交换机 vrrp+mstp配置实例.doc

交换机 vrrp+mstp配置实例锐捷tac贾文宇一、 组网需求1、 switch a 、switch b选用两台锐捷的s5750 ；switch c 、shwich d 选用锐捷的 s3750和s37602、 全网共有两个业务vlan ,为 vlan 10 、vlan 203、 Switch a 、switch b 都分别对两vlan起用两vrrp组，实现两组的业务的负载分担和备份。4、 Switch a、switch b、switch c、switch d 都起用 mstp多生成数协议，并且所有设备都属于同一个mst域，且实例映射一致（vlan 10映射实例1、vlan 20映射实例2 其他vlan映射默认实例0）。5、 Vlan 10业务以switch a为根桥； vlan 20业务以switch b为根桥；实现阻断网络环路，并能实现不同vlan数据流负载分担功能。二、 组网图三、 配置步骤Switch a配置：s1#show runBuilding configuration.Current configuration : 1651 bytes!version RGNOS 10.2.00(2), Release(29287)(Tue Dec 25 20:39:14 CST 2007 -ngcf49)hostname s1co-operate enable!vlan 1!vlan 10!vlan 20!no service password-encryption!spanning-tree 开启生成树（默认为mstp）spanning-tree mst configuration 进入mst配置模式 revision 1 指定MST revision number 为1 name region1 指定mst配置名称 instance 0 vlan 1-9, 11-19, 21-4094 缺省情况下vlan都属于实例0 instance 1 vlan 10 手工指定vlan10属于实例1 instance 2 vlan 20 手工指定vlan20属于实例2spanning-tree mst 1 priority 0 指定实例1的优先级为0（为根桥）spanning-tree mst 2 priority 4096 指定实例2的优先级为4096interface GigabitEthernet 0/1 switchport access vlan 10 配置g0/1属于vlan10!interface GigabitEthernet 0/2 switchport access vlan 20 配置g0/2属于vlan 20!interface GigabitEthernet 0/3!.interface GigabitEthernet 0/24 设置g0/24为trunk接口且允许vlan10/20通过 switchport mode trunk!interface VLAN 10 创建vlan 10 svi接口 ip address 配置ip地址 vrrp 1 priority 120 配置vrrp组1 优先级为120 vrrp 1 ip 54 配置vrrp组 1虚拟ip地址为 54!interface VLAN 20 创建vlan 20 svi接口 ip address 配置ip地址 vrrp 2 ip 54 配置vrrp组 2虚拟ip地址为 54 默认vrrp组的优先级为100默认不显示!line con 0line vty 0 4 logins1#show vlanVLAN Name Status Ports- - - - 1 VLAN0001 STATIC Gi0/3, Gi0/4, Gi0/5, Gi0/6 Gi0/7, Gi0/8, Gi0/9, Gi0/10 Gi0/11, Gi0/12, Gi0/13, Gi0/14 Gi0/15, Gi0/16, Gi0/17, Gi0/18 Gi0/19, Gi0/20, Gi0/21, Gi0/22 Gi0/23, Gi0/24 10 VLAN0010 STATIC Gi0/1, Gi0/24 20 VLAN0020 STATIC Gi0/2, Gi0/24Switch b配置：s2#show runBuilding configuration.Current configuration : 1607 bytes!version RGNOS 10.2.00(2), Release(27932)(Thu Dec 13 10:32:09 CST 2007 -ngcf31)hostname s2!vlan 1!vlan 10!vlan 20!no service password-encryption!spanning-treespanning-tree mst configuration revision 1 name region1 instance 0 vlan 1-9, 11-19, 21-4094 instance 1 vlan 10 instance 2 vlan 20spanning-tree mst 1 priority 4096spanning-tree mst 2 priority 0interface GigabitEthernet 0/1 switchport access vlan 10!interface GigabitEthernet 0/2 switchport access vlan 20!.interface GigabitEthernet 0/24 switchport mode trunk!interface VLAN 10 ip address vrrp 1 ip 54!interface VLAN 20 ip address vrrp 2 priority 120 vrrp 2 ip 54!line con 0line vty 0 4 login!ends2#show vlanVLAN Name Status Ports- - - - 1 VLAN0001 STATIC Gi0/3, Gi0/4, Gi0/5, Gi0/6 Gi0/7, Gi0/8, Gi0/9, Gi0/10 Gi0/11, Gi0/12, Gi0/13, Gi0/14 Gi0/15, Gi0/16, Gi0/17, Gi0/18 Gi0/19, Gi0/20, Gi0/21, Gi0/22 Gi0/23, Gi0/24 10 VLAN0010 STATIC Gi0/1, Gi0/24 20 VLAN0020 STATIC Gi0/2, Gi0/24Switch c配置：s3#show runBuilding configuration.Current configuration : 1540 bytes!version RGNOS 10.2.00(2), Release(28794)(Fri Dec 21 09:27:15 CST 2007 -ngcf32)hostname s3!vlan 1!vlan 10!service password-encryption!spanning-treespanning-tree mst configuration revision 1 name region1 instance 0 vlan 1-9, 11-19, 21-4094 instance 1 vlan 10 instance 2 vlan 20spanning-tree mst 1 priority 0spanning-tree mst 2 priority 4096interface FastEthernet 0/1 switchport access vlan 10!interface FastEthernet 0/2 switchport access vlan 10!.interface GigabitEthernet 0/25!interface GigabitEthernet 0/26!interface GigabitEthernet 0/27!interface GigabitEthernet 0/28!interface VLAN 10 ip address !ip route 54!line con 0line vty 0 4 loginSwitch d配置：s4#show runBuilding configuration.Current configuration : 1066 bytes!version RGNOS 10.2.00(2), Release(27932)(Thu Dec 13 10:31:41 CST 2007 -ngcf32)hostname s4!vlan 1!vlan 20!no service password-encryption!spanning-treespanning-tree mst configuration revision 1 name region1 instance 0 vlan 1-9, 11-19, 21-4094 instance 1 vlan 10 instance 2 vlan 20spanning-tree mst 1 priority 4096spanning-tree mst 2 priority 0interface GigabitEthernet 0/1 switchport access vlan 20!interface GigabitEthernet 0/2 switchport access vlan 20!.interface GigabitEthernet 0/12!interface VLAN 20 ip address !ip route 54!line con 0line vty 0 4 login!四、 查看vrrp、mstp信息Switch a 信息：s1#show vrrp 查看vrrp 信息VLAN 10 - Group 1 State is Master Virtual IP address is 54 configured Virtual MAC address is 0000.5e00.0101 Advertisement interval is 1 sec Preemption is enabled min delay is 0 sec Priority is 120 Master Router is (local), priority is 120 Master Advertisement interval is 1 sec Master Down interval is 3 secVLAN 20 - Group 2 State is Backup Virtual IP address is 54 configured Virtual MAC address is 0000.5e00.0102 Advertisement interval is 1 sec Preemption is enabled min delay is 0 sec Priority is 100 Master Router is , priority is 120 Master Advertisement interval is 1 sec Master Down interval is 3 secs1#s1#s1#s1#show spanning-tree interface gigabitEthernet 0/1 查看g0/1接口stp状态信息PortAdminPortFast : DisabledPortOperPortFast : DisabledPortAdminAutoEdge : EnabledPortOperAutoEdge : DisabledPortAdminLinkType : autoPortOperLinkType : point-to-pointPortBPDUGuard : DisabledPortBPDUFilter : Disabled# MST 0 vlans mapped :1-9, 11-19, 21-4094PortState : forwardingPortPriority : 128PortDesignatedRoot : 8000.001a.a909.8fe0PortDesignatedCost : 0PortDesignatedBridge :8000.00d0.f836.ed70PortDesignatedPort : 8001PortForwardTransitions : 6PortAdminPathCost : 200000PortOperPathCost : 200000PortRole : designatedPort# MST 1 vlans mapped :10PortState : forwardingPortPriority : 128PortDesignatedRoot : 0001.00d0.f823.ef82PortDesignatedCost : 0PortDesignatedBridge :0001.00d0.f823.ef82PortDesignatedPort : 8001PortForwardTransitions : 5PortAdminPathCost : 200000PortOperPathCost : 200000PortRole : rootPort# MST 2 vlans mapped :20PortState : forwardingPortPriority : 128PortDesignatedRoot : 0002.001a.a909.8fe0PortDesignatedCost : 0PortDesignatedBridge :1002.00d0.f836.ed70PortDesignatedPort : 8001PortForwardTransitions : 4PortAdminPathCost : 200000PortOperPathCost : 200000PortRole : designatedPorts1#s1#s1#show spanning-tree interface gigabitEthernet 0/2 查看g0/2接口stp状态信息PortAdminPortFast : DisabledPortOperPortFast : DisabledPortAdminAutoEdge : EnabledPortOperAutoEdge : DisabledPortAdminLinkType : autoPortOperLinkType : point-to-pointPortBPDUGuard : DisabledPortBPDUFilter : Disabled# MST 0 vlans mapped :1-9, 11-19, 21-4094PortState : forwardingPortPriority : 128PortDesignatedRoot : 8000.001a.a909.8fe0PortDesignatedCost : 0PortDesignatedBridge :8000.00d0.f836.ed70PortDesignatedPort : 8002PortForwardTransitions : 5PortAdminPathCost : 20000PortOperPathCost : 20000PortRole : designatedPort# MST 1 vlans mapped :10PortState : forwardingPortPriority : 128PortDesignatedRoot : 0001.00d0.f823.ef82PortDesignatedCost : 0PortDesignatedBridge :0001.00d0.f836.ed70PortDesignatedPort : 8002PortForwardTransitions : 4PortAdminPathCost : 20000PortOperPathCost : 20000PortRole : designatedPort# MST 2 vlans mapped :20PortState : discardingPortPriority : 128PortDesignatedRoot : 0002.001a.a909.8fe0PortDesignatedCost : 0PortDesignatedBridge :0002.00d0.f8d7.ae12PortDesignatedPort : 8002PortForwardTransitions : 3PortAdminPathCost : 20000PortOperPathCost : 20000PortRole : alternatePorts1#s1#s1#show spanning-tree interface gigabitEthernet 0/24 g0/24接口stp状态信息PortAdminPortFast : DisabledPortOperPortFast : DisabledPortAdminAutoEdge : EnabledPortOperAutoEdge : DisabledPortAdminLinkType : autoPortOperLinkType : point-to-pointPortBPDUGuard : DisabledPortBPDUFilter : Disabled# MST 0 vlans mapped :1-9, 11-19, 21-4094PortState : forwardingPortPriority : 128PortDesignatedRoot : 8000.001a.a909.8fe0PortDesignatedCost : 0PortDesignatedBridge :8000.001a.a909.8fe0PortDesignatedPort : 8018PortForwardTransitions : 5PortAdminPathCost : 20000PortOperPathCost : 20000PortRole : rootPort# MST 1 vlans mapped :10PortState : forwardingPortPriority : 128PortDesignatedRoot : 0001.00d0.f823.ef82PortDesignatedCost : 0PortDesignatedBridge :0001.00d0.f836.ed70PortDesignatedPort : 8018PortForwardTransitions : 5PortAdminPathCost : 20000PortOperPathCost : 20000PortRole : designatedPort# MST 2 vlans mapped :20PortState : forwardingPortPriority : 128PortDesignatedRoot : 0002.001a.a909.8fe0PortDesignatedCost : 0PortDesignatedBridge :0002.001a.a909.8fe0PortDesignatedPort : 8018PortForwardTransitions : 4PortAdminPathCost : 20000PortOperPathCost : 20000PortRole : rootPorts1#Switch b 信息(略)：Switch c 信息：s3#show spanning-tree interface fastEthernet 0/1PortAdminPortFast : DisabledPortOperPortFast : DisabledPortAdminAutoEdge : EnabledPortOperAutoEdge : DisabledPortAdminLinkType : autoPortOperLinkType : point-to-pointPortBPDUGuard : DisabledPortBPDUFilter : Disabled# MST 0 vlans mapped :1-9, 11-19, 21-4094PortState : discardingPortPriority : 128PortDesignatedRoot : 8000.001a.a909.8fe0PortDesignatedCost : 0PortDesignatedBridge :8000.00d0.f836.ed70PortDesignatedPort : 8001PortForwardTransitions : 1PortAdminPathCost : 200000PortOperPathCost : 200000PortRole : alternatePort# MST 1 vlans mapped :10PortState : forwardingPortPriority : 128PortDesignatedRoot : 0001.00d0.f823.ef82PortDesignatedCost : 0PortDesignatedBridge :0001.00d0.f823.ef82PortDesignatedPort : 8001PortForwardTransitions : 1PortAdminPathCost : 200000PortOperPathCost : 200000PortRole : designatedPort# MST 2 vlans mapped :20PortState : discardingPortPriority : 128PortDesignatedRoot : 0002.001a.a909.8fe0PortDesignatedCost : 0PortDesignatedBridge :1002.00d0.f836.ed70PortDesignatedPort : 8001PortForwardTransitions : 0PortAdminPathCost : 200000PortOperPathCost : 200000PortRole : alternatePorts3#s3#s3#s3#s3#show spanning-tree interface fastEthernet 0/2PortAdminPortFast : DisabledPortOperPortFast : DisabledPortAdminAutoEdge : EnabledPortOperAutoEdge : DisabledPortAdminLinkType : autoPortOperLinkType : point-to-pointPortBPDUGuard : DisabledPortBPDUFilter : Disabled# MST 0 vlans mapped :1-9, 11-19, 21-4094PortState : forwardingPortPriority : 128PortDesignatedRoot : 8000.001a.a909.8fe0PortDesignatedCost : 0PortDesignatedBridge :8000.001a.a909.8fe0PortDesignatedPort : 8001PortForwardTransitions : 1PortAdminPathCost : 200000PortOperPathCost : 200000PortRole : rootPort# MST 1 vlans mapped :10PortState : forwardingPortPriority : 128PortDesignatedRoot : 0001.00d0.f823.ef82PortDesignatedCost : 0PortDesignatedBridge :0001.00d0.f823.ef82PortDesignatedPort : 8002PortForwardTransitions : 2PortAdminPathCost : 200000PortOperPathCost : 200000PortRole : designatedPort# MST 2 vlans mapped :20PortState : forwardingPortPriority : 128PortDesignatedRoot : 0002.001a.a909.8fe0PortDesignatedCost : 0PortDesignatedBridge :0002.001a.a909.8fe0PortDesignatedPort : 8001PortForwardTransitions : 1PortAdminPathCost : 200000PortOperPathCost : 200000PortRole : rootPorts3#Switch d 信息（略）：1.1 RSTP和MSTP配合为什么有问题1.1.1 原因分析由于RSTP/MSTP的指定端口快速迁移机制，即接收到下游的agreement报文才能进行快速迁移。引发这样的问题：上游桥运行RSTP，下游运行MSTP，此时，RSTP不向下游发agreement报文，MSTP的根端口没有接收到agreement报文，则表示MSTP没有同步，这就意味着根端口不向上游RSTP指定端口发agreement。所以，MSTP域内的agreement被抑制，上游RSTP指定端口只能在2倍的Forward Delay延时后Forwarding。1.1.2 解决办法将运行MSTP协议的桥作为上游，运行RSTP的桥做下游。因为RSTP的同步不要求根端口接收到上游的agreement，所以在这种情况下上游MSTP指定端口可以接收到下游RSTP根端口发送的agreement，就可以快速迁移了。1.2 TC报文的来源有哪些TC报文可能来自于以下几种情况：（1）连接终端的端口使能了STP，但是没有配置边缘端口，当终端发生重启等情况导致该端口发生链路状态变化时，该端口会产生TC报文并向整个二层网络中传播；（2）因更改配置参数，网络中设备或链路出现故障等原因，引发STP重计算时，有可能产生TC报文；（3）来自用户设备的攻击TC报文也可能传入其所接入的二层网络；1.3 如何抑制TC报文了解了TC报文的来源，就可以有针对的进行TC的抑止了。主要的措施如下：（1）连接终端的端口使能了STP，配置边缘端口，同时启用BPDU保护；或者连接终端的端口上去使能STP；或者根据具体应用情况，在连接终端的端口上配置BPDU Drop；（2）在开局时就做好网络规划。除非征的局方同意，杜绝在现网更改配置参数； （3）在我司设备的网络和其他厂商用户设备的网络交界处，只有单条路径连接的，在该链路所连端口上配置STP Disable或者BPDU Drop；存在多条路径的，对其异常收TC情况进行监控和检查；而对于网络中设备或链路出现故障等原因，引发STP重计算，产生的TC报文是正常协议运行的TC报文，不是故障；1.4 TC报文如何产生和进行转发的TC报文产生的根源是两个：（1）设备主动发送；（2）恶意用户攻击；设备主动发送TC报文需要满足下面两个条件：（1）非边缘端口角色从Disable，Alternate，Backupr端口变为Root，Desgin，Master；（2）端口状态从Discarding变为Fo