Router - Juniper SRX: Difference between revisions
Content deleted Content added
m clean up |
|||
| (3 intermediate revisions by 3 users not shown) | |||
| Line 16: | Line 16: | ||
|ZyXEL P660R in bridge mode |
|ZyXEL P660R in bridge mode |
||
|[[User:Nhumfrey|Nhumfrey]] |
|[[User:Nhumfrey|Nhumfrey]] |
||
|✗ |
|||
|✗ |
|||
| |
|✗ PADI sent but no PADO response |
||
|- |
|- |
||
|[http://www.juniper.net/uk/en/products-services/security/srx-series/srx100/ SRX100B] |
|[http://www.juniper.net/uk/en/products-services/security/srx-series/srx100/ SRX100B] |
||
| Line 23: | Line 23: | ||
|BT Provided Huawei HG612 [[FTTC Modem]] |
|BT Provided Huawei HG612 [[FTTC Modem]] |
||
|[[User:Nhumfrey|Nhumfrey]] |
|[[User:Nhumfrey|Nhumfrey]] |
||
|✗ |
|||
|✗ |
|||
| |
|✓ Working 2015-01-13 |
||
|- |
|- |
||
|[http://www.juniper.net/uk/en/products-services/security/srx-series/srx100/ SRX100B] |
|[http://www.juniper.net/uk/en/products-services/security/srx-series/srx100/ SRX100B] |
||
| Line 30: | Line 30: | ||
|BT Provided Huawei HG612 [[FTTC Modem]] |
|BT Provided Huawei HG612 [[FTTC Modem]] |
||
|[[User:Nhumfrey|Nhumfrey]] |
|[[User:Nhumfrey|Nhumfrey]] |
||
|✓ |
|||
|✓ |
|||
| |
|✓ Working 2015-03-22 |
||
|- |
|- |
||
|[http://www.juniper.net/uk/en/products-services/security/srx-series/srx210/ SRX210H] |
|||
|SRX 210H |
|||
|12.1X46-D35.1 |
|12.1X46-D35.1 |
||
|Vigor 130 modem |
|Vigor 130 modem |
||
| |
| |
||
|✓ |
|||
|✓ |
|||
| |
|✓ Working 2015-09-20 |
||
|- |
|||
|[http://www.juniper.net/uk/en/products-services/security/srx-series/srx110/ SRX110H-VA] |
|||
|12.1X46-D40.2 |
|||
|Internal VDSL2/ADSL-POTS |
|||
| |
|||
|✓ |
|||
|✓ Working 2016-02-19 |
|||
|- |
|- |
||
|} |
|} |
||
| Line 71: | Line 78: | ||
7. Finally, if you want to be able to ping hosts on your internal network, then see the '''ping6-to-trust''' policy in the example config below. |
7. Finally, if you want to be able to ping hosts on your internal network, then see the '''ping6-to-trust''' policy in the example config below. |
||
Note that the first time you enable IPv6 based routing (the '''security forwarding-options'''), you will have to reboot the router. |
Note that the first time you enable IPv6 based routing (the '''security forwarding-options'''), you will have to reboot the router. |
||
== Dual-stack Example Config == |
== Dual-stack Example Config == |
||
| Line 84: | Line 88: | ||
* Pinging (ICMPv6) from untrusted to trusted hosts is enabled |
* Pinging (ICMPv6) from untrusted to trusted hosts is enabled |
||
<pre> |
|||
<source> |
|||
## Last changed: 2015-03-29 17:42:36 BST |
## Last changed: 2015-03-29 17:42:36 BST |
||
version 12.1X46-D30.2; |
version 12.1X46-D30.2; |
||
| Line 354: | Line 357: | ||
} |
} |
||
} |
} |
||
</ |
</pre> |
||
== Native IPv6 dual stack SRX110H-VA configuration == |
|||
The following is an example of a Juniper SRX110H-VA native IPv6 configuration using the inbuilt modem for VDSL connectivity, PPPoE, DHCPv6, & IPv4. |
|||
'''Please note:''' |
|||
* You must use Junos version 12.1X46-D10.2 or greater for DHCPv6 support. (The example configuration used 12.1X46-D40.2) |
|||
* IPv6 routing is controlled via the https://control.aa.net.uk/ pages. This example only shows one /64 address. You can route multiple /64 address spaces, and I assume you can probably route the entire /48 you have been designated |
|||
* WAN address for IPv4 is auto-negotiated |
|||
* IPv4 does not include NAT configuration which in this example will be required for WAN connectivity |
|||
<pre> |
|||
interfaces { |
|||
fe-0/0/0 { |
|||
unit 0 { |
|||
family inet { |
|||
mtu 1492; |
|||
address 10.X.X.X/8; |
|||
} |
|||
family inet6 { |
|||
address 2001:8b0:X:X::1/64; |
|||
} |
|||
} |
|||
} |
|||
} |
|||
pt-1/0/0 { |
|||
vlan-tagging; |
|||
vdsl-options { |
|||
vdsl-profile auto; |
|||
} |
|||
unit 0 { |
|||
encapsulation ppp-over-ether; |
|||
vlan-id 101; |
|||
} |
|||
} |
|||
pp0 { |
|||
traceoptions { |
|||
flag all; |
|||
} |
|||
unit 0 { |
|||
ppp-options { |
|||
chap { |
|||
default-chap-secret "PASSWORD"; ## SECRET-DATA |
|||
local-name "USERNAME"; |
|||
passive; |
|||
} |
|||
} |
|||
pppoe-options { |
|||
underlying-interface pt-1/0/0.0; |
|||
client; |
|||
} |
|||
family inet { |
|||
negotiate-address; |
|||
} |
|||
family inet6 { |
|||
dhcpv6-client { |
|||
client-type statefull; |
|||
client-ia-type ia-pd; |
|||
rapid-commit; |
|||
client-identifier duid-type duid-ll; |
|||
req-option domain; |
|||
req-option dns-server; |
|||
} |
|||
} |
|||
} |
|||
} |
|||
} |
|||
routing-options { |
|||
rib inet6.0 { |
|||
static { |
|||
route ::/0 next-hop pp0.0; |
|||
route 2001:8b0:X::/48 next-hop 2001:8b0:X:X::X; |
|||
} |
|||
} |
|||
} |
|||
protocols { |
|||
router-advertisement { |
|||
interface fe-0/0/0.0 { |
|||
prefix 2001:8b0:X:X::/64; |
|||
} |
|||
} |
|||
} |
|||
security { |
|||
forwarding-options { |
|||
family { |
|||
inet6 { |
|||
mode flow-based; |
|||
} |
|||
} |
|||
} |
|||
zones { |
|||
security-zone untrust { |
|||
screen untrust-screen; |
|||
interfaces { |
|||
pt-1/0/0.0 { |
|||
host-inbound-traffic { |
|||
system-services { |
|||
dhcpv6; |
|||
} |
|||
} |
|||
} |
|||
pp0.0 { |
|||
host-inbound-traffic { |
|||
system-services { |
|||
dhcpv6; |
|||
ping; |
|||
} |
|||
} |
|||
} |
|||
} |
|||
} |
|||
} |
|||
</pre> |
|||
To check DHCPv6 binding from operational mode run the command |
|||
<pre>show dhcpv6 client binding detail</pre> |
|||
Output: |
|||
<pre> |
|||
Client Interface: pp0.0 |
|||
Hardware Address: 54:e0:32:d2:39:20 |
|||
State: BOUND(DHCPV6_CLIENT_STATE_BOUND) |
|||
ClientType: STATEFUL |
|||
Lease Expires: 2016-02-19 13:27:25 GMT |
|||
Lease Expires in: 1839 seconds |
|||
Lease Start: 2016-02-19 12:27:25 GMT |
|||
Bind Type: IA_PD |
|||
Client DUID: LL0x29-54:e0:32:d2:39:20 |
|||
Rapid Commit: On |
|||
Server Ip Address: :: |
|||
Client IP Prefix: 2001:8b0:X:X::/64 |
|||
DHCP options: |
|||
Name: server-identifier, Value: LL0x1-00:03:97:16:80:00 |
|||
Name: dns-recursive-server, Value: 2001:8b0::2020,2001:8b0::2021 |
|||
</pre> |
|||
== Higher MTU values == |
== Higher MTU values == |
||