博客
关于我
1000人 冗余 规模园区网设计(校园网)
阅读量:249 次
发布时间:2019-02-28

本文共 10056 字,大约阅读时间需要 33 分钟。

1.底层配置

VLAN Trunk Eth-Trunk

汇聚SW3

[HJ_sw3]sys HJ_sw3[HJ_sw3]int Eth-Trunk 1[HJ_sw3-Eth-Trunk1]mode lacp-static[HJ_sw3-Eth-Trunk1]trunkport Ethernet 0/0/4[HJ_sw3-Eth-Trunk1]trunkport Ethernet 0/0/5

接入sw6

[JR_sw6]int Eth-Trunk 1[JR_sw6-Eth-Trunk1]mode lacp-static[JR_sw6-Eth-Trunk1]trunkport Ethernet 0/0/1[JR_sw6-Eth-Trunk1]trunkport Ethernet 0/0/3

核心sw1

[HX_sw1]int Eth-Trunk 2[HX_sw1-Eth-Trunk2]mode lacp-static[HX_sw1-Eth-Trunk2]trunkport g0/0/2[HX_sw1-Eth-Trunk2]trunkport g0/0/3

核心sw2

[HX_sw2]int Eth-Trunk 2[HX_sw2-Eth-Trunk2]mode lacp-static[HX_sw2-Eth-Trunk2]trunkport g0/0/1[HX_sw2-Eth-Trunk2]trunkport g0/0/2

VLAN配置

1栋楼

接入sw5

[JR_sw5]vlan batch 2 to 5[JR_sw5]int e0/0/2[JR_sw5-Ethernet0/0/2]port link-type access[JR_sw5-Ethernet0/0/2]port de vlan 2[JR_sw5]int e0/0/1[JR_sw5-Ethernet0/0/1]port link-type trunk[JR_sw5-Ethernet0/0/1]port trunk allow-pass vlan 2 999

接入sw6

[JR_sw6]vlan batch 2 to 5[JR_sw6]int e0/0/2[JR_sw6-Ethernet0/0/2]port link-ty acc[JR_sw6-Ethernet0/0/2]port de vlan 3[JR_sw6]int Eth-Trunk 1[JR_sw6-Eth-Trunk1]port link-type trunk[JR_sw6-Eth-Trunk1]port trunk allow-pass vlan 3 999

汇聚sw3

[HJ_sw3]vlan batch 2 to 5 200 999[HJ_sw3]int e0/0/3[HJ_sw3-Ethernet0/0/3]port link-type trunk[HJ_sw3-Ethernet0/0/3]port trunk allow-pass vlan 2 999[HJ_sw3]int Eth-Trunk 1[HJ_sw3-Eth-Trunk1]port link-type trunk[HJ_sw3-Eth-Trunk1]port trunk allow-pass vlan 3 999[HJ_sw3]port-g g Ethernet0/0/1 Ethernet0/0/2

2栋楼

接入sw7

[JR_sw7]vlan batch 2 to 5 200 999[JR_sw7]int e0/0/2[JR_sw7-Ethernet0/0/2]port link-type acc[JR_sw7-Ethernet0/0/2]port de vlan 4[JR_sw7]int e0/0/3[JR_sw7-Ethernet0/0/3]port link-type acc[JR_sw7-Ethernet0/0/3]port de vlan 5[JR_sw7]int e0/0/1[JR_sw7-Ethernet0/0/1]port link-type trunk[JR_sw7-Ethernet0/0/1]port trunk allow-pass vlan 4 5 999

汇聚sw4

[HJ_sw4]vlan batch 2 to 5 200 999[HJ_sw4]int e0/0/3[HJ_sw4-Ethernet0/0/3]port link-type trunk[HJ_sw4-Ethernet0/0/3]port trunk allow-pass vlan 4 5 999[HJ_sw4]int e0/0/2[HJ_sw4-Ethernet0/0/2]port link-type trunk[HJ_sw4-Ethernet0/0/2]port trunk allow-pass vlan 4 5 999[HJ_sw4]port-g g Ethernet 0/0/1 Ethernet 0/0/2

接入SW8

[JR_sw8]vlan batch 2 to 5 200 999[JR_sw8]int e0/0/3[JR_sw8-Ethernet0/0/3]port link-ty acc[JR_sw8-Ethernet0/0/3]port de vlan 200[JR_sw8]int e0/0/4[JR_sw8-Ethernet0/0/4]port link-ty acc[JR_sw8-Ethernet0/0/4]port de vlan 200[JR_sw8]port-g g Ethernet 0/0/1 Ethernet 0/0/2

核心sw1 VLAN Trunk配置

[HX_sw1]vlan batch 2 to 5 200 999[HX_sw1]int g0/0/5[HX_sw1-GigabitEthernet0/0/5]port link-type trunk[HX_sw1-GigabitEthernet0/0/5]port trunk allow-pass vlan 200 999[HX_sw1]int g0/0/1[HX_sw1-GigabitEthernet0/0/1]port link-ty trunk[HX_sw1-GigabitEthernet0/0/1]port trunk allow-pass vlan 2 3 999[HX_sw1]int g0/0/4[HX_sw1-GigabitEthernet0/0/4]port link-ty tr[HX_sw1-GigabitEthernet0/0/4]port trunk allow-pass vlan 4 5 999[HX_sw1]int eth-trunk 2[HX_sw1-Eth-Trunk2]port link-type trunk[HX_sw1-Eth-Trunk2]port trunk allow-pass vlan 2 3 4 5 200 999[HX_sw1]vlan 800[HX_sw1-vlan800]int g0/0/6[HX_sw1-GigabitEthernet0/0/6]port link-type access

核心sw2 VLAN Trunk配置

[HX_sw2]vlan batch 2 to 5 200 801 999[HX_sw2]int g0/0/4[HX_sw2-GigabitEthernet0/0/4]port link-type trunk[HX_sw2-GigabitEthernet0/0/4]port trunk allow-pass vlan 4 5 999[HX_sw2]int g0/0/5[HX_sw2-GigabitEthernet0/0/5]port link-type trunk[HX_sw2-GigabitEthernet0/0/5]port trunk allow-pass vlan 2 3 999[HX_sw2]int eth-trunk 2[HX_sw2-Eth-Trunk2]port link-type trunk[HX_sw2-Eth-Trunk2]port trunk allow-pass vlan 2 3 4 5 200 999[HX_sw2-GigabitEthernet0/0/3]port link-type trunk[HX_sw2-GigabitEthernet0/0/3]port trunk allow-pass vlan 200[HX_sw2-GigabitEthernet0/0/6]port link-ty acc[HX_sw2-GigabitEthernet0/0/6]port de vlan 801

2.MSTP配置

MSTP要求

  • 所有交换机的VLAN必须同步
  • VLAN分为两个组:
    • 组1:VLAN 2, 3, 200
    • 组2:VLAN 4, 5

核心交换机配置

[HX_sw1]stp region-configuration [HX_sw1-mst-region]instance 1 vlan 2 3 200[HX_sw1-mst-region]region-name aa[HX_sw1-mst-region]revision-level 1[HX_sw1-mst-region]instance 2 vlan 4 5[HX_sw1]stp instance 1 root primary[HX_sw1]stp instance 2 root secondary
[HX_sw2]stp instance 2 root primary[HX_sw2]stp instance 1 root secondary

交换机配置

  • 核心交换机作为实例1和实例2的根桥
  • 确保VLAN 2,3通过实例1,VLAN 4,5通过实例2
  • 核心交换机的VLAN Trunk口设置为阻塞(无误导оск弯)

3.VRRP配置

VRRP组件

  • 模拟多台路由器联合组成虚拟路由设备
  • 配置每个VLAN对应的VRRP组
    • VLAN 2:Master为sw1
    • VLAN 4,5:Master为sw2

核心交换机配置

[HX_sw1]vlanif 2[HX_sw1-Vlanif2]ip add 192.168.2.254/24[HX_sw1-Vlanif2]vrrp vrid 2 virtual-ip 192.168.2.1[HX_sw1-Vlanif2]vrrp vrid 2 priority 105[HX_sw1]vlanif 3[HX_sw1-Vlanif3]ip add 192.168.3.254/24[HX_sw1-Vlanif3]vrrp vrid 3 virtual-ip 192.168.3.1[HX_sw1-Vlanif3]vrrp vrid 3 priority 105[HX_sw1]vlanif 200[HX_sw1-Vlanif200]ip add 192.168.200.254/24[HX_sw1-Vlanif200]vrrp vrid 200 virtual-ip 192.168.200.1[HX_sw1-Vlanif200]vrrp vrid 200 priority 105[HX_sw1]vlanif 4[HX_sw1-Vlanif4]ip add 192.168.4.254/24[HX_sw1-Vlanif4]vrrp vrid 4 virtual-ip 192.168.4.1[HX_sw1-Vlanif4]vrrp vrid 4 priority 105[HX_sw1]vlanif 5[HX_sw1-Vlanif5]ip add 192.168.5.254/24[HX_sw1-Vlanif5]vrrp vrid 5 virtual-ip 192.168.5.1[HX_sw1-Vlanif5]vrrp vrid 5 priority 105
[HX_sw2]vlanif 4[HX_sw2-Vlanif4]ip add 192.168.4.253/24[HX_sw2-Vlanif4]vrrp vrid 4 virtual-ip 192.168.4.1[HX_sw2-Vlanif4]vrrp vrid 4 priority 105[HX_sw2]vlanif 5[HX_sw2-Vlanif5]ip add 192.168.5.253/24[HX_sw2-Vlanif5]vrrp vrid 5 virtual-ip 192.168.5.1[HX_sw2-Vlanif5]vrrp vrid 5 priority 105[HX_sw2]vlanif 2[HX_sw2-Vlanif2]ip add 192.168.2.253/24[HX_sw2-Vlanif2]vrrp vrid 2 virtual-ip 192.168.2.1

4.BFD配置

核心交换机配置

[HX_sw1]bfd[HX_sw1-bfd]bb bind peer-ip 192.168.12.1 source-ip 192.168.12.2 auto[CK_R1]bfd[CK_R1-bfd]cc bind peer-ip 192.168.23.2 source-ip 192.168.23.1 auto

出口路由器配置

[CK_R1]bfd[CK_R1-bfd]cc bind peer-ip 192.168.23.2 source-ip 192.168.23.1 auto

跟踪接口

[HX_sw1]vlanif 2[HX_sw1-Vlanif2]vrrp vrid 2 track bfd-session session-name bb[HX_sw1-Vlanif2]vrrp vrid 2 track int g0/0/1[HX_sw1]vlanif 3[HX_sw1-Vlanif3]vrrp vrid 3 track bfd-session session-name bb[HX_sw1-Vlanif3]vrrp vrid 3 track int g0/0/1[HX_sw1]vlanif 200[HX_sw1-Vlanif200]vrrp vrid 200 track bfd-session session-name bb[HX_sw1-Vlanif200]vrrp vrid 200 track int g0/0/1[HX_sw2]vlanif 4[HX_sw2-Vlanif4]vrrp vrid 4 track bfd-session session-name cc[HX_sw2-Vlanif4]vrrp vrid 4 track int g0/0/4[HX_sw2]vlanif 5[HX_sw2-Vlanif5]vrrp vrid 5 track bfd-session session-name cc[HX_sw2-Vlanif5]vrrp vrid 5 track int g0/0/4

5.OSPF配置

核心交换机

[HX_sw1]ospf 1[HX_sw1-ospf-1]area 0[HX_sw1-ospf-1]net 192.168.2.0 0.0.0.255[HX_sw1-ospf-1]net 192.168.3.0 0.0.0.255[HX_sw1-ospf-1]net 192.168.4.0 0.0.0.255[HX_sw1-ospf-1]net 192.168.5.0 0.0.0.255[HX_sw1-ospf-1]net 192.168.200.0 0.0.0.255[HX_sw1-ospf-1]net 192.168.12.0 0.0.0.255
[HX_sw2]ospf 1[HX_sw2-ospf-1]area 0[HX_sw2-ospf-1]net 192.168.2.0 0.0.0.255[HX_sw2-ospf-1]net 192.168.3.0 0.0.0.255[HX_sw2-ospf-1]net 192.168.4.0 0.0.0.255[HX_sw2-ospf-1]net 192.168.5.0 0.0.0.255[HX_sw2-ospf-1]net 192.168.200.0 0.0.0.255[HX_sw2-ospf-1]net 192.168.23.0 0.0.0.255

出口路由器

[R1]ospf 1[R1-ospf-1]area 0[R1-ospf-1]network 192.168.12.0 0.0.0.255[R1-ospf-1]network 192.168.23.0 0.0.0.255[R1-ospf-1]network 14.1.1.0 0.0.0.255[R1-ospf-1]network 192.168.100.0 0.0.0.255

电信路由器和联通路由器

[DX_R2]ospf 1[DX_R2-ospf-1]network 12.1.1.0 0.0.0.255
[LT_R3]ospf 1[LT_R3-ospf-1]network 13.1.1.0 0.0.0.255

分支路由器

[FZ_R4]ospf 1[FZ_R4-ospf-1]area 0[FZ_R4-ospf-1]network 14.1.1.0 0.0.0.255[FZ_R4-ospf-1]network 192.168.100.0 0.0.0.255

6.DHCP中继配置

核心交换机配置

[HX_sw1]dhcp enable[HX_sw1]vlanif 2[HX_sw1-Vlanif2]dhcp select relay[HX_sw1-Vlanif2]dhcp relay server-ip 192.168.200.3[HX_sw1]vlanif 3[HX_sw1-Vlanif3]dhcp select relay[HX_sw1-Vlanif3]dhcp relay server-ip 192.168.200.3[HX_sw1]vlanif 4[HX_sw1-Vlanif4]dhcp select relay[HX_sw1-Vlanif4]dhcp relay server-ip 192.168.200.3[HX_sw1]vlanif 5[HX_sw1-Vlanif5]dhcp select relay[HX_sw1-Vlanif5]dhcp relay server-ip 192.168.200.3[HX_sw2]dhcp enable[HX_sw2]vlanif 2[HX_sw2-Vlanif2]dhcp select relay[HX_sw2-Vlanif2]dhcp relay server-ip 192.168.200.3[HX_sw2]vlanif 3[HX_sw2-Vlanif3]dhcp select relay[HX_sw2-Vlanif3]dhcp relay server-ip 192.168.200.3[HX_sw2]vlanif 4[HX_sw2-Vlanif4]dhcp select relay[HX_sw2-Vlanif4]dhcp relay server-ip 192.168.200.3[HX_sw2]vlanif 5[HX_sw2-Vlanif5]dhcp select relay[HX_sw2-Vlanif5]dhcp relay server-ip 192.168.200.3

7.NAT配置

出口路由器

[R1]nat server protocol tcp global current-interface 80 inside 192.168.200.2 80

外网用户

[R5]ip add 6.6.6.1 24

8.ACL配置

禁止vlan5访问外网

[R1]acl 3005[R1-acl-basic-3005]rule deny ip source 192.168.5.0 0.0.0.255 destination 192.168.0.0 0.0.255.255

9.DHCP安全技术

交换机DHCP Snooping

[JR_sw5]dhcp snooping enable[JR_sw5]vlan 2[JR_sw5-vlan2]dhcp snooping enable[JR_sw6]dhcp snooping enable[JR_sw6]vlan 3[JR_sw6-vlan3]dhcp snooping enable[JR_sw7]dhcp snooping enable[JR_sw7]vlan 4[JR_sw7-vlan4]dhcp snooping enable[JR_sw7]vlan 5[JR_sw7-vlan5]dhcp snooping enable

10.PPPOE配置

服务端配置

[DX_R2]ip pool pool1 network 12.1.1.0 mask 24 gateway-list 12.1.1.2[DX_R2]local-user 0531 password cipher 123456[DX_R2]interface Virtual-Template 1 ppp authentication-mode pap remote address pool pool1 ip address 12.1.1.2 255.255.255.0[DX_R2]int g0/0/0 pppoe-server bind Virtual-Template 1[DX_R2]int g0/0/0 pppoe-client dial-bundle-number 2

11.出口路由配置

电信PPPOE作为备份出口

[R1]ip route-static 0.0.0.0 0.0.0.0 13.1.1.2[R1]ip route-static 0.0.0.0 0.0.0.0 Dialer1 preference 85

12.NAT服务器

出口路由器

[R1]int g1/0/0 nat server protocol tcp global current-interface 80 inside 192.168.200.2 80

13.ACL优化

禁止vlan5访问外网

[R1]acl 3005[R1-acl-basic-3005]rule deny ip source 192.168.5.0 0.0.0.255 destination 192.168.0.0 0.0.255.255

14.策略路由(注:模拟器bug,暂不生效)

核心交换机配置

[HX_sw1]traffic-policy aa inbound[int g0/0/0]traffic-policy aa inbound[int g0/0/1]traffic-policy aa inbound

15.Telnet配置

核心交换机

[HX_sw1]vty 0 4 authentication-mode aaaa[HX_sw1]dhcp enable[HX_sw1]ip address 192.168.255.254 255.255.255.0[HX_sw1]vrrp vrid 255 virtual-ip 192.168.255.1

16.优化STP

边缘端口配置

[JR_sw5]stp edged-port enable

核心交换机禁用STP口

[HX_sw1]stp disable[HX_sw2]stp disable

核心捆绑链路优化

[HX_sw1]Eth-Trunk 2[HX_sw1-Eth-Trunk2]stp instance 1 cost 10000[HX_sw1-Eth-Trunk2]stp instance 2 cost 10000[HX_sw2]Eth-Trunk 2[HX_sw2-Eth-Trunk2]stp instance 1 cost 10000[HX_sw2-Eth-Trunk2]stp instance 2 cost 10000

以上为完整的技术文档,涵盖了网络设备的配置和优化建议。

转载地址:http://jgsi.baihongyu.com/

你可能感兴趣的文章
Oracle静默安装
查看>>
【Bert101】变压器模型背后的复杂数学【02/4】
查看>>
Oracle面试题:Oracle中truncate和delete的区别
查看>>
ThreadLocal线程内部存储类
查看>>
thinkphp 常用SQL执行语句总结
查看>>
Oracle:ORA-00911: 无效字符
查看>>
Text-to-Image with Diffusion models的巅峰之作:深入解读 DALL·E 2
查看>>
Tensorflow.python.framework.errors_impl.ResourceExhaustedError:无法分配内存[操作:AddV2]
查看>>
TCP基本入门-简单认识一下什么是TCP
查看>>
tableviewcell 中使用autolayout自适应高度
查看>>
Symbolic Aggregate approXimation(SAX,符号聚合近似)介绍-ChatGPT4o作答
查看>>
Orcale表被锁
查看>>
svn访问报错500
查看>>
sum(a.YYSR) over (partition by a.hy_dm) 不需要像group by那样需要分组函数。方便。
查看>>
ORCHARD 是什么?
查看>>
Struts2中使用Session的两种方法
查看>>
Stream API:filter、map和flatMap 的用法
查看>>
STM32工作笔记0032---编写跑马灯实验---寄存器版本
查看>>
Static--用法介绍
查看>>
ssm旅游信息管理系统的设计与实现bus56(程序+开题)
查看>>
喝酒易醉,品茶养心,人生如梦,品茶悟道,何以解忧?唯有杜康!-- 愿君每日到此一游!
当前时间: 2026-04-17 13:43:27   当前IP: 10.3.155.166   联系邮箱:javaeecc@qq.com     Copyright © 2020 - 2025 baihongyu.com 京ICP备2021015314号-2