Difference between revisions of "Router - Juniper SRX"
| [unchecked revision] | [unchecked revision] |
(Added link to ebay) |
(Added config example) |
||
| Line 19: | Line 19: | ||
|} |
|} |
||
| + | == Example Config == |
||
| + | |||
| + | <nowiki> |
||
| + | system { |
||
| + | host-name dsl-router; |
||
| + | domain-name aa.net.uk; |
||
| + | time-zone Europe/London; |
||
| + | root-authentication { |
||
| + | encrypted-password "XXXX"; |
||
| + | } |
||
| + | name-server { |
||
| + | 217.169.20.20; |
||
| + | 217.169.20.21; |
||
| + | } |
||
| + | services { |
||
| + | ssh; |
||
| + | xnm-clear-text; |
||
| + | web-management { |
||
| + | http { |
||
| + | interface vlan.3; |
||
| + | } |
||
| + | https { |
||
| + | system-generated-certificate; |
||
| + | interface vlan.3; |
||
| + | } |
||
| + | } |
||
| + | dhcp { |
||
| + | name-server { |
||
| + | 217.169.20.20; |
||
| + | 217.169.20.21; |
||
| + | } |
||
| + | pool 192.168.1.0/24 { |
||
| + | address-range low 192.168.1.100 high 192.168.1.250; |
||
| + | router { |
||
| + | 192.168.1.1; |
||
| + | } |
||
| + | } |
||
| + | } |
||
| + | } |
||
| + | syslog { |
||
| + | archive size 100k files 3; |
||
| + | user * { |
||
| + | any emergency; |
||
| + | } |
||
| + | file messages { |
||
| + | any critical; |
||
| + | authorization info; |
||
| + | } |
||
| + | file interactive-commands { |
||
| + | interactive-commands error; |
||
| + | } |
||
| + | } |
||
| + | max-configurations-on-flash 5; |
||
| + | max-configuration-rollbacks 5; |
||
| + | license { |
||
| + | autoupdate { |
||
| + | url https://ae1.juniper.net/junos/key_retrieval; |
||
| + | } |
||
| + | } |
||
| + | } |
||
| + | interfaces { |
||
| + | interface-range interfaces-trust { |
||
| + | member fe-0/0/0; |
||
| + | member fe-0/0/1; |
||
| + | member fe-0/0/2; |
||
| + | member fe-0/0/3; |
||
| + | member fe-0/0/4; |
||
| + | member fe-0/0/5; |
||
| + | member fe-0/0/6; |
||
| + | unit 0 { |
||
| + | family ethernet-switching { |
||
| + | vlan { |
||
| + | members vlan-trust; |
||
| + | } |
||
| + | } |
||
| + | } |
||
| + | } |
||
| + | fe-0/0/7 { |
||
| + | description "PPPoE Port"; |
||
| + | unit 0 { |
||
| + | encapsulation ppp-over-ether; |
||
| + | } |
||
| + | } |
||
| + | pp0 { |
||
| + | traceoptions { |
||
| + | flag all; |
||
| + | } |
||
| + | unit 0 { |
||
| + | description AAISP; |
||
| + | point-to-point; |
||
| + | ppp-options { |
||
| + | chap { |
||
| + | default-chap-secret "XXXX"; |
||
| + | local-name "XXXX@a"; |
||
| + | no-rfc2486; |
||
| + | passive; |
||
| + | } |
||
| + | } |
||
| + | pppoe-options { |
||
| + | underlying-interface fe-0/0/7.0; |
||
| + | idle-timeout 0; |
||
| + | auto-reconnect 5; |
||
| + | client; |
||
| + | } |
||
| + | family inet { |
||
| + | mtu 1492; |
||
| + | negotiate-address; |
||
| + | } |
||
| + | } |
||
| + | } |
||
| + | vlan { |
||
| + | unit 3 { |
||
| + | family inet { |
||
| + | address 192.168.1.1/24; |
||
| + | } |
||
| + | } |
||
| + | } |
||
| + | } |
||
| + | routing-options { |
||
| + | static { |
||
| + | route 0.0.0.0/0 { |
||
| + | qualified-next-hop pp0.0 { |
||
| + | metric 1; |
||
| + | } |
||
| + | } |
||
| + | } |
||
| + | } |
||
| + | protocols { |
||
| + | stp; |
||
| + | } |
||
| + | security { |
||
| + | screen { |
||
| + | ids-option untrust-screen { |
||
| + | icmp { |
||
| + | ping-death; |
||
| + | } |
||
| + | ip { |
||
| + | source-route-option; |
||
| + | tear-drop; |
||
| + | } |
||
| + | tcp { |
||
| + | syn-flood { |
||
| + | alarm-threshold 1024; |
||
| + | attack-threshold 200; |
||
| + | source-threshold 1024; |
||
| + | destination-threshold 2048; |
||
| + | timeout 20; |
||
| + | } |
||
| + | land; |
||
| + | } |
||
| + | } |
||
| + | } |
||
| + | nat { |
||
| + | source { |
||
| + | rule-set trust-to-untrust { |
||
| + | from zone trust; |
||
| + | to zone untrust; |
||
| + | rule source-nat-rule { |
||
| + | match { |
||
| + | source-address 0.0.0.0/0; |
||
| + | } |
||
| + | then { |
||
| + | source-nat { |
||
| + | interface; |
||
| + | } |
||
| + | } |
||
| + | } |
||
| + | } |
||
| + | } |
||
| + | } |
||
| + | policies { |
||
| + | from-zone trust to-zone untrust { |
||
| + | policy trust-to-untrust { |
||
| + | match { |
||
| + | source-address any; |
||
| + | destination-address any; |
||
| + | application any; |
||
| + | } |
||
| + | then { |
||
| + | permit; |
||
| + | } |
||
| + | } |
||
| + | } |
||
| + | } |
||
| + | zones { |
||
| + | security-zone trust { |
||
| + | host-inbound-traffic { |
||
| + | system-services { |
||
| + | all; |
||
| + | } |
||
| + | protocols { |
||
| + | all; |
||
| + | } |
||
| + | } |
||
| + | interfaces { |
||
| + | vlan.3; |
||
| + | } |
||
| + | } |
||
| + | security-zone untrust { |
||
| + | screen untrust-screen; |
||
| + | interfaces { |
||
| + | pp0.0; |
||
| + | } |
||
| + | } |
||
| + | } |
||
| + | } |
||
| + | vlans { |
||
| + | vlan-trust { |
||
| + | vlan-id 3; |
||
| + | l3-interface vlan.3; |
||
| + | } |
||
| + | } |
||
| + | </nowiki> |
||
[[Category:Juniper]] [[Category:Router]] |
[[Category:Juniper]] [[Category:Router]] |
||
Revision as of 21:46, 13 January 2015
The Juniper SRX range of routers are high-performance routers, intended for small business and branch networks. The can often be bought cheaply on eBay.
Known working setups
| Router | JunOS Version | Modem | Who | Status |
|---|---|---|---|---|
| SRX100B | 12.1X44-D40.2 | BT Provided Huawei HG612 FTTC Modem | Nhumfrey | ✓ Working 2015-01-13 |
Example Config
system { host-name dsl-router; domain-name aa.net.uk; time-zone Europe/London; root-authentication { encrypted-password "XXXX"; } name-server { 217.169.20.20; 217.169.20.21; } services { ssh; xnm-clear-text; web-management { http { interface vlan.3; } https { system-generated-certificate; interface vlan.3; } } dhcp { name-server { 217.169.20.20; 217.169.20.21; } pool 192.168.1.0/24 { address-range low 192.168.1.100 high 192.168.1.250; router { 192.168.1.1; } } } } syslog { archive size 100k files 3; user * { any emergency; } file messages { any critical; authorization info; } file interactive-commands { interactive-commands error; } } max-configurations-on-flash 5; max-configuration-rollbacks 5; license { autoupdate { url https://ae1.juniper.net/junos/key_retrieval; } } } interfaces { interface-range interfaces-trust { member fe-0/0/0; member fe-0/0/1; member fe-0/0/2; member fe-0/0/3; member fe-0/0/4; member fe-0/0/5; member fe-0/0/6; unit 0 { family ethernet-switching { vlan { members vlan-trust; } } } } fe-0/0/7 { description "PPPoE Port"; unit 0 { encapsulation ppp-over-ether; } } pp0 { traceoptions { flag all; } unit 0 { description AAISP; point-to-point; ppp-options { chap { default-chap-secret "XXXX"; local-name "XXXX@a"; no-rfc2486; passive; } } pppoe-options { underlying-interface fe-0/0/7.0; idle-timeout 0; auto-reconnect 5; client; } family inet { mtu 1492; negotiate-address; } } } vlan { unit 3 { family inet { address 192.168.1.1/24; } } } } routing-options { static { route 0.0.0.0/0 { qualified-next-hop pp0.0 { metric 1; } } } } protocols { stp; } security { screen { ids-option untrust-screen { icmp { ping-death; } ip { source-route-option; tear-drop; } tcp { syn-flood { alarm-threshold 1024; attack-threshold 200; source-threshold 1024; destination-threshold 2048; timeout 20; } land; } } } nat { source { rule-set trust-to-untrust { from zone trust; to zone untrust; rule source-nat-rule { match { source-address 0.0.0.0/0; } then { source-nat { interface; } } } } } } policies { from-zone trust to-zone untrust { policy trust-to-untrust { match { source-address any; destination-address any; application any; } then { permit; } } } } zones { security-zone trust { host-inbound-traffic { system-services { all; } protocols { all; } } interfaces { vlan.3; } } security-zone untrust { screen untrust-screen; interfaces { pp0.0; } } } } vlans { vlan-trust { vlan-id 3; l3-interface vlan.3; } }