详解配置交换机多生成树MSTP+VRRP 的典型组网
组网:
1. 这是一个由三台交换机组成的倒三角型二层交换网络;网络中有4个VLAN:10、20、30、40;接口编号如图所示;SW3为接入层交换机,SW1、SW2为汇聚层交换机;
2. VLAN10对应的网段为192.168.10.0/24;VLAN20对应的网段为192.168.20.0/24;VLAN30对应的网段为192.168.30.0/24;VLAN40对应的网段为192.168.40.0/24;各VLAN的网关均为192.168.x.254的地址,该地址为VRRP组的虚拟地址。
现在要求:
1. 由于网络中VLAN较多,并且存在二层环路,因此使用MSTP实现环路避免,同时实现负载分担。要求VLAN10、VLAN20的流量主走SW1-SW3这一侧链路,VLAN30、VLAN40的流量主走SW2-SW3这一侧链路;
2. 为了提高网络的网关层冗余能力,在SW1及SW2的vlanif10、vlanif20、vlanif30、vlanif40上部署VRRP,一共4组。
一、eNSP实际操作视频:
二、IP设置:
PC1:192.168.10.1/24,vlan10
PC2:192.168.20.1/24,vlan20
PC3:192.168.30.1/24,vlan30
PC4:192.168.40.1/24,vlan40
SW1:vlanif10:192.168.10.253/24,virtual-ip:192.168.10.254/24,master
Vlanif20:192.168.20.253/24,virtual-ip:192.168.20.254/24,master
Vlanif30:192.168.30.253/24,virtual-ip:192.168.30.254/24,backup
Vlanif40:192.168.40.253/24,virtual-ip:192.168.40.254/24,backup
SW2:vlanif10:192.168.10.252/24,virtual-ip:192.168.10.254/24,backup
Vlanif20:192.168.20.252/24,virtual-ip:192.168.20.254/24,backup
Vlanif30:192.168.30.252/24,virtual-ip:192.168.30.254/24,master
Vlanif40:192.168.40.252/24,virtual-ip:192.168.40.254/24,master
三、配置步骤:
由于网络中VLAN较多,并且存在二层环路因此使用MSTP实现环路避免,同时实现负载分担。将VLAN10、20映射到MSTP实例1;将VLAN30、40映射到MSTP实例2。MSTP实例1阻塞掉的端口为SW3的GE0/0/22,实例2阻塞掉的端口为SW3的GE0/0/21。换句话说就是SW1配置为实例1的主根、实例2的次根,而SW2配置为实例2的主根、实例1的次根。这个案例中必须确保VRRP的Master及Backup与MSTP的主、备根重叠。也就是说SW1是MSTP实例1的主根,同时它是vlanif10及vlanif20的VRRP Master,而SW2是MSTP实例2的主根,同时它是vlanif30及vlanif40的VRRP Master。
SW3的配置如下:
#在SW3上创建VLAN,并将接口加入相应的VLAN:
[SW3] vlan batch 10 20 30 40
[SW3] interface GigabitEthernet0/0/21
[SW3-GigabitEthernet0/0/21] port link-type trunk
[SW3-GigabitEthernet0/0/21] port trunk allow-pass vlan 10 20 30 40
[SW3] interface GigabitEthernet0/0/22
[SW3-GigabitEthernet0/0/22] port link-type trunk
[SW3-GigabitEthernet0/0/22] port trunk allow-pass vlan 10 20 30 40
#配置MSTP,将vlan10 20映射到实例1,将vlan30 40映射到实例2。在SW3上,MSTP实例1及实例2的优先级保持默认32768:
[SW3] stp mode mstp
[SW3] stp region-configuration
[SW3-mst-region] region-name huawei
#配置MSTP域名
[SW3-mst-region] instance 1 vlan 10 20
#将VLAN10、20映射到实例1
[SW3-mst-region] instance 2 vlan 30 40
#将VLAN30、40映射到实例2
[SW3-mst-region] active region-configuration #激活配置
[SW3-mst-region] quit
[SW3] stp enable
SW1的配置如下:
[SW1] vlan batch 10 20 30 40
[SW1] interface GigabitEthernet0/0/24
[SW1-GigabitEthernet0/0/24] port link-type trunk
[SW1-GigabitEthernet0/0/24] port trunk allow-pass vlan 10 20 30 40
[SW1] interface GigabitEthernet0/0/21
[SW1-GigabitEthernet0/0/21] port link-type trunk
[SW1-GigabitEthernet0/0/21] port trunk allow-pass vlan 10 20 30 40
#配置MSTP,将VLAN10 20映射到实例1,将VLAN30 40映射到实例2。将SW1的MSTP设置为实例1的主根,实例2的次根:
[SW1] stp mode mstp
[SW1] stp region-configuration
[SW1-mst-region] region-name huawei
[SW1-mst-region] instance 1 vlan 10 20
[SW1-mst-region] instance 2 vlan 30 40
[SW1-mst-region] active region-configuration
[SW1-mst-region] quit
[SW1] stp instance 1 root primary
[SW1] stp instance 2 root secondary
[SW1] stp enable
#配置vlanif10、vlanif20、vlanif30、vlanif40,分别加入VRRP组10,20,30,40。其中SW1为VRRP组10及20的Master,为组30及40的Backup:
[SW1] interface Vlanif 10
[SW1-vlanif10] ip address 192.168.10.253 255.255.255.0
[SW1-vlanif10] vrrp vrid 10 virtual-ip 192.168.10.254
[SW1-vlanif10] vrrp vrid 10 priority 120
[SW1] interface Vlanif 20
[SW1-vlanif20] ip address 192.168.20.253 255.255.255.0
[SW1-vlanif20] vrrp vrid 20 virtual-ip 192.168.20.254
[SW1-vlanif20] vrrp vrid 20 priority 120
[SW1] interface Vlanif 30
[SW1-vlanif30] ip address 192.168.30.253 255.255.255.0
[SW1-vlanif30] vrrp vrid 30 virtual-ip 192.168.30.254
[SW1] interface Vlanif 40
[SW1-vlanif40] ip address 192.168.40.253 255.255.255.0
[SW1-vlanif40] vrrp vrid 40 virtual-ip 192.168.40.254
SW2的配置如下:
[SW2] vlan batch 10 20 30 40
[SW2] interface GigabitEthernet0/0/24
[SW2-GigabitEthernet0/0/24] port link-type trunk
[SW2-GigabitEthernet0/0/24] port trunk allow-pass vlan 10 20 30 40
[SW2] interface GigabitEthernet0/0/22
[SW2-GigabitEthernet0/0/22] port link-type trunk
[SW2-GigabitEthernet0/0/22] port trunk allow-pass vlan 10 20 30 40
#配置MSTP,将VLAN10 20映射到实例1,将VLAN30 40映射到实例2。将SW2的MSTP设置为实例2的主根,实例1的次根:
[SW2] stp mode mstp
[SW2] stp region-configuration
[SW2-mst-region] region-name huawei
[SW2-mst-region] instance 1 vlan 10 20
[SW2-mst-region] instance 2 vlan 30 40
[SW2-mst-region] active region-configuration
[SW2-mst-region] quit
[SW2] stp instance 1 root secondary
[SW2] stp instance 2 root primary
[SW2] stp enable
#配置vlanif10、vlanif20、vlanif30、vlanif40,分别加入VRRP组10,20,30,40。其中SW1为VRRP组30及40的Master,为组10及20的Backup
[SW2] interface Vlanif 10
[SW2-vlanif10] ip address 192.168.10.252 255.255.255.0
[SW2-vlanif10] vrrp vrid 10 virtual-ip 192.168.10.254
[SW2] interface Vlanif 20
[SW2-vlanif20] ip address 192.168.20.252 255.255.255.0
[SW2-vlanif20] vrrp vrid 20 virtual-ip 192.168.20.254
[SW2] interface Vlanif 30
[SW2-vlanif30] ip address 192.168.30.252 255.255.255.0
[SW2-vlanif30] vrrp vrid 30 virtual-ip 192.168.30.254
[SW2-vlanif30] vrrp vrid 30 priority 120
[SW2] interface Vlanif 40
[SW2-vlanif40] ip address 192.168.40.252 255.255.255.0
[SW2-vlanif40] vrrp vrid 40 virtual-ip 192.168.40.254
[SW2-vlanif40] vrrp vrid 40 priority 120
完成配置后,各VLAN的用户都能够ping通自己的网关,在SW3上看看:
dis stp bri
MSTID Port Role STP State Protection
0 GigabitEthernet0/0/1 DESI FORWARDING NONE
0 GigabitEthernet0/0/2 DESI FORWARDING NONE
0 GigabitEthernet0/0/3 DESI LEARNING NONE
0 GigabitEthernet0/0/4 DESI LEARNING NONE
0 GigabitEthernet0/0/21 DESI FORWARDING NONE
0 GigabitEthernet0/0/22 ROOT FORWARDING NONE
1 GigabitEthernet0/0/1 DESI FORWARDING NONE
1 GigabitEthernet0/0/2 DESI FORWARDING NONE
1 GigabitEthernet0/0/21 ROOT FORWARDING NONE
1 GigabitEthernet0/0/22 ALTE DISCARDING NONE
2 GigabitEthernet0/0/3 DESI LEARNING NONE
2 GigabitEthernet0/0/4 DESI LEARNING NONE
2 GigabitEthernet0/0/21 ALTE DISCARDING NONE
2 GigabitEthernet0/0/22 ROOT FORWARDING NONE
在SW3上我们看到,MSTP实例1中被Block掉的端口是GE0/0/22口;MSTP实例2中被Block掉的端口是GE0/0/21,符合需求。再去SW1上看看VRRP组的状态:
display vrrp bri
VRID State Interface Type Virtual IP
----------------------------------------------------------------
10 Master Vlanif10 Normal 192.168.10.254
20 Master Vlanif20 Normal 192.168.20.254
30 Backup Vlanif30 Normal 192.168.30.254
40 Backup Vlanif40 Normal 192.168.40.254
----------------------------------------------------------------
Total:4 Master:2 Backup:2 Non-active:0
从上述输出可以看出,SW1为VRRP组10及组20的Master,同时也为VRRP组30和组40的Backup。
display vrrp bri
VRID State Interface Type Virtual IP
----------------------------------------------------------------
10 Backup Vlanif10 Normal 192.168.10.254
20 Backup Vlanif20 Normal 192.168.20.254
30 Master Vlanif30 Normal 192.168.30.254
40 Master Vlanif40 Normal 192.168.40.254
----------------------------------------------------------------
Total:4 Master:2 Backup:2 Non-active:0
而SW2则正好相反。如此一来,VLAN10及VLAN20用户访问外网的流量将SW3-SW1的路径转发,VLAN30及VLAN40用户访问外网的流量将SW2-SW1的路径转发。当网络中的链路发生故障时,将会启用另一条备份链路,业务不受影响。
四、SW3的主要配置文件:
#
sysname SW3
#
vlan batch 10 20 30 40
#
stp region-configuration
region-name huawei
instance 1 vlan 10 20
instance 2 vlan 30 40
active region-configuration
#
interface GigabitEthernet0/0/1
port link-type access
port default vlan 10
#
interface GigabitEthernet0/0/2
port link-type access
port default vlan 20
#
interface GigabitEthernet0/0/3
port link-type access
port default vlan 30
#
interface GigabitEthernet0/0/4
port link-type access
port default vlan 40
#
interface GigabitEthernet0/0/21
port link-type trunk
port trunk allow-pass vlan 10 20 30 40
#
interface GigabitEthernet0/0/22
port link-type trunk
port trunk allow-pass vlan 10 20 30 40
#
return
五、SW1的主要配置文件:
disp cu
#
sysname SW1
#
vlan batch 10 20 30 40
#
stp instance 1 root primary
stp instance 2 root secondary
#
stp region-configuration
region-name huawei
instance 1 vlan 10 20
instance 2 vlan 30 40
active region-configuration
#
interface Vlanif10
ip address 192.168.10.253 255.255.255.0
vrrp vrid 10 virtual-ip 192.168.10.254
vrrp vrid 10 priority 120
#
interface Vlanif20
ip address 192.168.20.253 255.255.255.0
vrrp vrid 20 virtual-ip 192.168.20.254
vrrp vrid 20 priority 120
#
interface Vlanif30
ip address 192.168.30.253 255.255.255.0
vrrp vrid 30 virtual-ip 192.168.30.254
#
interface Vlanif40
ip address 192.168.40.253 255.255.255.0
vrrp vrid 40 virtual-ip 192.168.40.254
#
interface MEth0/0/1
#
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 10 20 30 40
#
interface GigabitEthernet0/0/2
port link-type trunk
port trunk allow-pass vlan 10 20 30 40
#
return
六、SW2的主要配置文件:
#
sysname SW2
#
vlan batch 10 20 30 40
#
stp instance 1 root secondary
stp instance 2 root primary
#
stp region-configuration
region-name huawei
instance 1 vlan 10 20
instance 2 vlan 30 40
active region-configuration
#
interface Vlanif10
ip address 192.168.10.252 255.255.255.0
vrrp vrid 10 virtual-ip 192.168.10.254
#
interface Vlanif20
ip address 192.168.20.252 255.255.255.0
vrrp vrid 20 virtual-ip 192.168.20.254
#
interface Vlanif30
ip address 192.168.30.252 255.255.255.0
vrrp vrid 30 virtual-ip 192.168.30.254
vrrp vrid 30 priority 120
#
interface Vlanif40
ip address 192.168.40.252 255.255.255.0
vrrp vrid 40 virtual-ip 192.168.40.254
vrrp vrid 40 priority 120
#
interface MEth0/0/1
#
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 10 20 30 40
#
interface GigabitEthernet0/0/2
port link-type trunk
port trunk allow-pass vlan 10 20 30 40
#
return
- 发表于:
- 原文链接:https://kuaibao.qq.com/s/20201222A0EAMP00?refer=cp_1026
- 腾讯「腾讯云开发者社区」是腾讯内容开放平台帐号(企鹅号)传播渠道之一,根据《腾讯内容开放平台服务协议》转载发布内容。
- 如有侵权,请联系 cloudcommunity@tencent.com 删除。
相关快讯
扫码
添加站长 进交流群
领取专属 10元无门槛券
私享最新 技术干货
腾讯云开发者
