Cisco IOS Cookbook 中文精简版第二十二章第一跳冗余协议

22.1. 配置基本HSRP

提问 当主用路由器当掉以后备份路由器可以接管主用路由器的IP地址和MAC地址

回答

Router1：

Router1#configure terminal

Enter configuration commands, one per line. End with CNTL/Z.

Router1(config)#interface FastEthernet 0/1

Router1(config-if)#ip address 172.22.1.3 255.255.255.0

Router1(config-if)#standby 1 ip 172.22.1.1

Router1(config-if)#standby 1 priority 120

Router1(config-if)#exit

Router1(config)#end

Router1#

Router2：

Router2#configure terminal

Enter configuration commands, one per line. End with CNTL/Z.

Router2(config)#interface FastEthernet 1/0

Router2(config-if)#ip address 172.22.1.2 255.255.255.0

Router2(config-if)#standby 1 ip 172.22.1.1

Router2(config-if)#standby 1 priority 110

Router2(config-if)#exit

Router2(config)#end

Router2#

注释 由于HSRP虚拟出来的MAC地址跟组相关，所以可能会出现同一交换机收到多个相同的MAC地址的情况，这时候就需要用standby 1 mac-address 0000.0c07.ad01 命令来人工指定一个MAC地址

<!--[if !supportLists]-->22.2. <!--[endif]-->使用HSRP 强占特性

提问 强制某个路由器启动后一直在组中处于主用状态

回答

Router1#configure terminal

Enter configuration commands, one per line. End with CNTL/Z.

Router1(config)#interface FastEthernet 0/1

Router1(config-if)#standby 1 ip 172.22.1.1

Router1(config-if)#standby 1 priority 120

Router1(config-if)#standby 1 preempt

Router1(config-if)#exit

Router1(config)#end

Router1#

Router2#configure terminal

Enter configuration commands, one per line. End with CNTL/Z.

Router2(config)#interface FastEthernet 1/0

Router2(config-if)#standby 1 ip 172.22.1.1

Router2(config-if)#standby 1 priority 110

Router2(config-if)#standby 1 preempt

Router2(config-if)#exit

Router2(config)#end

Router2#

注释 正常情况下当LAN端口up后就会发生强占，而此时可能网络还没有收敛，所以建议配置强占延迟时间，让路由器启动后过一段时间再发起强占standby 1 preempt delay 60

22.3. 配置HSRP对接口问题追踪的支持

提问 当主用路由器的上联端口出现问题后主动切换到备用路由器

回答

Router1#configure terminal

Enter configuration commands, one per line. End with CNTL/Z.

Router1(config)#interface FastEthernet0/1

Router1(config-if)#standby 1 ip 172.22.1.1

Router1(config-if)#standby 1 priority 120

Router1(config-if)#standby 1 preempt

Router1(config-if)#standby 1 track Serial0/0 20

Router1(config-if)#exit

Router1(config)#end

Router1#

从12.2(15)T后引入更多可追踪实例

Router1#configure terminal

Enter configuration commands, one per line. End with CNTL/Z.

Router1(config)#track 11 interface Serial1/1 ip routing

Router1(config-track)#exit

Router1(config)#interface FastEthernet0/0

Router1(config-if)#standby 1 ip 172.22.1.1

Router1(config-if)#standby 1 priority 120

Router1(config-if)#standby 1 preempt

Router1(config-if)#standby 1 track 11 decrement 50

Router1(config-if)#end

Router1#

注释 Router1#show track

Track 11

Interface Serial1/1 ip routing

IP routing is Down (hw admin-down, ip disabled)

1 change, last change 00:12:48

Tracked by:

HSRP FastEthernet0/0 1

22.4. HSRP负载均衡

提问 在两台或者多台HSRP路由器上实现流量的负载均衡

回答

Router1#configure terminal

Enter configuration commands, one per line. End with CNTL/Z.

Router1(config)#interface FastEthernet0/1

Router1(config-if)#ip address 172.22.1.3 255.255.255.0

Router1(config-if)#standby 1 ip 172.22.1.1

Router1(config-if)#standby 1 priority 120

Router1(config-if)#standby 1 preempt

Router1(config-if)#standby 2 ip 172.22.1.2

Router1(config-if)#standby 2 priority 110

Router1(config-if)#standby 2 preempt

Router1(config-if)#exit

Router1(config)#end

Router1#

Router2#configure terminal

Enter configuration commands, one per line. End with CNTL/Z.

Router2(config)#interface FastEthernet1/0

Router2(config-if)#ip address 172.22.1.4 255.255.255.0

Router2(config-if)#standby 1 ip 172.22.1.1

Router2(config-if)#standby 1 priority 110

Router2(config-if)#standby 1 preempt

Router2(config-if)#standby 2 ip 172.22.1.2

Router2(config-if)#standby 2 priority 120

Router2(config-if)#standby 2 preempt

Router2(config-if)#exit

Router2(config)#end

Router2#

注释 由于出现两个网关，所以需要在终端设备上分开配置各自的缺省网关。

22.5. HSRP中ICMP重定向

提问 在HSRP中启用ICMP重定向

回答

Router2#configure terminal

Enter configuration commands, one per line. End with CNTL/Z.

Router2(config)#interface FastEthernet 1/0

Router2(config-if)#no ip redirects

Router2(config-if)#standby redirects disable

Router2(config-if)#exit

Router2(config)#end

Router2#

注释

22.6. 调整HSRP定时器

提问 调整备份路由器接管主用路由器所需时长

回答

Router1#configure terminal

Enter configuration commands, one per line. End with CNTL/Z.

Router1(config)#interface FastEthernet0/1

Router1(config-if)#standby 1 ip 172.22.1.1

Router1(config-if)#standby 1 priority 120

Router1(config-if)#standby 1 preempt

Router1(config-if)#standby 1 timers 1 3

Router1(config-if)#exit

Router1(config)#end

Router1#

注释 缺省Hello包时长为3秒，10秒后会接管，假如主用路由器调整时长，整个组内的路由器都要调整为相同的时长。最短可以到达毫秒Router1(config-if)#standby 1 timers msec 100 msec 300

22.7. 在令牌环网络中使用HSRP

提问 在令牌环网络中配置HSRP

回答

假如只用IP协议配置同前面例子，假如还有其他协议，非凡是使用了source-route bridging就用下面的配置方法

Router1#configure terminal

Enter configuration commands, one per line. End with CNTL/Z.

Router1(config)#interface Tokenring0

Router1(config-if)#ip address 172.22.1.3

Router1(config-if)#standby ip 172.22.1.1

Router1(config-if)#standby use-bia

Router1(config-if)#standby priority 120

Router1(config-if)#standby preempt

Router1(config-if)#exit

Router1(config)#end

Router1#

Router2#configure terminal

Enter configuration commands, one per line. End with CNTL/Z.

Router2(config)#interface Tokenring0

Router2(config-if)#ip address 172.22.1.2

Router2(config-if)#standby ip 172.22.1.1

Router2(config-if)#standby use-bia

Router2(config-if)#standby priority 110

Router2(config-if)#standby preempt

Router2(config-if)#exit

Router2(config)#end

Router2#

注释 由于令牌环网络会用到设备的MAC地址信息，所以假如HSRP用到虚拟MAC就会出问题，因此在配置中使用了burned-in address (BIA)来代替MAC来避免出现问题

22.8. 配置HSRP 的SNMP支持

提问 启用HSRP的SNMP Traps

回答

Router1#configure terminal

Enter configuration commands, one per line. End with CNTL/Z.

Router1(config)#snmp-server enable traps hsrp

Router1(config)#snmp-server host 172.25.1.1 ORATRAP

Router1(config)#end

Router1#

注释 无

22.9. 增加HSRP的安全性

提问 提高HSRP的安全

回答

组内设备使用相同的配置

Router1#configure terminal

Enter configuration commands, one per line. End with CNTL/Z.

Router1(config)#interface FastEthernet 0/1

Router1(config-if)#standby 1 ip 172.22.1.1

Router1(config-if)#standby 1 priority 120

Router1(config-if)#standby 1 authentication NEOSHI

Router1(config-if)#exit

Router1(config)#end

Router1#

从12.3(2)T后支持MD5加密密码

Router1#configure terminal

Enter configuration commands, one per line. End with CNTL/Z.

Router1(config)#interface FastEthernet0/1

Router1(config-if)#standby 1 ip 10.1.1.1

Router1(config-if)#standby 1 priority 200

Router1(config-if)#standby 1 authentication md5 key-string OREILLY

Router1(config-if)#end

Router1#

为了防止其他路由器成为主用路由器，设置本路由器高优先级

Router1#configure terminal

Enter configuration commands, one per line. End with CNTL/Z.

Router1(config)#interface FastEthernet 0/1

Router1(config-if)#standby 1 ip 172.22.1.1

Router1(config-if)#standby 1 priority 255

Router1(config-if)#exit

Router1(config)#end

Router1#

注释 无

22.10. 显示HSRP状态信息

提问 显示HSRP状态信息

回答

Router2#show standby

Router2#show standby FastEthernet 1/0

Router2#show standby brief

注释

22.11. HSRP排错

提问 对HSRP进行排错

回答

Router2#debug standby errors

Router2#debug standby events

Router2#debug standby packets

Router2#debug standby terse

注释

22.12. 启用HSRP 版本2

提问 部署HSRPv2

回答

Router1#configure terminal

Enter configuration commands, one per line. End with CNTL/Z.

Router1(config)#interface FastEthernet0/1

Router1(config-if)#standby version 2

Router1(config-if)#standby 4095 ip 10.1.1.1

Router1(config-if)#standby 4095 timers msec 15 msec 50

Router1(config-if)#standby 4095 priority 200

Router1(config-if)#standby 4095 preempt

Router1(config-if)#end

Router1#

Router2#configure terminal

Enter configuration commands, one per line. End with CNTL/Z.

Router2(config)#interface FastEthernet0/0

Router2(config-if)#standby version 2

Router2(config-if)#standby 4095 ip 10.1.1.1

Router2(config-if)#standby 4095 timers msec 15 msec 50

Router2(config-if)#standby 4095 priority 150

Router2(config-if)#standby 4095 preempt

Router2(config-if)#end

Router2#

注释 从12.3(4)T后开始支持HSRPv2，主要是扩展了可用组数，从v1的256个组到现在的4095个组，使用不同的MAC地址和组播地址，因此不能混用

22.13. VRRP

提问 在思科路由器上启用VRRP

回答

Router1#configure terminal

Enter configuration commands, one per line. End with CNTL/Z.

Router1(config)#interface FastEthernet0/1

Router1(config-if)#ip address 10.1.1.2 255.255.255.0

Router1(config-if)#vrrp 1 ip 10.1.1.1

Router1(config-if)#vrrp 1 preempt

Router1(config-if)#vrrp 1 priority 200

Router1(config-if)#end

Router1#

Router2#configure terminal

Enter configuration commands, one per line. End with CNTL/Z.

Router2(config)#interface FastEthernet0/0

Router2(config-if)#ip address 10.1.1.3 255.255.255.0

Router2(config-if)#vrrp 1 ip 10.1.1.1

Router2(config-if)#vrrp 1 preempt

Router2(config-if)#vrrp 1 priority 150

Router2(config-if)#end

Router2#

注释 注重在鉴权的配置上假如思科和非思科设备搭配可能会有问题。在配置定时器上只能配置Hello间隔，可以在主路由器上配置，备份路由器可以通过配置vrrp 1 timers learn 命令来自动学习，可以为配置添加描述，也支持Track

<!--[if !supportLists]-->22.14. <!--[endif]-->GLBP

提问 配置GLBP来实现流量的自动负荷分担

回答

Router1#configure terminal

Enter configuration commands, one per line. End with CNTL/Z.

Router1(config)#interface FastEthernet0/0

Router1(config-if)#ip address 172.22.1.3 255.255.255.0

Router1(config-if)#glbp 1 ip 172.22.1.1

Router1(config-if)#exit

Router1(config)#end

Router1#

Router2#configure terminal

Enter configuration commands, one per line. End with CNTL/Z.

Router2(config)#interface FastEthernet0/0

Router2(config-if)#ip address 172.22.1.2 255.255.255.0

Router2(config-if)#glbp 1 ip 172.22.1.1

Router2(config-if)#exit

Router2(config)#end

Router2#

注释 GLBP通过组内设备轮回的相应虚拟MAC地址来实现自动的负荷分担，当然也可以使用其他的分担方式，比如权重等，这样不需要通过配置多HSRP组的方式实现了均衡，并且所有设备使用同一的网关地址

• ·Cisco PIX 网络访问认证相关配置实例
• ·思科：值得关注的十大趋势
• ·Cisco IOS Cookbook 中文精简
• ·Cisco IOS Cookbook 中文精简
• ·Cisco IOS Cookbook 中文精简
• ·FortiOS Traffic Shaping
• ·Cisco IOS Cookbook 中文精简
• ·65系列机箱种类和区别
• ·ospf的注意事项
• ·some new eigrp feature