功能:内网与外网使用静态路由、浮动路由互通;
有单独的dhcp服务器,使用核心层的两台交换机作为中继代理为有线终端动态下发ip地址;
实现有线与无线的互访,但无线用户不能访问财务部;
利用vrrp+mstp实现冗余分担、LSW5作为实例1的根桥,LSW6作为实例2的根桥。..........
配置:
LSW1
vlan batch 10
#
stp region-configuration
region-name dc
instance 1 vlan 10 20 30
instance 2 vlan 40 50 60
active region-configuration
#
interface Ethernet0/0/1
port link-type access
port default vlan 10
#
interface Ethernet0/0/2
port link-type trunk
port trunk allow-pass vlan 2 to 4094
#
interface Ethernet0/0/3
port link-type trunk
port trunk allow-pass vlan 2 to 4094? LSW2
vlan batch 20
#
stp region-configuration
region-name dc
instance 1 vlan 10 20 30
instance 2 vlan 40 50 60
active region-configuration
#
interface Ethernet0/0/1
port link-type access
port default vlan 20
#
interface Ethernet0/0/2
port link-type trunk
port trunk allow-pass vlan 2 to 4094
#
interface Ethernet0/0/3
port link-type trunk
port trunk allow-pass vlan 2 to 4094LSW3
vlan batch 30
#
acl number 3001
rule 5 deny ip source 192.168.50.0 0.0.0.255 destination 192.168.30.0 0.0.0.255
#
stp region-configuration
region-name dc
instance 1 vlan 10 20 30
instance 2 vlan 40 50 60
active region-configuration
#
interface Ethernet0/0/1
port link-type access
port default vlan 30
traffic-filter outbound acl 3001
#
interface Ethernet0/0/2
port link-type trunk
port trunk allow-pass vlan 2 to 4094
#
interface Ethernet0/0/3
port link-type trunk
port trunk allow-pass vlan 2 to 4094LSW4
?
vlan batch 40
#
stp region-configuration
region-name dc
instance 1 vlan 10 20 30
instance 2 vlan 40 50 60
active region-configuration
#
interface Ethernet0/0/1
port link-type access
port default vlan 40
#
interface Ethernet0/0/2
port link-type trunk
port trunk allow-pass vlan 2 to 4094
#
interface Ethernet0/0/3
port link-type trunk
port trunk allow-pass vlan 2 to 4094LSW5
vlan batch 10 20 30 40 50 60 201
#
dhcp enable
#
stp instance 1 root primary
stp instance 2 root secondary
#
stp region-configuration
region-name dc
instance 1 vlan 10 20 30
instance 2 vlan 40 50 60
active region-configuration
#
drop-profile default
#
interface Vlanif10
ip address 192.168.10.1 255.255.255.0
vrrp vrid 10 virtual-ip 192.168.10.254
vrrp vrid 10 priority 120
dhcp select relay
dhcp relay server-ip 192.168.60.1
#
interface Vlanif20
ip address 192.168.20.1 255.255.255.0
vrrp vrid 20 virtual-ip 192.168.20.254
vrrp vrid 20 priority 120
dhcp select relay
dhcp relay server-ip 192.168.60.1
#
interface Vlanif30
ip address 192.168.30.1 255.255.255.0
vrrp vrid 30 virtual-ip 192.168.30.254
vrrp vrid 30 priority 120
dhcp select relay
dhcp relay server-ip 192.168.60.1
#
interface Vlanif40
ip address 192.168.40.1 255.255.255.0
vrrp vrid 40 virtual-ip 192.168.40.254
dhcp select relay
dhcp relay server-ip 192.168.60.1
#
interface Vlanif50
ip address 192.168.50.1 255.255.255.0
vrrp vrid 50 virtual-ip 192.168.50.254
#
interface Vlanif60
ip address 192.168.60.252 255.255.255.0
vrrp vrid 60 virtual-ip 192.168.60.254
#
interface Vlanif201
ip address 192.168.201.1 255.255.255.0
#
interface Eth-Trunk1
port link-type trunk
port trunk allow-pass vlan 2 to 4094
#
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 2 to 4094
#
interface GigabitEthernet0/0/2
port link-type trunk
port trunk allow-pass vlan 2 to 4094
#
interface GigabitEthernet0/0/3
port link-type trunk
port trunk allow-pass vlan 2 to 4094
#
interface GigabitEthernet0/0/4
port link-type trunk
port trunk allow-pass vlan 2 to 4094
#
interface GigabitEthernet0/0/5
port link-type access
port default vlan 201
#
interface GigabitEthernet0/0/6
port link-type trunk
port trunk allow-pass vlan 2 to 4094
interface GigabitEthernet0/0/23
eth-trunk 1
#
interface GigabitEthernet0/0/24
eth-trunk 1
#
interface NULL0
#
ospf 1
area 0.0.0.0
network 192.168.0.0 0.0.255.255
#
ip route-static 0.0.0.0 0.0.0.0 192.168.201.2
port-group 1
group-member GigabitEthernet0/0/1
group-member GigabitEthernet0/0/2
group-member GigabitEthernet0/0/3
group-member GigabitEthernet0/0/4
LSW6
#
vlan batch 10 20 30 40 50 to 51 60 202
#
stp instance 1 root secondary
stp instance 2 root primary
#
dhcp enable
#
stp region-configuration
region-name dc
instance 1 vlan 10 20 30
instance 2 vlan 40 50 60
active region-configuration
#
interface Vlanif10
ip address 192.168.10.2 255.255.255.0
vrrp vrid 10 virtual-ip 192.168.10.254
dhcp select relay
dhcp relay server-ip 192.168.60.1
#
interface Vlanif20
ip address 192.168.20.2 255.255.255.0
vrrp vrid 20 virtual-ip 192.168.20.254
dhcp select relay
dhcp relay server-ip 192.168.60.1
#
interface Vlanif30
ip address 192.168.30.2 255.255.255.0
vrrp vrid 30 virtual-ip 192.168.30.254
dhcp select relay
dhcp relay server-ip 192.168.60.1
#
interface Vlanif40
ip address 192.168.40.2 255.255.255.0
vrrp vrid 40 virtual-ip 192.168.40.254
vrrp vrid 40 priority 120
dhcp select relay
dhcp relay server-ip 192.168.60.1
#
interface Vlanif50
ip address 192.168.50.2 255.255.255.0
vrrp vrid 50 virtual-ip 192.168.50.254
vrrp vrid 50 priority 120
#
interface Vlanif60
ip address 192.168.60.253 255.255.255.0
vrrp vrid 60 virtual-ip 192.168.60.254
vrrp vrid 60 priority 120
#
interface Vlanif202
ip address 192.168.202.1 255.255.255.0
#
interface Eth-Trunk1
port link-type trunk
port trunk allow-pass vlan 2 to 4094
#
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 2 to 4094
#
interface GigabitEthernet0/0/2
port link-type trunk
port trunk allow-pass vlan 2 to 4094
#
interface GigabitEthernet0/0/3
port link-type trunk
port trunk allow-pass vlan 2 to 4094
#
interface GigabitEthernet0/0/4
port link-type trunk
port trunk allow-pass vlan 2 to 4094
#
interface GigabitEthernet0/0/5
port link-type access
port default vlan 202
#
interface GigabitEthernet0/0/6
port link-type trunk
port trunk allow-pass vlan 2 to 4094
#
interface GigabitEthernet0/0/7
port link-type trunk
port trunk allow-pass vlan 50 to 51
#
interface GigabitEthernet0/0/8
port link-type trunk
port trunk pvid vlan 51
port trunk allow-pass vlan 50 to 51
#
interface GigabitEthernet0/0/23
eth-trunk 1
#
interface GigabitEthernet0/0/24
eth-trunk 1
#
interface NULL0
#
ospf 1
area 0.0.0.0
network 192.168.0.0 0.0.255.255
#
ip route-static 0.0.0.0 0.0.0.0 192.168.202.2
#
port-group 1
group-member GigabitEthernet0/0/1
group-member GigabitEthernet0/0/2
group-member GigabitEthernet0/0/3
group-member GigabitEthernet0/0/4AC配置与这这篇大致相同,可参考https://blog.csdn.net/weixin_45921302/article/details/126974565?spm=1001.2014.3001.5501
LSW7
vlan batch 60
#
interface GigabitEthernet0/0/2
port link-type access
port default vlan 60
#
interface GigabitEthernet0/0/3
port link-type trunk
port trunk allow-pass vlan 2 to 4094
#
interface GigabitEthernet0/0/4
port link-type trunk
port trunk allow-pass vlan 2 to 4094DHCP服务器
dhcp enable
#
ip pool vlan10
gateway-list 192.168.10.254
network 192.168.10.0 mask 255.255.255.0
dns-list 8.8.8.8
#
ip pool vlan20
gateway-list 192.168.20.254
network 192.168.20.0 mask 255.255.255.0
dns-list 8.8.8.8
#
ip pool vlan30
gateway-list 192.168.30.254
network 192.168.30.0 mask 255.255.255.0
dns-list 8.8.8.8
#
ip pool vlan40
gateway-list 192.168.40.24
network 192.168.40.0 mask 255.255.255.0
dns-list 8.8.8.8
#
interface GigabitEthernet0/0/0
ip address 192.168.60.1 255.255.255.0
dhcp select global
#
ip route-static 0.0.0.0 0.0.0.0 192.168.60.254
AR1
Interface GigabitEthernet0/0/0
ip address 10.1.1.1 255.255.255.0
#
interface GigabitEthernet0/0/1
ip address 10.1.2.1 255.255.255.0
#
interface GigabitEthernet0/0/2
ip address 192.168.201.2 255.255.255.0
#
interface GigabitEthernet4/0/0
ip address 192.168.202.2 255.255.255.0
#
ospf 1
area 0.0.0.0
network 10.1.1.0 0.0.0.255
network 10.1.2.0 0.0.0.255
network 192.168.201.0 0.0.0.255
network 192.168.202.0 0.0.0.255
#
ip route-static 0.0.0.0 0.0.0.0 10.1.1.2
ip route-static 0.0.0.0 0.0.0.0 10.1.2.2 preference 65
AR3
interface GigabitEthernet0/0/0
ip address 10.1.1.2 255.255.255.0
#
interface GigabitEthernet0/0/1
ip address 10.1.2.2 255.255.255.0
#
interface GigabitEthernet0/0/2
ip address 20.1.1.1 255.255.255.0
#
ip route-static 30.1.1.0 255.255.255.0 20.1.1.2
ip route-static 192.168.0.0 255.255.0.0 10.1.1.1
ip route-static 192.168.0.0 255.255.0.0 10.1.2.1 preference 65AR5
#
interface GigabitEthernet0/0/0
ip address 20.1.1.2 255.255.255.0
#
interface GigabitEthernet0/0/1
ip address 30.1.1.1 255.255.255.0
#
ip route-static 192.168.0.0 255.255.0.0 20.1.1.1其他用户
?验证
有线终端获取地址
?无线终端获取地址
?有线用户访问其他用户
?无线访问有线
?
?其他用户访问有线用户
?无线不能访问财务部
?浮动路由,当有线访问其他用户,走的是10.1.1.0这条路
当宕掉10.1.1.0这条路,走的是10.1.2.0这条路
?
?
?配置实验的拓扑文件获取:链接:https://pan.baidu.com/s/1BAsJw_dsu1wUXrxlL7kOvQ?
提取码:ab12