CCNA企業網綜合項目實戰
剛剛學完CCNA的小夥伴們,是否是已經火燒眉毛的想動手大幹一場了吶?服務器
吶,花花送給大家。dom
拓撲以下:ide
業務簡介:oop
總部測試
交換機使用標準生成樹協議ui
SW1爲10.1.100.0/24和10.1.200.0/24網段的根,SW2爲備份根this
SW2爲10.1.101.0/24網段的根,SW1爲備份根spa
在鏈接終端的接口部署portfast特性;代理
劃分四個vlan,爲兩個部門、一個服務集羣、以及一個SVI接口服務;orm
其中SW1爲 VTP Server,其它兩臺爲 Client,VTP域名爲QCNA,密碼爲 qytang.com;
兩臺核心交換機經過二層以太通道相連,使用HSRP爲下聯業務網段提供透明的網關冗餘服務;
兩臺核心交換機使用 SVI 接口作三層互聯,與網關路由器(R1)使用物理接口作三層互聯;
網關路由器爲DHCP服務器,核心交換機爲DHCP中繼代理,使用DHCP爲Server1指派固定IP地址10.1.200.100/24;
核心交換機和網關路由器之間使用OSPF做爲動態路由協議,建立環回口(10.1.255.X/32)作爲OSPF的router-id,並由網關路由器對內下發默認路由;
網關路由器使用S1/0與運營商專線相連,使用用戶名HQ和密碼cisco與ISP作CHAP認證;
網關路由器使用e0/0接口與ISP作專線互聯,部署PPPoE,使用用戶名HQ和密碼cisco與ISP作CHAP認證;
網關路由器作NAT,爲私網主機提供互聯網訪問服務;
在兩個鏈接互聯網的接口上部署浮動靜態路由,主要走PPPoE鏈路;
分支
交換機使用標準生成樹協議,在鏈接終端的接口部署portfast特性;
劃分兩個vlan,爲兩個部門服務;
網關路由器作單臂路由,爲兩個部門服務;
網關路由器作NAT,爲私網主機提供互聯網訪問服務;
使用專線與ISP鏈接;
整體規劃
總部和分支之間使用GRE隧道技術創建簡單的×××,並可以根據浮動靜態路由實現冗餘(作兩個隧道);
容許總部的10.1.100.0/24網段經過×××訪問 Server 2;
禁止總部的10.1.101.0/24網段經過×××訪問 Server 2;
容許分支的10.2.100.0/24網段經過×××訪問Server 1 的Web業務;
禁止分支的10.2.100.0/24網段經過×××訪問Server 1 的全部其它業務;
總部和分支的網關路由器經過GRE隧道作OSPF動態路由協議;
實戰部署:
配置總部交換機的trunk
SW1(config)#interface range e0/3,e1/2-3
SW1(config-if-range)#switchport trunk encapsulation dot1q
SW1(config-if-range)#switchport mode trunk
SW2(config)#interface range e1/0,e1/2-3
SW2(config-if-range)# switchport trunk encapsulation dot1q
SW2(config-if-range)# switchport mode trunk
SW3(config)#interface range e0/3,e1/0
SW3(config-if-range)# switchport trunk encapsulation dot1q
SW3(config-if-range)# switchport mode trunk
配置總部交換機的以太通道
SW1(config)#interface range e1/2-3
SW1(config-if-range)#shutdown
SW2(config)#interface range e1/2-3
SW2(config-if-range)#shutdown
SW1(config-if-range)#channel-group 12 mode on
Creating a port-channel interface Port-channel 12
SW2(config-if-range)#channel-group 12 mode on
Creating a port-channel interface Port-channel 12
SW1(config-if-range)#no shutdown
SW2(config-if-range)#no shutdown
驗證: SW1\SW2\SW3
SW1#show interfaces trunk
Port Mode Encapsulation Status Native vlan
Et0/3 on 802.1q trunking 1
Po12 on 802.1q trunking 1
Port Vlans allowed on trunk
Et0/3 1-4094
Po12 1-4094
Port Vlans allowed and active in management domain
Et0/3 1
Po12 1
Port Vlans in spanning tree forwarding state and not pruned
Et0/3 1
Po12 1
SW1#show etherchannel summary
Flags: D - down P - bundled in port-channel
I - stand-alone s - suspended
H - Hot-standby (LACP only)
R - Layer3 S - Layer2
U - in use N - not in use, no aggregation
f - failed to allocate aggregator
M - not in use, minimum links not met
m - not in use, port not aggregated due to minimum links not met
u - unsuitable for bundling
w - waiting to be aggregated
d - default port
A - formed by Auto LAG
Number of channel-groups in use: 1
Number of aggregators: 1
Group Port-channel Protocol Ports
------+-------------+-----------+-----------------------------------------------
12 Po12(SU) - Et1/2(P) Et1/3(P)
配置總部交換機的VTP
SW1(config)#vtp mode server
Device mode already VTP Server for VLANS.
SW1(config)#vtp password qytang.com
Setting device VTP password to qytang.com
SW1(config)#vtp domain QCNA
Changing VTP domain name from NULL to QCNA
*Oct 22 07:23:21.865: %SW_VLAN-6-VTP_DOMAIN_NAME_CHG: VTP domain name changed to QCNA.
SW2(config)#vtp mode client
Setting device to VTP Client mode for VLANS.
SW2(config)#vtp password qytang.com
Setting device VTP password to qytang.com
SW3(config)#vtp mode client
Setting device to VTP Client mode for VLANS.
SW3(config)#vtp password qytang.com
Setting device VTP password to qytang.com
配置VLAN:
SW1(config)#vlan 100
SW1(config-vlan)#vlan 101
SW1(config-vlan)#vlan 200
SW1(config-vlan)#vlan 12
// 其中:vlan 100服務於 10.1.100.0/24網段;vlan101服務於 10.1.101.0/24網段;vlan200服務於 10.1.200.0/24網段;vlan12服務於SW1和SW2之間互聯;//
驗證:
SW1#show vtp status
VTP Version capable : 1 to 3
VTP version running : 1
VTP Domain Name : QCNA
VTP Pruning Mode : Disabled
VTP Traps Generation : Disabled
Device ID : aabb.cc80.4000
Configuration last modified by 0.0.0.0 at 10-22-18 07:33:56
Local updater ID is 0.0.0.0 (no valid interface found)
Feature VLAN:
--------------
VTP Operating Mode : Server
Maximum VLANs supported locally : 1005
Number of existing VLANs : 9
Configuration Revision : 4
MD5 digest : 0x21 0x09 0xA2 0xA4 0xEF 0xEE 0xBF 0xFE
0xE0 0xC8 0xA3 0x0A 0x5B 0x83 0x28 0xE1
SW2#show vtp status
VTP Version capable : 1 to 3
VTP version running : 1
VTP Domain Name : QCNA
VTP Pruning Mode : Disabled
VTP Traps Generation : Disabled
Device ID : aabb.cc80.5000
Configuration last modified by 0.0.0.0 at 10-22-18 07:33:56
Feature VLAN:
--------------
VTP Operating Mode : Client
Maximum VLANs supported locally : 1005
Number of existing VLANs : 9
Configuration Revision : 4
MD5 digest : 0x21 0x09 0xA2 0xA4 0xEF 0xEE 0xBF 0xFE
0xE0 0xC8 0xA3 0x0A 0x5B 0x83 0x28 0xE1
SW3#show vtp status
VTP Version capable : 1 to 3
VTP version running : 1
VTP Domain Name : QCNA
VTP Pruning Mode : Disabled
VTP Traps Generation : Disabled
Device ID : aabb.cc80.6000
Configuration last modified by 0.0.0.0 at 10-22-18 07:33:56
Feature VLAN:
--------------
VTP Operating Mode : Client
Maximum VLANs supported locally : 1005
Number of existing VLANs : 9
Configuration Revision : 4
MD5 digest : 0x21 0x09 0xA2 0xA4 0xEF 0xEE 0xBF 0xFE
0xE0 0xC8 0xA3 0x0A 0x5B 0x83 0x28 0xE1
配置生成樹:
SW1(config)#spanning-tree vlan 100,200 priority 0
SW1(config)#spanning-tree vlan 101 priority 4096
SW2(config)#spanning-tree vlan 100,200 priority 4096
SW2(config)#spanning-tree vlan 101 priority 0
SW1(config)#spanning-tree portfast default
%Warning: this command enables portfast by default on all interfaces. You
should now disable portfast explicitly on switched ports leading to hubs,
switches and bridges as they may create temporary bridging loops.
SW2(config)#spanning-tree portfast default
%Warning: this command enables portfast by default on all interfaces. You
should now disable portfast explicitly on switched ports leading to hubs,
switches and bridges as they may create temporary bridging loops.
SW3(config)#spanning-tree portfast default
%Warning: this command enables portfast by default on all interfaces. You
should now disable portfast explicitly on switched ports leading to hubs,
switches and bridges as they may create temporary bridging loops.
將接口指派到VLAN:
將PC一、PC二、Server1的e0/0接口開啓,在交換機上經過CDP發現終端所鏈接的接口;
SW3#show cdp neighbors //在接入交換機上查看CDP鄰居信息,並根據內容將接口指派到VLAN
Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge
S - Switch, H - Host, I - IGMP, r - Repeater, P - Phone,
D - Remote, C - CVTA, M - Two-port Mac Relay
Device ID Local Intrfce Holdtme Capability Platform Port ID
Server1 Eth 0/2 135 R Linux Uni Eth 0/0
PC2 Eth 0/1 173 R Linux Uni Eth 0/0
PC1 Eth 0/0 158 R Linux Uni Eth 0/0
SW1 Eth 0/3 169 R S I Linux Uni Eth 0/3
SW2 Eth 1/0 154 R S I Linux Uni Eth 1/0
Total cdp entries displayed : 5
SW3(config)#interface range e0/0-2
SW3(config-if-range)#switchport mode access
SW3(config-if-range)#interface e0/0
SW3(config-if)#switchport access vlan 100
SW3(config-if)#interface e0/1
SW3(config-if)#switchport access vlan 101
SW3(config-if)#interface e0/2
SW3(config-if)#switchport access vlan 200
驗證:
SW3#show vlan brief
VLAN Name Status Ports
---- -------------------------------- --------- -------------------------------
1 default active Et1/1, Et1/2, Et1/3
12 VLAN0012 active
100 VLAN0100 active Et0/0
101 VLAN0101 active Et0/1
200 VLAN0200 active Et0/2
1002 fddi-default act/unsup
1003 token-ring-default act/unsup
1004 fddinet-default act/unsup
1005 trnet-default act/unsup
配置核心交換機之間互聯
SW1(config)#interface vlan 12
SW1(config-if)#ip address 10.1.112.1 255.255.255.0
SW1(config-if)#no shutdown
SW2(config)#interface vlan 12
SW2(config-if)#ip address 10.1.112.2 255.255.255.0
SW2(config-if)#no shutdown
驗證與測試:
SW2#show ip interface brief vlan12
Interface IP-Address OK? Method Status Protocol
Vlan12 10.1.112.2 YES manual up up
SW2#ping 10.1.112.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.1.112.1, timeout is 2 seconds:
.!!!!
Success rate is 80 percent (4/5), round-trip min/avg/max = 1/1/1 ms
配置核心交換機與網關路由器的互聯:
R1(config)#interface e0/1
R1(config-if)#ip address 10.1.11.1 255.255.255.0
R1(config-if)#no shutdown
R1(config-if)#interface e0/2
R1(config-if)#ip address 10.1.12.1 255.255.255.0
R1(config-if)#no shutdown
SW1(config)#interface e0/1
SW1(config-if)#no switchport
SW1(config-if)#ip address 10.1.11.2 255.255.255.0
SW2(config)#interface e0/2
SW2(config-if)#no switchport
SW2(config-if)#ip address 10.1.12.2 255.255.255.0
測試:
R1#ping 10.1.11.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.1.11.2, timeout is 2 seconds:
.!!!!
Success rate is 80 percent (4/5), round-trip min/avg/max = 1/1/2 ms
R1#ping 10.1.12.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.1.12.2, timeout is 2 seconds:
.!!!!
Success rate is 80 percent (4/5), round-trip min/avg/max = 1/1/1 ms
在覈心交換機上建立SVI接口爲業務網段服務:
SW1(config-if)#interface vlan 100
SW1(config-if)#ip address 10.1.100.252 255.255.255.0
SW1(config-if)#no shutdown
SW1(config-if)#interface vlan 101
SW1(config-if)#ip address 10.1.101.252 255.255.255.0
SW1(config-if)#no shutdown
SW1(config-if)#interface vlan 200
SW1(config-if)#ip address 10.1.200.252 255.255.255.0
SW1(config-if)#no shutdown
SW2(config-if)#interface vlan 100
SW2(config-if)#ip address 10.1.100.253 255.255.255.0
SW2(config-if)#no shutdown
SW2(config-if)#interface vlan 101
SW2(config-if)#ip address 10.1.101.253 255.255.255.0
SW2(config-if)#no shutdown
SW2(config-if)#interface vlan 200
SW2(config-if)#ip address 10.1.200.253 255.255.255.0
SW2(config-if)#no shutdown
驗證:
SW1#show ip interface brief | include Vlan
Vlan12 10.1.112.1 YES manual up up
Vlan100 10.1.100.252 YES manual up up
Vlan101 10.1.101.252 YES manual up up
Vlan200 10.1.200.252 YES manual up up
SW2#show ip interface brief | include Vlan
Vlan12 10.1.112.2 YES manual up up
Vlan100 10.1.100.253 YES manual up up
Vlan101 10.1.101.253 YES manual up up
Vlan200 10.1.200.253 YES manual up up
配置總部的動態路由協議OSPF
R1(config)#interface loopback 0
R1(config-if)#ip address 10.1.255.1 255.255.255.255
R1(config-if)#ip ospf 110 area 0
R1(config)#interface e0/1
R1(config-if)#ip ospf 110 area 0
R1(config-if)#interface e0/2
R1(config-if)#ip ospf 110 area 0
R1(config)#router ospf 110
R1(config-router)#default-information originate //此命令的驗證現象須要作完互聯網接入纔有效果//
SW1(config)#interface loopback 0
SW1(config-if)#ip address 10.1.255.11 255.255.255.255
SW1(config-if)#interface e0/1
SW1(config-if)#ip ospf 110 area 0
SW1(config-if)#interface vlan 12
SW1(config-if)#ip ospf 110 area 0
SW1(config-if)#interface vlan 100
SW1(config-if)#ip ospf 110 area 0
SW1(config-if)#interface vlan 101
SW1(config-if)#ip ospf 110 area 0
SW1(config-if)#interface vlan 200
SW1(config-if)#ip ospf 110 area 0
SW2(config)#interface loopback 0
SW2(config-if)#ip address 10.1.255.22 255.255.255.255
SW2(config-if)#interface e0/2
SW2(config-if)#ip ospf 110 area 0
SW2(config-if)#interface vlan 100
SW2(config-if)#ip ospf 110 area 0
SW2(config-if)#interface vlan 101
SW2(config-if)#ip ospf 110 area 0
SW2(config-if)#ip ospf 110 area 0
SW2(config-if)#interface vlan 200
SW2(config-if)#ip ospf 110 area 0
SW2(config-if)#interface vlan 12
SW2(config-if)#ip ospf 110 area 0
SW1(config)#router ospf 110
SW1(config-router)#passive-interface vlan 100
SW1(config-router)#passive-interface vlan 101
SW1(config-router)#passive-interface vlan 200
SW2(config)#router ospf 110
SW2(config-router)#passive-interface vlan 100
SW2(config-router)#passive-interface vlan 101
SW2(config-router)#passive-interface vlan 200
驗證:
R1#show ip ospf neighbor
Neighbor ID Pri State Dead Time Address Interface
10.1.255.22 1 FULL/DR 00:00:38 10.1.12.2 Ethernet0/2
10.1.255.11 1 FULL/DR 00:00:37 10.1.11.2 Ethernet0/1
R1#show ip route ospf | begin Gateway
Gateway of last resort is not set
10.0.0.0/8 is variably subnetted, 9 subnets, 2 masks
O 10.1.100.0/24 [110/11] via 10.1.12.2, 00:09:39, Ethernet0/2
[110/11] via 10.1.11.2, 00:11:04, Ethernet0/1
O 10.1.101.0/24 [110/11] via 10.1.12.2, 00:09:29, Ethernet0/2
[110/11] via 10.1.11.2, 00:10:03, Ethernet0/1
O 10.1.112.0/24 [110/11] via 10.1.12.2, 00:10:54, Ethernet0/2
[110/11] via 10.1.11.2, 00:11:04, Ethernet0/1
O 10.1.200.0/24 [110/11] via 10.1.12.2, 00:09:29, Ethernet0/2
[110/11] via 10.1.11.2, 00:10:03, Ethernet0/1
配置網關冗餘協議: HSRP
SW1(config)#interface vlan 100
SW1(config-if)#standby 100 ip 10.1.100.254
SW1(config-if)#standby 100 priority 200
SW1(config)#interface vlan 101
SW1(config-if)#standby 101 ip 10.1.101.254
SW1(config-if)#standby 101 priority 150
SW1(config)#interface vlan 200
SW1(config-if)#standby 200 ip 10.1.200.254
SW2(config)#interface vlan 100
SW2(config-if)#standby 100 ip 10.1.100.254
SW2(config-if)#standby 100 priority 150
SW2(config)#interface vlan 101
SW2(config-if)#standby 101 ip 10.1.101.254
SW2(config-if)#standby 101 priority 200
SW2(config)#interface vlan 200
SW2(config-if)#standby 200 ip 10.1.200.254
驗證:
SW1#show standby brief
P indicates configured to preempt.
|
Interface Grp Pri P State Active Standby Virtual IP
Vl100 100 200 Active local 10.1.100.253 10.1.100.254
Vl101 101 150 Standby 10.1.101.253 local 10.1.101.254
Vl200 200 100 Standby 10.1.200.253 local 10.1.200.254
SW2#show standby brief
P indicates configured to preempt.
|
Interface Grp Pri P State Active Standby Virtual IP
Vl100 100 150 Standby 10.1.100.252 local 10.1.100.254
Vl101 101 200 Active local 10.1.101.252 10.1.101.254
Vl200 200 100 Active local 10.1.200.252 10.1.200.254
配置DHCP服務:
R1(config)#ip dhcp pool vlan100
R1(dhcp-config)#network 10.1.100.0 /24
R1(dhcp-config)#default-router 10.1.100.254
R1(dhcp-config)#ip dhcp pool vlan101
R1(dhcp-config)#network 10.1.101.0 /24
R1(dhcp-config)#default-router 10.1.101.254
R1(dhcp-config)#ip dhcp pool vlan200
R1(dhcp-config)#host 10.1.200.100 /24
R1(dhcp-config)#default-router 10.1.200.254
R1(dhcp-config)#client-identifier 01aabb.cc00.b000
配置DHCP中繼
SW1(config)#interface vlan 100
SW1(config-if)#ip helper-address 10.1.255.1
SW1(config-if)#interface vlan 101
SW1(config-if)#ip helper-address 10.1.255.1
SW1(config-if)#interface vlan 200
SW1(config-if)#ip helper-address 10.1.255.1
SW2(config)#interface vlan 100
SW2(config-if)#ip helper-address 10.1.255.1
SW2(config-if)#interface vlan 101
SW2(config-if)#ip helper-address 10.1.255.1
SW2(config-if)#interface vlan 200
SW2(config-if)#ip helper-address 10.1.255.1
配置客戶端
PC1(config)#interface e0/0
PC1(config-if)#ip address dhcp
PC2(config)#interface e0/0
PC2(config-if)#ip address dhcp
Server1(config)#interface e0/0
Server1(config-if)#ip address dhcp client-id e0/0
*Oct 22 08:54:01.377: %DHCP-6-ADDRESS_ASSIGN: Interface Ethernet0/0 assigned DHCP address 10.1.200.100, mask 255.255.255.0, hostname Server1
《未完待續,敬請期待下集》
謝謝觀賞,我是達叔。
- 1. CCNA企業網綜合項目實戰
- 2. CCNA企業網綜合項目實戰(續)
- 3. 《企業項目綜合實戰》綜合實訓(四)
- 4. 《企業項目綜合實戰》綜合實訓(一)
- 5. 《企業項目綜合實戰》綜合實訓(三)
- 6. 《企業項目綜合實戰》綜合實訓(五)
- 7. 《企業綜合項目實戰》綜合實訓(二)
- 8. CCNA綜合實驗
- 9. day04_JavaWeb企業實戰項目
- 10. CCNA綜合實驗一
- 更多相關文章...
- • Thymeleaf項目實踐 - Thymeleaf 教程
- • Mozilla 項目 - 瀏覽器信息
- • TiDB 在摩拜單車在線數據業務的應用和實踐
- • Docker容器實戰(一) - 封神Server端技術
-
每一个你不满意的现在,都有一个你没有努力的曾经。
- 1. 「插件」Runner更新Pro版,幫助設計師遠離996
- 2. 錯誤 707 Could not load file or assembly ‘Newtonsoft.Json, Version=12.0.0.0, Culture=neutral, PublicKe
- 3. Jenkins 2018 報告速覽,Kubernetes使用率躍升235%!
- 4. TVI-Android技術篇之註解Annotation
- 5. android studio啓動項目
- 6. Android的ADIL
- 7. Android卡頓的檢測及優化方法彙總(線下+線上)
- 8. 登錄註冊的業務邏輯流程梳理
- 9. NDK(1)創建自己的C/C++文件
- 10. 小菜的系統框架界面設計-你的評估是我的決策
- 1. CCNA企業網綜合項目實戰
- 2. CCNA企業網綜合項目實戰(續)
- 3. 《企業項目綜合實戰》綜合實訓(四)
- 4. 《企業項目綜合實戰》綜合實訓(一)
- 5. 《企業項目綜合實戰》綜合實訓(三)
- 6. 《企業項目綜合實戰》綜合實訓(五)
- 7. 《企業綜合項目實戰》綜合實訓(二)
- 8. CCNA綜合實驗
- 9. day04_JavaWeb企業實戰項目
- 10. CCNA綜合實驗一