1 实验拓扑及描述
1. 这是一个由三台交换机组成的倒三角型二层交换网络;
2. 网络中有4个VLAN:10、20、30、40;
3. 接口编号如图所示;
4. VLAN10对应的网段为192.168.10.0/24;VLAN20对应的网段为192.168.20.0/24;
VLAN30对应的网段为192.168.30.0/24;VLAN40对应的网段为192.168.40.0/24;
各VLAN的网关均为.254的地址,该地址为VRRP组的虚拟地址;
5. SW1的vlanif10和vlanif20的IP地址分别为:192.168.10.253、192.168.20.253
SW1的vlanif30和vlanif40的IP地址分别为:192.168.30.252、192.168.40.252
6. SW1的vlanif10和vlanif20的IP地址分别为:192.168.10.252、192.168.20.252
SW1的vlanif30和vlanif40的IP地址分别为:192.168.30.253、192.168.40.253
2 实验需求
1. 由于网络中VLAN较多,并且存在二层环路因此使用MSTP实现环路避免,同时实现负载分担。
2. 将vlan10、20映射到MSTP实例1;将vlan30、40映射到MSTP实例2;
3. MSTP实例1Block掉的端口为SW3的GE0/0/23;实例2Block掉的端口为SW2的GE0/0/22;
4. 为了提高网络的网关层冗余能力,在SW1及SW2的vlanif10、vlanif20、vlanif30、vlanif40上部署VRRP,一共4组。而VRRP的Master及Backup需与MSTP的主、备根重叠。也就是说SW1的vlanif10及vlanif20为各自VRRP组的Master,此外vlanif30及vlanif40为各自VRRP组的Backup;SW2正好相反。
3 实验步骤及配置
SW3的配置如下:
#在SW3上创建VLAN,并将接口加入相应的VLAN
[SW3] vlan batch 10 20 30 40
[SW3] interface GigabitEthernet0/0/22
[SW3-GigabitEthernet0/0/22] port link-type trunk
[SW3-GigabitEthernet0/0/22] port trunk allow-pass vlan 10 20 30 40
[SW3] interface GigabitEthernet0/0/23
[SW3-GigabitEthernet0/0/23] port link-type trunk
[SW3-GigabitEthernet0/0/23] port trunk allow-pass vlan 10 20 30 40
#配置MSTP,将vlan10 20映射到实例1,将vlan30 40映射到实例2
#在SW3上,MSTP实例1及实例2的优先级保持默认32768
[SW3] stp mode mstp
[SW3] stp region-configuration
[SW3-mst-region] region-name huawei
[SW3-mst-region] instance 1 vlan 10 20
[SW3-mst-region] instance 2 vlan 30 40
[SW3-mst-region] active region-configuration
[SW3-mst-region] quit
[SW3] stp instance 1 priority 32768
[SW3] stp instance 2 priority 32768
[SW3] stp enable
SW1的配置如下:
[SW1] vlan batch 10 20 30 40
[SW1] interface GigabitEthernet0/0/24
[SW1-GigabitEthernet0/0/24] port link-type trunk
[SW1-GigabitEthernet0/0/24] port trunk allow-pass vlan 10 20 30 40
[SW1] interface GigabitEthernet0/0/22
[SW1-GigabitEthernet0/0/22] port link-type trunk
[SW1-GigabitEthernet0/0/22] port trunk allow-pass vlan 10 20 30 40
#配置MSTP,将vlan10 20映射到实例1,将vlan30 40映射到实例2
#将SW1的MSTP设置为实例1的主根,实例2的次根
[SW1] stp mode mstp
[SW1] stp region-configuration
[SW1-mst-region] region-name huawei
[SW1-mst-region] instance 1 vlan 10 20
[SW1-mst-region] instance 2 vlan 30 40
[SW1-mst-region] active region-configuration
[SW1-mst-region] quit
[SW1] stp instance 1 root primary
[SW1] stp instance 2 root secondary
[SW1] stp enable
#配置vlanif10、vlanif20、vlanif30、vlanif40
#配置vlanif10、vlanif20、vlanif30、vlanif40,分别加入VRRP组1,2,3,4
#其中SW1为VRRP组1及2的Master,为组3及4的Backup
[SW1] interface Vlanif10
[SW1-vlanif10] ip address 192.168.10.253 255.255.255.0
[SW1-vlanif10] vrrp vrid 1 virtual-ip 192.168.10.254
[SW1-vlanif10] vrrp vrid 1 priority 120
[SW1-vlanif10] vrrp vrid 1 preempt-mode timer delay 20
[SW1] interface Vlanif20
[SW1-vlanif20] ip address 192.168.20.253 255.255.255.0
[SW1-vlanif20] vrrp vrid 2 virtual-ip 192.168.20.254
[SW1-vlanif20] vrrp vrid 2 priority 120
[SW1-vlanif20] vrrp vrid 2 preempt-mode timer delay 20
[SW1] interface Vlanif30
[SW1-vlanif30] ip address 192.168.30.252 255.255.255.0
[SW1-vlanif30] vrrp vrid 3 virtual-ip 192.168.30.254
[SW1] interface Vlanif40
[SW1-vlanif40] ip address 192.168.40.252 255.255.255.0
[SW1-vlanif40] vrrp vrid 4 virtual-ip 192.168.40.254
SW2的配置如下:
[SW2] vlan batch 10 20 30 40
[SW2] interface GigabitEthernet0/0/24
[SW2-GigabitEthernet0/0/24] port link-type trunk
[SW2-GigabitEthernet0/0/24] port trunk allow-pass vlan 10 20 30 40
[SW2] interface GigabitEthernet0/0/23
[SW2-GigabitEthernet0/0/23] port link-type trunk
[SW2-GigabitEthernet0/0/23] port trunk allow-pass vlan 10 20 30 40
#配置MSTP,将vlan10 20映射到实例1,将vlan30 40映射到实例2
#将SW1的MSTP设置为实例2的主根,实例1的次根
[SW2] stp mode mstp
[SW2] stp region-configuration
[SW2-mst-region] region-name huawei
[SW2-mst-region] instance 1 vlan 10 20
[SW2-mst-region] instance 2 vlan 30 40
[SW2-mst-region] active region-configuration
[SW2-mst-region] quit
[SW2] stp instance 1 root secondary
[SW2] stp instance 2 root primary
[SW2] stp enable
#配置vlanif10、vlanif20、vlanif30、vlanif40
#配置vlanif10、vlanif20、vlanif30、vlanif40,分别加入VRRP组1,2,3,4
#其中SW1为VRRP组3及4的Master,为组1及2的Backup
[SW2] interface Vlanif10
[SW2-vlanif10] ip address 192.168.10.252 255.255.255.0
[SW2-vlanif10] vrrp vrid 1 virtual-ip 192.168.10.254
[SW2] interface Vlanif20
[SW2-vlanif20] ip address 192.168.20.252 255.255.255.0
[SW2-vlanif20] vrrp vrid 2 virtual-ip 192.168.20.254
[SW2] interface Vlanif30
[SW2-vlanif30] ip address 192.168.30.252 255.255.255.0
[SW2-vlanif30] vrrp vrid 3 virtual-ip 192.168.30.254
[SW2-vlanif30] vrrp vrid 3 priority 120
[SW2] interface Vlanif40
[SW2-vlanif40] ip address 192.168.40.252 255.255.255.0
[SW2-vlanif40] vrrp vrid 4 virtual-ip 192.168.40.254
[SW2-vlanif40] vrrp vrid 4 priority 120
完成配置后,各VLAN的用户都能够ping通自己的网关;
我们在SW3上看看:
[SW3] display stp brief
MSTID Port Role STP State Protection
0 GigabitEthernet0/0/1 DESI FORWARDING NONE
0 GigabitEthernet0/0/2 DESI FORWARDING NONE
0 GigabitEthernet0/0/22 DESI FORWARDING NONE
0 GigabitEthernet0/0/23 DESI FORWARDING NONE
1 GigabitEthernet0/0/1 DESI FORWARDING NONE
1 GigabitEthernet0/0/22 ROOT FORWARDING NONE
1 GigabitEthernet0/0/23 ALTE DISCARDING NONE
2 GigabitEthernet0/0/2 DESI FORWARDING NONE
2 GigabitEthernet0/0/22 ALTE DISCARDING NONE
2 GigabitEthernet0/0/23 ROOT FORWARDING NONE
我们看到,MSTP实例1中被Block掉的端口是GE0/0/23口;MSTP实例2中被Block掉的端口是GE0/0/22,符合我们的需求。再去SW1上看看VRRP组的状态:
[SW1] display vrrp brief
VRID State Interface Type Virtual IP
----------------------------------------------------------------
1 Master Vlanif10 Normal 192.168.10.254
2 Master Vlanif20 Normal 192.168.20.254
3 Backup Vlanif30 Normal 192.168.30.254
4 Backup Vlanif40 Normal 192.168.40.254
----------------------------------------------------------------
Total:4 Master:2 Backup:2 Non-active:0
从上述输出可以看出,SW1为VRRP组1及组2的Master,同时也为VRRP组3和组4的Backup。
