一、拓扑图
1、拓扑图
2、实现功能
①、每个部门不同的VLAN划分,但没有限制的部门可以互相通信(总部和分公司)
②、分公司的路由器做DHCP服务器,PC自动获取IP
③、总部内网互通,但除了服务器其他部门不能访问财务部,其他部门可以互相访问,PC为自动获取IP
④、分公司只可以访问总公司的服务器,并且可以正常上网
⑤、拓扑中的1、2、3、4线坏掉任意一根,不影响上网
⑥、禁止总部市场部上外网,其他部门正常上外网
⑦、所有公司员工可以用www.monkey.com访问外网的猴子网站
⑧、总部的WEB服务器发布出去,外网PC可以成功访问此服务器发布的网站
⑨、互联网的路由器为动态路由,其他是静态路由
二、分公司设置
1、设计分析
①、分公司需要实现的功能为,用VLAN隔离广播域,且不同VLAN可以互相通信
②、路由需要做DHCP服务器使用
③、采用单臂路由来实现分公司功能
2、单臂路由实现
1、配置交换机
①、创建vlan
SW1:configure terminal
vlan 10
exit
vlan 20
exit
SW2:configure terminal
vlan 10
exit
vlan 20
exit
②、划分VLAN接口
SW1:configure terminal
interface f0/1
switchport access vlan 10
no shutdown
exit
interface f0/2
switchport access vlan 20
no shutdown
exit
SW2:configure terminal
interface f0/1
switchport access vlan 10
no shutdown
exit
interface f0/2
switchport access vlan 20
no shutdown
exit
③、设置Trunk链路
SW1:configure terminal
interface f0/3
switchport mode trunk
no shutdown
exit
SW2:configure terminal
interface f0/3
switchport mode trunk
no shutdown
exit
2、配置路由器
①、设置路由的DHCP服务
Router1:configure terminal
ip dhcp pool v1
network 172.16.1.0 255.255.255.0
default-router 172.16.1.254
dns-server 140.0.0.1
exit
ip dhcp pool v2
network 172.16.2.0 255.255.255.0
default-router 172.16.2.254
dns-server 140.0.0.1
exit
Router2:configure terminal
ip dhcp pool v1
network 172.16.20.0 255.255.255.0
default-router 172.16.20.254
dns-server 140.0.0.1
exit
ip dhcp pool v2
network 172.16.21.0 255.255.255.0
default-router 172.16.21.254
dns-server 140.0.0.1
exit
②、开启虚拟子接口
Router1:configure terminal
interface f0/0.1
encapsulation dot1q 10
ip address 172.16.1.254 255.255.255.0
no shutdown
exit
interface f0/0.2
encapsulation dot1q 20
ip address 172.16.2.254 255.255.255.0
no shutdown
exit
interface f0/0
no shutdown
exit
Router2:configure terminal
interface f0/0.1
encapsulation dot1q 10
ip address 172.16.20.254 255.255.255.0
no shutdown
exit
interface f0/0.2
encapsulation dot1q 20
ip address 172.16.21.254 255.255.255.0
no shutdown
exit
interface f0/0
no shutdown
exit
③、开启连接专线的端口
Router1:configure terminal
interface f0/1
ip address 10.1.1.1 255.255.255.0
no shutdown
exit
Router2:configure terminal
interface f0/1
ip address 10.2.2.1 255.255.255.0
no shutdown
exit
三、专线路由设置
1、Router1/2分析设置
①、Router1/2分析,分公司的路由在访问总部或者外网时,只需传送到Router3即可,可以使用默认路由
Router1:configure terminal
ip route 0.0.0.0 0.0.0.0 10.1.1.2
exit
Router2:configure terminal
ip route 0.0.0.0 0.0.0.0 10.2.2.2
exit
2、Router3分析设置
①、Router3分析,左侧只需指向分公司,右侧为外网和总部,需要开启端口,配置路由表,到192.168.0.0和140.0.0.0网段的指向Router4,172.16.1.0-172.16.21.0分别指向Router1和Router2
//先开启端口
configure terminal
interface f0/0
ip address 10.1.1.2 255.255.255.0
no shutdown
exit
interface f0/1
ip address 10.2.2.2 255.255.255.0
no shutdown
exit
interface f1/0
ip address 10.3.3.1 255.255.255.0
no shutdown
exit
②、路由表配置
Router3:configure terminal
ip route 172.16.1.0 255.255.255.0 10.1.1.1
ip route 172.16.2.0 255.255.255.0 10.1.1.1
ip route 172.16.20.0 255.255.255.0 10.2.2.1
ip route 172.16.21.0 255.255.255.0 10.2.2.1
ip route 192.168.0.0 255.255.0.0 10.3.3.2
ip route 140.0.0.0 255.255.255.0 10.3.3.2
3、Router4分析设置
①、开启端口
Router4:configure terminal
interface f0/0
ip address 10.3.3.2 255.255.255.0
no shutdown
exit
interface f0/1
ip address 192.168.7.1 255.255.255.0
no shutdown
exit
②、路由配置分析,172.16.0.0的应指向Router3,192.168.0.0 和140.0.0.0指向SW0_0
Router4:configure terminal
ip route 172.16.0.0 255.255.0.0 10.3.3.1
ip route 192.168.0.0 255.255.0.0 192.168.7.2
ip route 140.0.0.0 255.255.255.0 192.168.7.2
四、总部设置
1、接入层交换机配置
1、Trunk链路设置
SW0_1:configure terminal
interface f0/3
switchport mode trunk
no shutdown
exit
SW0_2:configure terminal
interface f0/3
switchport mode trunk
no shutdown
exit
SW0_3:configure terminal
interface f0/3
switchport mode trunk
no shutdown
exit
2、VLAN划分
SW0_1:configure terminal
interface f0/1
switchport access vlan 10
no shutdown
exit
interface f0/2
switchport access vlan 20
no shutdown
exit
SW0_2:configure terminal
interface f0/1
switchport access vlan 30
no shutdown
exit
interface f0/2
switchport access vlan 40
no shutdown
exit
SW0_3:configure terminal
interface f0/1
switchport access vlan 50
no shutdown
exit
interface f0/2
switchport access vlan 50
no shutdown
exit
2、核心交换机配置
1、Trunk链路
SW0_0:configure terminal
interface range f0/1-3
switchport trunk encapsulation dot1q
switchport mode trunk
no shutdown
exit
2、VTP命令创建VLAN
SW0_0:configure terminal
vtp domain MONKEY
vlan 10
exit
vlan 20
exit
vlan 30
exit
vlan 40
exit
vlan 50
exit
vlan 60 //用于HSRP备份时与两个路由保持同网段通信
exit
3、启用虚拟链路
SW0_0:configure terminal
ip routing
interface vlan 10
ip address 192.168.1.254 255.255.255.0
no shutdown
exit
interface vlan 20
ip address 192.168.2.254 255.255.255.0
no shutdown
exit
interface vlan 30
ip address 192.168.3.254 255.255.255.0
no shutdown
exit
interface vlan 40
ip address 192.168.4.254 255.255.255.0
no shutdown
exit
interface vlan 50
ip address 192.168.5.254 255.255.255.0
no shutdown
exit
interface vlan 60
ip address 192.168.6.3 255.255.255.0
no shutdown
exit
4、DHCP中继
SW0_0:configure termminal
interface vlan 10
ip helper-address 192.168.5.1
exit
interface vlan 20
ip helper-address 192.168.5.1
exit
interface vlan 30
ip helper-address 192.168.5.1
exit
interface vlan 40
ip helper-address 192.168.5.1
exit
3、HSRP对路由进行备份
①、对Router0_1和Router0_2进行热备份,条件是两个路由器可以互相通信,现在两者分别连在g0/1和g0/2上,只要建立一个虚拟的链路,将三层交换机与两个路由连在一起划分到同一个VLAN就可以进行备份了
SW0_0:configure terminal
interface vlan 60
ip address 192.168.6.3 255.255.255.0
no shutdown
exit
interface g0/1
swtichport access vlan 60
exit
interface g0/2
switchport access vlan 60
exit
Router0_1:configure terminal
interface f0/0
ip address 192.168.6.1 255.255.255.0
no shutdown
exit
interface f0/1
ip address 100.0.0.1 255.255.255.0
no shutdown
exit
Router0_2:configure terminal
interface f0/0
ip address 192.168.6.2 255.255.255.0
no shutdown
exit
interface f0/1
ip address 110.0.0.1 255.255.255.0
no shutdown
exit
②、HSRP备份
Router0_1:configure terminal
interface f0/0 //网关所在的接口
standby 1 ip 192.168.6.4 //standby 组号 IP 虚拟IP
standby 1 priority 195 //设置优先级,numbers=200为优先级数值为200,其为0-255
standby 1 preempt //设置占先权
standby 1 track f0/1 //设置出接口跟踪,默认优先级降10(Cisco Packet Tracer软件)
Router0_2:configure terminal
interface f0/0
standby 1 ip 192.168.6.4 //standby 组号 IP 虚拟IP
standby 1 priority 190 //设置优先级,numbers=200为优先级数值为200,其为0-255
standby 1 preempt //设置占先权
standby 1 track f0/1 //设置出接口跟踪,默认优先级降10(Cisco Packet Tracer软件)
4、PAT实现外网访问
①、定义内网外网端口
Router0_1:configure terminal
interface f0/0 //定义为内网端口
ip nat inside
exit
interface f0/1 //定义为外网端口
ip nat outside
exit
Router0_2:configure terminal
interface f0/0
ip nat inside
exit
interface f0/1
ip nat outside
exit
②、配置PAT
Router0_1:configure terminal
access-list 1 permit 192.168.0.0 0.0.255.255 //定义内部地址池
ip nat inside source list 1 int f0/1 overload //将内部地址池资源表1中的地址,和外网端口f0/1的IP进行NAT转换,并开启端口复用
access-list 2 permit 172.16.0.0 0.0.255.255
ip nat inside source list 2 int f0/1 overload
Router0_2:configure terminal
access-list 1 permit 192.168.0.0 0.0.255.255
ip nat inside source list 1 int f0/1 overload
access-list 2 permit 172.16.0.0 0.0.255.255
ip nat inside source list 2 f0/1 overload
5、三层交换机路由表设置
①、升级f0/4端口为路由端口,并添加路由表
SW0_0:configure terminal
interface f0/4
no switchport
ip address 192.168.7.2 255.255.255.0
no shutdown
exit
ip route 172.16.0.0 255.255.0.0 192.168.7.1
②、设置了HSRP之后
SW0_0:configure terminal
ip route 0.0.0.0 0.0.0.0 192.168.6.4
exit
6、内网路由表设置
Router0_1:configure terminal
ip route 0.0.0.0 0.0.0.0 100.0.0.2
ip route 192.168.0.0 255.255.0.0 192.168.6.3
ip route 172.16.0.0 255.255.0.0 192.168.6.3
exit
Router0_2:configure terminal
ip route 0.0.0.0 0.0.0.0 110.0.0.2
ip route 192.168.0.0 255.255.0.0 192.168.6.3
ip route 172.16.0.0 255.255.0.0 192.168.6.3
exit
7、总部WEB服务器的发布
用静态PAT的方式,将WEB服务器80端口映射到IP100.0.0.2和110.0.0.2上的80端口
Router0_1:configure terminal
ip nat inside source static tcp 192.168.5.2 80 100.0.0.3 80
Router0_2:configure terminal
ip nat inside source static tcp 192.168.5.2 80 110.0.0.3 80
8、ACL设置
①、市场部不可上外网
Router0_0:configure terminal
ip access-list extended shic
permit ip 192.168.1.0 0.0.0.255 192.168.0.0 0.0.255.255
permit ip 192.168.1.0 0.0.0.255 172.16.0.0 0.0.255.255
permit ip 192.168.1.0 0.0.0.255 10.0.0.0 0.255.255.255
permit ip 192.168.0.0 0.0.255.255 192.168.1.0 0.0.0.255
permit ip 172.16.0.0 0.0.255.255 192.168.1.0 0.0.0.255
permit ip 10.0.0.0 0.255.255.255 192.168.1.0 0.0.0.255
exit
interface vlan 10
ip access-group shic in
exit
②、只有服务器网段可以访问财务部
Router0_0: configure terminal
ip access-list extended caiwu
permit ip 192.168.5.0 0.0.0.255 192.168.4.0 0.0.0.255
deny ip 172.16.0.0 0.0.255.255 192.168.4.0 0.0.0.255
deny ip 10.0.0.0 0.255.255.255 192.168.4.0 0.0.0.255
deny ip 192.168.0.0 0.0.255.255 192.168.4.0 0.0.0.255
permit ip any any
exit
interface vlan 40
ip access-group caiwu out
exit
③、分公司只可以访问总部的服务器网段
Router3:configure terminal
ip access-list extended fengonzi
permit ip 172.16.0.0 0.0.255.255 192.168.5.0 0.0.0.255
permit ip 172.16.0.0 0.0.255.255 10.0.0.0 0.255.255.255
deny ip 172.16.0.0 0.0.255.255 192.168.0.0 0.0.255.255
permit ip any any
exit
interface f1/0
ip access-group fengonzi out
exit
五、互联网区设置
1、R1\R2端口设置
R1:configure terminal
interface f0/0
ip address 100.0.0.2 255.255.255.0
no shutdown
exit
interface f0/1
ip address 110.0.0.2 255.255.255.0
no shutdown
exit
interface f1/0
ip address 130.0.0.1 255.255.255.0
no shutdown
exit
interface f1/1
ip address 120.0.0.254 255.255.255.0
no shutdown
exit
R2:configure terminal
interface f0/0
ip address 130.0.0.2 255.255.255.0
no shutdown
exit
interface f0/1
ip address 140.0.0.254 255.255.255.0
no shutdown
exit
2、R1/R2的路由表配置
R1:configure terminal
ip route 140.0.0.0 255.255.255.0 130.0.0.2
exit
R2:configure terminal
ip route 100.0.0.0 255.255.255.0 130.0.0.1
ip route 110.0.0.0 255.255.255.0 130.0.0.1
ip route 120.0.0.0 255.255.255.0 130.0.0.1
3、将R1/R2设置为动态路由
R1:configure terminal
router rip
version 2
no auto-summary //防止出现子网掩码更改
network 100.0.0.0 //激活100.0.0.0网段
network 110.0.0.0
network 120.0.0.0
network 130.0.0.0
exit
R2:configure terminal
router rip
version 2
no auto-summary
network 130.0.0.0
network 140.0.0.0
exit
扫一扫
1723
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
