ccnp大型企业综合案例分析1

这个项目主要实现思路关键点之独孤九剑：Ip地址的规范接口对应表的整理主次关系的整理分清楚什么是二层技术什么是三层技术对于相同的预配置先在记事本写好，利用crt直接粘贴复制，这样节省时间和提高效率。几种交换协议的一句话理解：Vtp 是用来简化vlan 的配置，思科专有。公有GVRP.Vtp 配置方法：两台交换机之间用trunk 相连，配置服务端与客户端，配置相同的密码，域名，版本。服务器配置版本高于客户机。Stp pvst mst 生成树，快速生成树，多生成树。生成树是用来防止二层环路，三层环路用路由协议来防环。原理是通过阻塞一条链路来防环。Pvst 工程中主要用来对不同vlan 做冗余备份。Mst 是pvst 的升级版，通过不同实例给vlan 做冗余备分。HSRR VRRP GLBP 是用来给网关提供冗余备份。通过使作几个不同的组达到给不同vlan 提供冗余备份作用。Ospf rip eigrp 将不同的vlan 的子网消息宣告出去。如果trunk 有两线，一定要放到二层组中。 具体代码如下：1）路由交换预配置 enclock set 8:00:00 28 june 2016 \\记住这个在现实生活中非常重要，因为很多时间不对的话查看日志信息可能会有问题conf thost r1clock timezone GTM 8 \\设置时区line c 0 \\进入控制台logg sy \\日志同步,以免日志把正常输入打乱no ip domain-lookup \\关掉域名解析功能,不然打错命令会等待30秒enable password luliechu@123456 \\明文密码enable secret luliechu@147258 \\密文密码更安全，同时明文密码无效username luliechu privilege 3 secret luliechu@147258 \\本地用户名和密码并且赋予权限line vty 0 4 \\开启远程终端password luliechu@123456 \\vty密码login local \\允许登录方式为本地用户验证endwrite \\保存配置命令 R2enclock set 8:00:00 28 june 2016 conf thost r2clock timezone GTM 8 line c 0 logg sy no ip domain-lookup enable password luliechu@123456 enable secret luliechu@147258 username luliechu privilege 3 secret luliechu@147258 line vty 0 4 password luliechu@123456 login local endwrite IOU1enclock set 8:00:00 28 june 2016 conf thost SW1clock timezone GTM 8 line c 0 logg sy no ip domain-lookup enable password luliechu@123456 enable secret luliechu@147258 username luliechu privilege 3 secret luliechu@147258 line vty 0 4 password luliechu@123456 login local endwrite IOU2enclock set 8:00:00 28 june 2016 conf thost SW2clock timezone GTM 8 line c 0 logg sy no ip domain-lookup enable password luliechu@123456 enable secret luliechu@147258 username luliechu privilege 3 secret luliechu@147258 line vty 0 4 password luliechu@123456 login local endwrite IOU3enclock set 8:00:00 28 june 2016 conf thost SW3clock timezone GTM 8 line c 0 logg sy no ip domain-lookup enable password luliechu@123456 enable secret luliechu@147258 username luliechu privilege 3 secret luliechu@147258 line vty 0 4 password luliechu@123456 login local endwrite IOU4enclock set 8:00:00 28 june 2016 conf thost SW4clock timezone GTM 8 line c 0 logg sy no ip domain-lookup enable password luliechu@123456 enable secret luliechu@147258 username luliechu privilege 3 secret luliechu@147258 line vty 0 4 password luliechu@123456 login local endwrite IOU5enclock set 8:00:00 28 june 2016 conf thost SW5clock timezone GTM 8 line c 0 logg sy no ip domain-lookup enable password luliechu@123456 enable secret luliechu@147258 username luliechu privilege 3 secret luliechu@147258 line vty 0 4 password luliechu@123456 login local endwrite IOU6enclock set 8:00:00 28 june 2016 conf thost SW6clock timezone GTM 8 line c 0 logg sy no ip domain-lookup enable password luliechu@123456 enable secret luliechu@147258 username luliechu privilege 3 secret luliechu@147258 line vty 0 4 password luliechu@123456 login local endwrite 2）将交换机所有需要加入到tr链路的端口加入进来Iou1//把所需使用vtp协议的端口线路更改为trunk模式enconf tint rang f0/1-8sw tr en d //在pt中不需要，真实环境和iou中都要加sw mo tr//创建vtp并把这台交换机设为server模式 conf tvtp dom ccievtp mod servervtp pruning // //在pt中不支持这命令，真实环境和iou中都支持这样节省带宽开销End//创建vlanconf tvlan 10vlan 20vlan 30vlan 40vlan 50vlan 60vlan 70vlan 80Vlan 100End//创建管理地址，方便管理员管理conf tint vlan 100ip add 192.168.9.1 255.255.255.0no shutEnd//设置vtp版本密码(为了安全起见)conf tvtp pass lu@123vtp ver 2End//创建二层组，使用以太网端口聚合技术，实现高速负载分流conf tint rang f0/1-4Channel-protocol lacpchannel-g 1 mode activeend//Mst 是pvst 的升级版，通过不同实例给vlan 做冗余备分。创建了两个实例1 2，分别将vlan10-80加入到对应实例，并设置主从，实现不同实例的冗余备份 conf tspanning-tree mode mst //在pt中不支持mst，只能用rstp来实现了，现实生活和iou上都支持spanning-tree mst configuinstance 1 vlan 10,20,30,40revision 1instance 2 vlan 50,60,70,80revision 1exitspanning-tree mst 1 root primaryspanning-tree mst 2 root secondaryEnd EnConf tSpanning-tree mode rapspanning-tree vlan 10,20,30,40 root primaryspanning-tree vlan 50,60,70,80 root secondayEnd //为不同vlan划分网关，实现不同vlan基于三层交换机的路由互通conf tint vlan 10ip add 192.168.1.2 255.255.255.0no shutint vlan 20ip add 192.168.2.2 255.255.255.0no shutint vlan 30ip add 192.168.3.2 255.255.255.0no shutint vlan 40ip add 192.168.4.2 255.255.255.0no shutint vlan 50ip add 192.168.5.2 255.255.255.0no shutint vlan 60ip add 192.168.6.2 255.255.255.0no shutint vlan 70ip add 192.168.7.2 255.255.255.0no shutint vlan 80ip add 192.168.8.2 255.255.255.0no shutEnd//配置hsrp实现网关高可用性，sw1是vlan10，20,30,40-的主网关，是50,60,70,80 的备用网关。Sw2是vlan50,60,70,80的主网关，是10，20,30,40 的备网关。注意State is Active 为主网关State is Standby 为备网关conf tint vlan 10standby 10 ip 192.168.1.1standby 10 priority 105standby 10 preemptstandby 10 track g0/1endconf tint vlan 20standby 20 ip 192.168.2.1standby 20 priority 105standby 20 preemptstandby 20 track g0/1endconf tint vlan 30standby 30 ip 192.168.3.1standby 30 priority 105standby 30 preemptstandby 30 track g0/1endconf tint vlan 40standby 40 ip 192.168.4.1standby 40 priority 105standby 40 preemptstandby 40 track g0/1endconf tint vlan 50standby 50 ip 192.168.5.1standby 50 priority 100standby 50 preemptstandby 50 track g0/1endconf tint vlan 60standby 60 ip 192.168.6.1standby 60 priority 100standby 60 preemptstandby 60 track g0/1endconf tint vlan 70standby 70 ip 192.168.7.1standby 70 priority 100standby 70 preemptstandby 70 track g0/1endconf tint vlan 80standby 80 ip 192.168.8.1standby 80 priority 100standby 80 preemptstandby 80 track g0/1endwrite 3）配置dhcpip dhcp excluded-address 192.168.1.1ip dhcp excluded-address 192.168.1.2ip dhcp excluded-address 192.168.1.3 ip dhcp pool vlan10 network 192.168.1.0 255.255.255.0 default-router 192.168.1.1 dns-server 202.96.128.86Exit ip dhcp excluded-address 192.168.2.1ip dhcp excluded-address 192.168.2.2ip dhcp excluded-address 192.168.2.3 ip dhcp pool vlan20 network 192.168.2.0 255.255.255.0 default-router 192.168.2.1 dns-server 202.96.128.86exitip dhcp excluded-address 192.168.3.1ip dhcp excluded-address 192.168.3.2ip dhcp excluded-address 192.168.3.3 ip dhcp pool vlan30 network 192.168.3.0 255.255.255.0 default-router 192.168.3.1 dns-server 202.96.128.86exitip dhcp excluded-address 192.168.4.1ip dhcp excluded-address 192.168.4.2ip dhcp excluded-address 192.168.4.3 ip dhcp pool vlan40 network 192.168.4.0 255.255.255.0 default-router 192.168.4.1 dns-server 202.96.128.86exitip dhcp excluded-address 192.168.5.1ip dhcp excluded-address 192.168.5.2ip dhcp excluded-address 192.168.5.3 ip dhcp pool vlan50 network 192.168.5.0 255.255.255.0 default-router 192.168.5.1 dns-server 202.96.128.86exitip dhcp excluded-address 192.168.6.1ip dhcp excluded-address 192.168.6.2ip dhcp excluded-address 192.168.6.3 ip dhcp pool vlan60 network 192.168.6.0 255.255.255.0 default-router 192.168.6.1 dns-server 202.96.128.86 ip dhcp excluded-address 192.168.7.1ip dhcp excluded-address 192.168.7.2ip dhcp excluded-address 192.168.7.3 ip dhcp pool vlan70 network 192.168.7.0 255.255.255.0 default-router 192.168.7.1 dns-server 202.96.128.86exitip dhcp excluded-address 192.168.8.1ip dhcp excluded-address 192.168.8.2ip dhcp excluded-address 192.168.8.3 ip dhcp pool vlan80 network 192.168.8.0 255.255.255.0 default-router 192.168.8.1 dns-server 202.96.128.86end