一 需求分析
1.1需求
局域网内划分多个vlan,隔离广播域
局域网内部财政服务器只允许财务部门访问
所有pc均能自动获取地址
所有设备均能被telnet远程管理
配置生成树,确保生成树的根桥在核心交换机上
1.2 分析
本次实验主要用的技术有:
vlan划分,合理设置交换机的trunk和access口,是vlan间能通过三层访问
核心交换机配置dhcp功能,能自动分配ip
链路聚合,提高链路负载
使用RSTP,确保核心交换机为根桥,配置根桥保活措施,确保根桥不被抢占
局域网内使用ospf实现互通
二 规划拓扑
LSW1:
vlanif10 |
192.168.1.254/24 |
vlanif20 |
192.168.2.254/24 |
vlanif30 |
192.168.3.254/24 |
vlanif40 |
192.168.4.254/24 |
vlanif99 |
14.1.1.1/24 |
lSW4:
vlanif100 |
14.1.1.4/24 |
vlanif200 |
41.1.1.4/24 |
AR1:
g0/0/0 |
41.1.1.1 |
三 拓扑图
四 实验配置
4.1 vlan划分和实现不同vlan间的通信
LSW2:
[Huawei]vlan batch 10 20 30 40
[Huawei]int e0/0/3
[Huawei-Ethernet0/0/3]port link-type access
[Huawei-Ethernet0/0/3]port default vlan 10
[Huawei]int e0/0/4
[Huawei-Ethernet0/0/4]port link-type access
[Huawei-Ethernet0/0/4]port default vlan 20
[Huawei]int e0/0/1
[Huawei-Ethernet0/0/1]port link-type trunk
[Huawei-Ethernet0/0/1]port trunk allow-pass vlan all
[Huawei]int e0/0/2
[Huawei-Ethernet0/0/2]port link-type trunk
[Huawei-Ethernet0/0/2]port trunk allow-pass vlan allLSW3:
[Huawei]vlan batch 10 20 30 40
[Huawei]int e0/0/3
[Huawei-Ethernet0/0/3]port link-type access
[Huawei-Ethernet0/0/3]port default vlan 40
[Huawei]int e0/0/4
[Huawei-Ethernet0/0/4]port link-type access
[Huawei-Ethernet0/0/4]port default vlan 30
[Huawei]int e0/0/1
[Huawei-Ethernet0/0/1]port link-type trunk
[Huawei-Ethernet0/0/1]port trunk allow-pass vlan all
[Huawei]int e0/0/2
[Huawei-Ethernet0/0/2]port link-type trunk
[Huawei-Ethernet0/0/2]port trunk allow-pass vlan allLSW1:
[Huawei]vlan batch 10 20 30 40 99
[Huawei-Vlanif10]int g0/0/1
[Huawei-GigabitEthernet0/0/1]port link-type trunk
[Huawei-GigabitEthernet0/0/1]port trunk allow-pass vlan all
[Huawei-Vlanif10]int g0/0/2
[Huawei-GigabitEthernet0/0/2]port link-type trunk
[Huawei-GigabitEthernet0/0/2]port trunk allow-pass vlan all
[Huawei]int vlan 10
[Huawei-Vlanif10]ip address 192.168.10.254 24
[Huawei]int vlan 20
[Huawei-Vlanif10]ip address 192.168.20.254 24
[Huawei]int vlan 30
[Huawei-Vlanif10]ip address 192.168.30.254 24
[Huawei]int vlan 40
[Huawei-Vlanif10]ip address 192.168.40.254 24
[Huawei]int vlan 99
[Huawei-Vlanif99]ip address 14.1.1.1 244.2 配置链路聚合
LSW1:
[Huawei]int Eth-Trunk 1
[Huawei-Eth-Trunk1]trunkport GigabitEthernet 0/0/3 to 0/0/4
[Huawei-Eth-Trunk1]port link-type access
[Huawei-Eth-Trunk1]port default vlan 99LSW4:
[Huawei]vlan batch 100 200
[Huawei]int Eth-Trunk 1
[Huawei-Eth-Trunk1]trunkport GigabitEthernet 0/0/1 0/0/3
[Huawei-Eth-Trunk1]port link-type access
[Huawei-Eth-Trunk1]port default vlan 1004.3 配置RSTP和根桥保护
LSW1:
[Huawei]stp mode rstp //设置stp类型为rstp
[Huawei]stp priority 0//将LSW1设置为根桥LSW2:
[Huawei]stp mode rstp
[Huawei]stp bpdu-protection //开启根桥保护LSW3:
[Huawei]stp mode rstp
[Huawei]stp bpdu-protection 都看到这里了,不如点个赞吧!
4.4 配置dhcp自动分配ip
LSW1:
[Huawei]dhcp enable
[Huawei]ip pool vlan10//配置地址池
[Huawei]gateway-list 192.168.10.254//分配网段
[Huawei]network 192.168.10.0 mask 255.255.255.0//指定网关
[Huawei]ip pool vlan20
[Huawei]gateway-list 192.168.20.254
[Huawei]network 192.168.20.0 mask 255.255.255.0
[Huawei]ip pool vlan30
[Huawei]gateway-list 192.168.30.254
[Huawei]network 192.168.30.0 mask 255.255.255.0
[Huawei]int vlan 10
[Huawei-Vlanif10]dhcp select global
[Huawei]int vlan 20
[Huawei-Vlanif10]dhcp select global
[Huawei]int vlan 30
[Huawei-Vlanif10]dhcp select global dhcp效果如图所示:
pc1:
pc2:
pc3:
4.5 配置acl,只有财务部门才能访问财务服务器
LSW3:
[Huawei]acl number 3000
[Huawei-acl-adv-3000]rule 5 permit ip source 192.168.30.0 0.0.0.255 destination
192.168.40.1 0
[Huawei-acl-adv-3000]rule 10 deny ip source any
[Huawei]int e0/0/3
[Huawei-Ethernet0/0/3]traffic-filter outbound acl 3000效果如图所示:
只有pc3才能ping通财政服务器:
其余的则不行:
4.6内网使用ospf实现互通
LSW1:
[Huawei]ospf 1
[Huawei-ospf-1]area 0
[Huawei]int vlan 10
[Huawei-Vlanif10]ospf enable 1 area 0
[Huawei]int vlan 20
[Huawei-Vlanif20]ospf enable 1 area 0
[Huawei]int vlan 30
[Huawei-Vlanif30]ospf enable 1 area 0
[Huawei]int vlan 40
[Huawei-Vlanif40]ospf enable 1 area 0
[Huawei]int vlan 99
[Huawei-Vlanif99]ip add 14.1.1.1 24
[Huawei-Vlanif99]ospf enable 1 area 0LSW4:
[Huawei]ospf 1
[Huawei-ospf-1]area 0
[Huawei]int vlan 100
[Huawei-Vlanif10]ip addre 14.1.1.4 24
[Huawei-Vlanif100]ospf enable 1 area 0
[Huawei]int vlan 200
[Huawei-Vlanif200]ip addre 41.1.1.4 24
[Huawei-Vlanif200]ospf enable 1 area 0AR1:
[Huawei]ospf 1
[Huawei-ospf-1]area 0
[Huawei]int g0/0/0
[Huawei-GigabitEthernet0/0/0]ip addre 41.1.1.1 24
[Huawei-GigabitEthernet0/0/0]ospf enable 1 area 0实验效果:
4.7 配置telnet服务
LSW1:
[Huawei]telnet server enable
Info: The Telnet server has been enabled.
[Huawei]user-interface vty 0 4 //允许5个终端登录
[Huawei-ui-vty0-4]authentication-mode aaa
[Huawei-ui-vty0-4]protocol inbound telnet
[Huawei]aaa
[Huawei-aaa]local-user test password cipher 12345//用户text 密码12345
[Huawei-aaa]local-user test privilege level 15 //设置用户最高等级15
[Huawei-aaa]local-user test service-type telnet 实验完成(仅供参考)