当前位置: 首页 > news >正文

防火墙旁挂负载分担组网实验

news 来源:原创 2025/6/15 22:32:44

一.拓扑信息

二.需求分析

二层交换配置(MSTP+VRRP)

核心层(VRF+OSPF+重发布+路由策略)

交换机和防火墙交互(静态路由+双机热备)

   四组VGMP就是 8个VRRP,四个是防火墙身上的,一个是运行VGMP,VGMP真正管理的是VRRP,运行VRRP,实现跨网段传输;一个是运行VRRP,转发ARP报文,防火墙修改交换机的MAC地址,要实现负载分担,还需要两个VRRP组。

   四个是交换机身上的,目的是为了让防火墙指定下一跳。

核心到边界

三.详细配置信息 

二层交换配置(MSTP+VRRP)

PC1配置

PC2配置

 SW3的配置(VLAN+MSTP+VRRP):

stp默认开启

[sw3]vlan batch 2 3
[sw3]interface g0/0/4
[sw3-GigabitEthernet0/0/4]port link-type trunk 	
[sw3-GigabitEthernet0/0/4]port trunk allow-pass vlan 2 to 3
[sw3]interface g0/0/3	
[sw3-GigabitEthernet0/0/3]port link-type trunk 
[sw3-GigabitEthernet0/0/3]port trunk allow-pass vlan 2 to 3

[sw3]stp enable 
[sw3]stp mode mstp 
[sw3]stp region-configuration 	
[sw3-mst-region]region-name aa
[sw3-mst-region]instance 1 vlan  2
[sw3-mst-region]instance 2 vlan 3
[sw3-mst-region]active region-configuration 
[sw3]stp instance 0 root primary 
[sw3]stp instance 1 root primary 	
[sw3]stp instance 2 root secondary 

[sw3]interface Vlanif 2
[sw3-Vlanif2]ip add 192.168.2.1 24
[sw3-Vlanif2]vrrp vrid 2 priority 120
[sw3-Vlanif2]vrrp vrid 2 virtual-ip 192.168.2.254 
[sw3-Vlanif2]vrrp vrid 2 preempt-mode timer delay 10
[sw3-Vlanif2]vrrp vrid 2 track interface g0/0/1 reduced 15
[sw3-Vlanif2]vrrp vrid 2 track interface g0/0/2 reduced 15
[sw3]interface Vlanif 3
[sw3-Vlanif3]ip add 192.168.3.1 24
[sw3]interface Vlanif 3
[sw3-Vlanif3]vrrp vrid 2 virtual-ip 192.168.3.254

 SW4的配置(VLAN+MSTP+VRRP):

[sw4]vlan batch 2 to 3
[sw4]interface g0/0/4
[sw4-GigabitEthernet0/0/4]port link-type trunk 
[sw4-GigabitEthernet0/0/4]port trunk allow-pass vlan 2 to 3	
[sw4]interface  g0/0/3
[sw4-GigabitEthernet0/0/3]port link-type trunk 	
[sw4-GigabitEthernet0/0/3]port trunk allow-pass vlan 2 to 3

[sw4]stp enable 
[sw4]stp mode mstp 
[sw4]stp region-configuration 
[sw4-mst-region]region-name aa
[sw4-mst-region]instance 1 vlan 2
[sw4-mst-region]instance 2 vlan 3
[sw4-mst-region]active region-configuration 
[sw4]stp instance 0 root primary 
[sw4]stp instance 1 root secondary 
[sw4]stp instance 2 root primary 

[sw4]interface Vlanif 2
[sw4-Vlanif2]ip add 192.168.2.2 24
[sw4-Vlanif2]vrrp vrid 2 virtual-ip 192.168.2.254 
[sw4]interface Vlanif 3
[sw4-Vlanif3]ip add 192.168.3.2 24
[sw4-Vlanif3]vrrp vrid 2 virtual-ip 192.168.3.254
[sw4-Vlanif3]vrrp vrid 2 priority 120	
[sw4-Vlanif3]vrrp vrid 2 preempt-mode timer delay 10
[sw4-Vlanif3]vrrp vrid 2 track interface g0/0/1 reduced 15
[sw4-Vlanif3]vrrp vrid 2 track interface g0/0/2 reduced 15

  SW5的配置(VLAN+MSTP):

[sw5]vlan batch 2 3
[sw5]interface g0/0/3
[sw5-GigabitEthernet0/0/3]port link-type  access 
[sw5-GigabitEthernet0/0/3]port default vlan 2
[sw5]interface g0/0/4
[sw5-GigabitEthernet0/0/4]port link-type  access 
[sw5-GigabitEthernet0/0/4]port default vlan 3
[sw5]interface g0/0/1	
[sw5-GigabitEthernet0/0/1]port link-type trunk 
[sw5-GigabitEthernet0/0/1]port trunk allow-pass vlan 2 to 3
[sw5]interface g0/0/2
[sw5-GigabitEthernet0/0/2]port link-type trunk 
[sw5-GigabitEthernet0/0/2]port trunk allow-pass vlan 2 to 3

[sw5]stp enable 
[sw5]stp mode mstp 
[sw5]stp region-configuration 
[sw5-mst-region]region-name aa
[sw5-mst-region]instance 1 vlan 2
[sw5-mst-region]instance 2 vlan 3
[sw5-mst-region]active region-configuration

核心层配置 

SW3的配置(VLAN+OSPF+安全策略):

这里要关闭stp,stp运行在二层设备上面,跟三层设备没有关系,stp支持在接口关闭。

静默接口:因为sw3和sw4身上就有vlan2和vlan3的信息,没必要运行ospf

[sw3]vlan batch 103 203
[sw3]interface GigabitEthernet 0/0/1
[sw3-GigabitEthernet0/0/1]port link-type access 	
[sw3-GigabitEthernet0/0/1]port default  vlan 103
[sw3-GigabitEthernet0/0/1]undo  stp enable
[sw3]interface g0/0/2
[sw3-GigabitEthernet0/0/2]port link-type  access 	
[sw3-GigabitEthernet0/0/2]port default vlan 203
[sw3-GigabitEthernet0/0/2]undo stp enable 
[sw3]interface Vlanif 103
[sw3-Vlanif103]ip add 10.10.3.3 24
[sw3]interface Vlanif 203
[sw3-Vlanif203]ip add 10.20.3.3 24

[sw3]ospf 1 router-id 3.3.3.3
[sw3-ospf-1]area 0
[sw3-ospf-1-area-0.0.0.0]network 10.10.3.3 0.0.0.0
[sw3-ospf-1-area-0.0.0.0]network 10.20.3.3 0.0.0.0
[sw3]interface Vlanif 203
[sw3-Vlanif203]ospf cost 5

[sw3]ip ip-prefix aa permit 192.168.2.0 24
[sw3]ip ip-prefix bb permit 192.168.3.0 24
[sw3]route-policy bb permit  node 10
[sw3-route-policy]if-match  ip-prefix bb	
[sw3-route-policy]apply cost 5
[sw3]route-policy bb permit node 20
[sw3-route-policy]if-match ip-prefix aa
[sw3]ospf 1
[sw3-ospf-1]import-route  direct route-policy bb

[sw3-ospf-1]silent-interface Vlanif 2
[sw3-ospf-1]silent-interface Vlanif 3

SW4的配置: 

[sw4]interface g0/0/1	
[sw4-GigabitEthernet0/0/1]port link-type access 	
[sw4-GigabitEthernet0/0/1]port default vlan 204
[sw4-GigabitEthernet0/0/1]undo stp enable
[sw4]interface g0/0/2
[sw4-GigabitEthernet0/0/2]port link-type access 
[sw4-GigabitEthernet0/0/2]port default vlan 104
[sw4-GigabitEthernet0/0/2]undo stp enable 
[sw4]interface Vlanif 104
[sw4-Vlanif104]ip add 10.10.4.4 24
[sw4]interface Vlanif 204
[sw4-Vlanif204]ip add 10.20.4.4 24

[sw4]ospf 1 router-id 4.4.4.4
[sw4-ospf-1]area 0	
[sw4-ospf-1-area-0.0.0.0]network 10.10.4.4 0.0.0.0
[sw4-ospf-1-area-0.0.0.0]network 10.20.4.4 0.0.0.0
[sw4]interface Vlanif 104	
[sw4-Vlanif104]ospf cost 5

[sw4]ip ip-prefix aa permit 192.168.3.0 24
[sw4]ip ip-prefix bb permit 192.168.2.0 24
[sw4]route-policy bb permit  node  10
[sw4-route-policy]if-match ip-prefix bb
[sw4-route-policy]apply  cost 5	
[sw4]route-policy bb permit  node 20	
[sw4-route-policy]if-match ip-prefix aa
[sw4]ospf 1
[sw4-ospf-1]import-route direct route-policy bb

[sw4-ospf-1]silent-interface Vlanif 2
[sw4-ospf-1]silent-interface Vlanif 3

 SW1的配置:

[sw1]ip vpn-instance vrf
[sw1-vpn-instance-vrf]route-distinguisher 100:1
[sw1-vpn-instance-vrf-af-ipv4]vpn-target 100:1 both 

[sw1]vlan batch 102 103 104	
[sw1]interface g0/0/4
[sw1-GigabitEthernet0/0/4]port link-type  trunk 
[sw1-GigabitEthernet0/0/4]port trunk allow-pass vlan 102
[sw1-GigabitEthernet0/0/4]undo port trunk allow-pass vlan  1
[sw1-GigabitEthernet0/0/4]undo stp enable 
[sw1]interface g0/0/5
[sw1-GigabitEthernet0/0/5]port link-type  access 	
[sw1-GigabitEthernet0/0/5]port default vlan 103
[sw1-GigabitEthernet0/0/5]undo stp enable 
[sw1]interface g0/0/6
[sw1-GigabitEthernet0/0/6]port link-type access 	
[sw1-GigabitEthernet0/0/6]port default vlan 104	
[sw1-GigabitEthernet0/0/6]undo stp enable 

[sw1]interface Vlanif 102
[sw1-Vlanif102]ip binding vpn-instance vrf
[sw1-Vlanif102]ip add 10.10.2.1 24
[sw1]interface Vlanif 103
[sw1-Vlanif103]ip binding vpn-instance vrf
[sw1-Vlanif103]ip add 10.10.3.1 24
[sw1]interface Vlanif 104
[sw1-Vlanif104]ip binding vpn-instance vrf
[sw1-Vlanif104]ip add 10.10.4.1 24

[sw1]ospf 1 router-id 1.1.1.1 vpn-instance vrf
[sw1-ospf-1]area 0	
[sw1-ospf-1-area-0.0.0.0]network 10.10.2.1 0.0.0.0
[sw1-ospf-1-area-0.0.0.0]network 10.10.3.1 0.0.0.0	
[sw1-ospf-1-area-0.0.0.0]network 10.10.4.1 0.0.0.0

 SW2的配置:

[sw2]ip vpn-instance vrf
[sw2-vpn-instance-vrf]route-distinguisher 100:1
[sw2-vpn-instance-vrf-af-ipv4]vpn-target 100:1 both 
[sw2]vlan  batch 102 203 204
[sw2]interface g0/0/4
[sw2-GigabitEthernet0/0/4]port link-type  trunk 
[sw2-GigabitEthernet0/0/4]port trunk allow-pass vlan 102
[sw2-GigabitEthernet0/0/4]undo port trunk allow-pass vlan 1
[sw2-GigabitEthernet0/0/4]undo stp enable 
[sw2]interface g0/0/5
[sw2-GigabitEthernet0/0/5]port link-type access 	
[sw2-GigabitEthernet0/0/5]port default vlan 204
[sw2-GigabitEthernet0/0/5]undo stp enable 
[sw2]interface g0/0/6
[sw2-GigabitEthernet0/0/6]port link-type access 
[sw2-GigabitEthernet0/0/6]port default vlan 203
[sw2-GigabitEthernet0/0/6]undo stp enable 

[sw2]interface Vlanif 102	
[sw2-Vlanif102]ip binding vpn-instance vrf
[sw2-Vlanif102]ip add 10.10.2.2 24	
[sw2]interface Vlanif 203
[sw2-Vlanif203]ip binding vpn-instance vrf
[sw2-Vlanif203]ip add 10.20.3.2 
[sw2]interface Vlanif 204
[sw2-Vlanif204]ip binding vpn-instance vrf
[sw2-Vlanif204]ip add 10.20.4.2 24

[sw2]ospf 1 router-id 2.2.2.2 vpn-instance vrf	
[sw2-ospf-1]area 0
[sw2-ospf-1-area-0.0.0.0]network 10.10.2.2 0.0.0.0
[sw2-ospf-1-area-0.0.0.0]network 10.20.3.2 0.0.0.0
[sw2-ospf-1-area-0.0.0.0]network 10.20.4.2 0.0.0.0

交换机和防火墙交互

SW1的配置:

[sw1]vlan batch 401 402	
[sw1]interface g0/0/3	
[sw1-GigabitEthernet0/0/3]port link-type trunk 	
[sw1-GigabitEthernet0/0/3]port trunk allow-pass vlan 401 402
[sw1]interface g0/0/4
[sw1-GigabitEthernet0/0/4]port link-type trunk 
[sw1-GigabitEthernet0/0/4]port trunk allow-pass vlan 401 402
[sw1]interface Vlanif401
[sw1-Vlanif401]ip binding vpn-instance vrf
[sw1-Vlanif401]ip add 10.40.1.1 24
[sw1-Vlanif401]vrrp vrid 1 virtual-ip 10.40.1.100
[sw1-Vlanif401]vrrp vrid 1 priority 120
[sw1-Vlanif401]vrrp vrid 1 preempt-mode timer delay 60	
[sw1-Vlanif401]vrrp vrid 1 
[sw1-Vlanif401]vrrp vrid 1 track interface g0/0/3 reduced 30
[sw1]interface Vlanif 402
[sw1-Vlanif402]ip binding vpn-instance vrf
[sw1-Vlanif402]ip add 10.40.2.1 24
[sw1-Vlanif402]vrrp vrid 2 virtual-ip 10.40.2.100

PUBLIC:
[sw1]vlan batch 403 404
[sw1]interface g0/0/1	
[sw1-GigabitEthernet0/0/1]port link-type trunk 
[sw1-GigabitEthernet0/0/1]port trunk allow-pass vlan 403 404
[sw1]interface  g0/0/2
[sw1-GigabitEthernet0/0/2]port link-type trunk 
[sw1-GigabitEthernet0/0/2]port trunk allow-pass  vlan 403 404
[sw1]interface Vlanif 403
[sw1-Vlanif403]ip binding vpn-instance vrf
[sw1-Vlanif403]ip add 10.40.3.1 24	
[sw1-Vlanif403]vrrp vrid 3 virtual-ip 10.40.3.100	
[sw1-Vlanif403]vrrp vrid 3 priority 120	
[sw1-Vlanif403]vrrp vrid 3 preempt-mode  timer delay 60	
[sw1-Vlanif403]vrrp vrid 3 track  interface g0/0/1 reduced 30	
[sw1]interface Vlanif 404	
[sw1-Vlanif404]ip binding  vpn-instance vrf
[sw1-Vlanif404]ip add 10.40.4.1 24	
[sw1-Vlanif404]vrrp vrid 4 virtual-ip 10.40.4.100

[sw1]ip route-static vpn-instance vrf 0.0.0.0 0 10.40.1.200
[sw1]ip route-static vpn-instance vrf 0.0.0.0 0 10.40.2.200 preference 70
[sw1]ip route-static 192.168.0.0 16 10.40.3.200
[sw1]ip route-static 192.168.0.0 16 10.40.4.200 preference 70

 SW2的配置:

[sw2]vlan batch 401 402
[sw2]interface g0/0/3
[sw2-GigabitEthernet0/0/3]port link-type trunk 
[sw2-GigabitEthernet0/0/3]port trunk allow-pass vlan 401 402	
[sw2]interface g0/0/4	
[sw2-GigabitEthernet0/0/4]port link-type trunk 	
[sw2-GigabitEthernet0/0/4]port trunk allow-pass vlan 401 402

[sw2]interface Vlanif 401
[sw2-Vlanif401]ip binding  vpn-instance vrf
[sw2-Vlanif401]ip add 10.40.1.2 24
[sw2-Vlanif401]vrrp vrid 1 virtual-ip 10.40.1.100
[sw2]interface Vlanif 402
[sw2-Vlanif402]ip binding vpn-instance  vrf
[sw2-Vlanif402]ip add 10.40.2.2 24	
[sw2-Vlanif402]vrrp vrid 2 virtual-ip 10.40.2.100 
[sw2-Vlanif402]vrrp vrid 2 priority 120	
[sw2-Vlanif402]vrrp vrid 2 preempt-mode timer delay 60
[sw2-Vlanif402]vrrp vrid 2 track interface g0/0/3 reduced 30

PUBLIC:
[sw2]vlan batch 403 404
[sw2]interface g0/0/1
[sw2-GigabitEthernet0/0/1]port link-type  trunk 
[sw2-GigabitEthernet0/0/1]port trunk allow-pass  vlan 403 404	
[sw2]interface g0/0/2
[sw2-GigabitEthernet0/0/2]port link-type  trunk 	
[sw2-GigabitEthernet0/0/2]port trunk allow-pass vlan 403 404

[sw2]interface Vlanif 403	
[sw2-Vlanif403]ip binding  vpn-instance  vrf
[sw2-Vlanif403]ip add 10.40.3.2 24
[sw2-Vlanif403]vrrp vrid 3 virtual-ip 10.40.3.100
[sw2]interface Vlanif 404	
[sw2-Vlanif404]ip binding  vpn-instance vrf
[sw2-Vlanif404]ip address 10.40.4.2 24
[sw2-Vlanif404]vrrp vrid 4 virtual-ip 10.40.4.100	
[sw2-Vlanif404]vrrp vrid 4 priority 120
[sw2-Vlanif404]vrrp vrid 4 preempt-mode timer delay 120	
[sw2-Vlanif404]vrrp vrid 4 track interface g0/0/1 reduced  30

[sw2]ip route-static vpn-instance vrf 0.0.0.0 0 10.40.1.200 preference 70
[sw2]ip route-static vpn-instance vrf 0.0.0.0 0 10.40.2.200
[sw2]ip route-static 192.168.0.0 16 10.10.3.200 preference 70
[sw2]ip route-static 192.168.0.0 16 10.10.4.200

 FW1的配置:

[FW1]interface g1/0/2.1
[FW1-GigabitEthernet1/0/2.1]ip add 10.40.1.10 24
[FW1-GigabitEthernet1/0/2.1]vlan-type dot1q 401
[FW1]interface g1/0/2.2
[FW1-GigabitEthernet1/0/2.2]ip add 10.40.2.10 24
[FW1-GigabitEthernet1/0/2.2]vlan-type dot1q 402
[FW1]interface g1/0/3.1 
[FW1-GigabitEthernet1/0/3.1]ip add 10.40.3.10 24
[FW1-GigabitEthernet1/0/3.1]vlan-type dot1q 403
[FW1]interface g1/0/3.2
[FW1-GigabitEthernet1/0/3.2]ip add 10.40.4.10 24
[FW1-GigabitEthernet1/0/3.2]vlan-type dot1q 404
[FW1]int g1/0/0
[FW1-GigabitEthernet1/0/0]ip add 10.10.10.1 30

[FW1]firewall zone trust 	
[FW1-zone-trust]add interface g1/0/2.1
[FW1-zone-trust]add interface g1/0/2.2
[FW1]firewall zone untrust 
[FW1-zone-untrust]add interface g1/0/0
[FW1]firewall zone dmz 
[FW1-zone-dmz]add interface g1/0/3.1
[FW1-zone-dmz]add interface g1/0/3.2

[FW1]interface g1/0/2.1
[FW1-GigabitEthernet1/0/2.1]vrrp vrid 5 virtual-ip 10.40.1.200 active 
[FW1]interface g1/0/2.2	
[FW1-GigabitEthernet1/0/2.2]vrrp vrid 6 virtual-ip 10.40.2.200 standby 
[FW1]interface g1/0/3.1
[FW1-GigabitEthernet1/0/3.1]vrrp vrid 7 virtual-ip 10.40.3.200  active 
[FW1]interface g1/0/3.2	
[FW1-GigabitEthernet1/0/3.2]vrrp vrid 8 virtual-ip 10.40.4.200 standby 

[FW1]hrp mirror session enable 
[FW1]hrp  interface g1/0/0 remote 10.10.10.2
[FW1]hrp  enable

HRP_M[FW1]ip route-static 0.0.0.0 0 10.40.3.100
HRP_M[FW1]ip route-static 0.0.0.0 0 10.40.4.100 preference 70
HRP_M[FW1]ip route-static 192.168.0.0 16 10.40.1.100 
HRP_M[FW1]ip route-static 192.168.0.0 16 10.40.2.100  preference 70

 FW2的配置: 

[FW2]vlan  batch 401 402 403 404
[FW2]interface g1/0/2.1
[FW2-GigabitEthernet1/0/2.1]ip add 10.40.1.20 24
[FW2-GigabitEthernet1/0/2.1]vlan-type dot1q 401
[FW2]interface g1/0/2.1
[FW2]interface g1/0/2.2
[FW2-GigabitEthernet1/0/2.2]ip add 10.40.2.20 24
[FW2-GigabitEthernet1/0/2.2]vlan-type dot1q  402
[FW2]interface g1/0/3.1
[FW2-GigabitEthernet1/0/3.1]vlan-type dot1q 403
[FW2]interface g1/0/3.2
[FW2-GigabitEthernet1/0/3.2]ip add 
[FW2-GigabitEthernet1/0/3.2]ip add 10.40.4.20 24
[FW2-GigabitEthernet1/0/3.2]vlan-type dot1q 404
[FW2]interface g1/0/0
[FW2-GigabitEthernet1/0/0]ip add 10.10.10.2 30

[FW2]firewall zone trust 
[FW2-zone-trust]add interface g1/0/2.1
[FW2-zone-trust]add interface g1/0/2.2	
[FW2]firewall zone untrust 	
[FW2-zone-untrust]add interface  g1/0/3.1
[FW2-zone-untrust]add interface  g1/0/3.2	
[FW2]firewall zone dmz 
[FW2-zone-dmz]add int g1/0/0

[FW2]interface g1/0/2.1	
[FW2-GigabitEthernet1/0/2.1]vrrp vrid 5 virtual-ip 10.40.1.200 standby 
[FW2]interface g1/0/2.2	
[FW2-GigabitEthernet1/0/2.2]vrrp vrid 6 virtual-ip 10.40.2.200 active 
[FW2]interface g1/0/3.1	
[FW2-GigabitEthernet1/0/3.1]vrrp vrid 7 virtual-ip 10.40.3.200 standby 
[FW2]interface g1/0/3.2	
[FW2-GigabitEthernet1/0/3.2]vrrp vrid 8 virtual-ip 10.40.4.200 active 

[FW2]hrp mirror session enable 
[FW2]hrp interface g1/0/0 remote 10.10.10.1
[FW2]hrp enable

HRP_S[FW2]ip route-static 0.0.0.0 0 10.40.3.100 preference 70
HRP_S[FW2]ip route-static 0.0.0.0 0 10.40.4.100
HRP_S[FW2]ip route-static 192.168.0.0 16 10.40.1.100 preference 70
HRP_S[FW2]ip route-static 192.168.0.0 16 10.40.2.100

安全策略:

HRP_M[FW1]security-policy  (+B)	
HRP_M[FW1-policy-security]rule name  t_to_u (+B)	
HRP_M[FW1-policy-security-rule-t_to_u]source-zone trust  (+B)	
HRP_M[FW1-policy-security-rule-t_to_u]destination-zone untrust  (+B)	
HRP_M[FW1-policy-security-rule-t_to_u]source-address 192.168.0.0 16 (+B)
HRP_M[FW1-policy-security-rule-t_to_u]action permit  (+B)

核心到边界配置 

SW1的配置:

[sw1]vlan batch 201 105
[sw1]interface g0/0/2
[sw1-GigabitEthernet0/0/2]port trunk allow-pass  vlan 201	
[sw1-GigabitEthernet0/0/2]undo stp enable
[sw1]interface g0/0/7
[sw1-GigabitEthernet0/0/7]port link-type access 	
[sw1-GigabitEthernet0/0/7]port default  vlan 105
[sw1-GigabitEthernet0/0/7]undo stp enable 
[sw1]interface Vlanif 201
[sw1-Vlanif201]ip add 10.20.1.1 24
[sw1]interface  Vlanif 105
[sw1-Vlanif105]ip add 10.10.5.1 24

OSPF:
[sw1]ospf 2 router-id 1.1.1.1
[sw1-ospf-2-area-0.0.0.0]network 10.20.1.1 0.0.0.0
[sw1-ospf-2-area-0.0.0.0]network 10.10.5.1 0.0.0.0

[sw1]ospf 2
[sw1-ospf-2]import-route static

SW2的配置():

[sw2]vlan batch 201 206	
[sw2]interface g0/0/2	
[sw2-GigabitEthernet0/0/2]port trunk allow-pass vlan 201
[sw2-GigabitEthernet0/0/2]undo stp enable
[sw2]interface g0/0/7
[sw2-GigabitEthernet0/0/7]port link-type access 
[sw2-GigabitEthernet0/0/7]port default vlan 206
[sw2-GigabitEthernet0/0/7]undo stp enable
[sw2]interface Vlanif 201
[sw2-Vlanif201]ip add 10.20.1.2 24
[sw2]interface Vlanif 206
[sw2-Vlanif206]ip add 10.20.6.1 24

OSPF:
[sw2]ospf 2 router-id 2.2.2.2
[sw2-ospf-2]area 0	
[sw2-ospf-2-area-0.0.0.0]network 10.20.1.2 0.0.0.0
[sw2-ospf-2-area-0.0.0.0]network 10.20.6.1 0.0.0.0

[sw2]ospf 2	
[sw2-ospf-2]import-route static

 R5的配置:

[R5]interface g0/0/0
[R5-GigabitEthernet0/0/0]ip add 10.10.5.2 24
[R5]interface g0/0/1
[R5-GigabitEthernet0/0/1]ip add 10.56.0.1 24
[R5-GigabitEthernet0/0/2]ip add 12.0.0.1 24

OSPF:
[R5]ospf 1 router-id 5.5.5.5
[R5-ospf-1-area-0.0.0.0]network 10.56.0.1 0.0.0.0	
[R5-ospf-1-area-0.0.0.0]network 10.10.5.2 0.0.0.0
[R5]ip route-static 0.0.0.0 0 12.0.0.2
[R5-ospf-1]default-route-advertise 

[R5]acl 2000
[R5-acl-basic-2000]rule permit source 192.168.0.0 0.0.255.255
[R5]interface g0/0/2
[R5-GigabitEthernet0/0/2]nat outbound 2000

 R6的配置:

[R6]interface g0/0/0
[R6-GigabitEthernet0/0/0]ip add 10.20.6.2 24
[R6]int g0/0/1
[R6-GigabitEthernet0/0/1]ip add 10.56.0.2 24
[R6-GigabitEthernet0/0/2]ip add 13.0.0.1 24

OSPF:
[R6]ospf 1 router-id 6.6.6.6	
[R6-ospf-1]area 0
[R6-ospf-1-area-0.0.0.0]network 10.56.0.2 0.0.0.0
[R6-ospf-1-area-0.0.0.0]network 10.20.6.2 0.0.0.0
[R6]ip route-static 0.0.0.0 0 13.0.0.2
[R6-ospf-1]default-route-advertise


[R6]acl 2000	
[R6-acl-basic-2000]rule permit source 192.168.0.0 0.0.255.255
[R6]interface g0/0/2
[R6-GigabitEthernet0/0/2]nat outbound 2000

 ISP的配置:

[ISP]interface g0/0/0
[ISP-GigabitEthernet0/0/0]ip add 12.0.0.2 24
[ISP]int g0/0/1
[ISP-GigabitEthernet0/0/1]ip address 13.0.0.2 24
[ISP]interface LoopBack 0
[ISP-LoopBack0]ip add 100.1.1.1

测试:

 

 

 

相关文章:

  • 【华为OD机考】华为OD笔试真题解析(15)--异常的打卡记录
  • Zookeeper 的核心引擎:深入解析 ZAB 协议
  • C#-委托
  • Redis7——进阶篇(一)
  • 正浩创新内推:校招、社招EcoFlow社招内推码: FRQU1CY
  • 鸿蒙应用开发入门教程
  • Spring学习——新建module模块
  • 无法创建虚拟机问题
  • Blender调整最佳渲染清晰度
  • wordpress子分类调用父分类名称和链接的3种方法
  • 数字人口播:开启内容创作新时代,实时对话数字人源码环境,可OEM
  • 大模型赋能心脏骤停预测:精准医疗新曙光
  • DeepSeek-V3:AI语言模型的高效训练与推理之路
  • 常见排序算法
  • MySql面试总结(一)
  • 知识管理平台智能服务架构解析
  • 数据库基础一(初步了解数据库)
  • FFmpeg入门:最简单的视频播放器
  • 营养助力:进行性核上性麻痹患者的饮食管理
  • 数据结构秘籍(二)图(含图的概念、存储以及图的两大搜索)
  • 如何做网站关键字优化/seo新手入门教程
  • 网站如何防止攻击/seo搜索引擎优化平台
  • 图书馆网站建设总结/网店推广方案范文
  • 专业的网页设计和网站制作公司/seo快速排名是什么
  • 企业vi设计的作用与意义/兴安盟新百度县seo快速排名
  • 做财务需要关注哪些网站/google推广方式和手段有哪些