目录
- 实验条件
- 网络拓朴
- 需求
- 配置实现
- 1. 配置PC1~3, DHCP_Server的vlan
- 2. VLAN10、20的网关为MSW1对应的SVI,VLAN30、40的网关为MSW2对应的SVI;
- 3. 配置5台交换机之间线路均为Trunk
- 4. 配置5台交换机均启用Rapid-PVST(RSTP)
- 5. 配置DHCP Server,创建3个地址池
- 6. 配置动态路由OSPF
- 7. 配置OR出口路由器PPPoE拨号上网
- 配置ISP服务端
- 配置`OR`出口路由器
- OR & MSW1 & MSW2路由表
- 8. OR配置端口复用NAT,使得内网PC1~3能成功ping通ISP上的8.8.8.8;
- 在ISP上配置DNS服务
- 配置端口复用NAT
- PC开始Ping 8.8.8.8网址
- PC1 ping 8.8.8.8时,手动关闭SW1的E0/1口模拟线路故障,观察PC1的数据通信情况
- 优化
实验条件
网络拓朴
需求
- PC1属于VLAN10,PC2属于VLAN20,PC3属于VLAN30,DHCP Server属于VLAN40,PC1、PC2、PC3的IP地址均采用DHCP方式获取;
- VLAN10、20的网关为MSW1对应的SVI,VLAN30、40的网关为MSW2对应的SVI;
- 所有5台交换机之间线路均为Trunk,其中MSW1和MSW2之间E0/0-1需使用EtherChannel进行捆绑,组ID为12,模式为on;
- 所有5台交换机均启用Rapid-PVST(RSTP),其中MSW1为VLAN10、20的根桥,MSW2为备份根桥,MSW2为VLAN30、40的根桥,MSW1为备份根桥;
- 配置DHCP Server,创建3个地址池,分别为Sales:192.168.10.0/24,网关为192.168.10.254、Product:192.168.20.0/24,网关为192.168.20.254、Services:192.168.30.0/24,网关为192.168.30.254,VLAN10、20、30的网关配置DHCP中继至DHCP Server;
- OR、MSW1、MSW2之间运行OSPF,进程ID:100,Area ID:0,OR下发默认路由仅当本身存在默认路由时;
- OR配置PPPoE,用户名:SPOTO 密码:SPOTO123,ISP没有告知使用哪种认证方式,拨号成功后自动获取IP信息,以及本地自动生成一条默认路由指向ISP;
- OR配置端口复用NAT,使得内网PC1~3能成功ping通ISP上的8.8.8.8;
- PC1 ping 8.8.8.8时,手动关闭SW1的E0/1口模拟线路故障,观察PC1的数据通信情况。
配置实现
1. 配置PC1~3, DHCP_Server的vlan
需求: PC1属于VLAN10,PC2属于VLAN20,PC3属于VLAN30,DHCP Server属于VLAN40,PC1、PC2、PC3的IP地址均采用DHCP方式获取
SW1 & SW2 & SW3
SW1(config)#int e0/0
SW1(config-if)#switchport mode access
SW1(config-if)#switchport access vlan 10
SW1(config-if)#no shutdown
MSW1 & MSW2
MSW1(config)#vlan 10,20,30,40
MSW1(config-vlan)#exit
MSW2(config)#vlan 10,20,30,40
MSW2(config-vlan)#exit
MSW2(config)#int e1/2
MSW2(config-if)#switchport mode access
MSW2(config-if)#switchport access vlan 40
MSW2(config-if)#no shutdown
PC1 & PC2 & PC3
PC1(config)#no ip routing
PC1(config)#int e0/0
PC1(config-if)#ip address dhcp
PC1(config-if)#no shutdown
PC1(config-if)#
DHCP_Server
DHCP_Server(config)#no ip routing
DHCP_Server(config)#int e0/0
DHCP_Server(config-if)#ip address 192.168.40.1 255.255.255.0
DHCP_Server(config-if)#no shutdown
DHCP_Server(config-if)#duplex full
DHCP_Server(config-if)#exit
DHCP_Server(config)#ip default-gateway 192.168.40.254
2. VLAN10、20的网关为MSW1对应的SVI,VLAN30、40的网关为MSW2对应的SVI;
MSW1
MSW1(config)#vlan 10,20,30,40
MSW1(config-vlan)#exit
MSW1(config)#int vlan 10
MSW1(config-if)#ip address 192.168.10.254 255.255.255.0
MSW1(config-if)#no shutdown
MSW1(config-if)#int vlan 20
MSW1(config-if)#ip address 192.168.20.254 255.255.255.0
MSW1(config-if)#no shutdown
MSW1(config-if)#
此时的SVI接口down状态.因为没有配置Trunk或是有归属于10,20的vlan, 所以svi没有办法up, 下一步创建trunk的时候,就可以正常了
MSW2
MSW2(config-if)#vlan 10,20,30,40
MSW2(config-vlan)#exit
MSW2(config)#int vlan 30
MSW2(config-if)#ip address 192.168.30.254 255.255.255.0
MSW2(config-if)#no shutdown
MSW2(config-if)#int vlan 40
MSW2(config-if)#ip address 192.168.40.254 255.255.255.0
MSW2(config-if)#no shutdown
3. 配置5台交换机之间线路均为Trunk
所有5台交换机之间线路均为Trunk,其中MSW1和MSW2之间E0/0-1需使用EtherChannel进行捆绑,组ID为12,模式为on;
MSW1配置
MSW1(config)#int range ethernet 0/0-3, e1/0
MSW1(config-if-range)#switchport trunk encapsulation dot1q
MSW1(config-if-range)#switchport mode trunk
MSW1(config-if-range)#exit
MSW1(config)#int range e0/0-1
MSW1(config-if-range)#channel-group 12 mode on
Creating a port-channel interface Port-channel 12MSW1(config-if-range)#
MSW2配置
MSW2(config)#int range e0/0-3,e1/0
MSW2(config-if-range)#switchport trunk encapsulation dot1q
MSW2(config-if-range)#switchport mode trunk
MSW2(config-if-range)#exit
MSW2(config)#int range e0/0-1
MSW2(config-if-range)#channel-group 12 mode on
Creating a port-channel interface Port-channel 12MSW2(config-if-range)#
查询结果
MSW1(config-if-range)#do show etherchannel summary
Flags: D - down P - bundled in port-channelI - stand-alone s - suspendedH - Hot-standby (LACP only)R - Layer3 S - Layer2U - in use N - not in use, no aggregationf - failed to allocate aggregatorM - not in use, minimum links not metm - not in use, port not aggregated due to minimum links not metu - unsuitable for bundlingw - waiting to be aggregatedd - default portA - formed by Auto LAGNumber of channel-groups in use: 1
Number of aggregators: 1Group Port-channel Protocol Ports
------+-------------+-----------+-----------------------------------------------
12 Po12(SU) - Et0/0(P) Et0/1(P) MSW1(config-if-range)#do show int trunkPort Mode Encapsulation Status Native vlan
Et0/2 on 802.1q trunking 1
Et0/3 on 802.1q trunking 1
Et1/0 on 802.1q trunking 1
Po12 on 802.1q trunking 1Port Vlans allowed on trunk
Et0/2 1-4094
Et0/3 1-4094
Et1/0 1-4094
Po12 1-4094Port Vlans allowed and active in management domain
Et0/2 1,10,20,30,40
Et0/3 1,10,20,30,40
Et1/0 1,10,20,30,40
Po12 1,10,20,30,40Port Vlans in spanning tree forwarding state and not pruned
Et0/2 1,10,20,30,40
Et0/3 1,10,20,30,40
Et1/0 1,10,20,30,40Port Vlans in spanning tree forwarding state and not pruned
Po12 1,10,20,30,40
MSW1(config-if-range)#
SW1 & SW2 & SW3配置
SW1(config)#int range e0/1-2
SW1(config-if-range)#switchport trunk encapsulation dot1q
SW1(config-if-range)#switchport mode trunk
SW1(config-if-range)#no shutdown
SW1(config-if-range)#
4. 配置5台交换机均启用Rapid-PVST(RSTP)
所有5台交换机均启用Rapid-PVST(RSTP),其中MSW1为VLAN10、20的根桥,MSW2为备份根桥,MSW2为VLAN30、40的根桥,MSW1为备份根桥;
SW1 & SW2 & SW3
SW1(config)#spanning-tree mode rapid-pvst
配置MSW1为VLAN10、20的根桥, MSW2为备份根桥
MSW1(config)#spanning-tree mode rapid-pvst
MSW1(config)#spanning-tree vlan 10,20 priority 0
MSW1(config)#spanning-tree vlan 30,40 priority 4096
配置MSW2为VLAN30、40的根桥, MSW1为备份根桥
MSW2(config)#spanning-tree mode rapid-pvst
MSW2(config)#spanning-tree vlan 30,40 priority 0
MSW2(config)#spanning-tree vlan 10,20 priority 4096
5. 配置DHCP Server,创建3个地址池
配置DHCP Server,创建3个地址池,分别为Sales:192.168.10.0/24,网关为192.168.10.254、Product:192.168.20.0/24,网关为192.168.20.254、Services:192.168.30.0/24,网关为192.168.30.254,VLAN10、20、30的网关配置DHCP中继至DHCP Server;
DHCP_Server配置
DHCP_Server(config)#service dhcp
// sales地址池
DHCP_Server(config)#ip dhcp pool Sales
DHCP_Server(dhcp-config)#network 192.168.10.0 255.255.255.0
DHCP_Server(dhcp-config)#default-router 192.168.10.254
DHCP_Server(dhcp-config)#dns-server 8.8.8.8// product地址池
DHCP_Server(dhcp-config)#ip dhcp pool Product
DHCP_Server(dhcp-config)#network 192.168.20.0 255.255.255.0
DHCP_Server(dhcp-config)#default-router 192.168.20.254
DHCP_Server(dhcp-config)#dns-server 8.8.8.8// services地址池
DHCP_Server(dhcp-config)#ip dhcp pool Services
DHCP_Server(dhcp-config)#network 192.168.30.0 255.255.255.0
DHCP_Server(dhcp-config)#default-router 192.168.30.254
DHCP_Server(dhcp-config)#dns-server 8.8.8.8
DHCP_Server(dhcp-config)#
MSW1配置
MSW1(config)#interface vlan 10
MSW1(config-if)#ip helper-address 192.168.40.1
MSW1(config-if)#interface vlan 20
MSW1(config-if)#ip helper-address 192.168.40.1
MSW1(config-if)#
MSW2配置
MSW2(config)#interface vlan 30
MSW2(config-if)#ip helper-address 192.168.40.1
6. 配置动态路由OSPF
OR、MSW1、MSW2之间运行OSPF,进程ID:100,Area ID:0,OR下发默认路由仅当本身存在默认路由时
注:
default-information originate [always]
带always参数: 不管下发默认路由的路由器本身有没有默认路由,都可以作为默认路由下发者
不带always参数: 下发默认路由的路由器本身必须要有默认路由;
配置OR
OR(config)#int e0/1
OR(config-if)#ip address 10.1.1.1 255.255.255.0
OR(config-if)#no shutdown
OR(config-if)#duplex full
OR(config-if)#int e0/2
OR(config-if)#ip address 10.1.2.1 255.255.255.0
OR(config-if)#no shutdown
OR(config-if)#duplex full// 配置OSPF
OR(config)# router ospf 100
OR(config-router)#router-id 1.1.1.1
OR(config-router)#network 10.1.1.1 0.0.0.0 area 0
OR(config-router)#network 10.1.2.1 0.0.0.0 area 0
OR(config-router)#default-information originate // 当本机没有默认路由时不下发默认路由给其它路由器
OR(config-router)#exit
OR(config)#do show ip ospf neighbor Neighbor ID Pri State Dead Time Address Interface
3.3.3.3 1 FULL/BDR 00:00:35 10.1.2.2 Ethernet0/2
2.2.2.2 1 FULL/BDR 00:00:35 10.1.1.2 Ethernet0/1
OR(config)#
MSW1(config)#router ospf 100
MSW1(config-router)#router-id 2.2.2.2
MSW1(config-router)#network 0.0.0.0 255.255.255.255 area 0
MSW1(config)#do show ip ospf neighborNeighbor ID Pri State Dead Time Address Interface
1.1.1.1 1 FULL/DR 00:00:35 10.1.1.1 Ethernet1/1
MSW1(config)#
MSW2(config)#router ospf 100
MSW2(config-router)#router-id 3.3.3.3
MSW2(config-router)#network 0.0.0.0 255.255.255.255 area 0
MSW2(config)#do show ip ospf neighborNeighbor ID Pri State Dead Time Address Interface
1.1.1.1 1 FULL/DR 00:00:37 10.1.2.1 Ethernet1/1
MSW2(config)#
7. 配置OR出口路由器PPPoE拨号上网
OR配置PPPoE,用户名:SPOTO 密码:SPOTO123,ISP没有告知使用哪种认证方式,拨号成功后自动获取IP信息,以及本地自动生成一条默认路由指向ISP;
配置ISP服务端
ISP端配置
ISP(config)#username SPOTO password SPOTO123
ISP(config)#ip local pool cciepools 211.98.5.10 211.98.5.253
ISP(config)#interface virtual-template 1
ISP(config-if)#ip address 211.98.5.254 255.255.255.0
ISP(config-if)#no shutdown
ISP(config-if)#encapsulation ppp
ISP(config-if)#ip mtu 1492
ISP(config-if)#ppp authentication pap
ISP(config-if)#peer default ip address pool cciepools
ISP(config-if)#exit
ISP(config)#bba-group pppoe bgISP
ISP(config-bba-group)#virtual-template 1
ISP(config-bba-group)#exit
ISP(config)#int e0/0
ISP(config-if)#pppoe enable group bgISP
ISP(config-if)#no shutdown
ISP(config-if)#exit
ISP(config)#do show ip int br
Interface IP-Address OK? Method Status Protocol
Ethernet0/0 unassigned YES NVRAM up up
Ethernet0/1 unassigned YES NVRAM administratively down down
Ethernet0/2 unassigned YES NVRAM administratively down down
Ethernet0/3 unassigned YES NVRAM administratively down down
Virtual-Access1 unassigned YES unset down down
Virtual-Access2 unassigned YES unset up up
Virtual-Template1 211.98.5.254 YES manual down down
ISP(config)#
配置OR出口路由器
OR(config)#interface dialer 1
OR(config-if)#encapsulation ppp
OR(config-if)#ip mtu 1492
OR(config-if)#ppp pap sent-username SPOTO password SPOTO123
OR(config-if)#ppp chap hostname SPOTO
OR(config-if)#ppp chap password SPOTO123
OR(config-if)#ip address negotiated
OR(config-if)#ppp ipcp route default
OR(config-if)#dialer pool 1
OR(config-if)#exit
OR(config)#int e0/0
OR(config-if)#pppoe enable group global
OR(config-if)#pppoe-client dial-pool-number 1
OR(config-if)#no shutdown
拨号成功
OR(config)#do show ip int br
Interface IP-Address OK? Method Status Protocol
Ethernet0/0 unassigned YES NVRAM up up
Ethernet0/1 10.1.1.1 YES manual up up
Ethernet0/2 10.1.2.1 YES manual up up
Ethernet0/3 unassigned YES NVRAM administratively down down
Dialer1 211.98.5.10 YES IPCP up up
NVI0 10.1.1.1 YES unset up up
Virtual-Access1 unassigned YES unset up up
Virtual-Access2 unassigned YES unset up up
OR(config)#NVI0接口, NAT用来做端口映射用的.
OR & MSW1 & MSW2路由表
OR & MSW1 & MSW2
OR(config-if)#do show ip route
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGPD - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2E1 - OSPF external type 1, E2 - OSPF external type 2i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2ia - IS-IS inter area, * - candidate default, U - per-user static routeo - ODR, P - periodic downloaded static route, H - NHRP, l - LISPa - application route+ - replicated route, % - next hop overrideGateway of last resort is 211.98.5.254 to network 0.0.0.0S* 0.0.0.0/0 is directly connected10.0.0.0/8 is variably subnetted, 4 subnets, 2 masks
C 10.1.1.0/24 is directly connected, Ethernet0/1
L 10.1.1.1/32 is directly connected, Ethernet0/1
C 10.1.2.0/24 is directly connected, Ethernet0/2
L 10.1.2.1/32 is directly connected, Ethernet0/2
O 192.168.10.0/24 [110/11] via 10.1.1.2, 00:35:48, Ethernet0/1
O 192.168.20.0/24 [110/11] via 10.1.1.2, 00:35:48, Ethernet0/1
O 192.168.30.0/24 [110/11] via 10.1.2.2, 00:35:31, Ethernet0/2
O 192.168.40.0/24 [110/11] via 10.1.2.2, 00:35:31, Ethernet0/2211.98.5.0/32 is subnetted, 2 subnets
C 211.98.5.10 is directly connected, Dialer1
C 211.98.5.254 is directly connected, Dialer1
OR(config-if)#
MSW1(config)#do show ip route
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGPD - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2E1 - OSPF external type 1, E2 - OSPF external type 2i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2ia - IS-IS inter area, * - candidate default, U - per-user static routeo - ODR, P - periodic downloaded static route, H - NHRP, l - LISPa - application route+ - replicated route, % - next hop overrideGateway of last resort is 10.1.1.1 to network 0.0.0.0O*E2 0.0.0.0/0 [110/1] via 10.1.1.1, 00:02:56, Ethernet1/110.0.0.0/8 is variably subnetted, 3 subnets, 2 masks
C 10.1.1.0/24 is directly connected, Ethernet1/1
L 10.1.1.2/32 is directly connected, Ethernet1/1
O 10.1.2.0/24 [110/20] via 10.1.1.1, 00:38:32, Ethernet1/1192.168.10.0/24 is variably subnetted, 2 subnets, 2 masks
C 192.168.10.0/24 is directly connected, Vlan10
L 192.168.10.254/32 is directly connected, Vlan10192.168.20.0/24 is variably subnetted, 2 subnets, 2 masks
C 192.168.20.0/24 is directly connected, Vlan20
L 192.168.20.254/32 is directly connected, Vlan20
O 192.168.30.0/24 [110/21] via 10.1.1.1, 00:38:16, Ethernet1/1
O 192.168.40.0/24 [110/21] via 10.1.1.1, 00:38:16, Ethernet1/1
MSW1(config)#
MSW2(config-router)#do show ip route
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGPD - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2E1 - OSPF external type 1, E2 - OSPF external type 2i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2ia - IS-IS inter area, * - candidate default, U - per-user static routeo - ODR, P - periodic downloaded static route, H - NHRP, l - LISPa - application route+ - replicated route, % - next hop overrideGateway of last resort is 10.1.2.1 to network 0.0.0.0O*E2 0.0.0.0/0 [110/1] via 10.1.2.1, 00:00:21, Ethernet1/110.0.0.0/8 is variably subnetted, 3 subnets, 2 masks
O 10.1.1.0/24 [110/20] via 10.1.2.1, 00:35:41, Ethernet1/1
C 10.1.2.0/24 is directly connected, Ethernet1/1
L 10.1.2.2/32 is directly connected, Ethernet1/1
O 192.168.10.0/24 [110/21] via 10.1.2.1, 00:35:41, Ethernet1/1
O 192.168.20.0/24 [110/21] via 10.1.2.1, 00:35:41, Ethernet1/1192.168.30.0/24 is variably subnetted, 2 subnets, 2 masks
C 192.168.30.0/24 is directly connected, Vlan30
L 192.168.30.254/32 is directly connected, Vlan30192.168.40.0/24 is variably subnetted, 2 subnets, 2 masks
C 192.168.40.0/24 is directly connected, Vlan40
L 192.168.40.254/32 is directly connected, Vlan40
MSW2(config-router)#
8. OR配置端口复用NAT,使得内网PC1~3能成功ping通ISP上的8.8.8.8;
PC1到3的机器上获取ip时都指定了dns服务器地址为 8.8.8.8
在ISP上配置DNS服务
ISP(config)#interface loopback 1
ISP(config-if)#ip address 8.8.8.8 255.255.255.0
ISP(config-if)#no shutdown
ISP(config-if)#do show ip int br
Interface IP-Address OK? Method Status Protocol
Ethernet0/0 unassigned YES NVRAM up up
Ethernet0/1 unassigned YES NVRAM administratively down down
Ethernet0/2 unassigned YES NVRAM administratively down down
Ethernet0/3 unassigned YES NVRAM administratively down down
Loopback1 8.8.8.8 YES manual up up
Virtual-Access1 unassigned YES unset down down
Virtual-Access2 unassigned YES unset up up
Virtual-Access2.1 211.98.5.254 YES manual up up
Virtual-Template1 211.98.5.254 YES manual down down
ISP(config-if)#exit
ISP(config)#ip dns server
ISP(config)#ip host www.test.local 8.8.8.8
ISP(config)#
配置端口复用NAT
4个子网, 10,20,30,40 这个匹配的话, 这4个值变化的范围在8位的二进制位中的第2到第6位, 所以得出的通配符是62. 不过这样的话,就会匹配出很多不存在的子网,因此还是通过配置多条permit语句实现
OR(config)#ip access-list standard inside_lan
OR(config-std-nacl)#permit 192.168.10.0 0.0.0.255
OR(config-std-nacl)#permit 192.168.20.0 0.0.0.255
OR(config-std-nacl)#permit 192.168.30.0 0.0.0.255
OR(config-std-nacl)#permit 192.168.40.0 0.0.0.255
// 或者 OR(config-std-nacl)#permit 192.168.0.0 0.0.62.255
OR(config-std-nacl)#exit
OR(config)#interface dialer 1
OR(config-if)#ip nat outside
OR(config-if)#int range e0/1-2
OR(config-if-range)#ip nat inside
OR(config-if-range)#exit
OR(config)#ip nat inside source list inside_lan interface dialer 1 overload
OR(config)#do show ip nat translations
OR(config)#
PC开始Ping 8.8.8.8网址
PC1 & PC2 & PC3 & DHCP_Server
PC1#ping www.test.local
Translating "www.test.local"
% Unrecognized host or address, or protocol not running.PC1#conf t
PC1(config)#ip domain lookup
PC1(config)#end
PC1#ping www.test.local
Translating "www.test.local"...domain server (8.8.8.8) [OK]Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 8.8.8.8, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 2/2/3 ms
PC1#
OR出口路由器端口映射表
OR(config)#do show ip nat translations
Pro Inside global Inside local Outside local Outside global
icmp 211.98.5.10:0 192.168.10.1:0 8.8.8.8:0 8.8.8.8:0
udp 211.98.5.10:56655 192.168.10.1:56655 8.8.8.8:53 8.8.8.8:53
icmp 211.98.5.10:1 192.168.20.1:0 8.8.8.8:0 8.8.8.8:1
udp 211.98.5.10:55539 192.168.20.1:55539 8.8.8.8:53 8.8.8.8:53
icmp 211.98.5.10:2 192.168.30.1:0 8.8.8.8:0 8.8.8.8:2
udp 211.98.5.10:55671 192.168.30.1:55671 8.8.8.8:53 8.8.8.8:53
icmp 211.98.5.10:3 192.168.40.1:3 8.8.8.8:3 8.8.8.8:3
udp 211.98.5.10:64320 192.168.40.1:64320 8.8.8.8:53 8.8.8.8:53
OR(config)#do show ip nat statistics
Total active translations: 0 (0 static, 0 dynamic; 0 extended)
Peak translations: 8, occurred 00:02:58 ago
Outside interfaces:Dialer1, Virtual-Access2
Inside interfaces: Ethernet0/1, Ethernet0/2
Hits: 48 Misses: 0
CEF Translated packets: 40, CEF Punted packets: 8
Expired translations: 8
Dynamic mappings:
-- Inside Source
[Id: 1] access-list inside_lan interface Dialer1 refcount 0Total doors: 0
Appl doors: 0
Normal doors: 0
Queued Packets: 0
OR(config)#
PC1 ping 8.8.8.8时,手动关闭SW1的E0/1口模拟线路故障,观察PC1的数据通信情况
Ping 不全部贴出来了
PC1#ping www.test.local repeat 10000
Translating "www.test.local"...domain server (8.8.8.8) [OK]Type escape sequence to abort.
Sending 10000, 100-byte ICMP Echos to 8.8.8.8, timeout is 2 seconds:
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!...............!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Success rate is 99 percent (685/700), round-trip min/avg/max = 1/1/13 ms
PC1#
SW1(config-if)#do show spanning-tree vlan 10VLAN0010Spanning tree enabled protocol rstpRoot ID Priority 10Address aabb.cc00.7000Cost 100Port 2 (Ethernet0/1)Hello Time 2 sec Max Age 20 sec Forward Delay 15 secBridge ID Priority 32778 (priority 32768 sys-id-ext 10)Address aabb.cc00.4000Hello Time 2 sec Max Age 20 sec Forward Delay 15 secAging Time 300 secInterface Role Sts Cost Prio.Nbr Type
------------------- ---- --- --------- -------- --------------------------------
Et0/0 Desg FWD 100 128.1 P2p
Et0/1 Root FWD 100 128.2 P2p
Et0/2 Altn BLK 100 128.3 P2p SW1(config-if)#shutdown
SW1(config-if)#do show spanning-tree vlan 10VLAN0010Spanning tree enabled protocol rstpRoot ID Priority 10Address aabb.cc00.7000Cost 156Port 3 (Ethernet0/2)Hello Time 2 sec Max Age 20 sec Forward Delay 15 secBridge ID Priority 32778 (priority 32768 sys-id-ext 10)Address aabb.cc00.4000Hello Time 2 sec Max Age 20 sec Forward Delay 15 secAging Time 300 secInterface Role Sts Cost Prio.Nbr Type
------------------- ---- --- --------- -------- --------------------------------
Et0/0 Desg BLK 100 128.1 P2p
Et0/2 Root FWD 100 128.3 P2p // 立刻进入FWD状态SW1(config-if)#do show spanning-tree vlan 10VLAN0010Spanning tree enabled protocol rstpRoot ID Priority 10Address aabb.cc00.7000Cost 156Port 3 (Ethernet0/2)Hello Time 2 sec Max Age 20 sec Forward Delay 15 secBridge ID Priority 32778 (priority 32768 sys-id-ext 10)Address aabb.cc00.4000Hello Time 2 sec Max Age 20 sec Forward Delay 15 secAging Time 300 secInterface Role Sts Cost Prio.Nbr Type
------------------- ---- --- --------- -------- --------------------------------
Et0/0 Desg LRN 100 128.1 P2p // 15秒后进入LRN状态
Et0/2 Root FWD 100 128.3 P2p SW1(config-if)#do show spanning-tree vlan 10
30秒之后
切换过程中查看SW1的STP收敛状态发现:备用接口E0/2很快进入Forwarding转发状态,但由于下联PC的接口E0/0在收敛过程中未处于Forwarding状态导致下联PC无法通信;
SW1(config-if)#do show spanning-tree vlan 10VLAN0010Spanning tree enabled protocol rstpRoot ID Priority 10Address aabb.cc00.7000Cost 156Port 3 (Ethernet0/2)Hello Time 2 sec Max Age 20 sec Forward Delay 15 secBridge ID Priority 32778 (priority 32768 sys-id-ext 10)Address aabb.cc00.4000Hello Time 2 sec Max Age 20 sec Forward Delay 15 secAging Time 300 secInterface Role Sts Cost Prio.Nbr Type
------------------- ---- --- --------- -------- --------------------------------
Et0/0 Desg FWD 100 128.1 P2p
Et0/2 Root FWD 100 128.3 P2p SW1(config-if)#
优化
恢复e0/1, 再重新试验
下联PC的接口E0/0属于边缘接口,主要用于连接终端设备,而不是其他交换机,故可以开启Portfast功能,加快此类接口的切换速度(可缩短至1s内)
SW1(config)#interface e0/1
SW1(config-if)#no shutdown
SW1(config)#exit
SW1(config)#spanning-tree portfast edge default
%Warning: this command enables portfast by default on all interfaces. Youshould now disable portfast explicitly on switched ports leading to hubs,switches and bridges as they may create temporary bridging loops.SW1(config)#do show spanning-tree vlan 10VLAN0010Spanning tree enabled protocol rstpRoot ID Priority 10Address aabb.cc00.7000Cost 100Port 2 (Ethernet0/1)Hello Time 2 sec Max Age 20 sec Forward Delay 15 secBridge ID Priority 32778 (priority 32768 sys-id-ext 10)Address aabb.cc00.4000Hello Time 2 sec Max Age 20 sec Forward Delay 15 secAging Time 300 secInterface Role Sts Cost Prio.Nbr Type
------------------- ---- --- --------- -------- --------------------------------
Et0/0 Desg FWD 100 128.1 P2p Edge
Et0/1 Root FWD 100 128.2 P2p
Et0/2 Altn BLK 100 128.3 P2p SW1(config-if)#
PC1#ping www.test.local repeat 10000
Translating "www.test.local"...domain server (8.8.8.8) [OK]Type escape sequence to abort.
Sending 10000, 100-byte ICMP Echos to 8.8.8.8, timeout is 2 seconds:
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!.!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Success rate is 99 percent (699/700), round-trip min/avg/max = 1/1/13 ms
PC1#
![IP-guard flexpaper远程命令执行漏洞复现 [附POC]](https://img-blog.csdnimg.cn/ae95bfbdc6dc497abf020688e9fb318c.png)
