Junos OS

last person joined: 2 days ago 

Ask questions and share experiences about Junos OS.

  • 1.  Using a J-Series "only" as a router

    Posted 08-17-2009 14:04

    Hi,

     

    I'm learning JunOS at a rate of knots but I'm struggling with something basic.  I want to put a J-Series in as a high-performance stateless router, I don't need any firewalling functions, I just need it shuffle data as fast as it can; I understand that in 9.4 their ceased to be a "non-ES" version of the software as security zones essentially became "mandatory"; my question is how do I disable this functionality?

     

    It seems that this command did exist, but is now longer in the documentation:

     

    "set security forwarding-options family inet mode packet-based"

     

    Session based forwarding really is unecessary for me in the context of this environment (router is on a pair of stub networks between two firewalls!) and I really don't need the additonal headache of more policy managment.

     

    Any advice as to whether this is possible or I've missed something fundmental.

     

    Currently running 9.6 (I don't think I'll be able to get to this router to upgrade it for a while!)

     

    Thanks in advance!



  • 2.  RE: Using a J-Series "only" as a router
    Best Answer

    Posted 08-17-2009 14:47

    if you delete the security hierarchy out and then do

     

    set security forwarding-options family mpls mode packet-based

     

    that will put it into router only mode

     

    works on the SRX as well



  • 3.  RE: Using a J-Series "only" as a router

    Posted 08-17-2009 15:58

    From what I understand here is what you do to go from the security context to the router context:

     

    • Backup your system config
    • At the top of the JUNOS config tree
    • load override /etc/config/jsr-series-routermode-factory.conf
    • set system root-authentication plain-text-password
    • delete system autoinstallation
    • set interfaces ge-0/0/0 unit 0 family inet address w.x.y.z/subnet
    •  Additional configuration
    • commit


    Assuming of course the ge-0/0/0 is the interface that you want to set and that 'w.x.y.z/subnet' represents your management interface and subnet mask.

     

    Going from router context to security context:

     

    • Backup your router config
    • load factory-default
    • set system root-authentication plain-text-password
    • delete system autoinstallation
    • set interfaces ge-0/0/0 unit 0 family inet address w.x.y.z/subnet
    • Perform additional configuration
    • commit

     

     

     



  • 4.  RE: Using a J-Series "only" as a router

    Posted 08-18-2009 13:22

    Hi,

     

    thanks chaps; I ended up using both of those methods in the end as I was running into a problem with route re-distrubtion and I thought it might be related; turns out both methods work.

     

    Thanks again

     

    Kendal

     



  • 5.  RE: Using a J-Series "only" as a router

    Posted 07-26-2012 06:53

    @

     

    Thank you. although it is an old post, you have just saved me after an hours search



  • 6.  RE: Using a J-Series "only" as a router

    Posted 08-20-2009 02:21

    I normally do:

     

    load override /etc/config/jsr-series-routermode-factory.conf

     

    then apply may changes and commit

     

    in the /etc/config/  there are lots of different default configs.

     

     



  • 7.  RE: Using a J-Series "only" as a router

    Posted 09-08-2010 23:50

    Hi all,

     

    Can anyone confirm that NAT still works when jseries is in router mode ?