Juniper Labs Routing full configuration
ACX1100 Configuration Reference
Provided for reference from the ACX1100 perspective. For full details and step-by-step guidance, please follow the dedicated routing labs.
Please check here for routing topology.
1. Full Hierarchical Configuration
## Last commit: 2023-06-01 00:51:51 UTC by root
version 21.2R3.8;
system {
host-name acx1100;
root-authentication {
encrypted-password "$6$Me.8rVDl$EF9PcbjYNNuRCuN5NejjRizhrBup688f5DY3A6yUgGujNDniHIYKjekVwxkmZ4LY34fT0FqqlhhKwh7R6XPeK0"; ## SECRET-DATA
}
login {
class lr1 { logical-system lr1; permissions all; }
class lr2 { logical-system lr2; permissions all; }
class lr3 { logical-system lr3; permissions all; }
class lrc { logical-system lrc; permissions all; }
user lr1 { uid 2006; class lr1;
authentication {
encrypted-password "$6$X8FfXB.u$ygojhfj.X6pEjOzQJ4.WVg9PckYHQrREUqyxDvrXrFbpSSVsp0dDgk4bjGG8UCJkLyDUPqChpMvE.V8hkkF4X1"; ## SECRET-DATA
}
}
user lr2 { uid 2011; class lr2;
authentication {
encrypted-password "$6$xBWmGCiz$UKy0NMZxOAoedM1V9Hw1G88zhE4QGLfB1KLkOOnZxsZqRAXqsxoX5bxh//N1eKHdF2LAyN9NxyDTLWJs6CGCC."; ## SECRET-DATA
}
}
user lr3 { uid 2012; class lr3;
authentication {
encrypted-password "$6$Ek5ihlUw$BSs4L9b8ymDjSLdMEMEiPJTcu0K5IEB1mJvHBATayaKSnVgQZ0K0NkcX3jfuths4J8tNtTjDTf7.vJu/zpPPP/"; ## SECRET-DATA
}
}
user lrc { uid 2013; class lrc;
authentication {
encrypted-password "$6$InAquAUa$UxnSAT9c1G476uTROWHZH25vz9yuqvFoSAvWKkOPVWZhzOf/o5uCR2uY4mWex3CKQbxwYRbpzkHBEq6L4mk8y."; ## SECRET-DATA
}
}
}
services {
ssh { root-login allow; }
netconf { ssh; }
}
domain-name lab.ls;
name-server { 8.8.8.8; 8.8.4.4; }
syslog {
user * { any emergency; }
file interactive-commands { interactive-commands any; }
file messages { any error; authorization info; }
}
}
logical-systems {
lr1 {
interfaces {
ge-0/0/1 { unit 0 { description lrc-ge-0/0/5; family inet { address 10.0.1.1/30; } } }
lo0 { unit 1 { family inet { address 100.1.1.1/32; } } }
}
protocols { bgp { local-as 65501;
group iBGP-peers { type internal; export ibgp-export; neighbor 10.0.1.2; }
} }
policy-options {
prefix-list ibgp-export { 100.1.1.1/32; }
policy-statement ibgp-export {
term export-lo { from prefix-list ibgp-export; then accept; }
}
}
}
lr2 {
interfaces {
ge-0/0/2 { unit 0 { description lrc-ge-0/0/6; family inet { address 10.0.2.1/30; } } }
lo0 { unit 2 { family inet { address 100.2.2.2/32; } } }
}
protocols { bgp { local-as 65501;
group iBGP-peers { type internal; export ibgp-export; neighbor 10.0.2.2; }
} }
policy-options {
prefix-list ibgp-export { 100.2.2.2/32; }
policy-statement ibgp-export {
term export-lo { from prefix-list ibgp-export; then accept; }
}
}
}
lr3 {
interfaces {
ge-0/0/3 { unit 0 { description lrc-ge-0/0/7; family inet { address 10.0.3.1/30; } } }
ge-0/0/4 {
unit 0 { description lrc-arm64-frr-dhcp;
family inet { address 10.0.4.1/30; }
family iso;
}
}
lo0 {
unit 3 { family inet { address 100.3.3.3/32; }
family iso { address 49.0002.0010.0004.0001.00; }
}
}
}
protocols {
bgp {
local-as 65502;
group eBGP-peers { type external; export eBGP-export; neighbor 10.0.3.2 { peer-as 65501; } }
}
isis {
interface ge-0/0/4.0;
interface lo0.3 { passive; }
export isis-export;
}
}
policy-options {
prefix-list eBGP-export { 100.3.3.3/32; }
policy-statement eBGP-export {
term export-lo { from prefix-list eBGP-export; then accept; }
term from-isis { from protocol isis; then accept; }
term from-direct {
from { protocol direct; route-filter 10.0.4.0/30 exact; }
then accept;
}
}
policy-statement isis-export {
term from-bgp { from protocol bgp; then accept; }
}
}
routing-options {
static { route 0.0.0.0/0 next-hop 10.0.3.2; }
}
system {
services {
dhcp-local-server { group dhcp { interface ge-0/0/4.0; } }
}
}
access {
address-assignment {
pool dhcp {
family inet {
network 10.0.4.0/30;
range dhcp { low 10.0.4.2; high 10.0.4.2; }
dhcp-attributes {
name-server { 8.8.8.8; 8.8.4.4; }
router 10.0.4.1;
}
}
}
}
}
}
lrc { … }
}
chassis {
fpc 0 { pic 0 { inline-services bandwidth 10g; } service-package bundle-nat-ipsec; }
}
services {
service-set nat-ls { nat-rules nat-ls; interface-service { service-interface si-0/0/0; } }
nat {
pool ls_wan { address-range low 172.20.13.200 high 172.20.13.205;
port { range low 64000 high 65000; }
}
rule nat-ls {
match-direction input;
term lr_wan {
from source-address { 10.0.0.2/32; 10.0.1.1/32; 10.0.2.1/32; 10.0.3.1/32; }
then translated { source-pool ls_wan; translation-type napt-44; }
}
term arm64_wan {
from source-address 10.0.4.2/32;
then translated { source-pool ls_wan; translation-type napt-44; }
}
}
}
}
interfaces { … }
policy-options { … }
firewall { … }
routing-options {
static { route 0.0.0.0/0 next-hop 172.20.13.254; }
}
protocols {
ospf {
area 0.0.0.0 {
interface ge-0/1/0.0;
interface lo0.0 { passive; }
}
export ospf-export;
}
}
2. Set-Style Configuration
root@acx1100> show configuration | display set | no-more
set version 21.2R3.8
set system host-name acx1100
set system root-authentication encrypted-password "$6$Me.8rVDl$EF9PcbjYNNuRCuN5NejjRizhrBup688f5DY3A6yUgGujNDniHIYKjekVwxkmZ4LY34fT0FqqlhhKwh7R6XPeK0"
set system login class lr1 logical-system lr1
set system login class lr1 permissions all
set system login class lr2 logical-system lr2
set system login class lr2 permissions all
set system login class lr3 logical-system lr3
set system login class lr3 permissions all
set system login class lrc logical-system lrc
set system login class lrc permissions all
set system login user lr1 uid 2006
set system login user lr1 class lr1
set system login user lr1 authentication encrypted-password "$6$X8FfXB.u$ygojhfj.X6pEjOzQJ4.WVg9PckYHQrREUqyxDvrXrFbpSSVsp0dDgk4bjGG8UCJkLyDUPqChpMvE.V8hkkF4X1"
set system login user lr2 uid 2011
set system login user lr2 class lr2
set system login user lr2 authentication encrypted-password "$6$xBWmGCiz$UKy0NMZxOAoedM1V9Hw1G88zhE4QGLfB1KLkOOnZxsZqRAXqsxoX5bxh//N1eKHdF2LAyN9NxyDTLWJs6CGCC."
set system login user lr3 uid 2012
set system login user lr3 class lr3
set system login user lr3 authentication encrypted-password "$6$Ek5ihlUw$BSs4L9b8ymDjSLdMEMEiPJTcu0K5IEB1mJvHBATayaKSnVgQZ0K0NkcX3jfuths4J8tNtTjDTf7.vJu/zpPPP/"
set system login user lrc uid 2013
set system login user lrc class lrc
set system login user lrc authentication encrypted-password "$6$InAquAUa$UxnSAT9c1G476uTROWHZH25vz9yuqvFoSAvWKkOPVWZhzOf/o5uCR2uY4mWex3CKQbxwYRbpzkHBEq6L4mk8y."
set system services ssh root-login allow
set system services netconf ssh
set system domain-name lab.ls
set system name-server 8.8.8.8
set system name-server 8.8.4.4
set system syslog user * any emergency
set system syslog file interactive-commands interactive-commands any
set system syslog file messages any error
set system syslog file messages authorization info
set logical-systems lr1 interfaces ge-0/0/1 unit 0 description lrc-ge-0/0/5
set logical-systems lr1 interfaces ge-0/0/1 unit 0 family inet address 10.0.1.1/30
set logical-systems lr1 interfaces lo0 unit 1 family inet address 100.1.1.1/32
set logical-systems lr1 protocols bgp group iBGP-peers type internal
set logical-systems lr1 protocols bgp group iBGP-peers export ibgp-export
set logical-systems lr1 protocols bgp group iBGP-peers neighbor 10.0.1.2
set logical-systems lr1 protocols bgp local-as 65501
set logical-systems lr1 policy-options prefix-list ibgp-export 100.1.1.1/32
set logical-systems lr1 policy-options policy-statement ibgp-export term export-lo from prefix-list ibgp-export
set logical-systems lr1 policy-options policy-statement ibgp-export term export-lo then accept
set logical-systems lr2 interfaces ge-0/0/2 unit 0 description lrc-ge-0/0/6
set logical-systems lr2 interfaces ge-0/0/2 unit 0 family inet address 10.0.2.1/30
set logical-systems lr2 interfaces lo0 unit 2 family inet address 100.2.2.2/32
set logical-systems lr2 protocols bgp group iBGP-peers type internal
set logical-systems lr2 protocols bgp group iBGP-peers export ibgp-export
set logical-systems lr2 protocols bgp group iBGP-peers neighbor 10.0.2.2
set logical-systems lr2 protocols bgp local-as 65501
set logical-systems lr2 policy-options prefix-list ibgp-export 100.2.2.2/32
set logical-systems lr2 policy-options policy-statement ibgp-export term export-lo from prefix-list ibgp-export
set logical-systems lr2 policy-options policy-statement ibgp-export term export-lo then accept
set logical-systems lr3 interfaces ge-0/0/3 unit 0 description lrc-ge-0/0/7
set logical-systems lr3 interfaces ge-0/0/3 unit 0 family inet address 10.0.3.1/30
set logical-systems lr3 interfaces ge-0/0/4 unit 0 description lrc-arm64-frr-dhcp
set logical-systems lr3 interfaces ge-0/0/4 unit 0 family inet address 10.0.4.1/30
set logical-systems lr3 interfaces ge-0/0/4 unit 0 family iso
set logical-systems lr3 interfaces lo0 unit 3 family inet address 100.3.3.3/32
set logical-systems lr3 interfaces lo0 unit 3 family iso address 49.0002.0010.0004.0001.00
set logical-systems lr3 protocols bgp group eBGP-peers type external
set logical-systems lr3 protocols bgp group eBGP-peers export eBGP-export
set logical-systems lr3 protocols bgp group eBGP-peers neighbor 10.0.3.2 peer-as 65501
set logical-systems lr3 protocols bgp local-as 65502
set logical-systems lr3 protocols isis interface ge-0/0/4.0
set logical-systems lr3 protocols isis interface lo0.3 passive
set logical-systems lr3 protocols isis export isis-export
set logical-systems lr3 policy-options prefix-list eBGP-export 100.3.3.3/32
set logical-systems lr3 policy-options policy-statement eBGP-export term export-lo from prefix-list eBGP-export
set logical-systems lr3 policy-options policy-statement eBGP-export term export-lo then accept
set logical-systems lr3 policy-options policy-statement eBGP-export term from-isis from protocol isis
set logical-systems lr3 policy-options policy-statement eBGP-export term from-isis then accept
set logical-systems lr3 policy-options policy-statement eBGP-export term from-direct from protocol direct
set logical-systems lr3 policy-options policy-statement eBGP-export term from-direct from route-filter 10.0.4.0/30 exact
set logical-systems lr3 policy-options policy-statement eBGP-export term from-direct then accept
set logical-systems lr3 policy-options policy-statement isis-export term from-bgp from protocol bgp
set logical-systems lr3 policy-options policy-statement isis-export term from-bgp then accept
set logical-systems lr3 routing-options static route 0.0.0.0/0 next-hop 10.0.3.2
set logical-systems lr3 system services dhcp-local-server group dhcp interface ge-0/0/4.0
set logical-systems lr3 access address-assignment pool dhcp family inet network 10.0.4.0/30
set logical-systems lr3 access address-assignment pool dhcp family inet range dhcp low 10.0.4.2
set logical-systems lr3 access address-assignment pool dhcp family inet range dhcp high 10.0.4.2
set logical-systems lr3 access address-assignment pool dhcp family inet dhcp-attributes name-server 8.8.8.8
set logical-systems lr3 access address-assignment pool dhcp family inet dhcp-attributes name-server 8.8.4.4
set logical-systems lr3 access address-assignment pool dhcp family inet dhcp-attributes router 10.0.4.1
set logical-systems lrc interfaces ge-0/0/5 unit 0 description lr1-ge-0/0/1
set logical-systems lrc interfaces ge-0/0/5 unit 0 family inet address 10.0.1.2/30
set logical-systems lrc interfaces ge-0/0/6 unit 0 description lr2-ge-0/0/2
set logical-systems lrc interfaces ge-0/0/6 unit 0 family inet address 10.0.2.2/30
set logical-systems lrc interfaces ge-0/0/7 unit 0 description lr3-ge-0/0/3
set logical-systems lrc interfaces ge-0/0/7 unit 0 family inet address 10.0.3.2/30
set logical-systems lrc interfaces ge-0/1/1 unit 0 description acx-ge-0/1/0
set logical-systems lrc interfaces ge-0/1/1 unit 0 family inet address 10.0.0.2/30
set logical-systems lrc interfaces lo0 unit 123 family inet address 100.1.2.3/32
set logical-systems lrc protocols bgp group iBGP-peers type internal
set logical-systems lrc protocols bgp group iBGP-peers export ibgp-export
set logical-systems lrc protocols bgp group iBGP-peers cluster 100.1.2.3
set logical-systems lrc protocols bgp group iBGP-peers neighbor 10.0.1.1
set logical-systems lrc protocols bgp group iBGP-peers neighbor 10.0.2.1
set logical-systems lrc protocols bgp group eBGP-peers type external
set logical-systems lrc protocols bgp group eBGP-peers export ebgp-export
set logical-systems lrc protocols bgp group eBGP-peers neighbor 10.0.3.1 peer-as 65502
set logical-systems lrc protocols bgp local-as 65501
set logical-systems lrc protocols ospf area 0.0.0.0 interface ge-0/1/1.0
set logical-systems lrc protocols ospf area 0.0.0.0 interface lo0.123
set logical-systems lrc protocols ospf export ospf-export
set logical-systems lrc policy-options prefix-list ibgp-export 10.0.0.0/30
set logical-systems lrc policy-options prefix-list ibgp-export 10.0.1.0/30
set logical-systems lrc policy-options prefix-list ibgp-export 10.0.2.0/30
set logical-systems lrc policy-options prefix-list ibgp-export 100.1.2.3/32
set logical-systems lrc policy-options policy-statement ebgp-export term from-direct from protocol direct
set logical-systems lrc policy-options policy-statement ebgp-export term from-direct from route-filter 100.1.2.3/32 exact
set logical-systems lrc policy-options policy-statement ebgp-export term from-direct then accept
set logical-systems lrc policy-options policy-statement ebgp-export term aggregate from protocol aggregate
set logical-systems lrc policy-options policy-statement ebgp-export term aggregate then accept
set logical-systems lrc policy-options policy-statement ibgp-export term export-lo from prefix-list ibgp-export
set logical-systems lrc policy-options policy-statement ibgp-export term export-lo then accept
set logical-systems lrc policy-options policy-statement ibgp-export term from-ospf from protocol ospf
set logical-systems lrc policy-options policy-statement ibgp-export term from-ospf then accept
set logical-systems lrc policy-options policy-statement ibgp-export term nexthop from protocol bgp
set logical-systems lrc policy-options policy-statement ibgp-export term nexthop from route-type external
set logical-systems lrc policy-options policy-statement ibgp-export term nexthop then next-hop self
set logical-systems lrc policy-options policy-statement ospf-export term from-bgp from protocol bgp
set logical-systems lrc policy-options policy-statement ospf-export term from-bgp then accept
set logical-systems lrc policy-options policy-statement ospf-export term from-direct from protocol direct
set logical-systems lrc policy-options policy-statement ospf-export term from-direct from route-filter 10.0.1.0/30 exact
set logical-systems lrc policy-options policy-statement ospf-export term from-direct from route-filter 10.0.2.0/30 exact
set logical-systems lrc policy-options policy-statement ospf-export term from-direct from route-filter 10.0.3.0/30 exact
set logical-systems lrc policy-options policy-statement ospf-export term from-direct then accept
set logical-systems lrc routing-options aggregate route 10.0.0.0/22
set chassis fpc 0 pic 0 inline-services bandwidth 10g
set chassis fpc 0 service-package bundle-nat-ipsec
set services service-set nat-ls nat-rules nat-ls
set services service-set nat-ls interface-service service-interface si-0/0/0
set services nat pool ls_wan address-range low 172.20.13.200 high 172.20.13.205
set services nat pool ls_wan port range low 64000
set services nat pool ls_wan port range high 65000
set services nat rule nat-ls match-direction input
set services nat rule nat-ls term lr_wan from source-address 10.0.0.2/32
set services nat rule nat-ls term lr_wan from source-address 10.0.1.1/32
set services nat rule nat-ls term lr_wan from source-address 10.0.2.1/32
set services nat rule nat-ls term lr_wan from source-address 10.0.3.1/32
set services nat rule nat-ls term lr_wan then translated source-pool ls_wan
set services nat rule nat-ls term lr_wan then translated translation-type napt-44
set services nat rule nat-ls term arm64_wan from source-address 10.0.4.2/32
set services nat rule nat-ls term arm64_wan then translated source-pool ls_wan
set services nat rule nat-ls term arm64_wan then translated translation-type napt-44
set interfaces ge-0/0/0 flexible-vlan-tagging
set interfaces ge-0/0/0 unit 13 description WAN
set interfaces ge-0/0/0 unit 13 vlan-id 13
set interfaces ge-0/0/0 unit 13 family inet address 172.20.13.1/24
set interfaces si-0/0/0 unit 0 family inet
set interfaces ge-0/1/0 media-type copper
set interfaces ge-0/1/0 unit 0 description lrc-ge-0/1/1
set interfaces ge-0/1/0 unit 0 family inet service input service-set nat-ls service-filter SKIP_NAT_LS_IP
set interfaces ge-0/1/0 unit 0 family inet service output service-set nat-ls service-filter SKIP_NAT_LS_IP
set interfaces ge-0/1/0 unit 0 family inet address 10.0.0.1/30
set interfaces ge-0/1/1 media-type copper
set interfaces ge-0/1/2 media-type copper
set interfaces fxp0 unit 0 family inet dhcp client-identifier use-interface-description device
set interfaces lo0 unit 0 family inet address 100.0.1.1/32
set policy-options policy-statement ospf-export term ospf-default from protocol static
set policy-options policy-statement ospf-export term ospf-default from route-filter 0.0.0.0/0 exact
set policy-options policy-statement ospf-export term ospf-default then accept
set firewall family inet service-filter SKIP_NAT_LS_IP term acx1100 from destination-address 10.0.0.0/30
set firewall family inet service-filter SKIP_NAT_LS_IP term acx1100 from destination-address 100.0.1.1/32
set firewall family inet service-filter SKIP_NAT_LS_IP term acx1100 then accept
set firewall family inet service-filter SKIP_NAT_LS_IP term lrc from destination-address 10.0.0.0/30
set firewall family inet service-filter SKIP_NAT_LS_IP term lrc from destination-address 100.1.2.3/32
set firewall family inet service-filter SKIP_NAT_LS_IP term lrc then accept
set firewall family inet service-filter SKIP_NAT_LS_IP term lr1 from destination-address 10.0.1.0/30
set firewall family inet service-filter SKIP_NAT_LS_IP term lr1 from destination-address 100.1.1.1/32
set firewall family inet service-filter SKIP_NAT_LS_IP term lr1 then accept
set firewall family inet service-filter SKIP_NAT_LS_IP term lr2 from destination-address 10.0.2.0/30
set firewall family inet service-filter SKIP_NAT_LS_IP term lr2 from destination-address 100.2.2.2/32
set firewall family inet service-filter SKIP_NAT_LS_IP term lr2 then accept
set firewall family inet service-filter SKIP_NAT_LS_IP term lr3 from destination-address 10.0.3.0/30
set firewall family inet service-filter SKIP_NAT_LS_IP term lr3 from destination-address 100.3.3.3/32
set firewall family inet service-filter SKIP_NAT_LS_IP term lr3 then accept
set firewall family inet service-filter SKIP_NAT_LS_IP term arm64 from destination-address 10.0.4.0/30
set firewall family inet service-filter SKIP_NAT_LS_IP term arm64 from destination-address 200.4.4.4/32
set firewall family inet service-filter SKIP_NAT_LS_IP term arm64 then accept
set firewall family inet service-filter SKIP_NAT_LS_IP term ANY then service
set routing-options static route 0.0.0.0/0 next-hop 172.20.13.254
set protocols ospf area 0.0.0.0 interface ge-0/1/0.0
set protocols ospf area 0.0.0.0 interface lo0.0 passive
set protocols ospf export ospf-export
Use these excerpts to verify your ACX1100 lab setup or as a starting point for customization.