一、拓扑与核心思路
网络拓扑
核心交换机(Trunk All) ←→ S6800 IRF(逻辑单台) ←→ 防火墙板卡(虚拟线) ←→ 内网设备
S6800通过IRF组成一台逻辑交换机
防火墙板卡作为虚拟线卡集成在S6800中
防火墙工作在透明模式(桥模式),对网络拓扑透明
核心设计原理
在S6800中,防火墙板卡作为业务板卡存在,通过创建虚拟防火墙实例和虚拟防火墙接口对,形成一条逻辑上的"虚拟线缆",所有需要防火墙检查的流量通过这条虚拟线缆转发。
二、配置步骤
步骤1:确认硬件和软件版本
# 查看防火墙板卡状态
display firewall version
display device
# 查看防火墙板卡槽位(假设在slot 3和4)
Slot Type State
3 FW Module Normal
4 FW Module Normal
步骤2:创建虚拟防火墙实例
# 进入系统视图
system-view
# 创建虚拟防火墙实例(例如实例1)
firewall session enable
firewall interzone 1
description Transparent-FW
zone local
zone trust
zone untrust
quit
# 可选:创建第二个实例用于另一对接口(如果有多条虚拟线)
firewall interzone 2
description DMZ-FW
quit
步骤3:配置虚拟防火墙接口对(关键步骤)
这是透明模式的核心。创建一对虚拟接口,一个作为入口,一个作为出口。
# 1. 创建虚拟防火墙接口
interface Virtual-Template 1
description FW-Inbound-Interface
ip address unnumbered interface LoopBack0 # 管理IP可选
quit
interface Virtual-Template 2
description FW-Outbound-Interface
ip address unnumbered interface LoopBack0
quit
# 2. 创建防火墙虚拟系统
firewall zone trust
set priority 85
add interface Virtual-Template 1
quit
firewall zone untrust
set priority 5
add interface Virtual-Template 2
quit
# 3. 配置透明桥接(关键!)
bridge 1
bridge enable
bridge mode transparent
# 将虚拟接口加入桥组
port Virtual-Template 1
port Virtual-Template 2
quit
步骤4:配置交换机的VLAN和流量重定向
假设:
核心交换机连接S6800的接口:Ten-GigabitEthernet 1/0/49-50(IRF后可能需要重新编号)
流量从VLAN 10到VLAN 20需要经过防火墙
# 1. 创建VLAN
vlan 10
name User-VLAN
quit
vlan 20
name Server-VLAN
quit
# 2. 配置与核心交换机的Trunk口
interface range Ten-GigabitEthernet 1/0/49 to Ten-GigabitEthernet 1/0/50
description To-Core-Switch
port link-type trunk
port trunk permit vlan all
# 可选:配置IRF端口聚合
port link-aggregation group 1
quit
# 3. 配置流量重定向策略(PBR)- 方案A:基于VLAN
acl advanced 3000
rule 5 permit ip vlan 10
rule 10 permit ip vlan 20
quit
# 创建QoS策略重定向到防火墙
traffic classifier FW-REDIRECT operator or
if-match acl 3000
quit
traffic behavior FW-REDIRECT
redirect slot 3 # 重定向到slot 3的防火墙板卡
quit
qos policy FW-POLICY
classifier FW-REDIRECT behavior FW-REDIRECT
quit
# 在入口接口应用策略
interface range Ten-GigabitEthernet 1/0/49 to Ten-GigabitEthernet 1/0/50
qos apply policy FW-POLICY inbound
quit
步骤5:配置IRF相关设置
由于两台S6800已经做了IRF,确保防火墙板卡能跨设备工作:
# 查看IRF状态
display irf
# 配置防火墙板卡的主备模式(重要!)
firewall session backup enable
firewall session backup slot 3 master # 指定主防火墙板卡
firewall session backup slot 4 slave # 指定备防火墙板卡
# 配置IRF链路
irf-port 1/2
port group interface Ten-GigabitEthernet 1/0/51
port group interface Ten-GigabitEthernet 1/0/52
quit
# 保存并激活IRF配置
irf-port-configuration active
步骤6:配置防火墙安全策略
# 进入防火墙视图(板卡特定视图)
firewall slot 3
# 配置透明模式
firewall mode transparent
firewall transparent enable
# 创建安全策略
security-policy
rule 0 name Permit-User-to-Server
source-zone trust
destination-zone untrust
source-address 192.168.10.0 mask 255.255.255.0 # VLAN 10网段
destination-address 192.168.20.0 mask 255.255.255.0 # VLAN 20网段
action permit
rule 5 name Deny-All
action deny
quit
# 配置NAT(如果需要)
nat alg enable
quit
三、可选方案:服务链(Service Chain)方式
如果虚拟接口对方式不适用,可以使用更灵活的服务链配置:
# 1. 创建服务链
service-chain 1
description Firewall-Service-Chain
node 1 firewall slot 3
quit
# 2. 创建服务实例
service-instance 1
service-chain 1
redirect enable
quit
# 3. 应用服务链到VLAN
vlan 10
service-instance 1 inbound # VLAN 10入方向流量经过服务链
quit
vlan 20
service-instance 1 outbound # VLAN 20出方向流量经过服务链
quit
四、验证命令
1. 查看防火墙状态
# 查看防火墙板卡状态
display firewall status slot 3
display firewall session table slot 3
# 查看虚拟防火墙接口
display interface Virtual-Template 1
display interface Virtual-Template 2
# 查看桥接状态
display bridge 1
2. 查看IRF状态
display irf configuration
display irf topology
display irf link
3. 查看流量统计
# 查看防火墙板卡流量
display firewall statistics slot 3
# 查看重定向策略命中
display qos policy interface Ten-GigabitEthernet 1/0/49 inbound
4. 测试连通性
# 从VLAN 10测试到VLAN 20的连通性
ping -a 192.168.10.1 192.168.20.1
# 查看会话建立情况
display firewall session table verbose
五、故障排查
常见问题1:流量不经过防火墙
# 1. 检查重定向策略是否生效
debug qos policy all
terminal debugging
terminal monitor
# 2. 检查防火墙板卡是否正常
display device slot 3
display firewall status slot 3
# 3. 检查桥接配置
display bridge 1 verbose
常见问题2:IRF主备切换问题
# 查看防火墙主备状态
display firewall backup status
# 手动切换测试
firewall session switchover slot 4
常见问题3:性能问题
# 查看防火墙板卡CPU和内存
display firewall resource slot 3
# 查看会话数
display firewall session count slot 3
六、完整配置示例
# S6800 IRF + 防火墙板卡透明模式配置示例
# 基础配置
sysname S6800-IRF
irf member 1 priority 32
irf member 2 priority 1
# VLAN配置
vlan 10
name User-VLAN
vlan 20
name Server-VLAN
# 接口配置
interface Ten-GigabitEthernet 1/0/49
port link-type trunk
port trunk permit vlan all
description To-Core-Switch-49
interface Ten-GigabitEthernet 2/0/49
port link-type trunk
port trunk permit vlan all
description To-Core-Switch-50
# 防火墙配置
firewall session enable
firewall interzone 1
zone local
zone trust
zone untrust
# 虚拟接口配置
interface Virtual-Template 1
ip address unnumbered interface LoopBack0
interface Virtual-Template 2
ip address unnumbered interface LoopBack0
bridge 1
bridge enable
bridge mode transparent
port Virtual-Template 1
port Virtual-Template 2
# 重定向策略
acl advanced 3000
rule 5 permit ip vlan 10 destination-vlan 20
traffic classifier FW-CLASS
if-match acl 3000
traffic behavior FW-BEHAVIOR
redirect slot 3
qos policy FW-POLICY
classifier FW-CLASS behavior FW-BEHAVIOR
interface Ten-GigabitEthernet 1/0/49
qos apply policy FW-POLICY inbound
# 进入防火墙板卡配置
firewall slot 3
firewall mode transparent
security-policy
rule 0 name Permit-VLAN10-to-VLAN20
source-zone trust
destination-zone untrust
source-address 192.168.10.0 24
destination-address 192.168.20.0 24
action permit
quit
quit
# 保存配置
save force
七、重要注意事项
软件版本兼容性:确保S6800和防火墙板卡的软件版本兼容
性能规划:防火墙板卡有性能上限,规划流量时不要超过其吞吐量
IRF分裂:配置正确的MAD(多主检测)防止IRF分裂
配置同步:IRF配置会自动同步,但防火墙板卡配置需要分别进入板卡视图配置
管理IP:为防火墙板卡配置管理IP,便于单独管理
License:确认防火墙功能License有效
如果您在实际配置中遇到问题,可以提供以下信息以便进一步诊断:
display version输出
display device输出
具体的错误提示信息
当前的配置片段
暂无评论
4.4 透明直路双主部署SecBlade插卡
4.4.1 组网需求
Host A、Host B和Host C通过接入交换机Switch A、汇聚交换机Switch B和核心交换机Switch C与Internet通信。出于安全考虑,需要在汇聚交换机Switch B上部署两个SecBlade插卡Device A和Device B起安全防护作用,应用需求如下:
· Switch A将Host A、Host B和Host C分别划分在VLAN 10、VLAN 20和VLAN 30,透传Host与Internet之间的流量。
· Switch B将下行业务口划分在VLAN 10、VLAN 20和VLAN 30,上行业务口划分在VLAN 40、VLAN 50和VLAN 60,与Device的上行互连口划分在VLAN 10、VLAN 20和VLAN 30,与Device的下行互连口划分在VLAN 40、VLAN 50和VLAN 60,上下行透传Host与Internet的流量到Device。
· Device下行业务划分在VLAN 10、VLAN 20和VLAN 30,上行业务划分在VLAN 40、VLAN 50和VLAN 60。Device跨VLAN转发Host与Internet之间流量,Device A和Device B做双主备份。
· Switch C做Host A、Host B和Host C的网关,查路由表转发Host与Internet之间的流量。
图4-7 透明直路双主部署SecBlade插卡组网图
图4-8 透明直路双主部署SecBlade插卡逻辑组网图
设备 | 接口 | IP地址 |
Host A | - | 192.168.10.15/24 |
Host B | - | 192.168.20.15/24 |
Host C | - | 192.168.30.15/24 |
Switch C | Vlan-interface40 | 192.168.10.1/24 |
| Vlan-interface50 | 192.168.20.1/24 |
| Vlan-interface60 | 192.168.30.1/24 |
| GE1/0/2 | 20.1.1.1/24 |
Device A | FGE1/0/3 | 1.1.1.1/30 |
Device B | FGE1/0/3 | 1.1.1.2/30 |
4.4.2 配置步骤
1. 配置Switch A
# 创建VLAN 10、VLAN 20和VLAN 30。将GigabitEthernet1/0/1、GigabitEthernet1/0/2和GigabitEthernet1/0/3分别加入VLAN 10、VLAN 20和VLAN 30。
<SwitchA> system-view
[SwitchA] vlan 10
[SwitchA-vlan10] port gigabitethernet 1/0/1
[SwitchA-vlan10] quit
[SwitchA] vlan 20
[SwitchA-vlan20] port gigabitethernet 1/0/2
[SwitchA-vlan20] quit
[SwitchA] vlan 30
[SwitchA-vlan30] port gigabitethernet 1/0/3
[SwitchA-vlan30] quit
# 将GigabitEthernet1/0/4的链路类型配置为Trunk,并允许VLAN 10、VLAN 20和VLAN 30的报文通过。
[SwitchA] interface gigabitethernet 1/0/4
[SwitchA-GigabitEthernet1/0/4] port link-type trunk
[SwitchA-GigabitEthernet1/0/4] port trunk permit vlan 10 20 30
[SwitchA-GigabitEthernet1/0/4] quit
2. 配置Switch B
# 创建VLAN 10、VLAN 20、VLAN 30、VLAN 40、VLAN 50、VLAN 60、VLAN 1111,将FortyGigE2/0/3、FortyGigE3/0/3加入VLAN 1111。
<SwitchB> system-view
[SwitchB] vlan 10
[SwitchB-vlan10] quit
[SwitchB] vlan 20
[SwitchB-vlan20] quit
[SwitchB] vlan 30
[SwitchB-vlan30] quit
[SwitchB] vlan 40
[SwitchB-vlan40] quit
[SwitchB] vlan 50
[SwitchB-vlan50] quit
[SwitchB] vlan 60
[SwitchB-vlan60] quit
[SwitchB] vlan 1111
[SwitchA-vlan1111] port fortygige 2/0/3 fortygige 3/0/3
[SwitchB-vlan1111] quit
# 将GigabitEthernet1/0/1的链路类型配置为Trunk,并允许VLAN 10、VLAN 20和VLAN 30的报文通过。
[SwitchB] interface gigabitethernet 1/0/1
[SwitchB-GigabitEthernet1/0/1] port link-type trunk
[SwitchB-GigabitEthernet1/0/1] port trunk permit vlan 10 20 30
[SwitchB-GigabitEthernet1/0/1] quit
# 将GigabitEthernet1/0/2的链路类型配置为Trunk,并允许VLAN 40、VLAN 50和VLAN 60的报文通过。
[SwitchB] interface gigabitethernet 1/0/2
[SwitchB-GigabitEthernet1/0/2] port link-type trunk
[SwitchB-GigabitEthernet1/0/2] port trunk permit vlan 40 50 60
[SwitchB-GigabitEthernet1/0/2] quit
# 创建二层聚合接口1为Trunk端口,并允许VLAN 10、VLAN 20和VLAN 30的报文通过,创建二层聚合接口2为Trunk端口,并允许VLAN 40、VLAN 50和VLAN 60的报文通过,配置二层聚合接口1对应的聚合组内按照报文源IP地址进行聚合负载分担,配置二层聚合接口2对应的聚合组内按照报文目的IP地址进行聚合负载分担(确保同一条数据流的来回路径一致)。
[SwitchB] interface bridge-aggregation 1
[SwitchB-Bridge-Aggregation1] port link-type trunk
[SwitchB-Bridge-Aggregation1] port trunk permit vlan 10 20 30
[SwitchB-Bridge-Aggregation1] link-aggregation load-sharing mode source-ip
[SwitchB-Bridge-Aggregation1] quit
[SwitchB] interface bridge-aggregation 2
[SwitchB-Bridge-Aggregation2] port link-type trunk
[SwitchB-Bridge-Aggregation2] port trunk permit vlan 40 50 60
[SwitchB-Bridge-Aggregation2] link-aggregation load-sharing mode destination-ip
[SwitchB-Bridge-Aggregation2] quit
# 将端口FortyGigE2/0/1、FortyGigE3/0/1加入到聚合组1中,端口FortyGigE2/0/2、FortyGigE3/0/2加入到聚合组2中。
[SwitchB] interface range fortygige 2/0/1 fortygige 3/0/1
[SwitchB-if-range] port link-aggregation group 1
[SwitchB-if-range] quit
[SwitchB] interface range fortygige 2/0/2 fortygige 3/0/2
[SwitchB-if-range] port link-aggregation group 2
[SwitchB-if-range] quit
3. 配置Switch C
# 创建VLAN 40、VLAN 50、VLAN 60。
<SwitchC> system-view
[SwitchC] vlan 40
[SwitchC-vlan40] quit
[SwitchC] vlan 50
[SwitchC-vlan50] quit
[SwitchC] vlan 60
[SwitchC-vlan60] quit
# 将GigabitEthernet1/0/1的链路类型配置为Trunk,并允许VLAN 40、VLAN 50和VLAN 60的报文通过。
[SwitchC] interface gigabitethernet 1/0/1
[SwitchC-GigabitEthernet1/0/1] port link-type trunk
[SwitchC-GigabitEthernet1/0/1] port trunk permit vlan 40 50 60
[SwitchC-GigabitEthernet1/0/1] quit
# 创建VLAN 40、VLAN 50和VLAN 60接口,配置VLAN接口的IP地址。
[SwitchC] interface vlan-interface 40
[SwitchC-Vlan-interface40] ip address 192.168.10.1 24
[SwitchC-Vlan-interface40] quit
[SwitchC] interface vlan-interface 50
[SwitchC-Vlan-interface50] ip address 192.168.20.1 24
[SwitchC-Vlan-interface50] quit
[SwitchC] interface vlan-interface 60
[SwitchC-Vlan-interface60] ip address 192.168.30.1 24
[SwitchC-Vlan-interface60] quit
# 切换GigabitEthernet1/0/2的工作模式为三层,并配置IP地址。
[SwitchC] interface gigabitethernet 1/0/2
[SwitchC-GigabitEthernet1/0/2] port link-mode route
The configuration of the interface will be restored to the default. Continue? [Y/N]:y
[SwitchC-GigabitEthernet1/0/2] ip address 20.1.1.1 24
[SwitchC-GigabitEthernet1/0/2] quit
4. 配置Device A
# 创建VLAN10、VLAN20、VLAN30、VLAN40、VLAN50、VLAN60。
<DeviceA> system-view
[DeviceA] vlan 10
[DeviceA-vlan10] quit
[DeviceA] vlan 20
[DeviceA-vlan20] quit
[DeviceA] vlan 30
[DeviceA-vlan30] quit
[DeviceA] vlan 40
[DeviceA-vlan40] quit
[DeviceA] vlan 50
[DeviceA-vlan50] quit
[DeviceA] vlan 60
[DeviceA-vlan60] quit
# 切换FortyGigE1/0/1和FortyGigE1/0/2的工作模式为二层并将链路类型配置为Trunk,FortyGigE1/0/1允许VLAN 10、VLAN 20、VLAN 30的报文通过,FortyGigE1/0/2允许VLAN 40、VLAN 50、VLAN 60的报文通过。
[DeviceA] interface fortygige 1/0/1
[DeviceA-FortyGigE1/0/1] port link-mode bridge
[DeviceA-FortyGigE1/0/1] port link-type trunk
[DeviceA-FortyGigE1/0/1] port trunk permit vlan 10 20 30
[DeviceA-FortyGigE1/0/1] quit
[DeviceA] interface fortygige 1/0/2
[DeviceA-FortyGigE1/0/2] port link-mode bridge
[DeviceA-FortyGigE1/0/2] port link-type trunk
[DeviceA-FortyGigE1/0/2] port trunk permit vlan 40 50 60
[DeviceA-FortyGigE1/0/2] quit
# 配置FortyGigE1/0/3的接口IP。
[DeviceA] interface fortygige 1/0/3
[DeviceA-FortyGigE1/0/3] ip address 1.1.1.1 30
[DeviceA-FortyGigE1/0/3] quit
# 将VLAN10、VLAN20、VLAN30加入安全域Trust,VLAN40、VLAN50、VLAN60加入安全域Untrust。
[DeviceA] security-zone name trust
[DeviceA-security-zone-Trust] import vlan 10 20 30
[DeviceA-security-zone-Trust] quit
[DeviceA] security-zone name untrust
[DeviceA-security-zone-Untrust] import vlan 40 50 60
[DeviceA-security-zone-Untrust] quit
# 配置安全策略允许域间报文通过。
[DeviceA] security-policy ip
[DeviceA-security-policy-ip] rule name trust-untrust
[DeviceA-security-policy-ip-0-trust-untrust] action pass
[DeviceA-security-policy-ip-0-trust-untrust] source-zone trust
[DeviceA-security-policy-ip-0-trust-untrust] destination-zone untrust
[DeviceA-security-policy-ip-0-trust-untrust] quit
[DeviceA-security-policy-ip] rule name untrust-trust
[DeviceA-security-policy-ip-1-untrust-trust] action pass
[DeviceA-security-policy-ip-1-untrust-trust] source-zone untrust
[DeviceA-security-policy-ip-1-untrust-trust] destination-zone trust
[DeviceA-security-policy-ip-1-untrust-trust] quit
[DeviceA-security-policy-ip] quit
# 创建跨VLAN转发模式的转发实例Bridge 1、Bridge 2和Bridge 3,并分别添加需要相互通信的VLAN到实例中。
[DeviceA] bridge 1 inter-vlan
[DeviceA-bridge-1-inter-vlan] add vlan 10 40
[DeviceA-bridge-1-inter-vlan] quit
[DeviceA] bridge 2 inter-vlan
[DeviceA-bridge-2-inter-vlan] add vlan 20 50
[DeviceA-bridge-2-inter-vlan] quit
[DeviceA] bridge 3 inter-vlan
[DeviceA-bridge-3-inter-vlan] add vlan 30 60
[DeviceA-bridge-3-inter-vlan] quit
# 配置高可靠性RBM,监控FortyGigE1/0/1和FortyGigE1/0/2接口状态。
[DeviceA] remote-backup group
[DeviceA-remote-backup-group] remote-ip 1.1.1.2
[DeviceA-remote-backup-group] local-ip 1.1.1.1
[DeviceA-remote-backup-group] >[DeviceA-remote-backup-group] device-role primary
RBM_P[DeviceA-remote-backup-group] backup-mode dual-active
RBM_P[DeviceA-remote-backup-group] track interface FortyGigE 1/0/1
RBM_P[DeviceA-remote-backup-group] track interface FortyGigE 1/0/2
RBM_P[DeviceA-remote-backup-group] delay-time 1
RBM_P[DeviceA-remote-backup-group] quit
5. 配置Device B
# 创建VLAN10、VLAN20、VLAN30、VLAN40、VLAN50、VLAN60。
<DeviceB> system-view
[DeviceB] vlan 10
[DeviceB-vlan10] quit
[DeviceB] vlan 20
[DeviceB-vlan20] quit
[DeviceB] vlan 30
[DeviceB-vlan30] quit
[DeviceB] vlan 40
[DeviceB-vlan40] quit
[DeviceB] vlan 50
[DeviceB-vlan50] quit
[DeviceB] vlan 60
[DeviceB-vlan60] quit
# 切换FortyGigE1/0/1和FortyGigE1/0/2的工作模式为二层并将链路类型配置为Trunk,FortyGigE1/0/1允许VLAN 10、VLAN 20、VLAN 30的报文通过,FortyGigE1/0/2允许VLAN 40、VLAN 50、VLAN 60的报文通过。
[DeviceA] interface fortygige 1/0/1
[DeviceA-FortyGigE1/0/1] port link-mode bridge
[DeviceA-FortyGigE1/0/1] port link-type trunk
[DeviceA-FortyGigE1/0/1] port trunk permit vlan 10 20 30
[DeviceA-FortyGigE1/0/1] quit
[DeviceA] interface fortygige 1/0/2
[DeviceA-FortyGigE1/0/1] port link-mode bridge
[DeviceA-FortyGigE1/0/1] port link-type trunk
[DeviceA-FortyGigE1/0/1] port trunk permit vlan 40 50 60
[DeviceA-FortyGigE1/0/1] quit
# 配置FortyGigE1/0/3的接口IP。
[DeviceB] interface fortygige 1/0/3
[DeviceB-FortyGigE1/0/3] ip address 1.1.1.2 30
[DeviceB-FortyGigE1/0/3] quit
# 将VLAN10、VLAN20、VLAN30加入安全域Trust,VLAN40、VLAN50、VLAN60加入安全域Untrust。
[DeviceB] security-zone name trust
[DeviceB-security-zone-Trust] import vlan 10 20 30
[DeviceB-security-zone-Trust] quit
[DeviceB] security-zone name untrust
[DeviceB-security-zone-Untrust] import vlan 40 50 60
[DeviceB-security-zone-Untrust] quit
# 配置安全策略允许域间报文通过。
[DeviceB] security-policy ip
[DeviceB-security-policy-ip] rule name trust-untrust
[DeviceB-security-policy-ip-0-trust-untrust] action pass
[DeviceB-security-policy-ip-0-trust-untrust] source-zone trust
[DeviceB-security-policy-ip-0-trust-untrust] destination-zone untrust
[DeviceB-security-policy-ip-0-trust-untrust] quit
[DeviceB-security-policy-ip] rule name untrust-trust
[DeviceB-security-policy-ip-1-untrust-trust] action pass
[DeviceB-security-policy-ip-1-untrust-trust] source-zone untrust
[DeviceB-security-policy-ip-1-untrust-trust] destination-zone trust
[DeviceB-security-policy-ip-1-untrust-trust] quit
[DeviceB-security-policy-ip] quit
# 创建跨VLAN转发模式的转发实例Bridge 1、Bridge 2和Bridge 3,并分别添加需要相互通信的VLAN到实例中。
[DeviceB] bridge 1 inter-vlan
[DeviceB-bridge-1-inter-vlan] add vlan 10 40
[DeviceB-bridge-1-inter-vlan] quit
[DeviceB] bridge 2 inter-vlan
[DeviceB-bridge-2-inter-vlan] add vlan 20 50
[DeviceB-bridge-2-inter-vlan] quit
[DeviceB] bridge 3 inter-vlan
[DeviceB-bridge-3-inter-vlan] add vlan 30 60
[DeviceB-bridge-3-inter-vlan] quit
# 配置高可靠性RBM,监控FortyGigE1/0/1和FortyGigE1/0/2接口状态。
[DeviceB] remote-backup group
[DeviceB-remote-backup-group] remote-ip 1.1.1.1
[DeviceB-remote-backup-group] local-ip 1.1.1.2
[DeviceB-remote-backup-group] >[DeviceB-remote-backup-group] device-role secondary
RBM_S[DeviceB-remote-backup-group] backup-mode dual-active
RBM_S[DeviceB-remote-backup-group] track interface FortyGigE 1/0/1
RBM_S[DeviceB-remote-backup-group] track interface FortyGigE 1/0/2
RBM_S[DeviceB-remote-backup-group] delay-time 1
RBM_S[DeviceB-remote-backup-group] quit
暂无评论
编辑答案
亲~登录后才可以操作哦!
确定你的邮箱还未认证,请认证邮箱或绑定手机后进行当前操作
举报
×
侵犯我的权益
×
侵犯了我企业的权益
×
- 1. 您举报的内容是什么?(请在邮件中列出您举报的内容和链接地址)
- 2. 您是谁?(身份证明材料,可以是身份证或护照等证件)
- 3. 是哪家企业?(营业执照,单位登记证明等证件)
- 4. 您与该企业的关系是?(您是企业法人或被授权人,需提供企业委托授权书)
抄袭了我的内容
×
原文链接或出处
诽谤我
×
- 1. 您举报的内容以及侵犯了您什么权益?(请在邮件中列出您举报的内容、链接地址,并给出简短的说明)
- 2. 您是谁?(身份证明材料,可以是身份证或护照等证件)
对根叔社区有害的内容
×
不规范转载
×
举报说明
暂无评论