标签:红色 路由 lin 互联网 服务商 ati 管理 访问 ges
本实例为大家分享利用OSPF、PAT、MSTP、DHCP、VLAN技术实现企业内外网的组建互通的过程,如下图所示
其中,红色区域代表ISP互联网服务商,蓝色区域代表公司内网,要求实现公司内外网互通,且可以访问内网的服务器和网络设备
实验要求如下:
1.内网交换机实现流量负载均衡;
2.企业内网使用OSPF路由协议;
3.确保PC1自动获取IP地址,且与PC2网络互通;
4.PC2可以远程访问内网交换机SW1;
5.Client1和访问内网Server1。
第一步:企业内网配置MSTP,实现流量负载均衡
SW1交换机配置
system-view
sysname SW1
vlan batch 10 20 30
port-group 1
group-member g0/0/10 g0/0/11
port link-type trunk
port trunk allow-pass vlan all
quit
interface g0/0/2
port link-type access
port default vlan 30
quit
stp region-configuration
region-name ntd
instance 10 vlan 10
instance 20 vlan 20
active region-configuration
quit
stp instance 10 root primary
stp instance 20 root primary
SW2交换机配置
system-view
sysname SW2
vlan batch 10 20 30
port-group 1
group-member eth0/0/10 eth0/0/11
port link-type trunk
port trunk allow-pass vlan all
quit
interface eth0/0/1
port link-type access
port default vlan 10
quit
stp region-configuration
region-name ntd
instance 10 vlan 10
instance 20 vlan 20
active region-configuration
quit
stp instance 10 root secondary
SW3交换机配置
system-view
sysname SW3
vlan batch 10 20 30
port-group 1
group-member eth0/0/10 eth0/0/11
port link-type trunk
port trunk allow-pass vlan all
quit
interface eth0/0/1
port link-type access
port default vlan 20
quit
stp region-configuration
region-name ntd
instance 10 vlan 10
instance 20 vlan 20
active region-configuration
quit
stp instance 20 root secondary
第二步:内外网网络地址配置
DHCP
system-view
sysname DHCP
interface G0/0/0
ip address 176.233.30.2 24
quit
SW1
interface Vlanif 1
ip address 176.233.100.2 24
quit
interface Vlanif 10
ip address 176.233.10.1 24
quit
interface Vlanif 20
ip address 176.233.20.1 24
quit
interface Vlanif 30
ip address 176.233.30.1 24
quit
R1
system-view
sysname R1
interface G0/0/1
ip address 176.233.100.1 24
interface g0/0/0
ip address 100.1.1.2 255.255.255.0
quit
R2
interface g0/0/0
ip address 100.1.1.1 24
interface g0/0/1
ip address 200.1.1.1 24
第三步:企业配置OSPF配置
DHCP
ospf 1 router-id 3.3.3.3
area 0
network 176.233.30.0 0.0.0.255
SW1
ospf 1 router-id 2.2.2.2
area 0
network 176.233.10.0 0.0.0.255
network 176.233.20.0 0.0.0.255
network 176.233.30.0 0.0.0.255
network 176.233.100.0 0.0.0.255
R1
ospf 1 router-id 1.1.1.1
area 0
network 176.233.100.0 0.0.0.255
ip route-static 0.0.0.0 0.0.0.0 100.1.1.1
default-route-advertise always
第四步:DHCP配置
DHCP
dhcp enable
interface G0/0/0
dhcp select global
quit
ip pool p1
network 176.233.10.0 mask 255.255.255.0
gateway-list 176.233.10.1
dns-list 10.10.10.10
SW1
dhcp enable
interface Vlanif 10
ip address 176.233.10.1 24
dhcp select relay
dhcp relay server-ip 176.233.30.2
quit
第五步:配置内网设备映射以及远程管理,
配置说明:对于PC1我们可使用Easy ip ,对于Server1和SW1使用NAT Server
R1上面配置NAT
acl 2000
rule 10 permit source 176.233.10.0 0.0.0.255
quit
interface g0/0/0
nat outbound 2000
nat server protocol tcp global current-interface 8080 inside 176.233.20.20 www
nat server protocol tcp global current-interface 8090 inside 176.233.100.2 telnet
SW1配置远程管理
user-interface vty 0 4
user privilege level 15
authentication-mode password
set authentication password cipher 123456
第六步:进行测试
PC1------------->PC2
PC2------------->SW1远程管理
Client1----------->Server1访问内网服务器
至此全部验证成功!!!!!!!
标签:红色 路由 lin 互联网 服务商 ati 管理 访问 ges
原文地址:https://blog.51cto.com/11806823/2354390