Доброе времени суток проблема с настройкой juniper srx100b.
Сетевая структура такая!
есть juniper srx100b есть два hp 1910V подключены вот таким образом из на сколько я понял
juniper srx100b из порта fe-0/0/6 подключен ко первому hp v1910 а из порта fe-0/0/7 подключен к второму hp v1910 а к нулевому порто подключон провайдер с статическим ип адресом. Получилось так что после рестарта пошел сброс до заводских настроек в juniper
это стало для меня проблемой глобального масштаба поскольку я не знаю как конфигурировать juniper
есть только
default.diag и
startup.cfg файл из второго hp
сейчас я конфигурировал вот таким образом
system {
root-authentication {
encrypted-password "$1$74IngNLs$b4unocPohajYhqO0T5oW31"; ## SECRET-DATA
}
name-server {
8.8.8.8;
8.8.4.4;
}
services {
ssh {
root-login allow;
protocol-version v2;
}
telnet;
xnm-clear-text;
web-management {
http {
interface vlan.0;
}
https {
system-generated-certificate;
interface vlan.0;
}
}
dhcp {
router {
192.168.1.1;
}
pool 192.168.1.0/24 {
address-range low 192.168.1.2 high 192.168.1.254;
}
propagate-settings fe-0/0/0.0;
}
}
syslog {
archive size 100k files 3;
user * {
any emergency;
}
file messages {
any critical;
authorization info;
}
file interactive-commands {
interactive-commands error;
}
}
max-configurations-on-flash 5;
max-configuration-rollbacks 5;
license {
autoupdate {
url https://ae1.juniper.net/junos/key_retrieval;
}
}
}
interfaces {
fe-0/0/0 {
unit 0;
}
fe-0/0/1 {
unit 0 {
family ethernet-switching {
vlan {
members vlan-trust;
}
}
}
}
fe-0/0/2 {
unit 0 {
description GNC;
family inet {
address ип/маск;
}
}
}
fe-0/0/3 {
unit 0 {
family ethernet-switching {
vlan {
members vlan-trust;
}
}
}
}
fe-0/0/4 {
unit 0 {
family ethernet-switching {
vlan {
members vlan-trust;
}
}
}
}
fe-0/0/5 {
unit 0 {
family ethernet-switching {
vlan {
members vlan-trust;
}
}
}
}
fe-0/0/6 {
vlan-tagging;
unit 30 {
vlan-id 30;
family inet {
address 192.168.6.254/24;
}
}
unit 40 {
vlan-id 40;
family inet {
address 192.168.3.254/24;
}
}
unit 101 {
vlan-id 101;
family inet {
address 192.168.101.254/24;
}
}
unit 102 {
vlan-id 102;
family inet {
address 192.168.102.254/24;
}
}
unit 103 {
vlan-id 103;
family inet {
address 192.168.103.254/24;
}
}
}
fe-0/0/7 {
unit 0 {
family ethernet-switching {
port-mode trunk;
vlan {
members [ vlan-trust vlan30 vlan40 vlan101 vlan102 ];
}
}
}
}
vlan {
unit 0 {
family inet {
address 192.168.1.1/24;
}
}
unit 30 {
description "LEVEL 5 -> OFFICE SPACE";
family inet {
address 192.168.6.254/24;
}
}
unit 40 {
description "LEVEL 7 -> ";
family inet {
address 192.168.3.254/24;
}
}
unit 101 {
description "LEVEL 7 -> SERVER HP V1910 MANAGMENT";
family inet {
address 192.168.101.254/24;
}
}
unit 102 {
description "LEVEL 7 -> SERVER HP V1910 2 AP-MANAGMENT";
family inet {
address 192.168.102.254/24;
}
}
unit 103 {
description "LEVEL 7 -> DEFAULT IP";
family inet {
address 192.168.103.254/24;
}
}
}
}
routing-options {
static {
route 0.0.0.0/0 {
next-hop ип провайдера;
qualified-next-hop 192.168.6.20;
}
}
}
protocols {
stp;
}
security {
screen {
ids-option untrust-screen {
icmp {
ping-death;
}
ip {
source-route-option;
tear-drop;
}
tcp {
syn-flood {
alarm-threshold 1024;
attack-threshold 200;
source-threshold 1024;
destination-threshold 2048;
timeout 20;
}
land;
}
}
}
nat {
source {
rule-set trust-to-untrust {
from zone trust;
to zone untrust;
rule source-nat-rule {
match {
source-address 0.0.0.0/0;
}
then {
source-nat {
interface;
}
}
}
}
}
}
policies {
from-zone trust to-zone untrust {
policy trust-to-untrust {
match {
source-address any;
destination-address any;
application any;
}
then {
permit;
}
}
}
}
zones {
security-zone trust {
host-inbound-traffic {
system-services {
all;
}
protocols {
all;
}
}
interfaces {
vlan.0;
vlan.30;
vlan.40;
vlan.101;
vlan.103;
fe-0/0/6.30;
fe-0/0/6.40;
fe-0/0/6.101;
fe-0/0/6.103;
vlan.102;
fe-0/0/6.102;
fe-0/0/5.0 {
host-inbound-traffic {
system-services {
dhcp;
ssh;
ping;
http;
}
}
}
}
}
security-zone untrust {
screen untrust-screen;
interfaces {
fe-0/0/0.0 {
host-inbound-traffic {
system-services {
dhcp;
tftp;
}
}
}
fe-0/0/1.0 {
host-inbound-traffic {
system-services {
ping;
ike;
http;
tftp;
}
protocols {
all;
}
}
}
}
}
}
}
vlans {
vlan-trust {
vlan-id 3;
l3-interface vlan.0;
}
vlan101 {
description MANAGMENT;
vlan-id 101;
interface {
fe-0/0/7.0;
}
l3-interface vlan.101;
}
vlan102 {
description "AP MANAGMENT";
vlan-id 102;
interface {
fe-0/0/7.0;
}
l3-interface vlan.102;
}
vlan103 {
description DEFAULT;
vlan-id 103;
l3-interface vlan.103;
}
vlan30 {
description "OFFICE SPACE";
vlan-id 30;
l3-interface vlan.30;
}
vlan40 {
description "OFFICE LAER";
vlan-id 40;
l3-interface vlan.40;
}
}
заранее спасибо 
Сложный
Простой
Простой
Средний
Средний
