JIR Lab Guide -Lab7-1.Ready

JIR Lab Guide

In this activity, you will complete the following objectives.

Part 1: Configure and test VRRP.

LLaabb 77--11::

VVRRRRPP CCoonnffiigguurraattiioonn aanndd

MMoonniittoorriinngg

JIR Lab Guide

Part 1: Configure and test VRRP.

Step 1.1

Load JIR.BASIC.3R as basic topology.

[edit]

admin@SRXP# load override JIR.BASIC.3R

load complete

[edit]

admin@SRXP# commit

commit complete

Step 1.2 Configure IP address for interfaces connected to routing instances.

[edit]

admin@SRXP# delete interfaces

[edit]

admin@SRXP# edit interfaces

[edit interfaces]

admin@SRXP# set ge-0/0/8 unit 0 family inet address 10.0.P.254/24

[edit interfaces]


[edit interfaces]


[edit interfaces]


Step 1.3 Modify logical topology and default route for routing instance RA.

[edit interfaces]

admin@SRXP# top

JIR Lab Guide

[edit]

admin@SRXP# edit routing-instances RA

[edit routing-instances RA]

admin@SRXP# delete

Delete everything under this level? [yes,no] (no) yes


admin@SRXP# set instance-type virtual-router


admin@SRXP# set interface ge-0/0/8.0




admin@SRXP# set routing-options static route 0.0.0.0/0 next-hop 192.168.P.1


admin@SRXP# show

instance-type virtual-router;

interface ge-0/0/8.0;


routing-options {

static {

route 0.0.0.0/0 next-hop 192.168.P.1;

}

Step 1.4 Modify logical topology and default route for routing instance RB.


admin@SRXP# top

[edit]

admin@SRXP# edit routing-instances RB

[edit routing-instances RB]

admin@SRXP# delete

Delete everything under this level? [yes,no] (no) yes

JIR Lab Guide


admin@SRXP# set instance-type virtual-router






admin@SRXP# set routing-options static route 0.0.0.0/0 next-hop 192.168.P.1


admin@SRXP# show

instance-type virtual-router;



routing-options {

static {

route 0.0.0.0/0 next-hop 192.168.P.1;

}

}

Step 1.5

Configure VLAN for both inside(10.0.P.0/24) and outside(192.168.P.0/24) subnets.


admin@SRXP# top

[edit]

admin@SRXP# set vlans INSIDE vlan-id 10

[edit]

admin@SRXP# set vlans OUTSIDE vlan-id 192

[edit]


[edit interfaces]

admin@SRXP# set ge-0/0/9 unit 0 family ethernet-switching vlan members INSIDE

[edit interfaces]

JIR Lab Guide


[edit interfaces]


[edit interfaces]

admin@SRXP# set ge-0/0/13 unit 0 family ethernet-switching vlan members OUTSIDE

[edit interfaces]


[edit interfaces]


[edit interfaces]

admin@SRXP# commit and-quit

commit complete

Exiting configuration mode

Step 1.6 Verify network connectivity for both INSIDE and OUTSIDE subnets.

admin@SRXP> ping 10.0.P.10 count 3 routing-instance RA

PING 10.0.P.10 (10.0.P.10): 56 data bytes

64 bytes from 10.0.P.10: icmp_seq=0 ttl=128 time=2.380 ms



--- 10.0.P.10 ping statistics ---

3 packets transmitted, 3 packets received, 0% packet loss

round-trip min/avg/max/stddev = 1.297/3.644/7.254/2.591 ms










JIR Lab Guide
























admin@SRXP> ping 172.26.26.P count 3 routing-instance RA

PING 172.26.26.P (172.26.26.P): 56 data bytes

64 bytes from 172.26.26.P: icmp_seq=0 ttl=127 time=2.176 ms



--- 172.26.26.P ping statistics ---



admin@SRXP> ping 172.26.26.P count 3 routing-instance RB

PING 172.26.26.P (172.26.26.P): 56 data bytes




JIR Lab Guide

--- 172.26.26.P ping statistics ---



Step 1.7 Configure VRRP Group 10:

RA: Priority 110

Virtual IP address 10.0.P.1

Track interface ge-0/0/12 priority cost 20

Auth. key juniper123

RB: Priority 100 (default)



admin@SRXP> configure

Entering configuration mode

[edit]

admin@SRXP# edit interfaces ge-0/0/8 unit 0 family inet address 10.0.P.254/24

[edit interfaces ge-0/0/8 unit 0 family inet address 10.0.P.254/24]

admin@SRXP# set vrrp-group 10 virtual-address 10.0.P.1


admin@SRXP# set vrrp-group 10 priority 110


admin@SRXP# set vrrp-group 10 track interface ge-0/0/12 priority-cost 20


admin@SRXP# set vrrp-group 10 authentication-type md5 authentication-key

juniper123


admin@SRXP# top

[edit]


JIR Lab Guide





juniper123


admin@SRXP# top

Step 1.8

Configure VRRP Group 192:

RA: Priority 110


Track interface ge-0/0/8 priority cost 20


RB: Priority 100 (default)



[edit]





admin@SRXP# set vrrp-group 192 priority 110


admin@SRXP# set vrrp-group 192 track interface ge-0/0/8 priority-cost 20



juniper123


admin@SRXP# top

[edit]

JIR Lab Guide






juniper123


admin@SRXP# commit and-quit

commit complete

Exiting configuration mode

Step 1.7

Verify VRRP Status.

admin@SRXP> show vrrp summary Interface State Group VR state VR Mode Type

Address

ge-0/0/10.0 up 10 backup Active lcl

10.0.P.253

vip

10.0.P.1

ge-0/0/12.0 up 192 master Active lcl

192.168.P.254

vip

192.168.P.2


192.168.P.253

vip

192.168.P.2


10.0.P.254

vip

10.0.P.1

admin@SRXP> show vrrp track Track Int State Speed VRRP Int Group VR State

Current prio

ge-0/0/12.0 up 1g ge-0/0/8.0 10 master

110

ge-0/0/8.0 up 1g ge-0/0/12.0 192 master

110

admin@SRXP> show vrrp interface ge-0/0/8 | match "Auth|VIP|Mode" Invalid VRRP authentication type received:0

JIR Lab Guide

Interface state: up, Group: 10, State: master, VRRP Mode: Active

Priority: 110, Advertisement interval: 1, Authentication type: md5

Preempt: yes, Accept-data mode: no, VIP count: 1, VIP: 10.0.P.1

Group VRRP PDU error statistics

Bad authentication Type received :0

Bad VIP count received :0

Bad VIPADDR received :0


Interface state: up, Group: 10, State: backup, VRRP Mode: Active








Interface state: up, Group: 192, State: master, VRRP Mode: Active








Interface state: up, Group: 192, State: backup, VRRP Mode: Active







Step 1.8

Verify and test VRRP Redundancy using sub-steps as below:

a. Go to your INSIDE-PA, open a command line window and execute the command

below:

Ping 172.26.26.P –t

The ping session should be able to reach the destination.

JIR Lab Guide

b. Disable interface ge-0/0/12 with command below and verify the ping session will

still reachable with few packet dropped.

admin@SRXP> configure

Entering configuration mode

[edit]

admin@SRXP# set interfaces ge-0/0/12 disable

[edit]

admin@SRXP# commit

commit complete

c. Verify the VRRP status again. You should see the Master role is switched to RB.

[edit]

admin@SRXP# run show vrrp summary Interface State Group VR state VR Mode Type Address

ge-0/0/12.0 down 192 init Active lcl

192.168.P.254

vip

192.168.P.2


10.0.P.253

vip 10.0.P.1


192.168.P.253

vip

192.168.P.2


10.0.P.254

vip 10.0.P.1

d. Enable interface ge-0/0/12 by rolloback to previous configuration as below:

[edit]

admin@SRXP# rollback 1

coload complete

[edit]

admin@SRXP# commit

commit complete

e. Verify the VRRP status again. The Master role should now be switched back to RA.

admin@SRXP# run show vrrp summary

JIR Lab Guide

Interface State Group VR state VR Mode Type Address


10.0.P.253

vip 10.0.P.1


192.168.P.254

vip

192.168.P.2


192.168.P.253

vip

192.168.P.2


10.0.P.254

vip 10.0.P.1

Step 1.9

Configure VRRP Parameters.

Question: You should unable to ping to VIP address (10.0.P.1) from INSIDE-PA? Why?

How to fix this problem?

Answer: ____________________________________________________________________________

[edit]


[edit interfaces]

admin@SRXP# set ge-0/0/8 unit 0 family inet address 10.0.P.254/24 vrrp-group 10

accept-data

[edit interfaces]

admin@SRXP# set ge-0/0/10 unit 0 family inet address 10.0.P.253/24 vrrp-group 10

accept-data

[edit interfaces]

admin@SRXP# commit

commit complete

You should be able to ping to VIP address (10.0.P.1) from INSIDE-PA now.

Step 1.10

Save the current configuration to admin’s home directory.

[edit interfaces]

JIR Lab Guide

admin@SRXP# up

[edit]

admin@SRXP# save JIR.LAB71

Wrote 185 lines of configuration to 'JIR.LAB71'

[edit]

admin@SRXP# run file list

/cf/var/home/admin/:

.ssh/

JIR.BASIC.3R

JIR.LAB21

JIR.LAB22

JIR.LAB23

JIR.LAB31

JIR.LAB41

JIR.LAB51

JIR.LAB61

JIR.LAB71

By saving your current configuration, you are able to rollback at anytime.

For Example:

[edit]

admin@SRXP# load override JIR.LAB71

load complete

[edit]

admin@SRXP# commit

commit complete

Tell your instructor that you have completed this lab.

JIR Lab Guide -Lab7-1.Ready

Documents

Transcript of JIR Lab Guide -Lab7-1.Ready