1. Campus Network Design and Requirements Analysis
1.校园网络设计与需求分析
1. Subnet division
1.子网划分
University plans to build a campus network infrastructure. The campus network is divided using the 172.16.0.0/20 network . Please complete the IP address division of each network according to specific needs .
学校拟建设校园网络基础设施,校园网络采用172.16.0.0/20网络划分,请根据具体需求完成各网络IP地址划分。
1. Egress network: The campus network is connected to the Internet using 10Gbps POS technology. The frame format of the POS interface is SDH. The egress IP address applied for is 200.10.1.1/2, and the IP address of the ISP router is 200.10.1.2/2.
1、出口网络:校园网采用10Gbps POS技术接入Internet,POS接口帧格式为SDH,申请的出口IP地址为200.10.1.1/2,ISP路由器IP地址为200.10.1.2/2。
2. Administrative area: 200 computers in total.
2.管理区:共计200台计算机。
3. Colleges: There are three colleges in total, the School of Information uses 500 computers, the School of Materials and the School of Mathematics and Physics
3.学院:共有三个学院,信息学院使用500台计算机,材料学院和数理学院
200 computers are used each.
每家都使用了200台计算机。
4. Dormitory area: Each dormitory area is estimated to have 850 computers.
4、宿舍区:每个宿舍区预计有850台电脑。
5. Teaching building: 100 computers in total.
5、教学楼:共计100台计算机。
6. Library: 200 computers in total.
6.图书馆:共计200台计算机。
7. Computer room: accommodates 100 servers.
7.计算机房:可容纳100台服务器。
8. WIFI network: Use DHCP to automatically assign IP addresses.
8.WIFI网络:使用DHCP自动分配IP地址。
2. VLAN Division
2.VLAN划分
Please select the appropriate device and complete the physical line connection. The core three-layer switch divides VLANs for
请选择合适的设备,完成物理线路连接。核心三层交换机划分VLAN
Computer room, administration building, teaching building, library, School of Information, School of Materials, School of Mathematics and Physics, Nanyuan Dormitory, Ziyuan Dormitory and WIFI network use.
计算机室、行政楼、教学楼、图书馆、信息学院、材料学院、数理学院、南苑宿舍、资源宿舍及WIFI网络使用。
Similarly, the college area and dormitory area each use a switch to divide VLANs for use by different colleges and dormitory buildings.
同样学院区和宿舍区各用一台交换机划分VLAN,供不同学院和宿舍楼使用。
(III) OSPF routing configuration and static routing configuration
(三)OSPF路由配置与静态路由配置
The college uses OSPF for network routing, and the default route is set to access the Internet from the egress router.
学院采用OSPF进行网络路由,设置默认路由从出口路由器访问Internet。
(IV) WIFI network configuration
(四)WIFI网络配置
The WIFI is reconfigured for the intranet, divided into 192.168.0.0/22, and DHCP is used to dynamically assign IP addresses, which can accommodate 1024 users at the same time.
WIFI重新配置为内网,划分为192.168.0.0/22,采用DHCP动态分配IP地址,可同时容纳1024个用户。
(V) NAT external network access
(五)NAT外网访问
Set up NAT on the egress router to map the intranet Internet access to the external network
在出口路由器上设置NAT,将内网上网映射到外网
(VI) VPN access to the intranet
(六)VPN访问内网
By configuring VPN service on the egress router, the intranet library resources can be accessed from "Internet users".
通过在出口路由器上配置VPN服务,实现“外网用户”可以访问内网图书馆资源。
(VII) Router Dual Hot Standby HSRP
(七)路由器双机热备HSRP
Implement dual-machine hot standby and redundant lines in the core switching area to avoid network collapse caused by single-path errors.
在核心交换区实行双机热备、线路冗余,避免因单路径错误造成网络崩溃。
(VIII) Minimum Spanning Tree Protocol (STP)
(八)最小生成树协议(STP)
Implement the minimum spanning tree STP to ensure that there are no loops in the network.
实现最小生成树STP,保证网络中没有环路。
9. ACL access control
9. ACL 访问控制
1. Dormitory students cannot access administrative and teaching building resources.
1.住宿生无法使用学校行政及教学楼资源。
2. After accessing the external network VPN, access to teaching building resources is not allowed.
2、接入外网VPN后,不可以访问教学楼资源。
10. HTTP, DNS and mail server configuration
10.HTTP、DNS和邮件服务器配置
1. Configure the homepage of A University campus network (http://www.aau.edu.cn/).
1、配置A大学校园网主页(http://www.aau.edu.cn/)。
2. Configuring DNS domain name resolution can assist external computers in resolving the campus network homepage and mail server.
2、配置DNS域名解析,可以协助外部计算机解析校园网主页和邮件服务器。
3. Configure the mail server to send and receive mails (mail.aau.edu.cn).
3、配置邮件服务器,发送和接收邮件(mail.aau.edu.cn)。
2. Network Planning and Configuration
2. 网络规划与配置
1. Subnet division
1.子网划分
Since the IP address segment used by the campus network is 172.16.0.0/20, the address range that can be allocated is 172.16.0.0~172.16.15.255.255
由于校园网使用的IP地址段为172.16.0.0/20,因此可分配的地址范围为172.16.0.0~172.16.15.255.255
Subnet division is performed based on the number of hosts in each area. The subnet division is as follows:
根据每个区域的主机数量进行子网划分,子网划分如下:
Administrative region: 200 172.16.0.0/24
行政区域:200 172.16.0.0/24
College: School of Information Science 500 172.16.2.0/23, School of Materials Science 200 172.16.4.0/24 , School of Mathematics and Physics 200 172.16.5.0/24
学院:信息学院500 172.16.2.0/23、材料学院200 172.16.4.0/24 、数理学院200 172.16.5.0/24
Dormitory area: Nanyuan 850 172.16.8.0/22 , Ziyuan 850 172.16.12.0/22
宿舍区:南苑850 172.16.8.0/22 、紫苑850 172.16.12.0/22
Teaching building: 100 172.16.1.0/25
教学楼:100 172.16.1.0/25
Library: 200 172.16.6.0/24
图书馆:200 172.16.6.0/24
Computer room: 100 172.16.1.128/25
机房: 100172.16.1.128/25
WIFI network: DHCP WIFI network below we use 192.168.0.0/22
WIFI网络:DHCP WIFI网络下面我们使用192.168.0.0/22
In order to ensure that network devices have available addresses for interconnection, we use the 172.16.7.0/24 network segment as the device interconnection address.
为了保证网络设备有可用的地址进行互联,我们使用172.16.7.0/24网段作为设备互联地址。
department | Subnet segment | Subnet Mask | Gateway | Number of addresses |
Administrative region | 172.16.0.0/24 | 255.255.255.0 | 172.16.0.254 | 254 |
Teaching Building | 172.16.1.0/25 | 255.255.255.128 | 172.16.1.126 | 126 |
library | 172.16.6.0/24 | 255.255.255.0 | 172.16.6.254 | 254 |
School of Information | 172.16.2.0/23 | 255.255.254.0 | 172.16.3.254 | 510 |
School of Materials | 172.16.4.0/24 | 255.255.255.0 | 172.16.4.254 | 254 |
School of Mathematics and Physics | 172.16.5.0/24 | 255.255.255.0 | 172.16.5.254 | 254 |
Nanyuan Dormitory | 172.16.8.0/22 | 255.255.252.0 | 172.16.11.254 | 1022 |
Ziyuan Dormitory | 172.16.12.0/22 | 255.255.252.0 | 172.16.15.254 | 1022 |
engine room | 172.16.1.128/25 | 255.255.255.128 | 172.16.1.254 | 126 |
WIFI network | 192.168.0.0/22 | 255.255.252.0 | 192.168.3.254 | 1022 |
Egress router: 200.10.1.1/24
出口路由器:200.10.1.1/24 ISP: 200.10.1.2/24
ISP:200.10.1.2/24
2. VLAN division
2.VLAN划分
Since the school buildings and departments are clearly divided, we divide the VLANs according to their subnets. The VLAN numbers are 10, 20, 30, 40, 50, 60, 70, 80, and 90. We have set up hot standby in the core three-layer switches. In order to ensure the uniqueness of the address, we set different VLAN addresses for the two core switches and configured the HSRP virtual gateway address.
由于学校各教学楼、各部门划分明确,我们根据其所属子网划分VLAN,VLAN号分别为10、20、30、40、50、60、70、80、90。在核心三层交换机上设置热备,为保证地址的唯一性,为两台核心交换机设置不同的VLAN地址,并配置HSRP虚拟网关地址。
The VLAN division is shown in the following table:
VLAN划分如下表所示:
department | VLAN | VLAN address | HSRP virtual gateway address |
Administrative region | 10 | 172.16.0.252/24 172.16.0.253/24 | 172.16.0.254/24 |
Teaching Building | 20 | 172.16.1.124/25 172.16.1.125/25 | 172.16.1.126/25 |
library | 30 | 172.16.6.252/24 172.16.6.253/25 | 172.16.6.254/24 |
School of Information | 40 | 172.16.3.252/23 172.16.3.253/23 | 172.16.3.254/23 |
School of Materials | 50 | 172.16.4.252/24 172.16.4.253/24 | 172.16.4.254/24 |
School of Mathematics and Physics | 60 | 172.16.5.252/24 172.16.5.253/24 | 172.16.5.254/24 |
Nanyuan Dormitory | 70 | 172.16.11.252/22 172.16.11.253/22 | 172.16.11.254/22 |
Ziyuan Dormitory | 80 | 172.16.15.252/22 172.16.15.253/22 | 172.16.15.254/22 |
engine room | 90 | 172.16.1.252/25 172.16.1.253/25 | 172.16.1.254/25 |
WIFI network | NULL | 192.168.3.254/22 | NULL |
3. Configuration of Layer 2 and Layer 3 switch VLANs
3.二层、三层交换机VLAN的配置
Administration Building
行政大楼
Switch>en
开关>en
Switch#conf t
交换机#conf t
Enter configuration commands, one per line. End with CNTL/Z.
输入配置命令,每行一个。以 CNTL/Z 结尾。
Switch(config)#hostname xzl
交换机(配置)#主机名 xzl
xzl (config)#vlan 10
xzl (配置)#vlan 10
xzl (config-vlan)#int range f0/1 -2
xzl (config-vlan)#int range f0/1 -2
xzl(config-if-range)#sw m a
xzl (config-if - range)#sw ma
xzl(config-if-range)#sw a v 10
xzl (config-if - range)#sw av 10
xzl(config-if)#exit
xzl (config-if)#退出
xzl(config)#int range f0/3-4
xzl (配置)#int 范围 f0/3-4
xzl(config-if-range)#sw m t
xzl (config-if-range)#sw mt
xzl(config-if-range)#sw t all vlan 10
xzl (config-if-range)#sw t 所有 vlan 10
xzl(config-if-range)#exit
xzl (config-if-range)#退出
教学楼
Switch>enable
开关%3启用
Switch#configure terminal
交换机#配置终端
Enter configuration commands, one per line. End with CNTL/Z.
输入配置命令,每行一个。以 CNTL/Z 结尾。
Switch(config)#hostname jxl
交换机(配置)#主机名 jxl
jxl(config)#vlan 20
jxl(配置)#vlan 20
jxl(config-vlan)#int range f0/1-2
jxl(config-vlan)#int 范围 f0/1-2
jxl(config-if-range)#sw m a
jxl(config-if-range)#sw ma
jxl(config-if-range)#sw a v 20
jxl (config-if-range)#sw av 20
jxl(config-if-range)#exit
jxl (config-if-range)#退出
jxl(config)#int range f0/3-4
jxl(配置)#int 范围 f0/3-4
jxl(config-if-range)#sw m t
jxl(config-if-range)#sw mt
jxl(config-if-range)#sw t all vlan 20
jxl(config-if-range)#sw t 所有 vlan 20
jxl(config-if-range)#exit
jxl (config-if-range)#退出
图书馆
Switch>enable
开关%3启用
Switch#configure terminal
交换机#配置终端
Enter configuration commands, one per line. End with CNTL/Z.
输入配置命令,每行一个。以 CNTL/Z 结尾。
Switch(config)#hostname tsg
交换机(配置)#主机名 tsg
tsg(config)#vlan 30
tsg (配置)#vlan 30
tsg(config-vlan)#int range f0/1-2
tsg (配置 vlan)#int 范围 f0/1-2
tsg(config-if-range)#sw m a
tsg (config-if-range)#sw ma
tsg(config-if-range)#sw a v 30
tsg (config-if-range)#sw av 30
tsg(config-if-range)#exit
tsg (config-if-range)#退出
tsg(config)#int range f0/3-4
tsg (配置) #int 范围 f0/3-4
tsg(config-if-range)#sw m t
tsg (config-if-range)#sw mt
tsg(config-if-range)#sw t all vlan 30
tsg (config-if-range)#sw t 所有 vlan 30
tsg(config-if-range)#exit
tsg (config-if-range)#退出
汇聚交换机(学院)
汇聚交换机(学院)
Switch>enable
开关%3启用
Switch#configure terminal
交换机#配置终端
Enter configuration commands, one per line. End with CNTL/Z.
输入配置命令,每行一个。以 CNTL/Z 结尾。
Switch(config)#hostname hjxy
交换机(配置)#主机名 hjxy
hjxy(config)#vlan 40
hjxy(配置)#vlan 40
hjxy(config-vlan)#vlan 50
hjxy(配置vlan)#vlan 50
hjxy(config-vlan)#vlan 60
hjxy(配置vlan)#vlan 60
hjxy(config-vlan)#int range f0/1-2
hjxy(config-if-range)#sw m a
hjxy(config-if-range)#sw ma
hjxy(config-if-range)#sw a v 40
hjxy(config-if-range)#sw av 40
hjxy(config-if-range)#exit
hjxy (config-if-range)#退出
hjxy(config)#int range f0/3-4
hjxy(配置)#int 范围 f0/3-4
hjxy(config-if-range)#sw m a
hjxy(config-if-range)#sw ma
hjxy(config-if-range)#sw a v 50
hjxy(config-if-range)#sw av 50
hjxy(config-if-range)#exit
hjxy (config-if-range)#退出
hjxy(config)#int range f0/5-6
hjxy(配置)#int 范围 f0/5-6
hjxy(config-if-range)#sw m a
hjxy(config-if-range)#sw ma
hjxy(config-if-range)#sw a v 60
hjxy(config-if-range)#sw av 60
hjxy(config-if-range)#exit
hjxy (config-if-range)#退出
hjxy(config)#int range f0/7-8
hjxy(配置)#int 范围 f0/7-8
hjxy(config-if-range)#sw m t
hjxy(config-if-range)#sw mt
hjxy(config-if-range)#sw t all vlan 40,50,60
hjxy (config-if-range)#sw t 所有 vlan 40,50,60
hjxy(config-if-range)#exit
hjxy (config-if-range)#退出
汇集交换机(宿舍)
Switch>enable
开关%3启用
Switch#configure terminal
交换机#配置终端
Enter configuration commands, one per line. End with CNTL/Z.
输入配置命令,每行一个。以 CNTL/Z 结尾。
Switch(config)#hostname hjss
交换机(配置)#主机名 hjss
hjss(config)#vlan 70
hjss (配置)#vlan 70
hjss(config-vlan)#vlan 80
hjss (配置 vlan)#vlan 80
hjss(config-vlan)#int range f0/1-2
hjss (config-vlan)#int 范围 f0/1-2
hjss(config-if-range)#sw m a
hjss (config-if-range)#sw ma
hjss(config-if-range)#sw a v 70
hjss(config-if-range)#sw av 70
hjss(config-if-range)#exit
hjss (config-if-range)#退出
hjss(config)#int range f0/3-4
hjss(配置)#int 范围 f0/3-4
hjss(config-if-range)#sw m a
hjss (config-if-range)#sw ma
hjss(config-if-range)#sw a v 80
hjss(config-if-range)#sw av 80
hjss(config-if-range)#exit
hjss (config-if-range)#退出
hjss(config)#int range f0/5-6
hjss(配置)#int 范围 f0/5-6
hjss(config-if-range)#sw m t
hjss (config-if-range)#sw mt
hjss(config-if-range)#sw t all vlan 70,80
hjss (config-if-range)#sw t 所有 vlan 70,80
hjss(config-if-range)#exit
hjss (config-if-range)#退出
机房
機房
Switch>enable
开关%3启用
Switch#configure terminal
交换机#配置终端
Enter configuration commands, one per line. End with CNTL/Z.
输入配置命令,每行一个。以 CNTL/Z 结尾。
Switch(config)#hostname jf
交换机(配置)#主机名 jf
jf(config)#vlan 90
jf (配置)#vlan 90
jf(config-vlan)#int range f0/1-3
jf (config-vlan)#int 范围 f0/1-3
jf(config-if-range)#sw m a
jf (config-if-range)#sw ma
jf(config-if-range)#sw a v 90
jf (config-if-range)#sw av 90
jf(config-if-range)#exit
jf (config-if-range)#退出
jf(config)#int range f0/4-5
jf(配置)#int 范围 f0/4-5
jf(config-if-range)#sw m t
jf (config-if-range)#sw mt
jf(config-if-range)#sw t all vlan 90
jf (config-if-range)#sw t 所有 vlan 90
jf(config-if-range)#exit
jf (config-if-range)#退出
核心交换机1
Switch>enable
开关%3启用
Switch#
转变#
Switch#configure terminal
交换机#配置终端
Enter configuration commands, one per line. End with CNTL/Z.
输入配置命令,每行一个。以 CNTL/Z 结尾。
Switch(config)#
开关(配置)#
Switch(config)#hostname core1
交换机(配置)#主机名 core1
core1(config)#vlan 10
core1(配置)#vlan 10
core1(config-vlan)#vlan 20
core1(配置vlan)#vlan 20
core1(config-vlan)#vlan 30
core1(配置vlan)#vlan 30
core1(config-vlan)#vlan 40
core1(配置vlan)#vlan 40
core1(config-vlan)#vlan 50
core1(配置vlan)#vlan 50
core1(config-vlan)#vlan 60
core1(配置vlan)#vlan 60
core1(config-vlan)#vlan 70
core1(配置vlan)#vlan 70
core1(config-vlan)#vlan 80
core1(配置vlan)#vlan 80
core1(config-vlan)#vlan 90
core1(配置vlan)#vlan 90
core1(config-vlan)#int range f0/1-6
core1(config-if-range)#sw t e d
core1(config-if-range)#sw ted
core1(config-if-range)#sw m t
core1(config-if-range)#sw mt
core1(config-if-range)#int vlan 10
core1(config-if)#ip add 172.16.0.252 255.255.255.0
core1 (config-if)#ip 添加 172.16.0.252 255.255.255.0
core1(config-if)#no shut
core1(config-if)#no 关闭
core1(config-if)#int vlan 20
core1(config-if)#ip add 172.16.1.124 255.255.255.128
core1 (配置if)#ip 添加 172.16.1.124 255.255.255.128
core1(config-if)#no shut
core1(config-if)#no 关闭
core1(config-if)#int vlan 30
core1(config-if)#ip add 172.16.6.252 255.255.255.0
core1 (config-if)#ip 添加 172.16.6.252 255.255.255.0
core1(config-if)#no shut
core1(config-if)#no 关闭
core1(config-if)#int vlan 40
core1(config-if)#ip add 172.16.3.252 255.255.254.0
core1 (config-if)#ip 添加 172.16.3.252 255.255.254.0
core1(config-if)#no shut
core1(config-if)#no 关闭
core1(config-if)#int vlan 50
core1(config-if)#ip add 172.16.4.252 255.255.255.0
core1 (config-if)#ip 添加 172.16.4.252 255.255.255.0
core1(config-if)#no shut
core1(config-if)#no 关闭
core1(config-if)#int vlan 60
core1(config-if)#ip add 172.16.5.252 255.255.255.0
core1 (config-if)#ip 添加 172.16.5.252 255.255.255.0
core1(config-if)#no shut
core1(config-if)#no 关闭
core1(config-if)#int vlan 70
core1(config-if)#ip add 172.16.11.252 255.255.252.0
core1 (config-if)#ip 添加 172.16.11.252 255.255.252.0
core1(config-if)#no shut
core1(config-if)#no 关闭
core1(config-if)#int vlan 80
core1(config-if)#ip add 172.16.15.252 255.255.252.0
core1 (config-if)#ip 添加 172.16.15.252 255.255.252.0
core1(config-if)#no shut
core1(config-if)#no 关闭
core1(config-if)#int vlan 90
core1(config-if)#ip add 172.16.1.252 255.255.255.128
core1 (配置if)#ip 添加 172.16.1.252 255.255.255.128
core1(config-if)#no shut
core1(config-if)#no 关闭
核心交换机2
Switch>enable
开关%3启用
Switch#
转变#
Switch#configure terminal
交换机#配置终端
Enter configuration commands, one per line. End with CNTL/Z.
输入配置命令,每行一个。以 CNTL/Z 结尾。
Switch(config)#
开关(配置)#
Switch(config)#hostname core2
交换机(配置)#主机名 core2
core2(config)#vlan 10
core2(配置)#vlan 10
core2(config-vlan)#vlan 20
core2(配置vlan)#vlan 20
core2(config-vlan)#vlan 30
core2(配置vlan)#vlan 30
core2(config-vlan)#vlan 40
core2(配置vlan)#vlan 40
core2(config-vlan)#vlan 50
core2(配置vlan)#vlan 50
core2(config-vlan)#vlan 60
core2(配置vlan)#vlan 60
core2(config-vlan)#vlan 70
core2(配置vlan)#vlan 70
core2(config-vlan)#vlan 80
core2(配置vlan)#vlan 80
core2(config-vlan)#vlan 90
core2(配置vlan)#vlan 90
core2(config-vlan)#int range f0/1-6
core2(config-if-range)#sw t e d
core2(config-if-range)#sw ted
core2(config-if-range)#sw m t
core2(config-if-range)#sw mt
core2(config-if-range)#int vlan 10
core2(config-if)#ip add 172.16.0.253 255.255.255.0
core2 (config-if)#ip 添加 172.16.0.253 255.255.255.0
core2(config-if)#no shut
core2(config-if)#不关闭
core2(config-if)#int vlan 20
core2(config-if)#ip add 172.16.1.125 255.255.255.128
core2 (配置if)#ip 添加 172.16.1.125 255.255.255.128
core2(config-if)#no shut
core2(config-if)#不关闭
core2(config-if)#int vlan 30
core2(config-if)#ip add 172.16.6.253 255.255.255.0
core2 (config-if)#ip 添加 172.16.6.253 255.255.255.0
core2(config-if)#no shut
core2(config-if)#不关闭
core2(config-if)#int vlan 40
core2(config-if)#ip add 172.16.3.253 255.255.254.0
core2 (config-if)#ip 添加 172.16.3.253 255.255.254.0
core2(config-if)#no shut
core2(config-if)#不关闭
core2(config-if)#int vlan 50
core2(config-if)#ip add 172.16.4.253 255.255.255.0
core2 (config-if)#ip 添加 172.16.4.253 255.255.255.0
core2(config-if)#no shut
core2(config-if)#不关闭
core2(config-if)#int vlan 60
core2(config-if)#ip add 172.16.5.253 255.255.255.0
core2 (config-if)#ip 添加 172.16.5.253 255.255.255.0
core2(config-if)#no shut
core2(config-if)#不关闭
core2(config-if)#int vlan 70
core2(config-if)#ip add 172.16.11.253 255.255.252.0
core2 (config-if)#ip 添加 172.16.11.253 255.255.252.0
core2(config-if)#no shut
core2(config-if)#不关闭
core2(config-if)#int vlan 80
core2(config-if)#ip add 172.16.15.253 255.255.252.0
core2 (config-if)#ip 添加 172.16.15.253 255.255.252.0
core2(config-if)#no shut
core2(config-if)#不关闭
core2(config-if)#int vlan 90
core2(config-if)#ip add 172.16.1.253 255.255.255.128
core2 (config-if)#ip 添加 172.16.1.253 255.255.255.128
core2(config-if)#no shut
core2(config-if)#不关闭
4. DHCP Configuration
4.DHCP 配置
Idea: Configure DHCP to dynamically assign addresses to all hosts on the campus network.
想法:配置DHCP,为校园网内所有主机动态分配地址。
Core switch 1
核心交换机1
core1(config)#service dhcp
core1(配置)#服务 dhcp
core1(config)#ip dhcp pool vlan10
core1(配置)#ip dhcp 池 vlan10
core1(dhcp-config)#network 172.16.0.0 255.255.255.0
core1(dhcp-config)#网络 172.16.0.0 255.255.255.0
core1(dhcp-config)#default 172.16.0.254
core1 (dhcp-config)#默认 172.16.0.254
core1(dhcp-config)#dns 172.16.1.150
core1 (dhcp-config)#dns 172.16.1.150
core1(dhcp-config)#ip dhcp pool vlan20
core1(dhcp-config)#network 172.16.1.0 255.255.255.128
core1(dhcp-config)#网络 172.16.1.0 255.255.255.128
core1(dhcp-config)#default 172.16.1.126
core1(dhcp-config)#默认 172.16.1.126
core1(dhcp-config)#dns 172.16.1.150
core1 (dhcp-config)#dns 172.16.1.150
core1(dhcp-config)#ip dhcp pool vlan30
core1(dhcp-config)#network 172.16.6.0 255.255.255.0
core1(dhcp-config)#网络 172.16.6.0 255.255.255.0
core1(dhcp-config)#default 172.16.6.254
core1 (dhcp-config)#默认 172.16.6.254
core1(dhcp-config)#dns 172.16.1.150
core1 (dhcp-config)#dns 172.16.1.150
core1(dhcp-config)#ip dhcp pool vlan40
core1(dhcp-config)#network 172.16.2.0 255.255.254.0
core1(dhcp-config)#网络 172.16.2.0 255.255.254.0
core1(dhcp-config)#default 172.16.3.254
core1 (dhcp-config)#默认 172.16.3.254
core1(dhcp-config)#dns 172.16.1.150
core1 (dhcp-config)#dns 172.16.1.150
core1(dhcp-config)#ip dhcp pool vlan50
core1(dhcp-config)#network 172.16.4.0 255.255.255.0
core1(dhcp-config)#网络 172.16.4.0 255.255.255.0
core1(dhcp-config)#default 172.16.4.254
core1 (dhcp-config)#默认 172.16.4.254
core1(dhcp-config)#dns 172.16.1.150
core1 (dhcp-config)#dns 172.16.1.150
core1(dhcp-config)#ip dhcp pool vlan60
core1(dhcp-config)#network 172.16.5.0 255.255.255.0
core1(dhcp-config)#网络 172.16.5.0 255.255.255.0
core1(dhcp-config)#default 172.16.5.254
core1(dhcp-config)#默认 172.16.5.254
core1(dhcp-config)#dns 172.16.1.150
core1 (dhcp-config)#dns 172.16.1.150
core1(dhcp-config)#ip dhcp pool vlan70
core1(dhcp-config)#network 172.16.8.0 255.255.252.0
core1(dhcp-config)#网络 172.16.8.0 255.255.252.0
core1(dhcp-config)#default 172.16.11.254
core1 (dhcp-config)#默认 172.16.11.254
core1(dhcp-config)#dns 172.16.1.150
core1 (dhcp-config)#dns 172.16.1.150
core1(dhcp-config)#ip dhcp pool vlan80
core1(dhcp-config)#network 172.16.12.0 255.255.252.0
core1(dhcp-config)#网络 172.16.12.0 255.255.252.0
core1(dhcp-config)#default 172.16.15.254
core1 (dhcp-config)#默认 172.16.15.254
core1(dhcp-config)#dns 172.16.1.150
core1 (dhcp-config)#dns 172.16.1.150
core1(dhcp-config)#
core1(dhcp-config)#ip dhcp excluded-address 172.16.0.252 172.16.0.253
core1 (dhcp-config)#ip dhcp 排除地址 172.16.0.252 172.16.0.253
core1(config)#ip dhcp excluded-address 172.16.1.124 172.16.1.125
core1 (配置)#ip dhcp 排除地址 172.16.1.124 172.16.1.125
core1(config)#ip dhcp excluded-address 172.16.6.252 172.16.6.253
core1 (配置)#ip dhcp 排除地址 172.16.6.252 172.16.6.253
core1(config)#ip dhcp excluded-address 172.16.3.252 172.16.3.253
core1 (配置)#ip dhcp 排除地址 172.16.3.252 172.16.3.253
core1(config)#ip dhcp excluded-address 172.16.4.252 172.16.4.253
core1 (配置)#ip dhcp 排除地址 172.16.4.252 172.16.4.253
core1(config)#ip dhcp excluded-address 172.16.5.252 172.16.5.253
core1 (配置)#ip dhcp 排除地址 172.16.5.252 172.16.5.253
core1(config)#ip dhcp excluded-address 172.16.11.252 172.16.11.253
core1 (配置)#ip dhcp 排除地址 172.16.11.252 172.16.11.253
core1(config)#ip dhcp excluded-address 172.16.15.252 172.16.15.253
core1 (配置)#ip dhcp 排除地址 172.16.15.252 172.16.15.253
核心交换机2
core2(config)#service dhcp
core2(配置)#服务 dhcp
core2(config)#ip dhcp pool vlan10
core2(配置)#ip dhcp 池 vlan10
core2(dhcp-config)#network 172.16.0.0 255.255.255.0
core2 (dhcp-config)#网络 172.16.0.0 255.255.255.0
core2(dhcp-config)#default 172.16.0.254
core2 (dhcp-config)#默认 172.16.0.254
core2(dhcp-config)#dns 172.16.1.150
core2 (dhcp-config)#dns 172.16.1.150
core2(dhcp-config)#ip dhcp pool vlan20
core2(dhcp-config)#network 172.16.1.0 255.255.255.128
core2 (dhcp-config)#网络 172.16.1.0 255.255.255.128
core2(dhcp-config)#default 172.16.1.126
core2 (dhcp-config)#默认 172.16.1.126
core2(dhcp-config)#dns 172.16.1.150
core2 (dhcp-config)#dns 172.16.1.150
core2(dhcp-config)#ip dhcp pool vlan30
core2(dhcp-config)#network 172.16.6.0 255.255.255.0
core2 (dhcp-config)#网络 172.16.6.0 255.255.255.0
core2(dhcp-config)#default 172.16.6.254
core2 (dhcp-config)#默认 172.16.6.254
core2(dhcp-config)#dns 172.16.1.150
core2 (dhcp-config)#dns 172.16.1.150
core2(dhcp-config)#ip dhcp pool vlan40
core2(dhcp-config)#network 172.16.2.0 255.255.254.0
core2 (dhcp-config)#网络 172.16.2.0 255.255.254.0
core2(dhcp-config)#default 172.16.3.254
core2 (dhcp-config)#默认 172.16.3.254
core2(dhcp-config)#dns 172.16.1.150
core2 (dhcp-config)#dns 172.16.1.150
core2(dhcp-config)#ip dhcp pool vlan50
core2(dhcp-config)#network 172.16.4.0 255.255.255.0
core2 (dhcp-config)#网络 172.16.4.0 255.255.255.0
core2(dhcp-config)#default 172.16.4.254
core2 (dhcp-config)#默认 172.16.4.254
core2(dhcp-config)#dns 172.16.1.150
core2 (dhcp-config)#dns 172.16.1.150
core2(dhcp-config)#ip dhcp pool vlan60
core2(dhcp-config)#network 172.16.5.0 255.255.255.0
core2 (dhcp-config)#网络 172.16.5.0 255.255.255.0
core2(dhcp-config)#default 172.16.5.254
core2 (dhcp-config)#默认 172.16.5.254
core2(dhcp-config)#dns 172.16.1.150
core2 (dhcp-config)#dns 172.16.1.150
core2(dhcp-config)#ip dhcp pool vlan70
core2(dhcp-config)#network 172.16.8.0 255.255.252.0
core2 (dhcp-config)#网络 172.16.8.0 255.255.252.0
core2(dhcp-config)#default 172.16.11.254
core2 (dhcp-config)#默认 172.16.11.254
core2(dhcp-config)#dns 172.16.1.150
core2 (dhcp-config)#dns 172.16.1.150
core2(dhcp-config)#ip dhcp pool vlan80
core2(dhcp-config)#network 172.16.12.0 255.255.252.0
core2 (dhcp-config)#网络 172.16.12.0 255.255.252.0
core2(dhcp-config)#default 172.16.15.254
core2 (dhcp-config)#默认 172.16.15.254
core2(dhcp-config)#dns 172.16.1.150
core2 (dhcp-config)#dns 172.16.1.150
core2(dhcp-config)#
core2(dhcp-config)#ip dhcp excluded-address 172.16.0.252 172.16.0.253
core2 (dhcp-config)#ip dhcp 排除地址 172.16.0.252 172.16.0.253
core2(config)#ip dhcp excluded-address 172.16.1.124 172.16.1.125
core2 (配置)#ip dhcp 排除地址 172.16.1.124 172.16.1.125
core2(config)#ip dhcp excluded-address 172.16.6.252 172.16.6.253
core2 (配置)#ip dhcp 排除地址 172.16.6.252 172.16.6.253
core2(config)#ip dhcp excluded-address 172.16.3.252 172.16.3.253
core2 (配置)#ip dhcp 排除地址 172.16.3.252 172.16.3.253
core2(config)#ip dhcp excluded-address 172.16.4.252 172.16.4.253
core2 (配置)#ip dhcp 排除地址 172.16.4.252 172.16.4.253
core2(config)#ip dhcp excluded-address 172.16.5.252 172.16.5.253
core2 (配置)#ip dhcp 排除地址 172.16.5.252 172.16.5.253
core2(config)#ip dhcp excluded-address 172.16.11.252 172.16.11.253
core2 (配置)#ip dhcp 排除地址 172.16.11.252 172.16.11.253
core2(config)#ip dhcp excluded-address 172.16.15.252 172.16.15.253
core2 (配置)#ip dhcp 排除地址 172.16.15.252 172.16.15.253
WIFI路由器
Router(config)#service dhcp
路由器(配置)#service dhcp
Router(config)#ip dhcp pool WIFI
路由器(配置)#ip dhcp pool WIFI
Router(dhcp-config)#net 192.168.0.0 255.255.252.0
路由器(dhcp-config)#net 192.168.0.0 255.255.252.0
Router(dhcp-config)#def 192.168.3.254
路由器(dhcp-config)#def 192.168.3.254
Router(dhcp-config)#dns 172.16.1.150
路由器(dhcp-config)#dns 172.16.1.150
Router(dhcp-config)#exit
路由器(dhcp-config)#退出
5. Switch router interface IP configuration
5.交换路由器接口IP配置
Core switch 1
核心交换机1
core1(config)#int f0/23
core1(配置)#int f0/23
core1(config-if)#no sw
core1(config-if)#无sw
core1(config-if)#ip add 172.16.7.1 255.255.255.252
core1 (配置if)#ip 添加 172.16.7.1 255.255.255.252
core1(config-if)#no shut
core1(config-if)#no 关闭
core1(config-if)#int f0/24
core1(配置 if)#int f0/24
core1(config-if)#no sw
core1(config-if)#无sw
core1(config-if)#ip add 172.16.7.17 255.255.255.252
core1 (配置 if)#ip 添加 172.16.7.17 255.255.255.252
core1(config-if)#no shut
core1(config-if)#no 关闭
core1(config-if)#int f0/7
core1(配置 if)#int f0/7
core1(config-if)#no sw
core1(config-if)#无sw
core1(config-if)#ip add 172.16.7.9 255.255.255.252
core1 (配置 if)#ip 添加 172.16.7.9 255.255.255.252
core1(config-if)#no shut
core1(config-if)#no 关闭
Core switch 2
核心交换机2
core2(config)#int f0/23
core2(配置)#int f0/23
core2(config-if)#no sw
core2(config-if)#无sw
core2(config-if)#ip add 172.16.7.5 255.255.255.252
core2 (配置 if)#ip 添加 172.16.7.5 255.255.255.252
core2(config-if)#no shut
core2(config-if)#不关闭
core2(config-if)#int f0/24
core2(配置 if)#int f0/24
core2(config-if)#no sw
core2(config-if)#无sw
core2(config-if)#ip add 172.16.7.21 255.255.255.252
core2 (配置if)#ip 添加 172.16.7.21 255.255.255.252
core2(config-if)#no shut
core2(config-if)#不关闭
core2(config-if)#int f0/7
core2(配置 if)#int f0/7
core2(config-if)#no sw
core2(config-if)#无sw
core2(config-if)#ip add 172.16.7.13 255.255.255.252
core2 (config-if)#ip 添加 172.16.7.13 255.255.255.252
core2(config-if)#no shut
core2(config-if)#不关闭
核心路由器1
Router(config)#int f0/0
路由器(配置)#int f0/0
Router(config-if)#ip add 172.16.7.2 255.255.255.252
路由器(config-if)#ip add 172.16.7.2 255.255.255.252
Router(config-if)#no shut
路由器(config-if)#no shutdown
Router(config-if)#int f0/1
路由器(config-if)#int f0/1
Router(config-if)#ip add 172.16.7.22 255.255.255.252
路由器(config-if)#ip add 172.16.7.22 255.255.255.252
Router(config-if)#no shut
路由器(config-if)#no shutdown
Router(config-if)#int f1/1
路由器(config-if)#int f1/1
Router(config-if)#ip add 172.16.7.25 255.255.255.252
路由器(config-if)#ip add 172.16.7.25 255.255.255.252
Router(config-if)#no shut
路由器(config-if)#no shutdown
Router(config-if)#int f1/0
路由器(config-if)#int f1/0
Router(config-if)#ip add 172.16.7.29 255.255.255.252
路由器(config-if)#ip add 172.16.7.29 255.255.255.252
Router(config-if)#no shut
路由器(config-if)#no shutdown
核心路由器2
核心導板2
Router(config)#int f0/0
路由器(配置)#int f0/0
Router(config-if)#ip add 172.16.7.6 255.255.255.252
路由器(config-if)#ip add 172.16.7.6 255.255.255.252
Router(config-if)#no shut
路由器(config-if)#no shutdown
Router(config-if)#int f0/1
路由器(config-if)#int f0/1
Router(config-if)#ip add 172.16.7.18 255.255.255.252
路由器(config-if)#ip add 172.16.7.18 255.255.255.252
Router(config-if)#no shut
路由器(config-if)#no shutdown
Router(config-if)#int f1/1
路由器(config-if)#int f1/1
Router(config-if)#ip add 172.16.7.26 255.255.255.252
路由器(config-if)#ip add 172.16.7.26 255.255.255.252
Router(config-if)#no shut
路由器(config-if)#no shutdown
Router(config-if)#int f1/0
路由器(config-if)#int f1/0
Router(config-if)#ip add 172.16.7.33 255.255.255.252
路由器(config-if)#ip add 172.16.7.33 255.255.255.252
Router(config-if)#no shut
路由器(config-if)#no shutdown
出口路由器
Router(config)#int f0/0
路由器(配置)#int f0/0
Router(config-if)#ip add 172.16.7.30 255.255.255.252
路由器(config-if)#ip add 172.16.7.30 255.255.255.252
Router(config-if)#no shut
路由器(config-if)#no shutdown
Router(config-if)#int f0/1
路由器(config-if)#int f0/1
Router(config-if)#ip add 172.16.7.34 255.255.255.252
路由器(config-if)#ip add 172.16.7.34 255.255.255.252
Router(config-if)#no shut
路由器(config-if)#no shutdown
Router(config-if)#int s0/0/0
路由器(config-if)#int s0/0/0
Router(config-if)#ip add 200.10.1.1 255.255.255.0
路由器(config-if)#ip add 200.10.1.1 255.255.255.0
Router(config-if)#no shut
路由器(config-if)#no shutdown
Router(config-if)#clock rate 64000
路由器(config-if)#时钟频率 64000
WIFI路由器
Router(config)#int f0/0
路由器(配置)#int f0/0
Router(config-if)#ip add 172.16.7.10 255.255.255.252
路由器(config-if)#ip add 172.16.7.10 255.255.255.252
Router(config-if)#no shut
路由器(config-if)#no shutdown
Router(config-if)#int f0/1
路由器(config-if)#int f0/1
Router(config-if)#ip add 172.16.7.14 255.255.255.252
路由器(config-if)#ip add 172.16.7.14 255.255.255.252
Router(config-if)#no shut
路由器(config-if)#no shutdown
ISP Router
ISP 路由器
Router(config)#hostname ISP
路由器(配置)#主机名 ISP
ISP(config)#int s0/0/0
ISP(配置)#int s0/0/0
ISP(config-if)#ip add 200.10.1.2 255.255.255.0
ISP (配置如果)#ip 添加 200.10.1.2 255.255.255.0
ISP(config-if)#no shut
ISP(config-if)#不关闭
ISP(config-if)#int f0/0
ISP(配置if)#int f0/0
ISP(config-if)#ip add 202.38.96.254 255.255.255.0
ISP (配置 if)#ip 添加 202.38.96.254 255.255.255.0
ISP(config-if)#no shut
ISP(config-if)#不关闭
6. OSPF routing configuration and static routing configuration
6.OSPF路由配置和静态路由配置
Ideas:
思路:
We have divided VLANs within the college and manage various departments and areas through three-layer switches. In order to ensure the interoperability of the college's internal network, we use the OSPF dynamic routing protocol to achieve interoperability. We configure the default route at the exit to realize the data forwarding direction when the internal network accesses the Internet. Although the exit is configured with the forwarding direction to the Internet, our internal network does not know it, so we retransmit the default route at the border and introduce the default route into the intranet.
我们在学院内部划分了VLAN,通过三层交换机对各个部门、区域进行管理。为了保证学院内部网络的互通,我们采用OSPF动态路由协议来实现互通。我们在出口处配置默认路由,实现内网访问Internet时的数据转发方向。虽然出口处配置了通往Internet的转发方向,但是我们的内网是不知道的,所以我们在边界处重传默认路由,将默认路由引入到内网中。
Core switch 1 configuration
核心交换机1配置
core1(config)#ip routing
core1(配置)#ip 路由
core1(config)#route ospf 1
core1(配置)#路由 ospf 1
core1(config-router)#router-id 1.1.1.1
core1(配置路由器)#路由器id 1.1.1.1
core1(config-router)#net 172.16.0.0 0.0.0.255 a 0
core1 (配置路由器)#net 172.16.0.0 0.0.0.255 a 0
core1(config-router)#net 172.16.1.0 0.0.0.127 a 0
core1 (配置路由器)#net 172.16.1.0 0.0.0.127 a 0
core1(config-router)#net 172.16.6.0 0.0.0.255 a 0
core1 (配置路由器)#net 172.16.6.0 0.0.0.255 a 0
core1(config-router)#net 172.16.2.0 0.0.1.255 a 0
core1 (配置路由器)#net 172.16.2.0 0.0.1.255 a 0
core1(config-router)#net 172.16.4.0 0.0.0.255 a 0
core1 (配置路由器)#net 172.16.4.0 0.0.0.255 a 0
core1(config-router)#net 172.16.5.0 0.0.0.255 a 0
core1 (配置路由器)#net 172.16.5.0 0.0.0.255 a 0
core1(config-router)#net 172.16.8.0 0.0.3.255 a 0
core1 (配置路由器)#net 172.16.8.0 0.0.3.255 a 0
core1(config-router)#net 172.16.12.0 0.0.3.255 a 0
core1 (配置路由器)#net 172.16.12.0 0.0.3.255 a 0
core1(config-router)#net 172.16.1.128 0.0.0.127 a 0
core1 (配置路由器)#net 172.16.1.128 0.0.0.127 a 0
core1(config-router)#net 172.16.7.0 0.0.0.3 a 0
core1 (配置路由器)#net 172.16.7.0 0.0.0.3 a 0
core1(config-router)#net 172.16.7.16 0.0.0.3 a 0
core1 (配置路由器)#net 172.16.7.16 0.0.0.3 a 0
core1(config-router)#net 172.16.7.8 0.0.0.3 a 0
core1 (配置路由器)#net 172.16.7.8 0.0.0.3 a 0
核心交换机2配置
core2(config)#ip routing
core2(配置)#ip 路由
core2(config)#route ospf 1
core2(配置)#路由 ospf 1
core2(config-router)#router-id 2.2.2.2
core2 (配置路由器)#路由器 ID 2.2.2.2
core2(config-router)#net 172.16.0.0 0.0.0.255 a 0
core2 (配置路由器)#net 172.16.0.0 0.0.0.255 a 0
core2(config-router)#net 172.16.1.0 0.0.0.127 a 0
core2 (配置路由器)#net 172.16.1.0 0.0.0.127 a 0
core2(config-router)#net 172.16.6.0 0.0.0.255 a 0
core2 (配置路由器)#net 172.16.6.0 0.0.0.255 a 0
core2(config-router)#net 172.16.2.0 0.0.1.255 a 0
core2 (配置路由器)#net 172.16.2.0 0.0.1.255 a 0
core2(config-router)#net 172.16.4.0 0.0.0.255 a 0
core2 (配置路由器)#net 172.16.4.0 0.0.0.255 a 0
core2(config-router)#net 172.16.5.0 0.0.0.255 a 0
core2 (配置路由器)#net 172.16.5.0 0.0.0.255 a 0
core2(config-router)#net 172.16.8.0 0.0.3.255 a 0
core2 (配置路由器)#net 172.16.8.0 0.0.3.255 a 0
core2(config-router)#net 172.16.12.0 0.0.3.255 a 0
core2 (配置路由器)#net 172.16.12.0 0.0.3.255 a 0
core2(config-router)#net 172.16.1.128 0.0.0.127 a 0
core2 (配置路由器)#net 172.16.1.128 0.0.0.127 a 0
core2(config-router)#net 172.16.7.4 0.0.0.3 a 0
core2 (配置路由器)#net 172.16.7.4 0.0.0.3 a 0
core2(config-router)#net 172.16.7.20 0.0.0.3 a 0
core2 (配置路由器)#net 172.16.7.20 0.0.0.3 a 0
core2(config-router)#net 172.16.7.12 0.0.0.3 a 0
core2 (配置路由器)#net 172.16.7.12 0.0.0.3 a 0
核心路由器1配置
核心规则1配置
Router(config)#route ospf 1
路由器(配置)#route ospf 1
Router(config-router)#router-id 3.3.3.3
路由器(config-router)#router-id 3.3.3.3
Router(config-router)#net 172.16.7.0 0.0.0.3 a 0
路由器(config-router)#net 172.16.7.0 0.0.0.3 a 0
Router(config-router)#net 172.16.7.20 0.0.0.3 to 0
路由器(config-router)#net 172.16.7.20 0.0.0.3 至 0
Router(config-router)#net 172.16.7.24 0.0.0.3 to 0
路由器(config-router)#net 172.16.7.24 0.0.0.3 至 0
Router(config-router)#net 172.16.7.28 0.0.0.3 to 0
路由器(config-router)#net 172.16.7.28 0.0.0.3 至 0
The second part of the series
本系列的第二部分
Router(config)#route ospf 1
路由器(配置)#route ospf 1
Router(config-router)#router-id 4.4.4.4
路由器(config-router)#router-id 4.4.4.4
Router(config-router)#net 172.16.7.4 0.0.0.3 to 0
路由器(config-router)#net 172.16.7.4 0.0.0.3 至 0
Router(config-router)#net 172.16.7.16 0.0.0.3 to 0
路由器(config-router)#net 172.16.7.16 0.0.0.3 至 0
Router(config-router)#net 172.16.7.24 0.0.0.3 to 0
路由器(config-router)#net 172.16.7.24 0.0.0.3 至 0
Router(config-router)#net 172.16.7.32 0.0.0.3 to 0
路由器(config-router)#net 172.16.7.32 0.0.0.3 至 0
WIFI connection
WIFI 连接
Router(config)#route ospf 1
路由器(配置)#route ospf 1
Router(config-router)#router-id 6.6.6.6
路由器(config-router)#router-id 6.6.6.6
Router(config-router)#net 172.16.7.8 0.0.0.3 to 0
路由器(config-router)#net 172.16.7.8 0.0.0.3 至 0
Router(config-router)#net 172.16.7.12 0.0.0.3 to 0
路由器(config-router)#net 172.16.7.12 0.0.0.3 至 0
Router(config-router)#net 192.168.0.0 0.0.3.255 a 0
路由器(config-router)#net 192.168.0.0 0.0.3.255 a 0
Egress router configuration
出口路由器配置
Router(config)#route ospf 1
路由器(配置)#route ospf 1
Router(config-router)#route r -id 5.5.5.5
路由器(config-router)#route r -id 5.5.5.5
Router(config-router)#net 172.16.7.28 0.0.0.3 a 0
路由器(config-router)#net 172.16.7.28 0.0.0.3 a 0
Router(config-router)#net 172.16.7.32 0.0.0.3 a 0
路由器(config-router)#net 172.16.7.32 0.0.0.3 a 0
Route redistribution
路由重分配
Egress router configuration
出口路由器配置
Router(config)#ip route 0.0.0.0 0.0.0.0 200.10.1.2
路由器(配置)#ip route 0.0.0.0 0.0.0.0 200.10.1.2
Router(config)#route ospf 1
路由器(配置)#route ospf 1
Router(config-router)#default-information originate
路由器(config-router)#default-information originate
7. WIFI network configuration
7.WIFI网络配置
Using DHCP to dynamically assign IP addresses, 1024 users can access the network simultaneously to achieve wireless Internet access.
采用DHCP动态分配IP地址,可支持1024个用户同时接入网络,实现无线上网。
Router(config)#dot11 ssid wifi
路由器(配置)#dot11 ssid wifi
Router(config-ssid)#authen open
路由器(config-ssid)#authen open
Router(config-ssid)#no authen network-eap
路由器(config-ssid)#no authen network-eap
Router(config-ssid)#authentication key wpa
路由器(config-ssid)#authentication key wpa
Router(config-ssid)#wpa-psk ascii 12345678
路由器(config-ssid)#wpa-psk ascii 12345678
Router(config-ssid)#guest-mode
路由器(config-ssid)#guest-mode
Router(config-ssid)#exit
路由器(config-ssid)#退出
Router(config)#int dot11Radio 0/3/0
路由器(配置)#int dot11Radio 0/3/0
Router(config-if)#no shut
路由器(config-if)#no shutdown
Router(config-if)#ip add 192.168.3.253 255.255.252.0
路由器(config-if)#ip add 192.168.3.253 255.255.252.0
Router(config-if)#ssid wifi
路由器(config-if)#ssid wifi
Router(config-if)#encryption mode ciphers aes-ccm
路由器(config-if)#加密模式密码 aes-ccm
8. NAT external network access configuration
8.NAT外网访问配置
NAT on the egress router to map the intranet Internet access to the external network, solve the problem of insufficient public network addresses, and implement the intranet address hiding function
在出口路由器上进行NAT ,将内网上网映射到外网,解决公网地址不足的问题,实现内网地址隐藏功能
Egress router
出口路由器
Router(config)#ip acc standard 10
路由器(配置)#ip acc 标准 10
Router(config-std-nacl)#per any
路由器(config-std-nacl)#per any
Router(config-std-nacl)#exit
路由器(config-std-nacl)#退出
Router(config)#ip nat pool out 200.10.1.3 200.10.1.10 netmask 255.255.255.0
路由器(配置)#ip nat pool out 200.10.1.3 200.10.1.10 网络掩码 255.255.255.0
Router(config)#ip nat in sou li 10 pool out over
路由器(配置)#ip nat in sou li 10 pool out over
Router(config)#int f0/0
路由器(配置)#int f0/0
Router(config-if)#ip nat in
路由器(config-if)#ip nat in
Router(config-if)#int f0/1
路由器(config-if)#int f0/1
Router(config-if)#ip nat in
路由器(config-if)#ip nat in
Router(config-if)#int s0/0/0
路由器(config-if)#int s0/0/0
Router(config-if)#ip nat out
路由器(config-if)#ip nat out
9. VPN access to the intranet
9.VPN 访问内网
Enable Internet users to access intranet library resources.
使互联网用户能够访问内网图书馆资源。
Egress router
出口路由器
Router(config)#int tunnel 0
路由器(配置)#int tunnel 0
Router(config-if)#ip address 172.16.7.37 255.255.255.252
路由器(config-if)#ip地址172.16.7.37 255.255.255.252
Router(config-if)#tunnel mode gre ip
路由器(config-if)#隧道模式gre ip
Router(config-if)#tunnel source s0/0/0
路由器(config-if)#隧道源 s0/0/0
Router(config-if)#tunnel destination 200.10.1.2
路由器(config-if)#隧道目标 200.10.1.2
Router(config)#route ospf 1
路由器(配置)#route ospf 1
Router(config-router)#net 172.16.7.3 6 0.0.0.3 a 0
路由器(config-router)#net 172.16.7.3 6 0.0.0.3 a 0
ISP Router
ISP 路由器
ISP(config)#int tunnel 0
ISP(配置)#int 隧道 0
ISP(config-if)#ip add 172.16.7.38 255.255.255.252
ISP (配置 if)#ip 添加 172.16.7.38 255.255.255.252
ISP(config-if)#tunnel mode gre ip
ISP(config-if)#隧道模式 gre ip
ISP(config-if)#tunnel sou s0/0/0
ISP(config-if)#隧道sou s0/0/0
ISP(config-if)#tunnel de 200.10.1.1
ISP(config-if)#隧道从200.10.1.1
ISP(config-if)#exit
ISP(config-if)#退出
ISP(config)#ip route 172.16.6.0 255.255.255.0 172.16.7.37
ISP (配置)#ip 路由 172.16.6.0 255.255.255.0 172.16.7.37
10. Double-click the hot standby HSRP on the switch
10.双击交换机上的热备HSRP
Implement dual-machine hot standby and redundant lines in the core switching area to avoid network collapse caused by single-path errors.
在核心交换区实行双机热备、线路冗余,避免因单路径错误造成网络崩溃。
Core switch 1
核心交换机1
core1(config)#int vlan 10
core1(配置)#int vlan 10
core1(config-if)#standby 10 ip 172.16.0.254
core1(config-if)#standby 10 pri 105
core1(config-if)#stan 10 preempt
core1(config-if)#stan 10 抢占
core1(config-if)#stan 10 track f0/23
core1 (config-if)#stan 10 轨道 f0/23
core1(config-if)#stan 10 track f0/24
core1 (config-if)#stan 10 轨道 f0/24
core1(config-if)#int vlan 20
core1(config-if)#standby 20 ip 172.16.1.126
core1(config-if)#standby 20 pri 105
core1(config-if)#stan 20 preempt
core1(config-if)#stan 20 抢占
core1(config-if)#stan 20 track f0/23
core1 (config-if)#stan 20 轨道 f0/23
core1(config-if)#stan 20 track f0/24
core1 (config-if)#stan 20 轨道 f0/24
core1(config-if)#int vlan 30
core1(config-if)#standby 30 ip 172.16.6.254
core1(config-if)#standby 30 pri 105
core1(config-if)#stan 30 preempt
core1(config-if)#stan 30 抢占
core1(config-if)#stan 30 track f0/23
core1 (config-if)#stan 30 轨道 f0/23
core1(config-if)#stan 30 track f0/24
core1 (config-if)#stan 30 轨道 f0/24
core1(config-if)#int vlan 40
core1(config-if)#standby 40 ip 172.16.3.254
core1(config-if)#standby 40 pri 105
core1(config-if)#stan 40 preempt
core1(config-if)#stan 40 抢占
core1(config-if)#stan 40 track f0/23
core1 (config-if)#stan 40 轨道 f0/23
core1(config-if)#stan 40 track f0/24
core1 (config-if)#stan 40 轨道 f0/24
core1(config-if)#int vlan 50
core1(config-if)#standby 50 ip 172.16.4.254
core1(config-if)#stan 50 preempt
core1(config-if)#stan 50 抢占
core1(config-if)#stan 50 track f0/23
core1 (config-if)#stan 50 轨道 f0/23
core1(config-if)#stan 50 track f0/24
core1 (config-if)#stan 50 轨道 f0/24
core1(config-if)#int vlan 60
core1(config-if)#standby 60 ip 172.16.5.254
core1(config-if)#stan 60 preempt
core1(config-if)#stan 60 抢占
core1(config-if)#stan 60 track f0/23
core1 (config-if)#stan 60 轨道 f0/23
core1(config-if)#stan 60 track f0/24
core1 (config-if)#stan 60 轨道 f0/24
core1(config-if)#int vlan 70
core1(config-if)#standby 70 ip 172.16.11.254
core1(config-if)#stan 70 preempt
core1(config-if)#stan 70 抢占
core1(config-if)#stan 70 track f0/23
core1 (config-if)#stan 70 轨道 f0/23
core1(config-if)#stan 70 track f0/24
core1 (config-if)#stan 70 轨道 f0/24
core1(config-if)#int vlan 80
core1(config-if)#standby 80 ip 172.16.15.254
core1(config-if)#stan 80 preempt
core1(config-if)#stan 80 抢占
core1(config-if)#stan 80 track f0/23
core1 (config-if)#stan 80 轨道 f0/23
core1(config-if)#stan 80 track f0/24
core1 (config-if)#stan 80 轨道 f0/24
core1(config-if)#int vlan 90
core1(config-if)#standby 90 ip 172.16.1.254
core1(config-if)#standby 90 pri 105
core1(config-if)#stan 90 preempt
core1(config-if)#stan 90 抢占
core1(config-if)#stan 90 track f0/23
core1 (config-if)#stan 90 轨道 f0/23
core1(config-if)#stan 90 track f0/24
core1 (config-if)#stan 90 轨道 f0/24
核心交换机2
core2(config)#int vlan 10
core2(配置)#int vlan 10
core2(config-if)#standby 10 ip 172.16.0.254
core2(config-if)#stan 10 preempt
core2(config-if)#stan 10 抢占
core2(config-if)#stan 10 track f0/23
core2 (config-if)#stan 10 轨道 f0/23
core2(config-if)#stan 10 track f0/24
core2 (config-if)#stan 10 轨道 f0/24
core2(config-if)#int vlan 20
core2(config-if)#standby 20 ip 172.16.1.126
core2(config-if)#stan 20 preempt
core2(config-if)#stan 20 抢占
core2(config-if)#stan 20 track f0/23
core2 (config-if)#stan 20 轨道 f0/23
core2(config-if)#stan 20 track f0/24
core2 (config-if)#stan 20 轨道 f0/24
core2(config-if)#int vlan 30
core2(config-if)#standby 30 ip 172.16.6.254
core2(config-if)#stan 30 preempt
core2(config-if)#stan 30 抢占
core2(config-if)#stan 30 track f0/23
core2 (config-if)#stan 30 轨道 f0/23
core2(config-if)#stan 30 track f0/24
core2 (config-if)#stan 30 轨道 f0/24
core2(config-if)#int vlan 40
core2(config-if)#standby 40 ip 172.16.3.254
core2(config-if)#stan 40 preempt
core2(config-if)#stan 40 抢占
core2(config-if)#stan 40 track f0/23
core2 (config-if)#stan 40 轨道 f0/23
core2(config-if)#stan 40 track f0/24
core2 (config-if)#stan 40 轨道 f0/24
core2(config-if)#int vlan 50
core2(config-if)#standby 50 ip 172.16.4.254
core2(config-if)#standby 50 pri 105
core2(config-if)#stan 50 preempt
core2(config-if)#stan 50 抢占
core2(config-if)#stan 50 track f0/23
core2 (config-if)#stan 50 轨道 f0/23
core2(config-if)#stan 50 track f0/24
core2 (config-if)#stan 50 轨道 f0/24
core2(config-if)#int vlan 60
core2(config-if)#standby 60 ip 172.16.5.254
core2(config-if)#standby 60 pri 105
core2(config-if)#stan 60 preempt
core2(config-if)#stan 60 抢占
core2(config-if)#stan 60 track f0/23
core2 (config-if)#stan 60 轨道 f0/23
core2(config-if)#stan 60 track f0/24
core2 (config-if)#stan 60 轨道 f0/24
core2(config-if)#int vlan 70
core2(config-if)#standby 70 ip 172.16.11.254
core2(config-if)#standby 70 pri 105
core2(config-if)#stan 70 preempt
core2(config-if)#stan 70 抢占
core2(config-if)#stan 70 track f0/23
core2 (config-if)#stan 70 轨道 f0/23
core2(config-if)#stan 70 track f0/24
core2 (config-if)#stan 70 轨道 f0/24
core2(config-if)#int vlan 80
core2(config-if)#standby 80 ip 172.16.15.254
core2(config-if)#standby 80 pri 105
core2(config-if)#stan 80 preempt
core2(config-if)#stan 80 抢占
core2(config-if)#stan 80 track f0/23
core2 (config-if)#stan 80 轨道 f0/23
core2(config-if)#stan 80 track f0/24
core2 (config-if)#stan 80 轨道 f0/24
core2(config-if)#int vlan 90
core2(config-if)#standby 90 ip 172.16.1.254
core2(config-if)#stan 90 preempt
core2(config-if)#stan 90 抢占
core2(config-if)#stan 90 track f0/23
core2 (config-if)#stan 90 轨道 f0/23
core2(config-if)#stan 90 track f0/24
core2 (config-if)#stan 90 轨道 f0/24
11. Link aggregation configuration
11.链路聚合配置
Through link aggregation, multiple lines are aggregated into a link with large bandwidth, improving data transmission efficiency and stability.
通过链路聚合,将多条线路聚合成一条大带宽的链路,提高数据传输效率和稳定性。
Core switch 1
核心交换机1
core1(config)#int range f0/8-9
core1(配置)#int 范围 f0/8-9
core1(config-if-range)#channel-group 1 mode desi
core1(config-if-range)#channel-group 1 模式 desi
core1(config-if-range)#channel-pro lacp
Command rejected (the interface Fa0/8 is ): is already part of a channel with a different type of protocol enabled
命令被拒绝(接口 Fa0/8 是):已经是启用了不同类型协议的通道的一部分
Command rejected (the interface Fa0/9 is ): is already part of a channel with a different type of protocol enabled
命令被拒绝(接口 Fa0/9 是):已经是启用了不同类型协议的通道的一部分
core1(config-if-range)#exit
core1 (config-if-range)#退出
core1(config)#int port-channel 1
core1(config)#int 端口通道 1
core1(config-if)#sw t e d
core1(config-if)#sw ted
core1(config-if)#sw m t
core1(config-if)#sw mt
core1(config-if)#exit
core1(config-if)#退出
核心交换机2
core2(config)#int range f0/8-9
core2(配置)#int 范围 f0/8-9
core2(config-if-range)#channel-group 1 mode desi
core2(config-if-range)#channel-group 1 模式 desi
core2(config-if-range)#channel-pro lacp
core2 (config-if-range)#channel-pro lacp
Command rejected (the interface Fa0/8 is ): is already part of a channel with a different type of protocol enabled
命令被拒绝(接口 Fa0/8 是):已经是启用了不同类型协议的通道的一部分
Command rejected (the interface Fa0/9 is ): is already part of a channel with a different type of protocol enabled
命令被拒绝(接口 Fa0/9 是):已经是启用了不同类型协议的通道的一部分
core2(config-if-range)#exit
core2 (config-if-range)#退出
core2(config)#int port-channel 1
core2(配置)#int 端口通道 1
core2(config-if)#sw ted
core2(config-if)#sw mt
core2(config-if)#exit
core2(config-if)#退出
12. Minimum Spanning Tree Protocol STP
12.最小生成树协议STP
Implement minimum spanning tree STP to ensure that there are no loops in the network.
实现最小生成树STP ,确保网络中没有环路。
Core switch 1
核心交换机1
core1(config)#spanning-tree vlan 10,20,30,40,90 root primary
core1(config)#生成树 vlan 10,20,30,40,90 根主
core1(config)#spanning-tree vlan 50,60,70,80 root secondary
core1(config)#spanning-tree vlan 50,60,70,80 根辅助
Core switch 2
核心交换机2
core2(config)#spanning-tree vlan 10,20,30,40,90 root secondary
core2(config)#生成树 vlan 10,20,30,40,90 根辅助
core2(config)#spanning-tree vlan 50,60,70,80 root primary
core2(config)#生成树 vlan 50,60,70,80 根主
13. ACL access control
13. ACL 访问控制
(1) Dormitory students cannot access administrative and teaching building resources.
(1)住宿生不能使用学校行政及教学楼资源。
(2) After accessing the external network VPN , access to teaching building resources is not allowed.
(2)接入外网VPN后,不允许访问教学楼资源。
The dormitory area cannot access the teaching building and the administrative building
宿舍区不能进入教学楼和行政楼
Core switch 2
核心交换机2
core2(config)#ip acc ex 100
core2(配置)#ip acc ex 100
core2(config-ext-nacl)#deny ip 172.16.8.0 0.0.3.255 172.16.0.0 0.0.0.255
core2 (config-ext-nacl)#拒绝 ip 172.16.8.0 0.0.3.255 172.16.0.0 0.0.0.255
core2(config-ext-nacl)#deny ip 172.16.8.0 0.0.3.255 172.16.1.0 0.0.0.127
core2 (config-ext-nacl)#拒绝 ip 172.16.8.0 0.0.3.255 172.16.1.0 0.0.0.127
core2(config-ext-nacl)#deny ip 172.16.12.0 0.0.3.255 172.16.0.0 0.0.0.255
core2 (config-ext-nacl)#拒绝 ip 172.16.12.0 0.0.3.255 172.16.0.0 0.0.0.255
core2(config-ext-nacl)#deny ip 172.16.12.0 0.0.3.255 172.16.1.0 0.0.0.127
core2 (config-ext-nacl)#拒绝 ip 172.16.12.0 0.0.3.255 172.16.1.0 0.0.0.127
core2(config-ext-nacl)#per ip any any
core2(config-ext-nacl)#int vlan 70
core2(config-if)#ip acc 100 in
core2(config-if)#int vlan 80
core2(config-if)#ip acc 100 in
Unable to access the teaching building after external network VPN access
外网VPN接入后无法访问教学楼
Router(config)#ip acc extended 100
路由器(配置)#ip acc extended 100
Router(config-ext-nacl)#deny ip 0.0.0.0 0.0.0.0 172.16.1.0 0.0.0.127
路由器(config-ext-nacl)#deny ip 0.0.0.0 0.0.0.0 172.16.1.0 0.0.0.127
Router(config-ext-nacl)#int s0/0/0
路由器(config-ext-nacl)#int s0/0/0
Router(config-if)#ip access-group 100 in
路由器(config-if)#ip access-group 100
Router(config-ext-nacl)#per ip any any
路由器(config-ext-nacl)#per ip any any
14. HTTP, DNS and mail server configuration
14.HTTP、DNS 和邮件服务器配置
1. Configure the homepage of A University campus network (http://www.aau.edu.cn/) .
1、配置A大学校园网主页(http://www.aau.edu.cn/) 。
2. Configuring DNS domain name resolution can assist external computers in resolving the campus network homepage and mail server.
2、配置DNS域名解析,可以协助外部计算机解析校园网主页和邮件服务器。
3. Configure the mail server to send and receive mails (mail.aau.edu.cn) .
3.配置邮件服务器,发送和接收邮件(mail.aau.edu.cn) 。
DNS server configuration
DNS 服务器配置
WEB server configuration
WEB 服务器配置
Mail Server Configuration
邮件服务器配置
3. Simulation Verification and Functional Testing
3.仿真验证与功能测试
DHCP Test
DHCP 测试