CCIE试验备考之冗余备份（HSRP)

network · 发表于 2008-10-27 15:34:39

cisco.jpg (173.09 KB)
2007-6-9 19:59

以下内容需要回复才能看到

R1配置:
给端口（F0/0和F1/0）设置IP地址:
R1#conf t
R1(config)#int f0/0
R1(config-if)#ip address 172.16.1.254 255.255.255.0
R1(config-if)#no shutdown
R1(config-if)#speed 100
R1(config-if)#duplex full
R1(config-if)#exit
R1(config-if)#exit
R1(config)#int f1/0
R1(config-if)#ip address 192.168.1.254 255.255.255.0
R1(config-if)#no shutdown
R1(config-if)#speed 100
R1(config-if)#duplex full
R1(config-if)#end
配置HSRP，优先级，占先权
R1#conf t
R1(config)#int f0/0
R1(config-if)#standby 17 ip 172.16.1.200 //给端口加入热备份组17，指定虚拟IP地址为172.16.1.200//
R1(config-if)#standby 17 priority 200 //设置HSRP优先级为200//
R1(config-if)#standby 17 preempt       //设置HSRP占先权//
R1(config-if)#end
R2配置：
给端口（F0/0和F1/0）设置IP地址:
R2#conf t
R2(config)#int f0/0
R2(config-if)#ip address 172.16.1.253 255.255.255.0
R2(config-if)#no shutdown
R2(config-if)#speed 100
R2(config-if)#duplex full
R2(config-if)#exit
R2(config)#int f1/0
R2(config-if)#ip address 192.168.1.253 255.255.255.0
R2(config-if)#no shutdown
R2(config-if)#speed 100
R2(config-if)#duplex full
R2(config-if)#end
R2#conf t
R2(config)#int f0/0
R2(config-if)#standby 17 ip 172.16.1.200 //给端口加入热备份组17，指定虚拟IP为172.16.1.200//
R2(config-if)#standby 17 priority 150 //设置HSRP优先级为200//
R2(config-if)#end
在R1上查看HSRP
R1#show standby brief
                  P indicates configured to preempt.
                  |
Interface Grp Prio P State Active       Standby       Virtual IP
Fa0/0    17  200  P Active local          172.16.1.253 172.16.1.200
可以看到在热备份组17中，R1路由器的端口优先级为200，当前活跃的路由器是R1自己，备份的路由器是R2（172.16.1.253），虚拟IP地址为172.16.1.200
R1#show standby
FastEthernet0/0 - Group 17
  State is Active
2 state changes, last state change 00:09:28
  Virtual IP address is 172.16.1.200
  Active virtual MAC address is 0000.0c07.ac11
Local virtual MAC address is 0000.0c07.ac11 (v1 default)
  Hello time 3 sec, hold time 10 sec
Next hello sent in 1.704 secs
  Preemption enabled
  Active router is local
  Standby router is 172.16.1.253, priority 150 (expires in 8.236 sec)
  Priority 200 (configured 200)
  IP redundancy name is "hsrp-Fa0/0-17" (default)
可以看到除了show standby brief能看到的信息外，还有虚拟路由器的MAC地址为0000.0c07.ac11，Hello时间(HelloTime)为3秒，保持时间(HoldTime)为10秒,并且R1路由器配置了占先权。
接下来我们在路由器另一个接口配置另一个热备份组，使2台路由器实现负载均衡
R1配置：
R1#conf t
R1(config)#int f1/0
R1(config-if)#standby 27 ip 192.168.1.200
R1(config-if)#standby 27 priority 150
R1(config-if)#end
R2配置：
R2#conf t
R2(config)#int f1/0
R2(config-if)#standby 27 ip 192.168.1.200 //给端口加入热备份组27，指定虚拟IP地址为192.168.1.200//
R2(config-if)#standby 27 priority 200    //设置HSRP优先级为200//
R2(config-if)#standby 27 preempt       //设置HSRP占先权//
R2(config-if)#end
在R2上查看HSRP
2#show standby brief
                  P indicates configured to preempt.
                  |
Interface Grp Prio P State Active       Standby       Virtual IP
Fa0/0    17  150 Standby  172.16.1.254 local          172.16.1.200
Fa1/0    27  200  P Active local          192.168.1.254 192.168.1.200
可以看到在热备份组27中，R2路由器的端口优先级为200，当前活跃的路由器是R2自己，备份的路由器是R1（192.168.1.254），虚拟IP地址为192.168.1.200
R2#show standby f1/0
FastEthernet1/0 - Group 27
  State is Active
1 state change, last state change 00:04:03
  Virtual IP address is 192.168.1.200
  Active virtual MAC address is 0000.0c07.ac1b
Local virtual MAC address is 0000.0c07.ac1b (v1 default)
  Hello time 3 sec, hold time 10 sec
Next hello sent in 2.232 secs
  Preemption enabled
  Active router is local
  Standby router is 192.168.1.254, priority 150 (expires in 7.504 sec)
  Priority 200 (configured 200)
  IP redundancy name is "hsrp-Fa1/0-27" (default)
可以看到除了show standby brief能看到的信息外，在热备份组27中，还有虚拟路由器的MAC地址为0000.0c07.ac1b，Hello时间(HelloTime)为3秒，保持时间(HoldTime)为10秒,并且R2路由器在热备份组27中配置了占先权。
客户机的配置：
PC1：
IP：172.16.1.1/24
GW:172.168.1.200
PC2:
IP:192.168.1.1/24
GW:192.168.1.200
测试：
PC1#ping 192.168.1.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.1.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 68/246/396 ms
总结：
这里我们做了2个热备份组，在R1的F0/0和R2的F0/0中我们做了热备份组17，并且在热备份组17中，活跃的路由器是R1，因为我们配置了R1在热备份组17中的优先级为200，这样在PC1与PC2通信时，真正转发数据的是R1路由器。
我们又在R1的F1/0和R2的F1/0中我们做了热备份组27，并且在热备份组27中，活跃的路由器是R2，因为我们配置了R2在热备份组27中的优先级为200，这样PC2与PC1进行通信时，真正转发数据的是R2路由器。
这样，我们在热备份组17中活跃的路由器是R1，而在热备份组27中活跃的路由器是R2，所以我们也实现了路由器R1和R2的负载均衡。

network · 发表于 2008-10-27 18:45:39

HSRP简单实例

标签：	杂谈

做一个HSRP的简单实例,由5台3660交换机组成,由于3660是路由器,所以需要使用NM-16ESW卡板来实现交换机的功能，网络拓扑图如下：

SW1与SW2为核心层交换机，做HSRP双网关热备份，SW3为汇聚层交换机，SW4,SW5为介入层交换机，同时也用来模拟客户端。
模拟软件依然采用Dynamips Server，版本为0。27，如果版本过低，可能不支持NM-16ESW卡板,实验脚本自己编写，很简单，不再多说。
基本原理，设置两个VLAN,分别为VLAN10,VLAN20，在SW1上，为VLAN10的活动网关，SW2为备份网关，在SW2上，VLAN20为活动网关，SW1为备份网关，SW4属于VLAN10,SW5属于VLAN20，并且SW4和SW5可以进行路由访问。
好，开始逐步演示试验过程：
首先配置SW1交换机：
1、初始化配置SW1
Router>en
Router#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
Router(config)#no ip domain-lookup
Router(config)#host sw1
sw1(config)#  //命名为SW1交换机，关掉域名解析等
  2、配置VTP，创建VLAN,配置TRUNK
sw1#vlan da
sw1(vlan)#vtp domain fhw
Domain name already set to fhw .
sw1(vlan)#vtp server
Device mode already VTP SERVER.
sw1(vlan)#vlan 10
VLAN 10 modified:
sw1(vlan)#vlan 20
VLAN 20 modified:
sw1(vlan)#exit
APPLY completed.
Exiting....
sw1#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
sw1(config)#int fa 1/2
sw1(config-if)#swi
sw1(config-if)#switchport tr
sw1(config-if)#switchport trunk e
sw1(config-if)#switchport trunk encapsulation d
sw1(config-if)#switchport trunk encapsulation dot1q
sw1(config-if)#switchport m
sw1(config-if)#switchport mode t
sw1(config-if)#switchport mode trunk
sw1(config-if)#no shut
sw1(config-if)#
sw1(config)#int fa 1/4
sw1(config-if)#swit
sw1(config-if)#switchport t
sw1(config-if)#switchport trunk e
sw1(config-if)#switchport trunk encapsulation d
sw1(config-if)#switchport trunk encapsulation dot1q
sw1(config-if)#swit
sw1(config-if)#switchport m
sw1(config-if)#switchport mode t
sw1(config-if)#switchport mode trunk
sw1(config-if)#no shut
sw1(config-if)#  //将FA 1/2  FA 1/4端口开启trunk 模式
3、配置vlan 10，设置vlan 10的HSRP
sw1(config)#int vlan 10
sw1(config-if)#ip add 10.1.1.2 255.255.255.0
sw1(config-if)#stan
sw1(config-if)#standby 1 ip 10.1.1.1  //虚拟网关IP为10.1.1.1
sw1(config-if)#
配SW2交换机基本信息
sw2#vlan da
sw2(vlan)#vtp domain fhw
Domain name already set to fhw .
sw2(vlan)#vtp server
Setting device to VTP SERVER mode.
sw2(vlan)#vlan 10
VLAN 10 modified:
sw2(vlan)#vlan 20
VLAN 20 modified:
sw2(vlan)#exit
APPLY completed.
Exiting....
sw2#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
sw2(config)#int vlan 20
sw2(config-if)#exit
sw2(config)#int vlan 10
sw2(config-if)#ip add 10.1.1.3 255.255.255.0
sw2(config-if)#standby 1 ip 10.1.1.1
sw2(config-if)#
此时查看SW2交换机的standby
sw2#show standby
Vlan10 - Group 1
  State is Init (interface down)
  Virtual IP address is 10.1.1.1
  Active virtual MAC address is unknown
Local virtual MAC address is 0000.0c07.ac01 (default)
  Hello time 3 sec, hold time 10 sec
  Preemption disabled
  Active router is unknown
  Standby router is unknown
  Priority 100 (default 100)
  IP redundancy name is "hsrp-Vl10-1" (default)
状态为Init 初始化
Mar  1 00:42:22.107: %HSRP-5-STATECHANGE: Vlan10 Grp 1 state Standby -> Active
状态已经变为Active 激活模式
在查看SW2的standby
Vlan10 - Group 1
  State is Active
2 state changes, last state change 00:00:43
  Virtual IP address is 10.1.1.1
  Active virtual MAC address is 0000.0c07.ac01
Local virtual MAC address is 0000.0c07.ac01 (default)
  Hello time 3 sec, hold time 10 sec
Next hello sent in 1.684 secs
  Preemption disabled
  Active router is local
  Standby router is 10.1.1.2, priority 100 (expires in 9.556 sec)
  Priority 100 (default 100)
  IP redundancy name is "hsrp-Vl10-1" (default)
已经可以看到虚拟网关为10.1.1.1  虚拟MAC为0000.0c07.ac01 活动路由器为本地路由器，后备路由器为10.1.1.2 ，此时SW2为活动路由器，SW1为备份路由器。在sw2上ping 虚拟网关10.1.1.1
sw2#ping 10.1.1.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.1.1.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/3/4 ms
sw2#
通过。
在sw1上，ping 10.1.1.1
sw2#ping 10.1.1.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.1.1.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/3/4 ms
sw2#
  通过。
查看sw1的standby 状态
Vlan10 - Group 1
  State is Standby
4 state changes, last state change 00:05:48
  Virtual IP address is 10.1.1.1
  Active virtual MAC address is 0000.0c07.ac01
Local virtual MAC address is 0000.0c07.ac01 (default)
  Hello time 3 sec, hold time 10 sec
Next hello sent in 2.816 secs
  Preemption disabled
  Active router is 10.1.1.3, priority 100 (expires in 8.952 sec)
  Standby router is local
  Priority 100 (default 100)
  IP redundancy name is "hsrp-Vl10-1" (default)
sw1#

  可以看到当前的sw1为备份状态，至此vlan 10 的双网关热备份做成。
  对于vlan 20同理
  配置sw3交换机，由于sw3处于汇聚层，所以只需要开起其连接各个端口即可，将sw3交换机的fa 1/4 - fa 1/7 端口开启turnk
sw3(config)#int range fa 1/4 - 7
sw3(config-if-range)#swi
sw3(config-if-range)#switchport t
sw3(config-if-range)#switchport trunk e
sw3(config-if-range)#switchport trunk encapsulation do
sw3(config-if-range)#sw
sw3(config-if-range)#switchport m
sw3(config-if-range)#switchport mode t
sw3(config-if-range)#switchport mode trunk
sw3(config-if-range)#no shut
并将sw3的vtp 设置为client模式，用户名为fhw,使得vtp 同步于主干。
配置sw4和sw5交换机
对于sw4交换机
首先配置vtp信息，使得vtp同步
然后进入vlan 10
sw4(config)#int vlan 10
sw4(config-if)#ip add 10.1.1.4 255.255.255.0
sw4(config-if)#
sw4(config-if)#exit
sw4(config)#ip d
sw4(config)#ip de
sw4(config)#ip default-g
sw4(config)#ip default-gateway 10.1.1.1
sw4(config)#
添加vlan 10的ip 地址，并设置sw4的默认网关为10.1.1.1 ，指向HSRP的虚拟网关。
sw4(config)#no ip routing
  注意：由于本套试验采用的是3660路由器，所以默认开启了路由，必须将路由关掉
别忘记开启sw4 fa1/6端口的trunk模式
然后ping 10.1.1.1
sw4#ping 10.1.1.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.1.1.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 16/226/1020 ms
sw4#
  通过！
  对于sw5交换机，同理，只是配置vlan 20，同样对于sw1,sw2的vlan 20采用同样的HSRP设置。设置vlan 20的虚拟ip 为10.1.2.1

sw5#ping 10.1.2.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.1.2.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 8/33/104 ms
测试通过
在sw1,sw2交换机上面启用vlan间路由
ip routing
在sw4交换机上ping sw5交换机，测试通过。至此，一个简单的HSRP实验完成！

network · 发表于 2008-10-28 14:29:33

CISCO HSRP工程实例

标记：接入层交换机我们标记为sw1,做热备的两台交换机，左边的我们标记为sw2，右边的标记为sw3。
说明：我这里的连线方式和拓扑上的不一样，具体方式如下：
Switch1 F0/1 <----> Switch2 F0/1
Switch1 F0/2 <----> Switch3 F0/2
Switch2 F0/10 <----> Switch3 F0/10
Switch2 F0/2 <----> Switch4 F0/2
Switch3 F0/1 <----> Switch4 F0/1
Router1 F0/0 <----> Switch4 F0/0

以下内容需要回复才能看到

router配置：
Router#show run
Building configuration...

Current configuration : 1023 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Router
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
memory-size iomem 5
!
!
ip cef
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface FastEthernet0/0
ip address 172.16.1.1 255.255.255.0
duplex auto
speed auto
!
interface Serial1/0
ip address 10.250.34.51 255.255.255.0
serial restart-delay 0
!
interface Serial1/1
no ip address
shutdown
serial restart-delay 0
!
interface Serial1/2
no ip address
shutdown
serial restart-delay 0
!
interface Serial1/3
no ip address
shutdown
serial restart-delay 0
!
ip http server
no ip http secure-server
!
ip route 0.0.0.0 0.0.0.0 Serial1/0 2
ip route 192.168.10.0 255.255.255.0 172.16.1.2
ip route 192.168.10.0 255.255.255.0 172.16.1.3
ip route 192.168.20.0 255.255.255.0 172.16.1.3
ip route 192.168.20.0 255.255.255.0 172.16.1.2
!
!
!
!
control-plane
!
!
!
!
!
!
!
!
!
!
line con 0
line aux 0
line vty 0 4
login
!
!
end

sw1配置：

sw1#show run
Building configuration...

Current configuration : 940 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname sw1
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
memory-size iomem 5
!
!
ip cef
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface FastEthernet0/0
!
interface FastEthernet0/1
switchport mode trunk
!
interface FastEthernet0/2
switchport mode trunk
!
interface FastEthernet0/3
!
interface FastEthernet0/4
!
interface FastEthernet0/5
!
interface FastEthernet0/6
!
interface FastEthernet0/7
!
interface FastEthernet0/8
!
interface FastEthernet0/9
!
interface FastEthernet0/10
!
interface FastEthernet0/11
!
interface FastEthernet0/12
!
interface FastEthernet0/13
!
interface FastEthernet0/14
!
interface FastEthernet0/15
!
interface Vlan1
no ip address
!
ip http server
no ip http secure-server
!
!
!
!
!
control-plane
!
!
!
!
!
!
!
!
!
!
line con 0
line aux 0
line vty 0 4
login
!
!
end

sw2配置：

sw2#show run
Building configuration...

Current configuration : 1497 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname sw2
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
memory-size iomem 5
!
!
ip cef
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface Port-channel1
switchport mode trunk
!
interface FastEthernet0/0
!
interface FastEthernet0/1
switchport mode trunk
!
interface FastEthernet0/2
no switchport
ip address 172.16.1.2 255.255.255.0
!
interface FastEthernet0/3
!
interface FastEthernet0/4
!
interface FastEthernet0/5
!
interface FastEthernet0/6
!
interface FastEthernet0/7
!
interface FastEthernet0/8
!
interface FastEthernet0/9
!
interface FastEthernet0/10
switchport mode trunk
channel-group 1 mode on
!
interface FastEthernet0/11
switchport mode trunk
channel-group 1 mode on
!
interface FastEthernet0/12
switchport mode trunk
channel-group 1 mode on
!
interface FastEthernet0/13
!
interface FastEthernet0/14
!
interface FastEthernet0/15
!
interface Vlan1
no ip address
!
interface Vlan10
ip address 192.168.10.254 255.255.255.0
standby 1 ip 192.168.10.250
standby 1 timers 3 50
standby 1 priority 200
standby 1 preempt
standby 1 track FastEthernet0/2 150
!
interface Vlan20
ip address 192.168.20.254 255.255.255.0
standby 2 ip 192.168.20.250
standby 2 preempt
standby 2 track FastEthernet0/2
!
ip http server
no ip http secure-server
!
!
!
!
!
control-plane
!
!
!
!
!
!
!
!
!
!
line con 0
line aux 0
line vty 0 4
login
!
!
end

sw3配置：
sw3#show run
Building configuration...

Current configuration : 1572 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname sw3
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
memory-size iomem 5
!
!
ip cef
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface Port-channel1
switchport mode trunk
!
interface FastEthernet0/0
!
interface FastEthernet0/1
no switchport
ip address 172.16.1.3 255.255.255.0
!
interface FastEthernet0/2
switchport mode trunk
!
interface FastEthernet0/3
!
interface FastEthernet0/4
!
interface FastEthernet0/5
!
interface FastEthernet0/6
!
interface FastEthernet0/7
!
interface FastEthernet0/8
!
interface FastEthernet0/9
!
interface FastEthernet0/10
switchport mode trunk
channel-group 1 mode on
!
interface FastEthernet0/11
switchport mode trunk
channel-group 1 mode on
!
interface FastEthernet0/12
switchport mode trunk
channel-group 1 mode on
!
interface FastEthernet0/13
!
interface FastEthernet0/14
!
interface FastEthernet0/15
!
interface Vlan1
no ip address
!
interface Vlan10
ip address 192.168.10.253 255.255.255.0
standby 1 ip 192.168.10.250
standby 1 timers 3 50
standby 1 preempt
standby 1 track FastEthernet0/1
!
interface Vlan20
ip address 192.168.20.253 255.255.255.0
standby 2 ip 192.168.20.250
standby 2 priority 200
standby 2 preempt
standby 2 track FastEthernet0/1 150
!
ip http server
no ip http secure-server
!
!
!
mac-address-table static 0000.0c07.ac02 interface FastEthernet0/10 vlan 20
!
!
control-plane
!
!
!
!
!
!
!
!
!
!
line con 0
line aux 0
line vty 0 4
login
!
!
end

账号		自动登录	找回密码
密码			注册