交换综合实验

实验报告

一 实验要求

1.内网IP地址使用172.16.0.0/16

2.SW1和SW2之间互为备份

3.VRRP/stp/vlan/eth-trunk均使用

4.所有PC均通过DHCP获取IP地址

5.ISP只配置IP地址

6.所有电脑可以正常访问ISP路由器环回

二 实验拓补

三 实验步骤

首先,先配置VLAN

SW3vlan 2

SW3-vlan2vlan 3

SW4vlan 2

SW4-vlan2vlan 3

更改链路类型：

SW3int g0/0/1

SW3-GigabitEthernet0/0/1port link-type access

SW3-GigabitEthernet0/0/1port default vlan 2

SW3-GigabitEthernet0/0/1int g0/0/2

SW3-GigabitEthernet0/0/2port link-type access

SW3-GigabitEthernet0/0/2port link-type access

SW3port-group group-member GigabitEthernet 0/0/3 to GigabitEthernet 0/0/4

SW3-port-groupport link-type trunk

SW3-port-groupport trunk allow-pass vlan 2 3

SW4int g0/0/1

SW4-GigabitEthernet0/0/1port link-type access

SW4-GigabitEthernet0/0/1port default vlan 2

SW4-GigabitEthernet0/0/2port link-type access

SW4-GigabitEthernet0/0/2port default vlan 3

SW4port-group group-member GigabitEthernet 0/0/3 to GigabitEthernet 0/0/4

SW4-port-groupport link-type trunk

SW4-port-groupport trunk allow-pass vlan 2 3

网关设备：

SW1port-group group-member g0/0/3 to g0/0/4

SW1-port-groupport link-type trunk

SW1-port-groupport trunk allow-pass vlan 2 3

SW2port-group group-member g0/0/3 to g0/0/4

SW2-port-groupport link-type trunk

SW2-port-groupport trunk allow-pass vlan 2 3

SW1int vlanif 2

SW1-Vlanif2ip add 172.16.0.1 26

SW1-Vlanif2int vlanif 3

SW1-Vlanif3ip add 172.16.0.65 26

SW2int vlanif 2

SW2-Vlanif2ip add 172.16.0.2 26

SW2int vlanif 3

SW2-Vlanif3ip add 172.16.0.66 26

好 此时我们来查看一下配置情况 如下图

SW1：

SW2：

解决环路问题：(通过做链路聚合接口解决)

SW1int Eth-Trunk 0

SW2int Eth-Trunk 0

SW1-Eth-Trunk0trunkport GigabitEthernet 0/0/1 to 0/0/2

SW2-Eth-Trunk0trunkport GigabitEthernet 0/0/1 to 0/0/2

SW1-Eth-Trunk0port link-type trunk

SW1-Eth-Trunk0port trunk allow-pass vlan 2 3 10 20

SW2-Eth-Trunk0port link-type trunk

SW2-Eth-Trunk0port trunk allow-pass vlan 2 3 10 20

其他线路通过MSTP防环

SW1stp enable

SW1stp mode mstp

SW1stp region-configuration

SW1-mst-regionregion-name abc // 其他四个交换机名字要相同

SW1-mst-regionrevision-level 1

SW1-mst-regioninstance 1 vlan 2

SW1-mst-regioninstance 2 vlan 3

SW1-mst-regionactive region-configuration

SW2stp enable

SW2stp mode mstp

SW2stp region-configuration

SW2-mst-regionregion-name abc

SW2-mst-regionrevision-level 1

SW2-mst-regioninstance 1 vlan 2

SW2-mst-regioninstance 2 vlan 3

SW2-mst-regionactive region-configuration

SW3stp enable

SW3stp mode mstp

SW3stp region-configuration

SW3-mst-regionregion-name abc

SW3-mst-regionrevision-level 1

SW3-mst-regioninstance 1 vlan 2

SW3-mst-regioninstance 2 vlan 3

SW3-mst-regionactive region-configuration

SW4stp enable

SW4stp mode mstp

SW4stp region-configuration

SW4-mst-regionregion-name abc

SW4-mst-regionrevision-level 1

SW4-mst-regioninstance 1 vlan 2

SW4-mst-regioninstance 2 vlan 3

SW4-mst-regionactive region-configuration

SW3int g0/0/1

SW3-GigabitEthernet0/0/1stp edged-port enable

SW3-GigabitEthernet0/0/1int g0/0/2

SW3-GigabitEthernet0/0/2stp edged-port enable

SW4int g0/0/1

SW4-GigabitEthernet0/0/1stp edged-port enable

SW4-GigabitEthernet0/0/1int g0/0/2

SW4-GigabitEthernet0/0/2stp edged-port enable

SW3stp bpdu-protection

SW4stp bpdu-protection

SW1stp instance 1 root primary

SW1stp instance 2 root secondary

SW2stp instance 1 root secondary

SW2stp instance 2 root primary

网关备份：

Vlan2主网关：

SW1int vlanif 2

SW1-Vlanif2vrrp vrid 1 virtual-ip 172.16.0.62

SW1-Vlanif2vrrp vrid 1 priority 120

Vlan2备份网关：

SW2int vlanif 2

SW2-Vlanif2vrrp vrid 1 virtual-ip 172.16.0.62

Vlan3主网关：

SW2int vlanif 3

SW2-Vlanif3vrrp vrid 2 virtual-ip 172.16.0.126

SW2-Vlanif3vrrp vrid 2 priority 120

Vlan3备份网关

SW1int vlanif 3

SW1-Vlanif3vrrp vrid 2 virtual-ip 172.16.0.126

我们来查询一下配置情况：

由于网关的切换问题

下一步 配置监听接口

SW1int vlanif 2

SW1-Vlanif2vrrp vrid 1 track interface g0/0/5 reduced 30

SW2int vlanif 3

SW2-Vlanif3vrrp vrid 2 track interface g0/0/5 reduced 30

Vlan2的地址下发

SW1dhcp enable

SW1ip pool aa

SW1-ip-pool-aanetwork 172.16.0.0 mask 26

SW1-ip-pool-aagateway-list 172.16.0.62

SW1-ip-pool-aadns-list 8.8.8.8

SW1int vlanif 2

SW1-Vlanif2dhcp select global

SW2dhcp enable

SW2ip pool aa

SW2-ip-pool-aanetwork 172.16.0.0

SW2-ip-pool-aanetwork 172.16.0.0 mask 26

SW2-ip-pool-aagateway-list 172.16.0.62

SW2-ip-pool-aadns-list 8.8.8.8

SW2int vlanif 2

SW2-Vlanif2dhcp select global

Vlan3的地址下发

SW1ip pool bb

SW1-ip-pool-bbnetwork 172.16.0.64 mask 26

SW1-ip-pool-bbgateway-list 172.16.0.126

SW1-ip-pool-bbdns-list 8.8.8.8

SW1int Vlanif 3

SW1-Vlanif3dhcp select global

SW2ip pool bb

SW2-ip-pool-bbnetwork 172.16.0.64 mask 26

SW2-ip-pool-bbgateway-list 172.16.0.126

SW2-ip-pool-bbdns 8.8.8.8

SW2int Vlanif 3

SW2-Vlanif3dhcp select global

地址池配置完成

我们来ping测试

w

可见 已经实现了pc之间的互通

下一步，我们要实现全网通

首先 我们先配IP地址

SW1vlan 10

SW1int g0/0/5

SW1-GigabitEthernet0/0/5port link-type access

SW1-GigabitEthernet0/0/5port default vlan 10

SW1int Vlanif 10

SW1-Vlanif10ip add 172.16.0.129 26

SW2vlan 20

SW2-GigabitEthernet0/0/5port link-type access

SW2-GigabitEthernet0/0/5port default vlan 20

SW2int Vlanif 20

SW2-Vlanif20ip add 172.16.0.193 26

R1;

ISP:

下一步 配置路由协议，使得内网互通

SW1ospf 1 router-id 1.1.1.1

SW1-ospf-1a 0

SW1-ospf-1-area-0.0.0.0net 172.16.0.0 0.0.0.63

SW1-ospf-1-area-0.0.0.0net 172.16.0.64 0.0.0.63

SW1-ospf-1-area-0.0.0.0net 172.16.0.128 0.0.0.63

SW2ospf 1 router-id 2.2.2.2

SW2-ospf-1a 0

SW2-ospf-1-area-0.0.0.0net 172.16.0.0 0.0.0.63

SW2-ospf-1-area-0.0.0.0net 172.16.0.64 0.0.0.63

SW2-ospf-1-area-0.0.0.0net 172.16.0. 0.0.0.63

R1ospf 1 router-id 3.3.3.3

R1-ospf-1a 0

R1-ospf-1-area-0.0.0.0net 172.16.0.128 0.0.0.63

R1-ospf-1-area-0.0.0.0net 172.16.0.192 0.0.0.63

好 我们此时已经配置完成 全网互通 我们查一下OSPF配置情况

IP学习情况

我们顺便再用ping命令测试是否内网通

下一步 配置NAT,使得内网访问公网

R1acl 2000

R1-acl-basic-2000rule permit source 172.16.0.0 0.0.0.255

R1int g0/0/0

R1-GigabitEthernet0/0/0nat outbound 2000

R1ip route-static 0.0.0.0 0 12.0.0.2

R1ospf 1

R1-ospf-1default-route-advertise

好 我们来ping测试一下 内网是否能访问公网

好 配置完成，实验到此结束