合理划分ip地址
将172.16.0.0/16进行划分,实验两个三层交换机各需要一个网段,VLAN1和2也需要两个网段,所以此实验共需要两个网段。。
左边骨干:172.16.0.0/30
右边骨干:172.16.0.4/30
VLAN1:172.16.1.0/24
VLAN2:172.16.2.0/24
交换部分——在三层交换机上配置Eth-Trunk
在两个三层交换机上:创建Eth-Trunk 1,并在接口里划入Eth-Trunk1
[LSW1]interface Eth-Trunk 1
[LSW1-Eth-Trunk1]int g 0/0/4
[LSW1-GigabitEthernet0/0/4]eth-trunk 1
[LSW1-GigabitEthernet0/0/4]inter g 0/0/3
[LSW1-GigabitEthernet0/0/3]eth-trunk 1
1.在每台LSW上面创建VLAN2,因为默认有VLAN1
[LSW1]vlan 2
[LSW1-vlan2]
2.每台LSW与LSW之间创建trunk允许所有VLAN通过,以及连接PC接口配置为access模式
LSW1与LSW2之间的Eth-Trunk
LSW1与LSW3之间的两条
LSW2与LSW4之间的两条
[LSW1]interface GigabitEthernet 0/0/2
[LSW1-GigabitEthernet0/0/2]port link-type trunk
[LSW1-GigabitEthernet0/0/2]port trunk allow-pass vlan all
[LSW1-GigabitEthernet0/0/2]q
[LSW1]interface GigabitEthernet 0/0/5
[LSW1-GigabitEthernet0/0/5]port link-type trunk
[LSW1-GigabitEthernet0/0/5]port trunk allow-pass vlan all
LSW3和LSW4连接两个PC
[LSW3]interface Eth0/0/1
[LSW3-Ethernet0/0/1]port link-type access
[LSW3-Ethernet0/0/1]port default vlan 1
[LSW3-Ethernet0/0/1]q
[LSW3]interface Eth0/0/2
[LSW3-Ethernet0/0/2]port link-type access
[LSW3-Ethernet0/0/2]port default vlan 2
3.选用mstp生成树
在要进行生成树的交换机上使用mstp 创建两个组
[LSW1]stp enable
[LSW1]stp mode mstp
[LSW1]stp region-configuration
[LSW1-mst-region]region-name lzy
[LSW1-mst-region]instance 1 vlan 1
[LSW1-mst-region]instance 2 vlan 2
[LSW1-mst-region]active region-configuration
配置完成后 查看stp关系
发现LSW1上有存在根接口,说明LSW1不是根网桥,此时可以修改优先级来将LSW1选为根网桥。
LSW1上:
[LSW1]stp instance 1 root primary 在组1里为主根
[LSW1]stp instance 2 root secondary 在组2里为备份根
LSW2上:
[LSW2]stp instance 1 root secondary 在组1里为备份根
[LSW2]stp instance 2 root primary 在组2里为主根
4.SVI虚拟接口
在两个三层交换机上配置siv,配置地址,由于之前配置trunk所以,允许所有VLAN通过所以 接口都是up
[LSW1]interface vlan 1
[LSW1-Vlanif1]ip address 172.16.1.254 24
[LSW1]interface vlan 2
[LSW1-Vlanif2]ip address 172.16.2.254 24
[LSW2]interface vlan 1
[LSW2-Vlanif1]ip address 172.16.1.253 24
[LSW2]interface vlan 2
[LSW2-Vlanif2]ip address 172.16.2.253 24
5.使用vrrp虚拟路由冗余协议进行网关冗余
LSW1上:
[LSW1]interface vlan 1 进入svi接口
[LSW1-Vlanif1]vrrp vrid 1 virtual-ip 172.16.1.100 定义虚拟ip
[LSW1-Vlanif1]vrrp vrid 1 priority 101 更改优先级为101 使LSW1为主
[LSW1-Vlanif1]vrrp vrid 1 track interface GigabitEthernet 0/0/1 reduced 10 追踪上行链路 默认降10
[LSW1-Vlanif1]q
[LSW1]interface vlan 2
[LSW1-Vlanif2]vrrp vrid 1 virtual-ip 172.16.2.100
[LSW1-Vlanif2]q
LSW2上:
[LSW2]interface vlan 2 进入svi接口
[LSW2-Vlanif2]vrrp vrid 1 virtual-ip 172.16.2.100 定义虚拟ip
[LSW2-Vlanif2]vrrp vrid 1 priority 101 更改优先级为101 使LSW2为主
[LSW2-Vlanif2]vrrp vrid 1 track interface GigabitEthernet 0/0/1
[LSW2-Vlanif2]q
[LSW2]interface vlan 1
[LSW2-Vlanif1]vrrp vrid 1 virtual-ip 172.16.1.100
在LSW1上查看vrrp主备关系
[LSW1]display vrrp brief
VRID State Interface Type Virtual IP
----------------------------------------------------------------
1 Master Vlanif1 Normal 172.16.1.100
1 Backup Vlanif2 Normal 172.16.2.100
----------------------------------------------------------------
Total:2 Master:1 Backup:1 Non-active:0
6.创建dhcp池塘给pc下放IP地址
[LSW1]dhcp enable
[LSW1]ip pool vlan1
[LSW1-ip-pool-vlan1]network 172.16.1.0 mask 24
[LSW1-ip-pool-vlan1]gateway-list 172.16.1.100
[LSW1-ip-pool-vlan1]dns-list 114.114.114.114 8.8.8.8
[LSW1]ip pool vlan2
[LSW1-ip-pool-vlan2]network 172.16.2.0 mask 24
[LSW1-ip-pool-vlan2]dns-list 8.8.8.8
[LSW1-ip-pool-vlan2]gateway-list 172.16.2.100
[LSW1]interface vlan2
[LSW1-Vlanif2]dhcp select global
[LSW1-Vlanif2]q
[LSW1]interface vlan 1
[LSW1-Vlanif1]dhcp select global
[LSW2]dhcp enable
[LSW2]ip pool vlan1
[LSW2-ip-pool-vlan1]network 172.16.1.0 mask 24
[LSW2-ip-pool-vlan1]gateway-list 172.16.1.100
[LSW2-ip-pool-vlan1]dns-list 114.114.114.114 8.8.8.8
[LSW2-ip-pool-vlan1]q
[LSW2]ip pool vlan2
[LSW2-ip-pool-vlan2]network 172.16.2.0 mask 24
[LSW2-ip-pool-vlan2]dns-list 8.8.8.8
[LSW2-ip-pool-vlan2]gateway-list 172.16.2.100
[LSW2-ip-pool-vlan2]q
[LSW2]interface vlan1
[LSW2-Vlanif1]dhcp select global
[LSW2-Vlanif1]q
[LSW2]interface vlan 2
[LSW2-Vlanif2]dhcp select global
在pc上打开dhcp服务,所有PC都正常获取到ip地址
对交换部分进行优化
在接入层,主机不参与生成树选举,不接收来自交换机发出的hello包
[LSW3]interface Eth0/0/1
[LSW3-Ethernet0/0/1]stp edged-port enable
[LSW3-Ethernet0/0/1]interface Eth0/0/2
[LSW3-Ethernet0/0/2]stp edged-port enable
[LSW4]interface Eth0/0/1
[LSW4-Ethernet0/0/1]stp edged-port enable
[LSW4-Ethernet0/0/2]stp edged-port enable
四、路由部分
1.配置路由地址
由于华为模拟器上三层交换机无法配置物理地址,所以可以使用svi虚拟地址,划分VLAN给这个网段专用。
[LSW1]vlan 3
[LSW1]interface vlan 3
[LSW1-Vlanif3]ip address 172.16.0.1 30
[LSW1-Vlanif3]interface g0/0/1
[LSW1-GigabitEthernet0/0/1]port link-type access
[LSW1-GigabitEthernet0/0/1]port default vlan 3
[LSW2]vlan 4
[LSW2]interface vlan 4
[LSW2-Vlanif4]ip address 172.16.0.5 30
[LSW2-Vlanif4]q
[LSW2]interface GigabitEthernet 0/0/1
[LSW2-GigabitEthernet0/0/1]port link-type access
[LSW2-GigabitEthernet0/0/1]port default vlan 4
R1:
[R1]interface GigabitEthernet 2/0/0
[R1-GigabitEthernet2/0/0]ip address 172.16.0.6 30
[R1-GigabitEthernet0/0/0]ip address 172.16.0.2 30
2.使用动态路由协议
在三层交换机和路由器上使用ospf协议互通
[R1]ospf 10 router-id 1.1.1.1
[R1-ospf-10]area 0
[R1-ospf-10-area-0.0.0.0]network 172.16.0.0 0.0.255.255
查看邻居关系
[LSW1]display ospf peer brief
OSPF Process 10 with Router ID 2.2.2.2
Peer Statistic Information
----------------------------------------------------------------------------
Area Id Interface Neighbor id State
0.0.0.0 Vlanif1 3.3.3.3 Full
0.0.0.0 Vlanif2 3.3.3.3 Full
0.0.0.0 Vlanif3 1.1.1.1 Full
----------------------------------------------------------------------------
1
2
3
4
5
6
7
8
9
10
发现trunk上面也多了一个邻居,另外LSW1和LSW的下行链路有发给接入层设备的hello包,所以要在连接二层交换机的接口上设置为沉默接口,不让pc接口来自三层设备的ospf的hello包
[LSW1]ospf 10
[LSW1-ospf-10]silent-interface GigabitEthernet 0/0/5
[LSW1-ospf-10]silent-interface GigabitEthernet 0/0/2
[LSW2]ospf 10
[LSW2-ospf-10]silent-interface GigabitEthernet 0/0/5
[LSW2-ospf-10]silent-interface GigabitEthernet 0/0/2
此时再查看
[LSW1]display ospf peer brief
OSPF Process 10 with Router ID 2.2.2.2
Peer Statistic Information
----------------------------------------------------------------------------
Area Id Interface Neighbor id State
0.0.0.0 Vlanif1 3.3.3.3 Full
0.0.0.0 Vlanif3 1.1.1.1 Full
----------------------------------------------------------------------------
3.公网部分路由
两边路由器配置IP地址,再指向一条到外的缺省路由,
[R1]ip route-static 0.0.0.0 0.0.0.0 GigabitEthernet 0/0/1 12.1.1.2
1
给下面设备下放一条路由缺省
[R1]ospf 10
[R1-ospf-10]default-route-advertise always
使用acl抓取数据,使用nat进行地址转换
[R1]acl 2000
[R1-acl-basic-2000]rule 0 permit source 172.16.0.0 0.0.255.255
[R1-acl-basic-2000]q
[R1]interface GigabitEthernet 0/0/1
[R1-GigabitEthernet0/0/1]nat outbound 2000