526互联

Huawei VRRP+MSTP组网实验-ensp

发布时间 2023-04-15 20:57:00作者: 陌熊

一、基本环境

IP地址规划:

  • 互联网公网IP地址:
    Router:121.1.1.0/30
  • 内网互联地址:
    Leaf1:10.0.0.0/30
    Leaf2:10.0.1.0/30
  • 内网vlan网关:
    vlan 100 :192.168.100.1 24
    vlan 200 :192.168.200.1 24

二、拓扑结构

image

三、实验配置

出口网关

ISP网络配置

[ISP]interface GigabitEthernet 0/0/0
[ISP-GigabitEthernet0/0/0]ip add 121.1.1.1 30
[ISP-GigabitEthernet0/0/0]quit

Router网络配置

[Router]acl 2000
[Router-acl-basic-2000]rule 5 permit source any
[Router-GigabitEthernet0/0/0]nat outbound 2000
[Router]interface GigabitEthernet 0/0/0
[Router-GigabitEthernet0/0/0]ip add 121.1.1.2 30
[Router-GigabitEthernet0/0/0]quit
[Router]interface GigabitEthernet 0/0/1
[Router-GigabitEthernet0/0/1]interface GigabitEthernet 2/0/1
[Router-GigabitEthernet2/0/1]ip add 10.0.1.1 30
[Router-GigabitEthernet2/0/1]quit
[Router]interface GigabitEthernet 2/0/0
[Router-GigabitEthernet2/0/0]ip add 10.0.0.1 30
[Router-GigabitEthernet2/0/0]quit
[Router]ip route-static 0.0.0.0 0 121.1.1.1
[Router]ip route-static 192.168.100.0 24 10.0.0.2
[Router]ip route-static 192.168.100.0 24 10.0.1.2
[Router]ip route-static 192.168.200.0 24 10.0.1.2
[Router]ip route-static 192.168.200.0 24 10.0.0.2

内网上联

Leaf1配置

[Leaf2]vlan 1000
[Leaf2-vlan1000]quit
[Leaf1-vlan1000]int vlan 1000
[Leaf1-Vlanif1000]ip address 10.0.0.2 30
[Leaf1]interface GigabitEthernet 0/0/1
[Leaf1-GigabitEthernet0/0/1]port link-type access
[Leaf1-GigabitEthernet0/0/1]port default vlan 1000
[Leaf1]ip route-static 0.0.0.0 0 10.0.0.1

Leaf2配置

[Leaf2]vlan 1000
[Leaf2-vlan1000]quit
[Leaf2]interface vlan 1000
[Leaf2-Vlanif1000]ip address 10.0.1.2 30
[Leaf2-Vlanif1000]quit
[Leaf2]interface GigabitEthernet 0/0/1
[Leaf2-GigabitEthernet0/0/1]port link-type access
[Leaf2-GigabitEthernet0/0/1]port default vlan 1000
[Leaf2]ip route-static 0.0.0.0 0 10.0.1.1

VRRP配置

Leaf1配置

[Leaf1]vlan batch 100 200
[Leaf1-Vlanif100]ip add 192.168.100.254 24
[Leaf1-Vlanif100]vrrp vrid 1 virtual-ip 192.168.100.1
[Leaf1-Vlanif100]vrrp vrid 1 track interface GigabitEthernet 0/0/1 reduced 30
[Leaf1-Vlanif100]vrrp vrid 1 priority 120
[Leaf1]interface vlan 200
[Leaf1-Vlanif200]ip address 192.168.200.253 255.255.255.0
[Leaf1-Vlanif200]vrrp vrid 2 virtual-ip 192.168.200.1
[Leaf1-Vlanif200]vrrp vrid 2 priority 100
# 配置主备vrrp设备聚合链路
[Leaf1]interface Eth-Trunk 1
[Leaf2-Eth-Trunk1]port link-type trunk
[Leaf2-Eth-Trunk1]port trunk allow-pass vlan all
[Leaf1-Eth-Trunk1]trunkport GigabitEthernet 0/0/3
[Leaf1-Eth-Trunk1]trunkport GigabitEthernet 0/0/4

Leaf2配置

[Leaf2]vlan batch 100 200
[Leaf2-Vlanif100]ip add 192.168.100.253 24
[Leaf2-Vlanif100]vrrp vrid 1 virtual-ip 192.168.100.1
[Leaf2-Vlanif100]vrrp vrid 1 priority 120
[Leaf2]interface vlan 200
[Leaf2-Vlanif200]ip address 192.168.200.254 255.255.255.0
[Leaf2-Vlanif200]vrrp vrid 2 virtual-ip 192.168.200.1
[Leaf2-Vlanif200]vrrp vrid 2 priority 120
[Leaf2-Vlanif200]vrrp vrid 2 track interface GigabitEthernet 0/0/1 reduced 30
# 配置主备vrrp设备聚合链路
[Leaf2]interface Eth-Trunk 1
[Leaf2-Eth-Trunk1]port link-type trunk
[Leaf2-Eth-Trunk1]port trunk allow-pass vlan all
[Leaf2-Eth-Trunk1]trunkport GigabitEthernet 0/0/3
[Leaf2-Eth-Trunk1]trunkport GigabitEthernet 0/0/4

MSTP配置

Leaf1配置

[leaf1]stp enable
[Leaf1]stp mode mstp
[Leaf1]stp region-configuration
[Leaf1-mst-region]instance 1 vlan 100
[Leaf1-mst-region]instance 2 vlan 200
[Leaf1-mst-region]active region-configuration
[Leaf1]stp instance 1 root primary
[Leaf1]stp instance 2 root secondary

Leaf2配置

[leaf2]stp enable
[Leaf2]stp mode mstp
[Leaf2]stp region-configuration
[Leaf2-mst-region]instance 1 vlan 100
[Leaf2-mst-region]instance 2 vlan 200
[Leaf2-mst-region]active region-configuration
[Leaf2]stp instance 1 root secondary
[Leaf2]stp instance 2 root primary

access配置

[access]stp enable
[access]stp mode mstp
[access]stp region-configuration
[access-mst-region]instance 1 vlan 100
[access-mst-region]instance 2 vlan 200
[access-mst-region]active region-configuration

内网下联

Leaf1配置

[Leaf1]interface GigabitEthernet 0/0/2
[Leaf1-GigabitEthernet0/0/2]port trunk allow-pass vlan 100 200
[Leaf1-GigabitEthernet0/0/2]undo port trunk allow-pass vlan 1

Leaf2配置

[Leaf2]interface GigabitEthernet 0/0/2
[Leaf2-GigabitEthernet0/0/2]port trunk allow-pass vlan 100 200
[Leaf2-GigabitEthernet0/0/2]undo port trunk allow-pass vlan 1

access配置

[access]interface GigabitEthernet 0/0/3
[access-GigabitEthernet0/0/3]port link-type access
[access-GigabitEthernet0/0/3]port default vlan 100
[access-GigabitEthernet0/0/3]stp edged-port enable
[access-GigabitEthernet0/0/3]quit
[access]interface GigabitEthernet 0/0/4
[access-GigabitEthernet0/0/4]port link-type access
[access-GigabitEthernet0/0/4]port default vlan 200
[access-GigabitEthernet0/0/4]stp edged-port enable
[access-GigabitEthernet0/0/4]quit
[access]interface GigabitEthernet 0/0/1
[access-GigabitEthernet0/0/1]port trunk allow-pass vlan 100 200
[access-GigabitEthernet0/0/1]undo port trunk allow-pass vlan 1
[access]interface GigabitEthernet 0/0/2
[access-GigabitEthernet0/0/2]port trunk allow-pass vlan 100 200
[access-GigabitEthernet0/0/2]undo port trunk allow-pass vlan 1

终端测试

配置PC1.10的地址为100.10
配置PC2.10的地址为200.10

链路完整下测试

两台PC都可以访问互联网
image
image

断开Leaf上联口

image
PC1在掉4个包后恢复
image
PC2在掉4个包后恢复
image

断开Leaf下联口

image
PC丢包后恢复
image
PC2丢包后恢复
image