實(shí)驗(yàn)3-大型(雙核心)網(wǎng)絡(luò)綜合實(shí)驗(yàn)(共12頁)

1、精選優(yōu)質(zhì)文檔-傾情為你奉上實(shí)驗(yàn)三 大型（雙核心）網(wǎng)絡(luò)綜合實(shí)驗(yàn)【實(shí)驗(yàn)名稱】 大型（雙核心）網(wǎng)絡(luò)綜合實(shí)驗(yàn)【實(shí)驗(yàn)原型】 某大型校園全網(wǎng)建設(shè)（采用設(shè)備： RG-WALL1500千兆防火墻、RG-S6810E、RG-S6806E多業(yè)務(wù)萬兆核心路由交換機(jī)、RG-S3550-24千兆三層路由交換機(jī)、RG-S2126G/50G千兆安全智能堆疊交換機(jī)）【實(shí)驗(yàn)?zāi)康摹?在實(shí)驗(yàn)室環(huán)境根據(jù)具體真實(shí)網(wǎng)絡(luò)建設(shè)搭建模擬環(huán)境進(jìn)行綜合應(yīng)用實(shí)驗(yàn)，指導(dǎo)學(xué)員如何規(guī)劃實(shí)施大型企業(yè)、校園雙核心網(wǎng)絡(luò)建設(shè)規(guī)劃【預(yù)備知識】 交換路由基礎(chǔ)， OSPF動(dòng)態(tài)路由、OSPF路由重分布、靜態(tài)路由、生成樹協(xié)議、端口鏡像、802.1QVlan、Vlan三層路

2、由、防火墻、SNMP、ACL訪問控制、安全控制等【背景描述】 某高校隨著學(xué)校教學(xué)和學(xué)生網(wǎng)上應(yīng)用的增長，校園網(wǎng)以光纖連接了全校近70棟樓宇，覆蓋了90%的教學(xué)辦公場所和75%的學(xué)生宿舍。共布有2萬多個(gè)網(wǎng)絡(luò)端口，其中約1.2萬多個(gè)布線端口連通了網(wǎng)絡(luò)設(shè)備，共接入計(jì)算機(jī)6千多臺，有固定注冊用戶約6000人。原有網(wǎng)絡(luò)設(shè)備已經(jīng)無法滿足新環(huán)境下的網(wǎng)絡(luò)應(yīng)用，因此該校決定重新規(guī)劃建設(shè)校園網(wǎng)，并提出了如下的需求： 要適應(yīng)學(xué)校的網(wǎng)絡(luò)特點(diǎn)要求：用戶數(shù)量龐大，網(wǎng)絡(luò)應(yīng)用復(fù)雜，不能在終端上限制網(wǎng)絡(luò)用戶行為，只能在網(wǎng)絡(luò)設(shè)備上解決網(wǎng)絡(luò)問題； 要能夠達(dá)到輕載要求：低負(fù)載，高帶寬，最簡單，最有效； 要具有先進(jìn)的技術(shù)性：支持線速轉(zhuǎn)發(fā)

3、，具備高密度的萬兆端口，核心設(shè)備支持T級以上的背板設(shè)計(jì)，硬件實(shí)現(xiàn)ACL、QoS、組播等功能； 要穩(wěn)定、可靠：確保物理層、鏈路層、網(wǎng)絡(luò)層、病毒環(huán)境下的穩(wěn)定、可靠； 要有健壯的安全：不以犧牲網(wǎng)絡(luò)性能為代價(jià)，實(shí)現(xiàn)病毒和攻擊的防護(hù)、用戶接入控制、路由協(xié)議安全； 要易于管理：具備網(wǎng)絡(luò)拓樸發(fā)現(xiàn)、網(wǎng)絡(luò)設(shè)備集中統(tǒng)一管理、性能監(jiān)視和預(yù)警、分類查看管理事件的能力； 要能實(shí)現(xiàn)彈性擴(kuò)展：包括背板帶寬、交換容量、轉(zhuǎn)發(fā)能力、端口密度、業(yè)務(wù)能力的可擴(kuò)展。建設(shè)后的網(wǎng)絡(luò)拓樸如下：【實(shí)現(xiàn)功能】 實(shí)現(xiàn)內(nèi)部網(wǎng)絡(luò)VLAN劃分，VLAN三層路由功能；并啟用OSPF路由協(xié)議、路由重分布，實(shí)現(xiàn)雙鏈路冗余備份；病毒攻擊防護(hù)、防掃描攻擊、出口實(shí)

4、現(xiàn)地址轉(zhuǎn)換、雙出口負(fù)載均衡冗余備份、啟用生成樹協(xié)議避免環(huán)路；啟用端口鏡像對出口流量進(jìn)行監(jiān)控，全網(wǎng)采用starview進(jìn)行網(wǎng)絡(luò)管理?！緦?shí)驗(yàn)拓?fù)洹?【實(shí)驗(yàn)設(shè)備】 出口設(shè)備：RG-WALL 100（或1000） 1臺；核心設(shè)備：S68系列（或S65/S35系列設(shè)備）2臺，配置千兆光纖接口4塊；匯聚設(shè)備：S3550-24 2臺，每臺配置2塊千兆光纖接口 ； 接入設(shè)備：S2126G二層交換機(jī)4臺； 實(shí)驗(yàn)PC：8臺；【實(shí)驗(yàn)步驟】 實(shí)驗(yàn)配置分為：（以下配置默認(rèn)在全局配置模式下進(jìn)行 ）。第一步：網(wǎng)絡(luò)設(shè)備的基本配置；第二步：ospf配置及其測試；第一步 基本配置(1) S2150G-A1基本配置hostname

5、 S2150G-A/交換機(jī)更名為S2150G-Avlan 1 !vlan 10 /創(chuàng)建VLAN10!vlan 20 /創(chuàng)建VLAN20!vlan 30 /創(chuàng)建VLAN30!interface range fastEthernet 0/1-10 /定義1-10 號端口 switchport access vlan 10 /將其加入VLAN10! interface range fastEthernet 0/11-20 /定義11-20 號端口 switchport access vlan 20 /將其加入VLAN20!interface range fastEthernet 0/21-30 /定

6、義21-30 號端口 switchport access vlan 30 /將其加入VLAN30 ! interface gigabitEthernet 1/1 /配置S2150G-A的上連光纖模塊 switchport mode trunk /將其配置為TRUNK 模式S2150G-B與S2150G-A的配置內(nèi)容基本相同，在此略過。(2) S3550-A1基本配置hostname S3550-A /交換機(jī)更名為S3550-Avlan 1!vlan 10 /創(chuàng)建VLAN10!vlan 20 /創(chuàng)建VLAN20!vlan 30 /創(chuàng)建VLAN30!vlan 1014 /創(chuàng)建VLAN1014!vl

7、an 1024 /創(chuàng)建VLAN1024 ! spanning-tree /啟動(dòng)生成樹協(xié)議interface GigabitEthernet 0/1 /配置1號千兆端口 flowcontrol auto switchport mode trunk /設(shè)置為TRUNK模式 switchport trunk native vlan 4093 !interface GigabitEthernet 0/2 flowcontrol auto switchport mode trunk switchport trunk native vlan 4093!interface GigabitEthernet 0

8、/3 switchport mode trunk!interface Vlan 10 ip address 172.16.10.1 255.255.255.0 /配置VLAN10 的IP地址!interface Vlan 20 ip address 172.16.20.1 255.255.255.0 /配置VLAN20的IP地址!interface Vlan 30 ip address 172.16.30.1 255.255.255.0 /配置VLAN30 的IP地址!interface Vlan 1014 ip address 192.168.128.44 255.255.255.248 /

9、配置VLAN1014的IP地址!interface Vlan 1024 ip address 192.168.129.44 255.255.255.248 /配置VLAN1024 的IP地址S3550B的配置基本相同，在此略過。(3) S6810E-A基本配置hostname S6810E-A /交換機(jī)更名為S6810E-A! spanning-tree /啟動(dòng)生成樹協(xié)議interface AggregatePort 1 /配置聚合端口 no switchport /將此端口轉(zhuǎn)為三層接口 ip address 192.168.128.1 255.255.255.248 /配置1號聚合端口的IP

10、地址!interface GigabitEthernet 3/1 medium-type fiber /設(shè)置接口連接線纜為光纖線纜switchport mode trunk /設(shè)置為TRUNK模式 switchport trunk native vlan 4093!interface GigabitEthernet 3/2 medium-type fiber switchport mode trunk switchport trunk native vlan 4093!interface GigabitEthernet 3/11 no switchport /將此端口轉(zhuǎn)為三層接口 port-g

11、roup 1 /將其加入1號聚合端口 !interface GigabitEthernet 3/12 no switchport /將此端口轉(zhuǎn)為三層接口 port-group 1 /將其加入1號聚合端口!interface Vlan 1014 ip address 192.168.128.45 255.255.255.248 /設(shè)置VLAN1014的IP地址!interface Vlan 1016 ip address 192.168.128.67 255.255.255.248 /設(shè)置VLAN1016的IP地址S6810E-B的配置基本相同，在此略過。第二步：ospf配置(1) S3550A

12、的路由配置interface Vlan 1024 ip address 192.168.129.44 255.255.255.248 ip ospf cost 100 /設(shè)置此鏈路OSPF代價(jià)為100!router ospf /啟用OSPF路由協(xié)議area 0.0.0.0 /區(qū)域0network 192.168.0.0 255.255.0.0 area 0.0.0.0 /公布本交換機(jī)的路由信息!(1) S6810E-A的路由配置interface AggregatePort 1 no switchport ip address 192.168.128.1 255.255.255.248 ip

13、ospf cost 1 /設(shè)置1號聚合端口的鏈路OSPF代價(jià)為1!interface Vlan 1016 ip address 192.168.128.67 255.255.255.248 ip ospf cost 60 /設(shè)置VLAN1016的鏈路OSPF代價(jià)為60!router ospf /啟動(dòng)OSPF路由協(xié)議area 0.0.0.0 /區(qū)域0network 192.168.0.0 255.255.0.0 area 0.0.0.0 /公布本交換機(jī)的路由信息!【問題與思考】1、 為什么把VLAN作為三層接口，這樣做的好處是什么？2、 為什么把端口配置為TRUNK模式，這樣做的好處是什么？ 【

14、參考配置】(1) S2150G-A 的參考配置專心-專注-專業(yè)S2150G-A#sh runBuilding configuration.Current configuration : 2083 bytes!version 1.0!hostname S2150G-Avlan 1!vlan 10!vlan 20!vlan 30!enable secret level 1 5 #E,1u_;Cq&-8U0<Dq'.tj9=Gq+/7R:>Henable secret level 15 5 #/-aehq1'dfimLqtbcknAq7zyglow!interfa

15、ce fastEthernet 0/1 switchport access vlan 10!interface fastEthernet 0/2 switchport access vlan 10! interface fastEthernet 0/3 switchport access vlan 10!interface fastEthernet 0/4 switchport access vlan 10!interface fastEthernet 0/5 switchport access vlan 10!interface fastEthernet 0/6 switchport acc

16、ess vlan 10!interface fastEthernet 0/7 switchport access vlan 10!interface fastEthernet 0/8 switchport access vlan 10!interface fastEthernet 0/9 switchport access vlan 10! interface fastEthernet 0/10 switchport access vlan 10!interface fastEthernet 0/11 switchport access vlan 20!interface fastEthern

17、et 0/12 switchport access vlan 20!interface fastEthernet 0/13 switchport access vlan 20!interface fastEthernet 0/14 switchport access vlan 20!interface fastEthernet 0/15 switchport access vlan 20!interface fastEthernet 0/16 switchport access vlan 20! interface fastEthernet 0/17 switchport access vla

18、n 20!interface fastEthernet 0/18 switchport access vlan 20!interface fastEthernet 0/19 switchport access vlan 20!interface fastEthernet 0/20 switchport access vlan 20!interface fastEthernet 0/21 switchport access vlan 30!interface fastEthernet 0/22 switchport access vlan 30!interface fastEthernet 0/

19、23 switchport access vlan 30! interface fastEthernet 0/24 switchport access vlan 30!interface fastEthernet 0/25 switchport access vlan 30!interface fastEthernet 0/26 switchport access vlan 30!interface fastEthernet 0/27 switchport access vlan 30!interface fastEthernet 0/28 switchport access vlan 30!

20、interface fastEthernet 0/29 switchport access vlan 30!interface fastEthernet 0/30 switchport access vlan 30! interface gigabitEthernet 1/1 switchport mode trunk!interface vlan 10!endS2150G-A#(2) S2150G-B 的參考配置S2150G-B#sh runBuilding configuration.Current configuration : 2061 bytes!version 1.0!hostna

21、me S2150G-Bvlan 1!vlan 50!vlan 60!vlan 70!enable secret level 1 5 #E,1u_;Cq&-8U0<Dq'.tj9=Gq+/7R:>Henable secret level 15 5 #/-aehq1'dfimLqtbcknAq7zyglow!interface fastEthernet 0/1 switchport access vlan 50!interface fastEthernet 0/2 switchport access vlan 50! interface fastEthernet

22、 0/3 switchport access vlan 50!interface fastEthernet 0/4 switchport access vlan 50!interface fastEthernet 0/5 switchport access vlan 50!interface fastEthernet 0/6 switchport access vlan 50!interface fastEthernet 0/7 switchport access vlan 50!interface fastEthernet 0/8 switchport access vlan 50!inte

23、rface fastEthernet 0/9 switchport access vlan 50! interface fastEthernet 0/10 switchport access vlan 50!interface fastEthernet 0/11 switchport access vlan 60!interface fastEthernet 0/12 switchport access vlan 60!interface fastEthernet 0/13 switchport access vlan 60!interface fastEthernet 0/14 switch

24、port access vlan 60!interface fastEthernet 0/15 switchport access vlan 60!interface fastEthernet 0/16 switchport access vlan 60! interface fastEthernet 0/17 switchport access vlan 60!interface fastEthernet 0/18 switchport access vlan 60!interface fastEthernet 0/19 switchport access vlan 60!interface

25、 fastEthernet 0/20 switchport access vlan 60!interface fastEthernet 0/21 switchport access vlan 70!interface fastEthernet 0/22 switchport access vlan 70!interface fastEthernet 0/23 switchport access vlan 70! interface fastEthernet 0/24 switchport access vlan 70!interface fastEthernet 0/25 switchport

26、 access vlan 70!interface fastEthernet 0/26 switchport access vlan 70!interface fastEthernet 0/27 switchport access vlan 70!interface fastEthernet 0/28 switchport access vlan 70!interface fastEthernet 0/29 switchport access vlan 70!interface fastEthernet 0/30 switchport access vlan 70! interface gig

27、abitEthernet 1/1 switchport mode trunk!endS2150G-B#(3) S3550-A的參考配置S3550-A#sh runSystem software version : 2.61 Build Aug 7 2005 ReleaseBuilding configuration.Current configuration : 997 bytes!version 1.0ip routing algorithm CRC32_UPPER!hostname S3550-Avlan 1!vlan 10!vlan 20!vlan 30!vlan 1014!vlan 1

28、024!enable secret level 1 5 #+/7R:>Hq,1u_;C,q-8U0<D+q.tj9=G1enable secret level 15 5 #tbcknAq7zyglowq-aehIq'dfimLM! spanning-tree interface GigabitEthernet 0/1 flowcontrol auto switchport mode trunk switchport trunk native vlan 4093!interface GigabitEthernet 0/2 flowcontrol auto switchport

29、 mode trunk switchport trunk native vlan 4093!interface GigabitEthernet 0/3 switchport mode trunk!interface Vlan 10 ip address 172.16.10.1 255.255.255.0 !interface Vlan 20 ip address 172.16.20.1 255.255.255.0 !interface Vlan 30 ip address 172.16.30.1 255.255.255.0 !interface Vlan 1014 ip address 192

30、.168.128.44 255.255.255.248 !interface Vlan 1024 ip address 192.168.129.44 255.255.255.248 ip ospf cost 100!router ospfarea 0.0.0.0network 192.168.0.0 255.255.0.0 area 0.0.0.0!endS3550-A#(4) S3550-B的參考配置S3550-B#sh runSystem software version : 2.61 Build Aug 7 2005 ReleaseBuilding configuration.Curre

31、nt configuration : 900 bytes!version 1.0ip routing algorithm CRC32_UPPER!hostname S3550-Bvlan 1!vlan 50!vlan 60!vlan 1016!vlan 1026!vlan 4093!enable secret level 1 5 #wNq&#Z1qIOrJ%(8qMpK*.tqxB"/7enable secret level 15 5 #Q8cgkE,qmdhl&-qPaein'.qbfjo+/!interface GigabitEthernet 0/1 sw

32、itchport mode trunk switchport trunk native vlan 4093!interface GigabitEthernet 0/2 switchport mode trunk switchport trunk native vlan 4093!interface GigabitEthernet 0/3 switchport mode trunk!interface Vlan 50 ip address 172.18.50.1 255.255.255.0 !interface Vlan 60 ip address 172.18.60.1 255.255.255

33、.0 !interface Vlan 1016 ip address 192.168.128.66 255.255.255.248 ip ospf cost 60!interface Vlan 1026 ip address 192.168.129.66 255.255.255.248 !interface Vlan 4093!router ospfarea 0.0.0.0network 192.168.0.0 255.255.0.0 area 0.0.0.0!endS3550-B#(5) S6810E-A的參考配置S6810E-A#sh runSystem software version

34、: 2.41(2) Build Sep 19 2005 RelBuilding configuration.Current configuration : 936 bytes!version 1.0install 3 12sfp/gtip routing algorithm CRC32_UPPER!hostname S6810E-Aenable secret level 1 5 #.Y*T7+.qtZV/,|qS(W&-/qX)sv'1enable secret level 15 5 #-aehIq'dfimLMqbcknAxqzyglowN! spanning-tre

35、e interface AggregatePort 1 no switchport ip address 192.168.128.1 255.255.255.248 ip ospf cost 1!interface GigabitEthernet 3/1 medium-type fiberswitchport mode trunk switchport trunk native vlan 4093!interface GigabitEthernet 3/2 medium-type fiberswitchport mode trunk switchport trunk native vlan 4093!interface GigabitEthernet 3/11 no switchport port-group 1 !interface GigabitEthernet 3/12 no switchport port-group 1 !interface Vlan 1014 ip addre