Jump to content

This is the support site for Andrews & Arnold Ltd, a UK Internet provider. Information on these pages is generally for our customers but may be useful to others, enjoy!

Router - Juniper SRX: Difference between revisions

m
clean up
No edit summary
m (clean up)
 
(5 intermediate revisions by 4 users not shown)
|ZyXEL P660R in bridge mode
|[[User:Nhumfrey|Nhumfrey]]
|✗
|✗
|✗ PADI sent but no PADO response
|-
|[http://www.juniper.net/uk/en/products-services/security/srx-series/srx100/ SRX100B]
|BT Provided Huawei HG612 [[FTTC Modem]]
|[[User:Nhumfrey|Nhumfrey]]
|✗
|✗
|✓ Working 2015-01-13
|-
|[http://www.juniper.net/uk/en/products-services/security/srx-series/srx100/ SRX100B]
|BT Provided Huawei HG612 [[FTTC Modem]]
|[[User:Nhumfrey|Nhumfrey]]
|✓
|✓
|✓ Working 2015-03-22
|-
|[http://www.juniper.net/uk/en/products-services/security/srx-series/srx210/ SRX210H]
|12.1X46-D35.1
|Vigor 130 modem
|
|✓
|✓ Working 2015-09-20
|-
|[http://www.juniper.net/uk/en/products-services/security/srx-series/srx110/ SRX110H-VA]
|12.1X46-D40.2
|Internal VDSL2/ADSL-POTS
|
|✓
|✓ Working 2016-02-19
|-
|}
 
 
== Steps for Configuring IPv6 over PPPoE on an SRX router ==
 
7. Finally, if you want to be able to ping hosts on your internal network, then see the '''ping6-to-trust''' policy in the example config below.
 
 
Note that the first time you enable IPv6 based routing (the '''security forwarding-options'''), you will have to reboot the router.
 
 
 
== Dual-stack Example Config ==
* Pinging (ICMPv6) from untrusted to trusted hosts is enabled
 
<pre>
 
<source>
## Last changed: 2015-03-29 17:42:36 BST
version 12.1X46-D30.2;
}
}
</sourcepre>
 
== Native IPv6 dual stack SRX110H-VA configuration ==
 
The following is an example of a Juniper SRX110H-VA native IPv6 configuration using the inbuilt modem for VDSL connectivity, PPPoE, DHCPv6, & IPv4.
 
'''Please note:'''
 
* You must use Junos version 12.1X46-D10.2 or greater for DHCPv6 support. (The example configuration used 12.1X46-D40.2)
* IPv6 routing is controlled via the https://control.aa.net.uk/ pages. This example only shows one /64 address. You can route multiple /64 address spaces, and I assume you can probably route the entire /48 you have been designated
* WAN address for IPv4 is auto-negotiated
* IPv4 does not include NAT configuration which in this example will be required for WAN connectivity
<pre>
interfaces {
fe-0/0/0 {
unit 0 {
family inet {
mtu 1492;
address 10.X.X.X/8;
}
family inet6 {
address 2001:8b0:X:X::1/64;
}
}
}
}
pt-1/0/0 {
vlan-tagging;
vdsl-options {
vdsl-profile auto;
}
unit 0 {
encapsulation ppp-over-ether;
vlan-id 101;
}
}
pp0 {
traceoptions {
flag all;
}
unit 0 {
ppp-options {
chap {
default-chap-secret "PASSWORD"; ## SECRET-DATA
local-name "USERNAME";
passive;
}
}
pppoe-options {
underlying-interface pt-1/0/0.0;
client;
}
family inet {
negotiate-address;
}
family inet6 {
dhcpv6-client {
client-type statefull;
client-ia-type ia-pd;
rapid-commit;
client-identifier duid-type duid-ll;
req-option domain;
req-option dns-server;
}
}
}
}
}
routing-options {
rib inet6.0 {
static {
route ::/0 next-hop pp0.0;
route 2001:8b0:X::/48 next-hop 2001:8b0:X:X::X;
}
}
}
protocols {
router-advertisement {
interface fe-0/0/0.0 {
prefix 2001:8b0:X:X::/64;
}
}
}
security {
forwarding-options {
family {
inet6 {
mode flow-based;
}
}
}
zones {
security-zone untrust {
screen untrust-screen;
interfaces {
pt-1/0/0.0 {
host-inbound-traffic {
system-services {
dhcpv6;
}
}
}
pp0.0 {
host-inbound-traffic {
system-services {
dhcpv6;
ping;
}
}
}
}
}
}
</pre>
 
To check DHCPv6 binding from operational mode run the command
 
<pre>show dhcpv6 client binding detail</pre>
 
Output:
<pre>
Client Interface: pp0.0
Hardware Address: 54:e0:32:d2:39:20
State: BOUND(DHCPV6_CLIENT_STATE_BOUND)
ClientType: STATEFUL
Lease Expires: 2016-02-19 13:27:25 GMT
Lease Expires in: 1839 seconds
Lease Start: 2016-02-19 12:27:25 GMT
Bind Type: IA_PD
Client DUID: LL0x29-54:e0:32:d2:39:20
Rapid Commit: On
Server Ip Address: ::
Client IP Prefix: 2001:8b0:X:X::/64
 
DHCP options:
Name: server-identifier, Value: LL0x1-00:03:97:16:80:00
Name: dns-recursive-server, Value: 2001:8b0::2020,2001:8b0::2021
 
</pre>
 
== Higher MTU values ==
 
It does look like the SRX ethernet interface supports Baby Jumbo Frames, however I asked about using an MTU of 1500 on the PPP link and received the following response from Danilo Quesada – Juniper SRX Support:
 
<blockquote>
Increasing the MTU on the PPPoE interface to a value greater that 1492 would go against RFC2516 A Method for Transmitting PPP Over Ethernet (PPPoE).
RFC4638 is currently not supported on any SRX Junos code. Junos enforces RFCs, so there is no way round this but to wait until is implemented. Currently there is no roadmap information available. Please submit a product enhancement request through your Juniper Account Team or sales Representative.
</blockquote>
 
 
[[Category:3rd Party Routers|Juniper]]
editor
698

edits