华三 h3c vrrp和监视端口配置
作者:互联网
Vrrp配置
[SWA]vlan 10
[SWA-vlan10]po g1/0/1-----将端口0/1划入到vlan10中去
[SWA-vlan10]qu
[SWA]vlan 20
[SWA-vlan20]po g1/0/2-------将端口0/2划入到vlan20中去
[SWA-vlan20]qu
[SWA]int ran g1/0/3 to g1/0/4
[SWA-if-range]port link-ty tr
[SWA-if-range]port trunk permit vlan 1 10 20-----与交换机相连的设置为trunk口,并且允许相应的vlan通过。安全起见,不建议直接允许所有的vlan通过,
[SWB]int ran g1/0/2 to g1/0/3-----与交换机相连的端口为trunk口,允许相应的vlan通过
[SWB-if-range]port link-type tr
[SWB-if-range]po tr per vl 1 10 20
[SWB]vlan 10
[SWB-vlan10]int vlan 10
[SWB-Vlan-interface10]ip address 192.168.10.252 24-----vlan10的真实IP地址,注意相同的vlan的IP地址必须是同一网段,并且vrrp的IP真实地址必须有,不然vrrp组不能建立成功。
[SWB-Vlan-interface10]vrrp vrid 10 virtual-ip 192.168.10.254-----vrrp组的虚拟IP地址,也就是真正的vlan10网关
[SWB-Vlan-interface10]vrrp vrid 10 priority 120—设置SWB为vlan10的主网关,通过修改优先级实现,默认是100
[SWB]vlan 20
[SWB-vlan20]int vlan 20
[SWB-Vlan-interface20]ip address 192.168.20.252 24
[SWB-Vlan-interface20]vrrp vrid 20 virtual-ip 192.168.20.254----vlan20的备份网关。
[SWC]int ran g1/0/3 to g1/0/4
[SWC-if-range]p l t
[SWC-if-range]port trunk permit vlan 1 10 20
[SWC]vlan 10
[SWC-vlan10]int vlan 10
[SWC-Vlan-interface10]ip ad 192.168.10.253 24
[SWC-Vlan-interface10]vrrp vrid 10 virtual-ip 192.168.10.254-----vlan10的备份网关
[SWC]vlan 20
[SWC-vlan20]int vlan 20
[SWC-Vlan-interface20]ip address 192.168.20.253 24
[SWC-Vlan-interface20]vrrp vrid 20 virtual-ip 192.168.20.254
[SWC-Vlan-interface20]vrrp vrid 20 priority 120--------vlan20的主网关
使用dis vrrp可以查看vrrp组的信息
[SWC]dis vrrp
IPv4 Virtual Router Information:
Running mode : Standard
Total number of virtual routers : 2
Interface VRID State Running Adver Auth Virtual
Pri Timer Type IP
---------------------------------------------------------------------
Vlan10 10 Backup 100 100 None 192.168.10.254
Vlan20 20 Master 120 100 None 192.168.20.254
Vrrp的主份组在正常情况下只能对自身设备进行网关冗余,一旦上行链路出现问题或路由不可达,不能及时发现,主网关依然会继续工作,造成网络故障。解决办法有两种。一:是在vrrp组的主网关上设置监视端口,用来监视上行端口,如果上行端口down可以及时切换主备份网关,二:可以监视上行端口的路由可达性来进行网关的切换。
方法一:
[SWB]track 1 int g1/0/1
[SWB]int vlan 10
[SWB-Vlan-interface10]vr vr 10 track 1 priority reduced 30
[SWC]track 1 int g 1/0/2----------创建监视端口
[SWC]int vlan 20
[SWC-Vlan-interface20]vrrp vrid 20 track 1 priority reduced 30---在主网关设备上应用监视端口要注意优先级的减少要合适,要使得减少后的主网关优先级小于备份网关。这里面我设置的主网关优先级是120,备份的是默认100,所以我减少的优先级为30,一旦出现故障,主网关的优先级为90,备份网关机就可以抢占成为主网关。
此时我人为的把SWB的上行1/0/1端口关闭,在去检查vrrp组状态,会发现,此时SWB成为了vlan10的备份网关,SWC为vlan10的主网关
[SWB]dis vr
IPv4 Virtual Router Information:
Running mode : Standard
Total number of virtual routers : 2
Interface VRID State Running Adver Auth Virtual
Pri Timer Type IP
---------------------------------------------------------------------
Vlan10 10 Backup 90 100 None 192.168.10.254
Vlan20 20 Backup 100 100 None 192.168.20.254
第二种监视路由可达需要先保证网络连通,这里我使用的是rip协议(虽然现在基本不怎么用这个协议了)
[SWB-GigabitEthernet1/0/1]port link-mode route--------将交换机与路由器相连的端口类型改为三层接口
[SWB-GigabitEthernet1/0/1]ip address 10.0.0.1 30
[SWB]rip 1
[SWB-rip-1]network 192.168.10.0------宣告自己的直连网段
[SWB-rip-1]network 192.168.20.0
[SWB-rip-1]network 10.0.0.0
[SWC-GigabitEthernet1/0/2]port link-mode route
[SWC-GigabitEthernet1/0/2]ip address 10.1.0.1 30
[SWC]rip
[SWC-rip-1]network 192.168.10.0
[SWC-rip-1]network 192.168.20.0
[SWC-rip-1]network 10.1.0.0
[SWD]int g 0/1
[SWD-GigabitEthernet0/1]ip ad 10.0.0.2 30
[SWD-GigabitEthernet0/1]int g 0/2
[SWD-GigabitEthernet0/2]ip ad 10.1.0.2 30
[SWD]rip
[SWD-rip-1]network 10.1.0.0
[SWD-rip-1]network 10.0.0.0
此时查看路由表,会发现都学习到全网的路由信息了。
此时我在SWB、SWC上设置监视上行路由可达的监视端口2
[SWB]track 2 ip route 10.0.0.0 30 reachability---------监视到达SWD的路由可达性
[SWB]int vlan 10
[SWB-Vlan-interface10]vrrp vrid 10 track 2 priority reduced 30
[SWC]track 2 ip route 10.1.0.0 30 reachability-------监视到达SWD的路由可达性
[SWC]int vlan 20
[SWC-Vlan-interface20]vrrp vrid 20 track 2 priority reduced 30
测试结果也可以用抓包软件来抓相应链路上的报文去验证自己的vrrp切换主备份。
标签:华三,网关,vlan,20,SWC,SWB,vrrp,端口配置 来源: https://blog.csdn.net/m0_49686750/article/details/112061380