Differences

This shows you the differences between two versions of the page.

--- juniper:routerconfiguration [2009/02/04 18:12]
a created
+++ juniper:routerconfiguration [2009/05/25 00:35]
@@ Line 1: / Line 1: @@
-===== Configure the router =====
-Use the following commands to configure the router:
-<code>
-	root# cli
-	root@>
-	cli> configure
-	[edit]
-	root@# set system host-name juniper
-	root@# set system domain-name x83.net
-	root@# set interfaces fxp0 unit 0 family inet address 10.2.2.2/24
-	root@# set system backup-router 10.2.2.1
-	root@# set system name-server 10.2.2.1
-	root@# set system root-authentication plain-text-password
-	New password:
-	Retype password:
-	root@ show
-	system {
-	    host-name juniper;
-	    domain-name x83.net;
-	    backup-router 10.2.2.1;
-	    root-authentication {
-	         encrypted-password "$1$gNTKIVLL$nSw2LduQttCiGipspveEq."; ## SECRET-DATA
-	    }
-	    name-server {
-.2.2.1;
-	}
-	interfaces {
-	    fxp0 {
-	        unit 0 {
-	            family inet {
-	                address 10.2.2.2/24;
-	            }
-	        }
-	    }
-	}
-	root@# commit
-	root@juniper# exit
-	root@juniper>
-</code>
-Other config params :
-</code>
-root@juniper# set system ntp server  192.168.2.100
-root@juniper# set system time-zone Europe/Ljubljana
-root@juniper# set system services ssh
-root@juniper# set interfaces lo0 unit 0 family inet address  10.200.200.1/32
-root@juniper> configure  exclusive   //if several people login only you can use "configure"
-root@juniper> status
-root@juniper> request system logout user  john //kick someone out
-</code>
-The ''**show | display set**'' command is a handy way to reverse-engineer a router configuration when you are trying to duplicate portions of a configuration on many routers or when you need to write up configuration, monitoring, or troubleshooting procedures for your network operations staff. This command is especially useful if the configuration is complex and when setting it up involves many long commands and lots of typing.
-===== Add comments =====
-<code>
-root@juniper# set area  0.0.0.0 interface fe-0/0/0
-root@juniper# annotate area  0.0.0.0 "MESH routers"
-root@juniper# show
-	/* MESH routers */
-	area 0.0.0.0 {
-	     interface fe-0/0/0.0;
-	}
-</code>
-To delete a comment, use the annotate command with an empty string:
-   root@juniper# annotate area  0.0.0.0 ""
-===== Check syntax (commit) =====
-After configuring issue commit command.
-  root@juniper# commit check
-If there are no errors you recieve : configuration check succeeds
-To debug commit :
-   root@juniper# commit | display detail
-To exit from a lower level to operational mode : '**exit configuration-mode**'
-===== Backing up configuration =====
-<code>
-root@juniper# file copy /config/juniper.conf.gz  box:/root/tmp
-root@juniper# save box:configMay
-root@juniper# save  configMay                     //copy to a localfile
-root@juniper# run file show  configMay         //to view it
-root@juniper# run show system storage       // view diskspace
-</code>
-To backup every time you **commit**:
-<code>
-root@juniper# set archival configuration transfer-on-commit
-root@juniper# set archival configuration archive-sites ftp: //giany:password@box:/m40configs
-</code>
-===== Rollback =====
-<code>
-root@juniper# rollback 1   //loads other config
-root@juniper# show
-root@juniper# commit
-root@juniper# rollback ?  //view rollbacks
-</code>
-===== View logs =====
-<code>
-root@juniper# run show log
-root@juniper# run show log messages
-</code>
-===== Install different jinstall =====
-   root@juniper# request system software add validate box:jinstall-8.4R2.6-domestic-signed.tgz
-Or copy the file to /var/tmp
-   root@juniper# file copy box:jinstall-8.4R2.6-domestic-signed.tgz /var/tmp
-   root@juniper# request system software add validate /var/tmp/jinstall-8.4R2.6-domestic-signed.tgz  //and reboot here
-and then reboot:
-   root@juniper# request system reboot
-===== Gather system informations =====
-<code>
-root@juniper# show version
-root@juniper# show version detail
-root@juniper# show system processes
-root@juniper# run show system processes | match /syslogd
-root@juniper# run request support information
-root@juniper# run file list detail /var/tmp   //look for cores
-</code>
-<code>
-root@juniper# run show system users
-:40PM  up 10:12, 1 user, load averages: 0.01, 0.06, 0.07
-USER     TTY      FROM                              LOGIN@  IDLE WHAT
-root     p1       10.2.2.1                         2:28PM      - cli
-root@juniper# run show system uptime
-Current time: 2008-05-24 13:52:15 EEST
-System booted: 2008-05-24 04:29:05 EEST (09:23:10 ago)
-Protocols started: 2008-05-24 04:34:42 EEST (09:17:33 ago)
-Last configured: 2008-05-24 13:38:28 EEST (00:13:47 ago) by root
-:52PM  up 9:23, 1 user, load averages: 0.00, 0.02, 0.00
-</code>
-===== Accounts =====
-<code>
-root@juniper# set system login user giany full-name Foobaruser
-root@juniper# set system login user giany uid 1000
-root@juniper# set system login user giany class super-user
-root@juniper# set system login user giany authentication encrypted-password "$1$gNTKIVLL$nSw2LduQttCiGipspv32E."
-root@juniper# set system login password password maximum-length 18   // max length
-root@juniper# set system login password password minimum-length 8   // min lenght
-root@juniper# set system login password password minimum-changes 3   // 3 case changes
-</code>
-==== Tacacs ====
-To allow authentification of users :
-<code>
-root@juniper# set login user operations class super-user
-root@juniper# set login user operations full-name "Operations Account"
-root@juniper# set login user operations uid 9999
-root@juniper# set system authentication-order [ tacplus password ];
-root@juniper# set tacacs-server 10.2.2.1 secret aaaaa
-</code>
-===== SSH/Telnet Filter =====
-You want to filter incoming ssh/telnet connections to a set of ips. First create a prefix-list with allowed ips then create a policer that will discard all incoming connections. After that create the policer that will allow your prefix-list. In the end create the filters for discard/accept and apply the filter to the specified interface.
-<code>
-set policy-options prefix-list telnet-ssh-sessions 10.2.2.1/32
-set firewall policer 1m-bw-limit if-exceeding bandwidth-limit 1m
-set firewall policer 1m-bw-limit if-exceeding burst-size-limit 15k
-set firewall policer 1m-bw-limit then discard
-set firewall policer 20m-bw-limit if-exceeding bandwidth-limit 20m
-set firewall policer 20m-bw-limit if-exceeding burst-size-limit 1m
-set firewall policer 20m-bw-limit then discard
-set firewall filter re-filter term police-ssh from source-prefix-list telnet-ssh-sessions
-set firewall filter re-filter term police-ssh from protocol tcp
-set firewall filter re-filter term police-ssh from port ssh
-set firewall filter re-filter term police-ssh from port telnet
-set firewall filter re-filter term police-ssh from tcp-initial
-set firewall filter re-filter term police-ssh then policer 1m-bw-limit
-set firewall filter re-filter term police-ssh then accept
-set firewall filter re-filter term ssh-telnet from source-prefix-list telnet-ssh-sessions
-set firewall filter re-filter term ssh-telnet from protocol tcp
-set firewall filter re-filter term ssh-telnet from port ssh
-set firewall filter re-filter term ssh-telnet from port telnet
-set firewall filter re-filter term ssh-telnet then policer 20m-bw-limit
-set firewall filter re-filter term ssh-telnet then accept
-set interfaces fxp0 unit 0 family inet filter input re-filter         //apply filter
-</code>
-===== Sending messages =====
-<code>
-request message all message "Log out immediately"
-request system logout terminal p0
-request system logout user giany
-request message user giany message "Log out immediately"
-</code>