目录
实验要求:
实验步骤:
1.IP地址的规划
公网区域内骨干链路为10.1.1.0/24网段 ISP路由器环回IP地址为3.3.3.3/24
骨干链路网段划分为172.16.0.0/30 172.16.0.4/30
VLAN1网段为:172.16.1.0/25 VLAN2网段为172.16.1.128/25
2.拓扑结构的搭建
3.交换机的配置
步骤:eth-trunk—创建VLAN—trunk干道—接口划入VLAN—STP—SVI—VRRP—DHCP
1.SW1和SW2起eth-trunk,并划入接口
SW1:
[SW1]interface Eth-Trunk 0
[SW1]interface g0/0/22
[SW1-GigabitEthernet0/0/22]eth-trunk 0
[SW1-GigabitEthernet0/0/22]interface g0/0/23
[SW1-GigabitEthernet0/0/23]eth-trunk 0
SW2:
[SW2]interface Eth-Trunk 0
[SW2]interface g0/0/22
[SW2-GigabitEthernet0/0/22]eth-trunk 0
[SW2-GigabitEthernet0/0/22]interface g0/0/23
[SW2-GigabitEthernet0/0/23]eth-trunk 0
2.创建VLAN
SW1,2,3,4都只用创建VLAN2,因为VLAN1默认存在
[SW1]vlan 2
[SW2]vlan 2
[SW3]vlan 2
[SW4]vlan 2
3.创建trunk干道
SW1,2,3,4配置都是一样的,以SW1为例
SW1:
[SW1]port-group group-member Eth-Trunk 0 GigabitEthernet 0/0/1 to GigabitEthernet 0/0/2
[SW1-port-group]port link-type trunk
[SW1-Eth-Trunk0]port link-type trunk
[SW1-GigabitEthernet0/0/1]port link-type trunk
[SW1-GigabitEthernet0/0/2]port link-type trunk
[SW1-port-group]port trunk allow-pass vlan 2
[SW1-Eth-Trunk0]port trunk allow-pass vlan 2
[SW1-GigabitEthernet0/0/1]port trunk allow-pass vlan 2
[SW1-GigabitEthernet0/0/2]port trunk allow-pass vlan 2
4.STP的配置
SW1:
[SW1]stp mode mstp
[SW1]stp region-configuration
[SW1-mst-region]region-name a
[SW1-mst-region]instance 1 vlan 1
[SW1-mst-region]instance 2 vlan 2
[SW1-mst-region]active region-configuration
[SW1-mst-region]q
[SW1]stp instance 1 root primary
[SW1]stp instance 2 root secondary
SW2:
[SW2]stp mode mstp
[SW2]stp region-configuration
[SW2-mst-region]region-name a
[SW2-mst-region]instance 1 vlan 1
[SW2-mst-region]instance 2 vlan 2
[SW2-mst-region]active region-configuration
[SW2-mst-region]q
[SW2]stp instance 1 root secondary
[SW2]stp instance 2 root primary
SW3:
[SW3]stp mode mstp
[SW3]stp region-configuration
[SW3-mst-region]instance 1 vlan 1
[SW3-mst-region]instance 2 vlan 2
[SW3-mst-region]active region-configuration
SW4:
[SW4]stp mode mstp
[SW4]stp region-configuration
[SW4-mst-region]region-name a[SW4-mst-region]instance 1 vlan 1
[SW4-mst-region]instance 2 vlan 2
[SW4-mst-region]active region-configuration
5.SVI的配置
SW1:
[SW1]interface vlan 1
[SW1-Vlanif1]ip address 172.16.1.1 25
[SW1-Vlanif1]q
[SW1]interface vlan 2
[SW1-Vlanif2]ip address 172.16.1.129 25
SW2:
[SW2]interface vlan 1
[SW2-Vlanif1]ip address 172.16.1.2 25
[SW2-Vlanif1]q
[SW2]interface vlan 2
[SW2-Vlanif2]ip address 172.16.1.130 25
6.VRRP的配置
SW1:
[SW1]interface vlan 1
[SW1-Vlanif1]vrrp vrid 1 virtual-ip 172.16.1.126
[SW1-Vlanif1]vrrp vrid 1 priority 101
[SW1-Vlanif1]vrrp vrid 1 track interface GigabitEthernet 0/0/24 reduced 2
[SW1-Vlanif1]q
[SW1]int
[SW1]interface vlan 2
[SW1-Vlanif2]vrrp vrid 1 virtual-ip 172.16.1.254
SW2:
[SW2]interface vlan 1
[SW2-Vlanif1]vrrp vrid 1 virtual-ip 172.16.1.126
[SW2-Vlanif1]q
[SW2]interface vlan 2
[SW2-Vlanif2]vrrp vrid 1 virtual-ip 172.16.1.254
[SW2-Vlanif2]vrrp vrid 1 priority 101
[SW2-Vlanif2]vrrp vrid 1 track interface GigabitEthernet 0/0/24 reduced 2
7.DHCP的配置
SW1:
[SW1]dhcp enable
[SW1]ip pool v1
[SW1-ip-pool-v1]network 172.16.1.0 mask 25
[SW1-ip-pool-v1]gateway-list 172.16.1.126
[SW1-ip-pool-v1]dns-list 114.114.114.114
[SW1-ip-pool-v1]q
[SW1]ip pool v2
[SW1-ip-pool-v2]network 172.16.1.128 mask 25
[SW1-ip-pool-v2]gateway-list 172.16.1.254
[SW1-ip-pool-v2]dns-list 114.114.114.114[SW1]interface vlan 1
[SW1-Vlanif1]dhcp select global
[SW1-Vlanif1]interface vlan 2
[SW1-Vlanif2]dhcp select global
SW2:
[SW2]dhcp enable
[SW2]ip pool v1
[SW2-ip-pool-v1]network 172.16.1.0 mask 25
[SW2-ip-pool-v1]gateway-list 172.16.1.126
[SW2-ip-pool-v1]dns-list 114.114.114.114
[SW2-ip-pool-v1]q
[SW2]ip pool v2
[SW2-ip-pool-v2]network 172.16.1.128 mask 25
[SW2-ip-pool-v2]gateway-list 172.16.1.254
[SW2-ip-pool-v2]dns-list 114.114.114.114[SW2]interface vlan 1
[SW2-Vlanif1]dhcp select global
[SW2-Vlanif1]interface vlan 2
[SW2-Vlanif2]dhcp select global
8.验证PC是否获得IP地址
PC1:
PC2:
PC3:
PC4:
4.路由器的配置
在SW1和SW2上创建VLAN100,接口划入VLAN,和路由器进行连接
SW1:
[SW1]vlan 100
[SW1-vlan100]q
[SW1]interface vlan 100
[SW1-Vlanif100]ip address 172.16.0.1 30
[SW1-Vlanif100]int
[SW1-Vlanif100]q
[SW1]interface g0/0/24
[SW1-GigabitEthernet0/0/24]port link-type access
[SW1-GigabitEthernet0/0/24]port default vlan 100
[SW1-GigabitEthernet0/0/24]stp edged-port enableSW2:
[SW2]vlan 100
[SW2-vlan100]q
[SW2]interface vlan 100
[SW2-Vlanif100]ip address 172.16.0.5 30
[SW2-Vlanif100]int g0/0/24
[SW2-GigabitEthernet0/0/24]port default vlan 100
[SW2-GigabitEthernet0/0/24]stp edged-port enable R1和R2上进行IP地址的配置
R1:
[R1]interface g0/0/0
[R1-GigabitEthernet0/0/0]ip address 172.16.0.2 30
[R1-GigabitEthernet0/0/0]interface g0/0/2
[R1-GigabitEthernet0/0/2]ip address 172.16.0.6 30 R2:
[R2]interface g0/0/0
[R2-GigabitEthernet0/0/0]ip address 10.1.1.2 24
[R2-GigabitEthernet0/0/0]interface LoopBack 0
[R2-LoopBack0]ip address 3.3.3.3 245.OSPF的配置
SW1,SW2,R1上进行OSPF的配置
SW1:
[SW1]ospf 1 router-id 1.1.1.1
[SW1-ospf-1]area 0
[SW1-ospf-1-area-0.0.0.0]network 172.16.0.1 0.0.0.0
[SW1-ospf-1-area-0.0.0.0]q
[SW1-ospf-1]area 1
[SW1-ospf-1-area-0.0.0.1]network 172.16.1.0 0.0.0.255
[SW1-ospf-1-area-0.0.0.1]abr-summary 172.16.1.0 255.255.255.0SW2:
[SW2]ospf 1 router-id 2.2.2.2
[SW2-ospf-1]area 0
[SW2-ospf-1-area-0.0.0.0]network 172.16.0.5 0.0.0.0
[SW2-ospf-1-area-0.0.0.0]q
[SW2-ospf-1]area 1
[SW2-ospf-1-area-0.0.0.1]network 172.16.1.0 0.0.0.255
[SW2-ospf-1-area-0.0.0.1]abr-summary 172.16.1.0 255.255.255.0R1:
[R1]ospf 1 router-id 6.6.6.6
[R1-ospf-1]area 0
[R1-ospf-1-area-0.0.0.0]network 172.16.0.0 0.0.0.2556.NAT的配置
在R1上进行缺省路由和NAT的配置
[R1]ip route-static 0.0.0.0 0 10.1.1.2
[R1]ospf 1
[R1-ospf-1]default-route-advertise
[R1]acl 2000
[R1-acl-basic-2000]rule permit source 172.16.0.0 0.0.255.255
[R1-acl-basic-2000]q
[R1]interface g0/0/1
[R1-GigabitEthernet0/0/1]nat outbound 20007.测试
VLAN1之间的访问,PC1 ping PC3
VLAN2之间的访问,PC2 ping PC4
VLAN1与VLAN2之间的访问
PC1 ping PC2
PC3 ping PC4
VLAN1中PC访问公网
PC1访问公网
VLAN2中PC访问公网
PC2访问公网
