Chapter 25 Device HA

Virtual Router and Management IP Addresses

If a backup takes over for the master, it uses the master’s IP addresses. These IP addresses are know as the virtual router IP addresses.

Each interface can also have a management IP address. You can connect to this IP address to manage the ZyWALL regardless of whether it is the master or the backup.

25.4Active-Passive Mode Device HA Commands

The following table identifies the values required for many of these commands. Other input values are discussed with the corresponding commands.

Table 125 Input Values for device-ha Commands

LABELDESCRIPTION

interface_name The name of the interface. This depends on the ZyWALL model.

For the ZyWALL USG 300 and above, use gex, x = 1 ~ N, where N equals the highest numbered Ethernet interface for your ZyWALL model.

For the ZyWALL USG 200 and below, use a name such as wan1, wan2, opt, lan1, ext- wlan, or dmz.

Besides, in HA AP mode, the interface can also be a bridge interface.

In HA Legacy mode, the interface can also be a VLAN interface.

The following sections list the device-hacommands.

25.4.1 Active-Passive Mode Device HA Commands

This table lists the commands for configuring active-passive mode device HA.

Table 126 device-ha ap-mode Commands

COMMAND

DESCRIPTION

[no] device-ha ap-mode preempt

Turn on preempt if this ZyWALL should become the master ZyWALL if a

 

lower-priority ZyWALL is the master when this ZyWALL is enabled.

 

 

device-ha ap-mode role {masterbackup}

Sets the ZyWALL to be the master or a backup in the virtual router.

device-ha ap-mode cluster-id <1..32>

Sets the cluster ID number. A virtual router consists of a master ZyWALL

 

and all of its backup ZyWALLs. If you have multiple ZyWALL virtual routers

 

on your network, use a different cluster ID for each virtual router.

 

 

device-ha ap-mode priority <1..254>

Sets backup ZyWALL’s priority. The backup ZyWALL with the highest value

 

takes over the role of the master ZyWALL if the master ZyWALL becomes

 

unavailable. The priority must be between 1 and 254. (The master interface

 

has priority 255.)

 

 

[no] device-ha ap-mode authentication

Sets the authentication method the virtual router uses. Every interface in a

{string key ah-md5 key}

virtual router must use the same authentication method and password. The

 

no command disables authentication.

 

string: Use a plain text password for authentication. key - Use up to eight

 

characters including alphanumeric characters, the underscore, and some

 

punctuation marks (+-/*= :; .! @$&%#~ ‘ \ () ).

 

ah-md5: Use an encrypted MD5 password for authentication. key - Use up

 

to eight characters including alphanumeric characters, the underscore, and

 

some punctuation marks (+-/*= :; .! @$&%#~ ‘ \ () ).

 

 

 

223

ZyWALL (ZLD) CLI Reference Guide