華為USG防火墻備份---hrp與ip-link聯(lián)動

發(fā)布時間：2020-07-06 18:28:28 來源：網(wǎng)絡(luò) 閱讀：2623 作者：freeit_zfz 欄目：安全技術(shù)

fw1:

interfaceGigabitEthernet0/0/0

ip address 192.168.1.2 255.255.255.0

hrp track master

interfaceGigabitEthernet0/0/1

ip address 202.100.1.1 255.255.255.0

hrp track master

hrp mirror sessionenable

hrp enable

hrp ospf-costadjust-enable

hrp interfaceGigabitEthernet0/0/2

ip-link check enable

ip-link 1destination 100.100.100.100 interface g0/0/1 mode icmp

hrp track ip-link 1master

fw2:

interfaceGigabitEthernet0/0/0

ip address 192.168.2.2 255.255.255.0

hrp track slave

interfaceGigabitEthernet0/0/1

ip address 202.100.2.1 255.255.255.0

hrp track slave

hrp mirror sessionenable

hrp enable

hrp ospf-costadjust-enable

hrp interfaceGigabitEthernet0/0/2

ip-link check enable

ip-link 1destination 100.100.100.100 interface g0/0/1 mode icmp

hrp track ip-link 1salve

-----------------------------------------------------------------------------------------

查看HRP狀態(tài)：

HRP_M[FW1]dis hrpstate

09:49:06 2014/07/24

The firewall's config state is: MASTER

Current state of interfaces tracked by master:

GigabitEthernet0/0/0 : up

GigabitEthernet0/0/1 : up

HRP_S[FW2]dis hrpstate

09:49:27 2014/07/24

The firewall's config state is: SLAVE

Current state of interfaces tracked by slave:

GigabitEthernet0/0/0 : up

GigabitEthernet0/0/1 : up

--------------------------------------------------------------------------------------------------

查看ip-link狀態(tài)：

HRP_M[FW1]disip-link

09:38:14 2014/07/24

num state timer***-instance ip-address interface-name mode vgmp next-hop

1 up 3 100.100.100.100GE0/0/1 icmp master

HRP_S[FW2]disip-link

09:38:21 2014/07/24

num state timer***-instance ip-address interface-name mode vgmp next-hop

1 up 3 100.100.100.100 GE0/0/1 icmp slave

----------------------------------------------------------------------------------------------------------------

當(dāng)服fw1的G0/0/1或G0/0/0失效后，hrp主備切換。

HRP_M[FW1]intg0/0/1

HRP_M[FW1-GigabitEthernet0/0/1]shutdown

HRP_S[FW1-GigabitEthernet0/0/1]dis hrp state

10:30:25 2014/07/24

The firewall's config state is: SLAVE

Current state of interfaces tracked by master:

GigabitEthernet0/0/0 : up

GigabitEthernet0/0/1 : down

HRP_M[FW2]display hrp state

10:30:56 2014/07/24

The firewall's config state is: MASTER

Current state of interfaces tracked by slave:

GigabitEthernet0/0/0 : up

GigabitEthernet0/0/1 : up

----------------------------------------------------------------------------------

當(dāng)?shù)竭_(dá)outside路由器100.100.100.100地址失效后，ip-link檢查失效，hrp主備切換。

[Outside-LoopBack0]intg0/0/0

[Outside-GigabitEthernet0/0/0]shutdown （到達(dá)100.100.100.100不通，ip-link檢查失效）

HRP_S[FW1]display hrp state

10:34:28 2014/07/24

The firewall's config state is: SLAVE

Current state of interfaces tracked by master:

GigabitEthernet0/0/0 : up

GigabitEthernet0/0/1 : up

HRP_M[FW2]display hrp state

10:34:46 2014/07/24

The firewall's config state is: MASTER

Current state of interfaces tracked by slave:

GigabitEthernet0/0/0 : up

GigabitEthernet0/0/1 : up

HRP_S[FW1]dis ip-link

11:06:44 2014/07/24

num state timer***-instance ip-address interface-name mode vgmp next-hop

1 down 3 100.100.100.100 GE0/0/1 icmp master

HRP_M[FW2]dis ip-link

11:07:03 2014/07/24

num state timer***-instance ip-address interface-name mode vgmp next-hop

1 up 3 100.100.100.100 GE0/0/1 icmp slave

向AI問一下細(xì)節(jié)

華為USG防火墻備份---hrp與ip-link聯(lián)動

猜你喜歡

最新資訊

相關(guān)推薦

相關(guān)標(biāo)簽