config reth aggregate-ethernet lacp tra una coppia di switch EX juniper in virtual-chassis ed una coppia di firewall SRX juniper in cluster
16.12 2019 | by massimilianoconfig reth aggregate-ethernet tra una coppia di switch EX juniper in virtual-chassis ed una coppia di firewall SRX juniper in […]
https://www.ingegnerianetworking.com/wp-content/uploads/2019/12/rest-aggreg-eth-junos-cf0.png
config reth aggregate-ethernet tra una coppia di switch EX juniper in virtual-chassis ed una coppia di firewall SRX juniper in cluster
ARCHITETTURA DI RIFERIMENTO
EX Switch Virtual-Chassis:
set interface xe-0/0/3 ether-option 802.3ad ae2
set interface xe-0/0/4 description “to SRX-1500 cluster Node0”
set interface xe-1/0/3 ether-option 802.3ad ae3
set interface xe-1/0/4 description “to SRX-1500 cluster Node1”
!
set interface ae3 aggregate-ether-option lacp active
set interface ae3 description “to SRX-1500 cluster Node1”
set interface ae3 unit 0 family ethernet-switching port-mode trunk
set interface ae3 unit 0 family ethernet-switching vlan members P2P_BGP_SRX_PE1
set interface ae3 unit 0 family ethernet-switching vlan members P2P_BGP_SRX_PE2
set interface ae3 unit 0 family ethernet-switching vlan members P2P_OSPF_SRX_PE1
set interface ae3 unit 0 family ethernet-switching vlan members P2P_OSPF_SRX_PE2
!
set interface ae2 aggregate-ether-option lacp active
set interface ae2 description “to SRX-1500 cluster Node0”
set interface ae2 unit 0 family ethernet-switching port-mode trunk
set interface ae2 unit 0 family ethernet-switching vlan members P2P_BGP_SRX_PE1
set interface ae2 unit 0 family ethernet-switching vlan members P2P_BGP_SRX_PE2
set interface ae2 unit 0 family ethernet-switching vlan members P2P_OSPF_SRX_PE1
set interface ae2 unit 0 family ethernet-switching vlan members P2P_OSPF_SRX_PE2
!
SRX Firewall Cluster Juniper
Redundancy Interface:
set interface xe-0/0/18 gigether-option redundant-parent reth1
set interface xe-0/0/19 gigether-option redundant-parent reth1
set interface xe-7/0/18 gigether-option redundant-parent reth1
set interface xe-7/0/19 gigether-option redundant-parent reth1
!
set interface reth1 description “aggregation EX”
set interface reth1 vlan-tagging
set interface reth1 redundant-ether-option redundancy-group 1
set interfaces reth1 redundant-ether-options lacp active
set interfaces reth1 redundant-ether-options lacp periodic slow
!
set interface reth1 unit 2 description P2P-OSPF-SRX-PE1
set interface reth1 unit 2 vlan-id 2
set interface reth1 unit 2 family inet address 2.2.2.26/30
!
set interface reth1 unit 3 description P2P-OSPF-SR-PE2
set interface reth1 unit 3 vlan-id 3
set interface reth1 unit 3 family inet address 3.3.3.30/30
!
set interface reth1 unit 4 description P2P-BGP-SRX-PE1
set interface reth1 unit 4 vlan-id 4
set interface reth1 unit 4 family inet address 4.4.4.34/30
!
set interface reth1 unit 5 description P2P-BGP-SRX-PE2
set interface reth1 unit 5 vlan-id 5
set interface reth1 unit 5 family inet address 5.5.5.38/30
!
Security Zone:
set security zones security-zone trust host-inbound-traffic system-services all
set security zones security-zone trust host-inbound-traffic protocols all
set security zones security-zone trust interface reth1.2
set security zones security-zone trust interface reth1.3
!
set security zones security-zone untrust host-inbound-traffic system-services all
set security zones security-zone untrust host-inbound-traffic protocols all
set security zones security-zone untrust interface reth1.4
set security zones security-zone untrust interface reth1.5
!