本文基于172.16.0.0/16 内网规划实现双核心交换机互为备份整合 VLAN、MSTP、VRRP、Eth-Trunk、DHCP 中继、NAT outbound 等技术满足 PC 自动获取 IP、内网互通、访问公网及 ISP 环回的全业务需求。一、网络需求与规划内网地址172.16.0.0/16SW1、SW2 双核心互为备份必用技术VRRP、STP(MSTP)、VLAN、Eth-Trunk所有 PC 通过 DHCP 获取 IPISP 仅配置 IP无其他策略全网 PC 可互通、可访问 ISP 环回、可访问公网基础 IP 规划VLAN2172.16.2.0/24网关虚拟 IP172.16.2.254VLAN3172.16.3.0/24网关虚拟 IP172.16.3.254AR1 与 ISP 互联202.100.1.1/30ISP 环回172.16.100.1DHCP Server172.16.1.1AR1二、核心配置按顺序VRRP → VLAN → MSTP → Eth-Trunk → DHCP → NAT1. VRRP 配置vlan batch 2 3# VLAN2 接口配置interface Vlanif2 ip address 172.16.2.252 255.255.255.0# VRID 1 虚拟网关vrrp vrid 1 virtual-ip 172.16.2.254# 优先级120成为Mastervrrp vrid 1 priority 120# 抢占延迟6秒vrrp vrid 1 preempt-mode timer delay 6# VLAN3 接口配置interface Vlanif3 ip address 172.16.3.252 255.255.255.0vrrp vrid 2 virtual-ip 172.16.3.254Sw2相似2.Eth-Trunk 配置# SW1 配置interface Eth-Trunk1trunkport GigabitEthernet 0/0/1 0/0/2port link-type trunkport trunk allow-pass vlan allSW2 配置与SW1一致3. VLAN 配置VLAN vlan batch 2 3# PC接入口Access类型interfaceGigabitEthernet0/0/1port link-type accessport default vlan 2InterfaceGigabitEthernet0/0/2port link-type accessport default vlan 3# 交换机互联口Trunk允许所有VLANinterface GigabitEthernet0/0/3port link-type trunkport trunk allow-pass vlan allinterface GigabitEthernet0/0/4port link-type trunkport trunk allow-pass vlan allinterface GigabitEthernet0/0/5port link-type trunkport trunk allow-pass vlan all此配置为sw3与sw4相似sw1和sw2则全为trunk4. MSTP 配置# 开启MSTPstp enable stp mode mstp# 域配置stp region-configurationregion-name ainstance 1 vlan 2instance 2 vlan 3active region-configuration# 根桥优先级stp instance 1 root primarystp instance 2 root secondary此为sw1配置与sw2相似5. DHCP 配置# 开启DHCP服务dhcp enable# VLAN2 地址池ip pool VLAN2gateway-list 172.16.2.254network 172.16.2.0 mask 255.255.255.0dns-list 8.8.8.8# VLAN3 地址池ip pool VLAN3gateway-list 172.16.3.254network 172.16.3.0 mask 255.255.255.0dns-list 8.8.8.8# 三层接口直接启用DHCPinterface Vlanif2dhcp select globalinterface Vlanif3dhcp select global6. NAT 配置# AR1配置acl number 2000rule permit source 172.16.0.0 0.0.255.255# 出接口 IPinterface GigabitEthernet0/0/0ip address 202.100.1.1 255.255.255.252nat outbound 2000四、验证结果PC 可自动获取 IP172.16.2.0/24、172.16.3.0/24 段内网跨 VLAN 互通正常可 ping 通 ISP 环回 172.16.100.1可 ping 通公网 8.8.8.80 丢包MSTP、VRRP、Eth-Trunk 均正常协商主备切换生效
内网规划练习
本文基于172.16.0.0/16 内网规划实现双核心交换机互为备份整合 VLAN、MSTP、VRRP、Eth-Trunk、DHCP 中继、NAT outbound 等技术满足 PC 自动获取 IP、内网互通、访问公网及 ISP 环回的全业务需求。一、网络需求与规划内网地址172.16.0.0/16SW1、SW2 双核心互为备份必用技术VRRP、STP(MSTP)、VLAN、Eth-Trunk所有 PC 通过 DHCP 获取 IPISP 仅配置 IP无其他策略全网 PC 可互通、可访问 ISP 环回、可访问公网基础 IP 规划VLAN2172.16.2.0/24网关虚拟 IP172.16.2.254VLAN3172.16.3.0/24网关虚拟 IP172.16.3.254AR1 与 ISP 互联202.100.1.1/30ISP 环回172.16.100.1DHCP Server172.16.1.1AR1二、核心配置按顺序VRRP → VLAN → MSTP → Eth-Trunk → DHCP → NAT1. VRRP 配置vlan batch 2 3# VLAN2 接口配置interface Vlanif2 ip address 172.16.2.252 255.255.255.0# VRID 1 虚拟网关vrrp vrid 1 virtual-ip 172.16.2.254# 优先级120成为Mastervrrp vrid 1 priority 120# 抢占延迟6秒vrrp vrid 1 preempt-mode timer delay 6# VLAN3 接口配置interface Vlanif3 ip address 172.16.3.252 255.255.255.0vrrp vrid 2 virtual-ip 172.16.3.254Sw2相似2.Eth-Trunk 配置# SW1 配置interface Eth-Trunk1trunkport GigabitEthernet 0/0/1 0/0/2port link-type trunkport trunk allow-pass vlan allSW2 配置与SW1一致3. VLAN 配置VLAN vlan batch 2 3# PC接入口Access类型interfaceGigabitEthernet0/0/1port link-type accessport default vlan 2InterfaceGigabitEthernet0/0/2port link-type accessport default vlan 3# 交换机互联口Trunk允许所有VLANinterface GigabitEthernet0/0/3port link-type trunkport trunk allow-pass vlan allinterface GigabitEthernet0/0/4port link-type trunkport trunk allow-pass vlan allinterface GigabitEthernet0/0/5port link-type trunkport trunk allow-pass vlan all此配置为sw3与sw4相似sw1和sw2则全为trunk4. MSTP 配置# 开启MSTPstp enable stp mode mstp# 域配置stp region-configurationregion-name ainstance 1 vlan 2instance 2 vlan 3active region-configuration# 根桥优先级stp instance 1 root primarystp instance 2 root secondary此为sw1配置与sw2相似5. DHCP 配置# 开启DHCP服务dhcp enable# VLAN2 地址池ip pool VLAN2gateway-list 172.16.2.254network 172.16.2.0 mask 255.255.255.0dns-list 8.8.8.8# VLAN3 地址池ip pool VLAN3gateway-list 172.16.3.254network 172.16.3.0 mask 255.255.255.0dns-list 8.8.8.8# 三层接口直接启用DHCPinterface Vlanif2dhcp select globalinterface Vlanif3dhcp select global6. NAT 配置# AR1配置acl number 2000rule permit source 172.16.0.0 0.0.255.255# 出接口 IPinterface GigabitEthernet0/0/0ip address 202.100.1.1 255.255.255.252nat outbound 2000四、验证结果PC 可自动获取 IP172.16.2.0/24、172.16.3.0/24 段内网跨 VLAN 互通正常可 ping 通 ISP 环回 172.16.100.1可 ping 通公网 8.8.8.80 丢包MSTP、VRRP、Eth-Trunk 均正常协商主备切换生效
