HCIP 第16 天 三层架构

实验要求：

 

拓扑：

 

实验过程：

【SW1】【SW2】
vlan 2
int eth-trunk 0
int g0/0/23
eth-trunk 0
int g0/0/24
eth-trunk 0
port-group group-member GigabitEthernet 0/0/2 to GigabitEthernet 0/0/3 Eth-
Trunk 0
port link-type trunk
port trunk allow-pass vlan 2
stp mode mstp
stp enable
stp region-configuration
region-name a
instance 1 vlan 1
instance 2 vlan 2
active region-configuration

【SW3】【SW4】
vlan 2
port-group group-member g0/0/1 g0/0/2
port link-type trunk
port trunk allow-pass vlan 2
int e0/0/2
port link-type access
port default vlan 2
stp mode mstp
stp enable
stp region-configuration
region-name a
instance 1 vlan 1
instance 2 vlan 2
active region-configuration

【SW1】
stp instance 1 root primary //SW1在组1当主根
stp instance 2 root secondary //SW1在组2当备

【SW2】
stp instance 2 root primary //SW2在组2当主根
stp instance 1 root secondary //SW2在组1当备
port-group group-member e0/0/1 e0/0/2

【SW3】【SW4】
port-group group-member e0/0/1 to e0/0/2
stp edged-port enable //开启STP边缘接口

【SW3】
int vlanif1
ip ad 172.16.1.1 25
int vlanif2
ip ad 172.16.1.129 25

【SW4】
int vlanif1
ip ad 172.16.1.2 25
int vlanif2
ip ad 172.16.1.130 25

配置vrrp

【SW1】
int vlanif1
vrrp vrid 1 virtual-ip 172.16.1.126
vrrp vrid 1 priority 120
vrrp vrid 1 track int g0/0/1 reduce 30
int vlanif2
vrrp vrid 1 virtual-ip 172.16.1.254

【SW2】
int vlanif2
vrrp vrid 1 virtual-ip 172.16.1.254
vrrp vrid 1 priority 120
vrrp vrid 1 track int g0/0/3 reduce 30
int vlanif1
vrrp vrid 1 virtual-ip 172.16.1.126

配置dhcp

【SW1】【SW2】
dhcp enable
ip pool v1
network 172.16.1.0 mask 255.255.255.128
gateway-list 172.16.1.126
dns-list 8.8.8.8
ip pool v2
network 172.16.1.0 mask 255.255.255.128
gateway-list 172.16.2.126
dns-list 8.8.8.8
int vlanif1
dhcp select global
int vlanif2
dhcp select global

【SW3】
vlan 100
int vlanif 100
ip ad 172.16.0.1 30
int g0/0/1
port link-type access
port default vlan 100

【SW4】
vlan 100
int vlanif 100
ip ad 172.16.0.5 30
int g0/0/1
port link-type access
port default vlan100

【R1】
int g0/0/0
ip ad 172.16.0.2 30
int g0/0/2
ip ad 172.16.0.6 30

起osfp

【R1】
ospf 1 router-id 1.1.1.2
area 0
network 172.16.0.0 0.0.0.255
【SW1】
ospf 1 router-id 1.1.1.2
area 0
network 172.16.0.1 0.0.0.0
area 1
network 172.16.1.1 0.0.0.0
network 172.16.1.129 0.0.0.0
【SW2】
ospf 1 router-id 2.2.2.2
area 0
network 172.16.0.5 0.0.0.0
area 1
network 172.16.1.2 0.0.0.0
network 172.16.1.130 0.0.0.0
【SW1】【SW2】
将两条下一跳汇总发上去
ospf 1
area 1
abr-summary 172.16.1.0 255.255.255.0
【SW1】【SW2】
ospf 1
silent-interface all //沉默所有接口
undo silent-interface g0/0/1 //打开需要的接口
undo silent-interface vlanif1
undo silent-interface vlanif100
undo silent-interface Eth-Trunk0

配置ISP,边界路由的缺省

【ISP】
int g0/0/0
ip ad 12.1.1.2 30
int lo 0
ip ad 2.2.2.2 24
【R1】
int g0/0/2
ip ad 12.1.1.1 30
q
ip route-static 0.0.0.0 0.0.0.0 12.1.1.2
ospf 1
default-route-advertise always

NAT

【R1】
acl 2000
rule permit source 172.16.0.0 0.0.255.255
int g0/0/2
nat outbound 2000

验证：