admin 管理员组

文章数量: 887039

#1

##实验 1-5 配置三层交换
学习目标
 掌握通过三层交换机实现VLAN间通信的配置方法
 掌握通过以太网Trunk链路实现VLAN间通信的配置方法
 掌握在不同VLAN间配置动态路由协议OSPF的方法

场景
在企业网络中,通过使用三层交换机可以简便的实现VLAN间通信。作为企
业的网络管理员,您需要在三层交换机配置VLANIF接口的三层功能,使得如上所示拓扑图中的网络能够实现VLAN间通信。此外,为了使S1和S2所连接的不同网络能够进行三层通信,还需要配置路由协议。
操作步骤
步骤一. 实验环境准备
如果本任务中您使用的是空配置设备,需要从步骤1开始,然后跳过步骤2。
system-view
Enter system view, return user view with Ctrl+Z.
[Huawei]sysname R1
[R1]interface GigabitEthernet 0/0/1
[R1-GigabitEthernet0/0/1]ip address 10.0.4.1 24
system-view
Enter system view, return user view with Ctrl+Z.
[Huawei]sysname R3
system-view
[Quidway]sysname S1
[S1]interface Eth-Trunk 1
[S1-Eth-Trunk1]mode lacp-static
[S1-Eth-Trunk1]port link-type trunk
[S1-Eth-Trunk1]port trunk allow-pass vlan all
[S1-Eth-Trunk1]quit
[S1]interface GigabitEthernet 0/0/9
[S1-GigabitEthernet0/0/9]eth-trunk 1
[S1-GigabitEthernet0/0/9]interface GigabitEthernet 0/0/10
[S1-GigabitEthernet0/0/10]eth-trunk 1
system-view
[Quidway]sysname S2
[S2]interface Eth-Trunk 1
[S2-Eth-Trunk1]mode lacp-static
[S2-Eth-Trunk1]port link-type trunk
[S2-Eth-Trunk1]port trunk allow-pass vlan all
[S2-Eth-Trunk1]quit
[S2]interface GigabitEthernet 0/0/9
[S2-GigabitEthernet0/0/9]eth-trunk 1
[S2-GigabitEthernet0/0/9]interface GigabitEthernet 0/0/10
[S2-GigabitEthernet0/0/10]eth-trunk 1
system-view
[Quidway]sysname S3
[S3]interface Ethernet 0/0/7
[S3-Ethernet0/0/7]shutdown
system-view
[Quidway]sysname S4
[S4]interface Ethernet 0/0/14
[S4-Ethernet0/0/14]shutdown
步骤二. 清除设备上原有的配置
清除设备上的VLAN路由和子接口配置。
[R1]undo ip route-static 0.0.0.0 0
[R2]undo interface GigabitEthernet 0/0/1.1
[R2]undo interface GigabitEthernet 0/0/1.3
[R3]interface GigabitEthernet 0/0/1
[R3-GigabitEthernet0/0/1]undo ip address
[R3-GigabitEthernet0/0/1]quit
[R3]undo ip route-static 0.0.0.0 0
[S1]undo vlan batch 4 8
[S1]interface GigabitEthernet 0/0/2
[S1-GigabitEthernet0/0/2]undo port trunk allow-pass vlan 4 8
[S1-GigabitEthernet0/0/2]quit
[S1]interface GigabitEthernet 0/0/13
[S1-GigabitEthernet0/0/13]undo shutdown
[S2]interface GigabitEthernet0/0/6
[S2-GigabitEthernet0/0/6]undo shutdown
重新打开S1和S2间的Eth-Trunk接口。
[S1]interface Eth-Trunk 1
[S1-Eth-Trunk1]undo shutdown
[S2]interface Eth-Trunk 1
[S2-Eth-Trunk1]undo shutdown
步骤三. 在 S1 和 S2 批量创建 VLAN 3 到 VLAN 7
[S1]vlan batch 3 to 7
[S2]vlan batch 3 to 7
确认VLAN已成功创建。
[S1]display vlan
[S2]display vlan
步骤四. 配置 Eth-Trunk 链路
将S1上的G0/0/1和0/0/13端口分别加入VLAN 4和VLAN 3。将S2上的
G0/0/3和G0/0/24端口分别加入VLAN 6和VLAN 7。
[S1]interface Eth-Trunk 1
[S1-Eth-Trunk1]port trunk pvid vlan 5
[S1-Eth-Trunk1]quit
[S1]interface GigabitEthernet 0/0/1
[S1-GigabitEthernet0/0/1]port link-type access
[S1-GigabitEthernet0/0/1]port default vlan 4
[S1-GigabitEthernet0/0/1]quit
[S1]interface GigabitEthernet 0/0/13
[S1-GigabitEthernet0/0/13]port link-type access
[S1-GigabitEthernet0/0/13]port default vlan 3
[S2]interface Eth-Trunk 1
[S2-Eth-Trunk1]port trunk pvid vlan 5
[S2-Eth-Trunk1]quit
[S2]interface GigabitEthernet 0/0/3
[S2-GigabitEthernet0/0/3]port link-type access
[S2-GigabitEthernet0/0/3]port default vlan 6
[S2-GigabitEthernet0/0/3]quit
[S2]interface GigabitEthernet 0/0/6
[S2-GigabitEthernet0/0/6]port link-type access
[S2-GigabitEthernet0/0/6]port default vlan 7
配置完成后,执行display vlan命令查看VLAN以及成员端口信息。
步骤五. 配置 VLANIF 三层接口
分别为S1上的VLANIF 3、VLANIF 4和VLANIF 5以及S2上的VLANIF 5、
VLANIF 6和VLANIF 7配置IP地址。
[S1]interface Vlanif 3
[S1-Vlanif3]ip address 10.0.3.254 24
[S1-Vlanif3]interface Vlanif 4
[S1-Vlanif4]ip address 10.0.4.254 24
[S1-Vlanif4]interface Vlanif 5
[S1-Vlanif5]ip address 10.0.5.1 24
[S2]interface Vlanif 5
[S2-Vlanif5]ip address 10.0.5.2 24
[S2-Vlanif5]interface Vlanif 6
[S2-Vlanif6]ip address 10.0.6.254 24
[S2-Vlanif6]interface Vlanif 7
[S2-Vlanif7]ip address 10.0.7.254 24
步骤六. 为 R1、R3、S3 和 S4 配置 IP 地址和缺省路由
本实验中,R1、R3、S3和S4模拟客户端主机,四台设备都需要配置一个用
户IP地址,其中S3和S4使用VLANIF 1接口配置IP地址,然后将S3的E0/0/13端
口和S4的E0/0/6端口加入到VLAN 1中。R1的地址应配置为10.0.4.1/24。最后
为每台设备配置一条缺省静态路由指向网关。
[R1]ip route-static 0.0.0.0 0.0.0.0 10.0.4.254
[S3]interface Vlanif 1
[S3-Vlanif1]ip address 10.0.3.3 24
[S3-Vlanif1]quit
[S3]ip route-static 0.0.0.0 0.0.0.0 10.0.3.254
[R3]interface GigabitEthernet 0/0/2
[R3-GigabitEthernet0/0/2]ip address 10.0.6.3 24
[R3-GigabitEthernet0/0/2]quit
[R3]ip route-static 0.0.0.0 0.0.0.0 10.0.6.254
[S4]interface Vlanif 1
[S4-Vlanif1]ip address 10.0.7.4 24
[S4]interface Vlanif 1
[S4-Vlanif1]ip address 10.0.7.4 24
检测R1和R3之间的连通性。
ping 10.0.6.3
回显信息表明R1和R3无法互相通信。执行tracert命令,查找通信失败的原
因。
[R1]tracert 10.0.6.3
由显示信息可以看出,R1向目的地址10.0.6.3发送了数据报文,但是数据报
文仅能到达地址为10.0.4.254的网关设备。
在网关设备S1上查看是否拥有到达目的网络的路由条目。
[S1]display ip routing-table
由显示信息可以看出,R1向目的地址10.0.6.3发送了数据报文,但是数据报
文仅能到达地址为10.0.4.254的网关设备。
在网关设备S1上查看是否拥有到达目的网络的路由条目。
[S1]display ip routing-table
由显示信息可以看出,由于网段10.0.6.0/24并非S1直连网段,且S1上也并
未配置任何静态路由或用动态路由协议获取该网段路由信息,因而S1没有通往该网段的路由条目,S1就无法将数据包正确转发到该网段。
步骤八. 在 S1 和 S2 上配置 OSPF 协议
[S1]ospf
[S1-ospf-1]area 0
[S1-ospf-1-area-0.0.0.0]network 10.0.0.0 0.255.255.255
[S2]ospf
[S2-ospf-1]area 0
[S2-ospf-1-area-0.0.0.0]network 10.0.0.0 0.255.255.255
配置完成后,待OSPF收敛完成,再查看S1的路由表。
[S1]display ip routing-table
可以观察到S1已经通过OSPF学习到了10.0.6.0/24和10.0.7.0/24这两条路
由。再次检测R1和R3间的连通性。
[R1]ping 10.0.6.3
配置文件
[R1]display current-configuration
[V200R007C00SPC600]

sysname R1

interface GigabitEthernet0/0/1
ip address 10.0.4.1 255.255.255.0

ip route-static 0.0.0.0 0.0.0.0 10.0.4.254

user-interface con 0
authentication-mode password
set authentication password cipher % % dD#}P<HzJ;Xs%X>hOkm!,.+Iq61QKK6t I}cc-;k_oC.+L,% %
user-interface vty 0 4

return
[S1]display current-configuration

!Software Version V200R008C00SPC500
sysname S1

vlan batch 3 to 7

interface Vlanif3
ip address 10.0.3.254 255.255.255.0

interface Vlanif4
ip address 10.0.4.254 255.255.255.0
interface Vlanif5
ip address 10.0.5.1 255.255.255.0

interface Eth-Trunk1
port link-type trunk
port trunk allow-pass vlan 2 to 4094
mode lacp

interface GigabitEthernet0/0/1
port link-type access
port default vlan 4

interface GigabitEthernet0/0/9
eth-trunk 1
lacp priority 100
undo negotiation auto
speed 100

interface GigabitEthernet0/0/10
eth-trunk 1
lacp priority 100
undo negotiation auto
speed 100

interface GigabitEthernet0/0/13
port link-type access
port default vlan 3

ospf 1
area 0.0.0.0
network 10.0.0.0 0.255.255.255

user-interface con 0
user-interface vty 0 4

return
[S2]display current-configuration

!Software Version V200R008C00SPC500
sysname S2

vlan batch 3 to 7

interface Vlanif5
ip address 10.0.5.2 255.255.255.0

interface Vlanif6
ip address 10.0.6.254 255.255.255.0

interface Vlanif7
ip address 10.0.7.254 255.255.255.0

interface Eth-Trunk1
port link-type trunk
port trunk allow-pass vlan 2 to 4094
mode lacp

interface GigabitEthernet0/0/3
port link-type access
port default vlan 6

interface GigabitEthernet0/0/6
port link-type access
port default vlan 7

interface GigabitEthernet0/0/9
eth-trunk 1
undo negotiation auto
speed 100

interface GigabitEthernet0/0/10
eth-trunk 1
undo negotiation auto
speed 100

ospf 1
area 0.0.0.0
network 10.0.0.0 0.255.255.255

user-interface con 0
user-interface vty 0 4

return
[S3]display current-configuration

!Software Version V100R006C05
sysname S3

interface Vlanif1
ip address 10.0.3.3 255.255.255.0

interface Ethernet0/0/7
shutdown

ip route-static 0.0.0.0 0.0.0.0 10.0.3.254

user-interface con 0
user-interface vty 0 4

return
[S4]display current-configuration

!Software Version V100R006C05
sysname S4

undo http server enable

drop illegal-mac alarm

aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password simple admin
local-user admin service-type http

interface Vlanif1
ip address 10.0.7.4 255.255.255.0

interface Ethernet0/0/14
shutdown

ip route-static 0.0.0.0 0.0.0.0 10.0.7.254

user-interface con 0
user-interface vty 0 4

return

本文标签: 1