The network topology of a well-known enterprise and operator is as follows:
The enterprise project should be as follows:
Experimental requirements:
1. As shown in the figure, the blue area is the enterprise intranet, and the red area is the supply Business network;
2. Run MSTP protocol to make VLAN traffic load balance;
3.SW1 is the main gateway of vlan 10 and 20, SW1 is the backup gateway of 30 and 40;
4.SW2 is vlan The main gateway of 30 and 40, SW2 is the backup gateway of 10 and 20;
5. The DHCP server is on vlan 66, and the gateway is on SW2;
6. The enterprise intranet runs static routing protocol or OSPF routing protocol; br>7. All PCs automatically obtain IP addresses and can ping each other with Server1;
8. Client1 can only access the www service of Server1;
9. Enterprise intranet devices are only allowed to be remotely managed by the IT department.
Step 1: Configure the basic network;
SW1 is configured as follows:
sysname SW1
vlan batch 10 20 30 40 66 100
interface GigabitEthernet 0/0 /1
port link-type trunk
port trunk allow-pass vlan all
interface GigabitEthernet 0/0/2
port link-type trunk
port trunk allow-pass vlan all
interface GigabitEthernet 0/0/3
port link-type trunk
port trunk allow-pass vlan all
interface GigabitEthernet 0/0/4
port link-type access
port default vlan 100
interface Vlanif 100
ip address 192.168.100.2 24
interface Vlanif 66
ip address 192.168.66.251 24
quit
SW2 configuration is as follows:
sysname SW2
vlan batch 10 20 30 40 66 200
interface GigabitEthernet 0/0/1
port link-type trunk
port trunk allow-pass vlan all
interface GigabitEthernet 0/0/2
port link-type trunk
port trunk allow-pass vlan all
interface GigabitEthernet 0/0/3
port link-type trunk
port trunk allow-pass vlan all
interface GigabitEthernet 0/0 /4
port link-type access
port default vlan 200
in terface Vlanif 200
ip address 192.168.200.2 24
interface GigabitEthernet 0/0/5
port link-type access
port default vlan 66
interface Vlanif 66
ip address 192.168. 66.252 24
quit
SW3 configuration is as follows
sysname SW3
vlan batch 10 20 30 40
interface Ethernet0/0/1
port link-type trunk
port trunk allow- pass vlan all
interface Ethernet0/0/2
port link-type trunk
port trunk allow-pass vlan all
interface Ethernet0/0/3
port link-type access
port default vlan 10
interface Ethernet0/0/4
port link-type access
port default vlan 20
interface Ethernet0/0/5
port link-type trunk
port trunk allow-pass vlan all
quit
SW4 is configured as follows:
sysname SW4
vlan batch 10 20 30 40
interface Ethernet0/0/1
port link-type trunk
port trunk allow-pass vlan all
interface Ethernet0/0/2
port link-type trunk
port trunk allow-pass vlan all
interface Ethernet0/0/3
port link-type access
port default vlan 30
interface Ethernet0/0/4
port li nk-type access
port default vlan 40
interface Ethernet0/0/5
port link-type trunk
port trunk allow-pass vlan all
quit
R1 configuration is as follows:< br>sysname R1
interface g0/0/0
ip address 192.168.100.1 24
interface g0/0/1
ip address 192.168.200.1 24
interface g0/0/2 < br>ip address 100.1.1.2 24
quit
R2 is configured as follows:
sysname R2
interface g0/0/0
ip address 100.1.1.1 24
interface g0/0/ 1
ip address 200.1.1.254 24
quit
DHCP
sysname DHCP
dhcp enable
interface g0/0/0
ip address 192.168.66.1 24
quit
Step 2: Configure the access layer network;
Configure STP
SW1
stp region-configuration
region-name ntd
instance 12 vlan 10 20
instance 34 vlan 30 40
active region-configuration
quit
stp instance 12 priority 4096
stp instance 34 priority 8192
SW2
stp region-configuration < br>region-name ntd
instance 12 vlan 10 20
instance 34 vlan 30 40
active region-configuration
quit
stp instance 12 priority 8192
stp instance 34 pri ority 4096
SW3
stp region-configuration
region-name ntd
instance 12 vlan 10 20
instance 34 vlan 30 40
active region-configuration
quit
SW4
stp region-configuration
region-name ntd
instance 12 vlan 10 20
instance 34 vlan 30 40
active region-configuration
quit
第Three steps: Configure the convergence layer network;
Configure VRRP
SW1
interface Vlanif10
ip address 192.168.10.251 255.255.255.0
vrrp vrid 10 virtual-ip 192.168.10.250< br>vrrp vrid 10 priority 200
interface Vlanif20
ip address 192.168.20.251 255.255.255.0
vrrp vrid 20 virtual-ip 192.168.20.250
vrrp vrid 20 priority 200
interface Vlanif30
ip address 192.168.30.251 255.255.255.0
vrrp vrid 30 virtual-ip 192.168.30.250
interface Vlanif40
ip address 192.168.40.251 255.255.255.0
vrrp vrid 40 virtual-ip 192.168.40.250< br>SW2
interface Vlanif10
ip address 192.168.10.252 255.255.255.0
vrrp vrid 10 virtual-ip 192.168.10.250
interface Vlanif20
ip address 192.168.20.252 2 55.255.255.0
vrrp vrid 20 virtual-ip 192.168.20.250
interface Vlanif30
ip address 192.168.30.252 255.255.255.0
vrrp vrid 30 virtual-ip 192.168.30.250
vrrp vrid 30 priority 200
interface Vlanif40
ip address 192.168.40.252 255.255.255.0
vrrp vrid 40 virtual-ip 192.168.40.250
vrrp vrid 40 priority 200
Verify to view VRRP configuration:
SW1< br>
SW2
Configure DHCP
SW1
dhcp enable
interface Vlanif 10
dhcp select relay
dhcp relay server-ip 192.168.66.1
interface Vlanif 20
dhcp select relay
dhcp relay server-ip 192.168.66.1
interface Vlanif 30
dhcp select relay
dhcp relay server-ip 192.168.66.1
interface Vlanif 40
dhcp select relay
dhcp relay server-ip 192.168.66.1
SW2
dhcp enable
interface Vlanif 10
dhcp select relay
dhcp relay server-ip 192.168.66.1
interface Vlanif 20
dhcp select relay
dhcp relay server-ip 192.168.66.1
interface Vlanif 30
dhcp select relay
dhcp relay server-ip 192.168 .66.1
interface Vlanif 40
dhcp select relay
dhcp relay server-ip 192.168.66.1
Configure DHCP
SW1
dhcp enable
interface Vlanif 10
dhcp select relay
dhcp relay server-ip 192.168.66.1
interface Vlanif 20
dhcp select relay
dhcp relay server-ip 192.168.66.1
interface Vlanif 30
dhcp select relay
dhcp relay server-ip 192.168.66.1
interface Vlanif 40
dhcp select relay
dhcp relay server-ip 192.168.66.1
SW2
dhcp enable
interface Vlanif 10
dhcp select relay
dhcp relay server-ip 192.168.66.1
interface Vlanif 20
dhcp select relay
dhcp relay server-ip 192.168.66.1
interface Vlanif 30
dhcp select relay
dhcp relay server-ip 192.168.66.1
interface Vlanif 40
dhcp select relay
dhcp relay server-ip 192.168.66.1
DHCP
interfa ce g0/0/0
dhcp select global
ip pool p1
gateway-list 192.168.10.250
network 192.168.10.0 mask 255.255.255.0
excluded-ip-address 192.168.10.251 192.168 .10.252
dns-list 8.8.8.8
ip pool p2
gateway-list 192.168.20.250
network 192.168.20.0 mask 255.255.255.0
excluded-ip-address 192.168.20.251 192.168. 20.252
dns-list 8.8.8.8
ip pool p3
gateway-list 192.168.30.250
network 192.168.30.0 mask 255.255.255.0
excluded-ip-address 192.168.30.251 192.168.30.252
dns-list 8.8.8.8
ip pool p4
gateway-list 192.168.40.250
network 192.168.40.0 mask 255.255.255.0
excluded-ip-address 192.168.40.251 192.168.40.252 < br>dns-list 8.8.8.8
Step 4: Configure the core network;
Configure OSPF
R1 configuration:
ospf 1
area 0< br>network 192.168.100.0 0.0.0.255
network 192.168.200.0 0.0.0.255
default-route-advertise always
quit
quit
ip route-static 0.0.0.0 0.0.0.0 100.1 .1.1
SW1 configuration:
ospf 1
area 0
network 192.168.100.0 0.0.0.255
area 10< br>network 192.168.10.0 0.0.0.255
area 20
network 192.168.20.0 0.0.0.255
area 30
network 192.168.30.0 0.0.0.255
area 40
network 192.168. 40.0 0.0.0.255
area 66
network 192.168.66.0 0.0.0.255
stub no-summary
quit
quit
SW2 configuration:
ospf 1
area 0
network 192.168.10.0 0.0.0.255
area 10
network 192.168.10.0 0.0.0.255
area 20
network 192.168.20.0 0.0.0.255
area 30
network 192.168 .30.0 0.0.0.255
area 40
network 192.168.40.0 0.0.0.255
area 66
network 192.168.66.0 0.0.0.255
stub no-summary
quit
quit
stp instance 0 root primary
DHCP
ospf 1
area 66
network 192.168.66.0 0.0.0.255
stub
quit
quit
Configure NAT and ACL
R1
acl number 3000
rule 10 permit tcp source 192.168.20.0 0.0.0.255 destination 200.1.1.1 0 destin
ation-port eq www
rule 15 deny ip source 192.168.20.0 0.0.0.255 destination 200.1.1.1 0
rule 20 permit ip
interface GigabitEthernet0/0/2
nat outbound 3000
acl number 2000
rule 10 permit source 192.168.10.0 0.0.0.255
interface GigabitEthernet0/0/2
acl 2000 inbound
quit
user-interface vty 0 4
acl 2000 inbound
authentication-mode password
123
user privilege level 15
Step 5: Perform verification.
Verify that the PC automatically obtains the IP address and can ping the server1 server:
Verify that Client1 can access the www service of Server1, but cannot ping the server
< pre>The project is configured and verified successfully. . . . . .