• 实验拓扑图：

• 实验需求

1、内网IP地址使用172.16.0.0/16

2、SW1和SW2之间互为备份；

3、VRRP/stp/vlan/eth-trunk均使用；

4、所有pc均通过DHCP获取IP地址；

5、ISP只配置IP地址；

6、所有电脑可以正常访问ISP路由器环回

三、配置思路：

1、划分IP网段，拓扑图中共4个网段，划分网段方式多样，上图划分方式可做参考。

2、创建eth-trunk，加入相应接口

3、创建vlan、划分vlan、trunk干道

4、MSTP

5、配置VRRP，增强设备可靠性

6、配置DHCP，并测试

7、交换机（sw1/sw2）与路由器之间的配置（IP地址及路由），这一步中的路由协议的选择看个人，静态、动态都可以实现全网通，本次实验因为路由器个数少，故我选择了配置静态路由。

8、配置NAT，做公私网的转换。

9、测试全网通

四、实验步骤：

ISP:

[ISP]int g0/0/0

[ISP-GigabitEthernet0/0/0]ip add 12.0.0.2 24

[ISP]int l0

[ISP-LoopBack0]ip add 2.2.2.2 24

R:

配置设备IP地址

[R1]int g0/0/1

[R1-GigabitEthernet0/0/1]ip add 172.16.0.130 26

[R1]int g0/0/2

[R1-GigabitEthernet0/0/2]ip add 172.16.0.194 26

[R1]int g0/0/0

[R1-GigabitEthernet0/0/0]ip add 12.0.0.1 24

配置R1到vlan2、vlan3之间的路由

[R1]ip route-static 172.16.0.0 26 172.16.0.129

[R1]ip route-static 172.16.0.0 26 172.16.0.193

[R1]ip route-static 172.16.0.64 26 172.16.0.129

[R1]ip route-static 172.16.0.64 26 172.16.0.193

在网络出口设备上做nat，保证内网的流量能上到公网

[R1]acl 2000

[R1-acl-basic-2000]rule permit source 172.16.0.0 0.0.0.255

[R1]int g0/0/0

[R1-GigabitEthernet0/0/0]nat outbound 2000

在网络出口设备上做缺省路由

[R1]ip route-static 0.0.0.0 0 12.0.0.2

SW1:

配置接口：

[sw1]vlan 2

[sw1-vlan2]vlan 3

[sw1]vlan 10

[sw1]vlan 20

[SW1]port-group group-member g0/0/3 to g0/0/4

[SW1-GigabitEthernet0/0/3]port link-type trunk

[SW1-GigabitEthernet0/0/4]port link-type trunk  

[SW1-port-group]port trunk allow-pass vlan 2 3

[SW1-GigabitEthernet0/0/3]port trunk allow-pass vlan 2 3

[SW1-GigabitEthernet0/0/4]port trunk allow-pass vlan 2 3

启动stp协议：

[SW1]stp enable

[SW1]stp mode mstp

[SW1]stp region-configuration

[SW1-mst-region]region-name aa

[SW1-mst-region]instance 1 vlan 2

[SW1-mst-region]instance 2 vlan 3

[SW1-mst-region]active region-configuration

放通聚合链路的vlan2、vlan3、vlan10、vlan20

[SW1]int Eth-Trunk 0

[SW1-Eth-Trunk0]trunkport GigabitEthernet 0/0/1 to 0/0/2

[SW1-Eth-Trunk0]port link-type trunk

[SW1-Eth-Trunk0]port trunk allow-pass vlan 2 3 10 20

在SW1中Vlan2为备份网关，vlan3为主网关

[SW1]int Vlanif 2

[SW1-Vlanif2]ip add 172.16.0.1 26

[SW1-Vlanif2]vrrp vrid 1 virtual-ip 172.16.0.62

[SW1-Vlanif2]vrrp vrid 1 priority 120

[SW1-Vlanif2]vrrp vrid 1 track interface g0/0/5 reduced 30

[SW1]int Vlanif 3

[SW1-Vlanif3]ip add 172.16.0.65 26

[SW1-Vlanif3]vrrp vrid 2 virtual-ip 172.16.0.126

备份根：

[SW1]stp instance 1 root primary    

[SW1]stp instance 2 root secondary

Dhcp协议：

[SW1]dhcp enable

[SW1]ip pool aa

[SW1-ip-pool-aa]network 172.16.0.0 mask 26

[SW1-ip-pool-aa]gateway-list 172.16.0.62

[SW1-ip-pool-aa]dns-list 8.8.8.8

[SW1]ip pool bb

[SW1-ip-pool-bb]network 172.16.0.64 mask 26

[SW1-ip-pool-bb]gateway-list 172.16.0.126

[SW1-ip-pool-bb]dns-list 8.8.8.8

[SW1]int Vlanif 2

[SW1-Vlanif2]dhcp select global

[SW1]int Vlanif 3

[SW1-Vlanif3]dhcp select global

通过vlanif10:

[SW1]vlan 10

[SW1]int g0/0/5

[SW1-GigabitEthernet0/0/5]port link-type access

[SW1-GigabitEthernet0/0/5]port default vlan 10

[SW1]int Vlanif 10

[SW1-Vlanif10]ip add 172.16.0.129 26

配置SW1与R1之间的路由

[SW1]ip route-static 0.0.0.0 0 172.16.0.130

SW2:

配置接口：

[sw2]vlan 2

[sw2-vlan2]vlan 3

[sw2]vlan 20

[sw2]vlan 10

[SW2]port-group group-member g0/0/3 to g0/0/4

[SW2-port-group]port link-type trunk

[SW2-GigabitEthernet0/0/3]port link-type trunk

[SW2-GigabitEthernet0/0/4]port link-type trunk

[SW2-port-group]port trunk allow-pass vlan 2 3

[SW2-GigabitEthernet0/0/3]port trunk allow-pass vlan 2 3

[SW2-GigabitEthernet0/0/4]port trunk allow-pass vlan 2 3

启动stp协议：

[SW2]stp mode mstp

[SW2]stp region-configuration

[SW2-mst-region]region-name aa

[SW2-mst-region]instance 1 vlan 2

[SW2-mst-region]instance 2 vlan 3

[SW2-mst-region]active region-configuration

在SW2中Vlan2为备份网关，vlan3为主网关

[SW2]int Vlanif 2

[SW2-Vlanif2]ip add 172.16.0.2 26

[SW2-Vlanif2]vrrp vrid 1 virtual-ip 172.16.0.62

[SW2]int Vlanif 3

[SW2-Vlanif3]ip add 172.16.0.66 26

[SW2-Vlanif3]vrrp vrid 2 virtual-ip 172.16.0.126

[SW2-Vlanif3]vrrp vrid 2 priority 120

[SW2-Vlanif3]vrrp vrid 2 track interface g0/0/5 reduced 30

放通聚合链路的vlan2、vlan3、vlan10、vlan20

[SW2]int Eth-Trunk 0

[SW2-Eth-Trunk0]port link-type trunk

[SW2-Eth-Trunk0]port trunk allow-pass vlan 2 3 10 20

[SW2]stp instance 1 root secondary    

[SW2]stp instance 2 root primary  

在SW2中Vlan2为主网关，vlan3为备份网关

[SW1]int Vlanif 2

[SW2-Vlanif2]ip add 172.16.0.1 26

[SW2-Vlanif2]vrrp vrid 1 virtual-ip 172.16.0.62

[SW2-Vlanif2]vrrp vrid 1 priority 120

[SW2-Vlanif2]vrrp vrid 1 track interface g0/0/5 reduced 30

[SW2]int Vlanif 3

[SW2-Vlanif3]ip add 172.16.0.65 26

[SW2-Vlanif3]vrrp vrid 2 virtual-ip 172.16.0.126

DHCP配置

[SW2]dhcp enable

[SW2]ip pool aa

[SW2-ip-pool-aa]network 172.16.0.0 mask 26

[SW2-ip-pool-aa]gateway-list 172.16.0.62

[SW2-ip-pool-aa]dns-list 8.8.8.8

[SW2]ip pool bb

[SW2-ip-pool-bb]network 172.16.0.64 mask 26

[SW2-ip-pool-bb]gateway-list 172.16.0.126

[SW2-ip-pool-bb]dns-list 8.8.8.8

[SW2]int Vlanif 2

[SW2-Vlanif2]dhcp select global

[SW2]int Vlanif 3

[SW2-Vlanif3]dhcp select global

通过vlanif20:

[SW2]vlan 20

[SW2]int g0/0/5

[SW2-GigabitEthernet0/0/5]port link-type access

[SW2-GigabitEthernet0/0/5]port default vlan 10

[SW2]int Vlanif 20

[SW2-Vlanif12]ip add 172.16.0.129 26

配置SW2与R1之间的路由

[SW2]ip route-static 0.0.0.0 0 172.16.0.194

SW3:

[SW3]vlan 2

[SW3-vlan2]vlan 3

[SW3-vlan3]q

[SW3]int g0/0/1

[SW3-GigabitEthernet0/0/1]port link-type access

[SW3-GigabitEthernet0/0/1]port default vlan 2

[SW3-GigabitEthernet0/0/1]int g0/0/2

[SW3-GigabitEthernet0/0/2]port link-type access

[SW3-GigabitEthernet0/0/2]

[SW3-GigabitEthernet0/0/2]

[SW3-GigabitEthernet0/0/2]port de

[SW3-GigabitEthernet0/0/2]port default vlan 3

[SW3]port-group group-member g0/0/3 to g0/0/4

[SW3-port-group]port link-type trunk

[SW3-GigabitEthernet0/0/3]port link-type trunk

[SW3-GigabitEthernet0/0/4]port link-type trunk

[SW3-port-group]port trunk allow-pass vlan 2 3

[SW3-GigabitEthernet0/0/3]port trunk allow-pass vlan 2 3

[SW3-GigabitEthernet0/0/4]port trunk allow-pass vlan 2 3

[SW3]stp mode mstp

[SW3]stp region-configuration

[SW3-mst-region]region-name aa

[SW3-mst-region]instance 1 vlan 2

[SW3-mst-region]instance 2 vlan 3

[SW3]port-group group-member g0/0/1 to g0/0/2

[SW3-port-group]stp edged-port en

[SW3-GigabitEthernet0/0/1]stp edged-port en

[SW3-GigabitEthernet0/0/2]stp edged-port en

[SW3]stp bpdu-protection

SW4:

[SW4]vlan b 2 3

[SW4]int g0/0/1

[SW4-GigabitEthernet0/0/1]port link-type access

[SW4-GigabitEthernet0/0/1]port default vlan 2

[SW4-GigabitEthernet0/0/1]int g0/0/2

[SW4-GigabitEthernet0/0/2]port link-type access

[SW4-GigabitEthernet0/0/2]port default vlan 3

[SW4]port-group group-member g0/0/3 to g0/0/4

[SW4-port-group]port link-type trunk

[SW4-GigabitEthernet0/0/3]port link-type trunk

[SW4-GigabitEthernet0/0/4]port link-type trunk

[SW4-port-group]port trunk allow-pass vlan 2 3

[SW4-GigabitEthernet0/0/3]port trunk allow-pass vlan 2 3

[SW4-GigabitEthernet0/0/4]port trunk allow-pass vlan 2 3

[SW4]stp en

[SW4]stp mode mstp

[SW4]stp region-configuration

[SW4-mst-region]region-name aa

[SW4-mst-region]instance 1 vlan 2

[SW4-mst-region]instance 2 vlan 3

[SW4-mst-region]active region-configuration

[SW4]port-group group-member g0/0/1 to g0/0/2

[SW4-port-group]stp edged-port en

[SW4-GigabitEthernet0/0/1]stp edged-port en

[SW4-GigabitEthernet0/0/2]stp edged-port en

[SW4]stp bpdu-protection

实验结果图：

内外网流量图：

DHCP获取情况：

测试主机到2.2.2.0/24的连通性；

比如：测试主机之间的连通性；