⽹络拓扑
要求:
企业前期是⼀台防⽕墙,为了提⾼⽹络可靠性,并且在不影响原先防⽕墙配置情况下,新增⼀台防⽕墙做双机热备。两台FW的业务接⼝都⼯作在三层,下⾏为三层核⼼交换机。上⾏为⼆层交换机连接运营商的接⼊点,运营商为企业分配的IP地址为100.1.1.1-100.1.1.6
配置思路:
两台防⽕墙型号必须要求⼀样,配置镜像模式前需要先完成双机热备的⽹络连接和基本配置,但是不需要配置业务接⼝和路由等。
1. 在两台FW上分别完成双机热备基本配置,包括VGMP组监控业务接⼝(hrp track interface)、⼼跳⼝配置和启⽤双机热备功能。
智能筷子2. 在两台FW上启⽤镜像模式,并进⾏⼿⼯批量备份。
3. 在其中⼀台FW完成⽹络配置,保证内⽹⽤户能够访问Internet。
4. 镜像模式形成后,所有配置(包括接⼝和路由等配置)都只需在⼀台FW上配置即可,配置会⾃动备份到另外⼀台FW。
⼀、双机热备前配置
1、PC和server配置
2、接⼊层交换机SW5配置
<Huawei>system-view
[Huawei]sysname SW5
[SW5]vlan batch 10 20
[SW5]interface GigabitEthernet 0/0/4
[SW5-GigabitEthernet0/0/4]port link-type access
化妆品软管[SW5-GigabitEthernet0/0/4]port default vlan 10
[SW5-GigabitEthernet0/0/4]quit
[SW5]interface GigabitEthernet 0/0/5
[SW5-GigabitEthernet0/0/5]port link-type access
[SW5-GigabitEthernet0/0/5]port default vlan 20
[SW5-GigabitEthernet0/0/5]quit
[SW5]interface GigabitEthernet 0/0/2
[SW5-GigabitEthernet0/0/2]port link-type trunk
[SW5-GigabitEthernet0/0/2]port trunk allow-pass vlan all [SW5-GigabitEthernet0/0/2]quit
[SW5]interface GigabitEthernet 0/0/3
[SW5-GigabitEthernet0/0/3]port link-type trunk
[SW5-GigabitEthernet0/0/3]port trunk allow-pass vlan all [SW5-GigabitEthernet0/0/3]quit
3、核⼼交换机配置
SW3
[SW3]interface Vlanif 10
[SW3-Vlanif10]ip address 192.168.10.252 24
[SW3-Vlanif10]vrrp vrid 10 virtual-ip 192.168.10.254
[SW3-Vlanif10]vrrp vrid 10 priority 101
[SW3-Vlanif10]vrrp vrid 10 track interface GigabitEthernet 0/0/2 reduced 10 [SW3-Vlanif10]vrrp vrid 10 track interface GigabitEthernet 0/0/1 reduced 10 [SW3-Vlanif10]quit
[SW3]interface Vlanif 20
[SW3-Vlanif20]ip address 192.168.20.252 24
[SW3-Vlanif20]vrrp vrid 20 virtual-ip 192.168.20.254
[SW3-Vlanif20]vrrp vrid 20 priority 101
[SW3-Vlanif20]vrrp vrid 20 track interface GigabitEthernet 0/0/1 reduced 10 [SW3-Vlanif20]vrrp vrid 20 track interface GigabitEthernet 0/0/2 reduced 10 [SW3-Vlanif20]quit
摄影箱
[SW3]interface Vlanif 30
[SW3-Vlanif30]ip address 192.168.30.252 24
[SW3-Vlanif30]vrrp vrid 30 virtual-ip 192.168.30.254
[SW3-Vlanif30]vrrp vrid 30 priority 101
[SW3-Vlanif30]vrrp vrid 30 track interface GigabitEthernet 0/0/1 reduced 10 [SW3-Vlanif30]vrrp vrid 30 track interface GigabitEthernet 0/0/2 reduced 10 [SW3-Vlanif30]quit纳米珍珠粉
[SW3]interface Eth-Trunk 1
[SW3-Eth-Trunk1]trunkport GigabitEthernet 0/0/7
[SW3-Eth-Trunk1]trunkport GigabitEthernet 0/0/8
[SW3-Eth-Trunk1]port link-type trunk
[SW3-Eth-Trunk1]port trunk allow-pass vlan all
[SW3-Eth-Trunk1]quit
[SW3]interface GigabitEthernet 0/0/2
[SW3-GigabitEthernet0/0/2]port link-type trunk
[SW3-GigabitEthernet0/0/2]port trunk allow-pass vlan all
[SW3-GigabitEthernet0/0/2]quit
[SW3]interface GigabitEthernet 0/0/1
[SW3-GigabitEthernet0/0/1]port link-type access
[SW3-GigabitEthernet0/0/1]port default vlan 30
[SW3-GigabitEthernet0/0/1]quit
[SW3]ip route-static 0.0.0.0 0.0.0.0 192.168.30.12
SW4
[SW4]interface Vlanif 10
[SW4-Vlanif10]ip address 192.168.10.253 24
核酸提取纯化方法[SW4-Vlanif10]vrrp vrid 10 virtual-ip 192.168.10.254 [SW4-Vlanif10]quit
[SW4]interface Vlanif 20
[SW4-Vlanif20]ip address 192.168.20.253 24
[SW4-Vlanif20]vrrp vrid 20 virtual-ip 192.168.20.254 [SW4-Vlanif20]quit
[SW4]interface Vlanif 30
精准灌溉系统海棠[SW4-Vlanif30]ip address 192.168.30.253 24
[SW4-Vlanif30]vrrp vrid 30 virtual-ip 192.168.30.254 [SW4-Vlanif30]quit
[SW4]interface Eth-Trunk 1
[SW4-Eth-Trunk1]trunkport GigabitEthernet 0/0/7
[SW4-Eth-Trunk1]trunkport GigabitEthernet 0/0/8
[SW4-Eth-Trunk1]port link-type trunk
[SW4-Eth-Trunk1]port trunk allow-pass vlan all
[SW4-Eth-Trunk1]quit
[SW4]interface GigabitEthernet 0/0/3
[SW4-GigabitEthernet0/0/3]port link-type trunk
[SW4-GigabitEthernet0/0/3]port trunk allow-pass vlan all [SW4-GigabitEthernet0/0/3]quit
[SW4]interface GigabitEthernet 0/0/1
[SW4-GigabitEthernet0/0/1]port link-type access
[SW4-GigabitEthernet0/0/1]port default vlan 30
[SW4-GigabitEthernet0/0/1]quit
[SW4]ip route-static 0.0.0.0 0.0.0.0 192.168.30.12
4、防⽕墙FW1配置
豫公网安备41160202000603
站长QQ:729038198
关于我们
投诉建议