Juniper
Firewall
Firewall
SRX Bgp default route
BGP with default route
root# show | display set
set version 15.1X49-D70.3
set system root-authentication
set system name-server 8.8.8.8
set system name-server 8.8.4.4
set system services ssh root-login allow
set system services ssh protocol-version v2
set system services telnet
set system services xnm-clear-text
set system services netconf ssh
set system services dhcp-local-server group jdhcp-group interface irb.0
set system services web-management http
set system services web-management https system-generated-certificate
set system syslog archive size 100k
set system syslog archive files 3
set system syslog user * any emergency
set system syslog file messages any notice
set system syslog file messages authorization info
set system syslog file interactive-commands interactive-commands any
set system max-configurations-on-flash 5
set system max-configuration-rollbacks 5
set system license autoupdate url https://ae1.juniper.net/junos/key_retrieval
set security screen ids-option untrust-screen icmp ping-death
set security screen ids-option untrust-screen ip source-route-option
set security screen ids-option untrust-screen ip tear-drop
set security screen ids-option untrust-screen tcp syn-flood alarm-threshold 1024
set security screen ids-option untrust-screen tcp syn-flood attack-threshold 200
set security screen ids-option untrust-screen tcp syn-flood source-threshold 1024
set security screen ids-option untrust-screen tcp syn-flood destination-threshold 2048
set security screen ids-option untrust-screen tcp syn-flood timeout 20
set security screen ids-option untrust-screen tcp land
set security nat source rule-set trust-to-untrust from zone trust
set security nat source rule-set trust-to-untrust to zone untrust
set security nat source rule-set trust-to-untrust rule source-nat-rule match source-address 0.0.0.0/0
set security nat source rule-set trust-to-untrust rule source-nat-rule then source-nat interface
set security policies from-zone trust to-zone trust policy trust-to-trust match source-address any
set security policies from-zone trust to-zone trust policy trust-to-trust match destination-address any
set security policies from-zone trust to-zone trust policy trust-to-trust match application any
set security policies from-zone trust to-zone trust policy trust-to-trust then permit
set security policies from-zone trust to-zone untrust policy trust-to-untrust match source-address any
set security policies from-zone trust to-zone untrust policy trust-to-untrust match destination-address any
set security policies from-zone trust to-zone untrust policy trust-to-untrust match application any
set security policies from-zone trust to-zone untrust policy trust-to-untrust then permit
set security zones security-zone trust host-inbound-traffic system-services all
set security zones security-zone trust host-inbound-traffic protocols all
set security zones security-zone trust interfaces irb.0 host-inbound-traffic system-services ping
set security zones security-zone untrust screen untrust-screen
set security zones security-zone untrust interfaces ge-0/0/0.0 host-inbound-traffic system-services dhcp
set security zones security-zone untrust interfaces ge-0/0/0.0 host-inbound-traffic system-services tftp
set security zones security-zone untrust interfaces ge-0/0/7.0 host-inbound-traffic system-services ssh
set security zones security-zone untrust interfaces ge-0/0/7.0 host-inbound-traffic system-services http
set security zones security-zone untrust interfaces ge-0/0/7.0 host-inbound-traffic system-services https
set security zones security-zone untrust interfaces ge-0/0/7.0 host-inbound-traffic system-services ping
set interfaces ge-0/0/0 unit 0 family inet
set interfaces ge-0/0/1 unit 0 family ethernet-switching vlan members vlan-trust
set interfaces ge-0/0/2 unit 0 family ethernet-switching vlan members vlan-trust
set interfaces ge-0/0/3 unit 0 family ethernet-switching vlan members vlan-trust
set interfaces ge-0/0/4 unit 0 family ethernet-switching vlan members vlan-trust
set interfaces ge-0/0/5 unit 0 family ethernet-switching vlan members vlan-trust
set interfaces ge-0/0/6 unit 0 family ethernet-switching vlan members vlan-trust
set interfaces ge-0/0/7 unit 0 family inet address 13.13.13.245/31
set interfaces irb unit 0 family inet address 12.12.12.1/24
set routing-options static route 0.0.0.0/0 next-hop 13.13.13.244
set routing-options autonomous-system 313131
set protocols bgp traceoptions file bgp-log
set protocols bgp traceoptions file size 1024768
set protocols bgp traceoptions file files 10
set protocols bgp traceoptions flag all
set protocols bgp group SOME_ISP type external
set protocols bgp group SOME_ISP log-updown
set protocols bgp group SOME_ISP export AN_some_customer
set protocols bgp group SOME_ISP peer-as 12213
set protocols bgp group SOME_ISP neighbor 13.13.13.244 local-address 13.13.13.245
set protocols l2-learning global-mode switching
set policy-options policy-statement AN_some_customer term 1 from route-filter 12.12.12.0/24 exact
set policy-options policy-statement AN_some_customer term 1 then accept
set access address-assignment pool junosDHCPPool family inet network 192.168.1.0/24
set access address-assignment pool junosDHCPPool family inet range junosRange low 192.168.1.2
set access address-assignment pool junosDHCPPool family inet range junosRange high 192.168.1.254
set access address-assignment pool junosDHCPPool family inet dhcp-attributes router 192.168.1.1
set access address-assignment pool junosDHCPPool family inet dhcp-attributes propagate-settings ge-0/0/0.0
set vlans vlan-trust vlan-id 3
set vlans vlan-trust l3-interface irb.0
Switch
Switch
Initial config on ex switches
TR
Aşağıda daha önce uygulanmış üzerinde vlanleri açık ve aggregated interfaceleri ekli örnek bulabilirsiniz. kopyalarken ilk satırı dışarıda bırakmayı unutmayınız.
EN
You can find a initial configuration tested on field.
root@some_customer-BACKBONE# show | display set | no-more
set version 13.2X51-D35.3
set system host-name some_customer-BACKBONE
set system auto-snapshot
set system time-zone Europe/Istanbul
set system name-server 10.123.123.123
set system name-server 10.123.123.123
set system services ssh protocol-version v2
set system services telnet
set system services netconf ssh
set system services web-management http
set system syslog user * any emergency
set system syslog file messages any notice
set system syslog file messages authorization info
set system syslog file interactive-commands interactive-commands any
set system ntp
set chassis redundancy graceful-switchover
set chassis aggregated-devices ethernet device-count 30
set chassis alarm management-ethernet link-down ignore
set interfaces interface-range all-ports member-range ge-0/0/0 to ge-0/0/31
set interfaces interface-range all-ports member-range ge-1/0/0 to ge-1/0/31
set interfaces interface-range all-ports member-range ge-2/0/0 to ge-2/0/31
set interfaces interface-range all-ports member-range xe-1/0/0 to xe-1/0/31
set interfaces interface-range all-ports member-range xe-0/0/0 to xe-0/0/31
set interfaces interface-range all-ports member-range xe-2/0/0 to xe-2/0/31
set interfaces ge-0/0/0 ether-options 802.3ad ae13
set interfaces ge-0/0/1 ether-options 802.3ad ae14
set interfaces ge-0/0/2 ether-options 802.3ad ae16
set interfaces ge-0/0/3 ether-options 802.3ad ae18
set interfaces ge-0/0/4 ether-options 802.3ad ae19
set interfaces ge-0/0/5 ether-options 802.3ad ae21
set interfaces ge-0/0/6 ether-options 802.3ad ae23
set interfaces ge-0/0/7 ether-options 802.3ad ae24
set interfaces ge-0/0/8 unit 0 family ethernet-switching vlan members default
set interfaces ge-0/0/8 unit 0 family ethernet-switching storm-control default
set interfaces ge-0/0/9 unit 0 family ethernet-switching vlan members default
set interfaces ge-0/0/9 unit 0 family ethernet-switching storm-control default
set interfaces ge-0/0/10 unit 0 family ethernet-switching vlan members default
set interfaces ge-0/0/10 unit 0 family ethernet-switching storm-control default
set interfaces ge-0/0/11 unit 0 family ethernet-switching vlan members default
set interfaces ge-0/0/11 unit 0 family ethernet-switching storm-control default
set interfaces ge-0/0/12 unit 0 family ethernet-switching vlan members default
set interfaces ge-0/0/12 unit 0 family ethernet-switching storm-control default
set interfaces ge-0/0/13 unit 0 family ethernet-switching vlan members default
set interfaces ge-0/0/13 unit 0 family ethernet-switching storm-control default
set interfaces ge-0/0/14 unit 0 family ethernet-switching vlan members default
set interfaces ge-0/0/14 unit 0 family ethernet-switching storm-control default
set interfaces ge-0/0/15 unit 0 family ethernet-switching vlan members default
set interfaces ge-0/0/15 unit 0 family ethernet-switching storm-control default
set interfaces ge-0/0/16 unit 0 family ethernet-switching vlan members default
set interfaces ge-0/0/16 unit 0 family ethernet-switching storm-control default
set interfaces ge-0/0/17 unit 0 family ethernet-switching vlan members default
set interfaces ge-0/0/17 unit 0 family ethernet-switching storm-control default
set interfaces ge-0/0/18 ether-options 802.3ad ae25
set interfaces ge-0/0/19 ether-options 802.3ad ae25
set interfaces ge-0/0/20 unit 0 family ethernet-switching vlan members default
set interfaces ge-0/0/20 unit 0 family ethernet-switching storm-control default
set interfaces ge-0/0/21 unit 0 family ethernet-switching vlan members default
set interfaces ge-0/0/21 unit 0 family ethernet-switching storm-control default
set interfaces ge-0/0/22 unit 0 family ethernet-switching vlan members default
set interfaces ge-0/0/22 unit 0 family ethernet-switching storm-control default
set interfaces ge-0/0/23 unit 0 family ethernet-switching vlan members default
set interfaces ge-0/0/23 unit 0 family ethernet-switching storm-control default
set interfaces ge-0/0/24 unit 0 family ethernet-switching vlan members default
set interfaces ge-0/0/24 unit 0 family ethernet-switching storm-control default
set interfaces ge-0/0/25 unit 0 family ethernet-switching vlan members default
set interfaces ge-0/0/25 unit 0 family ethernet-switching storm-control default
set interfaces ge-0/0/26 unit 0 family ethernet-switching vlan members default
set interfaces ge-0/0/26 unit 0 family ethernet-switching storm-control default
set interfaces ge-0/0/27 unit 0 family ethernet-switching vlan members default
set interfaces ge-0/0/27 unit 0 family ethernet-switching storm-control default
set interfaces ge-0/0/28 ether-options 802.3ad ae4
set interfaces ge-0/0/29 ether-options 802.3ad ae3
set interfaces ge-0/0/30 ether-options 802.3ad ae1
set interfaces ge-0/0/31 ether-options 802.3ad ae2
set interfaces ge-0/0/32 unit 0 family ethernet-switching vlan members default
set interfaces ge-0/0/32 unit 0 family ethernet-switching storm-control default
set interfaces xe-0/0/32 unit 0 family ethernet-switching vlan members default
set interfaces xe-0/0/32 unit 0 family ethernet-switching storm-control default
set interfaces ge-0/0/33 unit 0 family ethernet-switching vlan members default
set interfaces ge-0/0/33 unit 0 family ethernet-switching storm-control default
set interfaces xe-0/0/33 unit 0 family ethernet-switching vlan members default
set interfaces xe-0/0/33 unit 0 family ethernet-switching storm-control default
set interfaces ge-0/0/34 unit 0 family ethernet-switching vlan members default
set interfaces ge-0/0/34 unit 0 family ethernet-switching storm-control default
set interfaces xe-0/0/34 unit 0 family ethernet-switching vlan members default
set interfaces xe-0/0/34 unit 0 family ethernet-switching storm-control default
set interfaces ge-0/0/35 unit 0 family ethernet-switching vlan members default
set interfaces ge-0/0/35 unit 0 family ethernet-switching storm-control default
set interfaces xe-0/0/35 unit 0 family ethernet-switching vlan members default
set interfaces xe-0/0/35 unit 0 family ethernet-switching storm-control default
set interfaces et-0/2/0 unit 0 family ethernet-switching vlan members default
set interfaces et-0/2/0 unit 0 family ethernet-switching storm-control default
set interfaces ge-0/2/0 unit 0 family ethernet-switching vlan members default
set interfaces ge-0/2/0 unit 0 family ethernet-switching storm-control default
set interfaces xe-0/2/0 unit 0 family ethernet-switching vlan members default
set interfaces xe-0/2/0 unit 0 family ethernet-switching storm-control default
set interfaces et-0/2/1 unit 0 family ethernet-switching vlan members default
set interfaces et-0/2/1 unit 0 family ethernet-switching storm-control default
set interfaces ge-0/2/1 unit 0 family ethernet-switching vlan members default
set interfaces ge-0/2/1 unit 0 family ethernet-switching storm-control default
set interfaces xe-0/2/1 unit 0 family ethernet-switching vlan members default
set interfaces xe-0/2/1 unit 0 family ethernet-switching storm-control default
set interfaces ge-0/2/2 unit 0 family ethernet-switching vlan members default
set interfaces ge-0/2/2 unit 0 family ethernet-switching storm-control default
set interfaces xe-0/2/2 unit 0 family ethernet-switching vlan members default
set interfaces xe-0/2/2 unit 0 family ethernet-switching storm-control default
set interfaces ge-0/2/3 unit 0 family ethernet-switching vlan members default
set interfaces ge-0/2/3 unit 0 family ethernet-switching storm-control default
set interfaces xe-0/2/3 unit 0 family ethernet-switching vlan members default
set interfaces xe-0/2/3 unit 0 family ethernet-switching storm-control default
set interfaces ge-0/2/4 unit 0 family ethernet-switching vlan members default
set interfaces ge-0/2/4 unit 0 family ethernet-switching storm-control default
set interfaces xe-0/2/4 unit 0 family ethernet-switching vlan members default
set interfaces xe-0/2/4 unit 0 family ethernet-switching storm-control default
set interfaces ge-0/2/5 unit 0 family ethernet-switching vlan members default
set interfaces ge-0/2/5 unit 0 family ethernet-switching storm-control default
set interfaces xe-0/2/5 unit 0 family ethernet-switching vlan members default
set interfaces xe-0/2/5 unit 0 family ethernet-switching storm-control default
set interfaces ge-0/2/6 unit 0 family ethernet-switching vlan members default
set interfaces ge-0/2/6 unit 0 family ethernet-switching storm-control default
set interfaces xe-0/2/6 unit 0 family ethernet-switching vlan members default
set interfaces xe-0/2/6 unit 0 family ethernet-switching storm-control default
set interfaces ge-0/2/7 unit 0 family ethernet-switching vlan members default
set interfaces ge-0/2/7 unit 0 family ethernet-switching storm-control default
set interfaces xe-0/2/7 unit 0 family ethernet-switching vlan members default
set interfaces xe-0/2/7 unit 0 family ethernet-switching storm-control default
set interfaces ge-1/0/0 ether-options 802.3ad ae13
set interfaces ge-1/0/1 ether-options 802.3ad ae15
set interfaces ge-1/0/2 ether-options 802.3ad ae17
set interfaces ge-1/0/3 ether-options 802.3ad ae18
set interfaces ge-1/0/4 ether-options 802.3ad ae20
set interfaces ge-1/0/5 ether-options 802.3ad ae21
set interfaces ge-1/0/6 ether-options 802.3ad ae22
set interfaces ge-1/0/18 ether-options 802.3ad ae25
set interfaces ge-1/0/19 ether-options 802.3ad ae25
set interfaces ge-1/0/29 ether-options 802.3ad ae3
set interfaces ge-1/0/30 ether-options 802.3ad ae1
set interfaces ge-1/0/31 ether-options 802.3ad ae2
set interfaces ge-2/0/0 ether-options 802.3ad ae14
set interfaces ge-2/0/1 ether-options 802.3ad ae15
set interfaces ge-2/0/2 ether-options 802.3ad ae17
set interfaces ge-2/0/3 ether-options 802.3ad ae20
set interfaces ge-2/0/4 ether-options 802.3ad ae19
set interfaces ge-2/0/5 ether-options 802.3ad ae22
set interfaces ge-2/0/6 ether-options 802.3ad ae23
set interfaces ge-2/0/18 ether-options 802.3ad ae25
set interfaces ge-2/0/19 ether-options 802.3ad ae25
set interfaces ge-2/0/29 ether-options 802.3ad ae4
set interfaces ge-2/0/30 ether-options 802.3ad ae1
set interfaces ge-2/0/31 ether-options 802.3ad ae2
set interfaces ae1 description to-FIREWALL-1
set interfaces ae1 aggregated-ether-options lacp active
set interfaces ae1 aggregated-ether-options lacp periodic fast
set interfaces ae1 unit 0 family ethernet-switching interface-mode trunk
set interfaces ae1 unit 0 family ethernet-switching vlan members all
set interfaces ae2 description to-FIREWALL-2
set interfaces ae2 aggregated-ether-options lacp active
set interfaces ae2 aggregated-ether-options lacp periodic fast
set interfaces ae2 unit 0 family ethernet-switching interface-mode trunk
set interfaces ae2 unit 0 family ethernet-switching vlan members all
set interfaces ae3 description to-ARUBA-1
set interfaces ae3 aggregated-ether-options lacp active
set interfaces ae3 aggregated-ether-options lacp periodic fast
set interfaces ae3 unit 0 family ethernet-switching interface-mode trunk
set interfaces ae3 unit 0 family ethernet-switching vlan members all
set interfaces ae4 description to-ARUBA-2
set interfaces ae4 aggregated-ether-options lacp active
set interfaces ae4 aggregated-ether-options lacp periodic fast
set interfaces ae4 unit 0 family ethernet-switching interface-mode trunk
set interfaces ae4 unit 0 family ethernet-switching vlan members all
set interfaces ae13 description to-BK-KB3-VC1
set interfaces ae13 aggregated-ether-options lacp active
set interfaces ae13 aggregated-ether-options lacp periodic fast
set interfaces ae13 unit 0 family ethernet-switching interface-mode trunk
set interfaces ae13 unit 0 family ethernet-switching vlan members all
set interfaces ae14 description to-BK-KB3-VC2
set interfaces ae14 aggregated-ether-options lacp active
set interfaces ae14 aggregated-ether-options lacp periodic fast
set interfaces ae14 unit 0 family ethernet-switching interface-mode trunk
set interfaces ae14 unit 0 family ethernet-switching vlan members all
set interfaces ae15 description to-BK-KB4-VC1
set interfaces ae15 aggregated-ether-options lacp active
set interfaces ae15 aggregated-ether-options lacp periodic fast
set interfaces ae15 unit 0 family ethernet-switching interface-mode trunk
set interfaces ae15 unit 0 family ethernet-switching vlan members all
set interfaces ae16 description to-BK-KB4-VC2
set interfaces ae16 aggregated-ether-options lacp active
set interfaces ae16 aggregated-ether-options lacp periodic fast
set interfaces ae16 unit 0 family ethernet-switching interface-mode trunk
set interfaces ae16 unit 0 family ethernet-switching vlan members all
set interfaces ae17 description to-BK-KB5-VC1
set interfaces ae17 aggregated-ether-options lacp active
set interfaces ae17 aggregated-ether-options lacp periodic fast
set interfaces ae17 unit 0 family ethernet-switching interface-mode trunk
set interfaces ae17 unit 0 family ethernet-switching vlan members all
set interfaces ae18 description to-BK-KB6-VC1
set interfaces ae18 aggregated-ether-options lacp active
set interfaces ae18 aggregated-ether-options lacp periodic fast
set interfaces ae18 unit 0 family ethernet-switching interface-mode trunk
set interfaces ae18 unit 0 family ethernet-switching vlan members all
set interfaces ae19 description to-MZ-K5-VC1
set interfaces ae19 aggregated-ether-options lacp active
set interfaces ae19 aggregated-ether-options lacp periodic fast
set interfaces ae19 unit 0 family ethernet-switching interface-mode trunk
set interfaces ae19 unit 0 family ethernet-switching vlan members all
set interfaces ae20 description to-MZ-K4-VC1
set interfaces ae20 aggregated-ether-options lacp active
set interfaces ae20 aggregated-ether-options lacp periodic fast
set interfaces ae20 unit 0 family ethernet-switching interface-mode trunk
set interfaces ae20 unit 0 family ethernet-switching vlan members all
set interfaces ae21 description to-BK-KB1-VC1
set interfaces ae21 aggregated-ether-options lacp active
set interfaces ae21 aggregated-ether-options lacp periodic fast
set interfaces ae21 unit 0 family ethernet-switching interface-mode trunk
set interfaces ae21 unit 0 family ethernet-switching vlan members all
set interfaces ae22 description to-BK-KB2-VC1
set interfaces ae22 aggregated-ether-options lacp active
set interfaces ae22 aggregated-ether-options lacp periodic fast
set interfaces ae22 unit 0 family ethernet-switching interface-mode trunk
set interfaces ae22 unit 0 family ethernet-switching vlan members all
set interfaces ae23 description to-BK-KB2-VC2
set interfaces ae23 aggregated-ether-options lacp active
set interfaces ae23 aggregated-ether-options lacp periodic fast
set interfaces ae23 unit 0 family ethernet-switching interface-mode trunk
set interfaces ae23 unit 0 family ethernet-switching vlan members all
set interfaces ae24 description to-BK-KB1-VC2
set interfaces ae24 aggregated-ether-options lacp active
set interfaces ae24 aggregated-ether-options lacp periodic fast
set interfaces ae24 unit 0 family ethernet-switching interface-mode trunk
set interfaces ae24 unit 0 family ethernet-switching vlan members all
set interfaces ae25 description to-SYS-VC1
set interfaces ae25 aggregated-ether-options lacp active
set interfaces ae25 aggregated-ether-options lacp periodic fast
set interfaces ae25 unit 0 family ethernet-switching interface-mode trunk
set interfaces ae25 unit 0 family ethernet-switching vlan members all
set interfaces irb unit 0 family inet
set interfaces irb unit 10 family inet address 10.123.11.200/23
set interfaces vme unit 0 family inet address 10.0.0.200/24
set snmp location "some_customer, GEBZE"
set forwarding-options storm-control-profiles default all
set routing-options static route 0.0.0.0/0 next-hop 10.123.11.254
set protocols lldp interface all
set protocols lldp-med interface all
set protocols igmp-snooping vlan default
set protocols igmp-snooping vlan all
set protocols layer2-control nonstop-bridging
set vlans AP vlan-id 20
set vlans ARM vlan-id 333
set vlans Cargo vlan-id 105
set vlans Barcode vlan-id 85
set vlans Guest vlan-id 210
set vlans INTERNET-SOL vlan-id 434
set vlans INTERNET-VF vlan-id 433
set vlans Konveyor vlan-id 230
set vlans Management vlan-id 10
set vlans Management l3-interface irb.10
set vlans Mng vlan-id 107
set vlans Other vlan-id 90
set vlans Other2 vlan-id 95
set vlans Pdks vlan-id 220
set vlans Printer vlan-id 80
set vlans RF vlan-id 70
set vlans RF2 vlan-id 75
set vlans SERVER vlan-id 40
set vlans Scada vlan-id 97
set vlans Thinclient vlan-id 60
set vlans Thinclient2 vlan-id 65
set vlans SomeCustomerSecure vlan-id 110
set vlans SomeCustomerSecure2 vlan-id 115
set vlans User vlan-id 50
set vlans User2 vlan-id 55
set vlans VO-IP vlan-id 30
set vlans Video vlan-id 96
set vlans Cargo2 vlan-id 106
set vlans default vlan-id 1
set vlans default l3-interface irb.0