网络拓扑图
配置如下:
一、VLAN建立及链路聚合
SW1配置
#
interface Bridge-Aggregation1
port link-type trunk
port trunk permit vlan all
link-aggregation mode dynamic
#
interface FortyGigE1/0/53
port link-aggregation group 1
#
interface FortyGigE1/0/54
port link-aggregation group 1
#
Dis link-aggregation verbose
Aggregate Interface: Bridge-Aggregation1
Creation Mode: Manual
Aggregation Mode: Dynamic
Loadsharing Type: Shar
Management VLANs: None
System ID: 0x8000, 6e6e-285f-0800
Local:
Port Status Priority Index Oper-Key Flag
FGE1/0/53 S 32768 1 1 {ACDEF}
FGE1/0/54 S 32768 2 1 {ACDEF}
Remote:
Actor Priority Index Oper-Key SystemID Flag
FGE1/0/53(R) 32768 54 1 0x8000, 6e67-29b1-0400 {ACDEF}
FGE1/0/54 32768 55 1 0x8000, 6e67-29b1-0400 {ACDEF}
Undo stp global enable
SW2配置
VLAN200
VLAN100
interface Bridge-Aggregation1
port link-type trunk
port trunk permit vlan all
link-aggregation mode dynamic
#
interface NULL0
#
interface FortyGigE1/0/53
port link-aggregation group 1
#
interface FortyGigE1/0/54
port link-aggregation group 1
interface GigabitEthernet1/0/4
e
port access vlan 200
stp edged-port
#
interface GigabitEthernet1/0/5
port access vlan 200
stp edged-port
W3配置
interface Ten-GigabitEthernet1/0/51
port link-type trunk
port trunk permit vlan 1
#
interface Ten-GigabitEthernet1/0/49
port link-type trunk
port trunk permit vlan 1 10 20 100
#
interface Ten-GigabitEthernet1/0/50
port link-type trunk
port trunk permit vlan 1 30 100
#
SW4配置
#
interface Ten-GigabitEthernet1/0/49
port link-type trunk
port trunk permit vlan 1 10 20 100
#
interface GigabitEthernet1/0/10
port link-mode bridge(默认)
port access vlan 10
#
interface GigabitEthernet1/0/11
port link-mode bridge(默认)
port access vlan 11
SW5配置
VLAN100
VLAN30
#
interface Ten-GigabitEthernet1/0/50
port link-mode bridge
port link-type trunk
port trunk permit vlan 1 30 100
combo enable fiber
#
interface GigabitEthernet1/0/2
port link-type access
port access vlan 30
#
SW6:
VLAN100
VLAN40
#
interface Ten-GigabitEthernet1/0/49
port link-type trunk
port trunk permit vlan 1 40 100
#
interface Ten-GigabitEthernet1/0/52
port link-type trunk
port trunk permit vlan 1 40 100
#
SW7:
VLAN100
VLAN40
#
interface Ten-GigabitEthernet1/0/49
port link-type trunk
port trunk permit vlan 1 40 100
#
interface GigabitEthernet1/0/3
port access vlan 40
stp edged-port
#
SW8:
Vlan 50
Vlan 100
#
interface Ten-GigabitEthernet1/0/49
port link-type trunk
port trunk permit vlan 1 50 100
#
interface Ten-GigabitEthernet1/0/51
port link-type trunk
port trunk permit vlan 1 50 100
SW9:
Vlan 100
Vlan 50
#
interface Ten-GigabitEthernet1/0/49
port link-type trunk
port trunk permit vlan 1 50 100
#
interface GigabitEthernet1/0/4
port access vlan 50
stp edged-port
二、Svi 网关配置:
SW1核心交换机配置(dis cur)
interface Vlan-interface10
ip address 192.168.10.1 255.255.255.0
#
interface Vlan-interface20
ip address 192.168.20.1 255.255.255.0
#
interface Vlan-interface30
ip address 192.168.30.1 255.255.255.0
#
interface Vlan-interface40
ip address 192.168.40.1 255.255.255.0
#
interface Vlan-interface50
ip address 192.168.50.1 255.255.255.0
#
interface Vlan-interface200
ip address 192.168.200.1 255.255.255.0
dis int ip brief
Vlan10 up up 192.168.10.1 — —
Vlan20 up up 192.168.20.1 — —
Vlan30 up up 192.168.30.1 — —
Vlan40 up up 192.168.40.1 — —
Vlan50 up up 192.168.50.1 — —
Vlan200 up up 192.168.200.1 — —
三、DHCP 配置
SW1 (dis cur)
Dhcp enanle
#
dhcp enable
dhcp server forbidden-ip 192.168.10.1
dhcp server forbidden-ip 192.168.20.1
dhcp server forbidden-ip 192.168.30.1
dhcp server forbidden-ip 192.168.40.1
dhcp server forbidden-ip 192.168.50.1
#
#
dhcp server ip-pool vlan10
gateway-list 192.168.10.1
network 192.168.10.0 mask 255.255.255.0
dns-list 192.168.10.1
#
dhcp server ip-pool vlan20
gateway-list 192.168.20.1
network 192.168.20.0 mask 255.255.255.128
dns-list 192.168.20.1
#
dhcp server ip-pool vlan30
gateway-list 192.168.30.1
network 192.168.30.0 mask 255.255.255.0
dns-list 192.168.30.1
#
dhcp server ip-pool vlan40
gateway-list 192.168.40.1
network 192.168.40.0 mask 255.255.255.0
dns-list 192.168.40.1
#
dhcp server ip-pool vlan50
gateway-list 192.168.50.1
network 192.168.50.0 mask 255.255.255.0
dns-list 192.168.50.1
#
Dis dhcp server ip-in-use
IP address Client-identifier/ Lease expiration Type
Hardware address
192.168.10.2 0036-6536-362e-3232- Oct 21 11:35:24 2022 Auto(C)
6261-2e30-3330-362d-
4745-302f-302f-31
192.168.20.2 0036-6537-372e-3862- Oct 21 11:36:31 2022 Auto(C)
6362-2e30-6230-362d-
4745-302f-302f-31
192.168.30.2 0036-6537-372e-3935- Oct 21 11:35:43 2022 Auto(C)
3763-2e30-6330-362d-
4745-302f-302f-31
四、STP 配置
SW1
Stp priority 0
stp global enable 默认
SW4(与用户相连的端口配置边缘接口)
interface GigabitEthernet1/0/10
stp edged-port
interface GigabitEthernet1/0/11
stp edged-port
SW5
interface GigabitEthernet1/0/2
stp edged-port
五、OSPF 配置
SW1:
#
interface GigabitEthernet1/0/2
port link-mode route
ip address 192.168.100.1 255.255.255.0
#
Ospf 1
Area 0
Network 192.168.100.0 0.0.0.255
Network 192.168.200.0 0.0.0.255
Network 192.168.10.0 0.0.0.255
Network 192.168.20.0 0.0.0.255
Network 192.168.30.0 0.0.0.255
Network 192.168.40.0 0.0.0.255
Network 192.168.50.0 0.0.0.255
R1:
interface Serial1/0
ip address 14.1.1.1 255.255.255.0
interface GigabitEthernet0/0
port link-mode route
ip address 12.1.1.1 255.255.255.0
#
interface GigabitEthernet0/1
ip address 13.1.1.1 255.255.255.0
#interface GigabitEthernet0/2
ip address 192.168.100.2 255.255.255.0
#
Ospf 1
Area 0
Network 192.168.100.0 0.0.0.255
Network 14.1.1.0 0.0.0.255
R2:
interface GigabitEthernet0/1
ip address 192.168.80.1 255.255.255.0
#
interface Serial1/0
ip address 14.1.1.2 255.255.255.0
#
Ospf 1
Area 0
Network 192.168.80.0 0.0.0.255
Network 14.1.1.0 0.0.0.255
DHCP:
dhcp server ip-pool vlan80
gateway-list 192.168.80.1
network 192.168.80.0 mask 255.255.255.0
dns-list 192.168.80.1
六、Telnet 远程配置及console配置
SW1:
telnet server enable
Line vity 0 4
Authentication-mode scheme
local-user aa
Password simple abc1234567
authorization-attribute user-role network-admin
Service-type telnet
Console 配置
Line console 0
Authentication-mode password
Set authentication password simple abc1234567
SW2-10:
telnet server enable
Line vity 0 4
Authentication-mode scheme
local-user aa
Password simple 12345
authorization-attribute user-role network-admin
Service-type telnet
Console 配置
Line console 0
Authentication-mode password
Set authentication password simple 12345
七、ACL 控制列表
控制不同VLAN间不能访问,但都能访问服务器。
Acl num 3000
rule 0 deny ip source 192.168.30.0 0.0.0.255 (7 times matched) 地址不能ping通,也不能访问
rule 5 deny tcp source 192.168.20.0 0.0.0.255 地址能Ping通,但不能访问
packet-filter 3000 outbound 下发控制列表。
查看命令:
dis acl num
只允许200段的IP 远程telnet SW1和其他交换机,其他的ip段不能telnet SW1和其他交换机
rule 0 permit tcp source 192.168.200.20 0 destination-port eq telnet
rule 5 deny tcp destination-port eq telnet
interface Vlan-interface10
packet-filter 3001 inbound
nterface Vlan-interface10
packet-filter 3001 inbound
八、Net 功能 内网通过地址转换访问外网
1. 在核心交换机上做静态路由,指向路由器R1
# ip route-static 0.0.0.0 0 192.168.100.2
2. 在R1 上做静态路由,指向路由器R3和R4
# ip route-static 0.0.0.0 0 12.1.1.2
# ip route-static 0.0.0.0 0 13.1.1.3
3. 路由器R2出口方向建立ip地址
# ip add 12.1.1.1 24
# ip add 13.1.1.1 24
4. R3和R4端口做ospf
R3
#
Int loopback 0
Ip add 7.7.7.7 24