MSTP+VRRP+DHCP(ENSP)

下載鏈接

通過網盤分享的文件：MSTP+VRRP+DHCP拓撲圖
鏈接: https://pan.baidu.com/s/1ehRwRQ-WzKC8PsUHsTe70Q?pwd=345d 提取碼: 345d

PC1

PC2

PC5

AR1

為AR1各端口配置IP地址
<Huawei>sys
[Huawei]un in en
[Huawei]int g0/0/0
[Huawei-GigabitEthernet0/0/0]ip add 1.1.1.1 24
[Huawei-GigabitEthernet0/0/0]int g0/0/1
[Huawei-GigabitEthernet0/0/1]ip add 2.2.2.1 24
[Huawei-GigabitEthernet0/0/1]int g0/0/2
[Huawei-GigabitEthernet0/0/2]ip add 6.6.6.1 24設置兩條靜態讓所有地址發向2，3
[Huawei]ip route-static 0.0.0.0 0 6.6.6.2
[Huawei]ip route-static 0.0.0.0 0 6.6.6.3OSPF多區域通信，使各設備遇到陌生IP都發往AR1
[Huawei]ospf
[Huawei-ospf-1]area 0
[Huawei-ospf-1-area-0.0.0.0]network 0.0.0.0 0.0.0.0
[Huawei-ospf-1-area-0.0.0.0]q
[Huawei-ospf-1]default-route-advertise always 
[Huawei-ospf-1]q激活dhcp協議，設立兩種地址池
[Huawei]dhcp en
[Huawei]ip pool 10
[Huawei-ip-pool-10]network 192.168.10.0 mask 24
[Huawei-ip-pool-10]gateway-list 192.168.10.254
[Huawei-ip-pool-10]dns-list 1.2.4.8 8.8.8.8
[Huawei-ip-pool-10]q
[Huawei]ip pool 20	
[Huawei-ip-pool-20]network 192.168.20.0 mask 24
[Huawei-ip-pool-20]gateway-list 192.168.20.254
[Huawei-ip-pool-20]dns-list 1.2.4.8 8.8.8.8
[Huawei-ip-pool-20]q建立全局通信，使不同vlan都可以通過全局DHCP服務器獲取 IP，實現跨網段地址分配。
[Huawei]int g0/0/0
[Huawei-GigabitEthernet0/0/0]dhcp select global 
[Huawei-GigabitEthernet0/0/0]int g0/0/1	
[Huawei-GigabitEthernet0/0/1]dhcp select global 
[Huawei-GigabitEthernet0/0/1]q
[Huawei]dis cu

SW4


創建不同vlan，并為其配置IP地址
<Huawei>SYS
[Huawei]un in en
[Huawei]vlan batch 10 20 100 300
[Huawei]int vlan 10
[Huawei-Vlanif10]ip add 192.168.10.1 24
[Huawei-Vlanif10]int vlan 20
[Huawei-Vlanif20]ip add 192.168.20.1 24
[Huawei-Vlanif20]int vlan 100
[Huawei-Vlanif100]ip add 1.1.1.2 24
[Huawei-Vlanif100]int vlan 300
[Huawei-Vlanif300]ip add 3.3.3.1 24
[Huawei-Vlanif300]q修改各端口的連接類型
[Huawei]int g0/0/5
[Huawei-GigabitEthernet0/0/5]port li ac
[Huawei-GigabitEthernet0/0/5]port default vlan 300
[Huawei-GigabitEthernet0/0/5]q
[Huawei]int g0/0/4
[Huawei-GigabitEthernet0/0/4]port li tr
[Huawei-GigabitEthernet0/0/4]po tr al vl al
[Huawei-GigabitEthernet0/0/4]int g0/0/1
[Huawei-GigabitEthernet0/0/1]po li ac
[Huawei-GigabitEthernet0/0/1]port default vlan 100
[Huawei-GigabitEthernet0/0/1]q建立OSPF多區域通信
[Huawei]ospf 1
[Huawei-ospf-1]area 0
[Huawei-ospf-1-area-0.0.0.0]network 0.0.0.0 0.0.0.0
[Huawei-ospf-1-area-0.0.0.0]q
[Huawei-ospf-1]q激活DHCP協議，配置為中繼模式
[Huawei]dhcp en
[Huawei]int vlan 10
[Huawei-Vlanif10]dhcp select relay 	
[Huawei-Vlanif10]dhcp relay  server-ip 1.1.1.1
[Huawei-Vlanif10]dhcp relay server-ip 2.2.2.1
[Huawei-Vlanif10]int vlan 20
[Huawei-Vlanif20]dhcp select relay 
[Huawei-Vlanif20]dhcp relay server-ip 1.1.1.1
[Huawei-Vlanif20]dhcp relay server-ip 2.2.2.1
[Huawei-Vlanif20]q鏈路聚合，是通信更安全
[Huawei]int eth 1
[Huawei-Eth-Trunk1]mode manual load-balance 
[Huawei-Eth-Trunk1]trunkport  GigabitEthernet 0/0/2 to 0/0/3
[Huawei-Eth-Trunk1]por l t
[Huawei-Eth-Trunk1]po t al vl al
[Huawei-Eth-Trunk1]q

SW5


操作類型同上
<Huawei>sys
[Huawei]un in en
[Huawei]vlan batch 10 20 200
[Huawei]int vlan 10
[Huawei-Vlanif10]ip add 192.168.10.2 24
[Huawei-Vlanif10]int vlan 20
[Huawei-Vlanif20]ip add 192.168.20.2 24
[Huawei-Vlanif20]int vlan 200
[Huawei-Vlanif200]ip add 2.2.2.2 24
[Huawei-Vlanif200]q[Huawei]int g0/0/1	
[Huawei-GigabitEthernet0/0/1]po l ac
[Huawei-GigabitEthernet0/0/1]po de vl 200
[Huawei-GigabitEthernet0/0/1]q
[Huawei]int g0/0/4
[Huawei-GigabitEthernet0/0/4]po l t
[Huawei-GigabitEthernet0/0/4]po tr al vl al
[Huawei-GigabitEthernet0/0/4]q[Huawei]ospf 
[Huawei-ospf-1]area 0
[Huawei-ospf-1-area-0.0.0.0]network 0.0.0.0 0.0.0.0
[Huawei-ospf-1-area-0.0.0.0]q
[Huawei-ospf-1]q[Huawei]dhcp en
[Huawei]int vlan 10
[Huawei-Vlanif10]dhcp select relay
[Huawei-Vlanif10]dhcp relay server-ip 1.1.1.1
[Huawei-Vlanif10]dhcp relay server-ip 2.2.2.1
[Huawei-Vlanif10]int vlan 20
[Huawei-Vlanif20]dhcp select relay 
[Huawei-Vlanif20]dhcp relay server-ip 1.1.1.1
[Huawei-Vlanif20]dhcp relay server-ip 2.2.2.1
[Huawei-Vlanif20]q[Huawei]int eth 1
[Huawei-Eth-Trunk1]mode manual load-balance 	
[Huawei-Eth-Trunk1]trunkport GigabitEthernet 0/0/2 to 0/0/3
[Huawei-Eth-Trunk1]port l t
[Huawei-Eth-Trunk1]po tr al vl al
[Huawei-Eth-Trunk1]q

SW6

創建不同vlan，修改各端口的連接類型
<Huawei>sys
[Huawei]un in en
[Huawei]vlan batch 10 20
[Huawei]int e0/0/1
[Huawei-Ethernet0/0/1]po li t
[Huawei-Ethernet0/0/1]po t al vl al(10 20)
[Huawei-Ethernet0/0/1]int e0/0/2
[Huawei-Ethernet0/0/2]po li t
[Huawei-Ethernet0/0/2]po t al vl al(10 20)
[Huawei-Ethernet0/0/2]q
[Huawei]int e0/0/4
[Huawei-Ethernet0/0/4]po li ac
[Huawei-Ethernet0/0/4]po de vlan 10
[Huawei-Ethernet0/0/4]int e0/0/3
[Huawei-Ethernet0/0/3]port li ac
[Huawei-Ethernet0/0/3]po de vl 10
[Huawei-Ethernet0/0/3]int e0/0/5
[Huawei-Ethernet0/0/5]po li ac
[Huawei-Ethernet0/0/5]po de vl 20

SW4,SW5,SW6均需要配置

配置生成樹協議，并激活
stp mode mstp
stp region-configuration
region-name huawei
revision-level 1
instance 1 vlan 10
instance 2 vlan 20
active region-configuration

SW4


1主要，2備用
[Huawei-mst-region]q
[Huawei]stp instance 1 root primary 
[Huawei]stp instance 2 root secondary

SW5


1備用，2主要
[Huawei-mst-region]q
[Huawei]stp instance 1 root secondary 	
[Huawei]stp instance 2 root primary

SW6

配置邊緣端口，拒絕bpdu發送進來
[Huawei-mst-region]q
[Huawei]int e0/0/3
[Huawei-Ethernet0/0/3]stp edged-port  enable 
[Huawei-Ethernet0/0/3]int e0/0/4
[Huawei-Ethernet0/0/4]stp edged-port enable
[Huawei-Ethernet0/0/4]int e0/0/5
[Huawei-Ethernet0/0/5]stp edged-port enable
[Huawei-Ethernet0/0/5]q
[Huawei]stp bpdu-protection	
[Huawei]dis stp instance 1 brief 
[Huawei]dis stp instance 2 brief

SW4


設置虛擬網關，修改優先級，啟用搶占模式
[Huawei]int vlan 10
[Huawei-Vlanif10]vrrp vrid 10 virtual-ip 192.168.10.254
[Huawei-Vlanif10]vrrp vrid 10 priority 150	
[Huawei-Vlanif10]vrrp vrid 10 preempt-mode timer delay 1
[Huawei-Vlanif10]vrrp vrid 10 track int g0/0/1 reduced 100
[Huawei-Vlanif10]int vlan 20
[Huawei-Vlanif20]vrrp vrid 20 virtual-ip 192.168.20.254
[Huawei-Vlanif20]vrrp vrid 20 preempt-mode timer delay 1
[Huawei]dis vrrp brief

SW5


設置虛擬網關，修改優先級，啟用搶占模式
<Huawei>sys
[Huawei]int vlan 10
[Huawei-Vlanif10]vrrp vrid 10 virtual-ip 192.168.10.254
[Huawei-Vlanif10]vrrp vrid  10 preempt-mode timer delay 1
[Huawei-Vlanif10]int vlan 20
[Huawei-Vlanif20]vrrp vrid 20 virtual-ip 192.168.20.254
[Huawei-Vlanif20]vrrp vrid 20 preempt-mode timer delay 1
[Huawei-Vlanif20]vrrp vrid 20 priority 150
[Huawei-Vlanif20]vrrp vrid 20 track int g0/0/1 reduced 100
[Huawei-Vlanif20]q
[Huawei]dis vrrp brief

AR1


設置環回
<Huawei>sys
[Huawei]int lo 5
[Huawei-LoopBack1]ip address 5.5.5.1 24

PC2


測試
ipconfig
ping 5.5.5.1

Server1啟動服務

Client2

AR1

建立ACL，拒絕FTP訪問,NAT內網轉外網
<Huawei>sys
[Huawei]acl 3000
[Huawei-acl-adv-3000]rule permit ip source any destination 6.6.6.1 0.0.0.255
[Huawei-acl-adv-3000]rule deny tcp source 6.6.6.2 0.0.0.0 destination 3.3.3.100 0.0.0.0 destination-port eq 21
[Huawei-acl-adv-3000]rule permit tcp destination 6.6.6.100 0.0.0.0 destination-port eq 80
[Huawei-acl-adv-3000]q
[Huawei]int g0/0/2
[Huawei-GigabitEthernet0/0/2]nat outbound 3000
[Huawei-GigabitEthernet0/0/2]nat server protocol tcp global 6.6.6.100 www inside 3.3.3.1 www

PC2

測試
ping 6.6.6.3

Client4

注意：FTPClient登錄失敗則為實驗成功

“如果這篇文章對你有幫助，請點個贊支持一下！你的每一個點贊和評論，都是我繼續分享的動力~”
- “感謝每一位閱讀到這里的朋友！如果覺得有用，請點個贊或留個評論，讓我知道你的想法~”
- “你們的支持是我最大的動力！如果這篇文章對你有幫助，別忘了點贊和評論哦~”

本文來自互聯網用戶投稿，該文觀點僅代表作者本人，不代表本站立場。本站僅提供信息存儲空間服務，不擁有所有權，不承擔相關法律責任。
如若轉載，請注明出處：http://www.pswp.cn/pingmian/77338.shtml
繁體地址，請注明出處：http://hk.pswp.cn/pingmian/77338.shtml
英文地址，請注明出處：http://en.pswp.cn/pingmian/77338.shtml

如若內容造成侵權/違法違規/事實不符，請聯系多彩編程網進行投訴反饋email:809451989@qq.com，一經查實，立即刪除！