eNSP综合小实验：VRRP、MSTP、Eth-Trunk、NAT、DHCP等技术应用

完成下图要求：

拓扑图：

配置命令：

由于交换机日志太多不便于复制，所以就复制命令。大概步骤如下：

第一步先分配IP地址，在sw1和sw2上创建VLAN100用于e0/0/3口配IP，在sw1、sw2、sw3、sw4上创建VLAN2，在sw1、sw2上创建vlanif1和vlanif2。建树组2，将sw1设为VLAN1的root，VLAN2的备份，将sw2设为VLAN2的root，VLAN1的备份。搭ospf使全网通，在sw1和sw2上vrrp建邻，解决网关冗余。配置DHCP，在vlanif1和vlanif2下开启全局地址分配。在r1上做nat和ospf缺省路由。再写一条静态缺省指向ISP。结束！

SW1:

[SW1]disp current-configuration 
#
sysname SW1
#
vlan batch 2 100
#
stp instance 0 root primary
stp instance 2 root secondary
#
dhcp enable
#
stp region-configuration
 region-name aa
 instance 2 vlan 2
 active region-configuration
#
drop-profile default
#
ip pool vlan1
 gateway-list 172.16.1.250
 network 172.16.1.0 mask 255.255.255.0
#
ip pool vlan2
 gateway-list 172.16.2.250
 network 172.16.2.0 mask 255.255.255.0
#
interface Vlanif1
 ip address 172.16.1.1 255.255.255.0
 vrrp vrid 1 virtual-ip 172.16.1.250
 vrrp vrid 1 priority 101
 dhcp select global
#
interface Vlanif2
 ip address 172.16.2.1 255.255.255.0
 vrrp vrid 2 virtual-ip 172.16.2.250
 vrrp vrid 2 priority 99
 dhcp select global
#
interface Vlanif100
 ip address 172.16.0.2 255.255.255.252
#
interface MEth0/0/1
#
interface Eth-Trunk0
 port link-type trunk
 port trunk allow-pass vlan 2 to 4094
#
interface Ethernet0/0/1
 port link-type trunk
 port trunk allow-pass vlan 2 to 4094
#
interface Ethernet0/0/2
 port link-type trunk
 port trunk allow-pass vlan 2 to 4094
#
interface Ethernet0/0/3
 port link-type access
 port default vlan 100
#
interface GigabitEthernet0/0/1
 eth-trunk 0
#
interface GigabitEthernet0/0/2
 eth-trunk 0
#
interface NULL0
#
ospf 1
 area 0.0.0.0
  network 172.16.1.0 0.0.0.255
  network 172.16.2.0 0.0.0.255
  network 172.16.0.2 0.0.0.0

SW2:

[SW2]disp current-configuration 
#
sysname SW2
#
vlan batch 2 100
#
stp instance 0 root secondary
stp instance 2 root primary
#
dhcp enable
#
stp region-configuration
 region-name aa
 instance 2 vlan 2
 active region-configuration
#
ip pool vlan1
 gateway-list 172.16.1.250
 network 172.16.1.0 mask 255.255.255.0
#
ip pool vlan2
 gateway-list 172.16.2.250
 network 172.16.2.0 mask 255.255.255.0
#
interface Vlanif1
 ip address 172.16.1.2 255.255.255.0
 vrrp vrid 1 virtual-ip 172.16.1.250
 dhcp select global
#
interface Vlanif2
 ip address 172.16.2.2 255.255.255.0
 vrrp vrid 2 virtual-ip 172.16.2.250
 dhcp select global
#
interface Vlanif100
 ip address 172.16.0.6 255.255.255.252
#
interface Eth-Trunk0
 port link-type trunk
 port trunk allow-pass vlan 2 to 4094
#
interface Ethernet0/0/1
 port link-type trunk
 port trunk allow-pass vlan 2 to 4094
#
interface Ethernet0/0/2
 port link-type trunk
 port trunk allow-pass vlan 2 to 4094
#
interface Ethernet0/0/3
 port link-type access
 port default vlan 100
#
interface GigabitEthernet0/0/1
 eth-trunk 0
#
interface GigabitEthernet0/0/2
 eth-trunk 0
#
ospf 1
 area 0.0.0.0
  network 172.16.1.2 0.0.0.0
  network 172.16.2.2 0.0.0.0
  network 172.16.0.6 0.0.0.0

SW3:

[SW3]dis current-configuration 
#
sysname SW3
#
vlan batch 2
#
stp region-configuration
 region-name aa
 instance 2 vlan 2
 active region-configuration
#
interface Vlanif1
#
interface Ethernet0/0/1
 port link-type access
#
interface Ethernet0/0/2
 port link-type access
 port default vlan 2
#
interface Ethernet0/0/3
 port link-type trunk
 port trunk allow-pass vlan 2 to 4094
#
interface Ethernet0/0/4
 port link-type trunk
 port trunk allow-pass vlan 2 to 4094

SW4:

[SW4]disp current-configuration 
#
sysname SW4
#
vlan batch 2
#
stp region-configuration
 region-name aa
 instance 2 vlan 2
 active region-configuration
#
interface Vlanif1
#
interface Ethernet0/0/1
#
interface Ethernet0/0/2
 port link-type access
 port default vlan 2
#
interface Ethernet0/0/3
 port link-type trunk
 port trunk allow-pass vlan 2 to 4094
#
interface Ethernet0/0/4
 port link-type trunk
 port trunk allow-pass vlan 2 to 4094

R1:

<Huawei>sys
[Huawei]sys r1
[r1]int g 0/0/0
[r1-GigabitEthernet0/0/0]ip add 172.16.0.1 30
[r1-GigabitEthernet0/0/0]int g 0/0/1
[r1-GigabitEthernet0/0/1]ip add 172.16.0.5 30
[r1-GigabitEthernet0/0/1]int g 0/0/2
[r1-GigabitEthernet0/0/2]ip add 12.1.1.1 24

[r1]ospf 1 router-id 1.1.1.1
[r1-ospf-1]area 0
[r1-ospf-1-area-0.0.0.0]network 172.16.0.0 0.0.0.255
[r1-ospf-1-area-0.0.0.0]network 12.1.1.1 0.0.0.0

[r1-ospf-1]default-route-advertise always 

acl number 2000  
 rule 5 permit source 172.16.0.0 0.0.255.255 

interface GigabitEthernet0/0/2
 nat outbound 2000

ISP:

<Huawei>sys
[Huawei]sys ISP
[ISP]int g 0/0/0
[ISP-GigabitEthernet0/0/0]ip add 12.1.1.2 24
[ISP-GigabitEthernet0/0/0]int lo0
[ISP-LoopBack0]ip add 2.2.2.2 24

实验结果：