HCIP小型园区网拓扑实验
1.拓扑以及需求
2.需求分析
需要的核心技术
1、虚拟局域网(VLAN)
2、链路聚合(E-trunk)
3、多生成树协议(MSTP)
4、VLANIF三层逻辑接口
5、虚拟路由冗余协议(VRRP)
6、动态主机配置协议(DHCP)
7、放式最短路径优先(OSPF)
8、网络地址转换协议(NAT)
第一步先从接入层入手划分vlan并放通,进行链路聚合等操作,第二步防止成环并给交换机做备份配置MSTP与VRRP,然后配置DHCP给PC分配IP(这里的DHCP也要做备份),此时二层交换部分就已经做完了。到了三层部分配置动态路由协议OSPF,在边界路由器配置NAT访问外网。
3.详细配置
3.1VLAN规划
LSW3
<SW3>system-view //进入用户试图 [SW3]vlan batch 2 3 20 30 //创建VLAN [SW3]interface GigabitEthernet 0/0/1 //进入接口 [SW3-GigabitEthernet0/0/1]port link-type access //将接口设为接入模式 [SW3-GigabitEthernet0/0/1]port default vlan 2 //将VLAN划入接口 <SW3>system-view [SW3]vlan batch 2 3 20 30 [SW3]interface GigabitEthernet 0/0/2 [SW3-GigabitEthernet0/0/2]port link-type access [SW3-GigabitEthernet0/0/2]port default vlan 3 <SW3>system-view [SW3]vlan batch 2 3 20 30 [SW3]port-group group-member GigabitEthernet 0/0/3 GigabitEthernet 0/0/4 //创建组接口批量操作 [SW3-GigabitEthernet0/0/3]port link-type trunk //将接口设为干道模式 [SW3-port-group]port trunk allow-pass vlan 2 3 20 30 //放行接口LSW4
<SW4>system-view [SW4]vlan batch 2 3 20 30 [SW4]interface GigabitEthernet 0/0/1 [SW4-GigabitEthernet0/0/1]port link-type access [SW4-GigabitEthernet0/0/1]port default vlan 20 <SW4>system-view [SW4]vlan batch 2 3 20 30 [SW4]interface GigabitEthernet 0/0/2 [SW4-GigabitEthernet0/0/2]port link-type access [SW4-GigabitEthernet0/0/2]port default vlan 30 <SW4>system-view [SW4]vlan batch 2 3 20 30 [SW4]port-group group-member GigabitEthernet 0/0/3 GigabitEthernet 0/0/4 [SW4-GigabitEthernet0/0/3]port link-type trunk [SW4-port-group]port trunk allow-pass vlan 2 3 20 30LSW1
<SW1>system-view [SW1]port-group group-member GigabitEthernet 0/0/3 GigabitEthernet 0/0/4 [SW1-port-group]port link-type trunk [SW1-port-group]port trunk allow-pass vlan 2 3 20 30LSW2
<SW2>system-view [SW2]port-group group-member GigabitEthernet 0/0/3 GigabitEthernet 0/0/4 [SW2-port-group]port link-type trunk [SW2-port-group]port trunk allow-pass vlan 2 3 20 30
3.2链路聚合
将多个物理接口捆绑成一个逻辑接口起到增加带宽,负载分担的作用。逻辑接口也要放通VLAN。
LSW1
[SW1]int Eth-Trunk 0 //创建逻辑接口 [SW1-Eth-Trunk0]trunkport GigabitEthernet 0/0/1 to 0/0/2LSW2
[SW2]int Eth-Trunk 0 //创建逻辑接口 [SW2-Eth-Trunk0]trunkport GigabitEthernet 0/0/1 to 0/0/2
3.3配置MSTP
LSW1
[SW1]stp enable //启用生成树协议 [SW1]stp mode mstp //将模式设置为mstp [SW1]stp region-configuration //进入mstp域配置视图 [SW1-mst-region]region-name aa //修改域名,默认域名为本地MAC地址 [SW1-mst-region]instance 1 vlan 2 3 //配置实例与VLAN的映射关系 [SW1-mst-region]instance 2 vlan 20 30 [SW1-mst-region]active region-configuration //激活域配置,如果没有激活,则前面的配置无效 [SW1]quit [SW1]stp instance 1 root primary //将SW1设定为实例1的主根 [SW1]stp instance 2 root secondary // //将SW1设定为实例2的副根LSW2
[SW2]stp enable [SW2]stp mode mstp [SW2]stp region-configuration [SW2-mst-region]region-name aa [SW2-mst-region]instance 1 vlan 2 3 [SW2-mst-region]instance 2 vlan 20 30 [SW2-mst-region]active region-configuration [SW2]quit [SW2]stp instance 2 root primary [SW2]stp instance 1 root secondaryLSW3
[SW3]stp enable [SW3]stp mode mstp [SW3]stp region-configuration [SW3-mst-region]region-name aa [SW3-mst-region]instance 1 vlan 2 3 [SW3-mst-region]instance 2 vlan 20 30 [SW3-mst-region]active region-configurationLSW4
[SW4]stp enable [SW4]stp mode mstp [SW4]stp region-configuration [SW4-mst-region]region-name aa [SW4-mst-region]instance 1 vlan 2 3 [SW4-mst-region]instance 2 vlan 20 30 [SW4-mst-region]active region-configuration [SW1]display stp region-configuration [SW1]display stp brief
3.4配置VLANIF
LSW1
[SW1]int Vlanif 2 //创建vlanif接口---逻辑三层接口 [SW1-Vlanif2]ip address 10.0.2.1 24 [SW1]int Vlanif 3 [SW1-Vlanif3]ip address 10.0.3.1 24 [SW1]int Vlanif 20 [SW1-Vlanif20]ip address 10.0.20.1 24 [SW1]int Vlanif 30 [SW1-Vlanif30]ip address 10.0.30.1 24LSW2
[SW2]int Vlanif 2 //创建vlanif接口---逻辑三层接口 [SW2-Vlanif2]ip address 10.0.2.129 24 //主机位配置129方便后续配置DHCP排除IP [SW2]int Vlanif 3 [SW2-Vlanif3]ip address 10.0.3.129 24 [SW2]int Vlanif 20 [SW2-Vlanif20]ip address 10.0.20.129 24 [SW2]int Vlanif 30 [SW2-Vlanif30]ip address 10.0.30.129 24
3.5配置VRRP
LSW1
[SW1]int Vlanif 2 [SW1-Vlanif2]vrrp vrid 2 virtual-ip 10.0.2.254 //配置虚拟路由器IP作为PC网关 [SW1-Vlanif2]vrrp vrid 2 priority 120 //提高优先级为master状态 [SW1]int Vlanif 3 [SW1-Vlanif3]vrrp vrid 3 virtual-ip 10.0.3.254 [SW1-Vlanif3]vrrp vrid 3 priority 120 [SW1]int Vlanif 20 [SW1-Vlanif20]vrrp vrid 20 virtual-ip 10.0.20.254 //作为虚拟路由器的备份网关,不需要提高优先级 [SW1]int Vlanif 30 [SW1-Vlanif30]vrrp vrid 30 virtual-ip 10.0.30.254LSW2
[SW1]int Vlanif 2 [SW1-Vlanif2]vrrp vrid 2 virtual-ip 10.0.2.254 [SW1]int Vlanif 3 [SW1-Vlanif3]vrrp vrid 3 virtual-ip 10.0.3.254 [SW1]int Vlanif 20 [SW1-Vlanif20]vrrp vrid 20 virtual-ip 10.0.20.254 [SW1-Vlanif20]vrrp vrid 20 priority 120 [SW1]int Vlanif 30 [SW1-Vlanif30]vrrp vrid 30 virtual-ip 10.0.30.254 [SW1-Vlanif30]vrrp vrid 30 priority 120 <SW1>display vrrp brief
3.6配置DHCP
配置的DHCP也要备份,因此采用排除一半地址池的办法 ,留一半给备份设备分配
LSW1
[SW1]dhcp enable [SW1]ip pool vlan2 //创建名为vlan2的IP地址池 [SW1-ip-pool-vlan2]network 10.0.2.0 mask 24 //宣告网段 [SW1-ip-pool-vlan2]gateway-list 10.0.2.254 //设置网关 [SW1-ip-pool-vlan2]dns-list 8.8.8.8 //域名解析服务器 [SW1-ip-pool-vlan2]excluded-ip-address 10.0.2.129 10.0.2.253 //排除地址池一半的IP [SW1]int Vlanif 2 [SW1-Vlanif2]dhcp select global [SW1]ip pool vlan3 [SW1-ip-pool-vlan3]network 10.0.3.0 mask 24 [SW1-ip-pool-vlan3]gateway-list 10.0.3.254 [SW1-ip-pool-vlan3]dns-list 8.8.8.8 [SW1-ip-pool-vlan3]excluded-ip-address 10.0.3.129 10.0.3.253 [SW1]int Vlanif 3 [SW1-Vlanif3]dhcp select global [SW1]ip pool vlan20 [SW1-ip-pool-vlan20]network 10.0.20.0 mask 24 [SW1-ip-pool-vlan20]gateway-list 10.0.20.254 [SW1-ip-pool-vlan20]dns-list 8.8.8.8 [SW1-ip-pool-vlan20]excluded-ip-address 10.0.20.129 10.0.20.253 [SW1]int Vlanif 20 [SW1-Vlanif3]dhcp select global [SW1]ip pool vlan30 [SW1-ip-pool-vlan30]network 10.0.30.0 mask 24 [SW1-ip-pool-vlan30]gateway-list 10.0.30.254 [SW1-ip-pool-vlan30]dns-list 8.8.8.8 [SW1-ip-pool-vlan30]excluded-ip-address 10.0.30.129 10.0.30.253 [SW1]int Vlanif 30 [SW1-Vlanif3]dhcp select globalLSW2
[SW1]dhcp enable [SW1]ip pool vlan2 [SW1-ip-pool-vlan2]network 10.0.2.0 mask 24 [SW1-ip-pool-vlan2]gateway-list 10.0.2.254 [SW1-ip-pool-vlan2]dns-list 8.8.8.8 [SW1-ip-pool-vlan2]excluded-ip-address 10.0.2.1 10.0.2.128 [SW1]int Vlanif 2 [SW1-Vlanif2]dhcp select global [SW1]ip pool vlan3 [SW1-ip-pool-vlan3]network 10.0.3.0 mask 24 [SW1-ip-pool-vlan3]gateway-list 10.0.3.254 [SW1-ip-pool-vlan3]dns-list 8.8.8.8 [SW1-ip-pool-vlan3]excluded-ip-address 10.0.3.1 10.0.3.128 [SW1]int Vlanif 3 [SW1-Vlanif3]dhcp select global [SW1]ip pool vlan20 [SW1-ip-pool-vlan20]network 10.0.20.0 mask 24 [SW1-ip-pool-vlan20]gateway-list 10.0.20.254 [SW1-ip-pool-vlan20]dns-list 8.8.8.8 [SW1-ip-pool-vlan20]excluded-ip-address 10.0.20.1 10.0.20.128 [SW1]int Vlanif 20 [SW1-Vlanif3]dhcp select global [SW1]ip pool vlan30 [SW1-ip-pool-vlan30]network 10.0.30.0 mask 24 [SW1-ip-pool-vlan30]gateway-list 10.0.30.254 [SW1-ip-pool-vlan30]dns-list 8.8.8.8 [SW1-ip-pool-vlan30]excluded-ip-address 10.0.30.1 10.0.30.128 [SW1]int Vlanif 30 [SW1-Vlanif3]dhcp select globalPC1的IP
PC3的IP
此时二层的配置就已经全部做完了
3.7配置接口IP
AR1
<R1>system-view [R1]int g0/0/0 [R1-GigabitEthernet0/0/0]ip address 202.1.1.1 24 [R1]int g0/0/1 [R1-GigabitEthernet0/0/1]ip address 10.0.0.2 30 [R1]int g0/0/2 [R1-GigabitEthernet0/0/2]ip address 10.0.0.6 30AR2
<R2>system-view [R2]int g0/0/0 [R2-GigabitEthernet0/0/0]ip add 202.1.1.2 30 [R2]int LoopBack 0 [R2-LoopBack0]ip add 100.100.100.100 32SW1
<SW1>system-view [SW1]vlan 13 101 [SW1]interface Vlanif 13 [SW1-Vlanif101]ip address 10.0.0.9 30 [SW1]interface Vlanif 101 [SW1-Vlanif101]ip address 10.0.0.1 30 [SW1]int Eth-Trunk 12 [SW1-Eth-Trunk12]port link-type trunk [SW1-Eth-Trunk12]port trunk allow-pass vlan 13 [SW1]int g0/0/5 [SW1-GigabitEthernet0/0/5]port link-type access [SW1-GigabitEthernet0/0/5]port default vlan 101SW2
<SW2>system-view [SW2]vlan 13 102 [SW2]interface Vlanif 13 [SW2-Vlanif13]ip address 10.0.0.10 30 [SW2]interface Vlanif 102 [SW2-Vlanif101]ip address 10.0.0.5 30 [SW2]int Eth-Trunk 12 [SW1-Eth-Trunk12]port link-type trunk [SW1-Eth-Trunk12]port trunk allow-pass vlan 13 [SW2]int g0/0/5 [SW2-GigabitEthernet0/0/5]port link-type access [SW2-GigabitEthernet0/0/5]port default vlan 102
3.8配置OSPF
这里防止防止上行链路故障SW1与SW2也要建立邻接关系
AR1
<R1>system-view [R1]ospf 1 [R1-ospf-1]area 0 [R1-ospf-1-area-0.0.0.0]network 10.0.0.2 0.0.0.0 [R1-ospf-1-area-0.0.0.0]network 10.0.0.6 0.0.0.0SW1
<SW1>system-view [SW1]ospf 1 [SW1-ospf-1]area 0 [SW1-ospf-1-area-0.0.0.0]network 10.0.0.1 0.0.0.0 [SW1-ospf-1-area-0.0.0.0]network 10.0.0.9 0.0.0.0 [SW1-ospf-1-area-0.0.0.0]network 10.0.2.1 0.0.0.0 [SW1-ospf-1-area-0.0.0.0]network 10.0.3.1 0.0.0.0 [SW1-ospf-1-area-0.0.0.0]network 10.0.20.1 0.0.0.0 [SW1-ospf-1-area-0.0.0.0]network 10.0.30.1 0.0.0.0 [SW1-ospf-1]display ospf peer briefSW2
<SW2>system-view [SW2]ospf 1 [SW2-ospf-1]area 0 [SW2-ospf-1-area-0.0.0.0]network 10.0.0.5 0.0.0.0 [SW2-ospf-1-area-0.0.0.0]network 10.0.0.10 0.0.0.0 [SW2-ospf-1-area-0.0.0.0]network 10.0.2.129 0.0.0.0 [SW2-ospf-1-area-0.0.0.0]network 10.0.3.129 0.0.0.0 [SW2-ospf-1-area-0.0.0.0]network 10.0.20.129 0.0.0.0 [SW2-ospf-1-area-0.0.0.0]network 10.0.30.129 0.0.0.0 [SW1-ospf-1]display ospf peer brief
从邻居表中可以看到数据的重复更新,可以配置静默接口来使接口不发送与接收OSPF报文
[SW1-ospf-1]silent-interface Vlanif 2 [SW1-ospf-1]silent-interface Vlanif 3 [SW1-ospf-1]silent-interface Vlanif 20 [SW1-ospf-1]silent-interface Vlanif 30 [SW2-ospf-1]silent-interface Vlanif 2 [SW2-ospf-1]silent-interface Vlanif 3 [SW2-ospf-1]silent-interface Vlanif 20 [SW2-ospf-1]silent-interface Vlanif 30
3.9配置NAT
AR1
<R1>system-view [R1]acl 2000 //创建ACL列表2000 2000-2999为标准ACL,一个编号为一张大表 [R1-acl-basic-2000]rule 5 permit source 10.0.0.0 0.0.255.255 使用通配符进行匹配,通配符支持0,1混编 [R1]int g0/0/0 [R1-GigabitEthernet0/0/0]nat outbound 2000 //出接口调用acl 2000
实验补充
边界路由器配置缺省
[R1]ip route-static 0.0.0.0 0 202.1.1.2
OSPF边界路由器下发缺省
[R1]ospf 1 [R1-ospf-1]default-route-advertise //后面不用跟always,因为已经配置了指向外网的静态缺省路由
使用PC1去ping100.100.100.100
