Junos Normal

PRIMERO BORRAR TODA LA SEGURIDAD
DELETE SECURITY
Set security forwarding-options family mpls mode packet-based (Si no se tiene
pines)
commit (Guardar)
configure private
set system host-name BDF_BOG_C100K23_I

set interfaces ge-0/0/0 ether-options auto-negotiation (Negociacion de la
interface)
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% CREAR POLITICA LIMITANTE %%%%%%%%%%%%%%%%%%%%%

%%%%%%%%%%%%%%%
etb@GOBER_TOLIMA_LIB_C2K2_I# set security forwarding-options family mpls mode
packet-based
set firewall policer 8MB if-exceeding bandwidth-limit 8m
set firewall policer 8MB if-exceeding burst-size-limit 625k
set firewall policer 8MB then discard
set interfaces irb unit 301 description CONEXION_WAN

set interfaces irb unit 301 family inet policer input 8MB
set interfaces irb unit 301 family inet policer output 8MB
run show interfaces ge-0/0/0 statistics (ver trafico saturacion)
set interfaces irb unit 0 family inet address 10.175.106.145/30
etb@GOBER_TOLIMA_GUA_C3K2# delete access address-assignment pool junosDHCPPool esta

por defecto
set interfaces irb unit 501 description CONEXION_WAN

set interfaces irb unit 501 family inet policer input 8MB
set interfaces irb unit 501 family inet policer output 8MB
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%SECURE%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
%
set routing-options static route 0.0.0.0/0 next-hop 10.189.44.249
delete security forwarding-options family mpls mode packet-based
set security zones security-zone trust host-inbound-traffic system-services all

set security zones security-zone trust host-inbound-traffic protocols all
set security zones security-zone trust interfaces ge-0/0/0.0
set security zones security-zone trust interfaces irb.0
set security policies from-zone trust to-zone trust policy any match source-address
any
set security policies from-zone trust to-zone trust policy any match destination-
address any
set security policies from-zone trust to-zone trust policy any match application
any
set security policies from-zone trust to-zone trust policy any then permit
set security zones security-zone trust interfaces lo0.0
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%BANNER%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
set system login announcement "\n
!*EEEEEEEEEEEEEEEEEEEEE: ***************************\n
TEEEEEEEEEEEEEEEEEEEEEEEEEEEE * UNIDAD DE SERVICIOS *\n
.EEEEEEEEETEEEEEE :!++: * PENITENCIARIOS Y *\n
ET!. EEEEE! * CARCELARIOS SPC *\n
EEEEEE +EEEET * Barrio las Mercede *\n
*TEEEEEEE! :EEEEE. EEEEE. * T�QUERRES *\n
!EEEEEEEEEEEEE: EEEEE+ EEEEE* ***************************\n
TEEEEE .TEEEE+ +EEEEE :EEEEE * *\n
*EEEEE :EEEEE! EEEEEE! *EEEEE! .TEEEE: * El acceso a este equipo *\n
EEEEE. .EEEEEE: .EEEEE: EEEEE! +EEEEEEEE+ * es solo para personal *\n
EEEEEEEEEEEEEEE: EEEEET TEEEEEEEEEEEEEEEEE* * autorizado de ETB. *\n
EEEEE++++!. TEEEEE :EEEEEEE* EEEEEE! * *\n
EEEEE EEEEE+ EEEEEE+ .EEEEET * Toda actividad sera *\n
EEEEEE: .!TE+ EEEEEE *EEEEE. EEEEEE * monitoreada y almacenada*\n
*EEEEEEEEEEEEEE .EEEEE: EEEEE! *EEEEE! * y podra ser utilizada *\n
!EEEEEEEEE+: !EEEEET TEEEET EEEEEE: * legalmente. *\n
EEEEE* .TEEEEE! .TEEEEEET * *\n
+*+** EEEEEEEEEEEEE+ * *\n
.TEEEEEE+. * *\n
!Atencion: *******************************************************************\n
Usted esta a punto de utilizar un recursos tecnologico de ETB para
USPEC_TUQ_BARRMERC_D,\n
no ingrese si no esta autorizado. Recuerde que su clave de acceso es personal e\n
intransferible. La divulgacion de la clave puede afectar la seguridad de nuestra
red.\n
En caso de sospecha de divulgacion de su clave proceda a cambiarla de inmediato.\n
******************************************************************************\n"
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
comandos de verificacion
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
etb@ORGAN_SERASES_BAR_K54C72# run show interfaces terse
etb@ORGAN_SERASES_BAR_K54C72# Interface Admin Link Proto Local
etb@ORGAN_SERASES_BAR_K54C72# deactivate interfaces irb.0

etb@ORGAN_SERASES_BAR_K54C72# run ping 200.75.51.132 source 192.168.1.1 rapid count
1000
etb@ORGAN_SERASES_BAR_K54C72# run show interfaces ge-0/0/0 statistics
etb@ORGAN_SERASES_BAR_K54C72# show | compare
etb@ORGAN_SERASES_BAR_K54C72# run show chassis hardware
etb@MUNIC_NEIVA_NEI_K7C86_I> show dhcp server binding
etb@MUNIC_NEIVA_NEI_K7C86_I> show security flow session nat
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
configuar usuario
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
admin@GOBER_TOLIMA_LIB_C2K2_I# set system login user etb authentication plain-text-
password
New password:
Retype new password:
admin@GOBER_TOLIMA_LIB_C2K2_I#
************************************************
enr
admin@GOBER_TOLIMA_LIB_C2K2_I# run show interfaces ge-0/0/0 --> trafico
Physical interface: ge-0/0/0, Enabled, Physical link is Up
GOBER_TOLIMA_LIB_C2K2_I# show | compare
GOBER_TOLIMA_ESP_BVILLACA> show system uptime
GOBER_TOLIMA_LIB_C2K2_I> show version
admin@GOBER_TOLIMA_LER_C8K12_I> clear interfaces statistics ge-0/0/0.0

%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
eliniar errores --> clear interfaces statistics ge-0/0/0
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
GU
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
LOOBACK
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
set interfaces lo0 unit 0 description GRAFICACION_GU
set interfaces lo0 unit 0 family inet address 10.171.233.232/32
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
RUTAS
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
set routing-options static route 10.243.16.73/32 next-hop 10.195.3.137 ==== WAN
GESTION
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
LISTAS
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
set snmp community junbdf000 authorization read-write
set snmp community junbdf000 clients 10.243.16.73/32
set snmp community junbdf000 clients 0.0.0.0/0 restrict
set snmp trap-options source-address lo0
set snmp trap-group ETB targets 10.243.16.81
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
PLATINO
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
set interfaces ge-0/0/0 unit 0 family inet sampling input
set interfaces ge-0/0/0 unit 0 family inet sampling output
set interfaces ge-0/0/0 unit 0 family inet addres X.X.X.X/XX
set forwarding-options sampling input rate 100 (Tiempo)
set forwarding-options sampling family inet output flow-server 10.243.16.81 port
3552
set forwarding-options sampling family inet output flow-server 10.243.16.81 version
5
set forwarding-options sampling family inet output inline-jflow source-address
10.171.232.20 -->LOOBACK
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
TAGEAR UN PUERTO
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
set interfaces ge-0/0/1 vlan-tagging
set interfaces ge-0/0/1 unit 0 vlan-id 201
set interfaces ge-0/0/1 unit 0 family inet mtu 1500
set interfaces ge-0/0/1 unit 0 family inet address 10.189.105.142/30
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% CREAR VLAN %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%

%
SE BORRAR
delete interfaces ge-0/0/1 unit 0 family ethernet-switching

delete vlans vlan-trust

set vlans vlan-2 vlan-id 2
set vlans vlan-2 l3-interface irb.0
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% SE CREA %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
set interfaces ge-0/0/1 unit 0 family ethernet-switching vlan members vlan-2

request system reboot (Reiniciar)

**********************************************************************************
bgp
**********************************************************************************
VRRP PRINCIPAL
set interfaces irb unit 0 family inet address 10.23.251.139/29 vrrp-group 1

virtual-address 10.23.251.138
priority 120
set interfaces irb unit 0 family inet address 10.23.251.139/29 vrrp-group 1 preempt
set interfaces irb unit 0 family inet address 10.23.251.139/29 vrrp-group 1 accept-
data
set interfaces irb unit 0 family inet address 10.23.251.139/29 vrrp-group 1 track
interface ge-0/0/0 priority-cost 40
VRRP BACKUP

virtual-address 186.155.231.201
priority 90
preempt
accept-data
*********************************************************
set routing-options autonomous-system 65524

set protocols bgp group BGP_65524 type external
set protocols bgp group BGP_65524 import mpls
set protocols bgp group BGP_65524 export LAN_POLITICA
set protocols bgp group BGP_65524 peer-as 19429
set protocols bgp group BGP_65524 neighbor 10.249.141.13
set policy-options policy-statement LAN_POLITICA term lan from interface irb.0

set policy-options policy-statement LAN_POLITICA term lan from state active
set policy-options policy-statement LAN_POLITICA term lan then accept
set policy-options policy-statement LAN_POLITICA term filtro from route-filter
190.24.112.80/29 exact
set policy-options policy-statement LAN_POLITICA term filtro then accept

set policy-options policy-statement LAN_POLITICA term otras then reject
set policy-options policy-statement mpls from protocol bgp

set policy-options policy-statement mpls from protocol static

10.23.240.0/24 exact
10.206.44.59/32 exact
********************************
ENTUITY
********************************
set system time-zone America/Bogota
set system ntp boot-server 192.168.174.236
set system ntp server 192.168.174.236 prefer

set interfaces lo0 unit 0 description GRAFICACION_ENTUITY
set snmp community Un1d4d5pcnt160518 authorization read-write

set snmp community Un1d4d5pcnt160518 clients 10.10.200.2/32
set snmp community Un1d4d5pcnt160518 clients 10.10.201.2/32
set snmp community Un1d4d5pcnt160518 clients 0.0.0.0/0 restrict
set snmp trap-options source-address lo0
set forwarding-options sampling input rate 100

set forwarding-options sampling family inet output flow-server 10.10.201.2 port
3552
set forwarding-options sampling family inet output flow-server 10.10.201.2 version
5
set forwarding-options sampling family inet output inline-jflow source-address
172.16.17.15
**********
TRONCAL
**********
set interfaces irb unit 109 family inet sampling input
set interfaces irb unit 109 family inet sampling output
**********
acceso
**********
set interfaces ge-0/0/0 unit 0 family inet sampling input
set interfaces ge-0/0/0 unit 0 family inet sampling output
*************************************
verificacion snmp
*************************************
etb@USPEC_POP_K3C4_D> show snmp statistics
SNMP statistics:
Input:
Packets: 21870, Bad versions: 0, Bad community names: 11865,
Bad community uses: 0, ASN parse errors: 0,
Too bigs: 0, No such names: 0, Bad values: 0,
Read onlys: 0, General errors: 0,
Total request varbinds: 24893, Total set varbinds: 0,
Get requests: 4550, Get nexts: 5455, Set requests: 0,
Get responses: 0, Traps: 0,
Silent drops: 0, Proxy drops: 0, Commit pending drops: 0,
Throttle drops: 0, Duplicate request drops: 0
V3 Input:
Unknown security models: 0, Invalid messages: 0
Unknown pdu handlers: 0, Unavailable contexts: 0
Unknown contexts: 0, Unsupported security levels: 0
Not in time windows: 0, Unknown user names: 0
Unknown engine ids: 0, Wrong digests: 0, Decryption errors: 0
*************************************
TRONCAL
*************************************
delete interfaces ge-0/0/0
delete security
set security zones security-zone trust host-inbound-traffic system-services all

set security zones security-zone trust host-inbound-traffic protocols all
set security policies from-zone trust to-zone trust policy any match source-address
any
set security policies from-zone trust to-zone trust policy any match destination-
address any
set security policies from-zone trust to-zone trust policy any match application
any
set security policies from-zone trust to-zone trust policy any then permit
set vlans VLAN101 vlan-id 101
set vlans VLAN101 l3-interface irb.101
set interfaces ge-0/0/0 unit 0 family ethernet-switching interface-mode trunk
set interfaces ge-0/0/0 unit 0 family ethernet-switching vlan members VLAN101
set interfaces irb.101 family inet address 10.241.206.154/30
******************************************
set interfaces ge-0/0/1 native-vlan-id 3
set interfaces ge-0/0/1 unit 0 family ethernet-switching vlan members vlan-trust
set interfaces ge-0/0/1 unit 0 family ethernet-switching vlan members vlan5
set interfaces irb unit 5 description switching

set vlans vlan5 vlan-id 5
set vlans vlan5 l3-interface irb.5
*************************************
GESTION
*************************************

set vlans VLAN202 vlan-id 202
set vlans VLAN202 l3-interface irb.202
set interfaces ge-0/0/0 unit 0 family ethernet-switching vlan members VLAN202
set interfaces irb.202 family inet address 10.255.76.42/30
set interfaces irb unit 202 description CONEXION_WAN_GESTION
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
NTP PARA CENTREX JUNOS
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
set system time-zone America/Bogota

set routing-options static route 192.168.174.236/32 next-hop 10.223.61.117 -?
hacia la ip de MPLS CENTREX
set routing-options static route 192.168.174.237/32 next-hop 10.223.61.117 ?
hacia la ip de MPLS CENTREX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
RUTAS



VERIFICACION
etb@CONSU_COLOMBI_BOG_C30K6_I> show ntp associations
remote refid st t when poll reach delay offset jitter
===============================================================================
*192.168.174.236 200.89.75.198 3 - 63 64 1 2.143 -62.662 6.607
etb@CONSU_COLOMBI_BOG_C30K6_I> show ntp status

status=0644 leap_none, sync_ntp, 4 events, event_peer/strat_chg,
version="ntpd 4.2.0-a Tue Dec 13 15:04:13 2016 (1)",
processor="octeon", system="JUNOS15.1X49-D70.3", leap=00, stratum=4,
precision=-19, rootdelay=151.969, rootdispersion=157.142, peer=2180,
refid=192.168.174.236,
reftime=de3ed999.4aa0f303 Mon, Feb 26 2018 14:08:09.291, poll=6,
clock=de3ed9a1.d8fa4ac9 Mon, Feb 26 2018 14:08:17.847, state=4,
offset=-62.662, frequency=88.102, jitter=5.257, stability=0.343
**************************************
etb@PMSLEGU_GUA_HAC_ESP_LAUNI_D> show snmp statistics
SNMP statistics:
Input:
Packets: 26328, Bad versions: 0, Bad community names: 99,
Bad community uses: 0, ASN parse errors: 0,
Too bigs: 0, No such names: 0, Bad values: 0,
Read onlys: 0, General errors: 0,
Total request varbinds: 52738, Total set varbinds: 0,
Get requests: 10236, Get nexts: 15993, Set requests: 0,
***********************************************************
set interfaces ge-0/0/3 unit 0 family ethernet-switching vlan members vlan-trust
set vlans vlan-2 vlan-id 2

set vlans vlan-2 l3-interface irb.0
set vlans vlan-trust vlan-id 3

set vlans vlan-trust l3-interface irb.1

************
set interfaces irb unit 0 description LAN_CAMARA

set interfaces irb unit 1 description LAN_UPS
*****************
multicast
*****************
set interfaces ge-0/0/0 per-unit-scheduler
set interfaces irb per-unit-scheduler
set protocols pim interface all mode sparse
set protocols pim interface all version 2
*****************
CONTROL DE ACCESO
*****************
set interfaces lo0 unit 0 family inet filter input local_acl
set firewall family inet filter local_acl term terminal_access from source-address
10.248.225.249/32 WAN CONFIGURADA EN MPLS GESTION
10.248.225.245/32 WAN CONFIGURADA EN MPLS INTERNET
192.168.100.3/32 WAN PREDETERMINADA , ESTA NO SE BORRA
set firewall family inet filter local_acl term terminal_access from protocol tcp
set firewall family inet filter local_acl term terminal_access from port ssh
set firewall family inet filter local_acl term terminal_access from port telnet
set firewall family inet filter local_acl term terminal_access then accept
set firewall family inet filter local_acl term terminal_access_denied from protocol
tcp
set firewall family inet filter local_acl term terminal_access_denied from port ssh
set firewall family inet filter local_acl term terminal_access_denied from port
telnet
set firewall family inet filter local_acl term terminal_access_denied then log
set firewall family inet filter local_acl term terminal_access_denied then reject
set firewall family inet filter local_acl term default-term then accept
***********************************************************************************
********************************************************
RADIUS
***********************************************************************************
********************************************************
set system authentication-order radius

set system authentication-order password
set system radius-server 192.168.173.4 port 1645
set system radius-server 192.168.173.4 accounting-port 1646
set system radius-server 192.168.173.4 secret "$9$RP8cvL2gJGiqg4Di.m5TeKMX7d"
set system login user remote uid 9999

set system login user remote class super-user
delete system authentication-order password
QUITAR RADIUS
[edit]
crisestc@UNIVE_MINDIOS_BCB_K24C47_I# delete system authentication-order radius
[edit]
crisestc@UNIVE_MINDIOS_BCB_K24C47_I# delete system login user remote uid 9999
[edit]
crisestc@UNIVE_MINDIOS_BCB_K24C47_I# delete system login user remote class super-
user
[edit]
crisestc@UNIVE_MINDIOS_BCB_K24C47_I# commit check
configuration check succeeds
[edit]
crisestc@UNIVE_MINDIOS_BCB_K24C47_I# commit confirmed
commit confirmed will be automatically rolled back in 10 minutes unless confirmed
commit complete
# commit confirmed will be rolled back in 10 minutes

[edit]
crisestc@UNIVE_MINDIOS_BCB_K24C47_I#

Junos Normal

Transféré par

Informations du document

Copyright

Formats disponibles

Partager ce document

Partager ou intégrer le document

Options de partage

Avez-vous trouvé ce document utile ?

Ce contenu est-il inapproprié ?

Droits d'auteur :

Formats disponibles

Junos Normal

Transféré par

Droits d'auteur :

Formats disponibles

PRIMERO BORRAR TODA LA SEGURIDAD

set system host-name BDF_BOG_C100K23_I

%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% CREAR POLITICA LIMITANTE %%%%%%%%%%%%%%%%%%%%%

set interfaces irb unit 301 description CONEXION_WAN

run show interfaces ge-0/0/0 statistics (ver trafico saturacion)

set interfaces irb unit 0 family inet address 10.175.106.145/30

etb@GOBER_TOLIMA_GUA_C3K2# delete access address-assignment pool junosDHCPPool esta

set interfaces irb unit 501 description CONEXION_WAN

set routing-options static route 0.0.0.0/0 next-hop 10.189.44.249

delete security forwarding-options family mpls mode packet-based

set security zones security-zone trust host-inbound-traffic system-services all

etb@ORGAN_SERASES_BAR_K54C72# deactivate interfaces irb.0

admin@GOBER_TOLIMA_LER_C8K12_I> clear interfaces statistics ge-0/0/0.0

%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% CREAR VLAN %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%

delete interfaces ge-0/0/1 unit 0 family ethernet-switching

delete vlans vlan-trust

%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% SE CREA %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%

set interfaces ge-0/0/1 unit 0 family ethernet-switching vlan members vlan-2

request system reboot (Reiniciar)

set interfaces irb unit 0 family inet address 10.23.251.139/29 vrrp-group 1

set interfaces irb unit 0 family inet address 186.155.231.204/29 vrrp-group 1

set routing-options autonomous-system 65524

set policy-options policy-statement LAN_POLITICA term lan from interface irb.0

set policy-options policy-statement LAN_POLITICA term filtro then accept

set policy-options policy-statement mpls from protocol bgp

set policy-options policy-statement LAN_POLITICA term filtro from route-filter

set security zones security-zone trust interfaces lo0.0

set snmp community Un1d4d5pcnt160518 authorization read-write

set forwarding-options sampling input rate 100

set security zones security-zone trust host-inbound-traffic system-services all

set security zones security-zone trust interfaces irb.0

set security zones security-zone trust interfaces irb.202

set system time-zone America/Bogota

set system ntp boot-server 192.168.174.236

set routing-options static route 10.175.141.2/32 next-hop 10.223.61.117

set routing-options static route 10.188.41.0/27 next-hop 10.223.61.117

etb@CONSU_COLOMBI_BOG_C30K6_I> show ntp status

set vlans vlan-2 vlan-id 2

set vlans vlan-trust vlan-id 3

set security zones security-zone trust interfaces irb.0

set security zones security-zone trust interfaces irb.1

set interfaces irb unit 0 description LAN_CAMARA

set system authentication-order radius

set system login user remote uid 9999

# commit confirmed will be rolled back in 10 minutes

Vous aimerez peut-être aussi