本文主要是介绍华为防火墙vrrp+hrp双机热备主备备份(两端为交换机),希望对大家解决编程问题提供一定的参考价值,需要的开发者们随着小编来一起学习吧!
默认上下来全两个vrrp主都是左边
工作原理:
vrrp刚开机都是先initialize状态,然后切成active或standb状态。
hrp使用18514端口,且用的单播,要策略放行,由主设备发hrp心跳报文
如果设备为acitve状态时自动优先级为65001,如果有故障自动减2,变成64999,并将自身转发standby状态,时间较短,用户不可见。
如果主设备接口down掉,主设备切成standby状态后,那这个接口会一直处于initialize状态不变.。
如果是standby状态时自动优先级为65000
主要配置:
FW1
hrp enable
hrp interface GigabitEthernet1/0/2 remote 172.16.0.2
interface GigabitEthernet1/0/0
undo shutdown
ip address 1.1.1.2 255.255.255.0
vrrp vrid 2 virtual-ip 1.1.1.1 active
interface GigabitEthernet1/0/1
undo shutdown
ip address 10.1.1.2 255.255.255.0
vrrp vrid 1 virtual-ip 10.1.1.1 active
interface GigabitEthernet1/0/2
undo shutdown
ip address 172.16.0.1 255.255.255.0
firewall zone trust
set priority 85
add interface GigabitEthernet0/0/0
add interface GigabitEthernet1/0/1
firewall zone untrust
set priority 5
add interface GigabitEthernet1/0/0
firewall zone dmz
set priority 50
add interface GigabitEthernet1/0/2
security-policy //暂时全允许
default action permit
FW2:
hrp enable
hrp interface GigabitEthernet1/0/2 remote 172.16.0.1
interface GigabitEthernet1/0/0
undo shutdown
ip address 1.1.1.3 255.255.255.0
vrrp vrid 2 virtual-ip 1.1.1.1 standby
interface GigabitEthernet1/0/1
undo shutdown
ip address 10.1.1.3 255.255.255.0
vrrp vrid 1 virtual-ip 10.1.1.1 standby
interface GigabitEthernet1/0/2
undo shutdown
ip address 172.16.0.2 255.255.255.0
firewall zone trust
set priority 85
add interface GigabitEthernet0/0/0
add interface GigabitEthernet1/0/1
firewall zone untrust
set priority 5
add interface GigabitEthernet1/0/0
firewall zone dmz
set priority 50
add interface GigabitEthernet1/0/2
security-policy
default action permit
查看:
dis hrp state verbose
这篇关于华为防火墙vrrp+hrp双机热备主备备份(两端为交换机)的文章就介绍到这儿,希望我们推荐的文章对编程师们有所帮助!
