1.请在HF- S3152TP-0、HF-S5626C-0和BZ-S3152TP-0等3台交换机上完成VLAN划分,并按上表要求配置有关设备互联端口的Trunk工作模式的设置和允许相应VLAN通过..
1. [HF-S3152TP-0] VLAN 10
[HF-S3152TP-0-VLAN 10] DESC RENSHI-XIGZHENG-CAIWUBU [HF-S3152TP-0-VLAN 10] PORT E1/0/1 TO E1/0/24 [HF-S3152TP-0-VLAN 10] QUIT [HF-S3152TP-0]VLAN 20
[HF-S3152TP-0-VLAN 20] PORT E1/0/24 TO E1/0/48
[HF-S3152TP-0-VLAN 20] DESC XIAOSHOU-SHOUHOUFUWUBU [HF-S3152TP-0-VLAN 20] QUIT
[HF-S3152TP-0] IP ROUTE-STATIC 0.0.0.0 0.0.0.0 192.168.0.65
[HF-S5626C-0] VLAN 30
[HF-S5626C-0- VLAN 30] DESC FUWUQUVLAN [HF-S5626C-0- VLAN 30] PORT G1/0/3 TO G1/0/16 [HF-S5626C-0- VLAN 30] QUIT [HF-S5626C-0] VLAN 40
[HF-S5626C-0-VLAN 40] DESC HULIANVLAN
[BZ-S3152TP-0] INT VLAN 1
[BZ-S3152TP-0-VLA N-INTERFACE01]IP ADDRESS 192.168.2.250
24
[HF-S3152TP-0] INT G1/1/1
[HF-S3152TP-0-G1/1/1] PORT LINK-TYPE TRUNK
[HF-S3152TP-0-G1/1/1] PORT TRUNK PERMIT VLAN 10 20 30 40 1
[HF-S5626C-0]INT G1/0/1
[HF-S5626C-0-G1/0/1] PORT LINK-TYPE TRUNK [HF-S5926c-0-G1/0/1] PORT TRUNK PERMIT VLAN ALL [HF-S5626C-0]INT G1/0/2
[HF-S5626C-0-G1/0/2] PORT LINK-TYPE TRUNK
[HF-S5626C-0-G1/0/2] PORT TRUNK PERMIT VLAN ALL [BZ-S31525P-0]INT G1/1/1
[BZ-S31525P-0 -G1/1/1 ] PORT LINK-TYPE TRUNK
[BZ-S31525P-0 G1/1/1 ] PORT TRUNK PERMIT VLAN ALL 1.
2. 在核心交换机上配置实现VALN间的路由
[HF- S5626C -0-VLAN- INTERFACE 10] IP ADDRESS 192.168.1.1 26 [HF- S5626C -0-VLAN- INTERFACE 20] IP ADDRESS 192.168.1.129 26 [HF-S5626C-0- VLAN -INTERFACE 30] IP ADDRESS 192.168.0.129 26 [HF-S5626C-0-VLAN-INTERFACE 40] IP ADDRESS 192.168.0.1 30 [HF-S5626C-0-VLAN-INTERFACE 1] IP ADDRESS 192.168.0.65 29 3.在公司总部和分公司实现DHCP,办公计算机可以自动获取IP地址
1)总部HF-S5626C-0交换机作为DHCP Server,DNS服务器地址为202.102.192.68,VLAN10网关地址:192.168.1.1,Vlan20网关地址:192.168.1.129
2) 分公司BZ-MSR2020-0路由器作为DHCP Server,DNS服务器地址为202.102.192.68,VLAN1网关地址:192.168.2.254 3-1:
[HF-S5626C-0] DHCP ENABLE
[HF-S5626C-0] DHCP SERVER IP-POOL VLAN10
[HF-S5626C-0 -DHCP -POOL -VLAN10] NETWORK 192.168.1.0 MASK 255.255.255.192
[HF-S5626C-0 -DHCP -POOL -VLAN10] GATEAY-LIST 192.168.1.1 [HF-S5626C-0 -DHCP -POOL -VLAN10] DNS-LIST 202.102.192.68 [HF-S5626C-0 -DHCP -POOL -VLAN10] QUIT [HF-S5626C-0] DHCP SERVER IP-POOL VLAN20
[HF-S5626C-0 -DHCP -POOL –VLAN20] NET WORK 192.168.1.128 MASK 255.255.255.192
[HF-S5626C-0 -DHCP -POOL –VLAN20] GATEAY-LIST 192.168.1.129 [HF-S5626C-0 -DHCP -POOL –VLAN20] DNS-LIST 202.102.192.68 [HF-S5626C-0] DHCP SERVR FORBIDDEN-IP 192.168.1.1 [HF-S5626C-0] DHCP SERVR FORBIDDEN-IP 192.168.1.129 [HF-S5626C-0]DHCP SELECT GLOBAL ALL 3-2:
[BZ-MSR2020-0]INT E0/0
[BZ-MSR2020-0-E0/0 ]IP ADDRESS 192.168.2.254 24 [BZ-MSR2020-0-E0/0 ]QUIT [BZ-MSR2020-0 ]DHCP ENABLE
[BZ-MSR2020-0 ]DHCP SERVER IP-POOL VLA1
[BZ-MSR2020-0 DHCP -POOL -VLA1] NETWORK 192.168.2.0 MASK 255.255.255.0
[BZ-MSR2020-0 DHCP -POOL -VLA1] GATEWAY-LIST 192.168.2.254 [BZ-MSR2020-0 DHCP -POOL -VLA1]DNS-LIST 202.102.192.68 [BZ-MSR2020-0 DHCP -POOL -VLA1]QUIT
[BZ-MSR2020-0] DHCP SERVER FORBIDEN-IP 192.168.2.254 [BZ-MSR2020-0] DHCP SERVER FORBIDEN-IP 192.168.2.250
[BZ-S3152tp0-0] IP ROUT-STATIC 0.0.0.0 0.0.0.0 192.168.2.254 4.广域网及路由部署
1)在总部路由器与分公司路由器上配置PPP协议, 建立MP-Group组,实现路由器之间通过S1/0及S1/1端口远程互联,两端地址分别为192.168.0.13/30 和192.168.0.14/30
2)按照拓扑结构图及所给地址,用OSPF协议,实现网络路由。 4-1:
[HF-MSR3020-0]int mp-group0
[HF-MSR3020-0-mp-group 0]link-protocol ppp
[HF-MSR3020-0-mp-group 0]ip address 192.168.0.13 30
[HF-MSR3020-0-mp-group 0]int s1/0
[HF-MSR3020-0- Serial1/0] ppp mp mp-group 0 [HF-MSR3020-0- Serial1/0]int s1/1
[HF-MSR3020-0- Serial1/1] ppp mp mp-group 0 [BZ-MSR2020-0]int mp-group0
[BZ-MSR2020-0-mp-group 0]link-protocol ppp
[BZ-MSR2020-0-mp-group 0]ip address 192.168.0.14 30 [BZ-MSR2020-0-mp-group 0]int s1/0
[BZ-MSR2020-0- Serial1/0] ppp mp mp-group 0 [BZ-MSR2020-0- Serial1/0]int s1/1
[BZ-MSR2020-0- Serial1/1] ppp mp mp-group 0 4-2:
[HF-S5626C-0] Router id 192.168.0.65 [HF-S5626C-0]ospf
[HF-S5626C-0- ospf-1] Area 1
[HF-S5626C-0- ospf-1- Area -0.0.0.1]net 192.168.1.0 0.0.0.63 [HF-S5626C-0- ospf-1- Area -0.0.0.1]net 192.168.1.128 0.0.0.63 [HF-S5626C-0- ospf-1- Area -0.0.0.1]net 192.168.0.65 0.0.0.7
[HF-F100M-0]INT LOOPBACK 0
[HF-F100M-0- LOOPBACK 0] IP ADDRESS 192.168.0.74 32 [HF-F100M-0- LOOPBACK 0] QUIT
[HF-F100M-0] ROUTER ID 192.168.0.74 [HF-F100M-0]OSPF
[HF-F100M-0-OSPF-1] AREA 1
[HF-F100M-0-OSPF-1- Area -0.0.0.1] NET 192.168.0.6 0.0.0.3 [HF-F100M-0-OSPF-1- Area -0.0.0.1] NET 192.168.0.74 0.0.0.0
[HF-MSR3020-0]INT LOOPBACK 0
[HF-MSR3020-0- LOOPBACK 0] IP ADDRESS 192.168.0.73 32 [HF-MSR3020-0- LOOPBACK 0]QUIT [HF-MSR3020-0]ROUTER ID 192.168.0.73 [HF-MSR3020-0]OSPF
[HF-MSR3020-0-OSPF-1] AREA 1
[HF-MSR3020-0-OSPF-1- Area -0.0.0.1]NET 192.168.0.1 0.0.0.3 [HF-MSR3020-0-OSPF-1- Area -0.0.0.1]NET 192.168.0.5 0.0.0.3 [HF-MSR3020-0-OSPF-1- Area -0.0.0.1]NET 192.168.0.73 0.0.0.0
[HF-MSR3020-0-OSPF-1- Area -0.0.0.1]QUIT’ [HF-MSR3020-0-OSPF-1]AREA 0
[HF-MSR3020-0-OSPF-1- Area -0.0.0.0]NET 192.168.0.13 0.0.0.3 [HF-MSR3020-0-OSPF-1- Area -0.0.0.0]NET 192.168.0.73 0.0.0.0
[BZ-MSR2020-0]INT LOOPBACK 0
[BZ-MSR2020-0-LOOPBACK 0]IP ADDRESS 192.168.0.75 32 [BZ-MSR2020-0-LOOPBACK 0]QUIT [BZ-MSR2020-0] ROUTER ID 192.168.0.75 [BZ-MSR2020-0]OSPF
[BZ-MSR2020-0-OSPF-1]AREA 0
[BZ-MSR2020-0-OSPF-1- Area -0.0.0.0]NET 192.168.0.14 0.0.0.3 [BZ-MSR2020-0-OSPF-1- Area -0.0.0.0]NET 192.168.0.75 0.0.0.0 [BZ-MSR2020-0-OSPF-1- Area -0.0.0.0]QUIT [BZ-MSR2020-0-OSPF-1]AREA 2
[BZ-MSR2020-0-OSPF-1- Area -0.0.0.2] NET 192.168.2.0 0.0.0.255 [BZ-MSR2020-0-OSPF-1- Area -0.0.0.2] NET 192.168.0.75 0.0.0.0
5: 在防火墙上配置默认路由、实现NAT及服务器发布
[HF-F100M-0]ip route-static 0.0.0.0 0.0.0.0 218.22.21.168 [HF-F100M-0]firewall zone trust [HF-F100M-0-zone –trust]add int e1/0 [HF-F100M-0-zone –trust]quit [HF-F100M-0]firewall zone untrust [HF-F100M-0-zone –untrust] add int e2/0 [HF-F100M-0-zone –untrust]quit
[HF-F100M-0]firewall packet-filter default permit [HF-F100M-0-basic-2000]acl number 2000
[HF-F100M-0-basic-2000]rule 0 permit [HF-F100M-0-basic-2000]Quit [HF-F100M-0]int e2/0
[HF-F100M-0-e2/0]nat outbound 2000
[HF-F100M-0-e2/0]nat server protocol tcp global 218.22.21.169 80 inside [HF-F100M-0-e2/0]nat server protocol tcp global 218.22.21.169 8080 inside 192.168.0.131 80
192.168.0.130 8080
