Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- ## Last commit: 2019-11-19 10:23:21 EET by switchua
- version 17.3R3-S3.3;
- groups {
- re1 {
- interfaces {
- fxp0 {
- disable;
- }
- }
- }
- }
- system {
- configuration-database {
- max-db-size 104857600;
- }
- time-zone Europe/Kiev;
- root-authentication {
- encrypted-password "$"; ## SECRET-DATA
- }
- name-server {
- 91.237.121.5;
- }
- dynamic-profile-options {
- versioning;
- }
- login {
- user mitya {
- uid 2002;
- class super-user;
- authentication {
- encrypted-password "$"; ## SECRET-DATA
- }
- }
- user switchua {
- uid 2001;
- class super-user;
- authentication {
- encrypted-password "$"; ## SECRET-DATA
- }
- }
- }
- services {
- ssh;
- rest {
- http;
- traceoptions {
- flag all;
- }
- enable-explorer;
- }
- subscriber-management {
- overrides {
- no-unsolicited-ra;
- }
- enable;
- }
- }
- syslog {
- user * {
- any emergency;
- }
- file messages {
- any notice;
- authorization info;
- }
- file interactive-commands {
- interactive-commands any;
- }
- }
- processes {
- l2tp-universal-edge disable;
- }
- ntp {
- server 35.158.196.249;
- server 46.165.221.137;
- server 129.70.132.33;
- server 176.9.241.107;
- }
- }
- dynamic-profiles {
- PPPOE {
- routing-instances {
- "$junos-routing-instance" {
- interface "$junos-interface-name";
- }
- }
- interfaces {
- pp0 {
- unit "$junos-interface-unit" {
- ppp-options {
- chap;
- }
- pppoe-options {
- underlying-interface "$junos-underlying-interface";
- server;
- }
- keepalives interval 30;
- family inet {
- unnumbered-address "$junos-loopback-interface";
- }
- }
- }
- }
- }
- VLAN-PPPOE {
- interfaces {
- "$junos-interface-ifd-name" {
- unit "$junos-interface-unit" {
- proxy-arp;
- vlan-id "$junos-vlan-id";
- family pppoe {
- access-concentrator MX104;
- duplicate-protection;
- dynamic-profile PPPOE;
- service-name-table SERVICE-TABLE;
- }
- }
- }
- }
- }
- dyn-policing {
- variables {
- var-bw mandatory;
- var-burst equals "round($var-bw/8)";
- var-ff-in uid;
- var-ff-out uid;
- var-plr uid;
- }
- interfaces {
- pp0 {
- unit "$junos-interface-unit" {
- family inet {
- filter {
- input "$var-ff-in" precedence 100;
- output "$var-ff-out" precedence 100;
- }
- }
- }
- }
- }
- firewall {
- family inet {
- filter "$var-ff-in" {
- interface-specific;
- term POLICE {
- then {
- policer "$var-plr";
- service-accounting;
- accept;
- }
- }
- }
- filter "$var-ff-out" {
- interface-specific;
- term POLICE {
- then {
- policer "$var-plr";
- service-accounting;
- accept;
- }
- }
- }
- }
- policer "$var-plr" {
- logical-interface-policer;
- if-exceeding {
- bandwidth-limit "$var-bw";
- burst-size-limit "$var-burst";
- }
- then discard;
- }
- }
- }
- }
- chassis {
- fpc 0 {
- pic 2 {
- adaptive-services {
- service-package layer-3;
- }
- }
- }
- alarm {
- management-ethernet {
- link-down ignore;
- }
- }
- network-services enhanced-ip;
- }
- services {
- service-set NAT-SERVICE-SET {
- nat-rules NAT-RULE;
- next-hop-service {
- inside-service-interface ms-0/2/0.100;
- outside-service-interface ms-0/2/0.200;
- }
- }
- nat {
- pool NAT-POOL-1 {
- address-range low 91.237.120.6 high 91.237.120.9;
- address-range low 91.237.121.6 high 91.237.121.9;
- address-range low 91.237.122.6 high 91.237.122.9;
- address-range low 91.237.123.6 high 91.237.123.9;
- address-range low 212.3.105.6 high 212.3.105.8;
- address-range low 212.3.109.6 high 212.3.109.9;
- port {
- automatic {
- random-allocation;
- }
- }
- mapping-timeout 120;
- }
- rule NAT-RULE {
- match-direction input;
- term ALG-noEIM-noEIF {
- from {
- source-prefix-list {
- NAT-PREFIX-LIST;
- }
- application-sets ALG-SET-noEIM-noEIF;
- }
- then {
- translated {
- source-pool NAT-POOL-1;
- translation-type {
- napt-44;
- }
- address-pooling paired;
- }
- }
- }
- term ALG-EIM-EIF {
- from {
- source-prefix-list {
- NAT-PREFIX-LIST;
- }
- application-sets ALG-SET-EIM-EIF;
- }
- then {
- translated {
- source-pool NAT-POOL-1;
- translation-type {
- napt-44;
- }
- mapping-type endpoint-independent;
- filtering-type {
- endpoint-independent;
- }
- address-pooling paired;
- }
- }
- }
- term NAT-EIM-EIF {
- from {
- source-prefix-list {
- NAT-PREFIX-LIST;
- }
- }
- then {
- translated {
- source-pool NAT-POOL-1;
- translation-type {
- napt-44;
- }
- mapping-type endpoint-independent;
- filtering-type {
- endpoint-independent;
- }
- address-pooling paired;
- }
- }
- }
- }
- }
- }
- access-profile RAUTH;
- interfaces {
- ms-0/2/0 {
- unit 100 {
- family inet {
- filter {
- input NAT-VALID;
- }
- }
- service-domain inside;
- }
- unit 200 {
- family inet;
- service-domain outside;
- }
- }
- xe-2/0/0 {
- unit 0 {
- family inet {
- address 91.237.121.6/24;
- address 91.237.120.6/24;
- address 91.237.122.6/24;
- address 91.237.123.6/24;
- address 212.3.105.6/24;
- address 212.3.109.6/24;
- }
- }
- }
- xe-2/0/1 {
- flexible-vlan-tagging;
- auto-configure {
- vlan-ranges {
- dynamic-profile VLAN-PPPOE {
- accept pppoe;
- ranges {
- 10-33;
- 50-75;
- 84-85;
- 170-188;
- 101-101;
- 103-116;
- }
- }
- }
- remove-when-no-subscribers;
- }
- encapsulation flexible-ethernet-services;
- unit 102 {
- vlan-id 102;
- family inet {
- address 10.239.255.8/27;
- }
- }
- }
- fxp0 {
- unit 0 {
- family inet {
- address 192.168.88.10/24;
- }
- }
- }
- lo0 {
- unit 0 {
- family inet {
- address 192.168.192.1/32;
- }
- }
- }
- }
- routing-options {
- static {
- route 0.0.0.0/0 next-hop [ 91.237.120.1 91.237.121.1 212.3.109.1 ];
- }
- }
- protocols {
- ppp {
- traceoptions {
- file ppp.log size 10m files 5;
- level all;
- flag mlppp;
- flag ppp;
- flag lcp;
- flag ncp;
- flag session;
- flag all;
- }
- }
- pppoe {
- traceoptions {
- file pppoe_log size 20m;
- level all;
- flag protocol;
- }
- service-name-tables SERVICE-TABLE {
- service any {
- terminate;
- }
- service empty {
- terminate;
- }
- }
- }
- }
- policy-options {
- prefix-list CGNAT {
- 91.237.120.0/24;
- 91.237.121.0/24;
- 91.237.122.0/24;
- 91.237.123.0/24;
- 212.3.105.0/24;
- 212.3.109.0/24;
- }
- prefix-list NAT-PREFIX-LIST {
- 192.168.192.0/18;
- }
- }
- firewall {
- family inet {
- filter NAT-VALID {
- term VALID-A {
- from {
- prefix-list {
- NAT-PREFIX-LIST;
- }
- }
- then accept;
- }
- term OTHER-D {
- then {
- count NOT-NAT-PREFIXES-DISCARD;
- discard;
- }
- }
- }
- }
- }
- access {
- profile RAUTH {
- accounting-order radius;
- authentication-order radius;
- radius {
- authentication-server 10.239.255.10;
- accounting-server 10.239.255.10;
- options {
- nas-identifier junmx104;
- calling-station-id-delimiter /;
- calling-station-id-format {
- agent-circuit-id;
- agent-remote-id;
- }
- }
- }
- radius-server {
- 10.239.255.8 {
- secret "$"; ## SECRET-DATA
- source-address 10.239.255.10;
- }
- 10.239.255.10 {
- port 1812;
- accounting-port 1813;
- secret "$"; ## SECRET-DATA
- }
- }
- accounting {
- order radius;
- immediate-update;
- coa-immediate-update;
- address-change-immediate-update;
- update-interval 10;
- statistics volume-time;
- send-acct-status-on-config-change;
- }
- }
- }
- applications {
- application icmp-30s {
- protocol icmp;
- inactivity-timeout 30;
- }
- application traceroute-30s {
- application-protocol traceroute;
- protocol udp;
- destination-port 33435-33450;
- ttl-threshold 30;
- inactivity-timeout 30;
- }
- application xmpp-1800s {
- protocol tcp;
- destination-port 5222-5223;
- inactivity-timeout 1800;
- }
- application smtp-ssl {
- protocol tcp;
- destination-port 465;
- }
- application pop3-ssl {
- protocol tcp;
- destination-port 995;
- }
- application ike-3600s {
- application-protocol ike-esp-nat;
- protocol udp;
- destination-port 500;
- inactivity-timeout 3600;
- }
- application-set ALG-SET-noEIM-noEIF {
- application junos-http;
- application junos-ftp;
- application junos-rtsp;
- application icmp-30s;
- application xmpp-1800s;
- application traceroute-30s;
- application junos-ntp;
- application junos-telnet;
- application junos-rsh;
- application junos-ssh;
- application junos-pop3;
- application junos-smtp;
- application junos-imap;
- application junos-imaps;
- application pop3-ssl;
- application smtp-ssl;
- application junos-pptp;
- application junos-rpc-portmap-tcp;
- application junos-rpc-portmap-udp;
- application junos-tftp;
- application junos-bgp;
- application junos-citrix-winframe-udp;
- application junos-citrix-winframe;
- application junos-cvspserver;
- application junos-dns-tcp;
- application junos-finger;
- application junos-ident;
- application junos-iiop-java;
- application junos-iiop-orbix;
- application junos-ike;
- application junos-ipsec-esp;
- application junos-ldap;
- application junos-snmp-get;
- application junos-snmp-get-next;
- application junos-snmp-response;
- application junos-snmp-trap;
- application junos-snpp;
- application junos-syslog;
- application junos-who;
- application junos-radacct;
- application junos-radius;
- application junos-rexec;
- application junos-rlogin;
- application junos-tacacs;
- application junos-tacacs-ds;
- application junos-talk-tcp;
- application junos-talk-udp;
- application junos-xnm-clear-text;
- application junos-xnm-ssl;
- application junos-ldp-tcp;
- application junos-ldp-udp;
- application junos-https;
- application junos-dns-udp;
- application ike-3600s;
- }
- application-set ALG-SET-EIM-EIF {
- application junos-h323;
- application junos-sip;
- }
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement