交换综合实验

实验报告

一实验要求

1.内网IP地址使用172.16.0.0/16

2.SW1和SW2之间互为备份

3.VRRP/stp/vlan/eth-trunk均使用

4.所有PC均通过DHCP获取IP地址

5.ISP只配置IP地址

6.所有电脑可以正常访问ISP路由器环回

二实验拓补

三实验步骤

首先,先配置VLAN

SW3\]vlan 2 \[SW3-vlan2\]vlan 3 \[SW4\]vlan 2 \[SW4-vlan2\]vlan 3 更改链路类型： \[SW3\]int g0/0/1 \[SW3-GigabitEthernet0/0/1\]port link-type access \[SW3-GigabitEthernet0/0/1\]port default vlan 2 \[SW3-GigabitEthernet0/0/1\]int g0/0/2 \[SW3-GigabitEthernet0/0/2\]port link-type access \[SW3-GigabitEthernet0/0/2\]port link-type access \[SW3\]port-group group-member GigabitEthernet 0/0/3 to GigabitEthernet 0/0/4 \[SW3-port-group\]port link-type trunk \[SW3-port-group\]port trunk allow-pass vlan 2 3 \[SW4\]int g0/0/1 \[SW4-GigabitEthernet0/0/1\]port link-type access \[SW4-GigabitEthernet0/0/1\]port default vlan 2 \[SW4-GigabitEthernet0/0/2\]port link-type access \[SW4-GigabitEthernet0/0/2\]port default vlan 3 \[SW4\]port-group group-member GigabitEthernet 0/0/3 to GigabitEthernet 0/0/4 \[SW4-port-group\]port link-type trunk \[SW4-port-group\]port trunk allow-pass vlan 2 3 网关设备： \[SW1\]port-group group-member g0/0/3 to g0/0/4 \[SW1-port-group\]port link-type trunk \[SW1-port-group\]port trunk allow-pass vlan 2 3 \[SW2\]port-group group-member g0/0/3 to g0/0/4 \[SW2-port-group\]port link-type trunk \[SW2-port-group\]port trunk allow-pass vlan 2 3 \[SW1\]int vlanif 2 \[SW1-Vlanif2\]ip add 172.16.0.1 26 \[SW1-Vlanif2\]int vlanif 3 \[SW1-Vlanif3\]ip add 172.16.0.65 26 \[SW2\]int vlanif 2 \[SW2-Vlanif2\]ip add 172.16.0.2 26 \[SW2\]int vlanif 3 \[SW2-Vlanif3\]ip add 172.16.0.66 26 好 此时我们来查看一下配置情况 如下图 SW1：![](https://i-blog.csdnimg.cn/direct/babbae69f32847e5a16c7aafeb3fe07c.png) SW2：![](https://i-blog.csdnimg.cn/direct/174c26b17c714580964442df7918c160.png) 解决环路问题：(通过做链路聚合接口解决) \[SW1\]int Eth-Trunk 0 \[SW2\]int Eth-Trunk 0 \[SW1-Eth-Trunk0\]trunkport GigabitEthernet 0/0/1 to 0/0/2 \[SW2-Eth-Trunk0\]trunkport GigabitEthernet 0/0/1 to 0/0/2 \[SW1-Eth-Trunk0\]port link-type trunk \[SW1-Eth-Trunk0\]port trunk allow-pass vlan 2 3 10 20 \[SW2-Eth-Trunk0\]port link-type trunk \[SW2-Eth-Trunk0\]port trunk allow-pass vlan 2 3 10 20 其他线路通过MSTP防环 \[SW1\]stp enable \[SW1\]stp mode mstp \[SW1\]stp region-configuration \[SW1-mst-region\]region-name abc // 其他四个交换机名字要相同 \[SW1-mst-region\]revision-level 1 \[SW1-mst-region\]instance 1 vlan 2 \[SW1-mst-region\]instance 2 vlan 3 \[SW1-mst-region\]active region-configuration \[SW2\]stp enable \[SW2\]stp mode mstp \[SW2\]stp region-configuration \[SW2-mst-region\]region-name abc \[SW2-mst-region\]revision-level 1 \[SW2-mst-region\]instance 1 vlan 2 \[SW2-mst-region\]instance 2 vlan 3 \[SW2-mst-region\]active region-configuration \[SW3\]stp enable \[SW3\]stp mode mstp \[SW3\]stp region-configuration \[SW3-mst-region\]region-name abc \[SW3-mst-region\]revision-level 1 \[SW3-mst-region\]instance 1 vlan 2 \[SW3-mst-region\]instance 2 vlan 3 \[SW3-mst-region\]active region-configuration \[SW4\]stp enable \[SW4\]stp mode mstp \[SW4\]stp region-configuration \[SW4-mst-region\]region-name abc \[SW4-mst-region\]revision-level 1 \[SW4-mst-region\]instance 1 vlan 2 \[SW4-mst-region\]instance 2 vlan 3 \[SW4-mst-region\]active region-configuration \[SW3\]int g0/0/1 \[SW3-GigabitEthernet0/0/1\]stp edged-port enable \[SW3-GigabitEthernet0/0/1\]int g0/0/2 \[SW3-GigabitEthernet0/0/2\]stp edged-port enable \[SW4\]int g0/0/1 \[SW4-GigabitEthernet0/0/1\]stp edged-port enable \[SW4-GigabitEthernet0/0/1\]int g0/0/2 \[SW4-GigabitEthernet0/0/2\]stp edged-port enable \[SW3\]stp bpdu-protection \[SW4\]stp bpdu-protection \[SW1\]stp instance 1 root primary \[SW1\]stp instance 2 root secondary \[SW2\]stp instance 1 root secondary \[SW2\]stp instance 2 root primary 网关备份： Vlan2主网关： \[SW1\]int vlanif 2 \[SW1-Vlanif2\]vrrp vrid 1 virtual-ip 172.16.0.62 \[SW1-Vlanif2\]vrrp vrid 1 priority 120 Vlan2备份网关： \[SW2\]int vlanif 2 \[SW2-Vlanif2\]vrrp vrid 1 virtual-ip 172.16.0.62 Vlan3主网关： \[SW2\]int vlanif 3 \[SW2-Vlanif3\]vrrp vrid 2 virtual-ip 172.16.0.126 \[SW2-Vlanif3\]vrrp vrid 2 priority 120 Vlan3备份网关 \[SW1\]int vlanif 3 \[SW1-Vlanif3\]vrrp vrid 2 virtual-ip 172.16.0.126 我们来查询一下配置情况： ![](https://i-blog.csdnimg.cn/direct/a6773d6c2a1f43d280246a6b46316996.png) ![](https://i-blog.csdnimg.cn/direct/e532262519f54f228aabf014f494d547.png) 由于网关的切换问题 下一步 配置监听接口 \[SW1\]int vlanif 2 \[SW1-Vlanif2\]vrrp vrid 1 track interface g0/0/5 reduced 30 \[SW2\]int vlanif 3 \[SW2-Vlanif3\]vrrp vrid 2 track interface g0/0/5 reduced 30 Vlan2的地址下发 \[SW1\]dhcp enable \[SW1\]ip pool aa \[SW1-ip-pool-aa\]network 172.16.0.0 mask 26 \[SW1-ip-pool-aa\]gateway-list 172.16.0.62 \[SW1-ip-pool-aa\]dns-list 8.8.8.8 \[SW1\]int vlanif 2 \[SW1-Vlanif2\]dhcp select global \[SW2\]dhcp enable \[SW2\]ip pool aa \[SW2-ip-pool-aa\]network 172.16.0.0 \[SW2-ip-pool-aa\]network 172.16.0.0 mask 26 \[SW2-ip-pool-aa\]gateway-list 172.16.0.62 \[SW2-ip-pool-aa\]dns-list 8.8.8.8 \[SW2\]int vlanif 2 \[SW2-Vlanif2\]dhcp select global Vlan3的地址下发 \[SW1\]ip pool bb \[SW1-ip-pool-bb\]network 172.16.0.64 mask 26 \[SW1-ip-pool-bb\]gateway-list 172.16.0.126 \[SW1-ip-pool-bb\]dns-list 8.8.8.8 \[SW1\]int Vlanif 3 \[SW1-Vlanif3\]dhcp select global \[SW2\]ip pool bb \[SW2-ip-pool-bb\]network 172.16.0.64 mask 26 \[SW2-ip-pool-bb\]gateway-list 172.16.0.126 \[SW2-ip-pool-bb\]dns 8.8.8.8 \[SW2\]int Vlanif 3 \[SW2-Vlanif3\]dhcp select global 地址池配置完成 我们来ping测试 ![](https://i-blog.csdnimg.cn/direct/7a8ac66b6280443694cef0921430d92f.png) ![](https://i-blog.csdnimg.cn/direct/954ff6529427469ba9a0baab0e668e25.png)w 可见 已经实现了pc之间的互通 下一步，我们要实现全网通 首先 我们先配IP地址 \[SW1\]vlan 10 \[SW1\]int g0/0/5 \[SW1-GigabitEthernet0/0/5\]port link-type access \[SW1-GigabitEthernet0/0/5\]port default vlan 10 \[SW1\]int Vlanif 10 \[SW1-Vlanif10\]ip add 172.16.0.129 26 ![](https://i-blog.csdnimg.cn/direct/16c014526f7141b0848c3fc9d1d1b393.png) \[SW2\]vlan 20 \[SW2-GigabitEthernet0/0/5\]port link-type access \[SW2-GigabitEthernet0/0/5\]port default vlan 20 \[SW2\]int Vlanif 20 \[SW2-Vlanif20\]ip add 172.16.0.193 26 ![](https://i-blog.csdnimg.cn/direct/f997d965fd804a9abb55becc4d3cdc6c.png) R1; ![](https://i-blog.csdnimg.cn/direct/b790d1659ec2453389fe8beddc6520be.png) ISP: ![](https://i-blog.csdnimg.cn/direct/896970f25d744b5d862b4d6c5577fc7d.png) 下一步 配置路由协议，使得内网互通 \[SW1\]ospf 1 router-id 1.1.1.1 \[SW1-ospf-1\]a 0 \[SW1-ospf-1-area-0.0.0.0\]net 172.16.0.0 0.0.0.63 \[SW1-ospf-1-area-0.0.0.0\]net 172.16.0.64 0.0.0.63 \[SW1-ospf-1-area-0.0.0.0\]net 172.16.0.128 0.0.0.63 \[SW2\]ospf 1 router-id 2.2.2.2 \[SW2-ospf-1\]a 0 \[SW2-ospf-1-area-0.0.0.0\]net 172.16.0.0 0.0.0.63 \[SW2-ospf-1-area-0.0.0.0\]net 172.16.0.64 0.0.0.63 \[SW2-ospf-1-area-0.0.0.0\]net 172.16.0. 0.0.0.63 \[R1\]ospf 1 router-id 3.3.3.3 \[R1-ospf-1\]a 0 \[R1-ospf-1-area-0.0.0.0\]net 172.16.0.128 0.0.0.63 \[R1-ospf-1-area-0.0.0.0\]net 172.16.0.192 0.0.0.63 好 我们此时已经配置完成 全网互通 我们查一下OSPF配置情况 ![](https://i-blog.csdnimg.cn/direct/99937f4fe23e4f638b7a12e2a6cd803e.png) IP学习情况 ![](https://i-blog.csdnimg.cn/direct/c25884fec6814bb6af5f335fe7c25a87.png) 我们顺便再用ping命令测试是否内网通 ![](https://i-blog.csdnimg.cn/direct/e44ffef03aa54d438387aace834091f8.png) 下一步 配置NAT,使得内网访问公网 \[R1\]acl 2000 \[R1-acl-basic-2000\]rule permit source 172.16.0.0 0.0.0.255 \[R1\]int g0/0/0 \[R1-GigabitEthernet0/0/0\]nat outbound 2000 \[R1\]ip route-static 0.0.0.0 0 12.0.0.2 \[R1\]ospf 1 \[R1-ospf-1\]default-route-advertise 好 我们来ping测试一下 内网是否能访问公网 ![](https://i-blog.csdnimg.cn/direct/93ac5c14489544a7a2be498952349fee.png) 好 配置完成，实验到此结束