三层架构的实验
实验要求
思路
1. 拓扑的设计——网络需求,地址规划
内网172.16.0.0/16
172.16.0.0/24 骨干172.16.0.0/30 172.16.0.4/30
2. 实施
2.1. 手工拓扑
2.2. 配置
2.2.1 交换部分的拓扑配置
2.2.2 IP地址(交换的最后一步,路由是最先配)
2.2.3 路由
2.2.4 策略——优化,规则,安全
2.2.5 测试
2.2.6 排错
3.维护
4.升级
要想到的协议
eht-trunk vlan-创建vlan,划入vlan trunk干道 SVI STP VRRP DHCP
排个顺序
eht-trunk 创建vlan 划入vlan trunk干道 STP SVI VRRP(网关冗余) DHCP
首先 eth-trunk
先取名哦
<Huawei>system-view
Enter system view, return user view with Ctrl+Z.
[Huawei]sysname l1
<Huawei>system-view
Enter system view, return user view with Ctrl+Z.
[Huawei]sysname l2
<Huawei>system-view
Enter system view, return user view with Ctrl+Z.
[Huawei]sysname l3
<Huawei>system-view
Enter system view, return user view with Ctrl+Z.
[Huawei]sysname l4
建立eth-trunk
[l1]int Eth-Trunk 0
[l1]int g0/0/2
[l1-GigabitEthernet0/0/2]eth-trunk 0
[l1-GigabitEthernet0/0/2]int g 0/0/3
[l1-GigabitEthernet0/0/3]eth-trunk 0
[l2]int Eth-Trunk 0
[l2]int g0/0/2
[l2-GigabitEthernet0/0/2]eth-trunk 0
[l2-GigabitEthernet0/0/2]int g 0/0/3
[l2-GigabitEthernet0/0/3]eth-trunk 0
建立VLAN
[l1]vlan 2
[l1-vlan2]
[l1-vlan2]q
[l2]vlan 2
[l2-vlan2]
[l2-vlan2]q
[l3]vlan 2
[l3-vlan2]
[l3-vlan2]q
[l4]vlan 2
[l4-vlan2]
[l4-vlan2]q
划入vlan
[l3]int e0/0/4
[l3-Ethernet0/0/4]port link-type access
[l3-Ethernet0/0/4]port default vlan 2
[l4]int e0/0/4
[l4-Ethernet0/0/4]port link-type access
[l4-Ethernet0/0/4]port default vlan 2
trunk干道
[l1]port-group group-member Eth-Trunk 0 g 0/0/4 to g0/0/5
[l1-port-group]port link-type trunk
[l1-Eth-Trunk0]port link-type trunk
[l1-GigabitEthernet0/0/4]port link-type trunk
[l1-GigabitEthernet0/0/5]port link-type trunk
[l1-port-group]port trunk allow-pass vlan 2
[l1-Eth-Trunk0]port trunk allow-pass vlan 2
[l1-GigabitEthernet0/0/4]port trunk allow-pass vlan 2
[l1-GigabitEthernet0/0/5]port trunk allow-pass vlan 2
[l2]port-group group-member Eth-Trunk 0 g0/0/4 to g0/0/5
[l2-port-group]port link-type trunk
[l2-Eth-Trunk0]port link-type trunk
[l2-GigabitEthernet0/0/4]port link-type trunk
[l2-GigabitEthernet0/0/5]port link-type trunk
[l2-port-group]port trunk allow-pass vlan 2
[l2-Eth-Trunk0]port trunk allow-pass vlan 2
[l2-GigabitEthernet0/0/4]port trunk allow-pass vlan 2
[l2-GigabitEthernet0/0/5]port trunk allow-pass vlan 2
[l3]port-group group-member e0/0/1 to e0/0/2
[l3-port-group]port link-type trunk
[l3-Ethernet0/0/1]port link-type trunk
[l3-Ethernet0/0/2]port link-type trunk
[l3-port-group]port trunk allow-pass vlan 2
[l3-Ethernet0/0/1]port trunk allow-pass vlan 2
[l3-Ethernet0/0/2]port trunk allow-pass vlan 2
[l4]port-group group-member e0/0/1 to e0/0/2
[l4-port-group]port link-type trunk
[l4-Ethernet0/0/1]port link-type trunk
[l4-Ethernet0/0/2]port link-type trunk
[l4-port-group]port trunk allow-pass vlan 2
[l4-Ethernet0/0/1]port trunk allow-pass vlan 2
[l4-Ethernet0/0/2]port trunk allow-pass vlan 2
[l1]display stp brief
MSTID Port Role STP State Protection
0 GigabitEthernet0/0/1 DESI FORWARDING NONE
0 GigabitEthernet0/0/4 DESI FORWARDING NONE
0 GigabitEthernet0/0/5 DESI FORWARDING NONE
0 Eth-Trunk0 ROOT FORWARDING NONE
[l1]
STP
[l1]stp mode mstp
[l1]stp enable
[l1]stp region-configuration
[l1-mst-region]region-name a
[l1-mst-region]instance 1 vlan 1
[l1-mst-region]instance 2 vlan 2
[l1-mst-region]active region-configuration
[l1]display stp brief
MSTID Port Role STP State Protection
0 GigabitEthernet0/0/1 DESI FORWARDING NONE
0 GigabitEthernet0/0/4 DESI FORWARDING NONE
0 GigabitEthernet0/0/5 DESI FORWARDING NONE
0 Eth-Trunk0 ROOT FORWARDING NONE
1 GigabitEthernet0/0/1 DESI FORWARDING NONE
1 GigabitEthernet0/0/4 DESI FORWARDING NONE
1 GigabitEthernet0/0/5 DESI FORWARDING NONE
1 Eth-Trunk0 DESI FORWARDING NONE
2 GigabitEthernet0/0/4 DESI FORWARDING NONE
2 GigabitEthernet0/0/5 DESI FORWARDING NONE
2 Eth-Trunk0 ROOT FORWARDING NONE
[l2]stp mode mstp
[l2]stp enable
[l2]stp region-configuration
[l2-mst-region]region-name a
[l2-mst-region]instance 1 vlan 1
[l2-mst-region]instance 2 vlan 2
[l2-mst-region]active region-configuration
[l2]display stp brief
MSTID Port Role STP State Protection
0 GigabitEthernet0/0/1 DESI FORWARDING NONE
0 GigabitEthernet0/0/4 DESI FORWARDING NONE
0 GigabitEthernet0/0/5 DESI FORWARDING NONE
0 Eth-Trunk0 DESI FORWARDING NONE
1 GigabitEthernet0/0/1 DESI FORWARDING NONE
1 GigabitEthernet0/0/4 DESI FORWARDING NONE
1 GigabitEthernet0/0/5 DESI FORWARDING NONE
1 Eth-Trunk0 ROOT FORWARDING NONE
2 GigabitEthernet0/0/4 DESI FORWARDING NONE
2 GigabitEthernet0/0/5 DESI FORWARDING NONE
2 Eth-Trunk0 DESI FORWARDING NONE
[l2] User interface con0 is available
[l3]stp mode mstp
[l3]stp enable
[l3]stp region-configuration
[l3-mst-region]region-name a
[l3-mst-region]instance 1 vlan 1
[l3-mst-region]instance 2 vlan 2
[l3-mst-region]active region-configuration
[l4]stp mode mstp
[l4]stp enable
[l4]stp region-configuration
[l4-mst-region]region-name a
[l4-mst-region]instance 1 vlan 1
[l4-mst-region]instance 2 vlan 2
[l4-mst-region]active region-configuration
调边缘接口,可以更快些
[l3]int e 0/0/3
[l3-Ethernet0/0/3]stp edged-port enable
[l3]int e 0/0/4
[l3-Ethernet0/0/4]stp edged-port enable
[l4]port-group group-member e0/0/3 to e0/0/4
[l4-port-group]stp edged-port enable
[l4-Ethernet0/0/3]stp edged-port enable
[l4-Ethernet0/0/4]stp edged-port enable
SVI
[l1]int vlan1
[l1-Vlanif1]ip address 172.16.1.1 25
[l1]int vlan 2
[l1-Vlanif2]ip address 172.16.1.129 25
[l2]int vlan1
[l2-Vlanif1]ip address 172.16.1.2 25
[l2]int vlan2
[l2-Vlanif2]ip address 172.16.1.130 25
[l1]int vlan1
VRRP
[l1-Vlanif1]vrrp vrid 1 virtual-ip 172.16.1.126
[l1-Vlanif1]vrrp vrid 1 priority 105
[l1-Vlanif1]vrrp vrid 1 track interface g 0/0/1 reduced 10
[l1-Vlanif1]int vlan 2
[l1-Vlanif2]vrrp vrid 1 virtual-ip 172.16.1.254
[l1-Vlanif2]display vrrp brief
VRID State Interface Type Virtual IP
----------------------------------------------------------------
1 Master Vlanif1 Normal 172.16.1.126
1 Backup Vlanif2 Normal 172.16.1.254
----------------------------------------------------------------
Total:2 Master:1 Backup:1 Non-active:0
[l2-Vlanif2]int vlan 1
[l2-Vlanif1]vrrp vrid 1 virtual-ip 172.16.1.126
[l2]int vlan 2
[l2-Vlanif2]vrrp vrid 1 virtual-ip 172.16.1.254
[l2-Vlanif2]vrrp vrid 1 priority 105
[l2-Vlanif2]vrrp vrid 1 track int g0/0/1 reduce 10
[l2-Vlanif2]display vrrp brief
VRID State Interface Type Virtual IP
----------------------------------------------------------------
1 Backup Vlanif1 Normal 172.16.1.126
1 Master Vlanif2 Normal 172.16.1.254
----------------------------------------------------------------
Total:2 Master:1 Backup:1 Non-active:0
DHCP
[l1]dhcp enable
[l1]ip pool v1
[l1-ip-pool-v1]network 172.16.1.0 mask 25
[l1-ip-pool-v1]gateway-list 172.16.1.126
[l1-ip-pool-v1]dns-list 114.114.114.114 8.8.8.8
[l1]int vlan 1
[l1-Vlanif1]dhcp select global
[l1-Vlanif1]int vlan 2
[l1-Vlanif2]dhcp select global
[l1-Vlanif2]ip pool v2
[l1-ip-pool-v2]network 172.16.1.128 mask 25
[l1-ip-pool-v2]gateway-list 172.16.1.254
[l1-ip-pool-v2]dns-list 114.114.114.114 8.8.8.8
[l2]dhcp enable
[l2]ip pool v1
[l2-ip-pool-v1]network 172.16.1.0 mask 25
[l2-ip-pool-v1]gateway-list 172.16.1.126
[l2-ip-pool-v1]dns-list 114.114.114.114 8.8.8.8
[l2]int vlan 1
[l2-Vlanif1]dhcp select global
[l2-Vlanif1]int vlan 2
[l2-Vlanif2]dhcp select global
[l2-Vlanif2]ip pool v2
[l2-ip-pool-v2]network 172.16.1.128 mask 25
[l2-ip-pool-v2]gateway-list 172.16.1.254
[l2-ip-pool-v2]dns-list 114.114.114.114 8.8.8.8
连通三层
[l1]vlan 100
[l1-Vlanif100]ip address 172.16.0.2 30
[l1]int g 0/0/1
[l1-GigabitEthernet0/0/1]port link-type access
[l1-GigabitEthernet0/0/1]port default vlan 100
[l2]vlan 100
[l2]interface g 0/0/1
[l2-GigabitEthernet0/0/1]p l a
[l2-GigabitEthernet0/0/1]p d vlan 100
[l2]int vlan 100
[l2-Vlanif100]ip add 172.16.0.6 30
<Huawei>sy
Enter system view, return user view with Ctrl+Z.
[Huawei]sysname r1
[r1]int g0/0/0
[r1-GigabitEthernet0/0/0]ip address 12.1.1.1 24
[r1-GigabitEthernet0/0/0]int g0/0/1
[r1-GigabitEthernet0/0/1]ip add 172.16.0.1 30
[r1]int g 0/0/2
[r1-GigabitEthernet0/0/2]ip address 172.16.0.5 30
OSPF
[l1]ospf 1 router-id 1.1.1.1
[l1-ospf-1]area 0
[l1-ospf-1-area-0.0.0.0]network 172.16.0.0 0
[l2]ospf 1 router-id 2.2.2.2
[l2-ospf-1]area 0
[l2-ospf-1-area-0.0.0.0]network 172.16.0.0 0.0.255.255
[r1]ospf 1 router-id 11.11.11.11
[r1-ospf-1-area-0.0.0.0]network 172.16.0.0 0.0.255.255
[l1-ospf-1]silent-interface all
[l1-ospf-1]undo silent-interface Vlanif 100
[l1-ospf-1]undo silent-interface Eth-Trunk 0
[l1-ospf-1]display ip routing-table
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Routing Tables: Public
Destinations : 11 Routes : 11
Destination/Mask Proto Pre Cost Flags NextHop Interface
0.0.0.0/0 O_ASE 150 1 D 172.16.0.1 Vlanif100
127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0
127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0
172.16.0.0/30 Direct 0 0 D 172.16.0.2 Vlanif100
172.16.0.2/32 Direct 0 0 D 127.0.0.1 Vlanif100
172.16.0.4/30 OSPF 10 2 D 172.16.0.1 Vlanif100
172.16.1.0/25 Direct 0 0 D 172.16.1.1 Vlanif1
172.16.1.1/32 Direct 0 0 D 127.0.0.1 Vlanif1
172.16.1.126/32 Direct 0 0 D 127.0.0.1 Vlanif1
172.16.1.128/25 Direct 0 0 D 172.16.1.129 Vlanif2
172.16.1.129/32 Direct 0 0 D 127.0.0.1
[l2-ospf-1]silent-interface all
[l2-ospf-1]undo silent-interface Vlanif 1
[l2-ospf-1]undo silent-interface Eth-Trunk 0
[r1]ip route-static 0.0.0.0 0 12.1.1.2
[r1-ospf-1]default-route-advertise
RAL
[r1]acl 2000
[r1-acl-basic-2000]rule permit source 172.16.0.0 0.0.255.255
[r1]int g 0/0/0
[r1-GigabitEthernet0/0/0]nat outbound 2000
ISP——公网的配置
<Huawei>sy
Enter system view, return user view with Ctrl+Z.
[Huawei]sysname r2
[r2]g0/0/0
[r2]int g0/0/0
[r2-GigabitEthernet0/0/0]ip address 12.1.1.2 24
[r2-GigabitEthernet0/0/0]int lo0
[r2-LoopBack0]ip address 1.1.1.1 24