Three-tier architecture comprehensive experiment (2.7)

Enterprise 2023-08-22 17:37:01 views: null

Target:

 1. Firstly, the address 172.16.0.0 26 needs to be reasonably divided based on this graph;

172.16.0.0 16 

172.16.1.0 25(vlan1)

172.16.2.128 25(vlan2)

172.16.3.0 24(r1-r2)

LSW1:

SVI1:172.16.1.10 25 vlan1
SVI2:172.16.1.210 25 vlan2

LSW2:

SVI1:172.16.1.20 25 vlan1
SVI2:172.16.1.220 25 vlan2

2. Now configure the switch part

Configuration sequence: CHNNEL VLAN TRUNK STP SVI VRRP DHCP

(1) First, create a channel between sw1 and sw2 to bundle two lines into one line

[sw1]int Eth-Trunk 0
[sw1]int gi 0/0/4
[sw1-GigabitEthernet0/0/4]eth-trunk 0
[sw1-GigabitEthernet0/0/3]eth-trunk 0

[sw2]int Eth-Trunk 0
[sw2-Eth-Trunk0]int gi 0/0/4
[sw2-GigabitEthernet0/0/4]eth-trunk 0
[sw2-GigabitEthernet0/0/3]eth-trunk 0

(2) Create vlan2 on sw3 and sw4 and divide it into corresponding interfaces, and create trunk trunk roads

[sw1]vlan 2    
[sw1]port-group group-member GigabitEthernet 0/0/2 gi 0/0/5 Eth-Trunk 0
[sw1-GigabitEthernet0/0/2]port link-type trunk 
[sw1-GigabitEthernet0/0/5]port link-type trunk 
[sw1-Eth-Trunk0]port link-type trunk 
[sw1-port-group]port trunk allow-pass vlan 2
[sw1-GigabitEthernet0/0/2]port trunk allow-pass vlan 2
[sw1-GigabitEthernet0/0/5]port trunk allow-pass vlan 2
[sw1-Eth-Trunk0]port trunk allow-pass vlan 2

[sw2]vlan 2
[sw2]port-group group-member gi 0/0/2 gi 0/0/5 Eth-Trunk 0
[sw2-GigabitEthernet0/0/2]port link-type trunk 
[sw2-GigabitEthernet0/0/5]port link-type trunk 
[sw2-Eth-Trunk0]port link-type trunk 
[sw2-port-group]port trunk allow-pass vlan 2
[sw2-GigabitEthernet0/0/2]port trunk allow-pass vlan 2
[sw2-GigabitEthernet0/0/5]port trunk allow-pass vlan 2
[sw2-Eth-Trunk0]port trunk allow-pass vlan 2

[sw3]vlan 2
[sw3]int e 0/0/3
[sw3-Ethernet0/0/3]port link-type access 
[sw3-Ethernet0/0/3]port default vlan 2
[sw3]port-group group-member e 0/0/2 e 0/0/5
[sw3-port-group]port link-type tr    
[sw3-port-group]port link-type trunk 
[sw3-Ethernet0/0/2]port link-type trunk 
[sw3-Ethernet0/0/5]port link-type trunk 
[sw3-port-group]port trunk allow-pass vlan 2
[sw3-Ethernet0/0/2]port trunk allow-pass vlan 2
[sw3-Ethernet0/0/5]port trunk allow-pass vlan 2

[sw4]vlan 2
[sw4]int e 0/0/3
[sw4-Ethernet0/0/3]port link-type access 
[sw4-Ethernet0/0/3]port default vlan 2
[sw4]port-group group-member e 0/0/5 e 0/0/2
[sw4-port-group]port link-type trunk 
[sw4-Ethernet0/0/5]port link-type trunk 
[sw4-Ethernet0/0/2]port link-type trunk 
[sw4-port-group]port trunk allow-pass vlan    
[sw4-port-group]port trunk allow-pass vlan 2
[sw4-Ethernet0/0/5]port trunk allow-pass vlan 2
[sw4-Ethernet0/0/2]port trunk allow-pass vlan 2

(3) Now it is necessary to configure the STP spanning tree

Requirement: backup between sw1 and sw2

Configuration scheme: SW1 is the root of group 1 (backup root of vlan2) SW2 is the root of group 2 (backup root of vlan1)

Specific configuration:

[sw1]stp enable 
[sw1]stp region-configuration 
[sw1-mst-region]region-name a
[sw1-mst-region]instance 1 vlan 1
[sw1-mst-region]instance 2 vlan 2
[sw1-mst-region]active region-configuration 
[sw1]stp instance 1 root primary 
[sw1]stp instance 2 root secondary

[sw2]stp enable 
[sw2]stp region-configuration
[sw2-mst-region] region-name a
[sw2-mst-region] instance 1 vlan 1
[sw2-mst-region] instance 2 vlan 2
[sw2-mst-region] active region-configuration
[sw2]stp instance 1 root secondary 
[sw2]stp instance 2 root primary 

[sw3]stp enable 
[sw3]stp region-configuration
[sw3-mst-region] region-name a
[sw3-mst-region] instance 1 vlan 1
[sw3-mst-region] instance 2 vlan 2
[sw3-mst-region] active region-configuration
[sw3]port-group group-member e0/0/1 e 0/0/3
[sw3-port-group]stp edged-port enable 
[sw3-Ethernet0/0/1]stp edged-port enable 边缘接口
[sw3-Ethernet0/0/3]stp edged-port enable 边缘接口

[sw4]stp enable 
[sw4]stp region-configuration
[sw4-mst-region] region-name a
[sw4-mst-region] instance 1 vlan 1
[sw4-mst-region] instance 2 vlan 2
[sw4-mst-region] active region-configuration
[sw4]port-group group-member e 0/0/1 e 0/0/3
[sw4-port-group]stp edged-port enable 
[sw4-Ethernet0/0/1]stp edged-port enable 边缘接口
[sw4-Ethernet0/0/3]stp edged-port enable 边缘接口


After checking, it is found that STP has already fulfilled the requirements of both vlan1 and vlan2 for backup.

(4) Create and configure SVI and configure VRRP, that is, configure gateway backup

First create SVI1 and SVI2 on SW1 and SW2 and configure ip:

[sw1]int vlan1
[sw1-Vlanif1]ip add 172.16.1.10 25
[sw1-Vlanif1]int vlan2
[sw1-Vlanif2]ip add 172.16.1.210 25

[sw2]int vlan 1
[sw2-Vlanif1]ip add 172.16.1.20 25
[sw2-Vlanif1]int vlan 2
[sw2-Vlanif2]ip add 172.16.1.220 25

Next, configure VRRP:

[sw1]int vlan1
[sw1-Vlanif1]vrrp vrid 1 virtual-ip 172.16.1.30 configure
[sw1-Vlanif1]vrrp vrid 1 priority 105 modify priority
[sw1-Vlanif1]vrrp vrid 1 track interface gi 0/0/1 uplink link tracking

[sw1]int vlan 2
[sw1-Vlanif2]vrrp vrid 1 virtual-ip 172.16.1.230

[sw2]int vlan1
[sw2-Vlanif1]vrrp vrid 1 virtual-ip 172.16.1.30
[sw2-Vlanif2]vrrp vrid 1 virtual-ip 172.16.1.230
[sw2-Vlanif2]vrrp vrid  1 priority 105
[sw2-Vlanif2]vrrp vrid 1 track interface gi 0/0/1

Check:

(5) Finally create DHCP on SW1 and SW2

SW1:

[sw1]dhcp enable  
[sw1]ip pool a
[sw1-ip-pool-a]network 172.16.1.0 mask 25
[sw1-ip-pool-a]gateway-list 172.16.1.30
[sw1-ip-pool-a]dns-list 14.14.14.14
[sw1]ip pool b
Info:It's successful to create an IP address pool.
[sw1-ip-pool-b]network 172.16.1.128 mask 25
[sw1-ip-pool-b]gateway-list 172.16.1.230
[sw1-ip-pool-b]dns-list 14.14.14.14

[sw1]int Vlanif 1
[sw1-Vlanif1]dhcp select global 
[sw1-Vlanif2]dhcp select global 

SW2:

[sw2]dhcp enable 
[sw2]ip pool a
[sw2-ip-pool-a]network 172.16.1.0 mask 25
[sw2-ip-pool-a]gateway-list  172.16.1.30
[sw2-ip-pool-a]dns-list 14.14.14.14
[sw2-ip-pool-b]network 172.16.1.128 mask 25
[sw2-ip-pool-b]gateway-list 172.16.1.230
[sw2-ip-pool-b]dns-list 14.14.14.14
[sw2-ip-pool-b]q
[sw2]int Vlanif 1
[sw2-Vlanif1]dhcp select global 
[sw2]int vlan2
[sw2-Vlanif2]dhcp select global

Now turn on DHCP to automatically obtain ip on the following pc

pc1:

 pc2:

 3. Now that the switch part has been configured, let’s configure the router part

First configure the public network:

[ISP]int gi 0/0/0
[ISP-GigabitEthernet0/0/0]ip add 172.16.3.1 24
[ISP-GigabitEthernet0/0/0]int lo0
[ISP-LoopBack0]ip add 1.1.1.1 24

r1 and the following two layer 3 switches

[r1]int gi 0/0/0
[r1-GigabitEthernet0/0/0]ip add 172.16.3.2 24
[r1-GigabitEthernet0/0/0]int gi 0/0/1
[r1-GigabitEthernet0/0/1]ip add 172.16.0.1 30
[r1-GigabitEthernet0/0/1]int gi 0/0/2
[r1-GigabitEthernet0/0/2]ip add 172.16.0.5 30

Configure the ip of SW1 and SW2 on the line connected to the switch (core layer) below

Note here: due to the emulator, it is not possible to directly configure the ip on the interface and modify it to create a dedicated AVI interface on this line

[sw1]vlan 99
[sw1]int gi 0/0/1
[sw1-GigabitEthernet0/0/1]port link-type  access 
[sw1-GigabitEthernet0/0/1]port default vlan 99
[sw1]int Vlanif 99
[sw1-Vlanif99]ip add 172.16.0.2 30

[sw2]vlan 99
[sw2-GigabitEthernet0/0/1]port link-type access  
[sw2-GigabitEthernet0/0/1]port default vlan 99
[sw2]int vlan 99
[sw2-Vlanif99]ip add 172.16.0.6 30

test:

 Routing is done as follows:

Method: Use OSPF and divide into two areas area 0 and area 1

r1:

[r1]ospf 1 router-id 1.1.1.1
[r1-ospf-1]area 0
[r1-ospf-1-area-0.0.0.0]network 172.16.0.1 0.0.0.0
[r1-ospf-1-area-0.0.0.0]network 172.16.0.5 0.0.0.0

SW1:

[sw1]ospf 1 router-id 2.2.2.2
[sw1-ospf-1]area 0
[sw1-ospf-1-area-0.0.0.0]network  172.16.0.2 0.0.0.0
[sw1-ospf-1]area 1
[sw1-ospf-1-area-0.0.0.1]network 172.16.1.10 0.0.0.0
[sw1-ospf-1-area-0.0.0.1]network 172.16.1.210 0.0.0.0

SW2:

[sw2]ospf 1 router-id 3.3.3.3
[sw2-ospf-1]area 0 
[sw2-ospf-1-area-0.0.0.0]network  172.16.0.6 0.0.0.0
[sw2-ospf-1]area 1
[sw2-ospf-1-area-0.0.0.1]network 172.16.1.20 0.0.0.0

[sw2-ospf-1-area-0.0.0.1]network 172.16.1.220 0.0.0.0

View the establishment of neighbors:

 Summarize the two neighbors between sw1 and sw2 so that r1 will only learn one route to here

[sw1-ospf-1-area-0.0.0.1]abr-summary 172.16.1.0 255.255.255.0

[sw2-ospf-1-area-0.0.0.1]abr-summary 172.16.1.0 255.255.255.0

 In order to allow users in the intranet to access the public network, a default link pointing to the public network must be made on r1

[r1]ip route-static 0.0.0.0 0.0.0.0 172.16.3.1

[r1]ospf 1
[r1-ospf-1]default-route-advertise

Here you can optimize SW1 and SW2 to make silent interfaces

[sw1-ospf-1]silent-interface all
[sw1-ospf-1]undo silent-interface Eth-Trunk 0
[sw1-ospf-1]undo silent-interface GigabitEthernet 0/0/1
[sw1-ospf-1]undo silent-interface Vlanif 1

[sw1-ospf-1]undo silent-interface Vlanif 99

[sw2-ospf-1]silent-interface all
[sw2-ospf-1]undo silent-interface Eth-Trunk 0
[sw2-ospf-1]undo silent-interface GigabitEthernet 0/0/1
[sw2-ospf-1]undo silent-interface GigabitEthernet 0/0/1
[sw2-ospf-1]undo silent-interface Vlanif 1

[sw2-ospf-1]undo silent-interface Vlanif 99

Fourth, the final ANT configuration

[r1]acl 2000
[r1-acl-basic-2000]rule permit source 172.16.0.0 0.0.255.255
[r1]int gi 0/0/0
[r1-GigabitEthernet0/0/0]nat outbound 2000

5. Test

pc1ping public network:

 pc2ping public network

Guess you like

Origin blog.csdn.net/qq_68163788/article/details/128908133
Recommended
Ranking
Business team with OKR removed a stumbling block on the road of success
Huihai Semiconductor Boost LED Constant Current Driver Chip H6911 Solution
Leetcode 128. Longest Consecutive Sequence (Hash + Optimization)
JVM学习笔记(六)JMM和Volatile
java review-Calendar class
LeetCode Brushing Diary Hash Table I
Spring Cloud Config uses SVN as configuration source
__enter __, __ exit__ difference
Remove null values in String array
Basic difference --- child burst suffix array yxs bare title board title monotonous simple application stack string study to understand problems
Daily
More
2024-07-29(0)
2024-07-28(0)
2024-07-27(0)
2024-07-26(0)
2024-07-25(0)
2024-07-24(0)
2024-07-23(0)
2024-07-22(0)
2024-07-21(0)
2024-07-20(0)

Code World

© 2018 codetd.com