Cyber_Security_Notes/B. 第二阶段/拓扑练习/0828_心跳线.md

心跳线

一、多VLAN环境下的VRRP负载分担

详细配置需求及配置过程见 0827_多VLAN环境下的VRRP负载分担.md

• SW3

  [SW3]vlan batch 10 20
  [SW3]int g0/0/1
  [SW3-GigabitEthernet0/0/1]port link-type access
  [SW3-GigabitEthernet0/0/1]port default vlan 10
  [SW3-GigabitEthernet0/0/1]int g0/0/2
  [SW3-GigabitEthernet0/0/2]port link-type access 
  [SW3-GigabitEthernet0/0/2]port default vlan 20
  [SW3-GigabitEthernet0/0/2]quit
  [SW3]port-group group-member g0/0/3 g0/0/4
  [SW3-port-group]port link-type trunk 
  [SW3-port-group]port trunk allow-pass vlan all
  

• SW1

  [SW1]vlan 13
  [SW1-vlan13]quit
  [SW1-GigabitEthernet0/0/2]port link-type trunk 
  [SW1-GigabitEthernet0/0/2]port trunk allow-pass vlan all
  [SW1-GigabitEthernet0/0/2]int g0/0/1
  [SW1-GigabitEthernet0/0/1]port link-type access 
  [SW1-GigabitEthernet0/0/1]port default vlan 13
  [SW1-GigabitEthernet0/0/1]quit
  [SW1]int vlan 13
  [SW1-Vlanif13]ip add 192.168.13.1 24
  [SW1-Vlanif13]quit
  [SW1]vlan batch 10 20
  [SW1]int vlan 10
  [SW1-Vlanif10]ip add 192.168.10.251 24
  [SW1-Vlanif10]vrrp vrid 10 virtual-ip 192.168.10.254
  [SW1-Vlanif10]vrrp vrid 10 priority 130
  [SW1-Vlanif10]vrrp vrid 10 track int g0/0/1 reduced 50
  [SW1-Vlanif10]int vlan 20
  [SW1-Vlanif20]ip add 192.168.20.251 24
  [SW1-Vlanif20]vrrp vrid 20 virtual-ip 192.168.20.254
  [SW1-Vlanif20]quit
  [SW1]ip route-static 192.168.2.0 24 192.168.13.3
  

• SW2

  [SW2]vlan 23
  [SW2-vlan23]quit
  [SW2]int g0/0/2
  [SW2-GigabitEthernet0/0/2]port link-type trunk 
  [SW2-GigabitEthernet0/0/2]port trunk allow-pass vlan all
  [SW2-GigabitEthernet0/0/2]int g0/0/1
  [SW2-GigabitEthernet0/0/1]port link-type access 
  [SW2-GigabitEthernet0/0/1]port default vlan 23
  [SW2-GigabitEthernet0/0/1]quit
  [SW2]int vlan 23
  [SW2-Vlanif13]ip add 192.168.23.1 24
  [SW2-Vlanif13]quit
  [SW2]vlan batch 10 20
  [SW2]int vlan 10
  [SW2-Vlanif10]ip add 192.168.10.252 24	
  [SW2-Vlanif10]vrrp vrid 10 virtual-ip 192.168.10.254
  [SW2-Vlanif10]int vlan 20
  [SW2-Vlanif20]ip add 192.168.20.252 24
  [SW2-Vlanif20]vrrp vrid 20 virtual-ip 192.168.20.254
  [SW2-Vlanif20]vrrp vrid 20 priority 130
  [SW2-Vlanif20]vrrp vrid 20 track int g0/0/1 reduced 50
  [SW2-Vlanif20]quit
  [SW2]ip route-static 192.168.2.0 24 192.168.23.3
  

• AR1

  [AR1]int g0/0/0
  [AR1-GigabitEthernet0/0/0]ip add 192.168.13.3 24
  [AR1-GigabitEthernet0/0/0]int g0/0/1
  [AR1-GigabitEthernet0/0/1]ip add 192.168.23.3 24
  [AR1-GigabitEthernet0/0/1]int g0/0/2
  [AR1-GigabitEthernet0/0/2]ip add 192.168.2.254 24
  [AR1-GigabitEthernet0/0/2]quit
  [AR1]ip route-static 192.168.10.0 24 192.168.13.1
  [AR1]ip route-static 192.168.10.0 24 192.168.23.1 preference 100
  [AR1]ip route-static 192.168.20.0 24 192.168.13.1 preference 100
  [AR1]ip route-static 192.168.20.0 24 192.168.23.1
  

二、配置MSTP

• SW1

  [SW1]int g0/0/24
  [SW1-GigabitEthernet0/0/24]port link-type trunk
  [SW1-GigabitEthernet0/0/24]port trunk allow-pass vlan all
  [SW1-GigabitEthernet0/0/24]quit
  [SW1]stp region-configuration
  [SW1-mst-region]region-name ntd2407
  [SW1-mst-region]instance 10 vlan 10
  [SW1-mst-region]instance 20 vlan 20
  [SW1-mst-region]active region-configuration
  [SW1-mst-region]quit
  [SW1]stp instance 10 priority 4096
  [SW1]stp instance 20 priority 8192
  

• SW2

  [SW2]int g0/0/24
  [SW2-GigabitEthernet0/0/24]port link-type trunk
  [SW2-GigabitEthernet0/0/24]port trunk allow-pass vlan all
  [SW2-GigabitEthernet0/0/24]quit
  [SW2]stp region-configuration
  [SW2-mst-region]region-name ntd2407
  [SW2-mst-region]instance 10 vlan 10
  [SW2-mst-region]instance 20 vlan 20
  [SW2-mst-region]active region-configuration
  [SW2-mst-region]quit
  [SW2]stp instance 10 priority 8192
  [SW2]stp instance 20 priority 4096
  

• SW3

  [SW3]stp region-configuration
  [SW3-mst-region]region-name ntd2407
  [SW3-mst-region]instance 10 vlan 10
  [SW3-mst-region]instance 20 vlan 20
  [SW3-mst-region]active region-configuration
  

三、连通性测试

• PC1

  • PING

    PC>ping 192.168.2.1
    
    Ping 192.168.2.1: 32 data bytes, Press Ctrl_C to break
    Request timeout!
    From 192.168.2.1: bytes=32 seq=2 ttl=253 time=110 ms
    From 192.168.2.1: bytes=32 seq=3 ttl=253 time=47 ms
    From 192.168.2.1: bytes=32 seq=4 ttl=253 time=62 ms
    From 192.168.2.1: bytes=32 seq=5 ttl=253 time=63 ms
    
    --- 192.168.2.1 ping statistics ---
      5 packet(s) transmitted
      4 packet(s) received
      20.00% packet loss
      round-trip min/avg/max = 0/70/110 ms
    

  • Tracert

    PC>tracert 192.168.2.1
    
    traceroute to 192.168.2.1, 8 hops max
    (ICMP), press Ctrl+C to stop
     1  192.168.10.251   46 ms  47 ms  32 ms
     2  192.168.13.3   93 ms  63 ms  78 ms
     3  192.168.2.1   62 ms  63 ms  62 ms
    

• PC2

  • PING

    PC>ping 192.168.2.1
    
    Ping 192.168.2.1: 32 data bytes, Press Ctrl_C to break
    From 192.168.2.1: bytes=32 seq=1 ttl=253 time=172 ms
    From 192.168.2.1: bytes=32 seq=2 ttl=253 time=63 ms
    From 192.168.2.1: bytes=32 seq=3 ttl=253 time=78 ms
    From 192.168.2.1: bytes=32 seq=4 ttl=253 time=47 ms
    From 192.168.2.1: bytes=32 seq=5 ttl=253 time=62 ms
    
    --- 192.168.2.1 ping statistics ---
      5 packet(s) transmitted
      5 packet(s) received
      0.00% packet loss
      round-trip min/avg/max = 47/84/172 ms
    

  • Tracert

    PC>tracert 192.168.2.1
    
    traceroute to 192.168.2.1, 8 hops max
    (ICMP), press Ctrl+C to stop
     1  192.168.20.252   31 ms  47 ms  47 ms
     2  192.168.23.3   62 ms  94 ms  62 ms
     3  192.168.2.1   63 ms  62 ms  79 ms
    

四、功能性测试

• 左侧下行线断连

  

  • PC1

    • PING

      PC>ping 192.168.2.1
      
      Ping 192.168.2.1: 32 data bytes, Press Ctrl_C to break
      From 192.168.2.1: bytes=32 seq=1 ttl=253 time=78 ms
      From 192.168.2.1: bytes=32 seq=2 ttl=253 time=79 ms
      From 192.168.2.1: bytes=32 seq=3 ttl=253 time=63 ms
      From 192.168.2.1: bytes=32 seq=4 ttl=253 time=78 ms
      From 192.168.2.1: bytes=32 seq=5 ttl=253 time=63 ms
      
      --- 192.168.2.1 ping statistics ---
        5 packet(s) transmitted
        5 packet(s) received
        0.00% packet loss
        round-trip min/avg/max = 63/72/79 ms
      

    • Tracert

      PC>tracert 192.168.2.1
      
      traceroute to 192.168.2.1, 8 hops max
      (ICMP), press Ctrl+C to stop
       1  192.168.10.251   62 ms  63 ms  62 ms
       2  192.168.13.3   78 ms  78 ms  78 ms
       3  192.168.2.1   94 ms  94 ms  62 ms
      

• 右侧下行线断连

  

  • PC2

    • PING

      PC>ping 192.168.2.1
      
      Ping 192.168.2.1: 32 data bytes, Press Ctrl_C to break
      From 192.168.2.1: bytes=32 seq=1 ttl=253 time=187 ms
      From 192.168.2.1: bytes=32 seq=2 ttl=253 time=94 ms
      From 192.168.2.1: bytes=32 seq=3 ttl=253 time=78 ms
      From 192.168.2.1: bytes=32 seq=4 ttl=253 time=63 ms
      From 192.168.2.1: bytes=32 seq=5 ttl=253 time=78 ms
      
      --- 192.168.2.1 ping statistics ---
        5 packet(s) transmitted
        5 packet(s) received
        0.00% packet loss
        round-trip min/avg/max = 63/100/187 ms
      

    • Tracert

      PC>tracert 192.168.2.1
      
      traceroute to 192.168.2.1, 8 hops max
      (ICMP), press Ctrl+C to stop
       1  192.168.20.252   62 ms  63 ms  62 ms
       2  192.168.23.3   94 ms  109 ms  94 ms
       3  192.168.2.1   78 ms  110 ms  78 ms