请注意,本文编写于 504 天前,最后修改于 501 天前,其中某些信息可能已经过时。
目录
如何在思科设备上配置HSRP? https://www.letsconfig.com/how-to-configure-hsrp-on-cisco/
HSRP (Hot Standby Router Protocol) is 是最常用的第一跳冗余协议之一,思科私有的。该协议是在局域网内,当一台路由器出现故障时,可以自动切换到另一台路由器,由另外一台接管。本期与大家分享一下,如何在思科IOS上配置HSRP协议。接下来,我讲根据下列拓扑图来部署HSRP。
一、基础配置
首先,我们先配置一下路由器的WAN接口的IP地址,本案例中,两台路由器的WAN接口均为G0/0。
RTR-01#configure terminal Enter configuration commands, one per line. End with CNTL/Z. RTR-01(config)# RTR-01(config)#interface gigabitEthernet 0/0 RTR-01(config-if)#ip address 103.21.40.2 255.255.255.252 RTR-01(config-if)#no shutdown RTR-01(config-if)#exit RTR-01(config)#
RTR-02#configure terminal Enter configuration commands, one per line. End with CNTL/Z. RTR-02(config)# RTR-02(config)#interface gigabitEthernet 0/0 RTR-02(config-if)#ip add 59.152.100.2 255.255.255.0 RTR-02(config-if)#no shutdown RTR-02(config-if)#exit RTR-02(config)#
在配置局域网接口时,需要确认一下地址块的掩码,为/29。
接下来,我们就给LAN接口配置一下IP地址,如下:
RTR-01(config)#interface gigabitEthernet 0/1 RTR-01(config-if)#ip address 10.1.1.2 255.255.255.248 RTR-01(config-if)#no shutdown
RTR-02(config)#interface gigabitEthernet 0/1 RTR-02(config-if)#ip add 10.1.1.3 255.255.255.248 RTR-02(config-if)#no shutdown
最后就是本期的关键配置了,我们需要指定一下HSRP的虚拟IP地址、设置一下两台路由器的HSRP的优先级。注意HSRP的相关配置是在LAN接口下配置的。
RTR-01(config)#interface gigabitEthernet 0/1 RTR-01(config-if)#standby 1 ip 10.1.1.1 RTR-01(config-if)#standby 1 priority 250 RTR-01(config-if)#
RTR-02(config)#interface gigabitEthernet 0/1 RTR-02(config-if)#standby 1 ip 10.1.1.1 RTR-02(config-if)#standby 1 priority 150 RTR-02(config-if)#
我们可以使用命令show standby 来查看一下HSRP的相关配置情况:
RTR-01#show standby GigabitEthernet0/1 - Group 1 State is Active 2 state changes, last state change 00:02:42 Virtual IP address is 10.1.1.1 Active virtual MAC address is 0000.0c07.ac01 Local virtual MAC address is 0000.0c07.ac01 (v1 default) Hello time 3 sec, hold time 10 sec Next hello sent in 0.656 secs Preemption disabled Active router is local Standby router is 10.1.1.3, priority 150 (expires in 11.440 sec) Priority 250 (configured 250) Group name is "hsrp-Gi0/1-1" (default) RTR-01#
RTR-02#show standby GigabitEthernet0/1 - Group 1 State is Standby 1 state change, last state change 00:00:48 Virtual IP address is 10.1.1.1 Active virtual MAC address is 0000.0c07.ac01 Local virtual MAC address is 0000.0c07.ac01 (v1 default) Hello time 3 sec, hold time 10 sec Next hello sent in 1.056 secs Preemption disabled Active router is 10.1.1.2, priority 250 (expires in 8.928 sec) Standby router is local Priority 150 (configured 150) Group name is "hsrp-Gi0/1-1" (default) RTR-02#
最后在PC上使用trace看看,丢几个包,验证一下:
C:>tracert -d 8.8.8.8
Tracing route to 8.8.8.8 over a maximum of 30 hops
1 123 ms 1 ms 1 ms 10.1.1.2
2 227 ms 1 ms 1 ms 103.21.40.1
3 1 ms 1 ms 3 ms ***********
4 3 ms 4 ms 6 ms ***********
5 3 ms 3 ms 2 ms 8.8.8.8
为了测试流量切换,我们需要关闭RTR-01 中的gigabitEthernet 0/1接口。然后再trace一下。
C:>tracert -d 8.8.8.8
Tracing route to 8.8.8.8 over a maximum of 30 hops
1 165 ms 1 ms 1 ms 10.1.1.3
2 227 ms 2 ms 1 ms 59.152.100.1
3 1 ms <1 ms 5 ms ***********
4 2 ms 2 ms 2 ms ***********
5 3 ms 2 ms 3 ms 8.8.8.8
在 RTR-02, 使用show standby 命令 看看HSRP状态变化:
RTR-02#show standby GigabitEthernet0/1 - Group 1 State is Active 2 state changes, last state change 00:02:10 Virtual IP address is 10.1.1.1 Active virtual MAC address is 0000.0c07.ac01 Local virtual MAC address is 0000.0c07.ac01 (v1 default) Hello time 3 sec, hold time 10 sec Next hello sent in 0.672 secs Preemption disabled Active router is local Standby router is unknown Priority 150 (configured 150) Group name is "hsrp-Gi0/1-1" (default) RTR-02#
到这来,就是基础配置,接下来跟继续往下看,一起学习高级配置吧!
二、高级配置
接下来,我们将配置一下可选,你就会了解到HSRP还有这么多的功能。
HSRP Preempt(抢占):
如果你想要让一台路由器故障恢复后继续成为主路由器,那么你需要开启抢占功能:
RTR-01(config)#interface gigabitEthernet 0/1 RTR-01(config-if)#standby 1 preempt RTR-01(config-if)#exit RTR-01(config)#
RTR-02(config)#interface gigabitEthernet 0/1 RTR-02(config-if)#standby 1 preempt RTR-02(config-if)#exit RTR-02(config)#
如果你想要让路由器在抢占之前先等待一段时间,那你们可以使用如下命令:
RTR-01(config-if)#standby 1 preempt delay minimum 60
RTR-02(config-if)#
standby 1 preempt delay minimum 60
RTR-01#show standby GigabitEthernet0/1 - Group 1 State is Init (interface down) 3 state changes, last state change 02:50:43 Virtual IP address is 10.1.1.1 Active virtual MAC address is unknown Local virtual MAC address is 0000.0c07.ac01 (v1 default) Hello time 3 sec, hold time 10 sec Preemption enabled Active router is unknown Standby router is unknown Priority 250 (configured 250) Group name is "hsrp-Gi0/1-1" (default) RTR-01#
Standby Track Configuration:
如果你想要监控主机路由器的G0/0接口发生故障时,能切换到备用路由器,那么你可以进行如下配置:
RTR-01#configure terminal RTR-01(config)#track 1 interface gigabitEthernet 0/0 ip routing RTR-01(config-track)#exit RTR-01(config)#
上述,我们先创建一个track,名字为1,用来监控g0/0的状态。
RTR-01(config)#interface gigabitEthernet 0/1 RTR-01(config-if)#standby 1 track 1 decrement 150 RTR-01(config-if)#exit RTR-01(config)#
当G0/1接口donw时,那么主路由器的HSRP优先级就会被降为100,(250-150=100),因为我们之前已经把主路由器设置为250了。
RTR-01#show standby GigabitEthernet0/1 - Group 1 State is Init (interface down) 3 state changes, last state change 03:27:46 Virtual IP address is 10.1.1.1 Active virtual MAC address is unknown Local virtual MAC address is 0000.0c07.ac01 (v1 default) Hello time 3 sec, hold time 10 sec Preemption enabled, delay min 60 secs Active router is unknown Standby router is unknown Priority 250 (configured 250) Track object 1 state Up decrement 150 Group name is "hsrp-Gi0/1-1" (default) RTR-01#
Load-Balancing with HSRP(实现负载分担):
为了负载分担,我们需要配置两个HSRP组(组数等于路由器数)。这里,对于组 1,RTR-01 由于更高的优先级而处于活动状态。并且,对于组 2,RTR-02 是活动的,具有更高的优先级。
RTR-01#configure terminal RTR-01(config)#interface gigabitEthernet 0/1 RTR-01(config-if)#ip address 10.1.1.2 255.255.255.0 RTR-01(config-if)#standby 1 ip 10.1.1.1 RTR-01(config-if)#standby 1 priority 150 RTR-01(config-if)#standby 1 preempt RTR-01(config-if)#standby 2 ip 10.1.1.4 RTR-01(config-if)#standby 2 priority 110 RTR-01(config-if)#standby 2 preempt RTR-01(config-if)#exit RTR-01(config)#exit RTR-01#
RTR-02#configure terminal RTR-02(config)#interface gigabitEthernet 0/1 RTR-02(config-if)#ip address 10.1.1.3 255.255.255.0 RTR-02(config-if)#standby 1 ip 10.1.1.1 RTR-02(config-if)#standby 1 priority 110 RTR-02(config-if)#standby 1 preempt RTR-02(config-if)#standby 2 ip 10.1.1.4 RTR-02(config-if)#standby 2 priority 150 RTR-02(config-if)#standby 2 preempt RTR-02(config-if)#exit RTR-02(config)#exit RTR-02#
我们可以使用 “show standby” 命令来查看:
RTR-01#show standby GigabitEthernet0/1 - Group 1 State is Active 4 state changes, last state change 00:00:24 Virtual IP address is 10.1.1.1 Active virtual MAC address is 0000.0c07.ac01 Local virtual MAC address is 0000.0c07.ac01 (v1 default) Hello time 3 sec, hold time 10 sec Next hello sent in 0.080 secs Preemption enabled Active router is local Standby router is 10.1.1.3, priority 110 (expires in 11.808 sec) Priority 150 (configured 150) Group name is "hsrp-Gi0/1-1" (default) GigabitEthernet0/1 - Group 2 State is Standby 1 state change, last state change 00:00:16 Virtual IP address is 10.1.1.4 Active virtual MAC address is 0000.0c07.ac02 Local virtual MAC address is 0000.0c07.ac02 (v1 default) Hello time 3 sec, hold time 10 sec Next hello sent in 2.080 secs Preemption enabled Active router is 10.1.1.3, priority 150 (expires in 11.360 sec) Standby router is local Priority 110 (configured 110) Group name is "hsrp-Gi0/1-2" (default) RTR-01#
HSRP Timers
如果要降低切换时间,可以修改一下计时器。默认情况下,hold time为10 秒,即10秒后没收到主路由器发的hello就切换。
RTR-01#show standby GigabitEthernet0/1 - Group 1 State is Active 1 state change, last state change 00:01:18 Virtual IP address is 10.1.1.1 Active virtual MAC address is 0000.0c07.ac01 Local virtual MAC address is 0000.0c07.ac01 (v1 default) Hello time 3 sec, hold time 10 sec Next hello sent in 1.088 secs Preemption enabled Active router is local Standby router is 10.1.1.3, priority 110 (expires in 9.248 sec) Priority 150 (configured 150) Group name is "hsrp-Gi0/1-1" (default) RTR-01#
接下来,我们试着修改一下:间隔为1秒,hold time 改为3秒:
RTR-01(config)#interface gigabitEthernet 0/1 RTR-01(config-if)#standby 1 timers 1 3 RTR-01(config-if)#end RTR-01#
我们再次查看一下:
RTR-01#show standby GigabitEthernet0/1 - Group 1 State is Active 1 state change, last state change 00:04:07 Virtual IP address is 10.1.1.1 Active virtual MAC address is 0000.0c07.ac01 Local virtual MAC address is 0000.0c07.ac01 (v1 default) Hello time 1 sec, hold time 3 sec Next hello sent in 0.368 secs Preemption enabled Active router is local Standby router is 10.1.1.3, priority 110 (expires in 3.120 sec) Priority 150 (configured 150) Group name is "hsrp-Gi0/1-1" (default) RTR-01#
HSRP Authentication:
为了安全起见,如果你想要在路由器之间做认证,可以进行如下配置:
Plain text(明文)
RTR-02#configure terminal RTR-02(config)#interface gigabitEthernet 0/1 RTR-01(config-if)#standby 1 authentication cisco RTR-01(config-if)#
RTR-02#
configure terminal RTR-02(config)#interface gigabitEthernet 0/1 RTR-02(config-if)#standby 1 authentication cisco RTR-02(config-if)#
MD5(加密)
RTR-02#configure terminal RTR-02(config)#interface gigabitEthernet 0/1 RTR-01(config-if)#standby 1 authentication md5 key-string cisco RTR-01(config-if)#
RTR-02#
configure terminal RTR-02(config)#interface gigabitEthernet 0/1 RTR-02(config-if)#standby 1 authentication md5 key-string cisco RTR-02(config-if)#
使用“Show standby” 命令查看一下:
RTR-01#show standby GigabitEthernet0/1 - Group 1 State is Active 1 state change, last state change 00:19:46 Virtual IP address is 10.1.1.1 Active virtual MAC address is 0000.0c07.ac01 Local virtual MAC address is 0000.0c07.ac01 (v1 default) Hello time 1 sec, hold time 3 sec Next hello sent in 0.752 secs Authentication MD5, key-string Preemption enabled Active router is local Standby router is 10.1.1.3, priority 110 (expires in 2.432 sec) Priority 150 (configured 150) Group name is "hsrp-Gi0/1-1" (default) RTR-01#
Troubleshooting(排查)
如果你遇到HSRP相关问题需要排错,可以参考如下命令,或许能帮助到你,觉得本期文章不错的话,就给点个赞呀!
-
debug standby errors
-
debug standby events
-
debug standby packets
-
debug standby terse
同时你可以参考思科官方文档就HSRP的说明Cisco documentation.
本文作者:Feel
本文链接:
版权声明:本博客所有文章除特别声明外,均采用 BY-NC-SA 许可协议。转载请注明出处!
目录