与VRRP并用的冗余结构

对利用2台RTX1200、和2台SWX2200的WAN、LAN双方进行冗余化的结构。
对SWX2200(1)- Hub之间、SWX2200(1) - RTX1200(1)之间的端口,使用Lua脚本进行监视、当检测出端口掉线时,对该SWX2200-8G(2)的端口进行开放、以确保通信路径。
并且、RTX1200(1)的WAN线路不畅通时,切换到RTX1200(2)一侧的备份线路。

本设定的举例、使用了对SWX2200 - RTX1200之间进行监视的Lua脚本实例(1)1个、和对SWX2200 - Hub之间进行监视的Lua脚本举实例(2)的每个Hub中的合计3。x

RTX1200(1)的设定例

LAN接口的设定
(使用LAN1端口)

ip lan1 address 192.168.100.252/24
lan shutdown lan1 2
ip lan1 vrrp 1 192.168.100.254 priority=200
ip lan1 vrrp shutdown trigger 1 pp 1

WAN接口的设定
(使用LAN2端口)

pp select 1
pp always-on on
pppoe use lan2
pppoe auto disconnect off
pp auth accept pap chap
pp auth myname(连接ISP的ID) (连接ISP的密码)
ppp lcp mru on 1454
ppp ipcp ipaddress on
ppp ipcp msext on
ppp ccp type none
ppp ipv6cp use off
ip pp mtu 1454
ip pp nat descriptor 1
pp enable 1
ip route default gateway pp 1

NAT的设定

nat descriptor type 1 masquerade

DHCP的设定

dhcp service server
dhcp scope 1 192.168.100.2-192.168.100.100/24

DNS的设定

dns server(由ISP指定的DNS服务器的IP地址)
dns private address spoof on

文件的设定

ip filter source-route on
ip filter directed-broadcast on
ip filter 1010 reject * * udp,tcp 135 *
ip filter 1011 reject * * udp,tcp * 135
ip filter 1012 reject * * udp,tcp netbios_ns-netbios_ssn *
ip filter 1013 reject * * udp,tcp * netbios_ns-netbios_ssn
ip filter 1014 reject * * udp,tcp 445 *
ip filter 1015 reject * * udp,tcp * 445
ip filter 1020 reject 192.168.100.0/24 *
ip filter 1030 pass * 192.168.100.0/24 icmp
ip filter 2000 reject * *
ip filter 3000 pass * *
ip filter dynamic 100 * * ftp
ip filter dynamic 101 * * www
ip filter dynamic 102 * * domain
ip filter dynamic 103 * * smtp
ip filter dynamic 104 * * pop3
ip filter dynamic 105 * * netmeeting
ip filter dynamic 106 * * tcp
ip filter dynamic 107 * * udp
ip pp secure filter in 1020 1030 2000
ip pp secure filter out 1010 1011 1012 1013 1014 1015 3000 dynamic 100 101 102 103 104 105 106 107

SWX2200的设定

switch select(SWX2200(1)的MAC地址)
switch control function set port-use 3 on
switch control function set port-use 4 on
switch control function set port-use 5 on
switch select(SWX2200(2)的MAC地址)
switch control function set port-use 3 off
switch control function set port-use 4 off
sswitch control function set port-use 5 off
switch control use lan1 on

Lua脚本的日程设定

schedule at 1 startup * lua /swx2200_lua_vrrp_rtx1200_port1.lua
schedule at 3 startup * lua(Lua脚本例(2)文件名1)
schedule at 4 startup * lua(Lua脚本例(2)文件名2)
schedule at 5 startup * lua(Lua脚本例(2)文件名3)

RTX1200(2)的设定例

LAN接口的设定
(使用LAN1端口)

ip lan1 address 192.168.100.253/24
ip lan1 vrrp 1 192.168.100.254
ip lan1 vrrp shutdown trigger 1 pp 1

WAN接口的设定
(使用LAN2端口)

pp select 1
pp always-on on
pppoe use lan2
pppoe auto disconnect off
pp auth accept pap chap
pp auth myname(连接ISP的ID) (连接ISP的密码)
ppp lcp mru on 1438
ppp ipcp ipaddress on
ppp ipcp msext on
ppp ccp type none
ppp ipv6cp use off
ip pp mtu 1438
ip pp nat descriptor 1
pp enable 1
ip route default gateway pp 1

NAT的设定

nat descriptor type 1 masquerade

DNS的设定

dns server(由ISP指定的DNS服务器的IP地址)
dns private address spoof on

文件设定

ip filter source-route on
ip filter directed-broadcast on
ip filter 1010 reject * * udp,tcp 135 *
ip filter 1011 reject * * udp,tcp * 135
ip filter 1012 reject * * udp,tcp netbios_ns-netbios_ssn *
ip filter 1013 reject * * udp,tcp * netbios_ns-netbios_ssn
ip filter 1014 reject * * udp,tcp 445 *
ip filter 1015 reject * * udp,tcp * 445
ip filter 1020 reject 192.168.100.0/24 *
ip filter 1030 pass * 192.168.100.0/24 icmp
ip filter 2000 reject * *
ip filter 3000 pass * *
ip filter dynamic 100 * * ftp
ip filter dynamic 101 * * www
ip filter dynamic 102 * * domain
ip filter dynamic 103 * * smtp
ip filter dynamic 104 * * pop3
ip filter dynamic 105 * * netmeeting
ip filter dynamic 106 * * tcp
ip filter dynamic 107 * * udp
pp select 1
ip pp secure filter in 1020 1030 2000
ip pp secure filter out 1010 1011 1012 1013 1014 1015 3000 dynamic 100 101 102 103 104 105 106 107
pp enable 1

Lua脚本例(1)

设定值

-- 输出SYSLOG的等级 (info, debug, notice)
log_level = "info"
--[[
SWX2200-8G的MAC地址
在mac_sw1处设定SWX2200(1)的MAC地址、在mac_sw2处设定SWX2200(2)的MAC地址
]]
mac_sw1 ="(SWX2200-8G(1)的MAC地址)"
mac_sw2 ="(SWX2200-8G(2)的MAC地址)"

主程序

while (true) do
  SW1 = nil
  --链接到RTX1200 LAN1 port1(监视SW1的detect down的LOG)
  log = "%p" ..mac_sw1.. "%p: detect down"
  rt.syslogwatch(log, 1)

  --解除 RTX1200 LAN1 port2的 shutdown --
  rt.command("no lan shutdown lan1 2")
  rt.syslog(log_level,"no lan shutdown lan1 2")

  -- 监视SWX2发现标签 --
  log = "%p" .. mac_sw2.. "%p: find switch"
  rt.syslogwatch(log, 1)
  rt.sleep(2)

  --[[
  如没能检索、发现SW1的MAC地址时,既能判断不是SW1的pot1缆线
  线,而是SW1的电源断开了,将SW2的port3,4,5联通
  ]]
  rtn,str = rt.command("show status switching-hub macaddress " ..mac_sw1)
  if (rtn) and (str) then
    port = string.match(str,"port (%d):")
    if (port == nil) then
      SW1="PW-down"
      rtn, str = rt.command("switch select " ..mac_sw2)
      if (rtn) then
        rt.command("switch control function set port-use 3 on")
        rt.syslog(log_level,"SW2 port-use 3 on")
        rt.command("switch control function set port-use 4 on")
        rt.syslog(log_level,"SW2 port-use 4 on")
        rt.command("switch control function set port-use 5 on")
        rt.syslog(log_level,"SW2 port-use 5 on")
      end
    end
  end

  --[[
  链接到RTX1200 LAN1 port1
   通过接通SW1的电源进行恢复时→对SW2的port8的恢复登录进行监视
   恢复SW1的prt1缆线时→对SW1的port2的恢复登录进行监视
  ]]
  if (SW1 == "PW-down") then
    log = "%p" ..mac_sw2.. "%p: PORT8 link up"
    rt.syslogwatch(log, 1)
  else
    log = "%p" ..mac_sw1.. "%p: PORT1 link up"
    rt.syslogwatch(log, 1)
  end

  --[[
  为防止循环,当出现上述登录时,要立即将SW2和RTX1200的设定恢复到初始状态。
  通过SW1接通电源进行恢复时,应将SW2的port3,4,5和RTX1200的LAN1 port断开。
  对SW1的port缆线进行恢复时,要将RTX1200的LANport2断开。
  ]]
  if (SW1 == "PW-down") then
    rtn, str = rt.command("switch select" ..mac_sw2)
    if (rtn) then
      rt.command("switch control function set port-use 3 off")
      rt.syslog(log_level,"SW2 port-use 3 off")
      rt.command("switch control function set port-use 4 off")
      rt.syslog(log_level,"SW2 port-use 4 off")
      rt.command("switch control function set port-use 5 off")
      rt.syslog(log_level,"SW2 port-use 5 off")
    end
  end

  rtn, str = rt.command("lan shutdown lan1 2")
  rt.syslog(log_level,"lan shutdown lan1 2")
  rt.sleep(3)
end

Lua脚本例(2)

设定值

-- 输出SYSLOG的等级 (info, debug, notice)
log_level = "info"
--[[
监视端口(指定3,4,5中的任何一个)
]]
port ="(监视的端口编号)"
--[[
SWX2200的MAC地址
在mac_sw1处设定SWX2200(1)的MAC地址、在mac_sw2处设定SWX2200(2)的MAC地址
]]
mac_sw1 ="SWX2200-8G(1)的MAC地址
mac_sw2 ="SWX2200-8G(2)的MAC地址

将指定的交换机的端口作为实施UP/DOWN的函数

function port_use(on_off, sw, port, swname)
  rtn, str = rt.command("switch select " ..sw)
  if (rtn) then
    rt.command("switch control function set port-use "..port.." "..on_off)
    rt.syslog(log_level, swname.." port-use "..port.." "..on_off)
  end
end

主程序

while (true) do
  -- 监视SW1 port的down --
  log = "%p" ..mac_sw1.. "%p: PORT" ..port.. " link down"
  rt.syslogwatch(log, 1)
  rt.sleep(1)

  -- 联通SW2 port --
  port_use("on", mac_sw2, port, "SW2")

  -- SW1 port的up监视 --
  log = "%p"..mac_sw1.."%p: PORT" ..port.. " link up"
  rt.syslogwatch(log, 1)

  -- SW2 port断开 --
  port_use("off", mac_sw2, port, "SW2")

  --[[
  以上SW1 port5的up检测迟滞时,会很少有的出现循环开始,SW2的设定不能正常进行的情况。
   此时,直至SW2的同步处理结束,应当关闭SW1的端口,以回避循环。
  ]]
  rtn, array = rt.syslogwatch("sync start", 1, 6)
  rt.sleep(1)
  if (rtn > 0) then
    port_use("off", mac_sw1, port, "SW1")
    d = 0
    while (d < 1) do
      rt.syslogwatch("sync done", 1)
      d = d + 1
    end
    rt.sleep(1)
    port_use("on", mac_sw1, port, "SW1")
  end
end

返回顶部Return to Top

网络相关产品

服务支持

事业绍介