Changes

Jump to: navigation, search

Router - Juniper SRX

4,063 bytes added, 00:03, 15 March 2017
m
clean up
|ZyXEL P660R in bridge mode
|[[User:Nhumfrey|Nhumfrey]]
|✗
|✗
|✗ PADI sent but no PADO response
|-
|[http://www.juniper.net/uk/en/products-services/security/srx-series/srx100/ SRX100B]
|BT Provided Huawei HG612 [[FTTC Modem]]
|[[User:Nhumfrey|Nhumfrey]]
|✗
|✗
|✓ Working 2015-01-13
|-
|[http://www.juniper.net/uk/en/products-services/security/srx-series/srx100/ SRX100B]
|BT Provided Huawei HG612 [[FTTC Modem]]
|[[User:Nhumfrey|Nhumfrey]]
|✓
|✓
|✓ Working 2015-03-22
|-
|[http://www.juniper.net/uk/en/products-services/security/srx-series/srx210/ SRX210H]
|Vigor 130 modem
|
|✓
|✓
|✓ Working 2015-09-20
|-
|[http://www.juniper.net/uk/en/products-services/security/srx-series/srx110/ SRX110H-VA]
|12.1X46-D40.2
|Internal VDSL2/ADSL-POTS
|
|✓
|✓ Working 2016-02-19
|-
|}
 
7. Finally, if you want to be able to ping hosts on your internal network, then see the '''ping6-to-trust''' policy in the example config below.
 
 
Note that the first time you enable IPv6 based routing (the '''security forwarding-options'''), you will have to reboot the router.
 
 
 
== Dual-stack Example Config ==
* Pinging (ICMPv6) from untrusted to trusted hosts is enabled
 
<pre>
 
<source>
## Last changed: 2015-03-29 17:42:36 BST
version 12.1X46-D30.2;
}
}
</sourcepre>
 
== Native IPv6 dual stack SRX110H-VA configuration ==
 
The following is an example of a Juniper SRX110H-VA native IPv6 configuration using the inbuilt modem for VDSL connectivity, PPPoE, DHCPv6, & IPv4.
 
'''Please note:'''
 
* You must use Junos version 12.1X46-D10.2 or greater for DHCPv6 support. (The example configuration used 12.1X46-D40.2)
* IPv6 routing is controlled via the https://control.aa.net.uk/ pages. This example only shows one /64 address. You can route multiple /64 address spaces, and I assume you can probably route the entire /48 you have been designated
* WAN address for IPv4 is auto-negotiated
* IPv4 does not include NAT configuration which in this example will be required for WAN connectivity
<pre>
interfaces {
fe-0/0/0 {
unit 0 {
family inet {
mtu 1492;
address 10.X.X.X/8;
}
family inet6 {
address 2001:8b0:X:X::1/64;
}
}
}
}
pt-1/0/0 {
vlan-tagging;
vdsl-options {
vdsl-profile auto;
}
unit 0 {
encapsulation ppp-over-ether;
vlan-id 101;
}
}
pp0 {
traceoptions {
flag all;
}
unit 0 {
ppp-options {
chap {
default-chap-secret "PASSWORD"; ## SECRET-DATA
local-name "USERNAME";
passive;
}
}
pppoe-options {
underlying-interface pt-1/0/0.0;
client;
}
family inet {
negotiate-address;
}
family inet6 {
dhcpv6-client {
client-type statefull;
client-ia-type ia-pd;
rapid-commit;
client-identifier duid-type duid-ll;
req-option domain;
req-option dns-server;
}
}
}
}
}
routing-options {
rib inet6.0 {
static {
route ::/0 next-hop pp0.0;
route 2001:8b0:X::/48 next-hop 2001:8b0:X:X::X;
}
}
}
protocols {
router-advertisement {
interface fe-0/0/0.0 {
prefix 2001:8b0:X:X::/64;
}
}
}
security {
forwarding-options {
family {
inet6 {
mode flow-based;
}
}
}
zones {
security-zone untrust {
screen untrust-screen;
interfaces {
pt-1/0/0.0 {
host-inbound-traffic {
system-services {
dhcpv6;
}
}
}
pp0.0 {
host-inbound-traffic {
system-services {
dhcpv6;
ping;
}
}
}
}
}
}
</pre>
 
To check DHCPv6 binding from operational mode run the command
 
<pre>show dhcpv6 client binding detail</pre>
 
Output:
<pre>
Client Interface: pp0.0
Hardware Address: 54:e0:32:d2:39:20
State: BOUND(DHCPV6_CLIENT_STATE_BOUND)
ClientType: STATEFUL
Lease Expires: 2016-02-19 13:27:25 GMT
Lease Expires in: 1839 seconds
Lease Start: 2016-02-19 12:27:25 GMT
Bind Type: IA_PD
Client DUID: LL0x29-54:e0:32:d2:39:20
Rapid Commit: On
Server Ip Address: ::
Client IP Prefix: 2001:8b0:X:X::/64
 
DHCP options:
Name: server-identifier, Value: LL0x1-00:03:97:16:80:00
Name: dns-recursive-server, Value: 2001:8b0::2020,2001:8b0::2021
 
</pre>
 
== Higher MTU values ==
530
edits

Navigation menu