Presentación RICAR 2019

Presentación TICAR 2019

3)

shel     -->    %
cli    -->    >
edit    -->    #
show configuration
show configuration | display detail
show configuration | display set

Habilitar servicios:

set system services ssh
set system services telnet
set system services web-management https system-generated-certificate
 
set system host-name SRX_RIU
set system domain-name riu.edu.ar
set system domain-search riu.edu.ar
set system time-zone America/Buenos_Aires
set system name-server <IP>

4) http://mac.riu.edu.ar/routers/?uni=<sigla UN>

5) Configuración interfaces

Interfaz física en modo switch

set interfaces ge-0/0/0 unit 0 family ethernet-switching vlan members vlan-WAN
edit interfaces ge-0/0/0 unit 0 family ethernet-switching
    set interface-mode trunk;
    set vlan members <vlan-name> <vlan-id> ...
    set vlan members all -<vlan-name>

Interfaz física con IP

set interfaces ge-0/0/0 unit 0 family family inet address <IPv4>
set interfaces irb unit 2 family inet6 address <IPv6>

Interfaz de management

set interfaces fxp0 unit 0 family inet address <IPv4>

Interfaz IRB

set interfaces irb unit 2 description "WAN - RIU"
set interfaces irb unit 2 family inet address <IPv4>
set interfaces irb unit 2 family inet6 address <IPv6>

Link Aggregation Control Protocol (LACP)

delete ge-0/0/5 unit 0
set ge-0/0/5 gigether-options 802.3ad ae0
 
delete ge-0/0/6 unit 0
set ge-0/0/6 gigether-options 802.3ad ae0
 
set ae0 description "ejemplo LACP"
set ae0 aggregated-ether-options lacp active

6)

show configuration system login

7)

show configuration system login class looking-glass
 
set system login class looking-glass permissions network
set system login class looking-glass permissions view
set system login class looking-glass allow-commands "^(show route protocol bgp .*|show bgp summary|ping .*|traceroute .*|quit|help .*)"
set system login class looking-glass deny-commands "^show [ac-qs-z].*|^show (backup-selection|bfd|r2cp|rip|ripng|rsvp)|^clear.*|^ssh|^telnet|^file|^op|^request|^set|^start|^test"
set system login class looking-glass allow-configuration show
set system login class looking-glass deny-configuration all

8)

show configuration system login user lgriu

9)

Seteo passwor usuario root
set system root-authentication plain-text-password ???

Creación usuario y seteo de clase

set system login user test authentication plain-text-password
set system login user test class read-only

10)

load override terminal  !! OJO pisa toda la configuración

11) Configuración VLANs

set vlans vlan-LAN vlan-id 3
set vlans vlan-LAN l3-interface irb.3
set vlans vlan-WAN vlan-id 2
set vlans vlan-WAN l3-interface irb.2

Rutas estáticas

set routing-options rib inet6.0 static route ::0/0 next-hop <IPv6>
set routing-options static route 0.0.0.0/0 next-hop <IPv4>
set routing-options static route 172.16.4.0/24 next-hop <IPv4>
 
set routing-options autonomous-system <ASn>

12)

shcow configuration protocols bgp

13) Policy-options

show policy-options

set protocols bgp path-selection cisco-non-deterministic
set protocols bgp log-updown
set protocols bgp group IPv4 type external
set protocols bgp group IPv4 family inet unicast
set protocols bgp group IPv4 neighbor 170.210.4.53 description "BGP IPv4 contra RIU;"
set protocols bgp group IPv4 neighbor 170.210.4.53 local-address 170.210.4.54
set protocols bgp group IPv4 neighbor 170.210.4.53 import from-RIU-v4
deactivate protocols bgp group IPv4 neighbor 170.210.4.53 import
set protocols bgp group IPv4 neighbor 170.210.4.53 export to-RIU-v4
set protocols bgp group IPv4 neighbor 170.210.4.53 peer-as 4270
set protocols bgp group IPv4 neighbor 190.114.199.2 multihop ttl 15
set protocols bgp group IPv4 neighbor 190.114.199.2 local-address 190.114.220.4
set protocols bgp group IPv4 neighbor 190.114.199.2 peer-as 64512
set protocols bgp group IPv6 type external
set protocols bgp group IPv6 family inet6 unicast
set protocols bgp group IPv6 neighbor 2800:110:ff:f52::1 description "BGP IPv6 contra RIU"
set protocols bgp group IPv6 neighbor 2800:110:ff:f52::1 local-address 2800:110:ff:f52::2
set protocols bgp group IPv6 neighbor 2800:110:ff:f52::1 import from-RIU-v6
deactivate protocols bgp group IPv6 neighbor 2800:110:ff:f52::1 import
set protocols bgp group IPv6 neighbor 2800:110:ff:f52::1 export to-RIU-v6
set protocols bgp group IPv6 neighbor 2800:110:ff:f52::1 peer-as 4270
set protocols bgp group iBGP-IPv4 type internal
set protocols bgp group iBGP-IPv4 peer-as 27883
set protocols bgp group iBGP-IPv4 neighbor 190.114.220.8 description iBGP-BACKBONE-RECTORADO
set protocols bgp group iBGP-IPv4 neighbor 190.114.220.8 export PS-next-hop-self
set protocols bgp group iBGP-IPv4 neighbor 190.114.220.10 description iBGP-WAN-RECTORADO
set protocols bgp group iBGP-IPv4 neighbor 190.114.220.10 import PS-RECTORADO-IN
set protocols bgp group iBGP-IPv4 neighbor 190.114.220.10 export PS-next-hop-self
 
set policy-options prefix-list redes-riu-universidad-v4 170.210.1.54/32
set policy-options prefix-list redes-universidad-v4 190.114.192.0/19
set policy-options prefix-list redes-wan-riu-v4 170.210.4.52/30
set policy-options prefix-list redes-riu-universidad-v6 2800:110:1:f52::/64
set policy-options prefix-list redes-universidad-v6
set policy-options prefix-list redes-wan-riu-v6 2800:110:ff:f52::/64
 
set policy-options policy-statement PS-RECTORADO-IN term 10 from route-filter 190.114.192.0/19 upto /24
set policy-options policy-statement PS-RECTORADO-IN term 10 then local-preference 190
set policy-options policy-statement PS-RECTORADO-IN term 10 then accept
set policy-options policy-statement PS-RECTORADO-IN term no-match then reject
set policy-options policy-statement PS-next-hop-self term next-hop-self then next-hop self
set policy-options policy-statement from-RIU-v4 term match-comunidades from community Internet2
set policy-options policy-statement from-RIU-v4 term match-comunidades from community Universidades
set policy-options policy-statement from-RIU-v4 term match-comunidades then accept
set policy-options policy-statement from-RIU-v4 term no-match then reject
deactivate policy-options policy-statement from-RIU-v4
set policy-options policy-statement from-RIU-v6 term match-comunidades from community Internet2
set policy-options policy-statement from-RIU-v6 term match-comunidades from community Universidades
set policy-options policy-statement from-RIU-v6 term match-comunidades then accept
set policy-options policy-statement from-RIU-v6 term no-match then reject
deactivate policy-options policy-statement from-RIU-v6
set policy-options policy-statement ibgp-export term next-hop-self then next-hop self
deactivate policy-options policy-statement ibgp-export
set policy-options policy-statement to-RIU-v4 term 10 from prefix-list redes-wan-riu-v4
set policy-options policy-statement to-RIU-v4 term 10 from prefix-list-filter redes-riu-universidad-v4 orlonger
set policy-options policy-statement to-RIU-v4 term 10 from prefix-list-filter redes-universidad-v4 orlonger
set policy-options policy-statement to-RIU-v4 term 10 then community set to-RIU-todo
deactivate policy-options policy-statement to-RIU-v4 term 10 then community set to-RIU-todo
set policy-options policy-statement to-RIU-v4 term 10 then accept
set policy-options policy-statement to-RIU-v4 term no-match then reject
set policy-options policy-statement to-RIU-v6 term 10 from prefix-list redes-wan-riu-v6
set policy-options policy-statement to-RIU-v6 term 10 from prefix-list-filter redes-riu-universidad-v6 orlonger
set policy-options policy-statement to-RIU-v6 term 10 from prefix-list-filter redes-universidad-v6 orlonger
set policy-options policy-statement to-RIU-v6 term 10 then community set to-RIU-todo
deactivate policy-options policy-statement to-RIU-v6 term 10 then community set to-RIU-todo
set policy-options policy-statement to-RIU-v6 term 10 then accept
set policy-options policy-statement to-RIU-v6 term no-match then reject
set policy-options community Internet2 members 4270:200
set policy-options community Universidades members 4270:2000
set policy-options community all members *:*
set policy-options community to-RIU-I2+Unis members 4270:200
set policy-options community to-RIU-I2+Unis members 4270:2000
deactivate policy-options community to-RIU-I2+Unis
set policy-options community to-RIU-todo members 4270:100
set policy-options community to-RIU-todo members 4270:150
set policy-options community to-RIU-todo members 4270:200
set policy-options community to-RIU-todo members 4270:300
set policy-options community to-RIU-todo members 4270:400
set policy-options community to-RIU-todo members 4270:2000
deactivate policy-options community to-RIU-todo

DHCP

set access address-assignment pool Management family inet network 192.168.1.0/24
set access address-assignment pool Management family inet range MNGMT low 192.168.1.2
set access address-assignment pool Management family inet range MNGMT high 192.168.1.254
set access address-assignment pool Management family inet dhcp-attributes router 192.168.1.1