配置区域1
1.接入层配置
汇聚层 接入层都创建vlan2 - 10
lsw7
划分vlan
port-group group-member g0/0/3 to g0/0/10
port link-type access
port defaul vlan 2
stp edged-port enable //边缘接口
port-group group-member g0/0/11 to g0/0/20
port link-type access
port defaul vlan 3
stp edged-port enable //边缘接口
关闭未使用接口
port-group group-member g0/0/21 to g0/0/24
shutdown
上行接口
port-group group-member g0/0/1 to g0/0/2
port link-type trunk
port trunk allow-pass vlan 2 to 3
undo port trunk allow-pass vlan 1
lsw8
划分vlan
port-group group-member g0/0/3 to g0/0/10
port link-type access
port defaul vlan 3
stp edged-port enable //边缘接口
port-group group-member g0/0/11 to g0/0/20
port link-type access
port defaul vlan 4
stp edged-port enable //边缘接口
关闭未使用接口
port-group group-member g0/0/21 to g0/0/24
shutdown
上行接口
port-group group-member g0/0/1 to g0/0/2
port link-type trunk
port trunk allow-pass vlan 3 to 4
undo port trunk allow-pass vlan 1
lsw9
划分vlan
port-group group-member g0/0/3 to g0/0/10
port link-type access
port defaul vlan 5
stp edged-port enable //边缘接口
port-group group-member g0/0/11 to g0/0/20
port link-type access
port defaul vlan 6
stp edged-port enable //边缘接口
关闭未使用接口
port-group group-member g0/0/21 to g0/0/24
shutdown
上行接口trunk干道
port-group group-member g0/0/1 to g0/0/2
port link-type trunk
port trunk allow-pass vlan 5 to 6
undo port trunk allow-pass vlan 1
lsw10
划分vlan
port-group group-member g0/0/3 to g0/0/10
port link-type access
port defaul vlan 6
stp edged-port enable //边缘接口
port-group group-member g0/0/11 to g0/0/20
port link-type access
port defaul vlan 7
stp edged-port enable //边缘接口
关闭未使用接口
port-group group-member g0/0/21 to g0/0/24
shutdown
上行接口trunk干道
port-group group-member g0/0/1 to g0/0/2
port link-type trunk
port trunk allow-pass vlan 6 to 7
undo port trunk allow-pass vlan 1
2.汇聚层配置
lsw3和lsw4接口聚合
lsw3
interface Eth-Trunk 1
trunkport g0/0/3
trunkport g0/0/4
port link-type trunk
undo port trunk allow-pass vlan 1
port trunk allow-pass vlan 2 to 10
lsw4
interface Eth-Trunk 1
trunkport g0/0/3
trunkport g0/0/5
port link-type trunk
undo port trunk allow-pass vlan 1
port trunk allow-pass vlan 2 to 10
lsw3和lsw4的下行接口
lsw3
interface GigabitEthernet0/0/5
port link-type trunk
undo port trunk allow-pass vlan 1
port trunk allow-pass vlan 2 to 3
interface GigabitEthernet0/0/6
port link-type trunk
undo port trunk allow-pass vlan 1
port trunk allow-pass vlan 3 to 4
interface GigabitEthernet0/0/7
port link-type trunk
undo port trunk allow-pass vlan 1
port trunk allow-pass vlan 5 to 6
interface GigabitEthernet0/0/8
port link-type trunk
undo port trunk allow-pass vlan 1
port trunk allow-pass vlan 6 to 7
lsw4
interface GigabitEthernet0/0/4
port link-type trunk
undo port trunk allow-pass vlan 1
port trunk allow-pass vlan 2 to 3
interface GigabitEthernet0/0/6
port link-type trunk
undo port trunk allow-pass vlan 1
port trunk allow-pass vlan 3 to 4
interface GigabitEthernet0/0/7
port link-type trunk
undo port trunk allow-pass vlan 1
port trunk allow-pass vlan 5 to 6
interface GigabitEthernet0/0/8
port link-type trunk
undo port trunk allow-pass vlan 1
port trunk allow-pass vlan 6 to 7
实际工程可使用:
lldp enable//开启邻居发现协议
可以使用邻居发现协议检测所有连线是否正确
dis lldp neighbor brief
3.生成树配置
六台都配置
stp mode mstp
stp enable
stp region-configuration
instance 1 vlan 2 3 4
instance 2 vlan 5 6 7
region-name A1
active region-configuration
lsw3
stp instance 1 root primary
stp instance 2 root secondary
vlan1 和 vlan8 9 10的跟都在instance 0 里面
stp instance 0 root primary
lsw4
stp instance 2 root primary
stp instance 1 root secondary
vlan1 和 vlan8 9 10的跟都在instance 0 里面
stp instance 0 root secondary
|
| | |
|--|--|
| | |
| |
|--|--|
| | |
检查接口
display stp brief
在lsw3上配置vlan 2 3 4的主网关
int vlan 2
ip add 10.1.2.2 24
lsw4配置vlan 2 3 4的备网关
int vlan 2
ip address 10.1.2.3 24
lsw3上配置虚网关(主网关)
int vlan 2
vrrp vrid 1 virtual-ip 10.1.2.1
vrrp vrid 1 priority 120 //主网关优先级
在lsw3上监控上行链路,在上两根线都挂的情况下可以切下面接入层的网关
一根线挂了的情况下不会切,必须两根都挂了才切
100是切换的临界值
int vlan 2
vrrp vrid 1 track interface g0/0/1 reduced 15
vrrp vrid 1 track interface g0/0/2 reduced 15
lsw4
int vlan 2
vrrp vrid 1 virtual-ip 10.1.2.1
为了安全可配认证
vrrp vrid 1 authentication-mode md5 123
vlan 5的
lsw4
interface Vlanif5
ip address 10.1.5.2 255.255.255.0
vrrp vrid 1 virtual-ip 10.1.5.1
vrrp vrid 1 priority 120
vrrp vrid 1 track interface GigabitEthernet0/0/1 reduced 15
vrrp vrid 1 track interface GigabitEthernet0/0/2 reduced 15
vrrp vrid 1 authentication-mode md5 123
lsw3
interface Vlanif5
ip address 10.1.5.3 255.255.255.0
vrrp vrid 1 virtual-ip 10.1.5.1
vrrp vrid 1 authentication-mode md5 123
dis vrrp
配置核心层
真机可以
undo portswith 相当于在交换机上起一个4000以上的vlan,再去配置IP
lsw3
vlan 20
int g0/0/1
port link-type access
port default vlan 20
int vlan 20
ip add 10.0.20.2 24
lsw1
vlan 20
int g0/0/4
port link-type access
port default vlan 20
int vlan 20
ip add 10.0.20.1 24
未
lsw3
vlan 23
int g0/0/2
port link-type access
port default vlan 23
int vlan 23
ip add 10.0.23.2 24
lsw2
vlan 23
int g0/0/3
port link-type access
port default vlan 23
int vlan 23
ip add 10.0.23.1 24
lsw4
vlan 14
int g0/0/1
port link-type access
port default vlan 14
int vlan 14
ip add 10.0.14.2 24
lsw1
vlan 14
int g0/0/3
port link-type access
port default vlan 14
int vlan 14
ip add 10.0.14.1 24
lsw4
vlan 24
int g0/0/2
port link-type access
port default vlan 24
int vlan 24
ip add 10.0.24.2 24
lsw2
vlan 24
int g0/0/4
port link-type access
port default vlan 24
int vlan 24
ip add 10.0.24.1 24
横向左右互联
lsw3
vlan 34
int eth-trunk 1
port trunk allow-pass vlan 34
int vlan 34
ip add 10.0.34.1 24
lsw4
vlan 34
int eth-trunk 1
port trunk allow-pass vlan 34
int vlan 34
ip add 10.0.34.1 24
lsw1
vlan 12
int Eth-Trunk 12
trunkport g0/0/1
trunkport g0/0/2
port link-type trunk
port trunk allow-pass vlan 12
undo trunk allow-pass vlan 1
int vlan 12
ip address 10.0.12.1 24
lsw2
vlan 12
int Eth-Trunk 12
trunkport g0/0/1
trunkport g0/0/2
port link-type trunk
port trunk allow-pass vlan 12
undo port trunk allow-pass vlan 1
int vlan 12
ip address 10.0.12.2 24
得关闭核心层交换机生成树
undo stp enable
