拓扑中四个交换机五个路由器,共九个设备
答案是对应的九个脚本(从设备命名到保存)
全部复制粘贴后,从PC1、PC2都是能Ping通服务器的(保及格),其他要求没检查
题目
VLAN信息
| 设备名称 | 端口 | 链路类型 | Vlan参数 |
|---|---|---|---|
| HZ-HZXiaoYuan-Acc01-S5731 | G0/0/24 | Access | Pvid 10 |
| G0/0/23 | Hybrid | Pvid 20 Untagged vlan 20 | |
| G0/0/1 | Trunk | Pvid 1 Allow pass :10 20 | |
| G0/0/2 | Trunk | Pvid 1 Allow pass :10 20 | |
| HZ-HZXiaoYuan-Agg01-S5731 | G0/0/1 | Trunk | Pvid 1 Allow pass :10 20 |
| G0/0/23 | Trunk | Pvid 1 Allow pass :10 20 | |
| G0/0/24 | Access | Pvid 100 | |
| HZ-HZXiaoYuan-Agg02-S5731 | G0/0/1 | Trunk | Pvid 1 Allow pass :10 20 |
| G0/0/23 | Trunk | Pvid 1 Allow pass :10 20 | |
| G0/0/24 | Access | Pvid 101 | |
| HZ-HZEdu-Acc01-S5731 | G0/0/1 | Access | Pvid 1 |
| G0/0/2 | Access | Pvid 1 | |
| G0/0/24 | Access | Pvid 1 |
地址规划
| 设备名称 | 接口 | IP地址 |
|---|---|---|
| HZ-HZXiaoYuan-Agg01-S5731 | Vlanif 10 | 192.168.10.100/24 |
| Vlanif 20 | 192.168.20.101/24 | |
| Vlanif 100 | 10.1.13.1/24 | |
| Loopback 0 | 10.1.1.1/32 | |
| HZ-HZXiaoYuan-Agg02-S5731 | Vlanif 10 | 192.168.10.101/24 |
| Vlanif 20 | 192.168.20.100/24 | |
| Vlanif 101 | 10.1.24.2/24 | |
| Loopback 0 | 10.1.2.2/32 | |
| HZ-HZXiaoYuan-Core01-AR6140 | G0/0/0 | 10.1.13.3/24 |
| G0/0/2 | 10.1.34.3/24 | |
| G0/0/1 | 10.1.35.3/24 | |
| Loopback 0 | 10.1.3.3/32 | |
| HZ-HZXiaoYuan-Core02-AR6140 | G0/0/0 | 10.1.24.4/24 |
| G0/0/2 | 10.1.34.4/24 | |
| G0/0/1 | 10.1.45.4/24 | |
| Loopback 0 | 10.1.4.4/32 | |
| HZ-HZXiaoYuan-Edge01-AR6140 | G0/0/1 | 10.1.35.5/24 |
| G0/0/2 | 10.1.45.5/24 | |
| G0/0/0 | 10.1.56.5/24 | |
| G0/0/3 | 10.1.57.5/24 | |
| Loopback 0 | 10.1.5.5/32 | |
| HZ-HZEdu-Edge01-AR6140 | G0/0/0 | 10.1.56.6/24 |
| G0/0/1 | 192.168.30.100/24 | |
| Loopback 0 | 10.1.6.6/32 | |
| HZ-HZEdu-Edge02-AR6140 | G0/0/0 | 10.1.57.7/24 |
| G0/0/1 | 192.168.30.101/24 | |
| Loopback 0 | 10.1.7.7/32 |
一、设备命名
为了方便后期维护、故障定位以及网络的规范化,需要对设备进行规范化命名
二、VLAN规划与配置
为确保网络稳定与安全,避免二层网络过大可能带来的问题,请根据实验考试拓扑和VLAN信息,在对应交换机上配置所对应的VLAN。注意,交换机只允许题目中规定的VLAN通过
三、IP编址
根据实验考试拓扑和IP地址规划表中的信息,配置相应网络设备接口的IP地址
四、RSTP配置
为防止校园网内二层网络中出现环路,导致广播风暴等问题,在校园网的acc01、agg01和agg02之间配置RSTP协议
- STP模式为RSTP,要求使用"stp root primary/secondary"命令,使agg01成为根桥,agg02成为备份根桥
- 为保证网络稳定性,要求与PC相连的交换机端口不参与STP计算,直接进入Forwarding状态
五、DHCP配置
校园网中用户密度大,手动分配地址工作量大且容易出错。现要求使用DHCP为宿舍楼和教学楼的终端主机分配地址,其中agg01和agg02作为DHCP服务器互为备份
在agg01上创建名为VLAN10和VLAN20的地址池,在agg02上创建名为VLAN10和VLAN20的地址池,具体要求如下:
- VLAN10地址池分配的地址段为192.168.10.0/24,网关为192.168.10.254,已分配的地址为192.168.10.101和192.168.10.102
- VLAN20地址池分配的地址段为192.168.20.0/24,网关为192.168.20.254,已分配的地址为192.168.20.101和192.168.20.102
六、VRRP配置
为保证校园网中宿舍楼和教学楼的终端访问网络的稳定性,在校园网络的网关位置进行余备份配置,通过在agg01和agg02上部署VRRP协议来满足要求
- VLAN10使用VRRP备份组1,VRRP备份组1虚拟IP地址为192.168.10.254
- VLAN20使用VRRP备份组2,VRRP备份组2虚拟IP地址为192.168.20.254
- VRRP备份组1以agg01为主网关(优先级为120),agg02作为备份网关(优先级缺省);VRRP备份组2以agg02为主网关(优先级为120),agg01作为备份网关(优先级缺省)
- 在两个备份组中监测上行接口,当上行接口出现故障时,主网关优先级降低30,主动完成切换
- 为保证教育网终端可靠上网,也需要使用VRRP协议。教育网虚拟IP地址为192.168.30.254,以HZ-HZEdu-Edge01-AR6140为主设备,优先级为120,备用设备无需修改优先级
七、OSPF配置
为了满足校园网中众多设备之间的三层访问。且避免路由环路的出现,保证后期校园网络的扩展性,选用动态路由协议OSPF作为本校园网络的IGP
- Agg01、Agg02、Core01、Core02、HZ-HZXaoYuan-Edge01-AR6140配置OSPF进程号为1
- Agg01的与Agg02连接局域网的接口属于区域1。两个设备的g0/0/24属于骨干区域
- Core01设备的g0/0/0、g0/0/2、Core02设备的g0/0/0、g0/0/2属于骨干区域
- Core01设备的g0/0/1、Core02设备的g0/0/1属于区域2
- Edge设备上的g0/0/1、g0/0/2属于区域2,其他接口不要宣告
在创建 OSPF进程时手动设定Router ID与环回口地址一致。 要求所有网段采用32位精确宣告。
例如:将1.2.3. 4/24此地址进行32位宣告的命令为Network 1.2.3.4 0.0.0.0
为了保证安全性,需要在区域0中启用区域认证。使用验证模式为md5,识符为1,配置口令为huawei
八、出口设计
- HZ-HZXiaoYuan-Edge01-AR6140配置明细静态路由使得校园网内PC可以访问教育网中终端Server所在的网段(192.168.30.0/24)
- 分别需要配置两条静态路由,下一 跳分别为HZ-HZEdu-Edge01-AR6140的g0/0/0口地址和HZ-HZEDU-Edge02-AR6140的g0/0/0口地址。但是edge01链接的两条链路速度不一样,学校希望正常状态下主走HZ-HZEdu-Edge01-AR614的g0/0/0相连的链路,当主链路出现问题自动切换备用链路。请修改路由的优先级,备用静态路由的优先级改为90来实现浮动路由
- 在HZ-HZEdu-Edge01-AR6140和HZ-HZEdu-Edge02-AR6140上配置默认路由指向内网送出接口和下一跳地址为链接校园边界设备的地址和自己本地接口,完成内外网的通信
九、路由引入
为了使内网用户能够访问教育网,需要将教育网中的路由条目引入校园网,且在计算开销时最大限度的保证精确,在HZ-HZXiaoYuan-Edge01-AR6140上将静态路由引入OSPF,并设置为1类外部路由
路由引入的命令为:
- ospf 1
- Import route <protocol> type <1/2>
最终提交实验拓扑和Word文档,文件命名为学号-姓名,完成后发送邮箱xxxxxx@qq.com
现象1:设备名称截图
现象2:HZ-HZXiaoYuan-Acc01-S5731和HZ-HZXiaoYuan-Agg01-S5731上执行dis port vlan命令
现象3:HZ-HZXiaoYuan-Agg01-S5731和HZ-HZXiaoYuan-Edge01-AR6140执行disp ip int br
现象4:在PC1和PC2执行ipconfig命令
现象5:HZ-HZXiaoYuan-Agg01-S5731和HZ-HZXiaoYuan-Agg02-S5731执行disp vrrp
现象6:HZ-HZXiaoYuan-Agg01-S5731和HZ-HZXiaoYuan-Acc01-S5731执行disp stp br
现象7:在HZ-HZXiaoYuan-Core01-AR6140执行disp ospf peer br和disp ospf rou
现象8:在HZ-HZEdu-Edge01-AR6140和HZ-HZXiaoYuan-Edge01-AR6140执行disp ip rou
现象9:在HZ-HZXiaoYuan-Edge01-AR6140执行dis cu conf ospf
现象10:在PC1和PC2上Ping Sever服务器地址
答案
sys
undo info enable
sysname HZ-HZXiaoYuan-Acc01-S5731
vlan batch 10 20
int g0/0/24
port link-type access
port default vlan 10
int g0/0/23
port link-type hybrid
port hybrid pvid vlan 20
port hybrid untag vlan 20
int g0/0/1
port link-type trunk
port trunk pvid vlan 1
port trunk allow-pass vlan 10 20
undo port trunk allow-pass vlan 1
int g0/0/2
port link-type trunk
port trunk pvid vlan 1
port trunk allow-pass vlan 10 20
undo port trunk allow-pass vlan 1
q
stp mode rstp
stp bpdu-protection
int g0/0/23
stp edged-port enable
int g0/0/24
stp edged-port enable
q
q
save
y
sys
undo info enable
sysname HZ-HZXiaoYuan-Agg01-S5731
vlan batch 10 20 100
int g0/0/1
port link-type trunk
port trunk pvid vlan 1
port trunk allow-pass vlan 10 20
undo port trunk allow-pass vlan 1
int g0/0/23
port link-type trunk
port trunk pvid vlan 1
port trunk allow-pass vlan 10 20
undo port trunk allow-pass vlan 1
int g0/0/24
port link-type access
port default vlan 100
q
int Vlanif 10
ip add 192.168.10.100 24
int Vlanif 20
ip add 192.168.20.101 24
int Vlanif 100
ip add 10.1.13.1 24
int Loopback 0
ip add 10.1.1.1 32
q
stp mode rstp
stp root primary
dhcp enable
ip pool VLAN10
network 192.168.10.0 mask 255.255.255.0
gateway-list 192.168.10.254
excluded-ip-address 192.168.10.101 192.168.10.102
q
ip pool VLAN20
network 192.168.20.0 mask 255.255.255.0
gateway-list 192.168.20.254
excluded-ip-address 192.168.20.101 192.168.20.102
q
int VLAN10
vrrp vrid 1 virtual-ip 192.168.10.254
vrrp vrid 1 priority 120
vrrp vrid 1 track int g0/0/24 reduced 30
int VLAN20
vrrp vrid 2 virtual-ip 192.168.20.254
vrrp vrid 2 track int g0/0/24 reduced 30
q
ospf 1 router-id 10.1.1.1
area 0
network 10.1.13.1 0.0.0.0
authentication-mode md5 1 cipher huawei
area 1
network 192.168.10.100 0.0.0.0
network 192.168.20.101 0.0.0.0
q
q
q
save
y
sys
undo info enable
sysname HZ-HZXiaoYuan-Agg02-S5731
vlan batch 10 20 101
int g0/0/1
port link-type trunk
port trunk pvid vlan 1
port trunk allow-pass vlan 10 20
undo port trunk allow-pass vlan 1
int g0/0/23
port link-type trunk
port trunk pvid vlan 1
port trunk allow-pass vlan 10 20
undo port trunk allow-pass vlan 1
int g0/0/24
port link-type access
port default vlan 101
q
int Vlanif 10
ip add 192.168.10.101 24
int Vlanif 20
ip add 192.168.20.100 24
int Vlanif 101
ip add 10.1.24.2 24
int Loopback 0
ip add 10.1.2.2 32
q
stp mode rstp
stp root secondary
dhcp enable
ip pool VLAN10
network 192.168.10.0 mask 255.255.255.0
gateway-list 192.168.10.254
excluded-ip-address 192.168.10.101 192.168.10.102
q
ip pool VLAN20
network 192.168.20.0 mask 255.255.255.0
gateway-list 192.168.20.254
excluded-ip-address 192.168.20.101 192.168.20.102
q
int VLAN10
vrrp vrid 1 virtual-ip 192.168.10.254
vrrp vrid 1 track int g0/0/24 reduced 30
int VLAN20
vrrp vrid 2 virtual-ip 192.168.20.254
vrrp vrid 2 priority 120
vrrp vrid 2 track int g0/0/24 reduced 30
q
ospf 1 router-id 10.1.2.2
area 0
network 10.1.24.2 0.0.0.0
authentication-mode md5 1 cipher huawei
area 1
network 192.168.10.101 0.0.0.0
network 192.168.20.100 0.0.0.0
q
q
q
save
y
sys
undo info enable
sysname HZ-HZXiaoYuan-Core01-AR6140
int g0/0/0
ip add 10.1.13.3 24
int g0/0/2
ip add 10.1.34.3 24
int g0/0/1
ip add 10.1.35.3 24
int Loopback 0
ip add 10.1.3.3 32
q
ospf 1 router-id 10.1.3.3
area 0
network 10.1.13.3 0.0.0.0
network 10.1.34.3 0.0.0.0
authentication-mode md5 1 cipher huawei
area 2
network 10.1.35.3 0.0.0.0
q
q
q
save
y
sys
undo info enable
sysname HZ-HZXiaoYuan-Core02-AR6140
int g0/0/0
ip add 10.1.24.4 24
int g0/0/2
ip add 10.1.34.4 24
int g0/0/1
ip add 10.1.45.4 24
int Loopback 0
ip add 10.1.4.4 32
q
ospf 1 router-id 10.1.4.4
area 0
network 10.1.24.4 0.0.0.0
network 10.1.34.4 0.0.0.0
authentication-mode md5 1 cipher huawei
area 2
network 10.1.45.4 0.0.0.0
q
q
q
save
y
sys
undo info enable
sysname HZ-HZXiaoYuan-Edge01-AR6140
int g0/0/1
ip add 10.1.35.5 24
int g0/0/2
ip add 10.1.45.5 24
int g0/0/0
ip add 10.1.56.5 24
int g0/0/3
ip add 10.1.57.5 24
int Loopback 0
ip add 10.1.5.5 32
q
ospf 1 router-id 10.1.5.5
area 0
authentication-mode md5 1 cipher huawei
area 2
network 10.1.35.5 0.0.0.0
network 10.1.45.5 0.0.0.0
q
q
ip route-static 192.168.30.0 24 g0/0/0 10.1.56.6
ip route-static 192.168.30.0 24 g0/0/3 10.1.57.7 pre 90
ospf 1
import-route static type 1
q
q
save
y
sys
undo info enable
sysname HZ-HZEdu-Edge01-AR6140
int g0/0/0
ip add 10.1.56.6 24
int g0/0/1
ip add 192.168.30.100 24
int Loopback 0
ip add 10.1.6.6 32
q
int g0/0/1
vrrp vrid 3 virtual-ip 192.168.30.254
vrrp vrid 3 priority 120
q
ip route-static 192.168.10.0 24 g0/0/0 10.1.56.5
ip route-static 192.168.20.0 24 g0/0/0 10.1.56.5
q
save
y
sys
undo info enable
sysname HZ-HZEdu-Edge02-AR6140
int g0/0/0
ip add 10.1.57.7 24
int g0/0/1
ip add 192.168.30.101 24
int Loopback 0
ip add 10.1.7.7 32
q
int g0/0/1
vrrp vrid 3 virtual-ip 192.168.30.254
q
ip route-static 192.168.10.0 24 g0/0/0 10.1.57.5
ip route-static 192.168.20.0 24 g0/0/0 10.1.56.5
q
save
y
sys
undo info enable
sysname HZ-HZEdu-Acc01-S5731
int g0/0/1
port link-type access
port default vlan 1
int g0/0/2
port link-type access
port default vlan 1
int g0/0/24
port link-type access
port default vlan 1
q
save
y
