此公司办公区域楼层一共有三层,要求组建一个可供1000人同时上网的局域网;
需求如下:
1.自行设计网络内部所有的ip地址,设计完成之后制定一个表格记录此网络的ip地址,方便以后查询使用;
2.公司一共分成了4个vlan,
vlan 10给财务部门使用;
vlan 20给办公员工使用;
vlan 30给管理部门使用;
vlan 40给访客使用;
3.为了方便管理,各个vlan所在网段的网关安排如下:
vlan 10的网关在sw1上;
vlan 20的网关在sw1上;
vlan 30的网关在sw1上;
vlan 40的网关在sw2上;
4.访客用户在接入网络的时候使用dhcp,dhcp server在R1上;
4.另外的组网需求就是要求内部三层网络使用ospf路由协议达到全网互联;
5.还有一个小公司为了节约成本,没有从运营商接网络,而是租用本公司的网络,小公司用的路由协议都是ripv2;
二. 课程设计内容及步骤
1:实验拓扑图
2:方法和步骤
实验过程中采用了划分vlan来实现数据包通过交换机在不同网段之间通信,使用三层交换机的虚拟接口实现路由功能,并且通过协议(这里主要是rip和ospf)的互相学习连通网络,通过DHCP协议实现自动获取IP地址,通过nat技术是私有IP转变成公有IP以访问外网,用acl技术实现对访问公网的IP进行限制控制。
实验步骤:
2.1对主机分配IP
CLIENT1:192.168.5.2/24
CLIENT2:192.168.1.2/24
CLIENT3:192.168.2.2/24
CLIENT4:192.168.1.3/24
CLIENT5:192.168.3.2/24
CLIENT6:192.168.2.3/24
CLIENT7:使用DHCP自动获取IP地址,网段:192.168.4.0/24
2.2二层交换机配置
LSW3:
[Huawei]vlan batch 1020 创建vlan1020
[Huawei]interfacee0/0/4 进入接口4
[Huawei-Ethernet0/0/4]portlink-type access 接口类型选择access口
[Huawei-Ethernet0/0/4]portdefault vlan 10 缺省vlan为vlan10
[Huawei-Ethernet0/0/5]portlink-type access 为5接口选择access口
[Huawei-Ethernet0/0/5]portdefault vlan 20 缺省vlan为vlan20
[Huawei-Ethernet0/0/1]portlink-type trunk 为1接口类型选择trunk口
[Huawei-Ethernet0/0/1]porttrunk allow-pass vlan all 放行所有vlan
[Huawei]interfaceEth-Trunk 1 创建聚合组1
[Huawei-Eth-Trunk1]q
[Huawei]interfacee0/0/2
[Huawei-Ethernet0/0/2]eth-trunk1 把2接口加入创建的聚合组1中
[Huawei-Ethernet0/0/3]eth-trunk1 把3接口加入创建的聚合组1中
LSW4:
[Huawei]vlan batch 1020 创建vlan1020
[Huawei]interfacee0/0/4 进入接口4
[Huawei-Ethernet0/0/4]portlink-type access 接口类型选择access口
[Huawei-Ethernet0/0/4]portdefault vlan 10 缺省vlan为vlan10
[Huawei-Ethernet0/0/5]portlink-type access 为5接口选择access口
[Huawei-Ethernet0/0/5]portdefault vlan 30 缺省vlan为vlan30
[Huawei-Ethernet0/0/1]portlink-type trunk 为1接口类型选择trunk口
[Huawei-Ethernet0/0/1]porttrunk allow-pass vlan all 放行所有vlan
[Huawei]interface Eth-Trunk2 创建聚合组2
[Huawei-Eth-Trunk1]q
[Huawei]interfacee0/0/2
[Huawei-Ethernet0/0/2]eth-trunk1 把2接口加入创建的聚合组2中
[Huawei-Ethernet0/0/3]eth-trunk1 把3接口加入创建的聚合组2中
LSW5:
[Huawei]vlan batch 2040
[Huawei-Ethernet0/0/2]portlink-type access
[Huawei-Ethernet0/0/2]portdefault vlan 20
[Huawei-Ethernet0/0/3]portlink-type access
[Huawei-Ethernet0/0/3]portdefault vlan 40
[Huawei-Ethernet0/0/1]porttrunk allow-pass vlan
[Huawei-Ethernet0/0/1]porttrunk allow-pass vlan 20 40
LSW6:
[Huawei]vlan batch100
[Huawei-Ethernet0/0/2]portlink-type access
[Huawei-Ethernet0/0/2]portdefault vlan 100
[Huawei-Ethernet0/0/1]portlink-type trunk
[Huawei-Ethernet0/0/1]porttrunk allow-pass vlan 100
[Huawei-Ethernet0/0/1]porttrunk pvid vlan 100
2.2三层交换机配置
LSW1:
[Huawei-ospf-1]default-route-advertisealways 发布路由
[Huawei]vlan batch 1020 30 70 80 90
[Huawei-GigabitEthernet0/0/4]portlink-type trunk
[Huawei-GigabitEthernet0/0/4]porttrunk allow-pass vlan all
[Huawei-GigabitEthernet0/0/5]portlink-type trunk
[Huawei-GigabitEthernet0/0/5]porttrunk allow-pass vlan all
[Huawei-GigabitEthernet0/0/6]portlink-type access
[Huawei-GigabitEthernet0/0/6]portdefault vlan 80
[Huawei-GigabitEthernet0/0/1]portlink-type access
[Huawei-GigabitEthernet0/0/6]portdefault vlan 90
[Huawei]interfaceVlanif 10
[Huawei-Vlanif10]ipaddress 192.168.1.1 24
[Huawei]interfaceVlanif 20
[Huawei-Vlanif20]ipaddress 192.168.2.1 24
[Huawei]interfaceVlanif 30
[Huawei-Vlanif30]ipaddress 192.168.3.1 24
[Huawei]interfaceVlanif 80
[Huawei-Vlanif80]ipaddress 10.0.0.9 30
[Huawei-Vlanif90]ipaddress 10.0.0.6 30
[Huawei]interfaceEth-Trunk 3
[Huawei-Eth-Trunk3]q
[Huawei]interfaceGigabitEthernet 0/0/1
[Huawei-GigabitEthernet0/0/2]eth-trunk3
[Huawei-GigabitEthernet0/0/3]eth-trunk3
[Huawei-Eth-Trunk3]portlink-type trunk
[Huawei-Eth-Trunk3]porttrunk allow-pass vlan all
[Huawei]interfaceVlanif 70
[Huawei-Vlanif70]ipaddress 10.0.0.13 30
[Huawei]router id10.2.2.2
[Huawei-ospf-1-area-0.0.0.0]network10.1.1.1 0.0.0.0
[Huawei-ospf-1-area-0.0.0.0]network192.168.1.0 0.0.0.255
[Huawei-ospf-1-area-0.0.0.0]network192.168.2.0 0.0.0.255
[Huawei-ospf-1-area-0.0.0.0]network192.168.3.0 0.0.0.255
[Huawei-ospf-1-area-0.0.0.0]network10.0.0.8 0.0.0.3
[Huawei-ospf-1-area-0.0.0.0]network10.0.0.4 0.0.0.3
[Huawei-ospf-1-area-0.0.0.0]network10.0.0.12 0.0.0.3
[Huawei-ospf-1-area-0.0.0.0]network0.0.0.0 0.0.0.0
[Huawei]rip
[Huawei-rip-1]version2
[Huawei-rip-1]undosummary
[Huawei-rip-1]network 10.0.0.0
[Huawei]ospf
[Huawei-ospf-1]import-routerip ospf与rip相互学习
[Huawei]rip
[Huawei-rip-1]import-routeospf ospf与rip相互学习
LSW2:
[Huawei-ospf-1]default-route-advertisealways
[Huawei]vlan batch 2040
[Huawei-GigabitEthernet0/0/3]portlink-type trunk
[Huawei-GigabitEthernet0/0/3]porttrunk allow-pass vlan 20 40
[Huawei]interfaceEth-Trunk 4
[Huawei-GigabitEthernet0/0/1]eth-trunk4
[Huawei-GigabitEthernet0/0/2]eth-trunk4
[Huawei-Eth-Trunk4]portlink-type trunk
[Huawei-Eth-Trunk4]porttrunk allow-pass vlan all
[Huawei]interfaceVlanif 70
[Huawei-Vlanif70]ipaddress 10.0.0.14 30
[Huawei]interfaceVlanif 40
[Huawei-Vlanif40]ipaddress 192.168.4.1 24
开启DHCP功能:
[Huawei]dhcp enable
[Huawei]interfaceVlanif 40
[Huawei-Vlanif40]dhcpselect relay
[Huawei-Vlanif40]dhcprelay server-ip 10.0.0.5
[Huawei]ospf 1router-id 10.4.4.4
[Huawei-ospf-1-area-0.0.0.0]network0.0.0.0 0.0.0.0
[Huawei-ospf-1-area-0.0.0.0]network192.168.4.0 0.0.0.255
[Huawei-ospf-1-area-0.0.0.0]network192.168.2.0 0.0.0.255
[Huawei-ospf-1-area-0.0.0.0]network10.0.0.12 0.0.0.3
2.3 路由器配置
R1:
[Huawei-Ethernet0/0/1]ipaddress 10.0.0.5 30
[Huawei]router id 10.1.1.1
[Huawei-ospf-1-area-0.0.0.0]network10.0.0.4 0.0.0.3
[Huawei-ospf-1-area-0.0.0.0]network0.0.0.0 0.0.0.0
[Huawei]dhcp enable
[Huawei]interfaceLoopBack 0
[Huawei-LoopBack0]ipaddress 10.1.1.1 24
[Huawei]ip pool 1
[Huawei-ip-pool-1]network192.168.4.0 mask 24
[Huawei-ip-pool-1]gateway-list192.168.4.1
[Huawei-ip-pool-1]dns-list8.8.8.8
[Huawei-Ethernet0/0/1]dhcpselect global
[Huawei]iproute-static 0.0.0.0 0.0.0.0 202.112.1.2
[Huawei-Ethernet0/0/0]ipadd 202.112.1.1 24
[Huawei-ospf-1]default-route-advertisealways
[Huawei]acl number2000
[Huawei-acl-basic-2000]rulepermit source 192.168.1.0 0.0.0.255
[Huawei-acl-basic-2000]rulepermit source 192.168.2.0 0.0.0.255
[Huawei-acl-basic-2000]rulepermit source 192.168.3.0 0.0.0.255
[Huawei-acl-basic-2000]rulepermit source 192.168.4.0 0.0.0.255
[Huawei-acl-basic-2000]rulepermit source 192.168.5.0 0.0.0.255
抓取数据流
[Huawei-Ethernet0/0/0]natoutbound 2000 接口调用acl
R2:
[Huawei-Ethernet0/0/0]ipaddress 10.0.0.10 30
[Huawei]interfaceLoopBack 0
[Huawei-Ethernet0/0/1]ipaddress 10.0.0.17 30
[Huawei-rip-1]network10.0.0.0
[Huawei-rip-1]version2
R3:
[Huawei]vlan batch100
[Huawei-Ethernet0/0/1]ipaddress 192.168.5.1 24
[Huawei-Ethernet0/0/0]ipaddress 10.0.0.18 30
[Huawei-rip-1]network10.0.0.0
[Huawei-rip-1]network192.168.5.0
[Huawei-rip-1]version2
R4:
[Huawei-Ethernet0/0/0]ip add 202.112.1.2 24
三.实验结果
测试主机之间互通
使用DHCP使CLIENT7自动获取配置信息:
网络设备之间互通
Ospf与 rip相互学习之后,是内部网络和私有网络互通: