HCIP交换实验

实验内容

1、内网IP使用172.16.0.0/16分配
2、sw1和sw2之间互为备份
3、VRRP/STP/VLAN/Eth-trunk均使用
4、所有pc均通过DHCP获取IP地址
5、ISP只能配置IP地址
6、所有电脑可以正常访问ISP路由器环回
**

实验步骤

**

172.16.0.0/16 总网

172.16.0.0/24 点到点骨干链路
172.16.0.0/30——172.16.0.252/30

172.16.1.0/24 MA骨干链路
172.16.1.0/29——192.16.1.248/29

172.16.2.0/24——172.16.255.0/24 PC网段

[sw3]int Eth-Trunk 0
[sw3-Eth-Trunk0]q 
[sw3]int g0/0/3 
[sw3-GigabitEthernet0/0/3]eth-trunk 0
[sw3-GigabitEthernet0/0/3]int g0/0/4
[sw3-GigabitEthernet0/0/4]eth-trunk 0

[sw4]int Eth-Trunk 0
[sw4-Eth-Trunk0]q
[sw4]int g0/0/3
[sw4-GigabitEthernet0/0/3]eth-trunk 0
[sw4-GigabitEthernet0/0/3]int g0/0/4
[sw4-GigabitEthernet0/0/4]eth-trunk 0
1
2
3
4
5
6
7
8
9
10
11
12
13

配置trunk干道

[sw3]int Eth-Trunk 0
[sw3-Eth-Trunk0]port link-type trunk 
[sw3-Eth-Trunk0]port trunk allow-pass vlan 1 to 2
1
2
3

[sw3]port-group group-member g0/0/2 g0/0/5
[sw3-port-group]port link-type trunk 
[sw3-GigabitEthernet0/0/2]port link-type trunk 
[sw3-GigabitEthernet0/0/5]port link-type trunk 
[sw3-port-group]port trunk allow-pass vlan 1 to 2
[sw3-GigabitEthernet0/0/2]port trunk allow-pass vlan 1 to 2
[sw3-GigabitEthernet0/0/5]port trunk allow-pass vlan 1 to 2

[sw4]int Eth-Trunk 0
[sw4-Eth-Trunk0]port link-type trunk 
[sw4-Eth-Trunk0]port trunk allow-pass vlan 1 to 2

[sw4]int g 0/0/2
[sw4-GigabitEthernet0/0/2]port link-type trunk 
[sw4-GigabitEthernet0/0/2]port trunk allow-pass vlan 1 to 2
[sw4-GigabitEthernet0/0/2]int g 0/0/5
[sw4-GigabitEthernet0/0/5]port link-type trunk   
[sw4-GigabitEthernet0/0/5]port trunk allow-pass vlan 1 to 2

[sw1]port-group group-member g0/0/1 to g0/0/2
[sw1-port-group]port link-type trunk 
[sw1-GigabitEthernet0/0/1]port link-type trunk 
[sw1-GigabitEthernet0/0/2]port link-type trunk 
[sw1-port-group]port trunk allow-pass vlan 1 to 2
[sw1-GigabitEthernet0/0/1]port trunk allow-pass vlan 1 to 2
[sw1-GigabitEthernet0/0/2]port trunk allow-pass vlan 1 to 2

[sw2]int g0/0/1
[sw2-GigabitEthernet0/0/1] port link-type trunk
[sw2-GigabitEthernet0/0/1] port trunk allow-pass vlan 2
[sw2-GigabitEthernet0/0/1]int g0/0/2
[sw2-GigabitEthernet0/0/2] port link-type trunk
[sw2-GigabitEthernet0/0/2] port trunk allow-pass vlan 2
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33

[sw4]int Eth-Trunk 0
[sw4-Eth-Trunk0]port link-type trunk 
[sw4-Eth-Trunk0]port trunk allow-pass vlan 1 to 2

[sw4]int g 0/0/2
[sw4-GigabitEthernet0/0/2]port link-type trunk 
[sw4-GigabitEthernet0/0/2]port trunk allow-pass vlan 1 to 2
[sw4-GigabitEthernet0/0/2]int g 0/0/5
[sw4-GigabitEthernet0/0/5]port link-type trunk   
[sw4-GigabitEthernet0/0/5]port trunk allow-pass vlan 1 to 2

1
2
3
4
5
6
7
8
9
10
11

[sw1]port-group group-member g0/0/1 to g0/0/2
[sw1-port-group]port link-type trunk 
[sw1-GigabitEthernet0/0/1]port link-type trunk 
[sw1-GigabitEthernet0/0/2]port link-type trunk 
[sw1-port-group]port trunk allow-pass vlan 1 to 2
[sw1-GigabitEthernet0/0/1]port trunk allow-pass vlan 1 to 2
[sw1-GigabitEthernet0/0/2]port trunk allow-pass vlan 1 to 2
1
2
3
4
5
6
7

[sw2]int g0/0/1
[sw2-GigabitEthernet0/0/1] port link-type trunk
[sw2-GigabitEthernet0/0/1] port trunk allow-pass vlan 2
[sw2-GigabitEthernet0/0/1]interface GigabitEthernet0/0/2
[sw2-GigabitEthernet0/0/2] port link-type trunk
[sw2-GigabitEthernet0/0/2] port trunk allow-pass vlan 2

1
2
3
4
5
6
7

配置STP（生成树）

[sw3]stp mode mstp 
[sw3]stp enable 
[sw3]stp region-configuration 
[sw3-mst-region]region-name a
[sw3-mst-region]instance 1 vlan 1
[sw3-mst-region]instance 2 vlan 2
[sw3-mst-region]active region-configuration 
[sw3-mst-region]q   
[sw3]stp instance 1 root primary 
[sw3]stp instance 2 root secondary 

1
2
3
4
5
6
7
8
9
10
11

[sw4]stp mode mstp 
[sw4]stp enable 
[sw4]stp region-configuration 
[sw4-mst-region]region-name b
[sw4-mst-region]instance 1 vlan 1
[sw4-mst-region]instance 2 vlan 2
[sw4-mst-region]active region-configuration 
[sw4-mst-region]q
[sw4]stp instance 1 root secondary 
[sw4]stp instance 2 root primary 
1
2
3
4
5
6
7
8
9
10

[sw1]stp enable 
[sw1]stp region-configuration  
[sw1-mst-region]region-name a
[sw1-mst-region]instance 1 vlan 1
[sw1-mst-region]instance 2 vlan 2
[sw1-mst-region]active region-configuration 

1
2
3
4
5
6
7

[sw2]stp enable 
[sw2]stp region-configuration 
[sw2-mst-region]region-name a
[sw2-mst-region]instance 1 vlan 1
[sw2-mst-region]instance 2 vlan 2
[sw2-mst-region]active region-configuration

1
2
3
4
5
6
7

配置svi

[sw3]int vlan 1
[sw3-Vlanif1]ip address 172.16.2.1 24
[sw3-Vlanif1]int vlan 2
[sw3-Vlanif2]ip address 172.16.3.2 24

[sw4]int vlan 1
[sw4-Vlanif1]ip address 172.16.2.2 24
[sw4-Vlanif1]int vlan 2
[sw4-Vlanif2]ip address 172.16.3.1 24
1
2
3
4
5
6
7
8
9

VRRP

[sw3]int vlanif 1
[sw3-Vlanif1]vrrp vrid 1 virtual-ip 172.16.2.254
[sw3-Vlanif1]vrrp vrid 1 priority 101
[sw3-Vlanif1]vrrp vrid 1 track interface GigabitEthernet 0/0/1 reduced 5
[sw3-Vlanif1]int vlanif 2
[sw3-Vlanif2]vrrp vrid 1 virtual-ip 172.16.3.254
1
2
3
4
5
6

[sw4]int Vlanif 1
[sw4-Vlanif1]vrrp vrid 1 virtual-ip 172.16.2.254
[sw4-Vlanif1]int vlanif 2 
[sw4-Vlanif2]vrrp vrid 1 virtual-ip 172.16.3.254  
[sw4-Vlanif2]vrrp vrid 1 priority 101
[sw4-Vlanif2]vrrp vrid 1 track interface GigabitEthernet 0/0/1 reduced 5
1
2
3
4
5
6

DHCP

[sw3]dhcp enable 
[sw3]ip pool a 
[sw3-ip-pool-a]network 172.16.2.0 mask 24
[sw3-ip-pool-a]gateway-list 172.16.2.254
[sw3-ip-pool-a]dns-list 114.114.114.114
[sw3-ip-pool-a]q
[sw3]ip pool b
[sw3-ip-pool-b]network 172.16.3.0 mask 24
[sw3-ip-pool-b]gateway-list 172.16.3.254 
[sw3-ip-pool-b]dns-list 114.114.114.114
[sw3-ip-pool-b]q
[sw3]int vlan 1
[sw3-Vlanif1]dhcp select global 
[sw3-Vlanif1]int vlanif 2
[sw3-Vlanif2]dhcp select global 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15

[sw4]dhcp enable 
[sw4]ip pool a 
[sw4-ip-pool-a]network 172.16.2.0 mask 24
[sw4-ip-pool-a]gateway-list 172.16.2.254
[sw4-ip-pool-a]dns-list 114.114.114.114
[sw4-ip-pool-a]q
[sw4]ip pool b
[sw4-ip-pool-b]network 172.16.3.0 mask 24
[sw4-ip-pool-b]gateway-list 172.16.3.254
[sw4-ip-pool-b]dns-list 114.114.114.114
[sw4-ip-pool-b]q
[sw4]interface vlanif 1
[sw4-Vlanif1]dhcp select global 
[sw4-Vlanif1]int vlanif 2
[sw4-Vlanif2]dhcp select global 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15

创建VLAN并划分VLAN

[sw1-Ethernet0/0/1]port link-type access 
[sw1-Ethernet0/0/1]port default vlan 1
[sw1-Ethernet0/0/1]stp edged-port enable 
[sw1-Ethernet0/0/1]int eth0/0/2
[sw1-Ethernet0/0/2]port link-type access 
[sw1-Ethernet0/0/2]port default vlan 2
[sw1-Ethernet0/0/2]stp edged-port enable 

[sw2]int Eth0/0/1
[sw2-Ethernet0/0/1]port link-type access 
[sw2-Ethernet0/0/1]port default vlan 1
[sw2-Ethernet0/0/1]stp edged-port enable 
[sw2-Ethernet0/0/1]int eth0/0/2
[sw2-Ethernet0/0/2]port link-type access     
[sw2-Ethernet0/0/2]port default vlan 2
[sw2-Ethernet0/0/2]stp edged-port enable 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16

配置公网

路由器和三层交换机的连通

[sw3]vlan 10
[sw3-vlan10]int vlan 10
[sw3-Vlanif10]ip address 172.16.0.1 30
[sw3-Vlanif10]int g0/0/1
[sw3-GigabitEthernet0/0/1]port link-type access 
[sw3-GigabitEthernet0/0/1]port default vlan 10
[sw3]ip route-static 0.0.0.0 0 172.16.0.2
1
2
3
4
5
6
7

[sw4]vlan 20
[sw4-vlan20]int vlanif 20
[sw4-Vlanif20]ip add 172.16.0.6 30
[sw4-Vlanif20]int g0/0/1
[sw4-GigabitEthernet0/0/1]port link-type access 
[sw4-GigabitEthernet0/0/1]port default vlan 20
[sw4]ip route-static 0.0.0.0 0 172.16.0.5 
1
2
3
4
5
6
7

[r2]int g0/0/1
[r2-GigabitEthernet0/0/1]ip add 172.16.0.2 30
[r2-GigabitEthernet0/0/1]int g 0/0/2
[r2-GigabitEthernet0/0/2]ip add 172.16.0.5 30
[r2]ip route-static 172.16.2.0 24 172.16.0.1
[r2]ip route-static 172.16.2.0 24 172.16.0.6
[r2]ip route-static 172.16.3.0 24 172.16.0.6
[r2]ip route-static 172.16.3.0 24 172.16.0.1
1
2
3
4
5
6
7
8

DNS

[r2-acl-basic-2000]rule permit source 172.16.0.0 0.0.255.255
[r2-acl-basic-2000]q
[r2]int g0/0/0
[r2-GigabitEthernet0/0/0]nat o    
[r2-GigabitEthernet0/0/0]nat outbound 2000
1
2
3
4
5

底层地址配置
[SW1]vlan 100
[SW1-GigabitEthernet0/0/1]port link-type access
[SW1-GigabitEthernet0/0/1]port default vlan 100
[SW1-GigabitEthernet0/0/1]int vlan 100
[SW1-Vlanif100]ip add 172.16.0.1 30

[SW2]vlan 100
[SW2-vlan100]q
[SW2]int vlan 100
[SW2-Vlanif100]ip add 172.16.0.5 30
[SW2-GigabitEthernet0/0/1]port link-type access
[SW2-GigabitEthernet0/0/1]p d v100

[R1]int g0/0/1
[R1-GigabitEthernet0/0/1]ip add 172.16.0.2 30
[R1-GigabitEthernet0/0/1]int g0/0/2
[R1-GigabitEthernet0/0/2]ip add 172.16.0.6 30
[R1-GigabitEthernet0/0/2]int g0/0/0
[R1-GigabitEthernet0/0/0]ip add 192.168.1.1 24
[ISP]int g0/0/0
[ISP-GigabitEthernet0/0/0]ip add 192.168.1.2 24

ping测试

2、路由
[SW1]ospf 1 router-id 2.2.2.2
[SW1-ospf-1]area 0
[SW1-ospf-1-area-0.0.0.0]network 172.16.0.1 0.0.0.0
[SW1-ospf-1-area-0.0.0.0]q
[SW1-ospf-1]area 1
[SW1-ospf-1-area-0.0.0.1]network 172.16.1.1 0.0.0.0
[SW1-ospf-1-area-0.0.0.1]network 172.16.1.129 0.0.0.0
[SW1-ospf-1-area-0.0.0.1]abr-summary 172.16.1.0 255.255.255.0

[SW2]ospf 1 router-id 2.2.2.22
[SW2-ospf-1]area 0
[SW2-ospf-1-area-0.0.0.0]network 172.16.0.5 0.0.0.0
[SW2-ospf-1-area-0.0.0.0]area 1
[SW2-ospf-1-area-0.0.0.1]network 172.16.1.2 0.0.0.0
[SW2-ospf-1-area-0.0.0.1]network 172.16.1.130 0.0.0.0
[SW2-ospf-1-area-0.0.0.1]abr-summary 172.16.1.0 255.255.255.0

[R1]ospf 1 router-id 1.1.1.1
[R1-ospf-1]area 0
[R1-ospf-1-area-0.0.0.0]network 172.16.0.0 0.0.0.255

设置沉默接口，减少流量洪泛
[SW1-ospf-1]silent-interface all
[SW1-ospf-1]undo silent-interface Eth-Trunk 0
[SW1-ospf-1]undo silent-interface Vlanif 1
[SW2-ospf-1]undo silent-interface Vlanif 100

[SW2-ospf-1]silent-interface all
[SW2-ospf-1]undo silent-interface Eth-Trunk 0
[SW2-ospf-1]undo silent-interface Vlanif 1
[SW2-ospf-1]undo silent-interface Vlanif 100

下放缺省 设置地址转换
[R1]ip route-static 0.0.0.0 0 192.168.1.2
[R1-ospf-1]default-route-advertise
[R1-ospf-1]q
[R1]acl 2000
[R1-acl-basic-2000]rule permit source 172.16.0.0 0.0.255.255
[R1-acl-basic-2000]q
[R1]int g0/0/0
[R1-GigabitEthernet0/0/0]nat outbound 2000
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67

上网测试