实验拓扑图
实验需求
- 按照图示配置IP地址
- 在SW1和SW2之间配置链路聚合增加链路带宽,提高可靠性
- PC5和PC6属于VLAN10, PC7和PC8属于VLAN20
- SW1和SW2属于二层交换机,SW3为三层交换机(VLAN100用于对接R4),在交换机之间相连的链路
放行相关VLAN(不允许放行所有VLAN) - SW3作为DHCP服务器,配置两个地址池,分别为192.168.1.0/24网段和192.168.2.0/24网段网关分
别为192.168.1.254和192.168.2.254,dns统一为114.114.114.114;分别排除地址段192.168.1.1-
192.168.10和192.168.2.1-192.168.2.10 - 在R4上配置静态路由,使其有到达各个部门的路由,在SW3上配置默认路由,使其全网互通
- 在R4上配置Telnet服务使两个部门都能登录到R4
实现步骤
1.配置IP地址
c
[R4]int g0/0
[R4-GigabitEthernet0/0]ip address 192.16.1.1 30
[R4-GigabitEthernet0/0]int l0
[R4-LoopBack0]ip address 100.1.1.1 32
[R4-LoopBack0]quit
[R4]
[R4]dis ip int b
*down: administratively down
(s): spoofing (l): loopback
Interface Physical Protocol IP address/Mask VPN instance Description
GE0/0 up up 192.16.1.1/30 -- --
GE0/1 down down -- -- --
GE0/2 down down -- -- --
GE5/0 down down -- -- --
GE5/1 down down -- -- --
GE6/0 down down -- -- --
GE6/1 down down -- -- --
Loop0 up up(s) 100.1.1.1/32 -- --
Ser1/0 down down -- -- --
Ser2/0 down down -- -- --
Ser3/0 down down -- -- --
Ser4/0 down down -- -- --
Vlan10 down down -- -- --
Vlan20 down down -- -- --
Vlan100 down down -- -- --
c
[SW3]vlan 10
[SW3-vlan10]int vlan 10
[SW3-Vlan-interface10]ip address 192.168.1.254 24
[SW3-Vlan-interface10]vlan 20
[SW3-vlan20]int vlan 20
[SW3-Vlan-interface20]ip address 192.168.2.254 24
[SW3-Vlan-interface20]vlan 100
[SW3-vlan100]int vlan 100
[SW3-Vlan-interface100]ip address 172.16.1.2 30
[SW3-Vlan-interface100]dis ip int b
*down: administratively down
(s): spoofing (l): loopback
Interface Physical Protocol IP Address Description
MGE0/0/0 down down -- --
Vlan10 down down 192.168.1.254 --
Vlan20 down down 192.168.2.254 --
Vlan100 down down 172.16.1.2 --2.在SW1和SW2之间配置链路聚合增加链路带宽,提高可靠性
c
[SW1]interface Bridge-Aggregation 1
[SW1-Bridge-Aggregation1]interface range g1/0/3 to g1/0/4
[SW1-if-range]port link-aggregation group 1
[SW1-if-range]dis th
#
interface GigabitEthernet1/0/3
port link-mode bridge
combo enable fiber
port link-aggregation group 1
#
return
c
[SW2]interface Bridge-Aggregation 1
[SW2-Bridge-Aggregation1]int range g1/0/3 to g1/0/4
[SW2-if-range]port link-aggregation group 1
[SW2-if-range]dis th
#
interface GigabitEthernet1/0/3
port link-mode bridge
combo enable fiber
port link-aggregation group 1
#
return3.PC5和PC6属于VLAN10, PC7和PC8属于VLAN20
c
[SW1]vlan 10
[SW1-vlan10]port g1/0/1
[SW1-vlan10]port g1/0/2
[SW1-vlan10]vlan 20
[SW1-vlan20]quit
c
[SW2]vlan 20
[SW2-vlan20]port g1/0/1
[SW2-vlan20]port g1/0/2
[SW2-vlan20]quit
[SW2]vlan 10
[SW2-vlan10]quit4.SW1和SW2属于二层交换机,SW3为三层交换机(VLAN100用于对接R4),在交换机之间相连的链路放行相关VLAN(不允许放行所有VLAN)
c
[SW1]int g1/0/5
[SW1-GigabitEthernet1/0/5]port link-type trunk
[SW1-GigabitEthernet1/0/5]port trunk permit vlan 10 20
[SW1-GigabitEthernet1/0/5]dis th
#
interface GigabitEthernet1/0/5
port link-mode bridge
port link-type trunk
port trunk permit vlan 1 10 20
combo enable fiber
#
return
[SW1-GigabitEthernet1/0/5]quit
[SW1]int Bridge-Aggregation 1
[SW1-Bridge-Aggregation1]port link-type trunk
Configuring GigabitEthernet1/0/3 done.
Configuring GigabitEthernet1/0/4 done.
[SW1-Bridge-Aggregation1]port trunk permit vlan 10 20
Configuring GigabitEthernet1/0/3 done.
Configuring GigabitEthernet1/0/4 done.
[SW1-Bridge-Aggregation1]dis th
#
interface Bridge-Aggregation1
port link-type trunk
port trunk permit vlan 1 10 20
#
return
c
[SW2]int g1/0/5
[SW2-GigabitEthernet1/0/5]port link-type trunk
[SW2-GigabitEthernet1/0/5]port trunk permit vlan 10 20
[SW2-GigabitEthernet1/0/5]dis th
#
interface GigabitEthernet1/0/5
port link-mode bridge
port link-type trunk
port trunk permit vlan 1 10 20
combo enable fiber
#
return
[SW2-GigabitEthernet1/0/5]quit
[SW2]int Bridge-Aggregation 1
[SW2-Bridge-Aggregation1]port link-type trunk
Configuring GigabitEthernet1/0/3 done.
Configuring GigabitEthernet1/0/4 done.
[SW2-Bridge-Aggregation1]port trunk permit vlan 10 20
Configuring GigabitEthernet1/0/3 done.
Configuring GigabitEthernet1/0/4 done.
[SW2-Bridge-Aggregation1]dis th
#
interface Bridge-Aggregation1
port link-type trunk
port trunk permit vlan 1 10 20
#
return
c
[SW3]int g1/0/1
[SW3-GigabitEthernet1/0/1]port link-type trunk
[SW3-GigabitEthernet1/0/1]port trunk permit vlan 10 20
[SW3-GigabitEthernet1/0/1]dis th
#
interface GigabitEthernet1/0/1
port link-mode bridge
port link-type trunk
port trunk permit vlan 1 10 20
combo enable fiber
#
return
[SW3-GigabitEthernet1/0/1]int g1/0/2
[SW3-GigabitEthernet1/0/2]port link-type trunk
[SW3-GigabitEthernet1/0/2]port trunk permit vlan 10 20
[SW3-GigabitEthernet1/0/2]dis th
#
interface GigabitEthernet1/0/2
port link-mode bridge
port link-type trunk
port trunk permit vlan 1 10 20
combo enable fiber
#
return
[SW3]vlan 100
[SW3-vlan100]port g1/0/3
[SW3-vlan100]dis th
#
vlan 100
#
return5.SW3作为DHCP服务器,配置两个地址池,分别为192.168.1.0/24网段和192.168.2.0/24网段网关分别为192.168.1.254和192.168.2.254,dns统一为114.114.114.114;分别排除地址段192.168.1.1-192.168.10和192.168.2.1-192.168.2.10
c
[SW3]dhcp enable
[SW3]dhcp server ip-pool 1
[SW3-dhcp-pool-1]network 192.168.1.0 mask 255.255.255.0
[SW3-dhcp-pool-1]gateway-list 192.168.1.254
[SW3-dhcp-pool-1]dns-list 114.114.114.114
[SW3-dhcp-pool-1]dis th
#
dhcp server ip-pool 1
gateway-list 192.168.1.254
network 192.168.1.0 mask 255.255.255.0
dns-list 114.114.114.114
#
return
[SW3-dhcp-pool-1]quit
[SW3]dhcp enable
[SW3]dhcp server ip-pool 2
[SW3-dhcp-pool-2]network 192.168.2.0 mask 255.255.255.0
[SW3-dhcp-pool-2]gateway-list 192.168.2.254
[SW3-dhcp-pool-2]dns-list 114.114.114.114
[SW3-dhcp-pool-2]dis th
#
dhcp server ip-pool 2
gateway-list 192.168.2.254
network 192.168.2.0 mask 255.255.255.0
dns-list 114.114.114.114
#
return
[SW3-dhcp-pool-2]quit
[SW3]dhcp server forbidden-ip 192.168.1.1 192.168.1.10
[SW3]dhcp server forbidden-ip 192.168.2.1 192.168.2.10
c
[SW3]dis dhcp server ip-in-use
IP address Client identifier/ Lease expiration Type
Hardware address
192.168.1.11 0034-3063-362e-3561- Jul 13 16:30:06 2025 Auto(C)
3462-2e30-3530-362d-
4745-302f-302f-31
192.168.1.12 0034-3063-362e-3631- Jul 13 16:30:12 2025 Auto(C)
6134-2e30-3630-362d-
4745-302f-302f-31
192.168.2.11 0034-3063-362e-3636- Jul 13 16:30:28 2025 Auto(C)
3361-2e30-3730-362d-
4745-302f-302f-31
192.168.2.12 0034-3063-362e-3639- Jul 13 16:30:29 2025 Auto(C)
6536-2e30-3830-362d-
4745-302f-302f-31
[SW3]display dhcp server free-ip
Pool name: 1
Network: 192.168.1.0 mask 255.255.255.0
IP ranges from 192.168.1.11 to 192.168.1.253
Pool name: 2
Network: 192.168.2.0 mask 255.255.255.0
IP ranges from 192.168.2.11 to 192.168.2.253
6.在R4上配置静态路由,使其有到达各个部门的路由,在SW3上配置默认路由,使其全网互通
c
[R4]ip route-static 192.168.1.0 24 172.16.1.2
[R4]ip route-static 192.168.2.0 24 172.16.1.2
[R4]dis th
#
sysname R4
#
telnet server enable
#
system-working-mode standard
xbar load-single
password-recovery enable
lpu-type f-series
#
scheduler logfile size 16
#
ip route-static 192.168.1.0 24 172.16.1.2
ip route-static 192.168.2.0 24 172.16.1.2
#
domain default enable system
#
return
c
[SW3]ip route-static 0.0.0.0 0 172.16.1.1
[SW3]dis th
#
sysname SW3
#
irf mac-address persistent timer
irf auto-update enable
undo irf link-delay
irf member 1 priority 1
#
dhcp enable
dhcp server forbidden-ip 192.168.1.1 192.168.1.10
dhcp server forbidden-ip 192.168.2.1 192.168.2.10
#
lldp global enable
#
system-working-mode standard
xbar load-single
password-recovery enable
lpu-type f-series
#
stp global enable
#
scheduler logfile size 16
#
ip route-static 0.0.0.0 0 172.16.1.1
#
domain default enable system
#
return 7.查看是否实现全网互通
c
[R4]ping 192.168.1.11
Ping 192.168.1.11 (192.168.1.11): 56 data bytes, press CTRL+C to break
56 bytes from 192.168.1.11: icmp_seq=0 ttl=254 time=3.713 ms
56 bytes from 192.168.1.11: icmp_seq=1 ttl=254 time=1.901 ms
56 bytes from 192.168.1.11: icmp_seq=2 ttl=254 time=2.361 ms
56 bytes from 192.168.1.11: icmp_seq=3 ttl=254 time=1.748 ms
56 bytes from 192.168.1.11: icmp_seq=4 ttl=254 time=3.588 ms8.在R4上配置Telnet服务使两个部门都能登录到R4
c
[R4]telnet server enable
[R4]local-user admin class manage
New local user added.
[R4-luser-manage-admin]password simple 123456.com
[R4-luser-manage-admin]authorization-attribute user-role level-15
[R4-luser-manage-admin]service-type telnet
[R4-luser-manage-admin]quit
[R4]user-interface vty 0 4
[R4-line-vty0-4]authentication-mode scheme
[R4-line-vty0-4]user-role level-15
[R4-line-vty0-4]display this
#
line aux 0
user-role network-operator
#
line con 0
user-role network-admin
#
line vty 0 4
authentication-mode scheme
user-role level-15
user-role network-operator
#
line vty 5 63
user-role network-operator
#
return
[R4-line-vty0-4]
c
<H3C>telnet 172.16.1.1
Trying 172.16.1.1 ...
Press CTRL+K to abort
Connected to 172.16.1.1 ...
******************************************************************************
* Copyright (c) 2004-2021 New H3C Technologies Co., Ltd. All rights reserved.*
* Without the owner's prior written consent, *
* no decompiling or reverse-engineering shall be allowed. *
******************************************************************************
Login: admin
Password:
<R4>
<R4>display users
Idx Line Idle Time Pid Type
0 CON 0 00:05:10 Jul 12 19:23:16 11054
+ 66 VTY 0 00:00:00 Jul 12 19:32:46 11067 TEL
Following are more details.
VTY 0 :
User name: admin
Location: 192.168.1.11
+ : Current operation user.
F : Current operation user works in async mode.
<R4>