22.1. 配置基本HSRP
提問 "FONT-FAMILY: 宋體">當主用路由器當掉以後備份路由器可以接管主用路由器的IP地址和MAC地址
回答
Router1:
Router1#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router1(config)#interface FastEthernet 0/1
Router1(config-if)#ip address 172.22.1.3 255.255.255.0
Router1(config-if)#standby 1 ip 172.22.1.1
Router1(config-if)#standby 1 priority 120
Router1(config-if)#exit
Router1(config)#end
Router1#
Router2:
Router2#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router2(config)#interface FastEthernet 1/0
Router2(config-if)#ip address 172.22.1.2 255.255.255.0
Router2(config-if)#standby 1 ip 172.22.1.1
Router2(config-if)#standby 1 priority 110
Router2(config-if)#exit
Router2(config)#end
Router2#
註釋 由於HSRP虛擬出來的MAC地址跟組相關,所以可能會出現同一交換機收到多個相同的MAC地址的情況,這時候就需要用standby 1 mac-address 0000.0c07.ad01 命令來人工指定一個MAC地址
22.2. 使用HSRP 強佔特性
提問 強制某個路由器啓動後一直在組中處於主用狀態
回答
Router1#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router1(config)#interface FastEthernet 0/1
Router1(config-if)#standby 1 ip 172.22.1.1
Router1(config-if)#standby 1 priority 120
Router1(config-if)#standby 1 preempt
Router1(config-if)#exit
Router1(config)#end
Router1#
Router2#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router2(config)#interface FastEthernet 1/0
Router2(config-if)#standby 1 ip 172.22.1.1
Router2(config-if)#standby 1 priority 110
Router2(config-if)#standby 1 preempt
Router2(config-if)#exit
Router2(config)#end
Router2#
註釋 正常情況下當LAN端口up後就會發生強佔,而此時可能網絡還沒有收斂,所以建議配置強佔延遲時間,讓路由器啓動後過一段時間再發起強佔standby 1 preempt delay 60
22.3. 配置HSRP對接口問題追蹤的支持
提問 當主用路由器的上聯端口出現問題後主動切換到備用路由器
回答
Router1#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router1(config)#interface FastEthernet0/1
Router1(config-if)#standby 1 ip 172.22.1.1
Router1(config-if)#standby 1 priority 120
Router1(config-if)#standby 1 preempt
Router1(config-if)#standby 1 track Serial0/0 20
Router1(config-if)#exit
Router1(config)#end
Router1#
從12.2(15)T後引入更多可追蹤實例
Router1#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router1(config)#track 11 interface Serial1/1 ip routing
Router1(config-track)#exit
Router1(config)#interface FastEthernet0/0
Router1(config-if)#standby 1 ip 172.22.1.1
Router1(config-if)#standby 1 priority 120
Router1(config-if)#standby 1 preempt
Router1(config-if)#standby 1 track 11 decrement 50
Router1(config-if)#end
Router1#
註釋 Router1#show track
Track 11
Interface Serial1/1 ip routing
IP routing is Down (hw admin-down, ip disabled)
1 change, last change 00:12:48
Tracked by:
HSRP FastEthernet0/0 1
22.4. HSRP負載均衡
提問 在兩臺或者多臺HSRP路由器上實現流量的負載均衡
回答
Router1#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router1(config)#interface FastEthernet0/1
Router1(config-if)#ip address 172.22.1.3 255.255.255.0
Router1(config-if)#standby 1 ip 172.22.1.1
Router1(config-if)#standby 1 priority 120
Router1(config-if)#standby 1 preempt
Router1(config-if)#standby 2 ip 172.22.1.2
Router1(config-if)#standby 2 priority 110
Router1(config-if)#standby 2 preempt
Router1(config-if)#exit
Router1(config)#end
Router1#
Router2#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router2(config)#interface FastEthernet1/0
Router2(config-if)#ip address 172.22.1.4 255.255.255.0
Router2(config-if)#standby 1 ip 172.22.1.1
Router2(config-if)#standby 1 priority 110
Router2(config-if)#standby 1 preempt
Router2(config-if)#standby 2 ip 172.22.1.2
Router2(config-if)#standby 2 priority 120
Router2(config-if)#standby 2 preempt
Router2(config-if)#exit
Router2(config)#end
Router2#
註釋 由於出現兩個網關,所以需要在終端設備上分開配置各自的缺省網關。
22.5. HSRP中ICMP重定向
提問 在HSRP中啓用ICMP重定向
回答
Router2#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router2(config)#interface FastEthernet 1/0
Router2(config-if)#no ip redirects
Router2(config-if)#standby redirects disable
Router2(config-if)#exit
Router2(config)#end
Router2#
註釋
22.6. 調整HSRP定時器
提問 調整備份路由器接管主用路由器所需時長
回答
Router1#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router1(config)#interface FastEthernet0/1
Router1(config-if)#standby 1 ip 172.22.1.1
Router1(config-if)#standby 1 priority 120
Router1(config-if)#standby 1 preempt
Router1(config-if)#standby 1 timers 1 3
Router1(config-if)#exit
Router1(config)#end
Router1#
註釋 缺省Hello包時長爲3秒,10秒後會接管,如果主用路由器調整時長,整個組內的路由器都要調整爲相同的時長。最短可以到達毫秒Router1(config-if)#standby 1 timers msec 100 msec 300
22.7. 在令牌環網絡中使用HSRP
提問 在令牌環網絡中配置HSRP
回答
如果只用IP協議配置同前面例子,如果還有其他協議,特別是使用了source-route bridging就用下面的配置方法
Router1#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router1(config)#interface Tokenring0
Router1(config-if)#ip address 172.22.1.3
Router1(config-if)#standby ip 172.22.1.1
Router1(config-if)#standby use-bia
Router1(config-if)#standby priority 120
Router1(config-if)#standby preempt
Router1(config-if)#exit
Router1(config)#end
Router1#
Router2#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router2(config)#interface Tokenring0
Router2(config-if)#ip address 172.22.1.2
Router2(config-if)#standby ip 172.22.1.1
Router2(config-if)#standby use-bia
Router2(config-if)#standby priority 110
Router2(config-if)#standby preempt
Router2(config-if)#exit
Router2(config)#end
Router2#
註釋 由於令牌環網絡會用到設備的MAC地址信息,所以如果HSRP用到虛擬MAC就會出問題,因此在配置中使用了burned-in address (BIA)來代替MAC來避免出現問題
22.8. 配置HSRP 的SNMP支持
提問 啓用HSRP的SNMP Traps
回答
Router1#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router1(config)#snmp-server enable traps hsrp
Router1(config)#snmp-server host 172.25.1.1 ORATRAP
Router1(config)#end
Router1#
註釋 無
22.9. 增加HSRP的安全性
提問 提高HSRP的安全
回答
組內設備使用相同的配置
Router1#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router1(config)#interface FastEthernet 0/1
Router1(config-if)#standby 1 ip 172.22.1.1
Router1(config-if)#standby 1 priority 120
Router1(config-if)#standby 1 authentication NEOSHI
Router1(config-if)#exit
Router1(config)#end
Router1#
從12.3(2)T後支持MD5加密密碼
Router1#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router1(config)#interface FastEthernet0/1
Router1(config-if)#standby 1 ip 10.1.1.1
Router1(config-if)#standby 1 priority 200
Router1(config-if)#standby 1 authentication md5 key-string OREILLY
Router1(config-if)#end
Router1#
爲了防止其他路由器成爲主用路由器,設置本路由器高優先級
Router1#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router1(config)#interface FastEthernet 0/1
Router1(config-if)#standby 1 ip 172.22.1.1
Router1(config-if)#standby 1 priority 255
Router1(config-if)#exit
Router1(config)#end
Router1#
註釋 無
22.10. 顯示HSRP狀態信息
提問 顯示HSRP狀態信息
回答
Router2#show standby
Router2#show standby FastEthernet 1/0
Router2#show standby brief
註釋
22.11. HSRP排錯
提問 對HSRP進行排錯
回答
Router2#debug standby errors
Router2#debug standby events
Router2#debug standby packets
Router2#debug standby terse
註釋
22.12. 啓用HSRP 版本2
提問 部署HSRPv2
回答
Router1#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router1(config)#interface FastEthernet0/1
Router1(config-if)#standby version 2
Router1(config-if)#standby 4095 ip 10.1.1.1
Router1(config-if)#standby 4095 timers msec 15 msec 50
Router1(config-if)#standby 4095 priority 200
Router1(config-if)#standby 4095 preempt
Router1(config-if)#end
Router1#
Router2#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router2(config)#interface FastEthernet0/0
Router2(config-if)#standby version 2
Router2(config-if)#standby 4095 ip 10.1.1.1
Router2(config-if)#standby 4095 timers msec 15 msec 50
Router2(config-if)#standby 4095 priority 150
Router2(config-if)#standby 4095 preempt
Router2(config-if)#end
Router2#
註釋 從12.3(4)T後開始支持HSRPv2,主要是擴展了可用組數,從v1的256個組到現在的4095個組,使用不同的MAC地址和組播地址,因此不能混用
22.13. VRRP
提問 在思科路由器上啓用VRRP
回答
Router1#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router1(config)#interface FastEthernet0/1
Router1(config-if)#ip address 10.1.1.2 255.255.255.0
Router1(config-if)#vrrp 1 ip 10.1.1.1
Router1(config-if)#vrrp 1 preempt
Router1(config-if)#vrrp 1 priority 200
Router1(config-if)#end
Router1#
Router2#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router2(config)#interface FastEthernet0/0
Router2(config-if)#ip address 10.1.1.3 255.255.255.0
Router2(config-if)#vrrp 1 ip 10.1.1.1
Router2(config-if)#vrrp 1 preempt
Router2(config-if)#vrrp 1 priority 150
Router2(config-if)#end
Router2#
註釋 注意在鑑權的配置上如果思科和非思科設備搭配可能會有問題。在配置定時器上只能配置Hello間隔,可以在主路由器上配置,備份路由器可以通過配置vrrp 1 timers learn 命令來自動學習,可以爲配置添加描述,也支持Track
22.14. GLBP
提問 配置GLBP來實現流量的自動負荷分擔
回答
Router1#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router1(config)#interface FastEthernet0/0
Router1(config-if)#ip address 172.22.1.3 255.255.255.0
Router1(config-if)#glbp 1 ip 172.22.1.1
Router1(config-if)#exit
Router1(config)#end
Router1#
Router2#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router2(config)#interface FastEthernet0/0
Router2(config-if)#ip address 172.22.1.2 255.255.255.0
Router2(config-if)#glbp 1 ip 172.22.1.1
Router2(config-if)#exit
Router2(config)#end
Router2#
註釋 GLBP通過組內設備輪迴的相應虛擬MAC地址來實現自動的負荷分擔,當然也可以使用其他的分擔方式,比如權重等,這樣不需要通過配置多HSRP組的方式實現了均衡,並且所有設備使用同一的網關地址
Cisco IOS Cookbook 中文精簡版 22-23 HSRP
發表評論
所有評論
還沒有人評論,想成為第一個評論的人麼? 請在上方評論欄輸入並且點擊發布.
相關文章