Cisco之中小企业网络(STP_HSRP)-创新互联

STP(Spanning Tree Protocol),是生成树协议的缩写。在实际的网络环境中,通过物理链路备份可以实现链路的冗余,从而提高网络的可靠性。但是,交换网络会形成一个环路,根据交换机的转发原理(交换机向除接收端口之外的所有端口转发广播帧),会形成广播风暴,导致网络瘫痪。而STP协议正是用来解决二层环路的,STP协议通过一些特定的算法,在逻辑上阻塞一些端口,把一个环形的结构改变成一个逻辑上的树形结构,当正常通信的线路出现故障时,被阻塞的端口会被重新激活,使数据能够从这条线路上正常传输。此协议在Cisco交换机上默认为开启。

成都创新互联公司基于成都重庆香港及美国等地区分布式IDC机房数据中心构建的电信大带宽,联通大带宽,移动大带宽,多线BGP大带宽租用,是为众多客户提供专业成都多线机房报价,主机托管价格性价比高,为金融证券行业服务器托管,ai人工智能服务器托管提供bgp线路100M独享,G口带宽及机柜租用的专业成都idc公司。

    HSRP(Hot Standby Router Protocol),热备份路由选择协议,是思科的一种私有协议。该协议中有多台路由器,对应一个HSPR组,该组只有一台路由器承担转发用户流量的职责,称为活跃路由器(路由器优先级最高,通常手工指定),另一台为备份路由器。当活跃路由器失效时,备份路由器将承担所有流量的转发,成为新的活跃路由器,这就是热备份的原理。

    示例:公司内部网络拓朴图如下:

Cisco之中小企业网络(STP_HSRP)

架构说明:

1)IP规划:

vlan 10:172.16.10.0/24 网关:172.16.10.253

vlan 20:172.16.20.0/24 网关:172.16.20.253

vlan 100:172.16.100.0/24 网关:172.16.100.253 (设备管理)

2)通过STP和HSRP实现VLAN间的负载均衡,奇数开始的VLAN以SW1为活跃路由器,以SW2为备份路由器。偶数开始的VLAN以SW2为活跃路由器,以SW1为备份路由器。即:

SW1作为vlan10的活跃路由器,vlan20的备份路由器

SW2作为vlan 20的活跃路由器,vlan10的备份路由器

配置如下:

1)配置基本信息:

ROUTER的配置信息:

ROUTER(config)#hostname ROUTER

ROUTER(config)#int f1/0

ROUTER(config-if)#ip add 172.16.1.5 255.255.255.252

ROUTER(config-if)#no sh

ROUTER(config-if)#int f0/0

ROUTER(config-if)#ip add 172.16.1.2 255.255.255.252

ROUTER(config-if)#no sh

ROUTER(config)#ip route 172.16.10.0 255.255.255.0 172.16.1.1

ROUTER(config)#ip route 172.16.20.0 255.255.255.0 172.16.1.1

ROUTER(config)#ip route 172.16.100.0 255.255.255.0 172.16.1.1

ROUTER(config)#ip route 172.16.10.0 255.255.255.0 172.16.1.6

ROUTER(config)#ip route 172.16.20.0 255.255.255.0 172.16.1.6

ROUTER(config)#ip route 172.16.100.0 255.255.255.0 172.16.1.6

ROUTER#wr

SW1的配置信息:

SW1(config)#hostname SW1

SW1(config)#ip routing

SW1(config)#int f1/8

SW1(config-if)#no switchport

SW1(config-if)#ip add 172.16.1.1 255.255.255.252

SW1(config-if)#no sh

SW1(config)#int range f1/5 - 6

SW1(config-if-range)#channel-group 1 mode on

SW1(config)#int range port-channel 1 , f1/0 - 1

SW1(config-if-range)#sw trunk encapsulation dot1q

SW1(config-if-range)#sw mo tr

SW1(config)#vlan 10

SW1(config-vlan)#vlan 20

SW1(config-vlan)#vlan 100

SW1(config)#vtp domain cisco

SW1(config)#vtp password cisco

SW1(config)#vtp mode server

SW1(config)#vtp pruning

SW1(config)#int vlan 100

SW1(config-if)#ip add 172.16.100.253 255.255.255.0

SW1(config-if)#no sh

SW1(config)#ip route 0.0.0.0 0.0.0.0 172.16.1.2

SW1#wr

SW2的配置信息:

SW2(config)#hostname SW2

SW2(config)#ip routing

SW2(config)#int f1/8

SW2(config-if)#no switchport

SW2(config-if)#ip add 172.16.1.6 255.255.255.252

SW2(config-if)#no sh

SW2(config)#int range f1/5 - 6

SW2(config-if-range)#channel-group 1 mode on

SW2(config)#int range port-channel 1 , f1/1 - 2

SW2(config-if-range)#sw trunk encapsulation dot1q

SW2(config-if-range)#sw mo tr

SW2(config)#vtp domain cisco

SW2(config)#vtp password cisco

SW2(config)#vtp mode client

SW2(config)#int vlan 100

SW2(config-if)#ip add 172.16.100.2 255.255.255.0

SW2(config-if)#no sh

SW2#wr

SW2#sh vlan-swi

VLAN Name               Status   Ports

---- -------------------------------- --------- -------------------------------

1   default              active   Fa1/0, Fa1/3, Fa1/4, Fa1/7

                        Fa1/9, Fa1/10, Fa1/11, Fa1/12

                        Fa1/13, Fa1/14, Fa1/15

10  VLAN0010             active

20  VLAN0020             active

100  VLAN0100             active

...

SW2(config)#ip route 0.0.0.0 0.0.0.0 172.16.1.5

SW2#wr

s3的配置信息:

s3(config)#int range f1/0 - 1

s3(config-if-range)#sw mo tr

s3(config)#vtp domain cisco

s3(config)#vtp password cisco

s3(config)#vtp mode client

s3(config)#int f1/8

s3(config-if)#sw mo ac

s3(config-if)#sw ac vlan 10

s3(config)#int vlan 100

s3(config-if)#ip add 172.16.100.3 255.255.255.0

s3(config-if)#no sh

s3(config)#ip default-gateway 172.16.100.253

s3#wr

s3#sh vlan-swi

VLAN Name               Status   Ports

---- -------------------------------- --------- -------------------------------

1   default              active   Fa1/2, Fa1/3, Fa1/4, Fa1/5

                        Fa1/6, Fa1/7, Fa1/9, Fa1/10

                        Fa1/11, Fa1/12, Fa1/13, Fa1/14

                        Fa1/15

10  VLAN0010             active   Fa1/8

20  VLAN0020             active

s4的配置信息:

s4(config)#int range f1/1 - 2

s4(config-if-range)#sw mo tr

s4(config)#vtp domain cisco

s4(config)#vtp password cisco

s4(config)#vtp mode client

s4(config)#int f1/11

s4(config-if)#sw mo ac

s4(config-if)#sw ac vl 20

s4(config)#int vlan 100

s4(config-if)#ip add 172.16.100.4 255.255.255.0

s4(config-if)#no sh

s4#wr

s4#sh vlan-swi

VLAN Name               Status   Ports

---- -------------------------------- --------- -------------------------------

1   default              active   Fa1/0, Fa1/3, Fa1/4, Fa1/5

                        Fa1/6, Fa1/7, Fa1/8, Fa1/9

                        Fa1/10, Fa1/12, Fa1/13, Fa1/14

                        Fa1/15

10  VLAN0010             active

20  VLAN0020             active   Fa1/11

...

s4#sh vtp status

VTP Version           : 2

Configuration Revision      : 4

Maximum VLANs supported locally : 36

Number of existing VLANs     : 8

VTP Operating Mode        : Client

VTP Domain Name         : cisco

VTP Pruning Mode         : Enabled

VTP V2 Mode           : Disabled

VTP Traps Generation       : Disabled

MD5 digest            : 0x03 0xC2 0xA3 0x35 0xCA 0xAA 0x8D 0x32

Configuration last modified by 172.16.1.1 at 3-1-02 01:11:32

2)分别在SW1、SW2上配置DHCP服务(完全一致):

SW1(config)#ip dhcp pool vlan10

SW1(dhcp-config)#network 172.16.10.0 255.255.255.0

SW1(dhcp-config)#dns-server 202.96.134.133 8.8.8.8

SW1(dhcp-config)#default-router 172.16.10.253

SW1(config)#ip dhcp excluded-address 172.16.10.250 172.16.10.254

SW1(config)#ip dhcp pool vlan20

SW1(dhcp-config)#network 172.16.20.0 255.255.255.0

SW1(dhcp-config)#dns-server 202.96.134.133 8.8.8.8

SW1(dhcp-config)#default-router 172.16.20.253

SW1(config)#ip dhcp excluded-address 172.16.20.250 172.16.20.254

SW2#wr

SW1#sh run | sec dhcp

no ip dhcp use vrf connected

ip dhcp excluded-address 172.16.10.250 172.16.10.254

ip dhcp excluded-address 172.16.20.250 172.16.20.254

ip dhcp pool vlan10

  network 172.16.10.0 255.255.255.0

  dns-server 202.96.134.133 8.8.8.8

  default-router 172.16.10.253

ip dhcp pool vlan20

  network 172.16.20.0 255.255.255.0

  dns-server 202.96.134.133 8.8.8.8

  default-router 172.16.10.253

3)配置HSRP:

SW1配置:

SW1(config)#int vlan 10

SW1(config-if)#ip add 172.16.10.250 255.255.255.0

SW1(config-if)#no sh

SW1(config-if)#standby 10 ip 172.16.10.253                #配置虚拟IP

SW1(config-if)#standby 10 priority 150                    #配置优先级

SW1(config-if)#standby 10 preempt                         #配置占先权

SW1(config-if)#standby 10 track f1/8 100                 #配置端口跟踪

SW1(config-if)#standby 10 track port-channel 1 100

SW1(config)#int vlan 20

SW1(config-if)#ip add 172.16.20.250 255.255.255.0

SW1(config-if)#no sh

SW1(config-if)#standby 20 ip 172.16.20.253                #作为vlan20的备份路由器,优先级

SW1(config-if)#standby 20 preempt                         默认为100,并且不需要配置端口跟踪

SW1(config-if)#int vlan 100

SW1(config-if)#ip add 172.16.100.253 255.255.255.0

SW1(config-if)#no sh

SW1#wr

SW2的配置:

SW2(config)#int vlan 10

SW2(config-if)#ip add 172.16.10.251 255.255.255.0

SW2(config-if)#no sh

SW2(config-if)#standby 10 ip 172.16.10.253

SW2(config-if)#standby 10 preempt

SW2(config)#int vlan 20

SW2(config-if)#ip add 172.16.20.251 255.255.255.0

SW2(config-if)#no sh

SW2(config-if)#standby 20 ip 172.16.20.253

SW2(config-if)#standby 20 priority 150

SW2(config-if)#standby 20 preempt

SW2(config-if)#standby 20 track f1/8 100

SW2(config-if)#standby 20 track port-channel 1 100

SW2#wr

SW1#sh standby b                                          #在SW1上验证

          P indicates configured to preempt.

          |

Interface Grp  Pri P State  Active      Standby     Virtual IP

Vl10    10  150 P Active  local      172.16.10.251  172.16.10.253

Vl20    20  100 P Standby 172.16.20.251  local      172.16.20.253

Vl100   10  100  Init   unknown     unknown     172.16.10.254

SW2#sh standby b                                          #在SW2上验证

          P indicates configured to preempt.

          |

Interface Grp  Pri P State  Active      Standby     Virtual IP

Vl10    10  100 P Standby 172.16.10.250  local      172.16.10.253

Vl20    20  150 P Active  local      172.16.20.250  172.16.20.253

4)配置STP,实现VLAN间的负载均衡:

SW1(config)#spanning-tree vlan 10 root primary

SW1(config)#spanning-tree vlan 20 root secondary

SW1#wr

SW2(config)#spanning-tree vlan 20 root primary

SW2(config)#spanning-tree vlan 10 root secondary

SW2#wr

在SW1上查看STP信息,可见SW1是VLAN10的根网桥,是VLAN20的备份根桥。

SW1#sh spanning-tree brief

VLAN10

 Spanning tree enabled protocol ieee

 Root ID   Priority   8192

       Address   c006.1e3c.0001

       This bridge is the root

       Hello Time  2 sec  Max Age 20 sec  Forward Delay 15 sec

 Bridge ID  Priority   8192

       Address   c006.1e3c.0001

       Hello Time  2 sec  Max Age 20 sec  Forward Delay 15 sec

       Aging Time 300

Interface                  Designated

Name         Port ID Prio Cost  Sts Cost  Bridge ID       Port ID

-------------------- ------- ---- ----- --- ----- -------------------- -------

FastEthernet1/0    128.41  128   19 FWD   0  8192 c006.1e3c.0001 128.41

FastEthernet1/1    128.42  128   19 FWD   0  8192 c006.1e3c.0001 128.42

Port-channel1     129.65  128   12 FWD   0  8192 c006.1e3c.0001 129.65

在s3上查看,可见f1/1的端口被阻塞

s3#sh spanning-tree vlan 10

...

Port 42 (FastEthernet1/1) of VLAN10 is blocking

  Port path cost 19, Port priority 128, Port Identifier 128.42.

  Designated root has priority 8192, address c006.1e3c.0001

  Designated bridge has priority 16384, address c007.1e3c.0001

  Designated port id is 128.42, designated path cost 12

  Timers: message age 3, forward delay 0, hold 0

  Number of transitions to forwarding state: 0

  BPDU: sent 2, received 2298

...

5)配置远程SSH管理:

SW1(config)#ip domain-name cisco

SW1(config)#username best password best1

SW1(config)#crypto key generate rsa general-keys modulus 1024

SW1(config)#ip ssh version 2

SW1(config)#enable secret cisco

SW1(config)#access-list 1 permit 172.16.20.0 0.0.0.255

SW1(config)#line vty 0 4

SW1(config-line)#login local

SW1(config-line)#access-class 1 in

SW1(config-line)#transport input ssh

SW1#wr

在客户端远程登陆:

R6#ssh -l best 172.16.100.253

Password:

SW1>en

Password:

SW1#sh ip int b

Interface          IP-Address    OK? Method Status         Protocol

FastEthernet0/0       unassigned    YES unset  administratively down down

FastEthernet0/1       unassigned    YES unset  administratively down down

FastEthernet1/0       unassigned    YES unset  up           up

另外有需要云服务器可以了解下创新互联scvps.cn,海内外云服务器15元起步,三天无理由+7*72小时售后在线,公司持有idc许可证,提供“云服务器、裸金属服务器、高防服务器、香港服务器、美国服务器、虚拟主机、免备案服务器”等云主机租用服务以及企业上云的综合解决方案,具有“安全稳定、简单易用、服务可用性高、性价比高”等特点与优势,专为企业上云打造定制,能够满足用户丰富、多元化的应用场景需求。


当前文章:Cisco之中小企业网络(STP_HSRP)-创新互联
文章出自:http://pwwzsj.com/article/geohg.html