Focus on the industry: the base camp of IT operation and maintenance
Access to 60 G's of network worker learning materials
课程视频 | 考试咨询 | 就业指导
Hello everyone, this is G-LAB IT. Today we will take you to learn how to build an enterprise network
01
Experimental topology
02
Topology requirements
Swap Section:
1. Configure e0/0/5 and e0/0/6 between SW1 and SW2 as manual eth-trunks and set the link number to eth-trunk 12
2. Configure all links between SW1, SW2, SW3, and SW4 as trunks
3. Create vlan10, vlan20, vlan11, vlan12 on SW1, SW2, SW3, SW4
4. Enable STP on SW1, SW2, SW3, and SW4
5. Set SW1 as the root switch for all VLANs and SW2 as the backup root switch for all VLANs
6. Assign PC3 and PC4 to vlan10, and PC7 and PC8 to vlan20
Routing Section:
1. The IP address plan is as follows:
vlan10 ----------- 10.1.10.0/24
vlan20 ----------- 10.1.20.0/24
vlan11 ----------- 10.1.11.0/24
vlan12 ----------- 10.1.12.0/24
R1-R2 ------------ 12.1.1.0/24
R2-Client2 ------------ 20.1.1.0/24
2. Set SW1 to vlan10 and vlan20 as the gateway, and the IP address is the last available IP address of the network segment corresponding to the vlan
3. Set SW2 as the backup gateway of vlan10 and vlan20, and the IP address is the second-to-last available IP address of the corresponding CIDR block of the vlan
4. Assign the e0/0/1 interface of SW1 to vlan11 and configure the first available IP address of the corresponding CIDR block for vlan11
5. Assign the e0/0/1 interface of SW2 to vlan 12 and configure the first available IP address of the corresponding network segment for vlan 12
6. Configure the g0/0/0 interface IP of R1 as the last available IP of the 10.1.11.0/24 segment
7. Configure the g0/0/1 interface IP of R1 to be the last available IP of the 10.1.12.0/24 network segment
8. Configure the IP addresses of the connected interfaces between R1 and R2, with R1 configuring the first available IP in the CIDR block and R2 configuring the second available IP in the CIDR block
9. Configure the IP address of the interface connected to R2-Client2, configure the first available IP of the CIDR block for Client2, and configure the last available IP for the CIDR block for R2
10. Run OSPF 100 on SW1, SW2, and R1 to declare the corresponding CIDR blocks of vlan10, vlan20, vlan11, and vlan12 to area0
11. Add a default static route on R1 to point the next hop to R2
12. On R1, advertise the default static route to OSPF 100
13. Run OSPF 200 between R1 and R2 and declare the CIDR block between R1 and R2 and R2-Client2 to area0
Access Control Section:
1. Configure PAT on R1 so that all hosts in vlan10 and vlan20 share the IP address 12.1.1.10/24 to access Client2
2. Hosts in vlan10 can access the web services of Client 2 but not the ftp services of Client 2, and hosts in vlan20 can access the ftp services of Client 2 but cannot access the web services of Client2. The rest of the traffic is not restricted
03
Procedure
SW1 configuration
vlan batch 10 to 12 20
stp mode stp
stp instance 0 priority 0
interface Vlanif10
ip address 10.1.10.254 255.255.255.0
#
interface Vlanif11
ip address 10.1.11.1 255.255.255.0
#
interface Vlanif20
ip address 10.1.20.254 255.255.255.0
interface Eth-Trunk12
port link-type trunk
port trunk allow-pass vlan 2 to 4094
#
interface Ethernet0/0/1
port link-type access
port default vlan 11
interface Ethernet0/0/3
port link-type trunk
port trunk allow-pass vlan 2 to 4094
#
interface Ethernet0/0/4
port link-type trunk
port trunk allow-pass vlan 2 to 4094
#
interface Ethernet0/0/5
eth-trunk 12
#
interface Ethernet0/0/6
eth-trunk 12
ospf 100 router-id 1.1.1.1
area 0.0.0.0
network 10.1.10.0 0.0.0.255
network 10.1.20.0 0.0.0.255
network 10.1.11.0 0.0.0.255
#
SW2 configuration
vlan batch 10 to 12 20stp mode stp
stp instance 0 priority 4096
interface Vlanif10
ip address 10.1.10.253 255.255.255.0
#
interface Vlanif12
ip address 10.1.12.1 255.255.255.0
#
interface Vlanif20
ip address 10.1.20.253 255.255.255.0
interface Eth-Trunk12
port link-type trunk
port trunk allow-pass vlan 2 to 4094
#
interface Ethernet0/0/1
port link-type access
port default vlan 12
interface Ethernet0/0/3
port link-type trunk
port trunk allow-pass vlan 2 to 4094
#
interface Ethernet0/0/4
port link-type trunk
port trunk allow-pass vlan 2 to 4094
#
interface Ethernet0/0/5
eth-trunk 12
#
interface Ethernet0/0/6
eth-trunk 12
ospf 100 router-id 2.2.2.2
area 0.0.0.0
network 10.1.10.0 0.0.0.255
network 10.1.20.0 0.0.0.255
network 10.1.12.0 0.0.0.255
SW3 configuration
vlan batch 10 to 12 20
stp mode stp
interface Ethernet0/0/1
port link-type access
port default vlan 10
interface Ethernet0/0/2
port link-type access
port default vlan 20
interface Ethernet0/0/3
port link-type trunk
port trunk allow-pass vlan 2 to 4094
interface Ethernet0/0/4
port link-type trunk port
trunk allow-pass vlan 2 to 4094
SW4 configuration
vlan batch 10 to 12 20
stp mode stp
interface Ethernet0/0/1
port link-type access
port default vlan 10
interface Ethernet0/0/2
port link-type access
port default vlan 20
interface Ethernet0/0/3
port link-type trunk
port trunk allow-pass vlan 2 to 4094
interface Ethernet0/0/4
port link-type trunk
port trunk allow-pass vlan 2 to 4094
AR1 configuration
acl number 2000
rule 5 permit source 10.1.10.0 0.0.0.255
rule 10 permit source 10.1.20.0 0.0.0.255
#
acl number 3000
rule 5 permit tcp source 10.1.10.0 0.0.0.255 destination 20.1.1.1 0 destination
-port eq www
rule 10 deny tcp source 10.1.10.0 0.0.0.255 destination 20.1.1.1 0 destination-
port eq ftp
rule 15 permit tcp source 10.1.20.0 0.0.0.255 destination 20.1.1.1 0 destinatio
n-port eq ftp
rule 20 deny tcp source 10.1.20.0 0.0.0.255 destination 20.1.1.1 0 destination-
port eq www
nat address-group 0 12.1.1.10 12.1.1.10
#
interface GigabitEthernet0/0/0
ip address 10.1.11.254 255.255.255.0
#
interface GigabitEthernet0/0/1
ip address 10.1.12.254 255.255.255.0
#
interface GigabitEthernet0/0/2
ip address 12.1.1.1 255.255.255.0
traffic-filter outbound acl 3000
nat outbound 2000 address-group 0
ospf 100 router-id 3.3.3.3
default-route-advertise
area 0.0.0.0
network 10.1.11.0 0.0.0.255
network 10.1.12.0 0.0.0.255
#
ospf 200 router-id 3.3.3.3
area 0.0.0.0
network 12.1.1.0 0.0.0.255
#
ip route-static 0.0.0.0 0.0.0.0 12.1.1.2
AR2 configuration
interface GigabitEthernet0/0/0
ip address 20.1.1.254 255.255.255.0
interface GigabitEthernet0/0/2
ip address 12.1.1.2 255.255.255.0
ospf 200 router-id 5.5.5.5
area 0.0.0.0
network 12.1.1.0 0.0.0.255
network 20.1.1.0 0.0.0.255
G-LAB IT LAB COURSE
If you plan to study and study the certificate, consult customer service