H3C firewall dual-machine hot standby experiment

Enterprise 2023-09-30 11:13:27 views: null

F1 is the main one and F2 is the backup one.

01-Hot Standby (RBM) command-New H3C Group-H3C official command query page

IP address configuration omitted

Switch configuration adds all interfaces to vlan10

Security policy configuration

F1 and F2 can be the same

security-policy ip
 rule 0 name tr-un
  action pass
  source-zone trust
  destination-zone untrust
  source-ip-subnet 10.1.1.0 255.255.255.0 
 rule 1 name vrrp
  action pass
  source-zone trust
  source-zone untrust
  source-zone local
  destination-zone untrust
  destination-zone trust
  destination-zone local
  service vrrp

F1 device dual-machine hot standby configuration

F2 only needs to modify the local and remote addresses

RBM configures
remote-backup group and enters RBM management view.
 data-channel interface GigabitEthernet1/0/3 Configure HA data channel, that is, heartbeat line
 configuration sync-check interval 1 Enable consistency configuration check, check once every hour, default is 24 hours
 delay-time 1 Enable traffic switchback, 1 minute
 local-ip 10.2.1.1 Configure the local IPv4 address of the HA control channel
 remote-ip 10.2.1.2 Configure the remote IPv4 address of the HA control channel
 device-role primary Configure the management role of the device. primary: Indicates that the device is the primary management device in HA. PS: secondary: indicates that the device is a slave management device in HA

The web interface is configured in

F1 device VRRP configuration (F2 device only needs to change active to standby)

 interface GigabitEthernet1/0/1
 port link-mode route
 combo enable copper
 ip address 2.1.1.1 255.255.255.0
 vrrp vrid 1 virtual-ip 2.1.1.3 active
#
interface GigabitEthernet1/0/2
 port link-mode route
 combo enable copper
 ip address 10.1 .1.1 255.255.255.0
 vrrp vrid 2 virtual-ip 10.1.1.3 active
#######
active: Set the VRRP backup group to be associated with HA. The current router is added to the VRRP Active group, and the initial role of the device is Master.
standby: Set the VRRP backup group to associate with HA. The current router is added to the VRRP Standby group, and the initial role of the device is Backup.

The dis remote-backup-group status command is used to display HA status information.

After the hot backup is successful, you can still monitor it.

  • Interface: track interface g1/0/1 When the interface is down, the master and backup will be switched.
  • vlan: track vlan 10. When the interface in vlan10 is down, the master and backup will be switched.
  • Linked track: track 1

The track vlan and track interface commands are mutually exclusive and cannot be configured at the same time; the track vlan and track commands are mutually exclusive and cannot be configured at the same time.

 

RBM all commands

adjust-cost ospf enable

Enable HA to adjust the dynamic routing protocol cost value on the backup device

backup-mode

Configure the working mode of HA. The default is active and backup mode.

configuration manual-sync

Manually back up the configuration information on the primary management device to the secondary management device in batches

configuration manual-sync-check

Used to manually trigger configuration information consistency check

configuration sync-check interval 120

Enable the configuration information consistency check function and set the period to 120 hours

data-channel interface gigabitethernet 1/0/1

Configure the interface of the HA data channel as GigabitEthernet1/0/1

delay-time 2

Enable the HA traffic switchback function and delay the switchover for 2 minutes.

device-role primary

Configure the management role of the device as the primary management device

display remote-backup-group status

Used to display HA status information

display remote-backup-group sync-check

Display the consistency check results of key HA configuration information

undo hot-backup protocol dns enable

Turn off the session table entry function generated by the HA hot backup application protocol DNS

keepalive count 6

Configure the maximum number of times the device sends HA Keepalive messages to 6 times

keepalive interval 2

Configure the device to send HA Keepalive packets at an interval of 2 seconds.

local-ip 1.1.1.2

Configure the local IPv4 address of the HA control channel to 1.1.1.2

local-ipv6 2019::1

Configure the local IPv6 address of the HA control channel as 2019::1

remote-backup group

Used to enter the RBM management view

remote-ip

Command is used to configure the peer IPv4 address of the HA control channel.

silent-backup-interface ospf

The command is used to configure HA to prohibit the interface on the backup device from sending and receiving dynamic routing protocol packets.

switchover request

Manually triggering the active/standby switchover of HA

Guess you like

Origin blog.csdn.net/m0_62621003/article/details/132239138
Recommended
The number of MaxKB GitHub Stars, an open source knowledge base question and answer system based on large language models, exceeded 5,000!
Ranking
Getting the basic concepts of ROS + catkin Profile
Spring Learning (2) --- Assembling Beans in the IoC Container
js to get the src attribute of the image regularly
STM32 is based on CubeIDE and HAL library basics entry study notes: Bluetooth WIFI STM32 connects to Alibaba Cloud
Short video learning - 3, pandas simple use of pivot_table
Print directory of project configuration log, output log
Understand the difference between vi and vim in Linux in 3 minutes
1 + x certificate Web front-end development HTML5 special exercises
mangodb save and insert the difference
7-1 Family tree processing (50 points) (binary tree solution)
Daily
More
2024-05-13(8)
2024-05-12(28)
2024-05-11(32)
2024-05-10(34)
2024-05-09(32)
2024-05-08(18)
2024-05-07(34)
2024-05-06(6)
2024-05-05(0)
2024-05-04(18)

Code World

© 2018 codetd.com