企业项目拓扑2

某企业骨干网络拓扑如下图所示：

企业网络要求如下：

实验要求： 1.SW1为vlan 10的主网关，vlan 20的备份网关； 2.SW2为vlan 20的主网关，vlan 10的备份网关； 3.DHCP服务器在vlan 66，网关在SW2上面； 4.PC1、PC2自动获取ip地址且可以互相ping通； 5.企业内网运行OSPF协议； 6.仅允许Client1所在网络可以访问Server1服务器； 7.企业内网设备仅允许被DHCP服务器远程管理； 8.外网R2可以远程管理DHCP服务器。

第一步：配置基本网络；

SW1配置如下 sysname SW1 vlan batch 10 20 66 100 interface GigabitEthernet0/0/1 port link-type access port default vlan 10 interface GigabitEthernet0/0/2 port link-type access port default vlan 10 interface GigabitEthernet0/0/3 port link-type access port default vlan 100 interface GigabitEthernet0/0/10 port link-type trunk port trunk allow-pass vlan all interface Vlanif10 ip address 192.168.10.251 255.255.255.0 interface Vlanif20 ip address 192.168.20.251 255.255.255.0 interface Vlanif100 ip address 192.168.100.2 255.255.255.0 SW2配置如下 sysname SW2 vlan batch 10 20 66 200 interface GigabitEthernet0/0/1 port link-type access port default vlan 20 interface GigabitEthernet0/0/3 port link-type access port default vlan 200 interface GigabitEthernet0/0/10 port link-type trunk port trunk allow-pass vlan all interface GigabitEthernet0/0/11 port link-type access port default vlan 66 interface Vlanif10 ip address 192.168.10.252 255.255.255.0 interface Vlanif20 ip address 192.168.20.252 255.255.255.0 interface Vlanif66 ip address 192.168.66.1 255.255.255.0 interface Vlanif200 ip address 192.168.200.2 255.255.255.0 DHCP配置如下 sysname DHCP interface GigabitEthernet0/0/0 ip address 192.168.66.2 255.255.255.0 R1配置如下 sysname R1 interface g0/0/0 ip address 100.1.1.2 24 interface g0/0/1 ip address 192.168.100.1 24 interface g0/0/2 ip address 192.168.200.1 24 R2配置如下 sysname R2 interface g0/0/0 ip address 100.1.1.1 24 interface g0/0/1 ip address 200.1.1.254 24

第二步：配置企业内网OSPF;

OSPF配置： R1配置如下 ip route-static 0.0.0.0 0.0.0.0 100.1.1.1 ospf 1 default-route-advertise always area 0 network 192.168.100.0 0.0.0.255 network 192.168.200.0 0.0.0.255 SW1配置如下 ospf 1 area 0 network 192.168.10.0 0.0.0.255 network 192.168.20.0 0.0.0.255 network 192.168.100.0 0.0.0.255 SW2配置如下 ospf 1 area 0 network 192.168.10.0 0.0.0.255 network 192.168.20.0 0.0.0.255 network 192.168.66.0 0.0.0.255 network 192.168.200.0 0.0.0.255 DHCP配置如下 ospf 1 area 0 network 192.168.66.0 0.0.0.255

第三步：配置VRRP;

SW1配置 interface Vlanif10 vrrp vrid 10 virtual-ip 192.168.10.250 vrrp vrid 10 priority 200 interface Vlanif20 vrrp vrid 20 virtual-ip 192.168.20.250 SW2配置 interface Vlanif10 vrrp vrid 10 virtual-ip 192.168.10.250 interface Vlanif20 vrrp vrid 20 virtual-ip 192.168.20.250 vrrp vrid 20 priority 200

第四步：DHCP配置 DHCP配置 dhcp enable interface GigabitEthernet0/0/0 dhcp select global ip pool p1 gateway-list 192.168.10.250 network 192.168.10.0 mask 255.255.255.0 dns-list 8.8.8.8 ip pool p2 gateway-list 192.168.20.250 network 192.168.20.0 mask 255.255.255.0 dns-list 8.8.8.8 SW1配置 dhcp enable interface Vlanif10 dhcp select relay dhcp relay server-ip 192.168.66.2 interface Vlanif20 dhcp select relay dhcp relay server-ip 192.168.66.2 SW2配置 dhcp enable interface Vlanif10 dhcp select relay dhcp relay server-ip 192.168.66.2 interface Vlanif20 dhcp select relay dhcp relay server-ip 192.168.66.2

第五步：配置PAT和远程管理；

R1配置如下： acl 2000 rule 10 permit source 192.168.10.0 0.0.0.255 quit interface GigabitEthernet0/0/0 nat outbound 2000 nat server protocol tcp global 100.1.1.2 8080 inside 192.168.66.1 telnet quit acl number 3000
rule 10 permit tcp source 192.168.66.2 0 destination-port eq telnet user-interface vty 0 4 acl 3000 inbound authentication-mode password 123

最后，进行项目验证，完成！