Eventually, there will be a CCNA voice rack added as well. I've now worked with Cisco, Juniper, Alcatel, Marconi, Nortel, and Adva routing and switching gear, and the Adva stuff seems to be more like Nortel used to be, if anything, over-engineered.Īfter getting a good deal on some routers/switches, I'm going to add back, for now, one relatively basic CCNA rack, with plans to eventually add another two, for a total of three basic CCNA racks(3 x 2950 switches, 3 x 1721 routers running 12.3 IOS) for free, and then the fee-based CCNA/CCNP R&S(security) rack which should have an ASA5505 added in about a week, and the CCNP R&S rack. Probably comparing apples and oranges, but just an observation. The Adva, made in Germany, is on a much higher plane of quality than the other two. I'll say one thing, physically, everything about a Juniper or an Adva device appears to be of higher quality than on any Cisco device I've had. I can already tell that the Adva SFP's are not going to be the killer, but it's going to be the Juniper SFP's on whatever EX switch I end up getting that is going to break the bank. There's not a lot of info on the ADVA site, and my login credentials to the Adva customer portal is at work. I haven't begun to sort out the Cyclades yet, which is linux based, and the Adva came with a DC power supply, so I'll have to wait for the AC P/S I ordered today to come, assuming it was the right one. The Cyclades Term server and the Adva Carrier ethernet switch came in today as well. The rack is definitely looking more interesting, if not more useful. Set security screen ids-option untrust-screen tcp land Set security screen ids-option untrust-screen tcp syn-flood timeout 20 Set security screen ids-option untrust-screen tcp syn-flood destination-threshold 2048 Set security screen ids-option untrust-screen tcp syn-flood source-threshold 1024 Set security screen ids-option untrust-screen tcp syn-flood attack-threshold 200 Set security screen ids-option untrust-screen tcp syn-flood alarm-threshold 1024 Set security screen ids-option untrust-screen ip tear-drop Set security screen ids-option untrust-screen ip source-route-option Set security screen ids-option untrust-screen icmp ping-death Set system syslog file interactive-commands interactive-commands error Set system syslog file messages authorization info Set system syslog file messages any critical Set system services web-management https system-generated-certificate Set system root-authentication encrypted-password "$1$sF9Tjm/m$zu6xvdjAUIqeeHSP69Vfm0" Root# run show configuration | display set Remove Default Security delete security zones security-zone delete security zones security-zone trust Remove Existing Name Servers and add Google delete system name-server delete system name-server set system name-server set system name-server delete system services dhcp Remove Screening on Untrust delete security zones security-zone untrust screen Remove NAT delete security nat source rule-set trust-to-untrust Remove Default Web delete system services web-management http interface delete system services web-management https interface vlan.0 Remove Default delete security policies from-zone trust to-zone untrust Remove the Zone Interfaces and delete security zones security-zone trust delete security zones security-zone trust interfaces vlan.0 Remove the fe0/0/0.0 interface from Security delete security zones security-zone untrust interfaces fe-0/0/0.0 "Repeat for interfaces range delete interfaces vlan unit 0 family inet address delete interfaces vlan unit 0 family inet Remove the interface Ethernet delete interfaces fe-0/0/1 unit 0 family ethernet-switching Personally I prefer to work from a blank canvas, so the following commands removes all Juniper applied config, adds a few tweaks and gives us a starting point to build up our configurations. When either taking an SRX out of the box or entering the following commands, you will get the Juniper default load set system root-authentication commit request system reboot For the purpose of this blog I will be configuring an SRX100.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |