Initial Configuration:
- Cisco
! Configure device host name hostname Cisco ! !DHCP Server Configuration ip dhcp pool LAN network 192.168.0.0 255.255.255.0 default-router 192.168.0.254 dns-server 8.8.8.8 domain-name bsnetworking.local lease 2 ! ! Configure interface ipv4 addresses, descriptions and enable nat interface Ethernet0/0 description Lan Connection ip address 192.168.0.254 255.255.255.0 ip nat inside no shutdown ! interface Ethernet0/1 description Juniper COnnection ip address 10.0.0.1 255.255.255.252 ip nat inside no shutdown ! interface Ethernet0/2 description Mikrotik COnnection ip address 10.0.0.5 255.255.255.252 ip nat inside no shutdown ! interface Ethernet0/3 description Internet Connection ip address dhcp ip nat outside no shutdown ! ! NAT rule ip nat inside source list NAT interface Ethernet0/3 overload ! ! Default route to my network gateway ip route 0.0.0.0 0.0.0.0 172.16.210.254 ! ! NAT ACL ip access-list standard NAT permit 192.168.0.0 0.0.3.255!Save Configs Cisco#write memory Building configuration... [OK!Test Internet Connectivity Cisco#ping www.google.com Translating "www.google.com"...domain server (172.16.208.66) [OK] Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 74.125.206.105, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 39/43/49 m
- Juniper
root# cli root@> configure [edit] root@# ! Configure root password [edit] root@# set system root-authentication plain-text-password New password: Juniper Retype new password: Juniper ! Configure admin user and password [edit] root@# set system login user admin class super-user authentication plain-text-password New password: Juniper Retype new password: Juniper ! Configure device host name [edit] admin@# set system host-name SRX ! Save and make changes effective [edit] root@# commit commit complete ! Delete default interface configuration and security policies [edit] admin@SRX# delete interfaces ge-0/0/0 admin@SRX# delete interfaces ge-0/0/1 admin@SRX# delete security ! Configure interface ipv4 addresses admin@SRX# set interfaces ge-0/0/0 unit 0 family inet address 192.168.1.254/24 admin@SRX# set interfaces ge-0/0/1 unit 0 family inet address 10.0.0.2/30 admin@SRX# set interfaces ge-0/0/3 unit 0 family inet address 10.0.0.9/30 ! Configure interface comments admin@SRX# edit interfaces [edit interfaces] admin@SRX# annotate ge-0/0/0 "Local Connection" admin@SRX# annotate ge-0/0/1 "Cisco Connection" admin@SRX# annotate ge-0/0/3 "MikroTik Connection" admin@SRX# up !Configure DHCP service [edit] admin@SRX# set system services dhcp pool 192.168.1.0/24 address-range low 192.168.1.1 high 192.168.1.250 admin@SRX# set system services dhcp pool 192.168.1.0/24 default-lease-time 172800 admin@SRX# set system services dhcp pool 192.168.1.0/24 domain-search bsnetworkin.local admin@SRX# set system services dhcp pool 192.168.1.0/24 name-server 8.8.8.8 admin@SRX# set system services dhcp pool 192.168.1.0/24 router 192.168.1.254 ! Since the SRX in a firewall we will nede to configure the security policy to allow traffic ! Start by setting the security zones [edit] admin@SRX# set security zones security-zone trust interfaces ge-0/0/0 admin@SRX# set security zones security-zone untrust interfaces ge-0/0/1 admin@SRX# set security zones security-zone untrust interfaces ge-0/0/3 ! Then allow traffic - all from trusted, ping and ospf on the untrusted [edit] admin@SRX# set security policies from-zone trust to-zone untrust policy ALLOW-ALL match source-address any destination-address any application any admin@SRX# set security policies from-zone trust to-zone untrust policy ALLOW-ALL then permit admin@SRX# set security zones security-zone trust interfaces ge-0/0/0 host-inbound-traffic system-services ping admin@SRX# set security zones security-zone trust interfaces ge-0/0/0 host-inbound-traffic system-services dhcp admin@SRX# set security zones security-zone untrust interfaces ge-0/0/1 host-inbound-traffic system-services ping admin@SRX# set security zones security-zone untrust interfaces ge-0/0/3 host-inbound-traffic system-services ping admin@SRX# set security zones security-zone untrust interfaces ge-0/0/1 host-inbound-traffic protocols ospf admin@SRX# set security zones security-zone untrust interfaces ge-0/0/3 host-inbound-traffic protocols ospf [edit] root@# commit commit complete
- Mikrotik
login: admin assword: password: MMM MMM KKK TTTTTTTTTTT KKK MMMM MMMM KKK TTTTTTTTTTT KKK MMM MMMM MMM III KKK KKK RRRRRR OOOOOO TTT III KKK KKK MMM MM MMM III KKKKK RRR RRR OOO OOO TTT III KKKKK MMM MMM III KKK KKK RRRRRR OOO OOO TTT III KKK KKK MMM MMM III KKK KKK RRR RRR OOOOOO TTT III KKK KKK MikroTik RouterOS 6.37.3 (c) 1999-2016 http://www.mikrotik.com/ [?] Gives the list of available commands command [?] Gives help on the command and list of arguments [Tab] Completes the command/word. If the input is ambiguous, a second [Tab] gives possible options / Move up to base level .. Move up one level /command Use command at the base level ! Configure interfaces [admin@MikroTik] > ip address add address=192.168.2.254/24 interface=ether1 [admin@MikroTik] > ip address add address=10.0.0.6/30 interface=ether3 [admin@MikroTik] > ip address add address=10.0.0.10/30 interface=ether4 ! Configure DHCP Server [admin@MikroTik] > ip dhcp-server setup Select interface to run DHCP server on dhcp server interface: ether1 Select network for DHCP addresses dhcp address space: 192.168.2.0/24 Select gateway for given network gateway for dhcp network: 192.168.2.254 Select pool of ip addresses given out by DHCP server addresses to give out: 192.168.2.1-192.168.2.250 Select DNS servers dns servers: 8.8.8.8 Select lease time lease time: 7200m [admin@MikroTik] >
OSPF Configuration:
- Cisco
router ospf 1 router-id 1.1.1.1 passive-interface default no passive-interface Ethernet0/1 no passive-interface Ethernet0/2 network 10.0.0.1 0.0.0.0 area 0 network 10.0.0.5 0.0.0.0 area 0 network 192.168.0.254 0.0.0.0 area 51 default-information originate
- Juniper
[edit] admin@SRX# set protocols ospf area 0.0.0.0 interface ge-0/0/1 admin@SRX# set protocols ospf area 0.0.0.0 interface ge-0/0/3 admin@SRX# set protocols ospf area 0.0.0.1 interface ge-0/0/0 admin@SRX# set routing-options router-id 2.2.2.2 admin@SRX# set protocols ospf area 0.0.0.1 interface ge-0/0/0 passive [edit] root@# commit
- MikroTik
[admin@MikroTik] > routing ospf instance set 0 router-id=3.3.3.3 [admin@MikroTik] > routing ospf network add network=10.0.0.4/30 area=backbone [admin@MikroTik] > routing ospf network add network=10.0.0.8/30 area=backbone [admin@MikroTik] > routing ospf area add name=area2 area-id=0.0.0.2 [admin@MikroTik] > routing ospf network add network=192.168.2.0/24 area=area2
OSPF Verification:
- Cisco
Cisco# show ip route Gateway of last resort is 172.16.210.254 to network 0.0.0.0 S* 0.0.0.0/0 [1/0] via 172.16.210.254 10.0.0.0/8 is variably subnetted, 5 subnets, 2 masks C 10.0.0.0/30 is directly connected, Ethernet0/1 L 10.0.0.1/32 is directly connected, Ethernet0/1 C 10.0.0.4/30 is directly connected, Ethernet0/2 L 10.0.0.5/32 is directly connected, Ethernet0/2 O 10.0.0.8/30 [110/11] via 10.0.0.2, 01:32:56, Ethernet0/1 172.16.0.0/16 is variably subnetted, 3 subnets, 2 masks S 172.16.208.66/32 [254/0] via 172.16.210.254, Ethernet0/3 C 172.16.210.0/24 is directly connected, Ethernet0/3 L 172.16.210.10/32 is directly connected, Ethernet0/3 192.168.0.0/24 is variably subnetted, 2 subnets, 2 masks C 192.168.0.0/24 is directly connected, Ethernet0/0 L 192.168.0.254/32 is directly connected, Ethernet0/0 O IA 192.168.1.0/24 [110/11] via 10.0.0.2, 01:32:56, Ethernet0/1 O IA 192.168.2.0/24 [110/20] via 10.0.0.6, 00:08:16, Ethernet0/2
- Juniper
admin@SRX> show route inet.0: 11 destinations, 11 routes (11 active, 0 holddown, 0 hidden) + = Active Route, - = Last Active, * = Both 0.0.0.0/0 *[OSPF/150] 01:33:11, metric 1, tag 1 > to 10.0.0.1 via ge-0/0/1.0 10.0.0.0/30 *[Direct/0] 02:19:25 > via ge-0/0/1.0 10.0.0.2/32 *[Local/0] 02:19:25 Local via ge-0/0/1.0 10.0.0.4/30 *[OSPF/10] 00:13:21, metric 11 to 10.0.0.1 via ge-0/0/1.0 > to 10.0.0.10 via ge-0/0/3.0 10.0.0.8/30 *[Direct/0] 02:00:45 > via ge-0/0/3.0 10.0.0.9/32 *[Local/0] 02:00:45 Local via ge-0/0/3.0 192.168.0.0/24 *[OSPF/10] 01:35:51, metric 11 > to 10.0.0.1 via ge-0/0/1.0 192.168.1.0/24 *[Direct/0] 02:19:25 > via ge-0/0/0.0 192.168.1.254/32 *[Local/0] 02:19:25 Local via ge-0/0/0.0 192.168.2.0/24 *[OSPF/10] 00:11:20, metric 11 > to 10.0.0.10 via ge-0/0/3.0 224.0.0.5/32 *[OSPF/10] 02:00:46, metric 1 MultiRecv
- MikroTik
[admin@MikroTik] > ip route print Flags: X - disabled, A - active, D - dynamic, C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme, B - blackhole, U - unreachable, P - prohibit # DST-ADDRESS PREF-SRC GATEWAY DISTANCE 0 ADo 0.0.0.0/0 10.0.0.5 110 1 ADo 10.0.0.0/30 10.0.0.9 110 2 ADC 10.0.0.4/30 10.0.0.6 ether3 0 3 ADC 10.0.0.8/30 10.0.0.10 ether4 0 4 ADo 192.168.0.0/24 10.0.0.5 110 5 ADo 192.168.1.0/24 10.0.0.9 110 6 ADC 192.168.2.0/24 192.168.2.254 ether1 0
VPCS Configuration and connectivy test
! VPCS connected to the Juniper VPCS> show ip NAME : VPCS[1] IP/MASK : 0.0.0.0/0 GATEWAY : 0.0.0.0 DNS : MAC : 00:50:79:66:68:04 LPORT : 20000 RHOST:PORT : 127.0.0.1:30000 MTU : 1500 VPCS> ip dhcp DORA IP 192.168.1.1/24 GW 192.168.1.254 VPCS> sh ip NAME : VPCS[1] IP/MASK : 192.168.1.1/24 GATEWAY : 192.168.1.254 DNS : 8.8.8.8 DHCP SERVER : 192.168.1.254 DHCP LEASE : 165932, 172800/86400/151200 MAC : 00:50:79:66:68:06 LPORT : 20000 RHOST:PORT : 127.0.0.1:30000 MTU : 1500 VPCS> ping 8.8.8.8 84 bytes from 8.8.8.8 icmp_seq=1 ttl=43 time=40.357 ms 84 bytes from 8.8.8.8 icmp_seq=2 ttl=43 time=37.800 ms ^C VPCS> ping www.google.com www.google.com resolved to 216.58.210.132 84 bytes from 216.58.210.132 icmp_seq=1 ttl=50 time=19.273 ms 84 bytes from 216.58.210.132 icmp_seq=2 ttl=50 time=24.082 ms 84 bytes from 216.58.210.132 icmp_seq=3 ttl=50 time=24.190 ms ^C VPCS> ping 192.168.1.1 192.168.1.1 icmp_seq=1 ttl=64 time=0.001 ms 192.168.1.1 icmp_seq=2 ttl=64 time=0.001 ms 192.168.1.1 icmp_seq=3 ttl=64 time=0.001 ms 192.168.1.1 icmp_seq=4 ttl=64 time=0.001 ms 192.168.1.1 icmp_seq=5 ttl=64 time=0.001 ms VPCS> ping 192.168.2.250 84 bytes from 192.168.2.250 icmp_seq=1 ttl=62 time=10.254 ms 84 bytes from 192.168.2.250 icmp_seq=2 ttl=62 time=5.118 ms 84 bytes from 192.168.2.250 icmp_seq=3 ttl=62 time=3.961 ms 84 bytes from 192.168.2.250 icmp_seq=4 ttl=62 time=4.818 ms 84 bytes from 192.168.2.250 icmp_seq=5 ttl=62 time=3.714 ms VPCS>
A special thanks to my follower @vitorhg20080int3 for pointing the location of the MiKroTik image.
It´’s all for now, see U in the next post.
Stay good.
Very useful!
Awesome configs running on multi vendor software with the same standard protocols, in this case ospf, showing that standards protocols are awesome!
I’m gonna try it!
LikeLiked by 1 person