HCIP --- 真机实验

一、基于10.0.0.0/8划分IP地址

10.0.0.0/24 --- 用于互联IP

C1 -- C2        10.0.0.0/30

C1 -- D1        10.0.0.4/30

C1 -- D2        10.0.0.8/30

C1 -- D5        10.0.0.12/30       

C1 -- D6        10.0.0.16/30

C1 -- F1        10.0.0.20/30

C2 -- F1        10.0.0.24/30

C2 -- D1        10.0.0.28/30

C2 -- D2        10.0.0.32/30

C2 -- D5        10.0.0.36/30

D2 -- D6        10.0.0.40/30

D1 -- D2        10.0.0.44/30

D5 -- D6        10.0.0.48/30

服务器区

10.1.80.0/24

10.1.81.0/24

10.1.85.0/24

10.1.86.0/24

10.1.90.0/24

办公区

10.1.10.0/24

10.1.15.0/24

10.1.21.0/24

10.1.22.0/24

10.1.23.0/24

生产区

10.1.100.0/24

10.1.110.0/24

10.1.120.0/24

交换机管理

10.1.255.0/24

二、生产区交换需求

二层使用MSTP+VRRP实现破环和冗余

1. 交换机之间trunk使用最少vlan透传原则

2. D-1，D-2之间链路做聚合

[D-1]interface Eth-Trunk 1

[D-1-Eth-Trunk1]mode manual load-balance

[D-1-Eth-Trunk1]trunkport GigabitEthernet 0/0/1 0/0/2

[D-2]interface Eth-Trunk 1

[D-2-Eth-Trunk1]mode manual load-balance

[D-2-Eth-Trunk1]trunkport GigabitEthernet 0/0/1 0/0/2

3. MSTP name配置为SC

4. MSTP 实例映射为:    

instance 1  vlan 100 255    

instance 2  vlan 110 120

[D-1]vlan batch 100 110 120 255

[D-1-GigabitEthernet0/0/9]port link-type trunk 
[D-1-GigabitEthernet0/0/9]port trunk allow-pass vlan 100 110 120 255

[D-1-GigabitEthernet0/0/10]port link-type trunk
[D-1-GigabitEthernet0/0/10]port trunk allow-pass vlan 100 110 120 255

[D-1-Eth-Trunk1]port link-type trunk 
[D-1-Eth-Trunk1]port trunk allow-pass vlan 100 110 120 255

[D-1]stp mode mstp

[D-1]stp region-configuration 
[D-1-mst-region]region-name SC
[D-1-mst-region]revision-level 10
[D-1-mst-region]instance 1 vlan 100 255
[D-1-mst-region]instance 2 vlan 110 120
[D-1-mst-region]active region-configuration 

[D-2]vlan batch 100 110 120 255

[D-2-GigabitEthernet0/0/3]port link-type trunk
[D-2-GigabitEthernet0/0/3]port trunk allow-pass vlan 100 110 120 255

[D-2-GigabitEthernet0/0/4]port link-type trunk
[D-2-GigabitEthernet0/0/4]port trunk allow-pass vlan 100 110 120 255

[D-2-Eth-Trunk1]port link-type trunk
[D-2-Eth-Trunk1]port trunk allow-pass vlan 100 110 120 255

[D-2]stp mode mstp 
[D-2]stp region-configuration 
[D-2-mst-region]region-name SC
[D-2-mst-region]revision-level 10
[D-2-mst-region]instance 1 vlan 100 255
[D-2-mst-region]instance 2 vlan 110 120
[D-2-mst-region]active region-configuration

[A-1]vlan batch 100 110 120 255

[A-1-GigabitEthernet0/0/9]port link-type trunk
[A-1-GigabitEthernet0/0/9]port trunk allow-pass vlan 100 110 120 255

[A-1-GigabitEthernet0/0/3]port link-type trunk
[A-1-GigabitEthernet0/0/3]port trunk allow-pass vlan 100 110 120 255

[A-1]stp mode mstp 
[A-1]stp region-configuration 
[A-1-mst-region]region-name SC
[A-1-mst-region]revision-level 10
[A-1-mst-region]instance 1 vlan 100 255        
[A-1-mst-region]instance 2 vlan 110 120
[A-1-mst-region]active region-configuration

[A-2]vlan batch 100 110 120 255

[A-2]port-group group-member g0/0/10 g0/0/4
[A-2-port-group]port link-type trunk
[A-2-GigabitEthernet0/0/10]port link-type trunk
[A-2-GigabitEthernet0/0/4]port link-type trunk

[A-2-port-group]port trunk allow-pass vlan 100 110 120 255
[A-2-GigabitEthernet0/0/10]port trunk allow-pass vlan 100 110 120 255
[A-2-GigabitEthernet0/0/4]port trunk allow-pass vlan 100 110 120 255

[A-2]stp mode mstp 
[A-2]stp region-configuration 
[A-2-mst-region]region-name SC
[A-2-mst-region]revision-level 10
[A-2-mst-region]instance 1 vlan 100 255      
[A-2-mst-region]instance 2 vlan 110 120
[A-2-mst-region]active region-configuration

5. D-1为实例1，0的根，实例2的备份根

[D-1]stp instance 0 root primary 
[D-1]stp instance 1 root primary
[D-1]stp instance 2 root secondary

6. D-2为实例2的根，实例1，0的备份根

[D-2]stp instance 2 root primary 
[D-2]stp instance 1 root secondary 
[D-2]stp instance 0 root secondary

7. 所有access接口配置为边缘接口，并配置BPDU保护

[A-1-GigabitEthernet0/0/1]port link-type access 
[A-1-GigabitEthernet0/0/1]port default vlan 100
[A-1-GigabitEthernet0/0/1]stp edged-port enable 

[A-1-GigabitEthernet0/0/2]port link-type access
[A-1-GigabitEthernet0/0/2]port default vlan 110
[A-1-GigabitEthernet0/0/2]stp edged-port enable

[A-1]stp bpdu-protection

[A-2-GigabitEthernet0/0/1]port link-type access
[A-2-GigabitEthernet0/0/1]port default vlan 120
[A-2-GigabitEthernet0/0/1]stp edged-port enable

[A-2]stp bpdu-protection

8. D-1为vlanif 100 的master，D-2为backup

[D-1]interface Vlanif 100
[D-1-Vlanif100]ip address 10.1.100.1 24

[D-1-Vlanif100]vrrp vrid 1 virtual-ip 10.1.100.254

[D-1-Vlanif100]vrrp vrid 1 priority 105

[D-2]interface Vlanif 100
[D-2-Vlanif100]ip address 10.1.100.2 24
[D-2-Vlanif100]vrrp vrid 1 virtual-ip 10.1.100.254

9. D-2为vlanif 110 120的master，D-1为backup

[D-1]interface Vlanif 110
[D-1-Vlanif110]ip address 10.1.110.1 24
[D-1-Vlanif110]vrrp vrid 1 virtual-ip 10.1.110.254

[D-2]interface Vlanif 110
[D-2-Vlanif110]ip address 10.1.110.2 24
[D-2-Vlanif110]vrrp vrid 1 virtual-ip 10.1.110.254

[D-2-Vlanif110]vrrp vrid 1 priority 105

[D-1]interface Vlanif 120
[D-1-Vlanif120]ip address 10.1.120.1 24
[D-1-Vlanif120]vrrp vrid 1 virtual-ip 10.1.120.254

[D-2]interface Vlanif 120
[D-2-Vlanif120]ip address 10.1.120.2 24
[D-2-Vlanif120]vrrp vrid 1 virtual-ip 10.1.120.254
[D-2-Vlanif120]vrrp vrid 1 priority 105

10. D-1与D-2的VRRP需监控上行链路，双上行都down时切换网关，抢占延时为20s

[D-1-Vlanif100]vrrp vrid 1 track interface g0/0/5 reduced 3
[D-1-Vlanif100]vrrp vrid 1 track interface g0/0/6 reduced 3

[D-2-Vlanif100]vrrp vrid 1 preempt-mode timer delay 20

[D-2-Vlanif110]vrrp vrid 1 track interface g0/0/6 reduced 3
[D-2-Vlanif110]vrrp vrid 1 track interface g0/0/7 reduced 3

[D-1-Vlanif110]vrrp vrid 1 preempt-mode timer delay 20

[D-2-Vlanif120]vrrp vrid 1 track interface g0/0/6 reduced 3
[D-2-Vlanif120]vrrp vrid 1 track interface g0/0/7 reduced 3

[D-1-Vlanif120]vrrp vrid 1 preempt-mode timer delay 20

三、办公区交换需求

二层使用MSTP+VRRP实现破环和冗余

1. 交换机之间trunk使用最少vlan透传原则

2. D-5,D-6之间链路做聚合

[D-5]interface Eth-Trunk 1
[D-5-Eth-Trunk1]mode lacp-static 
[D-5-Eth-Trunk1]trunkport GigabitEthernet 0/0/1 0/0/2

[D-6]interface Eth-Trunk 1
[D-6-Eth-Trunk1]mode lacp-static 
[D-6-Eth-Trunk1]trunkport GigabitEthernet 0/0/1 0/0/2

3. MSTP name配置为BG

4. MSTP 实例映射为:    

instance 1  vlan 10 15    

instance 2  vlan 21 22 23 255

[D-5]vlan batch 10 15 21 22 23 255

[D-5]port-group group-member g0/0/11 g0/0/12
[D-5-port-group]port link-type trunk 
[D-5-GigabitEthernet0/0/11]port link-type trunk 
[D-5-GigabitEthernet0/0/12]port link-type trunk 
[D-5-port-group]port trunk allow-pass vlan 10 15 21 22 23 255
[D-5-GigabitEthernet0/0/11]port trunk allow-pass vlan 10 15 21 22 23 255
[D-5-GigabitEthernet0/0/12]port trunk allow-pass vlan 10 15 21 22 23 255

[D-5-Eth-Trunk1]port link-type trunk
[D-5-Eth-Trunk1]port trunk allow-pass vlan 10 15 21 22 23 255

[D-5]stp mode mstp 
[D-5]stp region-configuration 
[D-5-mst-region]region-name BG
[D-5-mst-region]revision-level 10
[D-5-mst-region]instance 1 vlan 10 15
[D-5-mst-region]instance 2 vlan 21 22 23 255
[D-5-mst-region]active region-configuration 

[D-6]vlan batch 10 15 21 22 23 255

[D-6]port-group group-member g0/0/3 g0/0/4
[D-6-port-group]port link-type trunk
[D-6-GigabitEthernet0/0/3]port link-type trunk
[D-6-GigabitEthernet0/0/4]port link-type trunk
[D-6-port-group]port trunk allow-pass vlan 10 15 21 22 23 255
[D-6-GigabitEthernet0/0/3]port trunk allow-pass vlan 10 15 21 22 23 255
[D-6-GigabitEthernet0/0/4]port trunk allow-pass vlan 10 15 21 22 23 255

[D-6-Eth-Trunk1]port link-type trunk
[D-6-Eth-Trunk1]port trunk allow-pass vlan 10 15 21 22 23 255

[D-6]stp mode mstp 
[D-6]stp region-configuration 
[D-6-mst-region]region-name BG
[D-6-mst-region] revision-level 10
[D-6-mst-region] instance 1 vlan 10 15
[D-6-mst-region] instance 2 vlan 21 to 23 255
[D-6-mst-region] active region-configuration

[A-3]vlan batch 10 15  21 22 23 255

[A-3]port-group group-member g0/0/11 g0/0/3
[A-3-port-group]port link-type trunk 
[A-3-GigabitEthernet0/0/11]port link-type trunk 
[A-3-GigabitEthernet0/0/3]port link-type trunk 
[A-3-port-group]port trunk allow-pass vlan 10 15 21 22 23 255
[A-3-GigabitEthernet0/0/11]port trunk allow-pass vlan 10 15 21 22 23 255
[A-3-GigabitEthernet0/0/3]port trunk allow-pass vlan 10 15 21 22 23 255

[A-3]stp mode mstp 
[A-3]stp region-configuration 
[A-3-mst-region]region-name BG
[A-3-mst-region] revision-level 10
[A-3-mst-region] instance 1 vlan 10 15
[A-3-mst-region] instance 2 vlan 21 to 23 255
[A-3-mst-region] active region-configuration

[A-4]vlan batch 10 15 21 22 23 255

[A-4]port-group group-member g0/0/4 g0/0/12
[A-4-port-group]port link-type trunk 
[A-4-GigabitEthernet0/0/4]port link-type trunk 
[A-4-GigabitEthernet0/0/12]port link-type trunk 
[A-4-port-group]port trunk allow-pass vlan 10 15 21 22 23 255
[A-4-GigabitEthernet0/0/4]port trunk allow-pass vlan 10 15 21 22 23 255
[A-4-GigabitEthernet0/0/12]port trunk allow-pass vlan 10 15 21 22 23 255

[A-4]stp mode mstp
[A-4]stp region-configuration 
[A-4-mst-region]region-name BG
[A-4-mst-region] revision-level 10
[A-4-mst-region] instance 1 vlan 10 15
[A-4-mst-region] instance 2 vlan 21 to 23 255
[A-4-mst-region] active region-configuration

5. D-5为实例1，0的根，实例2的备份根

[D-5]stp instance 0 root primary 
[D-5]stp instance 1 root primary
[D-5]stp instance 2 root secondary

6. D-6为实例2的根，实例1，0的备份根

[D-6]stp instance 2 root primary 
[D-6]stp instance 0 root secondary 
[D-6]stp instance 1 root secondary

7. 所有access接口配置为边缘接口，并配置BPDU保护

[A-3-GigabitEthernet0/0/1]port link-type access 
[A-3-GigabitEthernet0/0/1]port default vlan 10
[A-3-GigabitEthernet0/0/1]stp edged-port enable 

[A-3-GigabitEthernet0/0/2]port link-type access 
[A-3-GigabitEthernet0/0/2]port default vlan 15
[A-3-GigabitEthernet0/0/2]stp edged-port enable 

[A-3]stp bpdu-protection

[A-4-GigabitEthernet0/0/1]port link-type access
[A-4-GigabitEthernet0/0/1]port default vlan 21
[A-4-GigabitEthernet0/0/1]stp edged-port enable

[A-4-GigabitEthernet0/0/2]port link-type access
[A-4-GigabitEthernet0/0/2]port default vlan 22
[A-4-GigabitEthernet0/0/2]stp edged-port enable

[A-4-GigabitEthernet0/0/3]port link-type access
[A-4-GigabitEthernet0/0/3]port default vlan 23
[A-4-GigabitEthernet0/0/3]stp edged-port enable

[A-4]stp bpdu-protection 

8. D-5为vlanif 10 15 的master，D-6为backup

[D-5]interface Vlanif 10
[D-5-Vlanif10]ip address 10.2.10.1 24
[D-5-Vlanif10]vrrp vrid 1 virtual-ip 10.2.10.254
[D-5-Vlanif10]vrrp vrid 1 priority 105

[D-5]interface Vlanif 15
[D-5-Vlanif15]ip address 10.2.15.1 24
[D-5-Vlanif15]vrrp vrid 1 virtual-ip 10.2.15.254
[D-5-Vlanif15]vrrp vrid 1 priority 105

[D-6]interface Vlanif 10
[D-6-Vlanif10]ip address 10.2.10.2 24
[D-6-Vlanif10]vrrp vrid 1 virtual-ip 10.2.10.254

[D-6]interface Vlanif 15
[D-6-Vlanif15]ip address 10.2.15.2 24
[D-6-Vlanif15]vrrp vrid 1 virtual-ip 10.2.15.254

9. D-6为vlanif 21 22 23的master，D-5为backup

[D-5]interface Vlanif 21
[D-5-Vlanif21]ip address 10.2.21.1 24
[D-5-Vlanif21]vrrp vrid 1 virtual-ip 10.2.21.254

[D-5]interface Vlanif 22
[D-5-Vlanif22]ip address 10.2.22.1 24
[D-5-Vlanif22]vrrp vrid 1 virtual-ip 10.2.22.254

[D-5]interface Vlanif 23
[D-5-Vlanif23]ip address 10.2.23.1 24
[D-5-Vlanif23]vrrp vrid 1 virtual-ip 10.2.23.254

[D-6]interface Vlanif 21
[D-6-Vlanif21]ip address 10.2.21.2 24
[D-6-Vlanif21]vrrp vrid 1 virtual-ip 10.2.21.254
[D-6-Vlanif21]vrrp vrid 1 priority 105

[D-6]interface Vlanif 22
[D-6-Vlanif22]ip address 10.2.22.2 24
[D-6-Vlanif22]vrrp vrid 1 virtual-ip 10.2.22.254
[D-6-Vlanif22]vrrp vrid 1 priority 105

[D-6]interface Vlanif 23
[D-6-Vlanif23]ip address 10.2.23.2 24
[D-6-Vlanif23]vrrp vrid 1 virtual-ip 10.2.23.254
[D-6-Vlanif23]vrrp vrid 1 priority 105

10. D-5与D-6的VRRP需监控上行链路，双上行都down时切换网关，抢占延时为20s

[D-5]interface Vlanif 10
[D-5-Vlanif10]vrrp vrid 1 track interface g0/0/7 reduced 3
[D-5-Vlanif10]vrrp vrid 1 track interface g0/0/8 reduced 3

[D-6-Vlanif10]vrrp vrid 1 preempt-mode timer delay 20

[D-5]interface Vlanif 15
[D-5-Vlanif15]vrrp vrid 1 track interface g0/0/7 reduced 3
[D-5-Vlanif15]vrrp vrid 1 track interface g0/0/8 reduced 3

[D-6-Vlanif15]vrrp vrid 1 preempt-mode timer delay 20

[D-6]interface Vlanif 21
[D-6-Vlanif21]vrrp vrid 1 track interface g0/0/5 reduced 3
[D-6-Vlanif21]vrrp vrid 1 track interface g0/0/8 reduced 3

[D-5-Vlanif21]vrrp vrid 1 preempt-mode timer delay 20

[D-6]interface Vlanif 22  
[D-6-Vlanif22]vrrp vrid 1 track interface g0/0/5 reduced 3
[D-6-Vlanif22]vrrp vrid 1 track interface g0/0/8 reduced 3

[D-5-Vlanif22]vrrp vrid 1 preempt-mode timer delay 20

[D-6]interface Vlanif 23
[D-6-Vlanif23]vrrp vrid 1 track interface g0/0/5 reduced 3
[D-6-Vlanif23]vrrp vrid 1 track interface g0/0/8 reduced 3

[D-5-Vlanif23]vrrp vrid 1 preempt-mode timer delay 20

四、服务器区交换需求（未完成）

二层使用MSTP+VRRP实现破环和冗余

1. 交换机之间trunk使用最少vlan透传原则

2. C-1,C-2之间链路做聚合

[C-1]interface Eth-Trunk 1

[C-1-Eth-Trunk1]trunkport GigabitEthernet 0/0/9 0/0/10

[C-2]interface Eth-Trunk 1

[C-2-Eth-Trunk1]trunkport GigabitEthernet 0/0/9 0/0/10

3. D-3,D-4之间链路做聚合

[D-3]interface Eth-Trunk 1
[D-3-Eth-Trunk1]trunkport GigabitEthernet 0/0/1 0/0/2

[D-4]interface Eth-Trunk 1
[D-4-Eth-Trunk1]trunkport GigabitEthernet 0/0/1 0/0/2

4. MSTP name配置为FWQ

5. MSTP 实例映射为:     instance 1  vlan 80 81 90     instance 2  vlan 85 86

[D-3]vlan batch 80 81 85 86 90 

[D-3]interface Eth-Trunk 1
[D-3-Eth-Trunk1]port link-type trunk
[D-3-Eth-Trunk1]port trunk allow-pass vlan 80 81 85 86 90

[D-3]stp mode mstp
[D-3]stp region-configuration
[D-3-mst-region]region-name FWQ
[D-3-mst-region] revision-level 10
[D-3-mst-region] instance 1 vlan 80 to 81 90
[D-3-mst-region] instance 2 vlan 85 to 86
[D-3-mst-region] active region-configuration

[D-4]vlan batch 80 81 85 86 90

[D-4]interface Eth-Trunk 1
[D-4-Eth-Trunk1]port link-type trunk
[D-4-Eth-Trunk1]port trunk allow-pass vlan 80 81 85 86 90

[D-4]stp mode mstp
[D-4]stp region-configuration
[D-4-mst-region]region-name FWQ
[D-4-mst-region] revision-level 10
[D-4-mst-region] instance 1 vlan 80 to 81 90
[D-4-mst-region] instance 2 vlan 85 to 86
[D-4-mst-region] active region-configuration

6. D-3为实例1，0的根，实例2的备份根

[D-3]stp instance 0 root primary 
[D-3]stp instance 1 root primary
[D-3]stp instance 2 root secondary 

7. D-4为实例2的根，实例1，0的备份根

[D-4]stp instance 2 root primary 
[D-4]stp instance 0 root secondary 
[D-4]stp instance 1 root secondary

8. 所有access接口配置为边缘接口，并配置BPDU保护

D-3

interface GigabitEthernet0/0/5
 port link-type access
 port default vlan 80
 stp edged-port enable

interface GigabitEthernet0/0/6
 port link-type access
 port default vlan 81
 stp edged-port enable

[D-3]stp bpdu-protection

D-4

interface GigabitEthernet0/0/5
 port link-type access
 port default vlan 85
 stp edged-port enable

interface GigabitEthernet0/0/6
 port link-type access
 port default vlan 86
 stp edged-port enable

[D-4]stp bpdu-protection

9. D-3为vlanif 80 81 90的master，D-4为backup

[D-3]interface Vlanif 80
[D-3-Vlanif80]ip address 10.1.80.1 24
[D-3-Vlanif80]vrrp vrid 1 virtual-ip 10.1.80.254
[D-3-Vlanif80]vrrp vrid 1 priority 105

[D-3]interface Vlanif 81
[D-3-Vlanif81]ip address 10.1.81.1 24
[D-3-Vlanif81]vrrp vrid 1 virtual-ip 10.1.81.254
[D-3-Vlanif81]vrrp vrid 1 priority 105

[D-3]interface Vlanif 90
[D-3-Vlanif90]ip address 10.1.90.1 24
[D-3-Vlanif90]vrrp vrid 1 virtual-ip 10.1.90.254
[D-3-Vlanif90]vrrp vrid 1 priority 105

[D-3]interface Vlanif 85
[D-3-Vlanif85]ip address 10.1.85.1 24
[D-3-Vlanif85]vrrp vrid 1 virtual-ip 10.1.85.254

[D-3]interface Vlanif 86
[D-3-Vlanif86]ip address 10.1.86.1 24
[D-3-Vlanif86]vrrp vrid 1 virtual-ip 10.1.86.254

10. D-4为vlanif 85 86 的master，D-3为backup

[D-4]interface Vlanif 80
[D-4-Vlanif80]ip address 10.1.80.2 24
[D-4-Vlanif80]vrrp vrid 1 virtual-ip 10.1.80.254

[D-4]interface Vlanif 81
[D-4-Vlanif81]ip address 10.1.81.2 24
[D-4-Vlanif81]vrrp vrid 1 virtual-ip 10.1.81.254

[D-4]interface Vlanif 90
[D-4-Vlanif90]ip address 10.1.90.2 24
[D-4-Vlanif90]vrrp vrid 1 virtual-ip 10.1.90.254

[D-4]interface Vlanif 85
[D-4-Vlanif85]ip address 10.1.85.2 24
[D-4-Vlanif85]vrrp vrid 1 virtual-ip 10.1.85.254
[D-4-Vlanif85]vrrp vrid 1 priority 105

[D-4]interface Vlanif 86
[D-4-Vlanif86]ip address 10.1.86.2 24
[D-4-Vlanif86]vrrp vrid 1 virtual-ip 10.1.86.254
[D-4-Vlanif86]vrrp vrid 1 priority 105

11. D-3与D-4的VRRP需监控上行链路，双上行都down时切换网关，抢占延时为20s

[D-3]interface Vlanif 80

[D-3-Vlanif80]vrrp vrid 1 track interface g0/0/3 reduced 3
[D-3-Vlanif80]vrrp vrid 1 track interface g0/0/4 reduced 3

[D-4-Vlanif80]vrrp vrid 1 preempt-mode timer delay 20

[D-3]interface Vlanif 81
[D-3-Vlanif81]vrrp vrid 1 track interface GigabitEthernet0/0/3 reduced 3
[D-3-Vlanif81] vrrp vrid 1 track interface GigabitEthernet0/0/4 reduced 3

[D-4-Vlanif81]vrrp vrid 1 preempt-mode timer delay 20

[D-3]interface Vlanif 90
[D-3-Vlanif90]vrrp vrid 1 track interface GigabitEthernet0/0/3 reduced 3
[D-3-Vlanif90] vrrp vrid 1 track interface GigabitEthernet0/0/4 reduced 3

[D-4-Vlanif90]vrrp vrid 1 preempt-mode timer delay 20

[D-4]interface Vlanif 85
[D-4-Vlanif85] vrrp vrid 1 track interface GigabitEthernet0/0/3 reduced 3
[D-4-Vlanif85] vrrp vrid 1 track interface GigabitEthernet0/0/4 reduced 3

[D-3-Vlanif85]vrrp vrid 1 preempt-mode timer delay 20

[D-4]interface Vlanif 86
[D-4-Vlanif86] vrrp vrid 1 track interface GigabitEthernet0/0/3 reduced 3
[D-4-Vlanif86] vrrp vrid 1 track interface GigabitEthernet0/0/4 reduced 3

[D-3-Vlanif86]vrrp vrid 1 preempt-mode timer delay 20

五、路由设计

1、配置IP地址

C1-C2

[C-1]vlan 1101
[C-1]interface Vlanif 1101
[C-1-Vlanif1101]ip address 10.0.12.129 30

[C-2]vlan 1101
[C-2]interface Vlanif 1101
[C-2-Vlanif1101]ip address 10.0.12.130 30

D1-D2

[D-1]vlan 1102
[D-1]interface Vlanif 1102
[D-1-Vlanif1102]ip address 10.1.13.129 30

[D-2]vlan 1102
[D-2]interface Vlanif 1102
[D-2-Vlanif1102]ip address 10.1.13.130 30

D5-D6

[D-5]vlan 1103
[D-5]interface Vlanif 1103
[D-5-Vlanif1103]ip address 10.2.14.129 30

[D-6]vlan 1103
[D-6]interface Vlanif 1103
[D-6-Vlanif1103]ip address 10.2.14.130 30

C1-D1

[C-1]vlan 1104
[C-1]interface Vlanif 1104
[C-1-Vlanif1104]ip address 10.1.15.129 30

[D-1]vlan 1104
[D-1]interface Vlanif 1104
[D-1-Vlanif1104]ip address 10.1.15.130 30

C1-D2

[C-1]vlan 1105
[C-1]interface Vlanif 1105
[C-1-Vlanif1105]ip address 10.1.16.129 30

[D-2]vlan 1105
[D-2]interface Vlanif 1105 
[D-2-Vlanif1105]ip address 10.1.16.130 30

C1-F1

[C-1]vlan 1106
[C-1]interface Vlanif 1106
[C-1-Vlanif1106]ip address 10.0.17.129 30

[F-1]interface g0/0/1
[F-1-GigabitEthernet0/0/1]ip address 10.0.17.130 30

C1-D5

[C-1]vlan 1107 
[C-1]interface Vlanif 1107
[C-1-Vlanif1107]ip address 10.2.18.129 30

[D-5]vlan 1107
[D-5]interface Vlanif 1107
[D-5-Vlanif1107]ip address 10.2.18.130 30

C1-D6

[C-1]vlan 1108
[C-1]interface Vlanif 1108
[C-1-Vlanif1108]ip address 10.2.19.129 30

[D-6]vlan 1108
[D-6]interface Vlanif 1108
[D-6-Vlanif1108]ip address 10.2.19.130 30

C2-D1

[C-2]vlan 1109
[C-2]interface Vlanif 1109 
[C-2-Vlanif1109]ip address 10.1.20.129 30

[D-1]vlan 1109
[D-1]interface Vlanif 1109
[D-1-Vlanif1109]ip address 10.1.20.130 30

C2-D2

[C-2]vlan 1110
[C-2]interface Vlanif 1110
[C-2-Vlanif1110]ip address 10.1.21.129 30

[D-2]vlan 1110
[D-2]interface Vlanif 1110
[D-2-Vlanif1110]ip address 10.1.21.130 30

C2-D5

[C-2]vlan 1111
[C-2]interface Vlanif 1111
[C-2-Vlanif1111]ip address 10.2.22.129 30

[D-5]vlan 1111
[D-5]interface Vlanif 1111
[D-5-Vlanif1111]ip address 10.2.22.130 30

C2-D6

[C-2]vlan 1112
[C-2]interface Vlanif 1112
[C-2-Vlanif1112]ip address 10.2.23.129 30

[D-6]vlan 1112
[D-6]interface Vlanif 1112
[D-6-Vlanif1112]ip address 10.2.23.130 30

C2-F1

[C-2]vlan 1113
[C-2]interface Vlanif 1113
[C-2-Vlanif1113]ip address 10.0.24.129 30

[F-1]interface g0/0/2
[F-1-GigabitEthernet0/0/2]ip address 10.0.24.130 30

1.OSPF区域划分:

1.1 F-1,C-1,C-2互联链路属于area0

[F-1]ospf 1 router-id 1.1.1.1
[F-1-ospf-1]area 0
[F-1-ospf-1-area-0.0.0.0]network 10.0.0.0 0.0.255.255

[C-1]ospf 1 router-id 2.2.2.2
[C-1-ospf-1]area 0
[C-1-ospf-1-area-0.0.0.0]network 10.0.0.0 0.0.255.255

[C-2]ospf 1 router-id 3.3.3.3
[C-2-ospf-1]area 0
[C-2-ospf-1-area-0.0.0.0]network 10.0.0.0 0.0.255.255

1.2 C-1与D-1、D-2链路，C-2与D-1、D-2，D-1与D-2链路属于area 1 生产区vlan网段属于area1

[C-1-ospf-1-area-0.0.0.1]network 10.1.0.0 0.0.255.255

[C-2-ospf-1-area-0.0.0.1]network 10.1.0.0 0.0.255.255

[D-1]ospf 1 router-id 4.4.4.4
[D-1-ospf-1]area 1
[D-1-ospf-1-area-0.0.0.1]network 10.1.0.0 0.0.255.255

[D-2]ospf 1 router-id 5.5.5.5
[D-2-ospf-1]area 1
[D-2-ospf-1-area-0.0.0.1]network 10.1.0.0 0.0.255.255

1.3 C-1与D-5、D-6链路，C-2与D-5、D-6，D-5与D-6链路属于area 2 办公区vlan网段属于area2

[C-1-ospf-1-area-0.0.0.2]network 10.2.0.0 0.0.255.255

[C-2-ospf-1-area-0.0.0.2]network 10.2.0.0 0.0.255.255

[D-5]ospf 1 router-id 6.6.6.6
[D-5-ospf-1]area 2
[D-5-ospf-1-area-0.0.0.2]network 10.2.0.0 0.0.255.255

[D-6]ospf 1 router-id 7.7.7.7
[D-6-ospf-1]area 2
[D-6-ospf-1-area-0.0.0.2]network 10.2.0.0 0.0.255.255

修改C-1、C-2、D-1、D-2、D-5、D-6上行接口为access

[C-1-GigabitEthernet0/0/1]port link-type access 
[C-1-GigabitEthernet0/0/1]port default vlan 1106

[C-1-Eth-Trunk1]port link-type access
[C-1-Eth-Trunk1]port default vlan 1101

[C-1-GigabitEthernet0/0/5]port link-type access 
[C-1-GigabitEthernet0/0/5]port default vlan 1104

[C-1-GigabitEthernet0/0/6]port link-type access 
[C-1-GigabitEthernet0/0/6]port default vlan 1105

[C-1-GigabitEthernet0/0/7]port link-type access
[C-1-GigabitEthernet0/0/7]port default vlan 1107

[C-1-GigabitEthernet0/0/8]port link-type access
[C-1-GigabitEthernet0/0/8]port default vlan 1108

[C-2-GigabitEthernet0/0/2]port link-type access
[C-2-GigabitEthernet0/0/2]port default vlan 1113

[C-2-Eth-Trunk1]port link-type access
[C-2-Eth-Trunk1]port default vlan 1101

[C-2-GigabitEthernet0/0/6]port link-type access
[C-2-GigabitEthernet0/0/6]port default vlan 1109

[C-2-GigabitEthernet0/0/7]port link-type access
[C-2-GigabitEthernet0/0/7]port default vlan 1110

[C-2-GigabitEthernet0/0/8]port link-type access
[C-2-GigabitEthernet0/0/8]port default vlan 1111

[C-2-GigabitEthernet0/0/5]port link-type access
[C-2-GigabitEthernet0/0/5]port default vlan 1112

[D-1-GigabitEthernet0/0/5]port link-type access 
[D-1-GigabitEthernet0/0/5]port default vlan 1104

[D-1-GigabitEthernet0/0/6]port link-type access
[D-1-GigabitEthernet0/0/6]port default vlan 1109

interface Eth-Trunk1
 port link-type trunk
 port trunk allow-pass vlan 100 110 120 255 1102

[D-2-GigabitEthernet0/0/6]port link-type access
[D-2-GigabitEthernet0/0/6]port default vlan 1105

[D-2-GigabitEthernet0/0/7]port link-type access
[D-2-GigabitEthernet0/0/7]port default vlan 1110

#
interface Eth-Trunk1
 port link-type trunk
 port trunk allow-pass vlan 100 110 120 255
#
[D-2-Eth-Trunk1]port trunk allow-pass vlan 100 110 120 255 1102

[D-5-GigabitEthernet0/0/7]port link-type access
[D-5-GigabitEthernet0/0/7]port default vlan 1107

[D-5-GigabitEthernet0/0/8]port link-type access
[D-5-GigabitEthernet0/0/8]port default vlan 1111

#
interface Eth-Trunk1
 port link-type trunk
 port trunk allow-pass vlan 10 15 21 to 23 255
 mode lacp-static
#
[D-5-Eth-Trunk1]port trunk allow-pass vlan 10 15 21 to 23 255 1103

[D-6-GigabitEthernet0/0/8]port link-type access
[D-6-GigabitEthernet0/0/8] port default vlan 1108

[D-6-GigabitEthernet0/0/5]port link-type access
[D-6-GigabitEthernet0/0/5]port default vlan 1112

interface Eth-Trunk1
 port link-type trunk
 port trunk allow-pass vlan 10 15 21 to 23 255 1103

1.4 C-1,C-2设备上服务器区的网段属于area3

1.5 vlan255网段各自宣告在设备所在区域，C1-C2的宣告在area0

2. 生产区去F-1,生产服务器流量走C-1，C-2备份，来回路径一致

3. 办公区区F-1,OA,ERP服务器流量走C-2，C-1备份，来回路径一致

4. area1与area2设置为total stub区域

[C-1-ospf-1-area-0.0.0.1]stub no-summary 
[C-1-ospf-1-area-0.0.0.2]stub no-summary 

[C-2-ospf-1-area-0.0.0.1]stub no-summary 
[C-2-ospf-1-area-0.0.0.2]stub no-summary 

配置完后和C1-C2断开了OSPF邻居关系？

汇总area 1、area 2
[C-1-ospf-1-area-0.0.0.1]abr-summary 10.1.0.0 255.255.0.0
[C-1-ospf-1-area-0.0.0.2]abr-summary 10.2.0.0 255.255.0.0

[C-2-ospf-1-area-0.0.0.1]abr-summary 10.1.0.0 255.255.0.0
[C-2-ospf-1-area-0.0.0.2]abr-summary 10.2.0.0 255.255.0.0

5. area0 做OSPF的区域认证

6. ospf优化

6.1. 热备网关配置禁默接口，不让热备网关之间建立ospf的邻居

6.2. 对于俩点之间的MA网络，优化OSPF的网络类型为P2P

6.3. 对于ospf的收敛加速hello时间为1s