Manualshelf

HP VPN Firewall Appliances High Availability Configuration Guide

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module
51525354555657585960
44
# Configure the priority of Firewall A in VRRP group 1 as 110, which is higher than that of Firewall
B (100), so that Firewall A can become the master.
[FirewallA-GigabitEthernet0/1] vrrp ipv6 vrid 1 priority 110
# Set the authentication mode of VRRP group 1 as simple and authentication key to hello.
[FirewallA-GigabitEthernet0/1] vrrp ipv6 vrid 1 authentication-mode simple hello
# Set the interval on Firewall A for sending VRRP advertisements to 400 centiseconds.
[FirewallA-GigabitEthernet0/1] vrrp ipv6 vrid 1 timer advertise 400
# Configure Firewall A to operate in preemptive mode, so that it can become the master whenever
it works correctly. Set the preemption delay to five seconds to avoid frequent status switchover.
[FirewallA-GigabitEthernet0/1] vrrp ipv6 vrid 1 preempt-mode timer delay 5
# Set GigabitEthernet 0/2 on Firewall A to be tracked, and configure the amount by which the
priority value decreases to be more than 10 (30 in this example), so that when GigabitEthernet
0/2 fails, the priority of Firewall A in VRRP group 1 decreases to a value lower than 100 and thus
Firewall B can become the master.
[FirewallA-GigabitEthernet0/1] vrrp ipv6 vrid 1 track interface gigabitethernet0/2
reduced 30
# Enable Firewall A to send RA messages, so that Host A can learn the default gateway address.
[FirewallA-GigabitEthernet0/1] undo ipv6 nd ra halt
2. Configure Firewall B:
<FirewallB> system-view
[FirewallB] ipv6
[FirewallB] interface gigabitethernet0/1
[FirewallB-GigabitEthernet0/1] ipv6 address fe80::2 link-local
[FirewallB-GigabitEthernet0/1] ipv6 address 1::2 64
# Create a VRRP group 1 and set its virtual IPv6 addresses to FE80::10 and 1::10.
[FirewallB-GigabitEthernet0/1] vrrp ipv6 vrid 1 virtual-ip fe80::10 link-local
[FirewallB-GigabitEthernet0/1] vrrp ipv6 vrid 1 virtual-ip 1::10
# Set the authentication mode of VRRP group 1 as simple and authentication key as hello.
[FirewallB-GigabitEthernet0/1] vrrp ipv6 vrid 1 authentication-mode simple hello
# Set the interval between sending VRRP advertisements to 400 centiseconds.
[FirewallB-GigabitEthernet0/1] vrrp ipv6 vrid 1 timer advertise 400
# Configure Firewall B to operate in preemptive mode, so that Firewall B can become the master
after the priority of Firewall A decreases to a value lower than 100. Configure the preemption
delay as five seconds to avoid frequent status switchover.
[FirewallB-GigabitEthernet0/1] vrrp ipv6 vrid 1 preempt-mode timer delay 5
# Enable Firewall B to send RA messages, so that Host A can learn the default gateway address.
[FirewallB-GigabitEthernet0/1] undo ipv6 nd ra halt
3. Verify the configuration:
After the configuration, Host B can be pinged successfully on Host A. To verify your configuration,
use the display vrrp ipv6 verbose command.
# Display the detailed information about VRRP group 1 on Firewall A.
[FirewallA-GigabitEthernet0/1] display vrrp ipv6 verbose
IPv6 Standby Information:
Run Mode : Standard
Run Method : Virtual MAC
Total number of virtual routers : 1