拓扑图与题目在本专栏的2016新华三杯复赛实验试题博客中,基础配置不包含(IP地址与vlan划分)
MSTP和VRRP部署
在总部交换机S1,S2上配置MSTP防止二层环路:要求所有数据流经过S1转发,S1失效时经过S2转发,所配置的参数要求如下:
- region-name为H3C
- 实例值为1
- S1作为实例中的主根,S2作为实例中的从根
在S1,S2上配置VRRP,实现主机的网关冗余,所配置的参数要求如下图
VLAN |
VRRP备份组编号 |
VRRP虚拟IP |
VLAN 10 |
10 |
192.0.10.254 |
VLNA 20 |
20 |
192.0.20.254 |
VLAN 30 |
30 |
192.0.30.254 |
VLAN 40 |
40 |
192.0.40.254 |
S1作为所有主机的实际网关,S2作为所有主机的备份网关,其中VRRP各组高优先级为150,低优先级为120
解题:MSTP配置部分
S1与S2配置相同
stp region-configuration
region-name H3C
instance 1 vlan 10 20 30 40
active region-configurationS1命令:stp instance 1 root primary #在实例1中配置为主根
S2命令:stp instance 1 root secondary #在实例1中配置为备根
解题:VRRP配置部分
S1
interface Vlan-interface10
vrrp vrid 10 virtual-ip 192.0.10.254
vrrp vrid 10 priority 150
#
interface Vlan-interface20
vrrp vrid 10 virtual-ip 192.0.20.254
vrrp vrid 10 priority 150
#
interface Vlan-interface30
vrrp vrid 10 virtual-ip 192.0.30.254
vrrp vrid 10 priority 150
#
interface Vlan-interface40
vrrp vrid 10 virtual-ip 192.0.40.254
vrrp vrid 10 priority 150
S2
interface Vlan-interface10
vrrp vrid 10 virtual-ip 192.0.10.254
vrrp vrid 10 priority 120
#
interface Vlan-interface20
vrrp vrid 10 virtual-ip 192.0.20.254
vrrp vrid 10 priority 120
#
interface Vlan-interface30
vrrp vrid 10 virtual-ip 192.0.30.254
vrrp vrid 10 priority 120
#
interface Vlan-interface40
vrrp vrid 10 virtual-ip 192.0.40.254
vrrp vrid 10 priority 120
查看与配置:在S1上查看
QoS部署
因总部与分部间的广域网带宽有限,为了保证关键的应用,需要在设备上配置QoS,使分部(192.0.50.0/24)与总部DNS服务器(192.0.30.200)间的DNS数据包(UDP,端口53)能够被加速转发(EF),最大带宽为链路带宽的10%,所配置的参数要求如下:
- ACL编号3030(匹配DNS数据包),且其rule ID 为10
- classifier名称为DNS
- behavior名称为DNS
- QOS策略名称为DNS
R3
acl advanced 3030
rule 10 permit tcp source 192.0.50.0 0.0.0.255 destination 192.0.30.0 0.0.0.255 destination-port eq 53#
traffic classifier DNS operator and
if-match acl 3030
#
traffic behavior DNS
queue ef bandwidth pct 10 #加速转发(EF),最大带宽为链路带宽的10%
#
qos policy DNS
classifier DNS behavior DNS#
int ran s1/0 s2/0 #同时进入s1/0 s2/0
qos apply policy DNS outbound #出方向调用DNS的qos策略