構建高可用性網絡

 

                            實驗目標

1實現VLAN的統一配置和管理

2配置鏈路備份從而實現網絡的高可用性

3配置OSPF使尋址更高效並選擇最優路徑

4配置NAT實現內部與外部的通訊

5配置IPSEC ***實現站點與站點的安全通訊

 

                

                            配置步鄹

1.     配置VTP實現VLAN的統一配置和管理（配置VTP前要先配置TRUNK口，VTP在服務器上配置）

測試：在客戶端用show vlan-switch

2.     配置PVST（指定主根橋，次根橋，上行鏈路，速端口，以太網通道）

測試：在非根橋上用show spanning-tree bri

3.     在三層交換機上起路由並配置路由接口，配置VLAN的IP（實現不同VLAN間的通信）

4.     配置OSPF

測試：用show ip route

5.     配置HSRP（虛擬IP，優先級，佔先權，端口跟蹤—只有活躍的一方配）

測試：用show standby bri

6.     配置NAT

測試：用show ip nat translation

7.     配置***

 

                        相關配置命令

 

R1

 

  en

  config t

  no ip http server

  no ip domain-loo

  line con 0

  loggin syn

  no exec-t

  end

  conf t

  host R1

  int s0/0

  ip add 201.0.0.1 255.255.255.0

  no shut

  exit

  int lo0

  ip add 7.7.7.7 255.255.255.0

  no shut

  exit

  access-list 1 permit 7.7.7.0 0.0.0.255

  route-map fornat permit 10

  match ip add 1

  exit

  ip nat inside source route-map fornat interface s0/0 overload

  int s0/0

  ip nat outside

  exit

  int lo0

  ip nat inside

  exit

  ip route 0.0.0.0 0.0.0.0 s0/0

  crypto isakmp enable

  crypto isakmp policy 10

  hash md5

  authentication pre-share

  encryption des

  exit

  crypto isakmp key 0 qqq111,,, address 202.0.0.1

  crypto ipsec transform-set for*** esp-des esp-md5-hmac

  exit

  crypto ipsec profile site2site

  set transform-set for***

  interface tunnel 0

  ip add 5.5.5.6 255.255.255.0

  tunnel source s0/0

  tunnel destination 202.0.0.1

  tunnel protection ipsec profile site2site

  no shut

  exit

  router ospf 500

  network 7.7.7.7 0.0.0.0 area 2

  network 5.5.5.6 0.0.0.0 area 2

 

  R2

  en

  config t

  no ip http server

  no ip domain-loo

  line con 0

  loggin syn

  no exec-t

  end

  conf t

  host R2

  int s0/0

  ip add 201.0.0.2 255.255.255.0

  clock rate 64000

  no shut

  exit

  int s0/1

  ip add 202.0.0.2 255.255.255.0

  clock rate 64000

  no shut

 

  R3

  en

  config t

  no ip http server

  no ip domain-loo

  line con 0

  loggin syn

  no exec-t

  end

  conf t

  host R3

  int s0/1

  ip add 202.0.0.1 255.255.255.0

  no shut

  exit

  int lo0

  ip add 1.1.1.1 255.255.255.0

  no shut

  exit

  int s0/0

  ip add 192.168.10.9 255.255.255.252

  no shut

  exit

  int f1/0

  ip add 192.168.10.1 255.255.255.252

  no shut

  exit

  int f2/0

  ip add 192.168.10.5 255.255.255.252

  no shut

  exit

  access-list 1 permit 192.168.0.0 0.0.255.255

  route-map fornat permit 10

  match ip add 1

  exit

  ip nat inside source route-map fornat interface s0/1 overload

  int s0/1

  ip nat outside

  exit

  int s0/0

  ip nat inside

  int f1/0

  ip nat inside

  exit

  int f2/0

  ip nat inside

  exit

  ip route 0.0.0.0 0.0.0.0 s0/1

  crypto isakmp enable

  crypto isakmp policy 10

  hash md5

  authentication pre-share

  encryption des

  exit

  crypto isakmp key 0 qqq111,,, address 201.0.0.1

  crypto ipsec transform-set for*** esp-des esp-md5-hmac

  exit

  crypto ipsec profile site2site

  set transform-set for***

  interface tunnel 0

  ip add 5.5.5.5 255.255.255.0

  tunnel source s0/1

  tunnel destination 201.0.0.1

  tunnel protection ipsec profile site2site

  no shut

  exit

  router ospf 400

  network 1.1.1.1 0.0.0.0 area 0

  network 192.168.10.1 0.0.0.0 area 0

  network 192.168.10.5 0.0.0.0 area 0

  network 192.168.10.9 0.0.0.0 area 1

  network 5.5.5.5 0.0.0.0 area 2

 

  R4

  en

  config t

  no ip http server

  no ip domain-loo

  line con 0

  loggin syn

  no exec-t

  end

  conf t

  int s0/0

  ip add 192.168.10.10 255.255.255.252

  no shut

  exit

  int lo0

  ip add 6.6.6.6 255.255.255.252

  no shut

  exit

  ip route 0.0.0.0 0.0.0.0 s0/0

  router ospf 300

  network 192.168.10.10 0.0.0.0 area 1

  network 6.6.6.6 0.0.0.0 area 1

 

  sw1

  en

  config t

  no ip http server

  no ip domain-loo

  line con 0

  loggin syn

  no exec-t

  end

  conf t

  int range fastethernet 0/1 - 15

  swit mode trunk

  exit

  int f0/0

  no sw

  ip add 192.168.10.2 255.255.255.252

  no shut

  end

  vlan data

  vtp domain test

  vtp ser

  vtp pass 111111

  vtp prun

  vlan 2

  vlan 3

  vlan 4

  vlan 5

  exit

  conf t

  spanning-tree vlan 2 root primary

  spanning-tree vlan 3 root sec

  spanning-tree vlan 4 root primary

  spanning-tree vlan 5 root sec

  int range f 0/14 - 15

  channel-group 1 mode on

  exit

  int vlan 2

  ip add 192.168.2.254 255.255.255.0

  no shut

  exit

  int vlan 3

  ip add 192.168.3.254 255.255.255.0

  no shut

  exit

  int vlan 4

  ip add 192.168.4.254 255.255.255.0

  no shut

  exit

  int vlan 5

  ip add 192.168.5.254 255.255.255.0

  no shut

  exit

  ip route 0.0.0.0 0.0.0.0 f0/0

  router ospf 100

  network 192.168.10.2 0.0.0.0 area 0

  network 192.168.2.254 0.0.0.0 area 0

  network 192.168.3.254 0.0.0.0 area 0

  network 192.168.4.254 0.0.0.0 area 0

  network 192.168.5.254 0.0.0.0 area 0

  exit

  int vlan 2

  no ip redirects

  standby 50 ip 192.168.2.1

  standby 50 priority 100

  standby 50 preempt

  standby 50 track f0/0 20

  exit

  int vlan 3

  no ip redirects

  standby 51 ip 192.168.3.1

  standby 51 priority 100

  standby 51 preempt

  standby 51 track f0/0 20

  exit

  int vlan 4

  no ip redirects

  standby 52 ip 192.168.4.1

  standby 52 priority 100

  standby 52 preempt

  standby 52 track f0/0 20

  exit

  int vlan 5

  no ip redirects

  standby 53 ip 192.168.5.1

  standby 53 priority 100

  standby 53 preempt

  standby 53 track f0/0 20

  end

 

 

  sw2

  en

  config t

  no ip http server

  no ip domain-loo

  line con 0

  loggin syn

  no exec-t

  end

  conf t

  int range fastethernet 0/1 - 15

  swit mode trunk

  exit

  int f0/0

  no sw

  ip add 192.168.10.6 255.255.255.252

  no shut

  end

  vlan data

  vtp domain test

  vtp ser

  vtp pass 111111

  vtp prun

  vlan 2

  vlan 3

  vlan 4

  vlan 5

  exit

  conf t

  spanning-tree vlan 3 root primary

  spanning-tree vlan 2 root sec

  spanning-tree vlan 5 root primary

  spanning-tree vlan 4 root sec

  int range f 0/14 - 15

  channel-group 1 mode on

  exit

  int vlan 2

  ip add 192.168.2.253 255.255.255.0

  no shut

  exit

  int vlan 3

  ip add 192.168.3.253 255.255.255.0

  no shut

  exit

  int vlan 4

  ip add 192.168.4.253 255.255.255.0

  no shut

  exit

  int vlan 5

  ip add 192.168.5.253 255.255.255.0

  no shut

  exit

  ip route 0.0.0.0 0.0.0.0 f0/0

  router ospf 200

  network 192.168.10.6 0.0.0.0 area 0

  network 192.168.2.253 0.0.0.0 area 0

  network 192.168.3.253 0.0.0.0 area 0

  network 192.168.4.253 0.0.0.0 area 0

  network 192.168.5.253 0.0.0.0 area 0

  exit

  int vlan 2

  no ip redirects

  standby 50 ip 192.168.2.1

  standby 50 priority 90

  standby 50 preempt

  exit

  int vlan 3

  no ip redirects

  standby 51 ip 192.168.3.1

  standby 51 priority 90

  standby 51 preempt

  exit

  int vlan 4

  no ip redirects

  standby 52 ip 192.168.4.1

  standby 52 priority 90

  standby 52 preempt

  exit

  int vlan 5

  no ip redirects

  standby 53 ip 192.168.5.1

  standby 53 priority 90

  standby 53 preempt

  end

 

  sw3

 

  en

  config t

  no ip http server

  no ip domain-loo

  line con 0

  loggin syn

  no exec-t

  end

  conf t

  int range fastethernet 0/1 - 2

  swit mode trunk

  end

  vlan data

  vtp domain test

  vtp cli

  vtp pass 111111

  exit

 

  SW4

 

  en

  config t

  no ip http server

  no ip domain-loo

  line con 0

  loggin syn

  no exec-t

  end

  conf t

  int range fastethernet 0/1 - 2

  swit mode trunk

  end

  vlan data

  vtp domain test

  vtp cli

  vtp pass 111111

  exit

 

  SW5

 

  en

  config t

  no ip http server

  no ip domain-loo

  line con 0

  loggin syn

  no exec-t

  end

  conf t

  int range fastethernet 0/1 - 2

  swit mode trunk

  end

  vlan data

  vtp domain test

  vtp cli

  vtp pass 111111

  exit