拓扑图

实验需求：

公司人数较多且多网络冗余和可用性要求较高，故网络中使用MSTP对不同的VLAN负载均衡，使用VRRP对网关进行负载均衡和平均流量，使用两家运营商线路对出口进行负载均衡。接入端配置边缘端口使终端快速进入转发，配置bpdu防护，保护边缘端口接收到bpdu报文后立即关闭，减少网络的震荡。两台core之间使用eth-trunk，

配置步骤：

1.access和core交换机之间的上下联启trunk并分别都创建vlan10,20,30,40，全部启用mstp和创建instance1和instance2；
2.access交换机将端口划入对应vlan并配置边缘端口和启用bpdu防护；
3.core交换机之间配置链路聚合eth-trunk10；
4.core1和core2和出口路由器AR1和AR2配置互连地址并启用ospf；
5.core1和core2配置vrrp
6.AR1和AR2启用nat，配置默认路由出口，并将默认路由引入ospf进程中，让所有内网能访问外网；

配置命令

1 所有交换机配置mstp，trunk这里没赘述了。

vlan batch 10 20 30 40
stp mode mstp
stp region-configuration
 region-name qindu
 instance 1 vlan 10 20
 instance 2 vlan 30 40
 active region-configuration

core1是instance1的根桥是instance2的备份根桥，core2是instrance2的根桥是instance1的备份根桥。
core1

stp instance 1 priority 4096
stp instance 2 priority 8192

core2

stp instance 1 priority 8192
stp instance 2 priority 4096

2.access交换机将端口划入对应vlan并配置边缘端口和启用bpdu防护；
命令如下，对应的端口配置即可。

stp bpdu-protection  //全局开启bopdu防护
port link-type access
 port default vlan 10  //划入vlan
 stp edged-port enable  //边缘端口，实现快速收敛

3.core交换机之间配置链路聚合eth-trunk10；

interface Eth-Trunk10
 port link-type trunk
 port trunk allow-pass vlan 2 to 4094
 mode lacp-static
 trunkport g0/0/4
 trunkport g0/0/5
 trunkport g0/0/6

4.core1和core2和出口路由器AR1和AR2配置互连地址并启用ospf；
core-1

vlan batch 911 912
interface Vlanif911
 ip address 10.10.253.1 255.255.255.252
interface Vlanif912
 ip address 10.10.253.5 255.255.255.252
 ospf cost 2

interface GigabitEthernet0/0/7
 port link-type access
 port default vlan 911

 interface GigabitEthernet0/0/8
 port link-type access
 port default vlan 912

core-2

vlan batch 921 922
interface Vlanif921
 ip address 10.10.254.1 255.255.255.252
interface Vlanif912
 ip address 10.10.254.5 255.255.255.252
 ospf cost 2

interface GigabitEthernet0/0/7
 port link-type access
 port default vlan 921

 interface GigabitEthernet0/0/8
 port link-type access
 port default vlan 922

4.core1和core2和出口路由器AR1和AR2配置互连地址并启用ospf；
core1

ospf 1 router-id 10.0.0.3
 area 0.0.0.0
  network 10.10.10.0 0.0.0.255
  network 10.10.20.0 0.0.0.255
  network 10.10.30.0 0.0.0.255
  network 10.10.40.0 0.0.0.255
  network 10.10.253.4 0.0.0.3
  network 10.10.253.0 0.0.0.3
  network 10.0.0.3 0.0.0.0

core2

ospf 1 router-id 10.0.0.4
 area 0.0.0.0
  network 10.10.10.0 0.0.0.255
  network 10.10.20.0 0.0.0.255
  network 10.10.30.0 0.0.0.255
  network 10.10.40.0 0.0.0.255
  network 10.10.254.0 0.0.0.3
  network 10.10.254.4 0.0.0.3
  network 10.0.0.4 0.0.0.0

AR1

ospf 1 router-id 10.0.0.1 
 default-route-advertise
 area 0.0.0.0 
  network 10.0.0.1 0.0.0.0 
  network 10.10.253.0 0.0.0.3 
  network 10.10.254.4 0.0.0.3

AR2

ospf 1 router-id 10.0.0.2 
 default-route-advertise
 area 0.0.0.0 
  network 10.0.0.2 0.0.0.0 
  network 10.10.253.4 0.0.0.3 
  network 10.10.254.0 0.0.0.3 

5.core1和core2配置vrrp
core1

interface Vlanif10
 ip address 10.10.10.252 255.255.255.0
 vrrp vrid 10 virtual-ip 10.10.10.254
 vrrp vrid 10 priority 120
 vrrp vrid 10 track interface GigabitEthernet0/0/7 reduced 21
 ospf cost 2
 dhcp select relay
 dhcp relay server-ip 10.10.253.2
#
interface Vlanif20
 ip address 10.10.20.252 255.255.255.0
 vrrp vrid 20 virtual-ip 10.10.20.254
 vrrp vrid 20 priority 120
 vrrp vrid 20 track interface GigabitEthernet0/0/7 reduced 21
 ospf cost 2
 dhcp select relay
 dhcp relay server-ip 10.10.253.2
#
interface Vlanif30
 ip address 10.10.30.252 255.255.255.0
 vrrp vrid 30 virtual-ip 10.10.30.254
 ospf cost 2
#
interface Vlanif40
 ip address 10.10.40.252 255.255.255.0
 vrrp vrid 40 virtual-ip 10.10.40.254
 ospf cost 2

core2

interface Vlanif10
 ip address 10.10.10.253 255.255.255.0
 vrrp vrid 10 virtual-ip 10.10.10.254
 ospf cost 2
#
interface Vlanif20
 ip address 10.10.20.253 255.255.255.0
 vrrp vrid 20 virtual-ip 10.10.20.254
 ospf cost 2
#
interface Vlanif30
 ip address 10.10.30.253 255.255.255.0
 vrrp vrid 30 virtual-ip 10.10.30.254
 vrrp vrid 30 priority 120
 ospf cost 2
 dhcp select relay
 dhcp relay server-ip 10.10.253.2
#
interface Vlanif40
 ip address 10.10.40.253 255.255.255.0
 vrrp vrid 40 virtual-ip 10.10.40.254
 vrrp vrid 40 priority 120
 ospf cost 2
 dhcp select relay
 dhcp relay server-ip 10.10.253.2

6.AR1和AR2启用nat，配置默认路由出口，并将默认路由引入ospf进程中，让所有内网能访问外网；
AR1

acl number 2000  
 rule 5 permit source 10.10.0.0 0.0.255.255 

interface GigabitEthernet0/0/2
 ip address 202.100.1.1 255.255.255.248 
 nat outbound 2000

ip route-static 0.0.0.0 0.0.0.0 202.100.1.2

 引入默认路由步骤3有命令，可翻看参考

AR2

acl number 2000  
 rule 5 permit source 10.10.0.0 0.0.255.255 

interface GigabitEthernet0/0/2
 ip address 202.100.2.1 255.255.255.248 
 nat outbound 2000

ip route-static 0.0.0.0 0.0.0.0 202.100.2.2

这样，一个典型的园区网，汇聚，核心，出口都有冗余和负载均衡。