|
|
22.1. 配置基本HSRP
提问 "FONT-FAMILY: 宋体">当主用路由器当掉以后备份路由器可以接管主用路由器的IP地址和MAC地址
回答
Router1:
Router1#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router1(config)#interface FastEthernet 0/1
Router1(config-if)#ip address 172.22.1.3 255.255.255.0
Router1(config-if)#standby 1 ip 172.22.1.1
Router1(config-if)#standby 1 priority 120
Router1(config-if)#exit
Router1(config)#end
Router1#
Router2:
Router2#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router2(config)#interface FastEthernet 1/0
Router2(config-if)#ip address 172.22.1.2 255.255.255.0
Router2(config-if)#standby 1 ip 172.22.1.1
Router2(config-if)#standby 1 priority 110
Router2(config-if)#exit
Router2(config)#end
Router2#
注释 由于HSRP虚拟出来的MAC地址跟组相关,所以可能会出现同一交换机收到多个相同的MAC地址的情况,这时候就需要用standby 1 mac-address 0000.0c07.ad01 命令来人工指定一个MAC地址
22.2. 使用HSRP 强占特性
提问 强制某个路由器启动后一直在组中处于主用状态
回答
Router1#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router1(config)#interface FastEthernet 0/1
Router1(config-if)#standby 1 ip 172.22.1.1
Router1(config-if)#standby 1 priority 120
Router1(config-if)#standby 1 preempt
Router1(config-if)#exit
Router1(config)#end
Router1#
Router2#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router2(config)#interface FastEthernet 1/0
Router2(config-if)#standby 1 ip 172.22.1.1
Router2(config-if)#standby 1 priority 110
Router2(config-if)#standby 1 preempt
Router2(config-if)#exit
Router2(config)#end
Router2#
注释 正常情况下当LAN端口up后就会发生强占,而此时可能网络还没有收敛,所以建议配置强占延迟时间,让路由器启动后过一段时间再发起强占standby 1 preempt delay 60
22.3. 配置HSRP对接口问题追踪的支持
提问 当主用路由器的上联端口出现问题后主动切换到备用路由器
回答
Router1#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router1(config)#interface FastEthernet0/1
Router1(config-if)#standby 1 ip 172.22.1.1
Router1(config-if)#standby 1 priority 120
Router1(config-if)#standby 1 preempt
Router1(config-if)#standby 1 track Serial0/0 20
Router1(config-if)#exit
Router1(config)#end
Router1#
从12.2(15)T后引入更多可追踪实例
Router1#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router1(config)#track 11 interface Serial1/1 ip routing
Router1(config-track)#exit
Router1(config)#interface FastEthernet0/0
Router1(config-if)#standby 1 ip 172.22.1.1
Router1(config-if)#standby 1 priority 120
Router1(config-if)#standby 1 preempt
Router1(config-if)#standby 1 track 11 decrement 50
Router1(config-if)#end
Router1#
注释 Router1#show track
Track 11
Interface Serial1/1 ip routing
IP routing is Down (hw admin-down, ip disabled)
1 change, last change 00:12:48
Tracked by:
HSRP FastEthernet0/0 1
22.4. HSRP负载均衡
提问 在两台或者多台HSRP路由器上实现流量的负载均衡
回答
Router1#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router1(config)#interface FastEthernet0/1
Router1(config-if)#ip address 172.22.1.3 255.255.255.0
Router1(config-if)#standby 1 ip 172.22.1.1
Router1(config-if)#standby 1 priority 120
Router1(config-if)#standby 1 preempt
Router1(config-if)#standby 2 ip 172.22.1.2
Router1(config-if)#standby 2 priority 110
Router1(config-if)#standby 2 preempt
Router1(config-if)#exit
Router1(config)#end
Router1#
Router2#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router2(config)#interface FastEthernet1/0
Router2(config-if)#ip address 172.22.1.4 255.255.255.0
Router2(config-if)#standby 1 ip 172.22.1.1
Router2(config-if)#standby 1 priority 110
Router2(config-if)#standby 1 preempt
Router2(config-if)#standby 2 ip 172.22.1.2
Router2(config-if)#standby 2 priority 120
Router2(config-if)#standby 2 preempt
Router2(config-if)#exit
Router2(config)#end
Router2#
注释 由于出现两个网关,所以需要在终端设备上分开配置各自的缺省网关。
22.5. HSRP中ICMP重定向
提问 在HSRP中启用ICMP重定向
回答
Router2#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router2(config)#interface FastEthernet 1/0
Router2(config-if)#no ip redirects
Router2(config-if)#standby redirects disable
Router2(config-if)#exit
Router2(config)#end
Router2#
注释
22.6. 调整HSRP定时器
提问 调整备份路由器接管主用路由器所需时长
回答
Router1#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router1(config)#interface FastEthernet0/1
Router1(config-if)#standby 1 ip 172.22.1.1
Router1(config-if)#standby 1 priority 120
Router1(config-if)#standby 1 preempt
Router1(config-if)#standby 1 timers 1 3
Router1(config-if)#exit
Router1(config)#end
Router1#
注释 缺省Hello包时长为3秒,10秒后会接管,如果主用路由器调整时长,整个组内的路由器都要调整为相同的时长。最短可以到达毫秒Router1(config-if)#standby 1 timers msec 100 msec 300
22.7. 在令牌环网络中使用HSRP
提问 在令牌环网络中配置HSRP
回答
如果只用IP协议配置同前面例子,如果还有其他协议,特别是使用了source-route bridging就用下面的配置方法
Router1#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router1(config)#interface Tokenring0
Router1(config-if)#ip address 172.22.1.3
Router1(config-if)#standby ip 172.22.1.1
Router1(config-if)#standby use-bia
Router1(config-if)#standby priority 120
Router1(config-if)#standby preempt
Router1(config-if)#exit
Router1(config)#end
Router1#
Router2#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router2(config)#interface Tokenring0
Router2(config-if)#ip address 172.22.1.2
Router2(config-if)#standby ip 172.22.1.1
Router2(config-if)#standby use-bia
Router2(config-if)#standby priority 110
Router2(config-if)#standby preempt
Router2(config-if)#exit
Router2(config)#end
Router2#
注释 由于令牌环网络会用到设备的MAC地址信息,所以如果HSRP用到虚拟MAC就会出问题,因此在配置中使用了burned-in address (BIA)来代替MAC来避免出现问题
22.8. 配置HSRP 的SNMP支持
提问 启用HSRP的SNMP Traps
回答
Router1#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router1(config)#snmp-server enable traps hsrp
Router1(config)#snmp-server host 172.25.1.1 ORATRAP
Router1(config)#end
Router1#
注释 无
22.9. 增加HSRP的安全性
提问 提高HSRP的安全
回答
组内设备使用相同的配置
Router1#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router1(config)#interface FastEthernet 0/1
Router1(config-if)#standby 1 ip 172.22.1.1
Router1(config-if)#standby 1 priority 120
Router1(config-if)#standby 1 authentication NEOSHI
Router1(config-if)#exit
Router1(config)#end
Router1#
从12.3(2)T后支持MD5加密密码
Router1#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router1(config)#interface FastEthernet0/1
Router1(config-if)#standby 1 ip 10.1.1.1
Router1(config-if)#standby 1 priority 200
Router1(config-if)#standby 1 authentication md5 key-string OREILLY
Router1(config-if)#end
Router1#
为了防止其他路由器成为主用路由器,设置本路由器高优先级
Router1#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router1(config)#interface FastEthernet 0/1
Router1(config-if)#standby 1 ip 172.22.1.1
Router1(config-if)#standby 1 priority 255
Router1(config-if)#exit
Router1(config)#end
Router1#
注释 无
22.10. 显示HSRP状态信息
提问 显示HSRP状态信息
回答
Router2#show standby
Router2#show standby FastEthernet 1/0
Router2#show standby brief
注释
22.11. HSRP排错
提问 对HSRP进行排错
回答
Router2#debug standby errors
Router2#debug standby events
Router2#debug standby packets
Router2#debug standby terse
注释
22.12. 启用HSRP 版本2
提问 部署HSRPv2
回答
Router1#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router1(config)#interface FastEthernet0/1
Router1(config-if)#standby version 2
Router1(config-if)#standby 4095 ip 10.1.1.1
Router1(config-if)#standby 4095 timers msec 15 msec 50
Router1(config-if)#standby 4095 priority 200
Router1(config-if)#standby 4095 preempt
Router1(config-if)#end
Router1#
Router2#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router2(config)#interface FastEthernet0/0
Router2(config-if)#standby version 2
Router2(config-if)#standby 4095 ip 10.1.1.1
Router2(config-if)#standby 4095 timers msec 15 msec 50
Router2(config-if)#standby 4095 priority 150
Router2(config-if)#standby 4095 preempt
Router2(config-if)#end
Router2#
注释 从12.3(4)T后开始支持HSRPv2,主要是扩展了可用组数,从v1的256个组到现在的4095个组,使用不同的MAC地址和组播地址,因此不能混用
22.13. VRRP
提问 在思科路由器上启用VRRP
回答
Router1#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router1(config)#interface FastEthernet0/1
Router1(config-if)#ip address 10.1.1.2 255.255.255.0
Router1(config-if)#vrrp 1 ip 10.1.1.1
Router1(config-if)#vrrp 1 preempt
Router1(config-if)#vrrp 1 priority 200
Router1(config-if)#end
Router1#
Router2#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router2(config)#interface FastEthernet0/0
Router2(config-if)#ip address 10.1.1.3 255.255.255.0
Router2(config-if)#vrrp 1 ip 10.1.1.1
Router2(config-if)#vrrp 1 preempt
Router2(config-if)#vrrp 1 priority 150
Router2(config-if)#end
Router2#
注释 注意在鉴权的配置上如果思科和非思科设备搭配可能会有问题。在配置定时器上只能配置Hello间隔,可以在主路由器上配置,备份路由器可以通过配置vrrp 1 timers learn 命令来自动学习,可以为配置添加描述,也支持Track
22.14. GLBP
提问 配置GLBP来实现流量的自动负荷分担
回答
Router1#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router1(config)#interface FastEthernet0/0
Router1(config-if)#ip address 172.22.1.3 255.255.255.0
Router1(config-if)#glbp 1 ip 172.22.1.1
Router1(config-if)#exit
Router1(config)#end
Router1#
Router2#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router2(config)#interface FastEthernet0/0
Router2(config-if)#ip address 172.22.1.2 255.255.255.0
Router2(config-if)#glbp 1 ip 172.22.1.1
Router2(config-if)#exit
Router2(config)#end
Router2#
注释 GLBP通过组内设备轮回的相应虚拟MAC地址来实现自动的负荷分担,当然也可以使用其他的分担方式,比如权重等,这样不需要通过配置多HSRP组的方式实现了均衡,并且所有设备使用同一的网关地址 |
|
|
QQ群⑧:
窥视卡
雷达卡
发表于 2016-6-5 11:21:49
提升卡
置顶卡
沉默卡
喧嚣卡
变色卡
千斤顶
显身卡