百乐宫官网

如何组建一个小型企业网呢,来收藏此文章吧

百乐宫平台

In the past, I learned mathematics through some theoretical knowledge, which may be very boring. Today, through an experimental topology, the previous knowledge is connected in series. Consolidate. Please let me know if you have any shortcomings.

fe63facb219244698b97863e5b59ce99

The PC host obtains an IP address through DHCP. NAT is used to implement intranet access to the Internet. VRRP is used to implement virtual gateways to set VLAN 11 traffic from CE1->SW1->AR1-> Internet. VLAN 12 traffic is from CE2->SW2->AR1-> Internet.

Do basic configuration in SW1

1. Add G0/0/23 and G0/0/24 to e-trunk 1 on SW1 and configure e-trunk1 as trunk, allowing vlan11 and vlan12

[SW1]interface Eth-Trunk 1

[SW1-Eth-Trunk1]q

[SW1]interface GigabitEthernet 0/0/23

[SW1-GigabitEthernet0/0/23]eth-trunk 1

[SW1]interface GigabitEthernet 0/0/24

[SW1-GigabitEthernet0/0/24]eth-trunk 1

[SW1-Eth-Trunk1]port link-type trunk

[SW1-Eth-Trunk1]port trunk allow-pass vlan 11 to 12

xx

2.在SW1的G0/0/2和G0/0/3中配置为中继,允许vlan11和vlan12

[SW1] port-group group-member GigabitEthernet 0/0/2 to GigabitEthernet 0/0/3

[SW1-port-group]端口链路类型中继

[SW1-port-group]端口trunk允许传递vlan 11到12

在SW2中进行基本配置

1.将G0/0/23和G0/0/24添加到SW2上的e-trunk 1,并将e-trunk1配置为trunk,允许vlan11和vlan12

[SW2]接口Eth-Trunk 1

[SW2-ETH-TRUNK1]●

[SW2]接口GigabitEthernet 0/0/23

[SW2-GigabitEthernet0/0/23] eth-trunk 1

[SW2]接口GigabitEthernet 0/0/24

[SW2-GigabitEthernet0/0/24] eth-trunk 1

[SW2-Eth-Trunk1]端口链路类型中继

[SW2-Eth-Trunk1]端口trunk允许传递vlan 11到12

2.在SW0的G0/0/2和G0/0/3中配置为中继,允许vlan11和vlan12

[SW2] port-group group-member GigabitEthernet 0/0/2 to GigabitEthernet 0/0/3

[SW2-port-group]端口链路类型中继

[SW2-port-group]端口trunk允许传递vlan 11到12

在CE1上进行基本配置

1.在CE1上配置G1/0/1和G1/0/0作为中继,并允许vlan11和vlan12。

[* CE1] port-group group-member GigabitEthernet 1/0/0到GigabitEthernet 1/0/1

[* CE1-port-group]端口链路类型中继

[* CE1-port-group] port trunk allow-pass vlan 11 to 12

[* CE1-端口组]提交

2.在CE1上配置G1/0/2和G1/0/3接入,分别添加vlan11和vlan12。

[* CE1]接口GE 1/0/2

[* CE1-GE1/0/2]端口链路类型访问

[* CE1-GE1/0/2] port default vlan 11

[* CE1]接口GE 1/0/3

[* CE1-GE1/0/2]端口链路类型访问

[* CE1-GE1/0/2]端口默认vlan 12

[* CE1-GE1/0/2]提交

在CE2中进行基本配置

1.在CE2上配置G1/0/1和G1/0/0作为中继,并允许vlan11和vlan12。

[* CE2] port-group group-member GigabitEthernet 1/0/0 to GigabitEthernet 1/0/1

[* CE2-port-group]端口链路类型中继

[* CE2-port-group] port trunk allow-pass vlan 11 to 12

[* CE2-端口组]提交

2.在CE2上配置G1/0/2和G1/0/3接入,分别添加vlan11和vlan12。

[* CE2]接口GE 1/0/2

[* CE2-GE1/0/2]端口链路类型访问

[* CE2-GE1/0/2] port default vlan 11

[* CE2]接口GE 1/0/3

[* CE2-GE1/0/2]端口链路类型访问

[* CE2-GE1/0/2]端口默认vlan 12

[* CE2-GE1/0/2]提交

配置MSTP,VRRP和DHCP

在SW1,SW2,CE1和CE2上配置MSTP模式

[SW1] vlan批次11到12

[SW1] stp mode mstp

[SW1] stp实例11优先级4096#将SW1设置为vlan11的根交换机

[SW1] stp实例12优先级8192#将SW1设置为vlan12的根交换机

[SW1] stp region-configuration

[SW1-mst-region] region-name huawei

[SW1-mst-region]修订级别1

[SW1-mst-region]实例11 vlan 11

[SW1-mst-region]实例12 vlan 12

[SW1-mst-region]活动区域配置

在SW2上执行以下配置

[SW2] vlan批次11到12

[SW2] stp mode mstp

[SW2] stp实例11优先级8192#设置SW2作为vlan11的根交换机

[SW2] stp instance 12 priority 4096#设置SW2为vlan12的根交换机

[SW2] stp region-configuration

[SW2-mst-region] region-name huawei

[SW2-mst-region]修订级别1

[SW2-mst-region]实例11 vlan 11

[SW2-mst-region]实例12 vlan 12

[SW2-mst-region]活动区域配置

在CE1和CE2上执行以下操作

[* CE1] stp mode mstp

[* CE1] stp region-configuration

[* CE1-mst-region] region-name huawei

[* CE1-mst-region]修订级别1

[* CE1-mst-region]实例11 vlan 11

[* CE1-mst-region]实例12 vlan 12

[* CE1-MST-区域]提交

在SW1和SW2上配置DHCP地址池

[SW1] ip pool vlan11

[SW1-ip-pool-vlan11] gateway-list 192.168.11.1

[SW1-ip-pool-vlan11] network 192.168.11.0 mask 255.255.255.0

[SW1-ip-pool-vlan11] excluded-ip-address 192.168.11.200 192.168.11.254

[SW1-ip-pool-vlan11] dns-list 114.114.114.114

[SW1] ip pool vlan12

[SW1-ip-pool-vlan12] gateway-list 192.168.12.1

[SW1-ip-pool-vlan12] network 192.168.12.0 mask 255.255.255.0

[SW1-ip-pool-vlan12] excluded-ip-address 192.168.12.200 192.168.12.254

[SW1-ip-pool-vlan12] dns-list 114.114.114.114

SW2上的配置也类似,由于篇幅问题,这里就不贴配置了。

在SW1和SW2上配置VRRP

[SW1]界面Vlanif 11

[SW1-Vlanif11] ip地址192.168.11.254 255.255.255.0

[SW1-Vlanif11] vrrp vrid 11 virtual-ip 192.168.11.1

[SW1-Vlanif11] vrrp vrid 11 priority 111

[SW1-Vlanif11] dhcp select global

[SW1]界面Vlanif 12

[SW1-Vlanif12] ip地址192.168.12.254 255.255.255.0

[SW1-Vlanif12] vrrp vrid 12 virtual-ip 192.168.12.1

[SW1-Vlanif12] dhcp select global

#在SW2上配置

[SW2]界面Vlanif 11

XX[SW2-Vlanif11]ip address 192.168.11.254 255.255.255.0

[SW2-Vlanif11]vrrp vrid 11 virtual-ip 192.168.11.1

[SW2-Vlanif11]dhcp select global

[SW2]interface Vlanif 12

[SW2-Vlanif12]ip address 192.168.12.254 255.255.255.0

[SW2-Vlanif12]vrrp vrid 12 priority 111

[SW2-Vlanif12]vrrp vrid 12 virtual-ip 192.168.12.1

[SW2-Vlanif12]dhcp select global

配置内部网络通过NAT去访问互联网

AR1的g0/0/0是通过dhcp获取本机物理网卡实现上网,这一步可以参考之前的文章。

在SW1上做如下配置

[SW1]vlan 99

[SW1]interface Vlanif 99

[SW1-Vlanif99]ip address 192.168.99.100 255.255.255.0

[SW1]interface GigabitEthernet 0/0/1

xxxx[SW1-GigabitEthernet0/0/1]端口链路类型访问

[SW1-GigabitEthernet0/0/1]端口默认vlan 99

[SW1] ip route-static 0.0.0.0 0.0.0.0 192.168.99.103

在SW2上执行以下配置

[SW2] vlan 98

[SW2]界面Vlanif 98

[SW2-Vlanif98] ip地址192.168.98.100 255.255.255.0

[SW2]接口GigabitEthernet 0/0/1

[SW2-GigabitEthernet0/0/1]端口链路类型访问

[SW2-GigabitEthernet0/0/1]端口默认vlan 98

[SW2] ip route-static 0.0.0.0 0.0.0.0 192.168.98.103

在AR1上执行以下配置

[AR1] interface GigabitEthernet 0/0/1

[AR1-GigabitEthernet0/0/1] ip address 192.168.99.103 255.255.255.0

[AR1] interface GigabitEthernet 0/0/2

[AR1-GigabitEthernet0/0/2] ip address 192.168.98.103 255.255.255.0

[AR1] nat address-group 1 192.168.35.202 192.168.35.205

[AR1] interface GigabitEthernet 0/0/0

[AR1-GigabitEthernet0/0/0] nat outbound 2000 address-group 1

VLAN 11流量来自CE1-> SW1-> AR1->互联网。

803ce8807f244747908cb594c8557047

来自CE2-> SW2-> AR1->因特网

的VLAN 12流量

58362247acd944c38862c554a046a73b

通过NAT方法实现对Internet的Intranet访问

9f96a31fb72549a599d050dab0de8d03

该实验拓扑留下的一个问题是当核心SW1或SW2中的一个切换到AR1的链路时,存在不能访问因特网的vlan流量。我希望上帝能说出下面的信息。