¶ cluster 介绍
集群设备数量看授权
整体性能小于单个设备累加
广播选举 优先级1-100 选举完成 不抢占
集群状态 master、standby
接口模式 Spanned EtherChannel、IndividualInterface
心跳线 control link。 数据、控制层面
集群脑裂之后 设备需要手动加入集群
连接的三个角色:owner 处理数据 状态信息备份到director forwarder收到流量询问director谁是owner并转发到owner
条件:设备的软件硬件完全一样
¶ 拓扑
¶ 配置
SW
vlan 8,9,10,150
!
interface Port-channel1
switchport trunk allowed vlan 8-10
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface GigabitEthernet0/0
switchport access vlan 8
switchport mode access
!
interface GigabitEthernet0/1
switchport access vlan 10
switchport mode access
!
interface GigabitEthernet0/2
switchport access vlan 9
switchport mode access
!
interface GigabitEthernet1/0
switchport trunk allowed vlan 8-10
switchport trunk encapsulation dot1q
switchport mode trunk
channel-group 1 mode on
!
interface GigabitEthernet1/1
switchport trunk allowed vlan 8-10
switchport trunk encapsulation dot1q
switchport mode trunk
channel-group 1 mode on
!
interface GigabitEthernet1/3
switchport access vlan 150
switchport mode access
!
interface GigabitEthernet2/0
switchport trunk allowed vlan 8-10
switchport trunk encapsulation dot1q
switchport mode trunk
channel-group 1 mode on
!
interface GigabitEthernet2/1
switchport trunk allowed vlan 8-10
switchport trunk encapsulation dot1q
switchport mode trunk
channel-group 1 mode on
!
interface GigabitEthernet2/3
switchport access vlan 150
switchport mode access
!
ASA3
#no shutdown 所需接口
mode multiple
!
cluster interface-mode spanned
!
interface Port-channel1
port-channel span-cluster
!
interface Port-channel1.8
vlan 8
!
interface Port-channel1.9
vlan 9
!
interface Port-channel1.10
vlan 10
!
interface Ethernet0
channel-group 1 mode on
!
interface Ethernet1
channel-group 1 mode on
!
admin-context adminc
ontext admin
allocate-interface Ethernet3
allocate-interface Port-channel1.8-Port-channel1.10
config-url disk0:/t
cluster group ccie
local-unit ASA3
cluster-interface Ethernet2 ip 10.100.203.1 255.255.255.0
priority 1
enable
子墙配置
ip local pool mgmt-pool 150.1.7.60-150.1.7.61
!
interface Ethernet3
management-only
nameif mgmt
security-level 100
ip address 150.1.7.59 255.255.255.0 cluster-pool mgmt-pool
!
interface Port-channel1.8
mac-address 0008.0008.0008
nameif inside
security-level 100
ip address 10.100.8.1 255.255.255.0
!
interface Port-channel1.9
mac-address 0009.0009.0009
nameif outside
security-level 0
ip address 10.100.9.1 255.255.255.0
!
interface Port-channel1.10
mac-address 0010.0010.0010
nameif dmz
security-level 50
ip address 10.100.10.1 255.255.255.0
!
policy-map global_policy
class inspection_default
inspect icmp
ASA4
cluster interface-mode spanned
cluster group ccie
local-unit ASA4
cluster-interface Ethernet2 ip 10.100.203.2 255.255.255.0
priority 2
enable
¶ 验证:
¶ 端口聚合
¶ 集群状态
¶ ping
