Corporate Network Lab using JUNIPER QFX and SRX
NOTE: When using virtual QFX on my EVE, one of them will lose its configuration when I open both at the same time. Please try it and see if it works.
Download QFX EVE here
– Cisco LAN switches determine trunking and access modes and configurations
This is easy for you to do yourself.
– Juniper QFX Switches: Determining Trunking and Access Mode
Reference configuration example:
Set VLAN VLAN ID 100
Set VLAN IT vlan-id 200
Set VLAN ketoan l3 interface irb.100 ##Create interface vlan 100
Set VLAN IT l3 interface irb.200##Create interface vlan 200
Set interface xe-0/0/1 unit 0 series ethernet switched interface mode trunk
Set Interface xe-0/0/1 Unit 0 Series Ethernet Switched VLAN Member 100
Set Interface xe-0/0/1 Unit 0 Series Ethernet Switched VLAN Member 200
After the configuration is completed, ping the PC LAN to check whether there is connectivity
– Configure VRRP between 2 QFX switches
Interface vlan 100 and interface vlan 200
Left QFX: int vlan 100, IP: 192.168.1.1 (main)
Right QFX: int vlan 100, IP: 192.168.1.2
VRRP VLAN 100: 192.168.1.10
=========================
Left QFX: int vlan 200, IP: 192.168.2.1
Right QFX: int vlan 200, IP: 192.168.2.2 (main)
VRRP VLAN 100: 192.168.2.10
===========================================
Configuration example:
Set interface irb unit 100 series inet address 192.168.1.1/24 vrrp-group 1 virtual address 192.168.1.10
Set interface irb unit 100 series inet address 192.168.1.1/24 vrrp-group 1 priority 150
set interface irb unit 100 series inet address 192.168.1.1/24 vrrp-group 1 preempt
set interface irb unit 100 series inet address 192.168.1.1/24 vrrp-group 1 accept data
check command : Display VRRP summary
– Juniper QFX switch sets the IP on the WAN port connected to the SRX:
Delete interface xe-0/0/0 unit 0 series inet dhcp ##Delete the default dhcp mode
Set interface xe-0/0/0 unit 0 series inet address 10.1.4.4/24
Set routing options static route 0.0.0.0/0 next hop 10.1.4.1 ## Default route through SRX firewall
– Configure SRX firewall
Download SRX12 images here:
Set system root authentication plain text password
enter password:
Set the system hostname Firewall_SRX
################Set port IP##################
Set interface ge-0/0/0 unit 0 series inet address 10.1.4.1/24
Set security zone security-zone believe Interface ge-0/0/0.0 host inbound traffic system service all
Set interface ge-0/0/1 unit 0 series inet address 10.1.5.1/24
Set security zone security-zone believe Interface ge-0/0/1.0 host inbound traffic system service all
Set interface ge-0/0/2 unit 0 series inet address 10.1.10.1/24
Set security zone security-zone distrust Interface ge-0/0/2.0 host inbound traffic system service all
################ Configure NAT overload on the wan to net port##################
Set the security nat source rule set hainm-rule-set1 from regional trust
Set the security nat source rule set hainm-rule-set1 to an untrusted zone
Set the security nat source rule set hainm-rule-set1 rule Heim Rule 1 Matches source address 192.168.1.0/24
Set the security nat source rule set hainm-rule-set1 rule Heim Rule 1 Matches the target address 0.0.0.0/0
Set the security nat source rule set hainm-rule-set1 rule Heim Rule 1 Then there is the source-nat interface
################ Static route to the Internet##################
Set routing options static route 0.0.0.0/0 next hop 10.1.10.10
################ Route points to LAN range##################
Set routing options static route 192.168.1.0/24 next hop 10.1.4.4
Set routing options static route 192.168.2.0/24 next hop 10.1.5.5
crime
-Test again:
From PC LAN Ping to core software QFX
Ping from PC to SRX
Ping to the Internet from SRX
Ping from PC to Internet
Xem tiếp...
