項目三 大型雙核心網(wǎng)絡(luò)1

1、 項目三 雙核心網(wǎng)絡(luò)【案例背景】 某高校隨著學(xué)校教學(xué)和學(xué)生網(wǎng)上應(yīng)用的增長，校園網(wǎng)以光纖連接了全校近 70 棟樓宇，覆蓋了 90%的教學(xué)辦公場所和 75%的學(xué)生宿舍。共布有 2 萬多個網(wǎng)絡(luò)端口，其中約 1.2 萬多個布線端口連通了網(wǎng)絡(luò)設(shè)備，共接入計算機 6 千多臺，有固定注冊用戶約 6000 人。原有網(wǎng)絡(luò)設(shè)備已經(jīng)無法滿足新環(huán)境下的網(wǎng)絡(luò)應(yīng)用，因此該校決定重新規(guī)劃建設(shè)校園網(wǎng)。 【案例拓撲結(jié)構(gòu)】 如圖 3-1 所示網(wǎng)絡(luò)拓撲是某高校雙核心網(wǎng)絡(luò)拓撲，具體的設(shè)備規(guī)劃詳見其上。圖 3-1某高校雙核心網(wǎng)絡(luò)拓撲【需求分析】 需求 1：要能夠達到輕載要求：低負載，高帶寬，最簡單，最有效； 分析 1：網(wǎng)絡(luò)核心冗余，核

2、心到匯聚雙鏈路備份。 需求 2：要具有先進的技術(shù)性：支持線速轉(zhuǎn)發(fā)，具備高密度的萬兆端口，核心設(shè)備支持 T 級以上的背板設(shè)計，硬件實現(xiàn) ACL、QoS、組播等功能； 分析 2：核心交換機可選擇 RG-S6800E 系列，以上功能可實現(xiàn)。 需求 3、要穩(wěn)定、可靠：確保物理層、鏈路層、網(wǎng)絡(luò)層、病毒環(huán)境下的穩(wěn)定、可靠； 分析 3：要求各層設(shè)備能夠有防病毒的功能，項目中所選設(shè)備均可通過配置防止病毒泛濫。需求 4：要有健壯的安全：不以犧牲網(wǎng)絡(luò)性能為代價，實現(xiàn)病毒和攻擊的防護、用戶接入控制、 路由協(xié)議安全； 分析 4：核心交換機具有的 SPOH 功能，保證在實現(xiàn)防護病毒和攻擊的情況下，核心交換機性能不受影響

3、，接入采用安全智能接入層交換機 RG-S2100 系列 需求 5：要易于管理：具備網(wǎng)絡(luò)拓樸發(fā)現(xiàn)、網(wǎng)絡(luò)設(shè)備集中統(tǒng)一管理、性能監(jiān)視和預(yù)警、分類查看管理的能力； 分析 5：所有項目中設(shè)備均支持 SNMP，并通過銳捷 star-view軟件進行整理。 【實驗拓撲】 如圖 3-2 所示網(wǎng)絡(luò)拓撲是某高校雙核心網(wǎng)絡(luò)拓撲，根據(jù)其網(wǎng)絡(luò)應(yīng)用和功能在實驗室中進行了網(wǎng)絡(luò)環(huán)境的搭建，具體應(yīng)用的設(shè)備和地址信息的規(guī)劃詳見其上。 圖 3-2實驗室中搭建的某高校雙核心網(wǎng)絡(luò)環(huán)境【地址規(guī)劃】【實驗設(shè)備】 出口設(shè)備：RG-WALL 100（或 1000） 1 臺；設(shè)備 接口 IP 地址 6806E-AVLAN1014192.168.

4、128.45/29VLAN1016192.168.128.67/29F0/5192.168.128.1/296806E-BVLAN1024192.168.129.45/29VLAN1026192.168.129.67/29F0/5192.168.128.2/29VLAN30192.168.86.17/28 核心設(shè)備：S68 系列（或S65/S35 系列設(shè)備）2 臺，配置千兆光纖接口 4 塊；匯聚設(shè)備：S3550-24 2 臺，每臺配置 2 塊千兆光纖接口；接入設(shè)備：S2126G 二層交換機 4 臺；實驗 PC：8 臺；【實驗步驟】 實驗配置分為： 第一步：網(wǎng)絡(luò)設(shè)備的基本配置； 第二步：OSPF

5、 配置及其測試； （以下配置默認(rèn)在全局配置模式下進行）第一步 設(shè)備基本配置(1) S2150G-A1 基本配置hostname S2150G-A!交換機更名為 S2150G-A vlan 1!vlan 10vlan 20vlan 30interface range fastEthernet 0/1-10 switchport access vlan 10interface range fastEthernet 0/11-20 switchport access vlan 20interface range fastEthernet 0/21-30 switchport access vlan

6、30interface gigabitEthernet 1/1switchport mode trunk!創(chuàng)建 VLAN10!創(chuàng)建 VLAN20!創(chuàng)建 VLAN30!設(shè)置 110 號端口 ! 將其加入 VLAN10!設(shè)置 1120 號端口 !將其加入 VLAN20!設(shè)置 2130 號端口 !將其加入 VLAN30!配置 S2150G-A 的上連光纖模塊! 將其配置為 TRUNK 模式 S2150G-B 與 S2150G-A 的配置內(nèi)容基本相同，在此略過。(2) S3550-A 基本配置!version 1.0!hostname S3550-A vlan 1!vlan 10vlan 20!交換機

7、更名為 S3550-A!創(chuàng)建 VLAN10!創(chuàng)建 VLAN20 vlan 30interface FastEthernet 0/1 switchport mode trunk switchport trunk native vlan 4093 interface FastEthernet 0/2 switchport mode trunk switchport trunk native vlan 4093 interface FastEthernet 0/10 switchport mode trunk switchport trunk native vlan 4093!interface F

8、astEthernet 0/20 switchport mode trunk switchport trunk native vlan 4093!interface Vlan 10ip address 172.16.10.1 255.255.255.0interface Vlan 20ip address 172.16.20.1 255.255.255.0!interface Vlan 30ip address 172.16.30.1 255.255.255.0!interface Vlan 1014!創(chuàng)建 VLAN30!配置 1 號端口 !設(shè)置其運行模式為 trunk 模式!設(shè)置其nativ

9、e vlan 號為 4093!配置 2 號端口 !設(shè)置其運行模式為 trunk 模式設(shè)置其 native vlan 號為 4093!配置 10 號端口 !配置 20 號端口!配置 VLAN10!設(shè)置其 IP 地址!配置 VLAN20!配置 VLAN30!配置 VLAN1014ip address 192.168.128.44 255.255.255.248!interface Vlan 1024ip address 192.168.129.44 255.255.255.248!end!配置 VLAN1024S3550-A#ping 192.168.128.44/測試 VLAN1014 是否啟用

10、Sending 5, 100-byte ICMP Echos to 192.168.128.44, timeout is 2000 milliseconds.!Success rate is 100 percent (5/5)Minimum = 1ms Maximum = 1ms, Average = 1msS3550-A#ping 192.168.129.44/測試 VLAN1024 是否啟用Sending 5, 100-byte ICMP Echos to 192.168.129.44, timeout is 2000 milliseconds.! Success rate is 100

11、percent (5/5)Minimum = 1ms Maximum = 1ms, Average = 1msS3550-A#ping 172.16.10.1/測試 VLAN10是否啟用Sending 5, 100-byte ICMP Echos to 172.16.10.1, timeout is 2000 milliseconds.!Success rate is 100 percent (5/5)Minimum = 1ms Maximum = 1ms, Average = 1msS3550-A#ping 172.16.20.1/測試 VLAN20是否啟用Sending 5, 100-by

12、te ICMP Echos to 172.16.20.1, timeout is 2000 milliseconds.!Success rate is 100 percent (5/5)Minimum = 1ms Maximum = 1ms, Average = 1msS3550-A#ping 172.16.30.1/測試 VLAN30 是否啟用Sending 5, 100-byte ICMP Echos to 172.16.30.1, timeout is 2000 milliseconds.!Success rate is 100 percent (5/5)Minimum = 1ms Ma

13、ximum = 1ms, Average = 1msS3550B 的配置基本相同，在此略過。 (3) S6810E-B 基本配置!version 1.0!hostname S6806E-B!交換機更名為 S6806E-Bvlan 1!interface FastEthernet 0/1!配置 1 號端口switchport mode trunk!設(shè)置運行模式為 trunk模式switchport trunk native vlan 4093!設(shè)置 native vlan 為 4093interface FastEthernet 0/2!配置 2 號端口 switchport mode trun

14、kswitchport trunk native vlan 4093!interface FastEthernet 0/5!配置 5 號端口no switchportip address 192.168.128.2 255.255.255.248!interface Vlan 1024!配置 VLAN1024ip address 192.168.129.45 255.255.255.248!interface Vlan 1026!配置 VLAN1026ip address 192.168.129.67 255.255.255.248!endS6806E-B#ping 192.168.128.2

15、/測試 5 號端口是否啟用Sending 5, 100-byte ICMP Echos to 192.168.128.2,timeout is 2000 milliseconds.!Success rate is 100 percent (5/5)Minimum = 1ms Maximum = 1ms, Average = 1msS6806E-B#ping 192.168.129.45/測試 VLAN1024 是否啟用Sending 5, 100-byte ICMP Echos to 192.168.129.45,timeout is 2000 milliseconds.!Success ra

16、te is 100 percent (5/5)Minimum = 1ms Maximum = 1ms, Average = 1msS6806E-B#ping 192.168.129.67/測試 VLAN1026 是否啟用Sending 5, 100-byte ICMP Echos to 192.168.129.67,timeout is 2000 milliseconds. !Success rate is 100 percent (5/5)Minimum = 1ms Maximum = 1ms, Average = 1msS6810E-A 的配置基本相同，在此略過。第二步：設(shè)備 OSPF 配

17、置(1) S3550A 的路由配置interface Vlan 1024ip address 192.168.129.44 255.255.255.248ip ospf cost 100 router ospfarea 0.0.0.0! 設(shè)置此鏈路 OSPF 代價為 100!啟用 OSPF 路由協(xié)議 !區(qū)域 0network 192.168.0.0 255.255.0.0 area 0.0.0.0netword 172.16.0.0 255.255.0.0 area 0.0.0.0!S3550B 的路由配置基本相同，在此略過。!公布本交換機的路由信息(2) S6806E-A 的路由配置inte

18、rface FastEthernet 0/5 no switchportip address 192.168.128.1 255.255.255.248ip ospf cost 1!interface Vlan 1016!設(shè)置 5 號端口的鏈路 OSPF 代價為 1ip address 192.168.128.67 255.255.255.248ip ospf cost 60!router ospf area 0.0.0.0!設(shè)置 VLAN1016 的鏈路 OSPF 代價為 60!啟動 OSPF 路由協(xié)議!區(qū)域 0network 192.168.0.0 255.255.0.0 area 0.0

19、.0.0!（3）路由的測試 !公布本交換機的路由信息因為在核心 S6806E 上，基本都是直連路由，所以選擇 S3550 進行路由的測試。S3550-A#ping 192.168.128.1/測試與 S6806E-A 的連通性Sending 5, 100-byte ICMP Echos to 192.168.128.1, timeout is 2000 milliseconds.!Success rate is 100 percent (5/5)Minimum = 1ms Maximum = 1ms, Average = 1msS3550-A#traceroute 192.168.128.1T

20、ype esc/CTRLc/CTRLz/q to abort./測試與 S6806E-A 的路由 13ms1ms1ms192.168.128.1Trace complete successfully.S3550-A#ping 192.168.129.67/測試與 S6806E-B 的連通性Sending 5, 100-byte ICMP Echos to 192.168.129.67, timeout is 2000 milliseconds.!Success rate is 100 percent (5/5)Minimum = 1ms Maximum = 1ms, Average = 1ms

21、S3550-A#traceroute 192.168.129.67Type esc/CTRLc/CTRLz/q to abort./測試與 S6806E-B 的路由123ms1ms1ms1ms1ms1ms192.168.128.45192.168.129.67Trace complete successfully.S3550-A#ping 172.18.50.1/測試與 S3550-B 的連通性Sending 5, 100-byte ICMP Echos to 172.18.50.1, timeout is 2000 milliseconds.!Success rate is 100 perc

22、ent (5/5)Minimum = 1ms Maximum = 1ms, Average = 1msS3550-A#traceroute 172.18.50.1Type esc/CTRLc/CTRLz/q to abort./測試與 S3550-B 的路由1231ms 1ms1ms1ms 1ms1ms1ms 1ms3ms192.168.128.45192.168.128.2172.18.50.1Trace complete successfully.從 S3550-B 同樣進行一次全面的路由檢查S3550-B#ping 192.168.128.2/測試與 S6806E-B 的連通性Sendi

23、ng 5, 100-byte ICMP Echos to 192.168.128.2, timeout is 2000 milliseconds.!Success rate is 100 percent (5/5)Minimum = 1ms Maximum = 1ms, Average = 1msS3550-B#traceroute 192.168.128.2Type esc/CTRLc/CTRLz/q to abort./測試與 S6806E-B 的路由13ms1ms1ms192.168.128.2Trace complete successfully.S3550-B#ping 192.16

24、8.128.45/測試與 S6806E-A 的連通性Sending 5, 100-byte ICMP Echos to 192.168.128.45, timeout is 2000 milliseconds.! Success rate is 100 percent (5/5)Minimum = 1ms Maximum = 2ms, Average = 1msS3550-B#traceroute 192.168.128.45Type esc/CTRLc/CTRLz/q to abort./測試與 S6806E-A 的路由121ms1ms1ms1ms1ms1ms192.168.129.6719

25、2.168.128.45Trace complete successfully.S3550-B#ping 172.16.10.1/測試與 S3550-A 的連通性Sending 5, 100-byte ICMP Echos to 172.16.10.1, timeout is 2000 milliseconds.!Success rate is 100 percent (5/5)Minimum = 1ms Maximum = 1ms, Average = 1msS3550-B#traceroute 172.16.10.1Type esc/CTRLc/CTRLz/q to abort./測試與

26、S3550-A 的路由1233ms 1ms1ms1ms 1ms1ms1ms 1ms1ms192.168.129.67192.168.128.1172.16.10.1Trace complete successfully. S3550-B#【問題與思考】 1、 為什么把 VLAN 作為三層接口，這樣做的好處是什么？ 2、 為什么把端口配置為 TRUNK 模式，這樣做的好處是什么？ 3、 【參考配置】 (1) S6806E-A 的配置S6806E-A#sh run Building configuration. Current configuration : 696 bytes ! version

27、 1.0 ! hostname S6806E-A vlan 1 ! enable secret level 1 5 $2H.Y*T3;C,tZV4H.41u_;C,tQ8U0D+S! interface FastEthernet 0/1 switchport mode trunk switchport trunk native vlan 4093 ! interface FastEthernet 0/2 switchport mode trunk switchport trunk native vlan 4093 ! interface FastEthernet 0/5 no switchpo

28、rt ip address 192.168.128.1 255.255.255.248 ip ospf cost 1 ! interface Vlan 1014 ip address 192.168.128.45 255.255.255.248! interface Vlan 1016 ip address 192.168.128.67 255.255.255.248ip ospf cost 60 ! router ospf area 0.0.0.0 0.0.0.0network 192.168.0.0 255.255.0.0 area! end (2) S6806E-B 的配置S6806E-

29、B#sh run Building configuration. Current configuration : 577 bytes ! version 1.0 ! hostname S6806E-B vlan 1 ! interface FastEthernet 0/1 switchport mode trunk switchport trunk native vlan 4093 ! interface FastEthernet 0/2 switchport mode trunk switchport trunk native vlan 4093 ! interface FastEthern

30、et 0/5 no switchport ip address 192.168.128.2 255.255.255.248 ip ospf cost 20 ! interface Vlan 1024 ip address 192.168.129.45 255.255.255.248ip ospf cost 50 ! interface Vlan 1026 ip address 192.168.129.67 255.255.255.248! router ospf area 0.0.0.0 network 192.168.0.0 255.255.0.0 area! end (3) S3550-A

31、 的配置S3550-A#sh run Building configuration. 0.0.0.0Current configuration : 1012! version 1.0 ! hostname S3550-A bytesvlan! vlan! vlan! vlan! 1102030interface FastEthernet 0/1 switchport mode trunk switchport trunk native vlan! interface FastEthernet 0/2 switchport mode trunk switchport trunk native v

32、lan! interface FastEthernet 0/10 switchport mode trunk switchport trunk native vlan! interface FastEthernet 0/20 switchport mode trunk switchport trunk native vlan! 4093409340934093 interface FastEthernet 0/24 switchport mode trunk ! interface Vlan 1 ip address 192.168.1.254 255.255.255.0! interface

33、 Vlan 10 ip address 172.16.10.1 255.255.255.0! interface Vlan 20 ip address 172.16.20.1 255.255.255.0! interface Vlan 30 255.255.255.0ip address 172.16.30.1! interface Vlan 1014 ip address 192.168.128.44 255.255.255.248! interface Vlan 1024 ip address 192.168.129.44 255.255.255.248 ip ospf cost 100

34、! router ospf area 0.0.0.0 network 172.16.0.0 255.255.0.0 area 0.0.0.0network 192.168.0.0 255.255.0.0 area! end (4) S3550-B 的配置S3550-B#sh run Building configuration. Current configuration : 1011 bytes ! version 1.0 ! hostname S3550-B 0.0.0.01vlan! vlan! vlan! vlan! 506070 interface FastEthernet 0/1

35、switchport mode trunk switchport trunk native vlan! interface FastEthernet 0/2 switchport mode trunk switchport trunk native vlan! interface FastEthernet 0/10 switchport mode trunk switchport trunk native vlan! interface FastEthernet 0/20 switchport mode trunk switchport trunk native vlan! interface

36、 FastEthernet 0/24 switchport mode trunk ! interface Vlan 1 4093409340934093ip address 192.168.2.254 255.255.255.0! interface Vlan 50 255.255.255.0ip address 172.18.50.1! interface Vlan 60 ip address 172.18.60.1! interface Vlan 70 ip address 172.18.70.1! interface Vlan 1016 255.255.255.0255.255.255.

37、0ip address 192.168.128.66 255.255.255.248 ip ospf cost 60 ! interface Vlan 1026 ip address 192.168.129.66 255.255.255.248 ! router ospf area 0.0.0.0 network 172.18.0.0 255.255.0.0 area 0.0.0.0 network 192.168.0.0 255.255.0.0 area 0.0.0.0! end (5) S2150G-A1 的配置S2150G-A#sh run Building configuration.

38、 Current configuration : 2083 bytes! version 1.0 ! hostname S2150G-Avlan! vlan! vlan! vlan! 1102030enable secret level 1 5 #E,1u_;Cq&-8U0H enable secret level 15 5 #/-aehq1dfimLqtbcknAq7zyglow! interface fastEthernet 0/1 switchport access vlan 10 ! interface fastEthernet 0/2 switchport access vlan 1

39、0 ! interface fastEthernet 0/3 switchport access vlan 10 ! interface fastEthernet 0/4 switchport access vlan 10 ! interface fastEthernet 0/5 switchport access vlan 10 ! interface fastEthernet 0/6 switchport access vlan 10 ! interface fastEthernet 0/7 switchport access vlan 10 ! interface fastEtherne

40、t 0/8 switchport access vlan 10 ! interface fastEthernet 0/9 switchport access vlan 10! interface fastEthernet 0/10 switchport access vlan 10! interface fastEthernet 0/11 switchport access vlan 20! interface fastEthernet 0/12 switchport access vlan 20! interface fastEthernet 0/13 switchport access v

41、lan 20! interface fastEthernet0/14switchport access vlan 20! interface fastEthernet 0/15 switchport access vlan 20! interface fastEthernet 0/16 switchport access vlan 20! interface fastEthernet 0/17 switchport access vlan 20! interface fastEthernet 0/18 switchport access vlan 20! interface fastEther

42、net 0/19 switchport access vlan 20! interface fastEthernet 0/20 switchport access vlan 20! interface fastEthernet 0/21 switchport access vlan 30! interface fastEthernet 0/22 switchport access vlan 30! interface fastEthernet 0/23switchport access vlan 30 ! interface fastEthernet 0/24 switchport acces

43、s vlan 30 ! interface fastEthernet 0/25 switchport access vlan 30 ! interface fastEthernet 0/26 switchport access vlan 30 ! interface fastEthernet 0/27 switchport access vlan 30 ! interface fastEthernet 0/28 switchport access vlan 30 ! interface fastEthernet 0/29 switchport access vlan 30 ! interfac

44、e fastEthernet 0/30 switchport access vlan 30 ! interface fastEthernet 0/48 switchport mode trunk ! interface Vlan 1 ip address 192.168.1.1 255.255.255.0 ! ip default-gateway 192.168.1.254 ! end S2150G-A# (6) S2150G-B1 的配置S2150G-B#sh run Building configuration. Current configuration : 2061 bytes ! v

45、ersion 1.0 ! hostname S2150G-B vlan 1 ip address 172.18.50.10 255.255.255.0! vlan 50 ! vlan 60 ! vlan 70 ! enable secret level 1 5 #E,1u_;Cq&-8U0H5 #/-aehq1dfimLqtbcknAq7zyglowenable secret level 15! interface fastEthernet 0/1 switchport access vlan 50! interface fastEthernet 0/2 switchport access vlan 50! interface fastEthernet 0/3 switchport access vlan 50! interface fastEthernet 0/4 switchport access vlan 50! interface fastEthernet 0/5 switchport access vlan 50!