Jump to: navigation, search

Router - Juniper SRX

1,900 bytes added, 18:36, 29 March 2015
Added steps for configuring IPv6 on an SRX
== Steps for Configuring IPv6 over PPPoE on an SRX router ==
There is very limited information on the internet on how to configure a Juniper SRX router use IPv6 over PPPoE, so I have written out these steps, which I have found to work. But there may be other/better ways to configure it. Where you see XXXX in the configuration, insert your own IPv6 subnet block, as allocated to you.
1. Add an IPv6 address for your router to the local loopback interface ('''lo0''')
<pre>set interfaces lo0 unit 0 family inet6 address 2001:8b0:XXXX::1/128</pre>
2. Enable IPv6 on the '''pp0''' interface. I did this by specifying a MTU value:
<pre>set interfaces pp0 unit 0 family inet6 mtu 1492</pre>
3. Add an IPv6 address to the LAN/trust interface. I match my IPv6 subnet number to my VLAN number, and give the router host address 1:
<pre>set interfaces vlan unit 3 family inet6 address 2001:8b0:XXXX:3::1/64</pre>
4. Set '''pp0''' to be the default next hop in the IPv6 routing table:
<pre>set routing-options rib inet6.0 static route 0::0/0 next-hop pp0.0</pre>
5. Enable forwarding/routing of IPv6 packets on the router. Flow based means it will use stateful firewall rules.
<pre>set security forwarding-options family inet6 mode flow-based</pre>
6. If you want machines on your internal subnet to automatically discover the IPv6 router, then enable Router Advertisements ('''RA'''). You could alternatively configure a DHCPv6 server or use static routing.
<pre>set protocols router-advertisement interface vlan.3 prefix 2001:8b0:XXXX:3::/64</pre>
7. Finally, if you want to be able to ping hosts on your internal network, then see the '''ping6-to-trust''' policy in the example config below.
Note that the first time you enable IPv6 based routing (the '''security forwarding-options'''), you will have to reboot the router.
== Dual-stack Example Config ==
* Trust VLAN on Ethernet Port 0-6
* PPPoE configured on Ethernet Port 7
* Pinging (ICMPv6) from untrusted to trusted hosts is enabled

Navigation menu