一、实验拓扑
二、实验目的
三、实验思路
- IP地址划分
- eth-truck 、 创建vlan 划分vlan 、 truck、 stp 、 svi 、 vrrp、 dhcp
四、实验配置
1、进行eth-truck
sw1和sw2
[sw1]interface Eth-Trunk 0
[sw1-Eth-Trunk0]q
[sw1]int g0/0/22
[sw1-GigabitEthernet0/0/22]eth-trunk 0
[sw1-GigabitEthernet0/0/22]q
[sw1]int g0/0/23
[sw1-GigabitEthernet0/0/23]eth-trunk 0
[sw1-GigabitEthernet0/0/23]q
[sw2]int Eth-Trunk 0
[sw2-Eth-Trunk0]int g0/0/22
[sw2-GigabitEthernet0/0/22]e
[sw2-GigabitEthernet0/0/22]eth-trunk 0
[sw2-GigabitEthernet0/0/22]q
[sw2]int g0/0/23
[sw2-GigabitEthernet0/0/23]eth-trunk 0
[sw2-GigabitEthernet0/0/23]q
配置结果:
2、创建vlan、接口划入vlan、truck干道
sw1、sw2只创建vlan并truck干道即可
[sw1]vlan 2
[sw1-vlan2]q
[sw1]port-group group-member GigabitEthernet 0/0/1 to GigabitEthernet 0/0/2 Eth-
Trunk 0
[sw1-port-group]port link-type trunk
[sw1-GigabitEthernet0/0/1]port link-type trunk
[sw1-GigabitEthernet0/0/2]port link-type trunk
[sw1-Eth-Trunk0]port link-type trunk
[sw1-port-group]port trunk allow-pass vlan 2
[sw1-GigabitEthernet0/0/1]port trunk allow-pass vlan 2
[sw1-GigabitEthernet0/0/2]port trunk allow-pass vlan 2
[sw1-Eth-Trunk0]port trunk allow-pass vlan 2
[sw2]vlan 2
[sw2-vlan2]q
[sw2]port-group group-member GigabitEthernet 0/0/1 to GigabitEthernet 0/0/2 Eth-
Trunk 0
[sw2-port-group]port link-type trunk
[sw2-GigabitEthernet0/0/1]port link-type trunk
[sw2-GigabitEthernet0/0/2]port link-type trunk
[sw2-Eth-Trunk0]port link-type trunk
[sw2-port-group]port trunk allow-pass vlan 2
[sw2-GigabitEthernet0/0/1]port trunk allow-pass vlan 2
[sw2-GigabitEthernet0/0/2]port trunk allow-pass vlan 2
[sw2-Eth-Trunk0]port trunk allow-pass vlan 2
sw3、sw4有两个truck干道(与sw1和sw2相连)并将其e0/0/2口划入vlan2中
[sw3]vlan 2
[sw3-vlan2]q
[sw3]int e0/0/2
[sw3-Ethernet0/0/2]port link-type access
[sw3-Ethernet0/0/2]port default vlan 2
[sw3-Ethernet0/0/2]q
[sw3]port-group group-member g0/0/1 e0/0/3
[sw3-port-group]port link-type trunk
[sw3-GigabitEthernet0/0/1]port link-type trunk
[sw3-Ethernet0/0/3]port link-type trunk
[sw3-port-group]port trunk allow-pass vlan 2
[sw3-GigabitEthernet0/0/1]port trunk allow-pass vlan 2
[sw3-Ethernet0/0/3]port trunk allow-pass vlan 2
[sw4]vlan 2
[sw4-vlan2]q
[sw4]int e0/0/2
[sw4-Ethernet0/0/2]port link-type access
[sw4-Ethernet0/0/2]port default vlan 2
[sw4-Ethernet0/0/2]q
[sw4]port-group group-member g0/0/1 e0/0/3
[sw4-port-group]port link-type trunk
[sw4-GigabitEthernet0/0/1]port link-type trunk
[sw4-Ethernet0/0/3]port link-type trunk
[sw4-port-group]port trunk allow-pass vlan 2
[sw4-GigabitEthernet0/0/1]port trunk allow-pass vlan 2
[sw4-Ethernet0/0/3]port trunk allow-pass vlan 2
3、STP
//在sw1、2、3、4都进行如下操作
[sw1]stp region-configuration
[sw1-mst-region]region-name A
[sw1-mst-region]instance 1 vlan 1
[sw1-mst-region]instance 2 vlan 2
[sw1-mst-region]active region-configuration
sw1为vlan1的主,将vlan1的备份放置sw2
//组1的主根
[sw1]stp instance 1 root primary
//组2的备份根
[sw1]stp instance 2 root secondary
sw2为vlan2的主,将vlan2的备份放置sw1
[sw2]stp instance 1 root secondary
[sw2]stp instance 2 root primary
配置结果:
如图所示组1中全为指定端口(自身为主根),在组2中Eth-Truck0口为ROOT(对端为主根)
为防止后续添加vlan(添加至组0中),防止根网桥出现在3或4中,将sw1当组0的根,sw2当组0的备份根
接入层交换机中将连接用户接口stp边缘接口配置
[sw3]port-group group-member Ethernet 0/0/1 to Ethernet 0/0/22
[sw3-port-group]stp edged-port enable
4、SVI
[sw1]interface vlan 1
[sw1-Vlanif1]ip add 172.16.1.1 25
[sw1]int vlan 2
[sw1-Vlanif2]ip add 172.16.1.129 25
[sw1-Vlanif2]
[sw2]int vlan 1
[sw2-Vlanif1]ip add 172.16.1.2 25
[sw2]int vlan 2
[sw2-Vlanif2]ip add 172.16.1.130 25
5、VRRP(网关冗余)
[sw1]interface Vlanif 1
//vrrp虚拟网关ip
[sw1-Vlanif1]vrrp vrid 1 virtual-ip 172.16.1.126
//更改优先级110,使自身做主网关
[sw1-Vlanif1]vrrp vrid 1 priority 110
//上行链路追踪若其断开则将主网关给sw2
[sw1-Vlanif1]vrrp vrid 1 track interface GigabitEthernet 0/0/24 reduced 20
[sw2]int Vlanif 1
[sw2-Vlanif1]vrrp vrid 1 virtual-ip 172.16.1.126
[sw2]int vlan2
[sw2-Vlanif2]vrrp vrid 1 virtual-ip 172.16.1.254
[sw2-Vlanif2]vrrp vrid 1 priority 110
[sw2-Vlanif2]vrrp vrid 1 track interface GigabitEthernet 0/0/24 reduced 20
[sw1]int vlan2
[sw1-Vlanif2]vrrp vrid 1 virtual-ip 172.16.1.254
6、DHCP
sw1:
dhcp enable
ip pool g1
network 172.16.1.0 mask 25
gateway-list 172.16.1.126
dns-list 8.8.8.8
q
ip pool g2
network 172.16.1.128 mask 25
gateway-list 172.16.1.254
dns-list 8.8.8.8
q
int Vlanif 1
dhcp select global
int vlan 2
dhcp select global
sw2:
dhcp enable
ip pool g1
network 172.16.1.0 mask 25
gateway-list 172.16.1.126
dns-list 8.8.8.8
q
ip pool g2
network 172.16.1.128 mask 25
gateway-list 172.16.1.254
dns-list 8.8.8.8
q
int Vlanif 1
dhcp select global
int vlan 2
dhcp select global
7、配置路由IP
SW1:
vlan 100
q
int vlan 100
ip address 172.16.0.1 30
int g0/0/1
port link-type access
port default vlan 100
SW2:
vlan 100
q
int vlan 100
ip add 172.16.0.5 30
int g0/0/1
port link-type access
port default vlan 100
R1:
int g0/0/0
ip add 172.16.0.2 30
int g0/0/2
ip add 172.16.0.6 30
int g0/0/1
ip add 12.1.1.1 24
R2:
int l0
ip add 1.1.1.1 24
int g0/0/0
ip add 12.1.1.2 24
8、开启路由协议
使用ospf动态协议
R1
ospf 1 router-id 1.1.1.1
a 0
network 172.16.0.0 0.0.0.255
q
SW1
ospf 1 router-id 1.1.1.2
a 0
network 172.16.0.1 0.0.0.0
q
area 1
network 172.16.1.1 0.0.0.0
network 172.16.1.129 0.0.0.0
abr-summary 172.16.1.0 255.255.255.0
SW2
ospf 1 router-id 2.2.2.2
a 0
network 172.16.0.5 0.0.0.0
q
area 1
network 172.16.1.2 0.0.0.0
network 172.16.1.130 0.0.0.0
abr-summary 172.16.1.0 255.255.255.0
因为三层交换机的ospf的定期hello包发送,会使得整个网络充满洪泛流量
所以把部分端口调整为静默接口
SW1
ospf 1
silent-interface all
//因端口过多,所有沉默所有端口,把需要发送流量的端口打开
undo silent-interface GigabitEthernet 0/0/1
undo silent-interface Eth-Trunk 0
undo silent-interface Vlanif 1
undo silent-interface Vlanif 100
SW2
ospf 1
silent-interface all
undo silent-interface GigabitEthernet 0/0/1
undo silent-interface Eth-Trunk 0
undo silent-interface Vlanif 1
undo silent-interface Vlanif 100
R1
与外网通信,需要NAT服务,和缺省
ip route-static 0.0.0.0 0 12.1.1.2
ospf 1
default-route-advertise
q
acl 2000
rule permit source 172.16.0.0 0.0.255.255
q
int g0/0/1
nat outbound 2000