F3726, F3211, F3174, R5135, R3816-HP Firewalls and UTM Devices High Availability Configuration Guide-6PW100
162
Figure 72 Network diagram
2. Configuration procedure
a. Configure Firewall A:
# Create VLAN 10, and assign port GigabitEthernet 0/3 to VLAN 10.
<FirewallA> system-view
[FirewallA] vlan 10
[FirewallA-vlan10] port gigabitethernet 0/3
[FirewallA-vlan10] quit
# Create VLAN 20, and assign port GigabitEthernet 0/4 to VLAN 20.
[FirewallA] vlan 20
[FirewallA-vlan20] port gigabitethernet 0/4
[FirewallA-vlan20] quit
# Create Layer 2 aggregate interface Bridge-Aggregation 1.
[FirewallA] interface bridge-aggregation 1
[FirewallA-Bridge-Aggregation1] quit
# Assign ports GigabitEthernet 0/1 and GigabitEthernet 0/2 to link aggregation group 1.
[FirewallA] interface gigabitethernet 0/1
[FirewallA-GigabitEthernet0/1] port link-aggregation group 1
[FirewallA-GigabitEthernet0/1] quit
[FirewallA] interface gigabitethernet 0/2
[FirewallA-GigabitEthernet0/2] port link-aggregation group 1
[FirewallA-GigabitEthernet0/2] quit
# Configure Layer 2 aggregate interface Bridge-Aggregation 1 as a trunk port and assign it to
VLANs 10 and 20.
[FirewallA] interface bridge-aggregation 1
[FirewallA-Bridge-Aggregation1] port link-type trunk
[FirewallA-Bridge-Aggregation1] port trunk permit vlan 10 20
Please wait... Done.
Configuring GigabitEthernet0/1... Done.
Configuring GigabitEthernet0/2... Done.
[FirewallA-Bridge-Aggregation1] quit
# Configure Device A to use the source and destination IP addresses of packets as the global
link-aggregation load-sharing criteria.
[FirewallA] link-aggregation load-sharing mode source-ip destination-ip
GE0/1
GE0/2
Link aggregation 1
GE0/1
GE0/2
BAGG1 BAGG1
Firewall A Firewall B
VLAN 10
VLAN 20
GE0/3
GE0/4
VLAN 10
VLAN 20
GE0/3
GE0/4