园区基础网络配置系列——华三防火墙双机主备

前言：

基础拓扑结构

设备型号：H3C-F100-S-G3
需求：双机主备

Web版-RBM配置

1， 先查看版本号

2， 升级版本

3， 配置HA-备机

4， 配置vrrp-备机

5， 配置接口-备机

6， 配置安全策略

HA-主机

Vrrp-主机

接口-主机

状态

命令行-RBM配置

FW- A主机配置如下:

#
interface GigabitEthernet1/0/0
 ip address 192.168.1.2 255.255.255.0
 vrrp vrid 1 virtual-ip 192.168.1.1 active   
//配置VRRP虚拟网关地址，并于HA关联，设置初始角色为Master

#
interface GigabitEthernet1/0/1
 ip address 192.168.0.1 255.255.255.0

#
interface GigabitEthernet1/0/2
 ip address 192.168.2.2 255.255.255.0
 vrrp vrid 2 virtual-ip 192.168.2.1 active  

#
security-zone name Trust
 import interface GigabitEthernet1/0/2

#
security-zone name Untrust
 import interface GigabitEthernet1/0/0

#
security-policy ip
 rule 1 name 1
  action pass

#HA关键配置
remote-backup group
 data-channel interface GigabitEthernet1/0/9
 configuration sync-check interval 12
 local-ip 1.1.1.1
 remote-ip 1.1.1.2
 device-role primary
#

FW- B备机配置如下:

#
interface GigabitEthernet1/0/0
 ip address 192.168.1.3 255.255.255.0
 vrrp vrid 1 virtual-ip 192.168.1.1 standby

#
interface GigabitEthernet1/0/1
 ip address 192.168.0.1 255.255.255.0

#
interface GigabitEthernet1/0/2
 ip address 192.168.2.3 255.255.255.0
 vrrp vrid 2 virtual-ip 192.168.2.1 standby

# 
security-zone name Trust
 import interface GigabitEthernet1/0/2

#
security-zone name Untrust
 import interface GigabitEthernet1/0/0

#
remote-backup group
 data-channel interface GigabitEthernet1/0/9
 configuration sync-check interval 12
 local-ip 1.1.1.2
 remote-ip 1.1.1.1
 device-role secondary

查看主设备状态:

RBM[H3C] dis remote-backup-group status
Remote backup group information:
  Backup mode: Active/standby
  Device management role: Primary
  Device running status: Standby
  Data channel interface: GigabitEthernet1/0/9
  Local IP: 1.1.1.1
  Remote IP: 1.1.1.2    Destination port: 60064
  Control channel status: Connected
  Keepalive interval: 1s
  Keepalive count: 10
  Configuration consistency check interval: 12 hour
  Configuration consistency check result: Not Performed
  Configuration backup status: Auto sync enabled
  Session backup status: Hot backup enabled
  Delay-time: 0 min
  Uptime since last switchover: 0 days, 0 hours, 4 minutes
  Switchover records:  倒换记录
    Time                  Status change        Cause
    2022-04-07 14:37:25   Active to Standby    Interface status changed
    2022-04-07 14:34:16   Active to Active     Keepalive link established

RBM[H3C] remote-backup g
RBM[H3C-remote-backup-group] switchover request    //手工触发HA主备倒换