dokucama

User Tools

Site Tools

Trace:
network_stuff:juniper:srx

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
network_stuff:juniper:srx [2017/09/12 15:59] jotasandokunetwork_stuff:juniper:srx [2023/11/02 14:38] (current) – external edit 127.0.0.1
Line 76: Line 76:
 **BGP SRX**\\ **BGP SRX**\\
 To get inspiration: [[http://myitnotes.info/doku.php?id=en:jobs:bgp_basic_configuration|External Link]] & this seminal [[http://puck.nether.net/bgp/juniper-config.html|External Link]] To get inspiration: [[http://myitnotes.info/doku.php?id=en:jobs:bgp_basic_configuration|External Link]] & this seminal [[http://puck.nether.net/bgp/juniper-config.html|External Link]]
-  * Disable flow mode and enable packet mode: [[http://www.mustbegeek.com/configure-srx-mode-to-packet-mode-from-flow-mode/|External Link]]+\\ 
 +See this [[https://www.experts-exchange.com/questions/28243494/How-to-configure-a-Juniper-SRX210-as-a-client-gateway-using-BGP.html|External Link]] 
 +  * Disable flow mode and enable packet mode: [[http://www.mustbegeek.com/configure-srx-mode-to-packet-mode-from-flow-mode/|External Link]] + disable all security features: 
 +  configure 
 +  delete security 
 +  < confirm this will delete everything below this level> 
 +  set security forwarding-options family mpls mode packet-based  
 +  commit and-quit 
 +  request system reboot 
   * Define irb gateway   * Define irb gateway
   * policy options   * policy options
Line 83: Line 92:
     * vlans?     * vlans?
     * irb export term (called iBGP-export in the slingshots)     * irb export term (called iBGP-export in the slingshots)
 +
 +Note that in packet mode, no security policies are allowed, no point on defining zones either.. [[http://forums.juniper.net/t5/Routing/J-6350-MPLS-Support/m-p/17775|External Link]]
 +
 +
 +If we are in flow mode, To allow communication:\\
 +Put all interfaces in the same zone:
 +
 +  set security zones security-zone trust interface ge-0/0/2.0
 +  set security zones security-zone trust interface ge-0/0/3.0
 +
 +Create a policy to permit intra-zone traffic.
 +
 +  set security policies from-zone trust to-zone trust policy trust-to-trust match source-address any destination address any application any
 +  set security policies from-zone trust to-zone trust policy trust-to-trust then permit
 +
 +
 +----
 +
 +**SRX DIRECTORIES**\\
 +  * /junos : This is a read-only dir created in runtime by malloc. Expected to be 100%. See [[https://kb.juniper.net/InfoCenter/index?page=content&id=KB27198 |Link]] 
  
network_stuff/juniper/srx.1505231998.txt.gz · Last modified: (external edit)

Page Tools

Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Share Alike 4.0 International
CC Attribution-Share Alike 4.0 International Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki