ESR series service routers.ESR-Series. User manual
1.
2.
3.
14.3.2 Configuration example
Objective:
Configure firewall session reservation for VRRP group in unicast mode. It is necessary to organize redundancy
for two subnets using the VRRP protocol, synchronize VRRP processes on routers.
Main configuration steps:
Configure VRRP processes on routers. Use vrrp priority 20 for master, and vrrp priority 10 for backup.
Configure firewall failover in unicast mode with udp port number 3333 for VRRP group.
Configure security zone for VRRP and UDP protocols.
Solution:
ConfigureESR-1 router (master).
First, configure IP address on interfaces anddefine belonging to the security zone.
master(config)# interface gigabitethernet 1/0/1
master(config-if-gi)# security-zone trusted
master(config-if-gi)# ip address 192.0.2.3/24
master(config-if-gi)# exit
master(config)# interface gigabitethernet 1/0/2
master(config-if-gi)# security-zone trusted
master(config-if-gi)# ip address 203.0.113.1/30
master(config-if-gi)# exit
master(config)# interface gigabitethernet 1/0/3
master(config-if-gi)# security-zone trusted
master(config-if-gi)# ip address 198.51.100.3/24
master(config-if-gi)# exit
Configure VRRP processes on interfaces. The following parameters on the router interfaces should be
configured: VRRP ID, VRRP IP address, VRRP priority, VRRP router belonging to a group.
Additionally, vrrp preempt delay should be configured on the master, as a result of which there will be time to
establish firewall synchronization before the backup router transfers master role.
After that, enable the vrrp process using the 'vrrp' command.
It is possible to select vrrp preempt disable operation mode instead of configuring vrrp preempt
delay. As a result, router with higher VRRP priority will not take away the master role from the router
with lower VRRP priority after returning to operation.
To Next Page
Loading...