안녕하세요.
오늘은 [2024][Juniper SRX #5] Interface 설정 - RVI - untagged mode - L2기반에서 동작하는 Layer3 Interface에 대해서 확인해 보겠습니다.
1. Layer3 Physical Interface - access mode
2. Layer3 Logical Interface - trunk mode
3. RVI IRB - access mode - L2기반에서 동작하는 Layer3 Interface
4. RVI IRB - trunk mode - L2기번에서 동작하는 Layer3 Interface
테스트를 위해서 아래처럼 Node 2개를 생성하고 케이블을 연결합니다
1. vSRX - ge-0/0/0
2. vIOS Switch - G0/0
1. Layer3 Physical Interface 테스트해 보겠습니다.
vSRX Side -
delete 디폴트 설정값을 지웁니다.
set system root-authentication plain-text-password : root 패스워드를 입력합니다.
commit : 설정값을 적용 및 저장합니다.
| root@:~ # cli root> configure Entering configuration mode [edit] root# delete This will delete the entire configuration Delete everything under this level? [yes,no] (no) yes [edit] root# set system root-authentication plain-text-password New password: Retype new password: [edit] root# commit commit complete [edit] root# |
2. vSRX side
vlan을 생성합니다.
vlan name: VL10
vlan-id: 10
그리고 vlan를 확인합니다.
| root# set vlans VL10 vlan-id 10 root> show vlans Routing instance VLAN name Tag Interfaces default-switch VL10 10 ge-0/0/0.0* default-switch default 1 |
ge-0/0/0 access mode - untagged mode로 변경합니다.
ge-0/0/0 interface에 VL10를 설정합니다.
인터페이스는 VLAN10만 허용합니다. tagged 포트가 아니기 때문에, VLAN 1개 이상 허용 할 수 없습니다.
| root# set interfaces ge-0/0/0 unit 0 family ethernet-switching interface-mode access root# set interfaces ge-0/0/0 unit 0 family ethernet-switching vlan members VL10 |
VL10를 l3-interface irb.10이랑 Mapping 합니다.
| root# set vlans VL10 l3-interface irb.10 |
Interface상태를 확인합니다.
| root> show interfaces terse Interface Admin Link Proto Local Remote ge-0/0/0 up up ge-0/0/0.0 up up eth-switch gr-0/0/0 up up ip-0/0/0 up up lsq-0/0/0 up up lt-0/0/0 up up mt-0/0/0 up up sp-0/0/0 up up sp-0/0/0.0 up up inet inet6 sp-0/0/0.16383 up up inet ge-0/0/1 up up ge-0/0/2 up up dsc up up fti0 up up fxp0 up up gre up up ipip up up irb up up irb.10 up up inet 10.1.1.1/24 lo0 up up lo0.16384 up up inet 127.0.0.1 --> 0/0 lo0.16385 up up inet 10.0.0.1 --> 0/0 10.0.0.16 --> 0/0 128.0.0.1 --> 0/0 128.0.0.4 --> 0/0 128.0.1.16 --> 0/0 lo0.32768 up up lsi up up mtun up up pimd up up pime up up pp0 up up ppd0 up up ppe0 up up st0 up up tap up up vlan up down vtep up up |
set interfaces ge-0/0/0 unit 0 family ethernet-switching interface-mode access
set interfaces ge-0/0/0 unit 0 family ethernet-switching vlan members VL10
set interfaces irb unit 10 family inet address 10.1.1.1/24
set vlans VL10 vlan-id 10
set vlans VL10 l3-interface irb.10
Cisco Side
Vlan10를 만들고 Vlan를 확인합니다.
| Switch(config)#vlan 10 Switch(config-vlan)#end Switch#show vlan br *Jun 10 08:47:47.665: %SYS-5-CONFIG_I: Configured from console by consoleie VLAN Name Status Ports ---- -------------------------------- --------- ------------------------------- 1 default active Gi0/1, Gi0/2, Gi0/3, Gi1/0 Gi1/1, Gi1/2, Gi1/3 10 VLAN0010 active Gi0/0 1002 fddi-default act/unsup 1003 token-ring-default act/unsup 1004 fddinet-default act/unsup 1005 trnet-default act/unsup Switch# |
Interface를 설정합니다.
| Switch(config)#interface gigabitEthernet 0/0 Switch(config-if)#switchport access vlan 10 Switch(config-if)#switchport mode access Switch(config-if)# |
SVI Interface를 설정합니다.
| Switch(config)#interface vlan 10 Switch(config-if)#ip address 10.1.1.2 255.255.255.0 Switch(config-if)#no shutdown |
Cisco Switch에서 SRX로 ping를 시도합니다.
| Switch#ping 10.1.1.1 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 10.1.1.1, timeout is 2 seconds: ..... Success rate is 0 percent (0/5) Switch# |
vSRX
Juniper SRX은 Zone Base Firewall입니다. 인터페이스를 사용하기 위해서 Zone 생성하고 Interface를 Zone안에 할당해주어야 합니다.
set security zones security-zone trust host-inbound-traffic system-services ping
set security zones security-zone trust interfaces ge-0/0/0.0
| root# set security zones security-zone trust interfaces ge-0/0/0.0 root# set security zones security-zone trust host-inbound-trafic system-services ping [edit] root# commit commit complete [edit] root# |
Cisco Side
다시 Ping를 시도합니다.
| Switch#ping 10.1.1.1 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 10.1.1.1, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 2/23/109 ms Switch# |
지금까지 [2024][Juniper SRX #5] Interface 설정 - RVI - untagged mode 글을 읽어 주셔서 감사합니다.
'JUNIPER > SRX 방화벽' 카테고리의 다른 글
| [2024][Juniper SRX #7] host-inbound-traffic (0) | 2024.07.19 |
|---|---|
| [2024][Juniper SRX #6] Interface 설정 - RVI - Trunk mode (0) | 2024.07.17 |
| [2024][Juniper SRX #4] Interface 설정 - Layer3 Logical Interface (0) | 2024.07.15 |
| [2024][Juniper SRX #3] Interface 설정 - Layer3 Physical Interface (0) | 2024.07.14 |
| [2024][Juniper SRX #2] Interface Numbering (0) | 2024.07.14 |