拓扑如下:
业务简介:
总部
交换机使用标准生成树协议
SW1为10.1.100.0/24和10.1.200.0/24网段的根,SW2为备份根
SW2为10.1.101.0/24网段的根,SW1为备份根
在连接终端的接口部署portfast特性;
划分四个vlan,为两个部门、一个服务集群、以及一个SVI接口服务;
其中SW1为 VTP Server,其它两台为 Client,VTP域名为QCNA,密码为 qytang.com;
两台核心交换机通过二层以太通道相连,使用HSRP为下联业务网段提供透明的网关冗余服务;
两台核心交换机使用 SVI 接口做三层互联,与网关路由器(R1)使用物理接口做三层互联;
网关路由器为DHCP服务器,核心交换机为DHCP中继代理,使用DHCP为Server1指派固定IP地址10.1.200.100/24;
核心交换机和网关路由器之间使用OSPF作为动态路由协议,创建环回口(10.1.255.X/32)做为OSPF的router-id,并由网关路由器对内下发默认路由;
网关路由器使用S1/0与运营商专线相连,使用用户名HQ和密码cisco与ISP做CHAP认证;
网关路由器使用e0/0接口与ISP做专线互联,部署PPPoE,使用用户名HQ和密码cisco与ISP做CHAP认证;
网关路由器做NAT,为私网主机提供互联网访问服务;
在两个连接互联网的接口上部署浮动静态路由,主要走PPPoE链路;
分支
交换机使用标准生成树协议,在连接终端的接口部署portfast特性;
划分两个vlan,为两个部门服务;
网关路由器做单臂路由,为两个部门服务;
网关路由器做NAT,为私网主机提供互联网访问服务;
使用专线与ISP连接;
总体规划
总部和分支之间使用GRE隧道技术建立简单的×××,并能够根据浮动静态路由实现冗余(做两个隧道);
允许总部的10.1.100.0/24网段通过×××访问 Server 2;
禁止总部的10.1.101.0/24网段通过×××访问 Server 2;
允许分支的10.2.100.0/24网段通过×××访问Server 1 的Web业务;
禁止分支的10.2.100.0/24网段通过×××访问Server 1 的所有其它业务;
总部和分支的网关路由器通过GRE隧道做OSPF动态路由协议;
实战部署:
配置总部交换机的trunk
SW1(config)#interface range e0/3,e1/2-3
SW1(config-if-range)#switchport trunk encapsulation dot1q
SW1(config-if-range)#switchport mode trunk
SW2(config)#interface range e1/0,e1/2-3
SW2(config-if-range)# switchport trunk encapsulation dot1q
SW2(config-if-range)# switchport mode trunk
SW3(config)#interface range e0/3,e1/0
SW3(config-if-range)# switchport trunk encapsulation dot1q
SW3(config-if-range)# switchport mode trunk
配置总部交换机的以太通道
SW1(config)#interface range e1/2-3
SW1(config-if-range)#shutdown
SW2(config)#interface range e1/2-3
SW2(config-if-range)#shutdown
SW1(config-if-range)#channel-group 12 mode on
Creating a port-channel interface Port-channel 12
SW2(config-if-range)#channel-group 12 mode on
Creating a port-channel interface Port-channel 12
SW1(config-if-range)#no shutdown
SW2(config-if-range)#no shutdown
验证: SW1SW2SW3
SW1#show interfaces trunk
Port Mode Encapsulation Status Native vlan
Et0/3 on 802.1q trunking 1
Po12 on 802.1q trunking 1
Port Vlans allowed on trunk
Et0/3 1-4094
Po12 1-4094
Port Vlans allowed and active in management domain
Et0/3 1
Po12 1
Port Vlans in spanning tree forwarding state and not pruned
Et0/3 1
Po12 1
SW1#show etherchannel summary
Flags: D - down P - bundled in port-channel
I - stand-alone s - suspended
H - Hot-standby (LACP only)
R - Layer3 S - Layer2
U - in use N - not in use, no aggregation
f - failed to allocate aggregator
M - not in use, minimum links not met
m - not in use, port not aggregated due to minimum links not met
u - unsuitable for bundling
w - waiting to be aggregated
d - default port
A - formed by Auto LAG
Number of channel-groups in use: 1
Number of aggregators: 1
Group Port-channel Protocol Ports
------+-------------+-----------+-----------------------------------------------
12 Po12(SU) - Et1/2(P) Et1/3(P)
配置总部交换机的VTP
SW1(config)#vtp mode server
Device mode already VTP Server for VLANS.
SW1(config)#vtp password qytang.com
Setting device VTP password to qytang.com
SW1(config)#vtp domain QCNA
Changing VTP domain name from NULL to QCNA
*Oct 22 07:23:21.865: %SW_VLAN-6-VTP_DOMAIN_NAME_CHG: VTP domain name changed to QCNA.
SW2(config)#vtp mode client
Setting device to VTP Client mode for VLANS.
SW2(config)#vtp password qytang.com
Setting device VTP password to qytang.com
SW3(config)#vtp mode client
Setting device to VTP Client mode for VLANS.
SW3(config)#vtp password qytang.com
Setting device VTP password to qytang.com
配置VLAN:
SW1(config)#vlan 100
SW1(config-vlan)#vlan 101
SW1(config-vlan)#vlan 200
SW1(config-vlan)#vlan 12
// 其中:vlan 100服务于 10.1.100.0/24网段;vlan101服务于 10.1.101.0/24网段;vlan200服务于 10.1.200.0/24网段;vlan12服务于SW1和SW2之间互联;//
验证:
SW1#show vtp status
VTP Version capable : 1 to 3
VTP version running : 1
VTP Domain Name : QCNA
VTP Pruning Mode : Disabled
VTP Traps Generation : Disabled
Device ID : aabb.cc80.4000
Configuration last modified by 0.0.0.0 at 10-22-18 07:33:56
Local updater ID is 0.0.0.0 (no valid interface found)
Feature VLAN:
--------------
VTP Operating Mode : Server
Maximum VLANs supported locally : 1005
Number of existing VLANs : 9
Configuration Revision : 4
MD5 digest : 0x21 0x09 0xA2 0xA4 0xEF 0xEE 0xBF 0xFE
0xE0 0xC8 0xA3 0x0A 0x5B 0x83 0x28 0xE1
SW2#show vtp status
VTP Version capable : 1 to 3
VTP version running : 1
VTP Domain Name : QCNA
VTP Pruning Mode : Disabled
VTP Traps Generation : Disabled
Device ID : aabb.cc80.5000
Configuration last modified by 0.0.0.0 at 10-22-18 07:33:56
Feature VLAN:
--------------
VTP Operating Mode : Client
Maximum VLANs supported locally : 1005
Number of existing VLANs : 9
Configuration Revision : 4
MD5 digest : 0x21 0x09 0xA2 0xA4 0xEF 0xEE 0xBF 0xFE
0xE0 0xC8 0xA3 0x0A 0x5B 0x83 0x28 0xE1
SW3#show vtp status
VTP Version capable : 1 to 3
VTP version running : 1
VTP Domain Name : QCNA
VTP Pruning Mode : Disabled
VTP Traps Generation : Disabled
Device ID : aabb.cc80.6000
Configuration last modified by 0.0.0.0 at 10-22-18 07:33:56
Feature VLAN:
--------------
VTP Operating Mode : Client
Maximum VLANs supported locally : 1005
Number of existing VLANs : 9
Configuration Revision : 4
MD5 digest : 0x21 0x09 0xA2 0xA4 0xEF 0xEE 0xBF 0xFE
0xE0 0xC8 0xA3 0x0A 0x5B 0x83 0x28 0xE1
配置生成树:
SW1(config)#spanning-tree vlan 100,200 priority 0
SW1(config)#spanning-tree vlan 101 priority 4096
SW2(config)#spanning-tree vlan 100,200 priority 4096
SW2(config)#spanning-tree vlan 101 priority 0
SW1(config)#spanning-tree portfast default
%Warning: this command enables portfast by default on all interfaces. You
should now disable portfast explicitly on switched ports leading to hubs,
switches and bridges as they may create temporary bridging loops.
SW2(config)#spanning-tree portfast default
%Warning: this command enables portfast by default on all interfaces. You
should now disable portfast explicitly on switched ports leading to hubs,
switches and bridges as they may create temporary bridging loops.
SW3(config)#spanning-tree portfast default
%Warning: this command enables portfast by default on all interfaces. You
should now disable portfast explicitly on switched ports leading to hubs,
switches and bridges as they may create temporary bridging loops.
将接口指派到VLAN:
将PC1、PC2、Server1的e0/0接口开启,在交换机上通过CDP发现终端所连接的接口;
SW3#show cdp neighbors //在接入交换机上查看CDP邻居信息,并根据内容将接口指派到VLAN
Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge
S - Switch, H - Host, I - IGMP, r - Repeater, P - Phone,
D - Remote, C - CVTA, M - Two-port Mac Relay
Device ID Local Intrfce Holdtme Capability Platform Port ID
Server1 Eth 0/2 135 R Linux Uni Eth 0/0
PC2 Eth 0/1 173 R Linux Uni Eth 0/0
PC1 Eth 0/0 158 R Linux Uni Eth 0/0
SW1 Eth 0/3 169 R S I Linux Uni Eth 0/3
SW2 Eth 1/0 154 R S I Linux Uni Eth 1/0
Total cdp entries displayed : 5
SW3(config)#interface range e0/0-2
SW3(config-if-range)#switchport mode access
SW3(config-if-range)#interface e0/0
SW3(config-if)#switchport access vlan 100
SW3(config-if)#interface e0/1
SW3(config-if)#switchport access vlan 101
SW3(config-if)#interface e0/2
SW3(config-if)#switchport access vlan 200
验证:
SW3#show vlan brief
VLAN Name Status Ports
---- -------------------------------- --------- -------------------------------
1 default active Et1/1, Et1/2, Et1/3
12 VLAN0012 active
100 VLAN0100 active Et0/0
101 VLAN0101 active Et0/1
200 VLAN0200 active Et0/2
1002 fddi-default act/unsup
1003 token-ring-default act/unsup
1004 fddinet-default act/unsup
1005 trnet-default act/unsup
配置核心交换机之间互联
SW1(config)#interface vlan 12
SW1(config-if)#ip address 10.1.112.1 255.255.255.0
SW1(config-if)#no shutdown
SW2(config)#interface vlan 12
SW2(config-if)#ip address 10.1.112.2 255.255.255.0
SW2(config-if)#no shutdown
验证与测试:
SW2#show ip interface brief vlan12
Interface IP-Address OK? Method Status Protocol
Vlan12 10.1.112.2 YES manual up up
SW2#ping 10.1.112.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.1.112.1, timeout is 2 seconds:
.!!!!
Success rate is 80 percent (4/5), round-trip min/avg/max = 1/1/1 ms
配置核心交换机与网关路由器的互联:
R1(config)#interface e0/1
R1(config-if)#ip address 10.1.11.1 255.255.255.0
R1(config-if)#no shutdown
R1(config-if)#interface e0/2
R1(config-if)#ip address 10.1.12.1 255.255.255.0
R1(config-if)#no shutdown
SW1(config)#interface e0/1
SW1(config-if)#no switchport
SW1(config-if)#ip address 10.1.11.2 255.255.255.0
SW2(config)#interface e0/2
SW2(config-if)#no switchport
SW2(config-if)#ip address 10.1.12.2 255.255.255.0
测试:
R1#ping 10.1.11.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.1.11.2, timeout is 2 seconds:
.!!!!
Success rate is 80 percent (4/5), round-trip min/avg/max = 1/1/2 ms
R1#ping 10.1.12.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.1.12.2, timeout is 2 seconds:
.!!!!
Success rate is 80 percent (4/5), round-trip min/avg/max = 1/1/1 ms
在核心交换机上创建SVI接口为业务网段服务:
SW1(config-if)#interface vlan 100
SW1(config-if)#ip address 10.1.100.252 255.255.255.0
SW1(config-if)#no shutdown
SW1(config-if)#interface vlan 101
SW1(config-if)#ip address 10.1.101.252 255.255.255.0
SW1(config-if)#no shutdown
SW1(config-if)#interface vlan 200
SW1(config-if)#ip address 10.1.200.252 255.255.255.0
SW1(config-if)#no shutdown
SW2(config-if)#interface vlan 100
SW2(config-if)#ip address 10.1.100.253 255.255.255.0
SW2(config-if)#no shutdown
SW2(config-if)#interface vlan 101
SW2(config-if)#ip address 10.1.101.253 255.255.255.0
SW2(config-if)#no shutdown
SW2(config-if)#interface vlan 200
SW2(config-if)#ip address 10.1.200.253 255.255.255.0
SW2(config-if)#no shutdown
验证:
SW1#show ip interface brief | include Vlan
Vlan12 10.1.112.1 YES manual up up
Vlan100 10.1.100.252 YES manual up up
Vlan101 10.1.101.252 YES manual up up
Vlan200 10.1.200.252 YES manual up up
SW2#show ip interface brief | include Vlan
Vlan12 10.1.112.2 YES manual up up
Vlan100 10.1.100.253 YES manual up up
Vlan101 10.1.101.253 YES manual up up
Vlan200 10.1.200.253 YES manual up up
配置总部的动态路由协议OSPF
R1(config)#interface loopback 0
R1(config-if)#ip address 10.1.255.1 255.255.255.255
R1(config-if)#ip ospf 110 area 0
R1(config)#interface e0/1
R1(config-if)#ip ospf 110 area 0
R1(config-if)#interface e0/2
R1(config-if)#ip ospf 110 area 0
R1(config)#router ospf 110
R1(config-router)#default-information originate //此命令的验证现象需要做完互联网接入才有效果//
SW1(config)#interface loopback 0
SW1(config-if)#ip address 10.1.255.11 255.255.255.255
SW1(config-if)#interface e0/1
SW1(config-if)#ip ospf 110 area 0
SW1(config-if)#interface vlan 12
SW1(config-if)#ip ospf 110 area 0
SW1(config-if)#interface vlan 100
SW1(config-if)#ip ospf 110 area 0
SW1(config-if)#interface vlan 101
SW1(config-if)#ip ospf 110 area 0
SW1(config-if)#interface vlan 200
SW1(config-if)#ip ospf 110 area 0
SW2(config)#interface loopback 0
SW2(config-if)#ip address 10.1.255.22 255.255.255.255
SW2(config-if)#interface e0/2
SW2(config-if)#ip ospf 110 area 0
SW2(config-if)#interface vlan 100
SW2(config-if)#ip ospf 110 area 0
SW2(config-if)#interface vlan 101
SW2(config-if)#ip ospf 110 area 0
SW2(config-if)#ip ospf 110 area 0
SW2(config-if)#interface vlan 200
SW2(config-if)#ip ospf 110 area 0
SW2(config-if)#interface vlan 12
SW2(config-if)#ip ospf 110 area 0
SW1(config)#router ospf 110
SW1(config-router)#passive-interface vlan 100
SW1(config-router)#passive-interface vlan 101
SW1(config-router)#passive-interface vlan 200
SW2(config)#router ospf 110
SW2(config-router)#passive-interface vlan 100
SW2(config-router)#passive-interface vlan 101
SW2(config-router)#passive-interface vlan 200
验证:
R1#show ip ospf neighbor
Neighbor ID Pri State Dead Time Address Interface
10.1.255.22 1 FULL/DR 00:00:38 10.1.12.2 Ethernet0/2
10.1.255.11 1 FULL/DR 00:00:37 10.1.11.2 Ethernet0/1
R1#show ip route ospf | begin Gateway
Gateway of last resort is not set
10.0.0.0/8 is variably subnetted, 9 subnets, 2 masks
O 10.1.100.0/24 [110/11] via 10.1.12.2, 00:09:39, Ethernet0/2
[110/11] via 10.1.11.2, 00:11:04, Ethernet0/1
O 10.1.101.0/24 [110/11] via 10.1.12.2, 00:09:29, Ethernet0/2
[110/11] via 10.1.11.2, 00:10:03, Ethernet0/1
O 10.1.112.0/24 [110/11] via 10.1.12.2, 00:10:54, Ethernet0/2
[110/11] via 10.1.11.2, 00:11:04, Ethernet0/1
O 10.1.200.0/24 [110/11] via 10.1.12.2, 00:09:29, Ethernet0/2
[110/11] via 10.1.11.2, 00:10:03, Ethernet0/1
配置网关冗余协议: HSRP
SW1(config)#interface vlan 100
SW1(config-if)#standby 100 ip 10.1.100.254
SW1(config-if)#standby 100 priority 200
SW1(config)#interface vlan 101
SW1(config-if)#standby 101 ip 10.1.101.254
SW1(config-if)#standby 101 priority 150
SW1(config)#interface vlan 200
SW1(config-if)#standby 200 ip 10.1.200.254
SW2(config)#interface vlan 100
SW2(config-if)#standby 100 ip 10.1.100.254
SW2(config-if)#standby 100 priority 150
SW2(config)#interface vlan 101
SW2(config-if)#standby 101 ip 10.1.101.254
SW2(config-if)#standby 101 priority 200
SW2(config)#interface vlan 200
SW2(config-if)#standby 200 ip 10.1.200.254
验证:
SW1#show standby brief
P indicates configured to preempt.
|
Interface Grp Pri P State Active Standby Virtual IP
Vl100 100 200 Active local 10.1.100.253 10.1.100.254
Vl101 101 150 Standby 10.1.101.253 local 10.1.101.254
Vl200 200 100 Standby 10.1.200.253 local 10.1.200.254
SW2#show standby brief
P indicates configured to preempt.
|
Interface Grp Pri P State Active Standby Virtual IP
Vl100 100 150 Standby 10.1.100.252 local 10.1.100.254
Vl101 101 200 Active local 10.1.101.252 10.1.101.254
Vl200 200 100 Active local 10.1.200.252 10.1.200.254
配置DHCP服务:
R1(config)#ip dhcp pool vlan100
R1(dhcp-config)#network 10.1.100.0 /24
R1(dhcp-config)#default-router 10.1.100.254
R1(dhcp-config)#ip dhcp pool vlan101
R1(dhcp-config)#network 10.1.101.0 /24
R1(dhcp-config)#default-router 10.1.101.254
R1(dhcp-config)#ip dhcp pool vlan200
R1(dhcp-config)#host 10.1.200.100 /24
R1(dhcp-config)#default-router 10.1.200.254
R1(dhcp-config)#client-identifier 01aabb.cc00.b000
配置DHCP中继
SW1(config)#interface vlan 100
SW1(config-if)#ip helper-address 10.1.255.1
SW1(config-if)#interface vlan 101
SW1(config-if)#ip helper-address 10.1.255.1
SW1(config-if)#interface vlan 200
SW1(config-if)#ip helper-address 10.1.255.1
SW2(config)#interface vlan 100
SW2(config-if)#ip helper-address 10.1.255.1
SW2(config-if)#interface vlan 101
SW2(config-if)#ip helper-address 10.1.255.1
SW2(config-if)#interface vlan 200
SW2(config-if)#ip helper-address 10.1.255.1
配置客户端
PC1(config)#interface e0/0
PC1(config-if)#ip address dhcp
PC2(config)#interface e0/0
PC2(config-if)#ip address dhcp
Server1(config)#interface e0/0
Server1(config-if)#ip address dhcp client-id e0/0
*Oct 22 08:54:01.377: %DHCP-6-ADDRESS_ASSIGN: Interface Ethernet0/0 assigned DHCP address 10.1.200.100, mask 255.255.255.0, hostname Server1
- 上一篇:思科C3750端口汇聚聚合
- 下一篇:思科交换机DHCP配置命令
请立即点击咨询我们或拨打咨询热线: 17804441181,我们会详细为你一一解答你心中的疑难。项目经理在线
客服1 