第十八天实验（交换综合实验）

先解决交换部分，再配IP，最后再路由

一、Eth-Trunk

sw1

[sw1]int Eth-Trunk 0 //创建Eth-Trunk 0接口
//分别将G0/0/23和G0/0/24接口绑入Eth-Trunk接口
[sw1-Eth-Trunk0]int g0/0/23
[sw1-GigabitEthernet0/0/23]eth-trunk 0
Info: This operation may take a few seconds. Please wait for a moment…done.
[sw1-GigabitEthernet0/0/23]int g0/0/24
[sw1-GigabitEthernet0/0/24]eth-trunk 0

sw2

[sw2]int Eth-Trunk 0
[sw2-Eth-Trunk0]int g0/0/23
[sw2-GigabitEthernet0/0/23]eth-trunk 0
Info: This operation may take a few seconds. Please wait for a moment…done.
[sw2-GigabitEthernet0/0/23]int g0/0/24
[sw2-GigabitEthernet0/0/24]eth-trunk 0
Info: This operation may take a few seconds. Please wait for a moment…done.

二、VLAN（创建VLAN 划分VLAN trunk干道）

sw1

与sw1相连的三个交换机都有两个VLAN，所以sw1不需要做VLAN，只需要分别做对应交换机的Trunk，sw1的G0/0/2,G0/0/3,Eth-trunk0接口都需做trunk.
[sw1]vlan 2
[sw1-vlan2]q
[sw1]port-group group-member g0/0/2 to g0/0/3 Eth-Trunk 0 //三个接口一起
[sw1-port-group]port link-type trunk
[sw1-GigabitEthernet0/0/2]port link-type trunk
[sw1-GigabitEthernet0/0/3]port link-type trunk
[sw1-Eth-Trunk0]port link-type trunk
[sw1-port-group]port trunk allow-pass vlan 2 //vlan1默认分过
[sw1-GigabitEthernet0/0/2]port trunk allow-pass vlan 2
[sw1-GigabitEthernet0/0/3]port trunk allow-pass vlan 2
[sw1-Eth-Trunk0]port trunk allow-pass vlan 2

sw2同上

sw3与sw4做trunk，做VLAN，划分VLAN.
sw3

[sw3]vlan 2
[sw3-vlan2]Q
[sw3]int g0/0/4
[sw3-GigabitEthernet0/0/4]port link-type access
[sw3-GigabitEthernet0/0/4]port default vlan 2
[sw3-GigabitEthernet0/0/4]q
[sw3]port-group group-member g0/0/1 to g0/0/2
[sw3-port-group]port link-type trunk
[sw3-GigabitEthernet0/0/1]port link-type trunk
[sw3-GigabitEthernet0/0/2]port link-type trunk
[sw3-port-group]port trunk allow-pass vlan 2
[sw3-GigabitEthernet0/0/1]port trunk allow-pass vlan 2
[sw3-GigabitEthernet0/0/2]port trunk allow-pass vlan 2

sw4同上

三、生成树STP

sw1
以sw1为锚点做
[sw1]stp enable
[sw1]stp mode mstp //定义协议
[sw1]stp region-configuration
[sw1-mst-region]region-name a
[sw1-mst-region]instance 1 vlan 1
[sw1-mst-region]instance 2 vlan 2
[sw1-mst-region]active region-configuration //激活

sw2,sw3,sw4同上
完成此操作理论上四台交换机是基于两个生成树.

根据分流规则，sw1需要做VLAN 1的根（组1的根），组2的备份根，因为加入sw1坏了，根也不能被sw3抢走.
sw1
[sw1]stp instance 1 root primary //组1的主根
[sw1]stp instance 2 root secondary //组2的备份根

sw2
[sw2]stp instance 1 root secondary
[sw2]stp instance 2 root primary

sw3

在边缘设备（连电脑的设备）上做一个加速，避免太慢（sw4一样做此操作）
[sw3]port-group group-member g0/0/3 to g0/0/4
[sw3-port-group]stp edged-port enable
[sw3-GigabitEthernet0/0/3]stp edged-port enable
[sw3-GigabitEthernet0/0/4]stp edged-port enable

sw4

四、起SVI

sw1
[sw1]int vlan 1
[sw1-Vlanif1]ip ad 172.16.1.1 25
[sw1-Vlanif1]int vlan 2
[sw1-Vlanif2]ip ad 172.16.1.129 25

sw2
[sw2]int vlan 1
[sw2-Vlanif1]ip ad 172.16.1.2 25
[sw2-Vlanif1]int vlan 2
[sw2-Vlanif2]ip ad 172.16.1.130 25

检验

五、VRRP

VLAN1中：
sw1
[sw1-Vlanif2]int vlan 1
[sw1-Vlanif1]vrrp vrid 1 virtual-ip 172.16.1.126 //启动VRRP，定义虚拟IP
[sw1-Vlanif1]vrrp vrid 1 priority 105 //改优先级，
[sw1-Vlanif1]vrrp vrid 1 track interface g0/0/1 reduced 6 //做追踪G0/0/1链路，若其坏了，本地优先级下调6
sw2

[sw2]int vlan 1
[sw2-Vlanif1]vrrp vrid 1 virtual-ip 172.16.1.126

查看

VLAN 2中：

sw2
[sw2-Vlanif1]int vlan 2
[sw2-Vlanif2]vrrp vrid 1 v
[sw2-Vlanif2]vrrp vrid 1 virtual-ip 172.16.1.254
[sw2-Vlanif2]vrrp vrid 1 priority 105
[sw2-Vlanif2]vrrp vrid 1 track int g0/0/1 reduced 6
sw1
[sw1-Vlanif1]int vlan 2
[sw1-Vlanif2]vrrp vrid 1 virtual-ip 172.16.1.254

查看

六、DHCP

sw1
[sw1]dhcp enable
Info: The operation may take a few seconds. Please wait for a moment.done.
[sw1]ip pool v1
Info:It’s successful to create an IP address pool.
[sw1-ip-pool-v1]network 172.16.1.0 mask 25
[sw1-ip-pool-v1]gateway-list 172.16.1.126
[sw1-ip-pool-v1]dns-list 114.114.114.114 8.8.8.8
[sw1-ip-pool-v1]ip pool v2
Info:It’s successful to create an IP address pool.
[sw1-ip-pool-v2]network 172.16.1.128 mask 25
[sw1-ip-pool-v2]gateway-list 172.16.1.254
[sw1-ip-pool-v2]dns-list 114.114.114.114 8.8.8.8
[sw1-ip-pool-v2]int vlan 1
[sw1-Vlanif1]dhcp select global
[sw1-Vlanif1]int vlan 2
[sw1-Vlanif2]dhcp select global

sw2同上

操作完后在各个PC端通过DHCP获取IP地址

七、路由（先配IP）

(一)配公网IP
R1
[r1]int g0/0/2
[r1-GigabitEthernet0/0/2]ip ad 12.1.1.1 24
Aug 4 2022 16:22:48-08:00 r1 %%01IFNET/4/LINK_STATE(l)[0]:The line protocol IP
on the interface GigabitEthernet0/0/2 has entered the UP state.
[r1-GigabitEthernet0/0/2]int g0/0/0 //内网接口
[r1-GigabitEthernet0/0/0]ip ad 172.16.0.1 30
Aug 4 2022 16:23:14-08:00 r1 %%01IFNET/4/LINK_STATE(l)[1]:The line protocol IP
on the interface GigabitEthernet0/0/0 has entered the UP state.
[r1-GigabitEthernet0/0/0]int g0/0/1 //内网接口
[r1-GigabitEthernet0/0/1]ip ad 172.16.0.5 30

ISP
[isp]int g0/0/2
[isp-GigabitEthernet0/0/2]ip ad 12.1.1.2 24
Aug 4 2022 16:24:53-08:00 isp %%01IFNET/4/LINK_STATE(l)[0]:The line protocol IP
on the interface GigabitEthernet0/0/2 has entered the UP state.
[isp-GigabitEthernet0/0/2]int l0
[isp-LoopBack0]ip ad 6.6.6.6 24

sw1
[sw1]vlan 99
[sw1-vlan99]int vlan 99
[sw1-Vlanif99]ip ad 172.16.0.2 30
[sw1-Vlanif99]int g0/0/3
[sw1-GigabitEthernet0/0/3]int g0/0/1
[sw1-GigabitEthernet0/0/1]port link-type access
[sw1-GigabitEthernet0/0/1]port default vlan 99

sw2
[sw2]vlan 99
[sw2-vlan99]int vlan 99
[sw2-Vlanif99]int g0/0/1
[sw2-GigabitEthernet0/0/1]port link-type access
[sw2-GigabitEthernet0/0/1]port default vlan 99

检验

（二）
R1
[r1]ospf 1 router-id 1.1.1.1
[r1-ospf-1]a 0
[r1-ospf-1-area-0.0.0.0]network 172.16.0.1 0.0.0.0
[r1-ospf-1-area-0.0.0.0]network 172.16.0.5 0.0.0.0

sw1
[sw1]ospf 1 router-id 2.2.2.2
[sw1-ospf-1]a 0
[sw1-ospf-1-area-0.0.0.0]network 172.16.0.2 0.0.0.0
[sw1-ospf-1-area-0.0.0.0]q
[sw1-ospf-1]a 1
[sw1-ospf-1-area-0.0.0.1]network 172.16.1.1 0.0.0.0
[sw1-ospf-1-area-0.0.0.1]network 172.16.1.129 0.0.0.0

sw2

[sw2]ospf 1 router-id 3.3.3.3
[sw2-ospf-1]a 0
[sw2-ospf-1-area-0.0.0.0]network 172.16.0.6 0.0.0.0
[sw2-ospf-1-area-0.0.0.0]q
[sw2-ospf-1]a 1
[sw2-ospf-1-area-0.0.0.1]network 172.16.1.130 0.0.0.0

（三）沉默接口

sw1

[sw1]ospf 1
[sw1-ospf-1]silent-interface all
[sw1-ospf-1]undo silent-interface GigabitEthernet 0/0/1
[sw1-ospf-1]undo silent-interface Eth-Trunk 0
[sw1-ospf-1]undo silent-interface vlanif 1
[sw1-ospf-1]undo silent-interface vlanif 9
sw2
[sw2]ospf 1
[sw2-ospf-1]silent-interface GigabitEthernet 0/0/2
[sw2-ospf-1]silent-interface GigabitEthernet 0/0/3
[sw2-ospf-1]silent-interface vlanif 2

（三）汇总，实现负载均衡
sw1
[sw1]ospf 1
[sw1-ospf-1]a 1
[sw1-ospf-1-area-0.0.0.1]abr-summary 172.16.1.0 255.255.255.0

sw2
[sw2]ospf 1
[sw2-ospf-1]a 1
[sw2-ospf-1-area-0.0.0.1]abr-summary 172.16.1.0 255.255.255.0

（四）做缺省.
[r1]ip route-static 0.0.0.0 0 12.1.1.2 //缺省下一跳指向运营商
[r1]ospf 1
[r1-ospf-1]default-route-advertise //OSPF协议里导入缺省
[r1-ospf-1]q
[r1]acl 2000
[r1-acl-basic-2000]rule permit source 172.16.0.0 0.0.255.255
[r1-acl-basic-2000]int g0/0/2
[r1-GigabitEthernet0/0/2]nat outbound 2000

完善可在交换机上做防环.

sw1
[sw1]ip route-static 172.16.1.0 24 null 0
sw2
[sw2]ip route-static 172.16.1.0 24 null 0

测试：