[1] First configure the access layer equipment
(1) First create a vlan on the access layer switch, and assign the interface to the vlan
[sw3]vlan 2
[sw3-Ethernet0/0/21]port link-type access
[sw3-Ethernet0/0/21]port default vlan 2
Same for sw4
(2) Change all physical links between the access layer and the convergence layer to Trunk mode
[sw3-Ethernet0/0/1]interface Ethernet0/0/1
[sw3-Ethernet0/0/1] port link-type trunk
[sw3-Ethernet0/0/1] port trunk allow-pass vlan 2 to 4094
The rest of the physical links are the same
[2] Configure convergence layer equipment
(1) Create vlan2 on the convergence layer equipment
(2) Use Ethernet relay technology between sw1 and sw2
[sw1]interface Eth-Trunk 0
[sw1-GigabitEthernet0/0/1]eth-trunk 0
[sw1-GigabitEthernet0/0/2]eth-trunk 0
Same for sw2
[sw2]interface Eth-Trunk 0
[sw2-GigabitEthernet0/0/1]eth-trunk 0
[sw2-GigabitEthernet0/0/2]eth-trunk 0
(3) Except the physical link connecting the convergence layer and the core layer, all other physical links are changed to Trunk mode (only the Ethernet trunk is changed to Trunk mode, and the rest refer to the access layer configuration)
[sw2-Eth-Trunk0]port link-type trunk
[sw2-Eth-Trunk0]port trunk allow-pass vlan all
(4) Spanning Tree Protocol—In order to place the root bridge at the convergence layer, manual intervention is required, and sw1 and sw2 are mutual backups
Because MSTP is a group-based spanning tree, group 0 exists by default, and all interfaces belong to this group by default, so it needs to be grouped first, and vlan 1 and vlan 2 are in two different groups.
[sw1]stp enable
[sw1]stp region-configuration
[sw1-mst-region]region-name 1
[sw1-mst-region]region-name 2
[sw1-mst-region]instance 1 vlan 1 vlan 1 放在组1
[sw1-mst-region]instance 2 vlan 2 vlan 2 放在组2
[sw1-mst-region]active region-configuration 激活该配置
Define sw1 as the primary root of group 1, and the backup root of group 2
[sw1]stp instance 1 root primary
[sw1]stp instance 2 root secondary
sw2 performs the opposite operation
[sw2]stp instance 1 root secondary
[sw2]stp instance 2 root primary
[3] Gateway redundancy-VRRP
ensp does not support the configuration of ip address on the physical interface of the three-layer switch, so it is necessary to use SVI to replace the physical interface
(1) Create an SVI interface as a routing interface
[sw1]int v1
[sw1-Vlanif1]ip address 172.16.3.1 255.255.255.0
[sw1-Vlanif1]int v2
[sw1-Vlanif2ip address 172.16.4.1 255.255.255.0
[sw2]interface Vlanif 1
[sw2-Vlanif1]ip address 172.16.3.2 255.255.255.0
[sw2]interface Vlanif 2
[sw2-Vlanif2]ip address 172.16.4.2 255.255.255.0
SVI 1 manages vlan 1, SVI 2 manages vlan 2
(2) Create virtual ip
[sw1-Vlanif1] vrrp vrid 1 virtual-ip 172.16.3.254
[sw1-Vlanif1] vrrp vrid 1 priority 120
[sw1-Vlanif1] vrrp vrid 1 track interface Ethernet0/0/1 reduced 30
[sw1-Vlanif2] vrrp vrid 1 virtual-ip 172.16.4.254
sw2 reverse operation
[sw2-Vlanif1] vrrp vrid 1 virtual-ip 172.16.3.254
[sw2-Vlanif2] vrrp vrid 1 virtual-ip 172.16.4.254
[sw2-Vlanif2] vrrp vrid 1 priority 120
[sw2-Vlanif2]vrrp vrid 1 track interface Ethernet0/0/3 reduced 30
(3) PC obtains ip through DHCP
[4] Core layer configuration
r1 routing table
To access the external network, NAT address translation must be performed on the border router
[5] Realize the communication between the convergence layer and the core layer
(1) The three-layer switch in the simulator does not support physical interface configuration ip, so another SVI should be created on the convergence layer to communicate with the core layer
[sw1]vlan 10
[sw1-Vlanif2]int v10
[sw1-Vlanif2ip address 172.16.1.2 255.255.255.0
[sw1-Ethernet0/0/1]port link-type access
[sw1-Ethernet0/0/1]port default vlan 10
The same is true for sw2
(2) In order to access other network segments, a default route is configured on the aggregation switch
[6] Verification
Let PC1 keep pinging the external network, shut down the aggregation layer sw1 in the middle, and the network returns to normal after several packet losses
