华为防火墙双机热备实验系列一:配置上下行连接交换机(主备备份)
https://editor-material.365editor.com/style/20230220167686474063f2ece47a929material.gif实验需求
一、配置上下行连接交换机(主备备份)。
https://editor-user.365editor.com/98/85/4933185/169536640974038.png
设备配置:
1.1图形化配置上下行连接交换机(主备备份)
1.1.1打开双机热备,勾选主备备份,选择心跳接口,指定对端IP,并且创建VRRP监控。虚拟IP地址为上下行的网关
https://editor-user.365editor.com/98/85/4933185/1695368358349241.png
https://editor-user.365editor.com/98/85/4933185/1695368367635166.png
1.1.2在FW1放行trust到untrust区域的流量,会自动同步到备设备FW2上
https://editor-user.365editor.com/98/85/4933185/1695368446381078.png
https://editor-user.365editor.com/98/85/4933185/1695368452580664.png
1.2命令行模式配置上下行连接交换机
1.2.1 配置双机热备
①进入接口视图,指定虚拟IP和端口角色
https://editor-user.365editor.com/98/85/4933185/169536852045934.png
https://editor-user.365editor.com/98/85/4933185/1695368533143273.png
②指定心跳线接口和远端地址
https://editor-user.365editor.com/98/85/4933185/1695368569797929.png
③指定设备角色
https://editor-user.365editor.com/98/85/4933185/1695368601152764.png
④开启HRP
https://editor-user.365editor.com/98/85/4933185/1695368627783255.png
1.2.2配置安全策略放行trust到untrust的流量,会自动同步到备设备上
https://editor-user.365editor.com/98/85/4933185/1695368658219463.png
测试现象:
①查看主备设备的HRP 状态,主设备角色是active,备设备是standby。
https://editor-user.365editor.com/98/85/4933185/1695368702776328.png
https://editor-user.365editor.com/98/85/4933185/1695368709173375.png
②断开FW1和SW1之间的链路,HRP的状态发生变化,备设备变成主设备
shutdown
https://editor-user.365editor.com/98/85/4933185/1695368741799919.png
https://editor-user.365editor.com/98/85/4933185/169536874851985.png
https://editor-material.365editor.com/style/20230220167686474063f2ece49a3d3material.gifhttps://editor-material.365editor.com/style/20230220167686474063f2ece4b7c43material.gif
页:
[1]