Router - Juniper SRX
The Juniper SRX range of routers are high-performance routers, intended for small business and branch networks. The can often be bought cheaply on eBay.
Known working setups
| Router | JunOS Version | Modem | Who | IPv6 | Status |
|---|---|---|---|---|---|
| SRX100B | 12.1X44-D40.2 | ZyXEL P660R in bridge mode | Nhumfrey | ✗ | ✗ PADI sent but no PADO response |
| SRX100B | 12.1X44-D40.2 | BT Provided Huawei HG612 FTTC Modem | Nhumfrey | ✗ | ✓ Working 2015-01-13 |
| SRX100B | 12.1X46-D30.2 | BT Provided Huawei HG612 FTTC Modem | Nhumfrey | ✓ | ✓ Working 2015-03-22 |
Dual-stack Example Config
- Statically configured IPv4 and IPv6 for a single AAISP line
- Trust VLAN on Ethernet Port 0-6
- PPPoE configured on Ethernet Port 7
## Last changed: 2015-03-29 17:42:36 BST
version 12.1X46-D30.2;
system {
host-name dsl-router;
domain-name aa.net.uk;
time-zone Europe/London;
root-authentication {
encrypted-password "XXXX";
}
name-server {
217.169.20.20;
217.169.20.21;
}
services {
ssh;
xnm-clear-text;
web-management {
http {
interface vlan.3;
}
https {
system-generated-certificate;
interface vlan.3;
}
}
dhcp {
name-server {
217.169.20.20;
217.169.20.21;
}
pool 192.168.1.0/24 {
address-range low 192.168.1.100 high 192.168.1.250;
router {
192.168.1.1;
}
}
}
}
syslog {
archive size 100k files 3;
user * {
any emergency;
}
file messages {
any critical;
authorization info;
}
file interactive-commands {
interactive-commands error;
}
}
max-configurations-on-flash 5;
max-configuration-rollbacks 5;
license {
autoupdate {
url https://ae1.juniper.net/junos/key_retrieval;
}
}
ntp {
server 90.155.53.94;
server 90.155.53.93;
}
}
interfaces {
interface-range interfaces-trust {
member fe-0/0/0;
member fe-0/0/1;
member fe-0/0/2;
member fe-0/0/3;
member fe-0/0/4;
member fe-0/0/5;
member fe-0/0/6;
unit 0 {
family ethernet-switching {
vlan {
members vlan-trust;
}
}
}
}
fe-0/0/7 {
description "PPPoE Port";
unit 0 {
encapsulation ppp-over-ether;
}
}
lo0 {
unit 0 {
family inet6 {
address 2001:8b0:XXXX::1/128;
}
}
}
pp0 {
unit 0 {
description AAISP;
point-to-point;
ppp-options {
chap {
default-chap-secret "XXXX";
local-name "XXXX@a";
no-rfc2486;
passive;
}
}
pppoe-options {
underlying-interface fe-0/0/7.0;
idle-timeout 0;
auto-reconnect 5;
client;
}
family inet {
mtu 1492;
negotiate-address;
}
family inet6 {
mtu 1492;
}
}
}
vlan {
unit 3 {
family inet {
address 192.168.1.1/24;
}
family inet6 {
address 2001:8b0:XXXX:3::1/64;
}
}
}
}
routing-options {
rib inet6.0 {
static {
route 0::0/0 next-hop pp0.0;
}
}
static {
route 0.0.0.0/0 next-hop pp0.0;
}
}
protocols {
router-advertisement {
interface vlan.3 {
prefix 2001:8b0:XXXX:3::/64;
}
}
}
security {
forwarding-options {
family {
inet6 {
mode flow-based;
}
}
}
screen {
ids-option untrust-screen {
icmp {
ping-death;
}
ip {
source-route-option;
tear-drop;
}
tcp {
syn-flood {
alarm-threshold 1024;
attack-threshold 200;
source-threshold 1024;
destination-threshold 2048;
timeout 20;
}
land;
}
}
}
nat {
source {
rule-set trust-to-untrust {
from zone trust;
to zone untrust;
rule source-nat-rule {
match {
source-address 0.0.0.0/0;
}
then {
source-nat {
interface;
}
}
}
}
}
}
policies {
from-zone trust to-zone untrust {
policy trust-to-untrust {
match {
source-address any;
destination-address any;
application any;
}
then {
permit;
}
}
}
from-zone untrust to-zone trust {
policy ping6-to-trust {
match {
source-address any-ipv6;
destination-address any-ipv6;
application junos-pingv6;
}
then {
permit;
}
}
policy reject-untrust-to-trust {
match {
source-address any;
destination-address any;
application any;
}
then {
reject;
}
}
}
default-policy {
deny-all;
}
}
zones {
security-zone trust {
host-inbound-traffic {
system-services {
all;
}
protocols {
all;
}
}
interfaces {
vlan.3;
lo0.0;
}
}
security-zone untrust {
screen untrust-screen;
host-inbound-traffic {
system-services {
ping;
}
}
interfaces {
pp0.0;
}
}
}
}
vlans {
vlan-trust {
vlan-id 3;
l3-interface vlan.3;
}
}