实验要求
1.内网IP地址使用172.16.0.0/16 2.sw1和sW2之间互为备份; 3.VRRP/mstp/vlan/eth-trunk均使用; 4.所有pc均通过DHcP获取Ip地址; 5.ISP只配置IP地址; 6.所有电脑可以正常访问IsP路由器环回
实验拓扑
实验思路
1.给交换机创建vlan,并将接口划入vlan 2.在SW1和SW2的0/0/1和0/0/2口做链路聚合 3.配置vlan的网关地址、以及给路由器配置IP地址 4.给交换机配置mstp,以及做主根桥的配置 5.给连有PC端的交换机要设置边缘端口 --- 防止主机的频繁开关会影响生成树的重新计算 6.防环以及生成树配置好之后,就可以弄vrrp虚拟网关了 7.开启DHCP服务-- 让PC获取IP 8.配置路由协议让内网通 --- 既可以使用静态路由,也可以使用动态路由 9.内网通之后,要在外网出口那里配一条缺省 10.做nat技术
实验步骤
1.创建vlan [SW1]vlan 2 [SW1-vlan2]vlan 3 [SW1-vlan3]vlan 10 [SW1-GigabitEthernet0/0/3]port link-type trunk [SW1-GigabitEthernet0/0/3]port trunk all [SW1-GigabitEthernet0/0/3]port trunk allow-pass [SW1-GigabitEthernet0/0/3]port trunk allow-pass vlan 2 3 [SW1-GigabitEthernet0/0/3]int g0/0/4 [SW1-GigabitEthernet0/0/4]port link-type access [SW1-GigabitEthernet0/0/4]port default vlan 10 对sw1上的0/0/1和0/0/2口做链路聚合: [SW1]int Eth-Trunk 0 [SW1-Eth-Trunk0]trunkport GigabitEthernet 0/0/1 to 0/0/2 [SW1-Eth-Trunk0]port link-type trunk [SW1-Eth-Trunk0]port trunk allow-pass vlan 2 3 10 20 在sw1上配置vlan 2和3的网关: [SW1]int vlanif 2 [SW1-Vlanif2]ip add 172.16.0.1 26 [SW1-Vlanif2]int vlanif 3 [SW1-Vlanif3]ip add 172.16.0.65 26 [SW1-Vlanif2]int vlanif 3 [SW1-Vlanif3]ip add 172.16.0.65 26 [SW1-Vlanif3]int vlanif 10 [SW1-Vlanif10]ip add 172.16.0.129 26 SW2: ---创建vlan: [SW2]vlan 2 [SW2-vlan2]vlan 3 [SW2-vlan3]vlan 20 ---批量创建trunk接口: [SW2]port-group group-member g0/0/3 to g0/0/4 [SW2-port-group]port link-type trunk [SW2-GigabitEthernet0/0/3]port link-type trunk [SW2-GigabitEthernet0/0/4]port link-type trunk [SW2-port-group]port trunk allow-pass vlan 2 3 [SW2-GigabitEthernet0/0/3]port trunk allow-pass vlan 2 3 [SW2-GigabitEthernet0/0/4]port trunk allow-pass vlan 2 3 [SW2]int g0/0/5 [SW2-GigabitEthernet0/0/5]port link-type access [SW2-GigabitEthernet0/0/5]port default vlan 20 ---对SW2的0/0/1和0/0/2口做链路聚合: [SW2]int Eth-Trunk 0 [SW2-Eth-Trunk0]trunkport GigabitEthernet 0/0/1 to 0/0/2 [SW2-Eth-Trunk0]port link-type trunk [SW2-port-group-trunk]port trunk allow-pass vlan 2 3 10 20 ---在sw2上对vlan2和vlan3配置网关地址: [SW2]int vlanif 2 [SW2-Vlanif2]ip add 172.16.0.2 26 [SW2-Vlanif2]int vlanif 3 [SW2-Vlanif3]ip add 172.16.0.66 26 [SW2-Vlanif3]int vlanif 20 [SW2-Vlanif20]ip add 172.16.0.193 26 SW3: ---创建vlan [SW3]vlan 2 [SW3-vlan2]vlan 3 ---将接口划入vlan: [SW3]int g0/0/1 [SW3-GigabitEthernet0/0/1]port link-type access [SW3-GigabitEthernet0/0/1]port default vlan 2 [SW3-GigabitEthernet0/0/1]int g0/0/2 [SW3-GigabitEthernet0/0/2]port link-type access [SW3-GigabitEthernet0/0/2]port default vlan 3 [SW3-GigabitEthernet0/0/3]port link-type trunk [SW3-GigabitEthernet0/0/3]port trunk allow-pass vlan 2 3 [SW3-GigabitEthernet0/0/3]int g0/0/4 [SW3-GigabitEthernet0/0/4]port link-type trunk [SW3-GigabitEthernet0/0/4]port trunk allow-pass vlan 2 3 SW4: ---创建vlan: [SW4]vlan 2 [SW4-vlan2]vlan 3 ---将接口划入vlan: [SW4-vlan3]int g0/0/1 [SW4-GigabitEthernet0/0/1]port link-type access [SW4-GigabitEthernet0/0/1]port default vlan 2 [SW4-GigabitEthernet0/0/1]int g0/0/2 [SW4-GigabitEthernet0/0/2]port link-type access [SW4-GigabitEthernet0/0/2]port default vlan 3 [SW4-GigabitEthernet0/0/2]port link-type access [SW4-GigabitEthernet0/0/2]port default vlan 3 ---批量创建: [SW4]port-group group-member g0/0/3 to g0/0/4 [SW4-port-group]port link-type trunk [SW4-GigabitEthernet0/0/3]port link-type trunk [SW4-GigabitEthernet0/0/4]port link-type trunk [SW4-port-group]port trunk allow-pass vlan 2 3 [SW4-GigabitEthernet0/0/3]port trunk allow-pass vlan 2 3 [SW4-GigabitEthernet0/0/4]port trunk allow-pass vlan 2 3 R1: 给R1上的接口配置IP: [R1]int g0/0/0 [R1-GigabitEthernet0/0/0]ip add 12.0.0.1 24 [R1]int g0/0/1 [R1-GigabitEthernet0/0/1]ip add 172.16.0.130 26 [R1-GigabitEthernet0/0/2]ip add 172.16.0.194 26
IP地址配置完成后,查看:
2.给路由器配置IP
R1: [R1]int g0/0/1 [R1-GigabitEthernet0/0/1]ip add 172.16.0.130 26 [R1-GigabitEthernet0/0/1]int g0/0/2 [R1-GigabitEthernet0/0/2]ip add 172.16.0.194 26 [R1-GigabitEthernet0/0/2]int g0/0/0 [R1-GigabitEthernet0/0/0]ip add 12.0.0.1 24 R2: [R2]int g0/0/0 [R2-GigabitEthernet0/0/0]ip add 12.0.0.2 24
3.需要配置mstp和vrrp --- 只要是交换机都要配置防环mstp
[SW1]stp enable [SW1]stp mode mstp [SW1]stp region-configuration [SW1-mst-region]region-name aa [SW1-mst-region]instance 1 vlan 2 --- 映射关系 [SW1-mst-region]instance 2 vlan 3 [SW1-mst-region]active region-configuration [SW2]stp enable --- 开启stp服务 [SW2]stp mode mstp --- 设置mstp模式 [SW2]stp region-configuration --- 进入域里面 [SW2-mst-region]region-name aa --- 设置名字 [SW2-mst-region]instance 1 vlan 2 --- 映射关系 [SW2-mst-region]instance 2 vlan 3 [SW2-mst-region]active region-configuration --- 激活 [SW3]stp enable [SW3]stp mode mstp [SW3]stp region-configuration [SW3-mst-region]region-name aa [SW3-mst-region]instance 1 vlan 2 [SW3-mst-region]instance 2 vlan 3 [SW3-mst-region]active region-configuration [SW4]stp enable [SW4]stp mode mstp [SW4]stp region-configuration [SW4-mst-region]region-name aa [SW4-mst-region]instance 1 vlan 2 [SW4-mst-region]instance 2 vlan 3 [SW4-mst-region]active region-configuration
4.配置主备根桥 --- 最好配在网关上
SW1上是vlan2的主根桥,是vlan3的备根桥: [SW1]stp instance 1 root primary [SW1]stp instance 2 root secondary SW2上是vlan3的主根桥,是vlan2的备根桥: [SW2]stp instance 1 root secondary [SW2]stp instance 2 root primary
5.做边缘端口设置
SW3: [SW3]port-group group-member g 0/0/1 to g0/0/2 [SW3-port-group]stp edged-port enable [SW3-GigabitEthernet0/0/1]stp edged-port enable [SW3-GigabitEthernet0/0/2]stp edged-port enable [SW3]stp bpdu-protection --- 在全局模式配置边缘端口的保护机制(避免有其他设备的干扰) SW4: [SW4]port-group group-member g0/0/1 to g0/0/2 [SW4-port-group]stp edged-port enable [SW4-GigabitEthernet0/0/1]stp edged-port enable [SW4-GigabitEthernet0/0/2]stp edged-port enable [SW4-port-group]q [SW4]stp bpdu-protection
6.启用vrrp,配置虚拟网关
[SW1]int vlanif 2 --- 是主网关 [SW1-Vlanif2]vrrp vrid 1 virtual-ip 172.16.0.62 --- 配置IP [SW1-Vlanif2]vrrp vrid 1 priority 120 --- 默认优先级为100,但是主根桥的优先级要更高一点,将其设置为120 [SW1-Vlanif2]vrrp vrid 1 track interface g0/0/5 reduced 30 ---- 要对上面的0/0/5口设置监听命令,如果主根桥挂掉,就将其优先级降低30,此时vlan2的优先级为90,低于100,这样就可以保证在vlanif2网关挂掉,可以走vlanif3的; [SW1-Vlanif2]int vlanif 3 [SW1-Vlanif3]vrrp vrid 2 virtual-ip 172.16.0.126 (优先级为100,比主根桥的优先级低,不用更改) [SW2-Vlanif2]int vlanif 3 [SW2-Vlanif3]vrrp vrid 2 virtual-ip 172.16.0.126 [SW2-Vlanif3]vrrp vrid 2 priority 120 [SW2-Vlanif3]vrrp vrid 2 track interface vlanif 20 reduced 30
7.开启DHCP服务
vlanif 2的地址池: [SW1]dhcp enable [SW1-ip-pool-aa]network 172.16.0.2 mask 26 [SW1-ip-pool-aa]gateway-list 172.16.0.62 [SW1-ip-pool-aa]dns-list 8.8.8.8 [SW1-ip-pool-aa]q [SW1]int vlanif 2 [SW1-Vlanif2]dhcp select global [SW2]dhcp enable [SW2]ip pool aa [SW2-ip-pool-aa]network 172.16.0.0 mask 26 [SW2-ip-pool-aa]gateway-list 172.16.0.62 [SW2-ip-pool-aa]dns-list 8.8.8.8 [SW2-ip-pool-aa]q [SW2-Vlanif2]dhcp select global --- 进入接口宣告 注意:主备根桥的dhcp配置都要一样 vlanif 3的地址池: [SW1]dhcp enable [SW1]ip pool bb Info:It's successful to create an IP address pool. [SW1-ip-pool-bb]network 172.16.0.64 mask 26 [SW1-ip-pool-bb]gateway-list 172.16.0.126 [SW1-ip-pool-bb]dns-list 8.8.8.8 [SW1-ip-pool-bb]q [SW1]int vlanif 3 [SW1-Vlanif3]dhcp select global [SW2]ip pool bb Info:It's successful to create an IP address pool. [SW2-ip-pool-bb]network 172.16.0.64 mask 26 [SW2-ip-pool-bb]gateway-list 172.16.0.126 [SW2-ip-pool-bb]dns-list 8.8.8.8 [SW2-ip-pool-bb]q [SW2]int vlanif 3 [SW2-Vlanif3]dhcp select global
让PC端应用DHCP
8.使用ospf实现内网通
[R1]ospf 1 router-id 1.1.1.1 [R1-ospf-1]area 0 [R1-ospf-1-area-0.0.0.0]network 172.16.0.128 0.0.0.63 [R1-ospf-1-area-0.0.0.0]network 172.16.0.192 0.0.0.63 [SW1]ospf 1 router-id 2.2.2.2 [SW1-ospf-1-area-0.0.0.0]ne 172.16.0.0 0.0.0.63 --- [SW1-ospf-1-area-0.0.0.0]network 172.16.0.128 0.0.0.63 [SW1-ospf-1-area-0.0.0.0]ne 172.16.0.64 0.0.0.63 [SW2]ospf 1 router-id 3.3.3.3 [SW2-ospf-1]area 0 [SW2-ospf-1-area-0.0.0.0]ne 172.16.0.192 0.0.0.63 [SW2-ospf-1-area-0.0.0.0]ne 172.16.0.0 0.0.0.63 要宣告网关的网段!!!不然pc访走不到路由器
9.与外网通
[R1]ip route-static 0.0.0.0 0 12.0.0.2
10.nat
[R1]acl 2000 [R1-acl-basic-2000]rule permit source 172.16.0.0 0.0.0.255 [R1-acl-basic-2000]q [R1]int g0/0/0 [R1-GigabitEthernet0/0/0]nat outbound 2000
11.由于R1未把公网接口进行宣告,所以要下发一条缺省
[R1]ospf 1 [R1-ospf-1]default-route-advertise
最终实现了所有都能通信 。实验完成!