当前位置: 首页 > article >正文

项目2路由交换

背景

某学校为满足日常教学生活需求,推动数字校园的建设,学校有办公楼和学生宿舍楼和服务器集群三块区域,请合理规划IP地址和VLAN,实现企业内部能够互联互通现要求外网能通过公网地址访问服务器集群,学生和老师能正常上网。 要求配置VRRP+MSTP达成链路负载分担,解决单点故障问题。同时在出口路由器上实现NAT地址转换,使企业内部主机使用ISP提供的内部全局地址访问外网环境,提高网络整体的安全性。

实验拓扑

配置要求

(1)三种类型主机群分别在不同网段、不同 VLAN,实现 VLAN间通信,其中学生宿舍使用DHCP动态获取IP地址,办公楼和服务群采用静态IP地址;
(2)LSW1和LSW2为接入交换机,LSW3和LSW4为核心交换机,AR1为出口路由器;
(3)学生宿舍楼和办公楼属于MSTP实例1,VRRP主路由器为LSW3,备份路由器为LSW4;
(4)服务器群属于MSTP实例2,VRRP主路由器为 LSW4,备份路由器为 LSW3;
(5)使用LACP模式实现LSW3与LSW4的链路聚合,并设置2条活动链路,1条备份链路;
(6)外网服务器IP地址为100.100.100.100/24;
(7)合理规划核心交换机和路由器之间的互联地址;
(8)访问控制要求:内网访问外网映射为出口路由器接口
IP 地址。

实验配置

链路聚合

常规操作,改模式划分接口,改活动链路

划分vlan

创vlan,交换机相接trunk放行相关,与路由器相接按拓扑划分

V b 10 20 30 40 90

P l t

P t a v 10 20 30 40 90

MSTP

stp region-configuration

region-name hhh 

revision-level 1

instance 1 vlan 10 20

instance  2 vlan 90

active region-configuration

可以看到流量被正确引流至VRRP主设备

配置IP

依图配置,省略

VRRP设置

SW1为vlan10 20 主vlan90 备

OSPF配置

内网可通

DHCP配置

IP拿到地址dhcp中继正常

NAT配置

内网可通服务器

内网接口:nat server protocol tcp global  interface g 0/0/2(外网接口) 80  inside 192.168.2.12 80

acl 3000

rule 5 permit ip source 192.168.90.0 0.0.0.255 destination 100.100.100.0 80

nat outbound 3000

外网接口:nat server protocol tcp global current-interface 80 inside 192.168.90.1 www

静态映射绑定服务器80端口

全局配置

SW1

#

sysname SW1

#

vlan batch 10 20 30 40 90

#

stp instance 1 root primary

stp instance 2 root secondary

#

cluster enable

ntdp enable

ndp enable

#

drop illegal-mac alarm

#

dhcp enable

#

diffserv domain default

#

stp region-configuration

 region-name hhh

 revision-level 1

 instance 1 vlan 10 20

 instance 2 vlan 90

 active region-configuration

#

drop-profile default

#

aaa

 authentication-scheme default

 authorization-scheme default

 accounting-scheme default

 domain default

 domain default_admin

 local-user admin password simple admin

 local-user admin service-type http

#

interface Vlanif1

#

interface Vlanif10

 ip address 192.168.10.10 255.255.255.0

 vrrp vrid 10 virtual-ip 192.168.10.254

 vrrp vrid 10 priority 120

 vrrp vrid 10 track interface GigabitEthernet0/0/2 reduced 40

 dhcp select relay

 dhcp relay server-ip 192.168.30.2

 dhcp relay server-ip 192.168.40.2

#

interface Vlanif20

 ip address 192.168.20.10 255.255.255.0

 vrrp vrid 20 virtual-ip 192.168.20.254

 vrrp vrid 20 priority 120

 vrrp vrid 20 track interface GigabitEthernet0/0/2 reduced 40

#

interface Vlanif30

 ip address 192.168.30.1 255.255.255.252

#

interface Vlanif90

 ip address 192.168.90.10 255.255.255.0

 vrrp vrid 90 virtual-ip 192.168.90.254

#

interface MEth0/0/1

#

interface Eth-Trunk1

 port link-type trunk

 port trunk allow-pass vlan 10 20 30 40 90

 mode lacp-static

 max active-linknumber 2

#

interface GigabitEthernet0/0/1

 port link-type trunk

 port trunk allow-pass vlan 10 20 30 40 90

#

interface GigabitEthernet0/0/2

 port link-type access

 port default vlan 30

#

interface GigabitEthernet0/0/3

 port link-type trunk

 port trunk allow-pass vlan 10 20 30 40 90

#

interface GigabitEthernet0/0/4

#

interface GigabitEthernet0/0/5

#

interface GigabitEthernet0/0/6

#

interface GigabitEthernet0/0/7

#

interface GigabitEthernet0/0/8

#

interface GigabitEthernet0/0/9

#

interface GigabitEthernet0/0/10

#

interface GigabitEthernet0/0/11

#

interface GigabitEthernet0/0/12

#

interface GigabitEthernet0/0/13

#

interface GigabitEthernet0/0/14

#

interface GigabitEthernet0/0/15

#

interface GigabitEthernet0/0/16

#

interface GigabitEthernet0/0/17

#

interface GigabitEthernet0/0/18

#

interface GigabitEthernet0/0/19

#

interface GigabitEthernet0/0/20

#

interface GigabitEthernet0/0/21

#

interface GigabitEthernet0/0/22

 eth-trunk 1

#

interface GigabitEthernet0/0/23

 eth-trunk 1

#

interface GigabitEthernet0/0/24

 eth-trunk 1

#

interface NULL0

#

ospf 1

 area 0.0.0.1

  network 0.0.0.0 255.255.255.255

#

user-interface con 0

user-interface vty 0 4

#

return

SW2

#

sysname SW2

#

vlan batch 10 20 30 40 90

#

stp instance 1 root secondary

stp instance 2 root primary

#

cluster enable

ntdp enable

ndp enable

#

drop illegal-mac alarm

#

dhcp enable

#

diffserv domain default

#

stp region-configuration

 region-name hhh

 revision-level 1

 instance 1 vlan 10 20

 instance 2 vlan 90

 active region-configuration

#

drop-profile default

#

aaa

 authentication-scheme default

 authorization-scheme default

 accounting-scheme default

 domain default

 domain default_admin

 local-user admin password simple admin

 local-user admin service-type http

#

interface Vlanif1

#

interface Vlanif10

 ip address 192.168.10.11 255.255.255.0

 vrrp vrid 10 virtual-ip 192.168.10.254

 dhcp select relay

 dhcp relay server-ip 192.168.30.2

 dhcp relay server-ip 192.168.40.2

#

interface Vlanif20

 ip address 192.168.20.11 255.255.255.0

 vrrp vrid 20 virtual-ip 192.168.20.254

#

interface Vlanif40

 ip address 192.168.40.1 255.255.255.252

#

interface Vlanif90

 ip address 192.168.90.11 255.255.255.0

 vrrp vrid 90 virtual-ip 192.168.90.254

 vrrp vrid 90 priority 120

 vrrp vrid 90 track interface GigabitEthernet0/0/2 reduced 40

#

interface MEth0/0/1

#

interface Eth-Trunk1

 port link-type trunk

 port trunk allow-pass vlan 10 20 30 40 90

 mode lacp-static

 max active-linknumber 2

#

interface GigabitEthernet0/0/1

 port link-type trunk

 port trunk allow-pass vlan 10 20 30 40 90

#

interface GigabitEthernet0/0/2

 port link-type access

 port default vlan 40

#

interface GigabitEthernet0/0/3

 port link-type trunk

 port trunk allow-pass vlan 10 20 30 40 90

#

interface GigabitEthernet0/0/4

#

interface GigabitEthernet0/0/5

#

interface GigabitEthernet0/0/6

#

interface GigabitEthernet0/0/7

#

interface GigabitEthernet0/0/8

#

interface GigabitEthernet0/0/9

#

interface GigabitEthernet0/0/10

#

interface GigabitEthernet0/0/11

#

interface GigabitEthernet0/0/12

#

interface GigabitEthernet0/0/13

#

interface GigabitEthernet0/0/14

#

interface GigabitEthernet0/0/15

#

interface GigabitEthernet0/0/16

#

interface GigabitEthernet0/0/17

#

interface GigabitEthernet0/0/18

#

interface GigabitEthernet0/0/19

#

interface GigabitEthernet0/0/20

#

interface GigabitEthernet0/0/21

#

interface GigabitEthernet0/0/22

 eth-trunk 1

#

interface GigabitEthernet0/0/23

 eth-trunk 1

#

interface GigabitEthernet0/0/24

 eth-trunk 1

#

interface NULL0

#

ospf 1

 area 0.0.0.0

 area 0.0.0.2

  network 0.0.0.0 255.255.255.255

#

user-interface con 0

user-interface vty 0 4

#

return

SW3

#

sysname SW3

#

vlan batch 10 20 30 40 90

#

cluster enable

ntdp enable

ndp enable

#

drop illegal-mac alarm

#

diffserv domain default

#

stp region-configuration

 region-name hhh

 revision-level 1

 instance 1 vlan 10 20

 instance 2 vlan 90

 active region-configuration

#

drop-profile default

#

aaa

 authentication-scheme default

 authorization-scheme default

 accounting-scheme default

 domain default

 domain default_admin

 local-user admin password simple admin

 local-user admin service-type http

#

interface Vlanif1

#

interface MEth0/0/1

#

interface Ethernet0/0/1

 port link-type access

 port default vlan 10

#

interface Ethernet0/0/2

 port link-type access

 port default vlan 10

#

interface Ethernet0/0/3

 port link-type access

 port default vlan 20

#

interface Ethernet0/0/4

#

interface Ethernet0/0/5

#

interface Ethernet0/0/6

#

interface Ethernet0/0/7

#

interface Ethernet0/0/8

#

interface Ethernet0/0/9

#

interface Ethernet0/0/10

#

interface Ethernet0/0/11

#

interface Ethernet0/0/12

#

interface Ethernet0/0/13

#

interface Ethernet0/0/14

#

interface Ethernet0/0/15

#

interface Ethernet0/0/16

#

interface Ethernet0/0/17

#

interface Ethernet0/0/18

#

interface Ethernet0/0/19

#

interface Ethernet0/0/20

#

interface Ethernet0/0/21

#

interface Ethernet0/0/22

#

interface GigabitEthernet0/0/1

 port link-type trunk

 port trunk allow-pass vlan 10 20 30 40 90

#

interface GigabitEthernet0/0/2

 port link-type trunk

 port trunk allow-pass vlan 10 20 30 40 90

#

interface NULL0

#

user-interface con 0

user-interface vty 0 4

#

return

SW3

#
sysname SW3
#
vlan batch 10 20 30 40 90
#
cluster enable
ntdp enable
ndp enable
#
drop illegal-mac alarm
#
diffserv domain default
#
stp region-configuration
 region-name hhh
 revision-level 1
 instance 1 vlan 10 20
 instance 2 vlan 90
 active region-configuration
#
drop-profile default
#
aaa
 authentication-scheme default
 authorization-scheme default
 accounting-scheme default
 domain default
 domain default_admin
 local-user admin password simple admin
 local-user admin service-type http
#
interface Vlanif1
#
interface MEth0/0/1
#
interface Ethernet0/0/1
 port link-type access
 port default vlan 10
#
interface Ethernet0/0/2
 port link-type access
 port default vlan 10
#
interface Ethernet0/0/3
 port link-type access
 port default vlan 20
#
interface Ethernet0/0/4
#
interface Ethernet0/0/5
#
interface Ethernet0/0/6
#
interface Ethernet0/0/7
#
interface Ethernet0/0/8
#
interface Ethernet0/0/9
#
interface Ethernet0/0/10
#
interface Ethernet0/0/11
#
interface Ethernet0/0/12
#
interface Ethernet0/0/13
#
interface Ethernet0/0/14
#
interface Ethernet0/0/15
#
interface Ethernet0/0/16
#
interface Ethernet0/0/17
#
interface Ethernet0/0/18
#
interface Ethernet0/0/19
#
interface Ethernet0/0/20
#
interface Ethernet0/0/21
#
interface Ethernet0/0/22
#
interface GigabitEthernet0/0/1
 port link-type trunk
 port trunk allow-pass vlan 10 20 30 40 90
#
interface GigabitEthernet0/0/2
 port link-type trunk
 port trunk allow-pass vlan 10 20 30 40 90
#
interface NULL0
#
user-interface con 0
user-interface vty 0 4
#
return

SW4

#

sysname SW4

#

vlan batch 10 20 30 40 90

#

cluster enable

ntdp enable

ndp enable

#

drop illegal-mac alarm

#

diffserv domain default

#

stp region-configuration

 region-name hhh

 revision-level 1

 instance 1 vlan 10 20

 instance 2 vlan 90

 active region-configuration

#

drop-profile default

#

aaa

 authentication-scheme default

 authorization-scheme default

 accounting-scheme default

 domain default

 domain default_admin

 local-user admin password simple admin

 local-user admin service-type http

#

interface Vlanif1

#

interface MEth0/0/1

#

interface Ethernet0/0/1

 port link-type access

 port default vlan 90

#

interface Ethernet0/0/2

#

interface Ethernet0/0/3

#

interface Ethernet0/0/4

#

interface Ethernet0/0/5

#

interface Ethernet0/0/6

#

interface Ethernet0/0/7

#

interface Ethernet0/0/8

#

interface Ethernet0/0/9

#

interface Ethernet0/0/10

#

interface Ethernet0/0/11

#

interface Ethernet0/0/12

#

interface Ethernet0/0/13

#

interface Ethernet0/0/14

#

interface Ethernet0/0/15

#

interface Ethernet0/0/16

#

interface Ethernet0/0/17

#

interface Ethernet0/0/18

#

interface Ethernet0/0/19

#

interface Ethernet0/0/20

#

interface Ethernet0/0/21

#

interface Ethernet0/0/22

#

interface GigabitEthernet0/0/1

 port link-type trunk

 port trunk allow-pass vlan 10 20 30 40 90

#

interface GigabitEthernet0/0/2

 port link-type trunk

 port trunk allow-pass vlan 10 20 30 40 90

#

interface NULL0

#

user-interface con 0

user-interface vty 0 4

#

AR1


[V200R003C00]

#

 sysname AR1

#

 snmp-agent local-engineid 800007DB03000000000000

 snmp-agent

#

 clock timezone China-Standard-Time minus 08:00:00

#

portal local-server load flash:/portalpage.zip

#

 drop illegal-mac alarm

#

 wlan ac-global carrier id other ac id 0

#

 set cpu-usage threshold 80 restore 75

#

dhcp enable

#

ip pool 10

 gateway-list 192.168.10.254

 network 192.168.10.0 mask 255.255.255.0

 dns-list 8.8.8.8

#

aaa

 authentication-scheme default

 authorization-scheme default

 accounting-scheme default

 domain default

 domain default_admin

 local-user admin password cipher %$%$K8m.Nt84DZ}e#<0`8bmE3Uw}%$%$

 local-user admin service-type http

#

firewall zone Local

 priority 15

#

interface GigabitEthernet0/0/0

 ip address 192.168.30.2 255.255.255.252

 dhcp select global

#

interface GigabitEthernet0/0/1

 ip address 192.168.60.1 255.255.255.252

#

interface GigabitEthernet0/0/2

#

interface NULL0

#

ospf 1

 area 0.0.0.0

  network 192.168.60.0 0.0.0.255

 area 0.0.0.1

  network 192.168.30.0 0.0.0.255

#

user-interface con 0

 authentication-mode password

user-interface vty 0 4

user-interface vty 16 20

#

wlan ac

#

return

AR2

[V200R003C00]

#

 sysname AR2

#

 snmp-agent local-engineid 800007DB03000000000000

 snmp-agent

#

 clock timezone China-Standard-Time minus 08:00:00

#

portal local-server load flash:/portalpage.zip

#

 drop illegal-mac alarm

#

 wlan ac-global carrier id other ac id 0

#

 set cpu-usage threshold 80 restore 75

#

aaa

 authentication-scheme default

 authorization-scheme default

 accounting-scheme default

 domain default

 domain default_admin

 local-user admin password cipher %$%$K8m.Nt84DZ}e#<0`8bmE3Uw}%$%$

 local-user admin service-type http

#

firewall zone Local

 priority 15

#

interface GigabitEthernet0/0/0

 ip address 100.100.100.1 255.255.255.0

#

interface GigabitEthernet0/0/1

 ip address 192.168.60.2 255.255.255.252

#

interface GigabitEthernet0/0/2

 ip address 16.16.16.2 255.255.255.0

#

interface NULL0

#

user-interface con 0

 authentication-mode password

user-interface vty 0 4

user-interface vty 16 20

#

wlan ac

#

return

AR3

<AR3>DIS current-configuration

[V200R003C00]

#

 sysname AR3

#

 snmp-agent local-engineid 800007DB03000000000000

 snmp-agent

#

 clock timezone China-Standard-Time minus 08:00:00

#

portal local-server load flash:/portalpage.zip

#

 drop illegal-mac alarm

#

 wlan ac-global carrier id other ac id 0

#

 set cpu-usage threshold 80 restore 75

#

dhcp enable

#

acl number 2000 

 rule 5 permit source 192.168.10.0 0.0.0.255

 rule 10 permit source 192.168.20.0 0.0.0.255

 rule 15 permit source 192.168.90.0 0.0.0.255

#

acl number 3000 

 rule 5 permit ip source 192.168.90.0 0.0.0.255 destination 16.16.16.0 0.0.0.255



acl number 3001 

#

ip pool 10

 gateway-list 192.168.10.254

 network 192.168.10.0 mask 255.255.255.0

 dns-list 114.114.114.114

#

aaa

 authentication-scheme default

 authorization-scheme default

 accounting-scheme default

 domain default

 domain default_admin

 local-user admin password cipher %$%$K8m.Nt84DZ}e#<0`8bmE3Uw}%$%$

 local-user admin service-type http

#

firewall zone Local

 priority 15

#

interface GigabitEthernet0/0/0

 ip address 192.168.40.2 255.255.255.252

 dhcp select global

#

interface GigabitEthernet0/0/1

 ip address 192.168.60.2 255.255.255.252

#

interface GigabitEthernet0/0/2

 ip address 16.16.16.1 255.255.255.0

 nat outbound 2000

#

interface NULL0

#

ospf 1

 import-route static

 area 0.0.0.0

  network 16.16.16.0 0.0.0.255

  network 192.168.60.0 0.0.0.255

 area 0.0.0.2

  network 192.168.40.0 0.0.0.255

#

ip route-static 0.0.0.0 0.0.0.0 16.16.16.2

ip route-static 100.100.100.0 255.255.255.0 16.16.16.2

#

user-interface con 0

 authentication-mode password

user-interface vty 0 4

user-interface vty 16 20

#

wlan ac

#

return

总结

本项目用到了MSTP+VRRP架构实现上行链路负载分担相互备份,使用DHCP给终端分配地址,中间核心交换机采用链路聚合增加链路带宽,采用easy-IP进行上网


http://www.kler.cn/a/447849.html

相关文章:

  • 【Java基础面试题016】JavaObject类中有什么主要方法,作用是什么?
  • JavaScript 中的 `parseInt()` 函数详解
  • druid与pgsql结合踩坑记
  • 微信小程序开发入门
  • Docker_常用命令详解
  • 大腾智能CAD:国产云原生三维设计新选择
  • 米思齐图形化编程之ESP32开发指导
  • PostgreSQL表达式的类型
  • 晶闸管-直流电动机调速系统设计【MATLAB源码+Word文档】
  • 【系统移植】NFS服务器环境搭建——挂载根文件系统
  • Linux网络——网络套接字
  • java小知识点:比较器
  • 使用PyTorch实现GPT-2直接偏好优化训练:DPO方法改进及其与监督微调的效果对比
  • 机器学习(四)-回归模型评估指标
  • 【LeetCode】906、超级回文数
  • vue入门教程:组件透传 Attributes
  • c++领域展开第四幕——类和对象(上篇收尾 this指针、c++和c语言的初步对比)超详细!!!!
  • 如何使用PSQL Tool还原pg数据库(sql格式)
  • Kubernetes网络管理
  • 示波器--UNI-T 优利德 UT4102C 使用介绍
  • 前端面试:项目细节重难点问题分享(19)
  • 一步一步写线程之十六线程的安全退出之二例程
  • 2024年12月的《数据资产管理实践指南(7.0版)》解析
  • 使用Python构建个性化学习管理系统
  • javaEE-线程的常用方法-4
  • GIT与github的链接(同步本地与远程仓库)