API tools faq
paste
Advertisement
the-packet-thrower

CE02

the-packet-thrower
Sep 19th, 2017
905
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 11.46 KB | None | 0 0
raw download clone embed print report
  1. root@CE02# show | display set
  2. set version 15.1X49-D100.6
  3. set system host-name CE02
  4. set system domain-name testlab.com
  5. set system root-authentication encrypted-password "$5$VE05INxz$nEttgnnKsHuMm.TSFoCmM5T59B96wRvl6ISSVN82.tD"
  6. set system login user the-packet-thrower uid 2000
  7. set system login user the-packet-thrower class super-user
  8. set system login user the-packet-thrower authentication encrypted-password "$5$rCVNUu./$VmVobKR75Okl/leO0d9E91V5ph1CgybnBvA0RHhdK5/"
  9. set system services ssh
  10. set system services web-management http interface fxp0.0
  11. set system syslog user * any emergency
  12. set system syslog file messages any any
  13. set system syslog file messages authorization info
  14. set system syslog file interactive-commands interactive-commands any
  15. set system license autoupdate url https://ae1.juniper.net/junos/key_retrieval
  16. set security log mode stream
  17. set security log report
  18. set security screen ids-option unMGMT-screen icmp ping-death
  19. set security screen ids-option unMGMT-screen ip source-route-option
  20. set security screen ids-option unMGMT-screen ip tear-drop
  21. set security screen ids-option unMGMT-screen tcp syn-flood alarm-threshold 1024
  22. set security screen ids-option unMGMT-screen tcp syn-flood attack-threshold 200
  23. set security screen ids-option unMGMT-screen tcp syn-flood source-threshold 1024
  24. set security screen ids-option unMGMT-screen tcp syn-flood destination-threshold 2048
  25. set security screen ids-option unMGMT-screen tcp syn-flood queue-size 2000
  26. set security screen ids-option unMGMT-screen tcp syn-flood timeout 20
  27. set security screen ids-option unMGMT-screen tcp land
  28. set security policies from-zone MGMT to-zone MGMT policy default-permit match source-address any
  29. set security policies from-zone MGMT to-zone MGMT policy default-permit match destination-address any
  30. set security policies from-zone MGMT to-zone MGMT policy default-permit match application any
  31. set security policies from-zone MGMT to-zone MGMT policy default-permit then permit
  32. set security policies from-zone MGMT to-zone unMGMT policy default-permit match source-address any
  33. set security policies from-zone MGMT to-zone unMGMT policy default-permit match destination-address any
  34. set security policies from-zone MGMT to-zone unMGMT policy default-permit match application any
  35. set security policies from-zone MGMT to-zone unMGMT policy default-permit then permit
  36. set security policies from-zone trust to-zone trust policy default-permit match source-address any
  37. set security policies from-zone trust to-zone trust policy default-permit match destination-address any
  38. set security policies from-zone trust to-zone trust policy default-permit match application any
  39. set security policies from-zone trust to-zone trust policy default-permit then permit
  40. set security policies from-zone trust to-zone untrust policy default-permit match source-address any
  41. set security policies from-zone trust to-zone untrust policy default-permit match destination-address any
  42. set security policies from-zone trust to-zone untrust policy default-permit match application any
  43. set security policies from-zone trust to-zone untrust policy default-permit then permit
  44. set security zones security-zone MGMT tcp-rst
  45. set security zones security-zone MGMT host-inbound-traffic system-services all
  46. set security zones security-zone MGMT host-inbound-traffic protocols all
  47. set security zones security-zone MGMT interfaces ge-0/0/0.0
  48. set security zones security-zone unMGMT screen unMGMT-screen
  49. set security zones security-zone trust tcp-rst
  50. set security zones security-zone trust host-inbound-traffic system-services all
  51. set security zones security-zone trust host-inbound-traffic protocols all
  52. set security zones security-zone trust interfaces ge-0/0/1.0
  53. set security zones security-zone trust interfaces ge-0/0/2.0
  54. set security zones security-zone untrust
  55. set interfaces ge-0/0/0 unit 0 family inet address 10.20.2.216/24
  56. set interfaces ge-0/0/1 unit 0 family inet address 192.168.2.2/24
  57. set interfaces ge-0/0/2 unit 0 family inet address 172.16.21.1/24
  58. set interfaces ge-0/0/2 unit 0 family inet address 172.16.22.1/24
  59. set interfaces ge-0/0/2 unit 0 family inet address 172.16.23.1/24
  60. set interfaces ge-0/0/2 unit 0 family inet address 172.16.24.1/24
  61. set interfaces fxp0 unit 0
  62. set interfaces lo0 unit 0 family inet address 192.168.254.2/32
  63. set interfaces lo0 unit 0 family mpls
  64. set routing-options autonomous-system 65102
  65. set protocols bgp group CUST-B type external
  66. set protocols bgp group CUST-B import IMPORT-BGP
  67. set protocols bgp group CUST-B export EXPORT-BGP
  68. set protocols bgp group CUST-B peer-as 65123
  69. set protocols bgp group CUST-B neighbor 192.168.2.254
  70. set protocols ospf area 0.0.0.0 interface ge-0/0/1.0
  71. set protocols ospf area 0.0.0.0 interface ge-0/0/2.0 passive
  72. set protocols ospf area 0.0.0.0 interface lo0.0 passive
  73. set protocols rip group CUST-A export EXPORT-RIP
  74. set protocols rip group CUST-A neighbor ge-0/0/1.0
  75. set protocols rip group CUST-B export EXPORT-RIP
  76. set protocols rip group CUST-B neighbor all
  77. deactivate protocols rip group CUST-B
  78. set policy-options policy-statement EXPORT-BGP from protocol direct
  79. set policy-options policy-statement EXPORT-BGP then accept
  80. set policy-options policy-statement EXPORT-RIP from protocol direct
  81. set policy-options policy-statement EXPORT-RIP then accept
  82. set policy-options policy-statement IMPORT-BGP then accept
  83. set routing-instances MGMT instance-type virtual-router
  84. set routing-instances MGMT interface ge-0/0/0.0
  85. set routing-instances MGMT routing-options static route 0.0.0.0/0 next-hop 10.20.2.1
  86.  
  87. [edit]
  88. root@CE02#
  89.  
  90. [edit]
  91. root@CE02# show
  92. ## Last changed: 2017-09-19 18:04:39 UTC
  93. version 15.1X49-D100.6;
  94. system {
  95. host-name CE02;
  96. domain-name testlab.com;
  97. root-authentication {
  98. encrypted-password "$5$VE05INxz$nEttgnnKsHuMm.TSFoCmM5T59B96wRvl6ISSVN82.tD"; ## SECRET-DATA
  99. }
  100. login {
  101. user the-packet-thrower {
  102. uid 2000;
  103. class super-user;
  104. authentication {
  105. encrypted-password "$5$rCVNUu./$VmVobKR75Okl/leO0d9E91V5ph1CgybnBvA0RHhdK5/"; ## SECRET-DATA
  106. }
  107. }
  108. }
  109. services {
  110. ssh;
  111. web-management {
  112. http {
  113. interface fxp0.0;
  114. }
  115. }
  116. }
  117. syslog {
  118. user * {
  119. any emergency;
  120. }
  121. file messages {
  122. any any;
  123. authorization info;
  124. }
  125. file interactive-commands {
  126. interactive-commands any;
  127. }
  128. }
  129. license {
  130. autoupdate {
  131. url https://ae1.juniper.net/junos/key_retrieval;
  132. }
  133. }
  134. }
  135. security {
  136. log {
  137. mode stream;
  138. report;
  139. }
  140. screen {
  141. ids-option unMGMT-screen {
  142. icmp {
  143. ping-death;
  144. }
  145. ip {
  146. source-route-option;
  147. tear-drop;
  148. }
  149. tcp {
  150. syn-flood {
  151. alarm-threshold 1024;
  152. attack-threshold 200;
  153. source-threshold 1024;
  154. destination-threshold 2048;
  155. queue-size 2000; ## Warning: 'queue-size' is deprecated
  156. timeout 20;
  157. }
  158. land;
  159. }
  160. }
  161. }
  162. policies {
  163. from-zone MGMT to-zone MGMT {
  164. policy default-permit {
  165. match {
  166. source-address any;
  167. destination-address any;
  168. application any;
  169. }
  170. then {
  171. permit;
  172. }
  173. }
  174. }
  175. from-zone MGMT to-zone unMGMT {
  176. policy default-permit {
  177. match {
  178. source-address any;
  179. destination-address any;
  180. application any;
  181. }
  182. then {
  183. permit;
  184. }
  185. }
  186. }
  187. from-zone trust to-zone trust {
  188. policy default-permit {
  189. match {
  190. source-address any;
  191. destination-address any;
  192. application any;
  193. }
  194. then {
  195. permit;
  196. }
  197. }
  198. }
  199. from-zone trust to-zone untrust {
  200. policy default-permit {
  201. match {
  202. source-address any;
  203. destination-address any;
  204. application any;
  205. }
  206. then {
  207. permit;
  208. }
  209. }
  210. }
  211. }
  212. zones {
  213. security-zone MGMT {
  214. tcp-rst;
  215. host-inbound-traffic {
  216. system-services {
  217. all;
  218. }
  219. protocols {
  220. all;
  221. }
  222. }
  223. interfaces {
  224. ge-0/0/0.0;
  225. }
  226. }
  227. security-zone unMGMT {
  228. screen unMGMT-screen;
  229. }
  230. security-zone trust {
  231. tcp-rst;
  232. host-inbound-traffic {
  233. system-services {
  234. all;
  235. }
  236. protocols {
  237. all;
  238. }
  239. }
  240. interfaces {
  241. ge-0/0/1.0;
  242. ge-0/0/2.0;
  243. }
  244. }
  245. security-zone untrust;
  246. }
  247. }
  248. interfaces {
  249. ge-0/0/0 {
  250. unit 0 {
  251. family inet {
  252. address 10.20.2.216/24;
  253. }
  254. }
  255. }
  256. ge-0/0/1 {
  257. unit 0 {
  258. family inet {
  259. address 192.168.2.2/24;
  260. }
  261. }
  262. }
  263. ge-0/0/2 {
  264. unit 0 {
  265. family inet {
  266. address 172.16.21.1/24;
  267. address 172.16.22.1/24;
  268. address 172.16.23.1/24;
  269. address 172.16.24.1/24;
  270. }
  271. }
  272. }
  273. fxp0 {
  274. unit 0;
  275. }
  276. lo0 {
  277. unit 0 {
  278. family inet {
  279. address 192.168.254.2/32;
  280. }
  281. family mpls;
  282. }
  283. }
  284. }
  285. routing-options {
  286. autonomous-system 65102;
  287. }
  288. protocols {
  289. bgp {
  290. group CUST-B {
  291. type external;
  292. import IMPORT-BGP;
  293. export EXPORT-BGP;
  294. peer-as 65123;
  295. neighbor 192.168.2.254;
  296. }
  297. }
  298. ospf {
  299. area 0.0.0.0 {
  300. interface ge-0/0/1.0;
  301. interface ge-0/0/2.0 {
  302. passive;
  303. }
  304. interface lo0.0 {
  305. passive;
  306. }
  307. }
  308. }
  309. rip {
  310. group CUST-A {
  311. export EXPORT-RIP;
  312. neighbor ge-0/0/1.0;
  313. }
  314. inactive: group CUST-B {
  315. export EXPORT-RIP;
  316. neighbor all;
  317. }
  318. }
  319. }
  320. policy-options {
  321. policy-statement EXPORT-BGP {
  322. from protocol direct;
  323. then accept;
  324. }
  325. policy-statement EXPORT-RIP {
  326. from protocol direct;
  327. then accept;
  328. }
  329. policy-statement IMPORT-BGP {
  330. then accept;
  331. }
  332. }
  333. routing-instances {
  334. MGMT {
  335. instance-type virtual-router;
  336. interface ge-0/0/0.0;
  337. routing-options {
  338. static {
  339. route 0.0.0.0/0 next-hop 10.20.2.1;
  340. }
  341. }
  342. }
  343. }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!