Difference between revisions of "Router - Juniper SRX"
[unchecked revision] | [unchecked revision] |
(Added link to ebay) |
(Added config example) |
||
Line 19: | Line 19: | ||
|} |
|} |
||
+ | == Example Config == |
||
+ | |||
+ | <nowiki> |
||
+ | system { |
||
+ | host-name dsl-router; |
||
+ | domain-name aa.net.uk; |
||
+ | time-zone Europe/London; |
||
+ | root-authentication { |
||
+ | encrypted-password "XXXX"; |
||
+ | } |
||
+ | name-server { |
||
+ | 217.169.20.20; |
||
+ | 217.169.20.21; |
||
+ | } |
||
+ | services { |
||
+ | ssh; |
||
+ | xnm-clear-text; |
||
+ | web-management { |
||
+ | http { |
||
+ | interface vlan.3; |
||
+ | } |
||
+ | https { |
||
+ | system-generated-certificate; |
||
+ | interface vlan.3; |
||
+ | } |
||
+ | } |
||
+ | dhcp { |
||
+ | name-server { |
||
+ | 217.169.20.20; |
||
+ | 217.169.20.21; |
||
+ | } |
||
+ | pool 192.168.1.0/24 { |
||
+ | address-range low 192.168.1.100 high 192.168.1.250; |
||
+ | router { |
||
+ | 192.168.1.1; |
||
+ | } |
||
+ | } |
||
+ | } |
||
+ | } |
||
+ | syslog { |
||
+ | archive size 100k files 3; |
||
+ | user * { |
||
+ | any emergency; |
||
+ | } |
||
+ | file messages { |
||
+ | any critical; |
||
+ | authorization info; |
||
+ | } |
||
+ | file interactive-commands { |
||
+ | interactive-commands error; |
||
+ | } |
||
+ | } |
||
+ | max-configurations-on-flash 5; |
||
+ | max-configuration-rollbacks 5; |
||
+ | license { |
||
+ | autoupdate { |
||
+ | url https://ae1.juniper.net/junos/key_retrieval; |
||
+ | } |
||
+ | } |
||
+ | } |
||
+ | interfaces { |
||
+ | interface-range interfaces-trust { |
||
+ | member fe-0/0/0; |
||
+ | member fe-0/0/1; |
||
+ | member fe-0/0/2; |
||
+ | member fe-0/0/3; |
||
+ | member fe-0/0/4; |
||
+ | member fe-0/0/5; |
||
+ | member fe-0/0/6; |
||
+ | unit 0 { |
||
+ | family ethernet-switching { |
||
+ | vlan { |
||
+ | members vlan-trust; |
||
+ | } |
||
+ | } |
||
+ | } |
||
+ | } |
||
+ | fe-0/0/7 { |
||
+ | description "PPPoE Port"; |
||
+ | unit 0 { |
||
+ | encapsulation ppp-over-ether; |
||
+ | } |
||
+ | } |
||
+ | pp0 { |
||
+ | traceoptions { |
||
+ | flag all; |
||
+ | } |
||
+ | unit 0 { |
||
+ | description AAISP; |
||
+ | point-to-point; |
||
+ | ppp-options { |
||
+ | chap { |
||
+ | default-chap-secret "XXXX"; |
||
+ | local-name "XXXX@a"; |
||
+ | no-rfc2486; |
||
+ | passive; |
||
+ | } |
||
+ | } |
||
+ | pppoe-options { |
||
+ | underlying-interface fe-0/0/7.0; |
||
+ | idle-timeout 0; |
||
+ | auto-reconnect 5; |
||
+ | client; |
||
+ | } |
||
+ | family inet { |
||
+ | mtu 1492; |
||
+ | negotiate-address; |
||
+ | } |
||
+ | } |
||
+ | } |
||
+ | vlan { |
||
+ | unit 3 { |
||
+ | family inet { |
||
+ | address 192.168.1.1/24; |
||
+ | } |
||
+ | } |
||
+ | } |
||
+ | } |
||
+ | routing-options { |
||
+ | static { |
||
+ | route 0.0.0.0/0 { |
||
+ | qualified-next-hop pp0.0 { |
||
+ | metric 1; |
||
+ | } |
||
+ | } |
||
+ | } |
||
+ | } |
||
+ | protocols { |
||
+ | stp; |
||
+ | } |
||
+ | security { |
||
+ | screen { |
||
+ | ids-option untrust-screen { |
||
+ | icmp { |
||
+ | ping-death; |
||
+ | } |
||
+ | ip { |
||
+ | source-route-option; |
||
+ | tear-drop; |
||
+ | } |
||
+ | tcp { |
||
+ | syn-flood { |
||
+ | alarm-threshold 1024; |
||
+ | attack-threshold 200; |
||
+ | source-threshold 1024; |
||
+ | destination-threshold 2048; |
||
+ | timeout 20; |
||
+ | } |
||
+ | land; |
||
+ | } |
||
+ | } |
||
+ | } |
||
+ | nat { |
||
+ | source { |
||
+ | rule-set trust-to-untrust { |
||
+ | from zone trust; |
||
+ | to zone untrust; |
||
+ | rule source-nat-rule { |
||
+ | match { |
||
+ | source-address 0.0.0.0/0; |
||
+ | } |
||
+ | then { |
||
+ | source-nat { |
||
+ | interface; |
||
+ | } |
||
+ | } |
||
+ | } |
||
+ | } |
||
+ | } |
||
+ | } |
||
+ | policies { |
||
+ | from-zone trust to-zone untrust { |
||
+ | policy trust-to-untrust { |
||
+ | match { |
||
+ | source-address any; |
||
+ | destination-address any; |
||
+ | application any; |
||
+ | } |
||
+ | then { |
||
+ | permit; |
||
+ | } |
||
+ | } |
||
+ | } |
||
+ | } |
||
+ | zones { |
||
+ | security-zone trust { |
||
+ | host-inbound-traffic { |
||
+ | system-services { |
||
+ | all; |
||
+ | } |
||
+ | protocols { |
||
+ | all; |
||
+ | } |
||
+ | } |
||
+ | interfaces { |
||
+ | vlan.3; |
||
+ | } |
||
+ | } |
||
+ | security-zone untrust { |
||
+ | screen untrust-screen; |
||
+ | interfaces { |
||
+ | pp0.0; |
||
+ | } |
||
+ | } |
||
+ | } |
||
+ | } |
||
+ | vlans { |
||
+ | vlan-trust { |
||
+ | vlan-id 3; |
||
+ | l3-interface vlan.3; |
||
+ | } |
||
+ | } |
||
+ | </nowiki> |
||
[[Category:Juniper]] [[Category:Router]] |
[[Category:Juniper]] [[Category:Router]] |
Revision as of 20:46, 13 January 2015
The Juniper SRX range of routers are high-performance routers, intended for small business and branch networks. The can often be bought cheaply on eBay.
Known working setups
Router | JunOS Version | Modem | Who | Status |
---|---|---|---|---|
SRX100B | 12.1X44-D40.2 | BT Provided Huawei HG612 FTTC Modem | Nhumfrey | ✓ Working 2015-01-13 |
Example Config
system { host-name dsl-router; domain-name aa.net.uk; time-zone Europe/London; root-authentication { encrypted-password "XXXX"; } name-server { 217.169.20.20; 217.169.20.21; } services { ssh; xnm-clear-text; web-management { http { interface vlan.3; } https { system-generated-certificate; interface vlan.3; } } dhcp { name-server { 217.169.20.20; 217.169.20.21; } pool 192.168.1.0/24 { address-range low 192.168.1.100 high 192.168.1.250; router { 192.168.1.1; } } } } syslog { archive size 100k files 3; user * { any emergency; } file messages { any critical; authorization info; } file interactive-commands { interactive-commands error; } } max-configurations-on-flash 5; max-configuration-rollbacks 5; license { autoupdate { url https://ae1.juniper.net/junos/key_retrieval; } } } interfaces { interface-range interfaces-trust { member fe-0/0/0; member fe-0/0/1; member fe-0/0/2; member fe-0/0/3; member fe-0/0/4; member fe-0/0/5; member fe-0/0/6; unit 0 { family ethernet-switching { vlan { members vlan-trust; } } } } fe-0/0/7 { description "PPPoE Port"; unit 0 { encapsulation ppp-over-ether; } } pp0 { traceoptions { flag all; } unit 0 { description AAISP; point-to-point; ppp-options { chap { default-chap-secret "XXXX"; local-name "XXXX@a"; no-rfc2486; passive; } } pppoe-options { underlying-interface fe-0/0/7.0; idle-timeout 0; auto-reconnect 5; client; } family inet { mtu 1492; negotiate-address; } } } vlan { unit 3 { family inet { address 192.168.1.1/24; } } } } routing-options { static { route 0.0.0.0/0 { qualified-next-hop pp0.0 { metric 1; } } } } protocols { stp; } security { screen { ids-option untrust-screen { icmp { ping-death; } ip { source-route-option; tear-drop; } tcp { syn-flood { alarm-threshold 1024; attack-threshold 200; source-threshold 1024; destination-threshold 2048; timeout 20; } land; } } } nat { source { rule-set trust-to-untrust { from zone trust; to zone untrust; rule source-nat-rule { match { source-address 0.0.0.0/0; } then { source-nat { interface; } } } } } } policies { from-zone trust to-zone untrust { policy trust-to-untrust { match { source-address any; destination-address any; application any; } then { permit; } } } } zones { security-zone trust { host-inbound-traffic { system-services { all; } protocols { all; } } interfaces { vlan.3; } } security-zone untrust { screen untrust-screen; interfaces { pp0.0; } } } } vlans { vlan-trust { vlan-id 3; l3-interface vlan.3; } }