NE综合实验3:链路聚合、VLAN与Trunk、STP、DHCP、OSPF及PPP整合部署
NE综合实验3
链路聚合:通过LACP或静态聚合提升带宽与冗余性
VLAN与Trunk:跨交换机VLAN通信及Trunk端口配置
STP:生成树协议优化网络拓扑防环
DHCP:动态地址分配与中继配置
OSPF:动态路由协议实现多区域互联
默认路由:边界设备外网流量引导
PPP:广域网链路认证与封装
一、实验拓扑
二、实验需求
- IP地址配置如图,公司网络通过R1连接互联网
- SW1和SW2之间的直连链路配置链路聚合
- 公司内部业务网段为vlan10和vlan20;PC1属于vlan10,PC2属于vlan20,vlan30用于SW1和SW2建立OSPF邻居;vlan111为SW1和R1的互联vlan,vlan222为SW2和R2的互联vlan
- 所有交换机相连的端口配置为trunk,不允许无关流量通过
- 交换区域配置生成树,要求SW2为根网桥,闭塞端口在SW3上
- 交换机连接PC的端口配置为边缘端口
- 在SW1配置DHCP服务,为vlan10和vlan20的PC动态分配IP地址、网关和DNS地址;要求vlan10的网关是192.168.1.252,vlan20的网关是192.168.2.253
- 按图示分区域配置OSPF实现公司内部网络全网互通,R1和R2的环回口宣告进骨干区域;业务网段不允许出现协议报文(即配置静默接口)
- R1上配置默认路由指向互联网,并引入到OSPF
- R1通过双线连接到互联网,配置MP-GROUP,并配置双向chap验证
- 只有业务网段192.168.1.0/24和192.168.2.0/24的数据流可以通过R1访问互联网
- R1开启TELNET远程管理
三、实验步骤
-
IP地址配置如图,公司网络通过R1连接互联网
[R1]int g0/0 [R1-GigabitEthernet0/0]ip add 10.0.0.5 30 [R1-GigabitEthernet0/0]int g0/1 [R1-GigabitEthernet0/1]ip add 10.0.0.1 30 [R1-GigabitEthernet0/1]int g0/2 [R1-GigabitEthernet0/2]ip add 10.0.0.14 30 [R1-GigabitEthernet0/2]int lo0 [R1-LoopBack0]ip add 10.1.1.1 32 [R1-LoopBack0]qu
[R2]int g0/0 [R2-GigabitEthernet0/0]ip add 10.0.0.9 30 [R2-GigabitEthernet0/0]int g0/1 [R2-GigabitEthernet0/1]ip add 10.0.0.18 30 [R2-GigabitEthernet0/1]int g0/2 [R2-GigabitEthernet0/2]ip add 10.0.0.2 30 [R2-GigabitEthernet0/2]int lo0 [R2-LoopBack0]ip add 10.1.1.2 32 [R2-LoopBack0]qu
[R3]int g0/0 [R3-GigabitEthernet0/0]ip add 10.0.0.13 30 [R3-GigabitEthernet0/0]int g0/1 [R3-GigabitEthernet0/1]ip add 10.0.0.17 30 [R3-GigabitEthernet0/1]int g0/2 [R3-GigabitEthernet0/2]ip add 192.168.3.254 24 [R3-GigabitEthernet0/2]int lo0 [R3-LoopBack0]ip add 10.1.1.3 32 [R3-LoopBack0]qu
[SW1]vlan 10 [SW1-vlan10]vlan 20 [SW1-vlan20]vlan 30 [SW1-vlan30]vlan 111 [SW1-vlan111]int vlan 10 [SW1-Vlan-interface10]ip add 192.168.1.252 24 [SW1-Vlan-interface10]int vlan 20 [SW1-Vlan-interface20]ip add 192.168.2.252 24 [SW1-Vlan-interface20]int vlan 30 [SW1-Vlan-interface30]ip add 10.1.2.1 30 [SW1-Vlan-interface30]int vlan 111 [SW1-Vlan-interface111]ip add 10.0.0.6 30 [SW1-Vlan-interface111]int lo0 [SW1-LoopBack0]ip add 10.1.1.11 32 [SW1-LoopBack0]qu
[SW2]vlan 10 [SW2-vlan10]vlan 20 [SW2-vlan20]vlan 30 [SW2-vlan30]vlan 222 [SW2-vlan222]int vlan 10 [SW2-Vlan-interface10]ip add 192.168.1.253 24 [SW2-Vlan-interface10]int vlan 20 [SW2-Vlan-interface20]ip add 192.168.2.253 24 [SW2-Vlan-interface20]int vlan 30 [SW2-Vlan-interface30]ip add 10.1.2.2 30 [SW2-Vlan-interface30]int vlan 222 [SW2-Vlan-interface222]ip add 10.0.0.10 30 [SW2-Vlan-interface222]int lo0 [SW2-LoopBack0]ip add 10.1.1.12 32 [SW2-LoopBack0]qu
-
SW1和SW2之间的直连链路配置链路聚合
[SW1]int Bridge-Aggregation 1 [SW1-Bridge-Aggregation1]qu [SW1]int g1/0/1 [SW1-GigabitEthernet1/0/1]port link-aggregation group 1 [SW1-GigabitEthernet1/0/1]int g1/0/2 [SW1-GigabitEthernet1/0/2]port link-aggregation group 1 [SW1-GigabitEthernet1/0/2]qu
[SW2]int Bridge-Aggregation 1 [SW2-Bridge-Aggregation1]qu [SW2]int g1/0/1 [SW2-GigabitEthernet1/0/1]port link-aggregation group 1 [SW2-GigabitEthernet1/0/1]int g1/0/2 [SW2-GigabitEthernet1/0/2]port link-aggregation group 1 [SW2-GigabitEthernet1/0/2]qu
-
PC1属于vlan10,PC2属于vlan20
[SW3]vlan 10 [SW3-vlan10]port g1/0/3 [SW3-vlan10]vlan 20 [SW3-vlan20]port g1/0/4 [SW3-vlan20]qu
-
vlan111为SW1和R1的互联vlan,vlan222为SW2和R2的互联vlan
[SW1]vlan 111 [SW1-vlan111]port g1/0/4 [SW1-vlan111]qu
[SW2]vlan 222 [SW2-vlan222]port g1/0/4 [SW2-vlan222]qu
-
所有交换机相连的端口配置为trunk,不允许无关流量通过
[SW1]int Bridge-Aggregation 1 [SW1-Bridge-Aggregation1]port link-type trunk [SW1-Bridge-Aggregation1]port trunk permit vlan 10 20 30 [SW1-Bridge-Aggregation1]qu [SW1]int g1/0/3 [SW1-GigabitEthernet1/0/3]port link-type trunk [SW1-GigabitEthernet1/0/3]port trunk permit vlan 10 20 [SW1-GigabitEthernet1/0/3]qu
[SW2]int Bridge-Aggregation 1 [SW2-Bridge-Aggregation1]port link-type trunk [SW2-Bridge-Aggregation1]port trunk permit vlan 10 20 30 [SW2-Bridge-Aggregation1]qu [SW2]int g1/0/3 [SW2-GigabitEthernet1/0/3]port link-type trunk [SW2-GigabitEthernet1/0/3]port trunk permit vlan 10 20 [SW2-GigabitEthernet1/0/3]qu
[SW3]int g1/0/1 [SW3-GigabitEthernet1/0/1]port link-type trunk [SW3-GigabitEthernet1/0/1]port trunk permit vlan 10 20 [SW3-GigabitEthernet1/0/1]int g1/0/2 [SW3-GigabitEthernet1/0/2]port link-type trunk [SW3-GigabitEthernet1/0/2]port trunk permit vlan 10 20 [SW3-GigabitEthernet1/0/4]qu
-
交换区域配置生成树,要求SW2为根网桥,闭塞端口在SW3上
[SW2]stp priority 4096
<SW1>dis stp brMST ID Port Role STP State Protection0 Bridge-Aggregation1 ROOT FORWARDING NONE0 GigabitEthernet1/0/3 DESI FORWARDING NONE0 GigabitEthernet1/0/4 DESI FORWARDING NONE
[SW2]dis stp brMST ID Port Role STP State Protection0 Bridge-Aggregation1 DESI FORWARDING NONE0 GigabitEthernet1/0/3 DESI FORWARDING NONE0 GigabitEthernet1/0/4 DESI FORWARDING NONE
[SW3]dis stp brMST ID Port Role STP State Protection0 GigabitEthernet1/0/1 ALTE DISCARDING NONE0 GigabitEthernet1/0/2 ROOT FORWARDING NONE0 GigabitEthernet1/0/3 DESI FORWARDING NONE0 GigabitEthernet1/0/4 DESI FORWARDING NONE
-
交换机连接PC的端口配置为边缘端口
[SW3-GigabitEthernet1/0/2]int g1/0/3 [SW3-GigabitEthernet1/0/3]stp edg [SW3-GigabitEthernet1/0/3]int g1/0/4 [SW3-GigabitEthernet1/0/4]stp edg [SW3-GigabitEthernet1/0/4]qu
-
在SW1配置DHCP服务,为vlan10和vlan20的PC动态分配IP地址、网关和DNS地址;要求vlan10的网关是192.168.1.252,vlan20的网关是192.168.2.253
[SW1]dhcp enable [SW1]dhcp server ip-pool 1 [SW1-dhcp-pool-1]net 192.168.1.0 24 [SW1-dhcp-pool-1]gateway-list 192.168.1.252 [SW1-dhcp-pool-1]dns-list 114.114.114.114 [SW1-dhcp-pool-1]expired day 1 [SW1-dhcp-pool-1]qu [SW1]dhcp server ip-pool 2 [SW1-dhcp-pool-2]net 192.168.2.0 24 [SW1-dhcp-pool-2]gateway-list 192.168.2.253 [SW1-dhcp-pool-2]dns-list 114.114.114.114 [SW1-dhcp-pool-2]expired day 1 [SW1-dhcp-pool-2]qu
[SW1]dis dhcp server ip-in-use IP address Client identifier/ Lease expiration TypeHardware address 192.168.1.1 0035-3666-662e-3462- Jul 16 18:56:39 2025 Auto(C) 3836-2e30-3830-362d- 4745-302f-302f-31 192.168.2.1 0035-3666-662e-3464- Jul 16 18:56:44 2025 Auto(C) 3736-2e30-3930-362d- 4745-302f-302f-31
-
按图示分区域配置OSPF实现公司内部网络全网互通,R1和R2的环回口宣告进骨干区域
[R1]ospf 1 router-id 10.1.1.1 [R1-ospf-1]a 0 [R1-ospf-1-area-0.0.0.0]net 10.0.0.1 0.0.0.0 [R1-ospf-1-area-0.0.0.0]net 10.0.0.14 0.0.0.0 [R1-ospf-1-area-0.0.0.0]net 10.1.1.1 0.0.0.0 [R1-ospf-1-area-0.0.0.0]a 1 [R1-ospf-1-area-0.0.0.1]net 10.0.0.5 0.0.0.0 [R1-ospf-1-area-0.0.0.1]qu [R1-ospf-1]qu
[R2]ospf 1 router-id 10.1.1.2 [R2-ospf-1]a 0 [R2-ospf-1-area-0.0.0.0]net 10.0.0.18 0.0.0.0 [R2-ospf-1-area-0.0.0.0]net 10.0.0.2 0.0.0.0 [R2-ospf-1-area-0.0.0.0]net 10.1.1.2 0.0.0.0 [R2-ospf-1-area-0.0.0.0]a 1 [R2-ospf-1-area-0.0.0.1]net 10.0.0.9 0.0.0.0 [R2-ospf-1-area-0.0.0.1]qu [R2-ospf-1]qu
[R3]ospf 1 router-id 10.1.1.3 [R3-ospf-1]a 0 [R3-ospf-1-area-0.0.0.0]net 10.0.0.13 0.0.0.0 [R3-ospf-1-area-0.0.0.0]net 10.0.0.17 0.0.0.0 [R3-ospf-1-area-0.0.0.0]net 192.168.3.254 0.0.0.255 [R3-ospf-1-area-0.0.0.0]net 10.1.1.3 0.0.0.0 [R3-ospf-1-area-0.0.0.0]qu [R3-ospf-1]qu
[SW1]ospf 1 rou [SW1]ospf 1 router-id 10.1.1.11 [SW1-ospf-1]a 1 [SW1-ospf-1-area-0.0.0.1]net 192.168.1.0 0.0.0.255 [SW1-ospf-1-area-0.0.0.1]net 192.168.2.0 0.0.0.255 [SW1-ospf-1-area-0.0.0.1]net 10.1.2.1 0.0.0.0 [SW1-ospf-1-area-0.0.0.1]net 10.0.0.6 0.0.0.0 [SW1-ospf-1-area-0.0.0.1]net 10.1.1.11 0.0.0.0 [SW1-ospf-1-area-0.0.0.1]qu [sw1-ospf-1]qu
[SW2]ospf 1 router-id 10.1.1.12 [SW2-ospf-1]a 1 [SW2-ospf-1-area-0.0.0.1]net 192.168.1.0 0.0.0.255 [SW2-ospf-1-area-0.0.0.1]net 192.168.2.0 0.0.0.255 [SW2-ospf-1-area-0.0.0.1]net 10.1.2.2 0.0.0.0 [SW2-ospf-1-area-0.0.0.1]net 10.0.0.10 0.0.0.0 [SW2-ospf-1-area-0.0.0.1]net 10.1.1.12 0.0.0.0 [SW2-ospf-1-area-0.0.0.1]qu [SW2-ospf-1]qu
-
业务网段不允许出现协议报文(即配置静默接口)
[SW1]ospf 1 [SW1-ospf-1]silent-interface Vlan 10 [SW1-ospf-1]silent-interface Vlan 20 [SW1-ospf-1]qu
[SW2]ospf 1 [SW2-ospf-1]silent-interface Vlan 10 [SW2-ospf-1]silent-interface Vlan 20 [SW2-ospf-1]qu
[R3]ospf [R3-ospf-1]silent-interface g0/2 [R3-ospf-1]qu
-
R1上配置默认路由指向互联网,并引入到OSPF
[R1]ip route-static 0.0.0.0 0 202.100.1.1 [R1]ospf 1 [R1-ospf-1]default-route-advertise [R1-ospf-1]qu
-
R1通过双线连接到互联网,配置MP-GROUP,并配置双向chap验证
[R1]int MP-group 1 [R1-MP-group1]qu [R1]local-user wiltjer class network New local user added. [R1-luser-network-wiltjer]password simple 123456 [R1-luser-network-wiltjer]service-type ppp [R1-luser-network-wiltjer]qu[R1]int s1/0 [R1-Serial1/0]ppp mp MP-group 1 [R1-Serial1/0]ppp chap user wiltjer1 [R1-Serial1/0]int s2/0 [R1-Serial2/0]ppp mp MP-group 1 [R1-Serial2/0]ppp chap user wiltjer1 [R1-Serial2/0]qu
[INTERNET]int MP-group 1 [INTERNET-MP-group1]qu [INTERNET]local-user wiltjer class network New local user added. [INTERNET-luser-network-wiltjer]password simple 123456 [INTERNET-luser-network-wiltjer]service-type ppp [INTERNET-luser-network-wiltjer]qu[INTERNET]int s1/0 [INTERNET-Serial1/0]ppp mp MP-group 1 [INTERNET-Serial1/0]ppp chap user wiltjer [INTERNET-Serial1/0]int s2/0 [INTERNET-Serial2/0]ppp mp MP-group 1 [INTERNET-Serial2/0]ppp chap user wiltjer [INTERNET-Serial2/0]qu
-
只有业务网段192.168.1.0/24和192.168.2.0/24的数据流可以通过R1访问互联网
[R1]acl basic 2000 [R1-acl-ipv4-basic-2000]rule permit source 192.168.1.0 0.0.0.255 [R1-acl-ipv4-basic-2000]rule permit source 192.168.2.0 0.0.0.255 [R1-acl-ipv4-basic-2000]qu[R1]int MP-group 1 [R1-MP-group1]nat outbound 2000 [R1-MP-group1]qu
-
R1开启TELNET远程管理
[R1]local-user wiltjer class manage New local user added. [R1-luser-manage-wiltjer]password simple 123456.com [R1-luser-manage-wiltjer]authorization-attribute user-role level-15 [R1-luser-manage-wiltjer]service-type telnet [R1-luser-manage-wiltjer]qu[R1]user-interface vty 0 4 [R1-line-vty0-4]authentication-mode scheme [R1-line-vty0-4]qu