[eNSP]HCIP第二阶段综合实验

OSPF+MSTP+VRRP+MPLS VPN

拓扑图

实验拓扑
实验拓扑

准备. 配置链路聚合

如果需要配置链路聚合,必须最先配置它
[S3]&[S4]
interface Eth-Trunk1
 trunkport GigabitEthernet 0/0/2
 trunkport GigabitEthernet 0/0/3

一. 配置MSTP

1. 配置四台交换机到域名为RG1的域内,创建实例MSTI1和实例MSTI2

[S1]&[S2]&[S3]&[S4]
stp region-configuration
 region-name RG1
 revision-level 1
 instance 1 vlan 21 
 instance 2 vlan 22 
 active region-configuration

2. 在域RG1内,配置MSTI1与MSTI2的根桥与备份根桥

[S3]
stp instance 1 root primary
stp instance 2 root secondary
[S4]
stp instance 1 root secondary
stp instance 2 root primary

3. 配置端口开销

可选

4. 设备全局使能MSTP

[S1]&[S2]&[S3]&[S4]
stp enable

将与Host或路由器相连的端口配置为边缘端口(非必需)

[端口视图] stp edged-port enable

二.配置设备间的网络互连

1. 配置各接口IP

[R1]
interface LoopBack0
 ip address 1.1.1.1 255.255.255.255 
interface Ethernet0/0/0
 ip address 10.0.13.1 255.255.255.0 
interface Ethernet0/0/1
 ip address 10.0.14.1 255.255.255.0 
[S3]
interface Vlanif2
 ip address 10.0.13.3 255.255.255.0 
interface Vlanif21
 ip address 10.0.1.3 255.255.255.0 
interface Vlanif22
 ip address 10.0.2.3 255.255.255.0 
[S4]
interface Vlanif2
 ip address 10.0.4.4 255.255.255.0 
interface Vlanif21
 ip address 10.0.1.4 255.255.255.0 
interface Vlanif22
 ip address 10.0.2.4 255.255.255.0 

2. 创建VLAN

[S3]&[S4]
vlan batch 2 21 22
[S1]&[S2]
vlan batch 21 22

3. 将设备端口加入VLAN

[S3]&[S4]
interface Eth-Trunk1
 port link-type trunk
 port trunk allow-pass vlan 21 to 22
interface GigabitEthernet0/0/1
 port link-type trunk
 port trunk allow-pass vlan 21 to 22
interface GigabitEthernet0/0/4
 port link-type trunk
 port trunk allow-pass vlan 21 to 22
interface GigabitEthernet0/0/5
 port link-type access
 port default vlan 2
[S1]&[S2]
interface Ethernet0/0/1
 port link-type trunk
 port trunk allow-pass vlan 21 to 22
interface Ethernet0/0/2
 port link-type access
 port default vlan 21
interface Ethernet0/0/3
 port link-type trunk
 port trunk allow-pass vlan 21 to 22

4. 配置R1 S3 S4 间OSPF

使能OSPF的两种方法

  1. 在OSPF区域中使能OSPF
[ospf-areax.x.x.x]network ip-address wildcard-mask
  1. 在指定接口中使能OSPF
[接口视图]ospf enable [ process-id ] area area-id
eg:
 ospf enable 1 area 0.0.0.0 //area-id可缩写为0
[R1]
ospf 1 router-id 1.1.1.1
 area 0.0.0.0
  network 10.0.13.0 0.0.0.255
  network 10.0.14.0 0.0.0.255
  network 1.1.1.1 0.0.0.0
[S3]
ospf 1
 area 0.0.0.0
  network 10.0.13.0 0.0.0.255
  network 10.0.1.0 0.0.0.255
  network 10.0.2.0 0.0.0.255
[S4]
ospf 1
 area 0.0.0.0
  network 10.0.14.0 0.0.0.255
  network 10.0.1.0 0.0.0.255
  network 10.0.2.0 0.0.0.255

三. 配置VRRP

[S3]
interface Vlanif21
 vrrp vrid 1 virtual-ip 10.0.1.254 //创建组号为1的VRRP备份组并为备份组指定虚拟IP地址10.0.1.254。
 vrrp vrid 1 priority 120 //配置VRRP备份组1的优先级为120。
 vrrp vrid 1 preempt-mode timer delay 20 //配置VRRP备份组1抢占延时为20秒。
 vrrp vrid 1 track interface GigabitEthernet0/0/5 reduced 50 //配置跟踪功能监控路由 ~~~若上联端口down掉 优先级降50
#
interface Vlanif22
 vrrp vrid 2 virtual-ip 10.0.2.254
[S4]
interface Vlanif21
 vrrp vrid 1 virtual-ip 10.0.1.254
#
interface Vlanif22
 vrrp vrid 2 virtual-ip 10.0.2.254
 vrrp vrid 2 priority 120
 vrrp vrid 2 preempt-mode timer delay 20
 vrrp vrid 2 track interface GigabitEthernet0/0/5 reduced 50

四. 配置MPLS VPN

1. 配置IP

[R1]  // 它的loopback0配过了
interface GigabitEthernet0/0/0
 ip address 100.0.12.1 255.255.255.0 
router id 1.1.1.1
[R2]
interface GigabitEthernet0/0/0
 ip address 100.0.12.2 255.255.255.0 
interface GigabitEthernet0/0/1
 ip address 100.0.23.2 255.255.255.0 
interface LoopBack0
 ip address 2.2.2.2 255.255.255.255 
 q
router id 2.2.2.2
[R3]
interface GigabitEthernet0/0/1
 ip address 100.0.23.3 255.255.255.0 
interface LoopBack1
 ip address 10.0.3.1 255.255.255.0 
interface LoopBack0
 ip address 3.3.3.3 255.255.255.255 
 q
router id 3.3.3.3

2. 配置运营商网络单区域 OSPF

[R2]
ospf 1 router-id 2.2.2.2
 area 0.0.0.0
  network 100.0.23.0 0.0.0.255
  network 2.2.2.2 0.0.0.0
[R3]
ospf 1 router-id 3.3.3.3
 area 0.0.0.0
  network 100.0.23.0 0.0.0.255
  network 3.3.3.3 0.0.0.0

3. 配置运营商网络边缘设备的VPN实例

[R2]
ip vpn-instance v1
 ipv4-family
  route-distinguisher 100:1
  vpn-target 12:3 export-extcommunity
  vpn-target 12:3 import-extcommunity
#
interface GigabitEthernet0/0/0
 ip binding vpn-instance v1  //将当前接口与VPN实例绑定
 ip address 100.0.12.2 255.255.255.0  //绑定后会清理接口下该类地址的配置,所以要再配一次
[R3]
ip vpn-instance v1
 ipv4-family
  route-distinguisher 200:1
  vpn-target 12:3 export-extcommunity
  vpn-target 12:3 import-extcommunity
#
interface LoopBack1
 ip binding vpn-instance v1
 ip address 10.0.3.1 255.255.255.0 

4. 配置客户网络边缘设备与运营商网络边缘设备使用 BGP 协议传递路由

[R1]
bgp 100
 peer 100.0.12.2 as-number 200
  import-route ospf 1
[R2]
bgp 200
 ipv4-family vpn-instance v1
  peer 100.0.12.1 as-number 100
[R3]
bgp 200
 ipv4-family vpn-instance v1 
  network 10.0.3.0 255.255.255.0 

5. 配置运营商网络设备使用 MP-BGP 协议传递客户的私网路由

[R2]
bgp 200
 peer 3.3.3.3 as-number 200 
 peer 3.3.3.3 connect-interface LoopBack0
 # 
 ipv4-family vpnv4 unicast 
  peer 3.3.3.3 enable

[R3]
bgp 200
 peer 2.2.2.2 as-number 200 
 peer 2.2.2.2 connect-interface LoopBack0
 # 
 ipv4-family vpnv4 unicast
  peer 2.2.2.2 enable

6. 配置运营商网络设备使用 MPLS LDP 协议转发客户的私网数据

[R2]
mpls lsr-id 2.2.2.2
mpls
#
mpls ldp
#
interface GigabitEthernet0/0/1
 mpls
 mpls ldp
[R3]
mpls lsr-id 3.3.3.3
mpls
#
mpls ldp
#
interface GigabitEthernet0/0/1
 mpls
 mpls ldp

7. 检查

<R2>dis ip routing-table vpn-instance v1
#
<R1>ping -a 1.1.1.1 10.0.3.1

添加新评论