2024-09-03 15:53:00 +08:00
|
|
|
|
# 项目实战 - 内网优化
|
|
|
|
|
|
2024-09-03 16:48:02 +08:00
|
|
|
|
![image-20240903155919145](https://picgo-noriu.oss-cn-beijing.aliyuncs.com/Images/image-20240903155919145.png)
|
2024-09-03 15:53:00 +08:00
|
|
|
|
|
|
|
|
|
- **需求**
|
|
|
|
|
- 所有部门中都使用了网关冗余技术,为了增强网关稳定性和冗余性
|
|
|
|
|
- 交换机之间存在很多冗余链路,必须防止环路的发生,并且能够提高链路的利用率,要求每个部门的主机访问其他主机时,使用的都是最优的转发路径
|
|
|
|
|
- VLAN30的主机通过SW6与DHCP服务器通信,获取IP地址,所以SW6也是DHCP中继
|
|
|
|
|
|
|
|
|
|
### 一、IP、VLAN、Routing
|
|
|
|
|
|
|
|
|
|
- **PC**
|
|
|
|
|
|
|
|
|
|
- **SW1**
|
|
|
|
|
|
|
|
|
|
```
|
|
|
|
|
[SW1]vlan 10
|
|
|
|
|
[SW1-vlan10]quit
|
|
|
|
|
[SW1]int g0/0/1
|
|
|
|
|
[SW1-GigabitEthernet0/0/1]port link-type access
|
|
|
|
|
[SW1-GigabitEthernet0/0/1]port default vlan 10
|
|
|
|
|
[SW1-GigabitEthernet0/0/1]quit
|
|
|
|
|
[SW1]port-group group-member g0/0/2 g0/0/3
|
|
|
|
|
[SW1-port-group]port link-type trunk
|
|
|
|
|
[SW1-port-group]port trunk allow-pass vlan all
|
|
|
|
|
```
|
|
|
|
|
|
|
|
|
|
- **SW2**
|
|
|
|
|
|
|
|
|
|
```
|
|
|
|
|
[SW2]vlan 20
|
|
|
|
|
[SW2-vlan20]quit
|
|
|
|
|
[SW2]int g0/0/1
|
|
|
|
|
[SW2-GigabitEthernet0/0/1]port link-type access
|
|
|
|
|
[SW2-GigabitEthernet0/0/1]port default vlan 20
|
|
|
|
|
[SW2-GigabitEthernet0/0/1]quit
|
|
|
|
|
[SW2]port-group group-member g0/0/2 g0/0/3
|
|
|
|
|
[SW2-port-group]port link-type trunk
|
|
|
|
|
[SW2-port-group]port trunk allow-pass vlan all
|
|
|
|
|
```
|
|
|
|
|
|
|
|
|
|
- **SW3**
|
|
|
|
|
|
|
|
|
|
```
|
|
|
|
|
[SW3]vlan 30
|
|
|
|
|
[SW3-vlan30]quit
|
|
|
|
|
[SW3]int g0/0/1
|
|
|
|
|
[SW3-GigabitEthernet0/0/1]port link-type access
|
|
|
|
|
[SW3-GigabitEthernet0/0/1]port default vlan 30
|
|
|
|
|
[SW3-GigabitEthernet0/0/1]quit
|
|
|
|
|
[SW3]port-group group-member g0/0/2 g0/0/3
|
|
|
|
|
[SW3-port-group]port link-type trunk
|
|
|
|
|
[SW3-port-group]port trunk allow-pass vlan all
|
|
|
|
|
```
|
|
|
|
|
|
|
|
|
|
- **SW5**
|
|
|
|
|
|
|
|
|
|
```
|
|
|
|
|
[SW5]vlan batch 10 20 30 50
|
|
|
|
|
[SW5]port-group group-member g0/0/1 to g0/0/3 g0/0/6
|
|
|
|
|
[SW5-port-group]port link-type trunk
|
|
|
|
|
[SW5-port-group]port trunk allow-pass vlan all
|
|
|
|
|
[SW5-port-group]quit
|
|
|
|
|
[SW5]int g0/0/5
|
|
|
|
|
[SW5-GigabitEthernet0/0/5]port link-type access
|
|
|
|
|
[SW5-GigabitEthernet0/0/5]port default vlan 50
|
|
|
|
|
[SW5-GigabitEthernet0/0/5]quit
|
|
|
|
|
[SW5]int Vlanif 50
|
|
|
|
|
[SW5-Vlanif50]ip add 192.168.50.251 24
|
|
|
|
|
[SW5-Vlanif50]int Vlanif 10
|
|
|
|
|
[SW5-Vlanif10]ip add 192.168.10.251 24
|
|
|
|
|
[SW5-Vlanif10]int Vlanif 20
|
|
|
|
|
[SW5-Vlanif20]ip add 192.168.20.251 24
|
|
|
|
|
[SW5-Vlanif20]int Vlanif 30
|
|
|
|
|
[SW5-Vlanif30]ip add 192.168.30.251 24
|
|
|
|
|
```
|
|
|
|
|
|
|
|
|
|
- **SW6**
|
|
|
|
|
|
|
|
|
|
```
|
|
|
|
|
[SW6]vlan batch 10 20 30 50
|
|
|
|
|
[SW6]port-group group-member g0/0/1 to g0/0/3 g0/0/6
|
|
|
|
|
[SW6-port-group]port link-type trunk
|
|
|
|
|
[SW6-port-group]port trunk allow-pass vlan all
|
|
|
|
|
[SW6-port-group]quit
|
|
|
|
|
[SW6]int Vlanif 10
|
|
|
|
|
[SW6-Vlanif10]ip add 192.168.10.252 24
|
|
|
|
|
[SW6-Vlanif10]int Vlanif 20
|
|
|
|
|
[SW6-Vlanif20]ip add 192.168.20.252 24
|
|
|
|
|
[SW6-Vlanif20]int Vlanif 30
|
|
|
|
|
[SW6-Vlanif30]ip add 192.168.30.252 24
|
|
|
|
|
[SW6-Vlanif30]int Vlanif 50
|
|
|
|
|
[SW6-Vlanif50]ip add 192.168.50.252 24
|
|
|
|
|
```
|
|
|
|
|
|
|
|
|
|
- **AR3 - DHCP**
|
|
|
|
|
|
|
|
|
|
```
|
|
|
|
|
[AR3-DHCP]int g0/0/0
|
|
|
|
|
[AR3-DHCP-GigabitEthernet0/0/0]ip add 192.168.50.1 24
|
|
|
|
|
[AR3-DHCP-GigabitEthernet0/0/0]quit
|
|
|
|
|
[AR3-DHCP]ip route-static 0.0.0.0 0 192.168.50.251
|
|
|
|
|
```
|
|
|
|
|
|
|
|
|
|
### 二、VRRP
|
|
|
|
|
|
|
|
|
|
- **SW5**
|
|
|
|
|
|
|
|
|
|
```
|
|
|
|
|
[SW5]int Vlanif 10
|
|
|
|
|
[SW5-Vlanif10]vrrp vrid 10 virtual-ip 192.168.10.254
|
|
|
|
|
[SW5-Vlanif10]vrrp vrid 10 priority 130
|
|
|
|
|
[SW5-Vlanif10]quit
|
|
|
|
|
[SW5]int Vlanif 20
|
|
|
|
|
[SW5-Vlanif20]vrrp vrid 20 virtual-ip 192.168.20.254
|
|
|
|
|
[SW5-Vlanif20]vrrp vrid 20 priority 130
|
|
|
|
|
[SW5-Vlanif20]quit
|
|
|
|
|
[SW5]int Vlanif 30
|
|
|
|
|
[SW5-Vlanif30]vrrp vrid 30 virtual-ip 192.168.30.254
|
|
|
|
|
```
|
|
|
|
|
|
|
|
|
|
- **SW6**
|
|
|
|
|
|
|
|
|
|
```
|
|
|
|
|
[SW6]int Vlanif 10
|
|
|
|
|
[SW6-Vlanif10]vrrp vrid 10 virtual-ip 192.168.10.254
|
|
|
|
|
[SW6-Vlanif10]int Vlanif 20
|
|
|
|
|
[SW6-Vlanif20]vrrp vrid 20 virtual-ip 192.168.20.254
|
|
|
|
|
[SW6-Vlanif20]int Vlanif 30
|
|
|
|
|
[SW6-Vlanif30]vrrp vrid 30 virtual-ip 192.168.30.254
|
|
|
|
|
[SW6-Vlanif30]vrrp vrid 30 priority 130
|
|
|
|
|
```
|
|
|
|
|
|
|
|
|
|
### 三、MSTP
|
|
|
|
|
|
|
|
|
|
- **SW1/SW2/SW3/SW5/SW6 统一配置MSTP**
|
|
|
|
|
|
|
|
|
|
```
|
|
|
|
|
[SW1]stp region-configuration
|
|
|
|
|
[SW1-mst-region]region-name ntd2407
|
|
|
|
|
[SW1-mst-region]instance 5 vlan 50
|
|
|
|
|
[SW1-mst-region]instance 10 vlan 10
|
|
|
|
|
[SW1-mst-region]instance 20 vlan 20
|
|
|
|
|
[SW1-mst-region]instance 30 vlan 30
|
|
|
|
|
[SW1-mst-region]active region-configuration
|
|
|
|
|
```
|
|
|
|
|
|
|
|
|
|
- **HX_SW5是实例10和实例20的主根**
|
|
|
|
|
|
|
|
|
|
```
|
|
|
|
|
[SW5]stp instance 5 priority 8192
|
|
|
|
|
[SW5]stp instance 10 priority 4096
|
|
|
|
|
[SW5]stp instance 20 priority 4096
|
|
|
|
|
[SW5]stp instance 30 priority 8192
|
|
|
|
|
```
|
|
|
|
|
|
|
|
|
|
- **HX_SW6是实例30和实例5的主根**
|
|
|
|
|
|
|
|
|
|
```
|
|
|
|
|
[SW5]stp instance 5 priority 8192
|
|
|
|
|
[SW6]stp instance 10 priority 8192
|
|
|
|
|
[SW6]stp instance 20 priority 8192
|
|
|
|
|
[SW6]stp instance 30 priority 4096
|
|
|
|
|
```
|
|
|
|
|
|
|
|
|
|
### 四、DHCP
|
|
|
|
|
|
|
|
|
|
- **AR3 - DHCP**
|
|
|
|
|
|
|
|
|
|
```
|
|
|
|
|
[AR3-DHCP]dhcp enable
|
|
|
|
|
[AR3-DHCP]ip pool vlan10
|
|
|
|
|
[AR3-DHCP-ip-pool-vlan10]network 192.168.10.0 mask 24
|
|
|
|
|
[AR3-DHCP-ip-pool-vlan10]gateway-list 192.168.10.254
|
|
|
|
|
[AR3-DHCP-ip-pool-vlan10]dns-list 8.8.8.8
|
|
|
|
|
[AR3-DHCP-ip-pool-vlan10]quit
|
|
|
|
|
[AR3-DHCP]ip pool vlan20
|
|
|
|
|
[AR3-DHCP-ip-pool-vlan20]network 192.168.20.0 mask 24
|
|
|
|
|
[AR3-DHCP-ip-pool-vlan20]gateway-list 192.168.20.254
|
|
|
|
|
[AR3-DHCP-ip-pool-vlan20]dns-list 8.8.8.8
|
|
|
|
|
[AR3-DHCP-ip-pool-vlan20]quit
|
|
|
|
|
[AR3-DHCP]ip pool vlan30
|
|
|
|
|
[AR3-DHCP-ip-pool-vlan30]network 192.168.30.0 mask 24
|
|
|
|
|
[AR3-DHCP-ip-pool-vlan30]gateway-list 192.168.30.254
|
|
|
|
|
[AR3-DHCP-ip-pool-vlan30]dns-list 8.8.8.8
|
|
|
|
|
[AR3-DHCP-ip-pool-vlan30]quit
|
2024-09-03 17:49:09 +08:00
|
|
|
|
[AR3-DHCP]int g0/0/0
|
2024-09-03 15:53:00 +08:00
|
|
|
|
[AR3-DHCP-GigabitEthernet0/0/1]dhcp select global
|
|
|
|
|
```
|
|
|
|
|
|
|
|
|
|
- **SW5 - DHCP中继**
|
|
|
|
|
|
|
|
|
|
```
|
|
|
|
|
[SW5]dhcp enable
|
|
|
|
|
[SW5]int Vlanif 10
|
|
|
|
|
[SW5-Vlanif10]dhcp select relay
|
|
|
|
|
[SW5-Vlanif10]dhcp relay server-ip 192.168.50.1
|
|
|
|
|
[SW5-Vlanif10]int Vlanif 20
|
|
|
|
|
[SW5-Vlanif20]dhcp select relay
|
|
|
|
|
[SW5-Vlanif20]dhcp relay server-ip 192.168.50.1
|
|
|
|
|
[SW5-Vlanif20]int Vlanif 30
|
|
|
|
|
[SW5-Vlanif30]dhcp select relay
|
|
|
|
|
[SW5-Vlanif30]dhcp relay server-ip 192.168.50.1
|
|
|
|
|
```
|
|
|
|
|
|
|
|
|
|
- **SW6 - DHCP中继**
|
|
|
|
|
|
|
|
|
|
```
|
|
|
|
|
[SW6]dhcp enable
|
|
|
|
|
[SW6]int Vlanif 10
|
|
|
|
|
[SW6-Vlanif10]dhcp select relay
|
|
|
|
|
[SW6-Vlanif10]dhcp relay server-ip 192.168.50.1
|
|
|
|
|
[SW6-Vlanif10]int Vlanif 20
|
|
|
|
|
[SW6-Vlanif20]dhcp select relay
|
|
|
|
|
[SW6-Vlanif20]dhcp relay server-ip 192.168.50.1
|
|
|
|
|
[SW6-Vlanif20]int Vlanif 30
|
|
|
|
|
[SW6-Vlanif30]dhcp select relay
|
|
|
|
|
[SW6-Vlanif30]dhcp relay server-ip 192.168.50.1
|
|
|
|
|
```
|
|
|
|
|
|
|
|
|
|
### 五、验证
|
|
|
|
|
|
|
|
|
|
- 所有PC都可以通过dhcp获取IP地址
|
|
|
|
|
- 所有PC都可以互联互通
|
|
|
|
|
|