任务背景描述:
某集团公司原在城市 A 建立了总公司,后在城市 B 建立了分公司,又在城市 C 设立了办事处。集团设有产品、营销、法务、财务、人力5 个部门,统一进行 IP 及业务资源的规划和分配,全网采用 OSPF、RIP、ISIS、BGP 路由协议进行互联互通。
随着企业数字化转型工作进一步推进,为持续优化运营创新,充分激活数据要素潜能,为社会创造更多价值,集团决定在总公司建立两个数据中心,在某省建立异地灾备数据中心,以达到快速、可靠交换数据,增强业务部署弹性的目的,完成向两地三中心整体战略架构演进,更好的服务于公司客户。
集团、分公司及办事处的网络结构详见拓扑图。编号为 SW1 的设备作为总公司 1#DC 核心交换机,编号为 SW2 的设备作为总公司 2#DC核心交换机;编号为 SW3 的设备作为某省灾备 DC 核心交换机;编号FW1 的设备作为总公司互联网出口防火墙;编号为 FW2 的设备作为办事处防火墙;编号为 RT1 的设备作为总公司核心路由器;编号为 RT2的设备作为分公司路由器;编号为 AC1 的设备作为分公司的有线无线智能一体化控制器,通过与 AP1 配合实现所属区域无线覆盖。
注意:在此典型互联网应用网络架构中,作为 IT 网络运维人员,请根据拓扑构建完整的系统环境,使整体网络架构具有良好的稳定性、安全性、可扩展性。请完成所有配置后,需从客户端进行测试,确保能正常访问到相应应用。
网络拓扑图及 IP 地址表:
1.网络拓扑图
2.IP 地址表
设备名称 设备接口 IP 地址
RT1 Loopback1 ospfv2 ospfv3 bgp mpls 10.4.5.1/32
2001:10:4:5::1/128
RT1 Loopback2 rip ripng 10.4.5.2/32
2001:10:4:5::2/128
RT1 Loopback3 isis10.4.5.3/32
2001:10:4:5::3/128
RT1 Loopback4 集团与办事处互联 10.4.5.4/32
2001:10:4:5::4/128
RT1 Loopback5 vpn 财务 10.4.5.5/32
2001:10:4:5::5/128
RT1 G0/0 10.4.255.33/3 0
RT1 G0/1 10.4.255.18/30
RT1 G0/2 10.4.255.21/30
RT1 G0/3 10.4.255.25/30
RT1 S1/0 10.4.255.37/30
RT1 S1/1 10.4.255.41/30
RT2 Loopback1 ospfv2 ospfv3 bgp mpls 10.4.6.1/32
2001:10:4:6::1/128
RT2 Loopback2 rip ripng 10.4.6.2/32
2001:10:4:6::2/128
RT2 Loopback3 isis 10.4.6.3/32
2001:10:4:6::3/128
RT2 Loopback4 ipsecvpn 10.4.6.4/32
2001:10:4:6::4/128
RT2 Tunnel4 ipsecvpn 10.4.255.50/30
RT2 Loopback5 vpn 财务 10.4.6.5/32
2001:10:4:6::5/128
RT2 G0/0 10.4.255.34/30
RT2 G0/1 10.4.255.45/30
RT2 G0/2 200.200.200.6/30
RT2 S1/0 10.4.255.42/30
RT2 S1/1 10.4.255.38/30
FW1 Loopback1 ospfv2 ospfv3 trust 10.4.7.1/32
2001:10:4:7::1/128
FW1 Loopback2 rip ripng trust 10.4.7.2/32
2001:10:4:7::2/128
FW1 Loopback3 isis trust 10.4.7.3/32
2001:10:4:7::3/128
FW1 Loopback4 ipsecvpn trust 10.4.7.4/32
2001:10:4:7::4/128
FW1 Tunnel4 ipsecvpn VPNHUB 10.4.255.49/30
FW1 E0/1 trust 10.4.255.13/30
FW1 E0/2 trust 10.4.255.17/30
FW1 E0/3 untrust 200.200.200.2/30
FW2 Loopback1 ospfv2 ospfv3 trust 10.4.8.1/32
2001:10:4:8::1/128
FW2 E0/1 dmz 10.4.255.26/30
FW2 E0/2 trust 10.4.255.29/30
RT1
Router>enable
Router#config
Router_config#hostname RT1
RT1_config#interface loopback 1
RT1_config_l1#ip address 10.4.5.1 255.255.255.255
RT1_config_l1#ipv6 address 2001:10:4:5::1/128
RT1_config_l1#interface loopback 2
RT1_config_l2#ip address 10.4.5.2 255.255.255.255
RT1_config_l2#ipv6 address 2001:10:4:5::2/128
RT1_config_l2#interface loopback 3
RT1_config_l3#ip address 10.4.5.3 255.255.255.255
RT1_config_l3#ipv6 address 2001:10:4:5::3/128
RT1_config_l3#interface loopback 4
RT1_config_l4#ip address 10.4.5.4 255.255.255.255
RT1_config_l4#ipv6 address 2001:10:4:5::4/128
RT1_config_l4#interface loopback 5
RT1_config_l5#ip address 10.4.5.5 255.255.255.255
RT1_config_l5#ipv6 address 2001:10:4:5::5/128
RT1_config_l5#exit
RT1_config#interface gigaEthernet 0/0
RT1_config_g0/0#ip address 10.4.255.33 255.255.255.252
RT1_config_g0/0#interface gigaEthernet 0/1
RT1_config_g0/1#ip address 10.4.255.18 255.255.255.252
RT1_config_g0/1#interface gigaEthernet 0/2
RT1_config_g0/2#ip address 10.4.255.21 255.255.255.252
RT1_config_g0/2#interface gigaEthernet 0/3
RT1_config_g0/3#ip address 10.4.255.25 255.255.255.252
RT1_config_g0/3#interface serial 1/0
RT1_config_s1/0#ip address 10.4.255.37 255.255.255.252
RT1_config_s1/0#interface serial 1/1
RT1_config_s1/1#ip address 10.4.255.41 255.255.255.252
RT1_config_s1/1#exit
RT2
Router>enable
Router#config
Router_config#hostname RT2
RT2_config#interface loopback 1
RT2_config_l1#ip address 10.4.6.1 255.255.255.255
RT2_config_l1#ipv6 address 2001:10:4:6::1/128
RT2_config_l1#interface loopback 2
RT2_config_l2#ip address 10.4.6.2 255.255.255.255
RT2_config_l2#ipv6 address 2001:10:4:6::2/128
RT2_config_l2#interface loopback 3
RT2_config_l3#ip address 10.4.6.3 255.255.255.255
RT2_config_l3#ipv6 address 2001:10:4:6::3/128
RT2_config_l3#interface loopback 4
RT2_config_l4#ip address 10.4.6.4 255.255.255.255
RT2_config_l4#ipv6 address 2001:10:4:6::4/128
RT2_config_l4#interface loopback 5
RT2_config_l5#ip address 10.4.6.5 255.255.255.255
RT2_config_l5#ipv6 address 2001:10:4:6::5/128
RT2_config_l5#exit
RT2_config#interface tunnel 4
RT2_config_t4#ip address 10.4.255.50 255.255.255.252
RT2_config_t4#exit
RT2_config#interface gigaEthernet 0/0
RT2_config_g0/0#ip address 10.4.255.34 255.255.255.252
RT2_config_g0/0#interface gigaEthernet 0/1
RT2_config_g0/1#ip address 10.4.255.45 255.255.255.252
RT2_config_g0/1#interface gigaEthernet 0/2
RT2_config_g0/2#ip address 200.200.200.6 255.255.255.252
RT2_config_g0/2#interface serial 1/0
RT2_config_s1/0#ip address 10.4.255.42 255.255.255.252
RT2_config_s1/0#interface serial 1/1
RT2_config_s1/1#ip address 10.4.255.38 255.255.255.252
RT2_config_s1/1#exit
FW1
login: admin
password:
Administrator is logging in with default account and password, please change yo!
new password:
Please input the new password again
new password:
DCFW-1800# configure
DCFW-1800(config)# hostname FW1
FW1(config)# interface loopback1
FW1(config-if-loo1)# zone trust
FW1(config-if-loo1)# ip address 10.4.7.1 255.255.255.255
FW1(config-if-loo1)# ipv6 enable
FW1(config-if-loo1)# ipv6 address 2001:10:4:7::1/128
FW1(config-if-loo1)# interface loopback2
FW1(config-if-loo2)# zone trust
FW1(config-if-loo2)# ip address 10.4.7.2 255.255.255.255
FW1(config-if-loo2)# ipv6 enable
FW1(config-if-loo2)# ipv6 address 2001:10:4:7::2/128
FW1(config-if-loo2)# interface loopback3
FW1(config-if-loo3)# zone trust
FW1(config-if-loo3)# ip address 10.4.7.3 255.255.255.255
FW1(config-if-loo3)# ipv6 enable
FW1(config-if-loo3)# ipv6 address 2001:10:4:7::3/128
FW1(config-if-loo3)# interface loopback4
FW1(config-if-loo4)# zone trust
FW1(config-if-loo4)# ip address 10.4.7.4 255.255.255.255
FW1(config-if-loo4)# ipv6 enable
FW1(config-if-loo4)# ipv6 address 2001:10:4:7::4/128
FW1(config-if-loo4)# exit
FW1(config)# interface tunnel4
FW1(config-if-tun4)# zone VPNHub
FW1(config-if-tun4)# ip address 10.4.255.49 255.255.255.252
FW1(config-if-tun4)# exit
FW1(config)# interface ethernet0/1
FW1(config-if-eth0/1)# zone trust
FW1(config-if-eth0/1)# ip address 10.4.255.13 255.255.255.252
FW1(config-if-eth0/1)# interface ethernet0/2
FW1(config-if-eth0/2)# zone trust
FW1(config-if-eth0/2)# ip address 10.4.255.17 255.255.255.252
FW1(config-if-eth0/2)# interface ethernet0/3
FW1(config-if-eth0/3)# zone untrust
FW1(config-if-eth0/3)# ip address 200.200.200.2 255.255.255.252
FW1(config-if-eth0/3)# exit
FW2
login: admin
password:
Administrator is logging in with default account and password, please change yo!
new password:
Please input the new password again
new password:
DCFW-1800# configure
DCFW-1800(config)# hostname FW2
FW2(config)# interface loopback1
FW2(config-if-loo1)# zone trust
FW2(config-if-loo1)# ip address 10.4.8.1 255.255.255.255
FW2(config-if-loo1)# ipv6 enable
FW2(config-if-loo1)# ipv6 address 2001:10:4:8::1/128
FW2(config-if-loo1)# exit
FW2(config)# interface ethernet0/1
FW2(config-if-eth0/1)# zone dmz
FW2(config-if-eth0/1)# ip address 10.4.255.26 255.255.255.252
FW2(config-if-eth0/1)# interface ethernet0/2
FW2(config-if-eth0/2)# zone trust
FW2(config-if-eth0/2)# ip address 10.4.255.29 255.255.255.252
FW2(config-if-eth0/2)# exit
