Diferencia entre revisiones de «Presentación RICAR 2019»
Ir a la navegación
Ir a la búsqueda
Sin resumen de edición |
Sin resumen de edición |
||
Línea 1: | Línea 1: | ||
{{DISPLAYTITLE:Presentación TICAR 2019}} | |||
[https://routers.riu.edu.ar/images/e/e7/Presentaci%C3%B3n_TICAR_2019.pdf Presentación TICAR 2019] | [https://routers.riu.edu.ar/images/e/e7/Presentaci%C3%B3n_TICAR_2019.pdf Presentación TICAR 2019] | ||
Revisión del 15:31 27 jun 2023
3)
shel --> % cli --> > edit --> # show configuration show configuration | display detail show configuration | display set
Habilitar servicios:
set system services ssh set system services telnet set system services web-management https system-generated-certificate set system host-name SRX_RIU set system domain-name riu.edu.ar set system domain-search riu.edu.ar set system time-zone America/Buenos_Aires set system name-server <IP>
4) http://mac.riu.edu.ar/routers/?uni=<sigla UN>
5) Configuración interfaces
Interfaz física en modo switch
set interfaces ge-0/0/0 unit 0 family ethernet-switching vlan members vlan-WAN edit interfaces ge-0/0/0 unit 0 family ethernet-switching set interface-mode trunk; set vlan members <vlan-name> <vlan-id> ... set vlan members all -<vlan-name>
Interfaz física con IP
set interfaces ge-0/0/0 unit 0 family family inet address <IPv4> set interfaces irb unit 2 family inet6 address <IPv6>
Interfaz de management
set interfaces fxp0 unit 0 family inet address <IPv4>
Interfaz IRB
set interfaces irb unit 2 description "WAN - RIU" set interfaces irb unit 2 family inet address <IPv4> set interfaces irb unit 2 family inet6 address <IPv6>
Link Aggregation Control Protocol (LACP)
delete ge-0/0/5 unit 0 set ge-0/0/5 gigether-options 802.3ad ae0 delete ge-0/0/6 unit 0 set ge-0/0/6 gigether-options 802.3ad ae0 set ae0 description "ejemplo LACP" set ae0 aggregated-ether-options lacp active
6)
show configuration system login
7)
show configuration system login class looking-glass set system login class looking-glass permissions network set system login class looking-glass permissions view set system login class looking-glass allow-commands "^(show route protocol bgp .*|show bgp summary|ping .*|traceroute .*|quit|help .*)" set system login class looking-glass deny-commands "^show [ac-qs-z].*|^show (backup-selection|bfd|r2cp|rip|ripng|rsvp)|^clear.*|^ssh|^telnet|^file|^op|^request|^set|^start|^test" set system login class looking-glass allow-configuration show set system login class looking-glass deny-configuration all
8)
show configuration system login user lgriu
9)
Seteo passwor usuario root set system root-authentication plain-text-password ???
Creación usuario y seteo de clase
set system login user test authentication plain-text-password set system login user test class read-only
10)
load override terminal !! OJO pisa toda la configuración
11) Configuración VLANs
set vlans vlan-LAN vlan-id 3 set vlans vlan-LAN l3-interface irb.3 set vlans vlan-WAN vlan-id 2 set vlans vlan-WAN l3-interface irb.2
Rutas estáticas
set routing-options rib inet6.0 static route ::0/0 next-hop <IPv6> set routing-options static route 0.0.0.0/0 next-hop <IPv4> set routing-options static route 172.16.4.0/24 next-hop <IPv4> set routing-options autonomous-system <ASn>
12)
shcow configuration protocols bgp
13) Policy-options
show policy-options
set protocols bgp path-selection cisco-non-deterministic set protocols bgp log-updown set protocols bgp group IPv4 type external set protocols bgp group IPv4 family inet unicast set protocols bgp group IPv4 neighbor 170.210.4.53 description "BGP IPv4 contra RIU;" set protocols bgp group IPv4 neighbor 170.210.4.53 local-address 170.210.4.54 set protocols bgp group IPv4 neighbor 170.210.4.53 import from-RIU-v4 deactivate protocols bgp group IPv4 neighbor 170.210.4.53 import set protocols bgp group IPv4 neighbor 170.210.4.53 export to-RIU-v4 set protocols bgp group IPv4 neighbor 170.210.4.53 peer-as 4270 set protocols bgp group IPv4 neighbor 190.114.199.2 multihop ttl 15 set protocols bgp group IPv4 neighbor 190.114.199.2 local-address 190.114.220.4 set protocols bgp group IPv4 neighbor 190.114.199.2 peer-as 64512 set protocols bgp group IPv6 type external set protocols bgp group IPv6 family inet6 unicast set protocols bgp group IPv6 neighbor 2800:110:ff:f52::1 description "BGP IPv6 contra RIU" set protocols bgp group IPv6 neighbor 2800:110:ff:f52::1 local-address 2800:110:ff:f52::2 set protocols bgp group IPv6 neighbor 2800:110:ff:f52::1 import from-RIU-v6 deactivate protocols bgp group IPv6 neighbor 2800:110:ff:f52::1 import set protocols bgp group IPv6 neighbor 2800:110:ff:f52::1 export to-RIU-v6 set protocols bgp group IPv6 neighbor 2800:110:ff:f52::1 peer-as 4270 set protocols bgp group iBGP-IPv4 type internal set protocols bgp group iBGP-IPv4 peer-as 27883 set protocols bgp group iBGP-IPv4 neighbor 190.114.220.8 description iBGP-BACKBONE-RECTORADO set protocols bgp group iBGP-IPv4 neighbor 190.114.220.8 export PS-next-hop-self set protocols bgp group iBGP-IPv4 neighbor 190.114.220.10 description iBGP-WAN-RECTORADO set protocols bgp group iBGP-IPv4 neighbor 190.114.220.10 import PS-RECTORADO-IN set protocols bgp group iBGP-IPv4 neighbor 190.114.220.10 export PS-next-hop-self set policy-options prefix-list redes-riu-universidad-v4 170.210.1.54/32 set policy-options prefix-list redes-universidad-v4 190.114.192.0/19 set policy-options prefix-list redes-wan-riu-v4 170.210.4.52/30 set policy-options prefix-list redes-riu-universidad-v6 2800:110:1:f52::/64 set policy-options prefix-list redes-universidad-v6 set policy-options prefix-list redes-wan-riu-v6 2800:110:ff:f52::/64 set policy-options policy-statement PS-RECTORADO-IN term 10 from route-filter 190.114.192.0/19 upto /24 set policy-options policy-statement PS-RECTORADO-IN term 10 then local-preference 190 set policy-options policy-statement PS-RECTORADO-IN term 10 then accept set policy-options policy-statement PS-RECTORADO-IN term no-match then reject set policy-options policy-statement PS-next-hop-self term next-hop-self then next-hop self set policy-options policy-statement from-RIU-v4 term match-comunidades from community Internet2 set policy-options policy-statement from-RIU-v4 term match-comunidades from community Universidades set policy-options policy-statement from-RIU-v4 term match-comunidades then accept set policy-options policy-statement from-RIU-v4 term no-match then reject deactivate policy-options policy-statement from-RIU-v4 set policy-options policy-statement from-RIU-v6 term match-comunidades from community Internet2 set policy-options policy-statement from-RIU-v6 term match-comunidades from community Universidades set policy-options policy-statement from-RIU-v6 term match-comunidades then accept set policy-options policy-statement from-RIU-v6 term no-match then reject deactivate policy-options policy-statement from-RIU-v6 set policy-options policy-statement ibgp-export term next-hop-self then next-hop self deactivate policy-options policy-statement ibgp-export set policy-options policy-statement to-RIU-v4 term 10 from prefix-list redes-wan-riu-v4 set policy-options policy-statement to-RIU-v4 term 10 from prefix-list-filter redes-riu-universidad-v4 orlonger set policy-options policy-statement to-RIU-v4 term 10 from prefix-list-filter redes-universidad-v4 orlonger set policy-options policy-statement to-RIU-v4 term 10 then community set to-RIU-todo deactivate policy-options policy-statement to-RIU-v4 term 10 then community set to-RIU-todo set policy-options policy-statement to-RIU-v4 term 10 then accept set policy-options policy-statement to-RIU-v4 term no-match then reject set policy-options policy-statement to-RIU-v6 term 10 from prefix-list redes-wan-riu-v6 set policy-options policy-statement to-RIU-v6 term 10 from prefix-list-filter redes-riu-universidad-v6 orlonger set policy-options policy-statement to-RIU-v6 term 10 from prefix-list-filter redes-universidad-v6 orlonger set policy-options policy-statement to-RIU-v6 term 10 then community set to-RIU-todo deactivate policy-options policy-statement to-RIU-v6 term 10 then community set to-RIU-todo set policy-options policy-statement to-RIU-v6 term 10 then accept set policy-options policy-statement to-RIU-v6 term no-match then reject set policy-options community Internet2 members 4270:200 set policy-options community Universidades members 4270:2000 set policy-options community all members *:* set policy-options community to-RIU-I2+Unis members 4270:200 set policy-options community to-RIU-I2+Unis members 4270:2000 deactivate policy-options community to-RIU-I2+Unis set policy-options community to-RIU-todo members 4270:100 set policy-options community to-RIU-todo members 4270:150 set policy-options community to-RIU-todo members 4270:200 set policy-options community to-RIU-todo members 4270:300 set policy-options community to-RIU-todo members 4270:400 set policy-options community to-RIU-todo members 4270:2000 deactivate policy-options community to-RIU-todo
DHCP
set access address-assignment pool Management family inet network 192.168.1.0/24 set access address-assignment pool Management family inet range MNGMT low 192.168.1.2 set access address-assignment pool Management family inet range MNGMT high 192.168.1.254 set access address-assignment pool Management family inet dhcp-attributes router 192.168.1.1