version 12.1X44-D35.5;
groups {
node0 {
system {
host-name A;
}
interfaces {
fxp0 {
unit 0 {
family inet {
address 192.168.50.1/24;
}
}
}
}
}
node1 {
system {
host-name SB;
}
interfaces {
fxp0 {
unit 0 {
family inet {
address 192.168.50.2/24;
}
}
}
}
}
}
apply-groups "${node}";
system {
time-zone Australia/Brisbane;
root-authentication {
encrypted-password "";
}
name-server {
8.8.8.8;
8.8.4.4;
}
services {
ssh;
web-management {
http;
}
dhcp {
pool 192.168.30.0/24 {
address-range low 192.168.30.100 high 192.168.30.200;
router {
192.168.30.1;
}
propagate-settings vlan.100;
}
}
ntp {
server 129.250.35.250;
}
}
chassis {
cluster {
reth-count 3;
redundancy-group 0 {
node 0 priority 200;
node 1 priority 1;
}
redundancy-group 1 {
node 0 priority 200;
node 1 priority 1;
interface-monitor {
ge-0/0/14 weight 255;
ge-5/0/14 weight 255;
ge-0/0/15 weight 255;
ge-5/0/15 weight 255;
}
}
redundancy-group 2 {
node 0 priority 254;
node 1 priority 1;
}
}
}
interfaces {
traceoptions {
file interface-debug;
flag all;
}
ge-0/0/11 {
unit 0 {
encapsulation ppp-over-ether;
}
}
ge-0/0/13 {
gigether-options {
redundant-parent reth2;
}
}
ge-0/0/14 {
gigether-options {
redundant-parent reth0;
}
}
ge-0/0/15 {
gigether-options {
redundant-parent reth1;
}
}
ge-5/0/13 {
gigether-options {
redundant-parent reth2;
}
}
ge-5/0/14 {
gigether-options {
redundant-parent reth0;
}
}
ge-5/0/15 {
gigether-options {
redundant-parent reth1;
}
}
fab0 {
fabric-options {
member-interfaces {
ge-0/0/2;
}
}
}
fab1 {
fabric-options {
member-interfaces {
ge-5/0/2;
}
}
}
pp0 {
unit 0 {
ppp-options {
pap {
local-name "";
local-password "";
passive;
}
lcp-max-conf-req 0;
}
pppoe-options {
underlying-interface ge-0/0/11.0;
idle-timeout 0;
auto-reconnect 10;
client;
}
family inet {
mtu 1492;
negotiate-address;
}
}
}
reth0 {
vlan-tagging;
redundant-ether-options {
redundancy-group 1;
}
unit 100 {
vlan-id 100;
family inet {
address 192.168.30.1/24;
}
}
}
reth1 {
redundant-ether-options {
redundancy-group 1;
}
unit 0 {
encapsulation ppp-over-ether;
}
}
reth2 {
vlan-tagging;
redundant-ether-options {
redundancy-group 2;
}
unit 100 {
vlan-id 100;
family inet {
address 192.168.30.1/24;
}
}
}
}
routing-options {
static {
route 0.0.0.0/0 next-hop pp0.0;
}
}
class-of-service {
host-outbound-traffic {
ieee-802.1 {
default be;
}
}
}
security {
tcp-mss {
all-tcp {
mss 1300;
}
}
}
nat {
source {
rule-set students_srcnat {
from zone Student;
to zone untrust;
rule students_srcnat_1 {
match {
destination-address 0.0.0.0/0;
}
then {
source-nat {
interface;
}
}
}
}
rule-set staff_srcnat {
from zone Internal;
to zone untrust;
rule staff_srcnat_1 {
match {
destination-address 0.0.0.0/0;
}
then {
source-nat {
interface;
}
}
}
}
rule-set wireless_srcnat {
from zone Wireless;
to zone untrust;
rule wireless_srcnat_1 {
match {
destination-address 0.0.0.0/0;
}
then {
source-nat {
interface;
}
}
}
}
}
}
policies {
from-zone Internal to-zone untrust {
policy default-permit {
match {
source-address any;
destination-address any;
application any;
}
then {
permit;
}
}
}
from-zone Student to-zone untrust {
policy student-internet {
match {
source-address any;
destination-address any;
application any;
}
then {
permit;
}
}
}
from-zone Wireless to-zone untrust {
policy wireless-internet {
match {
source-address any;
destination-address any;
application any;
}
then {
permit;
}
}
}
from-zone Internal to-zone Internal {
policy test-1 {
match {
source-address any;
destination-address any;
application any;
}
then {
permit;
}
}
}
}
zones {
security-zone External {
interfaces {
reth1.0;
}
}
security-zone Internal {
address-book {
address NEC <IPofNEC>/32;
}
interfaces {
reth0.100 {
host-inbound-traffic {
system-services {
dhcp;
all;
}
protocols {
all;
}
}
}
}
}
security-zone untrust {
host-inbound-traffic {
system-services {
http;
ssh;
}
}
interfaces {
pp0.0;
ge-0/0/11.0;
}
}
}
}
(1 votes, average: 4.00 out of 5)
Loading...