首页 > 代码库 > VLAN+VTP+STP+HSRP+ACL+NAT+OSPF综合
VLAN+VTP+STP+HSRP+ACL+NAT+OSPF综合
如图所示,使用GN3搭建网络环境,交换机间均为Trunk链路。 | |
2、配置要求: | |
2.1 | 在SW1、SW2、SW3上添加VLAN 10、VLAN 20,IP地址段分别为192.168.10.0/24和192.168.20.0。 |
2.2 | 配置SW1为VLAN 10的根网桥,SW2为VLAN 20的根网桥,实现链路的负载分担。 |
2.3 | 在SW1、SW2、R1和R2上配置OSPF路由协议,实现网络互通,Router-id使用管理IP和Loopback地址。配置Area 1为完全末梢区域,Area 2为NSSA区域,将R2的直连网段10.10.10.1重分发到OSPF区域。 |
2.4 | 为R1设置密码benet,要求只有SW3可以登录。 |
2.5 | 验证SW3可以ping通R2的Loopback0地址,验证SW3可以远程登录到R1。 |
2.6 | 在SW1和SW2上配置HSRP,SW1是VLAN 10的活跃路由器VLAN20的备份路由,SW2是VLAN 10的备份路由VLAN20的活跃路由,配置占先权和端口跟踪。 |
2.7 | R2路由器是连接互联网的设备,现希望各区域主机访问Internet,则需要在R1上进行NAT配置,以此实现共享上网 |
SW1配置
interface FastEthernet0/0
switchport mode trunk
!
interface FastEthernet0/1
no switchport
ip address 192.168.1.1 255.255.255.0
!
interface FastEthernet0/2
switchport mode trunk
!
interface FastEthernet0/3
!
interface Vlan1
no ip address
!
interface Vlan10
ip address 192.168.10.1 255.255.255.0
standby 10 ip 192.168.10.10
standby 10 priority 150
standby 10 preempt
standby 10 track FastEthernet0/1 100
!
interface Vlan20
ip address 192.168.20.1 255.255.255.0
standby preempt
standby 20 ip 192.168.20.20
!
router ospf 1
router-id 1.1.1.1
log-adjacency-changes
area 1 stub no-summary
redistribute connected subnets
network 192.168.1.0 0.0.0.255 area 0
network 192.168.10.0 0.0.0.255 area 1
network 192.168.20.0 0.0.0.255 area 1
!
no ip http server
no ip http secure-server
!
!
!
SW2配置
interface FastEthernet0/0
switchport mode trunk
!
interface FastEthernet0/1
no switchport
ip address 192.168.2.1 255.255.255.0
!
interface FastEthernet0/2
switchport mode trunk
!
!
interface Vlan1
no ip address
!
interface Vlan10
ip address 192.168.10.2 255.255.255.0
standby preempt
standby 10 ip 192.168.10.10
!
interface Vlan20
ip address 192.168.20.2 255.255.255.0
standby 20 ip 192.168.20.20
standby 20 priority 150
standby 20 preempt
standby 20 track FastEthernet0/1 100
!
router ospf 1
router-id 2.2.2.2
log-adjacency-changes
area 1 stub no-summary
network 192.168.2.0 0.0.0.255 area 0
network 192.168.10.0 0.0.0.255 area 1
network 192.168.20.0 0.0.0.255 area 1
!
no ip http server
no ip http secure-server
!
!
!
!
!
control-plane
SW3配置
interface FastEthernet0/0
switchport mode trunk
!
interface FastEthernet0/1
switchport mode trunk
!
interface FastEthernet0/2
!
interface Vlan1
no ip address
!
interface Vlan10
ip address 192.168.10.3 255.255.255.0
!
interface Vlan20
ip address 192.168.20.3 255.255.255.0
!
router ospf 1
router-id 3.3.3.3
log-adjacency-changes
area 1 stub
network 192.168.10.0 0.0.0.255 area 1
network 192.168.20.0 0.0.0.255 area 1
!
no ip http server
no ip http secure-server
!
!
!
R1配置
interface FastEthernet0/0
ip address 192.168.3.1 255.255.255.0
duplex auto
speed auto
!
interface FastEthernet0/1
ip address 192.168.1.2 255.255.255.0
duplex auto
speed auto
!
interface FastEthernet1/0
ip address 192.168.2.2 255.255.255.0
duplex auto
speed auto
!
interface FastEthernet1/1
no ip address
shutdown
duplex auto
speed auto
!
router ospf 1
router-id 4.4.4.4
log-adjacency-changes
area 2 nssa no-summary
network 192.168.1.0 0.0.0.255 area 0
network 192.168.2.0 0.0.0.255 area 0
network 192.168.3.0 0.0.0.255 area 2
!
ip classless
no ip http server
!
access-list 1 permit 192.168.10.3
access-list 1 permit 192.168.20.3
!
dial-peer cor custom
!
!
!
!
gatekeeper
shutdown
!
!
line con 0
exec-timeout 0 0
privilege level 15
logging synchronous
line aux 0
exec-timeout 0 0
privilege level 15
logging synchronous
line vty 0 4
access-class 1 in
password cisco
login
!
end
R2配置
interface Loopback0
ip address 10.10.10.1 255.255.255.0
!
interface FastEthernet0/0
ip address 192.168.3.2 255.255.255.0
duplex auto
speed auto
!
interface FastEthernet0/1
no ip address
shutdown
duplex auto
speed auto
!
router ospf 1
router-id 5.5.5.5
log-adjacency-changes
area 2 nssa no-summary
redistribute connected metric 10 subnets
redistribute static metric 10 subnets
network 192.168.3.0 0.0.0.255 area 2
default-information originate
!
ip nat pool nat 10.10.10.1 10.10.10.1 netmask 255.255.255.0
ip nat inside source list 1 pool nat overload
ip classless
no ip http server
!
access-list 1 permit any
!
dial-peer cor custom
!
!
!
!
gatekeeper
shutdown
!
!
line con 0
exec-timeout 0 0
privilege level 15
logging synchronous
line aux 0
exec-timeout 0 0
privilege level 15
logging synchronous
line vty 0 4
login
!
end
VLAN+VTP+STP+HSRP+ACL+NAT+OSPF综合