企业项目拓扑3

某知名企业及运营商网络拓扑图如下：

企业项目要如下：

实验要求：
1.如图所示蓝色区域为企业内网，红色区域为供应商网络；
2.运行MSTP协议，使得VLAN流量 负载均衡；
3.SW1为vlan 10和20的主网关，SW1为30和40的备份网关；
4.SW2为vlan 30和40的主网关，SW2为10和20的备份网关；
5.DHCP 服务器在vlan 66，网关在SW2上面；
6.企业内网运行静态路由协议或者OSPF路由协议；
7.所有PC机自动获取ip地址且可以与Server1互相ping通；
8.Client1仅可以访问Server1的www服务；
9.企业内网设备仅允许被IT部门远程管理。

第一步：配置基础网络；

SW1配置如下：
sysname SW1
vlan batch 10 20 30 40 66 100
interface GigabitEthernet 0/0/1
port link-type trunk
port trunk allow-pass vlan all
interface GigabitEthernet 0/0/2
port link-type trunk
port trunk allow-pass vlan all
interface GigabitEthernet 0/0/3
port link-type trunk
port trunk allow-pass vlan all
interface GigabitEthernet 0/0/4
port link-type access
port default vlan 100
interface Vlanif 100
ip address 192.168.100.2 24
interface Vlanif 66
ip address 192.168.66.251 24
quit
SW2配置如下：
sysname SW2
vlan batch 10 20 30 40 66 200
interface GigabitEthernet 0/0/1
port link-type trunk
port trunk allow-pass vlan all
interface GigabitEthernet 0/0/2
port link-type trunk
port trunk allow-pass vlan all
interface GigabitEthernet 0/0/3
port link-type trunk
port trunk allow-pass vlan all
interface GigabitEthernet 0/0/4
port link-type access
port default vlan 200
interface Vlanif 200
ip address 192.168.200.2 24
interface GigabitEthernet 0/0/5
port link-type access
port default vlan 66
interface Vlanif 66
ip address 192.168.66.252 24
quit
SW3配置如下
sysname SW3
vlan batch 10 20 30 40
interface Ethernet0/0/1
port link-type trunk
port trunk allow-pass vlan all
interface Ethernet0/0/2
port link-type trunk
port trunk allow-pass vlan all
interface Ethernet0/0/3
port link-type access
port default vlan 10
interface Ethernet0/0/4
port link-type access
port default vlan 20
interface Ethernet0/0/5
port link-type trunk
port trunk allow-pass vlan all
quit
SW4配置如下：
sysname SW4
vlan batch 10 20 30 40
interface Ethernet0/0/1
port link-type trunk
port trunk allow-pass vlan all
interface Ethernet0/0/2
port link-type trunk
port trunk allow-pass vlan all
interface Ethernet0/0/3
port link-type access
port default vlan 30
interface Ethernet0/0/4
port link-type access
port default vlan 40
interface Ethernet0/0/5
port link-type trunk
port trunk allow-pass vlan all
quit
R1配置如下：
sysname R1
interface g0/0/0
ip address 192.168.100.1 24
interface g0/0/1
ip address 192.168.200.1 24
interface g0/0/2
ip address 100.1.1.2 24
quit
R2配置如下：
sysname R2
interface g0/0/0
ip address 100.1.1.1 24
interface g0/0/1
ip address 200.1.1.254 24
quit
DHCP
sysname DHCP
dhcp enable
interface g0/0/0
ip address 192.168.66.1 24
quit

第二步：配置接入层网络；
配置STP 

SW1
stp region-configuration
region-name ntd
instance 12 vlan 10 20
instance 34 vlan 30 40
active region-configuration
quit
stp instance 12 priority 4096
stp instance 34 priority 8192
SW2
stp region-configuration
region-name ntd
instance 12 vlan 10 20
instance 34 vlan 30 40
active region-configuration
quit
stp instance 12 priority 8192
stp instance 34 priority 4096
SW3
stp region-configuration
region-name ntd
instance 12 vlan 10 20
instance 34 vlan 30 40
active region-configuration
quit
SW4
stp region-configuration
region-name ntd
instance 12 vlan 10 20
instance 34 vlan 30 40
active region-configuration
quit

第三步：配置汇聚层网络；

配置VRRP
SW1
interface Vlanif10
ip address 192.168.10.251 255.255.255.0
vrrp vrid 10 virtual-ip 192.168.10.250
vrrp vrid 10 priority 200
interface Vlanif20
ip address 192.168.20.251 255.255.255.0
vrrp vrid 20 virtual-ip 192.168.20.250
vrrp vrid 20 priority 200
interface Vlanif30
ip address 192.168.30.251 255.255.255.0
vrrp vrid 30 virtual-ip 192.168.30.250
interface Vlanif40
ip address 192.168.40.251 255.255.255.0
vrrp vrid 40 virtual-ip 192.168.40.250
SW2
interface Vlanif10
ip address 192.168.10.252 255.255.255.0
vrrp vrid 10 virtual-ip 192.168.10.250
interface Vlanif20
ip address 192.168.20.252 255.255.255.0
vrrp vrid 20 virtual-ip 192.168.20.250
interface Vlanif30
ip address 192.168.30.252 255.255.255.0
vrrp vrid 30 virtual-ip 192.168.30.250
vrrp vrid 30 priority 200
interface Vlanif40
ip address 192.168.40.252 255.255.255.0
vrrp vrid 40 virtual-ip 192.168.40.250
vrrp vrid 40 priority 200
验证查看VRRP配置：
SW1

SW2

配置DHCP
SW1
dhcp enable
interface Vlanif 10
dhcp select relay
dhcp relay server-ip 192.168.66.1
interface Vlanif 20
dhcp select relay
dhcp relay server-ip 192.168.66.1
interface Vlanif 30
dhcp select relay
dhcp relay server-ip 192.168.66.1
interface Vlanif 40
dhcp select relay
dhcp relay server-ip 192.168.66.1
SW2
dhcp enable
interface Vlanif 10
dhcp select relay
dhcp relay server-ip 192.168.66.1
interface Vlanif 20
dhcp select relay
dhcp relay server-ip 192.168.66.1
interface Vlanif 30
dhcp select relay
dhcp relay server-ip 192.168.66.1
interface Vlanif 40
dhcp select relay
dhcp relay server-ip 192.168.66.1
配置DHCP
SW1
dhcp enable
interface Vlanif 10
dhcp select relay
dhcp relay server-ip 192.168.66.1
interface Vlanif 20
dhcp select relay
dhcp relay server-ip 192.168.66.1
interface Vlanif 30
dhcp select relay
dhcp relay server-ip 192.168.66.1
interface Vlanif 40
dhcp select relay
dhcp relay server-ip 192.168.66.1
SW2
dhcp enable
interface Vlanif 10
dhcp select relay
dhcp relay server-ip 192.168.66.1
interface Vlanif 20
dhcp select relay
dhcp relay server-ip 192.168.66.1
interface Vlanif 30
dhcp select relay
dhcp relay server-ip 192.168.66.1
interface Vlanif 40
dhcp select relay
dhcp relay server-ip 192.168.66.1
DHCP
interface g0/0/0
dhcp select global
ip pool p1
gateway-list 192.168.10.250
network 192.168.10.0 mask 255.255.255.0
excluded-ip-address 192.168.10.251 192.168.10.252
dns-list 8.8.8.8
ip pool p2
gateway-list 192.168.20.250
network 192.168.20.0 mask 255.255.255.0
excluded-ip-address 192.168.20.251 192.168.20.252
dns-list 8.8.8.8
ip pool p3
gateway-list 192.168.30.250
network 192.168.30.0 mask 255.255.255.0
excluded-ip-address 192.168.30.251 192.168.30.252
dns-list 8.8.8.8
ip pool p4
gateway-list 192.168.40.250
network 192.168.40.0 mask 255.255.255.0
excluded-ip-address 192.168.40.251 192.168.40.252
dns-list 8.8.8.8

第四步：配置核心层网络；

配置OSPF
R1配置：
ospf 1
area 0
network 192.168.100.0 0.0.0.255
network 192.168.200.0 0.0.0.255
default-route-advertise always
quit
quit
ip route-static 0.0.0.0 0.0.0.0 100.1.1.1
SW1配置：
ospf 1
area 0
network 192.168.100.0 0.0.0.255
area 10
network 192.168.10.0 0.0.0.255
area 20
network 192.168.20.0 0.0.0.255
area 30
network 192.168.30.0 0.0.0.255
area 40
network 192.168.40.0 0.0.0.255
area 66
network 192.168.66.0 0.0.0.255
stub no-summary
quit
quit
SW2配置：
ospf 1
area 0
network 192.168.10.0 0.0.0.255
area 10
network 192.168.10.0 0.0.0.255
area 20
network 192.168.20.0 0.0.0.255
area 30
network 192.168.30.0 0.0.0.255
area 40
network 192.168.40.0 0.0.0.255
area 66
network 192.168.66.0 0.0.0.255
stub no-summary
quit
quit
stp instance 0 root primary
DHCP
ospf 1
area 66
network 192.168.66.0 0.0.0.255
stub
quit
quit
配置NAT和ACL
R1
acl number 3000
rule 10 permit tcp source 192.168.20.0 0.0.0.255 destination 200.1.1.1 0 destin
ation-port eq www
rule 15 deny ip source 192.168.20.0 0.0.0.255 destination 200.1.1.1 0
rule 20 permit ip
interface GigabitEthernet0/0/2
nat outbound 3000
acl number 2000
rule 10 permit source 192.168.10.0 0.0.0.255
interface GigabitEthernet0/0/2
acl 2000 inbound
quit
user-interface vty 0 4
acl 2000 inbound
authentication-mode password
123
user privilege level 15

第五步：进行验证。

验证PC自动获取ip地址，且可以ping通server1服务器：

验证Client1可以访问Server1的www服务，但不可以ping通服务器

 至此项目配置并验证成功。。。。。。