昆明学院校园网方案设计VRRP+MSTP的配置图
VRRP(负载-备份)-mstp-dhcp-ospf-md5验证-链路聚合
VRRP(负载+备份)+mstp+dhcp+ospf-md5验证+链路聚合实验配置全过程(作者:yuxi-xusiyou)实验拓扑图:配置过程:【RA:router ospf 1network 192.168.40.0 0.0.0.3 area 0network 192.168.40.8 0.0.0.3 area 0 OSPF的MD5验证:interface FastEthernet0/0ip address 192.168.40.2 255.255.255.252 ip ospf authentication message-digest ip ospf message-digest-key 1 md5 ccit 具体的VRRP配置:vrrp 1 ip 192.168.40.2interface FastEthernet0/1ip address 192.168.40.9 255.255.255.252 ip ospf authentication message-digest ip ospf message-digest-key 1 md5 ccit 具体的VRRP配置:vrrp 2 ip 192.168.40.13】【RB:router ospf 1network 192.168.40.4 0.0.0.3 area 0network 192.168.40.12 0.0.0.3 area 0 OSPF的MD5验证:interface FastEthernet0/0ip address 192.168.40.6 255.255.255.252 ip ospf authentication message-digest ip ospf message-digest-key 1 md5 ccit 具体的VRRP配置:vrrp 1 ip 192.168.40.2OSPF的MD5验证:interface FastEthernet0/1ip address 192.168.40.13 255.255.255.252 ip ospf authentication message-digestip ospf message-digest-key 1 md5 ccit具体的VRRP配置:vrrp 2 ip 192.168.40.13】【SA:ip routing (启用三层交换功能)router ospf 1network 192.168.10.0 0.0.0.255 area 0network 192.168.20.0 0.0.0.255 area 0network 192.168.30.0 0.0.0.255 area 0network 192.168.40.0 0.0.0.3 area 0network 192.168.40.4 0.0.0.3 area 0OSPF的md5验证:interface GigabitEthernet0/22no switchportip address 192.168.40.1 255.255.255.252 ip ospf authentication message-digestip ospf message-digest-key 1 md5 ccitinterface GigabitEthernet0/24no switchportip address 192.168.40.5 255.255.255.252 ip ospf authentication message-digestip ospf message-digest-key 1 md5 ccit配置VRRP实现冗余备份:interface Vlan10ip address 192.168.10.254 255.255.255.0 standby 1 ip 192.168.10.251interface Vlan20ip address 192.168.20.254 255.255.255.0 standby 1 ip 192.168.20.251interface Vlan30ip address 192.168.30.254 255.255.255.0 standby 1 ip 192.168.30.251【若要实现负载分担的同时,实现备份,则:Standby 1 ip 192.168.11.251 priorty 10 Standby 2 ip 192.168.20.251 priorty 100Standby 3 ip 192.168.30.251 】链路聚合:创建聚合:1,并封装为trunk端口类型:interface Port-channel1switchport trunk encapsulation dot1qswitchport mode trunk(注:几乎所有的三层交换机在封装trunk类型端口是都须添加switchport trunk encapsulation dot1q 命令)进入接口模式,封装trunk端口,并加入聚合组1:interface GigabitEthernet0/20switchport trunk encapsulation dot1qswitchport mode trunkspeed 100duplex fullchannel-group 1 mode oninterface GigabitEthernet0/21switchport trunk encapsulation dot1qswitchport mode trunkspeed 100duplex fullchannel-group 1 mode on(注:添加局和端口时必须要设定speed 100 最大速度,duplex full 全双工模式)设置f0/23为trunk端口类型:interface GigabitEthernet0/23switchport trunk encapsulation dot1qswitchport mode trunk在交换机上启用dhcp服务,使得SwitchA为vlan 10提供动态ip 地址:service dhcpip dhcp excluded-address 192.168.10.250 192.168.10.254ip dhcp pool vlan10network 192.168.10.0 255.255.255.0default-router 192.168.10.251配置实例10、20,并分别添加vlan 10和vlan 20;实现负载分担和备份功能,使得vlan10的数据以SA为主路线。
mstp与vrrp配置举例
Z 端 20.0.1.10/24Z 交换机A 交换机Vlan 2:20.0.1.1/24Vlan 3:30.0.1.1/24Vlan 4:40.0.1.1/24Vlan 5:50.0.1.1/24Vlan 3:30.0.1.3/24Vlan 4:40.0.1.3/24Vlan 5:50.0.1.3/24Mstp 元素:Name:wushan Revision:2Instance 1:vlan3,5Instance 2:vlan2,4Vlan 3,5主用路由Vlan 2,4备用路由Vlan 2:20.0.1.2/24Vlan 3:30.0.1.2/24Vlan 4:40.0.1.2/24Vlan 5:50.0.1.2/24Vlan 2,4主用路由Vlan 3,5备用路由注:mstp 同一区域中,不同交换机mstp 的3大属性(名称、修订号、instance 与vlan 的映射关系)必须完全相同。
Switch A:(config)#int range g0/23-24(config-range-if)#switchport trunk encapusulation dot1q (config-range-if)#switchport allow vlan 1-6 (config-range-if)#switchport mode trunk(config)#int g0/20(config-if)#switchport trunk encapusulation dot1q (config)#switchport allow vlan 1-6 (config-if)#switchport mode trunk(config)#int g0/11(config-if)#switchport mode access (config-if)#switchport access vlan 2(config)#spanning tree mode mst(config-mst)#spanning-tree mst configuration (config-mst)#name wushan (config-mst)#revision 2(config-mst)#instance 1 vlan 3,5(config-mst)#instance 2 vlan 2,4(config)#spanning-tree mst 1 root primary#show spanning-tree mst#show spanning-tree mst 1#show spanning-tree mst 1 detail#show spanning-tree mst int g0/23路由(config)# ip routing(config)# router ospf 1(config-router)#network 10.0.1.0 0.0.0.255 area 0(config-router)# network 20.0.1.0 0.0.0.255 area 0(config-router)#network 30.0.1.0 0.0.0.255 area 0(config-router)#network 40.0.1.0 0.0.0.255 area 0(config-router)#network 50.0.1.0 0.0.0.255 area 0//(config-router)#network 60.0.1.0 0.0.0.255 area 0#show ip ospf interface#show ip ospf database#show ip ospf neighborVrrp配置(config)#int vlan 2(config-if)#vrrp 2 ip 20.0.1.50(config-if)#vrrp 1 priority 90(config-if)#vrrp 1 timer learn(config-if)#end注: 一个vrrp组只有一个主用路由,一个或多个备用路由Vrrp group-number ip x.x.x.x x.x.x.x可以使虚拟的,也可以跟路由器的物理地址。
昆明学院校园网设计参考方案
摘要随着技术和市场的逐渐成熟,网络正以无处不在、无时不在的网络连接方式,改变者人们对“网络”和“信息化”的传统看法。
信息化技术在教育领域的推广和应用日新月异,学校信息化建设已成为未来学校教育发展战略的制高点。
校园网络的建设是学校向信息化建设的必然选择,校园网络系统不仅为现代化教学、综合信息管理和办公自动化等一系列应用提供基本操作平台,而且能提供多种应用服务使信息能及时、准确地传播送给各个系统。
通过校园网的设计与建设,实现真正意义上的宽带多媒体网络,为师生提供教学、科研和综合信息服务。
关键词:校园网; 网络; 信息化; 综合布线前言随着计算机及网络技术的不断发展,互联网技术的普及使我们迎来一个全新的互联网时代。
网络技术已经成为现代信息技术的主流,人们对网络的认识也随着网络应用的逐渐普及而迅速改变。
在不久的将来,网络必将成为和电话一样通用的工具,成为人们生活、工作、学习中必不可少的一部分。
我国校园网的建设正在逐步升温,数字化校园建设的步伐也不断加快,许多地区和学校都把建设校园网视为学校办学条件现代化的标志。
信息高速公路的建设与计算机网络技术的飞速发展,为改革教育活动形式,提高教育决策的科学性和增加教育的宏观调控能力提供了重要的手段。
学校建立一个高效智能、协同办公与教学自动化的计算机校园网,是培养面向21世纪建设人才的迫切需要。
校园网是指校园内计算机及附属设备互联运行的网络,是由计算机、网络设备和网络软件构成的为学校教育、科研、管理、办公和交流等活动服务的大型集成应用系统,并能接入因特网(Internet)实现与国内国际网站进行信息交流、资源共享。
校园网建设是教育信息化建设的重要组成部分,是全面实现素质教育的重要手段,是实现教育现代化的重要标志,校园网是学校信息基础设施。
校园网的规模、网络性能、应用水平和普及程度已成为衡量一所院校办学水平高低的重要标志之一。
校园网是高等学校基础设施建设的重要组成部分,是提高学校管理水平、人员素质和办学质量的重要手段。
双核心(MSTP+VRRP)的拓扑实现和配置实例
双核心(MSTP+VRRP)的拓扑实现和配置实例1 配置VRRP在实验拓扑图中,由于有多条链路产生环路,所以我们在实验初始时一定要将某些端口堵塞(初始化时已将RG-S35B的f0/1-4四个端口堵塞,在配置完毕进行测试时才可以打开).否则产生环路后,会发现设备的cpu利用率会达到100%(使用命令show cpu查看)。
RG-S35A(config)#interface vlan 10RG-S35A(config-if)#ip address 192.168.10.254 255.255.255.0 !配置VLAN10的IP 地址RG-S35A(config-if)#standby 1 ip 192.168.10.250 !配置虚拟IPRG-S35A(config-if)#standby 1 preempt!设为抢占模式RG-S35A(config-if)#standby 1 priority 254 !VLAN10的standby优先级设为254RG-S35A(config-if)#exitRG-S35A(config)#interface vlan 20 !VLAN20的standby不设优先级,默认为100RG-S35A(config-if)#ip address 192.168.20.253 255.255.255.0 !配置VLAN20的IP 地址RG-S35A(config-if)#standby 2 ip 192.168.20.250 !配置虚拟IPRG-S35A(config-if)#standby 2 preempt !设为抢占模式RG-S35A(config-if)#exitRG-S35A(config)#interface vlan 30RG-S35A(config-if)#ip address 192.168.30.254 255.255.255.0 !配置VLAN30的IP 地址RG-S35A(config-if)#standby 3 ip 192.168.30.250 !配置虚拟IPRG-S35A(config-if)#standby 3 preempt !设为抢占模式RG-S35A(config-if)#standby 3 priority 254 !VLAN30的standby优先级设为254RG-S35A(config-if)#exitRG-S35A(config)#interface vlan 40 !VLAN20的standby不设优先级,默认为100RG-S35A(config-if)#ip address 192.168.40.253 255.255.255.0 !配置VLAN40的IP 地址RG-S35A(config-if)#standby 4 ip 192.168.40.250 !配置虚拟IPRG-S35A(config-if)#stand 4 preempt !设为抢占模式RG-S35A(config-if)#exitRG-S35A(config)#exitRG-S35B把vlan20 40 设置为standby 2、4 priority 2542 配置RG-S35A与RG-S35B的端口聚合理论上,35A和35B的f0/3和f0/4端口不需要设置为trunk口,但是我们习惯上都设为trunk(已在前面做好了配置)。
MSTP+VRRP实验指导书
实验1 MSTP+VRRP实验指导1.1 实验内容与目标完成本实验,您应该能够:●掌握MSTP的最佳配置方法;●掌握VRRP与MSTP配合时的要点。
1.2 实验组网图图1-1实验组网实验组网如图1-1所示。
核心交换机CS为S9500E或者S12500,接入交换机SW为S5800,接入PC的网关设置在核心上,启用MSTP+VRRP,使得S5800的两上行端口流量能分担。
1.3 背景需求此实验环境是服务器接入的最经典的场景。
1.4 实验设备和器材本实验所需之主要设备器材如表1-1所示。
表1-1实验设备和器材1.5 实验过程实验任务一:MSTP+VRRP实验步骤一:MSTP相关配置1、创建VLAN11-50;2、配置奇数VLAN对应实例的主根为CS-1,备根为CS-2;配置偶数VLAN对应实例的主根为CS-2;备根为CS-1;3、SW-1和SW-2连接PC端口配置边缘端口和bpdu保护功能。
请给出满足要求的最终的配置,并收集各设备的STP状态。
步骤二:VRRP相关配置1、创建两个VRRP组;组1对应VLAN11,组2对应VLAN12;2、配置VRRP组中设备的主备角色与步骤一中MSTP主备根一致(配置两个VLAN即可)2、配置VRRP 监控上行链路;3、配置BFD for VRRP实现主备快速切换;4、在Master设备上配置抢占延时。
请给出满足要求的最终配置。
实验1 MSTP+VRRP实验指导 .................................................................................................................. - 1 -1.1实验内容与目标 (1)1.2实验组网图 (1)1.3背景需求 (1)1.4实验设备和器材 (2)1.5实验过程 (2)实验任务一:MSTP+VRRP实验..................................................................................................... - 2 -步骤一:MSTP相关配置 ............................................................................................................................ - 2 -步骤二:VRRP相关配置............................................................................................................................. - 2 -。
锐捷MSTP+VRRP配置实例
交换机vrrp+mstp配置实例锐捷tac贾文宇一、组网需求1、switch a 、switch b选用两台锐捷的s5750 ;switch c 、shwich d 选用锐捷的s3750和s37602、全网共有两个业务vlan ,为vlan 10 、vlan 203、Switch a 、switch b 都分别对两vlan起用两vrrp组,实现两组的业务的负载分担和备份。
4、Switch a、switch b、switch c、switch d 都起用mstp多生成数协议,并且所有设备都属于同一个mst域,且实例映射一致(vlan 10映射实例1、vlan 20映射实例2 其他vlan映射默认实例0)。
5、Vlan 10业务以switch a为根桥;vlan 20业务以switch b为根桥;实现阻断网络环路,并能实现不同vlan数据流负载分担功能。
二、组网图三、配置步骤Switch a配置:s1#show runBuilding configuration...Current configuration : 1651 bytes!version RGNOS 10.2.00(2), Release(29287)(Tue Dec 25 20:39:14 CST 2007 -ngcf49) hostname s1co-operate enable!!!vlan 1!vlan 10!vlan 20!!no service password-encryption!spanning-tree 开启生成树(默认为mstp)spanning-tree mst configuration 进入mst配置模式revision 1 指定MST revision number 为1name region1 指定mst配置名称instance 0 vlan 1-9, 11-19, 21-4094 缺省情况下vlan都属于实例0instance 1 vlan 10 手工指定vlan10属于实例1instance 2 vlan 20 手工指定vlan20属于实例2spanning-tree mst 1 priority 0 指定实例1的优先级为0(为根桥)spanning-tree mst 2 priority 4096 指定实例2的优先级为4096interface GigabitEthernet 0/1switchport access vlan 10 配置g0/1属于vlan10!interface GigabitEthernet 0/2switchport access vlan 20 配置g0/2属于vlan 20!interface GigabitEthernet 0/3!..interface GigabitEthernet 0/24 设置g0/24为trunk接口且允许vlan10/20通过switchport mode trunkinterface VLAN 10 创建vlan 10 svi接口ip address 192.168.10.1 255.255.255.0 配置ip地址vrrp 1 priority 120 配置vrrp组1 优先级为120vrrp 1 ip 192.168.10.254 配置vrrp组1虚拟ip地址为192.168.10.254!interface VLAN 20 创建vlan 20 svi接口ip address 192.168.20.1 255.255.255.0 配置ip地址vrrp 2 ip 192.168.20.254 配置vrrp组2虚拟ip地址为192.168.20.254默认vrrp组的优先级为100默认不显示!line con 0line vty 0 4logins1#show vlanVLAN Name Status Ports---- -------------------------------- --------- ----------------------------------1 VLAN0001 STATIC Gi0/3, Gi0/4, Gi0/5, Gi0/6Gi0/7, Gi0/8, Gi0/9, Gi0/10Gi0/11, Gi0/12, Gi0/13, Gi0/14Gi0/15, Gi0/16, Gi0/17, Gi0/18Gi0/19, Gi0/20, Gi0/21, Gi0/22Gi0/23, Gi0/2410 VLAN0010 STATIC Gi0/1, Gi0/2420 VLAN0020 STATIC Gi0/2, Gi0/24Switch b配置:s2#show runBuilding configuration...Current configuration : 1607 bytes!version RGNOS 10.2.00(2), Release(27932)(Thu Dec 13 10:32:09 CST 2007 -ngcf31)hostname s2!!!vlan 1!vlan 10!vlan 20!!no service password-encryption!spanning-treespanning-tree mst configurationrevision 1name region1instance 0 vlan 1-9, 11-19, 21-4094instance 1 vlan 10instance 2 vlan 20spanning-tree mst 1 priority 4096spanning-tree mst 2 priority 0interface GigabitEthernet 0/1switchport access vlan 10!interface GigabitEthernet 0/2switchport access vlan 20!..interface GigabitEthernet 0/24switchport mode trunk!interface VLAN 10ip address 192.168.10.2 255.255.255.0vrrp 1 ip 192.168.10.254!interface VLAN 20ip address 192.168.20.2 255.255.255.0vrrp 2 priority 120vrrp 2 ip 192.168.20.254!line con 0line vty 0 4login!!ends2#show vlanVLAN Name Status Ports---- -------------------------------- --------- -----------------------------------1 VLAN0001 STATIC Gi0/3, Gi0/4, Gi0/5, Gi0/6Gi0/7, Gi0/8, Gi0/9, Gi0/10Gi0/11, Gi0/12, Gi0/13, Gi0/14Gi0/15, Gi0/16, Gi0/17, Gi0/18Gi0/19, Gi0/20, Gi0/21, Gi0/22Gi0/23, Gi0/2410 VLAN0010 STATIC Gi0/1, Gi0/2420 VLAN0020 STATIC Gi0/2, Gi0/24Switch c配置:s3#show runBuilding configuration...Current configuration : 1540 bytes!version RGNOS 10.2.00(2), Release(28794)(Fri Dec 21 09:27:15 CST 2007 -ngcf32) hostname s3!vlan 1!vlan 10!!service password-encryption!spanning-treespanning-tree mst configurationrevision 1name region1instance 0 vlan 1-9, 11-19, 21-4094instance 1 vlan 10instance 2 vlan 20spanning-tree mst 1 priority 0spanning-tree mst 2 priority 4096interface FastEthernet 0/1switchport access vlan 10!interface FastEthernet 0/2switchport access vlan 10!..interface GigabitEthernet 0/25!interface GigabitEthernet 0/26!interface GigabitEthernet 0/27!interface GigabitEthernet 0/28!interface VLAN 10ip address 192.168.10.3 255.255.255.0!ip route 0.0.0.0 0.0.0.0 192.168.10.254!!line con 0line vty 0 4loginSwitch d配置:s4#show runBuilding configuration...Current configuration : 1066 bytes!version RGNOS 10.2.00(2), Release(27932)(Thu Dec 13 10:31:41 CST 2007 -ngcf32)hostname s4!vlan 1!vlan 20!!no service password-encryption!spanning-treespanning-tree mst configurationrevision 1name region1instance 0 vlan 1-9, 11-19, 21-4094instance 1 vlan 10instance 2 vlan 20spanning-tree mst 1 priority 4096spanning-tree mst 2 priority 0interface GigabitEthernet 0/1switchport access vlan 20!interface GigabitEthernet 0/2switchport access vlan 20!..interface GigabitEthernet 0/12!interface VLAN 20ip address 192.168.20.3 255.255.255.0!!!!ip route 0.0.0.0 0.0.0.0 192.168.20.254!!line con 0line vty 0 4login!四、查看vrrp、mstp信息Switch a 信息:s1#show vrrp 查看vrrp 信息VLAN 10 - Group 1State is MasterVirtual IP address is 192.168.10.254 configured Virtual MAC address is 0000.5e00.0101 Advertisement interval is 1 secPreemption is enabledmin delay is 0 secPriority is 120Master Router is 192.168.10.1 (local), priority is 120 Master Advertisement interval is 1 secMaster Down interval is 3 secVLAN 20 - Group 2State is BackupVirtual IP address is 192.168.20.254 configured Virtual MAC address is 0000.5e00.0102 Advertisement interval is 1 secPreemption is enabledmin delay is 0 secPriority is 100Master Router is 192.168.20.2 , priority is 120 Master Advertisement interval is 1 secMaster Down interval is 3 secs1#s1#s1#s1#show spanning-tree interface gigabitEthernet 0/1 查看g0/1接口stp状态信息PortAdminPortFast : DisabledPortOperPortFast : DisabledPortAdminAutoEdge : EnabledPortOperAutoEdge : DisabledPortAdminLinkType : autoPortOperLinkType : point-to-pointPortBPDUGuard : DisabledPortBPDUFilter : Disabled###### MST 0 vlans mapped :1-9, 11-19, 21-4094PortState : forwardingPortPriority : 128PortDesignatedRoot : 8000.001a.a909.8fe0PortDesignatedCost : 0PortDesignatedBridge :8000.00d0.f836.ed70PortDesignatedPort : 8001PortForwardTransitions : 6PortAdminPathCost : 200000PortOperPathCost : 200000PortRole : designatedPort###### MST 1 vlans mapped :10PortState : forwardingPortPriority : 128PortDesignatedRoot : 0001.00d0.f823.ef82PortDesignatedCost : 0PortDesignatedBridge :0001.00d0.f823.ef82PortDesignatedPort : 8001PortForwardTransitions : 5PortAdminPathCost : 200000PortOperPathCost : 200000PortRole : rootPort###### MST 2 vlans mapped :20PortState : forwardingPortPriority : 128PortDesignatedRoot : 0002.001a.a909.8fe0PortDesignatedCost : 0PortDesignatedBridge :1002.00d0.f836.ed70PortDesignatedPort : 8001PortForwardTransitions : 4PortAdminPathCost : 200000PortOperPathCost : 200000PortRole : designatedPorts1#s1#s1#show spanning-tree interface gigabitEthernet 0/2 查看g0/2接口stp状态信息PortAdminPortFast : DisabledPortOperPortFast : DisabledPortAdminAutoEdge : EnabledPortOperAutoEdge : DisabledPortAdminLinkType : autoPortOperLinkType : point-to-pointPortBPDUGuard : DisabledPortBPDUFilter : Disabled###### MST 0 vlans mapped :1-9, 11-19, 21-4094PortState : forwardingPortPriority : 128PortDesignatedRoot : 8000.001a.a909.8fe0PortDesignatedCost : 0PortDesignatedBridge :8000.00d0.f836.ed70PortDesignatedPort : 8002PortForwardTransitions : 5PortAdminPathCost : 20000PortOperPathCost : 20000PortRole : designatedPort###### MST 1 vlans mapped :10PortState : forwardingPortPriority : 128PortDesignatedRoot : 0001.00d0.f823.ef82PortDesignatedCost : 0PortDesignatedBridge :0001.00d0.f836.ed70PortDesignatedPort : 8002PortForwardTransitions : 4PortAdminPathCost : 20000PortOperPathCost : 20000PortRole : designatedPort###### MST 2 vlans mapped :20PortState : discardingPortPriority : 128PortDesignatedRoot : 0002.001a.a909.8fe0PortDesignatedCost : 0PortDesignatedBridge :0002.00d0.f8d7.ae12PortDesignatedPort : 8002PortForwardTransitions : 3PortAdminPathCost : 20000PortOperPathCost : 20000PortRole : alternatePorts1#s1#s1#show spanning-tree interface gigabitEthernet 0/24 g0/24接口stp状态信息PortAdminPortFast : DisabledPortOperPortFast : DisabledPortAdminAutoEdge : EnabledPortOperAutoEdge : DisabledPortAdminLinkType : autoPortOperLinkType : point-to-pointPortBPDUGuard : DisabledPortBPDUFilter : Disabled###### MST 0 vlans mapped :1-9, 11-19, 21-4094PortState : forwardingPortPriority : 128PortDesignatedRoot : 8000.001a.a909.8fe0PortDesignatedCost : 0PortDesignatedBridge :8000.001a.a909.8fe0PortDesignatedPort : 8018PortForwardTransitions : 5PortAdminPathCost : 20000PortOperPathCost : 20000PortRole : rootPort###### MST 1 vlans mapped :10PortState : forwardingPortPriority : 128PortDesignatedRoot : 0001.00d0.f823.ef82PortDesignatedCost : 0PortDesignatedBridge :0001.00d0.f836.ed70PortDesignatedPort : 8018PortForwardTransitions : 5PortAdminPathCost : 20000PortOperPathCost : 20000PortRole : designatedPort###### MST 2 vlans mapped :20PortState : forwardingPortPriority : 128PortDesignatedRoot : 0002.001a.a909.8fe0 PortDesignatedCost : 0PortDesignatedBridge :0002.001a.a909.8fe0 PortDesignatedPort : 8018 PortForwardTransitions : 4PortAdminPathCost : 20000PortOperPathCost : 20000PortRole : rootPorts1#Switch b 信息:s2#show vrrpVLAN 10 - Group 1State is BackupVirtual IP address is 192.168.10.254 configured Virtual MAC address is 0000.5e00.0101 Advertisement interval is 1 secPreemption is enabledmin delay is 0 secPriority is 100Master Router is 192.168.10.1 , priority is 120 Master Advertisement interval is 1 secMaster Down interval is 3 secVLAN 20 - Group 2State is MasterVirtual IP address is 192.168.20.254 configured Virtual MAC address is 0000.5e00.0102 Advertisement interval is 1 secPreemption is enabledmin delay is 0 secPriority is 120Master Router is 192.168.20.2 (local), priority is 120 Master Advertisement interval is 1 secMaster Down interval is 3 secs2#s2#s2#s2#s2#s2#s2#show spanning-tree interface gigabitEthernet 0/1 PortAdminPortFast : Disabled PortOperPortFast : Disabled PortAdminAutoEdge : Enabled PortOperAutoEdge : Disabled PortAdminLinkType : autoPortOperLinkType : point-to-point PortBPDUGuard : DisabledPortBPDUFilter : Disabled###### MST 0 vlans mapped :1-9, 11-19, 21-4094 PortState : forwardingPortPriority : 128PortDesignatedRoot : 8000.001a.a909.8fe0 PortDesignatedCost : 0 PortDesignatedBridge :8000.001a.a909.8fe0 PortDesignatedPort : 8001 PortForwardTransitions : 1 PortAdminPathCost : 200000 PortOperPathCost : 200000PortRole : designatedPort###### MST 1 vlans mapped :10PortState : forwardingPortPriority : 128PortDesignatedRoot : 0001.00d0.f823.ef82 PortDesignatedCost : 0 PortDesignatedBridge :0001.00d0.f823.ef82 PortDesignatedPort : 8002 PortForwardTransitions : 2 PortAdminPathCost : 200000 PortOperPathCost : 200000PortRole : rootPort###### MST 2 vlans mapped :20PortState : forwardingPortPriority : 128PortDesignatedRoot : 0002.001a.a909.8fe0 PortDesignatedCost : 0PortDesignatedBridge :0002.001a.a909.8fe0 PortDesignatedPort : 8001 PortForwardTransitions : 1 PortAdminPathCost : 200000 PortOperPathCost : 200000PortRole : designatedPorts2#s2#s2#s2#show spanning-tree interface gigabitEthernet 0/2 PortAdminPortFast : Disabled PortOperPortFast : Disabled PortAdminAutoEdge : Enabled PortOperAutoEdge : Disabled PortAdminLinkType : autoPortOperLinkType : point-to-point PortBPDUGuard : DisabledPortBPDUFilter : Disabled###### MST 0 vlans mapped :1-9, 11-19, 21-4094 PortState : forwardingPortPriority : 128PortDesignatedRoot : 8000.001a.a909.8fe0 PortDesignatedCost : 0 PortDesignatedBridge :8000.001a.a909.8fe0 PortDesignatedPort : 8002 PortForwardTransitions : 1 PortAdminPathCost : 20000 PortOperPathCost : 20000PortRole : designatedPort###### MST 1 vlans mapped :10PortState : forwardingPortPriority : 128PortDesignatedRoot : 0001.00d0.f823.ef82 PortDesignatedCost : 0 PortDesignatedBridge :1001.001a.a909.8fe0 PortDesignatedPort : 8002 PortForwardTransitions : 2 PortAdminPathCost : 20000 PortOperPathCost : 20000PortRole : designatedPort###### MST 2 vlans mapped :20PortState : forwardingPortPriority : 128PortDesignatedRoot : 0002.001a.a909.8fe0 PortDesignatedCost : 0PortDesignatedBridge :0002.001a.a909.8fe0 PortDesignatedPort : 8002 PortForwardTransitions : 1PortAdminPathCost : 20000PortOperPathCost : 20000PortRole : designatedPorts2#s2#s2#s2#s2#show spanning-tree interface gigabitEthernet 0/24 PortAdminPortFast : Disabled PortOperPortFast : Disabled PortAdminAutoEdge : Enabled PortOperAutoEdge : Disabled PortAdminLinkType : autoPortOperLinkType : point-to-point PortBPDUGuard : DisabledPortBPDUFilter : Disabled###### MST 0 vlans mapped :1-9, 11-19, 21-4094 PortState : forwardingPortPriority : 128PortDesignatedRoot : 8000.001a.a909.8fe0 PortDesignatedCost : 0PortDesignatedBridge :8000.001a.a909.8fe0 PortDesignatedPort : 8018 PortForwardTransitions : 1PortAdminPathCost : 20000PortOperPathCost : 20000PortRole : designatedPort###### MST 1 vlans mapped :10PortState : discardingPortPriority : 128PortDesignatedRoot : 0001.00d0.f823.ef82 PortDesignatedCost : 0PortDesignatedBridge :0001.00d0.f836.ed70PortDesignatedPort : 8018 PortForwardTransitions : 1 PortAdminPathCost : 20000 PortOperPathCost : 20000PortRole : alternatePort###### MST 2 vlans mapped :20PortState : forwardingPortPriority : 128PortDesignatedRoot : 0002.001a.a909.8fe0 PortDesignatedCost : 0 PortDesignatedBridge :0002.001a.a909.8fe0 PortDesignatedPort : 8018 PortForwardTransitions : 1 PortAdminPathCost : 20000 PortOperPathCost : 20000PortRole : designatedPorts2#Switch c 信息:s3#show spanning-tree interface fastEthernet 0/1 PortAdminPortFast : Disabled PortOperPortFast : Disabled PortAdminAutoEdge : Enabled PortOperAutoEdge : Disabled PortAdminLinkType : auto PortOperLinkType : point-to-point PortBPDUGuard : DisabledPortBPDUFilter : Disabled###### MST 0 vlans mapped :1-9, 11-19, 21-4094 PortState : discardingPortPriority : 128PortDesignatedRoot : 8000.001a.a909.8fe0 PortDesignatedCost : 0 PortDesignatedBridge :8000.00d0.f836.ed70 PortDesignatedPort : 8001 PortForwardTransitions : 1 PortAdminPathCost : 200000 PortOperPathCost : 200000PortRole : alternatePort###### MST 1 vlans mapped :10PortState : forwardingPortPriority : 128PortDesignatedRoot : 0001.00d0.f823.ef82 PortDesignatedCost : 0 PortDesignatedBridge :0001.00d0.f823.ef82 PortDesignatedPort : 8001 PortForwardTransitions : 1 PortAdminPathCost : 200000 PortOperPathCost : 200000PortRole : designatedPort###### MST 2 vlans mapped :20PortState : discardingPortPriority : 128PortDesignatedRoot : 0002.001a.a909.8fe0 PortDesignatedCost : 0 PortDesignatedBridge :1002.00d0.f836.ed70 PortDesignatedPort : 8001 PortForwardTransitions : 0 PortAdminPathCost : 200000 PortOperPathCost : 200000PortRole : alternatePorts3#s3#s3#s3#s3#show spanning-tree interface fastEthernet 0/2 PortAdminPortFast : Disabled PortOperPortFast : Disabled PortAdminAutoEdge : Enabled PortOperAutoEdge : Disabled PortAdminLinkType : auto PortOperLinkType : point-to-point PortBPDUGuard : DisabledPortBPDUFilter : Disabled###### MST 0 vlans mapped :1-9, 11-19, 21-4094 PortState : forwardingPortPriority : 128PortDesignatedRoot : 8000.001a.a909.8fe0 PortDesignatedCost : 0PortDesignatedBridge :8000.001a.a909.8fe0 PortDesignatedPort : 8001 PortForwardTransitions : 1 PortAdminPathCost : 200000 PortOperPathCost : 200000PortRole : rootPort###### MST 1 vlans mapped :10PortState : forwardingPortPriority : 128PortDesignatedRoot : 0001.00d0.f823.ef82 PortDesignatedCost : 0 PortDesignatedBridge :0001.00d0.f823.ef82 PortDesignatedPort : 8002 PortForwardTransitions : 2 PortAdminPathCost : 200000 PortOperPathCost : 200000PortRole : designatedPort###### MST 2 vlans mapped :20PortState : forwardingPortPriority : 128PortDesignatedRoot : 0002.001a.a909.8fe0 PortDesignatedCost : 0 PortDesignatedBridge :0002.001a.a909.8fe0 PortDesignatedPort : 8001 PortForwardTransitions : 1 PortAdminPathCost : 200000 PortOperPathCost : 200000PortRole : rootPorts3#Switch d 信息:s4#show spanning-tree interface gigabitEthernet 0/1 PortAdminPortFast : Disabled PortOperPortFast : Disabled PortAdminAutoEdge : Enabled PortOperAutoEdge : Disabled PortAdminLinkType : autoPortOperLinkType : point-to-point PortBPDUGuard : DisabledPortBPDUFilter : Disabled###### MST 0 vlans mapped :1-9, 11-19, 21-4094 PortState : forwardingPortPriority : 128PortDesignatedRoot : 8000.001a.a909.8fe0 PortDesignatedCost : 0 PortDesignatedBridge :8000.001a.a909.8fe0 PortDesignatedPort : 8002 PortForwardTransitions : 1 PortAdminPathCost : 20000 PortOperPathCost : 20000PortRole : rootPort###### MST 1 vlans mapped :10PortState : discardingPortPriority : 128PortDesignatedRoot : 0001.00d0.f823.ef82 PortDesignatedCost : 0 PortDesignatedBridge :1001.001a.a909.8fe0 PortDesignatedPort : 8002 PortForwardTransitions : 1 PortAdminPathCost : 20000 PortOperPathCost : 20000PortRole : alternatePort###### MST 2 vlans mapped :20PortState : forwardingPortPriority : 128PortDesignatedRoot : 0002.001a.a909.8fe0 PortDesignatedCost : 0 PortDesignatedBridge :0002.001a.a909.8fe0 PortDesignatedPort : 8002 PortForwardTransitions : 1 PortAdminPathCost : 20000 PortOperPathCost : 20000PortRole : rootPorts4#s4#s4#s4#show spanning-tree interface gigabitEthernet 0/2 PortAdminPortFast : Disabled PortOperPortFast : DisabledPortAdminAutoEdge : Enabled PortOperAutoEdge : Disabled PortAdminLinkType : auto PortOperLinkType : point-to-point PortBPDUGuard : DisabledPortBPDUFilter : Disabled###### MST 0 vlans mapped :1-9, 11-19, 21-4094 PortState : discardingPortPriority : 128PortDesignatedRoot : 8000.001a.a909.8fe0 PortDesignatedCost : 0 PortDesignatedBridge :8000.00d0.f836.ed70 PortDesignatedPort : 8002 PortForwardTransitions : 1 PortAdminPathCost : 20000 PortOperPathCost : 20000PortRole : alternatePort###### MST 1 vlans mapped :10PortState : forwardingPortPriority : 128PortDesignatedRoot : 0001.00d0.f823.ef82 PortDesignatedCost : 0 PortDesignatedBridge :0001.00d0.f836.ed70 PortDesignatedPort : 8002 PortForwardTransitions : 2 PortAdminPathCost : 20000 PortOperPathCost : 20000PortRole : rootPort###### MST 2 vlans mapped :20PortState : forwardingPortPriority : 128PortDesignatedRoot : 0002.001a.a909.8fe0 PortDesignatedCost : 0 PortDesignatedBridge :0002.00d0.f8d7.ae12 PortDesignatedPort : 8002 PortForwardTransitions : 2 PortAdminPathCost : 20000 PortOperPathCost : 20000PortRole : designatedPorts4#FAQ:1.1 RSTP和MSTP配合为什么有问题1.1.1 原因分析由于RSTP/MSTP的指定端口快速迁移机制,即接收到下游的agreement报文才能进行快速迁移。
校园网双核心(MSTP+VRRP)的拓扑实现和配置实例
双核心配置实例(一)cont.
RG-S35A(config)#spanning-tree mst 1 priority 4096
!实例1在35A的优先级为4096
RG-S35A(config)#spanning-tree mst 2 priority 8192
!实例2在35A的优先级为8192
配置较高优先级是为了使35A被选作mst 1的根节点。一 方面是因为它的性能比21强,防止21被选做根节点;更 重要的是,如果默认优先级更高的为35B,则vlan10、 30也会通过35B传输,与我们的期望结果相违背,产生 冲突。
MSTP技术概述(cont.)
交换机A、B 在vlan1 内,交换机C、D 在vlan2 内,连成环路。
A vlan1 C vlan2
vlan1 B D
vlan2
MSTP技术概述(cont.)
若采用STP或RSTP,在某种配置下,会把交换机A和B 间的链路给discarding。
A vlan1 C vlan2
OA服务器 服务器VLAN 服务器 视频会议VLAN 视频会议 交换机管理VLAN 交换机管理 互连网段VLAN 互连网段
双核心配置实例(二)cont.
生成树协议管理
表二、 表二、 设备优先级列表 设备 主核心交换机 备核心交换机 接入交换机 优先级 4096 8192 默认32768 默认
双核心配置实例(二)cont.
接入交换机 RG-S2150G
双核心配置实例(二)cont.
VLAN规划
根据支行的网络应用情况,针对不同的业务系统进行VLAN部 署整理,如下表:
表一
用途 生产用户VLAN 生产用户 OA用户 用户VLAN 用户
Mstp+Vrrp 实验
Mstp+Vrrp双核心网络架构:在这个双核心的网络架构中所应用到的技术:1、Mstp,在交换机层开启Mstp,创建实例instance 一个实例就是一棵树,使用Mstp来实现数据分流和备份链路;2、Mstp+Vrrp Vrrp 是虚拟路由冗余协议,Vrrp下的IP是虚拟网关,而VLAN 下的地址是虚拟路由器的物理地址,用户所获取到的网关使Vrrp下的虚拟网关地址;3、Dhcp 动态分配地址,设置在两台核心中,两个地址池要分别排除对面的地址;4、浮动路由,在双核心出接口写默认,一条主,一条加管理距离;5、端口聚合,在双核心之间用若干条线互连,把这些端口加入到聚合端口,打trunk,来作为Vrrp的心跳线;6、ACL 访问控制列表、NAT 网络地址转换,设置在出口路由器中,允许哪些用户上网,创建NAT地址转换池,允许上网的网段调入overload即可。
接下来是我在做这个实验的过程:首先是写好配置模板,写模板的好处是,理清思路,配置有条理,出了问题先看看模板有没有问题,缺少什么等接入层交换机的配置模板:conf tspanning-treespanning-tree mode mstp(开启多生成树Mstp)vlan 2vlan 3vlan 4vlan 5vlan 6vlan 7exitint range f0/1-5spanning-tree portfast (速端口,用户断网和恢复网路切换速度快)spanning-tree bpduguard enable (防自环)sw acc vlan 2int range f0/6-10spanning-tree portfastspanning-tree bpduguard enablesw acc vlan 3int range f0/11-12spanning-tree portfastspanning-tree bpduguard enablesw acc vlan 4int range f0/13-14spanning-tree portfastspanning-tree bpduguard enablesw acc vlan 5int range f0/15-16spanning-tree portfastspanning-tree bpduguard enablesw acc vlan 6int range f0/17-18spanning-tree portfastspanning-tree bpduguard enablesw acc vlan 7exitint gi0/25(上联口)sw mode trunkint gi0/26sw mode trunkexitspanning-tree mst conf(创建多生成树实例)instance 1 vlan 3,5,7instance 2 vlan 2,4,6exitwrite核心1配置模板:conf tip routingint gi0/25(下联口trunk)sw mode trunkexitspanning-treespanning-tree mode mstp(开启Mstp)vlan 2vlan 3vlan 4vlan 5vlan 6vlan 7exitint vlan 2ip add 10.0.2.253 255.255.255.0(虚拟路由器的物理地址)vrrp 2 ip 10.0.2.254(用户的虚拟网关,用户实际获取到的网关)exitint vlan 3ip add 10.0.3.253 255.255.255.0vrrp 3 ip 10.0.3.254vrrp 3 pr 110(Vrrp虚拟路由器的优先级,默认100,0—255,255最高)exitint vlan 4ip add 10.0.4.253 255.255.255.0vrrp 4 ip 10.0.4.254exitint vlan 5ip add 10.0.5.253 255.255.255.0vrrp 5 ip 10.0.5.254vrrp 5 pr 110exitint vlan 6ip add 10.0.6.253 255.255.255.0vrrp 6 ip 10.0.6.254exitint vlan 7ip add 10.0.7.253 255.255.255.0vrrp 7 ip 10.0.7.254vrrp 7 pr 110exitspanning-tree mst conf (创建Mstp instance实例,修改实例优先级)instance 1 vlan 3,5,7instance 2 vlan 2,4,6exitspanning-tree mst 1 p 4096spanning-tree mst 2 p 8192service dhcp(开启并创建Dhcp地址池)ip dhcp pool vlan2network 10.0.2.0 255.255.255.0dns 8.8.8.8default-router 10.0.2.254exitip dhcp ex 10.0.2.100 10.0.2.254ip dhcp pool vlan3network 10.0.3.0 255.255.255.0lease 0 12 0dns 8.8.8.8default-router 10.0.3.254exitip dhcp ex 10.0.3.100 10.0.3.254ip dhcp pool vlan4network 10.0.4.0 255.255.255.0lease 0 12 0dns 8.8.8.8default-router 10.0.4.254exitip dhcp ex 10.0.4.100 10.0.4.254ip dhcp pool vlan5network 10.0.5.0 255.255.255.0lease 0 12 0dns 8.8.8.8default-router 10.0.5.254exitip dhcp ex 10.0.5.100 10.0.5.254ip dhcp pool vlan6network 10.0.6.0 255.255.255.0lease 0 12 0dns 8.8.8.8default-router 10.0.6.254exitip dhcp ex 10.0.6.100 10.0.6.254ip dhcp pool vlan7network 10.0.7.0 255.255.255.0lease 0 12 0dns 8.8.8.8default-router 10.0.7.254exitip dhcp ex 10.0.7.100 10.0.7.254int range f0/1-2(创建端口聚合)port-group 1int aggregateport 1(聚合端口1打trunk)sw mode trunkexitint f0/3spanning-tree bpdufilter enable (不向上一层发送BPDU 桥协议数据单元报文)exitint f0/3no swip add 10.0.8.1 255.255.255.252no shutip route 0.0.0.0 0.0.0.0 10.0.8.2ip route 0.0.0.0 0.0.0.0 10.0.8.6 100(浮动路由)exitwrite核心2配置模板:conf tip routing(下联口trunk)int gi0/25sw mode trunkexitspanning-treevlan 2vlan 3vlan 4vlan 5vlan 6vlan 7exitint vlan 2ip add 10.0.2.252 255.255.255.0 vrrp 2 ip 10.0.2.254vrrp 2 p 110exitint vlan 3ip add 10.0.3.252 255.255.255.0 vrrp 3 ip 10.0.3.254exitint vlan 4ip add 10.0.4.252 255.255.255.0 vrrp 4 ip 10.0.4.254vrrp 4 p 110exitint vlan 5ip add 10.0.5.252 255.255.255.0 vrrp 5 ip 10.0.5.254exitint vlan 6ip add 10.0.6.252 255.255.255.0 vrrp 6 ip 10.0.6.254vrrp 6 p 110exitint vlan 7ip add 10.0.7.252 255.255.255.0 vrrp 7 ip 10.0.7.254exitspanning-tree mst conf instance 1 vlan 3,5,7instance 2 vlan 2,4,6exitspanning-tree mst 1 p 8192service dhcpip dhcp pool vlan2network 10.0.2.0 255.255.255.0lease 0 12 0dns 8.8.8.8default-router 10.0.2.254exitip dhcp ex 10.0.2.1 10.0.2.99ip dhcp ex 10.0.2.252 10.0.2.254ip dhcp pool vlan3network 10.0.3.0 255.255.255.0lease 0 12 0dns 8.8.8.8default-router 10.0.3.254exitip dhcp ex 10.0.3.1 10.0.3.99ip dhcp ex 10.0.3.252 10.0.3.254ip dhcp pool vlan4network 10.0.4.0 255.255.255.0lease 0 12 0dns 8.8.8.8default-router 10.0.3.254exitip dhcp ex 10.0.4.1 10.0.4.99ip dhcp ex 10.0.4.252 10.0.4.254ip dhcp pool vlan5network 10.0.5.0 255.255.255.0lease 0 12 0dns 8.8.8.8default-router 10.0.5.254exitip dhcp ex 10.0.5.1 10.0.5.99ip dhcp ex 10.0.5.252 10.0.5.254ip dhcp pool vlan6network 10.0.6.0 255.255.255.0lease 0 12 0dns 8.8.8.8default-router 10.0.6.254exitip dhcp ex 10.0.6.1 10.0.6.99ip dhcp ex 10.0.6.252 10.0.6.254ip dhcp pool vlan7network 10.0.7.0 255.255.255.0lease 0 12 0dns 8.8.8.8default-router 10.0.7.254exitip dhcp ex 10.0.7.1 10.0.7.99ip dhcp ex 10.0.7.252 10.0.7.254 int range f0/1-2port-group 1int aggregateport 1sw mode trunkexitint f0/3spanning-tree bpdufilter enable exitint f0/3no swip add 10.0.8.5 255.255.255.252 no shutexitip route 0.0.0.0 0.0.0.0 10.0.8.6ip route 0.0.0.0 0.0.0.0 10.0.8.1 100 exitwrite用一台三层做出口路由器:conf tip routingspanning-treespanning-tree mode mstpip route 0.0.0.0 0.0.0.0 172.16.1.2int f0/1no swip add 10.0.8.2 255.255.255.252no shutip nat insideexitint f0/2no swip add 10.0.8.6 255.255.255.252no shutip nat insideexitint f0/3no swip add 172.16.1.1 255.255.255.252no shutip nat outsideexitip route 10.0.0.0 255.255.248.0 172.16.1.1ip nat pool dizhichi 20.0.0.1 20.0.0.254 netmask 255.255.255.0 access-list 1 permit 10.0.0.0 0.0.7.255ip nat inside source list 1 pool dizhichi overloadexitip route 10.0.2.0 255.255.255.0 10.0.8.5ip route 10.0.2.0 255.255.255.0 10.0.8.1 100ip route 10.0.3.0 255.255.255.0 10.0.8.1ip route 10.0.3.0 255.255.255.0 10.0.8.5 100ip route 10.0.4.0 255.255.255.0 10.0.8.5ip route 10.0.4.0 255.255.255.0 10.0.8.1 100ip route 10.0.5.0 255.255.255.0 10.0.8.1ip route 10.0.5.0 255.255.255.0 10.0.8.5 100ip route 10.0.6.0 255.255.255.0 10.0.8.5ip route 10.0.6.0 255.255.255.0 10.0.8.1 100ip route 10.0.7.0 255.255.255.0 10.0.8.1ip route 10.0.7.0 255.255.255.0 10.0.8.5 100exitwrite。