Juniper防火牆AP全網狀NSRP配置實例

以下爲Juniper ISG-2000防火牆相關配置：

一、物理接口配置情況：

NS2000_M(M)-> get int

A - Active, I - Inactive, U - Up, D - Down, R - Ready

Interfaces in vsys Root:
Name           IP Address                        Zone        MAC            VLAN State VSD
mgt            192.168.1.1/24                    MGT         0010.dbbf.0c80    -   D   -
eth1/1         0.0.0.0/0                         Untrust     0010.dbff.4070    -   U   0
eth1/2         0.0.0.0/0                         Untrust     0010.dbff.4080    -   U   0
eth2/1         0.0.0.0/0                         Trust       0010.dbff.4150    -   U   0
eth2/2         0.0.0.0/0                         Trust       0010.dbff.4160    -   U   0
eth3/1         10.243.213.9/29                   DMZ         0010.dbff.41d0    -   U   0
eth3/2         0.0.0.0/0                         Null        0010.dbff.41e0    -   D   0
eth4/1         0.0.0.0/0                         HA          0010.dbbf.0ca5    -   U   -
eth4/2         0.0.0.0/0                         HA          0010.dbbf.0ca6    -   U   -
eth4/3         0.0.0.0/0                         Null        0010.dbff.4270    -   D   0
eth4/4         0.0.0.0/0                         IDP         0010.dbff.4280    -   U   0
eth4/4.200     10.243.210.142/28                 IDP         0010.dbff.4280 200   U   0
red1           10.243.213.1/29                   Trust       0010.dbff.4400    -   U   0
red2           10.243.209.17/29                  Untrust     0010.dbff.4410    -   U   0
vlan1          0.0.0.0/0                         VLAN        0010.dbff.40f0    1   D   0
null           0.0.0.0/0                         Null        N/A               -   U   0

NS2000_B(B)-> get int

A - Active, I - Inactive, U - Up, D - Down, R - Ready

Interfaces in vsys Root:
Name           IP Address                        Zone        MAC            VLAN State VSD
mgt            192.168.1.1/24                    MGT         0010.dbbf.0c00    -   D   -
eth1/1         0.0.0.0/0                         Untrust     0010.dbff.4070    -   I   0
eth1/2         0.0.0.0/0                         Untrust     0010.dbff.4080    -   I   0
eth2/1         0.0.0.0/0                         Trust       0010.dbff.4150    -   I   0
eth2/2         0.0.0.0/0                         Trust       0010.dbff.4160    -   I   0
eth3/1         10.243.213.9/29                   DMZ         0010.dbff.41d0    -   I   0
eth3/2         0.0.0.0/0                         Null        0010.dbff.41e0    -   I   0
eth4/1         0.0.0.0/0                         HA          0010.dbbf.0c25    -   U   -
eth4/2         0.0.0.0/0                         HA          0010.dbbf.0c26    -   U   -
eth4/3         0.0.0.0/0                         Null        0010.dbff.4270    -   I   0
eth4/4         0.0.0.0/0                         IDP         0010.dbff.4280    -   I   0
eth4/4.200     10.243.210.142/28                 IDP         0010.dbff.4280 200   I   0
red1           10.243.213.1/29                   Trust       0010.dbff.4400    -   I   0
red2           10.243.209.17/29                  Untrust     0010.dbff.4410    -   I   0
vlan1          0.0.0.0/0                         VLAN        0010.dbff.40f0    1   I   0
null           0.0.0.0/0                         Null        N/A               -   U   0

二、HA配置

NS2000_M(M)-> get config | in ethernet4/1
set interface "ethernet4/1" zone "HA"
NS2000_M(M)-> get config | in ethernet4/2
set interface "ethernet4/2" zone "HA"

NS2000_B(B)-> get config | in ethernet4/1
set interface "ethernet4/1" zone "HA"
NS2000_B(B)-> get config | in ethernet4/2
set interface "ethernet4/2" zone "HA"

三、冗餘接口配置

NS2000_M(M)-> get config | in redundant1
set interface id 64 "redundant1" zone "Trust"
set interface ethernet2/1 group redundant1
set interface ethernet2/2 group redundant1
set interface redundant1 ip 10.243.213.1/29
set interface redundant1 route
set interface redundant1 manage-ip 10.243.213.2
unset interface redundant1 ip manageable

NS2000_B(B)-> get config | in redundant1
set interface id 64 "redundant1" zone "Trust"
set interface ethernet2/1 group redundant1
set interface ethernet2/2 group redundant1
set interface redundant1 ip 10.243.213.1/29
set interface redundant1 route
set interface redundant1 manage-ip 10.243.213.3
unset interface redundant1 ip manageable

四、NSRP配置

NS2000_M(M)-> get config | in nsrp
set nsrp cluster id 2
set nsrp rto-mirror sync
set nsrp rto-mirror session ageout-ack
set nsrp vsd-group id 0 priority 50
set nsrp vsd-group id 0 preempt hold-down 1
set nsrp monitor interface redundant1
set nsrp monitor interface redundant2
set nsrp monitor interface ethernet3/1
set nsrp ha-link probe

NS2000_B(B)-> get config | in nsrp
set nsrp cluster id 2
set nsrp rto-mirror sync
set nsrp rto-mirror session ageout-ack
set nsrp vsd-group id 0 priority 100
set nsrp monitor interface redundant1
set nsrp monitor interface redundant2
set nsrp monitor interface ethernet3/1
set nsrp ha-link probe

以下爲華爲交換機S8512相關配置：

一、VLAN配置情況

<S8512_1>disp vlan 80
VLAN ID: 80
VLAN Type: static
Route Interface: configured
IP Address: 10.243.213.4
Subnet Mask: 255.255.255.248
Description: NetScreen
Name: VLAN 0080
Tagged   Ports:
      GigabitEthernet5/1/24   GigabitEthernet8/1/22
Untagged Ports:
      GigabitEthernet5/1/23   GigabitEthernet8/1/21

<S8512_2>disp vlan 80
VLAN ID: 80
VLAN Type: static
Route Interface: configured
IP Address: 10.243.213.5
Subnet Mask: 255.255.255.248
Description: VLAN 0080
Name: VLAN 0080
Tagged   Ports:
      GigabitEthernet5/1/24   GigabitEthernet8/1/22
Untagged Ports:
      GigabitEthernet5/1/23   GigabitEthernet8/1/21

二、VLAN起三層接口配置情況

<S8512_1>disp cur | be interface Vlan-interface80
interface Vlan-interface80
description NetScreen
ip address 10.243.213.4 255.255.255.248
vrrp vrid 80 virtual-ip 10.243.213.6
vrrp vrid 80 priority 200
vrrp vrid 80 preempt-mode timer delay 3

<S8512_2>disp cur | be interface Vlan-interface80
interface Vlan-interface80
description NetScreen
ip address 10.243.213.5 255.255.255.248
vrrp vrid 80 virtual-ip 10.243.213.6
vrrp vrid 80 preempt-mode timer delay 3

三、VLAN TRUNK透傳配置情況

<S8512_1>disp cur | be GigabitEthernet5/1/24
interface GigabitEthernet5/1/24
description to GZ_S8512_YZ_2
speed 1000
duplex full
port link-type trunk
port trunk permit vlan all
port link-aggregation group 1

<S8512_1>disp cur | be GigabitEthernet8/1/22
interface GigabitEthernet8/1/22
description to GZ_S8512_YZ_2
speed 1000
duplex full
port link-type trunk
port trunk permit vlan all
port link-aggregation group 1

<S8512_2>disp cur | be GigabitEthernet5/1/24
interface GigabitEthernet5/1/24
description to GZ_S8512_YZ_1
speed 1000
duplex full
port link-type trunk
port trunk permit vlan all
port link-aggregation group 1

<S8512_2>disp cur | be GigabitEthernet8/1/22
interface GigabitEthernet8/1/22
description to GZ_S8512_YZ_1
speed 1000
duplex full
port link-type trunk
port trunk permit vlan all
port link-aggregation group 1

<S8512_1>disp cur | be interface GigabitEthernet5/1/23
interface GigabitEthernet5/1/23
description to ISG2000
port access vlan 80
<S8512_1>disp cur | be interface GigabitEthernet8/1/21
interface GigabitEthernet8/1/21
description to ISG2000
port access vlan 80
-----------------------------------------
<S8512_2>disp cur | be interface GigabitEthernet5/1/23
interface GigabitEthernet5/1/23
description to ISG2000
port access vlan 80
<S8512_2>disp cur | be interface GigabitEthernet8/1/21
interface GigabitEthernet8/1/21
description to ISG2000
port access vlan 80

Juniper防火牆AP全網狀NSRP配置實例

我的友情鏈接

H3C交換機S5500策略路由配置

我的友情鏈接

Juniper防火牆AP全網狀NSRP配置實例

H3C交換機S5500策略路由配置

Mac下配置sublime實現LaTeX

https://yachay.unat.edu.pe/blog/index.php?comment_area=format_blog&comment_component=blog&comment_co

linux以太網驅動總結