交换综合实验

实验报告

一实验要求

1.内网IP地址使用172.16.0.0/16

2.SW1和SW2之间互为备份

3.VRRP/stp/vlan/eth-trunk均使用

4.所有PC均通过DHCP获取IP地址

5.ISP只配置IP地址

6.所有电脑可以正常访问ISP路由器环回

二实验拓补

三实验步骤

首先,先配置VLAN

[SW3]vlan 2

[SW3-vlan2]vlan 3

[SW4]vlan 2

[SW4-vlan2]vlan 3

更改链路类型：

[SW3]int g0/0/1

[SW3-GigabitEthernet0/0/1]port link-type access

[SW3-GigabitEthernet0/0/1]port default vlan 2

[SW3-GigabitEthernet0/0/1]int g0/0/2

[SW3-GigabitEthernet0/0/2]port link-type access

[SW3]port-group group-member GigabitEthernet 0/0/3 to GigabitEthernet 0/0/4

[SW3-port-group]port link-type trunk

[SW3-port-group]port trunk allow-pass vlan 2 3

[SW4]int g0/0/1

[SW4-GigabitEthernet0/0/1]port link-type access

[SW4-GigabitEthernet0/0/1]port default vlan 2

[SW4-GigabitEthernet0/0/2]port link-type access

[SW4-GigabitEthernet0/0/2]port default vlan 3

[SW4]port-group group-member GigabitEthernet 0/0/3 to GigabitEthernet 0/0/4

[SW4-port-group]port link-type trunk

[SW4-port-group]port trunk allow-pass vlan 2 3

网关设备：

[SW1]port-group group-member g0/0/3 to g0/0/4

[SW1-port-group]port link-type trunk

[SW1-port-group]port trunk allow-pass vlan 2 3

[SW2]port-group group-member g0/0/3 to g0/0/4

[SW2-port-group]port link-type trunk

[SW2-port-group]port trunk allow-pass vlan 2 3

[SW1]int vlanif 2

[SW1-Vlanif2]ip add 172.16.0.1 26

[SW1-Vlanif2]int vlanif 3

[SW1-Vlanif3]ip add 172.16.0.65 26

[SW2]int vlanif 2

[SW2-Vlanif2]ip add 172.16.0.2 26

[SW2]int vlanif 3

[SW2-Vlanif3]ip add 172.16.0.66 26

好此时我们来查看一下配置情况如下图

SW1：

SW2：

解决环路问题：(通过做链路聚合接口解决)

[SW1]int Eth-Trunk 0

[SW2]int Eth-Trunk 0

[SW1-Eth-Trunk0]trunkport GigabitEthernet 0/0/1 to 0/0/2

[SW2-Eth-Trunk0]trunkport GigabitEthernet 0/0/1 to 0/0/2

[SW1-Eth-Trunk0]port link-type trunk

[SW1-Eth-Trunk0]port trunk allow-pass vlan 2 3 10 20

[SW2-Eth-Trunk0]port link-type trunk

[SW2-Eth-Trunk0]port trunk allow-pass vlan 2 3 10 20

其他线路通过MSTP防环

[SW1]stp enable

[SW1]stp mode mstp

[SW1]stp region-configuration

[SW1-mst-region]region-name abc // 其他四个交换机名字要相同

[SW1-mst-region]revision-level 1

[SW1-mst-region]instance 1 vlan 2

[SW1-mst-region]instance 2 vlan 3

[SW1-mst-region]active region-configuration

[SW2]stp enable

[SW2]stp mode mstp

[SW2]stp region-configuration

[SW2-mst-region]region-name abc

[SW2-mst-region]revision-level 1

[SW2-mst-region]instance 1 vlan 2

[SW2-mst-region]instance 2 vlan 3

[SW2-mst-region]active region-configuration

[SW3]stp enable

[SW3]stp mode mstp

[SW3]stp region-configuration

[SW3-mst-region]region-name abc

[SW3-mst-region]revision-level 1

[SW3-mst-region]instance 1 vlan 2

[SW3-mst-region]instance 2 vlan 3

[SW3-mst-region]active region-configuration

[SW4]stp enable

[SW4]stp mode mstp

[SW4]stp region-configuration

[SW4-mst-region]region-name abc

[SW4-mst-region]revision-level 1

[SW4-mst-region]instance 1 vlan 2

[SW4-mst-region]instance 2 vlan 3

[SW4-mst-region]active region-configuration

[SW3]int g0/0/1

[SW3-GigabitEthernet0/0/1]stp edged-port enable

[SW3-GigabitEthernet0/0/1]int g0/0/2

[SW3-GigabitEthernet0/0/2]stp edged-port enable

[SW4]int g0/0/1

[SW4-GigabitEthernet0/0/1]stp edged-port enable

[SW4-GigabitEthernet0/0/1]int g0/0/2

[SW4-GigabitEthernet0/0/2]stp edged-port enable

[SW3]stp bpdu-protection

[SW4]stp bpdu-protection

[SW1]stp instance 1 root primary

[SW1]stp instance 2 root secondary

[SW2]stp instance 1 root secondary

[SW2]stp instance 2 root primary

网关备份：

Vlan2主网关：

[SW1]int vlanif 2

[SW1-Vlanif2]vrrp vrid 1 virtual-ip 172.16.0.62

[SW1-Vlanif2]vrrp vrid 1 priority 120

Vlan2备份网关：

[SW2]int vlanif 2

[SW2-Vlanif2]vrrp vrid 1 virtual-ip 172.16.0.62

Vlan3主网关：

[SW2]int vlanif 3

[SW2-Vlanif3]vrrp vrid 2 virtual-ip 172.16.0.126

[SW2-Vlanif3]vrrp vrid 2 priority 120

Vlan3备份网关

[SW1]int vlanif 3

[SW1-Vlanif3]vrrp vrid 2 virtual-ip 172.16.0.126

我们来查询一下配置情况：

由于网关的切换问题

下一步配置监听接口

[SW1]int vlanif 2

[SW1-Vlanif2]vrrp vrid 1 track interface g0/0/5 reduced 30

[SW2]int vlanif 3

[SW2-Vlanif3]vrrp vrid 2 track interface g0/0/5 reduced 30

Vlan2的地址下发

[SW1]dhcp enable

[SW1]ip pool aa

[SW1-ip-pool-aa]network 172.16.0.0 mask 26

[SW1-ip-pool-aa]gateway-list 172.16.0.62

[SW1-ip-pool-aa]dns-list 8.8.8.8

[SW1]int vlanif 2

[SW1-Vlanif2]dhcp select global

[SW2]dhcp enable

[SW2]ip pool aa

[SW2-ip-pool-aa]network 172.16.0.0

[SW2-ip-pool-aa]network 172.16.0.0 mask 26

[SW2-ip-pool-aa]gateway-list 172.16.0.62

[SW2-ip-pool-aa]dns-list 8.8.8.8

[SW2]int vlanif 2

[SW2-Vlanif2]dhcp select global

Vlan3的地址下发

[SW1]ip pool bb

[SW1-ip-pool-bb]network 172.16.0.64 mask 26

[SW1-ip-pool-bb]gateway-list 172.16.0.126

[SW1-ip-pool-bb]dns-list 8.8.8.8

[SW1]int Vlanif 3

[SW1-Vlanif3]dhcp select global

[SW2]ip pool bb

[SW2-ip-pool-bb]network 172.16.0.64 mask 26

[SW2-ip-pool-bb]gateway-list 172.16.0.126

[SW2-ip-pool-bb]dns 8.8.8.8

[SW2]int Vlanif 3

[SW2-Vlanif3]dhcp select global

地址池配置完成

我们来ping测试

可见已经实现了pc之间的互通

下一步，我们要实现全网通

首先我们先配IP地址

[SW1]vlan 10

[SW1]int g0/0/5

[SW1-GigabitEthernet0/0/5]port link-type access

[SW1-GigabitEthernet0/0/5]port default vlan 10

[SW1]int Vlanif 10

[SW1-Vlanif10]ip add 172.16.0.129 26

[SW2]vlan 20

[SW2-GigabitEthernet0/0/5]port link-type access

[SW2-GigabitEthernet0/0/5]port default vlan 20

[SW2]int Vlanif 20

[SW2-Vlanif20]ip add 172.16.0.193 26

R1;

ISP:

下一步配置路由协议，使得内网互通

[SW1]ospf 1 router-id 1.1.1.1

[SW1-ospf-1]a 0

[SW1-ospf-1-area-0.0.0.0]net 172.16.0.0 0.0.0.63

[SW1-ospf-1-area-0.0.0.0]net 172.16.0.64 0.0.0.63

[SW1-ospf-1-area-0.0.0.0]net 172.16.0.128 0.0.0.63

[SW2]ospf 1 router-id 2.2.2.2

[SW2-ospf-1]a 0

[SW2-ospf-1-area-0.0.0.0]net 172.16.0.0 0.0.0.63

[SW2-ospf-1-area-0.0.0.0]net 172.16.0.64 0.0.0.63

[SW2-ospf-1-area-0.0.0.0]net 172.16.0. 0.0.0.63

[R1]ospf 1 router-id 3.3.3.3

[R1-ospf-1]a 0

[R1-ospf-1-area-0.0.0.0]net 172.16.0.128 0.0.0.63

[R1-ospf-1-area-0.0.0.0]net 172.16.0.192 0.0.0.63

好我们此时已经配置完成全网互通我们查一下OSPF配置情况

IP学习情况

我们顺便再用ping命令测试是否内网通

下一步配置NAT,使得内网访问公网

[R1]acl 2000

[R1-acl-basic-2000]rule permit source 172.16.0.0 0.0.0.255

[R1]int g0/0/0

[R1-GigabitEthernet0/0/0]nat outbound 2000

[R1]ip route-static 0.0.0.0 0 12.0.0.2

[R1]ospf 1

[R1-ospf-1]default-route-advertise

好我们来ping测试一下内网是否能访问公网

好配置完成，实验到此结束