题目
1、内网IP地址使用172.16.0.0/26分配
2、SW1和SW2之间互为备份
3、VRRP/STP/VLAN/Eth-trunk均使用
4、所有PC均通过DHCP获取IP地址
5、ISP只能配置IP地址
6、所有电脑可以正常访问ISP路由器环回
实验步骤
第一步、规划IP地址
R1-R2:100.1.1.0/24
R2-LSW1:172.16.0.0/30
R2-LSW2:172.16.0.4/30
VLAN 2:172.16.2.0/24
VLAN 3:172.16.3.0/24
第二步、核心层
配置路由器的IP地址
R1(ISP)
<Huawei>system-view
[Huawei]sysname ISP
[ISP]int g0/0/0
[ISP-GigabitEthernet0/0/0]ip address 100.1.1.2 24
[ISP-GigabitEthernet0/0/0]int lo0
[ISP-LoopBack0]ip address 100.1.2.1 24
R2
<Huawei>system-view
[Huawei]sysname R2
[R2]int g0/0/0
[R2-GigabitEthernet0/0/0]ip address 100.1.1.1 24
[R2-GigabitEthernet0/0/0]int g0/0/1
[R2-GigabitEthernet0/0/1]ip address 172.16.0.1 30
[R2-GigabitEthernet0/0/1]int g0/0/2
[R2-GigabitEthernet0/0/2]ip address 172.16.0.5 30
配置VLANIF的IP地址
LSW1
[LSW1]int Vlanif 1
[LSW1-Vlanif1]ip address 172.16.0.2 30LSW2
[LSW2]int Vlanif 1
[LSW2-Vlanif1]ip address 172.16.0.5 30配置OSPF
R1
[R2]ospf 1 router-id 3.3.3.3
[R2-ospf-1]area 0
[R2-ospf-1-area-0.0.0.0]network 172.16.0.0 0.0.255.255LSW1
[LSW1]ospf 1 router-id 1.1.1.1
[LSW1-ospf-1]area 0
[LSW1-ospf-1-area-0.0.0.0]network 172.16.0.0 0.0.255.255LSW2
[LSW2]ospf 1 router-id 2.2.2.2
[LSW2-ospf-1]area 0
[LSW2-ospf-1-area-0.0.0.0]network 172.16.0.0 0.0.255.255配置静态路由、NAT、边界路由器上配置一个下发缺省
让私网能够访问公网,在边界路由器上配置缺省指向公网和做NAT,并向内部网络下发一条缺省。
[R2]ip route-static 0.0.0.0 0 100.1.1.2
[R2]acl 2000
[R2-acl-basic-2000]rule 1 permit source any
[R2-acl-basic-2000]q
[R2]int g0/0/0
[R2-GigabitEthernet0/0/0]nat outbound 2000
[R2]ospf 1
[R2-ospf-1]default-route-advertise always
第三步、汇聚层
配置LSW1-LSW2之间的Eth-trunk链路
LSW1
[LSW1]int Eth-Trunk 1
[LSW1-Eth-Trunk1]trunkport GigabitEthernet 0/0/1
[LSW1-Eth-Trunk1]trunkport GigabitEthernet 0/0/2
[LSW1-Eth-Trunk1]port trunk allow-pass vlan all
[LSW1-Eth-Trunk1]qLSW2
[LSW2]int Eth-Trunk 1
[LSW2-Eth-Trunk1]trunkport GigabitEthernet 0/0/1
[LSW2-Eth-Trunk1]trunkport GigabitEthernet 0/0/2
[LSW2-Eth-Trunk1]port trunk allow-pass vlan all
[LSW2-Eth-Trunk1]q
配置Trunk
LSW1
[LSW1]int g0/0/3
[LSW1-GigabitEthernet0/0/3]port link-type trunk
[LSW1-GigabitEthernet0/0/3]port trunk allow-pass vlan all
[LSW1-GigabitEthernet0/0/3]int g0/0/4
[LSW1-GigabitEthernet0/0/4]port link-type trunk
[LSW1-GigabitEthernet0/0/4]port trunk allow-pass vlan all LSW2
[LSW2]int g0/0/3
[LSW2-GigabitEthernet0/0/3]port link-type trunk
[LSW2-GigabitEthernet0/0/3]port trunk allow-pass vlan all
[LSW2-GigabitEthernet0/0/3]int g0/0/4
[LSW2-GigabitEthernet0/0/4]port link-type trunk
[LSW2-GigabitEthernet0/0/4]port trunk allow-pass vlan all
启动MSTP
vlan 2 放实例2 中,vlan 3 放实例3中
LSW1
[LSW1]stp mode mstp
[LSW1]stp enable
[LSW1]vlan batch 2 3
[LSW1]stp region-configuration
[LSW1-mst-region]region-name 11
[LSW1-mst-region]instance 2 vlan 2
[LSW1-mst-region]instance 3 vlan 3
[LSW1-mst-region]active region-configuration
LSW2
[LSW2]stp mode mstp
[LSW2]stp enable
[LSW2]stp region-configuration
[LSW2-mst-region]region-name 11
[LSW2-mst-region]instance 2 vlan 2
[LSW2-mst-region]instance 3 vlan 3
[LSW2-mst-region]active region-configuration LSW3
[LSW3]stp mode mstp
[LSW3]stp enable
[LSW3]stp region-configuration
[LSW3-mst-region]region-name 11
[LSW3-mst-region]instance 2 vlan 2
[LSW3-mst-region]instance 3 vlan 3
[LSW3-mst-region]active region-configuration LSW4
[LSW4]stp mode mstp
[LSW4]stp enable
[LSW4]stp region-configuration
[LSW4-mst-region]region-name 11
[LSW4-mst-region]instance 2 vlan 2
[LSW4-mst-region]instance 3 vlan 3
[LSW4-mst-region]active region-configuration 指定LSW1为instance 2的主,为instance 3的备份
[LSW1]stp instance 2 root primary
[LSW1]stp instance 3 root secondary
指定LSW2为instance 3的主,为instance 2的备份
[LSW2]stp instance 2 root secondary
[LSW2]stp instance 3 root primary
进行查看生成树
在LSW2 上查看你instance 2 ,可以看出是以自己为根
在LSW2 上查看你instance 3 ,可以看出是以自己为根
在去LSW 3上看instance 2的阻塞的是连接LSW2的链路接口g0/0/4。
在去LSW 4上看instance 3的阻塞的是连接LSW1的链路接口g0/0/4。
配置VLANIF的IP地址
LSW1
[LSW1]int Vlanif 2
[LSW1-Vlanif2]ip address 172.16.2.1 24
[LSW1-Vlanif2]q
[LSW1]int Vlanif 3
[LSW1-Vlanif3]ip address 172.16.3.1 24LSW2
[LSW2]int Vlanif 2
[LSW2-Vlanif2]ip address 172.16.2.2 24
[LSW2-Vlanif2]q
[LSW2]int Vlanif 3
[LSW2-Vlanif3]ip address 172.16.3.2 24配置VRRP
LSW1
[LSW1]int Vlanif 2
[LSW1-Vlanif2]vrrp vrid 1 virtual-ip 172.16.2.254
[LSW1-Vlanif2]vrrp vrid 1 priority 200
[LSW1-Vlanif2]vrrp vrid 1 track interface Vlanif 1 reduced 150
[LSW1-Vlanif2]q
[LSW1]int Vlanif 3
[LSW1-Vlanif3]vrrp vrid 2 virtual-ip 172.16.3.254
[LSW1-Vlanif3]vrrp vrid 2 priority 100
LSW2
[LSW2]int Vlanif 2
[LSW2-Vlanif2]vrrp vrid 1 virtual-ip 172.16.2.254
[LSW2-Vlanif2]vrrp vrid 1 priority 100
[LSW2]int Vlanif 3
[LSW2-Vlanif3]vrrp vrid 2 virtual-ip 172.16.3.254
[LSW2-Vlanif3]vrrp vrid 2 priority 200
[LSW2-Vlanif3]vrrp vrid 2 track interface Vlanif 1 reduced 150配置DHCP
LSW1
[LSW1]ip pool aa
Info:It's successful to create an IP address pool.
[LSW1-ip-pool-aa]network 172.16.2.0 mask 24
[LSW1-ip-pool-aa]gateway-list 172.16.2.254
[LSW1-ip-pool-aa]dns-list 8.8.8.8
[LSW1-ip-pool-aa]q
[LSW1]ip pool bb
Info:It's successful to create an IP address pool.
[LSW1-ip-pool-bb]network 172.16.3.0 mask 24
[LSW1-ip-pool-bb]gateway-list 172.16.3.254
[LSW1-ip-pool-bb]dns-list 8.8.8.8
[LSW1-ip-pool-bb]q
[LSW1]dhcp enable
[LSW1]int Vlanif 2
[LSW1-Vlanif2]dhcp select global
[LSW1-Vlanif2]q
[LSW1]int Vlanif 3
[LSW1-Vlanif3]dhcp select global LSW2
[LSW2]ip pool aa
Info:It's successful to create an IP address pool.
[LSW2-ip-pool-aa] gateway-list 172.16.2.254
[LSW2-ip-pool-aa] network 172.16.2.0 mask 24
[LSW2-ip-pool-aa] dns-list 8.8.8.8
[LSW2-ip-pool-aa]q
[LSW2]ip pool bb
Info:It's successful to create an IP address pool.
[LSW2-ip-pool-bb] gateway-list 172.16.3.254
[LSW2-ip-pool-bb] network 172.16.3.0 mask 24
[LSW2-ip-pool-bb] dns-list 8.8.8.8
[LSW2-ip-pool-bb] dhcp enable
[LSW2]int Vlanif 2
[LSW2-Vlanif2]dhcp select global
[LSW2-Vlanif2]q
[LSW2]int Vlanif 3
[LSW2-Vlanif3]dhcp select global
[LSW2-Vlanif3]q 查看PC机自动获取到的IP地址
第四步、接入层
VLAN划分
LSW5
<Huawei>system-view
[Huawei]sysname LSW3
[LSW3]vlan batch 2 3
Info: This operation may take a few seconds. Please wait for a moment...done.
[LSW3]int g0/0/1
[LSW3-GigabitEthernet0/0/1]port link-type access
[LSW3-GigabitEthernet0/0/1]port default vlan 2
[LSW3-GigabitEthernet0/0/1]int g0/0/2
[LSW3-GigabitEthernet0/0/2]port link-type access
[LSW3-GigabitEthernet0/0/2]port default vlan 3
[LSW3-GigabitEthernet0/0/2]int g0/0/3
[LSW3-GigabitEthernet0/0/3]port link-type trunk
[LSW3-GigabitEthernet0/0/3]port trunk allow-pass vlan all
[LSW3-GigabitEthernet0/0/3]int g0/0/4
[LSW3-GigabitEthernet0/0/4]port link-type trunk
[LSW3-GigabitEthernet0/0/4]port trunk allow-pass vlan all LSW4
<Huawei>system-view
[Huawei]sysname LSW4
[LSW4]vlan batch 2 3
Info: This operation may take a few seconds. Please wait for a moment...done.
[LSW4]int g0/0/1
[LSW4-GigabitEthernet0/0/1]port link-type access
[LSW4-GigabitEthernet0/0/1]port default vlan 2
[LSW4-GigabitEthernet0/0/1]int g0/0/2
[LSW4-GigabitEthernet0/0/2]port link-type access
[LSW4-GigabitEthernet0/0/2]port default vlan 3
[LSW4-GigabitEthernet0/0/2]int g0/0/3
[LSW4-GigabitEthernet0/0/3]port link-type trunk
[LSW4-GigabitEthernet0/0/3]port trunk allow-pass vlan all
[LSW4-GigabitEthernet0/0/3]int g0/0/4
[LSW4-GigabitEthernet0/0/4]port link-type trunk
[LSW4-GigabitEthernet0/0/4]port trunk allow-pass vlan all 第五步、测试
PC1访问全网
PC4访问全网
先在PC2上查看访问100.1.2.1路由追踪,它是走的LSW2,然后到达的目的,就满足当链路正常的时候VLAN3 的路由走LSW2设备。
当我们断开链路或故障,依然可以到达100.1.2.1,就启用了备份路径LSW1设备。
先在PC3上查看访问100.1.2.1路由追踪,它是走的LSW1,然后到达的目的。就满足当链路正常的时候VLAN2 的路由走LSW1设备。
当我们断开链路或故障,依然可以到达100.1.2.1,就启用了备份路径LSW2设备。
