Juniper SRX – I just want a router!

Working on the JN0-348 exam prep requires a router or two for BGP, IS-IS and other stuff that is not supported on an EX switch. Step forward the SRX 320 firewall which does all the good stuff and has a firewall built in as well! The one issue is that for study purposes the firewall just gets in the way so this posts the instructions to convert the system into as close to a router as possible. I also use some SRX110 appliances but they don’t have the required software revision on them for the current exam, but its not far off. The config is slightly different on the SRX110 as the interfaces are 100mbps.

Stage 1 – Bin the security settings

root# delete security

Stage 2 – Remove DHCP

root# delete system services dhcp-local-server
root# delete access 

Stage 3 – Remove the Autoinstallation

root# delete system autoinstallation

Stage 4 – Sort out the VLANs

root# delete vlans vlan-trust
root# delete interfaces ge-0/0/1.0 family ethernet-switching vlan members vlan-trust 
root# delete interfaces ge-0/0/2.0 family ethernet-switching vlan members vlan-trust 
root# delete interfaces ge-0/0/3.0 family ethernet-switching vlan members vlan-trust 
root# delete interfaces ge-0/0/4.0 family ethernet-switching vlan members vlan-trust 
root# delete interfaces ge-0/0/5.0 family ethernet-switching vlan members vlan-trust 
root# delete interfaces ge-0/0/6.0 family ethernet-switching vlan members vlan-trust 
root# set vlans default vlan-id 1 l3-interface irb.0
root# set interfaces ge-0/0/1.0 family ethernet-switching vlan members default
root# set interfaces ge-0/0/2.0 family ethernet-switching vlan members default
root# set interfaces ge-0/0/3.0 family ethernet-switching vlan members default
root# et interfaces ge-0/0/4.0 family ethernet-switching vlan members default
root# set interfaces ge-0/0/5.0 family ethernet-switching vlan members default
root# set interfaces ge-0/0/6.0 family ethernet-switching vlan members default

Stage 5 – Remove the inspection engine from the packet path

root# set security forwarding-options family inet6 mode packet-based
root# set security forwarding-options family mpls mode packet-based
root# set security forwarding-options family iso mode packet-based

Stage 6 – Reboot

Everybody loves a reboot.

So here it is in a single copy passable block:

delete security
delete system services dhcp-local-server
delete access
delete system autoinstallation
delete interfaces ge-0/0/1.0 family ethernet-switching vlan members vlan-trust 
delete interfaces ge-0/0/2.0 family ethernet-switching vlan members vlan-trust 
delete interfaces ge-0/0/3.0 family ethernet-switching vlan members vlan-trust 
delete interfaces ge-0/0/4.0 family ethernet-switching vlan members vlan-trust 
delete interfaces ge-0/0/5.0 family ethernet-switching vlan members vlan-trust 
delete interfaces ge-0/0/6.0 family ethernet-switching vlan members vlan-trust 
delete vlans vlan-trust
set vlans default vlan-id 1 l3-interface irb.0
set interfaces ge-0/0/1.0 family ethernet-switching vlan members default
set interfaces ge-0/0/2.0 family ethernet-switching vlan members default
set interfaces ge-0/0/3.0 family ethernet-switching vlan members default
set interfaces ge-0/0/4.0 family ethernet-switching vlan members default
set interfaces ge-0/0/5.0 family ethernet-switching vlan members default
set interfaces ge-0/0/6.0 family ethernet-switching vlan members default
set security forwarding-options family inet6 mode packet-based
set security forwarding-options family mpls mode packet-based
set security forwarding-options family iso mode packet-based
This entry was posted in Juniper and tagged , , , . Bookmark the permalink.