防火墙RBM-VRRP案例
#SW1
vlan 10
interface Vlan-interface10
ip address 2.2.2.3 255.255.255.0
ip route-static 0.0.0.0 0 2.2.2.254
#SW2
vlan 10
interface Vlan-interface10
ip address 4.4.4.3 255.255.255.0
ip route-static 0.0.0.0 0 4.4.4.254
#FW1
interface GigabitEthernet1/0/2
port link-mode route
combo enable copper
ip address 1.1.1.1 255.255.255.0
interface GigabitEthernet1/0/3
port link-mode route
combo enable copper
ip address 2.2.2.1 255.255.255.0
vrrp vrid 2 virtual-ip 2.2.2.254 active
vrrp vrid 2 priority 150
interface GigabitEthernet1/0/4
port link-mode route
combo enable copper
ip address 4.4.4.1 255.255.255.0
vrrp vrid 4 virtual-ip 4.4.4.254 active
vrrp vrid 4 priority 150
security-zone name Trust
import interface GigabitEthernet1/0/3
security-zone name Untrust
import interface GigabitEthernet1/0/4
ip http enable
ip https enable
security-policy ip
rule 0 name vrrp
action pass
service vrrp
rule 1 name trust_untrust
action pass
source-zone trust
destination-zone untrust
remote-backup group
data-channel interface GigabitEthernet1/0/2
local-ip 1.1.1.1
remote-ip 1.1.1.2
device-role primary
#FW2
RBM_S
interface GigabitEthernet1/0/2
port link-mode route
combo enable copper
ip address 1.1.1.2 255.255.255.0
interface GigabitEthernet1/0/3
port link-mode route
combo enable copper
ip address 2.2.2.2 255.255.255.0
vrrp vrid 2 virtual-ip 2.2.2.254 standby
interface GigabitEthernet1/0/4
port link-mode route
combo enable copper
ip address 4.4.4.2 255.255.255.0
vrrp vrid 4 virtual-ip 4.4.4.254 standby
security-zone name Trust
import interface GigabitEthernet1/0/3
security-zone name Untrust
import interface GigabitEthernet1/0/4
ip http enable
ip https enable
security-policy ip
rule 0 name vrrp
action pass
service vrrp
rule 1 name trust_untrust
action pass
source-zone trust
destination-zone untrust
remote-backup group
data-channel interface GigabitEthernet1/0/2
local-ip 1.1.1.2
remote-ip 1.1.1.1
device-role secondary
#检测
display remote-backup-group status
display vrrp