本实例为大家分享利用OSPF、PAT、MSTP、DHCP、VLAN技术实现企业内外网的组建互通的过程,如下图所示

《小牛试刀:企业网络组建——阶段二项目练习》

  • 其中,红色区域代表ISP互联网服务商,蓝色区域代表公司内网,要求实现公司内外网互通,且可以访问内网的服务器和网络设备

    实验要求如下:
    1.内网交换机实现流量负载均衡;
    2.企业内网使用OSPF路由协议;
    3.确保PC1自动获取IP地址,且与PC2网络互通;
    4.PC2可以远程访问内网交换机SW1;
    5.Client1和访问内网Server1。

    第一步:企业内网配置MSTP,实现流量负载均衡
    SW1交换机配置
    system-view
    sysname SW1
    vlan batch 10 20 30
    port-group 1
    group-member g0/0/10 g0/0/11
    port link-type trunk
    port trunk allow-pass vlan all
    quit
    interface g0/0/2
    port link-type access
    port default vlan 30
    quit
    stp region-configuration
    region-name ntd
    instance 10 vlan 10
    instance 20 vlan 20
    active region-configuration
    quit
    stp instance 10 root primary
    stp instance 20 root primary
    SW2交换机配置
    system-view
    sysname SW2
    vlan batch 10 20 30
    port-group 1
    group-member eth0/0/10 eth0/0/11
    port link-type trunk
    port trunk allow-pass vlan all
    quit
    interface eth0/0/1
    port link-type access
    port default vlan 10
    quit
    stp region-configuration
    region-name ntd
    instance 10 vlan 10
    instance 20 vlan 20
    active region-configuration
    quit
    stp instance 10 root secondary
    SW3交换机配置
    system-view
    sysname SW3
    vlan batch 10 20 30
    port-group 1
    group-member eth0/0/10 eth0/0/11
    port link-type trunk
    port trunk allow-pass vlan all
    quit
    interface eth0/0/1
    port link-type access
    port default vlan 20
    quit
    stp region-configuration
    region-name ntd
    instance 10 vlan 10
    instance 20 vlan 20
    active region-configuration
    quit
    stp instance 20 root secondary

    第二步:内外网网络地址配置

    DHCP
    system-view
    sysname DHCP
    interface G0/0/0
    ip address 176.233.30.2 24
    quit
    SW1
    interface Vlanif 1
    ip address 176.233.100.2 24
    quit
    interface Vlanif 10
    ip address 176.233.10.1 24
    quit
    interface Vlanif 20
    ip address 176.233.20.1 24
    quit
    interface Vlanif 30
    ip address 176.233.30.1 24
    quit
    R1
    system-view
    sysname R1
    interface G0/0/1
    ip address 176.233.100.1 24
    interface g0/0/0
    ip address 100.1.1.2 255.255.255.0
    quit
    R2
    interface g0/0/0
    ip address 100.1.1.1 24
    interface g0/0/1
    ip address 200.1.1.1 24

    第三步:企业配置OSPF配置
    DHCP
    ospf 1 router-id 3.3.3.3
    area 0
    network 176.233.30.0 0.0.0.255
    SW1
    ospf 1 router-id 2.2.2.2
    area 0
    network 176.233.10.0 0.0.0.255
    network 176.233.20.0 0.0.0.255
    network 176.233.30.0 0.0.0.255
    network 176.233.100.0 0.0.0.255
    R1
    ospf 1 router-id 1.1.1.1
    area 0
    network 176.233.100.0 0.0.0.255
    ip route-static 0.0.0.0 0.0.0.0 100.1.1.1
    default-route-advertise always

    第四步:DHCP配置
    DHCP
    dhcp enable
    interface G0/0/0
    dhcp select global
    quit
    ip pool p1
    network 176.233.10.0 mask 255.255.255.0
    gateway-list 176.233.10.1
    dns-list 10.10.10.10
    SW1
    dhcp enable
    interface Vlanif 10
    ip address 176.233.10.1 24
    dhcp select relay
    dhcp relay server-ip 176.233.30.2
    quit

    第五步:配置内网设备映射以及远程管理,
    配置说明:对于PC1我们可使用Easy ip ,对于Server1和SW1使用NAT Server
    R1上面配置NAT
    acl 2000
    rule 10 permit source 176.233.10.0 0.0.0.255
    quit
    interface g0/0/0
    nat outbound 2000
    nat server protocol tcp global current-interface 8080 inside 176.233.20.20 www
    nat server protocol tcp global current-interface 8090 inside 176.233.100.2 telnet
    SW1配置远程管理
    user-interface vty 0 4
    user privilege level 15
    authentication-mode password
    set authentication password cipher 123456

    第六步:进行测试
    PC1------------->PC2
    《小牛试刀:企业网络组建——阶段二项目练习》

    PC2------------->SW1远程管理

    《小牛试刀:企业网络组建——阶段二项目练习》

    Client1----------->Server1访问内网服务器
    《小牛试刀:企业网络组建——阶段二项目练习》

    至此全部验证成功!!!!!!!