实验需求总部:
1、除了SW8 SW9是三层交换机,其他交换机均为2层交换机。
2、GW为总部的出口设备,使用单臂路由技术,VLAN10,20,100的网关都在GW上
3、总部、分支8、分支9之间互有专线连接,目标:GW与SW8与SW9三台建立OSPF
互相宣告互为邻居,进程号200,区域0,达到企业内网全网互通。
4、在SW8和SW9建立的邻居中,SW8的互联接口要永远成为DR
5、要求DHCP服务器在路由追踪PC8的时候,路径中必须包含SW9
特性:
6、VLAN10,20的PC均由DHCP服务器提供IP地址,DHCP服务器的地址池配置如下
VLAN10:192.168.10.0/24 GW:192.168.10.254 DNS:8.8.8.8 租期:8天
VLAN20:192.168.20.0/24 GW:192.168.20.254 DNS:8.8.8.8 租期:8天
PC2是老板的PC,老板要求通过DHCP给他固定IP:192.168.20.100/24其他与地址池一致
由于员工区存在打印机,需要排除掉192.168.10.240~254;192.168.20.240~254
7、GW路由器使用NAT技术,配置EASY IP技术让内部设备可以上网,在Internet路由器上使用
环回接口模拟公网地址,让所有PC可以Ping通100.1.1.1
8、服务器区有一台HTTP服务器,将其80端口发布至Internet网络,在Internet路由器上使用
telnet 70.1.1.1 80 来验证是否成功
分支8:
1、PC8配置静态IP,PC8可以通过总部GW上网,ping 100.1.1.1
分支9:
1、PC9配置静态IP,PC9可以通过总部GW上网,ping 100.1.1.1
实验配置
GWsysname GW#undo info-center enable#vlan batch 10 20 100 200 to 202#dhcp enable //使能DHCP#acl number 2000 //创建ACLrule 5 permit#interface Eth-Trunk1 //创建聚合口1undo portswitch //切换为三层接口#interface Eth-Trunk1.10 //进入聚合口的子接口dot1q termination vid 10 ip address 192.168.10.254 255.255.255.0arp broadcast enable //使能arp广播dhcp select relay //使能子接口DHCP中继dhcp relay server-ip 192.168.100.100 //配置DHCP服务器地址#interface Eth-Trunk1.20dot1q termination vid 20ip address 192.168.20.254 255.255.255.0arp broadcast enabledhcp select relaydhcp relay server-ip 192.168.100.100#interface Eth-Trunk1.100dot1q termination vid 100ip address 192.168.100.254 255.255.255.0arp broadcast enable#interface Eth-Trunk1.200dot1q termination vid 200ip address 60.30.1.2 255.255.255.248arp broadcast enablenat server protocol tcp global 70.1.1.1 www inside 192.168.100.101 www //配置NAT转换nat outbound 2000#interface Eth-Trunk1.201dot1q termination vid 201ip address 192.168.201.1 255.255.255.0ospf cost 3 //修改路径开销为3arp broadcast enable#interface Eth-Trunk1.202dot1q termination vid 202ip address 192.168.202.1 255.255.255.0arp broadcast enable#interface GigabitEthernet0/0/0eth-trunk 1#interface GigabitEthernet0/0/1eth-trunk 1#interface LoopBack0ip address 1.1.1.1 255.255.255.255#ospf 100 router-id 1.1.1.1area 0.0.0.0 network 1.1.1.1 0.0.0.0 network 60.30.1.0 0.0.0.255 network 192.168.10.0 0.0.0.255 network 192.168.20.0 0.0.0.255 network 192.168.100.0 0.0.0.255 network 192.168.201.0 0.0.0.255 network 192.168.202.0 0.0.0.255#ip route-static 0.0.0.0 0.0.0.0 60.30.1.1#return
sysname L2-Core-SW#undo info-center enable#vlan batch 10 20 100 200 to 202#interface Eth-Trunk1 port link-type trunk port trunk allow-pass vlan 2 to 4094#interface Eth-Trunk2 port link-type trunk port trunk allow-pass vlan 2 to 4094#interface GigabitEthernet0/0/1 port link-type access port default vlan 201#interface GigabitEthernet0/0/2 eth-trunk 1#interface GigabitEthernet0/0/3 eth-trunk 1#interface GigabitEthernet0/0/4 eth-trunk 2#interface GigabitEthernet0/0/5 eth-trunk 2#interface GigabitEthernet0/0/6 port link-type trunk port trunk allow-pass vlan 2 to 4094#interface GigabitEthernet0/0/7 port link-type trunk port trunk allow-pass vlan 2 to 4094#interface GigabitEthernet0/0/8 port hybrid tagged vlan 100#interface GigabitEthernet0/0/9 port link-type access port default vlan 202
sysname DHCP# undo info-center enable#dhcp enable#ip pool VLAN10 gateway-list 192.168.10.254 network 192.168.10.0 mask 255.255.255.0 excluded-ip-address 192.168.10.240 192.168.10.253 lease day 8 hour 0 minute 0 dns-list 8.8.8.8 #ip pool VLAN20 gateway-list 192.168.20.254 network 192.168.20.0 mask 255.255.255.0 static-bind ip-address 192.168.20.100 mac-address 5489-9806-68e7 excluded-ip-address 192.168.20.240 192.168.20.253 lease day 8 hour 0 minute 0 dns-list 8.8.8.8 #interface GigabitEthernet0/0/0 ip address 192.168.100.100 255.255.255.0 dhcp select global#ip route-static 0.0.0.0 0.0.0.0 192.168.100.254
ACC_SW
# sysname ACC_SW # undo info-center enable # vlan batch 200 # interface Eth-Trunk1 port link-type trunk port trunk allow-pass vlan 2 to 4094 # interface GigabitEthernet0/0/1 port link-type access port default vlan 200 # interface GigabitEthernet0/0/2 eth-trunk 1 # interface GigabitEthernet0/0/3 eth-trunk 1
ACC-SW-Staff01#sysname ACC-SW-Staff01#undo info-center enable#vlan batch 10#interface GigabitEthernet0/0/1 port link-type access port default vlan 10#interface GigabitEthernet0/0/2 port link-type trunk port trunk allow-pass vlan 2 to 4094
ACC-SW-Staff02
#sysname ACC-SW-Staff02#undo info-center enable#vlan batch 20#interface GigabitEthernet0/0/1 port link-type trunk port trunk pvid vlan 20 port trunk allow-pass vlan 20#interface GigabitEthernet0/0/2 port link-type trunk port trunk allow-pass vlan 2 to 4094
ACC-SW-Server01
#sysname ACC-SW-Server01#undo info-center enable#vlan batch 100#interface GigabitEthernet0/0/1 port hybrid pvid vlan 100 port hybrid untagged vlan 100#interface GigabitEthernet0/0/2 port hybrid pvid vlan 100 port hybrid untagged vlan 100#interface GigabitEthernet0/0/3 port hybrid tagged vlan 100
SW8
#sysname SW8#undo info-center enable#vlan batch 80 201 203#interface Vlanif80 ip address 192.168.80.254 255.255.255.0#interface Vlanif201 ip address 192.168.201.2 255.255.255.0#interface Vlanif203 ip address 192.168.203.1 255.255.255.0 ospf dr-priority 255 //修改ospf优先级#interface GigabitEthernet0/0/1 port link-type access port default vlan 201#interface GigabitEthernet0/0/2 port link-type access port default vlan 80#interface GigabitEthernet0/0/3 port link-type access port default vlan 203#interface LoopBack0 ip address 8.8.8.8 255.255.255.255#ospf 100 router-id 8.8.8.8 area 0.0.0.0 network 8.8.8.8 0.0.0.0 network 192.168.201.0 0.0.0.255 network 192.168.80.0 0.0.0.255 network 192.168.203.0 0.0.0.255#ip route-static 0.0.0.0 0.0.0.0 192.168.201.1#return
SW9
#sysname SW9#undo info-center enable#vlan batch 90 202 to 203#interface Vlanif90 ip address 192.168.90.254 255.255.255.0#interface Vlanif202 ip address 192.168.202.2 255.255.255.0#interface Vlanif203 ip address 192.168.203.2 255.255.255.0#interface MEth0/0/1#interface GigabitEthernet0/0/1 port link-type access port default vlan 202#interface GigabitEthernet0/0/2 port link-type access port default vlan 90#interface GigabitEthernet0/0/3 port link-type access port default vlan 203#interface LoopBack0 ip address 9.9.9.9 255.255.255.255#ospf 100 router-id 9.9.9.9 area 0.0.0.0 network 9.9.9.9 0.0.0.0 network 192.168.202.0 0.0.0.255 network 192.168.90.0 0.0.0.255 network 192.168.203.0 0.0.0.255#ip route-static 0.0.0.0 0.0.0.0 192.168.202.1
# sysname Internet# undo info-center enable#vlan batch 200#interface GigabitEthernet0/0/0 ip address 60.30.1.1 255.255.255.248#interface LoopBack0 ip address 100.1.1.1 255.255.255.255#ip route-static 70.1.1.1 255.255.255.255 60.30.1.2
配置完毕,验证配置
PC1获取IP地址
PC2获取IP地址
PC1 Ping DHCP服务器
PC1 Ping Internet
PC1 Ping PC8
PC1 Ping PC9
验证完毕,全网互通。
