⑧RBM（主备/主主）-二层部署案例

华三的RBM（Routing and Bridging Module）是一种二层网络组网技术，它结合了路由和桥接的功能，旨在实现更灵活和高效的网络通信。RBM技术可以实现对数据包的路由和转发，同时具备数据包的桥接功能，为组织构建更为弹性和可靠的网络提供了可能。

在华三RBM二层组网中，网络设备利用交换机之间的链路来建立网络连接，交换机之间通过二层协议进行通信和转发数据包。RBM技术可以帮助网络管理员更方便地管理网络设备，提高网络性能和可靠性。

总的来说，华三RBM二层组网技术结合了路由和桥接的优势，能够提供更灵活、高效和可靠的网络通信解决方案，适用于各种规模的网络环境。

1、RBM二层主备

1、二层主备RBM+VLAN （主备）

主设备配置

接口配置

interface GigabitEthernet1/0/1

port link-mode bridge

port access vlan 10

combo enable copper

interface GigabitEthernet1/0/2

port link-mode bridge

port access vlan 10

combo enable copper

防火墙区域对应的接口

security-zone name Local

security-zone name Trust

import interface GigabitEthernet1/0/2 vlan 10

security-zone name DMZ

security-zone name Untrust

import interface GigabitEthernet1/0/1 vlan 10

security-zone name Management

防火墙RBM配置

remote-backup group

data-channel interface GigabitEthernet1/0/3

configuration sync-check interval 12

delay-time 3

track vlan 10

local-ip 10.100.2.1

remote-ip 10.100.2.2

device-role primary

备设备配置

interface GigabitEthernet1/0/1

port link-mode bridge

port access vlan 10

combo enable copper

interface GigabitEthernet1/0/2

port link-mode bridge

port access vlan 10

combo enable copper

security-zone name Local

security-zone name Trust

import interface GigabitEthernet1/0/2 vlan 10

security-zone name DMZ

security-zone name Untrust

import interface GigabitEthernet1/0/1 vlan 10

security-policy ip

rule 0 name trust-untrust

action pass

source-zone trust

destination-zone untrust

remote-backup group

data-channel interface GigabitEthernet1/0/3

configuration sync-check interval 12

delay-time 2

track 10

local-ip 10.100.2.2

remote-ip 10.199.2.1

device-role secondary

2、RBM二层主主

2、二层主备RBM+VLAN （主主）

主设备配置

interface GigabitEthernet1/0/1

port link-mode bridge

port access vlan 10

combo enable copper

interface GigabitEthernet1/0/2

port link-mode bridge

port access vlan 10

combo enable copper

security-zone name Local

security-zone name Trust

import interface GigabitEthernet1/0/2 vlan 10

security-zone name DMZ

security-zone name Untrust

import interface GigabitEthernet1/0/1 vlan 10

security-zone name Management

remote-backup group

backup-mode dual-active

data-channel interface GigabitEthernet1/0/3

configuration sync-check interval 12

delay-time 3

track vlan 10

local-ip 10.100.2.1

remote-ip 10.100.2.2

device-role primary

主设备配置

interface GigabitEthernet1/0/1

port link-mode bridge

port access vlan 10

combo enable copper

interface GigabitEthernet1/0/2

port link-mode bridge

port access vlan 10

combo enable copper

security-zone name Local

security-zone name Trust

import interface GigabitEthernet1/0/2 vlan 10

security-zone name DMZ

security-zone name Untrust

import interface GigabitEthernet1/0/1 vlan 10

security-policy ip

rule 0 name trust-untrust

action pass

source-zone trust

destination-zone untrust

remote-backup group

backup-mode dual-active

data-channel interface GigabitEthernet1/0/3

configuration sync-check interval 12

delay-time 2

track 10

local-ip 10.100.2.2

remote-ip 10.199.2.1

device-role primary