经典的三层网络案例分析

文章作者 100test 发表时间 2007:09:20 12:48:22
来源 100Test.Com百考试题网

目的：让不同的vlan 之间可以互相通讯。

IP规划

vlna ID ip网段 vlan网关

vlan 1 172.16.1.0/24 172.16.1.7-9
vlan 2 172.16.2.0/24 172.16.2.252-254
vlan 3 172.16.3.0/24 172.16.3.252-254
vlan 4 172.16.4.0/24 172.16.4.252-254
vlan 5 172.16.5.0/24 172.16.5.252-254
vlan 6 172.16.6.0/24 172.16.6.252-254
vlan 7 172.16.7.0/24 172.16.7.252-254
vlan 8 172.16.8.0/24 172.16.8.252-254
vlan 9 172.16.9.0/24 172.16.9.252-254

拓朴图见最后面

器配置

cisco路由器配置：


Enable
Configure terminal
Service password-encryption
Hostname cisco1721
Enable secret 654321
Enable password 123456
ip subnet-zero
ip name-server 202.96.134.133 202.96.172.218
interface fastethernet 0
ip address 61.142.221.5 255.255.255.240
speed auto
no shutdown
interface serial 0
ip unnumbered fastethernet 0
encapsulation ppp
no fair-queue
bandwidth 2048
no shutdown
exit
ip classless
ip route 0.0.0.0 0.0.0.0 serial 0
no ip http server
line con 0
line aux 0
line vty 0 4
password 12345678
login
no scheduler allocate
end


请注意NAT等是在防火墙设置的．
交换机配置

一、Catalyst 4006-s3交换机配置：




Enable
Configure terminal
service pad
service password-encryption
hostname c4006-s3
enable password 123456.
Enable secret 654321
Ip subnet-zero
Ip name-server 172.16.8.1 172.16.8.2
ip routing
Exit
Vlan database
Vtp mode server
Vtp domain centervtp
Vlan 2 name vlan2
Vlan 3 name vlan3
Vlan 4 name vlan4
Vlan 5 name vlan5
Vlan 6 name vlan6
Vlan 7 name vlan7
Vlan 8 name vlan8
Vlan 9 name vlan9
Exit
Configure terminal
Interface port-channel 1
Interface gigabitethernet 2/1
channel-group 1
Interface gigabitethernet 2/2
channel-group 1
Interface gigabitethernet 2/1
switchport mode trunk
switchport trunk encapsulation dotlq
switchport trunk allowed vlan all
interface gigabitethernet 2/3
switchport mode trunk
switchport trunk encapsulation dotlq
switchport trunk allowed vlan all
interface gigabitethernet 2/4
switchport mode trunk
switchport trunk encapsulation dotlq
switchport trunk allowed vlan all
interface gigbitethernet 2/5
switchport mode trunk
switchport trunk encapsulation dotlq
switchport trunk allowed vlan all
interface gigbitethernet 2/6
switchport mode trunk
switchport trunk encapsulation dotlq
switchprot trunk allowed vlan all
interface gigbitethernet 2/7
switchport access vlan 9
no shutdown
interface range gigabitethernet 2/8 – 20
switchport mode access
switchport access vlan 8
no shutdown
spanning-tree portfast
interface gigabitethernet 3/1
switchport mode trunk
switchport trunk encapsulation dotlq
switchport trunk allowed vlan all
interface gigabitethernet 3/2
switchport mode trunk
switchport trunk encapsulation dotlq
switchport trunk allowed vlan all
spanning-tree vlan 1-9 root primary
spanning-tree backbonefast
interface vlan 1
ip address 172.16.1.7 255.255.255.0
no shutdown
standby 1 ip 172.16.1.9
standby 1 priority 110 preempt
interface vlan 2
ip address 172.16.2.252 255.255.255.0
no shutdown
standby 2 ip 172.16.2.254
standby 2 priority 110 preempt
interface vlan 3
ip address 172.16.3.252 255.255.255.0
no shutdown
standby 3 ip 172.16.3.254
standby 3 priority 110 preempt
interface vlan 4
ip address 172.16.4.252 255.255.255.0
no shutdown
standby 4 ip 172.16.4.254
standby 4 priority 110 preempt
interface vlan 5
ip address 172.16.5.252 255.255.255.0
no shutdown
standby 5 ip 172.16.5.254
standby 5 priority 110 preempt
interface vlan 6
ip address 172.16.6.252 255.255.255.0
no shutdown
standby 6 ip 172.16.6.254
standby 6 priority 110 preempt
interface vlan 7
ip address 172.16.7.252 255.255.255.0
no shutdown
standby 7 ip 172.16.7.254
standby 7 priority 110 preempt
interface vlan 8
ip address 172.16.8.252 255.255.255.0
no shutdown
standby 8 ip 172.16.8.254
standby 8 priority 110 preempt
interface vlan 9
ip address 172.16.9.252 255.255.255.0
no shutdown
standby 9 ip 172.16.9.254
standby 9 priority 110 preempt
exit
ip classless
ip route 0.0.0.0 0.0.0.0 172.16.9.250
line con 0
line aux 0
line vty 0 15
password 12345678
login
end