Chinaunix首页 | 论坛 | 博客
  • 博客访问: 751061
  • 博文数量: 256
  • 博客积分: 3502
  • 博客等级: 中校
  • 技术积分: 3988
  • 用 户 组: 普通用户
  • 注册时间: 2012-04-17 21:13
文章分类

全部博文(256)

文章存档

2014年(11)

2013年(134)

2012年(111)

我的朋友

分类: 系统运维

2012-07-20 14:41:03

拓扑说明:

1.R3和R4模拟客户pc,分别属于vlan10和vlan20。vlan10和vlan20 在现实中代表公司的不同部门。

2.SW1为三层交换机,SW2为二层交换机。

3.R5模拟internet,R5上有个环回口lo0:5.5.5.5/24

需求:

1.各接口如图所示。

2.各个部门直接能相互访问,同时均可以正常访问internet。

3.双网关提供冗余,并在一方出现故障时自动切换。

解决方案:

1.通过SW1的三层功能实现vlan间。

2.采用HSRP实现网关的冗余和备份。

3.在网关上做PAT。

4.内网运行RIPv2,外部运行OSPF。实现网络的全联通,并保证内部与外部的相对隔离。

配置摘要如下:

R01#sh run
!   
!        
FastEthernet0/0
ip address 172.16.12.1 255.255.255.0
ip rip advertise 5
ip nat inside
ip virtual-reassembly
speed 100
full-duplex
standby 1 ip 172.16.12.254
standby 1 priority 120
standby 1 preempt
standby 1 track Serial1/0 100
!        
!      
interface Serial1/0
ip address 10.10.15.1 255.255.255.0
ip nat outside
ip virtual-reassembly
serial restart-delay 0
dce-terminal-timing-enable
!
!        
router ospf 100
router-id 1.1.1.1
log-adjacency-changes
network 10.10.15.1 0.0.0.0 area 0
!        
router rip
version 2
timers basic 5 15 0 15
network 172.16.0.0
no auto-summary
!        
ip nat inside source list 1 interface Serial1/0 overload
!        
access-list 1 permit 192.168.0.0 0.0.255.255
!        
!    
!        
end   

///////////////////////////////////////////////////////////////////////////////////////////  

R02#sh run
!        
!
interface FastEthernet0/0
ip address 172.16.12.2 255.255.255.0
ip rip advertise 5
ip nat inside
ip virtual-reassembly
speed 100
full-duplex
standby 1 ip 172.16.12.254
standby 1 preempt
standby 1 track Serial1/0
!
!
interface Serial1/0
ip address 10.10.25.2 255.255.255.0
ip nat outside
ip virtual-reassembly
serial restart-delay 0
no dce-terminal-timing-enable
!
!
router ospf 100
router-id 2.2.2.2
log-adjacency-changes
network 10.10.25.2 0.0.0.0 area 0
!
router rip
version 2
timers basic 5 15 0 15
network 172.16.0.0
no auto-summary
!
!
ip nat inside source list 1 interface Serial1/0 overload
!
access-list 1 permit 192.168.0.0 0.0.255.255
!
!
end

/////////////////////////////////////////////////////////////////////////////////////
R03#sh run
!
no ip routing
!        
!
interface FastEthernet0/0
ip address 192.168.13.3 255.255.255.0
no ip route-cache
speed 100
full-duplex
!
!
ip default-gateway 192.168.13.254
!
!        
end
//////////////////////////////////////////////////////////////////////////////////////
R04#sh run
!
no ip routing
!
!        
!
interface FastEthernet0/0
ip address 192.168.24.4 255.255.255.0
no ip route-cache
speed 100
full-duplex
!
!
ip default-gateway 192.168.24.254
!        
end
////////////////////////////////////////////////////////////////////////////////////////
R05#sh run
!
!        
interface Loopback0                                                     //模拟internet上的某个网络节点
ip address 5.5.5.5 255.255.255.0
ip ospf network point-to-point
!
!
interface Serial1/0
ip address 10.10.15.5 255.255.255.0
serial restart-delay 0
no dce-terminal-timing-enable
!
interface Serial1/1
ip address 10.10.25.5 255.255.255.0
serial restart-delay 0
no dce-terminal-timing-enable
!
!
router ospf 100
router-id 5.5.5.5
log-adjacency-changes
network 5.5.5.5 0.0.0.0 area 0
network 10.10.15.5 0.0.0.0 area 0
network 10.10.25.5 0.0.0.0 area 0
!
!
end
////////////////////////////////////////////////////////////////////////////////////////
SW01#sh run
!
interface FastEthernet0/1
switchport access vlan 30
no ip address
duplex full
speed 100
!
!
interface FastEthernet0/3
switchport access vlan 10
no ip address
duplex full
speed 100
!
!
interface FastEthernet0/12
switchport mode trunk
no ip address
duplex full
speed 100
!
interface FastEthernet0/13
switchport mode trunk
no ip address
duplex full
speed 100
!
!
!
interface Vlan10
ip address 192.168.13.254 255.255.255.0
ip rip advertise 5
!
interface Vlan20
ip address 192.168.24.254 255.255.255.0
ip rip advertise 5
!
interface Vlan30                                             // vlan30的设置至关重要,它保证了内部客户机和网关之间
ip address 172.16.12.123 255.255.255.0    // 的连通性。
ip rip advertise 5
!
router rip                                                     // RIP用于内部网络联通。
version 2
timers basic 5 15 0 15
network 172.16.0.0
network 192.168.13.0
network 192.168.24.0
no auto-summary
!
ip route 0.0.0.0 0.0.0.0 172.16.12.254       // 将内部流量引向网关
!
!
end
    
///////////////////////////////////////////////////////////////////////////////////////////  

SW02#sh run
!
no ip routing
!
!
interface FastEthernet0/2
switchport access vlan 30
no ip address
duplex full
speed 100
!
!        
interface FastEthernet0/4
switchport access vlan 20
no ip address
duplex full
speed 100
!
!
interface FastEthernet0/12
switchport mode trunk
no ip address
duplex full
speed 100
!
interface FastEthernet0/13
switchport mode trunk
no ip address
duplex full
speed 100
!        
!
!
!
end

阅读(1312) | 评论(0) | 转发(0) |
给主人留下些什么吧!~~