实验要求

1.内网IP地址使用172.16.0.0/16
2.sw1和sW2之间互为备份;
3.VRRP/mstp/vlan/eth-trunk均使用;
4.所有pc均通过DHcP获取Ip地址;
5.ISP只配置IP地址;
6.所有电脑可以正常访问IsP路由器环回

实验拓扑

实验思路

1.给交换机创建vlan，并将接口划入vlan
2.在SW1和SW2的0/0/1和0/0/2口做链路聚合
3.配置vlan的网关地址、以及给路由器配置IP地址
4.给交换机配置mstp，以及做主根桥的配置
5.给连有PC端的交换机要设置边缘端口 --- 防止主机的频繁开关会影响生成树的重新计算
6.防环以及生成树配置好之后，就可以弄vrrp虚拟网关了
7.开启DHCP服务-- 让PC获取IP
8.配置路由协议让内网通 --- 既可以使用静态路由，也可以使用动态路由
9.内网通之后，要在外网出口那里配一条缺省
10.做nat技术

实验步骤

1.创建vlan[SW1]vlan 2[SW1-vlan2]vlan 3[SW1-vlan3]vlan 10[SW1-GigabitEthernet0/0/3]port link-type trunk[SW1-GigabitEthernet0/0/3]port trunk all    [SW1-GigabitEthernet0/0/3]port trunk allow-pass     [SW1-GigabitEthernet0/0/3]port trunk allow-pass vlan 2 3[SW1-GigabitEthernet0/0/3]int g0/0/4[SW1-GigabitEthernet0/0/4]port link-type access[SW1-GigabitEthernet0/0/4]port default vlan 10
对sw1上的0/0/1和0/0/2口做链路聚合：[SW1]int Eth-Trunk 0[SW1-Eth-Trunk0]trunkport GigabitEthernet 0/0/1 to 0/0/2[SW1-Eth-Trunk0]port link-type trunk[SW1-Eth-Trunk0]port trunk allow-pass vlan 2 3 10 20
在sw1上配置vlan 2和3的网关：[SW1]int vlanif 2[SW1-Vlanif2]ip add 172.16.0.1 26[SW1-Vlanif2]int vlanif 3[SW1-Vlanif3]ip add 172.16.0.65 26[SW1-Vlanif2]int vlanif 3[SW1-Vlanif3]ip add 172.16.0.65 26[SW1-Vlanif3]int vlanif 10[SW1-Vlanif10]ip add 172.16.0.129 26SW2：
---创建vlan：[SW2]vlan 2[SW2-vlan2]vlan 3[SW2-vlan3]vlan 20
---批量创建trunk接口：[SW2]port-group group-member g0/0/3 to g0/0/4[SW2-port-group]port link-type trunk[SW2-GigabitEthernet0/0/3]port link-type trunk[SW2-GigabitEthernet0/0/4]port link-type trunk[SW2-port-group]port trunk allow-pass vlan 2 3[SW2-GigabitEthernet0/0/3]port trunk allow-pass vlan 2 3[SW2-GigabitEthernet0/0/4]port trunk allow-pass vlan 2 3[SW2]int g0/0/5 [SW2-GigabitEthernet0/0/5]port link-type access[SW2-GigabitEthernet0/0/5]port default vlan 20
---对SW2的0/0/1和0/0/2口做链路聚合：[SW2]int Eth-Trunk 0[SW2-Eth-Trunk0]trunkport GigabitEthernet 0/0/1 to 0/0/2[SW2-Eth-Trunk0]port link-type trunk[SW2-port-group-trunk]port trunk allow-pass vlan 2 3 10 20
---在sw2上对vlan2和vlan3配置网关地址：[SW2]int vlanif 2[SW2-Vlanif2]ip add 172.16.0.2 26[SW2-Vlanif2]int vlanif 3[SW2-Vlanif3]ip add 172.16.0.66 26[SW2-Vlanif3]int vlanif 20[SW2-Vlanif20]ip add 172.16.0.193 26SW3：
---创建vlan[SW3]vlan 2[SW3-vlan2]vlan 3
---将接口划入vlan：[SW3]int g0/0/1[SW3-GigabitEthernet0/0/1]port link-type access [SW3-GigabitEthernet0/0/1]port default vlan 2[SW3-GigabitEthernet0/0/1]int g0/0/2[SW3-GigabitEthernet0/0/2]port link-type access[SW3-GigabitEthernet0/0/2]port default vlan 3[SW3-GigabitEthernet0/0/3]port link-type trunk [SW3-GigabitEthernet0/0/3]port trunk allow-pass vlan 2 3[SW3-GigabitEthernet0/0/3]int g0/0/4[SW3-GigabitEthernet0/0/4]port link-type trunk[SW3-GigabitEthernet0/0/4]port trunk allow-pass vlan 2 3SW4:
---创建vlan：[SW4]vlan 2 [SW4-vlan2]vlan 3
---将接口划入vlan：[SW4-vlan3]int g0/0/1[SW4-GigabitEthernet0/0/1]port link-type access[SW4-GigabitEthernet0/0/1]port default vlan 2[SW4-GigabitEthernet0/0/1]int g0/0/2[SW4-GigabitEthernet0/0/2]port link-type access[SW4-GigabitEthernet0/0/2]port default vlan 3[SW4-GigabitEthernet0/0/2]port link-type access[SW4-GigabitEthernet0/0/2]port default vlan 3
---批量创建：[SW4]port-group group-member g0/0/3 to g0/0/4[SW4-port-group]port link-type trunk[SW4-GigabitEthernet0/0/3]port link-type trunk[SW4-GigabitEthernet0/0/4]port link-type trunk[SW4-port-group]port trunk allow-pass vlan 2 3[SW4-GigabitEthernet0/0/3]port trunk allow-pass vlan 2 3[SW4-GigabitEthernet0/0/4]port trunk allow-pass vlan 2 3R1:
给R1上的接口配置IP：​[R1]int g0/0/0[R1-GigabitEthernet0/0/0]ip add 12.0.0.1 24[R1]int g0/0/1[R1-GigabitEthernet0/0/1]ip add  172.16.0.130 26[R1-GigabitEthernet0/0/2]ip add  172.16.0.194 26

IP地址配置完成后，查看：

2.给路由器配置IP

R1:
[R1]int g0/0/1
[R1-GigabitEthernet0/0/1]ip add 172.16.0.130 26
[R1-GigabitEthernet0/0/1]int g0/0/2
[R1-GigabitEthernet0/0/2]ip add 172.16.0.194 26
[R1-GigabitEthernet0/0/2]int g0/0/0
[R1-GigabitEthernet0/0/0]ip add 12.0.0.1 24
​
R2:
[R2]int g0/0/0
[R2-GigabitEthernet0/0/0]ip add 12.0.0.2 24

3.需要配置mstp和vrrp --- 只要是交换机都要配置防环mstp

    [SW1]stp enable[SW1]stp mode mstp[SW1]stp region-configuration [SW1-mst-region]region-name aa[SW1-mst-region]instance 1 vlan 2   --- 映射关系[SW1-mst-region]instance 2 vlan 3[SW1-mst-region]active region-configuration 
​[SW2]stp enable   --- 开启stp服务
    [SW2]stp mode mstp  --- 设置mstp模式[SW2]stp region-configuration  --- 进入域里面[SW2-mst-region]region-name aa   --- 设置名字[SW2-mst-region]instance 1 vlan 2  --- 映射关系[SW2-mst-region]instance 2 vlan 3[SW2-mst-region]active region-configuration --- 激活[SW3]stp enable[SW3]stp mode mstp[SW3]stp region-configuration [SW3-mst-region]region-name aa[SW3-mst-region]instance 1 vlan 2[SW3-mst-region]instance 2 vlan 3[SW3-mst-region]active region-configuration 
​[SW4]stp enable[SW4]stp mode mstp  [SW4]stp region-configuration [SW4-mst-region]region-name aa[SW4-mst-region]instance 1 vlan 2[SW4-mst-region]instance 2 vlan 3[SW4-mst-region]active region-configuration 
​

4.配置主备根桥 --- 最好配在网关上

SW1上是vlan2的主根桥，是vlan3的备根桥：[SW1]stp instance 1 root primary  [SW1]stp instance 2 root secondary 
SW2上是vlan3的主根桥，是vlan2的备根桥：[SW2]stp instance 1 root secondary [SW2]stp instance 2 root primary 

5.做边缘端口设置

SW3:[SW3]port-group group-member g 0/0/1 to g0/0/2[SW3-port-group]stp edged-port enable [SW3-GigabitEthernet0/0/1]stp edged-port enable [SW3-GigabitEthernet0/0/2]stp edged-port enable [SW3]stp bpdu-protection  --- 在全局模式配置边缘端口的保护机制（避免有其他设备的干扰）
SW4:[SW4]port-group group-member g0/0/1 to g0/0/2[SW4-port-group]stp edged-port enable[SW4-GigabitEthernet0/0/1]stp edged-port enable[SW4-GigabitEthernet0/0/2]stp edged-port enable[SW4-port-group]q   [SW4]stp bpdu-protection

6.启用vrrp，配置虚拟网关

[SW1]int vlanif 2  --- 是主网关
[SW1-Vlanif2]vrrp vrid 1 virtual-ip 172.16.0.62  --- 配置IP
[SW1-Vlanif2]vrrp vrid 1 priority 120  --- 默认优先级为100，但是主根桥的优先级要更高一点，将其设置为120
[SW1-Vlanif2]vrrp vrid 1 track interface g0/0/5 reduced 30
---- 要对上面的0/0/5口设置监听命令，如果主根桥挂掉，就将其优先级降低30，此时vlan2的优先级为90，低于100，这样就可以保证在vlanif2网关挂掉，可以走vlanif3的；
​
[SW1-Vlanif2]int vlanif 3   
[SW1-Vlanif3]vrrp vrid 2 virtual-ip 172.16.0.126
（优先级为100，比主根桥的优先级低，不用更改）
​
[SW2-Vlanif2]int vlanif 3
[SW2-Vlanif3]vrrp vrid 2 virtual-ip 172.16.0.126
[SW2-Vlanif3]vrrp vrid 2 priority 120
[SW2-Vlanif3]vrrp vrid 2 track interface vlanif 20 reduced 30

7.开启DHCP服务

vlanif 2的地址池：[SW1]dhcp enable[SW1-ip-pool-aa]network 172.16.0.2 mask 26  [SW1-ip-pool-aa]gateway-list 172.16.0.62[SW1-ip-pool-aa]dns-list 8.8.8.8[SW1-ip-pool-aa]q[SW1]int vlanif 2[SW1-Vlanif2]dhcp select global 
​[SW2]dhcp enable [SW2]ip pool aa[SW2-ip-pool-aa]network 172.16.0.0 mask 26[SW2-ip-pool-aa]gateway-list 172.16.0.62[SW2-ip-pool-aa]dns-list 8.8.8.8[SW2-ip-pool-aa]q[SW2-Vlanif2]dhcp select global --- 进入接口宣告
    注意：主备根桥的dhcp配置都要一样
vlanif 3的地址池：[SW1]dhcp enable[SW1]ip pool bbInfo:It's successful to create an IP address pool.[SW1-ip-pool-bb]network 172.16.0.64 mask 26[SW1-ip-pool-bb]gateway-list 172.16.0.126[SW1-ip-pool-bb]dns-list 8.8.8.8[SW1-ip-pool-bb]q[SW1]int vlanif 3[SW1-Vlanif3]dhcp select global 
​[SW2]ip pool bbInfo:It's successful to create an IP address pool.[SW2-ip-pool-bb]network 172.16.0.64 mask 26[SW2-ip-pool-bb]gateway-list 172.16.0.126[SW2-ip-pool-bb]dns-list 8.8.8.8[SW2-ip-pool-bb]q[SW2]int vlanif 3[SW2-Vlanif3]dhcp select global 

让PC端应用DHCP

8.使用ospf实现内网通

[R1]ospf 1 router-id 1.1.1.1
[R1-ospf-1]area 0
[R1-ospf-1-area-0.0.0.0]network 172.16.0.128 0.0.0.63
[R1-ospf-1-area-0.0.0.0]network 172.16.0.192 0.0.0.63
​
[SW1]ospf 1 router-id 2.2.2.2
[SW1-ospf-1-area-0.0.0.0]ne 172.16.0.0 0.0.0.63 --- 
[SW1-ospf-1-area-0.0.0.0]network 172.16.0.128 0.0.0.63
[SW1-ospf-1-area-0.0.0.0]ne 172.16.0.64 0.0.0.63
​
​
[SW2]ospf 1 router-id 3.3.3.3
[SW2-ospf-1]area 0
[SW2-ospf-1-area-0.0.0.0]ne 172.16.0.192 0.0.0.63
[SW2-ospf-1-area-0.0.0.0]ne 172.16.0.0 0.0.0.63
要宣告网关的网段！！！不然pc访走不到路由器

9.与外网通

[R1]ip route-static 0.0.0.0 0 12.0.0.2

10.nat

[R1]acl 2000
[R1-acl-basic-2000]rule permit source 172.16.0.0 0.0.0.255
[R1-acl-basic-2000]q
[R1]int g0/0/0
[R1-GigabitEthernet0/0/0]nat outbound 2000

11.由于R1未把公网接口进行宣告，所以要下发一条缺省

[R1]ospf 1
[R1-ospf-1]default-route-advertise

最终实现了所有都能通信。实验完成！