标签:
Configure inter-VLAN routing with HSRP to provide redundant, fault-tolerant routing to the internal network.
Hot Standby Router Protocol (HSRP) is a Cisco-proprietary redundancy protocol for establishing a fault-tolerant default gateway. It is described in RFC 2281. HSRP provides a transparent failover mechanism to the end stations on the network. This provides users at the access layer with uninterrupted service to the network if the primary gateway becomes inaccessible. The Virtual Router Redundancy Protocol (VRRP) is a standards-based alternative to HSRP and is defined in RFC 3768. The two technologies are similar but not compatible. This lab focuses on HSRP.
Erase the startup config, delete the vlan.dat file, and reload the switches.
Configure each host with the IP address, subnet mask, and default gateway shown in the topology.
1. Configure management IP addresses in VLAN 1, and the hostname, password, and Telnet access on all four switches.
Switch(config)# hostname ALS1 ALS1(config)# enable secret cisco ALS1(config)# line vty 0 15 ALS1(config-line)# password cisco ALS1(config-line)# login ALS1(config-line)# exit ALS1(config)# interface vlan 1 ALS1(config-if)# ip address 172.16.1.101 255.255.255.0 ALS1(config-if)# no shutdown
Switch(config)# hostname ALS2 ALS2(config)# enable secret cisco ALS2(config)# line vty 0 15 ALS2(config-line)# password cisco ALS2(config-line)# login ALS2(config-line)# exit ALS2(config)# interface vlan 1 ALS2(config-if)# ip address 172.16.1.102 255.255.255.0 ALS2(config-if)# no shutdown
Switch(config)# hostname DLS1 DLS1(config)# enable secret cisco DLS1(config)# line vty 0 15 DLS1(config-line)# password cisco DLS1(config-line)# login DLS1(config-line)# exit DLS1(config)# interface vlan 1 DLS1(config-if)# ip address 172.16.1.3 255.255.255.0 DLS1(config-if)# no shutdown
Switch(config)# hostname DLS2 DLS2(config)# enable secret cisco DLS2(config)# line vty 0 15 DLS2(config-line)# password cisco
DLS2(config-line)# login
DLS2(config-line)# exit
DLS2(config)# interface vlan 1
DLS2(config-if)# ip address 172.16.1.4 255.255.255.0
DLS2(config-if)# no shutdow
2. Configure default gateways on the access layer switches ALS1 and ALS2. The distribution layer switches will not use a default gateway because they act as Layer 3 devices. The access layer switches act as Layer 2 devices and need a default gateway to send management VLAN traffic off of the local subnet for the management VLAN.
ALS1(config)# ip default-gateway 172.16.1.1 ALS2(config)# ip default-gateway 172.16.1.1
EtherChannel is used for the trunks because it allows you to utilize both Fast Ethernet interfaces that are available between each device, thereby doubling the bandwidth.
Note: It is good practice to shut down the interfaces on both sides of the link before a port channel is created and then reenable them after the port channel is configured.
1. Configure trunks and EtherChannels from DLS1 and DLS2 to the other three switches according to the diagram. The switchport trunk encapsulation {isl | dot1q} command is used because these switches also support ISL encapsulation.
DLS1(config)# interface range fastEthernet 0/7 - 8 DLS1(config-if-range)# switchport trunk encapsulation dot1q DLS1(config-if-range)# switchport mode trunk DLS1(config-if-range)# channel-group 1 mode desirable Creating a port-channel interface Port-channel 1 DLS1(config-if-range)# interface range fastEthernet 0/9 - 10 DLS1(config-if-range)# switchport trunk encapsulation dot1q DLS1(config-if-range)# switchport mode trunk DLS1(config-if-range)# channel-group 2 mode desirable Creating a port-channel interface Port-channel 2 DLS1(config-if-range)# interface range fastEthernet 0/11 - 12 DLS1(config-if-range)# switchport trunk encapsulation dot1q DLS1(config-if-range)# switchport mode trunk DLS1(config-if-range)# channel-group 3 mode desirable Creating a port-channel interface Port-channel 3
DLS2(config)# interface range fastEthernet 0/7 - 8
DLS2(config-if-range)# switchport trunk encapsulation dot1q
DLS2(config-if-range)# switchport mode trunk
DLS2(config-if-range)# channel-group 1 mode desirable
Creating a port-channel interface Port-channel 1
DLS2(config-if-range)# interface range fastEthernet 0/9 - 10
DLS2(config-if-range)# switchport trunk encapsulation dot1q
DLS2(config-if-range)# switchport mode trunk
DLS2(config-if-range)# channel-group 2 mode desirable
Creating a port-channel interface Port-channel 2
DLS2(config-if-range)# interface range fastEthernet 0/11 - 12
DLS2(config-if-range)# switchport trunk encapsulation dot1q
DLS2(config-if-range)# switchport mode trunk
DLS2(config-if-range)# channel-group 3 mode desirable
Creating a port-channel interface Port-channel 3
2. Configure the trunks and EtherChannel from ALS1 and ALS2 to the other switches. Notice that no encapsulation type is needed because the 2960 supports only 802.1q trunks.
ALS1(config)# interface range fastEthernet 0/7 - 8 ALS1(config-if-range)# switchport mode trunk ALS1(config-if-range)# channel-group 1 mode desirable Creating a port-channel interface Port-channel 1 ALS1(config-if-range)# interface range fastEthernet 0/9 - 10 ALS1(config-if-range)# switchport mode trunk ALS1(config-if-range)# channel-group 2 mode desirable Creating a port-channel interface Port-channel 2 ALS1(config-if-range)# interface range fastEthernet 0/11 - 12 ALS1(config-if-range)# switchport mode trunk ALS1(config-if-range)# channel-group 3 mode desirable Creating a port-channel interface Port-channel 3
ALS2(config)# interface range fastEthernet 0/7 - 8 ALS2(config-if-range)# switchport mode trunk ALS2(config-if-range)# channel-group 1 mode desirable Creating a port-channel interface Port-channel 1 ALS2(config-if-range)# interface range fastEthernet 0/9 - 10 ALS2(config-if-range)# switchport mode trunk ALS2(config-if-range)# channel-group 2 mode desirable Creating a port-channel interface Port-channel 2 ALS2(config-if-range)# interface range fastEthernet 0/11 - 12 ALS2(config-if-range)# switchport mode trunk ALS2(config-if-range)# channel-group 3 mode desirable Creating a port-channel interface Port-channel 3
3. Verify trunking between DLS1, ALS1, and ALS2 using the show interface trunk command on all switches.
ALS1#show interface trunk Port Mode Encapsulation Status Native vlan Po1 on 802.1q trunking 1 Po2 on 802.1q trunking 1 Po3 on 802.1q trunking 1 Port Vlans allowed on trunk Po1 1-1005 Po2 1-1005 Po3 1-1005 Port Vlans allowed and active in management domain Po1 1 Po2 1 Po3 1 Port Vlans in spanning tree forwarding state and not pruned Po1 1 Po2 1 Po3 1
4. Issue the show etherchannel summary command on each switch to verify the EtherChannels.
DLS1#show etherchannel summary Flags: D - down P - in port-channel I - stand-alone s - suspended H - Hot-standby (LACP only) R - Layer3 S - Layer2 U - in use f - failed to allocate aggregator u - unsuitable for bundling w - waiting to be aggregated d - default port Number of channel-groups in use: 3 Number of aggregators: 3 Group Port-channel Protocol Ports ------+-------------+-----------+---------------------------------------------- 1 Po1(SU) PAgP Fa0/7(P) Fa0/8(P) 2 Po2(SU) PAgP Fa0/9(P) Fa0/10(P) 3 Po3(SU) PAgP Fa0/11(P) Fa0/12(P)
1. Change the VTP mode of ALS1 and ALS2 to client.
ALS1(config)#vtp mode client
Setting device to VTP CLIENT mode.
ALS2(config)# vtp mode client
Setting device to VTP CLIENT mode.
2. Verify the VTP changes with the show vtp status command.
ALS1#show vtp status VTP Version : 2 Configuration Revision : 0 Maximum VLANs supported locally : 255 Number of existing VLANs : 5 VTP Operating Mode : Client VTP Domain Name : VTP Pruning Mode : Disabled VTP V2 Mode : Disabled VTP Traps Generation : Disabled MD5 digest : 0x7D 0x5A 0xA6 0x0E 0x9A 0x72 0xA0 0x3A Configuration last modified by 0.0.0.0 at 0-0-00 00:00:00
1. Create the VTP domain on VTP server DLS1 and create VLANs 10, 20, 30, and 40 for the domain.
DLS1(config)# vtp domain SWPOD DLS1(config)# vtp version 2 DLS1(config)# vlan 10 DLS1(config-vlan)# name Finance DLS1(config-vlan)# vlan 20 DLS1(config-vlan)# name Engineering DLS1(config-vlan)# vlan 30 DLS1(config-vlan)# name Server-Farm1 DLS1(config-vlan)# vlan 40 DLS1(config-vlan)# name Server-Farm2
2. Verify VTP information throughout the domain using the show vlan and show vtp status commands.
Question: How many existing VLANs are in the VTP domain?
DLS1#show vtp status DLS1#show vtp status VTP Version : 2 Configuration Revision : 9 Maximum VLANs supported locally : 1005 Number of existing VLANs : 9 VTP Operating Mode : Server VTP Domain Name : SWPOD VTP Pruning Mode : Disabled VTP V2 Mode : Enabled VTP Traps Generation : Disabled MD5 digest : 0x3A 0x29 0x45 0xA0 0x18 0x80 0xDD 0xFF Configuration last modified by 172.16.1.3 at 3-1-93 00:45:18 Local updater ID is 172.16.1.3 on interface Vl1 (lowest numbered VLAN interface found)
DLS1#show vlan
VLAN Name Status Ports
---- -------------------------------- --------- -------------------------------
1 default active Fa0/1, Fa0/2, Fa0/3, Fa0/4
Fa0/5, Fa0/6, Fa0/13, Fa0/14
Fa0/15, Fa0/16, Fa0/17, Fa0/18
Fa0/19, Fa0/20, Fa0/21, Fa0/22
Fa0/23, Fa0/24, Gig0/1, Gig0/2
10 Finance active
20 Engineering active
30 Server-Farm1 active
40 Server-Farm2 active
1002 fddi-default act/unsup
1003 token-ring-default act/unsup
1004 fddinet-default act/unsup
1005 trnet-default act/unsup
VLAN Type SAID MTU Parent RingNo BridgeNo Stp BrdgMode Trans1 Trans2
---- ----- ---------- ----- ------ ------ -------- ---- -------- ------ ------
1 enet 100001 1500 - - - - - 0 0
10 enet 100010 1500 - - - - - 0 0
20 enet 100020 1500 - - - - - 0 0
30 enet 100030 1500 - - - - - 0 0
40 enet 100040 1500 - - - - - 0 0
1002 fddi 101002 1500 - - - - - 0 0
1003 tr 101003 1500 - - - - - 0 0
1004 fdnet 101004 1500 - - - ieee - 0 0
1005 trnet 101005 1500 - - - ibm - 0 0
Remote SPAN VLANs
------------------------------------------------------------------------------
Primary Secondary Type Ports
------- --------- ----------------- ------------------------------------------
1. Configure the host ports of all four switches. The following commands configure the switch port mode as access, place the port in the proper VLANs, and turn on spanning-tree PortFast for the ports.
DLS1(config)# interface fastEthernet 0/6 DLS1(config-if)# switchport mode access DLS1(config-if)# switchport access vlan 30 DLS1(config-if)# spanning-tree portfast
DLS2(config)# interface fastEthernet 0/6 DLS2(config-if)# switchport mode access DLS2(config-if)# switchport access vlan 40 DLS2(config-if)# spanning-tree portfast
ALS1(config)# interface fastEthernet 0/6 ALS1(config-if)# switchport mode access ALS1(config-if)# switchport access vlan 10 ALS1(config-if)# spanning-tree portfast
ALS2(config)# interface fastEthernet 0/6 ALS2(config-if)# switchport mode access ALS2(config-if)# switchport access vlan 20 ALS2(config-if)# spanning-tree portfast
2. Ping from the host on VLAN 10 to the host on VLAN 40. The ping should fail.
Are these results expected at this point? Why?
Note: The switchport host command can be used to configure individual access ports. This command automatically activates access mode, PortFast, and removes all associations of the physical switch port with the port-channel interfaces (if there are any).
HSRP provides redundancy in the network. The VLANs can be load-balanced by using the standby group priority priority command. The ip routing command is used on DLS1 and DLS2 to activate routing capabilities on these Layer 3 switches.
Each route processor can route between the various SVIs configured on its switch. In addition to the real IP address assigned to each distribution switch SVI, assign a third IP address in each subnet to be used as a virtual gateway address. HSRP negotiates and determines which switch accepts information forwarded to the virtual gateway IP address.
The standby command configures the IP address of the virtual gateway, sets the priority for each VLAN, and configures the router for preempt. Preemption allows the router with the higher priority to become the active router after a network failure has been resolved.
In the following configurations, the priority for VLANs 1, 10, and 20 is 150 on DLS1, making it the active router for those VLANs. VLANs 30 and 40 have a priority of 100 on DLS1, making DLS1 the standby router for these VLANs. DLS2 is configured to be the active router for VLANs 30 and 40 with a priority of 150, and the standby router for VLANs 1, 10, and 20 with a priority of 100.
DLS1(config)# ip routing DLS1(config)# interface vlan 1 DLS1(config-if)# standby 1 ip 172.16.1.1 DLS1(config-if)# standby 1 preempt DLS1(config-if)# standby 1 priority 150 DLS1(config-if)# exit DLS1(config)# interface vlan 10 DLS1(config-if)# ip address 172.16.10.3 255.255.255.0 DLS1(config-if)# standby 1 ip 172.16.10.1 DLS1(config-if)# standby 1 preempt DLS1(config-if)# standby 1 priority 150 DLS1(config-if)# exit DLS1(config)# interface vlan 20 DLS1(config-if)# ip address 172.16.20.3 255.255.255.0 DLS1(config-if)# standby 1 ip 172.16.20.1 DLS1(config-if)# standby 1 preempt DLS1(config-if)# standby 1 priority 150 DLS1(config-if)# exit DLS1(config)# interface vlan 30 DLS1(config-if)# ip address 172.16.30.3 255.255.255.0 DLS1(config-if)# standby 1 ip 172.16.30.1 DLS1(config-if)# standby 1 preempt DLS1(config-if)# standby 1 priority 100 DLS1(config-if)# exit DLS1(config)# interface vlan 40 DLS1(config-if)# ip address 172.16.40.3 255.255.255.0 DLS1(config-if)# standby 1 ip 172.16.40.1 DLS1(config-if)# standby 1 preempt DLS1(config-if)# standby 1 priority 100
DLS2(config)# ip routing DLS2(config)# interface vlan 1 DLS2(config-if)# standby 1 ip 172.16.1.1 DLS2(config-if)# standby 1 preempt DLS2(config-if)# standby 1 priority 100 DLS2(config-if)# exit DLS2(config)# interface vlan 10 DLS2(config-if)# ip address 172.16.10.4 255.255.255.0 DLS2(config-if)# standby 1 ip 172.16.10.1 DLS2(config-if)# standby 1 preempt DLS2(config-if)# standby 1 priority 100 DLS2(config-if)# exit DLS2(config)# interface vlan 20 DLS2(config-if)# ip address 172.16.20.4 255.255.255.0 DLS2(config-if)# standby 1 ip 172.16.20.1 DLS2(config-if)# standby 1 preempt DLS2(config-if)# standby 1 priority 100 DLS2(config-if)# exit DLS2(config)# interface vlan 30 DLS2(config-if)# ip address 172.16.30.4 255.255.255.0 DLS2(config-if)# standby 1 ip 172.16.30.1 DLS2(config-if)# standby 1 preempt DLS2(config-if)# standby 1 priority 150 DLS2(config-if)# exit DLS2(config)# interface vlan 40 DLS2(config-if)# ip address 172.16.40.4 255.255.255.0 DLS2(config-if)# standby 1 ip 172.16.40.1 DLS2(config-if)# standby 1 preempt DLS2(config-if)# standby 1 priority 150
2. Verify HSRP configuration
Issue the show standby command on both DLS1 and DLS2.
DLS1#show standby Vlan1 - Group 1 (version 2) State is Active 5 state changes, last state change 01:06:06 Virtual IP address is 172.16.1.1 Active virtual MAC address is 0000.0C9F.F001 Local virtual MAC address is 0000.0C9F.F001 (v2 default) Hello time 3 sec, hold time 10 sec Next hello sent in 0.163 secs Preemption enabled Active router is local Standby router is 172.16.1.4 Priority 150 (configured 150) Group name is hsrp-Vl1-1 (default) Vlan10 - Group 1 (version 2) State is Active 5 state changes, last state change 01:06:44 Virtual IP address is 172.16.10.1 Active virtual MAC address is 0000.0C9F.F001 Local virtual MAC address is 0000.0C9F.F001 (v2 default) Hello time 3 sec, hold time 10 sec Next hello sent in 0.387 secs Preemption disabled Active router is local Standby router is 172.16.10.4 Priority 150 (configured 150) Group name is hsrp-Vl1-1 (default) Vlan20 - Group 1 (version 2) State is Active 4 state changes, last state change 01:07:31 Virtual IP address is 172.16.20.1 Active virtual MAC address is 0000.0C9F.F001 Local virtual MAC address is 0000.0C9F.F001 (v2 default) Hello time 3 sec, hold time 10 sec Next hello sent in 0.223 secs Preemption enabled Active router is local Standby router is 172.16.20.4 Priority 150 (configured 150) Group name is hsrp-Vl2-1 (default) Vlan30 - Group 1 (version 2) State is Standby 8 state changes, last state change 01:11:35 Virtual IP address is 172.16.30.1 Active virtual MAC address is 0000.0C9F.F001 Local virtual MAC address is 0000.0C9F.F001 (v2 default) Hello time 3 sec, hold time 10 sec Next hello sent in 1.69 secs Preemption enabled Active router is 172.16.30.4, priority 100 (expires in 7 sec) MAC address is 0000.0C9F.F001 Standby router is local Priority 100 (default 100) Group name is hsrp-Vl3-1 (default) Vlan40 - Group 1 (version 2) State is Standby 10 state changes, last state change 01:12:13 Virtual IP address is 172.16.40.1 Active virtual MAC address is 0000.0C9F.F001 Local virtual MAC address is 0000.0C9F.F001 (v2 default) Hello time 3 sec, hold time 10 sec Next hello sent in 1.737 secs Preemption enabled Active router is 172.16.40.4, priority 100 (expires in 7 sec) MAC address is 0000.0C9F.F001 Standby router is local Priority 100 (default 100) Group name is hsrp-Vl4-1 (default)
DLS2#show standby brief P indicates configured to preempt. | Interface Grp Pri P State Active Standby Virtual IP Vl1 1 100 Standby 172.16.1.3 local 172.16.1.1 Vl10 1 100 P Standby 172.16.10.3 local 172.16.10.1 Vl20 1 100 P Standby 172.16.20.3 local 172.16.20.1 Vl30 1 150 P Active local 172.16.30.3 172.16.30.1 Vl40 1 150 P Active local 172.16.40.3 172.16.40.1
3. Verify HSRP Functionaity.
Verify HSRP by disconnecting the trunks to DLS2. You can simulate this using the shutdown command on those interfaces.
DLS2(config)# interface range fastEthernet 0/7 - 12 DLS2(config-if-range)# shutdown Output to the console should reflect DLS1 becoming the active router for VLANs 30 and 40.
1w3d: %HSRP-6-STATECHANGE: Vlan30 Grp 1 state Standby -> Active 1w3d: %HSRP-6-STATECHANGE: Vlan40 Grp 1 state Standby -> Active
DLS1#show standby brief P indicates configured to preempt. | Interface Grp Pri P State Active Standby Virtual IP Vl1 1 150 P Active local 172.16.1.4 172.16.1.1 Vl10 1 150 Active local 172.16.10.4 172.16.10.1 Vl20 1 150 P Active local 172.16.20.4 172.16.20.1 Vl30 1 100 P Active local unknown 172.16.30.1 Vl40 1 100 P Active local unknown 172.16.40.1
Note: If both DLS1 and DLS2 have links to the Internet, failure of either switch will cause HSRP to redirect packets to the other switch. The functioning switch will take over as the default gateway to provide virtually uninterrupted connectivity for hosts at the access layer.
Lab - Hot Standby Router Protocol
标签:
原文地址:http://www.cnblogs.com/elewei/p/4851512.html
