基于路由器的VRRP技术--VRRP的应用

目录

无Vlan的VRRP

有Vlan的VRRP

---

今天要讲的VRRP都是基于路由器的VRRP。

一：无Vlan的VRRP

如图，PC1和PC2是企业内网主机，AR1和AR2是企业访问外网的路由器，有一个默认路由指向AR3。AR1和AR2之间形成第一跳网关冗余。PC1通过AR1以NAT方式访问外网，PC2通过AR2以NAT方式访问外网。AR1、AR2之间任何一个路由器宕机都不影响PC1和PC2访问外网。AR1、AR2、AR3之间运行OSPF协议。

技术要点：AR1和AR2的g0/0/0接口配置两个ip地址，再结合VRRP技术

PC1

PC>ipconfig

IPv4 address......................: 192.168.10.10
Subnet mask.......................: 255.255.255.0
Gateway...........................: 192.168.10.254
Physical address..................: 54-89-98-8E-41-17

PC2

PC>ipconfig

IPv4 address......................: 192.168.10.10
Subnet mask.......................: 255.255.255.0
Gateway...........................: 192.168.10.254
Physical address..................: 54-89-98-8E-41-17

AR1

[AR1]display current-configuration 
#
acl number 2000                             //匹配需要NAT的网段
 rule 5 permit source 192.168.10.0 0.0.0.255 
 rule 10 permit source 192.168.20.0 0.0.0.255 
#
interface GigabitEthernet0/0/0
 ip address 192.168.10.1 255.255.255.0 
 ip address 192.168.20.1 255.255.255.0 sub       //一个接口配两个地址
 vrrp vrid 10 virtual-ip 192.168.10.254
 vrrp vrid 10 priority 150                       //设置优先级
 vrrp vrid 10 preempt-mode timer delay 10        //抢占时间10秒
 vrrp vrid 10 track interface GigabitEthernet0/0/1 reduced 60 //端口状态监测
 vrrp vrid 10 authentication-mode md5 %$%$7_&c4,7Hl+O8!oBync[2o~1,%$%$  //认证
 vrrp vrid 20 virtual-ip 192.168.20.254
 vrrp vrid 20 authentication-mode md5 %$%$l,rF;gtS

AR2

[AR2]display current-configuration 
#
acl number 2000  
 rule 5 permit source 192.168.10.0 0.0.0.255 
 rule 10 permit source 192.168.20.0 0.0.0.255 
#
interface GigabitEthernet0/0/0
 ip address 192.168.10.2 255.255.255.0 
 ip address 192.168.20.2 255.255.255.0 sub
 vrrp vrid 10 virtual-ip 192.168.10.254
 vrrp vrid 10 authentication-mode md5 %$%$RcPz'1Xr;Gj1#=~x*hC5o@SW%$%$
 vrrp vrid 20 virtual-ip 192.168.20.254
 vrrp vrid 20 priority 150
 vrrp vrid 20 preempt-mode timer delay 10
 vrrp vrid 20 track interface GigabitEthernet0/0/1 reduced 60
 vrrp vrid 20 authentication-mode md5 %$%$~B9v,^2%6KSZB4@WB#DTo@NI%$%$
#
interface GigabitEthernet0/0/1
 ip address 23.1.1.2 255.255.255.0 
 nat outbound 2000
#
ospf 100 router-id 23.1.1.2 
 area 0.0.0.0 
  network 23.1.1.2 0.0.0.0 
#
ip route-static 0.0.0.0 0.0.0.0 23.1.1.3
#

AR3

[AR3]display current-configuration 
#
interface GigabitEthernet0/0/0
 ip address 13.1.1.3 255.255.255.0 
#
interface GigabitEthernet0/0/1
 ip address 23.1.1.3 255.255.255.0 
#
ospf 100 router-id 33.3.3.3 
 area 0.0.0.0 
  network 13.1.1.3 0.0.0.0 
  network 23.1.1.3 0.0.0.0 
#

 

有Vlan的VRRP

如图，PC1和PC2是企业内网主机，分别属于Vlan10和Vlan20，AR1和AR2是企业访问外网的路由器，有一个默认路由指向AR3。AR1和AR2之间形成第一跳网关冗余。PC1通过AR1以NAT方式访问外网，PC2通过AR2以NAT方式访问外网。AR1、AR2之间任何一个路由器宕机都不影响PC1和PC2访问外网。AR1、AR2、AR3之间运行OSPF协议。

技术要点：AR1和AR2配置虚拟地址，再结合VRRP技术

PC1

PC>ipconfig

IPv4 address......................: 192.168.10.10
Subnet mask.......................: 255.255.255.0
Gateway...........................: 192.168.10.254
Physical address..................: 54-89-98-8E-41-17
Vlan..............................: 10

PC2

PC>ipconfig

IPv4 address......................: 192.168.10.10
Subnet mask.......................: 255.255.255.0
Gateway...........................: 192.168.10.254
Physical address..................: 54-89-98-8E-41-17
Vlan..............................: 20

LSW1

[LSW1]display current-configuration 
#
vlan batch 10 20
#
interface GigabitEthernet0/0/1
 port link-type trunk
 port trunk allow-pass vlan 10 20
#
interface GigabitEthernet0/0/2
 port link-type trunk
 port trunk allow-pass vlan 10 20
#
interface GigabitEthernet0/0/3
 port link-type access
 port default vlan 10
#
interface GigabitEthernet0/0/4
 port link-type access
 port default vlan 20
#

AR1

[AR1]display current-configuration 
#
acl number 2000  
 rule 5 permit source 192.168.10.0 0.0.0.255 
 rule 10 permit source 192.168.20.0 0.0.0.255 
#
interface GigabitEthernet0/0/0.10
 dot1q termination vid 10                         //使虚拟接口能识别Vlan10
 ip address 192.168.10.1 255.255.255.0 
 vrrp vrid 10 virtual-ip 192.168.10.254
 vrrp vrid 10 priority 150
 vrrp vrid 10 preempt-mode timer delay 10
 vrrp vrid 10 track interface GigabitEthernet0/0/1 reduced 60
 vrrp vrid 10 authentication-mode md5 %$%$}'&x,WFD'08G=yToU,o%$%$
 arp broadcast enable                            //虚拟接口恩给你发送arp广播
#
interface GigabitEthernet0/0/0.20
 dot1q termination vid 20                        //使虚拟接口能识别Vlan20
 ip address 192.168.20.1 255.255.255.0 
 vrrp vrid 20 virtual-ip 192.168.20.254
 vrrp vrid 20 authentication-mode md5 %$%$

AR2

[V200R003C00]
#
acl number 2000  
 rule 5 permit source 192.168.10.0 0.0.0.255 
 rule 10 permit source 192.168.20.0 0.0.0.255 
#
interface GigabitEthernet0/0/0.10
 dot1q termination vid 10
 ip address 192.168.10.2 255.255.255.0 
 vrrp vrid 10 virtual-ip 192.168.10.254
 vrrp vrid 10 authentication-mode md5 %$%$ei}p>OY2kXEOij8TquxQoV*0%$%$
 arp broadcast enable
#
interface GigabitEthernet0/0/0.20
 dot1q termination vid 20
 ip address 192.168.20.2 255.255.255.0 
 vrrp vrid 20 virtual-ip 192.168.20.254
 vrrp vrid 20 priority 150
 vrrp vrid 20 preempt-mode timer delay 10
 vrrp vrid 20 track interface GigabitEthernet0/0/1 reduced 60
 vrrp vrid 20 authentication-mode md5 %$%$&G-7Us\hbQxS@vFhpdoRoV"8%$%$
 arp broadcast enable
#
interface GigabitEthernet0/0/1
 ip address 23.1.1.2 255.255.255.0 
 nat outbound 2000
#
ospf 100 router-id 23.1.1.2 
 area 0.0.0.0 
  network 23.1.1.2 0.0.0.0 
#
ip route-static 0.0.0.0 0.0.0.0 23.1.1.3
#

AR3

[AR3]display current-configuration 
#
interface GigabitEthernet0/0/0
 ip address 13.1.1.3 255.255.255.0 
#
interface GigabitEthernet0/0/1
 ip address 23.1.1.3 255.255.255.0 
#
ospf 100 router-id 33.3.3.3 
 area 0.0.0.0 
  network 13.1.1.3 0.0.0.0 
  network 23.1.1.3 0.0.0.0 
#

附上存在Vlan时的ensp源文件：链接: https://pan.baidu.com/s/1S5xzALnyg8cmn_lTB_jd_w 密码: yez5

基于防火墙的VRRP--------------->基于防火墙的VRRP技术--华为防火墙双击热备----VGMP

基于三层交换机的VRRP -------->基于三层交换机的VRRP技术--MSTP、VRRP的综合运用