ip网络实验实训


实训案例

1.实验拓扑图:

实验拓扑图

2.数据规划:

1、终端设备PC1、PC2、Server1、Server2的IP、子网掩码、默认网关拓扑图中所示。

2、接入层交换机SW5、SW6、SW7作为二层交换机使用,需要进行VLAN配置具体规划如下表所示:

具体规划

3.需求分析:

1、部门1和部门2中的用户,既可以通过路由访问内网服务器Server2,也可以通过动态NAT转换访问外网服务器Server1。

2、不允许内网服务器Server2主动访问外网,但是允许被外网访问。

3、汇聚层交换机SW3、SW4作为部门1、部门2、IDC的网关所在,实现网关冗余备份,同时为提高网络带宽,增强网络稳定性,在SW3与SW4之间通过两条千兆线路互联,实现链路聚合功能。

4、通过园区网网关AR1为部门2中的用户提供DHCP服务,使该部门的用户PC可以通过DHCP自动获取地址。(DHCP地址池:172.16.20.100/24–172.16.20.253,网关:172.16.20.254,DNS(主):202.101.224.68,DNS(备):202.101.224.69)。

4.步骤:

1、根据数据规划第一条,配置所有终端(PC1、PC2[设置成DHCP]、Server1、Server2)IP地址、子网掩码、默认网关。

2、根据数据规划第二条,配置所有接入层交换机(SW5、SW6、SW7)的vlan及端口。
配置示例:
SW5:
Sysname SW5
undo info-center enable
第一步:全局模式下创建VLAN 
vlan batch 10
第二步:将连接终端的交换机端口配置成Access模式,关联规划的VLAN
interface Ethernet0/0/3
 port link-type access
 port default vlan 10
quit
第三步:将连接其他交换机的交换机端口配置成Trunk模式,并允许相关VLAN通过
interface Ethernet0/0/1
 port link-type trunk
 port trunk allow-pass vlan 10
quit
interface Ethernet0/0/2
 port link-type trunk
 port trunk allow-pass vlan 10
quit

3、根据数据规划第三条,配置网关路由器AR1、公网路由器AR2的IP地址
AR1配置示例:
Sysname AR1
undo info-center enable
interface GigabitEthernet0/0/0
 ip address 100.1.12.1 255.255.255.248 
quit
interface GigabitEthernet0/0/1.13
 dot1q termination vid 13
 ip address 172.16.13.1 255.255.255.248 
 arp broadcast enable
quit
interface GigabitEthernet0/0/2.14
 dot1q termination vid 14
 ip address 172.16.14.1 255.255.255.248 
 arp broadcast enable

AR2配置示例:
Sysname AR2
undo info-center enable
interface GigabitEthernet0/0/0
 ip address 100.1.12.2 255.255.255.248 
quit
interface GigabitEthernet0/0/1
 ip address 202.101.224.2 255.255.255.252
quit
4、根据数据规划第四条,配置汇聚交换机SW3和SW4的二层交换配置及三层IP地址配置。
SW3配置示例:
Sysname SW3
undo info-center enable
二层交换配置:
第一步:全局模式下创建需要转发的VLAN
vlan batch 10 13 20 30 34
第二步:创建端口聚合组,并将G0/0/2和G0/0/3两个端口成员加入到聚合组,实现链路聚合
interface Eth-Trunk 1
quit
interface GigabitEthernet0/0/2
 eth-trunk 1
quit
interface GigabitEthernet0/0/3
 eth-trunk 1
quit
第三步:将所有的交换机二层端口配置成Trunk模式,并且关联对应的规划VLAN
interface GigabitEthernet0/0/1
 port link-type trunk
 port trunk allow-pass vlan 13
quit
interface Eth-Trunk 1
 port link-type trunk
 port trunk allow-pass vlan 34
quit
interface GigabitEthernet0/0/4
 port link-type trunk
 port trunk allow-pass vlan 10
quit
interface GigabitEthernet0/0/5
 port link-type trunk
 port trunk allow-pass vlan 20
quit
interface GigabitEthernet0/0/6
 port link-type trunk
 port trunk allow-pass vlan 30
quit

三层IP地址配置:
interface LoopBack 0  //创建loopback 0逻辑接口,配置一个地址用于Router-ID。
 ip address 172.16.3.3 255.255.255.255
quit
interface Vlanif 10
 ip address 172.16.10.3 255.255.255.0
quit
interface Vlanif13
 ip address 172.16.13.3 255.255.255.248
quit
interface Vlanif20
 ip address 172.16.20.3 255.255.255.0
quit
interface Vlanif30
 ip address 172.16.30.3 255.255.255.0
quit
interface Vlanif34
 ip address 172.16.34.3 255.255.255.248
quit

5、SW3与SW4、AR1上部署OSPF路由。
以SW3为例:
ospf 100 router-id 172.16.3.3  //创建OSPF 100进程,并指定Router-ID
 area 0  //创建骨干区域0,根据规划将指定的直连接口网段宣告进OSPF Area 0
  network 172.16.3.3 0.0.0.0
  network 172.16.10.0 0.0.0.255
  network 172.16.20.0 0.0.0.255
  network 172.16.30.0 0.0.0.255
  network 172.16.34.0 0.0.0.7
quit
 area 200  //创建常规区域200,根据规划将指定的直连接口网段宣告进OSPF Area 200
  network 172.16.13.0 0.0.0.7
quit
quit

附SW4的OSPF路由配置:
ospf 100 router-id 172.16.4.4
 area 0
  network 172.16.4.4 0.0.0.0
  network 172.16.10.0 0.0.0.7
  network 172.16.20.0 0.0.0.255
  network 172.16.30.0 0.0.0.255
  network 172.16.34.0 0.0.0.7
quit
 area 200
  network 172.16.14.0 0.0.0.7
quit
quit
附AR1的OSPF路由配置:
interface LoopBack 0  //如果前面已经配置过,可以省略。
 ip address 172.16.1.1 255.255.255.255
quit
ospf 100 router-id 172.16.1.1 
 area 200 
  network 172.16.1.1 0.0.0.0 
  network 172.16.13.0 0.0.0.7 
  network 172.16.14.0 0.0.0.7
 quit
quit
AR1上配置外网网关(默认路由):
ip route-static 0.0.0.0 0.0.0.0 100.1.12.2 //写一条路由,告诉AR1如果收到了不知道往哪里发送的数据包,就把该数据包发给下一跳100.1.12.2
ospf 100 
 default-route-advertise always  //AR1上重新进入OSPF 100,通过OSPF协议告诉内网其他路由器,收到了不知道往哪里发送的数据包,就把该数据包发给AR1即可。
quit

6、SW3、SW4上部署VRRP协议

SW5、SW6、SW7全局模式下关闭STP协议
undo stp enable
A、创建部门1的虚拟网关
SW3上配置:
interface Vlanif 10
vrrp vrid 1 virtual-ip 172.16.10.254  //绑定虚拟IP,该IP不是某个具体接口上的IP地址。
vrrp vrid 1 track interface GigabitEthernet0/0/1 reduced 50  //如果G0/0/1口断掉了,就执行网关倒换,Reduced代表网关优先级减少多少,即:优先级默认为100,如果G0/0/1断掉了则优先级减50。
SW4上配置:
interface Vlanif 10
vrrp vrid 1 virtual-ip 172.16.10.254
vrrp vrid 1 track interface GigabitEthernet0/0/1 reduced 51
B、创建部门2的虚拟网关
SW3上配置:
interface Vlanif 20
vrrp vrid 1 virtual-ip 172.16.20.254
vrrp vrid 1 track interface GigabitEthernet0/0/1 reduced 50
SW4上配置:
interface Vlanif 20
vrrp vrid 1 virtual-ip 172.16.20.254
vrrp vrid 1 track interface GigabitEthernet0/0/1 reduced 51
C、创建部门3的虚拟网关
SW3上配置:
interface Vlanif 30
vrrp vrid 1 virtual-ip 172.16.30.254
vrrp vrid 1 track interface GigabitEthernet0/0/1 reduced 50
SW4上配置:
interface Vlanif 30
vrrp vrid 1 virtual-ip 172.16.30.254
vrrp vrid 1 track interface GigabitEthernet0/0/1 reduced 51

7、AR1上部署NAT转换策略
acl number 2000  //配置访问控制列表,用于匹配感兴趣的流量(来自部门1和部门2私有地址的流量)
 rule 10 permit source 172.16.10.0 0.0.0.255 
 rule 20 permit source 172.16.20.0 0.0.0.255
quit
nat address-group 1 100.1.12.3 100.1.12.5  //配置公网地址池

interface GigabitEthernet0/0/0
nat outbound 2000 address-group 1  //在WAN口上调用NAT转换规则,将ACL 2000匹配的IP数据包私有源地址通过NAT转换成公有地址池中的地址出去访问外网。
nat server global 172.16.30.1 inside 100.1.12.6  //配置一对一转换的NAT Server,该机制用于通过公网访问私网中的服务器,实现内网穿透。
nat server global 100.1.12.6 inside 172.16.30.1  //eNSP模拟器BUG,需要配置双向的两条NAT Server才能实现外网访问内网,真机环境下只需配置第一条。
quit

8、部署DHCP及DHCP中继服务,实现分配地址给部门2中的PC。

一、园区网网关AR1路由器上:
dhcp enable  //开启DHCP服务
ip pool 1  //配置DHCP服务器相关参数
 gateway-list 172.16.20.254   自动下发给PC的网关
 network 172.16.20.0 mask 255.255.255.0  自动下发的地址范围
 excluded-ip-address 172.16.20.1 172.16.20.99  排除的地址
 lease day 0 hour 10 minute 0  租约时间
 dns-list 202.101.224.68 202.101.224.69 主备DNS
quit
interface GigabitEthernet0/0/1.13  //内网接口上开启DHCP服务,关联全局地址池
dhcp select global
quit
interface GigabitEthernet0/0/2.14  //内网接口上开启DHCP服务,关联全局地址池
dhcp select global
quit
二、部门2网关SW3、SW4上配置DHCP中继服务
SW3:
interface Vlanif 20 
dhcp select relay //开启DHCP中继服务
dhcp relay server-ip 172.16.13.1 //指定DHCP服务器所在地址
quit
SW4:
interface Vlanif 20
dhcp select relay
dhcp relay server-ip 172.16.14.1
quit

(完结)

5.设备配置:

AR1:

AR1>dis cur
[V200R003C00]
#
 sysname AR1
#
 snmp-agent local-engineid 800007DB03000000000000
 snmp-agent 
#
 clock timezone China-Standard-Time minus 08:00:00
#
portal local-server load portalpage.zip
#
 drop illegal-mac alarm
#
 undo info-center enable
#
 set cpu-usage threshold 80 restore 75
#
dhcp enable
#
acl number 2000  
 rule 10 permit source 172.16.10.0 0.0.0.255 
 rule 20 permit source 172.16.20.0 0.0.0.255 
#
ip pool 1
 gateway-list 172.16.20.254 
 network 172.16.20.0 mask 255.255.255.0 
 excluded-ip-address 172.16.20.1 172.16.20.99 
 lease day 7 hour 0 minute 0 
 dns-list 202.101.224.68 202.101.224.69 
#
aaa 
 authentication-scheme default
 authorization-scheme default
 accounting-scheme default
 domain default 
 domain default_admin 
 local-user admin password cipher %$%$K8m.Nt84DZ}e#<0`8bmE3Uw}%$%$
 local-user admin service-type http
#
firewall zone Local
 priority 15
#
 nat address-group 1 100.1.12.3 100.1.12.5
#
interface GigabitEthernet0/0/0
 ip address 100.1.12.1 255.255.255.248 
 nat server global 172.16.30.1 inside 100.1.12.6
 nat server global 100.1.12.6 inside 172.16.30.1
 nat outbound 2000 address-group 1 
#
interface GigabitEthernet0/0/0.13
#
interface GigabitEthernet0/0/1
#
interface GigabitEthernet0/0/1.13
 dot1q termination vid 13
 ip address 172.16.13.1 255.255.255.248 
 arp broadcast enable
 dhcp select global
#
interface GigabitEthernet0/0/1.20
#
interface GigabitEthernet0/0/2
#
interface GigabitEthernet0/0/2.14
 ip address 172.16.14.1 255.255.255.248 
 dhcp select global
#
interface NULL0
#
interface LoopBack0
 ip address 172.16.1.1 255.255.255.255 
#
ospf 100 router-id 172.16.1.1 
 default-route-advertise always
 area 0.0.0.200 
  network 172.16.1.1 0.0.0.0 
  network 172.16.13.0 0.0.0.7 
  network 172.16.14.0 0.0.0.7 
#
ip route-static 0.0.0.0 0.0.0.0 100.1.12.2
#
user-interface con 0
 authentication-mode password
user-interface vty 0 4
user-interface vty 16 20
#
wlan ac
#
return

AR2:

<AR2>dis cur
[V200R003C00]
#
 sysname AR2
#
 snmp-agent local-engineid 800007DB03000000000000
 snmp-agent 
#
 clock timezone China-Standard-Time minus 08:00:00
#
portal local-server load portalpage.zip
#
 drop illegal-mac alarm
#
 undo info-center enable
#
 set cpu-usage threshold 80 restore 75
#
aaa 
 authentication-scheme default
 authorization-scheme default
 accounting-scheme default
 domain default 
 domain default_admin 
 local-user admin password cipher %$%$K8m.Nt84DZ}e#<0`8bmE3Uw}%$%$
 local-user admin service-type http
#
firewall zone Local
 priority 15
#
interface GigabitEthernet0/0/0
 ip address 100.1.12.2 255.255.255.248 
#
interface GigabitEthernet0/0/1
 ip address 202.101.224.2 255.255.255.252 
#
interface GigabitEthernet0/0/2
#
interface NULL0
#
user-interface con 0
 authentication-mode password

<AR2>

  Please check whether system data has been changed, and save data in time

  Configuration console time out, please press any key to log on

<AR2>dis cur
[V200R003C00]
#
 sysname AR2
#
 snmp-agent local-engineid 800007DB03000000000000
 snmp-agent 
#
 clock timezone China-Standard-Time minus 08:00:00
#
portal local-server load portalpage.zip
#
 drop illegal-mac alarm
#
 undo info-center enable
#
 set cpu-usage threshold 80 restore 75
#
aaa 
 authentication-scheme default
 authorization-scheme default
 accounting-scheme default
 domain default 
 domain default_admin 
 local-user admin password cipher %$%$K8m.Nt84DZ}e#<0`8bmE3Uw}%$%$
 local-user admin service-type http
#
firewall zone Local
 priority 15
#
interface GigabitEthernet0/0/0
 ip address 100.1.12.2 255.255.255.248 
#
interface GigabitEthernet0/0/1
 ip address 202.101.224.2 255.255.255.252 
#
interface GigabitEthernet0/0/2
#
interface NULL0
#
user-interface con 0
 authentication-mode password
user-interface vty 0 4
user-interface vty 16 20
#
wlan ac
#
return

SW3:

<SW3>dis cur
#
sysname SW3
#
undo info-center enable
#
vlan batch 10 13 to 14 20 30 34 40
#
cluster enable
ntdp enable
ndp enable
#
drop illegal-mac alarm
#
dhcp enable
#
diffserv domain default
#
drop-profile default
#
aaa
 authentication-scheme default
 authorization-scheme default
 accounting-scheme default
 domain default
 domain default_admin
 local-user admin password simple admin
 local-user admin service-type http
#
interface Vlanif1
#
interface Vlanif10
 ip address 172.16.10.3 255.255.255.0
 vrrp vrid 1 virtual-ip 172.16.10.254
 vrrp vrid 1 track interface GigabitEthernet0/0/1 reduced 50
#
interface Vlanif13
 ip address 172.16.13.3 255.255.255.248
#
interface Vlanif20
 ip address 172.16.20.3 255.255.255.0
 vrrp vrid 1 virtual-ip 172.16.20.254
 vrrp vrid 1 track interface GigabitEthernet0/0/1 reduced 50
 dhcp select relay
 dhcp relay server-ip 172.16.13.1
#
interface Vlanif30
 ip address 172.16.30.3 255.255.255.0
 vrrp vrid 1 virtual-ip 172.16.30.254
 vrrp vrid 1 track interface GigabitEthernet0/0/1 reduced 50
#
interface Vlanif34
 ip address 172.16.34.3 255.255.255.248
#
interface MEth0/0/1
#
interface Eth-Trunk1
 port link-type trunk
 port trunk allow-pass vlan 34
#
interface GigabitEthernet0/0/1
 port link-type trunk
 port trunk allow-pass vlan 13
#
interface GigabitEthernet0/0/2
 eth-trunk 1
#
interface GigabitEthernet0/0/3
 eth-trunk 1
#
interface GigabitEthernet0/0/4
 port link-type trunk
 port trunk allow-pass vlan 10
#
interface GigabitEthernet0/0/5
 port link-type trunk
 port trunk allow-pass vlan 20
#
interface GigabitEthernet0/0/6
 port link-type trunk
 port trunk allow-pass vlan 30
#
interface GigabitEthernet0/0/7
#
interface GigabitEthernet0/0/8
#
interface GigabitEthernet0/0/9
#
interface GigabitEthernet0/0/10
#
interface GigabitEthernet0/0/11
#
interface GigabitEthernet0/0/12
#
interface GigabitEthernet0/0/13
#
interface GigabitEthernet0/0/14
#
interface GigabitEthernet0/0/15
#
interface GigabitEthernet0/0/16
#
interface GigabitEthernet0/0/17
#
interface GigabitEthernet0/0/18
#
interface GigabitEthernet0/0/19
#
interface GigabitEthernet0/0/20
#
interface GigabitEthernet0/0/21
#
interface GigabitEthernet0/0/22
#
interface GigabitEthernet0/0/23
#
interface GigabitEthernet0/0/24
#
interface NULL0
#
interface LoopBack0
 ip address 172.16.3.3 255.255.255.255
#
ospf 100 router-id 172.16.3.3
 area 0.0.0.0
  network 172.16.3.3 0.0.0.0
  network 172.16.10.0 0.0.0.255
  network 172.16.20.0 0.0.0.255
  network 172.16.30.0 0.0.0.255
  network 172.16.34.0 0.0.0.7
 area 0.0.0.200
  network 172.16.13.0 0.0.0.7
#
user-interface con 0
user-interface vty 0 4
#
return

<SW3>

SW4:

<SW4>dis cur
#
sysname SW4
#
undo info-center enable
#
vlan batch 10 13 to 14 20 30 34
#
cluster enable
ntdp enable
ndp enable
#
drop illegal-mac alarm
#
dhcp enable
#
diffserv domain default
#
drop-profile default
#
aaa
 authentication-scheme default
 authorization-scheme default
 accounting-scheme default
 domain default
 domain default_admin
 local-user admin password simple admin
 local-user admin service-type http
#
interface Vlanif1
#
interface Vlanif10
 ip address 172.16.10.4 255.255.255.0
 vrrp vrid 1 virtual-ip 172.16.10.254
 vrrp vrid 1 track interface GigabitEthernet0/0/1 reduced 51
#
interface Vlanif13
#
interface Vlanif14
 ip address 172.16.14.4 255.255.255.248
#
interface Vlanif20
 ip address 172.16.20.4 255.255.255.0
 vrrp vrid 1 virtual-ip 172.16.20.254
 vrrp vrid 1 track interface GigabitEthernet0/0/1 reduced 51
 dhcp select relay
 dhcp relay server-ip 172.16.14.1
#
interface Vlanif30
 ip address 172.16.30.4 255.255.255.0
 vrrp vrid 1 virtual-ip 172.16.30.254
 vrrp vrid 1 track interface GigabitEthernet0/0/1 reduced 51
#
interface Vlanif34
 ip address 172.16.34.4 255.255.255.248
#
interface MEth0/0/1
#
interface Eth-Trunk1
 port link-type trunk
 port trunk allow-pass vlan 34
#
interface GigabitEthernet0/0/1
 port link-type trunk
 port trunk allow-pass vlan 13
#
interface GigabitEthernet0/0/2
 eth-trunk 1
#
interface GigabitEthernet0/0/3
 eth-trunk 1
#
interface GigabitEthernet0/0/4
 port link-type trunk
 port trunk allow-pass vlan 10
#
interface GigabitEthernet0/0/5
 port link-type trunk
 port trunk allow-pass vlan 20
#
interface GigabitEthernet0/0/6
 port link-type trunk
 port trunk allow-pass vlan 30
#
interface GigabitEthernet0/0/7
#
interface GigabitEthernet0/0/8
#
interface GigabitEthernet0/0/9
#
interface GigabitEthernet0/0/10
#
interface GigabitEthernet0/0/11
#
interface GigabitEthernet0/0/12
#
interface GigabitEthernet0/0/13
#
interface GigabitEthernet0/0/14
#
interface GigabitEthernet0/0/15
#
interface GigabitEthernet0/0/16
#
interface GigabitEthernet0/0/17
#
interface GigabitEthernet0/0/18
#
interface GigabitEthernet0/0/19
#
interface GigabitEthernet0/0/20
#
interface GigabitEthernet0/0/21
#
interface GigabitEthernet0/0/22
#
interface GigabitEthernet0/0/23
#
interface GigabitEthernet0/0/24
#
interface NULL0
#
interface LoopBack0
 ip address 172.16.4.4 255.255.255.255
#
ospf 100 router-id 172.16.4.4
 area 0.0.0.0
  network 172.16.4.4 0.0.0.0
  network 172.16.10.0 0.0.0.255
  network 172.16.20.0 0.0.0.255
  network 172.16.30.0 0.0.0.255
  network 172.16.34.0 0.0.0.7
 area 0.0.0.200
  network 172.16.14.0 0.0.0.7
#
user-interface con 0
user-interface vty 0 4
#
return

<SW4>

SW5:

<SW5>dis cur
#
sysname SW5
#
undo info-center enable
#
vlan batch 10
#
stp disable
#
cluster enable
ntdp enable
ndp enable
#
drop illegal-mac alarm
#
diffserv domain default
#
drop-profile default
#
aaa
 authentication-scheme default
 authorization-scheme default
 accounting-scheme default
 domain default
 domain default_admin
 local-user admin password simple admin
 local-user admin service-type http
#
interface Vlanif1
#
interface MEth0/0/1
#
interface Ethernet0/0/1
 port link-type trunk
 port trunk allow-pass vlan 10
#
interface Ethernet0/0/2
 port link-type trunk
 port trunk allow-pass vlan 10
#
interface Ethernet0/0/3
 port link-type access
 port default vlan 10
#
interface Ethernet0/0/4
#
interface Ethernet0/0/5
#
interface Ethernet0/0/6
#
interface Ethernet0/0/7
#
interface Ethernet0/0/8
#
interface Ethernet0/0/9
#
interface Ethernet0/0/10
#
interface Ethernet0/0/11
#
interface Ethernet0/0/12
#
interface Ethernet0/0/13
#
interface Ethernet0/0/14
#
interface Ethernet0/0/15
#
interface Ethernet0/0/16
#
interface Ethernet0/0/17
#
interface Ethernet0/0/18
#
interface Ethernet0/0/19
#
interface Ethernet0/0/20
#
interface Ethernet0/0/21
#
interface Ethernet0/0/22
#
interface GigabitEthernet0/0/1
#
interface GigabitEthernet0/0/2
#
interface NULL0
#
user-interface con 0
user-interface vty 0 4
#
return

SW6:

<SW6>dis cur
#
sysname SW6
#
undo info-center enable
#
vlan batch 20
#
stp disable
#
cluster enable
ntdp enable
ndp enable
#
drop illegal-mac alarm
#
diffserv domain default
#
drop-profile default
#
aaa
 authentication-scheme default
 authorization-scheme default
 accounting-scheme default
 domain default
 domain default_admin
 local-user admin password simple admin
 local-user admin service-type http
#
interface Vlanif1
#
interface MEth0/0/1
#
interface Ethernet0/0/1
 port link-type trunk
 port trunk allow-pass vlan 20
#
interface Ethernet0/0/2
 port link-type trunk
 port trunk allow-pass vlan 20
#
interface Ethernet0/0/3
 port link-type access
 port default vlan 20
#
interface Ethernet0/0/4
#
interface Ethernet0/0/5
#
interface Ethernet0/0/6
#
interface Ethernet0/0/7
#
interface Ethernet0/0/8
#
interface Ethernet0/0/9
#
interface Ethernet0/0/10
#
interface Ethernet0/0/11
#
interface Ethernet0/0/12
#
interface Ethernet0/0/13
#
interface Ethernet0/0/14
#
interface Ethernet0/0/15
#
interface Ethernet0/0/16
#
interface Ethernet0/0/17
#
interface Ethernet0/0/18
#
interface Ethernet0/0/19
#
interface Ethernet0/0/20
#
interface Ethernet0/0/21
#
interface Ethernet0/0/22
#
interface GigabitEthernet0/0/1
#
interface GigabitEthernet0/0/2
#
interface NULL0
#
user-interface con 0
user-interface vty 0 4
#
return

<SW6>

SW7:

<SW7>dis cur
#
sysname SW7
#
vlan batch 30
#
stp disable
#
cluster enable
ntdp enable
ndp enable
#
drop illegal-mac alarm
#
diffserv domain default
#
drop-profile default
#
aaa
 authentication-scheme default
 authorization-scheme default
 accounting-scheme default
 domain default
 domain default_admin
 local-user admin password simple admin
 local-user admin service-type http
#
interface Vlanif1
#
interface MEth0/0/1
#
interface Ethernet0/0/1
 port link-type trunk
 port trunk allow-pass vlan 30
#
interface Ethernet0/0/2
 port link-type trunk
 port trunk allow-pass vlan 30
#
interface Ethernet0/0/3
 port link-type access
 port default vlan 30
#
interface Ethernet0/0/4
#
interface Ethernet0/0/5
#
interface Ethernet0/0/6
#
interface Ethernet0/0/7
#
interface Ethernet0/0/8
#
interface Ethernet0/0/9
#
interface Ethernet0/0/10
#
interface Ethernet0/0/11
#
interface Ethernet0/0/12
#
interface Ethernet0/0/13
#
interface Ethernet0/0/14
#
interface Ethernet0/0/15
#
interface Ethernet0/0/16
#
interface Ethernet0/0/17
#
interface Ethernet0/0/18
#
interface Ethernet0/0/19
#
interface Ethernet0/0/20
#
interface Ethernet0/0/21
#
interface Ethernet0/0/22
#
interface GigabitEthernet0/0/1
#
interface GigabitEthernet0/0/2
#
interface NULL0
#
user-interface con 0
user-interface vty 0 4
#
return

<SW7>

6.实现效果:

PC2(DHCP) PC1-ping-PC2 PC1-ping-Server1/2 PC2-ping-Server1/2

SW5的g0/0/1口未断的时候:流量全部经过SW3

SW3 SW4

SW5的g0/0断的时候:

SW3 SW4 SW3

恢复SW5的g0/0/01:

SW3 SW4

小知识点:

1.浮动路由默认是优先级是60,越小越优先,如果是第二条路由优先级是比默认的要大,一般配置60以上

[R1]ip route-static 192.168.10.0 255.255.255.0 11.0.0.2  #默认是60
[R1]ip route-static 192.168.10.0 255.255.255.0 12.0.0.2 preference 70  # 上面的路宕了该条路由信息会自动写进路由表,路就会飘到12.0.0.2接口上
[R1]ip route-static 192.168.20.0 255.255.255.0 12.0.0.2
[R1]ip route-static 192.168.20.0 255.255.255.0 11.0.0.2 preference 70
  1. ARRP 优先级范围1-254 数值越大越优先,所以主ARRP优先级配置比备路由ARRP优先级数值大
  2. [sw1-Vlanif20]dhcp relay server-ip 192.168.100.1 Error: Please configure dhcp select relay first. [sw1-Vlanif20]dhcp select relay Error: Please enable DHCP in the global view first. [sw1-Vlanif20]q [sw1]dhcp enable 在交换机全局下开启dhcp,后面就能正常配置了。但dhcp服务器配置在路由器上了,并且在路由器上开启过dhcp enable了,这里交换机为什么还要在次开启呢 ? [sw1-Vlanif20]dhcp select relay 这里就正常了 [sw1-Vlanif20]dhcp relay server-ip 192.168.100.1

将vlanif10的流量走SW4:

设置SW3的vlanif10的 arrp优先级小于SW4的vlanif10的 arrp优先值(默认是100)

[SW3-Vlanif10]dis this
#
interface Vlanif10
 ip address 172.16.10.3 255.255.255.0
 vrrp vrid 1 virtual-ip 172.16.10.254
 vrrp vrid 1 priority 90
 vrrp vrid 1 track interface GigabitEthernet0/0/1 reduced 50
#
return
[SW3-Vlanif10]
[SW3-Vlanif10]dis vrrp brief
VRID  State        Interface                Type     Virtual IP     
----------------------------------------------------------------
1     Backup       Vlanif10                 Normal   172.16.10.254  
1     Master       Vlanif20                 Normal   172.16.20.254  
1     Master       Vlanif30                 Normal   172.16.30.254  
----------------------------------------------------------------
Total:3     Master:2     Backup:1     Non-active:0   
[SW4-Vlanif10]dis this
#
interface Vlanif10
 ip address 172.16.10.4 255.255.255.0
 vrrp vrid 1 virtual-ip 172.16.10.254
 vrrp vrid 1 priority 105
 vrrp vrid 1 track interface GigabitEthernet0/0/1 reduced 51
#
return
[SW4-Vlanif10]
[SW4-Vlanif10]dis vrrp brief
VRID  State        Interface                Type     Virtual IP     
----------------------------------------------------------------
1     Master       Vlanif10                 Normal   172.16.10.254  
1     Backup       Vlanif20                 Normal   172.16.20.254  
1     Backup       Vlanif30                 Normal   172.16.30.254  
----------------------------------------------------------------
Total:3     Master:1     Backup:2     Non-active:0     

将vlanif30的流量走SW4:

[SW3-Vlanif30]vrrp vrid 1 priority 80
[SW3-Vlanif30]
[SW3-Vlanif30]dis this
#
interface Vlanif30
 ip address 172.16.30.3 255.255.255.0
 vrrp vrid 1 virtual-ip 172.16.30.254
 vrrp vrid 1 priority 80
 vrrp vrid 1 track interface GigabitEthernet0/0/1 reduced 50
#
return
[SW3-Vlanif30]dis vrrp brief
VRID  State        Interface                Type     Virtual IP     
----------------------------------------------------------------
1     Backup       Vlanif10                 Normal   172.16.10.254  
1     Master       Vlanif20                 Normal   172.16.20.254  
1     Backup       Vlanif30                 Normal   172.16.30.254  
----------------------------------------------------------------
Total:3     Master:1     Backup:2     Non-active:0     
[SW3-Vlanif30]
[SW4-Vlanif10]int vlanif 30
[SW4-Vlanif30]dis this
#
interface Vlanif30
 ip address 172.16.30.4 255.255.255.0
 vrrp vrid 1 virtual-ip 172.16.30.254
 vrrp vrid 1 track interface GigabitEthernet0/0/1 reduced 51
#
return
[SW4-Vlanif30]dis vrrp brief
VRID  State        Interface                Type     Virtual IP     
----------------------------------------------------------------
1     Master       Vlanif10                 Normal   172.16.10.254  
1     Backup       Vlanif20                 Normal   172.16.20.254  
1     Master       Vlanif30                 Normal   172.16.30.254  
----------------------------------------------------------------
Total:3     Master:2     Backup:1     Non-active:0     
[SW4-Vlanif30]

文章作者: fejxc
版权声明: 本博客所有文章除特別声明外,均采用 CC BY 4.0 许可协议。转载请注明来源 fejxc !
评论
  目录