添加4台s3700交换机,5台主机做真实服务器集群用
1.为每台交换机配置vlan 10 20 30 40
[Huawei]vlan batch 10 20 30 40
[Huawei]display vlan #查看配置的vlan是否成功
建议修改交换机的名字,方便识别
四台交换机名字分别改为sw1 sw2 sw3 sw4
[Huawei]system sw1
[Huawei]system sw2
[Huawei]system sw3
[Huawei]system sw4
2.将pc对应交换机的接口加入相关vlan
pc1----->vlan10,pc2------->vlan 20
pc3------>vlan 30,pc4,5----->vlan 40
sw1:
[sw1]interface ethernet0/0/1
[sw1-Ethernet0/0/1]port link-type access
[sw1-Ethernet0/0/1]port default vlan 10
sw2:
[sw2]interface ethernet0/0/1
[sw2-Ethernet0/0/1]port link-type access
[sw2-Ethernet0/0/1]port default vlan 20
sw3:
[sw3]interface ethernet0/0/1
[sw3-Ethernet0/0/1]port link-type access
[sw3-Ethernet0/0/1]port default vlan 30
sw4:
[sw4]interface ethernet0/0/1
[sw4-Ethernet0/0/1]port link-type access
[sw4-Ethernet0/0/1]port default vlan 40
[sw4]interface ethernet0/0/2
[sw4-Ethernet0/0/1]port link-type access
[sw4-Ethernet0/0/1]port default vlan 40
3.sw1到sw3配置2-3接口为中继链路trunk
sw4配置3-4接口为中继链路trunk
sw1:
[sw1] port-group 1
[sw1-port-group-1]group-member e0/0/2 e0/0/3
[sw1-port-group-1]port link-type trunk
[sw1-port-group-1]port trunk allow-pass vlan all
sw2:
[sw2] port-group 1
[sw2-port-group-1]group-member e0/0/2 e0/0/3
[sw2-port-group-1]port link-type trunk
[sw2-port-group-1]port trunk allow-pass vlan all
sw3:
[sw3] port-group 1
[sw3-port-group-1]group-member e0/0/2 e0/0/3
[sw3-port-group-1]port link-type trunk
[sw3-port-group-1]port trunk allow-pass vlan all
sw4:
[sw4] port-group 1
[sw4-port-group-1]group-member e0/0/3 e0/0/4
[sw4-port-group-1]port link-type trunk
[sw4-port-group-1]port trunk allow-pass vlan all
****配置完成后用display vlan检查配置是否正确
4.添加两个s5700三层交换机,分别创建之前的4个vlan
sw5:
[Huawei]sy sw5
[sw5]vlan batch 10 20 30 40
sw6:
[Huawei]sy sw6
[sw6]vlan batch 10 20 30 40
5.在三层交换机做中继链路trunk(1-5接口设置trunk)
sw5:
[sw5]port-group 1
[sw5-port-group-1]group-member g0/0/1 to g0/0/5
[sw5-port-group-1]port link-type trunk
[sw5-port-group-1]port trunk allow-pass vlan all
sw6:
[sw6]port-group 1
[sw6-port-group-1]group-member g0/0/1 to g0/0/5
[sw6-port-group-1]port link-type trunk
[sw6-port-group-1]port trunk allow-pass vlan all
6.配置三层交换机的网关地址
sw5 sw6
vlan 10:192.168.10.252/24 vlan 10:192.168.10.253/24
vlan 20:192.168.20.252/24 vlan 20:192.168.20.253/24
vlan 30:192.168.30.252/24 vlan 30:192.168.30.253/24
vlan 40:192.168.40.252/24 vlan 40:192.168.40.253/24
[sw5]in vlan 10 [sw6]in vlan 10
[sw5-vlanif10]ip address 192.168.10.252 24 [sw6-vlanif10]ip address 192.168.10.253 24
[sw5]in vlan 20 [sw6]in vlan 20
[sw5-vlanif20]ip address 192.168.20.252 24 [sw6-vlanif20]ip address 192.168.20.253 24
[sw5]in vlan 30 [sw6]in vlan 30
[sw5-vlanif30]ip address 192.168.30.252 24 [sw6-vlanif30]ip address 192.168.30.253 24
[sw5]in vlan 40 [sw6]in vlan 40
[sw5-vlanif40]ip address 192.168.40.252 24 [sw6-vlanif40]ip address 192.168.40.253 24
7. 5台主机IP
主机1 192.168.10.1 24
主机2 192.168.20.1 24
主机3 192.168.30.1 24
主机4 192.168.40.1 24
主机5 192.168.40.2 24
8.连接线缆,使用pc测试同网段网络
9.配置vrrp
sw5 vlan 10,vlan 20为主路由器, vlan 30.vlan 40为备份路由器
sw6 vlan10,vlan 20为备份路由器,vlan 30 vlan 40为主路由器
[sw5] in vlan 10
[sw5-vlanif10]vrrp vrid 10 virtual-ip 192.168.10.254
[sw5-vlanif10]vrrp vrid 10 priority 105
[sw5] in vlan 20
[sw5-vlanif20]vrrp vrid 20 virtual-ip 192.168.20.254
[sw5-vlanif20]vrrp vrid 10 priority 105
[sw5] in vlan 30
[sw5-vlanif30]vrrp vrid 30 virtual-ip 192.168.30.254
[sw5] in vlan 40
[sw5-vlanif40]vrrp vrid 40 virtual-ip 192.168.40.254
[sw6] in vlan 10
[sw6-vlanif10]vrrp vrid 10 virtual-ip 192.168.10.254
[sw6] in vlan 20
[sw6-vlanif20]vrrp vrid 20 virtual-ip 192.168.20.254
[sw6] in vlan 30
[sw6-vlanif30]vrrp vrid 30 virtual-ip 192.168.30.254
[sw6-vlanif30]vrrp vrid 30 priority 105
[sw6] in vlan 40
[sw6-vlanif40]vrrp vrid 40 virtual-ip 192.168.40.254
[sw6-vlanif40]vrrp vrid 40 priority 105
display vrrp brief #查看结果
排错思路:
1.检查所有设备的IP地址和网关
2.所有交换机是否创建4个vlan
3.所有交换机之间的链路是否为trunk
4.s3700交换机连接pc的接口是否加入对应vlan
10.添加两台ar2220路由器,配置路由器IP地址
首先在两台二层交换机中配置vlan 50 60
[sw5] vlan batch 50 60
[sw6] vlan batch 50 60
把接口加入相应的vlan中
[sw5]in vlan 50
[sw5-vlanif50]ip address 192.168.50.2 24
[sw5-vlanif50] in g0/0/6
[sw5-GigabatEthernet0/0/6]port link-type access
[sw5-GigabatEthernet0/0/6]port default vlan 50
[sw5]in vlan 60
[sw5-vlanif50]ip address 192.168.60.2 24
[sw5-vlanif50] in g0/0/7
[sw5-GigabatEthernet0/0/7]port link-type access
[sw5-GigabatEthernet0/0/7]port default vlan 60
[sw6]in vlan 70
[sw6-vlanif70]ip address 192.168.70.2 24
[sw6-vlanif70] in g0/0/6
[sw6-GigabatEthernet0/0/6]port link-type access
[sw6-GigabatEthernet0/0/6]port default vlan 70
[sw6]in vlan 80
[sw6-vlanif80]ip address 192.168.80.2 24
[sw6-vlanif80] in g0/0/7
[sw6-GigabatEthernet0/0/7]port link-type access
[sw6-GigabatEthernet0/0/7]port default vlan 80
在路由器上面添加IP
[r1] in g0/0/0
[r1-GigabatEthernet0/0/0]ip address 192.168.50.1 24
[r1] in g0/0/1
[r1-GigabatEthernet0/0/1]ip address 192.168.70.1 24
[r2] in g0/0/0
[r2-GigabatEthernet0/0/0]ip address 192.168.60.1 24
[r2] in g0/0/1
[r2-GigabatEthernet0/0/1]ip address 192.168.80.1 24
11.在三层交换机与路由器配置动态路由ospf,宣告自身直连网络,此时真正做到内网互联全通!!!!!!!
sw5宣告自身有10 20 30 40 50 60网段
sw6宣告自身有10 20 30 40 70 80网段
r1宣告自身有50 70网段
r2 宣告自身有60 80网段
[sw5]ospf
[sw5-ospf-1]area 0
[sw5-ospf-1-area-0.0.0.0]network 192.168.10.0 0.0.0.255
[sw5-ospf-1-area-0.0.0.0]network 192.168.20.0 0.0.0.255
[sw5-ospf-1-area-0.0.0.0]network 192.168.30.0 0.0.0.255
[sw5-ospf-1-area-0.0.0.0]network 192.168.40.0 0.0.0.255
[sw5-ospf-1-area-0.0.0.0]network 192.168.50.0 0.0.0.255
[sw5-ospf-1-area-0.0.0.0]network 192.168.60.0 0.0.0.255
[sw6]ospf
[sw6-ospf-1]area 0
[sw6-ospf-1-area-0.0.0.0]network 192.168.10.0 0.0.0.255
[sw6-ospf-1-area-0.0.0.0]network 192.168.20.0 0.0.0.255
[sw6-ospf-1-area-0.0.0.0]network 192.168.30.0 0.0.0.255
[sw6-ospf-1-area-0.0.0.0]network 192.168.40.0 0.0.0.255
[sw6-ospf-1-area-0.0.0.0]network 192.168.70.0 0.0.0.255
[sw6-ospf-1-area-0.0.0.0]network 192.168.80.0 0.0.0.255
[r1]ospf
[r1-ospf-1-area-0.0.0.0]network 192.168.50.0 0.0.0.255
[r1-ospf-1-area-0.0.0.0]network 192.168.70.0 0.0.0.255
[r2]ospf
[r2-ospf-1-area-0.0.0.0]network 192.168.60.0 0.0.0.255
[r2-ospf-1-area-0.0.0.0]network 192.168.80.0 0.0.0.255
12.添加链路聚合技术,增加带宽,增强网络可靠性
首先将sw6和sw4的4接口恢复初始默认状态
[sw6]clear configuration interface e0/0/4
[sw6]in e0/0/4
[sw6-Ethernet0/0/4]undo shutdown #开启接口
[sw6]interface Eth-trunk 1 #进入并开启链路聚合状态
[sw6-Eth-trunk1]trunkport g 0/0/4 0/0/8
[sw6-Eth-trunk1]port link-type trunk
[sw6-Eth-trunk1]port trunk allow-pass vlan all
[sw4]clear configuration interface e0/0/4
[sw4]in e0/0/4
[sw4-Ethernet0/0/4]undo shutdown #开启接口
[sw4]interface Eth-trunk 1 #进入并开启链路聚合状态
[sw4-Eth-trunk1]trunkport e 0/0/4 0/0/5
[sw4-Eth-trunk1]port link-type trunk
[sw4-Eth-trunk1]port trunk allow-pass vlan all
13.添加一台s3700交换机作为外网
[r1]in g0/0/2
[r1-GigabatEthernet0/0/2]ip address 100.0.0.1 8
[r2]in g0/0/2
[r2-GigabatEthernet0/0/2]ip address 100.0.0.2 8
[sw7]in vlan 1
[sw7-vlanif1]ip address 100.0.0.10 8
14.在路由器配置默认路由,并进入ospf宣告
[r1]ospf
[r1-ospf-1]area 0
[r1-ospf-1-area-0.0.0.0]network 192.168.50.0 0.0.0.255
[r1-ospf-1-area-0.0.0.0]network 192.168.70.0 0.0.0.255
[r1-ospf-1-area-0.0.0.0]in g0/0/2
[r1-GigabatEthernet0/0/2]ip address 100.0.0.1 8
[r1]ip route-static 0.0.0.0 0 100.0.10
[r1]ospf
[r1-ospf-1]default-route-advertise
[r2]ospf
[r2-ospf-1]area 0
[r2-ospf-1-area-0.0.0.0]network 192.168.60.0 0.0.0.255
[r2-ospf-1-area-0.0.0.0]network 192.168.80.0 0.0.0.255
[r2-ospf-1-area-0.0.0.0]in g0/0/2
[r2-GigabatEthernet0/0/2]ip address 100.0.0.2 8
[r2]ip route-static 0.0.0.0 0 100.0.0.10 #默认路由
[r2]ospf
[r2-ospf-1]default-route-advertise #宣告默认路由
配置完毕后查看三层交换机的路由表,发现自动产生默认路由
15.在路由器配置nat实现内外互通
[r1]acl 2000
[r1-acl-basic-2000]rule permit source any #允许所有网段通过
[r1-acl-basic-2000]in g0/0/2
[r1-GigabatEthernet0/0/2]nat outbound 2000 #在内网连接外网的接口设置nat
[r2]acl 2000
[r2-acl-basic-2000]rule permit source any #允许所有网段通过
[r2-acl-basic-2000]in g0/0/2 #进入外网接口
[r2-GigabatEthernet0/0/2]nat outbound 2000 #在内网连接外网的接口设置nat
最终测试,内部所有网络的主机可以ping通外部的100.0.0.10