instance 10 vlan 10
instance 20 vlan 20
active region-configuration
#
interface Vlanif10
ip address 192.168.1.254 255.255.255.0
#
interface Vlanif11
ip address 192.168.11.2 255.255.255.0
#
interface Vlanif20
ip address 192.168.2.254 255.255.255.0
#
interface GigabitEthernet0/0/1
port link-type access
port default vlan 11
#
interface GigabitEthernet0/0/2
port link-type trunk
port trunk allow-pass vlan 2 to 4094
#
interface GigabitEthernet0/0/3
port link-type trunk
port trunk allow-pass vlan 2 to 4094
#
ospf 1
area 0.0.0.0
network 192.168.11.0 0.0.0.255
area 0.0.0.1
network 192.168.1.0 0.0.0.255
network 192.168.2.0 0.0.0.255
stub no-summary
#
ip route-static 0.0.0.0 0.0.0.0 192.168.11.1
sysname 37S2
#
undo info-center enable
#
vlan batch 10 20
#
stp instance 10 root secondary
#
stp region-configuration
region-name huawei
instance 10 vlan 10
instance 20 vlan 20
active region-configuration
#
interface Ethernet0/0/1
port link-type access
port default vlan 10
#
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 2 to 4094
#
interface GigabitEthernet0/0/2
port link-type trunk
port trunk allow-pass vlan 2 to 4094
sysname 37S3
#
undo info-center enable
#
vlan batch 10 20
#
stp instance 20 root secondary
#
stp region-configuration
region-name huawei
instance 10 vlan 10
instance 20 vlan 20
active region-configuration
#
interface Ethernet0/0/1
port link-type access
port default vlan 20
#
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 2 to 4094
#
interface GigabitEthernet0/0/2
port link-type trunk
port trunk allow-pass vlan 2 to 4094
sysname 37R1
#
undo info-center enable
#
interface GigabitEthernet0/0/0
ip address 10.0.13.1 255.255.255.0
#
interface GigabitEthernet0/0/1
ip address 10.0.12.1 255.255.255.0
#
interface GigabitEthernet0/0/2
ip address 192.168.11.1 255.255.255.0
#
interface LoopBack0
ip address 10.0.1.1 255.255.255.255
#
bgp 600
peer 10.0.12.2 as-number 500
peer 10.0.13.3 as-number 500
#
ipv4-family unicast
undo synchronization
network 192.168.1.0
network 192.168.2.0
peer 10.0.12.2 enable
peer 10.0.13.3 enable
#
ospf 1 router-id 10.0.1.1
area 0.0.0.0
network 192.168.11.0 0.0.0.255
sysname 37R2
#
undo info-center enable
#
isis 1
is-level level-2
network-entity 10.0000.0000.0002.00
#
interface GigabitEthernet0/0/1
ip address 10.0.12.2 255.255.255.0
#
interface GigabitEthernet0/0/2
ip address 10.0.24.2 255.255.255.0
isis enable 1
#
interface LoopBack0
ip address 10.0.2.2 255.255.255.255
isis enable 1
#
bgp 500
peer 10.0.4.4 as-number 500
peer 10.0.4.4 connect-interface LoopBack0
peer 10.0.12.1 as-number 600
#
ipv4-family unicast
undo synchronization
peer 10.0.4.4 enable
peer 10.0.4.4 next-hop-local
peer 10.0.12.1 enable
peer 10.0.12.1 route-policy 2 export
#
route-policy 2 permit node 10
if-match ip-prefix 2
apply cost 2
#
route-policy 2 permit node 20
#
ip ip-prefix 2 index 10 permit 10.1.44.44 32
sysname 37R3
#
undo info-center enable
#
isis 1
is-level level-2
network-entity 10.0000.0000.0003.00
#
interface GigabitEthernet0/0/0
ip address 10.0.13.3 255.255.255.0
#
interface GigabitEthernet0/0/1
ip address 10.0.34.3 255.255.255.0
isis enable 1
#
interface LoopBack0
ip address 10.0.3.3 255.255.255.255
isis enable 1
#
bgp 500
peer 10.0.4.4 as-number 500
peer 10.0.4.4 connect-interface LoopBack0
peer 10.0.13.1 as-number 600
#
ipv4-family unicast
undo synchronization
peer 10.0.4.4 enable
peer 10.0.4.4 next-hop-local
peer 10.0.13.1 enable
sysname 37R4
#
undo info-center enable
#
isis 1
is-level level-2
network-entity 10.0000.0000.0004.00
#
interface GigabitEthernet0/0/1
ip address 10.0.34.4 255.255.255.0
isis enable 1
#
interface GigabitEthernet0/0/2
ip address 10.0.24.4 255.255.255.0
isis enable 1
#
interface LoopBack0
ip address 10.0.4.4 255.255.255.255
isis enable 1
#
interface LoopBack1
ip address 10.1.4.4 255.255.255.255
#
interface LoopBack2
ip address 10.1.44.44 255.255.255.255
#
bgp 500
peer 10.0.2.2 as-number 500
peer 10.0.2.2 connect-interface LoopBack0
peer 10.0.3.3 as-number 500
peer 10.0.3.3 connect-interface LoopBack0
#
ipv4-family unicast
undo synchronization
network 10.1.4.4 255.255.255.255
network 10.1.44.44 255.255.255.255
peer 10.0.2.2 enable
peer 10.0.3.3 enable