网络工程 - HSRP 仅适用于三个 VLAN 中的一个 - 吾爱随笔录

HSRP 仅适用于三个 VLAN 中的一个

网络工程思科局域网热休克蛋白

2022-02-13 21:18:50

我有两个 L3 交换机为 3 个 VLAN（64、65、66）执行 HSRP。

查看“show standby brief”命令的输出时，我可以看到两台交换机都为一个 vlan (65) 形成了一个虚拟路由器。

这是我的拓扑：

这是Core1上的配置：

    en
     conf t
     no ip domain-lookup
     ipv6 unicast-routing
     ip routing

     int loopback 0
      ip add 2.2.2.3 255.255.255.255
      exit

     vlan 64
      exit
     vlan 65
      exit
     vlan 66
      exit

     ipv6 router ospf 1
      auto-cost reference-bandwidth 100000
      router-id 2.2.2.3
      area 64 range 2001:db8:18:6400::/58
      area 65 range 2001:db8:18:6500::/58
      area 66 range 2001:db8:18:6600::/58
      passive-interface g0/1
      passive-interface g0/2
      exit

     router ospf 1
      auto-cost reference-bandwidth 100000
      area 64 range 10.0.64.0 255.255.255.0
      area 65 range 10.0.65.0 255.255.255.0
      area 66 range 10.0.66.0 255.255.255.0
      passive-interface g0/1
      passive-interface g0/2
      exit

     int vlan 64
      ip add 10.0.64.3 255.255.255.0
      ipv6 add 2001:db8:18:6400::3/64
      ipv6 ospf 1 area 0
      ip ospf 1 area 0
      no sh

     int vlan 65
      ip add 10.0.65.3 255.255.255.0
      ipv6 add 2001:db8:18:6500::3/64
      ipv6 ospf 1 area 0
      ip ospf 1 area 0
      no sh

     int vlan 66
      ip add 10.0.66.3 255.255.255.0
      ipv6 add 2001:db8:18:6600::3/64
      ipv6 ospf 1 area 0
      ip ospf 1 area 0
      no sh

     int fa0/5
      switchport mode trunk
      switchport trunk enc dot1q
      switchport native vlan 99
      exit

     int f0/4
      switchport mode trunk
      switchport trunk enc dot1q
      switchport native vlan 99
      exit

     int g0/1
      switchport mode trunk
      switchport trunk enc dot1q

     int g0/2
      switchport mode trunk
      switchport trunk enc dot1q

     int f0/24
      no switchport
      ip add 10.0.0.45 255.255.255.252
      ipv6 add 2001:db8:18:0010::1/64
      ipv6 ospf 1 area 0
      ip ospf 1 area 0
      ip ospf hello-interval 3
      ipv6 ospf hello-interval 3
      no sh
      exit 

     int fa0/1
      no switchport
      ip add 10.0.0.26 255.255.255.252
      ipv6 add 2001:db8:18:0006::2/64
      ipv6 ospf 1 area 0
      ip ospf hello-interval 3
      ipv6 ospf hello-interval 3
      no sh
      exit

     int fa0/2
      no switchport
      ip add 10.0.0.18 255.255.255.252
      ipv6 add 2001:db8:18:0005::2/64
      ipv6 ospf 1 area 0
      ip ospf hello-interval 3
      ipv6 ospf hello-interval 3
      no sh
      exit

     int vlan 64
      standby 64 priority 100
      standby 64 ip 10.0.64.2
      exit

     int vlan 65
      standby 65 priority 100
      standby 65 ip 10.0.65.2
      exit

     int vlan 66
      standby 66 priority 100
      standby 66 ip 10.0.66.2
      exit

     router ospf 1
      passive-interface Vlan 64
      passive-interface Vlan 65
      passive-interface Vlan 66
      exit

     ip access-list extended VLAN64 
      deny ip 10.0.0.0 0.255.255.255 any
      exit
     ip access-list extended  VLAN65
      deny ip 10.0.0.0 0.255.255.255 any
      exit
     ip access-list extended  VLAN66
      permit tcp 10.0.0.0 0.255.255.255 host 10.0.66.101 eq 80
      permit tcp 10.0.0.0 0.255.255.255 host 10.0.66.101 eq 443
      permit tcp 10.0.0.0 0.255.255.255 host 10.0.66.101 eq 139
      permit tcp 10.0.0.0 0.255.255.255 host 10.0.66.101 eq 445
      deny ip 10.0.0.0 0.255.255.255 any
      exit

     ipv6 access-list VLAN64IPv6
      deny ipv6 any any
      exit
     ipv6 access-list VLAN65IPv6
      deny ipv6 any any
      exit
     ipv6 access-list VLAN66IPv6
      permit tcp 2001:db8:18::/48 host 2001:db8:18:6600::0010 eq 80
      permit tcp 2001:db8:18::/48 host 2001:db8:18:6600::0010 eq 443
      permit tcp 2001:db8:18::/48 host 2001:db8:18:6600::0010 eq 139
      permit tcp 2001:db8:18::/48 host 2001:db8:18:6600::0010 eq 445
      deny ipv6 any any
      exit

     int vlan 64
      ip access-group VLAN64 out
      ipv6 traffic-filter VLAN64IPv6 out
      exit

     int vlan 65
      ip access-group VLAN65 out
      ipv6 traffic-filter VLAN65IPv6  out
      exit

     int vlan 66
      ip access-group VLAN66 out
      ipv6 traffic-filter VLAN66IPv6  out
     end

这是Core0上的配置：

    en
 conf t
 no ip domain-lookup
 ipv6 unicast-routing
 ip routing

 int loopback 0
  ip add 2.2.2.1 255.255.255.255
  exit

 vlan 64
  exit
 vlan 65
  exit
 vlan 66
  exit

 ipv6 router ospf 1
  auto-cost reference-bandwidth 100000
  router-id 2.2.2.1
  area 64 range 2001:db8:18:6400::/58
  area 65 range 2001:db8:18:6500::/58
  area 66 range 2001:db8:18:6600::/58
  passive-interface g0/1
  passive-interface g0/2
  exit

 router ospf 1
  auto-cost reference-bandwidth 100000
  area 64 range 10.0.64.0 255.255.255.0
  area 65 range 10.0.65.0 255.255.255.0
  area 66 range 10.0.66.0 255.255.255.0
  passive-interface g0/1
  passive-interface g0/2

 int vlan 64
  ip add 10.0.64.1 255.255.255.0
  ipv6 add 2001:db8:18:6400::1/64
  ipv6 ospf 1 area 0
  ip ospf 1 area 0
  no sh

 int vlan 65
  ip add 10.0.65.1 255.255.255.0
  ipv6 add 2001:db8:18:6500::1/64
  ipv6 ospf 1 area 0
  ip ospf 1 area 0
  no sh

 int vlan 66
  ip add 10.0.66.1 255.255.255.0
  ipv6 add 2001:db8:18:6600::1/64
  ipv6 ospf 1 area 0
  ip ospf 1 area 0
  no sh

 int fa0/5
  switchport mode trunk
  switchport trunk enc dot1q
  switchport native vlan 99
  exit

 int f0/4
  switchport mode trunk
  switchport trunk enc dot1q
  switchport native vlan 99
  exit

 int g0/1
  switchport mode trunk
  switchport trunk enc dot1q

 int g0/2
  switchport mode trunk
  switchport trunk enc dot1q

 int f0/24
  no switchport
  ip add 10.0.0.41 255.255.255.252
  ipv6 add 2001:db8:18:0009::1/64
  ipv6 ospf 1 area 0
  ip ospf 1 area 0
  ip ospf hello-interval 3
  ipv6 ospf hello-interval 3
  no sh
  exit

 int fa0/1
  no switchport
  ip add 10.0.0.30 255.255.255.252
  ipv6 add 2001:db8:18:0008::2/64
  ipv6 ospf 1 area 0
  ip ospf 1 area 0
  ip ospf hello-interval 3
  ipv6 ospf hello-interval 3
  no sh
  exit

 int fa0/2
  no switchport
  ip add 10.0.0.22 255.255.255.252
  ipv6 add 2001:db8:18:0007::2/64
  ipv6 ospf 1 area 0
  ip ospf 1 area 0
  ip ospf hello-interval 3
  ipv6 ospf hello-interval 3
  no sh
  exit

 router ospf 1
  passive-interface Vlan 64
  passive-interface Vlan 65
  passive-interface Vlan 66
  exit

 int vlan 64
  standby 64 priority 200
  standby 64 ip 10.0.64.2
  exit

 int vlan 65
  standby 65 priority 200
  standby 65 ip 10.0.65.2
  exit

 int vlan 66
  standby 66 priority 200
  standby 66 ip 10.0.66.2
  exit

 ip access-list extended VLAN64 
  deny ip 10.0.0.0 0.255.255.255 any

  exit
 ip access-list extended  VLAN65
  deny ip 10.0.0.0 0.255.255.255 any
  exit
 ip access-list extended  VLAN66
  permit tcp 10.0.0.0 0.255.255.255 host 10.0.66.101 eq 80
  permit tcp 10.0.0.0 0.255.255.255 host 10.0.66.101 eq 443
  permit tcp 10.0.0.0 0.255.255.255 host 10.0.66.101 eq 139
  permit tcp 10.0.0.0 0.255.255.255 host 10.0.66.101 eq 445
  deny ip 10.0.0.0 0.255.255.255 any
  exit

 ipv6 access-list VLAN64IPv6
  deny ipv6 any any
  exit
 ipv6 access-list VLAN65IPv6
  deny ipv6 any any
  exit
 ipv6 access-list VLAN66IPv6
  permit tcp 2001:db8:18::/48 host 2001:db8:18:6600::0010 eq 80
  permit tcp 2001:db8:18::/48 host 2001:db8:18:6600::0010 eq 443
  permit tcp 2001:db8:18::/48 host 2001:db8:18:6600::0010 eq 139
  permit tcp 2001:db8:18::/48 host 2001:db8:18:6600::0010 eq 445
  deny ipv6 any any
  exit

 int vlan 64
  ip access-group VLAN64 out
  ipv6 traffic-filter VLAN64IPv6 out
  exit

 int vlan 65
  ip access-group VLAN65 out
  ipv6 traffic-filter VLAN65IPv6  out
  exit

 int vlan 66
  ip access-group VLAN66 out
  ipv6 traffic-filter VLAN66IPv6  out
 exit
exit

core1 上的“显示待机简介”

2个回答

假设 Core0 是所有三个 VLAN 的根网桥和 HSRP 主网桥，并且上行链路是FastEthernet0/1和FastEthernet0/2，您应该执行以下操作：

核心0：

spanning-tree vlan 64 priority root primary
spanning-tree vlan 65 priority root primary
spanning-tree vlan 66 priority root primary
!
interface Vlan64
 ip address 10.0.64.2 255.255.255.0
 ip ospf 1 area 0
 standby version 2
 standby 64 ip 10.0.64.1
 standby 64 priority 110
 standby 64 preempt delay 30
 standby 64 track FastEthernet0/1 8
 standby 64 track FastEthernet0/2 8
!
interface Vlan65
 ip address 10.0.65.2 255.255.255.0
 ip ospf 1 area 0
 standby version 2
 standby 65 ip 10.0.65.1
 standby 65 priority 110
 standby 65 preempt delay 30
 standby 65 track FastEthernet0/1 8
 standby 65 track FastEthernet0/2 8
!
interface Vlan66
 ip address 10.0.66.2 255.255.255.0
 ip ospf 1 area 0
 standby version 2
 standby 66 ip 10.0.66.1
 standby 66 priority 110
 standby 66 preempt delay 30
 standby 66 track FastEthernet0/1 8
 standby 66 track FastEthernet0/2 8
!

核心1：

spanning-tree vlan 64 priority root secondary
spanning-tree vlan 65 priority root secondary
spanning-tree vlan 66 priority root secondary
!
interface Vlan64
 ip address 10.0.64.3 255.255.255.0
 ip ospf 1 area 0
 standby version 2
 standby 64 ip 10.0.64.1
 standby 64 priority 100
 standby 64 preempt delay 30
 standby 64 track FastEthernet0/1 8
 standby 64 track FastEthernet0/2 8
!
interface Vlan65
 ip address 10.0.65.3 255.255.255.0
 ip ospf 1 area 0
 standby version 2
 standby 65 ip 10.0.65.1
 standby 65 priority 100
 standby 65 preempt delay 30
 standby 65 track FastEthernet0/1 8
 standby 65 track FastEthernet0/2 8
!
interface Vlan66
 ip address 10.0.66.3 255.255.255.0
 ip ospf 1 area 0
 standby version 2
 standby 66 ip 10.0.66.1
 standby 66 priority 100
 standby 66 preempt delay 30
 standby 66 track FastEthernet0/1 8
 standby 66 track FastEthernet0/2 8
!

这会将根网桥和 HSRP 主网桥的 HSRP 优先级设置为 Core0。当一个上行链路发生故障时，它将降低 HSRP 优先级8（不足以切换），如果另一个上行链路发生故障，它将主 HSRP 切换到 Core1。我在抢占上设置了延迟，以便不稳定的连接不会导致 HSRP 不断反弹。

好吧，在我没有设置两个交换机的优先级之后，他们成功地组成了一个虚拟路由器。

其它你可能感兴趣的问题

上一篇实验室 - OSPF 的 IPv4 任播 VLAN 和主机交互下一篇AQM 广播早期 WTD 计数器