剛剛學完CCNA的小夥伴們,是不是已經迫不及待的想動手大幹一場了吶?
吶,花花送給你們。
拓撲如下:
業務簡介:
總部
交換機使用標準生成樹協議
SW1爲10.1.100.0/24和10.1.200.0/24網段的根,SW2爲備份根
SW2爲10.1.101.0/24網段的根,SW1爲備份根
在連接終端的接口部署portfast特性;
劃分四個vlan,爲兩個部門、一個服務集羣、以及一個SVI接口服務;
其中SW1爲 VTP Server,其它兩臺爲 Client,VTP域名爲QCNA,密碼爲 qytang.com;
兩臺核心交換機通過二層以太通道相連,使用HSRP爲下聯業務網段提供透明的網關冗餘服務;
兩臺核心交換機使用 SVI 接口做三層互聯,與網關路由器(R1)使用物理接口做三層互聯;
網關路由器爲DHCP服務器,核心交換機爲DHCP中繼代理,使用DHCP爲Server1指派固定IP地址10.1.200.100/24;
核心交換機和網關路由器之間使用OSPF作爲動態路由協議,創建環回口(10.1.255.X/32)做爲OSPF的router-id,並由網關路由器對內下發默認路由;
網關路由器使用S1/0與運營商專線相連,使用用戶名HQ和密碼cisco與ISP做CHAP認證;
網關路由器使用e0/0接口與ISP做專線互聯,部署PPPoE,使用用戶名HQ和密碼cisco與ISP做CHAP認證;
網關路由器做NAT,爲私網主機提供互聯網訪問服務;
在兩個連接互聯網的接口上部署浮動靜態路由,主要走PPPoE鏈路;
分支
交換機使用標準生成樹協議,在連接終端的接口部署portfast特性;
劃分兩個vlan,爲兩個部門服務;
網關路由器做單臂路由,爲兩個部門服務;
網關路由器做NAT,爲私網主機提供互聯網訪問服務;
使用專線與ISP連接;
總體規劃
總部和分支之間使用GRE隧道技術建立簡單的×××,並能夠根據浮動靜態路由實現冗餘(做兩個隧道);
允許總部的10.1.100.0/24網段通過×××訪問 Server 2;
禁止總部的10.1.101.0/24網段通過×××訪問 Server 2;
允許分支的10.2.100.0/24網段通過×××訪問Server 1 的Web業務;
禁止分支的10.2.100.0/24網段通過×××訪問Server 1 的所有其它業務;
總部和分支的網關路由器通過GRE隧道做OSPF動態路由協議;
實戰部署:
配置總部交換機的trunk
SW1(config)#interface range e0/3,e1/2-3
SW1(config-if-range)#switchport trunk encapsulation dot1q
SW1(config-if-range)#switchport mode trunk
SW2(config)#interface range e1/0,e1/2-3
SW2(config-if-range)# switchport trunk encapsulation dot1q
SW2(config-if-range)# switchport mode trunk
SW3(config)#interface range e0/3,e1/0
SW3(config-if-range)# switchport trunk encapsulation dot1q
SW3(config-if-range)# switchport mode trunk
配置總部交換機的以太通道
SW1(config)#interface range e1/2-3
SW1(config-if-range)#shutdown
SW2(config)#interface range e1/2-3
SW2(config-if-range)#shutdown
SW1(config-if-range)#channel-group 12 mode on
Creating a port-channel interface Port-channel 12
SW2(config-if-range)#channel-group 12 mode on
Creating a port-channel interface Port-channel 12
SW1(config-if-range)#no shutdown
SW2(config-if-range)#no shutdown
驗證: SW1\SW2\SW3
SW1#show interfaces trunk
Port Mode Encapsulation Status Native vlan
Et0/3 on 802.1q trunking 1
Po12 on 802.1q trunking 1
Port Vlans allowed on trunk
Et0/3 1-4094
Po12 1-4094
Port Vlans allowed and active in management domain
Et0/3 1
Po12 1
Port Vlans in spanning tree forwarding state and not pruned
Et0/3 1
Po12 1
SW1#show etherchannel summary
Flags: D - down P - bundled in port-channel
I - stand-alone s - suspended
H - Hot-standby (LACP only)
R - Layer3 S - Layer2
U - in use N - not in use, no aggregation
f - failed to allocate aggregator
M - not in use, minimum links not met
m - not in use, port not aggregated due to minimum links not met
u - unsuitable for bundling
w - waiting to be aggregated
d - default port
A - formed by Auto LAG
Number of channel-groups in use: 1
Number of aggregators: 1
Group Port-channel Protocol Ports
------+-------------+-----------+-----------------------------------------------
12 Po12(SU) - Et1/2(P) Et1/3(P)
配置總部交換機的VTP
SW1(config)#vtp mode server
Device mode already VTP Server for VLANS.
SW1(config)#vtp password qytang.com
Setting device VTP password to qytang.com
SW1(config)#vtp domain QCNA
Changing VTP domain name from NULL to QCNA
*Oct 22 07:23:21.865: %SW_VLAN-6-VTP_DOMAIN_NAME_CHG: VTP domain name changed to QCNA.
SW2(config)#vtp mode client
Setting device to VTP Client mode for VLANS.
SW2(config)#vtp password qytang.com
Setting device VTP password to qytang.com
SW3(config)#vtp mode client
Setting device to VTP Client mode for VLANS.
SW3(config)#vtp password qytang.com
Setting device VTP password to qytang.com
配置VLAN:
SW1(config)#vlan 100
SW1(config-vlan)#vlan 101
SW1(config-vlan)#vlan 200
SW1(config-vlan)#vlan 12
// 其中:vlan 100服務於 10.1.100.0/24網段;vlan101服務於 10.1.101.0/24網段;vlan200服務於 10.1.200.0/24網段;vlan12服務於SW1和SW2之間互聯;//
驗證:
SW1#show vtp status
VTP Version capable : 1 to 3
VTP version running : 1
VTP Domain Name : QCNA
VTP Pruning Mode : Disabled
VTP Traps Generation : Disabled
Device ID : aabb.cc80.4000
Configuration last modified by 0.0.0.0 at 10-22-18 07:33:56
Local updater ID is 0.0.0.0 (no valid interface found)
Feature VLAN:
--------------
VTP Operating Mode : Server
Maximum VLANs supported locally : 1005
Number of existing VLANs : 9
Configuration Revision : 4
MD5 digest : 0x21 0x09 0xA2 0xA4 0xEF 0xEE 0xBF 0xFE
0xE0 0xC8 0xA3 0x0A 0x5B 0x83 0x28 0xE1
SW2#show vtp status
VTP Version capable : 1 to 3
VTP version running : 1
VTP Domain Name : QCNA
VTP Pruning Mode : Disabled
VTP Traps Generation : Disabled
Device ID : aabb.cc80.5000
Configuration last modified by 0.0.0.0 at 10-22-18 07:33:56
Feature VLAN:
--------------
VTP Operating Mode : Client
Maximum VLANs supported locally : 1005
Number of existing VLANs : 9
Configuration Revision : 4
MD5 digest : 0x21 0x09 0xA2 0xA4 0xEF 0xEE 0xBF 0xFE
0xE0 0xC8 0xA3 0x0A 0x5B 0x83 0x28 0xE1
SW3#show vtp status
VTP Version capable : 1 to 3
VTP version running : 1
VTP Domain Name : QCNA
VTP Pruning Mode : Disabled
VTP Traps Generation : Disabled
Device ID : aabb.cc80.6000
Configuration last modified by 0.0.0.0 at 10-22-18 07:33:56
Feature VLAN:
--------------
VTP Operating Mode : Client
Maximum VLANs supported locally : 1005
Number of existing VLANs : 9
Configuration Revision : 4
MD5 digest : 0x21 0x09 0xA2 0xA4 0xEF 0xEE 0xBF 0xFE
0xE0 0xC8 0xA3 0x0A 0x5B 0x83 0x28 0xE1
配置生成樹:
SW1(config)#spanning-tree vlan 100,200 priority 0
SW1(config)#spanning-tree vlan 101 priority 4096
SW2(config)#spanning-tree vlan 100,200 priority 4096
SW2(config)#spanning-tree vlan 101 priority 0
SW1(config)#spanning-tree portfast default
%Warning: this command enables portfast by default on all interfaces. You
should now disable portfast explicitly on switched ports leading to hubs,
switches and bridges as they may create temporary bridging loops.
SW2(config)#spanning-tree portfast default
%Warning: this command enables portfast by default on all interfaces. You
should now disable portfast explicitly on switched ports leading to hubs,
switches and bridges as they may create temporary bridging loops.
將接口指派到VLAN:
將PC1、PC2、Server1的e0/0接口開啓,在交換機上通過CDP發現終端所連接的接口;
SW3#show cdp neighbors //在接入交換機上查看CDP鄰居信息,並根據內容將接口指派到VLAN
Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge
S - Switch, H - Host, I - IGMP, r - Repeater, P - Phone,
D - Remote, C - CVTA, M - Two-port Mac Relay
Device ID Local Intrfce Holdtme Capability Platform Port ID
Server1 Eth 0/2 135 R Linux Uni Eth 0/0
PC2 Eth 0/1 173 R Linux Uni Eth 0/0
PC1 Eth 0/0 158 R Linux Uni Eth 0/0
SW1 Eth 0/3 169 R S I Linux Uni Eth 0/3
SW2 Eth 1/0 154 R S I Linux Uni Eth 1/0
Total cdp entries displayed : 5
SW3(config)#interface range e0/0-2
SW3(config-if-range)#switchport mode access
SW3(config-if-range)#interface e0/0
SW3(config-if)#switchport access vlan 100
SW3(config-if)#interface e0/1
SW3(config-if)#switchport access vlan 101
SW3(config-if)#interface e0/2
SW3(config-if)#switchport access vlan 200
驗證:
SW3#show vlan brief
VLAN Name Status Ports
---- -------------------------------- --------- -------------------------------
1 default active Et1/1, Et1/2, Et1/3
12 VLAN0012 active
100 VLAN0100 active Et0/0
101 VLAN0101 active Et0/1
200 VLAN0200 active Et0/2
1002 fddi-default act/unsup
1003 token-ring-default act/unsup
1004 fddinet-default act/unsup
1005 trnet-default act/unsup
配置核心交換機之間互聯
SW1(config)#interface vlan 12
SW1(config-if)#ip address 10.1.112.1 255.255.255.0
SW1(config-if)#no shutdown
SW2(config)#interface vlan 12
SW2(config-if)#ip address 10.1.112.2 255.255.255.0
SW2(config-if)#no shutdown
驗證與測試:
SW2#show ip interface brief vlan12
Interface IP-Address OK? Method Status Protocol
Vlan12 10.1.112.2 YES manual up up
SW2#ping 10.1.112.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.1.112.1, timeout is 2 seconds:
.!!!!
Success rate is 80 percent (4/5), round-trip min/avg/max = 1/1/1 ms
配置核心交換機與網關路由器的互聯:
R1(config)#interface e0/1
R1(config-if)#ip address 10.1.11.1 255.255.255.0
R1(config-if)#no shutdown
R1(config-if)#interface e0/2
R1(config-if)#ip address 10.1.12.1 255.255.255.0
R1(config-if)#no shutdown
SW1(config)#interface e0/1
SW1(config-if)#no switchport
SW1(config-if)#ip address 10.1.11.2 255.255.255.0
SW2(config)#interface e0/2
SW2(config-if)#no switchport
SW2(config-if)#ip address 10.1.12.2 255.255.255.0
測試:
R1#ping 10.1.11.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.1.11.2, timeout is 2 seconds:
.!!!!
Success rate is 80 percent (4/5), round-trip min/avg/max = 1/1/2 ms
R1#ping 10.1.12.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.1.12.2, timeout is 2 seconds:
.!!!!
Success rate is 80 percent (4/5), round-trip min/avg/max = 1/1/1 ms
在覈心交換機上創建SVI接口爲業務網段服務:
SW1(config-if)#interface vlan 100
SW1(config-if)#ip address 10.1.100.252 255.255.255.0
SW1(config-if)#no shutdown
SW1(config-if)#interface vlan 101
SW1(config-if)#ip address 10.1.101.252 255.255.255.0
SW1(config-if)#no shutdown
SW1(config-if)#interface vlan 200
SW1(config-if)#ip address 10.1.200.252 255.255.255.0
SW1(config-if)#no shutdown
SW2(config-if)#interface vlan 100
SW2(config-if)#ip address 10.1.100.253 255.255.255.0
SW2(config-if)#no shutdown
SW2(config-if)#interface vlan 101
SW2(config-if)#ip address 10.1.101.253 255.255.255.0
SW2(config-if)#no shutdown
SW2(config-if)#interface vlan 200
SW2(config-if)#ip address 10.1.200.253 255.255.255.0
SW2(config-if)#no shutdown
驗證:
SW1#show ip interface brief | include Vlan
Vlan12 10.1.112.1 YES manual up up
Vlan100 10.1.100.252 YES manual up up
Vlan101 10.1.101.252 YES manual up up
Vlan200 10.1.200.252 YES manual up up
SW2#show ip interface brief | include Vlan
Vlan12 10.1.112.2 YES manual up up
Vlan100 10.1.100.253 YES manual up up
Vlan101 10.1.101.253 YES manual up up
Vlan200 10.1.200.253 YES manual up up
配置總部的動態路由協議OSPF
R1(config)#interface loopback 0
R1(config-if)#ip address 10.1.255.1 255.255.255.255
R1(config-if)#ip ospf 110 area 0
R1(config)#interface e0/1
R1(config-if)#ip ospf 110 area 0
R1(config-if)#interface e0/2
R1(config-if)#ip ospf 110 area 0
R1(config-if)#no router ospf 110
R1(config-router)#default-information originate //此命令的驗證現象需要做完互聯網接入纔有效果//
SW1(config)#interface loopback 0
SW1(config-if)#ip address 10.1.255.11 255.255.255.255
SW1(config-if)#interface e0/1
SW1(config-if)#ip ospf 110 area 0
SW1(config-if)#interface vlan 12
SW1(config-if)#ip ospf 110 area 0
SW1(config-if)#interface vlan 100
SW1(config-if)#ip ospf 110 area 0
SW1(config-if)#interface vlan 101
SW1(config-if)#ip ospf 110 area 0
SW1(config-if)#interface vlan 200
SW1(config-if)#ip ospf 110 area 0
SW2(config)#interface loopback 0
SW2(config-if)#ip address 10.1.255.22 255.255.255.255
SW2(config-if)#interface e0/2
SW2(config-if)#ip ospf 110 area 0
SW2(config-if)#interface vlan 100
SW2(config-if)#ip ospf 110 area 0
SW2(config-if)#interface vlan 101
SW2(config-if)#ip ospf 110 area 0
SW2(config-if)#ip ospf 110 area 0
SW2(config-if)#interface vlan 200
SW2(config-if)#ip ospf 110 area 0
SW2(config-if)#interface vlan 12
SW2(config-if)#ip ospf 110 area 0
SW1(config)#router ospf 110
SW1(config-router)#passive-interface vlan 100
SW1(config-router)#passive-interface vlan 101
SW1(config-router)#passive-interface vlan 200
SW2(config)#router ospf 110
SW2(config-router)#passive-interface vlan 100
SW2(config-router)#passive-interface vlan 101
SW2(config-router)#passive-interface vlan 200
驗證:
R1#show ip ospf neighbor
Neighbor ID Pri State Dead Time Address Interface
10.1.255.22 1 FULL/DR 00:00:38 10.1.12.2 Ethernet0/2
10.1.255.11 1 FULL/DR 00:00:37 10.1.11.2 Ethernet0/1
R1#show ip route ospf | begin Gateway
Gateway of last resort is not set
10.0.0.0/8 is variably subnetted, 9 subnets, 2 masks
O 10.1.100.0/24 [110/11] via 10.1.12.2, 00:09:39, Ethernet0/2
[110/11] via 10.1.11.2, 00:11:04, Ethernet0/1
O 10.1.101.0/24 [110/11] via 10.1.12.2, 00:09:29, Ethernet0/2
[110/11] via 10.1.11.2, 00:10:03, Ethernet0/1
O 10.1.112.0/24 [110/11] via 10.1.12.2, 00:10:54, Ethernet0/2
[110/11] via 10.1.11.2, 00:11:04, Ethernet0/1
O 10.1.200.0/24 [110/11] via 10.1.12.2, 00:09:29, Ethernet0/2
[110/11] via 10.1.11.2, 00:10:03, Ethernet0/1
配置網關冗餘協議: HSRP
SW1(config)#interface vlan 100
SW1(config-if)#standby 100 ip 10.1.100.254
SW1(config-if)#standby 100 priority 200
SW1(config)#interface vlan 101
SW1(config-if)#standby 101 ip 10.1.101.254
SW1(config-if)#standby 101 priority 150
SW1(config)#interface vlan 200
SW1(config-if)#standby 200 ip 10.1.200.254
SW2(config)#interface vlan 100
SW2(config-if)#standby 100 ip 10.1.100.254
SW2(config-if)#standby 100 priority 150
SW2(config)#interface vlan 101
SW2(config-if)#standby 101 ip 10.1.101.254
SW2(config-if)#standby 101 priority 200
SW2(config)#interface vlan 200
SW2(config-if)#standby 200 ip 10.1.200.254
驗證:
SW1#show standby brief
P indicates configured to preempt.
|
Interface Grp Pri P State Active Standby Virtual IP
Vl100 100 200 Active local 10.1.100.253 10.1.100.254
Vl101 101 150 Standby 10.1.101.253 local 10.1.101.254
Vl200 200 100 Standby 10.1.200.253 local 10.1.200.254
SW2#show standby brief
P indicates configured to preempt.
|
Interface Grp Pri P State Active Standby Virtual IP
Vl100 100 150 Standby 10.1.100.252 local 10.1.100.254
Vl101 101 200 Active local 10.1.101.252 10.1.101.254
Vl200 200 100 Active local 10.1.200.252 10.1.200.254
配置DHCP服務:
R1(config)#ip dhcp pool vlan100
R1(dhcp-config)#network 10.1.100.0 /24
R1(dhcp-config)#default-router 10.1.100.254
R1(dhcp-config)#ip dhcp pool vlan101
R1(dhcp-config)#network 10.1.101.0 /24
R1(dhcp-config)#default-router 10.1.101.254
R1(dhcp-config)#ip dhcp pool vlan200
R1(dhcp-config)#host 10.1.200.100 /24
R1(dhcp-config)#client-identifier 01aabb.cc00.b000
配置DHCP中繼
SW1(config)#interface vlan 100
SW1(config-if)#ip helper-address 10.1.255.1
SW1(config-if)#interface vlan 101
SW1(config-if)#ip helper-address 10.1.255.1
SW1(config-if)#interface vlan 200
SW1(config-if)#ip helper-address 10.1.255.1
SW2(config)#interface vlan 100
SW2(config-if)#ip helper-address 10.1.255.1
SW2(config-if)#interface vlan 101
SW2(config-if)#ip helper-address 10.1.255.1
SW2(config-if)#interface vlan 200
SW2(config-if)#ip helper-address 10.1.255.1
配置客戶端
PC1(config)#interface e0/0
PC1(config-if)#ip address dhcp
PC2(config)#interface e0/0
PC2(config-if)#ip address dhcp
Server1(config)#interface e0/0
Server1(config-if)#ip address dhcp client-id e0/0
*Oct 22 08:54:01.377: %DHCP-6-ADDRESS_ASSIGN: Interface Ethernet0/0 assigned DHCP address 10.1.200.100, mask 255.255.255.0, hostname Server1
《未完待續,敬請期待下集》
謝謝觀賞,我是乾頤堂CCIE導師,達叔。