用ensp模擬組建企業網路
步驟一:配置vlan
1.選用5臺pc機模擬伺服器叢集,在此基礎上選用5臺s3700交換機,啟動。
2.用vlan對不同的pc進行劃分,進入交換機機命令列,先關閉日誌提示,再依次對每臺交換機都建立vlan10、vlan20、vlan30、vlan40
3.為了方便操作用sysname把每臺交換機由左到右改裝置名為sw1、sw2、sw3、sw4
步驟二:把終端加入對應的vlan
[sw1]in e0/0/1
[sw1-Ethernet0/0/1]port link-type access //配置為接入鏈路
[sw1-Ethernet0/0/1]port default vlan 10 //將1口加入vlan10
[sw2]in e0/0/1
[sw2-Ethernet0/0/1]port link-type access
[sw2-Ethernet0/0/1]port default vlan 20 //將1口加入vlan20
[sw3]in e0/0/1
[sw3-Ethernet0/0/1]port link-type access
[sw3-Ethernet0/0/1]port default vlan 30 //將1口加入vlan30
[sw4]in e0/0/1
[sw4-Ethernet0/0/1]port link-type access
[sw4-Ethernet0/0/1]port default vlan 40 //將1口加入vlan40
[sw4-Ethernet0/0/1]in e0/0/2
[sw4-Ethernet0/0/2]port link-type access
[sw4-Ethernet0/0/2]port default vlan 40 //將2口也加入vlan40
(可用displayvlan進行檢視是否將對應的埠都加入相應的vlan中,如果配置錯誤可用clearconfiguration 埠號,然後進入其埠用undoshudown重啟埠)
2.對所有的交換機的gbit0/0/1 0/0/2口配置中繼鏈路
[sw1-Ethernet0/0/1]in g0/0/1 //常規手段一個一個介面配置
[sw1-GigabitEthernet0/0/1]port link-type trunk //配置中繼鏈路
[sw1-GigabitEthernet0/0/1]port trunk allow-pass vlan all //放行所有
[sw1-GigabitEthernet0/0/1]in g0/0/2
[sw1-GigabitEthernet0/0/2]port link-type trunk
[sw1-GigabitEthernet0/0/2]port trunk allow-pass vlan all
[sw2]port-group 1 //或者使用介面組,建立1號介面組
[sw2-port-group-1]group-member GigabitEthernet 0/0/1
GigabitEthernet 0/0/2 //加成員是g1口與g2口
[sw2-port-group-1]port link-type trunk //也同樣配置為中繼鏈路
[sw2-port-group-1]port trunk allow-pass vlan all //放行所有
[sw3]port-group 1
[sw3-port-group-1]group-member GigabitEthernet 0/0/1 GigabitEthernet 0/0/2
[sw3-port-group-1]port link-type trunk
[sw3-port-group-1]port trunk allow-pass vlan all
[sw4]port-group 1
[sw4-port-group-1]group-member GigabitEthernet 0/0/1 GigabitEthernet 0/0/2
[sw4-port-group-1]port link-type trunk
[sw4-port-group-1]port trunk allow-pass vlan all
步驟三:新增兩臺s5700交換機,分別修改名稱為sw5與sw6
1,
[Huawei]sysname sw5 //分別修改主機名
[sw5]undo info-center enable //關閉日誌
2,
[sw5]vlan batch 10 20 30 40 //批量建立4個vlan
[sw6]vlan batch 10 20 30 40
步驟四:為兩臺s5700連線了s3700的介面配置中繼鏈路,
1,配置兩臺s5700的中繼鏈路
[sw5]port-group 1 //由於需要配置g1~g4口,這裡使用介面組
[sw5-port-group-1]group-member GigabitEthernet 0/0/1 to GigabitEthernet 0/0/4 //加g1~g4介面
[sw5-port-group-1]port link-type trunk //配置為中繼鏈路
[sw5-port-group-1]port trunk allow-pass vlan all //放行所有
[sw6]port-group 1 //另外一臺也是相同配置
[sw6-port-group-1]group-member GigabitEthernet 0/0/1 to GigabitEthernet 0/0/4
[sw6-port-group-1]port link-type trunk
[sw6-port-group-1]port trunk allow-pass vlan all
2,將每臺s5700的5口和6口捆綁成鏈路聚合,並配置中繼鏈路
[sw5]interface Eth-Trunk 1 //建立(進入)鏈路聚合介面
[sw5-Eth-Trunk1]trunkport GigabitEthernet 0/0/5 0/0/6 //捆綁5口
與6口
[sw5-Eth-Trunk1]port link-type trunk //配置成中繼鏈路
[sw5-Eth-Trunk1]port trunk allow-pass vlan all //放行所有
[sw6]interface Eth-Trunk 1 //sw6的配置一樣
[sw6-Eth-Trunk1]trunkport GigabitEthernet 0/0/5 0/0/6
[sw6-Eth-Trunk1]port link-type trunk
[sw6-Eth-Trunk1]port trunk allow-pass vlan all
步驟五:為s5700配置ip地址
Sw5
Vlan10 192.168.10.252
Vlan20 192.168.20.252
Vlan30 192.168.30.252
Vlan40 192.168.40.252
Sw6
Vlan10 192.168.10.253
Vlan20 192.168.20.253
Vlan30 192.168.30.253
Vlan40 192.168.40.253
1,s5700的vlan配置不同ip
[sw5]in vlan 10
[sw5-Vlanif10]ip add 192.168.10.252 24
[sw5-Vlanif10]in vlan 20
[sw5-Vlanif20]ip add 192.168.20.252 24
[sw5-Vlanif20]in vlan 30
[sw5-Vlanif30]ip add 192.168.30.252 24
[sw5-Vlanif30]in vlan 40
[sw5-Vlanif40]ip add 192.168.40.252 24
[sw6]in vlan 10
[sw6-Vlanif10]ip add 192.168.10.253 24
[sw6-Vlanif10]in vlan 20
[sw6-Vlanif20]ip add 192.168.20.253 24
[sw6-Vlanif20]in vlan 30
[sw6-Vlanif30]ip add 192.168.30.253 24
[sw6-Vlanif30]in vlan 40
[sw6-Vlanif40]ip add 192.168.40.253 24
依次為pc配置好ip
Pc1 192.168.10.1
Pc2 192.168.20.1
Pc3 192.168.30.1
Pc4 192.168.40.1
Pc5 192.168.40.2
(然後檢測同網段間是否可以互通,如果不通,檢查:
1,ip地址
2,是否所有交換機建立所有vlan
3,pc連線交換機介面的鏈路是否加入到對應vlan,交換
機與交換機之間的鏈路是否為trunk)
步驟六:配置vrrp
Sw5 vlan10、vlan20 主 vlan30、vlan40 備
Sw6 vlan10、vlan20 備 vlan30、vlan40 主
[sw5]in vlan 10 //進入vlan10介面
[sw5-Vlanif10]vrrp vrid 10 virtual-ip 192.168.10.254 //開啟vrrp
並配置虛擬路由器ip是10.254
[sw5-Vlanif10]vrrp vrid 10 priority 105 //修改優先順序為105
[sw5-Vlanif10]in vlan 20
[sw5-Vlanif20]vrrp vrid 20 virtual-ip 192.168.20.254
[sw5-Vlanif20]vrrp vrid 20 priority 105
[sw5-Vlanif20]in vlan 30
[sw5-Vlanif30]vrrp vrid 30 virtual-ip 192.168.30.254
[sw5-Vlanif30]in vlan 40
[sw5-Vlanif40]vrrp vrid 40 virtual-ip 192.168.40.254
[sw6]in vlan 10
[sw6-Vlanif10]vrrp vrid 10 virtual-ip 192.168.10.254
[sw6-Vlanif10]in vlan 20
[sw6-Vlanif20]vrrp vrid 20 virtual-ip 192.168.20.254
[sw6-Vlanif20]in vlan 30
[sw6-Vlanif30]vrrp vrid 30 virtual-ip 192.168.30.254
[sw6-Vlanif30]vrrp vrid 30 priority 105 //sw6要成為vlan30的主,所以
要修改優先順序
[sw6-Vlanif30]in vlan 40
[sw6-Vlanif40]vrrp vrid 40 virtual-ip 192.168.40.254
[sw6-Vlanif40]vrrp vrid 40 priority 105 //sw6要成為vlan40的主,所以
要修改優先順序
<sw5>display vrrp brief //vrrp配置好之後檢查每臺三層交換機應該是
兩主兩備的狀態
將所有pc的閘道器按照所在vlan配置好對應的虛擬路由器的ip,並測試全網互通效果
步驟七:新增兩臺ar2220路由器
1,
[Huawei]sysname r1 //改名
[r1]in g0/0/0 //進入0介面
[r1-GigabitEthernet0/0/0]ip add 192.168.50.1 24 //配置ip
[sw5]vlan 50 //建立vlan50
[sw5-vlan50]in vlan 50 //進入vlan50
[sw5-Vlanif50]ip add 192.168.50.2 24 //配置ip
[sw5-Vlanif50]in g0/0/7 //進入7口
[sw5-GigabitEthernet0/0/7]port link-type access
[sw5-GigabitEthernet0/0/7]port default vlan 50 //加入vlan50
[r1]in g0/0/1//進入1介面
[r1-GigabitEthernet0/0/1]ip add 192.168.60.1 24 //配置ip
[sw6]vlan 60 //建立vlan60
[sw6-vlan60]in vlan 60 //進入vlan60
[sw6-Vlanif60]ip add 192.168.60.2 24 //配置ip
[sw6-Vlanif60]in g0/0/7 //進入7口
[sw6-GigabitEthernet0/0/7]port link-type access
[sw6-GigabitEthernet0/0/7]port default vlan 60 //加入vlan60
其他ip按上圖配置,此處省略
步驟八:在所有路由器以及s5700配置動態路由
1,
[sw5]ospf //開啟動態路由協議ospf
[sw5-ospf-1]area 0 //進入區域0
[sw5-ospf-1-area-0.0.0.0]network 192.168.10.0 0.0.0.255 //宣告
直連網段
[sw5-ospf-1-area-0.0.0.0]network 192.168.20.0 0.0.0.255
[sw5-ospf-1-area-0.0.0.0]network 192.168.30.0 0.0.0.255
[sw5-ospf-1-area-0.0.0.0]network 192.168.40.0 0.0.0.255
[sw5-ospf-1-area-0.0.0.0]network 192.168.50.0 0.0.0.255
[sw5-ospf-1-area-0.0.0.0]network 192.168.70.0 0.0.0.255
[sw6]ospf
[sw6-ospf-1]area 0
[sw6-ospf-1-area-0.0.0.0]network 192.168.10.0 0.0.0.255
[sw6-ospf-1-area-0.0.0.0]network 192.168.20.0 0.0.0.255
[sw6-ospf-1-area-0.0.0.0]network 192.168.30.0 0.0.0.255
[sw6-ospf-1-area-0.0.0.0]network 192.168.40.0 0.0.0.255
[sw6-ospf-1-area-0.0.0.0]network 192.168.60.0 0.0.0.255
[sw6-ospf-1-area-0.0.0.0]network 192.168.80.0 0.0.0.255
[r1]ospf //然後在兩臺路由器上也配置ospf
[r1-ospf-1]area 0
[r1-ospf-1-area-0.0.0.0]network 192.168.50.0 0.0.0.255
[r1-ospf-1-area-0.0.0.0]network 192.168.60.0 0.0.0.255
[r2]ospf
[r2-ospf-1]area 0
[r2-ospf-1-area-0.0.0.0]network 192.168.70.0 0.0.0.255
[r2-ospf-1-area-0.0.0.0]network 192.168.80.0 0.0.0.255
然後測試全網互通的效果
dis ip routing-table | include /24//檢查路由表
步驟九:最上端新增s3700一臺充當外部網路裝置,並配置三個外網ip
1,
[Huawei]in vlan 1
[Huawei-Vlanif1]ip add 100.0.0.10 8
兩臺路由器的g0/0/2口也按圖配置ip,配置步驟此處省略。
步驟十:配置nat
1,
[r1]acl 2000 //建立acl
[r1-acl-basic-2000]rule permit source any //建立規則,放行所有
[r1-acl-basic-2000]in g0/0/2 //進入外網介面
[r1-GigabitEthernet0/0/2]nat outbound 2000 //開啟nat
[r2]acl 2000 //第二臺路由器配置一樣的內容
[r2-acl-basic-2000]rule permit source any
[r2-acl-basic-2000]in g0/0/2
[r2-GigabitEthernet0/0/2]nat outbound 2000
步驟十一:配置預設路由
預設路由,是特殊的靜態路由,可以匹配任意網段,專門用來從內部網路訪問外部的海量網段時使用
1.
[r1]ip route-static 0.0.0.0 0 100.0.0.10 //路由器配置預設路由,可以訪問
任意網路(主要用來匹配海量外網網段)
[r1]ospf
[r1-ospf-1]default-route-advertise //釋出預設路由,相當於宣告,然後
下面的三層交換就就可以學習到該預設路由
[r2]ip route-static 0.0.0.0 0 100.0.0.10 //另外一臺路由器配置相同
[r2]ospf
[r2-ospf-1]default-route-advertise //釋出預設路由
到此為止已經完成所以的配置了