Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- root@CE01# show | display set
- set version 15.1X49-D100.6
- set system host-name CE01
- set system domain-name testlab.com
- set system root-authentication encrypted-password "$5$yraL0low$jG5N9cjWvB3TTxjtXfJBR.klfrxpzVaNEoy9UROkJu1"
- set system login user the-packet-thrower uid 2000
- set system login user the-packet-thrower class super-user
- set system login user the-packet-thrower authentication encrypted-password "$5$Usz/ClKp$tOPBJe47yg9I12GiMgEp9MRpyLVkd6BQhn.QryfMzc8"
- set system services ssh
- set system services web-management http interface fxp0.0
- set system syslog user * any emergency
- set system syslog file messages any any
- set system syslog file messages authorization info
- set system syslog file interactive-commands interactive-commands any
- set system license autoupdate url https://ae1.juniper.net/junos/key_retrieval
- set security log mode stream
- set security log report
- set security policies from-zone MGMT to-zone MGMT policy default-permit match source-address any
- set security policies from-zone MGMT to-zone MGMT policy default-permit match destination-address any
- set security policies from-zone MGMT to-zone MGMT policy default-permit match application any
- set security policies from-zone MGMT to-zone MGMT policy default-permit then permit
- set security policies from-zone trust to-zone trust policy default-permit match source-address any
- set security policies from-zone trust to-zone trust policy default-permit match destination-address any
- set security policies from-zone trust to-zone trust policy default-permit match application any
- set security policies from-zone trust to-zone trust policy default-permit then permit
- set security policies from-zone trust to-zone untrust policy default-permit match source-address any
- set security policies from-zone trust to-zone untrust policy default-permit match destination-address any
- set security policies from-zone trust to-zone untrust policy default-permit match application any
- set security policies from-zone trust to-zone untrust policy default-permit then permit
- set security zones security-zone MGMT tcp-rst
- set security zones security-zone MGMT host-inbound-traffic system-services all
- set security zones security-zone MGMT host-inbound-traffic protocols all
- set security zones security-zone MGMT interfaces ge-0/0/0.0
- set security zones security-zone trust tcp-rst
- set security zones security-zone trust host-inbound-traffic system-services all
- set security zones security-zone trust host-inbound-traffic protocols all
- set security zones security-zone trust interfaces ge-0/0/1.0
- set security zones security-zone trust interfaces ge-0/0/2.0
- set security zones security-zone untrust
- set interfaces ge-0/0/0 unit 0 family inet address 10.20.2.215/24
- set interfaces ge-0/0/1 unit 0 family inet address 192.168.1.1/24
- set interfaces ge-0/0/2 unit 0 family inet address 172.16.11.1/24
- set interfaces ge-0/0/2 unit 0 family inet address 172.16.12.1/24
- set interfaces ge-0/0/2 unit 0 family inet address 172.16.13.1/24
- set interfaces ge-0/0/2 unit 0 family inet address 172.16.14.1/24
- set interfaces fxp0 unit 0
- set interfaces lo0 unit 0 family inet address 192.168.254.1/32
- set routing-options autonomous-system 65101
- set protocols bgp group CUST-A type external
- set protocols bgp group CUST-A export EXPORT-BGP
- set protocols bgp group CUST-A peer-as 65123
- set protocols bgp group CUST-A neighbor 192.168.1.254
- set policy-options policy-statement EXPORT-BGP from protocol direct
- set policy-options policy-statement EXPORT-BGP then accept
- set policy-options policy-statement EXPORT-RIP from protocol direct
- set policy-options policy-statement EXPORT-RIP then accept
- set policy-options policy-statement IMPORT-BGP then accept
- set routing-instances MGMT instance-type virtual-router
- set routing-instances MGMT interface ge-0/0/0.0
- set routing-instances MGMT routing-options static route 0.0.0.0/0 next-hop 10.20.2.1
- [edit]
- root@CE01# show
- ## Last changed: 2017-09-19 07:41:00 UTC
- version 15.1X49-D100.6;
- system {
- host-name CE01;
- domain-name testlab.com;
- root-authentication {
- encrypted-password "$5$yraL0low$jG5N9cjWvB3TTxjtXfJBR.klfrxpzVaNEoy9UROkJu1"; ## SECRET-DATA
- }
- login {
- user the-packet-thrower {
- uid 2000;
- class super-user;
- authentication {
- encrypted-password "$5$Usz/ClKp$tOPBJe47yg9I12GiMgEp9MRpyLVkd6BQhn.QryfMzc8"; ## SECRET-DATA
- }
- }
- }
- services {
- ssh;
- web-management {
- http {
- interface fxp0.0;
- }
- }
- }
- syslog {
- user * {
- any emergency;
- }
- file messages {
- any any;
- authorization info;
- }
- file interactive-commands {
- interactive-commands any;
- }
- }
- license {
- autoupdate {
- url https://ae1.juniper.net/junos/key_retrieval;
- }
- }
- }
- security {
- log {
- mode stream;
- report;
- }
- policies {
- from-zone MGMT to-zone MGMT {
- policy default-permit {
- match {
- source-address any;
- destination-address any;
- application any;
- }
- then {
- permit;
- }
- }
- }
- from-zone trust to-zone trust {
- policy default-permit {
- match {
- source-address any;
- destination-address any;
- application any;
- }
- then {
- permit;
- }
- }
- }
- from-zone trust to-zone untrust {
- policy default-permit {
- match {
- source-address any;
- destination-address any;
- application any;
- }
- then {
- permit;
- }
- }
- }
- }
- zones {
- security-zone MGMT {
- tcp-rst;
- host-inbound-traffic {
- system-services {
- all;
- }
- protocols {
- all;
- }
- }
- interfaces {
- ge-0/0/0.0;
- }
- }
- security-zone trust {
- tcp-rst;
- host-inbound-traffic {
- system-services {
- all;
- }
- protocols {
- all;
- }
- }
- interfaces {
- ge-0/0/1.0;
- ge-0/0/2.0;
- }
- }
- security-zone untrust;
- }
- }
- interfaces {
- ge-0/0/0 {
- unit 0 {
- family inet {
- address 10.20.2.215/24;
- }
- }
- }
- ge-0/0/1 {
- unit 0 {
- family inet {
- address 192.168.1.1/24;
- }
- }
- }
- ge-0/0/2 {
- unit 0 {
- family inet {
- address 172.16.11.1/24;
- address 172.16.12.1/24;
- address 172.16.13.1/24;
- address 172.16.14.1/24;
- }
- }
- }
- fxp0 {
- unit 0;
- }
- lo0 {
- unit 0 {
- family inet {
- address 192.168.254.1/32;
- }
- }
- }
- }
- routing-options {
- autonomous-system 65101;
- }
- protocols {
- bgp {
- group CUST-A {
- type external;
- export EXPORT-BGP;
- peer-as 65123;
- neighbor 192.168.1.254;
- }
- }
- }
- policy-options {
- policy-statement EXPORT-BGP {
- from protocol direct;
- then accept;
- }
- policy-statement EXPORT-RIP {
- from protocol direct;
- then accept;
- }
- policy-statement IMPORT-BGP {
- then accept;
- }
- }
- routing-instances {
- MGMT {
- instance-type virtual-router;
- interface ge-0/0/0.0;
- routing-options {
- static {
- route 0.0.0.0/0 next-hop 10.20.2.1;
- }
- }
- }
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement