新网创想网站建设,新征程启航
为企业提供网站建设、域名注册、服务器等服务
配置SRX100 b双机热备HA心得:厂商指定F0/0/7-控制接口,F0/0/6-设备管理接口
1、配置 Cluster id 和 Node id
set chassis cluster cluster-id 1 node 0 reboot
set chassis cluster cluster-id 1 node 1 reboot
注:node越小,级别越高,为主设备。另外,需要先把接口删除,否则重启后不能进入configure模式。
2、配置控制接口和数据接口,数据这里接口我这里自己指定为F0/0/2
控制接口系统默认指定F0/0/7,不需要配置,直接2台设备F0/0/7互联就行。
set interfaces fab0 fabric-options member-interfaces fe-0/0/2
set interfaces fab1 fabric-options member-interfaces fe-1/0/2
注:数据接口不用配置ip
3、每个机箱的个性化配置 :
set groups node0 system host-name SRX-A
set groups node0 interfaces fxp0 unit 0 family inet address 192.168.100.100/24 #####主设备的管理ip
set groups node1 system host-name SRX-B
set groups node1 interfaces fxp0 unit 0 family inet address 192.168.100.101/24#####备设备的管理ip
set apply-groups "${node}"
注:2台设备的管理ip都是fxp0,另外配置完成记得set apply-groups "${node}",否则出现问题。
4、配置 Redundancy Group :RG0为引擎切换。RG1为数据层面切换,记得此处有开启preemt抢占。
set chassis cluster reth-count 8
set chassis cluster redundancy-group 0 node 0 priority 200
set chassis cluster redundancy-group 0 node 1 priority 100
set chassis cluster redundancy-group 1 node 0 priority 200
set chassis cluster redundancy-group 1 node 1 priority 100
set chassis cluster redundancy-group 1 preempt
set chassis cluster redundancy-group 1 interface-monitor fe-0/0/0 weight 255########配置接口interface-monitor
set chassis cluster redundancy-group 1 interface-monitor fe-0/0/1 weight 255########配置接口interface-monitor
set chassis cluster redundancy-group 1 interface-monitor fe-1/0/0 weight 255########配置接口interface-monitor
set chassis cluster redundancy-group 1 interface-monitor fe-1/0/1 weight 255########配置接口interface-monitor
5、将interface-monitor加入到冗余接口reth0 reth2,并把冗余接口加入到RG1
set interfaces fe-0/0/0 fastether-options redundant-parent reth0
set interfaces fe-0/0/0 unit 0
set interfaces fe-0/0/1 fastether-options redundant-parent reth2
set interfaces fe-0/0/1 unit 0
set interfaces fe-1/0/0 fastether-options redundant-parent reth0
set interfaces fe-1/0/0 unit 0
set interfaces fe-1/0/1 fastether-options redundant-parent reth2
set interfaces fe-1/0/1 unit 0
set interfaces reth0 redundant-ether-options redundancy-group 1
set interfaces reth2 redundant-ether-options redundancy-group 1
6、给冗余接口reth0 reth2配置ip,划入对应的区域,及策略放通。
set interfaces reth0 unit 0 family inet address 202.100.1.10/24
set interfaces reth2 unit 0 family inet address 192.168.10.10/24
set security zones security-zone untrust interfaces reth0.0 host-inbound-traffic system-services all
set security zones security-zone untrust interfaces reth0.0 host-inbound-traffic protocols all
set security zones security-zone trust interfaces reth2.0 host-inbound-traffic system-services all
set security zones security-zone trust interfaces reth2.0 host-inbound-traffic protocols all
set security policies from-zone untrust to-zone trust policy untrust-to-trust match source-address any
set security policies from-zone untrust to-zone trust policy untrust-to-trust match destination-address any
set security policies from-zone untrust to-zone trust policy untrust-to-trust match application any
set security policies from-zone untrust to-zone trust policy untrust-to-trust then permit
set security policies from-zone trust to-zone trust policy trust-to-trust match source-address any
set security policies from-zone trust to-zone trust policy trust-to-trust match destination-address any
set security policies from-zone trust to-zone trust policy trust-to-trust match application any
set security policies from-zone trust to-zone trust policy trust-to-trust then permit
另外有需要云服务器可以了解下创新互联scvps.cn,海内外云服务器15元起步,三天无理由+7*72小时售后在线,公司持有idc许可证,提供“云服务器、裸金属服务器、高防服务器、香港服务器、美国服务器、虚拟主机、免备案服务器”等云主机租用服务以及企业上云的综合解决方案,具有“安全稳定、简单易用、服务可用性高、性价比高”等特点与优势,专为企业上云打造定制,能够满足用户丰富、多元化的应用场景需求。