1. 注意点
- VLAN
- STP
- 链路聚合
- VRRP
2. 架构
3. 配置
3.1 二层配置
3.1.1 接入交换机ASW01配置
先配置下行
[H3C]sysn ASW01 //修改设备名称
//创建VLAN并添加描述
[ASW01]vlan 20
[ASW01-vlan20]description To_Dep20_PC//描述:VLAN20是Department20使用
[ASW01-vlan20]vlan 21
[ASW01-vlan21]description TO_Dep21_PC
//批量进入端口,配置允许access链路通过的vlan,这里配置的是1~10是vlan20,11~20是vlan21
[ASW01]int rang g1/0/1 to g1/0/10
[ASW01-if-range]port access vlan 20
[ASW01-if-range]dis vlan 20 //检查一下端口是否都配置进去了
[ASW01-if-range]stp edged-port enable //这里顺便配置一下边缘端口
[ASW01]int rang g1/0/11 to g1/0/20
[ASW01-if-range]port access vlan 21
[ASW01-if-range]dis vlan 21 //检查一下端口是否都配置进去了
[ASW01-if-range]stp edged-port enable再配置上行
//先设置上行的端口的描述
[ASW01]int g1/0/47
[ASW01-GigabitEthernet1/0/47]description To_CSW01_G1/0/1
//描述具体到接到某个设备的某个端口,端口的G习惯用大写
[ASW01-GigabitEthernet1/0/47]int g1/0/48
[ASW01-GigabitEthernet1/0/48]description To_CSW02_G1/0/1
//将上行的接口都配置为trunk,并允许vlan20 21通过
[ASW01]int rang g1/0/47 g1/0/48
[ASW01-if-range]port link-type trunk
[ASW01-if-range]port trunk permit vlan 20 21配置stp
[ASW01]stp region-configuration
[ASW01-mst-region]region-name h3c //实例名称设置为h3c
[ASW01-mst-region]instance 1 vlan 21 //相当于把vlan21从默认的实例0中拿出来,放到实例1中
[ASW01-mst-region]active region-configuration //激活配置3.1.2 核心交换机CSW配置
(以CSW01为例)
配置链路聚合
一般是先配置链路聚合,再配置VLAN等其他内容,避免出错
[CSW01]int Bridge-Aggregation 1
[CSW01-Bridge-Aggregation1]int rang t1/0/51 t1/0/52 //注意拓扑中是XGE万兆网口,在命令号中要写t(ten)
[CSW01-if-range]port link-aggregation group 1配置vlan
//创建vlan
[CSW01]vlan 20
[CSW01]vlan 21
//配置下行链路
[CSW01]int g1/0/1
[CSW01-GigabitEthernet1/0/1]port link-type trunk
[CSW01-GigabitEthernet1/0/1]port trunk permit vlan 20 21
//配置聚合链路
[CSW01]int Bridge-Aggregation 1 //或者BAGG1
[CSW01-Bridge-Aggregation1]port link-type trunk
[CSW01-Bridge-Aggregation1]port trunk permit vlan 20 21每配置一条命令,都会分别显示聚合链路中的物理链路配置完成
Configuring Ten-GigabitEthernet1/0/51 done.
Configuring Ten-GigabitEthernet1/0/52 done.
配置stp
[CSW02]stp region-configuration
[CSW02-mst-region]region-name h3c
[CSW02-mst-region]instance 1 vlan 21
[CSW02-mst-region]active region-configuration
//配置主根和备根,在实例0中,配置CSW01为主根,CSW02为备根;在实例1中,配置CSW02为主根,CSW01为备根
[CSW02]stp instance 0 root primary
[CSW02]stp instance 1 root secondary别忘了,按照上面的配置把CSW02也配置一遍
3.2 三层配置
在vlan虚接口下配置IP地址,作为终端的网关
3.2.1 配置IP地址
vlan20 | vlan21 | |
CSW01 | 22.22.20.254 | 22.22.21.253 |
CSW02 | 22.22.20.253 | 22.22.21.254 |
现在是双网关
[CSW01]int vlan 20
[CSW01-Vlan-interface20]ip address 22.22.20.254 255.255.255.0
[CSW01-Vlan-interface20]int vlan 21
[CSW01-Vlan-interface21]ip address 22.22.21.253 255.255.255.03.2.2 配置VRRP
- 在vlan接口下配置
- 先在主网关(.254)上配置,否则容易出现地址冲突的提示。
- vrid后面跟的数字,为了便于区分,和vlan-id一致
[CSW01]int vlan 20
[CSW01-Vlan-interface20]vrrp vrid 20 virtual-ip 22.22.20.254
[CSW01]int vlan 21
[CSW01-Vlan-interface20]vrrp vrid 21 virtual-ip 22.22.20.253现在在接入交换机上的终端已经可以ping通网关。
3.3 园区网通过路由器连接外网
- 暂时不设置防火墙
- 要求园区网的终端能ping通Internet的回环地址220.0.0.1
3.3.1 核心交换机CSW配置
CSW01
配置IP地址
[CSW01]vlan 100
[CSW01]int g1/0/47
[CSW01-GigabitEthernet1/0/47]port access vlan 100
[CSW01]int vlan 100
[CSW01-Vlan-interface100]ip address 22.22.100.1 30同样配置CSW02,但是配置VLAN101
3.3.2 SW14配置
- SW14上配置IP地址,直接在物理接口下配置即可。
- 注意IP地址要和对面的接口对应
//分别给物理链路添加IP地址,添加描述
[SW14]int g0/0
[SW14-GigabitEthernet1/0/0]description To_CSW01_G0/47
[SW14-GigabitEthernet1/0/0]ip address 22.22.100.2 30
[SW14]int g0/1
[SW14-GigabitEthernet1/0/1]description To_CSW02_G0/47
[SW14-GigabitEthernet1/0/1]ip address 22.22.101.2 30
[SW14]int g0/2
[SW14-GigabitEthernet1/0/2]description To_ISP-R_G0/2
[SW14-GigabitEthernet1/0/2]ip address 201.0.0.2 243.3.3 ISP-R配置
//配置连接向路由器的IP地址
[ISP-R]int g0/2
[ISP-R-GigabitEthernet1/0/2]ip address 201.0.0.1 24
//配置回环地址
[ISP-R]int LoopBack 220
[H3C-LoopBack220]ip address 220.0.0.1 255.255.255.2553.3.4 配置一条从SW14向ISP-R的默认路由
默认全0,下一跳是ISP-R的G0/2接口
[SW14]ip route-static 0.0.0.0 0 201.0.0.13.3.5 配置ACL,NAT
[SW14]acl basic 2000
[SW14]description For_NAT
[SW14]rule 0 permit source(未完成)
本文章为转载内容,我们尊重原作者对文章享有的著作权。如有内容错误或侵权问题,欢迎原作者联系我们进行内容更正或删除文章。
