一、背景介绍
vrrp作为一种常见的虚拟路由冗余协议,工作在应用层,协议号为112,该协议普遍用于各种生产环境中,其工作原理是隐藏多个实际提供服务的网元地址,取而代之使用一个虚拟的地址进行反向代理,所有终端指向反向代理地址,这样即使一台或多台网元故障,反向代理地址依然生效,网元之间通过一个特定的组播地址进行通信 
本章就以2个网元对外提供统一网关地址为例,介绍vrrp的使用。
二、实验拓扑
- PC1和PC2属于vlan和vlan20,SW3为接入层交换机,SW1和SW2是三层交换机与二层交换机SW3之间通过trunk相连
- 3个SW之间使用MSTP,且SW2为instance1的主根,instance2的备根,SW1正好相反
- vlan10跟vlan20的网关地址位于2台三层交换机的svi接口,是一个反向代理地址,且互为主备
三、配置文件
SW1的配置文件
[SW1]display current-configuration # sysname SW1 # undo info-center enable # vlan batch 10 20 # stp instance 1 root secondary stp instance 2 root primary # cluster enable ntdp enable ndp enable # drop illegal-mac alarm # diffserv domain default # stp region-configuration region-name hw revision-level 1 instance 1 vlan 10 instance 2 vlan 20 active region-configuration # drop-profile default # aaa authentication-scheme default authorization-scheme default accounting-scheme default domain default domain default_admin local-user admin password simple admin local-user admin service-type http # interface Vlanif1 # interface Vlanif10 ip address 192.168.10.2 255.255.255.0 vrrp vrid 1 virtual-ip 192.168.10.254 # interface Vlanif20 ip address 192.168.20.2 255.255.255.0 vrrp vrid 2 virtual-ip 192.168.20.254 vrrp vrid 2 priority 150 # interface MEth0/0/1 # interface Ethernet0/0/1 port link-type trunk undo port trunk allow-pass vlan 1 port trunk allow-pass vlan 10 20 # interface Ethernet0/0/2 port link-type trunk undo port trunk allow-pass vlan 1 port trunk allow-pass vlan 10 20SW2的配置文件
[SW2]display current-configuration # sysname SW2 # undo info-center enable # vlan batch 10 20 # stp instance 1 root primary stp instance 2 root secondary # cluster enable ntdp enable ndp enable # drop illegal-mac alarm # diffserv domain default # stp region-configuration region-name hw revision-level 1 instance 1 vlan 10 instance 2 vlan 20 active region-configuration # drop-profile default # aaa authentication-scheme default authorization-scheme default accounting-scheme default domain default domain default_admin local-user admin password simple admin local-user admin service-type http # interface Vlanif1 # interface Vlanif10 ip address 192.168.10.1 255.255.255.0 vrrp vrid 1 virtual-ip 192.168.10.254 vrrp vrid 1 priority 150 # interface Vlanif20 ip address 192.168.20.1 255.255.255.0 vrrp vrid 2 virtual-ip 192.168.20.254 # interface MEth0/0/1 # interface Ethernet0/0/1 port link-type trunk undo port trunk allow-pass vlan 1 port trunk allow-pass vlan 10 20 # interface Ethernet0/0/2 port link-type trunk undo port trunk allow-pass vlan 1 port trunk allow-pass vlan 10 20SW3的配置文件
[SW3]display current-configuration # sysname SW3 # undo info-center enable # vlan batch 10 20 # cluster enable ntdp enable ndp enable # drop illegal-mac alarm # diffserv domain default # stp region-configuration region-name hw revision-level 1 instance 1 vlan 10 instance 2 vlan 20 active region-configuration # drop-profile default # aaa authentication-scheme default authorization-scheme default accounting-scheme default domain default domain default_admin local-user admin password simple admin local-user admin service-type http # interface Vlanif1 # interface MEth0/0/1 # interface Ethernet0/0/1 port link-type trunk undo port trunk allow-pass vlan 1 port trunk allow-pass vlan 10 20 # interface Ethernet0/0/2 port link-type trunk undo port trunk allow-pass vlan 1 port trunk allow-pass vlan 10 20 # interface Ethernet0/0/3 port link-type access port default vlan 10 stp edged-port enable # interface Ethernet0/0/4 port link-type access port default vlan 20 stp edged-port enable此时在SW1的e0/0/1口抓包,SW2的vlanif10正常时,PC1去ping网关流量不会经过该端口,当将SW2的vlanif10端口shutdown,再使用PC1去ping网关在该端口上就能抓到流量
四、注意事项
- vrrp是应用层协议,所以配置时必须在三层以上设备的接口进行配置
- vrrp主网关多与mstp根桥保持一致,以本案为例,SW2是MSTP instance1的根桥,所以vlan10的网关优先选取SW2,原因就是instance1此时在SW3上的e0/0/2接口是阻塞状态,SW1同样道理
- 还可以在端口故障时设置自动降低优先级,该命令使用时默认端口故障条件成立
[SW2-Vlanif10]vrrp vrid 10 track interface Vlanif 10 ? increased Increase priority reduced Reduce priority <cr>
原文地址:https://blog.51cto.com/arkling/2455547
时间: 2024-10-31 11:57:31