Сравнение версий

Старая версия 130

changes.mady.by.user Отдел Документации

Сохранено

по сравнению с

Новая версия 131

changes.mady.by.user Сервисный центр Ethernet

Сохранено

Ключ

  • Эта строка добавлена.
  • Эта строка удалена.
  • Изменено форматирование.
Комментарий: Оксененко С. Поправил dpd таймеры и адреса в примере dhcp failover

...

Блок кода
titleESR-1
cluster
  cluster-interface bridge 1
  unit 1
    mac-address a2:00:00:10:c0:00
  exit
  unit 2
    mac-address a2:00:00:10:d0:00
  exit
  enable
exit

hostname ESR-1 unit 1
hostname ESR-2 unit 2

object-group service DHCP_SERVER
  port-range 67
exit
object-group service DHCP_CLIENT
  port-range 68
exit

security zone SYNC
exit
security zone LAN
exit

bridge 1
  vlan 1
  security-zone SYNC
  ip address 198.51.100.254/24 unit 1
  ip address 198.51.100.253/24 unit 2
  vrrp id 1
  vrrp ip 198.51.100.1/24
  vrrp group 1
  vrrp authentication key ascii-text encrypted 88B11079B51D
  vrrp authentication algorithm md5
  vrrp
  enable
exit

interface gigabitethernet 1/0/1
  mode switchport
  spanning-tree disable
exit
interface gigabitethernet 1/0/3
  security-zone LAN
  ip address 128.66192.0.2.254/3024
   vrrp id 2
  vrrp ip 192.0.2.1/24
  vrrp group 1
  vrrp
exit
interface gigabitethernet 2/0/1
  mode switchport
  spanning-tree disable
exit
interface gigabitethernet 2/0/3
  security-zone LAN
  ip address 128192.660.02.1253/3024
   vrrp id 2
  vrrp ip 192.0.2.1/24
  vrrp group 1
  vrrp
exit

security zone-pair SYNC self
  rule 1
    action permit
    match protocol icmp
    enable
  exit
  rule 2
    action permit
    match protocol vrrp
    enable
  exit
  rule 3
    action permit
    match protocol ah
    enable
  exit
exit
security zone-pair LAN self
  rule 1
    action permit
    match protocol vrrp
    enable
  exit
  rule 2
    action permit
    match protocol udp
    match source-port object-group DHCP_CLIENT
    match destination-port object-group DHCP_SERVER
    enable
  exit
exit

ip dhcp-server
ip dhcp-server pool TRUSTED
  network 192.0.2.0/24
  address-range 192.0.2.10-192.0.2.100
  default-router 192.0.2.1
exit

...

Блок кода
HUB-1(config)# security ike proposal ike_proposal
HUB-1(config-ike-proposal)# authentication algorithm sha2-256
HUB-1(config-ike-proposal)# encryption algorithm aes256
HUB-1(config-ike-proposal)# dh-group 19
HUB-1(config-ike-proposal)# exit
HUB-1(config)# 
HUB-1(config)# security ike policy ike_policy
HUB-1(config-ike-policy)# pre-shared-key ascii-text encrypted 8CB5107EA7005AFF
HUB-1(config-ike-policy)# proposal ike_proposal
HUB-1(config-ike-policy)# exit
HUB-1(config)# security ike gateway ike_gateway_cloud_one
HUB-1(config-ike-gw)# version v2-only
HUB-1(config-ike-gw)# ike-policy ike_policy
HUB-1(config-ike-gw)# local address 198.51.100.2
HUB-1(config-ike-gw)# local network 198.51.100.2/32 protocol gre 
HUB-1(config-ike-gw)# remote address any
HUB-1(config-ike-gw)# remote network any protocol gre 
HUB-1(config-ike-gw)# mode policy-based
HUB-1(config-ike-gw)# mobike disable
HUB-1(config-ike-gw)# dead-peer-detection action clear
HUB-1(config-ike-gw)# dead-peer-detection interval 310
HUB-1(config-ike-gw)# dead-peer-detection retransmit timeout 15
HUB-1(config-ike-gw)# dead-peer-detection retransmit tries 2
HUB-1(config-ike-gw)# exit
HUB-1(config)# security ike gateway ike_gateway_cloud_two
HUB-1(config-ike-gw)# version v2-only
HUB-1(config-ike-gw)# ike-policy ike_policy
HUB-1(config-ike-gw)# local address 198.51.100.6
HUB-1(config-ike-gw)# local network 198.51.100.6/32 protocol gre 
HUB-1(config-ike-gw)# remote address any
HUB-1(config-ike-gw)# remote network any protocol gre 
HUB-1(config-ike-gw)# mode policy-based
HUB-1(config-ike-gw)# mobike disable
HUB-1(config-ike-gw)# dead-peer-detection action clear
HUB-1(config-ike-gw)# dead-peer-detection interval 310
HUB-1(config-ike-gw)# dead-peer-detection retransmit timeout 15
HUB-1(config-ike-gw)# dead-peer-detection retransmit tries 2
HUB-1(config-ike-gw)# exit
HUB-1(config)# 
HUB-1(config)# security ike session uniqueids replace

...

Блок кода
SPOKE-1(config)# security ike proposal ike_proposal
SPOKE-1(config-ike-proposal)# authentication algorithm sha2-256
SPOKE-1(config-ike-proposal)# encryption algorithm aes256
SPOKE-1(config-ike-proposal)# dh-group 19
SPOKE-1(config-ike-proposal)# exit
SPOKE-1(config)# security ike policy ike_policy
SPOKE-1(config-ike-policy)# pre-shared-key ascii-text encrypted 8CB5107EA7005AFF
SPOKE-1(config-ike-policy)# proposal ike_proposal
SPOKE-1(config-ike-policy)# exit
SPOKE-1(config)# security ike gateway ike_gateway_cloud_one
SPOKE-1(config-ike-gw)# version v2-only
SPOKE-1(config-ike-gw)# ike-policy ike_policy
SPOKE-1(config-ike-gw)# local address 198.51.100.10
SPOKE-1(config-ike-gw)# local network 198.51.100.10/32 protocol gre 
SPOKE-1(config-ike-gw)# remote address 198.51.100.2
SPOKE-1(config-ike-gw)# remote network 198.51.100.2/32 protocol gre 
SPOKE-1(config-ike-gw)# mode policy-based
SPOKE-1(config-ike-gw)# mobike disable
SPOKE-1(config-ike-gw)# dead-peer-detection action clear
SPOKE-1(config-ike-gw)# dead-peer-detection interval 310
SPOKE-1(config-ike-gw)# dead-peer-detection retransmit timeout 15
SPOKE-1(config-ike-gw)# dead-peer-detection retransmit tries 2
SPOKE-1(config-ike-gw)# exit
SPOKE-1(config)# security ike gateway ike_gateway_cloud_two
SPOKE-1(config-ike-gw)# version v2-only
SPOKE-1(config-ike-gw)# ike-policy ike_policy
SPOKE-1(config-ike-gw)# local address 198.51.100.10
SPOKE-1(config-ike-gw)# local network 198.51.100.10/32 protocol gre 
SPOKE-1(config-ike-gw)# remote address 198.51.100.6
SPOKE-1(config-ike-gw)# remote network 198.51.100.6/32 protocol gre 
SPOKE-1(config-ike-gw)# mode policy-based
SPOKE-1(config-ike-gw)# mobike disable
SPOKE-1(config-ike-gw)# dead-peer-detection action clear
SPOKE-1(config-ike-gw)# dead-peer-detection interval 310
SPOKE-1(config-ike-gw)# dead-peer-detection retransmit timeout 15
SPOKE-1(config-ike-gw)# dead-peer-detection retransmit tries 2
SPOKE-1(config-ike-gw)# exit
SPOKE-1(config)# security ike gateway ike_gateway_to_spokes
SPOKE-1(config-ike-gw)# version v2-only
SPOKE-1(config-ike-gw)# ike-policy ike_policy
SPOKE-1(config-ike-gw)# local address 198.51.100.10
SPOKE-1(config-ike-gw)# local network 198.51.100.10/32 protocol gre 
SPOKE-1(config-ike-gw)# remote id any
SPOKE-1(config-ike-gw)# remote address any
SPOKE-1(config-ike-gw)# remote network any protocol gre 
SPOKE-1(config-ike-gw)# mode policy-based
SPOKE-1(config-ike-gw)# mobike disable
SPOKE-1(config-ike-gw)# dead-peer-detection action clear
SPOKE-1(config-ike-gw)# dead-peer-detection interval 310
SPOKE-1(config-ike-gw)# dead-peer-detection retransmit timeout 15
SPOKE-1(config-ike-gw)# dead-peer-detection retransmit tries 2
SPOKE-1(config-ike-gw)# exit

...

Блок кода
SPOKE-2(config)# security ike proposal ike_proposal
SPOKE-2(config-ike-proposal)# authentication algorithm sha2-256
SPOKE-2(config-ike-proposal)# encryption algorithm aes256
SPOKE-2(config-ike-proposal)# dh-group 19
SPOKE-2(config-ike-proposal)# exit
SPOKE-2(config)# security ike policy ike_policy
SPOKE-2(config-ike-policy)# pre-shared-key ascii-text encrypted 8CB5107EA7005AFF
SPOKE-2(config-ike-policy)# proposal ike_proposal
SPOKE-2(config-ike-policy)# exit
SPOKE-2(config)# security ike gateway ike_gateway_cloud_one
SPOKE-2(config-ike-gw)# version v2-only
SPOKE-2(config-ike-gw)# ike-policy ike_policy
SPOKE-2(config-ike-gw)# local address 198.51.100.14
SPOKE-2(config-ike-gw)# local network 198.51.100.14/32 protocol gre 
SPOKE-2(config-ike-gw)# remote address 198.51.100.2
SPOKE-2(config-ike-gw)# remote network 198.51.100.2/32 protocol gre 
SPOKE-2(config-ike-gw)# mode policy-based
SPOKE-2(config-ike-gw)# mobike disable
SPOKE-2(config-ike-gw)# dead-peer-detection action clear
SPOKE-2(config-ike-gw)# dead-peer-detection interval 310
SPOKE-2(config-ike-gw)# dead-peer-detection retransmit timeout 15
SPOKE-2(config-ike-gw)# dead-peer-detection retransmit tries 2
SPOKE-2(config-ike-gw)# exit
SPOKE-2(config)# security ike gateway ike_gateway_cloud_two
SPOKE-2(config-ike-gw)# version v2-only
SPOKE-2(config-ike-gw)# ike-policy ike_policy
SPOKE-2(config-ike-gw)# local address 198.51.100.14
SPOKE-2(config-ike-gw)# local network 198.51.100.14/32 protocol gre 
SPOKE-2(config-ike-gw)# remote address 198.51.100.6
SPOKE-2(config-ike-gw)# remote network 198.51.100.6/32 protocol gre 
SPOKE-2(config-ike-gw)# mode policy-based
SPOKE-2(config-ike-gw)# mobike disable
SPOKE-2(config-ike-gw)# dead-peer-detection action clear
SPOKE-2(config-ike-gw)# dead-peer-detection interval 310
SPOKE-2(config-ike-gw)# dead-peer-detection retransmit timeout 15
SPOKE-2(config-ike-gw)# dead-peer-detection retransmit tries 2
SPOKE-2(config-ike-gw)# exit
SPOKE-2(config)# security ike gateway ike_gateway_to_spokes
SPOKE-2(config-ike-gw)# version v2-only
SPOKE-2(config-ike-gw)# ike-policy ike_policy
SPOKE-2(config-ike-gw)# local address 198.51.100.14
SPOKE-2(config-ike-gw)# local network 198.51.100.14/32 protocol gre 
SPOKE-2(config-ike-gw)# remote id any
SPOKE-2(config-ike-gw)# remote address any
SPOKE-2(config-ike-gw)# remote network any protocol gre 
SPOKE-2(config-ike-gw)# mode policy-based
SPOKE-2(config-ike-gw)# mobike disable
SPOKE-2(config-ike-gw)# dead-peer-detection action clear
SPOKE-2(config-ike-gw)# dead-peer-detection interval 310
SPOKE-2(config-ike-gw)# dead-peer-detection retransmit timeout 15
SPOKE-2(config-ike-gw)# dead-peer-detection retransmit tries 2
SPOKE-2(config-ike-gw)# exit

...