三种路由器冗余协议的配置示例
- 1、下载文档前请自行甄别文档内容的完整性,平台不提供额外的编辑、内容补充、找答案等附加服务。
- 2、"仅部分预览"的文档,不可在线预览部分如存在完整性等问题,可反馈申请退款(可完整预览的文档不适用该条件!)。
- 3、如文档侵犯您的权益,请联系客服反馈,我们会尽快为您处理(人工客服工作时间:9:00-18:30)。
三种路由器冗余协议的配置示例
2009-02-22 16:26:08| 分类:Cisco|字号订阅
拓扑图
实验用到的是4台3640路由器,我用的镜像是unzip-c3640-ik9o3s-mz.124-10.bin 其中HSRP和VRRP用到SW1、SW2和SW3,而GLBP则用到全部4台路由器。
一、HSRP
1. 配置HSRP
SW1(config)#interface vlan 50
SW1(config-if)#ip address 192.168.1.10 255.255.255.0
SW1(config-if)#standby 1 priority 200
SW1(config-if)#standby 1 preempt
SW1(config-if)#standby 1 ip 192.168.1.1
SW1(config-if)#standby 1 authentication MyKey
SW1(config-if)#standby 2 priority 100
SW1(config-if)#standby 2 ip 192.168.1.2
SW1(config-if)#standby 2 authentication MyKey
SW1(config-if)#^Z
SW2(config)#interface vlan 50
SW2(config-if)#ip address 192.168.1.11 255.255.255.0
SW2(config-if)#standby 1 priority 100
SW2(config-if)#standby 1 ip 192.168.1.1
SW2(config-if)#standby 1 authentication MyKey
SW2(config-if)#standby 2 priority 200
SW2(config-if)#standby 2 preempt
SW2(config-if)#standby 2 ip 192.168.1.2
SW2(config-if)#standby 2 authentication MyKey
SW2(config-if)#^Z
我们在这里一共配置了两个standby group,其中SW1充当group 1的active router,并配置了抢占,同时,它还充当了group 2的standby router。
同理,SW2是group 2的active router,同时为group 1的standby router。
这时侯我们查看HSRP信息:
SW1#show standby vlan 50 brief
P indicates configured to preempt.
|
Interface Grp Prio P State Active Standby Virtual IP
Vl50 1 200 P Init unknown unknown 192.168.1.1 Vl50 2 100 Init unknown unknown 192.168.1.2
显示HSRP的状态为Init,而Standby为Unknown,这是由于我们还没有配置VLAN 50及将端口关联到VLAN 50
2. 在SW1和SW2上配置VLAN
SW1(vlan)#vlan 50
VLAN 50 added:
Name: VLAN0050
SW1(vlan)#exit
APPLY completed.
Exiting....
SW1#config t
Enter configuration commands, one per line. End with CNTL/Z.
SW1(config)#int f0/1
SW1(config-if)#switchport
SW1(config-if)#switchport mode access
SW1(config-if)#switchport access vlan 50
SW1(config-if)#
SW2#vlan database
SW2(vlan)#vlan 50
VLAN 50 added:
Name: VLAN0050
SW2(vlan)#exit
APPLY completed.
Exiting....
SW2#config t
Enter configuration commands, one per line. End with CNTL/Z.
SW2(config)#int f0/1
SW2(config-if)#switch
SW2(config-if)#switchport mode access
SW2(config-if)#switchport access vlan 50
配置完成后我们可以看到SW1和SW2经历如下过程:
SW1(config-if)#
*Mar 1 00:17:08.155: %HSRP-5-STATECHANGE: Vlan50 Grp 1 state Speak -> Standby *Mar 1 00:17:08.155: %HSRP-5-STATECHANGE: Vlan50 Grp 2 state Speak -> Standby *Mar 1 00:17:08.655: %HSRP-5-STATECHANGE: Vlan50 Grp 1 state Standby -> Active *Mar 1 00:17:08.659: %HSRP-5-STATECHANGE: Vlan50 Grp 2 state Standby -> Active *Mar 1 00:17:17.783: %HSRP-5-STATECHANGE: Vlan50 Grp 2 state Active -> Speak
可以看到,SW1先从Speak状态转为Standby,然后尝试称为Active,在Group 2中,由于SW2的优先级比SW1高,所以SW1又转换为Speak
输入debug standby events
SW1#debug standby events
HSRP Events debugging is on
SW1#
*Mar 1 00:05:24.131: HSRP: Vl50 Grp 1 Active: i/Resign rcvd (100/192.168.1.11)
*Mar 1 00:05:24.135: HSRP: Vl50 Grp 2 Active: j/Coup rcvd from higher pri router (200/192.168.1.11)
*Mar 1 00:05:24.139: HSRP: Vl50 Grp 2 Active router is 192.168.1.11, was local
*Mar 1 00:05:24.139: HSRP: Vl50 Grp 2 Active -> Speak
*Mar 1 00:05:24.139: %HSRP-5-STATECHANGE: Vlan50 Grp 2 state Active -> Speak SW1#
*Mar 1 00:05:24.139: HSRP: Vl50 Grp 2 Redundancy "hsrp-Vl50-2" state Active -> Speak
SW1#
*Mar 1 00:05:27.131: HSRP: Vl50 Grp 1 Redundancy group hsrp-Vl50-1 state Active -> Active
SW1#
*Mar 1 00:05:30.131: HSRP: Vl50 Grp 1 Redundancy group hsrp-Vl50-1 state Active
->Active
SW1#
*Mar 1 00:05:34.123: HSRP: Vl50 Grp 1 Standby router is 192.168.1.11
*Mar 1 00:05:34.139: HSRP: Vl50 Grp 2 Speak: d/Standby timer expired (unknown)
*Mar 1 00:05:34.139: HSRP: Vl50 Grp 2 Standby router is local
*Mar 1 00:05:34.139: HSRP: Vl50 Grp 2 Speak -> Standby
*Mar 1 00:05:34.139: %HSRP-5-STATECHANGE: Vlan50 Grp 2 state Speak -> Standby SW1#
*Mar 1 00:05:34.139: HSRP: Vl50 Grp 2 Redundancy "hsrp-Vl50-2" state Speak -> Standby
这里我们可以清晰看到每个状态的切换
查看SW1的HSRP状态
SW1#show standby vlan 50 brief
P indicates configured to preempt.
|
Interface Grp Prio P State Active Standby Virtual IP
Vl50 1 200 P Active local 192.168.1.11 192.168.1.1
Vl50 2 100 Standby 192.168.1.11 local 192.168.1.2
可以看到每个Group各自的active router和standby router,以及每个group的网关地址(这里的virtual ip)。
接下来,我们尝试关闭SW3的F0/0端口,让SW1和SW2不能通信,看会有什么结果。
首先在SW1上输入debug standby events
然后关闭SW3的F0/0端口
SW1#
*Mar 1 00:08:37.107: HSRP: Vl50 Grp 2 Standby: c/Active timer expired (192.168.1.11) *Mar 1 00:08:37.107: HSRP: Vl50 Grp 2 Active router is local, was 192.168.1.11
*Mar 1 00:08:37.107: HSRP: Vl50 Grp 2 Standby router is unknown, was local
*Mar 1 00:08:37.111: HSRP: Vl50 Grp 2 Standby -> Active
*Mar 1 00:08:37.111: %HSRP-5-STATECHANGE: Vlan50 Grp 2 state Standby -> Active SW1#
*Mar 1 00:08:37.111: HSRP: Vl50 Grp 2 Redundancy "hsrp-Vl50-2" state Standby -> Active
*Mar 1 00:08:38.095: HSRP: Vl50 Grp 1 Standby router is unknown, was 192.168.1.11 SW1#
*Mar 1 00:08:40.115: HSRP: Vl50 Grp 2 Redundancy group hsrp-Vl50-2 state Active -> Active
SW1#
*Mar 1 00:08:43.115: HSRP: Vl50 Grp 2 Redundancy group hsrp-Vl50-2 state Active -> Active
可以看到SW2自己成为group 2上的active router
SW1#show standby vlan 50 brief
P indicates configured to preempt.
|
Interface Grp Prio P State Active Standby Virtual IP
Vl50 1 200 P Active local unknown 192.168.1.1
Vl50 2 100 Active local unknown 192.168.1.2
我们再次把SW3的F0/0端口打开
SW1#
*Mar 1 00:11:04.111: HSRP: Vl50 Grp 1 Hello in 192.168.1.11 Active pri 100 vIP 192.168.1.1
*Mar 1 00:11:04.115: HSRP: Vl50 Grp 1 Active: h/Hello rcvd from lower pri Active router (100/192.168.1.11)
*Mar 1 00:11:04.163: HSRP: Vl50 Grp 2 Active: j/Coup rcvd from higher pri router (200/192.168.1.11)
*Mar 1 00:11:04.163: HSRP: Vl50 Grp 2 Active router is 192.168.1.11, was local
*Mar 1 00:11:04.167: HSRP: Vl50 Grp 2 Active -> Speak
*Mar 1 00:11:04.167: %HSRP-5-STATECHANGE: Vlan50 Grp 2 state Active -> Speak SW1#
*Mar 1 00:11:04.167: HSRP: Vl50 Grp 2 Redundancy "hsrp-Vl50-2" state Active -> Speak
SW1#
*Mar 1 00:11:07.115: HSRP: Vl50 Grp 1 Redundancy group hsrp-Vl50-1 state Active -> Active
SW1#
*Mar 1 00:11:10.115: HSRP: Vl50 Grp 1 Redundancy group hsrp-Vl50-1 state Active -> Active
SW1#
*Mar 1 00:11:14.163: HSRP: Vl50 Grp 2 Speak: d/Standby timer expired (unknown)
*Mar 1 00:11:14.163: HSRP: Vl50 Grp 2 Standby router is local
*Mar 1 00:11:14.163: HSRP: Vl50 Grp 2 Speak -> Standby
*Mar 1 00:11:14.163: %HSRP-5-STATECHANGE: Vlan50 Grp 2 state Speak -> Standby SW1#
*Mar 1 00:11:14.167: HSRP: Vl50 Grp 2 Redundancy "hsrp-Vl50-2" state Speak -> Standby
*Mar 1 00:11:14.207: HSRP: Vl50 Grp 1 Standby router is 192.168.1.11
显示在group 2中有更高优先级的router,于是状态又切换回standby
SW1#show standby vlan 50 brief
P indicates configured to preempt.
|
Interface Grp Prio P State Active Standby Virtual IP
Vl50 1 200 P Active local 192.168.1.11 192.168.1.1
Vl50 2 100 Standby 192.168.1.11 local 192.168.1.2
二、VRRP
而对于VRRP,其配置大同小异,首先清除原来的配置
SW1(config)#no int vlan 50
然后做如下配置:
SW1(config)#int vlan 50
SW1(config-if)#ip address 192.168.1.10 255.255.255.0
SW1(config-if)#vrrp 1 priority 200
SW1(config-if)#vrrp 1 ip 192.168.1.1
SW1(config-if)#
*Mar 1 00:28:58.983: %VRRP-6-STATECHANGE: Vl50 Grp 1 state Init -> Backup
SW1(config-if)#vrrp
*Mar 1 00:29:02.203: %VRRP-6-STATECHANGE: Vl50 Grp 1 state Backup -> Master SW1(config-if)#vrrp 2 priority 100
SW1(config-if)#no vrrp 2 preempt
SW1(config-if)#vrrp 2 ip 192.168.1.2
SW1(config-if)#
*Mar 1 00:29:23.695: %VRRP-6-STATECHANGE: Vl50 Grp 2 state Init -> Backup
SW1(config-if)#
*Mar 1 00:29:27.307: %VRRP-6-STATECHANGE: Vl50 Grp 2 state Backup -> Master SW1(config-if)#
*Mar 1 00:30:35.971: %VRRP-6-STATECHANGE: Vl50 Grp 2 state Master -> Backup SW1(config-if)#
我们看到SW1在gruop 1上是Master,在group 2上是backup,最后一行是在我配置完SW2之后输出的。
因为VRRP默认是抢占的,所以在SW1上配置vrrp 2的时候我们需要禁用该group上的抢占。
SW2(config)#int vlan 50
SW2(config-if)#ip add 192.168.1.11 255.255.255.0
SW2(config-if)#vrrp 1 prio
SW2(config-if)#vrrp 1 priority 100
SW2(config-if)#no vrrp 1 preempt
SW2(config-if)#vrrp 1 ip 192.168.1.1
SW2(config-if)#
*Mar 1 00:29:44.067: %VRRP-6-STATECHANGE: Vl50 Grp 1 state Init -> Backup SW2(config-if)#vrrp 2 priority 200
SW2(config-if)#vrrp 2 ip 192.168.1.2
SW2(config-if)#
*Mar 1 00:29:59.383: %VRRP-6-STATECHANGE: Vl50 Grp 2 state Init -> Backup SW2(config-if)#
*Mar 1 00:30:02.603: %VRRP-6-STATECHANGE: Vl50 Grp 2 state Backup -> Master SW2(config-if)#
查看状态
SW1#show vrrp brief
Interface Grp Pri Time Own Pre State Master addr Group addr
Vl50 1 200 3218 Y Master 192.168.1.10 192.168.1.1
Vl50 2 100 3609 Y Backup 192.168.1.11 192.168.1.2
SW1#show vrrp
Vlan50 - Group 1
State is Master
Virtual IP address is 192.168.1.1
Virtual MAC address is 0000.5e00.0101
Advertisement interval is 1.000 sec
Preemption enabled
Priority is 200
Master Router is 192.168.1.10 (local), priority is 200
Master Advertisement interval is 1.000 sec
Master Down interval is 3.218 sec
Vlan50 - Group 2
State is Backup
Virtual IP address is 192.168.1.2
Virtual MAC address is 0000.5e00.0102
Advertisement interval is 1.000 sec
Preemption enabled
Priority is 100
Master Router is 192.168.1.11, priority is 200
Master Advertisement interval is 1.000 sec
Master Down interval is 3.609 sec (expires in 3.113 sec)
三、GLBP
而GLBP与前两者的特性有较大的出入,主要体现在客户机的配置上。
对于前两者,客户机要分别指定不同的网关来实现均衡负载,而GLBP则可以指定为同一个网关,因为GLBP 中有一台路由器(AVG)会负责处理客户机的ARP请求,并能够将其他路由器的MAC地址分配给不同的客户机。
实际上,响应的并不是某一台具体路由器的物理MAC地址,而是一个虚拟的MAC地址,这样做的好处是,即使某一台路由器down掉,其他路由器可以接管这个虚拟MAC地址,从而不会影响到客户机。
每个虚拟MAC地址中会有一台路由器成为AVF,同时它也是其他虚拟MAC地址的监听者,它正常情况下负责转发客户机发送给该虚拟MAC地址的数据,而如果这个AVF down掉,那么其他路由器将接管这个AVF角色。
SW1(config)#interface vlan 50
SW1(config-if)#ip address 192.168.1.10 255.255.255.0
SW1(config-if)#glbp 1 priority 200
SW1(config-if)#glbp 1 preempt
SW1(config-if)#glbp 1 ip 192.168.1.1
*Mar 1 01:59:11.643: %GLBP-6-STATECHANGE: Vlan50 Grp 1 state Standby -> Active *Mar 1 02:16:41.803: %GLBP-6-FWDSTATECHANGE: Vlan50 Grp 1 Fwd 1 state Active -> Listen
*Mar 1 02:16:41.867: %GLBP-6-FWDSTATECHANGE: Vlan50 Grp 1 Fwd 2 state Active -> Listen
*Mar 1 02:16:54.751: %GLBP-6-FWDSTATECHANGE: Vlan50 Grp 1 Fwd 3 state Listen -> Active
上面有几条输出的信息,第一条显示SW1成为AVG,同时最后一条显示它同时担当序号为3的虚拟MAC地址的AVF,而对于序号为1和2的虚拟MAC地址,它则是一个监听者。
SW1#show glbp brief
Interface Grp Fwd Pri State Address Active router Standby route
Vl50 1 - 200 Active 192.168.1.1 local 192.168.1.11
Vl50 1 1 7 Listen 0007.b400.0101 192.168.1.11 -
Vl50 1 2 7 Listen 0007.b400.0102 192.168.1.12 -
Vl50 1 3 7 Active 0007.b400.0103 local -
这里更明确显示SW1的角色:是group 1的AVG,同时也是虚拟MAC地址0007.b400.0103的AVF,还是其他两个虚拟MAC地址的监听者(我们可以将其称为备用AVF)。
本实例还增加多了一台路由器SW4。
其他两台路由器的配置
SW2(config)#interface vlan 50
SW2(config-if)#ip address 192.168.1.11 255.255.255.0
SW2(config-if)#glbp 1 priority 150
SW2(config-if)#glbp 1 preempt
SW2(config-if)#glbp 1 ip 192.168.1.1
SW4(config)#interface vlan 50
SW4(config-if)#ip add 192.168.1.12 255.255.255.0 SW4(config-if)#glbp 1 priority 100
SW4(config-if)#glbp 1 ip 192.168.1.1。