R3166-R3206-HP High-End Firewalls High Availability Configuration Guide-6PW101
51
Figure 24 Network diagram for VRRP-Track-NQA collaboration configuration
Configuration procedure
1. Configure the IP address of each interface as shown in Figure 24.
2. Configure an NQA test group on Firewall A.
<FirewallA> system-view
# Create an NQA test group with the administrator name admin and the operation tag test.
[FirewallA] nqa entry admin test
# Configure the test type as ICMP-echo.
[FirewallA-nqa-admin-test] type icmp-echo
# Configure the destination address as 10.1.2.2.
[FirewallA-nqa-admin-test-icmp-echo] destination ip 10.1.2.2
# Set the test frequency to 100 ms.
[FirewallA-nqa-admin-test-icmp-echo] frequency 100
# Configure reaction entry 1, specifying that five consecutive probe failures trigger the Track-NQA
collaboration.
[FirewallA-nqa-admin-test-icmp-echo] reaction 1 checked-element probe-fail
threshold-type consecutive 5 action-type trigger-only
[FirewallA-nqa-admin-test-icmp-echo] quit
# Start NQA probes.
[FirewallA] nqa schedule admin test start-time now lifetime forever
3. Configure a track entry on Firewall A.
# Configure track entry 1, and associate it with reaction entry 1 of the NQA test group (with the
administrator admin, and the operation tag test).
[FirewallA] track 1 nqa entry admin test reaction 1
4. Configure VRRP on Firewall A.
# Create VRRP group 1, and configure the virtual IP address 10.1.1.10 for the group.
[FirewallA] interface gigabitethernet 0/1
[FirewallA-GigabitEthernet0/1] vrrp vrid 1 virtual-ip 10.1.1.10
# Set the priority of Firewall A in VRRP group 1 to 110.
[FirewallA-GigabitEthernet0/1] vrrp vrid 1 priority 110
Host A
Firewall A
Firewall B
Virtual IP address:
10.1.1.10/24
GE0/1
10.1.1 .1/24
GE 0/1
10.1.1.2/24
Host B
10.1.1.3/24
20.1.1.1/24
Internet
GE 0/2
10.1.2.1/24
GE 0/2
10.1.3.1/24
Eth 1/1
10 .1 .3.2/24
Eth 1/1
10 .1 .2.2/24
Router A
Router B