[Contents] [Prev] [Next] [Index] [Report an Error]

CLI Configuration

Note: First, do basic chassis cluster and management interfaces setup.

  1. Fabric interface
    {primary:node1}
    user@host# set interfaces fab0 fabric-options member-interfaces ge-0/0/1
    {primary:node1}
    user@host# set interfaces fab1 fabric-options member-interfaces ge-4/0/1
  2. Redundancy groups
    {primary:node1}
    user@host# set chassis cluster reth-count 1
    user@host# set chassis cluster heartbeat-interval 1000
    {primary:node1}
    user@host# set chassis cluster heartbeat-threshold 3
    {primary:node1}
    user@host# set chassis cluster node 0
    {primary:node1}
    user@host# set chassis cluster node 1
    {primary:node1}
    user@host# set chassis cluster redundancy-group 1 node 0 priority 100
    {primary:node1}
    user@host# set chassis cluster redundancy-group 1 node 1 priority 1
    {primary:node1}
    user@host# set chassis cluster redundancy-group 1 interface-monitor fe-1/0/0 weight 255
    {primary:node1}
    user@host# set chassis cluster redundancy-group 1 interface-monitor fe-5/0/0 weight 255
  3. Redundant Ethernet interfaces
    {primary:node1}
    user@host# set interfaces ge-0/0/0 unit 0 family inet address 1.4.0.202/24
    {primary:node1}
    user@host# set interfaces fe-1/0/0 fastether-options redundant-parent reth0
    {primary:node1}
    user@host# set interfaces fe-1/0/1 disable
    {primary:node1}
    user@host# set interfaces ge-4/0/0 unit 0 family inet address 1.2.1.233/24
    {primary:node1}
    user@host# set interfaces fe-5/0/0 fastether-options redundant-parent reth0
    {primary:node1}
    user@host# set interfaces reth0 unit 0 family inet address 10.16.8.1/24
  4. Static routes (one to each ISP, with preferred route through ge-0/0/0)
    {primary:node1}
    user@host# set routing-options static route 0.0.0.0/0 qualified-next-hop 1.4.0.1 metric 10
    {primary:node1}
    user@host# set routing-options static route 0.0.0.0/0 qualified-next-hop 1.2.1.1 metric 100
  5. Security zone
    {primary:node1}
    user@host# set security zones security-zone Untrust interfaces ge-0/0/0.0 host-inboundtraffic system-services dhcp
    {primary:node1}
    user@host# set security zones security-zone Untrust interfaces ge-4/0/0.0 host-inboundtraffic system-services dhcp
  6. Access
    {primary:node1}
    user@host# set security policies from-zone Trust to-zone Untrust policy ANY match source-address any
    {primary:node1}
    user@host# set security policies from-zone Trust to-zone Untrust policy ANY match destination-address any
    {primary:node1}
    user@host# set security policies from-zone Trust to-zone Untrust policy ANY match application any
    {primary:node1}
    user@host# set security policies from-zone Trust to-zone Untrust policy ANY then permit
[Contents] [Prev] [Next] [Index] [Report an Error]

Copyright © 2009, Juniper Networks, Inc. All rights reserved. Trademark Notice.