简单园区网实验

1.按照图示的VLAN及IP地址需求，完成相关配需

2、要求SW1为VLAN 2/3的主根及主网关，SW2为vlan 20/30的主根及主网关，SW1和SW2互为备份

3.上层通过静态路由协议完成数据通信过程

4.AR1为企业出口路由器

5.要求全网可达
忽略图中的条件三

需求一：vlan划分

在拓扑图里将四个pc分为了四个vlan，可以直接将lsw3下的两个接口作为access接口通行vlan2和vlan3，lsw4下的vlan20和vlan30同理

由于要求在最后是全网可通，所以不需要特地去更改其余接口的vlan放行，均设计为trunk接口并放行vlan2 3 20 30即可

需求二：生成树

MSTP协议的使用，因为整个拓扑中以sw1和sw2为首存在两个树，而能够存在两个树的只能是MSTP而非RSTP和STP，主动调整各个交换机的优先级使其成为主根

并且主动加入缺省路由将其他不同vlan交由路由器处理

在此时还可以将两个主根之间的两条链路聚合

需求三：VRRP

这个涉及到了VRRP内容，也就是VRRP协议，需要我们主动设计每条vlan所在主网关的权限，只需要注意vlan2和3在lsw1，vlan20和30在lsw2然后设计虚拟网关

需求四：DHCP

以sw1和sw2为中心启用DHCP协议分发ip，因为两个树各个主根分别为不同vlan的网关，我们可以以此建立ip地址池。（为了防止其中某个交换机的中途损坏，我们可以在备用主根里同样设计该vlan的地址池，在此实验未显示）

需求五：路由

在因为两个主根为网关且因为交换机只有二层交换技术，对于交换机到路由器AR1我们需要再添加新的vlan用于交换机和路由器的网络连接

需求六：ACL/NAT

为了将园区网的私网内容发送到公网，我们需要主动设计NAT和与之配套的ACL，只需要简单的再AR1的公网接口加入允许所有私网ip通行的命令（permit）

总结需求

设备	接口/网段	IP地址	角色/功能
LSW1（核心交换机）	Vlanif2、Vlanif3、Vlanif20、Vlanif30	10.0.2.1/24、10.0.3.1/24、10.0.20.1/24、10.0.30.1/24	VLAN2/3主根+主网关；VLAN20/30备根+备网关；DHCP服务器
LSW1	Vlanif100（与AR1互联）	10.0.0.1/30	三层互联接口
LSW1	Vlanif4000（与LSW2互联）	10.0.0.9/30	核心交换机三层互联
LSW2（核心交换机）	Vlanif2、Vlanif3、Vlanif20、Vlanif30	10.0.2.2/24、10.0.3.2/24、10.0.20.2/24、10.0.30.2/24	VLAN20/30主根+主网关；VLAN2/3备根+备网关；DHCP服务器
LSW2	Vlanif200（与AR1互联）	10.0.0.5/30	三层互联接口
LSW2	Vlanif4000（与LSW1互联）	10.0.0.10/30	核心交换机三层互联
LSW3（接入交换机）	E0/0/1、E0/0/2	无（二层设备）	下联PC，上联核心交换机Trunk链路

命令实现

LSW1

<sw1>sys

Enter system view, return user view with Ctrl+Z.
$sw1$
Apr 19 2026 15:54:14-08:00 sw1 %%01PHY/1/PHY(l)[0]: GigabitEthernet0/0/5: cha

nge status to up
$sw1\]undo info-center enable Info: Information center is disabled. \[sw1\]vlan batch 2 3 20 30 100 4000 Info: This operation may take a few seconds. Please wait for a moment...done. \[sw1\]interface GigabitEthernet 0/0/5 \[sw1-GigabitEthernet0/0/5\]port link-type access \[sw1-GigabitEthernet0/0/5\]port default vlan 100 \[sw1-GigabitEthernet0/0/5\]q \[sw1\]interface Vlanif 100 \[sw1-Vlanif100\]ip address 10.0.0.1 255.255.255.252 \[sw1-Vlanif100\]q \[sw1\]interface GigabitEthernet 0/0/3 \[sw1-GigabitEthernet0/0/3\]port link-type trunk \[sw1-GigabitEthernet0/0/3\]port trunk allow-pass vlan 2 3 20 30 \[sw1-GigabitEthernet0/0/3\]q \[sw1\]interface GigabitEthernet 0/0/4 \[sw1-GigabitEthernet0/0/4\]port link-type trunk \[sw1-GigabitEthernet0/0/4\]port trunk allow-pass vlan 2 3 20 30 \[sw1-GigabitEthernet0/0/4\]q \[sw1\]interface GigabitEthernet 0/0/1 \[sw1-GigabitEthernet0/0/1\]port link-type trunk \[sw1-GigabitEthernet0/0/1\]port trunk allow-pass vlan 2 3 20 30 4000 \[sw1-GigabitEthernet0/0/1\]q \[sw1\]interface GigabitEthernet 0/0/2 \[sw1-GigabitEthernet0/0/2\]port link-type trunk \[sw1-GigabitEthernet0/0/2\]port trunk allow-pass vlan 2 3 20 30 4000 \[sw1-GigabitEthernet0/0/2\]q \[sw1\]interface Vlanif 4000 \[sw1-Vlanif4000\]description LSW1-LSW2 \[sw1-Vlanif4000\]ip address 10.0.0.9 255.255.255.252 \[sw1-Vlanif4000\]q \[sw1\]dhcp enable Info: The operation may take a few seconds. Please wait for a moment.done. \[sw1\]interface Vlanif 2 \[sw1-Vlanif2\]ip address 10.0.2.1 255.255.255.0 \[sw1-Vlanif2\]vrrp vrid 2 virtual-ip 10.0.2.254 \[sw1-Vlanif2\]vrrp vrid 2 priority 120 \[sw1-Vlanif2\]vrrp vrid 2 preempt-mode timer delay 10 \[sw1-Vlanif2\]dhcp select interface \[sw1-Vlanif2\]dhcp server dns-list 8.8.8.8 \[sw1-Vlanif2\]q \[sw1\]interface Vlanif 3 \[sw1-Vlanif3\]ip address 10.0.3.1 255.255.255.0 \[sw1-Vlanif3\]vrrp vrid 3 virtual-ip 10.0.3.254 \[sw1-Vlanif3\]vrrp vrid 3 priority 120 \[sw1-Vlanif3\]vrrp vrid 3 preempt-mode timer delay 10 \[sw1-Vlanif3\]dhcp select interface \[sw1-Vlanif3\]dhcp server dns-list 8.8.8.8 \[sw1-Vlanif3\]q \[sw1\]interface Vlanif 20 \[sw1-Vlanif20\]ip address 10.0.20.1 255.255.255.0 \[sw1-Vlanif20\]vrrp vrid 20 virtual-ip 10.0.20.254 \[sw1-Vlanif20\]dhcp select interface \[sw1-Vlanif20\]dhcp server dns-list 8.8.8.8 \[sw1-Vlanif20\]q \[sw1\]interface Vlanif 30 \[sw1-Vlanif30\]ip address 10.0.30.1 255.255.255.0 \[sw1-Vlanif30\]vrrp vrid 30 virtual-ip 10.0.30.254 \[sw1-Vlanif30\]dhcp select interface \[sw1-Vlanif30\]dhcp server dns-list 8.8.8.8 \[sw1-Vlanif30\]q \[sw1\]stp mode mstp \[sw1\]stp region-configuration \[sw1-mst-region\]region-name MSTP \[sw1-mst-region\]instance 1 vlan 2 3 \[sw1-mst-region\]instance 2 vlan 20 30 \[sw1-mst-region\]revision-level 1 \[sw1-mst-region\]active region-configuration Info: This operation may take a few seconds. Please wait for a moment...done. \[sw1-mst-region\]q \[sw1\]stp instance 1 root primary \[sw1\]stp instance 2 root secondary \[sw1\]ip route-static 0.0.0.0 0.0.0.0 10.0.0.2 \[sw1\]ip route-static 10.0.0.4 255.255.255.252 10.0.0.10 \[sw1\] User interface con0 is available$

ISP

LSW2

<sw2>

Apr 19 2026 15:54:14-08:00 sw2 %%01PHY/1/PHY(l)[0]: GigabitEthernet0/0/5: cha

nge status to upsys

Enter system view, return user view with Ctrl+Z.
$sw2\]undo info-center enable Info: Information center is disabled. \[sw2\]vlan batch 2 3 20 30 200 4000 Info: This operation may take a few seconds. Please wait for a moment...done. \[sw2\]interface GigabitEthernet 0/0/5 \[sw2-GigabitEthernet0/0/5\]port link-type access \[sw2-GigabitEthernet0/0/5\]port default vlan 200 \[sw2-GigabitEthernet0/0/5\]q \[sw2\]interface Vlanif 200 \[sw2-Vlanif200\]ip address 10.0.0.5 255.255.255.252 \[sw2-Vlanif200\]q \[sw2\]interface GigabitEthernet 0/0/3 \[sw2-GigabitEthernet0/0/3\]port link-type trunk \[sw2-GigabitEthernet0/0/3\]port trunk allow-pass vlan 2 3 20 30 \[sw2-GigabitEthernet0/0/3\]interface GigabitEthernet 0/0/4 \[sw2-GigabitEthernet0/0/4\]port link-type trunk \[sw2-GigabitEthernet0/0/4\]port trunk allow-pass vlan 2 3 20 30 \[sw2-GigabitEthernet0/0/4\]q \[sw2\]interface GigabitEthernet 0/0/1 \[sw2-GigabitEthernet0/0/1\]port link-type trunk \[sw2-GigabitEthernet0/0/1\]port trunk allow-pass vlan 2 3 20 30 4000 \[sw2-GigabitEthernet0/0/1\]q \[sw2\]interface GigabitEthernet 0/0/2 \[sw2-GigabitEthernet0/0/2\]port link-type trunk \[sw2-GigabitEthernet0/0/2\]port trunk allow-pass vlan 2 3 20 30 4000 \[sw2-GigabitEthernet0/0/2\]q \[sw2\]interface Vlanif 4000 \[sw2-Vlanif4000\]description LSW1-LSW2 \[sw2-Vlanif4000\]ip address 10.0.0.10 255.255.255.252 \[sw2-Vlanif4000\]q \[sw2\]dhcp enable Info: The operation may take a few seconds. Please wait for a moment.done. \[sw2\]interface Vlanif 2 \[sw2-Vlanif2\]ip address 10.0.2.2 255.255.255.0 \[sw2-Vlanif2\]vrrp vrid 2 virtual-ip 10.0.2.254 \[sw2-Vlanif2\]dhcp select interface \[sw2-Vlanif2\]dhcp server dns-list 8.8.8.8 \[sw2-Vlanif2\]q \[sw2\]interface Vlanif 3 \[sw2-Vlanif3\]ip address 10.0.3.2 255.255.255.0 \[sw2-Vlanif3\]vrrp vrid 3 virtual-ip 10.0.3.254 \[sw2-Vlanif3\]dhcp select interface \[sw2-Vlanif3\]dhcp server dns-list 8.8.8.8 \[sw2-Vlanif3\]q \[sw2\]interface Vlanif 20 \[sw2-Vlanif20\]ip address 10.0.20.2 255.255.255.0 \[sw2-Vlanif20\]vrrp vrid 20 virtual-ip 10.0.20.254 \[sw2-Vlanif20\]vrrp vrid 20 priority 120 \[sw2-Vlanif20\]vrrp vrid 20 preempt-mode timer delay 10 \[sw2-Vlanif20\]dhcp select interface \[sw2-Vlanif20\]dhcp server dns-list 8.8.8.8 \[sw2-Vlanif20\]q \[sw2\]interface Vlanif 30 \[sw2-Vlanif30\]ip address 10.0.30.2 255.255.255.0 \[sw2-Vlanif30\]vrrp vrid 30 virtual-ip 10.0.30.254 \[sw2-Vlanif30\]vrrp vrid 30 priority 120 \[sw2-Vlanif30\]vrrp vrid 30 preempt-mode timer delay 10 \[sw2-Vlanif30\]dhcp select interface \[sw2-Vlanif30\]dhcp server dns-list 8.8.8.8 \[sw2-Vlanif30\]q \[sw2\]stp mode mstp \[sw2\]stp region-configuration \[sw2-mst-region\]region-name MSTP \[sw2-mst-region\]instance 1 vlan 2 3 \[sw2-mst-region\]instance 2 vlan 20 30 \[sw2-mst-region\]revision-level 1 \[sw2-mst-region\]active region-configuration Info: This operation may take a few seconds. Please wait for a moment...done. \[sw2-mst-region\]q \[sw2\]stp instance 1 root secondary \[sw2\]stp instance 2 root primary \[sw2\]ip route-static 0.0.0.0 0.0.0.0 10.0.0.6 \[sw2\]ip route-static 10.0.0.0 255.255.255.252 10.0.0.9 \[sw2\] User interface con0 is available$

LSW4

通过dhcp来获取IP地址

利用pc1来尝试ping通其余的pc以测试是否全网互通