雏鹰部落论坛 › CCNP学习资料 › Cisco ASA A/A Lan failover 文档实例

布凡 发表于 2011-4-12 00:29:51

Cisco ASA A/A Lan failover 文档实例

遇到点问题 抽空 gns3 模拟下 有做过的朋友 给小弟看下 谢谢了
CISCO 推荐 用2跟线做 主备交换
下面配置 改了下用 当 LAN 注意
Primary PIX
主设备
interface Ethernet0/0
no sh
!
interface Ethernet0/0.1
vlan 2
!
interface Ethernet0/0.2
vlan 4
!
interface Ethernet0/1
!
interface Ethernet0/1.1
vlan 3
!
interface Ethernet0/1.2
vlan 5
interface Ethernet0/2
no sh
failover lan unit primary
failover lan interface lanfo Ethernet0/2
failover link lanfo Ethernet0/2
failover key net
failover interface ip lanfo 1.1.1.1 255.255.255.0 standby 1.1.1.2
failover group 1
primary
preempt   
failover group 2
secondary   
preempt   
admin-context admin
context admin
config-url flash:/admin.cfg
!
context context1
allocate-interface Ethernet0/0.1
allocate-interface Ethernet0/1.1
config-url flash:/context1.cfg
join-failover-group 1
!
context context2
allocate-interface Ethernet0/0.2
allocate-interface Ethernet0/1.2
config-url flash:/context2.cfg
join-failover-group 2


然后是 2个 context

context1
interface Ethernet0/0.1
nameif inside
security-level 100
no sh
!--- Configure the active and standby IP's for the logical inside
!--- interface of the context1.
ip address 192.168.1.1 255.255.255.0 standby 192.168.1.2
!
interface Ethernet0/1.1
nameif outside
security-level 0
no sh
!--- Configure the active and standby IP's for the logical outside
!--- interface of the context1.
ip address 172.16.1.1 255.255.255.0 standby 172.16.1.2

monitor-interface inside
monitor-interface outside

context 2
interface Ethernet0/0.2
nameif inside
security-level 100
no sh
!--- Configure the active and standby IP's for the logical inside
!--- interface of the context2.
ip address 192.168.2.1 255.255.255.0 standby 192.168.2.2
!
interface Ethernet0/1.2
nameif outside
security-level 0
!--- Configure the active and standby IP's for the logical outside
!--- interface of the context2.
ip address 172.16.2.1 255.255.255.0 standby 172.16.2.2
!
no sh

monitor-interface inside
monitor-interface outside

然后是 SEC 备设备
bak.asa

failover lan unit sec
failover lan interface lanfo Ethernet0/2
failover link lanfo Ethernet0/2
failover key net
failover interface ip lanfo 1.1.1.1 255.255.255.0 standby 1.1.1.2
failover group 1
primary
preempt   
failover group 2
secondary   
preempt   

roy 发表于 2011-4-12 09:15:07

其实我一直觉得楼主的品味不错！呵呵！
我想我是一天也不能离开雏鹰部落，不能离开BOOTCAMP。

denis_chang 发表于 2011-4-12 09:46:43

roy 发表于 2011-4-12 09:15 static/image/common/back.gif
其实我一直觉得楼主的品味不错！呵呵！
我想我是一天也不能离开雏鹰部落，不能离开BOOTCAMP。

-victory-呵呵偶也是啊

布凡 发表于 2011-4-12 13:20:37

回复 2 # roy 的帖子

嗯 还是谢谢你 无论身在何方 依然不变的那份感谢。。。

ygs520 发表于 2011-4-12 16:54:00

-dizzy-我看不懂啊，晕了

候鸟 发表于 2011-4-12 21:28:11

强烈要求啊！！！给力的参考！

zsmkobe 发表于 2011-4-13 15:38:26

回复 6 # 候鸟 的帖子

-78-----

查看完整版本: Cisco ASA A/A Lan failover 文档实例