[Juniper] Junos固定路由設定(Static route)

&NewLine;<p class&equals;"wp-block-paragraph">邊做邊學，順便留個筆記，若有錯誤請不吝指教。<&sol;p>&NewLine;&NewLine;&NewLine;&NewLine;<p class&equals;"wp-block-paragraph">Junos基本操作及root密碼設定可參考我之前的文章：<a href&equals;"https&colon;&sol;&sol;kerker&period;website&sol;juniper-junos&percnt;E5&percnt;9F&percnt;BA&percnt;E6&percnt;9C&percnt;AC&percnt;E6&percnt;93&percnt;8D&percnt;E4&percnt;BD&percnt;9C&percnt;E3&percnt;80&percnt;81root&percnt;E5&percnt;AF&percnt;86&percnt;E7&percnt;A2&percnt;BC&percnt;E8&percnt;A8&percnt;AD&percnt;E5&percnt;AE&percnt;9A&sol;">Juniper Junos基本操作、root密碼設定<&sol;a><&sol;p>&NewLine;&NewLine;&NewLine;&NewLine;<p class&equals;"wp-block-paragraph">所有Juniper相關文章列表：<a href&equals;"https&colon;&sol;&sol;kerker&period;website&sol;juniper-junos-&percnt;E7&percnt;B3&percnt;BB&percnt;E5&percnt;88&percnt;97-&percnt;E6&percnt;96&percnt;87&percnt;E7&percnt;AB&percnt;A0&percnt;E5&percnt;88&percnt;97&percnt;E8&percnt;A1&percnt;A8&sol;">Juniper JunOS 系列文章列表<&sol;a><&sol;p>&NewLine;&NewLine;&NewLine;&NewLine;<&excl;--more-->&NewLine;&NewLine;&NewLine;&NewLine;<p class&equals;"wp-block-paragraph">在小型網路架構下固定路由是穩定且容易設定的選擇，相對的也比較會需要花時間跟經歷來維護路由表。<&sol;p>&NewLine;&NewLine;&NewLine;&NewLine;<p class&equals;"wp-block-paragraph">這邊我們延續之前<a href&equals;"https&colon;&sol;&sol;kerker&period;website&sol;juniper-junos&percnt;E5&percnt;9F&percnt;BA&percnt;E6&percnt;9C&percnt;ACvlan&percnt;E8&percnt;A8&percnt;AD&percnt;E5&percnt;AE&percnt;9A">基礎Vlan設定介紹<&sol;a>的架構圖來作為例子。<&sol;p>&NewLine;&NewLine;&NewLine;&NewLine;<a href&equals;"https&colon;&sol;&sol;lh3&period;googleusercontent&period;com&sol;EKKqtqnq0qKqONp5ytk-owXiK5OFieZBcOlpMUUYP-DnU5K7hq4Tj0wc3Z3HU1GfRxTo61Z5HqjpxjLPDw-YPpLGbxQP9osnQtORJQgci0uMiGuP-DidSaLcpW4bsqTyr9H4ox56VjkbNMW&lowbar;SoTV9ah8RkOrmyv1NFxKMXoXuubEI9Ve2vlGosi8bYzbTg2dSDbEZq-3TCl9GRJShkW79b7TlYClg1eI3R-Py7yUiNV7YfnWvkFGfG2oVzyQaXLJ7zfoYpkuE&lowbar;7e3rLL8JYSz80EwXTR82u6mGVy71rZXp2JdfJGtIKTOelmQu4VbM1VsZJDSM4mjNLzWTEMXNYAn0w3NlgP7sa2&lowbar;4UfwV4YvL3MkEtI-hOg1UyNXOb7JHbQgCwR-tZKi23hgObRlgKFTzxj88EH4sxxGQ8l7&lowbar;oJKZC1ggifyMdCRJTN5IqwEjjPnQMZUGEizOxUDseghTccOW9rXRFr2MBv&lowbar;K9Hc8zOGlw4KHs9NuR-1aGkUaYGXLBmv7oHYV1IUH9X7Yu8W1nmXPvCfpzntwNEe2-rEzgSMhS3onELgdD5uRIe4x58EKSKQkcZ2ivS8syRUq4SUM-lBHN9yo5JWIuU2VTURXsjShnZhyI4sGmrnKFclyyRl8oCCPXK6m5cMYmkc4-YnwAhI8a2J0fTgxB0QNvjPVcxoV4nVWvL0vYf0L6xmkNw0jD4X7tKCtv3KGTiF9HW-Ub81ar5FWC-HpdzXWDmZiwAgAYDp9mT&equals;w471-h364-no"><img src&equals;"https&colon;&sol;&sol;lh3&period;googleusercontent&period;com&sol;EKKqtqnq0qKqONp5ytk-owXiK5OFieZBcOlpMUUYP-DnU5K7hq4Tj0wc3Z3HU1GfRxTo61Z5HqjpxjLPDw-YPpLGbxQP9osnQtORJQgci0uMiGuP-DidSaLcpW4bsqTyr9H4ox56VjkbNMW&lowbar;SoTV9ah8RkOrmyv1NFxKMXoXuubEI9Ve2vlGosi8bYzbTg2dSDbEZq-3TCl9GRJShkW79b7TlYClg1eI3R-Py7yUiNV7YfnWvkFGfG2oVzyQaXLJ7zfoYpkuE&lowbar;7e3rLL8JYSz80EwXTR82u6mGVy71rZXp2JdfJGtIKTOelmQu4VbM1VsZJDSM4mjNLzWTEMXNYAn0w3NlgP7sa2&lowbar;4UfwV4YvL3MkEtI-hOg1UyNXOb7JHbQgCwR-tZKi23hgObRlgKFTzxj88EH4sxxGQ8l7&lowbar;oJKZC1ggifyMdCRJTN5IqwEjjPnQMZUGEizOxUDseghTccOW9rXRFr2MBv&lowbar;K9Hc8zOGlw4KHs9NuR-1aGkUaYGXLBmv7oHYV1IUH9X7Yu8W1nmXPvCfpzntwNEe2-rEzgSMhS3onELgdD5uRIe4x58EKSKQkcZ2ivS8syRUq4SUM-lBHN9yo5JWIuU2VTURXsjShnZhyI4sGmrnKFclyyRl8oCCPXK6m5cMYmkc4-YnwAhI8a2J0fTgxB0QNvjPVcxoV4nVWvL0vYf0L6xmkNw0jD4X7tKCtv3KGTiF9HW-Ub81ar5FWC-HpdzXWDmZiwAgAYDp9mT&equals;w471-h364-no"><&sol;a>&NewLine;&NewLine;&NewLine;&NewLine;<p class&equals;"wp-block-paragraph">從sw2上去查看路由可以發現這裡只有10&period;0&period;0&period;0&sol;24的路由，也就是sw2目前是連不到在sw1上屬於vlan100及vlan200的Gateway ip的：<&sol;p>&NewLine;&NewLine;&NewLine;&NewLine;<pre class&equals;"wp-block-code"><code> KerKer&commat;sw2> show route &NewLine; 10&period;0&period;0&period;0&sol;24 &ast;&lbrack;Direct&sol;0&rsqb; 04&colon;13&colon;07&NewLine; > via irb&period;0&NewLine; 10&period;0&period;0&period;2&sol;32 &ast;&lbrack;Local&sol;0&rsqb; 3w1d 04&colon;00&colon;35&NewLine; Local via irb&period;0<&sol;code><&sol;pre>&NewLine;&NewLine;&NewLine;&NewLine;<p class&equals;"wp-block-paragraph">這時候我們可以進入設定模式中，告訴sw2如果要去192&period;168&period;100&period;0&sol;24這個網段，就走10&period;0&period;0&period;1就可以了：<&sol;p>&NewLine;&NewLine;&NewLine;&NewLine;<pre class&equals;"wp-block-preformatted"><code> KerKer&commat;sw2&num; set routing-options static route 192&period;168&period;100&period;0&sol;24 next-hop 10&period;0&period;0&period;1<&sol;code><&sol;pre>&NewLine;&NewLine;&NewLine;&NewLine;<p class&equals;"wp-block-paragraph">完成設定後再次檢視路由表會發現多了一條固定路由往192&period;168&period;100&period;0&sol;24：<&sol;p>&NewLine;&NewLine;&NewLine;&NewLine;<pre class&equals;"wp-block-code"><code> KerKer&commat;sw2> show route &NewLine; 10&period;0&period;0&period;0hccv&sol;24 &ast;&lbrack;Direct&sol;0&rsqb; 04&colon;35&colon;41&NewLine; > via irb&period;0&NewLine; 10&period;0&period;0&period;2&sol;32 &ast;&lbrack;Local&sol;0&rsqb; 3w1d 04&colon;23&colon;09&NewLine; Local via irb&period;0&NewLine; 192&period;168&period;100&period;0&sol;24 &ast;&lbrack;Static&sol;5&rsqb; 00&colon;09&colon;34&NewLine; > to 10&period;0&period;0&period;1 via irb&period;0<&sol;code><&sol;pre>&NewLine;&NewLine;&NewLine;&NewLine;<p class&equals;"wp-block-paragraph">嘗試測試ping vlan100 的Gateway ip：<&sol;p>&NewLine;&NewLine;&NewLine;&NewLine;<pre class&equals;"wp-block-code"><code> KerKer&commat;sw2> ping 192&period;168&period;100&period;254 &NewLine; PING 192&period;168&period;100&period;254 &lpar;192&period;168&period;100&period;254&rpar;&colon; 56 data bytes&NewLine; 64 bytes from 192&period;168&period;100&period;254&colon; icmp&lowbar;seq&equals;0 ttl&equals;64 time&equals;24&period;782 ms&NewLine; 64 bytes from 192&period;168&period;100&period;254&colon; icmp&lowbar;seq&equals;1 ttl&equals;64 time&equals;14&period;746 ms&NewLine; 64 bytes from 192&period;168&period;100&period;254&colon; icmp&lowbar;seq&equals;2 ttl&equals;64 time&equals;19&period;614 ms&NewLine; &period;&period;&period;<&sol;code><&sol;pre>&NewLine;&NewLine;&NewLine;&NewLine;<p class&equals;"wp-block-paragraph">而這時候vlan200的網段是沒有路由的，所以嘗試ping vlan200 的gateway ip是沒有反應的：<&sol;p>&NewLine;&NewLine;&NewLine;&NewLine;<pre class&equals;"wp-block-code"><code> KerKer&commat;sw2> ping 192&period;168&period;200&period;254 &NewLine; PING 192&period;168&period;200&period;254 &lpar;192&period;168&period;200&period;254&rpar;&colon; 56 data bytes&NewLine; ping&colon; sendto&colon; No route to host&NewLine; ping&colon; sendto&colon; No route to host&NewLine; ping&colon; sendto&colon; No route to host&NewLine; &period;&period;&period;<&sol;code><&sol;pre>&NewLine;&NewLine;&NewLine;&NewLine;<p class&equals;"wp-block-paragraph">這次我們進入設定模式下直接作default route，即告訴sw2如果沒有路由就往10&period;0&period;0&period;1丟：<&sol;p>&NewLine;&NewLine;&NewLine;&NewLine;<pre class&equals;"wp-block-preformatted"><code> KerKer&commat;sw2&num; set routing-options static route 0&period;0&period;0&period;0&sol;0 next-hop 10&period;0&period;0&period;1<&sol;code><&sol;pre>&NewLine;&NewLine;&NewLine;&NewLine;<p class&equals;"wp-block-paragraph">再次檢視路由表，多出了0&period;0&period;0&period;0&sol;0的default route：<&sol;p>&NewLine;&NewLine;&NewLine;&NewLine;<pre class&equals;"wp-block-code"><code> KerKer&commat;sw2> show route &NewLine; 0&period;0&period;0&period;0&sol;0 &ast;&lbrack;Static&sol;5&rsqb; 00&colon;00&colon;20&NewLine; > to 10&period;0&period;0&period;1 via irb&period;0&NewLine; 10&period;0&period;0&period;0&sol;24 &ast;&lbrack;Direct&sol;0&rsqb; 04&colon;39&colon;02&NewLine; > via irb&period;0&NewLine; 10&period;0&period;0&period;2&sol;32 &ast;&lbrack;Local&sol;0&rsqb; 3w1d 04&colon;26&colon;30&NewLine; Local via irb&period;0&NewLine; 192&period;168&period;100&period;0&sol;24 &ast;&lbrack;Static&sol;5&rsqb; 00&colon;12&colon;55&NewLine; > to 10&period;0&period;0&period;1 via irb&period;0<&sol;code><&sol;pre>&NewLine;&NewLine;&NewLine;&NewLine;<p class&equals;"wp-block-paragraph">檢視往vlan200的路由，vlan200的路由是由default route決定往10&period;0&period;0&period;1送的：<&sol;p>&NewLine;&NewLine;&NewLine;&NewLine;<pre class&equals;"wp-block-code"><code> KerKer&commat;sw2> show route 192&period;168&period;200&period;254 &NewLine; 0&period;0&period;0&period;0&sol;0 &ast;&&num;91&semi;Static&sol;5&rsqb; 00&colon;00&colon;10&NewLine; > to 10&period;0&period;0&period;1 via irb&period;0<&sol;code><&sol;pre>&NewLine;&NewLine;&NewLine;&NewLine;<p class&equals;"wp-block-paragraph">而往vlan100的路由是由之前下的static route決定的：<&sol;p>&NewLine;&NewLine;&NewLine;&NewLine;<pre class&equals;"wp-block-code"><code> KerKer&commat;sw2> show route 192&period;168&period;100&period;254 &NewLine; 192&period;168&period;100&period;0&sol;24 &ast;&&num;91&semi;Static&sol;5&rsqb; 00&colon;12&colon;50&NewLine; > to 10&period;0&period;0&period;1 via irb&period;0<&sol;code><&sol;pre>&NewLine;&NewLine;&NewLine;&NewLine;<p class&equals;"wp-block-paragraph">再次測試ping vlan200 的 gateway ip，這時候已經可以ping通了：<&sol;p>&NewLine;&NewLine;&NewLine;&NewLine;<pre class&equals;"wp-block-code"><code> KerKer&commat;sw2> ping 192&period;168&period;200&period;254 &NewLine; PING 192&period;168&period;200&period;254 &lpar;192&period;168&period;200&period;254&rpar;&colon; 56 data bytes&NewLine; 64 bytes from 192&period;168&period;200&period;254&colon; icmp&lowbar;seq&equals;0 ttl&equals;64 time&equals;15&period;697 ms&NewLine; 64 bytes from 192&period;168&period;200&period;254&colon; icmp&lowbar;seq&equals;1 ttl&equals;64 time&equals;7&period;975 ms&NewLine; 64 bytes from 192&period;168&period;200&period;254&colon; icmp&lowbar;seq&equals;2 ttl&equals;64 time&equals;17&period;023 ms&NewLine; &period;&period;&period;<&sol;code><&sol;pre>&NewLine;&NewLine;&NewLine;&NewLine;<p class&equals;"wp-block-paragraph">在這個拓樸中可以在sw2上分別作vlan100即vlan200的路由，但是每當有新的網段分割的時候都要到sw2增加路由，這樣會大量增加管理上的負擔，所以實務上通常會直接作成default route或是使用動態路由協定&lpar;ex：ospf&rpar;。<&sol;p>&NewLine;