园区网综合实验
拓扑图:
实验需求
按如下需求配置实验,最终达到全网互连互通(除外网访问内网用户外)
|
序号 |
类别 |
需求 |
|---|---|---|
|
1 |
VLAN划分 IP地址分配 |
PC1、PC3、PC4分配至VLAN10,IP地址静态分配; PC2、PC5分配至VLAN20,IP地址静态分配; PC6分配至VLAN30,IP地址动态获取; |
|
2 |
STP配置 |
统一适用STP; VLAN10的主根桥在SW1,备份跟桥在SW2; VLAN20的主根桥在SW2,备份跟桥在SW1; VLAN30不做要求; |
|
3 |
OSPF配置 |
R1、R2、R3、SW1、SW2、SW3运行OSPF(area 0); 每台设备均宣告自身直连网段(R1-SW7网段除外); 配置完成后,使VLAN10、VLAN20、VLAN30彼此间能互相通信以及内外网互通; |
|
4 |
链路聚合 |
SW1-SW2间,做链路聚合 |
|
5 |
NAT配置 |
Server的地址映射成R1与SW7所连链路的网段中的地址,并确保外网用户可以正常访问Server |
|
6 |
ACL配置 |
在OSPF配置完成的基础上,适用ACL技术,实现以下要求:
|
IP地址规划表
|
设备 |
接口 |
IP地址 |
子网掩码 |
|
R1 |
GE 0/0/0 |
10.0.10.1 |
255.255.255.0 |
|
GE 0/0/1 |
10.0.40.1 |
255.255.255.0 |
|
|
GE 0/0/2 |
10.0.20.1 |
255.255.255.0 |
|
|
R2 |
GE 0/0/0 |
10.0.50.2 |
255.255.255.0 |
|
GE 0/0/1 |
10.0.10.2 |
255.255.255.0 |
|
|
GE 0/0/2 |
10.0.60.2 |
255.255.255.0 |
|
|
GE 2/0/0 |
10.0.70.2 |
255.255.255.0 |
|
|
GE 2/0/1 |
10.0.30.2 |
255.255.255.0 |
|
|
R3 |
GE 0/0/0 |
10.0.110.3 |
255.255.255.0 |
|
GE 0/0/1 |
10.0.100.3 |
255.255.255.0 |
|
|
GE 0/0/2 |
10.0.90.3 |
255.255.255.0 |
|
|
GE 4/0/0 |
10.0.80.3 |
255.255.255.0 |
|
|
GE 4/0/1 |
10.0.20.3 |
255.255.255.0 |
|
|
GE 4/0/2 |
10.0.30.3 |
255.255.255.0 |
设备接口连接表
|
设备 |
接口列表 |
|
|
AR1 |
GE 0/0/0 |
AR2:GE 0/0/1 |
|
GE 0/0/1 |
AR3:GE 4/0/1 |
|
|
GE 0/0/2 |
LSW7:GE 0/0/1 |
|
|
AR2 |
GE 0/0/0 |
LSW1:GE 0/0/5 |
|
GE 0/0/1 |
AR1:GE 0/0/0 |
|
|
GE 0/0/2 |
LSW2:GE 0/0/6 |
|
|
GE2/0/0 |
LSW3:GE 0/0/3 |
|
|
GE2/0/1 |
AR3:GE 4/0/2 |
|
|
AR3 |
GE 0/0/1 |
LSW2:GE 0/0/5 |
|
GE 0/0/2 |
LSW3:GE 0/0/2 |
|
|
GE 0/0/3 |
Server1:Ethernet 0/0/0 |
|
|
GE 0/0/4 |
LSW1:GE 0/0/6 |
|
|
GE 0/0/5 |
AP1:GE 0/0/1 |
|
|
GE 0/0/6 |
AP2:GE 2/0/1 |
|
|
LSW1 |
GE 0/0/1 |
LSW4:GE 0/0/4 |
|
GE 0/0/2 |
LSW2:GE 0/0/2 |
|
|
GE 0/0/3 |
LSW2:GE 0/0/3 |
|
|
GE 0/0/4 |
LSW5:GE 0/0/4 |
|
|
GE 0/0/5 |
AP2:GE 0/0/0 |
|
|
GE 0/0/6 |
AP3:GE 0/0/0 |
|
|
LSW2 |
GE 0/0/1 |
LSW5:GE 0/0/3 |
|
GE 0/0/2 |
LSW1:GE 0/0/2 |
|
|
GE 0/0/3 |
LSW1:GE 0/0/3 |
|
|
GE 0/0/4 |
LSW4:GE 0/0/5 |
|
|
GE 0/0/5 |
AP3: GE 0/0/0 |
|
|
GE 0/0/6 |
AP2: GE 0/0/2 |
|
|
LSW3 |
GE 0/0/1 |
LSW6:GE 0/0/2 |
|
GE 0/0/2 |
AP3: GE 0/0/1 |
|
|
GE 0/0/3 |
AP2: GE 2/0/0 |
|
|
LSW4 |
GE 0/0/1 |
PC1:Ethernet 0/0/1 |
|
GE 0/0/2 |
PC2:Ethernet 0/0/1 |
|
|
GE 0/0/3 |
PC3:Ethernet 0/0/1 |
|
|
GE 0/0/4 |
LSW1:GE 0/0/1 |
|
|
GE 0/0/5 |
LSW2:GE 0/0/4 |
|
|
LSW5 |
GE 0/0/1 |
PC4:Ethernet 0/0/1 |
|
GE 0/0/2 |
PC5:Ethernet 0/0/1 |
|
|
GE 0/0/3 |
LSW2:GE 0/0/1 |
|
|
GE 0/0/4 |
LSW1:GE 0/0/4 |
|
|
LSW6 |
GE 0/0/1 |
PC11:Ethernet 0/0/1 |
|
GE 0/0/2 |
LSW3:GE 0/0/1 |
|
|
LSW7 |
GE 0/0/1 |
AP1: GE 0/0/2 |
|
GE 0/0/2 |
PC7:Ethernet 0/0/1 |
|
|
PC1 |
Ethernet 0/0/1 |
LSW4:GE 0/0/1 |
|
PC2 |
Ethernet 0/0/1 |
LSW4:GE 0/0/2 |
|
PC3 |
Ethernet 0/0/1 |
LSW4:GE 0/0/3 |
|
PC4 |
Ethernet 0/0/1 |
LSW5:GE 0/0/1 |
|
PC5 |
Ethernet 0/0/1 |
LSW5:GE 0/0/2 |
|
PC7 |
Ethernet 0/0/1 |
LSW7:GE 0/0/2 |
|
PC11 |
Ethernet 0/0/1 |
LSW6:GE 0/0/1 |
|
Server1 |
Ethernet 0/0/0 |
AP3: GE 0/0/2 |
VLAN规划表
|
设备 |
VLAN号 |
接口连接信息 |
链路类型 |
|
LSW4-PC1 |
10 |
Ethernet 0/0/1—GE 0/0/1 |
Access |
|
LSW4-PC2 |
20 |
Ethernet 0/0/1—GE 0/0/2 |
Access |
|
LSW4-PC3 |
10 |
Ethernet 0/0/1—GE 0/0/3 |
Access |
|
LSW5-PC4 |
10 |
Ethernet 0/0/1—GE 0/0/1 |
Access |
|
LSW5-PC5 |
20 |
Ethernet 0/0/1—GE 0/0/2 |
Access |
|
LSW6-PC11 |
30 |
Ethernet 0/0/1—GE 0/0/1 |
Access |
配置
R1
#
sysname R1
#
board add 0/2 4GET
#
snmp-agent local-engineid 800007DB03000000000000
snmp-agent
#
clock timezone China-Standard-Time minus 08:00:00
#
portal local-server load flash:/portalpage.zip
#
drop illegal-mac alarm
#
wlan ac-global carrier id other ac id 0
#
set cpu-usage threshold 80 restore 75
#
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password cipher %$%$K8m.Nt84DZ}e#<0`8bmE3Uw}%$%$
local-user admin service-type http
#
firewall zone Local
priority 15
#
interface GigabitEthernet0/0/0
ip address 10.0.10.1 255.255.255.0
#
interface GigabitEthernet0/0/1
ip address 10.0.20.1 255.255.255.0
#
interface GigabitEthernet0/0/2
ip address 192.168.40.1 255.255.255.0
nat static global 192.168.40.3 inside 10.0.90.10 netmask 255.255.255.255
#
interface GigabitEthernet2/0/0
#
interface GigabitEthernet2/0/1
#
interface GigabitEthernet2/0/2
#
interface GigabitEthernet2/0/3
#
interface NULL0
#
interface LoopBack0
ip address 1.1.1.1 255.255.255.255
#
ospf 1 router-id 1.1.1.1
default-route-advertise always
area 0.0.0.0
network 10.0.10.0 0.0.0.255
network 10.0.20.0 0.0.0.255
#
user-interface con 0
authentication-mode password
user-interface vty 0 4
user-interface vty 16 20
#
wlan ac
#
return
R2
#
sysname R2
#
board add 0/2 4GET
#
snmp-agent local-engineid 800007DB03000000000000
snmp-agent
#
clock timezone China-Standard-Time minus 08:00:00
#
portal local-server load flash:/portalpage.zip
#
drop illegal-mac alarm
#
wlan ac-global carrier id other ac id 0
#
set cpu-usage threshold 80 restore 75
#
acl number 2000
rule 5 deny source 192.168.200.0 0.0.0.255
#
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password cipher %$%$K8m.Nt84DZ}e#<0`8bmE3Uw}%$%$
local-user admin service-type http
#
firewall zone Local
priority 15
#
interface GigabitEthernet0/0/0
ip address 10.0.50.2 255.255.255.0
#
interface GigabitEthernet0/0/1
ip address 10.0.10.2 255.255.255.0
#
interface GigabitEthernet0/0/2
ip address 10.0.60.2 255.255.255.0
#
interface GigabitEthernet2/0/0
#
interface GigabitEthernet2/0/1
ip address 10.0.30.2 255.255.255.0
traffic-filter outbound acl 2000
#
interface GigabitEthernet2/0/2
#
interface GigabitEthernet2/0/3
#
interface NULL0
#
ospf 1 router-id 2.2.2.2
area 0.0.0.0
network 10.0.10.0 0.0.0.255
network 10.0.30.0 0.0.0.255
network 10.0.50.0 0.0.0.255
network 10.0.60.0 0.0.0.255
network 10.0.70.0 0.0.0.255
#
user-interface con 0
authentication-mode password
user-interface vty 0 4
user-interface vty 16 20
#
wlan ac
#
return
R3
#
sysname R3
#
board add 0/4 4GET
#
snmp-agent local-engineid 800007DB03000000000000
snmp-agent
#
clock timezone China-Standard-Time minus 08:00:00
#
portal local-server load flash:/portalpage.zip
#
drop illegal-mac alarm
#
wlan ac-global carrier id other ac id 0
#
set cpu-usage threshold 80 restore 75
#
dhcp enable
#
acl number 2000
rule 1 deny source 192.168.100.0 0.0.0.255
rule 2 deny source 192.168.200.0 0.0.0.255
#
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password cipher %$%$K8m.Nt84DZ}e#<0`8bmE3Uw}%$%$
local-user admin service-type http
#
firewall zone Local
priority 15
#
interface GigabitEthernet0/0/0
ip address 10.0.110.3 255.255.255.0
dhcp select interface
#
interface GigabitEthernet0/0/1
ip address 10.0.100.3 255.255.255.0
dhcp select interface
#
interface GigabitEthernet0/0/2
ip address 10.0.90.3 255.255.255.0
traffic-filter outbound acl 2000
#
interface GigabitEthernet4/0/0
ip address 10.0.80.3 255.255.255.0
#
interface GigabitEthernet4/0/1
ip address 10.0.20.3 255.255.255.0
#
interface GigabitEthernet4/0/2
ip address 10.0.30.3 255.255.255.0
#
interface GigabitEthernet4/0/3
#
interface NULL0
#
ospf 1 router-id 3.3.3.3
area 0.0.0.0
network 10.0.20.0 0.0.0.255
network 10.0.30.0 0.0.0.255
network 10.0.80.0 0.0.0.255
network 10.0.90.0 0.0.0.255
network 10.0.100.0 0.0.0.255
network 10.0.110.0 0.0.0.255
#
user-interface con 0
authentication-mode password
user-interface vty 0 4
user-interface vty 16 20
#
wlan ac
#
return
SW1
#
sysname SW1
#
vlan batch 10 20 40 50
#
stp mode stp
stp instance 0 root primary
stp instance 1 root primary
stp instance 2 root secondary
#
cluster enable
ntdp enable
ndp enable
#
drop illegal-mac alarm
#
diffserv domain default
#
stp region-configuration
region-name mstp1
instance 1 vlan 10
instance 2 vlan 20
active region-configuration
#
drop-profile default
#
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password simple admin
local-user admin service-type http
#
interface Vlanif1
#
interface Vlanif10
ip address 192.168.100.254 255.255.255.0
#
interface Vlanif20
ip address 192.168.200.254 255.255.255.0
#
interface Vlanif40
ip address 10.0.50.1 255.255.255.0
#
interface Vlanif50
ip address 10.0.80.1 255.255.255.0
#
interface MEth0/0/1
#
interface Eth-Trunk10
port link-type trunk
port trunk allow-pass vlan 2 to 4094
mode lacp-static
#
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 10 20
#
interface GigabitEthernet0/0/2
eth-trunk 10
#
interface GigabitEthernet0/0/3
eth-trunk 10
#
interface GigabitEthernet0/0/4
port link-type trunk
port trunk allow-pass vlan 10 20
#
interface GigabitEthernet0/0/5
port link-type access
port default vlan 40
#
interface GigabitEthernet0/0/6
port link-type access
port default vlan 50
#
interface GigabitEthernet0/0/7
#
interface GigabitEthernet0/0/8
#
interface GigabitEthernet0/0/9
#
interface GigabitEthernet0/0/10
#
interface GigabitEthernet0/0/11
#
interface GigabitEthernet0/0/12
#
interface GigabitEthernet0/0/13
#
interface GigabitEthernet0/0/14
#
interface GigabitEthernet0/0/15
#
interface GigabitEthernet0/0/16
#
interface GigabitEthernet0/0/17
#
interface GigabitEthernet0/0/18
#
interface GigabitEthernet0/0/19
#
interface GigabitEthernet0/0/20
#
interface GigabitEthernet0/0/21
#
interface GigabitEthernet0/0/22
#
interface GigabitEthernet0/0/23
#
interface GigabitEthernet0/0/24
#
interface NULL0
#
ospf 1 router-id 4.4.4.4
area 0.0.0.0
network 10.0.50.0 0.0.0.255
network 192.168.100.0 0.0.0.255
network 192.168.200.0 0.0.0.255
#
user-interface con 0
user-interface vty 0 4
#
return
SW2
#
sysname SW2
#
vlan batch 10 20 60 70
#
stp mode stp
stp instance 0 root secondary
stp instance 1 root secondary
stp instance 2 root primary
#
cluster enable
ntdp enable
ndp enable
#
drop illegal-mac alarm
#
diffserv domain default
#
stp region-configuration
region-name mstp1
instance 1 vlan 10
instance 2 vlan 20
active region-configuration
#
drop-profile default
#
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password simple admin
local-user admin service-type http
#
interface Vlanif1
#
interface Vlanif10
ip address 192.168.100.253 255.255.255.0
#
interface Vlanif20
ip address 192.168.200.253 255.255.255.0
#
interface Vlanif60
ip address 10.0.60.4 255.255.255.0
#
interface Vlanif70
ip address 10.0.110.4 255.255.255.0
#
interface MEth0/0/1
#
interface Eth-Trunk10
port link-type trunk
port trunk allow-pass vlan 2 to 4094
mode lacp-static
#
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 10 20
#
interface GigabitEthernet0/0/2
eth-trunk 10
#
interface GigabitEthernet0/0/3
eth-trunk 10
#
interface GigabitEthernet0/0/4
port link-type trunk
port trunk allow-pass vlan 10 20
#
interface GigabitEthernet0/0/5
port link-type access
port default vlan 70
#
interface GigabitEthernet0/0/6
port link-type access
port default vlan 60
#
interface GigabitEthernet0/0/7
#
interface GigabitEthernet0/0/8
#
interface GigabitEthernet0/0/9
#
interface GigabitEthernet0/0/10
#
interface GigabitEthernet0/0/11
#
interface GigabitEthernet0/0/12
#
interface GigabitEthernet0/0/13
#
interface GigabitEthernet0/0/14
#
interface GigabitEthernet0/0/15
#
interface GigabitEthernet0/0/16
#
interface GigabitEthernet0/0/17
#
interface GigabitEthernet0/0/18
#
interface GigabitEthernet0/0/19
#
interface GigabitEthernet0/0/20
#
interface GigabitEthernet0/0/21
#
interface GigabitEthernet0/0/22
#
interface GigabitEthernet0/0/23
#
interface GigabitEthernet0/0/24
#
interface NULL0
#
ospf 1 router-id 5.5.5.5
area 0.0.0.0
network 10.0.60.0 0.0.0.255
network 10.0.110.0 0.0.0.255
network 192.168.100.0 0.0.0.255
network 192.168.200.0 0.0.0.255
#
user-interface con 0
user-interface vty 0 4
#
port-group link-type
#
return
SW3
#
sysname SW3
#
vlan batch 30
#
cluster enable
ntdp enable
ndp enable
#
drop illegal-mac alarm
#
dhcp enable
#
diffserv domain default
#
acl number 2000
rule 5 deny source 192.168.200.0 0.0.0.255
#
drop-profile default
#
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password simple admin
local-user admin service-type http
#
interface Vlanif1
#
interface Vlanif30
dhcp select relay
dhcp relay server-ip 10.0.100.3
#
interface MEth0/0/1
#
interface GigabitEthernet0/0/1
port link-type access
port default vlan 30
traffic-filter outbound acl 2000
#
interface GigabitEthernet0/0/2
port link-type access
port default vlan 30
#
interface GigabitEthernet0/0/3
#
interface GigabitEthernet0/0/4
#
interface GigabitEthernet0/0/5
#
interface GigabitEthernet0/0/6
#
interface GigabitEthernet0/0/7
#
interface GigabitEthernet0/0/8
#
interface GigabitEthernet0/0/9
#
interface GigabitEthernet0/0/10
#
interface GigabitEthernet0/0/11
#
interface GigabitEthernet0/0/12
#
interface GigabitEthernet0/0/13
#
interface GigabitEthernet0/0/14
#
interface GigabitEthernet0/0/15
#
interface GigabitEthernet0/0/16
#
interface GigabitEthernet0/0/17
#
interface GigabitEthernet0/0/18
#
interface GigabitEthernet0/0/19
#
interface GigabitEthernet0/0/20
#
interface GigabitEthernet0/0/21
#
interface GigabitEthernet0/0/22
#
interface GigabitEthernet0/0/23
#
interface GigabitEthernet0/0/24
#
interface NULL0
#
user-interface con 0
user-interface vty 0 4
#
return
SW4
#
sysname SW4
#
undo info-center enable
#
vlan batch 10 20
#
cluster enable
ntdp enable
ndp enable
#
drop illegal-mac alarm
#
diffserv domain default
#
stp region-configuration
region-name mstp1
instance 1 vlan 10
instance 2 vlan 20
active region-configuration
#
drop-profile default
#
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password simple admin
local-user admin service-type http
#
interface Vlanif1
#
interface MEth0/0/1
#
interface GigabitEthernet0/0/1
port link-type access
port default vlan 10
#
interface GigabitEthernet0/0/2
port link-type access
port default vlan 20
#
interface GigabitEthernet0/0/3
port link-type access
port default vlan 10
#
interface GigabitEthernet0/0/4
port link-type trunk
port trunk allow-pass vlan 10 20
#
interface GigabitEthernet0/0/5
port link-type trunk
port trunk allow-pass vlan 10 20
#
interface GigabitEthernet0/0/6
port link-type trunk
port trunk allow-pass vlan 10 20
#
interface GigabitEthernet0/0/7
#
interface GigabitEthernet0/0/8
#
interface GigabitEthernet0/0/9
#
interface GigabitEthernet0/0/10
#
interface GigabitEthernet0/0/11
#
interface GigabitEthernet0/0/12
#
interface GigabitEthernet0/0/13
#
interface GigabitEthernet0/0/14
#
interface GigabitEthernet0/0/15
#
interface GigabitEthernet0/0/16
#
interface GigabitEthernet0/0/17
#
interface GigabitEthernet0/0/18
#
interface GigabitEthernet0/0/19
#
interface GigabitEthernet0/0/20
#
interface GigabitEthernet0/0/21
#
interface GigabitEthernet0/0/22
#
interface GigabitEthernet0/0/23
#
interface GigabitEthernet0/0/24
#
interface NULL0
#
user-interface con 0
user-interface vty 0 4
#
return
SW5
#
sysname SW5
#
vlan batch 10 20
#
cluster enable
ntdp enable
ndp enable
#
drop illegal-mac alarm
#
diffserv domain default
#
drop-profile default
#
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password simple admin
local-user admin service-type http
#
interface Vlanif1
#
interface MEth0/0/1
#
interface GigabitEthernet0/0/1
port link-type access
port default vlan 10
#
interface GigabitEthernet0/0/2
port link-type access
port default vlan 20
#
interface GigabitEthernet0/0/3
#
interface GigabitEthernet0/0/4
#
interface GigabitEthernet0/0/5
port link-type trunk
port trunk allow-pass vlan 10 20
#
interface GigabitEthernet0/0/6
#
interface GigabitEthernet0/0/7
#
interface GigabitEthernet0/0/8
#
interface GigabitEthernet0/0/9
#
interface GigabitEthernet0/0/10
#
interface GigabitEthernet0/0/11
#
interface GigabitEthernet0/0/12
#
interface GigabitEthernet0/0/13
#
interface GigabitEthernet0/0/14
#
interface GigabitEthernet0/0/15
#
interface GigabitEthernet0/0/16
#
interface GigabitEthernet0/0/17
#
interface GigabitEthernet0/0/18
#
interface GigabitEthernet0/0/19
#
interface GigabitEthernet0/0/20
#
interface GigabitEthernet0/0/21
#
interface GigabitEthernet0/0/22
#
interface GigabitEthernet0/0/23
#
interface GigabitEthernet0/0/24
#
interface NULL0
#
user-interface con 0
user-interface vty 0 4
#
return