目录
- 实验条件
- 配置实现
-
- [1. 配置PC1~3, DHCP_Server的vlan](#1. 配置PC1~3, DHCP_Server的vlan)
- [2. VLAN10、20的网关为MSW1对应的SVI,VLAN30、40的网关为MSW2对应的SVI;](#2. VLAN10、20的网关为MSW1对应的SVI,VLAN30、40的网关为MSW2对应的SVI;)
- [3. 配置5台交换机之间线路均为Trunk](#3. 配置5台交换机之间线路均为Trunk)
- [4. 配置5台交换机均启用Rapid-PVST(RSTP)](#4. 配置5台交换机均启用Rapid-PVST(RSTP))
- [5. 配置DHCP Server,创建3个地址池](#5. 配置DHCP Server,创建3个地址池)
- [6. 配置动态路由OSPF](#6. 配置动态路由OSPF)
- [7. 配置OR出口路由器PPPoE拨号上网](#7. 配置OR出口路由器PPPoE拨号上网)
-
- 配置ISP服务端
- 配置`OR`出口路由器
- [OR & MSW1 & MSW2路由表](#OR & MSW1 & MSW2路由表)
- [8. OR配置端口复用NAT,使得内网PC1~3能成功ping通ISP上的8.8.8.8;](#8. OR配置端口复用NAT,使得内网PC1~3能成功ping通ISP上的8.8.8.8;)
-
- 在ISP上配置DNS服务
- 配置端口复用NAT
- [PC开始Ping 8.8.8.8网址](#PC开始Ping 8.8.8.8网址)
- [PC1 ping 8.8.8.8时,手动关闭SW1的E0/1口模拟线路故障,观察PC1的数据通信情况](#PC1 ping 8.8.8.8时,手动关闭SW1的E0/1口模拟线路故障,观察PC1的数据通信情况)
实验条件
网络拓朴
需求
- PC1属于VLAN10,PC2属于VLAN20,PC3属于VLAN30,DHCP Server属于VLAN40,PC1、PC2、PC3的IP地址均采用DHCP方式获取;
- VLAN10、20的网关为MSW1对应的SVI,VLAN30、40的网关为MSW2对应的SVI;
- 所有5台交换机之间线路均为Trunk,其中MSW1和MSW2之间E0/0-1需使用EtherChannel进行捆绑,组ID为12,模式为on;
- 所有5台交换机均启用Rapid-PVST(RSTP),其中MSW1为VLAN10、20的根桥,MSW2为备份根桥,MSW2为VLAN30、40的根桥,MSW1为备份根桥;
- 配置DHCP Server,创建3个地址池,分别为Sales:192.168.10.0/24,网关为192.168.10.254、Product:192.168.20.0/24,网关为192.168.20.254、Services:192.168.30.0/24,网关为192.168.30.254,VLAN10、20、30的网关配置DHCP中继至DHCP Server;
- OR、MSW1、MSW2之间运行OSPF,进程ID:100,Area ID:0,OR下发默认路由仅当本身存在默认路由时;
- OR配置PPPoE,用户名:SPOTO 密码:SPOTO123,ISP没有告知使用哪种认证方式,拨号成功后自动获取IP信息,以及本地自动生成一条默认路由指向ISP;
- OR配置端口复用NAT,使得内网PC1~3能成功ping通ISP上的8.8.8.8;
- PC1 ping 8.8.8.8时,手动关闭SW1的E0/1口模拟线路故障,观察PC1的数据通信情况。
配置实现
1. 配置PC1~3, DHCP_Server的vlan
需求: PC1属于VLAN10,PC2属于VLAN20,PC3属于VLAN30,DHCP Server属于VLAN40,PC1、PC2、PC3的IP地址均采用DHCP方式获取
SW1 & SW2 & SW3
java
SW1(config)#int e0/0
SW1(config-if)#switchport mode access
SW1(config-if)#switchport access vlan 10
SW1(config-if)#no shutdown
MSW1 & MSW2
java
MSW1(config)#vlan 10,20,30,40
MSW1(config-vlan)#exit
java
MSW2(config)#vlan 10,20,30,40
MSW2(config-vlan)#exit
MSW2(config)#int e1/2
MSW2(config-if)#switchport mode access
MSW2(config-if)#switchport access vlan 40
MSW2(config-if)#no shutdown
PC1 & PC2 & PC3
java
PC1(config)#no ip routing
PC1(config)#int e0/0
PC1(config-if)#ip address dhcp
PC1(config-if)#no shutdown
PC1(config-if)#
DHCP_Server
java
DHCP_Server(config)#no ip routing
DHCP_Server(config)#int e0/0
DHCP_Server(config-if)#ip address 192.168.40.1 255.255.255.0
DHCP_Server(config-if)#no shutdown
DHCP_Server(config-if)#duplex full
DHCP_Server(config-if)#exit
DHCP_Server(config)#ip default-gateway 192.168.40.254
2. VLAN10、20的网关为MSW1对应的SVI,VLAN30、40的网关为MSW2对应的SVI;
MSW1
java
MSW1(config)#vlan 10,20,30,40
MSW1(config-vlan)#exit
MSW1(config)#int vlan 10
MSW1(config-if)#ip address 192.168.10.254 255.255.255.0
MSW1(config-if)#no shutdown
MSW1(config-if)#int vlan 20
MSW1(config-if)#ip address 192.168.20.254 255.255.255.0
MSW1(config-if)#no shutdown
MSW1(config-if)#
此时的SVI接口down状态.因为没有配置Trunk或是有归属于10,20的vlan, 所以svi没有办法up, 下一步创建trunk的时候,就可以正常了
MSW2
java
MSW2(config-if)#vlan 10,20,30,40
MSW2(config-vlan)#exit
MSW2(config)#int vlan 30
MSW2(config-if)#ip address 192.168.30.254 255.255.255.0
MSW2(config-if)#no shutdown
MSW2(config-if)#int vlan 40
MSW2(config-if)#ip address 192.168.40.254 255.255.255.0
MSW2(config-if)#no shutdown
3. 配置5台交换机之间线路均为Trunk
所有5台交换机之间线路均为Trunk,其中MSW1和MSW2之间E0/0-1需使用EtherChannel进行捆绑,组ID为12,模式为on;
MSW1
配置
java
MSW1(config)#int range ethernet 0/0-3, e1/0
MSW1(config-if-range)#switchport trunk encapsulation dot1q
MSW1(config-if-range)#switchport mode trunk
MSW1(config-if-range)#exit
MSW1(config)#int range e0/0-1
MSW1(config-if-range)#channel-group 12 mode on
Creating a port-channel interface Port-channel 12
MSW1(config-if-range)#
MSW2
配置
java
MSW2(config)#int range e0/0-3,e1/0
MSW2(config-if-range)#switchport trunk encapsulation dot1q
MSW2(config-if-range)#switchport mode trunk
MSW2(config-if-range)#exit
MSW2(config)#int range e0/0-1
MSW2(config-if-range)#channel-group 12 mode on
Creating a port-channel interface Port-channel 12
MSW2(config-if-range)#
查询结果
java
MSW1(config-if-range)#do show etherchannel summary
Flags: D - down P - bundled in port-channel
I - stand-alone s - suspended
H - Hot-standby (LACP only)
R - Layer3 S - Layer2
U - in use N - not in use, no aggregation
f - failed to allocate aggregator
M - not in use, minimum links not met
m - not in use, port not aggregated due to minimum links not met
u - unsuitable for bundling
w - waiting to be aggregated
d - default port
A - formed by Auto LAG
Number of channel-groups in use: 1
Number of aggregators: 1
Group Port-channel Protocol Ports
------+-------------+-----------+-----------------------------------------------
12 Po12(SU) - Et0/0(P) Et0/1(P)
MSW1(config-if-range)#do show int trunk
Port Mode Encapsulation Status Native vlan
Et0/2 on 802.1q trunking 1
Et0/3 on 802.1q trunking 1
Et1/0 on 802.1q trunking 1
Po12 on 802.1q trunking 1
Port Vlans allowed on trunk
Et0/2 1-4094
Et0/3 1-4094
Et1/0 1-4094
Po12 1-4094
Port Vlans allowed and active in management domain
Et0/2 1,10,20,30,40
Et0/3 1,10,20,30,40
Et1/0 1,10,20,30,40
Po12 1,10,20,30,40
Port Vlans in spanning tree forwarding state and not pruned
Et0/2 1,10,20,30,40
Et0/3 1,10,20,30,40
Et1/0 1,10,20,30,40
Port Vlans in spanning tree forwarding state and not pruned
Po12 1,10,20,30,40
MSW1(config-if-range)#
SW1 & SW2 & SW3
配置
java
SW1(config)#int range e0/1-2
SW1(config-if-range)#switchport trunk encapsulation dot1q
SW1(config-if-range)#switchport mode trunk
SW1(config-if-range)#no shutdown
SW1(config-if-range)#
4. 配置5台交换机均启用Rapid-PVST(RSTP)
所有5台交换机均启用Rapid-PVST(RSTP),其中MSW1为VLAN10、20的根桥,MSW2为备份根桥,MSW2为VLAN30、40的根桥,MSW1为备份根桥;
SW1 & SW2 & SW3
java
SW1(config)#spanning-tree mode rapid-pvst
配置MSW1为VLAN10、20的根桥, MSW2为备份根桥
java
MSW1(config)#spanning-tree mode rapid-pvst
MSW1(config)#spanning-tree vlan 10,20 priority 0
MSW1(config)#spanning-tree vlan 30,40 priority 4096
配置MSW2为VLAN30、40的根桥, MSW1为备份根桥
java
MSW2(config)#spanning-tree mode rapid-pvst
MSW2(config)#spanning-tree vlan 30,40 priority 0
MSW2(config)#spanning-tree vlan 10,20 priority 4096
5. 配置DHCP Server,创建3个地址池
配置DHCP Server,创建3个地址池,分别为Sales:192.168.10.0/24,网关为192.168.10.254、Product:192.168.20.0/24,网关为192.168.20.254、Services:192.168.30.0/24,网关为192.168.30.254,VLAN10、20、30的网关配置DHCP中继至DHCP Server;
DHCP_Server配置
java
DHCP_Server(config)#service dhcp
// sales地址池
DHCP_Server(config)#ip dhcp pool Sales
DHCP_Server(dhcp-config)#network 192.168.10.0 255.255.255.0
DHCP_Server(dhcp-config)#default-router 192.168.10.254
DHCP_Server(dhcp-config)#dns-server 8.8.8.8
// product地址池
DHCP_Server(dhcp-config)#ip dhcp pool Product
DHCP_Server(dhcp-config)#network 192.168.20.0 255.255.255.0
DHCP_Server(dhcp-config)#default-router 192.168.20.254
DHCP_Server(dhcp-config)#dns-server 8.8.8.8
// services地址池
DHCP_Server(dhcp-config)#ip dhcp pool Services
DHCP_Server(dhcp-config)#network 192.168.30.0 255.255.255.0
DHCP_Server(dhcp-config)#default-router 192.168.30.254
DHCP_Server(dhcp-config)#dns-server 8.8.8.8
DHCP_Server(dhcp-config)#
MSW1配置
java
MSW1(config)#interface vlan 10
MSW1(config-if)#ip helper-address 192.168.40.1
MSW1(config-if)#interface vlan 20
MSW1(config-if)#ip helper-address 192.168.40.1
MSW1(config-if)#
MSW2配置
java
MSW2(config)#interface vlan 30
MSW2(config-if)#ip helper-address 192.168.40.1
6. 配置动态路由OSPF
OR、MSW1、MSW2之间运行OSPF,进程ID:100,Area ID:0,OR下发默认路由仅当本身存在默认路由时
注:
default-information originate [always]
带always
参数: 不管下发默认路由的路由器本身有没有默认路由,都可以作为默认路由下发者
不带always
参数: 下发默认路由的路由器本身必须要有默认路由;
配置OR
java
OR(config)#int e0/1
OR(config-if)#ip address 10.1.1.1 255.255.255.0
OR(config-if)#no shutdown
OR(config-if)#duplex full
OR(config-if)#int e0/2
OR(config-if)#ip address 10.1.2.1 255.255.255.0
OR(config-if)#no shutdown
OR(config-if)#duplex full
// 配置OSPF
OR(config)# router ospf 100
OR(config-router)#router-id 1.1.1.1
OR(config-router)#network 10.1.1.1 0.0.0.0 area 0
OR(config-router)#network 10.1.2.1 0.0.0.0 area 0
OR(config-router)#default-information originate // 当本机没有默认路由时不下发默认路由给其它路由器
OR(config-router)#exit
OR(config)#do show ip ospf neighbor
Neighbor ID Pri State Dead Time Address Interface
3.3.3.3 1 FULL/BDR 00:00:35 10.1.2.2 Ethernet0/2
2.2.2.2 1 FULL/BDR 00:00:35 10.1.1.2 Ethernet0/1
OR(config)#
java
MSW1(config)#router ospf 100
MSW1(config-router)#router-id 2.2.2.2
MSW1(config-router)#network 0.0.0.0 255.255.255.255 area 0
MSW1(config)#do show ip ospf neighbor
Neighbor ID Pri State Dead Time Address Interface
1.1.1.1 1 FULL/DR 00:00:35 10.1.1.1 Ethernet1/1
MSW1(config)#
java
MSW2(config)#router ospf 100
MSW2(config-router)#router-id 3.3.3.3
MSW2(config-router)#network 0.0.0.0 255.255.255.255 area 0
MSW2(config)#do show ip ospf neighbor
Neighbor ID Pri State Dead Time Address Interface
1.1.1.1 1 FULL/DR 00:00:37 10.1.2.1 Ethernet1/1
MSW2(config)#
7. 配置OR出口路由器PPPoE拨号上网
OR配置PPPoE,用户名:SPOTO 密码:SPOTO123,ISP没有告知使用哪种认证方式,拨号成功后自动获取IP信息,以及本地自动生成一条默认路由指向ISP;
配置ISP服务端
ISP端配置
java
ISP(config)#username SPOTO password SPOTO123
ISP(config)#ip local pool cciepools 211.98.5.10 211.98.5.253
ISP(config)#interface virtual-template 1
ISP(config-if)#ip address 211.98.5.254 255.255.255.0
ISP(config-if)#no shutdown
ISP(config-if)#encapsulation ppp
ISP(config-if)#ip mtu 1492
ISP(config-if)#ppp authentication pap
ISP(config-if)#peer default ip address pool cciepools
ISP(config-if)#exit
ISP(config)#bba-group pppoe bgISP
ISP(config-bba-group)#virtual-template 1
ISP(config-bba-group)#exit
ISP(config)#int e0/0
ISP(config-if)#pppoe enable group bgISP
ISP(config-if)#no shutdown
ISP(config-if)#exit
ISP(config)#do show ip int br
Interface IP-Address OK? Method Status Protocol
Ethernet0/0 unassigned YES NVRAM up up
Ethernet0/1 unassigned YES NVRAM administratively down down
Ethernet0/2 unassigned YES NVRAM administratively down down
Ethernet0/3 unassigned YES NVRAM administratively down down
Virtual-Access1 unassigned YES unset down down
Virtual-Access2 unassigned YES unset up up
Virtual-Template1 211.98.5.254 YES manual down down
ISP(config)#
配置OR
出口路由器
java
OR(config)#interface dialer 1
OR(config-if)#encapsulation ppp
OR(config-if)#ip mtu 1492
OR(config-if)#ppp pap sent-username SPOTO password SPOTO123
OR(config-if)#ppp chap hostname SPOTO
OR(config-if)#ppp chap password SPOTO123
OR(config-if)#ip address negotiated
OR(config-if)#ppp ipcp route default
OR(config-if)#dialer pool 1
OR(config-if)#exit
OR(config)#int e0/0
OR(config-if)#pppoe enable group global
OR(config-if)#pppoe-client dial-pool-number 1
OR(config-if)#no shutdown
拨号成功
java
OR(config)#do show ip int br
Interface IP-Address OK? Method Status Protocol
Ethernet0/0 unassigned YES NVRAM up up
Ethernet0/1 10.1.1.1 YES manual up up
Ethernet0/2 10.1.2.1 YES manual up up
Ethernet0/3 unassigned YES NVRAM administratively down down
Dialer1 211.98.5.10 YES IPCP up up
NVI0 10.1.1.1 YES unset up up
Virtual-Access1 unassigned YES unset up up
Virtual-Access2 unassigned YES unset up up
OR(config)#
NVI0接口, NAT用来做端口映射用的.
OR & MSW1 & MSW2路由表
OR & MSW1 & MSW2
java
OR(config-if)#do show ip route
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
a - application route
+ - replicated route, % - next hop override
Gateway of last resort is 211.98.5.254 to network 0.0.0.0
S* 0.0.0.0/0 is directly connected
10.0.0.0/8 is variably subnetted, 4 subnets, 2 masks
C 10.1.1.0/24 is directly connected, Ethernet0/1
L 10.1.1.1/32 is directly connected, Ethernet0/1
C 10.1.2.0/24 is directly connected, Ethernet0/2
L 10.1.2.1/32 is directly connected, Ethernet0/2
O 192.168.10.0/24 [110/11] via 10.1.1.2, 00:35:48, Ethernet0/1
O 192.168.20.0/24 [110/11] via 10.1.1.2, 00:35:48, Ethernet0/1
O 192.168.30.0/24 [110/11] via 10.1.2.2, 00:35:31, Ethernet0/2
O 192.168.40.0/24 [110/11] via 10.1.2.2, 00:35:31, Ethernet0/2
211.98.5.0/32 is subnetted, 2 subnets
C 211.98.5.10 is directly connected, Dialer1
C 211.98.5.254 is directly connected, Dialer1
OR(config-if)#
java
MSW1(config)#do show ip route
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
a - application route
+ - replicated route, % - next hop override
Gateway of last resort is 10.1.1.1 to network 0.0.0.0
O*E2 0.0.0.0/0 [110/1] via 10.1.1.1, 00:02:56, Ethernet1/1
10.0.0.0/8 is variably subnetted, 3 subnets, 2 masks
C 10.1.1.0/24 is directly connected, Ethernet1/1
L 10.1.1.2/32 is directly connected, Ethernet1/1
O 10.1.2.0/24 [110/20] via 10.1.1.1, 00:38:32, Ethernet1/1
192.168.10.0/24 is variably subnetted, 2 subnets, 2 masks
C 192.168.10.0/24 is directly connected, Vlan10
L 192.168.10.254/32 is directly connected, Vlan10
192.168.20.0/24 is variably subnetted, 2 subnets, 2 masks
C 192.168.20.0/24 is directly connected, Vlan20
L 192.168.20.254/32 is directly connected, Vlan20
O 192.168.30.0/24 [110/21] via 10.1.1.1, 00:38:16, Ethernet1/1
O 192.168.40.0/24 [110/21] via 10.1.1.1, 00:38:16, Ethernet1/1
MSW1(config)#
java
MSW2(config-router)#do show ip route
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
a - application route
+ - replicated route, % - next hop override
Gateway of last resort is 10.1.2.1 to network 0.0.0.0
O*E2 0.0.0.0/0 [110/1] via 10.1.2.1, 00:00:21, Ethernet1/1
10.0.0.0/8 is variably subnetted, 3 subnets, 2 masks
O 10.1.1.0/24 [110/20] via 10.1.2.1, 00:35:41, Ethernet1/1
C 10.1.2.0/24 is directly connected, Ethernet1/1
L 10.1.2.2/32 is directly connected, Ethernet1/1
O 192.168.10.0/24 [110/21] via 10.1.2.1, 00:35:41, Ethernet1/1
O 192.168.20.0/24 [110/21] via 10.1.2.1, 00:35:41, Ethernet1/1
192.168.30.0/24 is variably subnetted, 2 subnets, 2 masks
C 192.168.30.0/24 is directly connected, Vlan30
L 192.168.30.254/32 is directly connected, Vlan30
192.168.40.0/24 is variably subnetted, 2 subnets, 2 masks
C 192.168.40.0/24 is directly connected, Vlan40
L 192.168.40.254/32 is directly connected, Vlan40
MSW2(config-router)#
8. OR配置端口复用NAT,使得内网PC1~3能成功ping通ISP上的8.8.8.8;
PC1到3的机器上获取ip时都指定了dns服务器地址为 8.8.8.8
在ISP上配置DNS服务
java
ISP(config)#interface loopback 1
ISP(config-if)#ip address 8.8.8.8 255.255.255.0
ISP(config-if)#no shutdown
ISP(config-if)#do show ip int br
Interface IP-Address OK? Method Status Protocol
Ethernet0/0 unassigned YES NVRAM up up
Ethernet0/1 unassigned YES NVRAM administratively down down
Ethernet0/2 unassigned YES NVRAM administratively down down
Ethernet0/3 unassigned YES NVRAM administratively down down
Loopback1 8.8.8.8 YES manual up up
Virtual-Access1 unassigned YES unset down down
Virtual-Access2 unassigned YES unset up up
Virtual-Access2.1 211.98.5.254 YES manual up up
Virtual-Template1 211.98.5.254 YES manual down down
ISP(config-if)#exit
ISP(config)#ip dns server
ISP(config)#ip host www.test.local 8.8.8.8
ISP(config)#
配置端口复用NAT
4个子网, 10,20,30,40 这个匹配的话, 这4个值变化的范围在8位的二进制位中的第2到第6位, 所以得出的通配符是62. 不过这样的话,就会匹配出很多不存在的子网,因此还是通过配置多条permit语句实现
java
OR(config)#ip access-list standard inside_lan
OR(config-std-nacl)#permit 192.168.10.0 0.0.0.255
OR(config-std-nacl)#permit 192.168.20.0 0.0.0.255
OR(config-std-nacl)#permit 192.168.30.0 0.0.0.255
OR(config-std-nacl)#permit 192.168.40.0 0.0.0.255
// 或者 OR(config-std-nacl)#permit 192.168.0.0 0.0.62.255
OR(config-std-nacl)#exit
OR(config)#interface dialer 1
OR(config-if)#ip nat outside
OR(config-if)#int range e0/1-2
OR(config-if-range)#ip nat inside
OR(config-if-range)#exit
OR(config)#ip nat inside source list inside_lan interface dialer 1 overload
OR(config)#do show ip nat translations
OR(config)#
PC开始Ping 8.8.8.8网址
PC1 & PC2 & PC3 & DHCP_Server
java
PC1#ping www.test.local
Translating "www.test.local"
% Unrecognized host or address, or protocol not running.
PC1#conf t
PC1(config)#ip domain lookup
PC1(config)#end
PC1#ping www.test.local
Translating "www.test.local"...domain server (8.8.8.8) [OK]
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 8.8.8.8, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 2/2/3 ms
PC1#
OR出口路由器端口映射表
java
OR(config)#do show ip nat translations
Pro Inside global Inside local Outside local Outside global
icmp 211.98.5.10:0 192.168.10.1:0 8.8.8.8:0 8.8.8.8:0
udp 211.98.5.10:56655 192.168.10.1:56655 8.8.8.8:53 8.8.8.8:53
icmp 211.98.5.10:1 192.168.20.1:0 8.8.8.8:0 8.8.8.8:1
udp 211.98.5.10:55539 192.168.20.1:55539 8.8.8.8:53 8.8.8.8:53
icmp 211.98.5.10:2 192.168.30.1:0 8.8.8.8:0 8.8.8.8:2
udp 211.98.5.10:55671 192.168.30.1:55671 8.8.8.8:53 8.8.8.8:53
icmp 211.98.5.10:3 192.168.40.1:3 8.8.8.8:3 8.8.8.8:3
udp 211.98.5.10:64320 192.168.40.1:64320 8.8.8.8:53 8.8.8.8:53
OR(config)#do show ip nat statistics
Total active translations: 0 (0 static, 0 dynamic; 0 extended)
Peak translations: 8, occurred 00:02:58 ago
Outside interfaces:
Dialer1, Virtual-Access2
Inside interfaces:
Ethernet0/1, Ethernet0/2
Hits: 48 Misses: 0
CEF Translated packets: 40, CEF Punted packets: 8
Expired translations: 8
Dynamic mappings:
-- Inside Source
[Id: 1] access-list inside_lan interface Dialer1 refcount 0
Total doors: 0
Appl doors: 0
Normal doors: 0
Queued Packets: 0
OR(config)#
PC1 ping 8.8.8.8时,手动关闭SW1的E0/1口模拟线路故障,观察PC1的数据通信情况
Ping 不全部贴出来了
java
PC1#ping www.test.local repeat 10000
Translating "www.test.local"...domain server (8.8.8.8) [OK]
Type escape sequence to abort.
Sending 10000, 100-byte ICMP Echos to 8.8.8.8, timeout is 2 seconds:
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!...............!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Success rate is 99 percent (685/700), round-trip min/avg/max = 1/1/13 ms
PC1#
java
SW1(config-if)#do show spanning-tree vlan 10
VLAN0010
Spanning tree enabled protocol rstp
Root ID Priority 10
Address aabb.cc00.7000
Cost 100
Port 2 (Ethernet0/1)
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 32778 (priority 32768 sys-id-ext 10)
Address aabb.cc00.4000
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Aging Time 300 sec
Interface Role Sts Cost Prio.Nbr Type
------------------- ---- --- --------- -------- --------------------------------
Et0/0 Desg FWD 100 128.1 P2p
Et0/1 Root FWD 100 128.2 P2p
Et0/2 Altn BLK 100 128.3 P2p
SW1(config-if)#shutdown
SW1(config-if)#do show spanning-tree vlan 10
VLAN0010
Spanning tree enabled protocol rstp
Root ID Priority 10
Address aabb.cc00.7000
Cost 156
Port 3 (Ethernet0/2)
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 32778 (priority 32768 sys-id-ext 10)
Address aabb.cc00.4000
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Aging Time 300 sec
Interface Role Sts Cost Prio.Nbr Type
------------------- ---- --- --------- -------- --------------------------------
Et0/0 Desg BLK 100 128.1 P2p
Et0/2 Root FWD 100 128.3 P2p // 立刻进入FWD状态
SW1(config-if)#do show spanning-tree vlan 10
VLAN0010
Spanning tree enabled protocol rstp
Root ID Priority 10
Address aabb.cc00.7000
Cost 156
Port 3 (Ethernet0/2)
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 32778 (priority 32768 sys-id-ext 10)
Address aabb.cc00.4000
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Aging Time 300 sec
Interface Role Sts Cost Prio.Nbr Type
------------------- ---- --- --------- -------- --------------------------------
Et0/0 Desg LRN 100 128.1 P2p // 15秒后进入LRN状态
Et0/2 Root FWD 100 128.3 P2p
SW1(config-if)#do show spanning-tree vlan 10
30秒之后
切换过程中查看SW1的STP收敛状态发现:备用接口E0/2很快进入Forwarding转发状态,但由于下联PC的接口E0/0在收敛过程中未处于Forwarding状态导致下联PC无法通信;
java
SW1(config-if)#do show spanning-tree vlan 10
VLAN0010
Spanning tree enabled protocol rstp
Root ID Priority 10
Address aabb.cc00.7000
Cost 156
Port 3 (Ethernet0/2)
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 32778 (priority 32768 sys-id-ext 10)
Address aabb.cc00.4000
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Aging Time 300 sec
Interface Role Sts Cost Prio.Nbr Type
------------------- ---- --- --------- -------- --------------------------------
Et0/0 Desg FWD 100 128.1 P2p
Et0/2 Root FWD 100 128.3 P2p
SW1(config-if)#
优化
恢复e0/1, 再重新试验
下联PC的接口E0/0属于边缘接口,主要用于连接终端设备,而不是其他交换机,故可以开启Portfast功能,加快此类接口的切换速度(可缩短至1s内)
java
SW1(config)#interface e0/1
SW1(config-if)#no shutdown
SW1(config)#exit
SW1(config)#spanning-tree portfast edge default
%Warning: this command enables portfast by default on all interfaces. You
should now disable portfast explicitly on switched ports leading to hubs,
switches and bridges as they may create temporary bridging loops.
SW1(config)#do show spanning-tree vlan 10
VLAN0010
Spanning tree enabled protocol rstp
Root ID Priority 10
Address aabb.cc00.7000
Cost 100
Port 2 (Ethernet0/1)
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 32778 (priority 32768 sys-id-ext 10)
Address aabb.cc00.4000
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Aging Time 300 sec
Interface Role Sts Cost Prio.Nbr Type
------------------- ---- --- --------- -------- --------------------------------
Et0/0 Desg FWD 100 128.1 P2p Edge
Et0/1 Root FWD 100 128.2 P2p
Et0/2 Altn BLK 100 128.3 P2p
SW1(config-if)#
java
PC1#ping www.test.local repeat 10000
Translating "www.test.local"...domain server (8.8.8.8) [OK]
Type escape sequence to abort.
Sending 10000, 100-byte ICMP Echos to 8.8.8.8, timeout is 2 seconds:
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!.!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Success rate is 99 percent (699/700), round-trip min/avg/max = 1/1/13 ms
PC1#