中小型企业园区组网实验

中小型企业园区组网实验

一，网络设计：

1. 在小型企业网中，接入层使用华为s3700，核心层使用S5700,出口网关使用AR2220,
2. 接入层和核心层，核心层和出口路由使用链路聚合增加链路带宽和冗余备份；
3. 每个部门划分到不同的VLAN ,部门间在核心交换机之间通过VLANIF 三层互通
4. 核心层作为DHCP SERVER为用户分配IP地址；
5. 内网服务做NAT 服务器映射到公网；
6. 核心交换机和出口路由器使用OSPF协议；

二，配置：
1，接入层交换机

<sw2>display current-configuration 
#
sysname sw2
#
vlan batch 10

interface Eth-Trunk1
 port link-type trunk
 port trunk allow-pass vlan 10
#
interface Ethernet0/0/1
 eth-trunk 1
#
interface Ethernet0/0/2
 eth-trunk 1
#
interface Ethernet0/0/3
 port link-type access
 port default vlan 10
 stp edged-port enable
#
interface Ethernet0/0/4
 port link-type access
 port default vlan 10
 stp edged-port enable
#

return
<sw2> 

二，核心交换机

<sw1>display current-configuration 
#
sysname sw1
#
vlan batch 10 20 30 100
#
stp instance 0 root primary
#
dhcp enable
#
ip pool vlan10
 gateway-list 192.168.10.1
 network 192.168.10.0 mask 255.255.255.0
 dns-list 114.114.114.114 30.10.10.200
#
ip pool vlan20
 gateway-list 192.168.20.1
 network 192.168.20.0 mask 255.255.255.0
 dns-list 114.114.114.114 30.10.10.200
#
ip pool vlan30
 gateway-list 192.168.30.1
 network 192.168.30.0 mask 255.255.255.0
 dns-list 114.114.114.114
#
interface Vlanif10
 ip address 192.168.10.1 255.255.255.0
 dhcp select global
#
interface Vlanif20
 ip address 192.168.20.1 255.255.255.0
 dhcp select global
#
interface Vlanif30
 ip address 192.168.30.1 255.255.255.0
 dhcp select global
#
interface Vlanif100
 ip address 192.168.100.10 255.255.255.0
#
interface MEth0/0/1
#
interface Eth-Trunk1
 port link-type trunk
 port trunk allow-pass vlan 10
#
interface Eth-Trunk2
 port link-type trunk
 port trunk allow-pass vlan 20
#
interface Eth-Trunk3
 port link-type access
 port default vlan 100
#
interface GigabitEthernet0/0/1
 eth-trunk 3
#
interface GigabitEthernet0/0/2
 eth-trunk 3
#
interface GigabitEthernet0/0/3
 eth-trunk 1
#
interface GigabitEthernet0/0/4
 eth-trunk 1
#
interface GigabitEthernet0/0/5
 eth-trunk 2
#
interface GigabitEthernet0/0/6
 eth-trunk 2
#
interface GigabitEthernet0/0/7
 port link-type access
 port default vlan 30
#
ospf 1 router-id 1.1.1.1
 area 0.0.0.0
  network 192.168.100.10 0.0.0.0
  network 192.168.10.1 0.0.0.0
  network 192.168.20.1 0.0.0.0
  network 192.168.30.1 0.0.0.0
#
user-interface con 0
user-interface vty 0 4
#

三，出口网关

<r6>dis current-configuration 
[V200R003C00]
#
 sysname r6
#
 dns resolve  
 dns server 114.114.114.114 
 dns proxy enable
#
acl number 2000  
 rule 5 permit source 192.168.10.0 0.0.0.255 
 rule 10 permit source 192.168.20.0 0.0.0.255 
 rule 15 permit source 192.168.30.0 0.0.0.255 
#
ip pool vlan20
 dns-list 30.10.10.200 
#
interface Eth-Trunk3
 undo portswitch
 ip address 192.168.100.100 255.255.255.0 
#
interface GigabitEthernet0/0/0
 ip address 10.10.5.200 255.255.255.0 
 nat server protocol tcp global 10.10.5.10 12345 inside 192.168.30.254 www
 nat outbound 2000
#
interface GigabitEthernet0/0/1
 eth-trunk 3
#
interface GigabitEthernet0/0/2
 eth-trunk 3
#
interface NULL0
#
dialer-rule
#
ospf 1 router-id 1.1.1.1 
 default-route-advertise always
 area 0.0.0.0 
  network 20.10.10.1 0.0.0.0 
  network 30.10.10.1 0.0.0.0 
  network 192.168.100.100 0.0.0.0 
#
ip route-static 0.0.0.0 0.0.0.0 10.10.5.85
#
return
<r6>

四：验证：