1、新H3C杯——Vlan、MSTP、链路聚合之综合实验(练习)

本文阅读 4 分钟
首页 代码,C/C#/C++ 正文

img

1、PC1的配置:

img

2、PC2的配置

img

3、PC3的配置

img

4、PC4的配置

img

5、SW1的配置:
修改设备名称:
sys
sys SW1

划分vlan,配置trunk
vlan 10
na shichang
port g1/0/3
vlan 20
na xiaoshou
port g1/0/4
vlan 30
na jishu
port g1/0/5
vlan 40
na IT
port g1/0/6
int range g1/0/1 to g1/0/2
port link-type trunk
po tr per vlan 10 20 30 40
undo po tr per vlan 1

配置MSTP:
stp region-configuration
region-name H3C
revision-level 1
instance 1 vlan 10 20
instance 2 vlan 30 40
active region-configuration 

配置边缘端口:
int range g1/0/3 to g1/0/6
stp edged-port
stp bpdu-protection
6、验证SW1的配置:
①、dis vlan br

10        shichang                         GE1/0/1  GE1/0/2  GE1/0/3
20        xiaoshou                         GE1/0/1  GE1/0/2  GE1/0/4
30        jishu                            GE1/0/1  GE1/0/2  GE1/0/5
40        IT                               GE1/0/1  GE1/0/2  GE1/0/6

②、dis port trunk

Interface             PVID    VLAN Passing
GE1/0/1               1       10, 20, 30, 40
GE1/0/2               1       10, 20, 30, 40

③、dis stp region-configuration

 Oper Configuration
   Format selector      : 0
   Region name          : H3C
   Revision level       : 1
   Configuration digest : 0xca136a235706b316c8db8f921067a68f

   Instance  VLANs Mapped
   0         1 to 9, 11 to 19, 21 to 29, 31 to 39, 41 to 4094
   1         10, 20
   2         30, 40
7、SW2的配置:
修改设备名称:
sys
sys SW2

创建vlan:
vlan 10
na shichang
vlan 20
na xiaoshou
vlan 30
na jishu
vlan 40
na IT
int g1/0/3
port link-type trunk
po tr per vlan 10 20 30 40
undo po tr per vlan 1

配置链路聚合:
int Bridge-Aggregation 1
int range g1/0/1 to g1/0/2
port link-aggregation group 1
int Bridge-Aggregation 1
port link-type trunk
port tr per vlan 10 20 30 40
undo po tr per vlan 1

配置MSTP:
stp region-configuration
region-name H3C
revision-level 1
instance 1 vlan 10 20
instance 2 vlan 30 40
active region-configuration 

配置MSTP的实例的主备根桥:
stp instance 1 root secondary
stp instance 2 root primary

配置网关:
int vlan 10
ip add 192.168.1.252 24
int vlan 20
ip add 192.168.2.252 24
int vlan 30
ip add 192.168.3.252 24
int vlan 40
ip add 192.168.4.252 24
8、验证SW2的配置:
①、dis vlan br

10        shichang                         BAGG1  GE1/0/1  GE1/0/2  GE1/0/3
20        xiaoshou                         BAGG1  GE1/0/1  GE1/0/2  GE1/0/3
30        jishu                                BAGG1  GE1/0/1  GE1/0/2  GE1/0/3
40        IT                                    BAGG1  GE1/0/1  GE1/0/2  GE1/0/3

②、dis port trunk

Interface             PVID    VLAN Passing
BAGG1                 1       10, 20, 30, 40
GE1/0/1                1       10, 20, 30, 40
GE1/0/2                1       10, 20, 30, 40
GE1/0/3                1       10, 20, 30, 40

③、dis link-aggregation summary

Aggregation Interface Type:
BAGG -- Bridge-Aggregation, BLAGG -- Blade-Aggregation, RAGG -- Route-Aggregation, SCH-B -- Schannel-Bundle
Aggregation Mode: S -- Static, D -- Dynamic
Loadsharing Type: Shar -- Loadsharing, NonS -- Non-Loadsharing
Actor System ID: 0x8000, 3af8-cff4-0200

AGG        AGG   Partner ID              Selected  Unselected  Individual  Share
Interface  Mode                          Ports     Ports       Ports       Type
--------------------------------------------------------------------------------
BAGG1      S     None                    2         0           0           Shar

④、dis stp region-configuration

 Oper Configuration
   Format selector      : 0
   Region name          : H3C
   Revision level       : 1
   Configuration digest : 0xca136a235706b316c8db8f921067a68f

   Instance  VLANs Mapped
   0         1 to 9, 11 to 19, 21 to 29, 31 to 39, 41 to 4094
   1         10, 20
   2         30, 40

⑤、dis ip int br

*down: administratively down
(s): spoofing  (l): loopback
Interface                Physical Protocol IP Address      Description
MGE0/0/0                 down     down     --              --
Vlan10                   up       up       192.168.1.252   --
Vlan20                   up       up       192.168.2.252   --
Vlan30                   up       up       192.168.3.252   --
Vlan40                   up       up       192.168.4.252   --
9、SW3的配置:
修改设备名称:
sys
sys SW3

创建vlan:
vlan 10
na shichang
vlan 20
na xiaoshou
vlan 30
na jishu
vlan 40
na IT
int g1/0/3
port link-type trunk
po tr per vlan 10 20 30 40
undo po tr per vlan 1

配置链路聚合:
int Bridge-Aggregation 1
int range g1/0/1 to g1/0/2
port link-aggregation group 1
int Bridge-Aggregation 1
port link-type trunk
port tr per vlan 10 20 30 40
undo po tr per vlan 1

配置MSTP:
stp region-configuration
region-name H3C
revision-level 1
instance 1 vlan 10 20
instance 2 vlan 30 40
active region-configuration 

配置MSTP的实例的主备根桥:
stp instance 1 root primary
stp instance 2 root secondary

配置网关:
int vlan 10
ip add 192.168.1.253 24
int vlan 20
ip add 192.168.2.253 24
int vlan 30
ip add 192.168.3.253 24
int vlan 40
ip add 192.168.4.253 24
10、验证SW3配置:
①、dis vlan br

10        shichang                         BAGG1  GE1/0/1  GE1/0/2  GE1/0/3
20        xiaoshou                         BAGG1  GE1/0/1  GE1/0/2  GE1/0/3
30        jishu                            BAGG1  GE1/0/1  GE1/0/2  GE1/0/3
40        IT                               BAGG1  GE1/0/1  GE1/0/2  GE1/0/3

②、dis port trunk

Interface             PVID    VLAN Passing
BAGG1                 1       10, 20, 30, 40
GE1/0/1               1       10, 20, 30, 40
GE1/0/2               1       10, 20, 30, 40
GE1/0/3               1       10, 20, 30, 40

③、dis link-aggregation summary

Aggregation Interface Type:
BAGG -- Bridge-Aggregation, BLAGG -- Blade-Aggregation, RAGG -- Route-Aggregation, SCH-B -- Schannel-Bundle
Aggregation Mode: S -- Static, D -- Dynamic
Loadsharing Type: Shar -- Loadsharing, NonS -- Non-Loadsharing
Actor System ID: 0x8000, 3af8-de89-0300

AGG        AGG   Partner ID              Selected  Unselected  Individual  Share
Interface  Mode                          Ports     Ports       Ports       Type
--------------------------------------------------------------------------------
BAGG1      S     None                    2         0           0           Shar

④、dis stp region-configuration

 Oper Configuration
   Format selector      : 0
   Region name          : H3C
   Revision level       : 1
   Configuration digest : 0xca136a235706b316c8db8f921067a68f

   Instance  VLANs Mapped
   0         1 to 9, 11 to 19, 21 to 29, 31 to 39, 41 to 4094
   1         10, 20
   2         30, 40

⑤、dis ip int br

*down: administratively down
(s): spoofing  (l): loopback
Interface                Physical Protocol IP Address      Description
MGE0/0/0                 down     down     --              --
Vlan10                   up       up       192.168.1.253   --
Vlan20                   up       up       192.168.2.253   --
Vlan30                   up       up       192.168.3.253   --
Vlan40                   up       up       192.168.4.253   --
11、验证MSTP的效果:

//SW1上:实例1的左口阻塞,实例2的右口阻塞

[SW1]dis stp br

 MST ID   Port                                Role  STP State   Protection
 0        GigabitEthernet1/0/1                DESI  FORWARDING  NONE
 0        GigabitEthernet1/0/2                DESI  FORWARDING  NONE
 0        GigabitEthernet1/0/3                DESI  FORWARDING  NONE
 0        GigabitEthernet1/0/4                DESI  FORWARDING  NONE
 0        GigabitEthernet1/0/5                DESI  FORWARDING  NONE
 0        GigabitEthernet1/0/6                DESI  FORWARDING  NONE
 1        GigabitEthernet1/0/1                ALTE  DISCARDING  NONE
 1        GigabitEthernet1/0/2                ROOT  FORWARDING  NONE
 1        GigabitEthernet1/0/3                DESI  FORWARDING  NONE
 1        GigabitEthernet1/0/4                DESI  FORWARDING  NONE
 2        GigabitEthernet1/0/1                ROOT  FORWARDING  NONE
 2        GigabitEthernet1/0/2                ALTE  DISCARDING  NONE
 2        GigabitEthernet1/0/5                DESI  FORWARDING  NONE
 2        GigabitEthernet1/0/6                DESI  FORWARDING  NONE
12、注意事项及其总结:
vlan,mstp,链路聚合:

1.创建VLAN+命名VLAN+把相应的接口加入VLAN
第一种方法:
vlan 10
name shichang
port  g1/0/3
第二种方法:
vlan 20
name xiaoshou
quit
int g1/0/3
port link-type access
port access vlan 10
//配置在哪:在接入层交换机的连接PC的接口处,配置为access口并且加入相应的VLAN


2.配置trunk,并放通相应的vlan流量
int range g1/0/0 to g1/0/1
port link-type trunk
port trunk permit vlan 10 20 30 40
//配置在哪:
在接入层交换机的上行口处配置为trunk口,因为要通过多种VLAN,所以为trunk
在汇聚层交换机的下行口处配置为trunk口,交换机之间配置为trunk口


3.配置链路聚合
①创建聚合口
int  bridge-aggregation 1
quit
②把物理口加入到相应的聚合组
int range g1/0/2 to g1/0/3
port link-aggregation group 1
quit
③在聚合口下配置trunk和放行相关VLAN
int bridge-aggregation 1
port link-type trunk
port trunk permit vlan 10 20 30 40
//配置在哪:汇聚层交换机处

配置链路聚合的注意事项:聚合成功的要求:聚合组中所有物理口的Vlan和接口配置必须一致;聚合口中的Vlan和接口配置必须和物理口的必须一致
//所以要严格按照顺序配置:1.创建聚合口
                 2.把物理口加入到聚合组
                  3.在聚合口下配置Trunk和Vlan相关


4.MSTP配置:
①进入MSTP的域配置
stp region-configuration    //进入域配置
region-name H3C        //配置域名
revision-level 1        //配置修订等级
instance 1 vlan 10 20        //配置实例1,绑定vlan10 20
instance 2 vlan 30 40        //配置实例2,绑定vlan30 40
active region-configuration    //激活域配置
//配置在哪:配置在所有参与VLAN选举的交换机上,SW1、SW2、SW3
(必须配置一致)
②进行配置主备根桥
SW1:
stp instance 1 root primary
stp instance 2 root secondary
SW2:
stp instance 1 root secondary
stp instance 2 root primary
//实例1的主根桥配置在哪:在SW3上配置,对于vlan10 20他们的主根桥在SW3,那么bp就一定不在SW3所相对的接口,
只能在SW1和SW2相连的口上,那么就达到了VLAN10 20走不通SW2,VLAN10 20只能走SW3的效果
//实例2的主根桥配置在哪:在SW2上配置,对于VLAN30 40他们的主根桥在SW2,那么bp就一定不在SW2所相对的接
口,只能在SW1和SW3相连的口上,那么就达到了VLAN 30 40走不通SW3,VLAN30 40只能走通SW2的效果


5.边缘端口的配置:
int range g1/0/3 to g1/0/6
stp edge-port
stp bpdu-protection
//配置在哪:配置在接入层交换机的下行口,也就是接入PC的那个接口
//边缘接口:不参与生成树的计算
//bpdu保护:因为边缘端口,一旦收到真的BPDU(把PC断掉,连接一个交换机)或者假的BPDU(黑客恶意伪造的报
文)报文,就会立刻变为正常的端口,为了防止这个我们设置保护后,一旦收到,就会down掉


6、注意:
1.trunk    树干
2.bridge-aggregation   桥聚合
本文为互联网自动采集或经作者授权后发布,本文观点不代表立场,若侵权下架请联系我们删帖处理!文章出自:https://blog.csdn.net/qq_45555226/article/details/104261535
-- 展开阅读全文 --
KillDefender 的 Beacon 对象文件 PoC 实现
« 上一篇 02-09
Web安全—逻辑越权漏洞(BAC)
下一篇 » 03-13

发表评论

成为第一个评论的人

热门文章

标签TAG

最近回复