当前位置：首页 > news >正文

NE综合实验3：链路聚合、VLAN与Trunk、STP、DHCP、OSPF及PPP整合部署

news 2025/7/16 16:12:08

NE综合实验3

链路聚合：通过LACP或静态聚合提升带宽与冗余性
VLAN与Trunk：跨交换机VLAN通信及Trunk端口配置
STP：生成树协议优化网络拓扑防环
DHCP：动态地址分配与中继配置
OSPF：动态路由协议实现多区域互联
默认路由：边界设备外网流量引导
PPP：广域网链路认证与封装

一、实验拓扑

请添加图片描述

二、实验需求

IP地址配置如图，公司网络通过R1连接互联网
SW1和SW2之间的直连链路配置链路聚合
公司内部业务网段为vlan10和vlan20；PC1属于vlan10，PC2属于vlan20，vlan30用于SW1和SW2建立OSPF邻居；vlan111为SW1和R1的互联vlan，vlan222为SW2和R2的互联vlan
所有交换机相连的端口配置为trunk，不允许无关流量通过
交换区域配置生成树，要求SW2为根网桥，闭塞端口在SW3上
交换机连接PC的端口配置为边缘端口
在SW1配置DHCP服务，为vlan10和vlan20的PC动态分配IP地址、网关和DNS地址；要求vlan10的网关是192.168.1.252，vlan20的网关是192.168.2.253
按图示分区域配置OSPF实现公司内部网络全网互通，R1和R2的环回口宣告进骨干区域；业务网段不允许出现协议报文（即配置静默接口）
R1上配置默认路由指向互联网，并引入到OSPF
R1通过双线连接到互联网，配置MP-GROUP，并配置双向chap验证
只有业务网段192.168.1.0/24和192.168.2.0/24的数据流可以通过R1访问互联网
R1开启TELNET远程管理

三、实验步骤

IP地址配置如图，公司网络通过R1连接互联网

[R1]int g0/0
[R1-GigabitEthernet0/0]ip add 10.0.0.5 30
[R1-GigabitEthernet0/0]int g0/1
[R1-GigabitEthernet0/1]ip add 10.0.0.1 30
[R1-GigabitEthernet0/1]int g0/2
[R1-GigabitEthernet0/2]ip add 10.0.0.14 30
[R1-GigabitEthernet0/2]int lo0
[R1-LoopBack0]ip add 10.1.1.1 32
[R1-LoopBack0]qu

[R2]int g0/0
[R2-GigabitEthernet0/0]ip add 10.0.0.9 30
[R2-GigabitEthernet0/0]int g0/1
[R2-GigabitEthernet0/1]ip add 10.0.0.18 30
[R2-GigabitEthernet0/1]int g0/2
[R2-GigabitEthernet0/2]ip add 10.0.0.2 30
[R2-GigabitEthernet0/2]int lo0
[R2-LoopBack0]ip add 10.1.1.2 32
[R2-LoopBack0]qu

[R3]int g0/0
[R3-GigabitEthernet0/0]ip add 10.0.0.13 30
[R3-GigabitEthernet0/0]int g0/1
[R3-GigabitEthernet0/1]ip add 10.0.0.17 30
[R3-GigabitEthernet0/1]int g0/2
[R3-GigabitEthernet0/2]ip add 192.168.3.254 24
[R3-GigabitEthernet0/2]int lo0
[R3-LoopBack0]ip add 10.1.1.3 32
[R3-LoopBack0]qu

[SW1]vlan 10
[SW1-vlan10]vlan 20
[SW1-vlan20]vlan 30
[SW1-vlan30]vlan 111
[SW1-vlan111]int vlan 10
[SW1-Vlan-interface10]ip add 192.168.1.252 24
[SW1-Vlan-interface10]int vlan 20
[SW1-Vlan-interface20]ip add 192.168.2.252 24
[SW1-Vlan-interface20]int vlan 30
[SW1-Vlan-interface30]ip add 10.1.2.1 30
[SW1-Vlan-interface30]int vlan 111
[SW1-Vlan-interface111]ip add 10.0.0.6 30
[SW1-Vlan-interface111]int lo0
[SW1-LoopBack0]ip add 10.1.1.11 32
[SW1-LoopBack0]qu

[SW2]vlan 10
[SW2-vlan10]vlan 20
[SW2-vlan20]vlan 30
[SW2-vlan30]vlan 222
[SW2-vlan222]int vlan 10
[SW2-Vlan-interface10]ip add 192.168.1.253 24
[SW2-Vlan-interface10]int vlan 20
[SW2-Vlan-interface20]ip add 192.168.2.253 24
[SW2-Vlan-interface20]int vlan 30
[SW2-Vlan-interface30]ip add 10.1.2.2 30
[SW2-Vlan-interface30]int vlan 222
[SW2-Vlan-interface222]ip add 10.0.0.10 30
[SW2-Vlan-interface222]int lo0
[SW2-LoopBack0]ip add 10.1.1.12 32
[SW2-LoopBack0]qu

SW1和SW2之间的直连链路配置链路聚合

[SW1]int Bridge-Aggregation 1
[SW1-Bridge-Aggregation1]qu
[SW1]int g1/0/1
[SW1-GigabitEthernet1/0/1]port link-aggregation group 1
[SW1-GigabitEthernet1/0/1]int g1/0/2
[SW1-GigabitEthernet1/0/2]port link-aggregation group 1
[SW1-GigabitEthernet1/0/2]qu

[SW2]int Bridge-Aggregation 1
[SW2-Bridge-Aggregation1]qu
[SW2]int g1/0/1
[SW2-GigabitEthernet1/0/1]port link-aggregation group 1
[SW2-GigabitEthernet1/0/1]int g1/0/2
[SW2-GigabitEthernet1/0/2]port link-aggregation group 1
[SW2-GigabitEthernet1/0/2]qu

PC1属于vlan10，PC2属于vlan20

[SW3]vlan 10
[SW3-vlan10]port g1/0/3
[SW3-vlan10]vlan 20
[SW3-vlan20]port g1/0/4
[SW3-vlan20]qu

vlan111为SW1和R1的互联vlan，vlan222为SW2和R2的互联vlan

[SW1]vlan 111
[SW1-vlan111]port g1/0/4
[SW1-vlan111]qu

[SW2]vlan 222
[SW2-vlan222]port g1/0/4
[SW2-vlan222]qu

所有交换机相连的端口配置为trunk，不允许无关流量通过

[SW1]int Bridge-Aggregation 1
[SW1-Bridge-Aggregation1]port link-type trunk 
[SW1-Bridge-Aggregation1]port trunk permit vlan 10 20 30
[SW1-Bridge-Aggregation1]qu
[SW1]int g1/0/3
[SW1-GigabitEthernet1/0/3]port link-type trunk 
[SW1-GigabitEthernet1/0/3]port trunk permit vlan 10 20 
[SW1-GigabitEthernet1/0/3]qu

[SW2]int Bridge-Aggregation 1
[SW2-Bridge-Aggregation1]port link-type trunk 
[SW2-Bridge-Aggregation1]port trunk permit vlan 10 20 30
[SW2-Bridge-Aggregation1]qu
[SW2]int g1/0/3
[SW2-GigabitEthernet1/0/3]port link-type trunk 
[SW2-GigabitEthernet1/0/3]port trunk permit vlan 10 20 
[SW2-GigabitEthernet1/0/3]qu

[SW3]int g1/0/1
[SW3-GigabitEthernet1/0/1]port link-type trunk 
[SW3-GigabitEthernet1/0/1]port trunk permit vlan 10 20
[SW3-GigabitEthernet1/0/1]int g1/0/2
[SW3-GigabitEthernet1/0/2]port link-type trunk 
[SW3-GigabitEthernet1/0/2]port trunk permit vlan 10 20
[SW3-GigabitEthernet1/0/4]qu

交换区域配置生成树，要求SW2为根网桥，闭塞端口在SW3上

[SW2]stp priority 4096

<SW1>dis stp brMST ID   Port                                Role  STP State   Protection0        Bridge-Aggregation1                 ROOT  FORWARDING  NONE0        GigabitEthernet1/0/3                DESI  FORWARDING  NONE0        GigabitEthernet1/0/4                DESI  FORWARDING  NONE

[SW2]dis stp brMST ID   Port                                Role  STP State   Protection0        Bridge-Aggregation1                 DESI  FORWARDING  NONE0        GigabitEthernet1/0/3                DESI  FORWARDING  NONE0        GigabitEthernet1/0/4                DESI  FORWARDING  NONE

[SW3]dis stp brMST ID   Port                                Role  STP State   Protection0        GigabitEthernet1/0/1                ALTE  DISCARDING  NONE0        GigabitEthernet1/0/2                ROOT  FORWARDING  NONE0        GigabitEthernet1/0/3                DESI  FORWARDING  NONE0        GigabitEthernet1/0/4                DESI  FORWARDING  NONE

交换机连接PC的端口配置为边缘端口

[SW3-GigabitEthernet1/0/2]int g1/0/3
[SW3-GigabitEthernet1/0/3]stp edg
[SW3-GigabitEthernet1/0/3]int g1/0/4
[SW3-GigabitEthernet1/0/4]stp edg
[SW3-GigabitEthernet1/0/4]qu

在SW1配置DHCP服务，为vlan10和vlan20的PC动态分配IP地址、网关和DNS地址；要求vlan10的网关是192.168.1.252，vlan20的网关是192.168.2.253

[SW1]dhcp enable 
[SW1]dhcp server ip-pool 1
[SW1-dhcp-pool-1]net 192.168.1.0 24
[SW1-dhcp-pool-1]gateway-list 192.168.1.252
[SW1-dhcp-pool-1]dns-list 114.114.114.114
[SW1-dhcp-pool-1]expired day 1
[SW1-dhcp-pool-1]qu
[SW1]dhcp server ip-pool 2
[SW1-dhcp-pool-2]net 192.168.2.0 24
[SW1-dhcp-pool-2]gateway-list 192.168.2.253
[SW1-dhcp-pool-2]dns-list 114.114.114.114
[SW1-dhcp-pool-2]expired day 1
[SW1-dhcp-pool-2]qu

[SW1]dis dhcp server ip-in-use 
IP address       Client identifier/    Lease expiration      TypeHardware address
192.168.1.1      0035-3666-662e-3462-  Jul 16 18:56:39 2025  Auto(C)            3836-2e30-3830-362d-                                           4745-302f-302f-31                                              
192.168.2.1      0035-3666-662e-3464-  Jul 16 18:56:44 2025  Auto(C)            3736-2e30-3930-362d-                                           4745-302f-302f-31

按图示分区域配置OSPF实现公司内部网络全网互通，R1和R2的环回口宣告进骨干区域

[R1]ospf 1 router-id 10.1.1.1
[R1-ospf-1]a 0
[R1-ospf-1-area-0.0.0.0]net 10.0.0.1 0.0.0.0
[R1-ospf-1-area-0.0.0.0]net 10.0.0.14 0.0.0.0
[R1-ospf-1-area-0.0.0.0]net 10.1.1.1 0.0.0.0
[R1-ospf-1-area-0.0.0.0]a 1
[R1-ospf-1-area-0.0.0.1]net 10.0.0.5 0.0.0.0
[R1-ospf-1-area-0.0.0.1]qu
[R1-ospf-1]qu

[R2]ospf 1 router-id 10.1.1.2
[R2-ospf-1]a 0
[R2-ospf-1-area-0.0.0.0]net 10.0.0.18 0.0.0.0
[R2-ospf-1-area-0.0.0.0]net 10.0.0.2 0.0.0.0
[R2-ospf-1-area-0.0.0.0]net 10.1.1.2 0.0.0.0
[R2-ospf-1-area-0.0.0.0]a 1
[R2-ospf-1-area-0.0.0.1]net 10.0.0.9 0.0.0.0
[R2-ospf-1-area-0.0.0.1]qu
[R2-ospf-1]qu

[R3]ospf 1 router-id 10.1.1.3
[R3-ospf-1]a 0
[R3-ospf-1-area-0.0.0.0]net 10.0.0.13 0.0.0.0
[R3-ospf-1-area-0.0.0.0]net 10.0.0.17 0.0.0.0
[R3-ospf-1-area-0.0.0.0]net 192.168.3.254 0.0.0.255
[R3-ospf-1-area-0.0.0.0]net 10.1.1.3 0.0.0.0
[R3-ospf-1-area-0.0.0.0]qu
[R3-ospf-1]qu

[SW1]ospf 1 rou
[SW1]ospf 1 router-id 10.1.1.11 
[SW1-ospf-1]a 1
[SW1-ospf-1-area-0.0.0.1]net 192.168.1.0 0.0.0.255
[SW1-ospf-1-area-0.0.0.1]net 192.168.2.0 0.0.0.255
[SW1-ospf-1-area-0.0.0.1]net 10.1.2.1 0.0.0.0
[SW1-ospf-1-area-0.0.0.1]net 10.0.0.6 0.0.0.0
[SW1-ospf-1-area-0.0.0.1]net 10.1.1.11 0.0.0.0
[SW1-ospf-1-area-0.0.0.1]qu
[sw1-ospf-1]qu

[SW2]ospf 1 router-id 10.1.1.12
[SW2-ospf-1]a 1
[SW2-ospf-1-area-0.0.0.1]net 192.168.1.0 0.0.0.255
[SW2-ospf-1-area-0.0.0.1]net 192.168.2.0 0.0.0.255
[SW2-ospf-1-area-0.0.0.1]net 10.1.2.2 0.0.0.0
[SW2-ospf-1-area-0.0.0.1]net 10.0.0.10 0.0.0.0
[SW2-ospf-1-area-0.0.0.1]net 10.1.1.12 0.0.0.0
[SW2-ospf-1-area-0.0.0.1]qu
[SW2-ospf-1]qu

业务网段不允许出现协议报文（即配置静默接口）

[SW1]ospf 1
[SW1-ospf-1]silent-interface Vlan 10
[SW1-ospf-1]silent-interface Vlan 20
[SW1-ospf-1]qu

[SW2]ospf 1
[SW2-ospf-1]silent-interface Vlan 10
[SW2-ospf-1]silent-interface Vlan 20
[SW2-ospf-1]qu

[R3]ospf
[R3-ospf-1]silent-interface g0/2
[R3-ospf-1]qu

R1上配置默认路由指向互联网，并引入到OSPF

[R1]ip route-static 0.0.0.0 0 202.100.1.1
[R1]ospf 1
[R1-ospf-1]default-route-advertise 
[R1-ospf-1]qu

R1通过双线连接到互联网，配置MP-GROUP，并配置双向chap验证

[R1]int MP-group 1
[R1-MP-group1]qu
[R1]local-user wiltjer class network 
New local user added.
[R1-luser-network-wiltjer]password simple 123456
[R1-luser-network-wiltjer]service-type ppp
[R1-luser-network-wiltjer]qu[R1]int s1/0
[R1-Serial1/0]ppp mp MP-group 1
[R1-Serial1/0]ppp chap user wiltjer1
[R1-Serial1/0]int s2/0
[R1-Serial2/0]ppp mp MP-group 1
[R1-Serial2/0]ppp chap user wiltjer1
[R1-Serial2/0]qu

[INTERNET]int MP-group 1
[INTERNET-MP-group1]qu
[INTERNET]local-user wiltjer class network 
New local user added.
[INTERNET-luser-network-wiltjer]password simple 123456
[INTERNET-luser-network-wiltjer]service-type ppp
[INTERNET-luser-network-wiltjer]qu[INTERNET]int s1/0
[INTERNET-Serial1/0]ppp mp MP-group 1
[INTERNET-Serial1/0]ppp chap user wiltjer
[INTERNET-Serial1/0]int s2/0
[INTERNET-Serial2/0]ppp mp MP-group 1
[INTERNET-Serial2/0]ppp chap user wiltjer
[INTERNET-Serial2/0]qu

只有业务网段192.168.1.0/24和192.168.2.0/24的数据流可以通过R1访问互联网

[R1]acl basic 2000
[R1-acl-ipv4-basic-2000]rule permit source 192.168.1.0 0.0.0.255
[R1-acl-ipv4-basic-2000]rule permit source 192.168.2.0 0.0.0.255
[R1-acl-ipv4-basic-2000]qu[R1]int MP-group 1
[R1-MP-group1]nat outbound 2000
[R1-MP-group1]qu

R1开启TELNET远程管理

[R1]local-user wiltjer class manage 
New local user added.
[R1-luser-manage-wiltjer]password simple 123456.com
[R1-luser-manage-wiltjer]authorization-attribute user-role level-15
[R1-luser-manage-wiltjer]service-type telnet
[R1-luser-manage-wiltjer]qu[R1]user-interface vty 0 4
[R1-line-vty0-4]authentication-mode scheme 
[R1-line-vty0-4]qu

查看全文

http://www.lryc.cn/news/589594.html