实验拓扑

图1-1

实验需求

I.局域网中存在 Vlan10 和 Vlan20 两个业务 VLAN,IP 网段分别对应 192.168.1.0/24192.168.2.0/24

II.业务 VLAN 可以在所有链路上传输数据

SW3:

1
2
3
4
5
6
7
8
9
10
11
12
13
vlan 10 
vlan 20
vlan 100			
vlan 200			
int g 1/0/1
port link-type trunk
port tr per vlan 10 20 100 200
int g 1/0/2
port link-type trunk
port tr per vlan 10 20 100 200
int g 1/0/3
port link-type trunk
port tr per vlan 10 20 100 200

III.SW1 和 SW2 之间的直连链路上配置静态链路聚合实现链路冗余,并提高链路带宽

IV.SW3 为某接入点二层交换机,与汇聚交换机 SW1 和 SW2 运行 MSTP 来对 Vlan10 和 Vlan20 的流量进行负载分担。要求 Vlan10 的流量优先从 SW1 转发,Vlan20 的流量优先从 SW2 转发。当链路故障,SW1 和 SW2 互为备份

1
2
3
4
5
6
7
8
9
10
11
12
13
14
SW3\SW1\SW2:
stp region-configuration
 region-name h3c
 revision-level 1
 instance 1 vlan 10 
 instance 2 vlan 20 
 active region-configuration
 
 SW1:
[SW1]stp instance 1 root primary 
[SW1]stp instance 2 root secondary 
 SW2:
[SW2]stp instance 1 root secondary 
[SW2]stp instance 2 root primary

V.SW4 为另一接入点二层交换机,使用 Smart-link 对上行链路进行备份。要求 Smart-link 组 1 引用 MST 实例 1 (映射 Vlan10)的流量经过 SW1 的链路访问上行设备,而 Smart-link 组 2 引用实例 2(映射 Vlan20)的流量经过 SW2 的链路访问上行设备,组 1 和组 2 分别在 Vlan100 和 Vlan200 内发送和接收 Flush 报文。要求当 Smart-link 主链路故障恢复后,端口角色能够自动恢复

SW4:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
[SW4]int g 1/0/1
[SW4-GigabitEthernet1/0/1]undo stp en
[SW4-GigabitEthernet1/0/1]int g 1/0/2
[SW4-GigabitEthernet1/0/2]undo stp en
[SW4-smlk-group1]stp reg
[SW4-mst-region]instance 1 vlan 100
[SW4-mst-region]instance 2 vlan 200
[SW4-mst-region]act reg
[SW4-GigabitEthernet1/0/2]smart-link group 1
[SW4-smlk-group1]protected-vlan reference-instance 0 to 1
[SW4-smlk-group1]flush enable control-vlan 100
[SW4-smlk-group1]port g 1/0/1 primary 
[SW4-smlk-group1]port g 1/0/2 secondary 
[SW4-smlk-group1]preemption mode role 
[SW4-smlk-group1]smart-link g 2
[SW4-smlk-group2]protected-vlan reference-instance 2
[SW4-smlk-group2]flush enable control-vlan 200
[SW4-smlk-group2]port g 1/0/2 primary 
[SW4-smlk-group2]port g 1/0/1 secondary 
[SW4-smlk-group2]preemption mode role

SW1:

1
2
3
4
5
6
7
[SW1]int g 1/0/4
[SW1-GigabitEthernet1/0/4]undo stp en
[SW1-GigabitEthernet1/0/4]smart-link flush enable control-vlan 100 200
[SW1-GigabitEthernet1/0/4]int b  1
[SW1-Bridge-Aggregation1]smart-link flush enable control-vlan 100 200
[SW1-Bridge-Aggregation1]int g 1/0/3
[SW1-GigabitEthernet1/0/3]smart-link flush enable control-vlan 100 200

SW2:

1
2
3
4
5
6
7
8
[SW2-GigabitEthernet1/0/3] int g 1/0/4
[SW2-GigabitEthernet1/0/4]undo stp en
[SW2-GigabitEthernet1/0/4]smart-link flush enable control-vlan 100 200
[SW2-GigabitEthernet1/0/4]int b 1
[SW2-Bridge-Aggregation1]smart-link flush enable control-vlan 100 200
[SW2-Bridge-Aggregation1]int g 1/0/3
[SW2-GigabitEthernet1/0/3]smart-link flush enable control-vlan 100 200
[SW2-GigabitEthernet1/0/3]

VI.SW1 和 SW2 作为汇聚层网关,运行 VRRP,Vlan10 使用 SW1 作为 VRRP 的主网关,Vlan20 使用 SW2 作为 VRRP 的主网关。

SW1:

1
2
3
4
5
6
7
[SW1-GigabitEthernet1/0/3]int vlan 10
[SW1-Vlan-interface10]ip add 192.168.1.252 24
[SW1-Vlan-interface10]vrrp vrid 10 virtual-ip 192.168.1.254
[SW1-Vlan-interface10]vrrp vrid 10 pr 120
[SW1-Vlan-interface10]int vlan 20
[SW1-Vlan-interface20]ip add 192.168.2.252 24
[SW1-Vlan-interface20]vrrp vrid 20 vir 192.168.2.254
1
2
3
4
5
6
7
8
9
[SW1-Vlan-interface20]dis vrrp
IPv4 virtual router information:  
 Running mode : Standard
 Total number of virtual routers : 2
 Interface          VRID  State       Running Adver     Auth     Virtual
                                      pri     timer(cs) type     IP
 ---------------------------------------------------------------------
 Vlan10             10    Master      120     100       None     192.168.1.254   
 Vlan20             20    Backup      100     100       None     192.168.2.254

SW2:

1
2
3
4
5
6
[SW2-Vlan-interface10]ip add 192.168.1.253 24
[SW2-Vlan-interface10]vrrp vrid 10 virtual-ip 192.168.1.254
[SW2-Vlan-interface10]int vlan 20
[SW2-Vlan-interface20]ip add 192.168.2.253 24
[SW2-Vlan-interface20]vrrp vrid 20 vir 192.168.2.254
[SW2-Vlan-interface20]vrrp vrid 20 priority 120
1
2
3
4
5
6
7
8
9
[SW2-Vlan-interface20]dis vrrp
IPv4 virtual router information:  
 Running mode : Standard
 Total number of virtual routers : 2
 Interface          VRID  State       Running Adver     Auth     Virtual
                                      pri     timer(cs) type     IP
 ---------------------------------------------------------------------
 Vlan10             10    Backup      100     100       None     192.168.1.254   
 Vlan20             20    Master      120     100       None     192.168.2.254

VII.要求终端 PC 接入网络后,能够立即转发数据。当连接 PC 的端口收到 BPDU 后立即关闭

SW3/SW4:

1
2
3
[SW3]int g 1/0/3
[SW3-GigabitEthernet1/0/3]stp edged-port 
[SW3]stp bpdu-protection

VIII.在 SW1 上配置 SSH 服务,要求只有 Vlan10 能够远程登录 SW1,登录用户名和密码都为 runtime

1
2
3
4
5
6
7
8
9
10
11
12
13
[SW1]acl basic 2000
[SW1-acl-ipv4-basic-2000]rule per source 192.168.1.0 0.0.0.255
[SW1]ssh ser en
[SW1]user-int vty 0 4
[SW1-line-vty0-4]authentication-mode scheme 
[SW1-line-vty0-4]protocol inbound ssh
[SW1-line-vty0-4]local-user runtime
New local user added.
[SW1-luser-manage-runtime]pass sim runtime
[SW1-luser-manage-runtime]service-type ssh
[SW1-luser-manage-runtime]authorization-attribute user-role level-15
[SW1-luser-manage-runtime]qu
[SW1]ssh service acl 2000

IX.在 SW2 上配置 SNMP,要求只有 PC6 能够使用 SNMP 管理 SW2

1
2
3
4
5
6
7
8
[SW1-acl-ipv4-basic-2001]rule permit source 192.168.2.1 0.0.0.0
[SW1-acl-ipv4-basic-2001]qu
[SW1]snmp-agent sys-info version all
[SW1]snmp-agent community read 123456 acl 2001
[SW1]snmp-agent community write 654321 acl 2001
[SW1]snmp-agent target-host trap address udp-domain 192.168.2.1 params securityn
ame 123456
[SW1]