Differences
This shows you the differences between two versions of the page.
juniper:routerconfiguration [2009/02/04 18:12] a created |
juniper:routerconfiguration [2009/05/25 00:35] |
||
---|---|---|---|
Line 1: | Line 1: | ||
- | ===== Configure the router ===== | ||
- | Use the following commands to configure the router: | ||
- | |||
- | < | ||
- | root# cli | ||
- | root@> | ||
- | cli> configure | ||
- | [edit] | ||
- | root@# set system host-name juniper | ||
- | root@# set system domain-name x83.net | ||
- | root@# set interfaces fxp0 unit 0 family inet address 10.2.2.2/ | ||
- | root@# set system backup-router 10.2.2.1 | ||
- | root@# set system name-server 10.2.2.1 | ||
- | root@# set system root-authentication plain-text-password | ||
- | New password: | ||
- | Retype password: | ||
- | root@ show | ||
- | system { | ||
- | host-name juniper; | ||
- | domain-name x83.net; | ||
- | backup-router 10.2.2.1; | ||
- | root-authentication { | ||
- | | ||
- | } | ||
- | name-server { | ||
- | | ||
- | } | ||
- | interfaces { | ||
- | fxp0 { | ||
- | unit 0 { | ||
- | family inet { | ||
- | address 10.2.2.2/ | ||
- | } | ||
- | } | ||
- | } | ||
- | } | ||
- | root@# commit | ||
- | root@juniper# | ||
- | root@juniper> | ||
- | </ | ||
- | |||
- | Other config params : | ||
- | </ | ||
- | root@juniper# | ||
- | root@juniper# | ||
- | root@juniper# | ||
- | root@juniper# | ||
- | |||
- | root@juniper> | ||
- | root@juniper> | ||
- | root@juniper> | ||
- | </ | ||
- | |||
- | The '' | ||
- | |||
- | ===== Add comments ===== | ||
- | |||
- | |||
- | < | ||
- | root@juniper# | ||
- | root@juniper# | ||
- | root@juniper# | ||
- | /* MESH routers */ | ||
- | area 0.0.0.0 { | ||
- | | ||
- | } | ||
- | </ | ||
- | |||
- | To delete a comment, use the annotate command with an empty string: | ||
- | |||
- | | ||
- | |||
- | |||
- | ===== Check syntax (commit) ===== | ||
- | |||
- | |||
- | After configuring issue commit command. | ||
- | |||
- | root@juniper# | ||
- | |||
- | |||
- | If there are no errors you recieve : configuration check succeeds | ||
- | |||
- | To debug commit : | ||
- | |||
- | | ||
- | |||
- | |||
- | To exit from a lower level to operational mode : ' | ||
- | |||
- | |||
- | ===== Backing up configuration ===== | ||
- | < | ||
- | root@juniper# | ||
- | root@juniper# | ||
- | root@juniper# | ||
- | root@juniper# | ||
- | root@juniper# | ||
- | </ | ||
- | |||
- | To backup every time you **commit**: | ||
- | < | ||
- | root@juniper# | ||
- | root@juniper# | ||
- | </ | ||
- | |||
- | ===== Rollback ===== | ||
- | < | ||
- | root@juniper# | ||
- | root@juniper# | ||
- | root@juniper# | ||
- | root@juniper# | ||
- | </ | ||
- | |||
- | ===== View logs ===== | ||
- | |||
- | < | ||
- | root@juniper# | ||
- | root@juniper# | ||
- | </ | ||
- | |||
- | ===== Install different jinstall ===== | ||
- | |||
- | | ||
- | |||
- | Or copy the file to /var/tmp | ||
- | |||
- | | ||
- | | ||
- | |||
- | and then reboot: | ||
- | |||
- | | ||
- | |||
- | ===== Gather system informations ===== | ||
- | |||
- | < | ||
- | root@juniper# | ||
- | root@juniper# | ||
- | root@juniper# | ||
- | root@juniper# | ||
- | root@juniper# | ||
- | root@juniper# | ||
- | </ | ||
- | |||
- | < | ||
- | root@juniper# | ||
- | |||
- | | ||
- | USER | ||
- | root | ||
- | |||
- | root@juniper# | ||
- | |||
- | Current time: 2008-05-24 13:52:15 EEST | ||
- | System booted: 2008-05-24 04:29:05 EEST (09:23:10 ago) | ||
- | Protocols started: 2008-05-24 04:34:42 EEST (09:17:33 ago) | ||
- | Last configured: 2008-05-24 13:38:28 EEST (00:13:47 ago) by root | ||
- | | ||
- | </ | ||
- | |||
- | ===== Accounts ===== | ||
- | < | ||
- | root@juniper# | ||
- | root@juniper# | ||
- | root@juniper# | ||
- | root@juniper# | ||
- | |||
- | |||
- | root@juniper# | ||
- | root@juniper# | ||
- | root@juniper# | ||
- | </ | ||
- | |||
- | ==== Tacacs ==== | ||
- | |||
- | To allow authentification of users : | ||
- | < | ||
- | root@juniper# | ||
- | root@juniper# | ||
- | root@juniper# | ||
- | root@juniper# | ||
- | root@juniper# | ||
- | </ | ||
- | |||
- | |||
- | ===== SSH/Telnet Filter ===== | ||
- | |||
- | You want to filter incoming ssh/telnet connections to a set of ips. First create a prefix-list with allowed ips then create a policer that will discard all incoming connections. After that create the policer that will allow your prefix-list. In the end create the filters for discard/ | ||
- | |||
- | < | ||
- | set policy-options prefix-list telnet-ssh-sessions 10.2.2.1/32 | ||
- | set firewall policer 1m-bw-limit if-exceeding bandwidth-limit 1m | ||
- | set firewall policer 1m-bw-limit if-exceeding burst-size-limit 15k | ||
- | set firewall policer 1m-bw-limit then discard | ||
- | set firewall policer 20m-bw-limit if-exceeding bandwidth-limit 20m | ||
- | set firewall policer 20m-bw-limit if-exceeding burst-size-limit 1m | ||
- | set firewall policer 20m-bw-limit then discard | ||
- | set firewall filter re-filter term police-ssh from source-prefix-list telnet-ssh-sessions | ||
- | set firewall filter re-filter term police-ssh from protocol tcp | ||
- | set firewall filter re-filter term police-ssh from port ssh | ||
- | set firewall filter re-filter term police-ssh from port telnet | ||
- | set firewall filter re-filter term police-ssh from tcp-initial | ||
- | set firewall filter re-filter term police-ssh then policer 1m-bw-limit | ||
- | set firewall filter re-filter term police-ssh then accept | ||
- | set firewall filter re-filter term ssh-telnet from source-prefix-list telnet-ssh-sessions | ||
- | set firewall filter re-filter term ssh-telnet from protocol tcp | ||
- | set firewall filter re-filter term ssh-telnet from port ssh | ||
- | set firewall filter re-filter term ssh-telnet from port telnet | ||
- | set firewall filter re-filter term ssh-telnet then policer 20m-bw-limit | ||
- | set firewall filter re-filter term ssh-telnet then accept | ||
- | |||
- | set interfaces fxp0 unit 0 family inet filter input re-filter | ||
- | </ | ||
- | |||
- | ===== Sending messages ===== | ||
- | |||
- | < | ||
- | request message all message "Log out immediately" | ||
- | request system logout terminal p0 | ||
- | request system logout user giany | ||
- | request message user giany message "Log out immediately" | ||
- | </ |