Juniper路由-单向通信
Juniper路由-单向通信
提问于 2016-02-06 18:47:10
我有一个SRX3600和一个EX2200。我可以从SRX中平移EX2200上的所有内容,但我不能在SRX上的网关(或其他任何东西)从前位来平分。再来一双眼睛就太好了。
admin@wb-sw1> ping 192.168.2.1
PING 192.168.2.1 (192.168.2.1): 56 data bytes
^C
--- 192.168.2.1 ping statistics ---
2 packets transmitted, 0 packets received, 100% packet loss网关显示在arp表中。
admin@wb-sw1> show arp
MAC Address Address Name Interface Flags
44:d9:e7:4c:7f:c8 192.168.1.11 192.168.1.11 vlan.10 none
44:d9:e7:4c:80:64 192.168.1.13 192.168.1.13 vlan.10 none
40:b4:f0:d6:44:00 192.168.2.1 192.168.2.1 ge-0/0/0.0 none
Total entries: 3EX2200具有以下配置。
ge-0/0/0是我的SRX 0/0/12和24连接到192.168.1.0/24子网上的设备的链接。所有这些都可以由SRX访问。然而,沟通只是一种方式;我不能从前人那里打开SRX的网关。
interfaces {
ge-0/0/0 {
unit 0 {
family inet {
address 192.168.2.2/30;
}
}
}
ge-0/0/1 {
unit 0 {
family ethernet-switching {
port-mode access;
}
}
}
ge-0/0/2 {
unit 0 {
family ethernet-switching;
}
}
ge-0/0/3 {
unit 0 {
family ethernet-switching;
}
}
ge-0/0/4 {
unit 0 {
family ethernet-switching;
}
}
ge-0/0/5 {
unit 0 {
family ethernet-switching;
}
}
ge-0/0/6 {
unit 0 {
family ethernet-switching;
}
}
ge-0/0/7 {
unit 0 {
family ethernet-switching;
}
}
ge-0/0/8 {
unit 0 {
family ethernet-switching;
}
}
ge-0/0/9 {
unit 0 {
family ethernet-switching;
}
}
ge-0/0/10 {
unit 0 {
family ethernet-switching;
}
}
ge-0/0/11 {
unit 0 {
family ethernet-switching;
}
}
ge-0/0/12 {
unit 0 {
family ethernet-switching {
vlan {
members internal-net;
}
}
}
}
ge-0/0/13 {
unit 0 {
family ethernet-switching;
}
}
ge-0/0/14 {
unit 0 {
family ethernet-switching;
}
}
ge-0/0/15 {
unit 0 {
family ethernet-switching;
}
}
ge-0/0/16 {
unit 0 {
family ethernet-switching;
}
}
ge-0/0/17 {
unit 0 {
family ethernet-switching;
}
}
ge-0/0/18 {
unit 0 {
family ethernet-switching;
}
}
ge-0/0/19 {
unit 0 {
family ethernet-switching;
}
}
ge-0/0/20 {
unit 0 {
family ethernet-switching;
}
}
ge-0/0/21 {
unit 0 {
family ethernet-switching;
}
}
ge-0/0/22 {
unit 0 {
family ethernet-switching;
}
}
ge-0/0/23 {
unit 0 {
family ethernet-switching;
}
}
ge-0/0/24 {
unit 0 {
family ethernet-switching {
vlan {
members internal-net;
}
}
}
}
ge-0/0/25 {
unit 0 {
family ethernet-switching;
}
}
ge-0/0/26 {
unit 0 {
family ethernet-switching;
}
}
ge-0/0/27 {
unit 0 {
family ethernet-switching;
}
}
ge-0/0/28 {
unit 0 {
family ethernet-switching;
}
}
ge-0/0/29 {
unit 0 {
family ethernet-switching;
}
}
ge-0/0/30 {
unit 0 {
family ethernet-switching;
}
}
ge-0/0/31 {
unit 0 {
family ethernet-switching;
}
}
ge-0/0/32 {
unit 0 {
family ethernet-switching;
}
}
ge-0/0/33 {
unit 0 {
family ethernet-switching;
}
}
ge-0/0/34 {
unit 0 {
family ethernet-switching;
}
}
ge-0/0/35 {
unit 0 {
family ethernet-switching;
}
}
ge-0/0/36 {
unit 0 {
family ethernet-switching;
}
}
ge-0/0/37 {
unit 0 {
family ethernet-switching;
}
}
ge-0/0/38 {
unit 0 {
family ethernet-switching;
}
}
ge-0/0/39 {
unit 0 {
family ethernet-switching;
}
}
ge-0/0/40 {
unit 0 {
family ethernet-switching;
}
}
ge-0/0/41 {
unit 0 {
family ethernet-switching;
}
}
ge-0/0/42 {
unit 0 {
family ethernet-switching;
}
}
ge-0/0/43 {
unit 0 {
family ethernet-switching;
}
}
ge-0/0/44 {
unit 0 {
family ethernet-switching;
}
}
ge-0/0/45 {
unit 0 {
family ethernet-switching;
}
}
ge-0/0/46 {
unit 0 {
family ethernet-switching;
}
}
ge-0/0/47 {
unit 0 {
family ethernet-switching;
}
}
ge-0/1/1 {
unit 0 {
family ethernet-switching;
}
}
ge-0/1/2 {
unit 0 {
family ethernet-switching;
}
}
ge-0/1/3 {
unit 0 {
family ethernet-switching;
}
}
ge-0/2/0 {
unit 0;
}
me0 {
unit 0 {
family inet {
address 192.168.199.1/29;
}
}
}
vlan {
unit 0 {
family inet;
}
unit 10 {
family inet {
address 192.168.1.1/24;
}
}
}
routing-options {
static {
route 0.0.0.0/0 next-hop 192.168.2.1;
}
}
protocols {
igmp-snooping {
vlan all;
}
rstp;
lldp {
interface all;
}
lldp-med {
interface all;
}
}
ethernet-switching-options {
storm-control {
interface all;
}
}
vlans {
default;
internal-net {
vlan-id 10;
l3-interface vlan.10;
}
wan;
}这是SRX: ge-0/0/0是到EX的链接,ge-0/0/8是我的WAN上行链路。
interfaces {
ge-0/0/0 {
unit 0 {
family inet {
address 192.168.2.1/30;
}
}
}
ge-0/0/8 {
enable;
speed 1g;
link-mode full-duplex;
gigether-options {
no-auto-negotiation;
}
unit 0 {
family inet {
address 192.69.88.162/27;
}
}
}
lo0 {
unit 0 {
family inet {
address 127.0.0.1/32;
}
}
}
}
routing-options {
static {
route 0.0.0.0/0 next-hop 192.69.88.161;
route 192.168.1.0/24 next-hop 192.168.2.2;
}
}
security {
zones {
security-zone trust {
interfaces {
ge-0/0/0.0;
}
}
security-zone untrust {
interfaces {
ge-0/0/8.0;
}
}
}
}回答 1
Network Engineering用户
回答已采纳
发布于 2016-02-07 03:20:54
搞清楚到底是怎么回事。这对于SRX设备来说是独一无二的,因为它们是安全设备。我必须将主机系统服务入站ping添加到我的信任区域,如下所示:
admin@wb1# set security zones security-zone trust interfaces ge-0/0/0.0 host-inbound-traffic system-services ping页面原文内容由Network Engineering提供。腾讯云小微IT领域专用引擎提供翻译支持
原文链接:
https://networkengineering.stackexchange.com/questions/26584
复制相关文章
相似问题
腾讯云开发者
Copyright © 2013 - 2026 Tencent Cloud. All Rights Reserved. 腾讯云 版权所有
深圳市腾讯计算机系统有限公司 ICP备案/许可证号:粤B2-20090059 
粤公网安备44030502008569号
腾讯云计算(北京)有限责任公司 京ICP证150476号 | 京ICP备11018762号