中小企业综合布网实践配置
Posted 天空飘雨
tags:
篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了中小企业综合布网实践配置相关的知识,希望对你有一定的参考价值。
1.网络环境介绍
接入层设备配置有MSTP生成树协议,分配VLAN
汇聚设备配置MSTP协议,VLAN网关,VRRP网关,BFD技术,链路聚合技术,ospf路由协议
核心层配置easy IP nat技术,默认出口路由,内网ospf路由
2.配置顺序
1.在汇聚交换机和接入交换机开启LLDP协议,可以发现邻居交换机接口
lldp enable
display lldp neighbor brief
2.配置SW1-SW2交换机之间链路聚合
interface Eth-Trunk0
mode lacp-static
interface GigabitEthernet0/0/1
eth-trunk 0
interface GigabitEthernet0/0/2
eth-trunk 0
display eth-trunk 0
3.配置汇聚交换机TRUNK SW1-SW2:
interface Eth-Trunk0
port link-type trunk
port trunk allow-pass vlan 10 20 30 40
interface GigabitEthernet0/0/3
port link-type trunk
port trunk allow-pass vlan 10 20 30 40
interface GigabitEthernet0/0/4
port link-type trunk
port trunk allow-pass vlan 10 20 30 40
interface GigabitEthernet0/0/5
port link-type trunk
port trunk allow-pass vlan 10 20 30 40
interface GigabitEthernet0/0/6
port link-type trunk
port trunk allow-pass vlan 10 20 30 40
4.配置接入层交换机TRUNK SW3\\SW4\\SW5\\SW6
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 10 20 30 40
interface GigabitEthernet0/0/2
port link-type trunk
port trunk allow-pass vlan 10 20 30 40
interface GigabitEthernet0/0/3
port link-type access
port default vlan 10 、20 、30 、40
5.配置交换机MSTP SW1-SW2-SW3\\4\\5\\6
stp mode mstp
stp region-configuration
region-name huawei
instance 1 vlan 10 20
instance 2 vlan 30 40
active region-configuration
SW-1:
stp instance 2 root secondary
stp instance 1 root primary
SW-2:
stp instance 1 root secondary
stp instance 2 root primary
6.SW3\\4\\5\\6 优化STP配置
stp edged-port default
interface GigabitEthernet0/0/1
stp edged-port disable
interface GigabitEthernet0/0/2
stp edged-port disable
stp bpdu-protection
7.配置汇聚SW1-SW2网关
interface Vlanif10
ip address 192.168.10.251 255.255.255.0
interface Vlanif20
ip address 192.168.20.251 255.255.255.0
interface Vlanif30
ip address 192.168.30.251 255.255.255.0
interface Vlanif40
ip address 192.168.40.251 255.255.255.0
interface Vlanif10
ip address 192.168.10.252 255.255.255.0
interface Vlanif20
ip address 192.168.20.252 255.255.255.0
interface Vlanif30
ip address 192.168.30.252 255.255.255.0
interface Vlanif40
ip address 192.168.40.252 255.255.255.0
8.配置VRRP网关:
SW1:
interface Vlanif10
vrrp vrid 10 virtual-ip 192.168.10.254
vrrp vrid 10 priority 150
interface Vlanif20
vrrp vrid 20 virtual-ip 192.168.20.254
vrrp vrid 20 priority 150
interface Vlanif30
vrrp vrid 30 virtual-ip 192.168.30.254
interface Vlanif40
vrrp vrid 40 virtual-ip 192.168.40.254
SW2:
interface Vlanif10
vrrp vrid 10 virtual-ip 192.168.10.254
interface Vlanif20
vrrp vrid 20 virtual-ip 192.168.20.254
interface Vlanif30
vrrp vrid 30 virtual-ip 192.168.30.254
vrrp vrid 30 priority 150
interface Vlanif40
vrrp vrid 40 virtual-ip 192.168.40.254
vrrp vrid 40 priority 150
9.配置路由器NAT技术
R1:
interface GigabitEthernet0/0/1
ip address 13.1.1.1 255.255.255.0
acl number 2000
rule 5 permit source 192.168.10.0 0.0.0.255
rule 10 permit source 192.168.20.0 0.0.0.255
rule 15 permit source 192.168.40.0 0.0.0.255
rule 25 permit source 192.168.30.0 0.0.0.255
interface GigabitEthernet0/0/1
nat outbound 2000
R2:
interface GigabitEthernet0/0/2
ip address 23.1.1.2 255.255.255.0
acl number 2000
rule 5 permit source 192.168.10.0 0.0.0.255
rule 10 permit source 192.168.20.0 0.0.0.255
rule 15 permit source 192.168.40.0 0.0.0.255
rule 25 permit source 192.168.30.0 0.0.0.255
interface GigabitEthernet0/0/2
nat outbound 2000
R3:
interface GigabitEthernet0/0/1
ip address 13.1.1.3 255.255.255.0
interface GigabitEthernet0/0/2
ip address 23.1.1.3 255.255.255.0
10.配置内网路由
9.配置内网路由
SW1-SW2
interface Vlanif100
ip address 192.168.100.1 255.255.255.0
interface GigabitEthernet0/0/24
port link-type access
port default vlan 100
interface Vlanif200
ip address 192.168.200.1 255.255.255.0
interface GigabitEthernet0/0/24
port link-type access
port default vlan 200
R1-R2
interface GigabitEthernet0/0/0
ip address 192.168.100.2 255.255.255.0
interface GigabitEthernet0/0/0
ip address 192.168.200.2 255.255.255.0
配置ospf路由协议
SW1-SW2
ospf 1 router-id 100.1.1.1
area 0.0.0.0
network 192.168.100.0 0.0.0.255
network 192.168.10.0 0.0.0.255
network 192.168.20.0 0.0.0.255
network 192.168.30.0 0.0.0.255
network 192.168.40.0 0.0.0.255
ospf 1 router-id 200.1.1.1
area 0.0.0.0
network 192.168.200.0 0.0.0.255
network 192.168.10.0 0.0.0.255
network 192.168.20.0 0.0.0.255
network 192.168.30.0 0.0.0.255
network 192.168.40.0 0.0.0.255
ip route-static 0.0.0.0 0.0.0.0 192.168.100.2
ip route-static 0.0.0.0 0.0.0.0 192.168.200.2
R1-R2
ospf 1 router-id 1.1.1.1
area 0.0.0.0
network 192.168.100.0 0.0.0.255
ospf 1 router-id 2.2.2.2
area 0.0.0.0
network 192.168.200.0 0.0.0.255
ip route-static 0.0.0.0 0.0.0.0 13.1.1.3
ip route-static 0.0.0.0 0.0.0.0 23.1.1.3
11.优化配置安全
10.配置BFD
SW1-SW2
bfd tor1 bind peer-ip 192.168.100.2 source-ip 192.168.100.1 auto
bfd tor2 bind peer-ip 192.168.200.2 source-ip 192.168.200.1 auto
SW1:
vrrp vrid 10 track bfd-session session-name tor1 reduced 100
vrrp vrid 20 track bfd-session session-name tor1 reduced 100
SW2:
vrrp vrid 30 track bfd-session session-name tor2 reduced 100
vrrp vrid 40 track bfd-session session-name tor2 reduced 100
R1-R2
bfd tosw1 bind peer-ip 192.168.100.1 source-ip 192.168.100.2 auto
bfd tosw2 bind peer-ip 192.168.200.1 source-ip 192.168.200.2 auto
12.下发默认路由
ospf 下发默认路由
default-route-advertise
4.所有设备详细配置信息
SW-1
sysname SW1
#
vlan batch 10 20 30 40 100
#
stp instance 0 priority 0
stp instance 1 root primary
stp instance 2 root secondary
#
lacp priority 0
#
cluster enable
ntdp enable
ndp enable
#
lldp enable
#
drop illegal-mac alarm
#
diffserv domain default
#
stp region-configuration
region-name huawei
instance 1 vlan 10 20
instance 2 vlan 30 40
active region-configuration
#
bfd
#
drop-profile default
#
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password simple admin
local-user admin service-type http
#
interface Vlanif1
#
interface Vlanif10
ip address 192.168.10.251 255.255.255.0
vrrp vrid 10 virtual-ip 192.168.10.254
vrrp vrid 10 priority 150
vrrp vrid 10 track bfd-session session-name tor1 reduced 100
#
interface Vlanif20
ip address 192.168.20.251 255.255.255.0
vrrp vrid 20 virtual-ip 192.168.20.254
vrrp vrid 20 priority 150
vrrp vrid 20 track bfd-session session-name tor1 reduced 100
#
interface Vlanif30
ip address 192.168.30.251 255.255.255.0
vrrp vrid 30 virtual-ip 192.168.30.254
#
interface Vlanif40
ip address 192.168.40.251 255.255.255.0
vrrp vrid 40 virtual-ip 192.168.40.254
#
interface Vlanif100
ip address 192.168.100.1 255.255.255.0
#
interface MEth0/0/1
#
interface Eth-Trunk0
port link-type trunk
port trunk allow-pass vlan 10 20 30 40
mode lacp-static
#
interface GigabitEthernet0/0/1
eth-trunk 0
#
interface GigabitEthernet0/0/2
eth-trunk 0
#
interface GigabitEthernet0/0/3
port link-type trunk
port trunk allow-pass vlan 10 20 30 40
#
interface GigabitEthernet0/0/4
port link-type trunk
port trunk allow-pass vlan 10 20 30 40
#
interface GigabitEthernet0/0/5
port link-type trunk
port trunk allow-pass vlan 10 20 30 40
#
interface GigabitEthernet0/0/6
port link-type trunk
port trunk allow-pass vlan 10 20 30 40
#
interface GigabitEthernet0/0/7
#
interface GigabitEthernet0/0/8
#
interface GigabitEthernet0/0/9
#
interface GigabitEthernet0/0/10
#
interface GigabitEthernet0/0/11
#
interface GigabitEthernet0/0/12
#
interface GigabitEthernet0/0/13
#
interface GigabitEthernet0/0/14
#
interface GigabitEthernet0/0/15
#
interface GigabitEthernet0/0/16
#
interface GigabitEthernet0/0/17
#
interface GigabitEthernet0/0/18
#
interface GigabitEthernet0/0/19
#
interface GigabitEthernet0/0/20
#
interface GigabitEthernet0/0/21
#
interface GigabitEthernet0/0/22
#
interface GigabitEthernet0/0/23
#
interface GigabitEthernet0/0/24
port link-type access
port default vlan 100
stp edged-port enable
#
interface NULL0
#
bfd tor1 bind peer-ip 192.168.100.2 source-ip 192.168.100.1 auto
commit
#
ospf 1 router-id 100.1.1.1
area 0.0.0.0
network 192.168.100.0 0.0.0.255
network 192.168.10.0 0.0.0.255
network 192.168.20.0 0.0.0.255
network 192.168.30.0 0.0.0.255
network 192.168.40.0 0.0.0.255
#
user-interface con 0
user-interface vty 0 4
#
return
SW-2 sysname SW2
#
vlan batch 10 20 30 40 200
#
stp instance 0 priority 4096
stp instance 1 root secondary
stp instance 2 root primary
#
lacp priority 1
#
cluster enable
ntdp enable
ndp enable
#
lldp enable
#
drop illegal-mac alarm
#
diffserv domain default
#
stp region-configuration
region-name huawei
instance 1 vlan 10 20
instance 2 vlan 30 40
active region-configuration
#
bfd
#
drop-profile default
#
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password simple admin
local-user admin service-type http
#
interface Vlanif1
#
interface Vlanif10
ip address 192.168.10.252 255.255.255.0
vrrp vrid 10 virtual-ip 192.168.10.254
#
interface Vlanif20
ip address 192.168.20.252 255.255.255.0
vrrp vrid 20 virtual-ip 192.168.20.254
#
interface Vlanif30
ip address 192.168.30.252 255.255.255.0
vrrp vrid 30 virtual-ip 192.168.30.254
vrrp vrid 30 priority 150
vrrp vrid 30 track bfd-session session-name tor2 reduced 100
#
interface Vlanif40
ip address 192.168.40.252 255.255.255.0
vrrp vrid 40 virtual-ip 192.168.40.254
vrrp vrid 40 priority 150
vrrp vrid 40 track bfd-session session
以上是关于中小企业综合布网实践配置的主要内容,如果未能解决你的问题,请参考以下文章