22.1. 配置基本HSRP
提問 當(dāng)主用路由器當(dāng)?shù)粢院髠浞萋酚善骺梢越庸苤饔寐酚善鞯?a >ip地址和MAC地址
回答
Router1:
Router1#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router1(config)#interface FastEthernet 0/1
Router1(config-if)#ip address 172.22.1.3 255.255.255.0
Router1(config-if)#standby 1 ip 172.22.1.1
Router1(config-if)#standby 1 PRiority 120
Router1(config-if)#exit
Router1(config)#end
Router1#
Router2:
Router2#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router2(config)#interface FastEthernet 1/0
Router2(config-if)#ip address 172.22.1.2 255.255.255.0
Router2(config-if)#standby 1 ip 172.22.1.1
Router2(config-if)#standby 1 priority 110
Router2(config-if)#exit
Router2(config)#end
Router2#
注釋 由于HSRP虛擬出來的MAC地址跟組相關(guān),所以可能會出現(xiàn)同一交換機(jī)收到多個相同的MAC地址的情況,這時候就需要用standby 1 mac-address 0000.0c07.ad01 命令來人工指定一個MAC地址
<!--[if !supportLists]-->22.2. <!--[endif]-->使用HSRP 強(qiáng)占特性
提問 強(qiáng)制某個路由器啟動后一直在組中處于主用狀態(tài)
回答
Router1#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router1(config)#interface FastEthernet 0/1
Router1(config-if)#standby 1 ip 172.22.1.1
Router1(config-if)#standby 1 priority 120
Router1(config-if)#standby 1 preempt
Router1(config-if)#exit
Router1(config)#end
Router1#
Router2#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router2(config)#interface FastEthernet 1/0
Router2(config-if)#standby 1 ip 172.22.1.1
Router2(config-if)#standby 1 priority 110
Router2(config-if)#standby 1 preempt
Router2(config-if)#exit
Router2(config)#end
Router2#
注釋 正常情況下當(dāng)LAN端口up后就會發(fā)生強(qiáng)占,而此時可能網(wǎng)絡(luò)還沒有收斂,所以建議配置強(qiáng)占延遲時間,讓路由器啟動后過一段時間再發(fā)起強(qiáng)占standby 1 preempt delay 60
22.3. 配置HSRP對接口問題追蹤的支持
提問 當(dāng)主用路由器的上聯(lián)端口出現(xiàn)問題后主動切換到備用路由器
回答
Router1#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router1(config)#interface FastEthernet0/1
Router1(config-if)#standby 1 ip 172.22.1.1
Router1(config-if)#standby 1 priority 120
Router1(config-if)#standby 1 preempt
Router1(config-if)#standby 1 track Serial0/0 20
Router1(config-if)#exit
Router1(config)#end
Router1#
從12.2(15)T后引入更多可追蹤實例
Router1#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router1(config)#track 11 interface Serial1/1 ip routing
Router1(config-track)#exit
Router1(config)#interface FastEthernet0/0
Router1(config-if)#standby 1 ip 172.22.1.1
Router1(config-if)#standby 1 priority 120
Router1(config-if)#standby 1 preempt
Router1(config-if)#standby 1 track 11 decrement 50
Router1(config-if)#end
Router1#
注釋 Router1#show track
Track 11
Interface Serial1/1 ip routing
IP routing is Down (hw admin-down, ip disabled)
1 change, last change 00:
Tracked by:
HSRP FastEthernet0/0 1
22.4. HSRP負(fù)載均衡
提問 在兩臺或者多臺HSRP路由器上實現(xiàn)流量的負(fù)載均衡
回答
Router1#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router1(config)#interface FastEthernet0/1
Router1(config-if)#ip address 172.22.1.3 255.255.255.0
Router1(config-if)#standby 1 ip 172.22.1.1
Router1(config-if)#standby 1 priority 120
Router1(config-if)#standby 1 preempt
Router1(config-if)#standby 2 ip 172.22.1.2
Router1(config-if)#standby 2 priority 110
Router1(config-if)#standby 2 preempt
Router1(config-if)#exit
Router1(config)#end
Router1#
Router2#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router2(config)#interface FastEthernet1/0
Router2(config-if)#ip address 172.22.1.4 255.255.255.0
Router2(config-if)#standby 1 ip 172.22.1.1
Router2(config-if)#standby 1 priority 110
Router2(config-if)#standby 1 preempt
Router2(config-if)#standby 2 ip 172.22.1.2
Router2(config-if)#standby 2 priority 120
Router2(config-if)#standby 2 preempt
Router2(config-if)#exit
Router2(config)#end
Router2#
注釋 由于出現(xiàn)兩個網(wǎng)關(guān),所以需要在終端設(shè)備上分開配置各自的缺省網(wǎng)關(guān)。
22.5. HSRP中ICMP重定向
提問 在HSRP中啟用ICMP重定向
回答
Router2#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router2(config)#interface FastEthernet 1/0
Router2(config-if)#no ip redirects
Router2(config-if)#standby redirects disable
Router2(config-if)#exit
Router2(config)#end
Router2#
注釋
22.6. 調(diào)整HSRP定時器
提問 調(diào)整備份路由器接管主用路由器所需時長
回答
Router1#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router1(config)#interface FastEthernet0/1
Router1(config-if)#standby 1 ip 172.22.1.1
Router1(config-if)#standby 1 priority 120
Router1(config-if)#standby 1 preempt
Router1(config-if)#standby 1 timers 1 3
Router1(config-if)#exit
Router1(config)#end
Router1#
注釋 缺省Hello包時長為3秒,10秒后會接管,假如主用路由器調(diào)整時長,整個組內(nèi)的路由器都要調(diào)整為相同的時長。最短可以到達(dá)毫秒Router1(config-if)#standby 1 timers msec 100 msec 300
22.7. 在令牌環(huán)網(wǎng)絡(luò)中使用HSRP
提問 在令牌環(huán)網(wǎng)絡(luò)中配置HSRP
回答
假如只用IP協(xié)議配置同前面例子,假如還有其他協(xié)議,非凡是使用了source-route bridging就用下面的配置方法
Router1#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router1(config)#interface Tokenring0
Router1(config-if)#ip address 172.22.1.3
Router1(config-if)#standby ip 172.22.1.1
Router1(config-if)#standby use-bia
Router1(config-if)#standby priority 120
Router1(config-if)#standby preempt
Router1(config-if)#exit
Router1(config)#end
Router1#
Router2#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router2(config)#interface Tokenring0
Router2(config-if)#ip address 172.22.1.2
Router2(config-if)#standby ip 172.22.1.1
Router2(config-if)#standby use-bia
Router2(config-if)#standby priority 110
Router2(config-if)#standby preempt
Router2(config-if)#exit
Router2(config)#end
Router2#
注釋 由于令牌環(huán)網(wǎng)絡(luò)會用到設(shè)備的MAC地址信息,所以假如HSRP用到虛擬MAC就會出問題,因此在配置中使用了burned-in address (BIA)來代替MAC來避免出現(xiàn)問題
22.8. 配置HSRP 的SNMP支持
提問 啟用HSRP的SNMP Traps
回答
Router1#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router1(config)#snmp-server enable traps hsrp
Router1(config)#snmp-server host 172.25.1.1 ORATRAP
Router1(config)#end
Router1#
注釋 無
22.9. 增加HSRP的安全性
提問 提高HSRP的安全
回答
組內(nèi)設(shè)備使用相同的配置
Router1#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router1(config)#interface FastEthernet 0/1
Router1(config-if)#standby 1 ip 172.22.1.1
Router1(config-if)#standby 1 priority 120
Router1(config-if)#standby 1 authentication NEOSHI
Router1(config-if)#exit
Router1(config)#end
Router1#
從12.3(2)T后支持md5加密密碼
Router1#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router1(config)#interface FastEthernet0/1
Router1(config-if)#standby 1 ip 10.1.1.1
Router1(config-if)#standby 1 priority 200
Router1(config-if)#standby 1 authentication md5 key-string OREILLY
Router1(config-if)#end
Router1#
為了防止其他路由器成為主用路由器,設(shè)置本路由器高優(yōu)先級
Router1#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router1(config)#interface FastEthernet 0/1
Router1(config-if)#standby 1 ip 172.22.1.1
Router1(config-if)#standby 1 priority 255
Router1(config-if)#exit
Router1(config)#end
Router1#
注釋 無
22.10. 顯示HSRP狀態(tài)信息
提問 顯示HSRP狀態(tài)信息
回答
Router2#show standby
Router2#show standby FastEthernet 1/0
Router2#show standby brief
注釋
22.11. HSRP排錯
提問 對HSRP進(jìn)行排錯
回答
Router2#debug standby errors
Router2#debug standby events
Router2#debug standby packets
Router2#debug standby terse
注釋
22.12. 啟用HSRP 版本2
提問 部署HSRPv2
回答
Router1#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router1(config)#interface FastEthernet0/1
Router1(config-if)#standby version 2
Router1(config-if)#standby 4095 ip 10.1.1.1
Router1(config-if)#standby 4095 timers msec 15 msec 50
Router1(config-if)#standby 4095 priority 200
Router1(config-if)#standby 4095 preempt
Router1(config-if)#end
Router1#
Router2#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router2(config)#interface FastEthernet0/0
Router2(config-if)#standby version 2
Router2(config-if)#standby 4095 ip 10.1.1.1
Router2(config-if)#standby 4095 timers msec 15 msec 50
Router2(config-if)#standby 4095 priority 150
Router2(config-if)#standby 4095 preempt
Router2(config-if)#end
Router2#
注釋 從12.3(4)T后開始支持HSRPv2,主要是擴(kuò)展了可用組數(shù),從v1的256個組到現(xiàn)在的4095個組,使用不同的MAC地址和組播地址,因此不能混用
22.13. VRRP
提問 在思科路由器上啟用VRRP
回答
Router1#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router1(config)#interface FastEthernet0/1
Router1(config-if)#ip address 10.1.1.2 255.255.255.0
Router1(config-if)#vrrp 1 ip 10.1.1.1
Router1(config-if)#vrrp 1 preempt
Router1(config-if)#vrrp 1 priority 200
Router1(config-if)#end
Router1#
Router2#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router2(config)#interface FastEthernet0/0
Router2(config-if)#ip address 10.1.1.3 255.255.255.0
Router2(config-if)#vrrp 1 ip 10.1.1.1
Router2(config-if)#vrrp 1 preempt
Router2(config-if)#vrrp 1 priority 150
Router2(config-if)#end
Router2#
注釋 注重在鑒權(quán)的配置上假如思科和非思科設(shè)備搭配可能會有問題。在配置定時器上只能配置Hello間隔,可以在主路由器上配置,備份路由器可以通過配置vrrp 1 timers learn 命令來自動學(xué)習(xí),可以為配置添加描述,也支持Track
<!--[if !supportLists]-->22.14. <!--[endif]-->GLBP
提問 配置GLBP來實現(xiàn)流量的自動負(fù)荷分擔(dān)
回答
Router1#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router1(config)#interface FastEthernet0/0
Router1(config-if)#ip address 172.22.1.3 255.255.255.0
Router1(config-if)#glbp 1 ip 172.22.1.1
Router1(config-if)#exit
Router1(config)#end
Router1#
Router2#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router2(config)#interface FastEthernet0/0
Router2(config-if)#ip address 172.22.1.2 255.255.255.0
Router2(config-if)#glbp 1 ip 172.22.1.1
Router2(config-if)#exit
Router2(config)#end
Router2#
注釋 GLBP通過組內(nèi)設(shè)備輪回的相應(yīng)虛擬MAC地址來實現(xiàn)自動的負(fù)荷分擔(dān),當(dāng)然也可以使用其他的分擔(dān)方式,比如權(quán)重等,這樣不需要通過配置多HSRP組的方式實現(xiàn)了均衡,并且所有設(shè)備使用同一的網(wǎng)關(guān)地址
新聞熱點
疑難解答
圖片精選
