HCIP实验-三层架构

实验拓扑图：

实验要求：如图所示

实验过程：

1.IP地址规划：

公网随意，私网1基于192.168.0.0/16合理划分

具体如图：

2.交换部分

eth-trunk

lsw1:

[Huawei]interface Eth-Trunk 0

[Huawei-Eth-Trunk0]q

[Huawei]int g0/0/22

[Huawei-GigabitEthernet0/0/22]eth-trunk 0

[Huawei]int g0/0/23

[Huawei-GigabitEthernet0/0/23]eth-trunk 0

lsw2:

[Huawei]interface Eth-Trunk 0

[Huawei-Eth-Trunk0]q

[Huawei]int g0/0/22

[Huawei-GigabitEthernet0/0/22]eth-trunk 0

[Huawei]int g0/0/23

[Huawei-GigabitEthernet0/0/23]eth-trunk 0

效果如图：

vlan和trunk

lsw1:

[Huawei]vlan batch 2 to 3

[Huawei]port-group group-member g0/0/1 to g0/0/3 Eth-Trunk 0

[Huawei-port-group]port link-type trunk

[Huawei-port-group]port trunk allow-pass vlan all

lsw2:

[Huawei]vlan batch 2 to 3

[Huawei]port-group group-member g0/0/1 to g0/0/3 Eth-Trunk 0

[Huawei-port-group]port link-type trunk

[Huawei-port-group]port trunk allow-pass vlan all

lsw3:

[Huawei]vlan batch 2 to 3

[Huawei]port-group group-member g0/0/1 g0/0/2

[Huawei-port-group]port link-type trunk

[Huawei-port-group]port trunk allow-pass vlan all

[Huawei-port-group]q

[Huawei]port-group group-member e0/0/1 e0/0/2

[Huawei-port-group]port link-type access

[Huawei-port-group]port default vlan 2

lsw4:

[Huawei]vlan batch 2 to 3

[Huawei]port-group group-member g0/0/1 g0/0/2

[Huawei-port-group]port link-type trunk

[Huawei-port-group]port trunk allow-pass vlan all

[Huawei-port-group]q

[Huawei]port-group group-member e0/0/1 e0/0/2

[Huawei-port-group]port link-type access

[Huawei-port-group]port default vlan 3

lsw5:

[Huawei]vlan batch 2 to 3

[Huawei]port-group group-member g0/0/1 g0/0/2

[Huawei-port-group]port link-type trunk

[Huawei-port-group]port trunk allow-pass vlan all

[Huawei-port-group]q

[Huawei]int e0/0/1

[Huawei-Ethernet0/0/1]port link-type access

[Huawei-Ethernet0/0/1]port default vlan 2

[Huawei-Ethernet0/0/1]q

[Huawei]interface e0/0/2

[Huawei-Ethernet0/0/2]port link-type access

[Huawei-Ethernet0/0/2]port default vlan 3

STP

LSW1:

[Huawei]stp enable

[Huawei]stp region-configuration

[Huawei-mst-region]region-name a

[Huawei-mst-region]instance 1 vlan 2

[Huawei-mst-region]instance 2 vlan 3

[Huawei-mst-region]active region-configuration

LSW2-LSW5和LSW1配置一样

按要求调整根与备份根

LSW1:

[Huawei]stp instance 1 root primary

[Huawei]stp instance 2 root secondary

LSW2:

[Huawei]stp instance 2 root primary

[Huawei]stp instance 1 root secondary

效果图：

SVI:

LSW1:

[Huawei]int Vlanif 2

[Huawei-Vlanif2]ip add 192.168.2.1 24

[Huawei-Vlanif2]q

[Huawei]int Vlanif 3

[Huawei-Vlanif3]ip add 192.168.3.1 24

LSW2:

[Huawei]int Vlanif 2

[Huawei-Vlanif2]ip add 192.168.2.2 24

[Huawei-Vlanif2]q

[Huawei]int Vlanif 3

[Huawei-Vlanif3]ip add 192.168.3.2 24

vrrp:

LSW1:

[Huawei]int Vlanif 2

[Huawei-Vlanif2]vrrp vrid 1 virtual-ip 192.168.2.254

[Huawei-Vlanif2]vrrp vrid 1 priority 120

[Huawei-Vlanif2]vrrp vrid 1 track interface g0/0/24 reduced 30

[Huawei]int Vlanif 3

[Huawei-Vlanif2]vrrp vrid 2 virtual-ip 192.168.3.254

LSW2:

[Huawei]int Vlanif 3

[Huawei-Vlanif2]vrrp vrid 2 virtual-ip 192.168.3.254

[Huawei-Vlanif2]vrrp vrid 2 priority 120

[Huawei-Vlanif2]vrrp vrid 2 track interface g0/0/24 reduced 30

[Huawei]int Vlanif 2

[Huawei-Vlanif2]vrrp vrid 1 virtual-ip 192.168.2.254

效果图：

DHCP

LSW1:

[Huawei]dhcp enable

[Huawei]ip pool v2

[Huawei-ip-pool-v2]network 192.168.2.0 mask 24

[Huawei-ip-pool-v2]gateway-list 192.168.2.254

[Huawei-ip-pool-v2]q

[Huawei]int Vlanif 2

[Huawei-Vlanif2]dhcp select global

[Huawei-Vlanif2]q

[Huawei]ip pool v3

[Huawei-ip-pool-v3]network 192.168.3.0 mask 24

[Huawei-ip-pool-v3]gateway-list 192.168.3.254

[Huawei-ip-pool-v3]q

[Huawei]int Vlanif 3

[Huawei-Vlanif3]dhcp select global

LSW2:

[Huawei]dhcp enable

[Huawei]ip pool v2

[Huawei-ip-pool-v2]network 192.168.2.0 mask 24

[Huawei-ip-pool-v2]gateway-list 192.168.2.254

[Huawei-ip-pool-v2]q

[Huawei]int Vlanif 2

[Huawei-Vlanif2]dhcp select global

[Huawei-Vlanif2]q

[Huawei]ip pool v3

[Huawei-ip-pool-v3]network 192.168.3.0 mask 24

[Huawei-ip-pool-v3]gateway-list 192.168.3.254

[Huawei-ip-pool-v3]q

[Huawei]int Vlanif 3

[Huawei-Vlanif3]dhcp select global

效果图：

3.IP部分

配置IP

注意：调整交换机核心层接口为三层接口，启ospf协议，模拟路由器

注意：由于模拟器不支持该操作，在本实验中将三层接口划入vlan4，并创建一个SVI，可模拟出相同的效果

LSW1:

[Huawei]vlan 4

[Huawei-vlan4]q

[Huawei]interface g0/0/24

[Huawei-GigabitEthernet0/0/24]port link-type access

[Huawei-GigabitEthernet0/0/24]port default vlan 4

[Huawei-GigabitEthernet0/0/24]q

[Huawei]interface Vlanif 4

[Huawei-Vlanif4]ip add 192.168.0.2 30

LSW2:

[Huawei]vlan 4

[Huawei-vlan4]q

[Huawei]interface g0/0/24

[Huawei-GigabitEthernet0/0/24]port link-type access

[Huawei-GigabitEthernet0/0/24]port default vlan 4

[Huawei-GigabitEthernet0/0/24]q

[Huawei]interface Vlanif 4

[Huawei-Vlanif4]ip add 192.168.0.6 30

R1:

[Huawei]int g0/0/1

[Huawei-GigabitEthernet0/0/1]ip add 192.168.0.1 30

[Huawei-GigabitEthernet0/0/1]int g0/0/2

[Huawei-GigabitEthernet0/0/2]ip add 192.168.0.5 30

[Huawei-GigabitEthernet0/0/2]int g0/0/0

[Huawei-GigabitEthernet0/0/0]ip add 12.1.1.1 24

R2:

[Huawei]int l0

[Huawei-LoopBack0]ip add 2.2.2.2 24

[Huawei-LoopBack0]q

[Huawei]int g0/0/0

[Huawei-GigabitEthernet0/0/0]ip add 12.1.1.2 24

内网启动ospf，实现内网通

LSW1:

[Huawei]ospf

[Huawei-ospf-1]area 0

[Huawei-ospf-1-area-0.0.0.0]network 192.168.0.0 0.0.255.255

LSW2:

[Huawei]ospf

[Huawei-ospf-1]area 0

[Huawei-ospf-1-area-0.0.0.0]network 192.168.0.0 0.0.255.255

R1:

[Huawei]ospf

[Huawei-ospf-1]area 0

[Huawei-ospf-1-area-0.0.0.0]network 192.168.0.0 0.0.255.255

此时，内网全通，如图：

实现公网访问：

R1:

[Huawei]ospf

[Huawei-ospf-1]default-route-advertise always

[Huawei-ospf-1]q

[Huawei]ip route-static 0.0.0.0 0 12.1.1.2

[Huawei]acl 2000

[Huawei-acl-basic-2000]rule permit source 192.168.0.0 0.0.255.255

[Huawei-acl-basic-2000]q

[Huawei]int g0/0/0

[Huawei-GigabitEthernet0/0/0]nat outbound 2000

此时私网可以访问公网，如图：