Build a small and medium-sized enterprise network to complete DHCP dynamic address allocation, divide VLAN, and NAT protocol address translation to simulate access to the external network
Project files are in my resources
Table of contents
Second, the division of IP addresses
3. VLAN division and intercommunication
2. One-arm routing for VLAN 10 and VLAN 20
(A) Configure VLAN10, logical port e0/0/0.10
(B) Configure VLAN20 in the same way, logical port e0/0/0.20
1. AR1 DHCP assigns VLAN 10 20 (global DHCP)
2. LSW1 DHCP assigns VLAN 30 50 (interface DHCP)
5. Routing (RIP between AR1 and LSW1)
1. Port configuration of AR1 and LSW1
First use a fixed ip to complete vlan configuration, and then complete DHCP to automatically assign ip addresses
AR1 cannot use Router, otherwise NAT cannot be configured, and AR2240 can be used
If you have used a Router, please right-click on the router to export the configuration, then replace the AR2240 router, use the same interface to connect LSW5 to LSW1, the connection between ISPs needs to be reconfigured, and then right-click to import the previous configuration file of AR1 when the router is turned off. Preserve DHCP, VLAN and other settings
1. Network topology
Second, the division of IP addresses
Require:
The intranet address is 192.168.1.0/24
where the number of hosts in vlan 30 40 50 <30
the number of hosts in vlan 10 20 60 < 12
The first address of each network segment is used as the gateway address of each network segment
According to the requirements, there are 6 vlans in total, and 6 network segments and subnets are required, so the subnetting occupies 3 host numbers as the subnet number, and the remaining 5 digits are used as the host number, which is just enough to satisfy no more than 30 hosts and
1 host, so The subnet mask is 255.255.255.11100000, which is 255.255.255.224. The specific division of ip and gateway depends on the topology
In order to facilitate the experiment, first use a fixed ip to complete the vlan configuration, and then complete the DHCP automatic allocation of ip addresses
Take PC1 as an example:
3. VLAN division and intercommunication
Huawei switch interface types (three types) :
• access port : in and out, only belongs to one VLAN , usually connected to the host or router at the opposite end;• Trunk port : Multiple VLANs can be allowed to pass through with tags, and the default vlan ( PVID VLAN ) can pass through without tags, usually connected to the switch at the peer end;• Hybrid ( hybrid interface): Multiple VLANs can be allowed to pass through with tags, or multiple VLANs can be allowed to pass through without tags, and anyone can connect to the opposite end; (Huawei's private interface)• PVID vlan : All interfaces have a default vlan of 1 (in and out )•
1. Create VLAN 10 and VLAN 20
Create vlan 10 and vlan 20, divide PC1 and Client3 into vlan 10 , and divide PC2 into vlan 20
[LSW5]vlan batch 10 20 ;在LSW5中创建VLAN 10 20
[LSW5]int e0/0/2
[LSW5-Ethernet0/0/2]port link-type access ;设置e0/0/2端口类型为acces
[LSW5-Ethernet0/0/2]port default vlan 10 ;用来配置接口的默认VLAN并同时加入这个VLAN。
[LSW5-Ethernet0/0/2]int e0/0/3 ;另一个端口同理
[LSW5-Ethernet0/0/3]port link-type access
[LSW5-Ethernet0/0/3]port default vlan 10
[LSW5-Ethernet0/0/3]int e0/0/4 ;配置VLAN 20
[LSW5-Ethernet0/0/4]port link-type access
[LSW5-Ethernet0/0/4]port default vlan 20
[LSW5-Ethernet0/0/4]int e0/0/1
[LSW5-Ethernet0/0/1]port link-type trunk ;端口e0/0/1为trunk口
[LSW5-Ethernet0/0/1]port trunk allow-pass vlan 10 20 30 40 50 60 ;trunk允许通过vlan 10 20 30 40 50 60Because other vlans will communicate with each other in the future, let the trunk allow vlan 10 20 30 40 50 60 to pass through in one step, once and for all, or use " port trunk allow-pass vlan all "
2. One-arm routing for VLAN 10 and VLAN 20
To communicate with VLAN 10 and VLAN 20, you need to configure VLAN routing and use the VLANIF interface. The one-arm routing shown here
(A) Configure VLAN10, logical port e0/0/0.10
To configure vlanif using the logical port on the physical port g0/0/0 of AR1 , usually in actual engineering applications, you can enter which logical port you are in which VLAN, so first enter the logical port g0/0/0.10 of AR1
[AR1]INT G0/0/0.10 ;进入逻辑端口
[AR1-GigabitEthernet0/0/0.10]IP ADD 192.168.1.97 27 ;配置逻辑端口的ip为VLAN 10的网关
[AR1-GigabitEthernet0/0/0.10]dot1q termination vid 10 ;对应vlan10
[AR1-GigabitEthernet0/0/0.10]arp broadcast enable ;开启ARP的广播功能(B) Configure VLAN20 in the same way, logical port e0/0/0.20
[AR1-GigabitEthernet0/0/0.10]int g0/0/0.20
[AR1-GigabitEthernet0/0/0.20]ip add 192.168.1.161 27
[AR1-GigabitEthernet0/0/0.20]dot1q termination vid 20
[AR1-GigabitEthernet0/0/0.20]arp broadcast enable
Configured to this time, VLAN10 and VLAN20 can already communicate with each other
2.VLAN 30 40 50
(A)VLAN 30
Create vlan on LSW2
[LSW2]vlan batch 30
[LSW2]int e0/0/3
[LSW2-Ethernet0/0/3]p l a ;定为access口
[LSW2-Ethernet0/0/3]p d v 30 ;划分到vlan30
[LSW2-Ethernet0/0/3]int e0/0/1
[LSW2-Ethernet0/0/1]p l t
[LSW2-Ethernet0/0/1]p t a v 10 20 30 40 50 60
[LSW2-Ethernet0/0/1]int e0/0/2
[LSW2-Ethernet0/0/2]p l t
[LSW2-Ethernet0/0/2]p t a v 10 20 30 40 50 60(B)VLAN 40
Create vlan on LSW3
[LSW3]v b 40
[LSW3]int e0/0/3
[LSW3-Ethernet0/0/3]p l a
[LSW3-Ethernet0/0/3]p d v 40
[LSW3-Ethernet0/0/3]int e0/0/2
[LSW3-Ethernet0/0/2]p l t
[LSW3-Ethernet0/0/2]p t a v 10 20 30 40 50 60
[LSW3-Ethernet0/0/2]int e0/0/1
[LSW3-Ethernet0/0/1]p l t
[LSW3-Ethernet0/0/1]p t a v 10 20 30 40 50 60(C)VLAN 50
Create vlan on LSW4
[LSW4]v b 50
[LSW4]int e0/0/2
[LSW4-Ethernet0/0/2]p l a
[LSW4-Ethernet0/0/2]p d v 50
[LSW4-Ethernet0/0/2]int e0/0/3
[LSW4-Ethernet0/0/3]p l a
[LSW4-Ethernet0/0/3]p d v 50
[LSW4-Ethernet0/0/3]int e0/0/1
[LSW4-Ethernet0/0/1]p l t
[LSW4-Ethernet0/0/1]p t a v 10 20 30 40 50 60(D)VLAN 60
[LSW1]v b 10 20 30 40 50 60
[LSW1]int g0/0/2
[LSW1-GigabitEthernet0/0/2]p l a ;vlan60 和LSW1直连所以用access
[LSW1-GigabitEthernet0/0/2]p d v 60 ;划分到vlan60
(E)VLANIF
Configure VLANIF in LSW1
[LSW1]int g0/0/3
[LSW1-GigabitEthernet0/0/3]p l t
[LSW1-GigabitEthernet0/0/3]p t a v 10 20 30 40 50 60
[LSW1-GigabitEthernet0/0/3]int g0/0/4
[LSW1-GigabitEthernet0/0/4]p l t
[LSW1-GigabitEthernet0/0/4]p t a v 10 20 30 40 50 60
[LSW1-GigabitEthernet0/0/4]int g0/0/5
[LSW1-GigabitEthernet0/0/5]p l t
[LSW1-GigabitEthernet0/0/5]p t a v 10 20 30 40 50 60
[LSW1-GigabitEthernet0/0/5]int vlan 30
[LSW1-Vlanif30]ip add 192.168.1.33 27
[LSW1-Vlanif30]int vlan 40
[LSW1-Vlanif40]ip add 192.168.1.65 27
[LSW1-Vlanif40]int vlan 50
[LSW1-Vlanif50]ip add 192.168.1.129 27
[LSW1-Vlanif50]int vlan 60
[LSW1-Vlanif60]ip add 192.168.1.193 27
So far, VLAN 30 40 50 60, all pass through
Four, DHCP configuration
When configuring DHCP, where the gateway of the host is divided, use the DHCP service to allocate IP on which device, VLAN 10 and 20 are the gateways divided on the logical port of AR1, so use the DHCP service to allocate IP on AR1, VLAN 30 50 uses the DHCP service to assign ip on LSW1, and the client and server in VLAN40 60 use fixed ip, so there is no need for DHCP to dynamically assign ip
1. AR1 DHCP assigns VLAN 10 20 (global DHCP)
(A)VLAN 10
[AR1]dhcp enable ;开启DHCP
Info: The operation may take a few seconds. Please wait for a moment.done.
[AR1]ip pool 10 ;创建全局地址池
Info:It's successful to create an IP address pool.
[AR1-ip-pool-10]network 192.168.1.96 mask 27 ;配置全局地址池下可分配的网段地址
[AR1-ip-pool-10]gateway-list 192.168.1.97 ;配置网关地址
[AR1-ip-pool-10]dns-list 114.114.114.114 8.8.8.8 ;配置dns
[AR1-ip-pool-10]lease day 0 ;设置租期,若为0则为永久租期
[AR1-ip-pool-10]int g0/0/0.10 ;检查逻辑端口g0/0/0.10当前的配置
[AR1-GigabitEthernet0/0/0.10]dis this
#
interface GigabitEthernet0/0/0.10
dot1q termination vid 10
ip address 192.168.1.97 255.255.255.224 ;之前设置了这个端口的地址所以不用再设置一次
arp broadcast enable
#
return
[AR1-GigabitEthernet0/0/0.10]dhcp select global ;选择全局配置模式At this time, change the ip acquisition method of PC1 to DHCP, and then the address can be obtained dynamically. Check the ip command "ipconfig"
(B)VLAN 20
[AR1]ip pool 20 ;再创建一个地址池名为20
Info:It's successful to create an IP address pool.
[AR1-ip-pool-20]network 192.168.1.160 mask 27 ;VLAN 20 的网段
[AR1-ip-pool-20]gateway-list 192.168.1.161 ;VLAN 20 的网关
[AR1-ip-pool-20]dns-list 114.114.114.114 8.8.8.8
[AR1-ip-pool-20]lease day 0
[AR1-ip-pool-20]int g0/0/0.20
[AR1-GigabitEthernet0/0/0.20]dhcp select global 
At this point, the DHCP configuration of VLAN 10 20 is completed, and each host has dynamically obtained an ip address through DHCP
2. LSW1 DHCP assigns VLAN 30 50 (interface DHCP)
(A)VLAN 30
[LSW1]dhcp enable
[LSW1]int vlan 30
[LSW1-Vlanif30]dis th ;查看当前端口配置
#
interface Vlanif30
ip address 192.168.1.33 255.255.255.224 ;已经配置了网关
#
return
[LSW1-Vlanif30]dhcp select interface ;接口模式DHCP
[LSW1-Vlanif30]dhcp server dns-list 114.114.114.114
[LSW1-Vlanif30]dhcp server lease day 0(B)VLAN 50
[LSW1-Vlanif40]int vlan 50
[LSW1-Vlanif50]dhcp select interface
[LSW1-Vlanif50]dhcp server dns-list 114.114.114.114
[LSW1-Vlanif50]dhcp server lease day 0So far, all hosts use DHCP to obtain ip
5. Routing (RIP between AR1 and LSW1)
After configuring the intercommunication between VLAN10 20 and VLAN 30 40 50 60, it is found that the upper and lower VLANs 10 20 and 30 40 50 60 are not connected, because there are no routes for other VLANs in LSW1 and AR1, and in LSW1 There is no route of VLAN10 20, and there is no route of VLAN 30 40 50 60 in AR1, so RIP dynamic routing needs to be configured so that the routing table can be exchanged between LSW1 and AR1, so that there are routes of other VLANs in them
The RIP protocol requires devices on the same network segment to exchange routing tables, so it is necessary to set the IP addresses of g0/0/1 of LSW1 and g0/0/1 of AR1 to be on the same network segment.
1. Port configuration of AR1 and LSW1
LSW1:
[LSW1]vlan batch 2 ;添加一个vlan 2
Info: This operation may take a few seconds. Please wait for a moment...done.
[LSW1]int g0/0/01
[LSW1-GigabitEthernet0/0/1]p l a ;设置g0/0/1为access口
[LSW1-GigabitEthernet0/0/1]p d v 2 ;划分到VLAN 2
[LSW1-GigabitEthernet0/0/1]q
[LSW1]int vlan 2
[LSW1-Vlanif2]ip add 192.168.1.226 30AR1:
[AR1]int g0/0/1
[AR1-GigabitEthernet0/0/1]ip add 192.168.1.225 30 ;给AR1的g0/0/1端口分配地址
[AR1-GigabitEthernet0/0/1]q2.RIP
Enable the rip protocol in LSW1 and AR1
[LSW1]rip
[LSW1-rip-1]version 2
[LSW1-rip-1]network 192.168.1.0[AR1]rip
[AR1-rip-1]version 2
[AR1-rip-1]network 192.168.1.0Use the "display ip routing-table" command to view the routing table, it can be seen that the
Use the host PC3 below to "ping" PC1 on the side of the one-arm router and find that it can be pinged.
So far, all intranet intercommunication and DHCP automatic acquisition of IP have been completed
6. NAT configuration
AR1 cannot use Router, otherwise NAT cannot be configured, and AR2240 can be used
If the Router is used
1. Please right-click the AR1 router to export the configuration, and then replace the AR2240 router
2. Use the same interface G0/0/0 as before to connect to LSW5, and G0/0/1 to connect to LSW1
3. However, the port connected to the ISP is originally E0/0/0, but there is no E0/0/0 in the AR2240, so the port with the ISP needs to be reconfigured. If it has not been set between the ISPs, it can be ignored this article
4. Then right-click to import the previous configuration file of AR1 when the router is turned off, and the DHCP, VLAN and other settings can be retained
Add a host on the other end of the ISP to simulate the host on the other end of the Internet
Simulate setting the ip of the host at the other end of the Internet to 11.11.11.1
Subnet mask 255.255.255.0
Gateway is 11.11.11.254
1. Configure Easy IP on AR1
[AR1]acl 2000
[AR1-acl-basic-2000]rule permit source 192.168.1.0 0.0.0.255
“允许出口的网段是192.168.1.0,再加上子网掩码的反码0.0.0.255”
[AR1]int g0/0/2
[AR1-GigabitEthernet0/0/2]nat outbound 2000 ;设置端口出规则为 acl 2000
Info: The NAT address pool is empty
提示NAT的地址池为空,因为还没有给e0/0/0端口添加地址
[AR1-GigabitEthernet0/0/2]ip add 222.222.222.1 24 ;给e0/0/0端口添加地址
[AR1-GigabitEthernet0/0/2]dis th ;查看端口当前配置
[V200R003C00]
#
interface GigabitEthernet0/0/2
ip address 222.222.222.1 255.255.255.0
nat outbound 2000
#
return
2.ISP
[ISP]int g0/0/0 ;进入与AR1相连的端口g0/0/0
[ISP-GigabitEthernet0/0/0]ip add 222.222.222.2 24 ;添加端口地址与AR1相连的端口处于同一网段
[ISP]int g0/0/1 ;模拟互联网中另一端口连接的主机
[ISP-GigabitEthernet0/0/1]ip add 11.11.11.254 24 ;设置与此端口相连的主机的网关地址
At this time, after the NAT configuration is completed, the AR1 route still does not know how to forward the data packets sent to the external network, that is, there is no route in the routing table, so we need to set a default route, as long as the data packets not sent to the internal network are forwarded to the default The routed interface, that is, the E0/0/0 interface of AR1, so as to achieve the purpose of connecting to the external network
3. Default route
(A) The default route of AR1
[AR1]ip route-static 0.0.0.0 0.0.0.0 222.222.222.2(B) Default route for LSW1
[LSW1]ip route-static 0.0.0.0 0.0.0.0 192.168.1.225So far, the construction of the small and medium-sized enterprise network has been completed, and the DHCP dynamic allocation of addresses, VLAN division, and NAT protocol address translation have been completed to simulate access to the external network.
7. Summary
This one-week internship has passed in a blink of an eye. In this internship, we only had superficial knowledge of network theory and several computer experiments at the beginning. In this internship, we learned about various network devices. In the installation and configuration, mastered the installation and configuration of various router switches, and in the configuration of the router, mastered the basic configuration commands of the router and various modes of the router. We will also put the Vlan division, dynamic routing configuration, switch configuration, NAT configuration and other skills we have learned into one experiment. In the experiment, the topology diagram is constructed, and the address planning and basic configuration of each experimental device are carried out, which must be carried out for each experiment. If these two steps are not done well, the various devices cannot be connected, and communication between them cannot be performed. The inability to communicate means that the various configurations behind can no longer be carried out. So constructing the network topology and planning the address to make the network connected are the basis of the experiment.
Address allocation: Use 192.168.1.0 intranet according to the given requirements, divide six vlans and need 6 subnets, occupy 3 host numbers as subnet numbers, and leave 5 host numbers, determine the start and end addresses of each network segment ip, put The first address is used as the gateway address, and the remaining hosts use DHCP to dynamically assign IP. When setting DHCP, two schemes, global and interface, are used to configure DHCP. When configuring global mode, you need to create an address pool, and set the network segment and gateway of the address pool. And subnet mask and address lease, DNS address, each vlan uses an address pool, when configuring the interface mode, you only need to enable DHCP in the interface mode on the corresponding interface or vlanif, and configure DNS and address lease. Configure the gateway and network segment, because the interface already contains the gateway and network segment information, so it can be stolen directly. In summary, the way of configuring DHCP in global mode is more cumbersome for this topology.
VLAN: When dividing VLANs to communicate with each other, a three-layer switch is used to divide vlanif, and it is known whether each port should be configured as an access port or a trunk port. The intercommunication between VLAN10 and VLAN20 uses the single-arm routing technology. ) refers to the way of configuring sub-interfaces (or "logical interfaces", there is no real physical interface) on an interface of the router to realize the interconnection between different VLANs (virtual local area networks) that were originally isolated from each other.
RIP: After configuring the intercommunication between VLAN10 20 and VLAN 30 40 50 60, it is found that the upper and lower VLANs 10 20 and 30 40 50 60 are not connected, because there are no routes for other VLANs in LSW1 and AR1. There is no route of VLAN 10 20 in LSW1, and no route of VLAN 30 40 50 60 in AR1, so RIP dynamic routing needs to be configured so that the routing table can be exchanged between LSW1 and AR1, so that they have routes of other VLANs
The content involved in the internship is relatively close to reality and has practical significance, especially the design and configuration of NAT, which is of great guiding significance for understanding the current network construction. Connect with reality. Strengthen our ability to use knowledge.