防火墙旁挂、和热备

旁挂

拓扑

防火墙配置

interface GigabitEthernet0/0/0
 undo shutdown
 ip binding -instance default
 ip address 172.25.254.2 255.255.255.0
 alias GE0/METH
 service-manage http permit
 service-manage https permit
 service-manage ping permit
 service-manage ssh permit
 service-manage snmp permit
 service-manage telnet permit
#
interface GigabitEthernet1/0/0
 undo shutdown
 ip address 192.168.1.6 255.255.255.252
#
interface GigabitEthernet1/0/1
 undo shutdown
 ip address 192.168.2.6 255.255.255.252

ip route-static 0.0.0.0 0.0.0.0 GigabitEthernet1/0/0 192.168.1.5
ip route-static 192.168.3.1 255.255.255.255 GigabitEthernet1/0/1 192.168.2.5

策略

r1

interface GigabitEthernet0/0/0
 ip address 192.168.1.1 255.255.255.252 
#
interface LoopBack0
 ip address 1.1.1.1 255.255.255.255 
#
ip route-static 192.168.3.1 255.255.255.255 192.168.1.2

r2

ip -instance r1
 ipv4-family
  route-distinguisher 1:1
  -target 1:1 export-extcommunity
  -target 1:1 import-extcommunity
#
ip -instance r3
 ipv4-family
  route-distinguisher 2:2
  -target 2:2 export-extcommunity
  -target 2:2 import-extcommunity
#
interface GigabitEthernet0/0/0
 ip binding -instance r1
 ip address 192.168.1.5 255.255.255.252 
#
interface GigabitEthernet0/0/1
 ip binding -instance r3
 ip address 192.168.2.5 255.255.255.252 
#
interface GigabitEthernet0/0/2
 ip binding -instance r1
 ip address 192.168.1.2 255.255.255.252 
#
interface GigabitEthernet4/0/0
 ip binding -instance r3
 ip address 192.168.2.2 255.255.255.252 
#
interface NULL0
#
ip route-static -instance r1 1.1.1.1 255.255.255.255 192.168.1.1
ip route-static -instance r1 192.168.3.1 255.255.255.255 192.168.1.6
ip route-static -instance r1 192.168.3.1 255.255.255.255 -instance r3 192.
168.2.1 preference 100
ip route-static -instance r3 1.1.1.1 255.255.255.255 192.168.2.6
ip route-static -instance r3 1.1.1.1 255.255.255.255 -instance r1 192.168.
1.1 preference 100
ip route-static -instance r3 192.168.3.1 255.255.255.255 192.168.2.1

r3

interface GigabitEthernet0/0/0
 ip address 192.168.2.1 255.255.255.252 
#
interface LoopBack0
 ip address 192.168.3.1 255.255.255.255 
#
ip route-static 0.0.0.0 0.0.0.0 192.168.2.2

结果

热备

拓扑

r1

interface GigabitEthernet0/0/0
 ip address 12.1.1.1 255.255.255.0 
#
interface LoopBack0
 ip address 1.1.1.1 255.255.255.255 
#
ip route-static 192.168.2.1 255.255.255.255 12.1.1.2
ip route-static 192.168.2.1 255.255.255.255 12.1.1.3
 

r2

interface GigabitEthernet0/0/0
 ip address 192.168.1.1 255.255.255.0 
#
interface LoopBack0
 ip address 192.168.2.1 255.255.255.255 
#
ip route-static 1.1.1.1 255.255.255.255 192.168.1.2
ip route-static 1.1.1.1 255.255.255.255 192.168.1.3

FW3

 interface GigabitEthernet0/0/0
  undo shutdown
  ip binding -instance default
  ip address 172.25.254.2 255.255.255.0
  alias GE0/METH
  service-manage http permit
  service-manage https permit
  service-manage ping permit
  service-manage ssh permit
  service-manage snmp permit
  service-manage telnet permit
 #
 interface GigabitEthernet1/0/0
  undo shutdown
  ip address 12.1.1.3 255.255.255.0
  vrrp vrid 1 virtual-ip 12.1.1.4 active
  vrrp virtual-mac enable
 #
 interface GigabitEthernet1/0/1
  undo shutdown
  ip address 192.168.1.3 255.255.255.0
  vrrp vrid 2 virtual-ip 192.168.1.4 active
  vrrp virtual-mac enable
 #
 interface GigabitEthernet1/0/2
  undo shutdown
  ip address 192.168.3.2 255.255.255.0

 ip route-static 1.1.1.1 255.255.255.255 12.1.1.1
 ip route-static 192.168.2.1 255.255.255.255 192.168.1.1

 

FW4

interface GigabitEthernet0/0/0
  undo shutdown
  ip binding -instance default
  ip address 169.254.225.250 255.255.255.0
  alias GE0/METH
  service-manage http permit
  service-manage https permit
  service-manage ping permit
  service-manage ssh permit
  service-manage snmp permit
  service-manage telnet permit
 #
 interface GigabitEthernet1/0/0
  undo shutdown
  ip address 12.1.1.2 255.255.255.0
  vrrp vrid 1 virtual-ip 12.1.1.4 standby
  vrrp virtual-mac enable
 #
 interface GigabitEthernet1/0/1
  undo shutdown
  ip address 192.168.1.2 255.255.255.0
  vrrp vrid 2 virtual-ip 192.168.1.4 standby
  vrrp virtual-mac enable
#
 interface GigabitEthernet1/0/2
  undo shutdown
  ip address 192.168.3.1 255.255.255.0
#
  ip route-static 1.1.1.1 255.255.255.255 12.1.1.1
 ip route-static 192.168.2.1 255.255.255.255 192.168.1.1

结果