Loading...

Cấu hình cơ bản juniper srx và cách khắc phục sự cố

Link dưới đây tổng hợp đầy đủ các cấu hình cơ bản trên thiết bị Juniper SRX seri cũng như cách kiểm tra khắc phục khi xảy ra sự cố:

https://kb.juniper.net/InfoCenter/index?page=content&id=KB15694&actp=METADATA

Ví dụ về cấu hình PPPoE cho router internet SRX:

 

- Khai báo user và các service:


system {
    host-name SRX-VNE;
    time-zone GMT+7;
    root-authentication {
        encrypted-password "$1$aRJ1l5Sq$3KhHTLdXhfvCDxPaiqpLE1";
    }
    name-server {
        208.67.222.222;
        208.67.220.220;
    }
    login {
        user admin {
            uid 2000;
            class super-user;
            authentication {
                encrypted-password "$1$LXqZZiK4$rGYgMDpbBN.G1ffLRQ6RN1";
            }
        }
    }
    services {
        ssh {
            protocol-version v2;
        }
        telnet;
        netconf {
            ssh;
        }
        web-management {
            http {
                interface irb.1;
            }
            https {
                system-generated-certificate;
            }
            session {
                idle-timeout 60;
            }
        }
        dhcp {
            pool 192.168.110.0/24 {
                address-range low 192.168.110.2 high 192.168.110.254;
                router {
                    192.168.110.1;
                }
            }
            pool 192.168.111.0/24 {
                address-range low 192.168.111.2 high 192.168.111.254;
                router {
                    192.168.111.1;
                }
            }
            propagate-ppp-settings pp0.0;
        }
    }

- Khai báo interface cho PPPoE và vlan local:

interfaces {
    fe-0/0/5 {
        unit 0 {
            encapsulation ppp-over-ether;
        }
    }
    fe-0/0/1 {
        unit 0 {
            family ethernet-switching {
                vlan {
                    members vlan1;
                }
            }
        }
    }
    pp0 {
        unit 0 {
            apply-macro Startup_Connection;
            ppp-options {
                pap {
                    local-name Vnexperts.vn;
                    local-password "$9$jjq5Qp0IrKMO1xN-d4oTzFntO";
                    passive;
                }
            }
            pppoe-options {
                underlying-interface fe-0/0/5.0;
            }
            family inet {
                negotiate-address;
                mtu 1492;   
            }
        }
    }
    vlan {
        unit 1 {
            family inet {
                address 192.168.110.1/24;
            }
        }
        unit 3 {
            family inet {
                address 192.168.111.1/24;
            }
        }
    }
}
vlans {
    vlan1 {
        vlan-id 1;
        l3-interface vlan.1;
    }
    vlan3 {
        vlan-id 3;
        l3-interface vlan.3;
    }
}

- Cấu hình default route:

routing-options {
    static {
        route 0.0.0.0/0 {
            qualified-next-hop pp0.0 {
                metric 1;
            }
        }
    }
}

- Cấu hình NAT, Policy ra internet:

security {
    nat {
        source {
            rule-set nsw_srcnat {
                from zone Internal;
                to zone Internet;
                rule nsw-src-interface {
                    match {
                        source-address 0.0.0.0/0;
                        destination-address 0.0.0.0/0;
                    }
                    then {
                        source-nat {
                            interface;
                        }
                    }
                }
            }
        }
    policies {
        from-zone Internal to-zone Internet {
            policy All_Internal_Internet {
                match {
                    source-address any;
                    destination-address any;
                    application any;
                }
                then {
                    permit;
                }
            }
        }
        from-zone Internet to-zone Internal {
            policy server-access {
                match {
                    source-address any;
                    destination-address server-1;
                    application any;
                }
                then {
                    permit;
                }
            }
        }
    }
    zones {
        security-zone Internal {
            interfaces {
                irb.1 {
                    host-inbound-traffic {
                        system-services {
                            ping;
                            dhcp;
                        }
                    }
                }
            }
        }
        security-zone Internet {
            interfaces {
                pp0.0 {
                    host-inbound-traffic {
                        system-services {
                            ping;
                        }
                    }
                }
            }
        }
    }
}

(tổng hợp)

 

 

Comments

No posts found

New post


Liên hệThỏa thuận sử dụng | Chính sách bảo mật