Manualshelf

R3721-F3210-F3171-HP High-End Firewalls High Availability Configuration Guide-6PW101

ManualsBrandsHP ManualsComputer AccessoriesHP 7100/7200 IPsec dl Module
81828384858687888990
78
# Start the NQA test.
[FirewallA] nqa schedule admin test start-time now lifetime forever
3. Configure a track entry on Firewall A:
# Configure track entry 1, and associate it with reaction entry 1 of the NQA test group (with the
administrator admin, and the operation tag test).
[FirewallA] track 1 nqa entry admin test reaction 1
4. Configure VRRP on Firewall A:
# Create VRRP group 1, and configure the virtual IP address 10.1.1.10 for the group.
[FirewallA] interface gigabitethernet 0/1
[FirewallA-GigabitEthernet0/1] vrrp vrid 1 virtual-ip 10.1.1.10
# Set the priority of Router A in VRRP group 1 to 110.
[FirewallA-GigabitEthernet0/1] vrrp vrid 1 priority 110
# Set the authentication mode of VRRP group 1 to simple, and the authentication key to hello.
[FirewallA-GigabitEthernet0/1] vrrp vrid 1 authentication-mode simple hello
# Configure the master to send VRRP packets at an interval of five seconds.
[FirewallA-GigabitEthernet0/1] vrrp vrid 1 timer advertise 5
# Configure Firewall A to work in preemptive mode, and set the preemption delay to five seconds.
[FirewallA-GigabitEthernet0/1] vrrp vrid 1 preempt-mode timer delay 5
# Configure to monitor track entry 1 and specify the priority decrement to 30.
[FirewallA-GigabitEthernet0/1] vrrp vrid 1 track 1 reduced 30
5. Configure VRRP on Firewall B:
<FirewallB> system-view
[FirewallB] interface gigabitethernet 0/1
# Create VRRP group 1, and configure the virtual IP address 10.1.1.10 for the group.
[FirewallB-GigabitEthernet0/1] vrrp vrid 1 virtual-ip 10.1.1.10
# Set the authentication mode of VRRP group 1 to simple, and the authentication key to hello.
[FirewallB-GigabitEthernet0/1] vrrp vrid 1 authentication-mode simple hello
# Configure the master to send VRRP packets at an interval of five seconds.
[FirewallB-GigabitEthernet0/1] vrrp vrid 1 timer advertise 5
# Configure Router B to work in preemptive mode, and set the preemption delay to five seconds.
[FirewallB-GigabitEthernet0/1] vrrp vrid 1 preempt-mode timer delay 5
6. Verify the configuration:
After configuration, ping Host B on Host A, and you can see that Host B is reachable. To view the
configuration result, use the display vrrp command.
# Display detailed information about VRRP group 1 on Firewall A.
[FirewallA-GigabitEthernet0/1] display vrrp verbose
IPv4 Standby Information:
Run Mode : Standard
Run Method : Virtual MAC
Total number of virtual routers : 1
Interface GigabitEthernet0/1
VRID : 1 Adver Timer : 5
Admin Status : Up State : Master
Config Pri : 110 Running Pri : 110
Preempt Mode : Yes Delay Time : 5