HCIP - three-tier architecture

1. Experimental requirements

1. Reasonable allocation of intranet IP address 172.16.0.0/16

2.SW1/2 are mutual backup

3. VRRP/STP/VLAN/TRUNK are all used reasonably

4. All PCs obtain IP addresses through DHCP

2. Experimental topology

 

 3. Experimental process

1. Create a VLAN

SW1：

[sw1]vlan 2

SW2：

[sw2]vlan 2

SW3：

[sw3]vlan 2

SW4：

[sw4]vlan 2

2. Create eth-trunk

SW1：

[sw1]int Eth-Trunk 1
[sw1-Eth-Trunk1]int g0/0/3    
[sw1-GigabitEthernet0/0/3]eth-trunk 1
[sw1-GigabitEthernet0/0/3]int g0/0/4    
[sw1-GigabitEthernet0/0/4]eth-trunk 1

SW2：

[sw2]int Eth-Trunk 1
[sw2-Eth-Trunk1]int g0/0/3
[sw2-GigabitEthernet0/0/3]eth-trunk 1    
[sw2-GigabitEthernet0/0/3]int g0/0/4
[sw2-GigabitEthernet0/0/4]eth-trunk 1

3. Create a trunk

SW1

[sw1]int g0/0/2
[sw1-GigabitEthernet0/0/2]port link-type trunk     
[sw1-GigabitEthernet0/0/2]port trunk allow-pass vlan all
[sw1-GigabitEthernet0/0/2]
[sw1-GigabitEthernet0/0/2]int g0/0/5    
[sw1-GigabitEthernet0/0/5]port link-type trunk 
[sw1-GigabitEthernet0/0/5]port trunk allow-pass vlan all

SW2：

[sw2]int g0/0/2    
[sw2-GigabitEthernet0/0/2]port link-type trunk 
[sw2-GigabitEthernet0/0/2]port trunk allow-pass vlan all
[sw2-GigabitEthernet0/0/2]    
[sw2-GigabitEthernet0/0/2]int g0/0/5
[sw2-GigabitEthernet0/0/5]port link-type trunk 
[sw2-GigabitEthernet0/0/5]port trunk allow-pass vlan all

SW3：

[sw3]int g0/0/2
[sw3-GigabitEthernet0/0/2]port link-type trunk 
[sw3-GigabitEthernet0/0/2]port trunk allow-pass vlan all
[sw3-GigabitEthernet0/0/2]
[sw3-GigabitEthernet0/0/2]int g0/0/1    
[sw3-GigabitEthernet0/0/1]port link-type trunk 
[sw3-GigabitEthernet0/0/1]port trunk allow-pass vlan all

SW4：

[sw4]int g0/0/2
[sw4-GigabitEthernet0/0/2]port link-type trunk 
[sw4-GigabitEthernet0/0/2]port trunk allow-pass vlan all
[sw4-GigabitEthernet0/0/2]
[sw4-GigabitEthernet0/0/2]int g0/0/1
[sw4-GigabitEthernet0/0/1]port link-type trunk 
[sw4-GigabitEthernet0/0/1]port trunk allow-pass vlan all

SW3/4 configuration pc

[sw3]int e0/0/1
[sw3-Ethernet0/0/1]port link-type access     
[sw3-Ethernet0/0/1]port default vlan 1
[sw3-Ethernet0/0/1]
[sw3-Ethernet0/0/1]int e0/0/2
[sw3-Ethernet0/0/2]port link-type access 
[sw3-Ethernet0/0/2]port default vlan 2

SW4：

[sw4]int e0/0/1    
[sw4-Ethernet0/0/1]port link-type access 
[sw4-Ethernet0/0/1]port default vlan 1
[sw4-Ethernet0/0/1]
[sw4-Ethernet0/0/1]int e0/0/2
[sw4-Ethernet0/0/2]port link-type access 
[sw4-Ethernet0/0/2]port default vlan 2

4. Create STP spanning tree

SW1：

[sw1]stp enable     
[sw1]stp mode mstp     
[sw1]stp region-configuration 
[sw1-mst-region]region-name a
[sw1-mst-region]instance 1 vlan 1
[sw1-mst-region]instance 2 vlan 2
[sw1-mst-region]active region-configuration

[sw1]stp instance 1 root primary 
[sw1]stp instance 2 root secondary 

SW2：

[sw2]stp enable     
[sw2]stp mode mstp 
[sw2]stp region-configuration 
[sw2-mst-region]region-name a
[sw2-mst-region]instance 1 vlan 1
[sw2-mst-region]instance 2 vlan 2
[sw2-mst-region]active region-configuration

[sw2]stp instance 1 root secondary 
[sw2]stp instance 2 root primary 

SW3：

[sw3]stp enable 
[sw3]stp mode mstp 
[sw3]stp region-configuration 
[sw3-mst-region]region-name a
[sw3-mst-region]instance 1 vlan 1
[sw3-mst-region]instance 2 vlan 2

[sw3]int e0/0/1
[sw3-Ethernet0/0/1]stp edged-port enable 
[sw3-Ethernet0/0/1]int e0/0/2
[sw3-Ethernet0/0/2]stp edged-port enable

SW4：

[sw4]stp enable     
[sw4]stp mode mstp 
[sw4]stp region-configuration 
[sw4-mst-region]region-name a
[sw4-mst-region]instance 1 vlan 1
[sw4-mst-region]instance 2 vlan 2

[sw4]int e0/0/1
[sw4-Ethernet0/0/1]stp edged-port enable 
[sw4-Ethernet0/0/1]int e0/0/2
[sw4-Ethernet0/0/2]stp edged-port enable 

5. Configure the svi virtual interface

SW1：

[sw1]int vlan 1
[sw1-Vlanif1]ip add 172.16.1.254 24
[sw1-Vlanif1]int vlan 2
[sw1-Vlanif2]ip add 172.16.2.254 24

SW2：

[sw2]int vlan 1
[sw2-Vlanif1]ip add 172.16.1.253 24
[sw2-Vlanif1]int vlan 2
[sw2-Vlanif2]ip add 172.16.2.253 24

6. Configure VRRP virtual routing redundancy protocol for gateway redundancy

SW1：

[sw1]int vlan 1
[sw1-Vlanif1]vrrp vrid 1 virtual-ip 172.16.1.100
[sw1-Vlanif1]vrrp vrid 1 priority 101    
[sw1-Vlanif1]vrrp vrid 1 track int g0/0/1 reduced 10
[sw1-Vlanif1]
[sw1-Vlanif1]int vlan 2
[sw1-Vlanif2]vrrp vrid 1 virtual-ip 172.16.2.100

SW2:

[sw2]int vlan 2
[sw2-Vlanif2]vrrp vrid 1 virtual-ip 172.16.2.100
[sw2-Vlanif2]vrrp vrid 1 priority 101
[sw2-Vlanif2]vrrp vrid 1 track int g0/0/1 reduced 10
[sw2-Vlanif2]
[sw2-Vlanif2]int vlan 1    
[sw2-Vlanif1]vrrp vrid 1 virtual-ip 172.16.1.100

6. Create DHCP

SW1：

[sw1]dhcp enable 
[sw1]ip pool vlan1
[sw1-ip-pool-vlan1]network 172.16.1.0 mask 24
[sw1-ip-pool-vlan1]gateway-list 172.16.1.100
[sw1-ip-pool-vlan1]dns-list 114.114.114.114
[sw1]ip pool vlan2
[sw1-ip-pool-vlan2]network 172.16.2.0 mask 24    
[sw1-ip-pool-vlan2]gateway-list 172.16.2.100
[sw1-ip-pool-vlan2]dns-list 114.114.114.114

[sw1]int vlan 1    
[sw1-Vlanif1]dhcp select global 
[sw1-Vlanif1]int vlan 2
[sw1-Vlanif2]dhcp select global

SW2：

[sw2]dhcp enable 
[sw2]ip pool vlan1
[sw2-ip-pool-vlan1]network 172.16.1.0 mask 24
[sw2-ip-pool-vlan1]gateway-list 172.16.1.100
[sw2-ip-pool-vlan1]dns-list 114.114.114.114
[sw2]ip pool vlan2    
[sw2-ip-pool-vlan2]network 172.16.2.0 mask 24
[sw2-ip-pool-vlan2]gateway-list 172.16.2.100
[sw2-ip-pool-vlan2]dns-list 114.114.114.114

[sw2]int vlan 1    
[sw2-Vlanif1]dhcp select global 
[sw2-Vlanif1]int vlan 2
[sw2-Vlanif2]dhcp select global

7. Configure routing address

SW1：

[sw1]vlan 3
[sw1]int vlan 3
[sw1-Vlanif3]ip add 172.16.0.1 30
[sw1-Vlanif3]int g0/0/1    
[sw1-GigabitEthernet0/0/1]port link-type access 
[sw1-GigabitEthernet0/0/1]port default vlan 3

SW2：

[sw2]vlan 4
[sw2]int vlan 4
[sw2-Vlanif4]ip add 172.16.0.5 30
[sw2-Vlanif4]int g0/0/1    
[sw2-GigabitEthernet0/0/1]port link-type access 
[sw2-GigabitEthernet0/0/1]port default vlan 4

R1：

[r1]int g0/0/1
[r1-GigabitEthernet0/0/1]ip add 172.16.0.2 30
[r1-GigabitEthernet0/0/1]int g0/0/2
[r1-GigabitEthernet0/0/2]ip add 172.16.0.6 30


开启ospf协议

[r1]ospf 1 router-id 1.1.1.1    
[r1-ospf-1]area 0
[r1-ospf-1-area-0.0.0.0]network 172.16.0.0 0.0.255.255

[sw1]ospf 1 router-id 2.2.2.2
[sw1-ospf-1]area 0
[sw1-ospf-1-area-0.0.0.0]network 172.16.0.1 0.0.0.0
[sw1-ospf-1]area 1
[sw1-ospf-1-area-0.0.0.1]network 172.16.2.0 0.0.0.255
[sw1-ospf-1-area-0.0.0.1]network 172.16.1.0 0.0.0.255
[sw1]ospf 1
[sw1-ospf-1]silent-interface g0/0/5
[sw1-ospf-1]silent-interface g0/0/2

[sw2]ospf 1 router-id 3.3.3.3
[sw2-ospf-1]area 0
[sw2-ospf-1-area-0.0.0.0]network 172.16.0.5 0.0.0.0
[sw2-ospf-1]area 1
[sw2-ospf-1-area-0.0.0.1]network 172.16.2.0 0.0.0.255
[sw2-ospf-1-area-0.0.0.1]network 172.16.1.0 0.0.0.255
[sw2]ospf 1
[sw2-ospf-1]silent-interface g0/0/5
[sw2-ospf-1]silent-interface g0/0/2

链接公网
[r1]int g0/0/0
[r1-GigabitEthernet0/0/0]ip add 12.1.1.2 24

[r2]int g0/0/0
[r2-GigabitEthernet0/0/0]ip add 12.1.1.1 24
[r2-GigabitEthernet0/0/0]int lo 0 
[r2-LoopBack0]ip add 1.1.1.1 24

[r1]ip route-static 0.0.0.0 0.0.0.0 g0/0/0 12.1.1.1

[r1-ospf-1]default-route-advertise always

[r1]acl 2000    
[r1-acl-basic-2000]rule 0 permit source 172.16.0.0 0.0.255.255
[r1-acl-basic-2000]q
[r1]
[r1]int g0/0/0    
[r1-GigabitEthernet0/0/0]nat outbound 2000

 4. Experimental results

DHCP configured successfully 

PC can communicate normally