企业网三层架构实验

一、实验拓扑

 

 

二、实验要求

1、内网IP地址172.16.0.0/16合理分配；

2、SW1/2之间互为备份；

3、VRRP/STP/VLAN/TRUNK均使用；

4、所有PC通过DHCP获取IP地址；

三、实验思路

1、配置ISP的IP地址；

2、配置R1的IP地址，静态路由，nat配置；

3、SW1/2/3/4的接口类型配置；

4、SW1/2的生成树的配置，生成树优化，IP地址配置；

5、SW3/4的边缘接口配置；

6、开启SW1/2的DHCP服务，配置DHCP地址池；

7、配置SW1/2的缺省路由，实现全网可达；

8、测试；

四、实验配置

ISP配置：

//基础配置
sys
Enter system view, return user view with Ctrl+Z.
[Huawei]sys ISP
[ISP]int l0
[ISP-LoopBack0]ip add 1.1.1.1 24
[ISP-LoopBack0]int g0/0/0
[ISP-GigabitEthernet0/0/0]ip add 12.1.1.2 24

R1配置：

sys
sys R1
int g0/0/2
ip add 12.1.1.1 24
int g0/0/0
ip add 172.16.0.1 30
int g0/0/1
ip add 172.16.0.5 30
qu
rip 1
ver 2
network 172.16.0.0
qu
ip route-static 0.0.0.0 0 12.1.1.2
acl 2000
rule permit source 172.16.0.0 0.0.0.255
int g0/0/2
nat outbound 2000

SW1配置

sys
sys SW1
vlan batch 2 100
int Eth-Trunk 0
q
int e0/0/1
eth-trunk 0
int e0/0/2
eth-trunk 0
port-group group-member Ethernet 0/0/3 Ethernet 0/0/4 Eth-Trunk 0
port link-type trunk
port trunk allow-pass vlan all
qu
stp mode mstp
stp enable
stp region-configuration
region-name a 
instance 1 vlan 1
instance 2 vlan 2
active region-configuration
qu
stp instance 1 root primary
stp instance 2 root secondary
interface vlan 1    //配置svi时，顺便把虚拟IP地址配了，使客户端在更换网关设备后，不变更网关，以然可以上网
ip add 172.16.0.129 26
vrrp vrid 1 virtual-ip 172.16.0.190
vrrp vrid 1 priority 120
vrrp vrid 1 track interface GigabitEthernet 0/0/1 reduced 30
interface vlan 2
ip add 172.16.0.193 26
vrrp vrid 1 virtual-ip 172.16.0.254
qu
int vlan 100
ip address 172.16.0.2 255.255.255.252
int g0/0/1
port link-type access
port default vlan 100
qu
rip 1
version 2
network 172.16.0.0
qu
ip route-static 0.0.0.0 0 172.16.0.1
dhcp enable
ip pool v1
network 172.16.0.128 mask 26
gateway-list 172.16.0.190
dns-list 8.8.8.8 
qu
ip pool v2
network 172.16.0.192 mask 26
gateway-list 172.16.0.254
dns-list 8.8.8.8
qu
int vlan 1
dhcp select global
int vlan 2
dhcp select global

SW2配置：

sys
sys SW2
vlan batch 2 100
int e0/0/1
eth-trunk 0
int e0/0/2
eth-trunk 0
port-group group-member Ethernet 0/0/3 Ethernet 0/0/4 Eth-Trunk 0
port link-type trunk
port trunk allow-pass vlan all
qu
stp mode mstp
stp enable
stp region-configuration
region-name a 
instance 1 vlan 1
instance 2 vlan 2
active region-configuration 
qu
stp instance 1 root secondary
stp instance 2 root primary
interface vlan 1    //配置svi时，顺便把虚拟IP地址配了，使客户端在更换网关设备后，不变更网关，以然可以上网
ip add 172.16.0.130 26
vrrp vrid 1 virtual-ip 172.16.0.190
interface vlan 2
ip add 172.16.0.194 26
vrrp vrid 1 virtual-ip 172.16.0.254
vrrp vrid 1 priority 120
vrrp vrid 1 track interface GigabitEthernet 0/0/1 reduced 30
qu
int vlan 100
ip address 172.16.0.6 255.255.255.252
interface GigabitEthernet0/0/1
port link-type access
port default vlan 100
qu
rip 1
version 2
network 172.16.0.0
qu
ip route-static 0.0.0.0 0 172.16.0.5
dhcp enable
ip pool v1
network 172.16.0.128 mask 26
gateway-list 172.16.0.190
dns-list 8.8.8.8 
qu
ip pool v2
network 172.16.0.192 mask 26
gateway-list 172.16.0.254
dns-list 8.8.8.8
qu
int vlan 1
dhcp select global
int vlan 2
dhcp select global

SW3配置：

sys
sys SW3
vlan 2
qu
interface e0/0/2
port link-type access
port default vlan 2
port-group group-member Ethernet 0/0/3 Ethernet 0/0/4
port link-type trunk
port trunk allow-pass vlan all
qu
port-group group-member Ethernet 0/0/1 to Ethernet 0/0/2
stp edged-port enable
qu

SW4配置：

sys
sys SW4
vlan 2
qu
interface e0/0/2
port link-type access
port default vlan 2
port-group group-member Ethernet 0/0/3 Ethernet 0/0/4
port link-type trunk
port trunk allow-pass vlan all
qu
port-group group-member Ethernet 0/0/1 to Ethernet 0/0/2
stp edged-port enable
qu

五、测试

 

 

 

 PC1pingISP的环回地址：

PC2pingISP的环回地址：

PC1pingPC4：

 切换VLAN1的根网桥：