Scribd
Upload
69 views2 pages

Configuracion Internet Ppal Con BK Ac-Pas

This document configures security policies, zones, interfaces, routing instances, and VLANs on a Juniper router. It sets a trust security zone including interfaces ge-0/0/0.2 and irb.1. The ge-0/0/0 interface is configured with unit 2 for WAN access. Interface irb.1 provides LAN access with VRRP and addresses, including the public 186.30.165.10/29. Routing instance INTERNET establishes BGP with the ISP, importing and exporting routing policies to connect the LAN. VLAN 4 is associated with interface irb.1.

Uploaded by

JA González Castilla
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
69 views2 pages

Configuracion Internet Ppal Con BK Ac-Pas

This document configures security policies, zones, interfaces, routing instances, and VLANs on a Juniper router. It sets a trust security zone including interfaces ge-0/0/0.2 and irb.1. The ge-0/0/0 interface is configured with unit 2 for WAN access. Interface irb.1 provides LAN access with VRRP and addresses, including the public 186.30.165.10/29. Routing instance INTERNET establishes BGP with the ISP, importing and exporting routing policies to connect the LAN. VLAN 4 is associated with interface irb.1.

Uploaded by

JA González Castilla
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as TXT, PDF, TXT or read online on Scribd

------------- OC-922000 PPAL -----------------

set security policies from-zone trust-vrf to-zone trust-vrf policy any match
source-address any
set security policies from-zone trust-vrf to-zone trust-vrf policy any match
destination-address any
set security policies from-zone trust-vrf to-zone trust-vrf policy any match
application any
set security policies from-zone trust-vrf to-zone trust-vrf policy any then permit

set security zones security-zone trust-vrf host-inbound-traffic system-services all


set security zones security-zone trust-vrf host-inbound-traffic protocols all
set security zones security-zone trust-vrf interfaces ge-0/0/0.2
set security zones security-zone trust-vrf interfaces irb.1
set security zones security-zone trust interfaces lo0.0 host-inbound-traffic
protocols all

set interfaces ge-0/0/0 unit 2 description CONEXION_WAN_INTERNET


set interfaces ge-0/0/0 unit 2 vlan-id 102
set interfaces ge-0/0/0 unit 2 family inet policer input 50MB
set interfaces ge-0/0/0 unit 2 family inet policer output 50MB
set interfaces ge-0/0/0 unit 2 family inet address [Link]/30

set interfaces irb unit 1 description LAN_INTERNET


set interfaces irb unit 1 family inet address [Link]/29 vrrp-group 2
virtual-address [Link] ------->> IP PUBLICA PERO LA SIGUIENTE Y LA .10 ES LA
QUE SE ASIGNA DE LA MISMA PUBLICA
set interfaces irb unit 1 family inet address [Link]/29 vrrp-group 2
priority 120
set interfaces irb unit 1 family inet address [Link]/29 vrrp-group 2 preempt
set interfaces irb unit 1 family inet address [Link]/29 vrrp-group 2 accept-
data
set interfaces irb unit 1 family inet address [Link]/29 vrrp-group 2 track
interface ge-0/0/0 priority-cost 40
set interfaces irb unit 1 family inet address [Link]/29

set policy-options policy-statement LAN_INT term filtro from route-filter


[Link]/29 exact ------->> IP PUBLICA LA DE RED OSEA LA QUE RESERVA PATH
set policy-options policy-statement LAN_INT term filtro then accept
set policy-options policy-statement LAN_INT term otras then reject
set policy-options policy-statement LAN_INT term lan from interface irb.1
set policy-options policy-statement LAN_INT term lan from state active
set policy-options policy-statement LAN_INT term lan then accept
set policy-options policy-statement LAN_INT then accept

set policy-options policy-statement ppal_bgp_into term 1 from protocol static


set policy-options policy-statement ppal_bgp_into term 1 from protocol bgp
set policy-options policy-statement ppal_bgp_into term 1 from protocol direct
set policy-options policy-statement ppal_bgp_into term 1 then accept

set routing-instances INTERNET instance-type virtual-router


set routing-instances INTERNET interface ge-0/0/0.2
set routing-instances INTERNET interface irb.1
set routing-instances INTERNET protocols bgp group ID00004103 type external
------>> MI ID DE INTERNET
set routing-instances INTERNET protocols bgp group ID00004103 peer-as 19429
set routing-instances INTERNET protocols bgp group ID00004103 neighbor
[Link] import ppal_bgp_into -------> LA IP DE MPLS DE MI CANAL DE INTERNET
set routing-instances INTERNET protocols bgp group ID00004103 neighbor
[Link] export LAN_INT -------> LA IP DE MPLS DE MI CANAL DE INTERNET

set vlans vlan4 vlan-id 4


set vlans vlan4 l3-interface irb.1

You might also like