目录
网络拓扑图
配置要求
配置步骤
1.配置图示所示IP地址和网关(略)
2.按照要求创建SW1,SW2,SW3交换机上的vlan10和vlan20,并配置对应的三层IP地址。
3.配置路由让SW1,SW2能够访问互联网
4.配置VRRP,让PC能够通过网关访问互联网
根据题目要求,SW1为vlan10的主网关,SW2为vlan10的备网关
[sw1-Vlan-interface10]vrrp vrid 10 virtual-ip 192.168.1.254
[sw1-Vlan-interface10]vrrp vrid 10 priority 120
[sw2-Vlan-interface10]vrrp vrid 10 virtual-ip 192.168.1.254
根据题目要求,SW2为vlan20的主网关,SW1为vlan20的备网关
[sw2-Vlan-interface20]vrrp vrid 20 virtual-ip 192.168.2.254
[sw2-Vlan-interface20]vrrp vrid 20 priority 120
[sw1-Vlan-interface20]vrrp vrid 20 virtual-ip 192.168.2.254
查看SW1上的VRRP
[sw1]display vrrp
IPv4 virtual router information:
Running mode : Standard
Total number of virtual routers : 2
Interface VRID State Running Adver Auth Virtual
pri timer(cs) type IP
---------------------------------------------------------------------
Vlan10 10 Master 120 100 None 192.168.1.254
Vlan20 20 Backup 100 100 None 192.168.2.254
[sw1]
查看SW2上的VRRP
display vrrp
IPv4 virtual router information:
Running mode : Standard
Total number of virtual routers : 2
Interface VRID State Running Adver Auth Virtual
pri timer(cs) type IP
---------------------------------------------------------------------
Vlan10 10 Backup 100 100 None 192.168.1.254
Vlan20 20 Master 120 100 None 192.168.2.254
在R4这个通往互联网的路由器上配置nat地址转换,让PC能够访问
[INTERNET]acl number 2000
[INTERNET-acl-ipv4-basic-2000]rule permit source 192.168.1.1 0
[INTERNET-acl-ipv4-basic-2000]rule permit source 192.168.2.1 0
[INTERNET]nat address-group 1
[INTERNET-address-group-1]address 100.2.2.4 100.2.2.4
[INTERNET-GigabitEthernet0/0]nat outbound 2000 address-group 1
当SW1设备故障之后,备份组会重新选举SW1的master网关
SW2选举成为vlan10的主网关
display vrrp
IPv4 virtual router information:
Running mode : Standard
Total number of virtual routers : 2
Interface VRID State Running Adver Auth Virtual
pri timer(cs) type IP
---------------------------------------------------------------------
Vlan10 10 Master 100 100 None 192.168.1.254
Vlan20 20 Master 120 100 None 192.168.2.254
PC5仍然可以通过SW2访问互联网
ping 100.2.2.7
Ping 100.2.2.7 (100.2.2.7): 56 data bytes, press CTRL_C to break
56 bytes from 100.2.2.7: icmp_seq=0 ttl=253 time=5.000 ms
56 bytes from 100.2.2.7: icmp_seq=1 ttl=253 time=4.000 ms
56 bytes from 100.2.2.7: icmp_seq=2 ttl=253 time=3.000 ms
56 bytes from 100.2.2.7: icmp_seq=3 ttl=253 time=3.000 ms
56 bytes from 100.2.2.7: icmp_seq=4 ttl=253 time=4.000 ms
--- Ping statistics for 100.2.2.7 ---
5 packet(s) transmitted, 5 packet(s) received, 0.0% packet loss
round-trip min/avg/max/std-dev = 3.000/3.800/5.000/0.748 ms
.%Feb 7 14:50:24:310 2024 H3C PING/6/PING_STATISTICS: Ping statistics for 100.2.2.7: 5 packet(s) transmitted, 5 packet(s) received, 0.0% packet loss, round-trip min/avg/max/std-dev = 3.000/3.800/5.000/0.748 ms.
SW2同理。
当故障设备恢复之后,会将master网关又重新抢占回去
display vrrp
IPv4 virtual router information:
Running mode : Standard
Total number of virtual routers : 2
Interface VRID State Running Adver Auth Virtual
pri timer(cs) type IP
---------------------------------------------------------------------
Vlan10 10 Master 120 100 None 192.168.1.254
Vlan20 20 Backup 100 100 None 192.168.2.254
5.对SW1和SW2的上行接口进行监视,如果上行接口故障,触发VRRP进行角色切换
[sw1]track 1 interface GigabitEthernet 1/0/1
[sw1-track-1]qu
[sw1]interface Vlan-interface 10
[sw1-Vlan-interface10]vrrp vrid 10 track 1 priority reduced 30
[sw1-Vlan-interface10]
[sw1-Vlan-interface10]
[sw2]track 1 interface GigabitEthernet 1/0/2
[sw2-track-1]qu
[sw2]interface vlan 20
[sw2-Vlan-interface20]vrrp vrid 20 track 1 priority reduced 30
[sw2-Vlan-interface20]
[sw2-Vlan-interface20]
测试:将SW1的上行接口shutdown
SW1在vlan10这个备份组中优先级减少了30,触发角色切换条件成功变为了备设备
[sw1]display vrrp
IPv4 virtual router information:
Running mode : Standard
Total number of virtual routers : 2
Interface VRID State Running Adver Auth Virtual
pri timer(cs) type IP
---------------------------------------------------------------------
Vlan10 10 Backup 90 100 None 192.168.1.254
Vlan20 20 Backup 100 100 None 192.168.2.254
[sw1]
当上行链路恢复正常后,成功抢占回角色
[sw1]display vrrp
IPv4 virtual router information:
Running mode : Standard
Total number of virtual routers : 2
Interface VRID State Running Adver Auth Virtual
pri timer(cs) type IP
---------------------------------------------------------------------
Vlan10 10 Master 120 100 None 192.168.1.254
Vlan20 20 Backup 100 100 None 192.168.2.254
[sw1]