1. 作业要求:
利用vrrp实现路由器之间的备份
实现两个路由器之间流量的分流(提高效率)
利用通道技术来提高安全性
2. 拓扑图
3. 设备描述:
路由器:H3C Quidway R2621 (R9 R6)
交换机:H3C Quidway S2000 (二层交换机S2)
H3C Quidway S3526E (三层交换机S1)
4. 设备配置
4.1 基本配置:
路由器R9:
[Router]sysname R9
[R9]int e1.10
[R9-Ethernet1.10]vlan-type dot1q vid 10 //打标签
[R9-Ethernet1.10]ip add 192.168.10.1 255.255.255.0//配ip
//这两步顺序不能颠倒!
[R9-Ethernet1.10]int e1.20
[R9-Ethernet1.20]vlan-type dot1q vid 20
[R9-Ethernet1.20]ip add 192.168.20.1 24
路由器R6:
[R6]int e1.10
[R6-Ethernet1.10]vlan-type dot1q vid 10
[R6-Ethernet1.10]ip add 192.168.10.2 24
[R6-Ethernet1.10]int e1.20
[R6-Ethernet1.20]vlan-type dot1q vid 20
[R6-Ethernet1.20]ip add 192.168.20.2 24
交换机s1:
[Quidway]sysname s1
[s1]int e0/24
[s1-Ethernet0/24]port link-type trunk //干道链路
[s1-Ethernet0/24]port trunk permit vlan all //默认只允许vlan1通过,所以这里
Please wait........................................... Done.
[s1-Ethernet0/24]vlan 10
[s1-vlan10]port e0/3 to e0/5 //划分端口
[s1-vlan10]vlan 20
[s1-vlan20]port e0/10 to e 0/15
[s1]int e0/1
[s1-Ethernet0/1]port link-type trunk
[s1-Ethernet0/1]port trunk permit vlan all
[s1-Ethernet0/1]dis int e0/1
Ethernet0/1 current state : UP
IP Sending Frames' Format is PKTFMT_ETHNT_2, Hardware address is 00e0-fc0e-b624
The Maximum Transmit Unit is 1500
Media type is twisted pair, loopback not set
Port hardware type is 100_BASE_TX
100Mbps-speed mode, full-duplex mode
Link speed type is autonegotiation, link duplex type is autonegotiation
Flow-control is not enabled
Port-flow-constrain has not been configured completely
The Maximum Frame Length is 1536
Broadcast MAX-ratio: 100%
PVID: 1
Mdi type: auto
Port link-type: trunk
VLAN passing : 1(default vlan), 10, 20
VLAN allowed : 1(default vlan), 2-4094
Trunk port encapsulation: IEEE 802.1q
交换机s2:
[s2]int e1/0/24
[s2-Ethernet1/0/24]port link-type trunk
[s2-Ethernet1/0/24]port trunk permit vlan all
Please wait........................................... Done.
[s2-Ethernet1/0/24]vlan 10
[s2-vlan10]port e1/0/3 to e1/0/5
[s2-vlan10]vlan 20
[s2-vlan20]port e1/0/10 to e1/0/15
[s2]int e1/0/1
[s2-Ethernet1/0/1]port link-type trunk
[s2-Ethernet1/0/1]port trunk permit vlan all
Please wait........................................... Done.
[s2-Ethernet1/0/1]dis int e1/0/1
Ethernet1/0/1 current state : UP
IP Sending Frames' Format is PKTFMT_ETHNT_2, Hardware address is 000f-e274-2158
Media type is twisted pair, loopback not set
Port hardware type is 100_BASE_TX
100Mbps-speed mode, full-duplex mode
Link speed type is autonegotiation, link duplex type is autonegotiation
Flow-control is not enabled
The Maximum Frame Length is 1536
Broadcast MAX-ratio: 100%
PVID: 1
Mdi type: normal
Port link-type: trunk
VLAN passing : 1(default vlan), 10, 20
VLAN permitted: 1(default vlan), 2-4094
Trunk port encapsulation: IEEE 802.1q
测试是否能通:
[R9]ping 192.168.10.2
PING 192.168.10.2: 56 data bytes, press CTRL_C to break
Reply from 192.168.10.2: bytes=56 Sequence=0 ttl=255 time = 2 ms
Reply from 192.168.10.2: bytes=56 Sequence=1 ttl=255 time = 2 ms
[R9]ping 192.168.20.2
PING 192.168.20.2: 56 data bytes, press CTRL_C to break
Reply from 192.168.20.2: bytes=56 Sequence=0 ttl=255 time = 2 ms
Reply from 192.168.20.2: bytes=56 Sequence=1 ttl=255 time = 2 ms
配通道之前:必须保证两条线路为trunk链路!
4.2 通道配置:
添加一条链路:
[s1-Ethernet0/22]int e0/2
[s1-Ethernet0/2]port link-type trunk
[s1-Ethernet0/2]port trunk permit vlan all
Please wait........................................... Done
[s2]int e1/0/2
[s2-Ethernet1/0/2]port link-type trunk
[s2-Ethernet1/0/2]port trunk permit vlan al
通道捆绑配置:
//s3526E
[s1]link-aggregation eth0/1 to eth0/2 both
范围要求 1 9 17 连续能捆绑,其他的不能
而且端口要求全双工 ,百兆!
//S2000
[s2]link-aggregation group 1 mode manual
[s2-Ethernet1/0/22]int e1/0/1
[s2-Ethernet1/0/1]port link-aggregation group 1
[s2]int e1/0/2
[s2-Ethernet1/0/2]port link-aggregation group 1
进接口设置全双工,速率
[s1]int e0/1
[s1-Ethernet0/1]duplex full
[s1-Ethernet0/1]speed 100
[s1]int e0/2
[s1-Ethernet0/2]duplex ?
auto Enable port's duplex negotiation automatically
full Full-duplex
half Half-duplex
[s1-Ethernet0/2]duplex full
[s1-Ethernet0/2]speed 100
[s2-Ethernet1/0/1]duplex full //这一端可自动协商!
[s2-Ethernet1/0/1]speed 100
[s2-Ethernet1/0/1]int e1/0/2
[s2-Ethernet1/0/2]duplex full
[s2-Ethernet1/0/2]speed 100
测试:拔掉s1与s2 之间的任意一条线路,都不影响正常通信!
4.3 vrrp (虚拟冗余路由协议)
[R6]vrrp ping-enable //必须先执行此命令,否则后面不能使用ping命令
ping vrrp enable
[R9]int e1.10
[R9-Ethernet1.10]vrrp vrid ?
INTEGER<1-255> Virtual router ID
[R9-Ethernet1.10]vrrp vrid 10 virtual-ip 192.168.10.254 //配虚拟网关指向
[R9-Ethernet1.10]int e1.20
[R9-Ethernet1.20]vrrp vrid 20 virtual-ip 192.168.20.254
[R6]vrrp ping-enable
ping vrrp enable
[R6]int e1.10
[R6-Ethernet1.10]vrrp vrid 10 virtual-ip 192.168.10.254
[R6-Ethernet1.10]vrrp vrid 10 priority 80
[R6-Ethernet1.10]int e1.20
[R6-Ethernet1.20]vrrp vrid 20 virtual-ip 192.168.20.254
[R6-Ethernet1.20]vrrp vrid 20 priority 80 //调优先级
5. 测试:
[R6]dis vrrp
Ethernet1.20 | Virtual Router 20
state : Backup
Virtual IP : 192.168.20.254
Priority : 80
Preempt : YES Delay Time : 0
Timer : 1
Auth Type : NO
Ethernet1.10 | Virtual Router 10
state : Backup
Virtual IP : 192.168.10.254
Priority : 80
Preempt : YES Delay Time : 0
Timer : 1
Auth Type : NO
[R9]dis vrrp
Ethernet1.20 | Virtual Router 20
state : Master
Virtual IP : 192.168.20.254
Priority : 100
Preempt : YES Delay Time : 0
Timer : 1
Auth Type : NO
Ethernet1.10 | Virtual Router 10
state : Master
Virtual IP : 192.168.10.254
Priority : 100
Preempt : YES Delay Time : 0
Timer : 1
Auth Type : NO
所有流量都集中在一台路由器上了!即R9 (R6作为备份)
分流的配置:
[R6]int e1.20
[R6-Ethernet1.20]vrrp vrid 20 priority 120
[R6-Ethernet1.20]quit
[R6]dis vrrp
Ethernet1.20 | Virtual Router 20
state : Master
Virtual IP : 192.168.20.254
Priority : 120
Preempt : YES Delay Time : 0 //默认权限争夺
Timer : 1
Auth Type : NO
Ethernet1.10 | Virtual Router 10
state : Backup
Virtual IP : 192.168.10.254
Priority : 80
Preempt : YES Delay Time : 0
Timer : 1
Auth Type : NO
流量分散在两个路由器
把中间通道的任意一条线路拔插之后效果图:(通道的作用)