网络工程 - Juniper路由——单向通信 - 吾爱随笔录

我有一个 SRX3600 和一个 EX2200。我可以从 SRX ping EX2200 上的所有东西，但我无法从 EX ping SRX 上的网关（或其他任何东西）。另一双眼睛会很棒。

admin@wb-sw1> ping 192.168.2.1
PING 192.168.2.1 (192.168.2.1): 56 data bytes
^C
--- 192.168.2.1 ping statistics ---
2 packets transmitted, 0 packets received, 100% packet loss

网关显示在 arp 表中。

admin@wb-sw1> show arp
MAC Address       Address         Name                      Interface           Flags
44:d9:e7:4c:7f:c8 192.168.1.11    192.168.1.11              vlan.10             none
44:d9:e7:4c:80:64 192.168.1.13    192.168.1.13              vlan.10             none
40:b4:f0:d6:44:00 192.168.2.1     192.168.2.1               ge-0/0/0.0          none
Total entries: 3

EX2200 具有以下配置。

ge-0/0/0 是我到我的 SRX 的链接 ge-0/0/12 & 24 连接到 192.168.1.0/24 子网上的设备。所有这些都可以通过 SRX 访问。沟通只是一种方式。我无法从 EX ping SRX 的网关。

interfaces {
ge-0/0/0 {
    unit 0 {
        family inet {
            address 192.168.2.2/30;
        }
    }
}
ge-0/0/1 {
    unit 0 {
        family ethernet-switching {
            port-mode access;
        }
    }
}
ge-0/0/2 {
    unit 0 {
        family ethernet-switching;
    }
}
ge-0/0/3 {
    unit 0 {
        family ethernet-switching;
    }
}
ge-0/0/4 {
    unit 0 {
        family ethernet-switching;
    }
}
ge-0/0/5 {
    unit 0 {
        family ethernet-switching;
    }
}
ge-0/0/6 {
    unit 0 {
        family ethernet-switching;
    }
}
ge-0/0/7 {
    unit 0 {
        family ethernet-switching;
    }
}
ge-0/0/8 {
    unit 0 {
        family ethernet-switching;
    }
}
ge-0/0/9 {
    unit 0 {
        family ethernet-switching;
    }
}
ge-0/0/10 {
    unit 0 {
        family ethernet-switching;
    }
}
ge-0/0/11 {
    unit 0 {
        family ethernet-switching;
    }
}
ge-0/0/12 {
    unit 0 {
        family ethernet-switching {
            vlan {
                members internal-net;
            }
        }
    }
}
ge-0/0/13 {
    unit 0 {
        family ethernet-switching;
    }
}
ge-0/0/14 {
    unit 0 {
        family ethernet-switching;
    }
}
ge-0/0/15 {
    unit 0 {
        family ethernet-switching;
    }
}
ge-0/0/16 {
    unit 0 {
        family ethernet-switching;
    }
}
ge-0/0/17 {
    unit 0 {
        family ethernet-switching;
    }
}
ge-0/0/18 {
    unit 0 {
        family ethernet-switching;
    }
}
ge-0/0/19 {
    unit 0 {
        family ethernet-switching;
    }
}
ge-0/0/20 {
    unit 0 {
        family ethernet-switching;
    }
}
ge-0/0/21 {
    unit 0 {
        family ethernet-switching;
    }
}
ge-0/0/22 {
    unit 0 {
        family ethernet-switching;
    }
}
ge-0/0/23 {
    unit 0 {
        family ethernet-switching;
    }
}
ge-0/0/24 {
    unit 0 {
        family ethernet-switching {
            vlan {
                members internal-net;
            }
        }
    }
}
ge-0/0/25 {
    unit 0 {
        family ethernet-switching;
    }
}
ge-0/0/26 {
    unit 0 {
        family ethernet-switching;
    }
}
ge-0/0/27 {
    unit 0 {
        family ethernet-switching;
    }
}
ge-0/0/28 {
    unit 0 {
        family ethernet-switching;
    }
}
ge-0/0/29 {
    unit 0 {
        family ethernet-switching;
    }
}
ge-0/0/30 {
    unit 0 {
        family ethernet-switching;
    }
}
ge-0/0/31 {
    unit 0 {
        family ethernet-switching;
    }
}
ge-0/0/32 {
    unit 0 {
        family ethernet-switching;
    }
}
ge-0/0/33 {
    unit 0 {
        family ethernet-switching;
    }
}
ge-0/0/34 {
    unit 0 {
        family ethernet-switching;
    }
}
ge-0/0/35 {
    unit 0 {
        family ethernet-switching;
    }
}
ge-0/0/36 {
    unit 0 {
        family ethernet-switching;
    }
}
ge-0/0/37 {
    unit 0 {
        family ethernet-switching;
    }
}
ge-0/0/38 {
    unit 0 {
        family ethernet-switching;
    }
}
ge-0/0/39 {
    unit 0 {
        family ethernet-switching;
    }
}
ge-0/0/40 {
    unit 0 {
        family ethernet-switching;
    }
}
ge-0/0/41 {
    unit 0 {
        family ethernet-switching;
    }
}
ge-0/0/42 {
    unit 0 {
        family ethernet-switching;
    }
}
ge-0/0/43 {
    unit 0 {
        family ethernet-switching;
    }
}
ge-0/0/44 {
    unit 0 {
        family ethernet-switching;
    }
}
ge-0/0/45 {
    unit 0 {
        family ethernet-switching;
    }
}
ge-0/0/46 {
    unit 0 {
        family ethernet-switching;
    }
}
ge-0/0/47 {
    unit 0 {
        family ethernet-switching;
    }
}
ge-0/1/1 {
    unit 0 {
        family ethernet-switching;
    }
}
ge-0/1/2 {
    unit 0 {
        family ethernet-switching;
    }
}
ge-0/1/3 {
    unit 0 {
        family ethernet-switching;
    }
}
ge-0/2/0 {
    unit 0;
}
me0 {
    unit 0 {
        family inet {
            address 192.168.199.1/29;
        }
    }
}
vlan {
    unit 0 {
        family inet;
    }
    unit 10 {
        family inet {
            address 192.168.1.1/24;
        }
    }
}
routing-options {
    static {
        route 0.0.0.0/0 next-hop 192.168.2.1;
    }
}
protocols {
    igmp-snooping {
        vlan all;
    }
    rstp;
    lldp {
        interface all;
    }
    lldp-med {
        interface all;
    }
}
ethernet-switching-options {
    storm-control {
        interface all;
    }
}
vlans {
    default;
    internal-net {
        vlan-id 10;
        l3-interface vlan.10;
    }
    wan;
}

这是 SRX：ge-0/0/0 是到 EX 的链路，ge-0/0/8 是我的 WAN 上行链路

 interfaces {
    ge-0/0/0 {
        unit 0 {
            family inet {
                address 192.168.2.1/30;
            }
        }
    }
    ge-0/0/8 {
        enable;
        speed 1g;
        link-mode full-duplex;
        gigether-options {
            no-auto-negotiation;
        }
        unit 0 {
            family inet {
                address 192.69.88.162/27;
            }
        }
    }
    lo0 {
        unit 0 {
            family inet {
                address 127.0.0.1/32;
            }
        }
    }
}
routing-options {
    static {
        route 0.0.0.0/0 next-hop 192.69.88.161;
        route 192.168.1.0/24 next-hop 192.168.2.2;
    }
}
security {
    zones {
        security-zone trust {
            interfaces {
                ge-0/0/0.0;
            }
        }
        security-zone untrust {
            interfaces {
                ge-0/0/8.0;
            }
        }
    }
}