H3C交换机综合主备备份模式的VRRP应用示例
怎么在交换机上配置VRRP、arp和MSTP
全是锐捷的命令采用生成树协议只能做到链路级备份,无法做到网关级备份.MSTP与VRRP结合可以同时做到链路备份与网关级备份,极大地提高了网络的健壮性.配置要求:vlan 10以SW1为根桥,并且相应的VRRP Master也在SW1上, vlan 20以SW2为根桥,并且相应的VRRP Master也在SW2上。
配置VRRP+MSTP的重要原则是:在进行MSTP和VRRP结合配置使用时,需要注意的就是保持各VLAN的根桥与各自的VRRP Master需要保持在同一台三层交换机上。
SW1相关配置spanning-treespanning-tree mst configurationinstance 1 vlan 10instance 2 vlan 20name testrevision 1!spanning-tree mst 0 priority 4096 (设置SW1的实例1优先级最高,手动指定实例1的根桥为SW1)spanning-tree mst 1 priority 4096 (设置SW1的实例1优先级最高,手动指定实例1的根桥为SW1)spanning-tree mst 2 priority 8192interface FastEthernet 0/1switchport mode trunkinterface FastEthernet 0/2switchport mode trunkinterface Vlan 10(设置SW1上VLAN10的VRRP的优先级为150,高于默认的100-SW2上的VLAN10的VRRP优先级为100)ip address 192.168.10.2 255.255.255.0standby 10 ip 192.168.10.1standby 10 priority 150!interface Vlan 20ip address 192.168.20.3 255.255.255.0standby 20 ip 192.168.20.1SW2相关配置spanning-treespanning-tree mst configurationinstance 1 vlan 10instance 2 vlan 20name testrevision 1!spanning-tree mst 0 priority 8192spanning-tree mst 1 priority 8192spanning-tree mst 2 priority 4096 (设置SW1的实例1优先级最高,手动指定实例1的根桥为SW1)interface FastEthernet 0/1switchport mode trunkinterface FastEthernet 0/2switchport mode trunkinterface Vlan 10ip address 192.168.10.3 255.255.255.0standby 10 ip 192.168.10.1!interface Vlan 20(设置SW1上VLAN10的VRRP的优先级为150,高于默认的100)ip address 192.168.20.2 255.255.255.0standby 20 ip 192.168.20.1standby 20 priority 150SW3相关配置spanning-treespanning-tree mst configurationinstance 1 vlan 10instance 2 vlan 20name testrevision 1!interface fastEthernet 0/1switchport mode trunkinterface fastEthernet 0/2switchport mode trunkVRRP协议状态检查SW1#sh standbyIf Group State Priority Preempt Interval Virtual IP Auth ------- ----- ------ -------- ------- -------- --------------- -------- VL10 10 master 150 may 1 192.168.10.1VL20 20 backup 100 may 1 192.168.20.1SW2#sh standbyIf Group State Priority Preempt Interval Virtual IP Auth ------- ----- ------ -------- ------- -------- --------------- -------- VL10 10 backup 100 may 1 192.168.10.1VL20 20 master 150 may 1 192.168.20.1生成树协议状态检查实例1的根桥在SW1上,实例2的根桥在SW2上。
H3C路由器实现VRRP协议-电脑资料
H3C路由器实现VRRP协议-电脑资料VRRP(Virtual Router Redundancy Protocol,虚拟路由冗余协议)是一种容错协议,通过物理设备和逻辑设备的分离,很好的实现了路由线路的备份功能! VRRP将局域网的一组路由器构成了一个备份组,相当于一台虚拟路由器, 局域网内的主机将自己的缺省路由下一跳设置为该虚拟路由器的IP地址. 网络中的主机通过这个虚拟路由器与其他网络进行通信.本实验拓补图如下:本实验利用路由器实现vlan10, 20间的通信, 并且路由器R9,R12 相互备份. 图中SW1 SW2 实现链路聚合. 同时在SW1,SW2,SW3 上启用gvrp协议实现vlan间的同步SW1 配置如下:[sw1]gvrpPlease wait........................................... Done.[sw1]int e1/0/11[sw1-Ethernet1/0/11]port link-type trunk ----------设置e1/0/11为 trunk[sw1-Ethernet1/0/11]port trunk permit vlan all ---------- 允许所有vlan通过Please wait........................................... Done.[sw1]int e1/0/16[sw1-Ethernet1/0/11]port link-type trunk[sw1-Ethernet1/0/11]port trunk permit vlan allPlease wait........................................... Done.[sw1]int e1/0/11[sw1-Ethernet1/0/11]port link-type trunk[sw1-Ethernet1/0/11]port trunk permit vlan allPlease wait........................................... Done.[sw1-Ethernet1/0/11]gvrpGVRP is enabled on port Ethernet1/0/11.[sw1]link-aggregation group 1 mode manual ----------添加聚合组 1[sw1]int e1/0/13[sw1-Ethernet1/0/13]port link-type trunk[sw1-Ethernet1/0/13]port trunk permit vlan allPlease wait........................................... Done.[sw1-Ethernet1/0/13]gvrpGVRP is enabled on port Ethernet1/0/13 ----------添加到聚合组 1[sw1-Ethernet1/0/13]port link-aggregation group 1[sw1]int e1/0/15[sw1-Ethernet1/0/15]port link-type trunk[sw1-Ethernet1/0/15]port trunk permit vlan allPlease wait........................................... Done.[sw1-Ethernet1/0/15]gvrpGVRP is enabled on port Ethernet1/0/15.[sw1-Ethernet1/0/15]port link-aggregation group 1 ----------添加到聚合组 1SW2 配置如下:[sw2]gvrpPlease wait........................................... Done.[sw2]link-aggregation group 1 mode manual[sw2]int e1/0/13[sw2-Ethernet1/0/13]port link-type trunk[sw2-Ethernet1/0/13]port trunk permit vlan allPlease wait........................................... Done.[sw2-Ethernet1/0/13]gvrpGVRP is enabled on port Ethernet1/0/13.[sw2-Ethernet1/0/13]port link-aggregation group 1 [sw2]int e1/0/15[sw2-Ethernet1/0/15]port link-type trunk[sw2-Ethernet1/0/15]port trunk permit vlan all [sw2-Ethernet1/0/15]gvrpGVRP is enabled on port Ethernet1/0/15.Please wait........................................... Done.[sw2-Ethernet1/0/15]port link-aggregation group 1 [sw2]vlan 10[sw2-vlan10]port e1/0/4[sw2]vlan 20[sw2-vlan20]port e1/0/6SW3 配置如下:[sw3]gvrpPlease wait........................................... Done.[sw3]int e1/0/11[sw3-Ethernet1/0/11]port link-type trunk[sw3-Ethernet1/0/11]port trunk permit vlan all [sw3-Ethernet1/0/11]gvrpGVRP is enabled on port Ethernet1/0/11.Please wait........................................... Done.。
基础协议最佳配置实践之VRRP
第1页, 共8页杭州华三通信技术有限公司广州办事处 24小时热线: 800 810 0504 400 810 0504基本协议最佳配置实践之VRRP说明:H3C广州办推出的《最佳实践》系列文档,主要根据技术工程师实践工作经验积累及日常问题处理的经验,提出的在网络系统规划设计、设备安装调试及组网配置等方面提供的最佳实践。
最佳实践中涉及的相关网络协议的配置为部分基本配置,该配置中包含规范性配置、网络连通配置和优化配置建议等。
最佳配置实践的目的旨在指导网络实施工程师对H3C产品进行设备开局快速配置,同时实现配置的优化和遵循H3C相关规范,确保网络工程项目的高质量,从稳定性、可靠性、冗余性和可维护性、工程规范性、网上问题处理等方面提供实施指导。
第2页, 共8页1VRRP设计原则1.1Master设计原则VRRP中的Master和Backup设计必须与MSTP生成树的Instance实例的主根和备根一一对应;如果网络中流量不大,建议设计成一台全部为Master,另一台为Backup的组网形式;1.2VRRP的心跳报文路径设计原则VRRP报文的心跳报文建议设计在两台交换机之间,尽量不要通过第三者进行交互。
1.3VRRP VRID设计原则不同的VLAN必须对应不同的VRID,不允许不同VLAN对应相同的VRID;VRID设计尽量与VLAN号有对应的关系,以便理解和阅读;1.4VRRP报文通告时间间隔设计原则Master路由器会定时发送VRRP通告报文,通知备份组内的路由器自己工作正常,默认通告时间为1s;建议每10组VRRP组的通告时间相同:组1-组10为1s;组11至组20为3s;组21-组30为5s;……1.5VRRP抢占方式设计原则当Master设备故障或者重启恢复后,VRRP抢占导致网络中断时间减小,建议修改VRRP抢占延迟大于路由、STP等收敛时间,建议配置成抢占时延时间为20s;第3页, 共8页vrrp vrid 10 preempt-mode timer delay 20如果Master配置了监控上联链路,当上联链路故障,Master优先级降低,Backup设备可以抢占成为Master,为了避免频繁地进行状态切换,建议配置抢占延迟时间为5秒。
VRRP路由冗余备份
目录第1章路由冗余备份..............................................................................................................1-11.1 VRRP简介..........................................................................................................................1-11.1.1 单机缺省路由...........................................................................................................1-11.1.2 VRRP介绍...............................................................................................................1-11.2 SecPath防火墙上的路由冗余备份实现..............................................................................1-21.2.1 传统VRRP在SecPath备份实现上的不足.................................................................1-31.2.2 VGMP介绍...............................................................................................................1-41.2.3 备份方式分类...........................................................................................................1-91.2.4 混合模式下的路由冗余备份...................................................................................1-121.3 VRRP备份组配置.............................................................................................................1-131.3.1 配置备份组的虚拟IP地址.......................................................................................1-131.3.2 配置备份组的优先级..............................................................................................1-141.3.3 配置备份组的抢占方式和延迟时间........................................................................1-151.3.4 配置备份组的认证方式及认证字............................................................................1-161.3.5 配置备份组的定时器..............................................................................................1-171.3.6 配置监视指定接口状态..........................................................................................1-181.3.7 配置检测VRRP报文的TTL.....................................................................................1-181.4 VRRP管理组配置.............................................................................................................1-191.4.1 创建VRRP管理组..................................................................................................1-191.4.2 启动VRRP管理组功能...........................................................................................1-201.4.3 配置向VRRP管理组添加备份组.............................................................................1-201.4.4 配置VRRP管理组优先级.......................................................................................1-211.4.5 配置VRRP管理组抢占功能....................................................................................1-231.4.6 配置VRRP管理组Hello报文的发送间隔.................................................................1-231.4.7 配置VRRP管理组的报文群发标志.........................................................................1-241.4.8 配置vlan所属的VGMP组号(混合模式下)..........................................................1-241.4.9 配置允许备机转发业务(混合模式下).................................................................1-251.5 路由冗余备份的显示和调试..............................................................................................1-251.6 路由冗余备份的典型配置举例..........................................................................................1-261.6.1 使用VRRP管理组的主备备份组网.........................................................................1-261.6.2 使用VRRP管理组的负载分担组网.........................................................................1-281.6.3 混合模式下的使用VRRP管理组的主备备份组网...................................................1-301.6.4 混合模式下的使用VRRP管理组的主备备份组网...................................................1-311.7 路由冗余备份的常见故障诊断与排除...............................................................................1-32第2章双机热备份..................................................................................................................2-12.1 双机热备份简介..................................................................................................................2-12.1.1 HRP介绍..................................................................................................................2-12.1.2 VRRP备份组、管理组和HRP之间的协议层次关系.................................................2-22.1.3 混合模式下的双机热备份.........................................................................................2-32.2 双机热备份配置..................................................................................................................2-32.2.1 启动双机热备份.......................................................................................................2-42.2.2 启动自动备份...........................................................................................................2-52.2.3 配置手工批量备份....................................................................................................2-62.2.4 配置备份会话表的通道接口.....................................................................................2-62.3 双机热备份的显示和调试...................................................................................................2-72.4 双机热备份的典型组网.......................................................................................................2-72.4.1 路由模式下的双机热备份典型组网..........................................................................2-72.4.2 混合模式下的双机热备份组网.................................................................................2-82.5 双机热备份常见故障诊断与排除........................................................................................2-9第1章路由冗余备份1.1 VRRP简介1.1.1 单机缺省路由通常,内部网络的主机都配置一条缺省路由,下一跳为出口路由器的接口IP地址(如图1-1所示10.100.10.1),这样内部网络各主机访问外部网络的所有报文将都被首先发送到出口路由器RouterA,然后由RouterA进行报文转发,从而实现内部主机和外部网络之间的通信:10.100.10.0/24图1-1采用缺省路由的组网采用缺省路由方式,由于出口路由器仅有一台,当出口路由器RouterA发生故障时,内部网络中所有以RouterA为缺省路由下一跳的主机与外部网络之间的通讯将中断,通讯可靠性无法保证。
VRRP命令
目录
目录
第 1 章 VRRP配置命令 ...........................................................................................................1-1
Vlan100
1 Master
100
1
NONE
10.10.10.2
# 显示全部备份组的详细信息。
<Sysname> display vrrp verbose
IPv4 Standby Information:
Run Method
ቤተ መጻሕፍቲ ባይዱ
: VIRTUAL-MAC
Virtual IP Ping : Enable
Track Object : 1
Track Object : 2
Virtual IP
: 10.10.10.2
Virtual MAC
: 0000-5e00-0101
Master IP
: 10.10.10.1
Adver. Timer State Run Pri Delay Time
Pri Reduced Pri Reduced Switchover
switchavrrppingenablevrrp虚地址可以被ping创建vrrp组1虚拟网关为1921681001switchavlaninterface10vrrpvridvirtualip1921681001设置vrrp组优先级为120缺省为100switchavlaninterface10vrrpvridpriority120设置为抢占模式switchavlaninterface10vrrpvrid设置监控端口为为interfacevlan20如果端口down掉优先级降低30switchavlaninterface10vrrpvridtrackvlaninterface20reduced30设定虚拟ip得知可以使用ping命令pingvrrppingenable设定虚拟ip地址不可以使用ping命令pingundovrrppingenable设置取消检查vrrp报文的ttlvrrpuncheckttl设置恢复vrrp报文的ttlundovrrpuncheckttl设置虚拟ip地址和mac地址的对应关系vrrpmethodrealmacvirtualmac设置虚拟ip地址和mac地址的对应关系为缺省值undovrrpmethod添加虚拟ip地址vrrpvridvirtualrouteridvirtualipvirtualaddress删除虚拟ip地址undovrrpvridvirtualrouteridvirtualipvirtualaddress设置备份组的优先级vrrpvridvirtualrouteridprioritypriority取消备份组的优先级undovrrpvridvirtualrouteridpriority设置备份组的抢占方式和延迟时间vrrpvridvirtualrouteridpreemptmodetimerdelaydelayvalue取消备份组的抢占方式undovrrpvridvirtualrouteridpreemptmode设置认证和认证字vrrpvridvirtualrouteridauthenticationmodemd5simplekey取消设置认证和认证字undovrrpvridvirtualrouteridauthenticationmode设置vrrp定时器vrrpvirtualrouteridtimeradvertiseadverinterval恢复vrrp定
H3C 6506VRRP-1
讨论两台65作vrrp的案例案例:两台65通过千兆光纤互连,端口在vlan2下上面接内部服务器(两台服务器作集群,每台服务器只和一台65相连),端口在vlan2下(单独一个vlan)下面为每个楼层有一台交换机3026c通过两条光纤分别连到两台6506上,这样的楼层又5层上联都是做的trunk,不同的楼层交换机可能有相同的vlan,每个vlan在不同的网段内请朋友指导配置是否存在不妥之处!谢谢!~~6506A#sysname s6506A#local-server nas-ip 127.0.0.1 key huawei#domain default enable system#temperature-limit 0 10 70temperature-limit 2 10 70#poe power max-value 2400#link-aggregation group 1 mode manual#vrrp ping-enable#radius scheme systemprimary authentication 127.0.0.1 1645primary accounting 127.0.0.1 1646user-name-format without-domain#domain systemvlan-assignment-mode integeraccess-limit disablestate activeidle-cut disableself-service-url disablemessenger time disable#stp TC-protection enable#vlan 1#vlan 2#vlan 3#vlan 4#vlan 5#vlan 6#vlan 7#vlan 8#vlan 9#vlan 10#interface Vlan-interface1ip address 172.16.100.1 255.255.255.0 #interface Vlan-interface2ip address 172.16.1.254 255.255.255.0 #interface Vlan-interface3ip address 172.16.2.2 255.255.255.0vrrp vrid 3 priority 110vrrp vrid 3 preempt-mode timer delay 2 #interface Vlan-interface4ip address 172.16.3.2 255.255.255.0 vrrp vrid 4 virtual-ip 172.16.3.1vrrp vrid 4 priority 110vrrp vrid 4 preempt-mode timer delay 2 #interface Vlan-interface5ip address 172.16.4.2 255.255.255.0 vrrp vrid 5 virtual-ip 172.16.4.1vrrp vrid 5 priority 110vrrp vrid 5 preempt-mode timer delay 2 #interface Vlan-interface6ip address 172.16.5.2 255.255.255.0 vrrp vrid 6 virtual-ip 172.16.5.1vrrp vrid 6 priority 110vrrp vrid 6 preempt-mode timer delay 2 #interface Vlan-interface7ip address 172.16.6.2 255.255.255.0 vrrp vrid 7 virtual-ip 172.16.6.1vrrp vrid 7 priority 110vrrp vrid 7 preempt-mode timer delay 2 #interface Vlan-interface8ip address 172.16.7.2 255.255.255.0 vrrp vrid 8 virtual-ip 172.16.7.1vrrp vrid 8 priority 110vrrp vrid 8 preempt-mode timer delay 2 #interface Vlan-interface9ip address 172.16.8.2 255.255.255.0vrrp vrid 9 priority 110vrrp vrid 9 preempt-mode timer delay 2 #interface Vlan-interface10ip address 172.16.9.2 255.255.255.0 vrrp vrid 10 virtual-ip 172.16.9.1vrrp vrid 10 priority 110vrrp vrid 10 preempt-mode timer delay 2 #interface Aux0/0/0#interface M-Ethernet0/0/0#interface GigabitEthernet0/0/1#interface GigabitEthernet0/0/2#interface GigabitEthernet0/0/3#interface GigabitEthernet0/0/4#interface GigabitEthernet2/0/1port link-type trunkport trunk permit vlan all#interface GigabitEthernet2/0/2port link-type trunkport trunk permit vlan all#interface GigabitEthernet2/0/3port link-type trunkport trunk permit vlan all#interface GigabitEthernet2/0/4port link-type trunkport trunk permit vlan all#interface GigabitEthernet2/0/5 port link-type trunkport trunk permit vlan all#interface GigabitEthernet2/0/6 port link-type trunkport trunk permit vlan all#interface GigabitEthernet2/0/7 port link-type trunkport trunk permit vlan all#interface GigabitEthernet2/0/8 port access vlan 2#interface GigabitEthernet2/0/9 port access vlan 2#interface GigabitEthernet2/0/10 port access vlan 2#interface GigabitEthernet2/0/11 #interface GigabitEthernet2/0/12 #interface GigabitEthernet2/0/13 #interface GigabitEthernet2/0/14 #interface GigabitEthernet2/0/15 #interface GigabitEthernet2/0/16 #interface GigabitEthernet2/0/17#interface GigabitEthernet2/0/18#interface GigabitEthernet2/0/19port access vlan 2port link-aggregation group 1#interface GigabitEthernet2/0/20port access vlan 2port link-aggregation group 1#interface NULL0#ospf 1import-route directarea 0.0.0.0network 172.16.1.0 0.0.0.255#snmp-agentsnmp-agent local-engineid 800007DB000FE218CC346877 snmp-agent community read publicsnmp-agent community write yantaisnmp-agent sys-info version all6506Bdis cu#sysname s6506B#local-server nas-ip 127.0.0.1 key huawei#domain default enable system#temperature-limit 0 10 70temperature-limit 2 10 70#poe power max-value 2400#link-aggregation group 1 mode manual #vrrp ping-enable#radius scheme systemprimary authentication 127.0.0.1 1645 primary accounting 127.0.0.1 1646 user-name-format without-domain#domain systemvlan-assignment-mode integeraccess-limit disablestate activeidle-cut disableself-service-url disablemessenger time disable#stp TC-protection enable#vlan 1#vlan 2#vlan 3#vlan 4#vlan 5#vlan 6#vlan 7#vlan 8#vlan 9#vlan 10#interface Vlan-interface1ip address 172.16.100.2 255.255.255.0 #interface Vlan-interface2ip address 172.16.1.253 255.255.255.0 #interface Vlan-interface3ip address 172.16.2.3 255.255.255.0 vrrp vrid 3 virtual-ip 172.16.2.1 vrrp vrid 3 priority 110#interface Vlan-interface4ip address 172.16.3.3 255.255.255.0 vrrp vrid 4 virtual-ip 172.16.3.1 vrrp vrid 4 priority 110#interface Vlan-interface5ip address 172.16.4.3 255.255.255.0 vrrp vrid 5 virtual-ip 172.16.4.1 vrrp vrid 5 priority 110#interface Vlan-interface6ip address 172.16.5.3 255.255.255.0 vrrp vrid 6 virtual-ip 172.16.5.1 vrrp vrid 6 priority 110#interface Vlan-interface7ip address 172.16.6.3 255.255.255.0 vrrp vrid 7 virtual-ip 172.16.6.1 vrrp vrid 7 priority 110#interface Vlan-interface8ip address 172.16.7.3 255.255.255.0 vrrp vrid 8 virtual-ip 172.16.7.1 vrrp vrid 8 priority 110#interface Vlan-interface9ip address 172.16.8.3 255.255.255.0 vrrp vrid 9 virtual-ip 172.16.8.1 vrrp vrid 9 priority 110#interface Vlan-interface10ip address 172.16.9.3 255.255.255.0 vrrp vrid 10 virtual-ip 172.16.9.1 vrrp vrid 10 priority 110#interface Aux0/0/0#interface M-Ethernet0/0/0#interface GigabitEthernet0/0/1#interface GigabitEthernet0/0/2#interface GigabitEthernet0/0/3#interface GigabitEthernet0/0/4#interface GigabitEthernet2/0/1port link-type trunkport trunk permit vlan all#interface GigabitEthernet2/0/2port link-type trunkport trunk permit vlan all#interface GigabitEthernet2/0/3port link-type trunkport trunk permit vlan all#interface GigabitEthernet2/0/4 port link-type trunkport trunk permit vlan all#interface GigabitEthernet2/0/5 port link-type trunkport trunk permit vlan all#interface GigabitEthernet2/0/6 port link-type trunkport trunk permit vlan all#interface GigabitEthernet2/0/7 port link-type trunkport trunk permit vlan all#interface GigabitEthernet2/0/8 port access vlan 2#interface GigabitEthernet2/0/9 port access vlan 2#interface GigabitEthernet2/0/10 port access vlan 2#interface GigabitEthernet2/0/11 #interface GigabitEthernet2/0/12 #interface GigabitEthernet2/0/13 #interface GigabitEthernet2/0/14 #interface GigabitEthernet2/0/15#interface GigabitEthernet2/0/16#interface GigabitEthernet2/0/17#interface GigabitEthernet2/0/18#interface GigabitEthernet2/0/19port access vlan 2port link-aggregation group 1#interface GigabitEthernet2/0/20port access vlan 2port link-aggregation group 1#interface NULL0#ospf 1import-route directarea 0.0.0.0network 172.16.1.0 0.0.0.255#snmp-agentsnmp-agent local-engineid 800007DB000FE218CC346877 snmp-agent community read publicsnmp-agent community write yantaisnmp-agent sys-info version all。
华为交换机VRRP配置实例收集(转)
华为交换机VRRP配置实例收集(转)⽰例图:其实说⽩了就是做线路冗余,达到热备切换。
组⽹需求:楼层1和楼层2分别通过两条线路做冗余接⼊交换机(本⽰例只考虑vrrp,暂不考虑其他⽅⾯)。
当其中⼀段链路故障时,能通过另外⼀条链路传输。
配置信息:<lsw9>dis cu#sysname lsw9#vlan batch 10 20#stp mode stp#interface Ethernet0/0/2port link-type accessport default vlan 10#interface Ethernet0/0/3port link-type accessport default vlan 20#interface GigabitEthernet0/0/1port link-type trunkport trunk allow-pass vlan 10 20#interface GigabitEthernet0/0/2 port link-type trunkport trunk allow-pass vlan 10 20 stp instance 0 cost 200000000 #return<lsw9>--------------------------<lsw11>dis cu#sysname lsw11#vlan batch 30#stp mode stp#interface Ethernet0/0/2port link-type accessport default vlan 30#interface Ethernet0/0/3port link-type accessport default vlan 30#interface GigabitEthernet0/0/1 port link-type trunkport trunk allow-pass vlan 30 stp instance 0 cost 200000000 #interface GigabitEthernet0/0/2 port link-type trunkport trunk allow-pass vlan 30 #return<lsw11>-------------------------<lsw7>dis cu#sysname lsw7#vlan batch 10 20 30 100#stp mode stp#interface Vlanif1#interface Vlanif10description to 1 Lip address 10.155.10.254 255.255.255.0vrrp vrid 1 virtual-ip 10.155.10.252vrrp vrid 1 priority 120vrrp vrid 1 preempt-mode timer delay 20#interface Vlanif20ip address 10.155.20.254 255.255.255.0vrrp vrid 1 virtual-ip 10.155.20.252vrrp vrid 1 priority 120vrrp vrid 1 preempt-mode timer delay 20#interface Vlanif30description to 5 Lip address 10.156.40.254 255.255.255.0ip address 10.156.30.254 255.255.255.0 sub vrrp vrid 1 virtual-ip 10.156.30.252vrrp vrid 2 virtual-ip 10.156.40.252vrrp vrid 2 priority 120vrrp vrid 2 preempt-mode timer delay 20#interface Vlanif100ip address 10.10.10.1 255.255.255.0#interface MEth0/0/1#interface GigabitEthernet0/0/1port link-type accessport default vlan 100#interface GigabitEthernet0/0/11port link-type trunkport trunk pvid vlan 100port trunk allow-pass vlan 2 to 4094#interface GigabitEthernet0/0/21port link-type trunkport trunk allow-pass vlan 30#ospf 1area 0.0.0.0network 10.10.10.0 0.0.0.255network 10.155.0.0 0.0.255.255network 10.156.0.0 0.0.255.255#return--------------------------------------<lsw8>dis cu#sysname lsw8#vlan batch 10 20 30 200#stp mode stp#interface Vlanif1#interface Vlanif10description to 1 Lip address 10.155.10.253 255.255.255.0vrrp vrid 1 virtual-ip 10.155.10.252#interface Vlanif20description to 1 Lip address 10.155.20.253 255.255.255.0vrrp vrid 1 virtual-ip 10.155.20.252#interface Vlanif30description to 5 Lip address 10.156.30.253 255.255.255.0ip address 10.156.40.253 255.255.255.0 sub vrrp vrid 1 virtual-ip 10.156.30.252vrrp vrid 1 priority 120vrrp vrid 1 preempt-mode timer delay 20vrrp vrid 2 virtual-ip 10.156.40.252#interface Vlanif200ip address 10.10.20.1 255.255.255.0#interface MEth0/0/1#interface GigabitEthernet0/0/1#interface GigabitEthernet0/0/2port link-type trunkport trunk allow-pass vlan 10 20#interface GigabitEthernet0/0/12port hybrid pvid vlan 200port hybrid tagged vlan 1 to 4094#interface GigabitEthernet0/0/22port link-type trunkport trunk allow-pass vlan 30#ospf 1area 0.0.0.0network 10.155.0.0 0.0.255.255network 10.156.0.0 0.0.255.255network 10.10.20.0 0.0.0.255#return<lsw8>-----------------<R4>dis cu#sysname R4#stp instance 0 root primarystp enable#interface GigabitEthernet0/0/1ip address 10.10.10.254 255.255.255.0 stp enable#interface GigabitEthernet0/0/2ip address 10.10.20.254 255.255.255.0 stp enable#interface GigabitEthernet0/0/3ip address 61.128.128.6 255.255.255.0 #return<R4>参考:(以上内容转⾃此篇⽂章)。
H3C S12500系列交换机基础配置操作规范
在同时配臵日志主机和trap主机时,建议:
关闭trap转log的开关关掉
[S12500]info-center source default channel loghost trap state off
或者把trap转log级别调整到warnings以上
[S12500]info-center source default channel loghost trap level warnings state on
配臵认证域的命令行授权AAA方案,使用HWTACACS方案;
[S12500]domain hwtacacs [S12500-isp-hwtacacs]authentication login hwtacacs-scheme hwtacacs local [S12500-isp-hwtacacs]authorization login hwtacacs-scheme hwtacacs local [S12500-isp-hwtacacs]authorization command hwtacacs-scheme hwtacacs none [S12500-isp-hwtacacs]accounting command hwtacacs-scheme hwtacacs [S12500-isp-hwtacacs]idle-cut enable 10 [S12500]domain default enable hwtacacs 配臵备份命令行授权方式为不授权
注意:目前设备支持NTP版本号为Version1~3;缺省情况 下,设备采用Version 3向Server同步时间信息。
13
SNMP配臵
SNMPv1/v2c配臵
vrrp配置
1交换机的vrrp1.1交换机vrrp实例1三层交换机C和D与二层交换机组成。
在三层中建立VLAN 10 并设置SVI地址和VRRP浮动地址。
并在主交换机C上设置了优先级。
主交换机配置例:interface Vlan-interface 10ip address 192.168.1.252 255.255.255.0vrrp vrid 10virtual-ip 192.168.1.254vrrp vrid 10 priority 120备交换机配置例::interface Vlan-interface 10ip address 192.168.1.253 255.255.255.0vrrp vrid 10 virtual-ip 192.168.1.254vrrp vrid 10 priority 100其中virtual-ip 192.168.1.254就是192.168.1.0(VLAN10)内主机的网关。
三层交换机C配置如下(我这是千M电口和百M混用,你们可以实际情况来定)vlan 10interface Vlan-interface 10ip address 192.168.1.252 255.255.255.0vrrp vrid 30 virtual-ip 192.168.1.254vrrp vrid 30 priority 120interface GigabitEthernet1/0/1desc to_SWITCH-Dduplex fullspeed 1000port link-type trunkundo port trunk permit vlan 1port trunk permit vlan 10#interface GigabitEthernet1/0/2desc to ercheng-switchduplex fullspeed 100port link-type trunkundo port trunk permit vlan 1port trunk permit vlan 10三层交换机D配置如下:vlan 10interface Vlan-interface 10ip address 192.168.1.253 255.255.255.0vrrp vrid 30 virtual-ip 192.168.1.254interface GigabitEthernet1/0/1desc to_SWITCH-Cduplex fullspeed 1000port link-type trunkundo port trunk permit vlan 1port trunk permit vlan 10#interface GigabitEthernet1/0/2desc to ercheng-switchduplex fullspeed 100port link-type trunkundo port trunk permit vlan 1port trunk permit vlan 10两台三层交换机互联接口起TRUNK,并将VLAN 10允许通过。
H3C--VRRP技术原理及配置指导
1 VRRP配置 ........................................................................................................................................... 1-11.1 VRRP简介 ........................................................................................................................................ 1-11.1.1 VRRP概述 ............................................................................................................................. 1-11.1.2 VRRP备份组简介................................................................................................................... 1-21.1.3 VRRP定时器.......................................................................................................................... 1-31.1.4 VRRP报文格式 ...................................................................................................................... 1-41.1.5 VRRP工作过程 ...................................................................................................................... 1-51.1.6 VRRP监视功能 ...................................................................................................................... 1-61.1.7 VRRP应用(以基于IPv4的VRRP为例)............................................................................ 1-61.2 配置基于IPv4的VRRP ................................................................................................................... 1-81.2.1 基于IPv4的VRRP配置任务简介 ......................................................................................... 1-81.2.2 配置虚拟IP地址和MAC地址的对应关系............................................................................. 1-81.2.3 创建备份组并配置虚拟IP地址 .............................................................................................. 1-91.2.4 配置备份组优先级、抢占方式及监视功能............................................................................ 1-101.2.5 配置VRRP报文的相关属性 ................................................................................................ 1-111.2.6 开启VRRP的Trap功能...................................................................................................... 1-111.2.7 基于IPv4的VRRP显示和维护........................................................................................... 1-121.3 配置基于IPv6的VRRP ................................................................................................................. 1-121.3.1 基于IPv6的VRRP配置任务简介 ....................................................................................... 1-121.3.2 配置虚拟IPv6地址和MAC地址的对应关系 ....................................................................... 1-131.3.3 创建备份组并配置虚拟IPv6地址 ........................................................................................ 1-131.3.4 配置备份组优先级、抢占方式及监视指定接口 .................................................................... 1-141.3.5 配置VRRP报文的相关属性 ................................................................................................ 1-151.3.6 基于IPv6的VRRP显示和维护........................................................................................... 1-151.4 基于IPv4的VRRP典型配置举例.................................................................................................. 1-161.4.1 VRRP单备份组配置举例...................................................................................................... 1-161.4.2 VRRP监视接口配置举例...................................................................................................... 1-181.4.3 VRRP多备份组配置举例...................................................................................................... 1-211.5 基于IPv6的VRRP典型配置举例.................................................................................................. 1-241.5.1 VRRP单备份组配置举例...................................................................................................... 1-241.5.2 VRRP监视接口配置举例...................................................................................................... 1-271.5.3 VRRP多备份组配置举例...................................................................................................... 1-301.6 VRRP常见错误配置举例 ................................................................................................................ 1-341 VRRP 配置S3610&S5510交换机只有工作在IPv4-IPv6双协议栈模式时,才能支持本文所介绍的基于IPv6的VRRP 功能。
- 1、下载文档前请自行甄别文档内容的完整性,平台不提供额外的编辑、内容补充、找答案等附加服务。
- 2、"仅部分预览"的文档,不可在线预览部分如存在完整性等问题,可反馈申请退款(可完整预览的文档不适用该条件!)。
- 3、如文档侵犯您的权益,请联系客服反馈,我们会尽快为您处理(人工客服工作时间:9:00-18:30)。
H3C交换机综合主备备份模式的VRRP应用示例 在上一篇文章"H3C交换机设置简单主备备份模式的VRRP应用示例"我们只配置了最基本的 VRRP 属性,利用了 VRRP 的最基本的功能,没有配置 VRRP认证,也没有配置 VRRP 接口/端口监视功能。本示例包括了 VRRP 主备备份模式应用中以上这些比较高级的功能配置。本示例的网络拓扑参见图4-11. Host A 需要访问位于 Internet 上的 Host B,Host A 的默认网关为 210.110.10.1/24.Switch A 和Switch B 共同组成一个 VRRP 备份组 1,虚拟 IP 地址为 210.110.10.1/24.要求当 Switch A 正常工作时,Host A 发送给 Host B 的报文通过 Switch A 转发;当 Switch A 连接 Internet 的 VLAN3 接口不可用时,Host A 发送给 Host B 的报文通过 Switch B 转发。另外,为了防止非法用户构造报文攻击备份组,通过简单字符认证方法验证备份组 1 中的 VRRP 报文,认证字为 123456. 下面是具体的配置步骤。 1.Switch A 上的配置 (1)配置 VRRP 备份组所属的 VLAN2(上节已解释的配置此处不再重复说明)。 systemview [SwitchA] vlan 2 [SwitchAvlan2] port gigabitethernet 1/0/5 [SwitchAvlan2] quit [SwitchA] interface vlaninterface 2 [SwitchAVlaninterface2] ip address 210.110.10.2 255.255.255.0 (2)配置 VRRP 属性(上节已解释的配置此处不再重复说明)。 [SwitchAVlaninterface2] vrrp vrid 1 virtualip 210.110.10.1 [SwitchAVlaninterface2] vrrp vrid 1 priority 110 [SwitchAVlaninterface2] vrrp vrid 1 authenticationmode simple 123456 ! 设置备份组的认证方式为simple 认证,认证字为123456 [SwitchAVlaninterface2] vrrp vrid 1 timer advertise 4 ! 设置 Master 发送 VRRP 报文的间隔时间为 4 秒 [SwitchAVlaninterface2] vrrp vrid 1 preemptmode timer delay 5 [SwitchAVlaninterface2] vrrp vrid 1 track interface vlaninterface 3 reduced 30 ! 配置 Switch A 监视上行接口--VLAN3 接口, 当 VLAN3 接口不可用时,降低 Switch A 在备份组 1 中的优先级。降低后的优先级应低于 Switch B 的优先级 100,即优先级降低数额应大 于 20,以保证 Switch B 能够抢占成为 Master.本例中,配置优先级降低数额为 30 2. Switch B 上的配置 (1)配置 VRRP 备份组所属的 VLAN2(上节已解释的配置此处不再重复说明)。 systemview [SwitchB] vlan 2 [SwitchBvlan2] port gigabitethernet 1/0/5 [SwitchBvlan2] quit [SwitchB] interface vlaninterface 2 [SwitchBVlaninterface2] ip address 210.110.10.4 255.255.255.0 (2)配置 VRRP 属性(上节已解释的配置此处不再重复说明)。 [SwitchBVlaninterface2] vrrp vrid 1 virtualip 210.110.10.1 [SwitchBVlaninterface2] vrrp vrid 1 authenticationmode simple 123456 ! 设置备份组的认证方式为 simple 认证,认证字为 123456(备份组中的所有交换机的认证方式和认证字配置必须一致) [SwitchBVlaninterface2] vrrp vrid 1 timer advertise 5 ! 设置 Master 发送 VRRP 报文的间隔时间为 5 秒 [SwitchBVlaninterface2] vrrp vrid 1 preemptmode timer delay 7 ! 设置 Switch B 工作在抢占方式,以保证 Switch A 的优先级降 低后,Switch B 可以抢占成为 Master.为了避免频繁地进行状态切换,配置抢占延迟时间为 7 秒 H3C交换机综合主备备份模式的VRRP应用示例 3.验证配置结果 配置完成后,在 Host A 上可以 ping 通 Host B.通过 display vrrp verbose 命令查看配置后的结果。Switch A 上显示的备份组 1 的详细信息如下(注意输出信息中粗体字部分所显示的 Master 交换机的 VLAN 接口 IP 地址)。 [SwitchAVlaninterface2] display vrrp verbose IPv4 Standby Information: Run Mode : Standard Run Method : Virtual MAC Total number of virtual routers : 1 Interface Vlaninterface2 VRID : 1 Adver Timer : 5 Admin Status : Up State : Master Config Pri : 120 Running Pri : 120 Preempt Mode : Yes Delay Time : 7 Auth Type : Simple Key : hello Virtual IP : 210.110.10.1 Virtual MAC : 00005e000101 Master IP : 210.110.10.2 VRRP Track Information: Track Interface: Vlan3 State : Up Pri Reduced : 30 Switch B 上显示的备份组 1 的详细信息如下(注意输出信息中粗体字部分所显示的 Master 交换机的 VLAN 接口 IP 地址)。 [SwitchBVlaninterface2] display vrrp verbose IPv4 Standby Information: Run Mode : Standard Run Method : Virtual MAC Total number of virtual routers : 1 Interface Vlaninterface2 VRID : 1 Adver Timer : 5 Admin Status : Up State : Backup Config Pri : 100 Running Pri : 100 Preempt Mode : Yes Delay Time : 7 Auth Type : Simple Key : hello Virtual IP : 210.110.10.1 Master IP : 210.110.10.2 以上显示信息表示在备份组 1 中 Switch A 为 Master 路由器,Switch B 为 Backup 路由器,HostA 发送给 Host B 的报文通过 Switch A 转发。 当 Switch A 连接 Internet 的 VLAN3 接口不可用时,在 Host A 上仍然可以 ping 通 Host B.通过 display vrrp verbose 命令查看备份组的信息。此时在 Switch A 上显示的备份组 1 的详细信息如下(注意输出信息中粗体字部分所显示的 Master 交换机的 VLAN 接口 IP 地址)。 [SwitchAVlaninterface2] display vrrp verbose IPv4 Standby Information: Run Mode : Standard Run Method : Virtual MAC Total number of virtual routers : 1 Interface Vlaninterface2 VRID : 1 Adver Timer : 5 Admin Status : Up State : Backup Config Pri : 120 Running Pri : 90 Preempt Mode : Yes Delay Time : 7 Auth Type : Simple Key : hello Virtual IP : 210.110.10.1 Master IP : 210.110.10.4 VRRP Track Information: Track Interface: Vlan3 State : Down Pri Reduced : 30 在 Switch A 的 VLAN3 接口不可用时,Switch B 上显示的备份组1 的详细信息如下(注意输出信息中粗体字部分所显示的 Master 交换机的 VLAN 接口 IP 地址)。 [SwitchBVlaninterface2] display vrrp verbose IPv4 Standby Information: Run Mode : Standard Run Method : Virtual MAC Total number of virtual routers : 1 Interface Vlaninterface2 VRID : 1 Adver Timer : 5 Admin Status : Up State : Master Config Pri : 100 Running Pri : 100 Preempt Mode : Yes Delay Time : 7 Auth Type : Simple Key : hello Virtual IP : 210.110.10.1 Virtual MAC : 00005e000101 Master IP : 210.110.10.4 以上显示信息表示 Switch A 的 VLAN3 接口不可用时,Switch A 的优先级降低为 90,成为Backup 路由器,Switch B 成为 Master 路由器,Host A 发送给 Host B 的报文通过 Switch B 转发。