Router - Juniper SRX: Difference between revisions

From AAISP Support Site
(Added link to ebay)
(Added config example)
Line 19: Line 19:
|}
|}


== Example Config ==

<nowiki>
system {
host-name dsl-router;
domain-name aa.net.uk;
time-zone Europe/London;
root-authentication {
encrypted-password "XXXX";
}
name-server {
217.169.20.20;
217.169.20.21;
}
services {
ssh;
xnm-clear-text;
web-management {
http {
interface vlan.3;
}
https {
system-generated-certificate;
interface vlan.3;
}
}
dhcp {
name-server {
217.169.20.20;
217.169.20.21;
}
pool 192.168.1.0/24 {
address-range low 192.168.1.100 high 192.168.1.250;
router {
192.168.1.1;
}
}
}
}
syslog {
archive size 100k files 3;
user * {
any emergency;
}
file messages {
any critical;
authorization info;
}
file interactive-commands {
interactive-commands error;
}
}
max-configurations-on-flash 5;
max-configuration-rollbacks 5;
license {
autoupdate {
url https://ae1.juniper.net/junos/key_retrieval;
}
}
}
interfaces {
interface-range interfaces-trust {
member fe-0/0/0;
member fe-0/0/1;
member fe-0/0/2;
member fe-0/0/3;
member fe-0/0/4;
member fe-0/0/5;
member fe-0/0/6;
unit 0 {
family ethernet-switching {
vlan {
members vlan-trust;
}
}
}
}
fe-0/0/7 {
description "PPPoE Port";
unit 0 {
encapsulation ppp-over-ether;
}
}
pp0 {
traceoptions {
flag all;
}
unit 0 {
description AAISP;
point-to-point;
ppp-options {
chap {
default-chap-secret "XXXX";
local-name "XXXX@a";
no-rfc2486;
passive;
}
}
pppoe-options {
underlying-interface fe-0/0/7.0;
idle-timeout 0;
auto-reconnect 5;
client;
}
family inet {
mtu 1492;
negotiate-address;
}
}
}
vlan {
unit 3 {
family inet {
address 192.168.1.1/24;
}
}
}
}
routing-options {
static {
route 0.0.0.0/0 {
qualified-next-hop pp0.0 {
metric 1;
}
}
}
}
protocols {
stp;
}
security {
screen {
ids-option untrust-screen {
icmp {
ping-death;
}
ip {
source-route-option;
tear-drop;
}
tcp {
syn-flood {
alarm-threshold 1024;
attack-threshold 200;
source-threshold 1024;
destination-threshold 2048;
timeout 20;
}
land;
}
}
}
nat {
source {
rule-set trust-to-untrust {
from zone trust;
to zone untrust;
rule source-nat-rule {
match {
source-address 0.0.0.0/0;
}
then {
source-nat {
interface;
}
}
}
}
}
}
policies {
from-zone trust to-zone untrust {
policy trust-to-untrust {
match {
source-address any;
destination-address any;
application any;
}
then {
permit;
}
}
}
}
zones {
security-zone trust {
host-inbound-traffic {
system-services {
all;
}
protocols {
all;
}
}
interfaces {
vlan.3;
}
}
security-zone untrust {
screen untrust-screen;
interfaces {
pp0.0;
}
}
}
}
vlans {
vlan-trust {
vlan-id 3;
l3-interface vlan.3;
}
}
</nowiki>


[[Category:Juniper]] [[Category:Router]]
[[Category:Juniper]] [[Category:Router]]

Revision as of 20:46, 13 Ocak 2015

The Juniper SRX range of routers are high-performance routers, intended for small business and branch networks. The can often be bought cheaply on eBay.

Known working setups

Router JunOS Version Modem Who Status
SRX100B 12.1X44-D40.2 BT Provided Huawei HG612 FTTC Modem Nhumfrey ✓ Working 2015-01-13

Example Config

system { host-name dsl-router; domain-name aa.net.uk; time-zone Europe/London; root-authentication { encrypted-password "XXXX"; } name-server { 217.169.20.20; 217.169.20.21; } services { ssh; xnm-clear-text; web-management { http { interface vlan.3; } https { system-generated-certificate; interface vlan.3; } } dhcp { name-server { 217.169.20.20; 217.169.20.21; } pool 192.168.1.0/24 { address-range low 192.168.1.100 high 192.168.1.250; router { 192.168.1.1; } } } } syslog { archive size 100k files 3; user * { any emergency; } file messages { any critical; authorization info; } file interactive-commands { interactive-commands error; } } max-configurations-on-flash 5; max-configuration-rollbacks 5; license { autoupdate { url https://ae1.juniper.net/junos/key_retrieval; } } } interfaces { interface-range interfaces-trust { member fe-0/0/0; member fe-0/0/1; member fe-0/0/2; member fe-0/0/3; member fe-0/0/4; member fe-0/0/5; member fe-0/0/6; unit 0 { family ethernet-switching { vlan { members vlan-trust; } } } } fe-0/0/7 { description "PPPoE Port"; unit 0 { encapsulation ppp-over-ether; } } pp0 { traceoptions { flag all; } unit 0 { description AAISP; point-to-point; ppp-options { chap { default-chap-secret "XXXX"; local-name "XXXX@a"; no-rfc2486; passive; } } pppoe-options { underlying-interface fe-0/0/7.0; idle-timeout 0; auto-reconnect 5; client; } family inet { mtu 1492; negotiate-address; } } } vlan { unit 3 { family inet { address 192.168.1.1/24; } } } } routing-options { static { route 0.0.0.0/0 { qualified-next-hop pp0.0 { metric 1; } } } } protocols { stp; } security { screen { ids-option untrust-screen { icmp { ping-death; } ip { source-route-option; tear-drop; } tcp { syn-flood { alarm-threshold 1024; attack-threshold 200; source-threshold 1024; destination-threshold 2048; timeout 20; } land; } } } nat { source { rule-set trust-to-untrust { from zone trust; to zone untrust; rule source-nat-rule { match { source-address 0.0.0.0/0; } then { source-nat { interface; } } } } } } policies { from-zone trust to-zone untrust { policy trust-to-untrust { match { source-address any; destination-address any; application any; } then { permit; } } } } zones { security-zone trust { host-inbound-traffic { system-services { all; } protocols { all; } } interfaces { vlan.3; } } security-zone untrust { screen untrust-screen; interfaces { pp0.0; } } } } vlans { vlan-trust { vlan-id 3; l3-interface vlan.3; } }

Retrieved from ‘http://support.aa.net.uk/index.php?title=Router_-_Juniper_SRX&oldid=6532