PC1 PC3---VLAN 1   PC2 PC4----VLAN 2

1.ETH-trunk 

[sw1]int Eth-Trunk 0
[sw1]int g 0/0/1
[sw1-GigabitEthernet0/0/1]eth-trunk 0
[sw1-GigabitEthernet0/0/1]int g 0/0/2
[sw1-GigabitEthernet0/0/2]eth-trunk 0
 

[sw2]int Eth-Trunk 0
[sw2]int g 0/0/1
[sw2-GigabitEthernet0/0/1]eth-trunk 0
[sw2-GigabitEthernet0/0/1]int g 0/0/2   
[sw2-GigabitEthernet0/0/2]eth-trunk 0

 2.VLAN

创建vlan --划分vlan --- trunk干道

SW1

[sw1]vlan 2
[sw1]port-group group-member g 0/0/3 to g 0/0/4 eth-trunk 0
[sw1-port-group]port link-type trunk
[sw1-port-group]port trunk allow-pass vlan 2

SW2

[sw2]vlan 2
[sw2]port-group group-member g 0/0/3 to g 0/0/4 eth-trunk 0
[sw2-port-group]port link-type trunk
[sw2-port-group]port trunk allow-pass vlan 2

SW3

[sw3]vlan 2
[sw3]int g 0/0/2
[sw3-GigabitEthernet0/0/2]port link-type access
[sw3-GigabitEthernet0/0/2]port default vlan 2
 

[sw3]port-group group-member g 0/0/3 to g 0/0/4
[sw3-port-group]port link-type trunk
[sw3-port-group]port trunk allow-pass vlan 2

SW4

[sw4]vlan 2

[sw4]port-group group-member g 0/0/3 to g 0/0/4
[sw4-port-group]port link-type trunk
[sw4-port-group]port trunk allow-pass vlan 2

[sw4]int g 0/0/2
[sw4-GigabitEthernet0/0/2]port link-type access
[sw4-GigabitEthernet0/0/2]port default vlan 2

3.STP

SW1-SW4相同配置

[sw1]stp enable 
[sw1]stp mode mstp
[sw1]stp region-configuration 
[sw1-mst-region]region-name a
[sw1-mst-region]instance 1 vlan 1
[sw1-mst-region]instance 2 vlan 2
[sw1-mst-region]active region-configuration 

 

 

 

SW1-SW2互为备份
[sw1]stp instance 1 root primary 
[sw1]stp instance 2 root secondary 

[sw2]stp instance 1 root secondary 
[sw2]stp instance 2 root primary 

 

 

接入层交换机SW3-SW4 (边缘接口，加速)

[sw3]port-group group-member g 0/0/1 to g 0/0/2
[sw3-port-group]stp enable
[sw3-port-group]stp edged-port enable

[sw4]port-group group-member g 0/0/1 to g 0/0/2
[sw4-port-group]stp enable
[sw4-port-group]stp edged-port enable

SVI

[sw1]interface vlanif 1
[sw1-Vlanif1]ip address 172.16.1.1 25

[sw1]interface vlanif 2
[sw1-Vlanif2]ip address 172.16.1.129 25

[sw2]interface vlanif 1
[sw2-Vlanif1]ip address 172.16.1.2 25

[sw2]interface vlanif 2
[sw2-Vlanif2]ip address 172.16.1.130 25

 VRRP

VLAN 1 

[sw1]interface vlanif 1
[sw1-Vlanif1]vrrp vrid 1 virtual-ip 172.16.1.126
[sw1-Vlanif1]vrrp vrid 1 priority 105
[sw1-Vlanif1]vrrp vrid 1 track interface g 0/0/5 reduced 6

[sw2]interface vlanif 1
[sw2-Vlanif1]vrrp vrid 1 virtual-ip 172.16.1.126

 VLAN 2

[sw1]interface vlanif 2
[sw1-Vlanif2]vrrp vrid 1 virtual-ip 172.16.1.254
 

[sw2]interface vlanif 2
[sw2-Vlanif2]vrrp vrid 1 virtual-ip 172.16.1.254
[sw2-Vlanif2]vrrp vrid 1 priority 105
[sw2-Vlanif2]vrrp vrid 1 track interface g 0/0/5 reduced 6

 DHCP

[sw1]dhcp enable
[sw1]ip pool v1
[sw1-ip-pool-v1]network 172.16.1.0 mask 25
[sw1-ip-pool-v1]gateway-list 172.16.1.126
[sw1-ip-pool-v1]dns-list 114.114.114.114 8.8.8.8

[sw1]dhcp enable
[sw1]ip pool v2
[sw1-ip-pool-v2]network 172.16.1.128 mask 25
[sw1-ip-pool-v2]gateway-list 172.16.1.254
[sw1-ip-pool-v2]dns-list 114.114.114.114 8.8.8.8

[sw1]interface vlanif 1
[sw1-Vlanif1]dhcp select global 
[sw1-Vlanif1]interface vlanif 2
[sw1-Vlanif2]dhcp select global

PC1

PC2

 PC3

 PC4

 配置路由 

1.配置IP

公网IP

[r1]int g 0/0/0
[r1-GigabitEthernet0/0/0]ip add 12.1.1.1 24
[r1-GigabitEthernet0/0/0]int g 0/0/1
[r1-GigabitEthernet0/0/1]ip ad 172.16.0.1 30
[r1-GigabitEthernet0/0/1]int g 0/0/2
[r1-GigabitEthernet0/0/2]ip add 172.16.0.5 30

[isp]int g 0/0/0
[isp-GigabitEthernet0/0/0]ip add 12.1.1.2 24
[isp-GigabitEthernet0/0/0]int l0
[isp-LoopBack0]ip add 6.6.6.6 24
 

[sw1]vlan 99
[sw1-vlan99]int vlanif 99
[sw1-Vlanif99]ip add 172.16.0.2 30
[sw1-Vlanif99]int g 0/0/5
[sw1-GigabitEthernet0/0/5]port link-type access
[sw1-GigabitEthernet0/0/5]port default vlan 99
 

[sw2]vlan 99
[sw2-vlan99]int vlanif 99
[sw2-Vlanif99]ip add 172.16.0.6 30
[sw2-Vlanif99]int g 0/0/5
[sw2-GigabitEthernet0/0/5]port link-type access
[sw2-GigabitEthernet0/0/5]port default vlan 99

 2.路由

[r1]ospf 1 router-id 1.1.1.1
[r1-ospf-1]a 0
[r1-ospf-1-area-0.0.0.0]network 172.16.0.1 0.0.0.0
[r1-ospf-1-area-0.0.0.0]network 172.16.0.5 0.0.0.0
 

[sw1]ospf 1 router-id 2.2.2.2
[sw1-ospf-1]a 0
[sw1-ospf-1-area-0.0.0.0]network 172.16.0.2 0.0.0.0
[sw1-ospf-1-area-0.0.0.0]q
[sw1-ospf-1]a 1
[sw1-ospf-1-area-0.0.0.1]network 172.16.1.1 0.0.0.0
[sw1-ospf-1-area-0.0.0.1]network 172.16.1.129 0.0.0.0

[sw2]ospf 1 router-id 3.3.3.3
[sw2-ospf-1]a 0
[sw2-ospf-1-area-0.0.0.0]network 172.16.0.6 0.0.0.0
[sw2-ospf-1-area-0.0.0.0]q
[sw2-ospf-1]a 1
[sw2-ospf-1-area-0.0.0.1]network 172.16.1.2 0.0.0.0
[sw2-ospf-1-area-0.0.0.1]network 172.16.1.130 0.0.0.0
 

沉默接口

[sw1]ospf 1
[sw1-ospf-1]silent-interface all
 
[sw1-ospf-1]undo silent-interface Eth-Trunk 0
[sw1-ospf-1]undo silent-interface GigabitEthernet 0/0/5
[sw1-ospf-1]undo silent-interface vlanif 1
[sw1-ospf-1]undo silent-interface vlanif 99

[sw2]ospf 1
[sw2-ospf-1]silent-interface GigabitEthernet 0/0/3
[sw2-ospf-1]silent-interface GigabitEthernet 0/0/4
[sw2-ospf-1]silent-interface vlanif 2

 汇总

[sw1]ospf 1
[sw1-ospf-1]a 1
[sw1-ospf-1-area-0.0.0.1]abr-summary 172.16.1.0 255.255.255.0

[sw2]ospf 1
[sw2-ospf-1]a 1
[sw2-ospf-1-area-0.0.0.1]abr-summary 172.16.1.0 255.255.255.0
 

配置缺省 NAT

[r1]ip route-static 0.0.0.0 0 12.1.1.2
[r1]ospf 1
[r1-ospf-1]default-route-advertise
[r1-ospf-1]q
[r1]acl 2000
[r1-acl-basic-2000]rule permit source 172.16.0.0 0.0.255.255
[r1-acl-basic-2000]int g 0/0/0
[r1-GigabitEthernet0/0/0]nat outbound 2000

空接口防环

[sw1]ip route-static 172.16.1.0 24 NULL 0
[sw2]ip route-static 172.16.1.0 24 NULL 0