实验拓扑(实验要求已在拓扑中):
一、地址划分
由于本实验考虑的较少,针对该实验未进行合理的划分,大家记得规划好,有利于汇总。
二、实验步骤:
一、首先进行vlan的配置,此为重中之重。若某个接口少配置vlan,会导致整个实验错误
二、进行链路聚合配置,在SW1和SW2中进行配置,达到增加带宽和备份的效果。
三、设置接口,根据具体需求具体配置
四、配置生成树,达成设备和链路的冗余
五、配置VRRP,达成网关的冗余。
六、配置IP地址,启动OSPF协议
七、进行OSPF合理的优化,例如OPSF在只有两台设备的链路上修改类型为P2P网络类型,加快收敛。在某些接口中配置成禁默接口,防止向其他设备发送hello包。
八、生成树上进行合理的优化,设置边缘端口和一系列保护。
九、配置访问控制列表,实现访问外网的目的
三、实验配置:
AR1:
[r1]
#
sysname r1
#
acl number 2000
rule 5 permit source 172.16.0.0 0.0.255.255
#
interface GigabitEthernet0/0/0
ip address 172.16.20.2 255.255.255.252
#
interface GigabitEthernet0/0/1
ip address 172.16.30.2 255.255.255.252
#
interface GigabitEthernet0/0/2
ip address 10.1.12.1 255.255.255.0
nat outbound 2000
#
ospf 1 router-id 3.3.3.3
default-route-advertise
area 0.0.0.1
network 172.16.20.0 0.0.0.3
network 172.16.30.0 0.0.0.3
#
ip route-static 0.0.0.0 0.0.0.0 10.1.12.2
SW1:
[sw1]
#
sysname sw1
#
vlan batch 2 12 20 #创建vlan
#
stp instance 1 root primary #设置该交换机为实例1的生成树主根
stp instance 2 root secondary #设置该交换机为实例2的生成树备根
stp bpdu-protection
#
stp region-configuration #进入MSTP区域
region-name 1 #给该区域取名
revision-level 1 #更改修订级
instance 1 vlan 1 #说明vlan1走实例1,实例2是vlan1的备根
instance 2 vlan 2
active region-configuration #启动MSTP区域
#
ip pool a
gateway-list 172.16.1.254
network 172.16.1.0 mask 255.255.255.0 #创建地址池
#
ip pool b
gateway-list 172.16.2.254
network 172.16.2.0 mask 255.255.255.0
#
interface Vlanif1 #配置vlan的地址
ip address 172.16.1.1 255.255.255.0
vrrp vrid 1 virtual-ip 172.16.1.254 #设置vrrp的虚拟地址
vrrp vrid 1 priority 120 #设置vrrp的优先级,使该交换机成为vlan1的master
vrrp vrid 1 preempt-mode timer delay 10 #Master出现问题后,backup的抢占时间
vrrp vrid 1 track interface GigabitEthernet0/0/3 reduced 30 #上游设备出现问题,master
变为backup
dhcp select global #dhcp选择global的服务
#
interface Vlanif2
ip address 172.16.2.2 255.255.255.0
vrrp vrid 1 virtual-ip 172.16.2.254 #使其成为vlan1的backup
dhcp select global
#
interface Vlanif12
ip address 172.16.12.1 255.255.255.252
#
interface Vlanif20
ip address 172.16.20.1 255.255.255.252
#
interface Eth-Trunk1 #进入链路聚合
port link-type trunk
port trunk allow-pass vlan 2 12
mode lacp-static #设置为自动聚合
#
interface GigabitEthernet0/0/1
eth-trunk 1
#
interface GigabitEthernet0/0/2
eth-trunk 1
#
interface GigabitEthernet0/0/3
port link-type access
port default vlan 20
stp edged-port enable
#
interface GigabitEthernet0/0/4
port link-type trunk
port trunk allow-pass vlan 2
#
interface GigabitEthernet0/0/5
port link-type trunk
port trunk allow-pass vlan 2
#
ospf 1 router-id 1.1.1.1 #启动ospf协议
silent-interface GigabitEthernet0/0/4 #设置禁默接口,不向下方发送ospf数据包
silent-interface GigabitEthernet0/0/5
silent-interface vlan 1
silent-interface vlan 2
area 0.0.0.0
network 172.16.1.0 0.0.0.255
network 172.16.2.0 0.0.0.255
network 172.16.12.0 0.0.0.3
area 0.0.0.1
network 172.16.20.0 0.0.0.3
SW2:
<sw2>
#
sysname sw2
#
vlan batch 2 12 30
#
stp instance 1 root secondary
stp instance 2 root primary
stp bpdu-protection #设置BPDU保护,防止网络动荡
#
dhcp enable
#
stp region-configuration
region-name 1
revision-level 1
instance 1 vlan 1
instance 2 vlan 2
active region-configuration
#
ip pool a
gateway-list 172.16.1.254
network 172.16.1.0 mask 255.255.255.0
#
ip pool b
gateway-list 172.16.2.254
network 172.16.2.0 mask 255.255.255.0
#
interface Vlanif1
ip address 172.16.1.2 255.255.255.0
vrrp vrid 1 virtual-ip 172.16.1.254
dhcp select global
#
interface Vlanif2
ip address 172.16.2.1 255.255.255.0
vrrp vrid 1 virtual-ip 172.16.2.254
vrrp vrid 1 priority 120
vrrp vrid 1 preempt-mode timer delay 10
vrrp vrid 1 track interface GigabitEthernet0/0/3 reduced 30
dhcp select global
#
interface Vlanif12
ip address 172.16.12.2 255.255.255.252
#
interface Vlanif30
ip address 172.16.30.1 255.255.255.252
#
interface MEth0/0/1
#
interface Eth-Trunk1
port link-type trunk
port trunk allow-pass vlan 2 12
mode lacp-static
#
interface GigabitEthernet0/0/1
eth-trunk 1
#
interface GigabitEthernet0/0/2
eth-trunk 1
#
interface GigabitEthernet0/0/3
port link-type access
port default vlan 30
stp edged-port enable #加快收敛
#
interface GigabitEthernet0/0/4
port link-type trunk
port trunk allow-pass vlan 2
#
interface GigabitEthernet0/0/5
port link-type trunk
port trunk allow-pass vlan 2
#
ospf 1 router-id 2.2.2.2
silent-interface GigabitEthernet0/0/4
silent-interface GigabitEthernet0/0/5
silent-interface vlan 1
silent-interface vlan 2
area 0.0.0.0
network 172.16.2.0 0.0.0.255
network 172.16.1.0 0.0.0.255
network 172.16.12.0 0.0.0.3
area 0.0.0.1
network 172.16.30.0 0.0.0.3
SW3:
<sw3>
#
sysname sw3
#
vlan batch 2
#
stp bpdu-protection
#
stp region-configuration
region-name 1
revision-level 1
instance 1 vlan 1
instance 2 vlan 2
active region-configuration
#
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 2
#
interface GigabitEthernet0/0/2
port link-type trunk
port trunk allow-pass vlan 2
#
interface GigabitEthernet0/0/3
port link-type access
stp edged-port enable
#
interface GigabitEthernet0/0/4
port link-type access
port default vlan 2
stp edged-port enable
SW4:
<sw4>
#
sysname sw4
#
vlan batch 2
#
stp bpdu-protection
#
stp region-configuration
region-name 1
revision-level 1
instance 1 vlan 1
instance 2 vlan 2
active region-configuration
#
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 2
#
interface GigabitEthernet0/0/2
port link-type trunk
port trunk allow-pass vlan 2
#
interface GigabitEthernet0/0/3
port link-type access
stp edged-port enable
#
interface GigabitEthernet0/0/4
port link-type access
port default vlan 2
stp edged-port enable
四、查看实验完成情况
一、查看生成树:
在SW2上查看instance1的生成树:
在SW2上查看instance2的生成树:
二、查看vrrp聚合:
SW1:
此时,SW1已成为vlan1的Master,成为SW2上的backup。
三、查看OSPF邻居
AR1:
SW1:
从图中不难发现,两台设备均有两个邻居,故ospf建邻没问题。
四、查看IP地址下放:
PC1:
PC2:
四、查看是否可以ping通外网:
五、在任何一条线或者任何一个设备上进行断网,只要生成树还存在,那么仍然可以ping通外网