实验要求:
1、 掌握汇聚层终结vlan
2、 掌握三层交换机怎样配置IP
3、 掌握三层交换机虚拟接口怎样配IP
实验拓扑:
实验步骤:
1、 划分vlan
---------------------二层交换机-----------------SW2----------------
[SW2]vlan 10
[SW2-vlan10]vlan 20
[SW2-vlan20]int e0/0/1
[SW2-Ethernet0/0/1]port link-type access
[SW2-Ethernet0/0/1]port default vlan 10
[SW2-Ethernet0/0/1]int e0/0/2
[SW2-Ethernet0/0/2]port link-type access
[SW2-Ethernet0/0/2] port default vlan 20
-----------------------SW4-----------------------
[SW4]vlan 10
[SW4-vlan10]vlan 20
[SW4-vlan20]int e0/0/1
[SW4-Ethernet0/0/1]port link-type access
[SW4-Ethernet0/0/1]port default vlan 10
[SW4-Ethernet0/0/1]int e0/0/2
[SW4-Ethernet0/0/2]port link-type access
[SW4-Ethernet0/0/2]port default vlan 20
-------------------------------------三层交换机-----------SW1--------------------------
[SW1]vlan 10
[SW1-vlan10]vlan 20
2、 开中继口
----------------二层交换机--------SW2--------------
[Huawei-Ethernet0/0/2]int g0/0/1
[Huawei-GigabitEthernet0/0/1]port link-type trunk
[Huawei-GigabitEthernet0/0/1]port trunk allow-pass vlan 10 20
-------------------SW4---------------------------
[Huawei-Ethernet0/0/2]int g0/0/2
[Huawei-GigabitEthernet0/0/2]port link-type trun
[Huawei-GigabitEthernet0/0/2]port trunk allow-pass
vlan 10 20
---------------三层交换机--------SW1---------------
[Huawei-vlan20]int g0/0/1
[Huawei-GigabitEthernet0/0/1]port link-type trunk
[Huawei-GigabitEthernet0/0/1]port trunk allow-pass vlan 10 20
[Huawei-GigabitEthernet0/0/1]int g0/0/2
[Huawei-GigabitEthernet0/0/2]port link-type trunk
[Huawei-GigabitEthernet0/0/2]port trunk allow-pass vlan 10 20
用查看命令查看当前配置display ip interface brief
3、DHCP、vlan间路由
[SW1]dhcp enable
[SW1]int vlan 10
[SW1-Vlanif10]ip add 192.168.10.1 24
[SW1-Vlanif10]dhcp select interface
[SW1-Vlanif10]dhcp server dns-list 8.8.8.8
[SW1]int vlan 20
[SW1-Vlanif20] ip add 192.168.20.1 24
[SW1-Vlanif20]dhcp select interface
[SW1-Vlanif20]dhcp server dns-list 9.9.9.9
4、dhcp获得地址
PC1用ping命令检测
5、华为三层交换机没有三层接口,为了使三层交换机与上行口路由互通,必须在交换机上加一个他们同属的vlan
[SW1]vlan 100
[SW1-Vlanif100]int g0/0/24
[SW1-GigabitEthernet0/0/24]port link-type access
[SW1-GigabitEthernet0/0/24]port default vlan 100
[SW1]int vlan 100
[SW1-Vlanif100]ip add 192.168.1.1 24
[SW1-Vlanif100]undo shut
Display ip interface brief
6、路由配置IP地址
---------------------------------------------AR1---------------------------------------------
[AR1]int g0/0/0
[AR1-GigabitEthernet0/0/0]ip add 192.168.1.2 24
[AR1-GigabitEthernet0/0/0]undo shut
[AR1-GigabitEthernet0/0/0]int g0/0/1
[AR1-GigabitEthernet0/0/1]ip add 202.106.1.1 30
[AR1-GigabitEthernet0/0/1]undo shut
--------------------AR2--------------------------
[AR2]int g0/0/1
[AR2-GigabitEthernet0/0/1]ip add 202.106.1.2 30
[AR2-GigabitEthernet0/0/1]undo shut
7、为了实现业务网段上网,必须在出口路由器上做PAT
[AR1]acl 2000
[AR1-acl-basic-2000]rule 5 permit source 192.168.10.0 0.0.0.255
[AR1-acl-basic-2000]rule 10 permit source 192.168.20.0 0.0.0.255
[AR1-acl-basic-2000]int g0/0/1
[AR1-GigabitEthernet0/0/1]nat outbound 2000
8、由于AR1不知道向192.168.10.0、192.168.20.0网段怎么回包,所以在此处向下加静态
[AR1]ip route-static 192.168.10.0 255.255.255.0 192.168.1.1
[AR1]ip route-static 192.168.20.0 255.255.255.0 192.168.1.1
9、由于SW1对外上网不知道怎么传输数据,所以在此处加默认路由
[SW1]ip route-static 0.0.0.0 0.0.0.0 192.168.1.2
用ping命令检测全网是否互通
End