搭建数据中心网络
搭建数据中心网络端口聚合+MSTP+VRRP
实验拓扑
MSTP 可阻塞二层网络中的冗余链路,将网络修剪成树状,达到消除环路的目的。同时在SW1 和 SW2 上配置 VRRP,PC1 以 SW1 为默认网关接入 Internet,SW2 作为备份网关;PC3 以 SW2 为默认网关接入 Internet,SW1 作为备份网关,以实现可靠性及流量的负载分担。
SW1 交换机:配置 vlan2 地址为 172.16.2.253/24,配置 vlan7 地址为 172.16.7.253/24。
SW2 交换机:配置 vlan2 地址为 172.16.2.252/24,配置 vlan7 地址为 172.16.7.252/24。
VRRP 配置 vlan2 用户网络虚拟网关为 172.16.2.254,配置 vlan7 用户网络虚拟网关为172.16.7.254。
- 拓扑图案例中数据中心拓扑图。注意:防火墙使用 USG5500。
配置 Cloud
增加 UDP 端口
添加物理机虚拟网卡
添加成功的虚拟网卡,192.168.20.1 为当前虚拟网卡地址
添加端口映射添加端口映射,入端口编号为 UDP 端口编号,出端口编号为虚拟网卡编号,勾选“双向通道”复选框,单击下方“增加”按钮。可以在端口映射表中查看添加的端口映射关系
连接 Cloud 和防火墙如图 2-11-6 所示,这时 Cloud 将有一个 GE0/0/1 端口,连接至防火墙的 GE0/0/1 端口。
设备配置
FW 防火墙配置
[SRG]sysname FW1
[FW1]interface GigabitEthernet 0/0/0
[FW1-GigabitEthernet0/0/0]ip address 192.168.2.1 24
[FW1-GigabitEthernet0/0/0]quit
[FW1]interface GigabitEthernet 0/0/1
[FW1-GigabitEthernet0/0/1]ip address 192.168.3.1 24
[FW1-GigabitEthernet0/0/1]quit
[FW1]interface GigabitEthernet 0/0/2
[FW1-GigabitEthernet0/0/2]ip address 192.168.20.9 24
[FW1]firewall zone trust
[FW1-zone-trust]add interface GigabitEthernet 0/0/0
[FW1-zone-trust]add interface GigabitEthernet 0/0/1
[FW1-zone-trust]quit
[FW1]firewall zone untrust
[FW1-zone-untrust]add interface GigabitEthernet 0/0/2
[FW1-zone-untrust]quit
[FW1]policy interzone trust untrust outbound
[FW1-policy-interzone-trust-untrust-outbound]policy 0
[FW1-policy-interzone-trust-untrust-outbound-0]action permit
[FW1-policy-interzone-trust-untrust-outbound-0]policy source 172.16.2.0 0.0.0.255
[FW1-policy-interzone-trust-untrust-outbound-0]policy source 172.16.7.0 0.0.0.255
[FW1-policy-interzone-trust-untrust-outbound-0]quit
[FW1-policy-interzone-trust-untrust-outbound]quit
[FW1]nat-policy interzone trust untrust outbound
[FW1-nat-policy-interzone-trust-untrust-outbound]policy 1
[FW1-nat-policy-interzone-trust-untrust-outbound-1]action source-nat
[FW1-nat-policy-interzone-trust-untrust-outbound-1]policy source 172.16.2.0 0.0.0.255
[FW1-nat-policy-interzone-trust-untrust-outbound-1]policy source 172.16.7.0 0.0.0.255
[FW1-nat-policy-interzone-trust-untrust-outbound-1]easy-ip GigabitEthernet 0/0/2
[FW1-nat-policy-interzone-trust-untrust-outbound-1]quit
[FW1-nat-policy-interzone-trust-untrust-outbound]quit
[FW1]ip route-static 0.0.0.0 0 192.168.20.1
[FW1]ospf 1
[FW1-ospf-1]default-route-advertise always cost 200 type 1
[FW1-ospf-1]area 0
[FW1-ospf-1-area-0.0.0.0]network 192.168.2.0 0.0.0.255
[FW1-ospf-1-area-0.0.0.0]network 192.168.3.0 0.0.0.255
SW1 交换机配置
<Huawei>system-view
[Huawei]sysname SW1
[SW1]vlan batch 2 7 102 103
[SW1]interface Vlanif 102
[SW1-Vlanif102]ip address 192.168.2.2 24
[SW1-Vlanif102]quit
[SW1]interface GigabitEthernet 0/0/4
[SW1-GigabitEthernet0/0/4]port link-type access
[SW1-GigabitEthernet0/0/4]port default vlan 102
[SW1-GigabitEthernet0/0/4]quit
[SW1]interface GigabitEthernet 0/0/1
[SW1-GigabitEthernet0/0/1]port link-type trunk
[SW1-GigabitEthernet0/0/1]port trunk allow-pass vlan 2 7 102 103
[SW1-GigabitEthernet0/0/1]quit
[SW1]interface GigabitEthernet 0/0/3
[SW1-GigabitEthernet0/0/3]port link-type trunk
[SW1-GigabitEthernet0/0/3]port trunk allow-pass vlan 2 7 102 103
[SW1-GigabitEthernet0/0/3]quit
[SW1]interface Eth-Trunk0
[SW1-Eth-Trunk0] port link-type trunk
[SW1-Eth-Trunk0]port trunk allow-pass vlan 2 7 102 to 103
[SW1-Eth-Trunk0]trunkport GigabitEthernet 0/0/2
[SW1-Eth-Trunk0]trunkport GigabitEthernet 0/0/5
[SW1]interface Vlanif 2
[SW1-Vlanif2]ip address 172.16.2.253 24
[SW1-Vlanif2]vrrp vrid 1 virtual-ip 172.16.2.254
[SW1-Vlanif2]vrrp vrid 1 priority 120
[SW1-Vlanif2]vrrp vrid 1 track interface GigabitEthernet 0/0/4 reduced 15
[SW1-Vlanif2]vrrp vrid 1 track interface Eth-Trunk 0 reduced 15
[SW1-Vlanif2]quit
[SW1]interface Vlanif 7
[SW1-Vlanif7]ip address 172.16.7.253 24
[SW1-Vlanif7]vrrp vrid 2 virtual-ip 172.16.7.254
[SW1-Vlanif7]quit
[SW1]ip route-static 0.0.0.0 0 192.168.2.1
[SW1]stp region-configuration
[SW1-mst-region]region-name RG1
[SW1-mst-region]instance 1 vlan 2
[SW1-mst-region]instance 2 vlan 7
[SW1-mst-region]active region-configuration
[SW1-mst-region]quit
[SW1]stp instance 1 root primary
[SW1]stp instance 2 root secondary
[SW1]stp pathcost-standard legacy
[SW1]stp enable
[SW1]ospf 1
[SW1-ospf-1]area 0
[SW1-ospf-1-area-0.0.0.0]network 192.168.2.0 0.0.0.255
[SW1-ospf-1-area-0.0.0.0]network 172.16.2.0 0.0.0.255
[SW1-ospf-1-area-0.0.0.0]network 172.16.7.0 0.0.0.255
SW2 交换机配置
<Huawei>system-view
[Huawei]sysname SW2
[SW2]vlan batch 2 7 102 103
[SW2]interface GigabitEthernet 0/0/4
[SW2-GigabitEthernet0/0/4]port link-type access
[SW2-GigabitEthernet0/0/4]port default vlan 103
[SW2-GigabitEthernet0/0/4]quit
[SW2]interface GigabitEthernet 0/0/1
[SW2-GigabitEthernet0/0/1]port link-type trunk
[SW2-GigabitEthernet0/0/1]port trunk allow-pass vlan 2 7 102 103
[SW2-GigabitEthernet0/0/1]quit
[SW2]interface GigabitEthernet 0/0/3
[SW2-GigabitEthernet0/0/3]port link-type trunk
[SW2-GigabitEthernet0/0/3]port trunk allow-pass vlan 2 7 102 103
[SW2-GigabitEthernet0/0/3]quit
[SW2]interface Eth-Trunk 0
[SW2-Eth-Trunk0]port link-type trunk
[SW2-Eth-Trunk0]port trunk allow-pass vlan 2 7 102 to 103
[SW2-Eth-Trunk0]trunkport GigabitEthernet 0/0/2
[SW2-Eth-Trunk0]trunkport GigabitEthernet 0/0/5
[SW2]interface Vlanif 103
[SW2-Vlanif103]ip address 192.168.3.2 24
[SW2-Vlanif103]quit
[SW2]interface Vlanif 2
[SW2-Vlanif2]ip address 172.16.2.252 24
[SW2-Vlanif2]vrrp vrid 1 virtual-ip 172.16.2.254
[SW2-Vlanif2]quit
[SW2]interface Vlanif 7
[SW2-Vlanif7]ip address 172.16.7.252 24
[SW2-Vlanif7]vrrp vrid 2 virtual-ip 172.16.7.254
[SW2-Vlanif7]vrrp vrid 2 priority 120
[SW2-Vlanif7]vrrp vrid 2 track interface GigabitEthernet 0/0/4 reduced 15
[SW2-Vlanif7]vrrp vrid 2 track interface Eth-Trunk 0 reduced 15
[SW2-Vlanif7]quit
[SW2]ip route-static 0.0.0.0 0 192.168.3.1
[SW2]stp region-configuration
[SW2-mst-region]region-name RG1
[SW2-mst-region]instance 1 vlan 2
[SW2-mst-region]instance 2 vlan 7
[SW2-mst-region]active region-configuration
[SW2-mst-region]quit
[SW2]stp instance 1 root secondary
[SW2]stp instance 2 root primary
[SW2]stp pathcost-standard legacy
[SW2]stp enable
[SW2]ospf 1
[SW2-ospf-1]area 0
[SW2-ospf-1-area-0.0.0.0]network 192.168.3.0 0.0.0.255
[SW2-ospf-1-area-0.0.0.0]network 172.16.2.0 0.0.0.255
[SW2-ospf-1-area-0.0.0.0]network 172.16.7.0 0.0.0.255
SW3 交换机配置
<Huawei>system-view
[Huawei]sysname SW3
[SW3]vlan batch 2 7 102 103
[SW3]interface GigabitEthernet 0/0/1
[SW3-GigabitEthernet0/0/1]port link-type trunk
[SW3-GigabitEthernet0/0/1]port trunk allow-pass vlan 2 7 102 103
[SW3-GigabitEthernet0/0/1]quit
[SW3]interface GigabitEthernet 0/0/2
[SW3-GigabitEthernet0/0/2]port link-type trunk
[SW3-GigabitEthernet0/0/2]port trunk allow-pass vlan 2 7 102 103
[SW3-GigabitEthernet0/0/2]quit
[SW3]interface GigabitEthernet 0/0/3
[SW3-GigabitEthernet0/0/3]port link-type access
[SW3-GigabitEthernet0/0/3]port default vlan 2
[SW3-GigabitEthernet0/0/3]quit
[SW3]interface GigabitEthernet 0/0/4
[SW3-GigabitEthernet0/0/4]port link-type access
[SW3-GigabitEthernet0/0/4]port default vlan 7
[SW3-GigabitEthernet0/0/4]quit
[SW3]stp region-configuration
[SW3-mst-region]region-name RG1
[SW3-mst-region]instance 1 vlan 2
[SW3-mst-region]instance 2 vlan 7
[SW3-mst-region]active region-configuration
[SW3-mst-region]quit
[SW3]stp enable
SW4 交换机配置
<Huawei>system-view
[Huawei]sysname SW4
[SW4]vlan batch 2 7 102 103
[SW4]interface GigabitEthernet 0/0/1
[SW4-GigabitEthernet0/0/1]port link-type trunk
[SW4-GigabitEthernet0/0/1]port trunk allow-pass vlan 2 7 102 103
[SW4-GigabitEthernet0/0/1]quit
[SW4]interface GigabitEthernet 0/0/2
[SW4-GigabitEthernet0/0/2]port link-type trunk
[SW4-GigabitEthernet0/0/2]port trunk allow-pass vlan 2 7 102 103
[SW4-GigabitEthernet0/0/2]quit
[SW4]interface GigabitEthernet 0/0/3
[SW4-GigabitEthernet0/0/3]port link-type access
[SW4-GigabitEthernet0/0/3]port default vlan 2
[SW4-GigabitEthernet0/0/3]quit
[SW4]interface GigabitEthernet 0/0/4
[SW4-GigabitEthernet0/0/4]port link-type access
[SW4-GigabitEthernet0/0/4]port default vlan 7
[SW4-GigabitEthernet0/0/4]quit
[SW4]stp region-configuration
[SW4-mst-region]region-name RG1
[SW4-mst-region]instance 1 vlan 2
[SW4-mst-region]instance 2 vlan 7
[SW4-mst-region]active region-configuration
[SW4-mst-region]quit
[SW4]stp enable
查看信息
(1)查看 SW1 交换机 VRRP 信息在 SW1 交换机中,通过命令查看 VRRP 信息,可以 vlan2 的虚拟网关在 SW1 交换机中,SW1 为 vlan2 的主节点,vlan7 的虚拟网关在 SW2 交换机中,SW1 为 vlan7 的备份节点。
[SW1]display vrrp
Vlanif2 | Virtual Router 1
State : Master
Virtual IP : 172.16.2.254
Master IP : 172.16.2.253
PriorityRun : 120
PriorityConfig : 120
MasterPriority : 120
Preempt : YES Delay Time : 0 s
TimerRun : 1 s
TimerConfig : 1 s
Auth type : NONE
Virtual MAC : 0000-5e00-0101
Check TTL : YES
Config type : normal-vrrp
Track IF : GigabitEthernet0/0/4 Priority reduced : 15
IF state : UP
Track IF : Eth-Trunk0 Priority reduced : 15
IF state : UP
Create time : 2019-10-10 15:24:48 UTC-08:00
Last change time : 2019-10-10 16:40:57 UTC-08:00
Vlanif7 | Virtual Router 2
State : Backup
Virtual IP : 172.16.7.254
Master IP : 172.16.7.252
PriorityRun : 100
PriorityConfig : 100
MasterPriority : 120
Preempt : YES Delay Time : 0 s
TimerRun : 1 s
TimerConfig : 1 s
Auth type : NONE
Virtual MAC : 0000-5e00-0102
Check TTL : YES
Config type : normal-vrrp
Create time : 2019-10-10 15:30:59 UTC-08:00
Last change time : 2019-10-10 15:55:53 UTC-08:00
(2)查看 SW2 交换机 VRRP 信息进入 SW2 交换机中,通过命令查看 VRRP 信息,可以查看到 SW2 交换机为 vlan2 的备份节点,为 vlan7 的主节点。
[SW2]display vrrp
Vlanif2 | Virtual Router 1
State : Backup
Virtual IP : 172.16.2.254
Master IP : 172.16.2.253
PriorityRun : 100
PriorityConfig : 100
MasterPriority : 120
Preempt : YES Delay Time : 0 s
TimerRun : 1 s
TimerConfig : 1 s
Auth type : NONE
Virtual MAC : 0000-5e00-0101
Check TTL : YES
Config type : normal-vrrp
Create time : 2019-10-10 15:54:37 UTC-08:00
Last change time : 2019-10-10 16:40:57 UTC-08:00
Vlanif7 | Virtual Router 2 State : Master
Virtual IP : 172.16.7.254
Master IP : 172.16.7.252
PriorityRun : 120
PriorityConfig : 120
MasterPriority : 120
Preempt : YES Delay Time : 0 s
TimerRun : 1 s
TimerConfig : 1 s
Auth type : NONE
Virtual MAC : 0000-5e00-0102
Check TTL : YES
Config type : normal-vrrp
Track IF : GigabitEthernet0/0/4 Priority reduced : 15
IF state : UP
Track IF : Eth-Trunk0 Priority reduced : 15
IF state : UP
Create time : 2019-10-10 15:55:46 UTC-08:00
Last change time : 2019-10-10 15:55:53 UTC-08:00
PC 访问链路查看(1)配置 PC1 地址打开 PC1 电脑,配置 IP 地址,网关设置 vlan2 网段 VIP 地址为 172.16.2.254
PC1 访问外网
选择命令行模式,通过 PING 命令访问外网地址,可以检测连通状态。通过 tracert 命令,查看通信过程所经过的地址,可以看出 PC1 经过 172.16.2.253 再转发出去。
配置 PC3 地址
打开 PC3 电脑,配置 IP 地址,网关设置 vlan2 网段 VIP 地址为 172.16.2.254
浙公网安备 33010602011771号