文章目录
- 综合实验1
- 实验需求
- 总部
- 特性
- 分支8
- 分支9
- 配置
- 一、 基本配置(IP+二层VLAN+链路聚合)
- ACC_SW
- SW-S1
- SW-S2
- SW-Ser1
- SW-Core
- SW8
- SW9
- DHCP
- ISP
- GW
- 二、 单臂路由
- GW
- 三、 vlanif
- SW8
- SW9
- 四、 OSPF
- SW8
- SW9
- GW
- 五、 DHCP
- DHCP
- GW
- 六、 NAT+缺省路由
- GW
- 七、 HTTP
- GW
综合实验1
实验需求
总部
1.除了SW8和SW9是三层交换机,其他交换机均为二层交换机,需要做链路聚合的线路图中已标出。所有交换机的接口模式按照图中标出的位置。
思考问题:这个图中有环路么?
2.GW为总部的出口设备,使用单臂路由技术,Vlan10,20,100的网关都在GW上。
3.总部、分支8、分支9之间互有专线连接。
目标:GW、SW8、SW9之间建立ospf,互相宣告互为邻居,进程号200,区域0,达到企业内网全网互通。
4.在SW8和SW9建立的邻居中,SW8的互联接口要永远为DR。
5.要求DHCP服务器在路由追踪PC8时,路径中必须包含SW9。
特性
6.Vlan10,20的PC均由DHCP服务器提供IP地址,DHCP服务器的地址池配置如下:
Vlan10:192.168.10.0/24 GW:192.168.10.254 DNS:8.8.8.8 租期:8天。
Vlan20:192.168.20.0/24 GW:192.168.20.254 DNS:8.8.8.8 租期:8天。
PC2是老板的PC,老板要求通过DHCP给他固定IP:192.168.20.100/24,其他与地址池一致。
由于员工区存在打印机,需要排除掉192.168.10.240-254 , 192.168.20.240-254。
7.GW路由器使用NAT技术,配置Easy-IP技术让内部设备可以上网
在Internet路由器上使用环回接口模拟公网地址,让所有PC可以ping通100.1.1.1。
8.服务器区有一台HTTP服务器,将其80端口发布到Internet网络,在Internet路由器上使用telnet 70.1.1.1 80 来验证是否成功。
分支8
PC8配置静态IP使PC8可以通过总部GW上网,ping 100.1.1.1。
分支9
PC9配置静态IP使PC9可以通过总部GW上网,ping 100.1.1.1。
配置
一、 基本配置(IP+二层VLAN+链路聚合)
ACC_SW
[ACC_SW]vlan 200
[ACC_SW-Vlanif200]int g0/0/1
[ACC_SW-GigabitEthernet0/0/1]p l a
[ACC_SW-GigabitEthernet0/0/1]p d v 200
[ACC_SW-GigabitEthernet0/0/1]int Eth-Trunk 1
[ACC_SW-Eth-Trunk1]mode lacp-static
[ACC_SW-Eth-Trunk1]trunkport GigabitEthernet 0/0/2 to 0/0/3
[ACC_SW-Eth-Trunk1]p l t
[ACC_SW-Eth-Trunk1]p t a v a
SW-S1
[SW-S1]vlan 10
[SW-S1]int g0/0/2
[SW-S1-GigabitEthernet0/0/2]p l t
[SW-S1-GigabitEthernet0/0/2]p t a v a
[SW-S1]int g0/0/1
[SW-S1-GigabitEthernet0/0/2]p l a
[SW-S1-GigabitEthernet0/0/2]p d v 10
SW-S2
[SW-S2]vlan 20
[SW-S2]int g0/0/2
[SW-S2-GigabitEthernet0/0/2]p l t
[SW-S2-GigabitEthernet0/0/2]p t a v a
[SW-S2]int g0/0/1
[SW-S2-GigabitEthernet0/0/1]p l t
[SW-S2-GigabitEthernet0/0/1]p t a v 20
[SW-S2-GigabitEthernet0/0/1]port trunk pvid vlan 20
SW-Ser1
[SW-Ser1]vlan 100
[SW-Ser1]int g0/0/1
[SW-Ser1-GigabitEthernet0/0/1]port hybrid pvid vlan 100
[SW-Ser1-GigabitEthernet0/0/1]port hybrid untagged vlan 100
[SW-Ser1-GigabitEthernet0/0/1]int g0/0/2
[SW-Ser1-GigabitEthernet0/0/2]port hybrid pvid vlan 100
[SW-Ser1-GigabitEthernet0/0/2]port hybrid untagged vlan 100
[SW-Ser1-GigabitEthernet0/0/2]int g0/0/3
[SW-Ser1-GigabitEthernet0/0/3]port hybrid tagged vlan 100
SW-Core
[SW-Core]vlan batch 10 20 100 200 201 202
[SW-Core]int g0/0/6
[SW-Core-GigabitEthernet0/0/6]p l t
[SW-Core-GigabitEthernet0/0/6]p t a v a
[SW-Core-GigabitEthernet0/0/6]int g0/0/7
[SW-Core-GigabitEthernet0/0/7]p l t
[SW-Core-GigabitEthernet0/0/7]p t a v a
[SW-Core-GigabitEthernet0/0/7]int g0/0/8
[SW-Core-GigabitEthernet0/0/8]port hybrid tagged vlan 100
[SW-Core-GigabitEthernet0/0/8]int g0/0/1
[SW-Core-GigabitEthernet0/0/1]p l a
[SW-Core-GigabitEthernet0/0/1]p d v 201
[SW-Core-GigabitEthernet0/0/1]int g0/0/9
[SW-Core-GigabitEthernet0/0/9]p l a
[SW-Core-GigabitEthernet0/0/9]p d v 202
[SW-Core]int Eth-Trunk 1
[SW-Core-Eth-Trunk1]mode lacp-static
[SW-Core-Eth-Trunk1]trunkport GigabitEthernet 0/0/2 to 0/0/3
[SW-Core-Eth-Trunk1]p l t
[SW-Core-Eth-Trunk1]p t a v a
[SW-Core]int Eth-Trunk 2
[SW-Core-Eth-Trunk2]mode lacp-static
[SW-Core-Eth-Trunk2]trunkport GigabitEthernet 0/0/4 to 0/0/5
[SW-Core-Eth-Trunk2]p l t
[SW-Core-Eth-Trunk2]p t a v a
[SW-Core]undo stp enable
SW8
[SW8]vlan batch 80 201 203
[SW8]int g0/0/1
[SW8-GigabitEthernet0/0/1]p l a
[SW8-GigabitEthernet0/0/1]p d v 201
[SW8-GigabitEthernet0/0/1]int g0/0/2
[SW8-GigabitEthernet0/0/2]p l a
[SW8-GigabitEthernet0/0/2]p d v 80
[SW8-GigabitEthernet0/0/2]int g0/0/3
[SW8-GigabitEthernet0/0/3]p l a
[SW8-GigabitEthernet0/0/3]p d v 203
SW9
[SW9]vlan batch 90 202 203
[SW9]int g0/0/1
[SW9-GigabitEthernet0/0/1]p l a
[SW9-GigabitEthernet0/0/1]p d v 202
[SW9-GigabitEthernet0/0/1]int g0/0/3
[SW9-GigabitEthernet0/0/3]p l a
[SW9-GigabitEthernet0/0/3]p d v 203
[SW9-GigabitEthernet0/0/3]int g0/0/2
[SW9-GigabitEthernet0/0/2]p l a
[SW9-GigabitEthernet0/0/2]p d v 90
DHCP
[DHCP]vlan batch 10 20 80 90 100 200 201 202 203
[DHCP]int g0/0/0
[DHCP-GigabitEthernet0/0/0]ip add 192.168.100.100 24
[DHCP]ip route-static 0.0.0.0 0.0.0.0 192.168.100.254
ISP
[Internet]int LoopBack 0
[Internet-LoopBack0]ip add 100.1.1.1 32
[Internet-LoopBack0]int g0/0/0
[Internet-GigabitEthernet0/0/0]ip add 60.30.1.1 29
GW
[GW]vlan batch 10 20 100 200 201 202
[GW]int Eth-Trunk 2
[GW-Eth-Trunk2]undo portswitch
[GW-Eth-Trunk2]trunkport GigabitEthernet 0/0/0 to 0/0/1
[GW-Eth-Trunk2]mode lacp-static
[GW]int loopback 0
[GW-LoopBack0]ip add 1.1.1.1 32
二、 单臂路由
GW
[GW]int Eth-trunk 2.10
[GW-Eth-Trunk2.10]d t v 10
[GW-Eth-Trunk2.10]ip add 192.168.10.254 24
[GW-Eth-Trunk2.10]a b e
[GW-Eth-Trunk2.10]int Eth-trunk 2.20
[GW-Eth-Trunk2.20]d t v 20
[GW-Eth-Trunk2.20]ip add 192.168.20.254 24
[GW-Eth-Trunk2.20]a b e
[GW-Eth-Trunk2.20]int Eth-trunk 2.100
[GW-Eth-Trunk2.100]d t v 100
[GW-Eth-Trunk2.100]ip add 192.168.100.254 24
[GW-Eth-Trunk2.100]a b e
[GW-Eth-Trunk2.100]int Eth-trunk 2.200
[GW-Eth-Trunk2.200]description toISP
[GW-Eth-Trunk2.200]d t v 200
[GW-Eth-Trunk2.200]ip add 60.30.1.2 29
[GW-Eth-Trunk2.200]a b e
[GW-Eth-Trunk2.200]int Eth-trunk 2.201
[GW-Eth-Trunk2.201]description toSW8
[GW-Eth-Trunk2.201]d t v 201
[GW-Eth-Trunk2.201]ip add 192.168.201.1 24
[GW-Eth-Trunk2.201]a b e
[GW-Eth-Trunk2.201]int Eth-trunk 2.202
[GW-Eth-Trunk2.202]d t v 202
[GW-Eth-Trunk2.202]ip add 192.168.202.1 24
[GW-Eth-Trunk2.202]a b e
三、 vlanif
SW8
[SW8]undo stp enable
[SW8]int loopback 0
[SW8-LoopBack0]ip add 8.8.8.8 32
[SW8]int vlanif 201
[SW8-vlanif201]ip add 192.168.201.2 24
[SW8-vlanif201]int vlanif 80
[SW8-vlanif80]ip add 192.168.80.254 24
SW9
[SW9]undo stp enable
[SW9]int loopback 0
[SW9-LoopBack0]ip add 9.9.9.9 32
[SW9]int vlanif 202
[SW9-vlanif202]ip add 192.168.202.2 24
[SW9-vlanif202]int vlanif 90
[SW9-vlanif90]ip add 192.168.90.254 24
四、 OSPF
SW8
[SW8]ospf 200 router-id 8.8.8.8
[SW8-ospf-200]area 0
[SW8-ospf-200-area-0.0.0.0]network 192.168.201.0 0.0.0.255
[SW8-ospf-200-area-0.0.0.0]network 192.168.203.0 0.0.0.255
[SW8-ospf-200-area-0.0.0.0]network 192.168.80.0 0.0.0.255
[SW8-ospf-200-area-0.0.0.0]network 8.8.8.8 0.0.0.0
[SW8]int vlanif 203
[SW8]ospf dr-priority 255 #永远为DR
SW9
[SW9]ospf 200 router-id 9.9.9.9
[SW9-ospf-200]area 0
[SW9-ospf-200-area-0.0.0.0]network 192.168.202.0 0.0.0.255
[SW9-ospf-200-area-0.0.0.0]network 192.168.203.0 0.0.0.255
[SW9-ospf-200-area-0.0.0.0]network 192.168.90.0 0.0.0.255
[SW9-ospf-200-area-0.0.0.0]network 9.9.9.9 0.0.0.0
GW
[GW]ospf 200 router-id 1.1.1.1
[GW-ospf-200]area 0
[GW-ospf-200-area-0.0.0.0]network 192.168.201.0 0.0.0.255
[GW-ospf-200-area-0.0.0.0]network 192.168.202.0 0.0.0.255
[GW-ospf-200-area-0.0.0.0]network 1.1.1.1 0.0.0.0
[GW-ospf-200-area-0.0.0.0]network 192.168.10.0 0.0.0.255
[GW-ospf-200-area-0.0.0.0]network 192.168.20.0 0.0.0.255
[GW-ospf-200-area-0.0.0.0]network 192.168.100.0 0.0.0.255
[GW]int Eth-trunk 2.201
[GW-Eth-Trunk2.201]ospf cost 3 #更改cost值用来改变路径
五、 DHCP
DHCP
[DHCP]dhcp enable
[DHCP]ip pool VLAN10
[DHCP-ip-pool-VLAN10]network 192.168.10.0 mask 24
[DHCP-ip-pool-VLAN10]gateway-list 192.168.10.254
[DHCP-ip-pool-VLAN10]dns-list 8.8.8.8
[DHCP-ip-pool-VLAN10]lease day 8
[DHCP-ip-pool-VLAN10]excluded-ip-address 192.168.10.240 192.168.10.253
[DHCP-ip-pool-VLAN10]ip pool VLAN20
[DHCP-ip-pool-VLAN20]network 192.168.20.0 mask 24
[DHCP-ip-pool-VLAN20]gateway-list 192.168.20.254
[DHCP-ip-pool-VLAN20]dns-list 8.8.8.8
[DHCP-ip-pool-VLAN20]lease day 8
[DHCP-ip-pool-VLAN20]static-bind ip-address 192.168.20.100 mac-address 5489-9806-68e7
[DHCP-ip-pool-VLAN20]excluded-ip-address 192.168.20.240 192.168.20.253
[DHCP-ip-pool-VLAN20]int g0/0/0
[DHCP-g0/0/0]dhcp select global
GW
[GW]dhcp enable
[GW]int Eth-Trunk 2.10
[GW-Eth-Trunk2.10]dhcp select relay
[GW-Eth-Trunk2.10]dhcp relay server-ip 192.168.100.100
[GW-Eth-Trunk2.10]int Eth-Trunk 2.20
[GW-Eth-Trunk2.20]dhcp select relay
[GW-Eth-Trunk2.20]dhcp relay server-ip 192.168.100.100
六、 NAT+缺省路由
GW
[GW]acl 2000
[GW-acl-basic-2000]rule permit source any
[GW]int Eth-Trunk 2.200
[GW-Eth-Trunk2.200]nat outbound 2000
[GW]ip route-static 0.0.0.0 0.0.0.0 60.30.1.1
SW8:ip route-static 0.0.0.0 0.0.0.0 192.168.201.1
SW9:ip route-static 0.0.0.0 0.0.0.0 192.168.202.1
七、 HTTP
GW
[GW]int Eth-Trunk 2.200
[GW-Eth-Trunk2.200]nat server protocol tcp global 70.1.1.1 80 inside 192.168.100.101 80
Internet:ip route-static 70.1.1.1 32 60.30.1.2
