||
一、案例环境:
与外网连接的设备:模块化路由器1台;
核心设备:核心交换机1台;
汇聚设备:三层交换机2台;
接入设备:二层交换机4台;
工程测试:PC机4台
二、建立如图所示的场景。
三、配置步骤:
(1)配置网络设备的基本参数
(2)配置OSPF选路协议
(3)测试OSPF选路协议
(4)测试全网连通性
(5)配置NAT功能,配置和测试与外部网络的连接。
四、具体配置
第一阶段:配置网络设备的基本参数
(1)Switch0的基本配置:
Switch>en
Switch#conf t
Switch(config)#hostname Switch0
Switch0(config)#vlan 10
Switch0(config-vlan)#exit
Switch0(config)#vlan 20
Switch0(config-vlan)#exit
Switch0(config)#vlan 30
Switch0(config-vlan)#exit
Switch0(config)#int range
Switch0(config)#int range f0/1-3
Switch0(config-if-range)#switchport accessvlan 10
Switch0(config-if-range)#exit
Switch0(config)#int range f0/4-6
Switch0(config-if-range)#switchport accessvlan 20
Switch0(config-if-range)#exit
Switch0(config)#int range f0/7-9
Switch0(config-if-range)#switchport accessvlan 30
Switch0(config-if-range)#exit
Switch0(config)#int f0/10
Switch0(config-if)#switchport mode trunk
Switch0(config-if)#exit
Switch0(config)#int vlan 1
Switch0(config-if)#ip address 192.168.0.1255.255.255.0
Switch0(config-if)#no shut
Switch0(config-if)#exit
Switch0(config)#ip default-gateway192.168.0.254
Switch0(config)#end
Switch0#
(2)Switch1的基本配置:
Switch>en
Switch#conf t
Switch(config)#hostname Switch1
Switch1(config)#vlan 10
Switch1(config-vlan)#exit
Switch1(config)#vlan 20
Switch1(config-vlan)#exit
Switch1(config)#vlan 30
Switch1(config-vlan)#exit
Switch1(config)#int range f0/1-3
Switch1(config-if-range)#switchport accessvlan 10
Switch1(config-if-range)#exit
Switch1(config)#int range f0/4-6
Switch1(config-if-range)#switchport accessvlan 20
Switch1(config-if-range)#exit
Switch1(config)#int range f0/7-9
Switch1(config-if-range)#switchport accessvlan 30
Switch1(config-if-range)#exit
Switch1(config)#int f0/20
Switch1(config-if)#switchport mode trunk
Switch1(config-if)#exit
Switch1(config)#int vlan 1
Switch1(config-if)#ip address 192.168.0.2255.255.255.0
Switch1(config-if)#no shut
Switch1(config-if)#exit
Switch1(config)#int f0/20
Switch1(config-if)#exit
Switch1(config)#ip default-gateway192.168.0.254
(3)Switch2的基本配置
Switch>en
Switch#conf t
Switch(config)#hostname Switch2
Switch2(config)#vlan 50
Switch2(config-vlan)#exit
Switch2(config)#vlan 60
Switch2(config-vlan)#exit
Switch2(config)#vlan 60
Switch2(config-vlan)#exit
Switch2(config)#vlan 70
Switch2(config-vlan)#exit
Switch2(config)#int range f0/1-3
Switch2(config-if-range)#switchport accessvlan 50
Switch2(config-if-range)#exit
Switch2(config)#int range f0/4-6
Switch2(config-if-range)#switchport accessvlan 60
Switch2(config-if-range)#exit
Switch2(config-if)#int range f0/7-9
Switch2(config-if-range)#switchport accessvlan 70
Switch2(config-if-range)#exit
Switch2(config)#int f0/10
Switch2(config-if)#switchport mode trunk
Switch2(config-if)#exit
Switch2(config)#int vlan 1
Switch2(config-if)#ip address 192.168.0.3255.255.255.0
Switch2(config-if)#no shut
Switch2(config-if)#exit
Switch2(config)#ip default-gateway192.168.0.254
Switch2(config)#end
Switch2#
(4)Switch3的基本配置:
Switch>en
Switch#conf t
Enter configuration commands, one perline. End with CNTL/Z.
Switch(config)#hostname Switch3
Switch3(config)#vlan 50
Switch3(config-vlan)#exit
Switch3(config)#vlan 60
Switch3(config-vlan)#exit
Switch3(config)#vlan 70
Switch3(config-vlan)#exit
Switch3(config)#int range f0/1-3
Switch3(config-if-range)#switchport accessvlan 50
Switch3(config-if-range)#exit
Switch3(config)#int range f0/4-6
Switch3(config-if-range)#switchport accessvlan 60
Switch3(config-if-range)#exit
Switch3(config)#int range f0/7-9
Switch3(config-if-range)#switchport accessvlan 70
Switch3(config-if-range)#exit
Switch3(config)#int f0/20
Switch3(config-if)#switchport mode trunk
Switch3(config-if)#exit
Switch3(config)#int vlan 1
Switch3(config-if)#ip address 192.168.0.4255.255.255.0
Switch3(config-if)#no shut
Switch3(config-if)#exit
Switch3(config)#ip default-gateway192.168.0.254
Switch3(config)#end
Switch3#
(5)汇聚层交换机3551-1的配置
Switch>en
Switch#conf t
Enter configuration commands, one perline. End with CNTL/Z.
Switch(config)#hostname 3550-1
3550-1(config)#vlan 10
3550-1(config-vlan)#exit
3550-1(config)#vlan 20
3550-1(config-vlan)#exit
3550-1(config)#vlan 30
3550-1(config-vlan)#exit
3550-1(config)#vlan 100
3550-1(config-vlan)#exit
3550-1(config-if)#exit
3550-1(config)#int f0/1
3550-1(config-if)#switchport access vlan100
3550-1(config)#int vlan 10
3550-1(config-if)#ip address 172.16.10.1 255.255.255.0
3550-1(config-if)#exit
3550-1(config)#int vlan 20
3550-1(config-if)#ip address 172.16.20.1255.255.255.0
3550-1(config-if)#exit
3550-1(config)#int vlan 30
3550-1(config-if)#ip address 172.16. 30.1255.255.255.0
3550-1(config-if)#exit
3550-1(config)#int vlan 100
3550-1(config-if)#ip address 192.168.128.44255.255.255.248
3550-1(config-if)#exit
3550-1(config)#int vlan 1
3550-1(config-if)#ip address 192.168.0.5255.255.255.0
3550-1(config-if)#no shut
3550-1(config-if)#exit
3550-1(config)#ip default-network192.168.0.254
3550-1(config)#end
3550-1#
(6)汇聚层交换机3551-2的配置
Switch#conf t
Switch(config)#hostname 3550-2
3550-2(config)#vlan 50
3550-2(config-vlan)#exit
3550-2(config)#vlan 60
3550-2(config-vlan)#exit
3550-2(config)#vlan 70
3550-2(config-vlan)#exit
3550-2(config)#vlan 200
3550-2(config-vlan)#exit
3550-2(config)#int f0/1
3550-2(config-if)#switchport access vlan200
3550-2(config-if)#exit
3550-2(config)#int vlan 1
3550-2(config-if)#ip address 192.168.0.6255.255.255.0
3550-2(config-if)#no shut
3550-2(config-if)#exit
3550-2(config)#ip default-network192.168.0.254
3550-2(config)#int vlan 50
3550-2(config-if)#ip address 172.18.50.1255.255.255.0
3550-2(config-if)#exit
3550-2(config)#int vlan 60
3550-2(config-if)#ip address 172.18.60.1255.255.255.0
3550-2(config-if)#exit
3550-2(config)#int vlan 70
3550-2(config-if)#ip address 172.18.70.1255.255.255.0
3550-2(config-if)#exit
3550-2(config)#int vlan 200
3550-2(config-if)#ip address 192.168.129.44255.255.255.248
3550-2(config-if)#end
3550-2#
(7)核心层交换机3550-3的配置
Switch>en
Switch#conf t
Switch(config)#hostname 3550-3
3550-3(config)#vlan 100
3550-3(config-vlan)#exit
3550-3(config)#vlan 200
3550-3(config-vlan)#exit
3550-3(config)#vlan 300
3550-3(config-vlan)#exit
3550-3(config)#int f0/10
3550-3(config-if)#switchport access vlan300
3550-3(config-vlan)#exit
3550-3(config)#int f0/2
3550-3(config-if)#switchport access vlan 100
3550-3(config-vlan)#exit
3550-3(config)#int f0/1
3550-3(config-if)#switchport access vlan 200
3550-3(config-if)#exit
3550-3(config)#int vlan 1
3550-3(config-if)#ip address 192.168.0.254255.255.255.0
3550-3(config-if)#no shut
3550-3(config-if)#exit
3550-3(config)#int vlan 100
3550-3(config-if)#ip address 192.168.128.45255.255.255.248
3550-3(config-if)#exit
3550-3(config)#int vlan 200
3550-3(config-if)#ip address 192.168.129.45255.255.255.248
3550-3(config-if)#exit
3550-3(config)#int vlan 300
3550-3(config-if)#ip address 192.168.86.17255.255.255.240
3550-3(config-if)#end
3550-3#
(8)出口路由器Router0的配置
Router>en
Router#conf t
Router(config)#hostname Router0
Router0(config)#int f0/0
Router0(config-if)#ip address 192.168.86.30255.255.255.240
Router0(config-if)#no shut
Router0(config-if)#ip nat inside
Router0(config-if)#exit
Router0(config)#int s0/3/0
Router0(config-if)#ip address 210.96.100.85255.255.255.252
Router0(config-if)#no shut
Router0(config-if)#clock rate 64000
Router0(config-if)#ip nat outside
Router0(config-if)#exit
Router0(config)#int f0/0
Router0(config-if)#
(9)外网路由器Router1的配置
Router>en
Router#conf t
Router(config)#hostname Router1
Router1(config)#int s0/3/0
Router1(config-if)#ip address 210.96.100.86255.255.255.252
Router1(config-if)#no shut
Router1(config-if)#exit
Router1(config)#int f0/0
Router1(config-if)#ip address 210.96.101.1255.255.255.252
Router1(config-if)#no shut
Router1(config-if)#end
Router1#
第二阶段:配置OSPF选路协议
(1) 在3550-1上配置OSPF动态选路协议
3550-1>en
3550-1#conf t
3550-1(config)#router ospf 1
3550-1(config-router)#network 172.16.10.0 0.0.0.255area 0
3550-1(config-router)#network 172.16.20.0 0.0.0.255area 0
3550-1(config-router)#network 172.16.30.0 0.0.0.255area 0
3550-1(config-router)#network192.168.128.40 0.0.0.7 area 0
3550-1(config-router)#
(2) 在3550-2上配置OSPF动态选路协议
3550-2>en
3550-2#conf t
3550-2(config)#router ospf 1
3550-2(config-router)#network 172.18.50.0 0.0.0.255area 0
3550-2(config-router)#network 172.18.60.0 0.0.0.255area 0
3550-2(config-router)#network 172.18.70.0 0.0.0.255area 0
3550-2(config-router)#network192.168.129.40 0.0.0.7 area 0
3550-2(config-router)#
(3) 在3550-3上配置OSPF动态选路协议
3550-3>en
3550-3#conf t
Enter configuration commands, one perline. End with CNTL/Z.
3550-3(config)#router ospf 1
3550-3(config-router)#network192.168.128.40 0.0.0.7 area 0
3550-3(config-router)#network192.168.129.40 0.0.0.7 area 0
3550-3(config-router)#network 192.168.86.160.0.0.15 area 0
3550-3(config-router)#
(4) 在Router0上配置OSPF动态选路协议
Router0>en
Router0#conf t
Enter configuration commands, one perline. End with CNTL/Z.
Router0(config)#ip route 0.0.0.0255.255.255.255 210.96.100.86
Router0(config)#router ospf 1
Router0(config-router)#network 210.96.100.840.0.0.3 area 0
Router0(config-router)#network192.168.86.16 0.0.0.15 area 0
Router0(config-router)#default-informationoriginate
Router0(config-router)#
(5) 在Router0上配置默认路由
Router0(config)#ip route 0.0.0.0 0.0.0.0210.96.100.86
(6) 在Router0上配置NAT
Router0(config)#ip nat inside source list 1interface serial 0/3/0 overload
Router0(config)#int s0/3/0
Router0(config-if)#ip nat outside
Router0(config-if)#exit
Router0(config)#int f0/0
Router0(config-if)#ip nat inside
Router0(config-if)#exit
Router0(config)#access-list 1 permit any
(7) 在Router1上配置静态路由
第三阶段:测试OSPF选路协议
3550-1>en
3550-1#show ip rou
3550-1#show iproute
Codes: C -connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
D- EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 -OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPFexternal type 2, E - EGP
i - IS-IS, L1 - IS-IS level-1, L2 -IS-IS level-2, ia - IS-IS inter area
* - candidate default, U - per-userstatic route, o - ODR
P - periodic downloaded static route
Gateway of lastresort is 192.168.128.45 to network 0.0.0.0
172.16.0.0/24 is subnetted, 3 subnets
C 172.16.10.0 is directly connected,Vlan10
C 172.16.20.0 is directly connected,Vlan20
C 172.16.30.0 is directly connected,Vlan30
172.18.0.0/24 is subnetted, 3 subnets
O 172.18.50.0 [110/3] via 192.168.128.45,01:20:16, Vlan100
O 172.18.60.0 [110/3] via 192.168.128.45,01:20:16, Vlan100
O 172.18.70.0 [110/3] via 192.168.128.45,01:20:16, Vlan100
C 192.168.0.0/24 is directly connected, Vlan1
192.168.86.0/28 is subnetted, 1 subnets
O 192.168.86.16 [110/2] via192.168.128.45, 01:20:46, Vlan100
192.168.128.0/29 is subnetted, 1 subnets
C 192.168.128.40 is directly connected,Vlan100
192.168.129.0/29 is subnetted, 1 subnets
O 192.168.129.40 [110/2] via192.168.128.45, 01:20:46, Vlan100
210.96.100.0/30 is subnetted, 1 subnets
O 210.96.100.84 [110/783] via192.168.128.45, 01:20:46, Vlan100
O*E2 0.0.0.0/0[110/1] via 192.168.128.45, 00:03:51, Vlan100
3550-1#
同样的命令测试3550-2、3550-3、Router0
第四阶段:测试全网连通性
PC0ping外网服务器可以通
外网服务器不能ping通内部主机PC0
Archiver|手机版|科学网 ( 京ICP备07017567号-12 )
GMT+8, 2024-5-23 23:49
Powered by ScienceNet.cn
Copyright © 2007- 中国科学报社