Manualshelf

R3166-R3206-HP High-End Firewalls High Availability Configuration Guide-6PW101

ManualsBrandsHP ManualsComputer AccessoriesHP 7100/7200 IPsec dl Module
31323334353637383940
28
Figure 14 Network diagram for interface tracking in VRRP
2. Configuration procedure
a. Configure Firewall A
<FirewallA> system-view
[FirewallA] interface GigabitEthernet 0/2
[FirewallA-GigabitEthernet0/2] ip address 202.38.160.1 255.255.255.0
# Create VRRP group 1 and configure its virtual IP address as 202.38.160.111.
[FirewallA-GigabitEthernet0/2] vrrp vrid 1 virtual-ip 202.38.160.111
# Configure the priority of Firewall A in the VRRP group as 110, which is higher than that of Firewall B
(100), so that Firewall A can become the master.
[FirewallA-GigabitEthernet0/2] vrrp vrid 1 priority 110
# Configure the authentication mode of the VRRP group as simple and authentication key as hello.
[FirewallA-GigabitEthernet0/2] vrrp vrid 1 authentication-mode simple hello
# Configure the master to send VRRP packets every four seconds.
[FirewallA-GigabitEthernet0/2] vrrp vrid 1 timer advertise 4
# Configure Firewall A to work in preemptive mode, so that it can become the master whenever it works
normally. Configure the preemption delay as five seconds to avoid frequent status switchover.
[FirewallA-GigabitEthernet0/2] vrrp vrid 1 preempt-mode timer delay 5
# Set interface GigabitEthernet 0/1 on Firewall A to be tracked, and configure the amount by which the
priority value decreases to be more than 10 (30 in this example), so that when GigabitEthernet 0/1 fails,
the priority of Firewall A in VRRP group 1 decreases to a value lower than 100 and thus Firewall B can
become the master.
[FirewallA-GigabitEthernet0/2] vrrp vrid 1 track interface GigabitEthernet 0/1 reduced
30
b. Configure Firewall B
<FirewallB> system-view
[FirewallB] interface GigabitEthernet 0/2
[FirewallB-GigabitEthernet0/2] ip address 202.38.160.2 255.255.255.0
# Create VRRP group 1 and configure its virtual IP address as 202.38.160.111.
[FirewallB-GigabitEthernet0/2] vrrp vrid 1 virtual-ip 202.38.160.111
# Configure the authentication mode of the VRRP group as simple and authentication key as hello.