Network综合项目 ,网络升级
=============================================
组建大型企业级网络
新建拓扑,添加5台pc 和4台s3700交换机
组建大型企业网络
3700
1,
[Huawei]sysname sw1 //依次将名称修改为sw1~sw4
[sw1]undo info-center enable //关闭日志
2,
[sw1]vlan batch 10 20 30 40 //依次在4台3700创建4个vlan
display version //查询设备版本型号
display current-configuration //查询配置
display this //查看当前视图
display vlan //查看vlan
display ip interface brief //查看ip地址
display ip routing-table //查看完整路由表
display ip routing-table | include /24 //查看部分路由表
display vrrp brief //查看vrrp摘要信息
display acl all //查看所有acl列表
vlan
1,
[sw1]in e0/0/1
[sw1-Ethernet0/0/1]port link-type access //配置为接入链路
[sw1-Ethernet0/0/1]port default vlan 10 //将1口加入vlan10
[sw2]in e0/0/1
[sw2-Ethernet0/0/1]port link-type access
[sw2-Ethernet0/0/1]port default vlan 20 //将1口加入vlan20
[sw3]in e0/0/1
[sw3-Ethernet0/0/1]port link-type access
[sw3-Ethernet0/0/1]port default vlan 30 //将1口加入vlan30
[sw4]in e0/0/1
[sw4-Ethernet0/0/1]port link-type access
[sw4-Ethernet0/0/1]port default vlan 40 //将1口加入vlan40
[sw4-Ethernet0/0/1]in e0/0/2
[sw4-Ethernet0/0/2]port link-type access
[sw4-Ethernet0/0/2]port default vlan 40 //将2口也加入vlan40
2, 为所有s3700的g0/0/1、g0/0/2口配置trunk
[sw1-Ethernet0/0/1]in g0/0/1 //进入1口
[sw1-GigabitEthernet0/0/1]port link-type trunk //配置中继链路
[sw1-GigabitEthernet0/0/1]port trunk allow-pass vlan all //放行所有
[sw1-GigabitEthernet0/0/1]in g0/0/2
[sw1-GigabitEthernet0/0/2]port link-type trunk
[sw1-GigabitEthernet0/0/2]port trunk allow-pass vlan all
后面sw2、sw3、sw4也按上述配置进行
如果接口配置混乱,可以还原:
[sw1]clear configuration interface GigabitEthernet 0/0/1
[sw1]in g0/0/1
[sw1-GigabitEthernet0/0/1]undo shutdown
s5700
1,
[Huawei]sysname sw5 //分别修改主机名
[sw5]undo info-center enable //关闭日志
2,
[sw5]vlan batch 10 20 30 40 //批量创建4个vlan
[sw6]vlan batch 10 20 30 40
s5700
1,配置两台s5700的中继链路
[sw5]port-group 1 //由于需要配置g1~g4口,这里使用接口组
[sw5-port-group-1]group-member GigabitEthernet 0/0/1 to GigabitEthernet 0/0/4
//加g1~g4接口
[sw5-port-group-1]port link-type trunk //配置新建拓扑,添加5台pc 和4台s3700交换机
组建大型企业网络
步骤一:为3700交换机修改主机名,配置vlan
1,
[Huawei]sysname sw1 //依次将名称修改为sw1~sw4
[sw1]undo info-center enable //关闭日志
2,
[sw1]vlan batch 10 20 30 40 //依次在4台3700创建4个vlan
display version //查询设备版本型号
display current-configuration //查询配置
display this //查看当前视图
display vlan //查看vlan
display ip interface brief //查看ip地址
display ip routing-table //查看完整路由表
display ip routing-table | include /24 //查看部分路由表
display vrrp brief //查看vrrp摘要信息
display acl all //查看所有acl列表
步骤二:将终端设备加入对应的vlan
1,
[sw1]in e0/0/1
[sw1-Ethernet0/0/1]port link-type access //配置为接入链路
[sw1-Ethernet0/0/1]port default vlan 10 //将1口加入vlan10
[sw2]in e0/0/1
为中继链路
[sw5-port-group-1]port trunk allow-pass vlan all //放行所有
[sw6]port-group 1 //另外一台也是相同配置
[sw6-port-group-1]group-member GigabitEthernet 0/0/1 to GigabitEthernet 0/0/4
[sw6-port-group-1]port link-type trunk
[sw6-port-group-1]port trunk allow-pass vlan all
2,将每台s5700的5口和6口捆绑成链路聚合,并配置中继链路
[sw5]interface Eth-Trunk 1 //创建(进入)链路聚合接口
[sw5-Eth-Trunk1]trunkport GigabitEthernet 0/0/5 0/0/6 //捆绑5口
与6口
[sw5-Eth-Trunk1]port link-type trunk //配置成中继链路
[sw5-Eth-Trunk1]port trunk allow-pass vlan all //放行所有
[sw6]interface Eth-Trunk 1 //sw6的配置一样
[sw6-Eth-Trunk1]trunkport GigabitEthernet 0/0/5 0/0/6
[sw6-Eth-Trunk1]port link-type trunk
[sw6-Eth-Trunk1]port trunk allow-pass vlan all
s5700
1,s5700的vlan配置不同ip
[sw5]in vlan 10
[sw5-Vlanif10]ip add 192.168.10.252 24
[sw5-Vlanif10]in vlan 20
[sw5-Vlanif20]ip add 192.168.20.252 24
[sw5-Vlanif20]in vlan 30
[sw5-Vlanif30]ip add 192.168.30.252 24
[sw5-Vlanif30]in vlan 40
[sw5-Vlanif40]ip add 192.168.40.252 24
[sw6]in vlan 10
[sw6-Vlanif10]ip add 192.168.10.253 24
[sw6-Vlanif10]in vlan 20
[sw6-Vlanif20]ip add 192.168.20.253 24
[sw6-Vlanif20]in vlan 30
[sw6-Vlanif30]ip add 192.168.30.253 24
[sw6-Vlanif30]in vlan 40
[sw6-Vlanif40]ip add 192.168.40.253 24
依次为pc配置好ip
Pc1 192.168.10.1
Pc2 192.168.20.1
Pc3 192.168.30.1
Pc4 192.168.40.1
Pc5 192.168.40.2
然后检测同网段间是否可以互通,如果不通,检查:
1, ip地址
2, 是否所有交换机创建所有vlan
3, pc连接交换机接口的链路是否加入到对应vlan,交换
机与交换机之间的链路是否为trunk
vrrp
sw5 vlan10、20 主 vlan30、40 备
sw6 vlan30、40 主 vlan10、20 备
[sw5]in vlan 10 //进入vlan10接口
[sw5-Vlanif10]vrrp vrid 10 virtual-ip 192.168.10.254 //开启vrrp
并配置虚拟路由器ip是10.254
[sw5-Vlanif10]vrrp vrid 10 priority 105 //修改优先级为105
[sw5-Vlanif10]in vlan 20
[sw5-Vlanif20]vrrp vrid 20 virtual-ip 192.168.20.254
[sw5-Vlanif20]vrrp vrid 20 priority 105
[sw5-Vlanif20]in vlan 30
[sw5-Vlanif30]vrrp vrid 30 virtual-ip 192.168.30.254
[sw5-Vlanif30]in vlan 40
[sw5-Vlanif40]vrrp vrid 40 virtual-ip 192.168.40.254
[sw6]in vlan 10
[sw6-Vlanif10]vrrp vrid 10 virtual-ip 192.168.10.254
[sw6-Vlanif10]in vlan 20
[sw6-Vlanif20]vrrp vrid 20 virtual-ip 192.168.20.254
[sw6-Vlanif20]in vlan 30
[sw6-Vlanif30]vrrp vrid 30 virtual-ip 192.168.30.254
[sw6-Vlanif30]vrrp vrid 30 priority 105 //sw6要成为vlan30的主,所以
要修改优先级
[sw6-Vlanif30]in vlan 40
[sw6-Vlanif40]vrrp vrid 40 virtual-ip 192.168.40.254
[sw6-Vlanif40]vrrp vrid 40 priority 105 //sw6要成为vlan40的主,所以
要修改优先级
<sw5>display vrrp brief //vrrp配置好之后检查每台三层交换机应该是两
主两备的状态将所有pc的网关按照所在vlan配置好对应的虚拟路由器的
ip,并测试全网互通效果
步骤七: 添加两台ar2220路由器 按图配置ip地址
1,
[Huawei]sysname r1 //第一台路由器改名
[r1]in g0/0/0 //进入0接口
[r1-GigabitEthernet0/0/0]ip add 192.168.50.1 24 //配置ip
[r1]in g0/0/1 //进入1接口
[r1-GigabitEthernet0/0/1]ip add 192.168.60.1 24 //配置ip
[sw5]vlan 50 //创建vlan50
[sw5-vlan50]in vlan 50 //进入vlan50
[sw5-Vlanif50]ip add 192.168.50.2 24 //配置ip
[sw5-Vlanif50]in g0/0/7 //进入7口
[sw5-GigabitEthernet0/0/7]port link-type access
[sw5-GigabitEthernet0/0/7]port default vlan 50 //加入vlan50
[sw5]vlan 70 //创建vlan20
[sw5-vlan70]in vlan 70 //进入vlan70
[sw5-Vlanif70]ip add 192.168.70.2 24 //配置ip
[sw5-Vlanif70]in g0/0/8 //进入8口
[sw5-GigabitEthernet0/0/8]port link-type access
[sw5-GigabitEthernet0/0/8]port default vlan 70 //加入vlan70
在第二台路由器改名为r2
[r2]in g0/0/0 //进入0接口
[r2-GigabitEthernet0/0/0]ip add 192.168.70.1 24 //配置ip
[r2]in g0/0/1 //进入1接口
[r2-GigabitEthernet0/0/1]ip add 192.168.80.1 24 //配置ip
[sw6]vlan 60 //创建vlan60
[sw6-vlan60]in vlan 60 //进入vlan60
[sw6-Vlanif60]ip add 192.168.60.2 24 //配置ip
[sw6-Vlanif60]in g0/0/7 //进入7口
[sw6-GigabitEthernet0/0/7]port link-type access
[sw6-GigabitEthernet0/0/7]port default vlan 60 //加入vlan60
[sw6]vlan 80 //创建vlan80
[sw6-vlan80]in vlan 80 //进入vlan80
[sw6-Vlanif80]ip add 192.168.80.2 24 //配置ip
[sw6-Vlanif80]in g0/0/8 //进入8口
[sw6-GigabitEthernet0/0/8]port link-type access
[sw6-GigabitEthernet0/0/8]port default vlan 80 //加入vlan80
s5700
1,
[sw5]ospf //开启动态路由协议ospf
[sw5-ospf-1]area 0 //进入区域0
[sw5-ospf-1-area-0.0.0.0]network 192.168.10.0 0.0.0.255 //宣告
直连网段
[sw5-ospf-1-area-0.0.0.0]network 192.168.20.0 0.0.0.255
[sw5-ospf-1-area-0.0.0.0]network 192.168.30.0 0.0.0.255
[sw5-ospf-1-area-0.0.0.0]network 192.168.40.0 0.0.0.255
[sw5-ospf-1-area-0.0.0.0]network 192.168.50.0 0.0.0.255
[sw5-ospf-1-area-0.0.0.0]network 192.168.70.0 0.0.0.255
[sw6]ospf
[sw6-ospf-1]area 0
[sw6-ospf-1-area-0.0.0.0]network 192.168.10.0 0.0.0.255
[sw6-ospf-1-area-0.0.0.0]network 192.168.20.0 0.0.0.255
[sw6-ospf-1-area-0.0.0.0]network 192.168.30.0 0.0.0.255
[sw6-ospf-1-area-0.0.0.0]network 192.168.40.0 0.0.0.255
[sw6-ospf-1-area-0.0.0.0]network 192.168.60.0 0.0.0.255
[sw6-ospf-1-area-0.0.0.0]network 192.168.80.0 0.0.0.255
[r1]ospf //然后在两台路由器上也配置ospf
[r1-ospf-1]area 0
[r1-ospf-1-area-0.0.0.0]network 192.168.50.0 0.0.0.255
[r1-ospf-1-area-0.0.0.0]network 192.168.60.0 0.0.0.255
[r2]ospf
[r2-ospf-1]area 0
[r2-ospf-1-area-0.0.0.0]network 192.168.70.0 0.0.0.255
[r2-ospf-1-area-0.0.0.0]network 192.168.80.0 0.0.0.255
然后测试全网互通的效果
dis ip routing-table | include /24 //检查路由表
s3700
ip
1,
[Huawei]in vlan 1
[Huawei-Vlanif1]ip add 100.0.0.10 8
两台路由器的g0/0/2口也按图配置ip,配置步骤此处省略。
步骤十:配置默认路由
默认路由,是特殊的静态路由,可以匹配任意网段
专门用来访问海量外部网络使用
1,
[r1]ip route-static 0.0.0.0 0 100.0.0.10 //路由器配置默认路由,可以访问
任意网络(主要用来匹配海量外网网段)
[r1]ospf
[r1-ospf-1]default-route-advertise //发布默认路由,相当于宣告,然后
下面的三层交换就就可以学习到该默认路由
[r2]ip route-static 0.0.0.0 0 100.0.0.10 //另外一台路由器配置相同
[r2]ospf
[r2-ospf-1]default-route-advertise //发布默认路由
nat
1,
[r1]acl 2000 //创建acl
[r1-acl-basic-2000]rule permit source any //创建规则,放行所有
[r1-acl-basic-2000]in g0/0/2 //进入外网接口
[r1-GigabitEthernet0/0/2]nat outbound 2000 //开启nat
[r2]acl 2000 //第二台路由器配置一样的内容
[r2-acl-basic-2000]rule permit source any
[r2-acl-basic-2000]in g0/0/2
[r2-GigabitEthernet0/0/2]nat outbound 2000
over
