Created
July 29, 2017 22:01
-
-
Save njh/f39bee575099a3d6057baecf62807d4c to your computer and use it in GitHub Desktop.
Juniper SRX configuration for DHCP client (WAN side) and DHCP Server (LAN side)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ## Last commit: 2017-07-29 17:20:42 GMT by root | |
| version 12.1X46-D66.1; | |
| system { | |
| host-name cable-router; | |
| domain-name example.com; | |
| time-zone Europe/London; | |
| root-authentication { | |
| encrypted-password "xxx"; | |
| } | |
| name-server { | |
| 8.8.8.8; | |
| 8.8.4.4; | |
| } | |
| name-resolution { | |
| no-resolve-on-input; | |
| } | |
| services { | |
| ssh; | |
| web-management { | |
| http { | |
| interface vlan.0; | |
| } | |
| session { | |
| idle-timeout 60; | |
| } | |
| } | |
| dhcp-local-server { | |
| group dhcp-lan-group { | |
| interface vlan.0; | |
| } | |
| } | |
| } | |
| syslog { | |
| archive size 100k files 3; | |
| user * { | |
| any emergency; | |
| } | |
| file messages { | |
| any critical; | |
| authorization info; | |
| } | |
| file interactive-commands { | |
| interactive-commands error; | |
| } | |
| } | |
| max-configurations-on-flash 5; | |
| max-configuration-rollbacks 5; | |
| license { | |
| autoupdate { | |
| url https://ae1.juniper.net/junos/key_retrieval; | |
| } | |
| } | |
| ntp { | |
| server uk.ntp.pool.org; | |
| } | |
| } | |
| interfaces { | |
| fe-0/0/0 { | |
| unit 0 { | |
| description "Cable Modem"; | |
| family inet { | |
| dhcp-client; | |
| } | |
| } | |
| } | |
| interface-range interfaces-trust { | |
| member fe-0/0/1; | |
| member fe-0/0/2; | |
| member fe-0/0/3; | |
| member fe-0/0/4; | |
| member fe-0/0/5; | |
| member fe-0/0/6; | |
| member fe-0/0/7; | |
| unit 0 { | |
| family ethernet-switching { | |
| vlan { | |
| members vlan-trust; | |
| } | |
| } | |
| } | |
| } | |
| vlan { | |
| unit 0 { | |
| family inet { | |
| address 192.168.0.1/24; | |
| } | |
| } | |
| } | |
| } | |
| protocols { | |
| stp; | |
| } | |
| access { | |
| address-assignment { | |
| pool dhcp-lan-pool { | |
| family inet { | |
| network 192.168.0.0/24; | |
| range dhcp-lan-range { | |
| low 192.168.0.50; | |
| high 192.168.0.250; | |
| } | |
| dhcp-attributes { | |
| name-server { | |
| 8.8.8.8; | |
| 8.8.4.4; | |
| } | |
| router { | |
| 192.168.0.1; | |
| } | |
| } | |
| } | |
| } | |
| } | |
| } | |
| security { | |
| screen { | |
| ids-option untrust-screen { | |
| icmp { | |
| ping-death; | |
| } | |
| ip { | |
| source-route-option; | |
| tear-drop; | |
| } | |
| tcp { | |
| syn-flood { | |
| alarm-threshold 1024; | |
| attack-threshold 200; | |
| source-threshold 1024; | |
| destination-threshold 2048; | |
| timeout 20; | |
| } | |
| land; | |
| } | |
| } | |
| } | |
| nat { | |
| source { | |
| rule-set trust-to-untrust { | |
| from zone trust; | |
| to zone untrust; | |
| rule source-nat-rule { | |
| match { | |
| source-address 0.0.0.0/0; | |
| destination-address 0.0.0.0/0; | |
| } | |
| then { | |
| source-nat { | |
| interface; | |
| } | |
| } | |
| } | |
| } | |
| } | |
| } | |
| policies { | |
| from-zone trust to-zone untrust { | |
| policy trust-to-untrust { | |
| match { | |
| source-address any; | |
| destination-address any; | |
| application any; | |
| } | |
| then { | |
| permit; | |
| } | |
| } | |
| } | |
| } | |
| zones { | |
| security-zone trust { | |
| interfaces { | |
| vlan.0 { | |
| host-inbound-traffic { | |
| system-services { | |
| ping; | |
| dhcp; | |
| http; | |
| https; | |
| ssh; | |
| } | |
| } | |
| } | |
| } | |
| } | |
| security-zone untrust { | |
| interfaces { | |
| fe-0/0/0.0 { | |
| host-inbound-traffic { | |
| system-services { | |
| ping; | |
| dhcp; | |
| } | |
| } | |
| } | |
| } | |
| } | |
| } | |
| } | |
| vlans { | |
| vlan-trust { | |
| vlan-id 3; | |
| l3-interface vlan.0; | |
| } | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment