当前位置：首页 > news >正文

CCNA课程实验-14-Final_Lab

news 文章来源：https://blog.csdn.net/Linux7985/article/details/134405870 2025/5/20 4:01:19

实验条件
- 网络拓朴
- 需求
配置实现
- 1. 配置PC1~3, DHCP_Server的vlan
- 2. VLAN10、20的网关为MSW1对应的SVI，VLAN30、40的网关为MSW2对应的SVI；
- 3. 配置5台交换机之间线路均为Trunk
- 4. 配置5台交换机均启用Rapid-PVST(RSTP)
- 5. 配置DHCP Server，创建3个地址池
- 6. 配置动态路由OSPF
- 7. 配置OR出口路由器PPPoE拨号上网
- - 配置ISP服务端
  - 配置`OR`出口路由器
  - OR & MSW1 & MSW2路由表
- 8. OR配置端口复用NAT，使得内网PC1~3能成功ping通ISP上的8.8.8.8；
- - 在ISP上配置DNS服务
  - 配置端口复用NAT
  - PC开始Ping 8.8.8.8网址
- PC1 ping 8.8.8.8时，手动关闭SW1的E0/1口模拟线路故障，观察PC1的数据通信情况
- - 优化

实验条件

网络拓朴

在这里插入图片描述

需求

PC1属于VLAN10，PC2属于VLAN20，PC3属于VLAN30，DHCP Server属于VLAN40，PC1、PC2、PC3的IP地址均采用DHCP方式获取；
VLAN10、20的网关为MSW1对应的SVI，VLAN30、40的网关为MSW2对应的SVI；
所有5台交换机之间线路均为Trunk，其中MSW1和MSW2之间E0/0-1需使用EtherChannel进行捆绑，组ID为12，模式为on；
所有5台交换机均启用Rapid-PVST(RSTP)，其中MSW1为VLAN10、20的根桥，MSW2为备份根桥，MSW2为VLAN30、40的根桥，MSW1为备份根桥；
配置DHCP Server，创建3个地址池，分别为Sales：192.168.10.0/24，网关为192.168.10.254、Product：192.168.20.0/24，网关为192.168.20.254、Services：192.168.30.0/24，网关为192.168.30.254，VLAN10、20、30的网关配置DHCP中继至DHCP Server；
OR、MSW1、MSW2之间运行OSPF，进程ID：100，Area ID：0，OR下发默认路由仅当本身存在默认路由时；
OR配置PPPoE，用户名：SPOTO 密码：SPOTO123，ISP没有告知使用哪种认证方式，拨号成功后自动获取IP信息，以及本地自动生成一条默认路由指向ISP；
OR配置端口复用NAT，使得内网PC1~3能成功ping通ISP上的8.8.8.8；
PC1 ping 8.8.8.8时，手动关闭SW1的E0/1口模拟线路故障，观察PC1的数据通信情况。

配置实现

1. 配置PC1~3, DHCP_Server的vlan

需求: PC1属于VLAN10，PC2属于VLAN20，PC3属于VLAN30，DHCP Server属于VLAN40，PC1、PC2、PC3的IP地址均采用DHCP方式获取
SW1 & SW2 & SW3

SW1(config)#int e0/0
SW1(config-if)#switchport mode access
SW1(config-if)#switchport access vlan 10
SW1(config-if)#no shutdown

MSW1 & MSW2
MSW1只创建10,20,30,40vlan就可以,不用其它操作

MSW2(config)#vlan 10,20,30,40
MSW2(config-vlan)#exit
MSW2(config)#int e1/2
MSW2(config-if)#switchport mode access 
MSW2(config-if)#switchport access vlan 40
MSW2(config-if)#no shutdown

PC1 & PC2 & PC3

PC1(config)#no ip routing
PC1(config)#int e0/0
PC1(config-if)#ip address dhcp 
PC1(config-if)#no shutdown
PC1(config-if)#

DHCP_Server

DHCP_Server(config)#no ip routing
DHCP_Server(config)#int e0/0
DHCP_Server(config-if)#ip address 192.168.40.1 255.255.255.0
DHCP_Server(config-if)#no shutdown
DHCP_Server(config-if)#duplex full
DHCP_Server(config-if)#exit
DHCP_Server(config)#ip default-gateway 192.168.40.254

2. VLAN10、20的网关为MSW1对应的SVI，VLAN30、40的网关为MSW2对应的SVI；

MSW1

MSW1(config)#vlan 10,20,30,40
MSW1(config-vlan)#exit
MSW1(config)#int vlan 10
MSW1(config-if)#ip address 192.168.10.254 255.255.255.0
MSW1(config-if)#no shutdown
MSW1(config-if)#int vlan 20
MSW1(config-if)#ip address 192.168.20.254 255.255.255.0
MSW1(config-if)#no shutdown
MSW1(config-if)#

此时的SVI接口down状态.因为没有配置Trunk或是有归属于10,20的vlan, 所以svi没有办法up, 下一步创建trunk的时候,就可以正常了
MSW2

MSW2(config-if)#vlan 10,20,30,40
MSW2(config-vlan)#exit
MSW2(config)#int vlan 30
MSW2(config-if)#ip address 192.168.30.254 255.255.255.0
MSW2(config-if)#no shutdown
MSW2(config-if)#int vlan 40
MSW2(config-if)#ip address 192.168.40.254 255.255.255.0
MSW2(config-if)#no shutdown

3. 配置5台交换机之间线路均为Trunk

所有5台交换机之间线路均为Trunk，其中MSW1和MSW2之间E0/0-1需使用EtherChannel进行捆绑，组ID为12，模式为on；
MSW1配置

MSW1(config)#int range ethernet 0/0-3, e1/0
MSW1(config-if-range)#switchport trunk encapsulation dot1q
MSW1(config-if-range)#switchport mode trunk
MSW1(config-if-range)#exit
MSW1(config)#int range e0/0-1
MSW1(config-if-range)#channel-group 12 mode on 
Creating a port-channel interface Port-channel 12MSW1(config-if-range)#

MSW2配置

MSW2(config)#int range e0/0-3,e1/0
MSW2(config-if-range)#switchport trunk encapsulation dot1q
MSW2(config-if-range)#switchport mode trunk
MSW2(config-if-range)#exit
MSW2(config)#int range e0/0-1
MSW2(config-if-range)#channel-group 12 mode on 
Creating a port-channel interface Port-channel 12MSW2(config-if-range)#

查询结果

MSW1(config-if-range)#do show etherchannel summary
Flags:  D - down        P - bundled in port-channelI - stand-alone s - suspendedH - Hot-standby (LACP only)R - Layer3      S - Layer2U - in use      N - not in use, no aggregationf - failed to allocate aggregatorM - not in use, minimum links not metm - not in use, port not aggregated due to minimum links not metu - unsuitable for bundlingw - waiting to be aggregatedd - default portA - formed by Auto LAGNumber of channel-groups in use: 1
Number of aggregators:           1Group  Port-channel  Protocol    Ports
------+-------------+-----------+-----------------------------------------------
12     Po12(SU)         -        Et0/0(P)    Et0/1(P)    MSW1(config-if-range)#do show int trunkPort        Mode             Encapsulation  Status        Native vlan
Et0/2       on               802.1q         trunking      1
Et0/3       on               802.1q         trunking      1
Et1/0       on               802.1q         trunking      1
Po12        on               802.1q         trunking      1Port        Vlans allowed on trunk
Et0/2       1-4094
Et0/3       1-4094
Et1/0       1-4094
Po12        1-4094Port        Vlans allowed and active in management domain
Et0/2       1,10,20,30,40
Et0/3       1,10,20,30,40
Et1/0       1,10,20,30,40
Po12        1,10,20,30,40Port        Vlans in spanning tree forwarding state and not pruned
Et0/2       1,10,20,30,40
Et0/3       1,10,20,30,40
Et1/0       1,10,20,30,40Port        Vlans in spanning tree forwarding state and not pruned
Po12        1,10,20,30,40
MSW1(config-if-range)#

SW1 & SW2 & SW3配置

SW1(config)#int range e0/1-2
SW1(config-if-range)#switchport trunk encapsulation dot1q
SW1(config-if-range)#switchport mode trunk
SW1(config-if-range)#no shutdown
SW1(config-if-range)#

4. 配置5台交换机均启用Rapid-PVST(RSTP)

所有5台交换机均启用Rapid-PVST(RSTP)，其中MSW1为VLAN10、20的根桥，MSW2为备份根桥，MSW2为VLAN30、40的根桥，MSW1为备份根桥；
SW1 & SW2 & SW3

SW1(config)#spanning-tree mode rapid-pvst

配置MSW1为VLAN10、20的根桥, MSW2为备份根桥

MSW1(config)#spanning-tree mode rapid-pvst 
MSW1(config)#spanning-tree vlan 10,20 priority 0 
MSW1(config)#spanning-tree vlan 30,40 priority 4096

配置MSW2为VLAN30、40的根桥, MSW1为备份根桥

MSW2(config)#spanning-tree mode rapid-pvst 
MSW2(config)#spanning-tree vlan 30,40 priority 0
MSW2(config)#spanning-tree vlan 10,20 priority 4096

5. 配置DHCP Server，创建3个地址池

配置DHCP Server，创建3个地址池，分别为Sales：192.168.10.0/24，网关为192.168.10.254、Product：192.168.20.0/24，网关为192.168.20.254、Services：192.168.30.0/24，网关为192.168.30.254，VLAN10、20、30的网关配置DHCP中继至DHCP Server；
DHCP_Server配置

DHCP_Server(config)#service dhcp
// sales地址池
DHCP_Server(config)#ip dhcp pool Sales
DHCP_Server(dhcp-config)#network 192.168.10.0 255.255.255.0
DHCP_Server(dhcp-config)#default-router 192.168.10.254
DHCP_Server(dhcp-config)#dns-server 8.8.8.8// product地址池
DHCP_Server(dhcp-config)#ip dhcp pool Product
DHCP_Server(dhcp-config)#network 192.168.20.0 255.255.255.0
DHCP_Server(dhcp-config)#default-router 192.168.20.254
DHCP_Server(dhcp-config)#dns-server 8.8.8.8// services地址池
DHCP_Server(dhcp-config)#ip dhcp pool Services 
DHCP_Server(dhcp-config)#network 192.168.30.0 255.255.255.0
DHCP_Server(dhcp-config)#default-router 192.168.30.254
DHCP_Server(dhcp-config)#dns-server 8.8.8.8
DHCP_Server(dhcp-config)#

MSW1配置

MSW1(config)#interface vlan 10
MSW1(config-if)#ip helper-address 192.168.40.1
MSW1(config-if)#interface vlan 20 
MSW1(config-if)#ip helper-address 192.168.40.1
MSW1(config-if)#

MSW2配置

MSW2(config)#interface vlan 30
MSW2(config-if)#ip helper-address 192.168.40.1

6. 配置动态路由OSPF

OR、MSW1、MSW2之间运行OSPF，进程ID：100，Area ID：0，OR下发默认路由仅当本身存在默认路由时

注:
default-information originate [always]
带always参数: 不管下发默认路由的路由器本身有没有默认路由,都可以作为默认路由下发者
不带always参数: 下发默认路由的路由器本身必须要有默认路由;
配置OR

OR(config)#int e0/1
OR(config-if)#ip address 10.1.1.1 255.255.255.0
OR(config-if)#no shutdown
OR(config-if)#duplex full
OR(config-if)#int e0/2
OR(config-if)#ip address 10.1.2.1 255.255.255.0
OR(config-if)#no shutdown                        
OR(config-if)#duplex full// 配置OSPF
OR(config)# router ospf 100
OR(config-router)#router-id 1.1.1.1
OR(config-router)#network 10.1.1.1 0.0.0.0 area 0
OR(config-router)#network 10.1.2.1 0.0.0.0 area 0
OR(config-router)#default-information originate	// 当本机没有默认路由时不下发默认路由给其它路由器
OR(config-router)#exit
OR(config)#do show ip ospf neighbor Neighbor ID     Pri   State           Dead Time   Address         Interface
3.3.3.3           1   FULL/BDR        00:00:35    10.1.2.2        Ethernet0/2
2.2.2.2           1   FULL/BDR        00:00:35    10.1.1.2        Ethernet0/1
OR(config)#

MSW1(config)#router ospf 100
MSW1(config-router)#router-id 2.2.2.2   
MSW1(config-router)#network 0.0.0.0 255.255.255.255 area 0
MSW1(config)#do show ip ospf neighborNeighbor ID     Pri   State           Dead Time   Address         Interface
1.1.1.1           1   FULL/DR         00:00:35    10.1.1.1        Ethernet1/1
MSW1(config)#

MSW2(config)#router ospf 100
MSW2(config-router)#router-id 3.3.3.3   
MSW2(config-router)#network 0.0.0.0 255.255.255.255 area 0
MSW2(config)#do show ip ospf neighborNeighbor ID     Pri   State           Dead Time   Address         Interface
1.1.1.1           1   FULL/DR         00:00:37    10.1.2.1        Ethernet1/1
MSW2(config)#

7. 配置OR出口路由器PPPoE拨号上网

OR配置PPPoE，用户名：SPOTO 密码：SPOTO123，ISP没有告知使用哪种认证方式，拨号成功后自动获取IP信息，以及本地自动生成一条默认路由指向ISP；

配置ISP服务端

ISP端配置

ISP(config)#username SPOTO password SPOTO123 
ISP(config)#ip local pool cciepools 211.98.5.10 211.98.5.253 
ISP(config)#interface virtual-template 1
ISP(config-if)#ip address 211.98.5.254 255.255.255.0
ISP(config-if)#no shutdown
ISP(config-if)#encapsulation ppp
ISP(config-if)#ip mtu 1492
ISP(config-if)#ppp authentication pap
ISP(config-if)#peer default ip address pool cciepools
ISP(config-if)#exit
ISP(config)#bba-group pppoe bgISP
ISP(config-bba-group)#virtual-template 1
ISP(config-bba-group)#exit
ISP(config)#int e0/0
ISP(config-if)#pppoe enable group bgISP
ISP(config-if)#no shutdown
ISP(config-if)#exit
ISP(config)#do show ip int br
Interface                  IP-Address      OK? Method Status                Protocol
Ethernet0/0                unassigned      YES NVRAM  up                    up      
Ethernet0/1                unassigned      YES NVRAM  administratively down down    
Ethernet0/2                unassigned      YES NVRAM  administratively down down    
Ethernet0/3                unassigned      YES NVRAM  administratively down down    
Virtual-Access1            unassigned      YES unset  down                  down    
Virtual-Access2            unassigned      YES unset  up                    up      
Virtual-Template1          211.98.5.254    YES manual down                  down    
ISP(config)#

配置`OR`出口路由器

OR(config)#interface dialer 1
OR(config-if)#encapsulation ppp
OR(config-if)#ip mtu 1492
OR(config-if)#ppp pap sent-username SPOTO password SPOTO123
OR(config-if)#ppp chap hostname SPOTO
OR(config-if)#ppp chap password SPOTO123
OR(config-if)#ip address negotiated
OR(config-if)#ppp ipcp route default
OR(config-if)#dialer pool 1
OR(config-if)#exit
OR(config)#int e0/0
OR(config-if)#pppoe enable group global
OR(config-if)#pppoe-client dial-pool-number 1
OR(config-if)#no shutdown

拨号成功

OR(config)#do show ip int br
Interface                  IP-Address      OK? Method Status                Protocol
Ethernet0/0                unassigned      YES NVRAM  up                    up      
Ethernet0/1                10.1.1.1        YES manual up                    up      
Ethernet0/2                10.1.2.1        YES manual up                    up      
Ethernet0/3                unassigned      YES NVRAM  administratively down down    
Dialer1                    211.98.5.10     YES IPCP   up                    up      
NVI0                       10.1.1.1        YES unset  up                    up      
Virtual-Access1            unassigned      YES unset  up                    up      
Virtual-Access2            unassigned      YES unset  up                    up      
OR(config)#

NVI0接口, NAT用来做端口映射用的.

OR & MSW1 & MSW2路由表

OR & MSW1 & MSW2

OR(config-if)#do show ip route
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGPD - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2E1 - OSPF external type 1, E2 - OSPF external type 2i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2ia - IS-IS inter area, * - candidate default, U - per-user static routeo - ODR, P - periodic downloaded static route, H - NHRP, l - LISPa - application route+ - replicated route, % - next hop overrideGateway of last resort is 211.98.5.254 to network 0.0.0.0S*    0.0.0.0/0 is directly connected10.0.0.0/8 is variably subnetted, 4 subnets, 2 masks
C        10.1.1.0/24 is directly connected, Ethernet0/1
L        10.1.1.1/32 is directly connected, Ethernet0/1
C        10.1.2.0/24 is directly connected, Ethernet0/2
L        10.1.2.1/32 is directly connected, Ethernet0/2
O     192.168.10.0/24 [110/11] via 10.1.1.2, 00:35:48, Ethernet0/1
O     192.168.20.0/24 [110/11] via 10.1.1.2, 00:35:48, Ethernet0/1
O     192.168.30.0/24 [110/11] via 10.1.2.2, 00:35:31, Ethernet0/2
O     192.168.40.0/24 [110/11] via 10.1.2.2, 00:35:31, Ethernet0/2211.98.5.0/32 is subnetted, 2 subnets
C        211.98.5.10 is directly connected, Dialer1
C        211.98.5.254 is directly connected, Dialer1
OR(config-if)#

MSW1(config)#do show ip route
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGPD - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2E1 - OSPF external type 1, E2 - OSPF external type 2i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2ia - IS-IS inter area, * - candidate default, U - per-user static routeo - ODR, P - periodic downloaded static route, H - NHRP, l - LISPa - application route+ - replicated route, % - next hop overrideGateway of last resort is 10.1.1.1 to network 0.0.0.0O*E2  0.0.0.0/0 [110/1] via 10.1.1.1, 00:02:56, Ethernet1/110.0.0.0/8 is variably subnetted, 3 subnets, 2 masks
C        10.1.1.0/24 is directly connected, Ethernet1/1
L        10.1.1.2/32 is directly connected, Ethernet1/1
O        10.1.2.0/24 [110/20] via 10.1.1.1, 00:38:32, Ethernet1/1192.168.10.0/24 is variably subnetted, 2 subnets, 2 masks
C        192.168.10.0/24 is directly connected, Vlan10
L        192.168.10.254/32 is directly connected, Vlan10192.168.20.0/24 is variably subnetted, 2 subnets, 2 masks
C        192.168.20.0/24 is directly connected, Vlan20
L        192.168.20.254/32 is directly connected, Vlan20
O     192.168.30.0/24 [110/21] via 10.1.1.1, 00:38:16, Ethernet1/1
O     192.168.40.0/24 [110/21] via 10.1.1.1, 00:38:16, Ethernet1/1
MSW1(config)#

MSW2(config-router)#do show ip route
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGPD - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2E1 - OSPF external type 1, E2 - OSPF external type 2i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2ia - IS-IS inter area, * - candidate default, U - per-user static routeo - ODR, P - periodic downloaded static route, H - NHRP, l - LISPa - application route+ - replicated route, % - next hop overrideGateway of last resort is 10.1.2.1 to network 0.0.0.0O*E2  0.0.0.0/0 [110/1] via 10.1.2.1, 00:00:21, Ethernet1/110.0.0.0/8 is variably subnetted, 3 subnets, 2 masks
O        10.1.1.0/24 [110/20] via 10.1.2.1, 00:35:41, Ethernet1/1
C        10.1.2.0/24 is directly connected, Ethernet1/1
L        10.1.2.2/32 is directly connected, Ethernet1/1
O     192.168.10.0/24 [110/21] via 10.1.2.1, 00:35:41, Ethernet1/1
O     192.168.20.0/24 [110/21] via 10.1.2.1, 00:35:41, Ethernet1/1192.168.30.0/24 is variably subnetted, 2 subnets, 2 masks
C        192.168.30.0/24 is directly connected, Vlan30
L        192.168.30.254/32 is directly connected, Vlan30192.168.40.0/24 is variably subnetted, 2 subnets, 2 masks
C        192.168.40.0/24 is directly connected, Vlan40
L        192.168.40.254/32 is directly connected, Vlan40
MSW2(config-router)#

8. OR配置端口复用NAT，使得内网PC1~3能成功ping通ISP上的8.8.8.8；

PC1到3的机器上获取ip时都指定了dns服务器地址为 8.8.8.8

在ISP上配置DNS服务

ISP(config)#interface loopback 1
ISP(config-if)#ip address 8.8.8.8 255.255.255.0
ISP(config-if)#no shutdown
ISP(config-if)#do show ip int br
Interface                  IP-Address      OK? Method Status                Protocol
Ethernet0/0                unassigned      YES NVRAM  up                    up      
Ethernet0/1                unassigned      YES NVRAM  administratively down down    
Ethernet0/2                unassigned      YES NVRAM  administratively down down    
Ethernet0/3                unassigned      YES NVRAM  administratively down down    
Loopback1                  8.8.8.8         YES manual up                    up      
Virtual-Access1            unassigned      YES unset  down                  down    
Virtual-Access2            unassigned      YES unset  up                    up      
Virtual-Access2.1          211.98.5.254    YES manual up                    up      
Virtual-Template1          211.98.5.254    YES manual down                  down    
ISP(config-if)#exit
ISP(config)#ip dns server
ISP(config)#ip host www.test.local 8.8.8.8
ISP(config)#

配置端口复用NAT

4个子网, 10,20,30,40 这个匹配的话, 这4个值变化的范围在8位的二进制位中的第2到第6位, 所以得出的通配符是62. 不过这样的话,就会匹配出很多不存在的子网,因此还是通过配置多条permit语句实现

OR(config)#ip access-list standard inside_lan
OR(config-std-nacl)#permit 192.168.10.0 0.0.0.255
OR(config-std-nacl)#permit 192.168.20.0 0.0.0.255
OR(config-std-nacl)#permit 192.168.30.0 0.0.0.255
OR(config-std-nacl)#permit 192.168.40.0 0.0.0.255
// 或者 OR(config-std-nacl)#permit 192.168.0.0 0.0.62.255
OR(config-std-nacl)#exit
OR(config)#interface dialer 1
OR(config-if)#ip nat outside
OR(config-if)#int range e0/1-2
OR(config-if-range)#ip nat inside
OR(config-if-range)#exit
OR(config)#ip nat inside source list inside_lan interface dialer 1 overload
OR(config)#do show ip nat translations 
OR(config)#

PC开始Ping 8.8.8.8网址

PC1 & PC2 & PC3 & DHCP_Server

PC1#ping www.test.local
Translating "www.test.local"
% Unrecognized host or address, or protocol not running.PC1#conf t
PC1(config)#ip domain lookup
PC1(config)#end
PC1#ping www.test.local
Translating "www.test.local"...domain server (8.8.8.8) [OK]Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 8.8.8.8, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 2/2/3 ms
PC1#

OR出口路由器端口映射表

OR(config)#do show ip nat translations
Pro Inside global      Inside local       Outside local      Outside global
icmp 211.98.5.10:0     192.168.10.1:0     8.8.8.8:0          8.8.8.8:0
udp 211.98.5.10:56655  192.168.10.1:56655 8.8.8.8:53         8.8.8.8:53
icmp 211.98.5.10:1     192.168.20.1:0     8.8.8.8:0          8.8.8.8:1
udp 211.98.5.10:55539  192.168.20.1:55539 8.8.8.8:53         8.8.8.8:53
icmp 211.98.5.10:2     192.168.30.1:0     8.8.8.8:0          8.8.8.8:2
udp 211.98.5.10:55671  192.168.30.1:55671 8.8.8.8:53         8.8.8.8:53
icmp 211.98.5.10:3     192.168.40.1:3     8.8.8.8:3          8.8.8.8:3
udp 211.98.5.10:64320  192.168.40.1:64320 8.8.8.8:53         8.8.8.8:53
OR(config)#do show ip nat statistics
Total active translations: 0 (0 static, 0 dynamic; 0 extended)
Peak translations: 8, occurred 00:02:58 ago
Outside interfaces:Dialer1, Virtual-Access2
Inside interfaces: Ethernet0/1, Ethernet0/2
Hits: 48  Misses: 0
CEF Translated packets: 40, CEF Punted packets: 8
Expired translations: 8
Dynamic mappings:
-- Inside Source
[Id: 1] access-list inside_lan interface Dialer1 refcount 0Total doors: 0
Appl doors: 0
Normal doors: 0
Queued Packets: 0
OR(config)#

PC1 ping 8.8.8.8时，手动关闭SW1的E0/1口模拟线路故障，观察PC1的数据通信情况

Ping 不全部贴出来了

PC1#ping www.test.local repeat 10000
Translating "www.test.local"...domain server (8.8.8.8) [OK]Type escape sequence to abort.
Sending 10000, 100-byte ICMP Echos to 8.8.8.8, timeout is 2 seconds:
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!...............!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Success rate is 99 percent (685/700), round-trip min/avg/max = 1/1/13 ms
PC1#

SW1(config-if)#do show spanning-tree vlan 10VLAN0010Spanning tree enabled protocol rstpRoot ID    Priority    10Address     aabb.cc00.7000Cost        100Port        2 (Ethernet0/1)Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 secBridge ID  Priority    32778  (priority 32768 sys-id-ext 10)Address     aabb.cc00.4000Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 secAging Time  300 secInterface           Role Sts Cost      Prio.Nbr Type
------------------- ---- --- --------- -------- --------------------------------
Et0/0               Desg FWD 100       128.1    P2p 
Et0/1               Root FWD 100       128.2    P2p 
Et0/2               Altn BLK 100       128.3    P2p SW1(config-if)#shutdown
SW1(config-if)#do show spanning-tree vlan 10VLAN0010Spanning tree enabled protocol rstpRoot ID    Priority    10Address     aabb.cc00.7000Cost        156Port        3 (Ethernet0/2)Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 secBridge ID  Priority    32778  (priority 32768 sys-id-ext 10)Address     aabb.cc00.4000Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 secAging Time  300 secInterface           Role Sts Cost      Prio.Nbr Type
------------------- ---- --- --------- -------- --------------------------------
Et0/0               Desg BLK 100       128.1    P2p
Et0/2               Root FWD 100       128.3    P2p 	// 立刻进入FWD状态SW1(config-if)#do show spanning-tree vlan 10VLAN0010Spanning tree enabled protocol rstpRoot ID    Priority    10Address     aabb.cc00.7000Cost        156Port        3 (Ethernet0/2)Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 secBridge ID  Priority    32778  (priority 32768 sys-id-ext 10)Address     aabb.cc00.4000Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 secAging Time  300 secInterface           Role Sts Cost      Prio.Nbr Type
------------------- ---- --- --------- -------- --------------------------------
Et0/0               Desg LRN 100       128.1    P2p 	// 15秒后进入LRN状态
Et0/2               Root FWD 100       128.3    P2p SW1(config-if)#do show spanning-tree vlan 10

30秒之后
切换过程中查看SW1的STP收敛状态发现：备用接口E0/2很快进入Forwarding转发状态，但由于下联PC的接口E0/0在收敛过程中未处于Forwarding状态导致下联PC无法通信；

SW1(config-if)#do show spanning-tree vlan 10VLAN0010Spanning tree enabled protocol rstpRoot ID    Priority    10Address     aabb.cc00.7000Cost        156Port        3 (Ethernet0/2)Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 secBridge ID  Priority    32778  (priority 32768 sys-id-ext 10)Address     aabb.cc00.4000Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 secAging Time  300 secInterface           Role Sts Cost      Prio.Nbr Type
------------------- ---- --- --------- -------- --------------------------------
Et0/0               Desg FWD 100       128.1    P2p 
Et0/2               Root FWD 100       128.3    P2p SW1(config-if)#

优化

恢复e0/1, 再重新试验
下联PC的接口E0/0属于边缘接口，主要用于连接终端设备，而不是其他交换机，故可以开启Portfast功能，加快此类接口的切换速度（可缩短至1s内）

SW1(config)#interface e0/1
SW1(config-if)#no shutdown
SW1(config)#exit
SW1(config)#spanning-tree portfast edge default   
%Warning: this command enables portfast by default on all interfaces. Youshould now disable portfast explicitly on switched ports leading to hubs,switches and bridges as they may create temporary bridging loops.SW1(config)#do show spanning-tree vlan 10VLAN0010Spanning tree enabled protocol rstpRoot ID    Priority    10Address     aabb.cc00.7000Cost        100Port        2 (Ethernet0/1)Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 secBridge ID  Priority    32778  (priority 32768 sys-id-ext 10)Address     aabb.cc00.4000Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 secAging Time  300 secInterface           Role Sts Cost      Prio.Nbr Type
------------------- ---- --- --------- -------- --------------------------------
Et0/0               Desg FWD 100       128.1    P2p Edge 
Et0/1               Root FWD 100       128.2    P2p 
Et0/2               Altn BLK 100       128.3    P2p SW1(config-if)#

PC1#ping www.test.local repeat 10000
Translating "www.test.local"...domain server (8.8.8.8) [OK]Type escape sequence to abort.
Sending 10000, 100-byte ICMP Echos to 8.8.8.8, timeout is 2 seconds:
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!.!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Success rate is 99 percent (699/700), round-trip min/avg/max = 1/1/13 ms
PC1#

目录