ICode9

精准搜索请尝试: 精确搜索
首页 > 其他分享> 文章详细

假装网络工程师6——vrrp使用场景介绍

2019-12-03 10:01:27  阅读:15  来源: 互联网

标签:10 场景 default vlan 假装 vrrp trunk interface port



一、背景介绍

vrrp作为一种常见的虚拟路由冗余协议,工作在应用层,协议号为112,该协议普遍用于各种生产环境中,其工作原理是隐藏多个实际提供服务的网元地址,取而代之使用一个虚拟的地址进行反向代理,所有终端指向反向代理地址,这样即使一台或多台网元故障,反向代理地址依然生效,网元之间通过一个特定的组播地址进行通信
假装网络工程师6——vrrp使用场景介绍
本章就以2个网元对外提供统一网关地址为例,介绍vrrp的使用。

二、实验拓扑

假装网络工程师6——vrrp使用场景介绍

  1. PC1和PC2属于vlan和vlan20,SW3为接入层交换机,SW1和SW2是三层交换机与二层交换机SW3之间通过trunk相连
  2. 3个SW之间使用MSTP,且SW2为instance1的主根,instance2的备根,SW1正好相反
    假装网络工程师6——vrrp使用场景介绍
  3. vlan10跟vlan20的网关地址位于2台三层交换机的svi接口,是一个反向代理地址,且互为主备

    三、配置文件

    SW1的配置文件

    [SW1]display current-configuration 
    #
    sysname SW1
    #
    undo info-center enable
    #
    vlan batch 10 20
    #
    stp instance 1 root secondary
    stp instance 2 root primary
    #
    cluster enable
    ntdp enable
    ndp enable
    #
    drop illegal-mac alarm
    #
    diffserv domain default
    #
    stp region-configuration
    region-name hw
    revision-level 1
    instance 1 vlan 10
    instance 2 vlan 20
    active region-configuration
    #
    drop-profile default
    #
    aaa
    authentication-scheme default
    authorization-scheme default
    accounting-scheme default
    domain default
    domain default_admin
    local-user admin password simple admin
    local-user admin service-type http
    #
    interface Vlanif1
    #
    interface Vlanif10
    ip address 192.168.10.2 255.255.255.0
    vrrp vrid 1 virtual-ip 192.168.10.254
    #
    interface Vlanif20
    ip address 192.168.20.2 255.255.255.0
    vrrp vrid 2 virtual-ip 192.168.20.254
    vrrp vrid 2 priority 150
    #
    interface MEth0/0/1
    #
    interface Ethernet0/0/1
    port link-type trunk
    undo port trunk allow-pass vlan 1
    port trunk allow-pass vlan 10 20
    #
    interface Ethernet0/0/2
    port link-type trunk
    undo port trunk allow-pass vlan 1
    port trunk allow-pass vlan 10 20

    SW2的配置文件

    [SW2]display current-configuration 
    #
    sysname SW2
    #
    undo info-center enable
    #
    vlan batch 10 20
    #
    stp instance 1 root primary
    stp instance 2 root secondary
    #
    cluster enable
    ntdp enable
    ndp enable
    #
    drop illegal-mac alarm
    #
    diffserv domain default
    #
    stp region-configuration
    region-name hw
    revision-level 1
    instance 1 vlan 10
    instance 2 vlan 20
    active region-configuration
    #
    drop-profile default
    #
    aaa
    authentication-scheme default
    authorization-scheme default
    accounting-scheme default
    domain default
    domain default_admin
    local-user admin password simple admin
    local-user admin service-type http
    #
    interface Vlanif1
    #
    interface Vlanif10
    ip address 192.168.10.1 255.255.255.0
    vrrp vrid 1 virtual-ip 192.168.10.254
    vrrp vrid 1 priority 150
    #
    interface Vlanif20
    ip address 192.168.20.1 255.255.255.0
    vrrp vrid 2 virtual-ip 192.168.20.254
    #
    interface MEth0/0/1
    #
    interface Ethernet0/0/1
    port link-type trunk
    undo port trunk allow-pass vlan 1
    port trunk allow-pass vlan 10 20
    #
    interface Ethernet0/0/2
    port link-type trunk
    undo port trunk allow-pass vlan 1
    port trunk allow-pass vlan 10 20

    SW3的配置文件

    [SW3]display current-configuration 
    #
    sysname SW3
    #
    undo info-center enable
    #
    vlan batch 10 20
    #
    cluster enable
    ntdp enable
    ndp enable
    #
    drop illegal-mac alarm
    #
    diffserv domain default
    #
    stp region-configuration
    region-name hw
    revision-level 1
    instance 1 vlan 10
    instance 2 vlan 20
    active region-configuration
    #
    drop-profile default
    #
    aaa
    authentication-scheme default
    authorization-scheme default
    accounting-scheme default
    domain default
    domain default_admin
    local-user admin password simple admin
    local-user admin service-type http
    #
    interface Vlanif1
    #
    interface MEth0/0/1
    #
    interface Ethernet0/0/1
    port link-type trunk
    undo port trunk allow-pass vlan 1
    port trunk allow-pass vlan 10 20
    #
    interface Ethernet0/0/2
    port link-type trunk
    undo port trunk allow-pass vlan 1
    port trunk allow-pass vlan 10 20
    #
    interface Ethernet0/0/3
    port link-type access
    port default vlan 10
    stp edged-port enable
    #
    interface Ethernet0/0/4
    port link-type access
    port default vlan 20
    stp edged-port enable

    此时在SW1的e0/0/1口抓包,SW2的vlanif10正常时,PC1去ping网关流量不会经过该端口,当将SW2的vlanif10端口shutdown,再使用PC1去ping网关在该端口上就能抓到流量

    四、注意事项

  4. vrrp是应用层协议,所以配置时必须在三层以上设备的接口进行配置
  5. vrrp主网关多与mstp根桥保持一致,以本案为例,SW2是MSTP instance1的根桥,所以vlan10的网关优先选取SW2,原因就是instance1此时在SW3上的e0/0/2接口是阻塞状态,SW1同样道理
  6. 还可以在端口故障时设置自动降低优先级,该命令使用时默认端口故障条件成立
    [SW2-Vlanif10]vrrp vrid 10 track interface Vlanif 10 ?
    increased  Increase priority
    reduced    Reduce priority
    <cr>       


标签:10,场景,default,vlan,假装,vrrp,trunk,interface,port
来源: https://blog.51cto.com/arkling/2455547

专注分享技术,共同学习,共同进步。侵权联系[admin#icode9.com]

Copyright (C)ICode9.com, All Rights Reserved.

ICode9版权所有