一、实验拓扑图
二、实验要求
1.内网1P地坊用172.16.0.0/16分配
2.SW1和SW2之间互为备份
3.VRRP/STP/VLAN/Eth-trunk均使用
4.所有PC均通过DHCP获取IP地址
5.ISP路由器只能配置IP地址
6.所有电脑可以正常访问ISP路由器环回
三、实验步骤
1. 创建VLAN并配置端口模式
在所有交换机(LSW1、LSW2、LSW3、LSW4)上创建VLAN2和VLAN3:
system-view
vlan batch 2 3
-
配置连接PC的端口为Access模式并分配VLAN:
-
LSW3:
interface GigabitEthernet 0/0/1 # PC1(VLAN2)
port link-type access
port default vlan 2
interface GigabitEthernet 0/0/2 # PC2(VLAN3)
port link-type access
port default vlan 3 -
LSW4:
interface GigabitEthernet 0/0/1 # PC3(VLAN2)
port link-type access
port default vlan 2
interface GigabitEthernet 0/0/2 # PC4(VLAN3)
port link-type access
port default vlan 3 -
配置交换机间互联端口为Trunk模式,允许VLAN2和VLAN3通过:
LSW1与LSW2之间的端口(GE0/0/1、GE0/0/2):interface GigabitEthernet 0/0/1
port link-type trunk
port trunk allow-pass vlan 2 3
interface GigabitEthernet 0/0/2
port link-type trunk
port trunk allow-pass vlan 2 3- 其他Trunk链路(如LSW1↔LSW3、LSW1↔LSW4等)同理配置。
2. 配置Eth-Trunk链路(SW1与SW2之间)
-
在SW1和SW2上创建Eth-Trunk并绑定物理端口:
interface Eth-Trunk 1
mode lacp-static # 使用LACP协议
trunkport GigabitEthernet 0/0/1 0/0/2 # 绑定端口
port link-type trunk
port trunk allow-pass vlan 2 3
3. 配置MSTP(多生成树协议)
-
在所有交换机上配置MSTP域并划分实例:
stp region-configuration
region-name MSTP_DOMAIN
revision-level 1
instance 1 vlan 2 # VLAN2映射到Instance1
instance 2 vlan 3 # VLAN3映射到Instance2
active region-configuration
stp enable -
设置SW1为Instance1的主根和Instance2的备份根:
stp instance 1 root primary
stp instance 2 root secondary -
设置SW2为Instance2的主根和Instance1的备份根:
stp instance 2 root primary
stp instance 1 root secondary
4. 配置VLAN接口和DHCP服务
- 在SW1和SW2上为VLAN2和VLAN3配置接口IP并启用DHCP:
-
SW1:
interface Vlanif 2
ip address 172.16.2.1 24
dhcp select interface # 启用DHCP服务
interface Vlanif 3
ip address 172.16.3.1 24
dhcp select interface -
SW2:
interface Vlanif 2
ip address 172.16.2.2 24
dhcp select interface
interface Vlanif 3
ip address 172.16.3.2 24
dhcp select interface
-
5. 配置VRRP实现网关冗余
- 在SW1和SW2的VLAN接口上配置VRRP虚拟IP:
-
VLAN2(虚拟IP:172.16.2.100):
interface Vlanif 2
vrrp vrid 2 virtual-ip 172.16.2.100
vrrp vrid 2 priority 120 # SW1为主网关 -
VLAN3(虚拟IP:172.16.3.100):
interface Vlanif 3
vrrp vrid 3 virtual-ip 172.16.3.100
vrrp vrid 3 priority 100 # SW1为备份网关 -
SW2配置相反优先级:
interface Vlanif 2
vrrp vrid 2 virtual-ip 172.16.2.100
vrrp vrid 2 priority 100 # SW2为备份网关
interface Vlanif 3
vrrp vrid 3 virtual-ip 172.16.3.100
vrrp vrid 3 priority 120 # SW2为主网关
-
6. 配置路由和NAT
-
在SW1和SW2上配置默认路由指向AR1和AR2:
ip route-static 0.0.0.0 0.0.0.0 172.16.0.1 # AR1的接口IP
ip route-static 0.0.0.0 0.0.0.0 172.16.0.2 # AR2的接口IP(可选) -
在AR1上配置NAT和默认路由:
interface GigabitEthernet 0/0/0 # 连接ISP的接口
ip address 200.1.1.1 24
nat outbound # 启用NAT
ip route-static 0.0.0.0 0.0.0.0 200.1.1.254 # 指向ISP -
ISP路由器仅配置接口IP和环回地址:
interface GigabitEthernet 0/0/0
ip address 200.1.1.254 24
interface LoopBack 0
ip address 8.8.8.8 32
四、实验结果
1、验证VLAN及端口模式:
2、主根与配根的配置
3、vrrp的配置
sw1的vrrp vrid 2设置为master,3设置为backup:
sw2的vrrp vrid 3设置为master,2设置为backup:
4、ping指令
ping通公网ip,开启nat服务
ping通isp:
