目录
1、项目背景
XX公司总部位于北京,在上海和深圳分别设有研究所与办事处,通过组建网络将三地连接起来:北京总部有员工100人,一级部门四个(划分Vlan,IP地址规划),服务器2台,服务器与交换机做链路聚合,总部路由协议使用ospf;深圳办事处有员工30人,上海研究所有员工40人,办事处与研究所不分部门,采用DHCP分配IP地址;总部与分支机构之间使用SDH线路连接,其中总部与深圳之间使用2M线路(ppp+chap),总部与上海之间使用2条2M线路(帧中继+路由备份)。
2、网络建设目标
- 网络带宽升级,达到千兆骨干,百兆到桌面
- 增强网络的可靠性及可用性
- 网络要易于管理、升级和扩展
- 确保内网安全及同办事处之间交互数据的安全
3、拓扑规划
4、LAN规划(各部门局域网规划)
- 总部按部门划分VLAN
- 人事行政及财务/商务划为一个VLAN:VLAN 10
- 产品研发部划为一个VLAN:VLAN 20
- 技术支持部划为一个VLAN:VLAN 30
- 服务器区划为一个VLAN:VLAN 40
- 分支机构不划分VLAN
- 每个分支机构单独使用一个C类地址
- 254作为网关
- 总部及分支机构全部使用DHCP分配IP地址
| 部门 | VLAN | IP网段/子网 |
| 北京总部第1部门 | vlan 10 | 192.168.10.0/24 |
| 北京总部第2部门 | vlan 20 | 192.168.20.0/24 |
| 北京总部第3部门 | vlan 30 | 192.168.30.0/24 |
| 北京总部第4部门(服务器) | vlan 40 | 192.168.40.0/24 |
| 深圳办事处 | —— | 192.168.50.0/24 |
| 上海研究所 | —— | 192.168.60.0/24 |
| 其它路由区域(广域网) | —— | 192.168.1.0/24 192.168.2.0/24 192.168.3.0/24 192.168.4.0/24 |
5、网络设备选型和命名
① 北京总部:
核心交换机 选型:S5700-28C-HI 命名:BJ-S5700-LSW1
服务器区交换机 选型:S3700-26C-HI 命名:BJ-S3700-LSW2
接入交换机 选型:S3700-26C-HI 命名:BJ-S3700-LSW3、LSW4、LSW5
互连及出口路由器 选型:AR2240 命名:BJ-AR2240-AR1
② 深圳办事处:
互连路由器 选型:AR1220 命名:SZ-AR1220-AR2
接入交换机 选型:S3700-26C-HI 命名:SZ-S3700-LSW6
③ 上海研究所:
互连路由器 选型:AR1220 命名:SH-AR1220-AR3
接入交换机 选型:S3700-26C-HI 命名:SH-S3700-LSW7
6、路由规划
7、配置
首先给交换机和路由器配置命名(这里以LSW1为例):
具体配置:
分别将LSW1和LSW2的g0/0/1和g0/0/2配置为一个链路聚合口:
========================================================
[BJ-S5700-LSW1]interface Eth-Trunk 12
[BJ-S5700-LSW1-Eth-Trunk12]trunkport g0/0/1
[BJ-S5700-LSW1-Eth-Trunk12]trunkport g0/0/2
========================================================
[BJ-S3700-LSW2]interface Eth-Trunk 12
[BJ-S3700-LSW2-Eth-Trunk12]trunkport g0/0/1
[BJ-S3700-LSW2-Eth-Trunk12]trunkport g0/0/2
========================================================
在三层交换机LSW1上划分vlan,并给相应的vlanif虚拟口配置ip地址:
========================================================
========================================================
划分端口VLAN,配置VLANIF的IP地址(即网关)
[BJ-S5700-LSW1]vlan batch 10 20 30 40
Info: This operation may take a few seconds. Please wait for a moment...done.
[BJ-S5700-LSW1]int g0/0/3
[BJ-S5700-LSW1-GigabitEthernet0/0/3]port link-type access
[BJ-S5700-LSW1-GigabitEthernet0/0/3]port default vlan 10
[BJ-S5700-LSW1-GigabitEthernet0/0/3]int g0/0/4
[BJ-S5700-LSW1-GigabitEthernet0/0/4]port link-type access
[BJ-S5700-LSW1-GigabitEthernet0/0/4]port default vlan 20
[BJ-S5700-LSW1-GigabitEthernet0/0/4]int g0/0/5
[BJ-S5700-LSW1-GigabitEthernet0/0/5]port link-type access
[BJ-S5700-LSW1-GigabitEthernet0/0/5]port default vlan 30
[BJ-S5700-LSW1-GigabitEthernet0/0/5]int Eth-Trunk12
[BJ-S5700-LSW1-Eth-Trunk12]port link-type access
[BJ-S5700-LSW1-Eth-Trunk12]port default vlan 40
[BJ-S5700-LSW1-Eth-Trunk12]int vlanif10
[BJ-S5700-LSW1-Vlanif10]ip add 192.168.10.254 24
[BJ-S5700-LSW1-Vlanif10]int vlanif20
[BJ-S5700-LSW1-Vlanif20]ip add 192.168.20.254 24
[BJ-S5700-LSW1-Vlanif20]int vlanif30
[BJ-S5700-LSW1-Vlanif30]ip add 192.168.30.254 24
[BJ-S5700-LSW1-Vlanif30]int vlanif40
[BJ-S5700-LSW1-Vlanif40]ip add 192.168.40.254 24
[BJ-S5700-LSW1-Vlanif40]display ip interface brief 查看已有Vlanif及其地址
========================================================
[BJ-S5700-LSW1]vlan 99 LSW1配置g0/0/24端口
[BJ-S5700-LSW1-vlan99]int g0/0/24
[BJ-S5700-LSW1-GigabitEthernet0/0/24]port link-type access
[BJ-S5700-LSW1-GigabitEthernet0/0/24]port default vlan 99
[BJ-S5700-LSW1-GigabitEthernet0/0/24]int vlanif99
[BJ-S5700-LSW1-Vlanif99]ip add 192.168.1.2 24
========================================================
========================================================
配置DHCP、静态路由和IP地址池
[BJ-AR2240-AR1]dhcp enable
[BJ-AR2240-AR1]int g0/0/0
[BJ-AR2240-AR1-GigabitEthernet0/0/0]ip add 192.168.1.1 24
[BJ-AR2240-AR1-GigabitEthernet0/0/0]dhcp select global
[BJ-AR2240-AR1-GigabitEthernet0/0/0]q
[BJ-AR2240-AR1]ip route-static 192.168.10.0 255.255.255.0 192.168.1.2
[BJ-AR2240-AR1]ip route-static 192.168.20.0 255.255.255.0 192.168.1.2
[BJ-AR2240-AR1]ip route-static 192.168.30.0 255.255.255.0 192.168.1.2
[BJ-AR2240-AR1]ip route-static 192.168.40.0 255.255.255.0 192.168.1.2
[BJ-AR2240-AR1]ip pool vlan10
Info: It's successful to create an IP address pool.
[BJ-AR2240-AR1-ip-pool-vlan10]gateway-list 192.168.10.254
[BJ-AR2240-AR1-ip-pool-vlan10]network 192.168.10.0 mask 255.255.255.0
[BJ-AR2240-AR1-ip-pool-vlan10]excluded-ip-address 192.168.10.100 192.168.10.253
[BJ-AR2240-AR1-ip-pool-vlan10]dns-list 114.114.114.114
[BJ-AR2240-AR1-ip-pool-vlan10]q
[BJ-AR2240-AR1]ip pool vlan20
Info: It's successful to create an IP address pool.
[BJ-AR2240-AR1-ip-pool-vlan20]gateway-list 192.168.20.254
[BJ-AR2240-AR1-ip-pool-vlan20]network 192.168.20.0 mask 255.255.255.0
[BJ-AR2240-AR1-ip-pool-vlan20]excluded-ip-address 192.168.20.100 192.168.20.253
[BJ-AR2240-AR1-ip-pool-vlan20]dns-list 114.114.114.114
[BJ-AR2240-AR1-ip-pool-vlan20]q
[BJ-AR2240-AR1]ip pool vlan30
Info: It's successful to create an IP address pool.
[BJ-AR2240-AR1-ip-pool-vlan30]gateway-list 192.168.30.254
[BJ-AR2240-AR1-ip-pool-vlan30]network 192.168.30.0 mask 255.255.255.0
[BJ-AR2240-AR1-ip-pool-vlan30]excluded-ip-address 192.168.30.100 192.168.30.253
[BJ-AR2240-AR1-ip-pool-vlan30]dns-list 114.114.114.114
[BJ-AR2240-AR1-ip-pool-vlan30]q
[BJ-AR2240-AR1]dis ip pool
========================================================
//配置DHCP中继
[BJ-S5700-LSW1]
[BJ-S5700-LSW1]dhcp enable
Info: The operation may take a few seconds. Please wait for a moment.done.
[BJ-S5700-LSW1]int vlanif10
[BJ-S5700-LSW1-Vlanif10]dhcp select relay
[BJ-S5700-LSW1-Vlanif10]dhcp relay server-ip 192.168.1.1
[BJ-S5700-LSW1-Vlanif10]q
[BJ-S5700-LSW1]int vlanif20
[BJ-S5700-LSW1-Vlanif20]dhcp select relay
[BJ-S5700-LSW1-Vlanif20]dhcp relay server-ip 192.168.1.1
[BJ-S5700-LSW1-Vlanif20]q
[BJ-S5700-LSW1]int vlanif30
[BJ-S5700-LSW1-Vlanif30]dhcp select relay
[BJ-S5700-LSW1-Vlanif30]dhcp relay server-ip 192.168.1.1
========================================================
========================================================
// AR2配置DHCP
[SZ-AR1220-AR2]dhcp enable
Info: The operation may take a few seconds. Please wait for a moment.done.
[SZ-AR1220-AR2]int g0/0/0
[SZ-AR1220-AR2-GigabitEthernet0/0/0]ip add 192.168.50.254 24
[SZ-AR1220-AR2-GigabitEthernet0/0/0]dhcp select global
[SZ-AR1220-AR2-GigabitEthernet0/0/0]q
[SZ-AR1220-AR2]ip pool net50
Info: It's successful to create an IP address pool.
[SZ-AR1220-AR2-ip-pool-net50]gateway-list 192.168.50.254
[SZ-AR1220-AR2-ip-pool-net50]network 192.168.50.0 mask 24
[SZ-AR1220-AR2-ip-pool-net50]excluded-ip-address 192.168.50.201 192.168.50.253
[SZ-AR1220-AR2-ip-pool-net50]dns-list 114.114.114.114
========================================================
// AR3配置DHCP
[SH-AR1220-AR3]dhcp enable
Info: The operation may take a few seconds. Please wait for a moment.done.
[SH-AR1220-AR3]int g0/0/0
[SH-AR1220-AR3-GigabitEthernet0/0/0]ip add 192.168.60.254 24
[SH-AR1220-AR3-GigabitEthernet0/0/0]dhcp select global
[SH-AR1220-AR3-GigabitEthernet0/0/0]q
[SH-AR1220-AR3]ip pool net60
Info: It's successful to create an IP address pool.
[SH-AR1220-AR3-ip-pool-net60]gateway-list 192.168.60.254
[SH-AR1220-AR3-ip-pool-net60]network 192.168.60.0 mask 24
[SH-AR1220-AR3-ip-pool-net60]excluded-ip-address 192.168.60.201 192.168.60.253
[SH-AR1220-AR3-ip-pool-net60]dns-list 114.114.114.114
========================================================
========================================================
// 配置AR1ppp-CHAP认证
[BJ-AR2240-AR1]int s1/0/0
[BJ-AR2240-AR1-Serial1/0/0]ip add 192.168.2.1 24
[BJ-AR2240-AR1-Serial1/0/0]q
[BJ-AR2240-AR1]ip route-static 192.168.50.0 255.255.255.0 192.168.2.2
[BJ-AR2240-AR1]aaa
[BJ-AR2240-AR1-aaa]local-user ar1 password cipher hello
Info: Add a new user.
[BJ-AR2240-AR1-aaa]local-user ar1 service-type ppp
[BJ-AR2240-AR1-aaa]int s1/0/0
[BJ-AR2240-AR1-Serial1/0/0]link-protocol ppp
[BJ-AR2240-AR1-Serial1/0/0]ppp authentication-mode chap
[BJ-AR2240-AR1-Serial1/0/0]shutdown
[BJ-AR2240-AR1-Serial1/0/0]undo shutdown
========================================================
// 配置AR2ppp-CHAP认证
[SZ-AR1220-AR2]int s1/0/0
[SZ-AR1220-AR2-Serial1/0/0]ip add 192.168.2.2 24
[SZ-AR1220-AR2-Serial1/0/0]q
[SZ-AR1220-AR2]ip route-static 192.168.1.0 255.255.255.0 192.168.2.1
[SZ-AR1220-AR2]int s1/0/0
[SZ-AR1220-AR2-Serial1/0/0]link-protocol ppp
[SZ-AR1220-AR2-Serial1/0/0]ppp chap user ar1
[SZ-AR1220-AR2-Serial1/0/0]ppp chap password cipher hello
[SZ-AR1220-AR2-Serial1/0/0]shutdown
[SZ-AR1220-AR2-Serial1/0/0]undo shutdown
[SZ-AR1220-AR2-Serial1/0/0]display this
========================================================
========================================================
// 配置AR1路由备份
[BJ-AR2240-AR1]int s2/0/0
[BJ-AR2240-AR1-Serial2/0/0]ip add 192.168.3.1 24
[BJ-AR2240-AR1-Serial2/0/0]int s2/0/1
[BJ-AR2240-AR1-Serial2/0/1]ip add 192.168.4.1 24
[BJ-AR2240-AR1-Serial2/0/1]q
[BJ-AR2240-AR1]ip route-static 192.168.60.0 255.255.255.0 192.168.3.2 //默认60
[BJ-AR2240-AR1]ip route-static 192.168.60.0 255.255.255.0 192.168.4.2 preference 100
========================================================
// 配置AR3路由备份
[SH-AR1220-AR3]int s2/0/0
[SH-AR1220-AR3-Serial2/0/0]ip add 192.168.3.2 24
[SH-AR1220-AR3-Serial2/0/0]int s2/0/1
[SH-AR1220-AR3-Serial2/0/1]ip add 192.168.4.2 24
[SH-AR1220-AR3-Serial2/0/1]q
[SH-AR1220-AR3]ip route-static 192.168.1.0 255.255.255.0 192.168.3.1 //默认60
[SH-AR1220-AR3]ip route-static 192.168.1.0 255.255.255.0 192.168.4.1 preference 100
========================================================
========================================================
// AR1配置帧中继
[BJ-AR2240-AR1]int s2/0/0
[BJ-AR2240-AR1-Serial2/0/0]link-protocol fr
Warning: The encapsulation protocol of the link will be changed. Continue? [Y/N]:y
[BJ-AR2240-AR1-Serial2/0/0]fr interface-type dce //网络侧
[BJ-AR2240-AR1-Serial2/0/0]fr dlci 100
[BJ-AR2240-AR1-fr-dlci-Serial2/0/0-100]int s2/0/1
[BJ-AR2240-AR1-Serial2/0/1]link-protocol fr
Warning: The encapsulation protocol of the link will be changed. Continue? [Y/N]:y
[BJ-AR2240-AR1-Serial2/0/1]fr interface-type dce
[BJ-AR2240-AR1-Serial2/0/1]fr dlci 100
[BJ-AR2240-AR1-fr-dlci-Serial2/0/1-100]q
========================================================
// AR3配置帧中继
[SH-AR1220-AR3]int s2/0/0
[SH-AR1220-AR3-Serial2/0/0]link-protocol fr
Warning: The encapsulation protocol of the link will be changed. Continue? [Y/N]:y
[SH-AR1220-AR3-Serial2/0/0]fr interface-type dte //用户侧
[SH-AR1220-AR3-Serial2/0/0]fr dlci 100
[SH-AR1220-AR3-fr-dlci-Serial2/0/0-100]q
[SH-AR1220-AR3-Serial2/0/0]int s2/0/1
[SH-AR1220-AR3-Serial2/0/1]link-protocol fr
Warning: The encapsulation protocol of the link will be changed. Continue? [Y/N]:y
[SH-AR1220-AR3-Serial2/0/1]fr interface-type dte
[SH-AR1220-AR3-Serial2/0/1]fr dlci 100
[SH-AR1220-AR3-fr-dlci-Serial2/0/1-100]q
========================================================
========================================================
// 配置AR1的OSPF
[BJ-AR2240-AR1]int loopback0
[BJ-AR2240-AR1-LoopBack0]ip add 1.1.1.1 32
[BJ-AR2240-AR1-LoopBack0]q
[BJ-AR2240-AR1]ospf 100 router-id 1.1.1.1
[BJ-AR2240-AR1-ospf-100]area 0
[BJ-AR2240-AR1-ospf-100-area-0.0.0.0]authentication-mode md5 1 cipher huawei
[BJ-AR2240-AR1-ospf-100-area-0.0.0.0]network 192.168.2.0 0.0.0.255
[BJ-AR2240-AR1-ospf-100-area-0.0.0.0]network 192.168.3.0 0.0.0.255
[BJ-AR2240-AR1-ospf-100-area-0.0.0.0]network 192.168.4.0 0.0.0.255
[BJ-AR2240-AR1-ospf-100-area-0.0.0.0]network 1.1.1.1 0.0.0.0
[BJ-AR2240-AR1-ospf-100-area-0.0.0.0]area 1
[BJ-AR2240-AR1-ospf-100-area-0.0.0.1]authentication-mode md5 1 cipher hw123
[BJ-AR2240-AR1-ospf-100-area-0.0.0.1]network 192.168.1.0 0.0.0.255
[BJ-AR2240-AR1-ospf-100-area-0.0.0.1]q
[BJ-AR2240-AR1-ospf-100]import-route static //OSPF引入静态路由
[BJ-AR2240-AR1-ospf-100]peer 192.168.3.2 //手动指定邻居的接口,建立邻居关系。因为帧中继默认无法运行OSPF协议
[BJ-AR2240-AR1-ospf-100]peer 192.168.4.2
[BJ-AR2240-AR1-ospf-100]int g0/0/0
========================================================
// 配置AR2的OSPF
[SZ-AR1220-AR2]int loopback0
[SZ-AR1220-AR2-LoopBack0]ip add 2.2.2.2 32
[SZ-AR1220-AR2-LoopBack0]q
[SZ-AR1220-AR2]ospf 100 router-id 2.2.2.2
[SZ-AR1220-AR2-ospf-100]area 0
[SZ-AR1220-AR2-ospf-100-area-0.0.0.0]authentication-mode md5 1 cipher huawei
[SZ-AR1220-AR2-ospf-100-area-0.0.0.0]network 192.168.2.0 0.0.0.255
[SZ-AR1220-AR2-ospf-100-area-0.0.0.0]network 2.2.2.2 0.0.0.0
[SZ-AR1220-AR2-ospf-100-area-0.0.0.0]area 2
[SZ-AR1220-AR2-ospf-100-area-0.0.0.2]network 192.168.50.0 0.0.0.255
[SZ-AR1220-AR2-ospf-100-area-0.0.0.2]q
[SZ-AR1220-AR2-ospf-100]import-route static
========================================================
// 配置AR3的OSPF
[SH-AR1220-AR3]int loopback0
[SH-AR1220-AR3-LoopBack0]ip add 3.3.3.3 32
[SH-AR1220-AR3-LoopBack0]q
[SH-AR1220-AR3]ospf 100 router-id 3.3.3.3
[SH-AR1220-AR3-ospf-100]area 0
[SH-AR1220-AR3-ospf-100-area-0.0.0.0]authentication-mode md5 1 cipher huawei
[SH-AR1220-AR3-ospf-100-area-0.0.0.0]network 192.168.3.0 0.0.0.255
[SH-AR1220-AR3-ospf-100-area-0.0.0.0]network 192.168.4.0 0.0.0.255
[SH-AR1220-AR3-ospf-100-area-0.0.0.0]network 3.3.3.3 0.0.0.0
[SH-AR1220-AR3-ospf-100-area-0.0.0.0]area 3
[SH-AR1220-AR3-ospf-100-area-0.0.0.3]network 192.168.60.0 0.0.0.255
[SH-AR1220-AR3-ospf-100-area-0.0.0.3]q
[SH-AR1220-AR3-ospf-100]import-route static
[SH-AR1220-AR3-ospf-100]peer 192.168.3.1
[SH-AR1220-AR3-ospf-100]peer 192.168.4.1
[SH-AR1220-AR3-ospf-100]int s2/0/0
[SH-AR1220-AR3-Serial2/0/0]ospf dr-priority 0 //OSPF优先级置零,使其不参与DR/BDR的选举(默认DR是1)
[SH-AR1220-AR3-Serial2/0/0]int s2/0/1
[SH-AR1220-AR3-Serial2/0/1]ospf dr-priority 0 //OSPF优先级置零,使其不参与DR/BDR的选举
========================================================
// 配置LSW1的OSPF
[BJ-S5700-LSW1]int loopback0
[BJ-S5700-LSW1-LoopBack0]ip add 4.4.4.4 32
[BJ-S5700-LSW1-LoopBack0]q
[BJ-S5700-LSW1]ospf 100 router-id 4.4.4.4
[BJ-S5700-LSW1-ospf-100]area 1
[BJ-S5700-LSW1-ospf-100-area-0.0.0.1]authentication-mode md5 1 cipher hw123
[BJ-S5700-LSW1-ospf-100-area-0.0.0.1]network 192.168.1.0 0.0.0.255
[BJ-S5700-LSW1-ospf-100-area-0.0.0.1]network 4.4.4.4 0.0.0.0
[BJ-S5700-LSW1-ospf-100-area-0.0.0.1]q
[BJ-S5700-LSW1-ospf-100]import-route static
[BJ-S5700-LSW1-ospf-100]int vlan99
[BJ-S5700-LSW1-Vlanif99]ospf dr-priority 0 //OSPF优先级置零,使其不参与DR/BDR选举
========================================================
========================================================THE END.
850
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
