分类: 系统运维
2009-07-18 09:27:59
实验目的:
1、理解HSRP的工作原理。
2、掌握HSRP配置方法.
3、理解HSRP的抢占与跟踪作用。
实验拓扑图:
实验步骤及要求:
1、本实验可以使用三层交换机完成,也可以使用路由器完成,在使用路由器时需要注意IOS的版本,确认支持HSRP协议。
2、配置R1与R2路由器的接口IP地址:
|
R1(config)#interface loopback 0 R1(config-if)#ip address 10.1.1.1 255.255.255.0 R1(config-if)#exit R1(config)# R1(config)#interface fastEthernet 0/0 R1(config-if)#ip address 192.168.1.2 255.255.255.0 R1(config-if)#no shutdown R1(config-if)#exit R1(config)# |
|
R2(config)#interface loopback 0 R2(config-if)#ip address 10.1.1.1 255.255.255.0 R2(config-if)#exit R2(config)# R2(config)#interface fastEthernet 0/0 R2(config-if)#ip address 192.168.1.3 255.255.255.0 R2(config-if)#no shutdown R2(config-if)#exit R2(config)# |
注意:在R1与R2上配置的环回口地址均为10.1.1.1/24主要是用于模拟某主机与R1和R2直连。
3、配置路由器PC1将与模拟成客户端,为了确保网关的冗余,因此将PC1的网关指向,即将通过HSRP协议虚拟出的虚拟网关地址:
|
PC1(config)#no ip routing PC1(config)# PC1(config)#interface fastEthernet 0/0 PC1(config-if)#ip address 192.168.1.10 255.255.255.0 PC1(config-if)#no shutdown PC1(config-if)#exit PC1(config)# PC1(config)#ip default-gateway 192.168.1.1 PC1(config)#exit PC1# |
4、在PC1上使用ping命令测试当前是否可以到达10.1.1.1/24的主机:
|
PC1#ping 10.1.1.1 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 10.1.1.1, timeout is 2 seconds: Success rate is 0 percent (0/5) PC1# |
4、为了能够有效的确保网关的冗余,因此在R1与R2上配置HSRP协议,配置如下:
|
R1(config)#interface fastEthernet 0/0 R1(config-if)#[stanley2] |
|
R2(config)#interface fastEthernet 0/0 R2(config-if)#standby 1 ip 192.168.1.1 |
5、当在R1上配置HSRP组后,IOS会提示如下信息:
6、在R1或R2上查看HSRP组信息:
|
R1#show standby FastEthernet0/0 - Group 1 Hellotime 3 sec, holdtime 10 sec [stanley4] Next hello sent in 1.348 Active router is local Standby router is 192.168.1.3, priority 100 expires in 7.812 5 state changes, last state change 00:00:10 IP redundancy name is "hsrp-Fa0/0-1" (default) R1# |
|
R2#show standby FastEthernet0/0 - Group 1 Local state is Standby, priority 100 Hellotime 3 sec, holdtime 10 sec Next hello sent in 2.686 Virtual IP address is 192.168.1.1 configured Active router is 192.168.1.2, priority 100 expires in 7.748 Standby router is local 8 state changes, last state change 00:03:11 IP redundancy name is "hsrp-Fa0/0-1" (default) R2# |
7、HSRP组中的每台路由器均会带有一个优先级。优先级会影响哪一台路由器成为ACTIVE路由器,用于响应客户端的ARP请求。如果在HSRP刚启动,而且每台路由器的优先级均相同,则会优先选择接口IP较高的为ACTIVE路由器。
8、在PC1客户端,使用ping和traceroute命令跟踪路由:
|
PC1#ping 10.1.1.1 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 10.1.1.1, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 44/300/1100 ms PC1# PC1#traceroute 10.1.1.1 Type escape sequence to abort. Tracing the route to 10.1.1.1 PC1# |
9、查看PC1的客户端的ARP缓存:
|
PC1#show arp Protocol Address Age (min) Hardware Addr Type Interface Internet 192.168.1.10 - ca02.0be4.0000 ARPA FastEthernet0/0 PC1# |
10、使用扩展ping命令向10.1.1.1发送较多数据包,同时将R1的Fa0/0接口,手工置为down状态,观察HSRP的冗余:
|
R1(config)#interface fastEthernet 0/0 R1(config-if)#shutdown |
查看PC1上的扩展ping:
|
PC1#ping Protocol [ip]: Target IP address: 10.1.1.1 Datagram size [100]: Timeout in seconds [2]: Extended commands [n]: Sweep range of sizes [n]: Type escape sequence to abort. Sending 1000000, 100-byte ICMP Echos to 10.1.1.1, timeout is 2 seconds: !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!.....!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! Success rate is 99 percent (456/461), round-trip min/avg/max = 16/72/560 ms PC1# |
从上面信息可以看出,由于R1的Fa0/0接口故障,导致PC1无法到达10.1.1.0/24的网络。另外,由于R1的Fa0/0接口故障,R2将无法收到Active路由器发送的Hello数据包,因此,在R2默认的HSRP的保持时间10秒超时后,R2会立即将自己提升为Active路由器,通过如下的信息可以确认该结论:
|
00:39:56: %STANDBY-6-STATECHANGE: FastEthernet0/0 Group 1 state Standby -> Active |
11、此时,再次在PC1上使用ping和traceroute命令确认路由和目标主机可达:
|
PC1>ping 10.1.1.1 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 10.1.1.1, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 20/57/108 ms PC1> PC1>traceroute 10.1.1.1 Type escape sequence to abort. Tracing the route to 10.1.1.1 PC1> |
12、通过以上上步骤,HSRP可以有效的保障网关的冗余,确保网络稳定。
13、将R1路由器的Fa0/0接口置为UP状态:
|
R1(config)#interface fastEthernet 0/0 R1(config-if)#no shutdown R1(config-if)#exit R1(config)# |
14、在等待一段时间后,再次在R1或R2路由器查看HSRP组信息:
|
R1#show standby FastEthernet0/0 - Group 1 Hellotime 3 sec, holdtime 10 sec Next hello sent in 0.450 Virtual IP address is 192.168.1.1 configured Standby router is local 7 state changes, last state change 00:00:34 IP redundancy name is "hsrp-Fa0/0-1" (default) R1# |
15、如果R1路由器为一台性能较好的路由器,而R2仅仅为备份路由器,因此可能更希望当R1路由器恢复时,能够负责ARP的响应和三层路由任务。为了实现这一功能,需要为R1路由器配置较高的优先级和开启HSRP的抢占功能:
|
R1(config)#interface fastEthernet 0/0 R1(config-if)#[stanley14] R1(config-if)#[stanley15] R1(config-if)#exit R1(config)# |
16、此时会注意到R1路由器系统会给出如下提示信息:
|
R1# R1# |
17、在R2上查看HSRP组信息:
|
R2#show standby FastEthernet0/0 - Group 1 Local state is Standby, [stanley17] Hellotime 3 sec, holdtime 10 sec Next hello sent in 2.722 Virtual IP address is 192.168.1.1 configured Active router is 192.168.1.2, [stanley18] expires in 7.452 Standby router is local 11 state changes, last state change 00:03:53 IP redundancy name is "hsrp-Fa0/0-1" (default) R2# |
18、HSRP除了能够对下行链路实施冗余,同时还可以对上行链路进行监测,动态的变更Active角色,确保网络万无一失。下面给出如何配置HSRP的接口跟踪功能:
|
R1(config)#interface fastEthernet 0/0 R1(config-if)#standby 1 priority 200 R1(config-if)#standby 1 preempt R1(config-if)#[stanley19] R1(config-if)#exit R1(config)# |
|
R2(config)#interface fastEthernet 0/0 R2(config-if)#[stanley20] R2(config-if)# |
19、在R1上将其loopback 0接口,手工置为down状态,然后观察系统提示信息:
|
R1#[stanley21] HSRP Events debugging is on R1# R1#conf t Enter configuration commands, one per line. End with CNTL/Z. R1(config)# R1(config)#interface loopback 0 R1(config-if)#shutdown R1(config-if)# R1(config-if)# 01:09:58: SB: Fa0/0 [stanley22] 01:09:58: SB: Fa0/0 [stanley23] 01:09:58: SB1: Fa0/0 Active: j/Coup rcvd from higher pri router (100/192.168.1.3) 01:09:58: SB1: Fa0/0 Active router is 192.168.1.3, was local 01:09:58: SB: Fa0/0 Remove active hash 192.168.1.2 (vIP 192.168.1.1) 01:09:58: SB: Fa0/0 Remove passive hash 192.168.1.3 (frc 0) 01:09:58: SB: Fa0/0 Add active hash 192.168.1.3 (vIP 192.168.1.1) 01:09:58: SB1: Fa0/0 Standby router is unknown, was 192.168.1.3 01:09:58: SB1: Fa0/0 [stanley24] 01:09:58: %STANDBY-6-STATECHANGE: FastEthernet0/0 Group 1 state Active -> Speak 01:09:58: SB1: Fa0/0 Redundancy "hsrp-Fa0/0-1" state Active -> Speak 01:09:58: SB: Fa0/0 Redirect adv start 01:09:58: %LINK-5-CHANGED: Interface Loopback0, changed state to administratively down 01:10:08: SB1: Fa0/0 Speak: d/Standby timer expired (unknown) 01:10:08: SB1: Fa0/0 Standby router is local 01:10:08: SB1: Fa0/0 Speak -> Standby 01:10:08: SB1: Fa0/0 Redundancy "hsrp-Fa0/0-1" state Speak -> Standby |
20、查看R1与R2路由器HSRP组信息:
|
R1#show standby FastEthernet0/0 - Group 1 Local state is Standby, priority 50 (confgd 200), may preempt Hellotime 3 sec, holdtime 10 sec Next hello sent in 2.668 Virtual IP address is 192.168.1.1 configured Active router is 192.168.1.3, priority 100 expires in 8.252 Standby router is local 13 state changes, last state change 00:01:19 IP redundancy name is "hsrp-Fa0/0-1" (default) Priority tracking 1 interface, 0 up: Interface Decrement State Loopback0 150 Down (administratively down) R1# |
|
R2#show standby FastEthernet0/0 - Group 1 Local state is Active, priority 100, may preempt Hellotime 3 sec, holdtime 10 sec Next hello sent in 0.808 Virtual IP address is 192.168.1.1 configured Active router is local Standby router is 192.168.1.2, priority 50 expires in 9.128 Virtual mac address is 0000.0c07.ac01 15 state changes, last state change 00:00:57 IP redundancy name is "hsrp-Fa0/0-1" (default) Priority tracking 1 interface, 1 up: Interface Decrement State Loopback0 10 Up |
21、实验完成。
