ciso hsrp 试验

1.1 实验任务
按照拓扑图配置 HSRP 组,配置路由器的活跃接口, HSRP 虚拟路由器的 IP 、优先级、占先权和端口跟踪。
1.2 实验环境和网络拓扑
 
1.3 完成标准
(1)    按照拓扑图要求连接路由器、交换机和 PC ,在交换机上配置 HSRP 组, PC 之间完成连通性测试。
(2)    关闭路由器任意一个接口或拔线, PC 之间仍然能够连通。
 
 
2 .详细操作步骤
 
Step 1: 配置路由器的 HSRP
       (1) 配置路由器 R1 R2 HSRP 组和各自的优先级、占先权及端口跟踪
 
路由器 R1 配置如下:
Router>en
Router#conf t
Router(config)#ho R1
R1(config)#interface f0/0            // 配置接口 IP
R1(config-if)#ip address 192.168.10.1 255.255.255.0
R1(config-if)#no shut
R1(config-if)#duplex full
R1(config-if)#standby 10 ip 192.168.10.10         // 配置 group 10 HSRP 地址
R1(config-if)#standby 10 priority 200              // 配置 group 10 的优先权 200
R1(config-if)#standby 10 preempt               // 配置 group 10 的占先权
R1(config-if)#standby 10 track f1/1 100           // 配置 group 10 的端口跟踪 f1/1
R1(config-if)#
*Dec 12 20:17:27.427: %HSRP-6-STATECHANGE: FastEthernet0/0 Grp 10 state Standby
-> Active              //F0/0 group 10 声明备份状态 -> 活跃
 
R1(config-if)#interface f1/1                       // 配置接口 IP
R1(config-if)#ip address 192.168.20.2 255.255.255.0
R1(config-if)#no shut
R1(config-if)#standby 20 ip 192.168.20.20    // 配置 group 20 HSRP 地址
R1(config-if)#standby 20 priority 150       // 配置 group 20 的优先权 150
R1(config-if)#standby 20 preempt           // 配置 group 20 的占先权
// 依据拓扑要求,此路由器只作为 group20 的备份路由器,此 HSRP 组有且仅有 1 台备份路由器,可以不用配置占先权,但实际网络中当活跃路由器停止工作后为防止备份路由器不能立即响应转换为活跃路由器,配置占先权将是转换过程更有保障!
*Dec 12 20:18:48.139: %HSRP-6-STATECHANGE: FastEthernet1/1 Grp 20 state Standby
-> Active              //F1/1 group 20 声明备份状态 -> 活跃
R1(config-if)#exit
R1(config)#
*Dec 12 20:20:27.231: %HSRP-6-STATECHANGE: FastEthernet1/1 Grp 20 state Active -
> Speak        //F1/1 group 20 声明备份状态 -> 发言
 
路由器 R2 配置如下:
Router>en
Router#conf t
Router(config)#ho R2
R2(config)#interface f1/1                                // 配置接口 IP
R2(config-if)#ip address 192.168.20.1 255.255.255.0
R2(config-if)#no shut
R2(config-if)#standby 20 ip 192.168.20.20     // 配置 group 20 HSRP 地址
R2(config-if)#standby 20 priority 200             // 配置 group 20 的优先权 200
R2(config-if)#standby 20 preempt              // 配置 group 20 的占先权
R2(config-if)#standby 20 track f0/0 150         // 配置 group 20 的端口跟踪 f1/1
*Dec 12 20:20:27.047: %HSRP-6-STATECHANGE: FastEthernet1/1 Grp 20 state Standby
-> Active              //F1/1 group 20 声明备份状态 -> 活跃
*Dec 12 20:20:39.143: %HSRP-6-STATECHANGE: FastEthernet1/1 Grp 20 state Active -
> Speak        //F1/1 group 20 声明备份状态 -> 发言
 
R2(config-if)#interface f0/0                                                 // 配置接口 IP
R2(config-if)#ip address 192.168.10.2 255.255.255.0
R2(config-if)#no shut
R2(config-if)#
*Dec 12 20:21:06.251: %HSRP-6-STATECHANGE: FastEthernet1/1 Grp 20 state Standby
-> Active              //F1/1 group 10 声明备份状态 -> 活跃
R2(config-if)#standby 10 ip 192.168.10.10          // 配置 group 10 HSRP 地址
R2(config-if)#standby 10 priority 150                // 配置 group 10 的优先权 150
R2(config-if)#standby 10 preempt                    // 配置 group 10 的占先权
*Dec 12 20:21:48.511: %CDP-4-DUPLEX_MISMATCH: duplex mismatch discovered on Fast
Ethernet0/0 (not full duplex), with SW1 FastEthernet0/2 (full duplex).100
R2(config-if)#duplex full
*Dec 12 20:22:18.327: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthern
et1/1, changed state to down         //F1/1 接口状态断开
*Dec 12 20:22:18.327: %HSRP-6-STATECHANGE: FastEthernet1/1 Grp 20 state Active -
> Init             //F1/1 group 20 声明备份状态 -> 初始
*Dec 12 20:22:20.335: %LINK-3-UPDOWN: Interface FastEthernet1/1, changed state to up
                                                 //F1/1 接口状态连接
*Dec 12 20:22:21.335: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet1/1, changed state to up
*Dec 12 20:22:41.275: %HSRP-6-STATECHANGE: FastEthernet1/1 Grp 20 state Standby
-> Active              //F1/1 group 20 声明备份状态 -> 活跃
R2(config-if)#exit
 
(3)    配置 PC 机的 IP 地址和网关
// 因使用 Dynamips GUI 模拟器无法虚拟 PC ,即用一个 7200 路由器模拟 PC
PC1 配置如下:
Router>en
Router#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
Router(config)#ho PC1
PC1(config)#interface f0/0                                           // 配置接口 IP
PC1(config-if)#ip address 192.168.10.11 255.255.255.0
PC1(config-if)#no shut
PC1(config-if)#duplex full
*Dec 12 20:22:57.363: %LINK-3-UPDOWN: Interface FastEthernet0/0, changed state to up
*Dec 12 20:22:58.363: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/0, changed state to up
PC1(config-if)#exit
PC1(config)#ip route 0.0.0.0 0.0.0.0 192.168.10.10          // 配置到虚拟路由器的默认路由
 
PC2 配置如下:
Router>en
Router#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
Router(config)#ho PC2
PC2(config)#interface f0/0                                           // 配置接口 IP
PC2(config-if)#ip address 192.168.20.22 255.255.255.0
PC2(config-if)#no shut
PC2(config-if)#duplex full
*Dec 12 20:23:24.759: %LINK-3-UPDOWN: Interface FastEthernet0/0, changed state to up
*Dec 12 20:23:25.759: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/0, changed state to up
PC2(config-if)#exit
PC2(config)#ip route 0.0.0.0 0.0.0.0 192.168.20.20          // 配置到虚拟路由器的默认路由
 
(4)    验证 HSRP 配置和网络连通性
路由器 R1 配置如下:
R1(config)#do show standby brief                         // 显示备份摘要信息
                     P indicates configured to preempt. //P 说明被设置为占先权
                     |
Interface   Grp Prio P State    Active          Standby         Virtual IP
Fa0/0       10  200  P Active   local           192.168.10.2    192.168.10.10
Fa1/1       20  150  P Standby  192.168.20.1    local           192.168.20.20
R1(config)#do show standby                                 // 显示备份信息
FastEthernet0/0 - Group 10                                 // 接口 F0/0-Group 10
  State is Active                                                    // 状态为活跃
    2 state changes, last state change 00:08:03 //2 次状态变化,最后张太变化 8 33
  Virtual IP address is 192.168.10.10       // 虚拟 IP 地址 192.168.10.10
  Active virtual MAC address is 0000.0c07.ac0a    // 活跃虚拟 MAC 地址 0000.0c07.ac0a
    Local virtual MAC address is 0000.0c07.ac0a (default) // 本地虚拟 MAC 地址 0000.0c07.ac0a ( 默认 )
  Hello time 3 sec, hold time 10 sec                // 握手间隔 3 秒,保持时间 10
    Next hello sent in 2.792 secs                 // 下次握手将在 2.792 秒后发送
  Preemption enabled                                                        // 占先权开启
  Active router is local                                                  // 活跃路由器是本地路由器
  Standby router is 192.168.10.2, priority 150 (expires in 9.672 sec)
  // 备份路由器是 192.168.10.2 ,优先权 150 9.672 秒后过期)
  Priority 200 (configured 200)                  // 优先权 200 (配置为 200
Track interface FastEthernet1/1 state Up decrement 100
// 跟踪端口 F1/1 状态开启 优先权减少两 100
  IP redundancy name is "hsrp-Fa0/0-10" (default)           //IP 冗余名字 ”hsrp-Fa0/0-10”( 默认 )
FastEthernet1/1 - Group 20
  State is Standby
    9 state changes, last state change 00:02:32
  Virtual IP address is 192.168.20.20
  Active virtual MAC address is 0000.0c07.ac14
    Local virtual MAC address is 0000.0c07.ac14 (default)
  Hello time 3 sec, hold time 10 sec
    Next hello sent in 0.796 secs
  Preemption enabled
  Active router is 192.168.20.1, priority 200 (expires in 8.224 sec)
  Standby router is local
  Priority 150 (configured 150)
    Track interface FastEthernet0/0 state Up decrement 10
  IP redundancy name is "hsrp-Fa1/1-20" (default)
 
路由器 R2 配置如下:
R2(config)#do show standby brief
                     P indicates configured to preempt.
                     |
Interface   Grp Prio P State    Active          Standby         Virtual IP
Fa0/0       10  150  P Standby  192.168.10.1    local           192.168.10.10
Fa1/1       20  200  P Active   local           192.168.20.2    192.168.20.20
 
PC1 连通性如下:
PC1(config)#do ping 192.168.20.22
//ping PC2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.20.22, timeout is 2 seconds:
....!         // 初次连接会丢包部分
Success rate is 20 percent (1/5), round-trip min/avg/max = 220/220/220 ms
PC1(config)#do ping 192.168.20.22
 
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.20.22, timeout is 2 seconds:
!!!!!        // 再次连接完全正常
Success rate is 100 percent (5/5), round-trip min/avg/max = 184/282/336 ms
PC2 连通性如下:
PC2(config)#do ping 192.168.10.11
//ping PC1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.10.11, timeout is 2 seconds:
!!!!!               // 连通性正常
Success rate is 100 percent (5/5), round-trip min/avg/max = 140/233/468 ms
 
 
Step 2: 断开任意一个路由器接口的网络连通性
 
路由器 R2 配置如下:
R2(config)#interface f1/1
R2(config-if)#shutdown                                                      // 关闭接口 F1/1
*Dec 12 20:26:49.067: %HSRP-6-STATECHANGE: FastEthernet1/1 Grp 20 state Active -
> Init             //F1/1 Group 20 状态 活跃 -> 初始
*Dec 12 20:26:51.067: %LINK-5-CHANGED: Interface FastEthernet1/1, changed state
to administratively down  // 接口 F1/1 ,转变状态到管理性关闭
*Dec 12 20:26:52.067: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet1/1, changed state to down
R2(config-if)#exit
R2(config)#do show standby brief
                     P indicates configured to preempt.
                     |
Interface   Grp Prio P State    Active          Standby         Virtual IP
Fa0/0       10  50   P Standby  192.168.10.1    local           192.168.10.10
Fa1/1       20  200  P Init     unknown         unknown         192.168.20.20
// Fa1/1 状态为初始,活跃未知,备份未知
 
路由器 R1 配置如下:
*Dec 12 20:26:57.407: %HSRP-6-STATECHANGE: FastEthernet1/1 Grp 20 state Standby
-> Active              //R1 F1/1 Group 20 状态备份 -> 活跃
R1(config)#do show standby brief
                     P indicates configured to preempt.
                     |
Interface   Grp Prio P State    Active          Standby         Virtual IP
Fa0/0       10  200  P Active   local           192.168.10.2    192.168.10.10
Fa1/1       20  150  P Active   local           unknown         192.168.20.20
//Fa1/1 状态活跃 活跃本地 备份未知
 
PC1 连通性如下:
PC1(config)#do ping 192.168.20.22
//ping PC2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.20.22, timeout is 2 seconds:
!!!!!        // 连通性良好
Success rate is 100 percent (5/5), round-trip min/avg/max = 76/124/172 ms
 
PC2 连通性如下:
PC2(config)#do ping 192.168.10.11
//ping PC1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.10.11, timeout is 2 seconds:
!!!!!        // 连通性良好
Success rate is 100 percent (5/5), round-trip min/avg/max = 64/105/184 ms
 
 
3 .实验总结
       热备份路由协议 HSRP (Hot Standby Router Protocol) Cisco 平台特有技术,确保了当网络边缘设备或接入链路出现故障时,用户通信能迅速并透明地恢复,并以此为 IP 网络提供冗余性和一定的负载分担能力。通过应用 HSRP 可是网络正常运行时间接近 100% ,从而满足用户对网络可靠性要求。知识点总结如下:
l         网络终端设备发现可用路由器有 3 种方式:默认网关 (Default Gateway) ;代理 ARP(Proxy ARP) ICMP 路由器发现协议 (ICMP Router Discovery Protocol, IRDP)
l         HSRP 组成员包括:一台活跃路由器、一台备份路由器、一台虚拟路由器和其他路由器
l         HSRP 工作状态依次有:初始状态;学习状态;监听状态;发言状态;备份状态;活跃状态。
l         通常 HSRP 计时器的保持时间会大于或等于 Hello 间隔时间。
l         HSRP 可建立 8 字符明文认证字符串以保证 HSRP 组正确性和提供一定程度的安全性,但明文密码容易被探测并重放到线路中。
 

你可能感兴趣的:(职场,休闲,试验,HSRP,Ciso)