CISCO VRRP配置

版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.csdn.net/weixin_41566700/article/details/87380595

CISCO VRRP配置

VRRP

VRRP:虚拟路由器冗余性协议
和HSRP不同,可以使用一台路由器的真实IP地址。在VRRP中,有一台主用的(master)路由器,以及一台或者多台的备用(backup)路由器。
在这里插入图片描述

VRRP的三种状态

1)Initialize
系统启动后进入此状态,当收到接口startup的消息,将转入Backup (优先级不为255时)或Master状态(优先级为255时)。在此状态时,路由器不会对VRRP报文做任何处理。
2)Master
当路由器处于Master状态时 它将会做下列工作
*定期发送VRRP组播报文
*发送免费(gratuitous)ARP报文,以使网络内各主机知道虚拟IP地址所对应的虚拟MAC地址
*响应对虚拟IP地址的ARP请求,并且响应的是虚拟MAC地址,而不是接口真实MAC地址
*转发目的MAC地址为虚拟MAC地址的IP报文
*如果它是这个虚拟IP地址的拥有者,则接收目的IP地址为这个虚拟IP地址的IP报文,否则,丢弃这个IP报文。需要注意的是,由于有这一点要求,所以除非主路由器是IP地址拥有者,否则主机ping虚拟IP地址不能ping通。
在Master状态中只有接收到比自己的优先级大的VRRP报文时,才会转为Backup。只有当接收到接口的Shutdown事件时才会转为Initialize
3)
当路由器处于Backup状态时 它将会做下列工作:
*接收Master发送的VRRP组播报文 从中了解Master的状态
*对虚拟IP地址的ARP请求 不做响应
*丢弃目的MAC地址为虚拟MAC地址的IP报文
*丢弃目的IP地址为虚拟IP地址的IP报文
只有当Backup接收到MASTER_DOWN这个定时器到时的事件时,才会转为Master 而当接收到比自己的优先级小的VRRP报文时,它只是做丢弃这个报文的处理,从而就不对定时器做重置处理。 这样定时器就会在若干次这样的处理之后到时,于是就转为Master。只有当接收到接口的Shutdown事件时才会转为Initialize

VRRP配置

vlan10虚拟网关192.168.10.254
配置vlan10的虚拟网关192.168.10.254,选举sw3为master switch,sw4为backup switch ,并且当sw3的上行链路或者下行链路故障的时候。sw4被选举为master switch 。

预配置
sw1:
sw1(config)#ip routing
sw1(config)#int e0/0
sw1(config-if)#no switchport 
sw1(config-if)#ip addr 12.1.1.1 255.255.255.0
sw1(config-if)#no shut



sw3:
sw3(config)#ip routing
sw3(config)#int e0/1
sw3(config-if)#no switchport 
sw3(config-if)#ip addr 12.1.1.2 255.255.255.0
sw3(config-if)#no shut
sw3(config-if)#int e0/0
sw3(config-if)#sw tr en do
sw3(config-if)#sw mo tr
sw3(config-if)#vlan 10
sw3(config-vlan)#int vlan 10
sw3(config-if)#ip addr 192.168.10.252 255.255.255.0
sw3(config-if)#no shut 
sw3(config-if)#ex


sw4:
sw4(config)#ip routing
sw4(config)#int e0/1
sw4(config-if)#no sw
sw4(config-if)#ip addr 13.1.1.2 255.255.255.0
sw4(config-if)#no shut
sw4(config-if)#int e0/0
sw4(config-if)#sw tr en do
sw4(config-if)#sw mo tr
sw4(config-if)#int vlan 10
sw4(config-if)#ip addr 192.168.10.253 255.255.255.0
sw4(config-if)#no shut
sw4(config-if)#ex


sw5:
sw5(config)#vlan 10
sw5(config-vlan)#int vlan 10
sw5(config-if)#ip addr 192.168.10.10 255.255.255.0
sw5(config-if)#no shut
sw5(config-if)#ex
sw5(config)#int range e0/1-2
sw5(config-if-range)#sw tr en do
sw5(config-if-range)#sw mo tr
sw5(config-if-range)#int e0/0
sw5(config-if)#sw mo acc
sw5(config-if)#sw acc vlan 10
sw5(config-if)#end
VRRP配置
sw3(VRRP):
sw3(confg)#track 1 interface Ethernet0/0 line-protocol # vrrp的track追踪配置是在全局配置模式下配置,再到接口下应用
sw3(confg)#track 2 interface Ethernet0/1 line-protocol
sw3(config)#int vlan 10
sw3(config-if)#vrrp 1 ip 192.168.10.254
*Feb 13 13:56:58.014: %VRRP-6-STATECHANGE: Vl10 Grp 1 state Init -> Backup
*Feb 13 13:56:58.019: %VRRP-6-STATECHANGE: Vl10 Grp 1 state Init -> Backup
sw3(config-if)#vrrp 1 
*Feb 13 13:57:01.637: %VRRP-6-STATECHANGE: Vl10 Grp 1 state Backup -> Master
sw3(config-if)#vrrp 1 priority 200
sw3(config-if)#vrrp 1 preempt 
sw3(config-if)#vrrp 1 track 1 decrement 60 #当e0/0口出现故障的时候,sw3的优先级降低60
sw3(config-if)#vrrp 1 track 2 decrement 60 #当e0/1口出现故障的时候,sw3的优先级降低60

sw4(VRRP)
sw4(confg)#track 1 interface Ethernet0/0 line-protocol 
sw4(confg)#track 2 interface Ethernet0/1 line-protocol
sw4(config)#int vlan 10
sw4(config-if)#vrrp 1 ip 192.168.10.254
*Feb 13 13:57:42.960: %VRRP-6-STATECHANGE: Vl10 Grp 1 state Init -> Backup
*Feb 13 13:57:42.964: %VRRP-6-STATECHANGE: Vl10 Grp 1 state Init -> Backup
sw4(config-if)#vrrp 1 priority 150
sw4(config-if)#vrrp 1 preempt
sw4(config-if)#vrrp 1 track 1 decrement 60 #当e0/0口出现故障的时候,sw4的优先级降低60
sw4(config-if)#vrrp 1 track 2 decrement 60 #当e0/1口出现故障的时候,sw4的优先级降低60

验证
sw3#show vrrp brief 
Interface          Grp Pri Time  Own Pre State   Master addr     Group addr
Vl10               1   200 3218       Y  Master  192.168.10.252  192.168.10.254 

sw4#show vrrp brief 
Interface          Grp Pri Time  Own Pre State   Master addr     Group addr
Vl10               1   150 3414       Y  Backup  192.168.10.252  192.168.10.254
当上行链路出线故障的时候:

关闭e0/1口,sw3优先级降底60,将被选举为backup router

sw3(config)#int e0/1
sw3(config-if)#shut
sw3(config-if)#
*Feb 15 10:58:04.447: %TRACK-6-STATE: 2 interface Et0/1 line-protocol Up -> Down
sw3(config-if)#
*Feb 15 10:58:06.446: %LINK-5-CHANGED: Interface Ethernet0/1, changed state to administratively down
*Feb 15 10:58:07.456: %LINEPROTO-5-UPDOWN: Line protocol on Interface Ethernet0/1, changed state to down
sw3(config-if)#
*Feb 15 10:58:07.495: %VRRP-6-STATECHANGE: Vl10 Grp 1 state Master -> Backup
sw3(config-if)#do show vrrp br
Interface          Grp Pri Time  Own Pre State   Master addr     Group addr
Vl10               1   140 3218       Y  Backup  192.168.10.253  192.168.10.254 

sw4将被选举为master router

sw4#
*Feb 15 10:58:07.492: %VRRP-6-STATECHANGE: Vl10 Grp 1 state Backup -> Master
sw4#show vrrp br
Interface          Grp Pri Time  Own Pre State   Master addr     Group addr
Vl10               1   150 3414       Y  Master  192.168.10.253  192.168.10.254 

ICMP测试丢了两个包

sw5#ping 192.168.10.254 repeat 10000
Type escape sequence to abort.
Sending 10000, 100-byte ICMP Echos to 192.168.10.254, timeout is 2 seconds:
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!..!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
当下行链路出线故障的时候:

关闭e0/1口,sw3优先级降底60,但是由于无法与backup router进行通信,因此sw3还是认为自己是主路由器

sw3(config-if)#int e0/0
sw3(config-if)#shut
sw3(config-if)#
*Feb 15 11:03:35.989: %TRACK-6-STATE: 1 interface Et0/0 line-protocol Up -> Down
sw3(config-if)#
*Feb 15 11:03:37.991: %LINK-5-CHANGED: Interface Ethernet0/0, changed state to administratively down
*Feb 15 11:03:38.999: %LINEPROTO-5-UPDOWN: Line protocol on Interface Ethernet0/0, changed state to down
sw3(config-if)#do show vrrp br
Interface          Grp Pri Time  Own Pre State   Master addr     Group addr
Vl10               1   140 3218       Y  Master  192.168.10.252  192.168.10.254 

备份路由器在连续三个通告间隔内收不到VRRP或收到优先级为0的通告后启动新的一轮VRRP选举,sw3选举为新的master router

sw4#
*Feb 15 11:03:38.782: %VRRP-6-STATECHANGE: Vl10 Grp 1 state Backup -> Master
sw4#show vrrp b
Interface          Grp Pri Time  Own Pre State   Master addr     Group addr
Vl10               1   150 3414       Y  Master  192.168.10.253  192.168.10.254 

ICMP测试,ping不通sw3的物理地址,ping通sw4的物理地址,ping通虚拟网关地址

sw5#ping 192.168.10.252
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.10.252, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)
sw5#ping 192.168.10.253
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.10.253, timeout is 2 seconds:
.!!!!
Success rate is 80 percent (4/5), round-trip min/avg/max = 2/2/3 ms
sw5#ping 192.168.10.254
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.10.254, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms
sw5#

展开阅读全文

没有更多推荐了,返回首页