华三 h3c vrrp和监视端口配置

华三 h3c vrrp和监视端口配置_第1张图片

Vrrp配置

[SWA]vlan 10

[SWA-vlan10]po g1/0/1-----将端口0/1划入到vlan10中去

[SWA-vlan10]qu

[SWA]vlan 20

[SWA-vlan20]po g1/0/2-------将端口0/2划入到vlan20中去

[SWA-vlan20]qu

[SWA]int ran g1/0/3 to g1/0/4

[SWA-if-range]port link-ty tr

[SWA-if-range]port trunk permit vlan 1 10 20-----与交换机相连的设置为trunk口,并且允许相应的vlan通过。安全起见,不建议直接允许所有的vlan通过,

 

[SWB]int ran g1/0/2 to g1/0/3-----与交换机相连的端口为trunk口,允许相应的vlan通过

[SWB-if-range]port link-type tr

[SWB-if-range]po tr per vl 1 10 20

[SWB]vlan 10

[SWB-vlan10]int vlan 10

[SWB-Vlan-interface10]ip address 192.168.10.252 24-----vlan10的真实IP地址,注意相同的vlan的IP地址必须是同一网段,并且vrrp的IP真实地址必须有,不然vrrp组不能建立成功。

[SWB-Vlan-interface10]vrrp vrid 10 virtual-ip 192.168.10.254-----vrrp组的虚拟IP地址,也就是真正的vlan10网关

[SWB-Vlan-interface10]vrrp vrid 10 priority 120—设置SWB为vlan10的主网关,通过修改优先级实现,默认是100

[SWB]vlan 20

[SWB-vlan20]int vlan 20

[SWB-Vlan-interface20]ip address 192.168.20.252 24

[SWB-Vlan-interface20]vrrp vrid 20 virtual-ip 192.168.20.254----vlan20的备份网关。

 

[SWC]int ran g1/0/3 to  g1/0/4

[SWC-if-range]p l t

[SWC-if-range]port trunk permit vlan 1 10 20

[SWC]vlan 10

[SWC-vlan10]int vlan 10

[SWC-Vlan-interface10]ip ad 192.168.10.253 24

[SWC-Vlan-interface10]vrrp vrid 10 virtual-ip 192.168.10.254-----vlan10的备份网关

[SWC]vlan 20

[SWC-vlan20]int vlan 20

[SWC-Vlan-interface20]ip address 192.168.20.253 24

[SWC-Vlan-interface20]vrrp vrid 20 virtual-ip 192.168.20.254

[SWC-Vlan-interface20]vrrp vrid 20 priority 120--------vlan20的主网关

使用dis vrrp可以查看vrrp组的信息

 

[SWC]dis vrrp

IPv4 Virtual Router Information:

 Running mode : Standard

 Total number of virtual routers : 2

 Interface          VRID  State        Running Adver   Auth     Virtual

                                       Pri     Timer   Type        IP

 ---------------------------------------------------------------------

 Vlan10             10    Backup       100     100     None     192.168.10.254

 Vlan20             20    Master       120     100     None     192.168.20.254

Vrrp的主份组在正常情况下只能对自身设备进行网关冗余,一旦上行链路出现问题或路由不可达,不能及时发现,主网关依然会继续工作,造成网络故障。解决办法有两种。一:是在vrrp组的主网关上设置监视端口,用来监视上行端口,如果上行端口down可以及时切换主备份网关,二:可以监视上行端口的路由可达性来进行网关的切换。

方法一:

[SWB]track 1 int  g1/0/1

[SWB]int vlan 10

[SWB-Vlan-interface10]vr vr 10 track 1 priority reduced 30

[SWC]track 1 int g 1/0/2----------创建监视端口

[SWC]int vlan 20

[SWC-Vlan-interface20]vrrp vrid 20 track 1 priority reduced 30---在主网关设备上应用监视端口要注意优先级的减少要合适,要使得减少后的主网关优先级小于备份网关。这里面我设置的主网关优先级是120,备份的是默认100,所以我减少的优先级为30,一旦出现故障,主网关的优先级为90,备份网关机就可以抢占成为主网关。

 

此时我人为的把SWB的上行1/0/1端口关闭,在去检查vrrp组状态,会发现,此时SWB成为了vlan10的备份网关,SWC为vlan10的主网关

[SWB]dis vr

IPv4 Virtual Router Information:

 Running mode : Standard

 Total number of virtual routers : 2

 Interface          VRID  State        Running Adver   Auth     Virtual

                                       Pri     Timer   Type        IP

 ---------------------------------------------------------------------

 Vlan10             10    Backup       90      100     None     192.168.10.254

 Vlan20             20    Backup       100     100     None     192.168.20.254

 

第二种监视路由可达需要先保证网络连通,这里我使用的是rip协议(虽然现在基本不怎么用这个协议了)

 

[SWB-GigabitEthernet1/0/1]port link-mode route--------将交换机与路由器相连的端口类型改为三层接口

[SWB-GigabitEthernet1/0/1]ip address 10.0.0.1 30

[SWB]rip 1

[SWB-rip-1]network 192.168.10.0------宣告自己的直连网段

[SWB-rip-1]network 192.168.20.0

[SWB-rip-1]network 10.0.0.0

 

[SWC-GigabitEthernet1/0/2]port link-mode route

[SWC-GigabitEthernet1/0/2]ip address 10.1.0.1 30

[SWC]rip

[SWC-rip-1]network 192.168.10.0

[SWC-rip-1]network 192.168.20.0

[SWC-rip-1]network 10.1.0.0

 

[SWD]int g 0/1

[SWD-GigabitEthernet0/1]ip ad 10.0.0.2 30

[SWD-GigabitEthernet0/1]int g 0/2

[SWD-GigabitEthernet0/2]ip ad 10.1.0.2 30

[SWD]rip

[SWD-rip-1]network 10.1.0.0

[SWD-rip-1]network 10.0.0.0

 

此时查看路由表,会发现都学习到全网的路由信息了。

 

此时我在SWB、SWC上设置监视上行路由可达的监视端口2

[SWB]track 2 ip route 10.0.0.0 30 reachability---------监视到达SWD的路由可达性

[SWB]int vlan 10

[SWB-Vlan-interface10]vrrp vrid 10 track 2 priority reduced 30

[SWC]track 2 ip route 10.1.0.0 30 reachability-------监视到达SWD的路由可达性

[SWC]int vlan 20

[SWC-Vlan-interface20]vrrp vrid 20 track 2 priority reduced 30

 

测试结果也可以用抓包软件来抓相应链路上的报文去验证自己的vrrp切换主备份。

 

 

你可能感兴趣的:(园区,网关,网络)