大型园区网建设（交换部分）

一、交换部分

1、交换机互联VLAN如图所示，IP地址如图所示，设置交换机互联接口端口类型为Trunk并放行相应VLAN，其余端口视情况而定

[S5]dis cu
#
sysname S5
#
vlan batch 10 254
#
interface Ethernet0/0/1
 port link-type access
 port default vlan 10
#
interface Ethernet0/0/10
 port link-type trunk
 port trunk pvid vlan 254
 port trunk allow-pass vlan 10 254
#
interface GigabitEthernet0/0/1
 port link-type trunk
 port trunk allow-pass vlan 10 254
#
interface GigabitEthernet0/0/2
 port link-type trunk
 port trunk allow-pass vlan 10 254
#
#

[S6]dis cu
#
sysname S6
#
vlan batch 20 254
#
interface Ethernet0/0/2
 port link-type access
 port default vlan 20
#
interface Ethernet0/0/10
 port link-type trunk
 port trunk pvid vlan 254
 port trunk allow-pass vlan 20 254
#
interface GigabitEthernet0/0/1
 port link-type trunk
 port trunk allow-pass vlan 20 254
#
interface GigabitEthernet0/0/2
 port link-type trunk
 port trunk allow-pass vlan 20 254
#

<S3>dis cu
#
sysname S3
#
vlan batch 10 20 79 89 120 to 123 245 254
#
interface GigabitEthernet0/0/1
 port link-type trunk
 port trunk allow-pass vlan 10 20 254
#
interface GigabitEthernet0/0/2
 port link-type trunk
 port trunk allow-pass vlan 10 20 254
#
interface GigabitEthernet0/0/12
 port link-type access
 port default vlan 245
#
interface GigabitEthernet0/0/23
 port link-type access
 port default vlan 79
#
interface GigabitEthernet0/0/24
 port link-type access
 port default vlan 89
#

<S4>dis cu
#
sysname S4
#
vlan batch 10 20 107 to 108 130 to 133 245 254
#
interface GigabitEthernet0/0/1
 port link-type trunk
 port trunk allow-pass vlan 10 20 254
#
interface GigabitEthernet0/0/2
 port link-type trunk
 port trunk allow-pass vlan 10 20 254
#
interface GigabitEthernet0/0/12
 port link-type access
 port default vlan 245
#
interface GigabitEthernet0/0/23
 port link-type access
 port default vlan 108
#
interface GigabitEthernet0/0/24
 port link-type access
 port default vlan 107
#

<S1>dis cu
#
sysname S1
#
vlan batch 7 17 78 to 79 107 12
#
interface GigabitEthernet0/0/1
 port link-type access
 port default vlan 17
#
interface GigabitEthernet0/0/10
 port link-type trunk
 port trunk allow-pass vlan 7 10 20 12
#
interface GigabitEthernet0/0/23
 port link-type access
 port default vlan 79
#
interface GigabitEthernet0/0/24
 port link-type access
 port default vlan 107
#

<S2>dis cu
#
sysname S2
#
vlan batch 8 28 78 89 108 12
#
interface GigabitEthernet0/0/2
 port link-type access
 port default vlan 28
#
#
interface GigabitEthernet0/0/10
 port link-type trunk
 port trunk allow-pass vlan 8 10 20 12
#
interface GigabitEthernet0/0/23
 port link-type access
 port default vlan 108
#
interface GigabitEthernet0/0/24
 port link-type access
 port default vlan 89
#

2、S1、S2互联部署链路聚合LACP模式，设置链路G0/0/20、G0/0/22为主链路,G0/0/21为备用链路，并开启lacp抢占功能，抢占延时为12s

[S1]dis cu
#
sysname S1
#
vlan batch 7 17 78 to 79 107 12
#
lacp priority 16384
#
interface Eth-Trunk12
 port link-type trunk
 port trunk allow-pass vlan 12 78
 mode lacp-static
 lacp preempt enable
 max active-linknumber 2
 lacp preempt delay 12
#
interface GigabitEthernet0/0/20
 eth-trunk 12
#
interface GigabitEthernet0/0/21
 eth-trunk 12
#
interface GigabitEthernet0/0/22
 eth-trunk 12
 lacp priority 16384
#

[S2]dis cu
#
sysname S2
#
vlan batch 8 12 28 78 89 108
#
[S2-Eth-Trunk12]di th
#
interface Eth-Trunk12
 port link-type trunk
 port trunk allow-pass vlan 12 78
 mode lacp-static

interface GigabitEthernet0/0/20
 eth-trunk 12
#
interface GigabitEthernet0/0/21
 eth-trunk 12
#
interface GigabitEthernet0/0/22
 eth-trunk 12
#
#

3、以下链路聚合采用手动模式

1）S3,S4互联部署链路聚合手动模式

[S3-Eth-Trunk34]di th
#
interface Eth-Trunk34
 port link-type trunk
 port trunk allow-pass vlan 10 20 245 254

interface GigabitEthernet0/0/21
 eth-trunk 34
#
interface GigabitEthernet0/0/22
 eth-trunk 34
#
#

[S4-Eth-Trunk34]di th
#
interface Eth-Trunk34
 port link-type trunk
 port trunk allow-pass vlan 10 20 245 254

interface GigabitEthernet0/0/21
 eth-trunk 34
#
interface GigabitEthernet0/0/22
 eth-trunk 34
# 
#

2）S3与FW1-G1/0/0,G1/0/1部署链路聚合

FW1：
vlan batch 120 to 123
interface Eth-Trunk1
 trunkport g 1/0/0 1/0/1
 portswitch
 port link-type trunk
 port trunk allow-pass vlan 120 to 123
#

S3:
interface Eth-Trunk1
 trunkport g 1/0/0 1/0/1
 port link-type trunk
 port trunk allow-pass vlan 120 to 123
#

3）S4与FW2-G1/0/0,G1/0/1部署链路聚合

FW2:
vlan batch 130 to 133
interface Eth-Trunk1
 trunkport g 1/0/0 1/0/1
 portswitch
 port link-type trunk
 port trunk allow-pass vlan 130 to 133
#

S4:
interface Eth-Trunk1
 trunkport g 1/0/0 1/0/1
 port link-type trunk
 port trunk allow-pass vlan 130 to 133
#

4、S3,S4,S5,S6配置MSTP实现业务VLAN负载分担，S3,S4配置VRRP实现VLAN10,VLAN20业务负载分担，除交换机互联端口外，其余端口快速进入转发状态

[S5-mst-region]di th
#
stp region-configuration
 region-name HUAWEI
 revision-level 12
 instance 1 vlan 10
 instance 2 vlan 20
 active region-configuration

#配置边缘端口
stp edged-port default
port-group group-member g0/0/1 g0/0/2	
stp edged-port disable
#

[S6-mst-region]di th
#
stp region-configuration
 region-name HUAWEI
 revision-level 12
 instance 1 vlan 10
 instance 2 vlan 20
 active region-configuration
#配置边缘端口
stp edged-port default
port-group group-member g0/0/1 g0/0/2	
stp edged-port disable
#
#

[S3-mst-region]di th
#
stp region-configuration
 region-name HUAWEI
 revision-level 12
 instance 1 vlan 10
 instance 2 vlan 20
 active region-configuration

stp instance 1 root primary
stp instance 2 root secondary

#配置边缘端口
stp edged-port default
port-group group-member g0/0/1 g0/0/2 eth-trunk 34
stp edged-port disable
#

#配置VRRP
interface Vlanif10
 ip binding vpn-instance VPN_A
 ip address 172.16.10.9 255.255.255.0
 vrrp vrid 1 virtual-ip 172.16.10.254
 vrrp vrid 1 priority 120
#

interface Vlanif20
 ip binding vpn-instance VPN_B
 ip address 172.16.20.9 255.255.255.0
 vrrp vrid 2 virtual-ip 172.16.20.254
#

[S4-mst-region]di th
#
stp region-configuration
 region-name HUAWEI
 revision-level 12
 instance 1 vlan 10
 instance 2 vlan 20
 active region-configuration

stp instance 1 root secondary
stp instance 2 root primary

#配置边缘端口
stp edged-port default
port-group group-member g0/0/1 g0/0/2 eth-trunk 34
stp edged-port disable
#

#配置VRRP
interface Vlanif10
 ip binding vpn-instance VPN_A
 ip address 172.16.10.10 255.255.255.0
 vrrp vrid 1 virtual-ip 172.16.10.254
#

interface Vlanif20
 ip binding vpn-instance VPN_B
 ip address 172.16.20.10 255.255.255.0
 vrrp vrid 2 virtual-ip 172.16.20.254
 vrrp vrid 2 priority 120
#


#

5、S1、S2、S3、S4互联接口配置BPDU过滤，不参与STP计算

[S1]port-group group-member Eth-Trunk 12 g0/0/23 g0/0/24
[S1-port-group]stp bpdu-filter enable

[S2]port-group group-member Eth-Trunk 12 g0/0/23 g0/0/24
[S2-port-group]stp bpdu-filter enable

[S3]port-group group-member g0/0/23 g0/0/24
[S3-port-group]stp bpdu-filter enable

[S4]port-group group-member g0/0/23 g0/0/24
[S4-port-group]stp bpdu-filter enable