三层架构实验

1.实验内容

二.实验拓扑

 

三.实验配置

1.创建eht-trunk

[sw1]interface Eth-Trunk 1
[sw1-Eth-Trunk1]int g 0/0/1
[sw1-GigabitEthernet0/0/2]eth-trunk 0

[sw1-Eth-Trunk1]int g 0/0/2
[sw1-GigabitEthernet0/0/2]eth-trunk 0

sw2

[sw2]int Eth-Trunk 0
[sw2]int g 0/0/1
[sw2-GigabitEthernet0/0/1]eth-trunk 0
[sw2]int g0/0/2
[sw2-GigabitEthernet0/0/2]eth-trunk 0

2.创建vlan

sw1
[sw1]vlan 2

sw2
[sw2]vlan 2

sw3
[sw3]vlan 2

sw4
[sw4]vlan 2

3.划分vlan，vlan1都有，不需要划分

sw3

[sw3-vlan2]int e0/0/4	
[sw3-Ethernet0/0/4]port link-type access 
[sw3-Ethernet0/0/4]port default vlan 2

sw4

[sw4]int e 0/0/4	
[sw4-Ethernet0/0/4]port link-type access 
[sw4-Ethernet0/0/4]port default vlan 2

4.创建trunk栈道，由于trunk数量多，可以使用组

sw1

[sw1]port-group group-member Eth-Trunk 0 Ethernet 0/0/1 to Ethernet 0/0/2	
[sw1-port-group]port link-type trunk 
[sw1-port-group]port trunk allow-pass vlan 2

sw2

[sw2]port-group group-member Eth-Trunk 0 Ethernet 0/0/1 to Ethernet 0/0/2
[sw2-port-group]port link-type trunk 
[sw2-port-group]port trunk allow-pass vlan 2

sw3

[sw3]port-group group-member Ethernet 0/0/1 to Ethernet 0/0/2
[sw3-port-group]port link-type trunk 
[sw3-port-group]port trunk allow-pass vlan 2

sw4

[sw4]port-group group-member Ethernet 0/0/1 to Ethernet 0/0/2
[sw4-port-group]port link-type trunk 
[sw4-port-group]port trunk allow-pass vlan 2

4.启动stp，将vlan1分到组1，vlan2分到组2

sw1

[sw1]stp mode mstp 
[sw1]stp enable 
[sw1]stp region-configuration 
[sw1-mst-region]region-name a
[sw1-mst-region]instance 1 vlan 1
[sw1-mst-region]instance 2 vlan 2
[sw1-mst-region]active region-configuration 

sw2

[sw2]stp mode mstp 
[sw2]stp enable 
[sw2]stp region-configuration 
[sw2-mst-region]region-name a
[sw2-mst-region]instance 1 vlan 1
[sw2-mst-region]instance 2 vlan 2
[sw2-mst-region]active region-configuration 

sw3

[sw3]stp mode mstp 
[sw3]stp enable 
[sw3]stp region-configuration 
[sw3-mst-region]region-name a
[sw3-mst-region]instance 1 vlan 1
[sw3-mst-region]instance 2 vlan 2	
[sw3-mst-region]active region-configuration 

sw4

[sw4]stp mode mstp 
[sw4]stp enable 
[sw4]stp region-configuration 
[sw4-mst-region]region-name a	
[sw4-mst-region]instance 1 vlan 1
[sw4-mst-region]instance 2 vlan 2
[sw4-mst-region]active region-configuration 

在sw1上查看stp表，可以看到vlan1的接口在组1，vlan2的接口在组2，同时sw1上的接口都为指定接口，说明sw1为根网桥。

 在sw2上查看，有根端口

 在sw1上做vlan1的主根，在vlan2做备份根，

[sw1]stp instance 1 root primary 
[sw1]stp instance 2 root secondary 

查看stp表，从表上发现，在vlan1中全为指定接口，在vlan2，eth-trhunk 0为根端口

 在sw2上做vlan1的备份根，vlan2的主根

[sw2]stp instance 1 root secondary 
[sw2]stp instance 2 root primary 

查看stp表，可以发现，在vlan1 eth-trunk为根端口，在vlan2全为指定端口

 5.启动svi

sw1

[sw1]interface vlan 1
[sw1-Vlanif1]ip add 172.16.1.1 25
[sw1]int vlan 2
[sw1-Vlanif2]ip add 172.16.1.129 25

sw2

[sw2]int vlan 1
[sw2-Vlanif1]ip add 172.16.1.2 25
[sw2]int vlan 2
[sw2-Vlanif2]ip add 172.16.1.130 25

6.启动vrrp

sw1，在vlan1中配置虚拟ip后，将优先级加大，在做一个上行链路追踪，在vlan2中配置虚拟ip

[sw1]int vlan 1
[sw1-Vlanif1]vrrp vrid 1 virtual-ip 172.16.1.126
[sw1-Vlanif1]vrrp vrid 1 priority 105
[sw1-Vlanif1]vrrp vrid 1 track interface Ethernet 0/0/22 reduced 10

[sw1-Vlanif1]int vlan 2
[sw1-Vlanif2]vrrp vrid 1 virtual-ip 172.16.1.254

sw2在vlan1中配置虚拟ip，在vlan2中配置虚拟IP，加大优先级，做一个上行链路追踪

[sw2]int vlan 1
[sw2-Vlanif1]vrrp vrid 1 virtual-ip 172.16.1.126
[sw2]int vlan 2 
	
[sw2-Vlanif2]vrrp vrid 1 virtual-ip 172.16.1.254	
[sw2-Vlanif2]vrrp vrid 1 priority 105
[sw2-Vlanif2]vrrp vrid 1 track interface Ethernet 0/0/22 reduced 10

查看sw1的vrrp表，在vlan1做主根，vlan2备份根

 查看sw2，在vlan1做备份根，vlan2做主根

 7.配置dhcp

sw1，划分两个池塘，v1，v2

[sw1]dhcp enable 
[sw1]ip pool v1
[sw1-ip-pool-v1]network 172.16.1.0 mask 25
[sw1-ip-pool-v1]gateway-list 172.16.1.126
[sw1-ip-pool-v1]dns-list 114.114.114.114
[sw1-ip-pool-v1]int vlan 1
[sw1-Vlanif1]dhcp select global 

[sw1]ip pool v2
[sw1-ip-pool-v2]network 172.16.1.128 mask 25
[sw1-ip-pool-v2]gateway-list 172.16.1.254
[sw1-ip-pool-v2]dns-list 114.114.114.114
[sw1-ip-pool-v2]int vlan 2
[sw1-Vlanif2]dhcp select global 

sw2

[sw2]dhcp enable 
[sw2]ip pool v1
[sw2-ip-pool-v1]network 172.16.1.0 mask 25
[sw2-ip-pool-v1]gateway-list 172.16.1.126
[sw2-ip-pool-v1]dns-list 114.114.114.114
[sw2-ip-pool-v1]int vlan 1
[sw2-Vlanif1]dhcp select global 

[sw2]ip pool v2
[sw2-ip-pool-v2]network 172.16.1.128 mask 25
[sw2-ip-pool-v2]gateway-list 172.16.1.254
[sw2-ip-pool-v2]dns-list 114.114.114.114
[sw2-ip-pool-v2]int vlan 2
[sw2-Vlanif2]dhcp select global 

查看pc1，成功获取ip，网关指向1.126

 查看pc2，网关指向1.254

 配置r1

[r1]int g 0/0/1
[r1-GigabitEthernet0/0/1]ip add 12.1.1.1 24

[r1]int g 0/0/0
[r1-GigabitEthernet0/0/0]ip add 172.16.0.1 30 

[r1]int g 0/0/2
[r1-GigabitEthernet0/0/2]ip add 172.16.0.5 30

r2

[r2]int g 0/0/0
[r2-GigabitEthernet0/0/0]ip add 12.1.1.2 24
[r2]int lo0
[r2-LoopBack0]ip add 1.1.1.1 24

sw1e0/0/22接口IP

[sw1]vlan 50
[sw1-vlan50]int e 0/0/22
[sw1-Ethernet0/0/22]port link-type access 	
[sw1-Ethernet0/0/22]port default vlan 50
[sw1-Ethernet0/0/22]int vlan 50
[sw1-Vlanif50]ip add 172.16.0.2 30

sw2

[sw2]vlan 50
[sw2-vlan50]int e 0/0/22
[sw2-Ethernet0/0/22]port link-type access 		
[sw2-Ethernet0/0/22]port default vlan 50
[sw2-Ethernet0/0/22]int vlan 50
[sw2-Vlanif50]ip add 172.16.0.6 30

sw1访问r1

[sw1-Vlanif50]ping 172.16.0.1
  PING 172.16.0.1: 56  data bytes, press CTRL_C to break
    Reply from 172.16.0.1: bytes=56 Sequence=1 ttl=255 time=100 ms
    Reply from 172.16.0.1: bytes=56 Sequence=2 ttl=255 time=50 ms
    Reply from 172.16.0.1: bytes=56 Sequence=3 ttl=255 time=40 ms
    Reply from 172.16.0.1: bytes=56 Sequence=4 ttl=255 time=50 ms

sw2访问r1

[sw2-Vlanif50]ping 172.16.0.5
  PING 172.16.0.5: 56  data bytes, press CTRL_C to break
    Reply from 172.16.0.5: bytes=56 Sequence=1 ttl=255 time=60 ms
    Reply from 172.16.0.5: bytes=56 Sequence=2 ttl=255 time=20 ms
    Reply from 172.16.0.5: bytes=56 Sequence=3 ttl=255 time=20 ms
    Reply from 172.16.0.5: bytes=56 Sequence=4 ttl=255 time=10 ms
    Reply from 172.16.0.5: bytes=56 Sequence=5 ttl=255 time=30 ms

8.使用ospf将核心层建立连接

sw1

[sw1]ospf 1 router-id 1.1.1.1
[sw1-ospf-1]area 0
[sw1-ospf-1-area-0.0.0.0]network 172.16.0.0 0.0.255.255

sw2

[sw2]ospf 1 router-id 2.2.2.2 
[sw2-ospf-1]area 0	
[sw2-ospf-1-area-0.0.0.0]network 172.16.0.0 0.0.255.255

r1

[r1]ospf 1 router-id 3.3.3.3	
[r1-ospf-1]area 0
[r1-ospf-1-area-0.0.0.0]network 172.16.0.0 0.0.255.255

查看r1邻居表，邻居建立成功

 由于三成交换机中有多个svi，将会把hello包向二层发送，所以需要配置沉默接口，

sw1，沉默所有接口，将一下三个接口打开即可

[sw1-ospf-1]undo silent-interface Eth-Trunk 0
[sw1-ospf-1]undo silent-interface Vlanif 50
[sw1-ospf-1]undo silent-interface vlaif 2

sw2

[sw2-ospf-1]undo silent-interface Eth-Trunk 0
[sw2-ospf-1]undo silent-interface Vlanif 1
[sw2-ospf-1]undo silent-interface Vlanif 50

在r1上写一条缺省指向r2

[r1]ip route-static 0.0.0.0 0 12.1.1.2

在r1上将缺省宣告到ospf中

[r1-ospf-1]default-route-advertise 

sw1， sw2学到了缺省

9.nat地址转换

在r1上做nat

[r1]acl 2000                	
[r1-acl-basic-2000]rule permit source 172.16.0.0 0.0.255.255
[r1-acl-basic-2000]int g 0/0/1
[r1-GigabitEthernet0/0/1]nat outbound 2000

10.pc1，pc2访问公网

pc1

PC>ping 1.1.1.1

Ping 1.1.1.1: 32 data bytes, Press Ctrl_C to break
Request timeout!
From 1.1.1.1: bytes=32 seq=2 ttl=253 time=78 ms
From 1.1.1.1: bytes=32 seq=3 ttl=253 time=63 ms
From 1.1.1.1: bytes=32 seq=4 ttl=253 time=78 ms
From 1.1.1.1: bytes=32 seq=5 ttl=253 time=78 ms

pc2

PC>ping 1.1.1.1

Ping 1.1.1.1: 32 data bytes, Press Ctrl_C to break
From 1.1.1.1: bytes=32 seq=1 ttl=253 time=78 ms
From 1.1.1.1: bytes=32 seq=2 ttl=253 time=78 ms
From 1.1.1.1: bytes=32 seq=3 ttl=253 time=94 ms
From 1.1.1.1: bytes=32 seq=4 ttl=253 time=62 ms
From 1.1.1.1: bytes=32 seq=5 ttl=253 time=78 ms

访问成功

三层架构搭建成功