Three tier architecture experiment

1. Experimental content

Two . The topology

3、 ... and . Experimental configuration

1. establish eht-trunk

[sw1]interface Eth-Trunk 1
[sw1-Eth-Trunk1]int g 0/0/1
[sw1-GigabitEthernet0/0/2]eth-trunk 0

[sw1-Eth-Trunk1]int g 0/0/2
[sw1-GigabitEthernet0/0/2]eth-trunk 0

sw2

[sw2]int Eth-Trunk 0
[sw2]int g 0/0/1
[sw2-GigabitEthernet0/0/1]eth-trunk 0
[sw2]int g0/0/2
[sw2-GigabitEthernet0/0/2]eth-trunk 0

2. establish vlan

sw1
[sw1]vlan 2

sw2
[sw2]vlan 2

sw3
[sw3]vlan 2

sw4
[sw4]vlan 2

3. Divide vlan,vlan1 There are , There's no need to divide

sw3

[sw3-vlan2]int e0/0/4	
[sw3-Ethernet0/0/4]port link-type access 
[sw3-Ethernet0/0/4]port default vlan 2

sw4

[sw4]int e 0/0/4	
[sw4-Ethernet0/0/4]port link-type access 
[sw4-Ethernet0/0/4]port default vlan 2

4. establish trunk Plank road , because trunk A large number , You can use groups

sw1

[sw1]port-group group-member Eth-Trunk 0 Ethernet 0/0/1 to Ethernet 0/0/2	
[sw1-port-group]port link-type trunk 
[sw1-port-group]port trunk allow-pass vlan 2

sw2

[sw2]port-group group-member Eth-Trunk 0 Ethernet 0/0/1 to Ethernet 0/0/2
[sw2-port-group]port link-type trunk 
[sw2-port-group]port trunk allow-pass vlan 2

sw3

[sw3]port-group group-member Ethernet 0/0/1 to Ethernet 0/0/2
[sw3-port-group]port link-type trunk 
[sw3-port-group]port trunk allow-pass vlan 2

sw4

[sw4]port-group group-member Ethernet 0/0/1 to Ethernet 0/0/2
[sw4-port-group]port link-type trunk 
[sw4-port-group]port trunk allow-pass vlan 2

4. start-up stp, take vlan1 Assign to group 1,vlan2 Assign to group 2

sw1

[sw1]stp mode mstp 
[sw1]stp enable 
[sw1]stp region-configuration 
[sw1-mst-region]region-name a
[sw1-mst-region]instance 1 vlan 1
[sw1-mst-region]instance 2 vlan 2
[sw1-mst-region]active region-configuration 

sw2

[sw2]stp mode mstp 
[sw2]stp enable 
[sw2]stp region-configuration 
[sw2-mst-region]region-name a
[sw2-mst-region]instance 1 vlan 1
[sw2-mst-region]instance 2 vlan 2
[sw2-mst-region]active region-configuration 

sw3

[sw3]stp mode mstp 
[sw3]stp enable 
[sw3]stp region-configuration 
[sw3-mst-region]region-name a
[sw3-mst-region]instance 1 vlan 1
[sw3-mst-region]instance 2 vlan 2	
[sw3-mst-region]active region-configuration 

sw4

[sw4]stp mode mstp 
[sw4]stp enable 
[sw4]stp region-configuration 
[sw4-mst-region]region-name a	
[sw4-mst-region]instance 1 vlan 1
[sw4-mst-region]instance 2 vlan 2
[sw4-mst-region]active region-configuration 

stay sw1 Check out stp surface , You can see vlan1 The interface of is in group 1,vlan2 The interface of is in group 2, meanwhile sw1 All interfaces on the are specified interfaces , explain sw1 For the root bridge .

  stay sw2 Check out , There is a root port

  stay sw1 Do on vlan1 The taproot of , stay vlan2 Make a backup root ,

[sw1]stp instance 1 root primary 
[sw1]stp instance 2 root secondary 

see stp surface , It is found from the table that , stay vlan1 All are specified interfaces , stay vlan2,eth-trhunk 0 For the root port

  stay sw2 Do on vlan1 The backup root of ,vlan2 The taproot of

[sw2]stp instance 1 root secondary 
[sw2]stp instance 2 root primary 

see stp surface , You can find , stay vlan1 eth-trunk For the root port , stay vlan2 All specified ports

 5. start-up svi

sw1

[sw1]interface vlan 1
[sw1-Vlanif1]ip add 172.16.1.1 25
[sw1]int vlan 2
[sw1-Vlanif2]ip add 172.16.1.129 25

sw2

[sw2]int vlan 1
[sw2-Vlanif1]ip add 172.16.1.2 25
[sw2]int vlan 2
[sw2-Vlanif2]ip add 172.16.1.130 25

6. start-up vrrp

sw1, stay vlan1 Configure virtual in ip after , Increase the priority , Doing an uplink tracking , stay vlan2 Configure virtual in ip

[sw1]int vlan 1
[sw1-Vlanif1]vrrp vrid 1 virtual-ip 172.16.1.126
[sw1-Vlanif1]vrrp vrid 1 priority 105
[sw1-Vlanif1]vrrp vrid 1 track interface Ethernet 0/0/22 reduced 10

[sw1-Vlanif1]int vlan 2
[sw1-Vlanif2]vrrp vrid 1 virtual-ip 172.16.1.254

sw2 stay vlan1 Configure virtual in ip, stay vlan2 Configure virtual in IP, Increase priority , Do an uplink tracking

[sw2]int vlan 1
[sw2-Vlanif1]vrrp vrid 1 virtual-ip 172.16.1.126
[sw2]int vlan 2 
	
[sw2-Vlanif2]vrrp vrid 1 virtual-ip 172.16.1.254	
[sw2-Vlanif2]vrrp vrid 1 priority 105
[sw2-Vlanif2]vrrp vrid 1 track interface Ethernet 0/0/22 reduced 10

see sw1 Of vrrp surface , stay vlan1 Be the main root ,vlan2 Backup root

  see sw2, stay vlan1 Make a backup root ,vlan2 Be the main root

 7. To configure dhcp

sw1, Divide two ponds ,v1,v2

[sw1]dhcp enable 
[sw1]ip pool v1
[sw1-ip-pool-v1]network 172.16.1.0 mask 25
[sw1-ip-pool-v1]gateway-list 172.16.1.126
[sw1-ip-pool-v1]dns-list 114.114.114.114
[sw1-ip-pool-v1]int vlan 1
[sw1-Vlanif1]dhcp select global 

[sw1]ip pool v2
[sw1-ip-pool-v2]network 172.16.1.128 mask 25
[sw1-ip-pool-v2]gateway-list 172.16.1.254
[sw1-ip-pool-v2]dns-list 114.114.114.114
[sw1-ip-pool-v2]int vlan 2
[sw1-Vlanif2]dhcp select global 

sw2

[sw2]dhcp enable 
[sw2]ip pool v1
[sw2-ip-pool-v1]network 172.16.1.0 mask 25
[sw2-ip-pool-v1]gateway-list 172.16.1.126
[sw2-ip-pool-v1]dns-list 114.114.114.114
[sw2-ip-pool-v1]int vlan 1
[sw2-Vlanif1]dhcp select global 

[sw2]ip pool v2
[sw2-ip-pool-v2]network 172.16.1.128 mask 25
[sw2-ip-pool-v2]gateway-list 172.16.1.254
[sw2-ip-pool-v2]dns-list 114.114.114.114
[sw2-ip-pool-v2]int vlan 2
[sw2-Vlanif2]dhcp select global 

see pc1, Succeed in getting ip, The gateway to 1.126

  see pc2, The gateway to 1.254

  To configure r1

[r1]int g 0/0/1
[r1-GigabitEthernet0/0/1]ip add 12.1.1.1 24

[r1]int g 0/0/0
[r1-GigabitEthernet0/0/0]ip add 172.16.0.1 30 

[r1]int g 0/0/2
[r1-GigabitEthernet0/0/2]ip add 172.16.0.5 30

r2

[r2]int g 0/0/0
[r2-GigabitEthernet0/0/0]ip add 12.1.1.2 24
[r2]int lo0
[r2-LoopBack0]ip add 1.1.1.1 24

sw1e0/0/22 Interface IP

[sw1]vlan 50
[sw1-vlan50]int e 0/0/22
[sw1-Ethernet0/0/22]port link-type access 	
[sw1-Ethernet0/0/22]port default vlan 50
[sw1-Ethernet0/0/22]int vlan 50
[sw1-Vlanif50]ip add 172.16.0.2 30

sw2

[sw2]vlan 50
[sw2-vlan50]int e 0/0/22
[sw2-Ethernet0/0/22]port link-type access 		
[sw2-Ethernet0/0/22]port default vlan 50
[sw2-Ethernet0/0/22]int vlan 50
[sw2-Vlanif50]ip add 172.16.0.6 30

sw1 visit r1

[sw1-Vlanif50]ping 172.16.0.1
  PING 172.16.0.1: 56  data bytes, press CTRL_C to break
    Reply from 172.16.0.1: bytes=56 Sequence=1 ttl=255 time=100 ms
    Reply from 172.16.0.1: bytes=56 Sequence=2 ttl=255 time=50 ms
    Reply from 172.16.0.1: bytes=56 Sequence=3 ttl=255 time=40 ms
    Reply from 172.16.0.1: bytes=56 Sequence=4 ttl=255 time=50 ms

sw2 visit r1

[sw2-Vlanif50]ping 172.16.0.5
  PING 172.16.0.5: 56  data bytes, press CTRL_C to break
    Reply from 172.16.0.5: bytes=56 Sequence=1 ttl=255 time=60 ms
    Reply from 172.16.0.5: bytes=56 Sequence=2 ttl=255 time=20 ms
    Reply from 172.16.0.5: bytes=56 Sequence=3 ttl=255 time=20 ms
    Reply from 172.16.0.5: bytes=56 Sequence=4 ttl=255 time=10 ms
    Reply from 172.16.0.5: bytes=56 Sequence=5 ttl=255 time=30 ms

8. Use ospf Connect the core layer

sw1

[sw1]ospf 1 router-id 1.1.1.1
[sw1-ospf-1]area 0
[sw1-ospf-1-area-0.0.0.0]network 172.16.0.0 0.0.255.255

sw2

[sw2]ospf 1 router-id 2.2.2.2 
[sw2-ospf-1]area 0	
[sw2-ospf-1-area-0.0.0.0]network 172.16.0.0 0.0.255.255

r1

[r1]ospf 1 router-id 3.3.3.3	
[r1-ospf-1]area 0
[r1-ospf-1-area-0.0.0.0]network 172.16.0.0 0.0.255.255

see r1 Neighborhood watch , Neighbors built successfully

  Because there are many switches in 30% svi, It will put hello Packets are sent to layer 2 , So you need to configure the silent interface ,

sw1, Silence all interfaces , Open the following three interfaces

[sw1-ospf-1]undo silent-interface Eth-Trunk 0
[sw1-ospf-1]undo silent-interface Vlanif 50
[sw1-ospf-1]undo silent-interface vlaif 2

sw2

[sw2-ospf-1]undo silent-interface Eth-Trunk 0
[sw2-ospf-1]undo silent-interface Vlanif 1
[sw2-ospf-1]undo silent-interface Vlanif 50

stay r1 Write a default pointing to r2

[r1]ip route-static 0.0.0.0 0 12.1.1.2

stay r1 Declare the default to ospf in

[r1-ospf-1]default-route-advertise 

sw1, sw2 Learned the default

9.nat address translation

stay r1 Do on nat

[r1]acl 2000                	
[r1-acl-basic-2000]rule permit source 172.16.0.0 0.0.255.255
[r1-acl-basic-2000]int g 0/0/1
[r1-GigabitEthernet0/0/1]nat outbound 2000

10.pc1,pc2 Visit the public network

pc1

PC>ping 1.1.1.1

Ping 1.1.1.1: 32 data bytes, Press Ctrl_C to break
Request timeout!
From 1.1.1.1: bytes=32 seq=2 ttl=253 time=78 ms
From 1.1.1.1: bytes=32 seq=3 ttl=253 time=63 ms
From 1.1.1.1: bytes=32 seq=4 ttl=253 time=78 ms
From 1.1.1.1: bytes=32 seq=5 ttl=253 time=78 ms

pc2

PC>ping 1.1.1.1

Ping 1.1.1.1: 32 data bytes, Press Ctrl_C to break
From 1.1.1.1: bytes=32 seq=1 ttl=253 time=78 ms
From 1.1.1.1: bytes=32 seq=2 ttl=253 time=78 ms
From 1.1.1.1: bytes=32 seq=3 ttl=253 time=94 ms
From 1.1.1.1: bytes=32 seq=4 ttl=253 time=62 ms
From 1.1.1.1: bytes=32 seq=5 ttl=253 time=78 ms

Successful visit

The three-tier architecture has been built successfully