Juniper SSG 550m HA Configuration

Here the ETHERNET0/3 is the HA interface

CLI Command line configuration

Ssg-550m-1 (M)

Set NSRP Cluster ID 1

Set NSRP rto-mirror Sync

Set NSRP rto-mirror route

Set NSRP Vsd-group ID 0 Priority 50 (configuration Vsd-group ID 0 precedence)

Set NSRP Vsd-group master-always-exist (configuration always has one device as master)

Set NSRP Monitor Interface ethernet0/0

Set NSRP Monitor Interface ETHERNET0/1

Set NSRP Monitor Interface ETHERNET0/2

Save

Ssg-550m-2 (B)

Set NSRP Cluster ID 1

Set NSRP rto-mirror Sync

Set NSRP rto-mirror route

Set NSRP Vsd-group ID 0 Priority 100 (configuration Vsd-group ID 0 precedence, default priority 100)

Set NSRP Vsd-group master-always-exist (configuration always has one device as master)

Set NSRP Monitor Interface ethernet0/0

Set NSRP Monitor Interface ETHERNET0/1

Set NSRP Monitor Interface ETHERNET0/2

Save

Note: Created in the order above, set NSRP Vsd-group two must be created before the set NSRP monitor, if the monitor first will cause the device is not connected, and the monitor port must all be connected to the network cable, Otherwise, the command detects that there is no synchronization, one is green, the other Ha is red (but in this case, how to unplug the normal one, the backup can actually take over, but there will be a warning)

Ssg-550m-2 (B), exec nsrp sync global-config save sync Configuration (enter this command to wait a few seconds)

will return some debugging information

Ssg-550m-2 (B), Exec nsrp sync global-config Check to see if it is synchronized (if there is no alarm,

Indicates NSRP configuration is not a problem, if you return warning message you need to check NSRP configuration)

Ssg550-2 (M), exec nsrp sync global-config Save

Ssg550-2 (M), load Peer system config to save

Save Global configuration successfully.

Continue to save local configurations ... Save Local configuration successfully.

Done.

Please reset your box-to-let cluster the configuration take effect!

Ssg550-2 (M), exec nsrp sync global-config check-sum

Ssg550-2 (M), configuration in sync

Ssg550-2 (M)

Ssg-550m-2 (B) Reset Restart device

If no alarm information is returned, the NSRP configuration is successful and the next configuration operation is possible.

When the device restarts, you will see the image information below, and the HA notice light color indicates that HA is working properly.

When the device is operating normally, both devices ha status lights are flashing green, but Ha is standby ha

The indicator light is shown as orange * * * *.

If the port of one device is down, the device automatically switches to a different host and the switch time is

1 seconds, and this interface works as down the device HA indicator is shown in red.

Because only port monitoring is involved in this project, the device automatically switches as long as the port is down

Of course, if a device power is turned off and other hardware failures will also cause the device to switch from the host to the standby machine.

And the NSRP preemption feature is not used in this project, so the device does not switch to the default primary device by default.

NSRP Security Device Restart sequence:

1), restart the operating state of the standby machine

2), when the standby machine starts normally, run the command on the main device:

Ssg-550m-1 (M), exec nsrp vsd-group 0 mode backup

Start Deactivate session (vsd=0) ...

0 Sessions deactivated

Ssg-550m-1 (B), ethernet0/0 interface Change physical

ETHERNET0/1 Interface Change Physical

ETHERNET0/2 Interface Change Physical

At this point the ha-master will switch to the standby and then reboot the original primary device.

This article is from the "Fat's study Notes" blog, make sure to keep this source http://fanzhengang2008.blog.51cto.com/610591/1693365

Juniper SSG 550m HA configuration