1. 按拓扑图所示,完成各网络设备的基本配置。
2. 在四台交换机上配置MSTP协议,并将VLAN10,VLAN30映射到实例1,S3750-1为实例1的根,将VLAN20,VLAN40映射到实例2,S3750-1为实例2的根。,实现阻断网络环路,并实现数据流量的负载均衡。
3. 在S3750-1和S3750-2上配置VRRP,S3750-1和S3750-2分别对VLAN10—VLAN40启用两个VRRP组,实现负载均衡。
4. 在RA和RB上开启RIPV2协议,在RB、RC、RD、S3750-1、S3750-2上开启OSPF协议,实现各路由域内部的互通。
5. 在RB上配置去往ISP的默认路由,并在RB上配置路由重发布,实现全网的互通。
6. 在S3750-1和S3750-2上的SVI上实现如下访问控制:VLAN10为经理部,可以访问其他各个VLAN;经理部设有FTP服务器一台,地址为192.168.10.1/24,只有VLAN20、VLAN30、VLAN40的成员在工作时间(每周一至周五8:00-16:00)可以访问该FTP服务器的FTP服务,其余时间不可以访问。
7. 在RB上实现如下访问控制:所有用户在工作时间均不可以访问Internet,其他时间可以。
8. 在RB上配置策略路由,VLAN10和VLAN30的数据从loopback0转发,VLAN20和VLAN40的数据从loopback1转发。
在RB上配置NAT转换,实现内网的用户可以访问Internet,该公司申请到的公有地址是200.1.1.2/24-200.1.1.6/24。
配置:
⑴ 使得网络畅通
R1:
interface s1/0
ip add 202.1.1.1 255.255.255.0
no shutdown
exit
router rip
no auto-summary
version 2
net 202.1.1.0
exit
R2:
inteeface s1/0
ip add 202.1.1.2 255.255.255.0
no shut
int f1/1
ip add 172.16.3.1 255.255.255.0
int f1/0
ip add 172.16.4.1 255.255.255.0
exit
ip route 0.0.0.0 0.0.0.0 202.1.1.1
router rip
net 202.1.1.0
redistribute ospf 1 metric 2 //配置路由重分发
no auto-summary
version 2
redis connetced
redis static
default-information origanite
exit
router ospf 1
net 172.16.3.0 0.0.0.255 area 0
net 172.16.4.0 0.0.0.255 area 0
redis rip metric 50 subnets
redis connected subnets
redis static subnets
default-information origanite
exit
R3:
int f1/1
ip add 172.16.3.2 255.255.255.0
int f1/0
ip add 172.16.1.1 255.255.255.0
exit
router ospf 1
net 172.16.3.0 0.0.0.255 area 0
net 172.16.1.0 0.0.0.255 area 1
exit
R4:
int f1/1
ip add 172.16.4.2 255.255.255.0
int f1/0
ip add 172.16.2.1 255.255.255.0
exit
router ospf 1
net 172.16.4.0 0.0.0.255 area 0
net 172.16.2.0 0.0.0.255 area 1
exit
S1:
int f0/2
no switport
ip add 172.16.1.2 255.255.255.0
int range f0/1,f0.23,f0/24
switport trunk encapsulation dot1q
switport mode trunk
end
vlan database
vlan 10
vlan 20
vlan 30
vlan 40
exit
conf t
int vlan 10
ip add 192.168.10.253 255.255.255.0 //配置vrrp实现网关备份,并实现vrrp线路负载均衡
vrrp 11 ip 192.168.10.253
vrrp 12 ip 192.168.10.254
int vlan 20
ip add 192.168.20.253 255.255.255.0
vrrp 21 ip 192.168.20.253
vrrp 22 ip 192.168.20.254
int vlan 30
ip add 192.168.30.253 255.255.255.0
vrrp 31 ip 192.168.30.253
vrrp 32 ip 192.168.30.254
int vlan 40
ip add 192.168.40.253 255.255.255.0
vrrp 41 ip 192.168.40.253
vrrp 42 ip 192.168.40.254
exit
spanning-tree
spanning-tree mode mstp //配置mstp解决环路问题
spanning-tree mst configuration
name abc
revision 2
instance 1 vlan 10,30
instance 2 vlan 20,40
exit
spanning-tree mst 1 priority 4096
router ospf 1
net 172.16.1.0 0.0.0.255 area 1
net 192.168.10.0 0.0.0.255 area 1
net 192.168.20.0 0.0.0.255 area 1
net 192.168.30.0 0.0.0.255 area 1
net 192.168.40.0 0.0.0.255 area 1
exit
S2:
int f0/2
no swit
ip dd 172.16.2.2 255.255.255.0
int range f0/1,f0/23,f0/24
swit trunk en dot1q
swit mode trunk
end
vlan data
vlan 10
vlan 20
vlan 30
vlan 40
exit
conf t
int vlan 10
ip add 192.168.10.254 255.255.255.0
vrrp 11 ip 192.168.10.253
vrrp 12 ip 192.168.10.254
int vlan 20
ip add 192.168.20.254 255.255.255.0
vrrp 21 ip 192.168.20.253
vrrp 22 ip 192.168.20.254
int vlan 30
ip add 192.168.30.254 .255.255.255.0
vrrp 31 ip 192.168.30.253
vrrp 32 ip 192.168.30.254
int vlan 40
ip add 192.168.40.254 255.255.255.0
vrrp 41 ip 192.168.40.253
vrrp 42 ip 192.168.40.254
exit
spanning-tree
spanning-tree mode mstp
spanning-tree mst coniguration
name anc
revision 2
instance 1 vlan 10,30
instance 2 vlan 20,40
exit
spanning-tree mst 2 priority 4096
router ospf 1
net 172.16.2.0 0.0.0.255 area 1
net 192.168.0.0 0.0.255.255 area 1
exit
S3:
vlan 10
vlan 20
vlan 30
vlan 40
exit
int range f0/23,f0/24
swit mode tunk
int f0/1
swit access vlan10
int f0/2
swit access vlan 20
exit
spanning-tree
spanning-tree mode mstp
spanning-tree mst configuration
name abc
revision 2
instance 1 vlan 10,30
instance 2 vlan 20,40
exit
S4:
vlan 10
vlan 20
vlan 30
vlan 40
exi
int range f0/23,f0/24
swit mode tunk
int f0/1
swit access vlan 30
int f0/2
swit access vlan 40
exit
spanning-tree
spanning-tree mode mstp
spanning-tree mst configuration
name abc
revision 2
instance 1 vlan 10,30
instance 2 vlan 20,40
exit
通过进行这一系列的配置,能够实现设计搭建的拓扑中的各设备之间能够互通信息,下一部分将对具体的要求进行相应的配置。