要求设计:
1、公司有三个部门,为确保通信安全,每个部门都处于独立的广播域
2、Vlan40为外来人员所在的Vlan,此vlan中的主机只能访问DHCP服务器
3、每个部门的 IP地址规划为: 192.168.xx.0/24
4、每个部门的主机均通过为 DHCP服务器获取IP地址,并且每个部门的网关IP地址为 192.168.xx.254
5、所有vlan 中都使用了网关冗余技术,为了增强网关稳定性和冗余性
6、交换机之间存在很多冗余链路,必须防止环路的发生,并且能够提高链路的利用率
7、要求每个 vlan 的主机访问其他主机时,使用的都是最优的转发路径
8、公司有一个出口设备 R1,连接一台外网的Web服务器
9、内网大量主机都需要访问这台外网的Web服务器
拓扑结构:
配置分析:
二层交换:设置pc机与交换机之间的端口模式为access,交换机与交换机之间设置为trunk模式, 及vlan40的端口隔离
三层交换:为每个vlan配置虚拟接口地址、配置dhcp中继代理、配置vrrp虚拟链路冗余、设置交换机与交换机之间连接方式为trunk模式、设置三层设备的静态路由
DHCP服务器:设置动态地址池、接口地址和dhcp全局配置
外部路由器配置静态路由
设置服务器IP地址
layer 2 switching:
sw3:
un t m
sy
sy sw3
v b 10 20 30 40 50
port-g g e0/0/1 to e0/0/22
p l a
p d v 10
q
port-g g g0/0/1 to g0/0/2
p l t
p t a v a
q
stp region-configuration
region-name yyz
instance 10 vlan 10
instance 20 vlan 20
instance 30 vlan 30
instance 40 vlan 40
active region-configuration
q
sw4、sw5、sw6依照sw3做对应配置
laery 3 switching:
sw1:
un t m
sy
sy sw1
dhcp ena
v b 10 20 30 40 50 60
port-g g g0/0/3 to g0/0/7
p l t
p t a v a
q
int g0/0/1
p l a
p d v 60
q
int g0/0/2
p l a
p d v 50
q
int v 10
ip a 192.168.10.251 24
dhcp select relay
dhcp relay server-ip 192.168.50.1
vrrp vrid 10 virtual-ip 192.168.10.254
vrrp vrid 10 priority 200
q
int v 20
ip a 192.168.20.251 24
dhcp select relay
dhcp relay server-ip 192.168.50.1
vrrp vrid 20 virtual-ip 192.168.20.254
vrrp vrid 20 priority 200
q
int v 30
i a 192.168.30.251 24
dhcp select relay
dhcp relay server-ip 192.168.50.1
vrrp vrid 30 virtual-ip 192.168.30.254
q
int v 40
i a 192.168.40.251 24
dhcp select relay
dhcp relay server-ip 192.168.50.1
vrrp vrid 40 virtual-ip 192.168.40.254
q
int v 50
ip a 192.168.50.251 24
q
int v 60
i a 192.168.60.251 24
q
stp region-configuration
region-name wangyou
instance 10 vlan 10
instance 20 vlan 20
instance 30 vlan 30
instance 40 vlan 40
active region-configuration
q
stp instance 10 priority 0
stp instance 20 priority 0
stp instance 30 priority 4096
stp instance 40 priority 4096
ip route-static 0.0.0.0 0 192.168.60.1
q
.....
DHCP server:
DHCP-server:
un t m
sy
sy DHCP-server
dhcp ena
int g0/0/0
i a 192.168.50.1 24
dhcp select global
ip pool vlan10
netw 192.168.10.0 m 24
g 192.168.10.254
l d 0 h 6 m 30
q
ip pool vlan20
netw 192.168.20.0 m 24
g 192.168.20.254
l d 0 h 6 m 30
q
ip pool vlan30
netw 192.168.30.0 m 24
g 192.168.30.254
l d 0 h 6 m 30
q
ip pool vlan40
netw 192.168.40.0 m 24
g 192.168.40.254
l d 0 h 6 m 30
q
ip route-static 0.0.0.0 0 192.168.50.251
外部路由器配置:
r1:
un t m
sy
sy r1
int g0/0/0
i a 192.168.60.1 24
q
int g0/0/1
i a 192.168.221.1 24
q
int g0/0/2
i a 192.168.70.1 24
q
ip route-static 192.168.10.0 24 192.168.60.251
ip route-static 192.168.10.0 24 192.168.70.252 preference 100
ip route-static 192.168.20.0 24 192.168.60.251
ip route-static 192.168.20.0 24 192.168.70.252 preference 100
ip route-static 192.168.30.0 24 192.168.60.251
ip route-static 192.168.30.0 24 192.168.70.252 preference 100
ip route-static 192.168.40.0 24 192.168.60.251
ip route-static 192.168.40.0 24 192.168.70.252 perfernece 100
ip route-static 100.100.2.0 24 192.168.221.2
r2:
un t m
sy
sy r2
int g0/0/1
i a 192.168.221.2 24
q
int g0/0/0
ip a 100.100.2.254 24
q
ip route-static 0.0.0.0 0 192.168.221.1
验证dhcp动态获取:
验证vrrp状态:
验证服务器: