華為路由交換由淺入深系列（六）：三層交換與VRRP配置

掌握目标

一、實驗拓撲如下：

二、S1和S2 E-Trunk鍊路配置

三、配置S1和S2 VLAN資訊

四、相應接口劃入VLAN中

五、配置Vlanif位址

六、配置路由器相關資訊及路由

七、配置OSPF

八、配置VRRP

九、配置vrrp認證

一、實驗拓撲如下

二、S1和S2 E-Trunk鍊路配置

[S1]interface Eth-Trunk 1

[S1-Eth-Trunk1]quit

[S1]interface g0/0/9

[S1-GigabitEthernet0/0/9]eth-trunk 1

[S1]interface g0/0/10

[S1-GigabitEthernet0/0/10]eth-trunk 1

[S2]interface Eth-Trunk 1

[S2-Eth-Trunk1]quit

[S2]interface g0/0/9

[S2-GigabitEthernet0/0/9]eth-trunk 1

[S2]interface g0/0/10

[S2-GigabitEthernet0/0/10]eth-trunk 1

三、配置S1和S2 VLAN資訊

[S1]vlan batch 3 to 7

[S2]vlan batch 3 to 7

四、相應接口劃入VLAN中

[S1]interface e1

[S1-Eth-Trunk1]port link-type access

[S1-Eth-Trunk1]port default vlan 5

[S1]int g0/0/13

[S1-GigabitEthernet0/0/13]port link-type access

[S1-GigabitEthernet0/0/13]port default vlan 3

[S1]int g0/0/1

[S1-GigabitEthernet0/0/1]port link-type access

[S1-GigabitEthernet0/0/1]port default vlan 4

[S2]interface e1

[S2-Eth-Trunk1]port link-type access

[S2-Eth-Trunk1]port default vlan 5

[S2]interface g0/0/3

[S2-GigabitEthernet0/0/3]port link-type access

[S2-GigabitEthernet0/0/3]port default vlan 6

[S2]interface g0/0/18

[S2-GigabitEthernet0/0/3]port link-type access

[S2-GigabitEthernet0/0/3]port default vlan 7

五、配置Vlanif位址

[S1]interface Vlanif 3

[S1-Vlanif3]ip add 10.0.3.1 24

[S1]interface Vlanif 4

[S1-Vlanif3]ip add 10.0.4.1 24

[S1]interface Vlanif 5

[S1-Vlanif3]ip add 10.0.5.1 24

[S1]display ip int brief

Interface IP Address/Mask Physical Protocol

MEth0/0/1 unassigned down down

NULL0 unassigned up up(s)

Vlanif1 unassigned down down

Vlanif3 10.0.3.1/24 up up

Vlanif4 10.0.4.1/24 up up

Vlanif5 10.0.5.1/24 up up

[S2]interface Vlanif 5

[S2-Vlanif5]ip add 10.0.5.2 24

[S2]interface Vlanif 6

[S2-Vlanif6]ip add 10.0.6.1 24

[S2]interface Vlanif 7

[S2-Vlanif6]ip add 10.0.7.1 24

六、配置路由器相關資訊及路由

[S3]interface Vlanif 1

[S3-Vlanif1]ip add 10.0.3.33 24

[S3]ip route-static 0.0.0.0 0 10.0.3.1

[R1]int g0/0/1

[R1-GigabitEthernet0/0/1]ip add 10.0.4.11 24

[R1]ip route-static 0.0.0.0 0 10.0.4.1

[R3]int g0/0/2

[R3-GigabitEthernet0/0/2]ip add 10.0.6.33 24

[R3]ip route-static 0.0.0.0 0 10.0.6.1

[S4]interface Vlanif 1

[S4-Vlanif1]ip add 10.0.7.44 24

[S4]ip route-static 0.0.0.0 0 10.0.7.1

測試

ping 10.0.3.33

PING 10.0.3.33: 56 data bytes, press CTRL_C to break

Reply from 10.0.3.33: bytes=56 Sequence=1 ttl=254 time=50 ms

Reply from 10.0.3.33: bytes=56 Sequence=2 ttl=254 time=70 ms

Reply from 10.0.3.33: bytes=56 Sequence=3 ttl=254 time=50 m

ping 10.0.6.33

PING 10.0.6.33: 56 data bytes, press CTRL_C to break

Request time out

Request time out

Request time out

tracert 10.0.6.33

traceroute to 10.0.6.33(10.0.6.33), max hops: 30 ,packet length: 40,press CTRL_C to break

1 10.0.4.1 20 ms 20 ms 20 ms

2 10.0.4.1 30 ms !N 20 ms !N 10 ms !N ====此處回顯肯定是模拟器問題，應該是*****。

解決方法一、

[S1]ospf 1

[S1-ospf-1]area 0

[S1-ospf-1-area-0.0.0.0]network 10.0.0.0 0.255.255.255

[S2]ospf 1

[S2-ospf-1]area 0

[S2-ospf-1-area-0.0.0.0]network 10.0.0.0 0.255.255.255

[S1]display ip ro pr os

OSPF routing table status :

Destinations : 2 Routes : 2

Destination/Mask Proto Pre Cost Flags NextHop Interfac

10.0.6.0/24 OSPF 10 2 D 10.0.5.2 Vlanif5

10.0.7.0/24 OSPF 10 2 D 10.0.5.2 Vlanif5

[S2]dis ip rou pr os

Destination/Mask Proto Pre Cost Flags NextHop Interface

10.0.3.0/24 OSPF 10 2 D 10.0.5.1 Vlanif5

10.0.4.0/24 OSPF 10 2 D 10.0.5.1 Vlanif5

ping 10.0.6.33

PING 10.0.6.33: 56 data bytes, press CTRL_C to break

Reply from 10.0.6.33: bytes=56 Sequence=1 ttl=253 time=50 ms

Reply from 10.0.6.33: bytes=56 Sequence=2 ttl=253 time=50 ms

ping 10.0.7.44

PING 10.0.7.44: 56 data bytes, press CTRL_C to break

Reply from 10.0.7.44: bytes=56 Sequence=1 ttl=253 time=80 ms

Reply from 10.0.7.44: bytes=56 Sequence=2 ttl=253 time=60 ms

Reply from 10.0.7.44: bytes=56 Sequence=3 ttl=253 time=60 ms

tracert 10.0.6.33

traceroute to 10.0.6.33(10.0.6.33), max hops: 30 ,packet length: 40,press CTRL_C to break

1 10.0.4.1 40 ms 10 ms 10 ms

2 10.0.5.2 40 ms 30 ms 40 ms

3 10.0.6.33 70 ms 60 ms 60 ms

解決方法二、

[S1]ip route-static 0.0.0.0 0 10.0.5.2

[S2]ip route-static 0.0.0.0 0 10.0.5.1

VRRP實驗

基本配置

[R1-LoopBack0]ip add 10.0.1.1 24

[R1-LoopBack0]int g0/0/1

[R1-GigabitEthernet0/0/1]ip add 10.0.11.2 24

[R1-LoopBack0]int g0/0/2

[R1-GigabitEthernet0/0/1]ip add 10.0.12.2 24

[R2]interface g0/0/2

[R2-GigabitEthernet0/0/2]ip add 10.0.123.4 24

[R2]ip route-static 0.0.0.0 0 10.0.123.1 ====vrrp虛拟位址

[R3]interface g0/0/2

[R3-GigabitEthernet0/0/2]ip add 10.0.123.5 24

[R3]ip route-static 0.0.0.0 0 10.0.123.1

[S1]vlan batch 1 to 3

[S1-GigabitEthernet0/0/10]int g0/0/10

[S1-GigabitEthernet0/0/10]port link-type trunk

[S1-GigabitEthernet0/0/10]port trunk allow-pass vlan all

[S1-GigabitEthernet0/0/1]int g0/0/1

[S1-GigabitEthernet0/0/1]port link-type access

[S1-GigabitEthernet0/0/1]port default vlan 2

[S1-GigabitEthernet0/0/1]int g0/0/2

[S1-GigabitEthernet0/0/2]port link-type access

[S1-GigabitEthernet0/0/2]port default vlan 1

[S1]interface Vlanif 1

[S1-Vlanif1]ip add 10.0.123.2 24

[S1]interface Vlanif 2

[S1-Vlanif1]ip add 10.0.11.1 24

[S2]vlan batch 1 to 3

[S2-GigabitEthernet0/0/10]int g0/0/10

[S2-GigabitEthernet0/0/10]port link-type trunk

[S2-GigabitEthernet0/0/10]port trunk allow-pass vlan all

[S2-GigabitEthernet0/0/2]int g0/0/2

[S2-GigabitEthernet0/0/2]port link-type access

[S2-GigabitEthernet0/0/2]port default vlan 3

[S2-GigabitEthernet0/0/1]int g0/0/3

[S2-GigabitEthernet0/0/2]port link-type access

[S2-GigabitEthernet0/0/2]port default vlan 1

[S2]interface Vlanif 1

[S2-Vlanif1]ip add 10.0.123.324

[S2]interface Vlanif 3

[S2-Vlanif1]ip add 10.0.12.1 24

測試

ping -c 2 10.0.11.1

PING 10.0.11.1: 56 data bytes, press CTRL_C to break

Reply from 10.0.11.1: bytes=56 Sequence=1 ttl=255 time=50 ms

Reply from 10.0.11.1: bytes=56 Sequence=2 ttl=255 time=20 ms

ping -c 2 10.0.12.1

PING 10.0.12.1: 56 data bytes, press CTRL_C to break

Reply from 10.0.12.1: bytes=56 Sequence=1 ttl=255 time=40 ms

Reply from 10.0.12.1: bytes=56 Sequence=2 ttl=255 time=20 ms

[S1]ping -c 2 10.0.123.4

PING 10.0.123.4: 56 data bytes, press CTRL_C to break

Reply from 10.0.123.4: bytes=56 Sequence=1 ttl=255 time=80 ms

Reply from 10.0.123.4: bytes=56 Sequence=2 ttl=255 time=50 ms

[S2]ping -c 2 10.0.123.5

PING 10.0.123.5: 56 data bytes, press CTRL_C to break

Reply from 10.0.123.5: bytes=56 Sequence=1 ttl=255 time=60 ms

Reply from 10.0.123.5: bytes=56 Sequence=2 ttl=255 time=40 ms

七、配置OSPF

[S1]ospf 1

[S1-ospf-1]area 0

[S1-ospf-1-area-0.0.0.0]net 10.0.0.0 0.255.255.255

[S1-ospf-1-area-0.0.0.0]silent-interface Vlanif1

[S2]ospf 1

[S2-ospf-1]area 0

[S2-ospf-1-area-0.0.0.0]net 10.0.0.0 0.255.255.255、

[S2-ospf-1-area-0.0.0.0]silent-interface Vlanif1

[R1]ospf 1

[R1-ospf-1]are 0

[R1-ospf-1-area-0.0.0.0]net 10.0.0.0 0.255.255.255

[S1]ping -c 2 10.0.1.1

PING 10.0.1.1: 56 data bytes, press CTRL_C to break

Reply from 10.0.1.1: bytes=56 Sequence=1 ttl=255 time=50 ms

Reply from 10.0.1.1: bytes=56 Sequence=2 ttl=255 time=40 ms

[S1]ping -c 2 10.0.12.2

PING 10.0.12.2: 56 data bytes, press CTRL_C to break

Reply from 10.0.12.2: bytes=56 Sequence=1 ttl=255 time=30 ms

Reply from 10.0.12.2: bytes=56 Sequence=2 ttl=255 time=30 ms

八、配置VRRP

[S1]interface Vlanif 1

[S1-Vlanif1]vrrp vrid 1 virtual-ip 10.0.123.1 =====配置VRRP Group ID為1，虛拟IP位址10.0.123.1

[S1-Vlanif1]vrrp vrid 1 priority 105 ====配置VRRP優先級為105，預設為100

[S2]int vlanif 1

[S2-Vlanif1]vrrp vrid 1 virtual-ip 10.0.123.1

測試

[S1]display vrrp 1

Vlanif1 | Virtual Router 1

State : Master

Virtual IP : 10.0.123.1

Master IP : 10.0.123.2

PriorityRun : 105

PriorityConfig : 105

MasterPriority : 105

Preempt : YES Delay Time : 0 s

TimerRun : 1 s

TimerConfig : 1 s

Auth type : NONE

Virtual MAC : 0000-5e00-0101

Check TTL : YES

Config type : normal-vrrp

Create time : 2014-05-21 18:11:32 UTC-08:00

Last change time : 2014-05-21 18:11:35 UTC-08:00

[S2]display vrrp

Vlanif1 | Virtual Router 1

State : Backup

Virtual IP : 10.0.123.1

Master IP : 10.0.123.2

PriorityRun : 100

PriorityConfig : 100

MasterPriority : 105

Preempt : YES Delay Time : 0 s

TimerRun : 1 s

TimerConfig : 1 s

Auth type : NONE

Virtual MAC : 0000-5e00-0101

Check TTL : YES

Config type : normal-vrrp

Create time : 2014-05-21 18:13:47 UTC-08:00

Last change time : 2014-05-21 18:13:47 UTC-08:00

ping -c 1 10.0.1.1

PING 10.0.1.1: 56 data bytes, press CTRL_C to break

Reply from 10.0.1.1: bytes=56 Sequence=1 ttl=254 time=120 ms

ping -c 1 10.0.1.1

PING 10.0.1.1: 56 data bytes, press CTRL_C to break

Reply from 10.0.1.1: bytes=56 Sequence=1 ttl=254 time=90 ms

[S1]interface Vlanif 1

[S1-Vlanif1]shutdown

ping -c 10000 10.0.1.1

PING 10.0.1.1: 56 data bytes, press CTRL_C to break

Reply from 10.0.1.1: bytes=56 Sequence=1 ttl=254 time=70 ms

Request time out

Reply from 10.0.1.1: bytes=56 Sequence=3 ttl=254 time=50 ms

Reply from 10.0.1.1: bytes=56 Sequence=4 ttl=254 time=40 ms

[S1]display vrrp

Vlanif1 | Virtual Router 1

State : Initialize

Virtual IP : 10.0.123.1

Master IP : 0.0.0.0

PriorityRun : 105

PriorityConfig : 105

MasterPriority : 0

Preempt : YES Delay Time : 0 s

TimerRun : 1 s

TimerConfig : 1 s

Auth type : NONE

Virtual MAC : 0000-5e00-0101

Check TTL : YES

Config type : normal-vrrp

Create time : 2014-05-21 18:11:32 UTC-08:00

Last change time : 2014-05-21 18:22:38 UTC-08:00

[S2]display vrrp

Vlanif1 | Virtual Router 1

State : Master

Virtual IP : 10.0.123.1

Master IP : 10.0.123.3

PriorityRun : 100

PriorityConfig : 100

MasterPriority : 100

[S1]int Vlanif 1

[S1-Vlanif1]undo shutdown

此時R2與R3通過S1發送資料給10.0.1.1。如果關閉S1的G0/0/1接口，或關閉R1的G0/0/1接口，網絡将無法自動切換到通過S2發送資料給10.0.1.1

關閉S1的G0/0/1接口

[S1]int g0/0/1

[S1-GigabitEthernet0/0/1]shut

[S1]display vrrp brief

VRID State Interface Type Virtual IP

—————————————————————-

1 Master Vlanif1 Normal 10.0.123.1

—————————————————————-

Total:1 Master:1 Backup:0 Non-active:0

ping -c 2 10.0.1.1

PING 10.0.1.1: 56 data bytes, press CTRL_C to break

Request time out

Request time out

[S1]int g0/0/1

[S1-GigabitEthernet0/0/1]undo shut

S1和S2上配置VRRP的接口跟蹤，定義跟蹤G0/0/1接口，如果接口被關閉，則優先級降低10，這樣的情況下，S2将搶占S1的VRRP主角色。

[S1]int Vlanif 1

[S1-Vlanif1]vrrp vrid 1 track interface g0/0/1 reduced 10

[S2]int Vlanif 1

[S2-Vlanif1]vrrp vrid 1 track interface g0/0/1 reduced 10

[S1]int g0/0/1

[S1-GigabitEthernet0/0/1]shut

[S2]display vrrp

Vlanif1 | Virtual Router 1

State : Backup

Virtual IP : 10.0.123.1

Master IP : 10.0.123.2

PriorityRun : 90

PriorityConfig : 100

MasterPriority : 95

Preempt : YES Delay Time : 0 s

TimerRun : 1 s

TimerConfig : 1 s

Auth type : NONE

Virtual MAC : 0000-5e00-0101

Check TTL : YES

Config type : normal-vrrp

Track IF : GigabitEthernet0/0/1 Priority reduced : 10

IF state : DOWN

Create time : 2014-05-21 18:13:47 UTC-08:00

Last change time : 2014-05-21 18:26:12 UTC-08:00

九、配置vrrp認證

[S1]int Vlanif 1

[S1-Vlanif1]vrrp vrid 1 authentication-mode md5 cisco

[S1]display vrrp

Vlanif1 | Virtual Router 1

State : Master

Virtual IP : 10.0.123.1

Master IP : 10.0.123.2

PriorityRun : 105

PriorityConfig : 105

MasterPriority : 105

Preempt : YES Delay Time : 0 s

TimerRun : 1 s

TimerConfig : 1 s

Auth type : MD5 Auth key : *hPH!nZ_`,9P4p;[email protected]#

Virtual MAC : 0000-5e00-0101

Check TTL : YES

Config type : normal-vrrp

Track IF : GigabitEthernet0/0/1 Priority reduced : 10

IF state : UP

Create time : 2014-05-21 18:11:32 UTC-08:00

Last change time : 2014-05-21 18:26:12 UTC-08:00

[S2]interface Vlanif 1

[S2-Vlanif1]vrrp vrid 1 authentication-mode md5 cisco

如果大家有任何疑問或者文中有錯誤跟疏忽的地方，歡迎大家留言指出，部落客看到後會第一時間修改，謝謝大家的支援，更多技術文章盡在網絡之路Blog（其他平台同名），版權歸網絡之路Blog所有，原創不易，侵權必究，覺得有幫助的，關注、轉發、點贊支援下！~。