Shulou(Shulou.com)06/01 Report--

Enterprise basic Network Architecture Planning and configuration implementation

I. Network planning

Egress address segment: 202.1.1.0 apt 24

Router exit: 202.1.1.1Comp24

ISP Gateway: 202.1.1.2 Universe 24

Interconnect address field 192.168.90.0Mab 24

Router: 192.168.90.1Mather 24

Core switch: 192.168.90.2Mather 24

Administrative address field: 192.168.100.0 Universe 24

Core management address: 192.168.100.1 Universe 24

Access to LI-1:192.168.100.11/24

Access to LI-2:192.168.100.12/24

Access to LI-3:192.168.100.13/24

Access to LI-4:192.168.100.14/24

Access to LI-5:192.168.100.15/24

Access to LI-6:192.168.100.16/24

Business address field:

LI-1 VLAN10

LI-2 VLAN10

LI-3 VLAN10 Gateway: 192.168.10.1Maple 24

LI-4 VLAN20

LI-5 VLAN20

LI-6 VLAN20 Gateway: 192.168.20.1Maple 24

Interconnection mode description:

The access is connected to the core switch through trunk, and the core switch is managed through link aggregation.

Up to the router. (here, the switch is used to simulate the Internet behavior management, and AC generally does the two-tier mode.)

In fact, the more popular mode is IRF+ access to dual uplink, which is more secure and avoids a single point of failure.

Its implementation principle is relatively simple, to put it bluntly, it can be realized by both core and access link aggregation. Here

Only use single link mode!

DHCP:

Generally done on the server, the core relay can be done, not too much explanation here.

II. Network Topology

Third, configure the script (if you are a beginner and do not have enough experience, it is recommended to type more commands)

Egress router configuration:

Sysname Out-Router

Nat address-group 1

Address 202.1.1.1 202.1.1.1

Quit

Acl advanced 3000

Rule 10 permit ip source 192.168.0.0 0.0.255.255

Quit

Interface GigabitEthernet 0/1

Nat outbound 3000 address-group 1

Quit

Ip route-static 0.0.0.0 0 202.1.1.2

Ip route-static 192.168.0.0 16 192.168.90.2

Core switch configuration

Sysname Core-1

Machine A has been changed to mem 1 before.

Irf member 1 priority 32

Interface range Ten-GigabitEthernet1/0/49 to Ten-

GigabitEthernet1/0/52

Shut

Quit

Irf-port 1/1

Port group interface Ten-GigabitEthernet 1-0-49

Port group interface Ten-GigabitEthernet 1-0-50

Port group interface Ten-GigabitEthernet 1-0-51

Port group interface Ten-GigabitEthernet 1-0-52

Quit

Irf-port-configuration active

Retu

Save

Machine B has been changed to mem 2 before.

Irf member 2 priority 1

Interface range Ten-GigabitEthernet2/0/49 to Ten-

GigabitEthernet2/0/52

Shut

Quit

Irf-port 2/2

Port group interface Ten-GigabitEthernet 2-0-49

Port group interface Ten-GigabitEthernet 2-0-50

Port group interface Ten-GigabitEthernet 2-0-51

Port group interface Ten-GigabitEthernet 2-0-52

Quit

Irf-port-configuration active

Retu

Save

When you open the IRF port and connect the IRF cable, you will be prompted to restart the device. The restart figure is as follows:

AC configuration: simulate the layer 2 mode of AC through the switch, which is basically layer 2 transparent transmission.

Vlan 900

Quit

Interface Bridge-Aggregation1000

Port link-type access

Port access vlan 900

Quit

Interface GigabitEthernet1/0/47

Port link-type access

Port access vlan 900

Port link-aggregation group 1000

Quit

Interface GigabitEthernet1/0/48

Port link-type access

Port access vlan 900

Port link-aggregation group 1000

Quit

Interface GigabitEthernet1/0/1

Port link-type access

Port access vlan 900

Quit

Access switch configuration:

LI-2-6 can be configured as follows: manage address and release VLAN

Sysname LI-1

Vlan 10

Quit

Vlan 1000

Quit

Int vl 1000

Ip add 192.168.100.11 24

Quit

Stp global enable

Stp mode rstp

Lldp global enable

Int ran g0/0/1 to g0/0/46

Port link-type access

Port default vlan 10

Stp edged-port enable

Quit

Int g0/0/48

Port link-type trunk

Des to-CORE

Port trunk allow vlan 10 1000

Quit

Ip route-static 0.0.0.0 0.0.0.0 192.168.100.1

Test:

Go to ping 202.1.1.2 on LI-1 and check the egress router NAT hit

Test 2, ping at the same time on the ISP router to view debug ip icmp information, indicating that NAT is successful.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.