MSTP+VRRP的典型組網
1 實驗拓撲及描述
1. 這是一個由三臺交換機組成的倒三角型二層交換網絡;
2. 網絡中有4個VLAN:10、20、30、40;
3. 接口編號如圖所示;
4. VLAN10對應的網段為192.168.10.0/24;VLAN20對應的網段為192.168.20.0/24;
VLAN30對應的網段為192.168.30.0/24;VLAN40對應的網段為192.168.40.0/24;
各VLAN的網關均為.254的地址,該地址為VRRP組的虛擬地址;
5. SW1的vlanif10和vlanif20的IP地址分別為:192.168.10.253、192.168.20.253
SW1的vlanif30和vlanif40的IP地址分別為:192.168.30.252、192.168.40.252
6. SW1的vlanif10和vlanif20的IP地址分別為:192.168.10.252、192.168.20.252
SW1的vlanif30和vlanif40的IP地址分別為:192.168.30.253、192.168.40.253
2 實驗需求
1. 由于網絡中VLAN較多,并且存在二層環路因此使用MSTP實現環路避免,同時實現負載分擔。
2. 將vlan10、20映射到MSTP實例1;將vlan30、40映射到MSTP實例2;
3. MSTP實例1Block掉的端口為SW3的GE0/0/23;實例2Block掉的端口為SW2的GE0/0/22;
4. 為了提高網絡的網關層冗余能力,在SW1及SW2的vlanif10、vlanif20、vlanif30、vlanif40上部署VRRP,一共4組。而VRRP的Master及Backup需與MSTP的主、備根重疊。也就是說SW1的vlanif10及vlanif20為各自VRRP組的Master,此外vlanif30及vlanif40為各自VRRP組的Backup;SW2正好相反。
3 實驗步驟及配置
SW3的配置如下:
#在SW3上創建VLAN,并將接口加入相應的VLAN
[SW3] vlan batch 10 20 30 40
[SW3] interface GigabitEthernet0/0/22
[SW3-GigabitEthernet0/0/22] port link-type trunk
[SW3-GigabitEthernet0/0/22] port trunk allow-pass vlan 10 20 30 40
[SW3] interface GigabitEthernet0/0/23
[SW3-GigabitEthernet0/0/23] port link-type trunk
[SW3-GigabitEthernet0/0/23] port trunk allow-pass vlan 10 20 30 40
#配置MSTP,將vlan10 20映射到實例1,將vlan30 40映射到實例2
#在SW3上,MSTP實例1及實例2的優先級保持默認32768
[SW3] stp mode mstp
[SW3] stp region-configuration
[SW3-mst-region] region-name huawei
[SW3-mst-region] instance 1 vlan 10 20
[SW3-mst-region] instance 2 vlan 30 40
[SW3-mst-region] active region-configuration
[SW3-mst-region] quit
[SW3] stp instance 1 priority 32768
[SW3] stp instance 2 priority 32768
[SW3] stp enable
SW1的配置如下:
[SW1] vlan batch 10 20 30 40
[SW1] interface GigabitEthernet0/0/24
[SW1-GigabitEthernet0/0/24] port link-type trunk
[SW1-GigabitEthernet0/0/24] port trunk allow-pass vlan 10 20 30 40
[SW1] interface GigabitEthernet0/0/22
[SW1-GigabitEthernet0/0/22] port link-type trunk
[SW1-GigabitEthernet0/0/22] port trunk allow-pass vlan 10 20 30 40
#配置MSTP,將vlan10 20映射到實例1,將vlan30 40映射到實例2
#將SW1的MSTP設置為實例1的主根,實例2的次根
[SW1] stp mode mstp
[SW1] stp region-configuration
[SW1-mst-region] region-name huawei
[SW1-mst-region] instance 1 vlan 10 20
[SW1-mst-region] instance 2 vlan 30 40
[SW1-mst-region] active region-configuration
[SW1-mst-region] quit
[SW1] stp instance 1 root primary
[SW1] stp instance 2 root secondary
[SW1] stp enable
#配置vlanif10、vlanif20、vlanif30、vlanif40
#配置vlanif10、vlanif20、vlanif30、vlanif40,分別加入VRRP組1,2,3,4
#其中SW1為VRRP組1及2的Master,為組3及4的Backup
[SW1] interface Vlanif10
[SW1-vlanif10] ip address 192.168.10.253 255.255.255.0
[SW1-vlanif10] vrrp vrid 1 virtual-ip 192.168.10.254
[SW1-vlanif10] vrrp vrid 1 priority 120
[SW1-vlanif10] vrrp vrid 1 preempt-mode timer delay 20
[SW1] interface Vlanif20
[SW1-vlanif20] ip address 192.168.20.253 255.255.255.0
[SW1-vlanif20] vrrp vrid 2 virtual-ip 192.168.20.254
[SW1-vlanif20] vrrp vrid 2 priority 120
[SW1-vlanif20] vrrp vrid 2 preempt-mode timer delay 20
[SW1] interface Vlanif30
[SW1-vlanif30] ip address 192.168.30.252 255.255.255.0
[SW1-vlanif30] vrrp vrid 3 virtual-ip 192.168.30.254
[SW1] interface Vlanif40
[SW1-vlanif40] ip address 192.168.40.252 255.255.255.0
[SW1-vlanif40] vrrp vrid 4 virtual-ip 192.168.40.254
SW2的配置如下:
[SW2] vlan batch 10 20 30 40
[SW2] interface GigabitEthernet0/0/24
[SW2-GigabitEthernet0/0/24] port link-type trunk
[SW2-GigabitEthernet0/0/24] port trunk allow-pass vlan 10 20 30 40
[SW2] interface GigabitEthernet0/0/23
[SW2-GigabitEthernet0/0/23] port link-type trunk
[SW2-GigabitEthernet0/0/23] port trunk allow-pass vlan 10 20 30 40
#配置MSTP,將vlan10 20映射到實例1,將vlan30 40映射到實例2
#將SW1的MSTP設置為實例2的主根,實例1的次根
[SW2] stp mode mstp
[SW2] stp region-configuration
[SW2-mst-region] region-name huawei
[SW2-mst-region] instance 1 vlan 10 20
[SW2-mst-region] instance 2 vlan 30 40
[SW2-mst-region] active region-configuration
[SW2-mst-region] quit
[SW2] stp instance 1 root secondary
[SW2] stp instance 2 root primary
[SW2] stp enable
#配置vlanif10、vlanif20、vlanif30、vlanif40
#配置vlanif10、vlanif20、vlanif30、vlanif40,分別加入VRRP組1,2,3,4
#其中SW1為VRRP組3及4的Master,為組1及2的Backup
[SW2] interface Vlanif10
[SW2-vlanif10] ip address 192.168.10.252 255.255.255.0
[SW2-vlanif10] vrrp vrid 1 virtual-ip 192.168.10.254
[SW2] interface Vlanif20
[SW2-vlanif20] ip address 192.168.20.252 255.255.255.0
[SW2-vlanif20] vrrp vrid 2 virtual-ip 192.168.20.254
[SW2] interface Vlanif30
[SW2-vlanif30] ip address 192.168.30.252 255.255.255.0
[SW2-vlanif30] vrrp vrid 3 virtual-ip 192.168.30.254
[SW2-vlanif30] vrrp vrid 3 priority 120
[SW2] interface Vlanif40
[SW2-vlanif40] ip address 192.168.40.252 255.255.255.0
[SW2-vlanif40] vrrp vrid 4 virtual-ip 192.168.40.254
[SW2-vlanif40] vrrp vrid 4 priority 120
完成配置后,各VLAN的用戶都能夠ping通自己的網關;
我們在SW3上看看:
[SW3] display stp brief
MSTID Port Role STP State Protection
0 GigabitEthernet0/0/1 DESI FORWARDING NONE
0 GigabitEthernet0/0/2 DESI FORWARDING NONE
0 GigabitEthernet0/0/22 DESI FORWARDING NONE
0 GigabitEthernet0/0/23 DESI FORWARDING NONE
1 GigabitEthernet0/0/1 DESI FORWARDING NONE
1 GigabitEthernet0/0/22 ROOT FORWARDING NONE
1 GigabitEthernet0/0/23 ALTE DISCARDING NONE
2 GigabitEthernet0/0/2 DESI FORWARDING NONE
2 GigabitEthernet0/0/22 ALTE DISCARDING NONE
2 GigabitEthernet0/0/23 ROOT FORWARDING NONE
我們看到,MSTP實例1中被Block掉的端口是GE0/0/23口;MSTP實例2中被Block掉的端口是GE0/0/22,符合我們的需求。再去SW1上看看VRRP組的狀態:
[SW1] display vrrp brief
VRID State Interface Type Virtual IP
----------------------------------------------------------------
1 Master Vlanif10 Normal 192.168.10.254
2 Master Vlanif20 Normal 192.168.20.254
3 Backup Vlanif30 Normal 192.168.30.254
4 Backup Vlanif40 Normal 192.168.40.254
----------------------------------------------------------------
Total:4 Master:2 Backup:2 Non-active:0
從上述輸出可以看出,SW1為VRRP組1及組2的Master,同時也為VRRP組3和組4的Backup。
