目录
需求:
一、拓扑设计
二、配置
①eth-trunk
②创建vlan & 划分vlan & trunk干道配置
③STP生成树根节点备份&负责分担
④SVI及VRRP网关冗余设置
⑤DHCP
⑥通公网
⑦验证
三层架构:核心层,汇聚层,接入层
需求:
1、内网IP地址172.16.0.0/16合理分配、PC1、3在vlan1 PC2、4在vlan2
2、SW1/2之间互为备份
3、VRRP/STP/VLAN/TRUNK均使用
4、所有PC通过DHCP获取ip地址
一、拓扑设计
配置顺序:
①sw1 2之间的Eth-trunk,如果不先搞这个stp会自动赌一根,图都做不成了
②创建vlan 1,2 //这个是划分vlan trunk svi 等的前提
③划分vlan
④trunk干道or Hybrid
⑤STP调根节点的位置做备份 //stp和svi没关系,但是stp始终还在二层,建议比svi先一步
⑤SVI -- 网关和vrrp的前提
⑥vrrp网关冗余
⑦DHCP
IP规划:
公网12.1.1.1/24 12.1.1.2/24
172.16.0.0 /16
骨干172.16.0.0/24
172.16.0.1/30 -- 172.16.0.2/30
172.16.0.5/30 -- 172.16.0.6/30
//172.16.1.0 和128.0汇总后变成172.16.1.0/24 且没有黑洞
vlan1
172.16.1.0/25
vlan2
172.16.128.0/25
二、配置
①eth-trunk
把这两条搞成一个eth-trunk
[sw1]interface Eth-Trunk 0
[sw1-Eth-Trunk0]int g0/0/3
[sw1-GigabitEthernet0/0/3]eth-trunk 0
[sw1-GigabitEthernet0/0/3]int g0/0/4
[sw1-GigabitEthernet0/0/4]eth-trunk 0[sw2]interface Eth-Trunk 0
[sw2-Eth-Trunk0]int g0/0/3
[sw2-GigabitEthernet0/0/3]eth-trunk 0
[sw2-GigabitEthernet0/0/3]int g0/0/4
[sw2-GigabitEthernet0/0/4]eth-trunk 0【display vlan 可以看到已经汇成一条了】
②创建vlan & 划分vlan & trunk干道配置
[sw1]vlan 2
[sw2]vlan 2
[sw3]vlan 2
[sw4]vlan 2[sw3-Ethernet0/0/3]int e0/0/4
[sw3-Ethernet0/0/4]port link-type access
[sw3-Ethernet0/0/4]port default vlan 2
[sw4-vlan2]interface Ethernet0/0/4
[sw4-Ethernet0/0/4]port link-type access
[sw4-Ethernet0/0/4]port default vlan 2//端口组一起操作
[sw1]port-group group-member g0/0/2 g0/0/12 Eth-Trunk 0
[sw1-port-group]port link-type trunk
[sw1-GigabitEthernet0/0/2]port link-type trunk
[sw1-GigabitEthernet0/0/12]port link-type trunk
[sw1-Eth-Trunk0]port link-type trunk
[sw1-port-group]port trunk allow-pass vlan 2
[sw1-GigabitEthernet0/0/2]port trunk allow-pass vlan 2
[sw1-GigabitEthernet0/0/12]port trunk allow-pass vlan 2
[sw1-Eth-Trunk0]port trunk allow-pass vlan 2
[sw2]port-group group-member g0/0/2 g0/0/12 Eth-Trunk 0
[sw2-port-group]port link-type trunk
[sw2-GigabitEthernet0/0/2]port link-type trunk
[sw2-GigabitEthernet0/0/12]port link-type trunk
[sw2-Eth-Trunk0]port link-type trunk
[sw2-port-group]port trunk allow-pass vlan 2
[sw2-GigabitEthernet0/0/2]port trunk allow-pass vlan 2
[sw2-GigabitEthernet0/0/12]port trunk allow-pass vlan 2
[sw2-Eth-Trunk0]port trunk allow-pass vlan 2
[sw3]port-group group-member e0/0/1 to e0/0/2
[sw3-port-group]port link-type trunk
[sw3-Ethernet0/0/1]port link-type trunk
[sw3-Ethernet0/0/2]port link-type trunk
[sw3-port-group]port trunk allow-pass vlan 2
[sw3-Ethernet0/0/1]port trunk allow-pass vlan 2
[sw3-Ethernet0/0/2]port trunk allow-pass vlan 2
[sw4]port-group group-member e0/0/1 to e0/0/2
[sw4-port-group]port link-type trunk
[sw4-Ethernet0/0/1]port link-type trunk
[sw4-Ethernet0/0/2]port link-type trunk
[sw4-port-group]port trunk allow-pass vlan 2
[sw4-Ethernet0/0/1]port trunk allow-pass vlan 2
[sw4-Ethernet0/0/2]port trunk allow-pass vlan 2③STP生成树根节点备份&负责分担
[sw1]stp enable //开启生成树配置
[sw1]stp mode mstp //开启一组一棵树的模式
[sw1]stp region-configuration //分组配置
[sw1-mst-region]region-name a //作用域
[sw1-mst-region]instance 1 vlan 1 //把vlan1放到1组
[sw1-mst-region]instance 2 vlan 2
[sw1-mst-region]active region-configuration //激活分组配置
[sw2]stp enable
[sw2]stp mode mstp
[sw2]stp region-configuration
[sw2-mst-region]region-name a
[sw2-mst-region]instance 1 vlan 1
[sw2-mst-region]instance 2 vlan 2
[sw2-mst-region]active region-configuration
[sw3]stp enable
[sw3]stp mode mstp
[sw3]stp region-configuration
[sw3-mst-region]region-name a
[sw3-mst-region]instance 1 vlan 1
[sw3-mst-region]instance 2 vlan 2
[sw3-mst-region]active region-configuration
[sw4]stp enable
[sw4]stp mode mstp
[sw4]stp region-configuration
[sw4-mst-region]region-name a
[sw4-mst-region]instance 1 vlan 1
[sw4-mst-region]instance 2 vlan 2
[sw4-mst-region]active region-configuration【display stp brief 看一下生成树的简表】
可以看到sw4是在两个vlan里都把0/0/1堵住了,意思vlan1,vlan2的根现在都是sw1,所以接下来改根的优先级来解决这个问题
边缘接口:
用于连接PC的接口,一旦被设定为边缘接口;将不再进行BPDU的发送,且不进行STP的收敛,直接为转发状态; 但若该接口收到了对端的BPDU,将失去边缘特性,重新正常收敛;
[sw1]stp instance 1 root primary
[sw1]stp instance 2 root secondary
[sw2]stp instance 1 root secondary
[sw2]stp instance 2 root primary
//再来设置个边缘接口,起到加速的作用
[sw3]int e0/0/3
[sw3-Ethernet0/0/3]stp edged-port enable
[sw3-Ethernet0/0/3]int e0/0/4
[sw3-Ethernet0/0/4]stp edged-port enable
[sw4]int e0/0/3
[sw4-Ethernet0/0/3]stp edged-port enable
[sw4-Ethernet0/0/3]int e0/0/4
[sw4-Ethernet0/0/4]stp edged-port enable 
④SVI及VRRP网关冗余设置
SVI
【SW1】
interface vlan 1
ip address 172.16.1.2 25
interface vlan 2
ip address 172.16.1.129 25
【SW2】
interface vlan 1
ip address 172.16.1.3 25
interface vlan 2
ip address 172.16.1.130 25[sw1-Vlanif2]interface vlan 1
[sw1-Vlanif1]vrrp vrid 1 virtual-ip 172.16.1.126
//进vlan1以后设置假网关为1.126
[sw1-Vlanif1]vrrp vrid 1 priority 101
//这个网关的优先级为101
[sw1-Vlanif1]vrrp vrid 1 track interface g0/0/1 reduced 6
//如果上行链路断了优先级减6,默认100,所以会竞选不过备份网关
[sw2]interface vlan 1
[sw2-Vlanif1]vrrp vrid 1 virtual-ip 172.16.1.126
[sw2-Vlanif1]vrrp vrid 1 priority 101【display vrrp】
[sw1-Vlanif1]int vlan 2
[sw1-Vlanif2]vrrp vrid 1 virtual-ip 172.16.1.254
[sw2]interface Vlanif 2
[sw2-Vlanif2]vrrp vrid 1 virtual-ip 172.16.1.254
[sw2-Vlanif2]vrrp vrid 1 priority 101
[sw2-Vlanif2]vrrp vrid 1 track interface g0/0/1 reduced 2⑤DHCP
//sw1配置一样这就不展示了
[sw2]ip pool v1
[sw2-ip-pool-v1]network 172.16.1.0 ma 25
[sw2-ip-pool-v1]gateway-list 172.16.1.126
[sw2-ip-pool-v1]dns-list 114.114.114.114 8.8.8.8
[sw2-ip-pool-v1]ip pool v2
[sw2-ip-pool-v2]network 172.16.1.128 ma 25
[sw2-ip-pool-v2]gateway-list 172.16.1.254
[sw2-ip-pool-v2]dns-list 114.114.114.114 8.8.8.8
[sw2]dhcp enable
[sw2]interface vlan 1
[sw2-Vlanif1]dhcp select global
[sw2-Vlanif1]interface vlan 2
[sw2-Vlanif2]dhcp select global
【可以看到两个网段分的非常清楚,网关用的也是vrrp虚拟的那个】
⑥通公网
sw1-R1:172.16.0.1/30 -- 172.16.0.2/30
sw2-R2:172.16.0.5/30 -- 172.16.0.6/30
[sw1]vlan 99
[sw1]int g0/0/1
[sw1-GigabitEthernet0/0/1]port link-type access
[sw1-GigabitEthernet0/0/1]port default vlan 99
[sw1-GigabitEthernet0/0/1]int vlan 99
[sw1-Vlanif99]ip address 172.16.0.1 30
[sw2]vlan 99
[sw2-vlan99]int g0/0/1
[sw2-GigabitEthernet0/0/1]port link-type access
[sw2-GigabitEthernet0/0/1]port default vlan 99
[sw2-GigabitEthernet0/0/1]int vlan 99
[sw2-Vlanif99]ip address 172.16.0.5 30[r1]int g0/0/1
[r1-GigabitEthernet0/0/1]ip address 172.16.0.2 30
[r1-GigabitEthernet0/0/1]int g0/0/2
[r1-GigabitEthernet0/0/2]ip address 172.16.0.6 30
[sw1]ip route-static 0.0.0.0 0 172.16.0.2
[sw2]ip route-static 0.0.0.0 0 172.16.0.6[r1]int g0/0/1
[r1-GigabitEthernet0/0/1]ip address 172.16.0.2 30
[r1-GigabitEthernet0/0/1]int g0/0/2
[r1-GigabitEthernet0/0/2]ip address 172.16.0.6 30
[r1]acl 2000
[r1-acl-basic-2000]rule permit source 172.16.0.0 0.0.255.255
[r1-acl-basic-2000]q
[r1]int g0/0/0
[r1-GigabitEthernet0/0/0]ip address 12.1.1.1 24
[r1-GigabitEthernet0/0/0]nat outbound 2000
[r1]ip route-static 0.0.0.0 0 12.1.1.2
[r1]ip route-static 172.16.0.0 16 172.16.0.1
[r1]ip route-static 172.16.0.0 16 172.16.0.5
//最后两条负载均衡进内网是有路由黑洞的所以配个空接口防环
[r1]ip route-static 172.16.0.0 16 NULL 0
[R2]int g0/0/0
[R2-GigabitEthernet0/0/0]ip address 12.1.1.2 24
[R2-GigabitEthernet0/0/0]int lo 0
[R2-LoopBack0]ip address 2.2.2.2 24⑦验证
【几个pc乱ping,ping通R2环回就说明通公网了】
