实现HSRP-热备份路由协议

<HSRP多组实现>

网络工程师必会的企业网络常用双机热备协议之HSRP。

实验拓扑:

实验目的:

通过配置多组HSRP实现网关自动切换和链接负载均衡,既当网络正常时PC1,PC3通过R1到达R3,PC2,PC4通过R2到达R3,当R1或R2发生故障时网关能自动切换,以确保VLAN2,VLAN3的主机到达R3的连通性,

实验步骤目录:

基本配置:按拓扑所示配置各设备的IP地址.
PAT和路由配置:分别在R1和R2上配置PAT和默认路由
HSRP配置:分别在R1和R2上配置HSRP
验证和测试:分别R1,R2和PC上进行验证和测试
模拟故障发生:在R1或R2上模拟故障的发生,验证网关能否自动切换

实现步骤1: 基本配置:按拓扑所示配置各设备的IP地址.

配置R1:

Router(config)#host R1

R1(config)#int s0/1

R1(config-if)#clock rate 64000

R1(config-if)#ip add 13.1.1.1 255.255.255.0

R1(config-if)#no shutdown

R1(config-if)#exit

R1(config)#int e0/0

R1(config-if)#no shutdown

R1(config-if)#exit

R1(config)#int e0/0.2

R1(config-subif)#encapsulation dot1Q 2

R1(config-subif)#ip add 2.1.1.1 255.255.255.0

R1(config-subif)#exit

R1(config)#int e0/0.3

R1(config-subif)#encapsulation dot1Q 3

R1(config-subif)#ip add 3.1.1.1 255.255.255.0

R1(config-subif)#end

配置R2:

Router(config)#host R2

R2(config)#int s0/1

R2(config-if)#clock rate 64000

R2(config-if)#ip add 23.1.1.2 255.255.255.0

R2(config-if)#no shutdown

R2(config-if)#exit

R2(config)#int e0/0

R2(config-if)#no shutdown

R2(config-if)#exit

R2(config)#int e0/0.2

R2(config-subif)#encapsulation dot1Q 2

R2(config-subif)#ip add 2.1.1.2 255.255.255.0

R2(config-subif)#exit

R2(config)#int e0/0.3

R2(config-subif)#encapsulation dot1Q 3

R2(config-subif)#ip add 3.1.1.2 255.255.255.0

R2(config-subif)#end

配置R3:

Router(config)#host R3

R3(config)#int s0/0

R3(config-if)#ip add 13.1.1.3 255.255.255.0

R3(config-if)#no sh

R3(config-if)#exit

R3(config)#int s0/1

R3(config-if)#ip add 23.1.1.3 255.255.255.0

R3(config-if)#no sh

R3(config-if)#exit

R3(config)#int loo0

R3(config-if)#ip add 3.3.3.3 255.255.255.0

R3(config-if)#no sh

R3(config-if)#end

配置SW1:

Switch(config)#host SW1

SW1(config)#int f0/1

SW1(config-if)#switchport trunk encapsulation dot1q

SW1(config-if)#switchport mode trunk

SW1(config-if)#int f0/2

SW1(config-if)#switchport trunk encapsulation dot1q

SW1(config-if)#switchport mode trunk

SW1(config-if)#exit

SW1(config)#exit

SW1#vlan da

SW1#vlan database

SW1(vlan)#vlan 2

VLAN 2 added:

Name: VLAN0002

SW1(vlan)#vlan 3

VLAN 3 added:

Name: VLAN0003

SW1(vlan)#exit

APPLY completed.

Exiting....

SW1(config)#int f0/4

SW1(config-if)#switchport mode access

SW1(config-if)#switchport access vlan 2

SW1(config-if)#int f0/5

SW1(config-if)#switchport mode access

SW1(config-if)#switchport access vlan 2

SW1(config-if)#int f0/6

SW1(config-if)#switchport mode access

SW1(config-if)#switchport access vlan 3

SW1(config-if)#int f0/7

SW1(config-if)#switchport mode access

SW1(config-if)#switchport access vlan 3

配置PC1-PC4:

每台PC的设置按拓扑要求配置好IP和网关

配置PC1:

Router(config)#host PC1

PC1(config)#no ip routing

PC1(config)#int e0/0

PC1(config-if)#ip add 2.1.1.11 255.255.255.0

PC1(config-if)#no sh

PC1(config-if)#exit

PC1(config)#ip default-gateway 2.1.1.253

配置PC2:

Router(config)#host PC2

PC2(config)#no ip routing

PC2(config)#int e0/0

PC2(config-if)#ip add 2.1.1.12 255.255.255.0

PC2(config-if)#no sh

PC2(config-if)#exit

PC2(config)#ip default-gateway 2.1.1.254

配置PC3:

Router(config)#host PC3

PC3(config)#no ip routing

PC3(config)#int e0/0

PC3(config-if)#ip add 3.1.1.13 255.255.255.0

PC3(config-if)#no sh

PC3(config-if)#exit

PC3(config)#ip default-gateway 3.1.1.253

配置PC4:

Router(config)#host PC4

PC4(config)#no ip routing

PC4(config)#int e0/0

PC4(config-if)#ip add 3.1.1.14 255.255.255.0

PC4(config-if)#no sh

PC4(config-if)#exit

PC4(config)#ip default-gateway 3.1.1.254

实现步骤2: PAT和路由配置:分别在R1和R2上配置PAT和默认路由

配置R1:

R1(config)#access-list 10 permit 2.1.1.0 0.0.0.255

R1(config)#access-list 10 permit 3.1.1.0 0.0.0.255

R1(config)#ip nat inside source list 10 interface s0/1 overload

R1(config)#int e0/0.2

R1(config-subif)#ip nat inside

R1(config-subif)#int e0/0.3

R1(config-subif)#ip nat inside

R1(config-subif)#int s0/1

R1(config-if)#ip nat outside

R1(config)#ip route 0.0.0.0 0.0.0.0 13.1.1.3

配置R2:

R2(config)#access-list 10 permit 2.1.1.0 0.0.0.255

R2(config)#access-list 10 permit 3.1.1.0 0.0.0.255

R2(config)#ip nat inside source list 10 interface s0/1 overload

R2(config)#int e0/0.2

R2(config-subif)#ip nat inside

R2(config-subif)#int e0/0.3

R2(config-subif)#ip nat inside

R2(config-subif)#int s0/1

R2(config-if)#ip nat outside

R2(config)#ip route 0.0.0.0 0.0.0.0 23.1.1.3

实现步骤3:HSRP配置:分别在R1和R2上配置HSRP

HSRP配置命令参考解释:

R1(config-subif)#standby 1 ? //hsrp version1组号为0-255,V2为0-4095

authentication Authentication //配置HSRP验证功能

ip Enable HSRP and set the virtual IP address //虚拟IP

mac-address Virtual MAC address //手工配置虚拟MAC地址

name Redundancy name string //HSRP组名

preempt Overthrow lower priority Active router抢占,默认关闭

priority Priority level //配置优先级0-255,默认为100,大的优选

timers Hello and hold timers hello包发送和保持时间默认3 和10

track Priority tracking //配置跟踪功能

配置R1:

R1(config)#int e0/0.2

R1(config-subif)#standby 1 ip 2.1.1.253 配置group1(vr1)的虚拟IP地址

R1(config-subif)#standby 1 priority 110 配置group1(vr1)的优先级

R1(config-subif)#standby 1 preempt 配置group1(vr1)抢占功能

R1(config-subif)#standby 1 track serial 0/1 50配置group1(vr1)跟踪功能

R1(config-subif)#standby 2 ip 2.1.1.254 配置group2(vr2)的虚拟IP地址

R1(config-subif)#standby 2 priority 105 配置group2(vr2)的优先级

R1(config-subif)#standby 2 preempt 配置group2(vr2)抢占功能

R1(config-subif)#standby 2 track serial 0/1 50配置group2(vr2)跟踪功能

standby 2 track serial 0/1 50 >>如果s0/1接口状态为down,则优先级降50

R1(config)#int e0/0.3

R1(config-subif)#standby 3 ip 3.1.1.253 配置group3(vr3)的虚拟IP地址

R1(config-subif)#standby 3 pri 110 配置group3(vr3)的优先级

R1(config-subif)#standby 3 preempt 配置group3(vr3)抢占功能

R1(config-subif)#standby 3 track s0/1 50 配置group3(vr3)跟踪功能

R1(config-subif)#standby 4 ip 3.1.1.254 配置group4(vr4)的虚拟IP地址

R1(config-subif)#standby 4 priority 105 配置group4(vr4)的优先级

R1(config-subif)#standby 4 preempt 配置group4(vr4)抢占功能

R1(config-subif)#standby 4 track s0/1 50 配置group4(vr4)跟踪功能

配置R2:

R2(config)#int e0/0.2

R2(config-subif)#standby 1 ip 2.1.1.253

R2(config-subif)#standby 1 priority 105

R2(config-subif)#standby 1 preempt

R2(config-subif)#standby 1 track serial 0/1 50

R2(config-subif)#standby 2 ip 2.1.1.254

R2(config-subif)#standby 2 priority 110

R2(config-subif)#standby 2 preempt

R2(config-subif)#standby 2 track serial 0/1 50

R2(config)#int e0/0.3

R2(config-subif)#standby 3 ip 3.1.1.253

R2(config-subif)#standby 3 priority 105

R2(config-subif)#standby 3 preempt

R2(config-subif)#standby 3 track s0/1 50

R2(config-subif)#standby 4 ip 3.1.1.254

R2(config-subif)#standby 4 priority 110

R2(config-subif)#standby 4 preempt

R2(config-subif)#standby 4 track s0/1 50

实现步骤4: 分别R1,R2和PC上进行验证和测试

在R1上验证HSRP参数:

R1#show standby brief

P indicates configured to preempt.

Interface Grp Prio P State Active Standby Virtual IP

Et0/0.2 1 110 P Active local 2.1.1.2 2.1.1.253

Et0/0.2 2 105 P Standby 2.1.1.2 local 2.1.1.254

Et0/0.3 3 110 P Active local 3.1.1.2 3.1.1.253

Et0/0.3 4 105 P Standby 3.1.1.2 local 3.1.1.254

显示参数解释:

Grp:组号

Prio:优先级

P:抢占

State:HSRP状态(同一个组里同时只有一台Active或是Standby状态,一个组里可以同时有多台路由器处于listen状态)

Active:显示处于活动状态的路由器

Standby:显示处于备份状态的路由器

Virtual IP:显示每个组的虚拟路由器IP地址

解释R1:show standby brief

针对group1,R1是active,R2为standby

针对group2,R1是,standby,R2为active

针对group3,R1是active,R2为standby

针对group4,R1是,standby,R2为active

在R2上验证HSRP参数:

R2#show standby brief

P indicates configured to preempt.

Interface Grp Prio P State Active Standby Virtual IP

Et0/0.2 1 105 P Standby 2.1.1.1 local 2.1.1.253

Et0/0.2 2 110 P Active local 2.1.1.1 2.1.1.254

Et0/0.3 3 105 P Standby 3.1.1.1 local 3.1.1.253

Et0/0.3 4 110 P Active local 3.1.1.1 3.1.1.254

显示参数解释:

Grp:组号

Prio:优先级

P:抢占

State:HSRP状态(同一个组里同时只有一台Active或是Standby状态,一个组里可以同时有多台路由器处于listen状态)

Active:显示处于活动状态的路由器

Standby:显示处于备份状态的路由器

Virtual IP:显示每个组的虚拟路由器IP地址

解释R2:show standby brief

针对group1,R1是standby,R2为active

针对group2,R1是,active ,R2为standby

针对group3,R1是standby,R2为active

针对group4,R1是,active ,R2为standby

在PC1上测试:

---------------------------------------------------------------------

PC1#ping 3.3.3.3

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 3.3.3.3, timeout is 2 seconds:

!!!!!

------------------------

PC1#traceroute 3.3.3.3

Type escape sequence to abort.

Tracing the route to 3.3.3.3

1 2.1.1.1 0 msec 0 msec 4 msec

2 13.1.1.3 20 msec * 16 msec

---------------------------------------------------------------------

在PC2上测试:

PC2#ping 3.3.3.3

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 3.3.3.3, timeout is 2 seconds:

!!!!!

----------------------

PC2#traceroute 3.3.3.3

Type escape sequence to abort.

Tracing the route to 3.3.3.3

1 2.1.1.2 4 msec 4 msec 4 msec

2 23.1.1.3 16 msec * 16 msec

---------------------------------------------------------------------

在PC3上测试:

PC3#ping 3.3.3.3

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 3.3.3.3, timeout is 2 seconds:

!!!!!

----------------------

PC3#traceroute 3.3.3.3

Type escape sequence to abort.

Tracing the route to 3.3.3.3

1 3.1.1.1 4 msec 4 msec 4 msec

2 13.1.1.3 16 msec * 16 msec

---------------------------------------------------------------------

在PC4上测试:

PC4#ping 3.3.3.3

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 3.3.3.3, timeout is 2 seconds:

!!!!!

-----------------------

PC4#traceroute 3.3.3.3

Type escape sequence to abort.

Tracing the route to 3.3.3.3

1 3.1.1.2 6 msec 3 msec 5 msec

2 23.1.1.3 19 msec * 16 msec

---------------------------------------------------------------------

实现步骤5在R1或R2上模拟故障的发生,验证网关能否自动切换

在R1上关闭外网接口S0/1,验证网关能否切换到R2.

R1(config)#int s0/1

R1(config-if)#shutdown

在PC1上测试:

PC1#ping 3.3.3.3

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 3.3.3.3, timeout is 2 seconds:

!!!!!

-----------------------

PC1#traceroute 3.3.3.3

Type escape sequence to abort.

Tracing the route to 3.3.3.3

1 2.1.1.2 4 msec 4 msec 4 msec

2 23.1.1.3 16 msec * 16 msec

在PC2上测试:

PC2#traceroute 3.3.3.3

Type escape sequence to abort.

Tracing the route to 3.3.3.3

1 2.1.1.2 4 msec 4 msec 4 msec

2 23.1.1.3 20 msec * 16 msec

在PC3上测试:

PC3#ping 3.3.3.3

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 3.3.3.3, timeout is 2 seconds:

!!!!!

----------------------

PC3#traceroute 3.3.3.3

Type escape sequence to abort.

Tracing the route to 3.3.3.3

1 3.1.1.2 4 msec 4 msec 4 msec

2 23.1.1.3 16 msec * 16 msec

在PC4上测试:

PC4#ping 3.3.3.3

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 3.3.3.3, timeout is 2 seconds:

!!!!!

-----------------------

PC4#traceroute 3.3.3.3

Type escape sequence to abort.

Tracing the route to 3.3.3.3

1 3.1.1.2 2 msec 3 msec 2 msec

2 23.1.1.3 19 msec * 40 msec

---------------------------------------------------------------------

启用R1外网接口:

R1(config)#int s0/1

R1(config-if)#no shutdown

---------------------------------------------------------------------

在R1和R2上再次确认HSRP的正常状态:

R1#show standby brief

P indicates configured to preempt.

Interface Grp Prio P State Active Standby Virtual IP

Et0/0.2 1 110 P Active local 2.1.1.2 2.1.1.253

Et0/0.2 2 105 P Standby 2.1.1.2 local 2.1.1.254

Et0/0.3 3 110 P Active local 3.1.1.2 3.1.1.253

Et0/0.3 4 105 P Standby 3.1.1.2 local 3.1.1.254

解释R1:show standby brief

针对group1,R1是active,R2为standby

针对group2,R1是,standby,R2为active

针对group3,R1是active,R2为standby

针对group4,R1是,standby,R2为active

在R2上验证HSRP参数:

R2#show standby brief

P indicates configured to preempt.

Interface Grp Prio P State Active Standby Virtual IP

Et0/0.2 1 105 P Standby 2.1.1.1 local 2.1.1.253

Et0/0.2 2 110 P Active local 2.1.1.1 2.1.1.254

Et0/0.3 3 105 P Standby 3.1.1.1 local 3.1.1.253

Et0/0.3 4 110 P Active local 3.1.1.1 3.1.1.254

解释R2:show standby brief

针对group1,R1是standby,R2为active

针对group2,R1是,active ,R2为standby

针对group3,R1是standby,R2为active

针对group4,R1是,active ,R2为standby

<<各设备的详细配置show run请看附件R1.LOG R2.LOG R3.LOG SW1.LOG>>