本文主要是介绍华为防火墙双机热备主备备份和负载分担配置案例(两端为路由跑ospf),希望对大家解决编程问题提供一定的参考价值,需要的开发者们随着小编来一起学习吧!
FW1
hrp enable
hrp interface GigabitEthernet1/0/2 remote 172.16.0.2
hrp ospf-cost adjust-enable
这条命令会自动把主设备standby的ospf的值调整为65000,再加上原来的默认cost开销值,如果是active则cost值不调整,为默认开销值。
interface GigabitEthernet1/0/0
undo shutdown
ip address 1.1.1.2 255.255.255.0
hrp track active
如果是负载分担就多打一条命令:hrp track standby
interface GigabitEthernet1/0/1
undo shutdown
ip address 10.1.1.2 255.255.255.0
hrp track active
如果是负载分担就多打一条命令:hrp track standby
interface GigabitEthernet1/0/2
undo shutdown
ip address 172.16.0.1 255.255.255.0
firewall zone trust
set priority 85
add interface GigabitEthernet0/0/0
add interface GigabitEthernet1/0/1
firewall zone untrust
set priority 5
add interface GigabitEthernet1/0/0
firewall zone dmz
set priority 50
add interface GigabitEthernet1/0/2
security-policy //暂时全允许
default action permit
FW2:
hrp enable
hrp interface GigabitEthernet1/0/2 remote 172.16.0.1
hrp ospf-cost adjust-enable
interface GigabitEthernet1/0/0
undo shutdown
ip address 2.2.2.2 255.255.255.0
hrp track standby
如果是负载分担就多打一条命令:hrp track active
interface GigabitEthernet1/0/1
undo shutdown
ip address 10.1.2.2 255.255.255.0
hrp track standby
如果是负载分担就多打一条命令:hrp track active
interface GigabitEthernet1/0/2
undo shutdown
ip address 172.16.0.2 255.255.255.0
firewall zone trust
set priority 85
add interface GigabitEthernet0/0/0
add interface GigabitEthernet1/0/1
firewall zone untrust
set priority 5
add interface GigabitEthernet1/0/0
firewall zone dmz
set priority 50
add interface GigabitEthernet1/0/2
security-policy
default action permit
查看
dis hrp state ver
这篇关于华为防火墙双机热备主备备份和负载分担配置案例(两端为路由跑ospf)的文章就介绍到这儿,希望我们推荐的文章对编程师们有所帮助!
