API tools faq
paste
Advertisement
switchua

junmx104 conf plain

switchua
Nov 22nd, 2019
74
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 18.16 KB | None | 0 0
raw download clone embed print report
  1. ## Last commit: 2019-11-19 10:23:21 EET by switchua
  2. version 17.3R3-S3.3;
  3. groups {
  4. re1 {
  5. interfaces {
  6. fxp0 {
  7. disable;
  8. }
  9. }
  10. }
  11. }
  12. system {
  13. configuration-database {
  14. max-db-size 104857600;
  15. }
  16. time-zone Europe/Kiev;
  17. root-authentication {
  18. encrypted-password "$"; ## SECRET-DATA
  19. }
  20. name-server {
  21. 91.237.121.5;
  22. }
  23. dynamic-profile-options {
  24. versioning;
  25. }
  26. login {
  27. user mitya {
  28. uid 2002;
  29. class super-user;
  30. authentication {
  31. encrypted-password "$"; ## SECRET-DATA
  32. }
  33. }
  34. user switchua {
  35. uid 2001;
  36. class super-user;
  37. authentication {
  38. encrypted-password "$"; ## SECRET-DATA
  39. }
  40. }
  41. }
  42. services {
  43. ssh;
  44. rest {
  45. http;
  46. traceoptions {
  47. flag all;
  48. }
  49. enable-explorer;
  50. }
  51. subscriber-management {
  52. overrides {
  53. no-unsolicited-ra;
  54. }
  55. enable;
  56. }
  57. }
  58. syslog {
  59. user * {
  60. any emergency;
  61. }
  62. file messages {
  63. any notice;
  64. authorization info;
  65. }
  66. file interactive-commands {
  67. interactive-commands any;
  68. }
  69. }
  70. processes {
  71. l2tp-universal-edge disable;
  72. }
  73. ntp {
  74. server 35.158.196.249;
  75. server 46.165.221.137;
  76. server 129.70.132.33;
  77. server 176.9.241.107;
  78. }
  79. }
  80. dynamic-profiles {
  81. PPPOE {
  82. routing-instances {
  83. "$junos-routing-instance" {
  84. interface "$junos-interface-name";
  85. }
  86. }
  87. interfaces {
  88. pp0 {
  89. unit "$junos-interface-unit" {
  90. ppp-options {
  91. chap;
  92. }
  93. pppoe-options {
  94. underlying-interface "$junos-underlying-interface";
  95. server;
  96. }
  97. keepalives interval 30;
  98. family inet {
  99. unnumbered-address "$junos-loopback-interface";
  100. }
  101. }
  102. }
  103. }
  104. }
  105. VLAN-PPPOE {
  106. interfaces {
  107. "$junos-interface-ifd-name" {
  108. unit "$junos-interface-unit" {
  109. proxy-arp;
  110. vlan-id "$junos-vlan-id";
  111. family pppoe {
  112. access-concentrator MX104;
  113. duplicate-protection;
  114. dynamic-profile PPPOE;
  115. service-name-table SERVICE-TABLE;
  116. }
  117. }
  118. }
  119. }
  120. }
  121. dyn-policing {
  122. variables {
  123. var-bw mandatory;
  124. var-burst equals "round($var-bw/8)";
  125. var-ff-in uid;
  126. var-ff-out uid;
  127. var-plr uid;
  128. }
  129. interfaces {
  130. pp0 {
  131. unit "$junos-interface-unit" {
  132. family inet {
  133. filter {
  134. input "$var-ff-in" precedence 100;
  135. output "$var-ff-out" precedence 100;
  136. }
  137. }
  138. }
  139. }
  140. }
  141. firewall {
  142. family inet {
  143. filter "$var-ff-in" {
  144. interface-specific;
  145. term POLICE {
  146. then {
  147. policer "$var-plr";
  148. service-accounting;
  149. accept;
  150. }
  151. }
  152. }
  153. filter "$var-ff-out" {
  154. interface-specific;
  155. term POLICE {
  156. then {
  157. policer "$var-plr";
  158. service-accounting;
  159. accept;
  160. }
  161. }
  162. }
  163. }
  164. policer "$var-plr" {
  165. logical-interface-policer;
  166. if-exceeding {
  167. bandwidth-limit "$var-bw";
  168. burst-size-limit "$var-burst";
  169. }
  170. then discard;
  171. }
  172. }
  173. }
  174. }
  175. chassis {
  176. fpc 0 {
  177. pic 2 {
  178. adaptive-services {
  179. service-package layer-3;
  180. }
  181. }
  182. }
  183. alarm {
  184. management-ethernet {
  185. link-down ignore;
  186. }
  187. }
  188. network-services enhanced-ip;
  189. }
  190. services {
  191. service-set NAT-SERVICE-SET {
  192. nat-rules NAT-RULE;
  193. next-hop-service {
  194. inside-service-interface ms-0/2/0.100;
  195. outside-service-interface ms-0/2/0.200;
  196. }
  197. }
  198. nat {
  199. pool NAT-POOL-1 {
  200. address-range low 91.237.120.6 high 91.237.120.9;
  201. address-range low 91.237.121.6 high 91.237.121.9;
  202. address-range low 91.237.122.6 high 91.237.122.9;
  203. address-range low 91.237.123.6 high 91.237.123.9;
  204. address-range low 212.3.105.6 high 212.3.105.8;
  205. address-range low 212.3.109.6 high 212.3.109.9;
  206. port {
  207. automatic {
  208. random-allocation;
  209. }
  210. }
  211. mapping-timeout 120;
  212. }
  213. rule NAT-RULE {
  214. match-direction input;
  215. term ALG-noEIM-noEIF {
  216. from {
  217. source-prefix-list {
  218. NAT-PREFIX-LIST;
  219. }
  220. application-sets ALG-SET-noEIM-noEIF;
  221. }
  222. then {
  223. translated {
  224. source-pool NAT-POOL-1;
  225. translation-type {
  226. napt-44;
  227. }
  228. address-pooling paired;
  229. }
  230. }
  231. }
  232. term ALG-EIM-EIF {
  233. from {
  234. source-prefix-list {
  235. NAT-PREFIX-LIST;
  236. }
  237. application-sets ALG-SET-EIM-EIF;
  238. }
  239. then {
  240. translated {
  241. source-pool NAT-POOL-1;
  242. translation-type {
  243. napt-44;
  244. }
  245. mapping-type endpoint-independent;
  246. filtering-type {
  247. endpoint-independent;
  248. }
  249. address-pooling paired;
  250. }
  251. }
  252. }
  253. term NAT-EIM-EIF {
  254. from {
  255. source-prefix-list {
  256. NAT-PREFIX-LIST;
  257. }
  258. }
  259. then {
  260. translated {
  261. source-pool NAT-POOL-1;
  262. translation-type {
  263. napt-44;
  264. }
  265. mapping-type endpoint-independent;
  266. filtering-type {
  267. endpoint-independent;
  268. }
  269. address-pooling paired;
  270. }
  271. }
  272. }
  273. }
  274. }
  275. }
  276. access-profile RAUTH;
  277. interfaces {
  278. ms-0/2/0 {
  279. unit 100 {
  280. family inet {
  281. filter {
  282. input NAT-VALID;
  283. }
  284. }
  285. service-domain inside;
  286. }
  287. unit 200 {
  288. family inet;
  289. service-domain outside;
  290. }
  291. }
  292. xe-2/0/0 {
  293. unit 0 {
  294. family inet {
  295. address 91.237.121.6/24;
  296. address 91.237.120.6/24;
  297. address 91.237.122.6/24;
  298. address 91.237.123.6/24;
  299. address 212.3.105.6/24;
  300. address 212.3.109.6/24;
  301. }
  302. }
  303. }
  304. xe-2/0/1 {
  305. flexible-vlan-tagging;
  306. auto-configure {
  307. vlan-ranges {
  308. dynamic-profile VLAN-PPPOE {
  309. accept pppoe;
  310. ranges {
  311. 10-33;
  312. 50-75;
  313. 84-85;
  314. 170-188;
  315. 101-101;
  316. 103-116;
  317. }
  318. }
  319. }
  320. remove-when-no-subscribers;
  321. }
  322. encapsulation flexible-ethernet-services;
  323. unit 102 {
  324. vlan-id 102;
  325. family inet {
  326. address 10.239.255.8/27;
  327. }
  328. }
  329. }
  330. fxp0 {
  331. unit 0 {
  332. family inet {
  333. address 192.168.88.10/24;
  334. }
  335. }
  336. }
  337. lo0 {
  338. unit 0 {
  339. family inet {
  340. address 192.168.192.1/32;
  341. }
  342. }
  343. }
  344. }
  345. routing-options {
  346. static {
  347. route 0.0.0.0/0 next-hop [ 91.237.120.1 91.237.121.1 212.3.109.1 ];
  348. }
  349. }
  350. protocols {
  351. ppp {
  352. traceoptions {
  353. file ppp.log size 10m files 5;
  354. level all;
  355. flag mlppp;
  356. flag ppp;
  357. flag lcp;
  358. flag ncp;
  359. flag session;
  360. flag all;
  361. }
  362. }
  363. pppoe {
  364. traceoptions {
  365. file pppoe_log size 20m;
  366. level all;
  367. flag protocol;
  368. }
  369. service-name-tables SERVICE-TABLE {
  370. service any {
  371. terminate;
  372. }
  373. service empty {
  374. terminate;
  375. }
  376. }
  377. }
  378. }
  379. policy-options {
  380. prefix-list CGNAT {
  381. 91.237.120.0/24;
  382. 91.237.121.0/24;
  383. 91.237.122.0/24;
  384. 91.237.123.0/24;
  385. 212.3.105.0/24;
  386. 212.3.109.0/24;
  387. }
  388. prefix-list NAT-PREFIX-LIST {
  389. 192.168.192.0/18;
  390. }
  391. }
  392. firewall {
  393. family inet {
  394. filter NAT-VALID {
  395. term VALID-A {
  396. from {
  397. prefix-list {
  398. NAT-PREFIX-LIST;
  399. }
  400. }
  401. then accept;
  402. }
  403. term OTHER-D {
  404. then {
  405. count NOT-NAT-PREFIXES-DISCARD;
  406. discard;
  407. }
  408. }
  409. }
  410. }
  411. }
  412. access {
  413. profile RAUTH {
  414. accounting-order radius;
  415. authentication-order radius;
  416. radius {
  417. authentication-server 10.239.255.10;
  418. accounting-server 10.239.255.10;
  419. options {
  420. nas-identifier junmx104;
  421. calling-station-id-delimiter /;
  422. calling-station-id-format {
  423. agent-circuit-id;
  424. agent-remote-id;
  425. }
  426. }
  427. }
  428. radius-server {
  429. 10.239.255.8 {
  430. secret "$"; ## SECRET-DATA
  431. source-address 10.239.255.10;
  432. }
  433. 10.239.255.10 {
  434. port 1812;
  435. accounting-port 1813;
  436. secret "$"; ## SECRET-DATA
  437. }
  438. }
  439. accounting {
  440. order radius;
  441. immediate-update;
  442. coa-immediate-update;
  443. address-change-immediate-update;
  444. update-interval 10;
  445. statistics volume-time;
  446. send-acct-status-on-config-change;
  447. }
  448. }
  449. }
  450. applications {
  451. application icmp-30s {
  452. protocol icmp;
  453. inactivity-timeout 30;
  454. }
  455. application traceroute-30s {
  456. application-protocol traceroute;
  457. protocol udp;
  458. destination-port 33435-33450;
  459. ttl-threshold 30;
  460. inactivity-timeout 30;
  461. }
  462. application xmpp-1800s {
  463. protocol tcp;
  464. destination-port 5222-5223;
  465. inactivity-timeout 1800;
  466. }
  467. application smtp-ssl {
  468. protocol tcp;
  469. destination-port 465;
  470. }
  471. application pop3-ssl {
  472. protocol tcp;
  473. destination-port 995;
  474. }
  475. application ike-3600s {
  476. application-protocol ike-esp-nat;
  477. protocol udp;
  478. destination-port 500;
  479. inactivity-timeout 3600;
  480. }
  481. application-set ALG-SET-noEIM-noEIF {
  482. application junos-http;
  483. application junos-ftp;
  484. application junos-rtsp;
  485. application icmp-30s;
  486. application xmpp-1800s;
  487. application traceroute-30s;
  488. application junos-ntp;
  489. application junos-telnet;
  490. application junos-rsh;
  491. application junos-ssh;
  492. application junos-pop3;
  493. application junos-smtp;
  494. application junos-imap;
  495. application junos-imaps;
  496. application pop3-ssl;
  497. application smtp-ssl;
  498. application junos-pptp;
  499. application junos-rpc-portmap-tcp;
  500. application junos-rpc-portmap-udp;
  501. application junos-tftp;
  502. application junos-bgp;
  503. application junos-citrix-winframe-udp;
  504. application junos-citrix-winframe;
  505. application junos-cvspserver;
  506. application junos-dns-tcp;
  507. application junos-finger;
  508. application junos-ident;
  509. application junos-iiop-java;
  510. application junos-iiop-orbix;
  511. application junos-ike;
  512. application junos-ipsec-esp;
  513. application junos-ldap;
  514. application junos-snmp-get;
  515. application junos-snmp-get-next;
  516. application junos-snmp-response;
  517. application junos-snmp-trap;
  518. application junos-snpp;
  519. application junos-syslog;
  520. application junos-who;
  521. application junos-radacct;
  522. application junos-radius;
  523. application junos-rexec;
  524. application junos-rlogin;
  525. application junos-tacacs;
  526. application junos-tacacs-ds;
  527. application junos-talk-tcp;
  528. application junos-talk-udp;
  529. application junos-xnm-clear-text;
  530. application junos-xnm-ssl;
  531. application junos-ldp-tcp;
  532. application junos-ldp-udp;
  533. application junos-https;
  534. application junos-dns-udp;
  535. application ike-3600s;
  536. }
  537. application-set ALG-SET-EIM-EIF {
  538. application junos-h323;
  539. application junos-sip;
  540. }
  541. }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!