第一二天综合实验

在SW1/2/3/4上创建vlan2 3

[SW1]vlan batch 2 3

[SW2]vlan batch 2 3

[SW3]vlan batch 2 3

[SW4]vlan batch 2 3

把SW3/4上连接PC1/2/3/4的接口划入VLAN

[SW3-Ethernet0/0/1]port link-type access

[SW3-Ethernet0/0/1]port default vlan 2

[SW3-Ethernet0/0/2]port link-type access

[SW3-Ethernet0/0/2]port default vlan 3

[SW4-Ethernet0/0/3]port link-type access

[SW4-Ethernet0/0/3]port default vlan 2

[SW4-Ethernet0/0/4]port link-type access

[SW4-Ethernet0/0/4]port default vlan 3

在SW1和SW2之间建立链路聚合

[SW1-Eth-Trunk1]trunkport g0/0/23

[SW1-Eth-Trunk1]trunkport g0/0/24

[SW1-Eth-Trunk1]load-balance src-dst-ip

[SW2-Eth-Trunk1]trunkport g0/0/23

[SW2-Eth-Trunk1]trunkport g0/0/24

[SW2-Eth-Trunk1]load-balance src-dst-ip

在SW1/2/3/4上配置Trunk干道

[SW1-GigabitEthernet0/0/11]port link-type trunk

[SW1-GigabitEthernet0/0/11]port trunk allow-pass vlan all

[SW1-GigabitEthernet0/0/22]port link-type trunk

[SW1-GigabitEthernet0/0/22] port trunk allow-pass vlan 2 to 4094

[SW1-Eth-Trunk1]port link-type trunk

[SW1-Eth-Trunk1] port trunk allow-pass vlan 2 to 4094

[SW2-GigabitEthernet0/0/12]port link-type trunk

[SW2-GigabitEthernet0/0/12]port trunk allow-pass vlan all

[SW2-GigabitEthernet0/0/21]port link-type trunk

[SW2-GigabitEthernet0/0/21] port trunk allow-pass vlan 2 to 4094

[SW2-Eth-Trunk1]port link-type trunk

[SW2-Eth-Trunk1] port trunk allow-pass vlan 2 to 4094

[SW3-GigabitEthernet0/0/1]port link-type trunk

[SW3-GigabitEthernet0/0/1] port trunk allow-pass vlan 2 to 4094

[SW3-Ethernet0/0/21]port link-type trunk

[SW3-Ethernet0/0/21] port trunk allow-pass vlan 2 to 4094

[SW4-Ethernet0/0/22]port link-type trunk

[SW4-Ethernet0/0/22] port trunk allow-pass vlan 2 to 4094

[SW4-GigabitEthernet0/0/2]port link-type trunk

[SW4-GigabitEthernet0/0/2] port trunk allow-pass vlan 2 to 4094

在SW1/2/3/4上进行多MSTP配置

stp region-configuration

region-name a

revision-level 1

instance 1 vlan 2

instance 2 vlan 3

active region-configuration

在SW1和SW2上设置根主备分流互备

[SW1]stp instance 1 root primary

[SW1]stp instance 2 root secondary

[SW2]stp instance 1 root secondary

[SW2]stp instance 2 root primary

在SW1和SW2上配置VRRP

[SW1-Vlanif2]dis this

interface Vlanif2

ip address 10.2.2.1 255.255.255.0

vrrp vrid 1 virtual-ip 10.2.2.254

vrrp vrid 1 priority 120

vrrp vrid 1 preempt-mode timer delay 5

vrrp vrid 1 authentication-mode simple 123

[SW2-Vlanif2]dis this

interface Vlanif2

ip address 10.2.2.2 255.255.255.0

vrrp vrid 1 virtual-ip 10.2.2.254

vrrp vrid 1 preempt-mode timer delay 5

vrrp vrid 1 authentication-mode simple 123

[SW1-Vlanif3]dis this

interface Vlanif3

ip address 10.2.3.1 255.255.255.0

vrrp vrid 2 virtual-ip 10.2.3.254

vrrp vrid 2 preempt-mode timer delay 5

vrrp vrid 2 authentication-mode simple 456

[SW2-Vlanif3]dis this

interface Vlanif3

ip address 10.2.3.2 255.255.255.0

vrrp vrid 2 virtual-ip 10.2.3.254

vrrp vrid 2 priority 120

vrrp vrid 2 preempt-mode timer delay 5

vrrp vrid 2 authentication-mode simple 456

在SW1和SW2上设置上行链路监控

[SW1-Vlanif2]vrrp vrid 1 track interface g0/0/1 reduced 30

[SW1]ip route-static 0.0.0.0 0 10.2.11.1

[SW2-Vlanif3]vrrp vrid 2 track interface g0/0/2 reduced 30

[SW2]ip route-static 0.0.0.0 0 10.2.22.1

[SW1-GigabitEthernet0/0/11]undo port trunk allow-pass vlan 101 102

[SW1-GigabitEthernet0/0/22]undo port trunk allow-pass vlan 101 102

[SW1-Eth-Trunk1]undo port trunk allow-pass vlan 101 102

[SW2-GigabitEthernet0/0/12]undo port trunk allow-pass vlan 101 102

[SW2-GigabitEthernet0/0/21]undo port trunk allow-pass vlan 101 102

[SW2-Eth-Trunk1]undo port trunk allow-pass vlan 101 102

在SW1和SW2上配置上行端口，配置互联vlan

[SW1-Vlanif101]ip add 10.2.11.2 24

[SW1-GigabitEthernet0/0/1]port link-type access

[SW1-GigabitEthernet0/0/1]port default vlan 101

[SW2-Vlanif102]ip add 10.2.22.2 24

[SW2-GigabitEthernet0/0/2]port link-type access

[SW2-GigabitEthernet0/0/2]port default vlan 102

[SW1-Vlanif12]ip add 10.2.102.1 24

[SW2-Vlanif12]ip add 10.2.102.2 24

在SW1和SW2上配置DHCP并分割地址池

[SW1-ip-pool-vlan2]dis this

ip pool vlan2

network 10.2.2.0 mask 255.255.255.0

excluded-ip-address 10.2.2.129 10.2.2.253

[SW2-ip-pool-vlan2]dis this

ip pool vlan2

gateway-list 10.2.2.254

network 10.2.2.0 mask 255.255.255.0

excluded-ip-address 10.2.2.1 10.2.2.128

SW2-ip-pool-vlan3]dis this

ip pool vlan3

gateway-list 10.2.3.254

network 10.2.3.0 mask 255.255.255.0

excluded-ip-address 10.2.3.129 10.2.3.253

[SW1-ip-pool-vlan3]dis this

ip pool vlan3

gateway-list 10.2.3.254

network 10.2.3.0 mask 255.255.255.0

excluded-ip-address 10.2.3.1 10.2.3.128

在R1 R2 SW1 SW2上启用ospf

R1 ospf 1 router-id 1.1.1.1

area 0.0.0.0

R2 ospf 1 router-id 2.2.2.2

area 0.0.0.0

SW1 ospf 1 router-id 11.1.1.1

silent-interface Vlanif2

silent-interface Vlanif3

area 0.0.0.0

SW2 ospf 1 router-id 22.2.2.2

silent-interface Vlanif2

silent-interface Vlanif3

area 0.0.0.0

在SW1和SW2之间启一条通信 VLAN 12 来建立ospf邻居

0.0.0.0 Vlanif12 22.2.2.2 Full

在骨干区域的所有路由器上启用ospf并通告路由，然后查看路由表ospf关系正常

4.4.4.4/32 OSPF 10 1 D 10.1.34.2 Ethernet0/0/1

5.5.5.5/32 OSPF 10 1 D 10.1.35.2 GigabitEthernet0/0/0

6.6.6.6/32 OSPF 10 2 D 10.1.35.2 GigabitEthernet0/0/0

7.7.7.7/32 OSPF 10 2 D 10.1.34.2 Ethernet0/0/1

8.8.8.8/32 OSPF 10 2 D 10.1.35.2 GigabitEthernet0/0/0

9.9.9.9/32 OSPF 10 3 D 10.1.35.2 GigabitEthernet0/0/0

在R6上设置

[R6-ospf-1]stub-router

在R6上与周围建立BGP关系

[R6-bgp]dis this

bgp 1

router-id 6.6.6.6

group IBGP internal

peer IBGP connect-interface LoopBack0

peer 3.3.3.3 as-number 1

peer 3.3.3.3 group IBGP

peer 4.4.4.4 as-number 1

peer 4.4.4.4 group IBGP

peer 5.5.5.5 as-number 1

peer 5.5.5.5 group IBGP

peer 7.7.7.7 as-number 1

peer 7.7.7.7 group IBGP

peer 8.8.8.8 as-number 1

peer 8.8.8.8 group IBGP

peer 9.9.9.9 as-number 1

peer 9.9.9.9 group IBGP

在R6上查看BGP邻居建立情况

3.3.3.3 4 1 3 4 0 00:01:39 Established

4.4.4.4 4 1 7 9 0 00:05:07 Established

5.5.5.5 4 1 6 7 0 00:04:10 Established

7.7.7.7 4 1 4 6 0 00:02:58 Established

8.8.8.8 4 1 2 5 0 00:01:00 Established

9.9.9.9 4 1 2 4 0 00:00:13 Established

在R6上查看v*nv4邻居状态

[R6]dis bgp v*nv4 all peer

BGP local router ID : 6.6.6.6

Local AS number : 1

Total number of peers : 4 Peers in established state : 4

Peer V AS MsgRcvd MsgSent OutQ Up/Down State Pre

fRcv

3.3.3.3 4 1 5 6 0 00:02:47 Established

4.4.4.4 4 1 5 6 0 00:02:03 Established

8.8.8.8 4 1 3 5 0 00:01:38 Established

9.9.9.9 4 1 3 5 0 00:01:11 Established

在v*nV4中与PE建立邻居关系，并设置反射器和开启团体属性

ipv4-family v*nv4

policy v*n-target

peer 3.3.3.3 enable

peer 3.3.3.3 reflect-client

peer 3.3.3.3 advertise-community

peer 4.4.4.4 enable

peer 4.4.4.4 reflect-client

peer 4.4.4.4 advertise-community

peer 8.8.8.8 enable

peer 8.8.8.8 reflect-client

peer 8.8.8.8 advertise-community

peer 9.9.9.9 enable

peer 9.9.9.9 reflect-client

peer 9.9.9.9 advertise-community

[R6-bgp-af-v*nv4]undo policy v*n-target

在PE端R3 R4 R8 R9的v*nv4上开启团体属性，并关闭标签管控

peer 6.6.6.6 advertise-community

undo policy v*n-target

在骨干区域所有路由器上开启MPLS，在R3上查看LSP

[R3]dis mpls lsp

-------------------------------------------------------------------------------

LSP Information: LDP LSP

-------------------------------------------------------------------------------

FEC In/Out Label In/Out IF Vrf Name

3.3.3.3/32 3/NULL -/-

4.4.4.4/32 NULL/3 -/Eth0/0/1

4.4.4.4/32 1024/3 -/Eth0/0/1

5.5.5.5/32 NULL/3 -/GE0/0/0

5.5.5.5/32 1025/3 -/GE0/0/0

6.6.6.6/32 NULL/1026 -/GE0/0/0

6.6.6.6/32 1026/1026 -/GE0/0/0

7.7.7.7/32 NULL/1027 -/Eth0/0/1

7.7.7.7/32 1027/1027 -/Eth0/0/1

8.8.8.8/32 NULL/1028 -/GE0/0/0

8.8.8.8/32 1028/1028 -/GE0/0/0

9.9.9.9/32 NULL/1029 -/GE0/0/0

9.9.9.9/32 1029/1029 -/GE0/0/0

在R3上启用vrf空间并绑定接口

ip v*n-instance AS2

ipv4-family

route-distinguisher 3:3

v*n-target 3:3 export-extcommunity

interface Ethernet0/0/0

ip binding v*n-instance AS2

ip address 10.2.13.2 255.255.255.0

ip v*n-instance int

ipv4-family

route-distinguisher 3:6

v*n-target 3:6 export-extcommunity

interface GigabitEthernet0/0/1

ip binding v*n-instance int

ip address 10.6.31.1 255.255.255.0

在R3上启用vrf空间并绑定接口

ip v*n-instance AS2

ipv4-family

route-distinguisher 4:4

v*n-target 4:4 export-extcommunity

interface Ethernet0/0/0

ip binding v*n-instance AS2

ip address 10.2.24.2 255.255.255.0

ip v*n-instance int

ipv4-family

route-distinguisher 4:6

v*n-target 4:6 export-extcommunity

interface GigabitEthernet0/0/1

ip binding v*n-instance int

ip address 10.6.41.1 255.255.255.0

在R8上创建vrf空间并绑定接口

ip v*n-instance AS3

ipv4-family

route-distinguisher 8:8

v*n-target 8:8 export-extcommunity

[R8-GigabitEthernet0/0/0]ip binding v*n-instance AS3

[R8-GigabitEthernet0/0/0]ip add 10.3.81.1 24

在R9上创建vrf空间并绑定接口

ip v*n-instance AS4

ipv4-family

route-distinguisher 9:9

v*n-target 9:9 export-extcommunity [

[R9-GigabitEthernet0/0/0]ip binding v*n-instance AS4

[R9-GigabitEthernet0/0/0]ip add 10.4.91.1 24

在骨干区域PE端（R3 R4 R8 R9）与AS2/3/4/int之间建立EBGP邻居

[R3]ipv4-family v*n-instance AS2

[R3]peer 10.2.13.1 as-number 2

[R1]peer 10.2.13.2 as-number 1

[R4]ipv4-family v*n-instance AS2

[R4]peer 10.2.24.1 as-number 2

[R2]peer 10.2.24.2 as-number 1

[R3-bgp]ipv4-family v*n-instance int

[R3-bgp-int]peer 10.6.31.2 as-number 6

[int-bgp]peer 10.6.31.1 as-number 1

[R4-bgp]ipv4-family v*n-instance int

[R4-bgp-int]peer 10.6.41.2 as-number 6

[int-bgp]peer 10.6.41.1 as-number 1

[R8-bgp]ipv4-family v*n-instance AS3

[R8-bgp-AS3]peer 10.3.81.2 as-number 3

[R10-bgp]peer 10.3.81.1 as-number 1

[R9-bgp]ipv4-family v*n-instance AS4

[R9-bgp-AS4]peer 10.4.91.2 as-number 4

[R11-bgp]peer 10.4.91.1 as-number 1

在R1和R2之间需要建立IBGP邻居

[R1]peer 2.2.2.2 as-number 2

[R1]peer 2.2.2.2 connect-interface LoopBack0

[R1]peer 2.2.2.2 next-hop-local

[R2]peer 1.1.1.1 as-number 2

[R2]peer 1.1.1.1 connect-interface LoopBack0

[R2]peer 1.1.1.1 next-hop-local

在各CE端（R1 R2 R10 R11）导入私网路由

[R1-bgp]import-route ospf 1

[R2-bgp]import-route ospf 1

[R10-bgp]import-route direct

[R11-bgp]import-route direct

在R8上创建4个vrf并绑定子接口用于接收各AS的路由在R12（安全策略中心）处进行汇总然后在传回各个AS

ip v*n-instance toAS2

ipv4-family

route-distinguisher 12:2

v*n-target 12:2 export-extcommunity

v*n-target 3:3 4:4 import-extcommunity

interface GigabitEthernet0/0/1.2

dot1q termination vid 2

ip binding v*n-instance toAS2

ip address 10.5.2.1 255.255.255.0

arp broadcast enable

ip v*n-instance toAS3

ipv4-family

route-distinguisher 12:3

v*n-target 12:3 export-extcommunity

v*n-target 8:8 import-extcommunity

interface GigabitEthernet0/0/1.3

dot1q termination vid 3

ip binding v*n-instance toAS3

ip address 10.5.3.1 255.255.255.0

arp broadcast enable

ip v*n-instance toAS4

ipv4-family

route-distinguisher 12:4

v*n-target 12:4 export-extcommunity

v*n-target 9:9 import-extcommunity

interface GigabitEthernet0/0/1.4

dot1q termination vid 4

ip binding v*n-instance toAS4

ip address 10.5.4.1 255.255.255.0

arp broadcast enable

ip v*n-instance toAS6

ipv4-family

route-distinguisher 12:6

v*n-target 12:6 export-extcommunity

v*n-target 3:6 4:6 import-extcommunity

interface GigabitEthernet0/0/1.6

dot1q termination vid 6

ip binding v*n-instance toAS6

ip address 10.5.6.1 255.255.255.0

arp broadcast enable

在R12（安全策略中心）创建子接口与R8的PE端vrf空间子接口建立EBGP邻居

interface GigabitEthernet0/0/0.2

dot1q termination vid 2

ip address 10.5.2.2 255.255.255.0

arp broadcast enable

interface GigabitEthernet0/0/0.3

dot1q termination vid 3

ip address 10.5.3.2 255.255.255.0

arp broadcast enable

interface GigabitEthernet0/0/0.4

dot1q termination vid 4

ip address 10.5.4.2 255.255.255.0

arp broadcast enable

interface GigabitEthernet0/0/0.6

dot1q termination vid 6

ip address 10.5.6.2 255.255.255.0

arp broadcast enable

在R12上查看EBGP邻居建立情况

10.5.2.1 4 1 42 28 0 00:21:45 Established

10.5.3.1 4 1 24 28 0 00:21:06 Established

10.5.4.1 4 1 23 27 0 00:20:33 Established

10.5.6.1 4 1 22 26 0 00:19:55 Established

在R8上查看vrf空间EBGP邻居建立情况

v*n-Instance toAS2, Router ID 8.8.8.8:

10.5.2.2 4 5 26 41 0 00:20:09 Established

v*n-Instance toAS3, Router ID 8.8.8.8:

10.5.3.2 4 5 25 22 0 00:19:30 Established

v*n-Instance toAS4, Router ID 8.8.8.8:

10.5.4.2 4 5 24 21 0 00:18:57 Established

v*n-Instance toAS6, Router ID 8.8.8.8:

10.5.6.2 4 5 24 21 0 00:18:19 Established

在R12（安全策略中心）创建子接口与R9的PE端vrf空间子接口建立EBGP邻居

v*n-Instance toAS2, Router ID 9.9.9.9:

10.5.22.2 4 5 8 10 0 00:02:06 Established

v*n-Instance toAS3, Router ID 9.9.9.9:

10.5.33.2 4 5 7 4 0 00:01:10 Established

v*n-Instance toAS4, Router ID 9.9.9.9:

10.5.44.2 4 5 6 3 0 00:00:49 Established

v*n-Instance toAS6, Router ID 9.9.9.9:

10.5.66.2 4 5 6 3 0 00:00:20 Established

10.5.22.1 4 1 9 8 0 00:01:49 Established

10.5.33.1 4 1 3 7 0 00:00:53 Established

10.5.44.1 4 1 3 7 0 00:00:32 Established

10.5.66.1 4 1 3 7 0 00:00:02 Established

在各PE端设置需要的入向RT

[R3-v*n-instance-AS2]v*n-target 12:2 12:22 import-extcommunity

[R3-v*n-instance-int-af-ipv4]v*n-target 12:6 12:66 import-extcommunity

[R4-v*n-instance-AS2-af-ipv4]v*n-target 12:2 12:22 import-extcommunity

[R4-v*n-instance-int-af-ipv4]v*n-target 12:6 12:66 import-extcommunity

[R8-v*n-instance-AS3-af-ipv4]v*n-target 12:3 12:33 import-extcommunity

[R9-v*n-instance-AS4-af-ipv4]v*n-target 12:4 12:44 import-extcommunity

在R12（安全策略中心）的BGP 5中进行路由汇总以清除AS-Path使路由可以传回骨干区域

bgp 5

router-id 12.12.12.12

aggregate 1.1.0.0 255.255.0.0

aggregate 2.2.0.0 255.255.0.0

aggregate 10.2.0.0 255.255.0.0

aggregate 10.3.0.0 255.255.0.0

aggregate 10.4.0.0 255.255.0.0

aggregate 10.6.0.0 255.255.0.0

aggregate 10.10.0.0 255.255.0.0

aggregate 11.11.0.0 255.255.0.0

aggregate 15.15.0.0 255.255.0.0

至此经测试各CE端之间可以互相访问