Tip: After the article is written, the table of contents can be automatically generated. How to generate it can refer to the help document on the right
learning target:
1. Master the usage of MSTP
2. Master the usage of VRRP
3. Master the Eth-Trunk link usage environment
Configuration purpose:
1. The main link traffic of PC1 goes through the left switch LW_3. When the left link fails, it can go through the backup link LW_4. Link aggregation between LW3 and LW4 prevents the system from being unable to access the lower link when the upper link fails. . Increased network redundancy.
2. The traffic on the main link of PC2 goes through the right LW_4. When the right link fails, it can go through the backup link LW_3.
3. The internal network uses the ospf protocol, which can quickly converge when a fault occurs. The route connected to the external network uses the interface address NAT to access the external network.
Topology:
The configuration is as follows:
MSTP configuration:
LW2 mstp配置:
sy
sys LW2
vlan batch 10 20
stp enable #启用stp
stp mode mstp #stp定义为mstp
stp region-configuration #进入MSTP配置视图
region-name STP_1 #配置mstp域名
instance 1 vlan 10 #配置生成树实例和VLAN的映射关系
instance 2 vlan 20
active region-configuration #激活MST域的配置
int g0/0/3
port link-type trunk
port trunk allow-pass vlan all
int g0/0/4
port link-type trunk
port trunk allow-pass vlan all
int g0/0/1
port link-type access
port default vlan 10
stp edged-port enable #配置改接口为边缘接口,一般连接终端设备
int g0/0/2
port link-type access
port default vlan 20
stp edged-port enable
LW3 mstp配置:
sy
sys LW3
vlan batch 10 20 100
stp enable
stp mode mstp
stp region-configuration
region-name STP_1
instance 1 vlan 10
instance 2 vlan 20
active region-configuration
int g0/0/1
port link-type trunk
port trunk allow-pass vlan all
int g0/0/6
port link-type access
port default vlan 100
stp instance 1 root primary #配置当前设备为生成树实例1的根桥设备
stp instance 2 root secondary #配置当前设备为生成树实例2的备份根桥设备
LW4 mstp配置:
sy
sys LW4
vlan batch 10 20 101
stp enable
stp mode mstp
stp region-configuration
region-name STP_1
instance 1 vlan 10
instance 2 vlan 20
active region-configuration
int g0/0/1
port link-type trunk
port trunk allow-pass vlan all
int g0/0/6
port link-type access
port default vlan 101
stp instance 1 root secondary
stp instance 2 root primary
Eth-Trunk configuration:
LW3 Eth-Trunk口配置(LW3为主动端):
lacp priority 16384 # 配置LACP优先级,优先级值越小,则优先级越高,缺省情况下,系统LACP优先级的
值为32768。
interface eth-trunk 1 #进入Eth-Trunk接口视图
mode lacp-static # 配置Eth-Trunk工作模式为LACP模式
load-balance src-dst-mac # 负载分担选用源-目的-mac地址模式
lacp preempt enable # 使能当前Eth-Trunk接口的LACP抢占功能
max active-linknumber 3 # 配置活动接口数上限为3,实际连接4口,其中一端口作为冗余端口
lacp preempt delay 10 # 配置当前Eth-Trunk接口的LACP抢占等待时间为10s
port link-type tr
port trunk allow-pass vlan all
trunkport g0/0/2 to 0/0/5 # 批量添加端口
LW4 Eth-Trunk口配置:
int eth-trunk 1 #进入Eth-Trunk接口视图(注意:两台连接的聚合链路接口编号必须一致)
mode lacp-static #配置模式
port link-type trunk
port trunk allow-pass vlan all
trunkport g0/0/2 to 0/0/5
由于LW3为主动端,所以LW4为被动端,无需做端口的负载模式及抢占冗余的配置。VRRP configuration:
LW3配置VRRP组:
interface vlan 10 # 进入vlanif视图
ip address 192.168.10.2 24 # 配置vlanif10虚拟地址
vrrp vrid 1 virtual-ip 192.168.10.254 # 配置vrid 1 中的虚拟网关地址
vrrp vrid 1 priority 120 # 配置该接口在vrid 1 中的优先级,缺省为100(数值越大越优先)
vrrp vrid 1 preempt-mode time delay 10 # 配置设备的抢占时延为10秒
vrrp vrid 1 track interface g0/0/6 reduced 5 # 跟踪上行接口g0/0/6的状态,如果端口出现故障,则VRRP的优先级降低5
int vlan 20
ip address 192.168.20.2 24 # 配置vlanif20虚拟地址
vrrp vrid 2 virtual-ip 192.168.20.254 # 配置vrid 2中的虚拟网关之地
int vlan 100
ip address 192.168.100.2 24 # 配置连接路由设备虚拟地址
LW4配置VRRP组:
interface vlan 20
ip address 192.168.20.3 24
vrrp vrid 2 virtual-ip 192.168.20.254
vrrp vrid 2 priority 120
vrrp vrid 1 preempt-mode time delay 10
vrrp vrid 2 track interface g0/0/6 reduced 5 # 跟踪上行接口g0/0/6的状态,如果端口出现故障,则VRRP的优先级降低5
int vlan 10
ip address 192.168.10.3 24
vrrp vrid 1 virtual-ip 192.168.10.254
int vlan 101
ip address 192.168.101.2 24 # 配置连接路由的虚拟地址
Intranet OSPF configuration and NAT configuration:
路由器ospf配置:
sy
sys route1
int g0/0/1
ip add 192.168.100.1 24 # 配置与LW3接口地址
int g0/0/2
ip add 192.168.101.1 24 # 配置与LW4接口地址
int g0/0/0
ip add 10.1.1.2 24 # 配置与外网ISP接口地址(本场地使用虚拟网卡作为外网地址)
ospf router-id 1.1.1.1 #配置OSPF的标识ID(唯一)
area 0 # 进入区域0(骨干区域)
network 192.168.100.1 0.0.0.0 # 宣告ospf接口地址(精准宣告)
network 192.168.101.1 0.0.0.0 # 宣告ospf接口地址
acl 2000 # 基本访问控制列表
rule permit source 192.168.10.0 0.0.0.255 # 允许该范围地址通过
rule permit source 192.168.20.0 0.0.0.255 # 允许该范围地址通过
int g0/0/0
nat outbound 2000 #将ACL 2000匹配的流量转换成该接口的IP地址作为源地址
LW3 ospf配置:
ospf router-id 2.2.2.2
area 0
network 192.168.100.2 0.0.0.0
network 192.168.10.2 0.0.0.0
network 192.168.20.2 0.0.0.0
LW4 ospf配置:
ospf router-id 3.3.3.3
area 0
network 192.168.101.2 0.0.0.0
network 192.168.10.3 0.0.0.0
network 192.168.20.3 0.0.0.0、
OSPF中router-id是唯一的标识,不能配置成相同ID,不然就无法建立邻居关系,无法进行宣告。
Test configuration effect:
Summarize
To sum up, both PC1 and PC2 realize load sharing and equipment redundancy, which increases equipment redundancy and increases bandwidth. Improve the security of the transmission between traffic