利用vrrp实现路由器之间的分流及备份!(H3C)

1. 作业要求:

  • 利用vrrp实现路由器之间的备份
  • 实现两个路由器之间流量的分流(提高效率)
  • 利用通道技术来提高安全性

2. 拓扑图

clip_image002

3. 设备描述:

路由器:H3C Quidway R2621 (R9 R6)

交换机:H3C Quidway S2000 (二层交换机S2)

H3C Quidway S3526E (三层交换机S1)

4. 设备配置

4.1 基本配置:

路由器R9:

[Router]sysname R9

[R9]int e1.10

[R9-Ethernet1.10]vlan-type dot1q vid 10 //打标签

[R9-Ethernet1.10]ip add 192.168.10.1 255.255.255.0//配ip

//这两步顺序不能颠倒!

[R9-Ethernet1.10]int e1.20

[R9-Ethernet1.20]vlan-type dot1q vid 20

[R9-Ethernet1.20]ip add 192.168.20.1 24

路由器R6:

[R6]int e1.10

[R6-Ethernet1.10]vlan-type dot1q vid 10 

[R6-Ethernet1.10]ip add 192.168.10.2 24

[R6-Ethernet1.10]int e1.20

[R6-Ethernet1.20]vlan-type dot1q vid 20

[R6-Ethernet1.20]ip add 192.168.20.2 24

交换机s1:

[Quidway]sysname s1

[s1]int e0/24

[s1-Ethernet0/24]port link-type trunk  //干道链路

[s1-Ethernet0/24]port trunk permit vlan all //默认只允许vlan1通过,所以这里

Please wait........................................... Done.

[s1-Ethernet0/24]vlan 10

[s1-vlan10]port e0/3 to e0/5  //划分端口

[s1-vlan10]vlan 20

[s1-vlan20]port e0/10 to e 0/15

[s1]int e0/1

[s1-Ethernet0/1]port link-type trunk 

[s1-Ethernet0/1]port trunk permit vlan all

[s1-Ethernet0/1]dis int e0/1

Ethernet0/1 current state : UP

IP Sending Frames' Format is PKTFMT_ETHNT_2, Hardware address is 00e0-fc0e-b624

The Maximum Transmit Unit is 1500

Media type is twisted pair, loopback not set

Port hardware type is 100_BASE_TX

100Mbps-speed mode, full-duplex mode

Link speed type is autonegotiation, link duplex type is autonegotiation

Flow-control is not enabled

Port-flow-constrain has not been configured completely

The Maximum Frame Length is 1536

Broadcast MAX-ratio: 100%

PVID: 1

Mdi type: auto

Port link-type: trunk

VLAN passing : 1(default vlan), 10, 20

VLAN allowed : 1(default vlan), 2-4094

Trunk port encapsulation: IEEE 802.1q

交换机s2:

[s2]int e1/0/24

[s2-Ethernet1/0/24]port link-type trunk

[s2-Ethernet1/0/24]port trunk permit vlan all

Please wait........................................... Done.

[s2-Ethernet1/0/24]vlan 10

[s2-vlan10]port e1/0/3 to e1/0/5

[s2-vlan10]vlan 20

[s2-vlan20]port e1/0/10 to e1/0/15

[s2]int e1/0/1

[s2-Ethernet1/0/1]port link-type trunk

[s2-Ethernet1/0/1]port trunk permit vlan all

Please wait........................................... Done.

[s2-Ethernet1/0/1]dis int e1/0/1

Ethernet1/0/1 current state : UP

IP Sending Frames' Format is PKTFMT_ETHNT_2, Hardware address is 000f-e274-2158

Media type is twisted pair, loopback not set

Port hardware type is 100_BASE_TX

100Mbps-speed mode, full-duplex mode

Link speed type is autonegotiation, link duplex type is autonegotiation

Flow-control is not enabled

The Maximum Frame Length is 1536

Broadcast MAX-ratio: 100%

PVID: 1

Mdi type: normal

Port link-type: trunk

VLAN passing : 1(default vlan), 10, 20

VLAN permitted: 1(default vlan), 2-4094

Trunk port encapsulation: IEEE 802.1q

测试是否能通:

[R9]ping 192.168.10.2

PING 192.168.10.2: 56 data bytes, press CTRL_C to break

Reply from 192.168.10.2: bytes=56 Sequence=0 ttl=255 time = 2 ms

Reply from 192.168.10.2: bytes=56 Sequence=1 ttl=255 time = 2 ms

[R9]ping 192.168.20.2

PING 192.168.20.2: 56 data bytes, press CTRL_C to break

Reply from 192.168.20.2: bytes=56 Sequence=0 ttl=255 time = 2 ms

Reply from 192.168.20.2: bytes=56 Sequence=1 ttl=255 time = 2 ms

配通道之前:必须保证两条线路为trunk链路!

4.2 通道配置:

添加一条链路:

[s1-Ethernet0/22]int e0/2

[s1-Ethernet0/2]port link-type trunk

[s1-Ethernet0/2]port trunk permit vlan all

Please wait........................................... Done

[s2]int e1/0/2

[s2-Ethernet1/0/2]port link-type trunk

[s2-Ethernet1/0/2]port trunk permit vlan al

通道捆绑配置:

//s3526E

[s1]link-aggregation eth0/1 to eth0/2 both

范围要求 1  9  17  连续能捆绑,其他的不能

而且端口要求全双工 ,百兆!

//S2000

[s2]link-aggregation group 1 mode manual

[s2-Ethernet1/0/22]int e1/0/1

[s2-Ethernet1/0/1]port link-aggregation group 1

[s2]int e1/0/2

[s2-Ethernet1/0/2]port link-aggregation group 1

进接口设置全双工,速率

[s1]int e0/1

[s1-Ethernet0/1]duplex full

[s1-Ethernet0/1]speed 100

[s1]int e0/2

[s1-Ethernet0/2]duplex ?

auto Enable port's duplex negotiation automatically

full Full-duplex

half Half-duplex

[s1-Ethernet0/2]duplex full

[s1-Ethernet0/2]speed 100

[s2-Ethernet1/0/1]duplex full //这一端可自动协商!

[s2-Ethernet1/0/1]speed 100

[s2-Ethernet1/0/1]int e1/0/2

[s2-Ethernet1/0/2]duplex full

[s2-Ethernet1/0/2]speed 100

测试:拔掉s1与s2 之间的任意一条线路,都不影响正常通信!

clip_image004

4.3 vrrp (虚拟冗余路由协议)

[R6]vrrp ping-enable //必须先执行此命令,否则后面不能使用ping命令

ping vrrp enable

[R9]int e1.10

[R9-Ethernet1.10]vrrp vrid ?

INTEGER<1-255> Virtual router ID

[R9-Ethernet1.10]vrrp vrid 10 virtual-ip 192.168.10.254  //配虚拟网关指向

[R9-Ethernet1.10]int e1.20

[R9-Ethernet1.20]vrrp vrid 20 virtual-ip 192.168.20.254

[R6]vrrp ping-enable

ping vrrp enable

[R6]int e1.10

[R6-Ethernet1.10]vrrp vrid 10 virtual-ip 192.168.10.254

[R6-Ethernet1.10]vrrp vrid 10 priority 80

[R6-Ethernet1.10]int e1.20

[R6-Ethernet1.20]vrrp vrid 20 virtual-ip 192.168.20.254

[R6-Ethernet1.20]vrrp vrid 20 priority 80 //调优先级

5. 测试:

clip_image006

clip_image008

[R6]dis vrrp

Ethernet1.20 | Virtual Router 20

state : Backup

Virtual IP : 192.168.20.254

Priority : 80

Preempt : YES Delay Time : 0

Timer : 1

Auth Type : NO

Ethernet1.10 | Virtual Router 10

state : Backup

Virtual IP : 192.168.10.254

Priority : 80

Preempt : YES Delay Time : 0

Timer : 1

Auth Type : NO

[R9]dis vrrp

Ethernet1.20 | Virtual Router 20

state : Master

Virtual IP : 192.168.20.254

Priority : 100

Preempt : YES Delay Time : 0

Timer : 1

Auth Type : NO

Ethernet1.10 | Virtual Router 10

state : Master

Virtual IP : 192.168.10.254

Priority : 100

Preempt : YES Delay Time : 0

Timer : 1

Auth Type : NO

clip_image010

所有流量都集中在一台路由器上了!即R9 (R6作为备份)

 

分流的配置:

[R6]int e1.20

[R6-Ethernet1.20]vrrp vrid 20 priority 120

[R6-Ethernet1.20]quit

[R6]dis vrrp

Ethernet1.20 | Virtual Router 20

state : Master

Virtual IP : 192.168.20.254

Priority : 120

Preempt : YES Delay Time : 0   //默认权限争夺

Timer : 1

Auth Type : NO

Ethernet1.10 | Virtual Router 10

state : Backup

Virtual IP : 192.168.10.254

Priority : 80

Preempt : YES Delay Time : 0

Timer : 1

Auth Type : NO

clip_image012

流量分散在两个路由器

把中间通道的任意一条线路拔插之后效果图:(通道的作用)

clip_image014

clip_image016

你可能感兴趣的:(安全性,路由器,vrrp,数据的备份,数据的分流)