Network topology configuration case exercises
In this article, we will record the common configurations of the network: VRRP, floating routing, DCHP, layer 3 switch configuration, etc., practice how to configure these contents, let’s start directly
Network topology
In this network topology, 4 vlans are divided, and each pc corresponds to a vlan; two layer 3 switches (LSW3 and LSW4) are configured as virtual routing redundancy protocol VRRP 1 , do floating routing with router AR1 2 Configuration (I won’t explain the concept too much, just quote it directly, and friends who don’t understand can click to view); router AR1 is a border router, AR2 and AR3 are simulated as ISP routers, PC5 is simulated as other Internet users, IP addresses of different interfaces Refer to the network topology diagram for the configuration, which is shown in the figure below.
Description of Requirement
- basic configuration:
a. Configure IP address, mask and gateway for each PC;
b. Create vlan for the switch, configure access port, trunk port, and divide vlan;
c. Configure the gateways of different vlan s, and configure the IP addresses of different interfaces of the router; - Configure vrrp: Here, set LSW3 as the master group, set LSW4 as the backup group, the IP of the virtual gateway is: x.1.1.254, the IP of the master group is: x.1.1.252, and the IP of the backup group is : x.1.1.253, to test whether the access between different VLANs can communicate.
- Configure routes. AR1 and the two Layer 3 switches can be configured with floating routes, and the border router can be configured with default routes to test the connectivity with PC5.
- Test whether vrrp works, whether floating routing works.
- Configure DHCP so that these PC s can automatically obtain IP addresses and communicate with each other.
specific operation command
The switch creates VLANs, configures access and trunk ports, and divides VLANs
Configure the IP address, mask, and gateway for each PC. These basic operations are ignored. For example, the IP of PC1 is: 10.1.1.1/24, and the gateway is 10.1.1.254. PC2, 3, 4, 5 are also similar.
- Create VLANs:
**LSW1:** system-view sysname LSW1 vlan batch 10 20 30 40 **LSW2:** system-view sysname LSW2 vlan batch 10 20 30 40 **LSW3:** system-view sysname LSW3 vlan batch 10 20 30 40 50 60 **LSW4:** system-view sysname LSW4 vlan batch 10 20 30 40 50 60
You can use: dis vlan command to see which VLANs you have created
2. Configure the access port and divide it into different vlan s.
**LSW1: ** [LSW1]interface Ethernet 0/0/2 [LSW1-Ethernet0/0/2]port link-type access [LSW1-Ethernet0/0/2]port default vlan 10 [LSW1-Ethernet0/0/2]quit [LSW1]interface Ethernet 0/0/3 [LSW1-Ethernet0/0/3]port link-type access [LSW1-Ethernet0/0/3]port default vlan 20 **LSW2:** [LSW2-Ethernet0/0/2]port link-type access [LSW2-Ethernet0/0/2]port default vlan 30 [LSW2-Ethernet0/0/2]quit [LSW2]interface Ethernet 0/0/3 [LSW2-Ethernet0/0/3]port link-type access [LSW2-Ethernet0/0/3]port default vlan 40 [LSW2-Ethernet0/0/3]quit
- Configure the trunk port. In this topology, the trunk we want to configure is the port connected between different switch devices. For convenience, we allow all vlans to pass this time, but in the actual environment, for safety reasons, vlans should be restricted .
configuration trunk mouth: **LSW1: ** [LSW1]interface Ethernet 0/0/1 [LSW1-Ethernet0/0/1]port link-type trunk [LSW1-Ethernet0/0/1]port trunk allow-pass vlan all [LSW1-Ethernet0/0/1]quit [LSW1]interface Ethernet 0/0/4 [LSW1-Ethernet0/0/4]port link-type trunk [LSW1-Ethernet0/0/4]port trunk allow-pass vlan all **LSW2: ** [LSW2]interface Ethernet 0/0/1 [LSW2-Ethernet0/0/1]port link-type trunk [LSW2-Ethernet0/0/1]port trunk allow-pass vlan all [LSW2-Ethernet0/0/1]quit [LSW2]interface Ethernet 0/0/4 [LSW2-Ethernet0/0/4]port link-type trunk [LSW2-Ethernet0/0/4]port trunk allow-pass vlan all [LSW2-Ethernet0/0/4]quit **LSW3: ** [LSW3]interface GigabitEthernet 0/0/1 [LSW3-GigabitEthernet0/0/1]port link-type trunk [LSW3-GigabitEthernet0/0/1]port trunk allow-pass vlan all [LSW3-GigabitEthernet0/0/1]quit [LSW3]interface GigabitEthernet 0/0/2 [LSW3-GigabitEthernet0/0/2]port link-type trunk [LSW3-GigabitEthernet0/0/2]port trunk allow-pass vlan all [LSW3-GigabitEthernet0/0/2]quit [LSW3]interface GigabitEthernet 0/0/3 [LSW3-GigabitEthernet0/0/3]port link-type trunk [LSW3-GigabitEthernet0/0/3]port trunk allow-pass vlan all [LSW3-GigabitEthernet0/0/3]quit **LSW4: ** [LSW4]interface GigabitEthernet 0/0/1 [LSW4-GigabitEthernet0/0/1]port link-type trunk [LSW4-GigabitEthernet0/0/1]port trunk allow-pass vlan all [LSW4-GigabitEthernet0/0/1]quit [LSW4]interface GigabitEthernet 0/0/2 [LSW4-GigabitEthernet0/0/2]port link-type trunk [LSW4-GigabitEthernet0/0/2]port trunk allow-pass vlan all [LSW4-GigabitEthernet0/0/2]quit [LSW4]interface GigabitEthernet 0/0/3 [LSW4-GigabitEthernet0/0/3]port link-type trunk [LSW4-GigabitEthernet0/0/3]port trunk allow-pass vlan all [LSW4-GigabitEthernet0/0/3]quit
- Configure virtual gateways of different vlan s, and configure IP addresses of different interfaces of routers
**LSW3: ** [LSW3]interface Vlanif 10 [LSW3-Vlanif10]ip address 10.1.1.252 24 // master group IP [LSW3-Vlanif10]quit [LSW3]interface Vlanif 20 [LSW3-Vlanif20]ip address 20.1.1.252 24 [LSW3-Vlanif20]quit [LSW3]interface Vlanif 30 [LSW3-Vlanif30]ip address 30.1.1.252 24 [LSW3-Vlanif30]quit [LSW3]interface Vlanif 40 [LSW3-Vlanif40]ip add [LSW3-Vlanif40]ip address 40.1.1.252 24 [LSW3-Vlanif40]quit [LSW3]interface Vlanif 50 [LSW3-Vlanif50]ip address 50.1.1.1 24 [LSW3-Vlanif50]quit [LSW3]interface GigabitEthernet 0/0/4 [LSW3-GigabitEthernet0/0/4]port link-type access [LSW3-GigabitEthernet0/0/4]port default vlan 50 [LSW3-GigabitEthernet0/0/4]quit **LSW4: ** [LSW4]interface Vlanif 10 [LSW4-Vlanif10]ip address 10.1.1.253 24 // backup group IP [LSW4-Vlanif10]quit [LSW4]interface Vlanif 20 [LSW4-Vlanif20]ip address 20.1.1.253 24 [LSW4-Vlanif20]quit [LSW4]interface Vlanif 30 [LSW4-Vlanif30]ip address 30.1.1.253 24 [LSW4-Vlanif30]quit [LSW4]interface Vlanif 40 [LSW4-Vlanif40]ip address 40.1.1.253 24 [LSW4-Vlanif40]quit [LSW4]interface Vlanif 60 [LSW4-Vlanif60]ip address 60.1.1.1 24 [LSW4-Vlanif60]quit [LSW4]interface GigabitEthernet 0/0/4 [LSW4-GigabitEthernet0/0/4]port link-type access [LSW4-GigabitEthernet0/0/4]port default vlan 60 [LSW4-GigabitEthernet0/0/4]quit **AR1: ** [AR1]interface GigabitEthernet 0/0/0 [AR1-GigabitEthernet0/0/0]ip address 50.1.1.2 24 [AR1-GigabitEthernet0/0/0]quit [AR1]interface GigabitEthernet 0/0/1 [AR1-GigabitEthernet0/0/1]ip address 60.1.1.2 24 [AR1-GigabitEthernet0/0/1]quit [AR1]interface GigabitEthernet 0/0/2 [AR1-GigabitEthernet0/0/2]ip address 70.1.1.1 24 [AR1-GigabitEthernet0/0/2]quit **AR2: ** [AR2]interface GigabitEthernet 0/0/0 [AR2-GigabitEthernet0/0/0]ip address 70.1.1.2 24 [AR2-GigabitEthernet0/0/0]quit [AR2]interface GigabitEthernet 0/0/1 [AR2-GigabitEthernet0/0/1]ip address 80.1.1.1 24 [AR2-GigabitEthernet0/0/1]quit **AR3: ** [AR3]interface GigabitEthernet 0/0/0 [AR3-GigabitEthernet0/0/0]ip address 80.1.1.2 24 [AR3-GigabitEthernet0/0/0]quit [AR3]interface GigabitEthernet 0/0/1 [AR3-GigabitEthernet0/0/1]ip address 90.1.1.254 24 [AR3-GigabitEthernet0/0/1]quit
So far, we have completed the basic configuration of the requirements, and the next step is to configure vrrp.
vrrp configuration
Specific requirements: set LSW3 as the master group, set LSW4 as the backup group, the IP of the virtual gateway is: x.1.1.254, the IP of the master group is: x.1.1.252, and the IP of the backup group is: x.1.1.253, to test whether the access between different VLANs can communicate.
- master group LSW3 configuration:
[LSW3]interface Vlanif 10 [LSW3-Vlanif10]vrrp vrid 10 virtual-ip 10.1.1.254 // Create a vrrp configuration with id 10, virtual IP: 10.1.1.254 [LSW3-Vlanif10]vrrp vrid 10 priority 110 // Set the priority of this switch [LSW3-Vlanif10]vrrp vrid 10 preempt-mode timer delay 20 // Set preemption time [LSW3-Vlanif10]quit [LSW3]int vlanif 20 [LSW3-Vlanif20]vrrp vrid 20 virtual-ip 20.1.1.254 [LSW3-Vlanif20]vrrp vrid 20 priority 110 [LSW3-Vlanif20]vrrp vrid 20 preempt-mode timer delay 20 [LSW3-Vlanif20]quit [LSW3]int vlanif 30 [LSW3-Vlanif30]vrrp vrid 30 virtual-ip 30.1.1.254 [LSW3-Vlanif30]vrrp vrid 30 priority 110 [LSW3-Vlanif30]vrrp vrid 30 preempt-mode timer delay 20 [LSW3-Vlanif30]quit [LSW3]int vlanif 40 [LSW3-Vlanif40]vrrp vrid 40 virtual-ip 40.1.1.254 [LSW3-Vlanif40]vrrp vrid 40 priority 110 [LSW3-Vlanif40]vrrp vrid 40 preempt-mode timer delay 20 [LSW3-Vlanif40]quit // The following is the configuration listening interface [LSW3]interface Vlanif 10 [LSW3-Vlanif10]vrrp vrid 10 track interface g0/0/4 reduce 20 // Track the interface of g0/0/4, if this interface is broken, the priority will be lowered by 20 [LSW3-Vlanif10]quit [LSW3]int vlanif 20 [LSW3-Vlanif20]vrrp vrid 20 track interface g0/0/4 reduce 20 [LSW3-Vlanif20]quit [LSW3]int vlanif 30 [LSW3-Vlanif30]vrrp vrid 30 track interface g0/0/4 reduce 20 [LSW3-Vlanif30]quit [LSW3]int vlanif 40 [LSW3-Vlanif40]vrrp vrid 40 track interface g0/0/4 reduce 20 [LSW3-Vlanif40]quit
2. backup group LSW4 configuration:
[LSW4]int vlanif 10 [LSW4-Vlanif10]vrrp vrid 10 virtual-ip 10.1.1.254 //vrid must be consistent with the same vlan interface [LSW4-Vlanif10]vrrp vrid 10 priority 100 [LSW4-Vlanif10]vrrp vrid 10 preempt-mode timer delay 20 [LSW4-Vlanif10]quit [LSW4]int vlanif 20 [LSW4-Vlanif20]vrrp vrid 20 virtual-ip 20.1.1.254 [LSW4-Vlanif20]vrrp vrid 20 priority 100 [LSW4-Vlanif20]vrrp vrid 20 preempt-mode timer delay 20 [LSW4-Vlanif20]quit [LSW4]int vlanif 30 [LSW4-Vlanif30]vrrp vrid 30 virtual-ip 30.1.1.254 [LSW4-Vlanif30]vrrp vrid 30 priority 100 [LSW4-Vlanif30]vrrp vrid 30 preempt-mode timer delay 20 [LSW4-Vlanif30]quit [LSW4]int vlanif 40 [LSW4-Vlanif40]vrrp vrid 40 virtual-ip 40.1.1.254 [LSW4-Vlanif40]vrrp vrid 40 priority 100 [LSW4-Vlanif40]vrrp vrid 40 preempt-mode timer delay 20 [LSW4-Vlanif40]quit
Since then, we have configured vrrp. Next, we will test whether different network segments can communicate normally. If there is no problem with the vrrp configuration, it can communicate normally. If there is a problem with the configuration, it must be unable to communicate. Of course, verify You can see the role of vrrp in the link.
As shown in the figure below, using PC1 to ping PC2 can communicate normally, indicating that there is no problem with the vrrp configuration.
routing configuration
**Tips:** The border router can be configured with a default router. If it is an intermediate router, different exits must be configured with routes, unless an interface is a border exit. In addition, after configuring the routing of a router, conduct a connectivity test to ensure that problems can be found and solved in time.
**LSW3 and LSW4** [LSW3]ip route-static 0.0.0.0 0.0.0.0 50.1.1.2 [LSW4]ip route-static 0.0.0.0 0.0.0.0 60.1.1.2 **AR1: ** [AR1]ip route-static 10.1.1.0 24 50.1.1.1 [AR1]ip route-static 20.1.1.0 24 50.1.1.1 [AR1]ip route-static 30.1.1.0 24 50.1.1.1 [AR1]ip route-static 40.1.1.0 24 50.1.1.1 [AR1]ip route-static 10.1.1.0 24 60.1.1.1 preference 2 [AR1]ip route-static 20.1.1.0 24 60.1.1.1 preference 2 [AR1]ip route-static 30.1.1.0 24 60.1.1.1 preference 2 [AR1]ip route-static 40.1.1.0 24 60.1.1.1 preference 2 [AR1]ip route-static 80.1.1.0 24 70.1.1.2 [AR1]ip route-static 90.1.1.0 24 70.1.1.2 **AR2: ** [AR2]ip route-static 90.1.1.0 24 80.1.1.2 [AR2]ip route-static 10.1.1.0 24 70.1.1.1 [AR2]ip route-static 20.1.1.0 24 70.1.1.1 [AR2]ip route-static 30.1.1.0 24 70.1.1.1 [AR2]ip route-static 40.1.1.0 24 70.1.1.1 [AR2]ip route-static 50.1.1.0 24 70.1.1.1 [AR2]ip route-static 60.1.1.0 24 70.1.1.1 **AR3: ** [AR3]ip route-static 0.0.0.0 0.0.0.0 80.1.1.1
Finally, use PC1 to ping PC5, and test the connectivity without any problem, as shown in the figure below.
So far, we have completed the task of connecting the entire network. Finally, let's verify the role of vrrp and floating routing.
verify vrrp and floating routes
- vrrp verification
Let PC1 continue to ping PC5 first. When we shut down the ge0/0/4 port of the master group (LSW3) switch (that is, the monitoring port we configured vrrp settings), see if the backup group (LSW4) switch can replace it. In addition Then check whether the ping fails. If the communication can continue, it means that the vrrp configuration is successful.
(1) Before down, the ping situation, the vrrp situation of the master group and the backup group:
(2) After setting LSW3 ge0/0/4 to shutdown, the ping situation, the vrrp situation of the master group and the backup group:
As can be seen from the above figures, when switching to the backup group switch, a few packets will be lost in the communication, but the overall communication will not be affected. However, due to the blockage of the communication link, the original master group switch has become a backup group switch, and the original backup group switch has become a master group switch. In summary, we can see that the vrrp configuration is successful.
3. Floating route verification
This time we use the wireshark packet capture function to capture the two interfaces (GE0/0/0 and GE0/0/1) of router AR1 respectively for floating route verification. In the above configuration, GE0/0/0>GE0/0/1, therefore, when the link is normal, the communication between different hosts should go through GE0/0/0, and the packets captured on GE0/0/0 should be is content. When GE0/0/0 fails (here we shut it down to simulate a failure), it will go to GE0/0/1, and the packets captured on GE0/0/1 should have content.
Link normal:
Take the initiative to shut down GE0/0/0, and capture packets of GE0/0/1:
DHCP configuration
Configure DHCP relay on LSW3 so that PC1-PC4 can obtain IP addresses automatically.
DHCP configuration can be divided into global-based configuration mode and interface-based configuration mode (provided that the interface is configured with a gateway)
Examples of global-based configuration mode commands are as follows:
dhcp enable ip pool 10 network 10.1.1.0 mask 24 gateway-list 10.1.1.254 dns-list 8.8.8.8 interface ge 0/0/0 // router interface dhcp select global
This time the configuration is based on the interface, as follows:
[LSW3]dhcp enable [LSW3]interface Vlanif 10 [LSW3-Vlanif10]dhcp select interface [LSW3-Vlanif10]dhcp server lease day 1 // Set the lease period [LSW3-Vlanif10]dhcp server dns-list 8.8.8.8 // set dns address [LSW3-Vlanif10]quit [LSW3]interface Vlanif 20 [LSW3-Vlanif20]dhcp select interface [LSW3-Vlanif20]dhcp server lease day 1 [LSW3-Vlanif20]dhcp server dns-list 8.8.8.8 [LSW3-Vlanif20]quit [LSW3]interface Vlanif 30 [LSW3-Vlanif30]dhcp select interface [LSW3-Vlanif30]dhcp server lease day 1 [LSW3-Vlanif30]dhcp server dns-list 8.8.8.8 [LSW3-Vlanif30]quit [LSW3]interface Vlanif 40 [LSW3-Vlanif40]dhcp select interface [LSW3-Vlanif40]dhcp server lease day 1 [LSW3-Vlanif40]dhcp server dns-list 8.8.8.8 [LSW3-Vlanif40]quit
verify:
Test connectivity:
So far, the DHCP configuration has been completed and the authentication has passed.
Summarize
Feeling network configuration, my experience is:
- Start with basic configuration, such as: IP, vlan, trunk, etc.;
- Starting from the configuration of the LAN, first adjust the LAN and then perform subsequent configurations;
- Every configuration step or a section of link needs to be tested to detect and solve problems in time.
The above is the whole of the network configuration case. Of course, there may be a lack of firewall, server, NAT, etc. If you have any questions, please comment and correct me. I will continue to update, keep learning, and continue to improve.