实现HSRP-热备份路由协议

实现HSRP-热备份路由协议

<HSRP多组实现>

网络工程师必会的企业网络常用双机热备协议之HSRP。

实验拓扑:

实验目的:

1. 通过配置多组HSRP实现网关自动切换和链接负载均衡,既当网络正常时PC1,PC3通过R1到达R3,PC2,PC4通过R2到达R3,当R1或R2发生故障时网关能自动切换,以确保VLAN2,VLAN3的主机到达R3的连通性,

实验步骤目录:

1. 基本配置:按拓扑所示配置各设备的IP地址.

2. PAT和路由配置:分别在R1和R2上配置PAT和默认路由

3. HSRP配置:分别在R1和R2上配置HSRP

4. 验证和测试:分别R1,R2和PC上进行验证和测试

5. 模拟故障发生:在R1或R2上模拟故障的发生,验证网关能否自动切换

实现步骤1: 基本配置:按拓扑所示配置各设备的IP地址.

配置R1:

Router(config)#host R1

R1(config)#int s0/1

R1(config-if)#clock rate 64000

R1(config-if)#ip add 13.1.1.1 255.255.255.0

R1(config-if)#no shutdown

R1(config-if)#exit

R1(config)#int e0/0

R1(config-if)#no shutdown

R1(config-if)#exit

R1(config)#int e0/0.2

R1(config-subif)#encapsulation dot1Q 2

R1(config-subif)#ip add 2.1.1.1 255.255.255.0

R1(config-subif)#exit

R1(config)#int e0/0.3

R1(config-subif)#encapsulation dot1Q 3

R1(config-subif)#ip add 3.1.1.1 255.255.255.0

R1(config-subif)#end

配置R2:

Router(config)#host R2

R2(config)#int s0/1

R2(config-if)#clock rate 64000

R2(config-if)#ip add 23.1.1.2 255.255.255.0

R2(config-if)#no shutdown

R2(config-if)#exit

R2(config)#int e0/0

R2(config-if)#no shutdown

R2(config-if)#exit

R2(config)#int e0/0.2

R2(config-subif)#encapsulation dot1Q 2

R2(config-subif)#ip add 2.1.1.2 255.255.255.0?

R2(config-subif)#exit

R2(config)#int e0/0.3

R2(config-subif)#encapsulation dot1Q 3

R2(config-subif)#ip add 3.1.1.2 255.255.255.0

R2(config-subif)#end

配置R3:

Router(config)#host R3

R3(config)#int s0/0

R3(config-if)#ip add 13.1.1.3 255.255.255.0

R3(config-if)#no sh

R3(config-if)#exit

R3(config)#int s0/1

R3(config-if)#ip add 23.1.1.3 255.255.255.0

R3(config-if)#no sh

R3(config-if)#exit

R3(config)#int loo0

R3(config-if)#ip add 3.3.3.3 255.255.255.0

R3(config-if)#no sh

R3(config-if)#end

配置SW1:

Switch(config)#host SW1

SW1(config)#int f0/1

SW1(config-if)#switchport trunk encapsulation dot1q

SW1(config-if)#switchport mode trunk

SW1(config-if)#int f0/2

SW1(config-if)#switchport trunk encapsulation dot1q

SW1(config-if)#switchport mode trunk

SW1(config-if)#exit

SW1(config)#exit??

SW1#vlan da

SW1#vlan database

SW1(vlan)#vlan 2

VLAN 2 added:

??? Name: VLAN0002

SW1(vlan)#vlan 3

VLAN 3 added:

??? Name: VLAN0003

SW1(vlan)#exit

APPLY completed.

Exiting....

SW1(config)#int f0/4

SW1(config-if)#switchport mode access

SW1(config-if)#switchport access vlan 2

SW1(config-if)#int f0/5

SW1(config-if)#switchport mode access

SW1(config-if)#switchport access vlan 2

SW1(config-if)#int f0/6

SW1(config-if)#switchport mode access

SW1(config-if)#switchport access vlan 3

SW1(config-if)#int f0/7

SW1(config-if)#switchport mode access

SW1(config-if)#switchport access vlan 3

配置PC1-PC4:

每台PC的设置按拓扑要求配置好IP和网关

配置PC1:

Router(config)#host PC1

PC1(config)#no ip routing

PC1(config)#int e0/0

PC1(config-if)#ip add 2.1.1.11 255.255.255.0

PC1(config-if)#no sh

PC1(config-if)#exit

PC1(config)#ip default-gateway 2.1.1.253

配置PC2:

Router(config)#host PC2

PC2(config)#no ip routing

PC2(config)#int e0/0

PC2(config-if)#ip add 2.1.1.12 255.255.255.0

PC2(config-if)#no sh

PC2(config-if)#exit

PC2(config)#ip default-gateway 2.1.1.254

配置PC3:

Router(config)#host PC3

PC3(config)#no ip routing

PC3(config)#int e0/0

PC3(config-if)#ip add 3.1.1.13 255.255.255.0

PC3(config-if)#no sh

PC3(config-if)#exit

PC3(config)#ip default-gateway 3.1.1.253

配置PC4:

Router(config)#host PC4

PC4(config)#no ip routing

PC4(config)#int e0/0

PC4(config-if)#ip add 3.1.1.14 255.255.255.0

PC4(config-if)#no sh

PC4(config-if)#exit

PC4(config)#ip default-gateway 3.1.1.254

实现步骤2: PAT和路由配置:分别在R1和R2上配置PAT和默认路由

配置R1:

R1(config)#access-list 10 permit 2.1.1.0 0.0.0.255

R1(config)#access-list 10 permit 3.1.1.0 0.0.0.255

R1(config)#ip nat inside source list 10 interface s0/1 overload

R1(config)#int e0/0.2

R1(config-subif)#ip nat inside

R1(config-subif)#int e0/0.3

R1(config-subif)#ip nat inside

R1(config-subif)#int s0/1

R1(config-if)#ip nat outside

R1(config)#ip route 0.0.0.0 0.0.0.0 13.1.1.3

配置R2:

R2(config)#access-list 10 permit 2.1.1.0 0.0.0.255

R2(config)#access-list 10 permit 3.1.1.0 0.0.0.255

R2(config)#ip nat inside source list 10 interface s0/1 overload

R2(config)#int e0/0.2

R2(config-subif)#ip nat inside

R2(config-subif)#int e0/0.3

R2(config-subif)#ip nat inside

R2(config-subif)#int s0/1

R2(config-if)#ip nat outside

R2(config)#ip route 0.0.0.0 0.0.0.0 23.1.1.3

实现步骤3:HSRP配置:分别在R1和R2上配置HSRP

HSRP配置命令参考解释:

R1(config-subif)#standby 1 ??? //hsrp version1组号为0-255,V2为0-4095

? authentication? Authentication? //配置HSRP验证功能

? ip????????????? Enable HSRP and set the virtual IP address //虚拟IP

? mac-address???? Virtual MAC address //手工配置虚拟MAC地址

? name??????????? Redundancy name string? //HSRP组名

? preempt???????? Overthrow lower priority Active router抢占,默认关闭

? priority??????? Priority level //配置优先级0-255,默认为100,大的优选

? timers?????? Hello and hold timers hello包发送和保持时间默认3 和10

? track?????????? Priority tracking? //配置跟踪功能

配置R1:

R1(config)#int e0/0.2

R1(config-subif)#standby 1 ip 2.1.1.253? 配置group1(vr1)的虚拟IP地址

R1(config-subif)#standby 1 priority 110? 配置group1(vr1)的优先级

R1(config-subif)#standby 1 preempt ??????配置group1(vr1)抢占功能

R1(config-subif)#standby 1 track serial 0/1 50配置group1(vr1)跟踪功能

R1(config-subif)#standby 2 ip 2.1.1.254 ?配置group2(vr2)的虚拟IP地址

R1(config-subif)#standby 2 priority 105 ?配置group2(vr2)的优先级

R1(config-subif)#standby 2 preempt ??????配置group2(vr2)抢占功能

R1(config-subif)#standby 2 track serial 0/1 50配置group2(vr2)跟踪功能

standby 2 track serial 0/1 50 >>如果s0/1接口状态为down,则优先级降50

R1(config)#int e0/0.3

R1(config-subif)#standby 3 ip 3.1.1.253 ?配置group3(vr3)的虚拟IP地址

R1(config-subif)#standby 3 pri 110 ??????配置group3(vr3)的优先级

R1(config-subif)#standby 3 preempt ??????配置group3(vr3)抢占功能

R1(config-subif)#standby 3 track s0/1 50 配置group3(vr3)跟踪功能

R1(config-subif)#standby 4 ip 3.1.1.254 ?配置group4(vr4)的虚拟IP地址

R1(config-subif)#standby 4 priority 105 ?配置group4(vr4)的优先级

R1(config-subif)#standby 4 preempt ??????配置group4(vr4)抢占功能

R1(config-subif)#standby 4 track s0/1 50 配置group4(vr4)跟踪功能

配置R2:

R2(config)#int e0/0.2

R2(config-subif)#standby 1 ip 2.1.1.253

R2(config-subif)#standby 1 priority 105?

R2(config-subif)#standby 1 preempt

R2(config-subif)#standby 1 track serial 0/1 50

R2(config-subif)#standby 2 ip 2.1.1.254

R2(config-subif)#standby 2 priority 110

R2(config-subif)#standby 2 preempt

R2(config-subif)#standby 2 track serial 0/1 50

R2(config)#int e0/0.3

R2(config-subif)#standby 3 ip 3.1.1.253

R2(config-subif)#standby 3 priority 105

R2(config-subif)#standby 3 preempt

R2(config-subif)#standby 3 track s0/1 50

R2(config-subif)#standby 4 ip 3.1.1.254

R2(config-subif)#standby 4 priority 110

R2(config-subif)#standby 4 preempt

R2(config-subif)#standby 4 track s0/1 50

实现步骤4: 分别R1,R2和PC上进行验证和测试

在R1上验证HSRP参数:

R1#show standby brief

???????????????????? P indicates configured to preempt.

???????????????????? |

Interface?? Grp Prio P State??? Active??? Standby??????? Virtual IP????

Et0/0.2???? 1?? 110? P Active?? local???? 2.1.1.2???????? 2.1.1.253?????

Et0/0.2???? 2?? 105? P Standby? 2.1.1.2?? local?????????? 2.1.1.254???? ?

Et0/0.3???? 3?? 110? P Active?? local???? 3.1.1.2???????? 3.1.1.253?????

Et0/0.3???? 4?? 105? P Standby? 3.1.1.2?? local?????????? 3.1.1.254?

显示参数解释:

Grp:组号

Prio:优先级

P:抢占

State:HSRP状态(同一个组里同时只有一台Active或是Standby状态,一个组里可以同时有多台路由器处于listen状态)

Active:显示处于活动状态的路由器

Standby:显示处于备份状态的路由器

Virtual IP:显示每个组的虚拟路由器IP地址

解释R1:show standby brief

针对group1,R1是active,R2为standby

针对group2,R1是,standby,R2为active

针对group3,R1是active,R2为standby

针对group4,R1是,standby,R2为active

在R2上验证HSRP参数:

R2#show standby brief

???????????????????? P indicates configured to preempt.

???????????????????? |

Interface?? Grp Prio P State??? Active??? Standby???????? Virtual IP????

Et0/0.2 ????1?? 105? P Standby? 2.1.1.1?? local?????????? 2.1.1.253?????

Et0/0.2???? 2?? 110? P Active?? local???? 2.1.1.1???????? 2.1.1.254?????

Et0/0.3???? 3?? 105? P Standby? 3.1.1.1?? local?????????? 3.1.1.253?????

Et0/0.3???? 4?? 110? P Active?? local???? 3.1.1.1???????? 3.1.1.254?????

显示参数解释:

Grp:组号

Prio:优先级

P:抢占

State:HSRP状态(同一个组里同时只有一台Active或是Standby状态,一个组里可以同时有多台路由器处于listen状态)

Active:显示处于活动状态的路由器

Standby:显示处于备份状态的路由器

Virtual IP:显示每个组的虚拟路由器IP地址

解释R2:show standby brief

针对group1,R1是standby,R2为active

针对group2,R1是,active ,R2为standby

针对group3,R1是standby,R2为active

针对group4,R1是,active ,R2为standby

在PC1上测试:

---------------------------------------------------------------------

PC1#ping 3.3.3.3

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 3.3.3.3, timeout is 2 seconds:

!!!!!

------------------------

PC1#traceroute 3.3.3.3

Type escape sequence to abort.

Tracing the route to 3.3.3.3

? 1 2.1.1.1 0 msec 0 msec 4 msec

? 2 13.1.1.3 20 msec *? 16 msec

---------------------------------------------------------------------

在PC2上测试:

PC2#ping 3.3.3.3

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 3.3.3.3, timeout is 2 seconds:

!!!!!

----------------------

PC2#traceroute 3.3.3.3

Type escape sequence to abort.

Tracing the route to 3.3.3.3

??1 2.1.1.2 4 msec 4 msec 4 msec

? 2 23.1.1.3 16 msec *? 16 msec

---------------------------------------------------------------------

在PC3上测试:

PC3#ping 3.3.3.3

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 3.3.3.3, timeout is 2 seconds:

!!!!!

----------------------

PC3#traceroute 3.3.3.3

Type escape sequence to abort.

Tracing the route to 3.3.3.3

? 1 3.1.1.1 4 msec 4 msec 4 msec

? 2 13.1.1.3 16 msec *? 16 msec

---------------------------------------------------------------------

在PC4上测试:

PC4#ping 3.3.3.3

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 3.3.3.3, timeout is 2 seconds:

!!!!!

-----------------------

PC4#traceroute 3.3.3.3

Type escape sequence to abort.

Tracing the route to 3.3.3.3

? 1 3.1.1.2 6 msec 3 msec 5 msec

? 2 23.1.1.3 19 msec *? 16 msec

---------------------------------------------------------------------

实现步骤5在R1或R2上模拟故障的发生,验证网关能否自动切换

在R1上关闭外网接口S0/1,验证网关能否切换到R2.

R1(config)#int s0/1

R1(config-if)#shutdown

在PC1上测试:

PC1#ping 3.3.3.3

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 3.3.3.3, timeout is 2 seconds:

!!!!!

-----------------------

PC1#traceroute 3.3.3.3

Type escape sequence to abort.

Tracing the route to 3.3.3.3

? 1 2.1.1.2 4 msec 4 msec 4 msec

在PC2上测试:

PC2#traceroute 3.3.3.3

Type escape sequence to abort.

Tracing the route to 3.3.3.3

? 1 2.1.1.2 4 msec 4 msec 4 msec

在PC3上测试:

PC3#ping 3.3.3.3

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 3.3.3.3, timeout is 2 seconds:

!!!!!

----------------------

PC3#traceroute 3.3.3.3

Type escape sequence to abort.

Tracing the route to 3.3.3.3

? 1 3.1.1.2 4 msec 4 msec 4 msec

在PC4上测试:

PC4#ping 3.3.3.3

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 3.3.3.3, timeout is 2 seconds:

!!!!!

-----------------------

PC4#traceroute 3.3.3.3

Type escape sequence to abort.

Tracing the route to 3.3.3.3

? 1 3.1.1.2 2 msec 3 msec 2 msec

? 2 23.1.1.3 19 msec *? 40 msec

---------------------------------------------------------------------

启用R1外网接口:

R1(config)#int s0/1

R1(config-if)#no shutdown

---------------------------------------------------------------------

在R1和R2上再次确认HSRP的正常状态:

R1#show standby brief

???????????????????? P indicates configured to preempt.

???????????????????? |

Interface?? Grp Prio P State??? Active??? Standby??????? Virtual IP????

Et0/0.2???? 1?? 110? P Active?? local???? 2.1.1.2???????? 2.1.1.253?????

Et0/0.2???? 2?? 105? P Standby? 2.1.1.2?? local????? ?????2.1.1.254?????

Et0/0.3???? 3?? 110? P Active?? local???? 3.1.1.2???????? 3.1.1.253?????

Et0/0.3???? 4?? 105? P Standby? 3.1.1.2?? local?????????? 3.1.1.254?

解释R1:show standby brief

针对group1,R1是active,R2为standby

针对group2,R1是,standby,R2为active

针对group3,R1是active,R2为standby

针对group4,R1是,standby,R2为active

在R2上验证HSRP参数:

R2#show standby brief

???????????????????? P indicates configured to preempt.

???????????????????? |

Interface?? Grp Prio P State??? Active??? Standby???????? Virtual IP????

Et0/0.2??? ?1 ??105? P Standby? 2.1.1.1?? local?????????? 2.1.1.253?????

Et0/0.2???? 2?? 110? P Active?? local???? 2.1.1.1???????? 2.1.1.254?????

Et0/0.3???? 3?? 105? P Standby? 3.1.1.1?? local?????????? 3.1.1.253?????

Et0/0.3???? 4?? 110? P Active?? local?? ??3.1.1.1???????? 3.1.1.254?????

解释R2:show standby brief

针对group1,R1是standby,R2为active

针对group2,R1是,active ,R2为standby

针对group3,R1是standby,R2为active

针对group4,R1是,active ,R2为standby