• No results found

Template: Using the Interace Range Command

In document Day One - Junos Tips, Techniques (Page 41-46)

} }

fe-1/0/0 { unit 0 {

family inet { filter {

input inputfilter;

} } } } }

Assume that a route lookup on 2.2.2 .2 (the tunnel destination) shows a next-hop o e-1/0/0.0.

The rewall lter inputflter needs to allow GRE packets rom 1.1.1.1 to 2.2.2.2 (in other words, it needs to allow the outbound packets).

You can still gain spoo protection by ltering non-GR E trac with your internal source address.

Note that this only aects transit trac. Trac (such as routing protocol trac) originating rom the R, should not be aected by the

rewall lter.

Template: Using the Interace Range Command

Theinterface-rangecommand is quite useul. It allows you to congure multiple interaces at the same time. It also allows you to reerence interaces as a group elsewhere.

C

It’s a common task: you want to congure multiple interaces the same way but you have to congure each interace separately, like this:

[edit]

root@myrouter# set interfaces ge-0/0/0 unit 0 family ethernet-switching vlan members finance

[edit]

root@myrouter# set interfaces ge-0/0/1 unit 0 family ethernet-switching vlan members finance

[edit]

root@myrouter# set interfaces ge-0/0/2 unit 0 family ethernet-switching vlan members finance

[edit]

root@myrouter# set interfaces ge-0/0/3 unit 0 family ethernet-switching vlan members finance

[edit]

root@myrouter# show interfaces ge-0/0/0 {

unit 0 {

family ethernet-switching { vlan {

members finance;

} } } }

ge-0/0/1 { unit 0 {

family ethernet-switching { vlan {

members finance;

} } } }

ge-0/0/2 { unit 0 {

family ethernet-switching { vlan {

members finance;

} } } }

ge-0/0/3 { unit 0 {

40 DayOne:JunosTips,Techniques,andTemplates2011

family ethernet-switching { vlan {

members finance;

} } } }

You end up with the desired result but it took our commands. Imagine i you had twenty interaces to congure this way!

As o Junos 10.0, theinterface-rangecommand provides a good solution to this problem. Using the preceding example, the same result can be achieved in just two commands (assume the interaces cong-ured have been deleted). Here are the two commands:

[edit]

root@myrouter# set interfaces interface-range vlan-finance member-range ge-0/0/0 to ge-0/0/3

[edit]

root@myrouter# set interfaces interface-range vlan-finance unit 0 family ethernet-switching vlan members finance

[edit]

root@myrouter# show interfaces interface-range vlan-finance {

member-range ge-0/0/0 to ge-0/0/3;

unit 0 {

family ethernet-switching { vlan {

members finance;

} } } }

You can mix and match interace-range conguration with individual interace conguration; the settings are merged together.

You can also veriy that the settings are correctly applied to each interace in the range by using thedisplay inheritancepipe com-mand:

[edit]

root@myrouter# show interfaces | display inheritance

##

## 'ge-0/0/0' was expanded from interface-range 'vlan-finance'

##

ge-0/0/0 {

##

## '0

## '0' was ' was expaexpanded nded from from interface-range 'vlinterface-range 'vlan-finance'an-finance'

#

## 'ethernet-switching' was exng' was expandpanded froed from interface-range 'vlm interface-range 'vlan-finance'an-finance'

#

## 'vlan' was ean' was expanxpanded ded from from interface-range 'vlinterface-range 'vlan-finance'an-finance'

#

## 'finance' was e' was expanxpanded froded from interface-range 'vm interface-range 'vlan-financelan-finance''

#

### memb

members financeers finance;; }

Now let’s use the

Now let’s use theexceptexceptpipe command to eliminate the hash marks:pipe command to eliminate the hash marks:

[edit]

[edit]

root@

root@myroumyrouter# show | dispter# show | display lay inheritance | except ##inheritance | except ##

ge-0/0/0 {

members financeers finance;; }

members financeers finance;; }

42

42 DaDayyOneOne::JunJunososTipTips,s,TTechechniqniquesues,,andandTTempemplalatetess20120111

vl vlan an {{

memb

members financeers finance;; }

members financeers finance;; }

The output now looks exactly as it

The output now looks exactly as it did when conguring each interacedid when conguring each interace manually

manually. And, . And, most importantly, it unctions most importantly, it unctions the same the same wayway, too., too.

Selecting Interaces Selecting Interaces

Y

You can select non-contou can select non-contiguous interaces and place them iguous interaces and place them in the samein the same interace-range group. This example selects interaces ge-0/0/2 through interace-range group. This example selects interaces ge-0/0/2 through ge-0/0/10, ge-0/0/15 through ge-0/0/17, ge-0/0/19, and ge-0/0/20:

ge-0/0/10, ge-0/0/15 through ge-0/0/17, ge-0/0/19, and ge-0/0/20:

[edit]

[edit]

user@EX#

user@EX#set interfaces interface-range Raset interfaces interface-range Range1 mnge1 memember-range gber-range ge-0/e-0/0/0/2 to ge-0/02 to ge-0/0/10/10;;

[edit]

[edit]

user@EX#

user@EX#set interfaces interface-rangset interfaces interface-range Range Range1 mee1 member-rangmber-range ge-0/0e ge-0/0/15 to ge-0/0/15 to ge-0/0/17/17;;

[edit]

[edit]

user@EX#

user@EX#set interfaces interface-range Raset interfaces interface-range Range1 mnge1 memember-range gber-range ge-0/e-0/0/0/19 to ge-0/019 to ge-0/0/20/20;;

Y

You can also ou can also select interaces using select interaces using a similar (although a similar (although slightly dier-slightly dier-ent) wildcard match notation as is used in con

ent) wildcard match notation as is used in conguration groups. Hereguration groups. Here is an annotated example:

is an annotated example:

user@sw

user@sw> show configuration i> show configuration interfaces interface-range EDGEnterfaces interface-range EDGE /* Match all interfac

/* Match all interfaces thes that starat start with "get with "ge-0/0-0/0/"/". *. *//

membmber "ge-1/0er "ge-1/0/[0-9]/[0-9]";";

/* Matc

membmber "ge-1/0/er "ge-1/0/[20-39][20-39]";";

/* Match any ge- interface o

/* Match any ge- interface on PIC0 of FPC 2 througn PIC0 of FPC 2 through 8. *h 8. *// me

membmber "ge-[2-8]er "ge-[2-8]/0/*"/0/*";;

Note that the square brackets can enclose two

Note that the square brackets can enclose two-digit ranges o numbers.-digit ranges o numbers.

So, [20-39] will match every number rom 20

So, [20-39] will match every number rom 20 through 39 (inclusive),through 39 (inclusive), and create an interace or each o those

and create an interace or each o those numbers.numbers.

Using Interace Ranges Elsewhere Using Interace Ranges Elsewhere

Y

You can also reerence interace ou can also reerence interace ranges in other places ranges in other places where youwhere you

would reerence an actual interace. For example, to set all interaces in would reerence an actual interace. For example, to set all interaces in the interace range named

the interace range namedEDGEEDGEto be edge ports or MSTP:to be edge ports or MSTP:

user@sw

user@sw> show configuration protocols > show configuration protocols mstpmstp .

In document Day One - Junos Tips, Techniques (Page 41-46)
Download now "Day One - Junos Tips, ..."

Outline

Related documents