IT视界1000人规模网络如何设计规划?千人规模网络设计实验。
原创
Eth-Trunk 链路捆绑配置:
int Eth-Trunk 1 mode lacp-static trunkport GigabitEthernet 0/0/1 to 0/0/2
int Eth-Trunk 2 mode lacp-static trunkport GigabitEthernet 0/0/2 to 0/0/3
int Eth-Trunk 2 mode lacp-static trunkport GigabitEthernet 0/0/1 to 0/0/2
VLAN Trunk 配置:
undo info en vlan batch 2 to 5 200 999
vlan 800 interface GigabitEthernet0/0/1 port link-type trunk port trunk allow-pass vlan 2 to 3 999 interface GigabitEthernet0/0/4 port link-type trunk port trunk allow-pass vlan 4 to 5 999 interface GigabitEthernet0/0/5 port link-type trunk port trunk allow-pass vlan 200 999 interface Eth-Trunk2 port link-type trunk port trunk allow-pass vlan 2 to 5 200 999 interface GigabitEthernet0/0/6 port link-type access port default vlan 800 int vlanif 800 ip add 192.168.12.2 24
vlan 801 interface GigabitEthernet0/0/3 port link-type trunk port trunk allow-pass vlan 2 to 3 999 interface GigabitEthernet0/0/4 port link-type trunk port trunk allow-pass vlan 4 to 5 999 interface GigabitEthernet0/0/5 port link-type trunk port trunk allow-pass vlan 200 999 interface Eth-Trunk2 port link-type trunk port trunk allow-pass vlan 2 to 5 200 999 interface GigabitEthernet0/0/6 port link-type access port default vlan 801 int vlanif 801 ip add 192.168.23.2 24
interface Ethernet0/0/1 port link-type trunk port trunk allow-pass vlan 2 999 interface Ethernet0/0/2 port link-type access port default vlan 2
interface Ethernet0/0/2 port link-type trunk port trunk allow-pass vlan 2 999 interface Eth-Trunk1 port link-type trunk port trunk allow-pass vlan 3 999 interface Ethernet0/0/1 port link-type trunk port trunk allow-pass vlan 2 to 3 999 interface Ethernet0/0/4 port link-type trunk port trunk allow-pass vlan 2 to 3 999
interface Eth-Trunk1 port link-type trunk port trunk allow-pass vlan 3 999 mode lacp-static interface Ethernet0/0/3 port link-type access port default vlan 3
interface Ethernet0/0/1 port link-type trunk port trunk allow-pass vlan 4 to 5 999 interface Ethernet0/0/2 port link-type access p d v 4 interface Ethernet0/0/3 port link-type access p d v 5
interface Ethernet0/0/1 port link-type trunk port trunk allow-pass vlan 4 to 5 999 interface Ethernet0/0/2 port link-type trunk port trunk allow-pass vlan 4 to 5 999 interface Ethernet0/0/3 port link-type trunk port trunk allow-pass vlan 4 to 5 999
interface Ethernet0/0/1 port link-type trunk port trunk allow-pass vlan 200 999 interface Ethernet0/0/2 port link-type trunk port trunk allow-pass vlan 200 999 interface Ethernet0/0/3 port link-type access port default vlan 200 interface Ethernet0/0/4 port link-type access port default vlan 200
MSTP+VRRP配置:
###MSTP仅配置汇聚核心,sw1、2、3、4、8
stp region-configuration region-name mstpregion revision-level 1 instance 1 vlan 2 to 3 200 instance 2 vlan 4 to 5 active region-configuration
stp instance 1 root primary stp instance 2 root secondary
stp instance 2 root primary stp instance 1 root secondary
VRRP配置:
interface Vlanif2 ip address 192.168.2.254 255.255.255.0 vrrp vrid 2 virtual-ip 192.168.2.1 vrrp vrid 2 priority 105 interface Vlanif3 ip address 192.168.3.254 255.255.255.0 vrrp vrid 3 virtual-ip 192.168.3.1 vrrp vrid 3 priority 105 interface Vlanif200 ip address 192.168.200.254 255.255.255.0 vrrp vrid 200 virtual-ip 192.168.200.1 vrrp vrid 200 priority 105 interface Vlanif4 ip address 192.168.4.254 255.255.255.0 vrrp vrid 4 virtual-ip 192.168.4.1 interface Vlanif5 ip address 192.168.5.254 255.255.255.0 vrrp vrid 5 virtual-ip 192.168.5.1
interface Vlanif2 ip address 192.168.2.253 255.255.255.0 vrrp vrid 2 virtual-ip 192.168.2.1 interface Vlanif3 ip address 192.168.3.253 255.255.255.0 vrrp vrid 3 virtual-ip 192.168.3.1 interface Vlanif200 ip address 192.168.200.253 255.255.255.0 vrrp vrid 200 virtual-ip 192.168.200.1 interface Vlanif4 ip address 192.168.4.253 255.255.255.0 vrrp vrid 4 virtual-ip 192.168.4.1 vrrp vrid 4 priority 105 interface Vlanif5 ip address 192.168.5.253 255.255.255.0 vrrp vrid 5 virtual-ip 192.168.5.1 vrrp vrid 5 priority 105
BFD配置:
bfd toar bind peer-ip 192.168.12.1 source-ip 192.168.12.2 auto commit interface Vlanif2 vrrp vrid 2 track interface GigabitEthernet0/0/1 vrrp vrid 2 track bfd-session session-name toar interface Vlanif3 vrrp vrid 3 track interface GigabitEthernet0/0/1 vrrp vrid 3 track bfd-session session-name toar interface Vlanif200 vrrp vrid 200 track interface GigabitEthernet0/0/5 vrrp vrid 200 track bfd-session session-name toar
bfd tar bind peer-ip 192.168.23.1 source-ip 192.168.23.2 auto commit interface Vlanif4 vrrp vrid 4 track interface GigabitEthernet0/0/4 vrrp vrid 4 track bfd-session session-name tar interface Vlanif5 vrrp vrid 5 track interface GigabitEthernet0/0/4 vrrp vrid 5 track bfd-session session-name tar
bfd tar bind peer-ip 192.168.23.2 source-ip 192.168.23.1 auto commit bfd toar bind peer-ip 192.168.12.2 source-ip 192.168.12.1 auto commit
OSPF配置:
ospf 1 area 0.0.0.0 network 192.168.2.0 0.0.0.255 network 192.168.3.0 0.0.0.255 network 192.168.4.0 0.0.0.255 network 192.168.5.0 0.0.0.255 network 192.168.200.0 0.0.0.255 network 192.168.12.0 0.0.0.255
ospf 1 area 0.0.0.0 network 192.168.2.0 0.0.0.255 network 192.168.3.0 0.0.0.255 network 192.168.4.0 0.0.0.255 network 192.168.5.0 0.0.0.255 network 192.168.200.0 0.0.0.255 network 192.168.23.0 0.0.0.255
ospf 1 area 0.0.0.0 network 14.1.1.0 0.0.0.255 network 192.168.12.0 0.0.0.255 network 192.168.23.0 0.0.0.255
ospf 1 area 0.0.0.0 network 14.1.1.0 0.0.0.255 network 192.168.100.0 0.0.0.255
OSPF优化-确保来回路径一致:
interface Vlanif4 ospf cost 4 interface Vlanif5 ospf cost 4
interface Vlanif2 ospf cost 4 interface Vlanif3 ospf cost 4 interface Vlanif200 ospf cost 4
公网区域RIP模拟公网路由:
电信: rip 1 version 2 network 12.0.0.0 network 25.0.0.0 联通: rip 1 version 2 network 13.0.0.0 network 35.0.0.0 百度: rip 1 version 2 network 25.0.0.0 network 35.0.0.0 network 5.0.0.0
NAT配置:
ip route-static 0.0.0.0 0.0.0.0 192.168.12.1 ip route-static 0.0.0.0 0.0.0.0 192.168.23.1 preference 65
ip route-static 0.0.0.0 0.0.0.0 192.168.23.1 ip route-static 0.0.0.0 0.0.0.0 192.168.12.1 preference 65
acl number 2000 rule 5 permit source 192.168.0.0 0.0.255.255 ip route-static 0.0.0.0 0.0.0.0 13.1.1.2 interface GigabitEthernet1/0/0 ip address 13.1.1.1 255.255.255.0 nat outbound 2000
DHCP及中继配置:
dhcp enable int e0/0/0 ip add 192.168.200.3 24 ip route-static 0.0.0.0 0 192.168.200.1 #配置DHCP服务器网关 ip pool vlan2 gateway-list 192.168.2.1 network 192.168.2.0 mask 255.255.255.0 excluded-ip-address 192.168.2.250 192.168.2.254 dns-list 114.114.114.114 ip pool vlan3 gateway-list 192.168.3.1 network 192.168.3.0 mask 255.255.255.0 excluded-ip-address 192.168.3.250 192.168.3.254 dns-list 114.114.114.114 ip pool vlan4 gateway-list 192.168.4.1 network 192.168.4.0 mask 255.255.255.0 excluded-ip-address 192.168.4.250 192.168.4.254 dns-list 114.114.114.114 ip pool vlan5 gateway-list 192.168.5.1 network 192.168.5.0 mask 255.255.255.0 excluded-ip-address 192.168.5.250 192.168.5.254 dns-list 114.114.114.114 int e0/0/0 dhcp select global
dhcp enable int vlanif 2 dhcp select relay dhcp relay server-ip 192.168.200.3 int vlanif 3 dhcp select relay dhcp relay server-ip 192.168.200.3 int vlanif 4 dhcp select relay dhcp relay server-ip 192.168.200.3 int vlanif 5 dhcp select relay dhcp relay server-ip 192.168.200.3
DHCP安全配置:
dhcp enable dhcp snooping enable interface Ethernet0/0/1 dhcp snooping trusted
dhcp enable dhcp snooping enable int Eth-Trunk 1 dhcp snooping trusted
dhcp enable dhcp snooping enable interface Ethernet0/0/1 dhcp snooping trusted
PPPOE配置:
acl number 2005 rule 5 permit source 192.168.0.0 0.0.255.255 interface Dialer1 link-protocol ppp ppp pap local-user 0531 password cipher %$%$F0CXEMN-aSgq}n6i(iG/,+R+%$%$ mtu 1492 ip address ppp-negotiate dialer user 0531 dialer bundle 10 nat outbound 2005 interface GigabitEthernet0/0/2 pppoe-client dial-bundle-number 10 ip route-static 0.0.0.0 0.0.0.0 Dialer1 preference 85
ip pool pool1
gateway-list 12.1.1.2
network 12.1.1.0 mask 255.255.255.0
aaa
local-user 0531 password cipher %$%$n{G<=dwS;DbEYe"_8x$WCT}s%$%$
local-user 0531 service-type ppp
interface Virtual-Template1
ppp authentication-mode pap
remote address pool pool1
ip address 12.1.1.2 255.255.255.0
interface GigabitEthernet0/0/0
pppoe-server bind Virtual-Template 1相关文章
豫公网安备41012202000391号