华为防火墙双机主备和双ISP方案
环境:双机冗余与双ISP冗余
拓扑结构:
要求:
设备、线路、ISP都进行冗余,任一个节点出问题,不影响PC2、PC3访问公网站点PC1.
配置过程:
FW
| 名称 | FW1 | FW2 |
| 双机配置 |  |
 |
| IP-LINK |
|
 |
| LINK-GROUP |  |
 |
| 接口 |  |
 |
| 静态路由 |  |
|
| 安全策略 |  |
 |
| NAT |  |
 |
路由器AR1配置
interface GigabitEthernet0/0/0 ip address 12.1.1.2 255.255.255.0 # interface GigabitEthernet0/0/1 ip address 10.1.1.1 255.255.255.0 # interface GigabitEthernet0/0/2 ip address 13.1.1.2 255.255.255.0 # interface NULL0 # ip route-static 0.0.0.0 0.0.0.0 10.1.1.2 ip route-static 1.1.1.0 255.255.255.0 12.1.1.1 #
路由器AR2配置
interface GigabitEthernet0/0/0
ip address 13.1.1.2 255.255.255.0
#
interface GigabitEthernet0/0/1
ip address 20.1.1.1 255.255.255.0
#
interface GigabitEthernet0/0/2
#
interface NULL0
#
ip route-static 0.0.0.0 0.0.0.0 20.1.1.2
ip route-static 1.1.1.0 255.255.255.0 13.1.1.1
交称机SW3
interface Vlanif11 ip address 1.1.1.1 255.255.255.0 # interface Vlanif12 ip address 12.1.1.1 255.255.255.0 # interface Vlanif13 ip address 13.1.1.1 255.255.255.0 # interface MEth0/0/1 # interface Ethernet0/0/1 port link-type access port default vlan 12 # interface Ethernet0/0/2 port link-type access port default vlan 13 # interface Ethernet0/0/3 port link-type access port default vlan 11
交换机sw4
interface Vlanif2
ip address 192.168.2.254 255.255.255.0
#
interface Vlanif3
ip address 192.168.3.254 255.255.255.0
#
interface Vlanif100
ip address 192.168.100.254 255.255.255.0
#
interface MEth0/0/1
#
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 2 to 4094
#
interface GigabitEthernet0/0/2
port link-type trunk
port trunk allow-pass vlan 2 to 4094
#
interface GigabitEthernet0/0/3
port link-type access
port default vlan 2
#
interface GigabitEthernet0/0/4
port link-type access
port default vlan 3
PC1:1.1.1.10
PC2:192.168.2.11
PC3:192.168.3.11
