Manualshelf

R3166-R3206-HP High-End Firewalls High Availability Configuration Guide-6PW101

ManualsBrandsHP ManualsComputer AccessoriesHP 7100/7200 IPsec dl Module
121122123124125126127128129130
123
The output shows that link aggregation group 1 is a load-shared Layer 3 dynamic aggregation group
and it contains three selected ports.
# Display the global link-aggregation load sharing criteria on Firewall A.
[FirewallA] display link-aggregation load-sharing mode
Link-Aggregation Load-Sharing Mode:
destination-ip address, source-ip address
The output shows that the global link-aggregation load sharing criteria are the source and destination IP
addresses of packets.
Layer 3 Aggregation Load Sharing Configuration Example
Network requirements
As shown in Figure 49:
Firewall A and Firewall B are connected by their Layer 3 Ethernet interfaces GigabitEthernet 0/1
through GigabitEthernet 0/4.
Configure two Layer 3 static link aggregation groups (1 and 2) on Firewall A and Firewall B
respectively and configure IP addresses and subnet masks for the corresponding Layer 3 aggregate
interfaces.
Configure link aggregation group 1 to perform load sharing based on source IP address and link
aggregation group 2 to perform load sharing based on destination IP address.
Figure 49 Network diagram for Layer 3 aggregation load sharing configuration
Configuration procedure
Step1 Configure Firewall A
# Create Layer 3 aggregate interface Route-Aggregation 1, configure it to perform load sharing based
on source IP address, and configure an IP address and subnet mask for the aggregate interface.
<FirewallA> system-view
[FirewallA] interface route-aggregation 1
[FirewallA-Route-Aggregation1] link-aggregation load-sharing mode source-ip
[FirewallA-Route-Aggregation1] ip address 192.168.1.1 24
[FirewallA-Route-Aggregation1] quit
# Assign Layer 3 Ethernet interfaces GigabitEthernet 0/1 and GigabitEthernet 0/2 to aggregation
group 1.
[FirewallA] interface gigabitethernet 0/1
[FirewallA-GigabitEthernet0/1] port link-aggregation group 1
[FirewallA-GigabitEthernet0/1] quit
[FirewallA] interface gigabitethernet 0/2
[FirewallA-GigabitEthernet0/2] port link-aggregation group 1
[FirewallA-GigabitEthernet0/2] quit