Cisco VLAN间路由和HSRP的综合案例
Cisco VLAN间路由和HSRP的综合案例
拓扑说明: www.zhishiwu.com 1.R3和R4模拟客户pc,分别属于vlan10和vlan20。vlan10和vlan20在现实中代表公司的不同部门。2.SW1为三层交换机,SW2为二层交换机。3.R5模拟internet,R5上有个环回口lo0:5.5.5.5/24需求:1.各接口ip如图所示。2.各个部门直接能相互访问,同时均可以正常访问internet。3.双网关提供冗余,并在一方出现故障时自动切换。 www.zhishiwu.com 解决方案:1.通过SW1的三层功能实现vlan间路由。2.采用HSRP实现网关的冗余和备份。3.在网关上做PAT。4.内网运行RIPv2,外部运行OSPF。实现网络的全联通,并保证内部与外部的相对隔离。配置摘要如下:R01#sh run! ! interface FastEthernet0/0ip address 172.16.12.1 255.255.255.0ip rip advertise 5ip nat insideip virtual-reassemblyspeed 100full-duplexstandby 1 ip 172.16.12.254standby 1 priority 120standby 1 preemptstandby 1 track Serial1/0 100! ! interface Serial1/0ip address 10.10.15.1 255.255.255.0ip nat outsideip virtual-reassemblyserial restart-delay 0no dce-terminal-timing-enable!! router ospf 100router-id 1.1.1.1log-adjacency-changesnetwork 10.10.15.1 0.0.0.0 area 0! router ripversion 2timers basic 5 15 0 15network 172.16.0.0no auto-summary! ip nat inside source list 1 interface Serial1/0 overload! access-list 1 permit 192.168.0.0 0.0.255.255! ! ! end /////////////////////////////////////////////////////////////////////////////////////////// R02#sh run! !interface FastEthernet0/0ip address 172.16.12.2 255.255.255.0ip rip advertise 5ip nat insideip virtual-reassemblyspeed 100full-duplexstandby 1 ip 172.16.12.254standby 1 preemptstandby 1 track Serial1/0!!interface Serial1/0ip address 10.10.25.2 255.255.255.0ip nat outsideip virtual-reassemblyserial restart-delay 0no dce-terminal-timing-enable!!router ospf 100router-id 2.2.2.2log-adjacency-changesnetwork 10.10.25.2 0.0.0.0 area 0!router ripversion 2timers basic 5 15 0 15network 172.16.0.0no auto-summary!!ip nat inside source list 1 interface Serial1/0 overload!access-list 1 permit 192.168.0.0 0.0.255.255!!end/////////////////////////////////////////////////////////////////////////////////////R03#sh run!no ip routing! !interface FastEthernet0/0ip address 192.168.13.3 255.255.255.0no ip route-cachespeed 100full-duplex! !ip default-gateway 192.168.13.254!! end//////////////////////////////////////////////////////////////////////////////////////R04#sh run!no ip routing!! !interface FastEthernet0/0ip address 192.168.24.4 255.255.255.0no ip route-cachespeed 100full-duplex!!ip default-gateway 192.168.24.254! end////////////////////////////////////////////////////////////////////////////////////////R05#sh run!! interface Loopback0 //模拟internet上的某个网络节点ip address 5.5.5.5 255.255.255.0ip ospf network point-to-point!!interface Serial1/0ip address 10.10.15.5 255.255.255.0serial restart-delay 0no dce-terminal-timing-enable!interface Serial1/1ip address 10.10.25.5 255.255.255.0serial restart-delay 0no dce-terminal-timing-enable!!router ospf 100router-id 5.5.5.5log-adjacency-changesnetwork 5.5.5.5 0.0.0.0 area 0network 10.10.15.5 0.0.0.0 area 0network 10.10.25.5 0.0.0.0 area 0!!end////////////////////////////////////////////////////////////////////////////////////////SW01#sh run!interface FastEthernet0/1switchport access vlan 30no ip addressduplex fullspeed 100!!interface FastEthernet0/3switchport access vlan 10no ip addressduplex fullspeed 100!!interface FastEthernet0/12switchport mode trunkno ip addressduplex fullspeed 100!interface FastEthernet0/13switchport mode trunkno ip addressduplex fullspeed 100!!!interface Vlan10ip address 192.168.13.254 255.255.255.0ip rip advertise 5!interface Vlan20ip address 192.168.24.254 255.255.255.0ip rip advertise 5!interface Vlan30 // vlan30的设置至关重要,它保证了内部客户机和网关之间ip address 172.16.12.123 255.255.255.0 // 的连通性。ip rip advertise 5!router rip // RIP用于内部网络联通。version 2timers basic 5 15 0 15network 172.16.0.0network 192.168.13.0network 192.168.24.0no auto-summary!ip route 0.0.0.0 0.0.0.0 172.16.12.254 // 将内部流量引向网关!!end /////////////////////////////////////////////////////////////////////////////////////////// SW02#sh run!no ip routing!!interface FastEthernet0/2switchport access vlan 30no ip addressduplex fullspeed 100!! interface FastEthernet0/4switchport access vlan 20no ip addressduplex fullspeed 100!!interface FastEthernet0/12switchport mode trunkno ip addressduplex fullspeed 100!interface FastEthernet0/13switchport mode trunkno ip addressduplex fullspeed 100! !!!end 