SRX 1500 HA 設定與cisco 2960G 做LACP
Active機器上打(node0)會重開機
set chassis cluster cluster-id 1 node 0 reboot
Passive機器上打(node1)會重開機
set chassis cluster cluster-id 1 node 1 reboot
以下設定只須在node1作設定即可
設定兩台SRX的Hostname
set groups node0 system host-name SRX-Active
set groups node1 system host-name SRX-Passive
套用設定
set apply-groups "${node}"
設定節點切換點 group 0代表control plane group 1代表data plane
priority最大255 prioity越大會優先使用
set chassis cluster redundancy-group 0 node 0 priority 200
set chassis cluster redundancy-group 0 node 1 priority 100
set chassis cluster redundancy-group 1 node 0 priority 200
set chassis cluster redundancy-group 1 node 1 priority 100
設定data同步的port
set interfaces fab0 fabric-options member-interfaces ge-0/0/11
set interfaces fab1 fabric-options member-interfaces ge-7/0/11
設定reth port
set chassis cluster reth-count 1
set interfaces ge-0/0/5 gigether-options redundant-parent reth0
set interfaces ge-7/0/5 gigether-options redundant-parent reth0
set interfaces reth0 unit 0 family inet address 172.20.20.254/20
------------------------------------以上HA已設定完成-----------------------------------------
確認HA狀態 show chassis cluster status
手動切換看使否可以轉到node1
request chassis cluster failover redundancy-group 1 node 1
強制手動後會變成最大值255 需要清除手動模式
request chassis cluster failover reset redundancy-group 1
監控interface狀態切換cluster node
後面的255即最大值 意思是這個port發生狀況時 直接切換另外一台設備
set chassis cluster redundancy-group 1 interface-monitor ge-0/0/5 weight 255
set chassis cluster redundancy-group 1 interface-monitor ge-7/0/5 weight 255
在SRX上設定LACP與2960G對接設定
set interfaces reth0 redundant-ether-options redundancy-group 1
set interfaces reth0 redundant-ether-options minimum-links 1
set interfaces reth0 redundant-ether-options lacp active
set interfaces reth0 redundant-ether-options lacp periodic fast
RPM測試端點變更備援gateway
用ping測試ge-0/0/3.0 ping 172.30.30.1
每1秒發起一次探測 每次探測發送10個包 每個包之間的間隔為1秒 在一次探測中 如果有5個包不通 則判定為鏈路失效 鏈路失效後改為172.30.30.254
set services rpm probe ping-check-mainline test icmp-test target address 172.30.30.1
set services rpm probe ping-check-mainline test icmp-test probe-count 10
set services rpm probe ping-check-mainline test icmp-test probe-interval 1
set services rpm probe ping-check-mainline test icmp-test test-interval 1
set services rpm probe ping-check-mainline test icmp-test thresholds successive-loss 5
set services rpm probe ping-check-mainline test icmp-test destination-interface ge-0/0/3.0
set services rpm probe ping-check-mainline test icmp-test next-hop 10.1.0.89
set services ip-monitoring policy mainline-is-down match rpm-probe ping-check-mainline
set services ip-monitoring policy mainline-is-down then preferred-route route 0.0.0.0/0 next-hop 172.30.30.254