IP综合实验

要求：

1.内网地址172.16.0.0/16合理分配

2.SW1/2之间互为备份

3.VRRP/STP/VLAN/TRUNK均使用

一。配置交换机部分

eth-trunk 创建，划分vlan trunk STP SVI VRRP DHCP

1.配置eth-trunk进行绑定

SW1\]interface Eth-Trunk 0 \[SW1-Eth-Trunk0\]q \[SW1\]int g0/0/2 \[SW1-GigabitEthernet0/0/2\]eth-trunk 0 \[SW1-GigabitEthernet0/0/2\]q \[SW1\]int g0/0/3 \[SW1-GigabitEthernet0/0/3\]eth-trunk 0  \[SW2-Eth-Trunk0\]q \[SW2\]int g0/0/2 \[SW2-GigabitEthernet0/0/2\]eth-trunk 0 \[SW2-GigabitEthernet0/0/2\]q \[SW2\]int g0/0/3 \[SW2-GigabitEthernet0/0/3\]eth-trunk 0 2.创建vlan，划分接口类型 \[SW1\]vlan 2 \[SW1-vlan2\]q \[SW1\]port-group group-member g0/0/4 to g0/0/5 Eth-Trunk 0 \[SW1-port-group\]port link-type trunk \[SW1-GigabitEthernet0/0/4\]port link-type trunk \[SW1-GigabitEthernet0/0/5\]port link-type trunk \[SW1-Eth-Trunk0\]port link-type trunk \[SW1-port-group\]port trunk allow-pass vlan 2 \[SW1-GigabitEthernet0/0/4\]port trunk allow-pass vlan 2 \[SW1-GigabitEthernet0/0/5\]port trunk allow-pass vlan 2 \[SW1-Eth-Trunk0\]port trunk allow-pass vlan 2 \[SW2\]vlan 2 \[SW2-vlan2\]q \[SW2\]port-group group-member g0/0/4 to g0/0/5 Eth-Trunk 0 \[SW2-port-group\]port link-type trunk \[SW2-GigabitEthernet0/0/4\]port link-type trunk \[SW2-GigabitEthernet0/0/5\]port link-type trunk \[SW2-Eth-Trunk0\]port link-type trunk \[SW2-port-group\]port trunk allow-pass vlan 2 \[SW2-GigabitEthernet0/0/4\]port trunk allow-pass vlan 2 \[SW2-GigabitEthernet0/0/5\]port trunk allow-pass vlan 2 \[SW2-Eth-Trunk0\]port trunk allow-pass vlan 2 \[SW3\]vlan 2 \[SW3-vlan2\]q \[SW3-Ethernet0/0/3\]int e0/0/4 \[SW3-Ethernet0/0/4\]port link-type access \[SW3-Ethernet0/0/4\]port default vlan 2 \[SW3-Ethernet0/0/4\]q \[SW3\]port-group group-member e0/0/1 to e0/0/2 \[SW3-port-group\]port link-type trunk \[SW3-Ethernet0/0/1\]port link-type trunk \[SW3-Ethernet0/0/2\]port link-type trunk \[SW3-port-group\]port trunk allow-pass vlan 2 \[SW3-Ethernet0/0/1\]port trunk allow-pass vlan 2 \[SW3-Ethernet0/0/2\]port trunk allow-pass vlan 2 \[SW4\]vlan 2 \[SW4-vlan2\]q \[SW4\]int e0/0/4 \[SW4-Ethernet0/0/4\]port link-type access \[SW4-Ethernet0/0/4\]port default vlan 2 \[SW4-Ethernet0/0/4\]q \[SW4\]port-group group-member e0/0/1 to e0/0/2 \[SW4-port-group\]port link-type trunk \[SW4-Ethernet0/0/1\]port link-type trunk \[SW4-Ethernet0/0/2\]port link-type trunk \[SW4-port-group\]port trunk allow-pass vlan 2 \[SW4-Ethernet0/0/1\]port trunk allow-pass vlan 2 \[SW4-Ethernet0/0/2\]port trunk allow-pass vlan 2 3.配置生成树： \[SW1\]stp region-configuration \[SW1-mst-region\]region-name aa \[SW1-mst-region\]instance 1 vlan 1 \[SW1-mst-region\]instance 2 vlan 2 \[SW1-mst-region\]active region-configuration  \[SW2\]stp region-configuration \[SW2-mst-region\]instance 1 vlan 1 \[SW2-mst-region\]instance 2 vlan 2 \[SW2-mst-region\]active region-configuration \[SW3\]stp region-configuration \[SW3-mst-region\]region-name aa \[SW3-mst-region\]instance 1 vlan 1 \[SW3-mst-region\]instance 2 vlan 2 \[SW3-mst-region\]active region-configuration \[SW4\]stp region-configuration \[SW4-mst-region\]region-name aa \[SW4-mst-region\]instance 1 vlan 1 \[SW4-mst-region\]instance 2 vlan 2 \[SW4-mst-region\]active region-configuration 4.进行根和备份跟的确定： \[SW1\]stp instance 1 root primary \[SW1\]stp instance 2 root secondary \[SW1\]stp instance 0 root primary \[SW2\]stp instance 1 root secondary \[SW2\]stp instance 2 root primary \[SW2\]stp instance 0 root secondary  \[SW3\]port-group group-member e0/0/1 to e0/0/22（配置边缘接口进行优化） \[SW3-port-group\]stp edged-port enable \[SW3\]int e0/0/3（修改WiFi接口优先级） \[SW3-Ethernet0/0/3\]stp instance 0 port priority 16 5.配置ip地址SVI： \[SW1\]int vlan 1 \[SW1-Vlanif1\]ip add 172.16.1.1 25 \[SW1\]int vlan 2 \[SW1-Vlanif2\]ip add 172.16.1.129 25  \[SW2\]int vlan 1 \[SW2-Vlanif1\]ip add 172.16.1.2 25 \[SW2\]int vlan 2 \[SW2-Vlanif2\]ip add 172.16.1.130 25  6.进行网关冗余VRRP： \[SW1\]int vlan 1 \[SW1-Vlanif1\]vrrp vrid 1 virtual-ip 172.16.1.126 \[SW1-Vlanif1\]vrrp vrid 1 priority 110 （称为主ip） \[SW1-Vlanif1\]vrrp vrid 1 track interface g0/0/1 reduced 20  \[SW2\]int vlan 1 \[SW2-Vlanif1\]vrrp vrid 1 virtual-ip 172.16.1.126 \[SW2\]int vlan 2 \[SW2-Vlanif2\]vrrp vrid 1 virtual-ip 172.16.1.254 \[SW2-Vlanif2\]vrrp vrid 1 priority 110 \[SW2-Vlanif2\]vrrp vrid 1 track int g0/0/1 reduced 20 \[SW1\]int vlan 2 \[SW1-Vlanif2\]vrrp vrid 1 virtual-ip 172.16.1.254 7.配置DHCP获取IP地址： \[SW1\]dhcp enable \[SW1\]ip pool v1 \[SW1-ip-pool-v1\]net 172.16.1.0 mask 25 \[SW1-ip-pool-v1\]gateway-list 172.16.1.126 \[SW1-ip-pool-v1\]dns-list 114.114.114.114 \[SW1-ip-pool-v1\]q \[SW1\]ip pool v2 \[SW1-ip-pool-v2\]net 172.16.1.128 mask 25 \[SW1-ip-pool-v2\]gateway-list 172.16.1.254 \[SW1-ip-pool-v2\]dns-list 114.114.114.114 \[SW1-ip-pool-v2\]q \[SW1\]int vlan 1 \[SW1-Vlanif1\]dhcp select global \[SW1-Vlanif1\]int vlan 2 \[SW1-Vlanif2\]dhcp select global \[SW2\]dhcp enable \[SW2\]ip pool v1 Info:It's successful to create an IP address pool. \[SW2-ip-pool-v1\]net 172.16.1.0 mask 25 \[SW2-ip-pool-v1\]gateway-list 172.16.1.126 \[SW2-ip-pool-v1\]dns-list 114.114.114.114 \[SW2-ip-pool-v1\]q \[SW2\]ip pool v2 Info:It's successful to create an IP address pool. \[SW2-ip-pool-v2\]net 172.16.1.128 mask 25 \[SW2-ip-pool-v2\]gateway-list 172.16.1.254 \[SW2-ip-pool-v2\]dns-list 114.114.114.114 \[SW2-ip-pool-v2\]q \[SW2\]int vlan 1 \[SW2-Vlanif1\]dhcp select global \[SW2-Vlanif1\]int vlan 2 \[SW2-Vlanif2\]dhcp select global 8.对于上层路由器进行连接 \[SW1\]vlan 99 \[SW1-GigabitEthernet0/0/2\]int g0/0/1 \[SW1-GigabitEthernet0/0/1\]port link-type access \[SW1-GigabitEthernet0/0/1\]port default vlan 99 \[SW1\]int vlan 99 \[SW1-Vlanif99\]ip add 172.16.0.2 30  \[SW2\]vlan 99 \[SW2-vlan99\]int g0/0/1 \[SW2-GigabitEthernet0/0/1\]port link-type access \[SW2-GigabitEthernet0/0/1\]port default vlan 99 \[SW2-GigabitEthernet0/0/1\]q \[SW2\]int vlan 99 \[SW2-Vlanif99\]ip add 172.16.0.6 30 9.配置沉默接口： \[SW1-ospf-1\]silent-interface all \[SW1-ospf-1\]undo silent-interface GigabitEthernet 0/0/1 \[SW1-ospf-1\]undo silent-interface Vlanif 99 \[SW1-ospf-1\]undo silent-interface Eth-Trunk 0 \[SW1-ospf-1\]undo silent-interface Vlanif 1 \[SW2\]ospf 1 \[SW2-ospf-1\]silent-interface all \[SW2-ospf-1\]undo silent-interface GigabitEthernet 0/0/1 \[SW2-ospf-1\]undo silent-interface Vlanif 99 \[SW2-ospf-1\]undo silent-interface Eth-Trunk 0 \[SW2-ospf-1\]undo silent-interface Vlanif 1 **三。配置路由器部分：**  1.配置ospf协议 \[R2\]ospf 1 router-id 2.2.2.2 \[R2-ospf-1\]area 0 \[R2-ospf-1-area-0.0.0.0\]net 172.16.0.0 0.0.0.255 \[SW1\]ospf 1 router-id 3.3.3.3 \[SW1-ospf-1\]area 0 \[SW1-ospf-1-area-0.0.0.0\]net 172.16.0.2 0.0.0.0 \[SW1-ospf-1\]area 1 \[SW1-ospf-1-area-0.0.0.1\]net 172.16.1.0 0.0.0.255 \[SW1-ospf-1-area-0.0.0.1

SW2\]ospf 1 router-id 4.4.4.4 \[SW2-ospf-1\]area 0 \[SW2-ospf-1-area-0.0.0.0\]net 172.16.0.6 0.0.0.0 \[SW2-ospf-1-area-0.0.0.0\]q \[SW2-ospf-1\]area 1 \[SW2-ospf-1-area-0.0.0.1\]net 172.16.1.0 0.0.0.255   2.配置缺省路由 \[R2\]ip route-static 0.0.0.0 0 12.1.1.1 \[R2-ospf-1\]default-route-advertise 3.进行路由汇总： \[SW1\]ospf 1 \[SW1-ospf-1\]area 1 \[SW1-ospf-1-area-0.0.0.1\]abr-summary 172.16.1.0 255.255.255.0 \[SW2\]ospf 1 \[SW2-ospf-1\]area 1 \[SW2-ospf-1-area-0.0.0.1\]abr-summary 172.16.1.0 255.255.255.0 4.防止路由黑洞 \[SW1\]ip route-static 172.16.1.0 24 NULL 0 \[SW2\]ip route-static 172.16.1.0 24 NULL 0 5.配置nat，进行上网： \[R2\]acl 2000 \[R2-acl-basic-2000\]rule permit source 172.16.0.0 0.0.255.255 \[R2-acl-basic-2000\]q \[R2\]int g0/0/0 \[R2-GigabitEthernet0/0/0\]nat outbound 2000