如何利用华为交换机配置MSTP+VRRP的实验之一

一、实验拓扑图如下

 

 

二、实验简介

从拓扑可以看到，我是利用两个华为S5700作为主备核心，在其上建立vlan 20和30 作为业务vlan，建立vlan100 作为心跳vlan；利用华为S3700作为接入交换机，直接和PC相连，在S3700上建立Vlan20和Vlan30等业务vlan。

三、具体规划配置如下

在S5700-Master规划如下：

1、创建vlan 10

interface vlanif 10 ：192.168.10.1  24

Virtual IP : 192.168.10.254

2、创建vlan 20

interface vlanif 20：192.168.20.1 24

Virtual IP : 192.168.20.254

3、创建vlan 100

interface vlanif 100：100.100.100.1 24

4、创建interface Eth-Trunk 1，并配置为Trunk，只允许vlan100通过，将GE0/0/1和GE0/0/2端口加入到Eth-Trunk1中。

5、配置GE0/0/3和GE0/0/4的端口类型为Trunk端口，为了精确只允许业务Vlan通过

在S5700-Backup规划如下：

1、创建vlan 10

interface vlanif 10 ：192.168.10.2  24

Virtual IP : 192.168.10.254

2、创建vlan 20

interface vlanif 20：192.168.20.2 24

Virtual IP : 192.168.20.254

3、创建vlan 100

interface vlanif 100：100.100.100.2 24

4、创建interface Eth-Trunk 1，并配置为Trunk，只允许vlan100通过，将GE0/0/1和GE0/0/2端口加入到Eth-Trunk1中。

5、配置GE0/0/3和GE0/0/4的端口类型为Trunk端口，为了精确，只允许业务Vlan通过。

备注：1、在S5700交换机与S3700交换机相连的端口上开启STP，其模式是MSTP，默认的情况下华为交换机是开启的，如果没有开启，请手动开启；

S3700A配置规划如下：

1、创建vlan 10 20 ；

2、将Ethernet0/0/3和Ethernet0/0/4的端口类型为Trunk，只要允许业务vlan10 和vlan20 通过即可；

S3700B配置规划如下：

1、创建vlan 10 20 ；

2、将Ethernet0/0/3和Ethernet0/0/4的端口类型为Trunk，只要允许业务vlan10 和vlan20 通过即可；

四、具体配置如下

1、S5700_Master的配置

<A>dis cu
#
sysname A
#
undo info-center enable
#
vlan batch 10 20 100
#
cluster enable
ntdp enable
ndp enable
#
drop illegal-mac alarm
#
diffserv domain default
#
drop-profile default
#
aaa
 authentication-scheme default
 authorization-scheme default
 accounting-scheme default
 domain default
 domain default_admin
 local-user admin password simple admin
 local-user admin service-type http
#
interface Vlanif1
#
interface Vlanif10
 ip address 192.168.10.1 255.255.255.0
 vrrp vrid 10 virtual-ip 192.168.10.254
 vrrp vrid 10 priority 120
 vrrp vrid 10 preempt-mode timer delay 5
#
interface Vlanif20
 ip address 192.168.20.1 255.255.255.0
 vrrp vrid 20 virtual-ip 192.168.20.254
 vrrp vrid 20 priority 120
 vrrp vrid 20 preempt-mode timer delay 5
#
interface Vlanif100
 ip address 100.100.100.1 255.255.255.0
#
interface MEth0/0/1
#
interface Eth-Trunk1
 port link-type trunk
 port trunk allow-pass vlan 100
#
interface GigabitEthernet0/0/1
 eth-trunk 1
#
interface GigabitEthernet0/0/2
 eth-trunk 1
#
interface GigabitEthernet0/0/3
 port link-type trunk
 port trunk allow-pass vlan 10 20
#
interface GigabitEthernet0/0/4
 port link-type trunk
 port trunk allow-pass vlan 10 20
interface NULL0
#
user-interface con 0
user-interface vty 0 4
#
return
<A>
2、S5700_Backup的配置
<B>dis cu
#
sysname B
#
undo info-center enable
#
vlan batch 10 20 100
#
cluster enable
ntdp enable
ndp enable
#
drop illegal-mac alarm
#
diffserv domain default
#
drop-profile default
#
aaa
 authentication-scheme default
 authorization-scheme default
 accounting-scheme default
 domain default
 domain default_admin
 local-user admin password simple admin
 local-user admin service-type http
#
interface Vlanif1
#
interface Vlanif10
 ip address 192.168.10.2 255.255.255.0
 vrrp vrid 10 virtual-ip 192.168.10.254
#
interface Vlanif20
 ip address 192.168.20.2 255.255.255.0
 vrrp vrid 20 virtual-ip 192.168.20.254
#
interface Vlanif100
 ip address 100.100.100.2 255.255.255.0
#
interface MEth0/0/1
#
interface Eth-Trunk1
 port link-type trunk
 port trunk allow-pass vlan 100
#
interface GigabitEthernet0/0/1
 eth-trunk 1
#
interface GigabitEthernet0/0/2
 eth-trunk 1
#
interface GigabitEthernet0/0/3
 port link-type trunk
 port trunk allow-pass vlan 10 20
#
interface GigabitEthernet0/0/4
 port link-type trunk
 port trunk allow-pass vlan 10 20
#
user-interface con 0
user-interface vty 0 4
#
return
<B>
3、S3700A的配置

<S3700A>dis cu
#
sysname S3700A
#
undo info-center enable
#
vlan batch 10 20
#
cluster enable
ntdp enable
ndp enable
#
drop illegal-mac alarm
#
diffserv domain default
#
drop-profile default
#
aaa
 authentication-scheme default
 authorization-scheme default
 accounting-scheme default
 domain default
 domain default_admin
 local-user admin password simple admin
 local-user admin service-type http
#
interface Vlanif1
#
interface MEth0/0/1
#
interface Ethernet0/0/1
 port link-type access
 port default vlan 10
#
interface Ethernet0/0/2
#
interface Ethernet0/0/3
 port link-type trunk
 port trunk allow-pass vlan 10 20
#
interface Ethernet0/0/4
 port link-type trunk
 port trunk allow-pass vlan 10 20
#
user-interface con 0
user-interface vty 0 4
#
return
<S3700A>

4、S3700B的配置如下

<S3700B>dis cu
#
sysname S3700B
#
undo info-center enable
#
vlan batch 10 20
#
cluster enable
ntdp enable
ndp enable
#
drop illegal-mac alarm
#
diffserv domain default
#
drop-profile default
#
aaa
 authentication-scheme default
 authorization-scheme default
 accounting-scheme default
 domain default
 domain default_admin
 local-user admin password simple admin
 local-user admin service-type http
#
interface Vlanif1
#
interface MEth0/0/1
#
interface Ethernet0/0/1
 port link-type access
 port default vlan 20
#
interface Ethernet0/0/2
#
interface Ethernet0/0/3
 port link-type trunk
 port trunk allow-pass vlan 10 20
#
interface Ethernet0/0/4
 port link-type trunk
 port trunk allow-pass vlan 10 20
#
user-interface con 0
user-interface vty 0 4
#
return
<S3700B>
五、利用display命令查看VRRP的运行情况
<B>dis vrrp
  Vlanif10 | Virtual Router 10
    State : Backup
    Virtual IP : 192.168.10.254
    Master IP : 192.168.10.1
    PriorityRun : 100
    PriorityConfig : 100
    MasterPriority : 120
    Preempt : YES   Delay Time : 0 s
    TimerRun : 1 s
    TimerConfig : 1 s
    Auth type : NONE
    Virtual MAC : 0000-5e00-010a
    Check TTL : YES
    Config type : normal-vrrp
    Create time : 2012-11-21 17:02:12 UTC-08:00
    Last change time : 2012-11-21 17:05:36 UTC-08:00

  Vlanif20 | Virtual Router 20
    State : Backup
    Virtual IP : 192.168.20.254
    Master IP : 192.168.20.1
    PriorityRun : 100
    PriorityConfig : 100
    MasterPriority : 120
    Preempt : YES   Delay Time : 0 s
    TimerRun : 1 s
    TimerConfig : 1 s
    Auth type : NONE
    Virtual MAC : 0000-5e00-0114
    Check TTL : YES
    Config type : normal-vrrp
    Create time : 2012-11-21 17:02:12 UTC-08:00
    Last change time : 2012-11-21 17:05:36 UTC-08:00

<B>
<A>dis vrrp
  Vlanif10 | Virtual Router 10
    State : Master
    Virtual IP : 192.168.10.254
    Master IP : 192.168.10.1
    PriorityRun : 120
    PriorityConfig : 120
    MasterPriority : 120
    Preempt : YES   Delay Time : 5 s
    TimerRun : 1 s
    TimerConfig : 1 s
    Auth type : NONE
    Virtual MAC : 0000-5e00-010a
    Check TTL : YES
    Config type : normal-vrrp
    Create time : 2012-11-21 17:05:18 UTC-08:00
    Last change time : 2012-11-21 17:05:35 UTC-08:00

  Vlanif20 | Virtual Router 20
    State : Master
    Virtual IP : 192.168.20.254
    Master IP : 192.168.20.1
    PriorityRun : 120
    PriorityConfig : 120
    MasterPriority : 120
    Preempt : YES   Delay Time : 5 s
    TimerRun : 1 s
    TimerConfig : 1 s
    Auth type : NONE
    Virtual MAC : 0000-5e00-0114
    Check TTL : YES
    Config type : normal-vrrp
    Create time : 2012-11-21 17:05:18 UTC-08:00
    Last change time : 2012-11-21 17:05:35 UTC-08:00

<A>

怎么样，你学会了吗，这个比较简单，可能有不完善的地方，大家看到后可以留言，我必定加以完善。