How is HSB configured on an AR

AR routers support HSB only when they are deployed as firewalls to ensure that user services are not interrupted when a firewall fault occurs.
The HSB configuration is the same on all AR models of all versions. The following describes the HSB configuration on AR2240 of V200R006 as an example.
To ensure enterprise intranet security, company A deploys a firewall between the intranet and extranet. All traffic must pass through the firewall; therefore, the firewall failure leads to interruption of all traffic. Company A deploys two firewalls in active/standby mode. Company A requires that if FW_A becomes faulty, FW_B takes over services from FW_A to ensure uninterrupted network running.
The HSB configuration is as follows:
1. Configure interface IP addresses to ensure that devices can communicate.
# Configure FW_A. The configuration of FW_B is similar to that of FW_A, and is not mentioned here.
[Huawei] sysname FW_A
[FW_A] interface gigabitethernet 2/0/0
[FW_A-GigabitEthernet2/0/0] ip address 10.1.1.1 24
[FW_A-GigabitEthernet2/0/0] quit
[FW_A] interface gigabitethernet 1/0/0
[FW_A-GigabitEthernet1/0/0] ip address 192.168.1.1 24
[FW_A-GigabitEthernet1/0/0] quit
# Configure Switch.
[Huawei] sysname Switch
[Switch] vlan 100
[Switch-vlan100] quit
[Switch] interface gigabitethernet 0/0/1 //The configuration of GE0/0/2 is similar to that of GE0/0/1, and is not mentioned here.
[Switch-GigabitEthernet0/0/1] port hybrid pvid vlan 100
[Switch-GigabitEthernet0/0/1] port hybrid untagged vlan 100
[Switch-GigabitEthernet0/0/1] quit
2. Configure a VRRP group.
# Configure VRRP group 1 on FW_A, and set the priority of FW_A in VRRP group 1 to 120.
[FW_A] interface gigabitethernet 2/0/0
[FW_A-GigabitEthernet2/0/0] vrrp vrid 1 virtual-ip 10.1.1.111
[FW_A-GigabitEthernet2/0/0] vrrp vrid 1 priority 120
[FW_A-GigabitEthernet2/0/0] quit
# Configure VRRP group 1 on FW_B. The priority of FW_B in VRRP group 1 is the default value 100.
[FW_B] interface gigabitethernet 2/0/0
[FW_B-GigabitEthernet2/0/0] vrrp vrid 1 virtual-ip 10.1.1.111
[FW_B-GigabitEthernet2/0/0] quit
3. Configure HSB.
# Configure HSB service 0 on FW_A and FW_B, and configure the IP addresses and port numbers for the active and standby channels.
[FW_A] hsb-service 0
[FW_A-hsb-service-0] service-ip-port local-ip 192.168.1.1 peer-ip 192.168.1.2 local-data-port 10241 peer-data-port 10241
[FW_A-hsb-service-0] quit
[FW_B] hsb-service 0
[FW_B-hsb-service-0] service-ip-port local-ip 192.168.1.2 peer-ip 192.168.1.1 local-data-port 10241 peer-data-port 10241
[FW_B-hsb-service-0] quit
# Configure HSB group 0 on FW_A and bind HSB service 0 and VRRP group 1 to it. The configuration of FW_B is similar to that of FW_A, and is not mentioned here.
[FW_A] hsb-group 0
[FW_A-hsb-group-0] bind-service 0
[FW_A-hsb-group-0] track vrrp vrid 1 interface gigabitethernet 2/0/0
# Enable HSB on FW_A and FW_B to make the HSB group configuration take effect.
[FW_A-hsb-group-0] hsb enable
[FW_B-hsb-group-0] hsb enable

Other related questions:
Principles of HSB
Does an AR support HSB
If you have more questions, you can seek help from following ways:
To iKnow To Live Chat To Google
Scroll to top