所有文章
写文章
传图片
分类
评论
留言
返回首页
修改文章
#### 目录 1、项目背景 2、网络建设目标 3、拓扑规划 4、LAN规划(各部门局域网规划) 5、网络设备选型和命名 6、路由规划 7、配置 ------------ ### 1、项目背景 >XX公司总部位于北京,在上海和深圳分别设有研究所与办事处,通过组建网络将三地连接起来:北京总部有员工100人,一级部门四个(划分Vlan,IP地址规划),服务器2台,服务器与交换机做链路聚合,总部路由协议使用ospf;深圳办事处有员工30人,上海研究所有员工40人,办事处与研究所不分部门,采用DHCP分配IP地址;总部与分支机构之间使用SDH线路连接,其中总部与深圳之间使用2M线路(ppp+chap),总部与上海之间使用2条2M线路(帧中继+路由备份)。 <p><img src="https://www.qfwys.cn/boke/imgforA/01.png" style="width:100%"></p> ### 2、网络建设目标 > 网络带宽升级,达到千兆骨干,百兆到桌面 增强网络的可靠性及可用性 网络要易于管理、升级和扩展 确保内网安全及同办事处之间交互数据的安全 ### 3、拓扑规划 <p><img src="https://www.qfwys.cn/boke/imgforA/03.png" style="width:100%"></p> ### 4、LAN规划(各部门局域网规划) > 总部按部门划分VLAN 人事行政及财务/商务划为一个VLAN:VLAN 10 产品研发部划为一个VLAN:VLAN 20 技术支持部划为一个VLAN:VLAN 30 服务器区划为一个VLAN:VLAN 40 分支机构不划分VLAN 每个分支机构单独使用一个C类地址 254作为网关 总部及分支机构全部使用DHCP分配IP地址 <p><img src="https://www.qfwys.cn/boke/imgforA/04.png" style="width:100%"></p> ### 5、网络设备选型和命名 ① 北京总部: > 核心交换机 选型:S5700-28C-HI 命名:BJ-S5700-LSW1 服务器区交换机 选型:S3700-26C-HI 命名:BJ-S3700-LSW2 接入交换机 选型:S3700-26C-HI 命名:BJ-S3700-LSW3、LSW4、LSW5 互连及出口路由器 选型:AR2240 命名:BJ-AR2240-AR1 ② 深圳办事处: > 互连路由器 选型:AR1220 命名:SZ-AR1220-AR2 接入交换机 选型:S3700-26C-HI 命名:SZ-S3700-LSW6 ③ 上海研究所: > 互连路由器 选型:AR1220 命名:SH-AR1220-AR3 接入交换机 选型:S3700-26C-HI 命名:SH-S3700-LSW7 ### 6、路由规划 <p><img src="https://www.qfwys.cn/boke/imgforA/06.png" style="width:100%"></p> ### 7、配置 首先给交换机和路由器配置命名(这里以LSW1为例): <p><img src="https://www.qfwys.cn/boke/imgforA/07.png" style="width:100%"></p> 具体配置: 分别将LSW1和LSW2的g0/0/1和g0/0/2配置为一个链路聚合口: \======================================================== [BJ-S5700-LSW1]interface Eth-Trunk 12 [BJ-S5700-LSW1-Eth-Trunk12]trunkport g0/0/1 [BJ-S5700-LSW1-Eth-Trunk12]trunkport g0/0/2 \======================================================== [BJ-S3700-LSW2]interface Eth-Trunk 12 [BJ-S3700-LSW2-Eth-Trunk12]trunkport g0/0/1 [BJ-S3700-LSW2-Eth-Trunk12]trunkport g0/0/2 \======================================================== 在三层交换机LSW1上划分vlan,并给相应的vlanif虚拟口配置ip地址: \======================================================== \======================================================== //////// 划分端口VLAN,配置VLANIF的IP地址(即网关) [BJ-S5700-LSW1]vlan batch 10 20 30 40 Info: This operation may take a few seconds. Please wait for a moment...done. [BJ-S5700-LSW1]int g0/0/3 [BJ-S5700-LSW1-GigabitEthernet0/0/3]port link-type access [BJ-S5700-LSW1-GigabitEthernet0/0/3]port default vlan 10 [BJ-S5700-LSW1-GigabitEthernet0/0/3]int g0/0/4 [BJ-S5700-LSW1-GigabitEthernet0/0/4]port link-type access [BJ-S5700-LSW1-GigabitEthernet0/0/4]port default vlan 20 [BJ-S5700-LSW1-GigabitEthernet0/0/4]int g0/0/5 [BJ-S5700-LSW1-GigabitEthernet0/0/5]port link-type access [BJ-S5700-LSW1-GigabitEthernet0/0/5]port default vlan 30 [BJ-S5700-LSW1-GigabitEthernet0/0/5]int Eth-Trunk12 [BJ-S5700-LSW1-Eth-Trunk12]port link-type access [BJ-S5700-LSW1-Eth-Trunk12]port default vlan 40 [BJ-S5700-LSW1-Eth-Trunk12]int vlanif10 [BJ-S5700-LSW1-Vlanif10]ip add 192.168.10.254 24 [BJ-S5700-LSW1-Vlanif10]int vlanif20 [BJ-S5700-LSW1-Vlanif20]ip add 192.168.20.254 24 [BJ-S5700-LSW1-Vlanif20]int vlanif30 [BJ-S5700-LSW1-Vlanif30]ip add 192.168.30.254 24 [BJ-S5700-LSW1-Vlanif30]int vlanif40 [BJ-S5700-LSW1-Vlanif40]ip add 192.168.40.254 24 [BJ-S5700-LSW1-Vlanif40]display ip interface brief //////// 查看已有Vlanif及其地址 \======================================================== [BJ-S5700-LSW1]vlan 99 //////// LSW1配置g0/0/24端口 [BJ-S5700-LSW1-vlan99]int g0/0/24 [BJ-S5700-LSW1-GigabitEthernet0/0/24]port link-type access [BJ-S5700-LSW1-GigabitEthernet0/0/24]port default vlan 99 [BJ-S5700-LSW1-GigabitEthernet0/0/24]int vlanif99 [BJ-S5700-LSW1-Vlanif99]ip add 192.168.1.2 24 \======================================================== \======================================================== //////// 配置DHCP、静态路由和IP地址池 [BJ-AR2240-AR1]dhcp enable [BJ-AR2240-AR1]int g0/0/0 [BJ-AR2240-AR1-GigabitEthernet0/0/0]ip add 192.168.1.1 24 [BJ-AR2240-AR1-GigabitEthernet0/0/0]dhcp select global [BJ-AR2240-AR1-GigabitEthernet0/0/0]q [BJ-AR2240-AR1]ip route-static 192.168.10.0 255.255.255.0 192.168.1.2 [BJ-AR2240-AR1]ip route-static 192.168.20.0 255.255.255.0 192.168.1.2 [BJ-AR2240-AR1]ip route-static 192.168.30.0 255.255.255.0 192.168.1.2 [BJ-AR2240-AR1]ip route-static 192.168.40.0 255.255.255.0 192.168.1.2 [BJ-AR2240-AR1]ip pool vlan10 Info: It's successful to create an IP address pool. [BJ-AR2240-AR1-ip-pool-vlan10]gateway-list 192.168.10.254 [BJ-AR2240-AR1-ip-pool-vlan10]network 192.168.10.0 mask 255.255.255.0 [BJ-AR2240-AR1-ip-pool-vlan10]excluded-ip-address 192.168.10.100 192.168.10.253 [BJ-AR2240-AR1-ip-pool-vlan10]dns-list 114.114.114.114 [BJ-AR2240-AR1-ip-pool-vlan10]q [BJ-AR2240-AR1]ip pool vlan20 Info: It's successful to create an IP address pool. [BJ-AR2240-AR1-ip-pool-vlan20]gateway-list 192.168.20.254 [BJ-AR2240-AR1-ip-pool-vlan20]network 192.168.20.0 mask 255.255.255.0 [BJ-AR2240-AR1-ip-pool-vlan20]excluded-ip-address 192.168.20.100 192.168.20.253 [BJ-AR2240-AR1-ip-pool-vlan20]dns-list 114.114.114.114 [BJ-AR2240-AR1-ip-pool-vlan20]q [BJ-AR2240-AR1]ip pool vlan30 Info: It's successful to create an IP address pool. [BJ-AR2240-AR1-ip-pool-vlan30]gateway-list 192.168.30.254 [BJ-AR2240-AR1-ip-pool-vlan30]network 192.168.30.0 mask 255.255.255.0 [BJ-AR2240-AR1-ip-pool-vlan30]excluded-ip-address 192.168.30.100 192.168.30.253 [BJ-AR2240-AR1-ip-pool-vlan30]dns-list 114.114.114.114 [BJ-AR2240-AR1-ip-pool-vlan30]q [BJ-AR2240-AR1]dis ip pool \======================================================== //////////////////配置DHCP中继 [BJ-S5700-LSW1] [BJ-S5700-LSW1]dhcp enable Info: The operation may take a few seconds. Please wait for a moment.done. [BJ-S5700-LSW1]int vlanif10 [BJ-S5700-LSW1-Vlanif10]dhcp select relay [BJ-S5700-LSW1-Vlanif10]dhcp relay server-ip 192.168.1.1 [BJ-S5700-LSW1-Vlanif10]q [BJ-S5700-LSW1]int vlanif20 [BJ-S5700-LSW1-Vlanif20]dhcp select relay [BJ-S5700-LSW1-Vlanif20]dhcp relay server-ip 192.168.1.1 [BJ-S5700-LSW1-Vlanif20]q [BJ-S5700-LSW1]int vlanif30 [BJ-S5700-LSW1-Vlanif30]dhcp select relay [BJ-S5700-LSW1-Vlanif30]dhcp relay server-ip 192.168.1.1 \======================================================== \======================================================== ////////////////// AR2配置DHCP [SZ-AR1220-AR2]dhcp enable Info: The operation may take a few seconds. Please wait for a moment.done. [SZ-AR1220-AR2]int g0/0/0 [SZ-AR1220-AR2-GigabitEthernet0/0/0]ip add 192.168.50.254 24 [SZ-AR1220-AR2-GigabitEthernet0/0/0]dhcp select global [SZ-AR1220-AR2-GigabitEthernet0/0/0]q [SZ-AR1220-AR2]ip pool net50 Info: It's successful to create an IP address pool. [SZ-AR1220-AR2-ip-pool-net50]gateway-list 192.168.50.254 [SZ-AR1220-AR2-ip-pool-net50]network 192.168.50.0 mask 24 [SZ-AR1220-AR2-ip-pool-net50]excluded-ip-address 192.168.50.201 192.168.50.253 [SZ-AR1220-AR2-ip-pool-net50]dns-list 114.114.114.114 \======================================================== ////////////////// AR3配置DHCP [SH-AR1220-AR3]dhcp enable Info: The operation may take a few seconds. Please wait for a moment.done. [SH-AR1220-AR3]int g0/0/0 [SH-AR1220-AR3-GigabitEthernet0/0/0]ip add 192.168.60.254 24 [SH-AR1220-AR3-GigabitEthernet0/0/0]dhcp select global [SH-AR1220-AR3-GigabitEthernet0/0/0]q [SH-AR1220-AR3]ip pool net60 Info: It's successful to create an IP address pool. [SH-AR1220-AR3-ip-pool-net60]gateway-list 192.168.60.254 [SH-AR1220-AR3-ip-pool-net60]network 192.168.60.0 mask 24 [SH-AR1220-AR3-ip-pool-net60]excluded-ip-address 192.168.60.201 192.168.60.253 [SH-AR1220-AR3-ip-pool-net60]dns-list 114.114.114.114 \======================================================== \======================================================== ////////////////// 配置AR1ppp-CHAP认证 [BJ-AR2240-AR1]int s1/0/0 [BJ-AR2240-AR1-Serial1/0/0]ip add 192.168.2.1 24 [BJ-AR2240-AR1-Serial1/0/0]q [BJ-AR2240-AR1]ip route-static 192.168.50.0 255.255.255.0 192.168.2.2 [BJ-AR2240-AR1]aaa [BJ-AR2240-AR1-aaa]local-user ar1 password cipher hello Info: Add a new user. [BJ-AR2240-AR1-aaa]local-user ar1 service-type ppp [BJ-AR2240-AR1-aaa]int s1/0/0 [BJ-AR2240-AR1-Serial1/0/0]link-protocol ppp [BJ-AR2240-AR1-Serial1/0/0]ppp authentication-mode chap [BJ-AR2240-AR1-Serial1/0/0]shutdown [BJ-AR2240-AR1-Serial1/0/0]undo shutdown \======================================================== ////////////////// 配置AR2ppp-CHAP认证 [SZ-AR1220-AR2]int s1/0/0 [SZ-AR1220-AR2-Serial1/0/0]ip add 192.168.2.2 24 [SZ-AR1220-AR2-Serial1/0/0]q [SZ-AR1220-AR2]ip route-static 192.168.1.0 255.255.255.0 192.168.2.1 [SZ-AR1220-AR2]int s1/0/0 [SZ-AR1220-AR2-Serial1/0/0]link-protocol ppp [SZ-AR1220-AR2-Serial1/0/0]ppp chap user ar1 [SZ-AR1220-AR2-Serial1/0/0]ppp chap password cipher hello [SZ-AR1220-AR2-Serial1/0/0]shutdown [SZ-AR1220-AR2-Serial1/0/0]undo shutdown [SZ-AR1220-AR2-Serial1/0/0]display this \======================================================== \======================================================== ////////////////// 配置AR1路由备份 [BJ-AR2240-AR1]int s2/0/0 [BJ-AR2240-AR1-Serial2/0/0]ip add 192.168.3.1 24 [BJ-AR2240-AR1-Serial2/0/0]int s2/0/1 [BJ-AR2240-AR1-Serial2/0/1]ip add 192.168.4.1 24 [BJ-AR2240-AR1-Serial2/0/1]q [BJ-AR2240-AR1]ip route-static 192.168.60.0 255.255.255.0 192.168.3.2 //默认60 [BJ-AR2240-AR1]ip route-static 192.168.60.0 255.255.255.0 192.168.4.2 preference 100 \======================================================== ////////////////// 配置AR3路由备份 [SH-AR1220-AR3]int s2/0/0 [SH-AR1220-AR3-Serial2/0/0]ip add 192.168.3.2 24 [SH-AR1220-AR3-Serial2/0/0]int s2/0/1 [SH-AR1220-AR3-Serial2/0/1]ip add 192.168.4.2 24 [SH-AR1220-AR3-Serial2/0/1]q [SH-AR1220-AR3]ip route-static 192.168.1.0 255.255.255.0 192.168.3.1 //默认60 [SH-AR1220-AR3]ip route-static 192.168.1.0 255.255.255.0 192.168.4.1 preference 100 \======================================================== \======================================================== ////////////////// AR1配置帧中继 [BJ-AR2240-AR1]int s2/0/0 [BJ-AR2240-AR1-Serial2/0/0]link-protocol fr Warning: The encapsulation protocol of the link will be changed. Continue? [Y/N]:y [BJ-AR2240-AR1-Serial2/0/0]fr interface-type dce //////网络侧 [BJ-AR2240-AR1-Serial2/0/0]fr dlci 100 [BJ-AR2240-AR1-fr-dlci-Serial2/0/0-100]int s2/0/1 [BJ-AR2240-AR1-Serial2/0/1]link-protocol fr Warning: The encapsulation protocol of the link will be changed. Continue? [Y/N]:y [BJ-AR2240-AR1-Serial2/0/1]fr interface-type dce [BJ-AR2240-AR1-Serial2/0/1]fr dlci 100 [BJ-AR2240-AR1-fr-dlci-Serial2/0/1-100]q \======================================================== ////////////////// AR3配置帧中继 [SH-AR1220-AR3]int s2/0/0 [SH-AR1220-AR3-Serial2/0/0]link-protocol fr Warning: The encapsulation protocol of the link will be changed. Continue? [Y/N]:y [SH-AR1220-AR3-Serial2/0/0]fr interface-type dte //////用户侧 [SH-AR1220-AR3-Serial2/0/0]fr dlci 100 [SH-AR1220-AR3-fr-dlci-Serial2/0/0-100]q [SH-AR1220-AR3-Serial2/0/0]int s2/0/1 [SH-AR1220-AR3-Serial2/0/1]link-protocol fr Warning: The encapsulation protocol of the link will be changed. Continue? [Y/N]:y [SH-AR1220-AR3-Serial2/0/1]fr interface-type dte [SH-AR1220-AR3-Serial2/0/1]fr dlci 100 [SH-AR1220-AR3-fr-dlci-Serial2/0/1-100]q \======================================================== \======================================================== ////////////////// 配置AR1的OSPF [BJ-AR2240-AR1]int loopback0 [BJ-AR2240-AR1-LoopBack0]ip add 1.1.1.1 32 [BJ-AR2240-AR1-LoopBack0]q [BJ-AR2240-AR1]ospf 100 router-id 1.1.1.1 [BJ-AR2240-AR1-ospf-100]area 0 [BJ-AR2240-AR1-ospf-100-area-0.0.0.0]authentication-mode md5 1 cipher huawei [BJ-AR2240-AR1-ospf-100-area-0.0.0.0]network 192.168.2.0 0.0.0.255 [BJ-AR2240-AR1-ospf-100-area-0.0.0.0]network 192.168.3.0 0.0.0.255 [BJ-AR2240-AR1-ospf-100-area-0.0.0.0]network 192.168.4.0 0.0.0.255 [BJ-AR2240-AR1-ospf-100-area-0.0.0.0]network 1.1.1.1 0.0.0.0 [BJ-AR2240-AR1-ospf-100-area-0.0.0.0]area 1 [BJ-AR2240-AR1-ospf-100-area-0.0.0.1]authentication-mode md5 1 cipher hw123 [BJ-AR2240-AR1-ospf-100-area-0.0.0.1]network 192.168.1.0 0.0.0.255 [BJ-AR2240-AR1-ospf-100-area-0.0.0.1]q [BJ-AR2240-AR1-ospf-100]import-route static //OSPF引入静态路由 [BJ-AR2240-AR1-ospf-100]peer 192.168.3.2 //手动指定邻居的接口,建立邻居关系。因为帧中继默认无法运行OSPF协议 [BJ-AR2240-AR1-ospf-100]peer 192.168.4.2 [BJ-AR2240-AR1-ospf-100]int g0/0/0 \======================================================== ////////////////// 配置AR2的OSPF [SZ-AR1220-AR2]int loopback0 [SZ-AR1220-AR2-LoopBack0]ip add 2.2.2.2 32 [SZ-AR1220-AR2-LoopBack0]q [SZ-AR1220-AR2]ospf 100 router-id 2.2.2.2 [SZ-AR1220-AR2-ospf-100]area 0 [SZ-AR1220-AR2-ospf-100-area-0.0.0.0]authentication-mode md5 1 cipher huawei [SZ-AR1220-AR2-ospf-100-area-0.0.0.0]network 192.168.2.0 0.0.0.255 [SZ-AR1220-AR2-ospf-100-area-0.0.0.0]network 2.2.2.2 0.0.0.0 [SZ-AR1220-AR2-ospf-100-area-0.0.0.0]area 2 [SZ-AR1220-AR2-ospf-100-area-0.0.0.2]network 192.168.50.0 0.0.0.255 [SZ-AR1220-AR2-ospf-100-area-0.0.0.2]q [SZ-AR1220-AR2-ospf-100]import-route static \======================================================== ////////////////// 配置AR3的OSPF [SH-AR1220-AR3]int loopback0 [SH-AR1220-AR3-LoopBack0]ip add 3.3.3.3 32 [SH-AR1220-AR3-LoopBack0]q [SH-AR1220-AR3]ospf 100 router-id 3.3.3.3 [SH-AR1220-AR3-ospf-100]area 0 [SH-AR1220-AR3-ospf-100-area-0.0.0.0]authentication-mode md5 1 cipher huawei [SH-AR1220-AR3-ospf-100-area-0.0.0.0]network 192.168.3.0 0.0.0.255 [SH-AR1220-AR3-ospf-100-area-0.0.0.0]network 192.168.4.0 0.0.0.255 [SH-AR1220-AR3-ospf-100-area-0.0.0.0]network 3.3.3.3 0.0.0.0 [SH-AR1220-AR3-ospf-100-area-0.0.0.0]area 3 [SH-AR1220-AR3-ospf-100-area-0.0.0.3]network 192.168.60.0 0.0.0.255 [SH-AR1220-AR3-ospf-100-area-0.0.0.3]q [SH-AR1220-AR3-ospf-100]import-route static [SH-AR1220-AR3-ospf-100]peer 192.168.3.1 [SH-AR1220-AR3-ospf-100]peer 192.168.4.1 [SH-AR1220-AR3-ospf-100]int s2/0/0 [SH-AR1220-AR3-Serial2/0/0]ospf dr-priority 0 //OSPF优先级置零,使其不参与DR/BDR的选举(默认DR是1) [SH-AR1220-AR3-Serial2/0/0]int s2/0/1 [SH-AR1220-AR3-Serial2/0/1]ospf dr-priority 0 //OSPF优先级置零,使其不参与DR/BDR的选举 \======================================================== ////////////////// 配置LSW1的OSPF [BJ-S5700-LSW1]int loopback0 [BJ-S5700-LSW1-LoopBack0]ip add 4.4.4.4 32 [BJ-S5700-LSW1-LoopBack0]q [BJ-S5700-LSW1]ospf 100 router-id 4.4.4.4 [BJ-S5700-LSW1-ospf-100]area 1 [BJ-S5700-LSW1-ospf-100-area-0.0.0.1]authentication-mode md5 1 cipher hw123 [BJ-S5700-LSW1-ospf-100-area-0.0.0.1]network 192.168.1.0 0.0.0.255 [BJ-S5700-LSW1-ospf-100-area-0.0.0.1]network 4.4.4.4 0.0.0.0 [BJ-S5700-LSW1-ospf-100-area-0.0.0.1]q [BJ-S5700-LSW1-ospf-100]import-route static [BJ-S5700-LSW1-ospf-100]int vlan99 [BJ-S5700-LSW1-Vlanif99]ospf dr-priority 0 //OSPF优先级置零,使其不参与DR/BDR选举 \======================================================== \======================================================== > **THE END.**
操作
将该文章置顶
发布时间:
-
-
@
:
摘要:
1、项目背景 XX公司总部位于北京,在上海和深圳分别设有研究所与办事处,通过组建网络将三地连接起来:北京总部有员工100人,一级部门四个(划分Vlan,IP地址规划),服务器2台,服务器与交换机做链路聚合,总部路由协议使用ospf;深圳办事处有员工30人,上海研究所有员工40人,办事处与研究所不分部门,采用DHCP分配IP地址;总部与分支机构之间使用...
分类:
请选择文章类型
请选择您的姓名
发布
