SE园区综合实验（未补齐版）

实验要求：

1.局域网存在vlan10和vlan20两个业务vlan，ip网段分别对应192.168.1.0/24和192.168.2.0/24

2.业务vlan可以在所有链路上传输数据

3.sw1和sw2之间的直连链路上配置静态链路聚合实现链路冗余，并提高链路带宽

4.sw3为某接入点二次交换机，与汇聚交换机sw1和sw2运行MSTP来对vlan10和vlan20的流量进行负载分担，要求vlan10的流量优先从sw1转发，vlan20的流量优先从sw2转发，当链路故障，sw1和sw2互为备份

5.sw4为另一接入点二次交换机，使用Smart-link对上行链路进行备份，要求Smart-link组1引用MST实例1（映射vlan10）的流量经过sw1的链路访问上行设备。而Smart-link组2引用实例2（映射vlan20）的流量经过sw2链路访问上行网络，组1和组2分别在vlan100和vlan200内发送和接受Flush报文，要求当Smart-link主链路故障恢复后，端口角色能够自动恢复。

6.sw1和sw2作为汇聚层网关，运行VRRP，vlan10，使用sw1作为VRRP的主网关，vlan20使用sw2作为VRRP的主网关。

7.要求终端pc接入网络后，能够立即转发数据，当连接pc的端口收到BPDU后立即关闭

8.在sw1上配置SSH服务，要求只有vlan10能够远程登陆sw1，登陆用户名和密码都为runtime

9.在sw2上配置SNMP，要求只有pc6能够使用SNMP管理sw2

[sw3]vlan 10
[sw3-vlan10]vlan 20
[sw3-vlan20]int g1/0/1
[sw3-GigabitEthernet1/0/1]port link-type trunk
[sw3-GigabitEthernet1/0/1]port trunk permit vlan all
[sw3-GigabitEthernet1/0/1]int g1/0/2
[sw3-GigabitEthernet1/0/2]port link-type tr
[sw3-GigabitEthernet1/0/2]port trunk permit vlan all

sw3是二层交换机

[sw4]vlan 10
[sw4-vlan10]vlan 20
[sw4-vlan20]vlan 100
[sw4-vlan100]vlan 200
[sw4-vlan200]vlan 20
[sw4-vlan20]port g1/0/3
[sw4]int range g1/0/1 g1/0/2
[sw4-if-range]port link-type trunk
[sw4-if-range]port trunk permit vlan all

静态链路聚合

[sw1]int b1
[sw1-Bridge-Aggregation1]qu
[sw1]int g1/0/1
[sw1-GigabitEthernet1/0/1]port link-aggregation group 1
[sw1-GigabitEthernet1/0/1]int g1/0/2
[sw1-GigabitEthernet1/0/2]port link-aggregation group 1

[sw1]int b1
[sw1-Bridge-Aggregation1]port link-type tr
Configuring GigabitEthernet1/0/1 done.
Configuring GigabitEthernet1/0/2 done.
[sw1-Bridge-Aggregation1]port trunk permit vlan all
Configuring GigabitEthernet1/0/1 done.
Configuring GigabitEthernet1/0/2 done.
[sw1-Bridge-Aggregation1]qu
[sw1]int g1/0/3
[sw1-GigabitEthernet1/0/3]port link-type trunk
[sw1-GigabitEthernet1/0/3]port trunk permit vlan all
[sw1-GigabitEthernet1/0/3]int g1/0/4
[sw1-GigabitEthernet1/0/4]port link-type tr
[sw1-GigabitEthernet1/0/4]port trunk permit vlan all
 

[sw2]vlan 10
[sw2-vlan10]vlan 20
[sw2-vlan20]vlan 100
[sw2-vlan100]vlan 200

[sw2]int b1
[sw2-Bridge-Aggregation1]int range g1/0/1 g1/0/2
[sw2-if-range]port link-aggregation group 1
[sw2-if-range]int b1
[sw2-Bridge-Aggregation1]port link-type trunk
[sw2-Bridge-Aggregation1]port trunk permit vlan all
[sw2]int g1/0/3
[sw2-GigabitEthernet1/0/3]port link-type trunk
[sw2-GigabitEthernet1/0/3]port trunk permit vlan all
[sw2-GigabitEthernet1/0/3]int g1/0/4
[sw2-GigabitEthernet1/0/4]port link-type trunk
[sw2-GigabitEthernet1/0/4]port trunk permit vlan all

链路聚合做成功

[sw3]stp region-configuration
[sw3-mst-region]region-name h3c
[sw3-mst-region]revision-level 1
[sw3-mst-region]instance 1 vlan 10
[sw3-mst-region]instance 2 vlan 2
[sw3-mst-region]active region-configuration
 

[sw2]stp region-configuration
[sw2-mst-region] region-name h3c
[sw2-mst-region] revision-level 1
[sw2-mst-region] instance 1 vlan 10
[sw2-mst-region] instance 2 vlan 20

[sw1]stp region-configuration
[sw1-mst-region] region-name h3c
[sw1-mst-region] revision-level 1
[sw1-mst-region] instance 1 vlan 10
[sw1-mst-region] instance 2 vlan 20

[sw1]stp instance 1 root primary
[sw1]stp instance 2 root secondary
[sw1]stp global enable

[sw2]stp instance 2 root primary
[sw2]stp instance 1 root secondary
[sw2]stp global enable

聚合阻塞端口在sw3查看

display stp briefx

5.SMART-LINK

[sw4]stp region-configuration

[sw4-mst-region]instance 1 vlan 10
[sw4-mst-region]instance 2 vlan 20
[sw4-mst-region]active region-configuration
[sw4]smart-link group 1
[sw4-smlk-group1]protected-vlan reference-instance 0 to 1
[sw4-smlk-group1]flush enable control-vlan 100
[sw4]smart-link group 2
[sw4-smlk-group2]protected-vlan reference-instance 2
[sw4-smlk-group2]flush enable control-vlan 200
[sw4]int g1/0/1
[sw4-GigabitEthernet1/0/1]undo stp enable
[sw4-GigabitEthernet1/0/1]port smart-link group 1 secondary
[sw4-GigabitEthernet1/0/1]port smart-link group 2 primary
[sw4-GigabitEthernet1/0/1]int g1/0/2
[sw4-GigabitEthernet1/0/2]undo stp enable
[sw4-GigabitEthernet1/0/2]port smart-link group 1 primary
[sw4-GigabitEthernet1/0/2]port smart-link group 2 se
[sw4-GigabitEthernet1/0/2]
[sw4-GigabitEthernet1/0/2]qu
[sw4]smart-link group 1
[sw4-smlk-group1]preemption mode role
[sw4-smlk-group1]smart-link group 2
[sw4-smlk-group2]preemption mode role
 

[sw4]int g1/0/3
[sw4-GigabitEthernet1/0/3]port access vlan 20
[sw4-GigabitEthernet1/0/3]stp edged-port

[sw4]stp bpdu-protection
[sw4]stp global enable

[sw3]stp bpdu-protection
[sw3]stp global enable

[sw1-vlan10]int vlan10
[sw1-Vlan-interface10]ip add 192.168.1.252 255.255.255.0
[sw1-Vlan-interface10]vrrp vrid 10 virtual-ip 192.168.1.254
[sw1-Vlan-interface10]vrrp vrid 10 priority 120
[sw1-vlan20]int vlan 20
[sw1-Vlan-interface20]ip add 192.168.2.252 255.255.255.0
[sw1-Vlan-interface20]vrrp vrid 20 virtual-ip 192.168.2.254

（sw2同上）

[sw1]acl basic 2000
[sw1-acl-ipv4-basic-2000]rule 0 permit source 192.168.1.0 0.0.0.255
[sw1]local-user runtime class manage
[sw1-luser-manage-runtime]service-type ssh
[sw1-luser-manage-runtime]authorization-attribute user-role level-15
[sw1]line vty 0 4
[sw1-line-vty0-4]authentication-mode scheme
[sw1-line-vty0-4]user-role network-operator
[sw1-line-vty0-4]protocol inbound ssh
[sw1]ssh server enable
[sw1]ssh server acl 2000