三层网络架构大实验
tips:本实验为三层网络架构综合性非常强的一个实验,可能会有一些地方写的不够具体,望各位大佬随时批评指教!
一、实验要求
①ISP公有地址,有环回;
②内网IP地址172.16.0.0/16,合理分配;
③SW1与SW2之间互为备份;
④VLAN/Eth-Trunk/STP/SVI/VRRP技术均使用;
⑤所有PC均通过DHCP自动获取IP地址;
⑥PC1/3在Vlan1,PC2/4在Vlan2。
二、实验拓扑
三、创建通道接口
1、lsw1:
[lsw1-GigabitEthernet0/0/5]eth-trunk 0
Info: This operation may take a few seconds. Please wait for a moment...done.
[lsw1-GigabitEthernet0/0/5]
Jul 20 2021 17:37:41-08:00 lsw1 %%01IFNET/4/IF_STATE(l)[0]:Interface Eth-Trunk0
has turned into UP state.
[lsw1-GigabitEthernet0/0/4]eth-trunk 0
Jul 20 2021 17:38:04-08:00 lsw1 DS/4/DATASYNC_CFGCHANGE:OID 1.3.6.1.4.1.2011.5.2
5.191.3.1 configurations have been changed. The current change number is 6, the
change loop count is 0, and the maximum number of records is 4095.
2、lsw2:
[lsw2-GigabitEthernet0/0/5]eth-trunk 0
Info: This operation may take a few seconds. Please wait for a moment...done.
[lsw2-GigabitEthernet0/0/5]
Jul 20 2021 17:39:41-08:00 lsw2 %%01IFNET/4/IF_STATE(l)[0]:Interface Eth-Trunk0
has turned into UP state.
[lsw2-GigabitEthernet0/0/4]eth-trunk 0
Jul 20 2021 17:39:56-08:00 lsw2 DS/4/DATASYNC_CFGCHANGE:OID 1.3.6.1.4.1.2011.5.2
5.191.3.1 configurations have been changed. The current change number is 6, the
change loop count is 0, and the maximum number of records is 4095.
四、给各个交换机上配置vlan,由于交换机内部自身携带vlan1,因此在这里给每一台交换机配置vlan2
[lsw1]vlan 2
[lsw1-vlan2]
Jul 20 2021 17:43:04-08:00 lsw1 DS/4/DATASYNC_CFGCHANGE:OID 1.3.6.1.4.1.2011.5.2
5.191.3.1 configurations have been changed. The current change number is 7, the
change loop count is 0, and the maximum number of records is 4095.
*剩下的以此类推
五、由于PC2和PC4属于vlan2范围,因此给lsw3和lsw4上指向PC2和PC4的接口划分vlan;接口模式选择access
PC2:
[lsw3-Ethernet0/0/4]port link-type access
[lsw3-Ethernet0/0/4]port default vlan 2
PC4:
[lsw 4-Ethernet0/0/4]port link-type access
[lsw 4-Ethernet0/0/4]port default vlan 2
六、创建trunk干道。
lsw3:
[lsw3]port-group group-member e0/0/1 e0/0/2——将两个接口合成一个组
[lsw3-port-group]port link-type trunk ——对这个组选择接口类型为trunk
[lsw3-Ethernet0/0/1]port link-type trunk
[lsw3-Ethernet0/0/2]port link-type trunk ——自动添加接口类型到每一个接口
[lsw3-port-group]port trunk allow-pass vlan 2——对这个组限制为vlan2
[lsw3-Ethernet0/0/1]port trunk allow-pass vlan 2
[lsw3-Ethernet0/0/2]port trunk allow-pass vlan 2
E0/0/1:
#
interface Ethernet0/0/1
port link-type trunk
port trunk allow-pass vlan 2
#
E0/0/2;
#
interface Ethernet0/0/2
port link-type trunk
port trunk allow-pass vlan 2
#
lsw4:
[lsw 4]port-group group-member e0/0/1 e0/0/2
[lsw 4-port-group]port link-type trunk
[lsw 4-Ethernet0/0/1]port link-type trunk
[lsw 4-Ethernet0/0/2]port link-type trunk
[lsw 4-port-group]port trunk allow-pass vlan 2
[lsw 4-Ethernet0/0/1]port trunk allow-pass vlan 2
[lsw 4-Ethernet0/0/2]port trunk allow-pass vlan 2
E0/0/1:
#
interface Ethernet0/0/1
port link-type trunk
port trunk allow-pass vlan 2
#
E0/0/2;
#
interface Ethernet0/0/2
port link-type trunk
port trunk allow-pass vlan 2
#
lsw2:
[lsw2]port-group group-member g0/0/3 g0/0/2
[lsw2-port-group]port link-type trunk
[lsw2-GigabitEthernet0/0/3]port link-type trunk
[lsw2-GigabitEthernet0/0/2]port link-type trunk
[lsw2-port-group]port trunk allow-pass vlan 2
[lsw2-GigabitEthernet0/0/3]port trunk allow-pass vlan 2
[lsw2-GigabitEthernet0/0/2]port trunk allow-pass vlan 2
G0/0/2:
#
interface GigabitEthernet0/0/2
port link-type trunk
port trunk allow-pass vlan 2
#
G0/0/3:
#
interface GigabitEthernet0/0/3
port link-type trunk
port trunk allow-pass vlan 2
#
lsw1:
[lsw1]port-group group-member g0/0/2 g0/0/3
[lsw1-port-group]port link-type trunk
[lsw1-GigabitEthernet0/0/2]port link-type trunk
[lsw1-GigabitEthernet0/0/3]port link-type trunk
[lsw1-port-group]port trunk allow-pass vlan 2
[lsw1-GigabitEthernet0/0/2]port trunk allow-pass vlan 2
[lsw1-GigabitEthernet0/0/3]port trunk allow-pass vlan 2
G0/0/2:
#
interface GigabitEthernet0/0/2
port link-type trunk
port trunk allow-pass vlan 2
#
G0/0/3:
#
interface GigabitEthernet0/0/3
port link-type trunk
port trunk allow-pass vlan 2
#
七、配置STP生成树协议
lsw1:
[lsw1]stp mode mstp
[lsw1]stp enable ——开启stp协议
[lsw1]stp region-configuration
[lsw1-mst-region]region-name a——所有设备应该在一个域内
[lsw1-mst-region]instance 1 vlan 1
[lsw1-mst-region]instance 2 vlan 2
[lsw1-mst-region]active region-configuration ——激活当前配置
Info: This operation may take a few seconds. Please wait for a moment...done.
[lsw1-mst-region]display stp brief ——查看生成树表
MSTID Port Role STP State Protection
0 GigabitEthernet0/0/1 DESI LEARNING NONE
0 GigabitEthernet0/0/2 ROOT FORWARDING NONE
0 GigabitEthernet0/0/3 DESI FORWARDING NONE
0 Eth-Trunk0 DESI LEARNING NONE
1 GigabitEthernet0/0/1 DESI LEARNING NONE
1 GigabitEthernet0/0/2 MAST FORWARDING NONE
1 GigabitEthernet0/0/3 DESI FORWARDING NONE
1 Eth-Trunk0 DESI LEARNING NONE
2 GigabitEthernet0/0/2 MAST FORWARDING NONE
2 GigabitEthernet0/0/3 DESI FORWARDING NONE
lsw2:
[lsw2]stp mode mstp
[lsw2]stp enable
[lsw2]stp region-configuration
[lsw2-mst-region]region-name a
[lsw2-mst-region]instance 1 vlan 1
[lsw2-mst-region]instance 2 vlan 2
[lsw2-mst-region]active region-configuration
Info: This operation may take a few seconds. Please wait for a moment...done.
[lsw2-mst-region]display stp brief
MSTID Port Role STP State Protection
0 GigabitEthernet0/0/1 DESI DISCARDING NONE
0 GigabitEthernet0/0/2 DESI DISCARDING NONE
0 GigabitEthernet0/0/3 ALTE DISCARDING NONE
0 Eth-Trunk0 ROOT FORWARDING NONE
1 GigabitEthernet0/0/1 DESI DISCARDING NONE
1 GigabitEthernet0/0/2 DESI DISCARDING NONE
1 GigabitEthernet0/0/3 ALTE DISCARDING NONE
1 Eth-Trunk0 ROOT FORWARDING NONE
2 GigabitEthernet0/0/2 DESI DISCARDING NONE
2 GigabitEthernet0/0/3 ALTE DISCARDING NONE
lsw3:
[lsw3]stp mode mstp
[lsw3]stp enable
[lsw3]stp region-configuration
[lsw3-mst-region]region-name a
[lsw3-mst-region]instance 1 vlan 1
[lsw3-mst-region]instance 2 vlan 2
[lsw3-mst-region]active region-configuration
Info: This operation may take a few seconds. Please wait for a moment...done.
Jul 20 2021 19:44:32-08:00 lsw3 DS/4/DATASYNC_CFGCHANGE:OID 1.3.6.1.4.1.2011.5.2
5.191.3.1 configurations have been changed. The current change number is 13, the
change loop count is 0, and the maximum number of records is 4095.
[lsw3-mst-region]display stp brief
MSTID Port Role STP State Protection
0 Ethernet0/0/1 DESI FORWARDING NONE
0 Ethernet0/0/2 DESI FORWARDING NONE
0 Ethernet0/0/3 DESI LEARNING NONE
0 Ethernet0/0/4 DESI LEARNING NONE
1 Ethernet0/0/1 DESI FORWARDING NONE
1 Ethernet0/0/2 DESI FORWARDING NONE
1 Ethernet0/0/3 DESI LEARNING NONE
2 Ethernet0/0/1 DESI FORWARDING NONE
2 Ethernet0/0/2 DESI FORWARDING NONE
2 Ethernet0/0/4 DESI LEARNING NONE
lsw4:
lsw 4]stp mode mstp
[lsw 4]stp enable
[lsw 4]stp region-configuration
[lsw 4-mst-region]region-name a
[lsw 4-mst-region]instance 1 vlan 1
[lsw 4-mst-region]instance 2 vlan 2
[lsw 4-mst-region]active region-configuration
Info: This operation may take a few seconds. Please wait for a moment...done.
[lsw 4-mst-region]display stp brief
MSTID Port Role STP State Protection
0 Ethernet0/0/1 ALTE DISCARDING NONE
0 Ethernet0/0/2 ROOT FORWARDING NONE
0 Ethernet0/0/3 DESI DISCARDING NONE
0 Ethernet0/0/4 DESI DISCARDING NONE
1 Ethernet0/0/1 ALTE DISCARDING NONE
1 Ethernet0/0/2 ROOT FORWARDING NONE
1 Ethernet0/0/3 DESI DISCARDING NONE
2 Ethernet0/0/1 ALTE DISCARDING NONE
2 Ethernet0/0/2 ROOT FORWARDING NONE
2 Ethernet0/0/4 DESI DISCARDING NONE
八、在lsw1和lsw2配置SVI
lsw1:
[lsw1]interface vlan1 ————创建一个虚拟的SVI接口
[lsw1-Vlanif1]ip address 172.16.1.1 25——————给这个虚拟的svi接口配置IP地址
[lsw1]interface vlan2
[lsw1-Vlanif2]ip address 172.16.1.129 25
lsw2:
[lsw2]interface vlan1
[lsw2-Vlanif1]ip address 172.16.1.2 25
[lsw2]interface vlan2
[lsw2-Vlanif2]ip address 172.16.1.130 25
九、在lsw1和lsw2上配置VRRP
lsw1:
[lsw1-Vlanif1]vrrp vrid 1 virtual-ip 172.16.1.126
[lsw1-Vlanif1]vrrp vrid 1 priority 105
[lsw1-Vlanif1]vrrp vrid 1 track int g0/0/1 reduce 10
[lsw1-Vlanif2]vrrp vrid 1 virtual-ip 172.16.1.254
[lsw1-Vlanif2]dis vrrp brief
VRID State Interface Type Virtual IP
----------------------------------------------------------------
1 Master Vlanif1 Normal 172.16.1.126
1 Backup Vlanif2 Normal 172.16.1.254
----------------------------------------------------------------
Total:2 Master:1 Backup:1 Non-active:0
lsw2:
[lsw1-Vlanif1]vrrp vrid 1 virtual-ip 172.16.1.126
[lsw1-Vlanif1]vrrp vrid 1 priority 105
[lsw1-Vlanif1]vrrp vrid 1 track int g0/0/1 reduce 10
[lsw1-Vlanif2]vrrp vrid 1 virtual-ip 172.16.1.254
[lsw1-Vlanif2]dis vrrp brief
VRID State Interface Type Virtual IP
----------------------------------------------------------------
1 Master Vlanif1 Normal 172.16.1.126
1 Backup Vlanif2 Normal 172.16.1.254
----------------------------------------------------------------
Total:2 Master:1 Backup:1 Non-active:0
十、开启DHCP
lsw1:
[lsw1]dhcp enable ——开启dhcp
Info: The operation may take a few seconds. Please wait for a moment.done.
[lsw1]ip pool v1——在vlan1下创建IP pool
Info:It's successful to create an IP address pool.
[lsw1-ip-pool-v1]network 172.16.1.126 mask 25——写出网段地址及掩码
[lsw1-ip-pool-v1]gateway-list 172.16.1.126——网关地址
[lsw1-ip-pool-v1]dns-list 114.114.114.114 8.8.8.8——dns地址及掩码
[lsw1-ip-pool-v1]q
[lsw1]int vlan1——进入vlan1的虚拟接口
[lsw1-Vlanif1]dhcp select global
[lsw1-Vlanif1]int vlan2
[lsw1-Vlanif2]dhcp select global
[lsw1-Vlanif2]ip pool v2
Info:It's successful to create an IP address pool.
[lsw1-ip-pool-v2]network 172.16.1.254 mask 25
[lsw1-ip-pool-v2]gateway-list 172.16.1.254
[lsw1-ip-pool-v2]dns-list 114.114.114.114 8.8.8.8
[lsw1-ip-pool-v2]dis th
#
ip pool v2
gateway-list 172.16.1.254
network 172.16.1.128 mask 255.255.255.128
dns-list 114.114.114.114 8.8.8.8
#
return
[lsw1-ip-pool-v1]dis th
#
ip pool v1
gateway-list 172.16.1.126
network 172.16.1.0 mask 255.255.255.128
dns-list 114.114.114.114 8.8.8.8
#
lsw2:
*lsw2与lsw1步骤相同,故只展示结果
[lsw2-ip-pool-v1]dis th
#
ip pool v1
gateway-list 172.16.1.126
network 172.16.1.0 mask 255.255.255.128
dns-list 114.114.114.114 8.8.8.8
#
return
[lsw2-ip-pool-v2]dis th
#
ip pool v2
gateway-list 172.16.1.254
network 172.16.1.128 mask 255.255.255.128
dns-list 114.114.114.114 8.8.8.8
#
return
十一、配置骨干IP
lsw1:
[lsw1]vlan 3——创建一个vlan3
Jul 20 2021 21:04:49-08:00 lsw1 DS/4/DATASYNC_CFGCHANGE:OID 1.3.6.1.4.1.2011.5.2
5.191.3.1 configurations have been changed. The current change number is 33, the
change loop count is 0, and the maximum number of records is 4095.
[lsw1]int vlan3 ——进入vlan3虚拟接口
[lsw1-Vlanif3]ip address 172.16.0.1 30——配置IP地址(lsw1连接路由器的网段)
[lsw1]interface g0/0/1——进入物理接口
[lsw1-GigabitEthernet0/0/1]port link-type access——修改接口类型为access
[lsw1-port-group-default]port default vlan 3
lsw2:
[lsw2]vlan 3
Jul 20 2021 21:09:11-08:00 lsw2 DS/4/DATASYNC_CFGCHANGE:OID 1.3.6.1.4.1.2011.5.2
5.191.3.1 configurations have been changed. The current change number is 32, the
change loop count is 0, and the maximum number of records is 4095.
[lsw2-vlan3]q
[lsw2]int vlan3
[lsw2-Vlanif3]ip address 172.16.0.5 30
[lsw2-Vlanif3]q
[lsw2]interface g0/0/1
[lsw2-GigabitEthernet0/0/1]port link-type access
[lsw2-GigabitEthernet0/0/1]port default vlan 3
路由器(给和三层交换机连接的接口配置IP地址)
[Huawei]dis ip routing-table
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Routing Tables: Public
Destinations : 6 Routes : 6
Destination/Mask Proto Pre Cost Flags NextHop Interface
127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0
127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0
172.16.0.0/30 Direct 0 0 D 172.16.0.2 Ethernet0/0/0
172.16.0.2/32 Direct 0 0 D 127.0.0.1 Ethernet0/0/0
172.16.0.4/30 Direct 0 0 D 172.16.0.6 Ethernet0/0/1
172.16.0.6/32 Direct 0 0 D 127.0.0.1 Ethernet0/0/1
从此处起,三层交换机已经具有路由器设备的功能了!
十二、给lsw1、lsw2、router进行ospf宣告
lsw1:
[lsw1]ospf 1 router-id 1.1.1.1——设置router-id为1.1.1.1
[lsw1-ospf-1]area 0
[lsw1-ospf-1-area-0.0.0.0]network 172.16.0.0 0.0.255.255——由于私网网段划分为172.16.0.0 因此对172.16.0.0进行area 0处进行宣告
[lsw1-ospf-1]silent-interface all
[lsw1-ospf-1]undo silent-interface Vlanif 3
[lsw1-ospf-1]undo silent-interface Eth-Trunk 0
lsw2:
[lsw2]ospf 1 router-id 2.2.2.2
[lsw2-ospf-1]area 0
[lsw2-ospf-1-area-0.0.0.0]network 172.16.0.0 0.0.255.255
router:
[Huawei]ospf 1 router-id 3.3.3.3
[Huawei-ospf-1]area 0
[Huawei-ospf-1-area-0.0.0.0]network 172.16.0.0 0.0.255.255
十三、对私网路由器进行nat配置
[Huawei]acl 2000
[Huawei-acl-basic-2000]rule 5 permit source 172.16.0.0 0.0.255.255
[Huawei-acl-basic-2000]int g0/0/0
[Huawei-GigabitEthernet0/0/0]nat outbound 2000
Info: The NAT address pool is empty
十四、配置公网ISP
[Huawei]int
[Huawei]interface e0/0/0
[Huawei-Ethernet0/0/0]ip add
[Huawei-Ethernet0/0/0]ip address 12.0.1.2 24
[Huawei-Ethernet0/0/0]q
[Huawei]interface LoopBack 0
[Huawei-LoopBack0]ip address 1.1.1.1 24
十五、在router上配置缺省
[Huawei]ip route-static 0.0.0.0 0 12.0.1.2
十六、检验
1、是否开启DHCP服务
PC1:
PC>ipconfig
Link local IPv6 address...........: fe80::5689:98ff:fe6c:6aef
IPv6 address......................: :: / 128
IPv6 gateway......................: ::
IPv4 address......................: 172.16.1.125
Subnet mask.......................: 255.255.255.128
Gateway...........................: 172.16.1.126
Physical address..................: 54-89-98-6C-6A-EF
DNS server........................: 114.114.114.114
8.8.8.8
PC2:
PC>ipconfig
Link local IPv6 address...........: fe80::5689:98ff:fe66:20a5
IPv6 address......................: :: / 128
IPv6 gateway......................: ::
IPv4 address......................: 172.16.1.253
Subnet mask.......................: 255.255.255.128
Gateway...........................: 172.16.1.254
Physical address..................: 54-89-98-66-20-A5
DNS server........................: 114.114.114.114
8.8.8.8
…(以下的PC也可以,此处省略)
2、ping通ISP的环回地址