An enterprise plans to build its own enterprise park network , We hope to provide a secure network through this new network 、 reliable 、 Scalable 、 Efficient network environment , Connect the two office locations , It enables enterprises to share network resources conveniently and quickly 、 Whole network access Internet Wait for the goal , At the same time, it realizes the confidentiality and isolation of information within the company , And secure access to the public network . To ensure the normal operation of these key application systems 、 Security development , The network must have the following characteristics ：
（1） Adopt advanced network communication technology to complete the construction of enterprise internal network , Connect two offices far away .
（2） In order to improve the efficiency of data transmission , Control the scope of broadcast domain in the whole enterprise network .
（3） Realize resource sharing in the whole enterprise group , And ensure the high reliability of the backbone network .
（4） To realize efficient routing in enterprise internal network .
（5） Be able to use less public networks IP Access Internet.
The specific environment of the enterprise is as follows ：
（1） The enterprise has two offices , And they are far away .
（2）A There are many departments in the office , For example, the business department 、 Finance Department 、 General affairs department, etc , For the main office space , Therefore, this part of the switching network requires high availability and reliability .
（3）B There are only a few office workers in the office , however Internet The access point of is here .
（4） The company has applied to several public networks IP Address , For enterprise access .
（5） Private network addresses are used within the company . The project task is shown in the following figure , More detailed information needs to be determined during actual construction , How to allocate ports 、IP How to divide the addresses, etc .

1. Routers 、 Switch 、PC To configure

Switch:

S3：

S4：

S1:

S2:

PC:

PC1——B03

PC2——B04

PC3——B07

PC4——B08

2.Protocol:

1.VRRP（ Virtual routing redundancy protocol Virtual Router Redundancy Protocol）

 Share virtual in redundant gateways MAC and IP Address , Ensure that the data is not forwarded to a specific gateway IP, Instead, it forwards the data to the virtual gateway IP
 therefore , No matter which router becomes the primary route , Will not affect data communication . Monitor the data port through multicast protocol , Once the data forwarding port is detected to be broken , The main router will stop sending HELLO package , The standby router is promoted to the primary router , Realize stable and efficient data forwarding .

Two sets of important concepts ：

1. VRRP Routers and virtual routers
2. VRRP A router is running VRRP The router , It's a physical entity

Virtual router refers to VRRP Agreement created , It's a logical concept .
A group of VRRP Routers work together , Together to form a virtual router . The virtual router is represented as a network with a unique fixed network IP Address and MAC Address logical router .

Master router and backup router

In the same place VRRP Routers in a group have two mutually exclusive roles ： Master router and backup router
One VRRP There is only one router in the master role in the group
There can be one or more routers in the backup role VRRP The protocol selects one from the router group as the master router , be responsible for ARP Parsing and forwarding IP Data packets , Other routers in the group act as backup and are on standby
When the master router fails for some reason , One of the backup routers can be upgraded to the master router after an instant delay , Because this switch is very fast and doesn't need to be changed IP Address and MAC Address , Therefore, it is transparent to the end-user system .

Master router and backup router ：
The higher the value, the higher the priority

VRRP Routers and virtual routing routers ：

2.MSTP（ Multiple spanning tree protocol MSTP Multiple Spanning Tree Protocol）

effect ：

1. Prevent layer 2 loop and link redundancy
2. be based on VLAN Data load balancing
3. Form trees without loops , Solve broadcast storm and realize redundant backup
4. Multiple spanning trees in VLAN To achieve load balancing between , Different VLAN The traffic is forwarded according to different paths

One VLAN You can share a spanning tree

The lower the value, the higher the priority
VLAN 10 S3->S4->S1/S2
VLAN 20 S4->S3->S1/S2

3.TRUNK port —— Port aggregation

Gather multiple ports of the switch to form a logical physical port
Multiple links can be converged into one logical link to increase bandwidth
Each member port of the same aggregation group dynamically backs up each other , Improve connection reliability

There will be SW3 and SW4 Of 0/5,0/6 Port aggregation , Prevent loop formation

4. The specific steps of the experiment

For specific instructions of configuration, please refer to the Internet , Only the steps are recorded here
1.PC 1——B03
Configure local address
Configure subnet mask
Configure the default gateway

2.SW 1（ Same as SW2）
Configure switch name
establish VLAN 10,20
To configure VLAN 10,20 Corresponding gateway
To configure 0/3,0/4 Port is TRUNK
Configure the spanning tree

3.SW 3( Same as SW4)
Configure switch name
configure port 1 no switchport Change layer-2 interface to layer-3 interface Set port IP Address
configure port 5 6 by trunk, And aggregate
configure port 3.4 by trunk
take VLAN 10,20 Add ports respectively 0/1,0/2
To configure RIP agreement
Configure the spanning tree VLAN10 application instance 1,VLAN 20 application instance 2, And start the spanning tree

4.R1
configure port IP
To configure RIP

5.R2
configure port IP
To configure NAPT

6. attachment

test result ：
1.PC1、PC2,PC3、PC4 Each other can ping through
1,2 In a different place VLAN Can communicate with each other , Because SW3 It's a layer 3 switch , It can play the role of routing , Forward

2.traceroute result
same VLAN Forward inside （eg,PC1(VLAN 10)->PC3(VLAN 10)）, It is a two-layer exchange , No gateway

3. adopt show run Check the port configuration
4. adopt show spanning-tree summary View the spanning tree configuration
5. adopt show vrrp brief see vrrp To configure