STP(Spanning Tree Protocol),是生成树协议的缩写。在实际的网络环境中,通过物理链路备份可以实现链路的冗余,从而提高网络的可靠性。但是,交换网络会形成一个环路,根据交换机的转发原理(交换机向除接收端口之外的所有端口转发广播帧),会形成广播风暴,导致网络瘫痪。而STP协议正是用来解决二层环路的,STP协议通过一些特定的算法,在逻辑上阻塞一些端口,把一个环形的结构改变成一个逻辑上的树形结构,当正常通信的线路出现故障时,被阻塞的端口会被重新激活,使数据能够从这条线路上正常传输。此协议在Cisco交换机上默认为开启。 HSRP(Hot Standby Router Protocol),热备份路由选择协议,是思科的一种私有协议。该协议中有多台路由器,对应一个HSPR组,该组只有一台路由器承担转发用户流量的职责,称为活跃路由器(路由器优先级最高,通常手工指定),另一台为备份路由器。当活跃路由器失效时,备份路由器将承担所有流量的转发,成为新的活跃路由器,这就是热备份的原理。 示例:公司内部网络拓朴图如下:架构说明:1)IP规划:vlan 10:172.16.10.0/24 网关:172.16.10.253vlan 20:172.16.20.0/24 网关:172.16.20.253vlan 100:172.16.100.0/24 网关:172.16.100.253 (设备管理)2)通过STP和HSRP实现VLAN间的负载均衡,奇数开始的VLAN以SW1为活跃路由器,以SW2为备份免费云主机域名路由器。偶数开始的VLAN以SW2为活跃路由器,以SW1为备份路由器。即:SW1作为vlan10的活跃路由器,vlan20的备份路由器SW2作为vlan 20的活跃路由器,vlan10的备份路由器
配置如下:1)配置基本信息:ROUTER的配置信息:ROUTER(config)#hostname ROUTERROUTER(config)#int f1/0ROUTER(config-if)#ip add 172.16.1.5 255.255.255.252ROUTER(config-if)#no sh
ROUTER(config-if)#int f0/0ROUTER(config-if)#ip add 172.16.1.2 255.255.255.252ROUTER(config-if)#no sh
ROUTER(config)#ip route 172.16.10.0 255.255.255.0 172.16.1.1ROUTER(config)#ip route 172.16.20.0 255.255.255.0 172.16.1.1ROUTER(config)#ip route 172.16.100.0 255.255.255.0 172.16.1.1ROUTER(config)#ip route 172.16.10.0 255.255.255.0 172.16.1.6ROUTER(config)#ip route 172.16.20.0 255.255.255.0 172.16.1.6ROUTER(config)#ip route 172.16.100.0 255.255.255.0 172.16.1.6ROUTER#wr
SW1的配置信息:SW1(config)#hostname SW1SW1(config)#ip routingSW1(config)#int f1/8SW1(config-if)#no switchportSW1(config-if)#ip add 172.16.1.1 255.255.255.252SW1(config-if)#no sh
SW1(config)#int range f1/5 – 6SW1(config-if-range)#channel-group 1 mode on
SW1(config)#int range port-channel 1 , f1/0 – 1SW1(config-if-range)#sw trunk encapsulation dot1qSW1(config-if-range)#sw mo tr
SW1(config)#vlan 10SW1(config-vlan)#vlan 20SW1(config-vlan)#vlan 100SW1(config)#vtp domain ciscoSW1(config)#vtp password ciscoSW1(config)#vtp mode serverSW1(config)#vtp pruning
SW1(config)#int vlan 100SW1(config-if)#ip add 172.16.100.253 255.255.255.0SW1(config-if)#no shSW1(config)#ip route 0.0.0.0 0.0.0.0 172.16.1.2SW1#wr
SW2的配置信息:SW2(config)#hostname SW2SW2(config)#ip routingSW2(config)#int f1/8SW2(config-if)#no switchportSW2(config-if)#ip add 172.16.1.6 255.255.255.252SW2(config-if)#no sh
SW2(config)#int range f1/5 – 6SW2(config-if-range)#channel-group 1 mode on
SW2(config)#int range port-channel 1 , f1/1 – 2SW2(config-if-range)#sw trunk encapsulation dot1qSW2(config-if-range)#sw mo tr
SW2(config)#vtp domain ciscoSW2(config)#vtp password ciscoSW2(config)#vtp mode client
SW2(config)#int vlan 100SW2(config-if)#ip add 172.16.100.2 255.255.255.0SW2(config-if)#no shSW2#wrSW2#sh vlan-swi
VLAN Name Status Ports—- ——————————– ——— ——————————-1 default active Fa1/0, Fa1/3, Fa1/4, Fa1/7 Fa1/9, Fa1/10, Fa1/11, Fa1/12 Fa1/13, Fa1/14, Fa1/1510 VLAN0010 active 20 VLAN0020 active 100 VLAN0100 active …
SW2(config)#ip route 0.0.0.0 0.0.0.0 172.16.1.5SW2#wr
s3的配置信息:s3(config)#int range f1/0 – 1s3(config-if-range)#sw mo tr
s3(config)#vtp domain ciscos3(config)#vtp password ciscos3(config)#vtp mode client
s3(config)#int f1/8s3(config-if)#sw mo acs3(config-if)#sw ac vlan 10
s3(config)#int vlan 100s3(config-if)#ip add 172.16.100.3 255.255.255.0s3(config-if)#no shs3(config)#ip default-gateway 172.16.100.253s3#wrs3#sh vlan-swi
VLAN Name Status Ports—- ——————————– ——— ——————————-1 default active Fa1/2, Fa1/3, Fa1/4, Fa1/5 Fa1/6, Fa1/7, Fa1/9, Fa1/10 Fa1/11, Fa1/12, Fa1/13, Fa1/14 Fa1/1510 VLAN0010 active Fa1/820 VLAN0020 active
s4的配置信息:s4(config)#int range f1/1 – 2s4(config-if-range)#sw mo tr
s4(config)#vtp domain ciscos4(config)#vtp password ciscos4(config)#vtp mode client
s4(config)#int f1/11s4(config-if)#sw mo acs4(config-if)#sw ac vl 20
s4(config)#int vlan 100s4(config-if)#ip add 172.16.100.4 255.255.255.0s4(config-if)#no shs4#wrs4#sh vlan-swi
VLAN Name Status Ports—- ——————————– ——— ——————————-1 default active Fa1/0, Fa1/3, Fa1/4, Fa1/5 Fa1/6, Fa1/7, Fa1/8, Fa1/9 Fa1/10, Fa1/12, Fa1/13, Fa1/14 Fa1/1510 VLAN0010 active 20 VLAN0020 active Fa1/11…
s4#sh vtp statusVTP Version : 2Configuration Revision : 4Maximum VLANs supported locally : 36Number of existing VLANs : 8VTP Operating Mode : ClientVTP Domain Name : ciscoVTP Pruning Mode : EnabledVTP V2 Mode : DisabledVTP Traps Generation : DisabledMD5 digest : 0x03 0xC2 0xA3 0x35 0xCA 0xAA 0x8D 0x32Configuration last modified by 172.16.1.1 at 3-1-02 01:11:32
2)分别在SW1、SW2上配置DHCP服务(完全一致):SW1(config)#ip dhcp pool vlan10SW1(dhcp-config)#network 172.16.10.0 255.255.255.0SW1(dhcp-config)#dns-server 202.96.134.133 8.8.8.8SW1(dhcp-config)#default-router 172.16.10.253SW1(config)#ip dhcp excluded-address 172.16.10.250 172.16.10.254
SW1(config)#ip dhcp pool vlan20SW1(dhcp-config)#network 172.16.20.0 255.255.255.0SW1(dhcp-config)#dns-server 202.96.134.133 8.8.8.8SW1(dhcp-config)#default-router 172.16.20.253SW1(config)#ip dhcp excluded-address 172.16.20.250 172.16.20.254SW2#wr
SW1#sh run | sec dhcpno ip dhcp use vrf connectedip dhcp excluded-address 172.16.10.250 172.16.10.254ip dhcp excluded-address 172.16.20.250 172.16.20.254ip dhcp pool vlan10 network 172.16.10.0 255.255.255.0 dns-server 202.96.134.133 8.8.8.8 default-router 172.16.10.253ip dhcp pool vlan20 network 172.16.20.0 255.255.255.0 dns-server 202.96.134.133 8.8.8.8 default-router 172.16.10.253
3)配置HSRP:SW1配置:SW1(config)#int vlan 10SW1(config-if)#ip add 172.16.10.250 255.255.255.0 SW1(config-if)#no shSW1(config-if)#standby 10 ip 172.16.10.253#配置虚拟IPSW1(config-if)#standby 10 priority 150#配置优先级SW1(config-if)#standby 10 preempt#配置占先权SW1(config-if)#standby 10 track f1/8 100 #配置端口跟踪SW1(config-if)#standby 10 track port-channel 1 100
SW1(config)#int vlan 20SW1(config-if)#ip add 172.16.20.250 255.255.255.0SW1(config-if)#no shSW1(config-if)#standby 20 ip 172.16.20.253#作为vlan20的备份路由器,优先级SW1(config-if)#standby 20 preempt默认为100,并且不需要配置端口跟踪
SW1(config-if)#int vlan 100SW1(config-if)#ip add 172.16.100.253 255.255.255.0SW1(config-if)#no shSW1#wr
SW2的配置:SW2(config)#int vlan 10SW2(config-if)#ip add 172.16.10.251 255.255.255.0SW2(config-if)#no shSW2(config-if)#standby 10 ip 172.16.10.253SW2(config-if)#standby 10 preempt
SW2(config)#int vlan 20SW2(config-if)#ip add 172.16.20.251 255.255.255.0SW2(config-if)#no shSW2(config-if)#standby 20 ip 172.16.20.253SW2(config-if)#standby 20 priority 150SW2(config-if)#standby 20 preemptSW2(config-if)#standby 20 track f1/8 100SW2(config-if)#standby 20 track port-channel 1 100SW2#wr
SW1#sh standby b #在SW1上验证 P indicates configured to preempt. |Interface Grp Pri P State Active Standby Virtual IPVl10 10 150 P Active local 172.16.10.251 172.16.10.253Vl20 20 100 P Standby 172.16.20.251 local 172.16.20.253Vl100 10 100 Init unknown unknown 172.16.10.254
SW2#sh standby b #在SW2上验证 P indicates configured to preempt. |Interface Grp Pri P State Active Standby Virtual IPVl10 10 100 P Standby 172.16.10.250 local 172.16.10.253Vl20 20 150 P Active local 172.16.20.250 172.16.20.253
4)配置STP,实现VLAN间的负载均衡:SW1(config)#spanning-tree vlan 10 root primarySW1(config)#spanning-tree vlan 20 root secondarySW1#wr
SW2(config)#spanning-tree vlan 20 root primarySW2(config)#spanning-tree vlan 10 root secondarySW2#wr
在SW1上查看STP信息,可见SW1是VLAN10的根网桥,是VLAN20的备份根桥。SW1#sh spanning-tree briefVLAN10 Spanning tree enabled protocol ieee Root ID Priority 8192 Address c006.1e3c.0001 This bridge is the root Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 8192 Address c006.1e3c.0001 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Aging Time 300
Interface DesignatedName Port ID Prio Cost Sts Cost Bridge ID Port ID——————– ——- —- —– — —– ——————– ——-FastEthernet1/0 128.41 128 19 FWD 0 8192 c006.1e3c.0001 128.41FastEthernet1/1 128.42 128 19 FWD 0 8192 c006.1e3c.0001 128.42Port-channel1 129.65 128 12 FWD 0 8192 c006.1e3c.0001 129.65
在s3上查看,可见f1/1的端口被阻塞s3#sh spanning-tree vlan 10…Port 42 (FastEthernet1/1) of VLAN10 is blocking Port path cost 19, Port priority 128, Port Identifier 128.42. Designated root has priority 8192, address c006.1e3c.0001 Designated bridge has priority 16384, address c007.1e3c.0001 Designated port id is 128.42, designated path cost 12 Timers: message age 3, forward delay 0, hold 0 Number of transitions to forwarding state: 0 BPDU: sent 2, received 2298…
5)配置远程SSH管理:SW1(config)#ip domain-name cisco SW1(config)#username best password best1SW1(config)#crypto key generate rsa general-keys modulus 1024SW1(config)#ip ssh version 2SW1(config)#enable secret ciscoSW1(config)#access-list 1 permit 172.16.20.0 0.0.0.255SW1(config)#line vty 0 4SW1(config-line)#login localSW1(config-line)#access-class 1 inSW1(config-line)#transport input sshSW1#wr
在客户端远程登陆:R6#ssh -l best 172.16.100.253
Password:
SW1>enPassword:SW1#sh ip int bInterface IP-Address OK? Method Status ProtocolFastEthernet0/0 unassigned YES unset administratively down down FastEthernet0/1 unassigned YES unset administratively down down FastEthernet1/0 unassigned YES unset up up
各类证书由于存储的内容不同(如是否包含公钥/私钥是否加密存储/单一证书或多证书等)、采用编码不同(DER/BASE64)、标准不同(如PEM/PKCS),所以尽管X.509标准规定了证书内容规范,但证书文件还是五花八门。 在实际应用中经常会要求进行证书格式转化…
免责声明:本站发布的图片视频文字,以转载和分享为主,文章观点不代表本站立场,本站不承担相关法律责任;如果涉及侵权请联系邮箱:360163164@qq.com举报,并提供相关证据,经查实将立刻删除涉嫌侵权内容。
微信扫一扫 
