1.设备基础信息配置
(1)根据表2IPv4地址分配表,修订所有设备名称。
(2)根据公司网络规划,在所有交换机上创建VLAN10、VLAN20。为了保证不同交换机上的同一个VLAN的成员之间能够相互通信,需要配置交换机之间相连的端口为Trunk端口,并允许VLAN10、VLAN20通过。
2.部署MSTP及VRRP技术,实现网络冗余。
在交换机S1、S2、S3上配置MSTP防止二层环路。
(1)配置MSTP要求来自VLAN10中的数据流经过S2交换机转发,一旦S2交换机失效时,经过S3交换机转发。要求来自VLAN20中的数据流经过S3交换机转发,一旦S3交换机失效时,经过S2交换机转发。
其中,所配置的MSTP参数要求:region-name为test;revision版本为1;实例1包含VLAN10;实例2包含VLAN20。
(2)配置S2交换机作为实例1的主根、实例2的从根;配置S3交换机作为实例2的主根、实例1的从根;其中,主根交换机的优先级为4096;从根交换机的优先级为8192。
(3)在交换机S2和S3上配置VRRP,实现网络中的主机的网关冗余,所配置的参数要求如表2所示。其中,在交换机S2、S3上设置各VRRP组中的高优先级设置为120,低优先级设置为100。
表1 S2和S3的VRRP参数表
| VLAN | VRRP备份组号(VRID) | VRRP虚拟IP |
| VLAN10 | 10 | 70.XX.10.254 |
| VLAN20 | 20 | 70.XX.20.254 |
3.部署全网路由协议,实现全网的互联互通。
(1)在公司总部(R1、R2、S2、S3)中,部署OSPF协议,进程号为10,使用单区域(区域0),路由器的Router-Id采用Loopback0接口的IP地址。
(2)在公司分部(R3、R4、R5)中,部署RIPV2协议;进程号为1。
(3)在公司总部与公司分部之间部署BGP协议。R1与R3、R2与R4之间采用直连接口建立EBGP邻居关系;R1与R2之间使用Loopback0口建立IBGP邻居关系;R3与R4、R5之间使用Loopback0口建立IBGP邻居关系。
S1配置过程
[Huawei]sysname S1
[S1]#
[S1]undo info-center enable
Info: Information center is disabled.
[S1]#
[S1]vlan batch 10 20
Info: This operation may take a few seconds. Please wait for a moment...done.
[S1]#
[S1]stp region-configuration
[S1-mst-region] region-name huawei
[S1-mst-region] revision-level 1
[S1-mst-region] instance 1 vlan 10
[S1-mst-region] instance 2 vlan 20
[S1-mst-region] active region-configuration
Info: This operation may take a few seconds. Please wait for a moment...done.
[S1-mst-region]#
[S1-mst-region]interface Ethernet0/0/1
[S1-Ethernet0/0/1] port link-type access
[S1-Ethernet0/0/1] port default vlan 10
[S1-Ethernet0/0/1]#
[S1-Ethernet0/0/1]interface Ethernet0/0/2
[S1-Ethernet0/0/2] port link-type access
[S1-Ethernet0/0/2] port default vlan 20
[S1-Ethernet0/0/2]#
[S1-Ethernet0/0/2]interface GigabitEthernet0/0/1
[S1-GigabitEthernet0/0/1] port link-type trunk
[S1-GigabitEthernet0/0/1] port trunk allow-pass vlan 10 20
[S1-GigabitEthernet0/0/1]#
[S1-GigabitEthernet0/0/1]interface GigabitEthernet0/0/2
[S1-GigabitEthernet0/0/2] port link-type trunk
[S1-GigabitEthernet0/0/2] port trunk allow-pass vlan 10 20S2配置过程
<Huawei>sys
Enter system view, return user view with Ctrl+Z.
[Huawei]un in en
Info: Information center is disabled.
[Huawei]
[Huawei]#
[Huawei]sysname S2
[S2]#
[S2]undo info-center enable
Info: Information center is disabled.
[S2]#
[S2]vlan batch 10 20 71 to 72
Info: This operation may take a few seconds. Please wait for a moment...done.
[S2]#
[S2]stp instance 1 pr 4096
[S2]stp instance 2 pr 8192
[S2]#
[S2]stp region-configuration
[S2-mst-region] region-name huawei
[S2-mst-region] revision-level 1
[S2-mst-region] instance 1 vlan 10
[S2-mst-region] instance 2 vlan 20
[S2-mst-region] active region-configuration
Info: This operation may take a few seconds. Please wait for a moment...done.
[S2-mst-region]#
[S2-mst-region]interface Vlanif10
[S2-Vlanif10] ip address 70.23.10.1 255.255.255.0
[S2-Vlanif10]vrrp vr 10 vi 70.23.10.254
[S2-Vlanif10]vrrp vr 10 pr 120
[S2-Vlanif10]#
[S2-Vlanif10]interface Vlanif20
[S2-Vlanif20] ip address 70.23.20.1 255.255.255.0
[S2-Vlanif20]vrrp vr 20 vi 70.23.20.254
[S2-Vlanif20]#
[S2-Vlanif20]interface Vlanif71
[S2-Vlanif71] ip address 10.23.17.7 255.255.255.0
[S2-Vlanif71]#
[S2-Vlanif71]interface Vlanif72
[S2-Vlanif72] ip address 10.23.27.7 255.255.255.0
[S2-Vlanif72]#
[S2-Vlanif72]interface GigabitEthernet0/0/1
[S2-GigabitEthernet0/0/1] port link-type trunk
[S2-GigabitEthernet0/0/1] port trunk allow-pass vlan 10 20
[S2-GigabitEthernet0/0/1]#
[S2-GigabitEthernet0/0/1]interface GigabitEthernet0/0/2
[S2-GigabitEthernet0/0/2] port link-type access
[S2-GigabitEthernet0/0/2] port default vlan 71
[S2-GigabitEthernet0/0/2]#
[S2-GigabitEthernet0/0/2]interface GigabitEthernet0/0/3
[S2-GigabitEthernet0/0/3] port link-type trunk
[S2-GigabitEthernet0/0/3] port trunk allow-pass vlan 10 20
[S2-GigabitEthernet0/0/3]#
[S2-GigabitEthernet0/0/3]interface GigabitEthernet0/0/4
[S2-GigabitEthernet0/0/4] port link-type access
[S2-GigabitEthernet0/0/4] port default vlan 72
[S2-GigabitEthernet0/0/4]#
[S2-GigabitEthernet0/0/4]interface LoopBack0
[S2-LoopBack0] ip address 10.23.7.7 255.255.255.255
[S2-LoopBack0]
[S2-LoopBack0]ospf rou 10.23.7.7
[S2-ospf-1]ar 0
[S2-ospf-1-area-0.0.0.0]net 70.23.10.0 0.0.0.255
[S2-ospf-1-area-0.0.0.0]net 70.23.20.0 0.0.0.255
[S2-ospf-1-area-0.0.0.0]net 10.23.17.0 0.0.0.255
[S2-ospf-1-area-0.0.0.0]net 10.23.27.0 0.0.0.255S3配置过程
The device is running!
<Huawei>sys
Enter system view, return user view with Ctrl+Z.
[Huawei]un in en
Info: Information center is disabled.
[Huawei]
[Huawei]#
[Huawei]sysname S3
[S3]#
[S3]undo info-center enable
Info: Information center is disabled.
[S3]#
[S3]vlan batch 10 20 81 to 82
Info: This operation may take a few seconds. Please wait for a moment...done.
[S3]#
[S3]stp instance 2 pr 4096
[S3]stp instance 1 pr 8192
[S3]#
[S3]stp region-configuration
[S3-mst-region] region-name huawei
[S3-mst-region] revision-level 1
[S3-mst-region] instance 1 vlan 10
[S3-mst-region] instance 2 vlan 20
[S3-mst-region] active region-configuration
Info: This operation may take a few seconds. Please wait for a moment...done.
[S3-mst-region]#
[S3-mst-region]interface Vlanif10
[S3-Vlanif10] ip address 70.23.10.1 255.255.255.0
[S3-Vlanif10]vrrp vr 10 vi 70.23.10.254
[S3-Vlanif10]#
[S3-Vlanif10]interface Vlanif20
[S3-Vlanif20] ip address 70.23.20.1 255.255.255.0
[S3-Vlanif20]vrrp vr 20 vi 70.23.20.254
[S3-Vlanif20]vrrp vr 20 pr 120
[S3-Vlanif20]#
[S3-Vlanif20]interface Vlanif81
[S3-Vlanif81] ip address 10.23.18.8 255.255.255.0
[S3-Vlanif81]#
[S3-Vlanif81]interface Vlanif82
[S3-Vlanif82] ip address 10.23.28.8 255.255.255.0
[S3-Vlanif82]#
[S3-Vlanif82]interface GigabitEthernet0/0/1
[S3-GigabitEthernet0/0/1] port link-type access
[S3-GigabitEthernet0/0/1] port default vlan 82
[S3-GigabitEthernet0/0/1]#
[S3-GigabitEthernet0/0/1]interface GigabitEthernet0/0/2
[S3-GigabitEthernet0/0/2] port link-type trunk
[S3-GigabitEthernet0/0/2] port trunk allow-pass vlan 10 20
[S3-GigabitEthernet0/0/2]#
[S3-GigabitEthernet0/0/2]interface GigabitEthernet0/0/3
[S3-GigabitEthernet0/0/3] port link-type trunk
[S3-GigabitEthernet0/0/3] port trunk allow-pass vlan 10 20
[S3-GigabitEthernet0/0/3]#
[S3-GigabitEthernet0/0/3]interface GigabitEthernet0/0/4
[S3-GigabitEthernet0/0/4] port link-type access
[S3-GigabitEthernet0/0/4] port default vlan 81
[S3-GigabitEthernet0/0/4]#
[S3-GigabitEthernet0/0/4]interface LoopBack0
[S3-LoopBack0] ip address 10.23.8.8 255.255.255.255
[S3-LoopBack0]
[S3-LoopBack0]ospf rou 10.23.8.8
[S3-ospf-1]ar 0
[S3-ospf-1-area-0.0.0.0]net 70.23.10.0 0.0.0.255
[S3-ospf-1-area-0.0.0.0]net 70.23.20.0 0.0.0.255
[S3-ospf-1-area-0.0.0.0]net 10.23.18.0 0.0.0.255
[S3-ospf-1-area-0.0.0.0]net 10.23.28.0 0.0.0.255R1配置过程
[Huawei]sysname R1
[R1]#
[R1]undo info-center enable
Info: Information center is disabled.
[R1]#
[R1]interface GigabitEthernet0/0/0
[R1-GigabitEthernet0/0/0] ip address 10.23.12.1 255.255.255.0
[R1-GigabitEthernet0/0/0]#
[R1-GigabitEthernet0/0/0]interface GigabitEthernet0/0/1
[R1-GigabitEthernet0/0/1] ip address 10.23.13.1 255.255.255.0
[R1-GigabitEthernet0/0/1]#
[R1-GigabitEthernet0/0/1]interface GigabitEthernet0/0/2
[R1-GigabitEthernet0/0/2] ip address 10.23.17.1 255.255.255.0
[R1-GigabitEthernet0/0/2]#
[R1-GigabitEthernet0/0/2]interface GigabitEthernet0/0/3
[R1-GigabitEthernet0/0/3] ip address 10.23.18.1 255.255.255.0
[R1-GigabitEthernet0/0/3]#
[R1-GigabitEthernet0/0/3]interface LoopBack0
[R1-LoopBack0] ip address 10.23.1.1 255.255.255.255
[R1-LoopBack0]ospf 1 router-id 10.23.1.1
[R1-ospf-1] area 0.0.0.0
[R1-ospf-1-area-0.0.0.0] network 10.23.12.0 0.0.0.255
[R1-ospf-1-area-0.0.0.0] network 10.23.17.0 0.0.0.255
[R1-ospf-1-area-0.0.0.0] network 10.23.18.0 0.0.0.255
[R2-ospf-1-area-0.0.0.0] net 10.23.1.1 0.0.0.0
[R1-ospf-1-area-0.0.0.0] q
[R1-ospf-1] im bgp
[R1-ospf-1] bgp 100
[R1-bgp] peer 10.23.2.2 as-number 100
[R1-bgp] peer 10.23.2.2 connect-interface LoopBack0
[R1-bgp] peer 10.23.13.3 as-number 200
[R1-bgp] #
[R1-bgp] import-route isis 1
[R1-bgp] peer 10.23.2.2 next-hop-local R2
[Huawei]sysname R2
[R2]#
[R2]undo info-center enable
Info: Information center is disabled.
[R2]#
[R2]interface GigabitEthernet0/0/0
[R2-GigabitEthernet0/0/0] ip address 10.23.12.2 255.255.255.0
[R2-GigabitEthernet0/0/0]#
[R2-GigabitEthernet0/0/0]interface GigabitEthernet0/0/1
[R2-GigabitEthernet0/0/1] ip address 10.23.28.2 255.255.255.0
[R2-GigabitEthernet0/0/1]#
[R2-GigabitEthernet0/0/1]interface GigabitEthernet0/0/2
[R2-GigabitEthernet0/0/2] ip address 10.23.24.2 255.255.255.0
[R2-GigabitEthernet0/0/2]#
[R2-GigabitEthernet0/0/2]interface GigabitEthernet0/0/3
[R2-GigabitEthernet0/0/3] ip address 10.23.27.2 255.255.255.0
[R2-GigabitEthernet0/0/3]#
[R2-GigabitEthernet0/0/3]interface LoopBack0
[R2-LoopBack0] ip address 10.23.2.2 255.255.255.255
[R2-LoopBack0]
[R2-LoopBack0]ospf 1 router-id 10.23.2.2
[R2-ospf-1] area 0.0.0.0
[R2-ospf-1-area-0.0.0.0] network 10.23.12.0 0.0.0.255
[R2-ospf-1-area-0.0.0.0] network 10.23.27.0 0.0.0.255
[R2-ospf-1-area-0.0.0.0] network 10.23.28.0 0.0.0.255
[R2-ospf-1-area-0.0.0.0] net 10.23.2.2 0.0.0.0
[R2-ospf-1-area-0.0.0.0] q
[R2-ospf-1] im bgp
[R2-ospf-1] bgp 100
[R2-bgp] peer 10.23.1.1 as-number 100
[R2-bgp] peer 10.23.1.1 connect-interface LoopBack0
[R2-bgp] peer 10.23.24.4 as-number 200
[R2-bgp] #
[R2-bgp] peer 10.23.1.1 next-hop-local R3配置
[Huawei]sysname R3
[R3]#
[R3]undo info-center enable
Info: Information center is disabled.
[R3]#
[R3]interface GigabitEthernet0/0/0
[R3-GigabitEthernet0/0/0] ip address 10.23.35.3 255.255.255.0
[R3-GigabitEthernet0/0/0]#
[R3-GigabitEthernet0/0/0]interface GigabitEthernet0/0/1
[R3-GigabitEthernet0/0/1] ip address 10.23.13.3 255.255.255.0
[R3-GigabitEthernet0/0/1]#
[R3-GigabitEthernet0/0/1]interface GigabitEthernet0/0/2
[R3-GigabitEthernet0/0/2] ip address 10.23.34.3 255.255.255.0
[R3-GigabitEthernet0/0/2]#
[R3-GigabitEthernet0/0/2]interface LoopBack0
[R3-LoopBack0] ip address 10.23.3.3 255.255.255.255
[R3-LoopBack0]#
[R3-LoopBack0]bgp 200
[R3-bgp] peer 10.23.4.4 as-number 200
[R3-bgp] peer 10.23.4.4 connect-interface LoopBack0
[R3-bgp] peer 10.23.5.5 as-number 200
[R3-bgp] peer 10.23.5.5 connect-interface LoopBack0
[R3-bgp] peer 10.23.13.1 as-number 100
[R3-bgp]
[R3-bgp] peer 10.23.4.4 next-hop-local
[R3-bgp] peer 10.23.5.5 next-hop-local
[R3-bgp]#
[R3-bgp]rip 1
[R3-rip-1] undo summary
[R3-rip-1] version 2
[R3-rip-1] network 10.0.0.0R4配置
[Huawei]sysname R4
[R4]#
[R4]undo info-center enable
[R4]interface GigabitEthernet0/0/0
[R4-GigabitEthernet0/0/0] ip address 10.23.34.4 255.255.255.0
[R4-GigabitEthernet0/0/0]#
[R4-GigabitEthernet0/0/0]interface GigabitEthernet0/0/1
[R4-GigabitEthernet0/0/1] ip address 10.23.45.4 255.255.255.0
[R4-GigabitEthernet0/0/1]#
[R4-GigabitEthernet0/0/1]interface GigabitEthernet0/0/2
[R4-GigabitEthernet0/0/2] ip address 10.23.24.4 255.255.255.0
[R4-GigabitEthernet0/0/2]#
[R4-GigabitEthernet0/0/2]interface GigabitEthernet0/0/3
[R4-GigabitEthernet0/0/3]#
[R4-GigabitEthernet0/0/3]interface LoopBack0
[R4-LoopBack0] ip address 10.23.4.4 255.255.255.255
[R4-LoopBack0]#
[R4-LoopBack0]bgp 200
[R4-bgp] peer 10.23.3.3 as-number 200
[R4-bgp] peer 10.23.3.3 connect-interface LoopBack0
[R4-bgp] peer 10.23.5.5 as-number 200
[R4-bgp] peer 10.23.5.5 connect-interface LoopBack0
[R4-bgp] peer 10.23.24.2 as-number 100
[R4-bgp] #
[R4-bgp]
[R4-bgp] peer 10.23.5.5 next-hop-local
[R4-bgp] peer 10.23.3.3 next-hop-local
[R4-bgp]#
[R4-bgp]rip 1
[R4-rip-1] undo summary
[R4-rip-1] version 2
[R4-rip-1] network 10.0.0.0R5配置
[Huawei]sysname R5
[R5]undo info-center enable
[R5]interface GigabitEthernet0/0/0
[R5-GigabitEthernet0/0/0] ip address 10.23.35.5 255.255.255.0
[R5-GigabitEthernet0/0/0]#
[R5-GigabitEthernet0/0/0]interface GigabitEthernet0/0/1
[R5-GigabitEthernet0/0/1] ip address 10.23.45.5 255.255.255.0
[R5-GigabitEthernet0/0/1]#
[R5-GigabitEthernet0/0/1]interface LoopBack0
[R5-LoopBack0] ip address 10.23.5.5 255.255.255.255
[R5-LoopBack0]#
[R5-LoopBack0]interface LoopBack1
[R5-LoopBack1] ip address 20.23.5.5 255.255.255.255
[R5-LoopBack1]#
[R5-LoopBack1]bgp 200
[R5-bgp] peer 10.23.3.3 as-number 200
[R5-bgp] peer 10.23.3.3 connect-interface LoopBack0
[R5-bgp] peer 10.23.4.4 as-number 200
[R5-bgp] peer 10.23.4.4 connect-interface LoopBack0
[R5-bgp]
[R5-bgp] network 20.23.5.5 255.255.255.255
[R5-bgp] peer 10.23.3.3 reflect-client
[R5-bgp] peer 10.23.4.4 reflect-client
[R5-bgp]#
[R5-bgp]rip 1
[R5-rip-1] undo summary
[R5-rip-1] version 2
[R5-rip-1] network 10.0.0.0测试
mstp验证
vrrp主备验证
ospf邻居验证
rip邻居验证
bgp邻居验证
路由验证
连通性测试
![[网络安全]在win2000虚拟机上创建隐藏账户](https://img-blog.csdnimg.cn/direct/17e375bd0c094c97920361bd82f2ec7d.bmp)
