ensp三層架構實驗

ensp三層架構實驗

需求：

拓撲圖：

思路：
IP規劃
172.16.2.0/24 vlan1
172.16.3.0/24 vlan2
172.16.0.0/24 骨幹鏈路

（1）首先配置Eth-Trunk

SW1和SW2配置相同

#
interface Eth-Trunk1
#
interface GigabitEthernet0/0/4
 eth-trunk 1
#
interface GigabitEthernet0/0/5
 eth-trunk 1

（2）劃分vlan，配置trunk

SW1,2，3，4上需要Trunk的地方都需要設置trunk或者hybrid

vlan batch 2
#
interface Eth-Trunk1
 port link-type trunk
 port trunk allow-pass vlan 2
#
interface GigabitEthernet0/0/2
 port hybrid tagged vlan 2
#
interface GigabitEthernet0/0/3
 port hybrid tagged vlan 2
#

（3）起mstp協議

#
stp region-configuration
 region-name a
 instance 1 vlan 1
 instance 2 vlan 2
 active region-configuration
#


將連接PC的接口設置爲邊緣接口，並且將接口劃入對應VLAN
#
interface GigabitEthernet0/0/3
 port link-type access
 stp edged-port enable
#
interface GigabitEthernet0/0/4
 port link-type access
 port default vlan 2
 stp edged-port enable
#

（4）SVI

#
interface Vlanif1
 ip address 172.16.2.253 255.255.255.0
#
interface Vlanif2
 ip address 172.16.3.253 255.255.255.0

（5）VRRP

#
interface Vlanif1
 ip address 172.16.2.253 255.255.255.0
 vrrp vrid 1 virtual-ip 172.16.2.250
 vrrp vrid 1 priority 120
 vrrp vrid 1 timer advertise 30
 vrrp vrid 1 track interface GigabitEthernet0/0/1 reduced 30
#
interface Vlanif2
 ip address 172.16.3.253 255.255.255.0
 vrrp vrid 2 virtual-ip 172.16.3.250



#
interface Vlanif1
 ip address 172.16.2.254 255.255.255.0
 vrrp vrid 1 virtual-ip 172.16.2.250

#
interface Vlanif2
 ip address 172.16.3.254 255.255.255.0
 vrrp vrid 2 virtual-ip 172.16.3.250
 vrrp vrid 2 priority 120
 vrrp vrid 2 timer advertise 30
 vrrp vrid 2 track interface GigabitEthernet0/0/1 reduced 30

（6）DHCP

全局開啓DHCP
DHCP enable

設置DHCP池塘
#
ip pool v1
 gateway-list 172.16.2.250
 network 172.16.2.0 mask 255.255.255.0
 dns-list 8.8.8.8 114.114.114.114
#
ip pool v2
 gateway-list 172.16.3.250
 network 172.16.3.0 mask 255.255.255.0
 dns-list 8.8.8.8 114.114.114.114
#

在接口開啓DHCP全局模式
#
interface Vlanif1
 dhcp select global
#
interface Vlanif2
 dhcp select global

（7）配置骨幹鏈路

（8）建立ospf鄰居

SW1

#
ospf 1 router-id 1.1.1.1
 silent-interface GigabitEthernet0/0/3
 silent-interface GigabitEthernet0/0/2
 area 0.0.0.0
  network 172.16.0.2 0.0.0.0
 area 0.0.0.1
  abr-summary 172.16.2.0 255.255.254.0
  network 172.16.2.0 0.0.0.255
  network 172.16.3.0 0.0.0.255
#

SW2

#
ospf 1
 silent-interface GigabitEthernet0/0/3
 silent-interface GigabitEthernet0/0/2
 area 0.0.0.0
  network 172.16.0.6 0.0.0.0
 area 0.0.0.1
  abr-summary 172.16.2.0 255.255.254.0
  network 172.16.2.0 0.0.0.255
  network 172.16.3.0 0.0.0.255
#

R1

要與外界接通內部需要缺省，所以由R1下放一條五類缺省
#
ospf 1 router-id 11.11.11.11 
 default-route-advertise
 area 0.0.0.0 
  network 172.16.0.0 0.0.255.255 
#

（9）NAT

邊界路由器設置缺省指向運營商

#
acl number 2000  
 rule 5 permit source 172.16.0.0 0.0.255.255 
#
interface GigabitEthernet0/0/2
 ip address 12.1.1.2 255.255.255.0 
 nat outbound 2000

（10）測試