Cisco的網路容錯機制 (Ethernet Channel,HSRP)

架構圖如下 (有空再加說明)

目標:

希望Router故障一台或是Switch故障一台，不會影響Server的正常運作

說明:

沒有時間改設備的設定，就找了幾台實體機來做LAB。
* 2台Cisco 2811/2821 做HSRP，
* 2台Switch做Ethernet Channel
* Server網卡做Teaming

原本LAB是要用Router撥接PPPOE VDSL測HSRP，不過一直會遇到這2個問題
%IP_VFR-4-FRAG_TABLE_OVERFLOW: Dialer1: the fragment table has reached its maximum threshold 16
%IP_VFR-3-OVERLAP_FRAGMENTS: Dialer1: from the host x.x.x.x destined to x.x.x.x

然後上網一直不正常，後來就放棄使用PPOE撥接，改在Router的前端接了一台DrayTek 2925做撥接的動作，然後2台Router的 FA 0/0設DrayTek Lan網站的IP，並設Default Route到DrayTek 2925的IP上網

Cisco 2821設定

HSRP的Virtual IP為192.168.10.254

hostname R2821
!
boot-start-marker
boot-end-marker
!
!
!
no aaa new-model
!
!
dot11 syslog
ip source-route
!
!
ip cef
!
!
!
no ip domain lookup
!
multilink bundle-name authenticated
!
!
crypto pki token default removal timeout 0
!
!
!
!
license udi pid CISCO2821 sn FHK1118F2KL
!
redundancy
!
!
!
!
!
!
!
!
!
interface GigabitEthernet0/0
ip address 192.168.1.119 255.255.255.0
ip nat outside
ip virtual-reassembly in
duplex auto
speed auto
!
interface GigabitEthernet0/1
ip address 192.168.10.119 255.255.255.0
ip nat inside
ip virtual-reassembly in
standby 1 ip 192.168.10.254 (HSRP設定)
standby 1 preempt (HSRP設定)
duplex auto
speed auto
!
interface Serial1/0
no ip address
shutdown
no fair-queue
!
interface Serial1/1
no ip address
shutdown
!
interface Serial1/2
no ip address
shutdown
!
interface Serial1/3
no ip address
shutdown
!
interface Serial1/4
no ip address
shutdown
!
interface Serial1/5
no ip address
shutdown
!
interface Serial1/6
no ip address
shutdown
!
interface Serial1/7
no ip address
shutdown
!
ip forward-protocol nd
no ip http server
no ip http secure-server
!
!
ip nat inside source list 1 interface GigabitEthernet0/0 overload
ip route 0.0.0.0 0.0.0.0 192.168.1.254
!
access-list 1 permit 192.168.10.0 0.0.0.255
!
!
!
!
!
control-plane
!
!
!
line con 0
logging synchronous
line aux 0
line vty 0 4
login
transport input all
!
scheduler allocate 20000 1000
end

Cisco 2811設定

hostname R2811
!
boot-start-marker
boot-end-marker
!
!
!
no aaa new-model
!
!
dot11 syslog
ip source-route
!
!
ip cef
!
!
!
no ip domain lookup
ip name-server 8.8.8.8
ip name-server 168.95.1.1
!
multilink bundle-name authenticated
!
!
crypto pki token default removal timeout 0
!
!
!
!
license udi pid CISCO2811 sn FHK1014F28K
!
redundancy
!
!
!
!
!
!
!
!
!
interface FastEthernet0/0
ip address 192.168.1.120 255.255.255.0
ip nat outside
ip virtual-reassembly in
duplex auto
speed auto
!
interface FastEthernet0/1
ip address 192.168.10.120 255.255.255.0
ip nat inside
ip virtual-reassembly in
standby 1 ip 192.168.10.254 (HSRP設定)
duplex auto
speed auto
!
ip forward-protocol nd
no ip http server
no ip http secure-server
!
!
ip nat inside source list 1 interface FastEthernet0/0 overload
ip route 0.0.0.0 0.0.0.0 192.168.1.254
!
access-list 1 permit 192.168.10.0 0.0.0.255
!
!
!
!
!
control-plane
!
!
!
line con 0
logging synchronous
line aux 0
line vty 0 4
login
transport input all
!
scheduler allocate 20000 1000
end

Cisco 3750 Switch設定

hostname UP

boot-start-marker

boot-end-marker

no aaa new-model

switch 2 provision ws-c3750-24ts

system mtu routing 1500

no ip domain-lookup

spanning-tree mode pvst

spanning-tree extend system-id

vlan internal allocation policy ascending

interface Port-channel1

interface FastEthernet2/0/1

channel-group 1 mode desirable (Ethernet Channel設定)

spanning-tree portfast

interface FastEthernet2/0/2

channel-group 1 mode desirable (Ethernet Channel設定)

spanning-tree portfast

interface FastEthernet2/0/3

channel-group 1 mode desirable

spanning-tree portfast

interface FastEthernet2/0/4

spanning-tree portfast

interface FastEthernet2/0/5

spanning-tree portfast

interface FastEthernet2/0/6

spanning-tree portfast

interface FastEthernet2/0/7

spanning-tree portfast

interface FastEthernet2/0/8

spanning-tree portfast

interface FastEthernet2/0/9

spanning-tree portfast

interface FastEthernet2/0/10

spanning-tree portfast

interface FastEthernet2/0/11

spanning-tree portfast

interface FastEthernet2/0/12

spanning-tree portfast

interface FastEthernet2/0/13

spanning-tree portfast

interface FastEthernet2/0/14

spanning-tree portfast

interface FastEthernet2/0/15

spanning-tree portfast

interface FastEthernet2/0/16

spanning-tree portfast

interface FastEthernet2/0/17

spanning-tree portfast

interface FastEthernet2/0/18

spanning-tree portfast

interface FastEthernet2/0/19

spanning-tree portfast

interface FastEthernet2/0/20

spanning-tree portfast

interface FastEthernet2/0/21

spanning-tree portfast

interface FastEthernet2/0/22

spanning-tree portfast

interface FastEthernet2/0/23

spanning-tree portfast

interface FastEthernet2/0/24

spanning-tree portfast

interface GigabitEthernet2/0/1

interface GigabitEthernet2/0/2

interface Vlan1

no ip address

ip classless

ip http server

ip http secure-server

line con 0

logging synchronous

line vty 0 4

line vty 5 15

end

Cisco 3750 Switch設定

hostname DOWN

switch 1 provision ws-c3750-24ts

ip subnet-zero

spanning-tree mode pvst

no spanning-tree optimize bpdu transmission

spanning-tree extend system-id

interface Port-channel1

interface FastEthernet1/0/1

channel-group 1 mode desirable (Ethernet Channel設定)

interface FastEthernet1/0/2

channel-group 1 mode desirable

interface FastEthernet1/0/3

channel-group 1 mode desirable (Ethernet Channel設定)

interface FastEthernet1/0/4

spanning-tree portfast

interface FastEthernet1/0/5

spanning-tree portfast

interface FastEthernet1/0/6

spanning-tree portfast

interface FastEthernet1/0/7

spanning-tree portfast

interface FastEthernet1/0/8

spanning-tree portfast

interface FastEthernet1/0/9

switchport access vlan 100

spanning-tree portfast

interface FastEthernet1/0/10

switchport access vlan 100

spanning-tree portfast

interface FastEthernet1/0/11

switchport access vlan 100

spanning-tree portfast

interface FastEthernet1/0/12

switchport access vlan 100

spanning-tree portfast

interface FastEthernet1/0/13

spanning-tree portfast

interface FastEthernet1/0/14

spanning-tree portfast

interface FastEthernet1/0/15

spanning-tree portfast

interface FastEthernet1/0/16

spanning-tree portfast

interface FastEthernet1/0/17

spanning-tree portfast

interface FastEthernet1/0/18

spanning-tree portfast

interface FastEthernet1/0/19

spanning-tree portfast

interface FastEthernet1/0/20

spanning-tree portfast

interface FastEthernet1/0/21

spanning-tree portfast

interface FastEthernet1/0/22

spanning-tree portfast

interface FastEthernet1/0/23

spanning-tree portfast

interface FastEthernet1/0/24

spanning-tree portfast

interface GigabitEthernet1/0/1

interface GigabitEthernet1/0/2

interface Vlan1

no ip address

shutdown

ip classless

ip http server

control-plane

line con 0

line vty 0 4

no login

line vty 5 15

no login

end

Teaming設定

Server是使用Broadcom的網卡，並且使用broadcom Advanced Control Suite來做Teaming

1.選擇建立小組

2.選擇專家模式

3.選擇設定值後,點選建立

4.直接選擇套用/結束

5.選擇"是"

6.Teaming完成

7.網路連線的設定頁面中，會看到新增一張Teaming的網卡

Cisco Router 2811查看HSRP的狀況

R2811#show standby
FastEthernet0/1 - Group 1
State is Active
2 state changes, last state change 00:03:02
Virtual IP address is 192.168.10.254
Active virtual MAC address is 0000.0c07.ac01
Local virtual MAC address is 0000.0c07.ac01 (v1 default)
Hello time 3 sec, hold time 10 sec
Next hello sent in 2.176 secs
Preemption disabled
Active router is local
Standby router is 192.168.10.119, priority 100 (expires in 9.600 sec)
Priority 100 (default 100)
Group name is "hsrp-Fa0/1-1" (default)

Cisco Router 2821查看HSRP的狀況

R2821#show standby
GigabitEthernet0/1 - Group 1
State is Standby
4 state changes, last state change 00:02:41
Virtual IP address is 192.168.10.254
Active virtual MAC address is 0000.0c07.ac01
Local virtual MAC address is 0000.0c07.ac01 (v1 default)
Hello time 3 sec, hold time 10 sec
Next hello sent in 1.744 secs
Preemption enabled
Active router is 192.168.10.120, priority 100 (expires in 10.032 sec)
Standby router is local
Priority 100 (default 100)
Group name is "hsrp-Gi0/1-1" (default)

可以看到雖然2台的Priority都是100，不過比較IP後由2811當Active

Cisco 2811 Fa 0/1斷線 (沒有設定Preemption)

如果2811發生斷線的情況，2821會馬上接手，但因為2811沒有設定Preemption，所以就算2811恢復連線，2821還是Active，如下面的情況：
*Mar 18 09:59:14.603: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/1, changed state to down
*Mar 18 09:59:14.603: %HSRP-5-STATECHANGE: FastEthernet0/1 Grp 1 state Active -> Init
*Mar 18 10:00:36.415: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/1, changed state to up
R2811#show standby
FastEthernet0/1 - Group 1
State is Speak
3 state changes, last state change 00:01:43
Virtual IP address is 192.168.10.254
Active virtual MAC address is 0000.0c07.ac01
Local virtual MAC address is 0000.0c07.ac01 (v1 default)
Hello time 3 sec, hold time 10 sec
Next hello sent in 1.376 secs
Preemption disabled
Active router is 192.168.10.119, priority 100 (expires in 10.304 sec)
Standby router is unknown
Priority 100 (default 100)
Group name is "hsrp-Fa0/1-1" (default)
R2811#
*Mar 18 10:00:58.811: %HSRP-5-STATECHANGE: FastEthernet0/1 Grp 1 state Speak -> Standby
R2811#show standby
FastEthernet0/1 - Group 1
State is Standby
4 state changes, last state change 00:00:13
Virtual IP address is 192.168.10.254
Active virtual MAC address is 0000.0c07.ac01
Local virtual MAC address is 0000.0c07.ac01 (v1 default)
Hello time 3 sec, hold time 10 sec
Next hello sent in 0.480 secs
Preemption disabled
Active router is 192.168.10.119, priority 100 (expires in 7.872 sec)
Standby router is local
Priority 100 (default 100)
Group name is "hsrp-Fa0/1-1" (default)

Cisco 2811 Fa 0/1斷線 (有設定Preemption)

R2811(config-if)#standby 1 preempt
*剛設定完2811還是Standby，若Fa0/1又斷線，2811仍然是Standby
*若2821斷線，2811則為Active，若2821恢後，2811仍然是Active
因為Priority都是相同，若要某一台斷線後恢復要變為Active，只要將Priority調的比另一台高即可

R2811(config-if)#standby 1 preempt
R2811(config-if)#do show standby
FastEthernet0/1 - Group 1
State is Standby (剛設完Preempt仍然是Standby)
12 state changes, last state change 00:00:25
Virtual IP address is 192.168.10.254
Active virtual MAC address is 0000.0c07.ac01
Local virtual MAC address is 0000.0c07.ac01 (v1 default)
Hello time 3 sec, hold time 10 sec
Next hello sent in 1.664 secs
Preemption enabled
Active router is 192.168.10.119, priority 100 (expires in 10.912 sec)
Standby router is local
Priority 100 (default 100)
Group name is "hsrp-Fa0/1-1" (default)
R2811(config-if)#
*Mar 18 10:19:26.203: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/1, changed state to down
*Mar 18 10:19:26.203: %HSRP-5-STATECHANGE: FastEthernet0/1 Grp 1 state Standby -> Init
*Mar 18 10:19:29.731: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/1, changed state to up
*Mar 18 10:19:53.599: %SYS-5-CONFIG_I: Configured from console by console
*Mar 18 10:19:53.635: %HSRP-5-STATECHANGE: FastEthernet0/1 Grp 1 state Speak -> Standby
(網路線拔掉再插回去仍然是Standby)

R2811(config-if)#standby 1 priority 150
*Mar 18 10:20:52.875: %HSRP-5-STATECHANGE: FastEthernet0/1 Grp 1 state Standby -> Active
(改完Priority則立馬變為Active)

R2811#show standby brief
P indicates configured to preempt.
|
Interface Grp Pri P State Active Standby Virtual IP
Fa0/1 1 150 P Active local 192.168.10.119 192.168.10.254

Interface Tracking

設定介面的狀態，此例是追蹤FA 0/0的狀態，若是斷線則將Priority減掉60，也就是原本的150-60後等於90，故另外台2821會變成Active
R2811(config-if)#standby 1 track fastEthernet 0/0 60

*Mar 18 16:13:58.019: %TRACKING-5-STATE: 1 interface Fa0/0 line-protocol Up->Down

*Mar 18 16:13:58.175: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/0, changed state to down

*Mar 18 16:14:00.203: %HSRP-5-STATECHANGE: FastEthernet0/1 Grp 1 state Active -> Speak

*Mar 18 16:14:11.467: %HSRP-5-STATECHANGE: FastEthernet0/1 Grp 1 state Speak -> Standby

R2811(config-if)#do show standby

FastEthernet0/1 - Group 1

State is Standby

4 state changes, last state change 00:00:01

Virtual IP address is 192.168.10.254

Active virtual MAC address is 0000.0c07.ac01

Local virtual MAC address is 0000.0c07.ac01 (v1 default)

Hello time 3 sec, hold time 10 sec

Next hello sent in 0.624 secs

Preemption enabled

Active router is 192.168.10.119, priority 100 (expires in 11.616 sec)

Standby router is local

Priority 90 (configured 150)

Track interface FastEthernet0/0 state Down decrement 60

Group name is "hsrp-Fa0/1-1" (default)

線路一旦恢復後，又馬上變回Active
*Mar 18 16:17:38.051: %TRACKING-5-STATE: 1 interface Fa0/0 line-protocol Down->Up
*Mar 18 16:17:38.107: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/0, changed state to up
*Mar 18 16:17:38.447: %HSRP-5-STATECHANGE: FastEthernet0/1 Grp 1 state Standby -> Active

Track還有其他的用途!!

HSRP改為VRRP

需要先把有問HSRP的設定NO掉，這裡就不實作

R2811(config-if)#vrrp 2 ip 192.168.10.254
*Mar 18 17:58:14.178: %VRRP-6-STATECHANGE: Fa0/1 Grp 2 state Init -> Backup
*Mar 18 17:58:14.182: %VRRP-6-STATECHANGE: Fa0/1 Grp 2 state Init -> Backup
*Mar 18 17:58:17.794: %VRRP-6-STATECHANGE: Fa0/1 Grp 2 state Backup -> Master
R2811(config-if)#vrrp 2 preempt
R2811(config-if)#vrrp 2 priority 120

2811設定

R2811#show vrrp
FastEthernet0/1 - Group 2
State is Master
Virtual IP address is 192.168.10.254
Virtual MAC address is 0000.5e00.0102
Advertisement interval is 1.000 sec
Preemption enabled
Priority is 120
Master Router is 192.168.10.120 (local), priority is 120
Master Advertisement interval is 1.000 sec
Master Down interval is 3.531 sec

R2821(config-if)#vrrp 2 ip 192.168.10.254
*Mar 18 14:23:04.374: %VRRP-6-STATECHANGE: Gi0/1 Grp 2 state Init -> Backup
R2821(config-if)#vrrp 2 preempt
R2821(config-if)#vrrp 2 priority 120

2821設定

R2821#show vrrp
GigabitEthernet0/1 - Group 2
State is Backup
Virtual IP address is 192.168.10.254
Virtual MAC address is 0000.5e00.0102
Advertisement interval is 1.000 sec
Preemption enabled
Priority is 120
Master Router is 192.168.10.120, priority is 120
Master Advertisement interval is 1.000 sec
Master Down interval is 3.531 sec (expires in 3.379 sec)

R2821#show vrrp brief
Interface Grp Pri Time Own Pre State Master addr Group addr
Gi0/1 2 120 3531 Y Backup 192.168.10.120 192.168.10.254

寫寫筆記

搜尋此網誌