实战拓扑:
实战需求:
1、项目实战: 配置交换机之间的Trunk链路,封装方式为dot1q,不要使用DTP协议自动协商功能。
配置SW1:
interface range gigabitEthernet 0/1 – 2
switchport trunk encapsulation dot1q
switchport mode trunk
switchport nonegotiate
interface range fastEthernet 0/2 - 3
switchport trunk encapsulation dot1q
switchport mode trunk
switchport nonegotiate
配置SW2:
interface range gigabitEthernet 0/1 – 2
switchport trunk encapsulation dot1q
switchport mode trunk
switchport nonegotiate
interface range fastEthernet 0/2 - 3
switchport trunk encapsulation dot1q
switchport mode trunk
switchport nonegotiate
配置SW3:
interface range fastEthernet 0/1 - 2
switchport mode trunk
switchport nonegotiate
配置SW4:
interface range fastEthernet 0/1 - 2
switchport mode trunk
switchport nonegotiate
2、 配置SW1作为VTP Server,其它三台交换机作为VTP Client,VTP 域名为XMWS密码为ciscoccie,并打开VTP的修剪功能.
配置SW1:
Vtp mode server
Vtp domain XMWS
Vtp password ciscoccie
Vtp pruning
配置SW2:
Vtp mode client
Vtp domain XMWS
Vtp password ciscoccie
配置SW3:
Vtp mode client
Vtp domain XMWS
Vtp password ciscoccie
配置SW4:
Vtp mode client
Vtp domain XMWS
Vtp password ciscoccie
3、 在SW1上创建相关VLAN,确保其它交换机可以同步这些VLAN信息
配置SW1:
Vlan 2
Name IT
Vlan 3
Name HR
Vlan 4
Name Sales
Vlan 5
Name MK
Vlan 6
Name SW1toR1
Vlan 7
Name SW2toR2
4、 把端口分配到相应VLAN
配置SW1:
interface fastEthernet 0/1
switchport mode access
switchport access vlan 6
spanning-tree portfast
配置SW2:
interface fastEthernet 0/1
switchport mode access
switchport access vlan 7
spanning-tree portfast
配置SW3:
interface range fastEthernet 0/3– 4
switchport mode access
switchport access vlan 2
spanning-tree portfast
interface range fastEthernet 0/5 – 6
switchport mode access
switchport access vlan 3
spanning-tree portfast
配置SW4:
interface range fastEthernet 0/3– 4
switchport mode access
switchport access vlan 4
spanning-tree portfast
interface range fastEthernet 0/5 – 6
switchport mode access
switchport access vlan 5
spanning-tree portfast
5、 在SW1和SW2之间使用以太通道技术,使得SW1到SW2的带宽达到2G。
配置SW1:
interface range gigabitEthernet 0/1 – 2
channel-group 1 mode on
配置SW2:
interface range gigabitEthernet 0/1 – 2
channel-group 1 mode on
6、 确保Trunk链路只允许vlan1,2,3,4,5,6,7的流量通过.
配置SW1:
interface Port-channel1
switchport trunk allowed vlan 1-7
interface range fastEthernet 0/2 - 3
switchport trunk allowed vlan 1-7
配置SW2:
interface Port-channel1
switchport trunk allowed vlan 1-7
interface range fastEthernet 0/2 - 3
switchport trunk allowed vlan 1-7
配置SW3:
interface range fastEthernet 0/1 - 2
switchport trunk allowed vlan 1-7
配置SW4:
interface range fastEthernet 0/1 - 2
switchport trunk allowed vlan 1-7
7、 配置SW1的生成树协议STP,使得SW1成为VLAN2-VLAN3的根,SW2成为VLAN4-VLAN5的根。
配置SW1:
spanning-tree vlan 2-3 root primary
spanning-tree vlan 4-5 root secondary
配置SW2:
spanning-tree vlan 4-5 root primary
spanning-tree vlan 2-3 root secondary
8、 启用SW1和SW2路由功能,创建每个VLAN的SVI三层接口,并配置IP地址.
配置SW1:
Hostname SW1
启用路由功能
Ip routing
配置SVI接口
Interface vlan 2
Ip address 10.1.2.252 255.255.255.0
No shut
Interface vlan 3
Ip address 10.1.3.252 255.255.255.0
No shut
Interface vlan 4
Ip address 10.1.4.252 255.255.255.0
No shut
Interface vlan 5
Ip address 10.1.5.252 255.255.255.0
No shut
Interface vlan 6
Ip address 10.1.6.254 255.255.255.252
No shut
配置SW2:
Hostname SW2
启用路由功能
Ip routing
配置SVI接口
Interface vlan 2
Ip address 10.1.2.253 255.255.255.0
No shut
Interface vlan 3
Ip address 10.1.3.253 255.255.255.0
No shut
Interface vlan 4
Ip address 10.1.4.253 255.255.255.0
No shut
Interface vlan 5
Ip address 10.1.5.253 255.255.255.0
No shut
Interface vlan 7
Ip address 10.1.7.254 255.255.255.252
No shut
9、 网关冗余技术:在SW1和SW2上配置热备份路由协议HSRP,针对vlan2和vlan3 ,SW1担当active的角色,而SW2担当Standby的角色,虚拟IP地址分别为10.1.2.254和10.1.3.254;针对vlan4和vlan5 ,SW2担当active的角色,而SW1担当Standby的角色,虚拟IP地址分别为10.1.4.254和10.1.5.254;
配置SW1:
Interface vlan 2
Ip address 10.1.2.252 255.255.255.0
standby 2 ip 10.1.2.254
standby 2 priority 110
standby 2 preempt
Interface vlan 3
Ip address 10.1.3.252 255.255.255.0
standby 3 ip 10.1.3.254
standby 3 priority 110
standby 3preempt
Interface vlan 4
Ip address 10.1.4.252 255.255.255.0
standby 4 ip 10.1.4.254
standby 4 priority 105
standby 4 preempt
Interface vlan 5
Ip address 10.1.5.252 255.255.255.0
standby 5 ip 10.1.5.254
standby 5 priority 105
standby 5preempt
配置SW2:
Interface vlan 2
Ip address 10.1.2.253 255.255.255.0
standby 2 ip 10.1.2.254
standby 2 priority 105
standby 2 preempt
Interface vlan 3
Ip address 10.1.3.253 255.255.255.0
standby 3 ip 10.1.3.254
standby 3 priority 105
standby 3preempt
Interface vlan 4
Ip address 10.1.4.253 255.255.255.0
standby 4 ip 10.1.4.254
standby 4 priority 110
standby 4 preempt
Interface vlan 5
Ip address 10.1.5.253 255.255.255.0
standby 5 ip 10.1.5.254
standby 5 priority 110
standby 5preempt
10、 配置R1和R2连接到Internet,使得VLAN2-5的主机可以访问internet,请使用PAT端口地址转换技术。
配置R1:
Hostname R1
Username cisco secret cisco
Enable secret cisco
Line vty 0 15
Login local
Line con 0
Login local
配置接口IP和启用接口
Interface F0/1
Ip address 10.1.6.253 255.255.255.252
No shut
Interface F0/0
Ip address 202.101.1.1 255.255.255.248
No shut
配置ACL,定义允许地址转换流量,请使用扩展的ACL
ip access-list extended nat
permit ip 10.1.2.0 0.0.0.255 any
permit ip 10.1.3.0 0.0.0.255 any
permit ip 10.1.4.0 0.0.0.255 any
permit ip 10.1.5.0 0.0.0.255 any
permit ip 10.1.6.0 0.0.0.255 any
permit ip 10.1.1.0 0.0.0.255 any
关联ACL和接口
ip nat inside source list nat interface FastEthernet0/0 overload
指定Inside,Outside接口
interface F0/0
ip nat outside
interface F0/1
ip nat inside
配置R1到internet的默认路由
Ip route 0.0.0.0 0.0.0.0 202.101.1.6
配置到内网每个VLAN的静态路由
Ip route 10.1.2.0 255.255.255.0 10.1.6.254
Ip route 10.1.3.0 255.255.255.0 10.1.6.254
Ip route 10.1.4.0 255.255.255.0 10.1.6.254
Ip route 10.1.5.0 255.255.255.0 10.1.6.254
Ip route 10.1.1.0 255.255.255.0 10.1.6.254
配置三层交换机SW1到Internet的默认路由
Ip route 0.0.0.0 0.0.0.0 10.1.6.253
配置R2:
Hostname R2
Username cisco secret cisco
Enable secret cisco
Line vty 0 15
Login local
Line con 0
Login local
配置接口IP和启用接口
Interface F0/1
Ip address 10.1.7.253 255.255.255.252
No shut
Interface F0/0
Ip address 202.100.1.1 255.255.255.248
No shut
配置ACL,定义允许地址转换流量,请使用扩展的ACL
ip access-list extended nat
permit ip 10.1.2.0 0.0.0.255 any
permit ip 10.1.3.0 0.0.0.255 any
permit ip 10.1.4.0 0.0.0.255 any
permit ip 10.1.5.0 0.0.0.255 any
permit ip 10.1.7.0 0.0.0.255 any
permit ip 10.1.1.0 0.0.0.255 any
关联ACL和接口
ip nat inside source list nat interface FastEthernet0/0 overload
指定Inside,Outside接口
interface F0/0
ip nat outside
interface F0/1
ip nat inside
配置R2到internet的默认路由
Ip route 0.0.0.0 0.0.0.0 202.101.1.6
配置到内网每个VLAN的静态路由
Ip route 10.1.2.0 255.255.255.0 10.1.7.254
Ip route 10.1.3.0 255.255.255.0 10.1.7.254
Ip route 10.1.4.0 255.255.255.0 10.1.7.254
Ip route 10.1.5.0 255.255.255.0 10.1.7.254
Ip route 10.1.1.0 255.255.255.0 10.1.7.254
配置三层交换机SW2到Internet的默认路由
Ip route 0.0.0.0 0.0.0.0 10.1.7.253
11、 通过配置,当SW1使用默认路由(下一跳为10.1.6.253)通过R1无法到达Internet时,默认路由下一跳可以自动切换到SW2(10.1.2.253),进而通过SW2到达Internet.
配置SW1:
ip sla 202
icmp-echo 202.101.1.6 source-ip 10.1.6.254
frequency 30
ip sla schedule 202 life forever start-time now
track 202 ip sla 202 reachability
Ip route 0.0.0.0 0.0.0.0 10.1.6.253 track 202
Ip route 0.0.0.0 0.0.0.0 10.1.2.253 10
12、 通过配置,当SW2使用默认路由(下一跳为10.1.7.253)通过R2无法到达Internet时,默认路由下一跳可以自动切换到SW1(10.1.2.252),进而通过SW1到达Internet.
配置SW2:
ip sla 100
icmp-echo 202.100.1.6 source-ip 10.1.7.254
frequency 30
ip sla schedule 100 life forever start-time now
track 100 ip sla 100 reachability
Ip route 0.0.0.0 0.0.0.0 10.1.7.253 track 100
Ip route 0.0.0.0 0.0.0.0 10.1.2.252 10
13、 配置每台交换机管理VLAN1的IP地址,确保可以通过telnet来管理。
配置SW1:
Interface vlan 1
Ip address 10.1.1.1 255.255.255.0
No shutdown
Ip default-gateway 10.1.1.254
配置SW2:
配置SW2:
Interface vlan 1
Ip address 10.1.1.2 255.255.255.0
No shutdown
Ip default-gateway 10.1.1.254
配置SW3:
Interface vlan 1
Ip address 10.1.1.3 255.255.255.0
No shutdown
Ip default-gateway 10.1.1.254
配置SW4:
Interface vlan 1
Ip address 10.1.1.4 255.255.255.0
No shutdown
Ip default-gateway 10.1.1.254
配置远程管理每台交换机所需的用户和密码,enable密码
Username cisco secret cisco
Enable secret cisco
Line vty 0 15
Login local
Line con 0
Login local
14、 保存每台设备配置到NVRAM,并使用copy star tftp把每台设备的配置备份到你的电脑。
Ø 保存配置命令: copy run star 或Write memory.
Ø 确保你的电脑上打开TFTP SERVER的功能,可安装cisco tftp或tftp32之类的TFTP服务器端软件.
Ø copy star tftp确保备份成功.
**粗体** _斜体_ [链接](http://example.com) `代码` - 列表 > 引用。你还可以使用@来通知其他用户。