如图所示,使用Dynamips搭建网络环境,交换机间均为Trunk链路,SW1、SW2、SW3的管理IP分别为10.10.1.201/26、10.10.1.202/26、10.10.1.203/26。
|
2、配置要求:
|
|
在SW1、SW2、SW3上添加VLAN 10、VLAN 20,IP地址段分别为10.10.10.0/24和10.10.20.0/24。
|
|
配置SW1为VLAN 10的根网桥,SW2为VLAN 20的根网桥,实现链路的负载分担。
|
|
在SW1、SW2、R1和R2上配置OSPF路由协议,实现网络互通,Router-id使用管理IP和Loopback地址。配置Area 1为完全末梢区域,Area 100为NSSA区域,将R2的直连网段10.20.1.1重分发到OSPF区域。
|
|
为R1添加用户名benet,密码cisco,要求只有SW3可以登录。
|
|
验证SW3可以ping通R2的Loopback0地址,验证SW3可以远程登录到R1。
|
|
在SW1和SW2上配置HSRP,SW1是VLAN 1的活跃路由器,SW2是VLAN 1的备份路由器,虚拟IP为10.10.1.254,配置占先权和端口跟踪。
|
|
在SW3上配置:
sw3>en
sw3#conf t
sw3(config)#inter vlan 1 在配置SW3的管理ip地址
sw3(config-if)#ip address 10.10.1.203 255.255.255.192
sw3(config-if)#no shut
sw3(config)#inter range fastEthernet 1/0 -1 给2个接口做成Trunk链路
sw3(config-if-range)#switchport mode trunk
sw3(config-if-range)#ex
sw3(config)#no cdp run
sw3(config)#ex
在SW1上配置
sw1>en
sw1#conf t
sw1(config)#inter vlan 1 配置管理ip地址
sw1(config-if)#ip address 10.10.1.201 255.255.255.192
sw1(config-if)#no shut
sw1(config-if)#ex
sw1(config)#vlan 10
sw1(config-vlan)#vlan 20
sw1(config-vlan)#inter vlan 10 给vlan成员设置 网关ip
sw1(config-if)#ip address 10.10.10.10 255.255.255.0
sw1(config-if)#no shut
sw1(config-if)#inter vlan 20
sw1(config-if)#ip address 10.10.20.10 255.255.255.0
sw1(config-if)#no shut
sw1(config-if)#ex
sw1(config)#spanning-tree vlan 10 root primary
PVST+生成树 实现负载分担
VLAN 10 bridge max aging time unchanged at 20
VLAN 10 bridge hello time unchanged at 2
VLAN 10 bridge forward delay unchanged at 15
sw1(config)#inter f0/0
sw1(config-if)#ip address 10.10.254.2 255.255.255.252
sw1(config-if)#no shut
sw1(config-if)#ex
sw1(config)#inter f
sw1(config)#inter f1/1 做Trunk链路
sw1(config-if)#switchport mode trunk
sw1(config-if)#inter f1/15
sw1(config-if)#switchport mode trunk
sw1(config-if)#ex
sw1(config)#no cdp run
sw1(config)#router ospf 110 配置OSPF
sw1(config-router)#router-id 10.10.1.201 route id 管理 ip地址 根据题目需求
sw1(config-router)#network 10.10.10.0 0.0.0.255 a 0 发布网络
sw1(config-router)#network 10.10.20.0 0.0.0.255 a 0
sw1(config-router)#network 10.10.254.0 0.0.0.3 a 0
sw1(config-router)#network 10.10.1.192 0.0.0.63 a 1
sw1(config-router)#area 1 stub no-summary 完全末梢区域
sw1(config-router)#do ping 10.10.1.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.10.1.1, timeout is 2 seconds:
!!!!!
sw1(config-router)#inter vlan 1
sw1(config-if)#standby 1 ip 10.10.1.254 配置 HSRP
sw1(config-if)#standby 1 track f0/0 监控接口
sw1(config-if)#standby 1 track f1/1
sw1(config-if)#standby 1 preempt 抢占
sw1(config-if)#standby 1 priority 120 优先级
在SW2上配置
sw2>en
sw2#conf t
sw2(config)#inter vlan 1 配置管理ip地址
sw2(config-if)#ip address 10.10.1.202 255.255.255.192
sw2(config-if)#no shut
sw2(config)#vlan 10
sw2(config-vlan)#vlan 20
sw2(config-vlan)#inter vlan 10 给vlan10 和 vlan成员 配置成员网关地址
sw2(config-if)#ip address 10.10.10.11 255.255.255.0
sw2(config-if)#no shut
sw2(config-if)#inter vlan 20
sw2(config-if)#ip address 10.10.20.11 255.255.255.0
sw2(config-if)#no shut
sw2(config)#spanning-tree vlan 20 root primary
负载分担
VLAN 20 bridge priority set to 8192
VLAN 20 bridge max aging time unchanged at 20
VLAN 20 bridge hello time unchanged at 2
VLAN 20 bridge forward delay unchanged at 15
sw2(config)#inter f1/1 Trunk链路
sw2(config-if)#switchport mode trunk
sw2(config-if)#inter f1/15
sw2(config-if)#switchport mode trunk
sw2(config-if)#ip address 10.10.254.6 255.255.255.252
sw2(config-if)#no shut
sw2(config-if)#ex
sw2(config)#no cdp run
sw2(config)#router ospf 110 配置OSPF协议
sw2(config-router)#router-id 10.10.1.202
sw2(config-router)#network 10.10.254.4 0.0.0.3 a 0 发布网络
sw2(config-router)#network 10.10.10.0 0.0.0.255 a 0
sw2(config-router)#network 10.10.20.0 0.0.0.255 a 0
sw2(config-router)#network 10.10.1.192 0.0.0.63 a 1
sw2(config-router)#area 1 stub no-summary
sw2(config-router)#inter vlan 1
sw2(config-if)#standby 1 ip 10.10.1.254 配置 HSRP
sw2(config-if)#standby 1 preempt
sw2(config-if)#standby 1 priority 115
sw2#write
在R1上配置
R1>en
R1#conf t
R1(config)#inter f0/0 给接口配置ip地址
R1(config-if)#ip address 10.10.254.1 255.255.255.252
R1(config-if)#no shut
R1(config-if)#inter f0/1
R1(config-if)#ip address 10.10.254.5 255.255.255.252
R1(config-if)#no shut
R1(config-if)#inter loop 0
R1(config-if)#ip address 10.10.1.1 255.255.255.255
R1(config-if)#no shut
R1(config-if)#inter f1/0
R1(config-if)#ip address 10.20.254.1 255.255.255.252
R1(config-if)#no shut
R1(config)#no cdp run
R1(config)#router ospf 110 配置 OSPF 协议
R1(config-router)#router-id 10.10.1.1
R1(config-router)#network 10.10.1.1 0.0.0.0 a 100
R1(config-router)#network 10.10.254.4 0.0.0.3 a 0
R1(config-router)#network 10.10.254.0 0.0.0.3 a 0
R1(config-router)#network 10.20.254.0 0.0.0.3 a 100
R1(config-router)#area 100 nssa no-summary
设置成 NSSA区域
R1(config-router)#ex
R1(config)#username benet password cisco 用户名和密码
R1(config)#enable secret 123 特权模式密码
R1(config)#line vty 0 4 远程
R1(config-line)#login local 本地登录
R1(config)#access-list 1 permit host 10.10.1.203 ACL访问控制列表 允许主机10.10.1.203访问
R1(config)#line vty 0 4
R1(config-line)#access-class 1 in 引用到接口里
R1(config-line)#end
R1#show ip route
10.0.0.0/8 is variably subnetted, 8 subnets, 4 masks
C 10.10.1.1/32 is directly connected, Loopback0
O 10.10.10.0/24 [110/11] via 10.10.254.6, 00:05:16, FastEthernet0/1
[110/11] via 10.10.254.2, 00:05:16, FastEthernet0/0
O 10.10.20.0/24 [110/11] via 10.10.254.6, 00:05:16, FastEthernet0/1
[110/11] via 10.10.254.2, 00:05:16, FastEthernet0/0
O N2 10.20.1.1/32 [110/20] via 10.20.254.2, 00:00:01, FastEthernet1/0
O IA 10.10.1.192/26 [110/11] via 10.10.254.6, 00:00:02, FastEthernet0/1
[110/11] via 10.10.254.2, 00:00:02, FastEthernet0/0
C 10.20.254.0/30 is directly connected, FastEthernet1/0
C 10.10.254.4/30 is directly connected, FastEthernet0/1
C 10.10.254.0/30 is directly connected, FastEthernet0/0
R1#write
Building configuration...
[OK]
R1#
在R2上配置
R2>en
R2#conf t
R2(config)#inter f0/0
R2(config-if)#ip address 10.20.254.2 255.255.255.252
R2(config-if)#no shut
R2(config-if)#inter loop 0
R2(config-if)#ip address 10.20.1.1 255.255.255.255
R2(config-if)#no shut
R2(config)#router ospf 110
R2(config-router)#router-id 10.20.1.1
R2(config-router)#network 10.20.254.0 0.0.0.3 a 100
R2(config-router)#area 100 nssa no-summary
R2(config)#no cdp run
R2(config)#router ospf 110
R2(config-router)#redistribute connected subnets
引入直连路由
R2#write
Building configuration...
[OK]
测试:
sw3#ping 10.10.1.1 pingR1的环回地址发现不通,后来确定没有把SW3 no ip routing 因为是三层交换机
ype escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.10.1.1, timeout is 2 seconds:
.....
sw3#conf t
sw3(config)#no ip routing
sw3(config)#end
sw3#ping 10.10.1.1 去掉了之后 重新ping
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.10.1.1, timeout is 2 seconds:
*Mar 1 00:23:42.039: %SYS-5-CONFIG_I: Configured from console by console!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 20/240/1064 ms
sw3#telnet 10.10.1.1 远程控制
Trying 10.10.1.1 ... Open
User Access Verification
Username: benet 用户名和密码
Password:
R1>exit 进入R1
[Connection to 10.10.1.1 closed by foreign host]
sw3#ping 10.20.1.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.20.1.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 52/279/1092 ms
sw3#ping 测试 HSRP是否正常 进行倒换测试
Protocol [ip]:
Target IP address: 10.20.1.1
Repeat count [5]: 10000
Datagram size [100]:
Timeout in seconds [2]:
Extended commands [n]:
Sweep range of sizes [n]:
Type escape sequence to abort.
Sending 10000, 100-byte ICMP Echos to 10.20.1.1, timeout is 2 seconds:
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!U.U.U.!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!
sw1#show standby brief SW1是 活跃路由器
Interface Grp Pri P State Active Standby Virtual IP
Vl1 1 120 P Active local 10.10.1.202 10.10.1.254
sw2#show standby brief SW2是备份路由器
Interface Grp Pri P State Active Standby Virtual IP
Vl1 1 115 P Standby 10.10.1.201 local 10.10.1.254