公司網絡架構拓撲設計搭建

企業的基本拓撲：

思路：1）先配置匯聚層和接入層，再配置核心層和路由

    2）SW5 SW6 SW7 SW8 配置端口trunk模式並進行端口綁定、創建vtp。

    3）配置SW5和SW6上的vlan的地址，配置vrrp和生成樹的基本配置

    4）配置核心層的端口地址和路由OSPF的配置

    5）ping外網進行測試並模擬故障等

    6)這只是其中一部分，若有分公司可通過***實現與總公司內網之間的相互訪問，本案例只是一個縮影

步驟如下: 1）配置R5 R6 R7 R8的trunk

R5和R6:

conf ter

int range f0/1 -4  //多個端口配置trunk模式

sw trunk en do

sw mode trunk

int range f0/3 -4

channel-gr 1 mode on //端口捆綁做負載平衡

end

R7和R8：

conf ter

in range f0/14 -15

sw trunk en do

sw mode trunk

R5：

vlan da    //創建vlan

vtp domain myvtp  //創建vlan域名實現R5,R6,R7,R8vlan的同步

vlan 10

vlan 20

vlan 30

vlan 40

end

R7:

conf ter

int f0/1

sw acc vlan 10  //端口綁定

int f0/2

sw acc vlan 20

end

R8:

conf ter

int f0/1

sw acc vlan 30

int f0/2

sw acc vlan 40

exit

2)配置各個vlan的地址、配置vrrp和設定優先級

R5：

conf ter

int vlan 10

ip add 192.168.10.252 255.255.255.0

no shu

vrrp 10 ip 192.168.10.254  //創建vrrp，目標ip爲虛擬的網關

vrrp 10 pri 150     //設定優先級

vrrp 10 pre         //設置搶佔

exit

int vlan 20

ip add 192.168.20.252 255.255.255.0

no shu

vrrp 20 ip 192.168.20.254

vrrp 20 pri 150

vrrp 20 pre

exit

int vlan 30

ip add 192.168.30.252 255.255.255.0

no shu

vrrp 30 ip 192.168.30.254

vrrp 30 pri 100

vrrp 30 pre

exit

int vlan 40

ip add 192.168.40.252 255.255.255.0

no shu

vrrp 40 ip 192.168.40.254

vrrp 40 pri 100

vrrp 40 pre

exit

span vlan 10 pri 4096 //創建生成樹劃分優先級實現vlan10-20在R5爲主，vlan30-40在R5爲輔

span vlan 20 pri 4096

span vlan 30 pri 8192

span vlan 40 pri 8192

exit

R6:

conf ter

int vlan 10

ip add 192.168.10.253 255.255.255.0

no shu

vrrp 10 ip 192.168.10.254

vrrp 10 pri 100

vrrp 10 pre

exit

int vlan 20

ip add 192.168.20.253 255.255.255.0

no shu

vrrp 20 ip 192.168.20.254

vrrp 20 pri 100

vrrp 20 pre

exit

int vlan 30

ip add 192.168.30.253 255.255.255.0

no shu

vrrp 30 ip 192.168.30.254

vrrp 30 pri 150

vrrp 30 pre

exit

int vlan 40

ip add 192.168.40.253 255.255.255.0

no shu

vrrp 40 ip 192.168.40.254

vrrp 40 pri 150

vrrp 40 pre

exit

span vlan 10 pri 8192 //創建生成樹劃分優先級實現vlan10-20在R6爲輔，vlan30-40在R6爲主

span vlan 20 pri 8192

span vlan 30 pri 4096

span vlan 40 pri 4096

exit

3)配置核心層端口的ip地址並打開OSPF進行宣告

R1:

conf te

int lo 0

ip add 8.8.8.8 255.255.255.0

no shu

int f0/0

ip add 202.106.0.2 255.255.255.252

no shu

R2:

conf ter

int f1/0

ip add 202.106.0.1 255.255.255.252

no shu

int f0/0

ip add 192.168.15.2 255.255.255.0

no shu

int f0/1

ip add 192.168.16.2 255.255.255.0

no shu

exit

router os 100

default-information originate //實現默認路由的下放

net 192.168.15.0 0.0.0.255 ar 0

net 192.168.16.0 0.0.0.255 ar 0

exit

ip route 0.0.0.0 0.0.0.0 f1/0

R3:

conf ter

int f0/3

no sw

ip add 192.168.15.1 255.255.255.0

no shu

int f0/1

no sw

ip add 192.168.13.2 255.255.255.0

no shu

int f0/2

no sw

ip add 192.168.14.2 255.255.255.0

no shu

router os 100

net 192.168.13.0 0.0.0.255 ar 0

net 192.168.14.0 0.0.0.255 ar 0

net 192.168.15.0 0.0.0.255 ar 0

R4:

conf ter

int f0/1

no sw

ip add 192.168.23.2 255.255.255.0

no shu

int f0/2

no sw

ip add 192.168.24.2 255.255.255.0

no shu

int f0/4

no sw

ip add 192.168.16.1 255.255.255.0

no shu

exit

router os 100

net 192.168.23.0 0.0.0.255 ar 0

net 192.168.24.0 0.0.0.255 ar 0

net 192.168.16.0 0.0.0.255 ar 0

R5:

conf ter

int f0/5

no sw

ip add 192.168.13.1 255.255.255.0

no shu

int f0/6

no sw

ip add 192.168.23.1 255.255.255.0

no shu

router os 100

net 192.168.13.0 0.0.0.255 ar 0

net 192.168.23.0 0.0.0.255 ar 0

net 192.168.10.0 0.0.0.255 ar 1

net 192.168.20.0 0.0.0.255 ar 1

net 192.168.30.0 0.0.0.255 ar 1

net 192.168.40.0 0.0.0.255 ar 1

R6:

conf ter

int f0/5

no sw

ip add 192.168.14.1 255.255.255.0

no shu

int f0/6

no sw

ip add 192.168.24.1 255.255.255.0

no shu

exit

router os 100

net 192.168.14.0 0.0.0.255 ar 0

net 192.168.24.0 0.0.0.255 ar 0

net 192.168.10.0 0.0.0.255 ar 1

net 192.168.20.0 0.0.0.255 ar 1

net 192.168.30.0 0.0.0.255 ar 1

net 192.168.40.0 0.0.0.255 ar 1

4）端口NAT

R2:

conf ter

int f0/0

ip nat inside

int f0/1

ip nat inside

int f1/0

ip nat outside

exit

access-list 1 permit 192.168.0.0. 0.0.63.255  //acl摘出內網

ip nat inside source list 1 int f1/0 overload  //內網向外網轉換

5)測試和故障模擬

a)在vpc上設置pc機的ip地址

PC1：ip 192.168.10.2 192.168.10.254 24

PC2：ip 192.168.20.2 192.168.20.254 24

PC3：ip 192.168.30.2 192.168.30.254 24

PC4：ip 192.168.40.2 192.168.40.254 24

b)分別在PC1-4上ping 8.8.8.8

c)將R3，R4，R5，R6分別依次斷開模擬故障在PC4上ping 8.8.8.8

6)用到的命令

show run 查看配置

show vrrp b 查看vrrp中主備狀態

show vrrp all 查看vrrp的配置

show vlan-sw b 查看vlan

show ip route  查看路由

tracert ip     pc機跟蹤路由

sh             pc機查看配置