HCIP | 三层架构

目录

要求：

配置：

基础配置：

R1

R2

DHCP

LSW1

LSW2

eth-thrunk

LSW1

LSW2

VLAN、trunk

LSW1

LSW2

LSW3

LSW4

LSW5

STP

LSW1

LSW2

LSW3

LSW4

LSW5

SVI

LSW1

LSW2

vrrp

LSW1

LSW2

IP配置

LSW1

LSW2

内网OSPF

LSW1

LSW2

R1

公网访问

R1

---

要求：

实现全网通

配置：

基础配置：

R1

[R1]int g 0/0/2  
[R1-GigabitEthernet0/0/2]ip add 12.1.1.1 24
[R1-GigabitEthernet0/0/2]int g 0/0/0
[R1-GigabitEthernet0/0/0]ip add 192.168.0.1 24
[R1-GigabitEthernet0/0/0]int g 0/0/1
[R1-GigabitEthernet0/0/1]ip add 192.168.4.1 24
[R1-GigabitEthernet0/0/1]int l0
[R1-LoopBack0]ip add 1.1.1.1 32

R2

[R2]int g 0/0/0
[R2-GigabitEthernet0/0/0]ip add 12.1.1.2 24
[R2-GigabitEthernet0/0/0]int l0
[R2-LoopBack0]ip add 2.2.2.2 32

DHCP

LSW1

[LSW1]dhcp enable 
[LSW1]ip pool v2
[LSW1-ip-pool-v2]net 192.168.2.0 mask 24
[LSW1-ip-pool-v2]gateway-list 192.168.2.254
[LSW1-ip-pool-v2]q
[LSW1]int Vlanif 2
[LSW1-Vlanif2]dhcp select global 
[LSW1-Vlanif2]q
[LSW1]ip pool v3
[LSW1-ip-pool-v3]net 192.168.3.0 mask 24
[LSW1-ip-pool-v3]gateway-list  192.168.3.254
[LSW1-ip-pool-v3]q
[LSW1]int Vlanif 3
[LSW1-Vlanif3]dhcp select global

LSW2

[LSW2]dhcp enable 
[LSW2]ip pool v2
[LSW2-ip-pool-v2]net 192.168.2.0 mask 24
[LSW2-ip-pool-v2]gateway-list 192.168.2.254
[LSW2-ip-pool-v2]q
[LSW2]int v 2
[LSW2-Vlanif2]dhcp se
[LSW2-Vlanif2]dhcp select fl
[LSW2-Vlanif2]dhcp select gl
[LSW2-Vlanif2]dhcp select global 
[LSW2-Vlanif2]q
[LSW2]int Vlanif 2
[LSW2-Vlanif2]dhcp select global 
[LSW2-Vlanif2]q
[LSW2]ip pool v3
[LSW2-ip-pool-v3]net 192.168.3.0 mask 24
[LSW2-ip-pool-v3]gateway-list 192.168.3.254
[LSW2-ip-pool-v3]q
[LSW2]int Vlanif 3
[LSW2-Vlanif3]dhcp select global 

eth-thrunk

LSW1

[LSW1]interface Eth-Trunk 0
[LSW1-Eth-Trunk0]int g 0/0/5
[LSW1-GigabitEthernet0/0/5]eth-trunk 0
[LSW1-GigabitEthernet0/0/5]int g 0/0/6
[LSW1-GigabitEthernet0/0/6]eth-trunk 0

LSW2

[LSW2]int Eth-Trunk 0
[LSW2-Eth-Trunk0]q
[LSW2]int g 0/0/5
[LSW2-GigabitEthernet0/0/5]eth-trunk 0
[LSW2-GigabitEthernet0/0/5]int g 0/0/6
[LSW2-GigabitEthernet0/0/6]eth-trunk 0

VLAN、trunk

LSW1

[LSW1]vlan batch 2 to 3
[LSW1]port-group group-member g 0/0/2 Eth-Trunk 0
[LSW1-Eth-Trunk0]port link-type trunk 
[LSW1-Eth-Trunk0]port trunk allow-pass vlan all

LSW2

[LSW2]vlan batch 2 to 3
[LSW2]port-group group-member g 0/0/7 Eth-Trunk 0
[LSW2-Eth-Trunk0]port link-type trunk 
[LSW2-Eth-Trunk0]port trunk allow-pass vlan all

LSW3

[LSW3]vlan batch 2 to 3
[LSW3]port-group group-member e 0/0/1 e 0/0/4
[LSW3-port-group]port link-type trunk 
[LSW3-Ethernet0/0/1]port link-type trunk 
[LSW3-Ethernet0/0/4]port link-type trunk 
[LSW3-port-group]port trunk allow-pass vlan all
[LSW3-Ethernet0/0/1]port trunk allow-pass vlan all
[LSW3-Ethernet0/0/4]port trunk allow-pass vlan all
[LSW3-port-group]q
[LSW3]port-group group-member e 0/0/2 e 0/0/3
[LSW3-port-group]port link-type access 
[LSW3-Ethernet0/0/2]port link-type access 
[LSW3-Ethernet0/0/3]port link-type access 
[LSW3-port-group]port default vlan 2 
[LSW3-Ethernet0/0/2]port default vlan 2
[LSW3-Ethernet0/0/3]port default vlan 2

LSW4

[LSW4]vlan batch 2 to 3
[LSW4]port-group group-member e 0/0/1 e 0/0/2
[LSW4-port-group]port link-type trunk 
[LSW4-Ethernet0/0/1]port link-type trunk 
[LSW4-Ethernet0/0/2]port link-type trunk 
[LSW4-port-group]port trunk allow-pass vlan all
[LSW4-Ethernet0/0/1]port trunk allow-pass vlan all
[LSW4-Ethernet0/0/2]port trunk allow-pass vlan all
[LSW4]port-group group-member e 0/0/3 e 0/0/4
[LSW4-port-group]port link-type access 
[LSW4-Ethernet0/0/3]port link-type access 
[LSW4-Ethernet0/0/4]port link-type access 
[LSW4-port-group]port default vlan 3
[LSW4-Ethernet0/0/3]port default vlan 3
[LSW4-Ethernet0/0/4]port default vlan 3

LSW5

[LSW5]vlan batch 2 to 3
[LSW5]port-group group-member e 0/0/1 e 0/0/2
[LSW5-port-group]port link-type trunk 
[LSW5-Ethernet0/0/1]port link-type trunk 
[LSW5-Ethernet0/0/2]port link-type trunk 
[LSW5-port-group]port trunk allow-pass vlan all
[LSW5-Ethernet0/0/1]port trunk allow-pass vlan all
[LSW5-Ethernet0/0/2]port trunk allow-pass vlan all
[LSW5-port-group]q
[LSW5-Ethernet0/0/3]port link-type access 
[LSW5-Ethernet0/0/3]
[LSW5-Ethernet0/0/3]port default vlan 2
[LSW5-Ethernet0/0/3]q
[LSW5]int e 0/0/4
[LSW5-Ethernet0/0/4]port link-type access 
[LSW5-Ethernet0/0/4]port default vlan 3

STP

LSW1

[LSW1]stp enable 
[LSW1]stp region-configuration 
[LSW1-mst-region]region-name a
[LSW1-mst-region]instance 1 vlan 2
[LSW1-mst-region]instance 2 vlan 3
[LSW1-mst-region]active region-configuration 

[LSW1]stp instance 1 root primary 
[LSW1]stp instance 2 root secondary 

LSW2

[LSW2]stp enable
[LSW2]stp region-configuration
[LSW2-mst-region]region-name a
[LSW2-mst-region]instance 1 vlan 2
[LSW2-mst-region]instance 2 vlan 3
[LSW2-mst-region]active region-configuration

[LSW2]stp instance 2 root primary 
[LSW2]stp instance 1 root secondary 

LSW3

[LSW3]stp enable
[LSW3]stp region-configuration
[LSW3-mst-region]region-name a
[LSW3-mst-region]instance 1 vlan 2
[LSW3-mst-region]instance 2 vlan 3
[LSW3-mst-region]active region-configuration

LSW4

[LSW4]stp enable
[LSW4]stp region-configuration
[LSW4-mst-region]region-name a
[LSW4-mst-region]instance 1 vlan 2
[LSW4-mst-region]instance 2 vlan 3
[LSW4-mst-region]active region-configuration

LSW5

[LSW5]stp enable
[LSW5]stp region-configuration
[LSW5-mst-region]region-name a
[LSW5-mst-region]instance 1 vlan 2
[LSW5-mst-region]instance 2 vlan 3
[LSW5-mst-region]active region-configuration

SVI

LSW1

[LSW1]int Vlanif 2
[LSW1-Vlanif2]ip add 192.168.2.1 24
[LSW1-Vlanif2]q 
[LSW1]int Vlanif 3
[LSW1-Vlanif3]ip add 192.168.3.1 24

LSW2

[LSW2]int Vlanif 2
[LSW2-Vlanif2]ip add 192.168.2.2 24
[LSW2-Vlanif2]q
[LSW2]int Vlanif 3
[LSW2-Vlanif3]ip add 192.168.3.2 24

vrrp

LSW1

[LSW1]int Vlanif 2
[LSW1-Vlanif2]vrrp vrid 1 virtual-ip 192.168.2.254                   
[LSW1-Vlanif2]vrrp vrid 1 priority 120
[LSW1-Vlanif2]vrrp vrid 1 track interface g 0/0/1 reduced 30
[LSW1]int Vlanif 3
[LSW1-Vlanif3]vrrp vrid 2 virtual-ip 192.168.3.254

LSW2

[LSW2]int Vlanif 3
[LSW2-Vlanif3]vrrp vrid 2 virtual-ip 192.168.3.254
[LSW2-Vlanif3]vrrp vrid 2 priority 120
[LSW2-Vlanif3]vrrp vrid 2 track interface  g 0/0/1 reduced 30
[LSW2-Vlanif3]q   
[LSW2]int Vlanif 2
[LSW2-Vlanif2]vrrp vrid 2 virtual-ip 192.168.2.254

IP配置

LSW1

[LSW1]vlan 4
[LSW1-vlan4]q
[LSW1]int g 0/0/1
[LSW1-GigabitEthernet0/0/1]port link-type access 
[LSW1-GigabitEthernet0/0/1]port default vlan 4
[LSW1-GigabitEthernet0/0/1]q
[LSW1]int Vlanif 4
[LSW1-Vlanif4]ip add 192.168.0.2 30

LSW2

[LSW2]vlan 4
[LSW2-vlan4]q
[LSW2]int g 0/0/1
[LSW2-GigabitEthernet0/0/1]port link-type access 
[LSW2-GigabitEthernet0/0/1]port default vlan 4
[LSW2-GigabitEthernet0/0/1]q
[LSW2]int Vlanif  4
[LSW2-Vlanif4]ip add 192.168.0.6 30

内网OSPF

LSW1

[LSW1]ospf 
[LSW1-ospf-1]area 0
[LSW1-ospf-1-area-0.0.0.0]net 192.168.0.0 0.0.255.255

LSW2

[LSW2]ospf 
[LSW2-ospf-1]area 0
[LSW2-ospf-1-area-0.0.0.0]net 192.168.0.0 0.0.255.255

R1

[R1]ospf 
[R1-ospf-1]area 0
[R1-ospf-1-area-0.0.0.0]net 192.168.0.0 0.0.255.255 

公网访问

R1

[R1]ospf 
[R1-ospf-1]default-route-advertise always 
[R1-ospf-1]q
[R1]ip route-static 0.0.0.0 0 12.1.1.2 
[R1]acl 2000
[R1-acl-basic-2000]rule permit source 192.168.0.0 0.0.255.255 
[R1-acl-basic-2000]q
[R1]int g 0/0/0
[R1-GigabitEthernet0/0/0]nat outbound 2000