HRP VRRP 基础实验

拓扑图

配置需求： FW1/2配置VRRP，FW1故障时流量自动切换到FW2设备

配置思路：

1. FW1 FW2 配置HRP协议，实现管理VRRP和同步双机配置。
2. FW1 FW2 配置VRRP协议。
3. 配置交换机SW1 SW2。
4. 验证配置。

配置命令

1.防火墙双机基础配置和HRP协议

#FW1

sys
sysn FW1
int g1/0/0
ip addr 192.168.100.1 24
service-manage ping permit
int g1/0/1
ip addr 172.16.1.1 24
service-manage ping permit
int g1/0/2
ip addr 12.0.0.1 24

ip route-static 192.168.1.0 24 192.168.100.2
ip route-static 192.168.2.0 24 172.16.1.2

firewall zone trust
add int g1/0/0
add int g1/0/2
firewall zone untrust
add int g1/0/1

security-policy
rule name trust
source-zone local
source-zone trust
destination-zone local
destination-zone trust
destination-zone untrust
action permit

hrp en
hrp int g1/0/2 remote 12.0.0.2

#FW2

sys
sysn FW2
int g1/0/0
ip addr 192.168.100.3 24
service-manage ping permit
int g1/0/1
ip addr 172.16.1.3 24
service-manage ping permit
int g1/0/2
ip addr 12.0.0.2 24

ip route-static 192.168.1.0 24 192.168.100.2
ip route-static 192.168.2.0 24 172.16.1.2

firewall zone trust
add int g1/0/0
add int g1/0/2
firewall zone untrust
add int g1/0/1

security-policy
rule name trust
source-zone local
source-zone trust
destination-zone local
destination-zone trust
destination-zone untrust
action permit

hrp en
hrp int g1/0/2 remote 12.0.0.1

2.双机防火墙VRRP配置

#FW1

int g1/0/0
vrrp vrid 1 virtual-ip 192.168.100.254 active
int g1/0/1
vrrp vrid 2 virtual-ip 172.16.1.254 active

#FW2

int g1/0/0
vrrp vrid 1 virtual-ip 192.168.100.254 standby
int g1/0/1
vrrp vrid 2 virtual-ip 172.16.1.254 standby

3.SW1 SW2接入交换机配置

#SW1

sys
sysn SW1
vlan batch 10 20
int vlan 10
ip addr 192.168.1.1 24
int vlan 20
ip addr 192.168.100.2 24

int g0/0/3
port link-type access
port default vlan 10
port-group group-member g0/0/1 to g0/0/2
port link-type access
port default vlan 20

ip route-static 0.0.0.0 0 192.168.100.254

#SW2

sys
sysn SW2
vlan batch 10 20
int vlan 10
ip addr 192.168.2.1 24
int vlan 20
ip addr 172.16.1.2 24

int g0/0/3
port link-type access
port default vlan 10
port-group group-member g0/0/1 to g0/0/2
port link-type access
port default vlan 20

ip route-static 0.0.0.0 0 172.16.1.254

结果验证：当主防火离线时3个丢包后自动切换，当主防火墙恢复在线时出现一个包超时。

0x0

HRP VRRP 基础实验

BGP MPLS VPN 跨域方案C &RR反射器

Hub&Spoke组网方式一

MPLS VPN 基础实验2

VRF 虚拟路由转发

MPLS VPN 跨域方案 C方式一

HRP VRRP 基础实验

openwrt 软路由wireshark ssh tcpdump远程抓包

BGP MPLS VPN 跨域方案C &RR反射器

Hub&Spoke组网方式一

MPLS VPN 基础实验2

VRF 虚拟路由转发

MPLS VPN 跨域方案 C方式一