1 【实验目的】
增强分析和配置中小型企业网络的综合能力
2 【实验环境】
本实验模拟了一个企业网络场景,其中R1为公司总部的路由器,交换机S1,S2,S3,S4,服务器,终端等设备组成了公司总部的园区网,R2,R3,R4为公司分部的路由器。
公司总部的园区网划分了不同的VLAN。为了防止二层环路及提高交换机的抗攻击性,每台交换机都需要运行RSTP协议,同时配置RSTP保护功能。
在公司总部网络中,R1,S1,R2运行OSPF协议,并需要通过配置OSPF认证功能来提高安全性。由于种种原因,S3和S4不能运行OSPF路由协议,所以网络管理员需要将用户网段的路由引入OSPF进程,在路由引用的同时还需要实现路由聚合。
公司分部网络使用了IS-IS路由协议作为IGP,公司总部网络与公司分部网络之间通过BGP路由协议实现互通,同时,总部与分部之间的通信还需要满足负载分担等许多特别的要求,这些要求将在实验步骤中进行具体的说明。
实验拓扑如图所示
13 【实验过程】
3.1 IP地址表:
Interface |
IPv4 address |
subnet mask |
|
PC1 |
E0/0/1 |
20.20.10.2 |
255.0.0.0 |
PC2 |
E0/0/1 |
20.20.10.3 |
255.0.0.0 |
PC3 |
E0/0/1 |
20.20.10.4 |
255.0.0.0 |
PC4 |
E0/0/1 |
20.20.10.5 |
255.0.0.0 |
Server1 |
E0/0/0 |
20.20.10.100 |
255.0.0.0 |
Server2 |
E0/0/0 |
60.20.10.200 |
255.0.0.0 |
LSW1 |
VLANIF57 |
192.168.56.2 |
255.255.255.0 |
VLANIF56 |
192.168.15.2 |
255.255.255.0 |
|
VLANI20 |
20.20.10.1 |
255.0.0.0 |
|
LSW2 |
VLANIF66 |
192.168.16.6 |
255.255.255.0 |
VLANIF67 |
192.168.56.6 |
255.255.255.0 |
|
VLANIF110 |
60.20.10.1 |
255.255.0.0 |
|
VLANIF120 |
60.20.20.1 |
255.255.0.0 |
|
VLANIF130 |
60.20.30.1 |
255.255.0.0 |
|
R1 |
G0/0/0 |
192.168.15.1 |
255.255.255.0 |
G0/0/1 |
192.168.16.1 |
255.255.255.0 |
|
G0/0/2 |
192.168.12.1 |
255.255.255.252 |
|
G0/0/3 |
192.168.13.1 |
255.255.255.252 |
|
R2 |
G0/0/0 |
192.168.12.2 |
255.255.255.252 |
G0/0/1 |
192.168.24.2 |
255.255.255.0 |
|
R3 |
G0/0/1 |
192.168.14.3 |
255.255.255.252 |
G0/0/2 |
192.168.34.3 |
255.255.255.0 |
|
R4 |
G0/0/1 |
192.168.34.4 |
255.255.255.0 |
G0/0/2 |
192.168.23.4 |
255.255.255.0 |
3.2 基础配置及VLAN划分:
在公司总部园区网的 S1、S2、S3、S4 上创建 VLAN10、20、30、110、120、130;并在四个交换机上并配置 Mux VLAN,其中 Server 1 的 VLAN 20 属于Principal VLAN(主 VLAN),PC-1 和 PC-2 的 VLAN 10 属于 Group VLAN(互通型从 VLAN),PC-3 和 PC-4 的 VLAN 30 属于 Separarte VLAN(隔离型从 VLAN)。
3.2.1 R1配置:
<Huawei>sys [Huawei]sysname R1 [R1]int loop 0 [R1-LoopBack0]ip add 1.1.1.1 24 [R1-LoopBack0]int g0/0/0 [R1-GigabitEthernet0/0/0]ip add 192.168.15.1 24 [R1-GigabitEthernet0/0/0]int g0/0/1 [R1-GigabitEthernet0/0/1]ip add 192.168.16.1 24 [R1-GigabitEthernet0/0/1]int g0/0/2 [R1-GigabitEthernet0/0/2]ip add 192.168.12.1 30 [R1-GigabitEthernet0/0/2]int g0/0/3 [R1-GigabitEthernet0/0/3]ip add 192.168.13.1 30
3.2.2 AR2配置:
<Huawei>sys [Huawei] [Huawei]sysname AR2 [AR2]int loop 0 [AR2-LoopBack0] [AR2-LoopBack0]ip add 2.2.2.2 24 [AR2-LoopBack0]int g0/0/0 [AR2-GigabitEthernet0/0/0]ip add 192.168.12.2 30 [AR2-GigabitEthernet0/0/0]int g0/0/1 [AR2-GigabitEthernet0/0/1]ip add 192.168.24.2 24
3.2.3 AR3配置:
<Huawei>sys [Huawei]sysname AR3 [AR3]int loop 0 [AR3-LoopBack0]ip add 3.3.3.3 24 [AR3-LoopBack0]int g0/0/1 [AR3-GigabitEthernet0/0/1]ip add 192.168.13.3 30 [AR3-GigabitEthernet0/0/1]int g0/0/2 [AR3-GigabitEthernet0/0/2]ip add 192.168.34.3 24
3.2.4 AR4配置:
<Huawei>sys [Huawei]sysname AR4 [AR4]int loop 0 [AR4-LoopBack0]ip add 4.4.4.4 24 [AR4-LoopBack0]int loop 1 [AR4-LoopBack1]ip add 14.14.14.14 24 [AR4-LoopBack1]int g0/0/1 [AR4-GigabitEthernet0/0/1]ip add 192.168.24.4 24 [AR4-GigabitEthernet0/0/1]int g0/0/2 [AR4-GigabitEthernet0/0/2]ip add 192.168.34.4 24
LSW1 和 LSW3相连接的接口为access端口,允许VLAN 20通过其余四台交换机相连接口为Trunk
3.2.5 LSW1配置:
<Huawei>sys [Huawei]sysname LSW1 [LSW1]vlan batch 20 56 57 [LSW1]int vlanif 20 [LSW1-Vlanif20]ip add 20.20.10.1 24 [LSW1-Vlanif20]int vlanif 56 [LSW1-Vlanif56]ip add 192.168.15.2 24 [LSW1-Vlanif56]int vlanif 57 [LSW1-Vlanif57]ip add 192.168.56.2 24 [LSW1-Vlanif57]q [LSW1]int g0/0/2 [LSW1-GigabitEthernet0/0/2]port link-type access [LSW1-GigabitEthernet0/0/2]port default vlan 20 [LSW1-GigabitEthernet0/0/2]int g0/0/3 [LSW1-GigabitEthernet0/0/3]port link-type trunk [LSW1-GigabitEthernet0/0/3]port trunk allow-pass vlan all [LSW1-GigabitEthernet0/0/3]int g0/0/1 [LSW1-GigabitEthernet0/0/1]port link-type access [LSW1-GigabitEthernet0/0/1]port default vlan 57 [LSW1-GigabitEthernet0/0/1]int g0/0/4 [LSW1-GigabitEthernet0/0/4]port link-type access [LSW1-GigabitEthernet0/0/4]port default vlan 56
3.2.6 LSW2配置:
<Huawei>sys [Huawei]sysname LSW2 [LSW2]vlan batch 66 67 110 120 130 [LSW2]int vlanif 110 [LSW2-Vlanif110]ip add 60.20.10.1 24 [LSW2-Vlanif110]int vlanif 120 [LSW2-Vlanif120]ip add 60.20.20.1 24 [LSW2-Vlanif120]int vlanif 130 [LSW2-Vlanif130]ip add 60.60.30.1 24 [LSW2-Vlanif130]int vlanif 66 [LSW2-Vlanif66]ip add 192.168.16.6 24 [LSW2-Vlanif66]int vlanif 67 [LSW2-Vlanif67]ip add 192.168.56.6 24 [LSW2]int g0/0/2 [LSW2-GigabitEthernet0/0/2]port link-type trunk [LSW2-GigabitEthernet0/0/2]port trunk all vlan 10 20 30 110 120 130 [LSW2-GigabitEthernet0/0/2]int g0/0/3 [LSW2-GigabitEthernet0/0/3]port link-type trunk [LSW2-GigabitEthernet0/0/3]port trunk all vlan 10 20 30 110 120 130 [LSW2-GigabitEthernet0/0/3]int g0/0/1 [LSW2-GigabitEthernet0/0/1]port link-type access [LSW2-GigabitEthernet0/0/1]port default vlan 67 [LSW2-GigabitEthernet0/0/1]int g0/0/4 [LSW2-GigabitEthernet0/0/4]port link-type access [LSW2-GigabitEthernet0/0/4]port default vlan 66
3.2.7 LSW3配置:
(只有接口是access才能配置MUX-VLAN)
<LSW3>sys [LSW3]sys LSW3 [LSW3]int g0/0/2 [LSW3-GigabitEthernet0/0/2]port link-type access [LSW3-GigabitEthernet0/0/2]port default vlan 20 [LSW3-GigabitEthernet0/0/2]int g0/0/1 [LSW3-GigabitEthernet0/0/1]port link-type trunk [LSW3-GigabitEthernet0/0/1]port trunk all vlan 10 20 30 110 120 130 [LSW3-GigabitEthernet0/0/1]q [LSW3]vlan batch 10 20 30 [LSW3]vlan 20 [LSW3-vlan20]mux-vlan [LSW3-vlan20]subordinate group 10 [LSW3-vlan20]subordinate separate 30 [LSW3-vlan20]int e0/0/1 [LSW3-Ethernet0/0/1]port mux-vlan enable [LSW3-Ethernet0/0/1]port link-type access [LSW3-Ethernet0/0/1]port default vlan 20 [LSW3-Ethernet0/0/1]int e0/0/2 [LSW3-Ethernet0/0/2]port mux-vlan enable [LSW3-Ethernet0/0/2]port link-type access [LSW3-Ethernet0/0/2]port default vlan 10 [LSW3-Ethernet0/0/2]int e0/0/3 [LSW3-Ethernet0/0/3]port mux-vlan enable [LSW3-Ethernet0/0/3]port link-type access [LSW3-Ethernet0/0/3]port default vlan 10 [LSW3-Ethernet0/0/3]int e0/0/4 [LSW3-Ethernet0/0/4]port mux-vlan enable [LSW3-Ethernet0/0/4]port link-type access [LSW3-Ethernet0/0/4]port de vlan 30 [LSW3-Ethernet0/0/4]int e0/0/5 [LSW3-Ethernet0/0/5]port mux-vlan enable [LSW3-Ethernet0/0/5]port link-type access [LSW3-Ethernet0/0/5]port de vlan 30
3.2.8 LSW4配置:
<Huawei>sys [Huawei]sys LSW4 [LSW4]int g0/0/1 [LSW4-GigabitEthernet0/0/1]port link-type trunk [LSW4-GigabitEthernet0/0/1]port trunk all vlan 10 20 30 110 120 130 [LSW4-GigabitEthernet0/0/1]int g0/0/2 [LSW4-GigabitEthernet0/0/2]port link-type trunk [LSW4-GigabitEthernet0/0/2]port trunk all vlan 10 20 30 110 120 130 [LSW4-GigabitEthernet0/0/2]vlan 110 [LSW4-vlan110]mac-vlan mac-address 5489-98AF-781B [LSW4-vlan110]int e0/0/1 [LSW4-Ethernet0/0/1]port hybrid untagged vlan all [LSW4-Ethernet0/0/1]mac-vlan enable
3.2.9 结果查看:
1.在LSW4中通过MAC地址绑定将Server 2添加到 VLAN 100
2.在LSW3中MUX-VLAN结果(互通型与隔离型)
3.在LSW1与LSW2中VLAN信息
由于篇幅原因请点击连接前往下一篇继续学习后续内容
/article/1067061?spm=a2c6h.13528211.index-feed.24.68901082Blc4cL
