已阅读5页,还剩6页未读, 继续免费阅读
版权说明:本文档由用户提供并上传,收益归属内容提供方,若内容存在侵权,请进行举报或认领
文档简介
Juniper SRX HA 配置实例文档查看须知:3测试拓扑:3一 路由模式HA:4配置:4验证:4配置解析:5二 透明模式HA(Access接口)6配置:6验证:7配置解析:8三 透明模式HA(Trunk接口)9配置:9验证:10配置解析:10注意点12文档查看须知:测试环境:SRX 220H两台配置须知:SRX 220H默认带外管理口Ge-0/0/6控制口:Ge-0/0/7数据同步口:Ge-0/0/1 使用集群则集群后接口标示为:Ge-0/0/0-7; Ge-3/0/0-7不同型号集群后接口显示不同,详情见官方文档 拓扑对应IP:G-0/0/3:192.168.3.1/24 G-0/0/4:192.168.4.1/24 G-0/0/5:192.168.5.1/24 MGT:10.10.30.189-190/24 F0/0:192.168.4.2/24F0/1:192.168.6.1/24 (模拟遥远互联网)测试拓扑:一 路由模式HA: 配置:On device A:set chassis cluster cluster-id 1 node 0 reboot On device B:set chassis cluster cluster-id 1 node 1 rebootOn device A:set groups node0 system host-name SRX-Primaryset groups node0 interfaces fxp0 unit 0 family inet address 10.10.30.189/24 set groups node1 system host-name SRX-Secondbyset groups node1 interfaces fxp0 unit 0 family inet address 10.10.30.190/24 set apply-groups $nodeset interfaces fab0 fabric-options member-interfaces ge-0/0/1 set interfaces fab1 fabric-options member-interfaces ge-3/0/1 set chassis cluster redundancy-group 0 node 0 priority 100 set chassis cluster redundancy-group 0 node 1 priority 1 set chassis cluster redundancy-group 1 node 0 priority 100set chassis cluster redundancy-group 1 node 1 priority 1set chassis cluster redundancy-group 1 interface-monitor ge-0/0/3 weight 255set chassis cluster redundancy-group 1 interface-monitor ge-0/0/4 weight 255set chassis cluster redundancy-group 1 interface-monitor ge-0/0/5 weight 255set chassis cluster redundancy-group 1 interface-monitor ge-3/0/3 weight 255set chassis cluster redundancy-group 1 interface-monitor ge-3/0/4 weight 255 set chassis cluster redundancy-group 1 interface-monitor ge-3/0/5 weight 255set chassis cluster reth-count 3set interfaces ge-0/0/3 gigether-options redundant-parent reth0 set interfaces ge-3/0/3 gigether-options redundant-parent reth0 set interfaces reth0 redundant-ether-options redundancy-group 1 set interfaces reth0 unit 0 family inet address 192.168.3.1/24set interfaces ge-0/0/4 gigether-options redundant-parent reth1 set interfaces ge-3/0/4 gigether-options redundant-parent reth1 set interfaces reth1 redundant-ether-options redundancy-group 1 set interfaces reth1 unit 0 family inet address 192.168.4.1/24set interfaces ge-0/0/5 gigether-options redundant-parent reth2 set interfaces ge-3/0/5 gigether-options redundant-parent reth2 set interfaces reth2 redundant-ether-options redundancy-group 1set interfaces reth2 unit 0 family inet address 192.168.5.1/24set security zones security-zone trust interfaces reth0.0 set security zones security-zone untrust interfaces reth1.0set security zones security-zone DMZ interfaces reth2.0验证:查看双机状态rootSRX-Primary show chassis cluster statusCluster ID: 1Node Priority Status Preempt Manual failoverRedundancy group: 0 , Failover count: 1 node0 100 primary no no node1 1 secondary no noRedundancy group: 1 , Failover count: 1 node0 100 primary no no node1 1 secondary no no测试主备切换;查看当前设备主备情况;配置解析:On device A: set chassis cluster cluster-id 1 node 0 reboot /定义cluster-id和node,同一个集群cluster-id必须相同,取值范围为0-15,0代表禁用集群;node取值范围为0-1,0代表主设备On device B: set chassis cluster cluster-id 1 node 1 reboot/定义cluster-id和node,同一个集群cluster-id必须相同,取值范围为0-15,0代表禁用集群;node取值范围为0-1,0代表主设备On device A:set groups node0 system host-name SRX-Primaryset groups node0 interfaces fxp0 unit 0 family inet address 10.10.30.189/24 set groups node1 system host-name SRX-Secondby set groups node1 interfaces fxp0 unit 0 family inet address 10.10.30.190/24 /为集群设备配置单独的名字和管理IP地址 set apply-groups $node/让以上的全局配置应用到每个独立的节点上set interfaces fab0 fabric-options member-interfaces ge-0/0/1 set interfaces fab1 fabric-options member-interfaces ge-3/0/1 /定义数据面板控制口并关联端口 set chassis cluster redundancy-group 0 node 0 priority 100 set chassis cluster redundancy-group 0 node 1 priority 1 set chassis cluster redundancy-group 1 node 0 priority 100set chassis cluster redundancy-group 1 node 1 priority 1/设置冗余组的对不同节点的优先级,优先级范围1-254.值越大优先级越高,一般习惯定义2个冗余组,redundancy-group 0用于控制引擎,redundancy-group 1用于控制数据引擎,当然你也可以为每组冗余端口放在一个redundancy-group组中set chassis cluster redundancy-group 1 interface-monitor ge-0/0/3 weight 255set chassis cluster redundancy-group 1 interface-monitor ge-0/0/4 weight 255set chassis cluster redundancy-group 1 interface-monitor ge-0/0/5 weight 255set chassis cluster redundancy-group 1 interface-monitor ge-3/0/3 weight 255set chassis cluster redundancy-group 1 interface-monitor ge-3/0/4 weight 255 set chassis cluster redundancy-group 1 interface-monitor ge-3/0/5 weight 255/配置接口监控在数据冗余口,不建议配置接口监控在redundancy-group 0,当监控到接口故障后优先级降255,实现数据口冗余自动切换set chassis cluster reth-count 3/定义集群最多支持多少组冗余接口,必须不低于当前配置的冗余口组数目,否则将有超过数量的冗余口不能正常工作,超过冗余组的冗余接口的路由信息都不生效set interfaces ge-0/0/3 gigether-options redundant-parent reth0 set interfaces ge-3/0/3 gigether-options redundant-parent reth0 set interfaces reth0 redundant-ether-options redundancy-group 1 /把物理端口加入到冗余接口reth,并把接口reth0加入数据冗余组redundancy-group 1set interfaces reth0 unit 0 family inet address 192.168.3.1/24/为冗余逻辑接口配置IP地址set interfaces ge-0/0/4 gigether-options redundant-parent reth1 set interfaces ge-3/0/4 gigether-options redundant-parent reth1 set interfaces reth1 redundant-ether-options redundancy-group 1 /把物理端口加入到冗余接口reth,并把接口reth1加入数据冗余组redundancy-group 1 set interfaces reth1 unit 0 family inet address 192.168.4.1/24/为冗余逻辑接口配置IP地址set interfaces ge-0/0/5 gigether-options redundant-parent reth2 set interfaces ge-3/0/5 gigether-options redundant-parent reth2 set interfaces reth2 redundant-ether-options redundancy-group 1/把物理端口加入到冗余接口reth,并把接口reth2加入数据冗余组redundancy-group 1set interfaces reth2 unit 0 family inet address 192.168.5.1/24/为冗余逻辑接口配置IP地址set security zones security-zone trust interfaces reth0.0 set security zones security-zone untrust interfaces reth1.0set security zones security-zone DMZ interfaces reth2.0/把集群的逻辑接口关联到ZONE二 透明模式HA(Access接口); 配置:On device A:set chassis cluster cluster-id 1 node 0 reboot On device B:set chassis cluster cluster-id 1 node 1 rebootOn device A:set groups node0 system host-name SRX-Primaryset groups node0 interfaces fxp0 unit 0 family inet address 10.10.30.189/24set groups node1 system host-name SRX-Secondbyset groups node1 interfaces fxp0 unit 0 family inet address 10.10.30.190/24set apply-groups $nodeset chassis cluster reth-count 3set chassis cluster redundancy-group 0 node 0 priority 100set chassis cluster redundancy-group 0 node 1 priority 1set chassis cluster redundancy-group 1 node 0 priority 100set chassis cluster redundancy-group 1 node 1 priority 1set chassis cluster redundancy-group 1 interface-monitor ge-0/0/3 weight 255set chassis cluster redundancy-group 1 interface-monitor ge-3/0/3 weight 255set chassis cluster redundancy-group 1 interface-monitor ge-0/0/4 weight 255set chassis cluster redundancy-group 1 interface-monitor ge-3/0/4 weight 255set chassis cluster redundancy-group 1 interface-monitor ge-0/0/5 weight 255set chassis cluster redundancy-group 1 interface-monitor ge-3/0/5 weight 255set interfaces ge-0/0/3 gigether-options redundant-parent reth0set interfaces ge-0/0/4 gigether-options redundant-parent reth1set interfaces ge-0/0/5 gigether-options redundant-parent reth2set interfaces ge-3/0/3 gigether-options redundant-parent reth0set interfaces ge-3/0/4 gigether-options redundant-parent reth1set interfaces ge-3/0/5 gigether-options redundant-parent reth2set interfaces fab0 fabric-options member-interfaces ge-0/0/1set interfaces fab1 fabric-options member-interfaces ge-3/0/1set interfaces reth0 redundant-ether-options redundancy-group 1set interfaces reth0 unit 0 family bridge interface-mode accessset interfaces reth0 unit 0 family bridge vlan-id 1set interfaces reth1 redundant-ether-options redundancy-group 1set interfaces reth1 unit 0 family bridge interface-mode accessset interfaces reth1 unit 0 family bridge vlan-id 1set interfaces reth2 redundant-ether-options redundancy-group 1set interfaces reth2 unit 0 family bridge interface-mode accessset interfaces reth2 unit 0 family bridge vlan-id 1set bridge-domains sysway domain-type bridgeset bridge-domains sysway vlan-id 1验证:查看双机状态配置解析:On device A:set chassis cluster cluster-id 1 node 0 reboot On device B:set chassis cluster cluster-id 1 node 1 reboot/定义cluster-id和node,同一个集群cluster-id必须相同,取值范围为0-15,0代表禁用集群;node取值范围为0-1,0代表主设备On device A:set groups node0 system host-name SRX-Primaryset groups node0 interfaces fxp0 unit 0 family inet address 10.10.30.189/24set groups node1 system host-name SRX-Secondbyset groups node1 interfaces fxp0 unit 0 family inet address 10.10.30.190/24set apply-groups $node/把以上的全局配置应用到每个独立的节点上set chassis cluster reth-count 3set chassis cluster redundancy-group 0 node 0 priority 100set chassis cluster redundancy-group 0 node 1 priority 1set chassis cluster redundancy-group 1 node 0 priority 100set chassis cluster redundancy-group 1 node 1 priority 1/设置冗余组数量及冗余组的不同节点的优先级set chassis cluster redundancy-group 1 interface-monitor ge-0/0/3 weight 255set chassis cluster redundancy-group 1 interface-monitor ge-3/0/3 weight 255set chassis cluster redundancy-group 1 interface-monitor ge-0/0/4 weight 255set chassis cluster redundancy-group 1 interface-monitor ge-3/0/4 weight 255set chassis cluster redundancy-group 1 interface-monitor ge-0/0/5 weight 255set chassis cluster redundancy-group 1 interface-monitor ge-3/0/5 weight 255/配置接口监控在数据冗余组set interfaces ge-0/0/3 gigether-options redundant-parent reth0set interfaces ge-0/0/4 gigether-options redundant-parent reth1set interfaces ge-0/0/5 gigether-options redundant-parent reth2set interfaces ge-3/0/3 gigether-options redundant-parent reth0set interfaces ge-3/0/4 gigether-options redundant-parent reth1set interfaces ge-3/0/5 gigether-options redundant-parent reth2/把物理接口关联到冗余组set interfaces fab0 fabric-options member-interfaces ge-0/0/1set interfaces fab1 fabric-options member-interfaces ge-3/0/1/定义数据面板控制口并关联端口set interfaces reth0 redundant-ether-options redundancy-group 1/定义接口reth0口关联到redundancy-group 1set interfaces reth0 unit 0 family bridge interface-mode access/设置逻辑接口为网桥模式并且接口类型为accessset interfaces reth0 unit 0 family bridge vlan-id 1/设置逻辑接口为网桥模式并允许vlan 1的数据包通过(建议VLAN ID值与直连交换机的接口属于同一个VLAN)set interfaces reth1 redundant-ether-options redundancy-group 1set interfaces reth1 unit 0 family bridge interface-mode accessset interfaces reth1 unit 0 family bridge vlan-id 1set interfaces reth2 redundant-ether-options redundancy-group 1set interfaces reth2 unit 0 family bridge interface-mode accessset interfaces reth2 unit 0 family bridge vlan-id 1/设置reth1,reth2的相关属性set bridge-domains sysway domain-type bridge/定义网桥域类型及网桥域名称set bridge-domains sysway vlan-id 1/定义网桥域的VLAN ID 建议和reth接口定义的一样三 透明模式HA(Trunk接口)配置:On device A:set chassis cluster cluster-id 1 node 0 reboot On device B:set chassis cluster cluster-id 1 node 1 rebootOn device A:set groups node0 system host-name SRX-Primaryset groups node0 interfaces fxp0 unit 0 family inet address 10.10.30.189/24set groups node1 system host-name SRX-Secondbyset groups node1 interfaces fxp0 unit 0 family inet address 10.10.30.190/24set apply-groups $nodeset chassis cluster reth-count 3set chassis cluster redundancy-group 0 node 0 priority 100set chassis cluster redundancy-group 0 node 1 priority 1set chassis cluster redundancy-group 1 node 0 priority 100set chassis cluster redundancy-group 1 node 1 priority 1set chassis cluster redundancy-group 1 interface-monitor ge-0/0/3 weight 255set chassis cluster redundancy-group 1 interface-monitor ge-3/0/3 weight 255set chassis cluster redundancy-group 1 node 0 priority 100set chassis cluster redundancy-group 1 node 1 priority 1set chassis cluster redundancy-group 1 interface-monitor ge-0/0/4 weight 255set chassis cluster redundancy-group 1 interface-monitor ge-3/0/4 weight 255set chassis cluster redundancy-group 1 node 0 priority 100set chassis cluster redundancy-group 1 node 1 priority 1set chassis cluster redundancy-group 1 interface-monitor ge-0/0/5 weight 255set chassis cluster redundancy-group 1 interface-monitor ge-3/0/5 weight 255set interfaces ge-0/0/3 gigether-options redundant-parent reth0set interfaces ge-0/0/4 gigether-options redundant-parent reth1set interfaces ge-0/0/5 gigether-options redundant-parent reth2set interfaces ge-3/0/3 gigether-options redundant-parent reth0set interfaces ge-3/0/4 gigether-options redundant-parent reth1set interfaces ge-3/0/5 gigether-options redundant-parent reth2set interfaces fab0 fabric-options member-interfaces ge-0/0/1set interfaces fab1 fabric-options member-interfaces ge-3/0/1set interfaces reth0 redundant-ether-options redundancy-group 1set interfaces reth0 vlan-taggingset interfaces reth0 native-vlan-id 1set interfaces reth0 unit 0 family bridge interface-mode trunkset interfaces reth0 unit 0 family bridge vlan-id-list 1-1000set interfaces reth1 redundant-ether-options redundancy-group 1set interfaces reth1 vlan-taggingset interfaces reth1 native-vlan-id 1set interfaces reth1 unit 0 family bridge interface-mode trunkset interfaces reth1 unit 0 family bridge vlan-id-list 1-1000set interfaces reth2 redundant-ether-options redundancy-group 1set interfaces reth2 vlan-taggingset interfaces reth2 native-vlan-id 1set interfaces reth2 unit 0 family bridge interface-mode trunkset interfaces reth2 unit 0 family bridge vlan-id-list 1-1000set bridge-domains sysway vlan-id-list 1-1000验证:手动主备切换:当前双机状态配置解析:On device A:set chassis cluster cluster-id 1 node 0 reboot On device B:set chassis cluster cluster-id 1 node 1 reboot/定义cluster-id和node,同一个集群cluster-id必须相同,取值范围为0-15,0代表禁用集群;node取值范围为0-1,0代表主设备On device A:set groups node0 system host-name SRX-Primaryset groups node0 interfaces fxp0 unit 0 family inet address 10.10.30.189/24set groups node1 system host-name SRX-Secondbyset groups node1 interfaces fxp0 unit 0 family inet address 10.10.30.190/24set apply-groups $node/把以上的全局配置应用到每个独立的节点上set chassis cluster reth-count 3set chassis cluster redundancy-group 0 node 0 priority 100set chassis cluster redundancy-group 0 node 1 priority 1/设置冗余组数量及控制冗余组的不同节点的优先级set chassis cluster redundancy-group 1 node 0 priority 100set chassis cluster redundancy-group 1 node 1 priority 1set chassis cluster redundancy-group 1 interface-monitor ge-0/0/3 weight 255set chassis cluster redundancy-group 1 interface-monitor ge-3/0/3 weight 255set chassis cluster redundancy-group 1 node 0 priority 100set chassis cluster redundancy-group 1 node 1 priority 1set chassis cluster redundancy-group 1 interface-monitor ge-0/0/4 weight 255set chassis cluster redundancy-group 1 interface-monitor ge-3/0/4 weight 255set chassis cluster redundancy-group 1 node 0 priority 100set chassis cluster redundancy-group 1 node 1 priority 1set chassis cluster redundancy-group 1 interface-monitor ge-0/0/5 weight 255set chassis cluster redundancy-group 1 interface-monitor ge-3/0/5 weight 255/配置接口监控在数据冗余组set interfaces ge-0/0/3 gigether-options redundant-parent reth0set interfaces ge-0/0/4 gigether-options redundant-parent reth1set interfaces ge-0/0/5 gigether-options redundant-parent reth2set interfaces ge-3/0/3 gigether-options redundant-parent reth0set interfaces ge-3/0/4 gigether-options redundant-parent reth1set interfaces ge-3/0/5 gigether-options redundant-parent reth2/把物理接口关联到数据冗余组set interfaces fab0 fabric-options member-interfaces ge-0/0/1set interfaces fab1 fabric-options member-interfaces ge-3/0/1/定义数据面板控制口并关联端口set interfaces reth0 redundant-ether-options redundancy-group 1/定义接口reth0口关联到redun
温馨提示
- 1. 本站所有资源如无特殊说明,都需要本地电脑安装OFFICE2007和PDF阅读器。图纸软件为CAD,CAXA,PROE,UG,SolidWorks等.压缩文件请下载最新的WinRAR软件解压。
- 2. 本站的文档不包含任何第三方提供的附件图纸等,如果需要附件,请联系上传者。文件的所有权益归上传用户所有。
- 3. 本站RAR压缩包中若带图纸,网页内容里面会有图纸预览,若没有图纸预览就没有图纸。
- 4. 未经权益所有人同意不得将文件中的内容挪作商业或盈利用途。
- 5. 人人文库网仅提供信息存储空间,仅对用户上传内容的表现方式做保护处理,对用户上传分享的文档内容本身不做任何修改或编辑,并不能对任何下载内容负责。
- 6. 下载文件中如有侵权或不适当内容,请与我们联系,我们立即纠正。
- 7. 本站不保证下载资源的准确性、安全性和完整性, 同时也不承担用户因使用这些下载资源对自己和他人造成任何形式的伤害或损失。
最新文档
- 可持续交通1000辆电动自行车共享站建设可行性研究报告
- 可持续绿色1000平方米社区光伏发电项目屋顶分布式建设可行性研究报告
- 跨境电商支付风险管理与风险评估报告2025
- 跨境电商床上用品生产基地2025年数字化转型升级研究报告
- 广东云浮市交通运输工程质量检测站招聘合同工笔试高频难、易错点备考题库带答案详解
- 金融科技算法治理合规性与风险管理研究报告
- 巴塞尔协议对银行风险管理的影响
- 谈话观摩活动方案
- 雷锋班队活动方案
- 银行老年人线上活动方案
- 2025届上海市松江区高三下学期二模英语试题(解析版)
- AII6000B呼吸机的使用
- 感冒的中医护理课件
- 20G361预制混凝土方桩
- 中医运动养生教学课件
- 医学院研究生招生宣传
- 工业锅炉司炉G1理论考试题库(附答案)
- 《光纤激光器的工作原理》课件
- 2025中煤电力有限公司总部及所属企业招聘笔试参考题库附带答案详解
- GB/T 25820-2025包装用钢带
- 线描创意画课件
评论
0/150
提交评论