router+mstp+vrrp+单nat
拓扑图
使用技术
使用到的技术:
单区域ospf
dhcp
nat
mstp
vrrp+track
端口聚合
接入层
huijuA
sys
sysname huijuA
# 创建vlan
vlan batch 10 20 30 40
# 端口分配
int e0/0/1
port link-type access
port default vlan 10
int e0/0/2
port link-type access
port default vlan 20
int e0/0/3
port link-type trunk
port trunk allow-pass vlan all
int e0/0/4
port link-type trunk
port trunk allow-pass vlan all
# mstp
stp region-configuration
region-name wlgc
instance 1 vlan 10 30
instance 2 vlan 20 40
active region-configuration
huijuB
sys
sysname huijuB
# 创建vlan
vlan batch 10 20 30 40
# 端口分配
int e0/0/1
port link-type access
port default vlan 30
int e0/0/2
port link-type access
port default vlan 40
int e0/0/3
port link-type trunk
port trunk allow-pass vlan all
int e0/0/4
port link-type trunk
port trunk allow-pass vlan all
# mstp
stp region-configuration
region-name wlgc
instance 1 vlan 10 30
instance 2 vlan 20 40
active region-configuration
核心层
coreA
sys
sysname coreA
# 创建vlan
vlan batch 10 20 30 40 50
# 端口分配
int g0/0/1
port link-type access
port default vlan 50
int g0/0/3
port link-type trunk
port trunk allow-pass vlan all
int g0/0/4
port link-type trunk
port trunk allow-pass vlan all
# 链路聚合
int Eth-Trunk 1
port link-type trunk
port trunk allow-pass vlan 10 20 30 40
# 加入
int g0/0/23
eth-trunk 1
int g0/0/24
eth-trunk 1
# mstp
stp region-configuration
region-name wlgc
instance 1 vlan 10 30
instance 2 vlan 20 40
active region-configuration
quit
# mstp 根桥指定
stp instance 1 root primary
stp instance 2 root secondary
# vrrp配置
int vlan 10
ip address 192.168.10.252 24
vrrp vrid 10 virtual-ip 192.168.10.254
vrrp vrid 10 priority 110
# 配置上联接口检测,直连接口(配置的是本机的端口)检测不通时,降级
vrrp vrid 10 track interface g0/0/1 reduced 50
int vlan 20
ip address 192.168.20.252 24
vrrp vrid 20 virtual-ip 192.168.20.254
# 配置上联接口检测,直连接口(配置的是本机的端口)检测不通时,降级
vrrp vrid 20 track interface g0/0/1 reduced 50
int vlan 30
ip address 192.168.30.252 24
vrrp vrid 30 virtual-ip 192.168.30.254
vrrp vrid 30 priority 110
# 配置上联接口检测,直连接口(配置的是本机的端口)检测不通时,降级
vrrp vrid 30 track interface g0/0/1 reduced 50
int vlan 40
ip address 192.168.40.252 24
vrrp vrid 40 virtual-ip 192.168.40.254
# 配置上联接口检测,直连接口(配置的是本机的端口)检测不通时,降级
vrrp vrid 40 track interface g0/0/1 reduced 50
## 这里配置完,建议display ip int brief
## 顺带验证vlan pc间是否能够通信
# 上联接口vlan
int vlan 50
ip address 192.168.252.1 24
# 配置ospf
ospf 100 router-id 1.1.1.1
area 0
network 0.0.0.0 255.255.255.255
core B
sys
sysname coreB
# 创建vlan
vlan batch 10 20 30 40 60
# 端口分配
int g0/0/1
port link-type access
port default vlan 60
int g0/0/3
port link-type trunk
port trunk allow-pass vlan all
int g0/0/4
port link-type trunk
port trunk allow-pass vlan all
# 链路聚合
int Eth-Trunk 1
port link-type trunk
port trunk allow-pass vlan 10 20 30 40
# 加入
int g0/0/23
eth-trunk 1
int g0/0/24
eth-trunk 1
# mstp
stp region-configuration
region-name wlgc
instance 1 vlan 10 30
instance 2 vlan 20 40
active region-configuration
quit
# mstp 根桥指定
stp instance 2 root primary
stp instance 1 root secondary
# vrrp 配置
int vlan 10
ip address 192.168.10.253 24
vrrp vrid 10 virtual-ip 192.168.10.254
# 配置上联接口检测,直连接口(配置的是本机的端口)检测不通时,降级
vrrp vrid 10 track interface g0/0/1 reduced 50
int vlan 20
ip address 192.168.20.253 24
vrrp vrid 20 virtual-ip 192.168.20.254
vrrp vrid 20 priority 110
# 配置上联接口检测,直连接口(配置的是本机的端口)检测不通时,降级
vrrp vrid 20 track interface g0/0/1 reduced 50
int vlan 30
ip address 192.168.30.253 24
vrrp vrid 30 virtual-ip 192.168.30.254
# 配置上联接口检测,直连接口(配置的是本机的端口)检测不通时,降级
vrrp vrid 30 track interface g0/0/1 reduced 50
int vlan 40
ip address 192.168.40.253 24
vrrp vrid 40 virtual-ip 192.168.40.254
vrrp vrid 40 priority 110
# 配置上联接口检测,直连接口(配置的是本机的端口)检测不通时,降级
vrrp vrid 40 track interface g0/0/1 reduced 50
## 这里配置完,建议display ip int brief,验证vlan ip
## 顺带验证vlan pc间是否能够通信
# 上联接口vlan
int vlan 60
ip address 192.168.253.1 24
# 配置ospf
ospf 100 router-id 2.2.2.2
area 0
network 0.0.0.0 255.255.255.255
对外
核心路由器(AR1)
sys
sysname AR1
int g0/0/0
ip address 192.168.252.2 24
int g0/0/1
ip address 192.168.253.2 24
int g0/0/2
ip address 12.1.1.1 30
# 默认路由
ip route-static 0.0.0.0 0.0.0.0 12.1.1.2
# ospf
ospf 100 router-id 3.3.3.3
# 默认路由重分布
default-route-advertise
area 0
network 192.168.0.0 0.0.255.255
# nat
acl number 3000
rule 10 permit ip source 192.168.0.0 0.0.255.255
int g0/0/2
nat outbound 3000
ISP
sys
sysname ISP
int g0/0/1
ip address 9.9.9.254 24
int g0/0/0
ip address 12.1.1.2 30
效果图
核心层
coreA
display ip int brief
vrrp
display vrrp brief
stp
display stp brief
coreB
display ip int brief
vrrp
display vrrp brief
stp
display stp brief
dis ip routing-table
汇聚层
huijuA
display stp brief
huijuB
display stp brief
核心路由器
dis ip int brief
错误排查
交换机mac漂移
大致原因是环路
https://support.huawei.com/enterprise/zh/doc/EDOC1000141442/b2b79367
ospf router-id 冲突
先看看是否手工指定时,确实失误了。
再排查和交换机的接口,是否已经配置了vlan,测试和交换机的对应vlan能否互通。
vrrp 主备未切换
1. 确认使用shutdown命令,模拟故障。
2. 确认配置了vrrp track,且配置的接口,是上联接口