组网需求
某公司的内部网络分为两种类型的用户:办公区用户和总经办用户。两种用 户分别接入到不同的二层交换机。两台二层交换机采用双上行接入到汇聚交换机(三层交换机),通过汇聚交换机实现链 路和设备的冗余性。两台汇聚交换机接入到同一核心路由器HX-Router。
业务访问需求
1)办公区用户和总经办用户的业务网段分别发布在汇聚交换机L3_SW1和L3_SW2上, 现通过VRRP+MSTP技术实现办公区用户和总经办用户业务段的冗余和负载分担。VRRP要求 如下:
办公区用户业务网段:L3_SW1为Master,L3_SW2为Backup;
总经办用户业务网段:L3_SW1为Backup,L3_SW2为Master。
2)办公区用户与总经办用户在VRRP状态切换前后都能与HX-Router的loopback地址通信。
实验要求
根据现有规划,完成相关设备配置
网络拓扑
配置思路
根据组网的整体需求,需要将办公区和总经办业务分别发布到L3_SW1和L3_SW2,并通过VRRP实现冗余备份,因此,接入交换机到L3_SW1和L3_SW2之间的链路都需要透传办公区和总经办的业务VLAN,并通过MSTP实现防环:办公区的业务VLAN与总经办的业务VLAN分开进行实例映射。
在VRRP+MSTP的组网环境中,MSTP的根桥和备份根桥设定一定要与VRRP的主备同步,即:VRRP的MASTER对应MSTP实例的根桥,VRRP的BACKUP对应MSTP实例的备份根桥。
配置步骤
1、完成终端配置
办公区终端:192.168.100.10/24 网关:192.168.100.254
总经办终端:192.168.101.10/24 网关:192.168.101.254
2、配置二层交换机
L2_SW3
//修改设备名称,创建VLAN Tag
sysname L2_SW3
vlan batch 100
//配置L2_SW3连接办公区用户的接口
interface Ethernet0/0/1
port link-type access
port default vlan 100
//配置L2_SW3连接L3_SW1的接口
interface GigabitEthernet0/0/1
port link-type trunk
undo port trunk allow-pass vlan 1
port trunk allow-pass vlan 100
//配置L2_SW3连接L3_SW2的接口
interface GigabitEthernet0/0/2
port link-type trunk
undo port trunk allow-pass vlan 1
port trunk allow-pass vlan 100
L2_SW4
//修改设备名称,创建VLAN Tag
sysname L2_SW4
vlan batch 101
//配置L2_SW4连接总经办用户的接口
interface Ethernet0/0/1
port link-type access
port default vlan 101
//配置L2_SW4连接L3_SW1的接口
interface GigabitEthernet0/0/1
port link-type trunk
undo port trunk allow-pass vlan 1
port trunk allow-pass vlan 101
//配置L2_SW4连接L3_SW2的接口
interface GigabitEthernet0/0/2
port link-type trunk
undo port trunk allow-pass vlan 1
port trunk allow-pass vlan 101
3、配置汇聚交换机
L3_SW1
//修改设备名称,创建VLAN Tag
sysname L3_SW1
vlan batch 100 to 101
//配置L2_SW4到L3_SW1的接口
interface GigabitEthernet0/0/22
port link-type trunk
undo port trunk allow-pass vlan 1
port trunk allow-pass vlan 101
//配置L2_SW3到L3_SW1的接口
interface GigabitEthernet0/0/23
port link-type trunk
undo port trunk allow-pass vlan 1
port trunk allow-pass vlan 100
//配置L3_SW1到L3_SW2的接口
interface GigabitEthernet0/0/2
port link-type trunk
undo port trunk allow-pass vlan 1
port trunk allow-pass vlan 100 to 101
L3_SW2
//修改设备名称,创建VLAN Tag
sysname L3_SW2
vlan batch 100 to 101
//配置L2_SW4到L3_SW2的接口
interface GigabitEthernet0/0/23
port link-type trunk
undo port trunk allow-pass vlan 1
port trunk allow-pass vlan 101
//配置L2_SW3到L3_SW2的接口
interface GigabitEthernet0/0/22
port link-type trunk
undo port trunk allow-pass vlan 1
port trunk allow-pass vlan 100
//配置L3_SW2到L3_SW2的接口
interface GigabitEthernet0/0/2
port link-type trunk
undo port trunk allow-pass vlan 1
port trunk allow-pass vlan 100 to 101
4、配置二层防环技术
L3_SW1
stp mode mstp
stp region-configuration
region-name HW
instance 1 vlan 100
instance 2 vlan 101
active region-configuration
stp instance 1 root primary
stp instance 2 root secondary
L3_SW2
stp mode mstp
stp region-configuration
region-name HW
instance 1 vlan 100
instance 2 vlan 101
active region-configuration
stp instance 2 root primary
stp instance 1 root secondary
L2_SW3和L2_SW4配置一致
stp mode mstp
stp bpdu-protection
stp region-configuration
region-name HW
instance 1 vlan 100
instance 2 vlan 101
active region-configuration
interface Ethernet0/0/1
stp edged-port enable
5、配置L3层交换机VRRP
L3_SW1
// 配置办公区的三层接口信息
interface Vlanif100
ip address 192.168.100.1 255.255.255.0
vrrp vrid 100 virtual-ip 192.168.100.254
vrrp vrid 100 priority 120
vrrp vrid 100 track interface GigabitEthernet0/0/1 reduced 30
// 配置总经办的三层接口信息
interface Vlanif101
ip address 192.168.101.2 255.255.255.0
vrrp vrid 101 virtual-ip 192.168.101.254
L3_SW2
//配置办公区的三层接口信息
interface Vlanif100
ip address 192.168.100.2 255.255.255.0
vrrp vrid 100 virtual-ip 192.168.100.254
//配置总经办的三层接口信息
interface Vlanif101
ip address 192.168.101.1 255.255.255.0
vrrp vrid 101 virtual-ip 192.168.101.254
vrrp vrid 101 priority 120
vrrp vrid 101 track interface GigabitEthernet0/0/1 reduced 30
验证VRRP配置:display vrrp brief
6、配置汇聚交换机到Router
// 配置L3_SW1到HX-Router
vlan 4000
interface GigabitEthernet0/0/1
port link-type access
port default vlan 4000
interface Vlanif4000
ip address 172.16.0.2 255.255.255.252
ip route-static 8.8.8.8 255.255.255.255 172.16.0.1
// 配置L3_SW2到HX-Router
vlan 4001
interface GigabitEthernet0/0/1
port link-type access
port default vlan 4001
interface Vlanif4001
ip address 172.16.0.6 255.255.255.252
ip route-static 8.8.8.8 255.255.255.255 172.16.0.5
// 配置HX-Router
sysname HX-Router
interface GigabitEthernet0/0/0
ip address 172.16.0.1 255.255.255.252
interface GigabitEthernet0/0/1
ip address 172.16.0.5 255.255.255.252
interface LoopBack0
ip address 8.8.8.8 255.255.255.255
ip route-static 192.168.100.0 255.255.255.0 172.16.0.2
ip route-static 192.168.100.0 255.255.255.0 172.16.0.6 preference 70
ip route-static 192.168.101.0 255.255.255.0 172.16.0.2 preference 70
ip route-static 192.168.101.0 255.255.255.0 172.16.0.6
7、测试配置结果
1、在VRRP正常运行时,与8.8.8.8通信
2、将主用链路中断,查看VRRP是否切换
1.切换办公区的VRRP,在L3_SW1上配置
interface Vlanif100
shutdown
2.切换总经办的VRRP,在L3_SW2上配置
interface Vlanif101
shutdown
3.查看VRRP是否切换
3、测试VRRP切换后业务能否与8.8.8.8通信
注:在VRRP完成主备切换后,业务无法与8.8.8.8通信。通过tracert进行路径跟踪后发现,业务流量能够到达新的MASTER,但从汇聚到HX-Router时出现问题。
故障原因:HX-Router的回程路由还是将业务流量指向了原有的MASTER,导致流量路径不一致。以办公区的流量举例,如下图所示:
解决办法:
方法一:down掉原有主用路由的链路,即可实现浮动路由的切换;
方法二:将路由配置为动态路由,例如:OSPF,即可实现路由的自动切换;
方法三:通过在汇聚与核心建立BFD(双向转发检测),并与核心路由器的静态路由进行联动,即可实现VRRP与回程路由的联动切换。
扫一扫
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
