问题一:interface address上的prefer和primary参数有什么区别,分别用在哪儿?
简单的说:
prefer就是一个接口配多个IP以后,到达对端同一个subnet的目的地址使用哪一个为源IP地址
primary就是一个接口配多个IP以后,到达不是同一个subnet的目的地址使用哪一个为源IP地址
lab@Juniper-Lab# help topic interfaces preferred
Configuring the Preferred Address for an Interface
The preferred address on an interface is the default local address used
for packets sourced by the local routing platform to destinations on the
subnet. By default, the numerically lowest local address is chosen. For
example, if the addresses 172.16.1.1/12, 172.16.1.2/12, and 172.16.1.3/12
are configured on the same interface, the preferred address on the subnet
(by default, 172.16.1.1) would be used as a local address when you issue a
ping 172.16.1.5 command.
To set a different preferred address for the subnet, include the preferred
statement:
preferred;
You can include this statement at the following hierarchy levels:
* [edit interfaces interface-name unit logical-unit-number family family
address address]
* [edit logical-routers logical-router-name interfaces interface-name
unit logical-unit-number family family address address]
lab@Juniper-Lab# help topic interfaces primary-address
Configuring the Primary Address for an Interface
The primary address on an interface is the address that is used by default
as the local address for broadcast and multicast packets sourced locally
and sent out the interface. For example, the local address in the packets
sent by a ping interface so-0/0/0.0 255.255.255.255 command is the primary
address on interface so-0/0/0.0. The primary address flag also can be
useful for selecting the local address used for packets sent out
unnumbered interfaces when multiple non-127 addresses are configured on
the loopback interface, lo0. By default, the primary address on an
interface is selected as the numerically lowest local address configured
on the interface.
To set a different primary address, include the primary statement:
primary;
You can include this statement at the following hierarchy levels:
* [edit interfaces interface-name unit logical-unit-number family family
address address]
* [edit logical-routers logical-router-name interfaces interface-name
unit logical-unit-number family family address address]
问题二,配置POS接口,例题如下:
l
32-bit FCS (CRC)
l
Payload scrambling enabled
l
MTU of 4474 bytes
l
SDH framing, path trace set to “JNCIP test bed”
l
Internal timing
l
Cisco HDLC encapsulation with 5-second keepalives
l
Hold setting of 20 milliseconds
配置如下所示:
lab@Juniper-Lab# show interfaces so-0/2/0
keepalives interval 5;
hold-time up 20 down 20;
clocking internal;
encapsulation cisco-hdlc;
sonet-options {
fcs 32;
path-trace "JNCIP test bed";
payload-scrambler;
}
还有特别要注意pos的framing不在接口配置层次下,而是应该用命令set chasis fpc 0 pic 2 framing sdh
问题三,POS接口封装问题注意事项以及例题:
l
Use DLCI 100
l
Use the ITU Annex A version of PVC management protocol (LMI)
l
Keepalive parameters:
l
DTE poll interval 5 seconds, full status every poll
l
Set a line up/down threshold of 2/3 events
首先注意,LAB里都是BACK-TO-BACK连接没有FR/ATM SWITCH,所以一定有一端是DCE
DTE端配置
lab@Juniper-Lab# show
hold-time up 20 down 20;
clocking internal;
encapsulation frame-relay;
lmi {
n391dte 1;
n392dte 2;
n393dte 3;
lmi-type itu;
}
sonet-options {
fcs 32;
path-trace "JNCIP test bed";
payload-scrambler;
}
unit 100 {
dlci 100;
family inet {
mtu 1600;
address 172.16.0.3/32 {
destination 192.168.0.4;
}
}
}
对端DCE的配置里除了dce以外,还一定要有n392dce 2和n393dce 3才可以
问题四,hub-spoke的帧中继的接口配置(JUNOS叫作p2mp的配置)
[edit interfaces](这是HUB ROUTER的接口配置)
lab@Juniper-Lab# show so-0/2/0
encapsulation frame-relay;
unit 0 {
multipoint;
family inet {
address 10.0.1.1/24 {
multipoint-destination 10.0.1.2 dlci 200;
multipoint-destination 10.0.1.3 dlci 300;
}
}
}
问题五:带用户验证的PPP配置是如何做的呢
[edit]
lab@Juniper-Lab# show interfaces so-0/2/0
encapsulation ppp;
ppp-options {
chap {
access-profile test;
local-name r3;
}
}
unit 0 {
family inet {
address 192.168.0.5/30;
}
}
[edit]
lab@Juniper-Lab# show access
profile test {
client r4 chap-secret "$9$nDpC9tOMWxNds"; ## SECRET-DATA
}
问题六:ATM 接口配置细节例题以及注意事项
This ATM interface configuration example will use the default physical device settings with
the following ATM-specific options:
l
No ILMI (default)
l
Allow for VCI assignment of 3.300
The criteria for the ATM logical properties configuration in this example are as follows:
l
Logical unit 200, VPI 3, and VCI 200
l
IPv4 family, with the addressing shown earlier in Figure 2.4
l
NLPID encapsulation
l
Unspecified Bit Rate (UBR) with no traffic shaping
lab@Juniper-Lab# show at-0/1/0
atm-options {
vpi 3 {
maximum-vcs 301;
}
}
unit 200 {
encapsulation atm-nlpid;
vci 3.200;
family inet {
address 192.168.0.5/30;
}
}
特别注意:如果启用ilmi,必须有set atm-options vpi 0 maximum-vcs 17,否则的话ilmi不能工作,因为它是利用pvc 0/16的
问题七:点到多点ATM接口配置细节
注意两点:1,p2mp逻辑接口没有vci这一说;2,p2mp逻辑接口要配上multipoint参数
lab@Juniper-Lab# show
atm-options {
vpi 0 {
maximum-vcs 201;
}
}
unit 200 {
multipoint;
family inet {
address 10.0.1.1/24 {
multipoint-destination 10.0.1.2 vci 102;
multipoint-destination 10.0.1.3 vci 103;
}
}
}
问题八: ATM接口Traffic Shaping例题
VBR SHAPING PROFILE
Peak bit rate = 1Mbps (~2600 cells/second)
Sustained bit rate = 500Kbps (~1300 cells/second)
Maximum burst = 25 cells
Maximum queue depth of 20 packets
配置如下所示:
[edit interfaces]
lab@Juniper-Lab# show at-0/1/0
atm-options {
vpi 0 {
maximum-vcs 17;
}
vpi 3 {
maximum-vcs 201;
}
ilmi;
}
unit 200 {
vci 3.200;
shaping {
vbr peak 1m sustained 500k burst 25;
queue-length 20;
}
family inet {
address 10.0.1.1/24;
}
}
问题九:以太网配置例题和注意事项
The configuration requirements for this scenario are:
l
IPv4 addressing as shown in Figure 2.6
l
VLAN and VRRP requirements
l
VLAN IDs are 520 and 530.
l
Virtual IP (VIP) addresses = 10.0.5.253 and 10.0.6.253.
l
r1 is master of VLAN 520 when operational.
l
r2 is master of VLAN 530 when operational.
l
Ensure that the VIP is pingable on each VLAN.
lab@Juniper-Lab# show
vlan-tagging;
unit 520 {
vlan-id 520;
family inet {
address 10.0.5.1/24 {
vrrp-group 1 {
virtual-address 10.0.5.253;
priority 200;
accept-data;
authentication-type md5;
authentication-key "$9$shgaUF39ApB"; ## SECRET-DATA
track {
interface fe-0/0/1.0 priority-cost 30;
}
}
}
}
}
unit 530 {
vlan-id 530;
family inet {
address 10.0.6.1/24 {
vrrp-group 2 {
virtual-address 10.0.6.253;
priority 80;
accept-data;
authentication-type md5;
authentication-key "$9$PTF/cSevWx"; ## SECRET-DATA
}
}
}
}
注意:VRRP priority默认是100,并且默认不允许ping,加了accept-data是允许ping的,验证的命令是show vrrp summary
问题九:source-mac filter例题
[edit interfaces fe-0/0/0 fastether-options]
lab@Juniper-Lab# show
source-filtering;
source-address-filter {
00:a0:c9:6f:7b:3e;
}
问题十:汇聚以太网和汇聚POS例题和注意事项
汇聚以太网
注意Aggregate Ethernet必须带Vlan-tagging的
[edit]
lab@Juniper-Lab# show interfaces ae0
vlan-tagging;
aggregated-ether-options {
minimum-links 2;
}
unit 100 {
vlan-id 100;
family inet {
address 10.0.10.3/24;
}
}
lab@Juniper-Lab# show chassis
aggregated-devices {
ethernet {
device-count 2;
}
}
alarm {
management-ethernet {
link-down yellow;
}
}
成员物理接口不能配IP等信息,只作如下配置
lab@Juniper-Lab# show interfaces fe-0/0/1
fastether-options {
802.3ad ae0;
}
汇聚POS
Create an aggregated SONET link between r3 and r5.
Ensure the aggregated device provides at least 280Mbps of bandwidth.
[edit interfaces]
lab@Juniper-Lab# show as0
aggregated-sonet-options {
minimum-links 2;
link-speed oc3;
}
unit 0 {
family inet {
address 10.0.10.3/24;
}
}
[edit]
lab@Juniper-Lab# show chassis aggregated-devices
sonet {
device-count 1;
}
成员物理接口不能配IP等信息,只作如下配置
lab@Juniper-Lab# show interfaces so-0/3/0
sonet-options {
aggregate as0;
}
问题十一:Leaky Bucket Rate Limiting例题以及配置
l
Limit r3’s so-0/2/0 interface to operate at no more than five percent of the OC-3c interface’s bandwidth. Do not rate limit r5’s so-0/1/0 interface.
l
Use default encapsulation.
l
Ensure that excess data is not delivered and do not allow bursting.
一定要记住如果要配置leaky bucket rate limiting,就必须关闭payload-scrambler,还有记住,对端也要关闭payload-scrambler
[edit interfaces]
lab@Juniper-Lab# show so-0/2/0
encapsulation ppp;
receive-bucket {
overflow discard;
rate 5;
threshold 0;
}
transmit-bucket {
overflow discard;
rate 5;
threshold 0;
}
sonet-options {
no-payload-scrambler;
}
ppp-options {
chap {
access-profile test;
local-name r3;
}
}
unit 0 {
family inet {
address 192.168.0.5/30;
}
}
2001-2007 Comsenz Inc.
