友情提示:如果本网页打开太慢或显示不完整,请尝试鼠标右键“刷新”本网页!
路由器基本知识及应用实例(DOC格式)-第7部分
快捷操作: 按键盘上方向键 ← 或 → 可快速上下翻页 按键盘上的 Enter 键可回到本书目录页 按键盘上方向键 ↑ 可回到本页顶部! 如果本书没有阅读完,想下次继续接着阅读,可使用上方 "收藏到我的浏览器" 功能 和 "加入书签" 功能!
protocol udp;
port 33434…33600;
}
then {
count traceroute;
accept;
}
}
term allow…UDP {
from {
destination…address {
127。0。0。2/32;
210。82。108。251/32;
}
protocol udp;
}
then accept;
}
term allow…telnet…traininglab {
from {
destination…address {
210。82。108。252/32;
}
protocol tcp;
}
then accept;
}
inactive: term allow…NSM…management {
from {
source…address {
207。17。136。56/32;
}
destination…address {
210。82。108。234/32;
}
}
then {
count NSM…Management;
log;
syslog;
accept;
}
}
/* Discard all other traffic */
term DiscardRest {
then {
count discarded;
log;
syslog;
discard;
}
}
}
filter ProtectRE {
/*Sunnyvale;BJ&HK valid address*/
term ssh…permit {
/* Valid address */
from {
source…address {
207。17。136。129/32;
172。16。0。0/12;
203。193。18。0/28;
210。82。108。192/26;
207。17。136。150/32;
193。110。49。4/32;
203。193。18。222/32;
}
protocol tcp;
destination…port ssh;
}
then {
count ssh…permitted;
accept;
}
}
/* Denies all other SSH counts and logs attempts */
term ssh…deny {
from {
protocol tcp;
destination…port ssh;
}
then {
count ssh…denied;
log;
syslog;
discard;
}
}
/* Denies all telnet counts and logs attempts */
term telnet…denied {
from {
protocol tcp;
destination…port telnet;
}
then {
count telnet…denied;
log;
syslog;
discard;
}
}
/* Allows other traffic for rounting protocols; etc */
term permit…everything {
then {
count other…permitted;
accept;
}
}
}
/* Only allows packets valid BJ source address */
filter StopOutboundSpoof {
term deny…martian…1918 {
from {
destination…address {
172。16。0。0/12;
10。0。0。0/8;
192。168。0。0/16;
0。0。0。0/8;
127。0。0。0/8;
128。0。0。0/16;
191。255。0。0/16;
223。255。255。0/24;
240。0。0。0/4;
}
}
then {
count outbound…martian;
syslog;
discard;
}
}
term valid…address {
from {
source…address {
210。82。108。192/26;
210。82。104。73/32;
}
}
then {
sample;
accept;
}
}
term spoof…address {
then {
count spoof…outbound;
log;
syslog;
discard;
}
}
}
filter block…worm {
term block…port {
from {
protocol ' tcp udp ';
destination…port ' 445 135 139 4444 5800 5900 ';
}
then {
count blocked_port;
log;
discard;
}
}
term bad…icmp {
from {
protocol icmp;
icmp…type echo…request;
icmp…code 0;
tcp…flags 0xaaaaaaaa;
}
then {
count internal_bad…icmp;
syslog;
discard;
}
}
term BadTFTP {
from {
fragment…offset 0;
protocol udp;
destination…port 69;
}
then {
count internal_BadTFTP;
log;
discard;
}
}
term reset_permit {
then accept;
}
}
3。2。3 业务配置
VPN业务采用如图拓扑:
MPLS基本配置
protocols {
ldp {
interface type…fpc/pic/port;
}
mpls{
interface type…fpc/pic/port;
}
}
interfaces {
type…fpc/pic/port {
unit logical…unit…number {
family mpls;
}
}
}
PE之间的MP…IBGP配置为:
lab@T640# show protocols bgp
group pe…pe {
type internal;
local…address 192。168。0。11;
family inet {
unicast;
}
family inet…vpn {
unicast;
}
family l2vpn {
unicast;
}
neighbor 192。168。0。12;
}
MPLS L3 VPN配置
routing…instances {
l3vpn…1 {
instance…type vrf;
interface ge…1/2/0。10;
interface lo0。20;
route…distinguisher 100:1;
vrf…target target:100:1;
}
}
MPLS L2 VPN(Kompella方式)配置
routing…instances {
l2vpn…1 {
instance…type l2vpn;
interface ge…2/3/0。600;
route…distinguisher 100:2;
vrf…target target:100:2;
protocols {
l2vpn {
encapsulation…type ethernet…vlan;
site t640…lr {
site…identifier 2;
interface ge…2/3/0。600 {
remote…site…id 1;
}
}
}
}
}
}
Interfaces {
ge…1/2/0 {
vlan…tagging;
unit 600 {
encapsulation vlan…ccc;
vlan…id 600;
}
}
}
MPLS L2 VPN(Martini方式)配置
l2circuit {
neighbor 192。168。0。12 {
interface so…0/2/2。2 {
protect…interface so…0/2/0。2;
virtual…circuit…id 2;
no…control…word;
}
}
}
Interfaces{
so…0/2/2 {
encapsulation frame…relay…ccc;
unit 1 {
encapsulation frame…relay…ccc;
point…to…point;
dlci 600;
}
}
}
VPLS配置
routing…instances {
vpls…1 {
instance…type vpls;
interface ge…2/3/0。1000;
route…distinguisher 100:30;
vrf…target target:100:30;
protocols {
vpls {
mac…table…size 1024;
site 640 {
site…identifier 1;
}
}
}
}
}
Interfaces {
ge…1/2/0 {
vlan…tagging;
unit 1000 {
encapsulation vlan…vpls;
vlan…id 1000;
}
}
}
3。2。4 系统维护常用命令
本工程主要涉及JuniperT640路由器。以下对它们的一般硬件维护事项作出说明。
对于硬件故障的判断,一般可以通过以下介绍的指令完成。另外,确定硬件故障点的方法主要采用互换比较手段,即尽量创造条件将同类的硬件部件互换插槽位置或彼此切换主备状态,比较前后的系统现象来进行判断。
3。4。1 软件配置维护及系统安装
系统管理员应做到定期观察路由器的工作状态;记录保存重要数据及配置。
在Juniper路由器中可以通过多种方式对当前路由器的运行配置进行保存。
保存配置到内部FLASH或硬盘:进入路由器配置状态。
SAVE文件名………》到FLASH
SAVE路径/文件名………》到硬盘
保存到外部的FTP服务器
SAVE FTP://IPADDRESS/文件名
同样可以用LOAD命令对所保存的配置进行调用。
当有新的系统软件JUNOS发布时用户可通过如下方式进行对路由器系统软件的升级:
进入(登录)路由器操作模式:REQUEST SYSTEM SOFTWARE ADD FTP://IPADDRESS/软件包文件名名称。IPADDRESS是一台存放JUNOS软件的FTP服务器
3。4。2 获得支持信息(REQUEST SUPPORT INFORMATION)
可以将系统的软硬件信息(包括系统硬件信息/软件版本/系统资源使用状况/系统当前配置等)收集在一起;并可以按文件形式输出:
noc2004@BJ…BB1…T640》request support information
Hostname:BJ…BB1…T640
Model:T640
JUNOS base'6。3R1。3'
JUNOS Kernel Software Suite'6。3R1。3'
JUNOS Routing Software Suite'6。3R1。3'
JUNOS Packet Forwarding Engine Support'6。3R1。3'
JUNOS Online Documentation Files'6。3R1。3'
……………………………………………………………………省略………………………………………………………………
将信息收集到指定文件'SUPPORT'中:
noc2004@BJ…BB1…T640》request support information ?
Possible pletions:
Execute this mand
|Pipe through a mand
noc2004@BJ…BB1…T640》request support information | save support
Wrote 1784 lines of output to 'support'
3。4。3 获得系统硬件配置信息(SHOW CHASSIS HARDWARE)
可以得到路由器检测到的所有硬件模块数量类型/序列号。该命令在返修设备时可用。
noc2004@BJ…BB1…T640》 》 show chassis hardware
Hardware inventory:
Item Version Part number Serial number Description
Chassis 55515 T640
Midplane REV 03 710…005608 RA1409
FPM GBUS REV 09 710…002901 RA3286
FPM Display REV 05 710…002897 RA2810
CIP REV 06 710…002895 HT7570
PEM 0 Rev 08 740…002595 PF15893 Power Entry Module
PEM 1 Rev 08 740…002595 PF15889 Power Entry Module
SCG 0 REV 11 710…003423 HS9265
SCG 1 REV 11 710…003423 HS9323
Routing Engine 0 REV 13 740…005022 P10865704208 RE…3。0
Routing Engine 1 REV 13 740…005022 P10865704235 RE…3。0
CB 0 REV 15 710…002728 HT1782
CB 1 REV 14 710…002728 BE8370
FPC 0 REV 07 710…010154 HS0650 E…FPC Type 3
CPU REV 04 710…010169 HS0584
PIC 0 REV 10 750…004535 HN7863 1x STM…64 SM I…64。2
PIC 1 REV 10 750…004535 HM0709 1x STM…64 SM I…64。2
PIC 2 REV 04 750…007151 HM2576 4x STM…16 SDH; SMSR
PIC 3 REV 07 750…007141 HP4005 10x 1GE(LAN); 1000 BASE
SFP 0 REV 01 740…007327 P4A0NA3 SFP…LX
SFP 1 REV 01 740…007327 P4A0NDN SFP…LX
SFP 2 REV 01 740…007327 P4A0NCL SFP…LX
SFP 3 REV 01 740…007327 P11NKKH SFP…LX
SFP 4 REV 01 740…007326 2380281 SFP…SX
SFP 5 REV 01 740…007326 2380283 SFP…SX
SFP 6 REV 01 740…007326 2380279 SFP…SX
SFP 7 REV 01 740…007326 2380270 SFP…SX
SFP 8 REV 01 740…007326 2380368 SFP…SX
MMB 0 REV 03 710…010171 HZ5303
MMB 1 REV 03 710…010171 HS6928
FPC 1 REV 09 710…010157 HZ5360 E…FPC Type 2
CPU REV 04 710…010169 HS0588
PIC 0 REV 06 750…007218 BF3121 2x OC…12 ATM…II IQ; SMIR
PIC 1 REV 07 750…002510 HS2561 2x G/E; 1000 BASE…SX
MMB 1 REV 03 710…010171 HZ5259
SPMB 0 REV 08 710…003229 HT3140
SPMB 1 REV 08 710…003229 BF5269
SIB 0 REV 04 750…005486 HT3314 SIB…I8…F16
SIB 1 REV 02 750…005486 HM1606 SIB…I8…F16
SIB 2 REV 04 750…005486 HT3320 SIB…I8…F16
SIB 3 REV 04 750…005486 HT2812 SIB…I8…F16
SIB 4 REV 04 750…005486 HT3303 SIB…I8…F16
3。4。4了解系统运行环境(SHOW CHASSIS ENVIRMONENT)
可以通过键入;观察某个硬件模块的环境参数:
SHOW CHASSIS ENVIRONMENT PEM
SHOW CHASSIS ENVIRONMENT PCG
SHOW CHASSIS ENVIRONMENT MCS
SHOW CHASSIS ENVIRONMENT SFM
SHOW CHASSIS ENVIRONMENT FPC
SHOW CHASSIS ENVIRONMENT FPM
noc2004@BJ…BB1…T640》 show chassis environment
Class Item Status Measurement
Temp PEM 0 OK 21 degrees C / 69 degrees F
PEM 1 OK 21 degrees C / 69 degrees F
SCG 0 OK 30 degrees C / 86 degrees F
SCG 1 OK 28 degrees C / 82 degrees F
Routing Engine 0 OK 32 degrees C / 89 degrees F
Routing Engine 1 OK 32 degrees C / 89 degrees F
CB 0 OK 27 degrees C / 80 degrees F
CB 1 OK 32 degrees C / 89 degrees F
SIB 0 OK 32 degrees C / 89 degrees F
SIB 1 OK 33 degrees C / 91 degrees F
SIB 2 OK 33 degrees C / 91 degrees F
SIB 3 OK 33 degrees C / 91 degrees F
SIB 4 OK 33 degrees C / 91 degrees F
FPC 0 Top OK 37 degrees C / 98 degrees F
FPC 0 Bottom OK 24 degrees C / 75 degrees F
FPC 1 Top OK 25 degrees C / 77 degrees F
FPC 1 Bottom OK 20 degrees C / 68 degrees F
FPM GBUS OK 22 degrees C / 71 degrees F
FPM Display OK 25 degrees C / 77 degrees F
Fans Top Left Front fan OK Spinning at normal speed
Top Left Middle fan OK Spinning at normal speed
Top Left Rear fan OK Spinning at normal speed
Top Right Front fan OK Spinning at normal speed
Top Right Middle fan OK Spinning at normal speed
Top Right Rear fan OK Spinning at normal speed
Bottom Left Front fan OK Spinning at normal speed
Bottom Left Middle fan OK Spinning at normal speed
Bottom Left Rear fan OK Spinning at normal speed
Bottom Right Front fan OK Spinning at normal speed
Bottom Right Middle fan OK Spinning at normal speed
Bottom Right Rear fan OK Spinning at normal speed
Fourth Blower from top OK Spinning at normal speed
Bottom Blower OK Spinning at normal speed
Middle Blower OK Spinning at normal speed
Top Blower OK Spinning at normal speed
Second Blower from top OK Spinning at normal speed
Misc CIP OK
SPMB 0 OK
SPMB 1 OK
3。4。5获得系统设备告警(SHOW CHASSIS ALARM)
noc2004@BJ…BB1…T640》show chassis alarms
No alarms currently active
3。4。6了解系统FPC运行情况(SHOW CHASSIS FPC)
SLOTSTATE:可能的状态有:EMPTY/ONLINE/OFFLINE/PRESENT/UNRESPONSIVE
当在设备上新插入一块FPC时;系统会显示PRESENT状态表明该硬件已备路由器检测到;可以通过命令(见下)或按压FPC按钮的方式使其ONLINE。
Request chassis fpc slot x online'offline';若反复使用该命令后发现其状态为UNRESPONSIVE;通过更换此FPC的槽位仍不奏效;则可初步认为该板已损坏。请联系集成商或厂商作确认和返修。
noc2004@BJ…BB1…T640》 show chassis fpc
Temp CPU Utilization (%) Memory Utilization (%)
Slot State (C) Total Interrupt DRAM (MB) Heap Buffer
0 Empty 0 0 0 0 0 0
1 Online 42 4 0 64 0 39
2 Online 42 4 0 32 1 39
3 Empty 0 0 0 0 0 0
4 Empty 0 0 0 0 0 0
5 Empty 0 0 0 0 0 0
6 Online
快捷操作: 按键盘上方向键 ← 或 → 可快速上下翻页 按键盘上的 Enter 键可回到本书目录页 按键盘上方向键 ↑ 可回到本页顶部!
温馨提示: 温看小说的同时发表评论,说出自己的看法和其它小伙伴们分享也不错哦!发表书评还可以获得积分和经验奖励,认真写原创书评 被采纳为精评可以获得大量金币、积分和经验奖励哦!