ABC公司简介
公司下属两个部门(VLAN11,VLAN12)
ABC公司网络需求
公司的两个部门之间可以互访,可以访问Internet,
ABC公司网络建设要求
一.网络VLAN和IP地址。
二.第二层技术:
- VLAN。
- Trunk(封装为802.1Q)。
- 定制STP Root实现负载均衡。
- 使用Eth-Trunk。
- 使用MSTP
三.第三层技术:
- 路由:使用动态或静态路由。
- DHCP Server:为所有IP网段分配IP。
- 使用NAT访问Internet。
- 用VRRP实现负载均衡和冗余。
- VLAN 11 通过 ISP1(6.6.6.6)访问internet。
VLAN 12 通过 ISP2(7.7.7.7)访问internet。
syst
sysn ASW1
vlan ba 11 12
int ether 0/0/1
port link-ty tr
port trunk all vlan all
int ether 0/0/2
port link-ty tr
port trunk all vlan all
int ether 0/0/11
port link-ty acce
port default vlan 11
int ether 0/0/12
port link-ty acce
port default vlan 12
stp enable
stp mode mstp
stp region-c
region-name yh
revision-l 1
instance 1 vlan 11
instance 2 vlan 12
active region-c
q
user-interf con 0
idle-t 0 0
q
syst
sysn ASW2
vlan ba 11 12
int ether 0/0/1
port link-ty tr
port trunk all vlan all
int ether 0/0/2
port link-ty tr
port trunk all vlan all
int ether 0/0/11
port link-ty acce
port default vlan 11
int ether 0/0/12
port link-ty acce
port default vlan 12stp enable
stp mode mstp
stp region-c
region-name yh
revision-l 1
instance 1 vlan 11
instance 2 vlan 12
active region-c
quser-interf con 0
idle-t 0 0
q
syst
sysn DSW1
vlan ba 11 12 110 120
int eth-trunk 1
port link-ty tr
port trunk all vlan all
int g0/0/1
eth-trunk 1
int g0/0/2
eth-trunk 1
int g0/0/3
port link-ty tr
port trunk all vlan all
int g0/0/4
port link-ty tr
port trunk all vlan all
int g0/0/10
port link-ty access
port default vlan 110q
dhcp enable
ip pool vlan11
network 10.0.11.0 mask 255.255.255.0
gateway-list 10.0.11.254
dns-list 100.100.100.100
MSTP
stp enable
stp mode mstp
stp region-c
region-name yh
revision-l 1
instance 1 vlan 11
instance 2 vlan 12
active region-c
q
stp instance 1 prio 4096
stp instance 2 prio 8192int vlanif 11
ip add 10.0.11.1 24
vrrp vrid 11 virtual-ip 10.0.11.254
vrrp vrid 11 prio 110
dhcp select global
int vlanif 12
ip add 10.0.12.1 24
vrrp vrid 12 virtual-ip 10.0.12.254int vlanif 110
ip add 10.1.1.1 24ospf 1
ar 0
net 10.0.0.0 0.255.255.255
quser-interf con 0
idle-t 0 0
q
syst
sysn DSW2
vlan ba 11 12 110 120
int eth-trunk 1
port link-ty tr
port trunk all vlan all
int g0/0/1
eth-trunk 1
int g0/0/2
eth-trunk 1
int g0/0/3
port link-ty tr
port trunk all vlan all
int g0/0/4
port link-ty tr
port trunk all vlan all
int g0/0/10
port link-ty access
port default vlan 120
dhcp enable
ip pool vlan12
network 10.0.12.0 mask 255.255.255.0
gateway-list 10.0.12.254
dns-list 100.100.100.100
MSTP
stp enable
stp mode mstp
stp region-c
region-name yh
revision-l 1
instance 1 vlan 11
instance 2 vlan 12
active region-c
q
stp instance 1 prio 8192
stp instance 2 prio 4096int vlanif 11
ip add 10.0.11.2 24
vrrp vrid 11 virtual-ip 10.0.11.254
int vlanif 12
ip add 10.0.12.2 24
vrrp vrid 12 virtual-ip 10.0.12.254
vrrp vrid 12 prio 110
dhcp select globalint vlanif 120
ip add 10.1.2.1 24ospf 1
ar 0
net 10.0.0.0 0.255.255.255
quser-interf con 0
idle-t 0 0
q
CR1
syst
sysn CR1
int g0/0/0
ip add 10.1.1.2 24
int g0/0/1
ip add 10.2.1.2 24ospf 1
area 0
net 10.0.0.0 0.255.255.255
default-route-advertise type 1
quitip route-s 0.0.0.0 0 10.2.1.1
CR2
syst
sysn CR2
int g0/0/0
ip add 10.1.2.2 24
int g0/0/1
ip add 10.2.2.2 24ospf 1
area 0
net 10.0.0.0 0.255.255.255
default-route-advertise type 1
quitip route-s 0.0.0.0 0 10.2.2.1
syst
sys FW1
firewall zone untrust
add int g0/0/1
returnsyst
int g0/0/0
ip add 10.2.1.1 24
int g0/0/1
ip add 6.6.6.5 24
returnsys
policy interzone trust untrust outbound
policy 1
action permit
return
NAT
sys
nat address-group 1 6.6.6.5 6.6.6.5
nat-policy interzone trust untrust outbound
policy 1
action source-nat
address-group 1
returnsys
ospf 1
area 0
net 10.0.0.0 0.255.255.255ip route-s 0.0.0.0 0 6.6.6.6ip ttl-expires enable
ip unreachables enabledisplay firewall session table
syst
sys FW2
firewall zone untrust
add int g0/0/1
returnsyst
int g0/0/0
ip add 10.2.2.1 24
int g0/0/1
ip add 7.7.7.6 24
returnsys
policy interzone trust untrust outbound
policy 1
action permit
returnsys
nat address-group 1 7.7.7.6 7.7.7.6
nat-policy interzone trust untrust outbound
policy 1
action source-nat
address-group 1
returnsys
ospf 1
area 0
net 10.0.0.0 0.255.255.255ip route-s 0.0.0.0 0 7.7.7.7
ip ttl-expires enable
ip unreachables enabledisplay firewall session table
ISP1
syst
sysn ISP1
dhcp enable
int g0/0/0
ip add 5.0.13.1 24
int g0/0/1
ip add 6.6.6.6 24
dhcp select int
bgp 100
peer 5.0.13.3 as-number 300
network 6.6.6.0 255.255.255.0
return
ISP2
syst
sysn ISP2
dhcp enable
int g0/0/0
ip add 5.0.23.2 24
int g0/0/1
ip add 7.7.7.7 24
dhcp select int
bgp 200
peer 5.0.23.3 as-number 300
network 7.7.7.0 255.255.255.0
return
ISP3
syst
sysn ISP3
int g0/0/0
ip add 5.0.13.3 24
int g0/0/1
ip add 100.100.100.1 24
int g0/0/2
ip add 5.0.23.3 24
bgp 300
peer 5.0.13.1 as-number 100
peer 5.0.23.2 as-number 200
network 100.100.100.0 255.255.255.0
returndis ip int br
dis ip rout
1 条评论
哈哈哈,写的太好了https://www.lawjida.com/