Juniper to implement the redistribution function like Cisco is to be implemented by policy, here is an example of me: its function is to distribute static routes to OSPF, the following is the topology map
Redistribution of R1 default routes into OSPF
The configuration is as follows:
# # # # Last changed:2012-07-18 06:03:09 CST version 12.1r1.9;
Logical-systems {r1 {interfaces {em1 {unit 12 {
Vlan-id
Release date:Updated on:
Affected Systems:Juniper Networks JUNOS 13.xJuniper Networks JUNOS 12.xJuniper Networks JUNOS 11.xDescription:--------------------------------------------------------------------------------CVE (CAN) ID: CVE-2014-2711Junos is an application development platform or network operating system used in the Juniper Networks hardware system.Juniper JunOS does not properly filter some input used in J-Web, which can cause arbitrary HTM
Today, we will demonstrate how the Juniper SRX Firewall runs ipsec vpn + OSPF with Cisco routers.
Topology:
650) this. width = 650; "src =" http://img1.51cto.com/attachment/201309/133822237.png "title =" 1.PNG" alt = "133822237.png"/>
R1 simulates a cisco device, which is equivalent to a branch site. R2 simulates a carrier device, C1 is a zhuyun device, and bridging with SRX, which is equivalent to a firewall headquarters.) R3 simulates internal route
Mip-definitionMIP (Mapped IP) is a 1 to 1 mapping of a public IP address to an IP address on the Internal side of the Juniper firewallMIP-to-one mapping, mapping from public IP to private network IPConfiguring a MIP to access a single device on the private networkSet int eth0/0 Zone UntrustSet int eth0/0 IP 1.1.1.250/24Set int eth0/0 routeSet int ETH0/1 Zone TrustSet int ETH0/1 IP 192.168.1.1/24Set int ETH0/1 routeSet int eth0/0 mip 1.1.1.100 host 192
1. Firewall DNS Server
Fire-> set dns host dns1 202.106.0.20
Get config | include dns
A maximum of three DNS servers can be specified;
* The firewall can resolve the domain name address.
2. You can configure the NTP server in the firewall.
Set ntp server followed by the name, source address, and so on;
È set ntp server time.windows.com
È Set ntp server key-id 1 preshare-key cjclub
È Set ntp server src-interface eth1
È Set ntp interval 1
Request synchronization interval;
À set ntp max-adjustment
Problem description:
When the SSG series firewalls of Juniper can access each other through VPN dial-in or direct mutual access between different network segments, sometimes PING can be reached, but the service cannot be accessed, such as WEB and shared files.
Problem Analysis:
These problems are often caused by the identification of data packet fragments by devices during data transmission. Generally, data packets are too large and nee
port for Edit Rule-set outside-to-inside1- Des-nat Set from zone Outside Edit Rule inside1-router-23 Set match source-address 0/0 Set match Destination-address 202.100.1.201/32 Set match destination-port 2323 Set then Destination-nat pool inside1-23 Up Edit Proxy-arp interface fe-0/0/0.0 address 202.100.1.201/32 Release Inbound Traffic! Edit Security Zones security-zone Inside1 Set Address-book address Inside1-router 10.1.1.1/32 up up Edit Policies From-zone Outside to-zone Insid
security-zone Untrust interfaces ge-0/0/0.0 host-inbound-traffic system-services p IngNote: By default, ICMP is required to be released, except for business ports that are not managed to be ping-through.Second, Juniper SRX NAT1. Types of NAT1.1 Source Nat:interface1.2 Source NAT:p Ool1.3 Destination NAT1.4 Static NAT2. Configuration Example2.1 Interface-based source NAT[Email protected]# Set security NAT source Rule-set 1 from Zone Trust[Email protec
Juniper Firewall set up the system clock, there are three ways, choose a way to complete the corresponding setup work:1, using the command line method, in the CLI command line interface settings, using the command set clock mm/dd/yyyy hh:mm:ss.2. Use the "Sync Clock with Client" option in the Web management interface:650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M01/58/22/wKioL1SqOzKRtV5-AAVqFpekUuw546.jpg "title=" Qq20150105151906.png "alt="
First, Juniper Open SNMP
The steps to turn on SNMP are the same as yesterday's reference to configuration methods, which is skipped here.Second, install the configuration MRTG
1, installation
MRTG's official page is http://oss.oetiker.ch/mrtg/, the latest version is 2.17.4. You can choose to compile the installation using the source package, or you can select the system source installation.
The code is as follows
Copy Code
Experimental environment:
Company game online, need to build a VPN channel for authentication and billing system for different areas of internal communications, as well as daily maintenance server is also through VPN connection. To achieve a secure encrypted environment
Solution: Using juniper netscreen SSG140-SB automatic VPN function to solve this problem, because to set up a lot of points, setting almost all the same, to Shanghai room and Changch
Set the group number for the VSD, which can be used without input because the value of the default virtual security database (VSD) for the NetScreen firewall is 0.
SSG550 (M)-> set NSRP Vsd-group ID 0 Priority 50 sets the priority value of the NSRP primary device, the smaller the priority value, the higher the priority.
SSG550 (M)-> set NSRP RTO syn Set configuration sync
SSG550 (M)-> set NSRP vsd-group ID 0 Monitor interface ethernet3 set Firewall monitor port, assuming port 3 failure or con
Master firewall configuration
unset interface e4 IP addresses e4 IP address deletion
Set interface e4 zone Ha binds E4 and ha regions together
Ssg550-> set NSRP Cluster ID 1 sets cluster group number
SSG550 (M)-> set NSRP VSD ID 0 Sets the group number of the VSD, which can be used without input because the value of the default virtual security database (VSD) for the NetScreen firewall is 0.
SSG550 (M)-> set NSRP Vsd-group ID 0 Priority 50 sets the priority value of the NSRP primary device,
NetScreen firewall supports multiple management methods: WEB management and CLI (Telnet) management. Due to the common debugging work, we usually use the first two methods.
(Screios 4.0) First, use the CONSOLE port for configuration.
1. Insert one end of the distribution line to the CONSOLE port of the firewall, and the other end of the line to the switch plug and then to the serial port of the PC.
2. Open the attachment-> communication-> Super Termin
management address set interface vlan1 manage-ip 10.0.0.3.
3,
Supplement:A. After implementing HA in transparent mode, if the device cannot be managed by default, you can use the following command to solve the problem:
Set interface vlan1 NSP manage zone V1-Untrust
This command must be in 2
Application on all devices.
B. There are some precautions for Tracking ip addresses: this is the correct configuration method in transparent mode. set NSP monitor track-ip address 10.0.0.5 interface vlan1. i
1, now learn to sell, learn to use the
2. Environment description
1 Core Switch S5700 (Huawei)
2) access to switch S3700 (Huawei)
3. Request
1 different VLANs can not be accessed from each other, each VLAN can only belong to one department
2 The Department 12 terminals are configured as follows
Terminal 1:192.168.162.2/24 Gateway is: 192.168.162.254
Terminal 2:192.168.162.3/24 Gateway is: 192.168.162.254
3
Today, the tutor told me about the company's network topology, related to the switch, the basic concept of routers and principles, I am not very clear, so on the internet to learn the information to learn a bit, and then feel that this article is good, so it reproduced, but I reproduced not the original text, and did not attach the original link.
Here I posted a link to my reprinted article: http://blog.csdn.net/herostarone/article/details/8256235
Two
Two-layer switching technology is a mature development, two-layer switch is a data link layer device, can identify the Mac in the packet
Address information, forwarding based on MAC addresses, and recording these MAC addresses with corresponding ports in one of their own.
Address table. The specific work flow is as follows:
(1) When the switch receives a packet from a port, it first reads the source MAC a
I'm going to go down to the two and three layers of the switch.
A two-tier switch is equivalent to dividing an interface into multiple interfaces, just to provide a lot of interfaces; (if the landlord is not a professional person can ignore the following content) theoretically it can be understood that the switch does not split the broadcast domain, but split the
Simply put: Layer-1 switchOnly physical layer protocols are supported (one phone-controlled switch can be called ???)L2 SwitchSupports physical layer and data link layer protocols, such as Ethernet switches.L3 SwitchSupports physical layer, data link layer, and network layer protocols, such as some switches with routing functions. In terms of the ISO/OSI hierarchy, switches can be divided into L2 switches and L3 switches. A layer-2
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.