juniper防火墙上做vrrp配置实例

在一台运行freebsd的和junos的PC上实验，拓扑如上图：

Virtual IP (VIP) addresses = 10.0.5.253 and 10.0.6.253

r1 is master of VLAN 520 AND R2 IS BACK

r2 is master of VLAN 530 AND R1 IS BACK

MD5 authentication is enabled. For VLAN 520, the key is "vrrp520" .for VLAN 530, the key is "vrrp530"

我虚拟路由器的配置，track先未配情况

logical-systems {
r1 {
interfaces {
fxp1 {
unit 13 {
vlan-id 13;
family inet {
address 10.0.4.1/24;
}
}   

unit 520 {
vlan-id 520;
family inet {
address 10.0.5.1/24 {
vrrp-group 1 {
virtual-address 10.0.5.253;
priority 100;
accept-data;
authentication-type md5;
authentication-key "$9$YF4UH.PQ3/t.PRhyrvM4aJ"; ## SECRET-DATA
}
}
}
}
unit 530 {
vlan-id 530;
family inet {
address 10.0.6.1/24 {
vrrp-group 2 {
virtual-address 10.0.6.253;
priority 80;
accept-data;
authentication-type md5;
authentication-key "$9$H.Qn9A01Ey9A8X-dsYmf5"; ## SECRET-DATA
}
}
}
}
}
lo0 {
unit 1 {
family inet {
address 1.1.1.1/32;
}
}
}
}
protocols {
ospf {
area 0.0.0.1 {
interface lo0.1 {
passive;
}
interface fxp1.520;
interface fxp1.530;
interface fxp1.13;
}
}
}
}
r2 {
interfaces {
fxp1 {
unit 23 {
vlan-id 23;
family inet {
address 10.0.3.2/24;
}
}
}
fxp2 {
unit 520 {
vlan-id 520;
family inet {
address 10.0.5.2/24 {
vrrp-group 1 {
virtual-address 10.0.5.253;
priority 80;
accept-data;
authentication-type md5;
authentication-key "$9$MwoLdsgoGjkPgon/AtOBLx7"; ## SECRET-DATA
}
}
}
}
unit 530 {
vlan-id 530;
family inet {
address 10.0.6.2/24 {
vrrp-group 2 {
virtual-address 10.0.6.253;
priority 100;
accept-data;
authentication-type md5;
authentication-key "$9$5z9pO1hyeWO1db2gJZFn6"; ## SECRET-DATA
}
}
}
}
}
lo0 {
unit 2 {
family inet {
address 2.2.2.2/32;
}
}
}
}
protocols {
ospf {
area 0.0.0.1 {
interface fxp2.520;
interface fxp2.530;
interface fxp2.23;
interface lo0.2 {
passive;
}
}
}
}
}
r3 {
interfaces {
fxp2 {
unit 13 {
vlan-id 13;
family inet {
address 10.0.4.3/24;
}
}
unit 23 {
vlan-id 23;
family inet {
address 10.0.3.3/24;
}
}
}
lo0 {
unit 3 {
family inet {
address 3.3.3.3/32;
}
}
}
}
protocols {
ospf {
area 0.0.0.1 {
interface fxp2.13;
interface lo0.3 {
passive;
}
interface fxp2.23;
}
}
}
}
}
gz@Juniper-Lab# run show vrrp summary logical-system r1
Interface
State
Group
VR state
VR Mode
Type
Address
fxp1.520
up
1
master
Active
lcl
10.0.5.1
vip
10.0.5.253
fxp1.530
up
2
backup
Active
lcl
10.0.6.1
vip
10.0.6.253
[edit]
gkz@Juniper-Lab# run show vrrp summary logical-system r2
Interface
State
Group
VR state
VR Mode
Type
Address
fxp2.520
up
1
backup
Active
lcl
10.0.5.2
vip
10.0.5.253
fxp2.530
up
2
master
Active
lcl
10.0.6.2
vip
10.0.6.253
配置 TRACK
R1 track interface fxp1.13
R2 track interface fxp1.23
R1
edit logical-systems r1 interfaces fxp1 unit 520 family inet address 10.0.5.1/24
set vrrp-group 1 track interface fxp1.13 priority-cost 50
R2
[edit logical-systems r2 interfaces fxp2 unit 520 family inet address 10.0.5.2/24]
set vrrp-group 1 track interface fxp1.23 priority-cost 50
当 R1的fxp1.13 disable时：
[edit]
gkz@Juniper-Lab# set logical-systems r1 interfaces fxp1 unit 13 disable
[edit]
gkz@Juniper-Lab# commit
commit complete
[edit]
gkz@Juniper-Lab# run show vrrp brief
[edit]
gkz@Juniper-Lab# run show vrrp brief logical-system r1
Interface
State
Group
VR state VR Mode
Timer
Type
Address
fxp1.520
up
1
backup
Active
D
3.516 lcl
10.0.5.1
vip
10.0.5.253
mas
10.0.5.2
fxp1.530
up
2
backup
Active
D
3.613 lcl
10.0.6.1   

vip
10.0.6.253
mas
10.0.6.2
[edit]
gkz@Juniper-Lab# run show vrrp brief logical-system r2
Interface
State
Group
VR state VR Mode
Timer
Type
Address
fxp2.520
up
1
master
Active
A
0.601 lcl
10.0.5.2   

vip
10.0.5.253
fxp2.530
up
2
master
Active
A
0.973 lcl
10.0.6.2
vip
10.0.6.253

本文出自 “Rista” 博客，请务必保留此出处http://rista.blog.51cto.com/2526140/935140

以上是小编为您精心准备的的内容，在的博客、问答、公众号、人物、课程等栏目也有的相关内容，欢迎继续使用右上角搜索按钮进行搜索interface
， 10
， address
， lab for
， unit
， 530
， 520
程序员520
juniper防火墙配置、juniper防火墙nat配置、juniper防火墙web配置、juniper防火墙vpn配置、juniper防火墙ha配置，以便于您获取更多的相关知识。