Documente Academic
Documente Profesional
Documente Cultură
Use the instructions in this quick start to help you connect the SRX210 Services Gateway to your network. For details, see the SRX210 Services Gateway Hardware Guide at http://www.juniper.net/techpubs/a057.html.
SRX210 Services Gateway with Integrated Convergence Services (SRX210H-P-MGW) Front Panel
g031132
Callout
1 2 3 4
Description
Mini-PIM slot Power button LEDs (ALARM, POWER, STATUS, HA, mPIM, EXPCARD) Reset Config button
Callout
5 6 7
Description
USB ports Console port Gigabit Ethernet (0/0 and 0/1) and Fast Ethernet (0/2 to 0/7) ports
Callout
1 2 3 4
Description
FXS and FXO voice ports Mini-PIM slot Power button LEDs (ALARM, POWER, STATUS, HA, mPIM, EXPCARD)
Callout
5 6 7 8
Description
Reset Config button USB ports Console port Gigabit Ethernet (0/0 and 0/1) and Fast Ethernet (0/2 to 0/7) ports
SRX210 Services Gateway with Integrated Convergence Services (SRX210H-P-MGW) Back Panel
g031113
Callout
1 2 3
Description
Power supply input Cable tie holder Grounding point
Callout
4 5
Description
Lock for security cable ExpressCard slot
Callout
1 2 3
Description
Power supply input Cable tie holder Grounding point
Callout
4 5
Description
Lock for security cable ExpressCard slot
g031102
g031101
Connect an RJ-45 cable (Ethernet cable) from the port labeled CONSOLE to the supplied DB-9 adapter, which then connects to the serial port on the management device. (Serial port settings: 9600 8-N-1.) If you are using this method to connect, proceed with the CLI configuration instructions available in the Branch SRX Series Services Gateways Golden Configurations at http://www.juniper.net/us/en/local/pdf/app-notes/3500153-en.pdf. See the illustration below for details on connecting a management interface.
Device
SRX210B SRX210H SRX210H-POE SRX210H-P-MGW
DDR Memory
512 MB 1 GB 1 GB 1 GB
Voice Support
No No No Yes
NOTE: On the SRX210H-PoE and SRX210H-P-MGW models, Power over Ethernet (PoE) of 50 watts is supported across 4 ports (ge-0/0/0, ge-0/0/1, fe-0/0/2, and fe-0/0/3).
After a rescue configuration has been set, an amber ALARM LED indicates a minor alarm, and a solid red ALARM LED indicates that a major problem exists on the services gateway. You must allow the device between 5 and 7 minutes to boot up after you have powered it on. Wait until the STATUS LED is solid green before proceeding to the next part.
NOTE:
Page 2
g031118
Interface
ge-0/0/0 ge-0/0/1 and fe-0/0/2 to fe-0/0/7
Security Zone
untrust trust
Use the ge-0/0/0 port to connect to your ISP. Your ISP will have provided a static IP address. You will not receive an IP address using the DHCP process. If you are using this method to obtain an IP address on your services gateway, follow the instructions from Part 6 to Part 9 in this document.
Destination Zone
untrust trust trust
Policy Action
permit permit deny
Destination Zone
untrust
Policy Action
source NAT to untrust zone interface
The services gateway functions as a DHCP server and will assign an IP address to the management device. If an IP address is not assigned to the management device, manually configure an IP address in the 192.168.1.0/24 subnetwork. Do not assign the 192.168.1.1 IP address to the management device, as this IP address is assigned to the device. By default, the DHCP server is enabled on the L3 VLAN interface, (IRB) vlan.0 (ge-0/0/1 and fe-0/0/2 to fe-0/0/7), which is configured with an IP address of 192.168.1.1/24. When an SRX210 Series Services Gateway is powered on for the first time, it boots using the factory default configuration.
Ensure that you have configured the IP address and root password before you apply the configuration. All fields marked with an asterisk (*) are mandatory. If you have used Method 2 in Part 5 to obtain an IP address on your services gateway, ensure that you make the following J-Web modifications: 1. Unselect the Enable DHCP on ge-0/0/0.0 check box.
Page 3
2. 3. 4. 5.
Enter the manual IP address provided by your ISP in the ge-0/0/0.0 address field. The IP address must be entered in the a.b.c.d/xx format, where xx is the subnet mask. Enter the IP address of the gateway in the Default Gateway field. The IP address for the gateway is also provided by the ISP. Enter server names in the DNS name servers field. The server names will be provided by your ISP. Apply the configuration.
NOTE:
To make any changes to the interface configuration, see the Branch SRX Series Services Gateways Golden Configurations at http://www.juniper.net/us/en/local/pdf/app-notes/3500153-en.pdf.
Configure the class of restriction to define the policy dedicated to specifying call type permissions: 1. 2. 3. 4. 5. Select Configure > Convergence Services > Station > Class of Restriction. The Class of Restriction Configuration page is displayed. Click Add to create a new class of restriction. The New Class of Restriction page is displayed. Enter the name in the Class of Restriction field. Click Add to add a new policy to the class of restriction you are creating. The New Policy Configuration page is displayed. Perform the following actions:
If the http://www.juniper.net page does not load, verify your configuration settings, and ensure that you have applied the configuration. After you have completed these steps, you can pass traffic from any trust port to the untrust port.
Connecting and Configuring the SRX210 Services Gateway with Integrated Convergence Services
If you have an SRX210H-P-MGW model, use the instructions below to configure voice support on the media gateway and get started using your device to place and receive calls. The following table provides an overview of the steps you must follow to configure voice support on the media gateway.
Field
Policy Name Available Call Types Permissions
NOTE:
Action
Specify a name for the policy. Select the call types applicable to your setup. Set permissions (allow or deny) on the selected call types.
Step
1 2 3 4 5 6
Task
Connect the FXO and FXS ports. Access the J-Web interface. Configure the class of restriction. Configure the SIP station. Configure the analog station. Configure the peer call server.
Step
7 8 9 10 11
Task
Configure the trunk. Configure trunk groups. Create the dial plan. Configure the media gateway. Configure the survivable call server.
For initial configuration of the device, you do not need to configure the station templates. You can use the default values. 1. Select Configure > Convergence Services > Station. The Station Configuration page is displayed.
Page 4
2.
Click Add to add the new station and perform the following mandatory basic actions:
Action
Specify a name for the station. Enter the extension number of the station. Select the already configured class of restriction. Select the already defined station template.
Field
Name Extensions Class of Restriction Template Name
For the device to authenticate itself with the peer call server, you might need to provide the device user ID and password details as provided by the peer call servers administrator. You can accept the default values in the Port (5060) and Transport (UDP) fields. For initial configuration of the device, you do not need to specify the codec. The default set of codecs is used. By default, codecs are specified in the following order: 711-, G711-A, G729AB.
You can configure the analog templates to be similar so that they can share a common configuration.
Field
Trunk Name
Action
Enter a name for the trunk. Select the trunk type (FXO, FXS, or T1). Select the type of TDM interface to be configured (FXO, FXS, or T1) for routing certain types of calls.
Field
Name Extensions Class of Restriction Template Name TDM Interface
NOTE:
Action
Specify a name for the station. Enter the extension number of the station. Select the already configured class of restriction. Select the already defined station template. Specify the type of TDM interface to be configured (FXO, FXS, or T1).
You can configure the individual SIP stations similarly so that they can share a common configuration.
2.
Field
Name Available Trunks
Action
Specify a name for the trunk group. Select the trunks applicable to your setup.
Field
Name PSTN Access Number Address Type FQDN IP Address
NOTE:
Action
Specify the name for the peer call server. Specify the external PSTN number for the survivable call server to use if it must contact the PSTN directly. Select the address type as either fqdn or ipv4-address. Enter the fully qualified domain name. Enter the IP address of the peer call server.
Page 5
4.
2.
Click Add to create a new call service and perform the following mandatory basic actions:
Field
Route Pattern Call Type Trunk-groups
NOTE:
Field
Call Service Name Call Server Dial Plan Zone
Action
Specify the name for the call service. Select the peer call server name. Select the preconfigured dial plan to be used for the survivable call server. Specify the name for the zone.
You can accept the default values for the Preference and Digit Manipulation fields.
NOTE:
All other parameters required to configure the call service are optional and you can accept the default values set for these parameters.
Field
Media Gateway Call Server Dial Plan Zone
Action
Specify the device name. Select a peer call server with which to associate. Select a preconfigured dial plan. Specify the service point for the devices zone to enable the media gateway and survivable call server services for the specified zone.
You can reboot or halt the system in the J-Web interface by selecting Maintain > Reboot.
For additional configuration information, see the Branch SRX Series Services Gateways Golden Configurations at http://www.juniper.net/us/en/local/pdf/app-notes/3500153-en.pdf. For detailed software configuration information, see the software documentation available at http://www.juniper.net/techpubs/software/junos-srx/index.html.
NOTE:
You can accept the default values in the Port (5060) and Transport (UDP) fields.
Juniper Networks, the Juniper Networks logo, JUNOS, NetScreen, ScreenOS, and Steel-Belted Radius are registered trademarks of Juniper Networks, Inc. in the United States and other countries. JUNOSe is a trademark of Juniper Networks, Inc. All other trademarks, service marks, registered trademarks, or registered service marks are the property of their respective owners. Juniper Networks assumes no responsibility for any inaccuracies in this document. Juniper Networks reserves the right to change, modify, transfer, or otherwise revise this publication without notice. Products made or sold by Juniper Networks or components thereof might be covered by one or more of the following patents that are owned by or licensed to Juniper Networks: U.S. Patent Nos. 5,473,599, 5,905,725, 5,909,440, 6,192,051, 6,333,650, 6,359,479, 6,406,312, 6,429,706, 6,459,579, 6,493,347, 6,538,518, 6,538,899, 6,552,918, 6,567,902, 6,578,186, and 6,590,785. Copyright 2010, Juniper Networks, Inc. All rights reserved. Printed in USA. Part Number: 530-033826 Rev. 01, March 2010.