基于eNSP搭建的小圆区组网

技术文档

一. 拓扑图

二. 部署要求

（一）创建拓扑图

按照拓扑图连接设备，连线两端端口。

（二）基础操作

更改设备名

（三）配置STP

令SW1为根桥，SW2为备份桥

（四）配置VLAN

设备名

接口

链路类型

Vlan参数

LSW1

G0/0/2

Access

Vlan 60 192.168.60.0/24

Eth-trunk1

Trunk

Vlan 50 30 40 10 20

G0/0/1

Trunk

Vlan 10 20 30 40

G0/0/5

Trunk

Vlan 10 20 30 40

LSW2

G0/0/2

Access

Vlan 70 192.168.70.0/24

Eth-trunk1

Trunk

Vlan 50 30 40 10 20

G0/0/1

Trunk

Vlan 30 40 10 20

G0/0/5

Trunk

Vlan 10 20 30 40

LSW3

G0/0/3

Trunk

Vlan 10 20

G0/0/4

Trunk

Vlan 10 20

G0/0/1

Access

Vlan 10 192.168.10.0/24

G0/0/2

Access

Vlan 20 192.168.20.0/24

LSW4

G0/0/1

Access

Vlan 30 192.168.30.0/24

G0/0/2

Access

Vlan 40 192.168.40.0/24

G0/0/3

Trunk

Vlan 30 40

G0/0/4

Trunk

Vlan 30 40

（五）负载分担配置VRRP和链路聚合

增加网关可靠性，在LSW1,LSW2上设置VRRP，并且让LSW1作为VLAN10、Vlan20的主路由器，VLAN30、Vlan40的备用路由器。LSW2作为 VLAN30、Vlan40的主用路由器，VLAN10、Vlan20的备路由器

VLAN

VRRP组号（VRID）

VRRP虚拟IP

VLAN10

192.168.10.254

VLAN20

192.168.20.254

VLAN30

192.168.30.254

VLAN40

192.168.40.254

SW1 与SW2 之间的接口链路配置链路聚合，并使用逻辑接口Eth-Trunk 1

（六）配置OSPF，默认路由

SW1、SW2、R1配置OSPF，区域为0骨干区域
R1配置默认路由

（七）配置DHCP与DHCP中继

R1充当DHCP服务器，SW1和SW2充当DHCP中继DHCP服务器为内网分配IP地址
DHCP配置地址池避免IP地址冲突

（八）NAT映射配置

R1配置Easy IP实现公网转换

测试

使用内网PC ping外网114.114.1.2客户端是否被NAT转换
外网114.114.114.2是否可以访问内网的服务器192.168.40.3服务

三. 实验步骤

（一）基础操作

更改设备名称、创建Vlan、创建链路聚合及设置生成树

SW1：

#sysname SW1 //设备名称修改为SW1#vlan batch 10 20 30 40 50 60 70 //创建网络所需Vlan#stp root primary //SW1设置为根桥#interface Eth-Trunk1 //创建聚合链路eth-trunk1 port link-type trunk //将链路类型设置为trunk port trunk allow-pass vlan 10 20 30 40 50 //放行vlantrunkport g 0/0/3 to 0/0/4 //将g0/0/3和g0/0/4加入到聚合链路eth-trunk1#

SW2：

#sysname SW2#vlan batch 10 20 30 40 50 70#stp instance 0 root secondary //将SW2设置为备份桥#interface Eth-Trunk1 port link-type trunk port trunk allow-pass vlan 10 20 30 40 50#

（二）配置Vlan、接口IP及VRRP链路备份

SW1

#interface Vlanif10 //进入Vlan10if接口 ip address 192.168.10.1 255.255.255.0 //设置IP地址 vrrp vrid 1 virtual-ip 192.168.10.254 //设置VRRP，vlan10的虚拟网关为192.168.10.254 vrrp vrid 1 priority 120  //设置优先级为120#interface Vlanif20 ip address 192.168.20.1 255.255.255.0 vrrp vrid 2 virtual-ip 192.168.20.254 //设置VRRP，vlan20的虚拟网关为192.168.20.254 vrrp vrid 2 priority 120  //设置优先级为120#interface Vlanif30 ip address 192.168.30.1 255.255.255.0 vrrp vrid 3 virtual-ip 192.168.30.254 //设置VRRP，vlan30的虚拟网关为192.168.30.254,没有修改vrrp优先级默认为100#interface Vlanif40 ip address 192.168.40.1 255.255.255.0 vrrp vrid 4 virtual-ip 192.168.40.254#interface Vlanif50 ip address 192.168.50.1 255.255.255.0#interface Vlanif60 ip address 192.168.60.2 255.255.255.0#interface GigabitEthernet0/0/3 eth-trunk 1#interface GigabitEthernet0/0/4 eth-trunk 1#interface GigabitEthernet0/0/5 port link-type trunk port trunk allow-pass vlan 10 20 30 40#

SW2

#interface Vlanif10 ip address 192.168.10.2 255.255.255.0 vrrp vrid 1 virtual-ip 192.168.10.254//默认vrrp优先级就为100#interface Vlanif20 ip address 192.168.20.2 255.255.255.0 vrrp vrid 2 virtual-ip 192.168.20.254#interface Vlanif30 ip address 192.168.30.2 255.255.255.0 vrrp vrid 3 virtual-ip 192.168.30.254 vrrp vrid 3 priority 120//设置vlan30 vrrp优先级为120，在sw2中充当主vrrp#interface Vlanif40 ip address 192.168.40.2 255.255.255.0 vrrp vrid 4 virtual-ip 192.168.40.254 vrrp vrid 4 priority 120 #interface Vlanif50 ip address 192.168.50.2 255.255.255.0#interface Vlanif70 ip address 192.168.70.2 255.255.255.0#interface Eth-Trunk1 port link-type trunk port trunk allow-pass vlan 10 20 30 40 50#interface GigabitEthernet0/0/1 port link-type trunk port trunk allow-pass vlan 30 40#interface GigabitEthernet0/0/2 port link-type access port default vlan 70#interface GigabitEthernet0/0/3 eth-trunk 1#interface GigabitEthernet0/0/4 eth-trunk 1#interface GigabitEthernet0/0/5 port link-type trunk port trunk allow-pass vlan 10 20 30 40#

SW3

interface GigabitEthernet0/0/1 port link-type access port default vlan 10#interface GigabitEthernet0/0/2 port link-type access port default vlan 20#interface GigabitEthernet0/0/3 port link-type trunk port trunk allow-pass vlan 10 20#interface GigabitEthernet0/0/4 port link-type trunk port trunk allow-pass vlan 10 20#

SW4

interface GigabitEthernet0/0/1 port link-type access port default vlan 30#interface GigabitEthernet0/0/2 port link-type access port default vlan 40#interface GigabitEthernet0/0/3 port link-type trunk port trunk allow-pass vlan 30 40#interface GigabitEthernet0/0/4 port link-type trunk port trunk allow-pass vlan 10 20 30 40#

interface GigabitEthernet0/0/0 ip address 100.1.1.1 255.255.255.0 #interface GigabitEthernet0/0/1 ip address 192.168.60.1 255.255.255.0 #interface GigabitEthernet0/0/2 ip address 192.168.70.1 255.255.255.0

ISP

interface Ethernet0/0/0 ip address 100.1.1.2 255.255.255.0#interface Ethernet0/0/1 ip address 114.114.1.1 255.255.255.0 //客户端的网关#

（三）配置OSPF与默认路由

SW1

ospf 1 area 0.0.0.0 network 192.168.60.0 0.0.0.255 network 192.168.50.0 0.0.0.255 network 192.168.10.0 0.0.0.255 network 192.168.20.0 0.0.0.255//宣告邻居网段

SW2

ospf 1 area 0.0.0.0 network 192.168.70.0 0.0.0.255 network 192.168.50.0 0.0.0.255 network 192.168.30.0 0.0.0.255 network 192.168.40.0 0.0.0.255

ospf 1 default-route-advertise //接受外部引入路由 area 0.0.0.0 network 192.168.60.0 0.0.0.255 network 192.168.70.0 0.0.0.255 #ip route-static 0.0.0.0 0.0.0.0 100.1.1.2 //设置默认路由，下一跳为连接的ISP接口#

ISP

ip route-static 0.0.0.0 0.0.0.0 100.1.1.1

(四）DHCP中继配置

dhcp enable //开启dhcp服务#ip pool vlan10-ip //创建名为vlan10-ip的地址池 gateway-list 192.168.10.254 //分配的网关为192.168.10.254 network 192.168.10.0 mask 255.255.255.0 //地址池范围为192.168.10.0 24 excluded-ip-address 192.168.10.1 192.168.10.2 //排除192.168.10.1与192.168.10.2两个地址 lease day 30 hour 0 minute 0 //租赁时间为30天#ip pool vlan20-ip gateway-list 192.168.20.254 network 192.168.20.0 mask 255.255.255.0 excluded-ip-address 192.168.20.1 192.168.20.2 lease day 30 hour 0 minute 0 #interface GigabitEthernet0/0/1 ip address 192.168.60.1 255.255.255.0 dhcp select global //为接口开启全局dhcp#interface GigabitEthernet0/0/2 ip address 192.168.70.1 255.255.255.0 dhcp select global#

SW1

interface Vlanif10 ip address 192.168.10.1 255.255.255.0 vrrp vrid 1 virtual-ip 192.168.10.254 vrrp vrid 1 priority 120 dhcp select relay //设置dhcp中继模式 dhcp relay server-ip 192.168.60.1 //设置DHCP服务地址，为R1连接SW1的接口ip地址#interface Vlanif20 ip address 192.168.20.1 255.255.255.0 vrrp vrid 2 virtual-ip 192.168.20.254 vrrp vrid 2 priority 120 dhcp select relay dhcp relay server-ip 192.168.60.1#SW1为Vlan10和Vlan20的终端动态分配地址

SW2

#interface Vlanif30 ip address 192.168.30.2 255.255.255.0 vrrp vrid 3 virtual-ip 192.168.30.254 vrrp vrid 3 priority 120 dhcp select relay dhcp relay server-ip 192.168.70.1#interface Vlanif40 ip address 192.168.40.2 255.255.255.0 vrrp vrid 4 virtual-ip 192.168.40.254 vrrp vrid 4 priority 120 dhcp select relay dhcp relay server-ip 192.168.70.1

（五）NAT配置

acl number 2000 rule 5 permit source 192.168.0.0 0.0.255.255 rule 20 deny //创建acl 2000，允许内网192.168.0.0 16网段的设备通过int g0/0/0nat outbound acl 2000//进入连接ISP的接口，放行acl 2000，设置为easy-ip，实现内网地址转换为接口地址

四.测试

（一）PC1是否实现DHCP动态分配地址

成功实现DHCP动态分配，地址为192.168.10.253

（二）PC1访问外网客户端114.114.1.2是否地址转换

成功将访问源地址转换为R1的接口IP

（三）外网客户端是否可以访问内部服务器（无Nat Server）

成功访问内部服务

五.配置汇总

SW1

disp curr#sysname SW1#vlan batch 10 20 30 40 50 60 70#stp instance 0 root primary#cluster enablentdp enablendp enable#drop illegal-mac alarm#dhcp enable#diffserv domain default#drop-profile default#aaa authentication-scheme default authorization-scheme default accounting-scheme default domain default domain default_admin local-user admin password simple admin local-user admin service-type http#interface Vlanif1#interface Vlanif10 ip address 192.168.10.1 255.255.255.0 vrrp vrid 1 virtual-ip 192.168.10.254 vrrp vrid 1 priority 120 dhcp select relay dhcp relay server-ip 192.168.60.1#interface Vlanif20 ip address 192.168.20.1 255.255.255.0 vrrp vrid 2 virtual-ip 192.168.20.254 vrrp vrid 2 priority 120 dhcp select relay dhcp relay server-ip 192.168.60.1#interface Vlanif30 ip address 192.168.30.1 255.255.255.0 vrrp vrid 3 virtual-ip 192.168.30.254#interface Vlanif40 ip address 192.168.40.1 255.255.255.0 vrrp vrid 4 virtual-ip 192.168.40.254#interface Vlanif50 ip address 192.168.50.1 255.255.255.0#interface Vlanif60 ip address 192.168.60.2 255.255.255.0#interface MEth0/0/1#interface Eth-Trunk1 port link-type trunk port trunk allow-pass vlan 10 20 30 40 50#interface GigabitEthernet0/0/1 port link-type trunk port trunk allow-pass vlan 10 20#interface GigabitEthernet0/0/2 port link-type access port default vlan 60#interface GigabitEthernet0/0/3 eth-trunk 1#interface GigabitEthernet0/0/4 eth-trunk 1#interface GigabitEthernet0/0/5 port link-type trunk port trunk allow-pass vlan 10 20 30 40#interface GigabitEthernet0/0/6#interface GigabitEthernet0/0/7#interface GigabitEthernet0/0/8#interface GigabitEthernet0/0/9#interface GigabitEthernet0/0/10#interface GigabitEthernet0/0/11#interface GigabitEthernet0/0/12#interface GigabitEthernet0/0/13#interface GigabitEthernet0/0/14#interface GigabitEthernet0/0/15#interface GigabitEthernet0/0/16#interface GigabitEthernet0/0/17#interface GigabitEthernet0/0/18#interface GigabitEthernet0/0/19#interface GigabitEthernet0/0/20#interface GigabitEthernet0/0/21#interface GigabitEthernet0/0/22#interface GigabitEthernet0/0/23#interface GigabitEthernet0/0/24#interface NULL0#ospf 1 silent-interface Vlanif10 silent-interface Vlanif20 area 0.0.0.0 network 192.168.60.0 0.0.0.255 network 192.168.50.0 0.0.0.255 network 192.168.10.0 0.0.0.255 network 192.168.20.0 0.0.0.255#user-interface con 0user-interface vty 0 4#return

SW2

disp curr#sysname SW2#vlan batch 10 20 30 40 50 70#stp instance 0 root secondary#cluster enablentdp enablendp enable#drop illegal-mac alarm#dhcp enable#diffserv domain default#drop-profile default#aaa authentication-scheme default authorization-scheme default accounting-scheme default domain default domain default_admin local-user admin password simple admin local-user admin service-type http#interface Vlanif1#interface Vlanif10 ip address 192.168.10.2 255.255.255.0 vrrp vrid 1 virtual-ip 192.168.10.254#interface Vlanif20 ip address 192.168.20.2 255.255.255.0 vrrp vrid 2 virtual-ip 192.168.20.254#interface Vlanif30 ip address 192.168.30.2 255.255.255.0 vrrp vrid 3 virtual-ip 192.168.30.254 vrrp vrid 3 priority 120 dhcp select relay dhcp relay server-ip 192.168.70.1#interface Vlanif40 ip address 192.168.40.2 255.255.255.0 vrrp vrid 4 virtual-ip 192.168.40.254 vrrp vrid 4 priority 120 dhcp select relay dhcp relay server-ip 192.168.70.1#interface Vlanif50 ip address 192.168.50.2 255.255.255.0#interface Vlanif70 ip address 192.168.70.2 255.255.255.0#interface MEth0/0/1#interface Eth-Trunk1 port link-type trunk port trunk allow-pass vlan 10 20 30 40 50#interface GigabitEthernet0/0/1 port link-type trunk port trunk allow-pass vlan 30 40#interface GigabitEthernet0/0/2 port link-type access port default vlan 70#interface GigabitEthernet0/0/3 eth-trunk 1#interface GigabitEthernet0/0/4 eth-trunk 1#interface GigabitEthernet0/0/5 port link-type trunk port trunk allow-pass vlan 10 20 30 40#interface GigabitEthernet0/0/6#interface GigabitEthernet0/0/7#interface GigabitEthernet0/0/8#interface GigabitEthernet0/0/9#interface GigabitEthernet0/0/10#interface GigabitEthernet0/0/11#interface GigabitEthernet0/0/12#interface GigabitEthernet0/0/13#interface GigabitEthernet0/0/14#interface GigabitEthernet0/0/15#interface GigabitEthernet0/0/16#interface GigabitEthernet0/0/17#interface GigabitEthernet0/0/18#interface GigabitEthernet0/0/19#interface GigabitEthernet0/0/20#interface GigabitEthernet0/0/21#interface GigabitEthernet0/0/22#interface GigabitEthernet0/0/23#interface GigabitEthernet0/0/24#interface NULL0#ospf 1 area 0.0.0.0 network 192.168.70.0 0.0.0.255 network 192.168.50.0 0.0.0.255 network 192.168.30.0 0.0.0.255 network 192.168.40.0 0.0.0.255#user-interface con 0user-interface vty 0 4#return

SW3

disp curr#sysname SW3#vlan batch 10 20#cluster enablentdp enablendp enable#drop illegal-mac alarm#diffserv domain default#drop-profile default#aaa authentication-scheme default authorization-scheme default accounting-scheme default domain default domain default_admin local-user admin password simple admin local-user admin service-type http#interface Vlanif1#interface MEth0/0/1#interface GigabitEthernet0/0/1 port link-type access port default vlan 10#interface GigabitEthernet0/0/2 port link-type access port default vlan 20#interface GigabitEthernet0/0/3 port link-type trunk port trunk allow-pass vlan 10 20#interface GigabitEthernet0/0/4 port link-type trunk port trunk allow-pass vlan 10 20#interface GigabitEthernet0/0/5#interface GigabitEthernet0/0/6#interface GigabitEthernet0/0/7#interface GigabitEthernet0/0/8#interface GigabitEthernet0/0/9#interface GigabitEthernet0/0/10#interface GigabitEthernet0/0/11#interface GigabitEthernet0/0/12#interface GigabitEthernet0/0/13#interface GigabitEthernet0/0/14#interface GigabitEthernet0/0/15#interface GigabitEthernet0/0/16#interface GigabitEthernet0/0/17#interface GigabitEthernet0/0/18#interface GigabitEthernet0/0/19#interface GigabitEthernet0/0/20#interface GigabitEthernet0/0/21#interface GigabitEthernet0/0/22#interface GigabitEthernet0/0/23#interface GigabitEthernet0/0/24#interface NULL0#ospf 1 area 0.0.0.0 network 192.168.10.0 0.0.0.255 network 192.168.20.0 0.0.0.255#user-interface con 0user-interface vty 0 4#return

SW4

disp curr#sysname SW4#vlan batch 30 40#cluster enablentdp enablendp enable#drop illegal-mac alarm#diffserv domain default#drop-profile default#aaa authentication-scheme default authorization-scheme default accounting-scheme default domain default domain default_admin local-user admin password simple admin local-user admin service-type http#interface Vlanif1#interface MEth0/0/1#interface GigabitEthernet0/0/1 port link-type access port default vlan 30#interface GigabitEthernet0/0/2 port link-type access port default vlan 40#interface GigabitEthernet0/0/3 port link-type trunk port trunk allow-pass vlan 30 40#interface GigabitEthernet0/0/4 port link-type trunk port trunk allow-pass vlan 10 20 30 40#interface GigabitEthernet0/0/5#interface GigabitEthernet0/0/6#interface GigabitEthernet0/0/7#interface GigabitEthernet0/0/8#interface GigabitEthernet0/0/9#interface GigabitEthernet0/0/10#interface GigabitEthernet0/0/11#interface GigabitEthernet0/0/12#interface GigabitEthernet0/0/13#interface GigabitEthernet0/0/14#interface GigabitEthernet0/0/15#interface GigabitEthernet0/0/16#interface GigabitEthernet0/0/17#interface GigabitEthernet0/0/18#interface GigabitEthernet0/0/19#interface GigabitEthernet0/0/20#interface GigabitEthernet0/0/21#interface GigabitEthernet0/0/22#interface GigabitEthernet0/0/23#interface GigabitEthernet0/0/24#interface NULL0#user-interface con 0user-interface vty 0 4#return

disp curr[V200R003C00]# sysname R1# snmp-agent local-engineid 800007DB03000000000000 snmp-agent # clock timezone China-Standard-Time minus 08:00:00#portal local-server load flash:/portalpage.zip# drop illegal-mac alarm# wlan ac-global carrier id other ac id 0# set cpu-usage threshold 80 restore 75#dhcp enable#acl number 2000 rule 5 permit source 192.168.0.0 0.0.255.255 rule 20 deny #ip pool vlan10-ip gateway-list 192.168.10.254 network 192.168.10.0 mask 255.255.255.0 excluded-ip-address 192.168.10.1 192.168.10.2 lease day 30 hour 0 minute 0 #ip pool vlan20-ip gateway-list 192.168.20.254 network 192.168.20.0 mask 255.255.255.0 excluded-ip-address 192.168.20.1 192.168.20.2 lease day 30 hour 0 minute 0 #aaa authentication-scheme default authorization-scheme default accounting-scheme default domain default domain default_admin local-user admin password cipher %$%$K8m.Nt84DZ}e#<0`8bmE3Uw}%$%$ local-user admin service-type http#firewall zone Local priority 15#interface GigabitEthernet0/0/0 ip address 100.1.1.1 255.255.255.0 nat outbound 2000#interface GigabitEthernet0/0/1 ip address 192.168.60.1 255.255.255.0 dhcp select global#interface GigabitEthernet0/0/2 ip address 192.168.70.1 255.255.255.0 dhcp select global#interface NULL0#ospf 1 default-route-advertise area 0.0.0.0 network 192.168.60.0 0.0.0.255 network 192.168.70.0 0.0.0.255 #ip route-static 0.0.0.0 0.0.0.0 100.1.1.2#user-interface con 0 authentication-mode passworduser-interface vty 0 4user-interface vty 16 20#wlan ac#return

ISP

disp curr#sysname ISP#aaa authentication-scheme default authorization-scheme default accounting-scheme default domain default domain default_admin local-user admin password cipher ]pmv=Rk02~+/Y@:Y>Lw(\\<^# local-user admin service-type http#firewall zone Local priority 16#interface Ethernet0/0/0 ip address 100.1.1.2 255.255.255.0#interface Ethernet0/0/1 ip address 114.114.1.1 255.255.255.0#interface Serial0/0/0 link-protocol ppp#interface Serial0/0/1 link-protocol ppp#interface Serial0/0/2 link-protocol ppp#interface Serial0/0/3 link-protocol ppp#interface GigabitEthernet0/0/0#interface GigabitEthernet0/0/1#interface GigabitEthernet0/0/2#interface GigabitEthernet0/0/3#wlan#interface NULL0#ospf 1 area 0.0.0.0#ip route-static 0.0.0.0 0.0.0.0 100.1.1.1#user-interface con 0user-interface vty 0 4user-interface vty 16 20#return

如有错误，欢迎私信批正

基于eNSP搭建的小圆区组网

一. 拓扑图

二. 部署要求

（一）创建拓扑图

（二）基础操作

（三）配置STP

（四）配置VLAN

（五）负载分担配置VRRP和链路聚合

（六）配置OSPF，默认路由

（七）配置DHCP与DHCP中继

（八）NAT映射配置

测试

三. 实验步骤

（一）基础操作

（二）配置Vlan、接口IP及VRRP链路备份

（三）配置OSPF与默认路由

(四）DHCP中继配置

（五）NAT配置

四.测试

（一）PC1是否实现DHCP动态分配地址

（二）PC1访问外网客户端114.114.1.2是否地址转换

（三）外网客户端是否可以访问内部服务器（无Nat Server）

五.配置汇总

公告

DeepSeek全套部署资料免费下载

免费可商用字体批量下载

基于eNSP搭建的小圆区组网

一. 拓扑图

二. 部署要求

（一）创建拓扑图

（二）基础操作

（三）配置STP

（四）配置VLAN

（五）负载分担配置VRRP和链路聚合

（六）配置OSPF，默认路由

（七）配置DHCP与DHCP中继

（八）NAT映射配置

测试

三. 实验步骤

（一）基础操作

（二）配置Vlan、接口IP及VRRP链路备份

（三）配置OSPF与默认路由

(四）DHCP中继配置

（五）NAT配置

四.测试

（一）PC1是否实现DHCP动态分配地址

（二）PC1访问外网客户端114.114.1.2是否地址转换

（三）外网客户端是否可以访问内部服务器（无Nat Server）

五.配置汇总

相关问题

公告

DeepSeek全套部署资料免费下载

免费可商用字体批量下载