Screen OS

last person joined: 8 months ago 

This is a legacy community with limited Juniper monitoring.

  • 1.  what are those command mean in SSG520 .

    Posted 09-05-2015 05:40

    I am a fresh of SSG520 ,just take over someone's job , i have some question about command of SSG520

    set vrouter trust-vr sharable
set vrouter "untrust-vr"
exit
set vrouter "trust-vr"
unset auto-route-export
exit



set vrouter "untrust-vr"
exit
set vrouter "trust-vr"
unset add-default-route
set route 10.1.152.0/24 interface ethernet0/2.1 gateway 10.3.25.9
set route 10.1.143.0/24 interface ethernet0/2.1 gateway 10.3.25.9
set route 10.2.196.0/24 interface ethernet0/2.3 gateway 10.3.25.25
set route 10.150.197.0/24 interface ethernet0/2.3 gateway 10.3.25.25
set route 10.150.194.0/24 interface ethernet0/2.3 gateway 10.3.25.25
set route 0.0.0.0/0 interface ethernet0/2.2 gateway 10.3.25.17
set route 10.150.202.0/24 interface ethernet0/2.3 gateway 10.3.25.25
set route 193.164.148.235/32 interface ethernet0/2.3 gateway 10.3.25.25
set route 10.150.198.0/24 interface ethernet0/2.3 gateway 10.3.25.25

exit
set vrouter "untrust-vr"
exit
set vrouter "trust-vr"
exit

    my questions are what does 

     

    unset add-default-route
    unset auto-route-export

    mean . and why there are three times ,set vrouter "trust-vr" why we don't put comand 

    unset auto-route-export ,

    unset add-default-route

    under the a  set vrouter "trust-vr"

     



  • 2.  RE: what are those command mean in SSG520 .
    Best Answer

     
    Posted 09-05-2015 05:55

    Hello,

     

    When you have two VRs, trust-vr & untrust-vr:

     

    1) command 'set auto-route-export under trust-vr will advertize all routes in trust-vr reachable via 'route' mode interfaces to untrust-vr. 'unset auto-route-export' will stop this & user has to manually export routes from trust-vr to untrust-vr based on network need.

     

    This command is only valid for export from trust-vr to other untrust-vr.

     

    2) 'set add-default-route vrouter <name>' in trust-vr installs a default-route in trust-vr pointing to specific vrouter.

    e.g. 'set add-default-route vrouter untrust-vr' will install default route in trust-vr pointing to untrust-vr.

    'unset add-default-route' command under trust-vr stops this default route addition.

     

    This command is valid for trust-vr.

     

    Do not worry about multiple appearances of command 'set vrouter untrust-vr' or 'set vrouter trust-vr' as it is only configured once but appears multiple time.

     

    Regards,

     

    Rushi



  • 3.  RE: what are those command mean in SSG520 .

    Posted 09-05-2015 09:34

    thank you for your help