华为 -- VRRP 备份路由应用
介绍:虚拟路由冗余协议(Virtual Router Redundancy Protocol,简称VRRP)是由IETF提出的解决局域网中配置静态网关出现单点失效现象的路由协议,1998年已推出正式的RFC2338协议标准。VRRP广泛应用在边缘网络中,它的设计目标是支持特定情况下IP数据流量失败转移不会引起混乱,允许主机使用单路由器,以及及时在实际第一跳路由器使用失败的情形下仍能够维护路由器间的连通性。
实验拓扑:
所用设备:
R1 为 H3C F100C R2:H3C-AR18-23-1SW1: HUAWEIS3526E SW2:HUAWEI S3526
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
Sw1
sysname sw1
vlan 10
port Ethernet 0/16
vlan 20
port eth0/15
int e0/7
port link-type trunk
port trunk permit vlanall
int e0/8
port link-type trunk
port trunk permit vlanall
int e0/10
port link-type trunk
port trunk permit vlanall
link-aggregation Ethernet 0/7 toEthernet 0/8 both //做链路聚合0/7到0/8,端口尽量连续
The speed of aggregating ports should besame, but not be AUTO!******因为两端的设备不一样,所以造成,设置速率
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
int e0/7 //调整速率
speed 100
int e0/8
speed 100
link-aggregation Ethernet0/7 to Ethernet 0/8 both
Theduplex of aggregating ports should be full mode!****必须是全双工
int e0/7 //设置全双工
duplex full
int e0/8
duplex full
link-aggregation Ethernet 0/7 toEthernet 0/8 both // 再做链路聚合
int Vlan-interface 1
ip add 192.168.1.1255.255.255.0
local-user admin
password cipher admin
service-type telnet level3
user-interface vty 0 4
authentication-mode scheme
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
Sw2
vlan 10
port e0/16
vlan 20
port e0/15
int e0/1
port link-type trunk
port trunk permit vlan all
int e0/2
port link-type trunk
port trunk permit vlan all
int e0/10
port link-type trunk
port trunk permit vlanall
int eth0/1
duplex full
int eth0/2
duplex full
int Ethernet 0/1
speed 100
int Ethernet 0/2
speed 100
link-aggregation Ethernet 0/1to Ethernet 0/2 both //链路聚合,端口开始必须是1/9/17
int Vlan-interface 1
ip add 192.168.1.2255.255.255.0
local-user admin
password cipher admin
service-type telnet level3
user-interface vty 0 4
authentication-mode scheme
1
2
3
4
5
6
7
8
9
10
11
12
R1
undo insulate // 首先取消隔离
int eth0/0.10
vlan-type dot1q vid 10 // 先打标签,vid vlan的ID号
ip add 192.168.10.1 24
int eth0/0.20
vlan-type dot1q vid 20
ip add 192.168.20.1 24
firewall zone trust
add interface Ethernet 0/0
add interface Ethernet0/0.10
add interface Ethernet0/0.20
1
2
3
4
5
6
7
R2
int Ethernet 1/0.10
vlan-type dot1q vid 10
ip add 192.168.10.2 24
int Ethernet 1/0.20
vlan-type dot1q vid 20
ip add 192.168.20.2 24
Ping r1 IP 都通,做vrrp备份组
1
2
3
4
5
6
vrrp ping-enable
int Ethernet0/0.10
vrrp vrid 10 virtual-ip192.168.10.254 //配置虚拟路由
vrrp vrid 10 priority120 //优先级
int Ethernet0/0.20
vrrp vrid 20 virtual-ip192.168.20.254
R2
1
2
3
4
5
6
vrrp ping-enable
int Ethernet 1/0.10
vrrp vrid 10 virtual-ip192.168.10.254
r2-Ethernet1/0.10]int eth1/0.20
vrrp vrid 20 virtual-ip192.168.20.254
vrrp vrid 20 priority120
测试。
主机网关要指向虚拟网关。192.168.10.254/192.168.20.254
如果管理员在vlan20里,要想远程到交换机,要把路由器/防火墙的物理地址该做vlan1
物理接口的地址就是vlan1的地址
1
2
int eth0/0
ip add 192.168.1.254 24 //这里只配置了一个路由,另一个也要配置
此时,在交换机1上
1
2
3
ip route-static 0.0.0.0 0192.168.1.254
ip route-static 0.0.0.0 0192.168.1.253
此时就可以在vlan里远程交换机了
页:
[1]