Manualshelf

Datasheet

ManualsBrandsJuniper ManualsNetworkingSSG-20-SB
12345678910
Copyright © 2010, Juniper Networks, Inc. 7
APPLICATION NOTE - Configuring the CX111 for the SSG Series
set zone “Trust” vrouter “trust-vr”
set zone “Untrust” vrouter “trust-vr”
set zone id 100 “Management”
set interface “ethernet0/0” zone “Untrust”
set interface “ethernet0/0.1” tag 3900 zone “Management”
set interface “bgroup0” zone “Trust”
set interface bgroup0 port ethernet0/2
set interface bgroup0 port ethernet0/3
set interface bgroup0 port ethernet0/4
set interface bgroup0 port ethernet0/5
set interface bgroup0 port ethernet0/6
set interface ethernet0/0 dhcp client enable
set interface ethernet0/0 dhcp client settings update-dhcpserver
set interface ethernet0/0.1 ip 192.168.0.2/24
set interface bgroup0 ip 192.168.1.1/24
set interface bgroup0 dhcp server service
set interface bgroup0 dhcp server enable
set interface bgroup0 dhcp server ip 192.168.1.2 to 192.168.1.20
set policy id 3 name “Any Permit” from “Trust” to “Untrust” “Any” “Any” “ANY”
nat src permit log count no-session-backup
exit
set policy id 6 name “Management Access” from “Trust” to “Management” “Any”
“Any” “HTTP” nat src permit log
exit
CX111 Used for Backup Access Using Track-ip
Only Juniper Networks SSG5 Secure Services Gateway and SSG20 Secure Services Gateway can support the CX111 as
both backup and primary. All other SSG Series devices support CX111 only in primary connection mode.
In this example, the bridge will only be used when the primary interface is down. It is possible to configure default
routes with different metrics, but this will mean that only physical failures in the primary interface will be detected. In
some instances, such as when layer 2 protocols are not able to detect end-to-end failures, or when multiple network
hops separate the SSG Series from the remote resources, other means to trigger a failover are desired.
This example shows how to configure track-ip to monitor a set of devices. Different weights can be used to change the
failover behavior. When each probe is given a weight higher than 255, a single failure will trigger a failover. If instead
multiple probes are used, each with a small weight (lower than 255), more than one failure will be required to fail over.
To enable the backup, the sum of the weights of the failing probes must be larger than 255.