show | no-more ## Last changed: 2012-05-07 14:17:39 UTC version 10.4R6.5; system { root-authentication { encrypted-password "$1$bcoITOqn$pwEBjV.37RtzvqJVhn38J0"; ## SECRET-DATA } name-server { 208.67.222.222; 208.67.220.220; } login { user admin { uid 2000; class super-user; authentication { encrypted-password "$1$eByVqq1E$2ARxVVRUGVFLbh3.lHnyO."; ## SECR ET-DATA } } user lab { uid 2002; class super-user; authentication { encrypted-password "$1$xL34HJK9$sHMptUWIfJE6IoxhdZLgs."; ## SECR ET-DATA } } user lanzailan { uid 2003; class super-user; authentication { encrypted-password "$1$R4aW7wd6$lR7LtRqtVPQahiaKX0kZQ/"; ## SECR ET-DATA } } } services { ssh; telnet; xnm-clear-text; web-management { http { interface vlan.0; } https { system-generated-certificate; interface vlan.0; } } inactive: dhcp { router { 192.168.71.1; } pool 192.168.71.0/24 { address-range low 192.168.71.2 high 192.168.71.254; } propagate-settings ge-0/0/0.0; } } syslog { archive size 100k files 3; user * { any emergency; } file messages { any critical; authorization info; } file interactive-commands { interactive-commands error; } } max-configurations-on-flash 5; max-configuration-rollbacks 5; license { autoupdate { url https://ae1.juniper.net/junos/key_retrieval; } } } chassis { routing-engine { usb-wwan { port 1; } } } interfaces { ge-0/0/0 { description connect-to-CX111; unit 0 { family ethernet-switching { port-mode trunk; vlan { members [ vlan300 vlan-trust ]; } native-vlan-id 3; } } } fe-0/0/2 { unit 0 { family ethernet-switching { vlan { members vlan-trust; } } } } fe-0/0/3 { unit 0 { family ethernet-switching { vlan { members vlan-trust; } } } } fe-0/0/4 { unit 0 { family ethernet-switching { vlan { members vlan-trust; } } } } fe-0/0/5 { description Internet; unit 0 { family ethernet-switching; } } fe-0/0/6 { description WLC; unit 0 { family ethernet-switching { vlan { members vlan-trust; } } } } fe-0/0/7 { unit 0 { family ethernet-switching { vlan { members vlan-trust; } } } } vlan { unit 0 { family inet { address 192.168.71.1/24; } } unit 300 { family inet { dhcp; } } } } routing-options { source-routing { ip; } static { route 0.0.0.0/0 next-hop 192.168.71.1; } } protocols { stp; } security { nat { source { rule-set trust-to-untrust { from zone trust; to zone untrust; rule source-nat-rule { match { source-address 0.0.0.0/0; } then { source-nat { interface; } } } } inactive: rule-set trust-trust { from zone trust; to zone trust; rule source-nat { match { source-address 0.0.0.0/0; } then { source-nat { interface; } } } } } } screen { ids-option untrust-screen { icmp { ping-death; } ip { source-route-option; tear-drop; } tcp { syn-flood { alarm-threshold 1024; attack-threshold 200; source-threshold 1024; destination-threshold 2048; timeout 20; } land; } } } zones { security-zone trust { host-inbound-traffic { system-services { all; } protocols { all; } } interfaces { vlan.0; } } security-zone untrust { screen untrust-screen; host-inbound-traffic { system-services { all; } protocols { all; } } interfaces { vlan.300; } } } policies { from-zone trust to-zone untrust { policy trust-to-untrust { match { source-address any; destination-address any; application any; } then { permit; } } } from-zone trust to-zone trust { policy trust-trust { match { source-address any; destination-address any; application any; } then { permit; } } } default-policy { inactive: permit-all; } } inactive: alg { dns disable; ftp disable; h323 disable; mgcp disable; msrpc disable; sunrpc disable; real disable; rsh disable; rtsp disable; sccp disable; sip disable; sql disable; talk disable; tftp disable; pptp disable; } inactive: forwarding-options { family { inet6 { mode packet-based; } iso { mode packet-based; } } } inactive: flow { allow-dns-reply; tcp-session { no-syn-check; no-syn-check-in-tunnel; no-sequence-check; } } } poe { interface ge-0/0/0 { priority high; } } vlans { vlan-trust { vlan-id 3; l3-interface vlan.0; } vlan300 { vlan-id 300; l3-interface vlan.300; } } [edit] lanzailan# show | display set | no-more set version 10.4R6.5 set system root-authentication encrypted-password "$1$bcoITOqn$pwEBjV.37RtzvqJVh n38J0" set system name-server 208.67.222.222 set system name-server 208.67.220.220 set system login user admin uid 2000 set system login user admin class super-user set system login user admin authentication encrypted-password "$1$eByVqq1E$2ARxV VRUGVFLbh3.lHnyO." set system login user lab uid 2002 set system login user lab class super-user set system login user lab authentication encrypted-password "$1$xL34HJK9$sHMptUW IfJE6IoxhdZLgs." set system login user lanzailan uid 2003 set system login user lanzailan class super-user set system login user lanzailan authentication encrypted-password "$1$R4aW7wd6$l R7LtRqtVPQahiaKX0kZQ/" set system services ssh set system services telnet set system services xnm-clear-text set system services web-management http interface vlan.0 set system services web-management https system-generated-certificate set system services web-management https interface vlan.0 set system services dhcp router 192.168.71.1 set system services dhcp pool 192.168.71.0/24 address-range low 192.168.71.2 set system services dhcp pool 192.168.71.0/24 address-range high 192.168.71.254 set system services dhcp propagate-settings ge-0/0/0.0 deactivate system services dhcp set system syslog archive size 100k set system syslog archive files 3 set system syslog user * any emergency set system syslog file messages any critical set system syslog file messages authorization info set system syslog file interactive-commands interactive-commands error set system max-configurations-on-flash 5 set system max-configuration-rollbacks 5 set system license autoupdate url https://ae1.juniper.net/junos/key_retrieval set chassis routing-engine usb-wwan port 1 set interfaces ge-0/0/0 description connect-to-CX111 set interfaces ge-0/0/0 unit 0 family ethernet-switching port-mode trunk set interfaces ge-0/0/0 unit 0 family ethernet-switching vlan members vlan300 set interfaces ge-0/0/0 unit 0 family ethernet-switching vlan members vlan-trust set interfaces ge-0/0/0 unit 0 family ethernet-switching native-vlan-id 3 set interfaces fe-0/0/2 unit 0 family ethernet-switching vlan members vlan-trust set interfaces fe-0/0/3 unit 0 family ethernet-switching vlan members vlan-trust set interfaces fe-0/0/4 unit 0 family ethernet-switching vlan members vlan-trust set interfaces fe-0/0/5 description Internet set interfaces fe-0/0/5 unit 0 family ethernet-switching set interfaces fe-0/0/6 description WLC set interfaces fe-0/0/6 unit 0 family ethernet-switching vlan members vlan-trust set interfaces fe-0/0/7 unit 0 family ethernet-switching vlan members vlan-trust set interfaces vlan unit 0 family inet address 192.168.71.1/24 set interfaces vlan unit 300 family inet dhcp set routing-options source-routing ip set routing-options static route 0.0.0.0/0 next-hop 192.168.71.1 set protocols stp set security nat source rule-set trust-to-untrust from zone trust set security nat source rule-set trust-to-untrust to zone untrust set security nat source rule-set trust-to-untrust rule source-nat-rule match sou rce-address 0.0.0.0/0 set security nat source rule-set trust-to-untrust rule source-nat-rule then sour ce-nat interface set security nat source rule-set trust-trust from zone trust set security nat source rule-set trust-trust to zone trust set security nat source rule-set trust-trust rule source-nat match source-addres s 0.0.0.0/0 set security nat source rule-set trust-trust rule source-nat then source-nat int erface deactivate security nat source rule-set trust-trust set security screen ids-option untrust-screen icmp ping-death set security screen ids-option untrust-screen ip source-route-option set security screen ids-option untrust-screen ip tear-drop set security screen ids-option untrust-screen tcp syn-flood alarm-threshold 1024 set security screen ids-option untrust-screen tcp syn-flood attack-threshold 200 set security screen ids-option untrust-screen tcp syn-flood source-threshold 102 4 set security screen ids-option untrust-screen tcp syn-flood destination-threshol d 2048 set security screen ids-option untrust-screen tcp syn-flood timeout 20 set security screen ids-option untrust-screen tcp land set security zones security-zone trust host-inbound-traffic system-services all set security zones security-zone trust host-inbound-traffic protocols all set security zones security-zone trust interfaces vlan.0 set security zones security-zone untrust screen untrust-screen set security zones security-zone untrust host-inbound-traffic system-services al l set security zones security-zone untrust host-inbound-traffic protocols all set security zones security-zone untrust interfaces vlan.300 set security policies from-zone trust to-zone untrust policy trust-to-untrust ma tch source-address any set security policies from-zone trust to-zone untrust policy trust-to-untrust ma tch destination-address any set security policies from-zone trust to-zone untrust policy trust-to-untrust ma tch application any set security policies from-zone trust to-zone untrust policy trust-to-untrust th en permit set security policies from-zone trust to-zone trust policy trust-trust match sou rce-address any set security policies from-zone trust to-zone trust policy trust-trust match des tination-address any set security policies from-zone trust to-zone trust policy trust-trust match app lication any set security policies from-zone trust to-zone trust policy trust-trust then perm it set security policies default-policy permit-all deactivate security policies default-policy set security alg dns disable set security alg ftp disable set security alg h323 disable set security alg mgcp disable set security alg msrpc disable set security alg sunrpc disable set security alg real disable set security alg rsh disable set security alg rtsp disable set security alg sccp disable set security alg sip disable set security alg sql disable set security alg talk disable set security alg tftp disable set security alg pptp disable deactivate security alg set security forwarding-options family inet6 mode packet-based set security forwarding-options family iso mode packet-based deactivate security forwarding-options set security flow allow-dns-reply set security flow tcp-session no-syn-check set security flow tcp-session no-syn-check-in-tunnel set security flow tcp-session no-sequence-check deactivate security flow set poe interface ge-0/0/0 priority high set vlans vlan-trust vlan-id 3 set vlans vlan-trust l3-interface vlan.0 set vlans vlan300 vlan-id 300 set vlans vlan300 l3-interface vlan.300 [edit] lanzailan# run show route inet.0: 5 destinations, 5 routes (5 active, 0 holddown, 0 hidden) + = Active Route, - = Last Active, * = Both 0.0.0.0/0 *[Access-internal/12] 00:00:33 > to 49.124.68.4 via vlan.300 49.124.68.4/31 *[Direct/0] 01:56:14 > via vlan.300 49.124.68.5/32 *[Local/0] 01:56:14 Local via vlan.300 192.168.71.0/24 *[Direct/0] 01:57:18 > via vlan.0 192.168.71.1/32 *[Local/0] 01:57:33 Local via vlan.0 [edit] lanzailan#