In addition to Weibo, there is also WeChat
Please pay attention
WeChat public account
Shulou
2025-01-18 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Network Security >
Share
Shulou(Shulou.com)06/01 Report--
Experience of configuring SRX100 b dual hot standby HA: manufacturer specifies F0AGUAG7-control interface, F0AGUAGUAG6-device management interface
1. Configure Cluster id and Node id
Set chassis cluster cluster-id 1 node 0 reboot
Set chassis cluster cluster-id 1 node 1 reboot
Note: the smaller the node, the higher the level, which is the primary device. In addition, you need to delete the interface first, otherwise you cannot enter configure mode after reboot.
2. Configure the control interface and the data interface. The data interface here is designated by me as F0UniUniP2.
By default, the control interface system specifies F0thumb 0ax 7, which does not need to be configured. Just interconnect two devices directly.
Set interfaces fab0 fabric-options member-interfaces fe-0/0/2
Set interfaces fab1 fabric-options member-interfaces fe-1/0/2
Note: data interface does not need to be configured with ip
3. Personalized configuration of each chassis:
Set groups node0 system host-name SRX-A
Management ip for set groups node0 interfaces fxp0 unit 0 family inet address 192.168.100.100Accord 24 # master device
Set groups node1 system host-name SRX-B
Management ip for set groups node1 interfaces fxp0 unit 0 family inet address 192.168.100.101Compact 2 standby equipment
Set apply-groups "${node}"
Note: the management ip of both devices is fxp0, and remember set apply-groups "${node}" when the configuration is completed, otherwise there will be a problem.
4. Configure Redundancy Group: RG0 for engine switching. RG1 is used for switching at the data level. Remember to enable preemt preemption here.
Set chassis cluster reth-count 8
Set chassis cluster redundancy-group 0 node 0 priority 200
Set chassis cluster redundancy-group 0 node 1 priority 100
Set chassis cluster redundancy-group 1 node 0 priority 200
Set chassis cluster redundancy-group 1 node 1 priority 100
Set chassis cluster redundancy-group 1 preempt
Set chassis cluster redundancy-group 1 interface-monitor fe-0/0/0 weight 25 configure interface interface-monitor
Set chassis cluster redundancy-group 1 interface-monitor fe-0/0/1 weight 25 configure interface interface-monitor
Set chassis cluster redundancy-group 1 interface-monitor fe-1/0/0 weight 25 configure interface interface-monitor
Set chassis cluster redundancy-group 1 interface-monitor fe-1/0/1 weight 25 configure interface interface-monitor
5. Add interface-monitor to redundant interface reth0 reth2 and redundant interface to RG1
Set interfaces fe-0/0/0 fastether-options redundant-parent reth0
Set interfaces fe-0/0/0 unit 0
Set interfaces fe-0/0/1 fastether-options redundant-parent reth2
Set interfaces fe-0/0/1 unit 0
Set interfaces fe-1/0/0 fastether-options redundant-parent reth0
Set interfaces fe-1/0/0 unit 0
Set interfaces fe-1/0/1 fastether-options redundant-parent reth2
Set interfaces fe-1/0/1 unit 0
Set interfaces reth0 redundant-ether-options redundancy-group 1
Set interfaces reth2 redundant-ether-options redundancy-group 1
6. Configure ip for the redundant interface reth0 reth2, put it into the corresponding area, and release the policy.
Set interfaces reth0 unit 0 family inet address 202.100.1.10/24
Set interfaces reth2 unit 0 family inet address 192.168.10.10/24
Set security zones security-zone untrust interfaces reth0.0 host-inbound-traffic system-services all
Set security zones security-zone untrust interfaces reth0.0 host-inbound-traffic protocols all
Set security zones security-zone trust interfaces reth2.0 host-inbound-traffic system-services all
Set security zones security-zone trust interfaces reth2.0 host-inbound-traffic protocols all
Set security policies from-zone untrust to-zone trust policy untrust-to-trust match source-address any
Set security policies from-zone untrust to-zone trust policy untrust-to-trust match destination-address any
Set security policies from-zone untrust to-zone trust policy untrust-to-trust match application any
Set security policies from-zone untrust to-zone trust policy untrust-to-trust then permit
Set security policies from-zone trust to-zone trust policy trust-to-trust match source-address any
Set security policies from-zone trust to-zone trust policy trust-to-trust match destination-address any
Set security policies from-zone trust to-zone trust policy trust-to-trust match application any
Set security policies from-zone trust to-zone trust policy trust-to-trust then permit
Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.
Views: 0
*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.
Continue with the installation of the previous hadoop.First, install zookooper1. Decompress zookoope
"Every 5-10 years, there's a rare product, a really special, very unusual product that's the most un
© 2024 shulou.com SLNews company. All rights reserved.
12
Report
