项目简介:
某集团公司原在北京建立了总公司,后在上海建立了分公司,又在长沙建立了办事处。集团全网采用路由协议进行互联互通。
总公司、分公司、办事处、Internet的网络结构详见拓扑图。编号为SW1、SW2、SW3的设备作为总公司核心交换机;编号FW1的设备作为总公司互联网出口防火墙;编号为FW2的设备作为分公司互联网出口防火墙;编号为RT1的设备作为互联网出口路由器;编号为RT2的设备作为办事处路由器;编号为AC1的设备作为无线控制器,通过与办事处AP1配合实现所属区域无线覆盖。
网络搭建请查看我的其他文章
本次使用设备:神州数码产品线
- 三层交换机:CS6200-28X-Pro
1.配置SW1、SW2、SW3的Vlan,二层链路只允许相关Vlan通过,不限制vlan1。
Vlan编号 端口 说明
SW1 Vlan11 E1/0/1 产品1段
Vlan12 E1/0/2 营销1段
Vlan13 E1/0/3 财务1段
Vlan14 E1/0/4 行政1段
SW2 Vlan21 E1/0/1 产品2段
Vlan22 E1/0/2 营销2段
Vlan23 E1/0/3 财务2段
Vlan24 E1/0/4 行政2段
SW3 Vlan31 E1/0/1 产品3段
Vlan32 E1/0/2 营销3段
Vlan33 E1/0/3 财务3段
Vlan34 E1/0/4 行政3段
SW1配置:
注:相关vlan的创建在“2024网络建设与运维赛题-网络配置”的两篇文章中。
SW1(config)#vlan 11
SW1(config-vlan11)#name CP1D
SW1(config-vlan11)#vlan 12
SW1(config-vlan12)#name YX1D
SW1(config-vlan12)#vlan 13
SW1(config-vlan13)#name CW1D
SW1(config-vlan13)#vlan 14
SW1(config-vlan14)#name XZ1D
SW1(config-vlan14)#interface ethernet 1/0/1
SW1(config-if-ethernet1/0/1)#switchport access vlan 11
Set the port Ethernet1/0/1 access vlan 11 successfully
SW1(config-if-ethernet1/0/1)#interface ethernet 1/0/2
SW1(config-if-ethernet1/0/2)#switchport access vlan 12
Set the port Ethernet1/0/2 access vlan 12 successfully
SW1(config-if-ethernet1/0/2)#interface ethernet 1/0/3
SW1(config-if-ethernet1/0/3)#switchport access vlan 13
Set the port Ethernet1/0/3 access vlan 13 successfully
SW1(config-if-ethernet1/0/3)#interface ethernet 1/0/4
SW1(config-if-ethernet1/0/4)#switchport access vlan 14
Set the port Ethernet1/0/4 access vlan 14 successfully
SW1(config-if-ethernet1/0/4)#interface ethernet 1/0/19
SW1(config-if-ethernet1/0/19)#switchport access vlan 1019
Set the port Ethernet1/0/19 access vlan 1019 successfully
SW1(config-if-ethernet1/0/19)#interface ethernet 1/0/20
SW1(config-if-ethernet1/0/20)#switchport access vlan 1020
Set the port Ethernet1/0/20 access vlan 1020 successfully
SW1(config-if-ethernet1/0/20)#interface ethernet 1/0/22
SW1(config-if-ethernet1/0/22)#switchport access vlan 1022
Set the port Ethernet1/0/22 access vlan 1022 successfully
SW1(config-if-ethernet1/0/22)#interface ethernet 1/0/17
SW1(config-if-ethernet1/0/17)#switchport access vlan 2017
Set the port Ethernet1/0/17 access vlan 2017 successfully
SW1(config-if-ethernet1/0/17)#interface ethernet 1/0/18
SW1(config-if-ethernet1/0/18)#switchport access vlan 2018
Set the port Ethernet1/0/18 access vlan 2018 successfully
SW1(config-if-ethernet1/0/18)#interface ethernet 1/0/13
SW1(config-if-ethernet1/0/13)#switchport access vlan 3013
Set the port Ethernet1/0/13 access vlan 3013 successfully
SW1(config-if-ethernet1/0/13)#interface ethernet 1/0/14
SW1(config-if-ethernet1/0/14)#switchport access vlan 3014
Set the port Ethernet1/0/14 access vlan 3014 successfully
SW1(config-if-ethernet1/0/14)#interface ethernet 1/0/15
SW1(config-if-ethernet1/0/15)#switchport access vlan 3015
Set the port Ethernet1/0/15 access vlan 3015 successfully
SW1(config-if-ethernet1/0/15)#exit
SW1(config)#interface ethernet 1/0/23-24
SW1(config-if-port-range)#switchport mode trunk
Set the port Ethernet1/0/23 mode Trunk successfully
Set the port Ethernet1/0/24 mode Trunk successfully
SW1(config-if-port-range)#switchport trunk allowed vlan 11-14;21-24;31-34
set the trunk port Ethernet1/0/23 allowed vlan successfully.
set the trunk port Ethernet1/0/24 allowed vlan successfully.
SW1(config-if-port-range)#exit
SW2配置:
SW2(config)#vlan 21
SW2(config-vlan21)#name CP2D
SW2(config-vlan21)#vlan 22
SW2(config-vlan22)#name YX2D
SW2(config-vlan22)#vlan 23
SW2(config-vlan23)#name CW2D
SW2(config-vlan23)#vlan 24
SW2(config-vlan24)#name XZ2D
SW2(config-vlan24)#exit
SW2(config)#interface ethernet 1/0/1
SW2(config-if-ethernet1/0/1)#switchport access vlan 21
Set the port Ethernet1/0/1 access vlan 21 successfully
SW2(config-if-ethernet1/0/1)#interface ethernet 1/0/2
SW2(config-if-ethernet1/0/2)#switchport access vlan 22
Set the port Ethernet1/0/2 access vlan 22 successfully
SW2(config-if-ethernet1/0/2)#interface ethernet 1/0/3
SW2(config-if-ethernet1/0/3)#switchport access vlan 23
Set the port Ethernet1/0/3 access vlan 23 successfully
SW2(config-if-ethernet1/0/3)#interface ethernet 1/0/4
SW2(config-if-ethernet1/0/4)#switchport access vlan 24
Set the port Ethernet1/0/4 access vlan 24 successfully
SW2(config-if-ethernet1/0/4)#interface ethernet 1/0/19
SW2(config-if-ethernet1/0/19)#switchport access vlan 1019
Set the port Ethernet1/0/19 access vlan 1019 successfully
SW2(config-if-ethernet1/0/19)#interface ethernet 1/0/20
SW2(config-if-ethernet1/0/20)#switchport access vlan 1020
Set the port Ethernet1/0/20 access vlan 1020 successfully
SW2(config-if-ethernet1/0/20)#interface ethernet 1/0/22
SW2(config-if-ethernet1/0/22)#switchport access vlan 1022
Set the port Ethernet1/0/22 access vlan 1022 successfully
SW2(config-if-ethernet1/0/22)#interface ethernet 1/0/17
SW2(config-if-ethernet1/0/17)#switchport access vlan 2017
Set the port Ethernet1/0/17 access vlan 2017 successfully
SW2(config-if-ethernet1/0/17)#interface ethernet 1/0/18
SW2(config-if-ethernet1/0/18)#switchport access vlan 2018
Set the port Ethernet1/0/18 access vlan 2018 successfully
SW2(config-if-ethernet1/0/18)#interface ethernet 1/0/13
SW2(config-if-ethernet1/0/13)#switchport access vlan 3013
Set the port Ethernet1/0/13 access vlan 3013 successfully
SW2(config-if-ethernet1/0/13)#interface ethernet 1/0/14
SW2(config-if-ethernet1/0/14)#switchport access vlan 3014
Set the port Ethernet1/0/14 access vlan 3014 successfully
SW2(config-if-ethernet1/0/14)#interface ethernet 1/0/15
SW2(config-if-ethernet1/0/15)#switchport access vlan 3015
Set the port Ethernet1/0/15 access vlan 3015 successfully
SW2(config-if-ethernet1/0/15)#exit
SW2(config)#interface ethernet 1/0/23-24
SW2(config-if-port-range)#switchport mode trunk
Set the port Ethernet1/0/23 mode Trunk successfully
Set the port Ethernet1/0/24 mode Trunk successfully
SW2(config-if-port-range)#switchport trunk allowed vlan 11-14;21-24;31-34
set the trunk port Ethernet1/0/23 allowed vlan successfully.
set the trunk port Ethernet1/0/24 allowed vlan successfully.
SW2(config-if-port-range)#exit
SW3配置:
SW3(config)#vlan 31
SW3(config-vlan31)#name CP3D
SW3(config-vlan31)#vlan 32
SW3(config-vlan32)#name YX3D
SW3(config-vlan32)#vlan 33
SW3(config-vlan33)#name CW3D
SW3(config-vlan33)#vlan 34
SW3(config-vlan34)#name XZ3D
SW3(config-vlan34)#exit
SW3(config)#interface ethernet 1/0/1
SW3(config-if-ethernet1/0/1)#switchport access vlan 31
Set the port Ethernet1/0/1 access vlan 31 successfully
SW3(config-if-ethernet1/0/1)#interface ethernet 1/0/2
SW3(config-if-ethernet1/0/2)#switchport access vlan 32
Set the port Ethernet1/0/2 access vlan 32 successfully
SW3(config-if-ethernet1/0/2)#interface ethernet 1/0/3
SW3(config-if-ethernet1/0/3)#switchport access vlan 33
Set the port Ethernet1/0/3 access vlan 33 successfully
SW3(config-if-ethernet1/0/3)#interface ethernet 1/0/4
SW3(config-if-ethernet1/0/4)#switchport access vlan 34
Set the port Ethernet1/0/4 access vlan 34 successfully
SW3(config-if-ethernet1/0/4)#interface ethernet 1/0/19
SW3(config-if-ethernet1/0/19)#switchport access vlan 1019
Set the port Ethernet1/0/19 access vlan 1019 successfully
SW3(config-if-ethernet1/0/19)#interface ethernet 1/0/20
SW3(config-if-ethernet1/0/20)#switchport access vlan 1020
Set the port Ethernet1/0/20 access vlan 1020 successfully
SW3(config-if-ethernet1/0/20)#interface ethernet 1/0/17
SW3(config-if-ethernet1/0/17)#switchport access vlan 2017
Set the port Ethernet1/0/17 access vlan 2017 successfully
SW3(config-if-ethernet1/0/17)#interface ethernet 1/0/18
SW3(config-if-ethernet1/0/18)#switchport access vlan 2018
Set the port Ethernet1/0/18 access vlan 2018 successfully
SW3(config-if-ethernet1/0/18)#interface ethernet 1/0/13
SW3(config-if-ethernet1/0/13)#switchport access vlan 3013
Set the port Ethernet1/0/13 access vlan 3013 successfully
SW3(config-if-ethernet1/0/13)#interface ethernet 1/0/14
SW3(config-if-ethernet1/0/14)#switchport access vlan 3014
Set the port Ethernet1/0/14 access vlan 3014 successfully
SW3(config-if-ethernet1/0/14)#interface ethernet 1/0/15
SW3(config-if-ethernet1/0/15)#switchport access vlan 3015
Set the port Ethernet1/0/15 access vlan 3015 successfully
SW3(config-if-ethernet1/0/15)#exit
2.SW1和SW2之间利用连接在E1/0/23和E1/0/24端口的两条光缆实现链路聚合,编号为1,用LACP协议,SW1为active,SW2为active。
SW1配置:
SW1(config)#port-group 1
SW1(config)#interface ethernet 1/0/23-24
SW1(config-if-port-range)#port-group 1 mode active
SW1(config-if-port-range)#exit
SW2配置:
SW2(config)#port-group 1
SW2(config)#interface ethernet 1/0/23-24
SW2(config-if-port-range)#port-group 1 mode active
SW2(config-if-port-range)#exit
3.SW1、SW2、SW3模拟分公司交换机,VPN实例名称为Branch,RD为1:1。SW1、SW2、SW3、RT1、RT2模拟Internet交换机,VPN实例名称为Internet,RD为2:2。
SW1配置:
SW1(config)#ip vrf Branch
SW1(config-vrf)#rd 1:1
SW1(config-vrf)#exit
SW1(config)#ip vrf Internet
SW1(config-vrf)#rd 2:2
SW1(config-vrf)#exit
SW2配置:
SW2(config)#ip vrf Branch
SW2(config-vrf)#rd 1:1
SW2(config-vrf)#exit
SW2(config)#ip vrf Internet
SW2(config-vrf)#rd 2:2
SW2(config-vrf)#exit
SW3配置:
SW3(config)#ip vrf Branch
SW3(config-vrf)#rd 1:1
SW3(config-vrf)#exit
SW3(config)#ip vrf Internet
SW3(config-vrf)#rd 2:2
SW3(config-vrf)#exit
