NetworkTutorial10ConfigurationArchive < CF

CF Web>TutorialsStartingPoint>NetworkTutorial10>NetworkTutorial10ConfigurationArchive (2013-08-14, TrevorGrove) (raw view)

EditAttach

---+ Routepoint configuration archive

%TOC%
---++ Typical definition for an HP routepoint:
---+++ Configuration for vlan 1731 (cscloudinet); 2010-11-18

On "dc-cs2"

<pre>router vrrp
 vlan 1731
 name cscloudinet
 ip address 129.97.173.129/26
 ip helper-address 129.97.15.253  
 tagged trk1
 forbid trk2,trk3
 ip ospf area 4
 ip ospf passive
 vrrp vrid 247
  owner
  virtual-ip-address 129.97.173.129/26
  enable
  exit
 exit
</pre>

On "dc-cs1"

<pre>router vrrp
 vlan 1731
 name cscloudinet
 ip address 129.97.173.130/26
 ip helper-address 129.97.15.253  
 tagged trk1
 forbid trk3
 ip ospf area 4
 ip ospf passive
 vrrp vrid 247
  backup
  virtual-ip-address 129.97.173.129/26
  enable
  exit
 exit
</pre>

---++ Another HP example

---+++ <a name="Configuration_for_VLAN_469_sec_n"></a> Configuration for VLAN 469 (sec-net-dc2); 2010-1-27

on dc-cs2:
<pre>config
 router vrrp
 vlan 469
  name sec-net-dc2
  ip address 172.19.4.1/28  // on master dc-cs2, DNS name dc-cs2-sec-net-dc2
  ip helper-address 129.97.15.253  
  tagged trk1
  forbid trk2,trk3
  ip ospf area 4
  ip ospf passive
  vrrp vrid 250
   owner   // on master dc-cs2
   virtual-ip-address 172.19.4.1/28
   enable
   exit
  exit
  write memory
 exit
logout
</pre>

<a name="on_dc_cs1"></a> on dc-cs1:
<pre>config
 router vrrp
 vlan 469
  name sec-net-dc2
  ip address 172.19.4.2/28  // on backup dc-cs1, DNS name dc-cs1-sec-net-dc2
  ip helper-address 129.97.15.253  
  tagged trk1
  forbid trk3
  ip ospf area 4
  ip ospf passive
  vrrp vrid 250
   backup  // on backup dc-cs1
   virtual-ip-address 172.19.4.1/28
   enable
   exit
  exit
  write memory
 exit
logout
</pre>

---++ Typical Netscreen routepoint definition
---+++ Configuration for VLAN 170 (csclient3net); 2010-4-30
---++++ <a name="Notes"></a> Notes

This network is routed on the Netscreen firewall dc-csfw1. It is a /23 network covering the Maintain zone csclient3 (129.97.170.0 to 129.97.171.238; the balance of the CIDR block being allocated to the dynamic host facility).
---++++ <a name="Configuration"></a> Configuration
<pre>set interface "redundant2.2" tag 170 zone Zone4

set interface "Redundant2.2" ip 129.97.170.2/23
set interface "Redundant2.2" route
set interface "Redundant2.2" ip manageable 
set interface "redundant2.2" manage ping
set interface "Redundant2.2" protocol rip
set interface "Redundant2.2" protocol rip enable

set interface "Redundant2.2:1" ip 129.97.170.1/23
set interface "Redundant2.2:1" route
set interface "Redundant2.2:1" ip manageable 
set interface "redundant2.2:1" manage ping
set interface "Redundant2.2:1" protocol rip
set interface "Redundant2.2:1" protocol rip enable

set vrouter untrust-vr access-list 2 permit ip 129.97.170.0/23 10

set vrouter trust-vr 
set access-list 3 
set access-list 3 permit ip 129.97.170.0/23 1

set route-map name "rtmap1" permit 3 
set match interface "redundant2.2:1"
set match ip 3 
exit
exit

set interface redundant2.2:1 dhcp relay server-name "129.97.15.253"

set interface redundant2.2:1 dhcp relay server-name "129.97.15.250"

set interface redundant2.2:1 dhcp relay service

save config</pre>
---++ Another Netscreen example
---+++ Configuration for VLAN 26 (csresearch2); 2010-9-20
---++++ <a name="Notes"></a> Notes

This network is routed on the Netscreen firewall dc-csfw1.
---++++ <a name="Configuration"></a> Configuration

<pre>set interface "Redundant2.18" tag 26 zone Zone5

set interface "Redundant2.18" ip 129.97.26.2/24
set interface "Redundant2.18" route
set interface "Redundant2.18" ip manageable
set interface "Redundant2.18" manage ping
set interface "Redundant2.18" protocol rip
set interface "Redundant2.18" protocol rip enable

set interface "Redundant2.18:1" ip 129.97.26.1/24
set interface "Redundant2.18:1" route
set interface "Redundant2.18:1" ip manageable
set interface "Redundant2.18:1" manage ping
set interface "Redundant2.18:1" protocol rip
set interface "Redundant2.18:1" protocol rip enable
set vrouter untrust-vr access-list 2 permit ip 129.97.26.0/24 12

set vrouter trust-vr
 set access-list 18
 set access-list 18 permit ip 129.97.26.0/24 1

 set route-map name "rtmap1" permit 18
  set match interface "Redundant2.18:1"
  set match ip 18
  exit
 exit

set interface "redundant2.18" dhcp relay server-name "129.97.15.253"
set interface "redundant2.18" dhcp relay server-name "129.97.128.9"
set interface "redundant2.18" dhcp relay server-name "129.97.129.9"
set interface "redundant2.18" dhcp relay service
set interface "redundant2.18:1" dhcp relay server-name "129.97.15.253"
set interface "redundant2.18:1" dhcp relay server-name "129.97.128.9"
set interface "redundant2.18:1" dhcp relay server-name "129.97.129.9"
set interface "redundant2.18:1" dhcp relay service

save config 
</pre>

Topic revision: r1 - 2013-08-14 - TrevorGrove

Information in this area is meant for use by CSCF staff and is not official documentation, but anybody who is interested is welcome to use it if they find it useful.

Other Webs

My links
- People
- CERAS
- WatForm
- Tetherless lab
- Ubuntu Main.HowTo
- eDocs
- RGG NE notes
- RGG
- CS infrastructure
- Grad images

Edit