路由重分发三层交换机综合应用.docx
《路由重分发三层交换机综合应用.docx》由会员分享,可在线阅读,更多相关《路由重分发三层交换机综合应用.docx(13页珍藏版)》请在冰豆网上搜索。
路由重分发三层交换机综合应用
RIP,OSPF,VTP,PVST,NAT,VPN,HSRP,路由重分发,三层交换机综合应用(内含配置命令)~
1.jpg(21.03KB)
2011-10-322:
34
网络拓扑如上图
R1E0/3<---->R2E0/3
R1E0/1<---->3L-1F0/0
R1E0/2<---->3L-2F0/0
3L-1F0/1<---->3L-2F0/1
3L-1F0/2<---->3L-2F0/2
3L-1F0/3<---->SW1F0/0
3L-1F0/4<---->SW2F0/0
3L-1F0/5<---->SW3F0/0
3L-2F0/3<---->SW1F0/1
3L-2F0/4<---->SW2F0/1
3L-2F0/5<---->SW3F0/1
PC1<---->SW1F0/15
PC2<---->SW2F0/9
PC3<---->SW3F0/15
网络地址规划
R1e0/1:
172.16.1.124 e0/2:
172.16.2.124 e0/3172.16.3.124 l0:
192.168.100.124
R2 e0/3:
172.16.3.124
3L-1f0/0:
172.16.1.224 f0/5:
192.168.10.124 l0:
192.168.100.224
vlan1:
10.10.1.124 vlan210.10.2.224
3L-2 f0/0:
:
172.16.2.224 f0/5:
192.168.10.224 l0:
192.168.100.3
vlan1:
10.10.1.224 valn210.10.2.124
网络拓扑注解:
R1运行两种路由协议ospf和rip,需要配置路由重分发,配置vpn,对端路由为R2,配置PAT
R2运行ospf路由协议,配置vpn,对端路由为R1
3L-1运行rip路由协议,f0/1-4trunk 运行vtp(server),pvst(vlan1根)vlan1走f0/1-f0/1
3L-2运行rip路由协议,f0/1-4trunk 运行vtp(client),pvst(vlan2根)vlan2走f0/2-f0/2
SW1f0/0-1trunk 运行vtp(client),f0/10-15属于vlan1
SW1f0/0-1trunk 运行vtp(client),f0/10-15属于vlan2
3-L1和3L-2的f0/5配置HSRP,虚拟ip为192.168.1.254
PC1属于vlan2 ip:
10.10.2.224
PC2属于vlan1 ip:
10.10.1.224
pc3不属于任何valn,网关地址为HSRP的虚拟ip地址:
192.168.1.254
R1showrun
version12.4
servicetimestampsdebugdatetimemsec
servicetimestampslogdatetimemsec
noservicepassword-encryption
!
hostnameR1
!
boot-start-marker
boot-end-marker
!
enablesecret5$1$umYv$gzWXgvkDBL/BYOXFtqiuC/
!
noaaanew-model
memory-sizeiomem5
!
!
ipcef
!
!
!
!
!
!
!
cryptoisakmppolicy1
hashmd5
authenticationpre-share
cryptoisakmpkeywocaoaddress172.16.3.2
!
!
cryptoipsectransform-setwocaoah-md5-hmacesp-des
!
cryptomapwocaomap1ipsec-isakmp
setpeer172.16.3.2
settransform-setwocao
matchaddress101
!
!
!
!
interfaceLoopback0
ipaddress192.168.100.1255.255.255.0
!
interfaceEthernet0/0
noipaddress
shutdown
half-duplex
!
interfaceEthernet0/1
ipaddress172.16.1.1255.255.255.0
ipnatinside
ipvirtual-reassembly
full-duplex
!
interfaceEthernet0/2
ipaddress172.16.2.1255.255.255.0
ipnatinside
ipvirtual-reassembly
full-duplex
!
interfaceEthernet0/3
ipaddress172.16.3.1255.255.255.0
ipnatoutside
ipvirtual-reassembly
half-duplex
cryptomapwocaomap
!
routerospf99
log-adjacency-changes
redistributeripmetric200subnets
network172.16.3.00.0.0.255area0
!
routerrip
version2
redistributeospf99metric10
passive-interfaceEthernet0/3
network172.16.0.0
network192.168.100.0
default-metric10
noauto-summary
!
iphttpserver
noiphttpsecure-server
iproute172.16.4.0255.255.255.0172.16.3.2
!
!
ipnatpoolaa172.16.3.1172.16.3.1netmask255.255.255.0
ipnatinsidesourcelist1poolaaoverload
!
access-list1permitany
access-list101permitipanyany
!
!
!
control-plane
!
!
!
!
!
!
!
!
!
!
linecon0
password123
login
lineaux0
linevty04
password123
login
!
!
end
3L1 showrun
version12.4
servicetimestampsdebugdatetimemsec
servicetimestampslogdatetimemsec
noservicepassword-encryption
!
hostname3L-1
!
boot-start-marker
boot-end-marker
!
enablesecret5$1$//zP$lPgMdVV.vfFHlAb7q79uI0
!
noaaanew-model
memory-sizeiomem5
!
!
ipcef
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
spanning-treevlan1priority8192
!
!
!
!
!
!
interfaceLoopback0
ipaddress192.168.100.2255.255.255.0
!
interfaceFastEthernet0/0
noswitchport
ipaddress172.16.1.2255.255.255.0
duplexfull
speed10
!
interfaceFastEthernet0/1
switchportmodetrunk
!
interfaceFastEthernet0/2
switchportmodetrunk
spanning-treevlan2cost18
!
interfaceFastEthernet0/3
switchportmodetrunk
!
interfaceFastEthernet0/4
switchportmodetrunk
!
interfaceFastEthernet0/5
noswitchport
ipaddress192.168.10.1255.255.255.0
noipredirects
standby10ip192.168.10.254
standby10priority200
standby10preempt
!
interfaceFastEthernet0/6
!
interfaceFastEthernet0/7
!
interfaceFastEthernet0/8
!
interfaceFastEthernet0/9
!
interfaceFastEthernet0/10
!
interfaceFastEthernet0/11
!
interfaceFastEthernet0/12
!
interfaceFastEthernet0/13
!
interfaceFastEthernet0/14
!
interfaceFastEthernet0/15
!
interfaceVlan1
ipaddress10.10.1.1255.255.255.0
!
interfaceVlan2
ipaddress10.10.2.2255.255.255.0
!
routerrip
version2
network10.0.0.0
network172.16.0.0
network192.168.10.0
network192.168.100.0
noauto-summary
!
ipdefault-gateway172.16.1.1
iphttpserver
noiphttpsecure-server
!
!
!
!
!
!
control-plane
!
!
!
!
!
!
!
!
!
!
linecon0
password123
login
lineaux0
linevty04
password1234
login
!
!
end
3L-2 showrun
version12.4
servicetimestampsdebugdatetimemsec
servicetimestampslogdatetimemsec
noservicepassword-encryption
!
hostname3L-2
!
boot-start-marker
boot-end-marker
!
enablesecret5$1$9tKe$1esJ.DvKlRLyVeEAYFvlz0
!
noaaanew-model
memory-sizeiomem5
!
!
ipcef
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
spanning-treevlan2priority4096
!
!
!
!
!
!
interfaceLoopback0
ipaddress192.168.100.3255.255.255.0
!
interfaceFastEthernet0/0
noswitchport
ipaddress172.16.2.2255.255.255.0
duplexfull
speed10
!
interfaceFastEthernet0/1
switchportmodetrunk
!
interfaceFastEthernet0/2
switchportmodetrunk
!
interfaceFastEthernet0/3
switchportmodetrunk
!
interfaceFastEthernet0/4
switchportmodetrunk
!
interfaceFastEthernet0/5
noswitchport
ipaddress192.168.10.2255.255.255.0
noipredirects
standby10ip192.168.10.254
standby10priority150
!
interfaceFastEthernet0/6
!
interfaceFastEthernet0/7
!
interfaceFastEthernet0/8
!
interfaceFastEthernet0/9
!
interfaceFastEthernet0/10
!
interfaceFastEthernet0/11
!
interfaceFastEthernet0/12
!
interfaceFastEthernet0/13
!
interfaceFastEthernet0/14
!
interfaceFastEthernet0/15
!
interfaceVlan1
ipaddress10.10.1.2255.255.255.0
!
interfaceVlan2
ipaddress10.10.2.1255.255.255.0
!
routerrip
version2
network10.0.0.0
network172.16.0.0
network192.168.10.0
network192.168.100.0
noauto-summary
!
ipdefault-gateway172.16.2.1
iphttpserver
noiphttpsecure-server
!
!
!
!
!
!
control-plane
!
!
!
!
!
!
!
!
!
!
linecon0
password123
login
lineaux0
linevty04
password123
login
!
!
end
部分配置命令:
路由重分发:
把rip重发到ospf网络中
R1(config)#routerrip
R1(config-router)#version2
R1(config-router)#default-m
R1(config-router)#default-metric10
R1(config-router)#network172.16.1.0
R1(config-router)#network172.16.2.0
R1(config-router)#network192.168.100.0
R1(config-router)#passive-interfacee0/3 (ospf区域中的端口)
R1(config-router)#noauto-summary
R1(config-router)#exit
R1(config)#routerospf99
R1(config-router)#network172.16.3.00.0.0.255area0
R1(config-router)#redistributeripsubnets
R1(config-router)#exit
R1(config)#exit
把ospf重发到rip网络中
r1(config)#routerrip
r1(config-router)#redistributeospf99metric10
r1(config-router)#exit
r1(config)#routerospf99
r1(config-router)#redistributeripmetric200subnets
r1(config-router)#exit
PAT的配置
R1(config)#access-list1permitany
R1(config)#ipnatpoolaa172.16.3.1172.16.3.1netmask255.255.255.0
R1(config)#ipnatinsidesourcelist1poolaaoverload
在外部端口和内部端口上启用NAT
R1(config)#inte0/3
R1(config-if)#ipnatoutside
R1(config-if)#exit
R1(config)#inte0/1
R1(config-if)#ipnatinside
R1(config-if)#exit
R1(config)#inte0/2
R1(config-if)#ipnatinside
R1(config)#exit
HSRP配置
3L-1(config)#intf0/5
3L-1(config-if)#nosw
3L-1(config-if)#ipadd192.168.10.1255.255.255.0
3L-1(config-if)#noshut
3L-1(config-if)#standby10ip192.168.10.254
3L-1(config-if)#noipredirects
3L-1(config-if)#standby10priority200
3L-1(config-if)#standby10preempt
3L-1(config-if)#exit
3L-1(config)#exit
3L-2(config)#intf0/5
3L-2(config-if)#nosw
3L-2(config-if)#ipadd192.168.10.2255.255.255.0
3L-2(config-if)#noshut
3L-2(config-if)#standby10ip192.168.10.254
3L-2(config-if)#noipredirects
3L-2(config-if)#standby10priority150
3L-2(config-if)#exit
PVST的配置
3L-1(config)#spanning-treevlan1root
升级会员 