BCMSN实验

一、Ether channel

三层交换机之间绑channel,形成port接口
int range g0/1-2
no switchport
channel-group 1 mode on
switchport trunk encapsulation dot1q
switchport mode trunk

起trunk之后一定要检查trunk是否建立成功，在两台设备上都检查

show int trunk

二、DTP

只有连接的电脑在不同的vlan的交换机才需要起trunk

SW1

int range f0/23-24
switchport mode dynamic desirable

三、VTP

只在一台设备上起VTP，其他设备被同步，接入层设备要调成client模式

SW1
vtp domain ccnp
vtp password cisco
vlan 2
name aa
exit
vlan 3
name bb
exit

show vtp status

其他交换机加入这个域
vtp domain ccnp
vtp password cisco
接入层设备
vtp mode client

没有trunk的交换机不能起VTP，先加入域，再手工配置vlan
在有vlan2和vlan3的交换机上
vtp domain ccnp
vtp password cisco
vlan 2
exit
vtp mode client
先创建vlan2，再改模式为client，因为client模式下不能创建vlan
vtp domain ccnp
vtp password cisco
vlan 3
exit
vtp mode client

把接口划分到vlan
int f0/1
swithport mode access
swithport access vlan 2
spanning-tree portfast

(switchport host=swithport mode access+spanning-tree portfast)

两台三层交换机连接纯vlan2的接口要划入vlan2，vlan3同理；
int f0/3
switchport mode access
switchport access vlan 2
spanning-tree portfast

所有的交换器起SVI，交换机和路由器开远程登录，方便管理

四、STP

show spanning-tree 查看根网桥在哪个交换机上

最左边的三层交换机作为vlan2的主根网桥，vlan3的备份根网桥
左
spanning-tree vlan 2 root primary
spanning-tree vlan 3 root secondary
右
spanning-tree vlan 3 primary
spanning-tree vlan 2 secondary

所有交换机做骨干加速
spanning-tree backbonefast
所有接入层交换机做上行链路加速
spanning-tree uplinkfast （接入层设备被固定为非根设备）

五、HSRP

左
ip routing
int vlan 2
ip address 172.16.2.254 255.255.255.0
no shutdown
int vlan 3
ip address 172.16.3.254 255.255.255.0
no shutdown
连接最右交换机的三层接口
int f0/5
no switchport
ip address 172.16.1.254

右同理，地址为172.16.2.253 172.16.3.253 172.16.1.253

左做vlan2的主网关，vlan3的备份,f0/5的主网关
int vlan 2
standby 1 ip 172.16.2.1
standby 1 priority 101
standby 1 preempt
standby 1 track f0/1

改优先级则当主网关，不改为备份网关

int vlan 3
standby 1 ip 172.16.3.1
standby preempt
standby 1 track f0/1

int f0/5
standby 1 ip 172.16.1.1
standby 1 priority 101
standby 1 preempt
standby 1 track f0/1

右做vlan3的主网关，vlan2的备份
int vlan 2
standby 1 ip 172.16.2.1
standby 1 preempt 
standby 1 track f0/1

int vlan 3
standby 1 ip 172.16.3.1
standby 1 priority 101
standby preempt
standby 1 track f0/1

int f0/5
standby 1 ip 172.16.1.1
standby 1 preempt
standby 1 track f0/1

show standby

active---主
standby--备份

六、DHCP

给服务器手工配置地址172.16.1.250，网关是172.16.1.1

左写DHCP
ip dhcp pool v2
network 172.16.2.0 255.255.255.0
default-router 172.16.2.1
dns-server 114.114.114.114

ip dhcp pool v3
network 172.16.3.0 255.255.255.0
default-router 172.16.3.1
dns-server 114.114.114.114

右是同样的配置

若左的设备down之后，查看网关是否冗余成功，在右上查看
show standby
show spanning-tree

七、起动态路由协议---三层交换机和路由器宣告内网

左
int f0/1
no switchport 
ip address 192.168.1.2 255.255.252.0
np shutdown

两个三层交换机上
router eigrp 90
no auto-summary
network 172.16.0.0
network 192.168.1.0

汇总
int f0/1
ip summary-address eigrp 90 172.16.0.0 255.255.252.0

路由器
router eigrp 90
no auto-summary
network 192.168.1.0

路由器写静态路由指向ISP，再把缺省导入内网
ip route 0.0.0.0 0.0.0.0 12.1.1.2
router eigrp 90
redistribute static

NAT
access-list 1 permit 172.16.0.0 0.0.255.255
access-list 1 permit 192.168.1.0 0.0.0.255
ip nat inside source list 1 int f0/0
int f0/0
ip nat outside
int f0/1
ip nat inside
int f1/0
ip nat inside

优化：

eigrp建邻之后，会和所有邻居发送hello包，两台三层交换机会和接入层交换机发hello包，这些hello包需要抑制，只保留和路由器以及channel口的邻居关系，使用被动接口
show ip eigrp neighbors

router eigrp 90
passive-interface f0/2
passive-interface f0/3

如果有100个邻居关系，使用passive-interface default，这样所有接口的hello全被拒绝，再使用单播建邻
neighbor 192.168.1.1 f0/1
neighbor 172.16.2.253 vlan 2
neighbor 172.16.3.253 vlan 3