In addition to Weibo, there is also WeChat
Please pay attention
WeChat public account
Shulou
2025-02-05 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Network Security >
Share
Shulou(Shulou.com)06/01 Report--
The network topology diagram of a well-known enterprise and operator is as follows:
Enterprise projects should be as follows:
Experimental requirements:
1. As shown in the figure, the blue area is the intranet and the red area is the supplier network.
two。 Run MSTP protocol to balance the load of VLAN traffic
3.SW1 is the primary gateway for vlan 10 and 20, and backup gateway for SW1 30 and 40
4.SW2 is the primary gateway for vlan 30 and 40, and backup gateway for SW2 10 and 20
5.DHCP server is on vlan 66 and gateway is on SW2.
6. The intranet runs static routing protocol or OSPF routing protocol
7. All PCs automatically obtain ip addresses and can ping each other with Server1
8.Client1 can only access Server1's www service
9. Enterprise intranet devices are only allowed to be managed remotely by the IT department.
Step 1: configure the basic network
The SW1 configuration is as follows:
Sysname SW1
Vlan batch 10 20 30 40 66 100
Interface GigabitEthernet 0/0/1
Port link-type trunk
Port trunk allow-pass vlan all
Interface GigabitEthernet 0/0/2
Port link-type trunk
Port trunk allow-pass vlan all
Interface GigabitEthernet 0/0/3
Port link-type trunk
Port trunk allow-pass vlan all
Interface GigabitEthernet 0/0/4
Port link-type access
Port default vlan 100
Interface Vlanif 100
Ip address 192.168.100.2 24
Interface Vlanif 66
Ip address 192.168.66.251 24
Quit
The SW2 configuration is as follows:
Sysname SW2
Vlan batch 10 20 30 40 66 200
Interface GigabitEthernet 0/0/1
Port link-type trunk
Port trunk allow-pass vlan all
Interface GigabitEthernet 0/0/2
Port link-type trunk
Port trunk allow-pass vlan all
Interface GigabitEthernet 0/0/3
Port link-type trunk
Port trunk allow-pass vlan all
Interface GigabitEthernet 0/0/4
Port link-type access
Port default vlan 200
Interface Vlanif 200
Ip address 192.168.200.2 24
Interface GigabitEthernet 0/0/5
Port link-type access
Port default vlan 66
Interface Vlanif 66
Ip address 192.168.66.252 24
Quit
The SW3 configuration is as follows
Sysname SW3
Vlan batch 10 20 30 40
Interface Ethernet0/0/1
Port link-type trunk
Port trunk allow-pass vlan all
Interface Ethernet0/0/2
Port link-type trunk
Port trunk allow-pass vlan all
Interface Ethernet0/0/3
Port link-type access
Port default vlan 10
Interface Ethernet0/0/4
Port link-type access
Port default vlan 20
Interface Ethernet0/0/5
Port link-type trunk
Port trunk allow-pass vlan all
Quit
The SW4 configuration is as follows:
Sysname SW4
Vlan batch 10 20 30 40
Interface Ethernet0/0/1
Port link-type trunk
Port trunk allow-pass vlan all
Interface Ethernet0/0/2
Port link-type trunk
Port trunk allow-pass vlan all
Interface Ethernet0/0/3
Port link-type access
Port default vlan 30
Interface Ethernet0/0/4
Port link-type access
Port default vlan 40
Interface Ethernet0/0/5
Port link-type trunk
Port trunk allow-pass vlan all
Quit
R1 is configured as follows:
Sysname R1
Interface g0/0/0
Ip address 192.168.100.1 24
Interface g0/0/1
Ip address 192.168.200.1 24
Interface g0/0/2
Ip address 100.1.1.2 24
Quit
R2 is configured as follows:
Sysname R2
Interface g0/0/0
Ip address 100.1.1.1 24
Interface g0/0/1
Ip address 200.1.1.254 24
Quit
DHCP
Sysname DHCP
Dhcp enable
Interface g0/0/0
Ip address 192.168.66.1 24
Quit
Step 2: configure the access layer network; configure STP
SW1
Stp region-configuration
Region-name ntd
Instance 12 vlan 10 20
Instance 34 vlan 30 40
Active region-configuration
Quit
Stp instance 12 priority 4096
Stp instance 34 priority 8192
SW2
Stp region-configuration
Region-name ntd
Instance 12 vlan 10 20
Instance 34 vlan 30 40
Active region-configuration
Quit
Stp instance 12 priority 8192
Stp instance 34 priority 4096
SW3
Stp region-configuration
Region-name ntd
Instance 12 vlan 10 20
Instance 34 vlan 30 40
Active region-configuration
Quit
SW4
Stp region-configuration
Region-name ntd
Instance 12 vlan 10 20
Instance 34 vlan 30 40
Active region-configuration
Quit
Step 3: configure the aggregation layer network
Configure VRRP
SW1
Interface Vlanif10
Ip address 192.168.10.251 255.255.255.0
Vrrp vrid 10 virtual-ip 192.168.10.250
Vrrp vrid 10 priority 200
Interface Vlanif20
Ip address 192.168.20.251 255.255.255.0
Vrrp vrid 20 virtual-ip 192.168.20.250
Vrrp vrid 20 priority 200
Interface Vlanif30
Ip address 192.168.30.251 255.255.255.0
Vrrp vrid 30 virtual-ip 192.168.30.250
Interface Vlanif40
Ip address 192.168.40.251 255.255.255.0
Vrrp vrid 40 virtual-ip 192.168.40.250
SW2
Interface Vlanif10
Ip address 192.168.10.252 255.255.255.0
Vrrp vrid 10 virtual-ip 192.168.10.250
Interface Vlanif20
Ip address 192.168.20.252 255.255.255.0
Vrrp vrid 20 virtual-ip 192.168.20.250
Interface Vlanif30
Ip address 192.168.30.252 255.255.255.0
Vrrp vrid 30 virtual-ip 192.168.30.250
Vrrp vrid 30 priority 200
Interface Vlanif40
Ip address 192.168.40.252 255.255.255.0
Vrrp vrid 40 virtual-ip 192.168.40.250
Vrrp vrid 40 priority 200
Verify to view the VRRP configuration:
SW1
SW2
Configure DHCP
SW1
Dhcp enable
Interface Vlanif 10
Dhcp select relay
Dhcp relay server-ip 192.168.66.1
Interface Vlanif 20
Dhcp select relay
Dhcp relay server-ip 192.168.66.1
Interface Vlanif 30
Dhcp select relay
Dhcp relay server-ip 192.168.66.1
Interface Vlanif 40
Dhcp select relay
Dhcp relay server-ip 192.168.66.1
SW2
Dhcp enable
Interface Vlanif 10
Dhcp select relay
Dhcp relay server-ip 192.168.66.1
Interface Vlanif 20
Dhcp select relay
Dhcp relay server-ip 192.168.66.1
Interface Vlanif 30
Dhcp select relay
Dhcp relay server-ip 192.168.66.1
Interface Vlanif 40
Dhcp select relay
Dhcp relay server-ip 192.168.66.1
Configure DHCP
SW1
Dhcp enable
Interface Vlanif 10
Dhcp select relay
Dhcp relay server-ip 192.168.66.1
Interface Vlanif 20
Dhcp select relay
Dhcp relay server-ip 192.168.66.1
Interface Vlanif 30
Dhcp select relay
Dhcp relay server-ip 192.168.66.1
Interface Vlanif 40
Dhcp select relay
Dhcp relay server-ip 192.168.66.1
SW2
Dhcp enable
Interface Vlanif 10
Dhcp select relay
Dhcp relay server-ip 192.168.66.1
Interface Vlanif 20
Dhcp select relay
Dhcp relay server-ip 192.168.66.1
Interface Vlanif 30
Dhcp select relay
Dhcp relay server-ip 192.168.66.1
Interface Vlanif 40
Dhcp select relay
Dhcp relay server-ip 192.168.66.1
DHCP
Interface g0/0/0
Dhcp select global
Ip pool p1
Gateway-list 192.168.10.250
Network 192.168.10.0 mask 255.255.255.0
Excluded-ip-address 192.168.10.251 192.168.10.252
Dns-list 8.8.8.8
Ip pool p2
Gateway-list 192.168.20.250
Network 192.168.20.0 mask 255.255.255.0
Excluded-ip-address 192.168.20.251 192.168.20.252
Dns-list 8.8.8.8
Ip pool p3
Gateway-list 192.168.30.250
Network 192.168.30.0 mask 255.255.255.0
Excluded-ip-address 192.168.30.251 192.168.30.252
Dns-list 8.8.8.8
Ip pool p4
Gateway-list 192.168.40.250
Network 192.168.40.0 mask 255.255.255.0
Excluded-ip-address 192.168.40.251 192.168.40.252
Dns-list 8.8.8.8
Step 4: configure the core layer network
Configure OSPF
R1 configuration:
Ospf 1
Area 0
Network 192.168.100.0 0.0.0.255
Network 192.168.200.0 0.0.0.255
Default-route-advertise always
Quit
Quit
Ip route-static 0.0.0.0 0.0.0.0 100.1.1.1
SW1 configuration:
Ospf 1
Area 0
Network 192.168.100.0 0.0.0.255
Area 10
Network 192.168.10.0 0.0.0.255
Area 20
Network 192.168.20.0 0.0.0.255
Area 30
Network 192.168.30.0 0.0.0.255
Area 40
Network 192.168.40.0 0.0.0.255
Area 66
Network 192.168.66.0 0.0.0.255
Stub no-summary
Quit
Quit
SW2 configuration:
Ospf 1
Area 0
Network 192.168.10.0 0.0.0.255
Area 10
Network 192.168.10.0 0.0.0.255
Area 20
Network 192.168.20.0 0.0.0.255
Area 30
Network 192.168.30.0 0.0.0.255
Area 40
Network 192.168.40.0 0.0.0.255
Area 66
Network 192.168.66.0 0.0.0.255
Stub no-summary
Quit
Quit
Stp instance 0 root primary
DHCP
Ospf 1
Area 66
Network 192.168.66.0 0.0.0.255
Stub
Quit
Quit
Configure NAT and ACL
R1
Acl number 3000
Rule 10 permit tcp source 192.168.20.0 0.0.0.255 destination 200.1.1.1 0 destin
Ation-port eq www
Rule 15 deny ip source 192.168.20.0 0.0.0.255 destination 200.1.1.1 0
Rule 20 permit ip
Interface GigabitEthernet0/0/2
Nat outbound 3000
Acl number 2000
Rule 10 permit source 192.168.10.0 0.0.0.255
Interface GigabitEthernet0/0/2
Acl 2000 inbound
Quit
User-interface vty 0 4
Acl 2000 inbound
Authentication-mode password
one hundred and twenty three
User privilege level 15
Step 5: verify.
Verify that PC automatically obtains the ip address and can ping the server1 server:
Verify that Client1 can access Server1's www service, but cannot ping the server
So far, the project has been configured and verified successfully.
Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.
Views: 0
*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.
Continue with the installation of the previous hadoop.First, install zookooper1. Decompress zookoope
"Every 5-10 years, there's a rare product, a really special, very unusual product that's the most un
© 2024 shulou.com SLNews company. All rights reserved.
12
Report
