题目
实验需求:
1、内网IP地址使用172.16.0.0/16
2、SW1和SW2之间互为备份;
3、VRRP/stp/vlan/eth-trunk均使用;
4、所有pc均通过DHCP获取IP地址;
5、ISP只配置IP地址;
6、所有电脑可以正常访问ISP路由器环回
实验步骤
配置思路:
1、划分IP网段,拓扑图中共4个网段,划分网段方式多样,上图划分方式可做参考。
2、创建eth-trunk,加入相应接口
3、创建vlan、划分vlan、trunk干道
4、MSTP
5、配置VRRP,增强设备可靠性
6、配置DHCP,并测试
7、交换机(sw1/sw2)与路由器之间的配置(IP地址及路由),这一步中的路由协议的选择看个人,静态、动态都可以实现全网通,本次实验因为路由器个数少,故我选择了配置静态路由。
8、配置NAT,做公私网的转换。
9、测试全网通
一.配置聚合口,将相应接口接入
[SW1]int Eth-Trunk 0
[SW1-Eth-Trunk0]trunkport GigabitEthernet 0/0/1 to 0/0/2
[SW2]int Eth-Trunk 0
[SW2-Eth-Trunk0]trunkport GigabitEthernet 0/0/1 to 0/0/2二.创建,划分VLAN,trunk干道
[SW1-Eth-Trunk0]vlan 2
[SW1-vlan2]vlan 3
[SW1-vlan3]vlan 10
[SW1-vlan10]
[SW1]vlan 20
[SW1-vlan20]q
[SW1]port-group group-member g0/0/3 to g0/0/4
[SW1-port-group]port link-type trunk
[SW1-GigabitEthernet0/0/3]port link-type trunk
[SW1-GigabitEthernet0/0/4]port link-type trunk
[SW1-port-group]port trunk allow-pass vlan 2 3
[SW1-GigabitEthernet0/0/3]port trunk allow-pass vlan 2 3
[SW1-GigabitEthernet0/0/4]port trunk allow-pass vlan 2 3
[SW2]vlan 2
[SW2-vlan2]vlan 3
[SW2-vlan3]q
[SW2]vlan 20
[SW2]vlan 10
[SW2-vlan10]q
[SW2]port-group group-member g0/0/3 to g0/0/4
[SW2-port-group]port link-type trunk
[SW2-GigabitEthernet0/0/3]port link-type trunk
[SW2-GigabitEthernet0/0/4]port link-type trunk
[SW2-port-group]port trunk allow-pass vlan 2 3
[SW2-GigabitEthernet0/0/3]port trunk allow-pass vlan 2 3
[SW2-GigabitEthernet0/0/4]port trunk allow-pass vlan 2 3
三.放通聚合链路的vlan2、vlan3、vlan10、vlan20
[SW1]int Eth-Trunk 0
[SW1-Eth-Trunk0]port link-type trunk
[SW1-Eth-Trunk0]port trunk allow-pass vlan 2 3 10 20
[SW2]interface Eth-Trunk 0
[SW2-Eth-Trunk0]port link-type trunk
[SW2-Eth-Trunk0]port trunk allow-pass vlan 2 3 10 20
[sw3]vlan 2
[sw3-vlan2]vlan 3
[sw3]int g0/0/1
[sw3-GigabitEthernet0/0/1]port link-type access
[sw3-GigabitEthernet0/0/1]port default vlan 2
[sw3]int g0/0/2
[sw3-GigabitEthernet0/0/2]port link-type access
[sw3-GigabitEthernet0/0/2]port default vlan 3
[sw3]port-group group-member g0/0/3 to g0/0/4
[sw3-port-group]port link-type trunk
[sw3-GigabitEthernet0/0/3]port link-type trunk
[sw3-GigabitEthernet0/0/4]port link-type trunk
[sw3-port-group]port trunk allow-pass vlan 2 3
[sw3-GigabitEthernet0/0/3]port trunk allow-pass vlan 2 3
[sw3-GigabitEthernet0/0/4]port trunk allow-pass vlan 2 3
[SW4]vlan 2
[SW4]vlan 3
[SW4]int g0/0/1
[SW4-GigabitEthernet0/0/1]port link-type access
[SW4-GigabitEthernet0/0/1]port default vlan 2
[SW4]int g0/0/2
[SW4-GigabitEthernet0/0/2]port link-type access
[SW4-GigabitEthernet0/0/2]port default vlan 3
[SW4]port-group group-member g0/0/3 to g0/0/4
[SW4-port-group]port link-type trunk
[SW4-GigabitEthernet0/0/3]port link-type trunk
[SW4-GigabitEthernet0/0/4]port link-type trunk
[SW4-port-group]port trunk allow-pass vlan 2 3
[SW4-GigabitEthernet0/0/3]port trunk allow-pass vlan 2 3
[SW4-GigabitEthernet0/0/4]port trunk allow-pass vlan 2 3
四.配置MSTP,做SW1和SW2的备份
1.SW1至SW4都需要配置MSTP
[SW1]stp enable
[SW1]stp mode mstp
[SW1]stp region-configuration
[SW1-mst-region]region-name aa
[SW1-mst-region]instance 1 vlan 2
[SW1-mst-region]instance 2 vlan 3
[SW1-mst-region]active region-configuration
[SW2]stp mode mstp
[SW2]stp region-configuration
[SW2-mst-region]region-name aa
[SW2-mst-region]instance 1 vlan 2
[SW2-mst-region]instance 2 vlan 3
[SW2-mst-region]active region-configuration
[sw3]stp enable
[sw3]stp mode mstp
[sw3]stp region-configuration
[sw3-mst-region]region-name aa
[sw3-mst-region]instance 1 vlan 2
[sw3-mst-region]instance 2 vlan 3
[sw3-mst-region]active region-configuration
[SW4]stp enable
[SW4]stp mode mstp
[SW4]stp region-configuration
[SW4-mst-region]region-name aa
[SW4-mst-region]instance 1 vlan 2
[SW4-mst-region]instance 2 vlan 3
[SW4-mst-region]active region-configuration
2.在SW1和SW2上做备份
[SW1]stp instance 1 root primary //将instan 1作为SW1的主根
[SW1]stp instance 2 root secondary //将instan 2作为SW1的备份根
[SW2]stp instance 1 root secondary //将instan 1作为SW2的备份根
[SW2]stp instance 2 root primary //将instan 2作为SW2的主根
3.配置边缘端口保护功能
[sw3]port-group group-member g0/0/1 to g0/0/2
[sw3-port-group]stp edged-port enable
[sw3-GigabitEthernet0/0/1]stp edged-port enable
[sw3-GigabitEthernet0/0/2]stp edged-port enable
[SW3]stp bpdu-protection
[SW4]port-group group-member g0/0/1 to g0/0/2
[SW4-port-group]stp edged-port enable
[SW4-GigabitEthernet0/0/1]stp edged-port enable
[SW4-GigabitEthernet0/0/2]stp edged-port enable
[SW4]stp bpdu-protection
五.配置VRRP,增加设备可靠性
在SW1中Vlan2为主网关,vlan3为备份网关
[SW1]int Vlanif 2
[SW1-Vlanif2]ip add 172.16.0.1 26
[SW1-Vlanif2]vrrp vrid 1 virtual-ip 172.16.0.62
[SW1-Vlanif2]vrrp vrid 1 priority 120
[SW1-Vlanif2]vrrp vrid 1 track interface g0/0/5 reduced 30
[SW1]int Vlanif 3
[SW1-Vlanif3]ip add 172.16.0.65 26
[SW1-Vlanif3]vrrp vrid 2 virtual-ip 172.16.0.126
在SW2中Vlan2为备份网关,vlan3为主网关
[SW2]int Vlanif 2
[SW2-Vlanif2]ip add 172.16.0.2 26
[SW2-Vlanif2]vrrp vrid 1 virtual-ip 172.16.0.62
[SW2]int Vlanif 3
[SW2-Vlanif3]ip add 172.16.0.66 26
[SW2-Vlanif3]vrrp vrid 2 virtual-ip 172.16.0.126
[SW2-Vlanif3]vrrp vrid 2 priority 120
[SW2-Vlanif3]vrrp vrid 2 track interface g0/0/5 reduced 30
六.配置DHCP服务,并在接口下应用此服务
分析:SW1和SW2均为vlan2、vlan3的网关设备,所以应该在两个设备上都配置vlan2和vlan3的地址池。
[SW1]dhcp enable
[SW1]ip pool aa
[SW1-ip-pool-aa]network 172.16.0.0 mask 26
[SW1-ip-pool-aa]gateway-list 172.16.0.62
[SW1-ip-pool-aa]dns-list 8.8.8.8
[SW1]ip pool bb
[SW1-ip-pool-bb]network 172.16.0.64 mask 26
[SW1-ip-pool-bb]gateway-list 172.16.0.126
[SW1-ip-pool-bb]dns-list 8.8.8.8
[SW1]int Vlanif 2
[SW1-Vlanif2]dhcp select global
[SW1]int Vlanif 3
[SW1-Vlanif3]dhcp select global
[SW2]dhcp enable
[SW2]ip pool aa
[SW2-ip-pool-aa]network 172.16.0.0 mask 26
[SW2-ip-pool-aa]gateway-list 172.16.0.62
[SW2-ip-pool-aa]dns-list 8.8.8.8
[SW2]ip pool bb
[SW2-ip-pool-bb]network 172.16.0.64 mask 26
[SW2-ip-pool-bb]gateway-list 172.16.0.126
[SW2-ip-pool-bb]dns-list 8.8.8.8
[SW2]int Vlanif 2
[SW2-Vlanif2]dhcp select global
[SW2]int Vlanif 3
[SW2-Vlanif3]dhcp select global
测试:
七.交换机(sw1/sw2)与路由器之间的配置
注意:路由协议的选择看个人,静态、动态都可实现内网通
1.在SW1的配置:
[SW1]vlan 10
[SW1]int g0/0/5
[SW1-GigabitEthernet0/0/5]port link-type access
[SW1-GigabitEthernet0/0/5]port default vlan 10
[SW1]int Vlanif 10
[SW1-Vlanif10]ip add 172.16.0.129 26
配置SW1与R1之间的路由
[SW1]ip route-static 0.0.0.0 0 172.16.0.130
2.在SW2的配置
[SW2]vlan 20
[SW2]int g0/0/5
[SW2-GigabitEthernet0/0/5]port link-type access
[SW2-GigabitEthernet0/0/5]port default vlan 20
[SW2]int Vlanif 20
[SW2-Vlanif20]ip add 172.16.0.193 26
配置SW2与R1之间的路由
[SW2]ip route-static 0.0.0.0 0 172.16.0.194
3.在R1上的配置
配置设备IP地址
[R1]int g0/0/1
[R1-GigabitEthernet0/0/1]ip add 172.16.0.130 26
[R1]int g0/0/2
[R1-GigabitEthernet0/0/2]ip add 172.16.0.194 26
[R1]int g0/0/0
[R1-GigabitEthernet0/0/0]ip add 12.0.0.1 24
配置R1到vlan2、vlan3之间的路由
[R1]ip route-static 172.16.0.0 26 172.16.0.129
[R1]ip route-static 172.16.0.0 26 172.16.0.193
[R1]ip route-static 172.16.0.64 26 172.16.0.129
[R1]ip route-static 172.16.0.64 26 172.16.0.193
4.ISP的配置
[ISP]int g0/0/0
[ISP-GigabitEthernet0/0/0]ip add 12.0.0.2 24
[ISP]int l0
[ISP-LoopBack0]ip add 2.2.2.2 24
八.在网络出口设备上做nat,保证内网的流量能上到公网
[R1]acl 2000
[R1-acl-basic-2000]rule permit source 172.16.0.0 0.0.0.255
[R1]int g0/0/0
[R1-GigabitEthernet0/0/0]nat outbound 2000
在网络出口设备上做缺省路由
[R1]ip route-static 0.0.0.0 0 12.0.0.2
测试全网通
比如:测试主机到2.2.2.0/24的连通性;
比如:测试主机之间的连通性;
扫一扫
1905
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
