前回はISPとネットワークの入り口との接続部分を構築した。
いよいよネットワークの内部の構築に着手していくわけだが、今回の部位はこのネットワークの中で最も複雑な箇所となっている。
内容としては冗長化だ。前回に引き続くBGPによる経路冗長化、HSRPによるゲートウェイの冗長化を行う。
作業対象
| ホスト名 | 機種 | OS |
|---|---|---|
| 共通L3SW#1(CMNSW01) | WS-C3550-24 | |
| 共通L3SW#2(CMNSW02) | WS-C3550-48 |
設定項目
・iBGP
・ポートチャネル
・トランクポート
・HSRP
設定投入
共通L3SW#1
CMNSW01#configure terminal
!--- 共通L3SW#2向けインターフェース作成
CMNSW01(config)#interface Vlan 105
CMNSW01(config-if)#ip address 10.5.0.1 255.255.255.252
CMNSW01(config-if)#exit
CMNSW01(config)#interface FastEthernet0/20
CMNSW01(config-if)#switchport mode access
CMNSW01(config-if)#switchport access vlan 105
CMNSW01(config-if)#exit!--- iBGPの設定
CMNSW01(config)#router bgp 100
CMNSW01(config-router)#network 10.5.0.0 mask 255.255.255.252
CMNSW01(config-router)#neighbor 1.1.1.250 remote-as 100
CMNSW01(config-router)#neighbor 1.1.1.250 update-source Loopback1
CMNSW01(config-router)#exit!--- eBGPネイバー宛の経路をスタティックルートで設定
CMNSW01(config)#ip route 1.1.1.250 255.255.255.255 10.5.0.2!--- Port-channelでtrunkポートの作成
CMNSW01(config)#interface FastEthernet0/21
CMNSW01(config)#channel-group 1 mode active
CMNSW01(config-if)#exit
CMNSW01(config)#interface FastEthernet0/22
CMNSW01(config-if)#channel-group 1 mode active
CMNSW01(config-if)#exit
CMNSW01(config)#interface Port-channel1
CMNSW01(config-if)#switchport trunk encapsulation dot1q
CMNSW01(config-if)#switchport mode trunk
CMNSW01(config-if)#exit!--- 共通FW向けインターフェース設定
CMNSW01(config)#interface FastEthernet0/1
CMNSW01(config-if)#switchport mode access
CMNSW01(config-if)#switchport access vlan 104
CMNSW01(config-if)#exit
CMNSW01(config)#interface Vlan104
CMNSW01(config-if)#ip address 10.4.0.253 255.255.255.0!--- HSRPの設定
CMNSW01(config-if)#standby 1 ip 10.4.0.254
CMNSW01(config-if)#standby 1 priority 105
CMNSW01(config-if)#standby 1 preempt
CMNSW01(config-if)#standby 1 track FastEthernet 0/23 10
CMNSW01(config-if)#exit
共通L3SW#2
CMNSW02#configure terminal
!--- 共通L3SW#1向けインターフェース作成
CMNSW02(config)#interface Vlan 105
CMNSW02(config-if)#ip address 10.5.0.2 255.255.255.252
CMNSW02(config-if)#exit
CMNSW02(config)#interface FastEthernet0/20
CMNSW02(config-if)#switchport mode access
CMNSW02(config-if)#switchport access vlan 105
CMNSW02(config-if)#exit!--- iBGPの設定
CMNSW02(config)#router bgp 100
CMNSW02(config-router)#network 10.5.0.0 mask 255.255.255.252
CMNSW02(config-router)#neighbor 1.1.1.251 remote-as 100
CMNSW02(config-router)#neighbor 1.1.1.251 update-source Loopback1
CMNSW02(config-router)#exit!--- eBGPネイバー宛の経路をスタティックルートで設定
CMNSW02(config)#ip route 1.1.1.251 255.255.255.255 10.5.0.1!--- Port-channelでtrunkポートの作成
CMNSW02(config)#interface FastEthernet0/21
CMNSW02(config-if)#channel-group 1 mode active
CMNSW02(config-if)#exit
CMNSW02(config)#interface FastEthernet0/22
CMNSW02(config-if)#channel-group 1 mode active
CMNSW02(config-if)#exit
CMNSW02(config)#interface Port-channel1
CMNSW02(config-if)#switchport trunk encapsulation dot1q
CMNSW02(config-if)#switchport mode trunk
CMNSW02(config-if)#exit!--- 共通FW向けインターフェース設定
CMNSW02(config)#interface FastEthernet0/1
CMNSW02(config-if)#switchport mode access
CMNSW02(config-if)#switchport access vlan 104
CMNSW02(config-if)#exit
CMNSW02(config)#interface Vlan104
CMNSW02(config-if)#ip address 10.4.0.252 255.255.255.0!--- HSRPの設定
CMNSW02(config-if)#standby 1 ip 10.4.0.254
CMNSW02(config-if)#standby 1 priority 100
CMNSW02(config-if)#standby 1 preempt
CMNSW02(config-if)#standby 1 track FastEthernet 0/23 10
CMNSW02(config-if)#exit
設定確認
コンフィグ(共通L3SW#1)
Building configuration...
Current configuration : 5060 bytes
!
version 12.2
no service pad
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname CMNSW01
!
!
!
!
no aaa new-model
!
track 1 interface FastEthernet0/23 line-protocol
ip routing
no ip domain-lookup
!
〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜
!
interface Loopback1
ip address 1.1.1.251 255.255.255.255
!
interface Port-channel1
switchport trunk encapsulation dot1q
switchport mode dynamic desirable
!
interface FastEthernet0/1
switchport access vlan 104
switchport mode access
!
〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜
!
interface FastEthernet0/20
switchport access vlan 105
switchport mode access
!
interface FastEthernet0/21
switchport trunk encapsulation dot1q
switchport mode dynamic desirable
channel-group 1 mode active
!
interface FastEthernet0/22
switchport trunk encapsulation dot1q
switchport mode dynamic desirable
channel-group 1 mode active
!
interface FastEthernet0/23
switchport access vlan 106
switchport mode access
!
interface FastEthernet0/24
switchport access vlan 100
switchport mode access
!
〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜
!
interface Vlan100
ip address 10.0.0.251 255.255.255.0
!
interface Vlan104
ip address 10.4.0.253 255.255.255.0
standby 1 ip 10.4.0.254
standby 1 priority 105
standby 1 preempt
standby 1 track 1 decrement 10
!
interface Vlan105
ip address 10.5.0.1 255.255.255.252
!
interface Vlan106
ip address 10.5.0.5 255.255.255.252
!
router bgp 100
no synchronization
bgp log-neighbor-changes
network 10.5.0.0 mask 255.255.255.252
network 10.5.0.4 mask 255.255.255.252
timers bgp 10 30
redistribute static
neighbor 1.1.1.250 remote-as 100
neighbor 1.1.1.250 update-source Loopback1
neighbor 1.1.1.252 remote-as 200
neighbor 1.1.1.252 ebgp-multihop 255
neighbor 1.1.1.252 update-source Loopback1
no auto-summary
!
ip classless
ip route 1.1.1.250 255.255.255.255 10.5.0.2
ip route 1.1.1.252 255.255.255.255 10.5.0.6
ip http server
ip http secure-server
!
〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜
!
end
コンフィグ(共通L3SW#2)
Building configuration...
Current configuration : 6587 bytes
!
version 12.2
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname CMNSW02
!
!
!
!
no aaa new-model
!
track 1 interface FastEthernet0/23 line-protocol
ip routing
no ip domain-lookup
!
〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜
!
interface Loopback1
ip address 1.1.1.250 255.255.255.255
!
interface Port-channel1
switchport trunk encapsulation dot1q
switchport mode dynamic desirable
!
interface FastEthernet0/1
switchport access vlan 104
switchport mode access
!
〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜
!
interface FastEthernet0/20
switchport access vlan 105
switchport mode access
!
interface FastEthernet0/21
switchport trunk encapsulation dot1q
switchport mode dynamic desirable
channel-group 1 mode active
!
interface FastEthernet0/22
switchport trunk encapsulation dot1q
switchport mode dynamic desirable
channel-group 1 mode active
!
interface FastEthernet0/23
switchport access vlan 107
switchport mode access
!
interface FastEthernet0/24
switchport access vlan 100
switchport mode access
!
〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜
!
interface Vlan100
ip address 10.0.0.250 255.255.255.0
!
interface Vlan104
ip address 10.4.0.252 255.255.255.0
standby 1 ip 10.4.0.254
standby 1 preempt
standby 1 track 1 decrement 10
!
interface Vlan105
ip address 10.5.0.2 255.255.255.252
!
interface Vlan107
ip address 10.5.0.9 255.255.255.252
!
router bgp 100
no synchronization
bgp log-neighbor-changes
network 10.5.0.0 mask 255.255.255.252
network 10.5.0.8 mask 255.255.255.252
timers bgp 10 30
redistribute static
neighbor 1.1.1.251 remote-as 100
neighbor 1.1.1.251 update-source Loopback1
neighbor 1.1.1.252 remote-as 200
neighbor 1.1.1.252 ebgp-multihop 255
neighbor 1.1.1.252 update-source Loopback1
no auto-summary
!
ip classless
ip route 1.1.1.251 255.255.255.255 10.5.0.1
ip route 1.1.1.252 255.255.255.255 10.5.0.10
ip http server
ip http secure-server
!
〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜
!
end
ルーティングテーブル(共通L3SW#1)
CMNSW01#show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static routeGateway of last resort is not set
1.0.0.0/32 is subnetted, 3 subnets
C 1.1.1.251 is directly connected, Loopback1
S 1.1.1.250 [1/0] via 10.5.0.2
S 1.1.1.252 [1/0] via 10.5.0.6
10.0.0.0/8 is variably subnetted, 5 subnets, 2 masks
B 10.5.0.8/30 [200/0] via 1.1.1.250, 00:03:03
C 10.0.0.0/24 is directly connected, Vlan100
C 10.5.0.4/30 is directly connected, Vlan106
C 10.4.0.0/24 is directly connected, Vlan104
C 10.5.0.0/30 is directly connected, Vlan105
B 192.168.0.0/24 [20/0] via 1.1.1.252, 01:13:49
ルーティングテーブル(共通L3SW#2)
CMNSW02#show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static routeGateway of last resort is not set
1.0.0.0/32 is subnetted, 3 subnets
S 1.1.1.251 [1/0] via 10.5.0.1
C 1.1.1.250 is directly connected, Loopback1
S 1.1.1.252 [1/0] via 10.5.0.10
10.0.0.0/8 is variably subnetted, 5 subnets, 2 masks
C 10.5.0.8/30 is directly connected, Vlan107
C 10.0.0.0/24 is directly connected, Vlan100
B 10.5.0.4/30 [200/0] via 1.1.1.251, 00:02:55
C 10.4.0.0/24 is directly connected, Vlan104
C 10.5.0.0/30 is directly connected, Vlan105
B 192.168.0.0/24 [20/0] via 1.1.1.252, 01:13:53
BGPテーブル(共通L3SW#1)
CMNSW01#show ip bgp
BGP table version is 28, local router ID is 1.1.1.251
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incompleteNetwork Next Hop Metric LocPrf Weight Path
*> 1.1.1.250/32 10.5.0.2 0 32768 ?
* i1.1.1.252/32 10.5.0.10 0 100 0 ?
*> 10.5.0.6 0 32768 ?
* i10.5.0.0/30 1.1.1.250 0 100 0 i
*> 0.0.0.0 0 32768 i
* 10.5.0.4/30 1.1.1.252 0 0 200 i
*> 0.0.0.0 0 32768 i
*>i10.5.0.8/30 1.1.1.250 0 100 0 i
* 1.1.1.252 0 0 200 i
* i192.168.0.0 1.1.1.252 0 100 0 200 i
*> 1.1.1.252 0 0 200 i
BGPテーブル(共通L3SW#2)
CMNSW02#show ip bgp
BGP table version is 47, local router ID is 1.1.1.250
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incompleteNetwork Next Hop Metric LocPrf Weight Path
*> 1.1.1.251/32 10.5.0.1 0 32768 ?
* i1.1.1.252/32 10.5.0.6 0 100 0 ?
*> 10.5.0.10 0 32768 ?
* i10.5.0.0/30 1.1.1.251 0 100 0 i
*> 0.0.0.0 0 32768 i
*>i10.5.0.4/30 1.1.1.251 0 100 0 i
* 1.1.1.252 0 0 200 i
* 10.5.0.8/30 1.1.1.252 0 0 200 i
*> 0.0.0.0 0 32768 i
* i192.168.0.0 1.1.1.252 0 100 0 200 i
*> 1.1.1.252 0 0 200 i
HSRP(共通L3SW#1)
CMNSW01#show standby
Vlan104 - Group 1
State is Active
2 state changes, last state change 00:43:14
Virtual IP address is 10.4.0.254
Active virtual MAC address is 0000.0c07.ac01
Local virtual MAC address is 0000.0c07.ac01 (v1 default)
Hello time 3 sec, hold time 10 sec
Next hello sent in 1.968 secs
Preemption enabled
Active router is local
Standby router is 10.4.0.252, priority 100 (expires in 9.344 sec)
Priority 105 (configured 105)
Track interface FastEthernet0/23 state Up decrement 10
Group name is "hsrp-Vl104-1" (default)
HSRP(共通L3SW#2)
CMNSW02#show standby
Vlan104 - Group 1
State is Standby
4 state changes, last state change 00:08:07
Virtual IP address is 10.4.0.254
Active virtual MAC address is 0000.0c07.ac01
Local virtual MAC address is 0000.0c07.ac01 (v1 default)
Hello time 3 sec, hold time 10 sec
Next hello sent in 0.768 secs
Preemption enabled
Active router is 10.4.0.253, priority 105 (expires in 10.096 sec)
Standby router is local
Priority 100 (default 100)
Track interface FastEthernet0/23 state Up decrement 10
Group name is "hsrp-Vl104-1" (default)
?show etherchannel port-channel
?show interfaces trunk
疎通確認
<編集中・・・>
