HCIP【VRRP、MSTP、VLAN综合实验】

一、实验拓扑图：

编辑二、实验要求

三、实验思路

四、实验步骤

（1） eth-trunk技术配置

（2）vlan 技术配置

（3）配置SW1、SW2、AR1、ISP的IP地址

（4）在交换机SW1、SW2、SW3、SW4上面配置MSTP

（5）配置虚拟网段

（6）三层交换机开启DHCP服务使PC获得IP地址

PC开启DHCP服务：

（7）内网使用路由协议（ospf）使内网全通

（8）全网通测试

一、实验拓扑图：

二、实验要求

1、内网IP地址使用172.16.0.0/16

2、SW1和sw2之间互为备份;

3、VRRP/stp/vlan/eth-trunk均使用;

4、所有pc均通过DHCP获取IP地址;

5、ISP只配置IP地址;

6、所有电脑可以正常访问ISP路由器环回

三、实验思路

首先我们是要在交换机上面进行配置，然后才是路由器的配置（明确配置设备的顺序）
在交换机上面要进行VRRP/stp/vlan/eth-trunk这么多技术的配置要有先后顺序：(这是我选择的顺序)eth-trunk > vlan > stp > vrrp以上顺序是根据网络分层模型从底层到高层的逻辑进行的，同时也考虑到了实际网络中的稳定性和可用性需求。在实际实验操作中，可能需要根据具体的网络环境和实验目的进行适当的调整。
然后给设备配置IP地址（PC使用DHCP协议获取）
搞通私网、公网
最后实现全网达

四、实验步骤

交换机SW1、SW2、SW3、SW4 和路由器AR1、ISP的配置

（1） eth-trunk技术配置

[SW1]int Eth-Trunk 0

[SW1-Eth-Trunk0]trunkport GigabitEthernet 0/0/1 to 0/0/2



[SW2]int Eth-Trunk 0

[SW2-Eth-Trunk0]trunkport GigabitEthernet 0/0/1 to 0/0/2

（2）vlan 技术配置

SW3:

[SW3]int g0/0/1

[SW3-GigabitEthernet0/0/1]port link-type access

[SW3-GigabitEthernet0/0/1]port default vlan 2

[SW3-GigabitEthernet0/0/1]int g0/0/1

[SW3-GigabitEthernet0/0/1]int g0/0/2

[SW3-GigabitEthernet0/0/2]port link-type access

[SW3-GigabitEthernet0/0/2]port default vlan 3

[SW3-GigabitEthernet0/0/2]int g0/0/3

[SW3-GigabitEthernet0/0/3]port link-type trunk

[SW3-GigabitEthernet0/0/3]port trunk allow-pass vlan 2 3

[SW3-GigabitEthernet0/0/3]int g0/0/4

[SW3-GigabitEthernet0/0/4]port link-type trunk

[SW3-GigabitEthernet0/0/4]port trunk allow-pass vlan 2 3

[SW3-GigabitEthernet0/0/4]

SW4：

[SW4]vlan batch  2 3

[SW4]int g0/0/1

[SW4-GigabitEthernet0/0/1]p l a

[SW4-GigabitEthernet0/0/1]port default vlan 2

[SW4-GigabitEthernet0/0/1]int g0/0/2

[SW4-GigabitEthernet0/0/2]p l a

[SW4-GigabitEthernet0/0/2]port default vlan 3

[SW4-GigabitEthernet0/0/2]int g0/0/3

[SW4-GigabitEthernet0/0/3]p l t

[SW4-GigabitEthernet0/0/3]port trunk allow-pass vlan 2 3

[SW4-GigabitEthernet0/0/3]int g0/0/4

[SW4-GigabitEthernet0/0/4]p l t

[SW4-GigabitEthernet0/0/4]port trunk allow-pass vlan 2 3

[SW4-GigabitEthernet0/0/4]

SW1:

[SW1]vlan batch 2 3 10 20

[SW1]int Eth-Trunk 0

[SW1-Eth-Trunk0]trunkport GigabitEthernet 0/0/1 to 0/0/2

[SW1-Eth-Trunk0]p l t

[SW1-Eth-Trunk0]port trunk allow-pass vlan 2 3

[SW1-Eth-Trunk0]q

[SW1]int g0/0/3

[SW1-GigabitEthernet0/0/3]p l t

[SW1-GigabitEthernet0/0/3]port trunk allow-pass vlan 2 3

[SW1-GigabitEthernet0/0/3]int g0/0/4

[SW1-GigabitEthernet0/0/4]p l t

[SW1-GigabitEthernet0/0/4]port trunk allow-pass vlan 2 3

[SW1-GigabitEthernet0/0/4]int g0/0/5

[SW1-GigabitEthernet0/0/5]p l a

[SW1-GigabitEthernet0/0/5]port default vlan 10

[SW1-GigabitEthernet0/0/5]

SW2：

[SW2]vlan batch  2 3 10 20

[SW2]int Eth-Trunk 0

[SW2-Eth-Trunk0]trunkport GigabitEthernet 0/0/1 to 0/0/2

[SW2-Eth-Trunk0]p l t

[SW2-Eth-Trunk0]port trunk allow-pass vlan 2 3

[SW2-Eth-Trunk0]int g0/0/3

[SW2-GigabitEthernet0/0/3]p l t

[SW2-GigabitEthernet0/0/3]port trunk allow-pass vlan 2 3

[SW2-GigabitEthernet0/0/3]int g0/0/4

[SW2-GigabitEthernet0/0/4]p l t

[SW2-GigabitEthernet0/0/4]port trunk allow-pass vlan 2 3

[SW2-GigabitEthernet0/0/4]int g0/0/5

[SW2-GigabitEthernet0/0/5]p l a

[SW2-GigabitEthernet0/0/5]port default vlan 20

[SW2-GigabitEthernet0/0/5]

（3）配置SW1、SW2、AR1、ISP的IP地址

SW1:

[SW1]int Vlanif 2

[SW1-Vlanif2]ip add 172.16.0.1 26

[SW1-Vlanif2]q

[SW1]int Vlanif 3

[SW1-Vlanif3]ip add 172.16.0.65 26

[SW1]int Vlanif 10

[SW1-Vlanif10]ip add 172.16.0.129 26

[SW1-Vlanif10]q

[SW1]dis ip int bri

SW2:

[SW2]int Vlanif 2

[SW2-Vlanif2]ip add 172.16.0.2 26

[SW2-Vlanif2]q

[SW2]int Vlanif 3

[SW2-Vlanif3]ip add 172.16.0.66 26

[SW2-Vlanif3]q

[SW2]int Vlanif 20

[SW2-Vlanif20]ip add 172.16.0.193 26

[SW2-Vlanif20]q

[SW2]dis ip int bri

R1:

[R1]int g0/0/1

[R1-GigabitEthernet0/0/1]ip add 172.16.0.130 26

[R1-GigabitEthernet0/0/1]int g0/0/2

[R1-GigabitEthernet0/0/2]ip add 172.16.0.194 26

[R1-GigabitEthernet0/0/2]q

[R1]int g0/0/0

[R1-GigabitEthernet0/0/0]ip add 12.0.0.1 24

[R1]dis ip int bri

ISP:

[ISP]int g0/0/0

[ISP-GigabitEthernet0/0/0]ip add 12.0.0.2 24

[ISP-GigabitEthernet0/0/0]int l0

[ISP-LoopBack0]ip add 2.2.2.2 24

[ISP-LoopBack0]q

[ISP]dis ip int bri

（4）在交换机SW1、SW2、SW3、SW4上面配置MSTP

SW1:

[SW1]stp enable

[SW1]stp mode mstp

[SW1]stp region-configuration

[SW1-mst-region]region-name gxc1

[SW1-mst-region]instance 1 vlan 2

[SW1-mst-region]instance 2 vlan 3

[SW1-mst-region]active region-configuration  #激活区域配置模式

[SW1-mst-region]q

[SW1]stp instance 1 root primary

[SW1]stp instance 2 root secondary

SW2:

[SW2]stp enable

[SW2]stp mode mstp

[SW2]stp region-configuration

[SW2-mst-region]region-name gxc1

[SW2-mst-region]instance 1 vlan 2

[SW2-mst-region]instance 2 vlan 3

[SW2-mst-region]active region-configuration

[SW2-mst-region]q

[SW2]stp instance 1 root secondary

[SW2]stp instance 2 root primary

SW3:

[SW3]stp enable

[SW3]stp mode mstp

[SW3]stp region-configuration

[SW3-mst-region]region-name gxc1

[SW3-mst-region]instance 1 vlan 2

[SW3-mst-region]instance 2 vlan 3

[SW3-mst-region]active region-configuration

[SW3-mst-region]q

[SW3]port-group group-member GigabitEthernet 0/0/1 to g0/0/2

[SW3-port-group]stp edged-port enable       #设置STP边缘端口，不再参与STP选举

[SW3]stp bpdu-protection                  #设置STP BPDU保护

SW4:

[SW4]stp enable

[SW4]stp mode mstp

[SW4]stp region-configuration

[SW4-mst-region]region-name gxc1

[SW4-mst-region]instance 1 vlan 2

[SW4-mst-region]instance 2 vlan 3

[SW4-mst-region]active region-configuration

[SW4-mst-region]q

[SW4]port-group group-member GigabitEthernet 0/0/1 to g0/0/2

[SW4-port-group]stp edged-port enable

[SW4]stp bpdu-protection

（5）配置虚拟网段

SW1:

[SW1]int Vlanif 2

[SW1-Vlanif2]vrrp vrid 1 virtual-ip 172.16.0.62

[SW1-Vlanif2]vrrp vrid 1 priority 120

[SW1-Vlanif2]vrrp vrid 1 track interface g0/0/5    #跟踪相应的接口

[SW1-Vlanif2]vrrp vrid 1 track interface g0/0/5 reduced 30  #减小接口对应的优先级

[SW1-Vlanif2]q

[SW1]int Vlanif 3

[SW1-Vlanif3]vrrp vrid 2 virtual-ip 172.16.0.126

SW2:

[SW2-Vlanif2]vrrp vrid 1 virtual-ip 172.16.0.62

[SW2-Vlanif2]q

[SW2]int Vlanif 3

[SW2-Vlanif3]vrrp vrid 2 virtual-ip 172.16.0.126

[SW2-Vlanif3]vrrp vrid 2 priority 120

[SW2-Vlanif3]vrrp vrid 2 track interface Vlanif 20

[SW2-Vlanif3]vrrp vrid 2 track interface Vlanif 20 reduced 30

（6）三层交换机开启DHCP服务使PC获得IP地址

SW1:

[SW1]DHCP enable

[SW1]ip pool aa

[SW1-ip-pool-aa]network 172.16.0.0 mask 26

[SW1-ip-pool-aa]gateway-list 172.16.0.62

[SW1-ip-pool-aa]dns-list 8.8.8.8

[SW1-ip-pool-aa]q

[SW1]int Vlanif 2

[SW1-Vlanif2]dhcp select global

[SW1-Vlanif2]q

[SW1]ip pool bb

[SW1-ip-pool-bb]network 172.16.0.64 mask 26

[SW1-ip-pool-bb]gateway-list 172.16.0.126

[SW1-ip-pool-bb]dns-list 8.8.8.8

[SW1-ip-pool-bb]q

[SW1]int Vlanif 3

[SW1-Vlanif3]dhcp select global

[SW1-Vlanif3]q

[SW1]

SW2:

[SW2]dhcp enable

[SW2]ip pool aa

[SW2-ip-pool-aa]network 172.16.0.0 mask 26

[SW2-ip-pool-aa]gateway-list 172.16.0.62

[SW2-ip-pool-aa]dns-list 8.8.8.8

[SW2-ip-pool-aa]q

[SW2]int Vlanif 2

[SW2-Vlanif2]dhcp select global

[SW2-Vlanif2]q

[SW2]ip pool bb

[SW2-ip-pool-bb]network 172.16.0.64 mask 26

[SW2-ip-pool-bb]gateway-list 172.16.0.126

[SW2-ip-pool-bb]dns-list 8.8.8.8

[SW2-ip-pool-bb]q

[SW2]int Vlanif 3

[SW2-Vlanif3]dhcp select global

[SW2-Vlanif3]q

PC开启DHCP服务：

PC1:

PC2:

PC3:

PC4:

（7）内网使用路由协议（ospf）使内网全通

R1:

[R1]ospf 1 router-id 1.1.1.1

[R1-ospf-1]a 0

[R1-ospf-1-area-0.0.0.0]network 172.16.0.128 0.0.0.63

[R1-ospf-1-area-0.0.0.0]network 172.16.0.192 0.0.0.63

[R1-ospf-1-area-0.0.0.0]q

[R1]dis ospf peer bri

[R1]ip route-static 0.0.0.0 0 12.0.0.2

[R1]acl 2000

[R1-acl-basic-2000]rule permit source 172.16.0.0 0.0.0.255

[R1-acl-basic-2000]q

[R1]int g0/0/0

[R1-GigabitEthernet0/0/0]nat outbound 2000

[R1-GigabitEthernet0/0/0]q

[R1]ospf 1

[R1-ospf-1]default-route-advertise

[R1-ospf-1]q

SW1:

[SW1]ospf 1 router-id 2.2.2.2

[SW1-ospf-1]a 0

[SW1-ospf-1-area-0.0.0.0]network 172.16.0.128 0.0.0.63

[SW1-ospf-1-area-0.0.0.0]network 172.16.0.0 0.0.0.63

[SW1-ospf-1-area-0.0.0.0]network 172.16.0.64 0.0.0.63

[SW1-ospf-1-area-0.0.0.0]q

[SW1-ospf-1]q

[SW1]dis ospf peer bri

SW2:

[SW2]ospf 1 router-id 3.3.3.3

[SW2-ospf-1]a 0

[SW2-ospf-1-area-0.0.0.0]network 172.16.0.192 0.0.0.63

[SW2-ospf-1-area-0.0.0.0]network 172.16.0.0 0.0.0.63

[SW2-ospf-1-area-0.0.0.0]network 172.16.0.64 0.0.0.63

[SW2-ospf-1-area-0.0.0.0]q

[SW2-ospf-1]q

[SW2]dis ospf peer bri