Difference between revisions of "Router - Juniper SRX"

From AAISP Support Site
Jump to: navigation, search
[unchecked revision][unchecked revision]
(Added link to ebay)
(Added config example)
Line 19: Line 19:
 
|}
 
|}
   
  +
== Example Config ==
  +
  +
<nowiki>
  +
system {
  +
host-name dsl-router;
  +
domain-name aa.net.uk;
  +
time-zone Europe/London;
  +
root-authentication {
  +
encrypted-password "XXXX";
  +
}
  +
name-server {
  +
217.169.20.20;
  +
217.169.20.21;
  +
}
  +
services {
  +
ssh;
  +
xnm-clear-text;
  +
web-management {
  +
http {
  +
interface vlan.3;
  +
}
  +
https {
  +
system-generated-certificate;
  +
interface vlan.3;
  +
}
  +
}
  +
dhcp {
  +
name-server {
  +
217.169.20.20;
  +
217.169.20.21;
  +
}
  +
pool 192.168.1.0/24 {
  +
address-range low 192.168.1.100 high 192.168.1.250;
  +
router {
  +
192.168.1.1;
  +
}
  +
}
  +
}
  +
}
  +
syslog {
  +
archive size 100k files 3;
  +
user * {
  +
any emergency;
  +
}
  +
file messages {
  +
any critical;
  +
authorization info;
  +
}
  +
file interactive-commands {
  +
interactive-commands error;
  +
}
  +
}
  +
max-configurations-on-flash 5;
  +
max-configuration-rollbacks 5;
  +
license {
  +
autoupdate {
  +
url https://ae1.juniper.net/junos/key_retrieval;
  +
}
  +
}
  +
}
  +
interfaces {
  +
interface-range interfaces-trust {
  +
member fe-0/0/0;
  +
member fe-0/0/1;
  +
member fe-0/0/2;
  +
member fe-0/0/3;
  +
member fe-0/0/4;
  +
member fe-0/0/5;
  +
member fe-0/0/6;
  +
unit 0 {
  +
family ethernet-switching {
  +
vlan {
  +
members vlan-trust;
  +
}
  +
}
  +
}
  +
}
  +
fe-0/0/7 {
  +
description "PPPoE Port";
  +
unit 0 {
  +
encapsulation ppp-over-ether;
  +
}
  +
}
  +
pp0 {
  +
traceoptions {
  +
flag all;
  +
}
  +
unit 0 {
  +
description AAISP;
  +
point-to-point;
  +
ppp-options {
  +
chap {
  +
default-chap-secret "XXXX";
  +
local-name "XXXX@a";
  +
no-rfc2486;
  +
passive;
  +
}
  +
}
  +
pppoe-options {
  +
underlying-interface fe-0/0/7.0;
  +
idle-timeout 0;
  +
auto-reconnect 5;
  +
client;
  +
}
  +
family inet {
  +
mtu 1492;
  +
negotiate-address;
  +
}
  +
}
  +
}
  +
vlan {
  +
unit 3 {
  +
family inet {
  +
address 192.168.1.1/24;
  +
}
  +
}
  +
}
  +
}
  +
routing-options {
  +
static {
  +
route 0.0.0.0/0 {
  +
qualified-next-hop pp0.0 {
  +
metric 1;
  +
}
  +
}
  +
}
  +
}
  +
protocols {
  +
stp;
  +
}
  +
security {
  +
screen {
  +
ids-option untrust-screen {
  +
icmp {
  +
ping-death;
  +
}
  +
ip {
  +
source-route-option;
  +
tear-drop;
  +
}
  +
tcp {
  +
syn-flood {
  +
alarm-threshold 1024;
  +
attack-threshold 200;
  +
source-threshold 1024;
  +
destination-threshold 2048;
  +
timeout 20;
  +
}
  +
land;
  +
}
  +
}
  +
}
  +
nat {
  +
source {
  +
rule-set trust-to-untrust {
  +
from zone trust;
  +
to zone untrust;
  +
rule source-nat-rule {
  +
match {
  +
source-address 0.0.0.0/0;
  +
}
  +
then {
  +
source-nat {
  +
interface;
  +
}
  +
}
  +
}
  +
}
  +
}
  +
}
  +
policies {
  +
from-zone trust to-zone untrust {
  +
policy trust-to-untrust {
  +
match {
  +
source-address any;
  +
destination-address any;
  +
application any;
  +
}
  +
then {
  +
permit;
  +
}
  +
}
  +
}
  +
}
  +
zones {
  +
security-zone trust {
  +
host-inbound-traffic {
  +
system-services {
  +
all;
  +
}
  +
protocols {
  +
all;
  +
}
  +
}
  +
interfaces {
  +
vlan.3;
  +
}
  +
}
  +
security-zone untrust {
  +
screen untrust-screen;
  +
interfaces {
  +
pp0.0;
  +
}
  +
}
  +
}
  +
}
  +
vlans {
  +
vlan-trust {
  +
vlan-id 3;
  +
l3-interface vlan.3;
  +
}
  +
}
  +
</nowiki>
   
 
[[Category:Juniper]] [[Category:Router]]
 
[[Category:Juniper]] [[Category:Router]]

Revision as of 21:46, 13 January 2015

The Juniper SRX range of routers are high-performance routers, intended for small business and branch networks. The can often be bought cheaply on eBay.

Known working setups

Router JunOS Version Modem Who Status
SRX100B 12.1X44-D40.2 BT Provided Huawei HG612 FTTC Modem Nhumfrey ✓ Working 2015-01-13

Example Config

system { host-name dsl-router; domain-name aa.net.uk; time-zone Europe/London; root-authentication { encrypted-password "XXXX"; } name-server { 217.169.20.20; 217.169.20.21; } services { ssh; xnm-clear-text; web-management { http { interface vlan.3; } https { system-generated-certificate; interface vlan.3; } } dhcp { name-server { 217.169.20.20; 217.169.20.21; } pool 192.168.1.0/24 { address-range low 192.168.1.100 high 192.168.1.250; router { 192.168.1.1; } } } } syslog { archive size 100k files 3; user * { any emergency; } file messages { any critical; authorization info; } file interactive-commands { interactive-commands error; } } max-configurations-on-flash 5; max-configuration-rollbacks 5; license { autoupdate { url https://ae1.juniper.net/junos/key_retrieval; } } } interfaces { interface-range interfaces-trust { member fe-0/0/0; member fe-0/0/1; member fe-0/0/2; member fe-0/0/3; member fe-0/0/4; member fe-0/0/5; member fe-0/0/6; unit 0 { family ethernet-switching { vlan { members vlan-trust; } } } } fe-0/0/7 { description "PPPoE Port"; unit 0 { encapsulation ppp-over-ether; } } pp0 { traceoptions { flag all; } unit 0 { description AAISP; point-to-point; ppp-options { chap { default-chap-secret "XXXX"; local-name "XXXX@a"; no-rfc2486; passive; } } pppoe-options { underlying-interface fe-0/0/7.0; idle-timeout 0; auto-reconnect 5; client; } family inet { mtu 1492; negotiate-address; } } } vlan { unit 3 { family inet { address 192.168.1.1/24; } } } } routing-options { static { route 0.0.0.0/0 { qualified-next-hop pp0.0 { metric 1; } } } } protocols { stp; } security { screen { ids-option untrust-screen { icmp { ping-death; } ip { source-route-option; tear-drop; } tcp { syn-flood { alarm-threshold 1024; attack-threshold 200; source-threshold 1024; destination-threshold 2048; timeout 20; } land; } } } nat { source { rule-set trust-to-untrust { from zone trust; to zone untrust; rule source-nat-rule { match { source-address 0.0.0.0/0; } then { source-nat { interface; } } } } } } policies { from-zone trust to-zone untrust { policy trust-to-untrust { match { source-address any; destination-address any; application any; } then { permit; } } } } zones { security-zone trust { host-inbound-traffic { system-services { all; } protocols { all; } } interfaces { vlan.3; } } security-zone untrust { screen untrust-screen; interfaces { pp0.0; } } } } vlans { vlan-trust { vlan-id 3; l3-interface vlan.3; } }