Professional Documents
Culture Documents
Spanish JRE 12.a-R LG
Spanish JRE 12.a-R LG
Spanish JRE 12.a-R LG
12.a
Juniper Networks reserves the right to change, modify, transfer, or otherwise revise this publication without notice.
YEAR 2000 NOTICE
Juniper Networks hardware and software products do not suffer from Year 2000 problems and hence are Year 2000 compliant. The Junos operating system has
no known time-related limitations through the year 2038. However, the NTP application is known to have some difficulty in the year 2036.
SOFTWARE LICENSE
The terms and conditions for using Juniper Networks software are described in the software license provided with the software, or to the extent applicable, in an
agreement executed between you and Juniper Networks, or Juniper Networks agent. By using Juniper Networks software, you indicate that you understand and
agree to be bound by its license terms and conditions. Generally speaking, the software license restricts the manner in which you are permitted to use the Juniper
Networks software, may contain prohibitions against certain uses, and may state conditions under which the license is automatically terminated. You should
consult the software license for further details.
Contents
Lab 1:
Lab 2:
Lab 3:
Lab 4:
www.juniper.net
Contents iii
iv Contents
www.juniper.net
Course Overview
This one-day course provides students with foundational routing knowledge and configuration examples and includes an
overview of general routing concepts, routing policy, and firewall filters.
Through demonstrations and hands-on labs, you will gain experience in configuring and monitoring the Junos operating
system and monitoring basic device operations. This course uses Juniper Networks SRX Series Services Gateways for the
hands-on component, but the lab environment does not preclude the course from being applicable to other Juniper
hardware platforms running the Junos operating system. This course is based on Junos OS Release 12.1R1.9.
Objectives
After successfully completing this course, you should be able to:
Describe the operation and configuration for unicast reverse path forwarding (RPF).
Intended Audience
This course benefits individuals responsible for configuring and monitoring devices running the Junos OS.
Course Level
The Junos Routing Essentials course is a one-day introductory course.
Prerequisites
Students should have basic networking knowledge and an understanding of the Open Systems Interconnection (OSI)
reference model and the TCP/IP protocol suite. Students should also attend the Introduction to the Junos Operating System
(IJOS) course prior to attending this class.
www.juniper.net
Course Overview v
Course Agenda
Day 1
Chapter 1: Course Introduction
Chapter 2: Routing Fundamentals
Fundamentos de Enrutamiento Laboratorio
Chapter 3: Routing Policy
Polticas de Enrutamiento Laboratorio
Chapter 4: Firewall Filters
Filtros de Firewall Laboratorio
Appendix A: Class of Service
Calidad de Servicio (CoS) (Opcional)
vi Course Agenda
www.juniper.net
Document Conventions
CLI and GUI Text
Frequently throughout this course, we refer to text that appears in a command-line interface (CLI) or a graphical user
interface (GUI). To make the language of these documents easier to read, we distinguish GUI and CLI text from chapter
text according to the following table.
Style
Description
Usage Example
Franklin Gothic
Normal text.
Courier New
Console text:
Screen captures
commit complete
Noncommand-related
syntax
Description
Usage Example
Normal CLI
No distinguishing variant.
Physical interface:fxp0,
Enabled
Normal GUI
GUI Input
Description
Usage Example
CLI Variable
policy my-peers
GUI Variable
GUI Undefined
www.juniper.net
Additional Information
Education Services Offerings
You can obtain information on the latest Education Services offerings, course dates, and class locations from the World
Wide Web by pointing your Web browser to:
http://www.juniper.net/training/education/.
Technical Publications
You can print technical manuals and release notes directly from the Internet in a variety of formats:
Go to http://www.juniper.net/techpubs/.
Locate the specific software or hardware release and title you need, and choose the format in which you
want to view or print the document.
Documentation sets and CDs are available through your local Juniper Networks sales office or account representative.
www.juniper.net
Laboratorio
Fundamentos de Enrutamiento
Sinopsis
Este laboratorio ilustra como configurar y monitorizar dispositivos de enrutamiento
(routing) de Nivel 3 que corren el sistema operativo Junos. En este ejercicio, usted
utilizar el CLI de Junos para configurar y monitorizar interfaces, rutas estticas y OSPF. A
travs de estas tareas de configuracin, se familiarizar y ser capaz de describir los
contenidos de las tablas de enrutamiento y forwarding empleadas en dispositivos Junos.
Tras completar este laboratorio, habr realizado las siguientes tareas:
www.juniper.net
www.juniper.net
Paso 1.3
Inicie sesin con su dispositivo utilizando el usuario lab y la contrasea lab123.
Observe que tanto el usuario como la contrasea vienen en letras minsculas.
Entre en modo configuracin y cargue el archivo reset de configuracin mediante el
comando load override /var/home/lab/jre/lab1-start.config.
Despus de que la configuracin haya sido cargada, active sus cambios y vuelva al
modo operacin utilizando el comando commit and-quit.
srxA-1 (ttyp0)
login: lab
Password:
--- JUNOS 12.1R1.9 built 2012-03-24 12:12:49 UTC
lab@srxA-1> configure
Entering configuration mode
[edit]
lab@srxA-1# load override jre/lab1-start.config
load complete
[edit]
lab@srxA-1# commit and-quit
commit complete
Exiting configuration mode
lab@srxA-1>
Paso 1.4
Introduzca el comando show route para visualizar el contenido de la tabla de
enrutamiento (routing table).
lab@srxA-1> show route
inet.0: 2 destinations, 2 routes (2 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
10.210.14.128/27
10.210.14.131/32
www.juniper.net
*[Direct/0] 23:39:24
> via ge-0/0/0.0
*[Local/0] 23:39:31
Local via ge-0/0/0.0
*[Direct/0] 00:07:26
> via ge-0/0/0.0
*[Local/0] 00:07:40
Local via ge-0/0/0.0
128.0.0.1/32
128.0.0.4/32
128.0.0.6/32
128.0.1.16/32
*[Direct/0] 00:08:16
> via lo0.16385
*[Local/0] 00:07:39
Local via sp-0/0/0.16383
*[Direct/0] 00:08:16
> via lo0.16385
[Direct/0] 00:07:33
> via sp-0/0/0.16383
*[Direct/0] 00:08:16
> via lo0.16385
*[Direct/0] 00:08:16
> via lo0.16385
*[Local/0] 00:07:39
Local via sp-0/0/0.16383
*[Direct/0] 00:08:16
> via lo0.16385
[Direct/0] 00:07:33
> via sp-0/0/0.16383
[Direct/0] 00:08:16
> via lo0.16384
www.juniper.net
Paso 1.6
Utilice como referencia el diagrama de gestin y topologa de red correspondiente al
grupo de equipos (Pod) al que pertenece el dispositivo que le ha sido asignado y
configure las interfaces que en l aparecen descritas. Configure la interfaz
ge-0/0/4 como interfaz etiquetada (vlan-tagging). Utilice la etiqueta o
identificador VLAN (vlan-id) como valor de la unidad lgica de esta interfaz. Use
la unidad lgica unit 0 en cualquier otro tipo de interfaz sin etiquetar. No olvide
configurar tambin la interfaz de loopback!
[edit interfaces]
lab@srxA-1# set lo0 unit 0 family inet address address/32
[edit interfaces]
lab@srxA-1# set ge-0/0/3 unit 0 family inet address address/30
[edit interfaces]
lab@srxA-1# set ge-0/0/2 unit 0 family inet address address/30
[edit interfaces]
lab@srxA-1# set ge-0/0/1 unit 0 family inet address address/30
[edit interfaces]
lab@srxA-1# set ge-0/0/4 vlan-tagging
www.juniper.net
[edit interfaces]
lab@srxA-1# set ge-0/0/4 unit vlan-id vlan-id vlan-id
[edit interfaces]
lab@srxA-1# set ge-0/0/4 unit vlan-id family inet address address/24
Paso 1.7
Muestre la configuracin de las interfaces y asegrese que coincide con los detalles
descritos en el diagrama de la topologa de red de este laboratorio. Una vez
satisfecho son su configuracin, escriba el comando commit-and-quit para
activar su configuracin y regresar al modo operacin.
[edit interfaces]
lab@srxA-1# show
ge-0/0/0 {
description "MGMT Interface - DO NOT DELETE";
unit 0 {
family inet {
address 10.210.14.131/27;
}
}
}
ge-0/0/1 {
unit 0 {
family inet {
address 172.20.77.1/30;
}
}
}
ge-0/0/2 {
unit 0 {
family inet {
address 172.20.66.1/30;
}
}
}
ge-0/0/3 {
unit 0 {
family inet {
address 172.18.1.2/30;
}
}
}
ge-0/0/4 {
vlan-tagging;
unit 101 {
vlan-id 101;
family inet {
address 172.20.101.1/24;
}
}
}
lo0 {
unit 0 {
Laboratorio 16 Fundamentos de Enrutamiento
www.juniper.net
family inet {
address 192.168.1.1/32;
}
}
}
[edit interfaces]
lab@srxA-1# commit and-quit
commit complete
Exiting configuration mode
lab@srxA-1>
Paso 1.8
Introduzca el comando show interfaces terse para verificar el estado de las
interfaces que acaba de configurar.
lab@srxA-1> show interfaces terse
Interface
Admin Link
ge-0/0/0
up
up
ge-0/0/0.0
up
up
gr-0/0/0
up
up
ip-0/0/0
up
up
lsq-0/0/0
up
up
lt-0/0/0
up
up
mt-0/0/0
up
up
pd-0/0/0
up
up
pe-0/0/0
up
up
ge-0/0/1
up
up
ge-0/0/1.0
up
up
ge-0/0/2
up
up
ge-0/0/2.0
up
up
ge-0/0/3
up
up
ge-0/0/3.0
up
up
ge-0/0/4
up
up
ge-0/0/4.101
up
up
ge-0/0/4.32767
up
up
ge-0/0/5
up
down
ge-0/0/6
up
down
ge-0/0/7
up
down
ge-0/0/8
up
down
ge-0/0/9
up
down
ge-0/0/10
up
down
ge-0/0/11
up
down
ge-0/0/12
up
down
ge-0/0/13
up
down
ge-0/0/14
up
down
ge-0/0/15
up
down
gre
up
up
ipip
up
up
lo0
up
up
lo0.0
up
up
lo0.16384
up
up
www.juniper.net
Proto
Local
inet
10.210.14.131/27
inet
172.20.77.1/30
inet
172.20.66.1/30
inet
172.18.1.2/30
inet
172.20.101.1/24
inet
inet
192.168.1.1
127.0.0.1
Remote
--> 0/0
--> 0/0
lo0.16385
up
up
inet
inet6
lo0.32768
lsi
mtun
pimd
pime
pp0
st0
tap
vlan
up
up
up
up
up
up
up
up
up
10.0.0.1
--> 0/0
10.0.0.16
--> 0/0
128.0.0.1
--> 0/0
128.0.1.16
--> 0/0
fe80::226:88ff:fe02:6700
up
up
up
up
up
up
up
up
up
*[Direct/0] 02:17:46
> via ge-0/0/0.0
*[Local/0] 02:17:50
Local via ge-0/0/0.0
*[Direct/0] 00:02:03
> via ge-0/0/3.0
*[Local/0] 00:02:03
Local via ge-0/0/3.0
*[Direct/0] 00:02:03
> via ge-0/0/2.0
*[Local/0] 00:02:03
Local via ge-0/0/2.0
*[Direct/0] 00:02:03
> via ge-0/0/1.0
*[Local/0] 00:02:03
Local via ge-0/0/1.0
*[Direct/0] 00:02:03
> via ge-0/0/4.101
www.juniper.net
172.20.101.1/32
192.168.1.1/32
*[Local/0] 00:02:03
Local via ge-0/0/4.101
*[Direct/0] 00:02:03
> via lo0.0
STOP
www.juniper.net
[edit]
lab@srxA-1# commit
commit complete
[edit]
lab@srxA-1#
Paso 2.2
Intente hacer ping a la direccin IP del host de Internet al que hace referencia el
diagrama de topologa de red de este laboratorio.
Nota
Paso 2.3
Defina una ruta esttica por defecto. Utilice como direccin de IP para el prximo
salto next-hop de la ruta por defecto la direccin IP que acaba de identificar en
el paso anterior. Una vez configurada, haga commit de sus cambios.
[edit]
lab@srxA-1# edit routing-options
[edit routing-options]
lab@srxA-1# set static route 0/0 next-hop address
[edit]
lab@srxA-1# commit
commit complete
[edit routing-options]
lab@srxA-1#
Paso 2.4
Ejecute el comando run show route 172.31.15.1.
[edit routing-options]
lab@srxA-1# run show route 172.31.15.1
inet.0: 12 destinations, 12 routes (12 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
0.0.0.0/0
*[Static/5] 00:00:23
> to 172.18.1.1 via ge-0/0/3.0
www.juniper.net
Paso 2.5
Ejecute el comando run ping 172.31.15.1 para hacer ping de nuevo al host
de Internet.
Nota
Paso 2.7
Defina todas las rutas estticas necesarias para permitir conectividad con todas las
subredes y direcciones de loopback de los dispositivos asignados a sus
compaeros de Pod. Utilice como prximo salto para estas rutas estticas la
direccin IP asignada al dispositivo srx contiguo en la subred 172.20.66.0/30.
[edit routing-options]
lab@srxA-1# set static route address/32 next-hop address
www.juniper.net
[edit routing-options]
lab@srxA-1# set static route address/32 next-hop address
[edit routing-options]
lab@srxA-1# set static route address/24 next-hop address
[edit routing-options]
lab@srxA-1# show
static {
route 0.0.0.0/0 next-hop 172.18.1.1;
route 192.168.1.2/32 next-hop 172.20.101.10;
route 192.168.2.1/32 next-hop 172.20.66.2;
route 192.168.2.2/32 next-hop 172.20.66.2;
route 172.20.102.0/24 next-hop 172.20.66.2;
}
Paso 2.8
Utilice la direccin IP asignada al srx remoto en la subred 172.20.77.0/30 como
prximo salto cualificado (qualified-next-hop) para las mismas rutas
estticas que acaba de configurar en el paso anterior con destino a las subredes y
loopbacks de sus compaeros de Pod. Use un valor de preferencia de ruta
(preference) de6 para estas nuevas definiciones de prximo salto. Revise su
configuracin y si est satisfecho active sus cambios y regrese al modo operacin.
[edit routing-options]
lab@srxA-1# set static route address/32 qualified-next-hop address preference 6
[edit routing-options]
lab@srxA-1# set static route address/32 qualified-next-hop address preference 6
[edit routing-options]
lab@srxA-1# set static route address/24 qualified-next-hop address preference 6
[edit routing-options]
lab@srxA-1# show
static {
route 0.0.0.0/0 next-hop 172.18.1.1;
route 192.168.1.2/32 next-hop 172.20.101.10;
route 192.168.2.1/32 {
next-hop 172.20.66.2;
qualified-next-hop 172.20.77.2 {
preference 6;
}
}
route 192.168.2.2/32 {
next-hop 172.20.66.2;
qualified-next-hop 172.20.77.2 {
preference 6;
}
}
route 172.20.102.0/24 {
next-hop 172.20.66.2;
qualified-next-hop 172.20.77.2 {
preference 6;
}
Laboratorio 114 Fundamentos de Enrutamiento
www.juniper.net
}
}
[edit routing-options]
lab@srxA-1# commit and-quit
commit complete
Exiting configuration mode
lab@srxA-1>
Paso 2.9
Introduzca el comando show route protocol static para visualizar las
rutas estticas que se encuentran presentes en la tabla de enrutamiento de su
dispositivo.
lab@srxA-1> show route protocol static
inet.0: 16 destinations, 19 routes (16 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
0.0.0.0/0
172.20.102.0/24
192.168.1.2/32
192.168.2.1/32
192.168.2.2/32
*[Static/5] 00:11:06
> to 172.18.1.1 via ge-0/0/3.0
*[Static/5] 00:00:44
> to 172.20.66.2 via ge-0/0/2.0
[Static/6] 00:00:44
> to 172.20.77.2 via ge-0/0/1.0
*[Static/5] 00:00:44
> to 172.20.101.10 via ge-0/0/4.101
*[Static/5] 00:00:44
> to 172.20.66.2 via ge-0/0/2.0
[Static/6] 00:00:44
> to 172.20.77.2 via ge-0/0/1.0
*[Static/5] 00:00:44
> to 172.20.66.2 via ge-0/0/2.0
[Static/6] 00:00:44
> to 172.20.77.2 via ge-0/0/1.0
www.juniper.net
www.juniper.net
STOP
Paso 3.2
Navegue hasta el nivel de la jerarqua de configuracin [edit protocols
ospf] y defina un rea 0 de OSPF que incluya todas las interfaces de su dispositivo
que conectan con el equipo srx remoto as como aquellas que conecten con el
router virtual que tiene directamente conectado. Asegrese de incluir tambin la
interfaz lo0. Introduzca el comando show para visualizar la configuracin
resultante.
www.juniper.net
www.juniper.net
State
Full
Full
Full
ID
192.168.2.1
192.168.2.1
192.168.1.2
Pri
128
128
128
Dead
37
37
39
192.168.1.2/32
192.168.2.1/32
www.juniper.net
192.168.2.2/32
224.0.0.5/32
www.juniper.net
}
}
}
[edit routing-options]
lab@srxA-1# delete static route address/32
[edit routing-options]
lab@srxA-1# delete static route address/32
[edit routing-options]
lab@srxA-1# delete static route address/32
[edit routing-options]
lab@srxA-1# delete static route address/24
[edit routing-options]
lab@srxA-1# show
static {
route 0.0.0.0/0 next-hop 172.18.1.1;
}
Paso 3.6
Active sus cambios de configuracin y regrese al modo operacin. Introduzca el
comando show route protocol ospf para comprobar que las rutas de OSPF
efectivamente se encuentran ahora activas.
[edit routing-options]
lab@srxA-1# commit and-quit
commit complete
Exiting configuration mode
lab@srxA-1> show route protocol ospf
inet.0: 17 destinations, 17 routes (17 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
172.20.102.0/24
192.168.1.2/32
192.168.2.1/32
192.168.2.2/32
224.0.0.5/32
lab@srxA-1>
www.juniper.net
www.juniper.net
lab@srxA-1> exit
srxA-1 (ttyu0)
login:
STOP
www.juniper.net
www.juniper.net
www.juniper.net
www.juniper.net
Laboratorio
Polticas de Enrutamiento
Sinopsis
Este laboratorio demuestra cmo configurar y monitorizar polticas de enrutamiento
(routing policy) en dispositivos que corren el sistema operativo Junos. En este ejercicio,
utilizar el CLI de Junos para definir, aplicar y monitorizar polticas de enrutamiento.
Tras completar este laboratorio, habr realizado las siguientes tareas:
www.juniper.net
Paso 1.3
Inicie sesin con su mquina utilizando el usuario lab y la contrasea lab123.
Observe que tanto el usuario como la contrasea vienen en letras minsculas.
Entre en modo configuracin y cargue el archivo reset de configuracin mediante el
comando load override /var/home/lab/jre/lab2-start.config.
Despus de que la configuracin haya sido cargada, haga commit de sus cambios.
Laboratorio 22 Polticas de Enrutamiento
www.juniper.net
srxA-1 (ttyp0)
login: lab
Password:
--- JUNOS 12.1R1.9 built 2012-03-24 12:12:49 UTC
lab@srxA-1> configure
Entering configuration mode
[edit]
lab@srxA-1# load override jre/lab2-start.config
load complete
[edit]
lab@srxA-1# commit
commit complete
[edit]
lab@srxA-1#
Paso 1.4
Navegue hasta el nivel de la jerarqua de configuracin [edit protocols
ospf], borre la interfaz etiquetada ge-0/0/4.vlan-id de la configuracin
OSPF y active sus cambios. Si fuera necesario, refirase al diagrama de topologa
de red para identificar dicha interfaz etiquetada.
[edit]
lab@srxA-1# edit protocols ospf
[edit protocols ospf]
lab@srxA-1# show
area 0.0.0.0 {
interface ge-0/0/1.0;
interface ge-0/0/2.0;
interface ge-0/0/4.101;
interface lo0.0;
}
[edit protocols ospf]
lab@srxA-1# delete area 0 interface ge-0/0/4.vlan-id
[edit protocols ospf]
lab@srxA-1# commit
commit complete
Paso 1.5
Navegue hasta el nivel de la jerarqua de configuracin [edit
routing-options]. Defina una ruta esttica para cada una de las tres subredes
conectadas al router virtual directamente conectado con su dispositivo. Utilice el
router virtual local como prximo salto (next-hop). Refirase al diagrama de
topologa de red para obtener detalles de las subredes de destino y el prximo salto
a utilizar.
[edit protocols ospf]
lab@srxA-1# top edit routing-options
www.juniper.net
[edit routing-options]
lab@srxA-1# set static route address/24 next-hop address
[edit routing-options]
lab@srxA-1# set static route address/24 next-hop address
[edit routing-options]
lab@srxA-1# set static route address/24 next-hop address
[edit routing-options]
lab@srxA-1#
Paso 1.6
Introduzca el comando show para visualizar la configuracin resultante. Si est
satisfecho con el resultado, active sus cambios y regrese al modo operacin
utilizando el comando commit and-quit.
[edit routing-options]
lab@srxA-1# show
static {
route 0.0.0.0/0 next-hop 172.18.1.1;
route 172.21.0.0/24 next-hop 172.20.101.10;
route 172.21.1.0/24 next-hop 172.20.101.10;
route 172.21.2.0/24 next-hop 172.20.101.10;
}
[edit routing-options]
lab@srxA-1# commit and-quit
commit complete
Exiting configuration mode
lab@srxA-1>
Paso 1.7
Introduzca el comando show route protocol static para mostrar las rutas
estticas en su tabla de enrutamiento.
lab@srxA-1> show route protocol static
inet.0: 17 destinations, 17 routes (17 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
0.0.0.0/0
172.21.0.0/24
172.21.1.0/24
172.21.2.0/24
*[Static/5] 01:30:15
> to 172.18.1.1 via ge-0/0/3.0
*[Static/5] 00:00:21
> to 172.20.101.10 via ge-0/0/4.101
*[Static/5] 00:00:21
> to 172.20.101.10 via ge-0/0/4.101
*[Static/5] 00:00:21
> to 172.20.101.10 via ge-0/0/4.101
www.juniper.net
www.juniper.net
State
Full
Full
ID
192.168.2.1
192.168.2.1
Pri
128
128
Dead
39
32
STOP
www.juniper.net
Paso 2.2
Navegue hasta el nivel de la jerarqua de configuracin [edit
policy-options].Cree una nueva poltica llamada default-route que
machee y acepte la ruta por defecto existente en su tabla de enrutamiento. Llame al
trmino match-default-static-route.
[edit]
lab@srxA-1# edit policy-options
[edit policy-options]
lab@srxA-1# edit policy-statement default-route
[edit policy-options policy-statement default-route]
lab@srxA-1# set term match-default-static-route from protocol static
[edit policy-options policy-statement default-route]
lab@srxA-1# set term match-default-static-route from route-filter 0/0 exact
[edit policy-options policy-statement default-route]
lab@srxA-1# set term match-default-static-route then accept
[edit policy-options policy-statement default-route]
lab@srxA-1#
Paso 2.3
Navegue hasta el nivel de la jerarqua de configuracin [edit protocols
ospf] y aplique la poltica que acaba de definir en OSPF como poltica de
exportacin. Active sus cambios de configuracin.
[edit policy-options policy-statement default-route]
lab@srxA-1# top edit protocols ospf
[edit protocols ospf]
lab@srxA-1# set export default-route
[edit protocols ospf]
lab@srxA-1# commit
commit complete
[edit protocols ospf]
lab@srxA-1#
Nota
www.juniper.net
Paso 2.4
Ejecute el comando run show route 0/0 exact para verificar que su
dispositivo ahora tiene una ruta por defecto de OSPF en la tabla de enrutamiento.
Compruebe con sus compaeros de Pod que ellos tambin ven una ruta por defecto
en OSPF que proviene de su dispositivo local.
[edit protocols ospf]
lab@srxA-1# run show route 0/0 exact
inet.0: 17 destinations, 18 routes (17 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
0.0.0.0/0
*[Static/5] 00:35:18
> to 172.18.1.1 via ge-0/0/3.0
[OSPF/150] 00:22:53, metric 0, tag 0
to 172.20.77.2 via ge-0/0/1.0
> to 172.20.66.2 via ge-0/0/2.0
www.juniper.net
www.juniper.net
Paso 2.6
Navegue hasta el nivel de la jerarqua de configuracin [edit protocols
ospf] y aplique la poltica interface-routes que acaba de configurar como
poltica de exportacin en OSPF. Active sus cambios de configuracin.
[edit policy-options policy-statement interface-routes]
lab@srxA-1# top edit protocols ospf
[edit protocols ospf]
lab@srxA-1# set export interface-routes
[edit protocols ospf]
lab@srxA-1# commit
commit complete
[edit protocols ospf]
lab@srxA-1#
Nota
172.18.2.0/30
172.20.102.0/24
192.168.2.1/32
224.0.0.5/32
www.juniper.net
www.juniper.net
then accept;
}
[edit policy-options policy-statement other-static-routes]
lab@srxA-1#
Paso 2.9
Navegue hasta el nivel de la jerarqua de configuracin [edit protocols
ospf] y aplique la poltica other-static-routes como poltica de exportacin
de OSPF. Active sus cambios de configuracin.
[edit policy-options policy-statement other-static-routes]
lab@srxA-1# top edit protocols ospf
[edit protocols ospf]
lab@srxA-1# set export other-static-routes
[edit protocols ospf]
lab@srxA-1# commit
commit complete
[edit protocols ospf]
lab@srxA-1#
Nota
172.18.2.0/30
172.20.102.0/24
[OSPF/150] 01:13:36,
to 172.20.77.2 via
> to 172.20.66.2 via
*[OSPF/150] 01:06:31,
to 172.20.77.2 via
> to 172.20.66.2 via
*[OSPF/150] 01:06:31,
> to 172.20.77.2 via
to 172.20.66.2 via
metric 0, tag 0
ge-0/0/1.0
ge-0/0/2.0
metric 0, tag 0
ge-0/0/1.0
ge-0/0/2.0
metric 0, tag 0
ge-0/0/1.0
ge-0/0/2.0
www.juniper.net
172.22.0.0/24
172.22.1.0/24
172.22.2.0/24
192.168.2.1/32
224.0.0.5/32
www.juniper.net
policy-statement other-static-routes {
term match-other-static-routes {
from {
protocol static;
route-filter 172.21.0.0/24 exact;
route-filter 172.21.1.0/24 exact;
route-filter 172.21.2.0/24 exact;
}
then accept;
}
}
[edit policy-options]
lab@srxA-1#
Paso 2.12
Utilice las polticas ya definidas como referencia. Cree una nueva poltica llamada
ospf-export con tres trminos distintos; match-default-route,
match-interface-routes match-other-static-routes. Asegrese
de que su nueva poltica ospf-export consigue el mismo resultado que las otras
tres polticas anteriores por separado.
[edit policy-options]
lab@srxA-1# edit policy-statement ospf-export
[edit policy-options policy-statement ospf-export]
lab@srxA-1# set term match-default-static-route from protocol static
[edit policy-options policy-statement ospf-export]
lab@srxA-1# set term match-default-static-route from route-filter 0/0 exact
[edit policy-options policy-statement ospf-export]
lab@srxA-1# set term match-default-static-route then accept
[edit policy-options policy-statement ospf-export]
lab@srxA-1# set term match-interface-routes from route-filter address/30 exact
[edit policy-options policy-statement ospf-export]
lab@srxA-1# set term match-interface-routes from route-filter address/24 exact
[edit policy-options policy-statement ospf-export]
lab@srxA-1# set term match-interface-routes then accept
[edit policy-options policy-statement ospf-export]
lab@srxA-1# set term match-other-static-routes from protocol static
[edit policy-options policy-statement ospf-export]
lab@srxA-1# set term match-other-static-routes from route-filter address/24
exact
[edit policy-options policy-statement ospf-export]
lab@srxA-1# set term match-other-static-routes from route-filter address/24
exact
www.juniper.net
Paso 2.13
Navegue hasta el nivel de la jerarqua de configuracin [edit protocols
ospf] y borre todas las polticas de exportacin que tenga aplicadas.
[edit policy-options policy-statement ospf-export]
lab@srxA-1# top edit protocols ospf
[edit protocols ospf]
lab@srxA-1# delete export
[edit protocols ospf]
lab@srxA-1#
Paso 2.14
Aplique como poltica de exportacin en OSPF la poltica que acaba de crear
ospf-export y active sus cambios mediante el comando commit.
[edit protocols ospf]
lab@srxA-1# set export ospf-export
[edit protocols ospf]
lab@srxA-1# commit
commit complete
Nota
0.0.0.0/0
172.18.2.0/30
172.20.102.0/24
172.22.0.0/24
172.22.1.0/24
172.22.2.0/24
192.168.2.1/32
224.0.0.5/32
www.juniper.net
[edit policy-options]
lab@srxA-1# commit and-quit
commit complete
Exiting configuration mode
lab@srxA-1>
Paso 2.17
Cierre la sesin con su dispositivo utilizando el comando exit.
lab@srxA-1> exit
srxA-1 (ttyu0)
login:
STOP
www.juniper.net
www.juniper.net
www.juniper.net
www.juniper.net
Laboratorio
Filtros de Firewall
Sinopsis
Este laboratorio le ensear cmo configurar y monitorizar filtros de firewall (firewall
filters) en dispositivos que corren el sistema operativo Junos. En este ejercicio utilizar el
CLI de Junos para definir, aplicar y monitorizar filtros de firewall.
Tras completar este laboratorio, habr realizado las siguientes tareas:
www.juniper.net
www.juniper.net
Paso 1.3
Inicie sesin en su mquina utilizando el usuario lab y la contrasea lab123.
Observe que tanto el usuario como la contrasea vienen en letras minsculas.
Entre en modo configuracin y cargue el archivo reset de configuracin mediante el
comando load override /var/home/lab/jre/lab3-start.config.
Despus de que la configuracin haya sido cargada, haga commit de sus cambios.
srxA-1 (ttyp0)
login: lab
Password:
--- JUNOS 12.1R1.9 built 2012-03-24 12:12:49 UTC
lab@srxA-1> configure
Entering configuration mode
[edit]
lab@srxA-1# load override jre/lab3-start.config
load complete
[edit]
lab@srxA-1# commit
commit complete
[edit]
lab@srxA-1#
Paso 1.4
Navegue hasta el nivel de la jerarqua de configuracin [edit system
services]. Introduzca el comando show para mostrar los servicios que se
encuentran habilitados.
[edit]
lab@srxA-1# edit system services
[edit system services]
lab@srxA-1# show
ssh;
telnet;
web-management {
http {
interface ge-0/0/0.0;
}
https {
system-generated-certificate;
interface all;
}
}
[edit system services]
lab@srxA-1#
www.juniper.net
www.juniper.net
Paso 1.7
Inicie sesin con el router virtual conectado a su dispositivo asignado utilizando la
informacin y los credenciales de la siguiente tabla:
Detalles de los Routers Virtuales
Dispositivo
Usuario
Contrasea
srxA-1
a1
lab123
srxA-2
a2
lab123
srxB-1
b1
lab123
srxB-2
b2
lab123
srxC-1
c1
lab123
srxC-2
c2
lab123
srxD-1
d1
lab123
srxD-2
d2
lab123
vr-device (ttyp0)
login: username
Password:
--- JUNOS 11.4R1.6 built 2011-11-15 11:28:05 UTC
NOTE: This router is divided into many virtual routers used by different teams.
Please only configure your own virtual router.
You must use 'configure private' to configure this router.
a1@vr-device>
Paso 1.8
Desde su router virtual vr10V (donde V es el router virtual especificado en el
diagrama de red) y mediante la utilidad ping verifique que tiene alcance a la
interfaz de loopback de su dispositivo srx y al host de Internet. Si fuera necesario,
refirase al diagrama de topologa de red de este laboratorio.
Nota
!!!!!!!!!!!!!!!!!!!!!!!!!
--- 192.168.1.1 ping statistics --25 packets transmitted, 25 packets received, 0% packet loss
round-trip min/avg/max/stddev = 2.532/7.853/123.251/23.561 ms
a1@vr-device> ping routing-instance local_instance 172.31.15.1 rapid count 25
PING 172.31.15.1 (172.31.15.1): 56 data bytes
!!!!!!!!!!!!!!!!!!!!!!!!!
--- 172.31.15.1 ping statistics --25 packets transmitted, 25 packets received, 0% packet loss
round-trip min/avg/max/stddev = 3.965/5.700/7.183/0.915 ms
www.juniper.net
Paso 1.10
Introduzca el comando bye para cerrar la sesin establecida de FTP.
ftp> bye
221 Goodbye.
a1@vr-device>
Paso 1.11
Intente establecer una sesin SSH con su dispositivo asignado desde su router
virtual mediante el comando ssh routing-instance instance
lab@address. Haga referencia a la instancia asociada con su router virtual y
utilice la direccin de loopback de su dispositivo como direccin de destino.
a1@vr-device> ssh routing-instance local_instance lab@address
The authenticity of host '10.210.14.131 (10.210.14.131)' can't be established.
RSA key fingerprint is 7b:a1:9b:00:6e:7f:aa:5b:65:b3:b2:4c:5e:d6:8e:f2.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '10.210.14.131' (RSA) to the list of known hosts.
lab@10.210.14.131's password:
--- JUNOS 12.1R1.9 built 2012-03-24 12:12:49 UTC
lab@srxA-1>
Paso 1.13
Intente establecer una sesin Telnet desde el router virtual con su dispositivo
asignado. Utilice la direccin de loopback de su dispositivo como direccin de
destino. Inicie sesin como usuario lab para comprobar el funcionamiento de este
servicio.
www.juniper.net
www.juniper.net
Address
172.20.77.2
172.20.66.2
Interface
ge-0/0/1.0
ge-0/0/2.0
State
Full
Full
ID
192.168.2.1
192.168.2.1
Pri
128
128
Dead
37
34
10.210.14.128/27
10.210.14.131/32
172.18.1.0/30
172.18.1.2/32
172.18.2.0/30
172.20.66.0/30
172.20.66.1/32
172.20.77.0/30
172.20.77.1/32
172.20.101.0/24
172.20.101.1/32
172.20.102.0/24
172.21.0.0/24
172.21.1.0/24
172.21.2.0/24
172.22.0.0/24
172.22.1.0/24
www.juniper.net
*[Static/5] 14:31:10
> to 172.18.1.1 via ge-0/0/3.0
[OSPF/150] 12:52:11, metric 0, tag 0
to 172.20.77.2 via ge-0/0/1.0
> to 172.20.66.2 via ge-0/0/2.0
*[Direct/0] 17:07:19
> via ge-0/0/0.0
*[Local/0] 17:07:23
Local via ge-0/0/0.0
*[Direct/0] 14:51:36
> via ge-0/0/3.0
*[Local/0] 14:51:36
Local via ge-0/0/3.0
*[OSPF/150] 12:45:06, metric 0, tag 0
to 172.20.77.2 via ge-0/0/1.0
> to 172.20.66.2 via ge-0/0/2.0
*[Direct/0] 14:51:36
> via ge-0/0/2.0
*[Local/0] 14:51:36
Local via ge-0/0/2.0
*[Direct/0] 14:51:36
> via ge-0/0/1.0
*[Local/0] 14:51:36
Local via ge-0/0/1.0
*[Direct/0] 14:51:36
> via ge-0/0/4.101
*[Local/0] 14:51:36
Local via ge-0/0/4.101
*[OSPF/150] 12:45:06, metric 0, tag 0
> to 172.20.77.2 via ge-0/0/1.0
to 172.20.66.2 via ge-0/0/2.0
*[Static/5] 13:01:16
> to 172.20.101.10 via ge-0/0/4.101
*[Static/5] 13:01:16
> to 172.20.101.10 via ge-0/0/4.101
*[Static/5] 13:01:16
> to 172.20.101.10 via ge-0/0/4.101
*[OSPF/150] 11:39:23, metric 0, tag 0
> to 172.20.77.2 via ge-0/0/1.0
to 172.20.66.2 via ge-0/0/2.0
*[OSPF/150] 11:39:23, metric 0, tag 0
> to 172.20.77.2 via ge-0/0/1.0
to 172.20.66.2 via ge-0/0/2.0
172.22.2.0/24
192.168.1.1/32
192.168.2.1/32
224.0.0.5/32
STOP
www.juniper.net
[edit]
lab@srxA-1# load override jre/lab3-part2-start.config
load complete
[edit]
lab@srxA-1# commit
commit complete
[edit]
lab@srxA-1#
Paso 2.2
Desde su dispositivo asignado, navegue hasta el nivel de la jerarqua de
configuracin [edit firewall]. Introduzca el comando edit family ?
y responda a la siguiente pregunta:
[edit]
lab@srxA-1# edit firewall
[edit firewall]
lab@srxA-1# edit family ?
Possible completions:
> any
Protocol-independent filter
> bridge
Protocol family BRIDGE for firewall filter
> ccc
Protocol family CCC for firewall filter
> inet
Protocol family IPv4 for firewall filter
> inet6
Protocol family IPv6 for firewall filter
> mpls
Protocol family MPLS for firewall filter
> vpls
Protocol family VPLS for firewall filter
[edit firewall]
lab@srxA-1# edit family
Paso 2.4
Cree un trmino con el nombre limit-icmp que solamente permita paquetes
ICMP de entrada que provengan de la subred 10.210.0.0/16.
www.juniper.net
Paso 2.5
Cree un trmino llamado limit-ftp que permita paquetes FTP de entrada que
provengan de la subred 10.210.0.0/16.
[edit firewall family inet filter protect-host]
lab@srxA-1# set term limit-ftp from protocol tcp port ftp
[edit firewall family inet filter protect-host]
lab@srxA-1# set term limit-ftp from source-address 10.210.0.0/16
[edit firewall family inet filter protect-host]
lab@srxA-1# set term limit-ftp then accept
Paso 2.6
Cree un trmino llamado limit-ssh que permita paquetes SSH de entrada que
provengan de la subred 10.210.0.0/16.
[edit firewall family inet filter protect-host]
lab@srxA-1# set term limit-ssh from protocol tcp port ssh
[edit firewall family inet filter protect-host]
lab@srxA-1# set term limit-ssh from source-address 10.210.0.0/16
[edit firewall family inet filter protect-host]
lab@srxA-1# set term limit-ssh then accept
Paso 2.7
Cree un trmino llamado limit-telnet que permita paquetes Telnet de entrada
que provengan de la subred 10.210.0.0/16.
[edit firewall family inet filter protect-host]
lab@srxA-1# set term limit-telnet from protocol tcp port telnet
[edit firewall family inet filter protect-host]
lab@srxA-1# set term limit-telnet from source-address 10.210.0.0/16
[edit firewall family inet filter protect-host]
lab@srxA-1# set term limit-telnet then accept
Paso 2.8
Navegue hasta el nivel de la jerarqua de configuracin [edit interfaces
lo0] y aplique el filtro de firewall protect-host que acaba de crear como filtro
de entrada (input filter) a la unidad lgica de la interfaz bajo family inet.
Introduzca el comando commit para activar sus cambios de configuracin.
[edit firewall family inet filter protect-host]
lab@srxA-1# top edit interfaces lo0
Laboratorio 312 Filtros de Firewall
www.juniper.net
Paso 2.9
Regrese a la sesin que mantiene abierta con el router virtual vr-device. Desde
el contexto de su router virtual correspondiente, lance pings para verificar que
tiene alcance a la direccin IP de loopback de su dispositivo y al host de Internet.
Refirase al diagrama de gestin y topologa de red para realizar estas pruebas.
Nota
www.juniper.net
www.juniper.net
www.juniper.net
www.juniper.net
*[Static/5] 14:48:28
> to 172.18.1.1 via ge-0/0/3.0
*[Direct/0] 17:24:37
> via ge-0/0/0.0
*[Local/0] 17:24:41
Local via ge-0/0/0.0
*[Direct/0] 15:08:54
> via ge-0/0/3.0
*[Local/0] 15:08:54
Local via ge-0/0/3.0
*[Direct/0] 15:08:54
> via ge-0/0/2.0
*[Local/0] 15:08:54
Local via ge-0/0/2.0
*[Direct/0] 15:08:54
> via ge-0/0/1.0
*[Local/0] 15:08:54
Local via ge-0/0/1.0
*[Direct/0] 15:08:54
> via ge-0/0/4.101
*[Local/0] 15:08:54
Local via ge-0/0/4.101
*[Static/5] 13:18:34
> to 172.20.101.10 via ge-0/0/4.101
*[Static/5] 13:18:34
> to 172.20.101.10 via ge-0/0/4.101
*[Static/5] 13:18:34
> to 172.20.101.10 via ge-0/0/4.101
*[Direct/0] 15:08:54
> via lo0.0
*[OSPF/10] 13:40:40, metric 1
MultiRecv
www.juniper.net
Paso 2.14
Introduzca los comandos run show ospf neighbor y run show route de
nuevo para verificar el estado de las adyacencias de OSPF con sus vecinos
contiguos. Compruebe tambin que las rutas OSPF en la tabla de enrutamiento se
restauran adecuadamente.
[edit interfaces lo0]
lab@srxA-1# run show ospf neighbor
Address
Interface
172.20.77.2
ge-0/0/1.0
172.20.66.2
ge-0/0/2.0
State
Full
Full
ID
192.168.2.1
192.168.2.1
Pri
128
128
Dead
35
38
10.210.14.128/27
10.210.14.131/32
172.18.1.0/30
172.18.1.2/32
172.18.2.0/30
172.20.66.0/30
172.20.66.1/32
172.20.77.0/30
172.20.77.1/32
172.20.101.0/24
172.20.101.1/32
172.20.102.0/24
172.21.0.0/24
172.21.1.0/24
172.21.2.0/24
www.juniper.net
*[Static/5] 14:55:12
> to 172.18.1.1 via ge-0/0/3.0
[OSPF/150] 00:00:34, metric 0, tag 0
> to 172.20.77.2 via ge-0/0/1.0
to 172.20.66.2 via ge-0/0/2.0
*[Direct/0] 17:31:21
> via ge-0/0/0.0
*[Local/0] 17:31:25
Local via ge-0/0/0.0
*[Direct/0] 15:15:38
> via ge-0/0/3.0
*[Local/0] 15:15:38
Local via ge-0/0/3.0
*[OSPF/150] 00:00:34, metric 0, tag 0
to 172.20.77.2 via ge-0/0/1.0
> to 172.20.66.2 via ge-0/0/2.0
*[Direct/0] 15:15:38
> via ge-0/0/2.0
*[Local/0] 15:15:38
Local via ge-0/0/2.0
*[Direct/0] 15:15:38
> via ge-0/0/1.0
*[Local/0] 15:15:38
Local via ge-0/0/1.0
*[Direct/0] 15:15:38
> via ge-0/0/4.101
*[Local/0] 15:15:38
Local via ge-0/0/4.101
*[OSPF/150] 00:00:34, metric 0, tag 0
> to 172.20.77.2 via ge-0/0/1.0
to 172.20.66.2 via ge-0/0/2.0
*[Static/5] 13:25:18
> to 172.20.101.10 via ge-0/0/4.101
*[Static/5] 13:25:18
> to 172.20.101.10 via ge-0/0/4.101
*[Static/5] 13:25:18
> to 172.20.101.10 via ge-0/0/4.101
Filtros de Firewall Laboratorio 319
172.22.0.0/24
172.22.1.0/24
172.22.2.0/24
192.168.1.1/32
192.168.2.1/32
224.0.0.5/32
www.juniper.net
www.juniper.net
from {
source-address {
10.210.0.0/16 except;
0.0.0.0/0;
}
protocol icmp;
}
then {
count count-limit-icmp;
discard;
}
}
term limit-ftp {
from {
source-address {
10.210.0.0/16 except;
0.0.0.0/0;
}
protocol tcp;
port ftp;
}
then {
count count-limit-ftp;
discard;
}
}
term limit-ssh {
from {
source-address {
10.210.0.0/16 except;
0.0.0.0/0;
}
protocol tcp;
port ssh;
}
then {
count count-limit-ssh;
discard;
}
}
term limit-telnet {
from {
source-address {
10.210.0.0/16 except;
0.0.0.0/0;
}
protocol tcp;
port telnet;
}
then {
count count-limit-telnet;
discard;
}
}
www.juniper.net
term else-accept {
then {
count count-else-accept;
accept;
}
}
[edit firewall family inet filter protect-host]
lab@srxA-1#
Paso 2.16
Regrese al nivel de la jerarqua de configuracin [edit interfaces lo0] y
reactive el filtro protect-host. Introduzca el comando commit and-quit para
hacer efectivos sus cambios de configuracin y volver al modo operacin.
[edit firewall family inet filter protect-host]
lab@srxA-1# top edit interfaces lo0
[edit interfaces lo0]
lab@srxA-1# activate unit 0 family inet filter
[edit interfaces lo0]
lab@srxA-1# show
unit 0 {
family inet {
filter {
input protect-host;
}
address 192.168.1.1/32;
}
}
[edit interfaces lo0]
lab@srxA-1# commit and-quit
commit complete
Exiting configuration mode
lab@srxA-1>
Paso 2.17
Introduzca los comandos show ospf neighbor y show route de nuevo para
verificar que el estado de las adyacencias de OSPF con sus vecinos contiguos es
completo (Full) y que hay rutas de OSPF presentes en la tabla de enrutamiento.
lab@srxA-1> show ospf neighbor
Address
Interface
172.20.77.2
ge-0/0/1.0
172.20.66.2
ge-0/0/2.0
State
Full
Full
ID
192.168.2.1
192.168.2.1
Pri
128
128
Dead
36
36
www.juniper.net
0.0.0.0/0
10.210.14.128/27
10.210.14.131/32
172.18.1.0/30
172.18.1.2/32
172.18.2.0/30
172.20.66.0/30
172.20.66.1/32
172.20.77.0/30
172.20.77.1/32
172.20.101.0/24
172.20.101.1/32
172.20.102.0/24
172.21.0.0/24
172.21.1.0/24
172.21.2.0/24
172.22.0.0/24
172.22.1.0/24
172.22.2.0/24
192.168.1.1/32
192.168.2.1/32
224.0.0.5/32
*[Static/5] 15:02:09
> to 172.18.1.1 via ge-0/0/3.0
[OSPF/150] 00:07:31, metric 0, tag 0
> to 172.20.77.2 via ge-0/0/1.0
to 172.20.66.2 via ge-0/0/2.0
*[Direct/0] 17:38:18
> via ge-0/0/0.0
*[Local/0] 17:38:22
Local via ge-0/0/0.0
*[Direct/0] 15:22:35
> via ge-0/0/3.0
*[Local/0] 15:22:35
Local via ge-0/0/3.0
*[OSPF/150] 00:07:31, metric 0, tag 0
to 172.20.77.2 via ge-0/0/1.0
> to 172.20.66.2 via ge-0/0/2.0
*[Direct/0] 15:22:35
> via ge-0/0/2.0
*[Local/0] 15:22:35
Local via ge-0/0/2.0
*[Direct/0] 15:22:35
> via ge-0/0/1.0
*[Local/0] 15:22:35
Local via ge-0/0/1.0
*[Direct/0] 15:22:35
> via ge-0/0/4.101
*[Local/0] 15:22:35
Local via ge-0/0/4.101
*[OSPF/150] 00:07:31, metric 0, tag 0
> to 172.20.77.2 via ge-0/0/1.0
to 172.20.66.2 via ge-0/0/2.0
*[Static/5] 13:32:15
> to 172.20.101.10 via ge-0/0/4.101
*[Static/5] 13:32:15
> to 172.20.101.10 via ge-0/0/4.101
*[Static/5] 13:32:15
> to 172.20.101.10 via ge-0/0/4.101
*[OSPF/150] 00:07:31, metric 0, tag 0
to 172.20.77.2 via ge-0/0/1.0
> to 172.20.66.2 via ge-0/0/2.0
*[OSPF/150] 00:07:31, metric 0, tag 0
> to 172.20.77.2 via ge-0/0/1.0
to 172.20.66.2 via ge-0/0/2.0
*[OSPF/150] 00:07:31, metric 0, tag 0
to 172.20.77.2 via ge-0/0/1.0
> to 172.20.66.2 via ge-0/0/2.0
*[Direct/0] 15:22:35
> via lo0.0
*[OSPF/10] 00:07:31, metric 1
> to 172.20.77.2 via ge-0/0/1.0
to 172.20.66.2 via ge-0/0/2.0
*[OSPF/10] 13:54:21, metric 1
MultiRecv
www.juniper.net
Paso 2.19
Desde su router virtual, intente establecer sesiones FTP, SSH y Telnet a su
dispositivo asignado. Use la direccin de loopback de su dispositivo como direccin
de destino. Utilice la cuenta de usuario lab para realizar estas pruebas
Nota
www.juniper.net
www.juniper.net
Password:
230 User lab logged in.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> bye
221 Goodbye.
a1@vr-device> ssh lab@management_address
lab@10.210.14.131's password:
--- JUNOS 12.1R1.9 built 2012-03-24 12:12:49 UTC
lab@srxA-1> exit
Connection to 10.210.14.131 closed.
a1@vr-device> telnet management_address
Trying 10.210.14.131...
Connected to 10.210.14.131.
Escape character is '^]'.
srxA-1 (ttyp0)
login: lab
Password:
--- JUNOS 12.1R1.9 built 2012-03-24 12:12:49 UTC
lab@srxA-1> exit
Connection closed by foreign host.
a1@vr-device>
www.juniper.net
Paso 2.21
Regrese a la sesin que mantiene abierta con su dispositivo srx.
Desde esta sesin, introduzca el comando show firewall para determinar si los
contadores asociados al filtro estn siendo incrementados.
Bytes
18241
64
1260
64
128
Packets
250
1
15
1
2
srxA-1 (ttyu0)
login:
STOP
www.juniper.net
www.juniper.net
www.juniper.net
www.juniper.net
www.juniper.net
Laboratorio
Calidad de Servicio (CoS) (Opcional)
Sinopsis
Este laboratorio explora la configuracin bsica de la calidad de servicio (class of service
o abreviadamente CoS) en dispositivos que corren el sistema operativo Junos. En este
ejercicio utilizar el CLI de Junos para definir, aplicar y monitorizar los diferentes
componentes de calidad de servicio (CoS).
Tras completar este laboratorio, habr realizado las siguientes tareas:
www.juniper.net
www.juniper.net
Paso 1.3
Inicie sesin en su mquina utilizando el usuario lab y la contrasea lab123.
Observe que tanto el usuario como la contrasea vienen en letras minsculas.
Entre en modo configuracin y cargue el archivo reset de configuracin mediante el
comando load override /var/home/lab/jre/lab4-start.config.
Despus de que la configuracin haya sido cargada, haga commit de sus cambios.
srxA-1 (ttyp0)
login: lab
Password:
--- JUNOS 12.1R1.9 built 2012-03-24 12:12:49 UTC
lab@srxA-1> configure
Entering configuration mode
[edit]
lab@srxA-1# load override jre/lab4-start.config
load complete
[edit]
lab@srxA-1# commit
commit complete
[edit]
lab@srxA-1#
Paso 1.4
Navegue hasta el nivel de la jerarqua de configuracin [edit interfaces] y
aada una unidad lgica adicional a la interfaz etiquetada ge-0/0/4. Para obtener
el direccionamiento IP y otros detalles de configuracin de las interfaces (como la
vlan-id) refirase al diagrama de la topologa de red correspondiente a este
laboratorio.
[edit]
lab@srxA-1# edit interfaces
[edit interfaces]
lab@srxA-1# set ge-0/0/4 unit vlan-id family inet address address/24
[edit interfaces]
lab@srxA-1# set ge-0/0/4 unit vlan-id vlan-id vlan-id
[edit interfaces]
lab@srxA-1#
Paso 1.5
Muestre el resultado de sus cambios de configuracin y verifique que son correctos.
Una vez satisfecho con su configuracin de las interfaces, introduzca el comando
commit para activar sus cambios.
[edit interfaces]
lab@srxA-1# show ge-0/0/4
vlan-tagging;
unit 101 {
www.juniper.net
vlan-id 101;
family inet {
address 172.20.101.1/24;
}
}
unit 201 {
vlan-id 201;
family inet {
address 172.20.201.1/24;
}
}
[edit interfaces]
lab@srxA-1# commit
commit complete
Paso 1.6
Mediante la utilidad ping compruebe que tiene conectividad con los dos routers
virtuales directamente conectados a su dispositivo.
[edit interfaces]
lab@srxA-1# run ping address rapid count 25
PING 172.20.101.10 (172.20.101.10): 56 data bytes
!!!!!!!!!!!!!!!!!!!!!!!!!
--- 172.20.101.10 ping statistics --25 packets transmitted, 25 packets received, 0% packet loss
round-trip min/avg/max/stddev = 3.537/4.971/12.238/2.008 ms
[edit interfaces]
lab@srxA-1# run ping address rapid count 25
PING 172.20.201.10 (172.20.201.10): 56 data bytes
!!!!!!!!!!!!!!!!!!!!!!!!!
--- 172.20.201.10 ping statistics --25 packets transmitted, 25 packets received, 0% packet loss
round-trip min/avg/max/stddev = 3.299/9.487/124.851/23.574 ms
www.juniper.net
[edit interfaces]
lab@srxA-1# top edit policy-options policy-statement ospf-export
[edit policy-options policy-statement ospf-export]
lab@srxA-1# set term match-interface-routes from route-filter address/24 exact
[edit policy-options policy-statement ospf-export]
lab@srxA-1# show
term match-interface-routes {
from {
route-filter 172.20.101.0/24 exact;
route-filter 172.20.201.0/24 exact;
}
then accept;
}
[edit policy-options policy-statement ospf-export]
lab@srxA-1# commit
commit complete
[edit policy-options policy-statement ospf-export]
lab@srxA-1#
Nota
Pri
128
Dead
35
www.juniper.net
www.juniper.net
Paso 1.10
Inicie sesin con el router virtual conectado a su dispositivo asignado utilizando la
informacin y credenciales de la siguiente tabla:
Detalles de los Routers Virtuales
Dispositivo
Usuario
Contrasea
srxA-1
a1
lab123
srxA-2
a2
lab123
srxB-1
b1
lab123
srxB-2
b2
lab123
srxC-1
c1
lab123
srxC-2
c2
lab123
srxD-1
d1
lab123
srxD-2
d2
lab123
vr-device (ttyp0)
login: username
Password:
--- JUNOS 11.4R1.6 built 2011-11-15 11:28:05 UTC
NOTE: This router is divided into many virtual routers used by different teams.
Please only configure your own virtual router.
You must use 'configure private' to configure this router.
a1@vr-device>
Paso 1.11
Desde los dos routers virtuales directamente conectados a su dispositivo y
utilizando ping verifique que tiene alcance a los dos routers virtuales conectados
al srx remoto de sus compaeros de laboratorio. Refirase al diagrama de topologa
de red de este laboratorio para obtener las direcciones de IP de destino para
realizar estas pruebas.
Nota
www.juniper.net
Forwarding Class
Bandwidth y
Buffers (%)
Prioridad
best-effort
40
Low
admin
45
Medium-low
voip
10
High
network-control
Medium-high
Paso 2.1
Regrese a la sesin que mantiene abierta con su dispositivo srx.
Desde su dispositivo asignado, navegue hasta el nivel ms alto de la jerarqua de la
configuracin y cargue el archivo lab4-part2-start.config desde el
directorio /var/home/lab/jre/. Haga commit de su configuracin cuando
termine.
[edit policy-options policy-statement ospf-export]
lab@srxA-1# top
[edit]
lab@srxA-1# load override jre/lab4-part2-start.config
load complete
[edit]
lab@srxA-1# commit
commit complete
[edit]
lab@srxA-1#
Paso 2.2
Navegue hasta el nivel de la jerarqua de configuracin [edit
class-of-service forwarding-classes]. Configure el mapeo de
forwarding class a cola (queue) de acuerdo con las definiciones de la tabla anterior.
[edit]
lab@srxA-1# edit class-of-service forwarding-classes
www.juniper.net
www.juniper.net
Paso 2.4
Configure un scheduler-map llamado my-sched-map que asocie cada forwarding
class con su correspondiente scheduler.
[edit class-of-service schedulers network-control-sched]
lab@srxA-1# up 2
[edit class-of-service]
lab@srxA-1# edit scheduler-maps my-sched-map
[edit class-of-service scheduler-maps my-sched-map]
lab@srxA-1# set forwarding-class best-effort scheduler best-effort-sched
[edit class-of-service scheduler-maps my-sched-map]
lab@srxA-1# set forwarding-class admin scheduler admin-sched
[edit class-of-service scheduler-maps my-sched-map]
lab@srxA-1# set forwarding-class voip scheduler voip-sched
www.juniper.net
Paso 2.5
Asigne el scheduler-map a todas las interfaces configuradas en su dispositivo y
haga commit de su configuracin cuando termine. Refirase al diagrama de
topologa de red si fuera necesario.
[edit class-of-service scheduler-maps my-sched-map]
lab@srxA-1# up 2
[edit class-of-service]
lab@srxA-1# edit interfaces
[edit class-of-service interfaces]
lab@srxA-1# set ge-0/0/4 scheduler-map my-sched-map
[edit class-of-service interfaces]
lab@srxA-1# set ge-0/0/1 scheduler-map my-sched-map
[edit class-of-service interfaces]
lab@srxA-1# commit
commit complete
[edit class-of-service interfaces]
lab@srxA-1#
www.juniper.net
Paso 3.2
Dirjase al nivel del la jerarqua de configuracin [edit firewall family
inet filter classify-traffic] para crear un nuevo filtro de firewall
llamado classify-traffic. Cree un trmino con el nombre sip que site el
trfico SIP originado desde la subred de su router virtual vr10V directamente
conectado (donde V es el virtual router tal y como viene especificado en el diagrama
de red) en la forwarding class voip. El trfico SIP utiliza ambos puertos UDP o TCP
5060.
[edit]
lab@srxA-1# edit firewall family inet filter classify-traffic
[edit firewall family inet filter classify-traffic]
lab@srxA-1# set term sip from source-address address/24
[edit firewall family inet filter classify-traffic]
lab@srxA-1# set term sip from protocol [tcp udp] port 5060
[edit firewall family inet filter classify-traffic]
lab@srxA-1# set term sip then forwarding-class voip
[edit firewall family inet filter classify-traffic]
lab@srxA-1# set term sip then accept
[edit firewall family inet filter classify-traffic]
lab@srxA-1#
www.juniper.net
Paso 3.3
Cree un trmino llamado rtp que site el trfico RTP originado desde la subred del
router virtual vr10V (donde V es el virtual router especificado en el diagrama de red)
en la forwarding class voip. El trfico RTP utiliza UDP en el rango de puertos
1638432767.
[edit firewall family inet filter classify-traffic]
lab@srxA-1# set term rtp from source-address address/24
[edit firewall family inet filter classify-traffic]
lab@srxA-1# set term rtp from protocol udp port 16384-32767
[edit firewall family inet filter classify-traffic]
lab@srxA-1# set term rtp then forwarding-class voip
[edit firewall family inet filter classify-traffic]
lab@srxA-1# set term rtp then accept
Paso 3.4
Cree un nuevo trmino llamado admin que site trfico originado dentro del rango
asociado a su router virtual vr20V directamente conectado (donde V es el router
virtual especificado en el diagrama de red) en la forwarding class admin.
[edit firewall family inet filter classify-traffic]
lab@srxA-1# set term admin from source-address address/24
[edit firewall family inet filter classify-traffic]
lab@srxA-1# set term admin then forwarding-class admin
[edit firewall family inet filter classify-traffic]
lab@srxA-1# set term admin then accept
Paso 3.5
Cree un ltimo trmino llamado accept-all que acepte todo el trfico restante y
lo coloque en la forwarding class por defecto.
[edit firewall family inet filter classify-traffic]
lab@srxA-1# set term accept-all then accept
Paso 3.6
Aplique el filtro de firewall classify-traffic a las interfaces etiquetadas con
identificadores VLAN de su dispositivo para que procesen el trfico de entrada
procedente de los routers virtuales directamente conectados. Introduzca el
comando commit para activar los cambios de configuracin.
[edit firewall family inet filter classify-traffic]
lab@srxA-1# top edit interfaces ge-0/0/4
[edit interfaces ge-0/0/4]
lab@srxA-1# set unit vlan-id family inet filter input classify-traffic
[edit interfaces ge-0/0/4]
lab@srxA-1# set unit vlan-id family inet filter input classify-traffic
www.juniper.net
Paso 4.2
Borre las estadsticas de todas las interfaces mediante el comando clear
interface statistics all.
lab@srxA-1> clear interfaces statistics all
Paso 4.3
Desde el dispositivo que le ha sido asignado, introduzca el comando show
interfaces queue ge-0/0/1 para verificar las estadsticas de las colas de la
interfaz ge-0/0/1. Este comando permite visualizar estadsticas de trfico por cada
cola. Utilice estas estadsticas como referencia para realizar las siguientes pruebas.
lab@srxA-1> show interfaces queue ge-0/0/1
Physical interface: ge-0/0/1, Enabled, Physical link is Up
Interface index: 132, SNMP ifIndex: 119
Forwarding classes: 8 supported, 4 in use
Egress queues: 8 supported, 4 in use
Queue: 0, Forwarding classes: best-effort
Queued:
Packets
:
0
Bytes
:
0
www.juniper.net
0 pps
0 bps
Transmitted:
Packets
:
0
Bytes
:
0
Tail-dropped packets :
0
RED-dropped packets :
0
Low
:
0
Medium-low
:
0
Medium-high
:
0
High
:
0
RED-dropped bytes
:
0
Low
:
0
Medium-low
:
0
Medium-high
:
0
High
:
0
Queue: 1, Forwarding classes: admin
Queued:
Packets
:
0
Bytes
:
0
Transmitted:
Packets
:
0
Bytes
:
0
Tail-dropped packets :
0
RED-dropped packets :
0
Low
:
0
Medium-low
:
0
Medium-high
:
0
High
:
0
RED-dropped bytes
:
0
Low
:
0
Medium-low
:
0
Medium-high
:
0
High
:
0
Queue: 2, Forwarding classes: voip
Queued:
Packets
:
0
Bytes
:
0
Transmitted:
Packets
:
0
Bytes
:
0
Tail-dropped packets :
0
RED-dropped packets :
0
Low
:
0
Medium-low
:
0
Medium-high
:
0
High
:
0
RED-dropped bytes
:
0
Low
:
0
Medium-low
:
0
Medium-high
:
0
High
:
0
Queue: 3, Forwarding classes: network-control
Queued:
Packets
:
2
Bytes
:
188
0 pps
368 bps
www.juniper.net
0
0
0
0
0
0
0
0
0
0
0
0
0 pps
bps
pps
pps
pps
pps
pps
pps
bps
bps
bps
bps
bps
0 pps
0 bps
0
0
0
0
0
0
0
0
0
0
0
0
0 pps
bps
pps
pps
pps
pps
pps
pps
bps
bps
bps
bps
bps
0 pps
0 bps
0
0
0
0
0
0
0
0
0
0
0
0
0 pps
bps
pps
pps
pps
pps
pps
pps
bps
bps
bps
bps
bps
Transmitted:
Packets
Bytes
Tail-dropped packets
RED-dropped packets
Low
Medium-low
Medium-high
High
RED-dropped bytes
Low
Medium-low
Medium-high
High
:
:
:
:
:
:
:
:
:
:
:
:
:
2
188
0
0
0
0
0
0
0
0
0
0
0
368
0
0
0
0
0
0
0
0
0
0
0
0 pps
bps
pps
pps
pps
pps
pps
pps
bps
bps
bps
bps
bps
www.juniper.net
0 pps
0 bps
0
0
0
0
0
0
0
0 pps
bps
pps
pps
pps
pps
pps
pps
www.juniper.net
RED-dropped bytes
:
0
Low
:
0
Medium-low
:
0
Medium-high
:
0
High
:
0
Queue: 1, Forwarding classes: admin
Queued:
Packets
:
0
Bytes
:
0
Transmitted:
Packets
:
0
Bytes
:
0
Tail-dropped packets :
0
RED-dropped packets :
0
Low
:
0
Medium-low
:
0
Medium-high
:
0
High
:
0
RED-dropped bytes
:
0
Low
:
0
Medium-low
:
0
Medium-high
:
0
High
:
0
Queue: 2, Forwarding classes: voip
Queued:
Packets
:
0
Bytes
:
0
Transmitted:
Packets
:
0
Bytes
:
0
Tail-dropped packets :
0
RED-dropped packets :
0
Low
:
0
Medium-low
:
0
Medium-high
:
0
High
:
0
RED-dropped bytes
:
0
Low
:
0
Medium-low
:
0
Medium-high
:
0
High
:
0
Queue: 3, Forwarding classes: network-control
Queued:
Packets
:
96
Bytes
:
9008
Transmitted:
Packets
:
96
Bytes
:
9008
Tail-dropped packets :
0
RED-dropped packets :
0
Low
:
0
Medium-low
:
0
Medium-high
:
0
High
:
0
www.juniper.net
0
0
0
0
0
bps
bps
bps
bps
bps
0 pps
0 bps
0
0
0
0
0
0
0
0
0
0
0
0
0 pps
bps
pps
pps
pps
pps
pps
pps
bps
bps
bps
bps
bps
0 pps
0 bps
0 pps
0 bps
0 pps
0 pps
0 pps
0 pps
0 pps
0 pps
0 bps
0 bps
0 bps
0 bps
0 bps
0 pps
0 bps
0
0
0
0
0
0
0
0 pps
bps
pps
pps
pps
pps
pps
pps
RED-dropped bytes
Low
Medium-low
Medium-high
High
:
:
:
:
:
0
0
0
0
0
0
0
0
0
0
bps
bps
bps
bps
bps
Paso 4.6
Regrese a la sesin que mantiene abierta con el router virtual vr-device.
Mediante la utilidad ping enve trfico ICMP desde el dispositivo virtual local
vr20V al router virtual remoto vr20V (donde V es el router virtual especificado en
el diagrama de red). Utilice la opcin count con un valor de 100. Si as lo desea,
incluya tambin la opcin rapid para acelerar el proceso. Refirase al diagrama de
topologa de red para obtener las direcciones IP de destino.
Nota
www.juniper.net
Queued:
Packets
:
101
Bytes
:
9842
Transmitted:
Packets
:
101
Bytes
:
9842
Tail-dropped packets :
0
RED-dropped packets :
0
Low
:
0
Medium-low
:
0
Medium-high
:
0
High
:
0
RED-dropped bytes
:
0
Low
:
0
Medium-low
:
0
Medium-high
:
0
High
:
0
Queue: 1, Forwarding classes: admin
Queued:
Packets
:
100
Bytes
:
9800
Transmitted:
Packets
:
100
Bytes
:
9800
Tail-dropped packets :
0
RED-dropped packets :
0
Low
:
0
Medium-low
:
0
Medium-high
:
0
High
:
0
RED-dropped bytes
:
0
Low
:
0
Medium-low
:
0
Medium-high
:
0
High
:
0
Queue: 2, Forwarding classes: voip
Queued:
Packets
:
0
Bytes
:
0
Transmitted:
Packets
:
0
Bytes
:
0
Tail-dropped packets :
0
RED-dropped packets :
0
Low
:
0
Medium-low
:
0
Medium-high
:
0
High
:
0
RED-dropped bytes
:
0
Low
:
0
Medium-low
:
0
Medium-high
:
0
High
:
0
Queue: 3, Forwarding classes: network-control
www.juniper.net
0 pps
0 bps
0 pps
0 bps
0 pps
0 pps
0 pps
0 pps
0 pps
0 pps
0 bps
0 bps
0 bps
0 bps
0 bps
0 pps
0 bps
0
0
0
0
0
0
0
0
0
0
0
0
0 pps
bps
pps
pps
pps
pps
pps
pps
bps
bps
bps
bps
bps
0 pps
0 bps
0 pps
0 bps
0 pps
0 pps
0 pps
0 pps
0 pps
0 pps
0 bps
0 bps
0 bps
0 bps
0 bps
Queued:
Packets
Bytes
Transmitted:
Packets
Bytes
Tail-dropped packets
RED-dropped packets
Low
Medium-low
Medium-high
High
RED-dropped bytes
Low
Medium-low
Medium-high
High
:
:
136
12772
0 pps
0 bps
:
:
:
:
:
:
:
:
:
:
:
:
:
136
12772
0
0
0
0
0
0
0
0
0
0
0
0 pps
0 bps
0 pps
0 pps
0 pps
0 pps
0 pps
0 pps
0 bps
0 bps
0 bps
0 bps
0 bps
Paso 4.8
Regrese a la sesin que mantiene abierta con el router virtual vr-device.
Mediante la utilidad telnet simularemos trfico SIP desde el dispositivo virtual
local vr10V al router virtual remoto vr10V (donde V es el router virtual
especificado en el diagrama de red). Utilice la opcin port con un valor de puerto
5060 para esta sesin de Telnet. Refirase al diagrama de topologa de red para
obtener las direcciones IP de destino
Nota
www.juniper.net
0 pps
0 bps
0
0
0
0
0
0
0
0
0
0
0
0
0 pps
bps
pps
pps
pps
pps
pps
pps
bps
bps
bps
bps
bps
0 pps
0 bps
0
0
0
0
0
0
0
0
0
0
0
0
0 pps
bps
pps
pps
pps
pps
pps
pps
bps
bps
bps
bps
bps
0 pps
0 bps
0
0
0
0
0 pps
bps
pps
pps
pps
Medium-low
:
0
Medium-high
:
0
High
:
0
RED-dropped bytes
:
0
Low
:
0
Medium-low
:
0
Medium-high
:
0
High
:
0
Queue: 3, Forwarding classes: network-control
Queued:
Packets
:
151
Bytes
:
14182
Transmitted:
Packets
:
151
Bytes
:
14182
Tail-dropped packets :
0
RED-dropped packets :
0
Low
:
0
Medium-low
:
0
Medium-high
:
0
High
:
0
RED-dropped bytes
:
0
Low
:
0
Medium-low
:
0
Medium-high
:
0
High
:
0
0
0
0
0
0
0
0
0
pps
pps
pps
bps
bps
bps
bps
bps
0 pps
0 bps
0
0
0
0
0
0
0
0
0
0
0
0
0 pps
bps
pps
pps
pps
pps
pps
pps
bps
bps
bps
bps
bps
www.juniper.net
[edit]
lab@srxA-1#
Paso 5.2
Borre las estadsticas de todas las interfaces mediante el comando run clear
interface statistics all.
[edit]
lab@srxA-1# run clear interfaces statistics all
Paso 5.3
Ejecute el comando run show interfaces queue ge-0/0/4 para visualizar
las estadsticas de cada cola. Tome nota de estos datos como referencia para las
siguientes tareas de comprobacin.
[edit]
lab@srxA-1# run show interfaces queue ge-0/0/4
Physical interface: ge-0/0/4, Enabled, Physical link is Up
Interface index: 135, SNMP ifIndex: 128
Forwarding classes: 8 supported, 4 in use
Egress queues: 8 supported, 4 in use
Queue: 0, Forwarding classes: best-effort
Queued:
Packets
:
0
Bytes
:
0
Transmitted:
Packets
:
0
Bytes
:
0
Tail-dropped packets :
0
RED-dropped packets :
0
Low
:
0
Medium-low
:
0
Medium-high
:
0
High
:
0
RED-dropped bytes
:
0
Low
:
0
Medium-low
:
0
Medium-high
:
0
High
:
0
Queue: 1, Forwarding classes: admin
Queued:
Packets
:
0
Bytes
:
0
Transmitted:
Packets
:
0
Bytes
:
0
Tail-dropped packets :
0
RED-dropped packets :
0
Low
:
0
Medium-low
:
0
Medium-high
:
0
High
:
0
RED-dropped bytes
:
0
Low
:
0
Medium-low
:
0
www.juniper.net
0 pps
0 bps
0
0
0
0
0
0
0
0
0
0
0
0
0 pps
bps
pps
pps
pps
pps
pps
pps
bps
bps
bps
bps
bps
0 pps
0 bps
0
0
0
0
0
0
0
0
0
0
0 pps
bps
pps
pps
pps
pps
pps
pps
bps
bps
bps
Medium-high
:
High
:
Queue: 2, Forwarding classes: voip
Queued:
Packets
:
Bytes
:
Transmitted:
Packets
:
Bytes
:
Tail-dropped packets :
RED-dropped packets :
Low
:
Medium-low
:
Medium-high
:
High
:
RED-dropped bytes
:
Low
:
Medium-low
:
Medium-high
:
High
:
Queue: 3, Forwarding classes: network-control
Queued:
Packets
:
Bytes
:
Transmitted:
Packets
:
Bytes
:
Tail-dropped packets :
RED-dropped packets :
Low
:
Medium-low
:
Medium-high
:
High
:
RED-dropped bytes
:
Low
:
Medium-low
:
Medium-high
:
High
:
0
0
0 bps
0 bps
0
0
0 pps
0 bps
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0 pps
0 bps
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0 pps
bps
pps
pps
pps
pps
pps
pps
bps
bps
bps
bps
bps
0 pps
bps
pps
pps
pps
pps
pps
pps
bps
bps
bps
bps
bps
www.juniper.net
Paso 5.5
Configure la interfaz ge-0/0/1 para que utilice el clasificador por defecto de IP
precedence (inet-precedence default) para todo el trafico entrante. Active
sus cambios de configuracin y regrese al modo operacin mediante el comando
commit and-quit.
[edit class-of-service]
lab@srxA-1# set interfaces ge-0/0/1 unit 0 classifiers inet-precedence default
[edit class-of-service]
lab@srxA-1# commit and-quit
commit complete
Exiting configuration mode
lab@srxA-1>
www.juniper.net
www.juniper.net
www.juniper.net
0
0
0 pps
0 bps
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0 pps
bps
pps
pps
pps
pps
pps
pps
bps
bps
bps
bps
bps
100
10200
0 pps
0 bps
100
10200
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0 pps
bps
pps
pps
pps
pps
pps
pps
bps
bps
bps
bps
bps
0
0
0 pps
0 bps
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0 pps
bps
pps
pps
pps
pps
pps
pps
bps
bps
bps
Medium-high
:
High
:
Queue: 3, Forwarding classes: network-control
Queued:
Packets
:
Bytes
:
Transmitted:
Packets
:
Bytes
:
Tail-dropped packets :
RED-dropped packets :
Low
:
Medium-low
:
Medium-high
:
High
:
RED-dropped bytes
:
Low
:
Medium-low
:
Medium-high
:
High
:
0
0
0 bps
0 bps
0
0
0 pps
0 bps
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0 pps
bps
pps
pps
pps
pps
pps
pps
bps
bps
bps
bps
bps
www.juniper.net
0 pps
0 bps
0 pps
0 bps
0 pps
0 pps
0 pps
0 pps
0 pps
0 pps
0 bps
0 bps
0 bps
0 bps
0 bps
0 pps
0 bps
0
0
0
0
0
0 pps
bps
pps
pps
pps
pps
Medium-high
:
0
High
:
0
RED-dropped bytes
:
0
Low
:
0
Medium-low
:
0
Medium-high
:
0
High
:
0
Queue: 2, Forwarding classes: voip
Queued:
Packets
:
1
Bytes
:
64
Transmitted:
Packets
:
1
Bytes
:
64
Tail-dropped packets :
0
RED-dropped packets :
0
Low
:
0
Medium-low
:
0
Medium-high
:
0
High
:
0
RED-dropped bytes
:
0
Low
:
0
Medium-low
:
0
Medium-high
:
0
High
:
0
Queue: 3, Forwarding classes: network-control
Queued:
Packets
:
0
Bytes
:
0
Transmitted:
Packets
:
0
Bytes
:
0
Tail-dropped packets :
0
RED-dropped packets :
0
Low
:
0
Medium-low
:
0
Medium-high
:
0
High
:
0
RED-dropped bytes
:
0
Low
:
0
Medium-low
:
0
Medium-high
:
0
High
:
0
0
0
0
0
0
0
0
pps
pps
bps
bps
bps
bps
bps
0 pps
0 bps
0 pps
0 bps
0 pps
0 pps
0 pps
0 pps
0 pps
0 pps
0 bps
0 bps
0 bps
0 bps
0 bps
0 pps
0 bps
0
0
0
0
0
0
0
0
0
0
0
0
0 pps
bps
pps
pps
pps
pps
pps
pps
bps
bps
bps
bps
bps
www.juniper.net
Paso 5.10
Cierre la sesin con su dispositivo mediante el comando exit.
lab@srxA-1> exit
srxA-1 (ttyu0)
login:
STOP
www.juniper.net
www.juniper.net
www.juniper.net
www.juniper.net