企业的基本拓扑:
思路:1)先配置汇聚层和接入层,再配置核心层和路由
2)SW5 SW6 SW7 SW8 配置端口trunk模式并进行端口绑定、创建vtp。
3)配置SW5和SW6上的vlan的地址,配置vrrp和生成树的基本配置
4)配置核心层的端口地址和路由OSPF的配置
5)ping外网进行测试并模拟故障等
6)这只是其中一部分,若有分公司可通过***实现与总公司内网之间的相互访问,本案例只是一个缩影
步骤如下: 1)配置R5 R6 R7 R8的trunk
R5和R6:
conf ter
int range f0/1 -4 //多个端口配置trunk模式
sw trunk en do
sw mode trunk
int range f0/3 -4
channel-gr 1 mode on //端口捆绑做负载平衡
end
R7和R8:
conf ter
in range f0/14 -15
sw trunk en do
sw mode trunk
R5:
vlan da //创建vlan
vtp domain myvtp //创建vlan域名实现R5,R6,R7,R8vlan的同步
vlan 10
vlan 20
vlan 30
vlan 40
end
R7:
conf ter
int f0/1
sw acc vlan 10 //端口绑定
int f0/2
sw acc vlan 20
end
R8:
conf ter
int f0/1
sw acc vlan 30
int f0/2
sw acc vlan 40
exit
2)配置各个vlan的地址、配置vrrp和设定优先级
R5:
conf ter
int vlan 10
ip add 192.168.10.252 255.255.255.0
no shu
vrrp 10 ip 192.168.10.254 //创建vrrp,目标ip为虚拟的网关
vrrp 10 pri 150 //设定优先级
vrrp 10 pre //设置抢占
exit
int vlan 20
ip add 192.168.20.252 255.255.255.0
no shu
vrrp 20 ip 192.168.20.254
vrrp 20 pri 150
vrrp 20 pre
exit
int vlan 30
ip add 192.168.30.252 255.255.255.0
no shu
vrrp 30 ip 192.168.30.254
vrrp 30 pri 100
vrrp 30 pre
exit
int vlan 40
ip add 192.168.40.252 255.255.255.0
no shu
vrrp 40 ip 192.168.40.254
vrrp 40 pri 100
vrrp 40 pre
exit
span vlan 10 pri 4096 //创建生成树划分优先级实现vlan10-20在R5为主,vlan30-40在R5为辅
span vlan 20 pri 4096
span vlan 30 pri 8192
span vlan 40 pri 8192
exit
R6:
conf ter
int vlan 10
ip add 192.168.10.253 255.255.255.0
no shu
vrrp 10 ip 192.168.10.254
vrrp 10 pri 100
vrrp 10 pre
exit
int vlan 20
ip add 192.168.20.253 255.255.255.0
no shu
vrrp 20 ip 192.168.20.254
vrrp 20 pri 100
vrrp 20 pre
exit
int vlan 30
ip add 192.168.30.253 255.255.255.0
no shu
vrrp 30 ip 192.168.30.254
vrrp 30 pri 150
vrrp 30 pre
exit
int vlan 40
ip add 192.168.40.253 255.255.255.0
no shu
vrrp 40 ip 192.168.40.254
vrrp 40 pri 150
vrrp 40 pre
exit
span vlan 10 pri 8192 //创建生成树划分优先级实现vlan10-20在R6为辅,vlan30-40在R6为主
span vlan 20 pri 8192
span vlan 30 pri 4096
span vlan 40 pri 4096
exit
3)配置核心层端口的ip地址并打开OSPF进行宣告
R1:
conf te
int lo 0
ip add 8.8.8.8 255.255.255.0
no shu
int f0/0
ip add 202.106.0.2 255.255.255.252
no shu
R2:
conf ter
int f1/0
ip add 202.106.0.1 255.255.255.252
no shu
int f0/0
ip add 192.168.15.2 255.255.255.0
no shu
int f0/1
ip add 192.168.16.2 255.255.255.0
no shu
exit
router os 100
default-information originate //实现默认路由的下放
net 192.168.15.0 0.0.0.255 ar 0
net 192.168.16.0 0.0.0.255 ar 0
exit
ip route 0.0.0.0 0.0.0.0 f1/0
R3:
conf ter
int f0/3
no sw
ip add 192.168.15.1 255.255.255.0
no shu
int f0/1
no sw
ip add 192.168.13.2 255.255.255.0
no shu
int f0/2
no sw
ip add 192.168.14.2 255.255.255.0
no shu
router os 100
net 192.168.13.0 0.0.0.255 ar 0
net 192.168.14.0 0.0.0.255 ar 0
net 192.168.15.0 0.0.0.255 ar 0
R4:
conf ter
int f0/1
no sw
ip add 192.168.23.2 255.255.255.0
no shu
int f0/2
no sw
ip add 192.168.24.2 255.255.255.0
no shu
int f0/4
no sw
ip add 192.168.16.1 255.255.255.0
no shu
exit
router os 100
net 192.168.23.0 0.0.0.255 ar 0
net 192.168.24.0 0.0.0.255 ar 0
net 192.168.16.0 0.0.0.255 ar 0
R5:
conf ter
int f0/5
no sw
ip add 192.168.13.1 255.255.255.0
no shu
int f0/6
no sw
ip add 192.168.23.1 255.255.255.0
no shu
router os 100
net 192.168.13.0 0.0.0.255 ar 0
net 192.168.23.0 0.0.0.255 ar 0
net 192.168.10.0 0.0.0.255 ar 1
net 192.168.20.0 0.0.0.255 ar 1
net 192.168.30.0 0.0.0.255 ar 1
net 192.168.40.0 0.0.0.255 ar 1
R6:
conf ter
int f0/5
no sw
ip add 192.168.14.1 255.255.255.0
no shu
int f0/6
no sw
ip add 192.168.24.1 255.255.255.0
no shu
exit
router os 100
net 192.168.14.0 0.0.0.255 ar 0
net 192.168.24.0 0.0.0.255 ar 0
net 192.168.10.0 0.0.0.255 ar 1
net 192.168.20.0 0.0.0.255 ar 1
net 192.168.30.0 0.0.0.255 ar 1
net 192.168.40.0 0.0.0.255 ar 1
4)端口NAT
R2:
conf ter
int f0/0
ip nat inside
int f0/1
ip nat inside
int f1/0
ip nat outside
exit
access-list 1 permit 192.168.0.0. 0.0.63.255 //acl摘出内网
ip nat inside source list 1 int f1/0 overload //内网向外网转换
5)测试和故障模拟
a)在vpc上设置pc机的ip地址
PC1:ip 192.168.10.2 192.168.10.254 24
PC2:ip 192.168.20.2 192.168.20.254 24
PC3:ip 192.168.30.2 192.168.30.254 24
PC4:ip 192.168.40.2 192.168.40.254 24
b)分别在PC1-4上ping 8.8.8.8
c)将R3,R4,R5,R6分别依次断开模拟故障在PC4上ping 8.8.8.8
6)用到的命令
show run 查看配置
show vrrp b 查看vrrp中主备状态
show vrrp all 查看vrrp的配置
show vlan-sw b 查看vlan
show ip route 查看路由
tracert ip pc机跟踪路由
sh pc机查看配置