MSTP+VRRP

Posted 2022-02-03 害怕网络暴力

MTSP+VRRP典型组网

实验拓扑

配置思路
1.划分vlan，业务A划分到vlan10，业务B划分到vlan 20；
2.交换机互联链路做trunk，放行vlan 10 20；
3.SW1和SW2之间创建链路聚合，保证可靠性；
4.运行MSTP，SW1作为实例0和1的主根，SW2作为实例2的主根；
5.配置VRRP，SW1在vlan10中为主，SW2在vlan20中为主；
6.开启上行接口监视；
（上行接口监视和SW1 SW2之间运行ospf，两者选一即可，目的都是为了其中一台设备故障，能够快速切换到另一台设备）

配置命令
SW3 – 划分vlan，对应接口做trunk，放行vlan 10 20

<H3C>sys
System View: return to User View with Ctrl+Z.
[H3C]vlan 10
[H3C-vlan10]vlan 20
[H3C-vlan20]in vlan 10
[H3C-Vlan-interface10]ip address  192.168.0.1 24
[H3C-Vlan-interface10]in vlan 20
[H3C-Vlan-interface20]ip address  10.1.0.1 16
[H3C-Vlan-interface20]qu
[H3C]interface range g1/0/1 g1/0/2
[H3C-if-range]port link-type trunk
[H3C-if-range]port trunk permit  vlan 10 20

SW1 – 划分vlan，对应接口做trunk，放行vlan 10 20，链路聚合

<H3C>sys
System View: return to User View with Ctrl+Z.
[H3C]
[H3C]in
[H3C]vlan 10
[H3C-vlan10]vlan 20
[H3C-vlan20]in vlan 10
[H3C-Vlan-interface10]ip ad
[H3C-Vlan-interface10]ip address  192.168.0.253 24
[H3C-Vlan-interface10]in vlan 20
[H3C-Vlan-interface20]ip address  10.1.0.252 16
[H3C-Vlan-interface20]qu
[H3C]interface LoopBack  0
[H3C-LoopBack0]ip address  192.168.255.11 32
[H3C-LoopBack0]qu
[H3C]interface Bridge-Aggregation  1
[H3C-Bridge-Aggregation1]qu
[H3C]interface range g1/0/3 g1/0/4
[H3C-if-range]port link-aggregation group 1
[H3C-if-range]qu
[H3C]interface Bridge-Aggregation  1
[H3C-Bridge-Aggregation1]port link-type  trunk
Configuring GigabitEthernet1/0/3 done.
Configuring GigabitEthernet1/0/4 done.
[H3C-Bridge-Aggregation1]port trunk permit  vlan 10 20
Configuring GigabitEthernet1/0/3 done.
Configuring GigabitEthernet1/0/4 done.
[H3C]interface g1/0/1
[H3C-GigabitEthernet1/0/1]port link-type trunk
[H3C-GigabitEthernet1/0/1]port trunk permit  vlan 10 20

SW2 – 划分vlan，对应接口做trunk，放行vlan 10 20，链路聚合

<H3C>sys
System View: return to User View with Ctrl+Z.
[H3C]vlan 10
[H3C-vlan10]vlan 20
[H3C-vlan20]in vlan 10
[H3C-Vlan-interface10]ip ad
[H3C-Vlan-interface10]ip address  192.168.0.252 24
[H3C-Vlan-interface10]in vlan 20
[H3C-Vlan-interface20]ip ad
[H3C-Vlan-interface20]ip address  10.1.0.253 16
[H3C-Vlan-interface20]qu
[H3C]interface LoopBack  0
[H3C-LoopBack0]ip address  192.168.255.12 32
[H3C-LoopBack0]qu
[H3C]interface Bridge-Aggregation  1
[H3C-Bridge-Aggregation1]qu
[H3C]interface range g1/0/3 g1/0/4
[H3C-if-range]port link-aggregation group  1
[H3C-if-range]qu
[H3C]interface Bridge-Aggregation  1
[H3C-Bridge-Aggregation1]port link-type  trunk
Configuring GigabitEthernet1/0/3 done.
Configuring GigabitEthernet1/0/4 done.
[H3C-Bridge-Aggregation1]port trunk permit  vlan 10 20
Configuring GigabitEthernet1/0/3 done.
Configuring GigabitEthernet1/0/4 done.
[H3C-Bridge-Aggregation1]qu
[H3C]interface g1/0/2
[H3C-GigabitEthernet1/0/2]port link-type trunk
[H3C-GigabitEthernet1/0/2]port trunk  permit  vlan 10 20

SW1-SW2-SW4 配置MSTP，域名，修订级别，vlan和实例映射关系
因为是单域，所以三台配置相同

[H3C]stp region-configuration
[H3C-mst-region]region-name 123
[H3C-mst-region]instance  1 vlan 10
[H3C-mst-region]instance  2 vlan 20
[H3C-mst-region]active region-configuration
如果配置做出修改，一定记得使用最后一条命令激活生效

设置SW1为实例0和1的主根，SW2为实例2的主根

SW1
[H3C]stp instance  0 to 1 root  primary
[H3C]stp instance 2 root  secondary
SW2
[H3C]stp instance  0 to 1 root  secondary
[H3C]stp instance  2 root  primary

配置VRRP+上行接口监视
SW1

[H3C]interface vlan 10
[H3C-Vlan-interface10]vrrp  vrid 10 virtual-ip 192.168.0.254
[H3C-Vlan-interface10]vrrp vrid 10 priority 120
[H3C-Vlan-interface10]vrrp vrid 10 track 1 priority reduced 30
[H3C]track 1 interface g1/0/2
[H3C]interface Vlan-interface  20
[H3C-Vlan-interface20]vrrp vrid 20 virtual-ip 10.1.0.254

SW2

[H3C]interface Vlan-interface  10
[H3C-Vlan-interface10]vrrp vrid 10 virtual-ip 192.168.0.254
[H3C]in vlan 20
[H3C-Vlan-interface20]vrrp vrid 20 virtual-ip 10.1.0.254
[H3C-Vlan-interface20]vrrp  vrid 20 priority 120
[H3C-Vlan-interface20]vrrp vrid 20 track 1 priority reduced 30
[H3C-Vlan-interface20]qu
[H3C]track 1 interface g1/0/1

如果没有上行口就不用做接口监视，如果有上行口，那对面的设备一定要打开，不然监测就会自动生效，优先级会减少30,；

排错命令
stp命令

vlan命令（查看接口放行vlan，只有passing表中有的vlan，最终才会被放行）

检查链路聚合命令


VRRP故障排查命令