企业项目拓扑3

企业项目拓扑3

某知名企业及运营商网络拓扑图如下：

企业项目要如下：

实验要求：1.如图所示蓝色区域为企业内网，红色区域为供应商网络；2.运行MSTP协议，使得VLAN流量负载均衡；3.SW1为vlan 10和20的主网关，SW1为30和40的备份网关；4.SW2为vlan 30和40的主网关，SW2为10和20的备份网关；5.DHCP服务器在vlan 66，网关在SW2上面；6.企业内网运行静态路由协议或者OSPF路由协议；7.所有PC机自动获取ip地址且可以与Server1互相ping通；8.Client1仅可以访问Server1的SW1vlan batch 10 20 30 40 66 100 interface GigabitEthernet 0/0/1port link-type trunkport trunk allow-pass vlan allinterface GigabitEthernet 0/0/2port link-type trunkport trunk allow-pass vlan allinterface GigabitEthernet 0/0/3port link-type trunkport trunk allow-pass vlan allinterface GigabitEthernet 0/0/4port link-type accessport default vlan 100interface Vlanif 100ip address 192.168.100.2 24interface Vlanif 66ip address 192.168.66.251 24quitSW2配置如下：sysname SW2vlan batch 10 20 30 40 66 200interface GigabitEthernet 0/0/1port link-type trunkport trunk allow-pass vlan allinterface GigabitEthernet 0/0/2port link-type trunkport trunk allow-pass vlan allinterface GigabitEthernet 0/0/3port link-type trunkport trunk allow-pass vlan allinterface GigabitEthernet 0/0/4port link-type accessport default vlan 200interface Vlanif 200ip address 192.168.200.2 24interface GigabitEthernet 0/0/5port link-type accessport default vlan 66interface Vlanif 66ip address 192.168.66.252 24quitSW3配置如下sysname SW3vlan batch 10 20 30 40interface Ethernet0/0/1port link-type trunkport trunk allow-pass vlan allinterface Ethernet0/0/2port link-type trunkport trunk allow-pass vlan allinterface Ethernet0/0/3port link-type accessport default vlan 10interface Ethernet0/0/4port link-type accessport default vlan 20interface Ethernet0/0/5port link-type trunkport trunk allow-pass vlan allquitSW4配置如下：sysname SW4vlan batch 10 20 30 40interface Ethernet0/0/1port link-type trunkport trunk allow-pass vlan allinterface Ethernet0/0/2port link-type trunkport trunk allow-pass vlan allinterface Ethernet0/0/3port link-type accessport default vlan 30interface Ethernet0/0/4port link-type accessport default vlan 40interface Ethernet0/0/5port link-type trunkport trunk allow-pass vlan allquitR1配置如下：sysname R1 interface g0/0/0 ip address 192.168.100.1 24interface g0/0/1 ip address 192.168.200.1 24interface g0/0/2 ip address 100.1.1.2 24quitR2配置如下：sysname R2 interface g0/0/0 ip address 100.1.1.1 24interface g0/0/1 ip address 200.1.1.254 24quitDHCPsysname DHCPdhcp enable interface g0/0/0ip address 192.168.66.1 24quit

第二步：配置接入层网络； 配置STP

SW1stp region-configuration region-name ntdinstance 12 vlan 10 20instance 34 vlan 30 40active region-configurationquitstp instance 12 priority 4096stp instance 34 priority 8192SW2stp region-configuration region-name ntdinstance 12 vlan 10 20instance 34 vlan 30 40active region-configurationquitstp instance 12 priority 8192stp instance 34 priority 4096SW3stp region-configuration region-name ntdinstance 12 vlan 10 20instance 34 vlan 30 40active region-configurationquitSW4stp region-configuration region-name ntdinstance 12 vlan 10 20instance 34 vlan 30 40active region-configurationquit

第三步：配置汇聚层网络；

第四步：配置核心层网络；

配置OSPFR1配置：ospf 1area 0network 192.168.100.0 0.0.0.255network 192.168.200.0 0.0.0.255default-route-advertise alwaysquitquitip route-static 0.0.0.0 0.0.0.0 100.1.1.1SW1配置：ospf 1area 0network 192.168.100.0 0.0.0.255area 10network 192.168.10.0 0.0.0.255area 20network 192.168.20.0 0.0.0.255area 30network 192.168.30.0 0.0.0.255area 40network 192.168.40.0 0.0.0.255area 66network 192.168.66.0 0.0.0.255stub no-summaryquitquitSW2配置：ospf 1area 0network 192.168.10.0 0.0.0.255area 10network 192.168.10.0 0.0.0.255area 20network 192.168.20.0 0.0.0.255area 30network 192.168.30.0 0.0.0.255area 40network 192.168.40.0 0.0.0.255area 66network 192.168.66.0 0.0.0.255stub no-summaryquitquitstp instance 0 root primaryDHCPospf 1area 66network 192.168.66.0 0.0.0.255stubquitquit配置NAT和ACLR1acl number 3000 rule 10 permit tcp source 192.168.20.0 0.0.0.255 destination 200.1.1.1 0 destination-port eq rule 15 deny ip source 192.168.20.0 0.0.0.255 destination 200.1.1.1 0 rule 20 permit ip interface GigabitEthernet0/0/2nat outbound 3000acl number 2000 rule 10 permit source 192.168.10.0 0.0.0.255interface GigabitEthernet0/0/2acl 2000 inboundquituser-interface vty 0 4acl 2000 inboundauthentication-mode password 123user privilege level 15

第五步：进行验证。

至此项目配置并验证成功。。。。。。

版权声明：本文内容由网络用户投稿，版权归原作者所有，本站不拥有其著作权，亦不承担相应法律责任。如果您发现本站中有涉嫌抄袭或描述失实的内容，请联系我们jiasou666@gmail.com 处理，核实后本网站将在24小时内删除侵权内容。