I. Preface

Before we configured MSTP and completed a basic requirement, now we continue to improve it, using VRRP+MSTP configuration
The requirements are as follows:

A company currently needs 500 devices that can be connected to the external network. The company has 5 departments, namely A\B\C\D\E.
Each department needs 100 devices and requiresThe second layer is isolated.
1. Reasonably plan IP (use private IP) and subnet.
2. It is planned to use DHCP to issue addresses (expansion)
3. Divide VLANs to ensure the control of Layer 2 link traffic.
5. The company network needs to configure ospf routing protocol on two aggregation layer switches and one core router to realize internal network communication.
6. Link aggregation needs to be done between the two aggregation switches to increase the bandwidth. Considering the security issues of the Layer 2 network and the occupancy of network resources, it is necessary to implement Layer 2 isolation between different departments.
7. Now use 5 Layer 2 switches to simulate the access layer equipment of 5 departments.
8. In order to improve the reliability of the network, each layer 2 access device needs to be interconnected with the aggregation layer device, so it is necessary to configure the STP protocol to prevent the occurrence of loops on the basis of ensuring reliability.(Extended)
9. To facilitate later management and maintenance, it is necessary to enable the remote login function on the core and aggregation layer devices.The authentication method is user name + password authentication (user name and password are customized).
10. Students of MSTP and VRRP technologies can consider and implement them according to the situation.(Expand)
11. Think about how to achieve when intranet users need to access the Internet?

1.1 MSTP

MSTP not only involves multiple MSTs (Spanning Tree Instances), but can also be divided into multiple MST areas (MST areas, also known as MST areas).Generally, an MSTP network may contain one or more MST domains, and each MST domain may contain one or more MSTs.Each MSTI consists of switching devices running stp/rstp/mstp, and these switching devices form a tree-like network after being calculated by the mstp protocol.

1.2 VRRP

VRRP (Virtual Router Redundancy Protocol) is a fault-tolerant protocol used to improve network reliability.Through VRRP, when the next-hop device of the host fails, services can be switched to the backup device in time, thus ensuring the continuity and reliability of network communication.

Look at the topology:

Three. Experimental process

We have successfully configured MSTP before, so we need to pay attention to one thing:
Because of our MSTP

instance 1 root primaryinstance 2 root secondary

vlan10 20 is in SW6 for the primary root and SW7 for the backup root.
vlan30 40 50 The main root is in SW7, and the backup root is in SW6.
Assign as follows.

instance 1 vlan 10 20instance 2 vlan 30 40 50

Then we need to pay attention to one thing after configuration
vlan 10 20 in VRRP go to SW6, echoing the above
As follows, we first enter interface Vlanif10 and configure the ip address

interface Vlanif10
ip address 192.168.10.124 25

Use VRRP to configure the virtual route and change the priority to 150.

vrrp vrid 1 virtual-ip 192.168.10.126 vrrp vrid 1 priority 150 vrrp

At the same time, set the upper-layer link detection to detect the GigabitEthernet0/0/9 interface. If the interface is faulty or the packet is lost, the priority will be reduced by 60.
In this case, use the SW7 route to communicate.

vrid 1 track interface GigabitEthernet0/0/9 reduced 60 dhcp select
global

Same for others:

Note that,The IPs in sw6 and sw7 cannot be configured the same, otherwise it is easy to conflict.
Screenshot of stepping on the pit:

Step on pit 2:

After configuring VRRP, all are master.
Reason, Eth-Trunk1 did not release vlan vrrp:

interface Eth-Trunk1
port link-type trunk
port trunk allow-pass vlan 2 to 4094
Solution:

3.1 Convenience Commands

SW6 as an example:

interface Vlanif10ip address 192.168.10.124 25vrrp vrid 1 virtual-ip 192.168.10.126vrrp vrid 1 priority 150vrrp vrid 1 track interface GigabitEthernet0/0/9 reduced 60dhcp select global

interface Vlanif20ip address 192.112.20.252 25vrrp vrid 2 virtual-ip 192.112.20.254vrrp vrid 2 priority 150vrrp vrid 2 track interface GigabitEthernet0/0/9 reduced 60

interface Vlanif40ip address 192.168.20.252 25vrrp vrid 4 virtual-ip 192.168.20.254interface Vlanif30ip address 192.168.20.124 25vrrp vrid 3 virtual-ip 192.168.20.126interface Vlanif50ip address 192.168.30.124 25vrrp vrid 5 virtual-ip 192.168.30.126