HCIP拓扑实验

最新推荐文章于 2025-11-22 10:45:21 发布

原创最新推荐文章于 2025-11-22 10:45:21 发布 · 366 阅读

5 ·

CC 4.0 BY-SA版权

文章标签：

#智能路由器

1.拓扑图

2. 需求

1.按照图示的VLAN及IP地址需求，完成相关配需

2.要求SW1为VLAN 2/3的主根及主网关，SW2为vlan 20/30的主根及主网关，SW1和SW2互为备份

3.上层通过静态路由协议完成数据通信过程

4.AR1为企业出口路由器

5.要求全网可达

3.分析

1、VLAN及IP地址配置：

VLAN 2: 10.0.2.0/24

VLAN 3: 10.0.3.0/24

VLAN 20: 10.0.20.0/24

VLAN 30: 10.0.30.0/24

2、主根及主网关配置：

SW1需要配置为VLAN 2和VLAN 3的主根和主网关。

SW2需要配置为VLAN 20和VLAN 30的主根和主网关。

备份配置：

SW1和SW2互为备份。运用VRRP，在一个交换机故障时，另一个可以接管工作。

3. 静态路由协议：

上层网络需要通过静态路由协议来完成数据通信过程。这意味着需要在路由器上配置静态路由，以确保不同VLAN之间的通信。

4.企业出口路由器：

负责与外部网络的连接。需要在AR1上配置适当的路由和NAT/PAT规则，以允许内部网络访问外部网络。

5.全网可达性：

所有设备都可以互相通信。配置路由协议，确保所有设备的IP地址和子网掩码正确，确保没有ACL阻止通信。

4.配置

创建vlan和链路聚合

[lsw1]vlan batch 2 3 20 30
[lsw1]int Eth-Trunk 0
[lsw1-Eth-Trunk0]trunkport GigabitEthernet 0/0/1 to 0/0/2    
[lsw1-Eth-Trunk0]port link-type trunk 
[lsw1-Eth-Trunk0]port trunk allow-pass vlan 2 3 20 30
[lsw1-Eth-Trunk0]q
[lsw1]int g0/0/3    
[lsw1-GigabitEthernet0/0/3]port link-type trunk     
[lsw1-GigabitEthernet0/0/3]port trunk allow-pass vlan 2 3 20 30
[lsw1-GigabitEthernet0/0/3]int g0/0/4
[lsw1-GigabitEthernet0/0/4]port link-type trunk     
[lsw1-GigabitEthernet0/0/4]port trunk allow-pass vlan 2 3 20 30
[lsw1-GigabitEthernet0/0/4]q
[lsw2]vlan batch 2 3 20 30
[lsw2]int Eth-Trunk 0    
[lsw2-Eth-Trunk0]trunkport GigabitEthernet 0/0/1 to 0/0/2
[lsw2-Eth-Trunk0]q
[lsw2]int g0/0/3
[lsw2-GigabitEthernet0/0/3]port link-type trunk 
[lsw2-GigabitEthernet0/0/3]port trunk allow-pass vlan 2 3 20 30
[lsw2-GigabitEthernet0/0/3]int g0/0/4
[lsw2-GigabitEthernet0/0/4]port link-type trunk
[lsw2-GigabitEthernet0/0/4]port trunk allow-pass vlan 2 3 20 30
[lsw3]vlan batch 2 3 20 30
[lsw3]int g0/0/1
[lsw3-GigabitEthernet0/0/1]port link-type access 
[lsw3-GigabitEthernet0/0/1]port default  vlan 2
[lsw3-GigabitEthernet0/0/1]int g0/0/2
[lsw3-GigabitEthernet0/0/2]port link-type access 
[lsw3-GigabitEthernet0/0/2]port default vlan 3
[lsw3-GigabitEthernet0/0/2]int g0/0/3
[lsw3-GigabitEthernet0/0/3]port link-type trunk     
[lsw3-GigabitEthernet0/0/3]port trunk allow-pass vlan 2 3 20 30
[lsw3-GigabitEthernet0/0/3]int g0/0/4
[lsw3-GigabitEthernet0/0/4]port link-type trunk     
[lsw3-GigabitEthernet0/0/4]port trunk allow-pass vlan 2 3 20 30
[lsw4]vlan batch 2 3 20 30
[lsw4-GigabitEthernet0/0/1]port link-type access     
[lsw4-GigabitEthernet0/0/1]port default vlan 20
[lsw4-GigabitEthernet0/0/1]int g0/0/2
[lsw4-GigabitEthernet0/0/2]port link-type access     
[lsw4-GigabitEthernet0/0/2]port default vlan 30
[lsw4-GigabitEthernet0/0/2]int g0/0/3
[lsw4-GigabitEthernet0/0/3]port link-type trunk 
[lsw4-GigabitEthernet0/0/3]port trunk allow-pass vlan 2 3 20 30
[lsw4-GigabitEthernet0/0/3]int g0/0/4
[lsw4-GigabitEthernet0/0/4]port link-type trunk 
[lsw4-GigabitEthernet0/0/4]port trunk allow-pass vlan 2 3 20 30

STP

[lsw1]stp enable 
[lsw1]stp mode mstp 
[lsw1]stp region-configuration
[lsw1-mst-region] region-name aa
[lsw1-mst-region] revision-level 100
[lsw1-mst-region] instance 1 vlan 2 to 3
[lsw1-mst-region] instance 2 vlan 20 30
[lsw1-mst-region] active region-configuration
[lsw1-mst-region]q
[lsw1]stp instance 1 root primary 
[lsw1]stp instance 2 root secondary 
[lsw1]interface Eth-Trunk 0    
[lsw1-Eth-Trunk0]q
[lsw1]int g0/0/3
[lsw1-GigabitEthernet0/0/3]stp root-protection
 
[lsw2]stp enable 
[lsw2]stp mode mstp 
[lsw2]stp region-configuration
[lsw2-mst-region] region-name aa
[lsw2-mst-region] revision-level 100
[lsw2-mst-region] instance 1 vlan 2 to 3
[lsw2-mst-region] instance 2 vlan 20 30
[lsw2-mst-region] active region-configuration
[lsw2]stp instance 1 root secondary 
[lsw2]stp instance 2 root primary 

[lsw3]stp enable 
[lsw3]stp mode mstp
[lsw3]stp region-configuration 
[lsw3-mst-region]region-name aa
[lsw3-mst-region]revision-level 100
[lsw3-mst-region]instance 1 vlan 2 3    
[lsw3-mst-region]instance 2 vlan 20 30
[lsw3-mst-region]active region-configuration 
[lsw3-mst-region]q
[lsw3]int g0/0/1
[lsw3-GigabitEthernet0/0/1]stp ed    
[lsw3-GigabitEthernet0/0/1]stp edged-port e    
[lsw3-GigabitEthernet0/0/1]stp edged-port enable 
  
[lsw4]stp enable     
[lsw4]stp mode mstp 
[lsw4]stp region-configuration
[lsw4-mst-region] region-name aa
[lsw4-mst-region] revision-level 100
[lsw4-mst-region] instance 1 vlan 2 to 3
[lsw4-mst-region] instance 2 vlan 20 30
[lsw4-mst-region] active region-configuration

Vlanif接口

[lsw1]interface Vlanif 2
[lsw1-Vlanif2]ip address 10.0.2.1 24
[lsw1-Vlanif2]vrrp vrid 1 virtual-ip 10.0.2.254
[lsw1-Vlanif2]vrrp vrid 1 priority 120
[lsw1-Vlanif2]vrrp vrid 1 preempt-mode timer delay 20
[lsw1-Vlanif2]vrrp vrid 1 track interface GigabitEthernet 0/0/5 reduced 30
[lsw1]interface Vlanif 3
[lsw1-Vlanif3]ip address 10.0.3.1 24
[lsw1-Vlanif3]vrrp vrid 1 virtual-ip 10.0.3.254 
[lsw1-Vlanif3]vrrp vrid 1 priority 120
[lsw1-Vlanif3]vrrp vrid 1 preempt-mode timer delay 20
[lsw1-Vlanif3]vrrp vrid 1 track interface GigabitEthernet 0/0/5 reduced 30
[lsw1]interface Vlanif 20
[lsw1-Vlanif20]ip address 10.0.20.1 24
[lsw1-Vlanif20]vrrp vrid 1 virtual-ip 10.0.20.254    
[lsw1]int Vlanif 30
[lsw1-Vlanif30]ip address 10.0.30.1 24
[lsw1-Vlanif30]vrrp vrid 1 virtual-ip 10.0.30.254

[lsw2]interface Vlanif 2
[lsw2-Vlanif2]ip address 10.0.2.2 24
[lsw2-Vlanif2]vrrp vrid 1 virtual-ip 10.0.2.254
[lsw2]interface Vlanif 3
[lsw2-Vlanif3]ip address 10.0.3.2 24    
[lsw2-Vlanif3]vrrp vrid 1 virtual-ip 10.0.3.254
[lsw2]interface Vlanif 20
[lsw2-Vlanif20]ip address 10.0.20.2 24
[lsw2-Vlanif20]vrrp vrid 1 virtual-ip 10.0.20.254    
[lsw2-Vlanif20]vrrp vrid 1 priority 120
[lsw2-Vlanif20]vrrp vrid 1 preempt-mode timer delay 20
[lsw2-Vlanif20]vrrp vrid 1 track interface GigabitEthernet 0/0/5 reduced 30
[lsw2]interface Vlanif 30
[lsw2-Vlanif30]ip address 10.0.30.2 24    
[lsw2-Vlanif30]vrrp vrid 1 virtual-ip 10.0.30.254
[lsw2-Vlanif30]vrrp vrid 1 priority 120
[lsw2-Vlanif30]vrrp vrid 1 preempt-mode timer delay 20    
[lsw2-Vlanif30]vrrp vrid 1 track interface GigabitEthernet 0/0/5 reduced 30

dhcp

[lsw1]dhcp enable 
[lsw1]ip pool vlan2    
[lsw1-ip-pool-vlan2]network 10.0.2.0 mask 24
[lsw1-ip-pool-vlan2]gateway-list 10.0.2.254    
[lsw1-ip-pool-vlan2]dns-list 8.8.8.8
[lsw1-ip-pool-vlan2]excluded-ip-address 10.0.2.1 10.0.2.128
[lsw1]interface Vlanif 2
[lsw1-Vlanif2]dhcp select global 
[lsw1]interface Vlanif 3
[lsw1-Vlanif3]dhcp select global 
[lsw1]interface Vlanif 20
[lsw1-Vlanif20]dhcp select global 
[lsw1]interface Vlanif 30
[lsw1-Vlanif30]dhcp select global

三层配置

[lsw1]vlan 11
[lsw1-vlan11]q    
[lsw1]interface g0/0/5
[lsw1-GigabitEthernet0/0/5]port link-type access     
[lsw1-GigabitEthernet0/0/5]port default vlan 11
[lsw1]interface Vlanif 11
[lsw1-Vlanif11]ip address 10.0.11.1 30
[lsw1]ospf 1
[lsw1-ospf-1]a    
[lsw1-ospf-1]area 0
[lsw1-ospf-1-area-0.0.0.0]network 10.0.2.1 0.0.0.0
[lsw1-ospf-1-area-0.0.0.0]network 10.0.3.1 0.0.0.0
[lsw1-ospf-1-area-0.0.0.0]network 10.0.3.1 0.0.0.0
[lsw1-ospf-1-area-0.0.0.0]network 10.0.11.1 0.0.0.0
[lsw1-ospf-1-area-0.0.0.0]network 10.0.20.1 0.0.0.0
[lsw1-ospf-1-area-0.0.0.0]network 10.0.30.1 0.0.0.0
[lsw1-ospf-1-area-0.0.0.0]network 10.0.13.1 0.0.0.0
[lsw1]ospf 1
[lsw1-ospf-1]silent-interface v    
[lsw1-ospf-1]silent-interface Vlanif 2
[lsw1-ospf-1]silent-interface Vlanif 3
[lsw1-ospf-1]silent-interface Vlanif 20
[lsw1-ospf-1]silent-interface Vlanif 30
[lsw1]vlan 13
[lsw1]int Eth-Trunk 0
[lsw1-Eth-Trunk0]port trunk allow-pass vlan 13
[lsw1-Vlanif13]ip address 10.0.13.1 30
[lsw1]stp instance 0 r    
[lsw1]stp instance 0 root p    
[lsw1]stp instance 0 root primary 

[lsw2]vlan 12
[lsw2]int g0/0/5
[lsw2-GigabitEthernet0/0/5]port link-type access     
[lsw2-GigabitEthernet0/0/5]port  default vlan 12
[lsw2-GigabitEthernet0/0/5]q    
[lsw2]interface Vlanif 12
[lsw2-Vlanif12]ip address 10.0.12.1 30
[lsw2]ospf
[lsw2-ospf-1]a    
[lsw2-ospf-1]area 0
[lsw2-ospf-1-area-0.0.0.0]network 10.0.2.2 0.0.0.0
[lsw2-ospf-1-area-0.0.0.0]network 10.0.3.2 0.0.0.0
[lsw2-ospf-1-area-0.0.0.0]network 10.0.20.2 0.0.0.0
[lsw2-ospf-1-area-0.0.0.0]network 10.0.30.2 0.0.0.0
[lsw2-ospf-1-area-0.0.0.0]network 10.0.12.1 0.0.0.0
[lsw2-ospf-1-area-0.0.0.0]network 10.0.13.2 0.0.0.0
[lsw2]ospf 1    
[lsw2-ospf-1]silent-interface Vlanif 2
[lsw2-ospf-1]silent-interface Vlanif 3
[lsw2-ospf-1]silent-interface Vlanif 20
[lsw2-ospf-1]silent-interface Vlanif 30
[lsw2]vlan 13
[lsw2]int Eth-Trunk 0
[lsw2-Eth-Trunk0]port trunk allow-pass vlan 13
[lsw2]stp instance 0 r    
[lsw2]stp instance 0 root s    
[lsw2]stp instance 0 root secondary

AR1

[AR1]int g0/0/1
[AR1-GigabitEthernet0/0/1]ip address 10.0.11.2 30
[AR1-GigabitEthernet0/0/1]int g0/0/2    
[AR1-GigabitEthernet0/0/2]ip address 10.0.12.2 30
[AR1]int g0/0/0   
[AR1-GigabitEthernet0/0/0]ip address 202.1.1.1 30
[AR1]ip route-static 0.0.0.0 0 202.1.1.2 
[AR1]ospf 1
[AR1-ospf-1]default-route-advertise
[AR1]acl 2000  
[AR1-acl-basic-2000]rule permit source 10.0.0.0 0.0.255.255
[AR1-acl-basic-2000]q
[AR1]interface g0/0/0 
[AR1-GigabitEthernet0/0/0]nat outbound 2000

ISP

[ISP]int g0/0/0   
[ISP-GigabitEthernet0/0/0]ip address 202.1.1.2 30
[ISP-GigabitEthernet0/0/0]q    
[ISP]interface l    
[ISP]interface LoopBack 0    
[ISP-LoopBack0]ip address 100.100.100.100 32

结果检查