博客
关于我
1000人 冗余 规模园区网设计(校园网)
阅读量:249 次
发布时间:2019-02-28

本文共 10212 字,大约阅读时间需要 34 分钟。

1.底层配置

VLAN Trunk Eth-Trunk

汇聚SW3

[HJ_sw3]sys HJ_sw3[HJ_sw3]int Eth-Trunk 1[HJ_sw3-Eth-Trunk1]mode lacp-static[HJ_sw3-Eth-Trunk1]trunkport Ethernet 0/0/4[HJ_sw3-Eth-Trunk1]trunkport Ethernet 0/0/5

接入sw6

[JR_sw6]int Eth-Trunk 1[JR_sw6-Eth-Trunk1]mode lacp-static[JR_sw6-Eth-Trunk1]trunkport Ethernet 0/0/1[JR_sw6-Eth-Trunk1]trunkport Ethernet 0/0/3

核心sw1

[HX_sw1]int Eth-Trunk 2[HX_sw1-Eth-Trunk2]mode lacp-static[HX_sw1-Eth-Trunk2]trunkport g0/0/2[HX_sw1-Eth-Trunk2]trunkport g0/0/3

核心sw2

[HX_sw2]int Eth-Trunk 2[HX_sw2-Eth-Trunk2]mode lacp-static[HX_sw2-Eth-Trunk2]trunkport g0/0/1[HX_sw2-Eth-Trunk2]trunkport g0/0/2

VLAN配置

1栋楼

接入sw5

[JR_sw5]vlan batch 2 to 5
[JR_sw5]int e0/0/2[JR_sw5-Ethernet0/0/2]port link-type access[JR_sw5-Ethernet0/0/2]port de vlan 2
[JR_sw5]int e0/0/1[JR_sw5-Ethernet0/0/1]port link-type trunk[JR_sw5-Ethernet0/0/1]port trunk allow-pass vlan 2 999

接入sw6

[JR_sw6]vlan batch 2 to 5
[JR_sw6]int e0/0/2[JR_sw6-Ethernet0/0/2]port link-ty acc[JR_sw6-Ethernet0/0/2]port de vlan 3
[JR_sw6]int Eth-Trunk 1[JR_sw6-Eth-Trunk1]port link-type trunk[JR_sw6-Eth-Trunk1]port trunk allow-pass vlan 3 999

汇聚sw3

[HJ_sw3]vlan batch 2 to 5 200 999
[HJ_sw3]int e0/0/3[HJ_sw3-Ethernet0/0/3]port link-type trunk[HJ_sw3-Ethernet0/0/3]port trunk allow-pass vlan 2 999
[HJ_sw3]int Eth-Trunk 1[HJ_sw3-Eth-Trunk1]port link-type trunk[HJ_sw3-Eth-Trunk1]port trunk allow-pass vlan 3 999
[HJ_sw3]port-g g Ethernet0/0/1 Ethernet0/0/2

2栋楼

接入sw7

[JR_sw7]vlan batch 2 to 5 200 999
[JR_sw7]int e0/0/2[JR_sw7-Ethernet0/0/2]port link-type acc[JR_sw7-Ethernet0/0/2]port de vlan 4
[JR_sw7]int e0/0/3[JR_sw7-Ethernet0/0/3]port link-type acc[JR_sw7-Ethernet0/0/3]port de vlan 5
[JR_sw7]int e0/0/1[JR_sw7-Ethernet0/0/1]port link-type trunk[JR_sw7-Ethernet0/0/1]port trunk allow-pass vlan 4 5 999

汇聚sw4

[HJ_sw4]vlan batch 2 to 5 200 999
[HJ_sw4]int e0/0/3[HJ_sw4-Ethernet0/0/3]port link-type trunk[HJ_sw4-Ethernet0/0/3]port trunk allow-pass vlan 4 5 999
[HJ_sw4]int e0/0/2[HJ_sw4-Ethernet0/0/2]port link-type trunk[HJ_sw4-Ethernet0/0/2]port trunk allow-pass vlan 4 5 999
[HJ_sw4]port-g g Ethernet 0/0/1 Ethernet 0/0/2

接入SW8

[JR_sw8]vlan batch 2 to 5 200 999
[JR_sw8]int e0/0/3[JR_sw8-Ethernet0/0/3]port link-ty acc[JR_sw8-Ethernet0/0/3]port de vlan 200
[JR_sw8]int e0/0/4[JR_sw8-Ethernet0/0/4]port link-ty acc[JR_sw8-Ethernet0/0/4]port de vlan 200
[JR_sw8]port-g g Ethernet 0/0/1 Ethernet 0/0/2

核心sw1 VLAN Trunk配置

[HX_sw1]vlan batch 2 to 5 200 999
[HX_sw1]int g0/0/5[HX_sw1-GigabitEthernet0/0/5]port link-type trunk[HX_sw1-GigabitEthernet0/0/5]port trunk allow-pass vlan 200 999
[HX_sw1]int g0/0/1[HX_sw1-GigabitEthernet0/0/1]port link-ty trunk[HX_sw1-GigabitEthernet0/0/1]port trunk allow-pass vlan 2 3 999
[HX_sw1]int g0/0/4[HX_sw1-GigabitEthernet0/0/4]port link-ty tr[HX_sw1-GigabitEthernet0/0/4]port trunk allow-pass vlan 4 5 999
[HX_sw1]int eth-trunk 2[HX_sw1-Eth-Trunk2]port link-type trunk[HX_sw1-Eth-Trunk2]port trunk allow-pass vlan 2 3 4 5 200 999
[HX_sw1]vlan 800[HX_sw1-vlan800]int g0/0/6[HX_sw1-GigabitEthernet0/0/6]port link-type access

核心sw2 VLAN Trunk配置

[HX_sw2]vlan batch 2 to 5 200 801 999
[HX_sw2]int g0/0/4[HX_sw2-GigabitEthernet0/0/4]port link-type trunk[HX_sw2-GigabitEthernet0/0/4]port trunk allow-pass vlan 4 5 999
[HX_sw2]int g0/0/5[HX_sw2-GigabitEthernet0/0/5]port link-type trunk[HX_sw2-GigabitEthernet0/0/5]port trunk allow-pass vlan 2 3 999
[HX_sw2]int eth-trunk 2[HX_sw2-Eth-Trunk2]port link-type trunk[HX_sw2-Eth-Trunk2]port trunk allow-pass vlan 2 3 4 5 200 999
[HX_sw2-GigabitEthernet0/0/3]port link-type trunk[HX_sw2-GigabitEthernet0/0/3]port trunk allow-pass vlan 200
[HX_sw2-GigabitEthernet0/0/6]port link-ty acc[HX_sw2-GigabitEthernet0/0/6]port de vlan 801

2.MSTP配置

MSTP要求

  • 所有交换机的VLAN必须同步
  • VLAN分为两个组:
    • 组1:VLAN 2, 3, 200
    • 组2:VLAN 4, 5

核心交换机配置

[HX_sw1]stp region-configuration [HX_sw1-mst-region]instance 1 vlan 2 3 200
[HX_sw1-mst-region]region-name aa
[HX_sw1-mst-region]revision-level 1
[HX_sw1-mst-region]instance 2 vlan 4 5
[HX_sw1]stp instance 1 root primary
[HX_sw1]stp instance 2 root secondary
[HX_sw2]stp instance 2 root primary
[HX_sw2]stp instance 1 root secondary

交换机配置

  • 核心交换机作为实例1和实例2的根桥
  • 确保VLAN 2,3通过实例1,VLAN 4,5通过实例2
  • 核心交换机的VLAN Trunk口设置为阻塞(无误导оск弯)

3.VRRP配置

VRRP组件

  • 模拟多台路由器联合组成虚拟路由设备
  • 配置每个VLAN对应的VRRP组
    • VLAN 2:Master为sw1
    • VLAN 4,5:Master为sw2

核心交换机配置

[HX_sw1]vlanif 2
[HX_sw1-Vlanif2]ip add 192.168.2.254/24
[HX_sw1-Vlanif2]vrrp vrid 2 virtual-ip 192.168.2.1
[HX_sw1-Vlanif2]vrrp vrid 2 priority 105
[HX_sw1]vlanif 3
[HX_sw1-Vlanif3]ip add 192.168.3.254/24
[HX_sw1-Vlanif3]vrrp vrid 3 virtual-ip 192.168.3.1
[HX_sw1-Vlanif3]vrrp vrid 3 priority 105
[HX_sw1]vlanif 200
[HX_sw1-Vlanif200]ip add 192.168.200.254/24
[HX_sw1-Vlanif200]vrrp vrid 200 virtual-ip 192.168.200.1
[HX_sw1-Vlanif200]vrrp vrid 200 priority 105
[HX_sw1]vlanif 4
[HX_sw1-Vlanif4]ip add 192.168.4.254/24
[HX_sw1-Vlanif4]vrrp vrid 4 virtual-ip 192.168.4.1
[HX_sw1-Vlanif4]vrrp vrid 4 priority 105
[HX_sw1]vlanif 5
[HX_sw1-Vlanif5]ip add 192.168.5.254/24
[HX_sw1-Vlanif5]vrrp vrid 5 virtual-ip 192.168.5.1
[HX_sw1-Vlanif5]vrrp vrid 5 priority 105
[HX_sw2]vlanif 4
[HX_sw2-Vlanif4]ip add 192.168.4.253/24
[HX_sw2-Vlanif4]vrrp vrid 4 virtual-ip 192.168.4.1
[HX_sw2-Vlanif4]vrrp vrid 4 priority 105
[HX_sw2]vlanif 5
[HX_sw2-Vlanif5]ip add 192.168.5.253/24
[HX_sw2-Vlanif5]vrrp vrid 5 virtual-ip 192.168.5.1
[HX_sw2-Vlanif5]vrrp vrid 5 priority 105
[HX_sw2]vlanif 2
[HX_sw2-Vlanif2]ip add 192.168.2.253/24
[HX_sw2-Vlanif2]vrrp vrid 2 virtual-ip 192.168.2.1

4.BFD配置

核心交换机配置

[HX_sw1]bfd
[HX_sw1-bfd]bb bind peer-ip 192.168.12.1 source-ip 192.168.12.2 auto
[CK_R1]bfd
[CK_R1-bfd]cc bind peer-ip 192.168.23.2 source-ip 192.168.23.1 auto

出口路由器配置

[CK_R1]bfd
[CK_R1-bfd]cc bind peer-ip 192.168.23.2 source-ip 192.168.23.1 auto

跟踪接口

[HX_sw1]vlanif 2
[HX_sw1-Vlanif2]vrrp vrid 2 track bfd-session session-name bb
[HX_sw1-Vlanif2]vrrp vrid 2 track int g0/0/1
[HX_sw1]vlanif 3
[HX_sw1-Vlanif3]vrrp vrid 3 track bfd-session session-name bb
[HX_sw1-Vlanif3]vrrp vrid 3 track int g0/0/1
[HX_sw1]vlanif 200
[HX_sw1-Vlanif200]vrrp vrid 200 track bfd-session session-name bb
[HX_sw1-Vlanif200]vrrp vrid 200 track int g0/0/1
[HX_sw2]vlanif 4
[HX_sw2-Vlanif4]vrrp vrid 4 track bfd-session session-name cc
[HX_sw2-Vlanif4]vrrp vrid 4 track int g0/0/4
[HX_sw2]vlanif 5
[HX_sw2-Vlanif5]vrrp vrid 5 track bfd-session session-name cc
[HX_sw2-Vlanif5]vrrp vrid 5 track int g0/0/4

5.OSPF配置

核心交换机

[HX_sw1]ospf 1
[HX_sw1-ospf-1]area 0
[HX_sw1-ospf-1]net 192.168.2.0 0.0.0.255
[HX_sw1-ospf-1]net 192.168.3.0 0.0.0.255
[HX_sw1-ospf-1]net 192.168.4.0 0.0.0.255
[HX_sw1-ospf-1]net 192.168.5.0 0.0.0.255
[HX_sw1-ospf-1]net 192.168.200.0 0.0.0.255
[HX_sw1-ospf-1]net 192.168.12.0 0.0.0.255
[HX_sw2]ospf 1
[HX_sw2-ospf-1]area 0
[HX_sw2-ospf-1]net 192.168.2.0 0.0.0.255
[HX_sw2-ospf-1]net 192.168.3.0 0.0.0.255
[HX_sw2-ospf-1]net 192.168.4.0 0.0.0.255
[HX_sw2-ospf-1]net 192.168.5.0 0.0.0.255
[HX_sw2-ospf-1]net 192.168.200.0 0.0.0.255
[HX_sw2-ospf-1]net 192.168.23.0 0.0.0.255

出口路由器

[R1]ospf 1
[R1-ospf-1]area 0
[R1-ospf-1]network 192.168.12.0 0.0.0.255
[R1-ospf-1]network 192.168.23.0 0.0.0.255
[R1-ospf-1]network 14.1.1.0 0.0.0.255
[R1-ospf-1]network 192.168.100.0 0.0.0.255

电信路由器和联通路由器

[DX_R2]ospf 1
[DX_R2-ospf-1]network 12.1.1.0 0.0.0.255
[LT_R3]ospf 1
[LT_R3-ospf-1]network 13.1.1.0 0.0.0.255

分支路由器

[FZ_R4]ospf 1
[FZ_R4-ospf-1]area 0
[FZ_R4-ospf-1]network 14.1.1.0 0.0.0.255
[FZ_R4-ospf-1]network 192.168.100.0 0.0.0.255

6.DHCP中继配置

核心交换机配置

[HX_sw1]dhcp enable
[HX_sw1]vlanif 2
[HX_sw1-Vlanif2]dhcp select relay
[HX_sw1-Vlanif2]dhcp relay server-ip 192.168.200.3
[HX_sw1]vlanif 3
[HX_sw1-Vlanif3]dhcp select relay
[HX_sw1-Vlanif3]dhcp relay server-ip 192.168.200.3
[HX_sw1]vlanif 4
[HX_sw1-Vlanif4]dhcp select relay
[HX_sw1-Vlanif4]dhcp relay server-ip 192.168.200.3
[HX_sw1]vlanif 5
[HX_sw1-Vlanif5]dhcp select relay
[HX_sw1-Vlanif5]dhcp relay server-ip 192.168.200.3
[HX_sw2]dhcp enable
[HX_sw2]vlanif 2
[HX_sw2-Vlanif2]dhcp select relay
[HX_sw2-Vlanif2]dhcp relay server-ip 192.168.200.3
[HX_sw2]vlanif 3
[HX_sw2-Vlanif3]dhcp select relay
[HX_sw2-Vlanif3]dhcp relay server-ip 192.168.200.3
[HX_sw2]vlanif 4
[HX_sw2-Vlanif4]dhcp select relay
[HX_sw2-Vlanif4]dhcp relay server-ip 192.168.200.3
[HX_sw2]vlanif 5
[HX_sw2-Vlanif5]dhcp select relay
[HX_sw2-Vlanif5]dhcp relay server-ip 192.168.200.3

7.NAT配置

出口路由器

[R1]nat server protocol tcp global current-interface 80 inside 192.168.200.2 80

外网用户

[R5]ip add 6.6.6.1 24

8.ACL配置

禁止vlan5访问外网

[R1]acl 3005
[R1-acl-basic-3005]rule deny ip source 192.168.5.0 0.0.0.255 destination 192.168.0.0 0.0.255.255

9.DHCP安全技术

交换机DHCP Snooping

[JR_sw5]dhcp snooping enable
[JR_sw5]vlan 2
[JR_sw5-vlan2]dhcp snooping enable
[JR_sw6]dhcp snooping enable
[JR_sw6]vlan 3
[JR_sw6-vlan3]dhcp snooping enable
[JR_sw7]dhcp snooping enable
[JR_sw7]vlan 4
[JR_sw7-vlan4]dhcp snooping enable
[JR_sw7]vlan 5
[JR_sw7-vlan5]dhcp snooping enable

10.PPPOE配置

服务端配置

[DX_R2]ip pool pool1 network 12.1.1.0 mask 24 gateway-list 12.1.1.2
[DX_R2]local-user 0531 password cipher 123456
[DX_R2]interface Virtual-Template 1 ppp authentication-mode pap remote address pool pool1 ip address 12.1.1.2 255.255.255.0
[DX_R2]int g0/0/0 pppoe-server bind Virtual-Template 1
[DX_R2]int g0/0/0 pppoe-client dial-bundle-number 2

11.出口路由配置

电信PPPOE作为备份出口

[R1]ip route-static 0.0.0.0 0.0.0.0 13.1.1.2
[R1]ip route-static 0.0.0.0 0.0.0.0 Dialer1 preference 85

12.NAT服务器

出口路由器

[R1]int g1/0/0 nat server protocol tcp global current-interface 80 inside 192.168.200.2 80

13.ACL优化

禁止vlan5访问外网

[R1]acl 3005
[R1-acl-basic-3005]rule deny ip source 192.168.5.0 0.0.0.255 destination 192.168.0.0 0.0.255.255

14.策略路由(注:模拟器bug,暂不生效)

核心交换机配置

[HX_sw1]traffic-policy aa inbound
[int g0/0/0]traffic-policy aa inbound
[int g0/0/1]traffic-policy aa inbound

15.Telnet配置

核心交换机

[HX_sw1]vty 0 4 authentication-mode aaaa
[HX_sw1]dhcp enable
[HX_sw1]ip address 192.168.255.254 255.255.255.0
[HX_sw1]vrrp vrid 255 virtual-ip 192.168.255.1

16.优化STP

边缘端口配置

[JR_sw5]stp edged-port enable

核心交换机禁用STP口

[HX_sw1]stp disable
[HX_sw2]stp disable

核心捆绑链路优化

[HX_sw1]Eth-Trunk 2
[HX_sw1-Eth-Trunk2]stp instance 1 cost 10000
[HX_sw1-Eth-Trunk2]stp instance 2 cost 10000
[HX_sw2]Eth-Trunk 2
[HX_sw2-Eth-Trunk2]stp instance 1 cost 10000
[HX_sw2-Eth-Trunk2]stp instance 2 cost 10000

以上为完整的技术文档,涵盖了网络设备的配置和优化建议。

转载地址:http://jgsi.baihongyu.com/

你可能感兴趣的文章
Objective-C实现fibonacci斐波那契算法(附完整源码)
查看>>
Objective-C实现FIFO(附完整源码)
查看>>
Objective-C实现FigurateNumber垛积数算法(附完整源码)
查看>>
Objective-C实现finding bridges寻找桥梁算法(附完整源码)
查看>>
Objective-C实现first come first served先到先得算法(附完整源码)
查看>>
Objective-C实现fischer yates shuffle洗牌算法(附完整源码)
查看>>
Objective-C实现fisherYates洗牌算法(附完整源码)
查看>>
Objective-C实现frequency finder频率探测器算法(附完整源码)
查看>>
Objective-C实现FTP文件上传(附完整源码)
查看>>
Objective-C实现fuzzy operations模糊运算算法(附完整源码)
查看>>
Objective-C实现Gale-Shapley盖尔-沙普利算法(附完整源码)
查看>>
Objective-C实现gamma recursive伽玛递归算法(附完整源码)
查看>>
Objective-C实现getline函数功能(附完整源码)
查看>>
Objective-C实现gnome sortt侏儒排序算法(附完整源码)
查看>>
Objective-C实现GraphVertex图顶点算法(附完整源码)
查看>>
Objective-C实现greatest common divisor最大公约数算法(附完整源码)
查看>>
Objective-C实现greedy coin change贪心硬币找零算法(附完整源码)
查看>>
Objective-C实现half adder半加器算法(附完整源码)
查看>>
Objective-C实现hamiltonianCycle哈密尔顿图算法(附完整源码)
查看>>
Objective-C实现hamming code汉明码算法(附完整源码)
查看>>
喝酒易醉,品茶养心,人生如梦,品茶悟道,何以解忧?唯有杜康!-- 愿君每日到此一游!
当前时间: 2026-01-18 07:18:44   当前IP: 10.8.50.4   联系邮箱:javaeecc@qq.com     Copyright © 2020 - 2025 baihongyu.com 京ICP备2021015314号-2