配置三层交换的综合事例

简介:
这个配置没有任何问题。

只要你能看明白,记住关键的命令,相信你已经对三层有更深的认识。



****************************************************************

网络基本情况


网络拓扑结构为:中心交换机采用Cisco Catalyst 4006-S3,

Supervisor Engine III G引擎位于第1插槽,用于实现三层交换;1块24口

1000Base-T模块位于第2插槽,用于连接网络服务器;1块6端口1000Base-X模块位

于第3插槽,用于连接6台骨干交换机。一台交换机采用Cisco Catalyst 3550-

24-EMI,并安装1块1000Base-X GBIC千兆模块。一台交换机采用Cisco 

Catalyst 3550-24-SMI,也安装1块1000Base-X GBIC千兆模块。另外四台交换机

采用Cisco Catalyst 2950G-24-SMI,安装1块1000Base-T GBIC千兆模块。

所有服务器划分为一个VLAN,即VLAN 50。四台Catalyst 2950G-24-SMI交换机也只划分为一个VLAN,分别为VLAN 60、VLAN 70、VLAN 80和VLAN 90。

Catalyst 3550-24-EMI划分为4个VLAN,分别为VLAN 10、VLAN 20、VLAN 30和

VLAN 40。Catalyst 3550-24-SMI划分2个VLAN,分别为VLAN 60和VLAN 80,与另

外两台Catalyst 2950G-24-SMI交换机分别位于同一VLAN。



***************************实例分析****************************


由于所有Catalyst 2950G交换机都是一个独立的VLAN,因此,必须先在

这些交换机上创建VLAN(VLAN 60~VLAN 90),并将所有端口都指定至该VLAN。然

后,再在Catalyst 4006交换机相应端口上分别创建VLAN。Catalyst 4006的

1000Base-X端口分别与各Catalyst 2950G的1000Base-X端口连接。其中,

GigabitEthernet3/2端口连接至1号Catalyst 2950交换机(VLAN 60),GigabitEthernet3/3端口连接至2号Catalyst 2950交换机(VLAN 70),GigabitEthernet3/4端口连接至3号Catalyst 2950交换机(VLAN 80),GigabitEthernet3/5端口连接至4号Catalyst 2950交换机(VLAN 90),GigabitEthernet3/6端口连接至6号楼交换机(VLAN 80)。


由于在Catalyst 3550-24-EMI上划分有4个VLAN(VLAN 10~VLAN 40),而4个VLAN都需借助于一条1000Base-X链路实现与Catalyst 4006的GigabitEthernet3/1端口连接,因此,必须在Catalyst 4006与Catalyst 3550-24- EMI之间创建一个Trunk。


同样,在Catalyst 3550-24-SMI上划分有2个VLAN(VLAN 60和VLAN 80),而4个VLAN都需借助于一条1000Base-X链路实现与Catalyst 4006的GigabitEthernet3/6端口连接,因此,必须在Catalyst 4006与Catalyst 3550-24- EMI之间创建一个Trunk。


另外,所有服务器均连接至Catalyst 4006的1000Base-T模块,并单独成为一个VLAN(VLAN 90),因此,也必须为这些交换机创建一个VLAN,并将所有端口指定至该VLAN。需要注意的是,考虑到网络管理的需要,也可以剩余几个RJ-45端口(如21至24端口)不指定至任何VLAN,从而便于连接网络管理设备。默认状态下,所有端口都属于VLAN1,而且也只有在VLAN1中才能实现对网络中所有设备的管理。


***************************配置清单******************************


●Cisco Catalyst 4006交换机配置清单
Current configuration : 5594 bytes
!
version 12.1
no service pad
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
service compress-config
!
hostname hsnc
!
boot system bootflash:cat4000-is-mz.121-8a.EW1.bin
no logging console
enable secret level 1 5 $1$rkQW$1HKyKdN5f.Ri5zxeoF8Yv/
!
ip subnet-zero
!
!
!
interface GigabitEthernet1/1
no snmp trap link-status
!--不为Supervisor Engine III G引擎中的1000Base-X插槽指定VLAN
interface GigabitEthernet1/2
no snmp trap link-status
!
!
interface GigabitEthernet2/1
switchport access vlan 50
no snmp trap link-status
!--将端口GigabitEthernet2/1指定至VLAN 50
!
interface GigabitEthernet2/2
switchport access vlan 50
no snmp trap link-status
!
interface GigabitEthernet2/3
switchport access vlan 50
no snmp trap link-status
!
interface GigabitEthernet2/4
switchport access vlan 50
no snmp trap link-status
!
interface GigabitEthernet2/5
switchport access vlan 50
no snmp trap link-status
!
interface GigabitEthernet2/6
switchport access vlan 50
no snmp trap link-status
!
interface GigabitEthernet2/7
switchport access vlan 50
no snmp trap link-status
!
interface GigabitEthernet2/8
switchport access vlan 50
no snmp trap link-status
!
interface GigabitEthernet2/9
switchport access vlan 50
no snmp trap link-status
!
interface GigabitEthernet2/10
switchport access vlan 50
no snmp trap link-status
!
interface GigabitEthernet2/11
switchport access vlan 50
no snmp trap link-status
!
interface GigabitEthernet2/12
switchport access vlan 50
no snmp trap link-status
!
interface GigabitEthernet2/13
switchport access vlan 50
no snmp trap link-status
!
interface GigabitEthernet2/14
switchport access vlan 50
no snmp trap link-status
!
interface GigabitEthernet2/15
switchport access vlan 50
no snmp trap link-status
!
interface GigabitEthernet2/16
switchport access vlan 50
no snmp trap link-status
!
interface GigabitEthernet2/17
switchport access vlan 50
no snmp trap link-status
!
interface GigabitEthernet2/18
switchport access vlan 50
no snmp trap link-status
!
interface GigabitEthernet2/19
switchport access vlan 50
no snmp trap link-status
!
interface GigabitEthernet2/20
switchport access vlan 50
no snmp trap link-status
!--不将GigabitEthernet2/20~24指定至任何VLAN
!
interface GigabitEthernet3/1
switchport trunk encapsulation dot1q
!--启用802.1Q Trunk封装协议,即在该端口创建Trunk
switchport trunk allowed vlan 1-80
!--允许vlan 1-90在该中继线通讯
!--可以拒绝或允许某个VLAN访问该Trunk
!--确保未被授权的VLAN通过该Trunk,实现VLAN的访问安全
switchport mode trunk
!--将该端口设置为Trunk 
description netcenter
no snmp trap link-status
!
interface GigabitEthernet3/2
switchport access vlan 60
no snmp trap link-status
!--将端口GigabitEthernet3/2指定至VLAN 60
!
interface GigabitEthernet3/3
switchport access vlan 70
no snmp trap link-status
!--将端口GigabitEthernet3/3指定至VLAN 70
!
interface GigabitEthernet3/4
switchport access vlan 80
no snmp trap link-status
!--将端口GigabitEthernet3/4指定至VLAN 80
!
interface GigabitEthernet3/5
switchport access vlan 90
no snmp trap link-status
!--将端口GigabitEthernet3/5指定至VLAN 90
!
interface GigabitEthernet3/6
switchport trunk encapsulation dot1q
!--启用802.1Q Trunk封装协议,即在该端口创建Trunk
switchport trunk allowed vlan 1-80
!--允许vlan 1-90在该中继线通讯
!--可以拒绝或允许某个VLAN访问该Trunk
!--从而确保未被授权的VLAN通过该Trunk,实现VLAN访问安全
switchport mode trunk
!--将该端口设置为Trunk 
description netcenter
no snmp trap link-status
!
interface Vlan1
description netmanger
no ip address
!
!--对VLAN1进行描述
interface Vlan10
description network center
no ip address
!--对VLAN2进行描述
!
interface Vlan20
description computer center
no ip address
!
interface Vlan30
description network lab
no ip address
!
interface Vlan40
description huaxuelou
no ip address
!
interface Vlan50
description wulilou
no ip address
!
interface Vlan60
description shengwulou
no ip address
!
interface Vlan70
description zhongwenxi
no ip address
!
interface Vlan80
description tushuguan
no ip address
!
!
line con 0
stopbits 1
line vty 0 4
password aaa
login
!
end
 
 
 
 
●Cisco Catalyst 3550-EMI配置清单
Building configuration...

Current configuration : 4055 bytes
!
version 12.1
no service pad
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname office
!
enable secret 5 $1$p0fU$JeyPOM0RuL.Fqfe71efHF1
!
ip subnet-zero
!
!
spanning-tree extend system-id
!
!
!
interface FastEthernet0/1
switchport access vlan 10
!--将端口FastEthernet0/1指定至VLAN 10
no ip address
!
interface FastEthernet0/2
switchport access vlan 10
no ip address
!
interface FastEthernet0/3
switchport access vlan 10
no ip address
!
interface FastEthernet0/4
switchport access vlan 10
no ip address
!
interface FastEthernet0/5
switchport access vlan 10
no ip address
!
interface FastEthernet0/6
switchport access vlan 20
no ip address
!--将端口FastEthernet0/6指定至VLAN 20
!
interface FastEthernet0/7
switchport access vlan 20
no ip address
!
interface FastEthernet0/8
switchport access vlan 20
no ip address
!
interface FastEthernet0/9
switchport access vlan 20
no ip address
!
interface FastEthernet0/10
switchport access vlan 20
no ip address
!
interface FastEthernet0/11
switchport access vlan 30
no ip address
!--将端口FastEthernet0/6指定至VLAN 30
!
interface FastEthernet0/12
switchport access vlan 30
no ip address
!
interface FastEthernet0/13
switchport access vlan 30
no ip address
!
interface FastEthernet0/14
switchport access vlan 30
no ip address
!
interface FastEthernet0/15
switchport access vlan 30
no ip address
!
interface FastEthernet0/16
switchport access vlan 30
no ip address
!
interface FastEthernet0/17
switchport access vlan 30
no ip address
!
interface FastEthernet0/18
switchport access vlan 30
no ip address
!
interface FastEthernet0/19
switchport access vlan 40
no ip address
!--将端口FastEthernet0/6指定至VLAN 40
!
interface FastEthernet0/20
switchport access vlan 40
no ip address
!
interface FastEthernet0/21
switchport access vlan 40
no ip address
!
interface FastEthernet0/22
switchport access vlan 30
no ip address
!
interface FastEthernet0/23
switchport access vlan 40
no ip address
!
interface FastEthernet0/24
switchport access vlan 40
no ip address
!
interface GigabitEthernet0/1
switchport trunk encapsulation dot1q
!--启用802.1Q Trunk封装协议,即在该端口创建Trunk
switchport trunk allowed vlan 1-80
!--允许vlan 1-80在该中继线通讯
switchport mode trunk
!--将该端口设置为Trunk 
no ip address
!
interface GigabitEthernet0/2
no ip address
!
interface Vlan1
ip address 172.16.100.12 255.255.255.0
!--LAN1指定IP地址
no ip route-cache
no ip mroute-cache
!
ip classless
ip http server
!
!
!
!
line con 0
line vty 0 4
password aaa
login
line vty 5 15
login
!
end
 
 

●Cisco Catalyst 3550-SMI配置清单
Building configuration...

Current configuration : 4055 bytes
!
version 12.1
no service pad
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname office
!
enable secret 5 $1$p0fU$JeyPOM0RuL.Fqfe71efHF1
!
ip subnet-zero
!
!
spanning-tree extend system-id
!
!
!
interface FastEthernet0/1
switchport access vlan 60
!--将端口FastEthernet0/1指定至VLAN 60
no ip address
!
interface FastEthernet0/2
switchport access vlan 60
no ip address
!
interface FastEthernet0/3
switchport access vlan 60
no ip address
!
interface FastEthernet0/4
switchport access vlan 60
no ip address
!
interface FastEthernet0/5
switchport access vlan 60
no ip address
!
interface FastEthernet0/6
switchport access vlan 20
no ip address
!--将端口FastEthernet0/6指定至VLAN 20
!
interface FastEthernet0/7
switchport access vlan 20
no ip address
!
interface FastEthernet0/8
switchport access vlan 20
no ip address
!
interface FastEthernet0/9
switchport access vlan 20
no ip address
!
interface FastEthernet0/10
switchport access vlan 20
no ip address
!
interface FastEthernet0/11
switchport access vlan 80
no ip address
!--将端口FastEthernet0/6指定至VLAN 80
!
interface FastEthernet0/12
switchport access vlan 80
no ip address
!
interface FastEthernet0/13
switchport access vlan 80
no ip address
!
interface FastEthernet0/14
switchport access vlan 80
no ip address
!
interface FastEthernet0/15
switchport access vlan 80
no ip address
!
interface FastEthernet0/16
switchport access vlan 80
no ip address
!
interface FastEthernet0/17
switchport access vlan 80
no ip address
!
interface FastEthernet0/18
switchport access vlan 80
no ip address
!
interface FastEthernet0/19
switchport access vlan 80
no ip address
!--将端口FastEthernet0/6指定至VLAN 80
!
interface FastEthernet0/20
switchport access vlan 80
no ip address
!
interface FastEthernet0/21
switchport access vlan 80
no ip address
!
interface FastEthernet0/22
switchport access vlan 80
no ip address
!
interface FastEthernet0/23
switchport access vlan 80
no ip address
!
interface FastEthernet0/24
switchport access vlan 80
no ip address
!
interface GigabitEthernet0/1
switchport trunk encapsulation dot1q
!--启用802.1Q Trunk封装协议,即在该端口创建Trunk
switchport trunk allowed vlan 1-80
!--允许vlan 1-80在该中继线通讯
switchport mode trunk
!--从将该端口设置为Trunk 
no ip address
!
interface GigabitEthernet0/2
no ip address
!
interface Vlan1
ip address 172.16.100.13 255.255.255.0
!--为LAN1指定IP地址
no ip route-cache
no ip mroute-cache
!
ip classless
ip http server
!
!
!
!
line con 0
line vty 0 4
password aaa
login
line vty 5 15
login
!
end
 
 
 
 
●Cisco Catalyst 2950G配置清单
四台Cisco Catalyst 2950G的配置基本相同,下面仅列出VLAN 60的配置情况。
Building configuration...

Current configuration : 2143 bytes
!
version 12.1
no service pad
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname msl
!
enable password aaa
!
ip subnet-zero
!
!
spanning-tree extend system-id
!
!
interface FastEthernet0/1
switchport access vlan 60
no ip address
!
interface FastEthernet0/2
switchport access vlan 60
no ip address
!
interface FastEthernet0/3
switchport access vlan 60
no ip address
!
interface FastEthernet0/4
switchport access vlan 60
no ip address
!
interface FastEthernet0/5
switchport access vlan 60
no ip address
!
interface FastEthernet0/6
switchport access vlan 60
no ip address
!
interface FastEthernet0/7
switchport access vlan 60
no ip address
!
interface FastEthernet0/8
switchport access vlan 60
no ip address
!
interface FastEthernet0/9
switchport access vlan 60
no ip address
!
interface FastEthernet0/10
switchport access vlan 60
no ip address
!
interface FastEthernet0/11
switchport access vlan 60
no ip address
!
interface FastEthernet0/12
switchport access vlan 60
no ip address
!
interface FastEthernet0/13
switchport access vlan 60
no ip address
!
interface FastEthernet0/14
switchport access vlan 60
no ip address
!
interface FastEthernet0/15
switchport access vlan 60
no ip address
!
interface FastEthernet0/16
switchport access vlan 60
no ip address
!
interface FastEthernet0/17
switchport access vlan 60
no ip address
!
interface FastEthernet0/18
switchport access vlan 60
no ip address
!
interface FastEthernet0/19
switchport access vlan 60
no ip address
!
interface FastEthernet0/20
switchport access vlan 60
no ip address
!
interface FastEthernet0/21
switchport access vlan 60
no ip address
!
interface FastEthernet0/22
switchport access vlan 60
no ip address
!
interface FastEthernet0/23
switchport access vlan 60
no ip address
!
interface FastEthernet0/24
switchport access vlan 60
no ip address
!
interface GigabitEthernet0/1
no ip address
!
interface GigabitEthernet0/2
no ip address
!
interface Vlan1
ip address 172.16.100.10 255.255.255.0
!
ip classless
ip http server
!
!
!
!
line con 0
line vty 0 4
password aaa
login
line vty 5 15
login
!
end


本文转自 萧湘月 51CTO博客,原文链接:http://blog.51cto.com/sniffer/21142,如需转载请自行联系原作者
相关文章
|
3月前
|
网络协议 网络架构
OSPF邻居关系建立失败?揭秘网络工程师面试中最常见的难题,这些关键步骤你掌握了吗?网络配置的陷阱就在这里!
【8月更文挑战第19天】OSPF是网络工程中确保数据高效传输的关键协议。但常遇难题:路由器间无法建立OSPF邻居关系,影响网络稳定并成为面试热点。解决此问题需检查网络连通性(如使用`ping`),确认OSPF区域配置一致(通过`show running-config`),校准Hello与Dead计时器(配置`hello`和`dead`命令),及核查IP地址和子网掩码正确无误(使用`ip address`)。系统排查上述因素可确保OSPF稳定运行。
70 2
|
安全 网络安全
简述防火墙安全区域划分和组网模式及小实验案例
简述防火墙安全区域划分和组网模式及小实验案例
215 1
简述防火墙安全区域划分和组网模式及小实验案例
|
监控 算法
Booth算法在局域网监控软件中的运用和具体例子
通过使用Booth算法,局域网监控软件可以更加高效地完成IP地址匹配、范围查询和信息更新等任务,提高软件的性能和效率,从而更好地满足用户的监控和管理需求
284 0
|
网络协议 网络虚拟化 网络架构
路由与交换利用ENSP模拟器分析和配置中小型企业网络的综合实验(上)
路由与交换利用ENSP模拟器分析和配置中小型企业网络的综合实验
4133 1
路由与交换利用ENSP模拟器分析和配置中小型企业网络的综合实验(上)
|
网络协议 数据库 数据安全/隐私保护
路由与交换利用ENSP模拟器分析和配置中小型企业网络的综合实验(中)
路由与交换利用ENSP模拟器分析和配置中小型企业网络的综合实验
4007 1
路由与交换利用ENSP模拟器分析和配置中小型企业网络的综合实验(中)
|
负载均衡 网络协议 安全
路由与交换利用ENSP模拟器分析和配置中小型企业网络的综合实验(下)
路由与交换利用ENSP模拟器分析和配置中小型企业网络的综合实验纪实
3939 1
路由与交换利用ENSP模拟器分析和配置中小型企业网络的综合实验(下)
|
存储 边缘计算 缓存
带你读《思科软件定义访问 : 实现基于业务意图的园区网络》第三章软件定义访问运作方法3.1(二)
《思科软件定义访问 : 实现基于业务意图的园区网络》第三章软件定义访问运作方法3.1
带你读《思科软件定义访问 : 实现基于业务意图的园区网络》第三章软件定义访问运作方法3.1(二)
|
边缘计算 网络虚拟化
带你读《思科软件定义访问 : 实现基于业务意图的园区网络》第三章软件定义访问运作方法3.2
带你读《思科软件定义访问 : 实现基于业务意图的园区网络》第三章软件定义访问运作方法3.2
带你读《思科软件定义访问 : 实现基于业务意图的园区网络》第三章软件定义访问运作方法3.2
|
安全 算法 数据挖掘
5G 网络结构 |带你读《5G无线网络规划与设计》之三
利用多域数据源的可扩展的、以服务为中心的数据分析算法,以及可靠的安全机制,将以一种值得信赖的方式实现在公共基础架构上部署具有不同虚拟化网络功能的定制网络服务。
5G 网络结构 |带你读《5G无线网络规划与设计》之三