实验报告
一 实验要求
1.内网IP地址使用172.16.0.0/16
2.SW1和SW2之间互为备份
3.VRRP/stp/vlan/eth-trunk均使用
4.所有PC均通过DHCP获取IP地址
5.ISP只配置IP地址
6.所有电脑可以正常访问ISP路由器环回
二 实验拓补
三 实验步骤
首先,先配置VLAN
[SW3]vlan 2
[SW3-vlan2]vlan 3
[SW4]vlan 2
[SW4-vlan2]vlan 3
更改链路类型:
[SW3]int g0/0/1
[SW3-GigabitEthernet0/0/1]port link-type access
[SW3-GigabitEthernet0/0/1]port default vlan 2
[SW3-GigabitEthernet0/0/1]int g0/0/2
[SW3-GigabitEthernet0/0/2]port link-type access
[SW3-GigabitEthernet0/0/2]port link-type access
[SW3]port-group group-member GigabitEthernet 0/0/3 to GigabitEthernet 0/0/4
[SW3-port-group]port link-type trunk
[SW3-port-group]port trunk allow-pass vlan 2 3
[SW4]int g0/0/1
[SW4-GigabitEthernet0/0/1]port link-type access
[SW4-GigabitEthernet0/0/1]port default vlan 2
[SW4-GigabitEthernet0/0/2]port link-type access
[SW4-GigabitEthernet0/0/2]port default vlan 3
[SW4]port-group group-member GigabitEthernet 0/0/3 to GigabitEthernet 0/0/4
[SW4-port-group]port link-type trunk
[SW4-port-group]port trunk allow-pass vlan 2 3
网关设备:
[SW1]port-group group-member g0/0/3 to g0/0/4
[SW1-port-group]port link-type trunk
[SW1-port-group]port trunk allow-pass vlan 2 3
[SW2]port-group group-member g0/0/3 to g0/0/4
[SW2-port-group]port link-type trunk
[SW2-port-group]port trunk allow-pass vlan 2 3
[SW1]int vlanif 2
[SW1-Vlanif2]ip add 172.16.0.1 26
[SW1-Vlanif2]int vlanif 3
[SW1-Vlanif3]ip add 172.16.0.65 26
[SW2]int vlanif 2
[SW2-Vlanif2]ip add 172.16.0.2 26
[SW2]int vlanif 3
[SW2-Vlanif3]ip add 172.16.0.66 26
好 此时我们来查看一下配置情况 如下图
SW1:
SW2:
解决环路问题:(通过做链路聚合接口解决)
[SW1]int Eth-Trunk 0
[SW2]int Eth-Trunk 0
[SW1-Eth-Trunk0]trunkport GigabitEthernet 0/0/1 to 0/0/2
[SW2-Eth-Trunk0]trunkport GigabitEthernet 0/0/1 to 0/0/2
[SW1-Eth-Trunk0]port link-type trunk
[SW1-Eth-Trunk0]port trunk allow-pass vlan 2 3 10 20
[SW2-Eth-Trunk0]port link-type trunk
[SW2-Eth-Trunk0]port trunk allow-pass vlan 2 3 10 20
其他线路通过MSTP防环
[SW1]stp enable
[SW1]stp mode mstp
[SW1]stp region-configuration
[SW1-mst-region]region-name abc // 其他四个交换机名字要相同
[SW1-mst-region]revision-level 1
[SW1-mst-region]instance 1 vlan 2
[SW1-mst-region]instance 2 vlan 3
[SW1-mst-region]active region-configuration
[SW2]stp enable
[SW2]stp mode mstp
[SW2]stp region-configuration
[SW2-mst-region]region-name abc
[SW2-mst-region]revision-level 1
[SW2-mst-region]instance 1 vlan 2
[SW2-mst-region]instance 2 vlan 3
[SW2-mst-region]active region-configuration
[SW3]stp enable
[SW3]stp mode mstp
[SW3]stp region-configuration
[SW3-mst-region]region-name abc
[SW3-mst-region]revision-level 1
[SW3-mst-region]instance 1 vlan 2
[SW3-mst-region]instance 2 vlan 3
[SW3-mst-region]active region-configuration
[SW4]stp enable
[SW4]stp mode mstp
[SW4]stp region-configuration
[SW4-mst-region]region-name abc
[SW4-mst-region]revision-level 1
[SW4-mst-region]instance 1 vlan 2
[SW4-mst-region]instance 2 vlan 3
[SW4-mst-region]active region-configuration
[SW3]int g0/0/1
[SW3-GigabitEthernet0/0/1]stp edged-port enable
[SW3-GigabitEthernet0/0/1]int g0/0/2
[SW3-GigabitEthernet0/0/2]stp edged-port enable
[SW4]int g0/0/1
[SW4-GigabitEthernet0/0/1]stp edged-port enable
[SW4-GigabitEthernet0/0/1]int g0/0/2
[SW4-GigabitEthernet0/0/2]stp edged-port enable
[SW3]stp bpdu-protection
[SW4]stp bpdu-protection
[SW1]stp instance 1 root primary
[SW1]stp instance 2 root secondary
[SW2]stp instance 1 root secondary
[SW2]stp instance 2 root primary
网关备份:
Vlan2主网关:
[SW1]int vlanif 2
[SW1-Vlanif2]vrrp vrid 1 virtual-ip 172.16.0.62
[SW1-Vlanif2]vrrp vrid 1 priority 120
Vlan2备份网关:
[SW2]int vlanif 2
[SW2-Vlanif2]vrrp vrid 1 virtual-ip 172.16.0.62
Vlan3主网关:
[SW2]int vlanif 3
[SW2-Vlanif3]vrrp vrid 2 virtual-ip 172.16.0.126
[SW2-Vlanif3]vrrp vrid 2 priority 120
Vlan3备份网关
[SW1]int vlanif 3
[SW1-Vlanif3]vrrp vrid 2 virtual-ip 172.16.0.126
我们来查询一下配置情况:
由于网关的切换问题
下一步 配置监听接口
[SW1]int vlanif 2
[SW1-Vlanif2]vrrp vrid 1 track interface g0/0/5 reduced 30
[SW2]int vlanif 3
[SW2-Vlanif3]vrrp vrid 2 track interface g0/0/5 reduced 30
Vlan2的地址下发
[SW1]dhcp enable
[SW1]ip pool aa
[SW1-ip-pool-aa]network 172.16.0.0 mask 26
[SW1-ip-pool-aa]gateway-list 172.16.0.62
[SW1-ip-pool-aa]dns-list 8.8.8.8
[SW1]int vlanif 2
[SW1-Vlanif2]dhcp select global
[SW2]dhcp enable
[SW2]ip pool aa
[SW2-ip-pool-aa]network 172.16.0.0
[SW2-ip-pool-aa]network 172.16.0.0 mask 26
[SW2-ip-pool-aa]gateway-list 172.16.0.62
[SW2-ip-pool-aa]dns-list 8.8.8.8
[SW2]int vlanif 2
[SW2-Vlanif2]dhcp select global
Vlan3的地址下发
[SW1]ip pool bb
[SW1-ip-pool-bb]network 172.16.0.64 mask 26
[SW1-ip-pool-bb]gateway-list 172.16.0.126
[SW1-ip-pool-bb]dns-list 8.8.8.8
[SW1]int Vlanif 3
[SW1-Vlanif3]dhcp select global
[SW2]ip pool bb
[SW2-ip-pool-bb]network 172.16.0.64 mask 26
[SW2-ip-pool-bb]gateway-list 172.16.0.126
[SW2-ip-pool-bb]dns 8.8.8.8
[SW2]int Vlanif 3
[SW2-Vlanif3]dhcp select global
地址池配置完成
我们来ping测试
w
可见 已经实现了pc之间的互通
下一步,我们要实现全网通
首先 我们先配IP地址
[SW1]vlan 10
[SW1]int g0/0/5
[SW1-GigabitEthernet0/0/5]port link-type access
[SW1-GigabitEthernet0/0/5]port default vlan 10
[SW1]int Vlanif 10
[SW1-Vlanif10]ip add 172.16.0.129 26
[SW2]vlan 20
[SW2-GigabitEthernet0/0/5]port link-type access
[SW2-GigabitEthernet0/0/5]port default vlan 20
[SW2]int Vlanif 20
[SW2-Vlanif20]ip add 172.16.0.193 26
R1; 
ISP:
下一步 配置路由协议,使得内网互通
[SW1]ospf 1 router-id 1.1.1.1
[SW1-ospf-1]a 0
[SW1-ospf-1-area-0.0.0.0]net 172.16.0.0 0.0.0.63
[SW1-ospf-1-area-0.0.0.0]net 172.16.0.64 0.0.0.63
[SW1-ospf-1-area-0.0.0.0]net 172.16.0.128 0.0.0.63
[SW2]ospf 1 router-id 2.2.2.2
[SW2-ospf-1]a 0
[SW2-ospf-1-area-0.0.0.0]net 172.16.0.0 0.0.0.63
[SW2-ospf-1-area-0.0.0.0]net 172.16.0.64 0.0.0.63
[SW2-ospf-1-area-0.0.0.0]net 172.16.0. 0.0.0.63
[R1]ospf 1 router-id 3.3.3.3
[R1-ospf-1]a 0
[R1-ospf-1-area-0.0.0.0]net 172.16.0.128 0.0.0.63
[R1-ospf-1-area-0.0.0.0]net 172.16.0.192 0.0.0.63
好 我们此时已经配置完成 全网互通 我们查一下OSPF配置情况
IP学习情况
我们顺便再用ping命令测试是否内网通
下一步 配置NAT,使得内网访问公网
[R1]acl 2000
[R1-acl-basic-2000]rule permit source 172.16.0.0 0.0.0.255
[R1]int g0/0/0
[R1-GigabitEthernet0/0/0]nat outbound 2000
[R1]ip route-static 0.0.0.0 0 12.0.0.2
[R1]ospf 1
[R1-ospf-1]default-route-advertise
好 我们来ping测试一下 内网是否能访问公网
好 配置完成,实验到此结束
扫一扫
912
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
