标签:10 场景 default vlan 假装 vrrp trunk interface port
一、背景介绍
vrrp作为一种常见的虚拟路由冗余协议,工作在应用层,协议号为112,该协议普遍用于各种生产环境中,其工作原理是隐藏多个实际提供服务的网元地址,取而代之使用一个虚拟的地址进行反向代理,所有终端指向反向代理地址,这样即使一台或多台网元故障,反向代理地址依然生效,网元之间通过一个特定的组播地址进行通信
本章就以2个网元对外提供统一网关地址为例,介绍vrrp的使用。
二、实验拓扑
- PC1和PC2属于vlan和vlan20,SW3为接入层交换机,SW1和SW2是三层交换机与二层交换机SW3之间通过trunk相连
- 3个SW之间使用MSTP,且SW2为instance1的主根,instance2的备根,SW1正好相反
- vlan10跟vlan20的网关地址位于2台三层交换机的svi接口,是一个反向代理地址,且互为主备
三、配置文件
SW1的配置文件
[SW1]display current-configuration # sysname SW1 # undo info-center enable # vlan batch 10 20 # stp instance 1 root secondary stp instance 2 root primary # cluster enable ntdp enable ndp enable # drop illegal-mac alarm # diffserv domain default # stp region-configuration region-name hw revision-level 1 instance 1 vlan 10 instance 2 vlan 20 active region-configuration # drop-profile default # aaa authentication-scheme default authorization-scheme default accounting-scheme default domain default domain default_admin local-user admin password simple admin local-user admin service-type http # interface Vlanif1 # interface Vlanif10 ip address 192.168.10.2 255.255.255.0 vrrp vrid 1 virtual-ip 192.168.10.254 # interface Vlanif20 ip address 192.168.20.2 255.255.255.0 vrrp vrid 2 virtual-ip 192.168.20.254 vrrp vrid 2 priority 150 # interface MEth0/0/1 # interface Ethernet0/0/1 port link-type trunk undo port trunk allow-pass vlan 1 port trunk allow-pass vlan 10 20 # interface Ethernet0/0/2 port link-type trunk undo port trunk allow-pass vlan 1 port trunk allow-pass vlan 10 20
SW2的配置文件
[SW2]display current-configuration # sysname SW2 # undo info-center enable # vlan batch 10 20 # stp instance 1 root primary stp instance 2 root secondary # cluster enable ntdp enable ndp enable # drop illegal-mac alarm # diffserv domain default # stp region-configuration region-name hw revision-level 1 instance 1 vlan 10 instance 2 vlan 20 active region-configuration # drop-profile default # aaa authentication-scheme default authorization-scheme default accounting-scheme default domain default domain default_admin local-user admin password simple admin local-user admin service-type http # interface Vlanif1 # interface Vlanif10 ip address 192.168.10.1 255.255.255.0 vrrp vrid 1 virtual-ip 192.168.10.254 vrrp vrid 1 priority 150 # interface Vlanif20 ip address 192.168.20.1 255.255.255.0 vrrp vrid 2 virtual-ip 192.168.20.254 # interface MEth0/0/1 # interface Ethernet0/0/1 port link-type trunk undo port trunk allow-pass vlan 1 port trunk allow-pass vlan 10 20 # interface Ethernet0/0/2 port link-type trunk undo port trunk allow-pass vlan 1 port trunk allow-pass vlan 10 20
SW3的配置文件
[SW3]display current-configuration # sysname SW3 # undo info-center enable # vlan batch 10 20 # cluster enable ntdp enable ndp enable # drop illegal-mac alarm # diffserv domain default # stp region-configuration region-name hw revision-level 1 instance 1 vlan 10 instance 2 vlan 20 active region-configuration # drop-profile default # aaa authentication-scheme default authorization-scheme default accounting-scheme default domain default domain default_admin local-user admin password simple admin local-user admin service-type http # interface Vlanif1 # interface MEth0/0/1 # interface Ethernet0/0/1 port link-type trunk undo port trunk allow-pass vlan 1 port trunk allow-pass vlan 10 20 # interface Ethernet0/0/2 port link-type trunk undo port trunk allow-pass vlan 1 port trunk allow-pass vlan 10 20 # interface Ethernet0/0/3 port link-type access port default vlan 10 stp edged-port enable # interface Ethernet0/0/4 port link-type access port default vlan 20 stp edged-port enable
此时在SW1的e0/0/1口抓包,SW2的vlanif10正常时,PC1去ping网关流量不会经过该端口,当将SW2的vlanif10端口shutdown,再使用PC1去ping网关在该端口上就能抓到流量
四、注意事项
- vrrp是应用层协议,所以配置时必须在三层以上设备的接口进行配置
- vrrp主网关多与mstp根桥保持一致,以本案为例,SW2是MSTP instance1的根桥,所以vlan10的网关优先选取SW2,原因就是instance1此时在SW3上的e0/0/2接口是阻塞状态,SW1同样道理
- 还可以在端口故障时设置自动降低优先级,该命令使用时默认端口故障条件成立
[SW2-Vlanif10]vrrp vrid 10 track interface Vlanif 10 ? increased Increase priority reduced Reduce priority <cr>
标签:10,场景,default,vlan,假装,vrrp,trunk,interface,port 来源: https://blog.51cto.com/arkling/2455547
本站声明: 1. iCode9 技术分享网(下文简称本站)提供的所有内容,仅供技术学习、探讨和分享; 2. 关于本站的所有留言、评论、转载及引用,纯属内容发起人的个人观点,与本站观点和立场无关; 3. 关于本站的所有言论和文字,纯属内容发起人的个人观点,与本站观点和立场无关; 4. 本站文章均是网友提供,不完全保证技术分享内容的完整性、准确性、时效性、风险性和版权归属;如您发现该文章侵犯了您的权益,可联系我们第一时间进行删除; 5. 本站为非盈利性的个人网站,所有内容不会用来进行牟利,也不会利用任何形式的广告来间接获益,纯粹是为了广大技术爱好者提供技术内容和技术思想的分享性交流网站。