Configure VRRP on an AR router and connect the router to a firewall for external network access

19

The roadmap of configuring VRRP on an AR router and connecting the router to a firewall for external network access is as follows:
1. Configure VRRP on an AR router to implement two-node backup, and configure a virtual IP address.
2. Add the Layer 2 interface of a firewall on the intranet side to the same VLAN, and configure a VLANIF address.
3. Add the physical interface and VLANIF interface of the firewall to a security zone, and configure an inter-zone policy.
4. Configure the next hop for the route from the firewall to the intranet as a VRRP virtual IP address so that a normal link can be switched over to if an active link is interrupted.
For details about the configuration, see the URL: Example for Connecting the AR to the Firewall Through VRRP.

Other related questions:
Example of configuring VRRP active/standby backup on an AR router
The roadmap of configuring VRRP active/standby backup on an AR router to implement gateway redundancy is as follows: 1. Configure IP addresses and routing protocols for different device interfaces to enable network-layer connection among different devices. 2. Configure a VRRP group on Router A and Router B, respectively. Configure a high priority and set preemption delay to 20s on Router A and configure Router A as a master device to bear and forward traffic. Configure a low priority and configure Router B as a backup device to implement gateway redundancy. Configure a VRRP group. # Create VRRP 1 on Router A, set its priority to 120, and set the preemption delay to 20s. [RouterA] interface gigabitethernet 2/0/0 [RouterA-GigabitEthernet2/0/0] vrrp vrid 1 virtual-ip 10.1.1.111 //Configure a virtual IP address. [RouterA-GigabitEthernet2/0/0] vrrp vrid 1 priority 120 //Set priority to 120. [RouterA-GigabitEthernet2/0/0] vrrp vrid 1 preempt-mode timer delay 20 //Set the preemption delay to 20s. [RouterA-GigabitEthernet2/0/0] quit # Create VRRP 1 on Router B, and set its priority to a default value 100. [RouterB] interface gigabitethernet 2/0/0 [RouterB-GigabitEthernet2/0/0] vrrp vrid 1 virtual-ip 10.1.1.111 [RouterB-GigabitEthernet2/0/0] quit For details about the configuration, see the URL: Example for Configuring a VRRP Group in Active/Standby Mode.

Configure NAT on the AR router to enable external users to access the internal server
The NAT server can be configured on a Huawei AR router to enable external users to access internal servers. A company's network provides the web server for external users. The web server uses internal IP address 192.168.20.2/24 and port 8080. The web server's IP address advertised to external users is 202.169.10.5/24, and external users are on the network segment 202.169.10.2/24. The configuration details are as follows: 1. Assign IP addresses to interfaces on the router. [Huawei] vlan 100 [Huawei-vlan100] quit [Huawei] interface vlanif 100 [Huawei-Vlanif100] ip address 192.168.20.1 24 [Huawei-Vlanif100] quit [Huawei] interface ethernet 2/0/0 [Huawei-Ethernet2/0/0] port link-type access [Huawei-Ethernet2/0/0] port default vlan 100 [Huawei-Ethernet2/0/0] quit [Huawei] interface gigabitethernet 3/0/0 [Huawei-GigabitEthernet3/0/0] ip address 202.169.10.1 24 [Huawei-GigabitEthernet3/0/0] quit 2. Configure a default route on the router and specify the next hop address as 202.169.10.2 [Huawei] ip route-static 0.0.0.0 0.0.0.0 202.169.10.2 3. Configure the NAT server on Gigabitethernet 3/0/0 of the router to allow external users to access internal servers. [Huawei] interface gigabitethernet 3/0/0 [Huawei-GigabitEthernet3/0/0] nat server protocol tcp global 202.169.10.5 www inside 192.168.20.2 8080 [Huawei-GigabitEthernet3/0/0] quit

Does the AR router support web NMS access through an external network?
The AR router supports web NMS access through an external network.

AR router support for the VRRP feature
AR router support for the VRRP feature: All AR routers support VRRP. At present, there is no difference between AR router support for VRRP.

If you have more questions, you can seek help from following ways:
To iKnow To Live Chat
Scroll to top