...
https://www.juniper.net/documentation/en_US/junos/topics/concept/lag-qfx-series-overview.html
|
|
---|
EX |
|
|
|
QFX Junos OS Evolved | https://www.juniper.net/documentation/en_US/junos/topics/task/configuration/link-aggregation-cli.html Code Block |
---|
title | AE/LAG interface and LACP |
---|
| set chassis aggregated-devices ethernet device-count 2
set interfaces ae0 aggregated-ether-options link-speed 1g
set interfaces xe-0/0/4 ether-options 802.3ad ae0
set interfaces ae0.0 family inet address 192.168.200.1/24
set interfaces xe-1/0/4 ether-options 802.3ad ae0
set interfaces ae0 aggregated-ether-options minimum-links 1
{master:0}
root@QFX5100-1-RL102> show interfaces ae0 detail | find "Logical interface ae0.0"
Logical interface ae0.0 (Index 656) (SNMP ifIndex 720) (HW Token 4095) (Generation 247)
Flags: Up SNMP-Traps 0x4004000 Encapsulation: ENET2
Statistics Packets pps Bytes bps
Bundle:
Input : 13 0 3900 0
Output: 35 0 7483 0
Adaptive Statistics:
Adaptive Adjusts: 0
Adaptive Scans : 0
Adaptive Updates: 0
Link:
xe-0/0/4.0
Input : 0 0 0 0
Output: 6 0 1878 0
xe-1/0/4.0
Input : 0 0 0 0
Output: 51 0 13524 0
Aggregate member links: 2
Marker Statistics: Marker Rx Resp Tx Unknown Rx Illegal Rx
xe-0/0/4.0 0 0 0 0
xe-1/0/4.0 0 0 0 0
Protocol inet, MTU: 1500
Max nh cache: 75000, New hold nh limit: 75000, Curr nh cnt: 0, Curr new hold cnt: 0, NH drop cnt: 0
Generation: 224, Route table: 8
Flags: Sendbcast-pkt-to-re, Is-Primary
Addresses, Flags: Is-Default Is-Preferred Is-Primary
Destination: 192.168.200/24, Local: 192.168.200.1, Broadcast: 192.168.200.255, Generation: 140
|
https://www.juniper.net/documentation/en_US/junos/topics/task/configuration/lacp-cli.html | SRX | AE configuration Security Zone Configuration Code Block |
---|
| BMS1 Zone:
set security zones security-zone BMS1Zone host-inbound-traffic system-services all
set security zones security-zone BMS1Zone host-inbound-traffic protocols all
set security zones security-zone BMS1Zone interfaces ae0
DC-GW Zone:
set security zones security-zone DC-GW1 host-inbound-traffic system-services all
set security zones security-zone DC-GW1 host-inbound-traffic protocols all
set security zones security-zone DC-GW1 interfaces ge-0/0/2.0
set security zones security-zone DC-GW1 interfaces ge-0/0/3.0
|
Code Block |
---|
title | show interface and security zone |
---|
collapse | true |
---|
| root@SRX300-1-RL102> show interfaces ae0 detail | find "Security: Zone:"
Security: Zone: BMS1Zone
Allowed host-inbound traffic : bfd bgp dvmrp igmp ldp msdp nhrp ospf pgm pim rip router-discovery rsvp sap vrrp
Flow Statistics :
Flow Input statistics :
Self packets config and show commands | collapse | true |
---|
| set interfaces ae0 aggregated-ether-options lacp active
{master:0}
root@QFX5100-1-RL102> show lacp interfaces
Aggregated interface: ae0
LACP state: Role Exp Def Dist Col Syn Aggr Timeout Activity
xe-1/0/4 Actor No No Yes Yes Yes Yes Fast Active
xe-1/0/4 Partner No No Yes Yes Yes Yes Fast Passive
xe-0/0/4 Actor No No Yes Yes Yes Yes Fast Active
xe-0/0/4 Partner No No Yes Yes Yes Yes Fast Passive
LACP protocol: Receive State Transmit State Mux State
xe-1/0/4 Current Fast periodic Collecting distributing
xe-0/0/4 Current Fast periodic Collecting distributing
{master:0}
root@QFX5100-1-RL102> show lacp statistics interfaces ae0
Aggregated interface: ae0
LACP Statistics: LACP Rx LACP Tx Unknown Rx Illegal Rx
xe-0/0/4 37 179 0 0
xe-1/0/4 35 180 0 0
{master:0}
root@QFX5100-1-RL102> ping routing-instance vr1 192.168.200.2
PING 192.168.200.2 (192.168.200.2): 56 data bytes
64 bytes from 192.168.200.2: icmp_seq=0 ttl=64 time=18.152 ms
64 bytes from 192.168.200.2: icmp_seq=1 ttl=64 time=13.183 ms
|
Virtual Router Code Block |
---|
title | config VR |
---|
collapse | true |
---|
| set routing-instances vr1 instance-type virtual-router
set routing-instances vr1 interface ae0.0
set routing-instances vr1 interface ae1.0
|
|
|
|
SRX | AE configuration Code Block |
---|
| set interfaces ae1 aggregated-ether-options link-speed 1g
set interfaces ae1 aggregated-ether-options minimum-links 1
set interfaces ae1 aggregated-ether-options lacp active
set interfaces ae1.0 family inet address 192.168.210.1/24
set interfaces xe-0/0/2 ether-options 802.3ad ae1
set interfaces xe-1/0/2 ether-options 802.3ad ae1
|
Virtual Router Code Block |
---|
title | Virtual router |
---|
collapse | true |
---|
| coming soon |
Security Zone Configuration Code Block |
---|
| BMS1 Zone:
set security zones security-zone BMS1Zone host-inbound-traffic system-services all
set security zones security-zone BMS1Zone host-inbound-traffic protocols all
set security zones security-zone BMS1Zone interfaces ae0
DC-GW Zone:
set security zones security-zone DC-GW1 host-inbound-traffic system-services all
set security zones security-zone DC-GW1 host-inbound-traffic protocols all
set security zones security-zone BMS1Zone interfaces ae1
|
Code Block |
---|
title | show interface and security zone |
---|
collapse | true |
---|
| root@SRX300-1-RL102> show interfaces ae0 detail | find "Security: Zone:"
Security: Zone: BMS1Zone
Allowed host-inbound traffic : bootp bfd bgp dns dvmrp igmp ldp msdp nhrp ospf pgm pim rip router-discovery rsvp sap vrrp dhcp finger ftp tftp ident-reset http https ike netconf ping
reverse-telnet reverse-ssh rlogin rpm rsh snmp snmp-trap ssh telnet traceroute xnm-clear-text xnm-ssl lsping ntp sip r2cp webapi-clear-text webapi-ssl tcp-encap sdwan-appqoe
Flow Statistics :
Flow Input statistics :
Self packets : 7177
ICMP packets : 7967
VPN packets : 0
Multicast packets : 0
Bytes permitted by policy : 602868
Connections established : 7174
Flow Output statistics:
Multicast packets : 0
Bytes permitted by policy : 602868
Flow error statistics (Packets dropped due to):
Address spoofing: 0
Authentication failed: 0
Incoming NAT errors: 0
Invalid zone received packet: 0
Multiple user authentications: 0
Multiple incoming NAT: 0
No parent for a gate: 0
No one interested in self packets: 0
No minor session: 0
No more sessions: 0
No NAT gate: 0
No route present: 0
2 No SA for ICMPincoming packets SPI: 0
No tunnel 3found: VPN packets : 0
No session for a gate: 0 Multicast packets : 0
No zone or NULL zone binding 0 1
Bytes permitted by policy : Policy denied: 168 Connections established : 0
0 Security Flowassociation Outputnot statisticsactive: 0
Multicast packets : TCP sequence number out of window: 0
Syn-attack protection: 0 Bytes permitted by policy : 0
168User authentication errors: Flow error statistics (Packets dropped due to): 0
Protocol Addressinet, spoofingMTU: 1500
Max nh cache: 100000, New hold nh limit: 100000, Curr nh cnt: 01, Curr new hold cnt: 0, NH Authenticationdrop failedcnt: 0
Generation: 167, Route table: 0
Incoming NAT errors:Flags: Sendbcast-pkt-to-re
Addresses, Flags: Is-Preferred Is-Primary
0 Destination: 192.168.200/24, Local: Invalid zone received packet: 0
Multiple user authentications: 0
Multiple incoming NAT192.168.200.2, Broadcast: 192.168.200.255, Generation: 154
root@SRX300-1-RL102>
|
LACP configuration Code Block |
---|
title | LACP config and show commands |
---|
collapse | true |
---|
| set interfaces ae0 aggregated-ether-options lacp passive
root@SRX300-1-RL102> show lacp interfaces
Aggregated interface: ae0
LACP state: Role Exp 0Def Dist Col Syn No parentAggr for aTimeout gate: Activity
ge-0/0/4 0 Actor No No one interestedNo in self packets:Yes 0 Yes Yes Yes No minor session: Fast Passive
ge-0/0/4 Partner 0 No No more sessions: Yes Yes Yes Yes Fast Active
0 ge-0/0/5 No NAT gate: Actor No No Yes Yes Yes Yes 0 Fast NoPassive
route present: ge-0/0/5 Partner No 0No Yes Yes NoYes SA for incomingYes SPI: Fast Active
0 LACP protocol: No tunnel found: Receive State Transmit State Mux State
0 ge-0/0/4 No session for a gate: Current 0 Fast periodic Collecting distributing
No zone or NULL zone binding ge-0/0/5 1 Policy denied: Current Fast periodic Collecting distributing
root@SRX300-1-RL102> show lacp statistics interfaces ae0
Aggregated interface: ae0
0 LACP Statistics: Security association not active:LACP Rx 0 LACP Tx TCPUnknown sequenceRx number out ofIllegal window:Rx
0 Syn-attack protection: ge-0/0/4 0 User392 authentication errors: 392 0 Protocol inet, MTU: 1500 0 Max nh cache: 100000, New hold nh limit: 100000, Curr nh0
cnt: 1, Curr new hold cnt: 0, NH drop cnt: 0ge-0/0/5 Generation: 167, Route table: 0 392 Flags: Sendbcast-pkt-to-re 390 Addresses, Flags: Is-Preferred Is-Primary 0 Destination: 192.168.200/24, Local: 192.168.200.2, Broadcast: 192.168.200.255, Generation: 1540
| LACP configuration
|
|
|
MX |
|
|
|
|
|
|
|
|
|