|
1.所需設(shè)備
3臺(tái)路由器R1、R2�、R3,2臺(tái)三層交換機(jī)S1��、S2�����,兩臺(tái)二層交換機(jī)S3���、S4���,PC機(jī)5臺(tái),交叉線直連線各若干�����,DCE-DTE串行線一條����。
2.拓?fù)浣Y(jié)構(gòu)圖
3.組網(wǎng)
路由器R1啟動(dòng)OSPF路由協(xié)議并鏈接兩個(gè)網(wǎng)絡(luò)F0連接192.168.1.0 Area 1與S0連接192.168.2.0 Area 0,針對(duì)S0端口啟動(dòng)PPP PAP 認(rèn)證��。在F0端口啟動(dòng)ACL,允許IP為192.168.3.1-127的主機(jī)訪問(wèn)192.168.1.0網(wǎng)絡(luò)�,但不允許IP為192.168.3.128-254的主機(jī)訪問(wèn)。
? 路由器R2 啟動(dòng)OSPF協(xié)議及RIP協(xié)議����,右端S0/1鏈接192.168.2.0 Area 0 路由協(xié)議為OSPF,左端F0鏈接192.168.3.0網(wǎng)絡(luò) 路由協(xié)議為RIP2�。
? 路由器R3啟動(dòng)RIP協(xié)議,上端F0/2連接192.168.3.0網(wǎng)絡(luò)���,左端F0/0連接192.168.4.0網(wǎng)絡(luò)����,右端F0/1鏈接192.168.5.0網(wǎng)絡(luò)�。針對(duì)F0/0、F0/1為入口F3為出口的網(wǎng)絡(luò)通信啟用NAT功能�����,將來(lái)自192.168.10.0網(wǎng)絡(luò)的源IP地址動(dòng)態(tài)的轉(zhuǎn)換為192.168.3.1-127�,來(lái)自192.168.20.0網(wǎng)絡(luò)的源IP地址動(dòng)態(tài)轉(zhuǎn)換為192.168.3.128-254���。
? R3下有vlan 10 ��、vlan 20�。
? S1 、S2 都分別對(duì)兩vlan起用vrrp組����,vlan 10的vrrp虛擬IP為192.168.10.254,vlan 20的vrrp虛擬IP為192.168.20.254實(shí)現(xiàn)兩組的業(yè)務(wù)的負(fù)載分擔(dān)和備份���。
? S1�、S2���、S3����、S4 都起用 mstp多生成數(shù)協(xié)議��,并且實(shí)例映射一致(vlan 10映射實(shí)例1����、vlan 20映射實(shí)例2 其他vlan映射默認(rèn)實(shí)例0)。
? Vlan 10以S1為根橋�; vlan 20以S2為根橋;實(shí)現(xiàn)阻斷網(wǎng)絡(luò)環(huán)路�,并能實(shí)現(xiàn)不同vlan數(shù)據(jù)流負(fù)載分擔(dān)功能���。
? PC1的默認(rèn)網(wǎng)關(guān)為192.168.10.254,PC2的默認(rèn)網(wǎng)關(guān)為192.168.20.254��。
?NAT��,MSTP����,VRRP 實(shí)現(xiàn)
4.詳細(xì)配置
R1的配置
En
進(jìn)入特權(quán)模式
conf t
進(jìn)入全局模式
int s 0/1
進(jìn)入接口模式
ip address 192.168.2.2 255.255.255.0
給接口配置IP地址
no shutdown
啟用接口
int f0/0
ip address 192.168.1.1 255.255.255.0
no shutdown
router OSPF 1
進(jìn)入 OSPF協(xié)議模式,進(jìn)程 號(hào)為1
network 192.168.2.0 0.0.0.255 area 0
network 192.168.1.0 0.0.0.255 area 1
聲明本路由由器所知的網(wǎng)段�,即路由器活動(dòng)接口所在的網(wǎng)段
access-list 10 permit 192.168.3.127 0.0.0.127
設(shè)置標(biāo)準(zhǔn)訪問(wèn)控制列表,允許指定的網(wǎng)段
access-list 10 deny 192.168.3.128 0.0.0.127
拒絕指定的網(wǎng)段
interface fa 0
ip access-group 1 out
在接口模式下應(yīng)用訪問(wèn)控制列表
username ruijie password 123
在路由器上建立 一個(gè)用戶(hù)�����,并設(shè)置密碼
interface seri 0
encapsulation ppp
ppp authentication pap
設(shè)置串行鏈路的認(rèn)證模式為ppp chap
R2的配置
configure terminal
interface fa 0
ip address 192.168.3.2 255.255.255.0
no shutdown
exit
interface Ser 0
ip address 192.168.2.1 255.255.255.0
clork rate 5600
no shutdown
exit
router ospf 1
network 192.168.2.0 0.0.0.255 area 0
exit
router rip
version 2
network 192.168.3.0
exit
router ospf 1
redistribute rip metric-type 1 metric 10 subnets
exit
router rip
redistribute ospf 1 metric 3
exit
inter ser 0
ppp pap sent-username ruijie password 123
exit
R3的配置
configure terminal
interface fa 0
ip address 192.168.4.2 255.255.255.0
no shutdown
exit
interface fa 1
ip address 192.168.5.2 255.255.255.0
no shutdown
exit
interface fa 2
ip address 192.168.3.1 255.255.255.0
no shutdown
exit
router rip
version 2
network 192.168.5.0
network 192.168.3.0
network 192.168.4.0
interface fastethernet 2
ip nat outside
exit
interface fastethernet 0
ip nat inside
exit
interface fastethernet 1
ip nat inside
exit
access-list 10 permit 192.168.10.0 0.0.0.255
ip nat pool abc 192.168.3.5 192.168.3.127 netmask 255.255.255.0
ip nat inside source list 10 pool abc overload
access-list 20 permit 192.168.20.0 0.0.0.255
ip nat pool cba 192.168.3.129 192.168.3.253 netmask 255.255.255.0
ip nat inside source list 20 pool cba overload
S1的配置
vlan 10
建立VLAN
exit
vlan 20
exit
inter range fa 0/1-2
switchport mode trunk
exit
設(shè)置指定的端口為trunk模式
inter range fa 0/1-2
port-group 1
exit
將端口加入到1號(hào)聚合組
inter range fa 0/3-4
switchport mode trunk
exit
spanning-tree
spanning-tree mode mstp
聲明生成樹(shù)協(xié)議模式為 MST
spanning-tree mst configuration
進(jìn)入mst配置模式
name taishan
生成樹(shù)名稱(chēng)和更新版本
revision 1
instance 1 vlan 10
instance 2 vlan 20
建立實(shí)例1和2,關(guān)聯(lián)相關(guān)的VLAN
exit
spanning-tree mst 1 priority 8192
設(shè)置相應(yīng)的實(shí)例的優(yōu)先級(jí)�,優(yōu)先級(jí)值越小級(jí)別越高
inter fa 0/5
no switchport
將接口轉(zhuǎn)換為路由模式
ip address 192.168.4.1 255.255.255.0
no shut
exit
inter vlan 10
進(jìn)入vlan10的虛擬接口
ip address 192.168.10.1 255.255.255.0
standby 1 priority 120
設(shè)置vrrp的優(yōu)先級(jí) ,值越小級(jí)別越高����,級(jí)別高的會(huì)成為主要轉(zhuǎn)發(fā)的路由器
standby 1 ip 192.168.10.254
設(shè)置vrrp1的虛擬ip地址
exit
inter vlan 20
ip address 192.168.20.1 255.255.255.0
standby 2 ip 192.168.20.254
ip router rip
version 2
network 192.168.10.0
network 192.168.20.0
network 192.168.4.0
S2的配置
vlan 10
exit
vlan 20
exit
inter range fa 0/1-2
switchport mode trunk
exit
inter range fa 0/1-2
port-group 1
exit
inter range fa 0/3-4
switchport mode trunk
exit
以下設(shè)置MST,優(yōu)先級(jí)與別外一臺(tái)路由器相反���,以達(dá)到互為主備的目的
spanning-tree
spanning-tree mode mstp
spanning-tree mst configuration
name taishan
revision 1
instance 1 vlan 10
instance 2 vlan 20
exit
spanning-tree mst 2 priority 8192
inter fa 0/5
no switchport
ip address 192.168.5.1 255.255.255.0
no shut
Exit
以下為設(shè)置VRRP��,與上一臺(tái)設(shè)置的優(yōu)先級(jí)不同�,形成互為主備的虛擬網(wǎng)關(guān)
inter vlan 10
ip address 192.168.10.1 255.255.255.0
standby 1 ip 192.168.10.254
exit
inter vlan 20
ip address 192.168.20.1 255.255.255.0
standby 2 priority 120
standby 2 ip 192.168.20.254
ip router rip
version 2
network 192.168.10.0
network 192.168.20.0
network 192.168.5.0
S3的配置
vlan 10
exit
vlan 20
exit
inter range fa 0/1-2
switchport mode trunk
exit
spanning-tree
spanning-tree mode mstp
spanning-tree mst configuration
name taishan
revision 1
instance 1 vlan 10
instance 2 vlan 20
exit
inter fa 0/5
switchport access vlan 10
exit
inter vlan 10
ip address 192.168.10.1 255.255.255.0
exit
inter vlan 20
ip address 192.168.20.1 255.255.255.0
S4的配置
vlan 10
exit
vlan 20
exit
inter range fa 0/1-2
switchport mode trunk
exit
spanning-tree
spanning-tree mode mstp
spanning-tree mst configuration
name taishan
revision 1
instance 1 vlan 10
instance 2 vlan 20
exit
inter fa 0/5
switchport access vlan 20
exit
inter vlan 10
ip address 192.168.10.1 255.255.255.0
exit
inter vlan 20
ip address 192.168.20.1 255.255.255.0 來(lái)源:http://www./content-4-184401.html
|
