网络拓扑图
描述:
在ensp模拟器中,border为企业的边界路由器,g0/0/0接口与运营商isp的接口相连,通过pppoe方式获取ip地址,g0/0/1与核心交换机LSW1相连
配置子接口:g0/0/1.100,g0/0/1.200分别为vlan 100、vlan 200的网关
核心交换机LSW1LSW2用过接口G0/0/2、G0/0/3相连,LSW1与接入层交换机SW1SW2相连
接入交换机LSW3的e0/0/1属于vlan100,e0/0/2属于vlan200
PC1PC2PC3PC4通过DHCP方式获取ip地址
网络实施需求描述:
1 AR1为边界路由器BORDER,通过PPPOE方式连接到运营商 2 AR1要求在G0/0/1 使用子接口:G0/0/1.100地址为10.1.100.254,作为vlan 100的网关;G0/0/1.200地址为10.1.200.254,作为vlan 200的网关 3 两台core交换机通过G0/0/2,G0/0/3组成eth-trunk链路 4 4台交换机之间连接为trunk模式,只允许VLAN100,VLAN200通过 5 4台交换机启用生成树,模式为RTSP,要求core1为所有生成树的根,core2为备份根 6 SW1、SW2连接客户端的接口启用EDGE-PORT模式,并且连接客户端的接口接收到BPDU报文时立即关闭接口 7 PC1,PC3属于vlan100,PC2,PC4属于vlan200;并通过dhcp方式获取ip地址 8 AR1需要配置DHCP服务,为所有客户端分配ip地址 9 BORDER边界路由器与ISP路由器之间使用静态路由; 10 使用easy nat配置模式
配置示例:
1 配置ISP运营商的路由器,为pppoe的server端
<Huawei>system-view Enter system view, return user view with Ctrl+Z. [Huawei]sysn [Huawei]sysname ISP [ISP]aaa [ISP-aaa]local-user yhq password cipher yhq123 Info: Add a new user. [ISP-aaa]local-user yhq service-type ppp [ISP-aaa]q [ISP]ip pool ISP Info: It's successful to create an IP address pool. [ISP-ip-pool-ISP]gateway-list 200.200.200.1 [ISP-ip-pool-ISP]network 200.200.200.0 mask 255.255.255.252 [ISP-ip-pool-ISP]dns-list 100.100.100.100 [ISP-ip-pool-ISP]q [ISP]interface GigabitEthernet 0/0/0 [ISP-GigabitEthernet0/0/0]pppoe-server bind virtual-template 1 [ISP-GigabitEthernet0/0/0]q [ISP]interface Virtual-Template 1 Jun 12 2020 17:05:45-08:00 ISP %%01IFPDT/4/IF_STATE(l)[1]:Interface Virtual-Temp late1 has turned into UP state. [ISP-Virtual-Template1]ppp authentication-mode chap domain yhq.com [ISP-Virtual-Template1]remote address pool ISP [ISP-Virtual-Template1]ppp ipcp dns 100.100.100.100 [ISP-Virtual-Template1]ip address 200.200.200.1 255.255.255.0 [ISP-Virtual-Template1]q [ISP]int [ISP]interface GigabitEthernet 0/0/1 [ISP-GigabitEthernet0/0/1]ip address 100.100.100.254 255.255.255.
查看配置文件
<ISP>display current-configuration [V200R003C00] # sysname ISP # snmp-agent local-engineid 800007DB03000000000000 snmp-agent # clock timezone bj add 08:00:00 # portal local-server load flash:/portalpage.zip # drop illegal-mac alarm # wlan ac-global carrier id other ac id 0 # set cpu-usage threshold 80 restore 75 # ip pool ISP gateway-list 200.200.200.1 network 200.200.200.0 mask 255.255.255.252 dns-list 100.100.100.100 # aaa authentication-scheme default authorization-scheme default accounting-scheme default domain default domain default_admin local-user yhq password cipher %$%$VW3@)4]#7-h./=}wyg!m~=P%$%$ local-user yhq service-type ppp local-user admin password cipher %$%$K8m.Nt84DZ}e#<0`8bmE3Uw}%$%$ local-user admin service-type http # firewall zone Local priority 15 # interface Virtual-Template1 ppp authentication-mode chap domain yhq.com remote address pool ISP ppp ipcp dns 100.100.100.100 ip address 200.200.200.1 255.255.255.0 # interface GigabitEthernet0/0/0 pppoe-server bind Virtual-Template 1 # interface GigabitEthernet0/0/1 ip address 100.100.100.254 255.255.255.0 # interface GigabitEthernet0/0/2 # interface NULL0 # user-interface con 0 authentication-mode password user-interface vty 0 4 user-interface vty 16 20 # wlan ac # return
2 配置BORDER边界路由器,PPPOE client
<Huawei>system-view Enter system view, return user view with Ctrl+Z. [BODER]sysname BORDER [BORDER]interface Dialer 1 Jun 12 2020 17:22:50-08:00 BORDER %%01IFPDT/4/IF_STATE(l)[0]:Interface Dialer1 h as turned into UP state. [BORDER-Dialer1]link-protocol ppp [BORDER-Dialer1]ppp chap user yhq [BORDER-Dialer1]ppp chap password cipher yhq123 [BORDER-Dialer1]ip address ppp-negotiate //用来配置接口,通过ppp协议获取ip地址 [BORDER-Dialer1]dialer user ? STRING<1-32> The user name of remote [BORDER-Dialer1]dialer user yhq [BORDER-Dialer1]dialer bundle 1//指定共享的Dialer接口,使用dialer bundle [BORDER-Dialer1]dialer-group 1//配置接口所属的拨号访问组 [BORDER-Dialer1]q [BORDER]dis ip interface brief *down: administratively down ^down: standby (l): loopback (s): spoofing The number of interface that is UP in Physical is 3 The number of interface that is DOWN in Physical is 2 The number of interface that is UP in Protocol is 2 The number of interface that is DOWN in Protocol is 3 Interface IP Address/Mask Physical Protocol Dialer1 unassigned up up(s) GigabitEthernet0/0/0 unassigned up down GigabitEthernet0/0/1 unassigned down down GigabitEthernet0/0/2 unassigned down down NULL0 unassigned up up(s) [BORDER]interface GigabitEthernet 0/0/0 [BORDER-GigabitEthernet0/0/0]pppoe-client dial-bundle-number 1 [BORDER-GigabitEthernet0/0/0]q [BORDER] Jun 12 2020 17:26:02-08:00 BORDER %%01IFNET/4/LINK_STATE(l)[1]:The line protocol PPP on the interface Dialer1:0 has entered the UP state. [BORDER] Jun 12 2020 17:26:02-08:00 BORDER %%01IFNET/4/LINK_STATE(l)[2]:The line protocol PPP IPCP on the interface Dialer1:0 has entered the UP state. [BORDER]ip route-static 0.0.0.0 0 Dialer 1 [BORDER]display ip interface brief *down: administratively down ^down: standby (l): loopback (s): spoofing The number of interface that is UP in Physical is 3 The number of interface that is DOWN in Physical is 2 The number of interface that is UP in Protocol is 2 The number of interface that is DOWN in Protocol is 3 Interface IP Address/Mask Physical Protocol Dialer1 200.200.200.2/32 up up(s) GigabitEthernet0/0/0 unassigned up down GigabitEthernet0/0/1 unassigned down down GigabitEthernet0/0/2 unassigned down down NULL0 unassigned up up(s)
3 BORDER 配置单臂路由
[BORDER]interface GigabitEthernet 0/0/1.100 [BORDER-GigabitEthernet0/0/1.100]dot1q termination vid 100 //配置子接口dot1q的vlnaid [BORDER-GigabitEthernet0/0/1.100]ip address 10.1.100.254 24 [BORDER-GigabitEthernet0/0/1.100]arp broadcast enable //开启子接口的ARP广播功能 [BORDER-GigabitEthernet0/0/1.100]q [BORDER]interface GigabitEthernet 0/0/1.200 [BORDER-GigabitEthernet0/0/1.200]dot1q termination vid 200 [BORDER-GigabitEthernet0/0/1.200]ip address 10.1.200.254 24 [BORDER-GigabitEthernet0/0/1.200]arp broadcast enable [BORDER]display ip interface brief *down: administratively down ^down: standby (l): loopback (s): spoofing The number of interface that is UP in Physical is 6 The number of interface that is DOWN in Physical is 1 The number of interface that is UP in Protocol is 4 The number of interface that is DOWN in Protocol is 3 Interface IP Address/Mask Physical Protocol Dialer1 200.200.200.2/32 up up(s) GigabitEthernet0/0/0 unassigned up down GigabitEthernet0/0/1 unassigned up down GigabitEthernet0/0/1.100 10.1.100.254/24 up up GigabitEthernet0/0/1.200 10.1.200.254/24 up up GigabitEthernet0/0/2 unassigned down down NULL0 unassigned up up(s) [BORDER]display ip routing-table Route Flags: R - relay, D - download to fib ------------------------------------------------------------------------------ Routing Tables: Public Destinations : 13 Routes : 13 Destination/Mask Proto Pre Cost Flags NextHop Interface 0.0.0.0/0 Static 60 0 D 200.200.200.2 Dialer1 10.1.100.0/24 Direct 0 0 D 10.1.100.254 GigabitEthernet 0/0/1.100 10.1.100.254/32 Direct 0 0 D 127.0.0.1 GigabitEthernet 0/0/1.100 10.1.100.255/32 Direct 0 0 D 127.0.0.1 GigabitEthernet 0/0/1.100 10.1.200.0/24 Direct 0 0 D 10.1.200.254 GigabitEthernet 0/0/1.200 10.1.200.254/32 Direct 0 0 D 127.0.0.1 GigabitEthernet 0/0/1.200 10.1.200.255/32 Direct 0 0 D 127.0.0.1 GigabitEthernet 0/0/1.200 127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0 127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0 127.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0 200.200.200.1/32 Direct 0 0 D 200.200.200.1 Dialer1 200.200.200.2/32 Direct 0 0 D 127.0.0.1 Dialer1 255.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0 #[BORDER]display ip routing-table #[BORDER]dis ip interface brief
4 core 1核心交换机1的配置:
[Huawei]sysname CORE_1 [CORE_1]vlan batch 100 200 [CORE_1]interface GigabitEthernet 0/0/1 [CORE_1-GigabitEthernet0/0/1]port link-type trunk [CORE_1-GigabitEthernet0/0/1]port trunk allow-pass vlan 100 200 [CORE_1]display port vlan active GigabitEthernet 0/0/1 T=TAG U=UNTAG ------------------------------------------------------------------------------- Port Link Type PVID VLAN List ------------------------------------------------------------------------------- GE0/0/1 trunk 1 U: 1 T: 100 200
5 配置两台core交换机eth-trunk模式
[CORE_1]interface Eth-Trunk 12 //创建eth-trunk [CORE_1-Eth-Trunk12]mode lacp-static //指定eth-trunk工作模式为lacp [CORE_1-Eth-Trunk12]lacp preempt enable //开启抢占功能 [CORE_1-Eth-Trunk12]lacp preempt delay 10 //设置抢占时延时间 [CORE_1-Eth-Trunk12]q [CORE_1]interface GigabitEthernet 0/0/2 [CORE_1-GigabitEthernet0/0/2]eth-trunk 12 Info: This operation may take a few seconds. Please wait for a moment...done. [CORE_1-GigabitEthernet0/0/2]q [CORE_1]interface GigabitEthernet 0/0/3 [CORE_1-GigabitEthernet0/0/3]eth-trunk 12 Info: This operation may take a few seconds. Please wait for a moment...done. [CORE_1-GigabitEthernet0/0/3]q <Huawei>system-view Enter system view, return user view with Ctrl+Z. [Huawei]sysname CORE_2 [CORE_2]undo info-center enable Info: Information center is disabled. [CORE_2]interface Eth-Trunk 12 [CORE_2-Eth-Trunk12]mode lacp-static [CORE_2-Eth-Trunk12]lacp preempt enable [CORE_2-Eth-Trunk12]lacp preempt delay 10 [CORE_2-Eth-Trunk12]q [CORE_2]interface GigabitEthernet 0/0/2 [CORE_2-GigabitEthernet0/0/2]eth-trunk 12 Info: This operation may take a few seconds. Please wait for a moment...done. [CORE_2-GigabitEthernet0/0/2]q [CORE_2]interface GigabitEthernet 0/0/3 [CORE_2-GigabitEthernet0/0/3]eth-trunk 12 Info: This operation may take a few seconds. Please wait for a moment...done. [CORE_2-GigabitEthernet0/0/3]q //分别查看2个核心交换机的eth-trunk [CORE_1]display eth-trunk 12 Eth-Trunk12's state information is: Local: LAG ID: 12 WorkingMode: STATIC Preempt Delay Time: 10 Hash arithmetic: According to SIP-XOR-DIP System Priority: 32768 System ID: 4c1f-cc13-09af Least Active-linknumber: 1 Max Active-linknumber: 8 Operate status: up Number Of Up Port In Trunk: 2 -------------------------------------------------------------------------------- ActorPortName Status PortType PortPri PortNo PortKey PortState Weight GigabitEthernet0/0/2 Selected 1GE 32768 3 3121 10111100 1 GigabitEthernet0/0/3 Selected 1GE 32768 4 3121 10111100 1 Partner: -------------------------------------------------------------------------------- ActorPortName SysPri SystemID PortPri PortNo PortKey PortState GigabitEthernet0/0/2 32768 4c1f-cc03-1750 32768 3 3121 10111100 GigabitEthernet0/0/3 32768 4c1f-cc03-1750 32768 4 3121 10111100 [CORE_2]display eth-trunk 12 Eth-Trunk12's state information is: Local: LAG ID: 12 WorkingMode: STATIC Preempt Delay Time: 10 Hash arithmetic: According to SIP-XOR-DIP System Priority: 32768 System ID: 4c1f-cc03-1750 Least Active-linknumber: 1 Max Active-linknumber: 8 Operate status: up Number Of Up Port In Trunk: 2 -------------------------------------------------------------------------------- ActorPortName Status PortType PortPri PortNo PortKey PortState Weight GigabitEthernet0/0/2 Selected 1GE 32768 3 3121 10111100 1 GigabitEthernet0/0/3 Selected 1GE 32768 4 3121 10111100 1 Partner: -------------------------------------------------------------------------------- ActorPortName SysPri SystemID PortPri PortNo PortKey PortState GigabitEthernet0/0/2 32768 4c1f-cc13-09af 32768 3 3121 10111100 GigabitEthernet0/0/3 32768 4c1f-cc13-09af 32768 4 3121 10111100
6 在交换机上创建vlan并修改连接模式trunk
[CORE_1]vlan batch 100 200 Info: This operation may take a few seconds. Please wait for a moment...done. [CORE_1]interface Eth-Trunk 12 [CORE_1-Eth-Trunk12]port link-type trunk [CORE_1-Eth-Trunk12]port trunk allow-pass vlan 100 200 [CORE_1-Eth-Trunk12]q [CORE_1]interface GigabitEthernet 0/0/1 [CORE_1-GigabitEthernet0/0/1]port link-type trunk [CORE_1-GigabitEthernet0/0/1]port trunk allow-pass vlan 100 200 [CORE_1-GigabitEthernet0/0/1]q [CORE_1]interface GigabitEthernet 0/0/4 [CORE_1-GigabitEthernet0/0/4]port link-type trunk [CORE_1-GigabitEthernet0/0/4]port trunk allow-pass vlan 100 200 [CORE_2]vlan batch 100 200 Info: This operation may take a few seconds. Please wait for a moment...done. [CORE_2]interface Eth-Trunk 12 [CORE_2-Eth-Trunk12]port link-type trunk [CORE_2-Eth-Trunk12]port trunk allow-pass vlan 100 200 [CORE_2]interface GigabitEthernet 0/0/4 [CORE_2-GigabitEthernet0/0/4]port link-type trunk [CORE_2-GigabitEthernet0/0/4]port trunk allow-pass vlan 100 200 [CORE_2-GigabitEthernet0/0/4]q [CORE_2]interface GigabitEthernet 0/0/5 [CORE_2-GigabitEthernet0/0/5]port link-type trunk [CORE_2-GigabitEthernet0/0/5]port trunk allow-pass vlan 100 200 [Huawei]sysname SW1 [SW1]vlan batch 100 200 [SW1]interface GigabitEthernet 0/0/1 [SW1-GigabitEthernet0/0/1]port link-type trunk [SW1-GigabitEthernet0/0/1]port trunk allow-pass vlan 100 200 [SW1]interface GigabitEthernet 0/0/2 [SW1-GigabitEthernet0/0/2]port link-type trunk [SW1-GigabitEthernet0/0/2]port trunk allow-pass vlan 100 200 [SW1-GigabitEthernet0/0/2]q [SW1]interface Ethernet0/0/1 [SW1-Ethernet0/0/1]port link-type access [SW1-Ethernet0/0/1]port default vlan 100 [SW1]interface Ethernet 0/0/2 [SW1-Ethernet0/0/2]port link-type access [SW1-Ethernet0/0/2]port default vlan 200 <Huawei>system-view Enter system view, return user view with Ctrl+Z. [Huawei]sys [Huawei]sysname SW2 [SW2]vlan batch 100 200 [SW2]interface GigabitEthernet 0/0/1 [SW2-GigabitEthernet0/0/1]port link-type trunk [SW2-GigabitEthernet0/0/1]port trunk allow-pass vlan 100 200 [SW2-GigabitEthernet0/0/1]q [SW2]interface GigabitEthernet 0/0/2 [SW2-GigabitEthernet0/0/2]port link-type trunk [SW2-GigabitEthernet0/0/2]port trunk allow-pass vlan 100 200 [SW2]interface Ethernet 0/0/1 [SW2-Ethernet0/0/1]port link-type access [SW2-Ethernet0/0/1]port default vlan 100 [SW2-Ethernet0/0/1]q [SW2]interface Ethernet 0/0/2 [SW2-Ethernet0/0/2]port link-type access [SW2-Ethernet0/0/2]port default vlan 200 //分别查看vlan [CORE_1]display vlan The total number of vlans is : 3 -------------------------------------------------------------------------------- U: Up; D: Down; TG: Tagged; UT: Untagged; MP: Vlan-mapping; ST: Vlan-stacking; #: ProtocolTransparent-vlan; *: Management-vlan; -------------------------------------------------------------------------------- VID Type Ports -------------------------------------------------------------------------------- 1 common UT:GE0/0/1(U) GE0/0/4(U) GE0/0/5(U) GE0/0/6(D) GE0/0/7(D) GE0/0/8(D) GE0/0/9(D) GE0/0/10(D) GE0/0/11(D) GE0/0/12(D) GE0/0/13(D) GE0/0/14(D) GE0/0/15(D) GE0/0/16(D) GE0/0/17(D) GE0/0/18(D) GE0/0/19(D) GE0/0/20(D) GE0/0/21(D) GE0/0/22(D) GE0/0/23(D) GE0/0/24(D) Eth-Trunk12(U) 100 common TG:GE0/0/1(U) GE0/0/4(U) Eth-Trunk12(U) 200 common TG:GE0/0/1(U) GE0/0/4(U) Eth-Trunk12(U) VID Status Property MAC-LRN Statistics Description -------------------------------------------------------------------------------- 1 enable default enable disable VLAN 0001 100 enable default enable disable VLAN 0100 200 enable default enable disable VLAN 0200 [CORE_1]display port vlan active T=TAG U=UNTAG ------------------------------------------------------------------------------- Port Link Type PVID VLAN List ------------------------------------------------------------------------------- Eth-Trunk12 trunk 1 U: 1 T: 100 200 GE0/0/1 trunk 1 U: 1 T: 100 200 GE0/0/4 trunk 1 U: 1 T: 100 200 [CORE_2]display vlan The total number of vlans is : 3 -------------------------------------------------------------------------------- U: Up; D: Down; TG: Tagged; UT: Untagged; MP: Vlan-mapping; ST: Vlan-stacking; #: ProtocolTransparent-vlan; *: Management-vlan; -------------------------------------------------------------------------------- VID Type Ports -------------------------------------------------------------------------------- 1 common UT:GE0/0/1(D) GE0/0/4(U) GE0/0/5(U) GE0/0/6(D) GE0/0/7(D) GE0/0/8(D) GE0/0/9(D) GE0/0/10(D) GE0/0/11(D) GE0/0/12(D) GE0/0/13(D) GE0/0/14(D) GE0/0/15(D) GE0/0/16(D) GE0/0/17(D) GE0/0/18(D) GE0/0/19(D) GE0/0/20(D) GE0/0/21(D) GE0/0/22(D) GE0/0/23(D) GE0/0/24(D) Eth-Trunk12(U) 100 common TG:GE0/0/4(U) GE0/0/5(U) Eth-Trunk12(U) 200 common TG:GE0/0/4(U) GE0/0/5(U) Eth-Trunk12(U) VID Status Property MAC-LRN Statistics Description -------------------------------------------------------------------------------- 1 enable default enable disable VLAN 0001 100 enable default enable disable VLAN 0100 200 enable default enable disable VLAN 0200 [CORE_2]display port vlan active T=TAG U=UNTAG ------------------------------------------------------------------------------- Port Link Type PVID VLAN List ------------------------------------------------------------------------------- Eth-Trunk12 trunk 1 U: 1 T: 100 200 GE0/0/1 hybrid 1 U: 1 GE0/0/4 trunk 1 U: 1 T: 100 200 GE0/0/5 trunk 1 U: 1 T: 100 200 [SW1]display vlan The total number of vlans is : 3 -------------------------------------------------------------------------------- U: Up; D: Down; TG: Tagged; UT: Untagged; MP: Vlan-mapping; ST: Vlan-stacking; #: ProtocolTransparent-vlan; *: Management-vlan; -------------------------------------------------------------------------------- VID Type Ports -------------------------------------------------------------------------------- 1 common UT:Eth0/0/3(D) Eth0/0/4(D) Eth0/0/5(D) Eth0/0/6(D) Eth0/0/7(D) Eth0/0/8(D) Eth0/0/9(D) Eth0/0/10(D) Eth0/0/11(D) Eth0/0/12(D) Eth0/0/13(D) Eth0/0/14(D) Eth0/0/15(D) Eth0/0/16(D) Eth0/0/17(D) Eth0/0/18(D) Eth0/0/19(D) Eth0/0/20(D) Eth0/0/21(D) Eth0/0/22(D) GE0/0/1(U) GE0/0/2(U) 100 common UT:Eth0/0/1(U) TG:GE0/0/1(U) GE0/0/2(U) 200 common UT:Eth0/0/2(D) TG:GE0/0/1(U) GE0/0/2(U) VID Status Property MAC-LRN Statistics Description -------------------------------------------------------------------------------- 1 enable default enable disable VLAN 0001 100 enable default enable disable VLAN 0100 [SW1]dis port vlan active T=TAG U=UNTAG ------------------------------------------------------------------------------- Port Link Type PVID VLAN List ------------------------------------------------------------------------------- Eth0/0/1 access 100 U: 100 Eth0/0/2 access 200 U: 200 Eth0/0/3 hybrid 1 U: 1 [SW2]display vlan The total number of vlans is : 3 -------------------------------------------------------------------------------- U: Up; D: Down; TG: Tagged; UT: Untagged; MP: Vlan-mapping; ST: Vlan-stacking; #: ProtocolTransparent-vlan; *: Management-vlan; -------------------------------------------------------------------------------- VID Type Ports -------------------------------------------------------------------------------- 1 common UT:Eth0/0/3(D) Eth0/0/4(D) Eth0/0/5(D) Eth0/0/6(D) Eth0/0/7(D) Eth0/0/8(D) Eth0/0/9(D) Eth0/0/10(D) Eth0/0/11(D) Eth0/0/12(D) Eth0/0/13(D) Eth0/0/14(D) Eth0/0/15(D) Eth0/0/16(D) Eth0/0/17(D) Eth0/0/18(D) Eth0/0/19(D) Eth0/0/20(D) Eth0/0/21(D) Eth0/0/22(D) GE0/0/1(U) GE0/0/2(U) 100 common UT:Eth0/0/1(D) TG:GE0/0/1(U) GE0/0/2(U) 200 common UT:Eth0/0/2(D) TG:GE0/0/1(U) GE0/0/2(U) VID Status Property MAC-LRN Statistics Description -------------------------------------------------------------------------------- 1 enable default enable disable VLAN 0001 100 enable default enable disable VLAN 0100 200 enable default enable disable VLAN 0200
7 配置交换机生成树模式
[CORE_1]stp enable [CORE_1]stp mode rstp Info: This operation may take a few seconds. Please wait for a moment...done. [CORE_1]stp instance 0 root primary [CORE_2]stp enable [CORE_2]stp mode rstp Info: This operation may take a few seconds. Please wait for a moment...done. [CORE_2]stp instance 0 root secondary [SW1]stp enable [SW1]stp mode rstp Info: This operation may take a few seconds. Please wait for a moment...done. [SW2]stp enable [SW2]stp mode rstp Info: This operation may take a few seconds. Please wait for a moment...done.
8 交换机SW1,SW2的eth端口设置
[SW1]interface Ethernet 0/0/1 [SW1-Ethernet0/0/1]stp edged-port enable [SW1-Ethernet0/0/1]q [SW1]interface Ethernet 0/0/2 [SW1-Ethernet0/0/2]stp edged-port enable //配置当前端口为边缘端口 [SW1-Ethernet0/0/2]q [SW1]stp bpdu-protection //用来使能设备的BPDU保护功能 [SW2]interface Ethernet 0/0/1 [SW2-Ethernet0/0/1]stp edged-port enable [SW2-Ethernet0/0/1]q [SW2]interface Ethernet 0/0/2 [SW2-Ethernet0/0/2]stp edged-port enable [SW2-Ethernet0/0/2]q [SW2]stp bpdu-protection [CORE_1]display stp brief MSTID Port Role STP State Protection 0 GigabitEthernet0/0/1 DESI FORWARDING NONE 0 GigabitEthernet0/0/4 DESI FORWARDING NONE 0 GigabitEthernet0/0/5 DESI FORWARDING NONE 0 Eth-Trunk12 DESI FORWARDING NONE [CORE_2]display stp brief MSTID Port Role STP State Protection 0 GigabitEthernet0/0/4 DESI FORWARDING NONE 0 GigabitEthernet0/0/5 DESI FORWARDING NONE 0 Eth-Trunk12 ROOT FORWARDING NONE [SW1]display stp brief MSTID Port Role STP State Protection 0 Ethernet0/0/1 DESI FORWARDING BPDU 0 GigabitEthernet0/0/1 ROOT FORWARDING NONE 0 GigabitEthernet0/0/2 ALTE DISCARDING NONE
9 在BORDER路由器上配置DHCP
[BORDER]dhcp enable Info: The operation may take a few seconds. Please wait for a moment.done. [BORDER]ip pool vlan100 Info: It's successful to create an IP address pool. [BORDER-ip-pool-vlan100]gateway-list 10.1.100.254 [BORDER-ip-pool-vlan100]network 10.1.100.0 mask 255.255.255.0 [BORDER-ip-pool-vlan100]static-bind ip-address 10.1.100.100 mac-address 5489-98E5-8064 //pc1的mac进行绑定 [BORDER-ip-pool-vlan100]excluded-ip-address 10.1.100.200 10.1.100.253 [BORDER-ip-pool-vlan100]dns-list 100.100.100.100 [BORDER-ip-pool-vlan100]domain-name yhq.com [BORDER-ip-pool-vlan100]q [BORDER]ip pool vlan200 Info: It's successful to create an IP address pool. [BORDER-ip-pool-vlan200]gateway-list 10.1.200.254 [BORDER-ip-pool-vlan200]network 10.1.200.0 mask 255.255.255.0 [BORDER-ip-pool-vlan200]dns-list 100.100.100.100 [BORDER-ip-pool-vlan200]domain-name huawei.com [BORDER-ip-pool-vlan200]q [BORDER]interface GigabitEthernet 0/0/1.100 [BORDER-GigabitEthernet0/0/1.100]dhcp select global //使能接口采用全局地址池的dhcp服务器功能 [BORDER-GigabitEthernet0/0/1.100]q [BORDER]interface GigabitEthernet 0/0/1.200 [BORDER-GigabitEthernet0/0/1.200]dhcp select global [BORDER-GigabitEthernet0/0/1.200]q [BORDER]
PC1输入ipconfig
PC>ipconfig Link local IPv6 address...........: fe80::5689:98ff:fee5:8064 IPv6 address......................: :: / 128 IPv6 gateway......................: :: IPv4 address......................: 10.1.100.100 Subnet mask.......................: 255.255.255.0 Gateway...........................: 10.1.100.254 Physical address..................: 54-89-98-E5-80-64 DNS server........................: 100.100.100.100 PC>ping 10.1.100.254 Ping 10.1.100.254: 32 data bytes, Press Ctrl_C to break From 10.1.100.254: bytes=32 seq=1 ttl=255 time=94 ms From 10.1.100.254: bytes=32 seq=2 ttl=255 time=31 ms --- 10.1.100.254 ping statistics --- 2 packet(s) transmitted 2 packet(s) received 0.00% packet loss round-trip min/avg/max = 31/62/94 ms PC>ping 10.1.200.254 //ping 网关2 Ping 10.1.200.254: 32 data bytes, Press Ctrl_C to break From 10.1.200.254: bytes=32 seq=1 ttl=255 time=79 ms From 10.1.200.254: bytes=32 seq=2 ttl=255 time=62 ms --- 10.1.200.254 ping statistics --- 2 packet(s) transmitted 2 packet(s) received 0.00% packet loss round-trip min/avg/max = 62/70/79 ms
PC2
PC>ipconfig // 查看获取的ip地址 Link local IPv6 address...........: fe80::5689:98ff:feda:620f IPv6 address......................: :: / 128 IPv6 gateway......................: :: IPv4 address......................: 10.1.200.253 Subnet mask.......................: 255.255.255.0 Gateway...........................: 10.1.200.254 Physical address..................: 54-89-98-DA-62-0F DNS server........................: 100.100.100.100 PC>ping 10.1.100.254 //ping网关1 Ping 10.1.100.254: 32 data bytes, Press Ctrl_C to break From 10.1.100.254: bytes=32 seq=1 ttl=255 time=47 ms From 10.1.100.254: bytes=32 seq=2 ttl=255 time=46 ms --- 10.1.100.254 ping statistics --- 2 packet(s) transmitted 2 packet(s) received 0.00% packet loss round-trip min/avg/max = 46/46/47 ms PC>ping 10.1.100.100 //ping PC1 Ping 10.1.100.100: 32 data bytes, Press Ctrl_C to break Request timeout! From 10.1.100.100: bytes=32 seq=2 ttl=127 time=125 ms From 10.1.100.100: bytes=32 seq=3 ttl=127 time=125 ms --- 10.1.100.100 ping statistics --- 3 packet(s) transmitted 2 packet(s) received 33.33% packet loss round-trip min/avg/max = 0/125/125 ms PC4 无法获取ip,无法ping 通网关2 PC>ping 10.1.200.254 Ping 10.1.200.254: 32 data bytes, Press Ctrl_C to break From 10.1.200.2: Destination host unreachable From 10.1.200.2: Destination host unreachable From 10.1.200.2: Destination host unreachable From 10.1.200.2: Destination host unreachable --- 10.1.200.254 ping statistics --- 4 packet(s) transmitted 0 packet(s) received 100.00% packet loss PC>arp -a Internet Address Physical Address Type
查看核心交换机的端口5,配置
[CORE_1]display interface GigabitEthernet 0/0/5 [CORE_1]interface GigabitEthernet 0/0/5 [CORE_1-GigabitEthernet0/0/5]port link-type trunk [CORE_1-GigabitEthernet0/0/5]port trunk allow-pass vlan 100 200 PC 4能获取到ip,并ping通网关2和PC1 PC>ping 10.1.200.254 Ping 10.1.200.254: 32 data bytes, Press Ctrl_C to break From 10.1.200.254: bytes=32 seq=1 ttl=255 time=63 ms From 10.1.200.254: bytes=32 seq=2 ttl=255 time=63 ms From 10.1.200.254: bytes=32 seq=3 ttl=255 time=47 ms --- 10.1.200.254 ping statistics --- 3 packet(s) transmitted 3 packet(s) received 0.00% packet loss round-trip min/avg/max = 47/57/63 ms PC>ping 10.1.100.100 Ping 10.1.100.100: 32 data bytes, Press Ctrl_C to break Request timeout! From 10.1.100.100: bytes=32 seq=2 ttl=127 time=125 ms From 10.1.100.100: bytes=32 seq=3 ttl=127 time=141 ms --- 10.1.100.100 ping statistics --- 3 packet(s) transmitted 2 packet(s) received 33.33% packet loss round-trip min/avg/max = 0/133/141 ms
10 配置NAT
[BORDER]acl number 3001 [BORDER-acl-adv-3001]rule 5 permit icmp source 10.1.100.0 0.0.0.255 [BORDER-acl-adv-3001]rule 6 permit icmp source 10.1.200.0 0.0.0.255 [BORDER-acl-adv-3001]rule 10 permit tcp source 10.1.100.0 0.0.0.255 destination-port eq www [BORDER-acl-adv-3001]rule 15 permit tcp source 10.1.100.0 0.0.0.255 destination-port eq domain [BORDER-acl-adv-3001]rule 20 permit tcp source 10.1.100.0 0.0.0.255 destination-port eq ftp [BORDER-acl-adv-3001]rule 25 permit tcp source 10.1.100.0 0.0.0.255 destination-port eq smtp [BORDER-acl-adv-3001]rule 30 permit tcp source 10.1.100.0 0.0.0.255 destination-port eq pop3 [BORDER]interface Dialer 1 [BORDER-Dialer1]nat outbound 3001 //在出接口dialer 上做easy ip的方式的nat [BORDER]display nat outbound interface Dialer 1 NAT Outbound Information: -------------------------------------------------------------------------- Interface Acl Address-group/IP/Interface Type -------------------------------------------------------------------------- Dialer1 3001 200.200.200.2 easyip -------------------------------------------------------------------------- Total : 1 添加静态路由 [BORDER]ip route-static 0.0.0.0 0.0.0.0 Dialer 1 200.200.200.1