自学内容网 自学内容网

HCIP小型园区网拓扑实验

1.拓扑以及需求

2.需求分析

需要的核心技术

1、虚拟局域网(VLAN)

2、链路聚合(E-trunk)

3、多生成树协议(MSTP)

4、VLANIF三层逻辑接口

5、虚拟路由冗余协议(VRRP)

6、动态主机配置协议(DHCP)

7、放式最短路径优先(OSPF)

8、网络地址转换协议(NAT)

第一步先从接入层入手划分vlan并放通,进行链路聚合等操作,第二步防止成环并给交换机做备份配置MSTP与VRRP,然后配置DHCP给PC分配IP(这里的DHCP也要做备份),此时二层交换部分就已经做完了。到了三层部分配置动态路由协议OSPF,在边界路由器配置NAT访问外网。

3.详细配置

3.1VLAN规划

LSW3

<SW3>system-view //进入用户试图
[SW3]vlan batch 2 3 20 30 //创建VLAN
[SW3]interface GigabitEthernet 0/0/1 //进入接口
[SW3-GigabitEthernet0/0/1]port link-type access //将接口设为接入模式
[SW3-GigabitEthernet0/0/1]port default vlan 2 //将VLAN划入接口

<SW3>system-view 
[SW3]vlan batch 2 3 20 30
[SW3]interface GigabitEthernet 0/0/2
[SW3-GigabitEthernet0/0/2]port link-type access 
[SW3-GigabitEthernet0/0/2]port default vlan 3

<SW3>system-view 
[SW3]vlan batch 2 3 20 30
[SW3]port-group group-member GigabitEthernet 0/0/3 GigabitEthernet 0/0/4 //创建组接口批量操作
[SW3-GigabitEthernet0/0/3]port link-type trunk  //将接口设为干道模式
[SW3-port-group]port trunk allow-pass vlan 2 3 20 30 //放行接口

LSW4

<SW4>system-view
[SW4]vlan batch 2 3 20 30
[SW4]interface GigabitEthernet 0/0/1 
[SW4-GigabitEthernet0/0/1]port link-type access 
[SW4-GigabitEthernet0/0/1]port default vlan 20 

<SW4>system-view 
[SW4]vlan batch 2 3 20 30
[SW4]interface GigabitEthernet 0/0/2
[SW4-GigabitEthernet0/0/2]port link-type access 
[SW4-GigabitEthernet0/0/2]port default vlan 30

<SW4>system-view 
[SW4]vlan batch 2 3 20 30
[SW4]port-group group-member GigabitEthernet 0/0/3 GigabitEthernet 0/0/4 
[SW4-GigabitEthernet0/0/3]port link-type trunk 
[SW4-port-group]port trunk allow-pass vlan 2 3 20 30 

LSW1

<SW1>system-view
[SW1]port-group group-member GigabitEthernet 0/0/3 GigabitEthernet 0/0/4
[SW1-port-group]port link-type trunk 
[SW1-port-group]port trunk allow-pass vlan 2 3 20 30

LSW2

<SW2>system-view
[SW2]port-group group-member GigabitEthernet 0/0/3 GigabitEthernet 0/0/4
[SW2-port-group]port link-type trunk 
[SW2-port-group]port trunk allow-pass vlan 2 3 20 30

3.2链路聚合

将多个物理接口捆绑成一个逻辑接口起到增加带宽,负载分担的作用。逻辑接口也要放通VLAN。

LSW1

[SW1]int Eth-Trunk 0 //创建逻辑接口
[SW1-Eth-Trunk0]trunkport GigabitEthernet 0/0/1 to 0/0/2 

LSW2

[SW2]int Eth-Trunk 0 //创建逻辑接口
[SW2-Eth-Trunk0]trunkport GigabitEthernet 0/0/1 to 0/0/2 

3.3配置MSTP

LSW1

[SW1]stp enable //启用生成树协议
[SW1]stp mode mstp //将模式设置为mstp
[SW1]stp region-configuration //进入mstp域配置视图
[SW1-mst-region]region-name aa //修改域名,默认域名为本地MAC地址
[SW1-mst-region]instance 1 vlan 2 3 //配置实例与VLAN的映射关系
[SW1-mst-region]instance 2 vlan 20 30
[SW1-mst-region]active region-configuration //激活域配置,如果没有激活,则前面的配置无效
[SW1]quit 

[SW1]stp instance 1 root primary //将SW1设定为实例1的主根
[SW1]stp instance 2 root secondary // //将SW1设定为实例2的副根

LSW2

[SW2]stp enable 
[SW2]stp mode mstp 
[SW2]stp region-configuration 
[SW2-mst-region]region-name aa 
[SW2-mst-region]instance 1 vlan 2 3 
[SW2-mst-region]instance 2 vlan 20 30
[SW2-mst-region]active region-configuration 
[SW2]quit 

[SW2]stp instance 2 root primary 
[SW2]stp instance 1 root secondary 

LSW3

[SW3]stp enable 
[SW3]stp mode mstp 
[SW3]stp region-configuration 
[SW3-mst-region]region-name aa 
[SW3-mst-region]instance 1 vlan 2 3 
[SW3-mst-region]instance 2 vlan 20 30
[SW3-mst-region]active region-configuration 

LSW4

[SW4]stp enable 
[SW4]stp mode mstp 
[SW4]stp region-configuration 
[SW4-mst-region]region-name aa 
[SW4-mst-region]instance 1 vlan 2 3 
[SW4-mst-region]instance 2 vlan 20 30
[SW4-mst-region]active region-configuration 

[SW1]display stp region-configuration 
[SW1]display stp brief 

3.4配置VLANIF

LSW1

[SW1]int Vlanif 2 //创建vlanif接口---逻辑三层接口
[SW1-Vlanif2]ip address 10.0.2.1 24

[SW1]int Vlanif 3
[SW1-Vlanif3]ip address 10.0.3.1 24

[SW1]int Vlanif 20
[SW1-Vlanif20]ip address 10.0.20.1 24

[SW1]int Vlanif 30
[SW1-Vlanif30]ip address 10.0.30.1 24

LSW2

[SW2]int Vlanif 2 //创建vlanif接口---逻辑三层接口
[SW2-Vlanif2]ip address 10.0.2.129 24 //主机位配置129方便后续配置DHCP排除IP

[SW2]int Vlanif 3
[SW2-Vlanif3]ip address 10.0.3.129 24

[SW2]int Vlanif 20
[SW2-Vlanif20]ip address 10.0.20.129 24

[SW2]int Vlanif 30
[SW2-Vlanif30]ip address 10.0.30.129 24

3.5配置VRRP

LSW1

[SW1]int Vlanif 2
[SW1-Vlanif2]vrrp vrid 2 virtual-ip 10.0.2.254 //配置虚拟路由器IP作为PC网关
[SW1-Vlanif2]vrrp vrid  2 priority 120 //提高优先级为master状态

[SW1]int Vlanif 3
[SW1-Vlanif3]vrrp vrid 3 virtual-ip 10.0.3.254
[SW1-Vlanif3]vrrp vrid  3 priority 120

[SW1]int Vlanif 20
[SW1-Vlanif20]vrrp vrid 20 virtual-ip 10.0.20.254 //作为虚拟路由器的备份网关,不需要提高优先级

[SW1]int Vlanif 30
[SW1-Vlanif30]vrrp vrid 30 virtual-ip 10.0.30.254

LSW2

[SW1]int Vlanif 2
[SW1-Vlanif2]vrrp vrid 2 virtual-ip 10.0.2.254

[SW1]int Vlanif 3
[SW1-Vlanif3]vrrp vrid 3 virtual-ip 10.0.3.254

[SW1]int Vlanif 20
[SW1-Vlanif20]vrrp vrid 20 virtual-ip 10.0.20.254
[SW1-Vlanif20]vrrp vrid  20 priority 120

[SW1]int Vlanif 30
[SW1-Vlanif30]vrrp vrid 30 virtual-ip 10.0.30.254
[SW1-Vlanif30]vrrp vrid  30 priority 120

<SW1>display vrrp brief 

3.6配置DHCP

配置的DHCP也要备份,因此采用排除一半地址池的办法 ,留一半给备份设备分配

LSW1

[SW1]dhcp enable 
[SW1]ip pool vlan2 //创建名为vlan2的IP地址池
[SW1-ip-pool-vlan2]network 10.0.2.0 mask 24 //宣告网段
[SW1-ip-pool-vlan2]gateway-list 10.0.2.254 //设置网关
[SW1-ip-pool-vlan2]dns-list 8.8.8.8 //域名解析服务器
[SW1-ip-pool-vlan2]excluded-ip-address 10.0.2.129 10.0.2.253 //排除地址池一半的IP

[SW1]int Vlanif 2
[SW1-Vlanif2]dhcp select global 


[SW1]ip pool vlan3 
[SW1-ip-pool-vlan3]network 10.0.3.0 mask 24 
[SW1-ip-pool-vlan3]gateway-list 10.0.3.254 
[SW1-ip-pool-vlan3]dns-list 8.8.8.8 
[SW1-ip-pool-vlan3]excluded-ip-address 10.0.3.129 10.0.3.253 

[SW1]int Vlanif 3
[SW1-Vlanif3]dhcp select global 

[SW1]ip pool vlan20 
[SW1-ip-pool-vlan20]network 10.0.20.0 mask 24 
[SW1-ip-pool-vlan20]gateway-list 10.0.20.254 
[SW1-ip-pool-vlan20]dns-list 8.8.8.8 
[SW1-ip-pool-vlan20]excluded-ip-address 10.0.20.129 10.0.20.253 

[SW1]int Vlanif 20
[SW1-Vlanif3]dhcp select global

[SW1]ip pool vlan30
[SW1-ip-pool-vlan30]network 10.0.30.0 mask 24 
[SW1-ip-pool-vlan30]gateway-list 10.0.30.254 
[SW1-ip-pool-vlan30]dns-list 8.8.8.8 
[SW1-ip-pool-vlan30]excluded-ip-address 10.0.30.129 10.0.30.253 

[SW1]int Vlanif 30
[SW1-Vlanif3]dhcp select global 

LSW2

[SW1]dhcp enable 
[SW1]ip pool vlan2 
[SW1-ip-pool-vlan2]network 10.0.2.0 mask 24 
[SW1-ip-pool-vlan2]gateway-list 10.0.2.254 
[SW1-ip-pool-vlan2]dns-list 8.8.8.8 
[SW1-ip-pool-vlan2]excluded-ip-address 10.0.2.1 10.0.2.128 

[SW1]int Vlanif 2
[SW1-Vlanif2]dhcp select global 


[SW1]ip pool vlan3 
[SW1-ip-pool-vlan3]network 10.0.3.0 mask 24 
[SW1-ip-pool-vlan3]gateway-list 10.0.3.254 
[SW1-ip-pool-vlan3]dns-list 8.8.8.8 
[SW1-ip-pool-vlan3]excluded-ip-address 10.0.3.1 10.0.3.128

[SW1]int Vlanif 3
[SW1-Vlanif3]dhcp select global 

[SW1]ip pool vlan20 
[SW1-ip-pool-vlan20]network 10.0.20.0 mask 24 
[SW1-ip-pool-vlan20]gateway-list 10.0.20.254 
[SW1-ip-pool-vlan20]dns-list 8.8.8.8 
[SW1-ip-pool-vlan20]excluded-ip-address 10.0.20.1 10.0.20.128

[SW1]int Vlanif 20
[SW1-Vlanif3]dhcp select global

[SW1]ip pool vlan30
[SW1-ip-pool-vlan30]network 10.0.30.0 mask 24 
[SW1-ip-pool-vlan30]gateway-list 10.0.30.254 
[SW1-ip-pool-vlan30]dns-list 8.8.8.8 
[SW1-ip-pool-vlan30]excluded-ip-address 10.0.30.1 10.0.30.128

[SW1]int Vlanif 30
[SW1-Vlanif3]dhcp select global 

PC1的IP

PC3的IP

此时二层的配置就已经全部做完了

3.7配置接口IP

AR1

<R1>system-view 
[R1]int g0/0/0
[R1-GigabitEthernet0/0/0]ip address 202.1.1.1 24

[R1]int g0/0/1
[R1-GigabitEthernet0/0/1]ip address 10.0.0.2 30

[R1]int g0/0/2
[R1-GigabitEthernet0/0/2]ip address 10.0.0.6 30

AR2

<R2>system-view 
[R2]int g0/0/0
[R2-GigabitEthernet0/0/0]ip add 202.1.1.2 30

[R2]int LoopBack 0
[R2-LoopBack0]ip add 100.100.100.100 32

SW1

<SW1>system-view 
[SW1]vlan 13 101
[SW1]interface Vlanif 13
[SW1-Vlanif101]ip address 10.0.0.9 30
[SW1]interface Vlanif 101
[SW1-Vlanif101]ip address 10.0.0.1 30

[SW1]int Eth-Trunk 12
[SW1-Eth-Trunk12]port link-type trunk 
[SW1-Eth-Trunk12]port trunk allow-pass vlan 13

[SW1]int g0/0/5
[SW1-GigabitEthernet0/0/5]port link-type access
[SW1-GigabitEthernet0/0/5]port default vlan 101

SW2

<SW2>system-view 
[SW2]vlan 13 102
[SW2]interface Vlanif 13
[SW2-Vlanif13]ip address 10.0.0.10 30

[SW2]interface Vlanif 102
[SW2-Vlanif101]ip address 10.0.0.5 30

[SW2]int Eth-Trunk 12
[SW1-Eth-Trunk12]port link-type trunk 
[SW1-Eth-Trunk12]port trunk allow-pass vlan 13

[SW2]int g0/0/5
[SW2-GigabitEthernet0/0/5]port link-type access
[SW2-GigabitEthernet0/0/5]port default vlan 102

3.8配置OSPF

这里防止防止上行链路故障SW1与SW2也要建立邻接关系

AR1

<R1>system-view 
[R1]ospf 1
[R1-ospf-1]area 0
[R1-ospf-1-area-0.0.0.0]network 10.0.0.2 0.0.0.0 
[R1-ospf-1-area-0.0.0.0]network 10.0.0.6 0.0.0.0

SW1

<SW1>system-view 
[SW1]ospf 1
[SW1-ospf-1]area 0
[SW1-ospf-1-area-0.0.0.0]network 10.0.0.1 0.0.0.0
[SW1-ospf-1-area-0.0.0.0]network 10.0.0.9 0.0.0.0
[SW1-ospf-1-area-0.0.0.0]network 10.0.2.1 0.0.0.0
[SW1-ospf-1-area-0.0.0.0]network 10.0.3.1 0.0.0.0
[SW1-ospf-1-area-0.0.0.0]network 10.0.20.1 0.0.0.0
[SW1-ospf-1-area-0.0.0.0]network 10.0.30.1 0.0.0.0

[SW1-ospf-1]display ospf peer brief 

SW2

<SW2>system-view 
[SW2]ospf 1
[SW2-ospf-1]area 0
[SW2-ospf-1-area-0.0.0.0]network 10.0.0.5 0.0.0.0
[SW2-ospf-1-area-0.0.0.0]network 10.0.0.10 0.0.0.0
[SW2-ospf-1-area-0.0.0.0]network 10.0.2.129 0.0.0.0
[SW2-ospf-1-area-0.0.0.0]network 10.0.3.129 0.0.0.0
[SW2-ospf-1-area-0.0.0.0]network 10.0.20.129 0.0.0.0
[SW2-ospf-1-area-0.0.0.0]network 10.0.30.129 0.0.0.0

[SW1-ospf-1]display ospf peer brief 

从邻居表中可以看到数据的重复更新,可以配置静默接口来使接口不发送与接收OSPF报文

[SW1-ospf-1]silent-interface Vlanif 2
[SW1-ospf-1]silent-interface Vlanif 3
[SW1-ospf-1]silent-interface Vlanif 20
[SW1-ospf-1]silent-interface Vlanif 30

[SW2-ospf-1]silent-interface Vlanif 2
[SW2-ospf-1]silent-interface Vlanif 3
[SW2-ospf-1]silent-interface Vlanif 20
[SW2-ospf-1]silent-interface Vlanif 30

3.9配置NAT

AR1

<R1>system-view 
[R1]acl 2000 //创建ACL列表2000  2000-2999为标准ACL,一个编号为一张大表
[R1-acl-basic-2000]rule 5 permit source 10.0.0.0 0.0.255.255 使用通配符进行匹配,通配符支持0,1混编

[R1]int g0/0/0
[R1-GigabitEthernet0/0/0]nat outbound 2000 //出接口调用acl 2000

实验补充

边界路由器配置缺省

[R1]ip route-static 0.0.0.0 0 202.1.1.2

OSPF边界路由器下发缺省

[R1]ospf 1
[R1-ospf-1]default-route-advertise //后面不用跟always,因为已经配置了指向外网的静态缺省路由

使用PC1去ping100.100.100.100


原文地址:https://blog.csdn.net/FJ70940927/article/details/143678982

免责声明:本站文章内容转载自网络资源,如本站内容侵犯了原著者的合法权益,可联系本站删除。更多内容请关注自学内容网(zxcms.com)!