中型企业VRRP+OSPF 心跳线组网配置案例

中型企业VRRP+OSPF 心跳线组网配置案例

一、接入层为到核心为二层Trunk，核心交换机配置VRRP保证网络可靠性，配置负载分担有效利用资源带宽，配置VRRP认证密码为wlgly.net保证数据安全。

二、核心网络为OSPF,核心交换机直接配置trunk心跳线保证VRRP报文转发。

三、核心交换机配置VRRP联动接口监视上行链接状态切换主备。

四、由于核心交换机与接入交换之间物理成环，实际不成环，为了避免核心交换机之间的主备状态可以关闭接入交换机上行接口的STP。

五、各个设备配置如下

1、S3700-L1

<L1>dis cu
#
sysname L1
#
vlan batch 10 20
#
stp mode rstp
#
interface Vlanif1
#
interface Vlanif10
#
interface MEth0/0/1
#
interface Ethernet0/0/1
 port link-type access
 port default vlan 10
#
interface Ethernet0/0/2
 port link-type access
 port default vlan 20
#
interface GigabitEthernet0/0/1
 port link-type trunk
 port trunk allow-pass vlan 10 20
#
interface GigabitEthernet0/0/2
 port link-type trunk
 port trunk allow-pass vlan 10 20
#
interface NULL0
#
user-interface con 0
user-interface vty 0 4
#
return
<L1>  

2、S3700-L8

<L8>dis cu
#
sysname L8
#
vlan batch 88 to 89
#
stp mode rstp
#
interface Vlanif1
#
interface MEth0/0/1
#
interface Ethernet0/0/1
 port link-type access
 port default vlan 88
#
interface Ethernet0/0/2
 port link-type access
 port default vlan 89
#
interface GigabitEthernet0/0/1
 port link-type trunk
 port trunk allow-pass vlan 88 to 89
#
interface GigabitEthernet0/0/2
 port link-type trunk
 port trunk allow-pass vlan 88 to 89
#
return

<L8> 

3、S5700- CORE 2

<core 2>dis cu
#
sysname core 2
#
vlan batch 10 20 88 to 89 100
#
stp mode rstp
#
interface Vlanif10
 ip address 192.168.10.254 255.255.255.0
 vrrp vrid 1 virtual-ip 192.168.10.252
 vrrp vrid 1 priority 120
 vrrp vrid 1 track interface GigabitEthernet0/0/24 reduced 100
 vrrp vrid 1 authentication-mode md5 `*LP&Vy_0.uqcXT}k'OIA~.#
#
interface Vlanif20
 ip address 192.168.20.254 255.255.255.0
 vrrp vrid 2 virtual-ip 192.168.20.252
 vrrp vrid 2 priority 120
 vrrp vrid 2 track interface GigabitEthernet0/0/24 reduced 100
 vrrp vrid 2 authentication-mode md5 =$-cX&hd@PuqcXT}k'OI{d3#
#
interface Vlanif88
 ip address 192.168.88.254 255.255.255.0
 vrrp vrid 88 virtual-ip 192.168.88.252
 vrrp vrid 88 authentication-mode md5 nY;4~%5+.2^QW:LZJi;=VEV#
#
interface Vlanif89
 ip address 192.168.89.254 255.255.255.0
 vrrp vrid 89 virtual-ip 192.168.89.252
 vrrp vrid 89 authentication-mode md5 :;<TI\zNuRG%*%)tS)cG7H0#
#
interface Vlanif100
 ip address 172.16.1.254 255.255.255.0
#
interface GigabitEthernet0/0/1
 port link-type trunk
 port trunk allow-pass vlan 10 20
#
interface GigabitEthernet0/0/2
 port link-type trunk
 port trunk allow-pass vlan 88 to 89
#
interface GigabitEthernet0/0/23
 port link-type trunk
 port trunk allow-pass vlan 10 20 88 to 89
#
interface GigabitEthernet0/0/24
 port link-type access
 port default vlan 100
#
interface NULL0
#
ospf 1
 area 0.0.0.0
  network 192.168.10.0 0.0.0.255
  network 192.168.20.0 0.0.0.255
  network 192.168.88.0 0.0.0.255
  network 192.168.89.0 0.0.0.255
  network 172.16.1.0 0.0.0.255
#
return

4、S5700- CORE 1

<core 1>dis cu
#
sysname core 1
#
vlan batch 10 20 88 to 89 200
#
stp mode rstp
#
interface Vlanif10
 ip address 192.168.10.253 255.255.255.0
 vrrp vrid 1 virtual-ip 192.168.10.252
 vrrp vrid 1 authentication-mode md5 LhZ4WHGsA5^QW:LZJi;=W>a#
#
interface Vlanif20
 ip address 192.168.20.253 255.255.255.0
 vrrp vrid 2 virtual-ip 192.168.20.252
 vrrp vrid 2 authentication-mode md5 %>,,KC{Yk:Wq<}.DH-])4.2#
#
interface Vlanif88
 ip address 192.168.88.253 255.255.255.0
 vrrp vrid 88 virtual-ip 192.168.88.252
 vrrp vrid 88 priority 120
 vrrp vrid 88 preempt-mode timer delay 20
 vrrp vrid 88 track interface GigabitEthernet0/0/24 reduced 100
 vrrp vrid 88 authentication-mode md5 [WJ\<%Gn9)G%*%)tS)cG"E[#
#
interface Vlanif89
 ip address 192.168.89.253 255.255.255.0
 vrrp vrid 89 virtual-ip 192.168.89.252
 vrrp vrid 89 priority 120
 vrrp vrid 89 preempt-mode timer delay 20
 vrrp vrid 89 track interface GigabitEthernet0/0/24 reduced 100
 vrrp vrid 89 authentication-mode md5 cdLHH^I~95JlDGI>zbS=xG~#
#
interface Vlanif200
 ip address 172.16.2.254 255.255.255.0
#
interface MEth0/0/1
#
interface GigabitEthernet0/0/1
 port link-type trunk
 port trunk allow-pass vlan 88 to 89
#
interface GigabitEthernet0/0/2
 port link-type trunk
 port trunk allow-pass vlan 10 20
#
interface GigabitEthernet0/0/23
 port link-type trunk
 port trunk allow-pass vlan 10 20 88 to 89
#
interface GigabitEthernet0/0/24
 port link-type access
 port default vlan 200
#
interface NULL0
#
ospf 1
 area 0.0.0.0
  network 172.16.2.0 0.0.0.255
  network 192.168.10.0 0.0.0.255
  network 192.168.20.0 0.0.0.255
  network 192.168.88.0 0.0.0.255
  network 192.168.89.0 0.0.0.255
#
return
<core 1>  

5、Router- R1

<router-r1>dis cu
#
sysname router-r1
#
interface GigabitEthernet0/0/0
 ip address 172.16.1.1 255.255.255.0
#
interface GigabitEthernet0/0/1
 ip address 172.16.2.1 255.255.255.0
#
interface GigabitEthernet0/0/2
 ip address 61.186.142.1 255.255.255.0
#
interface GigabitEthernet0/0/3
#
wlan
#
interface NULL0
#
ospf 1
 area 0.0.0.0
  network 172.16.1.0 0.0.0.255
  network 172.16.2.0 0.0.0.255
#
ip route-static 0.0.0.0 0.0.0.0 61.186.142.254
#
return
<router-r1>

六、验证配置

在PC通过ping及tracer命令验证，在核心和接入层通过shutdown 命令模拟线路断开验证。