Logical Systems – www.dachev.info

Logical Systems with ACX1100 router

Known or unknown fact is ACX1100 router support junos logical systems, however they cannot use logical-tunnel interfaces!. The easiest way to use logical systems with acx1100 is to assign physical interfaces per logical system and connect those interfaces with lan cables.

To create a logical system in junos is a simple task:

Design logical system topology.
Create system login class system login class per logical system.
Create system user and connect it to logical system via login class
Configure logical system/s .

As general all configuration per logical system are done with:

set logical-systems LOGICAL_SYSTEM_NAME CONFIGURATION

or directly via logical system cli, however some configuration like interface media-type can be done only via acx1100 cli

Configure logical systems

note: all passwords are set to: "1q2w3e"

ACX1100

# switch combo interfaces to copper
set interfaces ge-0/1/0 media-type copper
set interfaces ge-0/1/1 media-type copper
set interfaces ge-0/1/2 media-type copper

# configure interfaces
set interfaces ge-0/1/0 unit 0 description lrc-ge-0/1/1
set interfaces ge-0/1/0 unit 0 family inet address 10.0.0.1/30
set interfaces lo0 unit 0 family inet address 100.0.1.1/32

LCR

# create login class for lrc
set system login class lrc logical-system lrc
set system login class lrc permissions all

# create lrc user for ssh access
set system login user lrc class lrc
set system login user lrc authentication encrypted-password "$6$InAquAUa$UxnSAT9c1G476uTROWHZH25vz9yuqvFoSAvWKkOPVWZhzOf/o5uCR2uY4mWex3CKQbxwYRbpzkHBEq6L4mk8y."

# configure lrc interfaces
set logical-systems lrc interfaces ge-0/0/5 unit 0 description lr1-ge-0/0/1
set logical-systems lrc interfaces ge-0/0/5 unit 0 family inet address 10.0.1.2/30
set logical-systems lrc interfaces ge-0/0/6 unit 0 description lr2-ge-0/0/2
set logical-systems lrc interfaces ge-0/0/6 unit 0 family inet address 10.0.2.2/30
set logical-systems lrc interfaces ge-0/0/7 unit 0 description lr3-ge-0/0/3
set logical-systems lrc interfaces ge-0/0/7 unit 0 family inet address 10.0.3.2/30
set logical-systems lrc interfaces ge-0/1/1 unit 0 description acx-ge-0/1/0
set logical-systems lrc interfaces ge-0/1/1 unit 0 family inet address 10.0.0.2/30
set logical-systems lrc interfaces lo0 unit 123 family inet address 100.1.2.3/32

LR1

# create login class for lr1
set system login class lr1 logical-system lr1
set system login class lr1 permissions all

# create lr1 user for ssh access
set system login user lr1 class lr1
set system login user lr1 authentication encrypted-password "$6$X8FfXB.u$ygojhfj.X6pEjOzQJ4.WVg9PckYHQrREUqyxDvrXrFbpSSVsp0dDgk4bjGG8UCJkLyDUPqChpMvE.V8hkkF4X1"

# configure lr1 interfaces
set logical-systems lr1 interfaces ge-0/0/1 unit 0 description lrc-ge-0/0/5
set logical-systems lr1 interfaces ge-0/0/1 unit 0 family inet address 10.0.1.1/30
set logical-systems lr1 interfaces lo0 unit 1 family inet address 100.1.1.1/32

LR2

# create login class for lr2
set system login class lr2 logical-system lr2
set system login class lr2 permissions all

# create lr2 user for ssh access
set system login user lr2 class lr2
set system login user lr2 authentication encrypted-password "$6$xBWmGCiz$UKy0NMZxOAoedM1V9Hw1G88zhE4QGLfB1KLkOOnZxsZqRAXqsxoX5bxh//N1eKHdF2LAyN9NxyDTLWJs6CGCC."

# configure lr2 interfaces
set logical-systems lr2 interfaces ge-0/0/2 unit 0 description lrc-ge-0/0/6
set logical-systems lr2 interfaces ge-0/0/2 unit 0 family inet address 10.0.2.1/30
set logical-systems lr2 interfaces lo0 unit 2 family inet address 100.2.2.2/32

LR3

# create login class for lr3
set system login class lr3 logical-system lr3
set system login class lr3 permissions all

# create lr3 user for ssh access
set system login user lr3 class lr3
set system login user lr3 authentication encrypted-password "$6$Ek5ihlUw$BSs4L9b8ymDjSLdMEMEiPJTcu0K5IEB1mJvHBATayaKSnVgQZ0K0NkcX3jfuths4J8tNtTjDTf7.vJu/zpPPP/"

# configure lr3 interfaces
set logical-systems lr3 interfaces ge-0/0/3 unit 0 description lrc-ge-0/0/7
set logical-systems lr3 interfaces ge-0/0/3 unit 0 family inet address 10.0.3.1/30
set logical-systems lr3 interfaces ge-0/0/4 unit 0 description lrc-arm64-frr-dhcp
set logical-systems lr3 interfaces ge-0/0/4 unit 0 family inet address 10.0.4.1/30
set logical-systems lr3 interfaces lo0 unit 3 family inet address 100.3.3.3/32

Validation

We have two options for validation, via acx1100 cli and via ssh login with logical system user.

cli: testing lr3 logical system, however same apply to all others

root@acx1100> set cli logical-system lr3    
Logical system: lr3

root@acx1100:lr3> show interfaces terse         
Interface               Admin Link Proto    Local                 Remote
ge-0/0/3               
ge-0/0/3.0              up    up   inet     10.0.3.1/30     
                                   multiservice
ge-0/0/4               
ge-0/0/4.0              up    down inet     10.0.4.1/30     
                                   multiservice
lo0                    
lo0.3                   up    up   inet     100.3.3.3           --> 0/0

root@acx1100:lr3> show configuration            
interfaces {
    ge-0/0/3 {
        unit 0 {
            description lrc-ge-0/0/7;
            family inet {
                address 10.0.3.1/30;
            }
        }
    }
    ge-0/0/4 {
        unit 0 {
            description lrc-arm64-frr-dhcp;
            family inet {
                address 10.0.4.1/30;
            }
        }
    }
    lo0 {
        unit 3 {
            family inet {
                address 100.3.3.3/32;
            }
        }
    }
}

root@acx1100:lr3> ping count 3 10.0.3.2         
PING 10.0.3.2 (10.0.3.2): 56 data bytes
64 bytes from 10.0.3.2: icmp_seq=0 ttl=64 time=0.988 ms
64 bytes from 10.0.3.2: icmp_seq=1 ttl=64 time=0.912 ms
64 bytes from 10.0.3.2: icmp_seq=2 ttl=64 time=1.049 ms

--- 10.0.3.2 ping statistics ---
3 packets transmitted, 3 packets received, 0% packet loss
round-trip min/avg/max/stddev = 0.912/0.983/1.049/0.056 ms

root@acx1100:lr3> clear cli logical-system      
Cleared default logical system

root@acx1100>

ssh: testing lrc logical system, however same apply to all others.

note: ssh to same acx1100 ip address with different user will login in different logical system, root will login to acx1100

:~> ssh [email protected]
([email protected]) Password:
Last login: Sat May 27 14:16:26 2023 from 172.20.2.137
--- JUNOS 21.2R3.8 built 2022-03-10 06:51:50 UTC
root@acx1100% cli
root@acx1100> exit 

root@acx1100% exit
logout
Shared connection to 172.20.13.1 closed.

:~> ssh [email protected]
([email protected]) Password:
Last login: Sat May 27 13:54:18 2023 from 172.20.2.137
--- JUNOS 21.2R3.8 built 2022-03-10 06:51:50 UTC
lrc@acx1100:lrc> 

lrc@acx1100:lrc> show interfaces terse 
Interface               Admin Link Proto    Local                 Remote
ge-0/0/5               
ge-0/0/5.0              up    up   inet     10.0.1.2/30     
                                   multiservice
ge-0/0/6               
ge-0/0/6.0              up    up   inet     10.0.2.2/30     
                                   multiservice
ge-0/0/7               
ge-0/0/7.0              up    up   inet     10.0.3.2/30     
                                   multiservice
ge-0/1/1               
ge-0/1/1.0              up    up   inet     10.0.0.2/30     
                                   multiservice
lo0                    
lo0.123                 up    up   inet     100.1.2.3           --> 0/0

lrc@acx1100:lrc> show configuration 
interfaces {
    ge-0/0/5 {
        unit 0 {
            description lr1-ge-0/0/1;
            family inet {
                address 10.0.1.2/30;
            }
        }
    }
    ge-0/0/6 {
        unit 0 {
            description lr2-ge-0/0/2;
            family inet {
                address 10.0.2.2/30;
            }
        }
    }
    ge-0/0/7 {
        unit 0 {
            description lr3-ge-0/0/3;
            family inet {
                address 10.0.3.2/30;
            }
        }
    }
    ge-0/1/1 {
        unit 0 {
            description acx-ge-0/1/0;
            family inet {
                address 10.0.0.2/30;
            }
        }
    }
    lo0 {
        unit 123 {
            family inet {
                address 100.1.2.3/32;
            }
        }
    }
}

lrc@acx1100:lrc> ping count 3 10.0.0.1 
PING 10.0.0.1 (10.0.0.1): 56 data bytes
64 bytes from 10.0.0.1: icmp_seq=0 ttl=64 time=0.948 ms
64 bytes from 10.0.0.1: icmp_seq=1 ttl=64 time=0.928 ms
64 bytes from 10.0.0.1: icmp_seq=2 ttl=64 time=0.990 ms

--- 10.0.0.1 ping statistics ---
3 packets transmitted, 3 packets received, 0% packet loss
round-trip min/avg/max/stddev = 0.928/0.955/0.990/0.026 ms

lrc@acx1100:lrc> ping count 3 10.0.2.1    
PING 10.0.2.1 (10.0.2.1): 56 data bytes
64 bytes from 10.0.2.1: icmp_seq=0 ttl=64 time=0.951 ms
64 bytes from 10.0.2.1: icmp_seq=1 ttl=64 time=0.945 ms
64 bytes from 10.0.2.1: icmp_seq=2 ttl=64 time=1.002 ms

--- 10.0.2.1 ping statistics ---
3 packets transmitted, 3 packets received, 0% packet loss
round-trip min/avg/max/stddev = 0.945/0.966/1.002/0.026 ms

lrc@acx1100:lrc> exit 

Shared connection to 172.20.13.1 closed.

Logical Systems with ACX1100 router

Configure logical systems

Validation

Вашият коментар Отказ