In addition to Weibo, there is also WeChat
Please pay attention
WeChat public account
Shulou
2025-03-29 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Network Security >
Share
Shulou(Shulou.com)06/01 Report--
Experimental environment: 2 ASA5508 firewalls, set up HA to make one as the main firewall Active, and the other as the standby as the backup firewall. The firewall has 3 ports
Gi1/ port 1 is outside egress gi1/2 port is inside ingress gi1/ port 3 is two firewall interconnection interface
The purpose of the experiment is to make two firewalls active and standby to each other, usually only one is working, and the other is online as a hot backup. After the failure of the main firewall, the standby firewall will be switched directly to the main firewall to continue to provide services.
Experimental network topology diagram:
The experimental operation also supports the configuration of other devices that can be used for hot backup. The two devices for hot backup must be of the same model and version. Let's check whether hot backup can be configured:
ASA5508-Active# show version
First configure the first firewall and the main firewall Active device:
ASA5508-Active# configure ter
ASA5508-Active (config) # interface gi 1 Compact 1
ASA5508-Active (config-if) # nameif outside
ASA5508-Active (config-if) # security-level 0
ASA5508-Active (config-if) # ip address 172.16.1.11 255.255.255.0 standby 172.16.1.12 / / standby is the ip address of interface 1 of the standby firewall device
ASA5508-Active (config-if) # exit
ASA5508-Active (config) # interface gi 1 Compact 2
ASA5508-Active (config-if) # nameif inside
ASA5508-Active (config-if) # security-level 100
ASA5508-Active (config-if) # ip address 192.168.91.11 255.255.255.128 standby 192.168.91.12 / / standby is the ip address of interface 2 of the standby firewall device
ASA5508-Active (config-if) # exit
ASA5508-Active (config) # failover lan unit primary / / specify the role of the device as the primary firewall
ASA5508-Active (config) # failover lan interface failover gi1/3 / / specify API 3 as the master / slave device interconnection interface (if multiple ports are connected between the master and slave devices, you need to specify it)
In this lab, there is only one connected interface between the main and standby devices, so only one interface needs to be specified.
ASA5508-Active (config) # failover link fover gi1/3 / / specifies the status information synchronization interface (that is, the configuration information synchronization interface between the master and slave). In this experiment, there is only one interface connected between the master and slave.
Therefore, this experiment can not be specified.
ASA5508-Active (config) # failover interface ip failover 172.17.1.1 255.255.255.0 standby 172.17.1.2 / / the IP address is set on the port interconnected by interface 3, you can
Set it to your own defined IP at will
ASA5508-Active (config) # failover lan key cisco / / configure the key of failover authentication port. Cisco can be customized, that is, set the key of interface 3 between master and slave devices to cisco.
ASA5508-Active (config) # failover / / after all configurations of the main firewall have been set up, enter this command, that is, enable the hot standby mode. Note that this command must be entered on the master device first, otherwise if you first enter it in the
After the standby device is input, if the interconnection is connected, it will cause the configuration of the standby device to overwrite the configuration of the primary device.
ASA5508-Active# show inter / / entering show inter at this time will display the interface 3-bit failover interface.
Next, configure the standby device standby device:
ASA5508-Standby (config) # interface gi 1 Compact 3
ASA5508-Standby (config-if) # no shutdown
ASA5508-Standby (config-if) # exit
ASA5508-Standby (config) # failover lan unit secondary / / set the device as standby
ASA5508-Standby (config) # failover lan interface failover gi1/3 / / specify API 3 as the master / slave device interconnection interface (if multiple ports are connected between the master and slave devices, you need to specify it)
In this lab, there is only one connected interface between the main and standby devices, so only one interface needs to be specified.
ASA5508-Standby (config) # failover link fover gi1/3 / / specifies the status information synchronization interface (that is, the configuration information synchronization interface between the master and slave). In this experiment, there is only one interface connected between the master and slave.
Therefore, this experiment can not be specified.
ASA5508-Standby (config) # failover interface ip failover 172.17.1.2 255.255.255.0 standby 172.17.1.1 / / the IP address is set on the port interconnected by interface 3, you can
Set it to your own defined IP at will
ASA5508-Active (config) # failover lan key cisco / / configure the key of failover authentication port. Cisco can be customized, that is, set the key of interface 3 between master and slave devices to cisco.
ASA5508-Active (config) # failover / / enables hot standby mode. Note that this command must be entered on the primary device first, otherwise if the interconnection is connected after the standby device is first entered
This will cause the configuration of the standby device to overwrite the configuration of the primary device.
After synchronizing the information between the two devices, the configuration can only be done on the Active primary device, and the standby device hostname will drink the same as the primary device. You can view it through show failover, or use the command:
ASA5508-Active (config) # prompt hostname priority state displays the status state of the device
The ASA5508-Active/pri/act (config) # / / red font indicates that the primary device is activer active, that is, the primary device is currently working.
Log in to the standby device to view
ASA5508-Standby (config) # prompt hostname priority state displays the status state of the device
ASA5508-Standby/sec/stby (config) # / / Red font indicates that the device is standby and the status is stby standby, that is, the primary device is currently working
Additional configuration information:
For example, log in to the master device and enter the following command:
ASA5508-Active/pri/act (config) # no failover active / / manually switch the primary device to the standby state (by default, if there is a problem with the primary device, it will automatically switch to the standby state)
ASA5508-Standby/sec/stby (config) # failover active / / Manual standby device switches to active state
Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.
Views: 0
*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.
Continue with the installation of the previous hadoop.First, install zookooper1. Decompress zookoope
"Every 5-10 years, there's a rare product, a really special, very unusual product that's the most un
© 2024 shulou.com SLNews company. All rights reserved.
12
Report
