【华为】VRRP的实验配置
实验需求
① 该公司有市场部和技术部,分别划在VLAN 10 和 VLAN 20里面
② 此时为了网络的稳定性,需要在三层交换机上面做网关冗余技术(VRRP),要求LSW1作为PC1的主网关,PC2的备网关,LSW2作为PC2的主网关,PC1的备网关
③ 该公司的因特网出口 AR1 与两个汇聚交换机之间,采用三层方式互联,就是可以进行通信。
(这边可以注意一下:交换机要与路由器相连,让两边端口都能通信,有两种办法
- 进入交换机的接口,配置模式下undo switchport(模拟器一般不支持,真机支持)
- 用SVI接口,将交换机与路由器相连的端口设置为access端口,就OK了)
④ 然后在路由器AR1和两个汇聚交换机之间运行 OSPF,实现全互联
最终目的:
让PC1和PC2上网
拓扑
LSW 3
接入层的配置,只需要将端口划分一下
sql
<Huawei>system-view
[Huawei]sysname LSW3
[LSW3]undo info-center enable
Info: Information center is disabled.
[LSW3]vlan batch 10 20 ## 批量创建vlan 10 20
Info: This operation may take a few seconds. Please wait for a moment...done.
[LSW3]int e0/0/3
[LSW3-Ethernet0/0/3]port link-type access ## 端口角色为access
[LSW3-Ethernet0/0/3]port default vlan 10 ## 将VLAN10 绑定在e0/0/3
[LSW3-Ethernet0/0/3]quit
[LSW3]int e0/0/4
[LSW3-Ethernet0/0/4]port link-type access
[LSW3-Ethernet0/0/4]port default vlan 20
[LSW3-Ethernet0/0/4]quit
[LSW3]int e0/0/1
[LSW3-Ethernet0/0/1]port link-type trunk ## 端口角色为trunk
[LSW3-Ethernet0/0/1]port trunk allow-pass vlan all ## trunk放行所有vlan
[LSW3-Ethernet0/0/1]quit
[LSW3]int e0/0/2
[LSW3-Ethernet0/0/2]port link-type trunk
[LSW3-Ethernet0/0/2]port trunk allow-pass vlan all
[LSW3-Ethernet0/0/2]quitLSW 1
基础配置
sql
<Huawei>system-view ## 进入配置视图
Enter system view, return user view with Ctrl+Z. ## Ctrl+z可以回退到用户视图
[Huawei]undo info-center enable ##关闭系统自动弹出消息
Info: Information center is disabled. ## 关闭成功
[Huawei]sysname LSW1 ## 设备命名为LSW1
[LSW1]vlan batch 10 20 100 ## 批量创建VLAN 10 20 100
Info: This operation may take a few seconds. Please wait for a moment...done.
## 划分端口角色
[LSW1]int g0/0/3
[LSW1-GigabitEthernet0/0/3]port link-type trunk
[LSW1-GigabitEthernet0/0/3]port trunk allow-pass vlan all
[LSW1-GigabitEthernet0/0/3]quit
[LSW1]int g0/0/2
[LSW1-GigabitEthernet0/0/2] port link-type trunk
[LSW1-GigabitEthernet0/0/2] port trunk allow-pass vlan all
[LSW1-GigabitEthernet0/0/2]quit
## 这个时候交换机与路由器互联的接口就用SVI接口来配置
[LSW1]int g0/0/1
[LSW1-GigabitEthernet0/0/1]port link-type access ## 将端口划分为access模式
[LSW1-GigabitEthernet0/0/1]port default vlan 100 ## 与VLAN 100 进行绑定
[LSW1-GigabitEthernet0/0/1]quit
## SVI接口
[LSW1]int vlan 100
[LSW1-Vlanif100]ip address 192.168.1.2 24
[LSW1-Vlanif100]quitVRRP
sql
[LSW1]interface Vlan10 ##进入SVI10接口
[LSW1-Vlanif10] ip address 192.168.10.251 255.255.255.0 ## 配置IP地址
## 创建vrrp组10,虚拟ip为192.168.10.254
[LSW1-Vlanif10] vrrp vrid 10 virtual-ip 192.168.10.254
## 修改优先级为120,作为VLAN 10的主网关,默认优先级是100
[LSW1-Vlanif10] vrrp vrid 10 priority 120
## 抢占延时为10秒,比如说我master坏了,我的backup变为master
## 那等我master修复好了,需要再等10s才能变为master
[LSW1-Vlanif10] vrrp vrid 10 preempt-mode timer delay 10
## 配置VRRP备份组监视接口,如果我g0/0/1的接口down了,优先级就会减30
## 这个时候就会走backup那边
[LSW1-Vlanif10]vrrp vrid 10 track interface g0/0/1 reduced 30
[LSW1-Vlanif10]quit
[LSW1]interface Vlan20
[LSW1-Vlanif20] ip address 192.168.20.251 255.255.255.0
[LSW1-Vlanif20] vrrp vrid 20 virtual-ip 192.168.20.254
[LSW1-Vlanif20] vrrp vrid 20 preempt-mode timer delay 10
[LSW1-Vlanif20] vrrp vrid 20 track interface g0/0/1 reduced 30
[LSW1-Vlanif20]quit DHCP
全局下的DHCP,才能去指定我的默认网关是192.168.10.254
如果是接口下的DHCP,它的默认网关是该接口,比如说VLAN10的网关就变成了192.168.10.252了,那就与我们的VRRP的冲突了,所以我们选择是全局下的DHCP
sql
[LSW1]dhcp enable ## 开启DHCP功能
Info: The operation may take a few seconds. Please wait for a moment.done.
## 创建地址池vlan10 和 vlan20
[LSW1]ip pool vlan10
Info:It''s successful to create an IP address pool. ## 创建成功
[LSW1-ip-pool-vlan10]network 192.168.10.0 mask 255.255.255.0 ## 下发的范围和掩码
[LSW1-ip-pool-vlan10]dns-list 8.8.8.8 ## dns
[LSW1-ip-pool-vlan10]gateway-list 192.168.10.254 ## 默认网关
[LSW1-ip-pool-vlan10]excluded-ip-address 192.168.10.101 192.168.10.250 ## 保留地址
[LSW1-ip-pool-vlan10]lease 7 ## 租期为7天
[LSW1-ip-pool-vlan10]quit
[LSW1] ip pool vlan20
Info:It's successful to create an IP address pool.
[LSW1-ip-pool-vlan20] gateway-list 192.168.20.254
[LSW1-ip-pool-vlan20] network 192.168.20.0 mask 255.255.255.0
[LSW1-ip-pool-vlan20] excluded-ip-address 192.168.20.101 192.168.20.250
[LSW1-ip-pool-vlan20] lease 7
[LSW1-ip-pool-vlan20] dns-list 8.8.8.8
[LSW1-ip-pool-vlan20]quit
## 进入SVI接口中全局调用DHCP
[LSW1]int vlan 10
[LSW1-Vlanif10]dhcp select global
[LSW1-Vlanif10]quit
[LSW1]int vlan 20
[LSW1-Vlanif20]dhcp select global
[LSW1-Vlanif20]quit OSPF
sql
## 进入OSPF进程110,RID手动改为2.2.2.2
[LSW1]ospf 110 router-id 2.2.2.2
[LSW1-ospf-110]area 0 ## 进入骨干区域
[LSW1-ospf-110-area-0.0.0.0]network 192.168.1.0 0.0.0.255 ## 宣告路由信息
[LSW1-ospf-110-area-0.0.0.0]network 192.168.10.0 0.0.0.255
[LSW1-ospf-110-area-0.0.0.0]network 192.168.20.0 0.0.0.255
[LSW1-ospf-110-area-0.0.0.0]quit
[LSW1-ospf-110]qu默认路由
这个一定要写的,因为PC要上网
把流量发到网关的时候,它找不到相对应的路由条目,就会导致通信失败
这个时候就需要再写一条默认路由,来指向全部IP地址,把流量丢给出口路由器AR1
sql
[LSW1]ip route-static 0.0.0.0 0 192.168.1.1LSW 2
基本配置
sql
<Huawei>system-view
Enter system view, return user view with Ctrl+Z.
[Huawei]sysname LSW2
[LSW2]undo info-center enable
Info: Information center is disabled.
[LSW2]vlan batch 10 20 200 300
Info: This operation may take a few seconds. Please wait for a moment...done.
[LSW2]int g0/0/3
[LSW2-GigabitEthernet0/0/3]port link-type trunk
[LSW2-GigabitEthernet0/0/3]port trunk allow-pass vlan all
[LSW2-GigabitEthernet0/0/3]quit
[LSW2]int g0/0/2 ## 作为心跳口,传输双方VLAN流量
[LSW2-GigabitEthernet0/0/2]port link-type trunk
[LSW2-GigabitEthernet0/0/2]port trunk allow-pass vlan all
[LSW2-GigabitEthernet0/0/2]quit
[LSW2]int g0/0/1
[LSW2-GigabitEthernet0/0/1]port link-type access
[LSW2-GigabitEthernet0/0/1]port default vlan 200
[LSW2-GigabitEthernet0/0/1]quit
[LSW2]int vlan 200
[LSW2-Vlanif200]ip address 192.168.2.3 24
[LSW2-Vlanif200]quitVRRP
sql
[LSW2]interface Vlan10
[LSW2-Vlanif10] ip address 192.168.10.252 255.255.255.0
[LSW2-Vlanif10] vrrp vrid 10 virtual-ip 192.168.10.254
[LSW2-Vlanif10] vrrp vrid 10 preempt-mode timer delay 10
[LSW2-Vlanif10] vrrp vrid 10 track interface g0/0/1 reduced 30
[LSW2-Vlanif10]quit
[LSW2] interface Vlanif20
[LSW2-Vlanif20] ip address 192.168.20.252 255.255.255.0
[LSW2-Vlanif20] vrrp vrid 20 virtual-ip 192.168.20.254
[LSW2-Vlanif20] vrrp vrid 20 priority 120
[LSW2-Vlanif20] vrrp vrid 20 preempt-mode timer delay 10
[LSW2-Vlanif20]vrrp vrid 20 track interface g0/0/1 reduced 30
[LSW2-Vlanif20]quitDHCP
sql
[LSW2]dhcp enable
Info: The operation may take a few seconds. Please wait for a moment.done.
## 全局下的DHCP,才能去指定我的默认网关是192.168.10.254
[LSW2]ip pool vlan10
Info:It''s successful to create an IP address pool.
[LSW2-ip-pool-vlan10]network 192.168.10.0 mask 255.255.255.0
[LSW2-ip-pool-vlan10]dns-list 8.8.8.8
[LSW2-ip-pool-vlan10]gateway-list 192.168.10.254
[LSW2-ip-pool-vlan10]excluded-ip-address 192.168.10.101 192.168.10.250
[LSW2-ip-pool-vlan10]lease 7
[LSW2-ip-pool-vlan10]quit
[LSW2] ip pool vlan20
Info:It's successful to create an IP address pool.
[LSW2-ip-pool-vlan20] gateway-list 192.168.20.254
[LSW2-ip-pool-vlan20] network 192.168.20.0 mask 255.255.255.0
[LSW2-ip-pool-vlan20] excluded-ip-address 192.168.20.101 192.168.20.250
[LSW2-ip-pool-vlan20] lease 7
[LSW2-ip-pool-vlan20] dns-list 8.8.8.8
[LSW2-ip-pool-vlan20]quit
[LSW2]int vlan 10
[LSW2-Vlanif10]dhcp select global
[LSW2-Vlanif10]quit
[LSW2]int vlan 20
[LSW2-Vlanif20]dhcp select global
[LSW2-Vlanif20]quit OSPF
sql
[LSW2]ospf 110
[LSW2-ospf-110]area 0
[LSW2-ospf-110-area-0.0.0.0]network 192.168.2.0 0.0.0.255
[LSW2-ospf-110-area-0.0.0.0]network 192.168.20.0 0.0.0.255
[LSW2-ospf-110-area-0.0.0.0]network 192.168.10.0 0.0.0.255
[LSW2-ospf-110-area-0.0.0.0]quit
[LSW2-ospf-110]quit 默认路由
sql
[LSW2]ip route-static 0.0.0.0 0 192.168.2.1R1
sql
<Huawei>system-view
Enter system view, return user view with Ctrl+Z.
[Huawei]undo info-center enable
Info: Information center is disabled.
[Huawei]sysname AR1
[AR1]int g0/0/1
[AR1-GigabitEthernet0/0/1]ip address 192.168.1.1 24
[AR1-GigabitEthernet0/0/1]quit
[AR1]int g0/0/2
[AR1-GigabitEthernet0/0/2]ip address 192.168.2.1 24
[AR1-GigabitEthernet0/0/2]qu
## OSPF
[AR1]ospf 110
[AR1-ospf-110]area 0
[AR1-ospf-110-area-0.0.0.0]network 192.168.1.0 0.0.0.255
[AR1-ospf-110-area-0.0.0.0]network 192.168.2.0 0.0.0.255
[AR1-ospf-110-area-0.0.0.0]quit
[AR1-ospf-110]quit
## NAT(Easy IP)
[AR1]acl 2000
[AR1-acl-basic-2000]rule permit source 192.168.10.0 0.0.0.255
[AR1-acl-basic-2000]rule permit source 192.168.20.0 0.0.0.255
[AR1-acl-basic-2000]quit
[AR1]int g0/0/0
[AR1-GigabitEthernet0/0/0]nat outbound 2000
[AR1-GigabitEthernet0/0/0]quitISP
sql
<Huawei>system-view
Enter system view, return user view with Ctrl+Z.
[Huawei]sysname ISP
[ISP]undo info-center enable
Info: Information center is disabled.
[ISP]int g0/0/0
[ISP-GigabitEthernet0/0/0]ip address 202.101.1.1 24
[ISP-GigabitEthernet0/0/0]quit PC1
查看是否获取到地址 PC>ipconfig
PC2
测试
上网
PC1
PC2 
VRRP
实验需求
此时为了网络的稳定性,需要在三层交换机上面做网关冗余技术(VRRP),要求LSW1作为PC1的主网关,PC2的备网关,LSW2作为PC2的主网关,PC1的备网关
监视端口
当LSW1的G0/0/1接口down了,这个时候VLAN10的主网关就要变成了LSW2身上了
[LSW1]int g0/0/1
[LSW1-GigabitEthernet0/0/1]shutdown
LSW1身上查看,都变成了backup
LSW2身上查看,都变成了master,说明监视端口完全没问题的
配置文档
LSW1
sql
#
sysname LSW1
#
undo info-center enable
#
vlan batch 10 20 100
#
dhcp enable
#
ip pool vlan10
gateway-list 192.168.10.254
network 192.168.10.0 mask 255.255.255.0
excluded-ip-address 192.168.10.101 192.168.10.250
lease day 7 hour 0 minute 0
dns-list 8.8.8.8
#
ip pool vlan20
gateway-list 192.168.20.254
network 192.168.20.0 mask 255.255.255.0
excluded-ip-address 192.168.20.101 192.168.20.250
lease day 7 hour 0 minute 0
dns-list 8.8.8.8
#
interface Vlanif10
ip address 192.168.10.251 255.255.255.0
vrrp vrid 10 virtual-ip 192.168.10.254
vrrp vrid 10 priority 120
vrrp vrid 10 preempt-mode timer delay 10
vrrp vrid 10 track interface GigabitEthernet0/0/1 reduced 30
dhcp select global
#
interface Vlanif20
ip address 192.168.20.251 255.255.255.0
vrrp vrid 20 virtual-ip 192.168.20.254
vrrp vrid 20 preempt-mode timer delay 10
vrrp vrid 20 track interface GigabitEthernet0/0/1
dhcp select global
#
interface Vlanif100
ip address 192.168.1.2 255.255.255.0
#
interface GigabitEthernet0/0/1
port link-type access
port default vlan 100
#
interface GigabitEthernet0/0/2
port link-type trunk
port trunk allow-pass vlan all
#
interface GigabitEthernet0/0/3
port link-type trunk
port trunk allow-pass vlan all
#
ospf 110 router-id 2.2.2.2
area 0.0.0.0
network 192.168.1.0 0.0.0.255
network 192.168.10.0 0.0.0.255
network 192.168.20.0 0.0.0.255
#
ip route-static 0.0.0.0 0.0.0.0 192.168.1.1LSW2
sql
#
sysname LSW2
#
undo info-center enable
#
vlan batch 10 20 200
#
dhcp enable
#
ip pool vlan10
gateway-list 192.168.10.254
network 192.168.10.0 mask 255.255.255.0
excluded-ip-address 192.168.10.101 192.168.10.250
lease day 7 hour 0 minute 0
dns-list 8.8.8.8
#
ip pool vlan20
gateway-list 192.168.20.254
network 192.168.20.0 mask 255.255.255.0
excluded-ip-address 192.168.20.101 192.168.20.250
lease day 7 hour 0 minute 0
dns-list 8.8.8.8
#
interface Vlanif10
ip address 192.168.10.252 255.255.255.0
vrrp vrid 10 virtual-ip 192.168.10.254
vrrp vrid 10 preempt-mode timer delay 10
vrrp vrid 10 track interface GigabitEthernet0/0/1
dhcp select global
#
interface Vlanif20
ip address 192.168.20.252 255.255.255.0
vrrp vrid 20 virtual-ip 192.168.20.254
vrrp vrid 20 priority 120
vrrp vrid 20 preempt-mode timer delay 10
vrrp vrid 20 track interface GigabitEthernet0/0/1 reduced 30
dhcp select global
#
interface Vlanif200
ip address 192.168.2.3 255.255.255.0
#
interface GigabitEthernet0/0/1
port link-type access
port default vlan 200
#
interface GigabitEthernet0/0/2
port link-type trunk
port trunk allow-pass vlan all
#
interface GigabitEthernet0/0/3
port link-type trunk
port trunk allow-pass vlan all
#
ospf 110
area 0.0.0.0
network 192.168.2.0 0.0.0.255
network 192.168.20.0 0.0.0.255
network 192.168.10.0 0.0.0.255
#
ip route-static 0.0.0.0 0.0.0.0 192.168.2.1