总部一:
SAAA
vlan 10
port GigabitEthernet 1/0/10
vlan 20
port GigabitEthernet 1/0/20
[SAAA]interface range GigabitEthernet 1/0/1 to GigabitEthernet 1/0/2
port link-type trunk
port trunk permit vlan 10 20
SAAB:
vlan10
Vlan20
interface GigabitEthernet1/0/1
port link-type trunk
port trunk permit vlan 10 20
SAAC:
interface GigabitEthernet1/0/1
port link-type trunk
port trunk permit vlan 10 20
SAAB,SAAC之间的链路使用链路聚合:
interface Bridge-Aggregation1
quit
interface range GigabitEthernet 1/0/3 to GigabitEthernet 1/0/6
port link-aggregation group 1
quit
interface Bridge-Aggregation1
port link-type trunk
port trunk permit vlan 10 20
在SAAB上查看链路聚合命令:dis link-aggregation verbose 然后截图
SAAA,SAAB,SAAC之间运行MSTP
AAB:
stp region-configuration
region-name XXX(姓名的首字母缩写)
revision-level 1
instance 1 vlan 10
instance 2 vlan 20
active region-configuration
quit
stp instance 1 priority 4096
stp instance 2 priority 8192
SAAC:
stp region-configuration
region-name XXX
revision-level 1
instance 1 vlan 10
instance 2 vlan 20
active region-configuration
quit
stp instance 1 priority 8192
stp instance 2 priority 4096
SAAA:
stp region-configuration
region-name XXX
revision-level 1
instance 1 vlan 10
instance 2 vlan 20
vlan10虚拟网关为:192.XX.10.254,vlan20的虚拟网关为:192.XX.20.254(X为学号后两位)
SAAB:
interface Vlan-interface10
ip address 192.XX.10.252 255.255.255.0
vrrp vrid 1 virtual-ip 192.XX.10.254
vrrp vrid 1 priority 120
interface Vlan-interface20
ip address 192.XX.20.252 255.255.255.0
vrrp vrid 1 virtual-ip 192.XX.20.254
SAAC:
interface Vlan-interface10
ip address 192.XX.10.253 255.255.255.0
vrrp vrid 1 virtual-ip 192.XX.10.254
interface Vlan-interface20
ip address 192.XX.20.253 255.255.255.0
vrrp vrid 1 virtual-ip 192.XX.20.254
vrrp vrid 1 priority 120
在SAAC上使用dis vrrp查询然后截图
SAAB,SAAC上配置连接RAAA端口ip地址
SAAB:
interface GigabitEthernet 1/0/2
port link-mode route
ip address 172.XX.1.1 30
Quit
SAAC:
interface GigabitEthernet 1/0/2
port link-mode route
ip address 172.XX.1.5 30
RAAA上配置连接SAAB,SAAC端口ip地址
interface GigabitEthernet 0/0
ip address 172.XX.1.2 30
quit
interface GigabitEthernet 0/1
ip address 172.XX.1.6 30
Quit
SAAB,SAAC上使用缺省路由访问外网
SAAB:
ip route-static 0.0.0.0 0 172.XX.1.2
SAAC:
ip route-static 0.0.0.0 0 172.XX.1.6
RAAA上使用静态浮动路由访问vlan10,vlan20
RAAA:
ip route-static 192.XX.10.0 24 172.XX.1.1
ip route-static 192.XX.10.0 24 172.XX.1.5 preference 100
ip route-static 192.XX.20.0 24 172.XX.1.1 preference 100
ip route-static 192.XX.20.0 24 172.XX.1.5
RAAA上使用NAT实现vlan20访问外网
RAAA:
acl basic 2000
rule 0 permit source 192.XX.20.0 0.0.0.255
quit
interface GigabitEthernet 0/2
nat outbound 2000
分部二:
IRF-BB1:
Sysname IRF-BB1
save
IRF-BB2:
Sysname IRF-BB2
irf member 1 renumber 2
Save
Reboot
IRF-BB1:
interface range Ten-GigabitEthernet 1/0/49 to Ten-GigabitEthernet 1/0/50
Shutdown
quit
irf-port 1/1
port group interface Ten-GigabitEthernet1/0/49
port group interface Ten-GigabitEthernet1/0/50
Quit
interface range Ten-GigabitEthernet 1/0/49 to Ten-GigabitEthernet 1/0/50
Undo shutdown
Quit
Save
IRF-BB2:
interface range Ten-GigabitEthernet 2/0/49 to Ten-GigabitEthernet 2/0/50
Shutdown
quit
irf-port 2/2
port group interface Ten-GigabitEthernet2/0/49
port group interface Ten-GigabitEthernet2/0/50
Quit
interface range Ten-GigabitEthernet 2/0/49 to Ten-GigabitEthernet 2/0/50
Undo shutdown
Quit
Save
IRF-BB1:
irf member 1 priority 10
irf-port-configuration active
IRF-BB2:
irf-port-configuration active
PC-BB1属于vlan201,PC-BB2属于vlan202,SBBA,SBBB,SBBC,IRF之间的链路为trunk
SBBA:
sysname SBBA
vlan 201
port GigabitEthernet 1/0/10
Vlan 202
port GigabitEthernet 1/0/20
interface range GigabitEthernet 1/0/1 to GigabitEthernet 1/0/2
port link-type trunk
port trunk permit vlan 201 202
SBBB:
sysname SBBB
vlan 201
vlan 202
interface range GigabitEthernet 1/0/1 to GigabitEthernet 1/0/2
port link-type trunk
port trunk permit vlan 201 202
SBBC:
sysname SBBC
vlan 201
vlan 202
interface range GigabitEthernet 1/0/1 to GigabitEthernet 1/0/2
port link-type trunk
port trunk permit vlan 201 202
IRF-BB1:
vlan 201
vlan 202
interface GigabitEthernet1/0/1
port link-type trunk
port trunk permit vlan 201 202
interface GigabitEthernet2/0/1
port link-type trunk
port trunk permit vlan 201 202
在IRF-BB1上验证IRF堆叠是否成功:display irf configuration并截图
实例1为vlan201,实例2为vlan202,在SBBA上使用Smart Link实现链路切换,保护vlan为4092
PC-BB1主链路为SBBA-SBBB,备份链路为SBBA-SBBC
PC-BB2主链路为SBBA-SBBC,备份链路为SBBA-SBBB
SBBB,SBBC上使用Monintor Link实现下行链路备份
SMART-LINK配置
SBBA:
stp region-configuration
region-name XXX
revision-level 1
instance 1 vlan 201
instance 2 vlan 202
active region-configuration
Quit
interface range GigabitEthernet 1/0/1 to GigabitEthernet 1/0/2
undo stp enable
Quit
smart-link group 1
protected-vlan reference-instance 1
port GigabitEthernet 1/0/1 primary
port GigabitEthernet 1/0/2 secondary
preemption mode role
flush enable control-vlan 4092
quit
smart-link group 2
protected-vlan reference-instance 2
port GigabitEthernet 1/0/2 primary
port GigabitEthernet 1/0/1 secondary
preemption mode role
flush enable control-vlan 4092
SBBB:
interface GigabitEthernet1/0/1
undo stp enable
smart-link flush enable control-vlan 4092
interface GigabitEthernet1/0/2
undo stp enable
smart-link flush enable control-vlan 4092
SBBC:
interface GigabitEthernet1/0/1
undo stp enable
smart-link flush enable control-vlan 4092
interface GigabitEthernet1/0/2
undo stp enable
smart-link flush enable control-vlan 4092
IRF-BB1:
interface GigabitEthernet1/0/1
undo stp enable
smart-link flush enable control-vlan 4092
interface GigabitEthernet2/0/1
undo stp enable
smart-link flush enable control-vlan 4092
在SBBA上检查Smart Link组状态:display smart-link group all并截图
Mointor Link
SBBB:
monitor-link group 1
port GigabitEthernet 1/0/2 uplink
port GigabitEthernet 1/0/1 downlink
SBBC:
monitor-link group 1
port GigabitEthernet 1/0/2 uplink
port GigabitEthernet 1/0/1 downlink
在SBBB上检查Monitor Link组状态:display monitor-link group 1
PC-BB1,PC-BB2通过IRF实现三成互通(网关设置在IRF上)
IRF-BB1
interface Vlan-interface201
ip address 192.XX.21.254 255.255.255.0
interface Vlan-interface202
ip address 192.XX.22.254 255.255.255.0
IRF使用静态路由访问外网
ip route-static 0.0.0.0 0 172.XX.1.2
ip route-static 0.0.0.0 0 172.XX.2.2
RBBA使用静态浮动路由访问vlan201,vlan202
ip route-static 192.XX.21.0 24 172.XX.1.1
ip route-static 192.XX.22.0 24 172.XX.2.1 preference 70
ip route-static 192.XX.21.0 24 172.XX.1.1 preference 70
ip route-static 192.XX.22.0 24 172.XX.2.1
RBBA上使用NAT实现vlan202访问外网
acl basic 2000
rule 0 permit source 192.XX.22.0 0.0.0.255
interface GigabitEthernet0/2
nat outbound 2000
分部三:
PC-CC1属于vlan301,PC-CC2属于vlan302,SCCA,SCCB,SCCC,SCCD之间的链路为trunk
SCCA:
interface range GigabitEthernet 1/0/1 to GigabitEthernet 1/0/2
port link-type trunk
port trunk permit vlan 301 302
undo stp enable
SCCB :
interface range GigabitEthernet 1/0/1 to GigabitEthernet 1/0/3
port link-type trunk
port trunk permit vlan 301 302
undo stp enable
SCCC:
interface range GigabitEthernet 1/0/1 to GigabitEthernet 1/0/3
port link-type trunk
port trunk permit vlan 301 302
undo stp enable
SCCD:
interface range GigabitEthernet 1/0/1 to GigabitEthernet 1/0/2
port link-type trunk
port trunk permit vlan 301 302
undo stp enable
Smart Link
SCCA:
stp region-configuration
instance 1 vlan 301 to 302
active region-configuration
smart-link group 1
protected-vlan reference-instance 1
port GigabitEthernet 1/0/2 primary
port GigabitEthernet 1/0/1 secondary
flush enable control-vlan 4092
smart-link group 2
protected-vlan reference-instance 1
port GigabitEthernet 1/0/1 primary
port GigabitEthernet 1/0/2 secondary
flush enable control-vlan 4092
SCCD:
stp region-configuration
instance 1 vlan 301 to 302
active region-configuration
rrpp domain 1
control-vlan 4092
protected-vlan reference-instance 1
ring 1 node-mode master primary-port GigabitEthernet1/0/1 secondary-port GigabitEthernet1/0/2 level 0
ring 1 enable
#quit
rrpp enable
SCCB:
stp region-configuration
instance 1 vlan 301 to 302
active region-configuration
rrpp domain 1
control-vlan 4092
protected-vlan reference-instance 1
ring 1 node-mode transit primary-port GigabitEthernet1/0/3 secondary-port GigabitEthernet1/0/2 level 0
ring 1 enable
# quit
rrpp enable
SCCC:
stp region-configuration
instance 1 vlan 301 to 302
active region-configuration
rrpp domain 1
control-vlan 4092
protected-vlan reference-instance 1
ring 1 node-mode transit primary-port GigabitEthernet1/0/3 secondary-port GigabitEthernet1/0/2 level 0
ring 1 enable
quit
rrpp enable
PC-CC1,PC-CC2通过SCCD实现三层互通
interface Vlan-interface301
ip address 192.XX.31.254 255.255.255.0
interface Vlan-interface302
ip address 192.XX.32.254 255.255.255.0
SCCD通过静态路由访问外网
IP route-static 0.0.0.0 0 172.XX.3.2
RCCA使用静态浮动路由访问vlan301,vlan302
IP route-static 192.XX.31.0 24 172.XX.3.1
IP route-static 192.XX.32.0 24 172.XX.3.1
RCCA使用NAT实现vlan302访问外网
acl basic 2000
rule 0 permit source 192.XX.32.0 0.0.0.255
interface GigabitEthernet0/1
nat outbound 2000
分部四:
IRF-BDD1,IRP-DD2使用IRF技术合成一台交换机
IRF-DD1:
Sysname IRF-DD1
save
IRF-DD2:
Sysname IRF-DD2
irf member 1 renumber 2
Save
Reboot
IRF-DD1:
interface range Ten-GigabitEthernet 1/0/49 to Ten-GigabitEthernet 1/0/52
Shutdown
quit
irf-port 1/1
port group interface Ten-GigabitEthernet1/0/49
port group interface Ten-GigabitEthernet1/0/50
port group interface Ten-GigabitEthernet1/0/51
port group interface Ten-GigabitEthernet1/0/52
Quit
interface range Ten-GigabitEthernet 1/0/49 to Ten-GigabitEthernet 1/0/52
Undo shutdown
Quit
Save
IRF-DD2:
interface range Ten-GigabitEthernet 2/0/49 to Ten-GigabitEthernet 2/0/52
Shutdown
quit
irf-port 2/2
port group interface Ten-GigabitEthernet2/0/49
port group interface Ten-GigabitEthernet2/0/50
port group interface Ten-GigabitEthernet2/0/51
port group interface Ten-GigabitEthernet2/0/52
Quit
interface range Ten-GigabitEthernet 2/0/49 to Ten-GigabitEthernet 2/0/52
Undo shutdown
Quit
Save
IRF-DD1:
irf member 1 priority 10
irf-port-configuration active
IRF-DD2:
irf-port-configuration active
在IRF-DD1上检查IRF状态:display irf configuration
PC-DD1,PC-DD3属于vlan401,PC-DD2,PC-DD4属于vlan402,SDDA,SDDB,IRF之间的链路为trunk
SDDA:
vlan 401
port GigabitEthernet 1/0/10
vlan 402
port GigabitEthernet1/0/20
interface GigabitEthernet1/0/1
port link-type trunk
port trunk permit vlan 1 401 to 402
interface GigabitEthernet1/0/2
port link-type trunk
port trunk permit vlan 1 401 to 402
SDDB:
vlan 401
port GigabitEthernet 1/0/30
vlan 402
port GigabitEthernet1/0/40
interface GigabitEthernet1/0/1
port link-type trunk
port trunk permit vlan 1 401 to 402
interface GigabitEthernet1/0/2
port link-type trunk
port trunk permit vlan 1 401 to 402
IRF-DD1:
vlan 401
vlan 402
interface GigabitEthernet1/0/1
port link-type trunk
port trunk permit vlan 1 401 to 402
interface GigabitEthernet2/0/1
port link-type trunk
port trunk permit vlan 1 401 to 402
dis port trunk
SDDA,SDDB,IRF之间运行MSTP
SDDA:
stp region-configuration
region-name XXX
revision-level 1
instance 1 vlan 401
instance 2 vlan 402
active region-configuration
quit
stp instance 1 priority 4096
stp instance 2 priority 8192
SDDB:
stp region-configuration
region-name XXX
revision-level 1
instance 1 vlan 401
instance 2 vlan 402
active region-configuration
quit
stp instance 1 priority 8192
stp instance 2 priority 4096
IRF-DD1:
stp region-configuration
region-name XXX
revision-level 1
instance 1 vlan 401
instance 2 vlan 402
active region-configuration
在IRF-DD1上检查MSTP状态:display stp region-configuration
PC-DD1,PC-DD2,PC-DD3,PC-DD4之间通过IRF实现三层互通
IRF-DD1:
interface Vlan-interface401
ip address 192.XX.41.254 255.255.255.0
interface Vlan-interface402
ip address 192.XX.42.254 255.255.255.0
IRF通过静态路由访问外网
IRF-DD1:
ip route-static 0.0.0.0 0 172.XX.1.2
ip route-static 0.0.0.0 0 172.XX.2.2
RDDA上使用静态浮动路由访问vlan401,vlan402
RDDA:
ip route-static 192.XX.41.0 24 172.XX.1.1
ip route-static 192.XX.41.0 24 172.XX.2.1 preference 70
ip route-static 192.XX.42.0 24 172.XX.2.1
ip route-static 192.XX.42.0 24 172.XX.1.1 preference 70
RDDA上使用NAT实现vlan402访问外网
RDDA:
acl basic 2000
rule 0 permit source 192.XX.42.0 0.0.0.255
interface GigabitEthernet0/2
nat outbound 2000
SWWW
interface GigabitEthernet 1/0/1
port link-mode route
ip address 200.39.1.2 30
interface GigabitEthernet 1/0/2
port link-mode route
ip address 200.39.2.2 30
interface GigabitEthernet 1/0/3
port link-mode route
ip address 200.39.3.2 30
interface GigabitEthernet 1/0/4
port link-mode route
ip address 200.39.4.2 30正文完
