总结:
问题分析
项目需求
项目技术
技术内容
命令操作
1.一层技术
2.二层技术
3.三层技术
1.中继
2.生成树协议
3.以太通道
4.三层交换
5.HSRP
6.RIP协议
7.NAT
网络结构层次
接入层:用于将终端设备接入网络
汇聚层:用于VLAN间通信,路由用户数据到外网
核心层:连接外网
- 案例1:配置目前网络环境
- 案例2:项目阶段练习
1 案例1:配置目前网络环境
1.1 问题
一家新创建的IT公司,公司位于北京有80多台服务器
目前网络环境使用技术,通过端口映射技术将web服务器发布给Internet:
- 三层交换:汇聚接入层交换机
- 默认路由:实现到互联网数以万计网络访问的简化配置
- 静态路由:实现公司内部网络互通
- NAT端口映射:实现企业内部Web服务器的发布
1.2 方案
通过端口映射技术将web服务器发布给Internet,公司现有网络环境拓扑如图-1所示:
图-1
现有网络连接说明如表-1所示:
表-1 网络连接说明
1.3 步骤
实现此案例需要按照如下步骤进行。
步骤一:根据表-1为设备配置IP地址,并为三层交换机开启路由功能
1)MS1配置vlan1与f0/1接口的IP地址并开启路由功能
Switch(config)#hostname MS1MS1(config)#ip routing MS1(config)#interface vlan 1MS1(config-if)#ip address 192.168.1.252 255.255.255.0MS1(config-if)#no shutdown MS1(config-if)#exitMS1(config-if)#interface fastEthernet 0/1MS1(config-if)#no switchportMS1(config-if)#ip address 192.168.2.1 255.255.255.0MS1(config-if)#no shutdown
步骤二:为路由器配置IP地址,添加接口模块
1)为路由器添加接口模块并进入路由器接口配置IP地址
Router(config)#hostname R1R1(config)#interface fastEthernet 0/0R1(config-if)#ip address 192.168.2.2 255.255.255.0R1(config-if)#no shutdownR1(config-if)#exitR1(config)#interface fastEthernet 1/0R1(config-if)#ip address 61.159.62.129 255.255.255.248R1(config-if)#no shutdown
步骤三:配置MS1和路由器的静态路由
MS1(config-if)#ip route 0.0.0.0 0.0.0.0 192.168.2.2R1(config)#ip route 192.168.1.0 255.255.255.0 192.168.2.1
步骤四:测试server1与R1接口IP的连通性
PC>ping 192.168.2.2Pinging 192.168.2.2 with 32 bytes of data:Reply from 192.168.2.2: bytes=32 time=0ms TTL=254Reply from 192.168.2.2: bytes=32 time=0ms TTL=254Reply from 192.168.2.2: bytes=32 time=0ms TTL=254Reply from 192.168.2.2: bytes=32 time=1ms TTL=254Ping statistics for 192.168.2.2:: Sent = 4, Received = 4, Lost = 0 (0% loss),Approximate round trip times in milli-seconds:= 0ms, Maximum = 1ms, Average =PC>ping 61.159.62.129Pinging 61.159.62.129 with 32 bytes of data:Reply from 61.159.62.129: bytes=32 time=1ms TTL=254Reply from 61.159.62.129: bytes=32 time=0ms TTL=254Reply from 61.159.62.129: bytes=32 time=2ms TTL=254Reply from 61.159.62.129: bytes=32 time=0ms TTL=254Ping statistics for 61.159.62.129:: Sent = 4, Received = 4, Lost = 0 (0% loss),Approximate round trip times in milli-seconds:= 0ms, Maximum = 2ms, Average =
步骤五:R1配置端口映射
R1(config)#ip nat inside source static tcp 192.168.1.8 80 61.159.62.131 80R1(config)#interface fastEthernet 0/0R1(config-if)#ip nat insideR1(config)#interface f1/0R1(config-if)#ip nat outside
步骤六:在PC7上查看是映射结果,如图-2所示
图-2
2 案例2:项目阶段练习
2.1 问题
现有网络问题分析:
- 接入层交换机只与同一个三层交换机相连,存在单点故障而影响网络通信。
- 互联网连接单一服务商
现有网络需求:
- 随着企业发展,为了保证网络的高可用性,需要使用很多的冗余技术。
- 保证局域网络不会因为线路故障而导致的网络故障。
- 保证客户端机器不会因为使用单一网关而出现的单点失败。
- 保证到互联网的高可用接入使用冗余互联网连接。
- 提高网络链路带宽。
2.2 方案
基于项目的需求,需要用到如下技术:
- STP:解决二层环路带来的广播风暴并链路冗余问题
- 以太网通道:提高网络链路带宽
- RIP路由协议:实现网络路径的自动学习
- HSRP:实现网关冗余
重新规划后的网络拓扑如图-3:
图-3
重新规划后网络连接说明如表-2与表-3所示:
表-2 网络连接说明
表-3 网络连接说明(续)
2.3 步骤
实现此案例需要按照如下步骤进行。
步骤一:静态路由升级动态路由。
1)R1删除静态路由并配置rip
R1(config)#no ip route 192.168.1.0 255.255.255.0 192.168.2.1R1(config)#router rip R1(config-router)#version 2R1(config-router)#no auto-summary R1(config-router)#network 192.168.2.0R1(config-router)#default-information originate
2)MS1上删除静态路由并配置rip
MS1(config)#no ip route 0.0.0.0 0.0.0.0 192.168.2.2MS1(config)#router rip MS1(config-router)#version 2MS1(config-router)#no auto-summary MS1(config-router)#network 192.168.1.0MS1(config-router)#network 192.168.2.0
3)在MS1上查看路由表
MS1#show ip route
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B -D - EIGRP, EX - EIGRP external, O - OSPF, IA -N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2E1 - OSPF external type 1, E2 - OSPF external type 2, E -i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area* - candidate default, U - per-user static route, o -P - periodic downloaded staticGateway of last resort is 192.168.2.2 to network 0.0.0.0C 192.168.1.0/24 is directly connected,C 192.168.2.0/24 is directly connected, FastEthernet0/1R* 0.0.0.0/0 [120/1] via 192.168.2.2, 00:00:01, FastEthernet0/1
步骤二:配置SW1、SW2、SW3、SW4与MS1的接口为Trunk模式并做以太网通道。
1)SW1、SW2、SW3、SW4上做与MS1之间的trunk与以太网通道
Switch(config)#hostname SW1SW1(config)#interface range fastEthernet 0/5-6SW1(config-if-range)#switchport mode trunk SW1(config-if-range)#channel-group 1
Switch(config)#hostname SW2SW2(config)#interface range fastEthernet 0/7-8SW2(config-if-range)#switchport mode trunk SW2(config-if-range)#channel-group 2
Switch(config)#hostname SW3SW3(config)#interface range fastEthernet 0/9-10SW3(config-if-range)#switchport mode trunk SW3(config-if-range)#channel-group 3
Switch(config)#hostname SW4SW4(config)#interface range fastEthernet 0/11-12SW4(config-if-range)#switchport mode trunk SW4(config-if-range)#channel-group 4
2)MS1与SW1、SW2、SW3、SW4之间做以太网通道并启用trunk
MS1(config)#interface range fastEthernet 0/5-6
MS1(config-if-range)#switchport trunk encapsulation dot1q
MS1(config-if-range)#switchport mode trunk
MS1(config-if-range)#channel-group 1 mode on
MS1(config-if-range)#exit
MS1(config-if-range)#interface range fastEthernet 0/7-8
MS1(config-if-range)#switchport trunk encapsulation dot1q
MS1(config-if-range)#channel-group 2 mode on
MS1(config-if-range)#switchport mode trunk
MS1(config-if-range)#exit
MS1(config-if-range)#interface range fastEthernet 0/9-10
MS1(config-if-range)#switchport trunk encapsulation dot1q
MS1(config-if-range)#switchport mode trunk
MS1(config-if-range)#channel-group 3 mode on
MS1(config-if-range)#exit
MS1(config-if-range)#interface range fastEthernet 0/11-12
MS1(config-if-range)#switchport trunk encapsulation dot1q
MS1(config-if-range)#switchport mode trunk on
MS1(config-if-range)#channel-group 4 mode on
步骤三:添加MS2并配置与MS1、SW1、SW2、SW3、SW4之间的太网通道。
1)在MS1上配置与MS2的以太网通道
MS1(config)#interface range fastEthernet 0/13-15MS1(config-if-range)#channel-group 5MS1(config-if-range)#switchport trunk encapsulation dot1q MS1(config-if-range)#switchport mode trunk
2)在MS2并配置与MS1、SW1、SW2、SW3、SW4之间的太网通道
MS2(config)#interface range fastEthernet 0/10-12MS2(config-if-range)#channel-group 5MS2(config-if-range)#switchport trunk encapsulation dot1q MS2(config-if-range)#switchport mode trunk MS2(config-if-range)#exitMS2(config)#interface range fastEthernet 0/2-3MS2(config-if-range)#channel-group 1MS2(config-if-range)#switchport trunk encapsulation dot1q MS2(config-if-range)#switchport mode trunk MS2(config-if-range)#exitMS2(config)#interface range fastEthernet 0/4-5MS2(config-if-range)#channel-group 2MS2(config-if-range)#switchport mode trunk MS2(config-if-range)#exitMS2(config)#interface range fastEthernet 0/6-7MS2(config-if-range)#channel-group 3MS2(config-if-range)#switchport trunk encapsulation dot1q MS2(config-if-range)#switchport mode trunk MS2(config-if-range)#exitMS2(config)#interface range fastEthernet 0/8-9MS2(config-if-range)#channel-group 4MS2(config-if-range)#switchport trunk encapsulation dot1q MS2(config-if-range)#switchport mode trunk
3)在MS1上查看以太网通道
MS1>show etherchannel port-channel Channel-group listing:----------------------Group: 1----------Port-channels in the group:---------------------------Port-channel:------------Age of the Port-channel = 00d:00h:05m:21sLogical slot/port = 2/1 Number of ports = 2GC = 0x00000000 HotStandBy port = nullPort state = Port-channel Protocol =Port Security =Ports in the Port-channel:Index Load Port EC state No of bits------+------+------+------------------+-----------0 00 Fa0/5 On 00 00 Fa0/6 On 0Time since last port bundled: 00d:00h:05m:21s Fa0/6Group: 2----------Port-channels in the group:---------------------------Port-channel:------------Age of the Port-channel = 00d:00h:05m:21sLogical slot/port = 2/2 Number of ports = 2GC = 0x00000000 HotStandBy port = nullPort state = Port-channel Protocol =Port Security =Ports in the Port-channel:Index Load Port EC state No of bits------+------+------+------------------+-----------0 00 Fa0/7 On 00 00 Fa0/8 On 0Time since last port bundled: 00d:00h:05m:21s Fa0/8Group: 3----------Port-channels in the group:---------------------------Port-channel:------------Age of the Port-channel = 00d:00h:05m:21sLogical slot/port = 2/3 Number of ports = 2GC = 0x00000000 HotStandBy port = nullPort state = Port-channel Protocol =Port Security =Ports in the Port-channel:Index Load Port EC state No of bits------+------+------+------------------+-----------0 00 Fa0/9 On 00 00 Fa0/10 On 0Time since last port bundled: 00d:00h:05m:21s Fa0/10Group: 4----------Port-channels in the group:---------------------------Port-channel:------------Age of the Port-channel = 00d:00h:05m:21sLogical slot/port = 2/4 Number of ports = 2GC = 0x00000000 HotStandBy port = nullPort state = Port-channel Protocol =Port Security =Ports in the Port-channel:Index Load Port EC state No of bits------+------+------+------------------+-----------0 00 Fa0/11 On 00 00 Fa0/12 On 0Time since last port bundled: 00d:00h:05m:21s Fa0/12Group: 5----------Port-channels in the group:---------------------------Port-channel:------------Age of the Port-channel = 00d:00h:08m:11sLogical slot/port = 2/5 Number of ports = 3GC = 0x00000000 HotStandBy port = nullPort state = Port-channel Protocol =Port Security =Ports in the Port-channel:Index Load Port EC state No of bits------+------+------+------------------+-----------0 00 Fa0/13 On 00 00 Fa0/14 On 00 00 Fa0/15 On 0Time since last port bundled: 00d:00h:08m:11s Fa0/15
步骤四:MS1与MS2配置STP
1)在MS1和MS2上配置stp
MS1(config)#spanning-tree vlan 1MS2(config)#spanning-tree vlan 1
2)在MS1和MS2上查看stp
MS1# show spanning-tree vlan 1VLAN0001Spanning tree enabled protocol ieeeRoot ID Priority 24577Address 0004.9A70.6B06This bridge is the root Hello Time 2 sec Max Age 20 sec Forward Delay 15Bridge ID Priority 24577 (priority 24576 sys-id-ext 1)Address 0004.9A70.6B06Hello Time 2 sec Max Age 20 sec Forward Delay 15Aging Time 20Interface Role Sts Cost Prio.Nbr Type---------------- ---- --- --------- -------- --------------------------------Po1 Desg FWD 9 128.27Po2 Desg FWD 9 128.28Po3 Desg FWD 9 128.29Po4 Desg FWD 9 128.30Po5 Desg FWD 8 128.31
MS2#show spanning-tree vlan 1VLAN0001Spanning tree enabled protocol ieeeRoot ID Priority 24577Address 0004.9A70.6B06Cost 8Port 31(Port-channel 5)Hello Time 2 sec Max Age 20 sec Forward Delay 15Bridge ID Priority 28673 (priority 28672 sys-id-ext 1)Address 0006.2A05.A2BAHello Time 2 sec Max Age 20 sec Forward Delay 15Aging Time 20Interface Role Sts Cost Prio.Nbr Type---------------- ---- --- --------- -------- --------------------------------Po1 Desg FWD 9 128.27Po2 Desg FWD 9 128.28Po3 Desg FWD 9 128.29Po4 Desg FWD 9 128.30Po5 Root FWD 8 128.31
步骤五:HSRP配置
1)MS1配置HSRP
MS1(config)#interface vlan 1MS1(config-if)#standby 1 ip 192.168.1.254MS1(config-if)#standby 1 priority 200MS1(config-if)#standby 1
2)MS2配置HSRP开启路由功能
MS2(config)#ip routingMS2(config)#interface vlan 1MS2(config)#ip address 192.168.1.253 255.255.255.0MS2(config)#no shutdownMS2(config-if)#standby 1 ip 192.168.1.254MS2(config-if)#standby 1 priority 195MS2(config-if)#standby 1
3)配置MS1交换机的HSRP的端口跟踪,关闭跟踪接口,并在MS1和MS2上查看HSRP状态
MS1(config)# MS1(config)#interface vlan 1MS1(config-if)#standby 1 track fastEthernet 0/1MS1(config-if)#exitMS1(config)#interface fastEthernet 0/1MS1(config-if)#shutdownMS1#show standby brief P indicates configured to preempt.|Interface Grp Pri P State Active Standby Virtual IPVl1 1 190 P Standby 192.168.1.253 local 192.168.1.254MS2#show standby brief P indicates configured to preempt.Interface Grp Pri P State Active Standby Virtual IPVl1 1 195 P Active local 192.168.1.252 192.168.1.254
步骤六:MS2连接R1并配置rip
1)为R1与MS2相连接的接口配置IP地址 并配置rip
R1(config)#interface fastEthernet 0/24R1(config-if)#ip address 192.168.3.2 255.255.255.0R1(config-if)#exitR1(config)#router rip R1(config-router)# version 2R1(config-router)#network 192.168.3.0MS2(config-if)#exitMS2(config)#router rip MS2(config-router)#version 2MS2(config-router)#no auto-summary MS2(config-router)#network 192.168.1.0
步骤七:添加路由器R2, 为R2配置默认路由,R2与MS1、MS2、Internet相连并为配置IP与动态路由
1)配置R2的IP地址、rip、默认路由。
Router(config)hostname R2R2(config)#interface fastEthernet 0/0R2(config-if)#ip address 192.168.4.2 255.255.255.0R2(config-if)#no shutdownR2(config-if)#exitR2(config)#interface fastEthernet 0/1R2(config-if)#ip address 192.168.5.2 255.255.255.0R2(config-if)#no shutdownR2(config-if)#exitR2(config)#interface fastEthernet 1/0R2(config-if)#ip address 61.159.62.130 255.255.255.248R2(config-if)#no shutdownR2(config-if)#exitR2(config)ip route 0.0.0.0 0.0.0.0 fastEthernet 1/0R2(config)#router ripR2(config-router)#version 2R2(config-router)#no auto-summary R2(config-router)#network 192.168.4.0R2(config-router)#network 192.168.5.0R2(config-router)#default-information originate
2)MS2配置IP地址添加动态路由条目
MS2(config)#interface fastEthernet 0/1MS2(config-if)#no switchportMS2(config-if)#ip address 192.168.4.1 255.255.255.0MS2(config-if)#no shutdownMS2(config-if)#exitMS2(config)#router ripR2(config-router)#version 2MS2(config-router)#network 192.168.4.0
3)MS1配置IP地址添加动态路由条目
MS1(config)#interface fastEthernet 0/24MS1(config-if)#no switchportMS1(config-if)#ip address 192.168.5.1 255.255.255.0MS1(config-if)#no shutdownMS1(config-if)#exitMS1(config)#router ripR2(config-router)#version 2MS1(config-router)#network 192.168.5.0
4)在客户端测试网络的联通性
SERVER>ipconfig FastEthernet0 Connection:(default port)Link-local IPv6 Address.........: FE80::201:96FF:FEA8:404BIP Address......................: 192.168.1.1Subnet Mask.....................: 255.255.255.0Default Gateway.................: 192.168.1.254SERVER>ping 192.168.2.1Pinging 192.168.2.1 with 32 bytes of data:Reply from 192.168.2.1: bytes=32 time=0ms TTL=255Reply from 192.168.2.1: bytes=32 time=0ms TTL=255Reply from 192.168.2.1: bytes=32 time=0ms TTL=255Reply from 192.168.2.1: bytes=32 time=0ms TTL=255Ping statistics for 192.168.2.1:Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),Approximate round trip times in milli-seconds:Minimum = 0ms, Maximum = 0ms, Average =
SERVER>ping 192.168.3.1Pinging 192.168.3.1 with 32 bytes of data:Reply from 192.168.3.1: bytes=32 time=0ms TTL=255Reply from 192.168.3.1: bytes=32 time=0ms TTL=255Reply from 192.168.3.1: bytes=32 time=0ms TTL=255Reply from 192.168.3.1: bytes=32 time=0ms TTL=255Ping statistics for 192.168.3.1:Packets: Sent = 4, Received = 2, Lost = 2 (50% loss),Approximate round trip times in milli-seconds:Minimum = 0ms, Maximum = 0ms, Average =
SERVER>ping 192.168.4.1
Pinging 192.168.4.1 with 32 bytes of data:Reply from 192.168.4.1: bytes=32 time=1ms TTL=255Reply from 192.168.4.1: bytes=32 time=0ms TTL=255Reply from 192.168.4.1: bytes=32 time=0ms TTL=255Reply from 192.168.4.1: bytes=32 time=0ms TTL=255Ping statistics for 192.168.4.1:Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),Approximate round trip times in milli-seconds:Minimum = 0ms, Maximum = 1ms, Average =
SERVER>ping 192.168.5.1Pinging 192.168.5.1 with 32 bytes of data:Reply from 192.168.5.1: bytes=32 time=1ms TTL=255Reply from 192.168.5.1: bytes=32 time=1ms TTL=255Reply from 192.168.5.1: bytes=32 time=1ms TTL=255Reply from 192.168.5.1: bytes=32 time=0ms TTL=255Ping statistics for 192.168.5.1:Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),Approximate round trip times in milli-seconds:Minimum = 0ms, Maximum = 1ms, Average =
SERVER>ping 192.168.2.2Pinging 192.168.2.2 with 32 bytes of data:Reply from 192.168.2.2: bytes=32 time=1ms TTL=254Reply from 192.168.2.2: bytes=32 time=1ms TTL=254Reply from 192.168.2.2: bytes=32 time=11ms TTL=254Reply from 192.168.2.2: bytes=32 time=0ms TTL=254Ping statistics for 192.168.2.2:Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),Approximate round trip times in milli-seconds:Minimum = 0ms, Maximum = 11ms, Average =
SERVER>ping 192.168.3.2Pinging 192.168.3.2 with 32 bytes of data:Reply from 192.168.3.2: bytes=32 time=0ms TTL=254Reply from 192.168.3.2: bytes=32 time=0ms TTL=254Reply from 192.168.3.2: bytes=32 time=1ms TTL=254Reply from 192.168.3.2: bytes=32 time=0ms TTL=254Ping statistics for 192.168.3.2:Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),Approximate round trip times in milli-seconds:Minimum = 0ms, Maximum = 1ms, Average =
5)关闭MS1
MS1(config)#interface range fastEthernet 0/1-24MS1(config-if-range)#shutdown
6)在外网测试是否可以访问web服务器如图-4所示
图-4
步骤八:在R2上配置端口映射
1)在R2上配置端口映射,指定NAT进口
R2(config)#ip nat inside source static tcp 192.168.1.8 80 61.159.62.131 80R2(config)#interface fastEthernet 0/0R2(config-if)#ip nat inside R2(config-if)#exitR2(config)#interface fastEthernet 0/1R2(config-if)#ip nat inside R2(config-if)#exitR2(config)#interface fastEthernet 1/0R2(config-if)#ip nat outside
2)关闭R1(如图-5所示)测试外网是否可以正常访问web服务器(因为模拟器有BUG所以需要填加一台Internet主机IP:61.159.62.133测试如图-6所示)
图-5
图-6
可以访问web服务器证明项目升级成功。
