3월 16 2022

cisco Nexus HSRP 설정

Nexus HSRP 설정.

Nexus 7000 2대를 백본으로 사용하며 위쪽에 방화벽 1개를 사용하는 구성.

방화벽과 Nexus 사이를 ospf 구성하고 싶었으나 방화벽쪽에서 난색(?)을 표하여, 방화벽과 Nexus 연결을 hsrp로 설정하여 연결함.(방화벽은 라우터 모드)

1. 각 장비 구성은 아래와 같다.

* Nexus1
hostname: Backbone_1
ip: 172.16.10.2

*Nexus2
ip: 172.16.10.3
hostname: Backbone_2

* HSRP
hsrp 그룹: 8
Virtual IP: 172.16.10.1
적용할 인터페이스: VLAN 444
Nexus1을 Active , Nexus2를 Standby

vlan에 포트 할당하는 부분은 생략함.

2. 설정 및 확인.

* Nexus1 설정

Backbone_1-Main(config)# feature hsrp 

Backbone_1(config)# vlan 444
Backbone_1(config-vlan)# exit
Backbone_1(config)# int vlan 444
Backbone_1(config-if)# no ip redirect
Backbone_1(config-if)# ip address 172.16.10.2/24
Backbone_1(config-if)# hsrp 10
Backbone_1(config-if-hsrp)# preempt
Backbone_1(config-if-hsrp)# ip 172.16.10.1
Backbone_1(config-if-hsrp)# exit
Backbone_1(config-if)# no shutdown
Backbone_1(config-if)# end

* Nexus2 설정

Backbone_2(config)# feature hsrp
Backbone_2(config)# vlan 444
Backbone_2(config-vlan)# exit
Backbone_2(config)# int vlan 444
Backbone_2(config-if)# no ip redirect
Backbone_2(config-if)# ip address 172.16.10.3/24
Backbone_2(config-if)# hsrp 10
Backbone_2(config-if-hsrp)# preempt
Backbone_2(config-if-hsrp)# priority 90
Backbone_2(config-if-hsrp)# ip 172.16.10.1
Backbone_2(config-if-hsrp)# exit
Backbone_2(config-if)# no shutdown
Backbone_2(config-if)# end

Nexus1에서 priority를 설정하지 않았지만 priority는 100으로 보인다. 이 값이 크면 Active로 동작한다.

Backbone_1# show hsrp
Vlan444 - Group 8 (HSRP-V1) (IPv4)
  Local state is Active, priority 100 (Cfged 100), may preempt
    Forwarding threshold(for vPC), lower: 1 upper: 100 
  Hellotime 3 sec, holdtime 10 sec
  Next hello sent in 1.476000 sec(s)
  Virtual IP address is 172.16.10.1 (Cfged)
  Active router is local
  Standby router is 172.16.10.3 , priority 90 expires in 0.361000 sec(s)
  Authentication text "cisco"
  Virtual mac address is 0000.0c07.ac08 (Default MAC)
  2 state changes, last state change 5w2d
  IP redundancy name is hsrp-Vlan444-8 (default)
Backbone_2# show hsrp
Vlan444 - Group 8 (HSRP-V1) (IPv4)
  Local state is Standby, priority 90 (Cfged 90), may preempt
    Forwarding threshold(for vPC), lower: 1 upper: 90 
  Hellotime 3 sec, holdtime 10 sec
  Next hello sent in 2.308000 sec(s)
  Virtual IP address is 172.16.10.1 (Cfged)
  Active router is 172.16.10.1, priority 100 expires in 10.499000 sec(s)
  Standby router is local 
  Authentication text "cisco"
  Virtual mac address is 0000.0c07.ac08 (Default MAC)
  1 state changes, last state change 5w2d
  IP redundancy name is hsrp-Vlan444-8 (default)

failover 테스트도 이상 없음.

답글 남기기

Your email address will not be published.