Interface Device (IFD) This represents the physical interface such as xe-0/0/0. This is the root of the hierarchy and all other components are defined and branched off at this point. Features such as maximum transmission unit (MTU), link speed, and IEEE 802.3ad are configured at this level.
Interface Logical (IFL) The IFL simply defines a unit number under the IFD such as xe-0/0/0.0 or xe-0/0/0.1. Regardless of the configuration, at least a single unit is required. A common example of multiple IFLs are VLAN ID when using IEEE 802.1Q.
Interface Family (IFF) Each IFL needs an address family associated with it, as Junos supports multiple protocols. Common examples include inet for IPv4, inet6 for IPv6, and iso when configuring the IS-IS routing protocol.
Interface Address (IFA) Finally, each IFF needs some sort of address depending on the type of IFF configured. For example, if the IFF was configured as inet, an address might look like 192.168.1.1/24, whereas if the IFF was configured as inet6, an address might look like 2001:DB8::1/128.
Примеры конфигурации интерфейсов SRX:
Обычный L3 интерфейс:
set interfaces ge-0/0/0 unit 0 description LINK-L3 set interfaces ge-0/0/0 unit 0 family inet address 10.0.0.1/24
Интерфейс в режиме access:
set interfaces ge-0/0/1 description LINK-ACCESS set interfaces ge-0/0/1 unit 0 family ethernet-switching port-mode access set interfaces ge-0/0/1 unit 0 family ethernet-switching vlan members v10
Интерфейс в режиме trunk:
set interfaces ge-0/0/2 description LINK-TRUNK set interfaces ge-0/0/2 unit 0 family ethernet-switching port-mode trunk set interfaces ge-0/0/2 unit 0 family ethernet-switching vlan members all
L3 интерфейс, который оконечен на VLAN:
set interfaces vlan unit 10 family inet address 172.16.1.1/24 set vlans SRV vlan-id 10 set vlans SRV l3-interface vlan.10
L3 интерфейс, который оконечен на VLAN (SRX1500):
set interfaces irb unit 20 family inet address 172.16.2.1/24 set vlans VL20 vlan-id 20 set vlans VL20 l3-interface irb.20 set interfaces ge-0/0/4 unit 0 family ethernet-switching interface-mode trunk set interfaces ge-0/0/4 unit 0 family ethernet-switching vlan members VL20 set security zones security-zone trust interfaces ge-0/0/4.0
Отказоустойчивые интерфейсы, когда используется кластер:
set chassis cluster redundancy-group 1 node 0 priority 200 set chassis cluster redundancy-group 1 node 1 priority 100 set chassis cluster redundancy-group 1 preempt - чтоб главная нода выбиралась по приоритетуset chassis cluster redundancy-group 1 interface-monitor ge-0/0/14 weight 255 - интерфейс мониторинг, чтоб RG автоматом переходила на другую ноду, когда падает линк set chassis cluster redundancy-group 1 interface-monitor ge-7/0/14 weight 255set interfaces ge-0/0/4 gigether-options redundant-parent reth1 set interfaces ge-7/0/4 gigether-options redundant-parent reth1set interfaces reth1 redundant-ether-options redundancy-group 1 set interfaces reth1 unit 0 family inet address 10.10.ххх.ххх/28
Если используется кластер, не забываем правильно конфигурировать LAG интерфейсы на оборудовании, которое подключено к кластеру: https://kb.juniper.net/InfoCenter/index?page=content&id=KB22474&actp=search
Если мы хотим использовать SRX в режиме Switching, есть FAQ: Configuring and Deploying Ethernet Switching on SRX3xx, SRX550M, and SRX1500 Services Gateways
Примеры конфигурации интерфейсов MX:
Описание возможных инкапсуляция интерфейса:
vlan-tagging – 802.1q VLAN tagging support
stacked-vlan-tagging – Stacked 802.1q VLAN tagging support
flexible-vlan-tagging – Support for no tagging, or single and double 802.1q VLAN tagging
set interfaces xe-0/0/0 description LINK-VLAN-TAG set interfaces xe-0/0/0 vlan-tagging set interfaces xe-0/0/0 unit 30 vlan-id 30 set interfaces xe-0/0/0 unit 30 family inet address 10.30.0.1/30 set interfaces xe-0/0/1 description LINK-TAG-Q-IN-Q set interfaces xe-0/0/1 stacked-vlan-tagging set interfaces xe-0/0/1 unit 0 vlan-tags outer 333 set interfaces xe-0/0/1 unit 0 vlan-tags inner 666 set interfaces xe-0/0/1 unit 0 family inet address 10.0.3.1/30
Настройка агрегированого линка:
chassis aggregated-devices ethernet device-count 1 set interfaces xe-1/0/0 description uplink_L1 set interfaces xe-1/0/0 gigether-options 802.3ad ae0 set interfaces xe-1/1/0 description uplink_L2 set interfaces xe-1/1/0 gigether-options 802.3ad ae0 set interfaces ae0 vlan-tagging set interfaces ae0 aggregated-ether-options load-balance per-packet set interfaces ae0 aggregated-ether-options minimum-links 1 set interfaces ae0 aggregated-ether-options link-speed 10g set interfaces ae0 unit 70 vlan-id 70 set interfaces ae0 unit 70 family inet address 172.16.202.1/30 set interfaces ae0 unit 308 vlan-id 308 set interfaces ae0 unit 308 family inet address 172.16.248.1/30
Пробросить VLAN через MX:
set interfaces xe-0/0/0 flexible-vlan-tagging set interfaces xe-0/0/0 encapsulation flexible-ethernet-services set interfaces xe-0/0/0 unit 0 family bridge interface-mode trunk set interfaces xe-0/0/0 unit 0 family bridge vlan-id-list 1815 set bridge-domains vlan1815 domain-type bridge set bridge-domains vlan1815 vlan-id 1815
Пробросить VLAN через MX и вклиниться в него:
set interfaces xe-0/0/0 flexible-vlan-tagging set interfaces xe-0/0/0 encapsulation flexible-ethernet-services set interfaces xe-0/0/0 unit 0 family bridge interface-mode trunk set interfaces xe-0/0/0 unit 0 family bridge vlan-id-list 333 set bridge-domains BD-1 vlan-id 333 set bridge-domains BD-1 routing-interface irb.0 set interfaces irb unit 0 family inet address 172.16.33.231/24
L3 интерфейс на IRB:
set interfaces ae0 unit 2389 encapsulation vlan-bridge set interfaces ae0 unit 2389 vlan-tags outer 2 set interfaces ae0 unit 2389 vlan-tags inner 2389 set interfaces irb unit 2389 family inet address 10.36.0.9/30 set bridge-domains vlan-2389 domain-type bridge set bridge-domains vlan-2389 vlan-id none set bridge-domains vlan-2389 no-local-switching set bridge-domains vlan-2389 interface ae0.2389 set bridge-domains vlan-2389 routing-interface irb.2389
Unnumbered на физических портах:
set interfaces xe-0/0/0 flexible-vlan-tagging set interfaces xe-0/0/0 encapsulation flexible-ethernet-services set interfaces xe-0/0/0 unit 10 proxy-arp restricted set interfaces xe-0/0/0 unit 10 vlan-id 10 set interfaces xe-0/0/0 unit 10 family inet address 213.xxx.80.y/23 set interfaces xe-0/0/0 unit 2150 proxy-arp set interfaces xe-0/0/0 unit 2150 vlan-id 2150 set interfaces xe-0/0/0 unit 2150 family inet unnumbered-address xe-0/0/0.10
MX subscriber access auto-configure:
set interfaces xe-0/0/1 flexible-vlan-tagging --- Один ВЛАН set interfaces xe-0/0/1 auto-configure vlan-ranges dynamic-profile VLAN accept dhcp-v4 set interfaces xe-0/0/1 auto-configure vlan-ranges dynamic-profile VLAN ranges 2000-2238 set interfaces xe-0/0/1 stacked-vlan-tagging --- Q-In-Q set interfaces xe-0/0/1 auto-configure stacked-vlan-ranges dynamic-profile 2_VLAN accept dhcp-v4 set interfaces xe-0/0/1 auto-configure stacked-vlan-ranges dynamic-profile 2_VLAN ranges 1200-1296,any set interfaces ae1 flexible-vlan-tagging --- На агрегате set interfaces ae1 auto-configure vlan-ranges dynamic-profile PPPOE-VLAN-1 accept pppoe set interfaces ae1 auto-configure vlan-ranges dynamic-profile PPPOE-VLAN-1 ranges 402-402 set interfaces ae1 auto-configure remove-when-no-subscribers set interfaces ae1 encapsulation flexible-ethernet-services set interfaces ae1 aggregated-ether-options load-balance per-packet set interfaces ae1 aggregated-ether-options minimum-links 1 set interfaces ae1 aggregated-ether-options link-speed 1g set interfaces ae1 unit 10 vlan-id 10 set interfaces ae1 unit 10 family inet address 185.46.220.29/27 set interfaces ae1 unit 403 vlan-id 403 set interfaces ae1 unit 403 family inet6 address 2a01:89a0:4000:1::1/64
Примеры конфигурации интерфейсов с использованием groups:
grp-intf-xe-p {
interfaces {
<xe-*> {
mtu 9100;
hold-time up 0 down 0;
gigether-options {
no-flow-control;
no-auto-negotiation;
}
unit 0 {
family mpls {
maximum-labels 5;
}
}
}
}
}
xe-2/0/0 {
apply-groups grp-intf-xe-p;
description "Link";
unit 0 {
family inet {
address 10.х.115.х/30;
}
family mpls;
}
}
groups {
PRODUCTION-VLANS {
interfaces {
"<xe-[2-5]/0/*>" {
unit 0 {
family ethernet-switching {
interface-mode trunk;
vlan {
members [ 78 97 126-127 601-602 606 609 615 620 622-623 631 645 935 ];
}
}
}
}
}
}
Примеры конфигурации интерфейсов EX:
set interfaces ge-0/0/2 description ACC-PORT set interfaces ge-0/0/2 unit 0 family ethernet-switching port-mode access set interfaces ge-0/0/2 unit 0 family ethernet-switching vlan members 20 set interfaces ge-0/0/3 description TRUNK-PORT set interfaces ge-0/0/3 unit 0 family ethernet-switching port-mode trunk set interfaces ge-0/0/3 unit 0 family ethernet-switching vlan members 5 set interfaces ge-0/0/1 description NATIVE-VLAN set interfaces ge-0/0/1 unit 0 family ethernet-switching port-mode trunk set interfaces ge-0/0/1 unit 0 family ethernet-switching vlan members 8-9 set interfaces ge-0/0/1 unit 0 family ethernet-switching native-vlan-id 2 set interfaces vlan unit 2 family inet address 192.168.1.14/24 set vlans vlan_2 vlan-id 2 set vlans vlan_2 l3-interface vlan.2
Использование interface-range:
set interfaces ge-0/0/1 unit 0 family ethernet-switching set interfaces interface-range clients member-range ge-0/0/0 to ge-0/0/21 set interfaces interface-range clients unit 0 family ethernet-switching port-mode trunk set interfaces interface-range clients unit 0 family ethernet-switching vlan members 216 set interfaces interface-range clients unit 0 family ethernet-switching native-vlan-id 1
Comments
So empty here ... leave a comment!