xx公司园区网络搭建脚本
相关命令可以作为其他实验的参考
1.完成IP地址规划
2.AR4的DHCP功能pc1,pc2自动获取
3,二层交换机防环lsw1根桥
4.vlan划分,pc1,2可以访问组播服务器,也可以访问外网,但vlan间不能互访
5.配置组播服务器,pc能够看内部视频2可以访问组播服务器,也可
6.AR1 2 3 配置ppp链路,aaa模式chap认证
7.AR12345 采用ospf多区域实现互通
8.AR4上面在出接口配置easy-ip 访问server1
9.ospf1 里面配置vrrp
10.server1配置ftp和http服务器
11.AR5上面设置acl,允许访问ftp,拒绝访问http
*实验图如下:
IP地址如上表
R1
aaa
local-user r1 password cipher huawei
local-user r1 service-type ppp
interface Serial4/0/0
link-protocol ppp
ppp authentication-mode chap
ip address 100.1.13.1 255.255.255.0
interface Serial4/0/1
link-protocol ppp
ppp authentication-mode chap
ip address 100.1.12.1 255.255.255.0
interface GigabitEthernet0/0/0
ip address 100.1.11.1 255.255.255.0
ospf 1
default-route-advertise always
area 0.0.0.0
network 100.1.12.1 0.0.0.0
network 100.1.13.1 0.0.0.0
#
ip route-static 0.0.0.0 0.0.0.0 100.1.1.254
R2
aaa
local-user r2 password cipher huawei
local-user r2 service-type ppp
interface Serial4/0/0
link-protocol ppp
ppp authentication-mode chap
ip address 100.1.23.2 255.255.255.0
interface Serial4/0/1
link-protocol ppp
ppp chap user r1
ppp chap password cipher %$%$,[bpQp#sRSs%6m=5/TGE,#o,%$%$
ip address 100.1.12.2 255.255.255.0
interface GigabitEthernet0/0/1
ip address 100.1.24.2 255.255.255.0
ospf 1
area 0.0.0.0
network 100.1.12.2 0.0.0.0
network 100.1.23.2 0.0.0.0
network 100.1.24.0 0.0.0.255
network 100.1.24.2 0.0.0.0
R3
interface Serial4/0/0
link-protocol ppp
ppp chap user r2
ppp chap password cipher huawei
ip address 100.1.23.3 255.255.255.0
interface Serial4/0/1
link-protocol ppp
ppp chap user r1
ppp chap password cipher huawei
ip address 100.1.13.3 255.255.255.0
interface GigabitEthernet0/0/1
ip address 100.1.35.3 255.255.255.0
ospf 1
area 0.0.0.0
network 100.1.13.3 0.0.0.0
network 100.1.23.3 0.0.0.0
network 100.1.35.0 0.0.0.255
R4
dhcp enable
acl number 2000
rule 5 permit source 192.168.0.0 0.0.255.255
ip pool pool1
gateway-list 192.168.1.254
network 192.168.1.0 mask 255.255.255.0
excluded-ip-address 192.168.1.200 192.168.1.252
lease day 0 hour 0 minute 1
ip pool pool2
gateway-list 192.168.2.254
network 192.168.2.0 mask 255.255.255.0
excluded-ip-address 192.168.2.200 192.168.2.252
lease day 0 hour 0 minute 1
interface GigabitEthernet0/0/0
ip address 172.16.1.4 255.255.255.0
pim dm
dhcp select global
interface GigabitEthernet0/0/1
ip address 100.1.24.4 255.255.255.0
nat outbound 2000
interface GigabitEthernet0/0/2
ip address 172.16.2.4 255.255.255.0
pim dm
dhcp select global
ospf 1
area 0.0.0.0
network 100.1.24.4 0.0.0.0
area 0.0.0.1
network 172.16.1.0 0.0.0.255
network 172.16.2.0 0.0.0.255
R5
acl number 3001
rule 5 deny tcp destination-port eq www
interface GigabitEthernet0/0/0
ip address 100.1.35.5 255.255.255.0
interface GigabitEthernet0/0/1
ip address 192.168.4.254 255.255.255.0
traffic-filter inbound acl 3001
ospf 1
area 0.0.0.0
network 100.1.35.5 0.0.0.0
area 0.0.0.2
network 192.168.4.0 0.0.0.255
LSW1
vlan batch 10 20 100
multicast routing-enable
igmp-snooping enable
dhcp enable
stp region-configuration
region-name mst
instance 1 vlan 10
instance 2 vlan 20
active region-configuration
acl number 3000
rule 1 deny ip source 192.168.1.0 0.0.0.255 destination 192.168.2.0 0.0.0.255
interface Vlanif1
pim dm
interface Vlanif10
ip address 192.168.1.201 255.255.255.0
vrrp vrid 10 virtual-ip 192.168.1.254
vrrp vrid 10 priority 110
vrrp vrid 10 track interface GigabitEthernet0/0/3 reduced 50
pim dm
igmp enable
dhcp select relay
dhcp relay server-ip 172.16.1.4
dhcp relay server-ip 172.16.2.4
interface Vlanif20
ip address 192.168.2.201 255.255.255.0
vrrp vrid 20 virtual-ip 192.168.2.254
vrrp vrid 20 priority 110
vrrp vrid 20 track interface GigabitEthernet0/0/3 reduced 50
pim dm
igmp enable
dhcp select relay
dhcp relay server-ip 172.16.1.4
dhcp relay server-ip 172.16.2.4
interface Vlanif100
ip address 172.16.1.1 255.255.255.0
pim dm
interface MEth0/0/1
interface Eth-Trunk1
port link-type trunk
port trunk allow-pass vlan 2 to 4094
interface GigabitEthernet0/0/1
port link-type access
port default vlan 10
traffic-filter inbound acl 3000
interface GigabitEthernet0/0/2
port link-type access
port default vlan 20
interface GigabitEthernet0/0/3
port link-type access
port default vlan 100
interface GigabitEthernet0/0/4
eth-trunk 1
interface GigabitEthernet0/0/5
eth-trunk 1
ospf 1
silent-interface Vlanif10
silent-interface Vlanif20
area 0.0.0.1
network 192.168.1.0 0.0.0.255
network 192.168.2.0 0.0.0.255
network 172.16.1.0 0.0.0.255
igmp
pim
LSW2
vlan batch 10 20 200 300 1000
multicast routing-enable
dhcp enable
stp region-configuration
region-name mst
instance 1 vlan 10
instance 2 vlan 20
active region-configuration
interface Vlanif1
pim dm
interface Vlanif10
ip address 192.168.1.200 255.255.255.0
vrrp vrid 10 virtual-ip 192.168.1.254
vrrp vrid 10 preempt-mode timer delay 5
vrrp vrid 10 track interface GigabitEthernet0/0/1 reduced 50
dhcp select relay
dhcp relay server-ip 172.16.1.4
dhcp relay server-ip 172.16.2.4
interface Vlanif20
ip address 192.168.2.200 255.255.255.0
vrrp vrid 20 virtual-ip 192.168.2.254
vrrp vrid 20 preempt-mode timer delay 5
vrrp vrid 20 track interface GigabitEthernet0/0/1 reduced 50
dhcp select relay
dhcp relay server-ip 172.16.1.4
dhcp relay server-ip 172.16.2.4
interface Vlanif200
ip address 172.16.2.2 255.255.255.0
pim dm
interface Vlanif300
ip address 192.168.3.254 255.255.255.0
pim dm
interface Eth-Trunk1
port link-type trunk
port trunk allow-pass vlan 2 to 4094
interface GigabitEthernet0/0/1
port link-type access
port default vlan 200
interface GigabitEthernet0/0/2
eth-trunk 1
interface GigabitEthernet0/0/3
eth-trunk 1
interface GigabitEthernet0/0/4
port hybrid pvid vlan 300
port hybrid untagged vlan 300
ospf 1
silent-interface Vlanif10
silent-interface Vlanif20
silent-interface Vlanif300
area 0.0.0.1
network 192.168.1.0 0.0.0.255
network 192.168.2.0 0.0.0.255
network 172.16.2.0 0.0.0.255
network 192.168.3.0 0.0.0.255
igmp
ssm-mapping 239.0.0.1 255.255.255.255 192.168.1.1
pim
c-bsr hash-length 24
c-bsr Vlanif300
组播配置一定要注意
—额外补充,切记注意;我这上面是组播数据经过sw2---->R4----->SW1------->用户pc
multicast routing-enable 全局开启组播路由
pim dm 在接口开启组播(组播有两种形式dm,sm)
igmp enable 在接入用户的接口开启igmp组管理
3471
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
