普通实验室配置-路由
show configuration
version 4.3R4.2;
system {
host-name R1;
authentication-order [ radius password ];
radius-server {
10.202.1.253 secret "$9$V3sgJikP36AGD6Ap0hcbs2"; # SECRET-DATA
}
login {
class guest {
permissions view;
}
user admin {
uid 2000;
class super-user;
authentication {
encrypted-password "$1$lCxQb$qqCCaZGNN2dGw3sN0KqyD/"; # SECRET-DATA
}
}
user ike {
uid 2001;
class super-user;
authentication {
encrypted-password "$1$GmjQb$ON1mZkhxTDNM.6HoUEWpF0"; # SECRET-DATA
}
}
user lab {
uid 2002;
class super-user;
authentication {
encrypted-password "$1$zkPQb$UnA25Bti.vnd9sZ6Uame7/"; # SECRET-DATA
}
}
}
services {
ftp;
telnet;
}
syslog {
archive size 65k files 3;
file sys-log-1 {
any any;
archive size 70k files 5 no-world-readable;
}
}
}
interfaces {
fxp0 {
vlan-tagging;
unit 0 {
vlan-id 11;
family inet {
address 10.202.1.1/24;
}
}
unit 12 {
vlan-id 12;
family inet {
address 10.100.7.1/30;
}
family iso;
family mpls;
}
unit 13 {
vlan-id 13;
family inet {
address 10.100.7.5/30;
}
family iso;
family mpls;
}
unit 203 {
vlan-id 203;
family inet {
address 192.168.1.1/24;
}
family iso;
family mpls;
}
}
lo0 {
unit 0 {
family inet {
address 10.100.2.1/32;
}
family iso {
address 49.0001.0101.0000.2001.00;
}
}
}
}
snmp {
trap-group juniper {
categories authentication chassis routing startup;
targets {
10.202.1.254;
}
}
}
routing-options {
interface-routes {
rib-group inet ifrg;
}
aggregate {
route 10.100.0.0/16;
}
rib-groups {
ifrg {
import-rib [ inet.0 inet.2 ];
}
mcrg {
export-rib inet.2;
import-rib inet.2;
} ;
}
autonomous-system 65001;
confederation 65221 members [ 65000 65001 65002 ];
}
protocols {
rsvp {
interface all;
interface fxp0.0 {
disable;
}
}
mpls {
traffic-engineering bgp-igp;
traceoptions {
file lsp-log;
flag all;
}
label-switched-path to-r6 {
to 10.100.3.2;
primary th-r9;
}
path th-r9 {
10.100.11.4 loose;
10.100.11.2 loose;
10.100.6.9 strict;
}
path 10.100.6.9;
interface all;
interface fxp0.0;
}
bgp {
advertise-inactive;
group t2 {
type external;
import import;
export export;
peer-as 9875;
neighbor 192.168.1.3 {
passive;
}
}
group intra {
type internal;
local-address 10.100.2.1;
family inet {
any;
}
export nexthop;
neighbor 10.100.2.2;
}
group as-0 {
type external;
multihop ttl 3;
local-address 10.100.2.1;
family inet {
any;
}
export nexthop;
peer-as 65000;
neighbor 10.100.11.1;
}
}
isis {
level 1 disable;
level 2 wide-metrics-only;
interface fxp0.12 {
level 1 disable;
}
interface fxp0.13 {
level 1 disable;
}
interface fxp0.203 {
passive;
}
interface lo0.0;
}
pim {
dense-groups {
224.0.1.39/32;
224.0.1.40/32;
}
rp {
auto-rp discovery;
}
interface all {
mode sparse-dense;
}
interface fxp0.0 {
disable;
}
}
}
policy-options {
policy-statement import {
term 1 {
from {
route-filter 10.0.0.0/8 orlonger;
route-filter 172.16.0.0/12 orlonger;
route-filter 192.168.0.0/16 orlonger;
}
then reject;
}
term 2 {
from next-hop 192.168.1.3;
then {
community add t2;
accept;
}
}
}
policy-statement nexthop {
term 1 {
from next-hop 192.168.1.3;
then {
next-hop self;
}
}
}
policy-statement export {
term 1 {
from {
route-filter 10.100.0.0/16 exact;
route-filter 201.201.0.0/21 exact;
}
then accept;
}
term 2 {
from community p1;
then reject;
}
term 3 {
from community p2;
then reject;
}
term 4 {
from protocol bgp;
then {
community delete all;
accept;
}
}
}
policy-statement bgp-mu {
term 1 {
from protocol direct;
then accept;
}
term 2 {
from protocol local;
then accept;
}
}
community all members *:*;
community c1 members 65221:5555;
community c2 members 65221:6666;
community c3 members 65221:7777;
community c4 members 65221:8088;
community no-export members no-export;
community p1 members 65221:19876;
community p2 members 65221:29876;
community sp-comm members 12:34;
community t1 members 65221:9696;
community t2 members 65221:9875;
}
firewall {
filter deny-icmp {
term 1 {
from {
icmp-type-except echo-reply;
}
then accept;
}
term 4 {
then {
reject;
}
}
}
filter access-control {
term 1 {
from {
source-address {
10.100.2.1/32;
10.100.2.2/32;
10.100.11.1/32;
10.100.11.2/32;
10.100.11.3/32;
10.100.11.4/32;
10.100.11.5/32;
10.100.3.1/32;
10.100.3.2/32;
10.100.3.3/32;
10.202.1.0/24;
222.2.2.2/32;
}
port telnet;
}
then accept;
}
term 2 {
from {
port telnet;
}
then {
reject;
}
} ;
term 3 {
then accept;
}
}
}
2001-2007 Comsenz Inc.
