1.按照图示的VLAN及IP地址 需求,完成相关配需
2、要求SW1为VLAN 2/3的主根及主网关,SW2为vlan 20/30的主根及主网关,SW1和SW2互为备份
3.上层通过静态路由协议 完成数据通信过程
4.AR1为企业出口路由器
5.要求全网可达
忽略图中的条件三
需求一:vlan划分
在拓扑图里将四个pc分为了四个vlan,可以直接将lsw3下的两个接口作为access接口通行vlan2和vlan3,lsw4下的vlan20和vlan30同理
由于要求在最后是全网可通,所以不需要特地去更改其余接口的vlan放行,均设计为trunk接口并放行vlan2 3 20 30即可
需求二:生成树
MSTP协议的使用,因为整个拓扑中以sw1和sw2为首存在两个树,而能够存在两个树的只能是MSTP而非RSTP和STP,主动调整各个交换机的优先级使其成为主根
并且主动加入缺省路由将其他不同vlan交由路由器处理
在此时还可以将两个主根之间的两条链路聚合
需求三:VRRP
这个涉及到了VRRP内容,也就是VRRP协议,需要我们主动设计每条vlan所在主网关的权限,只需要注意vlan2和3在lsw1,vlan20和30在lsw2然后设计虚拟网关
需求四:DHCP
以sw1和sw2为中心启用DHCP协议分发ip,因为两个树各个主根分别为不同vlan的网关,我们可以以此建立ip地址池。(为了防止其中某个交换机的中途损坏,我们可以在备用主根里同样设计该vlan的地址池,在此实验未显示)
需求五:路由
在因为两个主根为网关且因为交换机只有二层交换技术,对于交换机到路由器AR1我们需要再添加新的vlan用于交换机和路由器的网络连接
需求六:ACL/NAT
为了将园区网的私网内容发送到公网,我们需要主动设计NAT和与之配套的ACL,只需要简单的再AR1的公网接口加入允许所有私网ip通行的命令(permit)
总结需求
| 设备 | 接口/网段 | IP地址 | 角色/功能 |
|---|---|---|---|
| LSW1(核心交换机) | Vlanif2、Vlanif3、Vlanif20、Vlanif30 | 10.0.2.1/24、10.0.3.1/24、10.0.20.1/24、10.0.30.1/24 | VLAN2/3主根+主网关;VLAN20/30备根+备网关;DHCP服务器 |
| LSW1 | Vlanif100(与AR1互联) | 10.0.0.1/30 | 三层互联接口 |
| LSW1 | Vlanif4000(与LSW2互联) | 10.0.0.9/30 | 核心交换机三层互联 |
| LSW2(核心交换机) | Vlanif2、Vlanif3、Vlanif20、Vlanif30 | 10.0.2.2/24、10.0.3.2/24、10.0.20.2/24、10.0.30.2/24 | VLAN20/30主根+主网关;VLAN2/3备根+备网关;DHCP服务器 |
| LSW2 | Vlanif200(与AR1互联) | 10.0.0.5/30 | 三层互联接口 |
| LSW2 | Vlanif4000(与LSW1互联) | 10.0.0.10/30 | 核心交换机三层互联 |
| LSW3(接入交换机) | E0/0/1、E0/0/2 | 无(二层设备) | 下联PC,上联核心交换机Trunk链路 |
命令实现
LSW1
<sw1>sys
Enter system view, return user view with Ctrl+Z.
sw1
Apr 19 2026 15:54:14-08:00 sw1 %%01PHY/1/PHY(l)[0]: GigabitEthernet0/0/5: cha
nge status to up
sw1\]undo info-center enable Info: Information center is disabled. \[sw1\]vlan batch 2 3 20 30 100 4000 Info: This operation may take a few seconds. Please wait for a moment...done. \[sw1\]interface GigabitEthernet 0/0/5 \[sw1-GigabitEthernet0/0/5\]port link-type access \[sw1-GigabitEthernet0/0/5\]port default vlan 100 \[sw1-GigabitEthernet0/0/5\]q \[sw1\]interface Vlanif 100 \[sw1-Vlanif100\]ip address 10.0.0.1 255.255.255.252 \[sw1-Vlanif100\]q \[sw1\]interface GigabitEthernet 0/0/3 \[sw1-GigabitEthernet0/0/3\]port link-type trunk \[sw1-GigabitEthernet0/0/3\]port trunk allow-pass vlan 2 3 20 30 \[sw1-GigabitEthernet0/0/3\]q \[sw1\]interface GigabitEthernet 0/0/4 \[sw1-GigabitEthernet0/0/4\]port link-type trunk \[sw1-GigabitEthernet0/0/4\]port trunk allow-pass vlan 2 3 20 30 \[sw1-GigabitEthernet0/0/4\]q \[sw1\]interface GigabitEthernet 0/0/1 \[sw1-GigabitEthernet0/0/1\]port link-type trunk \[sw1-GigabitEthernet0/0/1\]port trunk allow-pass vlan 2 3 20 30 4000 \[sw1-GigabitEthernet0/0/1\]q \[sw1\]interface GigabitEthernet 0/0/2 \[sw1-GigabitEthernet0/0/2\]port link-type trunk \[sw1-GigabitEthernet0/0/2\]port trunk allow-pass vlan 2 3 20 30 4000 \[sw1-GigabitEthernet0/0/2\]q \[sw1\]interface Vlanif 4000 \[sw1-Vlanif4000\]description LSW1-LSW2 \[sw1-Vlanif4000\]ip address 10.0.0.9 255.255.255.252 \[sw1-Vlanif4000\]q \[sw1\]dhcp enable Info: The operation may take a few seconds. Please wait for a moment.done. \[sw1\]interface Vlanif 2 \[sw1-Vlanif2\]ip address 10.0.2.1 255.255.255.0 \[sw1-Vlanif2\]vrrp vrid 2 virtual-ip 10.0.2.254 \[sw1-Vlanif2\]vrrp vrid 2 priority 120 \[sw1-Vlanif2\]vrrp vrid 2 preempt-mode timer delay 10 \[sw1-Vlanif2\]dhcp select interface \[sw1-Vlanif2\]dhcp server dns-list 8.8.8.8 \[sw1-Vlanif2\]q \[sw1\]interface Vlanif 3 \[sw1-Vlanif3\]ip address 10.0.3.1 255.255.255.0 \[sw1-Vlanif3\]vrrp vrid 3 virtual-ip 10.0.3.254 \[sw1-Vlanif3\]vrrp vrid 3 priority 120 \[sw1-Vlanif3\]vrrp vrid 3 preempt-mode timer delay 10 \[sw1-Vlanif3\]dhcp select interface \[sw1-Vlanif3\]dhcp server dns-list 8.8.8.8 \[sw1-Vlanif3\]q \[sw1\]interface Vlanif 20 \[sw1-Vlanif20\]ip address 10.0.20.1 255.255.255.0 \[sw1-Vlanif20\]vrrp vrid 20 virtual-ip 10.0.20.254 \[sw1-Vlanif20\]dhcp select interface \[sw1-Vlanif20\]dhcp server dns-list 8.8.8.8 \[sw1-Vlanif20\]q \[sw1\]interface Vlanif 30 \[sw1-Vlanif30\]ip address 10.0.30.1 255.255.255.0 \[sw1-Vlanif30\]vrrp vrid 30 virtual-ip 10.0.30.254 \[sw1-Vlanif30\]dhcp select interface \[sw1-Vlanif30\]dhcp server dns-list 8.8.8.8 \[sw1-Vlanif30\]q \[sw1\]stp mode mstp \[sw1\]stp region-configuration \[sw1-mst-region\]region-name MSTP \[sw1-mst-region\]instance 1 vlan 2 3 \[sw1-mst-region\]instance 2 vlan 20 30 \[sw1-mst-region\]revision-level 1 \[sw1-mst-region\]active region-configuration Info: This operation may take a few seconds. Please wait for a moment...done. \[sw1-mst-region\]q \[sw1\]stp instance 1 root primary \[sw1\]stp instance 2 root secondary \[sw1\]ip route-static 0.0.0.0 0.0.0.0 10.0.0.2 \[sw1\]ip route-static 10.0.0.4 255.255.255.252 10.0.0.10 \[sw1\] User interface con0 is available
ISP
LSW2
<sw2>
Apr 19 2026 15:54:14-08:00 sw2 %%01PHY/1/PHY(l)[0]: GigabitEthernet0/0/5: cha
nge status to upsys
Enter system view, return user view with Ctrl+Z.
sw2\]undo info-center enable Info: Information center is disabled. \[sw2\]vlan batch 2 3 20 30 200 4000 Info: This operation may take a few seconds. Please wait for a moment...done. \[sw2\]interface GigabitEthernet 0/0/5 \[sw2-GigabitEthernet0/0/5\]port link-type access \[sw2-GigabitEthernet0/0/5\]port default vlan 200 \[sw2-GigabitEthernet0/0/5\]q \[sw2\]interface Vlanif 200 \[sw2-Vlanif200\]ip address 10.0.0.5 255.255.255.252 \[sw2-Vlanif200\]q \[sw2\]interface GigabitEthernet 0/0/3 \[sw2-GigabitEthernet0/0/3\]port link-type trunk \[sw2-GigabitEthernet0/0/3\]port trunk allow-pass vlan 2 3 20 30 \[sw2-GigabitEthernet0/0/3\]interface GigabitEthernet 0/0/4 \[sw2-GigabitEthernet0/0/4\]port link-type trunk \[sw2-GigabitEthernet0/0/4\]port trunk allow-pass vlan 2 3 20 30 \[sw2-GigabitEthernet0/0/4\]q \[sw2\]interface GigabitEthernet 0/0/1 \[sw2-GigabitEthernet0/0/1\]port link-type trunk \[sw2-GigabitEthernet0/0/1\]port trunk allow-pass vlan 2 3 20 30 4000 \[sw2-GigabitEthernet0/0/1\]q \[sw2\]interface GigabitEthernet 0/0/2 \[sw2-GigabitEthernet0/0/2\]port link-type trunk \[sw2-GigabitEthernet0/0/2\]port trunk allow-pass vlan 2 3 20 30 4000 \[sw2-GigabitEthernet0/0/2\]q \[sw2\]interface Vlanif 4000 \[sw2-Vlanif4000\]description LSW1-LSW2 \[sw2-Vlanif4000\]ip address 10.0.0.10 255.255.255.252 \[sw2-Vlanif4000\]q \[sw2\]dhcp enable Info: The operation may take a few seconds. Please wait for a moment.done. \[sw2\]interface Vlanif 2 \[sw2-Vlanif2\]ip address 10.0.2.2 255.255.255.0 \[sw2-Vlanif2\]vrrp vrid 2 virtual-ip 10.0.2.254 \[sw2-Vlanif2\]dhcp select interface \[sw2-Vlanif2\]dhcp server dns-list 8.8.8.8 \[sw2-Vlanif2\]q \[sw2\]interface Vlanif 3 \[sw2-Vlanif3\]ip address 10.0.3.2 255.255.255.0 \[sw2-Vlanif3\]vrrp vrid 3 virtual-ip 10.0.3.254 \[sw2-Vlanif3\]dhcp select interface \[sw2-Vlanif3\]dhcp server dns-list 8.8.8.8 \[sw2-Vlanif3\]q \[sw2\]interface Vlanif 20 \[sw2-Vlanif20\]ip address 10.0.20.2 255.255.255.0 \[sw2-Vlanif20\]vrrp vrid 20 virtual-ip 10.0.20.254 \[sw2-Vlanif20\]vrrp vrid 20 priority 120 \[sw2-Vlanif20\]vrrp vrid 20 preempt-mode timer delay 10 \[sw2-Vlanif20\]dhcp select interface \[sw2-Vlanif20\]dhcp server dns-list 8.8.8.8 \[sw2-Vlanif20\]q \[sw2\]interface Vlanif 30 \[sw2-Vlanif30\]ip address 10.0.30.2 255.255.255.0 \[sw2-Vlanif30\]vrrp vrid 30 virtual-ip 10.0.30.254 \[sw2-Vlanif30\]vrrp vrid 30 priority 120 \[sw2-Vlanif30\]vrrp vrid 30 preempt-mode timer delay 10 \[sw2-Vlanif30\]dhcp select interface \[sw2-Vlanif30\]dhcp server dns-list 8.8.8.8 \[sw2-Vlanif30\]q \[sw2\]stp mode mstp \[sw2\]stp region-configuration \[sw2-mst-region\]region-name MSTP \[sw2-mst-region\]instance 1 vlan 2 3 \[sw2-mst-region\]instance 2 vlan 20 30 \[sw2-mst-region\]revision-level 1 \[sw2-mst-region\]active region-configuration Info: This operation may take a few seconds. Please wait for a moment...done. \[sw2-mst-region\]q \[sw2\]stp instance 1 root secondary \[sw2\]stp instance 2 root primary \[sw2\]ip route-static 0.0.0.0 0.0.0.0 10.0.0.6 \[sw2\]ip route-static 10.0.0.0 255.255.255.252 10.0.0.9 \[sw2\] User interface con0 is available
LSW4
通过dhcp来获取IP地址
利用pc1来尝试ping通其余的pc以测试是否全网互通
