组网如上,F1060_1和F1060_2配置VRRP,接口VRF为test
关键配置如下:
F1060_1
#
interface GigabitEthernet1/0/2
port link-mode route
combo enable copper
ip binding vpn-instance test
ip address 1.1.1.1 255.255.255.0
vrrp vrid 1 virtual-ip 1.1.1.254
#
security-zone name Trust
import interface GigabitEthernet1/0/2
#
Security-policy ip
rule 0 name t
action pass
source-zone local
destination-zone trust
rule 1 name test
action pass
vrf test
source-zone trust
destination-zone local
F1060_2:
#
interface GigabitEthernet1/0/2
port link-mode route
combo enable copper
ip binding vpn-instance test
ip address 1.1.1.2 255.255.255.0
vrrp vrid 1 virtual-ip 1.1.1.254
vrrp vrid 1 priority 50
#
security-zone name Trust
import interface GigabitEthernet1/0/2
#
Security-policy ip
rule 0 name t
action pass
source-zone local
destination-zone trust
rule 1 name test
action pass
vrf test
source-zone trust
destination-zone local
主要注意VRRP组播报文若是发出则安全策略不携带接口VRF实例,若是接收方安全策略需要配置VRF实例。
Security-policy ip
rule 0 name t
action pass
source-zone local
destination-zone trust
rule 1 name test
action pass
vrf test
source-zone trust
destination-zone local
该案例暂时没有网友评论
✖
案例意见反馈
亲~登录后才可以操作哦!
确定你的邮箱还未认证,请认证邮箱或绑定手机后进行当前操作