Jump to content

This is the support site for Andrews & Arnold Ltd, a UK Internet provider. Information on these pages is generally for our customers but may be useful to others, enjoy!

Router - Juniper SRX: Difference between revisions

← Older editNewer edit →
Content deleted Content added
Nhumfrey (talk | contribs)
57 edits
Changed to next-hop
Nhumfrey (talk | contribs)
57 edits
Added IPv6
Line 35: Line 35:
|}
|}


== IPv4-only Example Config ==
== Dual-stack Example Config ==

* Statically configured IPv4 and IPv6 for a single AAISP line
* Trust VLAN on Ethernet Port 0-6
* PPPoE configured on Ethernet Port 7


<source>
<source>
## Last changed: 2015-03-29 17:42:36 BST
version 12.1X46-D30.2;
system {
system {
host-name dsl-router;
host-name dsl-router;
Line 93: Line 99:
url https://ae1.juniper.net/junos/key_retrieval;
url https://ae1.juniper.net/junos/key_retrieval;
}
}
}
ntp {
server 90.155.53.94;
server 90.155.53.93;
}
}
}
}
Line 118: Line 128:
}
}
}
}
pp0 {
lo0 {
traceoptions {
unit 0 {
flag all;
family inet6 {
address 2001:8b0:XXXX::1/128;
}
}
}
}
pp0 {
unit 0 {
unit 0 {
description AAISP;
description AAISP;
Line 142: Line 156:
mtu 1492;
mtu 1492;
negotiate-address;
negotiate-address;
}
family inet6 {
mtu 1492;
}
}
}
}
Line 149: Line 166:
family inet {
family inet {
address 192.168.1.1/24;
address 192.168.1.1/24;
}
family inet6 {
address 2001:8b0:XXXX:3::1/64;
}
}
}
}
Line 154: Line 174:
}
}
routing-options {
routing-options {
rib inet6.0 {
static {
route 0.0.0.0/0 next-hop pp0.0;
static {
}
route 0::0/0 next-hop pp0.0;
}
}
static {
route 0.0.0.0/0 next-hop pp0.0;
}
}
}
protocols {
protocols {
router-advertisement {
stp;
interface vlan.3 {
prefix 2001:8b0:XXXX:3::/64;
}
}
}
}
security {
security {
forwarding-options {
family {
inet6 {
mode flow-based;
}
}
}
screen {
screen {
ids-option untrust-screen {
ids-option untrust-screen {
Line 213: Line 249:
}
}
}
}
}
from-zone untrust to-zone trust {
policy ping6-to-trust {
match {
source-address any-ipv6;
destination-address any-ipv6;
application junos-pingv6;
}
then {
permit;
}
}
policy reject-untrust-to-trust {
match {
source-address any;
destination-address any;
application any;
}
then {
reject;
}
}
}
default-policy {
deny-all;
}
}
}
}
Line 227: Line 288:
interfaces {
interfaces {
vlan.3;
vlan.3;
lo0.0;
}
}
}
}
security-zone untrust {
security-zone untrust {
screen untrust-screen;
screen untrust-screen;
host-inbound-traffic {
system-services {
ping;
}
}
interfaces {
interfaces {
pp0.0;
pp0.0;
Retrieved from "http://support.aa.net.uk/Router_-_Juniper_SRX"