[j-nsp] IOS to JUNOS VRF
Jonathan Looney
jonlooney at gmail.com
Thu May 8 10:11:39 EDT 2008
Assuming you are running traditional JUNOS, here is a translation (not
tested, no guarantees, etc.):
interfaces {
ge-0/0/0 {
description "Trunk Giga";
vlan-tagging;
speed 100m;
link-mode full-duplex;
gigether-options {
no-auto-negotiation;
}
unit 20 {
vlan-id 20;
family inet {
address 192.168.20.134/24;
}
}
unit 400 {
vlan-id 400;
family inet {
address 172.26.0.6/28;
}
}
}
sp-0/0/0 {
unit 0 {
family inet;
}
unit 1 {
family inet;
service-domain inside;
}
unit 2 {
family inet;
service-domain outside;
}
}
ge-0/0/1 {
description Internet;
speed 100m;
link-mode full-duplex;
gigether-options {
no-auto-negotiation;
}
unit 0 {
family inet {
address 201.201.45.240/26;
}
}
}
}
routing-options {
static {
route 0.0.0.0/0 next-hop 201.201.45.243;
}
}
routing-instances {
VRF01 {
instance-type virtual-router;
interface ge-0/0/0.20;
interface ge-0/0/0.400;
interface sp-0/0/0.1;
routing-options {
static {
route 0.0.0.0/0 next-hop sp-0/0/0.1;
route 10.0.0.0/8 next-hop 172.26.0.1;
}
}
}
}
services {
nat {
pool POOL-02 {
address 201.34.34.1/32;
port automatic;
}
rule VRF-TO-INTERNET {
match-direction input;
term ALGs {
from {
source-address {
10.0.0.0/8;
}
application-sets junos-algs-outbound;
}
then {
translated {
source-pool POOL-02;
translation-type {
source dynamic;
}
}
}
}
term translate-all {
from {
source-address {
10.0.0.0/8;
}
}
then {
translated {
source-pool POOL-02;
translation-type {
source dynamic;
}
}
}
}
}
}
service-set NH-VRF01 {
nat-rules VRF-TO-INTERNET;
next-hop-service {
inside-service-interface sp-0/0/0.1;
outside-service-interface sp-0/0/0.2;
}
}
}
Hope that helps!
-Jon
On Thu, May 8, 2008 at 9:58 AM, GIULIANO (UOL) <giulianocm at uol.com.br>
wrote:
> Alexander ,
>
> It is a J-2350 2GM RAM, 1 GB CF and JUNOS 9.1R1.8.
>
> Thanks,
>
> Att,
>
>
> > Hi Giuliano,
> >
> > Is that M- or J- series?
> > Because on M-series you would need AS, or AS-II or similar PIC
> > installed for this one to implement:
> > ip nat inside source list 1 pool POOL-02 vrf VRF01 overload
> >
> > -Alexander
> >
> >
> > On 5/5/08, GIULIANO (UOL) <giulianocm at uol.com.br> wrote:
> >> People,
> >>
> >> I need to convert the following script in a CISCO router with IOS 12.4
> >> to JUNOS 9.1.
> >>
> >> The VRF only uses Static Routes. Can someone help me doing that ?
> >>
> >>
> >> Thanks a lot,
> >>
> >> Giuliano
> >>
> >>
> >>
> >> !
> >> !
> >> !
> >> ip vrf VRF01
> >> rd 34567:400
> >> !
> >> !
> >> !
> >> interface GigabitEthernet0/0
> >> description Trunk Giga
> >> no ip address
> >> duplex full
> >> speed 100
> >> media-type rj45
> >> !
> >> !
> >> !
> >> interface GigabitEthernet0/0.20
> >> encapsulation dot1Q 20
> >> ip vrf forwarding VRF01
> >> ip address 192.168.20.134 255.255.255.0
> >> !
> >> !
> >> !
> >> interface GigabitEthernet0/0.400
> >> encapsulation dot1Q 400
> >> ip vrf forwarding VRF01
> >> ip address 172.26.0.6 255.255.255.240
> >> ip nat inside
> >> !
> >> !
> >> !
> >> interface GigabitEthernet0/1
> >> description Internet
> >> ip address 201.201.45.240 255.255.255.192
> >> ip nat outside
> >> duplex full
> >> speed 100
> >> media-type rj45
> >> !
> >> !
> >> !
> >> ip classless
> >> ip route 0.0.0.0 0.0.0.0 201.201.45.253
> >> ip route vrf VRF01 0.0.0.0 0.0.0.0 201.201.45.253 global
> >> ip route vrf VRF01 10.0.0.0 255.0.0.0 172.26.0.1
> >> !
> >> !
> >> access-list 1 permit 10.0.0.0 0.255.255.255
> >> !
> >> !
> >> ip nat pool POOL-01 201.201.78.20 201.201.78.20 prefix-length 24
> >> ip nat pool POOL-02 201.34.34.1 201.34.34.1 prefix-length 24
> >> ip nat pool FTC1 196.196.96.21 196.196.96.21 prefix-length 24
> >> ip nat pool FTC2 198.196.78.22 198.196.78.22 prefix-length 24
> >> !
> >> !
> >> ip nat inside source list 1 pool POOL-02 vrf VRF01 overload
> >> _______________________________________________
> >> juniper-nsp mailing list juniper-nsp at puck.nether.net
> >> https://puck.nether.net/mailman/listinfo/juniper-nsp
> >>
> >
> > __________ Information from ESET NOD32 Antivirus, version of virus
> signature database 3085 (20080508) __________
> >
> > The message was checked by ESET NOD32 Antivirus.
> >
> > http://www.eset.com
> >
> >
> >
>
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp
>
More information about the juniper-nsp
mailing list