华为三层架构配置练习
一、拓扑以及需求
某公司采用三层架构,其中R13作为核心层;sw1、sw2作为汇聚层;sw3、sw4作为接入层。其中有财务和行政两个部门,财务处于VLAN 10,行政处于VLAN 20。
拓扑设计如下:
二、所需技术以及简易配置
(1)MSTP
多生成树,配置如下:
[Huawei]stp mode mstp //配置工作模式
[Huawei]stp region-configuration //进入MST域视图
[Huawei-mst-region]region-name stp1 //配置MST域的域名
[Huawei-mst-region]instance 1 vlan 2 to 5 //配置多生成树实例和VLAN的映射关系
[Huawei-mst-region]revision-level 0 //配置MST域的MSTP修订级别
========
[Huawei-mst-region]check region-configuration //查看MST域配置参数是否正确
[Huawei-mst-region]active region-configuration //激活MST域的配置
========
[Huawei]stp instance 1 root primary //配置该设备为根桥
[Huawei]stp instance 1 root secondary //配置该设备为备份根桥
========
[Huawei]stp enable //启用MSTP
(2)VRRP
虚拟路由器冗余协议,R2为主网关,R3位备份。
R2(Master):
[R2-GigabitEthernet0/0/0]vrrp vrid 1 virtual-ip 2.2.2.2 //创建VRRP备份组,配置虚拟网关ip
[R2-GigabitEthernet2/0/1]vrrp vrid 1 priority 120 //大优,默认100,调整Master为120
========
[R2-GigabitEthernet2/0/1]vrrp vrid 2 preempt-mode timer delay 5 //修改抢占时间
[R2-GigabitEthernet2/0/1] vrrp vrid 2 track interface GigabitEthernet0/0/4 reduced 30 //上行链路追踪
[R2-GigabitEthernet2/0/1]vrrp vrid 2 authentication-mode md5 867T$zkAHj<w)JO!C@Zi,# //开启认证(乱码为密码)
========
R3(Backup):
[R3-GigabitEthernet0/0/0]vrrp vrid 1 virtual-ip 2.2.2.2 //创建VRRP备份组,配置虚拟网关ip
(3)链路聚合
[sw1]interface Eth-Trunk 1 //创建逻辑接口
[sw1-Eth-Trunk1]trunkport GigabitEthernet 0/0/1 //划入物理接口
[sw1-Eth-Trunk1]trunkport GigabitEthernet 0/0/2 //划入物理接口
[sw1-Eth-Trunk1]port link-type trunk //链路为trunk
[sw1-Eth-Trunk1]port trunk allow-pass vlan all //允许所有VLAN通过
三、配置思路
(1)核心层
在sw1、sw2、R13上起ospf,让核心层可以互通。
R13配置:
[r13]ospf 1 router-id 13.13.13.13
[r13-ospf-1]area 0
[r13-ospf-1-area-0.0.0.0]network 13.0.131.1 0.0.0.0
[r13-ospf-1-area-0.0.0.0]network 13.0.132.1 0.0.0.0
sw1配置:
配置ip
[sw1]vlan 100 //创建VLAN 100
[sw1]interface GigabitEthernet 0/0/5
[sw1-GigabitEthernet0/0/5]port link-type access //修改接口模式
[sw1-GigabitEthernet0/0/5]port default vlan 100 //将接口划入VLAN 100
[sw1]interface Vlanif 100 //在逻辑接口下配置ip
[sw1-Vlanif100]ip address 10.0.131.2 24
配置ospf
[sw1]ospf 1 router-id 1.1.1.1
[sw1-ospf-1]area 0
[sw1-ospf-1-area-0.0.0.0]network 13.0.131.2 0.0.0.0
sw2配置和sw1一致
ospf邻居如下:
(2)汇聚层
首先按照拓扑将所有接口的模式改为对应的,并划入VLAN。部分配置如下:
修改为trunk:
[sw1]interface GigabitEthernet 0/0/3
[sw1-GigabitEthernet0/0/3]port link-type trunk
[sw1-GigabitEthernet0/0/3]port trunk allow-pass vlan all
修改为access
[sw1]vlan 10
[sw1]interface GigabitEthernet 0/0/3
[sw1-GigabitEthernet0/0/4]port link-type access
[sw1-GigabitEthernet0/0/4]port default vlan 10
链路聚合
在sw1、sw2上配置链路聚合,部分配置如下:
sw1配置:
[sw1]interface Eth-Trunk 1 //创建逻辑接口
[sw1-Eth-Trunk1]trunkport GigabitEthernet 0/0/1 //划入物理接口
[sw1-Eth-Trunk1]trunkport GigabitEthernet 0/0/2 //划入物理接口
[sw1-Eth-Trunk1]port link-type trunk //链路为trunk
[sw1-Eth-Trunk1]port trunk allow-pass vlan all //允许所有VLAN通过
sw2配置:
[sw2]interface Eth-Trunk 1 //创建逻辑接口
[sw2-Eth-Trunk1]trunkport GigabitEthernet 0/0/1 //划入物理接口
[sw2-Eth-Trunk1]trunkport GigabitEthernet 0/0/2 //划入物理接口
[sw2-Eth-Trunk1]port link-type trunk //链路为trunk
[sw2-Eth-Trunk1]port trunk allow-pass vlan all //允许所有VLAN通过
VRRP
sw1作为VLAN 10的master,VLAN 20的backup;sw2作为VLAN 20的master,VLAN 10的backup。部分配置如下:
VLAN 10配置:
sw1:
[sw1]interface Vlanif 10 //在逻辑接口下配置ip
[sw1-Vlanif10]ip address 10.0.13.2 24
[sw1-Vlanif10]vrrp vrid 1 virtual-ip 10.0.13.1
[sw1-Vlanif10]vrrp vrid 1 priority 120
sw2:
[sw2]interface Vlanif 10 //在逻辑接口下配置ip
[sw2-Vlanif10]ip address 10.0.13.3 24
[sw2-Vlanif10]vrrp vrid 1 virtual-ip 10.0.13.1
VLAN 20 配置同VLAN 10
MSTP
sw1作为VLAN 10的主根,VLAN 20的备根;sw2作为VLAN 20的主根,VLAN 10的备根。部分配置如下:
sw1配置mstp:
[sw1]stp mode mstp //配置工作模式
[Huawei]stp region-configuration //进入MST域视图
[Huawei-mst-region]region-name stp1 //配置MST域的域名
[Huawei-mst-region]instance 1 vlan 10 //配置多生成树实例和VLAN的映射关系
[Huawei-mst-region]instance 2 vlan 20
[Huawei-mst-region]revision-level 0 //配置MST域的MSTP修订级别
[Huawei-mst-region]check region-configuration //查看MST域配置参数是否正确
[Huawei-mst-region]active region-configuration //激活MST域的配置
[Huawei]stp instance 1 root primary //配置该设备为实例1的根桥
[Huawei]stp instance 2 root secondary //配置该设备为实例2的备份根桥
[Huawei]stp enable //启用MSTP
到此即三层配置完毕。
四、验证
(1)网络连通性验证
首先是4台PC的ip地址以及所处VLAN:
VLAN 10
网关:13.10.0.1
PC1:13.10.0.10
PC3:13.10.0.100
VLAN 20
网关:13.20.0.1
PC2:13.20.0.10
PC4:13.20.0.100
用PC1分别pingPC2、3、4:
我们可以查看一下VRRP与MSTP的相关信息:
首先是VRRP:
SW1:
SW2:
其次是MSTP:
SW1:
SW2:
SW3:
SW4:
(2)假设SW1-SW3线路断掉
理论来说,当SW1-SW3线路断掉,MSTP会自动切换链路,那我们试一试down掉sw1的0/0/3接口模拟线路断裂,网络是否可以自行恢复,我们采用PC1-PC4通信:
我们可以观察到网络会自行恢复,MSTP对选路起到了备份的作用。
(3)假设SW1死机
理论来说,sw1死机以后,网络也是可以自行恢复的,我们来试一试,我们依旧采用PC1-PC4通信:
我们可以观察到网络会自行恢复,起到了VRRP对网关起到备份的作用,MSTP对选路起到备份作用,使得网络可以自行恢复。
五、完整配置
R13
R13完整配置如下:
[r13]display current-configuration
[V200R003C00]
#
sysname r13
#
interface GigabitEthernet0/0/1
ip address 13.0.131.1 255.255.255.0
#
interface GigabitEthernet0/0/2
ip address 13.0.132.1 255.255.255.0
#
ospf 1 router-id 13.13.13.13
default-route-advertise
area 0.0.0.0
network 13.0.131.1 0.0.0.0
network 13.0.132.1 0.0.0.0
sw1
sw1完整配置如下:
[sw1]display current-configuration
#
sysname sw1
#
vlan batch 10 20 100
#
stp instance 1 root primary
stp instance 2 root secondary
#
stp region-configuration
region-name stp1
instance 1 vlan 10
instance 2 vlan 20
active region-configuration
#
interface Vlanif10
ip address 13.10.0.2 255.255.255.0
vrrp vrid 1 virtual-ip 13.10.0.1
vrrp vrid 1 priority 120
vrrp vrid 1 preempt-mode timer delay 3
#
interface Vlanif20
ip address 13.20.0.3 255.255.255.0
vrrp vrid 2 virtual-ip 13.20.0.1
#
interface Vlanif100
ip address 13.0.131.2 255.255.255.0
#
interface MEth0/0/1
#
interface Eth-Trunk1
port link-type trunk
port trunk allow-pass vlan 2 to 4094
#
interface GigabitEthernet0/0/1
eth-trunk 1
#
interface GigabitEthernet0/0/2
eth-trunk 1
#
interface GigabitEthernet0/0/3
port link-type trunk
port trunk allow-pass vlan 2 to 4094
#
interface GigabitEthernet0/0/4
port link-type access
port default vlan 10
#
interface GigabitEthernet0/0/5
port link-type access
port default vlan 100
#
ospf 1 router-id 1.1.1.1
area 0.0.0.0
network 13.0.131.2 0.0.0.0
sw2
sw2完整配置如下:
[sw2]display current-configuration
#
sysname sw2
#
vlan batch 10 20 200
#
stp instance 1 root secondary
stp instance 2 root primary
#
stp region-configuration
region-name stp1
instance 1 vlan 10
instance 2 vlan 20
active region-configuration
#
interface Vlanif1
#
interface Vlanif10
ip address 13.10.0.3 255.255.255.0
vrrp vrid 1 virtual-ip 13.10.0.1
#
interface Vlanif20
ip address 13.20.0.2 255.255.255.0
vrrp vrid 2 virtual-ip 13.20.0.1
vrrp vrid 2 priority 120
vrrp vrid 2 preempt-mode timer delay 3
#
interface Vlanif200
ip address 13.0.132.2 255.255.255.0
#
interface Eth-Trunk1
port link-type trunk
port trunk allow-pass vlan 2 to 4094
#
interface GigabitEthernet0/0/1
eth-trunk 1
#
interface GigabitEthernet0/0/2
eth-trunk 1
#
interface GigabitEthernet0/0/3
port link-type trunk
port trunk allow-pass vlan 2 to 4094
#
interface GigabitEthernet0/0/4
port link-type access
port default vlan 20
#
interface GigabitEthernet0/0/5
port link-type access
port default vlan 200
#
ospf 1 router-id 2.2.2.2
area 0.0.0.0
network 13.0.132.2 0.0.0.0
sw3
sw3完整配置如下:
[sw3]display current-configuration
#
sysname sw3
#
vlan batch 10 20
#
stp region-configuration
region-name stp1
instance 1 vlan 10
instance 2 vlan 20
active region-configuration
#
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 2 to 4094
#
interface GigabitEthernet0/0/2
port link-type access
port default vlan 10
#
interface GigabitEthernet0/0/3
port link-type access
port default vlan 20
#
interface GigabitEthernet0/0/4
port link-type access
port default vlan 20
sw4
sw4完整配置如下:
[sw4]display current-configuration
#
sysname sw4
#
vlan batch 10 20
#
stp region-configuration
region-name stp1
instance 1 vlan 10
instance 2 vlan 20
active region-configuration
#
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 2 to 4094
#
interface GigabitEthernet0/0/2
port link-type access
port default vlan 10
#
interface GigabitEthernet0/0/3
port link-type access
port default vlan 20
#
interface GigabitEthernet0/0/4
port link-type access
port default vlan 10
三层架构顺利,本篇到此结束,仅供参考。
1460
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
