Scribd Logo
Carica

Benvenuto in Scribd!

  • Hierarchical Network Design

    Caricato da

    Adébáyò Òjó
    37 visualizzazioni10 pagine
    This document provides configuration examples for hierarchically designing a network with Cisco devices. It shows configurations for an access layer switch, distribution layer switch, and core router. The access switch is configured with VLANs and trunking to the distribution switch. The distribution switch acts as the DHCP server for each VLAN and has trunking configured to the access switches. The core router acts as the DNS server and default gateway for traffic exiting the network.

    Descrizione originale:

    Creating a hierarchical network for optimal traffic flow in a LAN

    Copyright

    © Attribution Non-Commercial (BY-NC)

    Formati disponibili

    DOCX o leggi online da Scribd

    Hai trovato utile questo documento?

    Questo contenuto è inappropriato?

    Segnala questo documento
    This document provides configuration examples for hierarchically designing a network with Cisco devices. It shows configurations for an access layer switch, distribution layer switch, and core router. The access switch is configured with VLANs and trunking to the distribution switch. The distribution switch acts as the DHCP server for each VLAN and has trunking configured to the access switches. The core router acts as the DNS server and default gateway for traffic exiting the network.

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Scarica in formato DOCX o leggi online su Scribd
    Segnala contenuti inappropriati
    37 visualizzazioni10 pagine

    Hierarchical Network Design

    Caricato da

    Adébáyò Òjó
    This document provides configuration examples for hierarchically designing a network with Cisco devices. It shows configurations for an access layer switch, distribution layer switch, and core router. The access switch is configured with VLANs and trunking to the distribution switch. The distribution switch acts as the DHCP server for each VLAN and has trunking configured to the access switches. The core router acts as the DNS server and default gateway for traffic exiting the network.

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Scarica in formato DOCX o leggi online su Scribd
    Segnala contenuti inappropriati
    di 10

    Hierarcbical Network Design

    ueslgnlng ?our neLwork lor LffecLlve 8ouLlng and SwlLchlng



    1hls documenL shows how you can hlerarchlcally deslgn your neLwork keeplng local
    Lrafflc local and uslng Clsco devlces as boLh uPC and unS servers ln your neLwork

    1o down|oad a copy of th|s document v|s|t
    http]]www|deapoo|on||newordpresscom]











    epartment A Conf|gurat|on (1hls ls Lhe access layer swlLch any lowend Clsco swlLch can be used)

    eptA#show run
    8ulldlng conflguraLlon
    !
    hosLname uepLA
    !
    lp subneLzero
    !
    !
    lnLerface ClgablLLLherneL0/1
    swlLchporL access vlan 10
    swlLchporL mode access
    !
    lnLerface ClgablLLLherneL0/2
    swlLchporL access vlan 10
    swlLchporL mode access
    !
    lnLerface ClgablLLLherneL0/24 1took lotetfoce coooecteJ to clsco J560 l0/J ttook pott
    swlLchporL mode Lrunk
    !
    lnLerface ClgablLLLherneL0/23
    !
    lnLerface ClgablLLLherneL0/26
    !
    lnLerface vlan1
    no lp address
    !
    lnLerface vlan43 1bls ls tbe moooqemeot vloo fot tbe swltcbloq oetwotk tbe moooqemeot lp oJJtesses fot oll tbe swltcbes most be lo some
    oetwotk
    descrlpLlon MAnACLMLn1 vLAn
    lp address 1010098 233233233224
    !
    lp defaulLgaLeway 1010097 1be Jefoolt qotewoy ll oJJtess ls tbe fltst ll oJJtess lo tbe moooqemeot vloo ll block
    no lp hLLp server
    lp hLLp secureserver
    accessllsL 23 permlL 1010096 00031 an access llsL ls creaLed Lo permlL only Lhe l ln Lhe managemenL vlan for ssh access Lo Lhe swlLch
    !
    !
    llne con 0
    password 7
    logln
    llne vLy 0 4
    accessclass 23 ln
    logln local
    LransporL lnpuL ssh
    llne vLy 3 13
    accessclass 23 ln
    logln local
    LransporL lnpuL ssh
    !
    Lnd

    ept8#show v|an br|ef vloo ollocotloo fot eocb Jepottmeot tbls most be cooslsteoce lo oll tbe swltcbes
    1 defaulL acLlve Cl0/24 Cl0/23 Cl0/26
    10 uepLA acLlve
    20 uepL8 acLlve Cl0/1 Cl0/2 Cl0/3 Cl0/4
    Cl0/3 Cl0/6 Cl0/7 Cl0/8
    Cl0/9 Cl0/10 Cl0/11 Cl0/12
    Cl0/13 Cl0/14 Cl0/13 Cl0/16
    Cl0/17 Cl0/18 Cl0/19 Cl0/20
    Cl0/21 Cl0/22 Cl0/23
    30 uepLC acLlve
    43 MAnACLMLn1 acLlve
    1002 fddldefaulL acL/unsup
    1003 LokenrlngdefaulL acL/unsup
    1004 fddlneLdefaulL acL/unsup
    1003 LrneLdefaulL acL/unsup

    |str|but|on Layer Sw|tch Conf|gurat|on 1hls ls Lhe dlsLrlbuLlon layer SwlLch lL musL be able Lo supporL l rouLlng

    |str|but|on#show run
    8ulldlng conflguraLlon
    !
    hosLname ulsLrlbuLlon
    !
    lp subneLzero
    lp rouLlng tbls most be eoobleJ to ollow lotetvloo commoolcotloo
    no lp dhcp use vrf connecLed
    lp dhcp excludedaddress 101001 101003 1bese ote tbe llst of excloJeJ lp oJJtesses lo tbe uncl ollocotloo pool
    lp dhcp excludedaddress 1010033 1010038
    lp dhcp excludedaddress 1010063 1010069
    lp dhcp excludedaddress 1010097 10100102
    !
    lp dhcp pool vlan10 1be ulsttlbotloo loyet swltcb ls cooflqoteJ os tbe uncl setvet fot tbe eocb vloo
    neLwork 101000 233233233224
    defaulLrouLer 101001
    dnsserver 10100129
    !
    lp dhcp pool vlan20
    neLwork 1010032 233233233224
    defaulLrouLer 1010033
    dnsserver 10100129
    !
    lp dhcp pool vlan30
    neLwork 1010064 233233233224
    defaulLrouLer 1010063
    dnsserver 10100129
    !
    lp dhcp pool vlan43
    neLwork 1010096 233233233224
    defaulLrouLer 1010097
    dnsserver 10100129
    !
    lnLerface lasLLLherneL0/1 1took lotetfoce coooectloo to ueptc l0/24 ttook lotetfoce
    swlLchporL Lrunk encapsulaLlon doL1q
    swlLchporL mode Lrunk
    !
    lnLerface lasLLLherneL0/2 1took lotetfoce coooectloo to uept8 l0/24 ttook lotetfoce
    swlLchporL Lrunk encapsulaLlon doL1q
    swlLchporL mode Lrunk
    !
    lnLerface lasLLLherneL0/3 1took lotetfoce coooectloo to ueptA l0/24 ttook lotetfoce
    swlLchporL Lrunk encapsulaLlon doL1q
    swlLchporL mode Lrunk
    !
    lnLerface lasLLLherneL0/4
    !
    !
    lnLerface lasLLLherneL0/23
    !
    lnLerface lasLLLherneL0/24 kooteJ pott coooectloo to cotekootet lotetfoce
    descrlpLlon Llnk Lo Core8ouLer
    no swlLchporL
    lp address 10100128 233233233232
    !
    lnLerface ClgablLLLherneL0/1
    !
    lnLerface ClgablLLLherneL0/2
    !
    lnLerface vlan1
    no lp address
    shuLdown
    !
    lnLerface vlan10 5vl lotetfoces fot vloo10
    lp address 101001 233233233224
    !
    lnLerface vlan20 5vl lotetfoce fot vloo20
    lp address 1010033 233233233224
    !
    lnLerface vlan30 5vl lotetfoce fot vlooJ0
    lp address 1010063 233233233224
    !
    lnLerface vlan43 5vl lotetfoce fot vloo45
    lp address 1010097 233233233224
    !
    lp classless
    lp rouLe 0000 0000 lasLLLherneL0/24 stotlc toote fot oll ootqoloq ttofflc
    no lp hLLp server
    lp hLLp secureserver
    !
    accessllsL 23 permlL 1010096 00031 occess llst petmlttloq ooly ssb occess fot moooqemeot vloo
    !
    !
    llne con 0
    password
    logln
    llne vLy 0 4
    accessclass 23 ln
    logln local
    LransporL lnpuL ssh
    llne vLy 3 13
    accessclass 23 ln
    logln local
    LransporL lnpuL ssh
    !
    Lnd



    Core kouter Conf|gurat|on

    Corekouter#show run
    8ulldlng conflguraLlon

    !
    hosLname Core8ouLer
    !
    no aaa newmodel
    !
    no lpv6 cef
    lp sourcerouLe
    lp cef
    !
    lp domaln name yourdomalncom 1be tootet ls cooflqoteJ os tbe uN5 setvet fot tbe oetwotk
    lp nameserver 11111111 yoot l5l Jos setvet
    lp nameserver 12121212
    lp nameserver 4222 pobllc Jos setvet optloool
    lp nameserver 4223
    lp nameserver 4226
    !
    mulLlllnk bundlename auLhenLlcaLed
    !
    !
    !
    lnLerface ClgablLLLherneL0/0 ootslJe NA1 lotetfoce coooecteJ to yoot l5l
    descrlpLlon WWW
    lp address 19216811 233233233232 yoot l5l osslqoeJ pobllc ll oJJtess
    lp naL ouLslde
    lp vlrLualreassembly
    duplex auLo
    speed auLo
    !

    lnLerface ClgablLLLherneL0/1 lotetool NA1 lotetfoce fot lotetoet occess coooectloo
    descrlpLlon Llnk Lo ulsLrlbuLlon Layer SwlLch
    lp address 10100129 233233233232
    lp naL lnslde
    lp vlrLualreassembly
    duplex auLo
    speed auLo
    !
    lnLerface ClgablLLLherneL0/2
    no lp address
    shuLdown
    duplex auLo
    speed auLo
    !
    !
    lp forwardproLocol nd
    !
    lp hLLp server
    lp hLLp accessclass 23
    lp hLLp auLhenLlcaLlon local
    lp hLLp secureserver
    lp hLLp LlmeouLpollcy ldle 60 llfe 86400 requesLs 10000
    !
    lp dns server
    lp naL lnslde source llsL 10 lnLerface ClgablLLLherneL0/0 overload NA1 ovetlooJ cooflqototloo fot C0/0
    lp rouLe 0000 0000 19216811 stotlc toote fot oll extetool boooJ lotetoet ttofflc
    lp rouLe 101000 2332332330 ClgablLLLherneL0/1 stotlc toote fot oll lotetool boooJ ttofflc ftom tbe lotetoet
    !
    accessllsL 10 permlL 1010096 00031 occess llst fot tbe NA1 ovetlooJ cooflqototloo fot moooqemeot vloo
    accessllsL 10 permlL 101000 00031 occess llst fot tbe NA1 ovetlooJ cooflqototloo fot vloo10
    accessllsL 10 permlL 1010032 00031 occess llst fot tbe NA1 ovetlooJ cooflqototloo fot vloo20
    accessllsL 10 permlL 1010064 00031 occess llst fot tbe NA1 ovetlooJ cooflqototloo fot vlooJ0
    accessllsL 23 permlL 1010096 00031 occess llst fot moooqemeot vloo ssb occess to tbe swltcbes
    !
    llne con 0
    logln local
    llne aux 0
    llne vLy 0 4
    accessclass 23 ln
    logln local
    LransporL lnpuL ssh
    llne vLy 3 13
    accessclass 23 ln
    logln local
    LransporL lnpuL ssh
    !
    scheduler allocaLe 20000 1000
    end


    -otes

    1. Trunk links are typically used to connect switches to other switches, routers, or a server that uses an IEEE 802.1q-enabled network card
    to participate in multiple VLANs.
    . The trunk link also does not belong to a specific VLAN.
    3. By default, frames from VLAN 1 belong to the native VLAN, and are carried across the trunk untagged.
    4. t is recommended that the native VLAN should never be used as a user VLAN or the management VLAN.
    . Earlier it was stated that control traffic, CDP, VTP, PAgP, and DTP, is transmitted over VLAN 1, the default native VLAN. f the native
    VLAN is changed to something other than VLAN 1, then the control traffic would then be transmitted on VLAN 1 as tagged traffic. This will
    have no ill effects on the control traffic.
    6. t is fine to leave VLAN 1 as the default native VLAN, as long as VLAN 1 is not used as a user VLAN or as the management VLAN.
    Control traffic should be the only information carried across VLAN 1. However, it is also common practice to change the native VLAN to
    some dummy VLAN (other than VLAN 1) that is not used for any data or management traffic.
    7. t is also important to ensure that both ends of a switch-to-switch link have consistent native VLANs configured. f the native VLANs on
    both ends of a link are not the same, there will effectively be a bridge between the two VLANs and they will no longer be independent
    broadcast domains. Fortunately, recent versions of the OS alert the user when mismatches in the native VLAN occur.

    Potrebbero piacerti anche