双核心企业网络

配置路由 R1

hostname R1

interface fastethernet 0/0
ip address 172.16.0.1 255.255.255.252
no shutdown
interface fastethernet 0/1
ip address 172.16.0.5 255.255.255.252
no shutdown

interface Serial 2/0
ip address 161.62.63.1 255.255.255.240
no shutdown

interface fastethernet 0/0
ip nat inside
interface fastethernet 0/1
ip nat inside

interface Serial 2/0
ip nat outside

time-range work-time
periodic weekdays 09:00 to 18:00

access-list 10 permit 172.16.10.0 0.0.0.255 time-range work-time
access-list 10 permit 172.16.11.0 0.0.0.255 time-range work-time
access-list 10 permit 172.16.12.0 0.0.0.255 time-range work-time
access-list 10 permit 172.16.13.0 0.0.0.255 time-range work-time

ip nat pool Internet 161.62.63.1 161.62.63.5 network 255.255.255.240
ip nat inside source list 10 pool Internet overload
ip nat inside source tcp 172.16.14.4.80 161.62.63.6 80

router OSPF 10
route-id 3.3.3.3
network 172.16.0.0 0.0.0.3 area 0
network 172.16.0.0 0.0.0.3 area 0

ip route 0.0.0.0.0.0.0.0 Serial 2/0

配置运营商路由器 R2

hostname R2

interface Serial 2/0
ip address 67.7.8.14 255.255.255.240
no shutdown

ip route 0.0.0.0.0.0.0.0 Serial 2/0

核心三层交换机sw1

hostname sw1

vlan 10
name xiaoshoubu
vlan 11
name shichangbu
vlan 12
name yingxiaobu
vlan 13
name guanlibu
vlan 14
name fuwuqiqun

interface range fastethernet 0/10-11
switchport mode trunk

interface range fastethernet 0/2-5
switchport mode access
switchport access vlan 14

interface fastethernet 0/23
portgroup 1
interface fastethernet 0/24
portgroup 1
interface aggregateport 1
switchport mode trunk
aggregateport load-balance src-ip

interface fastethernet 0/1
no shutdown
ip add 172.16.0.2 255.255.255.252
no shutdown

service dhcp

interface vlan 10
ip add 172.16.10.1 255.255.255.0
ip helper-address 172.16.14.3
no shutdown

interface vlan 11
ip add 172.16.11.1 255.255.255.0
ip helper-address 172.16.14.3
no shutdown

interface vlan 12
ip add 172.16.12.1 255.255.255.0
ip helper-address 172.16.14.3
no shutdown

interface vlan 13
ip add 172.16.13.1 255.255.255.0
ip helper-address 172.16.14.3
no shutdown

interface vlan 14
ip add 172.16.14.1 255.255.255.0
no shutdown

spanning-tree
spanning-tree mode mstp
spanning-tree mst configuration
intance 10 vlan 10,11
intance 20 vlan 12,13
name quyumingcheng
revision 1

spanning-tree mst 10 priority 4096
spanning-tree mst 20 priority 8192

interface vlan 10
vrrp 10 ip 172.16.10.1
vrrp 10 priority 120

interface vlan 11
vrrp 10 ip 172.16.11.1
vrrp 10 priority 120

interface vlan 12
vrrp 10 ip 172.16.12.1
vrrp 10 priority 120

interface vlan 13
vrrp 10 ip 172.16.13.1
vrrp 10 priority 120

router OSPF 10
route-id 1.1.1.1
network 172.16.0.0 0.0.0.0.3 area 0
network 172.16.10.0 0.0.0.0.255 area 0
network 172.16.11.0 0.0.0.0.255 area 0
network 172.16.12.0 0.0.0.0.255 area 0
network 172.16.13.0 0.0.0.0.255 area 0
network 172.16.14.0 0.0.0.0.255 area 0

ip route 0.0.0.0.0.0.0.0 172.16.0.1

三层交换机配置 sw2

hostname sw1

vlan 10
name xiaoshoubu
vlan 11
name shichangbu
vlan 12
name yingxiaobu
vlan 13
name guanlibu

interface range fastethernet 0/10-11
switchport mode trunk

interface fastethernet 0/23
portgroup 1
interface fastethernet 0/24
portgroup 1
interface aggregateport 1
switchport mode trunk
aggregateport load-balance src-ip

interface fastethernet 0/1
no shutdown
ip add 172.16.0.6 255.255.255.252
no shutdown

service dhcp

interface vlan 10
ip add 172.16.10.2 255.255.255.0
ip helper-address 172.16.14.3
no shutdown

interface vlan 11
ip add 172.16.11.2 255.255.255.0
ip helper-address 172.16.14.3
no shutdown

interface vlan 12
ip add 172.16.12.1 255.255.255.0
ip helper-address 172.16.14.3
no shutdown

interface vlan 13
ip add 172.16.13.1 255.255.255.0
ip helper-address 172.16.14.3
no shutdown

spanning-tree
spanning-tree mode mstp
spanning-tree mst configuration
intance 10 vlan 10,11
intance 20 vlan 12,13
name quyumingcheng
revision 1

spanning-tree mst 10 priority 4096
spanning-tree mst 20 priority 8192

interface vlan 10
vrrp 10 ip 172.16.10.1

interface vlan 11
vrrp 10 ip 172.16.11.1

interface vlan 12
vrrp 10 ip 172.16.12.1
vrrp 10 priority 120

interface vlan 13
vrrp 10 ip 172.16.13.1
vrrp 10 priority 120

router OSPF 10
route-id 2.2.2.2
network 172.16.0.0 0.0.0.0.3 area 0
network 172.16.10.0 0.0.0.0.255 area 0
network 172.16.11.0 0.0.0.0.255 area 0
network 172.16.12.0 0.0.0.0.255 area 0
network 172.16.13.0 0.0.0.0.255 area 0
network 172.16.14.0 0.0.0.0.255 area 0

ip route 0.0.0.0.0.0.0.0 172.16.0.5

二层交换机sw3

hostname sw3

vlan 10
name xiaoshoubu
vlan 11
name shichangbu

interface range fastethernet 0/10-11
switchport mode trunk

interface range fastethernet 0/1-9
switchport mode access
switchport access vlan 10
switchport port-security
switchport port-security maximum 1
switchport port-security violation shutdown
spanning-tree portfast

interface range fastethernet 0/12-20
switchport mode access
switchport access vlan 11
switchport port-security
switchport port-security maximum 1
switchport port-security violation shutdown
spanning-tree portfast

spanning-tree
spanning-tree mode mstp
spanning-tree mst configuration
intance 10 vlan 10,11
intance 20 vlan 12,13
name quyumingcheng
revision 1

二层交换机sw4

hostname sw4

vlan 12
name yingxiaobu
vlan 13
name guanlibu

interface range fastethernet 0/10-11
switchport mode trunk
interface range fastethernet 0/1-9
switchport mode access
switchport access vlan 12
switchport port-security
switchport port-security maximum 1
switchport port-security violation shutdown
spanning-tree portfast

interface range fastethernet 0/12-20
switchport mode access
switchport access vlan 13
switchport port-security
switchport port-security maximum 1
switchport port-security violation shutdown
spanning-tree portfast

spanning-tree
spanning-tree mode mstp
spanning-tree mst configuration
intance 10 vlan 10,11
intance 20 vlan 12,13
name quyumingcheng
revision 1