网络安全学习--HSRP

Posted 丢爸

tags:

篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了网络安全学习--HSRP相关的知识,希望对你有一定的参考价值。

HSRP协议(Hot StandBy Router Protocol)热备份路由器协议

  1. HSRP组号:1-255
    组号没有大小之分
  2. 虚拟路由器的IP称为虚拟IP地址
  3. HSRP组成员
  • 虚拟路由器(老大)
  • 活跃路由器
  • 备份路由器
  • 其他路由器
  1. HSRP优先级(1-255):默认100
  2. HSRP组成员通过定时发送hello包来交流默认每隔3秒
  3. 占先权preempt:作用–当检测不到对方,或检测到对方优先级低于自己,立即抢占活跃路由的名分。
  4. 配置跟踪track,跟踪外网端口状态,当外网down掉,则自降优先级

HSRP实验

实验文件下载
实验文件下载后,需要通过Cisco Packet Tracer打开
Cisco Packet Tracer软件下载路径查看文章

  1. 配置各台设备IP,内网PC网关使用规划的虚拟路由器IP
#--------------配置Router0路由器IP
Router>enable
Router#configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.	
Router(config)#interface fa0/1
Router(config-if)#exit
Router(config)#interface fa0/0
Router(config-if)#ip addr 192.168.1.252 255.255.255.0
Router(config-if)#no shutdown
Router(config-if)#exit
Router(config-if)#
%LINK-5-CHANGED: Interface FastEthernet0/0, changed state to up

%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/0, changed state to up

Router(config-if)#
Router(config-if)#interface fa0/1
Router(config-if)#ip addr 10.1.1.1 255.255.255.0
Router(config-if)#no shutdown

Router(config-if)#
%LINK-5-CHANGED: Interface FastEthernet0/1, changed state to up
#--------------配置Router0路由器IP
#--------------配置Router1路由器IP
Router>enable
Router#configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
Router(config)#
Router(config)#interface fa0/a
                             ^
% Invalid input detected at '^' marker.
	
Router(config)#interface fa0/0
Router(config-if)#ip addr 192.168.1.253 255.255.255.0
Router(config-if)#no shutdown

Router(config-if)#
%LINK-5-CHANGED: Interface FastEthernet0/0, changed state to up

%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/0, changed state to up

Router(config-if)#exit
Router(config)#interface fa0/1
Router(config-if)#ip addr 20.1.1.1 255.255.255.0
Router(config-if)#no shutdown

Router(config-if)#
%LINK-5-CHANGED: Interface FastEthernet0/1, changed state to up
#--------------配置Router1路由器IP
#--------------配置Router2路由器IP
Router>enable
Router#configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
Router(config)#
Router(config)#
Router(config)#interface fa0/0
Router(config-if)#ip addr 10.1.1.2 255.255.255.0
Router(config-if)#no shutdown

Router(config-if)#
%LINK-5-CHANGED: Interface FastEthernet0/0, changed state to up

%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/0, changed state to up

Router(config-if)#exit
Router(config)#interface fa0/1
Router(config-if)#ip addr 20.1.1.2 255.255.255.0
Router(config-if)#no shutdown

Router(config-if)#
%LINK-5-CHANGED: Interface FastEthernet0/1, changed state to up

%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/1, changed state to up

Router(config-if)#exit
Router(config)#interface fa1/0
Router(config-if)#ip addr 30.1.1.254 255.255.255.0
Router(config-if)#no shutdown

Router(config-if)#
%LINK-5-CHANGED: Interface FastEthernet1/0, changed state to up

%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet1/0, changed state to up
#--------------配置Router2路由器IP
#--------------配置Router0路由器路由
Router(config)#ip route 0.0.0.0 0.0.0.0 10.1.1.2
#--------------配置Router0路由器路由
#--------------配置Router1路由器路由
Router(config)#ip route 0.0.0.0 0.0.0.0 20.1.1.2
#--------------配置Router1路由器路由
#--------------配置Router2路由器路由
Router(config)#ip route 192.168.1.0 255.255.255.0 20.1.1.1
#--------------配置Router2路由器路由
#--------------开启内网两台路由器热备份
#-----Router0路由器上配置
Router(config)#interface fa0/0
#配置组号和虚拟IP
Router(config-if)#standby 1 ip 192.168.1.254
Router(config-if)#
%HSRP-6-STATECHANGE: FastEthernet0/0 Grp 1 state Speak -> Standby

%HSRP-6-STATECHANGE: FastEthernet0/0 Grp 1 state Standby -> Active
#配置优先级
Router(config-if)#standby 1 priority 200
#配置占先权,如出现检测不到对方,则占有虚拟IP的信息
Router(config-if)#standby 1 preempt
#配置跟踪,如接口fa0/1出现故障,则自减
Router(config-if)#standby 1 track fa0/1
#查看热备份信息
Router(config-if)#do show standby brief
                     P indicates configured to preempt.
                     |
Interface   Grp  Pri P State    Active          Standby         Virtual IP
Fa0/0       1    200 P Active   local           192.168.1.253   192.168.1.254 
#-----Router0路由器上配置
#-----Router1路由器配置
Router(config-if)#standby 1 ip 192.168.1.254
Router(config-if)#standby 1 priority 190
Router(config-if)#
%HSRP-6-STATECHANGE: FastEthernet0/0 Grp 1 state Speak -> Standby

Router(config-if)#standby 1 preempt
Router(config-if)#exit
Router(config)#do show standby brief
                     P indicates configured to preempt.
                     |
Interface   Grp  Pri P State    Active          Standby         Virtual IP
Fa0/0       1    190 P Standby  192.168.1.252   local           192.168.1.254  
#-----Router1路由器配置
#--------------开启内网两台路由器热备份
  1. 测试当掉活跃路由器的接口,观察备份路由器状态
#当掉活跃路由器接口
Router(config)#interface fa0/0
Router(config-if)#shutdown

Router(config-if)#
 %HSRP-6-STATECHANGE: FastEthernet0/0 Grp 1 state Active -> Init

%LINK-5-CHANGED: Interface FastEthernet0/0, changed state to administratively down

%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/0, changed state to down
Router(config-if)#do show standby brief
                     P indicates configured to preempt.
                     |
Interface   Grp  Pri P State    Active          Standby         Virtual IP
Fa0/0       1    200 P Init     unknown         unknown         192.168.1.254  
#查看备份路由器接口
Router(config)#
%HSRP-6-STATECHANGE: FastEthernet0/0 Grp 1 state Standby -> Active

Router(config)#do show standby brief
                     P indicates configured to preempt.
                     |
Interface   Grp  Pri P State    Active          Standby         Virtual IP
Fa0/0       1    190 P Active   local           unknown         192.168.1.254 

#---------再次启动活跃路由器接口
Router(config-if)#
%LINK-5-CHANGED: Interface FastEthernet0/0, changed state to up

%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/0, changed state to up

%HSRP-6-STATECHANGE: FastEthernet0/0 Grp 1 state Speak -> Standby

%HSRP-6-STATECHANGE: FastEthernet0/0 Grp 1 state Standby -> Active

Router(config-if)#do show standby
FastEthernet0/0 - Group 1
  State is Active
    13 state changes, last state change 01:00:47
  Virtual IP address is 192.168.1.254
  Active virtual MAC address is 0000.0C07.AC01
    Local virtual MAC address is 0000.0C07.AC01 (v1 default)
  Hello time 3 sec, hold time 10 sec
    Next hello sent in 2.518 secs
  Preemption enabled
  Active router is local
  Standby router is 192.168.1.253, priority 190 (expires in 6 sec)
  Priority 200 (configured 200)
    Track interface FastEthernet0/1 state Up decrement 10
  Group name is hsrp-Fa0/0-1 (default)

以上是关于网络安全学习--HSRP的主要内容,如果未能解决你的问题,请参考以下文章

云计算--网络原理与应用--20171122--STP与HSRP

VRRP 原理

热备份路由选择协议(HSRP)

HSRP热备份路由选择协议

热备份路由选择协议(HSRP)的原理与配置

10.网络安全基础配置实验-HSRP及VRRP及三层交换机链路聚合配置