两台F5030-D做HA主备,备墙上下游设备可ping通,透传二层信息,走的备墙,备墙上下游连接使用的聚合口1(GigabitEthernet1/2/1/0,GigabitEthernet1/2/1/1,GigabitEthernet1/2/1/2)聚合口2(GigabitEthernet1/2/1/5,GigabitEthernet1/2/1/6,GigabitEthernet1/2/1/7)
配置如下,想知道是否配置有误?望告知,谢谢!
设置列表
RBM_S<GYHLW_FW_2>dis
current-configuration
#
version 7.1.064, Release 9620P2413
#
sysname GYHLW_FW_2
#
context Admin id 1
#
ip vpn-instance management
route-distinguisher 1000000000:1
vpn-target 1000000000:1 import-extcommunity
vpn-target 1000000000:1 export-extcommunity
#
irf mac-address persistent always
irf auto-update enable
irf auto-merge enable
undo irf link-delay
irf member 1 priority 1
#
password-recovery enable
#
vlan 1
#
vlan 2 to 4094
#
object-group service TCP135-139
0 service tcp destination range 135 139
#
object-group service tcp445
0 service tcp destination eq 445
#
object-group service UDP135-139
0 service tcp destination range 135 139
#
object-group service UDP_445
0 service udp destination eq 445
#
interface Bridge-Aggregation1
description to NJMAN-WXG-PE2
port link-type trunk
undo port trunk permit vlan 1
port trunk permit vlan 2 to 4094
#
interface Bridge-Aggregation2
description to Border-leaf-2
port link-type trunk
undo port trunk permit vlan 1
port trunk permit vlan 2 to 4094
link-aggregation mode dynamic
#
interface Route-Aggregation10
description to GYHLW_FW_1 ******HA******
ip address 8.8.8.2 255.255.255.252
link-aggregation mode dynamic
#
interface NULL0
#
interface GigabitEthernet1/2/0/0
port link-mode route
combo enable copper
ip binding vpn-instance management
ip address 172.171.203.217 255.255.255.0
#
interface GigabitEthernet1/2/0/1
port link-mode route
combo enable fiber
#
interface GigabitEthernet1/2/0/2
port link-mode route
combo enable fiber
#
interface GigabitEthernet1/2/0/3
port link-mode route
combo enable fiber
#
interface GigabitEthernet1/2/4/0
port link-mode route
#
interface GigabitEthernet1/2/4/1
port link-mode route
#
interface GigabitEthernet1/2/4/2
port link-mode route
#
interface GigabitEthernet1/2/4/3
port link-mode route
#
interface GigabitEthernet1/2/4/4
port link-mode route
#
interface GigabitEthernet1/2/4/5
port link-mode route
#
interface GigabitEthernet1/2/4/6
port link-mode route
#
interface GigabitEthernet1/2/4/7
port link-mode route
#
interface M-GigabitEthernet1/0/0/0
#
interface Ten-GigabitEthernet1/2/1/3
port link-mode route
description to GYHLW_FW_1 ******HA******
port link-aggregation group 10
#
interface Ten-GigabitEthernet1/2/1/4
port link-mode route
description to GYHLW_FW_1 ******HA******
port link-aggregation group 10
#
interface Ten-GigabitEthernet1/2/1/0
port link-mode bridge
port link-type trunk
undo port trunk permit vlan 1
port trunk permit vlan 2 to 4094
port link-aggregation group 1
#
interface Ten-GigabitEthernet1/2/1/1
port link-mode bridge
port link-type trunk
undo port trunk permit vlan 1
port trunk permit vlan 2 to 4094
port link-aggregation group 1
#
interface Ten-GigabitEthernet1/2/1/2
port link-mode bridge
port link-type trunk
undo port trunk permit vlan 1
port trunk permit vlan 2 to 4094
port link-aggregation group 1
#
interface Ten-GigabitEthernet1/2/1/5
port link-mode bridge
port link-type trunk
undo port trunk permit vlan 1
port trunk permit vlan 2 to 4094
port link-aggregation group 2
#
interface Ten-GigabitEthernet1/2/1/6
port link-mode bridge
port link-type trunk
undo port trunk permit vlan 1
port trunk permit vlan 2 to 4094
port link-aggregation group 2
#
interface Ten-GigabitEthernet1/2/1/7
port link-mode bridge
port link-type trunk
undo port trunk permit vlan 1
port trunk permit vlan 2 to 4094
port link-aggregation group 2
#
security-zone name Local
#
security-zone name Trust
import interface Bridge-Aggregation2 vlan 2 to 4094
#
security-zone name DMZ
#
security-zone name Untrust
import interface Bridge-Aggregation1 vlan 2 to 4094
#
security-zone name Management
import interface GigabitEthernet1/2/0/0
#
scheduler logfile size 16
#
line class aux
user-role network-operator
#
line class console
authentication-mode scheme
user-role network-admin
#
line class vty
user-role network-operator
#
line aux 1/0
user-role network-admin
#
line aux 1/1
user-role network-operator
#
line aux 1/2
user-role network-operator
#
line con 1/0 1/1
user-role network-admin
#
line con 1/2
user-role network-admin
#
line vty 0 63
authentication-mode scheme
user-role network-admin
#
ip route-static vpn-instance management 0.0.0.0 0 172.171.203.1
#
ssh server enable
#
domain system
#
domain default enable system
#
role name level-0
description Predefined level-0 role
#
role name level-1
description Predefined level-1 role
#
role name level-2
description Predefined level-2 role
#
role name level-3
description Predefined level-3 role
#
role name level-4
description Predefined level-4 role
#
role name level-5
description Predefined level-5 role
#
role name level-6
description Predefined level-6 role
#
role name level-7
description Predefined level-7 role
#
role name level-8
description Predefined level-8 role
#
role name level-9
description Predefined level-9 role
#
role name level-10
description Predefined level-10 role
#
role name level-11
description Predefined level-11 role
#
role name level-12
description Predefined level-12 role
#
role name level-13
description Predefined level-13 role
#
role name level-14
description Predefined level-14 role
#
user-group system
#
local-user admin class manage
password hash $h$6$NHzw6QCNqFp2LH1X$t2fiCLl73ujaQgWENZGeFl/G84brbbU2nqxaSN9ncEYHigOeAei/qrvojdEqWMNhNllYcspfgdVEicX0OwhDMw==
service-type ssh terminal https
authorization-attribute user-role level-3
authorization-attribute user-role network-admin
authorization-attribute user-role network-operator
#
ipsec logging negotiation enable
#
ike logging negotiation enable
#
ip https enable
#
security-policy ip
rule 10 name any_icmp
action pass
service ping
rule 11 name danage_port
service TCP135-139
service tcp445
service UDP_445
service UDP135-139
#
security-policy ipv6
#
remote-backup group
data-channel interface Route-Aggregation10
configuration sync-check interval 12
track interface Bridge-Aggregation1
track interface Bridge-Aggregation2
local-ip 8.8.8.2
remote-ip 8.8.8.1
device-role secondary
#
return
RBM_S<GYHLW_FW_2>
RBM_S<GYHLW_FW_2>
RBM_S<GYHLW_FW_2>dis ver
RBM_S<GYHLW_FW_2>dis version
H3C Comware Software, Version 7.1.064, Release 9620P2413
Copyright (c) 2004-2021 New H3C Technologies Co., Ltd. All rights reserved.
H3C SecPath F5030-D uptime is 0 weeks, 5 days, 4 hours, 45 minutes
Last reboot reason: User reboot
Boot image: flash:/f5080mpu-cmw710-boot-R9620P2413.bin
Boot image version: 7.1.064, Release 9620P2413
Compiled Jun 03 2021 14:00:00
System image: flash:/f5080mpu-cmw710-system-R9620P2413.bin
System image version: 7.1.064, Release 9620P2413
Compiled Jun 03 2021 14:00:00
Chassis 1 Slot 0
Uptime is 0 weeks, 5 days, 4 hours, 45 minutes
CPU type: Multi-core CPU
DDR3 SDRAM Memory 4080M bytes
Board PCB Version:Ver.A
CPLD Version: 1.0
Basic BootWare Version: 2.00
Extend BootWare Version: 2.00
Release Version:SecPath F50X0-D MPU Release 9620P2413
[SUBSLOT 0]NSQM1MPULA (Hardware)Ver.A, (Driver)1.0
Chassis 1 Slot 1
Uptime is 0 weeks, 5 days, 4 hours, 45 minutes
CPU type: Multi-core CPU
DDR3 SDRAM Memory 4080M bytes
Board PCB Version:Ver.A
CPLD Version: 1.0
Basic BootWare Version: 2.00
Extend BootWare Version: 2.00
Release Version:SecPath F50X0-D MPU Release 9620P2413
[SUBSLOT 0]NSQM1MPULA (Hardware)Ver.A, (Driver)1.0
Chassis 1 Slot 2
Uptime is 0 weeks, 5 days, 4 hours, 46 minutes
CPU type: Multi-core CPU
DDR3 SDRAM Memory: 16368M bytes
SD0: 3728M bytes
NSQ1MPBHA PCB Version: Ver.B
NSQ1MPBBHB PCB Version: Ver.A
NSQ1MPHDBHA PCB Version: Ver.A
NSQ1MPGC4BHA PCB Version: Ver.A
NSQ1MPLEDBHA PCB Version: Ver.A
CPLD_A Version: 2.0
CPLD_B Version: 2.0
Release Version:SecPath F5030-D LPU Release 9620P2413
Basic BootWare Version:1.08
Extend BootWare Version:1.08
[SUBCARD 0] NSQ1MPBHA(Hardware)Ver.B, (Driver)1.0, (Cpld)2.0
[SUBCARD 1] NSQM1TG8A(Hardware)Ver.A, (Driver)1.0, (Cpld)1.0
[SUBCARD 4] NSQM1GT8A(Hardware)Ver.B, (Driver)1.0, (Cpld)1.0
RBM_S<GYHLW_FW_2>
RBM_S<GYHLW_FW_2>
RBM_S<GYHLW_FW_2>
RBM_S<GYHLW_FW_2>dis
RBM_S<GYHLW_FW_2>display dev
RBM_S<GYHLW_FW_2>display device ma
RBM_S<GYHLW_FW_2>display device manuinfo
Chassis 1:
Chassis self:
The operation is not supported on the specified chassis.
Slot 0 CPU 0:
DEVICE_NAME : NSQM1MPULA
DEVICE_SERIAL_NUMBER : 210231A5XTB20B000001
MAC_ADDRESS : 74D6-CB17-DA00
MANUFACTURING_DATE : 2020-11-09
VENDOR_NAME : H3C
Slot 1 CPU 0:
DEVICE_NAME : NSQM1MPULA
DEVICE_SERIAL_NUMBER : 210231A5XTB20B000058
MAC_ADDRESS : 74D6-CB16-F1A2
MANUFACTURING_DATE : 2020-11-09
VENDOR_NAME : H3C
Slot 2 CPU 0:
DEVICE_NAME : SecPath F5030-D
DEVICE_SERIAL_NUMBER : 210235A2B3B20C000018
MAC_ADDRESS : 0C3A-FAEC-7D48
MANUFACTURING_DATE : 2020-12-11
VENDOR_NAME : H3C
Subslot 1:
DEVICE_NAME : NSQM1TG8A
DEVICE_SERIAL_NUMBER : 210231A5MHB211000386
MAC_ADDRESS : 9023-B46B-1BD0
MANUFACTURING_DATE : 2021-02-03
VENDOR_NAME : H3C
Subslot 4:
DEVICE_NAME : NSQM1GT8A
DEVICE_SERIAL_NUMBER : 210231A5NDB212000102
MAC_ADDRESS : 9023-B46F-F2C2
MANUFACTURING_DATE : 2021-02-24
VENDOR_NAME : H3C
Fan 0:
The operation is not supported on the specified fan.
Fan 1:
The operation is not supported on the specified fan.
Fan 2:
The operation is not supported on the specified fan.
Fan 3:
The operation is not supported on the specified fan.
Power 0:
The operation is not supported on the specified power.
Power 1:
The operation is not supported on the specified power.
RBM_S<GYHLW_FW_2>dis dec
RBM_S<GYHLW_FW_2>dis dev
RBM_S<GYHLW_FW_2>dis device ch
RBM_S<GYHLW_FW_2>dis device chassis 1
Chassis Slot Cpu Type State Subslot Sft Ver Patch Ver
1 0 0 NSQM1MPULA Master 0 F5030D-9620P2413None
1 1 0 NSQM1MPULA Standby 0 F5030D-9620P2413None
1 2 0 NSQ1MPBHA Normal 0 F5030D-9620P2413None
1 2 0 NSQM1TG8A Normal 1 None None
1 2 0 NONE Absent 2 None None
1 2 0 NONE Absent 3 None None
1 2 0 NSQM1GT8A Normal 4 None None
1 2 0 NONE Absent 5 None None
1 2 0 NONE Absent 6 None None
RBM_S<GYHLW_FW_2>
RBM_S<GYHLW_FW_2>
RBM_S<GYHLW_FW_2>
RBM_S<GYHLW_FW_2>dis
RBM_S<GYHLW_FW_2>display int
RBM_S<GYHLW_FW_2>display interface brief
RBM_S<GYHLW_FW_2>display interface brief
Brief information on interfaces in route mode:
Link: ADM - administratively down; Stby - standby
Protocol: (s) - spoofing
Interface Link Protocol Primary IP Description
GE1/2/0/0 UP UP 172.171.203.217
GE1/2/0/1 DOWN DOWN --
GE1/2/0/2 DOWN DOWN --
GE1/2/0/3 DOWN DOWN --
GE1/2/4/0 DOWN DOWN --
GE1/2/4/1 DOWN DOWN --
GE1/2/4/2 DOWN DOWN --
GE1/2/4/3 DOWN DOWN --
GE1/2/4/4 DOWN DOWN --
GE1/2/4/5 DOWN DOWN --
GE1/2/4/6 DOWN DOWN --
GE1/2/4/7 DOWN DOWN --
InLoop0 UP UP(s) --
MGE1/0/0/0 DOWN DOWN --
NULL0 UP UP(s) --
REG0 UP -- --
RAGG10 UP UP 8.8.8.2 to GYHLW_FW_1 ******HA*****
XGE1/2/1/3 UP UP -- to GYHLW_FW_1 ******HA*****
XGE1/2/1/4 UP UP -- to GYHLW_FW_1 ******HA*****
Brief information on interfaces in bridge mode:
Link: ADM - administratively down; Stby - standby
Speed: (a) - auto
Duplex: (a)/A - auto; H - half; F - full
Type: A - access; T - trunk; H - hybrid
Interface Link Speed Duplex Type PVID Description
BAGG1 UP 30G(a) F(a) T 1 to NJMAN-WXG-PE2
BAGG2 UP 30G(a) F(a) T 1 to Border-leaf-2
XGE1/2/1/0 UP 10G(a) F(a) T 1
XGE1/2/1/1 UP 10G(a) F(a) T 1
XGE1/2/1/2 UP 10G(a) F(a) T 1
XGE1/2/1/5 UP 10G(a) F(a) T 1
XGE1/2/1/6 UP 10G(a) F(a) T 1
XGE1/2/1/7 UP 10G(a) F(a) T 1
RBM_S<GYHLW_FW_2>
RBM_S<GYHLW_FW_2>
RBM_S<GYHLW_FW_2>dis
RBM_S<GYHLW_FW_2>display ip int b
RBM_S<GYHLW_FW_2>display ip int brief
*down: administratively down
(s): spoofing (l): loopback
Interface Physical Protocol IP Address Description
GE1/2/0/0 up up 172.171.203.217 --
GE1/2/0/1 down down -- --
GE1/2/0/2 down down -- --
GE1/2/0/3 down down -- --
GE1/2/4/0 down down -- --
GE1/2/4/1 down down -- --
GE1/2/4/2 down down -- --
GE1/2/4/3 down down -- --
GE1/2/4/4 down down -- --
GE1/2/4/5 down down -- --
GE1/2/4/6 down down -- --
GE1/2/4/7 down down -- --
MGE1/0/0/0 down down -- --
RAGG10 up up 8.8.8.2 to GYHLW_FW_1 ...
XGE1/2/1/3 up up -- to GYHLW_FW_1 ...
XGE1/2/1/4 up up -- to GYHLW_FW_1 ...
RBM_S<GYHLW_FW_2>
RBM_S<GYHLW_FW_2>
RBM_S<GYHLW_FW_2>
RBM_S<GYHLW_FW_2>dis
RBM_S<GYHLW_FW_2>display rem
RBM_S<GYHLW_FW_2>display remote-backup-group st
RBM_S<GYHLW_FW_2>display remote-backup-group status
Remote backup group information:
Backup mode: Active/standby
Device management role: Secondary
Device running status: Standby
Data channel interface: Route-Aggregation10
Local IP: 8.8.8.2
Remote IP: 8.8.8.1 Destination port: 60064
Control channel status: Connected
Keepalive interval: 1s
Keepalive count: 10
Configuration consistency check interval: 12 hour
Configuration consistency check result: Not Performed
Configuration backup status: Auto sync enabled
Session backup status: Hot backup enabled
Delay-time: 0 min
RBM_S<GYHLW_FW_2>
RBM_S<GYHLW_FW_2>
(0)
最佳答案
亲~登录后才可以操作哦!
确定你的邮箱还未认证,请认证邮箱或绑定手机后进行当前操作
举报
×
侵犯我的权益
×
侵犯了我企业的权益
×
抄袭了我的内容
×
原文链接或出处
诽谤我
×
对根叔社区有害的内容
×
不规范转载
×
举报说明
三层聚合口是HA心跳线,也要加吗?