园区网拓扑作业

作业要求：

需求：

需求分析：

1.按照图示的VLAN及IP地址需求，完成相关配需：VLAN 2、3、20、30 已分配子网，需在交换机上创建 VLAN 并配置三层接口作为网关。确保各 VLAN 内设备能互通，跨 VLAN 通信需通过三层路由。

 2、要求SW1为VLAN 2/3的主根及主网关，SW2为vlan 20/30的主根及主网关，SW1和SW2互为备份：通过生成树协议（STP/MSTP）指定 VLAN 的根桥，避免环路。使用 VRRP/HSRP 实现主备网关切换。SW1 是 VLAN 2/3 的主网关，SW2 是 VLAN 20/30 的主网关，反之互为备份。

3.可以使用super vlan：将多个子 VLAN 共享一个三层接口，适用于 VLAN 2/3 和 VLAN 20/30 分别聚合。

4.上层通过静态路由协议完成数据通信过程：AR1 作为出口路由器，需配置默认路由指向 ISP，SW1/SW2 需配置静态路由指向 AR1，AR1 需配置回程路由。

5.AR1为企业出口路由器：负责内网与外网的通信，需配置 NAT 实现内网访问互联网。

6.要求全网可达：所有PC能ping通自己的网关，不同VLAN的PC之间能够互相通信，所有PC能ping通AR1的内部接口IP，所有PC能通过AR1访问外部网络，在主路径故障时（如LSW1宕机或连接AR1的链路断开），备份路径（LSW2）能接管对应VLAN的网关和路由功能，反之亦然，保证网络连通性。

相关配置：

sw1

 
[sw1]vlan batch 2 3 20 30
[sw1]int Eth-Trunk 0
[sw1-Eth-Trunk0]trunkport GigabitEthernet 0/0/1 to 0/0/2    
[sw1-Eth-Trunk0]port link-type trunk 
[sw1-Eth-Trunk0]port trunk allow-pass vlan 2 3 20 30
[sw1-Eth-Trunk0]q
[sw1]int g0/0/3    
[sw1-GigabitEthernet0/0/3]port link-type trunk     
[sw1-GigabitEthernet0/0/3]port trunk allow-pass vlan 2 3 20 30
[sw1-GigabitEthernet0/0/3]int g0/0/4
[sw1-GigabitEthernet0/0/4]port link-type trunk     
[sw1-GigabitEthernet0/0/4]port trunk allow-pass vlan 2 3 20 30
[sw1-GigabitEthernet0/0/4]q
 
lsw1
stp enable
stp mode mstp
[sw1]stp region-configuration
[sw1-mst-region]region-name aa  
[sw1-mst-region]revision-level 100 
[sw-4mst-region]instance 1 vlan 2 3  
[sw1-mst-region]instance 2 vlan 20 30
[sw1-mst-region]active region-configuration
 
 
[sw1]stp instance 1 root primary 
[sw1]stp instance 2 root secondary 
 
 
[sw1]interface Eth-Trunk 0    
[sw1-Eth-Trunk0]q
[sw1]int g0/0/3
[sw1-GigabitEthernet0/0/3]stp root-protection
 
 
[sw1]interface Vlanif 2
[sw1-Vlanif2]ip address 10.0.2.1 24
[sw1-Vlanif2]vrrp vrid 1 virtual-ip 10.0.2.254
更改vrrp的优先级 
 
[sw1-Vlanif2]vrrp vrid 1 priority 120
配置强制延时vrp 
 
[sw1-Vlanif2]vrrp vrid 1 preempt-mode timer delay 20
上行链路监控 
 
[sw1-Vlanif2]vrrp vrid 1 track interface GigabitEthernet 0/0/5 reduced 30
SW1中对vlan3的相关配置 
[sw1]interface Vlanif 3
[sw1-Vlanif3]ip address 10.0.3.1 24
[sw1-Vlanif3]vrrp vrid 1 virtual-ip 10.0.3.254
 更改vrrp的优先级
 
[sw1-Vlanif3]vrrp vrid 1 priority 120
 配置强制延时vrp
 
[sw1-Vlanif3]vrrp vrid 1 preempt-mode timer delay 20
 上行链路监控
 
[sw1-Vlanif3]vrrp vrid 1 track interface GigabitEthernet 0/0/5 reduced 30
配置备用vlan 
[sw1]interface Vlanif 20
[sw1-Vlanif20]ip address 10.0.20.1 24
[sw1-Vlanif20]vrrp vrid 1 virtual-ip 10.0.20.254    
[sw1]int Vlanif 30
[sw1-Vlanif30]ip address 10.0.30.1 24
[sw1-Vlanif30]vrrp vrid 1 virtual-ip 10.0.30.254
 
 
[sw1]dhcp enable 
[sw1]ip pool vlan2    
[sw1-ip-pool-vlan2]network 10.0.2.0 mask 24
配置虚拟网关和缺省
 
[sw1-ip-pool-vlan2]gateway-list 10.0.2.254    
[sw1-ip-pool-vlan2]dns-list 8.8.8.8
为了后面其他PC不重复获取同一地址，排除一部分地址 
 
[sw1-ip-pool-vlan2]excluded-ip-address 10.0.2.1 10.0.2.128
 
[sw1]interface Vlanif 2
[sw1-Vlanif2]dhcp select global 
 
[sw1]interface Vlanif 3
[sw1-Vlanif3]dhcp select global 
    
[sw1]interface Vlanif 20
[sw1-Vlanif20]dhcp select global 
 
[sw1]interface Vlanif 30
[sw1-Vlanif30]dhcp select global
 
 
[sw1]vlan 11
[sw1-vlan11]q    
[sw1]interface g0/0/5
[sw1-GigabitEthernet0/0/5]port link-type access     
[sw1-GigabitEthernet0/0/5]port default vlan 11
为vlan11配置IP 
 
[sw1]interface Vlanif 11
[sw1-Vlanif11]ip address 10.0.11.1 30
 
[sw1]ospf 1   
[sw1-ospf-1]area 0
[sw1-ospf-1-area-0.0.0.0]network 10.0.2.1 0.0.0.0
[sw1-ospf-1-area-0.0.0.0]network 10.0.3.1 0.0.0.0
[sw1-ospf-1-area-0.0.0.0]network 10.0.3.1 0.0.0.0
[sw1-ospf-1-area-0.0.0.0]network 10.0.11.1 0.0.0.0
[sw1-ospf-1-area-0.0.0.0]network 10.0.20.1 0.0.0.0
[sw1-ospf-1-area-0.0.0.0]network 10.0.30.1 0.0.0.0
 
 
[sw1]ospf 1
[sw1-ospf-1]silent-interface v    
[sw1-ospf-1]silent-interface Vlanif 2
[sw1-ospf-1]silent-interface Vlanif 3
[sw1-ospf-1]silent-interface Vlanif 20
[sw1-ospf-1]silent-interface Vlanif 30
 
 
[sw1]vlan 13
[sw1]int Eth-Trunk 0
[sw1-Eth-Trunk0]port trunk allow-pass vlan 13
 
[sw1-Vlanif13]ip address 10.0.13.1 30
 
[sw1]ospf 1
[sw1-ospf-1]a 0  
[sw1-ospf-1-area-0.0.0.0]network 10.0.13.1 0.0.0.0
 
 
    
[sw1]stp instance 0 root primary
 

sw2

 
[sw2]vlan batch 2 3 20 30
[sw2]int Eth-Trunk 0    
[sw2-Eth-Trunk0]trunkport GigabitEthernet 0/0/1 to 0/0/2
[sw2-Eth-Trunk0]q
[sw2]int g0/0/3
[sw2-GigabitEthernet0/0/3]port link-type trunk 
[sw2-GigabitEthernet0/0/3]port trunk allow-pass vlan 2 3 20 30
[sw2-GigabitEthernet0/0/3]int g0/0/4
[sw2-GigabitEthernet0/0/4]port link-type trunk
[sw2-GigabitEthernet0/0/4]port trunk allow-pass vlan 2 3 20 30
 
 
[sw2]stp enable 
[sw2]stp mode mstp 
[sw2]stp region-configuration
[sw2-mst-region] region-name aa
[sw2-mst-region] revision-level 100
[sw2-mst-region] instance 1 vlan 2 to 3
[sw2-mst-region] instance 2 vlan 20 30
[sw2-mst-region] active region-configuration
 
 
[sw2]stp instance 1 root secondary 
[sw2]stp instance 2 root primary
 
 
[sw2]interface Vlanif 2
[sw2-Vlanif2]ip address 10.0.2.2 24
[sw2-Vlanif2]vrrp vrid 1 virtual-ip 10.0.2.254
[sw2]interface Vlanif 3
[sw2-Vlanif3]ip address 10.0.3.2 24    
[sw2-Vlanif3]vrrp vrid 1 virtual-ip 10.0.3.254
SW2上对vlan20和30的配置 
 
[sw2]interface Vlanif 20
[sw2-Vlanif20]ip address 10.0.20.2 24
[sw2-Vlanif20]vrrp vrid 1 virtual-ip 10.0.20.254    
[sw2-Vlanif20]vrrp vrid 1 priority 120
[sw2-Vlanif20]vrrp vrid 1 preempt-mode timer delay 20
[sw2-Vlanif20]vrrp vrid 1 track interface GigabitEthernet 0/0/5 reduced 30    
 
[sw2]interface Vlanif 30
[sw2-Vlanif30]ip address 10.0.30.2 24    
[sw2-Vlanif30]vrrp vrid 1 virtual-ip 10.0.30.254
[sw2-Vlanif30]vrrp vrid 1 priority 120
[sw2-Vlanif30]vrrp vrid 1 preempt-mode timer delay 20    
[sw2-Vlanif30]vrrp vrid 1 track interface GigabitEthernet 0/0/5 reduced 30
 
 
[sw2]vlan 12
[sw2]int g0/0/5
[sw2-GigabitEthernet0/0/5]port link-type access     
[sw2-GigabitEthernet0/0/5]port  default vlan 12
[sw2-GigabitEthernet0/0/5]q    
[sw2]interface Vlanif 12
[sw2-Vlanif12]ip address 10.0.12.1 30
 
 
[sw2]ospf
[sw2-ospf-1]a    
[sw2-ospf-1]area
[sw2-ospf-1-area-0.0.0.0]network 10.0.2.2 0.0.0.0
[sw2-ospf-1-area-0.0.0.0]network 10.0.3.2 0.0.0.0
[sw2-ospf-1-area-0.0.0.0]network 10.0.20.2 0.0.0.0
[sw2-ospf-1-area-0.0.0.0]network 10.0.30.2 0.0.0.0
[sw2-ospf-1-area-0.0.0.0]network 10.0.12.1 0.0.0.0
 
[sw2]ospf 1    
[sw2-ospf-1]silent-interface Vlanif 2
[sw2-ospf-1]silent-interface Vlanif 3
[sw2-ospf-1]silent-interface Vlanif 20
[sw2-ospf-1]silent-interface Vlanif 30
 
 
[sw2]vlan 13
[sw2]int Eth-Trunk 0
[sw2-Eth-Trunk0]port trunk allow-pass vlan 13
 
[sw2-Vlanif13]ip address 10.0.13.2 30
 
 
[sw2]ospf 1
[sw2-ospf-1]a 0
[sw2-ospf-1-area-0.0.0.0]network 10.0.13.2 0.0.0.0
 
 
[sw2]stp instance 0 r    
[sw2]stp instance 0 root s    
[sw2]stp instance 0 root secondary 
 

sw3

[sw3]vlan batch 2 3 20 30
将sw3的接口分配到对应vlan中
 
[sw3]int g0/0/1
[sw3-GigabitEthernet0/0/1]port link-type access 
[sw3-GigabitEthernet0/0/1]port default  vlan 2
[sw3-GigabitEthernet0/0/1]int g0/0/2
[sw3-GigabitEthernet0/0/2]port link-type access 
[sw3-GigabitEthernet0/0/2]port default vlan 3
[sw3-GigabitEthernet0/0/2]int g0/0/3
[sw3-GigabitEthernet0/0/3]port link-type trunk     
[sw3-GigabitEthernet0/0/3]port trunk allow-pass vlan 2 3 20 30
[sw3-GigabitEthernet0/0/3]int g0/0/4
[sw3-GigabitEthernet0/0/4]port link-type trunk     
[sw3-GigabitEthernet0/0/4]port trunk allow-pass vlan 2 3 20 30
 
[sw3]stp enable 
[sw3]stp mode mstp
[sw3]stp region-configuration 
[sw3-mst-region]region-name aa
[sw3-mst-region]revision-level 100
[sw3-mst-region]instance 1 vlan 2 3    
[sw3-mst-region]instance 2 vlan 20 30
[sw3-mst-region]active region-configuration
 
 
[sw3-GigabitEthernet0/0/1]stp ed    
[sw3-GigabitEthernet0/0/1]stp edged-port e    
[sw3-GigabitEthernet0/0/1]stp edged-port enable
 

sw4

 
[sw4]vlan batch 2 3 20 30
[sw4-GigabitEthernet0/0/1]port link-type access     
[sw4-GigabitEthernet0/0/1]port default vlan 20
[sw4-GigabitEthernet0/0/1]int g0/0/2
[sw4-GigabitEthernet0/0/2]port link-type access     
[sw4-GigabitEthernet0/0/2]port default vlan 30
[sw4-GigabitEthernet0/0/2]int g0/0/3
[sw4-GigabitEthernet0/0/3]port link-type trunk 
[sw4-GigabitEthernet0/0/3]port trunk allow-pass vlan 2 3 20 30
[sw4-GigabitEthernet0/0/3]int g0/0/4
[sw4-GigabitEthernet0/0/4]port link-type trunk 
[sw4-GigabitEthernet0/0/4]port trunk allow-pass vlan 2 3 20 30
 
 
[sw4]stp enable     
[sw4]stp mode mstp 
[sw4]stp region-configuration
[sw4-mst-region] region-name aa
[sw4-mst-region] revision-level 100
[sw4-mst-region] instance 1 vlan 2 to 3
[sw4-mst-region] instance 2 vlan 20 30
[sw4-mst-region] active region-configuration
 

AR1

 
[AR1]int g0/0/1
[AR1-GigabitEthernet0/0/1]ip ad    
[AR1-GigabitEthernet0/0/1]ip address 10.0.11.2 30
 
[AR1-GigabitEthernet0/0/1]int g0/0/2
[AR1-GigabitEthernet0/0/2]ip ad    
[AR1-GigabitEthernet0/0/2]ip address 10.0.12.2 30
 
 
[AR1]ospf
[AR1-ospf-1]area 0
[AR1-ospf-1-area-0.0.0.0]network 10.0.11.2 0.0.0.0
[AR1-ospf-1-area-0.0.0.0]network 10.0.12.2 0.0.0.0
 
 
[AR1]int g0/0/0
[AR1-GigabitEthernet0/0/0]ip ad    
[AR1-GigabitEthernet0/0/0]ip address 202.1.1.1 30
 
 
[AR1]ip route-static 0.0.0.0 0 202.1.1.2
AR1启用ospf协议 
 
[AR1]ospf 1
[AR1-ospf-1]default-route-advertise
为了让ISP信息可以传回来，运用acl 和nat技术
 
[AR1]acl 2000
[AR1-acl-basic-2000]ru    
[AR1-acl-basic-2000]rule p    
[AR1-acl-basic-2000]rule permit s    
[AR1-acl-basic-2000]rule permit source 10.0.0.0 0.0.255.255
[AR1-acl-basic-2000]q
[AR1]int    
[AR1]interface g0/0/0
[AR1-GigabitEthernet0/0/0]n    
[AR1-GigabitEthernet0/0/0]nat ou    
[AR1-GigabitEthernet0/0/0]nat outbound 2000
 

ISP

 
[ISP]int g0/0/0
[ISP-GigabitEthernet0/0/0]ip ad    
[ISP-GigabitEthernet0/0/0]ip address 202.1.1.2 30
[ISP-GigabitEthernet0/0/0]q    
[ISP]interface l    
[ISP]interface LoopBack 0
[ISP-LoopBack0]ip ad    
[ISP-LoopBack0]ip address 100.100.100.100 32

pc1

pc2

pc3

pc4

检验