HCIP(11)简单的三层架构
1.题目
1.内网IP地址172.16.0.0/16
2.SW1/2之间互为备份
3.VRRP/STP/VLAN/TRUNK均使用
4.所有pc通过DHCP获取IP地址
5.所有pc能通外网
6.随机关闭汇聚层的设备,网络正常通信
二、配置
通过读题,这次实验需要的协议有 STP-MSTP VRRP ETH-trunk VLAN TRUNK干道 SVI DHCP 大部分三层架构的配置思路可以从以下顺序来配置 eth-trunk trunk干道 VLAN STP VRRP DHCP开始正式配置
1.网络拓扑图
2.IP 配置
| 设备 | IP |
|---|---|
| R2 | LoopBack0 1.1.1.1/24 |
| G0/0/0 12.1.1.2/24 | |
| R1 | G0/0/0 172.16.0.2/30 |
| G0/0/1 12.1.1.1/24 | |
| G0/0/2 172.16.0.6/30 | |
| SW1 | SVI 1 172.16.1.1/25 |
| SVI 2 172.16.1.129/25 | |
| VRRP 172.16.126 | |
| SVI 100 172.16.0.1/30 | |
| SW2 | SVI 1 172.16.1.2/25 |
| SVI 2 172.16.1.130/25 | |
| VRRP 172.16.1.254 | |
| SVI 100 172.16.0.5/30 |
3.先配置eth-trunk
SW1
interface Eth-Trunk 0
int g0/0/23
eth-trunk 0
int g0/0/24
eth-trunk 0
SW2
interface Eth-Trunk 0
int g0/0/23
eth-trunk 0
int g0/0/24
eth-trunk 0
4.配置trunk干道
SW1
port-group group-member GigabitEthernet 0/0/2 to GigabitEthernet 0/0/3 Eth-Trunk 0
port link-type trunk
port trunk allow-pass vlan 2
SW2
port-group group-member GigabitEthernet 0/0/2 to GigabitEthernet 0/0/3 Eth-Trunk 0
port link-type trunk
port trunk allow-pass vlan 2
SW3
port-group group-member GigabitEthernet 0/0/1 to GigabitEthernet 0/0/2
port link-type trunk
port trunk allow-pass vlan 2
SW4
port-group group-member GigabitEthernet 0/0/1 to GigabitEthernet 0/0/2
port link-type trunk
port trunk allow-pass vlan 2
5、VLAN配置(vlan的创建和划分)
SW1
vlan 2
q
SW2
vlan 2
q
SW3
vlan 2
q
int e0/0/2
port link-type access
port default vlan 2
SW4
vlan 2
q
int e0/0/2
port link-type access
port default vlan 2
6.配置STP
SW1
stp mode mstp
stp enable
stp region-configuration
region-name bai
instance 1 vlan 1
instance 2 vlan 2
active region-configuration #激活当前配置
SW2
stp mode mstp
stp enable
stp region-configuration
region-name bai
instance 1 vlan 1
instance 2 vlan 2
active region-configuration #激活当前配置
SW3
stp mode mstp
stp enable
stp region-configuration
region-name bai
instance 1 vlan 1
instance 2 vlan 2
active region-configuration #激活当前配置
SW4
stp mode mstp
stp enable
stp region-configuration
region-name bai
instance 1 vlan 1
instance 2 vlan 2
active region-configuration #激活当前配置
查看当前根网桥在哪个位置
由图可知,vlan1 和vlan 2的根网桥在SW3上,所以需要更换根网桥(在三层架构中,接入层不能为根网桥)
修改VLAN 1 的根网桥为SW1
SW1
stp instance 1 root primary
stp instance 2 root secondary #组1的主根,组2的备份
SW2
stp instance 1 root secondary
stp instance 2 root primary #组2的主根,组1的备份
查看是否修改成功
由图可以得出修改成功
调整边缘接口,这样使得连接电脑的端口效率更高(端口加速)
SW3
port-group group-member e0/0/1 to Ethernet 0/0/2
stp edged-port enable
SW4
port-group group-member e0/0/1 to Ethernet 0/0/2
stp edged-port enable
7.配置SVI和VRRP
SW1
int Vlanif 1
ip add 172.16.1.1 25
int vlan 2
ip add 172.16.1.129 25
q
int Vlanif 1
vrrp vrid 1 virtual-ip 172.16.1.126 #创建虚拟IP 172.16.1.126
vrrp vrid 1 priority 120 #调整优先级为120
vrrp vrid 1 track interface GigabitEthernet 0/0/1 reduced 30
#上行链路追踪,上链路出现问题,优先级下调30
int Vlanif 2
vrrp vrid 1 virtual-ip 172.16.1.254 #作为vlan2 的备份
SW2
int Vlanif 1
ip add 172.16.1.2 25
int vlan 2
ip add 172.16.1.130 25
q
int Vlanif 1
vrrp vrid 1 virtual-ip 172.16.1.126
int Vlanif 2
vrrp vrid 1 virtual-ip 172.16.1.254
vrrp vrid 1 priority 120
vrrp vrid 1 track interface GigabitEthernet 0/0/1 reduced 30
查看vrrp的状态
可以看出当前sw1为vlan1 的master(主),为vlan2的backup(备份)
8.配置DHCP
把两个三层交换机作为DHCP 服务器
SW1
dhcp enable
ip pool g1
network 172.16.1.0 mask 25
gateway-list 172.16.1.126
dns-list 8.8.8.8
q
ip pool g2
network 172.16.1.128 mask 25
gateway-list 172.16.1.254
dns-list 8.8.8.8
q
int Vlanif 1
dhcp select global
int vlan 2
dhcp select global
SW2 (在SW2上备份池塘)
dhcp enable
ip pool g1
network 172.16.1.0 mask 25
gateway-list 172.16.1.126
dns-list 8.8.8.8
q
ip pool g2
network 172.16.1.128 mask 25
gateway-list 172.16.1.254
dns-list 8.8.8.8
q
int Vlanif 1
dhcp select global
int vlan 2
dhcp select global
把PC 的IP获取方式调节为DHCP
查看IP是否获得成功
9.所有pc能通外网
接下来配置路由IP
先配置IP
因为华为模拟器的一些小问题,三层交换机无法配置IP,所以这里使用的是SVI。
SW1
vlan 100
q
int vlan 100
ip address 172.16.0.1 30
int g0/0/1
port link-type access
port default vlan 100
SW2
vlan 100
q
int vlan 100
ip add 172.16.0.5 30
int g0/0/1
port link-type access
port default vlan 100
R1
int g0/0/0
ip add 172.16.0.2 30
int g0/0/2
ip add 172.16.0.6 30
int g0/0/1
ip add 12.1.1.1 24
R2
int l0
ip add 1.1.1.1 24
int g0/0/0
ip add 12.1.1.2 24
配置完IP之后,接下来开启路由协议
有两种方案
方案一:使用静态缺省
由R1指向R2
SW1和SW2指向R1
方案二:使用动态协议(本实验使用的为OSPF)
R1
ospf 1 router-id 1.1.1.1
a 0
network 172.16.0.0 0.0.0.255
q
SW1
ospf 1 router-id 1.1.1.2
a 0
network 172.16.0.1 0.0.0.0
q
area 1
network 172.16.1.1 0.0.0.0
network 172.16.1.129 0.0.0.0
abr-summary 172.16.1.0 255.255.255.0
SW2
ospf 1 router-id 2.2.2.2
a 0
network 172.16.0.5 0.0.0.0
q
area 1
network 172.16.1.2 0.0.0.0
network 172.16.1.130 0.0.0.0
abr-summary 172.16.1.0 255.255.255.0
因为三层交换机的ospf的定期hello包发送,会使得整个网络充满洪泛流量
所以把部分端口调整为静默接口
SW1
ospf 1
silent-interface all
#因端口过多,所有沉默所有端口,把需要发送流量的端口打开
undo silent-interface GigabitEthernet 0/0/1
undo silent-interface Eth-Trunk 0
undo silent-interface Vlanif 1
undo silent-interface Vlanif 100
SW2
ospf 1
silent-interface all
undo silent-interface GigabitEthernet 0/0/1
undo silent-interface Eth-Trunk 0
undo silent-interface Vlanif 1
undo silent-interface Vlanif 100
R1
与外网通信,需要NAT服务,和缺省
ip route-static 0.0.0.0 0 12.1.1.2
ospf 1
default-route-advertise
q
acl 2000
rule permit source 172.16.0.0 0.0.255.255
q
int g0/0/1
nat outbound 2000
测试网络
网络成功
10.随机关闭汇聚层的设备,网络正常通信
关闭SW1进行测试
pc1正常上网
关闭SW2进行测试
测试成功