Sebelum mengkonfigurasi device srx langkah awal yang harus di lakukan adalah men-disable fungsi Switching SRX240 sebelum mengkonfigurasi cluster, caranya dapat di lihat pada link di bawah ini:
Langkah selanjutnya adalah menghubungkan secara fisik kedua device srx pada interface ge0/0/0 pada kedua device SRX240. Cara mengaktifkan cluster HA adalah sebagai berikut:
> set chassis cluster cluster-id <0-15> node <0-1> reboot
contoh:
On device A: >set chassis cluster cluster-id 1 node 0 reboot
On device B: >set chassis cluster cluster-id 1 node 1 reboot
Setelah reboot maka interface Gigabit Ethernet pada device B berubah dari Ge-0/0/x menjadi Ge-15/0/x.
Untuk langkah selanjutnya hanya dilakukan pada device A karena konfigurasi akan otomatis tersimpan juga didalam device B.
Set konfigurasi untuk host names dan management IP addresses. Hal ini cukup dengan menggunakan perintah di bawah ini dan hanya di lakukan pada device A (primary node):
On device A:
{primary:node0}
# set group node0 system host-name <name-node0> -Device A’s host name
# set group node0 interfaces fxp0 unit 0 family inet address <ip address/mask> -Device A’s management IP address on fxp0 interface
# set group node1 system host-name <name-node1> -Device B’s host name
# set group node1 interfaces fxp0 unit 0 family inet address <ip address/mask -Device B’s management IP address on fxp0 interface
Membuat FAB links (data plane links for RTO sync, etc):
On device A:
{primary:node0}
# set interfaces fab0 fabric-options member-interfaces ge-0/0/2 -fab0 is node0 (Device A) interface for the data link
# set interfaces fab1 fabric-options member-interfaces ge-5/0/2 -fab1 is node1 (Device B) interface for the data link
Redundancy Group 0 untuk Routing Engine failover. Dan juga Redundancy Group 1 (semua interfaces berada di dalam satu Redundancy Group) untuk mendifine redudancy properties for the Reth interfaces.
On device A:
{primary:node0}
# set chassis cluster redundancy-group 0 node 0 priority 100
# set chassis cluster redundancy-group 0 node 1 priority 1
# set chassis cluster redundancy-group 1 node 0 priority 100
# set chassis cluster redundancy-group 1 node 1 priority 1
Interface monitoring untuk Monitoring status dari interfaces.
Note: interface monitoring tidak di rekomendasikan untuk redundancy-group 0.
On device A:
{primary:node0}
# set chassis cluster redundancy-group 1 interface-monitor ge-0/0/5 weight 255
# set chassis cluster redundancy-group 1 interface-monitor ge-5/0/5 weight 255
# set chassis cluster redundancy-group 1 interface-monitor ge-0/0/6 weight 255
# set chassis cluster redundancy-group 1 interface-monitor ge-5/0/6 weight 255
Set Redundant Ethernet interfaces (Reth interface) dan masukkan Redundant interface ke dalam sebuah zone:
On device A:
{primary:node0}
# set chassis cluster reth-count 2
# set interfaces ge-0/0/5 gigether-options redundant-parent reth1 -for first interface in the group (on Device A)
# set interfaces ge-5/0/5 gigether-options redundant-parent reth1 -for second interface in the group (on Device B)
# set interfaces reth1 redundant-ether-options redundancy-group 1 -set up redundancy group for interfaces
# set interfaces reth1 unit 0 family inet address 1.2.0.233/24
# set interfaces ge-0/0/6 gigether-options redundant-parent reth0 -for first interface in the group (on Device A)
# set interfaces ge-5/0/6 gigether-options redundant-parent reth0 -for second interface in the group (on Device B)
# set interfaces reth0 redundant-ether-options redundancy-group 1 -set up redundancy group for interfaces
# set interfaces reth0 unit 0 family inet address 10.16.8.1/24
# set security zones security-zone untrust interfaces reth1.0
# set security zones security-zone trust interfaces reth0.0
Commit dan Semua konfigurasi juga akan tersimpan dalam Secondary Node, Device B.
On device A:
{primary:node0}
# commit
Check cluster status:
show chassis cluster status
show chassis cluster interfaces
show chassis cluster statistics
show chassis cluster control-plane statistics
show chassis cluster data-plane statistics
show chassis cluster status redundancy-group <rg number>
Berikut ini adalah hasil konfigurasi dari topologi paling atas:
root@node0# run show configuration | display set | no-more
set version 10.4R8.5
set groups node0 system host-name node0
set groups node0 interfaces fxp0 unit 0 family inet address 1.1.1.1/24
set groups node1 system host-name node1
set groups node1 interfaces fxp0 unit 0 family inet address 1.1.1.2/24
set apply-groups “${node}”
set system root-authentication encrypted-password “$1$l2uL8gmO$UhK4WdsDSJ2DcmLJ7L6VR0”
set system syslog archive size 100k
set system syslog archive files 3
set system syslog user * any emergency
set system syslog file messages any critical
set system syslog file messages authorization info
set system syslog file interactive-commands interactive-commands error
set system max-configurations-on-flash 5
set system max-configuration-rollbacks 5
set system license autoupdate url https://ae1.juniper.net/junos/key_retrieval
set chassis cluster reth-count 2
set chassis cluster redundancy-group 0 node 0 priority 100
set chassis cluster redundancy-group 0 node 1 priority 1
set chassis cluster redundancy-group 1 node 0 priority 100
set chassis cluster redundancy-group 1 node 1 priority 1
set chassis cluster redundancy-group 1 interface-monitor ge-0/0/4 weight 255
set chassis cluster redundancy-group 1 interface-monitor ge-5/0/4 weight 255
set chassis cluster redundancy-group 1 interface-monitor ge-0/0/5 weight 255
set chassis cluster redundancy-group 1 interface-monitor ge-5/0/5 weight 255
set interfaces ge-0/0/4 gigether-options redundant-parent reth1
set interfaces ge-0/0/5 gigether-options redundant-parent reth0
set interfaces ge-5/0/4 gigether-options redundant-parent reth1
set interfaces ge-5/0/5 gigether-options redundant-parent reth0
set interfaces fab0 fabric-options member-interfaces ge-0/0/2
set interfaces fab1 fabric-options member-interfaces ge-5/0/2
set interfaces reth0 redundant-ether-options redundancy-group 1
set interfaces reth0 unit 0 family inet address 2.2.2.1/24
set interfaces reth1 redundant-ether-options redundancy-group 1
set interfaces reth1 unit 0 family inet address 1.1.1.1/24
set protocols stp
set security policies from-zone trust to-zone untrust policy trust-to-untrust match source-address any
set security policies from-zone trust to-zone untrust policy trust-to-untrust match destination-address any
set security policies from-zone trust to-zone untrust policy trust-to-untrust match application any
set security policies from-zone trust to-zone untrust policy trust-to-untrust then permit
set security policies from-zone untrust to-zone trust policy untrust-to-trust match source-address any
set security policies from-zone untrust to-zone trust policy untrust-to-trust match destination-address any
set security policies from-zone untrust to-zone trust policy untrust-to-trust match application any
set security policies from-zone untrust to-zone trust policy untrust-to-trust then permit
set security zones security-zone untrust interfaces reth1.0
set security zones security-zone trust interfaces reth0.0
Tri [ Net Camp ] 
Posted on April 11, 2012
0