Permalink
Switch branches/tags
Nothing to show
Find file Copy path
Fetching contributors…
Cannot retrieve contributors at this time
280 lines (279 sloc) 6.61 KB
## Last changed: 2017-03-16 19:17:02 UTC
version 17.1R1.8;
system {
host-name P2-vMX;
root-authentication {
encrypted-password "$6$2WLyaQN9$QdmIf5gU631uoofYFeHqT/7NRTza1MtK.63ehwn8Bdyb0C/h0C4o5UNIO6q7GjuyLy1J3BqZXS1fmxQ4hiYp1.";
}
login {
user bgphelp {
uid 2001;
class super-user;
authentication {
encrypted-password "$1$AVGGoHjI$F9TDTWzZargpxvicYaTfU1";
}
}
}
services {
ssh;
netconf {
ssh;
}
web-management {
http {
interface ge-0/0/0.0;
}
}
}
syslog {
user * {
any emergency;
}
file messages {
any any;
authorization info;
}
file interactive-commands {
interactive-commands any;
}
}
archival {
configuration {
transfer-on-commit;
archive-sites {
"scp://cfg:c0nf1Gb4ckup!@192.168.3.210/home/cfg/config-backups/";
}
}
}
license {
autoupdate {
url https://ae1.juniper.net/junos/key_retrieval;
}
}
}
security {
authentication-key-chains {
key-chain ldp-chain {
key 0 {
secret "$9$32FA/A0EclLxdBIxdbsJZn/C";
start-time "2017-1-1.00:00:00 +0000";
}
}
}
}
interfaces {
ge-0/0/0 {
vlan-tagging;
mtu 9500;
unit 500 {
description P2->P1;
vlan-id 500;
family inet {
address 120.0.3.1/31;
}
family iso;
family mpls;
}
unit 505 {
description P2->PE2;
vlan-id 505;
family inet {
address 120.0.3.12/31;
}
family iso;
family mpls;
}
unit 506 {
description P2->RR2;
vlan-id 506;
family inet {
address 120.0.3.4/31;
}
family iso;
family mpls;
}
unit 508 {
description P2->P4;
vlan-id 508;
family inet {
address 120.0.3.16/31;
}
family iso;
family mpls;
}
}
fxp0 {
unit 0 {
family inet {
address 192.168.3.202/24;
}
}
}
lo0 {
unit 0 {
family inet {
inactive: filter {
input-list [ accept-protocols accept-management accept-monitoring discard-any ];
}
address 120.0.0.2/32;
}
family iso {
address 49.0002.0120.0000.0002.00;
}
}
}
}
routing-options {
static {
route 192.168.74.0/24 {
next-hop 192.168.3.18;
no-readvertise;
}
}
router-id 120.0.0.2;
autonomous-system 100;
}
protocols {
mpls {
interface all;
interface fxp0.0 {
disable;
}
}
inactive: bgp {
group IBGP-RR {
type internal;
local-address 120.0.0.2;
family inet {
unicast;
}
authentication-key "$9$5znCO1hKMXtuMX7-2gTz3";
neighbor 120.0.1.1;
neighbor 120.0.1.2;
}
}
isis {
source-packet-routing {
node-segment ipv4-index 2;
}
level 2 wide-metrics-only;
level 1 disable;
interface all {
point-to-point;
}
interface fxp0.0 {
disable;
}
}
inactive: ldp {
traceoptions {
file ldp.log size 1m;
flag all;
}
transport-address router-id;
interface all;
interface fxp0.0 {
disable;
}
session-group 120.0.0.0/22 {
authentication-algorithm aes-128-cmac-96;
authentication-key-chain ldp-chain;
}
igp-synchronization holddown-interval 30;
}
}
firewall {
family inet {
filter accept-protocols {
term bgp {
from {
source-address {
120.0.4.9/32;
0.0.0.0/0;
}
protocol tcp;
port bgp;
}
then accept;
}
term ldp {
from {
source-address {
120.0.0.0/22;
}
protocol [ tcp udp ];
port ldp;
}
then accept;
}
}
filter accept-management {
term ssh {
from {
source-address {
120.0.30.10/32;
192.168.3.0/24;
}
protocol tcp;
port ssh;
}
then accept;
}
term snmp {
from {
source-address {
120.0.30.10/32;
}
protocol udp;
destination-port snmp;
}
then accept;
}
term ntp {
from {
source-address {
120.0.30.10/32;
}
protocol udp;
port ntp;
}
then accept;
}
term dns {
from {
source-address {
120.0.30.10/32;
}
protocol [ udp tcp ];
source-port 53;
}
then accept;
}
}
filter accept-monitoring {
term icmp {
from {
protocol icmp;
icmp-type [ echo-reply echo-request time-exceeded unreachable parameter-problem ];
}
then accept;
}
term traceroute-udp {
from {
protocol udp;
destination-port 33435-33450;
}
then accept;
}
}
filter discard-any {
term 10 {
then {
count discard-any;
syslog;
discard;
}
}
}
}
}