企业网高级路由实验

图1 某企业网络拓扑结构图

表1设备地址规划表

设备	接口	IP	子网掩码	网关
PC1	E0/0/1	192.168.1.1	255.255.255.0	192.168.1.254
PC2	E0/0/1	192.168.2.1	255.255.255.0	192.168.2.254
R1	Loopback 0	10.0.1.1	255.255.255.255	N/A
	G0/0/0	10.0.13.1	255.255.255.0	N/A
	G0/0/1	10.0.12.1	255.255.255.0	N/A
	G0/0/2	192.168.11.1	255.255.255.0	N/A
S1	VLANIF 11	192.168.11.2	255.255.255.0	N/A
	VLANIF 10	192.168.1.254	255.255.255.0	N/A
	VLANIF 20	192.168.2.254	255.255.255.0	N/A
R2	Loopback 0	10.0.2.2	255.255.255.255	N/A
	G0/0/1	10.0.12.2	255.255.255.0	N/A
	G0/0/2	10.0.24.2	255.255.255.0	N/A
	NET:10.0000.0000.0002.00
R3	Loopback 0	10.0.3.3	255.255.255.255	N/A
	G0/0/0	10.0.13.3	255.255.255.0	N/A
	G0/0/1	10.0.34.3	255.255.255.0	N/A
	NET:10.0000.0000.0003.00
R4	Loopback 0	10.0.4.4	255.255.255.255	N/A
	Loopback 1	10.1.4.4	255.255.255.255	N/A
	Loopback 2	10.1.44.44	255.255.255.255	N/A
	G0/0/1	10.0.34.4	255.255.255.0	N/A
	G0/0/2	10.0.24.4	255.255.255.0	N/A
	NET:10.0000.0000.0004.00

要求:

1、按上图要求画好拓扑，配置好各PC地址；

2、设备名称如图1设置为学号最后2位+设备名称（如学号最后两位为05的同学，将设备分别取名为05S1、05S2、05S3、05S4、05R1、05R2……）；

3、公司内网在S1、S2、S3配置相应vlan，trunk口允许所有vlan流量通过；S1与R1的网络为vlan 11，PC网关为S1的SVI接口，地址如表1

4、在S1、S2、S3交换机上运行MSTP,实例10中主根桥为S1，次根桥为S2，实例20中主根桥为S1，次根桥为S3；

5、配置各路由器接口地址，公司内S1、R1设备运行ospf，S1到R1链路是area 0，PC到核心交换机链路是area 1设计为完全STUB区域,S1通过下发的默认路由访问外网；这个需求不合理，区域1属于直连路由，不可能产生缺省路由

6、运营商内R2、R3、R4运行ISIS，NET见表1，所有路由器都是level 2，R4的loopback 1与loopback 2模拟需要访问的2个服务器；

7、R1、R2、R3、R4运行BGP，AS如图1，EBGP用物理接口建立邻居关系，IBGP用逻辑接口建立邻居关系，R1宣告2个PC所在网络路由进BGP，R4宣告2个服务器所在网络路由进BGP，要求用MED属性控制公司内网访问服务器1走R2的路径，公司内网访问服务器2走R3的路径；

配置

sysname 37S1
#
undo info-center enable
#
vlan batch 10 to 11 20
#
stp instance 10 root primary
stp instance 20 root primary
#
stp region-configuration
region-name huawei
instance 10 vlan 10
instance 20 vlan 20
active region-configuration
#
interface Vlanif10
ip address 192.168.1.254 255.255.255.0
#
interface Vlanif11
ip address 192.168.11.2 255.255.255.0
#
interface Vlanif20
ip address 192.168.2.254 255.255.255.0
#
interface GigabitEthernet0/0/1
port link-type access
port default vlan 11
#
interface GigabitEthernet0/0/2
port link-type trunk
port trunk allow-pass vlan 2 to 4094
#
interface GigabitEthernet0/0/3
port link-type trunk
port trunk allow-pass vlan 2 to 4094
#
ospf 1
area 0.0.0.0
network 192.168.11.0 0.0.0.255
area 0.0.0.1
network 192.168.1.0 0.0.0.255
network 192.168.2.0 0.0.0.255
stub no-summary
#
ip route-static 0.0.0.0 0.0.0.0 192.168.11.1

sysname 37S2
#
undo info-center enable
#
vlan batch 10 20
#
stp instance 10 root secondary
#
stp region-configuration
region-name huawei
instance 10 vlan 10
instance 20 vlan 20
active region-configuration
#
interface Ethernet0/0/1
port link-type access
port default vlan 10
#
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 2 to 4094
#
interface GigabitEthernet0/0/2
port link-type trunk
port trunk allow-pass vlan 2 to 4094

sysname 37S3
#
undo info-center enable
#
vlan batch 10 20
#
stp instance 20 root secondary
#
stp region-configuration
region-name huawei
instance 10 vlan 10
instance 20 vlan 20
active region-configuration
#
interface Ethernet0/0/1
port link-type access
port default vlan 20
#
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 2 to 4094
#
interface GigabitEthernet0/0/2
port link-type trunk
port trunk allow-pass vlan 2 to 4094

sysname 37R1
#
undo info-center enable
#
interface GigabitEthernet0/0/0
ip address 10.0.13.1 255.255.255.0
#
interface GigabitEthernet0/0/1
ip address 10.0.12.1 255.255.255.0
#
interface GigabitEthernet0/0/2
ip address 192.168.11.1 255.255.255.0
#
interface LoopBack0
ip address 10.0.1.1 255.255.255.255
#
bgp 600
peer 10.0.12.2 as-number 500
peer 10.0.13.3 as-number 500
#
ipv4-family unicast
undo synchronization
network 192.168.1.0
network 192.168.2.0
peer 10.0.12.2 enable
peer 10.0.13.3 enable
#
ospf 1 router-id 10.0.1.1
area 0.0.0.0
network 192.168.11.0 0.0.0.255

sysname 37R2
#
undo info-center enable
#
isis 1
is-level level-2
network-entity 10.0000.0000.0002.00
#
interface GigabitEthernet0/0/1
ip address 10.0.12.2 255.255.255.0
#
interface GigabitEthernet0/0/2
ip address 10.0.24.2 255.255.255.0
isis enable 1
#
interface LoopBack0
ip address 10.0.2.2 255.255.255.255
isis enable 1
#
bgp 500
peer 10.0.4.4 as-number 500
peer 10.0.4.4 connect-interface LoopBack0
peer 10.0.12.1 as-number 600
#
ipv4-family unicast
undo synchronization
peer 10.0.4.4 enable
peer 10.0.4.4 next-hop-local
peer 10.0.12.1 enable
peer 10.0.12.1 route-policy 2 export
#
route-policy 2 permit node 10
if-match ip-prefix 2
apply cost 2
#
route-policy 2 permit node 20
#
ip ip-prefix 2 index 10 permit 10.1.44.44 32

sysname 37R3
#
undo info-center enable
#
isis 1
is-level level-2
network-entity 10.0000.0000.0003.00
#
interface GigabitEthernet0/0/0
ip address 10.0.13.3 255.255.255.0
#
interface GigabitEthernet0/0/1
ip address 10.0.34.3 255.255.255.0
isis enable 1
#
interface LoopBack0
ip address 10.0.3.3 255.255.255.255
isis enable 1
#
bgp 500
peer 10.0.4.4 as-number 500
peer 10.0.4.4 connect-interface LoopBack0
peer 10.0.13.1 as-number 600
#
ipv4-family unicast
undo synchronization
peer 10.0.4.4 enable
peer 10.0.4.4 next-hop-local
peer 10.0.13.1 enable

sysname 37R4
#
undo info-center enable
#
isis 1
is-level level-2
network-entity 10.0000.0000.0004.00
#
interface GigabitEthernet0/0/1
ip address 10.0.34.4 255.255.255.0
isis enable 1
#
interface GigabitEthernet0/0/2
ip address 10.0.24.4 255.255.255.0
isis enable 1
#
interface LoopBack0
ip address 10.0.4.4 255.255.255.255
isis enable 1
#
interface LoopBack1
ip address 10.1.4.4 255.255.255.255
#
interface LoopBack2
ip address 10.1.44.44 255.255.255.255
#
bgp 500
peer 10.0.2.2 as-number 500
peer 10.0.2.2 connect-interface LoopBack0
peer 10.0.3.3 as-number 500
peer 10.0.3.3 connect-interface LoopBack0
#
ipv4-family unicast
undo synchronization
network 10.1.4.4 255.255.255.255
network 10.1.44.44 255.255.255.255
peer 10.0.2.2 enable
peer 10.0.3.3 enable

企业网高级路由实验

猜你喜欢