项目场景:
1000人规模网络设计冗余型_ENSP
要求:
1 配置vlan trunk 两台核心之间配置链路捆绑
2 配置MSTP+VRRP 实现流量负载分担同时实现冗余,并
配置相关stp优化技术加快stp收敛,并减少stp震荡
3 配置OSPF和静态实现三层路由,确保分支可以访问总部
4 所有用户采用动态获取ip地址,并配置相关dhcp安全技术
5 联通作为主出口 电信PPPOE作为备份出口
6 禁止vlan5 用户访问外网
7 将server 200.2 80端口映射成联通公网地址
8 所有交换机都可以被远程telnet (hcie 123)
9 出口链路正常时,vlan3 使用电信PPPOE上网
实搭拓扑图:
具体操作:
基础配置略
①Vlan Trunk Eth-trunk 底层配置:
sw1:
[SW1]int Eth-Trunk 2
[SW1-Eth-Trunk2]mode lacp-static
[SW1-Eth-Trunk2]trunkport GigabitEthernet 0/0/2
[SW1-Eth-Trunk2]trunkport GigabitEthernet 0/0/3
[HX_SW1]vlan batch 2 to 5 200 800 999
[HX_SW1]int g0/0/5
[HX_SW1-GigabitEthernet0/0/5]po li tr
[HX_SW1-GigabitEthernet0/0/5]po tr al vl 200 999
[HX_SW1]int g0/0/1
[HX_SW1-GigabitEthernet0/0/1]po li tr
[HX_SW1-GigabitEthernet0/0/1]po tr al vl 2 3 999
[HX_SW1-GigabitEthernet0/0/1]int g0/0/4
[HX_SW1-GigabitEthernet0/0/4]po li tr
[HX_SW1-GigabitEthernet0/0/4]po tr al vl 4 5 999
[HX_SW1]int Eth-Trunk 1
[HX_SW1-Eth-Trunk1]po li tr
[HX_SW1-Eth-Trunk1]po tr al vl 2 to 5 200 999
[HX_SW1]int gi0/0/6
[HX_SW1-GigabitEthernet0/0/6]po li ac
[HX_SW1-GigabitEthernet0/0/6]po de vl 800
sw2:
[HX_SW2]int Eth-Trunk 2
[HX_SW2-Eth-Trunk2]mode lacp-static
[HX_SW2-Eth-Trunk2]trunkport GigabitEthernet 0/0/1
[HX_SW2-Eth-Trunk2]trunkport GigabitEthernet 0/0/2
[HX_SW2]vlan batch 2 to 5 200 801 999
[HX_SW2]int g0/0/4
[HX_SW2-GigabitEthernet0/0/4]po li tr
[HX_SW2-GigabitEthernet0/0/4]po tr al vl 4 5 999
[HX_SW2-GigabitEthernet0/0/4]int g0/0/5
[HX_SW2-GigabitEthernet0/0/5]po li tr
[HX_SW2-GigabitEthernet0/0/5]po tr al vl 2 3 999
[HX_SW2]int Eth-Trunk 2
[HX_SW2-Eth-Trunk2]po li tr
[HX_SW2-Eth-Trunk2]po tr al vl 2 3 4 5 200 999
[HX_SW2-Eth-Trunk2]int g0/0/3
[HX_SW2-GigabitEthernet0/0/3]po li tr
[HX_SW2-GigabitEthernet0/0/3]po tr al vl 200 999
[HX_SW2-GigabitEthernet0/0/3]int g0/0/6
[HX_SW2-GigabitEthernet0/0/6]po li ac
[HX_SW2-GigabitEthernet0/0/6]po de vl 801
sw3:
[HJ_SW3]int Eth-Trunk 1
[HJ_SW3-Eth-Trunk1]mode lacp-static
[HJ_SW3-Eth-Trunk1]trunkport Ethernet 0/0/4
[HJ_SW3-Eth-Trunk1]trunkport Ethernet 0/0/5
[HJ_SW3]vlan batch 2 to 5 999
[HJ_SW3]int e0/0/3
[HJ_SW3-Ethernet0/0/3]po li tr
[HJ_SW3-Ethernet0/0/3]po tr al vl 2 999
[HJ_SW3]int Eth-Trunk 1
[HJ_SW3-Eth-Trunk1]po li tr
[HJ_SW3-Eth-Trunk1]po tr al vl 3 999
[HJ_SW3]port-group group-member Ethernet0/0/1 Ethernet0/0/2
[HJ_SW3-port-group]po li tr
[HJ_SW3-port-group]po tr al vl 2 to 3 999
sw4:
[HJ_SW4]int e0/0/3
[HJ_SW4]vlan batch 2 3 4 5 999
[HJ_SW4]int e0/0/3
[HJ_SW4-Ethernet0/0/3]po li tr
[HJ_SW4-Ethernet0/0/3]po tr al vl 4 5 999
[HJ_SW4]port-g g eth0/0/1 Ethernet 0/0/2
[HJ_SW4-port-group]po li tr
[HJ_SW4-port-group]po tr al vl 4 to 5 999
sw5:
[JR_SW5]vlan batch 2 3 4 5 999
[JR_SW5]int e0/0/2
[JR_SW5-Ethernet0/0/2]po li ac
[JR_SW5-Ethernet0/0/2]po de vl 2
[JR_SW5-Ethernet0/0/2]int e0/0/1
[JR_SW5-Ethernet0/0/1]po li tr
[JR_SW5-Ethernet0/0/1]port trunk allow-pass vlan 2 999
sw6:
[JR_SW6]int Eth-Trunk 1
[JR_SW6-Eth-Trunk1]mode lacp-static
[JR_SW6-Eth-Trunk1]trunkport Ethernet 0/0/1
[JR_SW6-Eth-Trunk1]trunkport Ethernet 0/0/3
sw7:
[JR_SW7]vlan batch 2 to 5 999
[JR_SW7]int e0/0/2
[JR_SW7-Ethernet0/0/2]po li ac
[JR_SW7-Ethernet0/0/2]po de vl 4
[JR_SW7-Ethernet0/0/2]int e0/0/3
[JR_SW7-Ethernet0/0/3]po li ac
[JR_SW7-Ethernet0/0/3]po de vl 5
[JR_SW7-Ethernet0/0/3]int e0/0/1
[JR_SW7-Ethernet0/0/1]po li tr
[JR_SW7-Ethernet0/0/1]port trunk allow-pass vlan 4 5 999
sw8:
[SW8]vlan batch 2 to 5 200 999
[SW8]int e0/0/3
[SW8-Ethernet0/0/3]po li ac
[SW8-Ethernet0/0/3] po de vl 200
[SW8-Ethernet0/0/3]int e0/0/4
[SW8-Ethernet0/0/4]po li ac
[SW8-Ethernet0/0/4] po de vl 200
[SW8]port-g g Ethernet 0/0/1 Ethernet 0/0/2
[SW8-port-group]po li tr
[SW8-port-group]po tr al vl 200 999
②MSTP配置:
sw1\sw2(\sw3\sw4\sw8配到第6行):
[HX_SW1]stp region-configuration
[HX_SW1-mst-region]region-name aa
[HX_SW1-mst-region]revision-level 1
[HX_SW1-mst-region]instance 1 vlan 2 3 200
[HX_SW1-mst-region]instance 2 vlan 4 5
[HX_SW1-mst-region]active region-configuration
[HX_SW1]stp instance 1 root primary
[HX_SW1]stp instance 2 root secondary
③VRRP配置:
SW1:
[HX_SW1]int Vlanif 2
[HX_SW1-Vlanif2]ip add 192.168.2.254 24
[HX_SW1-Vlanif2]vrrp vrid 2 virtual-ip 192.168.2.1
[HX_SW1-Vlanif2]vrrp vrid 2 priority 105
[HX_SW1-Vlanif2]int vlanif 3
[HX_SW1-Vlanif3]ip add 192.168.3.254 24
[HX_SW1-Vlanif3]vrrp vrid 3 virtual-ip 192.168.3.1
[HX_SW1-Vlanif3]vrrp vrid 3 priority 105
[HX_SW1]int vlan 200
[HX_SW1-Vlanif200]ip add 192.168.200.254 24
[HX_SW1-Vlanif200]vrrp vrid 200 virtual-ip 192.168.200.1
[HX_SW1-Vlanif200]vrrp vrid 200 priority 105
[HX_SW1]int Vlanif 4
[HX_SW1-Vlanif4]ip add 192.168.4.254 24
[HX_SW1-Vlanif4]vrrp vrid 4 virtual-ip 192.168.4.1
[HX_SW1-Vlanif4]int vlan 5
[HX_SW1-Vlanif5]ip add 192.168.5.254 24
[HX_SW1-Vlanif5]vrrp vrid 5 virtual-ip 192.168.5.1
[HX_SW1]int Vlanif 800
[HX_SW1-Vlanif800]ip add 192.168.12.2 24
sw2:
[HX_SW2]int Vlanif 4
[HX_SW2-Vlanif4]ip add 192.168.4.253 24
[HX_SW2-Vlanif4]vrrp vrid 4 virtual-ip 192.168.4.1
[HX_SW2-Vlanif4]vrrp vrid 4 priority 105
[HX_SW2]int Vlanif 5
[HX_SW2-Vlanif5]ip add 192.168.5.253 24
[HX_SW2-Vlanif5]vrrp vrid 5 virtual-ip 192.168.5.1
[HX_SW2-Vlanif5]vrrp vrid 5 priority 105
[HX_SW2]int Vlanif 2
[HX_SW2-Vlanif2]ip add 192.168.2.253 24
[HX_SW2-Vlanif2]vrrp vrid 2 virtual-ip 192.168.2.1
[HX_SW2-Vlanif2]int vlanif 3
[HX_SW2-Vlanif3]ip add 192.168.3.253 24
[HX_SW2-Vlanif3]vrrp vrid 3 virtual-ip 192.168.3.1
[HX_SW2-Vlanif3]int vlanif 200
[HX_SW2-Vlanif200]ip add 192.168.200.253 24
[HX_SW2-Vlanif200]vrrp vrid 200 virtual-ip 192.168.200.1.
[HX_SW2]int Vlanif 801
[HX_SW2-Vlanif801]ip add 192.168.23.2 24
④BFD配置:
核心与出口之间
sw1:
[HX_SW1]bfd
[HX_SW1-bfd]q
[HX_SW1]bfd bb bind peer-ip 192.168.12.1 source-ip 192.168.12.2 auto
[HX_SW1-bfd-session-bb]commit
***===track上下线路:===***
[HX_SW1]int Vlanif 2
[HX_SW1-Vlanif2]vrrp vrid 2 track bfd-session session-name bb
[HX_SW1-Vlanif2]vrrp vrid 2 track interface GigabitEthernet 0/0/1
[HX_SW1]int Vlanif 3
[HX_SW1-Vlanif3]vrrp vrid 3 track bfd-session session-name bb
[HX_SW1-Vlanif3]vrrp vrid 3 track interface GigabitEthernet 0/0/1
[HX_SW1]int Vlanif 200
[HX_SW1-Vlanif200]vrrp vrid 200 track bfd-session session-name bb
[HX_SW1-Vlanif200]vrrp vrid 200 track interface GigabitEthernet 0/0/5
R1:
[R1]bfd
[R1-bfd]q
[R1]int gi0/0/0
[R1-GigabitEthernet0/0/0]ip add 192.168.12.1 24
[R1]bfd bb bind peer-ip 192.168.12.2 source-ip 192.168.12.1 auto
[R1]bfd cc bind peer-ip 192.168.23.2 source-ip 192.168.23.1 auto
[R1-bfd-session-bb]commit
SW2:
[HX_SW2]bfd
[HX_SW2-bfd]q
[HX_SW2]bfd cc bind peer-ip 192.168.23.1 source-ip 192.168.23.2 auto
[HX_SW2-bfd-session-cc]commit
[HX_SW2]int Vlanif 4
[HX_SW2-Vlanif4]vrrp vrid 4 track bfd-session session-name cc
[HX_SW2-Vlanif4]vrrp vrid 4 track interface GigabitEthernet 0/0/4
[HX_SW2]int Vlanif 5
[HX_SW2-Vlanif4]vrrp vrid 5 track bfd-session session-name cc
[HX_SW2-Vlanif4]vrrp vrid 5 track interface GigabitEthernet 0/0/4
⑤OSPF 、NAT配置:
sw1:
[HX_SW1]ospf 1
[HX_SW1-ospf-1]area 0
[HX_SW1-ospf-1-area-0.0.0.0]network 192.168.2.0 0.0.0.255
[HX_SW1-ospf-1-area-0.0.0.0]network 192.168.3.0 0.0.0.255
[HX_SW1-ospf-1-area-0.0.0.0]network 192.168.4.0 0.0.0.255
[HX_SW1-ospf-1-area-0.0.0.0]network 192.168.5.0 0.0.0.255t
[HX_SW1-ospf-1-area-0.0.0.0]network 192.168.200.0 0.0.0.255
[HX_SW1-ospf-1-area-0.0.0.0]network 192.168.12.0 0.0.0.255
[HX_SW1]ip route-static 0.0.0.0 0 192.168.12.1
[HX_SW1]ip route-static 0.0.0.0 0 192.168.23.1 preference 65 #备
使vlan4 5 的数据不走sw1:
ospf cost 值调整;尽可能保证来回路径一致且最短
[HX_SW1]int Vlanif 4
[HX_SW1-Vlanif4]ospf cost 4
[HX_SW1-Vlanif4]int vlanif 5
[HX_SW1-Vlanif5]ospf cost 4
sw2:
[HX_SW2]ospf 1
[HX_SW2-ospf-1]area 0
[HX_SW2-ospf-1-area-0.0.0.0]network 192.168.2.0 0.0.0.255
[HX_SW2-ospf-1-area-0.0.0.0]network 192.168.3.0 0.0.0.255
[HX_SW2-ospf-1-area-0.0.0.0]network 192.168.4.0 0.0.0.255
[HX_SW2-ospf-1-area-0.0.0.0]network 192.168.5.0 0.0.0.255
[HX_SW2-ospf-1-area-0.0.0.0]network 192.168.200.0 0.0.0.255
[HX_SW2-ospf-1-area-0.0.0.0]network 192.168.23.0 0.0.0.255
[HX_SW2]ip route-static 0.0.0.0 0 192.168.23.1
[HX_SW2]ip route-static 0.0.0.0 0 192.168.12.1 preference 65
使vlan2 3 200的数据不走sw2:
ospf cost 值调整;尽可能保证来回路径一致且最短
[HX_SW2]int Vlanif 2
[HX_SW2-Vlanif2]ospf cost 4
[HX_SW2-Vlanif2]int vlanif 3
[HX_SW2-Vlanif3]ospf cost 4
[HX_SW2-Vlanif3]int vlanif 200
[HX_SW2-Vlanif200]ospf cost 4
R1:
[R1]ospf 1
[R1-ospf-1]area 0
[R1-ospf-1-area-0.0.0.0]network 192.168.12.0 0.0.0.255
[R1-ospf-1-area-0.0.0.0]network 192.168.23.0 0.0.0.255
[R1-ospf-1-area-0.0.0.0]network 14.1.1.0 0.0.0.255
[R1]ip route-static 0.0.0.0 0 13.1.1.2
[R1]acl 2000
[R1-acl-basic-2000]rule permit source 192.168.0.0 0.0.255.255
[R1]int gi1/0/0
[R1-GigabitEthernet1/0/0]nat outbound 2000
R4:
[FZ_R4]ospf 1
[FZ_R4-ospf-1]area 0
[FZ_R4-ospf-1-area-0.0.0.0]network 14.1.1.0 0.0.0.255
[FZ_R4-ospf-1-area-0.0.0.0]network 192.168.100.0 0.0.0.255
(用rip模拟运营商网络的配置):
R5:**********************
[R5]int e0/0/0
[R5-Ethernet0/0/0]ip add 25.1.1.5 24
[R5-Ethernet0/0/0]int e0/0/1
[R5-Ethernet0/0/1]ip add 35.1.1.5 24
[R5]int LoopBack 1
[R5-LoopBack1]ip add 5.5.5.5 24
[R5]rip 1
[R5-rip-1]version 2
[R5-rip-1]network 25.0.0.0
[R5-rip-1]network 35.0.0.0
[R5-rip-1]network 5.0.0.0
R3:**************************
[LT_R3]int e0/0/0
[LT_R3-Ethernet0/0/0]ip add 13.1.1.2 24
[LT_R3]int e0/0/1
[LT_R3-Ethernet0/0/1]ip add 35.1.1.3 24
[LT_R3]rip 1
[LT_R3-rip-1]version 2
[LT_R3-rip-1]network 13.0.0.0
[LT_R3-rip-1]network 35.0.0.0
R2:***************************
[DX_R2]int g0/0/1
[DX_R2-GigabitEthernet0/0/1]ip add 25.1.1.2 24
[DX_R2]rip 1
[DX_R2-rip-1]version 2
[DX_R2-rip-1]network 12.0.0.0
[DX_R2-rip-1]network 25.0.0.0
⑥DHCP 配置:
reset ip pool name vlan3 used 清除已分配地址
dis ip pool name vlan2 used 查看名为vlan2的地址池已分配地址
dhcp server:
[DHCP]dhcp enable
[DHCP]ip pool vlan2
[DHCP-ip-pool-vlan2]network 192.168.2.0 mask 24
[DHCP-ip-pool-vlan2]gateway-list 192.168.2.1
[DHCP-ip-pool-vlan2]dns-list 114.114.114.114 8.8.8.8
[DHCP]ip pool vlan3
[DHCP-ip-pool-vlan3] gateway-list 192.168.3.1
[DHCP-ip-pool-vlan3] network 192.168.3.0 mask 255.255.255.0
[DHCP-ip-pool-vlan3] dns-list 114.114.114.114 8.8.8.8
[DHCP-ip-pool-vlan3]ip pool vlan4
[DHCP-ip-pool-vlan4] gateway-list 192.168.4.1
[DHCP-ip-pool-vlan4] network 192.168.4.0 mask 255.255.255.0
[DHCP-ip-pool-vlan4] dns-list 114.114.114.114 8.8.8.8
[DHCP-ip-pool-vlan4]ip pool vlan5
[DHCP-ip-pool-vlan5] gateway-list 192.168.5.1
[DHCP-ip-pool-vlan5] network 192.168.5.0 mask 255.255.255.0
[DHCP-ip-pool-vlan5] dns-list 114.114.114.114 8.8.8.8
应用:
[DHCP]int e0/0/0
[DHCP-Ethernet0/0/0]dhcp select global
排除地址:
[DHCP]ip pool vlan2
[DHCP-ip-pool-vlan2]excluded-ip-address 192.168.2.249 192.168.2.254
[DHCP-ip-pool-vlan2]ip pool vlan3
[DHCP-ip-pool-vlan3]excluded-ip-address 192.168.3.249 192.168.3.254
[DHCP-ip-pool-vlan3]ip pool vlan4
[DHCP-ip-pool-vlan4]excluded-ip-address 192.168.4.249 192.168.4.254
[DHCP-ip-pool-vlan4]ip pool vlan5
[DHCP-ip-pool-vlan5]excluded-ip-address 192.168.5.249 192.168.5.25
sw1:
[HX_SW1]dhcp enable
[HX_SW1]int Vlanif 2
[HX_SW1-Vlanif2]dhcp select relay
[HX_SW1-Vlanif2]dhcp relay server-ip 192.168.200.3
[HX_SW1-Vlanif2]int vlanif 3
[HX_SW1-Vlanif3]dhcp select relay
[HX_SW1-Vlanif3]dhcp relay server-ip 192.168.200.3
[HX_SW1-Vlanif3]int vlanif 4
[HX_SW1-Vlanif4]dhcp select relay
[HX_SW1-Vlanif4]dhcp relay server-ip 192.168.200.3
[HX_SW1-Vlanif4]int vlanif 5
[HX_SW1-Vlanif5]dhcp select relay
[HX_SW1-Vlanif5]dhcp relay server-ip 192.168.200.3
sw2:
[HX_SW2]dhcp enable
[HX_SW2]int vlanif 2
[HX_SW2-Vlanif2]dhcp select relay
[HX_SW2-Vlanif2]dhcp relay server-ip 192.168.200.3
[HX_SW2-Vlanif2]int vlanif 3
[HX_SW2-Vlanif3]dhcp select relay
[HX_SW2-Vlanif3]dhcp relay server-ip 192.168.200.3
[HX_SW2-Vlanif3]int vlanif 4
[HX_SW2-Vlanif4]dhcp select relay
[HX_SW2-Vlanif4]dhcp relay server-ip 192.168.200.3
[HX_SW2-Vlanif4]int vlanif 5
[HX_SW2-Vlanif5]dhcp select relay
[HX_SW2-Vlanif5]dhcp relay server-ip 192.168.200.3
dhcp snooping安全配置:
让交换机只从信任端口获取dhcp address给主机
sw5【sw6,sw7(接入层)同理】:
[JR_SW5]dhcp enable
[JR_SW5]dhcp snooping enable
[JR_SW5]vlan 2
[JR_SW5-vlan2]dhcp snooping enable
[JR_SW5-vlan2]int e0/0/1
[JR_SW5-Ethernet0/0/1]dhcp snooping trusted
⑦PPPOE配置:
R1:
[R1]acl 2001
[R1-acl-basic-2001]rule permit source 192.168.0.0 0.0.255.255
[R1-acl-basic-2001]int dialer 1
[R1-Dialer1]link-protocol ppp
[R1-Dialer1]ip address ppp-negotiate
[R1-Dialer1]ppp pap local-user 0531 password simple 123456
[R1-Dialer1]dialer user 0531
[R1-Dialer1]dialer-group
[R1-Dialer1]dialer bundle 2
[R1-Dialer1]nat outbound 2001
[R1-Dialer1]int gi0/0/2
[R1-GigabitEthernet0/0/2]pppoe-client dial-bundle-number 2
[R1]ip route-static 0.0.0.0 0 Dialer 1 preference 85 #备份链路pppoe
[R1]int Dialer 1
[R1-Dialer1]mtu 1492
R2:
[DX_R2]ip pool pool1
[DX_R2-ip-pool-pool1]network 12.1.1.0 mask 24
[DX_R2-ip-pool-pool1]gateway-list 12.1.1.2
[DX_R2]aaa
[DX_R2-aaa]local-user 0531 password cipher 123456
[DX_R2-aaa]local-user 0531 service-type ppp
[DX_R2-aaa]int gi0/0/0
[DX_R2-GigabitEthernet0/0/0]undo ip add
[DX_R2]int Virtual-Template 1
[DX_R2-Virtual-Template1]ppp authentication-mode pap
[DX_R2-Virtual-Template1]remote address pool pool1
[DX_R2-Virtual-Template1]ip address 12.1.1.2 24
[DX_R2]int gi0/0/0
[DX_R2-GigabitEthernet0/0/0]pppoe-server bind virtual-template 1
⑧出口路由配置:
(已配置)pppoe为备份链路。到联通为主链路。
R1:
ip route-static 0.0.0.0 0.0.0.0 13.1.1.2
ip route-static 0.0.0.0 0.0.0.0 Dialer1 preference 85
⑨NAT server 配置:
将server 200.2 80端口映射成联通公网地址
R1:
[R1]int gi 1/0/0
[R1-GigabitEthernet1/0/0]nat server protocol tcp global current-interface 80 inside 192.168.200.2 80
⑩ACL配置:
禁止vlan5 用户访问外网
R1:
[R1]acl 3005
[R1-acl-adv-3005]rule permit ip source 192.168.5.0 0.0.0.255 destination 192.168.0.0 0.0.255.255
[R1-acl-adv-3005]rule deny ip source 192.168.5.0 0.0.0.255
[R1-acl-adv-3005]int gi0/0/1
[R1-GigabitEthernet0/0/1]traffic-filter inbound acl 3005
[R1-GigabitEthernet0/0/1]int gi0/0/0
[R1-GigabitEthernet0/0/0]traffic-filter inbound acl 3005
⑪ 策略路由配置(模拟器不生效):
出口链路正常时,vlan3 使用电信PPPOE上网
R1:
[R1]acl 3008
[R1-acl-adv-3008]rule deny ip source 192.168.3.0 0.0.0.255 destination 192.168.0.0 0.0.255.255 #这部分流量不走策略路由
[R1-acl-adv-3008]rule permit ip source 192.168.3.0 0.0.0.255 #剩下的走策略转发
[R1]traffic classifier vlan_3 #分类
[R1-classifier-vlan_3]if-match acl 3008
[R1]traffic behavior vlan_3 #动作
[R1-behavior-vlan_3]redirect interface Dialer 1 #重定向到拨号接口
[R1]traffic policy aa #定义一个策略aa
[R1-trafficpolicy-aa]classifier vlan_3 behavior vlan_3 #关联动作和分类
[R1]int gi0/0/0 #调用策略在入方向
[R1-GigabitEthernet0/0/0]traffic-policy aa inbound
[R1-GigabitEthernet0/0/0]int gi0/0/1
[R1-GigabitEthernet0/0/1]traffic-policy aa inbound
bug1:可以配置但不生效策略路由匹配Dialer口不支持
traffic behavior VLAN_3
redirect interface Dialer1
bug2︰路由器不请求下─跳的mac地址
traffic behavior VLAN_3
redirect ip-nexthop 13.1.1.2
如果想生效需要确保13.1.1.2的mac地址在本台路由器的arp 缓存表。
⑫ Telnet配置:
所有交换机都可以被远程telnet (hcie 123)
所有设备:
[HX_SW1]aaa
[HX_SW1-aaa]local-user hcie privilege level 3 password cipher 123
[HX_SW1-aaa]local-user hcie service-type telnet
[HX_SW1]user-interface vty 0 4
[HX_SW1-ui-vty0-4]authentication-mode aaa
[HX_SW1-ui-vty0-4]protocol inbound telnet
sw1:
[HX_SW1]int Vlanif 999
[HX_SW1-Vlanif999]ip add 192.168.255.254 24
[HX_SW1-Vlanif999]vrrp vrid 255 virtual-ip 192.168.255.1
sw2:
[HX_SW2]int vlanif 999
[HX_SW2-Vlanif999]ip add 192.168.255.253 24
[HX_SW2-Vlanif999]vrrp vrid 255 virtual-ip 192.168.255.1
sw3:
[HJ_SW3]vlan 999
[HJ_SW3-vlan999]int vlanif 999
[HJ_SW3-Vlanif999]ip add 192.168.253.3 24
[HJ_SW3]ip route-static 0.0.0.0 0 192.168.255.1 #回管理的包用
sw4:
[HJ_SW4]vlan 999
[HJ_SW4-vlan999]int vlanif 999
[HJ_SW4-Vlanif999]ip add 192.168.255.4 24
[HJ_SW4]ip route-static 0.0.0.0 0 192.168.255.1
sw5:
[JR_SW5]int vlanif 999
[JR_SW5-Vlanif999]ip add 192.168.255.5 24
[JR_SW5]ip route-static 0.0.0.0 0 192.168.255.1
sw6:
[JR_SW6]int vlanif 999
[JR_SW6-Vlanif999]ip add 192.168.255.6 24
[JR_SW6]ip route-static 0.0.0.0 0 192.168.255.1
sw7:
[JR_SW7]int vlanif 999
[JR_SW7-Vlanif999]ip add 192.168.255.7 24
[JR_SW7]ip route-static 0.0.0.0 0 192.168.255.1
sw8:
[JR_SW8]int vlanif 999
[JR_SW8-Vlanif999]ip add 192.168.255.8 24
[JR_SW8]ip route-static 0.0.0.0 0 192.168.255.1
可选:
配置相关stp优化技术加快stp收敛,并减少stp震荡:
- 所有接入交换机接用户口打边缘端口:
[JR_SW5]int e0/0/2
[JR_SW5-Ethernet0/0/2]stp edged-port enable
- sw1.sw2上联口取消stp功能:
[HX_SW1]int gi 0/0/6
[HX_SW1-GigabitEthernet0/0/6]stp disable
- 给捆绑接口配置静态的cost开销
[HX_SW1]int Eth-Trunk 2
[HX_SW1-Eth-Trunk2]stp instance 1 cost 10000
[HX_SW1-Eth-Trunk2]stp instance 2 cost 10000
1738
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
