R3166-R3206-HP High-End Firewalls High Availability Configuration Guide-6PW101

ManualsBrandsHP ManualsComputer AccessoriesHP 7100/7200 IPsec dl Module

121

122

123

124

125

126

127

128

129

130

117

[FirewallA-GigabitEthernet0/1] quit

[FirewallA] interface gigabitethernet 0/2

[FirewallA-GigabitEthernet0/2] port link-aggregation group 1

[FirewallA-GigabitEthernet0/2] quit

[FirewallA] interface gigabitethernet 0/3

[FirewallA-GigabitEthernet0/3] port link-aggregation group 1

[FirewallA-GigabitEthernet0/3] quit

# Configure Layer 2 aggregate interface Bridge-Aggregation 1 as a trunk port and assign it to VLANs

10 and 20.

[FirewallA] interface bridge-aggregation 1

[FirewallA-Bridge-Aggregation1] port link-type trunk

[FirewallA-Bridge-Aggregation1] port trunk permit vlan 10 20

Please wait... Done.

Configuring GigabitEthernet0/1... Done.

Configuring GigabitEthernet0/2... Done.

Configuring GigabitEthernet0/3... Done.

[FirewallA-Bridge-Aggregation1] quit

Step2 Configure Firewall B

Configure Firewall B as you configure Firewall A.

Step3 Verify the configurations

# Display the summary information about all aggregation groups on Firewall A.

[FirewallA] display link-aggregation summary

Aggregation Interface Type:

BAGG -- Bridge-Aggregation, RAGG -- Route-Aggregation

Aggregation Mode: S -- Static, D -- Dynamic

Loadsharing Type: Shar -- Loadsharing, NonS -- Non-Loadsharing

Actor System ID: 0x8000, 000f-e2ff-0001

AGG AGG Partner ID Select Unselect Share

Interface Mode Ports Ports Type

-------------------------------------------------------------------------------

BAGG1 D 0x8000, 000f-e2ff-0002 3 0 Shar

The output shows that link aggregation group 1 is a load shared Layer 2 dynamic aggregation group

and it contains three selected ports.

Layer 2 Aggregation Load Sharing Configuration Example

Network requirements

As shown in Figure 46:

• Firewall A and Firewall B are connected by their Layer 2 Ethernet interfaces GigabitEthernet 0/1

through GigabitEthernet 0/4.

• Configure two Layer 2 static link aggregation groups (1 and 2) on Firewall A and Firewall B

respectively, enable VLAN 10 at one end of the aggregate link to communicate with VLAN 10 at the

other end, and VLAN 20 at one end to communicate with VLAN 20 at the other end.