HCIP第12天交换第二天

大家好，我是讯享网，很高兴认识大家。

实验拓扑图如下：

实验要求：
1.使用ether-trunk，vrrp，mstp保证交换安全
2.所有pc都能自动获得IP地址，都能访问运营商

实验步骤：

一、交换部分

建立eth-trunk

LW1

[LW1]interface Eth-Trunk 1

[LW1-Eth-Trunk1]int g0/0/6

[LW1-GigabitEthernet0/0/6]eth-trunk 1

[LW1-Eth-Trunk1]int g0/0/5

[LW1-GigabitEthernet0/0/5]eth-trunk 1

LW2

[LW2]int Eth-Trunk 1

[LW2-Eth-Trunk1]int g0/0/6

[LW2-GigabitEthernet0/0/6]eth-trunk 1

Info: This operation may take a few seconds. Please wait for a moment...done.

[LW2-GigabitEthernet0/0/6]int g0/0/5

[LW2-GigabitEthernet0/0/5]eth-trunk 1

建立vlan

[LW1]vlan 2

[LW1-vlan2]q

[LW2]vlan 2

[LW2-vlan2]q

[LW3]vlan 2

[LW3-vlan2]q

[LW4]vlan 2

[LW4-vlan2]q

[LW5]vlan 2

[LW5-vlan2]q

每台LSW与LSW之间创建trunk允许所有VLAN通过，以及连接PC接口配置为access模式

LW1

[LW1]int g0/0/2

[LW1-GigabitEthernet0/0/2]port link-type trunk

[LW1-GigabitEthernet0/0/2]port trunk allow-pass vlan all

[LW1-GigabitEthernet0/0/2]q

[LW1]int g0/0/3

[LW1-GigabitEthernet0/0/3]port link-type trunk

[LW1-GigabitEthernet0/0/3]port trunk allow-pass vlan all

[LW1-GigabitEthernet0/0/3]q

[LW1]int g0/0/4

[LW1-GigabitEthernet0/0/4]port link-type trunk

[LW1-GigabitEthernet0/0/4]port trunk allow-pass vlan all

LW2

[LW2]int g0/0/2

[LW2-GigabitEthernet0/0/2]port link-type trunk

[LW2-GigabitEthernet0/0/2]port trunk allow-pass vlan all

[LW2-GigabitEthernet0/0/2]q

[LW2]int g0/0/3

[LW2-GigabitEthernet0/0/3]port link-type

[LW2-GigabitEthernet0/0/3]port trunk allow-pass vlan all

[LW2-GigabitEthernet0/0/3]q

[LW2]int g0/0/4

[LW2-GigabitEthernet0/0/4]port link-type trunk

[LW2-GigabitEthernet0/0/4]port trunk allow-pass vlan all

LW3-5下面都有两台pc

[LW3]int Eth0/0/3

[LW3-Ethernet0/0/3]port link-type access

[LW3-Ethernet0/0/3]port default vlan 1

[LW3]int e0/0/4

[LW3-Ethernet0/0/4]port link-type access

[LW3-Ethernet0/0/4]port default vlan 1

[LW4]int Eth0/0/3

[LW4-Ethernet0/0/3]port link-type access

[LW4-Ethernet0/0/3]port default vlan 1

[LW4]int e0/0/4

[LW4-Ethernet0/0/4]port link-type access

[LW4-Ethernet0/0/4]port default vlan 1

[LW5]int Eth0/0/3

[LW5-Ethernet0/0/3]port link-type access

[LW5-Ethernet0/0/3]port default vlan 1

[LW5]int e0/0/4

[LW5-Ethernet0/0/4]port link-type access

[LW5-Ethernet0/0/4]port default vlan 1

用mstp生成树

[LW1]stp enable

[LW1]stp mode mstp

[LW1]stp region-configuration

[LW1-mst-region]region-name aa

[LW1-mst-region]instance 1 vlan 1

[LW1-mst-region]instance 2 vlan 2

[LW1-mst-region]active region-configuration

查看stp关系，只有一个接口为root

LW1和LW2互为主备

[LW1]stp instance 1 root primary       在组1中为主根

[LW1]stp instance 2 root secondary     在组2中为备份根

[LW2]stp instance 1 root secondary      在组1中为备份根

[LW2]stp instance 2 root primary        在组2中为主根

配置SVI接口

[LW1]interface Vlanif 1

[LW1-Vlanif1]ip address 172.16.1.254 24

[LW1]int Vlanif 2

[LW1-Vlanif2]ip address 172.16.2.254 24

[LW2]int Vlanif 1

[LW2-Vlanif1]ip address 172.16.1.253 24

[LW2-Vlanif1]q

[LW2]int Vlanif 2

[LW2-Vlanif2]ip address 172.16.2.253 24

Vrrp网关冗余

[LW1]interface Vlanif 1

[LW1-Vlanif1]vrrp vrid 1 virtual-ip 172.16.1.100

[LW1-Vlanif1]vrrp vrid 1 priority 101

[LW1-Vlanif1]vrrp vrid 1 track int g0/0/1 reduced 10

[LW1-Vlanif1]q

[LW1]int Vlanif 2

[LW1-Vlanif2]vrrp vrid 1 virtual-ip 172.16.2.100

[LW2]int Vlanif 2

[LW2-Vlanif2]vrrp vrid 1 virtual-ip 172.16.2.100

[LW2-Vlanif2]vrrp vrid 1 priority 101

[LW2-Vlanif2]vrrp vrid 1 track int g0/0/1

[LW2-Vlanif2]q

[LW2]int Vlanif 1

[LW2-Vlanif1]vrrp vrid 1 virtual-ip 172.16.1.100

做DHCP池

[LW1]dhcp enable

[LW1]ip pool 1

[LW1-ip-pool-1]network 172.16.1.0 mask 24

[LW1-ip-pool-1]gateway-list 172.16.1.100

[LW1-ip-pool-1]dns-list 8.8.8.8

[LW1-ip-pool-1]q

[LW1]ip pool 2

[LW1-ip-pool-2]network 172.16.2.0 mask 24

[LW1-ip-pool-2]gateway-list 172.16.2.100

[LW1-ip-pool-2]dns-list 8.8.8.8

[LW1]int Vlanif 2

[LW1-Vlanif2]dhcp select global

[LW1-Vlanif2]q

[LW1]int Vlanif 1

[LW1-Vlanif1]dhcp select global

[LW2]dhcp enable

[LW2-ip-pool-1]ip pool 1

[LW2-ip-pool-1]network 172.16.1.0 mask 24

[LW2-ip-pool-1]gateway-list 172.16.1.100

[LW2-ip-pool-1]dns-list 8.8.8.8

[LW2-ip-pool-1]q

[LW2-ip-pool-2]network 172.16.2.0 mask 24

[LW2-ip-pool-2]gateway-list 172.16.2.100

[LW2-ip-pool-2]dns-list 8.8.8.8

[LW2-ip-pool-2]q

[LW2-Vlanif1]dhcp select global

[LW2-Vlanif1]q

[LW2]int Vlanif 2

[LW2-Vlanif2]dhcp select global

PC1--PC6通过DHCP均自动获取到IP地址

二、路由部分

由于华为模拟器上三层交换机无法配置物理地址，所以可以使用svi虚拟地址，划分VLAN给这个网段专用。

[LW1]vlan 3

[LW1-vlan3]q

[LW1]int Vlanif 3

[LW1-Vlanif3]ip address 172.16.0.1 30

[LW1-Vlanif3]int g0/0/1

[LW1-GigabitEthernet0/0/1]port link-type access

[LW1-GigabitEthernet0/0/1]port default vlan 3

[LW2]vlan 4

[LW2-vlan4]q

[LW2]int Vlanif 4

[LW2-Vlanif4]ip address 172.16.0.5 30

[LW2-Vlanif4]q

[LW2]int g0/0/1

[LW2-GigabitEthernet0/0/1]port link-type access

[LW2-GigabitEthernet0/0/1]port default vlan 4

配置ospf

[LW1]ospf 100

[LW1-ospf-100]area 0

[LW1-ospf-100-area-0.0.0.0]network 0.0.0.0 255.255.255.255

[LW2]ospf 100

[LW2-ospf-100]area 0

[LW2-ospf-100-area-0.0.0.0]network 0.0.0.0 255.255.255.255

[R1]ospf 100 router-id 1.1.1.1

[R1-ospf-100]area 0

[R1-ospf-100-area-0.0.0.0]network 172.16.0.0 0.0.255.255

在LSW1上查看ospf邻居关系

建邻完成

R1做指向R2的缺省

[R1]ip route-static 0.0.0.0 0 12.1.1.2 指向R2的缺省

ospf强制下放

[R1]ospf 100

[R1-ospf-100]default-route-advertise always

acl抓流量

[R1]acl 2000

[R1-acl-basic-2000]rule permit source any

做通向ISP的nat，上外网

[R1]int g0/0/2

[R1-GigabitEthernet0/0/2]nat outbound 2000

PC1 ping R2（ISP）

PC2 ping R2（ISP）

pc可以上外网，实验完成

HCIP第12天 交换第二天

一、交换部分

二、路由部分

相关推荐

HCIP第12天交换第二天