企业网三层架构

路由器：

1.  配地址
   

2.  Ospf 实现非直连网段的通信
   

下放缺省，以及边界路由器的静态缺省

3.  Acl抓流量，做nat
   

Router1 配地址

Route0 配地址

r0(config)#router ospf 100

r0(config-router)# router-id 1.1.1.1

r0(config-router)# network 10.1.1.0
0.0.0.255 area 0

r0(config-router)# network 172.16.0.0
0.0.63.255 area 0

r0(config-router)# network 172.16.64.0
0.0.63.255 area 0

r0(config-router)# default-information
originate

r0(config-router)#exit

r0(config)#ip route 0.0.0.0 0.0.0.0
10.1.1.2

r0(config)#access-list 1 permit any

r0(config)#ip nat inside source list 1
interface FastEthernet0/1 overload

r0(config)#interface FastEthernet0/1

r0(config)# ip nat outside

r0(config)#interface FastEthernet0/0

r0(config-if)# ip nat inside

r0(config)#interface FastEthernet1/0

r0(config-if)# ip nat inside

三层交换机：

1.  创vlan划vlan
   

2.  生成树
   

3.  Vtp
   

4.  Hsrp
   

5.  远程登陆
   

S1

s1(config)#vlan 2

s1(config)#exit

s1(config)#vlan 3

s1(config)#exit

s1(config)#interface FastEthernet0/2

s1(config-if)# switchport access vlan 2

s1(config-if)# switchport mode access

s1(config)#interface FastEthernet0/3

s1(config-if)# switchport trunk encapsulation
dot1q

s1(config-if)# switchport mode trunk

s1(config)#interface FastEthernet0/4

s1(config-if)# switchport access vlan 3

s1(config-if)# switchport mode access

s1(config)# interface range
FastEthernet0/5-7

s1(config-if-range)# switchport trunk encapsulation
dot1q

s1(confi-if-range)# switchport mode trunk

s1(config-if-range)# channel-group 1 mode
on

生成树

s1(config)#ip routing

s1(config)#spanning-tree vlan 2 root
primary

s1(config)#spanning-tree vlan 3 root
secondary

vtp

s1(config)#vtp domain ccie

s1(config)#vtp mode server

s1(config)#exit

s1(config)#interface FastEthernet0/1

s1(config-if)# no switchport

s1(config-if)# ip address 172.16.0.2
255.255.192.0

hsrp

s1(config)#interface Vlan2

s1(config-if)# ip address 172.16.128.1
255.255.192.0

s1(config-if)# standby 1 ip 12.1.1.1

s1(config)#interface Vlan3

s1(config-if)# ip address 172.16.192.1
255.255.192.0

s1(config-if)# standby 2 ip 13.1.1.1

s1(config)#router ospf 100

ospf

s1(config-router)# router-id 2.2.2.2

s1(config-router)# network 172.16.0.0
0.0.63.255 area 0

s1(config-router)# network 172.16.128.0
0.0.63.255 area 0

s1(config-router)# network 172.16.192.0
0.0.63.255 area 0

下放地址池

s1(config)#ip dhcp pool x

s1(dhcp-config)# network 172.16.128.0
255.255.192.0

s1(dhcp-config)# default-router
172.16.128.1

s1(dhcp-config)# dns-server 8.8.8.8

s1(dhcp-config)#ip dhcp pool h

s1(dhcp-config)# network 172.16.192.0
255.255.192.0

s1(dhcp-config)# default-router
172.16.192.1

s1(dhcp-config)# dns-server 8.8.8.8

远程登陆

s1(config)#line vty 0 4

s1(config-line)#password 123

s1(config-line)#login local

S2

s2(config)#vtp domain ccie

s2(config)#vtp mode client

划vlan同上

hsrp

s2(config)#interface Vlan2

s2(config-if)# ip address 172.16.128.2 255.255.192.0

s2(config-if)# standby 1 ip 12.1.1.1

s2(config)#interface Vlan3

s2(config-if)# ip address 172.16.192.2 255.255.192.0

s2(config-if)# standby 2 ip 13.1.1.1

s2(config)#router ospf 100

s2(config-router)# router-id 3.3.3.3

s2(config-router)# network 172.16.64.0 0.0.63.255 area 0

s2(config-router)# network 172.16.128.0
0.0.63.255 area 0

s2(config-router)# network 172.16.192.0
0.0.63.255 area 0

s2(config)#line vty 0 4

s2(config-line)#password 123

s2(config-line)#login local

二层交换机上

er1(config)#interface range
FastEthernet0/1-4

er1(config-if-range)# switchport access
vlan 2

er1(config-if-range)# switchport mode
access

er1(config)#interface Vlan2

er1(config-if)# ip address 172.16.128.21
255.255.192.0

er1(config)#line vty 0 4

er1(config-line)#password 123

er1(config-line)#login local

er2

er2(config)#vtp domain ccie

er2(config)#vtp mode client

er2(config)#interface Vlan2

er2(config-if)# ip address 172.16.128.22
255.255.192.0

er2(config)#interface Vlan3

er2(config-if)# ip address 172.16.192.22
255.255.192.0

er2(config)#line vty 0 4

er2(config-line)#password 123

er2(config-line)#login local

er3

er3(config)#interface range
FastEthernet0/1-4

er3(config-if-range)# switchport access
vlan 3

er3(config-if-range)# switchport mode
access

er3(config)#interface Vlan3

er3(config-if)# ip address 172.16.192.32
255.255.192.0

er3(config)#line vty 0 4

er3(config-line)#password 123

er3(config-line)#login local