hsrp & vrrp
HSRP 설정
HSRP1(config)#int g0/0
HSRP1(config-if)#standby 1 ip 192.168.1.254
HSRP1(config-if)#standby 1 priority 120
HSRP1(config-if)#standby 1 preempt
------------------------------------
HSRP2(config-if)#int g0/0
HSRP2(config-if)#standby 1 ip 192.168.1.254
HSRP2(config-if)#standby 1 preempt
HSRP2(config-if)#
%HSRP-6-STATECHANGE: GigabitEthernet0/1 Grp 1 state Speak -> Standby
-------------------------------------------------------
hsrp 상태정보
HSRP1#show standby brief
P indicates configured to preempt.
|
Interface Grp Pri P State Active Standby Virtual IP
Gig0/0 1 120 P Active local 192.168.1.2 192.168.1.254
HSRP2#show standby brief
P indicates configured to preempt.
|
Interface Grp Pri P State Active Standby Virtual IP
Gig0/0 1 100 P Standby 192.168.1.1 local 192.168.1.254
---------------------------------------------------------
tracert 1.1.1.3(
PC>tracert 1.1.1.3
Tracing route to 1.1.1.3 over a maximum of 30 hops:
1 1 ms 0 ms 0 ms 192.168.1.1
2 * * 1 ms 1.1.1.3
-> 평상시에는 192.168.1.1 주소로 active되어있어서 1.1로 간다.
HSRP1(config)#int g0/0
HSRP1(config-if)#shut
HSRP1(config-if)#shutdown
HSRP1(config-if)#
%HSRP-6-STATECHANGE: GigabitEthernet0/0 Grp 1 state Active -> Init
%LINK-5-CHANGED: Interface GigabitEthernet0/0, changed state to administratively down
%LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/0, changed state to down
shutdown시키면
HSRP2#show standby brief
P indicates configured to preempt.
|
Interface Grp Pri P State Active Standby Virtual IP
Gig0/0 1 100 P Active local unknown 192.168.1.254
HSRP2#
%HSRP-6-STATECHANGE: GigabitEthernet0/0 Grp 1 state Standby -> Active
PC>tracert 1.1.1.3
Tracing route to 1.1.1.3 over a maximum of 30 hops:
1 0 ms 0 ms 0 ms 192.168.1.2
2 0 ms 10 ms 0 ms 1.1.1.3
192.168.1.2로 이동됨을 알 수 있다.
-----------------------------------------------
HSRP1(config)#int g0/0
HSRP1(config-if)#shut
HSRP1(config-if)#shutdown
%HSRP-6-STATECHANGE: GigabitEthernet0/0 Grp 1 state Speak -> Standby
%HSRP-6-STATECHANGE: GigabitEthernet0/0 Grp 1 state Standby -> Active
!
PC>tracert 1.1.1.3
Tracing route to 1.1.1.3 over a maximum of 30 hops:
1 0 ms 0 ms 0 ms 192.168.1.2
2 0 ms 10 ms 0 ms 1.1.1.3
다음과 같이
HSRP1#show standby
GigabitEthernet0/1 - Group 1 (version 2)
State is Active
5 state changes, last state change 00:11:46
Virtual IP address is 192.168.1.254
Active virtual MAC address is 0000.0C9F.F001
Local virtual MAC address is 0000.0C9F.F001 (v2 default)
Hello time 3 sec, hold time 10 sec
Next hello sent in 0.698 secs
Preemption enabled
Active router is local
Standby router is 1.1.1.2
Priority 120 (configured 120)
Group name is hsrp-Gig0/1-1 (default)
HSRP2#show standby
GigabitEthernet0/1 - Group 1 (version 2)
State is Standby
3 state changes, last state change 01:31:37
Virtual IP address is 192.168.1.254
Active virtual MAC address is 0000.0C9F.F001
Local virtual MAC address is 0000.0C9F.F001 (v2 default)
Hello time 3 sec, hold time 10 sec
Next hello sent in 1.672 secs
Preemption enabled
Active router is 1.1.1.1
Standby router is local
Priority 100 (default 100)
Group name is hsrp-Gig0/1-1 (default)
--------------------------------------------------------------
---------------------------------------------------------------
만약, Active 라우터인 HSRP 1 g0/1 인터페이스 구간에 장애가 발생하면, HSRP가 설정된 g0/0 인터페이스는 S1/0
장애와 상관없이 HSRP가 동작하므로 Active 상태가 유지된다.
위 ‘120’에서 특정 값을 차감하여, R3가 Active 라우터로 전환되어 버추얼 라우터를 인계할 수 있게 된다.
HSRP Interface Tracking 설정은 다음과 같다.
HSRP Interface Tracking 설정
R1(config)#int fa0/1
R1(config-if)#standby 1 track g0/1 30
패킷트레이서에서는 지원안됨으로 생략
--------------------------------------------------------------
vrrp
패킷트레이서에서는 할 수 없지만
장비에서 tracking까지 설정한다면
HSRP1(config)#track 1 interface g0/1 line-protocol
HSRP1(config-track)#exit
HSRP1(config)#int g0/1
HSRP1(config-if)#vrrp 1 ip 192.168.1.254
HSRP1(config-if)#vrrp 1 priority 120
HSRP1(config-if)#vrrp 1 preempt
-----------------------------------------------------------
HSRP2(config-if)#vrrp 1 track 1 decrement 30
HSRP2(config)#int g0/1
HSRP2(config-if)#vrrp 1 ip 192.168.1.254
HSRP2(config-if)#vrrp 1 preempt
vlan&stp로드분산 실습
DSW1(config)#int fa0/10
DSW1(config-if)#spanning-tree portfast trunk
DSW1(config)#int range fa0/10, fa0/1
DSW1(config)#switchport trunk encapsulation dot1q
DSW1(config)#spanning-tree mode rapid-fast
DSW1(config)#vlan 501
DSW1(config)#vlan 502
DSW1(config)#spanning-tree vlan 501 priority 16384
DSW1(config)#spanning-tree vlan 502 priority 4096
DSW2(config)#int fa0/10
DSW2(config-if)#spanning-tree portfast trunk
%Warning: portfast should only be enabled on ports connected to a single
host. Connecting hubs, concentrators, switches, bridges, etc... to this
interface when portfast is enabled, can cause temporary bridging loops.
Use with CAUTION
DSW2(config)#int fa0/10
DSW2(config-if)#spanning-tree portfast trunk
DSW2(config)#int range fa0/20, fa0/1
DSW2(config)#switchport trunk encapsulation dot1q
DSW2(config)#spanning-tree mode rapid-fast
DSW2(config)#vlan 501
DSW2(config)#vlan 502
DSW2(config)#spanning-tree vlan 501 priority 4096
DSW2(config)#spanning-tree vlan 502 priority 16384
Router#conf t
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#!
Router(config)#no ip domain-lookup
Router(config)#!
Router(config)#hostname R2
R1(config)#!
R1(config)#line con 0
R1(config-line)# logging syn
R1(config-line)# exec-timeout 0 0
R1(config-line)#!
R1(config-line)#line vty 0 4
R1(config-line)# priviledge level 15
R1(config-line)# no login
R1#conf t
R1(config-subif)#int f0/0
R1(config-subif)#no shut
R1(config-subif)#int f0/0.501
R1(config-subif)#encapsulation dot1q 501
R1(config-subif)#ip add 10.1.1.2 255.255.255.0
R1(config-subif)#standby 1 ip 10.1.1.254
R1(config-subif)#standby 1 priority 120
R1(config-subif)#standby 1 preempt
R1(config-subif)#standby 1 track f0/1 30
R1(config-subif)#int f0/0.502
R1(config-subif)#encapsulation dot1q 502
R1(config-subif)#ip add 10.1.2.1 255.255.255.0
R1(config-subif)#standby 1 ip 10.1.1.254
R1(config-subif)#standby 1 preempt
R1(config)#int f0/1
R1(config-if)#ip add 192.168.1.203 255.255.255.0
R1(config-if)#ip nat outside
R1(c
R1(config-if)#no shut
*Mar 1 01:08:33.607: %SYS-5-CONFIG_I: Configured from console by console
R1#conf t
Enter configuration commands, one per line. End with CNTL/Z.
R1(config)#
R1(config)#
R1(config)#int fa0/1
R1(config-if)#ip add dhcp
R1(config-if)#
R1(config-if)#ip nat outside
R1(config-if)#no
*Mar 1 01:09:24.043: %DHCP-6-ADDRESS_ASSIGN: Interface FastEthernet0/1 assigned DHCP address 13.13.113.23, mask 255.255.255.0, hostname R1
R1(config-if)#no shut
R1(config-if)#
R1(config-if)#exit
R1(config)#
R1(config)#
R1(config)#acc
R1(config)#access-list 10 permit 10.1.0.0 0.0.255.255
R1(config)#ip nat inside source list 10 int fa0/1 overload
R1(config)#
R1(config)#
R1(config)#^Z
*Mar 1 01:05:33.827: %SYS-5-CONFIG_I: Configured from console by console
R2#conf t
R2(config-subif)#int f0/0
R2(config-subif)#int f0/0.501
R2(config-subif)#encapsulation dot1q 501
R2(config-subif)#ip add 10.1.1.2 255.255.255.0
R2(config-subif)#standby 1 ip 10.1.1.254
R2(config-subif)#standby 1 priority 120
R2(config-subif)#standby 1 preempt
R2(config-subif)#standby 1 track f0/1 30
R2(config-subif)#int f0/0.502
R2(config-subif)#encapsulation dot1q 502
R2(config-subif)#ip add 10.1.2.1 255.255.255.0
R2(config-subif)#standby 1 ip 10.1.1.254
R2(config-subif)#standby 1 preempt
R2(config)#int f0/1
R2(config-if)#ip add 192.168.1.208 255.255.255.0
R2(config-if)#ip nat outside
R2(c
R2(config-if)#no shut
*Mar 1 01:08:33.607: %SYS-5-CONFIG_I: Configured from console by console
R2#conf t
Enter configuration commands, one per line. End with CNTL/Z.
R2(config)#
R2(config)#
R2(config)#int fa0/1
R2(config-if)#ip add 192.168.1.204 255.255.255.0
R2(config-if)#no shut
R2(config-if)#ip nat outside
R2(config-if)#exit
R2(config)#access-list 10 permit 10.1.0.0 0.0.255.255
R2(config)#ip nat inside source-list 10 int fa0/1 overload
---> nat 설정
R2#
R2#sh ru
*Mar 1 01:10:30.723: %SYS-5-CONFIG_I: Configured from console by console
R2#sh run
Building configuration...
Current configuration : 992 bytes
!
version 12.3
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R2
!
boot-start-marker
boot-end-marker
!
!
memory-size iomem 10
no aaa new-model
ip subnet-zero
ip cef
!
!
no ip domain lookup
!
ip audit po max-events 100
!
!
!
interface FastEthernet0/0
no ip address
ip nat inside
duplex auto
speed auto
!
interface FastEthernet0/0.501
!
interface FastEthernet0/0.502
!
interface FastEthernet0/0.503
!
interface FastEthernet0/0.504
!
interface Serial0/0
no ip address
shutdown
no fair-queue
!
interface FastEthernet0/1
ip address dhcp
ip nat outside
duplex auto
speed auto
!
ip nat inside source list 10 interface FastEthernet0/1 overload
ip http server
no ip http secure-server
ip classless
!
!
access-list 10 permit 10.1.0.0 0.0.255.255
!
!
line con 0
exec-timeout 0 0
password cisco
logging synchronous
login
line aux 0
line vty 0 4
password cisco
login
!
!
end
R2#ping 168.126.63.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 168.126.63.1, timeout is 2 seconds:
.!!!!
@L3 스위치 HSRP 1
@@패켓트레이서 실습(HSRP ping이 되지 않는다,)
en
conf t
!
hostname SW1
no ip domain-lookup
line con 0
logg syn
exec-timeout 0 0
int range fa0/22, fa0/24
sw tr en do
sw mo trunk
!
vlan 11
vlan 12
vlan 101
vlan 102
@SW2
ip routing
!
int vlan 11
ip add 192.168.11.2 255.255.255.0
!
int vlan 12
ip add 192.168.12.2 255.255.255.0
!
int vlan 13
ip add 192.168.101.2 255.255.255.0
!
int vlan 14
ip add 192.168.102.2 255.255.255.0
!
@sh ip int brief, sh ip route, ping
@SW2
int vlan 11
standby 11 ip add 192.168.11.254
standby 11 priority 120
standby 11 preempt
!
int vlan 101
standby 101 ip 192.168.101.254
standby 101 preempt
sh standby bri
@SW4
int vlan 11
standby 11 ip add 192.168.11.254
standby 11 preempt
!
int vlan 101
standby 101 ip 192.168.101.254
standby 101 preempt
standby 101 priority 120
standby 101 preempt
sh standby bri
'네트워크/서버/모의해킹 > IPT' 카테고리의 다른 글
| 17.3.27 30일차 (NTP & AAA, ACS) (491) | 2017.03.27 |
|---|---|
| 17.3.24 29일차 (스위치 보안 기능 1) (486) | 2017.03.24 |
| 17.3.23 28일차 (HSRP를 이용한 게이트웨이 이중화 구축) (509) | 2017.03.23 |
| 17.3.21 25일차 (이중화 게이트웨이) (482) | 2017.03.21 |
| 17.3.20 25일차 (L3 스위치설정방법 ,l3스위치(rstp,이더채널,nat), l3 스위치 활용 (473) | 2017.03.20 |
