1、拓扑设计 —— 网络需求 IP地址规划
172.16.0.0/16
172.16.0.0/24 骨干 172.16.0.0/30 172.16.0.4/30
172.16.1.0/24 vlan1 172.16.1.0/25 172.16.1.128/25
2、实施
1)拓扑搭建
2)配置
【1】交换部分的拓扑配置
【2】IP地址
【3】路由
【4】策略 —— 优化、规则、安全
【5】测试
【6】
3、维护
4、升级
OSPF建邻后会向所有的SVI发送hello包更新,有多少个svi接口就会发多少个hello包
因此可以使用沉默接口,不发送hello包
ospf 1
slient-interface all
可以先全部关闭 再开启部分svi接口
undo silent-interface vlan 100
STP生成树部分
display stp brief
华为设备默认使用MSTP生成树,一棵树
将组1的优先级下降两个4096
在组2的优先级下降一个4096
将连接电脑的接口调整为生成树的边缘接口,连接用户,这样可以响应速度更快,连电脑接口只需要一次bpdu收发就行
当主需要优先级挑高
上行链路追踪,当上行链路断了会自动切换另一条链路
eth-trunk vlan-创建vlan 划入vlan trunk干道 SVI STP VRRP DHCP
eth-trunk 创建vlan 划入vlan trunk干道 STP SVI VRRP DHCP
1、创建eth-trunk绑定接口
SW3/SW4按此配置
[SW3]int Eth-Trunk 1
[SW3-Eth-Trunk1]q
[SW3]int g0/0/01
[SW3-GigabitEthernet0/0/1]eth-trunk 1
[SW3]int g0/0/2
[SW3-GigabitEthernet0/0/2]eth-trunk 1
2、创建vlan
在SW1.SW2.SW3.SW4上都创建vlan2
[SW3]vlan 2
3、在SW1/SW2连接PC处的接口化为vlan2
[SW2]int e0/0/3
[SW2-Ethernet0/0/3]port link-type access
[SW2-Ethernet0/0/3]port default vlan 1
[SW2-Ethernet0/0/3]int e0/0/04
[SW2-Ethernet0/0/4]port link- access
[SW2-Ethernet0/0/4]port default vlan 2
4、划分trunk干道
SW3/SW4都可以按此方法划分trunk
[SW3]port-group group-member Eth-Trunk 1 GigabitEthernet 0/0/3 to g0/0/04
[SW3-port-group]port link-type trunk
[SW3-GigabitEthernet0/0/3]port trunk allow-pass vlan 2
SW1/SW2划入trunk
[SW1]port-group group-member Ethernet 0/0/1 to Ethernet 0/0/02
[SW1-port-group]port link-type trunk
[SW1-port-group]port trunk allow-pass vlan 2
5、配置STP生成树
因为华为设备中默认是MSTP;
SW1/SW2/SW3/SW4均按照此配置进行配置
[SW4]stp re
[SW4]stp region-configuration
[SW4-mst-region]region-name a
[SW4-mst-region]instance 1 vlan 1
[SW4-mst-region]instance 2 vlan 2
[SW4-mst-region]active region-configuration
将交换机连接电脑的接口调整为生成树的边缘接口,连接用户,这样可以响应速度更快,连电脑接口只需要一次bpdu收发就行
在SW1/SW2上进行配置
[SW2]port-group group-member Ethernet 0/0/03 to Ethernet 0/0/4
[SW2-port-group]stp edged-port enable
[SW2-Ethernet0/0/3]stp edged-port enable
[SW2-Ethernet0/0/4]stp edged-port enable
6、配置SVI和VRRP
SW3 SW4的配置
[SW3]interface Vlanif 1
[SW3-Vlanif1]ip address 172.16.1.1 25
[SW3-Vlanif1]int vl2
[SW3-Vlanif2]ip address 172.16.1.129 25
SW4的配置
[SW4]int Vlanif 1
[SW4-Vlanif1]ip address 172.16.1.2 25
[SW4]int Vlanif 2
[SW4-Vlanif2]ip address 172.16.1.130 25
配置VRRP
SW3的VRRP配置
[SW3]int Vlanif 1
[SW3-Vlanif1]vrrp vrid 1 virtual-ip 172.16.1.126
[SW3-Vlanif1]vrrp vrid 1 priority 105 //挑高优先级为主master
[SW3-Vlanif1]vrrp vrid 1 track interface GigabitEthernet 0/0/10 reduced 10 //上行链路追踪
[SW3]int Vlanif 2
[SW3-Vlanif2]vrrp vrid 1 virtual-ip 172.16.1.254
可以判断vlan1为虚拟网关主网关,vlan2为备份网关
SW4的VRRP配置
[SW4]int Vlanif 1
[SW4-Vlanif1]vrrp vrid 1 virtual-ip 172.16.1.126
[SW4]int Vlanif 2
[SW4-Vlanif2]vrrp vrid 1 virtual-ip 172.16.1.254
[SW4-Vlanif2]vrrp vrid 1 priority 105
[SW4-Vlanif2]vrrp vrid 1 track interface GigabitEthernet 0/0/10 reduced 10
查看vrrp的信息,vlan1为主备份网关,vlan2为备份网关;
7、配置DHCP,下放地址
SW3开启dhcp服务
[SW3]dhcp enable
[SW3]ip pool 1
[SW3-ip-pool-1]network 172.16.1.0 mask 25
[SW3-ip-pool-1]gateway-list 172.16.1.126
[SW3-ip-pool-1]dns-list 8.8.8.8
[SW3]ip pool 2
[SW3-ip-pool-2]network 172.16.1.128 mask 25
[SW3-ip-pool-2]gateway-list 172.16.1.254
[SW3-ip-pool-2]dns-list 8.8.8.8
[SW3]int Vlanif 1
[SW3-Vlanif1]dhcp select global
[SW3-Vlanif1]int vl2
[SW3-Vlanif2]dhcp select global
SW4配置DHCP服务
[SW4]dhcp enable
[SW4-ip-pool-1]network 172.16.1.0 mask 25
[SW4-ip-pool-1]gateway-list 172.16.1.126
[SW4-ip-pool-1]dns-list 8.8.8.8
[SW4]ip pool 2
[SW4-ip-pool-2]network 172.16.1.128 mask 25
[SW4-ip-pool-2]gateway-list 172.16.1.254
[SW4-ip-pool-2]dns-list 8.8.8.8
[SW4]int Vlanif 1
[SW4-Vlanif1]dhcp select global
[SW4-Vlanif1]int vl2
[SW4-Vlanif2]dhcp select global
PC1/2可以自动获取IP地址
8、配置OSPF
SW3
[SW3]ospf 1 router-id 1.1.1.1
[SW3-ospf-1-area-0.0.0.0]network 172.16.0.0 0.0.255.255
SW4
[SW4]ospf 1 router-id 2.2.2.2
[SW4-ospf-1]area 0
[SW4-ospf-1-area-0.0.0.0]network 172.16.0.0 0.0.255.255
R1
[R1]ospf 1 router-id 11.11.11.11
[R1-ospf-1]area 0
[R1-ospf-1-area-0.0.0.0]network 172.16.0.0 0.0.255.255
在R1上配置一条缺省路由,并在OSPF域内重发布
[R1]ip route-static 0.0.0.0 0.0.0.0 12.1.1.2
[R1]ospf 1
[R1-ospf-1]default-route-advertise
9、配置NAT地址转换,使内网地址访问公网可以通过NAT转换
[R1]acl 2000
[R1-acl-basic-2000]rule permit source 172.16.0.0 0.0.255.255
[R1]int g0/0/0
[R1-GigabitEthernet0/0/0]nat outbound 2000