1.实验拓补图
2.实验要求
1.根据提供材料划分VLAN以及IP地址,PC1/PC2属于生产一部员工划分VLAN10,PC3属于生产二部划分VLAN20
2.HJ-1HJ-2交换机需要配置链路聚合以保证业务数据访问的高带宽需求
3.VLAN的放通遵循最小VLAN透传原则
4.配置MSTP生成树解决二层环路问题,并且为考虑业务数据分流,生产一部流量(VLAN10)数据以HJ-1作为生成树主根/HJ-2作为备份,生产二部流量(vlan20)以HJ-2作为生成树主根/HJ-1作为备份
5.生成树需要配置边缘接口并且配置BPDU保护和BPDU过滤功能保证用户体验
6.配置虚拟路由器冗余VRRP以保证网关冗余,提高业务可靠性部署,HJ-1作为VLAN10主网关/HJ-2作为VLAN20主网关并且互为备份
7.VRRP需要主网关配置上行链路监控(直接监控物理接口)保证上行网络故障业务不中断,配置抢占延迟15s,以应对网络震荡
8.配置单区域OSPF访问互联网
3.VLAN及IP地址规划表
| 设备 | vlan | IP网段 | 网关 | 备注 |
|---|---|---|---|---|
| PC1 | 10 | 192.168.10.0/24 | 192.168.10.254 | 物理网关:HJ-1 192.168.10.1 HJ-2 192.168.10.2 |
| PC2 | 10 | 192.168.10.0/24 | 192.168.10.254 | 物理网关:HJ-1 192.168.10.1 HJ-2 192.168.10.2 |
| PC3 | 20 | 192.168.20.0/24 | 192.168.20.254 | 物理网关:HJ-1 192.168.20.1 HJ-2 192.168.20.2 |
| 路由器 | 1.1.1.0/24 | / | 环回接口1.1.1.1/24 模拟互联网网段 |
链路地址规划
| 链路 | VLAN | IP网段 | IP地址 |
|---|---|---|---|
| HJ-1—CORE | 100 | 192.168.100.0/24 | HJ-1 192.168.100.1 CORE 192.168.100.2 |
| HJ-2—CORE | 200 | 192.168.200.0/24 | HJ-2 192.168.200.1 CORE 192.168.200.2 |
| CORE-路由器 | 110 | 192.168.110.0/24 | CORE 192.168.110.1 路由器 192.168.110.2 |
HJ-1作为VLAN10 根网桥设备同时作为VLAN
10用户网关 HJ-2作为VLAN 20根网桥设备同时作为VLAN 20用户网关
除路由器外,所有设备均按照拓扑标注进行设备命名,如:ACC-1
OSPF Router-ID以设备编号手工命名
| 设备 | RID |
|---|---|
| HJ-1 | 1.1.1.1 |
| HJ-2 | 2.2.2.2 |
| CORE | 3.3.3.3 |
| 路由器 | 4.4.4.4 |
4.设备具体配置
HJ-1:
vlan batch 10 20 100
stp instance 1 root primary
stp instance 2 root secondary
cluster enable
ntdp enable
ndp enable
dhcp enable
diffserv domain default
drop illegal-mac alarm
stp region-configuration
region-name ACC
instance 1 vlan 10
instance 2 vlan 20
active region-configuration
drop-profile default
ip pool vlan10
gateway-list 192.168.10.254
network 192.168.10.0 mask 255.255.255.0
dns-list 8.8.8.8
ip pool vlan20
gateway-list 192.168.20.254
network 192.168.20.0 mask 255.255.255.0
dns-list 8.8.8.8
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password simple admin
local-user admin service-type http
interface Vlanif10
ip address 192.168.10.1 255.255.255.0
vrrp vrid 1 virtual-ip 192.168.10.254
vrrp vrid 1 priority 120
vrrp vrid 1 preempt-mode timer delay 15
vrrp vrid 1 track interface GigabitEthernet0/0/5 reduced 25
dhcp select global
interface Vlanif20
ip address 192.168.20.1 255.255.255.0
vrrp vrid 1 virtual-ip 192.168.20.254
dhcp select global
interface Vlanif100
ip address 192.168.100.1 255.255.255.0
interface Eth-Trunk0
port link-type trunk
port trunk allow-pass vlan 10 20
interface GigabitEthernet0/0/1
eth-trunk 0
interface GigabitEthernet0/0/2
eth-trunk 0
interface GigabitEthernet0/0/3
port link-type trunk
port trunk allow-pass vlan 10 20
interface GigabitEthernet0/0/4
port link-type trunk
port trunk allow-pass vlan 10 20
interface GigabitEthernet0/0/5
port link-type access
port default vlan 100
ospf 1 router-id 1.1.1.1
area 0.0.0.0
network 192.168.10.1 0.0.0.0
ospf 1 router-id 1.1.1.1
area 0.0.0.0
network 192.168.20.1 0.0.0.0
network 192.168.110.1 0.0.0.0
user-interface con 0
user-interface vty 0 4HJ-2:
vlan batch 10 20 200
stp instance 1 root secondary
stp instance 2 root primary
cluster enable
ntdp enable
ndp enable
drop illegal-mac alarm
dhcp enable
diffserv domain default
stp region-configuration
region-name ACC
instance 1 vlan 10
instance 2 vlan 20
active region-configuration
drop-profile default
ip pool vlan10
gateway-list 192.168.10.254
ip pool vlan10
network 192.168.10.0 mask 255.255.255.0
dns-list 8.8.8.8
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password simple admin
local-user admin service-type http
ip pool vlan20
gateway-list 192.168.20.254
network 192.168.20.0 mask 255.255.255.0
dns-list 8.8.8.8
interface Vlanif10
ip address 192.168.10.2 255.255.255.0
vrrp vrid 1 virtual-ip 192.168.10.254
dhcp select global
interface Vlanif20
ip address 192.168.20.2 255.255.255.0
vrrp vrid 1 virtual-ip 192.168.20.254
vrrp vrid 1 priority 120
vrrp vrid 1 preempt-mode timer delay 15
vrrp vrid 1 track interface GigabitEthernet0/0/5 reduced 25
dhcp select global
interface Vlanif200
ip address 192.168.200.1 255.255.255.0
interface Eth-Trunk0
port link-type trunk
port trunk allow-pass vlan 10 20
interface GigabitEthernet0/0/1
eth-trunk 0
interface GigabitEthernet0/0/2
eth-trunk 0
interface GigabitEthernet0/0/3
port link-type trunk
port trunk allow-pass vlan 10 20
interface GigabitEthernet0/0/4
port link-type trunk
port trunk allow-pass vlan 10 20
interface GigabitEthernet0/0/5
port link-type access
port default vlan 200
ospf 1 router-id 2.2.2.2
area 0.0.0.0
network 192.168.10.2 0.0.0.0
network 192.168.20.2 0.0.0.0
network 192.168.200.1 0.0.0.0
user-interface con 0
user-interface vty 0 4ACC-1:
vlan batch 10 20
cluster enable
ntdp enable
ndp enable
drop illegal-mac alarm
diffserv domain default
stp region-configuration
region-name ACC
instance 1 vlan 10
instance 2 vlan 20
active region-configuration
drop-profile default
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password simple admin
local-user admin service-type http
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 10 20
interface GigabitEthernet0/0/2
port link-type trunk
port trunk allow-pass vlan 10 20
interface GigabitEthernet0/0/3
port link-type access
port default vlan 10
interface GigabitEthernet0/0/4
port link-type access
port default vlan 10
user-interface con 0
user-interface vty 0 4ACC-2:
vlan batch 10 20
cluster enable
ntdp enable
ndp enable
drop illegal-mac alarm
diffserv domain default
stp region-configuration
drop-profile default
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password simple admin
local-user admin service-type http
region-name ACC
instance 1 vlan 10
instance 2 vlan 20
active region-configuration
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 10 20
interface GigabitEthernet0/0/2
port link-type trunk
port trunk allow-pass vlan 10 20
interface GigabitEthernet0/0/3
port link-type access
port default vlan 20
user-interface con 0
user-interface vty 0 4CORE:
vlan batch 100 110 200
cluster enable
ntdp enable
ndp enable
drop illegal-mac alarm
diffserv domain default
drop-profile default
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password simple admin
local-user admin service-type http
interface Vlanif100
ip address 192.168.100.2 255.255.255.0
ip address 192.168.110.1 255.255.255.0
interface Vlanif200
ip address 192.168.200.2 255.255.255.0
interface GigabitEthernet0/0/1
port link-type access
port default vlan 100
interface GigabitEthernet0/0/2
port link-type access
port default vlan 200
interface GigabitEthernet0/0/3
port link-type access
port default vlan 110
ospf 1 router-id 3.3.3.3
area 0.0.0.0
network 192.168.100.2 0.0.0.0
network 192.168.110.1 0.0.0.0
network 192.168.200.2 0.0.0.0
user-interface con 0
user-interface vty 0 45.设备之间的通讯状态:
接入层与汇聚层
- ACC - 1 与 HJ - 1:ACC - 1 上连接 PC1 和 PC2 的端口划分在 VLAN10,通过 GE 0/0/1 以 trunk 链路连接到 HJ - 1 的聚合链路。VLAN10 内的流量可以在两者间正常传输,实现 PC1、PC2 与 HJ - 1 的通讯。
- ACC - 2 与 HJ - 2:ACC - 2 上连接 PC3 的端口划分在 VLAN20,通过 GE 0/0/1 以 trunk 链路连接到 HJ - 2 的聚合链路。VLAN20 内的流量可在两者间正常传输,实现 PC3 与 HJ - 2 的通讯。
汇聚层之间
- HJ - 1 与 HJ - 2:通过链路聚合建立了高带宽连接,且配置为 trunk 链路允许 VLAN10 和 VLAN20 通过。MSTP 生成树协议避免了二层环路,VLAN10 和 VLAN20 的流量可在两者间按需传输,如 VLAN10 以 HJ - 1 为主根、VLAN20 以 HJ - 2 为主根进行流量路径选择 。
汇聚层与核心层
- HJ - 1、HJ - 2 与 CORE:HJ - 1 和 HJ - 2 与 CORE 通过 trunk 链路连接,允许 VLAN10 和 VLAN20 通过。在 OSPF 协议作用下,三层可达,可实现 VLAN10、VLAN20 与核心层设备的通讯。
核心层与路由器
- CORE 与 R1:通过 OSPF 协议建立邻居关系,宣告相关网络,实现三层互通,使得内部 VLAN 网络能够通过 R1 访问互联网。
冗余保障方面
- VRRP:在 VLAN10 中,HJ - 1 作为主网关,HJ - 2 作为备份网关;VLAN20 中反之。当主网关设备上行链路故障时,备份网关能在配置的抢占延迟(15s )后接替工作,保证 VLAN 内设备网关层面的通讯不中断。
- MSTP:配置边缘接口及 BPDU 保护和过滤功能,保障了接入层设备与汇聚层设备间链路的稳定性,避免非法 BPDU 干扰,提升用户体验,保证了接入侧通讯的可靠性。
,源码可白嫖!)
颜色空间转换-----将 NV12 格式的图像数据转换为 BGR 颜色空间函数NV12toBGR())
![Linux[基本指令]](http://pic.xiahunao.cn/Linux[基本指令])
,抓取和拉取,推送(注意点,抓取更新+合并的三种方法,解决冲突,对比),移除)
问题深度解析与实战调优)