本设计应用到的网络技术有:Vlan、链路聚合、VRRP+MSTP、VlanIf、DHCP、OSPF、NAT Service等,应用到的网络安全技术有:DHCP Snooping、ACL访问控制等.
整个网络拓扑图如下图所示:
网络架构采用的是熟知的三层架构:接入层、汇聚层、核心层.在这三层的基础上进行相应的网络技术拓展.
接入层的交换机分别命名为:JR-SW1——JR-SW5
汇聚层的交换机分别命名为:HJ-SW1——HJ-SW5
核心层的为:HX-SW1、HX-SW2
每一层进行不同的配置,下面核心代码的展示:
接入层交换机的部分代码展示:
#
sysname JR-SW1
#
vlan batch 10 20 30 40 50 100 200
#
interface Ethernet0/0/1
port link-type access
port default vlan 10
#
interface Ethernet0/0/10
port link-type trunk
port trunk allow-pass vlan 10 100
汇聚层的部分代码展示:
#
sysname HJ-SW1
#
vlan batch 10 20 30 40 50 100 200
#
stp region-configuration
region-name neibuwang
revision-level 1
instance 1 vlan 10 20 200
instance 2 vlan 30 40 50
active region-configuration
#
interface Ethernet0/0/2
port link-type trunk
port trunk allow-pass vlan 10 20 30 100
#
interface Ethernet0/0/3
port link-type trunk
port trunk allow-pass vlan 10 20 30 100
#
interface Ethernet0/0/10
port link-type trunk
port trunk allow-pass vlan 10 100
核心层交换机的代码展示:
#
sysname HX-SW1
#
vlan batch 10 20 30 40 50 100 200 300
#
stp instance 1 root primary
stp instance 2 root secondary
#
interface Vlanif10
ip address 192.168.10.254 255.255.255.0
vrrp vrid 10 virtual-ip 192.168.10.1
vrrp vrid 10 priority 105
vrrp vrid 10 track interface GigabitEthernet0/0/1
vrrp vrid 10 track bfd-session session-name 1
dhcp select relay
dhcp relay server-ip 192.168.200.3
#
interface Vlanif20
ip address 192.168.20.254 255.255.255.0
vrrp vrid 20 virtual-ip 192.168.20.1
vrrp vrid 20 priority 105
vrrp vrid 20 track interface GigabitEthernet0/0/2
vrrp vrid 20 track bfd-session session-name 1
dhcp select relay
dhcp relay server-ip 192.168.200.3
#
interface Vlanif30
ip address 192.168.30.254 255.255.255.0
vrrp vrid 30 virtual-ip 192.168.30.1
ospf cost 4
dhcp select relay
dhcp relay server-ip 192.168.200.3
#
interface Vlanif40
ip address 192.168.40.254 255.255.255.0
vrrp vrid 40 virtual-ip 192.168.40.1
ospf cost 4
dhcp select relay
dhcp relay server-ip 192.168.200.3
#
interface Vlanif50
ip address 192.168.50.254 255.255.255.0
vrrp vrid 50 virtual-ip 192.168.50.1
ospf cost 4
dhcp select relay
dhcp relay server-ip 192.168.200.3
#
interface Vlanif200
ip address 192.168.200.254 255.255.255.0
vrrp vrid 200 virtual-ip 192.168.200.1
vrrp vrid 200 priority 105
vrrp vrid 200 track interface GigabitEthernet0/0/7
vrrp vrid 200 track bfd-session session-name 1
#
interface Vlanif300
ip address 192.168.12.2 255.255.255.0
#
interface MEth0/0/1
#
interface Eth-Trunk1
port link-type trunk
port trunk allow-pass vlan 10 20 30 40 50 100 200
mode lacp-static
#
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 10 100
#
interface GigabitEthernet0/0/2
port link-type trunk
port trunk allow-pass vlan 20 100
#
interface GigabitEthernet0/0/3
port link-type trunk
port trunk allow-pass vlan 30 100
#
interface GigabitEthernet0/0/4
port link-type trunk
port trunk allow-pass vlan 40 100
#
interface GigabitEthernet0/0/5
port link-type trunk
port trunk allow-pass vlan 50 100
#
interface GigabitEthernet0/0/6
port link-type access
port default vlan 300
#
interface GigabitEthernet0/0/7
port link-type trunk
port trunk allow-pass vlan 100 200
#
interface GigabitEthernet0/0/10
eth-trunk 1
#
interface GigabitEthernet0/0/11
eth-trunk 1
#
bfd 1 bind peer-ip 192.168.12.1 source-ip 192.168.12.2 auto
commit
#
ospf 1
area 0.0.0.0
network 192.168.10.0 0.0.0.255
network 192.168.20.0 0.0.0.255
network 192.168.30.0 0.0.0.255
network 192.168.40.0 0.0.0.255
network 192.168.50.0 0.0.0.255
network 192.168.200.0 0.0.0.255
network 192.168.12.0 0.0.0.255
#
ip route-static 0.0.0.0 0.0.0.0 192.168.12.1
ip route-static 0.0.0.0 0.0.0.0 192.168.23.1 preference 65
路由器R1的部分代码配置:
#
sysname R1
#
bfd
#
acl number 2000
rule 5 permit
rule 10 permit source 192.168.0.0 0.0.255.255
acl number 2001
rule 5 permit source 192.168.0.0 0.0.255.255
#
acl number 3005
rule 5 permit ip source 192.168.20.0 0.0.0.255 destination 192.168.0.0 0.0.255.255
rule 10 deny ip source 192.168.20.0 0.0.0.255
#
interface Dialer1
link-protocol ppp
ppp pap local-user 2022 password simple 20220620
mtu 1492
ip address ppp-negotiate
dialer user 2022
dialer bundle 2
nat outbound 2001
#
interface GigabitEthernet0/0/0
ip address 192.168.12.1 255.255.255.0
traffic-filter inbound acl 3005
#
interface GigabitEthernet0/0/1
ip address 192.168.23.1 255.255.255.0
traffic-filter inbound acl 3005
#
interface GigabitEthernet0/0/2
ip address 14.1.1.1 255.255.255.0
#
interface GigabitEthernet2/0/0
ip address 15.1.1.1 255.255.255.0
#
interface GigabitEthernet3/0/0
pppoe-client dial-bundle-number 2
#
interface GigabitEthernet4/0/0
ip address 13.1.1.1 255.255.255.0
nat server protocol tcp global current-interface www inside 192.168.200.2 www
nat outbound 2000
#
interface NULL0
#
bfd 1 bind peer-ip 192.168.12.2 source-ip 192.168.12.1 auto
commit
#
bfd 2 bind peer-ip 192.168.23.2 source-ip 192.168.23.1 auto
commit
#
ospf 1
area 0.0.0.0
network 14.1.1.0 0.0.0.255
network 15.1.1.0 0.0.0.255
network 192.168.12.0 0.0.0.255
network 192.168.23.0 0.0.0.255
#
ip route-static 0.0.0.0 0.0.0.0 13.1.1.2
ip route-static 0.0.0.0 0.0.0.0 Dialer1 preference 86