目录
题目
需求(所要实现的功能):
(1)内网IP地址172.16.0.0/16 合理分配
(2)SW1/2之间互为备份
(3)VRRP/STP/VLAN/TRUNK均使用
(4)所有PC通过DHCP获取IP地址
网络部署思路:
1、拓扑设计 -- IP地址规划
2、实施
【1】拓扑的搭建
【2】配置
「1」交换机配置
网关作为了一个广播域的中心出口;生成树的根网桥也是一棵树的中心,也是流量的集合点,若将两者分配不同的设备将导致网络通讯资源浪费,故强烈建议两者在同一台汇聚层设备上;
若使用基于vlan或基于分组的STP协议来工作三层架构中,将导致vlan间或组间通讯时对汇聚层间链路带宽要求较高,可以通过 以太网通道 channel (cisco ) 以太网中继Eth-Trunk(华为) 技术来解决通道技术将多个接口逻辑的整合为一个接口,实现带宽叠加的作用
配置要求:
- 通道的对端必须为同一台设备;
- 通道的所有物理接口应该具有相同的速率、双工模式;相同的类型,相同的vlan允许列表;
创建通道
[sw1]interface Eth-Trunk 0
[sw1-Eth-Trunk0]q
[sw1]int g0/0/3
[sw1-GigabitEthernet0/0/3]eth-trunk 0
Info: This operation may take a few seconds. Please wait for a moment...done.
[sw1-GigabitEthernet0/0/3]int g0/0/2
[sw1-GigabitEthernet0/0/2]eth-trunk 0Info: This operation may take a few seconds. Please wait for a moment...done.
[sw2]interface Eth-Trunk 0
[sw2-Eth-Trunk0]q
[sw2]int g0/0/2
[sw2-GigabitEthernet0/0/2]eth-trunk 0
Info: This operation may take a few seconds. Please wait for a moment...done.
[sw2-GigabitEthernet0/0/2]int g0/0/3
[sw2-GigabitEthernet0/0/3]eth-trunk 0
Info: This operation may take a few seconds. Please wait for a moment...done.
创建vlan2并将接口划入vlan2
[sw3]vlan 2
[sw3-vlan2]q
[sw3]int e0/0/2
[sw3-Ethernet0/0/2]p l a
[sw3-Ethernet0/0/2]p d v 2[sw4]vlan 2
[sw4-vlan2]q
[sw4]int e0/0/2
[sw4-Ethernet0/0/2]p l a
[sw4-Ethernet0/0/2]p d v 2
创建trunk干道
[sw1]vlan 2
[sw1-vlan2]q
[sw1]interface Eth-Trunk 0
[sw1-Eth-Trunk0]p l t
[sw1-Eth-Trunk0]p t a v 2[sw1]port-group group-member g0/0/4 g0/0/5
[sw1-port-group]p l t
[sw1-GigabitEthernet0/0/4]p l t
[sw1-GigabitEthernet0/0/5]p l t
[sw1-port-group]p t a v 2
[sw1-GigabitEthernet0/0/4]p t a v 2
[sw1-GigabitEthernet0/0/5]p t a v 2[sw2]vlan 2
[sw2-vlan2]q
[sw2]int
[sw2]interface e
[sw2]interface Eth-Trunk 0
[sw2-Eth-Trunk0]p l t
[sw2-Eth-Trunk0]p t a v 2
[sw2-Eth-Trunk0]q[sw2]port-group group-member g0/0/4 g0/0/5
[sw2-port-group]p l t
[sw2-GigabitEthernet0/0/4]p l t
[sw2-GigabitEthernet0/0/5]p l t
[sw2-port-group]p t a v 2
[sw2-GigabitEthernet0/0/4]p t a v 2
[sw2-GigabitEthernet0/0/5]p t a v 2[sw3]port-group group-member e0/0/3 e0/0/4
[sw3-port-group]p l t
[sw3-Ethernet0/0/3]p l t
[sw3-Ethernet0/0/4]p l t
[sw3-port-group]p t a v 2
[sw3-Ethernet0/0/3]p t a v 2
[sw3-Ethernet0/0/4]p t a v 2[sw4]port-group group-member e0/0/3 e0/0/4
[sw4-port-group]p l t
[sw4-Ethernet0/0/3]p l t
[sw4-Ethernet0/0/4]p l t
[sw4-port-group]p t a v 2
[sw4-Ethernet0/0/3]p t a v 2
[sw4-Ethernet0/0/4]p t a v 2
生成树:在一个二层交换网络中,生成一棵树型结构,逻辑的阻塞部分接口,使得从根到所有的节点仅存在唯一的路径;当最佳路径故障时,自动打开部分阻塞端口,来实现线路备份的作用;
生成树在生成过程中,应该尽量的生成一棵星型结构,且最短路径树;、
配置生成树
[sw1]stp enable
[sw1]stp region-configuration
[sw1-mst-region]region-name a
[sw1-mst-region]instance 1 vlan 1
[sw1-mst-region]instance 2 vlan 2
[sw1-mst-region]active region-configuration
Info: This operation may take a few seconds. Please wait for a moment...done.[sw2]stp enable
[sw2]stp region-configuration
[sw2-mst-region]region-name a
[sw2-mst-region]instance 1 vlan 1
[sw2-mst-region]instance 2 vlan 2
[sw2-mst-region]active region-configuration
Info: This operation may take a few seconds. Please wait for a moment...done.[sw3]stp enable
[sw3]stp region-configuration
[sw3-mst-region]region-name a
[sw3-mst-region]instance 1 vlan 1
[sw3-mst-region]instance 2 vlan 2
[sw3-mst-region]active region-configuration
Info: This operation may take a few seconds. Please wait for a moment...done.[sw4]stp enable
[sw4]stp region-configuration
[sw4-mst-region]region-name a
[sw4-mst-region]instance 1 vlan 1
[sw4-mst-region]instance 2 vlan 2
[sw4-mst-region]active region-configuration
Info: This operation may take a few seconds. Please wait for a moment...done.
调整根网桥
[sw1]stp instance 1 root primary
[sw1]stp instance 2 root secondary[sw2]stp instance 1 root primary
[sw2]stp instance 2 root secondary
配置SVI和VRRP
[sw1]interface vlan1
[sw1-Vlanif1]ip add 172.16.1.1 24[sw1-Vlanif1]vrrp vrid 1 virtual-ip 172.16.1.150
[sw1-Vlanif1]vrrp vrid 1 track interface GigabitEthernet 0/0/1 reduced 30
[sw1-Vlanif1]interface vlan2
[sw1-Vlanif2]ip add 172.16.2.1 24[sw1-Vlanif2]vrrp vrid 2 virtual-ip 172.16.2.150
[sw2]interface vlan1
[sw2-Vlanif1]ip add 172.16.1.254 24[sw2-Vlanif1]vrrp vrid 1 virtual-ip 172.16.1.150
[sw2-Vlanif1]interface vlan2
[sw2-Vlanif2]ip add 172.16.2.254 24[sw2-Vlanif2]vrrp vrid 2 virtual-ip 172.16.2.150
[sw2-Vlanif2]vrrp vrid 2 priority 120
[sw2-Vlanif2]vrrp vrid 2 track interface GigabitEthernet 0/0/1 reduced 30
配置dhcp
[sw1]dhcp enable
[sw1]ip pool aa
Info:It's successful to create an IP address pool.
[sw1-ip-pool-aa]gateway-list 172.16.1.1
[sw1-ip-pool-aa]network 172.16.1.0 mask 24
[sw1-ip-pool-aa]dns-list 114.114.114.114 8.8.8.8[sw1]ip pool bb
[sw1-ip-pool-bb]network 172.16.2.0 mask 24
[sw1-ip-pool-bb]gateway-list 172.16.2.1
[sw1-ip-pool-bb]dns-list 114.114.114.114 8.8.8.8[sw1]interface Vlanif 1
[sw1-Vlanif1]dhcp select global
[sw1-Vlanif1]interface Vlanif 2
[sw1-Vlanif2]dhcp select global[sw2]ip pool aa
[sw2-ip-pool-aa]network 172.16.1.0 mask 24
[sw2-ip-pool-aa]gateway-list 172.16.1.1
[sw2-ip-pool-aa]dns-list 114.114.114.114 8.8.8.8
[sw2-ip-pool-aa]q
[sw2]ip pool bb
[sw2-ip-pool-bb]network 172.16.2.0 ma 24
[sw2-ip-pool-bb]gateway-list 172.16.2.1
[sw2-ip-pool-bb]dns-list 114.114.114.114 8.8.8.8[sw2]int Vlanif 1
[sw2-Vlanif1]dhcp select global
[sw2-Vlanif1]int Vlanif 2
[sw2-Vlanif2]dhcp select global
查看PC地址
PC1
PC2
PC3
PC4
「2」接口配置
配置公网接口IP
AR1
AR2
配置核心层接口IP
sw1
[sw1]vlan 99
[sw1-vlan99]q
[sw1]int Vlanif 99
[sw1-Vlanif99]ip address 172.16.0.2 30
[sw1-Vlanif99]int g0/0/1
[sw1-GigabitEthernet0/0/1]p l a
[sw1-GigabitEthernet0/0/1]p d v 99sw2
[sw2]vlan 99
[sw2-vlan99]q
[sw2]int Vlanif 99
[sw2-Vlanif99]ip add 172.16.0.6 30
[sw2-Vlanif99]q
[sw2]int GigabitEthernet 0/0/1
[sw2-GigabitEthernet0/0/1]p l a
[sw2-GigabitEthernet0/0/1]port d v 99
「3」路由配置
核心层路由
AR1
sw1
sw2
配置nat
[r1]ip route-static 0.0.0.0 0 10.1.1.2
[r1]acl 2000
[r1-acl-basic-2000]rule permit source 172.16.0.0 0.0.255.255
[r1-acl-basic-2000]int g0/0/1
[r1-GigabitEthernet0/0/1]nat outbound 2000
「4」测试
338
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
