Network three-tier architecture experiment

Network three-tier architecture experiment

Experimental topology

Experimental requirements

①ISP public address with loopback
;
②Intranet IP address 172.16.0.0/16, reasonably allocated; ③SW1 and SW2 are mutual backup;
④VLAN/Eth-Trunk/STP/SVI/VRRP technologies are used; ⑤All
PCs are used Obtain IP address automatically through DHCP;
⑥PC1/3 is in Vlan1, PC2/4 is in Vlan2.

Network segmentation

Configuration ideas

Exchange part: Eth-Trunk Vlan Access and Trunk MSTP SVI VRRP
routing part: IP OSPF default NAT

Specific placement

Exchange part

（1）配置Eth-Trunk：
【SW3】【SW4】
int eth-trunk 0
int g0/0/1
eth-trunk 0
int g0/0/10
eth-trunk 0

(2) Configure Vlan:
[SW1] [SW2] [SW3] [SW4]
vlan 2

（3）配置Access与Trunk：
【SW1】【SW2】
port-group group-member g0/0/1 g0/0/2
port link-type trunk
port trunk allow-pass vlan 2
int e0/0/1
port link-type access
port default vlan 1
int e0/0/2
port link-type access
port default vlan 2
【SW3】【SW4】
int eth-trunk 0
port link-type trunk
port trunk allow-pass vlan 2
port-group group-member g0/0/2 g0/0/11
port link-type trunk
port trunk allow-pass vlan 2

(4) Configure MSTP:
[SW1][SW2][SW3][SW4]
stp mode mstp
stp region-configuration
region-name a
instance 1 vlan 1
instance 2 vlan 2
active region-configuration //Activate
[SW3]
stp instance 1 root primary //SW3 is in group 1 as primary root
stp instance 2 root secondary //SW3 is in group 2 as standby
port-group group-member e0/0/1 e0/0/2
stp edged-port enable //Enable STP edge interface
[SW4]
stp instance 2 root primary //SW4 acts as the primary root in group 2
stp instance 1 root secondary //SW4 acts as the backup
port-group group-member e0/0/1 e0/0/2
stp edged-port enable

（5 配置 配置 SVI ：
【SW3】
int vlanif1
ip ad 172.16.1.254 24
int vlanif2
ip ad 172.16.2.254 24
【SW4】
int vlanif1
ip ad 172.16.1.253 24
int vlanif2
ip ad 172.16.2.253 24

（6）配置VRRP：
【SW3】
int vlanif1
vrrp vrid 1 virtual-ip 172.16.1.100
vrrp vrid 1 priority 101
vrrp vrid 1 track int g0/0/3 reduce 11
int vlanif2
vrrp vrid 2 virtual-ip 172.16.2.100
【SW4】
int vlanif2
vrrp vrid 2 virtual-ip 172.16.2.100
vrrp vrid 2 priority 101
vrrp vrid 2 track int g0/0/3 reduce 11
int vlanif1
vrrp vrid 1 virtual-ip 172.16.1.100

Routing part

（1）配置DHCP：
【SW3】【SW4】
dhcp enable
ip pool v1
network 172.16.1.0 mask 24
gateway-list 172.16.1.100
dns-list 8.8.8.8
ip pool v2
network 172.16.2.0 mask 24
gateway-list 172.16.2.100
dns-list 8.8.8.8
int vlanif1
dhcp select global
int vlanif2
dhcp select global

(2) Configure backbone IP:
The Layer 3 interface of the switch of the Huawei simulator cannot be configured with an IP address, so SVI can only be used.

【SW3】
vlan 3
int vlanif3
ip ad 172.16.0.1 30
int g0/0/3
port link-type access
port default vlan 3
【SW4】
vlan 3
int vlanif3
ip ad 172.16.0.5 30
int g0/0/3
port link-type access
port default vlan3
【R1】
int g0/0/0
ip ad 172.16.0.2 30
int g0/0/1
ip ad 172.16.0.6 30

(3) Configure OSPF:
[R1]
ospf 1 router-id 1.1.1.1
area 0
network 172.16.0.0 0.0.0.255
[SW3]
ospf 1 router-id 2.2.2.2
area 0
network 172.16.0.0 0.0.255.255
q
silent-interface vlanif2 //Silent interface avoids the transmission of keep-alive packets on different VLAN links in the chain
silent-interface g0/0/2 // Silence the user-side interface to prevent the access layer from receiving keep-alive packets
silent-interface g0/0/11 // Silence the client interface to prevent the access layer from receiving keep-alive packets
[SW4]
ospf 1 router-id 3.3.3.3
area 0
network 172.16.0.0 0.0.255.255
q
silent-interface vlanif2
silent-interface g0/0/2
silent-interface g0/0/11

(4) Configure the defaults of ISP and border devices:
[ISP]
int g0/0/0
ip ad 12.1.1.2 30
int lo 0
ip ad 1.1.1.1 24
[R1]
int g0/0/2
ip ad 12.1.1.1 30
q
ip route-static 0.0.0.0 0.0.0.0 12.1.1.2
ospf 1
default-route-advertise always //Decentralize the default route

（5）NAT配置：
【R1】
acl 2000
rule permit source 172.16.0.0 0.0.255.255
int g0/0/2
nat outbound 2000

Result test

PC1ping -t 1.1.1.1, cut off SW3 midway, restore the path after a period of time, and route tracking can also prove: So

far, the experiment is complete!