Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- root@CE02# show | display set
- set version 15.1X49-D100.6
- set system host-name CE02
- set system domain-name testlab.com
- set system root-authentication encrypted-password "$5$VE05INxz$nEttgnnKsHuMm.TSFoCmM5T59B96wRvl6ISSVN82.tD"
- set system login user the-packet-thrower uid 2000
- set system login user the-packet-thrower class super-user
- set system login user the-packet-thrower authentication encrypted-password "$5$rCVNUu./$VmVobKR75Okl/leO0d9E91V5ph1CgybnBvA0RHhdK5/"
- set system services ssh
- set system services web-management http interface fxp0.0
- set system syslog user * any emergency
- set system syslog file messages any any
- set system syslog file messages authorization info
- set system syslog file interactive-commands interactive-commands any
- set system license autoupdate url https://ae1.juniper.net/junos/key_retrieval
- set security log mode stream
- set security log report
- set security screen ids-option unMGMT-screen icmp ping-death
- set security screen ids-option unMGMT-screen ip source-route-option
- set security screen ids-option unMGMT-screen ip tear-drop
- set security screen ids-option unMGMT-screen tcp syn-flood alarm-threshold 1024
- set security screen ids-option unMGMT-screen tcp syn-flood attack-threshold 200
- set security screen ids-option unMGMT-screen tcp syn-flood source-threshold 1024
- set security screen ids-option unMGMT-screen tcp syn-flood destination-threshold 2048
- set security screen ids-option unMGMT-screen tcp syn-flood queue-size 2000
- set security screen ids-option unMGMT-screen tcp syn-flood timeout 20
- set security screen ids-option unMGMT-screen tcp land
- set security policies from-zone MGMT to-zone MGMT policy default-permit match source-address any
- set security policies from-zone MGMT to-zone MGMT policy default-permit match destination-address any
- set security policies from-zone MGMT to-zone MGMT policy default-permit match application any
- set security policies from-zone MGMT to-zone MGMT policy default-permit then permit
- set security policies from-zone MGMT to-zone unMGMT policy default-permit match source-address any
- set security policies from-zone MGMT to-zone unMGMT policy default-permit match destination-address any
- set security policies from-zone MGMT to-zone unMGMT policy default-permit match application any
- set security policies from-zone MGMT to-zone unMGMT policy default-permit then permit
- set security policies from-zone trust to-zone trust policy default-permit match source-address any
- set security policies from-zone trust to-zone trust policy default-permit match destination-address any
- set security policies from-zone trust to-zone trust policy default-permit match application any
- set security policies from-zone trust to-zone trust policy default-permit then permit
- set security policies from-zone trust to-zone untrust policy default-permit match source-address any
- set security policies from-zone trust to-zone untrust policy default-permit match destination-address any
- set security policies from-zone trust to-zone untrust policy default-permit match application any
- set security policies from-zone trust to-zone untrust policy default-permit then permit
- set security zones security-zone MGMT tcp-rst
- set security zones security-zone MGMT host-inbound-traffic system-services all
- set security zones security-zone MGMT host-inbound-traffic protocols all
- set security zones security-zone MGMT interfaces ge-0/0/0.0
- set security zones security-zone unMGMT screen unMGMT-screen
- set security zones security-zone trust tcp-rst
- set security zones security-zone trust host-inbound-traffic system-services all
- set security zones security-zone trust host-inbound-traffic protocols all
- set security zones security-zone trust interfaces ge-0/0/1.0
- set security zones security-zone trust interfaces ge-0/0/2.0
- set security zones security-zone untrust
- set interfaces ge-0/0/0 unit 0 family inet address 10.20.2.216/24
- set interfaces ge-0/0/1 unit 0 family inet address 192.168.2.2/24
- set interfaces ge-0/0/2 unit 0 family inet address 172.16.21.1/24
- set interfaces ge-0/0/2 unit 0 family inet address 172.16.22.1/24
- set interfaces ge-0/0/2 unit 0 family inet address 172.16.23.1/24
- set interfaces ge-0/0/2 unit 0 family inet address 172.16.24.1/24
- set interfaces fxp0 unit 0
- set interfaces lo0 unit 0 family inet address 192.168.254.2/32
- set interfaces lo0 unit 0 family mpls
- set routing-options autonomous-system 65102
- set protocols bgp group CUST-B type external
- set protocols bgp group CUST-B import IMPORT-BGP
- set protocols bgp group CUST-B export EXPORT-BGP
- set protocols bgp group CUST-B peer-as 65123
- set protocols bgp group CUST-B neighbor 192.168.2.254
- set protocols ospf area 0.0.0.0 interface ge-0/0/1.0
- set protocols ospf area 0.0.0.0 interface ge-0/0/2.0 passive
- set protocols ospf area 0.0.0.0 interface lo0.0 passive
- set protocols rip group CUST-A export EXPORT-RIP
- set protocols rip group CUST-A neighbor ge-0/0/1.0
- set protocols rip group CUST-B export EXPORT-RIP
- set protocols rip group CUST-B neighbor all
- deactivate protocols rip group CUST-B
- set policy-options policy-statement EXPORT-BGP from protocol direct
- set policy-options policy-statement EXPORT-BGP then accept
- set policy-options policy-statement EXPORT-RIP from protocol direct
- set policy-options policy-statement EXPORT-RIP then accept
- set policy-options policy-statement IMPORT-BGP then accept
- set routing-instances MGMT instance-type virtual-router
- set routing-instances MGMT interface ge-0/0/0.0
- set routing-instances MGMT routing-options static route 0.0.0.0/0 next-hop 10.20.2.1
- [edit]
- root@CE02#
- [edit]
- root@CE02# show
- ## Last changed: 2017-09-19 18:04:39 UTC
- version 15.1X49-D100.6;
- system {
- host-name CE02;
- domain-name testlab.com;
- root-authentication {
- encrypted-password "$5$VE05INxz$nEttgnnKsHuMm.TSFoCmM5T59B96wRvl6ISSVN82.tD"; ## SECRET-DATA
- }
- login {
- user the-packet-thrower {
- uid 2000;
- class super-user;
- authentication {
- encrypted-password "$5$rCVNUu./$VmVobKR75Okl/leO0d9E91V5ph1CgybnBvA0RHhdK5/"; ## SECRET-DATA
- }
- }
- }
- services {
- ssh;
- web-management {
- http {
- interface fxp0.0;
- }
- }
- }
- syslog {
- user * {
- any emergency;
- }
- file messages {
- any any;
- authorization info;
- }
- file interactive-commands {
- interactive-commands any;
- }
- }
- license {
- autoupdate {
- url https://ae1.juniper.net/junos/key_retrieval;
- }
- }
- }
- security {
- log {
- mode stream;
- report;
- }
- screen {
- ids-option unMGMT-screen {
- icmp {
- ping-death;
- }
- ip {
- source-route-option;
- tear-drop;
- }
- tcp {
- syn-flood {
- alarm-threshold 1024;
- attack-threshold 200;
- source-threshold 1024;
- destination-threshold 2048;
- queue-size 2000; ## Warning: 'queue-size' is deprecated
- timeout 20;
- }
- land;
- }
- }
- }
- policies {
- from-zone MGMT to-zone MGMT {
- policy default-permit {
- match {
- source-address any;
- destination-address any;
- application any;
- }
- then {
- permit;
- }
- }
- }
- from-zone MGMT to-zone unMGMT {
- policy default-permit {
- match {
- source-address any;
- destination-address any;
- application any;
- }
- then {
- permit;
- }
- }
- }
- from-zone trust to-zone trust {
- policy default-permit {
- match {
- source-address any;
- destination-address any;
- application any;
- }
- then {
- permit;
- }
- }
- }
- from-zone trust to-zone untrust {
- policy default-permit {
- match {
- source-address any;
- destination-address any;
- application any;
- }
- then {
- permit;
- }
- }
- }
- }
- zones {
- security-zone MGMT {
- tcp-rst;
- host-inbound-traffic {
- system-services {
- all;
- }
- protocols {
- all;
- }
- }
- interfaces {
- ge-0/0/0.0;
- }
- }
- security-zone unMGMT {
- screen unMGMT-screen;
- }
- security-zone trust {
- tcp-rst;
- host-inbound-traffic {
- system-services {
- all;
- }
- protocols {
- all;
- }
- }
- interfaces {
- ge-0/0/1.0;
- ge-0/0/2.0;
- }
- }
- security-zone untrust;
- }
- }
- interfaces {
- ge-0/0/0 {
- unit 0 {
- family inet {
- address 10.20.2.216/24;
- }
- }
- }
- ge-0/0/1 {
- unit 0 {
- family inet {
- address 192.168.2.2/24;
- }
- }
- }
- ge-0/0/2 {
- unit 0 {
- family inet {
- address 172.16.21.1/24;
- address 172.16.22.1/24;
- address 172.16.23.1/24;
- address 172.16.24.1/24;
- }
- }
- }
- fxp0 {
- unit 0;
- }
- lo0 {
- unit 0 {
- family inet {
- address 192.168.254.2/32;
- }
- family mpls;
- }
- }
- }
- routing-options {
- autonomous-system 65102;
- }
- protocols {
- bgp {
- group CUST-B {
- type external;
- import IMPORT-BGP;
- export EXPORT-BGP;
- peer-as 65123;
- neighbor 192.168.2.254;
- }
- }
- ospf {
- area 0.0.0.0 {
- interface ge-0/0/1.0;
- interface ge-0/0/2.0 {
- passive;
- }
- interface lo0.0 {
- passive;
- }
- }
- }
- rip {
- group CUST-A {
- export EXPORT-RIP;
- neighbor ge-0/0/1.0;
- }
- inactive: group CUST-B {
- export EXPORT-RIP;
- neighbor all;
- }
- }
- }
- policy-options {
- policy-statement EXPORT-BGP {
- from protocol direct;
- then accept;
- }
- policy-statement EXPORT-RIP {
- from protocol direct;
- then accept;
- }
- policy-statement IMPORT-BGP {
- then accept;
- }
- }
- routing-instances {
- MGMT {
- instance-type virtual-router;
- interface ge-0/0/0.0;
- routing-options {
- static {
- route 0.0.0.0/0 next-hop 10.20.2.1;
- }
- }
- }
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement