标签:mstp
STP的简单配置:
拓扑见QQ收藏
实验要求:
1、S1为VLAN 11、13的根,VLAN12、14的备份根;
2、S2为VLAN 12、14的根,VLAN11、13的备份根;
3、开启stp安全保护功能:
(1)S3连接用户终端接口配置为边缘端口,不转发BPDU
(2)开启根保护
(3)开启防TC-BPDU攻击保护功能
(4)开启环路保护功能
特别注意:有可能需要在接口开启 stp enable 功能,也可能是在全局,模拟器全局不支持
S1配置:
[S1]vlan 11
[S1-vlan11]vlan 12
[S1-vlan12]vlan 13
[S1-vlan13]vlan 14
[S1-vlan14]int G1/0/1
[S1-Ethernet1/0/1]port link-type trunk
[S1-Ethernet1/0/1]undo port trunk permit vlan 1
[S1-Ethernet1/0/1]port trunk permit vlan 11 to 14
[S1-Ethernet1/0/1]int g1/0/2
[S1-Ethernet1/0/2]port link-type trunk
[S1-Ethernet1/0/2]undo port trunk permit vlan 1
[S1-Ethernet1/0/2]port trunk permit vlan 11 to 14
[S1]stp region-configuration
[S1-mst-region]region-name H3C
[S1-mst-region]instance 1 vlan 11 13
[S1-mst-region]instance 2 vlan 12 14
[S1-mst-region]revision-level 0
[S1-mst-region]active region-configuration 用来激活MSTP域的配置
[S1-mst-region]quit
[S1]stp instance 1 root primary
[S1]stp instance 2 root secondary
R2配置:
[S2]VLAN 11
[S2-vlan11]VLAN 12
[S2-vlan12]VLAN 13
[S2-vlan13]VLAN 14
[S2-vlan14]int g1/0/1
[S2-Ethernet1/0/1]port link-type trunk
[S2-Ethernet1/0/1]undo port trunk permit vlan 1
[S2-Ethernet1/0/1]port trunk permit vlan 11 to 14
[S2-Ethernet1/0/1]int g1/0/2
[S2-Ethernet1/0/2]port link-type trunk
[S2-Ethernet1/0/2]undo port trunk permit vlan 1
[S2-Ethernet1/0/2]port trunk permit vlan 11 to 14
[S2]stp region-configuration
[S2-mst-region]region-name H3C
[S2-mst-region]instance 1 vlan 11 13
[S2-mst-region]instance 2 vlan 12 14
[S2-mst-region]revision-level 0
[S2-mst-region]active region-configuration
[S2]stp instance 1 root secondary
[S2]stp instance 2 root primary
R3配置:
[S3]vlan 11
[S3-vlan11]vlan 12
[S3-vlan12]vlan 13
[S3-vlan13]vlan 14
[S3-vlan14]int g1/0/3
[S3-Ethernet1/0/1]port link-type access
[S3-Ethernet1/0/1]port access vlan 11
[S3-Ethernet1/0/1]int g1/0/4
[S3-Ethernet1/0/2]port link-type access
[S3-Ethernet1/0/2]port access vlan 12
[S3-Ethernet1/0/2]int g1/0/5
[S3-Ethernet1/0/3]port link-type access
[S3-Ethernet1/0/3]port access vlan 13
[S3-Ethernet1/0/3]int g1/0/6
[S3-Ethernet1/0/4]port link-type access
[S3-Ethernet1/0/4]port access vlan 14
[S3-Ethernet1/0/4]int g1/0/1
[S3-Ethernet1/0/23]port link-type trunk
[S3-Ethernet1/0/23]undo port trunk permit vlan 1
[S3-Ethernet1/0/23]port trunk permit vlan 11 12 13 14
[S3-Ethernet1/0/23]int g1/0/2
[S3-Ethernet1/0/24]port link-type trunk
[S3-Ethernet1/0/23]undo port trunk permit vlan 1
[S3-Ethernet1/0/23] port trunk permit vlan 11 12 13 14
[S3]stp region-configuration
[S3-mst-region]region-name H3C
[S3-mst-region]instance 1 vlan 11 13
[S3-mst-region]instance 2 vlan 12 14
[S3-mst-region]revision-level 0
[S3-mst-region]active region-configuration
配置接口为边缘端口,不发送BPDU:
[S3]int g1/0/3
[S3-GigabitEthernet1/0/3]stp edged-port
[S3-GigabitEthernet1/0/3]int g1/0/4
[S3-GigabitEthernet1/0/4]stp edged-port
[S3-GigabitEthernet1/0/4]int g1/0/5
[S3-GigabitEthernet1/0/5]stp edged-port
[S3-GigabitEthernet1/0/5]int g1/0/6
[S3-GigabitEthernet1/0/6]stp edged-port
[S3-GigabitEthernet1/0/6]quit
注意:一般配置的都是access端口
开启根保护:
在所有交换机的根端口,备份端口,制定端口上配置
[S1]int g1/0/1
[S1-GigabitEthernet1/0/1]stp root-protection
[S1-GigabitEthernet1/0/1]int g1/0/2
[S1-GigabitEthernet1/0/2]stp root-protection
开启防TC-BPDU攻击保护功能:
[S1]stp tc-protection
[S1]stp tc-protection threshold 5
注意:当收到TC-BPDU后立即进行地址表项刷新操作的次数最多为5.默认为6.(所有交换机配置)
开启环路保护功能:
[S3]int g1/0/1
[S3-GigabitEthernet1/0/1]stp loop-protection
[S3-GigabitEthernet1/0/1]int g1/0/2
[S3-GigabitEthernet1/0/2]stp loop-protection
注意:只在非根交换机的所有处于环路的接口下操作
标签:mstp
原文地址:http://llzzgg.blog.51cto.com/10535395/1765571
