本文详细介绍了企业网络的配置过程,包括VLAN划分、STP设置、VRRP冗余网关、OSPF路由协议以及DHCP服务的实现。通过在SW1和SW2上建立eth-trunk干道,配置VLAN2和VLAN3,并进行STP区域划分,确保网络连通性。同时,SW3和SW4作为VLAN2的成员,利用STP边缘端口提升效率。VRRP用于创建虚拟网关,提供高可用性。SW1和SW2上的DHCP服务为PC设备分配IP地址。此外,还配置了OSPF以实现R1与交换机间的路由,并进行了汇总操作,以减少邻接关系。最后,通过沉默接口优化OSPF邻居关系,确保全网可达,并进行了故障切换测试,验证了网络的可靠性。
拓扑搭建如下
VALN 1 172.16.1.0/25
VALN 2 172.16.1.128/25
172.16.1.0/25
左边 172.16.0.0/30 172.16.0.4/30
eth-trunk trunk干道 VLAN STP VRRP DHCP
eth-trunk
SW1,SW2做eth-trunk,划分vlan
[SW1]interface Eth-Trunk 0
[SW1]int g0/0/23
[SW1-GigabitEthernet0/0/23]eth-trunk 0
[SW1]int g0/0/24
[SW1-GigabitEthernet0/0/24]eth-trunk 0
trunk干道
[SW1]port-group group-member GigabitEthernet 0/0/2 to GigabitEthernet 0/0/3 Eth-Trunk 0
[SW1-port-group]port link-type trunk
[SW1-GigabitEthernet0/0/2]port link-type trunk
[SW1-GigabitEthernet0/0/3]port link-type trunk
[SW1-Eth-Trunk0]port link-type trunk
[SW1-port-group]port trunk allow-pass vlan 2 to 3
[SW1-GigabitEthernet0/0/2]port trunk allow-pass vlan 2 to 3
[SW1-GigabitEthernet0/0/3]port trunk allow-pass vlan 2 to 3
[SW1-Eth-Trunk0]port trunk allow-pass vlan 2 to 3
在SW3,SW4划分vlan
[SW3]port-group group-member GigabitEthernet 0/0/1 to GigabitEthernet 0/0/2
[SW3-port-group]port link-type trunk
[SW3-GigabitEthernet0/0/1]port link-type trunk
[SW3-GigabitEthernet0/0/2]port link-type trunk
[SW3-port-group]port trunk allow-pass vlan 2
[SW3-GigabitEthernet0/0/1]port trunk allow-pass vlan 2
[SW3-GigabitEthernet0/0/2]port trunk allow-pass vlan 2
STP VLAN
在4个交换机上创建vlan(vlan 2),将sw3,sw4的Eth0/0/2划入vlan2
在SW1,SW2,SW3,SW4做STP,将vlan1 vlan2划入不同组
[SW1]stp mode mstp
[SW1]stp enable
[SW1]stp region-configuration
[SW1-mst-region]region-name a(创建域名)
[SW1-mst-region]instance 1 vlan 1
[SW1-mst-region]instance 2 vlan 2
[SW1-mst-region]active region-configuration
SW3做组一主根,组二备份,SW4做组二主根,组一备份
[SW1]stp instance 1 root primary
[SW1]stp instance 2 root secondary
[SW2]stp instance 1 root secondary
[SW2]stp instance 2 root primary
提高pc的上网效率,在sw3,sw4的e0/0/1,e0/0/2边缘接口设置一下
[SW3]port-group group-member Ethernet 0/0/1 to Ethernet 0/0/2
[SW3-port-group]stp edged-port enable
[SW3-Ethernet0/0/1]stp edged-port enable
[SW3-Ethernet0/0/2]stp edged-port enable
在sw1,sw2上做SVI
[SW1-Vlanif1]ip address 172.16.1.1 25
[[SW1-Vlanif2][SW1-Vlanif1]]ip address 172.16.1.129 25
[SW2-Vlanif1]ip address 172.16.1.2 25
[SW2-Vlanif2]ip address 172.16.1.130 25
做vrrp网关冗余
[sw1]interface vlan 1
[sw1-Vlanif1]vrrp vrid 1 virtual-ip 172.16.1.126
[sw1-Vlanif1]vrrp vrid 1 priority 120
[sw1-Vlanif1]vrrp vrid 1 track interface GigabitEthernet 0/0/1 reduced 30
[sw1]int vlan 2
[sw1-Vlanif2]vrrp vrid 1 virtual-ip 172.16.1.254
[sw2]int vlan 1
[sw2-Vlanif1]vrrp vrid 1 virtual-ip 172.16.1.126
[sw2]int vlan 2
[sw2-Vlanif2]vrrp vrid 1 virtual-ip 172.16.1.254
[sw2-Vlanif2]vrrp vrid 1 priority 120
[sw2-Vlanif2]vrrp vrid 1 track interface GigabitEthernet 0/0/1 reduced 30
在SW1和SW2上做DHCP
[sw1]dhcp enable
Info: The operation may take a few seconds. Please wait for a moment.done.
[sw1]ip pool v1
Info:It’s successful to create an IP address pool.
[sw1-ip-pool-v1]network 172.16.1.0 mask 25
[sw1-ip-pool-v1]gateway-list 172.16.1.126
[sw1-ip-pool-v1]dns-list 114.114.114.114 8.8.8.8
[sw1-ip-pool-v1]ip pool v2
Info:It’s successful to create an IP address pool.
[sw1-ip-pool-v2]network 172.16.1.128 mask 25
[sw1-ip-pool-v2]gateway-list 172.16.1.254
[sw1-ip-pool-v2]dns-list 114.114.114.114 8.8.8.8
配置后分别在int vlan 1和int vlan 2上调用
![[外链图片转存失败,源站可能有防盗链机制,建议将图片保存下来直接上传(img-OIYJ3GnF-1626883782681)(C:%5CUsers%5C22527%5CAppData%5CRoaming%5CTypora%5Ctypora-user-images%5Cimage-20210721215132926.png)]](https://i-blog.csdnimg.cn/blog_migrate/d4461d7a10ddf0cffec56ad9540dd848.png)
做到此处 路由部分做完了
在SW1和SW2上做朝向上的SVI
[sw1]vlan 100
[sw1]int vlan 100
[sw1-Vlanif100]ip address 172.16.0.1 30
[sw1]int g0/0/1
[sw1-GigabitEthernet0/0/1]port link-type access
[sw1-GigabitEthernet0/0/1]port default vlan 100
[sw2]vlan 100
[sw2]int vlan 100
[sw2-Vlanif100]ip address 172.16.0.5 30
[sw2]int g0/0/1
[sw2-GigabitEthernet0/0/1]port link-type access
[sw2-GigabitEthernet0/0/1]port default vlan 100
给R1,ISP配置地址如图网段
在R1,SW1,SW2之间起ospf协议
[R1]ospf 1 router-id 1.1.1.1
[R1-ospf-1]area 0
[R1-ospf-1-area-0.0.0.0]network 172.16.0.2 0.0.0.0
[R1-ospf-1-area-0.0.0.0]network 172.16.0.6 0.0.0.0
[sw1]ospf 1 router-id 2.2.2.2
[sw1-ospf-1]area 0
[sw1-ospf-1-area-0.0.0.0]network 172.16.0.1 0.0.0.0
[sw1-ospf-1]area 1
[sw1-ospf-1-area-0.0.0.1]network 172.16.1.1 0.0.0.0
[sw1-ospf-1-area-0.0.0.1]network 172.16.1.129 0.0.0.0
[sw2]ospf 1 router-id 3.3.3.3
[sw2-ospf-1]area 0
[sw2-ospf-1-area-0.0.0.0]network 172.16.0.5 0.0.0.0
[sw2-ospf-1-area-0.0.0.0]area 1
[sw2-ospf-1-area-0.0.0.1]network 172.16.1.2 0.0.0.0
[sw2-ospf-1-area-0.0.0.1]network 172.16.1.130 0.0.0.0
在SW1和SW2上做汇总
[sw1-ospf-1-area-0.0.0.1]abr-summary 172.16.1.0 255.255.255.0
[sw2-ospf-1-area-0.0.0.1]abr-summary 172.16.1.0 255.255.255.0
前后对比
为防止ospf在三层交换机建邻过多,做沉默接口
[sw1-ospf-1]silent-interface all
[sw1-ospf-1]undo silent-interface vlanif 1
[sw1-ospf-1]undo silent-interface vlanif 100
[sw1-ospf-1]undo silent-interface Eth-Trunk 0
[sw2-ospf-1]silent-interface all
[sw2-ospf-1]undo silent-interface vlanif 1
[sw2-ospf-1]undo silent-interface vlanif 100
[sw2-ospf-1]undo silent-interface Eth-Trunk 0
前后对比
在R1写缺省
[R1]ip route-static 0.0.0.0 0 12.1.1.2
[R1]ospf 1
[R1-ospf-1]default-route-advertise
[R1]acl 2000
[R1-acl-basic-2000]rule permit source 172.16.0.0 0.0.255.255
[R1-acl-basic-2000]int g0/0/1
[R1-GigabitEthernet0/0/1]nat outbound 2000
全网可达
在PC3上测试一下
因为SW1和SW2互为备份,测试
关闭SW1
![[外链图片转存失败,源站可能有防盗链机制,建议将图片保存下来直接上传(img-WLxzBYBw-1626883782687)(F:%5CHCIP%5C2021%E6%9A%91%E5%81%87IP%E8%AF%BE%5C%E4%B8%89%E7%BA%A7%E6%9E%B6%E6%9E%84.assets%5Cimage-20210722000136420.png)]](https://i-blog.csdnimg.cn/blog_migrate/3ccd37747954bae279870d44001f3e61.png)
关闭SW2
R1-GigabitEthernet0/0/1]nat outbound 2000
全网可达
在PC3上测试一下
因为SW1和SW2互为备份,测试
关闭SW1
关闭SW2
![[外链图片转存失败,源站可能有防盗链机制,建议将图片保存下来直接上传(img-voRh4nKG-1626883782688)(F:%5CHCIP%5C2021%E6%9A%91%E5%81%87IP%E8%AF%BE%5C%E4%B8%89%E7%BA%A7%E6%9E%B6%E6%9E%84.assets%5Cimage-20210722000749958.png)]](https://i-blog.csdnimg.cn/blog_migrate/c943134e120abacd1fedda8ce6c590f9.png)
扫一扫
1万+
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
