2024年9月3日 15:53:05
This commit is contained in:
parent
ff9d0e9225
commit
e0925e2439
225
B. 第二阶段/拓扑练习/0903_项目实战B - 内网优化.md
Normal file
225
B. 第二阶段/拓扑练习/0903_项目实战B - 内网优化.md
Normal file
@ -0,0 +1,225 @@
|
||||
# 项目实战 - 内网优化
|
||||
|
||||
|
||||
|
||||
- **需求**
|
||||
- 所有部门中都使用了网关冗余技术,为了增强网关稳定性和冗余性
|
||||
- 交换机之间存在很多冗余链路,必须防止环路的发生,并且能够提高链路的利用率,要求每个部门的主机访问其他主机时,使用的都是最优的转发路径
|
||||
- VLAN30的主机通过SW6与DHCP服务器通信,获取IP地址,所以SW6也是DHCP中继
|
||||
|
||||
### 一、IP、VLAN、Routing
|
||||
|
||||
- **PC**
|
||||
|
||||
- **SW1**
|
||||
|
||||
```
|
||||
[SW1]vlan 10
|
||||
[SW1-vlan10]quit
|
||||
[SW1]int g0/0/1
|
||||
[SW1-GigabitEthernet0/0/1]port link-type access
|
||||
[SW1-GigabitEthernet0/0/1]port default vlan 10
|
||||
[SW1-GigabitEthernet0/0/1]quit
|
||||
[SW1]port-group group-member g0/0/2 g0/0/3
|
||||
[SW1-port-group]port link-type trunk
|
||||
[SW1-port-group]port trunk allow-pass vlan all
|
||||
```
|
||||
|
||||
- **SW2**
|
||||
|
||||
```
|
||||
[SW2]vlan 20
|
||||
[SW2-vlan20]quit
|
||||
[SW2]int g0/0/1
|
||||
[SW2-GigabitEthernet0/0/1]port link-type access
|
||||
[SW2-GigabitEthernet0/0/1]port default vlan 20
|
||||
[SW2-GigabitEthernet0/0/1]quit
|
||||
[SW2]port-group group-member g0/0/2 g0/0/3
|
||||
[SW2-port-group]port link-type trunk
|
||||
[SW2-port-group]port trunk allow-pass vlan all
|
||||
```
|
||||
|
||||
- **SW3**
|
||||
|
||||
```
|
||||
[SW3]vlan 30
|
||||
[SW3-vlan30]quit
|
||||
[SW3]int g0/0/1
|
||||
[SW3-GigabitEthernet0/0/1]port link-type access
|
||||
[SW3-GigabitEthernet0/0/1]port default vlan 30
|
||||
[SW3-GigabitEthernet0/0/1]quit
|
||||
[SW3]port-group group-member g0/0/2 g0/0/3
|
||||
[SW3-port-group]port link-type trunk
|
||||
[SW3-port-group]port trunk allow-pass vlan all
|
||||
```
|
||||
|
||||
- **SW5**
|
||||
|
||||
```
|
||||
[SW5]vlan batch 10 20 30 50
|
||||
[SW5]port-group group-member g0/0/1 to g0/0/3 g0/0/6
|
||||
[SW5-port-group]port link-type trunk
|
||||
[SW5-port-group]port trunk allow-pass vlan all
|
||||
[SW5-port-group]quit
|
||||
[SW5]int g0/0/5
|
||||
[SW5-GigabitEthernet0/0/5]port link-type access
|
||||
[SW5-GigabitEthernet0/0/5]port default vlan 50
|
||||
[SW5-GigabitEthernet0/0/5]quit
|
||||
[SW5]int Vlanif 50
|
||||
[SW5-Vlanif50]ip add 192.168.50.251 24
|
||||
[SW5-Vlanif50]int Vlanif 10
|
||||
[SW5-Vlanif10]ip add 192.168.10.251 24
|
||||
[SW5-Vlanif10]int Vlanif 20
|
||||
[SW5-Vlanif20]ip add 192.168.20.251 24
|
||||
[SW5-Vlanif20]int Vlanif 30
|
||||
[SW5-Vlanif30]ip add 192.168.30.251 24
|
||||
```
|
||||
|
||||
- **SW6**
|
||||
|
||||
```
|
||||
[SW6]vlan batch 10 20 30 50
|
||||
[SW6]port-group group-member g0/0/1 to g0/0/3 g0/0/6
|
||||
[SW6-port-group]port link-type trunk
|
||||
[SW6-port-group]port trunk allow-pass vlan all
|
||||
[SW6-port-group]quit
|
||||
[SW6]int Vlanif 10
|
||||
[SW6-Vlanif10]ip add 192.168.10.252 24
|
||||
[SW6-Vlanif10]int Vlanif 20
|
||||
[SW6-Vlanif20]ip add 192.168.20.252 24
|
||||
[SW6-Vlanif20]int Vlanif 30
|
||||
[SW6-Vlanif30]ip add 192.168.30.252 24
|
||||
[SW6-Vlanif30]int Vlanif 50
|
||||
[SW6-Vlanif50]ip add 192.168.50.252 24
|
||||
```
|
||||
|
||||
- **AR3 - DHCP**
|
||||
|
||||
```
|
||||
[AR3-DHCP]int g0/0/0
|
||||
[AR3-DHCP-GigabitEthernet0/0/0]ip add 192.168.50.1 24
|
||||
[AR3-DHCP-GigabitEthernet0/0/0]quit
|
||||
[AR3-DHCP]ip route-static 0.0.0.0 0 192.168.50.251
|
||||
```
|
||||
|
||||
### 二、VRRP
|
||||
|
||||
- **SW5**
|
||||
|
||||
```
|
||||
[SW5]int Vlanif 10
|
||||
[SW5-Vlanif10]vrrp vrid 10 virtual-ip 192.168.10.254
|
||||
[SW5-Vlanif10]vrrp vrid 10 priority 130
|
||||
[SW5-Vlanif10]quit
|
||||
[SW5]int Vlanif 20
|
||||
[SW5-Vlanif20]vrrp vrid 20 virtual-ip 192.168.20.254
|
||||
[SW5-Vlanif20]vrrp vrid 20 priority 130
|
||||
[SW5-Vlanif20]quit
|
||||
[SW5]int Vlanif 30
|
||||
[SW5-Vlanif30]vrrp vrid 30 virtual-ip 192.168.30.254
|
||||
```
|
||||
|
||||
- **SW6**
|
||||
|
||||
```
|
||||
[SW6]int Vlanif 10
|
||||
[SW6-Vlanif10]vrrp vrid 10 virtual-ip 192.168.10.254
|
||||
[SW6-Vlanif10]int Vlanif 20
|
||||
[SW6-Vlanif20]vrrp vrid 20 virtual-ip 192.168.20.254
|
||||
[SW6-Vlanif20]int Vlanif 30
|
||||
[SW6-Vlanif30]vrrp vrid 30 virtual-ip 192.168.30.254
|
||||
[SW6-Vlanif30]vrrp vrid 30 priority 130
|
||||
```
|
||||
|
||||
### 三、MSTP
|
||||
|
||||
- **SW1/SW2/SW3/SW5/SW6 统一配置MSTP**
|
||||
|
||||
```
|
||||
[SW1]stp region-configuration
|
||||
[SW1-mst-region]region-name ntd2407
|
||||
[SW1-mst-region]instance 5 vlan 50
|
||||
[SW1-mst-region]instance 10 vlan 10
|
||||
[SW1-mst-region]instance 20 vlan 20
|
||||
[SW1-mst-region]instance 30 vlan 30
|
||||
[SW1-mst-region]active region-configuration
|
||||
```
|
||||
|
||||
- **HX_SW5是实例10和实例20的主根**
|
||||
|
||||
```
|
||||
[SW5]stp instance 5 priority 8192
|
||||
[SW5]stp instance 10 priority 4096
|
||||
[SW5]stp instance 20 priority 4096
|
||||
[SW5]stp instance 30 priority 8192
|
||||
```
|
||||
|
||||
- **HX_SW6是实例30和实例5的主根**
|
||||
|
||||
```
|
||||
[SW5]stp instance 5 priority 8192
|
||||
[SW6]stp instance 10 priority 8192
|
||||
[SW6]stp instance 20 priority 8192
|
||||
[SW6]stp instance 30 priority 4096
|
||||
```
|
||||
|
||||
### 四、DHCP
|
||||
|
||||
- **AR3 - DHCP**
|
||||
|
||||
```
|
||||
[AR3-DHCP]dhcp enable
|
||||
[AR3-DHCP]ip pool vlan10
|
||||
[AR3-DHCP-ip-pool-vlan10]network 192.168.10.0 mask 24
|
||||
[AR3-DHCP-ip-pool-vlan10]gateway-list 192.168.10.254
|
||||
[AR3-DHCP-ip-pool-vlan10]dns-list 8.8.8.8
|
||||
[AR3-DHCP-ip-pool-vlan10]quit
|
||||
[AR3-DHCP]ip pool vlan20
|
||||
[AR3-DHCP-ip-pool-vlan20]network 192.168.20.0 mask 24
|
||||
[AR3-DHCP-ip-pool-vlan20]gateway-list 192.168.20.254
|
||||
[AR3-DHCP-ip-pool-vlan20]dns-list 8.8.8.8
|
||||
[AR3-DHCP-ip-pool-vlan20]quit
|
||||
[AR3-DHCP]ip pool vlan30
|
||||
[AR3-DHCP-ip-pool-vlan30]network 192.168.30.0 mask 24
|
||||
[AR3-DHCP-ip-pool-vlan30]gateway-list 192.168.30.254
|
||||
[AR3-DHCP-ip-pool-vlan30]dns-list 8.8.8.8
|
||||
[AR3-DHCP-ip-pool-vlan30]quit
|
||||
[AR3-DHCP]int g0/0/1
|
||||
[AR3-DHCP-GigabitEthernet0/0/1]dhcp select global
|
||||
```
|
||||
|
||||
- **SW5 - DHCP中继**
|
||||
|
||||
```
|
||||
[SW5]dhcp enable
|
||||
[SW5]int Vlanif 10
|
||||
[SW5-Vlanif10]dhcp select relay
|
||||
[SW5-Vlanif10]dhcp relay server-ip 192.168.50.1
|
||||
[SW5-Vlanif10]int Vlanif 20
|
||||
[SW5-Vlanif20]dhcp select relay
|
||||
[SW5-Vlanif20]dhcp relay server-ip 192.168.50.1
|
||||
[SW5-Vlanif20]int Vlanif 30
|
||||
[SW5-Vlanif30]dhcp select relay
|
||||
[SW5-Vlanif30]dhcp relay server-ip 192.168.50.1
|
||||
```
|
||||
|
||||
- **SW6 - DHCP中继**
|
||||
|
||||
```
|
||||
[SW6]dhcp enable
|
||||
[SW6]int Vlanif 10
|
||||
[SW6-Vlanif10]dhcp select relay
|
||||
[SW6-Vlanif10]dhcp relay server-ip 192.168.50.1
|
||||
[SW6-Vlanif10]int Vlanif 20
|
||||
[SW6-Vlanif20]dhcp select relay
|
||||
[SW6-Vlanif20]dhcp relay server-ip 192.168.50.1
|
||||
[SW6-Vlanif20]int Vlanif 30
|
||||
[SW6-Vlanif30]dhcp select relay
|
||||
[SW6-Vlanif30]dhcp relay server-ip 192.168.50.1
|
||||
```
|
||||
|
||||
### 五、验证
|
||||
|
||||
- 所有PC都可以通过dhcp获取IP地址
|
||||
- 所有PC都可以互联互通
|
||||
|
||||
38
B. 第二阶段/拓扑练习/0903_项目实战C - 内外网互联.md
Normal file
38
B. 第二阶段/拓扑练习/0903_项目实战C - 内外网互联.md
Normal file
@ -0,0 +1,38 @@
|
||||
# 项目实战 - 内外网互联
|
||||
|
||||
|
||||
|
||||
- **需求**
|
||||
- SW5通过vlanif15和出口设备R1互联
|
||||
- SW6通过vlanif16和出口设备R1互联
|
||||
- 在SW5/SW6与出口设备R1中配置路由,实现SW5/SW6与R1的互通
|
||||
- 公司出口设备 R1连接外网,公司租用的公网网段:100.1.1.0/29
|
||||
- 公司内网主机有访问外网的需求,所以在R1上配置默认路由,下一跳为公网网关
|
||||
- 使用ACL来定义允许那些部门和网段访问外网
|
||||
- 部署地址池NAT或者Easy-ip,实现内网主机访问外网
|
||||
- 配置VRRP的上行链路跟踪
|
||||
|
||||
### 一、IP & VLAN & Routing
|
||||
|
||||
- **AR1**
|
||||
|
||||
```
|
||||
[AR1]int g0/0/0
|
||||
[AR1-GigabitEthernet0/0/0]ip add 192.168.15.1 24
|
||||
[AR1-GigabitEthernet0/0/0]int g0/0/1
|
||||
[AR1-GigabitEthernet0/0/1]ip add 192.168.16.1 24
|
||||
[AR1-GigabitEthernet0/0/1]int g0/0/2
|
||||
[AR1-GigabitEthernet0/0/2]ip add 100.1.1.1 29
|
||||
```
|
||||
|
||||
- **AR2**
|
||||
|
||||
```
|
||||
[AR2]int g0/0/0
|
||||
[AR2-GigabitEthernet0/0/0]ip add 100.1.1.2 29
|
||||
[AR2-GigabitEthernet0/0/0]int g0/0/1
|
||||
[AR2-GigabitEthernet0/0/1]ip add 200.1.1.254 24
|
||||
```
|
||||
|
||||
|
||||
|
||||
Loading…
Reference in New Issue
Block a user