2. it技术
  3. 网络大综合项目实操(单臂路由、MSTP、VRRP、链路聚合、NAT等)

网络大综合项目实操(单臂路由、MSTP、VRRP、链路聚合、NAT等)

it2024-11-23  17

网络综合实验

实验拓补图:● 实验要求●分析: 配置命令:LSW1:LSW2:LSW3:LSW4:LSW5:LSW6:AR1:AR2:AR3:AR4:AR5:

实验拓补图:

● 实验要求

1.实现全网互通; 2.要求外网开放两台服务器,内网的路由器充当客户机分别访问这两台服务器。

●分析:

首先从拓补图可以看出RIP区域是有个单臂路由,链接OSPF区域需要双向重分发,然后黄色部分为OSPF区域下半部分分别为两个单臂路由,中间交叉部分产生了环路,所以需要做MSTP和链路聚合,紧接着上半部分AR2、LSW2和SW3这里需要建立VRRP,以防其中一台路由不工作,导致PC客户端无法上网;最后链接外网服务器,这里需要使用NAT协议,以实现用户访问服务器。

配置命令:

LSW1:

这里SW1无需任何命令,因为在相同网段中。

LSW2:

# sysname SW2 # vlan batch 100 200 300 400 555 ###(设置vlan) # stp instance 1 root primary stp instance 2 root secondary # cluster enable ntdp enable ndp enable # drop illegal-mac alarm # diffserv domain default # stp region-configuration ###(进入MST域视图) region-name TAO ###(配置MST域的域名) revision-level 1 ###(配置MST域的MSTP修订级别) instance 1 vlan 100 200 ###(配置多生成树的实例与VLAN映射关系) instance 2 vlan 300 400 ###(配置多生成树的实例与VLAN映射关系) active region-configuration ###(激活MST域的配置) # drop-profile default # aaa authentication-scheme default authorization-scheme default accounting-scheme default domain default domain default_admin local-user admin password simple admin local-user admin service-type http # interface Vlanif1 # interface Vlanif100 ip address 192.168.1.2 255.255.255.0 ###(设置IP地址) vrrp vrid 1 virtual-ip 192.168.1.1 ###(设置virtual-ip,即PC网关地址) vrrp vrid 1 priority 105 ###(设置vrid 1优先级) vrrp vrid 1 track interface GigabitEthernet0/0/1 ###(接口跟踪) # interface Vlanif200 ip address 192.168.2.2 255.255.255.0 ###(设置IP地址) vrrp vrid 2 virtual-ip 192.168.2.1 ###(设置virtual-ip,即PC网关地址) vrrp vrid 2 priority 105 ###(设置vrid 2优先级) vrrp vrid 2 track interface GigabitEthernet0/0/1 ###(接口跟踪) # interface Vlanif300 ip address 192.168.3.2 255.255.255.0 ###(设置IP地址) vrrp vrid 3 virtual-ip 192.168.3.1 ###(设置virtual-ip,即PC网关地址) # interface Vlanif400 ip address 192.168.4.2 255.255.255.0 ###(设置IP地址) vrrp vrid 4 virtual-ip 192.168.4.1 ###(设置virtual-ip,即PC网关地址) # interface Vlanif555 ip address 192.168.15.2 255.255.255.0 ###(设置IP地址) # interface MEth0/0/1 # interface Eth-Trunk1 ###(设置链路聚合) port link-type trunk ###(设置端口属性) port trunk allow-pass vlan 2 to 4094 # interface GigabitEthernet0/0/1 port link-type trunk ###(设置端口属性) port trunk allow-pass vlan 2 to 4094 # interface GigabitEthernet0/0/2 port link-type trunk ###(设置端口属性) port trunk allow-pass vlan 2 to 4094 # interface GigabitEthernet0/0/3 eth-trunk 1 # interface GigabitEthernet0/0/4 port link-type trunk ###(设置端口属性) port trunk allow-pass vlan 2 to 4094 # interface GigabitEthernet0/0/5 eth-trunk 1 ###(端口聚合) # interface GigabitEthernet0/0/6 eth-trunk 1 ###(端口聚合) # interface GigabitEthernet0/0/7 eth-trunk 1 ###(端口聚合) # interface GigabitEthernet0/0/8 # 。 。 (此处端口省略) 。 。 # interface GigabitEthernet0/0/24 # interface NULL0 # ospf 110 area 0.0.0.0 network 192.168.1.0 0.0.0.255 ###(宣告网段) network 192.168.2.0 0.0.0.255 ###(宣告网段) network 192.168.3.0 0.0.0.255 ###(宣告网段) network 192.168.4.0 0.0.0.255 ###(宣告网段) network 192.168.15.0 0.0.0.255 ###(宣告网段) # user-interface con 0 idle-timeout 0 0 user-interface vty 0 4 # return

LSW3:

# sysname SW3 # vlan batch 100 200 300 400 666 ###(设置vlan) # stp instance 1 root primary stp instance 2 root secondary # cluster enable ntdp enable ndp enable # drop illegal-mac alarm # diffserv domain default # stp region-configuration ###(进入MST域视图) region-name TAO ###(配置MST域的域名) revision-level 1 ###(配置MST域的MSTP修订级别) instance 1 vlan 300 400 ###(配置多生成树的实例与VLAN映射关系) instance 2 vlan 100 200 ###(配置多生成树的实例与VLAN映射关系) active region-configuration ###(激活MST域的配置) # # drop-profile default # aaa authentication-scheme default authorization-scheme default accounting-scheme default domain default domain default_admin local-user admin password simple admin local-user admin service-type http # interface Vlanif1 # interface Vlanif100 ip address 192.168.1.30 255.255.255.0 ###(设置IP地址) vrrp vrid 1 virtual-ip 192.168.1.1 ###(设置virtual-ip,即PC网关地址) # interface Vlanif200 ip address 192.168.2.30 255.255.255.0 ###(设置IP地址) vrrp vrid 2 virtual-ip 192.168.2.1 ###(设置virtual-ip,即PC网关地址) # interface Vlanif300 ip address 192.168.3.30 255.255.255.0 ###(设置IP地址) vrrp vrid 3 virtual-ip 192.168.3.1 ###(设置virtual-ip,即PC网关地址) vrrp vrid 3 priority 105 ###(设置vrid 3优先级) vrrp vrid 3 track interface GigabitEthernet0/0/1 ###(接口跟踪) # interface Vlanif400 ip address 192.168.4.30 255.255.255.0 ###(设置IP地址) vrrp vrid 4 virtual-ip 192.168.4.1 ###(设置virtual-ip,即PC网关地址) vrrp vrid 4 priority 105 ###(设置vrid 4优先级) vrrp vrid 4 track interface GigabitEthernet0/0/1 ###(接口跟踪) # interface Vlanif666 ip address 192.168.16.3 255.255.255.0 ###(设置IP地址) # interface MEth0/0/1 # interface Eth-Trunk1 ###(设置链路聚合) port link-type trunk ###(设置端口属性) port trunk allow-pass vlan 2 to 4094 # interface GigabitEthernet0/0/1 port link-type access ###(设置端口属性) port default vlan 666 # interface GigabitEthernet0/0/2 port link-type trunk ###(设置端口属性) port trunk allow-pass vlan 2 to 4094 # interface GigabitEthernet0/0/3 eth-trunk 1 ###(端口聚合) # interface GigabitEthernet0/0/4 port link-type trunk ###(设置端口属性) port trunk allow-pass vlan 2 to 4094 # interface GigabitEthernet0/0/5 eth-trunk 1 ###(端口聚合) # interface GigabitEthernet0/0/6 eth-trunk 1 ###(端口聚合) # interface GigabitEthernet0/0/7 eth-trunk 1 ###(端口聚合) # interface GigabitEthernet0/0/8 # 。 。 (此处端口省略) 。 。 # interface GigabitEthernet0/0/24 # interface NULL0 # ospf 110 area 0.0.0.0 network 192.168.16.0 0.0.0.255 ###(宣告网段) network 192.168.1.0 0.0.0.255 ###(宣告网段) network 192.168.2.0 0.0.0.255 ###(宣告网段) network 192.168.3.0 0.0.0.255 ###(宣告网段) network 192.168.4.0 0.0.0.255 ###(宣告网段) # user-interface con 0 idle-timeout 0 0 user-interface vty 0 4 # return

LSW4:

# sysname SW4 # vlan batch 100 200 300 400 ###(设置vlan) # stp instance 1 root primary stp instance 2 root secondary # cluster enable ntdp enable ndp enable # drop illegal-mac alarm # diffserv domain default # stp region-configuration ###(进入MST域视图) region-name TAO ###(配置MST域的域名) revision-level 1 ###(配置MST域的MSTP修订级别) instance 1 vlan 100 200 ###(配置多生成树的实例与VLAN映射关系) instance 2 vlan 300 400 ###(配置多生成树的实例与VLAN映射关系) active region-configuration ###(激活MST域的配置) # drop-profile default # aaa authentication-scheme default authorization-scheme default accounting-scheme default domain default domain default_admin local-user admin password simple admin local-user admin service-type http # interface Vlanif1 # interface MEth0/0/1 # interface Ethernet0/0/1 port link-type access ###(设置端口属性) port default vlan 100 # interface Ethernet0/0/2 port link-type access ###(设置端口属性) port default vlan 200 # interface Ethernet0/0/3 # 。 。 (此处端口省略) 。 。 # interface Ethernet0/0/22 # interface GigabitEthernet0/0/1 port link-type trunk ###(设置端口属性) port trunk allow-pass vlan 2 to 4094 # interface GigabitEthernet0/0/2 port link-type trunk ###(设置端口属性) port trunk allow-pass vlan 2 to 4094 # interface NULL0 # user-interface con 0 idle-timeout 0 0 user-interface vty 0 4 # return

LSW5:

# sysname SW5 # vlan batch 100 200 300 400 ###(设置vlan) # stp instance 1 root primary stp instance 2 root secondary # cluster enable ntdp enable ndp enable # drop illegal-mac alarm # diffserv domain default # stp region-configuration ###(进入MST域视图) region-name TAO ###(配置MST域的域名) revision-level 1 ###(配置MST域的MSTP修订级别) instance 1 vlan 100 200 ###(配置多生成树的实例与VLAN映射关系) instance 2 vlan 300 400 ###(配置多生成树的实例与VLAN映射关系) active region-configuration ###(激活MST域的配置) # drop-profile default # aaa authentication-scheme default authorization-scheme default accounting-scheme default domain default domain default_admin local-user admin password simple admin local-user admin service-type http # interface Vlanif1 # interface MEth0/0/1 # interface Ethernet0/0/1 port link-type access ###(设置端口属性) port default vlan 300 # interface Ethernet0/0/2 port link-type access ###(设置端口属性) port default vlan 400 # interface Ethernet0/0/3 # 。 。 (此处端口省略) 。 。 # interface Ethernet0/0/22 # interface GigabitEthernet0/0/1 port link-type trunk ###(设置端口属性) port trunk allow-pass vlan 2 to 4094 # interface GigabitEthernet0/0/2 port link-type trunk ###(设置端口属性) port trunk allow-pass vlan 2 to 4094 # interface NULL0 # user-interface con 0 idle-timeout 0 0 user-interface vty 0 4 # return

LSW6:

# sysname SW6 # vlan batch 500 600 ###(设置vlan) # cluster enable ntdp enable ndp enable # drop illegal-mac alarm # diffserv domain default # drop-profile default # aaa authentication-scheme default authorization-scheme default accounting-scheme default domain default domain default_admin local-user admin password simple admin local-user admin service-type http # interface Vlanif1 # interface MEth0/0/1 # interface Ethernet0/0/1 port link-type access ###(设置端口属性) port default vlan 500 # interface Ethernet0/0/2 port link-type access ###(设置端口属性) port default vlan 600 # interface Ethernet0/0/3 # 。 。 (此处端口省略) 。 。 # interface Ethernet0/0/22 # interface GigabitEthernet0/0/1 port link-type trunk ###(设置端口属性) port trunk allow-pass vlan 2 to 4094 # interface GigabitEthernet0/0/2 # interface NULL0 # user-interface con 0 idle-timeout 0 0 user-interface vty 0 4 # return

AR1:

# sysname R1 # snmp-agent local-engineid 800007DB03000000000000 snmp-agent # clock timezone China-Standard-Time minus 08:00:00 # portal local-server load flash:/portalpage.zip # drop illegal-mac alarm # wlan ac-global carrier id other ac id 0 # set cpu-usage threshold 80 restore 75 # aaa authentication-scheme default authorization-scheme default accounting-scheme default domain default domain default_admin local-user admin password cipher %$%$K8m.Nt84DZ}e#<0`8bmE3Uw}%$%$ local-user admin service-type http # firewall zone Local priority 15 # interface GigabitEthernet0/0/0 ip address 202.10.102.1 255.255.255.0 ###(设置IP地址) # interface GigabitEthernet0/0/1 ip address 210.10.101.1 255.255.255.0 ###(设置IP地址) # interface GigabitEthernet0/0/2 # interface NULL0 # user-interface con 0 authentication-mode password idle-timeout 0 0 user-interface vty 0 4 user-interface vty 16 20 # wlan ac # return

AR2:

# sysname R2 # board add 0/4 4GET # snmp-agent local-engineid 800007DB03000000000000 snmp-agent # clock timezone China-Standard-Time minus 08:00:00 # portal local-server load flash:/portalpage.zip # drop illegal-mac alarm # wlan ac-global carrier id other ac id 0 # set cpu-usage threshold 80 restore 75 # acl number 2000 ###(设置ACL序号) rule 5 permit source 192.168.0.0 0.0.31.255 ###(允许通过的流量) # aaa authentication-scheme default authorization-scheme default accounting-scheme default domain default domain default_admin local-user admin password cipher %$%$K8m.Nt84DZ}e#<0`8bmE3Uw}%$%$ local-user admin service-type http # firewall zone Local priority 15 # interface GigabitEthernet0/0/0 ip address 210.10.101.2 255.255.255.0 ###(设置IP地址) nat outbound 2000 ###(设置接口为多个内网对外网接口) # interface GigabitEthernet0/0/1 ip address 192.168.15.2 255.255.255.0 ###(设置IP地址) # interface GigabitEthernet0/0/2 ip address 192.168.16.2 255.255.255.0 ###(设置IP地址) # interface GigabitEthernet4/0/0 ip address 192.168.10.2 255.255.255.0 ###(设置IP地址) # interface GigabitEthernet4/0/1 # interface GigabitEthernet4/0/2 # interface GigabitEthernet4/0/3 # interface NULL0 # ospf 110 router-id 2.2.2.2 default-route-advertise always cost 0 ###(下发默认路由) area 0.0.0.0 network 2.2.2.2 0.0.0.0 ###(宣告网段) network 192.168.1.0 0.0.0.255 ###(宣告网段) network 192.168.2.0 0.0.0.255 ###(宣告网段) network 192.168.3.0 0.0.0.255 ###(宣告网段) network 192.168.4.0 0.0.0.255 ###(宣告网段) network 192.168.10.0 0.0.0.255 ###(宣告网段) network 192.168.15.0 0.0.0.255 ###(宣告网段) network 192.168.16.0 0.0.0.255 ###(宣告网段) # ip route-static 0.0.0.0 0.0.0.0 210.10.101.1 ###(设置静态路由) # user-interface con 0 authentication-mode password idle-timeout 0 0 user-interface vty 0 4 user-interface vty 16 20 # wlan ac # return

AR3:

# sysname R3 # snmp-agent local-engineid 800007DB03000000000000 snmp-agent # clock timezone China-Standard-Time minus 08:00:00 # portal local-server load flash:/portalpage.zip # drop illegal-mac alarm # wlan ac-global carrier id other ac id 0 # set cpu-usage threshold 80 restore 75 # aaa authentication-scheme default authorization-scheme default accounting-scheme default domain default domain default_admin local-user admin password cipher %$%$K8m.Nt84DZ}e#<0`8bmE3Uw}%$%$ local-user admin service-type http # firewall zone Local priority 15 # interface GigabitEthernet0/0/0 ip address 192.168.10.3 255.255.255.0 ###(设置IP地址) # interface GigabitEthernet0/0/1 ip address 192.168.20.3 255.255.255.0 ###(设置IP地址) # interface GigabitEthernet0/0/2 # interface NULL0 # ospf 110 router-id 3.3.3.3 import-route rip 1 cost 100 ###(设置双向重分发) area 0.0.0.0 network 3.3.3.3 0.0.0.0 ###(宣告网段) network 192.168.10.0 0.0.0.255 ###(宣告网段) # rip 1 undo summary ###(关闭自动聚合) default-route originate ###(下发默认路由) version 2 ###(设置版本ripv2) network 192.168.20.0 ###(宣告网段) import-route ospf 110 cost 0 ###(设置双向重分发) # user-interface con 0 authentication-mode password idle-timeout 0 0 user-interface vty 0 4 user-interface vty 16 20 # wlan ac # return

AR4:

# sysname R4 # snmp-agent local-engineid 800007DB03000000000000 snmp-agent # clock timezone China-Standard-Time minus 08:00:00 # portal local-server load flash:/portalpage.zip # drop illegal-mac alarm # wlan ac-global carrier id other ac id 0 # set cpu-usage threshold 80 restore 75 # aaa authentication-scheme default authorization-scheme default accounting-scheme default domain default domain default_admin local-user admin password cipher %$%$K8m.Nt84DZ}e#<0`8bmE3Uw}%$%$ local-user admin service-type http # firewall zone Local priority 15 # interface GigabitEthernet0/0/0 ip address 192.168.20.4 255.255.255.0 ###(设置IP地址) # interface GigabitEthernet0/0/1 ip address 192.168.30.4 255.255.255.0 ###(设置IP地址) # interface GigabitEthernet0/0/2 # interface NULL0 # rip 1 undo summary ###(关闭自动聚合) version 2 ###(设置版本ripv2) network 192.168.20.0 ###(宣告网段) network 192.168.30.0 ###(宣告网段) # user-interface con 0 authentication-mode password idle-timeout 0 0 user-interface vty 0 4 user-interface vty 16 20 # wlan ac # return

AR5:

# sysname R5 # snmp-agent local-engineid 800007DB03000000000000 snmp-agent # clock timezone China-Standard-Time minus 08:00:00 # portal local-server load flash:/portalpage.zip # drop illegal-mac alarm # wlan ac-global carrier id other ac id 0 # set cpu-usage threshold 80 restore 75 # aaa authentication-scheme default authorization-scheme default accounting-scheme default domain default domain default_admin local-user admin password cipher %$%$K8m.Nt84DZ}e#<0`8bmE3Uw}%$%$ local-user admin service-type http # firewall zone Local priority 15 # interface GigabitEthernet0/0/0 ip address 192.168.30.5 255.255.255.0 ###(设置IP地址) # interface GigabitEthernet0/0/1 # interface GigabitEthernet0/0/1.5 dot1q termination vid 500 ###(处理VLAN ID为500的报文) ip address 192.168.5.1 255.255.255.0 ###(配置VLAN 500的网关地址) arp broadcast enable ###(接口可以处理ARP广播报文) # interface GigabitEthernet0/0/1.6 dot1q termination vid 600 ###(处理VLAN ID为600的报文) ip address 192.168.6.1 255.255.255.0 ###(配置VLAN 600的网关地址) arp broadcast enable ###(接口可以处理ARP广播报文) # interface GigabitEthernet0/0/2 # interface NULL0 # rip 1 undo summary ###(关闭自动聚合) version 2 ###(设置版本ripv2) network 192.168.30.0 ###(宣告网段) network 192.168.5.0 ###(宣告网段) network 192.168.6.0 ###(宣告网段) # user-interface con 0 authentication-mode password idle-timeout 0 0 user-interface vty 0 4 user-interface vty 16 20 # wlan ac # return
最新回复(0)