1.实验拓扑
2.实验要求
1、按照图示的VLAN及IP地址需求,完成相关配置
2、要求SW1为VLAN 2/3的主根及主网关
SW2为vlan 20/30的主根及主网关
SW1和SW2互为备份
3、可以使用super vlan
4、上层通过静态路由协议完成数据通信过程
5、AR1为企业出口路由器
6、要求全网可达
3.实验分析
1.对于接入层设备sw3以及sw4需要配置vlan以及在每个接口放通vlan,在0/0/1和0/0/2接口为access干道,在0/0/3和0/0/4接口为trunk干道需要放通所有vlan
2.配置IP:对于汇聚层设备,sw1和sw2分别为vlan2 3以及vlan20 30的网关所以需要采用vlanif接口进行配置使其具有三层功能
3.链路聚合:sw1和sw2中间的两条链路采用链路聚合技术,vlanif接口配ip
4.生成树协议:SW1为VLAN 2/3的主根及主网关,SW2为vlan 20/30的主根及主网关,所以这里需要采用mstp多生成树协议
5.上层链路通信使用rip协议,r1为企业路由器出口,r1以下的网络都为内网网络,做到全网可通此时需要采用nat技术
4.实验配置
(1)划分vlan以及配置接口
sw3
[sw3]vlan batch 2 3 20 30
[sw3]interface GigabitEthernet 0/0/1
[sw3]port link-type access
[sw3]port default vlan 2
[sw3]interface GigabitEthernet 0/0/2
[sw3]port link-type access
[sw3]port default vlan 3
[sw3]interface GigabitEthernet 0/0/3
[sw3]port link-type trunk
[sw3]port trunk allow-pass vlan 2 3 20 30
[sw3]interface GigabitEthernet 0/0/4
[sw3]port link-type trunk
[sw3]port trunk allow-pass vlan 2 3 20 30sw4
[sw4]vlan batch 2 3 20 30
[sw4]interface GigabitEthernet 0/0/1
[sw4]port link-type access
[sw4]port default vlan 20
[sw4]interface GigabitEthernet 0/0/2
[sw4]port link-type access
[sw4]port default vlan 30
[sw4]interface GigabitEthernet 0/0/3
[sw4]port link-type trunk
[sw4]port trunk allow-pass vlan 2 3 20 30
[sw4]interface GigabitEthernet 0/0/4
[sw4]port link-type trunk
[sw4]port trunk allow-pass vlan 2 3 20 30(2)vlanIF配置ip网关
sw1
[r1]vlan batch 2 3 20 30 101
[sw1]interface Vlanif 2
[sw1-Vlanif2]ip add 10.0.2.1 24
[sw1]int g0/0/3
[sw1-GigabitEthernet0/0/3]po li t
[sw1-GigabitEthernet0/0/3]po t al v 2 3 20 30
[sw1]interface Vlanif 101
[sw1-Vlanif101]ip add 10.0.0.9 30
[sw1]interface Vlanif 3
[sw1-Vlanif3]ip add 10.0.3.1 24
[sw1]int g0/0/4
[sw1-GigabitEthernet0/0/4]po li t
[sw1-GigabitEthernet0/0/4]po t al v 2 3 20 30sw2
[sw2]vlan batch 2 3 20 30 101
[sw2]interface Vlanif 20
[sw2-Vlanif2]ip add 10.0.20.1 24
[sw2]int g0/0/3
[sw2-GigabitEthernet0/0/3]po li t
[sw2-GigabitEthernet0/0/3]po t al v 2 3 20 30
[sw2]interface Vlanif 101
[sw2-Vlanif101]ip add 10.0.0.10 30
[sw2]interface Vlanif 30
[sw2-Vlanif3]ip add 10.0.30.1 24
[sw2]int g0/0/4
[sw2-GigabitEthernet0/0/4]po li t
[sw2-GigabitEthernet0/0/4]po t al v 2 3 20 30
(3)生成树协议
[sw1]stp mode mstp
[sw1]stp enable
[sw1]stp region-configuration
[sw1-mst-region]region-name hcip
[sw1-mst-region]instance 1 vlan 2 3
[sw1-mst-region]instance 2 vlan 20 30
[sw1-mst-region]active region-configuration
[sw1]stp instance 1 root primary
[sw1]stp instance 2 root secondary
[sw2]stp mode mstp
[sw2]stp enable
[sw2]stp region-configuration
[sw2-mst-region]region-name hcip
[sw2-mst-region]instance 1 vlan 2 3
[sw2-mst-region]instance 2 vlan 20 30
[sw2-mst-region]active region-configuration
[sw2]stp instance 2 root primary
[sw2]stp instance 1 root secondary[sw3]stp mode mstp
[sw3]stp enable
[sw3]stp region-configuration
[sw3-mst-region]region-name hcip
[sw3-mst-region]instance 1 vlan 2 3
[sw3-mst-region]instance 2 vlan 20 30
[sw3-mst-region]active region-configuration
[sw4]stp mode mstp
[sw4]stp enable
[sw4]stp region-configuration
[sw4-mst-region]region-name hcip
[sw4-mst-region]instance 1 vlan 2 3
[sw4-mst-region]instance 2 vlan 20 30
[sw4-mst-region]active region-configuration (4)链路聚合
汇聚层设备sw1以及sw2之间需要链路聚合
[sw1]interface e
[sw1]interface Eth-Trunk 0
[sw1-Eth-Trunk0]trunkport GigabitEthernet 0/0/1 to 0/0/2
[sw1-Eth-Trunk0]port link-type trunk
[sw1-Eth-Trunk0]port trunk allow-pass vlan 2 3 20 30 101
[sw2]interface e
[sw2]interface Eth-Trunk 0
[sw2-Eth-Trunk0]trunkport GigabitEthernet 0/0/1 to 0/0/2
[sw2-Eth-Trunk0]port link-type trunk
[sw2-Eth-Trunk0]port trunk allow-pass vlan 2 3 20 30 101
(5)配置上层网络
sw1
[sw1]vlan batch 99
[sw1]interface v
[sw1]interface Vlanif 99
[sw1-Vlanif99]ip add 10.0.0.1 30
[sw1]int g0/0/5
[sw1-GigabitEthernet0/0/5]po li a
[sw1-GigabitEthernet0/0/5]po de v 99
[sw1-GigabitEthernet0/0/4]int g0/0/4
[sw1-GigabitEthernet0/0/4]po li t
[sw1-GigabitEthernet0/0/4]po t al v 2 3 20 30
[sw1-GigabitEthernet0/0/4]int g0/0/3
[sw1-GigabitEthernet0/0/3]po li t
[sw1-GigabitEthernet0/0/3]po t al v 2 3 20 30sw2
[sw2]vlan batch 100
[sw2]interface v
[sw2]interface Vlanif 100
[sw2-Vlanif99]ip add 10.0.0.5 30
[sw2]int g0/0/5
[sw2-GigabitEthernet0/0/5]po li a
[sw2-GigabitEthernet0/0/5]po de v 100
[sw2-GigabitEthernet0/0/4]int g0/0/4
[sw2-GigabitEthernet0/0/4]po li t
[sw2-GigabitEthernet0/0/4]po t al v 2 3 20 30
[sw2-GigabitEthernet0/0/4]int g0/0/3
[sw2-GigabitEthernet0/0/3]po li t
[sw2-GigabitEthernet0/0/3]po t al v 2 3 20 30r1
[r1]int g0/0/1
[r1-GigabitEthernet0/0/1]ip add 10.0.0.2 30
[r1-GigabitEthernet0/0/1]int g0/0/2
[r1-GigabitEthernet0/0/2]ip add 10.0.0.6 30
[r1-GigabitEthernet0/0/2]int g0/0/0
[r1-GigabitEthernet0/0/0]ip add 202.1.1.1 30ISP
[ISP]int g0/0/0
[ISP-GigabitEthernet0/0/0]ip add 202.1.1.2 30
[ISP]int LoopBack 1
[ISP-LoopBack1]ip add 100.100.100.100 24
(6)rip协议
使上层网络能够通讯
sw1
[sw1]rip 1
[sw1-rip-1]vers
[sw1-rip-1]version 2
[sw1-rip-1]network 10.0.0.0
[sw1]ip route-static 0.0.0.0 0 10.0.0.2sw2
[sw2]rip 1
[sw2-rip-1]vers
[sw2-rip-1]version 2
[sw2-rip-1]network 10.0.0.0
[sw2]ip route-static 0.0.0.0 0 10.0.0.6r1
[r1]rip 1
[r1-rip-1]net
[r1-rip-1]network 10.0.0.0
[r1-rip-1]network 202.1.1.0验证
(7)NAT
使内网能够访问外网
r1
[r1]ip route-static 0.0.0.0 0 202.1.1.2
[r1]acl 2000
[r1-acl-basic-2000]rule permit source 10.0.0.0 0.0.255.255
[r1-acl-basic-2000]int g0/0/0
[r1-GigabitEthernet0/0/0]nat outbound 2000验证
5.实验结果验证
此时断开rw3的0/0/3接口
此时pc1还能访问
