OBJECTIVE
The purpose of this post is to present an introduction to the example for configruing MSTP + VRRP Network
Networking Requirements
As shown in Figure 1, hosts connect to Switch C, and Switch C connects to the Internet through Switch A and Switch B. To improve access reliability, the user configures redundant links. The redundant links causes a network loop, which leads to broadcast storm and destroy MAC bridge entries.
It is required that the network loop be prevented when redundant links are deployed, traffic be switched to another link when one link is broken, and network bandwidth be effectively used.
MSTP can be configured on the network to prevent loops. MSTP blocks redundant links and prunes a network into a tree topology free from loops. In addition, VRRP needs to be configured on Switch A and Switch B. Host A connects to the Internet by using Switch A as the default gateway and Switch B as the secondary gateway. Host B connects to the Internet by using Switch B as the default gateway and Switch A as the secondary gateway. Traffic is thus load balanced and communication reliability is improved.
Figure 1 - MSTP + VRRP network
| Device | Interface | VLANIF Interface | IP Address |
| SwitchA | GE0/0/1 and GE0/0/2 | VLANIF 2 | 10.1.2.102/24 |
| GE0/0/1 and GE0/0/2 | VLANIF 3 | 10.1.3.102/24 | |
| GE0/0/3 | VLANIF 4 | 10.1.4.102/24 | |
| SwitchB | GE0/0/1 and GE0/0/2 | VLANIF 2 | 10.1.2.103/24 |
| GE0/0/1 and GE0/0/2 | VLANIF 3 | 10.1.3.103/24 | |
| GE0/0/3 | VLANIF 5 | 10.1.5.103/24 |
Configuration Roadmap
The configuration roadmap is as follows:
1. Configure basic MSTP on the switches, including:
a. Configure MST and create multi-instance, map VLAN 2 to MSTI1, and map VLAN 3 to MSTI2 to load balance traffic.
b. Configure the root bridge and backup bridge in the MST region.
c. Configure the path cost on an interface so that the interface can be blocked.
d. Enable MSTP to prevent loops:
Enable MSTP globally.
Enable MSTP on all the interfaces except the interfaces connecting to hosts.
The interfaces connecting to hosts do not participate in MSTP calculation.
2. Enable the protection function to protect devices or links. For example, enable the protection function on the root bridge of each instance to protect roots.
3. Configure Layer 2 forwarding.
4. Assign an IP address to each interface and configure the routing protocol on each device to ensure network connectivity.
5. Create VRRP group 1 and VRRP group 2 on Switch A and Switch B. Configure Switch A as the master device and Switch B as the backup device of VRRP group 1. Configure Switch B as the master device and Switch A as the backup device of VRRP group 2.
Procedure
1. Configure basic MSTP functions.
a. Add Switch A, Switch B, and Switch C to region RG1, and create instances MSTI1 and MSTI2.
# Configure the MST region on SwitchA.
<HUAWEI> system-view
[HUAWEI] sysname SwitchA
[SwitchA] stp region-configuration
[SwitchA-mst-region] region-name RG1
[SwitchA-mst-region] instance 1 vlan 2
[SwitchA-mst-region] instance 2 vlan 3
[SwitchA-mst-region] active region-configuration
[SwitchA-mst-region] quit
# Configure the MST region on SwitchB.
<HUAWEI> system-view
[HUAWEI] sysname SwitchB
[SwitchA] stp region-configuration
[SwitchA-mst-region] region-name RG1
[SwitchA-mst-region] instance 1 vlan 2
[SwitchA-mst-region] instance 2 vlan 3
[SwitchA-mst-region] active region-configuration
[SwitchA-mst-region] quit
# Configure the MST region on SwitchC.
<HUAWEI> system-view
[HUAWEI] sysname SwitchC
[SwitchA] stp region-configuration
[SwitchA-mst-region] region-name RG1
[SwitchA-mst-region] instance 1 vlan 2
[SwitchA-mst-region] instance 2 vlan 3
[SwitchA-mst-region] active region-configuration
[SwitchA-mst-region] quit
b. Configure the root bridges and backup bridges for MSTI1 and MSTI2 in RG1.
Configure the root bridge and backup bridge for MSTI1.
# Set SwitchA as the root bridge of MSTI1.
[SwitchA] stp instance 1 root primary
# Set SwitchB as the root bridge of MSTI1.
[SwitchB] stp instance 1 root secondary
Configure the root bridge and backup bridge for MSTI2.
# Set SwitchB as the root bridge of MSTI2.
[SwitchB] stp instance 2 root primary
# Set SwitchA as the root bridge of MSTI1.
[SwitchA] stp instance 2 root secondary
c. Set the path costs of the interfaces that you want to block on MSTI1 and MSTI2 to be greater than the default value.
The path cost range is decided by the algorithm. The Huawei proprietary algorithm is used as an example. Set the path costs of the interfaces to 20000.
The switches on the same network must use the same algorithm to calculate path costs.
# Set the path cost algorithm on SwitchA to Huawei proprietary algorithm.
[SwitchA] stp pathcost-standard legacy
# Set the path cost algorithm on SwitchB to Huawei proprietary algorithm.
[SwitchB] stp pathcost-standard legacy
# Set the path cost algorithm on SwitchC to Huawei proprietary algorithm. Set the path cost of GE0/0/1 in MSTI2 to 20000; set the path cost of GE0/0/4 in MSTI1 to 20000.
[SwitchC] stp pathcost-standard legacy
[SwitchC] interface gigabitethernet 0/0/1
[SwitchC-GigabitEthernet0/0/1] stp instance 2 cost 20000
[SwitchC-GigabitEthernet0/0/1] quit
[SwitchC] interface gigabitethernet 0/0/4
[SwitchC-GigabitEthernet0/0/4] stp instance 1 cost 20000
[SwitchC-GigabitEthernet0/0/4] quit
d. Enable MSTP to prevent loops.
Enable MSTP globally.
# Enable MSTP on SwitchA.
[SwitchA] stp enable
# Enable MSTP on SwitchB.
[SwitchB] stp enable
# Enable MSTP on SwitchC.
[SwitchC] stp enable
Disable MSTP on the interfaces connecting to hosts.
# Disable STP on GE0/0/2 and GE0/0/3 of SwitchC.
[SwitchC] interface gigabitethernet 0/0/2
[SwitchC-GigabitEthernet0/0/2] stp disable
[SwitchC-GigabitEthernet0/0/2] quit
[SwitchC] interface gigabitethernet 0/0/3
[SwitchC-GigabitEthernet0/0/3] stp disable
[SwitchC-GigabitEthernet0/0/3] quit
2. Enable the protection function on the designated interfaces of each root bridge.
# Enable root protection on GE0/0/1 of SwitchA.
[SwitchA] interface gigabitethernet 0/0/1
[SwitchA-GigabitEthernet0/0/1] stp root-protection
[SwitchA-GigabitEthernet0/0/1] quit
# Enable root protection on GE0/0/1 of SwitchB.
[SwitchB] interface gigabitethernet 0/0/1
[SwitchB-GigabitEthernet0/0/1] stp root-protection
[SwitchB-GigabitEthernet0/0/1] quit
3. Configure Layer 2 forwarding on the switches in the ring.
Create VLANs 2 and 3 on Switch A, Switch B, and Switch C.
# Create VLANs 2 and 3 on SwitchA.
[SwitchA] vlan batch 2 to 3
# Create VLANs 2 and 3 on SwitchB.
[SwitchB] vlan batch 2 to 3
# Create VLANs 2 and 3 on SwitchC.
[SwitchC] vlan batch 2 to 3
Add the interfaces connecting to the loops to VLANs.
# Add GE0/0/1 of SwitchA to VLANs.
[SwitchA] interface gigabitethernet 0/0/1
[SwitchA-GigabitEthernet0/0/1] port link-type trunk
[SwitchA-GigabitEthernet0/0/1] port trunk allow-pass vlan 2 to 3
[SwitchA-GigabitEthernet0/0/1] quit
# Add GE0/0/2 of SwitchA to VLANs.
[SwitchA] interface gigabitethernet 0/0/2
[SwitchA-GigabitEthernet0/0/2] port link-type trunk
[SwitchA-GigabitEthernet0/0/2] port trunk allow-pass vlan 2 to 3
[SwitchA-GigabitEthernet0/0/2] quit
# Add GE0/0/1 of SwitchB to VLANs.
[SwitchB] interface gigabitethernet 0/0/1
[SwitchB-GigabitEthernet0/0/1] port link-type trunk
[SwitchB-GigabitEthernet0/0/1] port trunk allow-pass vlan 2 to 3
[SwitchB-GigabitEthernet0/0/1] quit
# Add GE0/0/2 of SwitchB to VLANs.
[SwitchB] interface gigabitethernet 0/0/2
[SwitchB-GigabitEthernet0/0/2] port link-type trunk
[SwitchB-GigabitEthernet0/0/2] port trunk allow-pass vlan 2 to 3
[SwitchB-GigabitEthernet0/0/2] quit
# Add GE0/0/1 of SwitchC to VLANs.
[SwitchC] interface gigabitethernet 0/0/1
[SwitchC-GigabitEthernet0/0/1] port link-type trunk
[SwitchC-GigabitEthernet0/0/1] port trunk allow-pass vlan 2 to 3
[SwitchC-GigabitEthernet0/0/1] quit
# Add GE0/0/2 of SwitchC to VLANs.
[SwitchC] interface gigabitethernet 0/0/2
[SwitchC-GigabitEthernet0/0/2] port link-type access
[SwitchC-GigabitEthernet0/0/2] port default vlan 2
[SwitchC-GigabitEthernet0/0/2] quit
# Add GE0/0/3 of SwitchC to VLANs.
[SwitchC] interface gigabitethernet 0/0/3
[SwitchC-GigabitEthernet0/0/3] port link-type access
[SwitchC-GigabitEthernet0/0/3] port default vlan 3
[SwitchC-GigabitEthernet0/0/3] quit
# Add GE0/0/4 of SwitchC to VLANs.
[SwitchC] interface gigabitethernet 0/0/4
[SwitchC-GigabitEthernet0/0/4] port link-type trunk
[SwitchC-GigabitEthernet0/0/4] port trunk allow-pass vlan 2 to 3
[SwitchC-GigabitEthernet0/0/4] quit
Verify the configuration.
After the preceding configurations are complete and the network topology becomes stable, perform the following operations to verify the configuration.
# Run the display stp brief command on SwitchA to view the status and protection type on interfaces. The displayed information is as follows:
[SwitchA] display stp brief
MSTID Port Role STP State Protection
0 GigabitEthernet0/0/1 DESI FORWARDING ROOT
0 GigabitEthernet0/0/2 DESI FORWARDING NONE
1 GigabitEthernet0/0/1 DESI FORWARDING ROOT
1 GigabitEthernet0/0/2 DESI FORWARDING NONE
2 GigabitEthernet0/0/1 DESI FORWARDING ROOT
2 GigabitEthernet0/0/2 ROOT FORWARDING NONE
In MSTI1, GE0/0/2 and GE0/0/1 of Switch A are set as designated interfaces because Switch A is the root bridge of MSTI1. In MSTI2, GE0/0/1 of Switch A is set as the designated interface and GE0/0/2 is set as the root interface.
# Run the display stp brief command on SwitchB. The displayed information is as follows:
[SwitchB] display stp brief
MSTID Port Role STP State Protection
0 GigabitEthernet0/0/1 DESI FORWARDING ROOT
0 GigabitEthernet0/0/2 ROOT FORWARDING NONE
1 GigabitEthernet0/0/1 DESI FORWARDING ROOT
1 GigabitEthernet0/0/2 ROOT FORWARDING NONE
2 GigabitEthernet0/0/1 DESI FORWARDING ROOT
2 GigabitEthernet0/0/2 DESI FORWARDING NONE
In MSTI2, GE0/0/1 and GE0/0/2 of Switch B are set as designated interfaces because Switch B is the root bridge of MSTI2. In MSTI1, GE0/0/1 of Switch B is set as the designated interface and GE0/0/2 is set as the root interface.
# Run the display stp interface brief command on SwitchC. The displayed information is as follows:
[SwitchC] display stp interface gigabitethernet 0/0/1 brief
MSTID Port Role STP State Protection
0 GigabitEthernet0/0/1 ROOT FORWARDING NONE
1 GigabitEthernet0/0/1 ROOT FORWARDING NONE
2 GigabitEthernet0/0/1 ALTE DISCARDING NONE
0 GigabitEthernet0/0/4 ALTE DISCARDING NONE
1 GigabitEthernet0/0/4 ALTE DISCARDING NONE
2 GigabitEthernet0/0/4 ROOT FORWARDING NONE
GE0/0/1 of Switch C is the root interface of MSTI1, and is blocked in MSTI2. GE0/0/4 of Switch C is the root interface of MSTI2, and is blocked in MSTI1.
Connect devices.
# Assign an IP address to each interface, for example, the interfaces on SwitchA. The configurations on SwitchB are similar to the configurations on SwitchA. For details, see the configuration file.
<HUAWEI> system-view
[HUAWEI] sysname SwitchA
[SwitchA] vlan batch 4
[SwitchA] interface gigabitethernet 0/0/3
[SwitchA-GigabitEthernet0/0/3] port link-type trunk
[SwitchA-GigabitEthernet0/0/3] port trunk allow-pass vlan 4
[SwitchA-GigabitEthernet0/0/3] quit
[SwitchA] interface vlanif 2
[SwitchA-Vlanif2] ip address 10.1.2.102 24
[SwitchA-Vlanif2] quit
[SwitchA] interface vlanif 3
[SwitchA-Vlanif3] ip address 10.1.3.102 24
[SwitchA-Vlanif3] quit
[SwitchA] interface vlanif 4
[SwitchA-Vlanif4] ip address 10.1.4.102 24
[SwitchA-Vlanif4] quit
# Run OSPF on SwitchA, SwitchB, and routers. The configurations on SwitchA are used as an example. The configurations on SwitchB are similar to the configurations on SwitchA. For details, see the configuration file.
[SwitchA] ospf 1
[SwitchA-ospf-1] area 0
[SwitchA-ospf-1-area-0.0.0.0] network 10.1.2.0 0.0.0.255
[SwitchA-ospf-1-area-0.0.0.0] network 10.1.3.0 0.0.0.255
[SwitchA-ospf-1-area-0.0.0.0] network 10.1.4.0 0.0.0.255
[SwitchA-ospf-1-area-0.0.0.0] quit
[SwitchA-ospf-1] quit
Configure VRRP groups.
# Create VRRP group 1 on SwitchA and SwitchB. Set SwitchA as the master device, priority to 120, and preemption delay to 20 seconds. Set SwitchB as the backup device and retain the default priority.
[SwitchA] interface vlanif 2
[SwitchA-Vlanif2] vrrp vrid 1 virtual-ip 10.1.2.100
[SwitchA-Vlanif2] vrrp vrid 1 priority 120
[SwitchA-Vlanif2] vrrp vrid 1 preempt-mode timer delay 20
[SwitchA-Vlanif2] quit
[SwitchB] interface vlanif 2
[SwitchB-Vlanif2] vrrp vrid 1 virtual-ip 10.1.2.100
[SwitchB-Vlanif2] quit
# Create VRRP group 2 on SwitchA and SwitchB. Set SwitchB as the master device, priority to 120, and preemption delay to 20 seconds. Set SwitchA as the backup device and retain the default priority.
[SwitchB] interface vlanif 3
[SwitchA-Vlanif3] vrrp vrid 2 virtual-ip 10.1.3.100
[SwitchA-Vlanif3] vrrp vrid 2 priority 120
[SwitchA-Vlanif3] vrrp vrid 2 preempt-mode timer delay 20
[SwitchA-Vlanif3] quit
[SwitchA] interface vlanif 3
[SwitchA-Vlanif3] vrrp vrid 2 virtual-ip 10.1.3.100
[SwitchA-Vlanif3] quit
# Set the virtual IP address 10.1.2.100 of VRRP group 1 as the default gateway of HostA, and the virtual IP address 10.1.3.100 of VRRP group 2 as the default gateway of HostB.
Verify the configuration.
# After completing the preceding configurations, run the display vrrp command on SwitchA. SwitchA's VRRP status is master in VRRP group 1 and backup in VRRP group 2.
<SwitchA> display vrrp
Vlanif2 | Virtual Router 1
State : Master
Virtual IP : 10.1.2.100
Master IP : 10.1.2.102
PriorityRun : 120
PriorityConfig : 120
MasterPriority : 120
Preempt : YES Delay Time : 20 s
TimerRun : 1 s
TimerConfig : 1 s
Auth type : NONE
Virtual MAC : 0000-5e00-0101
Check TTL : YES
Config type : normal-vrrp
Backup-forward : disabled
Create time : 2012-05-11 03:39 UTC+08:00
Last change time : 2012-05-11 03:39 UTC+08:00
Vlanif3 | Virtual Router 2
State : Backup
Virtual IP : 10.1.3.100Master IP : 10.1.3.103
PriorityRun : 100
PriorityConfig : 100
MasterPriority : 120
Preempt : YES Delay Time : 0 s
TimerRun : 1 s
TimerConfig : 1 s
Auth type : NONE
Virtual MAC : 0000-5e00-0102
Check TTL : YES
Config type : normal-vrrp
Backup-forward : disabled
Create time : 2012-05-11 03:39 UTC+08:00
Last change time : 2012-05-11 03:39 UTC+08:00
# # Run the display vrrp command on SwitchB. SwitchB's VRRP status is backup in VRRP group 1 and master in VRRP group 2.
<SwitchB> display vrrp
Vlanif2 | Virtual Router 1
State : Backup
Virtual IP : 10.1.2.100
Master IP : 10.1.2.102
PriorityRun : 100
PriorityConfig : 100
MasterPriority : 120
Preempt : YES Delay Time : 0 s
TimerRun : 1 s
TimerConfig : 1 s
Auth type : NONE
Virtual MAC : 0000-5e00-0101
Check TTL : YES
Config type : normal-vrrp
Backup-forward : disabled
Create time : 2012-05-11 03:39 UTC+08:00
Last change time : 2012-05-11 03:39 UTC+08:00
Vlanif3 | Virtual Router 2
State : Master
Virtual IP : 10.1.3.100
Master IP : 10.1.3.103
PriorityRun : 120
PriorityConfig : 120
MasterPriority : 120
Preempt : YES Delay Time : 20 s
TimerRun : 1 s
TimerConfig : 1 sAuth type : NONE
Virtual MAC : 0000-5e00-0102
Check TTL : YES
Config type : normal-vrrp
Backup-forward : disabled
Create time : 2012-05-11 03:39 UTC+08:00
Last change time : 2012-05-11 03:39 UTC+08:00
Configuration Files
Configuration file of SwitchA
#
sysname SwitchA
#
vlan batch 2 to 4
#
stp instance 1 root primary
stp instance 2 root secondary
stp pathcost-standard legacy
#
stp region-configuration
region-name RG1
instance 1 vlan 2
instance 2 vlan 3
active region-configuration
#
interface Vlanif2
ip address 10.1.2.102 255.255.255.0
vrrp vrid 1 virtual-ip 10.1.2.100
vrrp vrid 1 priority 120
vrrp vrid 1 preempt-mode timer delay 20
#
interface Vlanif3
ip address 10.1.3.102 255.255.255.0
vrrp vrid 2 virtual-ip 10.1.3.100
#
interface Vlanif4
ip address 10.1.4.102 255.255.255.0
#
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 2 to 3
stp root-protection
#
interface GigabitEthernet0/0/2
port link-type trunkport trunk allow-pass vlan 2 to 3
#
interface GigabitEthernet0/0/3
port link-type trunk
port trunk allow-pass vlan 4
#
ospf 1
area 0.0.0.0
network 10.1.2.0 0.0.0.255
network 10.1.3.0 0.0.0.255
network 10.1.4.0 0.0.0.255
#
return
Configuration file of SwitchB
#
sysname SwitchB
#
vlan batch 2 to 3 5
#
stp instance 1 root secondary
stp instance 2 root primary
stp pathcost-standard legacy
#
stp region-configuration
region-name RG1
instance 1 vlan 2
instance 2 vlan 3
active region-configuration
#
interface Vlanif2
ip address 10.1.2.103 255.255.255.0
vrrp vrid 1 virtual-ip 10.1.2.100
#
interface Vlanif3
ip address 10.1.3.103 255.255.255.0
vrrp vrid 2 virtual-ip 10.1.3.100
vrrp vrid 2 priority 120
vrrp vrid 2 preempt-mode timer delay 20
#
interface Vlanif5
ip address 10.1.5.103 255.255.255.0
#
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 2 to 3stp root-protection
#
interface GigabitEthernet0/0/2
port link-type trunk
port trunk allow-pass vlan 2 to 3
#
interface GigabitEthernet0/0/3
port link-type trunk
port trunk allow-pass vlan 5
#
ospf 1
area 0.0.0.0
network 10.1.2.0 0.0.0.255
network 10.1.3.0 0.0.0.255
network 10.1.5.0 0.0.0.255
#
return
Configuration file of SwitchC
#
sysname SwitchC
#
vlan batch 2 to 3
#
stp pathcost-standard legacy
#
stp region-configuration
region-name RG1
instance 1 vlan 2
instance 2 vlan 3
active region-configuration
#
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 2 to 3
stp instance 2 cost 20000
#
interface GigabitEthernet0/0/2
port link-type access
port default vlan 2
stp disable
#
interface GigabitEthernet0/0/3
port link-type access
port default vlan 3
stp disable#
interface GigabitEthernet0/0/4
port link-type trunk
port trunk allow-pass vlan 2 to 3
stp instance 1 cost 20000
#
return
--- End
