小型校园网的搭建

实验环境与实验拓扑

使用H3C Cloud Lab作为实验环境.

实验拓扑:

校园网的配置

基本配置

出口路由器

# 给外网接口和内网接口配置IP地址
interface GigabitEthernet0/1
 ip address 20.0.0.2 255.255.255.0
 quit

interface GigabitEthernet0/2
 ip address 192.168.1.1 255.255.255.0
 quit
 
# 配置NAT
nat address-group 1
 address 20.0.0.2
 quit

acl number 2001
 rule 10 permit ip source 192.168.1.0 0.0.0.255
 quit

acl number 2002
 rule 10 permit ip source 10.0.0.0 0.255.255.255
 quit
 
interface GigabitEthernet0/1
 nat outbound 2001 address-group 1
 nat outbound 2002 address-group 1
 quit

核心交换机

# 创建三个vlan和虚拟接口,给虚拟接口配置IP地址
vlan 10
 name Core_VLAN1
interface GigabitEthernet1/0/1
 port link-type access
 port access vlan 10
interface vlan 10
 ip address 192.168.1.2 255.255.255.0
 quit

vlan 20
 name Core_VLAN2
interface GigabitEthernet1/0/2
 port link-type access
 port access vlan 20
interface vlan 20
 ip address 10.1.1.1 255.255.0.0
 quit

vlan 30
 name Core_VLAN3
interface GigabitEthernet1/0/3
 port link-type access
 port access vlan 30
interface vlan 30
 ip address 10.2.1.1 255.255.0.0
 quit

汇聚交换机1

# 创建三个vlan和虚拟接口,给虚拟接口配置IP地址
vlan 20
 name Aggregation1_VLAN1
interface GigabitEthernet1/0/1
 port link-type access
 port access vlan 20
 int vlan 20
 ip address 10.1.1.2 255.255.0.0
 quit

vlan 21
 name Aggregation1_VLAN2
interface GigabitEthernet1/0/2
 port link-type access
 port access vlan 21
 int vlan 21
 ip address 10.1.2.1 255.255.255.0
 quit

vlan 22
 name Aggregation1_VLAN3
interface GigabitEthernet1/0/3
 port link-type access
 port access vlan 22
 int vlan 22
 ip address 10.1.3.1 255.255.255.0
 quit

# 开启DHCP
dhcp enable

dhcp server ip-pool VLAN21
 network 10.1.2.0 mask 255.255.255.0
 gateway-list 10.1.2.1
 quit

dhcp server ip-pool VLAN22
 network 10.1.3.0 mask 255.255.255.0
 gateway-list 10.1.3.1
 quit

汇聚交换机2

# 创建三个vlan和虚拟接口,给虚拟接口配置IP地址
vlan 30
 name Aggregation2_VLAN1
interface GigabitEthernet1/0/1
 port link-type access
 port access vlan 30
 int vlan 30
 ip address 10.2.1.2 255.255.0.0
 quit

vlan 31
 name Aggregation2_VLAN2
interface GigabitEthernet1/0/2
 port link-type access
 port access vlan 31
 int vlan 31
 ip address 10.2.2.1 255.255.255.0
 quit

vlan 32
 name Aggregation2_VLAN3
interface GigabitEthernet1/0/3
 port link-type access
 port access vlan 32
 int vlan 32
 ip address 10.2.3.1 255.255.255.0
 quit

# 开启DHCP
dhcp enable

dhcp server ip-pool VLAN31
 network 10.2.2.0 mask 255.255.255.0
 gateway-list 10.2.2.1
 quit

dhcp server ip-pool VLAN32
 network 10.2.3.0 mask 255.255.255.0
 gateway-list 10.2.3.1
 quit

路由配置

使用静态路由繁琐且增加设备后需要手动添加的路由条目呈指数级增长,所以使用动态路由
因为此校园网规模较小,RIP可以满足需求

出口路由器

rip 1
 network 192.168.1.0
 network 20.0.0.0
 version 2
 undo summary
 quit

核心交换机

rip 1
 network 192.168.1.0
 network 10.1.0.0
 network 10.2.0.0
 version 2
 undo summary
 quit

汇聚交换机1

rip 1
 network 10.1.0.0
 network 10.1.2.0
 network 10.1.3.0
 version 2
 undo summary
 quit

汇聚交换机2

rip 1
 network 10.2.0.0
 network 10.2.2.0
 network 10.2.3.0
 version 2
 undo summary
 quit

此时,校园网的配置已经基本结束.

模拟互联网的配置

使用五台路由器作为模拟互联网.因为实际上的互联网有很多设备,RIP已经无法满足需求,所以使用OSPF来配置动态路由.
我们这样来分配IP地址:

• 路由器1：
  • g0/0: 20.0.0.1/24
  • g0/1: 139.196.237.1/24
• 路由器2：
  • g0/0: 139.196.237.2/24
  • g0/1: 139.196.238.1/24
  • g0/2: 139.196.239.1/24
• 路由器3：
  • g0/0: 139.196.240.1/24
  • g0/1: 139.196.238.2/24
  • g0/2: 139.196.241.1/24
• 路由器4：
  • g0/0: 139.196.239.2/24
  • g0/1: 139.196.240.2/24
• 路由器5：
  • g0/0: 139.196.241.2/24

基本配置和OSPF配置

路由器1

interface GigabitEthernet0/0
 ip address 20.0.0.1 255.255.255.0
 quit

interface GigabitEthernet0/1
 ip address 139.196.237.1 255.255.255.0
 quit

ospf 1
 area 0
  network 20.0.0.0 0.0.0.255
  network 139.196.237.0 0.0.0.255
 quit

路由器2

interface GigabitEthernet0/0
 ip address 139.196.237.2 255.255.255.0
 quit

interface GigabitEthernet0/1
 ip address 139.196.238.1 255.255.255.0
 quit

interface GigabitEthernet0/2
 ip address 139.196.239.1 255.255.255.0
 quit

ospf 1
 area 0
  network 139.196.237.0 0.0.0.255
  network 139.196.238.0 0.0.0.255
  network 139.196.239.0 0.0.0.255
 quit

路由器3

interface GigabitEthernet0/0
 ip address 139.196.240.1 255.255.255.0
 quit

interface GigabitEthernet0/1
 ip address 139.196.238.2 255.255.255.0
 quit

interface GigabitEthernet0/2
 ip address 139.196.241.1 255.255.255.0
 quit

ospf 1
 area 0
  network 139.196.238.0 0.0.0.255
  network 139.196.240.0 0.0.0.255
  network 139.196.241.0 0.0.0.255
 quit

路由器4

interface GigabitEthernet0/0
 ip address 139.196.239.2 255.255.255.0
 quit

interface GigabitEthernet0/1
 ip address 139.196.240.2 255.255.255.0
 quit

ospf 1
 area 0
  network 139.196.239.0 0.0.0.255
  network 139.196.240.0 0.0.0.255
 quit

路由器5

interface GigabitEthernet0/0
 ip address 139.196.241.2 255.255.255.0
 quit

ospf 1
 area 0
  network 139.196.241.0 0.0.0.255
 quit

将出口路由器添加到OSPF区域中

ospf 1
 area 0
 network 20.0.0.0 0.0.0.255

在核心交换机和汇聚交换机中将默认路由指向上一级设备

ip route-static 0.0.0.0 0 X.X.X.X

现在,局域网中的设备可以与互联网通信了.

DNS配置

配置DNS服务器

在拓扑中增加一个服务器

右键服务器点击配置,添加一个baidu.com,解析到互联网中已经存在的IP地址.

设置路由器对应的接口IP,任意设置,并且将网段加入到OSPF中.

interface GigabitEthernet 0/1
 ip address 139.196.242.1 255.255.255.0
 quit
ospf 1
 area 0.0.0.0
 network 139.196.242.0 0.0.0.255

右键服务器,打开命令行界面,将IP地址更改为与路由器同一网段

vi /etc/network/interfaces

将eth0的配置更改为

auto eth0
iface eth0 inet static
        address 139.196.241.2
        netmask 255.255.255.0
        gateway 139.196.241.1

在交换机中配置DNS服务器

分别在两个汇聚交换机的DHCP地址池中执行以下命令

dns-list 139.196.241.2

从接入层交换机拖出一根网线连接至物理机

等待DHCP获取成功后,在物理机上打开终端,输入nslookup,显示出DNS服务器解析至了139.196.241.2.证明DNS服务器配置成功