As shown in the figure, the USG6330 (V100R001) is connected to the upstream LSW2 (no VLAN is configured), and LSW2 is connected to two upstream routers, AR1 and AR2. The LAN interface IP addresses of AR1 and AR2 are repectively 192.168.2.4 and 192.168.2.5. The WAN interface (dedicated line) IP addresses of them are respectively 184.108.40.206 and 220.127.116.11.
AR1 and AR2 connect to LSW1 on the other end. LSW1 and AR1 are added to VLAN2, and the Vlanif2 IP address is 18.104.22.168. LSW1 and AR2 are added to VLAN3, and the Vlanif3 IP address is 22.214.171.124. LSW1 and the intranet PC are added to VLAN1, and the Vlanif1 IP address is 126.96.36.199. The IP address of the intranet PC is 188.8.131.52, and the gateway address is 184.108.40.206.
The customer requires that the following requirements be satisfied:
1. In normal cases, traffic passing through FW1 is forwarded by AR1 at 192.168.2.4 to access the PC at 220.127.116.11.
2. When the FW1-AR1-LSW1 link is disconnected, traffic can be switched to the FW1-AR2-LSW1 link.
The FW1 configuration is as follows:
ip address 192.168.2.1 255.255.255.0
ip-link 1 destination 18.104.22.168 mode icmp
ip route-static 0.0.0.0 0.0.0.0 192.168.2.4 track ip-link 1
ip route-static 0.0.0.0 0.0.0.0 192.168.2.5 preference 61
firewall packet-filter default permit interzone local untrust direction inbound
firewall packet-filter default permit interzone local untrust direction outbound
1. If IP-link is not configured and FW1 connects only to AR1 (AR2 is disconnected), the ping connection to 22.214.171.124 is reachable.
2. If IP-link is not configured and FW1 connects only to AR2 (AR1 is disconnected), the ping connection to 126.96.36.199 is reachable.
3. After IP-link is configured on the firewall, the IP-link status alternates between UP and DOWN, and ping packets to 188.8.131.52 are discarded.
4. The route 0.0.0.0/0 Static 60 0 RD 192.168.2.4 is intermittently unavailable in the routing table.