Jump to content

This is the support site for Andrews & Arnold Ltd, a UK Internet provider. Information on these pages is generally for our customers but may be useful to others, enjoy!

Router - Juniper SRX: Difference between revisions

← Older edit
Content deleted Content added
Nhumfrey (talk | contribs)
57 edits
Added Higher MTU values section
Reedy (talk | contribs)
editor
706 edits
m clean up
 
(4 intermediate revisions by 4 users not shown)
Line 16: Line 16:
|ZyXEL P660R in bridge mode
|ZyXEL P660R in bridge mode
|[[User:Nhumfrey|Nhumfrey]]
|[[User:Nhumfrey|Nhumfrey]]
|✗
|✗
|✗ PADI sent but no PADO response
| PADI sent but no PADO response
|-
|-
|[http://www.juniper.net/uk/en/products-services/security/srx-series/srx100/ SRX100B]
|[http://www.juniper.net/uk/en/products-services/security/srx-series/srx100/ SRX100B]
Line 23: Line 23:
|BT Provided Huawei HG612 [[FTTC Modem]]
|BT Provided Huawei HG612 [[FTTC Modem]]
|[[User:Nhumfrey|Nhumfrey]]
|[[User:Nhumfrey|Nhumfrey]]
|✗
|✗
|✓ Working 2015-01-13
| Working 2015-01-13
|-
|-
|[http://www.juniper.net/uk/en/products-services/security/srx-series/srx100/ SRX100B]
|[http://www.juniper.net/uk/en/products-services/security/srx-series/srx100/ SRX100B]
Line 30: Line 30:
|BT Provided Huawei HG612 [[FTTC Modem]]
|BT Provided Huawei HG612 [[FTTC Modem]]
|[[User:Nhumfrey|Nhumfrey]]
|[[User:Nhumfrey|Nhumfrey]]
|✓
|✓
|✓ Working 2015-03-22
| Working 2015-03-22
|-
|[http://www.juniper.net/uk/en/products-services/security/srx-series/srx210/ SRX210H]
|12.1X46-D35.1
|Vigor 130 modem
|
|✓
|✓ Working 2015-09-20
|-
|[http://www.juniper.net/uk/en/products-services/security/srx-series/srx110/ SRX110H-VA]
|12.1X46-D40.2
|Internal VDSL2/ADSL-POTS
|
|✓
|✓ Working 2016-02-19
|-
|-
|}
|}



== Steps for Configuring IPv6 over PPPoE on an SRX router ==
== Steps for Configuring IPv6 over PPPoE on an SRX router ==
Line 65: Line 78:


7. Finally, if you want to be able to ping hosts on your internal network, then see the '''ping6-to-trust''' policy in the example config below.
7. Finally, if you want to be able to ping hosts on your internal network, then see the '''ping6-to-trust''' policy in the example config below.



Note that the first time you enable IPv6 based routing (the '''security forwarding-options'''), you will have to reboot the router.
Note that the first time you enable IPv6 based routing (the '''security forwarding-options'''), you will have to reboot the router.




== Dual-stack Example Config ==
== Dual-stack Example Config ==
Line 78: Line 88:
* Pinging (ICMPv6) from untrusted to trusted hosts is enabled
* Pinging (ICMPv6) from untrusted to trusted hosts is enabled


<pre>

<source>
## Last changed: 2015-03-29 17:42:36 BST
## Last changed: 2015-03-29 17:42:36 BST
version 12.1X46-D30.2;
version 12.1X46-D30.2;
Line 348: Line 357:
}
}
}
}
</source>
</pre>

== Native IPv6 dual stack SRX110H-VA configuration ==

The following is an example of a Juniper SRX110H-VA native IPv6 configuration using the inbuilt modem for VDSL connectivity, PPPoE, DHCPv6, & IPv4.

'''Please note:'''

* You must use Junos version 12.1X46-D10.2 or greater for DHCPv6 support. (The example configuration used 12.1X46-D40.2)
* IPv6 routing is controlled via the https://control.aa.net.uk/ pages. This example only shows one /64 address. You can route multiple /64 address spaces, and I assume you can probably route the entire /48 you have been designated
* WAN address for IPv4 is auto-negotiated
* IPv4 does not include NAT configuration which in this example will be required for WAN connectivity
<pre>
interfaces {
fe-0/0/0 {
unit 0 {
family inet {
mtu 1492;
address 10.X.X.X/8;
}
family inet6 {
address 2001:8b0:X:X::1/64;
}
}
}
}
pt-1/0/0 {
vlan-tagging;
vdsl-options {
vdsl-profile auto;
}
unit 0 {
encapsulation ppp-over-ether;
vlan-id 101;
}
}
pp0 {
traceoptions {
flag all;
}
unit 0 {
ppp-options {
chap {
default-chap-secret "PASSWORD"; ## SECRET-DATA
local-name "USERNAME";
passive;
}
}
pppoe-options {
underlying-interface pt-1/0/0.0;
client;
}
family inet {
negotiate-address;
}
family inet6 {
dhcpv6-client {
client-type statefull;
client-ia-type ia-pd;
rapid-commit;
client-identifier duid-type duid-ll;
req-option domain;
req-option dns-server;
}
}
}
}
}
routing-options {
rib inet6.0 {
static {
route ::/0 next-hop pp0.0;
route 2001:8b0:X::/48 next-hop 2001:8b0:X:X::X;
}
}
}
protocols {
router-advertisement {
interface fe-0/0/0.0 {
prefix 2001:8b0:X:X::/64;
}
}
}
security {
forwarding-options {
family {
inet6 {
mode flow-based;
}
}
}
zones {
security-zone untrust {
screen untrust-screen;
interfaces {
pt-1/0/0.0 {
host-inbound-traffic {
system-services {
dhcpv6;
}
}
}
pp0.0 {
host-inbound-traffic {
system-services {
dhcpv6;
ping;
}
}
}
}
}
}
</pre>

To check DHCPv6 binding from operational mode run the command

<pre>show dhcpv6 client binding detail</pre>

Output:
<pre>
Client Interface: pp0.0
Hardware Address: 54:e0:32:d2:39:20
State: BOUND(DHCPV6_CLIENT_STATE_BOUND)
ClientType: STATEFUL
Lease Expires: 2016-02-19 13:27:25 GMT
Lease Expires in: 1839 seconds
Lease Start: 2016-02-19 12:27:25 GMT
Bind Type: IA_PD
Client DUID: LL0x29-54:e0:32:d2:39:20
Rapid Commit: On
Server Ip Address: ::
Client IP Prefix: 2001:8b0:X:X::/64


DHCP options:
Name: server-identifier, Value: LL0x1-00:03:97:16:80:00
Name: dns-recursive-server, Value: 2001:8b0::2020,2001:8b0::2021


</pre>


== Higher MTU values ==
== Higher MTU values ==
Retrieved from "http://support.aa.net.uk/Router_-_Juniper_SRX"