zy4.8

原创已于 2025-04-09 22:38:25 修改 · 887 阅读

6 ·

CC 4.0 BY-SA版权

文章标签：

#笔记

于 2025-04-08 12:54:36 首次发布

拓扑图

配置vlan，将0/0/1接口与0/0/2接口进行链路聚合操作
[sw1]vlan batch 2 3 20 30
[sw1]int Eth-Trunk 0
[sw1-Eth-Trunk0]trunkport GigabitEthernet 0/0/1 to 0/0/2
[sw1-Eth-Trunk0]port link-type trunk
[sw1-Eth-Trunk0]port trunk allow-pass vlan 2 3 20 30
[sw1-Eth-Trunk0]q
[sw1]int g0/0/3
[sw1-GigabitEthernet0/0/3]port link-type trunk
[sw1-GigabitEthernet0/0/3]port trunk allow-pass vlan 2 3 20 30
[sw1-GigabitEthernet0/0/3]int g0/0/4
[sw1-GigabitEthernet0/0/4]port link-type trunk
[sw1-GigabitEthernet0/0/4]port trunk allow-pass vlan 2 3 20 30
[sw1-GigabitEthernet0/0/4]q

[sw2]vlan batch 2 3 20 30
[sw2]int Eth-Trunk 0
[sw2-Eth-Trunk0]trunkport GigabitEthernet 0/0/1 to 0/0/2
[sw2-Eth-Trunk0]q
[sw2]int g0/0/3
[sw2-GigabitEthernet0/0/3]port link-type trunk
[sw2-GigabitEthernet0/0/3]port trunk allow-pass vlan 2 3 20 30
[sw2-GigabitEthernet0/0/3]int g0/0/4
[sw2-GigabitEthernet0/0/4]port link-type trunk
[sw2-GigabitEthernet0/0/4]port trunk allow-pass vlan 2 3 20 30

在sw3、sw4上创建vlan2、3、20、30并将对应接口分配到对应vlan中
[sw3]vlan batch 2 3 20 30
[sw3]int g0/0/1
[sw3-GigabitEthernet0/0/1]port link-type access
[sw3-GigabitEthernet0/0/1]port default vlan 2
[sw3-GigabitEthernet0/0/1]int g0/0/2
[sw3-GigabitEthernet0/0/2]port link-type access
[sw3-GigabitEthernet0/0/2]port default vlan 3
[sw3-GigabitEthernet0/0/2]int g0/0/3
[sw3-GigabitEthernet0/0/3]port link-type trunk
[sw3-GigabitEthernet0/0/3]port trunk allow-pass vlan 2 3 20 30
[sw3-GigabitEthernet0/0/3]int g0/0/4
[sw3-GigabitEthernet0/0/4]port link-type trunk
[sw3-GigabitEthernet0/0/4]port trunk allow-pass vlan 2 3 20 30

[sw4]vlan batch 2 3 20 30
[sw4-GigabitEthernet0/0/1]port link-type access
[sw4-GigabitEthernet0/0/1]port default vlan 20
[sw4-GigabitEthernet0/0/1]int g0/0/2
[sw4-GigabitEthernet0/0/2]port link-type access
[sw4-GigabitEthernet0/0/2]port default vlan 30
[sw4-GigabitEthernet0/0/2]int g0/0/3
[sw4-GigabitEthernet0/0/3]port link-type trunk
[sw4-GigabitEthernet0/0/3]port trunk allow-pass vlan 2 3 20 30
[sw4-GigabitEthernet0/0/3]int g0/0/4
[sw4-GigabitEthernet0/0/4]port link-type trunk
[sw4-GigabitEthernet0/0/4]port trunk allow-pass vlan 2 3 20 30

修改stp模式并进行配置和激活

[sw1]stp enable

[sw1]stp mode mstp

[sw1]stp region-configuration

[sw1-mst-region] region-name aa

[sw1-mst-region] revision-level 100

[sw1-mst-region] instance 1 vlan 2 to 3

[sw1-mst-region] instance 2 vlan 20 30

[sw1-mst-region] active region-configuration

[sw2]stp enable

[sw2]stp mode mstp

[sw2]stp region-configuration

[sw2-mst-region] region-name aa

[sw2-mst-region] revision-level 100

[sw2-mst-region] instance 1 vlan 2 to 3

[sw2-mst-region] instance 2 vlan 20 30

[sw2-mst-region] active region-configuration

[sw3]stp enable

[sw3]stp mode mstp

[sw3]stp region-configuration

[sw3-mst-region]region-name aa

[sw3-mst-region]revision-level 100

[sw3-mst-region]instance 1 vlan 2 3

[sw3-mst-region]instance 2 vlan 20 30

[sw3-mst-region]active region-configuration

[sw4]stp enable

[sw4]stp mode mstp

[sw4]stp region-configuration

[sw4-mst-region] region-name aa

[sw4-mst-region] revision-level 100

[sw4-mst-region] instance 1 vlan 2 to 3

[sw4-mst-region] instance 2 vlan 20 30

[sw4-mst-region] active region-configuration

sw3开启端口保护
[sw3-GigabitEthernet0/0/1]stp ed
[sw3-GigabitEthernet0/0/1]stp edged-port e
[sw3-GigabitEthernet0/0/1]stp edged-port enable

使用Vlanif接口，sw1中对vlan2的相关配置如下
[sw1]interface Vlanif 2
[sw1-Vlanif2]ip address 10.0.2.1 24
[sw1-Vlanif2]vrrp vrid 1 virtual-ip 10.0.2.254
[sw1-Vlanif2]vrrp vrid 1 priority 120
[sw1-Vlanif2]vrrp vrid 1 preempt-mode timer delay 20
[sw1-Vlanif2]vrrp vrid 1 track interface GigabitEthernet 0/0/5 reduced 30

[sw1]interface Vlanif 3
[sw1-Vlanif3]ip address 10.0.3.1 24
[sw1-Vlanif3]vrrp vrid 1 virtual-ip 10.0.3.254
[sw1-Vlanif3]vrrp vrid 1 priority 120
[sw1-Vlanif3]vrrp vrid 1 preempt-mode timer delay 20
[sw1-Vlanif3]vrrp vrid 1 track interface GigabitEthernet 0/0/5 reduced 30

[sw1]interface Vlanif 20
[sw1-Vlanif20]ip address 10.0.20.1 24
[sw1-Vlanif20]vrrp vrid 1 virtual-ip 10.0.20.254
[sw1]int Vlanif 30
[sw1-Vlanif30]ip address 10.0.30.1 24
[sw1-Vlanif30]vrrp vrid 1 virtual-ip 10.0.30.254
[sw2]interface Vlanif 2
[sw2-Vlanif2]ip address 10.0.2.2 24
[sw2-Vlanif2]vrrp vrid 1 virtual-ip 10.0.2.254
[sw2]interface Vlanif 3
[sw2-Vlanif3]ip address 10.0.3.2 24
[sw2-Vlanif3]vrrp vrid 1 virtual-ip 10.0.3.254

[sw2]interface Vlanif 20
[sw2-Vlanif20]ip address 10.0.20.2 24
[sw2-Vlanif20]vrrp vrid 1 virtual-ip 10.0.20.254
[sw2-Vlanif20]vrrp vrid 1 priority 120
[sw2-Vlanif20]vrrp vrid 1 preempt-mode timer delay 20
[sw2-Vlanif20]vrrp vrid 1 track interface GigabitEthernet 0/0/5 reduced 30

[sw2]interface Vlanif 30
[sw2-Vlanif30]ip address 10.0.30.2 24
[sw2-Vlanif30]vrrp vrid 1 virtual-ip 10.0.30.254
[sw2-Vlanif30]vrrp vrid 1 priority 120
[sw2-Vlanif30]vrrp vrid 1 preempt-mode timer delay 20
[sw2-Vlanif30]vrrp vrid 1 track interface GigabitEthernet 0/0/5 reduced 30

让交换机从网段中下发IP地址
[sw1]dhcp enable
[sw1]ip pool vlan2
[sw1-ip-pool-vlan2]network 10.0.2.0 mask 24

[sw1-ip-pool-vlan2]gateway-list 10.0.2.254
[sw1-ip-pool-vlan2]dns-list 8.8.8.8

[sw1-ip-pool-vlan2]excluded-ip-address 10.0.2.1 10.0.2.128

[sw1]interface Vlanif 2
[sw1-Vlanif2]dhcp select global

[sw1]interface Vlanif 3
[sw1-Vlanif3]dhcp select global

[sw1]interface Vlanif 20
[sw1-Vlanif20]dhcp select global

[sw1]interface Vlanif 30
[sw1-Vlanif30]dhcp select global

测试如图

在sw1上建立vlan 11并与AR1建立连接
在sw2上建立vlan12 并与AR1建立连接
[sw1]vlan 11
[sw1-vlan11]q
[sw1]interface g0/0/5
[sw1-GigabitEthernet0/0/5]port link-type access
[sw1-GigabitEthernet0/0/5]port default vlan 11

[sw1]interface Vlanif 11
[sw1-Vlanif11]ip address 10.0.11.1 30

[sw2]vlan 12
[sw2]int g0/0/5
[sw2-GigabitEthernet0/0/5]port link-type access
[sw2-GigabitEthernet0/0/5]port default vlan 12
[sw2-GigabitEthernet0/0/5]q
[sw2]interface Vlanif 12
[sw2-Vlanif12]ip address 10.0.12.1 30

配置AR1
[AR1]int g0/0/1
[AR1-GigabitEthernet0/0/1]ip ad
[AR1-GigabitEthernet0/0/1]ip address 10.0.11.2 30

[AR1-GigabitEthernet0/0/1]int g0/0/2
[AR1-GigabitEthernet0/0/2]ip ad
[AR1-GigabitEthernet0/0/2]ip address 10.0.12.2 30

[sw1]ospf 1
[sw1-ospf-1]a
[sw1-ospf-1]area 0
[sw1-ospf-1-area-0.0.0.0]network 10.0.2.1 0.0.0.0
[sw1-ospf-1-area-0.0.0.0]network 10.0.3.1 0.0.0.0
[sw1-ospf-1-area-0.0.0.0]network 10.0.3.1 0.0.0.0
[sw1-ospf-1-area-0.0.0.0]network 10.0.11.1 0.0.0.0
[sw1-ospf-1-area-0.0.0.0]network 10.0.20.1 0.0.0.0
[sw1-ospf-1-area-0.0.0.0]network 10.0.30.1 0.0.0.0

[sw2]ospf
[sw2-ospf-1]a
[sw2-ospf-1]area
[sw2-ospf-1-area-0.0.0.0]network 10.0.2.2 0.0.0.0
[sw2-ospf-1-area-0.0.0.0]network 10.0.3.2 0.0.0.0
[sw2-ospf-1-area-0.0.0.0]network 10.0.20.2 0.0.0.0
[sw2-ospf-1-area-0.0.0.0]network 10.0.30.2 0.0.0.0
[sw2-ospf-1-area-0.0.0.0]network 10.0.12.1 0.0.0.0

[AR1]ospf
[AR1-ospf-1]area 0
[AR1-ospf-1-area-0.0.0.0]network 10.0.11.2 0.0.0.0
[AR1-ospf-1-area-0.0.0.0]network 10.0.12.2 0.0.0.0

[sw1]ospf 1
[sw1-ospf-1]silent-interface v
[sw1-ospf-1]silent-interface Vlanif 2
[sw1-ospf-1]silent-interface Vlanif 3
[sw1-ospf-1]silent-interface Vlanif 20
[sw1-ospf-1]silent-interface Vlanif 30
[sw2]ospf 1
[sw2-ospf-1]silent-interface Vlanif 2
[sw2-ospf-1]silent-interface Vlanif 3
[sw2-ospf-1]silent-interface Vlanif 20
[sw2-ospf-1]silent-interface Vlanif 30

[sw1]vlan 13
[sw2]vlan 13
[sw1]int Eth-Trunk 0
[sw1-Eth-Trunk0]port trunk allow-pass vlan 13

[sw2]int Eth-Trunk 0
[sw2-Eth-Trunk0]port trunk allow-pass vlan 13

[sw1-Vlanif13]ip address 10.0.13.1 30
[sw2-Vlanif13]ip address 10.0.13.2 30

[sw1]ospf 1
[sw1-ospf-1]a 0
[sw1-ospf-1-area-0.0.0.0]ne
[sw1-ospf-1-area-0.0.0.0]network 10.0.13.1 0.0.0.0

[sw2]ospf 1
[sw2-ospf-1]a 0
[sw2-ospf-1-area-0.0.0.0]network 10.0.13.2 0.0.0.0

[sw1]stp instance 0 r
[sw1]stp instance 0 root p
[sw1]stp instance 0 root primary
[sw2]stp instance 0 r
[sw2]stp instance 0 root s
[sw2]stp instance 0 root secondary

让AR1能够访问外网在AR1上配置缺省路由

[AR1]int g0/0/0
[AR1-GigabitEthernet0/0/0]ip ad
[AR1-GigabitEthernet0/0/0]ip address 202.1.1.1 30

[ISP]int g0/0/0
[ISP-GigabitEthernet0/0/0]ip ad
[ISP-GigabitEthernet0/0/0]ip address 202.1.1.2 30
[ISP-GigabitEthernet0/0/0]q
[ISP]interface l
[ISP]interface LoopBack 0
[ISP-LoopBack0]ip ad
[ISP-LoopBack0]ip address 100.100.100.100 32

[AR1]ip route-static 0.0.0.0 0 202.1.1.2

[AR1]ospf 1
[AR1-ospf-1]default-route-advertise

[AR1]acl 2000
[AR1-acl-basic-2000]ru
[AR1-acl-basic-2000]rule p
[AR1-acl-basic-2000]rule permit s
[AR1-acl-basic-2000]rule permit source 10.0.0.0 0.0.255.255
[AR1-acl-basic-2000]q
[AR1]int
[AR1]interface g0/0/0
[AR1-GigabitEthernet0/0/0]n
[AR1-GigabitEthernet0/0/0]nat ou
[AR1-GigabitEthernet0/0/0]nat outbound 2000

最后检验结果