IP综合实验 - 技术栈

要求：

1.内网地址172.16.0.0/16合理分配

2.SW1/2之间互为备份

3.VRRP/STP/VLAN/TRUNK均使用

一。配置交换机部分

eth-trunk 创建，划分vlan trunk STP SVI VRRP DHCP

1.配置eth-trunk进行绑定

$SW1$ interface Eth-Trunk 0

$SW1-Eth-Trunk0$ q

$SW1$ int g0/0/2

$SW1-GigabitEthernet0/0/2$ eth-trunk 0

$SW1-GigabitEthernet0/0/2$ q

$SW1$ int g0/0/3

$SW1-GigabitEthernet0/0/3$ eth-trunk 0

$SW2-Eth-Trunk0$ q

$SW2$ int g0/0/2

$SW2-GigabitEthernet0/0/2$ eth-trunk 0

$SW2-GigabitEthernet0/0/2$ q

$SW2$ int g0/0/3

$SW2-GigabitEthernet0/0/3$ eth-trunk 0

2.创建vlan，划分接口类型

$SW1$ vlan 2

$SW1-vlan2$ q

$SW1$ port-group group-member g0/0/4 to g0/0/5 Eth-Trunk 0

$SW1-port-group$ port link-type trunk

$SW1-GigabitEthernet0/0/4$ port link-type trunk

$SW1-GigabitEthernet0/0/5$ port link-type trunk

$SW1-Eth-Trunk0$ port link-type trunk

$SW1-port-group$ port trunk allow-pass vlan 2

$SW1-GigabitEthernet0/0/4$ port trunk allow-pass vlan 2

$SW1-GigabitEthernet0/0/5$ port trunk allow-pass vlan 2

$SW1-Eth-Trunk0$ port trunk allow-pass vlan 2

$SW2$ vlan 2

$SW2-vlan2$ q

$SW2$ port-group group-member g0/0/4 to g0/0/5 Eth-Trunk 0

$SW2-port-group$ port link-type trunk

$SW2-GigabitEthernet0/0/4$ port link-type trunk

$SW2-GigabitEthernet0/0/5$ port link-type trunk

$SW2-Eth-Trunk0$ port link-type trunk

$SW2-port-group$ port trunk allow-pass vlan 2

$SW2-GigabitEthernet0/0/4$ port trunk allow-pass vlan 2

$SW2-GigabitEthernet0/0/5$ port trunk allow-pass vlan 2

$SW2-Eth-Trunk0$ port trunk allow-pass vlan 2

$SW3$ vlan 2

$SW3-vlan2$ q

$SW3-Ethernet0/0/3$ int e0/0/4

$SW3-Ethernet0/0/4$ port link-type access

$SW3-Ethernet0/0/4$ port default vlan 2

$SW3-Ethernet0/0/4$ q

$SW3$ port-group group-member e0/0/1 to e0/0/2

$SW3-port-group$ port link-type trunk

$SW3-Ethernet0/0/1$ port link-type trunk

$SW3-Ethernet0/0/2$ port link-type trunk

$SW3-port-group$ port trunk allow-pass vlan 2

$SW3-Ethernet0/0/1$ port trunk allow-pass vlan 2

$SW3-Ethernet0/0/2$ port trunk allow-pass vlan 2

$SW4$ vlan 2

$SW4-vlan2$ q

$SW4$ int e0/0/4

$SW4-Ethernet0/0/4$ port link-type access

$SW4-Ethernet0/0/4$ port default vlan 2

$SW4-Ethernet0/0/4$ q

$SW4$ port-group group-member e0/0/1 to e0/0/2

$SW4-port-group$ port link-type trunk

$SW4-Ethernet0/0/1$ port link-type trunk

$SW4-Ethernet0/0/2$ port link-type trunk

$SW4-port-group$ port trunk allow-pass vlan 2

$SW4-Ethernet0/0/1$ port trunk allow-pass vlan 2

$SW4-Ethernet0/0/2$ port trunk allow-pass vlan 2

3.配置生成树：

$SW1$ stp region-configuration

$SW1-mst-region$ region-name aa

$SW1-mst-region$ instance 1 vlan 1

$SW1-mst-region$ instance 2 vlan 2

$SW1-mst-region$ active region-configuration

$SW2$ stp region-configuration

$SW2-mst-region$ instance 1 vlan 1

$SW2-mst-region$ instance 2 vlan 2

$SW2-mst-region$ active region-configuration

$SW3$ stp region-configuration

$SW3-mst-region$ region-name aa

$SW3-mst-region$ instance 1 vlan 1

$SW3-mst-region$ instance 2 vlan 2

$SW3-mst-region$ active region-configuration

$SW4$ stp region-configuration

$SW4-mst-region$ region-name aa

$SW4-mst-region$ instance 1 vlan 1

$SW4-mst-region$ instance 2 vlan 2

$SW4-mst-region$ active region-configuration

4.进行根和备份跟的确定：

$SW1$ stp instance 1 root primary

$SW1$ stp instance 2 root secondary

$SW1$ stp instance 0 root primary

$SW2$ stp instance 1 root secondary

$SW2$ stp instance 2 root primary

$SW2$ stp instance 0 root secondary

$SW3$ port-group group-member e0/0/1 to e0/0/22（配置边缘接口进行优化）

$SW3-port-group$ stp edged-port enable

$SW3$ int e0/0/3（修改WiFi接口优先级）

$SW3-Ethernet0/0/3$ stp instance 0 port priority 16

5.配置ip地址SVI：

$SW1$ int vlan 1

$SW1-Vlanif1$ ip add 172.16.1.1 25

$SW1$ int vlan 2

$SW1-Vlanif2$ ip add 172.16.1.129 25

$SW2$ int vlan 1

$SW2-Vlanif1$ ip add 172.16.1.2 25

$SW2$ int vlan 2

$SW2-Vlanif2$ ip add 172.16.1.130 25

6.进行网关冗余VRRP：

$SW1$ int vlan 1

$SW1-Vlanif1$ vrrp vrid 1 virtual-ip 172.16.1.126

$SW1-Vlanif1$ vrrp vrid 1 priority 110 （称为主ip）

$SW1-Vlanif1$ vrrp vrid 1 track interface g0/0/1 reduced 20

$SW2$ int vlan 1

$SW2-Vlanif1$ vrrp vrid 1 virtual-ip 172.16.1.126

$SW2$ int vlan 2

$SW2-Vlanif2$ vrrp vrid 1 virtual-ip 172.16.1.254

$SW2-Vlanif2$ vrrp vrid 1 priority 110

$SW2-Vlanif2$ vrrp vrid 1 track int g0/0/1 reduced 20

$SW1$ int vlan 2

$SW1-Vlanif2$ vrrp vrid 1 virtual-ip 172.16.1.254

7.配置DHCP获取IP地址：

$SW1$ dhcp enable

$SW1$ ip pool v1

$SW1-ip-pool-v1$ net 172.16.1.0 mask 25

$SW1-ip-pool-v1$ gateway-list 172.16.1.126

$SW1-ip-pool-v1$ dns-list 114.114.114.114

$SW1-ip-pool-v1$ q

$SW1$ ip pool v2

$SW1-ip-pool-v2$ net 172.16.1.128 mask 25

$SW1-ip-pool-v2$ gateway-list 172.16.1.254

$SW1-ip-pool-v2$ dns-list 114.114.114.114

$SW1-ip-pool-v2$ q

$SW1$ int vlan 1

$SW1-Vlanif1$ dhcp select global

$SW1-Vlanif1$ int vlan 2

$SW1-Vlanif2$ dhcp select global

$SW2$ dhcp enable

$SW2$ ip pool v1

Info:It's successful to create an IP address pool.

$SW2-ip-pool-v1$ net 172.16.1.0 mask 25

$SW2-ip-pool-v1$ gateway-list 172.16.1.126

$SW2-ip-pool-v1$ dns-list 114.114.114.114

$SW2-ip-pool-v1$ q

$SW2$ ip pool v2

Info:It's successful to create an IP address pool.

$SW2-ip-pool-v2$ net 172.16.1.128 mask 25

$SW2-ip-pool-v2$ gateway-list 172.16.1.254

$SW2-ip-pool-v2$ dns-list 114.114.114.114

$SW2-ip-pool-v2$ q

$SW2$ int vlan 1

$SW2-Vlanif1$ dhcp select global

$SW2-Vlanif1$ int vlan 2

$SW2-Vlanif2$ dhcp select global

8.对于上层路由器进行连接

$SW1$ vlan 99

$SW1-GigabitEthernet0/0/2$ int g0/0/1

$SW1-GigabitEthernet0/0/1$ port link-type access

$SW1-GigabitEthernet0/0/1$ port default vlan 99

$SW1$ int vlan 99

$SW1-Vlanif99$ ip add 172.16.0.2 30

$SW2$ vlan 99

$SW2-vlan99$ int g0/0/1

$SW2-GigabitEthernet0/0/1$ port link-type access

$SW2-GigabitEthernet0/0/1$ port default vlan 99

$SW2-GigabitEthernet0/0/1$ q

$SW2$ int vlan 99

$SW2-Vlanif99$ ip add 172.16.0.6 30

9.配置沉默接口：

$SW1-ospf-1$ silent-interface all

$SW1-ospf-1$ undo silent-interface GigabitEthernet 0/0/1

$SW1-ospf-1$ undo silent-interface Vlanif 99

$SW1-ospf-1$ undo silent-interface Eth-Trunk 0

$SW1-ospf-1$ undo silent-interface Vlanif 1

$SW2$ ospf 1

$SW2-ospf-1$ silent-interface all

$SW2-ospf-1$ undo silent-interface GigabitEthernet 0/0/1

$SW2-ospf-1$ undo silent-interface Vlanif 99

$SW2-ospf-1$ undo silent-interface Eth-Trunk 0

$SW2-ospf-1$ undo silent-interface Vlanif 1

三。配置路由器部分：

1.配置ospf协议

$R2$ ospf 1 router-id 2.2.2.2

$R2-ospf-1$ area 0

$R2-ospf-1-area-0.0.0.0$ net 172.16.0.0 0.0.0.255

$SW1$ ospf 1 router-id 3.3.3.3

$SW1-ospf-1$ area 0

$SW1-ospf-1-area-0.0.0.0$ net 172.16.0.2 0.0.0.0

$SW1-ospf-1$ area 1

$SW1-ospf-1-area-0.0.0.1$ net 172.16.1.0 0.0.0.255

SW1-ospf-1-area-0.0.0.1

$SW2$ ospf 1 router-id 4.4.4.4

$SW2-ospf-1$ area 0

$SW2-ospf-1-area-0.0.0.0$ net 172.16.0.6 0.0.0.0

$SW2-ospf-1-area-0.0.0.0$ q

$SW2-ospf-1$ area 1

$SW2-ospf-1-area-0.0.0.1$ net 172.16.1.0 0.0.0.255

2.配置缺省路由

$R2$ ip route-static 0.0.0.0 0 12.1.1.1

$R2-ospf-1$ default-route-advertise

3.进行路由汇总：

$SW1$ ospf 1

$SW1-ospf-1$ area 1

$SW1-ospf-1-area-0.0.0.1$ abr-summary 172.16.1.0 255.255.255.0

$SW2$ ospf 1

$SW2-ospf-1$ area 1

$SW2-ospf-1-area-0.0.0.1$ abr-summary 172.16.1.0 255.255.255.0

4.防止路由黑洞

$SW1$ ip route-static 172.16.1.0 24 NULL 0

$SW2$ ip route-static 172.16.1.0 24 NULL 0

5.配置nat，进行上网：

$R2$ acl 2000

$R2-acl-basic-2000$ rule permit source 172.16.0.0 0.0.255.255

$R2-acl-basic-2000$ q

$R2$ int g0/0/0

$R2-GigabitEthernet0/0/0$ nat outbound 2000