項目三 大型雙核心網絡1_第1頁
項目三 大型雙核心網絡1_第2頁
項目三 大型雙核心網絡1_第3頁
項目三 大型雙核心網絡1_第4頁
項目三 大型雙核心網絡1_第5頁
已閱讀5頁,還剩14頁未讀 繼續(xù)免費閱讀

下載本文檔

版權說明:本文檔由用戶提供并上傳,收益歸屬內容提供方,若內容存在侵權,請進行舉報或認領

文檔簡介

1、 項目三 雙核心網絡【案例背景】 某高校隨著學校教學和學生網上應用的增長,校園網以光纖連接了全校近 70 棟樓宇,覆蓋了 90%的教學辦公場所和 75%的學生宿舍。共布有 2 萬多個網絡端口,其中約 1.2 萬多個布線端口連通了網絡設備,共接入計算機 6 千多臺,有固定注冊用戶約 6000 人。原有網絡設備已經無法滿足新環(huán)境下的網絡應用,因此該校決定重新規(guī)劃建設校園網。 【案例拓撲結構】 如圖 3-1 所示網絡拓撲是某高校雙核心網絡拓撲,具體的設備規(guī)劃詳見其上。圖 3-1某高校雙核心網絡拓撲【需求分析】 需求 1:要能夠達到輕載要求:低負載,高帶寬,最簡單,最有效; 分析 1:網絡核心冗余,核

2、心到匯聚雙鏈路備份。 需求 2:要具有先進的技術性:支持線速轉發(fā),具備高密度的萬兆端口,核心設備支持 T 級以上的背板設計,硬件實現 ACL、QoS、組播等功能; 分析 2:核心交換機可選擇 RG-S6800E 系列,以上功能可實現。 需求 3、要穩(wěn)定、可靠:確保物理層、鏈路層、網絡層、病毒環(huán)境下的穩(wěn)定、可靠; 分析 3:要求各層設備能夠有防病毒的功能,項目中所選設備均可通過配置防止病毒泛濫。需求 4:要有健壯的安全:不以犧牲網絡性能為代價,實現病毒和攻擊的防護、用戶接入控制、 路由協(xié)議安全; 分析 4:核心交換機具有的 SPOH 功能,保證在實現防護病毒和攻擊的情況下,核心交換機性能不受影響

3、,接入采用安全智能接入層交換機 RG-S2100 系列 需求 5:要易于管理:具備網絡拓樸發(fā)現、網絡設備集中統(tǒng)一管理、性能監(jiān)視和預警、分類查看管理的能力; 分析 5:所有項目中設備均支持 SNMP,并通過銳捷 star-view軟件進行整理。 【實驗拓撲】 如圖 3-2 所示網絡拓撲是某高校雙核心網絡拓撲,根據其網絡應用和功能在實驗室中進行了網絡環(huán)境的搭建,具體應用的設備和地址信息的規(guī)劃詳見其上。 圖 3-2實驗室中搭建的某高校雙核心網絡環(huán)境【地址規(guī)劃】【實驗設備】 出口設備:RG-WALL 100(或 1000) 1 臺;設備 接口 IP 地址 6806E-AVLAN1014192.168.

4、128.45/29VLAN1016192.168.128.67/29F0/5192.168.128.1/296806E-BVLAN1024192.168.129.45/29VLAN1026192.168.129.67/29F0/5192.168.128.2/29VLAN30192.168.86.17/28 核心設備:S68 系列(或S65/S35 系列設備)2 臺,配置千兆光纖接口 4 塊;匯聚設備:S3550-24 2 臺,每臺配置 2 塊千兆光纖接口;接入設備:S2126G 二層交換機 4 臺;實驗 PC:8 臺;【實驗步驟】 實驗配置分為: 第一步:網絡設備的基本配置; 第二步:OSPF

5、 配置及其測試; (以下配置默認在全局配置模式下進行)第一步 設備基本配置(1) S2150G-A1 基本配置hostname S2150G-A!交換機更名為 S2150G-A vlan 1!vlan 10vlan 20vlan 30interface range fastEthernet 0/1-10 switchport access vlan 10interface range fastEthernet 0/11-20 switchport access vlan 20interface range fastEthernet 0/21-30 switchport access vlan

6、30interface gigabitEthernet 1/1switchport mode trunk!創(chuàng)建 VLAN10!創(chuàng)建 VLAN20!創(chuàng)建 VLAN30!設置 110 號端口 ! 將其加入 VLAN10!設置 1120 號端口 !將其加入 VLAN20!設置 2130 號端口 !將其加入 VLAN30!配置 S2150G-A 的上連光纖模塊! 將其配置為 TRUNK 模式 S2150G-B 與 S2150G-A 的配置內容基本相同,在此略過。(2) S3550-A 基本配置!version 1.0!hostname S3550-A vlan 1!vlan 10vlan 20!交換機

7、更名為 S3550-A!創(chuàng)建 VLAN10!創(chuàng)建 VLAN20 vlan 30interface FastEthernet 0/1 switchport mode trunk switchport trunk native vlan 4093 interface FastEthernet 0/2 switchport mode trunk switchport trunk native vlan 4093 interface FastEthernet 0/10 switchport mode trunk switchport trunk native vlan 4093!interface F

8、astEthernet 0/20 switchport mode trunk switchport trunk native vlan 4093!interface Vlan 10ip address 172.16.10.1 255.255.255.0interface Vlan 20ip address 172.16.20.1 255.255.255.0!interface Vlan 30ip address 172.16.30.1 255.255.255.0!interface Vlan 1014!創(chuàng)建 VLAN30!配置 1 號端口 !設置其運行模式為 trunk 模式!設置其nativ

9、e vlan 號為 4093!配置 2 號端口 !設置其運行模式為 trunk 模式設置其 native vlan 號為 4093!配置 10 號端口 !配置 20 號端口!配置 VLAN10!設置其 IP 地址!配置 VLAN20!配置 VLAN30!配置 VLAN1014ip address 192.168.128.44 255.255.255.248!interface Vlan 1024ip address 192.168.129.44 255.255.255.248!end!配置 VLAN1024S3550-A#ping 192.168.128.44/測試 VLAN1014 是否啟用

10、Sending 5, 100-byte ICMP Echos to 192.168.128.44, timeout is 2000 milliseconds.!Success rate is 100 percent (5/5)Minimum = 1ms Maximum = 1ms, Average = 1msS3550-A#ping 192.168.129.44/測試 VLAN1024 是否啟用Sending 5, 100-byte ICMP Echos to 192.168.129.44, timeout is 2000 milliseconds.! Success rate is 100

11、percent (5/5)Minimum = 1ms Maximum = 1ms, Average = 1msS3550-A#ping 172.16.10.1/測試 VLAN10是否啟用Sending 5, 100-byte ICMP Echos to 172.16.10.1, timeout is 2000 milliseconds.!Success rate is 100 percent (5/5)Minimum = 1ms Maximum = 1ms, Average = 1msS3550-A#ping 172.16.20.1/測試 VLAN20是否啟用Sending 5, 100-by

12、te ICMP Echos to 172.16.20.1, timeout is 2000 milliseconds.!Success rate is 100 percent (5/5)Minimum = 1ms Maximum = 1ms, Average = 1msS3550-A#ping 172.16.30.1/測試 VLAN30 是否啟用Sending 5, 100-byte ICMP Echos to 172.16.30.1, timeout is 2000 milliseconds.!Success rate is 100 percent (5/5)Minimum = 1ms Ma

13、ximum = 1ms, Average = 1msS3550B 的配置基本相同,在此略過。 (3) S6810E-B 基本配置!version 1.0!hostname S6806E-B!交換機更名為 S6806E-Bvlan 1!interface FastEthernet 0/1!配置 1 號端口switchport mode trunk!設置運行模式為 trunk模式switchport trunk native vlan 4093!設置 native vlan 為 4093interface FastEthernet 0/2!配置 2 號端口 switchport mode trun

14、kswitchport trunk native vlan 4093!interface FastEthernet 0/5!配置 5 號端口no switchportip address 192.168.128.2 255.255.255.248!interface Vlan 1024!配置 VLAN1024ip address 192.168.129.45 255.255.255.248!interface Vlan 1026!配置 VLAN1026ip address 192.168.129.67 255.255.255.248!endS6806E-B#ping 192.168.128.2

15、/測試 5 號端口是否啟用Sending 5, 100-byte ICMP Echos to 192.168.128.2,timeout is 2000 milliseconds.!Success rate is 100 percent (5/5)Minimum = 1ms Maximum = 1ms, Average = 1msS6806E-B#ping 192.168.129.45/測試 VLAN1024 是否啟用Sending 5, 100-byte ICMP Echos to 192.168.129.45,timeout is 2000 milliseconds.!Success ra

16、te is 100 percent (5/5)Minimum = 1ms Maximum = 1ms, Average = 1msS6806E-B#ping 192.168.129.67/測試 VLAN1026 是否啟用Sending 5, 100-byte ICMP Echos to 192.168.129.67,timeout is 2000 milliseconds. !Success rate is 100 percent (5/5)Minimum = 1ms Maximum = 1ms, Average = 1msS6810E-A 的配置基本相同,在此略過。第二步:設備 OSPF 配

17、置(1) S3550A 的路由配置interface Vlan 1024ip address 192.168.129.44 255.255.255.248ip ospf cost 100 router ospfarea 0.0.0.0! 設置此鏈路 OSPF 代價為 100!啟用 OSPF 路由協(xié)議 !區(qū)域 0network 192.168.0.0 255.255.0.0 area 0.0.0.0netword 172.16.0.0 255.255.0.0 area 0.0.0.0!S3550B 的路由配置基本相同,在此略過。!公布本交換機的路由信息(2) S6806E-A 的路由配置inte

18、rface FastEthernet 0/5 no switchportip address 192.168.128.1 255.255.255.248ip ospf cost 1!interface Vlan 1016!設置 5 號端口的鏈路 OSPF 代價為 1ip address 192.168.128.67 255.255.255.248ip ospf cost 60!router ospf area 0.0.0.0!設置 VLAN1016 的鏈路 OSPF 代價為 60!啟動 OSPF 路由協(xié)議!區(qū)域 0network 192.168.0.0 255.255.0.0 area 0.0

19、.0.0!(3)路由的測試 !公布本交換機的路由信息因為在核心 S6806E 上,基本都是直連路由,所以選擇 S3550 進行路由的測試。S3550-A#ping 192.168.128.1/測試與 S6806E-A 的連通性Sending 5, 100-byte ICMP Echos to 192.168.128.1, timeout is 2000 milliseconds.!Success rate is 100 percent (5/5)Minimum = 1ms Maximum = 1ms, Average = 1msS3550-A#traceroute 192.168.128.1T

20、ype esc/CTRLc/CTRLz/q to abort./測試與 S6806E-A 的路由 13ms1ms1ms192.168.128.1Trace complete successfully.S3550-A#ping 192.168.129.67/測試與 S6806E-B 的連通性Sending 5, 100-byte ICMP Echos to 192.168.129.67, timeout is 2000 milliseconds.!Success rate is 100 percent (5/5)Minimum = 1ms Maximum = 1ms, Average = 1ms

21、S3550-A#traceroute 192.168.129.67Type esc/CTRLc/CTRLz/q to abort./測試與 S6806E-B 的路由123ms1ms1ms1ms1ms1ms192.168.128.45192.168.129.67Trace complete successfully.S3550-A#ping 172.18.50.1/測試與 S3550-B 的連通性Sending 5, 100-byte ICMP Echos to 172.18.50.1, timeout is 2000 milliseconds.!Success rate is 100 perc

22、ent (5/5)Minimum = 1ms Maximum = 1ms, Average = 1msS3550-A#traceroute 172.18.50.1Type esc/CTRLc/CTRLz/q to abort./測試與 S3550-B 的路由1231ms 1ms1ms1ms 1ms1ms1ms 1ms3ms192.168.128.45192.168.128.2172.18.50.1Trace complete successfully.從 S3550-B 同樣進行一次全面的路由檢查S3550-B#ping 192.168.128.2/測試與 S6806E-B 的連通性Sendi

23、ng 5, 100-byte ICMP Echos to 192.168.128.2, timeout is 2000 milliseconds.!Success rate is 100 percent (5/5)Minimum = 1ms Maximum = 1ms, Average = 1msS3550-B#traceroute 192.168.128.2Type esc/CTRLc/CTRLz/q to abort./測試與 S6806E-B 的路由13ms1ms1ms192.168.128.2Trace complete successfully.S3550-B#ping 192.16

24、8.128.45/測試與 S6806E-A 的連通性Sending 5, 100-byte ICMP Echos to 192.168.128.45, timeout is 2000 milliseconds.! Success rate is 100 percent (5/5)Minimum = 1ms Maximum = 2ms, Average = 1msS3550-B#traceroute 192.168.128.45Type esc/CTRLc/CTRLz/q to abort./測試與 S6806E-A 的路由121ms1ms1ms1ms1ms1ms192.168.129.6719

25、2.168.128.45Trace complete successfully.S3550-B#ping 172.16.10.1/測試與 S3550-A 的連通性Sending 5, 100-byte ICMP Echos to 172.16.10.1, timeout is 2000 milliseconds.!Success rate is 100 percent (5/5)Minimum = 1ms Maximum = 1ms, Average = 1msS3550-B#traceroute 172.16.10.1Type esc/CTRLc/CTRLz/q to abort./測試與

26、S3550-A 的路由1233ms 1ms1ms1ms 1ms1ms1ms 1ms1ms192.168.129.67192.168.128.1172.16.10.1Trace complete successfully. S3550-B#【問題與思考】 1、 為什么把 VLAN 作為三層接口,這樣做的好處是什么? 2、 為什么把端口配置為 TRUNK 模式,這樣做的好處是什么? 3、 【參考配置】 (1) S6806E-A 的配置S6806E-A#sh run Building configuration. Current configuration : 696 bytes ! version

27、 1.0 ! hostname S6806E-A vlan 1 ! enable secret level 1 5 $2H.Y*T3;C,tZV4H.41u_;C,tQ8U0D+S! interface FastEthernet 0/1 switchport mode trunk switchport trunk native vlan 4093 ! interface FastEthernet 0/2 switchport mode trunk switchport trunk native vlan 4093 ! interface FastEthernet 0/5 no switchpo

28、rt ip address 192.168.128.1 255.255.255.248 ip ospf cost 1 ! interface Vlan 1014 ip address 192.168.128.45 255.255.255.248! interface Vlan 1016 ip address 192.168.128.67 255.255.255.248ip ospf cost 60 ! router ospf area 0.0.0.0 0.0.0.0network 192.168.0.0 255.255.0.0 area! end (2) S6806E-B 的配置S6806E-

29、B#sh run Building configuration. Current configuration : 577 bytes ! version 1.0 ! hostname S6806E-B vlan 1 ! interface FastEthernet 0/1 switchport mode trunk switchport trunk native vlan 4093 ! interface FastEthernet 0/2 switchport mode trunk switchport trunk native vlan 4093 ! interface FastEthern

30、et 0/5 no switchport ip address 192.168.128.2 255.255.255.248 ip ospf cost 20 ! interface Vlan 1024 ip address 192.168.129.45 255.255.255.248ip ospf cost 50 ! interface Vlan 1026 ip address 192.168.129.67 255.255.255.248! router ospf area 0.0.0.0 network 192.168.0.0 255.255.0.0 area! end (3) S3550-A

31、 的配置S3550-A#sh run Building configuration. 0.0.0.0Current configuration : 1012! version 1.0 ! hostname S3550-A bytesvlan! vlan! vlan! vlan! 1102030interface FastEthernet 0/1 switchport mode trunk switchport trunk native vlan! interface FastEthernet 0/2 switchport mode trunk switchport trunk native v

32、lan! interface FastEthernet 0/10 switchport mode trunk switchport trunk native vlan! interface FastEthernet 0/20 switchport mode trunk switchport trunk native vlan! 4093409340934093 interface FastEthernet 0/24 switchport mode trunk ! interface Vlan 1 ip address 192.168.1.254 255.255.255.0! interface

33、 Vlan 10 ip address 172.16.10.1 255.255.255.0! interface Vlan 20 ip address 172.16.20.1 255.255.255.0! interface Vlan 30 255.255.255.0ip address 172.16.30.1! interface Vlan 1014 ip address 192.168.128.44 255.255.255.248! interface Vlan 1024 ip address 192.168.129.44 255.255.255.248 ip ospf cost 100

34、! router ospf area 0.0.0.0 network 172.16.0.0 255.255.0.0 area 0.0.0.0network 192.168.0.0 255.255.0.0 area! end (4) S3550-B 的配置S3550-B#sh run Building configuration. Current configuration : 1011 bytes ! version 1.0 ! hostname S3550-B 0.0.0.01vlan! vlan! vlan! vlan! 506070 interface FastEthernet 0/1

35、switchport mode trunk switchport trunk native vlan! interface FastEthernet 0/2 switchport mode trunk switchport trunk native vlan! interface FastEthernet 0/10 switchport mode trunk switchport trunk native vlan! interface FastEthernet 0/20 switchport mode trunk switchport trunk native vlan! interface

36、 FastEthernet 0/24 switchport mode trunk ! interface Vlan 1 4093409340934093ip address 192.168.2.254 255.255.255.0! interface Vlan 50 255.255.255.0ip address 172.18.50.1! interface Vlan 60 ip address 172.18.60.1! interface Vlan 70 ip address 172.18.70.1! interface Vlan 1016 255.255.255.0255.255.255.

37、0ip address 192.168.128.66 255.255.255.248 ip ospf cost 60 ! interface Vlan 1026 ip address 192.168.129.66 255.255.255.248 ! router ospf area 0.0.0.0 network 172.18.0.0 255.255.0.0 area 0.0.0.0 network 192.168.0.0 255.255.0.0 area 0.0.0.0! end (5) S2150G-A1 的配置S2150G-A#sh run Building configuration.

38、 Current configuration : 2083 bytes! version 1.0 ! hostname S2150G-Avlan! vlan! vlan! vlan! 1102030enable secret level 1 5 #E,1u_;Cq&-8U0H enable secret level 15 5 #/-aehq1dfimLqtbcknAq7zyglow! interface fastEthernet 0/1 switchport access vlan 10 ! interface fastEthernet 0/2 switchport access vlan 1

39、0 ! interface fastEthernet 0/3 switchport access vlan 10 ! interface fastEthernet 0/4 switchport access vlan 10 ! interface fastEthernet 0/5 switchport access vlan 10 ! interface fastEthernet 0/6 switchport access vlan 10 ! interface fastEthernet 0/7 switchport access vlan 10 ! interface fastEtherne

40、t 0/8 switchport access vlan 10 ! interface fastEthernet 0/9 switchport access vlan 10! interface fastEthernet 0/10 switchport access vlan 10! interface fastEthernet 0/11 switchport access vlan 20! interface fastEthernet 0/12 switchport access vlan 20! interface fastEthernet 0/13 switchport access v

41、lan 20! interface fastEthernet0/14switchport access vlan 20! interface fastEthernet 0/15 switchport access vlan 20! interface fastEthernet 0/16 switchport access vlan 20! interface fastEthernet 0/17 switchport access vlan 20! interface fastEthernet 0/18 switchport access vlan 20! interface fastEther

42、net 0/19 switchport access vlan 20! interface fastEthernet 0/20 switchport access vlan 20! interface fastEthernet 0/21 switchport access vlan 30! interface fastEthernet 0/22 switchport access vlan 30! interface fastEthernet 0/23switchport access vlan 30 ! interface fastEthernet 0/24 switchport acces

43、s vlan 30 ! interface fastEthernet 0/25 switchport access vlan 30 ! interface fastEthernet 0/26 switchport access vlan 30 ! interface fastEthernet 0/27 switchport access vlan 30 ! interface fastEthernet 0/28 switchport access vlan 30 ! interface fastEthernet 0/29 switchport access vlan 30 ! interfac

44、e fastEthernet 0/30 switchport access vlan 30 ! interface fastEthernet 0/48 switchport mode trunk ! interface Vlan 1 ip address 192.168.1.1 255.255.255.0 ! ip default-gateway 192.168.1.254 ! end S2150G-A# (6) S2150G-B1 的配置S2150G-B#sh run Building configuration. Current configuration : 2061 bytes ! v

45、ersion 1.0 ! hostname S2150G-B vlan 1 ip address 172.18.50.10 255.255.255.0! vlan 50 ! vlan 60 ! vlan 70 ! enable secret level 1 5 #E,1u_;Cq&-8U0H5 #/-aehq1dfimLqtbcknAq7zyglowenable secret level 15! interface fastEthernet 0/1 switchport access vlan 50! interface fastEthernet 0/2 switchport access vlan 50! interface fastEthernet 0/3 switchport access vlan 50! interface fastEthernet 0/4 switchport access vlan 50! interface fastEthernet 0/5 switchport access vlan 50!

溫馨提示

  • 1. 本站所有資源如無特殊說明,都需要本地電腦安裝OFFICE2007和PDF閱讀器。圖紙軟件為CAD,CAXA,PROE,UG,SolidWorks等.壓縮文件請下載最新的WinRAR軟件解壓。
  • 2. 本站的文檔不包含任何第三方提供的附件圖紙等,如果需要附件,請聯系上傳者。文件的所有權益歸上傳用戶所有。
  • 3. 本站RAR壓縮包中若帶圖紙,網頁內容里面會有圖紙預覽,若沒有圖紙預覽就沒有圖紙。
  • 4. 未經權益所有人同意不得將文件中的內容挪作商業(yè)或盈利用途。
  • 5. 人人文庫網僅提供信息存儲空間,僅對用戶上傳內容的表現方式做保護處理,對用戶上傳分享的文檔內容本身不做任何修改或編輯,并不能對任何下載內容負責。
  • 6. 下載文件中如有侵權或不適當內容,請與我們聯系,我們立即糾正。
  • 7. 本站不保證下載資源的準確性、安全性和完整性, 同時也不承擔用戶因使用這些下載資源對自己和他人造成任何形式的傷害或損失。

評論

0/150

提交評論