In addition to Weibo, there is also WeChat
Please pay attention
WeChat public account
Shulou
2025-01-19 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Network Security >
Share
Shulou(Shulou.com)06/01 Report--
STP (Spanning Tree Protocol) is the abbreviation of spanning Tree Protocol. In the actual network environment, physical link backup can achieve link redundancy, thus improving the reliability of the network. However, the switched network forms a loop, which can cause a broadcast storm and paralyze the network according to the forwarding principle of the switch (the switch forwards broadcast frames to all ports except the receiving port). The STP protocol is used to solve the layer 2 loop. Through some specific algorithms, the STP protocol logically blocks some ports and changes a ring structure into a logical tree structure. When the normal communication line fails, the blocked port will be reactivated, so that the data can be transmitted normally from this line. This protocol is enabled by default on the Cisco switch.
HSRP (Hot Standby Router Protocol), a hot backup routing protocol, is a proprietary protocol of Cisco. There are multiple routers in this protocol, corresponding to a HSPR group, in which only one router is responsible for forwarding user traffic, which is called an active router (the router has the highest priority and is usually specified manually), and the other is a backup router. When the active router fails, the backup router will bear the forwarding of all traffic and become the new active router, which is the principle of hot backup.
Example: the topology of the company's internal network is as follows:
Architecture description:
1) IP planning:
Vlan 10Plus 172.16.10.Universe 24 Gateway: 172.16.10.253
Vlan 20Plus 172.16.20.0 Universe 24 Gateway: 172.16.20.253
Vlan 100Plus 172.16.100.0 Universe 24 Gateway: 172.16.100.253 (device Management)
2) load balancing between VLAN is realized through STP and HSRP. For odd-numbered VLAN, SW1 is the active router and SW2 is the backup router. An even number of VLAN starts with SW2 as the active router and SW1 as the backup router. That is:
SW1 is the active router of vlan10 and the backup router of vlan20.
SW2 is the active router of vlan 20 and the backup router of vlan10.
The configuration is as follows:
1) basic configuration information:
Configuration information for ROUTER:
ROUTER (config) # hostname ROUTER
ROUTER (config) # int f1and0
ROUTER (config-if) # ip add 172.16.1.5 255.255.255.252
ROUTER (config-if) # no sh
ROUTER (config-if) # int f0and0
ROUTER (config-if) # ip add 172.16.1.2 255.255.255.252
ROUTER (config-if) # no sh
ROUTER (config) # ip route 172.16.10.0 255.255.255.0 172.16.1.1
ROUTER (config) # ip route 172.16.20.0 255.255.255.0 172.16.1.1
ROUTER (config) # ip route 172.16.100.0 255.255.255.0 172.16.1.1
ROUTER (config) # ip route 172.16.10.0 255.255.255.0 172.16.1.6
ROUTER (config) # ip route 172.16.20.0 255.255.255.0 172.16.1.6
ROUTER (config) # ip route 172.16.100.0 255.255.255.0 172.16.1.6
ROUTER#wr
Configuration information for SW1:
SW1 (config) # hostname SW1
SW1 (config) # ip routing
SW1 (config) # int f1and8
SW1 (config-if) # no switchport
SW1 (config-if) # ip add 172.16.1.1 255.255.255.252
SW1 (config-if) # no sh
SW1 (config) # int range f1amp 5-6
SW1 (config-if-range) # channel-group 1 mode on
SW1 (config) # int range port-channel 1, f1max 0-1
SW1 (config-if-range) # sw trunk encapsulation dot1q
SW1 (config-if-range) # sw mo tr
SW1 (config) # vlan 10
SW1 (config-vlan) # vlan 20
SW1 (config-vlan) # vlan 100
SW1 (config) # vtp domain cisco
SW1 (config) # vtp password cisco
SW1 (config) # vtp mode server
SW1 (config) # vtp pruning
SW1 (config) # int vlan 100
SW1 (config-if) # ip add 172.16.100.253 255.255.255.0
SW1 (config-if) # no sh
SW1 (config) # ip route 0.0.0.0 0.0.0.0 172.16.1.2
SW1#wr
Configuration information for SW2:
SW2 (config) # hostname SW2
SW2 (config) # ip routing
SW2 (config) # int f1and8
SW2 (config-if) # no switchport
SW2 (config-if) # ip add 172.16.1.6 255.255.255.252
SW2 (config-if) # no sh
SW2 (config) # int range f1amp 5-6
SW2 (config-if-range) # channel-group 1 mode on
SW2 (config) # int range port-channel 1, f1max 1-2
SW2 (config-if-range) # sw trunk encapsulation dot1q
SW2 (config-if-range) # sw mo tr
SW2 (config) # vtp domain cisco
SW2 (config) # vtp password cisco
SW2 (config) # vtp mode client
SW2 (config) # int vlan 100
SW2 (config-if) # ip add 172.16.100.2 255.255.255.0
SW2 (config-if) # no sh
SW2#wr
SW2#sh vlan-swi
VLAN Name Status Ports
1 default active Fa1/0, Fa1/3, Fa1/4, Fa1/7
Fa1/9, Fa1/10, Fa1/11, Fa1/12
Fa1/13, Fa1/14, Fa1/15
10 VLAN0010 active
20 VLAN0020 active
100 VLAN0100 active
...
SW2 (config) # ip route 0.0.0.0 0.0.0.0 172.16.1.5
SW2#wr
Configuration information of S3:
S3 (config) # int range f1UP 0-1
S3 (config-if-range) # sw mo tr
S3 (config) # vtp domain cisco
S3 (config) # vtp password cisco
S3 (config) # vtp mode client
S3 (config) # int f1max 8
S3 (config-if) # sw mo ac
S3 (config-if) # sw ac vlan 10
S3 (config) # int vlan 100
S3 (config-if) # ip add 172.16.100.3 255.255.255.0
S3 (config-if) # no sh
S3 (config) # ip default-gateway 172.16.100.253
S3#wr
S3#sh vlan-swi
VLAN Name Status Ports
1 default active Fa1/2, Fa1/3, Fa1/4, Fa1/5
Fa1/6, Fa1/7, Fa1/9, Fa1/10
Fa1/11, Fa1/12, Fa1/13, Fa1/14
Fa1/15
10 VLAN0010 active Fa1/8
20 VLAN0020 active
Configuration information of S4:
S4 (config) # int range f1max 1-2
S4 (config-if-range) # sw mo tr
S4 (config) # vtp domain cisco
S4 (config) # vtp password cisco
S4 (config) # vtp mode client
S4 (config) # int f1max 11
S4 (config-if) # sw mo ac
S4 (config-if) # sw ac vl 20
S4 (config) # int vlan 100
S4 (config-if) # ip add 172.16.100.4 255.255.255.0
S4 (config-if) # no sh
S4#wr
S4#sh vlan-swi
VLAN Name Status Ports
1 default active Fa1/0, Fa1/3, Fa1/4, Fa1/5
Fa1/6, Fa1/7, Fa1/8, Fa1/9
Fa1/10, Fa1/12, Fa1/13, Fa1/14
Fa1/15
10 VLAN0010 active
20 VLAN0020 active Fa1/11
...
S4#sh vtp status
VTP Version: 2
Configuration Revision: 4
Maximum VLANs supported locally: 36
Number of existing VLANs: 8
VTP Operating Mode: Client
VTP Domain Name: cisco
VTP Pruning Mode: Enabled
VTP V2 Mode: Disabled
VTP Traps Generation: Disabled
MD5 digest: 0x03 0xC2 0xA3 0x35 0xCA 0xAA 0x8D 0x32
Configuration last modified by 172.16.1.1 at 3-1-02 01:11:32
2) configure DHCP service on SW1 and SW2 (exactly the same):
SW1 (config) # ip dhcp pool vlan10
SW1 (dhcp-config) # network 172.16.10.0 255.255.255.0
SW1 (dhcp-config) # dns-server 202.96.134.133 8.8.8.8
SW1 (dhcp-config) # default-router 172.16.10.253
SW1 (config) # ip dhcp excluded-address 172.16.10.250 172.16.10.254
SW1 (config) # ip dhcp pool vlan20
SW1 (dhcp-config) # network 172.16.20.0 255.255.255.0
SW1 (dhcp-config) # dns-server 202.96.134.133 8.8.8.8
SW1 (dhcp-config) # default-router 172.16.20.253
SW1 (config) # ip dhcp excluded-address 172.16.20.250 172.16.20.254
SW2#wr
SW1#sh run | sec dhcp
No ip dhcp use vrf connected
Ip dhcp excluded-address 172.16.10.250 172.16.10.254
Ip dhcp excluded-address 172.16.20.250 172.16.20.254
Ip dhcp pool vlan10
Network 172.16.10.0 255.255.255.0
Dns-server 202.96.134.133 8.8.8.8
Default-router 172.16.10.253
Ip dhcp pool vlan20
Network 172.16.20.0 255.255.255.0
Dns-server 202.96.134.133 8.8.8.8
Default-router 172.16.10.253
3) configure HSRP:
SW1 configuration:
SW1 (config) # int vlan 10
SW1 (config-if) # ip add 172.16.10.250 255.255.255.0
SW1 (config-if) # no sh
SW1 (config-if) # standby 10 ip 172.16.10.253 # configure virtual IP
SW1 (config-if) # standby 10 priority 150 # configure priority
SW1 (config-if) # standby 10 preempt # configuration preemptive
SW1 (config-if) # standby 10 track F1 Plus 8 100 # configure Port tracking
SW1 (config-if) # standby 10 track port-channel 1 100
SW1 (config) # int vlan 20
SW1 (config-if) # ip add 172.16.20.250 255.255.255.0
SW1 (config-if) # no sh
SW1 (config-if) # standby 20 ip 172.16.20.253 # as the backup router for vlan20, priority
SW1 (config-if) # standby 20 preempt defaults to 100and port tracking is not required
SW1 (config-if) # int vlan 100
SW1 (config-if) # ip add 172.16.100.253 255.255.255.0
SW1 (config-if) # no sh
SW1#wr
Configuration of SW2:
SW2 (config) # int vlan 10
SW2 (config-if) # ip add 172.16.10.251 255.255.255.0
SW2 (config-if) # no sh
SW2 (config-if) # standby 10 ip 172.16.10.253
SW2 (config-if) # standby 10 preempt
SW2 (config) # int vlan 20
SW2 (config-if) # ip add 172.16.20.251 255.255.255.0
SW2 (config-if) # no sh
SW2 (config-if) # standby 20 ip 172.16.20.253
SW2 (config-if) # standby 20 priority 150
SW2 (config-if) # standby 20 preempt
SW2 (config-if) # standby 20 track F1 Plus 8 100
SW2 (config-if) # standby 20 track port-channel 1 100
SW2#wr
SW1#sh standby b # verifies on SW1
P indicates configured to preempt.
| |
Interface Grp Pri P State Active Standby Virtual IP
Vl10 10 150 P Active local 172.16.10.251 172.16.10.253
Vl20 20 100 P Standby 172.16.20.251 local 172.16.20.253
Vl100 10 100 Init unknown unknown 172.16.10.254
SW2#sh standby b # verifies on SW2
P indicates configured to preempt.
| |
Interface Grp Pri P State Active Standby Virtual IP
Vl10 10 100 P Standby 172.16.10.250 local 172.16.10.253
Vl20 20 150 P Active local 172.16.20.250 172.16.20.253
4) configure STP to achieve load balancing among VLAN:
SW1 (config) # spanning-tree vlan 10 root primary
SW1 (config) # spanning-tree vlan 20 root secondary
SW1#wr
SW2 (config) # spanning-tree vlan 20 root primary
SW2 (config) # spanning-tree vlan 10 root secondary
SW2#wr
Looking at the STP information on SW1, you can see that SW1 is the root bridge of VLAN10 and the backup root bridge of VLAN20.
SW1#sh spanning-tree brief
VLAN10
Spanning tree enabled protocol ieee
Root ID Priority 8192
Address c006.1e3c.0001
This bridge is the root
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 8192
Address c006.1e3c.0001
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Aging Time 300
Interface Designated
Name Port ID Prio Cost Sts Cost Bridge ID Port ID
FastEthernet1/0 128.41 128 19 FWD 0 8192 c006.1e3c.0001 128.41
FastEthernet1/1 128.42 128 19 FWD 0 8192 c006.1e3c.0001 128.42
Port-channel1 129.65 128 12 FWD 0 8192 c006.1e3c.0001 129.65
Looking at S3, you can see that the port of f1apace 1 is blocked.
S3#sh spanning-tree vlan 10
...
Port 42 (FastEthernet1/1) of VLAN10 is blocking
Port path cost 19, Port priority 128, Port Identifier 128.42.
Designated root has priority 8192, address c006.1e3c.0001
Designated bridge has priority 16384, address c007.1e3c.0001
Designated port id is 128.42, designated path cost 12
Timers: message age 3, forward delay 0, hold 0
Number of transitions to forwarding state: 0
BPDU: sent 2, received 2298
...
5) configure remote SSH management:
SW1 (config) # ip domain-name cisco
SW1 (config) # username best password best1
SW1 (config) # crypto key generate rsa general-keys modulus 1024
SW1 (config) # ip ssh version 2
SW1 (config) # enable secret cisco
SW1 (config) # access-list 1 permit 172.16.20.0 0.0.0.255
SW1 (config) # line vty 0 4
SW1 (config-line) # login local
SW1 (config-line) # access-class 1 in
SW1 (config-line) # transport input ssh
SW1#wr
Log in remotely from the client:
R6#ssh-l best 172.16.100.253
Password:
SW1 > en
Password:
SW1#sh ip int b
Interface IP-Address OK? Method Status Protocol
FastEthernet0/0 unassigned YES unset administratively down down
FastEthernet0/1 unassigned YES unset administratively down down
FastEthernet1/0 unassigned YES unset up up
Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.
Views: 0
*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.
Continue with the installation of the previous hadoop.First, install zookooper1. Decompress zookoope
"Every 5-10 years, there's a rare product, a really special, very unusual product that's the most un
© 2024 shulou.com SLNews company. All rights reserved.
12
Report
