本文主要是介绍小于1000人且有vlan划分、分层,使用路由协议,生成树和核心交换机都采用冗余和分流的网络设计与配置,希望对大家解决编程问题提供一定的参考价值,需要的开发者们随着小编来一起学习吧!
1.接入层划分vlan,核心交换机设置vlanif网关
[SW3]vlan batch 10 20
[SW3-Ethernet0/0/3]port link-type access
[SW3-Ethernet0/0/3]port default vlan 10
[SW3-Ethernet0/0/4]port link-type access
[SW3-Ethernet0/0/4]port default vlan 20
[SW3-Ethernet0/0/1]port link-type trunk
[SW3-Ethernet0/0/1]port trunk allow-pass vlan all
[SW3-Ethernet0/0/2]port link-type trunk
[SW3-Ethernet0/0/2]port trunk allow-pass vlan all
[SW1]vlan batch 10 20
[SW1-GigabitEthernet0/0/2]port link-type trunk
[SW1-GigabitEthernet0/0/2]port trunk allow-pass vlan all
[SW1-GigabitEthernet0/0/3]port link-type trunk
[SW1-GigabitEthernet0/0/3]port trunk allow-pass vlan all
[SW1-Vlanif10]ip add 172.16.10.253 24
[SW1-Vlanif10]vrrp vrid 10 virtual-ip 172.16.10.254
[SW1-Vlanif10]vrrp vrid 10 priority 120 //VRRP默认优先级100,越大越优,改为120后,vlan 10优先通过该交换机
[SW1-Vlanif20]ip add 172.16.20.253 24
[SW1-Vlanif20]vrrp vrid 20 virtual-ip 172.16.20.254
[SW2]vlan batch 10 20
[SW2-GigabitEthernet0/0/2]port link-type trunk
[SW2-GigabitEthernet0/0/2]port trunk allow-pass vlan all
[SW2-GigabitEthernet0/0/3]port link-type trunk
[SW2-GigabitEthernet0/0/3]port trunk allow-pass vlan all
[SW2-Vlanif10]ip add 172.16.10.252 24
[SW2-Vlanif10]vrrp vrid 10 virtual-ip 172.16.10.254
[SW2-Vlanif20]ip add 172.16.20.252 24
[SW2-Vlanif20]vrrp vrid 20 virtual-ip 172.16.20.254
[SW2-Vlanif20]vrrp vrid 20 priority 120 // VRRP默认优先级100,越大越优,改为120后,vlan 20优先通过该交换机
2.在接入层和核心层配置MSTP
[SW3]stp mode mstp //华为默认模式
[SW3]stp region-configuration
[SW3-mst-region]region-name net1
[SW3-mst-region]revision-level 1
[SW3-mst-region]instance 1 vlan 10
[SW3-mst-region]instance 2 vlan 20
[SW3-mst-region]active region-configuration
[SW1]stp mode mstp
[SW1]stp region-configuration
[SW1-mst-region]region-name net1
[SW1-mst-region]revision-level 1
[SW1-mst-region]instance 1 vlan 10
[SW1-mst-region]instance 2 vlan 20
[SW1-mst-region]active region-configuration
[SW1]stp instance 1 root primary
[SW1]stp instance 2 root secondary
[SW2]stp mode mstp
[SW2]stp region-configuration
[SW2-mst-region]region-name net1
[SW2-mst-region]revision-level 1
[SW2-mst-region]instance 1 vlan 10
[SW2-mst-region]instance 2 vlan 20
[SW2-mst-region]active region-configuration
[SW2]stp instance 2 root primary
[SW1]stp instance 1 root secondary
[SW2]display stp brief //查看stp
[SW2]display stp
[SW1]display stp instance 1 //查看实例1
3.使用OSPF协议连通核心交换机与出口路由器
[SW1]vlan 100
[SW1-GigabitEthernet0/0/1]port link-type access
[SW1-GigabitEthernet0/0/1]port default vlan 100
[SW1-Vlanif100]ip add 10.1.1.3 24
[SW1-ospf-1-area-0.0.0.0]network 10.1.1.3 0.0.0.255
[SW1-ospf-1-area-0.0.0.0]network 172.6.0.0 0.0.255.255
[SW2]vlan 200
[SW2-GigabitEthernet0/0/1]port link-type access
[SW2-GigabitEthernet0/0/1]port default vlan 200
[SW2-Vlanif200]ip add 20.1.1.3 24
[SW2-ospf-1-area-0.0.0.0]network 20.1.1.3 0.0.0.255
[SW2-ospf-1-area-0.0.0.0]network 172.6.0.0 0.0.255.255
[AR1-ospf-1-area-0.0.0.0]network 10.1.1.1 0.0.0.255
[AR1-ospf-1-area-0.0.0.0]network 20.1.1.1 0.0.0.255
[AR1-ospf-1]default-route-advertise always //下发缺省路由
4.配置出口路由器与外网连通
[AR1-GigabitEthernet0/0/0]ip add 200.1.1.1 24
[AR1]ip route-static 0.0.0.0 0.0.0.0 200.1.1.2
[Internet-GigabitEthernet0/0/0]ip add 200.1.1.2 24
[Internet]ip route-static 172.16.0.0 255.255.0.0 200.1.1.1
5.在AR1上配置基于地址池的NAT转换
[AR1]acl 2000
[AR1-acl-basic-2000]rule permit source 172.16.0.0 0.0.255.255
[AR1]nat address-group 1 200.1.1.10 200.1.1.50
[AR1-GigabitEthernet0/0/0]nat outbound 2000 address-group 1
6.PC可以ping通外网,在AR1的G0/0/0口抓包也看不到内网IP,配置成功
这篇关于小于1000人且有vlan划分、分层,使用路由协议,生成树和核心交换机都采用冗余和分流的网络设计与配置的文章就介绍到这儿,希望我们推荐的文章对编程师们有所帮助!
