HSRP

Cisco 三层交换机上实现HSRP

HSRP是一种Cisco专有协议，它通过在冗余网关之间共享协议和MAC地址，提供了不间断的IP路径冗余。该协议由在两台路由器之间共享的虚

拟MAC地址和虚拟IP地址以及一个通过多波协议对LAN接口和串行接口进行监控的进程组成。HSRP支持将多台路由器用作备用默认网关。

SW1  SW2为两台三层交换机，将SW1和SW2组成一个HSRP组，实现路由器的冗余，首先按拓扑图所示配置IP地址，使用一台交换机来模拟

PC，用一以路由器模拟WEB，在SW1、SW2和WEB之间配置EIGRP协议：

SW1：

• sw1(config-if)#interface fa0/8
• sw1(config-if)#no switchport
• sw1(config-if)#ip address 10.1.1.3 255.255.255.0
• sw1(config-if)#no shutdown
• sw1(config-if)#interface vlan 1
• sw1(config-if)#ip address 10.1.2.3 255.255.255.0
• sw1(config-if)#no shutdown
• sw1(config-if)#exit
• sw1(config)#ip routing
• sw1(config)#router eigrp 100
• sw1(config-router)#network 10.0.0.0
• sw1(config-router)#no auto-summary

SW1：

• sw2(config)#interface fa0/7
• sw2(config-if)#no switchport
• sw2(config-if)#ip address 10.1.1.2 255.255.255.0
• sw2(config-if)#no shutdown
• sw2(config-if)#interface vlan 1
• sw2(config-if)#ip address 10.1.2.2 255.255.255.0
• sw2(config-if)#no shutdown
• sw2(config-if)#exit
• sw2(config)#ip routing
• sw2(config)#router eigrp 100
• sw2(config-router)#network 10.0.0.0
• sw2(config-router)#no auto-summary

WEB：

• WEB(config)#interface fa0/1
• WEB(config-if)#ip address 10.1.1.4 255.255.255.0
• WEB(config-if)#no sh
• WEB(config-if)#exit
• WEB(config)#router eigrp 100
• WEB(config-router)#network 10.0.0.0
• WEB(config-router)#no auto-summary

PC：

• PC(config)#interface vlan 1
• PC(config-if)#ip address 10.1.2.100 255.255.255.0
• PC(config-if)#no shutdown
• PC(config-if)#exit
• PC(config)#ip default-gateway 10.1.2.1

将PC的网关指向了10.1.2.1，这个地址将是HSRP组的虚拟IP地址，下面配置HSRP：

* sw1(config)#interface vlan 1
* sw1(config-if)#standby ip 10.1.2.1
* sw1(config-if)#standby preempt



* sw2(config)#interface vlan 1
* sw2(config-if)#standby ip 10.1.2.1
* sw2(config-if)#standby preempt

（HSRP 应在虚拟接口上配置，配置时应指定虚拟IP地址，参数preempt可以帮助优先级比较高的路由器在故障恢复后重新成为活跃路由器）

查看 HSRP信息：
* sw1#show standby
* Vlan1 - Group 0
* Local state is Active, priority 100, may preempt
* Hellotime 3 sec, holdtime 10 sec
* Next hello sent in 2.728
* Virtual IP address is 10.1.2.1 configured
* Active router is local
* Standby router is unknown
* Virtual mac address is 0000.0c07.ac00
* 2 state changes, last state change 00:00:32
* IP redundancy name is "hsrp-Vl1-0" (default)


* sw2#show standby
* Vlan1 - Group 0
* Local state is Speak, priority 100, may preempt
* Hellotime 3 sec, holdtime 10 sec
* Next hello sent in 1.032
* Virtual IP address is 10.1.2.1 configured
* Active router is 10.1.2.3, priority 100 expires in 7.176
* Standby router is unknown
* 0 state changes, last state change never
* IP redundancy name is "hsrp-Vl1-0" (default)


可以发现两者在默认情况下优先级相同，由于SW1是先初始化的，所以成为了活跃路由器，而SW2是备份路由器。

   在PC上执行trace，查看路由情况：

* PC#trace 10.1.1.4
* Type escape sequence to abort.
* Tracing the route to 10.1.1.4
* 1 10.1.2.3 0 msec 4 msec 0 msec
* 2 10.1.1.4 0 msec 4 msec *

可以看见，数据包是通过目前的活跃路由器SW1转发的。

如果将SW1与PC之间的链路断开，可以发现PC仍然能与 WEB通讯，再次使用trace：

* PC#ping 10.1.1.4
* Type escape sequence to abort.
* Sending 5, 100-byte ICMP Echos to 10.1.1.4, timeout is 2 seconds:
* !!!!!
* Success rate is 100 percent (5/5), round-trip min/avg/max = 1/3/4 ms
* PC#trace 10.1.1.4
* Type escape sequence to abort.
* Tracing the route to 10.1.1.4
* 1 *
* 10.1.2.2 0 msec 0 msec
* 2 10.1.1.4 4 msec 0 msec *

可以看到路径改为通过SW2，而在SW1和SW2上查看HSRP信息：

* sw1#show standby
* Vlan1 - Group 0
* Local state is Init (interface down), priority 100, may preempt
* Hellotime 3 sec, holdtime 10 sec
* Virtual IP address is 10.1.2.1 configured
* Active router is unknown
* Standby router is unknown
* 3 state changes, last state change 00:01:39
* IP redundancy name is "hsrp-Vl1-0" (default)


* sw2#show standby
* Vlan1 - Group 0
* Local state is Active, priority 100, may preempt
* Hellotime 3 sec, holdtime 10 sec
* Next hello sent in 2.954
* Virtual IP address is 10.1.2.1 configured
* Active router is local
* Standby router is Unknown
* Virtual mac address is 0000.0c07.ac00
* 2 state changes, last state change 00:01:07
* IP redundancy name is "hsrp-Vl1-0" (default)


可以看到此时SW1的状态是阻塞，而SW2成为了活跃路由器。
 
将SW1与PC之间的链路恢复，再次查看SW1的 HSRP信息：

* sw1#show standby
* Vlan1 - Group 0
* Local state is Listen, priority 100, may preempt
* Hellotime 3 sec, holdtime 10 sec
* Virtual IP address is 10.1.2.1 configured
* Active router is 10.1.2.2, priority 100 expires in 9.448
* Standby router is unknown
* 3 state changes, last state change 00:02:03
* IP redundancy name is "hsrp-Vl1-0" (default)


复制代码

* sw1#show standby
* Vlan1 - Group 0
* Local state is Speak, priority 100, may preempt
* Hellotime 3 sec, holdtime 10 sec
* Next hello sent in 1.996
* Virtual IP address is 10.1.2.1 configured
* Active router is 10.1.2.2, priority 100 expires in 9.164
* Standby router is unknown
* 3 state changes, last state change 00:02:12
* IP redundancy name is "hsrp-Vl1-0" (default)


* sw1#show standby
* Vlan1 - Group 0
* Local state is Standby, priority 100, may preempt
* Hellotime 3 sec, holdtime 10 sec
* Next hello sent in 1.528
* Virtual IP address is 10.1.2.1 configured
* Active router is 10.1.2.2, priority 100 expires in 7.384
* Standby router is local
* 4 state changes, last state change 00:00:01
* IP redundancy name is "hsrp-Vl1-0" (default)


可以看到SW1经过了监听、发言之后，最终成为了备份路由器。由于SW1和SW2都采用的是默认的优先级100，即使我们配置了抢占（preempt）选项，SW1也无法重新成为活跃路由器。此时，我们可以手工指定SW1的优先级：

* sw1(config)#interface vlan 1
* sw1(config-if)#standby priority 150
* 00:23:25: %STANDBY-6-STATECHANGE: Vlan1 Group 0 state Standby -> Active
* sw1#show standby
* Vlan1 - Group 0
* Local state is Active, priority 150, may preempt
* Hellotime 3 sec, holdtime 10 sec
* Next hello sent in 2.252
* Virtual IP address is 10.1.2.1 configured
* Active router is local
* Standby router is unknown
* Virtual mac address is 0000.0c07.ac00
* 5 state changes, last state change 00:00:03
* IP redundancy name is "hsrp-Vl1-0" (default)


可以看到SW1重新成为了活跃路由器。