三层架构-pc通外网小实验

要求:pc端能上外网(isp)

效果图:pc1(VLAN2)和pc3(vlan3)都能ping通2.2.2.2(R2环回)

代码:#先配置好r1,r2,端口ip

#

[R1]

ip route-static 0.0.0.0 0.0.0.0 10.1.1.2

acl 2000

rule permit source any 

interface GigabitEthernet0/0/2
 nat outbound 2000                #R2只配置ip没有静态,r1要用nat才能通r2

ospf 1 router-id 1.1.1.1 
 default-route-advertise        #下放缺省
 area 0.0.0.0 
  network 1.1.1.1 0.0.0.0 
  network 11.1.1.1 0.0.0.0 
  network 12.1.1.1 0.0.0.0 

[SW1]        #g0/0/3,g0/0/4设为access链路,g0/0/5为trunk链路,代码省略

vlan batch 2 to 3

interface Vlanif1                        #交换机没有物理接口地址,只能在vlan里配置
 ip address 11.1.1.2 24

ospf 1 router-id 2.2.2.2
 area 0.0.0.0
  network 0.0.0.0 255.255.255.255

interface Eth-Trunk 1                                #将g0/0/2,g0/0/6,g0/0/7聚合为1条逻辑线路
 port link-type trunk
 port trunk allow-pass vlan all

interface GigabitEthernet0/0/2                #g0/0/6和g0/0/7同理
 eth-trunk 1                                                

interface Vlanif2
 ip address 192.168.1.1 255.255.255.0
 vrrp vrid 1 virtual-ip 192.168.1.1
 vrrp vrid 1 priority 120
 vrrp vrid 1 preempt-mode timer delay 20
 dhcp select global

interface Vlanif3
 ip address 172.16.1.1 255.255.255.0
 vrrp vrid 2 virtual-ip 172.16.1.1
 vrrp vrid 2 preempt-mode timer delay 20
 dhcp select global

stp mode mstp                 #华为软件eNSP默认开启mstp

stp region-configuration
 instance 1 vlan 2
 instance 2 vlan 3
 active region-configuration

stp instance 1 root primary                        #设置SW1为vlan 2生成树的根
stp instance 2 root secondary

dhcp enable

ip pool 1
 gateway-list 192.168.1.1
 network 192.168.1.0 mask 255.255.255.0
 dns-list 8.8.8.8

ip pool 2
 gateway-list 172.16.1.1
 network 172.16.1.0 mask 255.255.255.0
 dns-list 8.8.8.8

[SW2]        #g0/0/3,g0/0/4设为access链路,g0/0/5为trunk链路,代码省略  

vlan batch 2 to 3

interface Vlanif1
 ip address 12.1.1.2 24

ospf 1 router-id 3.3.3.3
 area 0.0.0.0
  network 0.0.0.0 255.255.255.255

interface Eth-Trunk 1                                #将g0/0/2,g0/0/6,g0/0/7聚合为1条逻辑线路
 port link-type trunk
 port trunk allow-pass vlan all

interface GigabitEthernet0/0/2                #g0/0/6和g0/0/7同理
 eth-trunk 1                                                

interface Vlanif2
 ip address 192.168.1.2 255.255.255.0
 vrrp vrid 1 virtual-ip 192.168.1.2
 dhcp select global

interface Vlanif3
 ip address 172.16.1.2 255.255.255.0
 vrrp vrid 2 virtual-ip 172.16.1.2
 vrrp vrid 2 priority 120
 vrrp vrid 2 preempt-mode timer delay 20
 dhcp select global

stp mode mstp 

stp region-configuration
 instance 1 vlan 2
 instance 2 vlan 3
 active region-configuration

stp instance 1 root secondary
stp instance 2 root primary

dhcp enable

ip pool 1
 gateway-list 192.168.1.2
 network 192.168.1.0 mask 255.255.255.0
 dns-list 8.8.8.8

ip pool 2
 gateway-list 172.16.1.2
 network 172.16.1.0 mask 255.255.255.0
 dns-list 8.8.8.8

[SW3]        #e0/0/1,e0/0/2,e0/0/3,e0/0/4都设为access链路

vlan 2

port-group 1

group-member e0/0/1 to e0/0/4

port link-type access 

port default vlan 2

[SW4]        #e0/0/1,e0/0/2,e0/0/3,e0/0/4都设为access链路

vlan 2

port-group 1

group-member e0/0/1 to e0/0/4

port link-type access 

port default vlan 3

[SW5]        #e0/0/1,e0/0/2为trunk链路,e0/0/3,e0/0/4为access链路

vlan batch 2 to 3

interface Ethernet0/0/1
 port link-type trunk
 port trunk allow-pass vlan all

interface Ethernet0/0/2
 port link-type trunk
 port trunk allow-pass vlan all

interface Ethernet0/0/3
 port link-type access
 port default vlan 2

interface Ethernet0/0/4
 port link-type access
 port default vlan 3