laitimes
return

Enterprise network configuration is a must-learn for beginners: The process of building from 0 to 1

author:Director Guo, a network engineer

Focus on the industry: the base camp of IT operation and maintenance

Access to 60 G's of network worker learning materials

课程视频 | 考试咨询 | 就业指导

Hello everyone, this is G-LAB IT. Today we will take you to learn how to build an enterprise network

01

Experimental topology

Enterprise network configuration is a must-learn for beginners: The process of building from 0 to 1

02

Topology requirements

Swap Section:

1. Configure e0/0/5 and e0/0/6 between SW1 and SW2 as manual eth-trunks and set the link number to eth-trunk 12

2. Configure all links between SW1, SW2, SW3, and SW4 as trunks

3. Create vlan10, vlan20, vlan11, vlan12 on SW1, SW2, SW3, SW4

4. Enable STP on SW1, SW2, SW3, and SW4

5. Set SW1 as the root switch for all VLANs and SW2 as the backup root switch for all VLANs

6. Assign PC3 and PC4 to vlan10, and PC7 and PC8 to vlan20

Routing Section:

1. The IP address plan is as follows:

vlan10 ----------- 10.1.10.0/24

vlan20 ----------- 10.1.20.0/24

vlan11 ----------- 10.1.11.0/24

vlan12 ----------- 10.1.12.0/24

R1-R2 ------------ 12.1.1.0/24

R2-Client2 ------------ 20.1.1.0/24

2. Set SW1 to vlan10 and vlan20 as the gateway, and the IP address is the last available IP address of the network segment corresponding to the vlan

3. Set SW2 as the backup gateway of vlan10 and vlan20, and the IP address is the second-to-last available IP address of the corresponding CIDR block of the vlan

4. Assign the e0/0/1 interface of SW1 to vlan11 and configure the first available IP address of the corresponding CIDR block for vlan11

5. Assign the e0/0/1 interface of SW2 to vlan 12 and configure the first available IP address of the corresponding network segment for vlan 12

6. Configure the g0/0/0 interface IP of R1 as the last available IP of the 10.1.11.0/24 segment

7. Configure the g0/0/1 interface IP of R1 to be the last available IP of the 10.1.12.0/24 network segment

8. Configure the IP addresses of the connected interfaces between R1 and R2, with R1 configuring the first available IP in the CIDR block and R2 configuring the second available IP in the CIDR block

9. Configure the IP address of the interface connected to R2-Client2, configure the first available IP of the CIDR block for Client2, and configure the last available IP for the CIDR block for R2

10. Run OSPF 100 on SW1, SW2, and R1 to declare the corresponding CIDR blocks of vlan10, vlan20, vlan11, and vlan12 to area0

11. Add a default static route on R1 to point the next hop to R2

12. On R1, advertise the default static route to OSPF 100

13. Run OSPF 200 between R1 and R2 and declare the CIDR block between R1 and R2 and R2-Client2 to area0

Access Control Section:

1. Configure PAT on R1 so that all hosts in vlan10 and vlan20 share the IP address 12.1.1.10/24 to access Client2

2. Hosts in vlan10 can access the web services of Client 2 but not the ftp services of Client 2, and hosts in vlan20 can access the ftp services of Client 2 but cannot access the web services of Client2. The rest of the traffic is not restricted

03

Procedure

SW1 configuration

vlan batch 10 to 12 20
stp mode stp
stp instance 0 priority 0
interface Vlanif10
 ip address 10.1.10.254 255.255.255.0
#
interface Vlanif11
 ip address 10.1.11.1 255.255.255.0
#
interface Vlanif20
 ip address 10.1.20.254 255.255.255.0

interface Eth-Trunk12
 port link-type trunk
 port trunk allow-pass vlan 2 to 4094
#
interface Ethernet0/0/1
 port link-type access
 port default vlan 11

interface Ethernet0/0/3
 port link-type trunk
 port trunk allow-pass vlan 2 to 4094
#
interface Ethernet0/0/4
 port link-type trunk
 port trunk allow-pass vlan 2 to 4094
#
interface Ethernet0/0/5
 eth-trunk 12
#
interface Ethernet0/0/6
 eth-trunk 12

ospf 100 router-id 1.1.1.1
 area 0.0.0.0
  network 10.1.10.0 0.0.0.255
  network 10.1.20.0 0.0.0.255
  network 10.1.11.0 0.0.0.255
#

SW2 configuration

vlan batch 10 to 12 20stp mode stp
stp instance 0 priority 4096

interface Vlanif10
 ip address 10.1.10.253 255.255.255.0
#
interface Vlanif12
 ip address 10.1.12.1 255.255.255.0
#
interface Vlanif20
 ip address 10.1.20.253 255.255.255.0

interface Eth-Trunk12
 port link-type trunk
 port trunk allow-pass vlan 2 to 4094
#
interface Ethernet0/0/1
 port link-type access
 port default vlan 12

interface Ethernet0/0/3
 port link-type trunk
 port trunk allow-pass vlan 2 to 4094
#
interface Ethernet0/0/4
 port link-type trunk
 port trunk allow-pass vlan 2 to 4094
#
interface Ethernet0/0/5
 eth-trunk 12
#
interface Ethernet0/0/6
 eth-trunk 12

ospf 100 router-id 2.2.2.2
 area 0.0.0.0
  network 10.1.10.0 0.0.0.255
  network 10.1.20.0 0.0.0.255
  network 10.1.12.0 0.0.0.255

SW3 configuration

vlan batch 10 to 12 20
stp mode stp
 interface Ethernet0/0/1 
port link-type access 
port default vlan 10 
interface Ethernet0/0/2 
port link-type access 
port default vlan 20 
interface Ethernet0/0/3 
port link-type trunk 
port trunk allow-pass vlan 2 to 4094

interface Ethernet0/0/4

 port link-type trunk port 
trunk allow-pass vlan 2 to 4094

SW4 configuration

vlan batch 10 to 12 20
stp mode stp
interface Ethernet0/0/1

 port link-type access
 port default vlan 10 
 interface Ethernet0/0/2 
port link-type access 
port default vlan 20

interface Ethernet0/0/3

 port link-type trunk
 port trunk allow-pass vlan 2 to 4094 
interface Ethernet0/0/4 
port link-type trunk 
port trunk allow-pass vlan 2 to 4094

AR1 configuration

acl number 2000  
 rule 5 permit source 10.1.10.0 0.0.0.255 
 rule 10 permit source 10.1.20.0 0.0.0.255 
#
acl number 3000  
 rule 5 permit tcp source 10.1.10.0 0.0.0.255 destination 20.1.1.1 0 destination
-port eq www 
 rule 10 deny tcp source 10.1.10.0 0.0.0.255 destination 20.1.1.1 0 destination-
port eq ftp 
 rule 15 permit tcp source 10.1.20.0 0.0.0.255 destination 20.1.1.1 0 destinatio
n-port eq ftp 
 rule 20 deny tcp source 10.1.20.0 0.0.0.255 destination 20.1.1.1 0 destination-
port eq www 

nat address-group 0 12.1.1.10 12.1.1.10
#
interface GigabitEthernet0/0/0
 ip address 10.1.11.254 255.255.255.0 
#
interface GigabitEthernet0/0/1
 ip address 10.1.12.254 255.255.255.0 
#
interface GigabitEthernet0/0/2
 ip address 12.1.1.1 255.255.255.0 
 traffic-filter outbound acl 3000
 nat outbound 2000 address-group 0 

ospf 100 router-id 3.3.3.3 
 default-route-advertise
 area 0.0.0.0 
  network 10.1.11.0 0.0.0.255 
  network 10.1.12.0 0.0.0.255 
#
ospf 200 router-id 3.3.3.3 
 area 0.0.0.0 
  network 12.1.1.0 0.0.0.255 
#
ip route-static 0.0.0.0 0.0.0.0 12.1.1.2

AR2 configuration

interface GigabitEthernet0/0/0
 ip address 20.1.1.254 255.255.255.0 

interface GigabitEthernet0/0/2
 ip address 12.1.1.2 255.255.255.0 

ospf 200 router-id 5.5.5.5 
 area 0.0.0.0 
  network 12.1.1.0 0.0.0.255 
  network 20.1.1.0 0.0.0.255
Enterprise network configuration is a must-learn for beginners: The process of building from 0 to 1

G-LAB IT LAB COURSE

Enterprise network configuration is a must-learn for beginners: The process of building from 0 to 1

If you plan to study and study the certificate, consult customer service

Internet
Previous: Kate helped King Charles become "more friendly" with four ways to be praised for his warm deeds!
Next: Tao Hong is so beautiful

Read on