Diferencia entre revisiones de «Presentación RICAR 2019»
Ir a la navegación
Ir a la búsqueda
(Página creada con «== Presentación ==») |
Sin resumen de edición |
||
| Línea 1: | Línea 1: | ||
[https://routers.riu.edu.ar/images/e/e7/Presentaci%C3%B3n_TICAR_2019.pdf Presentación TICAR 2019] | |||
3) | |||
shel --> % | |||
cli --> > | |||
edit --> # | |||
show configuration | |||
show configuration | display detail | |||
show configuration | display set | |||
Habilitar servicios: | |||
set system services ssh | |||
set system services telnet | |||
set system services web-management https system-generated-certificate | |||
set system host-name SRX_RIU | |||
set system domain-name riu.edu.ar | |||
set system domain-search riu.edu.ar | |||
set system time-zone America/Buenos_Aires | |||
set system name-server <IP> | |||
4) <nowiki>http://mac.riu.edu.ar/routers/?uni=</nowiki><sigla UN> | |||
5) Configuración interfaces | |||
Interfaz física en modo switch | |||
set interfaces ge-0/0/0 unit 0 family ethernet-switching vlan members vlan-WAN | |||
edit interfaces ge-0/0/0 unit 0 family ethernet-switching | |||
set interface-mode trunk; | |||
set vlan members <vlan-name> <vlan-id> ... | |||
set vlan members all -<vlan-name> | |||
Interfaz física con IP | |||
set interfaces ge-0/0/0 unit 0 family family inet address <IPv4> | |||
set interfaces irb unit 2 family inet6 address <IPv6> | |||
Interfaz de management | |||
set interfaces fxp0 unit 0 family inet address <IPv4> | |||
Interfaz IRB | |||
set interfaces irb unit 2 description "WAN - RIU" | |||
set interfaces irb unit 2 family inet address <IPv4> | |||
set interfaces irb unit 2 family inet6 address <IPv6> | |||
Link Aggregation Control Protocol (LACP) | |||
delete ge-0/0/5 unit 0 | |||
set ge-0/0/5 gigether-options 802.3ad ae0 | |||
delete ge-0/0/6 unit 0 | |||
set ge-0/0/6 gigether-options 802.3ad ae0 | |||
set ae0 description "ejemplo LACP" | |||
set ae0 aggregated-ether-options lacp active | |||
6) | |||
show configuration system login | |||
7) | |||
show configuration system login class looking-glass | |||
set system login class looking-glass permissions network | |||
set system login class looking-glass permissions view | |||
set system login class looking-glass allow-commands "^(show route protocol bgp .*|show bgp summary|ping .*|traceroute .*|quit|help .*)" | |||
set system login class looking-glass deny-commands "^show [ac-qs-z].*|^show (backup-selection|bfd|r2cp|rip|ripng|rsvp)|^clear.*|^ssh|^telnet|^file|^op|^request|^set|^start|^test" | |||
set system login class looking-glass allow-configuration show | |||
set system login class looking-glass deny-configuration all | |||
8) | |||
show configuration system login user lgriu | |||
9) | |||
Seteo passwor usuario root | |||
set system root-authentication plain-text-password ??? | |||
Creación usuario y seteo de clase | |||
set system login user test authentication plain-text-password | |||
set system login user test class read-only | |||
10) | |||
load override terminal !! OJO pisa toda la configuración | |||
11) Configuración VLANs | |||
set vlans vlan-LAN vlan-id 3 | |||
set vlans vlan-LAN l3-interface irb.3 | |||
set vlans vlan-WAN vlan-id 2 | |||
set vlans vlan-WAN l3-interface irb.2 | |||
Rutas estáticas | |||
set routing-options rib inet6.0 static route ::0/0 next-hop <IPv6> | |||
set routing-options static route 0.0.0.0/0 next-hop <IPv4> | |||
set routing-options static route 172.16.4.0/24 next-hop <IPv4> | |||
set routing-options autonomous-system <ASn> | |||
12) | |||
shcow configuration protocols bgp | |||
13) Policy-options | |||
show policy-options | |||
set protocols bgp path-selection cisco-non-deterministic | |||
set protocols bgp log-updown | |||
set protocols bgp group IPv4 type external | |||
set protocols bgp group IPv4 family inet unicast | |||
set protocols bgp group IPv4 neighbor 170.210.4.53 description "BGP IPv4 contra RIU;" | |||
set protocols bgp group IPv4 neighbor 170.210.4.53 local-address 170.210.4.54 | |||
set protocols bgp group IPv4 neighbor 170.210.4.53 import from-RIU-v4 | |||
deactivate protocols bgp group IPv4 neighbor 170.210.4.53 import | |||
set protocols bgp group IPv4 neighbor 170.210.4.53 export to-RIU-v4 | |||
set protocols bgp group IPv4 neighbor 170.210.4.53 peer-as 4270 | |||
set protocols bgp group IPv4 neighbor 190.114.199.2 multihop ttl 15 | |||
set protocols bgp group IPv4 neighbor 190.114.199.2 local-address 190.114.220.4 | |||
set protocols bgp group IPv4 neighbor 190.114.199.2 peer-as 64512 | |||
set protocols bgp group IPv6 type external | |||
set protocols bgp group IPv6 family inet6 unicast | |||
set protocols bgp group IPv6 neighbor 2800:110:ff:f52::1 description "BGP IPv6 contra RIU" | |||
set protocols bgp group IPv6 neighbor 2800:110:ff:f52::1 local-address 2800:110:ff:f52::2 | |||
set protocols bgp group IPv6 neighbor 2800:110:ff:f52::1 import from-RIU-v6 | |||
deactivate protocols bgp group IPv6 neighbor 2800:110:ff:f52::1 import | |||
set protocols bgp group IPv6 neighbor 2800:110:ff:f52::1 export to-RIU-v6 | |||
set protocols bgp group IPv6 neighbor 2800:110:ff:f52::1 peer-as 4270 | |||
set protocols bgp group iBGP-IPv4 type internal | |||
set protocols bgp group iBGP-IPv4 peer-as 27883 | |||
set protocols bgp group iBGP-IPv4 neighbor 190.114.220.8 description iBGP-BACKBONE-RECTORADO | |||
set protocols bgp group iBGP-IPv4 neighbor 190.114.220.8 export PS-next-hop-self | |||
set protocols bgp group iBGP-IPv4 neighbor 190.114.220.10 description iBGP-WAN-RECTORADO | |||
set protocols bgp group iBGP-IPv4 neighbor 190.114.220.10 import PS-RECTORADO-IN | |||
set protocols bgp group iBGP-IPv4 neighbor 190.114.220.10 export PS-next-hop-self | |||
set policy-options prefix-list redes-riu-universidad-v4 170.210.1.54/32 | |||
set policy-options prefix-list redes-universidad-v4 190.114.192.0/19 | |||
set policy-options prefix-list redes-wan-riu-v4 170.210.4.52/30 | |||
set policy-options prefix-list redes-riu-universidad-v6 2800:110:1:f52::/64 | |||
set policy-options prefix-list redes-universidad-v6 | |||
set policy-options prefix-list redes-wan-riu-v6 2800:110:ff:f52::/64 | |||
set policy-options policy-statement PS-RECTORADO-IN term 10 from route-filter 190.114.192.0/19 upto /24 | |||
set policy-options policy-statement PS-RECTORADO-IN term 10 then local-preference 190 | |||
set policy-options policy-statement PS-RECTORADO-IN term 10 then accept | |||
set policy-options policy-statement PS-RECTORADO-IN term no-match then reject | |||
set policy-options policy-statement PS-next-hop-self term next-hop-self then next-hop self | |||
set policy-options policy-statement from-RIU-v4 term match-comunidades from community Internet2 | |||
set policy-options policy-statement from-RIU-v4 term match-comunidades from community Universidades | |||
set policy-options policy-statement from-RIU-v4 term match-comunidades then accept | |||
set policy-options policy-statement from-RIU-v4 term no-match then reject | |||
deactivate policy-options policy-statement from-RIU-v4 | |||
set policy-options policy-statement from-RIU-v6 term match-comunidades from community Internet2 | |||
set policy-options policy-statement from-RIU-v6 term match-comunidades from community Universidades | |||
set policy-options policy-statement from-RIU-v6 term match-comunidades then accept | |||
set policy-options policy-statement from-RIU-v6 term no-match then reject | |||
deactivate policy-options policy-statement from-RIU-v6 | |||
set policy-options policy-statement ibgp-export term next-hop-self then next-hop self | |||
deactivate policy-options policy-statement ibgp-export | |||
set policy-options policy-statement to-RIU-v4 term 10 from prefix-list redes-wan-riu-v4 | |||
set policy-options policy-statement to-RIU-v4 term 10 from prefix-list-filter redes-riu-universidad-v4 orlonger | |||
set policy-options policy-statement to-RIU-v4 term 10 from prefix-list-filter redes-universidad-v4 orlonger | |||
set policy-options policy-statement to-RIU-v4 term 10 then community set to-RIU-todo | |||
deactivate policy-options policy-statement to-RIU-v4 term 10 then community set to-RIU-todo | |||
set policy-options policy-statement to-RIU-v4 term 10 then accept | |||
set policy-options policy-statement to-RIU-v4 term no-match then reject | |||
set policy-options policy-statement to-RIU-v6 term 10 from prefix-list redes-wan-riu-v6 | |||
set policy-options policy-statement to-RIU-v6 term 10 from prefix-list-filter redes-riu-universidad-v6 orlonger | |||
set policy-options policy-statement to-RIU-v6 term 10 from prefix-list-filter redes-universidad-v6 orlonger | |||
set policy-options policy-statement to-RIU-v6 term 10 then community set to-RIU-todo | |||
deactivate policy-options policy-statement to-RIU-v6 term 10 then community set to-RIU-todo | |||
set policy-options policy-statement to-RIU-v6 term 10 then accept | |||
set policy-options policy-statement to-RIU-v6 term no-match then reject | |||
set policy-options community Internet2 members 4270:200 | |||
set policy-options community Universidades members 4270:2000 | |||
set policy-options community all members *:* | |||
set policy-options community to-RIU-I2+Unis members 4270:200 | |||
set policy-options community to-RIU-I2+Unis members 4270:2000 | |||
deactivate policy-options community to-RIU-I2+Unis | |||
set policy-options community to-RIU-todo members 4270:100 | |||
set policy-options community to-RIU-todo members 4270:150 | |||
set policy-options community to-RIU-todo members 4270:200 | |||
set policy-options community to-RIU-todo members 4270:300 | |||
set policy-options community to-RIU-todo members 4270:400 | |||
set policy-options community to-RIU-todo members 4270:2000 | |||
deactivate policy-options community to-RIU-todo | |||
DHCP | |||
set access address-assignment pool Management family inet network 192.168.1.0/24 | |||
set access address-assignment pool Management family inet range MNGMT low 192.168.1.2 | |||
set access address-assignment pool Management family inet range MNGMT high 192.168.1.254 | |||
set access address-assignment pool Management family inet dhcp-attributes router 192.168.1.1 | |||
Revisión del 15:28 27 jun 2023
3)
shel --> % cli --> > edit --> # show configuration show configuration | display detail show configuration | display set
Habilitar servicios:
set system services ssh set system services telnet set system services web-management https system-generated-certificate set system host-name SRX_RIU set system domain-name riu.edu.ar set system domain-search riu.edu.ar set system time-zone America/Buenos_Aires set system name-server <IP>
4) http://mac.riu.edu.ar/routers/?uni=<sigla UN>
5) Configuración interfaces
Interfaz física en modo switch
set interfaces ge-0/0/0 unit 0 family ethernet-switching vlan members vlan-WAN
edit interfaces ge-0/0/0 unit 0 family ethernet-switching
set interface-mode trunk;
set vlan members <vlan-name> <vlan-id> ...
set vlan members all -<vlan-name>
Interfaz física con IP
set interfaces ge-0/0/0 unit 0 family family inet address <IPv4> set interfaces irb unit 2 family inet6 address <IPv6>
Interfaz de management
set interfaces fxp0 unit 0 family inet address <IPv4>
Interfaz IRB
set interfaces irb unit 2 description "WAN - RIU" set interfaces irb unit 2 family inet address <IPv4> set interfaces irb unit 2 family inet6 address <IPv6>
Link Aggregation Control Protocol (LACP)
delete ge-0/0/5 unit 0 set ge-0/0/5 gigether-options 802.3ad ae0 delete ge-0/0/6 unit 0 set ge-0/0/6 gigether-options 802.3ad ae0 set ae0 description "ejemplo LACP" set ae0 aggregated-ether-options lacp active
6)
show configuration system login
7)
show configuration system login class looking-glass set system login class looking-glass permissions network set system login class looking-glass permissions view set system login class looking-glass allow-commands "^(show route protocol bgp .*|show bgp summary|ping .*|traceroute .*|quit|help .*)" set system login class looking-glass deny-commands "^show [ac-qs-z].*|^show (backup-selection|bfd|r2cp|rip|ripng|rsvp)|^clear.*|^ssh|^telnet|^file|^op|^request|^set|^start|^test" set system login class looking-glass allow-configuration show set system login class looking-glass deny-configuration all
8)
show configuration system login user lgriu
9)
Seteo passwor usuario root set system root-authentication plain-text-password ???
Creación usuario y seteo de clase
set system login user test authentication plain-text-password set system login user test class read-only
10)
load override terminal !! OJO pisa toda la configuración
11) Configuración VLANs
set vlans vlan-LAN vlan-id 3 set vlans vlan-LAN l3-interface irb.3 set vlans vlan-WAN vlan-id 2 set vlans vlan-WAN l3-interface irb.2
Rutas estáticas
set routing-options rib inet6.0 static route ::0/0 next-hop <IPv6> set routing-options static route 0.0.0.0/0 next-hop <IPv4> set routing-options static route 172.16.4.0/24 next-hop <IPv4> set routing-options autonomous-system <ASn>
12)
shcow configuration protocols bgp
13) Policy-options
show policy-options
set protocols bgp path-selection cisco-non-deterministic set protocols bgp log-updown set protocols bgp group IPv4 type external set protocols bgp group IPv4 family inet unicast set protocols bgp group IPv4 neighbor 170.210.4.53 description "BGP IPv4 contra RIU;" set protocols bgp group IPv4 neighbor 170.210.4.53 local-address 170.210.4.54 set protocols bgp group IPv4 neighbor 170.210.4.53 import from-RIU-v4 deactivate protocols bgp group IPv4 neighbor 170.210.4.53 import set protocols bgp group IPv4 neighbor 170.210.4.53 export to-RIU-v4 set protocols bgp group IPv4 neighbor 170.210.4.53 peer-as 4270 set protocols bgp group IPv4 neighbor 190.114.199.2 multihop ttl 15 set protocols bgp group IPv4 neighbor 190.114.199.2 local-address 190.114.220.4 set protocols bgp group IPv4 neighbor 190.114.199.2 peer-as 64512 set protocols bgp group IPv6 type external set protocols bgp group IPv6 family inet6 unicast set protocols bgp group IPv6 neighbor 2800:110:ff:f52::1 description "BGP IPv6 contra RIU" set protocols bgp group IPv6 neighbor 2800:110:ff:f52::1 local-address 2800:110:ff:f52::2 set protocols bgp group IPv6 neighbor 2800:110:ff:f52::1 import from-RIU-v6 deactivate protocols bgp group IPv6 neighbor 2800:110:ff:f52::1 import set protocols bgp group IPv6 neighbor 2800:110:ff:f52::1 export to-RIU-v6 set protocols bgp group IPv6 neighbor 2800:110:ff:f52::1 peer-as 4270 set protocols bgp group iBGP-IPv4 type internal set protocols bgp group iBGP-IPv4 peer-as 27883 set protocols bgp group iBGP-IPv4 neighbor 190.114.220.8 description iBGP-BACKBONE-RECTORADO set protocols bgp group iBGP-IPv4 neighbor 190.114.220.8 export PS-next-hop-self set protocols bgp group iBGP-IPv4 neighbor 190.114.220.10 description iBGP-WAN-RECTORADO set protocols bgp group iBGP-IPv4 neighbor 190.114.220.10 import PS-RECTORADO-IN set protocols bgp group iBGP-IPv4 neighbor 190.114.220.10 export PS-next-hop-self set policy-options prefix-list redes-riu-universidad-v4 170.210.1.54/32 set policy-options prefix-list redes-universidad-v4 190.114.192.0/19 set policy-options prefix-list redes-wan-riu-v4 170.210.4.52/30 set policy-options prefix-list redes-riu-universidad-v6 2800:110:1:f52::/64 set policy-options prefix-list redes-universidad-v6 set policy-options prefix-list redes-wan-riu-v6 2800:110:ff:f52::/64 set policy-options policy-statement PS-RECTORADO-IN term 10 from route-filter 190.114.192.0/19 upto /24 set policy-options policy-statement PS-RECTORADO-IN term 10 then local-preference 190 set policy-options policy-statement PS-RECTORADO-IN term 10 then accept set policy-options policy-statement PS-RECTORADO-IN term no-match then reject set policy-options policy-statement PS-next-hop-self term next-hop-self then next-hop self set policy-options policy-statement from-RIU-v4 term match-comunidades from community Internet2 set policy-options policy-statement from-RIU-v4 term match-comunidades from community Universidades set policy-options policy-statement from-RIU-v4 term match-comunidades then accept set policy-options policy-statement from-RIU-v4 term no-match then reject deactivate policy-options policy-statement from-RIU-v4 set policy-options policy-statement from-RIU-v6 term match-comunidades from community Internet2 set policy-options policy-statement from-RIU-v6 term match-comunidades from community Universidades set policy-options policy-statement from-RIU-v6 term match-comunidades then accept set policy-options policy-statement from-RIU-v6 term no-match then reject deactivate policy-options policy-statement from-RIU-v6 set policy-options policy-statement ibgp-export term next-hop-self then next-hop self deactivate policy-options policy-statement ibgp-export set policy-options policy-statement to-RIU-v4 term 10 from prefix-list redes-wan-riu-v4 set policy-options policy-statement to-RIU-v4 term 10 from prefix-list-filter redes-riu-universidad-v4 orlonger set policy-options policy-statement to-RIU-v4 term 10 from prefix-list-filter redes-universidad-v4 orlonger set policy-options policy-statement to-RIU-v4 term 10 then community set to-RIU-todo deactivate policy-options policy-statement to-RIU-v4 term 10 then community set to-RIU-todo set policy-options policy-statement to-RIU-v4 term 10 then accept set policy-options policy-statement to-RIU-v4 term no-match then reject set policy-options policy-statement to-RIU-v6 term 10 from prefix-list redes-wan-riu-v6 set policy-options policy-statement to-RIU-v6 term 10 from prefix-list-filter redes-riu-universidad-v6 orlonger set policy-options policy-statement to-RIU-v6 term 10 from prefix-list-filter redes-universidad-v6 orlonger set policy-options policy-statement to-RIU-v6 term 10 then community set to-RIU-todo deactivate policy-options policy-statement to-RIU-v6 term 10 then community set to-RIU-todo set policy-options policy-statement to-RIU-v6 term 10 then accept set policy-options policy-statement to-RIU-v6 term no-match then reject set policy-options community Internet2 members 4270:200 set policy-options community Universidades members 4270:2000 set policy-options community all members *:* set policy-options community to-RIU-I2+Unis members 4270:200 set policy-options community to-RIU-I2+Unis members 4270:2000 deactivate policy-options community to-RIU-I2+Unis set policy-options community to-RIU-todo members 4270:100 set policy-options community to-RIU-todo members 4270:150 set policy-options community to-RIU-todo members 4270:200 set policy-options community to-RIU-todo members 4270:300 set policy-options community to-RIU-todo members 4270:400 set policy-options community to-RIU-todo members 4270:2000 deactivate policy-options community to-RIU-todo
DHCP
set access address-assignment pool Management family inet network 192.168.1.0/24 set access address-assignment pool Management family inet range MNGMT low 192.168.1.2 set access address-assignment pool Management family inet range MNGMT high 192.168.1.254 set access address-assignment pool Management family inet dhcp-attributes router 192.168.1.1