HP VPN Firewall Appliances High Availability Configuration Guide

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module

171

172

173

174

175

176

177

178

179

180

165

Please wait... Done.

Configuring GigabitEthernet0/1... Done.

Configuring GigabitEthernet0/2... Done.

[FirewallA-Bridge-Aggregation1] quit

# Configure the device to use the source and destination IP addresses of packets as the global

link-aggregation load sharing criteria.

[FirewallA] link-aggregation load-sharing mode source-ip destination-ip

b. Configure Firewall B in the same way Firewall A is configured. (Details not shown.)

3. Verify the configuration

# Display summary information about all aggregation groups on Firewall A.

[FirewallA] display link-aggregation summary

Aggregation Interface Type:

BAGG -- Bridge-Aggregation, RAGG -- Route-Aggregation

Aggregation Mode: S -- Static, D -- Dynamic

Loadsharing Type: Shar -- Loadsharing, NonS -- Non-Loadsharing

Actor System ID: 0x8000, 000f-e2ff-0001

AGG AGG Partner ID Select Unselect Share

Interface Mode Ports Ports Type

-------------------------------------------------------------------------------

BAGG1 D 0x8000, 000f-e2ff-0002 2 0 Shar

The output shows that link aggregation group 1 is a load-shared Layer 2 dynamic aggregation

group, and it contains two Selected ports.

# Display the global link-aggregation load sharing criteria on Firewall A.

[FirewallA] display link-aggregation load-sharing mode

Link-Aggregation Load-Sharing Mode:

destination-ip address, source-ip address

The output shows that all link aggregation groups created on the device perform load sharing

based on source and destination IP addresses.

Layer 2 aggregation load sharing configuration example

1. Network requirements

As shown in Figure 75, configure two Layer 2 static aggregation grou

ps (1 and 2) on Firewall A

and Firewall B, and enable VLAN 10 at one end of the aggregate link to communicate with VLAN

10 at the other end, and enable VLAN 20 at one end to communicate with VLAN 20 at the other

end.

Configure the load sharing criterion for link aggregation group 1 as the source IP addresses of

packets and the load sharing criterion for link aggregation group 2 as the destination IP addresses

of packets to enable traffic to be load-shared across aggregation group member ports.