HCIP three-layer architecture experiment

1. Topology construction

2. IP Planning

公网地址设为12.1.1.0/24 网段环回设为1.1.1.1
使用172.16.1.0/24给交换机划分网段
在sw1中使用172.16.1.1/25和172.1.129/25
在sw2中使用172.16.1.2/25和172.1.130/25
使用172.16.0.0/30给上方左侧路由干道划分网段
使用172.16.0.4/30给上方右侧侧路由干道划分网段

3. Experimental steps

3.1 Set up Eth-Trunk

Set up Eth-Trunk trunks under sw1 and sw2
First create trunks in administrator mode
and then enter the interface to set trunks

[sw1]interface Eth-Trunk 0
[sw1]interface g0/0/1
[sw1]-GigabitEthernet0/0/1]eth-trunk 0
[sw1]-GigabitEthernet0/0/1]int g0/0/2
[sw1]-GigabitEthernet0/0/2]eth-trunk 0

[sw2]interface Eth-Trunk 0
[sw2]interface g0/0/1
[sw2]-GigabitEthernet0/0/1]eth-trunk 0
[sw2]-GigabitEthernet0/0/1]int g0/0/2
[sw2]-GigabitEthernet0/0/2]eth-trunk 0

3.2 Set the trunk road

On the Layer 3 switch sw1

[sw1]port-group group-member Ethernet0/0/4 to Ethernet 0/0/5 Eth-Trunk 0
[sw1]-port-group]port link-type trunk 
[sw1]-Ethernet0/0/4]port link-type trunk //系统提示
[sw1]-Ethernet0/0/5]port link-type trunk //系统提示
[sw1]-port-group]port trunk allow-pass vlan 2 to 3
[sw1-Ethernet0/0/4]port trunk allow-pass vlan 2 to 3
[sw1-Ethernet0/0/5]port trunk allow-pass vlan 2 to 3//系统提示说明配置成功

On the Layer 3 switch sw2

[sw2]port-group group-member Ethernet0/0/4 to Ethernet 0/0/5 Eth-Trunk 0
[sw2]-port-group]port link-type trunk 
[sw2]-Ethernet0/0/4]port link-type trunk //系统提示
[sw2]-Ethernet0/0/5]port link-type trunk //系统提示
[sw2]-port-group]port trunk allow-pass vlan 2 to 3
[sw2-Ethernet0/0/4]port trunk allow-pass vlan 2 to 3
[sw2-Ethernet0/0/5]port trunk allow-pass vlan 2 to 3//系统提示说明配置成功

On the layer 2 switch sw3

[sw3]port-group group-member Ethernet 0/0/1 to Ethernet 0/0/2 
[sw3]-port-group]port link-type trunk 
[sw3]-Ethernet0/0/1]port link-type trunk //系统提示
[sw3]-Ethernet0/0/2]port link-type trunk //系统提示说明配置成功
[sw3]-port-group]port trunk allow-pass vlan 2
[sw3-Ethernet0/0/1]port trunk allow-pass vlan 2
[sw3-Ethernet0/0/2]port trunk allow-pass vlan 2//系统提示说明配置成功

On the layer 2 switch sw4

[sw4]port-group group-member Ethernet 0/0/1 to Ethernet 0/0/2 
[sw4]-port-group]port link-type trunk 
[sw4]-Ethernet0/0/1]port link-type trunk //系统提示
[sw4]-Ethernet0/0/2]port link-type trunk //系统提示说明配置成功
[sw4]-port-group]port trunk allow-pass vlan 2
[sw4-Ethernet0/0/1]port trunk allow-pass vlan 2
[sw4-Ethernet0/0/2]port trunk allow-pass vlan 2//系统提示说明配置成功

After setting, you can display port vlan activequery the set Trunk trunk . As shown in the
figure, since the vlan has not been created, the display is all 1.

3.3 Creation and division of vlan

[sw1]vlan 2//因为sw1上默认有vlan1所以只用创建一个vlan2就行
[sw1-vlan2]

[sw2]vlan 2
[sw2-vlan2]

[sw3]vlan 2
[sw3-vlan2]

[sw4]vlan 2
[sw4-vlan2]

Because pc2 and pc4 are in vlan2, they need to be divided into vlan2

[sw3]int Ethernet0/0/4
[sw3-Ethernet0/0/4]port link-type access 
[sw3-Ethernet0/0/4]port default vlan 2

[sw4]int Ethernet0/0/4
[sw4-Ethernet0/0/4]port link-type access 
[sw4-Ethernet0/0/4]port default vlan 2

3.4 STP Spanning Tree

Take sw1 as an example

[sw1]stp mode mstp 
[sw1]stp enable 
[sw1]stp region-configuration 
[sw1-mst-region]region-name a
[sw1-mst-region]instance 1 vlan 1
[sw1-mst-region]instance 2 vlan 2
[sw1-mst-region]active region-configuration 

After setting, you can display stp briefcheck the status of STP by passing the picture as shown in the
figure

. Improve according to the three-in-one rule.

[sw1]stp instance 1 root primary 
[sw1]stp instance 2 root secondary 

[sw2]stp instance 1 root secondary 
[sw2]stp instance 2 root primary 

Improve PC connection efficiency

[sw3]port-group group-member Ethernet 0/0/3 to e0/0/4
[sw3-port-group]stp edged-port enable 

[sw4]port-group group-member Ethernet 0/0/3 to e0/0/4
[sw4-port-group]stp edged-port enable 

3.5 Configuring SVI and VRRP

First configure the ip address for the vlan

[sw1]interface Vlan 1
[sw1-Vlanif1]ip address 172.16.1.1 25
[sw1]interface Vlanif 2
[sw1-Vlanif2]ip address 172.16.1.129 25

[sw2]interface Vlanif 1
[sw2-Vlanif1]ip address 172.16.1.2 25
[sw2]int Vlanif 2
[sw2-Vlanif2]ip address 172.16.1.130 25

In sw1, vlan1 is the root and vlan2 is the backup
. In sw2, vlan1 is the backup and vlan2 is the root.

[sw1]interface Vlan 1
[sw1-Vlanif1]vrrp vrid 1 virtual-ip 172.16.1.126
[sw1-Vlanif1]vrrp vrid 1 priority 120
[sw1-Vlanif1]vrrp vrid 1 track interface Ethernet 0/0/1 reduced 30
[sw1]interface Vlanif 2
[sw1-Vlanif2]vrrp vrid 1 virtual-ip 172.16.1.254

[sw2]interface Vlanif 1
[sw2-Vlanif1]vrrp vrid 1 virtual-ip 172.16.1.126
[sw2]interface Vlanif 2
[sw2-Vlanif2]vrrp vrid 1 virtual-ip 172.16.1.254
[sw2-Vlanif2]vrrp vrid  1 priority 120
[sw2-Vlanif2]vrrp vrid 1 track interface Ethernet0/0/1 reduced 30

After configuration, we can display vrrp briefview it through the command as shown in the
figure

3.5 Set DHCP to obtain IP address

[sw2]dhcp enable 
[sw1-Vlanif1]vrrp vrid 1 virtual-ip 172.16.1.126
[sw2]ip pool g1
Info:It's successful to create an IP address pool.
[sw2-ip-pool-g1] gateway-list 172.16.1.126
[sw2-ip-pool-g1] network 172.16.1.0 mask 255.255.255.128
[sw2-ip-pool-g1] dns-list 114.114.114.114
[sw2-ip-pool-g1]ip pool v2
Info:It's successful to create an IP address pool.
[sw2-ip-pool-v2] gateway-list 172.16.1.254
[sw2-ip-pool-v2] network 172.16.1.128 mask 255.255.255.128
[sw2-ip-pool-v2] dns-list 114.114.114.114 8.8.8.8

[sw2-ip-pool-v2]int vl1
[sw2-Vlanif1]dhcp select global 
[sw2-Vlanif1]int vl2
[sw2-Vlanif2]dhcp select global 

ipconfigAfter obtaining it, we can view the IP through the command on the PC as shown in the
figure

4. Routing configuration

Because there is no actual port in Huawei equipment, configure two logical interfaces
sw1 for sw1 and sw2

[sw1]vlan 100
[sw1-vlan100]q
[sw1]int e0/0/1
[sw1-Ethernet0/0/1]port link-type access
[sw1-Ethernet0/0/1]p d vlan 100
[sw1]int Vlanif 100
[sw1-Vlanif100]ip address 172.16.0.1 30

[sw1]ospf 1 router-id 1.1.1.2
[sw1-ospf-1]area 0
[sw1-ospf-1-area-0.0.0.0]network 172.16.0.1 0.0.0.0
[sw1-ospf-1]area 1
[sw1-ospf-1-area-0.0.0.1]network 172.16.1.129 0.0.0.0

on sw2

[sw2]vlan 100
[sw2-vlan100]q
[sw2]int e0/0/1
[sw2-Ethernet0/0/1]port link-type access
[sw2-Ethernet0/0/1]p d vlan 100
[sw2]int Vlanif 100
[sw2-Vlanif100]ip address 172.16.0.5 30

[sw2]ospf 1 router-id 2.2.2.2
[sw1-ospf-1]area 0
[sw1-ospf-1-area-0.0.0.0]network 172.16.0.5 0.0.0.0
[sw1-ospf-1]area 1
[sw1-ospf-1-area-0.0.0.1]network 172.16.1.130 0.0.0.0

on the router

[r1]interface g0/0/1
[r1-GigabitEthernet0/0/1]ip address 172.16.0.2 30
[r1]interface g0/0/2
[r1-GigabitEthernet0/0/2]ip address 172.16.0.6 30
[r1]int g0/0/0
[r1-GigabitEthernet0/0/0]ip address 12.1.1.1 24

[r1]ospf 1 router-id 1.1.1.1
[r1-ospf-1-area-0.0.0.0]network 172.16.0.0 0.0.0.255

Then display ip routing-table protocol ospfwe can find that the route as shown in the figure can be summarized

, so the ospf in sw1 and sw2 is passed for abr-summary 172.16.1.0 255.255.255.0summarization
. After the summary, we find that every svi will establish a neighbor, which will cause too many hello packets to be sent, resulting in the amount of updates It is too large, so you should use the silent interface . Since there are too many interfaces to be silent, we directly silence all the interfaces, and then use the undo command to make what we want.

display ospf peer brief

[sw1-ospf-1]silent-interface all
[sw1-ospf-1]undo silent-interface Ethernet0/0/1
[sw1-ospf-1]undo silent-interface Eth-Trunk 0
[sw1-ospf-1]undo silent-interface Vlanif 1
[sw1-ospf-1]undo silent-interface Vlanif 100

[sw2-ospf-1]silent-interface all
[sw2-ospf-1]undo silent-interface Ethernet0/0/1
[sw1-ospf-1]undo silent-interface Eth-Trunk 0
[sw2-ospf-1]undo silent-interface Vlanif 1
[sw2-ospf-1]undo silent-interface Vlanif 100

5. Use NAT to connect to the external network

[r1]ip route-static 0.0.0.0 0.0.0.0 12.1.1.2
[r1-ospf-1]default-route-advertise
[r1]acl 2000
[r1-acl-basic-2000]rule permit source 172.16.0.0 0.0.255.255
[r1-acl-basic-2000]int g0/0/0
[r1-GigabitEthernet0/0/0]nat outbound 2000

Then test connectivity on PC