设为首页收藏本站
切换到宽版

祖瑞科技 全国计算机 网络IT运维社区!

 找回密码
 立即注册

QQ登录

只需一步,快速开始

搜索
热搜: 活动 交友 discuz
祖瑞科技 全国计算机 网络IT运维社区!»论坛 网络工程 路由交换 新华三H3C MSTP+VRRP综合配置
返回列表 发新帖
查看: 7506|回复: 0

新华三H3C MSTP+VRRP综合配置

[复制链接]
admin

205

主题

218

帖子

1286

积分

管理员

Rank: 9Rank: 9Rank: 9

积分
1286
发表于 2021-12-16 22:00:39 | 显示全部楼层 |阅读模式
新华三H3C MSTP+VRRP综合配置


JRSW1
<H3C>system-view
[H3C]sysname jrsw1
配置vlan
[jrsw1]vlan 10 20 //创建vlan
[jrsw1]interface range GigabitEthernet 1/0/47 toGigabitEthernet 1/0/48  //进入接口范围视图
[jrsw1-if-range]port link-type trunk  //配置端口链路类型为trunk
[jrsw1-if-range]port trunk permit vlan 10 20  //配置trunk放行的vlan
[jrsw1-if-range]undo port trunk permit vlan 1  //取消trunk默认放行vlan1
[jrsw1-if-range]interface gigabitethernet 1/0/1
[jrsw1-GigabitEthernet1/0/1]port link-type access  //配置端口链路类型为access
[jrsw1-GigabitEthernet1/0/1]port access vlan 10  //配置access默认vlan
[jrsw1-GigabitEthernet1/0/1]quit
[jrsw1-GigabitEthernet1/0/2]port link-type access
[jrsw1-GigabitEthernet1/0/2]port access vlan 20
[jrsw1-GigabitEthernet1/0/2]quit
配置多生成树
[jrsw1]stp mode mstp //配置生成树模式为多生成树
[jrsw1]stp region-configuration  //进入生成树区域配置
[jrsw1-mst-region]region-name vrrp  //配置区域名称
[jrsw1-mst-region]revision-level 1  //修订级别为1
[jrsw1-mst-region]instance 10 vlan 10  //配置实例10映射vlan10
[jrsw1-mst-region]instance 20 vlan 20  //配置实例20映射vlan20
[jrsw1-mst-region]active region-configuration  //激活区域配置
[jrsw1-mst-region]quit
[jrsw1]stp global enable  //开启全局生成树
JRSW2
<H3C>system-view
[H3C]sysname jrsw2
[jrsw2]vlan 10 20
[jrsw2]interface range gigabitethernet 1/0/47 togigabitethernet 1/0/48
[jrsw2-if-range]port link-type trunk
[jrsw2-if-range]port trunk permit vlan 10 20
[jrsw2-if-range]undo port trunk permit vlan 1
[jrsw2-if-range]interface gigabitethernet 1/0/1
[jrsw2-GigabitEthernet1/0/1]port link-type access
[jrsw2-GigabitEthernet1/0/1]port access vlan 20
[jrsw2-GigabitEthernet1/0/1]interface gigabitethernet1/0/2
[jrsw2-GigabitEthernet1/0/2]port link-type access
[jrsw2-GigabitEthernet1/0/2]port access vlan 10
[jrsw2-GigabitEthernet1/0/2]quit
[jrsw2]stp mode mstp
[jrsw2]stp region-configuration
[jrsw2-mst-region]region-name vrrp
[jrsw2-mst-region]revision-level 1
[jrsw2-mst-region]instance 10 vlan 10
[jrsw2-mst-region]instance 20 vlan 20
[jrsw2-mst-region]active region-configuration
[jrsw2-mst-region]quit
[jrsw2]stp global enable
HJSW1
创建VLAN划分接口
[hjsw1]vlan 10
[hjsw1-vlan10]vlan 20
[hjsw1-vlan20]vlan 100
[hjsw1-vlan100]quit
[hjsw1]interface range gigabitethernet 1/0/3 togigabitethernet 1/0/4
[hjsw1-if-range]port link-type trunk
[hjsw1-if-range]port trunk permit vlan 10 20
[hjsw1-if-range]undo port trunk permit vlan 1
[hjsw1-if-range]quit
[hjsw1]interface gigabitethernet 1/0/48
[hjsw1-GigabitEthernet1/0/48]port link-type access
[hjsw1-GigabitEthernet1/0/48]port access vlan 100
[hjsw1-GigabitEthernet1/0/48]quit
创建二层链路聚合接口1
[hjsw1]lacp system-priority 100  //配置交换机链路聚合控制协议的优先级为100;越小优先级越高,默认为32768。
[hjsw1]interface bridge-aggregation 1  //创建二层桥聚合接口
[hjsw1-Bridge-Aggregation1]link-aggregation modedynamic  //链路聚合模式为动态
[hjsw1-Bridge-Aggregation1]link-aggregationselected-port maximum 2  //配置链路聚合最大限度选择两个端口
[hjsw1-Bridge-Aggregation1]quit
接口加入聚合接口
[hjsw1]interface range GigabitEthernet 1/0/10 toGigabitEthernet 1/0/12
[hjsw1-if-range]port link-aggregation group 1  //端口加入链路聚合组
[hjsw1-if-range]quit
[hjsw1]interface range gigabitethernet 1/0/10 togigabitethernet 1/0/11
[hjsw1-if-range]link-aggregation port-priority 100  //配置链路聚合端口优先级为100
[hjsw1-if-range]quit
配置聚合口为Trunk口,并配置放行VLAN
[hjsw1]interface bridge-aggregation 1  //进入二层桥聚合接口
[hjsw1-Bridge-Aggregation1]port link-type trunk  
[hjsw1-Bridge-Aggregation1]port trunk permit vlan 1020
[hjsw1-Bridge-Aggregation1]undo port trunk permit vlan1
[hjsw1-Bridge-Aggregation1]quit
配置上行接口
[hjsw1]interface vlan-interface 100  //进入逻辑三层接口vlanif100
[hjsw1-Vlan-interface100]ip address 172.16.100.2 24  //配置接口地址
创建Track项1,监视上行接口的物理状态
[hjsw1]track 1 interface vlan-interface 100  //配置对上行vlanif100接口进行跟踪
[hjsw1-track-1]quit
创建vrrp组10,配置HJSW1在备份组1中的优先级为110
[hjsw1]interface vlan-interface 10
[hjsw1-Vlan-interface10]ip address 192.168.10.2 24
[hjsw1-Vlan-interface10]vrrp vrid 10 virtual-ip192.168.10.1  //接口加入vrrp并配置虚拟网关地址
[hjsw1-Vlan-interface10]vrrp vrid 10 priority 110  //配置vrrp的优先级(默认100)数值大为master
配置vrrp备份组1监视track项1的状态,当Track项上行down掉时,HJSW1在备份组中的优先级降低20;使得HJSW2的优先组高于1,成为新Master。
[hjsw1-Vlan-interface10]vrrp vrid 10 track 1 weightreduced 20  //配置当上行链路down掉时,将vrrp优先级降低20,即110-20=90,低于对端100,即对端成为master
[hjsw1-Vlan-interface10]quit
创建vrrp组20
[hjsw1]interface vlan-interface 20
[hjsw1-Vlan-interface20]ip address 192.168.20.2 24
[hjsw1-Vlan-interface20]vrrp vrid 20 virtual-ip 192.168.20.1
[hjsw1-Vlan-interface20]quit
配置MSTP
[hjsw1]stp mode mstp
[hjsw1]stp region-configuration
[hjsw1-mst-region]region-name vrrp
[hjsw1-mst-region]revision-level 1
[hjsw1-mst-region]instance 10 vlan 10
[hjsw1-mst-region]instance 20 vlan 20
[hjsw1-mst-region]active region-configuration
[hjsw1-mst-region]quit
[hjsw1]stp instance 10 root primary
[hjsw1]stp instance 20 root secondary
[hjsw1]stp global enable
在上行口关闭STP功能
[hjsw1]interface gigabitethernet 1/0/48
[hjsw1-GigabitEthernet1/0/48]undo stp enable
[hjsw1-GigabitEthernet1/0/48]quit
配置OSPF发布网段路由
[hjsw1]ospf
[hjsw1-ospf-1]area 0
[hjsw1-ospf-1-area-0.0.0.0]network 172.16.100.00.0.0.255
[hjsw1-ospf-1-area-0.0.0.0]network 192.168.10.00.0.0.255
[hjsw1-ospf-1-area-0.0.0.0]network 192.168.20.00.0.0.255
[hjsw1-ospf-1-area-0.0.0.0]network 101.101.101.1010.0.0.255
[hjsw1-ospf-1-area-0.0.0.0]quit
[hjsw1-ospf-1]quit   
配置默认路由
[hjsw1]ip route-static 0.0.0.0 0.0.0.0 172.16.100.1
配置DHCP中继
[hjsw1]dhcp enable //开启dhcp功能
[hjsw1]interface vlan-interface 10
[hjsw1-Vlan-interface10]dhcp select relay  //接口选择dhcp中继
[hjsw1-Vlan-interface10]dhcp relay server-address172.16.100.1  //配置中继dhcp的服务地址
[hjsw1-Vlan-interface10]interface vlan-interface 20
[hjsw1-Vlan-interface20]dhcp select relay
[hjsw1-Vlan-interface20]dhcp relay server-address172.16.100.1
[hjsw1-Vlan-interface20]quit
配置环回口作为管理地址及配置管理功能
[hjsw1]telnet server enable  //开启telnet远程
[hjsw1-LoopBack0]ip address 101.101.101.101 32
[hjsw1-LoopBack0]quit
[hjsw1]user-interface vty 0 4  //进入vty用户视图
[hjsw1-line-vty0-4]authentication-mode scheme  //配置身份认证模式为计划(AAA)
[hjsw1-line-vty0-4]quit
[hjsw1]local-user zurkj  //创建本地用户
[hjsw1-luser-manage-zurkj]password simple Aleadmin1234  //配置用户密码(简单)
[hjsw1-luser-manage-zurkj]authorization-attributeuser-role network-admin  //配置授权属性 用户角色为网络管理员(level 15)
[hjsw1-luser-manage-zurkj]service-type telnet terminal  //配置服务类型为telnet及终端(console)
[hjsw1-luser-manage-zurkj]quit
[hjsw1]user-interface console 0  //进入console
[hjsw1-line-console0]authentication-mode scheme
[hjsw1-line-console0]quit
配置登录设备头部信息
[hjsw1]header login "Welcome to ipgzj.com"
[hjsw1]header shell "Welcome to zurkj.com"
开启telnet远程服务
[hjsw1]telnet server enable
HJSW2
创建VLAN划分接口
<H3C>system-view
[H3C]sysname hjsw2
[hjsw2]vlan 10
[hjsw2-vlan10]vlan 20
[hjsw2-vlan20]vlan 101
[hjsw2-vlan101]quit
[hjsw2]interface range gigabitethernet 1/0/3 togigabitethernet 1/0/4
[hjsw2-if-range]port link-type trunk
[hjsw2-if-range]port trunk permit vlan 10 20
[hjsw2-if-range]undo port trunk permit vlan 1
[hjsw2-if-range]interface gigabitethernet 1/0/48
[hjsw2-GigabitEthernet1/0/48]port link-type trunk
[hjsw2-GigabitEthernet1/0/48]port trunk pvid vlan 101
[hjsw2-GigabitEthernet1/0/48]port trunk permit vlan101
[hjsw2-GigabitEthernet1/0/48]undo port trunk permitvlan 1
[hjsw2-GigabitEthernet1/0/48]undo stp enable
[hjsw2-GigabitEthernet1/0/48]quit
创建二层链路聚合接口1
[hjsw2]interface bridge-aggregation 1
[hjsw2-Bridge-Aggregation1]link-aggregation modedynamic
[hjsw2-Bridge-Aggregation1]link-aggregationselected-port maximum 2
接口加入聚合接口
[hjsw2-Bridge-Aggregation1]interface rangegigabitethernet 1/0/10 to gigabitethernet 1/0/12
[hjsw2-if-range]port link-aggregation group 1
[hjsw2-if-range]quit
配置聚合口为Trunk口,并配置放行VLAN
[hjsw2]interface Bridge-Aggregation 1
[hjsw2-Bridge-Aggregation1]port link-type trunk
[hjsw2-Bridge-Aggregation1]port trunk permit vlan 1020
[hjsw2-Bridge-Aggregation1]undo port trunk permit vlan1
[hjsw2-Bridge-Aggregation1]quit
配置上行接口
[hjsw2]interface vlan-interface 101
[hjsw2-Vlan-interface101]ip address 172.16.101.2 24
[hjsw2-Vlan-interface101]quit
创建Track项1,监视上行接口的物理状态
[hjsw2]track 1 interface vlan-interface 101
[hjsw2-track-1]quit
创建vrrp组10,配置HJSW2在备份组10中的优先级为默认100
[hjsw2]interface vlan-interface 10
[hjsw2-Vlan-interface10]ip address 192.168.10.3 24
[hjsw2-Vlan-interface10]vrrp vrid 10 virtual-ip192.168.10.1
[hjsw2-Vlan-interface10]quit
创建vrrp组20,配置HJSW2在备份组20中的优先级为110
[hjsw2]interface vlan-interface 20
[hjsw2-Vlan-interface20]ip address 192.168.20.3 24
[hjsw2-Vlan-interface20]vrrp vrid 20 virtual-ip192.168.20.1
[hjsw2-Vlan-interface20]vrrp vrid 20 priority 110
配置vrrp备份组20监视track项1的状态,当Track项上行down掉时,HJSW2在备份组中的优先级降低20;使得HJSW2的优先组高于HJSW1,成为新Master。
[hjsw2-Vlan-interface20]vrrp vrid 20 track 1 weightreduced 20
[hjsw2-Vlan-interface20]quit
配置MSTP
[hjsw2]stp mode mstp
[hjsw2]stp region-configuration
[hjsw2-mst-region]region-name vrrp
[hjsw2-mst-region]revision-level 1
[hjsw2-mst-region]instance 10 vlan 10
[hjsw2-mst-region]instance 20 vlan 20
[hjsw2-mst-region]active region-configuration
[hjsw2]stp instance 10 root secondary
[hjsw2]stp instance 20 root primary
[hjsw2]stp global enable
在上行口关闭STP功能
[hjsw2]interface GigabitEthernet 1/0/48
[hjsw2-GigabitEthernet1/0/48]undo stp enable
[hjsw2-GigabitEthernet1/0/48]quit
配置OSPF发布网段路由
[hjsw2]ospf 1
[hjsw2-ospf-1]area 0
[hjsw2-ospf-1-area-0.0.0.0]network 192.168.10.00.0.0.255
[hjsw2-ospf-1-area-0.0.0.0]network 192.168.20.00.0.0.255
[hjsw2-ospf-1-area-0.0.0.0]network 172.16.101.00.0.0.255
[hjsw2-ospf-1-area-0.0.0.0]network 102.102.102.1020.0.0.0
[hjsw2-ospf-1-area-0.0.0.0]quit
[hjsw2-ospf-1]quit
配置默认路由
[hjsw2]ip route-static 0.0.0.0 0.0.0.0 172.16.101.1
配置DHCP中继
[hjsw2]dhcp enable
[hjsw2]interface vlan-interface 10
[hjsw2-Vlan-interface10]dhcp select relay
[hjsw2-Vlan-interface10]dhcp relay server-address 172.16.101.1
[hjsw2-Vlan-interface10]interface vlan-interface 20
[hjsw2-Vlan-interface20]dhcp select relay
[hjsw2-Vlan-interface20]dhcp relay server-address172.16.101.1
[hjsw2-Vlan-interface20]quit
配置环回口作为管理地址及配置管理功能
[hjsw2]interface loopback 0
[hjsw2-LoopBack0]ip address 102.102.102.102 32
[hjsw2-LoopBack0]quit
[hjsw2]user-interface vty 0 4
[hjsw2-line-vty0-4]authentication-mode scheme
[hjsw2-line-vty0-4]quit
[hjsw2]user-interface console 0
[hjsw2-line-console0]authentication-mode scheme
[hjsw2-line-console0]quit
[hjsw2]local-user zurkj
[hjsw2-luser-manage-zurkj]password simple Admin1234
[hjsw2-luser-manage-zurkj]service-type telnet terminal
[hjsw2-luser-manage-zurkj]authorization-attributeuser-role network-admin
[hjsw2-luser-manage-zurkj]quit
配置登录设备头部信息
[hjsw2]header login "Welcome to ipgzj.com"
[hjsw2]header shell "Welcome to zurkj.com"
开启telnet远程服务
[hjsw2]telnet server enable
R1
基本配置
<H3C>system-view
[H3C]sysname r1
[r1]interface gigabitethernet 0/0
[r1-GigabitEthernet0/0]ip address 172.16.100.1 24
[r1-GigabitEthernet0/0]interface gigabitethernet 0/1
[r1-GigabitEthernet0/1]ip address 172.16.101.1 24
[r1-GigabitEthernet0/1]quit
[r1]interface gigabitethernet 0/2
[r1-GigabitEthernet0/2]ip address 200.1.1.2 24
[r1-GigabitEthernet0/2]quit
[r1]interface LoopBack 0
[r1-LoopBack0]ip address 100.100.100.100 32
[r1-LoopBack0]quit
配置DHCP服务
[r1]dhcp enable
[r1]dhcp server ip-pool vlan10
[r1-dhcp-pool-vlan10]network 192.168.10.0 mask255.255.255.0
[r1-dhcp-pool-vlan10]dns-list 114.114.114.114 8.8.8.8
[r1-dhcp-pool-vlan10]expired day 2 hour 2 minute 2second 2
[r1-dhcp-pool-vlan10]forbidden-ip-range 192.168.10.200192.168.10.254
[r1-dhcp-pool-vlan10]quit
[r1]dhcp server ip-pool vlan20
[r1-dhcp-pool-vlan20]gateway-list 192.168.20.1
[r1-dhcp-pool-vlan20]network 192.168.20.0 mask255.255.255.0
[r1-dhcp-pool-vlan20]dns-list 114.114.114.114 8.8.8.8
[r1-dhcp-pool-vlan20]expired day 2 hour 2 minute 2second 2
[r1-dhcp-pool-vlan20]forbidden-ip-range 192.168.20.200192.168.20.254
[r1-dhcp-pool-vlan20]quit
接口应用DHCP
[r1]interface GigabitEthernet 0/0
[r1-GigabitEthernet0/0]dhcp select server
[r1-GigabitEthernet0/0]interface gigabitethernet 0/1
[r1-GigabitEthernet0/1]dhcp select server
[r1-GigabitEthernet0/1]quit
配置OSPF
[r1]ospf 1
[r1-ospf-1]area 0
[r1-ospf-1-area-0.0.0.0]network 172.16.100.0 0.0.0.255
[r1-ospf-1-area-0.0.0.0]network 172.16.200.0 0.0.0.255
[r1-ospf-1-area-0.0.0.0]network 100.100.100.100 0.0.0.0
[r1-ospf-1-area-0.0.0.0]quit
[r1-ospf-1]quit
配置默认路由
[r1]ip route-static 0.0.0.0 0.0.0.0 200.1.1.2
[r1]nat address-group 1
[r1-address-group-1]address 200.1.1.10 200.1.1.20
[r1-address-group-1]quit
配置NAT转换
[r1]acl number 2000
[r1-acl-ipv4-basic-2000]step 20
[r1-acl-ipv4-basic-2000]rule 20  permit source any
[r1]interface gigabitethernet 0/2
[r1-GigabitEthernet0/2]nat outbound address-group 1
[r1-GigabitEthernet0/2]quit
配置设备管理用户
[r1]user-interface vty 0 4
[r1-line-vty0-4]authentication-mode scheme
[r1-line-vty0-4]quit
[r1]user-interface console 0
[r1-line-console0]authentication-mode scheme
[r1-line-console0]quit
[r1]local-user zurkj
[r1-luser-manage-zurkj]password simple Admin1234
[r1-luser-manage-zurkj]service-type telnet terminal
[r1-luser-manage-zurkj]authorization-attributeuser-role network-admin
[r1-luser-manage-zurkj]quit
打开远程服务
[r1]telnet server enable
Network
<H3C>system-view
[H3C]sysname network
[network]interface gigabitethernet 0/0
[network-GigabitEthernet0/0]ip address 200.1.1.1 24
[network-GigabitEthernet0/0]interface loopback 0
[network-LoopBack0]ip address 200.200.200.200 32
[network-LoopBack0]quit


本帖子中包含更多资源

您需要 登录 才可以下载或查看,没有账号?立即注册

x
祖瑞(上海)网络科技有限公司
我们在全国范围提供企业IT运维、网络工程、弱电安装、监控安防、计算机产品收售、办公设备耗材等服务!
期待与您的合作!
邮箱:sanne@zurkj.com
电话:021-51850021 18918292296
回复

使用道具 举报

返回列表 发新帖
高级模式
B Color Image Link Quote Code Smilies
您需要登录后才可以回帖 登录 | 立即注册

本版积分规则

公司网站

扫一扫加站主微信

QQ|Archiver|手机版|小黑屋|祖瑞科技 全国计算机 网络IT运维社区! ( 沪ICP备16021636号-2 )

GMT+8, 2024-11-25 21:17 , Processed in 0.042141 second(s), 20 queries .

Powered by Discuz! X3.4

Copyright © 2001-2021, Tencent Cloud.

快速回复 返回顶部 返回列表