Manualshelf

R3166-R3206-HP High-End Firewalls High Availability Configuration Guide-6PW101

ManualsBrandsHP ManualsComputer AccessoriesHP 7100/7200 IPsec dl Module
61626364656667686970
56
Destination/Mask Proto Pre Cost NextHop Interface
10.2.1.0/24 Direct 0 0 10.2.1.2 GE0/1
10.2.1.2/32 Direct 0 0 127.0.0.1 InLoop0
127.0.0.0/8 Direct 0 0 127.0.0.1 InLoop0
127.0.0.1/32 Direct 0 0 127.0.0.1 InLoop0
The output information indicates the NQA test result, that is, the next hop 10.2.1.1 is unreachable (the
status of the track entry is Negative), and the configured static route is invalid.
VRRP-track-interface management collaboration configuration
example (the master monitors the uplink interface)
Network requirements
As shown in Figure 26, Host A needs to access Host B on the Internet. The default gateway of Host
A i s 10 .1.1.10 / 24 .
Firewall A and Firewall B belong to VRRP group 1, whose virtual IP address is 10.1.1.10.
When Firewall A works normally, packets from Host A to Host B are forwarded through Firewall A.
When VRRP detects that there is a fault on the uplink interface of Firewall A through the interface
management module, packets from Host A to Host B are forwarded through Firewall B.
Figure 26 Network diagram for VRRP-track-interface management collaboration configuration
Configuration procedure
1. Configure the IP address of each interface as shown in Figure 26.
2. Configure a track entry on Firewall A.
# Configure track entry 1, and associate it with the physical status of the uplink interface GE0/2.
[FirewallA] track 1 interface gigabitethernet 0/2
3. Configure VRRP on Firewall A.
# Create VRRP group 1, and configure the virtual IP address 10.1.1.10 for the group.
[FirewallA] interface gigabitethernet 0/1
[FirewallA-GigabitEthernet0/1] vrrp vrid 1 virtual-ip 10.1.1.10
# Set the priority of Firewall A in VRRP group 1 to 110.