网络描述:客户是个大型钢厂,有多个分支厂区,采用OSPF多区域配置;网关都在分支的汇聚交换机上,但是DHCP地址池都统一在核心交换机上配置。
拓扑如下:
关键设备配置:
R1
acl number 2000
rule 5 permit
interface GigabitEthernet0/0/0
ip address 10.1.200.1 255.255.255.252
#
interface GigabitEthernet0/0/1
ip address 221.1.1.2 255.255.255.0
nat outbound 2000
#interface LoopBack0
ip address 10.1.0.1 255.255.255.255
#
ospf 1 router-id 10.1.0.1
default-route-advertise
area 0.0.0.0
network 10.1.0.1 0.0.0.0
network 10.1.200.1 0.0.0.0
#
ip route-static 0.0.0.0 0.0.0.0 221.1.1.1
R2
acl number 2000
rule 5 permit
nat address-group 1 111.1.1.3 111.1.1.10
#
interface GigabitEthernet0/0/1
ip address 111.1.1.2 255.255.255.0
nat outbound 2000 address-group 1
#
ip address 10.1.0.2 255.255.255.255
#
ospf 1 router-id 10.1.0.2
default-route-advertise
area 0.0.0.0
network 10.1.0.2 0.0.0.0
network 10.1.200.5 0.0.0.0
#
ip route-static 0.0.0.0 0.0.0.0 111.1.1.1
核心CORE
DHCP enable //开启dhcp
vlan batch 200 to 203
ip pool fenchang1
gateway-list 10.1.10.254
network 10.1.10.0 mask 255.255.255.0
excluded-ip-address 10.1.10.201 10.1.10.253
dns-list 202.99.192.66
#
ip pool fenchang2
gateway-list 10.1.20.254
network 10.1.20.0 mask 255.255.255.0
excluded-ip-address 10.1.20.201 10.1.20.253
dns-list 114.114.114.114
#
interface Vlanif200
ip address 10.1.200.2 255.255.255.252
#
interface Vlanif201
ip address 10.1.200.6 255.255.255.252
#
interface Vlanif202
ip address 10.1.200.9 255.255.255.252
dhcp select global
#
interface Vlanif203
ip address 10.1.200.13 255.255.255.252
dhcp select global
#
interface GigabitEthernet0/0/1
port link-type access
port default vlan 200
#
interface GigabitEthernet0/0/2
port link-type access
port default vlan 201
#
interface GigabitEthernet0/0/3
port link-type trunk
port trunk allow-pass vlan 202
#
interface GigabitEthernet0/0/4
port link-type trunk
port trunk allow-pass vlan 203
#ospf 1
area 0.0.0.0
network 10.1.200.2 0.0.0.0
network 10.1.200.6 0.0.0.0
area 0.0.0.1
network 10.1.200.9 0.0.0.0
area 0.0.0.2
network 10.1.200.13 0.0.0.0
分厂1的汇聚SW
dhcp enable //开启DHCP
vlan batch 10 202
interface Vlanif10
ip address 10.1.10.254 255.255.255.0
dhcp select relay
dhcp relay server-ip 10.1.200.9
#
interface Vlanif202
ip address 10.1.200.10 255.255.255.252
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 202
#
interface GigabitEthernet0/0/2 //用的hybrid口
port hybrid pvid vlan 10
port hybrid untagged vlan 10
#
ospf 1 router-id 10.1.0.4
area 0.0.0.1
network 10.1.10.0 0.0.0.255
network 10.1.0.4 0.0.0.0
network 10.1.200.10 0.0.0.0
分厂2的汇聚SW
vlan batch 20 203
dhcp enable //开启DHCP
#
interface Vlanif20
ip address 10.1.20.254 255.255.255.0
dhcp select relay
dhcp relay server-ip 10.1.200.13
#
interface Vlanif203
ip address 10.1.200.14 255.255.255.252
#interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 203
#
interface GigabitEthernet0/0/2
port link-type access
port default vlan 20
#
interface LoopBack0
ip address 10.1.0.5 255.255.255.255
#
ospf 1 router-id 10.1.0.5
area 0.0.0.2
network 10.1.0.5 0.0.0.0
network 10.1.20.0 0.0.0.255
network 10.1.200.14 0.0.0.0