Objectifs de certification
CCNA 200-301
3.5 Décrire le but des protocoles de redondance du premier saut (first hop redundancy protocol)
2.5 Décrire la nécessité et les operations de base de Rapid PVST+ Spanning Tree Protocol
- 2.5.a Root port, root bridge (primary/secondary), et les autres noms de port
- 2.5.b Port states (forwarding/blocking)
- 2.5.c Avantages PortFast
2.1 Configurer et vérifier les VLANs (normal range) couvrant plusieurs switches
- 2.1.a Access ports (data et voice)
- 2.1.b Default VLAN
- 2.1.c Connectivity
2.2 Configurer et vérifier la connectivité interswitch
- 2.2.a Trunk ports
- 2.2.b 802.1Q
- 2.2.c Native VLAN
4.6 Configurer et vérifier DHCP client et relay
Lab Disponibilité dans le LAN RSTP avec HSRP
Cet exercice de laboratoire ajoute un protocole de redondance du premier comme HSRP entre la couche Access et la couche Distribution d’une topologie de type Campus LAN. La charge du trafic des VLANs est répartie grâce à Rapid Spanning-Tree.
1. Enoncé
Cet exercice fait suite à à l’exercice de laboratoire “Lab répartition de charge avec Rapid Spanning-Tree”.
1.1. Topologie avec redondance de passerelle HSRP
1.2. VLANs
| VLAN | Ports Access (AS1 et AS2) | plage d’adresse | Passerelle par défaut |
|---|---|---|---|
| VLAN 10 | g2/0 | 172.16.10.0/24 | 172.16.10.254, FE80::D:1 |
| VLAN 20 | g2/1 | 172.16.20.0/24 | 172.16.10.254, FE80::D:1 |
| VLAN 30 | g2/2 | 172.16.30.0/24 | 172.16.10.254, FE80::D:1 |
| VLAN 40 | g2/3 | 172.16.40.0/24 | 172.16.10.254, FE80::D:1 |
| VLAN 99 | VLAN natif | Management |
1.3. Ports Etherchannel et Trunk VLANs
| PortChannel | ports physiques | Commutateurs |
|---|---|---|
| po1 | g0/0,g1/0 | AS1 - DS1 |
| po2 | g0/1,g1/1 | AS1 - DS2 |
| po3 | g0/2,g1/2 | DS1 - DS2 |
| po4 | g0/0,g1/0 | AS2 - DS2 |
| po5 | g0/1,g1/1 | AS2 - DS1 |
1.4. Spanning-Tree
| VLANs | DS1 | DS2 |
|---|---|---|
| VLANs 1,10,30,99 | root primary | root secondary |
| VLANs 20,40 | root secondary | root primary |
1.5.Plan d’adressage
| Commutateur | Interface | Adresse IPv4 | Adresse(s) IPv6 |
|---|---|---|---|
| DS1 | VLAN10 | 172.16.10.252/24 | FD00:1AB:1A3:10::1/64, FE80::D:2 |
| DS1 | VLAN20 | 172.16.20.252/24 | FD00:1AB:1A3:20::1/64, FE80::D:2 |
| DS1 | VLAN30 | 172.16.30.252/24 | FD00:1AB:1A3:30::1/64, FE80::D:2 |
| DS1 | VLAN40 | 172.16.40.252/24 | FD00:1AB:1A3:40::1/64, FE80::D:2 |
| DS2 | VLAN10 | 172.16.10.253/24 | FD00:1AB:1A3:10::2/64, FE80::D:3 |
| DS2 | VLAN20 | 172.16.20.253/24 | FD00:1AB:1A3:20::2/64, FE80::D:3 |
| DS2 | VLAN30 | 172.16.30.253/24 | FD00:1AB:1A3:30::2/64, FE80::D:3 |
| DS2 | VLAN40 | 172.16.40.253/24 | FD00:1AB:1A3:40::2/64, FE80::D:3 |
En téléchargeant les livres du Guide CCNA 200-301 vous encouragez son auteur ! 
1.6. HSRP
| Commutateur | Interface | Adresse IPv4 virtuelle | Adresse IPv6 virtuelle | Group | Priorité |
|---|---|---|---|---|---|
| DS1 | VLAN10 | 172.16.10.254/24 | FE80::D:1 | 10/16 | 150, prempt |
| DS1 | VLAN20 | 172.16.20.254/24 | FE80::D:1 | 20/26 | default |
| DS1 | VLAN30 | 172.16.30.254/24 | FE80::D:1 | 30/36 | 150, prempt |
| DS1 | VLAN40 | 172.16.40.254/24 | FE80::D:1 | 40/46 | default |
| DS2 | VLAN10 | 172.16.10.254/24 | FE80::D:1 | 10/16 | default |
| DS2 | VLAN20 | 172.16.20.254/24 | FE80::D:1 | 20/26 | 150, prempt |
| DS2 | VLAN30 | 172.16.30.254/24 | FE80::D:1 | 30/36 | default |
| DS2 | VLAN40 | 172.16.40.254/24 | FE80::D:1 | 40/46 | 150, prempt |
1.7. Ressources requises
- 4 commutateurs (vios_l2 Software (vios_l2-ADVENTERPRISEK9-M), Experimental Version 15.2(20170321:233949))
- 8 PCs (Centos 7 KVM ou Ubuntu Docker)
- (Câbles de console pour configurer les périphériques Cisco IOS via les ports de console)
- Câbles Ethernet conformément à la topologie
1.8. Explication
Dans l’exercice de laboratoire “Lab répartition de charge avec Rapid Spanning-Tree”, nous avons appris à déployer Rapid Spanning-Tree entre la couche Distribution et la couche Access. Il manque manifestement une sûreté au niveau de la passerelle par défaut que constitue le commutateur de Distribution. Afin d’éviter ce point unique de rupture, on apprendra à configurer et vérifier HSRP. Dans cette topologie une passerelle devient routeur “Active” pour certains VLANs et reste en HSRP “Standby” pour d’autres VLANs et inversément.
On trouvera plus bas les fichiers de configuration qui déploient la solution VLANs, Trunking, Etherchannel, Rapid Spanning-Tree, SVI IPv4 et IPv6 et DHCP. Par rapport à l’exercice de laboratoire “Lab répartition de charge avec Rapid Spanning-Tree”, tout reste identique sauf le paramètre de passerelle.
2. Mise en place de HSRP
La passerelle IPv4 du VLAN 10 est 172.16.10.254, celle du VLAN 20 est 172.16.20.254, celle du VLAN 30 est 172.16.30.254, celle du VLAN 40 est 172.16.40.254.
DS1 est HSRP “active” pour les VLANs 10 et 30. DS2 est HSRP “active” pour les VLANs 20 et 40.
DS1 est HSRP “standby” pour les VLANs 20 et 40. DS2 est HSRP “standby” pour les VLANs 10 et 30.
2.1. Configuration HSRP IPv4 DS1
interface vlan 10
standby 10 ip 172.16.10.254
standby 10 priority 150
standby 10 preempt
!
interface vlan 20
standby 20 ip 172.16.20.254
!
interface vlan 30
standby 30 ip 172.16.30.254
standby 30 priority 150
standby 30 preempt
!
interface vlan 40
standby 40 ip 172.16.40.254
end
wr
2.2. Configuration HSRP IPv6 DS1
interface vlan 10
standby 16 priority 150
standby 16 preempt
standby version 2
standby 16 ipv6 fe80::d:1
!
interface vlan 20
standby version 2
standby 26 ipv6 fe80::d:1
!
interface vlan 30
standby 36 priority 150
standby 36 preempt
standby version 2
standby 36 ipv6 fe80::d:1
!
interface vlan 40
standby version 2
standby 46 ipv6 fe80::d:1
end
wr
En téléchargeant les livres du Guide CCNA 200-301 vous encouragez son auteur !
2.3. Configuration HSRP IPv4 DS2
interface vlan 10
standby 10 ip 172.16.10.254
!
interface vlan 20
standby 20 ip 172.16.20.254
standby 20 priority 150
standby 20 preempt
!
interface vlan 30
standby 30 ip 172.16.30.254
!
interface vlan 40
standby 40 ip 172.16.40.254
standby 40 priority 150
standby 40 preempt
end
wr
2.4. Configuration HSRP IPv6 DS2
interface vlan 10
standby version 2
standby 16 ipv6 fe80::d:1
!
interface vlan 20
standby 26 priority 150
standby 26 preempt
standby version 2
standby 26 ipv6 fe80::d:1
!
interface vlan 30
standby version 2
standby 36 ipv6 fe80::d:1
!
interface vlan 40
standby 46 priority 150
standby 46 preempt
standby version 2
standby 46 ipv6 fe80::d:1
end
wr
3. Vérification HSRP
show standby
!
show standby neighbors
!
show standby brief
3.1. Vérification HSRP DS1
DS1#show standby
Vlan10 - Group 10 (version 2)
State is Active
4 state changes, last state change 00:02:22
Virtual IP address is 172.16.10.254
Active virtual MAC address is 0000.0c9f.f00a (MAC In Use)
Local virtual MAC address is 0000.0c9f.f00a (v2 default)
Hello time 100 msec, hold time 300 msec
Next hello sent in 0.048 secs
Preemption enabled
Active router is local
Standby router is 172.16.10.253, priority 100 (expires in 0.256 sec)
Priority 150 (configured 150)
Group name is "hsrp-Vl10-10" (default)
Vlan10 - Group 16 (version 2)
State is Active
1 state change, last state change 00:02:20
Link-Local Virtual IPv6 address is FE80::D:1 (conf)
Active virtual MAC address is 0005.73a0.0010 (MAC In Use)
Local virtual MAC address is 0005.73a0.0010 (v2 IPv6 default)
Hello time 3 sec, hold time 10 sec
Next hello sent in 0.896 secs
Preemption enabled
Active router is local
Standby router is FE80::D:3, priority 100 (expires in 8.720 sec)
Priority 150 (configured 150)
Group name is "hsrp-Vl10-16" (default)
Vlan20 - Group 20 (version 2)
State is Standby
4 state changes, last state change 00:02:21
Virtual IP address is 172.16.20.254
Active virtual MAC address is 0000.0c9f.f014 (MAC Not In Use)
Local virtual MAC address is 0000.0c9f.f014 (v2 default)
Hello time 100 msec, hold time 300 msec
Next hello sent in 0.080 secs
Preemption enabled
Active router is 172.16.20.253, priority 150 (expires in 0.288 sec)
MAC address is 0c7d.02c4.8014
Standby router is local
Priority 150 (configured 150)
Group name is "hsrp-Vl20-20" (default)
Vlan20 - Group 26 (version 2)
State is Standby
1 state change, last state change 00:02:01
Link-Local Virtual IPv6 address is FE80::D:1 (conf)
Active virtual MAC address is 0005.73a0.001a (MAC Not In Use)
Local virtual MAC address is 0005.73a0.001a (v2 IPv6 default)
Hello time 3 sec, hold time 10 sec
Next hello sent in 0.656 secs
Preemption disabled
Active router is FE80::D:3, priority 150 (expires in 9.072 sec)
MAC address is 0c7d.02c4.8014
Standby router is local
Priority 100 (default 100)
Group name is "hsrp-Vl20-26" (default)
Vlan30 - Group 30 (version 2)
State is Active
4 state changes, last state change 00:02:22
Virtual IP address is 172.16.30.254
Active virtual MAC address is 0000.0c9f.f01e (MAC In Use)
Local virtual MAC address is 0000.0c9f.f01e (v2 default)
Hello time 100 msec, hold time 300 msec
Next hello sent in 0.096 secs
Preemption enabled
Active router is local
Standby router is 172.16.30.253, priority 100 (expires in 0.336 sec)
Priority 150 (configured 150)
Group name is "hsrp-Vl30-30" (default)
Vlan30 - Group 36 (version 2)
State is Active
1 state change, last state change 00:02:19
Link-Local Virtual IPv6 address is FE80::D:1 (conf)
Active virtual MAC address is 0005.73a0.0024 (MAC In Use)
Local virtual MAC address is 0005.73a0.0024 (v2 IPv6 default)
Hello time 3 sec, hold time 10 sec
Next hello sent in 1.888 secs
Preemption enabled
Active router is local
Standby router is FE80::D:3, priority 100 (expires in 8.640 sec)
Priority 150 (configured 150)
Group name is "hsrp-Vl30-36" (default)
Vlan40 - Group 40 (version 2)
State is Standby
4 state changes, last state change 00:02:00
Virtual IP address is 172.16.40.254
Active virtual MAC address is 0000.0c9f.f028 (MAC Not In Use)
Local virtual MAC address is 0000.0c9f.f028 (v2 default)
Hello time 3 sec, hold time 10 sec
Next hello sent in 2.528 secs
Preemption enabled
Active router is 172.16.40.253, priority 150 (expires in 11.408 sec)
MAC address is 0c7d.02c4.8028
Standby router is local
Priority 150 (configured 150)
Group name is "hsrp-Vl40-40" (default)
Vlan40 - Group 46 (version 2)
State is Standby
1 state change, last state change 00:01:59
Link-Local Virtual IPv6 address is FE80::D:1 (conf)
Active virtual MAC address is 0005.73a0.002e (MAC Not In Use)
Local virtual MAC address is 0005.73a0.002e (v2 IPv6 default)
Hello time 3 sec, hold time 10 sec
Next hello sent in 1.840 secs
Preemption disabled
Active router is FE80::D:3, priority 150 (expires in 8.720 sec)
MAC address is 0c7d.02c4.8028
Standby router is local
Priority 100 (default 100)
Group name is "hsrp-Vl40-46" (default)
DS1#show standby neighbors
HSRP neighbors on Vlan10
FE80::D:3
No active groups
Standby groups: 16
172.16.10.253
No active groups
Standby groups: 10
HSRP neighbors on Vlan20
FE80::D:3
Active groups: 26
No standby groups
172.16.20.253
Active groups: 20
No standby groups
HSRP neighbors on Vlan30
FE80::D:3
No active groups
Standby groups: 36
172.16.30.253
No active groups
Standby groups: 30
HSRP neighbors on Vlan40
FE80::D:3
Active groups: 46
No standby groups
172.16.40.253
Active groups: 40
No standby groups
DS1#show standby brief
P indicates configured to preempt.
|
Interface Grp Pri P State Active Standby Virtual IP
Vl10 10 150 P Active local 172.16.10.253 172.16.10.254
Vl10 16 150 P Active local FE80::D:3 FE80::D:1
Vl20 20 150 P Standby 172.16.20.253 local 172.16.20.254
Vl20 26 100 Standby FE80::D:3 local FE80::D:1
Vl30 30 150 P Active local 172.16.30.253 172.16.30.254
Vl30 36 150 P Active local FE80::D:3 FE80::D:1
Vl40 40 150 P Standby 172.16.40.253 local 172.16.40.254
Vl40 46 100 Standby FE80::D:3 local FE80::D:1
En téléchargeant les livres du Guide CCNA 200-301 vous encouragez son auteur !
3.2. Vérification HSRP DS2
DS2#show standby
Vlan10 - Group 10 (version 2)
State is Standby
4 state changes, last state change 00:05:10
Virtual IP address is 172.16.10.254
Active virtual MAC address is 0000.0c9f.f00a (MAC Not In Use)
Local virtual MAC address is 0000.0c9f.f00a (v2 default)
Hello time 100 msec, hold time 300 msec
Next hello sent in 0.064 secs
Preemption disabled
Active router is 172.16.10.252, priority 150 (expires in 0.256 sec)
MAC address is 0c7d.02a4.800a
Standby router is local
Priority 100 (default 100)
Group name is "hsrp-Vl10-10" (default)
Vlan10 - Group 16 (version 2)
State is Standby
4 state changes, last state change 00:04:57
Link-Local Virtual IPv6 address is FE80::D:1 (conf)
Active virtual MAC address is 0005.73a0.0010 (MAC Not In Use)
Local virtual MAC address is 0005.73a0.0010 (v2 IPv6 default)
Hello time 3 sec, hold time 10 sec
Next hello sent in 0.976 secs
Preemption disabled
Active router is FE80::D:2, priority 150 (expires in 11.680 sec)
MAC address is 0c7d.02a4.800a
Standby router is local
Priority 100 (default 100)
Group name is "hsrp-Vl10-16" (default)
Vlan20 - Group 20 (version 2)
State is Active
2 state changes, last state change 00:08:42
Virtual IP address is 172.16.20.254
Active virtual MAC address is 0000.0c9f.f014 (MAC In Use)
Local virtual MAC address is 0000.0c9f.f014 (v2 default)
Hello time 100 msec, hold time 300 msec
Next hello sent in 0.064 secs
Preemption enabled
Active router is local
Standby router is 172.16.20.252, priority 150 (expires in 0.320 sec)
Priority 150 (configured 150)
Group name is "hsrp-Vl20-20" (default)
Vlan20 - Group 26 (version 2)
State is Active
2 state changes, last state change 00:08:19
Link-Local Virtual IPv6 address is FE80::D:1 (conf)
Active virtual MAC address is 0005.73a0.001a (MAC In Use)
Local virtual MAC address is 0005.73a0.001a (v2 IPv6 default)
Hello time 3 sec, hold time 10 sec
Next hello sent in 1.568 secs
Preemption enabled
Active router is local
Standby router is FE80::D:2, priority 100 (expires in 9.632 sec)
Priority 150 (configured 150)
Group name is "hsrp-Vl20-26" (default)
Vlan30 - Group 30 (version 2)
State is Standby
4 state changes, last state change 00:05:09
Virtual IP address is 172.16.30.254
Active virtual MAC address is 0000.0c9f.f01e (MAC Not In Use)
Local virtual MAC address is 0000.0c9f.f01e (v2 default)
Hello time 100 msec, hold time 300 msec
Next hello sent in 0.016 secs
Preemption disabled
Active router is 172.16.30.252, priority 150 (expires in 0.240 sec)
MAC address is 0c7d.02a4.801e
Standby router is local
Priority 100 (default 100)
Group name is "hsrp-Vl30-30" (default)
Vlan30 - Group 36 (version 2)
State is Standby
4 state changes, last state change 00:04:55
Link-Local Virtual IPv6 address is FE80::D:1 (conf)
Active virtual MAC address is 0005.73a0.0024 (MAC Not In Use)
Local virtual MAC address is 0005.73a0.0024 (v2 IPv6 default)
Hello time 3 sec, hold time 10 sec
Next hello sent in 1.024 secs
Preemption disabled
Active router is FE80::D:2, priority 150 (expires in 10.800 sec)
MAC address is 0c7d.02a4.801e
Standby router is local
Priority 100 (default 100)
Group name is "hsrp-Vl30-36" (default)
Vlan40 - Group 40 (version 2)
State is Active
2 state changes, last state change 00:08:18
Virtual IP address is 172.16.40.254
Active virtual MAC address is 0000.0c9f.f028 (MAC In Use)
Local virtual MAC address is 0000.0c9f.f028 (v2 default)
Hello time 3 sec, hold time 10 sec
Next hello sent in 1.568 secs
Preemption enabled
Active router is local
Standby router is 172.16.40.252, priority 150 (expires in 9.296 sec)
Priority 150 (configured 150)
Group name is "hsrp-Vl40-40" (default)
Vlan40 - Group 46 (version 2)
State is Active
2 state changes, last state change 00:08:20
Link-Local Virtual IPv6 address is FE80::D:1 (conf)
Active virtual MAC address is 0005.73a0.002e (MAC In Use)
Local virtual MAC address is 0005.73a0.002e (v2 IPv6 default)
Hello time 3 sec, hold time 10 sec
Next hello sent in 1.056 secs
Preemption enabled
Active router is local
Standby router is FE80::D:2, priority 100 (expires in 9.280 sec)
Priority 150 (configured 150)
Group name is "hsrp-Vl40-46" (default)
DS2#show standby neighbors
HSRP neighbors on Vlan10
FE80::D:2
Active groups: 16
No standby groups
172.16.10.252
Active groups: 10
No standby groups
HSRP neighbors on Vlan20
FE80::D:2
No active groups
Standby groups: 26
172.16.20.252
No active groups
Standby groups: 20
HSRP neighbors on Vlan30
FE80::D:2
Active groups: 36
No standby groups
172.16.30.252
Active groups: 30
No standby groups
HSRP neighbors on Vlan40
FE80::D:2
No active groups
Standby groups: 46
172.16.40.252
No active groups
Standby groups: 40
DS2#show standby brief
P indicates configured to preempt.
|
Interface Grp Pri P State Active Standby Virtual IP
Vl10 10 100 Standby 172.16.10.252 local 172.16.10.254
Vl10 16 100 Standby FE80::D:2 local FE80::D:1
Vl20 20 150 P Active local 172.16.20.252 172.16.20.254
Vl20 26 150 P Active local FE80::D:2 FE80::D:1
Vl30 30 100 Standby 172.16.30.252 local 172.16.30.254
Vl30 36 100 Standby FE80::D:2 local FE80::D:1
Vl40 40 150 P Active local 172.16.40.252 172.16.40.254
Vl40 46 150 P Active local FE80::D:2 FE80::D:1
En téléchargeant les livres du Guide CCNA 200-301 vous encouragez son auteur !
3.3. Configuration du service DHCP
La passerelle est désormais l’adresse IP virtuelle configurée avec HSRP. La distribution des plages via DHCP sur DS1 et DS2 apporte un peu de redondance dans ce service.
DS1 Serveur DHCP
ip dhcp pool VLAN10
network 172.16.10.0 255.255.255.0
default-router 172.16.10.254
ip dhcp excluded-address 172.16.10.50 172.16.10.254
ip dhcp pool VLAN20
network 172.16.20.0 255.255.255.0
default-router 172.16.20.254
ip dhcp excluded-address 172.16.20.50 172.16.20.254
ip dhcp pool VLAN30
network 172.16.30.0 255.255.255.0
default-router 172.16.30.254
ip dhcp excluded-address 172.16.30.50 172.16.30.254
ip dhcp pool VLAN40
network 172.16.40.0 255.255.255.0
default-router 172.16.40.254
ip dhcp excluded-address 172.16.40.50 172.16.40.254
DS2 Serveur DHCP
ip dhcp pool VLAN10
network 172.16.10.0 255.255.255.0
default-router 172.16.10.254
ip dhcp excluded-address 172.16.10.1 172.16.10.50
ip dhcp excluded-address 172.16.10.100 172.16.10.254
ip dhcp pool VLAN20
network 172.16.20.0 255.255.255.0
default-router 172.16.20.254
ip dhcp excluded-address 172.16.20.1 172.16.20.50
ip dhcp excluded-address 172.16.20.100 172.16.20.254
ip dhcp pool VLAN30
network 172.16.30.0 255.255.255.0
default-router 172.16.30.254
ip dhcp excluded-address 172.16.30.1 172.16.30.50
ip dhcp excluded-address 172.16.30.100 172.16.30.254
ip dhcp pool VLAN40
network 172.16.40.0 255.255.255.0
default-router 172.16.40.254
ip dhcp excluded-address 172.16.40.1 172.16.40.50
ip dhcp excluded-address 172.16.40.100 172.16.40.254
Vérification DHCP
Sur DS1 et sur DS2
DS1#show ip dhcp binding
Bindings from all pools not associated with VRF:
IP address Client-ID/ Lease expiration Type State Interface
Hardware address/
User name
172.16.10.1 0cf2.c1b4.3c00 Sep 04 2018 07:03 PM Automatic Active Vlan10
172.16.10.2 0cf2.c107.bf00 Sep 04 2018 07:03 PM Automatic Active Vlan10
172.16.20.2 0cf2.c131.4300 Sep 04 2018 07:03 PM Automatic Active Vlan20
172.16.30.2 0cf2.c122.2600 Sep 04 2018 07:03 PM Automatic Active Vlan30
172.16.40.2 0cf2.c155.7b00 Sep 04 2018 07:03 PM Automatic Active Vlan40
DS2#show ip dhcp binding
Bindings from all pools not associated with VRF:
IP address Client-ID/ Lease expiration Type State Interface
Hardware address/
User name
172.16.20.51 0cf2.c1b3.9600 Sep 04 2018 07:03 PM Automatic Active Vlan20
172.16.30.51 0cf2.c1e3.7000 Sep 04 2018 07:03 PM Automatic Active Vlan30
172.16.40.53 0cf2.c1c5.7200 Sep 04 2018 07:03 PM Automatic Active Vlan40
3.4. Connectivité de bout en bout
Vérification de la connectivité de bout en bout.
for x in 10 20 30 40 ; do ping -c 1 172.16.$x.254 ; arp -a; done
4. Épreuves
Sur base de :
- un ping continu d’un PC vers sa passerelle par défaut,
- un ping continu d’un PC vers un PC d’un autre VLAN.
Deux épreuves :
- Rupture de liaison.
- Rupture de passerelle.
Ping continu d’un PC du VLAN 10 vers sa passerelle.
root@PC1:~# ping 172.16.10.254
4.1. Rupture de liaison
Rompre la liaison entre AS1 et DS1.
interface po1
shutdown
En faisant tomber l’interface po1 sur DS1, HSRP n’intervient pas. Le délai éprouvé est celui de RSTP. La passerelle du VLAN 10 est maintenant joignable via chemin sous-optimal par DS2.
Remonter l’interface po1 de DS1.
interface po1
no shutdown
Cette épreuve ne vérifie que l’oeuvre de Spanning-Tree et non celle de HSRP.
En téléchargeant les livres du Guide CCNA 200-301 vous encouragez son auteur !
4.2. Rupture d’une passerelle
Pour éprouver HSRP, il faut vraiment faire tomber la passerelle. Le délai vécu est celui de 3 secondes de Hello et de 10 secondes de reprise.
En adaptant les délais HSRP de mise à jour à 100 msec et le compteur de retenue à 300 msec sur les deux commutateurs de couche Distribution DS1 et DS2, on obtiendra de meilleurs résultats.
interface vlan10
standby 10 timers msec 100 msec 300
interface vlan20
standby 20 timers msec 100 msec 300
interface vlan30
standby 30 timers msec 100 msec 300
interface vlan40
standby 30 timers msec 100 msec 300
En faisant retomber DS1 à nouveau aucun paquet n’est perdu.
4.3. Passerelle IPv6
Il semblerait que HSRP fasse aussi son oeuvre en IPv6. Quel est la table de routage de PC1 par exemple ?
[root@PC1 ~]# ip -6 route | grep default
default via fe80::d:1 dev eth0 proto ra metric 100 pref high
Une seule passerelle est annoncée ce qui rétablit une situation voulue.
5. Mise en place de l’authentification HSRP en MD5
Sur DS1 et sur DS2.
key chain hsrp10
key 1
key-string testtest
interface vlan 10
standby 10 authentication md5 key-chain hsrp10
key chain hsrp20
key 1
key-string testtest
interface vlan 20
standby 20 authentication md5 key-chain hsrp20
key chain hsrp30
key 1
key-string testtest
interface vlan 30
standby 30 authentication md5 key-chain hsrp30
key chain hsrp40
key 1
key-string testtest
interface vlan 40
standby 40 authentication md5 key-chain hsrp40
key chain hsrp10
key 1
key-string testtest
En téléchargeant les livres du Guide CCNA 200-301 vous encouragez son auteur !
6. Variantes
- Migration VRRP
- Suivi des interfaces (Tracking)
7. Fichiers de configuration
DS1
key chain hsrp10
key 1
key-string testtest
interface vlan 10
standby 10 ip 172.16.10.254
standby 10 priority 150
standby 10 preempt
standby version 2
standby 16 priority 150
standby 16 preempt
standby 16 ipv6 fe80::d:1
standby 10 timers msec 100 msec 300
standby 10 authentication md5 key-chain hsrp10
key chain hsrp20
key 1
key-string testtest
interface vlan 20
standby 20 ip 172.16.20.254
standby version 2
standby 26 ipv6 fe80::d:1
standby 20 timers msec 100 msec 300
standby 20 authentication md5 key-chain hsrp20
key chain hsrp30
key 1
key-string testtest
interface vlan 30
standby 30 ip 172.16.30.254
standby 30 priority 150
standby 30 preempt
standby version 2
standby 36 priority 150
standby 36 preempt
standby 36 ipv6 fe80::d:1
standby 30 timers msec 100 msec 300
standby 30 authentication md5 key-chain hsrp30
key chain hsrp40
key 1
key-string testtest
interface vlan 40
standby 40 ip 172.16.40.254
standby version 2
standby 46 ipv6 fe80::d:1
standby 40 timers msec 100 msec 300
standby 40 authentication md5 key-chain hsrp40
DS2
key chain hsrp10
key 1
key-string testtest
interface vlan 10
standby 10 ip 172.16.10.254
standby version 2
standby 16 ipv6 fe80::d:1
standby 10 timers msec 100 msec 300
standby 10 authentication md5 key-chain hsrp10
key chain hsrp20
key 1
key-string testtest
interface vlan 20
standby 20 ip 172.16.20.254
standby 20 priority 150
standby 20 preempt
standby version 2
standby 26 ipv6 fe80::d:1
standby 26 priority 150
standby 26 preempt
standby 20 timers msec 100 msec 300
standby 20 authentication md5 key-chain hsrp20
key chain hsrp30
key 1
key-string testtest
interface vlan 30
standby 30 ip 172.16.30.254
standby version 2
standby 36 ipv6 fe80::d:1
standby 30 timers msec 100 msec 300
standby 30 authentication md5 key-chain hsrp30
key chain hsrp40
key 1
key-string testtest
interface vlan 40
standby 40 ip 172.16.40.254
standby 40 priority 150
standby 40 preempt
standby version 2
standby 46 ipv6 fe80::d:1
standby 46 priority 150
standby 46 preempt
standby 40 timers msec 100 msec 300
standby 40 authentication md5 key-chain hsrp40
