Q&A
ご回答ありがとうございます????
まだこの仕事についてから月日が浅くよく理解ができておらず申し訳ないのですが、「下からの経路」と「上からの経路」とはどこを指しているのでしょうか??
また、これを改善するとなるとどのようにしたらよろしいのでしょうか??
前提
]
HSRPの検証をしています。経路などの設定は問題がなくできていますが、LANを抜いて障害が起きた時の挙動を確認していた際、PC側からはうまく経路を迂回して通ることが確認できているのですが、インターネットに見立てているL3側からpingを飛ばしても戻ってきません。どうしたら戻ってくるようになるのでしょうか。
赤い×がある場所の線を抜いた際vlan100からVlan10にいる端末へpingを投げた際帰ってきません。
tracerouteで172.16.40.1まで戻ってきていることは確認できています。
L2_1(show run)
L2_1#show run
Building configuration...
Current configuration : 3254 bytes
!
! Last configuration change at 04:02:54 UTC Mon Mar 1 1993 by admin
!
version 15.0
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname L2_1
!
boot-start-marker
boot-end-marker
!
no aaa new-model
system mtu routing 1500
vtp mode transparent
!
!
!
!
crypto pki trustpoint TP-self-signed-204595584
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-204595584
revocation-check none
rsakeypair TP-self-signed-204595584
!
spanning-tree mode pvst
spanning-tree extend system-id
!
vlan internal allocation policy ascending
!
vlan 10
!
interface FastEthernet0/1
switchport access vlan 10
switchport mode access
!
interface FastEthernet0/2
switchport access vlan 10
switchport mode access
!
interface FastEthernet0/3
switchport access vlan 10
switchport mode access
!
interface FastEthernet0/4
!
interface FastEthernet0/5
!
!
interface GigabitEthernet0/1
!
interface GigabitEthernet0/2
!
interface Vlan1
no ip address
shutdown
!
interface Vlan10
ip address 192.168.10.1 255.255.255.0
!
ip default-gateway 192.168.10.254
ip http server
ip http secure-server
!
!
line con 0
line vty 0 4
login local
line vty 5 15
login local
!
end
L2_2(show run)
L2_2#show run
Building configuration...
Current configuration : 3107 bytes
!
version 15.0
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname L2_2
!
boot-start-marker
boot-end-marker
!
no aaa new-model
system mtu routing 1500
vtp mode transparent
!
!
!
!
crypto pki trustpoint TP-self-signed-1939862656
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-1939862656
revocation-check none
rsakeypair TP-self-signed-1939862656
!
!
spanning-tree mode pvst
spanning-tree extend system-id
!
vlan internal allocation policy ascending
!
vlan 20
!
interface FastEthernet0/1
switchport access vlan 20
switchport mode access
!
interface FastEthernet0/2
switchport access vlan 20
switchport mode access
!
interface FastEthernet0/3
!
interface FastEthernet0/4
!
interface FastEthernet0/5
!
interface GigabitEthernet0/1
!
interface GigabitEthernet0/2
!
interface Vlan1
no ip address
shutdown
!
interface Vlan20
ip address 192.168.20.1 255.255.255.0
!
ip http server
ip http secure-server
!
!
line con 0
line vty 0 4
login local
line vty 5 15
login local
!
end
###L3_1(show run)
L3_1#show run
Building configuration...
Current configuration : 1881 bytes
!
version 12.2
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname L3_1
!
boot-start-marker
boot-end-marker
!
no aaa new-model
system mtu routing 1500
vtp mode transparent
ip subnet-zero
ip routing
!
!
spanning-tree mode pvst
spanning-tree extend system-id
!
vlan internal allocation policy ascending
!
vlan 10,20,30,70
!
!
!
!
interface Port-channel1
switchport access vlan 70
switchport mode access
!
interface FastEthernet0/1
switchport access vlan 10
switchport mode access
!
interface FastEthernet0/2
switchport access vlan 20
switchport mode access
!
interface FastEthernet0/3
!
interface FastEthernet0/4
!
interface FastEthernet0/5
switchport access vlan 70
switchport mode access
channel-group 1 mode active
!
interface FastEthernet0/6
switchport access vlan 70
switchport mode access
channel-group 1 mode active
!
interface FastEthernet0/7
!
interface FastEthernet0/8
!
interface FastEthernet0/9
!
interface FastEthernet0/10
!
interface FastEthernet0/11
!
interface FastEthernet0/12
switchport access vlan 30
switchport mode access
!
interface GigabitEthernet0/1
!
interface Vlan1
no ip address
!
interface Vlan10
ip address 192.168.10.253 255.255.255.0
standby 10 ip 192.168.10.254
standby 10 priority 105
standby 10 preempt
!
interface Vlan20
ip address 192.168.20.252 255.255.255.0
standby 20 ip 192.168.20.254
standby 20 preempt
!
interface Vlan30
ip address 172.16.30.1 255.255.255.0
!
interface Vlan70
ip address 172.16.70.1 255.255.255.0
!
ip classless
ip route 172.16.100.0 255.255.255.0 172.16.30.254
ip route 172.16.100.0 255.255.255.0 172.16.70.2 115
ip http server
ip http secure-server
!
!
!
control-plane
!
!
line con 0
line vty 0 4
login local
line vty 5 15
login local
!
###L3_1(show standby brief)
L3_1#show standby brief
P indicates configured to preempt.
|
Interface Grp Pri P State Active Standby Virtual IP
Vl10 10 105 P Active local 192.168.10.252 192.168.10.254
Vl20 20 100 P Standby 192.168.20.253 local 192.168.20.254
L3_2(show run)
L3_2#show run
Building configuration...
Current configuration : 1881 bytes
!
version 12.2
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname L3_2
!
boot-start-marker
boot-end-marker
!
no aaa new-model
system mtu routing 1500
vtp mode transparent
ip subnet-zero
ip routing
!
spanning-tree mode pvst
spanning-tree extend system-id
!
vlan internal allocation policy ascending
!
vlan 10,20,40,70
!
!
!
!
interface Port-channel1
switchport access vlan 70
switchport mode access
!
interface FastEthernet0/1
switchport access vlan 10
switchport mode access
!
interface FastEthernet0/2
switchport access vlan 20
switchport mode access
!
interface FastEthernet0/3
!
interface FastEthernet0/4
!
interface FastEthernet0/5
switchport access vlan 70
switchport mode access
channel-group 1 mode active
!
interface FastEthernet0/6
switchport access vlan 70
switchport mode access
channel-group 1 mode active
!
interface FastEthernet0/7
!
interface FastEthernet0/8
!
interface FastEthernet0/9
!
interface FastEthernet0/10
!
interface FastEthernet0/11
!
interface FastEthernet0/12
switchport access vlan 40
switchport mode access
!
interface GigabitEthernet0/1
!
interface Vlan1
no ip address
!
interface Vlan10
ip address 192.168.10.252 255.255.255.0
standby 10 ip 192.168.10.254
standby 10 preempt
!
interface Vlan20
ip address 192.168.20.253 255.255.255.0
standby 20 ip 192.168.20.254
standby 20 priority 105
standby 20 preempt
!
interface Vlan40
ip address 172.16.40.1 255.255.255.0
!
interface Vlan70
ip address 172.16.70.2 255.255.255.0
!
ip classless
ip route 172.16.100.0 255.255.255.0 172.16.40.254
ip route 172.16.100.0 255.255.255.0 172.16.70.1 115
ip http server
ip http secure-server
!
!
!
control-plane
!
!
line con 0
line vty 0 4
login local
line vty 5 15
login local
!
end
###L3_2(show standby brief)
L3_2#show standby brief
P indicates configured to preempt.
|
Interface Grp Pri P State Active Standby Virtual IP
Vl10 10 100 P Standby 192.168.10.253 local 192.168.10.254
Vl20 20 105 P Active local 192.168.20.252 192.168.20.254
###L3_3(show run)
L3_3#show run
Building configuration...
Current configuration : 1902 bytes
!
version 12.2
no service pad
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname L3_3
!
no aaa new-model
vtp mode transparent
ip subnet-zero
ip routing
!
!
!
!
no file verify auto
spanning-tree mode pvst
spanning-tree extend system-id
!
vlan internal allocation policy ascending
!
vlan 30,40,100
!
!
interface FastEthernet0/1
switchport access vlan 30
switchport mode access
!
interface FastEthernet0/2
switchport access vlan 40
switchport mode access
!
interface FastEthernet0/3
switchport access vlan 100
switchport mode access
!
interface FastEthernet0/4
switchport access vlan 100
!
interface FastEthernet0/5
!
interface FastEthernet0/6
!
interface GigabitEthernet0/1
!
interface GigabitEthernet0/2
!
interface Vlan1
no ip address
!
interface Vlan30
ip address 172.16.30.254 255.255.255.0
!
interface Vlan40
ip address 172.16.40.254 255.255.255.0
!
interface Vlan100
ip address 172.16.100.254 255.255.255.0
!
ip classless
ip route 192.168.10.0 255.255.255.0 172.16.30.1
ip route 192.168.10.0 255.255.255.0 172.16.40.1 115
ip route 192.168.20.0 255.255.255.0 172.16.40.1
ip route 192.168.20.0 255.255.255.0 172.16.30.1 115
ip http server
!
!
!
control-plane
!
!
line con 0
line vty 0 4
login local
line vty 5 15
login local
!
!
end
回答2件
0
端末からインターネット見立てL3
その逆それぞれでtracertを行うとどこで止まっているのか分かると思いますよ。
お試しください。
投稿2020/03/26 01:57
総合スコア252
0
ネットワークの設計としてはよろしくないです
理由としては、「赤い×がある場所の線を抜いた際」に
下から上への経路と
上から下への経路が
異なるためです
障害発生時においても、対象ルートになるように設計してみてください
※質問のときの障害ですとHSRPのテストではなくフローティングスタティックのテストになってますね。→HSRPの動作には影響がない
投稿2020/03/24 15:09
総合スコア2751
図の上下です
・下からの経路:端末発 → インターネット見立てL3スイッチ宛
・上からの経路:インターネット見立てL3スイッチ発 → 端末宛
改善案1) L3_1~L3_2間をルーティングではなく、L2 Trunkでつなぐ
改善案2) インターネット側インタフェースのLinkdownを検知したら、LAN側のHSRPが切り替わるようにする
図の構成の場合、私が設定するなら案1です。
もし勉強している状況でしたら、両案の設定を検証してみるといいです。
あなたの回答
tips
プレビュー
バッドをするには、ログインかつ
こちらの条件を満たす必要があります。