From e0925e2439a79bf1b8edca796af04532eaab06fe Mon Sep 17 00:00:00 2001 From: Noriu Date: Tue, 3 Sep 2024 15:53:00 +0800 Subject: [PATCH] =?UTF-8?q?2024=E5=B9=B49=E6=9C=883=E6=97=A5=2015:53:05?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- ...交换网络设计.md => 0903_项目实战A - 基础交换网络设计.md} | 0 .../拓扑练习/0903_项目实战B - 内网优化.md | 225 ++++++++++++++++++ .../拓扑练习/0903_项目实战C - 内外网互联.md | 38 +++ 3 files changed, 263 insertions(+) rename B. 第二阶段/拓扑练习/{0903_项目实战 - 基础交换网络设计.md => 0903_项目实战A - 基础交换网络设计.md} (100%) create mode 100644 B. 第二阶段/拓扑练习/0903_项目实战B - 内网优化.md create mode 100644 B. 第二阶段/拓扑练习/0903_项目实战C - 内外网互联.md diff --git a/B. 第二阶段/拓扑练习/0903_项目实战 - 基础交换网络设计.md b/B. 第二阶段/拓扑练习/0903_项目实战A - 基础交换网络设计.md similarity index 100% rename from B. 第二阶段/拓扑练习/0903_项目实战 - 基础交换网络设计.md rename to B. 第二阶段/拓扑练习/0903_项目实战A - 基础交换网络设计.md diff --git a/B. 第二阶段/拓扑练习/0903_项目实战B - 内网优化.md b/B. 第二阶段/拓扑练习/0903_项目实战B - 内网优化.md new file mode 100644 index 0000000..c0fb414 --- /dev/null +++ b/B. 第二阶段/拓扑练习/0903_项目实战B - 内网优化.md @@ -0,0 +1,225 @@ +# 项目实战 - 内网优化 + +![image-20240903154304067](https://picgo-noriu.oss-cn-beijing.aliyuncs.com/Images/image-20240903154304067.png) + +- **需求** + - 所有部门中都使用了网关冗余技术,为了增强网关稳定性和冗余性 + - 交换机之间存在很多冗余链路,必须防止环路的发生,并且能够提高链路的利用率,要求每个部门的主机访问其他主机时,使用的都是最优的转发路径 + - VLAN30的主机通过SW6与DHCP服务器通信,获取IP地址,所以SW6也是DHCP中继 + +### 一、IP、VLAN、Routing + +- **PC** + +- **SW1** + + ``` + [SW1]vlan 10 + [SW1-vlan10]quit + [SW1]int g0/0/1 + [SW1-GigabitEthernet0/0/1]port link-type access + [SW1-GigabitEthernet0/0/1]port default vlan 10 + [SW1-GigabitEthernet0/0/1]quit + [SW1]port-group group-member g0/0/2 g0/0/3 + [SW1-port-group]port link-type trunk + [SW1-port-group]port trunk allow-pass vlan all + ``` + +- **SW2** + + ``` + [SW2]vlan 20 + [SW2-vlan20]quit + [SW2]int g0/0/1 + [SW2-GigabitEthernet0/0/1]port link-type access + [SW2-GigabitEthernet0/0/1]port default vlan 20 + [SW2-GigabitEthernet0/0/1]quit + [SW2]port-group group-member g0/0/2 g0/0/3 + [SW2-port-group]port link-type trunk + [SW2-port-group]port trunk allow-pass vlan all + ``` + +- **SW3** + + ``` + [SW3]vlan 30 + [SW3-vlan30]quit + [SW3]int g0/0/1 + [SW3-GigabitEthernet0/0/1]port link-type access + [SW3-GigabitEthernet0/0/1]port default vlan 30 + [SW3-GigabitEthernet0/0/1]quit + [SW3]port-group group-member g0/0/2 g0/0/3 + [SW3-port-group]port link-type trunk + [SW3-port-group]port trunk allow-pass vlan all + ``` + +- **SW5** + + ``` + [SW5]vlan batch 10 20 30 50 + [SW5]port-group group-member g0/0/1 to g0/0/3 g0/0/6 + [SW5-port-group]port link-type trunk + [SW5-port-group]port trunk allow-pass vlan all + [SW5-port-group]quit + [SW5]int g0/0/5 + [SW5-GigabitEthernet0/0/5]port link-type access + [SW5-GigabitEthernet0/0/5]port default vlan 50 + [SW5-GigabitEthernet0/0/5]quit + [SW5]int Vlanif 50 + [SW5-Vlanif50]ip add 192.168.50.251 24 + [SW5-Vlanif50]int Vlanif 10 + [SW5-Vlanif10]ip add 192.168.10.251 24 + [SW5-Vlanif10]int Vlanif 20 + [SW5-Vlanif20]ip add 192.168.20.251 24 + [SW5-Vlanif20]int Vlanif 30 + [SW5-Vlanif30]ip add 192.168.30.251 24 + ``` + +- **SW6** + + ``` + [SW6]vlan batch 10 20 30 50 + [SW6]port-group group-member g0/0/1 to g0/0/3 g0/0/6 + [SW6-port-group]port link-type trunk + [SW6-port-group]port trunk allow-pass vlan all + [SW6-port-group]quit + [SW6]int Vlanif 10 + [SW6-Vlanif10]ip add 192.168.10.252 24 + [SW6-Vlanif10]int Vlanif 20 + [SW6-Vlanif20]ip add 192.168.20.252 24 + [SW6-Vlanif20]int Vlanif 30 + [SW6-Vlanif30]ip add 192.168.30.252 24 + [SW6-Vlanif30]int Vlanif 50 + [SW6-Vlanif50]ip add 192.168.50.252 24 + ``` + +- **AR3 - DHCP** + + ``` + [AR3-DHCP]int g0/0/0 + [AR3-DHCP-GigabitEthernet0/0/0]ip add 192.168.50.1 24 + [AR3-DHCP-GigabitEthernet0/0/0]quit + [AR3-DHCP]ip route-static 0.0.0.0 0 192.168.50.251 + ``` + +### 二、VRRP + +- **SW5** + + ``` + [SW5]int Vlanif 10 + [SW5-Vlanif10]vrrp vrid 10 virtual-ip 192.168.10.254 + [SW5-Vlanif10]vrrp vrid 10 priority 130 + [SW5-Vlanif10]quit + [SW5]int Vlanif 20 + [SW5-Vlanif20]vrrp vrid 20 virtual-ip 192.168.20.254 + [SW5-Vlanif20]vrrp vrid 20 priority 130 + [SW5-Vlanif20]quit + [SW5]int Vlanif 30 + [SW5-Vlanif30]vrrp vrid 30 virtual-ip 192.168.30.254 + ``` + +- **SW6** + + ``` + [SW6]int Vlanif 10 + [SW6-Vlanif10]vrrp vrid 10 virtual-ip 192.168.10.254 + [SW6-Vlanif10]int Vlanif 20 + [SW6-Vlanif20]vrrp vrid 20 virtual-ip 192.168.20.254 + [SW6-Vlanif20]int Vlanif 30 + [SW6-Vlanif30]vrrp vrid 30 virtual-ip 192.168.30.254 + [SW6-Vlanif30]vrrp vrid 30 priority 130 + ``` + +### 三、MSTP + +- **SW1/SW2/SW3/SW5/SW6 统一配置MSTP** + + ``` + [SW1]stp region-configuration + [SW1-mst-region]region-name ntd2407 + [SW1-mst-region]instance 5 vlan 50 + [SW1-mst-region]instance 10 vlan 10 + [SW1-mst-region]instance 20 vlan 20 + [SW1-mst-region]instance 30 vlan 30 + [SW1-mst-region]active region-configuration + ``` + +- **HX_SW5是实例10和实例20的主根** + + ``` + [SW5]stp instance 5 priority 8192 + [SW5]stp instance 10 priority 4096 + [SW5]stp instance 20 priority 4096 + [SW5]stp instance 30 priority 8192 + ``` + +- **HX_SW6是实例30和实例5的主根** + + ``` + [SW5]stp instance 5 priority 8192 + [SW6]stp instance 10 priority 8192 + [SW6]stp instance 20 priority 8192 + [SW6]stp instance 30 priority 4096 + ``` + +### 四、DHCP + +- **AR3 - DHCP** + + ``` + [AR3-DHCP]dhcp enable + [AR3-DHCP]ip pool vlan10 + [AR3-DHCP-ip-pool-vlan10]network 192.168.10.0 mask 24 + [AR3-DHCP-ip-pool-vlan10]gateway-list 192.168.10.254 + [AR3-DHCP-ip-pool-vlan10]dns-list 8.8.8.8 + [AR3-DHCP-ip-pool-vlan10]quit + [AR3-DHCP]ip pool vlan20 + [AR3-DHCP-ip-pool-vlan20]network 192.168.20.0 mask 24 + [AR3-DHCP-ip-pool-vlan20]gateway-list 192.168.20.254 + [AR3-DHCP-ip-pool-vlan20]dns-list 8.8.8.8 + [AR3-DHCP-ip-pool-vlan20]quit + [AR3-DHCP]ip pool vlan30 + [AR3-DHCP-ip-pool-vlan30]network 192.168.30.0 mask 24 + [AR3-DHCP-ip-pool-vlan30]gateway-list 192.168.30.254 + [AR3-DHCP-ip-pool-vlan30]dns-list 8.8.8.8 + [AR3-DHCP-ip-pool-vlan30]quit + [AR3-DHCP]int g0/0/1 + [AR3-DHCP-GigabitEthernet0/0/1]dhcp select global + ``` + +- **SW5 - DHCP中继** + + ``` + [SW5]dhcp enable + [SW5]int Vlanif 10 + [SW5-Vlanif10]dhcp select relay + [SW5-Vlanif10]dhcp relay server-ip 192.168.50.1 + [SW5-Vlanif10]int Vlanif 20 + [SW5-Vlanif20]dhcp select relay + [SW5-Vlanif20]dhcp relay server-ip 192.168.50.1 + [SW5-Vlanif20]int Vlanif 30 + [SW5-Vlanif30]dhcp select relay + [SW5-Vlanif30]dhcp relay server-ip 192.168.50.1 + ``` + +- **SW6 - DHCP中继** + + ``` + [SW6]dhcp enable + [SW6]int Vlanif 10 + [SW6-Vlanif10]dhcp select relay + [SW6-Vlanif10]dhcp relay server-ip 192.168.50.1 + [SW6-Vlanif10]int Vlanif 20 + [SW6-Vlanif20]dhcp select relay + [SW6-Vlanif20]dhcp relay server-ip 192.168.50.1 + [SW6-Vlanif20]int Vlanif 30 + [SW6-Vlanif30]dhcp select relay + [SW6-Vlanif30]dhcp relay server-ip 192.168.50.1 + ``` + +### 五、验证 + +- 所有PC都可以通过dhcp获取IP地址 +- 所有PC都可以互联互通 + diff --git a/B. 第二阶段/拓扑练习/0903_项目实战C - 内外网互联.md b/B. 第二阶段/拓扑练习/0903_项目实战C - 内外网互联.md new file mode 100644 index 0000000..6bf456d --- /dev/null +++ b/B. 第二阶段/拓扑练习/0903_项目实战C - 内外网互联.md @@ -0,0 +1,38 @@ +# 项目实战 - 内外网互联 + +![image-20240903153510208](https://picgo-noriu.oss-cn-beijing.aliyuncs.com/Images/image-20240903153510208.png) + +- **需求** + - SW5通过vlanif15和出口设备R1互联 + - SW6通过vlanif16和出口设备R1互联 + - 在SW5/SW6与出口设备R1中配置路由,实现SW5/SW6与R1的互通 + - 公司出口设备 R1连接外网,公司租用的公网网段:100.1.1.0/29 + - 公司内网主机有访问外网的需求,所以在R1上配置默认路由,下一跳为公网网关 + - 使用ACL来定义允许那些部门和网段访问外网 + - 部署地址池NAT或者Easy-ip,实现内网主机访问外网 + - 配置VRRP的上行链路跟踪 + +### 一、IP & VLAN & Routing + +- **AR1** + + ``` + [AR1]int g0/0/0 + [AR1-GigabitEthernet0/0/0]ip add 192.168.15.1 24 + [AR1-GigabitEthernet0/0/0]int g0/0/1 + [AR1-GigabitEthernet0/0/1]ip add 192.168.16.1 24 + [AR1-GigabitEthernet0/0/1]int g0/0/2 + [AR1-GigabitEthernet0/0/2]ip add 100.1.1.1 29 + ``` + +- **AR2** + + ``` + [AR2]int g0/0/0 + [AR2-GigabitEthernet0/0/0]ip add 100.1.1.2 29 + [AR2-GigabitEthernet0/0/0]int g0/0/1 + [AR2-GigabitEthernet0/0/1]ip add 200.1.1.254 24 + ``` + + +