企业用户访问外网的流量,可能会同时包含二层流量和三层流量(例如,企业内二层VPN用户和三层VPN用户访问MPLS公网)。企业用户希望接入网络既能包含多条接入链路(不同链路之间互为备份)以保障接入的可靠性,又能实现二层流量和三层流量的负载分担,以实现对网络资源的充分利用。
这种情况,可以通过VRRP与MSTP配合部署解决。其中,针对三层流量,在网关部署VRRP;针对二层流量,采用冗余链路,并部署MSTP。这样,即可以提高二、三层接入的可靠性,又可以通过VRRP协议中Master设备与Backup设备的选择、MSTP协议中根桥与备份根桥的选择,实现二、三层流量的负载分担。
核心交换机1配置:
//建立VLAN
system-view immediately //CE系列设备需要增加immediately进入实时生效模式
[HUAWEI]vlan batch 10 20 30 40 50 100
[HUAWEI]
//进入SVI接口配置地址
[HUAWEI]interface Vlanif 10
[HUAWEI-Vlanif10]ip address 192.168.10.252 24
[HUAWEI-Vlanif10]quit
[HUAWEI]interface Vlanif 20
[HUAWEI-Vlanif20]ip address 192.168.20.252 24
[HUAWEI-Vlanif20]quit
[HUAWEI]interface Vlanif 30
[HUAWEI-Vlanif30]ip address 192.168.30.252 24
[HUAWEI-Vlanif30]quit
[HUAWEI]interface Vlanif 40
[HUAWEI-Vlanif40]ip address 192.168.40.252 24
[HUAWEI-Vlanif40]quit
[HUAWEI]interface Vlanif 50
[HUAWEI-Vlanif50]ip address 192.168.50.252 24
[HUAWEI-Vlanif50]quit
[HUAWEI]interface Vlanif 100
[HUAWEI-Vlanif100]ip address 192.168.100.252 24
[HUAWEI-Vlanif100]quit
[HUAWEI]
//与其他交换机互联端口设置:
[HUAWEI]interface Eth-Trunk 1
[HUAWEI-Eth-Trunk1]mode lacp-static
[HUAWEI-Eth-Trunk1]trunkport GE 1/0/1 to 1/0/2
[HUAWEI-Eth-Trunk1]port link-type trunk
[HUAWEI-Eth-Trunk1]port trunk allow-pass vlan 10 20 30 40 50 100
[HUAWEI-Eth-Trunk1]quit
[HUAWEI]interface Eth-Trunk 2
[HUAWEI-Eth-Trunk2]mode lacp-static
[HUAWEI-Eth-Trunk2]trunkport GE 1/0/3 to 1/0/4
[HUAWEI-Eth-Trunk2]port link-type trunk
[HUAWEI-Eth-Trunk2]port trunk allow-pass vlan 10 20 30 40 50 100
[HUAWEI-Eth-Trunk2]quit
[HUAWEI]
//配置MSTP:
[HUAWEI]stp mode mstp
[HUAWEI]stp region-configuration
[HUAWEI-mst-region]instance 1 vlan 10 20 30
[HUAWEI-mst-region]instance 2 vlan 40 50 100
[HUAWEI-mst-region]revision-level 1
[HUAWEI-mst-region]region-name test
[HUAWEI-mst-region]active region-configuration //部分型号没有此命令
[HUAWEI-mst-region]quit
[HUAWEI]
//配置MSTP优先级(方法1):
[HUAWEI]stp instance 1 priority 4096
[HUAWEI]stp instance 2 priority 8192
[HUAWEI]
//配置MSTP优先级(方法2):
[HUAWEI]stp instance 1 root primary
[HUAWEI]stp instance 2 root secondary
[HUAWEI]
//启动生成树协议:
[HUAWEI]stp enable
Warning: The global STP state will be changed. Continue? [Y/N]:Y
[HUAWEI]
//配置VRRP:
[HUAWEI]interface Vlanif 10
[HUAWEI-Vlanif10]vrrp vrid 10 virtual-ip 192.168.10.254
[HUAWEI-Vlanif10]vrrp vrid 10 priority 150
[HUAWEI-Vlanif10]quit
[HUAWEI]interface Vlanif 20
[HUAWEI-Vlanif20]vrrp vrid 20 virtual-ip 192.168.20.254
[HUAWEI-Vlanif20]vrrp vrid 20 priority 150
[HUAWEI-Vlanif20]quit
[HUAWEI]interface Vlanif 30
[HUAWEI-Vlanif30]vrrp vrid 30 virtual-ip 192.168.30.254
[HUAWEI-Vlanif30]vrrp vrid 30 priority 150
[HUAWEI-Vlanif30]quit
[HUAWEI]interface Vlanif 40
[HUAWEI-Vlanif40]vrrp vrid 40 virtual-ip 192.168.40.254
[HUAWEI-Vlanif40]vrrp vrid 40 priority 120
[HUAWEI-Vlanif40]quit
[HUAWEI]interface Vlanif 50
[HUAWEI-Vlanif50]vrrp vrid 50 virtual-ip 192.168.50.254
[HUAWEI-Vlanif50]vrrp vrid 50 priority 120
[HUAWEI-Vlanif50]quit
[HUAWEI]interface Vlanif 100
[HUAWEI-Vlanif100]vrrp vrid 100 virtual-ip 192.168.100.254
[HUAWEI-Vlanif100]vrrp vrid 100 priority 120
[HUAWEI-Vlanif100]return
save
Warning: The current configuration will be written to the device. Continue? [Y/N]:Y
核心交换机1配置完成
核心交换机2配置:
//建立VLAN
system-view immediately //CE系列设备需要增加immediately进入实时生效模式
[HUAWEI]vlan batch 10 20 30 40 50 100
[HUAWEI]
//进入SVI接口配置地址
[HUAWEI]interface Vlanif 10
[HUAWEI-Vlanif10]ip address 192.168.10.253 24
[HUAWEI-Vlanif10]quit
[HUAWEI]interface Vlanif 20
[HUAWEI-Vlanif20]ip address 192.168.20.253 24
[HUAWEI-Vlanif20]quit
[HUAWEI]interface Vlanif 30
[HUAWEI-Vlanif30]ip address 192.168.30.253 24
[HUAWEI-Vlanif30]quit
[HUAWEI]interface Vlanif 40
[HUAWEI-Vlanif40]ip address 192.168.40.253 24
[HUAWEI-Vlanif40]quit
[HUAWEI]interface Vlanif 50
[HUAWEI-Vlanif50]ip address 192.168.50.253 24
[HUAWEI-Vlanif50]quit
[HUAWEI]interface Vlanif 100
[HUAWEI-Vlanif100]ip address 192.168.100.253 24
[HUAWEI-Vlanif100]quit
[HUAWEI]
//与其他交换机互联端口设为Trunk:
[HUAWEI]interface Eth-Trunk 1
[HUAWEI-Eth-Trunk1]mode lacp-static
[HUAWEI-Eth-Trunk1]trunkport GE 1/0/1 to 1/0/2
[HUAWEI-Eth-Trunk1]port link-type trunk
[HUAWEI-Eth-Trunk1]port trunk allow-pass vlan 10 20 30 40 50 100
[HUAWEI-Eth-Trunk1]quit
[HUAWEI]interface Eth-Trunk 2
[HUAWEI-Eth-Trunk2]mode lacp-static
[HUAWEI-Eth-Trunk2]trunkport GE 1/0/3 to 1/0/4
[HUAWEI-Eth-Trunk2]port link-type trunk
[HUAWEI-Eth-Trunk2]port trunk allow-pass vlan 10 20 30 40 50 100
[HUAWEI-Eth-Trunk2]quit
[HUAWEI]
//配置MSTP:
[HUAWEI]stp mode mstp
[HUAWEI]stp region-configuration
[HUAWEI-mst-region]instance 1 vlan 10 20 30
[HUAWEI-mst-region]instance 2 vlan 40 50 100
[HUAWEI-mst-region]revision-level 1
[HUAWEI-mst-region]region-name test
[HUAWEI-mst-region]active region-configuration //部分型号没有此命令
[HUAWEI-mst-region]quit
[HUAWEI]
//配置MSTP优先级(方法1):
[HUAWEI]stp instance 1 priority 8192
[HUAWEI]stp instance 2 priority 4096
[HUAWEI]
//配置MSTP优先级(方法2):
[HUAWEI]stp instance 1 root secondary
[HUAWEI]stp instance 2 root primary
[HUAWEI]
//启动生成树协议:
[HUAWEI]stp enable
Warning: The global STP state will be changed. Continue? [Y/N]:Y
[HUAWEI]
//配置VRRP:
[HUAWEI]interface Vlanif 10
[HUAWEI-Vlanif10]vrrp vrid 10 virtual-ip 192.168.10.254
[HUAWEI-Vlanif10]vrrp vrid 10 priority 120
[HUAWEI-Vlanif10]quit
[HUAWEI]interface Vlanif 20
[HUAWEI-Vlanif20]vrrp vrid 20 virtual-ip 192.168.20.254
[HUAWEI-Vlanif20]vrrp vrid 20 priority 120
[HUAWEI-Vlanif20]quit
[HUAWEI]interface Vlanif 30
[HUAWEI-Vlanif30]vrrp vrid 30 virtual-ip 192.168.30.254
[HUAWEI-Vlanif30]vrrp vrid 30 priority 120
[HUAWEI-Vlanif30]quit
[HUAWEI]interface Vlanif 40
[HUAWEI-Vlanif40]vrrp vrid 40 virtual-ip 192.168.40.254
[HUAWEI-Vlanif40]vrrp vrid 40 priority 150
[HUAWEI-Vlanif40]quit
[HUAWEI]interface Vlanif 50
[HUAWEI-Vlanif50]vrrp vrid 50 virtual-ip 192.168.50.254
[HUAWEI-Vlanif50]vrrp vrid 50 priority 150
[HUAWEI-Vlanif50]quit
[HUAWEI]interface Vlanif 100
[HUAWEI-Vlanif100]vrrp vrid 100 virtual-ip 192.168.100.254
[HUAWEI-Vlanif100]vrrp vrid 100 priority 150
[HUAWEI-Vlanif100]return
save
Warning: The current configuration will be written to the device. Continue? [Y/N]:Y
核心交换机2配置完成
接入交换机配置:
//建立VLAN:
system-view immediately //CE系列设备需要增加immediately进入实时生效模式
[HUAWEI]vlan batch 10 20 30 40 50 100
[HUAWEI]
//将VLAN划分到接口:
[HUAWEI]interface range GE 1/0/1 to GE 1/0/4
[HUAWEI-port-group]port link-type access
[HUAWEI-port-group]port default vlan 10
[HUAWEI-port-group]quit
[HUAWEI]interface range GE 1/0/5 to GE 1/0/8
[HUAWEI-port-group]port link-type access
[HUAWEI-port-group]port default vlan 20
[HUAWEI-port-group]quit
[HUAWEI]interface range GE 1/0/9 to GE 1/0/12
[HUAWEI-port-group]port link-type access
[HUAWEI-port-group]port default vlan 30
[HUAWEI-port-group]quit
[HUAWEI]interface range GE 1/0/13 to GE 1/0/16
[HUAWEI-port-group]port link-type access
[HUAWEI-port-group]port default vlan 40
[HUAWEI-port-group]quit
[HUAWEI]interface range GE 1/0/17 to GE 1/0/20
[HUAWEI-port-group]port link-type access
[HUAWEI-port-group]port default vlan 50
[HUAWEI-port-group]quit
//与其他交换机互联接口设为Trunk:
[HUAWEI]interface Eth-Trunk 1
[HUAWEI-Eth-Trunk1]mode lacp-static
[HUAWEI-Eth-Trunk1]trunkport GE 1/0/21 to 1/0/22
[HUAWEI-Eth-Trunk1]port link-type trunk
[HUAWEI-Eth-Trunk1]port trunk allow-pass vlan 10 20 30 40 50 100
[HUAWEI-Eth-Trunk1]quit
[HUAWEI]interface Eth-Trunk 2
[HUAWEI-Eth-Trunk2]mode lacp-static
[HUAWEI-Eth-Trunk2]trunkport GE 1/0/23 to 1/0/24
[HUAWEI-Eth-Trunk2]port link-type trunk
[HUAWEI-Eth-Trunk2]port trunk allow-pass vlan 10 20 30 40 50 100
[HUAWEI-Eth-Trunk2]quit
//配置MSTP:
[HUAWEI]stp mode mstp
[HUAWEI]stp region-configuration
[HUAWEI-mst-region]instance 1 vlan 10 20 30
[HUAWEI-mst-region]instance 2 vlan 40 50 100
[HUAWEI-mst-region]revision-level 1
[HUAWEI-mst-region]region-name test
[HUAWEI-mst-region]active region-configuration //部分型号没有此命令
[HUAWEI-mst-region]quit
[HUAWEI]
//启动生成树协议:
[HUAWEI]stp enable
Warning: The global STP state will be changed. Continue? [Y/N]:Y
[HUAWEI]
//接入终端接口配置为边缘端口:
[HUAWEI]interface range GE 1/0/1 to GE 1/0/20 //部分型号无法使用range参数进入多个接口
[HUAWEI-port-group]stp edged-port enable
[HUAWEI-port-group]quit
[HUAWEI]
接入交换机配置完成