Requirements:
Beijing headquarters:
1. The core layer (Core1 and Core2) and the aggregation layer (Cds-1, Cds-2, Cds-3 and Cds-4) use the ospf routing protocol.
2. link binding between core layer Core1 and Core2, link binding between the aggregation layer Cds-1 and Cds-2, and link binding between Cds-3 and Cds-4
3. Perform HSRP on Core1 and Core2 in the core layer to achieve high network availability.
4. Use the aggregation layer switch as the root bridge and configure Server Load balancer.
5. The pcs of Beijing headquarters and Shanghai Branch dynamically obtain IP addresses through DHCP server
6. Access to each department of the Beijing headquarters and Shanghai Branch (C1vlan20, C1 vlan 30, C1vlan40, vlan1, vlan2, and vlan3) is allowed, but access to C1 vlan10 (Finance Department) is prohibited)
Supplement: Re-publish routes in Core 2 and summarize routes at appropriate points. Use the default route when connecting to the Internet
Shanghai Branch
7. Use RIP v2 routing protocol between router and ds-1 and ds-2
8. ds-1 and ds-2 as the root bridge and enable HSRP as well as do link bundling
9. vlan1 cannot access the company's web server
IP address planning
Beijing headquarters:
. 1 11.11.11.0/24. 2. 1 12.12.12.0/24. 2
Core 1 certificate ------------------------------- à Cds-1 Core 1 certificate --------------------------------- à Cds-2
. 1 13.13.20./ 24. 2. 1 14.14.14.0/24. 2
Core 1 certificate ------------------------------- à Cds-3 Core 1 certificate --------------------------------- à Cds-4
. 1 21.21.21.0/24. 2. 1 22.22.22.0/24. 2
Core 2 certificate ------------------------------- à Cds-1 Core 2 certificate --------------------------------- à Cds-2
. 1 23.23.23.0/24. 2. 1 24.24.24.0/24. 2
Core 2 certificate ------------------------------- à Cds-3 Core 2 certificate --------------------------------- à Cds-1
. 1 100.100.100.0/24. 2
Core 1 certificate --------------------------------- à server-PT
C1vlan10: 10.10.10.0/24 (Gateway: 10.10.10.1) C1vlan20: 255.255.20.0/24 (Gateway: 255.255.20.1)
C1vlan30: 30.30.30.0/24 (Gateway: 30.30.30.1) C1vlan40: 40.40.40.0/24 (Gateway: 40.40.40.1)
. 1 200.200.200.0/24. 2
Core 2 (f0/1) Certificate --------------------------------- à Router (f0/1)
Shanghai Branch:
. 1 172.16.0.0/24. 2. 1 172.16.1.0/24. 2
Router route --------------------------------- à ds-1 Router route ------------------------------- à ds-2
Vlan1: 192.168.1.0 (Gateway: 192.168.1.1) vlan2: 192.168.2.0/24 (Gateway: 192.168.2.1)
Vlan3: 192.168.3.0/24 (Gateway: 192.168.3.1)
Operation logic:
To regionalize the topology, first fix the branch and then eat the headquarters
The branch topology is as follows:
I. Deal with branch offices
Switch layer Configuration
ConfigurationVTP
Ds-1 (config) # vtp mode server
Ds-1 (config) # vtp domain cisco
Ds-1 (config) # vtp password 123
Ds-2 (config) # vtp mode server
Ds-2 (config) # vtp domain cisco
Ds-2 (config) # vtp password 123
Switch 1 (config) # vtp mode client
Switch 1 (config) # vtp domain cisco
Switch 1 (config) # vtp password 123
Switch 2 (config) # vtp mode client
Switch 2 (config) # vtp domain cisco
Switch 2 (config) # vtp password 123
Switch 3 (config) # vtp mode client
Switch 3 (config) # vtp domain cisco
Switch 3 (config) # vtp password 123
ConfigurationTrunk(Take one of the two devices as an example)
Ds-1 (config) # inter f0/10
Ds-1 (config-if) # switchport trunk encapsulation dot1q
Ds-1 (config-if) # switchport mode trunk
Ds-1 (config-if) # switchport trunk allow vlan all
Ds-2 (config) # inter f0/10
Ds-2 (config-if) # switchport trunk encapsulation dot1q
Ds-2 (config-if) # switchport mode trunk
Ds-2 (config-if) # switchport trunk allow vlan all
Link bundling
Ds-1 (config) # inter range f0/20-30
Ds-1 (config-range) # switchport trunk encapsulation dot1q
Ds-1 (config-range) # swichport mode trunk
Ds-1 (config-range) # channel-group 1 mode on
Ds-2 (config) # interface port-channel
Ds-2 (config) # inter range f0/20-30
Ds-2 (config-range) # swichport mode trunk
Ds-2 (config-range) # channel-group 1 mode on
CreateVlan
Ds-1 (config) # vlan 2
Ds-1 (config) # vlan 3
ConfigurationSTP
Ds-1 (config) # spanning-tress vlan 1 root primary
Ds-1 (config) # spanning-tress vlan 2 root primary
Ds-1 (config) # spanning-tress vlan 3 root secondary
Ds-2 (config) # spanning-tress vlan 1 root secondary
Ds-2 (config) # spanning-tress vlan 2 root secondary
Ds-2 (config) # spanning-tress vlan 3 root primary
ConfigurationHSRP
Ds-1 (config) # interface vlan1
Ds-1 (config-if) # ip add 192.168.1.1 255.255.255.0
Ds-1 (config-if) # standby 1 ip 192.168.1.100
Ds-1 (config-if) # standby 1 priority 200
Ds-1 (config-if) # standby 1 preemt
Ds-1 (config-if) # standby 1 track f0/2 50
Ds-1 (config) # interface vlan2
Ds-1 (config-if) # ip add 192.168.2.1 255.255.255.0
Ds-1 (config-if) # standby 1 ip 192.168.2.100
Ds-1 (config-if) # standby 1 priority 200
Ds-1 (config-if) # standby 1 preemt
Ds-1 (config-if) # standby 1 track f0/2 50
Ds-1 (config) # interface vlan3
Ds-1 (config-if) # ip add 192.168.3.1 255.255.255.0
Ds-1 (config-if) # standby 1 ip 192.168.3.100
Ds-1 (config-if) # standby 1 priority 170
Ds-1 (config-if) # standby 1 preemt
Ds-2 (config) # interface vlan1
Ds-2 (config-if) # ip add 192.168.1.1 255.255.255.0
Ds-2 (config-if) # standby 1 ip 192.168.1.100
Ds-2 (config-if) # standby 1 priority 170
Ds-2 (config-if) # standby 1 preemt
Ds-2 (config) # interface vlan2
Ds-2 (config-if) # ip add 192.168.2.1 255.255.255.0
Ds-2 (config-if) # standby 1 ip 192.168.2.100
Ds-2 (config-if) # standby 1 priority 170
Ds-2 (config-if) # standby 1 preemt
Ds-2 (config) # interface vlan3
Ds-2 (config-if) # ip add 192.168.3.1 255.255.255.0
Ds-2 (config-if) # standby 1 ip 192.168.3.100
Ds-2 (config-if) # standby 1 priority 200
Ds-2 (config-if) # standby 1 preemt
Ds-2 (config-if) # standby 1 track f0/2 50
Connect client hostsVlan(Add as a portVlanFor example)
Switch1 (config) # interface f0/1
Switport (config-if) # switchport mode access
Switport (config-if) # switchport access vlan 1
Switch1 (config-if) # spanning-tress portfast
Author: "Zhao Haihua _ road to O & M"