跳到主要內容

Cisco的網路容錯機制 (Ethernet Channel,HSRP)

架構圖如下 (有空再加說明)


目標:

希望Router故障一台或是Switch故障一台,不會影響Server的正常運作

說明:

沒有時間改設備的設定,就找了幾台實體機來做LAB。
* 2台Cisco 2811/2821 做HSRP,
* 2台Switch做Ethernet Channel
* Server網卡做Teaming

原本LAB是要用Router撥接PPPOE VDSL測HSRP,不過一直會遇到這2個問題
%IP_VFR-4-FRAG_TABLE_OVERFLOW: Dialer1: the fragment table has reached its maximum threshold 16
%IP_VFR-3-OVERLAP_FRAGMENTS: Dialer1: from the host x.x.x.x destined to x.x.x.x

然後上網一直不正常,後來就放棄使用PPOE撥接,改在Router的前端接了一台DrayTek 2925做撥接的動作,然後2台Router的 FA 0/0設DrayTek Lan網站的IP,並設Default Route到DrayTek 2925的IP上網

Cisco 2821設定

HSRP的Virtual IP為192.168.10.254
hostname R2821
!
boot-start-marker
boot-end-marker
!
!
!
no aaa new-model
!
!
dot11 syslog
ip source-route
!
!
ip cef
!
!
!
no ip domain lookup
!
multilink bundle-name authenticated
!
!
crypto pki token default removal timeout 0
!
!
!
!
license udi pid CISCO2821 sn FHK1118F2KL
!
redundancy
!
!
!
!
!
!
!
!
!
interface GigabitEthernet0/0
 ip address 192.168.1.119 255.255.255.0
 ip nat outside
 ip virtual-reassembly in
 duplex auto
 speed auto
!
interface GigabitEthernet0/1
 ip address 192.168.10.119 255.255.255.0
 ip nat inside
 ip virtual-reassembly in
 standby 1 ip 192.168.10.254    (HSRP設定)
 standby 1 preempt                    (HSRP設定)
 duplex auto
 speed auto
!
interface Serial1/0
 no ip address
 shutdown
 no fair-queue
!
interface Serial1/1
 no ip address
 shutdown
!
interface Serial1/2
 no ip address
 shutdown
!
interface Serial1/3
 no ip address
 shutdown
!
interface Serial1/4
 no ip address
 shutdown
!
interface Serial1/5
 no ip address
 shutdown
!
interface Serial1/6
 no ip address
 shutdown
!
interface Serial1/7
 no ip address
 shutdown
!
ip forward-protocol nd
no ip http server
no ip http secure-server
!
!
ip nat inside source list 1 interface GigabitEthernet0/0 overload
ip route 0.0.0.0 0.0.0.0 192.168.1.254
!
access-list 1 permit 192.168.10.0 0.0.0.255
!
!
!
!
!
control-plane
!
!
!
line con 0
 logging synchronous
line aux 0
line vty 0 4
 login
 transport input all
!
scheduler allocate 20000 1000
end

Cisco 2811設定

hostname R2811
!
boot-start-marker
boot-end-marker
!
!
!
no aaa new-model
!
!
dot11 syslog
ip source-route
!
!
ip cef
!
!
!
no ip domain lookup
ip name-server 8.8.8.8
ip name-server 168.95.1.1
!
multilink bundle-name authenticated
!
!
crypto pki token default removal timeout 0
!
!
!
!
license udi pid CISCO2811 sn FHK1014F28K
!
redundancy
!
!
!
!
!
!
!
!
!
interface FastEthernet0/0
 ip address 192.168.1.120 255.255.255.0
 ip nat outside
 ip virtual-reassembly in
 duplex auto
 speed auto
!
interface FastEthernet0/1
 ip address 192.168.10.120 255.255.255.0
 ip nat inside
 ip virtual-reassembly in
 standby 1 ip 192.168.10.254      (HSRP設定)
 duplex auto
 speed auto
!
ip forward-protocol nd
no ip http server
no ip http secure-server
!
!
ip nat inside source list 1 interface FastEthernet0/0 overload
ip route 0.0.0.0 0.0.0.0 192.168.1.254
!
access-list 1 permit 192.168.10.0 0.0.0.255
!
!
!
!
!
control-plane
!
!
!
line con 0
 logging synchronous
line aux 0
line vty 0 4
 login
 transport input all
!
scheduler allocate 20000 1000
end

Cisco 3750 Switch設定

!
hostname UP
!
boot-start-marker
boot-end-marker
!
!
!
!
no aaa new-model
switch 2 provision ws-c3750-24ts
system mtu routing 1500
no ip domain-lookup
!
!
!

!
!
!
spanning-tree mode pvst
spanning-tree extend system-id
!
vlan internal allocation policy ascending
!
!
!
!
interface Port-channel1
!
interface FastEthernet2/0/1
 channel-group 1 mode desirable (Ethernet Channel設定)
 spanning-tree portfast
!
interface FastEthernet2/0/2
 channel-group 1 mode desirable (Ethernet Channel設定)
 spanning-tree portfast
!
interface FastEthernet2/0/3
 channel-group 1 mode desirable
 spanning-tree portfast
!
interface FastEthernet2/0/4
 spanning-tree portfast
!
interface FastEthernet2/0/5
 spanning-tree portfast
!
interface FastEthernet2/0/6
 spanning-tree portfast
!
interface FastEthernet2/0/7
 spanning-tree portfast
!
interface FastEthernet2/0/8
 spanning-tree portfast
!
interface FastEthernet2/0/9
 spanning-tree portfast
!
interface FastEthernet2/0/10
 spanning-tree portfast
!
interface FastEthernet2/0/11
 spanning-tree portfast
!
interface FastEthernet2/0/12
 spanning-tree portfast
!
interface FastEthernet2/0/13
 spanning-tree portfast
!
interface FastEthernet2/0/14
 spanning-tree portfast
!
interface FastEthernet2/0/15
 spanning-tree portfast
!
interface FastEthernet2/0/16
 spanning-tree portfast
!
interface FastEthernet2/0/17
 spanning-tree portfast
!
interface FastEthernet2/0/18
 spanning-tree portfast
!
interface FastEthernet2/0/19
 spanning-tree portfast
!
interface FastEthernet2/0/20
 spanning-tree portfast
!
interface FastEthernet2/0/21
 spanning-tree portfast
!
interface FastEthernet2/0/22
 spanning-tree portfast
!
interface FastEthernet2/0/23
 spanning-tree portfast
!
interface FastEthernet2/0/24
 spanning-tree portfast
!
interface GigabitEthernet2/0/1
!
interface GigabitEthernet2/0/2
!
interface Vlan1
 no ip address
!
ip classless
ip http server
ip http secure-server
!
!
!
!
!
line con 0
 logging synchronous
line vty 0 4
 login
line vty 5 15
 login
!
end


Cisco 3750 Switch設定

hostname DOWN
!
!
switch 1 provision ws-c3750-24ts
ip subnet-zero
!
!
spanning-tree mode pvst
no spanning-tree optimize bpdu transmission
spanning-tree extend system-id
!
!
!
!
!
interface Port-channel1
!
interface FastEthernet1/0/1
 channel-group 1 mode desirable (Ethernet Channel設定)
!
interface FastEthernet1/0/2
 channel-group 1 mode desirable
!
interface FastEthernet1/0/3
 channel-group 1 mode desirable (Ethernet Channel設定)
!
interface FastEthernet1/0/4
 spanning-tree portfast
!
interface FastEthernet1/0/5
 spanning-tree portfast
!
interface FastEthernet1/0/6
 spanning-tree portfast
!
interface FastEthernet1/0/7
 spanning-tree portfast
!
interface FastEthernet1/0/8
 spanning-tree portfast
!
interface FastEthernet1/0/9
 switchport access vlan 100
 spanning-tree portfast
!
interface FastEthernet1/0/10
 switchport access vlan 100
 spanning-tree portfast
!
interface FastEthernet1/0/11
 switchport access vlan 100
 spanning-tree portfast
!
interface FastEthernet1/0/12
 switchport access vlan 100
 spanning-tree portfast
!
interface FastEthernet1/0/13
 spanning-tree portfast
!
interface FastEthernet1/0/14
 spanning-tree portfast
!
interface FastEthernet1/0/15
 spanning-tree portfast
!
interface FastEthernet1/0/16
 spanning-tree portfast
!
interface FastEthernet1/0/17
 spanning-tree portfast
!
interface FastEthernet1/0/18
 spanning-tree portfast
!
interface FastEthernet1/0/19
 spanning-tree portfast
!
interface FastEthernet1/0/20
 spanning-tree portfast
!
interface FastEthernet1/0/21
 spanning-tree portfast
!
interface FastEthernet1/0/22
 spanning-tree portfast
!
interface FastEthernet1/0/23
 spanning-tree portfast
!
interface FastEthernet1/0/24
 spanning-tree portfast
!
interface GigabitEthernet1/0/1
!
interface GigabitEthernet1/0/2
!
interface Vlan1
 no ip address
 shutdown
!
ip classless
ip http server
!
!
!
control-plane
!
!
line con 0
line vty 0 4
 no login
line vty 5 15
 no login
!
end


Teaming設定

Server是使用Broadcom的網卡,並且使用broadcom Advanced Control Suite來做Teaming

1.選擇建立小組



2.選擇專家模式




3.選擇設定值後,點選建立


4.直接選擇套用/結束



5.選擇"是"


6.Teaming完成




7.網路連線的設定頁面中,會看到新增一張Teaming的網卡




Cisco Router 2811查看HSRP的狀況

R2811#show standby
FastEthernet0/1 - Group 1
  State is Active
    2 state changes, last state change 00:03:02
  Virtual IP address is 192.168.10.254
  Active virtual MAC address is 0000.0c07.ac01
    Local virtual MAC address is 0000.0c07.ac01 (v1 default)
  Hello time 3 sec, hold time 10 sec
    Next hello sent in 2.176 secs
  Preemption disabled
  Active router is local
  Standby router is 192.168.10.119, priority 100 (expires in 9.600 sec)
  Priority 100 (default 100)
  Group name is "hsrp-Fa0/1-1" (default)




Cisco Router 2821查看HSRP的狀況

R2821#show standby
GigabitEthernet0/1 - Group 1
  State is Standby
    4 state changes, last state change 00:02:41
  Virtual IP address is 192.168.10.254
  Active virtual MAC address is 0000.0c07.ac01
    Local virtual MAC address is 0000.0c07.ac01 (v1 default)
  Hello time 3 sec, hold time 10 sec
    Next hello sent in 1.744 secs
  Preemption enabled
  Active router is 192.168.10.120, priority 100 (expires in 10.032 sec)
  Standby router is local
  Priority 100 (default 100)
  Group name is "hsrp-Gi0/1-1" (default)

可以看到雖然2台的Priority都是100,不過比較IP後由2811當Active


Cisco 2811 Fa 0/1斷線 (沒有設定Preemption)

如果2811發生斷線的情況,2821會馬上接手,但因為2811沒有設定Preemption,所以就算2811恢復連線,2821還是Active,如下面的情況:
*Mar 18 09:59:14.603: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/1, changed state to down
*Mar 18 09:59:14.603: %HSRP-5-STATECHANGE: FastEthernet0/1 Grp 1 state Active -> Init
*Mar 18 10:00:36.415: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/1, changed state to up
R2811#show standby
FastEthernet0/1 - Group 1
  State is Speak
    3 state changes, last state change 00:01:43
  Virtual IP address is 192.168.10.254
  Active virtual MAC address is 0000.0c07.ac01
    Local virtual MAC address is 0000.0c07.ac01 (v1 default)
  Hello time 3 sec, hold time 10 sec
    Next hello sent in 1.376 secs
  Preemption disabled
  Active router is 192.168.10.119, priority 100 (expires in 10.304 sec)
  Standby router is unknown
  Priority 100 (default 100)
  Group name is "hsrp-Fa0/1-1" (default)
R2811#
*Mar 18 10:00:58.811: %HSRP-5-STATECHANGE: FastEthernet0/1 Grp 1 state Speak -> Standby
R2811#show standby
FastEthernet0/1 - Group 1
  State is Standby
    4 state changes, last state change 00:00:13
  Virtual IP address is 192.168.10.254
  Active virtual MAC address is 0000.0c07.ac01
    Local virtual MAC address is 0000.0c07.ac01 (v1 default)
  Hello time 3 sec, hold time 10 sec
    Next hello sent in 0.480 secs
  Preemption disabled
  Active router is 192.168.10.119, priority 100 (expires in 7.872 sec)
  Standby router is local
  Priority 100 (default 100)
  Group name is "hsrp-Fa0/1-1" (default)


Cisco 2811 Fa 0/1斷線 (有設定Preemption)

R2811(config-if)#standby 1 preempt
*剛設定完2811還是Standby,若Fa0/1又斷線,2811仍然是Standby
*若2821斷線,2811則為Active,若2821恢後,2811仍然是Active
因為Priority都是相同,若要某一台斷線後恢復要變為Active,只要將Priority調的比另一台高即可

R2811(config-if)#standby 1 preempt
R2811(config-if)#do show standby
FastEthernet0/1 - Group 1
  State is Standby     (剛設完Preempt仍然是Standby)
    12 state changes, last state change 00:00:25
  Virtual IP address is 192.168.10.254
  Active virtual MAC address is 0000.0c07.ac01
    Local virtual MAC address is 0000.0c07.ac01 (v1 default)
  Hello time 3 sec, hold time 10 sec
    Next hello sent in 1.664 secs
  Preemption enabled
  Active router is 192.168.10.119, priority 100 (expires in 10.912 sec)
  Standby router is local
  Priority 100 (default 100)
  Group name is "hsrp-Fa0/1-1" (default)
R2811(config-if)#
*Mar 18 10:19:26.203: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/1, changed state to down
*Mar 18 10:19:26.203: %HSRP-5-STATECHANGE: FastEthernet0/1 Grp 1 state Standby -> Init
*Mar 18 10:19:29.731: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/1, changed state to up
*Mar 18 10:19:53.599: %SYS-5-CONFIG_I: Configured from console by console
*Mar 18 10:19:53.635: %HSRP-5-STATECHANGE: FastEthernet0/1 Grp 1 state Speak -> Standby
 (網路線拔掉再插回去仍然是Standby)

R2811(config-if)#standby 1 priority 150
*Mar 18 10:20:52.875: %HSRP-5-STATECHANGE: FastEthernet0/1 Grp 1 state Standby -> Active
  (改完Priority則立馬變為Active)

R2811#show standby brief
                     P indicates configured to preempt.
                     |
Interface   Grp  Pri P State   Active          Standby         Virtual IP
Fa0/1       1    150 P Active  local           192.168.10.119  192.168.10.254


Interface Tracking

設定介面的狀態,此例是追蹤FA 0/0的狀態,若是斷線則將Priority減掉60,也就是原本的150-60後等於90,故另外台2821會變成Active
R2811(config-if)#standby 1 track fastEthernet 0/0 60

*Mar 18 16:13:58.019: %TRACKING-5-STATE: 1 interface Fa0/0 line-protocol Up->Down
*Mar 18 16:13:58.175: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/0, changed state to down
*Mar 18 16:14:00.203: %HSRP-5-STATECHANGE: FastEthernet0/1 Grp 1 state Active -> Speak
*Mar 18 16:14:11.467: %HSRP-5-STATECHANGE: FastEthernet0/1 Grp 1 state Speak -> Standby
R2811(config-if)#do show standby
FastEthernet0/1 - Group 1
  State is Standby
    4 state changes, last state change 00:00:01
  Virtual IP address is 192.168.10.254
  Active virtual MAC address is 0000.0c07.ac01
    Local virtual MAC address is 0000.0c07.ac01 (v1 default)
  Hello time 3 sec, hold time 10 sec
    Next hello sent in 0.624 secs
  Preemption enabled
  Active router is 192.168.10.119, priority 100 (expires in 11.616 sec)
  Standby router is local
  Priority 90 (configured 150)
    Track interface FastEthernet0/0 state Down decrement 60
  Group name is "hsrp-Fa0/1-1" (default)

線路一旦恢復後,又馬上變回Active
*Mar 18 16:17:38.051: %TRACKING-5-STATE: 1 interface Fa0/0 line-protocol Down->Up
*Mar 18 16:17:38.107: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/0, changed state to up
*Mar 18 16:17:38.447: %HSRP-5-STATECHANGE: FastEthernet0/1 Grp 1 state Standby -> Active

Track還有其他的用途!!


HSRP改為VRRP

需要先把有問HSRP的設定NO掉,這裡就不實作

R2811(config-if)#vrrp 2 ip 192.168.10.254
*Mar 18 17:58:14.178: %VRRP-6-STATECHANGE: Fa0/1 Grp 2 state Init -> Backup
*Mar 18 17:58:14.182: %VRRP-6-STATECHANGE: Fa0/1 Grp 2 state Init -> Backup
*Mar 18 17:58:17.794: %VRRP-6-STATECHANGE: Fa0/1 Grp 2 state Backup -> Master
R2811(config-if)#vrrp 2 preempt
R2811(config-if)#vrrp 2 priority 120


2811設定

R2811#show vrrp
FastEthernet0/1 - Group 2
  State is Master
  Virtual IP address is 192.168.10.254
  Virtual MAC address is 0000.5e00.0102
  Advertisement interval is 1.000 sec
  Preemption enabled
  Priority is 120
  Master Router is 192.168.10.120 (local), priority is 120
  Master Advertisement interval is 1.000 sec
  Master Down interval is 3.531 sec


R2821(config-if)#vrrp 2 ip 192.168.10.254
*Mar 18 14:23:04.374: %VRRP-6-STATECHANGE: Gi0/1 Grp 2 state Init -> Backup
R2821(config-if)#vrrp 2 preempt
R2821(config-if)#vrrp 2 priority 120

2821設定

R2821#show vrrp
GigabitEthernet0/1 - Group 2
  State is Backup
  Virtual IP address is 192.168.10.254
  Virtual MAC address is 0000.5e00.0102
  Advertisement interval is 1.000 sec
  Preemption enabled
  Priority is 120
  Master Router is 192.168.10.120, priority is 120
  Master Advertisement interval is 1.000 sec
  Master Down interval is 3.531 sec (expires in 3.379 sec)


R2821#show vrrp brief
Interface          Grp Pri Time  Own Pre State   Master addr     Group addr
Gi0/1              2   120 3531       Y  Backup  192.168.10.120  192.168.10.254

標籤:

留言

張貼留言

這個網誌中的熱門文章

使用Cisco L3 Switch做VLAN的Routing

目標: 讓VLAN100與VLAN200的電腦透過L3 Swtich做VLAN的Routing,並且可以互相存取資源與上網,另外再使用Windows Server 2012配發VLAN100,VLAN200的IP Firewall: 使用ASUS AP當Firewall,並設兩條Static Route Switch: Core Switch為Cisco 3750切VLAN 10,VLAN100,VLAN200,VLAN10為預設的VLAN,VLAN100為Sales,VLAN200為RD Edge Switch為Cisco 3750與2950,其中2950為VLAN100,3750為VLAN200,如果要By Port切VLAN也可以,這裡只是為了方便說明,所以Edge Switch都直接設為單一VLAN Core Switch的設定 原本我只想Show Running-config其中比較重要的設定,後來想想還是全部列出,用紅色標記重要的設定 Gi 1/0/1接2950 Gi 1/0/2接3750 Gi 1/0/24接Router Core-3750#show running-config Building configuration... Current configuration : 2436 bytes ! version 12.2 no service pad service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname Core-3750 ! boot-start-marker boot-end-marker ! ! ! ! no aaa new-model switch 1 provision ws-c3750g-24t system mtu routing 1546 ip routing no ip domain-lookup ! ! ! ! ! ! ! ! spanning-tree mode pvst spanning-tree portfas
張貼留言
閱讀完整內容

HP A5120 Switch 基本設定

沒用過HP的Switch,指令跟Cisco完全不同,花了一些時間熟悉~ 1.啟動Spanning-Tree,預設沒有開啟 (黑色粗體是我敲的指令) <HP> system-view System View: return to User View with Ctrl+Z. [HP] stp enable [HP] %Apr 26 12:03:59:826 2000 HP MSTP/6/MSTP_ENABLE: STP is now enabled on the device. %Apr 26 12:03:59:918 2000 HP MSTP/6/MSTP_FORWARDING: Instance 0's GigabitEthernet1/0/17 has been set to forwarding state. %Apr 26 12:04:00:068 2000 HP MSTP/6/MSTP_DETECTED_TC: Instance 0's GigabitEthernet1/0/17 detected a topology change. #Apr 26 12:04:00:208 2000 HP MSTP/1/PFWD: hwPortMstiStateForwarding: Instance 0's Port 0.9437200 has been set to forwarding state! 2.DHCP Snooping   (黑色粗體是我敲的指令) 假設我的DHCP Server接在24 Port,其他Port不允許有DHCP Server <HP> system-view System View: return to User View with Ctrl+Z. [HP] dhcp-snooping  DHCP Snooping is enabled. [HP] interface GigabitEthernet 1/0/24 [HP-GigabitEthernet1/0/24 ]dhcp-snooping trust 若是沒有Port 設成dhcp-snooping trust,那麼這台Switch就沒有Client可以從DHCP Serv
張貼留言
閱讀完整內容

Cisco Switch 發生Loopback

User告知網路無法使用,看了Switch的狀況後,發現那個Port的狀態是Error Disable,接著又看了Switch的log Feb  8 12:14:14 TW: %DHCP_SNOOPING-5-DHCP_SNOOPING_UNTRUSTED_PORT: DHCP_SNOOPING drop message on untrusted port, message type: DHCPNAK, MAC sa: 2c56.dc86.xxxx Feb  8 12:15:49 TW: %DHCP_SNOOPING-5-DHCP_SNOOPING_UNTRUSTED_PORT: DHCP_SNOOPING drop message on untrusted port, message type: DHCPNAK, MAC sa: 2c56.dc86.xxxx Feb  8 12:18:00 TW: %ETHCNTR-3-LOOP_BACK_DETECTED: Keepalive packet loop-back detected on FastEthernet0/10. Feb  8 12:18:00 TW: %PM-4-ERR_DISABLE: loopback error detected on Fa0/10, putting Fa0/10 in err-disable state Feb  8 12:18:01 TW: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/10, changed state to down Feb  8 12:18:02 TW: %LINK-3-UPDOWN: Interface FastEthernet0/10, changed state to down 應該是User私接設備,除了造成Loopback之外,又在隨便發放IP....... 不過因為那個User比較特殊,先教育了一下之後,再把那個Port shutdown , no shutdown,接著把Recovery設了上去,下次如果再遇到相同狀況,10分鐘後會自動恢復 xxxxx# show errdisable detect
張貼留言
閱讀完整內容