一、实验拓扑
二、实验要求
1.根据提供材料划分VLAN以及IP地址,PC1/PC2属于生产一部员工划分VLAN10,PC3属于生产二部划分VLAN20
2.HJ-1HJ-2交换机需要配置链路聚合以保证业务数据访问的高带宽需求
3.VLAN的放通遵循最小VLAN透传原则
4.配置MSTP生成树解决二层环路问题,并且为考虑业务数据分流,生产一部流量(VLAN10)数据以HJ-1作为生成树主根/HJ-2作为备份,生产二部流量(vlan20)以HJ-2作为生成树主根/HJ-1作为备份
5.生成树需要配置边缘接口并且配置BPDU保护和BPDU过滤功能保证用户体验
6.配置虚拟路由器冗余VRRP以保证网关冗余,提高业务可靠性部署,HJ-1作为VLAN10主网关/HJ-2作为VLAN20主网关并且互为备份
7.VRRP需要主网关配置上行链路监控(直接监控物理接口)保证上行网络故障业务不中断,配置抢占延迟15s,以应对网络震荡
8.配置单区域OSPF访问互联网
9.所有PC均需要配置DHCP地址池塘获取IP地址,地址池塘名称等于VLAN编号名称(例如VLAN 10PC 地址池塘名称为VLAN10)
三、实验配置
1、配置VLAN、创建VLAN10跟VLAN20
在ACC1中配置:
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 10 20
interface GigabitEthernet0/0/2
port link-type trunk
port trunk allow-pass vlan 10 20
interface GigabitEthernet0/0/3
port link-type access
port default vlan 10
stp bpdu-filter enable
stp edged-port enable
interface GigabitEthernet0/0/4
port link-type access
port default vlan 10
stp bpdu-filter enable
stp edged-port enable
在ACC2中配置:
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 10 20
interface GigabitEthernet0/0/2
port link-type trunk
port trunk allow-pass vlan 10 20
interface GigabitEthernet0/0/3
port link-type access
port default vlan 20
stp bpdu-filter enable
stp edged-port enable
在HJ-1中配置:
interface Eth-Trunk0
port link-type trunk
port trunk allow-pass vlan 10 20
interface GigabitEthernet0/0/3
port link-type trunk
port trunk allow-pass vlan 10 20
interface GigabitEthernet0/0/4
port link-type trunk
port trunk allow-pass vlan 10 20
在HJ-2中配置:
interface Eth-Trunk0
port link-type trunk
port trunk allow-pass vlan 10 20
interface GigabitEthernet0/0/3
port link-type trunk
port trunk allow-pass vlan 10 20
interface GigabitEthernet0/0/4
port link-type trunk
port trunk allow-pass vlan 10 20
在CORE中配置:
interface GigabitEthernet0/0/1
port link-type access
port default vlan 100
stp disable
interface GigabitEthernet0/0/2
port link-type access
port default vlan 200
stp disable
interface GigabitEthernet0/0/3
port link-type access
port default vlan 110
stp disable
2、配置链路聚合
[HJ-1]interface Eth-Trunk 0
[HJ-1]trunkport GigabitEthernet 0/0/1 to 0/0/2
[HJ-2]interface Eth-Trunk 0
[HJ-2]trunkport GigabitEthernet 0/0/1 to 0/0/2
3、配置MSTP、在HJ-1、HJ-2、ACC1跟ACC2都要配置以下相同的命令并做备份
[HJ-1]stp region-configuration
[HJ-1]region-name SC
[HJ-1] instance 1 vlan 10
[HJ-1]instance 2 vlan 20
[HJ-1]active region-configuration
[HJ-1]stp instance 1 root primary
[HJ-1]stp instance 2 root secondary
[HJ-2]stp instance 1 root secondary
[HJ-2]stp instance 2 root primary
4、配置边缘接口并且配置BPDU、在ACC-1跟ACC-2上配置
[AAC-1]interface GigabitEthernet0/0/3
[AAC-1] port link-type access
[AAC-1]port default vlan 10
[AAC-1] stp bpdu-filter enable
[AAC-1]stp edged-port enable
[AAC-1]interface GigabitEthernet0/0/4
[AAC-1]port link-type access
[AAC-1]port default vlan 10
[AAC-1]stp bpdu-filter enable
[AAC-1]stp edged-port enable
[AAC-2]interface GigabitEthernet0/0/3
[AAC-2]port link-type access
[AAC-2] port default vlan 20
[AAC-2] stp bpdu-filter enable
[AAC-2]stp edged-port enable
5、配置虚拟路由器冗余VRRP
6、配置单区域OSPF访问互联网
[HJ-1]ospf 1 router-id 1.1.1.1
[HJ-1] area 0.0.0.0
[HJ-1] network 192.168.10.1 0.0.0.0
[HJ-1]network 192.168.100.1 0.0.0.0
[HJ-1] network 192.168.20.0 0.0.0.255
[HJ-2]ospf 1 router-id 2.2.2.2
[HJ-2]area 0.0.0.0
[HJ-2]network 192.168.20.1 0.0.0.0
[HJ-2]network 192.168.200.1 0.0.0.0
[HJ-2] network 192.168.20.0 0.0.0.0
[CORE]ospf 1 router-id 3.3.3.3
[CORE]area 0.0.0.0
[CORE] network 192.168.100.0 0.0.0.255
[CORE]network 192.168.110.0 0.0.0.255
[CORE] network 192.168.200.0 0.0.0.255
[bianjie]ospf 1 router-id 4.4.4.4
[bianjie] area 0.0.0.0
[bianjie] network 192.168.110.2 0.0.0.0
7、所有PC均需要配置DHCP地址池塘获取IP地址
8、检查是否能全网通
