网络

校园网络升级

Posted by honeyshan on 2024年6月12日 0 Comments

Read Next →

基于vlan的vrrp实现网关的冗余。二层使用MSTP解决二层环路及链路冗余问题,三层使用OSPF动态路由协议维护路由信息。

电信路由器主要配置OSPF,具体的配置如下:

<dx>dis current-configuration 
[V200R003C00]
#
 snmp-agent local-engineid 800007DB03000000000000
 snmp-agent 
#
 clock timezone China-Standard-Time minus 08:00:00
#
portal local-server load flash:/portalpage.zip
#
 drop illegal-mac alarm
#
 wlan ac-global carrier id other ac id 0
#
 set cpu-usage threshold 80 restore 75
#
aaa 
 authentication-scheme default
 authorization-scheme default
 accounting-scheme default
 domain default 
 domain default_admin 
 local-user admin password cipher %$%$K8m.Nt84DZ}e#<0`8bmE3Uw}%$%$
 local-user admin service-type http
#
firewall zone Local
 priority 15
#
interface Ethernet0/0/0
 undo portswitch
 ip address 172.16.16.1 255.255.255.252 
#
interface Ethernet0/0/1
#
interface Ethernet0/0/2
#
interface Ethernet0/0/3
#
interface Ethernet0/0/4
#
interface Ethernet0/0/5
#
interface Ethernet0/0/6
#
interface Ethernet0/0/7
#
interface Ethernet0/0/8
 ip address 172.16.16.9 255.255.255.252 
#
interface NULL0
#
interface LoopBack1
 ip address 10.10.10.10 255.255.255.0 
#
ospf 1 
 area 0.0.0.0 
  network 10.10.10.10 0.0.0.0 
  network 172.16.16.0 0.0.0.255 
#
nqa test-instance ad aa 
 test-type icmp
#
user-interface con 0
 authentication-mode password
user-interface vty 0 4
user-interface vty 16 20
#
wlan ac
#
return
<Huawei>

移动路由器主要配置OSPF,具体的配置如下:

<yd>dis current-configuration 
[V200R003C00]
#
 sysname yd
#
 snmp-agent local-engineid 800007DB03000000000000
 snmp-agent 
#
 clock timezone China-Standard-Time minus 08:00:00
#
portal local-server load flash:/portalpage.zip
#
 drop illegal-mac alarm
#
 wlan ac-global carrier id other ac id 0
#
 set cpu-usage threshold 80 restore 75
#
aaa 
 authentication-scheme default
 authorization-scheme default
 accounting-scheme default
 domain default 
 domain default_admin 
 local-user admin password cipher %$%$K8m.Nt84DZ}e#<0`8bmE3Uw}%$%$
 local-user admin service-type http
#
firewall zone Local
 priority 15
#
interface Ethernet0/0/0
 undo portswitch
 ip address 172.16.16.5 255.255.255.252 
#
interface Ethernet0/0/1
#
interface Ethernet0/0/2
#
interface Ethernet0/0/3
#
interface Ethernet0/0/4
#
interface Ethernet0/0/5
#
interface Ethernet0/0/6
#
interface Ethernet0/0/7
#
interface Ethernet0/0/8
 ip address 172.16.16.13 255.255.255.252 
#
interface NULL0
#
interface LoopBack1
 ip address 11.11.11.11 255.255.255.0 
#
ospf 1 
 area 0.0.0.0 
  network 11.11.11.11 0.0.0.0 
  network 172.16.16.0 0.0.0.255 
#
user-interface con 0
 authentication-mode password
user-interface vty 0 4
user-interface vty 16 20
#
wlan ac
#
return
<yd>

核心交换机R1与R2根据不同的vlan运行两个实例的stp,在每个vlan接口中运行VRRP并调整vrrp的master与stp根桥同时在一台核心交换机上,远程登录验证方面R1使用AAA认证,R2使用password验证,具体的配置如下:

<R1>dis current-configuration 
#
sysname R1
#
vlan batch 11 20 40 to 41 50 171 to 172
#
stp instance 1 priority 4096
#
gvrp
#
cluster enable
ntdp enable
ndp enable
#
drop illegal-mac alarm
#
arp gratuitous-arp send enable
#
dhcp enable
#
diffserv domain default
#
stp region-configuration
 region-name school
 instance 1 vlan 11 to 30
 instance 2 vlan 40 to 50
 active region-configuration
#
drop-profile default
#
ip pool 11
 gateway-list 192.168.11.254
 network 192.168.11.0 mask 255.255.255.0
 excluded-ip-address 192.168.11.129 192.168.11.253
 dns-list 192.168.2.1
#
ip pool 40
 gateway-list 192.168.40.254
 network 192.168.40.0 mask 255.255.255.0
 excluded-ip-address 192.168.40.2
 excluded-ip-address 192.168.40.129 192.168.40.253
 dns-list 192.168.2.1
#
aaa
 authentication-scheme default
 authorization-scheme default
 accounting-scheme default
 domain default
 domain default_admin
 local-user test password cipher ^DR"'-PMWXANZPO3JBXBHA!!
 local-user test privilege level 15
 local-user test service-type telnet
 local-user admin password simple admin
 local-user admin service-type http
#
interface Vlanif1
#
interface Vlanif11
 ip address 192.168.11.1 255.255.255.0
 vrrp vrid 11 virtual-ip 192.168.11.254
 dhcp select global
#
interface Vlanif20
 ip address 192.168.20.1 255.255.255.0
 vrrp vrid 20 virtual-ip 192.168.20.254
#
interface Vlanif40
 ip address 192.168.40.1 255.255.255.0
 vrrp vrid 40 virtual-ip 192.168.40.254
 vrrp vrid 40 priority 80
 vrrp un-check ttl
#
interface Vlanif50
 ip address 192.168.50.1 255.255.255.0
 vrrp vrid 50 virtual-ip 192.168.50.254
 vrrp vrid 50 priority 80
#
interface Vlanif171
 ip address 172.16.16.2 255.255.255.252
#
interface Vlanif172
 ip address 172.16.16.6 255.255.255.252
#
interface MEth0/0/1
#
interface Eth-Trunk1
 port link-type trunk
 port trunk allow-pass vlan 2 to 4094
#
interface GigabitEthernet0/0/1
 port link-type trunk
 port trunk allow-pass vlan 2 to 4094
#
interface GigabitEthernet0/0/2
 port link-type trunk
 port trunk allow-pass vlan 2 to 4094
#
interface GigabitEthernet0/0/3
 port link-type trunk
 port trunk allow-pass vlan 2 to 4094
#
interface GigabitEthernet0/0/4
 port link-type trunk
 port trunk allow-pass vlan 2 to 4094
#
interface GigabitEthernet0/0/5
 port link-type access
 port default vlan 171
#
interface GigabitEthernet0/0/6
 port link-type access
 port default vlan 172
#
interface GigabitEthernet0/0/7
 port link-type trunk
 port trunk allow-pass vlan 2 to 4094
#
interface GigabitEthernet0/0/8
 port link-type trunk
 port trunk allow-pass vlan 2 to 4094
#
interface GigabitEthernet0/0/9
 port link-type trunk
 port trunk allow-pass vlan 2 to 4094
#
interface GigabitEthernet0/0/10
 port link-type trunk
 port trunk allow-pass vlan 2 to 4094
#
interface GigabitEthernet0/0/11
 port link-type trunk
 port trunk allow-pass vlan 2 to 4094
#
interface GigabitEthernet0/0/12
 port link-type trunk
 port trunk allow-pass vlan 2 to 4094
#
interface GigabitEthernet0/0/13
 port link-type trunk
 port trunk allow-pass vlan 2 to 4094
#
interface GigabitEthernet0/0/14
 eth-trunk 1
#
interface GigabitEthernet0/0/15
 eth-trunk 1
#
interface GigabitEthernet0/0/16
#
interface GigabitEthernet0/0/17
#
interface GigabitEthernet0/0/18
#
interface GigabitEthernet0/0/19
#
interface GigabitEthernet0/0/20
#
interface GigabitEthernet0/0/21
#
interface GigabitEthernet0/0/22
#
interface GigabitEthernet0/0/23
#
interface GigabitEthernet0/0/24
#
interface NULL0
#
ospf 1
 area 0.0.0.0
  network 172.16.16.0 0.0.0.255
  network 192.168.0.0 0.0.255.255
#
user-interface con 0
user-interface vty 0 4
 authentication-mode aaa
#
port-group 11
 group-member GigabitEthernet0/0/1
 group-member GigabitEthernet0/0/2
 group-member GigabitEthernet0/0/3
 group-member GigabitEthernet0/0/4
 group-member GigabitEthernet0/0/5
 group-member GigabitEthernet0/0/6
 group-member GigabitEthernet0/0/7
 group-member GigabitEthernet0/0/8
 group-member GigabitEthernet0/0/9
 group-member GigabitEthernet0/0/10
 group-member GigabitEthernet0/0/11
 group-member GigabitEthernet0/0/12
 group-member GigabitEthernet0/0/13
 group-member GigabitEthernet0/0/14
#
port-group trunk
#
return
<R1>

核心交换机R2的配置如下:

<R2>dis current-configuration 
#
sysname R2
#
vlan batch 11 20 40 to 41 50 173 to 174
#
stp instance 2 priority 4096
#
gvrp
#
cluster enable
ntdp enable
ndp enable
#
drop illegal-mac alarm
#
dhcp enable
#
diffserv domain default
#
stp region-configuration
 region-name school
 instance 1 vlan 11 to 30
 instance 2 vlan 40 to 50
 active region-configuration
#
drop-profile default
#
ip pool 11
 gateway-list 192.168.11.254
 network 192.168.11.0 mask 255.255.255.0
 excluded-ip-address 192.168.11.1
 excluded-ip-address 192.168.11.3 192.168.11.128
 dns-list 192.168.2.1
#
aaa
 authentication-scheme default
 authorization-scheme default
 accounting-scheme default
 domain default
 domain default_admin
 local-user admin password simple admin
 local-user admin service-type http
#
interface Vlanif1
#
interface Vlanif11
 ip address 192.168.11.2 255.255.255.0
 vrrp vrid 11 virtual-ip 192.168.11.254
 vrrp vrid 11 priority 80
 dhcp select global
#
interface Vlanif20
 ip address 192.168.20.2 255.255.255.0
 vrrp vrid 20 virtual-ip 192.168.20.254
 vrrp vrid 20 priority 80
#
interface Vlanif40
 ip address 192.168.40.2 255.255.255.0
 vrrp vrid 40 virtual-ip 192.168.40.254
#
interface Vlanif50
 ip address 192.168.50.2 255.255.255.0
 vrrp vrid 50 virtual-ip 192.168.50.254
 vrrp un-check ttl
 arp gratuitous-arp send enable
#
interface Vlanif173
 ip address 172.16.16.10 255.255.255.252
#
interface Vlanif174
 ip address 172.16.16.14 255.255.255.252
#
interface MEth0/0/1
#
interface Eth-Trunk1
 port link-type trunk
 port trunk allow-pass vlan 2 to 4094
#
interface GigabitEthernet0/0/1
 port link-type trunk
 port trunk allow-pass vlan 2 to 4094
#
interface GigabitEthernet0/0/2
 port link-type trunk
 port trunk allow-pass vlan 2 to 4094
#
interface GigabitEthernet0/0/3
 port link-type trunk
 port trunk allow-pass vlan 2 to 4094
#
interface GigabitEthernet0/0/4
 port link-type trunk
 port trunk allow-pass vlan 2 to 4094
#
interface GigabitEthernet0/0/5
 port link-type access
 port default vlan 173
#
interface GigabitEthernet0/0/6
 port link-type access
 port default vlan 174
#
interface GigabitEthernet0/0/7
 port link-type trunk
 port trunk allow-pass vlan 2 to 4094
#
interface GigabitEthernet0/0/8
 port link-type trunk
 port trunk allow-pass vlan 2 to 4094
#
interface GigabitEthernet0/0/9
 port link-type trunk
 port trunk allow-pass vlan 2 to 4094
#
interface GigabitEthernet0/0/10
 port link-type trunk
 port trunk allow-pass vlan 2 to 4094
#
interface GigabitEthernet0/0/11
 port link-type trunk
 port trunk allow-pass vlan 2 to 4094
#
interface GigabitEthernet0/0/12
 port link-type trunk
 port trunk allow-pass vlan 2 to 4094
#
interface GigabitEthernet0/0/13
 port link-type trunk
 port trunk allow-pass vlan 2 to 4094
#
interface GigabitEthernet0/0/14
 eth-trunk 1
#
interface GigabitEthernet0/0/15
 eth-trunk 1
#
interface GigabitEthernet0/0/16
#
interface GigabitEthernet0/0/17
#
interface GigabitEthernet0/0/18
#
interface GigabitEthernet0/0/19
#
interface GigabitEthernet0/0/20
#
interface GigabitEthernet0/0/21
#
interface GigabitEthernet0/0/22
#
interface GigabitEthernet0/0/23
#
interface GigabitEthernet0/0/24
#
interface NULL0
#
ospf 1
 area 0.0.0.0
  network 172.16.16.0 0.0.0.255
  network 192.168.0.0 0.0.255.255
#
user-interface con 0
user-interface vty 0 4
 set authentication password cipher x7(n)=ij79u:|l#3M^#3+fC#
#
port-group 11
 group-member GigabitEthernet0/0/1
 group-member GigabitEthernet0/0/2
 group-member GigabitEthernet0/0/3
 group-member GigabitEthernet0/0/4
 group-member GigabitEthernet0/0/5
 group-member GigabitEthernet0/0/6
 group-member GigabitEthernet0/0/7
 group-member GigabitEthernet0/0/8
 group-member GigabitEthernet0/0/9
 group-member GigabitEthernet0/0/10
 group-member GigabitEthernet0/0/11
 group-member GigabitEthernet0/0/12
 group-member GigabitEthernet0/0/13
 group-member GigabitEthernet0/0/14
#
return
<R2>

接入交换机只配置mstp、vlan及trunk,配置如下:

<class1>dis current-configuration 
#
sysname class1
#
vlan batch 11 40 to 41
#
cluster enable
ntdp enable
ndp enable
#
drop illegal-mac alarm
#
diffserv domain default
#
stp region-configuration
 region-name school
 instance 1 vlan 11 to 30
 instance 2 vlan 40 to 50
 active region-configuration
#
drop-profile default
#
aaa
 authentication-scheme default
 authorization-scheme default
 accounting-scheme default
 domain default
 domain default_admin
 local-user admin password simple admin
 local-user admin service-type http
#
interface Vlanif1
#
interface MEth0/0/1
#
interface GigabitEthernet0/0/1
 port link-type access
 port default vlan 11
 stp disable
#
interface GigabitEthernet0/0/2
 port link-type access
 port default vlan 40
 stp disable
#
interface GigabitEthernet0/0/3
 port link-type access
 port default vlan 41
 stp disable
#
interface GigabitEthernet0/0/4
 port link-type trunk
 port trunk allow-pass vlan 2 to 4094
#
interface GigabitEthernet0/0/5
 port link-type trunk
 port trunk allow-pass vlan 2 to 4094
#
interface GigabitEthernet0/0/6
#
interface GigabitEthernet0/0/7
#
interface GigabitEthernet0/0/8
#
interface GigabitEthernet0/0/9
#
interface GigabitEthernet0/0/10
#
interface GigabitEthernet0/0/11
#
interface GigabitEthernet0/0/12
#
interface GigabitEthernet0/0/13
#
interface GigabitEthernet0/0/14
#
interface GigabitEthernet0/0/15
#
interface GigabitEthernet0/0/16
#
interface GigabitEthernet0/0/17
#
interface GigabitEthernet0/0/18
#
interface GigabitEthernet0/0/19
#
interface GigabitEthernet0/0/20
#
interface GigabitEthernet0/0/21
#
interface GigabitEthernet0/0/22
#
interface GigabitEthernet0/0/23
#
interface GigabitEthernet0/0/24
#
interface NULL0
#
user-interface con 0
user-interface vty 0 4
#
return
<class1>
<class10>dis current-configuration 
#
sysname class10
#
vlan batch 20 40 to 41
#
cluster enable
ntdp enable
ndp enable
#
drop illegal-mac alarm
#
diffserv domain default
#
stp region-configuration
 region-name school
 instance 1 vlan 11 to 30
 instance 2 vlan 40 to 50
 active region-configuration
#
drop-profile default
#
aaa
 authentication-scheme default
 authorization-scheme default
 accounting-scheme default
 domain default
 domain default_admin
 local-user admin password simple admin
 local-user admin service-type http
#
interface Vlanif1
#
interface MEth0/0/1
#
interface GigabitEthernet0/0/1
 port link-type access
 port default vlan 20
 stp disable
#
interface GigabitEthernet0/0/2
 port link-type access
 port default vlan 40
 stp disable
#
interface GigabitEthernet0/0/3
 port link-type access
 port default vlan 41
 stp disable
#
interface GigabitEthernet0/0/4
 port link-type trunk
 port trunk allow-pass vlan 2 to 4094
#
interface GigabitEthernet0/0/5
 port link-type trunk
 port trunk allow-pass vlan 2 to 4094
#
interface GigabitEthernet0/0/6
#
interface GigabitEthernet0/0/7
#
interface GigabitEthernet0/0/8
#
interface GigabitEthernet0/0/9
#
interface GigabitEthernet0/0/10
#
interface GigabitEthernet0/0/11
#
interface GigabitEthernet0/0/12
#
interface GigabitEthernet0/0/13
#
interface GigabitEthernet0/0/14
#
interface GigabitEthernet0/0/15
#
interface GigabitEthernet0/0/16
#
interface GigabitEthernet0/0/17
#
interface GigabitEthernet0/0/18
#
interface GigabitEthernet0/0/19
#
interface GigabitEthernet0/0/20
#
interface GigabitEthernet0/0/21
#
interface GigabitEthernet0/0/22
#
interface GigabitEthernet0/0/23
#
interface GigabitEthernet0/0/24
#
interface NULL0
#
user-interface con 0
user-interface vty 0 4
#
port-group 11
 group-member GigabitEthernet0/0/1
 group-member GigabitEthernet0/0/2
 group-member GigabitEthernet0/0/3
#
return
<class10>
<office>dis current-configuration 
#
sysname office
#
vlan batch 40 to 41 50
#
cluster enable
ntdp enable
ndp enable
#
drop illegal-mac alarm
#
diffserv domain default
#
stp region-configuration
 region-name school
 instance 1 vlan 11 to 30
 instance 2 vlan 40 to 50
 active region-configuration
#
drop-profile default
#
aaa
 authentication-scheme default
 authorization-scheme default
 accounting-scheme default
 domain default
 domain default_admin
 local-user admin password simple admin
 local-user admin service-type http
#
interface Vlanif1
#
interface MEth0/0/1
#
interface GigabitEthernet0/0/1
 port link-type access
 port default vlan 50
 stp disable
#
interface GigabitEthernet0/0/2
 port link-type access
 port default vlan 41
 stp disable
#
interface GigabitEthernet0/0/3
 port link-type trunk
 port trunk allow-pass vlan 2 to 4094
#
interface GigabitEthernet0/0/4
 port link-type access
 port default vlan 40
 stp disable
#
interface GigabitEthernet0/0/5
 port link-type trunk
 port trunk allow-pass vlan 2 to 4094
#
interface GigabitEthernet0/0/6
#
interface GigabitEthernet0/0/7
#
interface GigabitEthernet0/0/8
#
interface GigabitEthernet0/0/9
#
interface GigabitEthernet0/0/10
#
interface GigabitEthernet0/0/11
#
interface GigabitEthernet0/0/12
#
interface GigabitEthernet0/0/13
#
interface GigabitEthernet0/0/14
#
interface GigabitEthernet0/0/15
#
interface GigabitEthernet0/0/16
#
interface GigabitEthernet0/0/17
#
interface GigabitEthernet0/0/18
#
interface GigabitEthernet0/0/19
#
interface GigabitEthernet0/0/20
#
interface GigabitEthernet0/0/21
#
interface GigabitEthernet0/0/22
#
interface GigabitEthernet0/0/23
#
interface GigabitEthernet0/0/24
#
interface NULL0
#
user-interface con 0
user-interface vty 0 4
#
return
<office>

STP生成树选举步骤:

第一步:选择根桥(ROOT)

先比较优先级,后比较MAC地址。如优先级相同再比较MAC地址,数值都是越小越优先,最优者为根桥。

第二步:选择根端口(RP)
在每个非根桥交换机上选择且只能选择一个根端口,根端口就是说去往根桥最近的那个端口;

选举原则如下:

①先比较去往根桥的COST值(开销值);去往根桥方向出接口累加COST值(接口cost值越小,代表越近)(cost值计算:10M接口=100;100M接口=19;1G接口=4;10G接口=2)
②如果COST值相同,比较上联交换机的BID
③如果上联交换机的BID相同则比较其上联交换机接口的 port-id,Port-id由接口优先级和接口编号组成,接口优先级默认128,先比较优先级后比较接口编号,数值小优先

第三步:选择指定端口(DP)
在任意两台交换机之间链路选择且只能选择一个指定端口;根端口的对端为指定端口,指定端口的对端可能是根端口也可能是阻塞端口,阻塞端口的对端一定是指定端口。

选择原则如下:

①先比较两台非根桥交换机的根端口去往ROOT的COST值,谁的RP去往ROOT的COST值小,对应交换机连接的接口为DP接口
②接①如果COST值相同,则比较端口所在的交换机BID
③ 如果BID相同则比较接口自己的port-id,Port-id由接口优先级和接口编号组成,接口优先级默认128,先比较优先级再比较接口编号,数值小优先

第四步:选择阻塞端口

既不是根端口也不是指定端口的为预备阻塞端口(阻塞端口不转发数据帧,破环二层环路)

honeyshan

Read Next →

Leave a Reply

分类

归档