Permalink
Switch branches/tags
Nothing to show
Find file Copy path
Fetching contributors…
Cannot retrieve contributors at this time
281 lines (280 sloc) 6.64 KB
## Last changed: 2017-03-16 19:16:56 UTC
version 17.1R1.8;
system {
host-name P1-vMX;
root-authentication {
encrypted-password "$6$MACbFEk3$Hg/1wENRq7U5eqli9x/uF12fRU5gcys.R.UrI5DAwGbaP5ZvAMh34aMghxXSioi8C/aovoj6frRXUpXzBsMBJ0";
}
login {
user bgphelp {
uid 2001;
class super-user;
authentication {
encrypted-password "$1$AVGGoHjI$F9TDTWzZargpxvicYaTfU1";
}
}
}
services {
ssh;
netconf {
ssh;
}
}
syslog {
user * {
any emergency;
}
file messages {
any any;
authorization info;
}
file interactive-commands {
interactive-commands any;
}
}
archival {
configuration {
transfer-on-commit;
archive-sites {
"scp://cfg:c0nf1Gb4ckup!@192.168.3.210/home/cfg/config-backups/";
}
}
}
license {
autoupdate {
url https://ae1.juniper.net/junos/key_retrieval;
}
}
}
security {
authentication-key-chains {
key-chain ldp-chain {
key 0 {
secret "$9$vh08xd24Zk.5bs.5QFAtM8X";
start-time "2017-1-1.00:00:00 +0000";
}
}
}
}
interfaces {
ge-0/0/0 {
vlan-tagging;
mtu 9500;
unit 500 {
description P1->P2;
vlan-id 500;
family inet {
address 120.0.3.0/31;
}
family iso;
family mpls;
}
unit 501 {
description P1->RR1;
vlan-id 501;
family inet {
address 120.0.3.2/31;
}
family iso;
family mpls;
}
unit 502 {
disable;
description P1->PE1;
vlan-id 502;
family inet {
address 120.0.3.6/31;
}
family iso;
family mpls;
}
unit 503 {
description P1->PE2;
vlan-id 503;
family inet {
address 120.0.3.10/31;
}
family iso;
family mpls;
}
unit 507 {
description "'XR-1'";
vlan-id 507;
family inet {
address 120.0.3.14/31;
}
family iso;
family mpls;
}
}
fxp0 {
unit 0 {
family inet {
address 192.168.3.201/24;
}
}
}
lo0 {
unit 0 {
family inet {
filter {
input-list [ accept-protocols accept-management accept-monitoring discard-any ];
}
address 120.0.0.1/32;
}
family iso {
address 49.0002.0120.0000.0001.00;
}
}
}
}
routing-options {
static {
route 192.168.74.0/24 {
next-hop 192.168.3.18;
no-readvertise;
}
}
router-id 120.0.0.1;
autonomous-system 100;
}
protocols {
mpls {
interface all;
interface fxp0.0 {
disable;
}
}
inactive: bgp {
group IBGP-RR {
type internal;
local-address 120.0.0.1;
family inet {
unicast;
}
authentication-key "$9$5znCO1hKMXtuMX7-2gTz3";
neighbor 120.0.1.1;
neighbor 120.0.1.2;
}
}
isis {
source-packet-routing {
node-segment ipv4-index 1;
}
level 2 wide-metrics-only;
level 1 disable;
interface all {
point-to-point;
}
interface fxp0.0 {
disable;
}
}
inactive: ldp {
transport-address router-id;
interface all;
interface fxp0.0 {
disable;
}
session-group 120.0.0.0/22 {
authentication-algorithm aes-128-cmac-96;
authentication-key-chain ldp-chain;
}
igp-synchronization holddown-interval 30;
}
}
firewall {
family inet {
filter accept-protocols {
term bgp {
from {
source-address {
120.0.4.9/32;
0.0.0.0/0;
}
protocol tcp;
port bgp;
}
then accept;
}
term ldp {
from {
source-address {
120.0.0.0/22;
}
protocol [ tcp udp ];
port ldp;
}
then accept;
}
}
filter accept-management {
term ssh {
from {
source-address {
120.0.30.10/32;
192.168.3.0/24;
}
protocol tcp;
port ssh;
}
then accept;
}
term snmp {
from {
source-address {
120.0.30.10/32;
}
protocol udp;
destination-port snmp;
}
then accept;
}
term ntp {
from {
source-address {
120.0.30.10/32;
}
protocol udp;
port ntp;
}
then accept;
}
term dns {
from {
source-address {
120.0.30.10/32;
}
protocol [ udp tcp ];
source-port 53;
}
then accept;
}
}
filter accept-monitoring {
term icmp {
from {
protocol icmp;
icmp-type [ echo-reply echo-request time-exceeded unreachable parameter-problem ];
}
then accept;
}
term traceroute-udp {
from {
protocol udp;
destination-port 33435-33450;
}
then accept;
}
}
filter discard-any {
term 10 {
then {
count re-discard;
syslog;
discard;
}
}
}
}
}