1.实验要求
2.实验拓扑搭建
3. 实验配置
Eth-trunk配置
SW1:
int Eth-Trunk 0
int g 0/0/5
eth-trunk 0
int g 0/0/3
eth-trunk 0
SW2:
int Eth-Trunk 0
int g 0/0/5
eth-trunk 0
int g 0/0/3
eth-trunk 0
trunk干道配置
sw1&sw2:
interface GigabitEthernet 0/0/2
port link-type trunk
port trunk allow-pass vlan 1 2
q
interface GigabitEthernet 0/0/4
port link-type trunk
port trunk allow-pass vlan 1 2SW3:
port-group group-member g0/0/1 to g0/0/2
port link-type trunk
port trunk allow-pass vlan 1 2
SW4:
port-group group-member g0/0/1 to g0/0/2
port link-type trunk
port trunk allow-pass vlan 1 2
Vlan的创建于划分
在每个交换机上创建vlan2
SW3:
port-group group-member g0/0/3 to g0/0/4
port link-type access
int g0/0/3
port default vlan 1
int g0/0/4
port default vlan 2SW4:
port-group group-member g0/0/3 to g0/0/4
port link-type access
int g0/0/3
port default vlan 1
int g0/0/4
port default vlan 2
生成树配置
SW1:
stp enable
stp region-configuration
region-name a
instance 1 vlan 1
instance 2 vlan 2
active region-configuration
stp instance 1 root primary
stp instance 2 root secondarySW2:
stp enable
stp region-configuration
region-name a
instance 1 vlan 1
instance 2 vlan 2
active region-configuration
stp instance 1 root primary
stp instance 2 root secondarySW3:
stp enable
stp region-configuration
region-name a
instance 1 vlan 1
instance 2 vlan 2
active region-configurationSW4:
stp enable
stp region-configuration
region-name a
instance 1 vlan 1
instance 2 vlan 2
active region-configuration
SVI配置
SW1:
int vlan 1
ip address 172.16.1.1 24
int vlan 2
ip address 172.16.2.1 24
SW2:
int vlan 1
ip address 172.16.1.2 24
int vlan 2
ip address 172.16.2.2 24
VRRP配置
SW1:
int vlanif 1
vrrp vrid 1 virtual-ip 172.16.1.254
vrrp vrid 1 priority 120
vrrp vrid 1 track int g0/0/1
int vlanif 2
vrrp vrid 1 virtual-ip 172.16.2.254
vrrp vrid 1 track int g0/0/1 reduced 30SW2:
int vlanif 1
vrrp vrid 1 virtual-ip 172.16.1.254
vrrp vrid 1 track int g0/0/1
int vlanif 2
vrrp vrid 1 virtual-ip 172.16.2.254
vrrp vrid 1 priority 120
vrrp vrid 1 track int g0/0/1 reduced 30
DHCP配置
SW1:
dhcp enable
ip pool 1
network 172.16.1.0 mask 24
gateway-list 172.16.1.254
dns-list 8.8.8.8
ip pool 2
network 172.16.2.0 mask 24
gateway-list 172.16.2.254
dns-list 8.8.8.8
int vlan 1
dhcp select global
int vlan 2
dhcp select globalSW2:
dhcp enable
ip pool 1
network 172.16.1.0 mask 24
gateway-list 172.16.1.254
dns-list 8.8.8.8
ip pool 2
network 172.16.2.0 mask 24
gateway-list 172.16.2.254
dns-list 8.8.8.8
int vlan 1
dhcp select global
int vlan 2
dhcp select global
交换机与路由器间配置
SW1:
vlan 10
int g 0/0/1
port link-type access
port default vlan 10
int vlanif 10
ip address 172.16.11.1 24
ip route-static 0.0.0.0 0 172.16.11.2SW2:
vlan 20
int g 0/0/1
port link-type access
port default vlan 20
int vlanif 20
ip address 172.16.12.1 24
ip route-static 0.0.0.0 0 172.16.12.2
R1:
int g 0/0/1
ip address 172.16.11.2 24
int g 0/0/2
ip address 172.16.12.2 24
ip route-static 172.16.1.0 24 172.16.12.1
ip route-static 172.16.1.0 24 172.16.11.1
ip route-static 172.16.2.0 24 172.16.12.1
ip route-static 172.16.2.0 24 172.16.11.1
int g 0/0/0
ip address 12.1.1.1 24
acl number 2000
rule 1 permit source 172.16.0.0 0.0.255.255
int g 0/0/0
nat outbound 2000
ip route-static 0.0.0.0 0 12.1.1.2R2:
int g 0/0/0
ip address 12.1.1.2 24
int l0
ip address 1.1.1.1 24
测试
断开私网1后测试