要求:业务分流,去分部走R1 去互联网走R2;互为备份,
接入层部分:
1、创建vlan
2、修改接口模式
3、把接口划入vlan
汇聚层部分:
1、创建vlan
[sw1vlan batch 2 to 3
[sw2]vlan batch 2 to 3
2、接口做聚合,接口配trunk干道,并允许所有vlan通过
[sw1]int Eth-Trunk 1
[sw1-Eth-Trunk1]trunkport g0/0/1
[sw1-Eth-Trunk1]trunkport g0/0/2
[sw1-Eth-Trunk1]port link-type trunk
[sw1-Eth-Trunk1]port trunk allow-pass vlan all
[sw2]int Eth-Trunk 1
[sw2-Eth-Trunk1]trunkport g0/0/1
[sw2-Eth-Trunk1]trunkport g0/0/2
[sw2-Eth-Trunk1]port link-type trunk
[sw2-Eth-Trunk1]port trunk allow-pass vlan all
[sw1]int g0/0/3
[sw1-GigabitEthernet0/0/3]port link-type trunk
[sw1-GigabitEthernet0/0/3]port trunk allow-pass vlan all
[sw1]int g0/0/4
[sw1-GigabitEthernet0/0/4]port link-type trunk
[sw1-GigabitEthernet0/0/4]port trunk allow-pass vlan all
[sw2-GigabitEthernet0/0/3]port link-type trunk
[sw2-GigabitEthernet0/0/3]port trunk allow-pass vlan all
[sw2-GigabitEthernet0/0/4]port link-type trunk
[sw2-GigabitEthernet0/0/4]port trunk allow-pass vlan all
[sw3-GigabitEthernet0/0/1]port link-type trunk
[sw3-GigabitEthernet0/0/1]port trunk allow-pass vlan all
[sw3-GigabitEthernet0/0/2]port link-type trunk
[sw3-GigabitEthernet0/0/2] port trunk allow-pass vlan all
[sw4-GigabitEthernet0/0/1]port link-type trunk
[sw4-GigabitEthernet0/0/1]port trunk allow-pass vlan all
[sw4-GigabitEthernet0/0/2]port link-type trunk
[sw4-GigabitEthernet0/0/2]port trunk allow-pass vlan all
3、做负载分担,默认就是源目ip
[sw1-Eth-Trunk1]load-balance src-dst-ip
[sw2-Eth-Trunk1]load-balance src-dst-ip
4、做生成树
[sw1]stp enable //开启生成树,每个交换机都要开启
[sw1]stp region-configuration
[sw1-mst-region]region-name a //设置名字
[sw1-mst-region]revision-level 1
[sw1-mst-region]instance 1 vlan 2
[sw1-mst-region]instance 2 vlan 3 //挂入两个vlan
[sw1-mst-region]active region-configuration //激活
[sw2]stp region-configuration
[sw2-mst-region] region-name a
[sw2-mst-region] revision-level 1
[sw2-mst-region] instance 1 vlan 2
[sw2-mst-region] instance 2 vlan 3
[sw2-mst-region] active region-configuration
[sw3]stp region-configuration
[sw3-mst-region] region-name a
[sw3-mst-region] revision-level 1
[sw3-mst-region] instance 1 vlan 2
[sw3-mst-region] instance 2 vlan 3
[sw3-mst-region] active region-configuration
[sw4]stp region-configuration
[sw4-mst-region] region-name a
[sw4-mst-region] revision-level 1
[sw4-mst-region] instance 1 vlan 2
[sw4-mst-region] instance 2 vlan 3
[sw4-mst-region] active region-configuration
5、调成主备分流的根
[sw1]stp instance 1 root primary //sw1是vlan2的主,是vlan3的备
[sw1]stp instance 2 root secondary
[sw2]stp instance 1 root secondary //sw2是vlan2的备,vlan3的主
[sw2]stp instance 2 root primary
如果sw3的g0/0/1口挂了,流量会从g0/0/2进入 从discarding到forwarding只需要1~2s
stp edged-port enable //在边缘端口开启安全保护
[sw3]stp bpdu-protection
[sw4]stp bpdu-protection //做BPDU优化
6、给vlan配ip
[sw1]int vlan 2
[sw1-Vlanif2]ip add 10.2.2.1 24
[sw2-Vlanif2]ip address 10.2.2.2 24
[sw1-Vlanif3]ip add 10.2.3.1 24
[sw2-Vlanif3]ip address 10.2.3.2 24
7、做vrrp,sw1做vlan2的主网关,sw2做vlan3的主网关,做主网关的优先级设置高一些
[sw1-Vlanif2]vrrp vrid 1 virtual-ip 10.2.2.254
[sw1-Vlanif2]vrrp vrid 1 priority 120
[sw1-Vlanif2]vrrp vrid 1 preempt-mode timer delay 5 //抢占时间设为5s
[sw1-Vlanif2]vrrp vrid 1 authentication-mode md5 123//为了安全期间,可以做个认证
优先级默认是100,所有做备份网关的不用改。
[sw2-Vlanif2] vrrp vrid 1 virtual-ip 10.2.2.254
[sw2-Vlanif2] vrrp vrid 1 preempt-mode timer delay 5
[sw2-lanif2]vrrp vrid 1 authentication-mode md5 123
[sw1-Vlanif2]vrrp vrid 1 track interface g0/0/3
reduced 30//vrrp上行链路追踪,即上行链路断开后,vlan2 优先级减去30小于备份网关,就可以进行切换
[sw2-Vlanif3]vrrp vrid 1 track interface g0/0/3
reduced 30
把sw1和2的上行接口划入vlan中,并配上ip地址
[sw1]int g0/0/5
[sw1-GigabitEthernet0/0/3]port
link-type access
[sw1-GigabitEthernet0/0/3]port default vlan 101
[sw1-Vlanif101]ip add 10.2.101.1
24
[sw2int g0/0/5
[sw2GigabitEthernet0/0/3]port
link-type access
[sw2GigabitEthernet0/0/3]port default vlan 102
[sw2-Vlanif202]ip address 10.2.202.2
255.255.255.0
做互通,即互联地址
[sw1-Vlanif102]ip add 10.2.102.1
24
[sw2-Vlanif102]ip add 10.2.101.2
24
8、做地址池(dhcp)的分割
[sw1]dhcp enable
[sw1-Vlanif2]dhcp select global
[sw1]ip pool vlan2
[sw1-ip-pool-vlan2]network 10.2.2.0 mask 255.255.255.0
[sw1-ip-pool-vlan2]gateway-list 10.2.2.254
[sw1-ip-pool-vlan2]dns-list 114.114.114.114
[sw1-ip-pool-vlan2]excluded-ip-address 10.2.2.129 10.2.2.253//分割地址,把后面两个分出去(排除后面两个)
[sw2]dhcp enable
[sw2-Vlanif2]dhcp select global
[sw2]ip pool vlan2
[sw2-ip-pool-vlan2]network 10.2.2.0 mask 255.255.255.0
[sw2-ip-pool-vlan2]gateway-list 10.2.2.254
[sw2-ip-pool-vlan2]dns-list 114.114.114.114
[sw2-ip-pool-vlan2]excluded-ip-address 10.2.2.1 10.2.2.128
Vlan3也是做法与vlan2一样
测试:同一vlan 、不同vlan的pc是否通
下面是获取的ip
核心层部分:
域内起ospf,域间起bgp
1、先配置ip地址
2、起ospf
SW1:
设置沉默接口,sw1和sw2都要配置
检查邻居间关系
修改开销值
[r1-GigabitEthernet0/0/1]ospf cost 2
[r2-GigabitEthernet0/0/1]ospf cost 2
在AS1中底层铺设OSPF
其余的一样
R6 ospf中要调成stub-router
3、做BGP
在AS1内部建立IBGP(R6作为反射器,利用对等体组),全局,同时也要做mpls vpnv4
[r6]bgp 1
[r6-bgp]group IBGP
[r6-bgp]peer IBGP connect-interface LoopBack 0
[r6-bgp]peer IBGP reflect-client
[r6-bgp]peer 10.1.3.3 group IBGP
[r6-bgp]peer 10.1.4.4 group IBGP
[r6-bgp]peer 10.1.8.8 group IBGP
[r6-bgp]peer 10.1.9.9 group IBGP
激活组
[r6-bgp-af-vpnv4]peer 10.1.3.3 group IBGP
[r6-bgp-af-vpnv4]peer 10.1.4.4 group IBGP
[r6-bgp-af-vpnv4]peer 10.1.8.8 group IBGP
[r6-bgp-af-vpnv4]peer 10.1.9.9 group IBGP
做mpls
[r8]mpls lsr-id 10.1.8.8
[r8]mpls
[r8-mpls]mpls ldp
[r8-GigabitEthernet0/0/1]mpls
[r8-GigabitEthernet0/0/1]mpls ldp
[r8-GigabitEthernet0/0/0]mpls
[r8-GigabitEthernet0/0/0]mpls ldp
R3/4/5/6/7/9 都做同样的;
R3:做vpnv4
R4/8/9和R3配置一样
配置VRF:
[r3]ip vpn-instance AS2
[r3-vpn-instance-AS2]route-distinguisher 3:3
[r3-vpn-instance-AS2-af-ipv4]vpn-target 3:3
[r3-GigabitEthernet0/0/2]ip binding vpn-instance AS2
[r3-GigabitEthernet0/0/2]ip add 10.2.13.2 24
R4:
Bgp:
[r9]bgp 1
[r9-bgp]ipv4-family vpn-instance AS4
[r9-bgp-AS4]peer 10.4.119.1 as-number 4
R8/3/4同等操作
接下来有个重发布
[r1]bgp 2
[r1-bgp]import-route ospf 1
[r1]ospf 1
[r1-ospf-1]import-route bgp
R1上同等操作
R8总共做5个VRF空间,其中一个是控制AS5到总部的流量,剩下的是控制到策略中心的流量
4、测试
R1:
扫一扫
1941
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
