2013-02-18

■

■検証1：VACLでvlan101の特定PC(ホストC)からのARPパケットを拒否する
　　　 ⇒mac access-listをVACLでvlan101に適用
　　　 ⇒特定PC(ホストC)のarp tableを確認する
　　　 ⇒特定PC(ホストC)からLinux端末へpingを実施
　　　 ⇒再度、特定PC(ホストC)のarp tableを確認する
　　　 ⇒ARPパケット拒否の対象ではない他PC(ホストB)から、Linux端末へpingを実施
　　　 ⇒他PC(ホストB)のarp tableを確認する
　　　 ⇒他PC(ホストB)から特定PCへpingを実施

■DSW3_3560投入コンフィグ
conf t
!
ip routing
!
enable secret ccnp
!
vlan 101
!
int loopback 0
ip address 1.1.1.1 255.255.255.255
!
int fa0/1
switchport mode access
switchport access vlan 101
no shut
!
int fa0/2
switchport mode access
switchport access vlan 101
no shut
!
int fa0/3
switchport mode access
switchport access vlan 101
no shut
!
int vlan 101
ip address 172.16.101.1 255.255.255.0
no shut
exit
!
mac access-list extended deny-arp
permit host 001d.7298.f312 0000.0000.0000 ffff.ffff.ffff 0x0806 0x0
exit
!
vlan access-map map-vlan 10
match mac address deny-arp
action drop
exit
!
vlan access-map map-vlan 20
action forward
exit
!
vlan filter map-vlan vlan-list 101
!
line vty 0 4
password cisco
login
!
end

■検証1：VACLでvlan101の特定PC(ホストC)からのARPパケットを拒否する
　　　 ⇒特定PC(ホストC)のarp tableを確認する
C:\Documents and Settings\administrator.EXAMPLE>arp -a
No ARP Entries Found

　　　 ⇒特定PC(ホストC)からLinux端末へpingを実施
C:\Documents and Settings\administrator.EXAMPLE>ping 172.16.101.100

Pinging 172.16.101.100 with 32 bytes of data:

Request timed out.
Request timed out.
Request timed out.
Request timed out.

Ping statistics for 172.16.101.100:
Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),

　　　 ⇒再度、特定PC(ホストC)のarp tableを確認する
C:\Documents and Settings\administrator.EXAMPLE>arp -a
No ARP Entries Found

　　　 ⇒ARPパケット拒否の対象ではない他PC(ホストB)から、Linux端末へpingを実施
C:\Documents and Settings\otherPC>ping 172.16.101.100

Pinging 172.16.101.100 with 32 bytes of data:

Reply from 172.16.101.100: bytes=32 time<1ms TTL=64
Reply from 172.16.101.100: bytes=32 time<1ms TTL=64
Reply from 172.16.101.100: bytes=32 time<1ms TTL=64
Reply from 172.16.101.100: bytes=32 time<1ms TTL=64

Ping statistics for 172.16.101.100:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms

　　　 ⇒他PC(ホストB)のarp tableを確認する
C:\Documents and Settings\otherPC>arp -a

Interface: 172.16.101.150 --- 0x3
Internet Address Physical Address Type
172.16.101.1 f4-ac-c1-1f-f6-c1 dynamic
172.16.101.100 00-16-d3-c2-44-b2 dynamic
172.16.101.200 00-00-00-00-00-00 invalid

　　　 ⇒他PC(ホストB)から特定PCへpingを実施
C:\Documents and Settings\otherPC>ping 172.16.101.200

Pinging 172.16.101.200 with 32 bytes of data:

Request timed out.
Request timed out.
Request timed out.
Request timed out.

Ping statistics for 172.16.101.200:
Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),

- - - - -

DSW3_3560#sh access-lists

Extended MAC access list deny-arp
permit host 001d.7298.f312 any 0x806 0x0

DSW3_3560#sh vlan access-map
Vlan access-map "map-vlan" 10
Match clauses:
mac address: deny-arp
Action:
drop
Vlan access-map "map-vlan" 20
Match clauses:
Action:
forward

DSW3_3560#sh vlan filter
VLAN Map map-vlan is filtering VLANs:
101

2013-02-17

■

■VACL（ip access-listを関連付け）

■検証1：VACLでvlan101に対するTCPアクセスのみを拒否する
　　　 ⇒Linux端末にtelnet接続をする
　　　 ⇒Linux端末にping(ICMP)をする
　　　 ⇒vlan filter map-vlan vlan 101を投入(2投目)
　　　 ⇒Linux端末にtelnet接続不可となる
　　　 ⇒Linux端末へのping(ICMP)は拒否されない

■DSW3_3560投入コンフィグ(1投目)
conf t
!
ip routing
!
vlan 101
!
int loopback 0
ip address 1.1.1.1 255.255.255.255
!
int fa0/1
switchport mode access
switchport access vlan 101
no shut
!
int fa0/2
switchport mode access
switchport access vlan 101
no shut
!
int fa0/3
no switchport
ip address 192.168.0.1 255.255.255.0
no shut
!
int vlan 101
ip address 172.16.101.1 255.255.255.0
no shut
exit
!
ip access-list extended tcp-deny
permit tcp host 172.16.101.200 host 172.16.101.100
permit tcp 192.168.0.0 0.0.0.255 host 172.16.101.100
exit
!
vlan access-map map-vlan 10
match ip address tcp-deny
action drop
exit
!
vlan access-map map-vlan 20
action forward
exit
!
end

■1投目を投入後にはLinux端末にtelnetでアクセスできた。

■DSW3_3560投入コンフィグ(2投目)
conf t
!
vlan filter map-vlan vlan 101
!
end

■2投目を投入後にはLinux端末にtelnetでアクセスが不可となった。

DSW3_3560#sh ip access-lists tcp-deny
Extended IP access list tcp-deny
10 permit tcp host 172.16.101.200 host 172.16.101.100
20 permit tcp 192.168.0.0 0.0.0.255 host 172.16.101.100

DSW3_3560#sh vlan access-map
Vlan access-map "map-vlan" 10
Match clauses:
ip address: tcp-deny
Action:
drop
Vlan access-map "map-vlan" 20
Match clauses:
Action:
forward

DSW3_3560#sh vlan filter
VLAN Map map-vlan is filtering VLANs:
101

2013-02-16

■

■EtherChannel（L3SW間のLAG）LACP

■DSW1_3750投入コンフィグ
conf t
!
interface port-channel 1
no switchport
ip address 172.16.101.1 255.255.255.0
exit
!
interface range fa1/0/1 - 4
no switchport
no ip address
channel-group 1 mode active
!
end

■DSW3_3560投入コンフィグ
conf t
!
interface port-channel 1
no switchport
ip address 172.16.101.2 255.255.255.0
exit
!
interface range fa0/1 - 4
no switchport
no ip address
channel-group 1 mode passive
!
end

■EtherChannelのポート確認
DSW1_3750#sh etherchannel summary
Flags: D - down P - bundled in port-channel
I - stand-alone s - suspended
H - Hot-standby (LACP only)
R - Layer3 S - Layer2
U - in use f - failed to allocate aggregator

M - not in use, minimum links not met
u - unsuitable for bundling
w - waiting to be aggregated
d - default port

Number of channel-groups in use: 1
Number of aggregators: 1

Group Port-channel Protocol Ports

- - - - -

1 Po1(RU) LACP Fa1/0/1(P) Fa1/0/2(P) Fa1/0/3(P)
Fa1/0/4(P)

■port-channelインターフェイスに関連付けされた物理ポートの確認
DSW1_3750#sh interfaces port-channel 1
Port-channel1 is up, line protocol is up (connected)
Hardware is EtherChannel, address is 0013.6030.3ac1 (bia 0013.6030.3ac1)
Internet address is 172.16.101.1/24
MTU 1500 bytes, BW 400000 Kbit, DLY 100 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ARPA, loopback not set
Keepalive set (10 sec)
Full-duplex, 100Mb/s, link type is auto, media type is unknown
input flow-control is off, output flow-control is unsupported
Members in this channel: Fa1/0/1 Fa1/0/2 Fa1/0/3 Fa1/0/4
ARP type: ARPA, ARP Timeout 04:00:00
Last input 00:01:28, output 00:01:28, output hang never
Last clearing of "show interface" counters never
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: fifo
Output queue: 0/40 (size/max)
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
86 packets input, 18903 bytes, 0 no buffer
Received 50 broadcasts (0 IP multicasts)
0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
0 watchdog, 49 multicast, 0 pause input
0 input packets with dribble condition detected
65 packets output, 8456 bytes, 0 underruns
0 output errors, 0 collisions, 2 interface resets
0 babbles, 0 late collision, 0 deferred
0 lost carrier, 0 no carrier, 0 PAUSE output
0 output buffer failures, 0 output buffers swapped out

2013-02-15

■

■EtherChannel static

■SW1_2950投入コンフィグ
conf t
!
vlan 101,102,103
!
interface range fa0/1 - 4
switchport mode trunk
switchport trunk allowed vlan 101,102,103
channel-group 1 mode on
!
end

■SW2_2950投入コンフィグ
conf t
!
vlan 101,102,103
!
interface range fa0/1 - 4
switchport mode trunk
switchport trunk allowed vlan 101,102,103
channel-group 1 mode on
!
end

■EtherChannelのポート確認
SW1_2950#sh etherchannel summary
Flags: D - down P - in port-channel
I - stand-alone s - suspended
H - Hot-standby (LACP only)
R - Layer3 S - Layer2
u - unsuitable for bundling
U - in use f - failed to allocate aggregator
d - default port

Number of channel-groups in use: 1
Number of aggregators: 1

Group Port-channel Protocol Ports

- - - - -

1 Po1(SU) - Fa0/1(Pd) Fa0/2(P) Fa0/3(P)
Fa0/4(P)

■port-channelインターフェイスに関連付けされた物理ポートの確認
SW1_2950#sh interfaces port-channel 1
Port-channel1 is up, line protocol is up (connected)
Hardware is EtherChannel, address is 000d.2903.e681 (bia 000d.2903.e681)
MTU 1500 bytes, BW 400000 Kbit, DLY 1000 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ARPA, loopback not set
Full-duplex, 100Mb/s
input flow-control is off, output flow-control is off
Members in this channel: Fa0/1 Fa0/2 Fa0/3 Fa0/4
ARP type: ARPA, ARP Timeout 04:00:00
Last input 00:00:00, output 00:06:16, output hang never
Last clearing of "show interface" counters never
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: fifo
Output queue: 0/40 (size/max)
5 minute input rate 1000 bits/sec, 2 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
995 packets input, 78164 bytes, 0 no buffer
Received 831 broadcasts (0 multicast)
0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
0 watchdog, 831 multicast, 0 pause input
0 input packets with dribble condition detected
264 packets output, 25872 bytes, 0 underruns
0 output errors, 0 collisions, 1 interface resets
0 babbles, 0 late collision, 0 deferred
0 lost carrier, 0 no carrier, 0 PAUSE output
0 output buffer failures, 0 output buffers swapped out

2013-02-14

■

■EtherChannel PAgP

■SW1_2950投入コンフィグ
conf t
!
vlan 101,102,103
!
interface range fa0/1 - 4
switchport mode trunk
switchport trunk allowed vlan 101,102,103
speed 100
duplex full
channel-group 1 mode desirable non-silent
!
end

■SW2_2950投入コンフィグ
conf t
!
vlan 101,102,103
!
interface range fa0/1 - 4
switchport mode trunk
switchport trunk allowed vlan 101,102,103
speed 100
duplex full
channel-group 1 mode desirable non-silent
!
end

Number of channel-groups in use: 1
Number of aggregators: 1

Group Port-channel Protocol Ports

- - - - -

1 Po1(SU) PAgP Fa0/1(P) Fa0/2(P) Fa0/3(Pd)
Fa0/4(P)

■port-channelインターフェイスに関連付けされた物理ポートの確認
SW1_2950#sh interfaces port-channel 1
Port-channel1 is up, line protocol is up (connected)
Hardware is EtherChannel, address is 000d.2903.e683 (bia 000d.2903.e683)
MTU 1500 bytes, BW 400000 Kbit, DLY 1000 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ARPA, loopback not set
Full-duplex, 100Mb/s
input flow-control is off, output flow-control is off
Members in this channel: Fa0/1 Fa0/2 Fa0/3 Fa0/4
ARP type: ARPA, ARP Timeout 04:00:00
Last input 00:00:00, output 00:11:28, output hang never
Last clearing of "show interface" counters never
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: fifo
Output queue: 0/40 (size/max)
5 minute input rate 1000 bits/sec, 2 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
1574 packets input, 130040 bytes, 0 no buffer
Received 1298 broadcasts (0 multicast)
0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
0 watchdog, 1298 multicast, 0 pause input
0 input packets with dribble condition detected
542 packets output, 55855 bytes, 0 underruns
0 output errors, 0 collisions, 1 interface resets
0 babbles, 0 late collision, 0 deferred
0 lost carrier, 0 no carrier, 0 PAUSE output
0 output buffer failures, 0 output buffers swapped out

2013-02-13

■

■GLBP object tracking

■検証1：line-protocolを基にしたオブジェクトトラッキング　　　
　　　 ⇒interface fa0/0に対するline-protocolを基にしたオブジェクトトラッキングを設定

　　　 ⇒トラッキングの状態を確認する

　　　 ⇒VLAN101のAVG、AVFの状態を確認する

　　　 ⇒R3_3640Aのfa0/0を抜線

　　　 ⇒トラッキングの状態を確認する

　　　 ⇒VLAN101のAVFの切り替わりを確認する

　　　 ⇒R3_3640Aのfa0/0を結線

　　　 ⇒トラッキングの状態を確認する

　　　 ⇒VLAN101のAVFの切り戻りを確認する

■R3_3640A投入コンフィグ
conf t
!
int fa0/0
ip address 10.0.0.1 255.255.255.252
no shut
!
int fa0/1
no ip address
no shut
!
int fa0/1.101
encapsulation dot1q 101
ip address 172.16.101.2 255.255.255.0
glbp 101 ip 172.16.101.1
glbp 101 priority 105
glbp 101 forwarder preempt delay minimum 60
glbp 101 weighting 110 lower 95 upper 105
glbp 101 load-balancing weighted
glbp 101 weighting track 1 decrement 20
glbp 101 timers 1 3
glbp 101 authentication md5 key-chain test
no shut
!
track 1 interface fastethernet0/0 line-protocol
!
key chain test
key 1
key-string cisco
!
router ospf 1
network 10.0.0.0 0.0.0.3 area 0
network 172.16.101.0 0.0.0.255 area 0
passive-interface fa0/1.101
!
end

■R4_3640投入コンフィグ
conf t
!
int fa0/0
ip address 10.0.0.5 255.255.255.252
no shut
!
int fa0/1
no ip address
no shut
!
int fa0/1.101
encapsulation dot1q 101
ip address 172.16.101.3 255.255.255.0
glbp 101 ip 172.16.101.1
glbp 101 weighting 200 lower 185 upper 195
glbp 101 load-balancing weighted
glbp 101 timer 1 3
glbp 101 authentication md5 key-chain test
no shut
!
track 1 interface fastethernet0/0 line-protocol
!
key chain test
key 1
key-string cisco
!
router ospf 1
network 10.0.0.4 0.0.0.3 area 0
network 172.16.101.0 0.0.0.255 area 0
passive-interface fa0/1.101
!
end

■R5_3640投入コンフィグ
conf t
!
int loopback 0
ip address 1.1.1.1 255.255.255.255
!
int fa0/0
ip address 10.0.0.2 255.255.255.252
no shut
!
int fa0/1
ip address 10.0.0.6 255.255.255.252
no shut
!
router ospf 1
network 1.1.1.1 0.0.0.0 area 0
network 10.0.0.0 0.0.0.3 area 0
network 10.0.0.4 0.0.0.3 area 0
!
end

■SW1_2950投入コンフィグ
conf t
!
vlan 101
!
no spanning-tree vlan 101
!
int fa0/1
switchport mode trunk
!
int fa0/2
switchport mode trunk
!
int fa0/3
switchport mode access
switchport access vlan 101
!
end

■検証1：line-protocolを基にしたオブジェクトトラッキング
　　　 ⇒トラッキングの状態を確認する
R3_3640A#sh track brief
Track Object Parameter Value
1 interface FastEthernet0/0 line-protocol Up

R3_3640A#sh track
Track 1
Interface FastEthernet0/0 line-protocol
Line protocol is Up
4 changes, last change 00:04:53
Tracked by:
GLBP FastEthernet0/1.101 101

　　　 ⇒VLAN101のAVG、AVFの状態を確認する
R3_3640A#sh glbp brief
Interface Grp Fwd Pri State Address Active router Standby router
Fa0/1.101 101 - 105 Active 172.16.101.1 local 172.16.101.3
Fa0/1.101 101 1 - Listen 0007.b400.6501 172.16.101.3 -
Fa0/1.101 101 2 - Active 0007.b400.6502 local -

R3_3640A#sh glbp
FastEthernet0/1.101 - Group 101
State is Active
2 state changes, last state change 00:22:19
Virtual IP address is 172.16.101.1
Hello time 1 sec, hold time 3 sec
Next hello sent in 0.992 secs
Redirect time 600 sec, forwarder time-out 14400 sec
Authentication MD5, key-chain "test"
Preemption disabled
Active is local
Standby is 172.16.101.3, priority 100 (expires in 2.888 sec)
Priority 105 (configured)
Weighting 110 (configured 110), thresholds: lower 95, upper 105
Track object 1 state Up decrement 20
Load balancing: weighted
Group members:
0002.16c3.3882 (172.16.101.3) authenticated
000c.30e2.8b62 (172.16.101.2) local
There are 2 forwarders (1 active)
Forwarder 1
State is Listen
6 state changes, last state change 00:01:12
MAC address is 0007.b400.6501 (learnt)
Owner ID is 0002.16c3.3882
Redirection enabled, 599.888 sec remaining (maximum 600 sec)
Time to live: 14399.888 sec (maximum 14400 sec)
Preemption enabled, min delay 60 sec
Active is 172.16.101.3 (primary), weighting 200 (expires in 2.752 sec)
Forwarder 2
State is Active
3 state changes, last state change 00:05:53
MAC address is 0007.b400.6502 (default)
Owner ID is 000c.30e2.8b62
Redirection enabled
Preemption enabled, min delay 60 sec
Active is local, weighting 110

　　　 ⇒R3_3640Aのfa0/0を抜線
R3_3640A#
*Mar 1 05:58:32.435: %TRACKING-5-STATE: 1 interface Fa0/0 line-protocol Up->Down
*Mar 1 05:58:32.735: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/0, changed state to down
*Mar 1 05:58:32.739: %OSPF-5-ADJCHG: Process 1, Nbr 1.1.1.1 on FastEthernet0/0 from FULL to DOWN, Neighbor Down: Interface down or detached
*Mar 1 05:59:02.439: %GLBP-6-FWDSTATECHANGE: FastEthernet0/1.101 Grp 101 Fwd 2 state Active -> Listen

　　　 ⇒トラッキングの状態を確認する
R3_3640A#sh track brief
Track Object Parameter Value
1 interface FastEthernet0/0 line-protocol Down (hw line state down)

R3_3640A#sh track
Track 1
Interface FastEthernet0/0 line-protocol
Line protocol is Down (hw line state down)
5 changes, last change 00:01:37
Tracked by:
GLBP FastEthernet0/1.101 101

　　　 ⇒VLAN101のAVFの切り替わりを確認する
R3_3640A#sh glbp brief
Interface Grp Fwd Pri State Address Active router Standby router
Fa0/1.101 101 - 105 Active 172.16.101.1 local 172.16.101.3
Fa0/1.101 101 1 - Listen 0007.b400.6501 172.16.101.3 -
Fa0/1.101 101 2 - Listen 0007.b400.6502 172.16.101.3 -

　　　 ⇒R3_3640Aのfa0/0を結線
R3_3640A#
*Mar 1 06:01:42.435: %TRACKING-5-STATE: 1 interface Fa0/0 line-protocol Down->Up
*Mar 1 06:01:42.735: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/0, changed state to up
*Mar 1 06:02:22.755: %OSPF-5-ADJCHG: Process 1, Nbr 1.1.1.1 on FastEthernet0/0 from LOADING to FULL, Loading Done
*Mar 1 06:02:43.335: %GLBP-6-FWDSTATECHANGE: FastEthernet0/1.101 Grp 101 Fwd 2 state Listen -> Active

　　　 ⇒トラッキングの状態を確認する
R3_3640A#sh track brief
Track Object Parameter Value
1 interface FastEthernet0/0 line-protocol Up

R3_3640A#sh track
Track 1
Interface FastEthernet0/0 line-protocol
Line protocol is Up
6 changes, last change 00:02:05
Tracked by:
GLBP FastEthernet0/1.101 101

　　　 ⇒VLAN101のAVFの切り戻りを確認する
R3_3640A#sh glbp brief
Interface Grp Fwd Pri State Address Active router Standby router
Fa0/1.101 101 - 105 Active 172.16.101.1 local 172.16.101.3
Fa0/1.101 101 1 - Listen 0007.b400.6501 172.16.101.3 -
Fa0/1.101 101 2 - Active 0007.b400.6502 local -

2013-02-12

■

■VRRP object tracking

■検証1：line-protocolを基にしたオブジェクトトラッキング

　　　 ⇒interface fa0/0に対するline-protocolを基にしたオブジェクトトラッキングを設定

　　　 ⇒トラッキングの状態を確認する

　　　 ⇒VLAN101のMaster、Backupの状態を確認する

　　　 ⇒R3_3640Aのfa0/0を抜線

　　　 ⇒トラッキングの状態を確認する

　　　 ⇒VLAN101のMaster、Backupの切り替わりを確認する

　　　 ⇒R3_3640Aのfa0/0を結線

　　　 ⇒トラッキングの状態を確認する

　　　 ⇒VLAN101のMaster、Backupの切り戻りを確認する

※検証にL3SWではなくルータを使用しているのは、当方所有のL3SWではVRRPが設定できないからです。

■R3_3640A投入コンフィグ
conf t
!
int fa0/0
ip address 10.0.0.1 255.255.255.252
no shut
!
int fa0/1
no ip address
no shut
!
int fa0/1.101
encapsulation dot1q 101
ip address 172.16.101.2 255.255.255.0
vrrp 101 ip 172.16.101.1
vrrp 101 track 1 decrement 20
vrrp 101 preempt delay minimum 30
vrrp 101 timers advertise 3
vrrp 101 timers learn
vrrp 101 authentication md5 key-chain test
no shut
!
track 1 interface fastethernet0/0 line-protocol
!
key chain test
key 1
key-string cisco
!
router ospf 1
network 10.0.0.0 0.0.0.3 area 0
network 172.16.101.0 0.0.0.255 area 0
passive-interface fa0/1.101
!
end

■R4_3640投入コンフィグ
conf t
!
int fa0/0
ip address 10.0.0.5 255.255.255.252
no shut
!
int fa0/1
no ip address
no shut
!
int fa0/1.101
encapsulation dot1q 101
ip address 172.16.101.3 255.255.255.0
vrrp 101 ip 172.16.101.1
vrrp 101 priority 90
vrrp 101 timers advertise 3
vrrp 101 timers learn
vrrp 101 authentication md5 key-chain test
no shut
!
key chain test
key 1
key-string cisco
!
router ospf 1
network 10.0.0.4 0.0.0.3 area 0
network 172.16.101.0 0.0.0.255 area 0
passive-interface fa0/1.101
!
end

■SW1_2950投入コンフィグ
conf t
!
vlan 101
!
int fa0/1
switchport mode trunk
!
int fa0/2
switchport mode trunk
!
int fa0/3
switchport mode access
switchport access vlan 101
!
end

R3_3640A#sh track
Track 1
Interface FastEthernet0/0 line-protocol
Line protocol is Up
2 changes, last change 00:01:59
Tracked by:
VRRP FastEthernet0/1.101 101

　　　 ⇒VLAN101のMaster、Backupの状態を確認する
R3_3640A#sh vrrp brief
Interface Grp Pri Time Own Pre State Master addr Group addr
Fa0/1.101 101 100 9609 Y Master 172.16.101.2 172.16.101.1

　　　 ⇒R3_3640Aのfa0/0を抜線
R3_3640A#
*Mar 1 04:57:17.899: %TRACKING-5-STATE: 1 interface Fa0/0 line-protocol Up->Down
*Mar 1 04:57:18.651: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/0, changed state to down
*Mar 1 04:57:18.655: %OSPF-5-ADJCHG: Process 1, Nbr 1.1.1.1 on FastEthernet0/0 from FULL to DOWN, Neighbor Down: Interface down or detached
*Mar 1 04:57:26.067: %VRRP-6-STATECHANGE: Fa0/1.101 Grp 101 state Master -> Backup

　　　 ⇒トラッキングの状態を確認する
R3_3640A#sh track brief
Track Object Parameter Value
1 interface FastEthernet0/0 line-protocol Down (hw line state down)

R3_3640A#sh track
Track 1
Interface FastEthernet0/0 line-protocol
Line protocol is Down (hw line state down)
3 changes, last change 00:03:25
Tracked by:
VRRP FastEthernet0/1.101 101

　　　 ⇒VLAN101のMaster、Backupの切り替わりを確認する
R3_3640A#sh vrrp brief
Interface Grp Pri Time Own Pre State Master addr Group addr
Fa0/1.101 101 80 9609 Y Backup 172.16.101.3 172.16.101.1

　　　 ⇒R3_3640Aのfa0/0を結線
R3_3640A#
*Mar 1 05:02:37.899: %TRACKING-5-STATE: 1 interface Fa0/0 line-protocol Down->Up
*Mar 1 05:02:38.651: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/0, changed state to up
*Mar 1 05:03:09.091: %VRRP-6-STATECHANGE: Fa0/1.101 Grp 101 state Backup -> Master
*Mar 1 05:03:18.671: %OSPF-5-ADJCHG: Process 1, Nbr 1.1.1.1 on FastEthernet0/0 from LOADING to FULL, Loading Done

　　　 ⇒トラッキングの状態を確認する
R3_3640A#sh track brief
Track Object Parameter Value
1 interface FastEthernet0/0 line-protocol Up

R3_3640A#sh track
Track 1
Interface FastEthernet0/0 line-protocol
Line protocol is Up
4 changes, last change 00:02:11
Tracked by:
VRRP FastEthernet0/1.101 101

　　　 ⇒VLAN101のMaster、Backupの切り戻りを確認する
R3_3640A#sh vrrp brief
Interface Grp Pri Time Own Pre State Master addr Group addr
Fa0/1.101 101 100 9609 Y Master 172.16.101.2 172.16.101.1