ip 交换综合实验

一.配置ip

 r2（ISP）

 

 二.创建vlan 

接口模式和允许

lsw1：

vlan batch 2 to 3

interface Vlanif1
ip address 172.16.0.2 30

interface Vlanif2
 ip address 172.16.2.1 30

interface Vlanif3
 ip address 172.16.3.1 30

interface GigabitEthernet0/0/4
port link-type trunk
port trunk allow-pass vlan all

interface GigabitEthernet0/0/5
port link-type trunk
port trunk allow-pass vlan all

lsw2：

vlan batch 2 to 3

interface Vlanif1
 ip address 172.16.0.6 30

interface Vlanif2
 ip address 172.16.2.2 30

interface Vlanif3
 ip address 172.16.3.2 30

interface GigabitEthernet0/0/4
 port link-type trunk
 port trunk allow-pass vlan all

interface GigabitEthernet0/0/5
 port link-type trunk
 port trunk allow-pass vlan all

lsw3：

vlan batch 2 to 3

interface GigabitEthernet0/0/1
 port link-type trunk
 port trunk allow-pass vlan all

interface GigabitEthernet0/0/2
 port link-type trunk
 port trunk allow-pass vlan all

interface GigabitEthernet0/0/3
 port link-type access
 port default vlan 2

interface GigabitEthernet0/0/4
 port link-type access
 port default vlan 3

lsw4:

vlan batch 2 to 3

interface GigabitEthernet0/0/1
 port link-type trunk
 port trunk allow-pass vlan all

interface GigabitEthernet0/0/2
 port link-type trunk
 port trunk allow-pass vlan all

interface GigabitEthernet0/0/3
 port link-type access
 port default vlan 2

interface GigabitEthernet0/0/4
 port link-type access
 port default vlan 3

三.Eth-trunk

lsw1:

interface Eth-Trunk1    #创建

interface GigabitEthernet0/0/2   #将此接口划分入Eth-trunk
eth-trunk 1

interface GigabitEthernet0/0/3  #将此接口划分入Eth-trunk 

eth-trunk 1

interface Eth-Trunk1   #改Eth-trunk接口模式和允许通过vlan
 port link-type trunk
 port trunk allow-pass vlan all

lsw2:

interface Eth-Trunk1    #创建

interface GigabitEthernet0/0/2   #将此接口划分入Eth-trunk
eth-trunk 1

interface GigabitEthernet0/0/3  #将此接口划分入Eth-trunk 

eth-trunk 1

interface Eth-Trunk1   #改Eth-trunk接口模式和允许通过vlan
 port link-type trunk
 port trunk allow-pass vlan all

四.stp

配置

lsw1：

stp mode mstp          #stp模式改为mstp

stp region-configuration       #stp配置
 region-name a                    #所有设备应该在一个组内
 instance 1 vlan 2                #建组1管理vlan2
 instance 2 vlan 3                 #建组2管理vlan3
 active region-configuration    #激活当前配置

stp instance 1 root primary       #定义为组1的主根
stp instance 2 root secondary    #定义为组2的备份根

lsw2:

stp mode mstp

stp region-configuration
 region-name a
 instance 1 vlan 2
 instance 2 vlan 3
 active region-configuration

stp instance 1 root secondary
stp instance 2 root primary

lsw3:

stp mode mstp

stp region-configuration
 region-name a
 instance 1 vlan 2
 instance 2 vlan 3
 active region-configuration

lsw4：

stp mode mstp

stp region-configuration
 region-name a
 instance 1 vlan 2
 instance 2 vlan 3
 active region-configuration

测试

查看组1各lsw接口状态（ROOT 根端口   DEST 指定端口  ALTE 堵塞端口   ）

 

 

 

查看组2各lsw接口状态

 

 

 

 

五.vrrp

 lsw1：

interface Vlanif2
vrrp vrid 1 virtual-ip 172.16.2.254                       #虚拟网关地址
vrrp vrid 1 priority 120                                         #优先级越大越优
vrrp vrid 1 track interface Vlanif1 reduced 30     #若上行链路断开则减小优先级，备份则为主（备                                                                                份设置了100）

interface Vlanif3
 vrrp vrid 2 virtual-ip 172.16.3.254

vrrp vrid 2 priority 100

lsw2：

interface Vlanif2
vrrp vrid 1 virtual-ip 172.16.2.254

vrrp vrid 2 priority 100

interface Vlanif3
vrrp vrid 2 virtual-ip 172.16.3.254
 vrrp vrid 2 priority 120
 vrrp vrid 2 track interface Vlanif1 reduced 30

六.DHCP

lsw1：

ip pool xixi
 gateway-list 172.16.2.254
 network 172.16.2.0 mask 255.255.255.0
 dns-list 114.114.114.144
interface Vlanif2
dhcp select global

ip pool haha
 gateway-list 172.16.3.254
 network 172.16.3.0 mask 255.255.255.0
 dns-list 114.114.114.114

interface Vlanif3
dhcp select global

lsw2:

ip pool xixi
 gateway-list 172.16.2.254
 network 172.16.2.0 mask 255.255.255.0
 dns-list 114.114.114.144
interface Vlanif2
dhcp select global

ip pool haha
 gateway-list 172.16.3.254
 network 172.16.3.0 mask 255.255.255.0
 dns-list 114.114.114.114

interface Vlanif3
dhcp select global

七.ospf

r1：

ospf 1 router-id 1.1.1.1 
 default-route-advertise always  #边界路由器向内强制下发缺省
 area 0.0.0.0 
  network 172.16.0.0 0.0.255.255 

lsw1：

ospf 1 router-id 2.2.2.2
 area 0.0.0.0
  network 172.16.0.0 0.0.255.255

lsw2：

ospf 1 router-id 3.3.3.3
 area 0.0.0.0
  network 172.16.0.0 0.0.255.255

八.缺省和nat   

边界路由器做即可

r1：

ip route-static 0.0.0.0 0.0.0.0 100.1.1.2  #创建acl
acl number 2000  
 rule 5 permit source 172.16.0.0 0.0.255.255 

interface GigabitEthernet0/0/0    #调用
nat outbound 2000

九.测试

上行链路未断开
pc1：

 

 

上行链路断开

pc1：