华为Ensp拓扑,使用MSTP、OSPF、DHCP、VRRP、链路聚合、CHAP
OSPF+DHCP+VRRP+Eth-trunk+PPP(CHAP)+MSTP
实验目标:
- LSW1和LSW2核心交换机互为备份,配置链路聚合,设备冗余设计,LSW1和LSW2作为核心交换机配置DHCP下发,并配置VRRP作为终端的网关。
- AR1与AR2通过ppp链路连接,启用ppp协议的chap认证,AR2为认证方、AR1为被认证方,用户名为路由器名称,密码:123456 。AR1与AR2的连接采用静态路由(默认路由连接)。
- 在AR1的S1/0/0接口上配置NAT地址转换,使内部各网段PC能访问互联网服务器server1 。
- AR1与LSW1和LSW2核心交换机采用OSPF实现路由互通
- 在核心交换机启用的vrrp协议中,VLAN61、62的数据流默认通过LSW1转发,VLAN63、64数据流默认通过LSW2转发。
- 整个网络采用多生成树,设置LSW1作为生成树实例1的根,VLAN61、62归属于生成树实例1,设置LSW2作为生成树实例2的根,VLAN63、64归属于生成树实例2.
- 配置ACAP使的无线用户获取IP地址并能够上网
配置思路:
IP地址表:
| 设备 | 端口 | IP地址 |
|---|---|---|
| AR1 | G0/0/1 | 10.10.111.1/30 |
| AR1 | G0/0/2 | 10.10.112.1/30 |
| AR1 | S1/0/0 | 11.11.11.1/24 |
| AR1 | Loopback0 | 1.1.1.1/32 |
| AR2 | G0/0/0 | 200.200.46.1/24 |
| AR2 | S1/0/0 | 11.11.11.2/24 |
| LSW1 | VLANif61 | 10.10.61.252/24 |
| LSW1 | VLANif62 | 10.10.62.252/24 |
| LSW1 | VLANif63 | 10.10.63.252/24 |
| LSW1 | VLANif64 | 10.10.64.252/24 |
| LSW1 | VLANif100 | 10.10.100.252/24 |
| LSW1 | VLANif101 | 10.10.101.252/24 |
| LSW1 | VLANif111 | 10.10.111.2/30 |
| LSW1 | Loopback0 | 2.2.2.2/32 |
| LSW2 | VLANif61 | 10.10.61.253/24 |
| LSW2 | VLANif62 | 10.10.62.253/24 |
| LSW2 | VLANif63 | 10.10.63.253/24 |
| LSW2 | VLANif64 | 10.10.64.253/24 |
| LSW2 | VLANif100 | 10.10.100.1/24 |
| LSW2 | VLANif101 | 10.10.101.1/24 |
| LSW2 | VLANif112 | 10.10.112.2/30 |
| LSW2 | Loopback0 | 3.3.3.3/32 |
| AC | VLANif100 | 10.10.100.2/24 |
| AC | Loopback0 | 4.4.4.4/32 |
| PC1 | E0/0/1 | DHCP获取 |
| PC2 | E0/0/1 | DHCP获取 |
| PC3 | E0/0/1 | DHCP获取 |
| STA1 | DHCP获取 | |
| STA2 | DHCP获取 |
接口表:
| 本端设备 | 本端接口 | 所属VLAN | 对端设备 | 对端接口 | 所属VLAN |
|---|---|---|---|---|---|
| AR1 | G0/0/1 | LSW1 | G0/0/24 | VLAN111 | |
| AR1 | G0/0/2 | LSW2 | G0/0/24 | VLAN112 | |
| AR1 | S1/0/0 | AR2 | S1/0/0 | ||
| AR2 | G0/0/0 | Server1 | E0/0/0 | ||
| AR2 | S1/0/0 | AR1 | S1/0/0 | ||
| LSW1 | G0/0/1 | VLAN61~64 | LSW3 | G0/0/1 | VLAN61~64 |
| LSW1 | G0/0/2 | VLAN61~64 | LSW4 | G0/0/1 | VLAN61~64 |
| LSW1 | G0/0/3 | VLAN6164、100101 | LSW5 | G0/0/1 | VLAN61~64 |
| LSW1 | G0/0/21 | VLAN61~64 | LSW2 | G0/0/21 | VLAN61~64 |
| LSW1 | G0/0/22 | VLAN61~64 | LSW2 | G0/0/22 | VLAN61~64 |
| LSW1 | G0/0/23 | VLAN100 | AC | G0/0/2 | VLAN100 |
| LSW1 | G0/0/24 | VLAN111 | AR1 | G0/0/1 | |
| LSW2 | G0/0/1 | VLAN61~64 | LSW3 | G0/0/2 | VLAN61~64 |
| LSW2 | G0/0/2 | VLAN61~64 | LSW4 | G0/0/2 | VLAN61~64 |
| LSW2 | G0/0/3 | VLAN6164、100101 | LSW5 | G0/0/2 | VLAN61~64 |
| LSW2 | G0/0/21 | VLAN61~64 | LSW1 | G0/0/21 | VLAN61~64 |
| LSW2 | G0/0/22 | VLAN61~64 | LSW1 | G0/0/22 | VLAN61~64 |
| LSW2 | G0/0/24 | VLAN112 | AR1 | G0/0/2 | |
| LSW2 | G0/0/23 | VLAN100 | AC | G0/0/1 | VLAN100 |
| LSW3 | G0/0/1 | VLAN61~64 | LSW1 | G0/0/1 | VLAN61~64 |
| LSW3 | G0/0/2 | VLAN61~64 | LSW2 | G0/0/1 | VLAN61~64 |
| LSW3 | E0/0/1 | VLAN61 | PC1 | E0/0/1 | VLAN61 |
| LSW4 | G0/0/1 | VLAN61~64 | LSW1 | G0/0/2 | VLAN61~64 |
| LSW4 | G0/0/2 | VLAN61~64 | LSW2 | G0/0/2 | VLAN61~64 |
| LSW4 | E0/0/1 | VLAN62 | PC2 | E0/0/1 | VLAN62 |
| LSW5 | G0/0/1 | VLAN61~64 | LSW1 | G0/0/3 | VLAN61~64 |
| LSW5 | G0/0/2 | VLAN61~64 | LSW2 | G0/0/3 | VLAN61~64 |
| LSW5 | E0/0/1 | VLAN63 | PC3 | E0/0/1 | VLAN63 |
| LSW5 | E0/0/22 | VLAN64、100~101 | AP1 | G0/0/0 | VLAN64 |
| AC | G0/0/1 | VLAN100 | LSW2 | G0/0/23 | VLAN100 |
| AC | G0/0/2 | VLAN100 | LSW1 | G0/0/23 | VLAN100 |
路由器基本配置:
AR1:
system-view sysname AR1 inter s1/0/0 ip add 11.11.11.1 24 inter g0/0/1 ip add 10.10.111.1 30 inter g0/0/2 ip add 10.10.112.1 30 quit ip route-static 0.0.0.0 0 11.11.11.2
AR2:
system-view sysname AR2 inter s1/0/0 ip add 11.11.11.2 24 inter g0/0/0 ip add 200.200.46.1 24 quit ip route-static 0.0.0.0 0 11.11.11.1
交换机VLAN划分:
LSW1:
system-view sysname LSW1 dhcp enable #开启全局dhcp服务 vlan batch 61 to 64 100 101 111 inter g0/0/1 port link-type trunk port trunk allow vlan 61 to 64 inter g0/0/2 port link-type trunk port trunk allow vlan 61 to 64 inter g0/0/3 port link-type trunk port trunk allow vlan 61 to 64 100 101 inter g0/0/24 port link-type access port default vlan 111 inter eth 0 #创建端口聚合组0 trunkport g 0/0/21 to 0/0/22 #将g0/0/21和g0/0/22两个端口加入聚合组中 port link-type trunk #干道模式 port trunk allow vlan 61 to 64 100 101 #放行vlan61~64、100、101
LSW2:
system-view sysname LSW2 dhcp enable #开启全局dhcp服务 vlan batch 61 to 64 100 101 112 inter g0/0/1 port link-type trunk port trunk allow vlan 61 to 64 inter g0/0/2 port link-type trunk port trunk allow vlan 61 to 64 inter g0/0/3 port link-type trunk port trunk allow vlan 61 to 64 100 101 inter g0/0/24 port link-type access port default vlan 112 inter g0/0/23 port link-type access port default vlan 100 inter eth 0 #创建端口聚合组0 trunkport g 0/0/21 to 0/0/22 port link-type trunk port trunk allow vlan 61 to 64 100 101
LSW3:
system-view sysname LSW3 vlan batch 61 to 64 inter g0/0/1 port link-type trunk port trunk allow vlan 61 to 64 inter g0/0/2 port link-type trunk port trunk allow vlan 61 to 64 inter e0/0/1 port link-type access port default vlan 61
LSW4:
system-view sysname LSW4 vlan batch 61 to 64 inter g0/0/1 port link-type trunk port trunk allow vlan 61 to 64 inter g0/0/2 port link-type trunk port trunk allow vlan 61 to 64 inter e0/0/1 port link-type access port default vlan 62
LSW5:
system-view sysname LSW5 vlan batch 61 to 64 100 101 inter g0/0/1 port link-type trunk port trunk allow vlan 61 to 64 100 101 inter g0/0/2 port link-type trunk port trunk allow vlan 61 to 64 100 101 inter e0/0/1 port link-type access port default vlan 63 inter e0/0/22 port link-type trunk port trunk allow vlan 64 100 101 port trunk pvid vlan 64
核心交换机IP、VRRP配置:
LSW1:
dhcp enable inter vlan 61 ip add 10.10.61.252 24 vrrp vrid 1 virtual-ip 10.10.61.254 vrrp vrid 1 priority 120 #设置优先级为120;让VLAN61在LSW1上作为主网关 vrrp vrid 1 preempt-mode timer delay 2 #配置抢占模式为2s vrrp vrid 1 track interface g0/0/24 reduced 50 #当g0/0/24端口出现异常时优先级自动降低50 inter vlan 62 ip add 10.10.62.252 24 vrrp vrid 1 virtual-ip 10.10.62.254 vrrp vrid 1 priority 120 #设置优先级为120;让VLAN62在LSW1上作为主网关 vrrp vrid 1 preempt-mode timer delay 2 vrrp vrid 1 track interface g0/0/24 reduced 50 inter vlan 63 ip add 10.10.63.252 24 vrrp vrid 1 virtual-ip 10.10.63.254 vrrp vrid 1 priority 90 #设置优先级为90;让VLAN63在LSW1上作为备网关 vrrp vrid 1 preempt-mode timer delay 2 inter vlan 64 ip add 10.10.63.252 24 vrrp vrid 1 virtual-ip 10.10.64.254 vrrp vrid 1 priority 90 #设置优先级为90;让VLAN63在LSW1上作为备网关 vrrp vrid 1 preempt-mode timer delay 2 inter vlan 100 ip add 10.10.100.252 24 inter vlan 101 ip add 10.10.101.252 24 vrrp vrid 1 virtual-ip 10.10.101.254 vrrp vrid 1 priority 90 vrrp vrid 1 preempt-mode timer delay 2 inter vlan 111 ip add 10.10.111.2 30
LSW2:
dhcp enable inter vlan 61 ip add 10.10.61.253 24 vrrp vrid 1 virtual-ip 10.10.61.254 vrrp vrid 1 priority 90 #设置优先级为90;让VLAN63在LSW2上作为备网关 vrrp vrid 1 preempt-mode timer delay 2 inter vlan 62 ip add 10.10.62.253 24 vrrp vrid 1 virtual-ip 10.10.62.254 vrrp vrid 1 priority 90 ##设置优先级为90;让VLAN62在LSW2上作为备网关 vrrp vrid 1 preempt-mode timer delay 2 inter vlan 63 ip add 10.10.63.253 24 vrrp vrid 1 virtual-ip 10.10.63.254 vrrp vrid 1 priority 120 #设置优先级为120;让VLAN63在LSW2上作为主网关 vrrp vrid 1 preempt-mode timer delay 2 vrrp vrid 1 track interface g0/0/24 reduced 50 #当g0/0/24端口出现异常时优先级自动降低50 inter vlan 64 ip add 10.10.64.253 24 vrrp vrid 1 virtual-ip 10.10.64.254 vrrp vrid 1 priority 120 #设置优先级为120;让VLAN64在LSW2上作为主网关 vrrp vrid 1 preempt-mode timer delay 2 vrrp vrid 1 track interface g0/0/24 reduced 50 inter vlan 100 ip add 10.10.100.253 24 inter vlan 101 ip add 10.10.101.253 24 vrrp vrid 1 virtual-ip 10.10.101.254 vrrp vrid 1 priority 120 #设置优先级为120;让VLAN101在LSW2上作为主网关 vrrp vrid 1 preempt-mode timer delay 2 vrrp vrid 1 track interface g0/0/24 reduced 50 inter vlan 112 ip add 10.10.112.2 30
DHCP配置:
LSW1:
ip pool vlan61 #创建全局地址池vlan61 network 10.10.61.0 mask 24 #地址池网段10.10.61.0 gateway-list 10.10.61.254 #地址池网关10.10.61.254 dns-list 8.8.8.8 #dns地址8.8.8.8 excluded-ip-address 10.10.61.250 10.10.61.253 #保留10.10.61.250~10.10.61.253的地址段 lease day 1 hour 30 minute 0 #租约时间为1小时30分钟 quit inter vlan 61 dhcp select global #启用dhcp全局下发 ip pool vlan62 network 10.10.62.0 mask 24 gateway-list 10.10.62.254 dns-list 8.8.8.8 excluded-ip-address 10.10.62.250 10.10.62.253 lease day 1 hour 30 minute 0 quit inter vlan 62 dhcp select global ip pool vlan63 network 10.10.63.0 mask 24 gateway-list 10.10.63.254 dns-list 8.8.8.8 excluded-ip-address 10.10.63.250 10.10.63.253 lease day 1 hour 30 minute 0 quit inter vlan 63 dhcp select global ip pool vlan64 network 10.10.64.0 mask 24 gateway-list 10.10.64.254 dns-list 8.8.8.8 excluded-ip-address 10.10.64.250 10.10.64.253 lease day 1 hour 30 minute 0 option 43 sub-option 2 ip-address 10.10.100.2 #为AP指定AC的IP地址 quit inter vlan 64 dhcp select global ip pool vlan101 network 10.10.101.0 mask 24 gateway-list 10.10.101.254 dns-list 8.8.8.8 excluded-ip-address 10.10.101.250 10.10.101.253 lease day 1 hour 30 minute 0 quit inter vlan 101 dhcp select global
LSW2:
ip pool vlan61 network 10.10.61.0 mask 24 gateway-list 10.10.61.254 dns-list 8.8.8.8 excluded-ip-address 10.10.61.250 10.10.61.253 lease day 1 hour 30 minute 0 quit inter vlan 61 dhcp select global ip pool vlan62 network 10.10.62.0 mask 24 gateway-list 10.10.62.254 dns-list 8.8.8.8 excluded-ip-address 10.10.62.250 10.10.62.253 lease day 1 hour 30 minute 0 quit inter vlan 62 dhcp select global ip pool vlan63 network 10.10.63.0 mask 24 gateway-list 10.10.63.254 dns-list 8.8.8.8 excluded-ip-address 10.10.63.250 10.10.63.253 lease day 1 hour 30 minute 0 quit inter vlan 63 dhcp select global ip pool vlan64 network 10.10.64.0 mask 24 gateway-list 10.10.64.254 dns-list 8.8.8.8 excluded-ip-address 10.10.64.250 10.10.64.253 lease day 1 hour 30 minute 0 option 43 sub-option 2 ip-address 10.10.100.2 quit inter vlan 64 dhcp select global ip pool vlan101 network 10.10.101.0 mask 24 gateway-list 10.10.101.254 dns-list 8.8.8.8 excluded-ip-address 10.10.101.250 10.10.101.253 lease day 1 hour 30 minute 0 quit inter vlan 101 dhcp select global
OSPF配置:
AR1:
ospf 1 router-id 1.1.1.1 default-route-advertise #导入默认路由 bfd all-interfaces enable area 0.0.0.0 network 1.1.1.1 0.0.0.0 network 10.10.111.0 0.0.0.3 network 10.10.112.0 0.0.0.3
LSW1:
ospf 1 router-id 2.2.2.2 bfd all-interfaces enable area 0.0.0.0 network 10.10.61.0 0.0.0.255 network 10.10.62.0 0.0.0.255 network 10.10.63.0 0.0.0.255 network 10.10.64.0 0.0.0.255 network 10.10.100.0 0.0.0.255 network 10.10.101.0 0.0.0.255 network 2.2.2.2 0.0.0.0 network 10.10.111.0 0.0.0.3
LSW2:
ospf 1 router-id 3.3.3.3 bfd all-interfaces enable area 0.0.0.0 network 10.10.61.0 0.0.0.255 network 10.10.62.0 0.0.0.255 network 10.10.63.0 0.0.0.255 network 10.10.64.0 0.0.0.255 network 10.10.100.0 0.0.0.255 network 10.10.101.0 0.0.0.255 network 3.3.3.3 0.0.0.0 network 10.10.112.0 0.0.0.3
MSTP配置:
LSW1:
stp mode mstp #stp模式改为mstp(多生成树) stp region-configuration #进入mstp配置面板 region-name 1 #配置mstp区域名称为1 revision-level 1 #修订版本等级为1 instance 1 vlan 61 to 62 #创建实例1加入vlan61、62 instance 2 vlan 63 to 64 #创建实例2加入vlan63、64 active region-configuration #提交当前活动区域配置 stp instance 1 root primary #配置实例1为主根 stp instance 2 root secondary #配置实例2为备根
LSW2:
stp mode mstp stp region-configuration region-name 1 revision-level 1 instance 1 vlan 61 to 62 instance 2 vlan 63 to 64 active region-configuration quit stp instance 2 root primary #配置实例2为主根 stp instance 1 root secondary #配置实例1为备根
LSW3~LSW5:
stp mode mstp stp region-configuration region-name 1 revision-level 1 instance 1 vlan 61 to 62 instance 2 vlan 63 to 64 active region-configuration
NAT转换:
AR1:
acl 2000 #进入基本acl2000 rule 0 permit ip quit inter s1/0/0 nat outbound 2000 #启用nat出口转换引用acl2000
PPP链路CHAP认证:
AR1(被认证方):
aaa #进入aaa配置面板 local-user AR1 password cipher 123456 #创建本地用户AR1密码为123456 local-user AR1 service ppp #用户服务类型为ppp认证 quit inter s1/0/0 link-protocol ppp #更改接口协议类型为ppp认证 ppp authentication-mode chap #ppp认证模式为chap认证 remote address 11.11.11.2 #添加认证方ip ppp chap user AR2 #认证用户名AR2 ppp chap password cipher 123456 #认证密码123456
AR2(认证方):
aaa local-user AR2 password cipher 123456 local-user AR2 service ppp quit inter s1/0/0 link-protocol ppp ppp authentication-mode chap ppp chap user AR1 ppp chap password cipher 123456
AP上线:
capwap source interface Vlanif 100 #绑定无线控制管理VLAN100 wlan #进入wlan全局配置面板 regulatory-domain-profile name AP1 #创建管理域AP1 country-code CN #国家代码为CN quit ap-group name AP1 #创建AP组 regulatory-domain-profile AP1 #添加管理域AP1 quit ap auth-mode mac-auth #ap认证方式为mac认证 ap-id 0 ap-mac 00e0-fc13-1c40 #使用ap的mac地址创建ap-id 0 ap-name AP1 ap-group AP1 quit
AP无线下发:
security-profile name AP1 #创建安全策略AP1 security wpa-wpa2 psk pass-phrase 12345678 aes #认证方式为wpa-wpa2密钥12345678 quit ssid-profile name AP1 #创建ssid策略AP1 ssid AP1 #ssid名称AP1(WIFI名称) quit vap-profile name AP1 #创建vap模板AP1 service-vlan vlan-id 101 #添加业务vlan101 ssid-profile AP1 #使能ssid策略AP1 security-profile AP1 #使能安全策略AP1 quit ap-group name AP1 vap-profile AP1 wlan 1 radio 0 #将AP1映射在2.4Ghz频段 vap-profile AP1 wlan 1 radio 1 #将AP1映射在5Ghz频段 quit
结果测试:
dhcp获取:
VRRP配置查看:
LSW1:
LSW2:
网络互联和NAT测试:
MSTP配置查看:
查看OSPF邻居关系:
R1:
LSW1:
LSW2:
AC:
查看PPP配置状况:
【推荐】国内首个AI IDE,深度理解中文开发场景,立即下载体验Trae
【推荐】编程新体验,更懂你的AI,立即体验豆包MarsCode编程助手
【推荐】抖音旗下AI助手豆包,你的智能百科全书,全免费不限次数
【推荐】轻量又高性能的 SSH 工具 IShell:AI 加持,快人一步
· DeepSeek 开源周回顾「GitHub 热点速览」
· 记一次.NET内存居高不下排查解决与启示
· 物流快递公司核心技术能力-地址解析分单基础技术分享
· .NET 10首个预览版发布:重大改进与新特性概览!
· .NET10 - 预览版1新功能体验(一)