本系列博客将带你从零开始,使用 华为 eNSP(Enterprise ***work Simulation Platform) 仿真搭建一个完整的校园网络,涵盖 核心层、汇聚层、接入层、防火墙安全策略、无线AC+AP组网 等实战场景。无论你是网络初学者还是希望深化实战经验的工程师,都能通过本教程掌握企业级网络的规划、配置与排错技巧。
内容包括主要:
✅ 基础架构搭建:VLAN划分、三层交换、MSTP负载均衡、VRRP网关冗余。
✅ 安全防护实战:防火墙(USG6000V)部署、安全区域、NAT策略、ACL访问控制。
✅ 无线网络设计:AC控制器+AP组网、SSID配置、Portal认证、射频优化。
✅ 全网互联互通:静态路由/OSPF动态路由、出口路由器配置、多网段通信。
✅ 故障排查技巧:常用诊断命令(ping/tracert/display)、日志分析、STP环路规避。
目录:
手把手教你ensp仿真搭建校园网(含防火墙及无线网络)系列(一)校园网核心交换机配置
手把手教你ensp仿真搭建校园网(含防火墙及无线网络)系列(二)校园网接入层交换机配置
手把手教你ensp仿真搭建校园网(含防火墙及无线网络)系列(三)校园无线网络AC+AP配置
手把手教你ensp仿真搭建校园网(含防火墙及无线网络)系列(四)校园网核心路由器+防火墙配置
手把手教你ensp仿真搭建校园网(含防火墙及无线网络)系列(五)校园网ospf协议配置
手把手教你ensp仿真搭建校园网(含防火墙及无线网络)系列(六)校园网NAT及最终完整拓扑
一、网络详细拓扑图如下:
二、Core-SW1的配置
进入核心交换机Core-SW1中进行配置:命令如下
1、vlan10,vlan20,vlan30走左边交换机即Core-SW1,所以需要在Core-SW1配置较高的优先级vrrp vd XX priority 120。
用vrrp来做双核心交换机和负载均衡
<Huawei>sys
Enter system view, return user view with Ctrl+Z.
[Huawei]sys Core-SW1
[Core-SW1]vlan
Jun 22 2025 10:58:57-08:00 Core-SW1 DS/4/DATASYNC_CFGCHANGE:OID 1.3.6.1.4.1.2011
.5.25.191.3.1 configurations have been changed. The current change number is 4,
the change loop count is 0, and the maximum number of records is 4095.
^
Error:In***plete ***mand found at '^' position.
[Core-SW1]undo inf en
Info: Information center is disabled.
[Core-SW1]vlan bat
[Core-SW1]vlan batch 10 20 30 40 50 60 100 101
Info: This operation may take a few seconds. Please wait for a moment...done.
#Vlanif(VLAN Interface) 是华为/华三交换机中的三层虚拟接口
[Core-SW1]int Vlanif 10
[Core-SW1-Vlanif10]ip add 192.168.10.254 24
#VRRP(Virtual Router Redundancy Protocol,虚拟路由器冗余协议)
#vrid 10:指定 VRRP 组 ID(范围 1-255),同一组内的路由器共同组成一个虚拟网关。
#virtual-ip 192.168.10.252:设置该 VRRP 组的 虚拟 IP 地址(即客户端使用的网关地址)。
[Core-SW1-Vlanif10]vrrp vrid 10 virtual-ip 192.168.10.252
#设置较高的优先级,让其走SW1交换机
[Core-SW1-Vlanif10]vrrp vrid 10 priority 120
#检测两边的接口情况
[Core-SW1-Vlanif10]vrrp vrid 10 track interface g0/0/1
[Core-SW1-Vlanif10]vrrp vrid 10 track interface g0/0/2
[Core-SW1-Vlanif10]q
#虚拟接口20和10的配置一致
[Core-SW1]int Vlanif 20
[Core-SW1-Vlanif20]ip add 192.168.20.254 24
[Core-SW1-Vlanif20]vrr
[Core-SW1-Vlanif20]vrrp vri
[Core-SW1-Vlanif20]vrrp vrid 20 vi
[Core-SW1-Vlanif20]vrrp vrid 20 virtual-ip 192.168.20.252
[Core-SW1-Vlanif20]vrrp vri
[Core-SW1-Vlanif20]vrrp vrid 20 pri
[Core-SW1-Vlanif20]vrrp vrid 20 priority 120
[Core-SW1-Vlanif20]vrrip v
[Core-SW1-Vlanif20]vrrp vr
[Core-SW1-Vlanif20]vrrp vrid 20 tr
[Core-SW1-Vlanif20]vrrp vrid 20 track in
[Core-SW1-Vlanif20]vrrp vrid 20 track interface g0/0/1
[Core-SW1-Vlanif20]vrrp vrid 20 track interface g0/0/2
[Core-SW1-Vlanif20]int Vla
[Core-SW1-Vlanif20]int Vlan
[Core-SW1-Vlanif20]q
#虚拟接口30和10的配置一致
[Core-SW1]int Vlanif 30
[Core-SW1-Vlanif30]ip add 192.168.30.254 24
[Core-SW1-Vlanif30]vrr
[Core-SW1-Vlanif30]vrrp vri
[Core-SW1-Vlanif30]vrrp vrid 30 vi
[Core-SW1-Vlanif30]vrrp vrid 30 virtual-ip 192.168.30.252
[Core-SW1-Vlanif30]vrrp vr
[Core-SW1-Vlanif30]vrrp vrid 30 pri
[Core-SW1-Vlanif30]vrrp vrid 30 priority 120
[Core-SW1-Vlanif30]vrrp vr
[Core-SW1-Vlanif30]vrrp vrid 30 tr
[Core-SW1-Vlanif30]vrrp vrid 30 track in
[Core-SW1-Vlanif30]vrrp vrid 30 track interface g0/0/1
[Core-SW1-Vlanif30]vrrp vrid 30 track interface g0/0/2
[Core-SW1-Vlanif30]q
2、vlan40,vlan50,vlan60走右边交换机即Core-SW2,所以需要在Core-SW1不需要配置较高的优先级,没有vrrp vrid XX priority 120这类代码。
进入核心交换机Core-SW1中进行配置:命令如下
[Core-SW1]int Vla
[Core-SW1]int Vlanif 40
[Core-SW1-Vlanif40]ip add 192.168.40.254 24
[Core-SW1-Vlanif40]vrrp vr
[Core-SW1-Vlanif40]vrrp vrid 40 vi
[Core-SW1-Vlanif40]vrrp vrid 40 virtual-ip 192.168.40.252
[Core-SW1-Vlanif40]vrrp vr
[Core-SW1-Vlanif40]vrrp vrid 40 tr
[Core-SW1-Vlanif40]vrrp vrid 40 track in
[Core-SW1-Vlanif40]vrrp vrid 40 track interface g0/0/1
[Core-SW1-Vlanif40]vrrp vrid 40 track interface g0/0/2
[Core-SW1-Vlanif40]q
[Core-SW1]int va
[Core-SW1]int Vl
[Core-SW1]int Vlanif 50
[Core-SW1-Vlanif50]ip ad
[Core-SW1-Vlanif50]ip address 192.168.50.254 24
[Core-SW1-Vlanif50]vrrp vri
[Core-SW1-Vlanif50]vrrp vrid 50 vi
[Core-SW1-Vlanif50]vrrp vrid 50 virtual-ip 192.168.50.252
[Core-SW1-Vlanif50]vrrp
[Core-SW1-Vlanif50]vrrp v
[Core-SW1-Vlanif50]vrrp vrid 50 tr
[Core-SW1-Vlanif50]vrrp vrid 50 track in
[Core-SW1-Vlanif50]vrrp vrid 50 track interface g0/0/1
[Core-SW1-Vlanif50]vrrp vrid 50 track interface g0/0/2
[Core-SW1-Vlanif50]q
[Core-SW1]int Vla
^
Error:In***plete ***mand found at '^' position.
[Core-SW1]int Vla
[Core-SW1]int Vlanif 60
[Core-SW1-Vlanif60]ip add 192.168.60.254 24
[Core-SW1-Vlanif60]vrrp v
[Core-SW1-Vlanif60]vrrp vrid 60 vi
[Core-SW1-Vlanif60]vrrp vrid 60 virtual-ip 192.168.60.252
[Core-SW1-Vlanif60]vrr
[Core-SW1-Vlanif60]vrrp vr
[Core-SW1-Vlanif60]vrrp vrid 60 tr
[Core-SW1-Vlanif60]vrrp vrid 60 track in
[Core-SW1-Vlanif60]vrrp vrid 60 track interface g0/0/1
[Core-SW1-Vlanif60]vrrp vrid 60 track interface g0/0/2
[Core-SW1-Vlanif60]3、在Core-SW1中配置vlan 100
[Core-SW1]int Vlan
[Core-SW1]int Vlanif 100
[Core-SW1-Vlanif100]ip add 192.168.100.254 24
#开启端口
[Core-SW1-Vlanif100]undo shutdown
Info: Interface Vlanif100 is not shutdown.
[Core-SW1-Vlanif100]q
4、在Core-SW1中配置vlan 5 和vlan 7
[Core-SW1]vlan ba 5 7
Info: This operation may take a few seconds. Please wait for a moment...done.
[Core-SW1]int Vla
[Core-SW1]int Vlanif 5
[Core-SW1-Vlanif5]ip add 192.168.5.2 24
[Core-SW1-Vlanif5]int Vlanif 7
[Core-SW1-Vlanif7]ip add 192.168.7.2 24
[Core-SW1-Vlanif7]q
[Core-SW1]int g0/0/1
#设置为a***ess模式
[Core-SW1-GigabitEther***0/0/1]port link-type a***ess
#端口g0/0/1和vlan5进行绑定
[Core-SW1-GigabitEther***0/0/1]port default vlan 5
[Core-SW1-GigabitEther***0/0/1]int g0/0/2
#设置为a***ess模式
[Core-SW1-GigabitEther***0/0/2]port link-type a***ess
#端口g0/0/2和vlan7进行绑定
[Core-SW1-GigabitEther***0/0/2]port default vlan 7
[Core-SW1-GigabitEther***0/0/2]q
5、链路聚合
[Core-SW1]int e
[Core-SW1]int Eth-Trunk ?
<0-63> Eth-Trunk interface number
#创建链路聚合,后面接数字编号
[Core-SW1]int Eth-Trunk 1
#模式为trunk
[Core-SW1-Eth-Trunk1]port link-type trunk
#允许所有
[Core-SW1-Eth-Trunk1]port trunk allow-pass vlan all
#将 GigabitEther*** 0/0/3和GigabitEther*** 0/0/4添加进链路聚合
[Core-SW1-Eth-Trunk1]trunkport GigabitEther*** 0/0/3
Info: This operation may take a few seconds. Please wait for a moment...done.
[Core-SW1-Eth-Trunk1]trunkport GigabitEther*** 0/0/4
Info: This operation may take a few seconds. Please wait for a moment...done.
[Core-SW1-Eth-Trunk1]dis this
#
interface Eth-Trunk1
port link-type trunk
port trunk allow-pass vlan 2 to 4094
#
return
[Core-SW1-Eth-Trunk1]q
[Core-SW1]dis eth
[Core-SW1]dis eth-trunk 1
Eth-Trunk1's state information is:
WorkingMode: NORMAL Hash arithmetic: A***ording to SIP-XOR-DIP
Least Active-linknumber: 1 Max Bandwidth-affected-linknumber: 8
Operate status: up Number Of Up Port In Trunk: 2
--------------------------------------------------------------------------------
PortName Status Weight
GigabitEther***0/0/3 Up 1
GigabitEther***0/0/4 Up 1 6、批量设置Core-SW1下的所有接入端口为trunk,并允许所有vlan可通行
配置命令如下
[Core-SW1]port-group 1
[Core-SW1-port-group-1]grop-n
[Core-SW1-port-group-1]grop-num
[Core-SW1-port-group-1]gro
[Core-SW1-port-group-1]group-member g
[Core-SW1-port-group-1]group-member GigabitEther*** 0/0/6 to g
[Core-SW1-port-group-1]group-member GigabitEther*** 0/0/6 to GigabitEther*** 0/0
/13
[Core-SW1-port-group-1]por
[Core-SW1-port-group-1]port lin
[Core-SW1-port-group-1]port link-t
[Core-SW1-port-group-1]port link-type tr
[Core-SW1-port-group-1]port link-type trunk
[Core-SW1-GigabitEther***0/0/6]port link-type trunk
[Core-SW1-GigabitEther***0/0/7]port link-type trunk
[Core-SW1-GigabitEther***0/0/8]port link-type trunk
[Core-SW1-GigabitEther***0/0/9]port link-type trunk
[Core-SW1-GigabitEther***0/0/10]port link-type trunk
[Core-SW1-GigabitEther***0/0/11]port link-type trunk
[Core-SW1-GigabitEther***0/0/12]port link-type trunk
[Core-SW1-GigabitEther***0/0/13]port link-type trunk
[Core-SW1-port-group-1]port t
[Core-SW1-port-group-1]port trunk all
[Core-SW1-port-group-1]port trunk allow-pass v
[Core-SW1-port-group-1]port trunk allow-pass vlan al
[Core-SW1-port-group-1]port trunk allow-pass vlan all
[Core-SW1-GigabitEther***0/0/6]port trunk allow-pass vlan all
[Core-SW1-GigabitEther***0/0/7]port trunk allow-pass vlan all
[Core-SW1-GigabitEther***0/0/8]port trunk allow-pass vlan all
[Core-SW1-GigabitEther***0/0/9]port trunk allow-pass vlan all
[Core-SW1-GigabitEther***0/0/10]port trunk allow-pass vlan all
[Core-SW1-GigabitEther***0/0/11]port trunk allow-pass vlan all
[Core-SW1-GigabitEther***0/0/12]port trunk allow-pass vlan all
[Core-SW1-GigabitEther***0/0/13]port trunk allow-pass vlan all
[Core-SW1-port-group-1]q
7、将上述配置进行保存
命令如下,保存名称为saveone.cfg
[Core-SW1]save
^
Error: Unrecognized ***mand found at '^' position.
[Core-SW1]q
#不能在配置界面保存,需要退出才能用save命令
<Core-SW1>save
The current configuration will be written to the device.
Are you sure to continue?[Y/N]y
Info: Please input the file name ( *.cfg, *.zip ) [vrpcfg.zip]:saveone.cfg
Now saving the current configuration to the slot 0.
Save the configuration su***essfully.
<Core-SW1>补充说明:按照下图将配置导出到自己本地
8、ap接口即Core-SW1-GigabitEther***0/0/13需要进行单独配置
配置命令如下
[Core-SW1]int g0/0/13
[Core-SW1-GigabitEther***0/0/13]port link-type trunk
#与其他端口不通的是,需要将所有进入该端口的vlan打上101标签
[Core-SW1-GigabitEther***0/0/13]port trunk pvid vlan 101
[Core-SW1-GigabitEther***0/0/13]port trunk allow-pass vlan all
此时该接口的状态
[Core-SW1]dis int g0/0/13
GigabitEther***0/0/13 current state : UP
Line protocol current state : UP
Description:
Switch Port, PVID : 101, TPID : 8100(Hex), The Maximum Frame Length is 9216
IP Sending Frames' Format is PKTFMT_ETHNT_2, Hardware address is 4c1f-***9a-7f95
Last physical up time : 2025-06-22 10:54:39 UTC-08:00
Last physical down time : 2025-06-22 10:52:22 UTC-08:00
Current system time: 2025-06-22 14:24:35-08:00
Hardware address is 4c1f-***9a-7f95
Last 300 seconds input rate 0 bytes/sec, 0 packets/sec
Last 300 seconds output rate 0 bytes/sec, 0 packets/sec
Input: 419272 bytes, 1323 packets
Output: 3230964 bytes, 44299 packets
Input:
Unicast: 0 packets, Multicast: 534 packets
Broadcast: 789 packets
Output:
Unicast: 0 packets, Multicast: 43944 packets
Broadcast: 355 packets
Input bandwidth utilization : 0%
Output bandwidth utilization : 0%
9、生成树配置
#将不同的 VLAN 映射到不同的 MSTP 实例(类似多个独立的生成树)。
#instance 1 管理 VLAN 10、20、30、100 的生成树。
#instance 2 管理 VLAN 40、50、60 的生成树。
#默认所有 VLAN 共用一棵生成树(可能导致次优路径),而 MSTP 允许不同 VLAN 走不同路径,实现负载均衡。
#开启生成树
[Core-SW1]stp enable
#配置生成树
[Core-SW1]stp region-configuration
#取名字
[Core-SW1-mst-region]region-name huawei
#设置等级
[Core-SW1-mst-region]revision-level 5
[Core-SW1-mst-region]?
mst-region view ***mands:
active Active region configuration
check Check the MST region configuration before activating the
configuration
configuration Configuration interlock
display Display current system information
instance Spanning tree instance
mtrace Trace route to multicast source
ping Send echo messages
quit Exit from current ***mand view
region-name Specify region name
reset Reset operation
return Exit to user view
revision-level Specify revision level
screen-width Set screen width
set Set
stack Stack
test-aaa A***ounts test
trace Trace route (switch) to host on Data Link Layer
tracert Trace route to host
undo Cancel current configuration
vlan-mapping Vlan mapping
#将vlan 10 20 30 100设为实例1
[Core-SW1-mst-region]instance 1 vlan 10 20 30 100
将vlan 40 50 60设为实例2
[Core-SW1-mst-region]instance 2 vlan 40 50 60
#激活设置
[Core-SW1-mst-region]active region-configuration
Info: This operation may take a few seconds. Please wait for a moment...done.
[Core-SW1-mst-region]q
[Core-SW1]stp ins
#将实例1设为主根桥
[Core-SW1]stp instance 1 root primary
#将实例2设为备用根桥
[Core-SW1]stp instance 2 root secondary
#VLAN 10/20/30/100 的流量优先通过 Instance 1 的根桥(Core-SW1)。
#VLAN 40/50/60 的流量默认通过其他根桥(如果存在),当主根故障时由 Core-SW1 接管。
三、Core-SW2的配置
进入核心交换机Core-SW2中进行配置:命令如下
1、vlan10,vlan20,vlan30走左边交换机即Core-SW1,所以在Core-SW2中直接默认优先级即可。
关于优先级的配置正好和前面SW1相反,且vlanif的ip地址不能和前面一样,不然会冲突。vrrp协议虚拟网关是相同的
<Huawei>
<Huawei>sys
Enter system view, return user view with Ctrl+Z.
[Huawei]sys Core-SW2
[Core-SW2]
Jun 22 2025 13:18:11-08:00 Core-SW2 DS/4/DATASYNC_CFGCHANGE:OID 1.3.6.1.4.1.2011
.5.25.191.3.1 configurations have been changed. The current change number is 4,
the change loop count is 0, and the maximum number of records is 4095.
[Core-SW2]undo inf en
Info: Information center is disabled.
[Core-SW2]vlan batch 10 20 30 40 50 60 100 101 6 8
Info: This operation may take a few seconds. Please wait for a moment...done.
[Core-SW2]int Vl
[Core-SW2]int Vlanif 10
[Core-SW2-Vlanif10]ip add 192.168.10.253 24
[Core-SW2-Vlanif10]vrrp vrid 10 virtual-ip 192.168.10.252
[Core-SW2-Vlanif10]vrrp vrid 10 track interface g0/0/1
[Core-SW2-Vlanif10]vrrp vrid 10 track interface g0/0/2
[Core-SW2-Vlanif10]int Vlanif 20
[Core-SW2-Vlanif20]ip add 192.168.20.253 24
[Core-SW2-Vlanif20]vrrp vrid 20 virtual-ip 192.168.20.252
[Core-SW2-Vlanif20]vrrp vrid 20 track interface g0/0/1
[Core-SW2-Vlanif20]vrrp vrid 20 track interface g0/0/2
[Core-SW2-Vlanif20]int Vlanif 30
[Core-SW2-Vlanif30]ip add 192.168.30.253 24
[Core-SW2-Vlanif30]vrrp vrid 30 virtual-ip 192.168.30.252
[Core-SW2-Vlanif30]vrrp vrid 30 track interface g0/0/1
[Core-SW2-Vlanif30]vrrp vrid 30 track interface g0/0/2
2、vlan40,vlan50,vlan60走右边交换机即Core-SW2,所以需要在Core-SW2里面配置较高的优先级
[Core-SW2-Vlanif30]int Vlanif 40
[Core-SW2-Vlanif40]ip add 192.168.40.253 24
[Core-SW2-Vlanif40]vrrp vrid 40 virtual-ip 192.168.40.252
[Core-SW2-Vlanif40]vrrp vrid 40 pr
[Core-SW2-Vlanif40]vrrp vrid 40 priority 120
[Core-SW2-Vlanif40]vrrp vrid 40 track interface g0/0/1
[Core-SW2-Vlanif40]vrrp vrid 40 track interface g0/0/2
[Core-SW2-Vlanif40]int Vlanif 50
[Core-SW2-Vlanif50]ip add 192.168.50.253 24
[Core-SW2-Vlanif50]vrrp vrid 50 virtual-ip 192.168.50.252
[Core-SW2-Vlanif50]vrrp vrid 50 priority 120
[Core-SW2-Vlanif50]vrrp vrid 50 track interface g0/0/1
[Core-SW2-Vlanif50]vrrp vrid 50 track interface g0/0/2
[Core-SW2-Vlanif50]int Vlanif 60
[Core-SW2-Vlanif60]ip add 192.168.60.253 24
[Core-SW2-Vlanif60]vrrp vrid 60 virtual-ip 192.168.60.252
[Core-SW2-Vlanif60]vrrp vrid 60 priority 120
[Core-SW2-Vlanif60]vrrp vrid 60 track interface g0/0/1
[Core-SW2-Vlanif60]vrrp vrid 60 track interface g0/0/23、在Core-SW2中配置vlan 6 和vlan 8
补充说明
-
路由器的物理接口默认不支持VLAN Tag
-
普通物理接口(如GigabitEther***)默认是三层接口,直接收发不带Tag的IP报文。
-
若收到带VLAN Tag的Trunk报文,会丢弃(除非配置子接口)。
-
-
A***ess端口与Trunk端口的区别
-
A***ess端口:发送给路由器的报文已剥离VLAN Tag(交换机自动处理)。
-
Trunk端口:保留VLAN Tag,需路由器支持子接口或VLAN终结功能。
-
Core-SW2-Vlanif60]int Vlanif 6
[Core-SW2-Vlanif6]ip add 192.168.6.2 24
[Core-SW2-Vlanif6]int Vlanif 8
[Core-SW2-Vlanif8]ip add 192.168.8.2 24
[Core-SW2-Vlanif8]q
[Core-SW2]int GigabitEther*** 0/0/1
[Core-SW2-GigabitEther***0/0/1]port link-type a***ess
[Core-SW2-GigabitEther***0/0/1]port de
[Core-SW2-GigabitEther***0/0/1]port default vla
[Core-SW2-GigabitEther***0/0/1]port default vlan 8
[Core-SW2-GigabitEther***0/0/1]int GigabitEther*** 0/0/2
[Core-SW2-GigabitEther***0/0/2]port link-type a***ess
[Core-SW2-GigabitEther***0/0/2]port default vlan 6
[Core-SW2-GigabitEther***0/0/2]q
4、链路聚合
[Core-SW2]int e
[Core-SW2]int Eth-Trunk ?
<0-63> Eth-Trunk interface number
[Core-SW2]int Eth-Trunk 1
[Core-SW2-Eth-Trunk1]port li
[Core-SW2-Eth-Trunk1]port link-type t
[Core-SW2-Eth-Trunk1]port link-type trunk
[Core-SW2-Eth-Trunk1]por
[Core-SW2-Eth-Trunk1]port tr
[Core-SW2-Eth-Trunk1]port trunk al
[Core-SW2-Eth-Trunk1]port trunk allow-pass vl
[Core-SW2-Eth-Trunk1]port trunk allow-pass vlan al
[Core-SW2-Eth-Trunk1]port trunk allow-pass vlan all
[Core-SW2-Eth-Trunk1]trunkpo
[Core-SW2-Eth-Trunk1]trunkport g
[Core-SW2-Eth-Trunk1]trunkport GigabitEther*** 0/0/3
Info: This operation may take a few seconds. Please wait for a moment...done.
[Core-SW2-Eth-Trunk1]trunkport GigabitEther*** 0/0/4
Info: This operation may take a few seconds. Please wait for a moment...done.
5、批量设置Core-SW2下的所有接入端口为trunk,并允许所有vlan可通行
和SW1相比少了AC和AP的接口,只有与主机之间的接口,配置命令如下
[Core-SW2]port-group ?
STRING<1-32> Port-group name
group-member Add port to current port-group
[Core-SW2]port-group 1
[Core-SW2-port-group-1]dis this
#
port-group 1
#
return
[Core-SW2-port-group-1]group-member GigabitEther*** 0/0/6 to GigabitEther*** 0/0
/11
[Core-SW2-port-group-1]dis this
#
port-group 1
group-member GigabitEther***0/0/6
group-member GigabitEther***0/0/7
group-member GigabitEther***0/0/8
group-member GigabitEther***0/0/9
group-member GigabitEther***0/0/10
group-member GigabitEther***0/0/11
#
return
#批量设置所有接口为trunk
[Core-SW2-port-group-1]port link-type trunk
[Core-SW2-GigabitEther***0/0/6]port link-type trunk
[Core-SW2-GigabitEther***0/0/7]port link-type trunk
[Core-SW2-GigabitEther***0/0/8]port link-type trunk
[Core-SW2-GigabitEther***0/0/9]port link-type trunk
[Core-SW2-GigabitEther***0/0/10]port link-type trunk
[Core-SW2-GigabitEther***0/0/11]port link-type trunk
#批量设置所有网络可通行
[Core-SW2-port-group-1]port trunk allow-pass vlan all
[Core-SW2-GigabitEther***0/0/6]port trunk allow-pass vlan all
[Core-SW2-GigabitEther***0/0/7]port trunk allow-pass vlan all
[Core-SW2-GigabitEther***0/0/8]port trunk allow-pass vlan all
[Core-SW2-GigabitEther***0/0/9]port trunk allow-pass vlan all
[Core-SW2-GigabitEther***0/0/10]port trunk allow-pass vlan all
[Core-SW2-GigabitEther***0/0/11]port trunk allow-pass vlan all6、生成树配置
#将不同的 VLAN 映射到不同的 MSTP 实例(类似多个独立的生成树)。
#instance 1 管理 VLAN 10、20、30、100 的生成树。
#instance 2 管理 VLAN 40、50、60 的生成树。
#默认所有 VLAN 共用一棵生成树(可能导致次优路径),而 MSTP 允许不同 VLAN 走不同路径,实现负载均衡。
#开启生成树
[Core-SW2]stp enable
[Core-SW2]stp
[Core-SW2]stp re
[Core-SW2]stp region-configuration
[Core-SW2-mst-region]re
[Core-SW2-mst-region]region-name huawei
[Core-SW2-mst-region]?
mst-region view ***mands:
active Active region configuration
check Check the MST region configuration before activating the
configuration
configuration Configuration interlock
display Display current system information
instance Spanning tree instance
mtrace Trace route to multicast source
ping Send echo messages
quit Exit from current ***mand view
region-name Specify region name
reset Reset operation
return Exit to user view
revision-level Specify revision level
screen-width Set screen width
set Set
stack Stack
test-aaa A***ounts test
trace Trace route (switch) to host on Data Link Layer
tracert Trace route to host
undo Cancel current configuration
vlan-mapping Vlan mapping
[Core-SW2-mst-region]revision-level 5
[Core-SW2-mst-region]instan
[Core-SW2-mst-region]instance 1 v
[Core-SW2-mst-region]instance 1 vlan 10 20 30 100
[Core-SW2-mst-region]instance 2 vlan 40 50 60
[Core-SW2-mst-region]act
[Core-SW2-mst-region]active re
[Core-SW2-mst-region]active region-configuration
Info: This operation may take a few seconds. Please wait for a moment...done.
[Core-SW2-mst-region]stp in
[Core-SW2-mst-region]stp ins
[Core-SW2-mst-region]dis this
#
stp region-configuration
region-name huawei
revision-level 5
instance 1 vlan 10 20 30 100
instance 2 vlan 40 50 60
active region-configuration
#
return
[Core-SW2-mst-region]q
#将instance 1 设置为备用根桥
[Core-SW2]stp instance 1 root secondary
#将instance 2 设置为主根桥
[Core-SW2]stp instance 2 root primary
# VLAN 40/50/60 的流量优先通过 Instance 2 的根桥(Core-SW2)。
# VLAN 10/20/30/100的流量默认通过其他根桥(如果存在),当主根故障时由 Core-SW2 接管。
