DHCP & NAT on Juniper SRX 210 for all interfaces
Assume that we need to distribute the Internet on SRX210 using DHCP, NAT services for all interfaces. Our provider issued us a public IP address (for ex. 192.168.1.1) which we gonna assign to untrust zone on ge-0/0/1 interface. Interfaces fe-0/0/2 through fe-0/0/7 we shall assign to trust zone, include them in routed vlan and configure for dhcp service. Let's see how it will be:
set system services dhcp pool 172.16.1.0/24 address-range low 172.16.1.33
set system services dhcp pool 172.16.1.0/24 address-range high 172.16.1.64
set system services dhcp pool 172.16.1.0/24 default-lease-time 3600
set system services dhcp pool 172.16.1.0/24 domain-name juniperlab.info
set system services dhcp pool 172.16.1.0/24 name-server 8.8.8.8
set system services dhcp pool 172.16.1.0/24 router 172.16.1.1
set interfaces ge-0/0/1 unit 0 family inet address 192.168.1.10/24
set interfaces fe-0/0/2 unit 0 family ethernet-switching vlan members dhcp
set interfaces fe-0/0/3 unit 0 family ethernet-switching vlan members dhcp
set interfaces fe-0/0/4 unit 0 family ethernet-switching vlan members dhcp
set interfaces fe-0/0/5 unit 0 family ethernet-switching vlan members dhcp
set interfaces fe-0/0/6 unit 0 family ethernet-switching vlan members dhcp
set interfaces fe-0/0/7 unit 0 family ethernet-switching vlan members dhcp
set interfaces vlan unit 111 family inet address 172.16.1.1/24
set routing-options static route 0.0.0.0/0 next-hop 192.168.1.1
set security nat source rule-set interface-nat from zone trust
set security nat source rule-set interface-nat to zone untrust
set security nat source rule-set interface-nat rule rule1 match source-address 0.0.0.0/0
set security nat source rule-set interface-nat rule rule1 match destination-address 0.0.0.0/0
set security nat source rule-set interface-nat rule rule1 then source-nat interface
set security zones security-zone trust host-inbound-traffic system-services all
set security zones security-zone trust host-inbound-traffic protocols all
set security zones security-zone trust interfaces fe-0/0/2.0 host-inbound-traffic system-services all
set security zones security-zone trust interfaces fe-0/0/2.0 host-inbound-traffic protocols all
set security zones security-zone trust interfaces fe-0/0/3.0 host-inbound-traffic system-services all
set security zones security-zone trust interfaces fe-0/0/3.0 host-inbound-traffic protocols all
set security zones security-zone trust interfaces fe-0/0/4.0 host-inbound-traffic system-services all
set security zones security-zone trust interfaces fe-0/0/4.0 host-inbound-traffic protocols all
set security zones security-zone trust interfaces fe-0/0/5.0 host-inbound-traffic protocols all
set security zones security-zone trust interfaces fe-0/0/6.0 host-inbound-traffic protocols all
set security zones security-zone trust interfaces vlan.111 host-inbound-traffic system-services all
set security zones security-zone trust interfaces vlan.111 host-inbound-traffic protocols all
set security zones security-zone untrust host-inbound-traffic system-services all
set security zones security-zone untrust host-inbound-traffic protocols all
set security zones security-zone untrust interfaces ge-0/0/1.0 host-inbound-traffic system-services all
set security zones security-zone untrust interfaces ge-0/0/1.0 host-inbound-traffic protocols all
set security policies from-zone trust to-zone untrust policy trust-to-untrust match source-address any
set security policies from-zone trust to-zone untrust policy trust-to-untrust match destination-address any
set security policies from-zone trust to-zone untrust policy trust-to-untrust match application any
set security policies from-zone trust to-zone untrust policy trust-to-untrust then permit
set security policies from-zone untrust to-zone trust policy untrust-to-trust match source-address any
set security policies from-zone untrust to-zone trust policy untrust-to-trust match destination-address any
set security policies from-zone untrust to-zone trust policy untrust-to-trust match application any
set security policies from-zone untrust to-zone trust policy untrust-to-trust then permit
set security policies from-zone trust to-zone trust policy trust-to-trust match source-address any
set security policies from-zone trust to-zone trust policy trust-to-trust match destination-address any
set security policies from-zone trust to-zone trust policy trust-to-trust match application any
set security policies from-zone trust to-zone trust policy trust-to-trust then permit
set security policies default-policy permit-all
set vlans dhcp vlan-id 111
set vlans dhcp l3-interface vlan.111
set system services dhcp pool 172.16.1.0/24 address-range low 172.16.1.33
set system services dhcp pool 172.16.1.0/24 address-range high 172.16.1.64
set system services dhcp pool 172.16.1.0/24 default-lease-time 3600
set system services dhcp pool 172.16.1.0/24 domain-name juniperlab.info
set system services dhcp pool 172.16.1.0/24 name-server 8.8.8.8
set system services dhcp pool 172.16.1.0/24 router 172.16.1.1
set interfaces ge-0/0/1 unit 0 family inet address 192.168.1.10/24
set interfaces fe-0/0/2 unit 0 family ethernet-switching vlan members dhcp
set interfaces fe-0/0/3 unit 0 family ethernet-switching vlan members dhcp
set interfaces fe-0/0/4 unit 0 family ethernet-switching vlan members dhcp
set interfaces fe-0/0/5 unit 0 family ethernet-switching vlan members dhcp
set interfaces fe-0/0/6 unit 0 family ethernet-switching vlan members dhcp
set interfaces fe-0/0/7 unit 0 family ethernet-switching vlan members dhcp
set interfaces vlan unit 111 family inet address 172.16.1.1/24
set routing-options static route 0.0.0.0/0 next-hop 192.168.1.1
set security nat source rule-set interface-nat from zone trust
set security nat source rule-set interface-nat to zone untrust
set security nat source rule-set interface-nat rule rule1 match source-address 0.0.0.0/0
set security nat source rule-set interface-nat rule rule1 match destination-address 0.0.0.0/0
set security nat source rule-set interface-nat rule rule1 then source-nat interface
set security zones security-zone trust host-inbound-traffic system-services all
set security zones security-zone trust host-inbound-traffic protocols all
set security zones security-zone trust interfaces fe-0/0/2.0 host-inbound-traffic system-services all
set security zones security-zone trust interfaces fe-0/0/2.0 host-inbound-traffic protocols all
set security zones security-zone trust interfaces fe-0/0/3.0 host-inbound-traffic system-services all
set security zones security-zone trust interfaces fe-0/0/3.0 host-inbound-traffic protocols all
set security zones security-zone trust interfaces fe-0/0/4.0 host-inbound-traffic system-services all
set security zones security-zone trust interfaces fe-0/0/4.0 host-inbound-traffic protocols all
set security zones security-zone trust interfaces fe-0/0/5.0 host-inbound-traffic protocols all
set security zones security-zone trust interfaces fe-0/0/6.0 host-inbound-traffic protocols all
set security zones security-zone trust interfaces vlan.111 host-inbound-traffic system-services all
set security zones security-zone trust interfaces vlan.111 host-inbound-traffic protocols all
set security zones security-zone untrust host-inbound-traffic system-services all
set security zones security-zone untrust host-inbound-traffic protocols all
set security zones security-zone untrust interfaces ge-0/0/1.0 host-inbound-traffic system-services all
set security zones security-zone untrust interfaces ge-0/0/1.0 host-inbound-traffic protocols all
set security policies from-zone trust to-zone untrust policy trust-to-untrust match source-address any
set security policies from-zone trust to-zone untrust policy trust-to-untrust match destination-address any
set security policies from-zone trust to-zone untrust policy trust-to-untrust match application any
set security policies from-zone trust to-zone untrust policy trust-to-untrust then permit
set security policies from-zone untrust to-zone trust policy untrust-to-trust match source-address any
set security policies from-zone untrust to-zone trust policy untrust-to-trust match destination-address any
set security policies from-zone untrust to-zone trust policy untrust-to-trust match application any
set security policies from-zone untrust to-zone trust policy untrust-to-trust then permit
set security policies from-zone trust to-zone trust policy trust-to-trust match source-address any
set security policies from-zone trust to-zone trust policy trust-to-trust match destination-address any
set security policies from-zone trust to-zone trust policy trust-to-trust match application any
set security policies from-zone trust to-zone trust policy trust-to-trust then permit
set security policies default-policy permit-all
set vlans dhcp vlan-id 111
set vlans dhcp l3-interface vlan.111
Comments