Router - Juniper SRX

From AAISP Support Site
Revision as of 08:32, 2 February 2015 by Reedy (talk | contribs) (→‎Example Config: use code tags)

The Juniper SRX range of routers are high-performance routers, intended for small business and branch networks. The can often be bought cheaply on eBay.

Known working setups

Router JunOS Version Modem Who IPv6 Status
SRX100B 12.1X44-D40.2 ZyXEL P660R in bridge mode Nhumfrey ✗ PADI sent but no PADO response
SRX100B 12.1X44-D40.2 BT Provided Huawei HG612 FTTC Modem Nhumfrey ✓ Working 2015-01-13

Example Config

   system {
   host-name dsl-router;
   domain-name aa.net.uk;
   time-zone Europe/London;
   root-authentication {
       encrypted-password "XXXX";
   }
   name-server {
       217.169.20.20;
       217.169.20.21;
   }
   services {
       ssh;
       xnm-clear-text;
       web-management {
           http {
               interface vlan.3;
           }
           https {
               system-generated-certificate;
               interface vlan.3;
           }
       }
       dhcp {
           name-server {
               217.169.20.20;
               217.169.20.21;
           }
           pool 192.168.1.0/24 {
               address-range low 192.168.1.100 high 192.168.1.250;
               router {
                   192.168.1.1;
               }
           }
       }
   }
   syslog {
       archive size 100k files 3;
       user * {
           any emergency;
       }
       file messages {
           any critical;
           authorization info;
       }
       file interactive-commands {
           interactive-commands error;
       }
   }
   max-configurations-on-flash 5;
   max-configuration-rollbacks 5;
   license {
       autoupdate {
           url https://ae1.juniper.net/junos/key_retrieval;
       }
   }

} interfaces {

   interface-range interfaces-trust {
       member fe-0/0/0;
       member fe-0/0/1;
       member fe-0/0/2;
       member fe-0/0/3;
       member fe-0/0/4;
       member fe-0/0/5;
       member fe-0/0/6;
       unit 0 {
           family ethernet-switching {
               vlan {
                   members vlan-trust;
               }
           }
       }
   }
   fe-0/0/7 {
       description "PPPoE Port";
       unit 0 {
           encapsulation ppp-over-ether;
       }
   }
   pp0 {
       traceoptions {
           flag all;
       }
       unit 0 {
           description AAISP;
           point-to-point;
           ppp-options {
               chap {
                   default-chap-secret "XXXX";
                   local-name "XXXX@a";
                   no-rfc2486;
                   passive;
               }
           }
           pppoe-options {
               underlying-interface fe-0/0/7.0;
               idle-timeout 0;
               auto-reconnect 5;
               client;
           }
           family inet {
               mtu 1492;
               negotiate-address;
           }
       }
   }
   vlan {
       unit 3 {
           family inet {
               address 192.168.1.1/24;
           }
       }
   }

} routing-options {

   static {
       route 0.0.0.0/0 {
           qualified-next-hop pp0.0 {
               metric 1;
           }
       }
   }

} protocols {

   stp;

} security {

   screen {
       ids-option untrust-screen {
           icmp {
               ping-death;
           }
           ip {
               source-route-option;
               tear-drop;
           }
           tcp {
               syn-flood {
                   alarm-threshold 1024;
                   attack-threshold 200;
                   source-threshold 1024;
                   destination-threshold 2048;
                   timeout 20;
               }
               land;
           }
       }
   }
   nat {
       source {
           rule-set trust-to-untrust {
               from zone trust;
               to zone untrust;
               rule source-nat-rule {
                   match {
                       source-address 0.0.0.0/0;
                   }
                   then {
                       source-nat {
                           interface;
                       }
                   }
               }
           }
       }
   }
   policies {
       from-zone trust to-zone untrust {
           policy trust-to-untrust {
               match {
                   source-address any;
                   destination-address any;
                   application any;
               }
               then {
                   permit;
               }
           }
       }
   }
   zones {
       security-zone trust {
           host-inbound-traffic {
               system-services {
                   all;
               }
               protocols {
                   all;
               }
           }
           interfaces {
               vlan.3;
           }
       }
       security-zone untrust {
           screen untrust-screen;
           interfaces {
               pp0.0;
           }
       }
   }

} vlans {

   vlan-trust {
       vlan-id 3;
       l3-interface vlan.3;
   }

}