PS:本人正在學習HCIP中,想到一個典型的園區網絡就自己用ENSP搭建了一個典型拓撲分享給大家一起學習
拓撲圖如下:
要求已經寫在拓撲結構下下方文本框中請自行查看!
配置如下(沒有專門的命令插入我就直接用C#的插入命令了):
以下按順序從SW1的核心層、SW2和SW3的匯聚層、SW4-SW6的接入層分別做了配置,由於接入層配置較為簡單我就把SW4-SW6的配置做到一個代碼段落中了!
sys sys sw1 dhcp enable stp mode mstp vlan batch 10 20 30 100 int vlanif 10 ip add 192.168.10.254 24 int vlanif 20 ip add 192.168.20.254 24 int vlanif 30 ip add 192.168.30.254 24 int vlanif 100 ip add 100.1.1.100 8 qu ip route-static 0.0.0.0 0 100.1.1.101 ip pool vlan10 network 192.168.10.0 mask 24 gateway-list 192.168.10.10 dns-list 114.114.114.114 excluded-ip-address 192.168.10.1 192.168.10.9 ip pool vlan20 network 192.168.20.0 mask 24 gateway-list 192.168.20.10 dns-list 114.114.114.114 excluded-ip-address 192.168.20.1 192.168.20.9 ip pool vlan30 network 192.168.30.0 mask 24 gateway-list 192.168.30.10 dns-list 114.114.114.114 excluded-ip-address 192.168.30.1 192.168.30.9 int vlanif 10 dhcp select global int vlanif 20 dhcp select global int vlanif 30 dhcp select global int g0/0/4 p l t p t a vlan 10 20 30 int g0/0/6 p l t p t a vlan 10 20 30
sys sys sw2 stp mode mstp int eth-trunk 1 mode lacp max active-linkn 2 lacp preempt enable lacp priority 1 int g0/0/21 eth-trunk 1 int g0/0/22 eth-trunk 1 int g0/0/23 eth-trunk 1 int g0/0/24 eth-trunk 1 vlan batch 10 20 30 int vlanif 10 ip add 192.168.10.1 24 vrrp vrid 10 virtual-ip 192.168.10.10 vrrp vrid 10 pri 200 int vlanif 20 ip add 192.168.20.1 24 vrrp vrid 20 virtual-ip 192.168.20.10 vrrp vrid 20 pri 200 int vlanif 30 ip add 192.168.30.1 24 vrrp vrid 30 virtual-ip 192.168.30.10 int g0/0/4 p l t p t a vlan 10 20 30 int g0/0/3 p l t p t a vlan 10 int g0/0/5 p l t p t a vlan 20 int g0/0/10 p l t p t a vlan 30 int eth-trunk 1 p l t p t a vlan 10 20 30 qu stp region-configuration region-name sw2 revision-level 1 instance 1 vlan 10 instance 2 vlan 20 instance 3 vlan 30 stp instance 1 root primary stp instance 2 root primary stp instance 3 root sec stp priority 0 ip route-s 0.0.0.0 192.168.10.254 ip route-s 0.0.0.0 192.168.20.254 ip route-s 0.0.0.0 192.168.30.254
sys sys sw3 stp mode mstp int eth-trunk 1 mode lacp max active-linkn 2 lacp preempt enable int g0/0/21 eth-trunk 1 int g0/0/22 eth-trunk 1 int g0/0/23 eth-trunk 1 int g0/0/24 eth-trunk 1 vlan batch 10 20 30 int vlanif 10 ip add 192.168.10.2 24 vrrp vrid 10 virtual-ip 192.168.10.10 int vlanif 20 ip add 192.168.20.2 24 vrrp vrid 20 virtual-ip 192.168.20.10 int vlanif 30 ip add 192.168.30.2 24 vrrp vrid 30 virtual-ip 192.168.30.10 vrrp vrid 30 pri 200 int g0/0/5 p l t p t a vlan 10 20 30 int g0/0/10 p l t p t a vlan 10 int g0/0/6 p l t p t a vlan 20 int g0/0/3 p l t p t a vlan 30 int eth-trunk 1 p l t p t a vlan 10 20 30 qu stp region-configuration region-name sw3 revision-level 1 instance 1 vlan 10 instance 2 vlan 20 instance 3 vlan 30 stp instance 1 root sec stp instance 2 root sec stp instance 3 root primary ip route-s 0.0.0.0 192.168.10.254 ip route-s 0.0.0.0 192.168.20.254 ip route-s 0.0.0.0 192.168.30.254
sw4: sys sys sw4 stp mode mstp vlan batch 10 20 30 int g0/0/3 p l t p t a vlan 10 int g0/0/10 p l t p t a vlan 10 int g0/0/1 p l t p t a vlan 10 20 30 int g0/0/2 p l a p d vlan 10 stp edged-port enable sw5: sys sys sw5 stp mode mstp vlan batch 10 20 30 int g0/0/5 p l t p t a vlan 20 int g0/0/6 p l t p t a vlan 20 int g0/0/1 p l t p t a vlan 10 20 30 int g0/0/2 p l t p t a vlan 10 20 30 int g0/0/3 p l a p d vlan 20 stp edged-port enable sw6: sys sys sw6 stp mode mstp vlan batch 10 20 30 int g0/0/3 p l t p t a vlan 30 int g0/0/10 p l t p t a vlan 30 int g0/0/2 p l t p t a vlan 10 20 30 int g0/0/1 p l a p d vlan 30 stp edged-port enable
下面是較為簡單的驗證:
以上是對典型園區網絡的拓撲規划及其詳細配置,可以用到一些實際的網絡環境中,在此說明一下我的設計有些缺陷,特別是DHCP那里網關和核心交換機用的是不同IP這是因為VRRP那里的緣故其實也大可不必這樣!所以我在后續SW2和SW3中分別加入了上行核心層的默認路由!
關於邊緣端口我圖省事除了上行鏈路以外只做了PC對應的端口的邊緣端口配置未把除上行端口以外的所有端口做為邊緣端口這個配置很簡單一個是全局一個是詳細端口下配置我就不做過多演示了!
注意一點做VRRP的主備的時候最好把VRRP的master角色與MSTP的主根橋做成同一台交換機這樣做的好處是避免鏈路或者設備出現故障時產生不必要的次優路徑!
路由器沒有做過多的配置就做了一條默認路由以及配置了地址,也就是為了一個簡單的驗證而已把它看做外網或者運營商網絡就行!
此設計較為簡單,但是可以作為一個標准化的園區網絡的設計,有學生做網絡相關畢業設計或者有人在規划園區網絡時可以參考一下,后續我還會在這個拓撲的基礎上添加更多的安全以及路由的一些設計進去!