运维开发网
广告位招商联系QQ:123077622
 
广告位招商联系QQ:123077622

企业项目拓扑2

运维开发网 https://www.qedev.com 2020-07-25 11:24 出处:网络 作者:运维开发网整理
某企业骨干网络拓扑如下图所示: 企业网络要求如下: 实验要求: 1.SW1为vlan 10的主网关,vlan 20的备份网关; 2.SW2为vlan 20的主网关,vlan 10的备份网关; 3.DHCP服务器在vlan 66,网关在SW2上面; 4.PC1、PC2自动获取ip地址且可以互相ping通; 5.企业内网运行OSPF协议; 6.仅允许Client1所在网络可以访问Server1服务器;
某企业骨干网络拓扑如下图所示:

企业项目拓扑2

企业网络要求如下:

实验要求:

1.SW1为vlan 10的主网关,vlan 20的备份网关;

2.SW2为vlan 20的主网关,vlan 10的备份网关;

3.DHCP服务器在vlan 66,网关在SW2上面;

4.PC1、PC2自动获取ip地址且可以互相ping通;

5.企业内网运行OSPF协议;

6.仅允许Client1所在网络可以访问Server1服务器;

7.企业内网设备仅允许被DHCP服务器远程管理;

8.外网R2可以远程管理DHCP服务器。

第一步:配置基本网络;

SW1配置如下

sysname SW1

vlan batch 10 20 66 100

interface GigabitEthernet0/0/1

port link-type access

port default vlan 10

interface GigabitEthernet0/0/2

port link-type access

port default vlan 10

interface GigabitEthernet0/0/3

port link-type access

port default vlan 100

interface GigabitEthernet0/0/10

port link-type trunk

port trunk allow-pass vlan all

interface Vlanif10

ip address 192.168.10.251 255.255.255.0

interface Vlanif20

ip address 192.168.20.251 255.255.255.0

interface Vlanif100

ip address 192.168.100.2 255.255.255.0

SW2配置如下

sysname SW2

vlan batch 10 20 66 200

interface GigabitEthernet0/0/1

port link-type access

port default vlan 20

interface GigabitEthernet0/0/3

port link-type access

port default vlan 200

interface GigabitEthernet0/0/10

port link-type trunk

port trunk allow-pass vlan all

interface GigabitEthernet0/0/11

port link-type access

port default vlan 66

interface Vlanif10

ip address 192.168.10.252 255.255.255.0

interface Vlanif20

ip address 192.168.20.252 255.255.255.0

interface Vlanif66

ip address 192.168.66.1 255.255.255.0

interface Vlanif200

ip address 192.168.200.2 255.255.255.0

DHCP配置如下

sysname DHCP

interface GigabitEthernet0/0/0

ip address 192.168.66.2 255.255.255.0

R1配置如下

sysname R1

interface g0/0/0

ip address 100.1.1.2 24

interface g0/0/1

ip address 192.168.100.1 24

interface g0/0/2

ip address 192.168.200.1 24

R2配置如下

sysname R2

interface g0/0/0

ip address 100.1.1.1 24

interface g0/0/1

ip address 200.1.1.254 24

第二步:配置企业内网OSPF;

OSPF配置:

R1配置如下

ip route-static 0.0.0.0 0.0.0.0 100.1.1.1

ospf 1

default-route-advertise always

area 0

network 192.168.100.0 0.0.0.255

network 192.168.200.0 0.0.0.255

SW1配置如下

ospf 1

area 0

network 192.168.10.0 0.0.0.255

network 192.168.20.0 0.0.0.255

network 192.168.100.0 0.0.0.255

SW2配置如下

ospf 1

area 0

network 192.168.10.0 0.0.0.255

network 192.168.20.0 0.0.0.255

network 192.168.66.0 0.0.0.255

network 192.168.200.0 0.0.0.255

DHCP配置如下

ospf 1

area 0

network 192.168.66.0 0.0.0.255

第三步:配置VRRP;

SW1配置

interface Vlanif10

vrrp vrid 10 Virtual-ip 192.168.10.250

vrrp vrid 10 priority 200

interface Vlanif20

vrrp vrid 20 Virtual-ip 192.168.20.250

SW2配置

interface Vlanif10

vrrp vrid 10 Virtual-ip 192.168.10.250

interface Vlanif20

vrrp vrid 20 Virtual-ip 192.168.20.250

vrrp vrid 20 priority 200

第四步:DHCP配置

DHCP配置

dhcp enable

interface GigabitEthernet0/0/0

dhcp select global

ip pool p1

gateway-list 192.168.10.250

network 192.168.10.0 mask 255.255.255.0

dns-list 8.8.8.8

ip pool p2

gateway-list 192.168.20.250

network 192.168.20.0 mask 255.255.255.0

dns-list 8.8.8.8

SW1配置

dhcp enable

interface Vlanif10

dhcp select relay

dhcp relay server-ip 192.168.66.2

interface Vlanif20

dhcp select relay

dhcp relay server-ip 192.168.66.2

SW2配置

dhcp enable

interface Vlanif10

dhcp select relay

dhcp relay server-ip 192.168.66.2

interface Vlanif20

dhcp select relay

dhcp relay server-ip 192.168.66.2

第五步:配置PAT和远程管理;

R1配置如下:

acl 2000

rule 10 permit source 192.168.10.0 0.0.0.255

quit

interface GigabitEthernet0/0/0

nat outbound 2000

nat server protocol tcp global 100.1.1.2 8080 inside 192.168.66.1 telnet

quit

acl number 3000

rule 10 permit tcp source 192.168.66.2 0 destination-port eq telnet

user-interface vty 0 4

acl 3000 inbound

authentication-mode password

123

最后,进行项目验证,完成!

扫码领视频副本.gif

0

精彩评论

暂无评论...
验证码 换一张
取 消