root
Well-Known Member
I. Mô hình
- Mô hình
- Yêu cầu
1. Cấu hình IP cho Router Juniper
- Kiểm tra lại cấu hình vừa rồi
Hoặc
- Router ping ra internet chưa thành công. Vì chưa thực hiện định tuyến
- Cấu hình default Route trên Router Juniper
- Kiếm tra bảng định tuyến
- Và Router ping ra internet thành công
- PC và Router ping lẫn nhau chưa được. Vì int ge-0/0/0 được thuộc vùng trust nên không cho phép ping.
- Cấu hình interface ge-0/0/1 vào zone INSIDE (do bạn tự đặt tên) và cho phép ping
- Kiểm tra zones
- Như vầy PC và Router có thể ping lẫn nhau
- Mô hình
- Các PC trong LAN ping được tới Router Juniper
- Router Juniper cấu hình default route để ping được ra internet
- PC trong LAN truy cập internet thành công
1. Cấu hình IP cho Router Juniper
| // Đặt tên cho Router root> configure root#set system host-name svuit-vSRX // Cấu hình IP interface ge-0/0/0 root@svuit-vSRX#set interfaces ge-0/0/0 unit 0 family inet address 172.16.1.200/24 // Cấu hình IP interface ge-0/0/1 root@svuit-vSRX#set interfaces ge-0/0/1 unit 0 family inet address 192.168.10.254/24 root@svuit-vSRX#commit |
Code:
[COLOR=#ff0000][B]root@svuit-vSRX# show interfaces[/B][/COLOR]
[COLOR=#ff0000][B]ge-0/0/0[/B][/COLOR] {
unit 0 {
family inet {
[COLOR=#ff0000][B] address 172.16.1.200/24;[/B][/COLOR]
}
}
}
[COLOR=#ff0000][B]ge-0/0/1[/B][/COLOR] {
unit 0 {
family inet {
[COLOR=#ff0000] address 192.168.10.254/24;[/COLOR]
}
}
}
[edit]
Code:
[COLOR=#ff0000][B]root@[/B][/COLOR][COLOR=#ff0000][B]svuit-vSRX[/B][/COLOR][COLOR=#ff0000][B]# run show interfaces terse[/B][/COLOR]
Interface Admin Link Proto Local Remote
ge-0/0/0 up up
[B][COLOR=#ff0000]ge-0/0/0.0 up up inet 172.16.1.200/24[/COLOR][/B]
gr-0/0/0 up up
ip-0/0/0 up up
lsq-0/0/0 up up
lt-0/0/0 up up
mt-0/0/0 up up
sp-0/0/0 up up
sp-0/0/0.0 up up inet
inet6
sp-0/0/0.16383 up up inet 10.0.0.1 --> 10.0.0.16
10.0.0.6 --> 0/0
128.0.0.1 --> 128.0.1.16
128.0.0.6 --> 0/0
ge-0/0/1 up up
[COLOR=#ff0000][B]ge-0/0/1.0 up up inet 192.168.10.254/24[/B][/COLOR]
dsc up up
gre up up
ipip up up
irb up up
lo0 up up
lo0.16384 up up inet 127.0.0.1 --> 0/0
lo0.16385 up up inet 10.0.0.1 --> 0/0
10.0.0.16 --> 0/0
128.0.0.1 --> 0/0
128.0.0.4 --> 0/0
128.0.1.16 --> 0/0
lo0.32768 up up
lsi up up
mtun up up
pimd up up
pime up up
pp0 up up
ppd0 up up
ppe0 up up
st0 up up
tap up up
vlan up down
[edit]
Code:
[COLOR=#ff0000][B]root@[/B][/COLOR][B]svuit-vSRX[/B][COLOR=#ff0000][B]# run ping 8.8.8.8[/B][/COLOR]
PING 8.8.8.8 (8.8.8.8): 56 data bytes
ping: sendto: No route to host
ping: sendto: No route to host
ping: sendto: No route to host
ping: sendto: No route to host
ping: sendto: No route to host
^C
--- 8.8.8.8 ping statistics ---
5 packets transmitted, 0 packets received, 100% packet loss
[edit]
root@Juniper#| root@svuit-vSRX# set routing-options static route 0.0.0.0/0 next-hop 172.16.1.254 root@svuit-vSRX#commit |
Code:
root@[B]svuit-vSRX[/B]# [B][COLOR=#ff0000]show routing-options[/COLOR][/B]
static {
[COLOR=#ff0000] route 0.0.0.0/0 next-hop 172.16.1.254;[/COLOR]
}
[edit]
Code:
root@[B]svuit-vSRX[/B]#[COLOR=#ff0000][B] run show route[/B][/COLOR]
inet.0: 5 destinations, 5 routes (5 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
[COLOR=#ff0000]0.0.0.0/0[/COLOR] *[Static/5] 00:29:47
> [COLOR=#ff0000]to 172.16.1.254 via ge-0/0/0.0[/COLOR]
172.16.1.0/24 *[Direct/0] 00:37:20
> via ge-0/0/0.0
172.16.1.200/32 *[Local/0] 00:37:20
Local via ge-0/0/0.0
192.168.10.0/24 *[Direct/0] 02:02:46
> via ge-0/0/1.0
192.168.10.254/32 *[Local/0] 02:02:46
Local via ge-0/0/1.0
[edit]
Code:
[B][COLOR=#ff0000]root@[/COLOR][/B][B]svuit-vSRX[/B][B][COLOR=#ff0000]# run ping 8.8.8.8[/COLOR][/B]
PING 8.8.8.8 (8.8.8.8): 56 data bytes
64 bytes from 8.8.8.8: icmp_seq=0 ttl=49 time=72.780 ms
64 bytes from 8.8.8.8: icmp_seq=1 ttl=50 time=64.434 ms
^C
--- 8.8.8.8 ping statistics ---
3 packets transmitted, 2 packets received, 33% packet loss
round-trip min/avg/max/stddev = 64.434/68.607/72.780/4.173 ms
Code:
[B][COLOR=#ff0000]PC1[/COLOR][/B]> ping 192.168.10.254
192.168.10.254 icmp_seq=1 timeout
192.168.10.254 icmp_seq=2 timeout
192.168.10.254 icmp_seq=3 timeout
192.168.10.254 icmp_seq=4 timeout
192.168.10.254 icmp_seq=5 timeout
Code:
[COLOR=#ff0000][B]root@[B]svuit-vSRX[/B]# run ping 192.168.10.10[/B][/COLOR]
PING 192.168.10.10 (192.168.10.10): 56 data bytes
PING 192.168.10.10 (192.168.10.10): 56 data bytes
PING 192.168.10.10 (192.168.10.10): 56 data bytes
^C
--- 192.168.10.10 ping statistics ---
14 packets transmitted, 0 packets received, 100% packet loss| root@svuit-vSRX#set security zones security-zone Inside interfaces ge-0/0/1 host-inbound-traffic system-services ping |
Code:
root@[B]svuit-vSRX[/B]# [B][COLOR=#ff0000]show security zones[/COLOR][/B]
security-zone trust {
tcp-rst;
}
[COLOR=#ff0000][B]security-zone untrust[/B][/COLOR] {
screen untrust-screen;
interfaces {
[I][COLOR=#ff0000] ge-0/0/0.0[/COLOR][/I] {
host-inbound-traffic {
system-services {
http;
https;
ssh;
telnet;
dhcp;
}
}
}
}
}
[B][I][COLOR=#ff0000]security-zone INSIDE[/COLOR][/I][/B] {
interfaces {
[I][COLOR=#ff0000] ge-0/0/1.0[/COLOR][/I] {
host-inbound-traffic {
system-services {
[COLOR=#ff0000] ping[/COLOR];
}
}
}
}
}
[edit]
Code:
[COLOR=#ff0000][B]PC1[/B][/COLOR]> ping 192.168.10.254
84 bytes from 192.168.10.254 icmp_seq=1 ttl=64 time=46.937 ms
84 bytes from 192.168.10.254 icmp_seq=2 ttl=64 time=0.935 ms
84 bytes from 192.168.10.254 icmp_seq=3 ttl=64 time=3.808 ms
84 bytes from 192.168.10.254 icmp_seq=4 ttl=64 time=1.840 ms
84 bytes from 192.168.10.254 icmp_seq=5 ttl=64 time=2.332 ms
Code:
[B][COLOR=#ff0000]root@[/COLOR][/B][B]svuit-vSRX[/B][B][COLOR=#ff0000]# run ping 192.168.10.10[/COLOR][/B]
PING 192.168.10.10 (192.168.10.10): 56 data bytes
64 bytes from 192.168.10.10: icmp_seq=0 ttl=64 time=10.140 ms
64 bytes from 192.168.10.10: icmp_seq=1 ttl=64 time=5.733 ms
^C
--- 192.168.10.10 ping statistics ---
2 packets transmitted, 2 packets received, 0% packet loss
round-trip min/avg/max/stddev = 5.733/7.937/10.140/2.203 ms