1SRX防火墙的PPPoE拔号配置
Juniper SRX防火墙支持PPPoE拔号,这样防火墙能够连接ADSL链路,提供给内网用户访问网络的需求。 Juniper SRX240防火墙
在Juniper SRX防火墙上面设置ADSL PPPoE拔号,可以在WEB界面或者命令行下面查看PPPoE拔号接口pp0,在命令行下面的查看命令如下所示: juniper@HaoPeng# run show interfaces terse | match pp
Interface Admin Link Proto Local Remote
pp0 up up
在WEB界面下,也能够看到PPPoE的拔号接口pp0
配置步聚如下所示:
第一步:选择接口ge-0/0/4作为PPPoE拔号接口的物理接口,将接口封装成PPPoE
弱视仪
To configure PPPoE encapsulation on an Ethernet interface:
juniper@HaoPeng# set interfaces ge-0/0/4 unit 0 encapsulation ppp-over-ether
第二步:配置PPPoE接口PP0.0的参数
To create a PPPoE interface and configure PPPoE options:
user@host# set interfaces pp0 unit 0 pppoe-options underlying-interface
ge-0/0/4.0 auto-reconnect 100 idle-timeout 100 client
第三步:配置PPPoE接口的MTU值
To configure the maximum transmission unit (MTU) of the IPv4 family:
user@host# set interfaces pp0 unit 0 family inet mtu 1492
第四步:配置PPPoE接口的地址为negotiate-address
To configure the PPPoE interface address:
帮忙节目user@host# set interfaces pp0 unit 0 family inet negotiate-address
第五步:配置PPPoE接口的PAP认证
set int pp0 unit 0 ppp-options pap default password 88888878 local-name szdigicn1@163.gd local-password88888878 passive
注意:default password和local password都必须设置成ADSL拔号时所用的密码,local name 必须是ADSL拔号时所用的用户名。
天涯vpn第六步:配置静态路由指向PPOE接口PP0.0
set routing-options static route 0.0.0.0/0 next-hop pp0.0
PPPoE拔号配置输出汇总如下所示:
验证PPPoE是否已经拔通,已经获得IP地址
root# run show interfaces terse | match pp
pp0 up up
pp0.0 up up inet 219.134.120.126 --> 219.134.120.1
验证PPPoE常见命令如下所示:
show interfaces pp0
show pppoe interfaces
show pppoe version
show pppoe statistics
clear pppoe sessions
clear pppoe sta
2 SRX 防火墙的FBF(Filter-based Forwarding)配置
Juniper SRX 防火墙的FBF 功能类似Juniper Netscreen 防火墙上PBR(Policy based Routing),其基本功能就是基于数据包的源地址进行转发,可以将不同源地址的数据包转发到不同链路上来。
配置拓扑如下所示:
G-0/0/8:192.168.100.2/24G-0/0/5河辰一体机作
内网接口地址:192.168.0.1/24
SRX240
配置需求:客户这边有四条ADSL 链路去上网,要求内网不同段走不同ADSL 链路去上网 配置步聚如下所述:
第一步:接口配置
集团税务筹划难度
配置PPPOE 拔号接口PP0.0
set interfaces pp0 unit 0 ppp-options pap default-password 88888878
set interfaces pp0 unit 0 ppp-options pap local-name "szdigicn1@163.gd" set interfaces pp0 unit 0 ppp-options pap local-password 88888878
set interfaces pp0 unit 0 ppp-options pap passive
set interfaces pp0 unit 0 pppoe-options underlying-interface ge-0/0/4.0
set interfaces pp0 unit 0 pppoe-options idle-timeout 0
set interfaces pp0 unit 0 pppoe-options auto-reconnect 2
set interfaces pp0 unit 0 pppoe-options client
set interfaces pp0 unit 0 family inet negotiate-address
set interfaces ge-0/0/4 unit 0 encapsulation ppp-over-ether
其他PP0.1、PP0.2、PP0.3接口类似于PP0.0接口的配置。
配置内网接口Ge-0/0/8
set interfaces ge-0/0/8 unit 0 family inet address 192.168.100.2/24
第二步:创建路由实例(routing-instance),创建四个VRF用来匹配四个PPPOE接口,routing-instance的类型是forwarding.
set routing-instances TRUST-VRF-1 instance-type forwarding
set routing-instances TRUST-VRF-1 routing-options static route 0.0.0.0/0 next-hop pp0.0
set routing-instances TRUST-VRF-2 instance-type forwarding巴利语
set routing-instances TRUST-VRF-2 routing-options static route 0.0.0.0/0 next-hop pp0.1
set routing-instances TRUST-VRF-3 instance-type forwarding
set routing-instances TRUST-VRF-3 routing-options static route 0.0.0.0/0 next-hop pp0.2
set routing-instances TRUST-VRF-4 instance-type forwarding
set routing-instances TRUST-VRF-4 routing-options static route 0.0.0.0/0 next-hop pp0.3
第三步:设置路由信息组
set routing-options interface-routes rib-group inet INSIDE
set routing-options rib-groups INSIDE import-rib inet.0
set routing-options rib-groups INSIDE import-rib TRUST-VRF-1.inet.0
set routing-options rib-groups INSIDE import-rib TRUST-VRF-2.inet.0
set routing-options rib-groups INSIDE import-rib TRUST-VRF-3.inet.0
set routing-options rib-groups INSIDE import-rib TRUST-VRF-4.inet.0
第四步:设置防火墙过滤(firewall filter),匹配数据包的源地址段
客户要求内网192.168.2.0,192.168.3.0,192.168.7.0网段走走第一条ADSL线路
set firewall filter USER-IN term 1 from source-address 192.168.2.0/24
set firewall filter USER-IN term 1 from source-address 192.168.3.0/24
set firewall filter USER-IN term 1 from source-address 192.168.7.0/24
set firewall filter USER-IN term 1 then routing-instance TRUST-VRF-1
客户要求内网192.168.6.0,192.168.8.0网段走走第二条ADSL线路
set firewall filter USER-IN term 2 from source-address 192.168.6.0/24
深喉美国电影百度影音
set firewall filter USER-IN term 2 from source-address 192.168.8.0/24
豫公网安备41160202000603
站长QQ:729038198
关于我们
投诉建议