PIX failover 實驗過程詳解

來源:本站原創 CISCO 超過1,441 views圍觀 0條評論

一、實驗設備

1、PIX515E-UR兩臺,軟件版本:6.3
2、交換機兩臺
二、拓撲圖

http://img.bimg.126.net/photo/M9EwmB8NWoZlvQDSc4n1ng==/358599120330157496.jpg

三、配置
部分配置省略:
PIX Version 6.3(3)
interface ethernet0 100full
interface ethernet1 100full
nameif ethernet0 outs security0
nameif ethernet1 inside security100
ip address outs 192.168.18.201 255.255.255.0
ip address inside 1.1.1.1 255.255.255.0
failover
failover ip address outs 192.168.18.202
failover ip address inside 1.1.1.2
failover link inside
global (outs) 1 interface
nat (inside) 1 0.0.0.0 0.0.0.0 0 0
route outs 0.0.0.0 0.0.0.0 192.168.18.1 1
telnet 0.0.0.0 0.0.0.0 inside
sho failover信息:在secondary PIX
開始時是primary PIX為active狀態,secondary PIX 為standby狀態。
pixfirewall# sho fail
Failover On
Cable status: Normal
Reconnect timeout 0:00:00
Poll frequency 15 seconds
Last Failover at: 00:49:39 UTC Fri Jan 1 1993
This host: Secondary – Standby
Active time: 0 (sec)
Interface outs (192.168.18.202): Normal
Interface inside (1.1.1.2): Normal
Other host: Primary – Active
Active time: 1845 (sec)
Interface outs (192.168.18.201): Normal
Interface inside (1.1.1.1): Normal
Stateful Failover Logical Update Statistics
Link : inside
Stateful Obj xmit xerr rcv rerr
General 117 0 137 0
sys cmd 117 0 117 0
up time 0 0 0 0
xlate 0 0 4 0
tcp conn 0 0 16 0
udp conn 0 0 0 0
ARP tbl 0 0 0 0
RIP Tbl 0 0 0 0
Logical Update Queue Information
Cur Max Total
Recv Q: 0 1 133
Xmit Q: 0 1 117
經過15秒多狀態切換過來!
是primary PIX為standby狀態,secondary PIX 為active狀態。
pixfirewall# sho fail
Failover On
Cable status: Normal
Reconnect timeout 0:00:00
Poll frequency 15 seconds
Last Failover at: 01:32:20 UTC Fri Jan 1 1993
This host: Secondary – Active
Active time: 15 (sec)
Interface outs (192.168.18.201): Normal (Waiting)
Interface inside (1.1.1.1): Normal (Waiting)
Other host: Primary – Standby
Active time: 2580 (sec)
Interface outs (192.168.18.202): Normal
Interface inside (1.1.1.2): Link Down (Waiting)
Stateful Failover Logical Update Statistics
Link : inside
Stateful Obj xmit xerr rcv rerr
General 212 0 230 0
sys cmd 212 0 210 0
up time 0 0 0 0
xlate 0 0 4 0
tcp conn 0 0 16 0
udp conn 0 0 0 0
ARP tbl 0 0 0 0
RIP Tbl 0 0 0 0
Logical Update Queue Information
Cur Max Total
Recv Q: 0 1 226
Xmit Q: 0 1 212
注:1、在應用層IE瀏覽器幾乎察覺不到切換。
2、實驗參考:Cisco PIX Firewall and VPN Configuration Guide, Version 6.3中的Using PIX Firewall Failover部分。

文章出自:CCIE那點事 http://www.qdxgqk.live/ 版權所有。本站文章除注明出處外,皆為作者原創文章,可自由引用,但請注明來源。 禁止全文轉載。
本文鏈接:http://www.qdxgqk.live/?p=326轉載請注明轉自CCIE那點事
如果喜歡:點此訂閱本站
  • 相關文章
  • 為您推薦
  • 各種觀點
?
暫時還木有人評論,坐等沙發!
發表評論

您必須 [ 登錄 ] 才能發表留言!

?
?
萌宠夺宝游戏