组网实训实现

小型单元网络实现

IP划分：

外网:172.1.1.0/24

172.1.2.0/24

内网：基于192.168.3.0/24的子网划分

综合办公楼：192.168.3.00 000000 /26（192.168.3.0-192.168.3.63）

综合一楼：192.168.3.0000 0000 /28（.0-.15） vlan10

综合二楼：192.168.3.0001 0000 /28（.16-.31） vlan20

综合三楼：192.168.3.0010 0000 /28（.32-.47） vlan30

综合楼预留地址：192.168.3.0011 0000 /28（.48-.63）

女生公寓： 192.168.3.01 000000 /26（192.168.3.64-192.168.3.127）

女生一楼： 192.168.3.01 000 000 /29（.64-.71） vlan 40

女生二楼： 192.168.3.01 001 000 /29（.72-.79） vlan 50

女生三楼： 192.168.3.01 010 000 /29（.80-.87） vlan 60

女生四楼： 192.168.3.01 011 000 /29（.88-.95） vlan 70

女生五楼： 192.168.3.01 100 000 /29（.96-.103） vlan 80

女生六楼： 192.168.3.01 101 000 /29（.104-.111）vlan 90

女生公寓预留地址：192.168.3.0111 0 000 /29（.112-.127）

男生公寓： 192.168.3.10 000000 /26（192.168.3.128-192.168.3.191）

男生一楼：192.168.3.10 000 000 /29（.128-.135） vlan 100

男生二楼：192.168.3.10 001 000 /29（.136-.143） vlan 110

男生三楼：192.168.3.10 010 000 /29（.144-.151） vlan 120

男生四楼：192.168.3.10 011 000 /29（.152-.159） vlan 130

男生五楼：192.168.3.10 100 000 /29（.160-.167） vlan 140

男生六楼：192.168.3.10 101 000 /29（.168-.175） vlan 150

男生公寓预留地址：192.168.3.10 11 0 000 /28（.176-.191）

业务管理： 192.168.3.110 00000 /27（192.168.3.192-192.168.3.223）

HTTP管理一：192.168.3.110 00 000 /29（.192-.199） vlan 300

FTP 管理二：192.168.3.110 01 000 /29（.200-.207） vlan 310

DNS 管理三：192.168.3.110 10 000 /29（.208-.215） vlan 320

管理预留地址：192.168.3.110 11 000 /29（.216-.223）

vlanif200： 192.168.3.1110 0000/28（.224-.239）

vlanif210： 192.168.3.11110 000/29（.240-.247）

内网总预留地址： 192.168.3.11111 000/29（.248-.255）

undo info-center enable // 关闭自动弹出的信息

LSW2：

2. LSW1，LSW2之间链路做聚合

LSW1\]interface Eth-Trunk 1 \[LSW1-Eth-Trunk1\]mode manual load-balance \[LSW1-Eth-Trunk1\]trunkport GigabitEthernet 0/0/2 0/0/22 \[LSW2\]interface Eth-Trunk 1 \[LSW2-Eth-Trunk1\]mode manual load-balance \[LSW2-Eth-Trunk1\]trunkport GigabitEthernet 0/0/2 0/0/22 综合办公楼： LSW5： > \[LSW5\]vlan 10 > > \[LSW5-vlan10\]q > > > \[LSW5\]interface GigabitEthernet 0/0/1 > > \[LSW5-GigabitEthernet0/0/1\]port link-type access > > \[LSW5-GigabitEthernet0/0/1\]port default vlan 10 > > \[LSW5-GigabitEthernet0/0/1\]q > > > \[LSW5\]interface GigabitEthernet 0/0/5 > > \[LSW5-GigabitEthernet0/0/5\]port link-type trunk > > \[LSW5-GigabitEthernet0/0/5\]port trunk allow-pass vlan all LSW6： > \[LSW6\]vlan 20 > > \[LSW6-vlan20\]q > > > \[LSW6\]interface GigabitEthernet 0/0/1 > > \[LSW6-GigabitEthernet0/0/1\]port link-type access > > \[LSW6-GigabitEthernet0/0/1\]port default vlan 20 > > \[LSW6-GigabitEthernet0/0/1\]q > > > \[LSW6\]interface GigabitEthernet 0/0/6 > > \[LSW6-GigabitEthernet0/0/6\]port link-type trunk > > \[LSW6-GigabitEthernet0/0/6\]port trunk allow-pass vlan all LSW7： > \[LSW7\]vlan 30 > > \[LSW7-vlan20\]q > > > \[LSW7\]interface GigabitEthernet 0/0/1 > > \[LSW7-GigabitEthernet0/0/1\]port link-type access > > \[LSW7-GigabitEthernet0/0/1\]port default vlan 30 > > \[LSW7-GigabitEthernet0/0/1\]q > > > \[LSW7\]interface GigabitEthernet 0/0/7 > > \[LSW7-GigabitEthernet0/0/6\]port link-type trunk > > \[LSW7-GigabitEthernet0/0/6\]port trunk allow-pass vlan all > LSW2： > \[LSW2\]vlan batch 10 20 30 200 > > \[LSW2\]interface Vlanif200 > > \[LSW2-Vlanif200\]ip address 192.168.3.225 255.255.255.240 > > > \[LSW2\]interface GigabitEthernet 0/0/5 > > \[LSW2-GigabitEthernet0/0/5\]port link-type trunk > > \[LSW2-GigabitEthernet0/0/5\]port trunk allow-pass vlan all > > > \[LSW2-GigabitEthernet0/0/5\]int vlanif 10 > > \[LSW2-Vlanif10\]ip address 192.168.3.14 28 > > \[LSW2-Vlanif10\]q > > > \[LSW2\]interface GigabitEthernet 0/0/6 > > \[LSW2-GigabitEthernet0/0/6\]port link-type trunk > > \[LSW2-GigabitEthernet0/0/6\]port trunk allow-pass vlan all > > > \[LSW2-GigabitEthernet0/0/6\]int vlanif 20 > > \[LSW2-Vlanif20\]ip address 192.168.3.30 28 > > \[LSW2-Vlanif20\]q > > > \[LSW2\]interface GigabitEthernet 0/0/7 > > \[LSW2-GigabitEthernet0/0/7\]port link-type trunk > > \[LSW2-GigabitEthernet0/0/7\]port trunk allow-pass vlan all > > > \[LSW2-GigabitEthernet0/0/7\]int vlanif 30 > > \[LSW2-Vlanif30\]ip address 192.168.3.46 28 > > > \[LSW2\]interface GigabitEthernet 0/0/2 > > \[LSW2-GigabitEthernet0/0/2\]port link-type trunk > > \[LSW2-GigabitEthernet0/0/2\]port trunk allow-pass vlan all > > \[LSW2-GigabitEthernet0/0/2\]q > > > \[LSW2\]interface GigabitEthernet 0/0/22 > > \[LSW2-GigabitEthernet0/0/22\]port link-type trunk > > \[LSW2-GigabitEthernet0/0/22\]port trunk allow-pass vlan all > > \[LSW2-GigabitEthernet0/0/22\]q > > > \[LSW2\]ip route-static 0.0.0.0 0.0.0.0 192.168.3.238 测试：  LSW1核心交换机： > \[LSW1\]vlan batch 10 20 30 200 210 > > \[LSW1\]dhcp enable > > Info: The operation may take a few seconds. Please wait for a moment.done. > > \[LSW1\]int vlanif 10 > > \[LSW1-Vlanif10\]ip address 192.168.3.14 28 > > \[LSW1-Vlanif10\]dhcp select interface > > \[LSW1-Vlanif10\]dhcp server dns-list 114.114.114.114 8.8.8.8 > > \[LSW1\]int vlanif 20 > > \[LSW1-Vlanif20\]ip address 192.168.3.30 28 > > \[LSW1-Vlanif20\]dhcp select interface > > \[LSW1-Vlanif20\]dhcp server dns-list 114.114.114.114 8.8.8.8 > > \[LSW1-Vlanif20\]q > > > \[LSW1\]int vlanif 30 > > \[LSW1-Vlanif30\]ip address 192.168.3.46 28 > > \[LSW1-Vlanif30\]dhcp select interface > > \[LSW1-Vlanif30\]dhcp server dns-list 114.114.114.114 8.8.8.8 > > \[LSW1-Vlanif30\]q > > > \[LSW1\]int vlanif 200 > > \[LSW1-Vlanif200\]ip address 192.168.3.238 28 > > \[LSW1-Vlanif200\]q > > > \[LSW1\]interface GigabitEthernet 0/0/2 > > \[LSW1-GigabitEthernet0/0/2\]port link-type trunk > > \[LSW1-GigabitEthernet0/0/2\]port trunk allow-pass vlan all > > \[LSW1-GigabitEthernet0/0/2\]q > > > \[LSW1\]interface GigabitEthernet 0/0/22 > > \[LSW1-GigabitEthernet0/0/22\]port link-type trunk > > \[LSW1-GigabitEthernet0/0/22\]port trunk allow-pass vlan all > > \[LSW1-GigabitEthernet0/0/22\]q > > > \[LSW1\]interface GigabitEthernet 0/0/1 > > \[LSW1-GigabitEthernet0/0/1\]port link-type access > > \[LSW1-GigabitEthernet0/0/1\]port default vlan 210 > > \[LSW1-GigabitEthernet0/0/1\]q > > \[LSW1\]int vlanif 210 > > \[LSW1-Vlanif210\]ip address 192.168.3.246 28 > > > \[LSW1\]ip route-static 0.0.0.0 0.0.0.0 192.168.3.241 > > R1出口路由的配置： > \[R1\]interface GigabitEthernet0/0/0 > > \[R1-GigabitEthernet0/0/0\]ip address 192.168.3.241 29 > > \[R1\]ip route-static 192.168.3.14 255.255.255.240 192.168.3.246 > > \[R1\]ip route-static 192.168.3.30 255.255.255.240 192.168.3.246 > > \[R1\]ip route-static 192.168.3.46 255.255.255.240 192.168.3.246 > > \[R1\]ip route-static 192.168.3.238 255.255.255.240 192.168.3.246 > 测试：   nat： \[R1-acl-basic-2000\]rule permit source 192.168.3.0 0.0.0.255 \[R1-acl-basic-2000\]q \[R1\]interface GigabitEthernet0/0/1 \[R1-GigabitEthernet0/0/1\]ip address 172.1.1.1 24 \[R1-GigabitEthernet0/0/1\]nat address-group 1 172.1.1.5 172.1.1.10 \[R1-GigabitEthernet0/0/1\]nat outbound 2000 address-group 1 no-pat 测试：  地址静态绑定，打印机场景。 \[LSW1\]dhcp snooping en \[LSW1\]vlan 10 \[LSW1-vlan10\]dhcp snooping enable \[LSW1-vlan10\]ip source check user-bind en 测试：  女生公寓部分： LSW8： > \[LSW8\]vlan 40 > > \[LSW8-vlan40\]q > > \[LSW8\]interface GigabitEthernet 0/0/1 > > \[LSW8-GigabitEthernet0/0/1\]port link-type access > > \[LSW8-GigabitEthernet0/0/1\]port default vlan 40 > > \[LSW8-GigabitEthernet0/0/1\]q > > > \[LSW8\]interface GigabitEthernet 0/0/8 > > \[LSW8-GigabitEthernet0/0/8\]port link-type trunk > > \[LSW8-GigabitEthernet0/0/8\]port trunk allow-pass vlan all LSW9： > \[LSW9\]vlan 50 > > \[LSW9-vlan50\]q > > > \[LSW9\]interface GigabitEthernet 0/0/1 > > \[LSW9-GigabitEthernet0/0/1\]port link-type access > > \[LSW9-GigabitEthernet0/0/1\]port default vlan 50 > > \[LSW9-GigabitEthernet0/0/1\]q > > > \[LSW9\]interface GigabitEthernet 0/0/9 > > \[LSW9-GigabitEthernet0/0/9\]port link-type trunk > > \[LSW9-GigabitEthernet0/0/9\]port trunk allow-pass vlan all LSW10: > \[LSW10\]vlan 60 > > \[LSW10-vlan60\]q > > > \[LSW10\]interface GigabitEthernet 0/0/1 > > \[LSW10-GigabitEthernet0/0/1\]port link-type access > > \[LSW10-GigabitEthernet0/0/1\]port default vlan 60 > > \[LSW10-GigabitEthernet0/0/1\]q > > > \[LSW10\]interface GigabitEthernet 0/0/10 > > \[LSW10-GigabitEthernet0/0/10\]port link-type trunk > > \[LSW10-GigabitEthernet0/0/10\]port trunk allow-pass vlan all LSW11: > \[LSW11\]vlan 70 > > \[LSW11-vlan70\]q > > > \[LSW11\]interface GigabitEthernet 0/0/1 > > \[LSW11-GigabitEthernet0/0/1\]port link-type access > > \[LSW11-GigabitEthernet0/0/1\]port default vlan 70 > > \[LSW11-GigabitEthernet0/0/1\]q > > > \[LSW11\]interface GigabitEthernet 0/0/11 > > \[LSW11-GigabitEthernet0/0/11\]port link-type trunk > > \[LSW11-GigabitEthernet0/0/11\]port trunk allow-pass vlan all LSW12: > \[LSW12\]vlan 80 > > \[LSW12-vlan80\]q > > > \[LSW12\]interface GigabitEthernet 0/0/1 > > \[LSW12-GigabitEthernet0/0/1\]port link-type access > > \[LSW12-GigabitEthernet0/0/1\]port default vlan 80 > > \[LSW12-GigabitEthernet0/0/1\]q > > > \[LSW12\]interface GigabitEthernet 0/0/12 > > \[LSW12-GigabitEthernet0/0/12\]port link-type trunk > > \[LSW12-GigabitEthernet0/0/12\]port trunk allow-pass vlan all LSW13: > \[LSW13\]vlan 90 > > \[LSW13-vlan90\]q > > > \[LSW13\]interface GigabitEthernet 0/0/1 > > \[LSW13-GigabitEthernet0/0/1\]port link-type access > > \[LSW13-GigabitEthernet0/0/1\]port default vlan 90 > > \[LSW13-GigabitEthernet0/0/1\]q > > > \[LSW13\]interface GigabitEthernet 0/0/13 > > \[LSW13-GigabitEthernet0/0/13\]port link-type trunk > > \[LSW13-GigabitEthernet0/0/13\]port trunk allow-pass vlan all LSW3: > \[LSW3\]vlan batch 40 50 60 70 80 90 200 > > > \[LSW3-Vlanif200\]ip address 192.168.3.226 28 > > \[LSW3-Vlanif200\]q > > > \[LSW3\]int g 0/0/8 > > \[LSW3-GigabitEthernet0/0/8\]port link-type trunk > > \[LSW3-GigabitEthernet0/0/8\]port trunk allow-pass vlan > > \[LSW3-GigabitEthernet0/0/8\]port trunk allow-pass vlan all > > \[LSW3-GigabitEthernet0/0/8\]int vlanif40 > > \[LSW3-Vlanif40\]ip address 192.168.3.70 29 > > > \[LSW3\]int g 0/0/9 > > \[LSW3-GigabitEthernet0/0/9\]port link-type trunk > > \[LSW3-GigabitEthernet0/0/9\]port trunk allow-pass vlan all > > \[LSW3-GigabitEthernet0/0/9\]int vlanif50 > > \[LSW3-Vlanif50\]ip address 192.168.3.78 29 > > > \[LSW3\]interface GigabitEthernet 0/0/10 > > \[LSW3-GigabitEthernet0/0/10\]port link-type trunk > > \[LSW3-GigabitEthernet0/0/10\]port trunk allow-pass vlan all > > \[LSW3-GigabitEthernet0/0/10\]int vlanif60 > > \[LSW3-Vlanif60\]ip address 192.168.3.86 29 > > \[LSW3-Vlanif60\]q > > > \[LSW3\]interface GigabitEthernet 0/0/11 > > \[LSW3-GigabitEthernet0/0/11\]port link-type trunk > > \[LSW3-GigabitEthernet0/0/11\]port trunk allow-pass vlan all > > \[LSW3-GigabitEthernet0/0/11\]int vlanif 70 > > \[LSW3-Vlanif70\]ip address 192.168.3.94 29 > > \[LSW3-Vlanif70\]q > > > \[LSW3\]interface GigabitEthernet 0/0/12 > > \[LSW3-GigabitEthernet0/0/12\]port link-type trunk > > \[LSW3-GigabitEthernet0/0/12\]port trunk allow-pass vlan all > > \[LSW3-GigabitEthernet0/0/12\]int vlanif 80 > > \[LSW3-Vlanif80\]ip address 192.168.3.102 29 > > \[LSW3-Vlanif80\]q > > > \[LSW3\]interface GigabitEthernet 0/0/13 > > \[LSW3-GigabitEthernet0/0/13\]port link-type trunk > > \[LSW3-GigabitEthernet0/0/13\]port trunk allow-pass vlan all > > \[LSW3-GigabitEthernet0/0/13\]int vlanif 90 > > \[LSW3-Vlanif90\]ip address 192.168.3.110 29 > > \[LSW3-Vlanif90\]q > > \[LSW3\]interface GigabitEthernet 0/0/3 > > \[LSW3-GigabitEthernet0/0/3\]port link-type trunk > > \[LSW3-GigabitEthernet0/0/3\]port trunk allow-pass vlan all > > \[LSW3-GigabitEthernet0/0/3\]q > > > \[LSW3\]interface GigabitEthernet 0/0/23 > > \[LSW3-GigabitEthernet0/0/23\]port link-type trunk > > \[LSW3-GigabitEthernet0/0/23\]port trunk allow-pass vlan all > > > \[LSW3\]ip route-static 0.0.0.0 0.0.0.0 192.168.3.238 测试：  LSW1核心交换机： > \[LSW1\]vlan batch 40 50 60 70 80 90 > > > interface Vlanif40 > > ip address 192.168.3.70 255.255.255.248 > > \[LSW1-Vlanif40\]dhcp select interface > > \[LSW1-Vlanif40\]dhcp server dns-list 114.114.114.114 8.8.8.8 > > \[LSW1-Vlanif40\]q > > > \[LSW1\]int vlanif 50 > > interface Vlanif50 > > ip address 192.168.3.78 255.255.255.248 > > \[LSW1-Vlanif50\]dhcp select interface > > \[LSW1-Vlanif50\]dhcp server dns-list 114.114.114.114 8.8.8.8 > > \[LSW1-Vlanif50\]q > > > \[LSW1\]int vlanif 60 > > \[LSW1-Vlanif60\]ip address 192.168.3.86 29 > > \[LSW1-Vlanif60\]dhcp select interface > > \[LSW1-Vlanif60\]dhcp server dns-list 114.114.114.114 8.8.8.8 > > \[LSW1-Vlanif60\]q > > > \[LSW1\]int vlanif 70 > > \[LSW1-Vlanif70\]ip address 192.168.3.94 29 > > \[LSW1-Vlanif70\]dhcp select interface > > \[LSW1-Vlanif70\]dhcp server dns-list 114.114.114.114 8.8.8.8 > > \[LSW1-Vlanif70\]q > > > \[LSW1\]int vlanif 80 > > \[LSW1-Vlanif80\]ip address 192.168.3.102 29 > > \[LSW1-Vlanif80\]dhcp select interface > > \[LSW1-Vlanif80\]dhcp server dns-list 114.114.114.114 8.8.8.8 > > \[LSW1-Vlanif80\]q > > > \[LSW1\]int vlanif 90 > > \[LSW1-Vlanif90\]ip address 192.168.3.110 29 > > \[LSW1-Vlanif90\]dhcp select interface > > \[LSW1-Vlanif90\]dhcp server dns-list 114.114.114.114 8.8.8.8 > > \[LSW1-Vlanif90\]q > > > \[LSW1\]interface GigabitEthernet 0/0/3 > > \[LSW1-GigabitEthernet0/0/3\]port link-type trunk > > \[LSW1-GigabitEthernet0/0/3\]port trunk allow-pass vlan all > > \[LSW1-GigabitEthernet0/0/3\]q > > > \[LSW1\]interface GigabitEthernet 0/0/23 > > \[LSW1-GigabitEthernet0/0/23\]port link-type trunk > > \[LSW1-GigabitEthernet0/0/23\]port trunk allow-pass vlan all > R1出口路由的配置： > \[AR1\]ip route-static 192.168.3.70 255.255.255.248 192.168.3.246 > > \[AR1\]ip route-static 192.168.3.78 255.255.255.248 192.168.3.246 > > \[AR1\]ip route-static 192.168.3.86 255.255.255.248 192.168.3.246 > > \[AR1\]ip route-static 192.168.3.94 255.255.255.248 192.168.3.246 > > \[AR1\]ip route-static 192.168.3.102 255.255.255.248 192.168.3.246 > > \[AR1\]ip route-static 192.168.3.110 255.255.255.248 192.168.3.246 > 测试：   ospf: AR1： > \[AR1\]ospf 1 > > \[AR1-ospf-1\]area 0 > > \[AR1-ospf-1-area-0.0.0.0\]network 172.1.1.0 0.0.0.255 AR2： > \[AR2-GigabitEthernet0/0/0\]ip address 172.1.2.1 24 > > \[AR2-GigabitEthernet0/0/0\]q > > > \[AR2\]ospf 1 > > \[AR2-ospf-1\]area 0 > > \[AR2-ospf-1-area-0.0.0.0\]network 172.1.1.0 0.0.0.255 > > \[AR2-ospf-1-area-0.0.0.0\]network 172.1.2.0 0.0.0.255   http，ftp，dns服务器部分： LSW20： > \[LSW20\]vlan batch 300 310 320 > > > \[LSW20\]int > > \[LSW20\]interface g > > \[LSW20\]interface GigabitEthernet 0/0/1 > > \[LSW20-GigabitEthernet0/0/1\]port link-type access > > \[LSW20-GigabitEthernet0/0/1\]port default vlan 300 > > > \[LSW20-GigabitEthernet0/0/1\]int g 0/0/2 > > \[LSW20-GigabitEthernet0/0/2\]port link-type access > > \[LSW20-GigabitEthernet0/0/2\]port default vlan 310 > > > \[LSW20-GigabitEthernet0/0/2\]int g 0/0/3 > > \[LSW20-GigabitEthernet0/0/3\]port link-type access > > \[LSW20-GigabitEthernet0/0/3\]port default vlan 320 > > \[LSW20-GigabitEthernet0/0/3\]q > > > \[LSW20\]int g 0/0/10 > > \[LSW20-GigabitEthernet0/0/10\]port link-type trunk > > \[LSW20-GigabitEthernet0/0/10\]port trunk allow-pass vlan all > > > \[LSW20-GigabitEthernet0/0/10\]int g 0/0/20 > > \[LSW20-GigabitEthernet0/0/20\]port link-type trunk > > \[LSW20-GigabitEthernet0/0/20\]port trunk allow-pass vlan all > LSW1： > \[LSW1\]int g 0/0/10 > > \[LSW1-GigabitEthernet0/0/10\]port link-type trunk > > \[LSW1-GigabitEthernet0/0/10\]port trunk allow-pass vlan all > > \[LSW1-GigabitEthernet0/0/10\]int g 0/0/20 > > \[LSW1-GigabitEthernet0/0/20\]port link-type trunk > > \[LSW1-GigabitEthernet0/0/20\]port trunk allow-pass vlan all > > > \[LSW1\]vlan batch 300 310 320 > > > \[LSW1-Vlanif320\]int vlanif 300 > > \[LSW1-Vlanif300\]ip address 192.168.3.198 29 > > \[LSW1-Vlanif300\]int vlanif 310 > > \[LSW1-Vlanif310\]ip address 192.168.3.206 29 > > \[LSW1-Vlanif310\]int vlanif 320 > > \[LSW1-Vlanif320\]ip address 192.168.3.214 29 > > dns：   http：   ftp:   用Client3测试： http：   ftp:  telnet: > \[AR1\]user-interface vty 0 4 > > \[AR1-ui-vty0-4\]authentication-mode aaa > > \[AR1\]aaa > > \[AR1-aaa\]local-user xiao privilege level 15 password cipher 22060503 > > \[AR1-aaa\]local-user xiao service-type telnet > > \[AR1-acl-adv-3000\]rule deny tcp source 192.168.3.64 0.0.0.192 destination 192.16 > > 8.3.241 0.0.0.0 destination-port eq 23 > > \[AR1\]int GigabitEthernet 0/0/1 > > \[AR1-GigabitEthernet0/0/1\]traffic-filter inbound acl 3000 测试：