HCIP 交换综合实验--企业三层架构

题目

1、内网IP地址使用172.16.0.0/26分配
2、SW1和SW2之间互为备份
3、VRRP/STP/VLAN/Eth-trunk均使用
4、所有PC均通过DHCP获取IP地址
5、ISP只能配置IP地址
6、所有电脑可以正常访问ISP路由器环回 

实验步骤

第一步、规划IP地址

R1-R2：100.1.1.0/24

R2-LSW1：172.16.0.0/30

R2-LSW2：172.16.0.4/30

VLAN 2：172.16.2.0/24

VLAN 3：172.16.3.0/24

第二步、核心层

配置路由器的IP地址

R1（ISP）

system-view 
[Huawei]sysname ISP
[ISP]int g0/0/0 
[ISP-GigabitEthernet0/0/0]ip address 100.1.1.2 24
[ISP-GigabitEthernet0/0/0]int lo0
[ISP-LoopBack0]ip address 100.1.2.1 24

R2

system-view 
[Huawei]sysname R2
[R2]int g0/0/0
[R2-GigabitEthernet0/0/0]ip address 100.1.1.1 24
[R2-GigabitEthernet0/0/0]int g0/0/1
[R2-GigabitEthernet0/0/1]ip address 172.16.0.1 30
[R2-GigabitEthernet0/0/1]int g0/0/2
[R2-GigabitEthernet0/0/2]ip address 172.16.0.5 30

配置VLANIF的IP地址

LSW1

[LSW1]int Vlanif 1
[LSW1-Vlanif1]ip address 172.16.0.2 30

LSW2

[LSW2]int Vlanif 1
[LSW2-Vlanif1]ip address 172.16.0.5 30

配置OSPF 

R1

[R2]ospf 1 router-id 3.3.3.3
[R2-ospf-1]area 0
[R2-ospf-1-area-0.0.0.0]network 172.16.0.0 0.0.255.255

LSW1

[LSW1]ospf 1 router-id 1.1.1.1 
[LSW1-ospf-1]area 0 
[LSW1-ospf-1-area-0.0.0.0]network 172.16.0.0 0.0.255.255

LSW2

[LSW2]ospf 1 router-id 2.2.2.2
[LSW2-ospf-1]area 0
[LSW2-ospf-1-area-0.0.0.0]network 172.16.0.0 0.0.255.255

配置静态路由、NAT、边界路由器上配置一个下发缺省

让私网能够访问公网，在边界路由器上配置缺省指向公网和做NAT，并向内部网络下发一条缺省。

[R2]ip route-static 0.0.0.0 0 100.1.1.2 
[R2]acl 2000
[R2-acl-basic-2000]rule 1 permit source any 
[R2-acl-basic-2000]q
[R2]int g0/0/0
[R2-GigabitEthernet0/0/0]nat outbound 2000
[R2]ospf 1
[R2-ospf-1]default-route-advertise always 

第三步、汇聚层

配置LSW1-LSW2之间的Eth-trunk链路

LSW1

[LSW1]int Eth-Trunk 1
[LSW1-Eth-Trunk1]trunkport GigabitEthernet 0/0/1 
[LSW1-Eth-Trunk1]trunkport GigabitEthernet 0/0/2
[LSW1-Eth-Trunk1]port trunk allow-pass vlan all
[LSW1-Eth-Trunk1]q

LSW2

[LSW2]int Eth-Trunk 1
[LSW2-Eth-Trunk1]trunkport GigabitEthernet 0/0/1
[LSW2-Eth-Trunk1]trunkport GigabitEthernet 0/0/2
[LSW2-Eth-Trunk1]port trunk allow-pass vlan all 
[LSW2-Eth-Trunk1]q

配置Trunk

LSW1

[LSW1]int g0/0/3
[LSW1-GigabitEthernet0/0/3]port link-type trunk 
[LSW1-GigabitEthernet0/0/3]port trunk allow-pass vlan all 
[LSW1-GigabitEthernet0/0/3]int g0/0/4
[LSW1-GigabitEthernet0/0/4]port link-type trunk 
[LSW1-GigabitEthernet0/0/4]port trunk allow-pass vlan all 

 LSW2

[LSW2]int g0/0/3
[LSW2-GigabitEthernet0/0/3]port link-type trunk  
[LSW2-GigabitEthernet0/0/3]port trunk allow-pass vlan all 
[LSW2-GigabitEthernet0/0/3]int g0/0/4
[LSW2-GigabitEthernet0/0/4]port link-type trunk 
[LSW2-GigabitEthernet0/0/4]port trunk allow-pass vlan all 

启动MSTP

vlan 2 放实例2 中，vlan 3 放实例3中

LSW1

[LSW1]stp mode mstp 
[LSW1]stp enable               
[LSW1]vlan batch 2 3
[LSW1]stp region-configuration
[LSW1-mst-region]region-name 11
[LSW1-mst-region]instance 2 vlan 2
[LSW1-mst-region]instance 3 vlan 3
[LSW1-mst-region]active region-configuration 

LSW2

[LSW2]stp mode mstp 
[LSW2]stp enable 
[LSW2]stp region-configuration 
[LSW2-mst-region]region-name 11
[LSW2-mst-region]instance 2 vlan 2
[LSW2-mst-region]instance 3 vlan 3
[LSW2-mst-region]active region-configuration 

LSW3

[LSW3]stp mode mstp 
[LSW3]stp enable 
[LSW3]stp region-configuration 
[LSW3-mst-region]region-name 11
[LSW3-mst-region]instance 2 vlan 2 
[LSW3-mst-region]instance 3 vlan 3
[LSW3-mst-region]active region-configuration 

LSW4

[LSW4]stp mode mstp 
[LSW4]stp enable 
[LSW4]stp region-configuration 
[LSW4-mst-region]region-name 11
[LSW4-mst-region]instance 2 vlan 2
[LSW4-mst-region]instance 3 vlan 3
[LSW4-mst-region]active region-configuration 

指定LSW1为instance 2的主，为instance 3的备份

[LSW1]stp instance 2 root primary 
[LSW1]stp instance 3 root secondary 

指定LSW2为instance 3的主，为instance 2的备份

[LSW2]stp instance 2 root secondary 
[LSW2]stp instance 3 root primary 

进行查看生成树

 在LSW2 上查看你instance 2 ，可以看出是以自己为根

在LSW2 上查看你instance 3 ，可以看出是以自己为根

 在去LSW 3上看instance 2的阻塞的是连接LSW2的链路接口g0/0/4。

 在去LSW 4上看instance 3的阻塞的是连接LSW1的链路接口g0/0/4。

配置VLANIF的IP地址

LSW1

[LSW1]int Vlanif 2
[LSW1-Vlanif2]ip address 172.16.2.1 24
[LSW1-Vlanif2]q
[LSW1]int Vlanif 3
[LSW1-Vlanif3]ip address 172.16.3.1 24

LSW2

[LSW2]int Vlanif 2
[LSW2-Vlanif2]ip address 172.16.2.2 24
[LSW2-Vlanif2]q     
[LSW2]int Vlanif 3
[LSW2-Vlanif3]ip address 172.16.3.2 24

配置VRRP

LSW1

[LSW1]int Vlanif 2
[LSW1-Vlanif2]vrrp vrid 1 virtual-ip 172.16.2.254
[LSW1-Vlanif2]vrrp vrid 1 priority 200
[LSW1-Vlanif2]vrrp vrid 1 track interface Vlanif 1 reduced 150
[LSW1-Vlanif2]q
[LSW1]int Vlanif 3 
[LSW1-Vlanif3]vrrp vrid 2 virtual-ip 172.16.3.254
[LSW1-Vlanif3]vrrp vrid 2 priority 100

LSW2

[LSW2]int Vlanif 2
[LSW2-Vlanif2]vrrp vrid 1 virtual-ip 172.16.2.254
[LSW2-Vlanif2]vrrp vrid 1 priority 100
[LSW2]int Vlanif 3
[LSW2-Vlanif3]vrrp vrid 2 virtual-ip 172.16.3.254
[LSW2-Vlanif3]vrrp vrid 2 priority 200
[LSW2-Vlanif3]vrrp vrid 2 track interface Vlanif 1 reduced 150

配置DHCP

LSW1

[LSW1]ip pool aa           
Info:It's successful to create an IP address pool.
[LSW1-ip-pool-aa]network 172.16.2.0 mask 24
[LSW1-ip-pool-aa]gateway-list 172.16.2.254                      
[LSW1-ip-pool-aa]dns-list 8.8.8.8
[LSW1-ip-pool-aa]q
[LSW1]ip pool bb 
Info:It's successful to create an IP address pool.
[LSW1-ip-pool-bb]network 172.16.3.0 mask 24
[LSW1-ip-pool-bb]gateway-list 172.16.3.254 
[LSW1-ip-pool-bb]dns-list 8.8.8.8
[LSW1-ip-pool-bb]q
[LSW1]dhcp enable 
[LSW1]int Vlanif 2
[LSW1-Vlanif2]dhcp select global 
[LSW1-Vlanif2]q
[LSW1]int Vlanif 3
[LSW1-Vlanif3]dhcp select global 

LSW2

[LSW2]ip pool aa                                
Info:It's successful to create an IP address pool.
[LSW2-ip-pool-aa] gateway-list 172.16.2.254                
[LSW2-ip-pool-aa] network 172.16.2.0 mask 24    
[LSW2-ip-pool-aa] dns-list 8.8.8.8
[LSW2-ip-pool-aa]q                                     
[LSW2]ip pool bb                                
Info:It's successful to create an IP address pool.
[LSW2-ip-pool-bb] gateway-list 172.16.3.254                
[LSW2-ip-pool-bb] network 172.16.3.0 mask 24  
[LSW2-ip-pool-bb] dns-list 8.8.8.8
[LSW2-ip-pool-bb] dhcp enable
[LSW2]int Vlanif 2
[LSW2-Vlanif2]dhcp select global 
[LSW2-Vlanif2]q 
[LSW2]int Vlanif 3
[LSW2-Vlanif3]dhcp select global 
[LSW2-Vlanif3]q                

查看PC机自动获取到的IP地址 

  

第四步、接入层

VLAN划分

LSW5

system-view 
[Huawei]sysname LSW3
[LSW3]vlan batch 2 3
Info: This operation may take a few seconds. Please wait for a moment...done.
[LSW3]int g0/0/1
[LSW3-GigabitEthernet0/0/1]port link-type access 
[LSW3-GigabitEthernet0/0/1]port default vlan 2
[LSW3-GigabitEthernet0/0/1]int g0/0/2
[LSW3-GigabitEthernet0/0/2]port link-type access 
[LSW3-GigabitEthernet0/0/2]port default vlan 3
[LSW3-GigabitEthernet0/0/2]int g0/0/3
[LSW3-GigabitEthernet0/0/3]port link-type trunk 
[LSW3-GigabitEthernet0/0/3]port trunk allow-pass vlan all 
[LSW3-GigabitEthernet0/0/3]int g0/0/4
[LSW3-GigabitEthernet0/0/4]port link-type trunk   
[LSW3-GigabitEthernet0/0/4]port trunk allow-pass vlan all 

LSW4

system-view 
[Huawei]sysname LSW4
[LSW4]vlan batch 2 3
Info: This operation may take a few seconds. Please wait for a moment...done.
[LSW4]int g0/0/1
[LSW4-GigabitEthernet0/0/1]port link-type access 
[LSW4-GigabitEthernet0/0/1]port default vlan 2
[LSW4-GigabitEthernet0/0/1]int g0/0/2   
[LSW4-GigabitEthernet0/0/2]port link-type access 
[LSW4-GigabitEthernet0/0/2]port default vlan 3
[LSW4-GigabitEthernet0/0/2]int g0/0/3
[LSW4-GigabitEthernet0/0/3]port link-type trunk 
[LSW4-GigabitEthernet0/0/3]port trunk allow-pass vlan all 
[LSW4-GigabitEthernet0/0/3]int g0/0/4
[LSW4-GigabitEthernet0/0/4]port link-type trunk 
[LSW4-GigabitEthernet0/0/4]port trunk allow-pass vlan all 

第五步、测试 

PC1访问全网

PC4访问全网

 

先在PC2上查看访问100.1.2.1路由追踪，它是走的LSW2，然后到达的目的，就满足当链路正常的时候VLAN3 的路由走LSW2设备。

当我们断开链路或故障，依然可以到达100.1.2.1，就启用了备份路径LSW1设备。

 

先在PC3上查看访问100.1.2.1路由追踪，它是走的LSW1，然后到达的目的。就满足当链路正常的时候VLAN2 的路由走LSW1设备。

当我们断开链路或故障，依然可以到达100.1.2.1，就启用了备份路径LSW2设备。