[Juniper] Junos固定arp、ndp

&NewLine;<p class&equals;"wp-block-paragraph"> 邊做邊學，順便留個筆記，若有錯誤請不吝指教。 <&sol;p>&NewLine;&NewLine;&NewLine;&NewLine;<p class&equals;"wp-block-paragraph">Junos基本操作及root密碼設定可參考我之前的文章：<a href&equals;"https&colon;&sol;&sol;kerker&period;website&sol;juniper-junos&percnt;E5&percnt;9F&percnt;BA&percnt;E6&percnt;9C&percnt;AC&percnt;E6&percnt;93&percnt;8D&percnt;E4&percnt;BD&percnt;9C&percnt;E3&percnt;80&percnt;81root&percnt;E5&percnt;AF&percnt;86&percnt;E7&percnt;A2&percnt;BC&percnt;E8&percnt;A8&percnt;AD&percnt;E5&percnt;AE&percnt;9A&sol;">Juniper Junos基本操作、root密碼設定<&sol;a><&sol;p>&NewLine;&NewLine;&NewLine;&NewLine;<p class&equals;"wp-block-paragraph">所有Juniper相關文章列表：<a href&equals;"https&colon;&sol;&sol;kerker&period;website&sol;juniper-junos-&percnt;E7&percnt;B3&percnt;BB&percnt;E5&percnt;88&percnt;97-&percnt;E6&percnt;96&percnt;87&percnt;E7&percnt;AB&percnt;A0&percnt;E5&percnt;88&percnt;97&percnt;E8&percnt;A1&percnt;A8&sol;">Juniper JunOS 系列文章列表<&sol;a><&sol;p>&NewLine;&NewLine;&NewLine;&NewLine;<&excl;--more-->&NewLine;&NewLine;&NewLine;&NewLine;<p class&equals;"wp-block-paragraph">arp表&lpar;ipv4&rpar;、ndp表&lpar;ipv6&rpar;是用來做IP-MAC資訊對應的，讓第二層的交換得以順暢，為了避免IP遭到假冒，我們可以在Gateway端設定固定arp，讓特定IP對應到特定的mac地址。<&sol;p>&NewLine;&NewLine;&NewLine;&NewLine;<p class&equals;"wp-block-paragraph">通常在作為Gateway的介面或點對點介面我們可以看到該網段的arp表，通過show arp指令可以做到這一點，這邊我們用之前做的點對點IP來做測試，我們可以看到對端的IP-MAC對應資訊。<&sol;p>&NewLine;&NewLine;&NewLine;&NewLine;<pre class&equals;"wp-block-code"><code> root&commat;10&period;0&period;0&period;2> show arp interface ge-0&sol;0&sol;23&period;0 &NewLine; MAC Address Address Name Interface Flags&NewLine; 64&colon;c3&colon;d6&colon;66&colon;8b&colon;f3 10&period;0&period;0&period;1 10&period;0&period;0&period;1 ge-0&sol;0&sol;23&period;0 none<&sol;code><&sol;pre>&NewLine;&NewLine;&NewLine;&NewLine;<p class&equals;"wp-block-paragraph">如果我要鎖定這個arp表，而不讓其他將IP設定成10&period;0&period;0&period;1的設備影響，那我們就可以在設定模式下使用下列指令來鎖定：<&sol;p>&NewLine;&NewLine;&NewLine;&NewLine;<pre class&equals;"wp-block-code"><code> set interfaces ge-0&sol;0&sol;23 unit 0 family inet address 10&period;0&period;0&period;2&sol;30 arp 10&period;0&period;0&period;1 mac 64&colon;c3&colon;d6&colon;66&colon;8b&colon;f3<&sol;code><&sol;pre>&NewLine;&NewLine;&NewLine;&NewLine;<p class&equals;"wp-block-paragraph">設定完成記得要commit才會生效，更多關於commit指令的內容可以參考：<a href&equals;"https&colon;&sol;&sol;kerker&period;website&sol;juniper-junos&percnt;E6&percnt;8F&percnt;90&percnt;E4&percnt;BA&percnt;A4&percnt;E8&percnt;A8&percnt;AD&percnt;E5&percnt;AE&percnt;9Acommit&sol;">Juniper Junos提交設定&lpar;commit&rpar;<&sol;a> <&sol;p>&NewLine;&NewLine;&NewLine;&NewLine;<p class&equals;"wp-block-paragraph"><&sol;p>&NewLine;&NewLine;&NewLine;&NewLine;<p class&equals;"wp-block-paragraph">使用show configuration interface ge-0&sol;0&sol;23來查看設定檔大概長這樣：<&sol;p>&NewLine;&NewLine;&NewLine;&NewLine;<pre class&equals;"wp-block-code"><code> root&commat;10&period;0&period;0&period;2> show configuration interfaces ge-0&sol;0&sol;23 &NewLine; description 10&period;0&period;0&period;1&sol;30&semi;&NewLine; unit 0 &lbrace;&NewLine; family inet &lbrace;&NewLine; address 10&period;0&period;0&period;2&sol;30 &lbrace;&NewLine; arp 10&period;0&period;0&period;1 mac 64&colon;c3&colon;d6&colon;66&colon;8b&colon;f3&semi;&NewLine; &rcub;&NewLine; &rcub;&NewLine; &rcub;<&sol;code><&sol;pre>&NewLine;&NewLine;&NewLine;&NewLine;<p class&equals;"wp-block-paragraph">而ndp表的設定方式也差不多，設定格式如下：查看設定檔大概長這樣：<&sol;p>&NewLine;&NewLine;&NewLine;&NewLine;<pre class&equals;"wp-block-code"><code> set interfaces &lbrack;interface&rsqb; unit 0 family inet6 address &lbrack;ipv6&rsqb; ndp &lbrack;ipv6&rsqb; mac &lbrack;mac&rsqb;<&sol;code><&sol;pre>&NewLine;