通过路由,交换,安全,Qos四大典型技术模块同你分享网络运维中的技术难题,让老司机带你躲过网络运维常见的那些坑, 查看详情>>>
0

我的帖子

个人中心

设置

  发新话题
大神们好,我们公司刚买了一个SRX300, 拿来当防火墙和路由器,下接二层交换机,交换机上有多个VLAN,请问该怎么配置关于VLAN这一块啊,我网上查资料试了好多,都不行



set interfaces fe-2/0/1 vlan-tagging              ――――在配置接口启用封装VLAN
set interfaces fe-2/0/1 unit 424 vlan-id424       ―――――配置子接口,VLAN 424
set interfaces fe-2/0/1 unit 424 familyinet address 192.168.254.146/30  ――配置子接口地址

防火墙与与路由器功能上有重叠之处。路由功能 、NAT一样,重点在防火墙与内网交换机互联起trunk, 防火墙上起子接口,配置不同vlan ,不同网关。


防火墙区域上要把这些子接口进行关联。
如果内网多个段想允许互访 ,还要写trust to trust 的any any 策略




本帖最后由 小侠唐在飞 于 2018-3-11 13:06 编辑
【大侠唐在飞出品网络教学视频课程 】
天下风云出我辈, 一入江湖岁月催。当年的“小侠唐在飞” 如今变成了“大侠唐在飞”。♫金杯银杯,不如网友的口碑;金奖银奖,不如网友的褒奖;熊掌鸭掌,不如网友的鼓掌~   
☺欢迎加入“唐志强技术教学交流群”,群号:67182271。   ♥【51CTO最受欢迎讲师投票开启了。找到--大侠唐在飞,投下一票吧。每天可投一次
那就配置啊。二层陪trunk。在不行上个三层。。




引用:
原帖由 小侠唐在飞 于 2018-3-11 00:21 发表
set interfaces fe-2/0/1 vlan-tagging              ――――在配置接口启用封装VLAN
set interfaces fe-2/0/1 unit 424 vlan-id424       ―――――配置子接口,VLAN 424
set interfaces fe-2/0/1 unit 424 familyi ...
唐老师,这个已经配好了,网络也通了。
但我现在想继续实现以下功能:
1、实现ip地址自动获取
2、实现不同vlan间互访

还需要配哪些命令啊?

另外我在网上看到下面这种配置方式,不知道跟现在这个有什么不同?功能有什么不一样吗?
1:set vlans changzhoudaxuevlan vlan-id 1801
2:set interfaces xe-1/0/2 unit 0 family ethernet-switching port-mode trunk
3:set interfaces xe-1/0/2 unit 0 family ethernet-switching vlan members changzhoudaxuevlan
4:set interfaces vlan  unit 1801 family inet6 address 2001:da8:a3:d001::1/64
5:set vlans changzhoudaxuevlan l3-interface vlan.2001 (关联vlan和三层接口)



这个是所有配置命令,我自己瞎配了个dhcp,但是好像不起作用

set system services web-management http interface all
set system services dhcp pool 192.168.3.0/24 address-range low 192.168.3.2
set system services dhcp pool 192.168.3.0/24 address-range high 192.168.3.100
set system services dhcp pool 192.168.3.0/24 router 192.168.3.1
set system services dhcp pool 192.168.3.0/24 propagate-settings ge-0/0/3.3
set security nat source rule-set 111 from zone trust
set security nat source rule-set 111 to zone untrust
set security nat source rule-set 111 rule 111 match source-address 0.0.0.0/0
set security nat source rule-set 111 rule 111 then source-nat interface
set security policies from-zone trust to-zone untrust policy TTU match source-address any
set security policies from-zone trust to-zone untrust policy TTU match destination-address any
set security policies from-zone trust to-zone untrust policy TTU match application any
set security policies from-zone trust to-zone untrust policy TTU then permit
set security policies from-zone trust to-zone trust policy 123 match source-address any
set security policies from-zone trust to-zone trust policy 123 match destination-address any
set security policies from-zone trust to-zone trust policy 123 match application any
set security policies from-zone trust to-zone trust policy 123 then permit
set security zones security-zone trust host-inbound-traffic system-services all
set security zones security-zone trust host-inbound-traffic protocols all
set security zones security-zone trust interfaces ge-0/0/5.0
set security zones security-zone trust interfaces ge-0/0/2.0
set security zones security-zone trust interfaces ge-0/0/2.1
set security zones security-zone trust interfaces ge-0/0/2.2
set security zones security-zone trust interfaces ge-0/0/3.3
set security zones security-zone trust interfaces ge-0/0/3.4
set security zones security-zone trust interfaces ge-0/0/3.0
set security zones security-zone untrust host-inbound-traffic system-services all
set security zones security-zone untrust host-inbound-traffic protocols all
set security zones security-zone untrust interfaces ge-0/0/0.0
set interfaces ge-0/0/0 unit 0 family inet address 58.246.114.114/29
set interfaces ge-0/0/2 vlan-tagging
set interfaces ge-0/0/2 unit 0 vlan-id 1
set interfaces ge-0/0/2 unit 0 family inet address 192.168.0.1/24
set interfaces ge-0/0/2 unit 1 vlan-id 11
set interfaces ge-0/0/2 unit 1 family inet address 192.168.1.1/24
set interfaces ge-0/0/2 unit 2 vlan-id 2
set interfaces ge-0/0/2 unit 2 family inet address 192.168.2.1/24
set interfaces ge-0/0/3 vlan-tagging
set interfaces ge-0/0/3 unit 0 vlan-id 1
set interfaces ge-0/0/3 unit 0 family inet address 192.168.0.1/24
set interfaces ge-0/0/3 unit 3 vlan-id 3
set interfaces ge-0/0/3 unit 3 family inet dhcp
set interfaces ge-0/0/3 unit 4 vlan-id 4
set interfaces ge-0/0/3 unit 4 family inet address 192.168.4.1/24
set interfaces ge-0/0/5 unit 0 family inet address 192.168.6.1/24
set routing-options static route 0.0.0.0/0 next-hop 58.246.114.113



‹‹ 上一贴:LDP VPLS BGP auto discovery 中RR配置请教【已解决】 ...   |   下一贴:JUNIPER问题 ››
  发新话题
快速回复主题
关于我们 | 诚聘英才 | 联系我们 | 网站大事 | 友情链接 |意见反馈 | 网站地图
Copyright©2005-2018 51CTO.COM
本论坛言论纯属发布者个人意见,不代表51CTO网站立场!如有疑义,请与管理员联系:bbs@51cto.com