Manualshelf

F3726, F3211, F3174, R5135, R3816-HP Firewalls and UTM Devices High Availability Configuration Guide-6PW100

ManualsBrandsHP ManualsComputer AccessoriesHP 7100/7200 IPsec dl Module
31323334353637383940
33
[FirewallB-GigabitEthernet0/1] vrrp vrid 1 authentication-mode simple hello
# Configure the master to send VRRP packets every four seconds.
[FirewallB-GigabitEthernet0/1] vrrp vrid 1 timer advertise 4
# Configure Firewall B to operate in preemptive mode, so that Firewall B can become the master
after the priority of Firewall A decreases to a value lower than 100. Configure the preemption
delay as five seconds to avoid frequent status switchover.
[FirewallB-GigabitEthernet0/1] vrrp vrid 1 preempt-mode timer delay 5
3. Verify the configuration:
After the configuration, Host B can be pinged successfully on Host A. To verify your configuration,
use the display vrrp verbose command.
# Display the detailed information about VRRP group 1 on Firewall A.
[FirewallA-GigabitEthernet0/1] display vrrp verbose
IPv4 Standby Information:
Run Mode : Standard
Run Method : Virtual MAC
Total number of virtual routers : 1
Interface GigabitEthernet0/1
VRID : 1 Adver Timer : 4
Admin Status : Up State : Master
Config Pri : 110 Running Pri : 110
Preempt Mode : Yes Delay Time : 5
Auth Type : Simple Key : hello
Virtual IP : 202.38.160.111
Virtual MAC : 0000-5e00-0101
Master IP : 202.38.160.1
VRRP Track Information:
Track Interface: GE0/2 State : Up Pri Reduced : 30
# Display the detailed information about VRRP group 1 on Firewall B.
[FirewallB-GigabitEthernet0/1] display vrrp verbose
IPv4 Standby Information:
Run Mode : Standard
Run Method : Virtual MAC
Total number of virtual routers : 1
Interface GigabitEthernet0/1
VRID : 1 Adver Timer : 4
Admin Status : Up State : Backup
Config Pri : 100 Running Pri : 100
Preempt Mode : Yes Delay Time : 5
Become Master : 4200ms left
Auth Type : Simple Key : hello
Virtual IP : 202.38.160.111
Master IP : 202.38.160.1
The output shows that in VRRP group 1 Firewall A is the master, Firewall B is the backup and
packets sent from Host A to host B are forwarded by Firewall A.
If interface GigabitEthernet 0/2 through which Firewall A connects to the Internet is not available,
you can still successfully ping Host B on Host A. To view the detailed information about the VRRP
group, use the display vrrp verbose command.