F3726, F3211, F3174, R5135, R3816-HP Firewalls and UTM Devices High Availability Configuration Guide-6PW100

ManualsBrandsHP ManualsComputer AccessoriesHP 7100/7200 IPsec dl Module

171

172

173

174

175

176

177

178

179

180

168

# Assign Layer 3 interfaces GigabitEthernet 0/1 through GigabitEthernet 0/3 to aggregation

group 1.

[FirewallA] interface gigabitethernet 0/1

[FirewallA-GigabitEthernet0/1] port link-aggregation group 1

[FirewallA-GigabitEthernet0/1] quit

[FirewallA] interface gigabitethernet 0/2

[FirewallA-GigabitEthernet0/2] port link-aggregation group 1

[FirewallA-GigabitEthernet0/2] quit

[FirewallA] interface gigabitethernet 0/3

[FirewallA-GigabitEthernet0/3] port link-aggregation group 1

[FirewallA-GigabitEthernet0/3] quit

# Configure the global link-aggregation load-sharing criteria as the source and destination IP

addresses of packets.

[FirewallA] link-aggregation load-sharing mode source-ip destination-ip

b. Configure Firewall B in the same way as you configure Firewall A. (Details not shown.)

c. Verify the configurations:

# Display summary information about all aggregation groups on Firewall A.

[FirewallA] display link-aggregation summary

Aggregation Interface Type:

BAGG -- Bridge-Aggregation, RAGG -- Route-Aggregation

Aggregation Mode: S -- Static, D -- Dynamic

Loadsharing Type: Shar -- Loadsharing, NonS -- Non-Loadsharing

Actor System ID: 0x8000, 000f-e2ff-0001

AGG AGG Partner ID Select Unselect Share

Interface Mode Ports Ports Type

------------------------------------------------------------------------------

RAGG1 S none 3 0 Shar

The output shows that link aggregation group 1 is a load-sharing-capable Layer 3 static

aggregation group that contains three Selected ports.

# Display the global link-aggregation load-sharing criteria on Firewall A.

[FirewallA] display link-aggregation load-sharing mode

Link-Aggregation Load-Sharing Mode:

destination-ip address, source-ip address

The output shows that the global link-aggregation load-sharing criteria are the source and

destination IP addresses of packets.

369BLayer 3 dynamic aggregation configuration example

1. Network requirements

As shown in

604HFigure 76, configure a Layer 3 dynamic aggregation group on Firewall A and

Firewall B, and configure IP addresses and subnet masks for the Layer 3 aggregate interfaces.

Enable traffic to be load-shared across aggregation group member ports based on source and

destination IP addresses.