简单园区网

拓扑图

要求

分析

1.根据拓扑图为各个交换机配置vlan,在部分接口删除vlan1的放通避免可能的阻塞

2.在sw1和sw2上创建各个vlan的vlanif接口并完成相应配置，对sw1和sw2间的双链路进行聚合链路操作，sw1和sw2与上层路由器r1的互联通过新建vlan和vlanif接口完成

3.在sw1、sw2、sw3、sw4上配置mstp,完成主根配置并避免链路成环,并在sw1、sw2上配置vrrp完成主网关配置和主备操作

4.完成路由器的ip配置，在sw1和sw2上添加指向边界路由器r1的缺省路由；边界路由器r1上添加指向下层sw1和sw2的对私网内ip汇总后的静态路由，并调高指向sw2的静态路由的优先级，以优先发送给sw1；边界路由器r1上再添加一个指向公网路由器isp的缺省路由

5.在边界路由器r1对外的接口上完成acl和nat配置

6.在sw1和sw2上都完成dhcp配置

搭建

1.vlan配置

//sw3
[sw3]vlan batch 2 to 3 20 30
[sw3-GigabitEthernet0/0/1]port link-type access
[sw3-GigabitEthernet0/0/1]port default vlan 2
[sw3-GigabitEthernet0/0/2]port link-type access
[sw3-GigabitEthernet0/0/2]port default vlan 3
[sw3-GigabitEthernet0/0/3]port link-type trunk
[sw3-GigabitEthernet0/0/3]port trunk allow-pass vlan 2 to 3 20 30
[sw3-GigabitEthernet0/0/3]undo port trunk allow-pass vlan 1
[sw3-GigabitEthernet0/0/4]port link-type trunk
[sw3-GigabitEthernet0/0/4]port trunk allow-pass vlan 2 to 3 20 30
[sw3-GigabitEthernet0/0/4]undo port trunk allow-pass vlan 1

//sw4
[sw4]vlan batch 2 to 3 20 30
[sw4-GigabitEthernet0/0/1]port link-type access
[sw4-GigabitEthernet0/0/1]port default vlan 20
[sw4-GigabitEthernet0/0/2]port link-type access
[sw4-GigabitEthernet0/0/2]port default vlan 30
[sw4-GigabitEthernet0/0/3]port link-type trunk
[sw4-GigabitEthernet0/0/3]port trunk allow-pass vlan 2 to 3 20 30
[sw4-GigabitEthernet0/0/4]port link-type trunk
[sw4-GigabitEthernet0/0/4]port trunk allow-pass vlan 2 to 3 20 30

//sw1
[sw1]vlan batch 2 to 3 20 30
[sw1-GigabitEthernet0/0/1]port link-type trunk
[sw1-GigabitEthernet0/0/1]port trunk allow-pass vlan 2 to 3 20 30
[sw1-GigabitEthernet0/0/1]undo port trunk allow-pass vlan 1
[sw1-GigabitEthernet0/0/2]port link-type trunk
[sw1-GigabitEthernet0/0/2]port trunk allow-pass vlan 2 to 3 20 30
[sw1-GigabitEthernet0/0/2]undo port trunk allow-pass vlan 1
[sw1-GigabitEthernet0/0/3]port link-type trunk
[sw1-GigabitEthernet0/0/3]port trunk allow-pass vlan 2 to 3 20 30
[sw1-GigabitEthernet0/0/3]undo port trunk allow-pass vlan 1
[sw1-GigabitEthernet0/0/4]port link-type trunk
[sw1-GigabitEthernet0/0/4]port trunk allow-pass vlan 2 to 3 20 30
[sw1-GigabitEthernet0/0/4]undo port trunk allow-pass vlan 1

//sw2
[sw2]vlan batch 2 to 3 20 30
[sw2-GigabitEthernet0/0/1]port link-type trunk
[sw2-GigabitEthernet0/0/1]port trunk allow-pass vlan 2 to 3 20 30
[sw2-GigabitEthernet0/0/1]undo port trunk allow-pass vlan 1
[sw2-GigabitEthernet0/0/2]port link-type trunk
[sw2-GigabitEthernet0/0/2]port trunk allow-pass vlan 2 to 3 20 30
[sw2-GigabitEthernet0/0/2]undo port trunk allow-pass vlan 1
[sw2-GigabitEthernet0/0/3]port link-type trunk
[sw2-GigabitEthernet0/0/3]port trunk allow-pass vlan 2 to 3 20 30
[sw2-GigabitEthernet0/0/3]undo port trunk allow-pass vlan 1
[sw2-GigabitEthernet0/0/4]port link-type trunk
[sw2-GigabitEthernet0/0/4]port trunk allow-pass vlan 2 to 3 20 30
[sw2-GigabitEthernet0/0/4]undo port trunk allow-pass vlan 1

2.sw1和sw2上vlanif接口与两个交换机间的配置

//sw1
[sw1]int vlanif2
[sw1-Vlanif2]ip address 10.0.2.253 255.255.255.0
[sw1]int vlanif3
[sw1-Vlanif3]ip address 10.0.3.253 255.255.255.0
[sw1]int vlanif20
[sw1-Vlanif20]ip address 10.0.20.253 255.255.255.0
[sw1]int vlanif30
[sw1-Vlanif30]ip address 10.0.30.253 255.255.255.0
[sw1]vlan 4
[sw1]int vlanif4
[sw1-Vlanif4]ip address 10.0.0.1 255.255.255.252
[sw1]vlan 6
[sw1]int vlanif6
[sw1-Vlanif6]ip address 10.0.0.9 255.255.255.252
[sw1]interface Eth-Trunk 0
[sw1-Eth-Trunk0]trunkport GigabitEthernet 0/0/1 to 0/0/2

//sw2
[sw2]int vlanif2
[sw2-Vlanif2]ip address 10.0.2.252 255.255.255.0
[sw2]int vlanif3
[sw2-Vlanif3]ip address 10.0.3.252 255.255.255.0
[sw2]int vlanif20
[sw2-Vlanif20]ip address 10.0.20.252 255.255.255.0
[sw2]int vlanif30
[sw2-Vlanif30]ip address 10.0.30.252 255.255.255.0
[sw2]vlan 5
[sw2]int vlanif5
[sw2-Vlanif5]ip address 10.0.0.5 255.255.255.252
[sw2]vlan 7
[sw2]int vlanif7
[sw2-Vlanif7]ip address 10.0.0.10 255.255.255.252
[sw2]interface Eth-Trunk 0
[sw2-Eth-Trunk0]trunkport GigabitEthernet 0/0/1 to 0/0/2

3.mstp配置

//sw3
[sw3]stp region-configuration 
[sw3-mst-region]region-name hw
[sw3-mst-region]instance 1 vlan 2 to 3
[sw3-mst-region]instance 2 vlan 20 30
[sw3-mst-region]active region-configuration

//sw4
[sw4]stp region-configuration 
[sw4-mst-region]region-name hw
[sw4-mst-region]instance 1 vlan 2 to 3
[sw4-mst-region]instance 2 vlan 20 30
[sw4-mst-region]active region-configuration

//sw1
[sw1]stp region-configuration 
[sw1-mst-region]region-name hw
[sw1-mst-region]instance 1 vlan 2 to 3
[sw1-mst-region]instance 2 vlan 20 30
[sw1-mst-region]active region-configuration
[sw1]stp instance 1 root primary
[sw1]stp instance 2 root secondary
[sw1-Vlanif2]vrrp vrid 1 virtual-ip 10.0.2.254
[sw1-Vlanif2]vrrp vrid 1 priority 120
[sw1-Vlanif3]vrrp vrid 1 virtual-ip 10.0.3.254
[sw1-Vlanif3]vrrp vrid 1 priority 120
[sw1-Vlanif20]vrrp vrid 1 virtual-ip 10.0.20.254
[sw1-Vlanif30]vrrp vrid 1 virtual-ip 10.0.30.254

//sw2
[sw2]stp region-configuration 
[sw2-mst-region]region-name hw
[sw2-mst-region]instance 1 vlan 2 to 3
[sw2-mst-region]instance 2 vlan 20 30
[sw2-mst-region]active region-configuration
[sw2]stp instance 2 root primary
[sw2]stp instance 1 root secondary
[sw2-Vlanif2]vrrp vrid 1 virtual-ip 10.0.2.254
[sw2-Vlanif3]vrrp vrid 1 virtual-ip 10.0.3.254
[sw2-Vlanif20]vrrp vrid 1 virtual-ip 10.0.20.254
[sw2-Vlanif20]vrrp vrid 1 priority 120
[sw2-Vlanif30]vrrp vrid 1 virtual-ip 10.0.30.254
[sw2-Vlanif30]vrrp vrid 1 priority 120

4.配置路由器ip并补充静态路由

//sw1
[sw1]ip route-static 0.0.0.0 0.0.0.0 10.0.0.2

//sw2
[sw2]ip route-static 0.0.0.0 0.0.0.0 10.0.0.6

//r1
[AR1-GigabitEthernet0/0/1]ip address 10.0.0.2 255.255.255.252
[AR1-GigabitEthernet0/0/2]ip address 10.0.0.6 255.255.255.252
[AR1-GigabitEthernet0/0/0]ip address 202.1.1.1 255.255.255.252
[AR1]ip route-static 10.0.0.0 0.255.255.255 10.0.0.1
[AR1]ip route-static 10.0.0.0 0.255.255.255 10.0.0.5 preference 70
[AR1]ip route-static 0.0.0.0 0.0.0.0 202.1.1.2
[AR1]acl 2000
[AR1-acl-basic-2000]rule permit source 10.0.0.0 0.255.255.255
[AR1-GigabitEthernet0/0/0]nat outbound 2000

//isp
[ISP-GigabitEthernet0/0/0]ip address 202.1.1.2 255.255.255.252
[ISP]int LoopBack 0
[ISP-LoopBack0]ip address 100.100.100.100 255.255.255.0

5.dhcp配置

//sw1
[sw1]dhcp enable
[sw1]ip pool vlan2
[sw1-ip-pool-vlan2]gateway-list 10.0.2.254
[sw1-ip-pool-vlan2]network 10.0.2.0 mask 255.255.255.0
[sw1]ip pool vlan3
[sw1-ip-pool-vlan3]gateway-list 10.0.3.254
[sw1-ip-pool-vlan3]network 10.0.3.0 mask 255.255.255.0
[sw1]ip pool vlan20
[sw1-ip-pool-vlan20]gateway-list 10.0.20.254
[sw1-ip-pool-vlan20]network 10.0.20.0 mask 255.255.255.0
[sw1]ip pool vlan30
[sw1-ip-pool-vlan30]gateway-list 10.0.30.254
[sw1-ip-pool-vlan30]network 10.0.30.0 mask 255.255.255.0
[sw1-Vlanif2]dhcp select global
[sw1-Vlanif3]dhcp select global
[sw1-Vlanif20]dhcp select global
[sw1-Vlanif30]dhcp select global

//sw2
[sw2]dhcp enable
[sw2]ip pool vlan2
[sw2-ip-pool-vlan2]gateway-list 10.0.2.254
[sw2-ip-pool-vlan2]network 10.0.2.0 mask 255.255.255.0
[sw2]ip pool vlan3
[sw2-ip-pool-vlan3]gateway-list 10.0.3.254
[sw2-ip-pool-vlan3]network 10.0.3.0 mask 255.255.255.0
[sw2]ip pool vlan20
[sw2-ip-pool-vlan20]gateway-list 10.0.20.254
[sw2-ip-pool-vlan20]network 10.0.20.0 mask 255.255.255.0
[sw2]ip pool vlan30
[sw2-ip-pool-vlan30]gateway-list 10.0.30.254
[sw2-ip-pool-vlan30]network 10.0.30.0 mask 255.255.255.0
[sw1-Vlanif2]dhcp select global
[sw1-Vlanif3]dhcp select global
[sw1-Vlanif20]dhcp select global
[sw1-Vlanif30]dhcp select global

结果

1.pc1连通pc3

2.pc1连通isp的环回接口