1、网络拓扑图
2、网络目标
1)配置mstp
第一步:改变模式
stp enable
stp mode mstp
第二步:创建多生成树域
stp region-configuration
region-name gd
revision-level 1
instance 1 vlan 10
instance 2 vlan 20
active region-configuration
第三步:调用实例
stp instance 1 root primary//本交换机为实例1的主
stp instance 2 root secondary//本交换机为实例2为从
2)配置vrrp
第一步:
vrrp vrid 1 virtual-ip 10.1.1.1//设置虚拟网关地址
vrrp vrid 1 priority 120//设置优先级为120,默认为100,越大越优先,优先级一样,取决于ip地址大的优先
vrrp vrid 1 preempt-mode timer delay 20//默认延时为0,尽量需改大一些
vrrp vrid 1 track interface GigabitEthernet0/0/5 reduced 30
注意:路由器通告时间默认为1s
3)需要再ospf中添加默认路由
ospf 100
default-route-advertise always type 1
area 0.0.0.0
network 50.1.1.0 0.0.0.255
network 60.1.1.0 0.0.0.255
4)nat
第一步:创建访问控制列表
acl number 2000
rule 5 permit source any
第二步:nat
int g0/0/1
nat outbound 2000
3、配置
sw1:
[sw1]display current-configuration
#
sysname sw1
#
vlan batch 10 20 30 40 100
#
stp instance 1 root primary
stp instance 2 root secondary
#
cluster enable
ntdp enable
ndp enable
#
drop illegal-mac alarm
#
dhcp enable
#
diffserv domain default
#
stp region-configuration
region-name gd
revision-level 1
instance 1 vlan 10
instance 2 vlan 20
active region-configuration
#
drop-profile default
#
ip pool vlan10
gateway-list 10.1.1.1
network 10.1.1.0 mask 255.255.255.0
excluded-ip-address 10.1.1.200 10.1.1.254
lease day 10 hour 0 minute 0
dns-list 8.8.8.8
#
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password simple admin
local-user admin service-type http
#
interface Vlanif1
#
interface Vlanif10
ip address 10.1.1.254 255.255.255.0
vrrp vrid 1 virtual-ip 10.1.1.1
vrrp vrid 1 priority 120
vrrp vrid 1 preempt-mode timer delay 20
vrrp vrid 1 track interface GigabitEthernet0/0/5 reduced 30
dhcp select global
#
interface Vlanif20
ip address 20.1.1.253 255.255.255.0
vrrp vrid 2 virtual-ip 20.1.1.1
#
interface Vlanif30
ip address 30.1.1.1 255.255.255.0
#
interface MEth0/0/1
#
interface Eth-Trunk1
port link-type trunk
port trunk allow-pass vlan 2 to 4094
#
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 2 to 4094
#
interface GigabitEthernet0/0/2
eth-trunk 1
#
interface GigabitEthernet0/0/3
port link-type trunk
port trunk allow-pass vlan 2 to 4094
#
interface GigabitEthernet0/0/4
eth-trunk 1
#
interface GigabitEthernet0/0/5
port link-type access
port default vlan 30
#
interface GigabitEthernet0/0/6
#
interface GigabitEthernet0/0/7
#
interface GigabitEthernet0/0/8
#
interface GigabitEthernet0/0/9
#
interface GigabitEthernet0/0/10
#
interface GigabitEthernet0/0/11
#
interface GigabitEthernet0/0/12
#
interface GigabitEthernet0/0/13
#
interface GigabitEthernet0/0/14
#
interface GigabitEthernet0/0/15
#
interface GigabitEthernet0/0/16
#
interface GigabitEthernet0/0/17
#
interface GigabitEthernet0/0/18
#
interface GigabitEthernet0/0/19
#
interface GigabitEthernet0/0/20
#
interface GigabitEthernet0/0/21
#
interface GigabitEthernet0/0/22
#
interface GigabitEthernet0/0/23
#
interface GigabitEthernet0/0/24
#
interface NULL0
#
ospf 100
import-route direct
area 0.0.0.0
network 30.1.1.0 0.0.0.255
#
user-interface con 0
idle-timeout 0 0
user-interface vty 0 4
#
return
[sw1]
sw2:
<sw2>display current-configuration
#
sysname sw2
#
vlan batch 10 20 30 40 100
#
stp instance 1 root secondary
stp instance 2 root primary
#
cluster enable
ntdp enable
ndp enable
#
drop illegal-mac alarm
#
dhcp enable
#
diffserv domain default
#
stp region-configuration
region-name gd
revision-level 1
instance 1 vlan 10
instance 2 vlan 20
active region-configuration
#
drop-profile default
#
ip pool vlan20
gateway-list 20.1.1.1
network 20.1.1.0 mask 255.255.255.0
excluded-ip-address 20.1.1.200 20.1.1.254
lease day 10 hour 0 minute 0
dns-list 8.8.8.8
#
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password simple admin
local-user admin service-type http
#
interface Vlanif1
#
interface Vlanif10
ip address 10.1.1.253 255.255.255.0
vrrp vrid 1 virtual-ip 10.1.1.1
#
interface Vlanif20
ip address 20.1.1.254 255.255.255.0
vrrp vrid 2 virtual-ip 20.1.1.1
vrrp vrid 2 priority 120
vrrp vrid 2 preempt-mode timer delay 20
vrrp vrid 2 track interface GigabitEthernet0/0/5 reduced 30
dhcp select global
#
interface Vlanif40
ip address 40.1.1.1 255.255.255.0
#
interface MEth0/0/1
#
interface Eth-Trunk1
port link-type trunk
port trunk allow-pass vlan 2 to 4094
#
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 2 to 4094
#
interface GigabitEthernet0/0/2
eth-trunk 1
#
interface GigabitEthernet0/0/3
port link-type trunk
port trunk allow-pass vlan 2 to 4094
#
interface GigabitEthernet0/0/4
eth-trunk 1
#
interface GigabitEthernet0/0/5
port link-type access
port default vlan 40
#
interface GigabitEthernet0/0/6
#
interface GigabitEthernet0/0/7
#
interface GigabitEthernet0/0/8
#
interface GigabitEthernet0/0/9
#
interface GigabitEthernet0/0/10
#
interface GigabitEthernet0/0/11
#
interface GigabitEthernet0/0/12
#
interface GigabitEthernet0/0/13
#
interface GigabitEthernet0/0/14
#
interface GigabitEthernet0/0/15
#
interface GigabitEthernet0/0/16
#
interface GigabitEthernet0/0/17
#
interface GigabitEthernet0/0/18
#
interface GigabitEthernet0/0/19
#
interface GigabitEthernet0/0/20
#
interface GigabitEthernet0/0/21
#
interface GigabitEthernet0/0/22
#
interface GigabitEthernet0/0/23
#
interface GigabitEthernet0/0/24
#
interface NULL0
#
ospf 100
import-route direct
area 0.0.0.0
network 40.1.1.0 0.0.0.255
#
user-interface con 0
idle-timeout 0 0
user-interface vty 0 4
#
return
<sw2>
R3:
<r3>display current-configuration
[V200R003C00]
#
sysname r3
#
snmp-agent local-engineid 800007DB03000000000000
snmp-agent
#
clock timezone China-Standard-Time minus 08:00:00
#
portal local-server load flash:/portalpage.zip
#
drop illegal-mac alarm
#
wlan ac-global carrier id other ac id 0
#
set cpu-usage threshold 80 restore 75
#
acl number 2000
rule 5 permit
#
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password cipher %$%$K8m.Nt84DZ}e#<0`8bmE3Uw}%$%$
local-user admin service-type http
#
firewall zone Local
priority 15
#
interface GigabitEthernet0/0/0
ip address 50.1.1.2 255.255.255.0
#
interface GigabitEthernet0/0/1
ip address 60.1.1.2 255.255.255.0
#
interface GigabitEthernet0/0/2
ip address 200.1.1.2 255.255.255.0
nat outbound 2000
#
interface NULL0
#
ospf 100
default-route-advertise always type 1
area 0.0.0.0
network 50.1.1.0 0.0.0.255
network 60.1.1.0 0.0.0.255
#
ip route-static 0.0.0.0 0.0.0.0 200.1.1.1
#
user-interface con 0
authentication-mode password
user-interface vty 0 4
user-interface vty 16 20
#
wlan ac
#
return
<r3>
<r3>
<r3>dis
<r3>display cu
<r3>display current-configuration
[V200R003C00]
#
sysname r3
#
snmp-agent local-engineid 800007DB03000000000000
snmp-agent
#
clock timezone China-Standard-Time minus 08:00:00
#
portal local-server load flash:/portalpage.zip
#
drop illegal-mac alarm
#
wlan ac-global carrier id other ac id 0
#
set cpu-usage threshold 80 restore 75
#
acl number 2000
rule 5 permit
#
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password cipher %$%$K8m.Nt84DZ}e#<0`8bmE3Uw}%$%$
local-user admin service-type http
#
firewall zone Local
priority 15
#
interface GigabitEthernet0/0/0
ip address 50.1.1.2 255.255.255.0
#
interface GigabitEthernet0/0/1
ip address 60.1.1.2 255.255.255.0
#
interface GigabitEthernet0/0/2
ip address 200.1.1.2 255.255.255.0
nat outbound 2000
#
interface NULL0
#
ospf 100
default-route-advertise always type 1
area 0.0.0.0
network 50.1.1.0 0.0.0.255
network 60.1.1.0 0.0.0.255
#
ip route-static 0.0.0.0 0.0.0.0 200.1.1.1
#
user-interface con 0
authentication-mode password
user-interface vty 0 4
user-interface vty 16 20
#
wlan ac
#
return
<r3>
4、结果
