# 项目实战 - 内网优化 ![image-20240903154304067](https://picgo-noriu.oss-cn-beijing.aliyuncs.com/Images/image-20240903154304067.png) - **需求** - 所有部门中都使用了网关冗余技术,为了增强网关稳定性和冗余性 - 交换机之间存在很多冗余链路,必须防止环路的发生,并且能够提高链路的利用率,要求每个部门的主机访问其他主机时,使用的都是最优的转发路径 - VLAN30的主机通过SW6与DHCP服务器通信,获取IP地址,所以SW6也是DHCP中继 ### 一、IP、VLAN、Routing - **PC** - **SW1** ``` [SW1]vlan 10 [SW1-vlan10]quit [SW1]int g0/0/1 [SW1-GigabitEthernet0/0/1]port link-type access [SW1-GigabitEthernet0/0/1]port default vlan 10 [SW1-GigabitEthernet0/0/1]quit [SW1]port-group group-member g0/0/2 g0/0/3 [SW1-port-group]port link-type trunk [SW1-port-group]port trunk allow-pass vlan all ``` - **SW2** ``` [SW2]vlan 20 [SW2-vlan20]quit [SW2]int g0/0/1 [SW2-GigabitEthernet0/0/1]port link-type access [SW2-GigabitEthernet0/0/1]port default vlan 20 [SW2-GigabitEthernet0/0/1]quit [SW2]port-group group-member g0/0/2 g0/0/3 [SW2-port-group]port link-type trunk [SW2-port-group]port trunk allow-pass vlan all ``` - **SW3** ``` [SW3]vlan 30 [SW3-vlan30]quit [SW3]int g0/0/1 [SW3-GigabitEthernet0/0/1]port link-type access [SW3-GigabitEthernet0/0/1]port default vlan 30 [SW3-GigabitEthernet0/0/1]quit [SW3]port-group group-member g0/0/2 g0/0/3 [SW3-port-group]port link-type trunk [SW3-port-group]port trunk allow-pass vlan all ``` - **SW5** ``` [SW5]vlan batch 10 20 30 50 [SW5]port-group group-member g0/0/1 to g0/0/3 g0/0/6 [SW5-port-group]port link-type trunk [SW5-port-group]port trunk allow-pass vlan all [SW5-port-group]quit [SW5]int g0/0/5 [SW5-GigabitEthernet0/0/5]port link-type access [SW5-GigabitEthernet0/0/5]port default vlan 50 [SW5-GigabitEthernet0/0/5]quit [SW5]int Vlanif 50 [SW5-Vlanif50]ip add 192.168.50.251 24 [SW5-Vlanif50]int Vlanif 10 [SW5-Vlanif10]ip add 192.168.10.251 24 [SW5-Vlanif10]int Vlanif 20 [SW5-Vlanif20]ip add 192.168.20.251 24 [SW5-Vlanif20]int Vlanif 30 [SW5-Vlanif30]ip add 192.168.30.251 24 ``` - **SW6** ``` [SW6]vlan batch 10 20 30 50 [SW6]port-group group-member g0/0/1 to g0/0/3 g0/0/6 [SW6-port-group]port link-type trunk [SW6-port-group]port trunk allow-pass vlan all [SW6-port-group]quit [SW6]int Vlanif 10 [SW6-Vlanif10]ip add 192.168.10.252 24 [SW6-Vlanif10]int Vlanif 20 [SW6-Vlanif20]ip add 192.168.20.252 24 [SW6-Vlanif20]int Vlanif 30 [SW6-Vlanif30]ip add 192.168.30.252 24 [SW6-Vlanif30]int Vlanif 50 [SW6-Vlanif50]ip add 192.168.50.252 24 ``` - **AR3 - DHCP** ``` [AR3-DHCP]int g0/0/0 [AR3-DHCP-GigabitEthernet0/0/0]ip add 192.168.50.1 24 [AR3-DHCP-GigabitEthernet0/0/0]quit [AR3-DHCP]ip route-static 0.0.0.0 0 192.168.50.251 ``` ### 二、VRRP - **SW5** ``` [SW5]int Vlanif 10 [SW5-Vlanif10]vrrp vrid 10 virtual-ip 192.168.10.254 [SW5-Vlanif10]vrrp vrid 10 priority 130 [SW5-Vlanif10]quit [SW5]int Vlanif 20 [SW5-Vlanif20]vrrp vrid 20 virtual-ip 192.168.20.254 [SW5-Vlanif20]vrrp vrid 20 priority 130 [SW5-Vlanif20]quit [SW5]int Vlanif 30 [SW5-Vlanif30]vrrp vrid 30 virtual-ip 192.168.30.254 ``` - **SW6** ``` [SW6]int Vlanif 10 [SW6-Vlanif10]vrrp vrid 10 virtual-ip 192.168.10.254 [SW6-Vlanif10]int Vlanif 20 [SW6-Vlanif20]vrrp vrid 20 virtual-ip 192.168.20.254 [SW6-Vlanif20]int Vlanif 30 [SW6-Vlanif30]vrrp vrid 30 virtual-ip 192.168.30.254 [SW6-Vlanif30]vrrp vrid 30 priority 130 ``` ### 三、MSTP - **SW1/SW2/SW3/SW5/SW6 统一配置MSTP** ``` [SW1]stp region-configuration [SW1-mst-region]region-name ntd2407 [SW1-mst-region]instance 5 vlan 50 [SW1-mst-region]instance 10 vlan 10 [SW1-mst-region]instance 20 vlan 20 [SW1-mst-region]instance 30 vlan 30 [SW1-mst-region]active region-configuration ``` - **HX_SW5是实例10和实例20的主根** ``` [SW5]stp instance 5 priority 8192 [SW5]stp instance 10 priority 4096 [SW5]stp instance 20 priority 4096 [SW5]stp instance 30 priority 8192 ``` - **HX_SW6是实例30和实例5的主根** ``` [SW5]stp instance 5 priority 8192 [SW6]stp instance 10 priority 8192 [SW6]stp instance 20 priority 8192 [SW6]stp instance 30 priority 4096 ``` ### 四、DHCP - **AR3 - DHCP** ``` [AR3-DHCP]dhcp enable [AR3-DHCP]ip pool vlan10 [AR3-DHCP-ip-pool-vlan10]network 192.168.10.0 mask 24 [AR3-DHCP-ip-pool-vlan10]gateway-list 192.168.10.254 [AR3-DHCP-ip-pool-vlan10]dns-list 8.8.8.8 [AR3-DHCP-ip-pool-vlan10]quit [AR3-DHCP]ip pool vlan20 [AR3-DHCP-ip-pool-vlan20]network 192.168.20.0 mask 24 [AR3-DHCP-ip-pool-vlan20]gateway-list 192.168.20.254 [AR3-DHCP-ip-pool-vlan20]dns-list 8.8.8.8 [AR3-DHCP-ip-pool-vlan20]quit [AR3-DHCP]ip pool vlan30 [AR3-DHCP-ip-pool-vlan30]network 192.168.30.0 mask 24 [AR3-DHCP-ip-pool-vlan30]gateway-list 192.168.30.254 [AR3-DHCP-ip-pool-vlan30]dns-list 8.8.8.8 [AR3-DHCP-ip-pool-vlan30]quit [AR3-DHCP]int g0/0/1 [AR3-DHCP-GigabitEthernet0/0/1]dhcp select global ``` - **SW5 - DHCP中继** ``` [SW5]dhcp enable [SW5]int Vlanif 10 [SW5-Vlanif10]dhcp select relay [SW5-Vlanif10]dhcp relay server-ip 192.168.50.1 [SW5-Vlanif10]int Vlanif 20 [SW5-Vlanif20]dhcp select relay [SW5-Vlanif20]dhcp relay server-ip 192.168.50.1 [SW5-Vlanif20]int Vlanif 30 [SW5-Vlanif30]dhcp select relay [SW5-Vlanif30]dhcp relay server-ip 192.168.50.1 ``` - **SW6 - DHCP中继** ``` [SW6]dhcp enable [SW6]int Vlanif 10 [SW6-Vlanif10]dhcp select relay [SW6-Vlanif10]dhcp relay server-ip 192.168.50.1 [SW6-Vlanif10]int Vlanif 20 [SW6-Vlanif20]dhcp select relay [SW6-Vlanif20]dhcp relay server-ip 192.168.50.1 [SW6-Vlanif20]int Vlanif 30 [SW6-Vlanif30]dhcp select relay [SW6-Vlanif30]dhcp relay server-ip 192.168.50.1 ``` ### 五、验证 - 所有PC都可以通过dhcp获取IP地址 - 所有PC都可以互联互通