当前位置:首页 >> 计算机硬件及网络 >>

Juniper JUNOS Lab Guide


Introduction to the Junos Operating System
12.a

Detailed Lab Guide

Worldwide Education Services
1194 North Mathilda Avenue Sunnyvale, CA 94089 USA 408-745-2000 www.juniper.net Course Number: EDU-JUN-IJOS

This document is produced by Juniper Networks, Inc. This document or any part thereof may not be reproduced or transmitted in any form under penalty of law, without the prior written permission of Juniper Networks Education Services. Juniper Networks, Junos, Steel-Belted Radius, NetScreen, and ScreenOS are registered trademarks of Juniper Networks, Inc. in the United States and other countries. The Juniper Networks Logo, the Junos logo, and JunosE are trademarks of Juniper Networks, Inc. All other trademarks, service marks, registered trademarks, or registered service marks are the property of their respective owners. Introduction to the Junos Operating System Detailed Lab Guide, Revision 12.a Copyright ? 2012, Juniper Networks, Inc. All rights reserved. Printed in USA. Revision History: Revision 9.a—July 2009; Revision 9.b—October 2009; Revision 10.a—May 2010; Revision 10.b—May 2010; Revision 11.a—June 2011 Revision 12.a—June 2012 The information in this document is current as of the date listed above. The information in this document has been carefully verified and is believed to be accurate for software Release 12.1R1.9. Juniper Networks assumes no responsibilities for any inaccuracies that may appear in this document. In no event will Juniper Networks be liable for direct, indirect, special, exemplary, incidental or consequential damages resulting from any defect or omission in this document, even if advised of the possibility of such damages.

Juniper Networks reserves the right to change, modify, transfer, or otherwise revise this publication without notice. YEAR 2000 NOTICE Juniper Networks hardware and software products do not suffer from Year 2000 problems and hence are Year 2000 compliant. The Junos operating system has no known time-related limitations through the year 2038. However, the NTP application is known to have some difficulty in the year 2036. SOFTWARE LICENSE The terms and conditions for using Juniper Networks software are described in the software license provided with the software, or to the extent applicable, in an agreement executed between you and Juniper Networks, or Juniper Networks agent. By using Juniper Networks software, you indicate that you understand and agree to be bound by its license terms and conditions. Generally speaking, the software license restricts the manner in which you are permitted to use the Juniper Networks software, may contain prohibitions against certain uses, and may state conditions under which the license is automatically terminated. You should consult the software license for further details.

Contents
Lab 1: Lab 2: The Junos CLI (Detailed) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1-1
Part 1: Logging In and Exploring the CLI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-2

Initial System Configuration (Detailed) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2-1
Part 1: Loading a Factory-Default Configuration and Performing Initial Configuration . . . . . . . . . . 2-2 Part 2: Saving, Displaying, Loading, and Deleting a Rescue Configuration . . . . . . . . . . . . . . . . . .2-13 Part 3: Configuring Interfaces and Verifying Operational State . . . . . . . . . . . . . . . . . . . . . . . . . . .2-17

Lab 3:

Secondary System Configuration (Detailed) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-1
Part 1: Configuring User Authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-2 Part 2: Performing System Management Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-13

Lab 4:

Operational Monitoring and Maintenance (Detailed) . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4-1
Part 1: Monitoring System and Chassis Operation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-2 Part 2: Using Network Utilities and Monitoring Traffic . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4-12 Part 3: Upgrading the Junos OS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4-17 Part 4: Recovering the Root Password . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4-20

Lab 5:

The J-Web Interface (Detailed) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .5-1
Part 1: Logging In to and Exploring the J-Web Interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-2 Part 2: Exploring J-Web Configuration and Diagnostic Capabilities . . . . . . . . . . . . . . . . . . . . . . . . . 5-8

Appendix A: Lab Diagrams . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A-1

www.juniper.net

Contents ? iii

iv ? Contents

www.juniper.net

Course Overview
This one-day course provides students with the foundational knowledge required to work with the Junos operating system and to configure Junos devices. The course provides a brief overview of the Junos device families and discusses the key architectural components of the software. Additional key topics include user interface options with a heavy focus on the command-line interface (CLI), configuration tasks typically associated with the initial setup of devices, interface configuration basics with configuration examples, secondary system configuration, and the basics of operational monitoring and maintenance of Junos devices. Through demonstrations and hands-on labs, you will gain experience in configuring and monitoring the Junos OS and monitoring basic device operations. This course uses Juniper Networks SRX Series Services Gateways for the hands-on component, but the lab environment does not preclude the course from being applicable to other Juniper hardware platforms running the Junos OS. This course is based on Junos OS Release 12.1R1.9.

Objectives
After successfully completing this course, you should be able to: ? ? ? ? ? ? ? ? ? Describe the basic design architecture of the Junos OS. Identify and provide a brief overview of Junos devices. Navigate within the Junos CLI. Perform tasks within the CLI operational and configuration modes. Restore a Junos device to its factory-default state. Perform initial configuration tasks. Configure and monitor network interfaces. Describe user configuration and authentication options. Perform secondary configuration tasks for features and services (such as system logging syslog) and tracing, Network Time Protocol (NTP), configuration archival, and SNMP. Monitor basic operation for the Junos OS and devices. Identify and use network utilities. Upgrade the Junos OS. Perform file system maintenance and password recovery on a Junos device. Navigate within the Junos OS J-Web interface.

? ? ? ? ?

Intended Audience
This course benefits individuals responsible for configuring and monitoring devices running the Junos OS.

Course Level
The Introduction to the Junos Operating System course is a one-day, introductory course.

Prerequisites
Students should have basic networking knowledge and an understanding of the Open Systems Interconnection (OSI) reference model and the TCP/IP protocol suite.

www.juniper.net

Course Overview ? v

Course Agenda
Day 1
Chapter 1: Chapter 2: Chapter 3: Chapter 4: Chapter 5: Chapter 6: Course Introduction Junos Operating System Fundamentals User Interface Options Lab 1: The Junos CLI Initial Configuration Lab 2: Initial System Configuration Secondary System Configuration Lab 3: Secondary System Configuration Operational Monitoring and Maintenance Lab 4: Operational Monitoring and Maintenance Appendix A: Interface Configuration Examples Appendix B: The J-Web Interface Lab 5 (Optional): The J-Web Interface

vi ? Course Agenda

www.juniper.net

Document Conventions
CLI and GUI Text
Frequently throughout this course, we refer to text that appears in a command-line interface (CLI) or a graphical user interface (GUI). To make the language of these documents easier to read, we distinguish GUI and CLI text from chapter text according to the following table. Style Franklin Gothic Courier New Description Normal text. Console text: ? ? Screen captures Noncommand-related syntax commit complete Exiting configuration mode Select File > Open, and then click Configuration.conf in the Filename text box. Usage Example Most of what you read in the Lab Guide and Student Guide.

GUI text elements: ? Menu names ? Text field entry

Input Text Versus Output Text
You will also frequently see cases where you must enter input text yourself. Often these instances will be shown in the context of where you must enter them. We use bold style to distinguish text that is input versus text that is simply displayed. Style Normal CLI Normal GUI Description No distinguishing variant. Usage Example Physical interface:fxp0, Enabled View configuration history by clicking Configuration > History. Text that you must enter. lab@San_Jose> show route Select File > Save, and type config.ini in the Filename field.

CLI Input GUI Input

Defined and Undefined Syntax Variables
Finally, this course distinguishes between regular text and syntax variables, and it also distinguishes between syntax variables (where the value is already assigned defined variables) and syntax variables (where you must assign the value undefined variables). Note that these styles can be combined with the input style as well. Style CLI Variable GUI Variable Description Text where variable value is already assigned. Usage Example policy my-peers Click my-peers in the dialog. CLI Undefined GUI Undefined Text where the variable’s value is the user’s discretion and text where the variable’s value as shown in the lab guide might differ from the value the user must input. Type set policy policy-name. ping 10.0.x.y Select File > Save, and type filename in the Filename field.

www.juniper.net

Document Conventions ? vii

Additional Information
Education Services Offerings
You can obtain information on the latest Education Services offerings, course dates, and class locations from the World Wide Web by pointing your Web browser to: http://www.juniper.net/training/education/.

About This Publication
The Introduction to the Junos Operating System Detailed Lab Guide was developed and tested using software Release 12.1R1.9. Previous and later versions of software might behave differently so you should always consult the documentation and release notes for the version of code you are running before reporting errors. This document is written and maintained by the Juniper Networks Education Services development team. Please send questions and suggestions for improvement to training@juniper.net.

Technical Publications
You can print technical manuals and release notes directly from the Internet in a variety of formats: ? ? Go to http://www.juniper.net/techpubs/. Locate the specific software or hardware release and title you need, and choose the format in which you want to view or print the document.

Documentation sets and CDs are available through your local Juniper Networks sales office or account representative.

Juniper Networks Support
For technical support, contact Juniper Networks at http://www.juniper.net/customers/support/, or at 1-888-314-JTAC (within the United States) or 408-745-2121 (from outside the United States).

viii ? Additional Information

www.juniper.net

Lab 1
The Junos CLI (Detailed)

Overview
This lab introduces you to the Junos operating system command-line interface (CLI). In this lab, you will familiarize yourself with various CLI operational mode and configuration mode features. The lab is available in two formats: a high-level format designed to make you think through each step and a detailed format that offers step-by-step instructions complete with sample output from most commands. By completing this lab, you will perform the following tasks: ? Log in to and explore the Junos CLI using both operational and configuration modes.

www.juniper.net

The Junos CLI (Detailed) ? Lab 1–1 12.a.12.1R1.9

Part 1: Logging In and Exploring the CLI
In this lab part, you become familiar with the access details used to connect to the lab equipment. Once you are familiar with the access details, you will use the CLI to log in to your team’s designated station and use the CLI to become familiar with operational mode and configuration mode. You also gain experience with some of the tools and functionality available within operational mode and configuration mode.
Note

Depending on the class, the lab equipment used might be remote from your physical location. The instructor will inform you as to the nature of your access and will provide you the details needed to access your assigned device. Step 1.1 Ensure that you know to which student device you have been assigned. Check with your instructor if you are not certain. Consult the management network diagram to determine the management address of your student device Question: What is the management address assigned to your station?

Answer: The answer varies; in the example used throughout this lab, the user belongs to the srxA-1 station, which uses an IP address of 10.210.14.131. Your answer will depend on the rack of equipment your class is using. Step 1.2 Access the CLI at your station using either the console, Telnet, or SSH as directed by your instructor. Refer to the management network diagram for the IP address associated with your team’s station. The following example uses a simple Telnet access to srxA-1 with the Secure CRT program as a basis:

Lab 1–2 ? The Junos CLI (Detailed)

www.juniper.net

Step 1.3 Log in to the student device with the username lab using a password of lab123. Note that both the name and password are case-sensitive. Issue the configure command to enter configuration mode and load the reset configuration file using the load override /var/home/lab/ijos/lab1-start.config command. After the configuration has been loaded, commit the changes and return to operational mode using the commit and-quit command.
srxA-1 (ttyp0) login: lab Password: --- JUNOS 12.1R1.9 built 2012-03-24 12:12:49 UTC lab@srxA-1> configure Entering configuration mode [edit] lab@srxA-1# load override ijos/lab1-start.config load complete [edit] lab@srxA-1# commit and-quit commit complete Exiting configuration mode lab@srxA-1>

Step 1.4 Determine what system information you can clear from the operational mode command prompt.
lab@srxA-1> clear ? Possible completions: amt arp auto-configuration bfd bgp bridge
www.juniper.net

Show AMT Protocol information Clear address resolution information Clear auto-configuration action Clear Bidirectional Forwarding Detection information Clear Border Gateway Protocol information Clear learned Layer 2 MAC address information
The Junos CLI (Detailed) ? Lab 1–3

chassis database-replication dhcpv6 dot1x esis ethernet-switching fabric firewall gvrp helper igmp igmp-snooping interfaces ipv6 isdn isis information l2-learning lacp ldp lldp log mld mld-snooping mpls msdp multicast network-access ospf ospf3 passive-monitoring pfe pgm pim ppp pppoe protection-group r2cp rip ripng rsvp security services snmp spanning-tree system vpls vrrp wlan

Clear chassis information Clear database replication information Clear DHCPv6 information Clear 802.1X session Clear end system-to-intermediate system information Clear ethernet switching information Clear RPDF Internal data structures Clear firewall counters Clears Generic VLAN Registration Protocol information Clear port-forwarding helper information Clear Internet Group Management Protocol information Clear IGMP snooping information Clear interface information Clear IP version 6 information Clear Integrated Services Digital Network information Clear Intermediate System-to-Intermediate System Clear Clear Clear Clear Clear Clear Clear Clear Clear Clear Clear Clear Clear Clear Clear Clear Clear Clear Clear Clear Clear Clear Clear Clear Clear Clear Clear Clear Clear Clear Clear Clear learned Layer 2 MAC address information Link Aggregation Control Protocol information Label Distribution Protocol information Link Layer Discovery Protocol information contents of log file multicast listener discovery information MLD snooping information mpls information Multicast Source Discovery Protocol information multicast information network-access related information Open Shortest Path First information Open Shortest Path First version 3 information passive monitoring statistics Packet Forwarding Engine information Pragmatic Generalized Multicast information Protocol Independent Multicast information PPP information PPP over Ethernet information protection group information Radio-to-Router Protocol information Routing Information Protocol information Routing Information Protocol for IPv6 information Resource Reservation Protocol information security information services Simple Network Management Protocol information Spanning Tree Protocol information system information learned Layer 2 MAC address information Virtual Router Redundancy Protocol statistics Wireless LAN information

Lab 1–4 ? The Junos CLI (Detailed)

www.juniper.net

Question: Which command do you use to clear the contents of a system log (syslog) file?

Answer: Use the clear log log-filename command to clear the contents of a particular syslog file. Step 1.5 Experiment with command completion by entering show i<space>.
lab@srxA-1> show i ^ 'i' is ambiguous. Possible completions: iccp igmp igmp-snooping ingress-replication interfaces ipv6 isdn isis information

Show Show Show Show Show Show Show Show

Inter Chassis Control Protocol information Internet Group Management Protocol information IGMP snooping information Ingress-Replication tunnel information interface information IP version 6 information Integrated Services Digital Network information Intermediate System-to-Intermediate System

Step 1.6 Add characters to disambiguate your command so that you can display interface-related information; use the Spacebar or Tab key for automatic command completion.
Note

You can return to the command prompt without scrolling through all of the generated output from a command. Enter the Ctrl+c key sequence or the q key to abort the operation and return to the command prompt.
lab@srxA-1> show int<space>erfaces Physical interface: ge-0/0/0, Enabled, Physical link is Up Interface index: 134, SNMP ifIndex: 507 Description: MGMT Interface - DO NOT DELETE Link-level type: Ethernet, MTU: 1514, Link-mode: Full-duplex, Speed: 1000mbps, BPDU Error: None, MAC-REWRITE Error: None, Loopback: Disabled, Source filtering: Disabled, Flow control: Enabled, Auto-negotiation: Enabled, Remote fault: Online Device flags : Present Running Interface flags: SNMP-Traps Internal: 0x0 Link flags : None CoS queues : 8 supported, 8 maximum usable queues Current address: 00:26:88:e1:54:80, Hardware address: 00:26:88:e1:54:80 Last flapped : 2011-04-20 02:02:04 UTC (2d 03:09 ago)
www.juniper.net The Junos CLI (Detailed) ? Lab 1–5

Input rate Output rate Active alarms Active defects

: : : :

536 bps (0 pps) 0 bps (0 pps) None None

Logical interface ge-0/0/0.0 (Index 68) (SNMP ifIndex 509) Flags: SNMP-Traps 0x0 Encapsulation: ENET2 Input packets : 299996 Output packets: 211433 Security: Zone: Null ...TRIMMED...

Step 1.7 Try to clear SNMP statistics by entering the clear snmp command.
lab@srxA-1> clear snmp ^ syntax error, expecting <command>.

Question: What do you think the resulting display means?

Answer: The display indicates that the command was incomplete as entered. The caret symbol (^) indicates the area of the problem, and the error message tells you that the system expects additional command input. Step 1.8 Verify that the CLI does not let you complete invalid commands by trying to enter the command show ip interface brief.
lab@srxA-1> show ip<space> lab@srxA-1> show ipv6 lab@srxA-1> show ipinterfacebrief ^ syntax error, expecting <command>.

Lab 1–6 ? The Junos CLI (Detailed)

www.juniper.net

Question: What happens when you try to enter this command?

Answer: The system’s command completion feature completes a show ipv6 command in this case because ipv6 is the only valid completion. If you attempt to continue with invalid syntax, the system informs you of your error. Unlike some CLI implementations, the Junos OS will not let you waste time typing in an illegitimate command! Step 1.9 Enter a show route command followed by a show system users command. You are entering these commands to demonstrate command history recall. When finished, enter the keyboard sequences indicated to answer the related questions.
lab@srxA-1> show route inet.0: 2 destinations, 2 routes (2 active, 0 holddown, 0 hidden) + = Active Route, - = Last Active, * = Both 10.210.14.128/27 10.210.14.131/32 *[Direct/0] 02:12:04 > via ge-0/0/0.0 *[Local/0] 02:12:10 Local via ge-0/0/0.0

lab@srxA-1> show system users 5:12AM up 2 days, 3:14, 1 user, load averages: 0.04, 0.10, 0.07 USER TTY FROM LOGIN@ IDLE WHAT lab u0 4:43AM - -cli (cli)

Question: What happens when you press Ctrl+p twice?

Answer: The system recalls the show route command and displays it at the prompt. Question: What happens when you press Ctrl+n?

Answer: The system recalls the next command in the buffer, which is a show system users command in this example.

www.juniper.net

The Junos CLI (Detailed) ? Lab 1–7

Question: What happens when you use the Up Arrow and Down Arrow keys?

Answer: The Up Arrow and Down Arrow keys function as substitutes for the Ctrl+p and Ctrl+n sequences as long as the system is configured for VT100-type emulation, which is the default. Step 1.10 In many cases, the output of a command might exceed one full screen. For example, the show interfaces interface-name extensive command displays a lot of information about the specified interface. Enter this command now for your system’s ge-0/0/0 interface, and answer the following questions. Use the h key as needed to obtain help when CLI output is paused at the ---(more)--- prompt.
lab@srxA-1> show interfaces ge-0/0/0 extensive Physical interface: ge-0/0/0, Enabled, Physical link is Up Interface index: 134, SNMP ifIndex: 507, Generation: 137 Description: MGMT Interface - DO NOT DELETE Link-level type: Ethernet, MTU: 1514, Link-mode: Full-duplex, Speed: 1000mbps, BPDU Error: None, MAC-REWRITE Error: None, Loopback: Disabled, Source filtering: Disabled, Flow control: Enabled, Auto-negotiation: Enabled, Remote fault: Online Device flags : Present Running Interface flags: SNMP-Traps Internal: 0x0 Link flags : None CoS queues : 8 supported, 8 maximum usable queues Hold-times : Up 0 ms, Down 0 ms Current address: 00:26:88:e1:54:80, Hardware address: 00:26:88:e1:54:80 Last flapped : 2011-04-20 02:02:04 UTC (2d 03:11 ago) Statistics last cleared: Never Traffic statistics: Input bytes : 197626475 1008 bps Output bytes : 196448392 0 bps Input packets: 300053 1 pps Output packets: 211433 0 pps Input errors: Errors: 0, Drops: 0, Framing errors: 0, Runts: 0, Policed discards: 0, L3 incompletes: 0, L2 channel errors: 0, L2 mismatch timeouts: 0, FIFO errors: 0, Resource errors: 0 Output errors: Carrier transitions: 1, Errors: 0, Drops: 0, Collisions: 0, Aged packets: 0, FIFO errors: 0, HS link CRC errors: 0, MTU errors: 0, Resource errors: 0 ...TRIMMED...

Lab 1–8 ? The Junos CLI (Detailed)

www.juniper.net

Question: What effect does pressing the Spacebar have?

Answer: The Spacebar causes the display to scroll forward to display the next screen of output. Question: What effect does pressing the Enter key have on the paused output?

Answer: The Enter key causes the display to scroll forward by one line. Question: What effect does pressing the b key have?

Answer: Pressing the b key causes the display to scroll backwards by one full screen, up to the point where the first full screen of information displays. Question: What effect does pressing the u key have?

Answer: Pressing the u key causes the display to scroll backwards by one half of a screen, up to the point where the first screen displays. Question: Which key would you press to search forward through a display that consists of multiple screens of output?

Answer: To search forward, press the forward slash (/) character followed by the search pattern. Step 1.11 Use the pipe (|) and match functions of the Junos CLI to list all interfaces that are physically down.
lab@srxA-1> show interfaces | match down Physical interface: ge-0/0/5, Enabled, Physical link is Down Device flags : Present Running Down Interface flags: Hardware-Down SNMP-Traps Internal: 0x0
www.juniper.net The Junos CLI (Detailed) ? Lab 1–9

Physical interface: ge-0/0/6, Enabled, Physical link is Down Device flags : Present Running Down Interface flags: Hardware-Down SNMP-Traps Internal: 0x0 Physical interface: ge-0/0/7, Enabled, Physical link is Down Device flags : Present Running Down Interface flags: Hardware-Down SNMP-Traps Internal: 0x0 Physical interface: ge-0/0/8, Enabled, Physical link is Down Device flags : Present Running Down Interface flags: Hardware-Down SNMP-Traps Internal: 0x0 Physical interface: ge-0/0/9, Enabled, Physical link is Down Device flags : Present Running Down Interface flags: Hardware-Down SNMP-Traps Internal: 0x0 Physical interface: ge-0/0/10, Enabled, Physical link is Down Device flags : Present Running Down Interface flags: Hardware-Down SNMP-Traps Internal: 0x0 Physical interface: ge-0/0/11, Enabled, Physical link is Down Device flags : Present Running Down Interface flags: Hardware-Down SNMP-Traps Internal: 0x0 Physical interface: ge-0/0/12, Enabled, Physical link is Down Device flags : Present Running Down Interface flags: Hardware-Down SNMP-Traps Internal: 0x0 Physical interface: ge-0/0/13, Enabled, Physical link is Down Device flags : Present Running Down Interface flags: Hardware-Down SNMP-Traps Internal: 0x0 Physical interface: ge-0/0/14, Enabled, Physical link is Down Device flags : Present Running Down Interface flags: Hardware-Down SNMP-Traps Internal: 0x0 Physical interface: ge-0/0/15, Enabled, Physical link is Down Device flags : Present Running Down Interface flags: Hardware-Down SNMP-Traps Internal: 0x0

Question: Are any of your interfaces listed as Down?

Answer: In this example, the answer is yes; several interfaces show as Down. The interfaces shown might vary depending on your lab environment. Question: Can you think of a way to have the Junos OS count the number of interfaces that are physically down? (Hint: Remember that you can use the results of one pipe as input to another pipe operation.)

Answer: To count the number of down interfaces, pipe the results of the previous command to the CLI count function. In this example, we included an extra match function to ensure that the software does not count interfaces that are down both logically and physically more than once:
Lab 1–10 ? The Junos CLI (Detailed) www.juniper.net

lab@srxA-1> show interfaces | match down | match Physical | count Count: 11 lines

Step 1.12 A large portion of the Junos OS documentation is available directly from the CLI. You can retrieve high-level topics using the help topic command, whereas you can obtain detailed configuration-related information with the help reference command. Use the help reference command along with the CLI question-mark operator (?) to find detailed information about configuring a system hostname.
lab@srxA-1> help reference ? Possible completions: access accounting-options ancp applications bfd bgp bridge-domains chassis class-of-service connections diameter dlsw dot1x dvmrp dynamic-profiles esis event-options firewall forwarding-options igmp interfaces isis l2-learning l2circuit l2vpn layer2-control layer2-vpns Use the 'help reference l2vpn' command layer3-vpns ldp link-management lldp logical-systems mld mpls msdp mvpn oam ospf ospf3 pgm pim
www.juniper.net The Junos CLI (Detailed) ? Lab 1–11

poe policy-options ppp protection-group rip ripng router-advertisement router-discovery routing-instances routing-options rsvp sap schedulers security services snmp stp switch-options system vpls vpns vrrp

Question: Which CLI command displays reference information about configuration of the system’s hostname?

Answer: The help reference system host-name command displays information regarding system hostnames:
lab@srxA-1> help reference system host-name host-name Syntax host-name hostname; Hierarchy Level [edit system] Release Information Statement introduced before JUNOS Release 7.4. Statement introduced in JUNOS Release 9.0 for EX Series switches. Description Set the hostname of the router or switch.
Lab 1–12 ? The Junos CLI (Detailed) www.juniper.net

Options hostname--Name of the router or switch. Required Privilege Level system--To view this statement in the configuration. system-control--To add this statement to the configuration. Related Topics * Configuring the Hostname of the Router

Step 1.13 Enter configuration mode.
lab@srxA-1> configure Entering configuration mode [edit] lab@srxA-1#

Question: What happens to your prompt?

Answer: A pound sign (#) replaces the angle bracket (>), and a configuration hierarchy banner displays. Question: According to the prompt, what is your position in the configuration hierarchy?

Answer: The display indicates that you are now at the [edit] hierarchy, which is the root of the configuration tree. Step 1.14 Display the interfaces portion of the candidate configuration.
[edit] lab@srxA-1# show interfaces

www.juniper.net

The Junos CLI (Detailed) ? Lab 1–13

ge-0/0/0 { description "MGMT Interface - DO NOT DELETE"; unit 0 { family inet { address 10.210.14.131/27; } } }

Step 1.15 Position yourself at the [edit interfaces] configuration hierarchy.
[edit] lab@srxA-1# edit interfaces [edit interfaces] lab@srxA-1#

Question: What happens to the banner?

Answer: The banner now correctly shows that the user is at the [edit interfaces] portion of the configuration hierarchy. Question: What is the result of a show command now?

Answer: A show command displays information pertaining only to configuration statements at and below the current hierarchy. In this case, the software displays only the configuration statements for the system’s ge-0/0/0 interface:
[edit interfaces] lab@srxA-1# show ge-0/0/0 { description "MGMT Interface - DO NOT DELETE"; unit 0 { family inet { address 10.210.14.131/27; } } }

Lab 1–14 ? The Junos CLI (Detailed)

www.juniper.net

Step 1.16 Move to the [edit protocols ospf] portion of the hierarchy. This step requires that you first visit the root of the hierarchy, as you cannot jump directly between branches. You can perform this step with a single command in the form of top edit protocols ospf, however.
[edit interfaces] lab@srxA-1# top edit protocols ospf [edit protocols ospf] lab@srxA-1#

Question: Which commands can you now enter to reposition yourself at the [edit] portion of the hierarchy? Return to the [edit] hierarchy level now.

Answer: You can issue an up command twice, or an up 2 command. You can also issue an exit command or a top command.
[edit protocols ospf] lab@srxA-1# top [edit] lab@srxA-1#
Note

If you have not already done so, return to the [edit] hierarchy level using one of the available methods. Step 1.17 Try to display the status of chassis hardware with a show chassis hardware operational command while in configuration mode.
[edit] lab@srxA-1# show chassis hardware ^ syntax error.

www.juniper.net

The Junos CLI (Detailed) ? Lab 1–15

Question: Why do you think you received an error? What can you do to execute operational mode commands while in configuration mode? Try that now.

Answer: The command issued is not valid in configuration mode. Precede operational mode commands with the keyword run to execute them while in configuration mode:
[edit] lab@srxA-1# run show chassis hardware Hardware inventory: Item Version Part number Chassis Routing Engine REV 35 750-021794 FPC 0 PIC 0 Power Supply 0

Serial number AH3809AA0054 AAAX6922

Description SRX240h-poe RE-SRX240H-POE FPC 16x GE Base PIC

Step 1.18 Try to return to operational mode by entering an exit command.
[edit] lab@srxA-1# exit The configuration has been changed but not committed Exit with uncommitted changes? [yes,no] (yes)

Question: What happens when you execute the exit command?

Answer: You should see a message indicating that uncommitted changes exist. This message results from the creation of an empty [edit protocols ospf] stanza. This empty stanza causes the configuration database to believe that the configuration actually changed.

Lab 1–16 ? The Junos CLI (Detailed)

www.juniper.net

Question: Which CLI command can you use to display differences between the candidate and active configuration file? Enter no at the current prompt and issue the required command to view the differences between the candidate and active configurations.

Answer: Use the show command with the results piped to compare rollback number. In this example, you should not see any actual configuration changes, as shown in the following sample capture:
The configuration has been changed but not committed Exit with uncommitted changes? [yes,no] (yes) no Exit aborted [edit] lab@srxA-1# show | compare rollback 0 [edit] lab@srxA-1#

Question: Considering that nothing changed, which command can you enter to allow an exit from configuration mode without being warned of uncommitted changes? Issue that command now.

Answer: Issue a rollback 0 command to replace the candidate configuration with a new copy of the active configuration. You can now exit configuration mode without being warned of uncommitted changes:
[edit] lab@srxA-1# rollback 0 load complete [edit] lab@srxA-1# exit Exiting configuration mode lab@srxA-1>

Step 1.19 Log out of your assigned device using the exit command.

www.juniper.net

The Junos CLI (Detailed) ? Lab 1–17

lab@srxA-1> exit srxA-1 (ttyu0) login:

STOP

Tell your instructor that you have completed Lab 1.

Lab 1–18 ? The Junos CLI (Detailed)

www.juniper.net

Lab 2
Initial System Configuration (Detailed)

Overview
This lab demonstrates configuration tasks typically performed on new devices running the Junos operating system. In this lab, you use the CLI to perform initial configuration and basic interface configuration. The lab is available in two formats: a high-level format designed to make you think through each step and a detailed format that offers step-by-step instructions complete with sample output from most commands. Refer to the management network diagram for access details. By completing this lab, you will perform the following tasks: ? ? ? Load a factory-default configuration and perform initial system configuration. Save, delete, and restore a rescue configuration. Perform basic interface configuration.

www.juniper.net

Initial System Configuration (Detailed) ? Lab 2–1 12.a.12.1R1.9

Introduction to the Junos Operating System

Part 1: Loading a Factory-Default Configuration and Performing Initial Configuration
In this lab part, you will load the factory-default configuration and perform initial configuration tasks using the Junos CLI. Step 1.1 Ensure that you know to which student device you have been assigned. Check with your instructor if you are not certain. Consult the management network diagram to determine the management address of your student device Question: What is the management address assigned to your station?

Answer: The answer varies; in the example used throughout this lab, the user belongs to the srxA-1 station, which uses an IP address of 10.210.14.131. Your answer will depend on the rack of equipment your class is using. Step 1.2 Access the CLI at your station using the console connection.

Note

During this lab, your access through the management network will be affected. Ensure that you use the console connection to access your assigned station. Using the console connection ensures persistent connectivity even when the management network access is unavailable. If needed, ask your instructor how to connect to your system using the console port.

Lab 2–2 ? Initial System Configuration (Detailed)

www.juniper.net

Introduction to the Junos Operating System

Step 1.3 Log in to the student device with the username lab using a password of lab123. Note that both the name and password are case-sensitive. Enter configuration mode and load a factory-default configuration using the load factory-default command.
srxA-1 (ttyp0) login: lab Password: --- JUNOS 12.1R1.9 built 2012-03-24 12:12:49 UTC lab@srxA-1> configure Entering configuration mode [edit] lab@srxA-1# load factory-default warning: activating factory configuration

Step 1.4 Display the factory-default configuration.
[edit] lab@srxA-1# show ## Last changed: 2012-04-17 23:59:34 UTC system { autoinstallation { delete-upon-commit; ## Deletes [system autoinstallation] upon change/ commit traceoptions { level verbose; flag { all; } } interfaces { ge-0/0/0 { bootp; } } } name-server { 208.67.222.222; 208.67.220.220; } services { ssh; telnet; xnm-clear-text; web-management { http { interface vlan.0; } https { system-generated-certificate;
www.juniper.net Initial System Configuration (Detailed) ? Lab 2–3

Introduction to the Junos Operating System

interface vlan.0; } } dhcp { router { 192.168.1.1; } pool 192.168.1.0/24 { address-range low 192.168.1.2 high 192.168.1.254; } propagate-settings ge-0/0/0.0; } } syslog { archive size 100k files 3; user * { any emergency; } file messages { any critical; authorization info; } file interactive-commands { interactive-commands error; } } max-configurations-on-flash 5; ## ## Warning: statement ignored: unsupported platform (srx240h) ## max-configuration-rollbacks 5; license { autoupdate { url https://ae1.juniper.net/junos/key_retrieval; } } ## Warning: missing mandatory statement(s): 'root-authentication' } interfaces { ge-0/0/0 unit } ge-0/0/1 unit { 0; { 0 { family ethernet-switching { vlan { members vlan-trust; } }

} } ge-0/0/2 { unit 0 { family ethernet-switching { vlan {
Lab 2–4 ? Initial System Configuration (Detailed) www.juniper.net

Introduction to the Junos Operating System

members vlan-trust; } } } } ge-0/0/3 { unit 0 { family ethernet-switching { vlan { members vlan-trust; } } } } ge-0/0/4 { unit 0 { family ethernet-switching { vlan { members vlan-trust; } } } } ge-0/0/5 { unit 0 { family ethernet-switching { vlan { members vlan-trust; } } } } ge-0/0/6 { unit 0 { family ethernet-switching { vlan { members vlan-trust; } } } } ge-0/0/7 { unit 0 { family ethernet-switching { vlan { members vlan-trust; } } } } ge-0/0/8 { unit 0 { family ethernet-switching { vlan { members vlan-trust;
www.juniper.net Initial System Configuration (Detailed) ? Lab 2–5

Introduction to the Junos Operating System

} } } } ge-0/0/9 { unit 0 { family ethernet-switching { vlan { members vlan-trust; } } } } ge-0/0/10 { unit 0 { family ethernet-switching { vlan { members vlan-trust; } } } } ge-0/0/11 { unit 0 { family ethernet-switching { vlan { members vlan-trust; } } } } ge-0/0/12 { unit 0 { family ethernet-switching { vlan { members vlan-trust; } } } } ge-0/0/13 { unit 0 { family ethernet-switching { vlan { members vlan-trust; } } } } ge-0/0/14 { unit 0 { family ethernet-switching { vlan { members vlan-trust; }
Lab 2–6 ? Initial System Configuration (Detailed) www.juniper.net

Introduction to the Junos Operating System

} } } ge-0/0/15 { unit 0 { family ethernet-switching { vlan { members vlan-trust; } } } } vlan { unit 0 { family inet { address 192.168.1.1/24; } } } } protocols { stp; } security { screen { ids-option untrust-screen { icmp { ping-death; } ip { source-route-option; tear-drop; } tcp { syn-flood { alarm-threshold 1024; attack-threshold 200; source-threshold 1024; destination-threshold 2048; timeout 20; } land; } } } nat { source { rule-set trust-to-untrust { from zone trust; to zone untrust; rule source-nat-rule { match { source-address 0.0.0.0/0; } then {
www.juniper.net Initial System Configuration (Detailed) ? Lab 2–7

Introduction to the Junos Operating System

source-nat { interface; } } } } } } policies { from-zone trust to-zone untrust { policy trust-to-untrust { match { source-address any; destination-address any; application any; } then { permit; } } } } zones { security-zone trust { host-inbound-traffic { system-services { all; } protocols { all; } } interfaces { vlan.0; } } security-zone untrust { screen untrust-screen; interfaces { ge-0/0/0.0 { host-inbound-traffic { system-services { dhcp; tftp; } } } } } } } vlans { vlan-trust { vlan-id 3; l3-interface vlan.0;
Lab 2–8 ? Initial System Configuration (Detailed) www.juniper.net

Introduction to the Junos Operating System

} }
Note

The factory-default configuration displays several statements pertaining to the security hierarchy level. This information is outside the scope of this class but is covered in the Junos for Security Platforms (JSEC) course. Step 1.5 Try to activate the factory-default configuration by issuing a commit command.
[edit] lab@srxA-1# commit [edit] 'system' Missing mandatory statement: 'root-authentication' error: commit failed: (missing statements)

Question: Did the commit operation succeed? If not, why not?

Answer: No, the commit operation should fail because the root authentication is missing. Step 1.6 Navigate to the [edit system root-authentication] hierarchy level. Issue the set plain-text-password command. When prompted to enter a new password, type apples.
[edit] lab@srxA-1# edit system root-authentication [edit system root-authentication] lab@srxA-1# set plain-text-password New password: error: require change of case, digits or punctuation [edit system root-authentication] lab@srxA-1#

Question: What happens when you enter the specified password? Why?

Answer: The operation fails because the password does not meet the requirements.

www.juniper.net

Initial System Configuration (Detailed) ? Lab 2–9

Introduction to the Junos Operating System

Step 1.7 Again, issue the set plain-text-password command. When prompted to enter a new password, type Apples. When prompted to confirm the password, type Oranges.
[edit system root-authentication] lab@srxA-1# set plain-text-password New password: Retype new password: error: Passwords are not equal; aborting

Question: What happens when you enter the specified passwords? Why?

Answer: The operation fails because the passwords are not equal. Step 1.8 Issue the set plain-text-password command once again. When prompted to enter a new password, type Rootroot. When prompted to confirm the password, type Rootroot. Activate the change and return to operational mode by issuing a commit and-quit command.
[edit system root-authentication] lab@srxA-1# set plain-text-password New password: Retype new password: [edit system root-authentication] lab@srxA-1# commit and-quit commit complete Exiting configuration mode lab@srxA-1>

Step 1.9 Issue the file list /var/tmp command.
lab@srxA-1> file list /var/tmp error: no local user: lab

Question: What happens when you enter the specified command? Why?

Answer: The operation generates an error because the lab user is no longer valid. We restore the lab user account in a subsequent lab step.

Lab 2–10 ? Initial System Configuration (Detailed)

www.juniper.net

Introduction to the Junos Operating System

Step 1.10 Log out as the lab user and log in as root. Use the newly defined password of Rootroot.
lab@srxA-1> exit srxA-1 (ttyu0) login: root Password: --- JUNOS 12.1R1.9 built 2012-03-24 12:12:49 UTC root@srxA-1%
Note

You should see the previously defined hostname at the login prompt. The amnesiac hostname is shown when the hostname is removed and the system is rebooted. You do not need to reboot the system at this time because you will configure a new hostname shortly. Step 1.11 Start the CLI with the cli command and enter configuration mode.
root@srxA-1% cli root@srxA-1> configure Entering configuration mode [edit] root@srxA-1#

Step 1.12 Define the system’s hostname. Use the hostname specified on the management network diagram provided by your instructor.
[edit] root@srxA-1# set system host-name hostname

Step 1.13 Configure the time zone and system time using the local time zone and current date and time as input values.
[edit] root@srxA-1# set system time-zone time-zone [edit] root@srxA-1# run set date date/time Wed April 25 04:19:00 PDT 2012

www.juniper.net

Initial System Configuration (Detailed) ? Lab 2–11

Introduction to the Junos Operating System

Step 1.14 Remove the DHCP, interface, security, protocols and vlan sections from the factory-default configuration, as this is not necessary in this lab environment.
[edit] root@srxA-1# delete system services dhcp [edit] root@srxA-1# delete interfaces [edit] root@srxA-1# delete security [edit] root@srxA-1# delete protocols [edit] root@srxA-1# delete vlans

Step 1.15 Configure the ge-0/0/0 interface using the address and subnet mask specified on the management network diagram, and specify an interface description of "MGMT INTERFACE - DO NOT DELETE".
[edit] root@srxA-1# edit interfaces [edit interfaces] root@srxA-1# set ge-0/0/0 unit 0 family inet address management IP address [edit interfaces] root@srxA-1# set ge-0/0/0 description "MGMT Interface - DO NOT DELETE" [edit interfaces] root@srxA-1#

Step 1.16 Navigate to [edit routing-options] and define a static route for the 10.210.0.0/16 destination prefix to allow for reachability beyond the local management subnet. Use the gateway address, shown on the management network diagram, as the next-hop value. When complete commit the configuration and return to operational mode.
[edit interfaces] root@srxA-1# top edit routing-options [edit routing-options] root@srxA-1# set static route 10.210.0.0/16 next-hop gateway address [edit routing-options] root@srxA-1# commit and-quit commit complete Exiting configuration mode root@srxA-1>
Lab 2–12 ? Initial System Configuration (Detailed) www.juniper.net

Introduction to the Junos Operating System

STOP

Wait for your instructor before you proceed to the next part.

Part 2: Saving, Displaying, Loading, and Deleting a Rescue Configuration
In this lab part, you will save, display, load, and delete a rescue configuration using the Junos CLI. Step 2.1 Enter configuration mode and load the lab2-part2-start.config file from the/var/home/lab/ijos/ directory. This will return the lab to its original state and reestablish the lab user. Commit your configuration and return to operational mode when complete.
root@srxA-1> configure [edit] root@srxA-1# load override /var/home/lab/ijos/lab2-part2-start.config load complete [edit] root@srxA-1# commit and-quit commit complete Exiting configuration mode root@srxA-1>

Step 2.2 Log out of the root user by issuing the exit command twice, then log in as the lab user using lab123 as the password.
root@srxA-1> exit root@srxA-1% exit logout srxA-1 (ttyu0) login: lab Password: --- JUNOS 12.1R1.9 built 2012-03-24 12:12:49 UTC lab@srxA-1>

Step 2.3 Save the active configuration as the rescue configuration.
lab@srxA-1> request system configuration rescue save

Step 2.4 Display the contents of the recently saved rescue configuration.

www.juniper.net

Initial System Configuration (Detailed) ? Lab 2–13

Introduction to the Junos Operating System

lab@srxA-1> file show /config/rescue.conf.gz ## Last changed: 2012-04-17 20:11:13 PDT version 12.1R1.9; system { host-name srxB-1; time-zone America/Los_Angeles; root-authentication { encrypted-password "$1$KI99zGk6$MbYFuBbpLffu9tn2.sI7l1"; ssh-dsa "ssh-dss AAAAB3NzaC1kc3MAAACBAMQrfP2bZyBXJ6PC7XXZ+MzErI8Jl6jah5L4/ O8BsfP2hC7EvRfNoX7MqbrtCX/9gUH9gChVuBCB+ERULMdgRvM5uGhC/ gs4UX+4dBbfBgKYYwgmisM8EoT25m7qI8ybpl2YZvHNznvO8h7kr4kpYuQEpKvgsTdH/ Jle4Uqnjv7DAAAAFQDZaqA6QAgbW3O/ zveaLCIDj6p0dwAAAIB1iL+krWrXiD8NPpY+w4dWXEqaV3bnobzPC4eyxQKBUCOr80Q5YBlWXVBHx9e lwBWZwj0SF4hLKHznExnLerVsMuTMA846RbQmSz62vM6kGM13HFonWeQvWia0TDr78+rOEgWF2KHBSI xL51lmIDW8Gql9hJfD/Dr/ NKP97w3L0wAAAIEAr3FkWU8XbYytQYEKxsIN9P1UQ1ERXB3G40YwqFO484SlyKyYCfaz+yNsaAJu2C8 UebDIR3GieyNcOAKf3inCG8jQwjLvZskuZwrvlsz/xtcxSoAh9axJcdUfSJYMW/ g+mD26JK1Cliw5rwp2nH9kUrJxeI7IReDp4egNkM4i15o= configurator@server1.he"; } login { user lab { uid 2000; class super-user; authentication { encrypted-password "$1$84J5Maes$cni5Hrazbd/IEHr/50oY30"; } } } services { ssh; telnet; web-management { http { interface ge-0/0/0.0; } https { system-generated-certificate; interface all; } } } syslog { file messages { any critical; authorization info; } file interactive-commands { interactive-commands any; } } } interfaces { ge-0/0/0 { description "MGMT Interface - DO NOT DELETE";
Lab 2–14 ? Initial System Configuration (Detailed) www.juniper.net

Introduction to the Junos Operating System

unit 0 { family inet { address 10.210.35.133/26; } } } } routing-options { static { route 10.210.0.0/16 next-hop 10.210.35.130; } }

Question: Does the rescue configuration match the recently created active configuration?

Answer: Yes, the rescue configuration should match the recently created active configuration. Question: What CLI command could you issue to compare the active and rescue configuration files?

Answer: Use the file compare files / config/juniper.conf.gz /config/ rescue.conf.gz command to compare the active and rescue configurations. As shown in the following sample capture, the files do not contain any differences:
lab@srxA-1> file compare files /config/juniper.conf.gz /config/rescue.conf.gz

Step 2.5 Return to configuration mode and delete the [edit system services] hierarchy level. Activate the change.
lab@srxA-1> configure Entering configuration mode [edit] lab@srxA-1# delete system services [edit] lab@srxA-1# commit commit complete [edit] lab@srxA-1#

Step 2.6 Verify that the [edit system services] hierarchy level is empty and then load the rescue configuration.
www.juniper.net Initial System Configuration (Detailed) ? Lab 2–15

Introduction to the Junos Operating System

[edit] lab@srxA-1# show system services [edit] lab@srxA-1# rollback rescue load complete

Step 2.7 Verify that the [edit system services] hierarchy level once again contains the ssh, telnet, and web-management services.
[edit] lab@srxA-1# show system services ssh; telnet; web-management { http { interface ge-0/0/0.0; } https { system-generated-certificate; interface all; } }

Question: Did the rescue configuration successfully load? Are the services enabled now? If not, why not?

Answer: Yes, the rescue configuration loaded successfully and restored the statements at the [edit system services] hierarchy level. However, the software did not enable the services. Remember, to enable the rescue configuration, or any other candidate configuration, you must commit! Step 2.8 Activate the rescue configuration and return to operational mode.
[edit] lab@srxA-1# commit and-quit commit complete Exiting configuration mode lab@srxA-1>

Step 2.9 Delete the rescue configuration and attempt to display the rescue.conf.gz file to confirm the deletion.

Lab 2–16 ? Initial System Configuration (Detailed)

www.juniper.net

Introduction to the Junos Operating System

lab@srxA-1> request system configuration rescue delete lab@srxA-1> file show /config/rescue.conf.gz error: could not resolve file: /config/rescue.conf.gz

Question: Did you successfully delete the rescue configuration?

Answer: Yes, based on the results shown, the deletion of the rescue configuration was successful.

STOP

Wait for your instructor before you proceed to the next part.

Part 3: Configuring Interfaces and Verifying Operational State
In this lab part, you will perform interface configuration and verify the operational state of interfaces using the Junos CLI. Step 3.1 Enter configuration mode and load the lab2-part3-start.config file from the /var/home/lab/ijos/ directory. Commit you configuration when complete.
lab@srxA-1> configure Entering configuration mode [edit] lab@srxA-1# load override ijos/lab2-part3-start.config load complete [edit] lab@srxA-1# commit commit complete [edit] lab@srxA-1#

Step 3.2 Refer to the network diagram for this lab and configure the listed interfaces. Use logical unit 0 on all specified interfaces. Commit the configuration and return to operational mode when complete.
[edit] lab@srxA-1# edit interfaces [edit interfaces] lab@srxA-1# set ge-0/0/3 unit 0 family inet address address/30 [edit interfaces] lab@srxA-1# set ge-0/0/2 unit 0 family inet address address/30
www.juniper.net Initial System Configuration (Detailed) ? Lab 2–17

Introduction to the Junos Operating System

[edit interfaces] lab@srxA-1# set ge-0/0/1 unit 0 family inet address address/30 [edit interfaces] lab@srxA-1# set lo0 unit 0 family inet address address/32 [edit interfaces] lab@srxA-1# commit and-quit commit complete Exiting configuration mode lab@srxA-1>

Step 3.3 Issue the show interfaces terse CLI command to verify the state of the configured interfaces.
lab@srxA-1> show interfaces terse Interface Admin Link ge-0/0/0 up up ge-0/0/0.0 up up ...TRIMMED.. ge-0/0/1 up up ge-0/0/1.0 up up ge-0/0/2 up up ge-0/0/2.0 up up ge-0/0/3 up up ge-0/0/3.0 up up ...TRIMMED.. lo0 up up lo0.0 up up ...TRIMMED.. Proto inet inet inet inet inet Local 10.210.14.131/27 172.20.77.1/30 172.20.66.1/30 172.18.1.2/30 192.168.1.1 --> 0/0 Remote

Question: What are the Admin and Link states of the recently configured interfaces?

Answer: All configured interfaces should show Admin and Link states of up, as shown in the sample capture. Step 3.4 Log out of your assigned device using the exit command.
lab@srxA-1> exit srxA-1 (ttyu0) login:

Lab 2–18 ? Initial System Configuration (Detailed)

www.juniper.net

Introduction to the Junos Operating System

STOP

Tell your instructor that you have completed Lab 2.

www.juniper.net

Initial System Configuration (Detailed) ? Lab 2–19

Introduction to the Junos Operating System

Lab 2–20 ? Initial System Configuration (Detailed)

www.juniper.net

Lab 3
Secondary System Configuration (Detailed)

Overview
This lab demonstrates typical secondary configuration tasks performed on devices running the Junos operating system. The lab is available in two formats: a high-level format designed to make you think through each step and a detailed format that offers step-by-step instructions complete with sample outputs from most commands. By completing this lab, you will perform the following tasks: ? ? ? ? ? Define user accounts and authentication options. Set up and verify proper operation of system logging (syslog). Configure and monitor NTP. Enable and monitor the operation of SNMP. Configure and monitor the configuration archival feature.

www.juniper.net

Secondary System Configuration (Detailed) ? Lab 3–1 12.a.12.1R1.9

Introduction to the Junos Operating System

Part 1: Configuring User Authentication
In this lab part, your team will configure user accounts and related authentication options. Step 1.1 Ensure that you know to which student device you have been assigned. Check with your instructor if you are not certain. Consult the management network diagram to determine the management address of your student device Question: What is the management address assigned to your station?

Answer: The answer varies; in the example used throughout this lab, the user belongs to the srxA-1 station, which uses an IP address of 10.210.14.131. Your answer will depend on the rack of equipment your class is using. Step 1.2 Access the CLI at your station using either the console, Telnet, or SSH as directed by your instructor. Refer to the management network diagram for the IP address associated with your team’s station. The following example uses a simple Telnet access to srxA-1 with the Secure CRT program as a basis:

Step 1.3 Log in to the student device with the username lab using a password of lab123. Note that both the name and password are case-sensitive. Enter configuration mode and load the reset configuration file using the load override /var/home/ lab/ijos/lab3-start.config command. After the configuration has been loaded, commit the changes.
srxA-1 (ttyp0) login: lab
Lab 3–2 ? Secondary System Configuration (Detailed) www.juniper.net

Introduction to the Junos Operating System

Password: --- JUNOS 12.1R1.9 built 2012-03-24 12:12:49 UTC lab@srxA-1> configure Entering configuration mode [edit] lab@srxA-1# load override ijos/lab3-start.config load complete [edit] lab@srxA-1# commit commit complete [edit] lab@srxA-1#

Step 1.4 Navigate to [edit system login] and define a custom login class named juniper with the following permissions: ? ? ? view view-configuration reset

[edit] lab@srxA-1# edit system login [edit system login] lab@srxA-1# set class juniper permissions [view view-configuration reset] error: invalid value: ]
Note

There may be an error after entering the command, but it should still be added to the configuration. Use the show command to verify this.
[edit system login] lab@srxB-1# show class juniper { permissions [ reset view view-configuration ]; } user lab { uid 2000; class super-user; authentication { encrypted-password "$1$84J5Maes$cni5Hrazbd/IEHr/50oY30"; ## SECRET-DATA } }

www.juniper.net

Secondary System Configuration (Detailed) ? Lab 3–3

Introduction to the Junos Operating System

Step 1.5 Next, define two new user accounts using the information from the following table: Username walter nancy Class juniper read-only Plain-Text Password walter123 nancy123

[edit system login] lab@srxA-1# set user walter class juniper [edit system login] lab@srxA-1# set user walter authentication plain-text-password New password: Retype new password: [edit system login] lab@srxA-1# set user nancy class read-only [edit system login] lab@srxA-1# set user nancy authentication plain-text-password New password: Retype new password:

Step 1.6 View the configuration under the [edit system login] hierarchy level. If you are satisfied with the results, activate your new configuration by issuing the commit command.
[edit system login] lab@srxA-1# show class juniper { permissions [ reset view view-configuration ]; } user lab { uid 2000; class super-user; authentication { encrypted-password "$1$mKkMA9pa$AUZPO2UJ9rWwOfp4Kb2/a1"; ## SECRET-DATA } } user nancy { class read-only; authentication { encrypted-password "$1$sg4t2qIv$E3E5PQftT//p1PiswUgfS/"; ## SECRET-DATA } } user walter { class juniper; authentication { encrypted-password "$1$BH89uJ/p$eNBGRpAVxSXzOhbxjjgi90"; ## SECRET-DATA } }
Lab 3–4 ? Secondary System Configuration (Detailed) www.juniper.net

Introduction to the Junos Operating System

[edit system login] lab@srxA-1# commit commit complete
Note

The remainder of this lab part tests user login options. To prevent yourself from being locked out, keep the current console session open! Step 1.7 Open another terminal window and use Telnet to access your system’s management IP address. If needed, refer to the management network diagram. Log in with the username walter.

srxA-1 (ttyp0) login: walter Password: --- JUNOS 12.1R1.9 built 2012-03-24 12:12:49 UTC walter@srxA-1>

Step 1.8 Using the new terminal session, try to enter configuration mode.
walter@srxA-1> configure ^ unknown command.

www.juniper.net

Secondary System Configuration (Detailed) ? Lab 3–5

Introduction to the Junos Operating System

Question: How does the CLI respond when you try to enter configuration mode?

Answer: The CLI does not let user walter enter configuration mode. It responds by stating that the command is unknown. Step 1.9 Enter a question mark (?) at the prompt to view the permitted operational mode command options for the user walter.
walter@srxA-1> ? Possible completions: file help load monitor op quit request restart save set show start test

Perform file operations Provide help information Show real-time debugging information Invoke an operation script Exit the management session Make system-level requests Restart software process Set CLI properties, date/time, craft interface message Show system information Start shell Perform diagnostic debugging

Question: Why is the user walter unable to enter configuration mode?

Answer: The custom login class defined for the user walter does not give permission for entering configuration mode. Step 1.10 Verify that the user walter can view the configuration and other operational outputs such as interface information.
walter@srxA-1> show configuration ## Last commit: 2012-04-18 12:14:08 PDT by lab version 12.1R1.9; system { host-name srxA-1; time-zone America/Los_Angeles; root-authentication { encrypted-password /* SECRET-DATA */; ## SECRET-DATA ssh-dsa /* SECRET-DATA */;
Lab 3–6 ? Secondary System Configuration (Detailed) www.juniper.net

Introduction to the Junos Operating System

} login { class juniper { permissions [ reset view view-configuration ]; } user lab { uid 2000; class super-user; authentication { encrypted-password /* SECRET-DATA */; ## SECRET-DATA } } user nancy { uid 2001; class read-only; authentication { encrypted-password /* SECRET-DATA */; ## SECRET-DATA } } user walter { uid 2002; class juniper; authentication { encrypted-password /* SECRET-DATA */; ## SECRET-DATA } } } ...TRIMMED... walter@srxA-1> show interfaces Physical interface: ge-0/0/0, Enabled, Physical link is Up Interface index: 134, SNMP ifIndex: 508 Description: MGMT Interface - DO NOT DELETE Link-level type: Ethernet, MTU: 1514, Link-mode: Full-duplex, Speed: 1000mbps, BPDU Error: None, MAC-REWRITE Error: None, Loopback: Disabled, Source filtering: Disabled, Flow control: Enabled, Auto-negotiation: Enabled, Remote fault: Online Device flags : Present Running Interface flags: SNMP-Traps Internal: 0x0 Link flags : None CoS queues : 8 supported, 8 maximum usable queues Current address: f8:c0:01:8f:8f:80, Hardware address: f8:c0:01:8f:8f:80 Last flapped : 2012-04-18 10:27:06 PDT (01:57:39 ago) Input rate : 976 bps (2 pps) Output rate : 1280 bps (1 pps) Active alarms : None Active defects : None Interface transmit statistics: Disabled Logical interface ge-0/0/0.0 (Index 70) (SNMP ifIndex 512) Flags: SNMP-Traps 0x0 Encapsulation: ENET2 Input packets : 157 Output packets: 81 ...TRIMMED...

www.juniper.net

Secondary System Configuration (Detailed) ? Lab 3–7

Introduction to the Junos Operating System

Question: Can the user walter view the root password within the configuration? Why?

Answer: No. The Junos OS hides certain configuration elements that it determines to be security risks and notates them with a SECRET-DATA tag. In this case, the user walter does not have the secret permission defined for his login class. The secret permission is required to view configuration elements with the SECRET-DATA tag. Step 1.11 Restart the routing process using the restart routing command. This command restarts the routing protocol daemon (rpd), which can be useful when troubleshooting routing problems.
walter@srxA-1> restart routing Routing protocols process started, pid 9777

Question: Which permission allows the user walter to perform this command?

Answer: The reset permission allows a user to restart software processes and certain hardware components. This permission will not, however, allow the user to reboot the system. Step 1.12 Log out from the user walter and initiate a new Telnet session to the management interface for the user nancy. (Hint: Use the reconnect option on your terminal client.) Attempt to restart the routing protocol process using the restart routing command.
walter@srxA-1> exit srxA-1 (ttyp0) login: nancy Password: --- JUNOS 11.1R1.10 built 2011-03-16 08:20:26 UTC nancy@srxA-1> restart ^ unknown command.
Lab 3–8 ? Secondary System Configuration (Detailed) www.juniper.net

Introduction to the Junos Operating System

Question: Can nancy successfully issue the restart command?

Answer: As shown in the output, the user nancy cannot issue the operational mode restart command. Question: What is a quick way to view the top-level operational mode commands available to nancy?

Answer: Use the question mark (?) to view available commands anywhere within a command line. Commands that are not permitted due to user permissions do not display. Question: Can the user nancy view the configuration?

Answer: The user nancy can issue the command show configuration, but the contents are hidden. The following is a sample capture, taken from the srxA-1 device:
nancy@srxA-1> show configuration ## Last commit: 2012-04-18 12:14:08 PDT by lab version /* ACCESS-DENIED */; system { /* ACCESS-DENIED */ }; interfaces { /* ACCESS-DENIED */ }; routing-options { /* ACCESS-DENIED */ };

Step 1.13 Attempt to clear interface statistics for the ge-0/0/0 interface using the clear interfaces statistics ge-0/0/0 command.
nancy@srxA-1> clear ^ unknown command.

www.juniper.net

Secondary System Configuration (Detailed) ? Lab 3–9

Introduction to the Junos Operating System

Question: Which permission option would allow the user nancy to clear the interface statistics on the ge-0/0/0 interface?

Answer: The clear permission option would allow this behavior. Step 1.14 Return to the original session opened to the lab user. From the session opened to the lab user attempt to add the clear permission to the default read-only login class. Issue the show command to view the system login hierarchy.
[edit system login] lab@srxA-1# set class read-only permissions clear warning: 'read-only' is a predefined class name; changing to 'read-only-local' [edit system login] lab@srxA-1# show class juniper { permissions [ reset view view-configuration ]; } class read-only-local { permissions clear; } user lab { uid 2000; class super-user; authentication { encrypted-password "$1$mKkMA9pa$AUZPO2UJ9rWwOfp4Kb2/a1"; ## SECRET-DATA } } user nancy { uid 2003; class read-only; authentication { encrypted-password "$1$sg4t2qIv$E3E5PQftT//p1PiswUgfS/"; ## SECRET-DATA } } user walter { uid 2004; class juniper; authentication { encrypted-password "$1$BH89uJ/p$eNBGRpAVxSXzOhbxjjgi90"; ## SECRET-DATA } }

Lab 3–10 ? Secondary System Configuration (Detailed)

www.juniper.net

Introduction to the Junos Operating System

Question: What happened when you added the clear permission to the read-only login class?

Answer: Because you cannot alter predefined login classes, the Junos OS created a new login class named read-only-local that is not associated with any user. Question: How can you add the clear permission for the user nancy?

Answer: You must define a new custom login class for this functionality. Step 1.15 Navigate to the top of the configuration hierarchy and configure a RADIUS server for use with user authentication. Refer to your management network diagram for the server address. The RADIUS secret should be Juniper. Configure the authentication order so that user login attempts use only local password authentication if the RADIUS server is unreachable. Use commit to activate the changes.
[edit system login] lab@srxA-1# top [edit] lab@srxA-1# set system radius-server RADIUS server secret Juniper [edit] lab@srxA-1# set system authentication-order radius [edit] lab@srxA-1# commit commit complete [edit] lab@srxA-1#

www.juniper.net

Secondary System Configuration (Detailed) ? Lab 3–11

Introduction to the Junos Operating System

Question: Must you include password in the authentication order to enable this behavior?

Answer: No. If an authentication method is unavailable because of a network or server outage, the software automatically consults the local password database. Step 1.16 Return to the secondary Telnet session opened to you student device From the secondary Telnet session in which the user nancy is logged in, issue the exit command to log out. Test the RADIUS server by reconnecting to the Telnet session and try to log back in as nancy.
nancy@srxA-1> exit srxA-1 (ttyp0) login: nancy Password: Login incorrect login:

Question: Were you able to log in as nancy?

Answer: No. In this case, the server defined is actually reachable, and it is not configured with the nancy username. Step 1.17 In the previous lab step, the defined RADIUS server was reachable. Because you did not define the username on the RADIUS server, the RADIUS server rejected the authentication. Therefore, the software did not consult the local password database. Return to the original session opened to the lab user. From the session opened to the lab user and change the IP address of the RADIUS server to 10.1.1.1. You can use the rename command for this change. Do not forget to issue commit to activate the change.
[edit] lab@srxA-1# rename system radius-server RADIUS server to 10.1.1.1 [edit] lab@srxA-1# commit commit complete
Lab 3–12 ? Secondary System Configuration (Detailed) www.juniper.net

Introduction to the Junos Operating System

Step 1.18 Return to the secondary Telnet session opened to you student device From the secondary Telnet session, try to log in to the system with the nancy username once again.
login: nancy Password: Local password: --- JUNOS 12.1R1.9 built 2012-03-24 12:12:49 UTC nancy@srxA-1>

Question: What was different about the login behavior in this step as compared to the last step with respect to a reachable RADIUS server?

Answer: After entering the password, a short delay occurs while the system tries to consult the RADIUS server, and the user receives an option to enter a local password. After entering the user’s password, the system logs the user in. Step 1.19 Return to the original session opened to the lab user. From the session opened to the lab user and delete the authentication-order statement. When complete commit your config and return to operational mode.
[edit] lab@srxA-1# delete system authentication-order [edit] lab@srxA-1# commit and-quit commit complete Exiting configuration mode lab@srxA-1>

STOP

Wait for your instructor before you proceed to the next part.

Part 2: Performing System Management Options
In this lab part, you will perform configuration of some common system management features. You will configure and monitor syslog, NTP, SNMP, and configuration archival.
www.juniper.net Secondary System Configuration (Detailed) ? Lab 3–13

Introduction to the Junos Operating System

Step 2.1 Enter configuration mode and load the lab3-part2-start.config file from the/var/home/lab/ijos/ directory. Commit your configuration when complete.
lab@srxA-1> configure Entering configuration mode [edit] lab@srxA-1# load override ijos/lab3-part2-start.config load complete [edit] lab@srxA-1# commit commit complete [edit] lab@srxA-1#

Step 2.2 Use the show system syslog command to view the current syslog configuration.
[edit] lab@srxA-1# show system syslog file messages { any critical; authorization info; } file interactive-commands { interactive-commands any; }

Question: What facilities and severity levels currently log to the messages log file?

Answer: In the sample output, the messages file shows the any and authorization facilities using the critical and info severities, respectively. The actual settings might vary between Junos devices and software versions. Question: What is the purpose of specifying a facility of any?

Answer: This option logs all facility levels.

Lab 3–14 ? Secondary System Configuration (Detailed)

www.juniper.net

Introduction to the Junos Operating System

Step 2.3 Navigate to the [edit system syslog] hierarchy and configure a new syslog file named config-changes. Specify a facility of change-log and a severity of info. Also, set the severity level for the default messages file to any.
[edit] lab@srxA-1# edit system syslog [edit system syslog] lab@srxA-1# set file config-changes change-log info [edit system syslog] lab@srxA-1# set file messages any any [edit system syslog] lab@srxA-1#

Step 2.4 Configure your system to send logs to a remote server running the standard syslog utility. Refer to your management network diagram for the server address. (Hint: Use the host option.) Choose the correct facility that logs access attempts on the system. (Hint: The current messages log file is already using this facility.) Use a severity level of info. Commit your changes when complete.
[edit system syslog] lab@srxA-1# set host server address authorization info [edit system syslog] lab@srxA-1# commit commit complete

Step 2.5 Using the run file list /var/log/ command, verify the creation of a log file named config-changes.
[edit system syslog] lab@srxA-1# run file list /var/log/ /var/log/: authd_profilelib authd_sdb.log autod chassisd config-changes cosd dcd dfwc dfwd eccd gres-tp httpd.log httpd.log.old idpd.addver interactive-commands inventory
www.juniper.net Secondary System Configuration (Detailed) ? Lab 3–15

Introduction to the Junos Operating System

jsrpd jsrpd_chk_only kmd license mastership messages nsd_chk_only pf pfed_trace.log pgmd rtlogd sampled sdxd utmd-av
Note

The files stored in the /var/log/ directory might vary between each system. Question: What other log files from your system’s configuration does this directory store?

Answer: Although the files in the /var/log/ directory might vary on each system, the messages and interactive-commands log files should be present on all systems. Step 2.6 Configure the system to synchronize its clock with an NTP server. Refer to the management network diagram for the server’s IP address.
[edit system syslog] lab@srxA-1# top [edit] lab@srxA-1# set system ntp server server address

Step 2.7 Use the same server IP address used in the previous step and configure an NTP boot server. Commit the configuration and return to operational mode when complete.
[edit] lab@srxA-1# set system ntp boot-server server address [edit] lab@srxA-1# commit and-quit commit complete

Lab 3–16 ? Secondary System Configuration (Detailed)

www.juniper.net

Introduction to the Junos Operating System

Exiting configuration mode lab@srxA-1>

Step 2.8 View the config-changes log and verify the logging of the latest configuration changes.
lab@srxA-1> show log config-changes Apr 22 18:58:08 srxA-1 mgd[2552]: UI_CFG_AUDIT_OTHER: User 'lab' set: [system ntp] Apr 22 18:58:08 srxA-1 mgd[2552]: UI_CFG_AUDIT_OTHER: User 'lab' set: [system ntp server 10.210.14.130] Apr 22 18:58:16 srxA-1 mgd[2552]: UI_CFG_AUDIT_SET: User 'lab' set: [system ntp boot-server] <unconfigured> -> "10.210.14.130"

Step 2.9 Manually force synchronization with the NTP server by issuing the set date ntp operational mode command.
lab@srxA-1> set date ntp 22 Apr 19:04:24 ntpdate[3080]: step time server 10.210.14.130 offset -0.000025 sec

Step 2.10 Verify synchronization with the NTP server by using the show ntp associations command. The system is synchronized with the NTP server if you see the server address in the remote column with an asterisk (*) next to it. Check the current system time using the show system uptime command.
Note

It might take a few minutes for the system’s time to synchronize with the NTP server.
lab@srxA-1> show ntp associations remote refid st t when poll reach delay offset jitter ============================================================================== *10.210.14.130 10.210.0.72 4 14 64 1 1.073 0.113 1.178 lab@srxA-1> show system uptime Current time: 2012-04-19 09:23:35 PDT System booted: 2012-04-18 10:24:42 PDT (22:58:53 ago) Protocols started: 2012-04-18 12:27:26 PDT (20:56:09 ago) Last configured: 2012-04-19 09:20:11 PDT (00:03:24 ago) by lab 9:23AM up 22:59, 2 users, load averages: 0.15, 0.07, 0.02

www.juniper.net

Secondary System Configuration (Detailed) ? Lab 3–17

Introduction to the Junos Operating System

Question: What does the asterisk (*) next to the NTP server address signify?

Answer: The asterisk (*) represents the peer chosen for synchronization as well as a synchronized state with that peer. When you define multiple NTP peers, the system selects only a single NTP peer. Step 2.11 Return to configuration mode and configure the system to allow SNMP access using a community value of junos. The system should allow processing of SNMP messages only when it receives them from the NMS server’s IP address. Refer to the management network diagram for the server’s IP address.
lab@srxA-1> configure Entering configuration mode [edit] lab@srxA-1# set snmp community junos clients server address [edit] lab@srxA-1#

Step 2.12 Configure an SNMP trap group to send traps to the NMS server. The SNMP trap group should send traps whenever an interface transitions to a down state. Name the trap group interfaces.
[edit] lab@srxA-1# set snmp trap-group interfaces targets server address [edit] lab@srxA-1# set snmp trap-group interfaces categories link

Question: What trap category do you enable to receive traps for an over-temperature condition?

Answer: You enable the chassis category to send traps for an over-temperature condition.
Note

In subsequent steps you will disable the management interface. Ensure that the terminal session to your system uses the console connection.
Lab 3–18 ? Secondary System Configuration (Detailed) www.juniper.net

Introduction to the Junos Operating System

Step 2.13 To test your SNMP configuration, temporarily disable the ge-0/0/0 interface using the set interfaces ge-0/0/0 disable command. Commit the new setting and verify that the interface is down using the run show interfaces ge-0/ 0/0 terse command. Next, re-enable the interface by issuing the delete interfaces ge-0/0/0 disable command. Commit the change and return to operational mode when complete.
[edit] lab@srxA-1# set interfaces ge-0/0/0 disable [edit] lab@srxA-1# commit commit complete [edit] lab@srxA-1# run show interfaces ge-0/0/0 terse Interface Admin Link Proto Local ge-0/0/0 down down ge-0/0/0.0 up down inet 10.210.14.131/27 [edit] lab@srxA-1# delete interfaces ge-0/0/0 disable [edit] lab@srxA-1# commit and-quit commit complete Exiting configuration mode lab@srxA-1>

Remote

Step 2.14 Verify that the interface transition resulted in the sending of a trap by viewing the messages log. Use the pipe symbol (|) and match on the ge-0/0/0 interface and the keyword snmp to parse the messages log output. Next, issue the show snmp statistics command and confirm that the Traps value in the Output section is not zero.
lab@srxA-1> show log messages | match ge-0/0/0 | match snmp Apr 19 11:05:22 srxB-1 mib2d[1223]: SNMP_TRAP_LINK_DOWN: ifIndex 508, ifAdminStatus down(2), ifOperStatus down(2), ifName ge-0/0/0 Apr 19 11:06:14 srxB-1 mib2d[1223]: SNMP_TRAP_LINK_UP: ifIndex 508, ifAdminStatus up(1), ifOperStatus up(1), ifName ge-0/0/0 Apr 19 11:06:14 srxB-1 mib2d[1223]: SNMP_TRAP_LINK_UP: ifIndex 512, ifAdminStatus up(1), ifOperStatus up(1), ifName ge-0/0/0.0 Apr 19 11:13:28 srxB-1 mgd[1291]: UI_CMDLINE_READ_LINE: User 'lab', command 'show log messages | match ge-0/0/0 | match snmp ' lab@srxA-1> show snmp statistics SNMP statistics: Input: Packets: 0, Bad versions: 0, Bad community names: 0, Bad community uses: 0, ASN parse errors: 0, Too bigs: 0, No such names: 0, Bad values: 0,
www.juniper.net Secondary System Configuration (Detailed) ? Lab 3–19

Introduction to the Junos Operating System

Read onlys: 0, General errors: 0, Total request varbinds: 0, Total set varbinds: 0, Get requests: 0, Get nexts: 0, Set requests: 0, Get responses: 0, Traps: 0, Silent drops: 0, Proxy drops: 0, Commit pending drops: 0, Throttle drops: 0, Duplicate request drops: 0 V3 Input: Unknown security models: 0, Invalid messages: 0 Unknown pdu handlers: 0, Unavailable contexts: 0 Unknown contexts: 0, Unsupported security levels: 0 Not in time windows: 0, Unknown user names: 0 Unknown engine ids: 0, Wrong digests: 0, Decryption errors: 0 Output: Packets: 6, Too bigs: 0, No such names: 0, Bad values: 0, General errors: 0, Get requests: 0, Get nexts: 0, Set requests: 0, Get responses: 0, Traps: 6

Question: Does the messages log show trap entries associated with the interface status change?

Answer: Yes, you should see log entries for the status change for both the physical and the logical interfaces. Question: Does the show snmp statistics command list a non-zero value for outgoing traps?

Answer: Yes, you should see a non-zero value for the output traps counter. In the sample output, you can see a value of 6. Your counter’s value might vary. Step 2.15 Perform an SNMP MIB walk with the Junos CLI using the show snmp mib walk jnxOperatingDescr command. Note that the resolved object identifier (OID) of jnxOperatingDescr is case sensitive. The OID is variable; we are simply using this OID as an example.
lab@srxA-1> show snmp mib jnxOperatingDescr.1.1.0.0 jnxOperatingDescr.2.1.0.0 jnxOperatingDescr.4.1.0.0 jnxOperatingDescr.4.2.0.0 jnxOperatingDescr.4.3.0.0 jnxOperatingDescr.4.4.0.0 jnxOperatingDescr.4.5.0.0 walk jnxOperatingDescr = midplane = PEM 0 = SRX240 PowerSupply fan 1 = SRX240 PowerSupply fan 2 = SRX240 CPU fan 1 = SRX240 CPU fan 2 = SRX240 IO fan 1
www.juniper.net

Lab 3–20 ? Secondary System Configuration (Detailed)

Introduction to the Junos Operating System

jnxOperatingDescr.4.6.0.0 jnxOperatingDescr.7.1.0.0 jnxOperatingDescr.7.2.0.0 jnxOperatingDescr.8.1.1.0 jnxOperatingDescr.8.2.1.0 jnxOperatingDescr.9.1.0.0 jnxOperatingDescr.9.1.1.0

= = = = = = =

SRX240 IO fan 2 FPC: FPC @ 0/*/* FPC: FPC @ 1/*/* PIC: 16x GE Base PIC @ 0/0/* PIC: 1x Serial mPIM @ 1/0/* Routing Engine USB Hub
Note

The Junos OS accepts both the dotted-decimal notation and alpha-numeric notation of SNMP MIB OIDs. The previous example polls the Juniper Networks Chassis MIB for a mapping of component OIDs. This tool is helpful for deciphering what component might be initiating an SNMP trap when your NMS station reports the OID in only a dotted-decimal notation. You do not need to configure SNMP to perform SNMP polling from within the Junos OS. Question: What OID associates with the Routing Engine (RE) for your system?

Answer: The RE associates with the 9.1.0.0 OID leaf. This leaf is merely one leaf in the MIB tree and does not represent the full OID string. Step 2.16 Enter configuration mode and configure your system to archive its configuration to a remote FTP server whenever a commit operation occurs. You should configure the archive-sites as “ftp://ftp@server address:/archive” including the quotation marks. Refer to the management network diagram for the server’s IP address. You should configure the password as ftp. You perform this configuration under the [edit system archival configuration] hierarchy level. Commit your configuration and return to operational mode when complete.
lab@srxA-1> configure Entering configuration mode [edit] lab@srxA-1# edit system archival configuration [edit system archival configuration] lab@srxA-1# set archive-sites "ftp://ftp@server address/archive" password ftp [edit system archival configuration] lab@srxA-1# set transfer-on-commit
www.juniper.net Secondary System Configuration (Detailed) ? Lab 3–21

Introduction to the Junos Operating System

[edit system archival configuration] lab@srxA-1# commit and-quit commit complete Exiting configuration mode lab@srxA-1>

Step 2.17 Verify that the configuration successfully transferred to the remote FTP server by using the show log messages | match transfer command.
lab@srxA-1> show log messages | match transfer Apr 19 13:01:46 srxB-1 mgd[1291]: UI_CFG_AUDIT_SET: User 'lab' set: [system archival configuration] <unconfigured> -> "transfer-on-commit" Apr 19 13:01:46 srxB-1 mgd[1291]: UI_CMDLINE_READ_LINE: User 'lab', command 'set transfer-on-commit ' Apr 19 13:02:43 srxB-1 logger: transfer-file: Transferred /var/transfer/ config/srxB-1_juniper.conf.gz_20120419_200200 Apr 19 13:15:28 srxB-1 mgd[1291]: UI_CMDLINE_READ_LINE: User 'lab', command 'show log messages | match transfer '
Note

Even when using the transfer-on-commit option with configuration archival, the transfer is cyclical and uses a short time interval. If you do not see the transfer in your log, wait a minute or two and look again. Question: What do the numbers at the end of the transferred filename represent?

Answer: The configuration file contains the current date and UTC time according to the system clock. Step 2.18 Log out of your assigned device using the exit command.
lab@srxA-1> exit srxA-1 (ttyu0) login:

STOP

Tell your instructor that you have completed Lab 3.
www.juniper.net

Lab 3–22 ? Secondary System Configuration (Detailed)

Lab 4
Operational Monitoring and Maintenance (Detailed)

Overview
This lab covers common operational monitoring and platform maintenance activities. In this lab, you monitor system, chassis, and interface operation, use network utilities, and perform system maintenance tasks. The lab is available in two formats: a high-level format designed to make you think through each step and a detailed format that offers step-by-step instructions complete with sample output from most commands. By completing this lab, you will perform the following tasks: ? ? ? Monitor chassis, system, and interface operation. Use network utilities. Upgrade a device running the Junos operating system and recover the root password.

www.juniper.net

Operational Monitoring and Maintenance (Detailed) ? Lab 4–1 12.a.12.1R1.9

Introduction to the Junos Operating System

Part 1: Monitoring System and Chassis Operation
In this lab part, each team will use key commands within the CLI to monitor system and chassis operation. Step 1.1 Ensure that you know to which student device you have been assigned. Check with your instructor if you are not certain. Consult the management network diagram to determine the management address of your student device Question: What is the management address assigned to your station?

Answer: The answer varies; in the example used throughout this lab, the user belongs to the srxA-1 station, which uses an IP address of 10.210.14.131. Your answer will depend on the rack of equipment your class is using. Step 1.2 Access the CLI at your station using either the console, Telnet, or SSH as directed by your instructor. Refer to the management network diagram for the IP address associated with your team’s station. The following example uses a simple Telnet access to srxA-1 with the Secure CRT program as a basis:

Step 1.3 Log in to the student device with the username lab using a password of lab123. Note that both the name and password are case-sensitive. Enter configuration mode and load the reset configuration file using the load override /var/home/ lab/ijos/lab4-start.config command. After the configuration has been loaded, commit the changes and return to operational mode.
srxA-1 (ttyp0) login: lab Password:
Lab 4–2 ? Operational Monitoring and Maintenance (Detailed) www.juniper.net

Introduction to the Junos Operating System

--- JUNOS 12.1R1.9 built 2012-03-24 12:12:49 UTC lab@srxA-1> configure Entering configuration mode [edit] lab@srxA-1# load override ijos/lab4-start.config load complete [edit] lab@srxA-1# commit and-quit commit complete Exiting configuration mode lab@srxA-1>

Step 1.4 Issue the show system processes extensive command to check the status of the routing protocol daemon (rpd). Alternatively, issue the show system processes extensive | match "pid | rpd" command to parse the output. The use of two pipes (|) in this command allows you to make multiple matches. In this case it matches rpd for the routing protocol process as well as PID to view the column headers.
lab@srxA-1> show system processes extensive last pid: 5976; load averages: 0.08, 0.14, 0.07 124 processes: 18 running, 95 sleeping, 11 waiting up 1+21:08:16 07:32:28

Mem: 143M Active, 98M Inact, 535M Wired, 159M Cache, 112M Buf, 34M Free Swap: PID USERNAME THR PRI NICE SIZE RES STATE C TIME WCPU COMMAND 1234 root 7 76 0 511M 61524K select 0 140.4H 282.62% flowd_octeon_hm 22 root 1 171 52 0K 16K RUN 0 39.0H 87.94% idle: cpu0 23 root 1 -20 -139 0K 16K RUN 0 16:54 0.00% swi7: clock 1256 root 1 76 0 10896K 4104K select 0 5:14 0.00% license-check 5 root 1 -16 0 0K 16K rtfifo 0 5:12 0.00% rtfifo_kern_recv 1223 root 1 76 0 26180K 9224K select 0 4:03 0.00% mib2d 1225 root 1 76 0 18768K 7252K select 0 3:41 0.00% l2ald 1244 root 1 76 0 15588K 3464K select 0 2:48 0.00% shm-rtsdbd 1218 root 1 76 0 113M 16796K select 0 1:49 0.00% chassisd 19 root 1 171 52 0K 16K RUN 3 1:44 0.00% idle: cpu3 20 root 1 171 52 0K 16K RUN 2 1:44 0.00% idle: cpu2 21 root 1 171 52 0K 16K RUN 1 1:43 0.00% idle: cpu1 1227 root 2 76 0 22948K 7616K select 0 1:40 0.00% pfed 1222 root 1 76 0 18932K 11360K select 0 1:33 0.00% snmpd 1252 root 1 76 0 16684K 7916K select 0 1:28 0.00% utmd 50 root 1 -16 0 0K 16K psleep 0 1:14 0.00% vmkmemdaemon 25 root 1 -40 -159 0K 16K WAIT 0 1:13 0.00% swi2: netisr 0 1215 root 1 76 0 3288K 1376K select 0 1:10 0.00% bslockd 1219 root 1 76 0 11132K 3324K select 0 1:10 0.00% alarmd 1685 root 1 4 0 49392K 22156K kqread 0 0:40 0.00% rpd ...TRIMMED...
www.juniper.net Operational Monitoring and Maintenance (Detailed) ? Lab 4–3

Introduction to the Junos Operating System

lab@srxA-1> show system processes extensive | match "pid | rpd" PID USERNAME THR PRI NICE SIZE RES STATE C TIME WCPU COMMAND 1685 root 1 4 0 49392K 22156K kqread 0 0:40 0.00% rpd

Question: What is the weighted CPU usage of rpd?

Answer: The answer can vary. In the sample output taken from srxA-1, the weighted CPU usage is 0%. The weighted CPU column represents the CPU usage over a period of time. Step 1.5 Issue the show system statistics command to view protocol statistics related to your team’s device.
lab@srxA-1> show system statistics tcp: 466 packets sent 340 data packets (16474 bytes) 0 data packets (0 bytes) retransmitted 0 resends initiated by MTU discovery 116 ack-only packets (91 delayed) 0 URG only packets 2 window probe packets 0 window update packets 10 control packets ...TRIMMED...

Question: How many TCP packets did your assigned device send since the last clearing of the system statistics?

Answer: The answer can vary. In the previous example taken from srxA-1, the device sent 466 TCP packets. Step 1.6 Issue the show system storage command to view information regarding the device storage space.
lab@srxA-1> show system storage Filesystem Size /dev/da0s1a 898M devfs 1.0K devfs 1.0K /dev/md0 477M /cf 898M devfs 1.0K Used 497M 1.0K 1.0K 477M 497M 1.0K Avail 330M 0B 0B 0B 330M 0B Capacity 60% 100% 100% 100% 60% 100% Mounted on / /dev /dev/ /junos /junos/cf /junos/dev/
www.juniper.net

Lab 4–4 ? Operational Monitoring and Maintenance (Detailed)

Introduction to the Junos Operating System

procfs /dev/bo0s1e /dev/md1 /dev/da0s1f /cf/var/jail devfs /dev/md2

4.0K 24M 168M 61M 898M 1.0K 39M

4.0K 22K 13M 624K 497M 1.0K 4.0K

0B 22M 142M 55M 330M 0B 36M

100% 0% 8% 1% 60% 100% 0%

/proc /config /mfs /cf/var/log /jail/var /jail/dev /mfs/var/run/utm

Question: How much free space is available on your device?

Answer: The answer can vary. In the sample output taken from srxA-1, 330 Megabytes are available. Step 1.7 Issue the show system uptime command to view the current system time.
lab@srxA-1> show system uptime Current time: 2012-04-20 08:01:50 PDT System booted: 2012-04-18 10:24:42 PDT (1d 21:37 ago) Protocols started: 2012-04-18 12:27:26 PDT (1d 19:34 ago) Last configured: 2012-04-20 07:52:13 PDT (00:09:37 ago) by lab 8:01AM up 1 day, 21:37, 2 users, load averages: 0.07, 0.05, 0.03

Question: When was your team’s device last booted?

Answer: The answer will vary. In the example taken from srxA-1, you can see that the system booted close to two days ago. Step 1.8 Open another terminal window and use Telnet to access your system’s management IP address. If needed, refer to the management network diagram. Log in with the username walter and the password walter123.

www.juniper.net

Operational Monitoring and Maintenance (Detailed) ? Lab 4–5

Introduction to the Junos Operating System

srxA-1 (ttyp0) login: walter Password: --- JUNOS 12.1R1.9 built 2012-03-24 12:12:49 UTC walter@srxA-1>

Step 1.9 Return to the original session opened to your device. Return to the original session logged in as lab and issue the show system users command to view information about users logged in to your team’s device.
lab@srxA-1> show system users 12:41PM up 46 mins, 2 users, load averages: 0.03, 0.08, 0.12 USER TTY FROM LOGIN@ IDLE WHAT lab u0 2:33PM - -cli (cli) walter p0 10.210.14.129 3:07PM 1 -cli (cli)

Question: What is the source IP address of the Telnet session established by the user walter?

Answer: The answer will vary. In the following example taken from srxA-1, the source IP address of the telnet session established by the user walter is 10.210.14.129. Step 1.10 Issue the request system logout user walter command to force a log out for the user walter. Next, issue the show system users command to verify that the user session for walter was terminated.
lab@srxA-1> request system logout user walter logout-user: done lab@srxA-1> show system users 12:46PM up 51 mins, 1 user, load averages: 0.06, 0.12, 0.12 USER TTY FROM LOGIN@ IDLE WHAT lab u0 12:29PM - -cli (cli)

Question: Was the user Telnet session for walter properly closed?

Answer: As shown in the sample output, the Telnet session for the user walter should now be closed.

Lab 4–6 ? Operational Monitoring and Maintenance (Detailed)

www.juniper.net

Introduction to the Junos Operating System

Step 1.11 Check the environmental status of your team’s device by issuing the show chassis environment command.
lab@srxA-1> show chassis environment Class Item Status Temp Routing Engine OK Routing Engine CPU OK Fans SRX240 PowerSupply fan 1 OK SRX240 PowerSupply fan 2 OK SRX240 CPU fan 1 OK SRX240 CPU fan 2 OK SRX240 IO fan 1 OK SRX240 IO fan 2 OK Power Power Supply 0 OK Measurement 37 degrees C / 98 degrees F 36 degrees C / 96 degrees F Spinning at high speed Spinning at high speed Spinning at high speed Spinning at high speed Spinning at high speed Spinning at high speed

Question: What is the temperature and status of the Routing Engine (RE)?

Answer: Your details might vary. The sample capture shows a temperature of 37 degrees Celsius and a status of OK. Question: Name another show chassis command that displays the RE temperature. (Hint: Use the ?.)

Answer: As the following capture shows, the show chassis routing-engine command displays the RE temperature as well as other RE-specific details.
lab@srxA-1> show chassis routing-engine Routing Engine status: Temperature 37 degrees C / 98 degrees F CPU temperature 36 degrees C / 96 degrees F Total memory 1024 MB Max 635 MB used ( 62 percent) Control plane memory 560 MB Max 330 MB used ( 59 percent) Data plane memory 464 MB Max 306 MB used ( 66 percent) CPU utilization: User 5 percent Background 0 percent Kernel 4 percent Interrupt 0 percent Idle 92 percent Model RE-SRX240H-POE Serial ID AAAD8406 Start time 2010-10-20 11:56:01 PDT Uptime 58 minutes, 49 seconds Last reboot reason 0x200:chassis control reset
www.juniper.net Operational Monitoring and Maintenance (Detailed) ? Lab 4–7

Introduction to the Junos Operating System

Load averages:

1 minute 0.11

5 minute 0.11

15 minute 0.11

Step 1.12 Issue the show chassis temperature-thresholds command.
lab@srxA-1> show chassis temperature-thresholds Fan speed Yellow alarm Red alarm Fire (degrees C) (degrees C) (degrees C) (degrees C) Item Normal High Normal Bad fan Normal Bad fan Normal Chassis default 35 45 50 40 75 65 100 Routing Engine 35 45 50 40 75 65 100

Question: At what temperature is a red alarm generated for the RE?

Answer: Assuming the fans are operational, the system raises a red alarm when the RE reaches 75 degrees Celsius. These threshold values can vary between different Junos devices. Step 1.13 View details about your system’s hardware components using the show chassis hardware command.
lab@srxA-1> show chassis hardware Hardware inventory: Item Version Part number Chassis Routing Engine REV 31 750-021794 FPC 0 PIC 0 Power Supply 0

Serial number AH2909AA0041 AAAK4071

Description SRX240-poe RE-SRX240-POE FPC 16x GE Base PIC

Question: What is the chassis serial number for your team’s device?

Answer: The answer will vary depending on your assigned device. In the example, the chassis serial number is AH2909AA0041. Step 1.14 Issue the show interface terse command to quickly verify the administrative and link state for your device’s interfaces.
lab@srxA-1> show interfaces terse Interface Admin Link Proto ge-0/0/0 up up ge-0/0/0.0 up up inet
Lab 4–8 ? Operational Monitoring and Maintenance (Detailed)

Local 10.210.14.131/27

Remote

www.juniper.net

Introduction to the Junos Operating System

gr-0/0/0 ip-0/0/0 ls-0/0/0 lt-0/0/0 mt-0/0/0 pd-0/0/0 pe-0/0/0 ge-0/0/1 ge-0/0/1.0 ge-0/0/2 ge-0/0/2.0 ge-0/0/3 ge-0/0/3.0 ge-0/0/4 ge-0/0/5 ge-0/0/6 ge-0/0/7 ge-0/0/8 ge-0/0/9 ge-0/0/10 ge-0/0/11 ge-0/0/12 ge-0/0/13 ge-0/0/14 ge-0/0/15 gre ipip lo0 lo0.0 lo0.16384 lo0.16385

up up up up up up up up up up up up up up up up up up up up up up up up up up up up up up up

up up up up up up up up up up up up up up down down down down down down down down down down down up up up up up up

inet inet inet

172.20.77.1/30 172.20.66.1/30 172.18.1.2/30

inet inet inet

inet6 lo0.32768 lsi mtun pimd pime pp0 st0 tap vlan up up up up up up up up up up up up up up up up up up

192.168.1.1 --> 0/0 127.0.0.1 --> 0/0 10.0.0.1 --> 0/0 10.0.0.16 --> 0/0 128.0.0.1 --> 0/0 128.0.1.16 --> 0/0 fe80::226:88ff:fe02:6700

Question: What are the Admin and Link states for all configured interfaces?

Answer: All configured interfaces should show Admin and Link states of up. If your output shows otherwise, please contact your instructor.

www.juniper.net

Operational Monitoring and Maintenance (Detailed) ? Lab 4–9

Introduction to the Junos Operating System

Step 1.15 Issue the show interfaces ge-0/0/0 extensive command and answer the questions that follow:
lab@srxA-1> show interfaces ge-0/0/0 extensive Physical interface: ge-0/0/0, Enabled, Physical link is Up Interface index: 131, SNMP ifIndex: 117, Generation: 134 Description: MGMT Interface - DO NOT DELETE Link-level type: Ethernet, MTU: 1514, Link-mode: Full-duplex, Speed: 1000mbps, BPDU Error: None, MAC-REWRITE Error: None, Loopback: Disabled, Source filtering: Disabled, Flow control: Enabled, Auto-negotiation: Enabled, Remote fault: Online Device flags : Present Running Interface flags: SNMP-Traps Internal: 0x0 Link flags : None CoS queues : 8 supported, 8 maximum usable queues Hold-times : Up 0 ms, Down 0 ms Current address: 00:26:88:02:67:00, Hardware address: 00:26:88:02:67:00 Last flapped : 2012-04-19 11:06:14 PDT (21:34:34 ago) Statistics last cleared: Never Traffic statistics: Input bytes : 2145595228 0 bps Output bytes : 118650 0 bps Input packets: 35759921 0 pps Output packets: 1512 0 pps Input errors: Errors: 0, Drops: 0, Framing errors: 0, Runts: 0, Policed discards: 0, L3 incompletes: 0, L2 channel errors: 0, L2 mismatch timeouts: 0, FIFO errors: 0, Resource errors: 0 ...TRIMMED... Logical interface ge-0/0/0.0 (Index 67) (SNMP ifIndex 118) (Generation 132) Flags: SNMP-Traps Encapsulation: ENET2 ...TRIMMED...

Question: What is the SNMP ifIndex for ge-0/0/0? What about for ge-0/0/0.0?

Answer: The SNMP ifIndex values vary between student devices. In the example, the SNMP ifIndex for ge-0/0/0 and ge-0/0/0.0 are 117 and 118, respectively. Question: What is the current hardware address for the ge-0/0/0 interface?

Answer: The current hardware address for the ge-0/0/0 interface varies between student devices. In the example, the current hardware address is 00:26:88:02:67:00.

Lab 4–10 ? Operational Monitoring and Maintenance (Detailed)

www.juniper.net

Introduction to the Junos Operating System

Question: Does the ge-0/0/0 interface show any input errors?

Answer: Although it is possible that input errors exist, the answer to this question should typically be no. Question: Does the ge-0/0/0 interface show input and output traffic statistics? How are those statistics counted?

Answer: The interface should show input and output traffic statistics. The system counts traffic statistics as both bytes and packets as shown in the sample capture. Step 1.16 Issue the clear interfaces statistics ge-0/0/0 command followed by the show interfaces ge-0/0/0 extensive | find "traffic" command.
lab@srxA-1> clear interfaces statistics ge-0/0/0 lab@srxA-1> show interfaces ge-0/0/0 extensive | find "traffic" Traffic statistics: Input bytes : 0 0 bps Output bytes : 0 0 bps Input packets: 0 0 pps Output packets: 0 0 pps ...TRIMMED...

Question: Were the statistics for the ge-0/0/0 interface successfully cleared?

Answer: Although your statistics might not show all zeros, as the sample capture does, the interface statistics should clear.

STOP

Wait for your instructor before you proceed to the next part.

www.juniper.net

Operational Monitoring and Maintenance (Detailed) ? Lab 4–11

Introduction to the Junos Operating System

Part 2: Using Network Utilities and Monitoring Traffic
In this lab part, each team will use network utilities within the CLI and monitor local system traffic. Step 2.1 Enter configuration mode and load the lab4-part2-start.config file from the/var/home/lab/ijos/ directory. Commit your configuration and return to operational mode when complete.
lab@srxA-1> configure Entering configuration mode [edit] lab@srxA-1# load override ijos/lab4-part2-start.config load complete [edit] lab@srxA-1# commit and-quit commit complete Exiting configuration mode lab@srxA-1>

Step 2.2 Start a continuous ping to the server with a data size of 500 bytes. Refer to the management network diagram for the server’s IP address.
Note

If you are not receiving Internet Control Message Protocol (ICMP) echo replies from the server, notify your instructor.
lab@srxA-1> ping server address size 500 PING 10.210.14.130 (10.210.14.130): 500 data bytes 508 bytes from 10.210.14.130: icmp_seq=0 ttl=64 time=3.649 508 bytes from 10.210.14.130: icmp_seq=1 ttl=64 time=2.509 508 bytes from 10.210.14.130: icmp_seq=2 ttl=64 time=2.531 508 bytes from 10.210.14.130: icmp_seq=3 ttl=64 time=2.803 508 bytes from 10.210.14.130: icmp_seq=4 ttl=64 time=4.753 508 bytes from 10.210.14.130: icmp_seq=5 ttl=64 time=2.495 508 bytes from 10.210.14.130: icmp_seq=6 ttl=64 time=2.942 ...TRIMMED...

ms ms ms ms ms ms ms

Lab 4–12 ? Operational Monitoring and Maintenance (Detailed)

www.juniper.net

Introduction to the Junos Operating System

Question: Which command option do you use to make the ping continuous?

Answer: As shown in the sample output, you do not need an extra command option to make the ping continuous. Echo requests send continuously by default. You can use the count option to send a defined amount of packets.
Note

You can stop the ping operation by using the Ctrl+c keystroke combination. You should, however, let the ping operation continue at this time for the subsequent monitoring step. Step 2.3 Open a new terminal session to your team’s device. Use Telnet to access your system’s management IP address. If needed, refer to the management network diagram. Log in with the lab user account and the password provided by the instructor. You will use this separate terminal session to monitor ping traffic generation.

srxA-1 (ttyp0) login: lab Password: --- JUNOS 12.1R1.9 built 2012-03-24 12:12:49 UTC lab@srxA-1>

www.juniper.net

Operational Monitoring and Maintenance (Detailed) ? Lab 4–13

Introduction to the Junos Operating System

Step 2.4 Use the monitor traffic interface ge-0/0/0 command to begin monitoring the ge-0/0/0 management interface.
Note

You can stop the monitoring operation by using the Ctrl+c keystroke combination. You can also increase the capture size using the size option to avoid truncated packets.
lab@srxA-1> monitor traffic interface ge-0/0/0 verbose output suppressed, use <detail> or <extensive> for full protocol decode Address resolution is ON. Use <no-resolve> to avoid any reverse lookup delay. Address resolution timeout is 4s. Listening on ge-0/0/0, capture size 96 bytes Reverse lookup for 10.210.14.129 failed (check DNS reachability). Other reverse lookup failures will not be reported. Use <no-resolve> to avoid reverse lookups on IP addresses. 08:53:59.796502 In IP 10.210.14.129.35817 > 10.210.14.131.telnet: . ack 9055411 17 win 64422 08:53:59.796709 Out IP truncated-ip - 225 bytes missing! 10.210.14.131.telnet > 10.210.14.129.35817: P 1:246(245) ack 0 win 65535 08:54:00.005781 In IP 10.210.14.129.35817 > 10.210.14.131.telnet: . ack 246 win 64177 08:54:00.544439 Out IP truncated-ip - 24 bytes missing! 10.210.14.131 > 10.210.1 4.130: ICMP echo request, id 960, seq 148, length 64 08:54:00.546050 In IP 10.210.14.130 > 10.210.14.131: ICMP echo reply, id 960, s eq 148, length 64 08:54:00.669325 Out IP truncated-ip - 162 bytes missing! 10.210.14.131.telnet > 10.210.14.129.35817: P 246:428(182) ack 0 win 65535 08:54:00.938021 In IP 10.210.14.129.35817 > 10.210.14.131.telnet: . ack 428 win 63995 08:54:00.938237 Out IP truncated-ip - 526 bytes missing! 10.210.14.131.telnet > 10.210.14.129.35817: P 428:974(546) ack 0 win 65535 08:54:01.147138 In IP 10.210.14.129.35817 > 10.210.14.131.telnet: . ack 974 win 64512 ...TRIMMED...

Question: Does the capture display ICMP traffic?

Answer: Yes, you should see ICMP echoes and replies from your ping operation, amongst other traffic.

Lab 4–14 ? Operational Monitoring and Maintenance (Detailed)

www.juniper.net

Introduction to the Junos Operating System

Question: How can you filter the output to show only the ICMP traffic?

Answer: Use the matching option to filter by header information in the output:
lab@srxA-1> monitor traffic interface ge-0/0/0 matching icmp verbose output suppressed, use <detail> or <extensive> for full protocol decode Address resolution is ON. Use <no-resolve> to avoid any reverse lookup delay. Address resolution timeout is 4s. Listening on ge-0/0/0, capture size 96 bytes Reverse lookup for 10.210.14.131 failed (check DNS reachability). Other reverse lookup failures will not be reported. Use <no-resolve> to avoid reverse lookups on IP addresses. 09:22:00.996124 Out IP truncated-ip - 24 bytes missing! 10.210.14.131 > 10.210.1 4.130: ICMP echo request, id 960, seq 1809, length 64 09:22:00.998011 In IP 10.210.14.130 > 10.210.14.131: ICMP echo reply, id 960, s eq 1809, length 64 09:22:02.008405 Out IP truncated-ip - 24 bytes missing! 10.210.14.131 > 10.210.1 4.130: ICMP echo request, id 960, seq 1810, length 64 09:22:02.019011 In IP 10.210.14.130 > 10.210.14.131: ICMP echo reply, id 960, s eq 1810, length 64 09:22:03.020109 Out IP truncated-ip - 24 bytes missing! 10.210.14.131 > 10.210.1 4.130: ICMP echo request, id 960, seq 1811, length 64 09:22:03.030094 In IP 10.210.14.130 > 10.210.14.131: ICMP echo reply, id 960, s eq 1811, length 64 ^C 18 packets received by filter 0 packets dropped by kernel lab@srxA-1>

Question: What command option allows you to view source and destination MAC addresses for the captured packets?

Answer: Include the layer2-headers option to view Layer 2 header information, including the source and destination MAC addresses as shown:
lab@srxA-1> monitor traffic interface ge-0/0/0 matching icmp layer2-headers verbose output suppressed, use <detail> or <extensive> for full protocol decode Address resolution is ON. Use <no-resolve> to avoid any reverse lookup delay. Address resolution timeout is 4s. Listening on ge-0/0/0, capture size 96 bytes
www.juniper.net Operational Monitoring and Maintenance (Detailed) ? Lab 4–15

Introduction to the Junos Operating System

Reverse lookup for 10.210.14.131 failed (check DNS reachability). Other reverse lookup failures will not be reported. Use <no-resolve> to avoid reverse lookups on IP addresses. 09:24:05.438848 Out 0:24:dc:16:ab:80 > 0:e:c:bc:42:1b, ethertype IPv4 (0x0800), length 74: truncated-ip - 24 bytes missing! 10.210.14.131 > 10.210.14.130: ICMP echo request, id 960, seq 1932, length 64 09:24:05.440446 In PFE proto 2 (ipv4): 10.210.14.130 > 10.210.14.131: ICMP echo reply, id 960, seq 1932, length 64 09:24:06.450612 Out 0:24:dc:16:ab:80 > 0:e:c:bc:42:1b, ethertype IPv4 (0x0800), length 74: truncated-ip - 24 bytes missing! 10.210.14.131 > 10.210.14.130: ICMP echo request, id 960, seq 1933, length 64 09:24:06.452334 In PFE proto 2 (ipv4): 10.210.14.130 > 10.210.14.131: ICMP echo reply, id 960, seq 1933, length 64 09:24:07.462299 Out 0:24:dc:16:ab:80 > 0:e:c:bc:42:1b, ethertype IPv4 (0x0800), length 74: truncated-ip - 24 bytes missing! 10.210.14.131 > 10.210.14.130: ICMP echo request, id 960, seq 1934, length 64 09:24:07.464577 In PFE proto 2 (ipv4): 10.210.14.130 > 10.210.14.131: ICMP echo reply, id 960, seq 1934, length 64 ^C 18 packets received by filter 0 packets dropped by kernel lab@srxA-1>
Note

The monitor traffic command captures only packets that are local to the device. It does not capture transit packets. Step 2.5 In preparation for the next lab part, stop the monitor operation using the Ctrl+c keystroke combination, and close the extra terminal session that you opened.
...TRIMMED... 09:24:07.464577 In PFE proto 2 (ipv4): 10.210.14.130 > 10.210.14.131: ICMP echo reply, id 960, seq 1934, length 64 ^C 18 packets received by filter 0 packets dropped by kernel lab@srxA-1>

Step 2.6 Return to the original session opened to your device. From the original session opened to your device, issue the Ctrl+c keystroke combination to stop the continuous ping.
...TRIMMED... 508 bytes from 10.210.14.130: icmp_seq=3 ttl=64 time=2.803 ms 508 bytes from 10.210.14.130: icmp_seq=4 ttl=64 time=4.753 ms 508 bytes from 10.210.14.130: icmp_seq=5 ttl=64 time=2.495 ms
Lab 4–16 ? Operational Monitoring and Maintenance (Detailed) www.juniper.net

Introduction to the Junos Operating System

508 bytes from 10.210.14.130: icmp_seq=6 ttl=64 time=2.942 ms ^C --- 10.210.14.130 ping statistics --651 packets transmitted, 651 packets received, 0% packet loss round-trip min/avg/max/stddev = 0.949/1.388/11.951/0.736 ms lab@srxA-1>

STOP

Wait for your instructor before you proceed to the next part.

Part 3: Upgrading the Junos OS
In this lab part, you will retrieve a Junos OS package from a remote server and upgrade your assigned device. Note that to keep the software consistent, you upgrade the device to the same version of the Junos OS that it is currently running. Step 3.1 Enter configuration mode and load the lab4-part3-start.config file from the/var/home/lab/ijos/ directory. Commit your configuration and return to operational mode when complete.
lab@srxA-1> configure Entering configuration mode [edit] lab@srxA-1# load override ijos/lab4-part3-start.config load complete [edit] lab@srxA-1# commit and-quit commit complete Exiting configuration mode lab@srxA-1>

Step 3.2 Use the file copy command in conjunction with FTP to retrieve the install image named junos-srxsme-12.1R1.9-domestic.tgz from the server. Refer to the management network diagram for the server’s IP address. Use the username ftp and a password of ftp. Save the image to the /var/tmp directory on the local device.
lab@srxA-1> file copy ftp://ftp:ftp@server address/ junos-srxsme-12.1R1.9-domestic.tgz /var/tmp/ /var/home/lab/...transferring.file.........U4R100% of

200 MB 2946 kBps 00m00s

www.juniper.net

Operational Monitoring and Maintenance (Detailed) ? Lab 4–17

Introduction to the Junos Operating System

Question: Did the image successfully transfer from the server to the /var/tmp directory on your device?

Answer: The image should successfully transfer. If not, check with your instructor for assistance.
Note

If there is not enough room in the /var/tmp directory to accommodate the software package, notify your instructor. Step 3.3 Verify that the software package transferred correctly to the local /var/tmp directory by using the file list /var/tmp | match junos command.
lab@srxA-1> file list /var/tmp/ | match junos junos-srxsme-12.1R1.9-domestic.tgz

Question: Which file list command option allows you to view the file size of the software package stored in the /var/tmp directory?

Answer: Use the detail command option to show the file size of the local software package:
lab@srxA-1> file list detail /var/tmp/ | match junos -rw-r--r-- 1 lab wheel 159209811 Apr 11 06:07 junos-srxsme-12.1R1.9-domestic.tgz

Step 3.4 Issue the request system software add /var/tmp/ junos-srxsme-12.1R1.9-domestic.tgz command to upgrade your assigned device. Use the reboot option to automatically perform a system reboot, which is a requirement of the upgrade process. Use the console terminal session to monitor the upgrade process.
lab@srxA-1> request system software add /var/tmp/ junos-srxsme-12.1R1.9-domestic.tgz reboot NOTICE: Validating configuration against junos-srxsme-12.1R1.9-domestic.tgz. NOTICE: Use the 'no-validate' option to skip this if desired. Formatting alternate root (/dev/da0s1a)... /dev/da0s1a: 296.9MB (607996 sectors) block size 16384, fragment size 2048 using 4 cylinder groups of 74.22MB, 4750 blks, 9600 inodes. super-block backups (for fsck -b #) at: 32, 152032, 304032, 456032
Lab 4–18 ? Operational Monitoring and Maintenance (Detailed) www.juniper.net

Introduction to the Junos Operating System

Extracting /var/tmp/junos-srxsme-12.1R1.9-domestic.tgz ... saving package file in /var/sw/pkg ... Checking compatibility with configuration Initializing... Verified manifest signed by PackageProduction_12_1_0 Verified junos-12.1R1.9-domestic signed by PackageProduction_12_1_0 Using junos-12.1R1.9-domestic from /altroot/cf/packages/install-tmp/ junos-12.1R1.9-domestic Copying package ... Verified manifest signed by PackageProduction_12_1_0 Hardware Database regeneration succeeded Validating against /config/juniper.conf.gz mgd: commit complete Validation succeeded Installing package '/altroot/cf/packages/install-tmp/junos-12.1R1.9-domestic' ... Verified junos-boot-srxsme-12.1R1.9.tgz signed by PackageProduction_12_1_0 Verified junos-srxsme-12.1R1.9-domestic signed by PackageProduction_12_1_0 JUNOS 12.1R1.9 will become active at next reboot Saving state for rollback ... Rebooting ... shutdown: [pid 7644] Shutdown NOW! *** FINAL System shutdown message from root@srxB-1 *** System going down IMMEDIATELY Shutdown NOW! ...TRIMMED... Fri Apr 22 20:36:27 UTC 2011 srxA-1 (ttyu0) login:

Step 3.5 After the reboot is complete, log in again as the lab user and issue the show version command.
srxA-1 (ttyu0) login: lab Password: --- JUNOS 12.1R1.9 built 2012-03-24 12:12:49 UTC lab@srxA-1> show version Hostname: srxA-1 Model: srx240-poe JUNOS Software Release [12.1R1.9] lab@srxA-1>

www.juniper.net

Operational Monitoring and Maintenance (Detailed) ? Lab 4–19

Introduction to the Junos Operating System

STOP

Wait for your instructor before you proceed to the next part.

Part 4: Recovering the Root Password
In this lab part, you will perform root password recovery. The root password recovery process requires that you use the console connection. Step 4.1 Enter configuration mode and load the lab4-part4-start.config file from the /var/home/lab/ijos/ directory. Commit your configuration and return to operational mode when complete.
lab@srxA-1> configure Entering configuration mode [edit] lab@srxA-1# load override ijos/lab4-part4-start.config load complete [edit] lab@srxA-1# commit and-quit commit complete Exiting configuration mode lab@srxA-1>

Step 4.2 Using a terminal session connected to the console port, reboot the system. Enter yes to authorize the reboot. When prompted to enter the command prompt, press the space bar.
lab@srxA-1> request system reboot Reboot the system ? [yes,no] (no) yes Shutdown NOW! [pid 950] lab@srxA-1> *** FINAL System shutdown message from lab@srxA-1 *** System going down IMMEDIATELY ...TRIMMED... FreeBSD/MIPS U-Boot bootstrap loader, Revision 1.9 (builder@zigeth.juniper.net, Mon May 17 05:45:58 UTC 2010) Memory: 1024MB [0]Booting from nand-flash slice 1 Un-Protected 1 sectors writing to flash... Protected 1 sectors Loading /boot/defaults/loader.conf /kernel data=0xa17310+0xdbc54 syms=[0x4+0x7f730+0x4+0xb6cd4]

Lab 4–20 ? Operational Monitoring and Maintenance (Detailed)

www.juniper.net

Introduction to the Junos Operating System

Hit [Enter] to boot immediately, or space bar for command prompt. Booting [/kernel] in 1 second... Type '?' for a list of commands, 'help' for more detailed help. loader>

Step 4.3 At the prompt, first disable the watchdog process by using the watchdog disable command. Secondly, type boot -s and press Enter to boot the Junos OS in single-user mode.
loader> watchdog disable loader> boot -s Kernel entry at 0x801000d8 ... init regular console Primary ICache: Sets 64 Size 128 Asso 4 Primary DCache: Sets 1 Size 128 Asso 64 Secondary DCache: Sets 512 Size 128 Asso 8 ...TRIMMED... System watchdog timer disabled Enter full pathname of shell or 'recovery' for root password recovery or RETURN for /bin/sh:

Step 4.4 When prompted to enter a pathname for shell or ‘recovery’ for root password recovery, type recovery and press Enter.
Enter full pathname of shell or 'recovery' for root password recovery or RETURN for /bin/sh: recovery Performing system setup ... ...TRIMMED... Performing initialization of management services ... Performing checkout of management services ... NOTE: NOTE: NOTE: NOTE: NOTE: NOTE: NOTE: NOTE: NOTE: NOTE: NOTE: Once in the CLI, you will need to enter configuration mode using the 'configure' command to make any required changes. For example, to reset the root password, type: configure set system root-authentication plain-text-password (enter the new password when asked) commit exit exit When you exit the CLI, you will be asked if you want to reboot the system

Starting CLI ... root@srxA-1>

www.juniper.net

Operational Monitoring and Maintenance (Detailed) ? Lab 4–21

Introduction to the Junos Operating System

Step 4.5 Once the prompt is available, enter configuration mode and set a new root password of lab123. Commit the configuration and return to configuration mode. Use the exit command to leave operational mode, the software prompts you about rebooting. Type y and press Enter to reboot the system.
root@srxA-1> configure Entering configuration mode [edit] root@srxA-1# set system root-authentication plain-text-password New password: Retype new password: [edit] lab@srxA-1# commit and-quit commit complete Exiting configuration mode lab@srxA-1> exit Reboot the system? [y/n] y Waiting (max 60 seconds) for system Waiting (max 60 seconds) for system Waiting (max 60 seconds) for system Syncing disks, vnodes remaining...1 syncing disks... All buffers synced. Uptime: 11m53s Rebooting... ...TRIMMED... Thu Oct 21 08:46:40 PDT 2010 srxA-1 (ttyu0) login: process process process 1 1 1 0 `vnlru' to stop...done `bufdaemon' to stop...done `syncer' to stop... 0 done

Step 4.6 Once the system boots, verify the root password recovery by logging in with the new root password.
srxA-1 (ttyu0) login: root Password: --- JUNOS 12.1R1.9 built 2012-03-24 12:12:49 UTC root@srxA-1%

Lab 4–22 ? Operational Monitoring and Maintenance (Detailed)

www.juniper.net

Introduction to the Junos Operating System

Question: Were you successfully authenticated using the new root password?

Answer: You should now be successfully authenticated as root using the new root password. This successful authentication verifies that the access recovery process worked. Step 4.7 Start the CLI and enter configuration mode.
root@srxA-1% cli root@srxA-1> configure Entering configuration mode [edit] root@srxA-1#

Step 4.8 Restore the lab4-part4-start configuration using the load override / var/home/lab/ijos/lab4-part4-start.config command. Activate the configuration and log out of the system.
[edit] root@srxA-1# load override /var/home/lab/ijos/lab4-part4-start.config load complete [edit] root@srxA-1# commit and-quit commit complete Exiting configuration mode root@srxA-1> exit root@srxA-1% exit logout srxA-1 (ttyu0) login:

STOP

Tell your instructor that you have completed Lab 4.

www.juniper.net

Operational Monitoring and Maintenance (Detailed) ? Lab 4–23

Introduction to the Junos Operating System

Lab 4–24 ? Operational Monitoring and Maintenance (Detailed)

www.juniper.net

Lab 5 (Optional)
The J-Web Interface (Detailed)

Overview
This lab introduces you to the J-Web graphical user interface (GUI). In this lab, you will familiarize yourself with various J-Web features and capabilities. The lab is available in two formats: a high-level format that is designed to make you think through each step and a detailed format that offers step-by-step instructions complete with sample output from most commands. By completing this lab, you will perform the following tasks: ? ? ? Log in to the J-Web interface. Explore J-Web monitoring options. Explore J-Web configuration and diagnose options.

www.juniper.net

The J-Web Interface (Detailed) ? Lab 5–1 12.a.12.1R1.9

Introduction to the Junos Operating System

Part 1: Logging In to and Exploring the J-Web Interface
In this lab part, you will familiarize yourself with the access details for your team’s station and log in through the J-Web interface. You will also familiarize yourself with the various monitoring capabilities available in the J-Web user interface.
Note

Depending on the specifics of your class, you might be accessing a router that is remote from your physical location. The instructor will inform you as to the nature of your access and will provide you with the details needed to access your router. Step 1.1 Ensure that you know to which student device you have been assigned. Check with your instructor if you are not certain. Consult the management network diagram to determine the management address of your student device Question: What is the management address assigned to your station?

Answer: The answer varies; in the example used throughout this lab, the user belongs to the srxA-1 station, which uses an IP address of 10.210.14.131. Your answer will depend on the rack of equipment your class is using. Step 1.2 Access the CLI at your station using either the console, Telnet, or SSH as directed by your instructor. Refer to the management network diagram for the IP address associated with your team’s station. The following example uses a simple Telnet access to srxA-1 with the Secure CRT program as a basis:

Lab 5–2 ? The J-Web Interface (Detailed)

www.juniper.net

Introduction to the Junos Operating System

Step 1.3 Log in to the student device with the username lab using a password of lab123. Note that both the name and password are case-sensitive. Enter configuration mode and load the reset configuration file using the load override /var/home/ lab/ijos/lab5-start.config command. After the configuration has been loaded, commit the changes and return to operational mode.
srxA-1 (ttyp0) login: lab Password: --- JUNOS 12.1R1.9 built 2012-03-24 12:12:49 UTC lab@srxA-1> configure Entering configuration mode [edit] lab@srxA-1# load override ijos/lab5-start.config load complete [edit] lab@srxA-1# commit and-quit commit complete Exiting configuration mode lab@srxA-1>

Step 1.4 Open a Web browser on your PC. From a Web browser on your PC. navigate to the management address of your device. Refer to the management network diagram for the IP address associated with your team’s station.

Step 1.5 Log in as user lab with the password supplied by your instructor.

www.juniper.net

The J-Web Interface (Detailed) ? Lab 5–3

Introduction to the Junos Operating System

Step 1.6 After logging in click on the Dashboard tab in the upper left corner. Use the information found in your browser to answer the following questions.

Lab 5–4 ? The J-Web Interface (Detailed)

www.juniper.net

Introduction to the Junos Operating System

Question: What is the current system up time in days?

Answer: The answers can vary. The capture taken from srxA-1 shows an up time of 48 minutes. Question: What is the current memory and CPU usage on your assigned station?

Answer: The answer can vary. The capture taken from srxA-1 shows memory and CPU utilization of 56% and 12% respectively for the control side and 67% and 0% respectively for the data side. Step 1.7 Edit the Dashboard Preferences to display the Chassis Status. 1. Click Open Preferences Dialog in the upper right corner of the screen.

2.

Scroll down the list of available Panels, and select Chassis Status, then click OK.

www.juniper.net

The J-Web Interface (Detailed) ? Lab 5–5

Introduction to the Junos Operating System

Question: What is the Routing Engine (RE) temperature, and is this temperature considered normal?

Answer: The capture taken from srxA-1 indicates that the RE temperature is considered to be normal at 44 degrees Celsius.

Question: How can you display the serial number and model of the Routing Engine?

Answer: You can navigate directly to Monitor > System View > Chassis Information by clicking on the View chassis status link on the newly created Dashboard panel:
Lab 5–6 ? The J-Web Interface (Detailed) www.juniper.net

Introduction to the Junos Operating System

Step 1.8 Navigate to Monitor > Interfaces and view the ge-0/0/0.0 interface.

Question: What is the status of the ge-0/0/0.0 interface?

Answer: The interface should indicate an administrative and operational status of up, and it should be configured with the management IP address. Question: How can you gain additional information on a given interface?

Answer: Highlight the selected interface and click Details to open a new window.

www.juniper.net

The J-Web Interface (Detailed) ? Lab 5–7

Introduction to the Junos Operating System

Step 1.9 Navigate to Monitor > Routing > Route Information to view the current static routes.

Part 2: Exploring J-Web Configuration and Diagnostic Capabilities
In this lab part, you will familiarize yourself with the configuration and diagnostic capabilities available in the J-Web interface. You will also identify the key pages that relate to those capabilities. Step 2.1 Access the J-Web configuration page by clicking the Configure tab.

Lab 5–8 ? The J-Web Interface (Detailed)

www.juniper.net

Introduction to the Junos Operating System

Question: How do you display your station’s current configuration?

Answer: Click CLI Tools, then click the CLI Viewer link. This example is taken from srxA-1.

Step 2.2 Navigate to Configure > System Properties > User Management.

Step 2.3 Click Edit. In the Edit User Management window, click Add and create the user Jweb. Use the password lab123 and fullname Jweb User. Keep the login class as read-only. Leave the User ID field blank. Click OK when complete.
www.juniper.net The J-Web Interface (Detailed) ? Lab 5–9

Introduction to the Junos Operating System

Step 2.4 Commit the new user by clicking on Actions in the upper right corner, then click Commit.

Step 2.5 Return to User Management and remove the Jweb user created earlier. 1. 2. 3. 4. Step 2.6 Click Actions, then click Compare to display changes in the configuration.
Lab 5–10 ? The J-Web Interface (Detailed) www.juniper.net

Navigate to Configure > System Properties > User Management. Click Edit. Highlight the Jweb user and click Delete. Click OK.

Introduction to the Junos Operating System

Step 2.7 Commit the changes by clicking on Actions then Commit.

Step 2.8 Navigate to Troubleshoot > Ping Host. Enter the IP address of the server in the management network and click Start to begin the ping.

www.juniper.net

The J-Web Interface (Detailed) ? Lab 5–11

Introduction to the Junos Operating System

Question: Does the ping succeed?

Answer: Yes. As shown in the capture, the ping does succeed. Step 2.9 Logout of your J-Web session. Return to the cli session opened to your device and log out using the exit command.
lab@srxA-1> exit srxA-1 (ttyu0) login:

STOP

Tell your instructor that you have completed Lab 5.
www.juniper.net

Lab 5–12 ? The J-Web Interface (Detailed)

Introduction to the Junos Operating System
Appendix A: Lab Diagrams

Introduction to the Junos Operating System

A–2 ? Lab Diagrams

www.juniper.net

Introduction to the Junos Operating System

www.juniper.net

Lab Diagrams ? A–3

Introduction to the Junos Operating System

A–4 ? Lab Diagrams

www.juniper.net


赞助商链接
相关文章:
Juniper SRX详细配置手册(含注释)
Juniper SRX详细配置手册(含注释)_计算机硬件及网络_...lab class super-user authentication plain-text-...junos-host set security nat source rule-set ...
JUNIPER NETWORKS SRX Series configuration Guide(中...
juniperjuniper隐藏>> JUNIPER NETWORKS SRX Series configuration Guide (中文) 更新了(红色)PPPOE、IPSec VPN、ECMP(Junos 目前有点问题) 、总结。 Ltm V2.0 2011...
JUNOS-SRX-JUNIPER-安全平台笔记(下册SRX)
JUNOS-SRX-JUNIPER-安全平台笔记(下册SRX)_计算机硬件及网络_IT/计算机_专业资料...Juniper JUNOS Lab Guid... 108页 1下载券 JUNIPER_JUNOS_CLI 暂无评价 72页...
JUNOS入门学习笔记_图文
Juniper 官方网站上有很多非常好的入门视频教程手把手教你如何 “把 JUNOS 作为...这里我只列出少量的命令,就当抛砖引玉,其他的,让我们一起在 Lab 中学习吧。...
juniper交换机配置指南
juniper交换机配置指南_IT认证_资格考试/认证_教育专区...55 on ttyd0 --- JUNOS 7.2R3.3 built 2002...Example: lab@M7i_GZ# set system root-...
Juniper SRX配置手册
Juniper SRX 配置指导手册。Juniper SRX 防火墙配置手册 一、JUNOS 操作系统介绍 ...2.1.3 设置远程登陆管理用户 root# set system login user labclass super-...
juniper入门手册
关掉和电源配电箱 Example: Request system halt routing regine 11.JUNOS 版本调整操作说明事项 1) 以下指令基于以下假设:当前双路由引擎的 Juniper 路由器以 RE0...
JUNOS升级步骤
PC 机上的 FTP 服务器 现场工程师 装有 JUNOSJUNIPER PCMCIA FLASH 卡...lab@m160# run file copy ftp://username:password@IP-address/install-media...
Juniper Junos SRX系列Cluster HA配置汇总
Juniper Junos SRX系列Cluster HA配置汇总_计算机硬件及网络_IT/计算机_专业资料。Juniper Junos SRX系列HA配置汇总——整理自官方Guide1...
Juniper.JUNOS.olive.模拟器的安装方法_图文
Juniper.JUNOS.olive.模拟器的安装方法_IT/计算机_专业资料。在VMWare上安装Free...Juniper Olive模拟器使用... 24页 5下载券 Juniper JUNOS Lab Guid... 108...
更多相关标签: