HCIP-DATACOM Comprehensive Experiment

Enterprise 2023-05-04 18:11:35 views: null

Experimental topology:

 

Experimental requirements:

Experimental scene:

A company is divided into the headquarters and branches, and the following requirements are required for networking.

1. Head office IP address planning;

wireless network:

vlan 10 ip network segment 10.0.10.0/24 gateway 10.0.10.254

vlan 20 ip network segment 10.0.20.0/24 gateway 10.0.20.254

Wired network:

vlan 30 ip network segment 10.0.30.0/24 gateway 10.0.30.254

vlan 40 ip network segment 10.0.40.0/24 gateway 10.0.40.254

AC management vlan 200

Ip 10.0.200.254/24

FW1 and SW1 interconnect vlan 100 ip network segment 10.0.100.0/24

FW1 and SW2 interconnect vlan 101 ip network segment 10.0.101.0/24

Other Internet segments are shown in the figure, please configure them yourself.

Switching network networking requirements:

SW1 and SW2 are the aggregation layer switches of the headquarters, and SW3 and SW4 are the access layer switches.

The four switching devices run the networking mode of MSTP+VRRP .

The plan is as follows:

Vlan 10 and vlan 20 are added to mstp instance 1; vlan 30 and vlan 40 are added to mstp instance 2.

Configure SW1 as the root bridge of instance 1 and the backup root bridge of instance 2.

Configure SW2 as the root bridge of instance 2 and the backup root bridge of instance 1.

SW1 and SW2 are the gateways of terminal devices. To implement gateway redundancy, VRRP needs to be configured.

The plan is as follows:

The gateway ip of Vlan 10 is 10.0.10.254

The gateway ip of Vlan 20 is 10.0.20.254

The gateway ip of Vlan 30 is 10.0.30.254

The gateway ip of Vlan 40 is 10.0.40.254

SW1 is the main gateway of vlan 10 and vlan20, and the backup gateway of vlan30 and vlan 40.

SW2 is the main gateway of vlan 30 and vlan 40, and the backup gateway of vlan 10 and vlan 20.

Configure the interface connected to the terminal device as an edge port to speed up convergence.

DHCP planning:

The business vlan dhcp server of the end user is configured on the firewall, and the gateway device uses DHCP relay to obtain an IP address.

Wireless networking:

Configure AC1 to manage AP devices. The management vlan of AC is 200, and the business vlans of the delivered configuration are 10 and 20.

SSID: configured as hcip-datacom

Wireless password: huawei123

Forwarding mode: direct forwarding

Route planning:

The internal network of the company headquarters uses ospf to learn routes.

2. Branch IP address planning;

Wired network:

vlan 50 ip network segment 10.0.50.0/24 gateway 10.0.50.254

vlan 60 ip network segment 10.0.60.0/24 gateway 10.0.60.254

The interconnection ip is as shown in the title, please configure it yourself.

Switching network planning:

SW7, 8, and 9 run RSTP, configure the interface connected to the terminal as an edge port, and enable dhcp-snooping to avoid dhcp attacks.

SW7 acts as the gateway device of PC, and configures dhcp to assign ip address.

Route planning:

The intranet of the company branch uses ospf to learn routes.

3. Internet network configuration.

ISP1, 2, and 3 are internet devices, run ospf, and configure the interfaces connecting isp1 and ips3 to CE as silent interfaces.

ISP2 configures the loopback port 0 ip address as 100.100.100.100.

4, mpls vpn wide area network configuration.

The internal IGP protocol of the Mpls WAN is IS-IS, and loopback ports 0 are created on PE1, P, PE2, and RR devices respectively. The ip addresses are 1.1.1.1/32, 2.2.2.2/32, 3.3.3.3/32, and 4.4. 4.4/32.

Configure mpls and mpls ldp to establish a public network tunnel.

Enable the FRR function of ISIS on the PE device to realize fast convergence of link faults.

5. VPN interconnection requirements of the head office and branch offices.

① CE1 and CE2 establish a GRE vpn with CE3 through the Internet, and use GRE vpn to establish an ospf neighbor relationship with the peer company.

② CE1 and CE2 establish mpls vpn with CE3 through the mpls vpn WAN.

③ By default, mpls vpn is used for mutual access between internal devices in the company, and GRE vpn is used when mpls vpn fails.

Mpls vpn planning:

EBGP runs between PE1, CE1, and CE2.

EBGP runs between PE2 and CE3.

PE1 , PE2 establish a VPNV4 neighbor relationship with the RR device. (RR can't learn vpnv4 routing, please check the documentation to solve the problem by yourself)

Import the ospf route through the BGP process on the CE device, so that the peer company can learn the route of the local company. At this time, pay attention to route filtering. Since the peer company's route can be learned through the ospf neighbor established by GRE, if it is imported into BGP, it may cause a loop or fail to learn the peer route through BGP.

Tip: Since GRE vpn can learn the route of the peer company through ospf, and mpls vpn learns the route of the peer site through BGP, at this time, pay attention to modify the route priority of the BGP protocol to realize path selection.

6. Firewall planning.

Ports G0/0/0 and G0/0/1 are assigned to the untrust area, and vlanif 100 and vlanif 101 interfaces are assigned to the trust area.

Configure security policies on the firewall to control the traffic between companies and the traffic from company PCs to external networks.

7、NAT

Configure nat on CE1, CE2, and CE3 so that the company can access the internet.

Guess you like

Origin blog.csdn.net/2301_76769137/article/details/130263068
Recommended
Ranking
A quick primer on numpy basics
Two sister tease python project
Java | Multiple keywords in the replacement content are returned to the front end in red style
C ++: references
The string leetcood 1018 is a binary prefix divisible by 5
Flutter 布局组件
Java combat spingboot-redis
PMP pre-exam sprint and wrong questions sorting
ActiveMq C# Message Features: Delayed and Timed Message Delivery
DSP28377S_ copy a program from the RAM to FLASH portion DETAILS
Daily
More
2024-05-16(23)
2024-05-15(5)
2024-05-14(9)
2024-05-13(8)
2024-05-12(28)
2024-05-11(32)
2024-05-10(34)
2024-05-09(32)
2024-05-08(18)
2024-05-07(34)

Code World

© 2018 codetd.com