【设备清单】
防火墙*1
核心交换机*1
汇聚交换机*2
接入交换机*6
【需求】
暂时需要全网互通,后续会加入双链路和增加接入设备。
【大致配置】
防火墙开启各种防攻击策略,做nat
核心交换机
interface GigabitEthernet 3/1
switchport access vlan 60
!
interface GigabitEthernet 3/2
switchport access vlan 60 划分N个vlan,再将接口划分入vlan
!
interface GigabitEthernet 4/1
switchport mode trunk
description jiaoxuelou
!
interface GigabitEthernet 4/2
switchport mode trunk
description nvshengsushe
!
interface GigabitEthernet 4/3
switchport mode trunk
description bangongqu
!
interface GigabitEthernet 4/4
switchport mode trunk
description nanshengsushe 与汇聚交换机连接的光口封装为tr
!
interface GigabitEthernet 4/22
switchport mode trunk
!
interface GigabitEthernet 4/23
switchport mode trunk
!
interface GigabitEthernet 4/24 开启三层地址与防火墙内网接口连接
no switchport
no ip proxy-arp
ip address 172.16.1.2 255.255.255.0
!
interface VLAN 10 给VLAN配地址做内网网关
no ip proxy-arp
ip address 10.10.10.254 255.255.255.0
!
interface VLAN 20
no ip proxy-arp
ip address 10.10.20.254 255.255.255.0
!
interface VLAN 30
no ip proxy-arp
ip address 10.10.30.254 255.255.255.0
!
!
interface Mgmt 0
duplex auto
speed auto
!
!
ip route 0.0.0.0 0.0.0.0 172.16.1.1 一条默认路由到防火墙
switchport access vlan 60
!
interface GigabitEthernet 3/2
switchport access vlan 60 划分N个vlan,再将接口划分入vlan
!
interface GigabitEthernet 4/1
switchport mode trunk
description jiaoxuelou
!
interface GigabitEthernet 4/2
switchport mode trunk
description nvshengsushe
!
interface GigabitEthernet 4/3
switchport mode trunk
description bangongqu
!
interface GigabitEthernet 4/4
switchport mode trunk
description nanshengsushe 与汇聚交换机连接的光口封装为tr
!
interface GigabitEthernet 4/22
switchport mode trunk
!
interface GigabitEthernet 4/23
switchport mode trunk
!
interface GigabitEthernet 4/24 开启三层地址与防火墙内网接口连接
no switchport
no ip proxy-arp
ip address 172.16.1.2 255.255.255.0
!
interface VLAN 10 给VLAN配地址做内网网关
no ip proxy-arp
ip address 10.10.10.254 255.255.255.0
!
interface VLAN 20
no ip proxy-arp
ip address 10.10.20.254 255.255.255.0
!
interface VLAN 30
no ip proxy-arp
ip address 10.10.30.254 255.255.255.0
!
!
interface Mgmt 0
duplex auto
speed auto
!
!
ip route 0.0.0.0 0.0.0.0 172.16.1.1 一条默认路由到防火墙
汇聚交换机
vlan 1
!
vlan 20
!
vlan 100
name guangli
!
interface GigabitEthernet 0/1
switchport mode trunk
!
vlan 1
!
vlan 20
!
vlan 100
name guangli
!
interface GigabitEthernet 0/1
switchport mode trunk
!
…………………….
!
interface GigabitEthernet 0/23
switchport mode trunk
!
interface GigabitEthernet 0/24
switchport mode trunk
medium-type fiber 接口类型为光纤
!
interface VLAN 100 管理VLAN地址
no ip proxy-arp
ip address 10.10.100.6 255.255.255.0
!
ip route 0.0.0.0 0.0.0.0 10.10.20.254 默认路由到三层
interface GigabitEthernet 0/23
switchport mode trunk
!
interface GigabitEthernet 0/24
switchport mode trunk
medium-type fiber 接口类型为光纤
!
interface VLAN 100 管理VLAN地址
no ip proxy-arp
ip address 10.10.100.6 255.255.255.0
!
ip route 0.0.0.0 0.0.0.0 10.10.20.254 默认路由到三层
接入交换机
vlan 20
name 20
vlan 100
name guanli
name 20
vlan 100
name guanli
int vlan 100
ip add 10.10.100.7 255.255.255.0
ip def 10.10.20.254 设备用户默认网关
int ran f 0/1 - 48
sw acc vlan 20
int ran g 0/49 - 50
sw mo tr
end
ip add 10.10.100.7 255.255.255.0
ip def 10.10.20.254 设备用户默认网关
int ran f 0/1 - 48
sw acc vlan 20
int ran g 0/49 - 50
sw mo tr
end
