华为防火墙vrrp+hrp双机热备负载分担（两端为交换机）

在这里插入图片描述

主要配置：

FW1

hrp enable
hrp interface GigabitEthernet1/0/2 remote 172.16.0.2

interface GigabitEthernet1/0/0
这里可以假想为接两条外线，一条外线对应一个vrrid
undo shutdown
ip address 1.1.1.2 255.255.255.0
vrrp vrid 3 virtual-ip 1.1.1.1 active
vrrp vrid 4 virtual-ip 1.1.1.8 standby

这里假想为一个vrrid对应一个vlan，为了节省时间就vrip写成一个段了。
interface GigabitEthernet1/0/1
undo shutdown
ip address 10.1.1.2 255.255.255.0
vrrp vrid 1 virtual-ip 10.1.1.1 active
vrrp vrid 2 virtual-ip 10.1.1.8 standby

interface GigabitEthernet1/0/2
undo shutdown
ip address 172.16.0.1 255.255.255.0

firewall zone trust
set priority 85
add interface GigabitEthernet0/0/0
add interface GigabitEthernet1/0/1

firewall zone untrust
set priority 5
add interface GigabitEthernet1/0/0

firewall zone dmz
set priority 50
add interface GigabitEthernet1/0/2

security-policy //暂时全允许
default action permit

FW2:

hrp enable
hrp interface GigabitEthernet1/0/2 remote 172.16.0.1

interface GigabitEthernet1/0/0
undo shutdown
ip address 1.1.1.3 255.255.255.0
vrrp vrid 3 virtual-ip 1.1.1.1 standby
vrrp vrid 4 virtual-ip 1.1.1.8 active

interface GigabitEthernet1/0/1
undo shutdown
ip address 10.1.1.3 255.255.255.0
vrrp vrid 1 virtual-ip 10.1.1.1 standby
vrrp vrid 2 virtual-ip 10.1.1.8 active

interface GigabitEthernet1/0/2
undo shutdown
ip address 172.16.0.2 255.255.255.0

firewall zone trust
set priority 85
add interface GigabitEthernet0/0/0
add interface GigabitEthernet1/0/1

firewall zone untrust
set priority 5
add interface GigabitEthernet1/0/0

firewall zone dmz
set priority 50
add interface GigabitEthernet1/0/2

security-policy
default action permit

查看：
dis hrp state verbose

本文来自互联网用户投稿，该文观点仅代表作者本人，不代表本站立场。本站仅提供信息存储空间服务，不拥有所有权，不承担相关法律责任。如若转载，请注明出处：/a/131723.html

如若内容造成侵权/违法违规/事实不符，请联系我们进行投诉反馈qq邮箱809451989@qq.com，一经查实，立即删除！