Configuring SRX100 b experience hot standby HA: Vendor specific F0 / 0 / 7- control interface, F0 / 0 / 6- device management interface
1, the configuration ID Cluster id and the Node
SET-Cluster The chassis Cluster Node ID 1 0 reboot
SET The chassis cluster cluster-id 1 node 1 reboot
Note: node, the higher level the master device. In addition, the need to first remove the interface, or can not enter configure mode after the restart.
2, configuration control and data interfaces, data interfaces where I myself here designated as F0 / 0/2
control interface system default specified F0 / 0/7, does not require configuration, two devices directly F0 / 0/7 Internet on the line.
Options the interfaces fab0 Fabric-SET-Member the interfaces Fe-0/0/2
SET Fab1 the interfaces Options Fabric-Fe-Member-the interfaces. 1/0/2
Note: no configuration data interface ip
3, each chassis configuration personalized:
SET Groups NODE0 the SRX-name-Host System A
SET Groups 0 Unit Family NODE0 the interfaces fxp0 inet manager ip address ##### 192.168.100.100/24 master device
set groups node1 system host the SRX-B -name
SET Groups 0 Unit Family node1 the interfaces fxp0 inet manager ip address 192.168.100.101/24##### backup devices
set apply-groups "$ {node }"
Note: ip management device 2 is fxp0, remember to complete additional configuration set apply-groups "$ {node }", otherwise the problem.
4, the configuration Redundancy Group: RG0 switch for the engine. RG1 for the data plane switch, remember that where there is open preemt preemption.
SET The chassis Cluster Reth-COUNT. 8
SET The chassis Cluster Redundancy-Group 0 Node 0 priority 200 is
SET The chassis Cluster Redundancy-Group 0 Node. 1 priority 100
SET The chassis Cluster Redundancy-Group. 1 Node 0 priority 200 is
SET The chassis Cluster Redundancy-Group. 1 Node. 1 priority 100
SET The chassis Cluster Redundancy Group. 1 preempt-
SET-Redundancy Group. 1 The chassis Cluster Monitor interface-Fe-0/0/0 255 ######## weight-Monitor an Interface interface
SET The chassis Cluster Redundancy Group. 1-interface- monitor fe-0/0/1 weight 255 ######## configure the interface-Monitor interface
SET-Redundancy Group The chassis Cluster Monitor-Fe-interface. 1. 1/0/0 weight 255 ######## interface-monitor configuration interfaces
set chassis cluster redundancy-group 1 interface-monitor fe-1/0/1 weight 255########配置接口interface-monitor
5、将interface-monitor加入到冗余接口reth0 reth1,并把冗余接口加入到RG1
set interfaces fe-0/0/0 fastether-options redundant-parent reth0
set interfaces fe-0/0/0 unit 0
set interfaces fe-0/0/1 fastether-options redundant-parent reth1
set interfaces fe-0/0/1 unit 0
set interfaces fe-1/0/0 fastether-options redundant-parent reth0
set interfaces fe-1/0/0 unit 0
set interfaces fe-1/0/1 fastether-options redundant-parent reth1
set interfaces fe-1/0/1 unit 0
set interfaces reth0 redundant-ether-options redundancy-group 1
set interfaces reth1 redundant-ether-options redundancy-group 1
6、给冗余接口reth0 reth1配置ip,划入对应的区域,及策略放通。
set interfaces reth0 unit 0 family inet address 202.100.1.10/24
set interfaces reth1 unit 0 family inet address 192.168.10.10/24
set security zones security-zone untrust interfaces reth0.0 host-inbound-traffic system-services all
set security zones security-zone untrust interfaces reth0.0 host-inbound-traffic protocols all
set security zones security-zone trust interfaces reth1.0 host-inbound-traffic system-services all
set security zones security-zone trust interfaces reth1.0 host-inbound-traffic protocols all
set security policies from-zone untrust to-zone trust policy untrust-to-trust match source-address any
set security policies from-zone untrust to-zone trust policy untrust-to-trust match destination-address any
set security policies from-zone untrust to-zone trust policy untrust-to-trust match application any
set security policies from-zone untrust to-zone trust policy untrust-to-trust then permit
set security policies from-zone trust to-zone trust policy trust-to-trust match source-address any
set security policies from-zone trust to-zone trust policy trust-to-trust match destination-address any
set security policies from-zone trust to-zone trust policy trust-to-trust match application any
set security policies from-zone trust to-zone trust policy trust-to-trust then permit