Cisco HSRP的配置 双机热备经典案例

HSRP一般用于两台，也可以用于多台。必须在每台起HSRP上的路由器上配置。

When the HSRP is configured on a network segment, it provides a virtual Media Access Control (MAC) address and an IP address that is shared among routers in a groupof routers that is running HSRP. One of these devices is selected by the protocol to be the active router. The active router receives and routes packets destined for the group's MAC address. For n routers running HSRP, there are n + 1 IP and MAC addresses assigned.

但是aceive只有一台，standby只有一台，其实其他的都在监听状态。所以zyx说的是处在active和standby的状态的只有两台。

附一个配置实例：

version 12.0

service timestamps debug uptime

service timestamps log uptime

no service password-encryption

!

hostname r1

!

enable password cisco

!

ip subnet-zero (新版的IOS都支持全0/1子网)

!

!

!

!

interface Ethernet0

ip address 136.147.107.101 255.255.0.0

no ip redirects

no ip directed-broadcast

standby 150 timers 5 15 /* 定义150组5秒交换一次hello信息，15秒没收到 hello信息就开始切换 */

standby 150 priority 110 /* 定义150组的主路由器权值，值越大，为主路由器希望越大 */

standby 150 preempt/* enable 150组的hsrp抢占功能 */

standby 150 authentication cisco /* 设置150组的router身份验证串 */

standby 150 ip 136.147.107.100 /* 定义150组的浮动地址，也是这台router

连接的网络的网关*/

standby 150 track Ethernet0 /* 定义监控的端口*/

!

interface Serial0

no ip address

no ip directed-broadcast

no ip mroute-cache

shutdown

no fair-queue

!

ip classless

!

!

line con 0

transport input none

line 1 16

line aux 0

line vty 0 4

password cisco

login

!

end

配置基本HSRP例子：

提问 "当主用路由器当掉以后备份路由器可以接管主用路由器的IP地址和MAC地址

回答

Router1：

Router1#configure terminal

Enter configuration commands, one per line. End with CNTL/Z.

Router1(config)#interface FastEthernet 0/1

Router1(config-if)#ip address 172.22.1.3 255.255.255.0

Router1(config-if)#standby 1 ip 172.22.1.1

Router1(config-if)#standby 1 priority 120

Router1(config-if)#exit

Router1(config)#end

Router1#

Router2：

Router2#configure terminal

Enter configuration commands, one per line. End with CNTL/Z.

Router2(config)#interface FastEthernet 1/0

Router2(config-if)#ip address 172.22.1.2 255.255.255.0

Router2(config-if)#standby 1 ip 172.22.1.1

Router2(config-if)#standby 1 priority 110 (默认priority is 100)

Router2(config-if)#exit

Router2(config)#end

Router2#

注释 由于HSRP虚拟出来的MAC地址跟组相关，所以可能会出现同一交换机收到多个相同的MAC地址的情况，这时候就需要用standby 1 mac-address 0000.0c07.ad01 命令来人工指定一个MAC地址

提问 强制某个路由器启动后一直在组中处于主用状态

回答

Router1#configure terminal

Enter configuration commands, one per line. End with CNTL/Z.

Router1(config)#interface FastEthernet 0/1

Router1(config-if)#standby 1 ip 172.22.1.1

Router1(config-if)#standby 1 priority 120

Router1(config-if)#standby 1 preempt

Router1(config-if)#exit

Router1(config)#end

Router1#

Router2#configure terminal

Enter configuration commands, one per line. End with CNTL/Z.

Router2(config)#interface FastEthernet 1/0

Router2(config-if)#standby 1 ip 172.22.1.1

Router2(config-if)#standby 1 priority 110

Router2(config-if)#standby 1 preempt delay 60 (最好有时延)

Router2(config-if)#exit

Router2(config)#end

Router2#

注释 正常情况下当LAN端口up后就会发生强占，而此时可能网络还没有收敛，所以建议配置强占延迟时间，让路由器启动后过一段时间再发起强占standby 1 preempt delay 60

22.3. 配置HSRP对接口问题追踪的支持

提问 当主用路由器的上联端口出现问题后主动切换到备用路由器

回答

Router1#configure terminal

Enter configuration commands, one per line. End with CNTL/Z.

Router1(config)#interface FastEthernet0/1

Router1(config-if)#standby 1 ip 172.22.1.1

Router1(config-if)#standby 1 priority 120

Router1(config-if)#standby 1 preempt

Router1(config-if)#standby 1 track Serial0/0 20

Router1(config-if)#exit

Router1(config)#end

Router1#

从12.2(15)T后引入更多可追踪实例

Router1#configure terminal

Enter configuration commands, one per line. End with CNTL/Z.

Router1(config)#track 11 interface Serial1/1 ip routing

Router1(config-track)#exit

Router1(config)#interface FastEthernet0/0

Router1(config-if)#standby 1 ip 172.22.1.1

Router1(config-if)#standby 1 priority 120

Router1(config-if)#standby 1 preempt

Router1(config-if)#standby 1 track 11 decrement 50

Router1(config-if)#end

Router1#

注释 Router1#show track

Track 11

Interface Serial1/1 ip routing

IP routing is Down (hw admin-down, ip disabled)

1 change, last change 00:12:48

Tracked by:

HSRP FastEthernet0/0 1

22.4. HSRP负载均衡

提问 在两台或者多台HSRP路由器上实现流量的负载均衡

回答

Router1#configure terminal

Enter configuration commands, one per line. End with CNTL/Z.

Router1(config)#interface FastEthernet0/1

Router1(config-if)#ip address 172.22.1.3 255.255.255.0

Router1(config-if)#standby 1 ip 172.22.1.1

Router1(config-if)#standby 1 priority 120

Router1(config-if)#standby 1 preempt

Router1(config-if)#standby 2 ip 172.22.1.2

Router1(config-if)#standby 2 priority 110

Router1(config-if)#standby 2 preempt

Router1(config-if)#exit

Router1(config)#end

Router1#

Router2#configure terminal

Enter configuration commands, one per line. End with CNTL/Z.

Router2(config)#interface FastEthernet1/0

Router2(config-if)#ip address 172.22.1.4 255.255.255.0

Router2(config-if)#standby 1 ip 172.22.1.1

Router2(config-if)#standby 1 priority 110

Router2(config-if)#standby 1 preempt

Router2(config-if)#standby 2 ip 172.22.1.2

Router2(config-if)#standby 2 priority 120

Router2(config-if)#standby 2 preempt

Router2(config-if)#exit

Router2(config)#end

Router2#

注释 由于出现两个网关，所以需要在终端设备上分开配置各自的缺省网关。

22.5. HSRP中ICMP重定向

提问 在HSRP中启用ICMP重定向

回答

Router2#configure terminal

Enter configuration commands, one per line. End with CNTL/Z.

Router2(config)#interface FastEthernet 1/0

Router2(config-if)#no ip redirects

Router2(config-if)#standby redirects disable

Router2(config-if)#exit

Router2(config)#end

Router2#

注释

22.6. 调整HSRP定时器

提问 调整备份路由器接管主用路由器所需时长

回答

Router1#configure terminal

Enter configuration commands, one per line. End with CNTL/Z.

Router1(config)#interface FastEthernet0/1

Router1(config-if)#standby 1 ip 172.22.1.1

Router1(config-if)#standby 1 priority 120

Router1(config-if)#standby 1 preempt

Router1(config-if)#standby 1 timers 1 3

Router1(config-if)#exit

Router1(config)#end

Router1#

注释 缺省Hello包时长为3秒，10秒后会接管，如果主用路由器调整时长，整个组内的路由器都要调整为相同的时长。最短可以到达毫秒Router1(config-if)#standby 1 timers msec 100 msec 300

22.7. 在令牌环网络中使用HSRP

提问 在令牌环网络中配置HSRP

回答

如果只用IP协议配置同前面例子，如果还有其他协议，特别是使用了source-route bridging就用下面的配置方法

Router1#configure terminal

Enter configuration commands, one per line. End with CNTL/Z.

Router1(config)#interface Tokenring0

Router1(config-if)#ip address 172.22.1.3

Router1(config-if)#standby ip 172.22.1.1

Router1(config-if)#standby use-bia

Router1(config-if)#standby priority 120

Router1(config-if)#standby preempt

Router1(config-if)#exit

Router1(config)#end

Router1#

Router2#configure terminal

Enter configuration commands, one per line. End with CNTL/Z.

Router2(config)#interface Tokenring0

Router2(config-if)#ip address 172.22.1.2

Router2(config-if)#standby ip 172.22.1.1

Router2(config-if)#standby use-bia

Router2(config-if)#standby priority 110

Router2(config-if)#standby preempt

Router2(config-if)#exit

Router2(config)#end

Router2#

注释 由于令牌环网络会用到设备的MAC地址信息，所以如果HSRP用到虚拟MAC就会出问题，因此在配置中使用了burned-in address (BIA)来代替MAC来避免出现问题