HSRP (Hot Standby Router Protocol) is 是最常用的第一跳冗余协议之一,思科私有的。该协议是在局域网内,当一台路由器出现故障时,可以自动切换到另一台路由器,由另外一台接管。本期龙哥要与大家分享一下,如何在思科IOS上配置HSRP协议。接下来,我讲根据下列拓扑图来部署HSRP。
一、基础配置
首先,我们先配置一下路由器的WAN接口的IP地址,本案例中,两台路由器的WAN接口均为G0/0。
RTR-01#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
RTR-01(config)#
RTR-01(config)#interface gigabitEthernet 0/0
RTR-01(config-if)#ip address 103.21.40.2 255.255.255.252
RTR-01(config-if)#no shutdown
RTR-01(config-if)#exit
RTR-01(config)#
RTR-02#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
RTR-02(config)#
RTR-02(config)#interface gigabitEthernet 0/0
RTR-02(config-if)#ip add 59.152.100.2 255.255.255.0
RTR-02(config-if)#no shutdown
RTR-02(config-if)#exit
RTR-02(config)#
在配置局域网接口时,需要确认一下地址块的掩码,为/29。
接下来,我们就给LAN接口配置一下IP地址,如下:
RTR-01(config)#interface gigabitEthernet 0/1
RTR-01(config-if)#ip address 10.1.1.2 255.255.255.248
RTR-01(config-if)#no shutdown
RTR-02(config)#interface gigabitEthernet 0/1
RTR-02(config-if)#ip add 10.1.1.3 255.255.255.248
RTR-02(config-if)#no shutdown
最后就是本期的关键配置了,我们需要指定一下HSRP的虚拟IP地址、设置一下两台路由器的HSRP的优先级。注意HSRP的相关配置是在LAN接口下配置的。
RTR-01(config)#interface gigabitEthernet 0/1
RTR-01(config-if)#standby 1 ip 10.1.1.1
RTR-01(config-if)#standby 1 priority 250
RTR-01(config-if)#
RTR-02(config)#interface gigabitEthernet 0/1
RTR-02(config-if)#standby 1 ip 10.1.1.1
RTR-02(config-if)#standby 1 priority 150
RTR-02(config-if)#
我们可以使用命令show standby 来查看一下HSRP的相关配置情况:
RTR-01#show standby
GigabitEthernet0/1 - Group 1
State is Active
2 state changes, last state change 00:02:42
Virtual IP address is 10.1.1.1
Active virtual MAC address is 0000.0c07.ac01
Local virtual MAC address is 0000.0c07.ac01 (v1 default)
Hello time 3 sec, hold time 10 sec
Next hello sent in 0.656 secs
Preemption disabled
Active router is local
Standby router is 10.1.1.3, priority 150 (expires in 11.440 sec)
Priority 250 (configured 250)
Group name is "hsrp-Gi0/1-1" (default)
RTR-01#
RTR-02#show standby
GigabitEthernet0/1 - Group 1
State is Standby
1 state change, last state change 00:00:48
Virtual IP address is 10.1.1.1
Active virtual MAC address is 0000.0c07.ac01
Local virtual MAC address is 0000.0c07.ac01 (v1 default)
Hello time 3 sec, hold time 10 sec
Next hello sent in 1.056 secs
Preemption disabled
Active router is 10.1.1.2, priority 250 (expires in 8.928 sec)
Standby router is local
Priority 150 (configured 150)
Group name is "hsrp-Gi0/1-1" (default)
RTR-02#
最后在PC上使用trace看看,丢几个包,验证一下:
C:>tracert -d 8.8.8.8Tracing route to 8.8.8.8 over a maximum of 30 hops
1 123 ms 1 ms 1 ms 10.1.1.2
2 227 ms 1 ms 1 ms 103.21.40.1
3 1 ms 1 ms 3 ms ***********
4 3 ms 4 ms 6 ms ***********
5 3 ms 3 ms 2 ms 8.8.8.8
为了测试流量切换,我们需要关闭RTR-01 中的gigabitEthernet 0/1接口。然后再trace一下。
C:>tracert -d 8.8.8.8Tracing route to 8.8.8.8 over a maximum of 30 hops
1 165 ms 1 ms 1 ms 10.1.1.3
2 227 ms 2 ms 1 ms 59.152.100.1
3 1 ms <1 ms 5 ms ***********
4 2 ms 2 ms 2 ms ***********
5 3 ms 2 ms 3 ms 8.8.8.8
在 RTR-02, 使用show standby 命令 看看HSRP状态变化:
RTR-02#show standby
GigabitEthernet0/1 - Group 1
State is Active
2 state changes, last state change 00:02:10
Virtual IP address is 10.1.1.1
Active virtual MAC address is 0000.0c07.ac01
Local virtual MAC address is 0000.0c07.ac01 (v1 default)
Hello time 3 sec, hold time 10 sec
Next hello sent in 0.672 secs
Preemption disabled(欢迎关注网络工 程师 阿 龙)
Active router is local
Standby router is unknown
Priority 150 (configured 150)
Group name is "hsrp-Gi0/1-1" (default)
RTR-02#
到这来,就是基础配置,接下来跟继续往下看,一起学习高级配置吧!
二、高级配置
接下来,我们将配置一下可选,你就会了解到HSRP还有这么多的功能。
HSRP Preempt(抢占):
如果你想要让一台路由器故障恢复后继续成为主路由器,那么你需要开启抢占功能:
RTR-01(config)#interface gigabitEthernet 0/1
RTR-01(config-if)#standby 1 preempt
RTR-01(config-if)#exit
RTR-01(config)#
RTR-02(config)#interface gigabitEthernet 0/1
RTR-02(config-if)#standby 1 preempt
RTR-02(config-if)#exit
RTR-02(config)#
如果你想要让路由器在抢占之前先等待一段时间,那你们可以使用如下命令:
RTR-01(config-if)#standby 1 preempt delay minimum 60RTR-02(config-if)#
standby 1 preempt delay minimum 60
RTR-01#show standby
GigabitEthernet0/1 - Group 1
State is Init (interface down)
3 state changes, last state change 02:50:43
Virtual IP address is 10.1.1.1
Active virtual MAC address is unknown
Local virtual MAC address is 0000.0c07.ac01 (v1 default)
Hello time 3 sec, hold time 10 sec
Preemption enabled
Active router is unknown
Standby router is unknown
Priority 250 (configured 250)
Group name is "hsrp-Gi0/1-1" (default)
RTR-01#
Standby Track Configuration:
如果你想要监控主机路由器的G0/0接口发生故障时,能切换到备用路由器,那么你可以进行如下配置:
RTR-01#configure terminal
RTR-01(config)#track 1 interface gigabitEthernet 0/0 ip routing
RTR-01(config-track)#exit
RTR-01(config)#
上述,我们先创建一个track,名字为1,用来监控g0/0的状态。
RTR-01(config)#interface gigabitEthernet 0/1
RTR-01(config-if)#standby 1 track 1 decrement 150
RTR-01(config-if)#exit
RTR-01(config)#
当G0/1接口donw时,那么主路由器的HSRP优先级就会被降为100,(250-150=100),因为我们之前已经把主路由器设置为250了。
RTR-01#show standby
GigabitEthernet0/1 - Group 1
State is Init (interface down)
3 state changes, last state change 03:27:46
Virtual IP address is 10.1.1.1
Active virtual MAC address is unknown
Local virtual MAC address is 0000.0c07.ac01 (v1 default)
Hello time 3 sec, hold time 10 sec
Preemption enabled, delay min 60 secs
Active router is unknown
Standby router is unknown
Priority 250 (configured 250)
Track object 1 state Up decrement 150
Group name is "hsrp-Gi0/1-1" (default)
RTR-01#
Load-Balancing with HSRP(实现负载分担):
为了负载分担,我们需要配置两个HSRP组(组数等于路由器数)。这里,对于组 1,RTR-01 由于更高的优先级而处于活动状态。并且,对于组 2,RTR-02 是活动的,具有更高的优先级。
RTR-01#configure terminal
RTR-01(config)#interface gigabitEthernet 0/1
RTR-01(config-if)#ip address 10.1.1.2 255.255.255.0
RTR-01(config-if)#standby 1 ip 10.1.1.1
RTR-01(config-if)#standby 1 priority 150
RTR-01(config-if)#standby 1 preempt
RTR-01(config-if)#standby 2 ip 10.1.1.4
RTR-01(config-if)#standby 2 priority 110
RTR-01(config-if)#standby 2 preempt
RTR-01(config-if)#exit
RTR-01(config)#exit
RTR-01#欢迎关注网络工 程师 阿 龙)
RTR-02#configure terminal
RTR-02(config)#interface gigabitEthernet 0/1
RTR-02(config-if)#ip address 10.1.1.3 255.255.255.0
RTR-02(config-if)#standby 1 ip 10.1.1.1
RTR-02(config-if)#standby 1 priority 110
RTR-02(config-if)#standby 1 preempt
RTR-02(config-if)#standby 2 ip 10.1.1.4
RTR-02(config-if)#standby 2 priority 150
RTR-02(config-if)#standby 2 preempt
RTR-02(config-if)#exit
RTR-02(config)#exit欢迎关注网络工 程师 阿 龙)
RTR-02#
我们可以使用 “show standby” 命令来查看:
RTR-01#show standby
GigabitEthernet0/1 - Group 1
State is Active
4 state changes, last state change 00:00:24
Virtual IP address is 10.1.1.1
Active virtual MAC address is 0000.0c07.ac01
Local virtual MAC address is 0000.0c07.ac01 (v1 default)
Hello time 3 sec, hold time 10 sec
Next hello sent in 0.080 secs
Preemption enabled
Active router is local
Standby router is 10.1.1.3, priority 110 (expires in 11.808 sec)
Priority 150 (configured 150)
Group name is "hsrp-Gi0/1-1" (default)
GigabitEthernet0/1 - Group 2
State is Standby
1 state change, last state change 00:00:16
Virtual IP address is 10.1.1.4
Active virtual MAC address is 0000.0c07.ac02
Local virtual MAC address is 0000.0c07.ac02 (v1 default)
Hello time 3 sec, hold time 10 sec
Next hello sent in 2.080 secs
Preemption enabled
Active router is 10.1.1.3, priority 150 (expires in 11.360 sec)
Standby router is local
Priority 110 (configured 110)
Group name is "hsrp-Gi0/1-2" (default)
RTR-01#欢迎关注网络工 程师 阿 龙)
HSRP Timers
如果要降低切换时间,可以修改一下计时器。默认情况下,hold time为10 秒,即10秒后没收到主路由器发的hello就切换。
RTR-01#show standby
GigabitEthernet0/1 - Group 1
State is Active
1 state change, last state change 00:01:18
Virtual IP address is 10.1.1.1
Active virtual MAC address is 0000.0c07.ac01
Local virtual MAC address is 0000.0c07.ac01 (v1 default)
Hello time 3 sec, hold time 10 sec
Next hello sent in 1.088 secs
Preemption enabled
Active router is local
Standby router is 10.1.1.3, priority 110 (expires in 9.248 sec)
Priority 150 (configured 150)
Group name is "hsrp-Gi0/1-1" (default)
RTR-01#欢迎关注网络工 程师 阿 龙)
接下来,我们试着修改一下:间隔为1秒,hold time 改为3秒:
RTR-01(config)#interface gigabitEthernet 0/1
RTR-01(config-if)#standby 1 timers 1 3
RTR-01(config-if)#end
RTR-01#欢迎关注网络工 程师 阿 龙)
我们再次查看一下:
RTR-01#show standby
GigabitEthernet0/1 - Group 1
State is Active
1 state change, last state change 00:04:07
Virtual IP address is 10.1.1.1
Active virtual MAC address is 0000.0c07.ac01
Local virtual MAC address is 0000.0c07.ac01 (v1 default)
Hello time 1 sec, hold time 3 sec
Next hello sent in 0.368 secs
Preemption enabled
Active router is local
Standby router is 10.1.1.3, priority 110 (expires in 3.120 sec)
Priority 150 (configured 150)
Group name is "hsrp-Gi0/1-1" (default)
RTR-01#欢迎关注网络工 程师 阿 龙)
HSRP Authentication:
为了安全起见,如果你想要在路由器之间做认证,可以进行如下配置:
Plain text(明文)
RTR-02#configure terminal
RTR-02(config)#interface gigabitEthernet 0/1
RTR-01(config-if)#standby 1 authentication cisco
RTR-01(config-if)#欢迎关注网络工 程师 阿 龙)RTR-02#
configure terminal
RTR-02(config)#interface gigabitEthernet 0/1
RTR-02(config-if)#standby 1 authentication cisco
RTR-02(config-if)#
MD5(加密)
RTR-02#configure terminal
RTR-02(config)#interface gigabitEthernet 0/1
RTR-01(config-if)#standby 1 authentication md5 key-string cisco
RTR-01(config-if)#RTR-02#
configure terminal
RTR-02(config)#interface gigabitEthernet 0/1
RTR-02(config-if)#standby 1 authentication md5 key-string cisco
RTR-02(config-if)#
使用“Show standby” 命令查看一下:
RTR-01#show standby
GigabitEthernet0/1 - Group 1
State is Active
1 state change, last state change 00:19:46
Virtual IP address is 10.1.1.1
Active virtual MAC address is 0000.0c07.ac01
Local virtual MAC address is 0000.0c07.ac01 (v1 default)
Hello time 1 sec, hold time 3 sec
Next hello sent in 0.752 secs
Authentication MD5, key-string
Preemption enabled
Active router is local
Standby router is 10.1.1.3, priority 110 (expires in 2.432 sec)
Priority 150 (configured 150)
Group name is "hsrp-Gi0/1-1" (default)
RTR-01#欢迎关注网络工 程师 阿 龙)
Troubleshooting(排查)
如果你遇到HSRP相关问题需要排错,可以参考如下命令,或许能帮助到你,觉得本期文章不错的话,就给龙哥点个赞呀!
-
debug standby errors
-
debug standby events
-
debug standby packets
-
debug standby terse