07：项目需求分析、技术方案选型、网络拓扑绘制、基础交换网络设计、内网优化、连接外网服务器 - CASE - 《网络运维与安全》

1 基础交换网络设计
2 内网优化
3 连接外网服务器

Top

基础交换网络设计
内网优化
连接外网服务器

1 基础交换网络设计

1.1 需求

1）公司有三个部门，为确保通信安全，每个部门都处于独立的广播域

2）每个部门的 IP 地址规划为： 192.168.xx.0/24

3）每个部门的主机均通过为 DHCP 服务器获取 IP 地址，并且每个部门的网关 IP 地址为 192.168.xx.254

1.2 方案

使用 eNSP 搭建实验环境，如图 - 1 所示。

CASE - 图1

图 - 1

1.3 步骤

实现此案例需要按照如下步骤进行。

步骤一：配置二层交换机


1.  <Huawei>undo terminal monitor
2.  <Huawei>system-view
3.  \[Huawei\]sysname sw1
5.  \[sw1\]vlan batch 10 20 30  50
7.  \[sw1\]interface e0/0/1
8.  \[sw1-Ethernet0/0/1\]port link-type access 
9.  \[sw1-Ethernet0/0/1\]port default vlan 10
11.  \[sw1\]interface e0/0/2
12.  \[sw1-Ethernet0/0/2\]port link-type trunk 
13.  \[sw1-Ethernet0/0/2\]port trunk allow-pass vlan all
14.  <Huawei>undo terminal monitor
15.  <Huawei>system-view
16.  \[Huawei\]sysname sw2
18.  \[sw2\]vlan batch 10 20 30  50
20.  \[sw2\]interface e0/0/1
21.  \[sw2-Ethernet0/0/1\]port link-type access 
22.  \[sw2-Ethernet0/0/1\]port default vlan 20
24.  \[sw2\]interface e0/0/2
25.  \[sw2-Ethernet0/0/2\]port link-type trunk
26.  \[sw2-Ethernet0/0/2\]port trunk allow-pass vlan all
27.  <Huawei>undo terminal monitor
28.  <Huawei>system-view
29.  \[Huawei\]sysname sw3
31.  \[sw3\]vlan batch 10 20 30  50
33.  \[sw3\]interface e0/0/1
34.  \[sw3-Ethernet0/0/1\]port link-type access 
35.  \[sw3-Ethernet0/0/1\]port default vlan 30
37.  \[sw3\]interface e0/0/2
38.  \[sw3-Ethernet0/0/2\]port link-type trunk
39.  \[sw3-Ethernet0/0/2\]port trunk allow-pass vlan all

步骤二：配置三层交换机


1.  <Huawei>undo terminal monitor
2.  <Huawei>system-view
3.  \[Huawei\]sysname sw5
5.  \[sw5\]vlan batch 10 20 30 50
7.  \[sw5\]port-group group-member g0/0/1 to g0/0/3
8.  \[sw5-port-group\]port link-type trunk
9.  \[sw5-port-group\]port trunk allow-pass vlan all
11.  \[sw5\]interface g0/0/5
12.  \[sw5-GigabitEthernet0/0/5\]port link-type access
13.  \[sw5-GigabitEthernet0/0/5\]port default vlan 50
15.  \[sw5\]int Vlanif 10
16.  \[sw5-Vlanif10\]ip address 192.168.10.251 24
17.  \[sw5\]int Vlanif 20
18.  \[sw5-Vlanif20\]ip address 192.168.20.251 24
19.  \[sw5\]int Vlanif 30
20.  \[sw5-Vlanif30\]ip address 192.168.30.251 24
21.  \[sw5\]int Vlanif 50
22.  \[sw5-Vlanif50\]ip address 192.168.50.251 24

步骤三：配置 DHCP 服务器


1.  <Huawei>undo terminal monitor
2.  <Huawei>system-view
3.  \[Huawei\]sysname dhcp
5.  \[dhcp\]dhcp enable
7.  \[dhcp\]ip pool vlan10
8.  \[dhcp-ip-pool-vlan10\]network 192.168.10.0 mask 24
9.  \[dhcp-ip-pool-vlan10\]gateway-list 192.168.10.254
10.  \[dhcp\]ip pool vlan20
11.  \[dhcp-ip-pool-vlan20\]network 192.168.20.0 mask 24
12.  \[dhcp-ip-pool-vlan20\]gateway-list 192.168.20.254
13.  \[dhcp\]ip pool vlan30
14.  \[dhcp-ip-pool-vlan30\]network 192.168.30.0 mask 24
15.  \[dhcp-ip-pool-vlan30\]gateway-list 192.168.30.254
17.  \[dhcp\]int g0/0/0
18.  \[dhcp-GigabitEthernet0/0/0\]ip address 192.168.50.1 24
19.  \[dhcp-GigabitEthernet0/0/0\]dhcp select global
21.  \[dhcp\]ip route-static 0.0.0.0 0 192.168.50.251

步骤四：配置 DHCP 中继代理


1.  \[sw5\]dhcp enable
3.  \[sw5\]int Vlanif 10
4.  \[sw5-Vlanif10\]dhcp select relay
5.  \[sw5-Vlanif10\]dhcp relay server-ip 192.168.50.1
7.  \[sw5\]int Vlanif 20
8.  \[sw5-Vlanif20\]dhcp select relay
9.  \[sw5-Vlanif20\]dhcp relay server-ip 192.168.50.1
11.  \[sw5\]int Vlanif 30
12.  \[sw5-Vlanif30\]dhcp select relay
13.  \[sw5-Vlanif30\]dhcp relay server-ip 192.168.50.1

步骤四：测试客户机

使用 ipconfig 命令测试

2 内网优化

2.1 问题

1）所有部门中都使用了网关冗余技术，为了增强网关稳定性和冗余性

2）交换机之间存在很多冗余链路，必须防止环路的发生，并且能够提高链路的利用率

3）要求每个部门的主机访问其他主机时，使用的都是最优的转发路径

2.2 方案

使用 eNSP 搭建实验环境，如图 - 2 所示。

CASE - 图2

图 - 2

2.3 步骤

实现此案例需要按照如下步骤进行。

1）配置 sw6


1.  <Huawei>undo terminal monitor
2.  <Huawei>system-view
3.  \[Huawei\]sysname sw6
5.  \[sw6\]vlan batch 10 20 30  50
7.  \[sw6\]port-group group-member gi0/0/1 to gi0/0/3 gi0/0/6
8.  \[sw6-port-group\]port link-type trunk
9.  \[sw6-port-group\]port trunk allow-pass vlan all
11.  \[sw6\]int Vlanif 10
12.  \[sw6-Vlanif10\]ip address 192.168.10.252 24
13.  \[sw6\]int Vlanif 20
14.  \[sw6-Vlanif20\]ip address 192.168.20.252 24
15.  \[sw6\]int Vlanif 30
16.  \[sw6-Vlanif30\]ip address 192.168.30.252 24

2）配置 sw5


1.  \[sw5\]int g0/0/6
2.  \[sw5-GigabitEthernet0/0/6\]port link-type trunk
3.  \[sw5-GigabitEthernet0/0/6\]port trunk allow-pass vlan all

3）配置 sw1/sw2/sw3 与 sw6 相连的端口为 trunk 模式


1.  \[sw1\]int e0/0/3
2.  \[sw1-Ethernet0/0/3\]port link-type trunk
3.  \[sw1-Ethernet0/0/3\]port trunk allow-pass vlan all
5.  \[sw2\]int e0/0/3
6.  \[sw2-Ethernet0/0/3\]port link-type trunk
7.  \[sw2-Ethernet0/0/3\]port trunk allow-pass vlan all
9.  \[sw3\]int e0/0/3
10.  \[sw3-Ethernet0/0/3\]port link-type trunk
11.  \[sw3-Ethernet0/0/3\]port trunk allow-pass vlan all

4）配置 VRRP 协议


1.  \[sw5\]int Vlanif 10
2.  \[sw5-Vlanif10\]vrrp vrid 10 virtual-ip 192.168.10.254
3.  \[sw5-Vlanif10\]vrrp vrid 10 priority 200
5.  \[sw5\]int Vlanif 20
6.  \[sw5-Vlanif20\]vrrp vrid 20 virtual-ip 192.168.20.254
7.  \[sw5-Vlanif20\]vrrp vrid 20 priority 200
9.  \[sw5\]int Vlanif 30
10.  \[sw5-Vlanif30\]vrrp vrid 10 virtual-ip 192.168.30.254
14.  \[sw6\]int Vlanif 10
15.  \[sw6-Vlanif10\]vrrp vrid 10 virtual-ip 192.168.10.254
17.  \[sw6\]int Vlanif 20
18.  \[sw6-Vlanif20\]vrrp vrid 20 virtual-ip 192.168.20.254
20.  \[sw6\]int Vlanif 30
21.  \[sw6-Vlanif30\]vrrp vrid 30 virtual-ip 192.168.30.254
22.  \[sw6-Vlanif30\]vrrp vrid 30 priority 200

5）验证 VRRP 状态


1.  \[sw5\]display vrrp brief                 //查看VRRP协议信息
2.  VRID  State        Interface                Type     Virtual IP     
3.  \-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-
4.  10    Master       Vlanif10                 Normal   192.168.10.254 
5.  20    Master       Vlanif20                 Normal   192.168.20.254 
6.  30    Backup       Vlanif30                 Normal   192.168.30.254 
9.  \[sw6\]display vrrp brief 
10.  VRID  State        Interface                Type     Virtual IP     
11.  \-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-
12.  10    Backup       Vlanif10                 Normal   192.168.10.254 
13.  20    Backup       Vlanif20                 Normal   192.168.20.254 
14.  30    Master       Vlanif30                 Normal   192.168.30.254 
15.  \-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-

5）配置 SW6 为 vlan10/20/30 的 DHCP 中继


1.  \[sw6\]dhcp enable
3.  \[sw6\]int Vlanif 10
4.  \[sw6-Vlanif10\]dhcp select relay
5.  \[sw6-Vlanif10\]dhcp relay server-ip 192.168.50.1
7.  \[sw6\]int Vlanif 20
8.  \[sw6-Vlanif20\]dhcp select relay
9.  \[sw6-Vlanif20\]dhcp relay server-ip 192.168.50.1
11.  \[sw6\]int Vlanif 30
12.  \[sw6-Vlanif30\]dhcp select relay
13.  \[sw6-Vlanif30\]dhcp relay server-ip 192.168.50.1
15.  \[sw6\]int Vlanif 50
16.  \[sw6-Vlanif50\]ip address 192.168.50.252 24

6）sw1/sw2/sw3/sw5/sw6 MSTP 基本配置


1.      stp region-configuration
2.      region-name ntd
3.      instance 10 vlan 10
4.      instance 20 vlan 20
5.      instance 30 vlan 30
6.      active region-configuration

7）指定每个生成树实例的主根网桥和备份根网桥


1.  \[sw5\]stp instance 10 priority 0
2.  \[sw5\]stp instance 20 priority 0
3.  \[sw5\]stp instance 30 priority 4096
5.  \[sw6\]stp instance 10 priority 4096
6.  \[sw6\]stp instance 20 priority 4096
7.  \[sw6\]stp instance 30 priority 0

3 连接外网服务器

3.1 问题

1）公司有一个出口设备 R1，连接一台外网的 Web 服务器

2）内网大量主机都需要访问这台外网的 Web 服务器

3.2 方案

使用 eNSP 搭建实验环境，如图 - 3 所示。

CASE - 图3

图 - 3

3.3 步骤

实现此案例需要按照如下步骤进行。

1）配置 sw5


1.  \[sw5\]vlan 15
2.  \[sw5\]int g0/0/7
3.  \[sw5-GigabitEthernet0/0/7\]port link-type access
4.  \[sw5-GigabitEthernet0/0/7\]port default vlan 15
5.  \[sw5\]int Vlanif 15
6.  \[sw5-Vlanif15\]ip address 192.168.15.5 24
8.  \[sw5\]ip route-static 0.0.0.0 0 192.168.15.1

2）配置 sw6


1.  \[sw6\]vlan 16
2.  \[sw6-vlan16\]q
3.  \[sw6\]int g0/0/7
4.  \[sw6-GigabitEthernet0/0/7\]port link-type access
5.  \[sw6-GigabitEthernet0/0/7\]port default vlan 16
6.  \[sw6-GigabitEthernet0/0/7\]quit
7.  \[sw6\]int vlanif 16
8.  \[sw6-Vlanif16\]ip address 192.168.16.6 24
9.  \[sw6-Vlanif16\]quit
11.  \[sw6\]ip route-static 0.0.0.0 0 192.168.16.1

3）配置 r1


1.  <Huawei>undo terminal monitor 
2.  <Huawei>system-view
3.  \[Huawei\]sysname r1
4.  \[r1\]interface g0/0/0
5.  \[r1-GigabitEthernet0/0/0\]ip address 192.168.15.1 24
7.  \[r1-\]interface g0/0/1
8.  \[r1-GigabitEthernet0/0/1\]ip address 192.168.16.1 24
10.  \[r1-\]interface g0/0/2
11.  \[r1-GigabitEthernet0/0/2\]ip address 100.1.1.1 24
13.  \[r1\]ip route-static 192.168.10.0 24 192.168.15.5 
14.  \[r1\]ip route-static 192.168.10.0 24 192.168.16.6 preference 100
15.  \[r1\]ip route-static 192.168.20.0 24 192.168.15.5
16.  \[r1\]ip route-static 192.168.20.0 24 192.168.16.6 preference 100
18.  \[r1\]ip route-static 192.168.30.0 24 192.168.16.6 
19.  \[r1\]ip route-static 192.168.30.0 24 192.168.15.5 preference 100
21.  \[r1\]ip route-static 200.1.1.0 24 100.1.1.2

4）配置 r2


1.  <Huawei>undo terminal monitor
2.  <Huawei>system-view
3.  \[Huawei\]sysname r2
4.  \[r2\]interface g0/0/2
5.  \[r2-GigabitEthernet0/0/2\]ip address 100.1.1.2 24
7.  \[r2-\]interface g0/0/1
8.  \[r2-GigabitEthernet0/0/1\]ip address 200.1.1.254 24
10.  \[r2\]ip route-static 192.168.0.0 16 100.1.1.1

5）配置外网服务器，如图 - 4 所示。

CASE - 图4

图 - 4
https://tts.tmooc.cn/ttsPage/NTD/NTDTN202109/TCNA/DAY07/CASE/01/index.html