9.2 HSRP小型实验
项目拓扑:
项目需求:
近期公司为了确保网络可靠性,解决单点问题,新增了一台三层交换机作为备用,现在需要进行冗余网关配置,以实现可靠网络。
1、公司下属部门共划分4个Vlan,分为10/20/30/40。
IP规划如下:
| 设备 | 接口 | IP地址 | 子网掩码 |
|---|---|---|---|
| SW1 | VLAN10 | 192.168.10.252 | 255.255.255.0 |
| SW1 | VLAN20 | 192.168.20.252 | 255.255.255.0 |
| SW1 | VLAN30 | 192.168.30.252 | 255.255.255.0 |
| SW1 | VLAN40 | 192.168.40.252 | 255.255.255.0 |
| SW2 | VLAN10 | 192.168.10.253 | 255.255.255.0 |
| SW2 | VLAN20 | 192.168.20.253 | 255.255.255.0 |
| SW2 | VLAN30 | 192.168.30.253 | 255.255.255.0 |
| SW2 | VLAN40 | 192.168.40.253 | 255.255.255.0 |
| SW1 | G1/0/1 | 192.168.50.1 | 255.255.255.0 |
| SW2 | G1/0/1 | 192.168.60.1 | 255.255.255.0 |
| R1 | G0/1 | 192.168.50.2 | 255.255.255.0 |
| R1 | G0/2 | 192.168.60.2 | 255.255.255.0 |
| R1 | G0/0 | 192.168.70.1 | 255.255.255.0 |
| IIS+DNS | fa0 | 192.168.70.2 | 255.255.255.0 |
2、在两台三层交换机上设置HSRP,要求vlan10、vlan20在SW1上设置为主要网关、vlan30、vlan400在SW2上设置为主要网关,虚拟IP地址均为254最后一个地址;二层交换机中的SW3的1-10号接口属于vlan10,11-20号接口属于vlan20,sw4的1-10号接口属于vlan30,11-20号接口属于vlan40。
3、在路由器上设置DHCP服务器,为下属四个VLAN分配IP地址,要求去除已经分配给HSRP网关的三个IP地址及前10个IP地址。
4、在IIS+DNS设置IIS服务和DNS服务。
5、需要保证任意两条链路断开,通路不断,所有客户端能正常访问IIS+DNS服务器上的web站点,域名均采用www.cjgy.com。
6、在SW1上设置VLAN10和VLAN20的spanning优先级为root primary,使其成为vlan10、vlan20的根桥,设置VLAN30、VLAN40的spanning优先级为root secondary使其成为备份;在SW2上设置VLAN 30、VLAN40的spanning优先级为Root primary,使其成为vlan30、vlan40的根桥,设置VLAN10和VLAN20的spanning优先级为root secondary 使其成为备份;设置两端交换机通道1在vlan10,、20/30/40中spanning的cost为2,确保两边数据交互时,主要数据从该聚合链路通过;设置所有二层交换机连接PC的接口到portfast模式,并开启BPDUGUARD功能。
7、需要保证任意两条链路断开,道路不断,所有客户端能正常访问IIS+DNS服务器上的web站点。
项目实施:
以下MS、RS分别意为二层路由(MAC Swich)与三层路由(Router Swich)
MS1:
en
conf t
vl 10
vl 20
exi
hostname MS1
line con 0
loggin sy
exi
ip dhcp snooping vl 10,20,30,40
int f0/1
sw mo ac
sw ac vl 10
spanning portfast
spanning bpdu en
exi
int f0/11
sw mo ac
sw ac vl 20
spanning portfast
spanning bpdu en
int range g0/1-2
ip dhcp snooping trust
sw mo tr
end
wr
MS2:
en
conf t
vl 30
vl 40
exi
hostname MS2
line con 0
loggin sy
exi
ip dhcp snooping vl 10,20,30,40
int f0/1
sw mo ac
sw ac vl 30
spanning portfast
spanning bpdu en
exi
int f0/11
sw mo ac
sw ac vl 40
spanning portfast
spanning bpdu en
int range g0/1-2
ip dhcp snooping trust
sw mo tr
end
wr
RS1:
en
conf t
hostname RS1
vl 10
vl 20
vl 30
vl 40
exi
line con 0
loggin sy
exi
ip dhcp snooping vl 10,20,30,40
no ip dhcp snooping information option
int range g1/0/2,g1/0/5
channel-g 1 mo ac
exi
int por 1
sw tr en do
sw mo tr
sw tr al vl 10,20,30,40
spanning cost 2
int vl 10
ip add 192.168.10.252 255.255.255.0
no sh
standby ver 2
standby 10 ip 192.168.10.254
standby 10 pri 105
standby 10 pre
standby 10 tr g1/0/1
ip helper 192.168.50.2
exi
int vl 20
ip add 192.168.20.252 255.255.255.0
no sh
standby ver 2
standby 20 ip 192.168.20.254
standby 20 pri 105
standby 20 pre
standby 20 tr g1/0/1
ip helper 192.168.50.2
exi
int vl 30
ip add 192.168.30.252 255.255.255.0
no sh
standby ver 2
standby 30 ip 192.168.30.254
standby 30 tr g1/0/1
ip helper 192.168.50.2
exi
int vl 40
ip add 192.168.40.252 255.255.255.0
no sh
standby ver 2
standby 40 ip 192.168.40.254
standby 40 tr g1/0/1
ip helper 192.168.50.2
exi
int g1/0/1
ip dhcp snooping trust
no sw
ip add 192.168.50.1 255.255.255.0
no sh
exi
int range g1/0/2-5
ip dhcp snooping trust
sw tr en do
sw mo tr
exi
ip route 0.0.0.0 0.0.0.0 g1/0/1
ip routing
spanning-tree vlan 30,40 root secondary
spanning-tree vlan 10,20 root primary
end
wr
RS2:
en
conf t
hostname RS2
vl 10
vl 20
vl 30
vl 40
exi
line con 0
loggin sy
exi
ip dhcp snooping vl 10,20,30,40
no ip dhcp snooping information option
int range g1/0/2,g1/0/5
channel-g 1 mo ac
exi
int por 1
sw tr en do
sw mo tr
sw tr al vl 10,20,30,40
spanning cost 2
int vl 10
ip add 192.168.10.253 255.255.255.0
no sh
standby ver 2
standby 10 ip 192.168.10.254
standby 10 tr g1/0/1
ip helper 192.168.60.2
exi
int vl 20
ip add 192.168.20.253 255.255.255.0
no sh
standby ver 2
standby 20 ip 192.168.20.254
standby 20 tr g1/0/1
ip helper 192.168.60.2
exi
int vl 30
ip add 192.168.30.253 255.255.255.0
no sh
standby ver 2
standby 30 ip 192.168.30.254
standby 30 pri 105
standby 30 pre
standby 30 tr g1/0/1
ip helper 192.168.60.2
exi
int vl 40
ip add 192.168.40.253 255.255.255.0
no sh
standby ver 2
standby 40 ip 192.168.40.254
standby 40 pri 105
standby 40 pre
standby 40 tr g1/0/1
ip helper 192.168.60.2
exi
int g1/0/1
ip dhcp snooping trust
no sw
ip add 192.168.60.1 255.255.255.0
no sh
int range g1/0/2-5
ip dhcp snooping trust
sw tr en do
sw mo tr
exi
ip route 0.0.0.0 0.0.0.0 g1/0/1
ip routing
spanning-tree vlan 10,20 root secondary
spanning-tree vlan 30,40 root primary
end
wr
R1:
en
conf t
int g0/0
ip add 192.168.70.1 255.255.255.0
no sh
exi
int g0/1
ip add 192.168.50.2 255.255.255.0
no sh
exi
int g0/2
ip add 192.168.60.2 255.255.255.0
no sh
exi
ip dhcp ex 192.168.10.252 192.168.10.254
ip dhcp ex 192.168.10.1 192.168.10.10
ip dhcp ex 192.168.20.252 192.168.20.254
ip dhcp ex 192.168.20.1 192.168.20.10
ip dhcp ex 192.168.30.252 192.168.30.254
ip dhcp ex 192.168.30.1 192.168.30.10
ip dhcp ex 192.168.40.252 192.168.40.254
ip dhcp ex 192.168.40.1 192.168.40.10
ip dhcp pool vlan10
network 192.168.10.0 255.255.255.0
de 192.168.10.254
dns 192.168.70.2
exi
ip dhcp pool vlan20
network 192.168.20.0 255.255.255.0
de 192.168.20.254
dns 192.168.70.2
exi
ip dhcp pool vlan30
network 192.168.30.0 255.255.255.0
de 192.168.30.254
dns 192.168.70.2
exi
ip dhcp pool vlan40
network 192.168.40.0 255.255.255.0
de 192.168.40.254
dns 192.168.70.2
exi
ip route 0.0.0.0 0.0.0.0 g0/0
ip route 192.168.10.0 255.255.255.0 192.168.50.1
ip route 192.168.10.0 255.255.255.0 192.168.60.1 100
ip route 192.168.20.0 255.255.255.0 192.168.50.1
ip route 192.168.20.0 255.255.255.0 192.168.60.1 100
ip route 192.168.30.0 255.255.255.0 192.168.60.1
ip route 192.168.30.0 255.255.255.0 192.168.50.1 100
ip route 192.168.40.0 255.255.255.0 192.168.60.1
ip route 192.168.40.0 255.255.255.0 192.168.50.1 100
IIS+DNS:
192.168.70.2
HTTP:
WELCOME TO
长江工程职业技术学院
更新: 2025-03-11 13:44:29
原文: https://www.yuque.com/yuhui.net/network/hys48oa9pubrlhhm
评论(0)
暂无评论