Upload
aloneye
View
23
Download
1
Embed Size (px)
DESCRIPTION
dsfadfdaf dsfsaff hhn
Citation preview
7/21/2019 IJOS Lab Guide -Lab2.Ready
http://slidepdf.com/reader/full/ijos-lab-guide-lab2ready 1/30
IJOS Lab Guide
Page 1
In this activity, you will perform the following tasks:
Part 1: Load a factory-default configuration.
Part 2: Perform initial system configuration.
Part 3: Save, delete, and restore a rescue configuration.Part 4: Verifying Interface State and Backup Configuration to file.
LLaabb 22::
IInniittiiaall SSyysstteemm CCoonnf f iigguurraattiioonn
7/21/2019 IJOS Lab Guide -Lab2.Ready
http://slidepdf.com/reader/full/ijos-lab-guide-lab2ready 2/30
IJOS Lab Guide
Page 2
Part 1: Loading a Factory-Default Configuration
Step 1.1Enter configuration mode and load a factory-default configuration using the load
factory-default command.
admin> configure
Entering configuration mode
[edit]
admin# load factory-default
warning: activating factory configuration
Step 1.2Display the factory-default configuration.
[edit]
admin# show ## Last changed: 2012-05-05 10:09:47 UTC
system {
autoinstallation {
delete-upon-commit; ## Deletes [system autoinstallation] upon change/commit
traceoptions {
level verbose;flag {
all;
}
}
interfaces {
ge-0/0/0 {
bootp;
}
}
}
name-server {208.67.222.222;
208.67.220.220;
}
services {
ssh;
telnet;
xnm-clear-text;
7/21/2019 IJOS Lab Guide -Lab2.Ready
http://slidepdf.com/reader/full/ijos-lab-guide-lab2ready 3/30
IJOS Lab Guide
Page 3
web-management {
http {
interface vlan.0;
}
https {
system-generated-certificate;
interface vlan.0;}
}
dhcp {
router {
192.168.1.1;
}
pool 192.168.1.0/24 {
address-range low 192.168.P.2 high 192.168.P.254;
}
propagate-settings ge-0/0/0.0;
}
}
syslog {
archive size 100k files 3;
user * {
any emergency;
}
file messages {
any critical;
authorization info;
}file interactive-commands {
interactive-commands error;
}
}
max-configurations-on-flash 5;
##
## Warning: statement ignored: unsupported platform (srx240h)
##
max-configuration-rollbacks 5;
license {
autoupdate {url https://ae1.juniper.net/junos/key_retrieval;
}
}
## Warning: missing mandatory statement(s): 'root-authentication'
}
interfaces {
7/21/2019 IJOS Lab Guide -Lab2.Ready
http://slidepdf.com/reader/full/ijos-lab-guide-lab2ready 4/30
IJOS Lab Guide
Page 4
ge-0/0/0 {
unit 0;
}
ge-0/0/1 {
unit 0 {
family ethernet-switching {
vlan {members vlan-trust;
}
}
}
}
ge-0/0/2 {
unit 0 {
family ethernet-switching {
vlan {
members vlan-trust;
}
}
}
}
ge-0/0/3 {
unit 0 {
family ethernet-switching {
vlan {
members vlan-trust;
}
}}
}
ge-0/0/4 {
unit 0 {
family ethernet-switching {
vlan {
members vlan-trust;
}
}
}
}ge-0/0/5 {
unit 0 {
family ethernet-switching {
vlan {
members vlan-trust;
}
7/21/2019 IJOS Lab Guide -Lab2.Ready
http://slidepdf.com/reader/full/ijos-lab-guide-lab2ready 5/30
IJOS Lab Guide
Page 5
}
}
}
ge-0/0/6 {
unit 0 {
family ethernet-switching {
vlan {members vlan-trust;
}
}
}
}
ge-0/0/7 {
unit 0 {
family ethernet-switching {
vlan {
members vlan-trust;
}
}
}
}
ge-0/0/8 {
unit 0 {
family ethernet-switching {
vlan {
members vlan-trust;
}
}}
}
ge-0/0/9 {
unit 0 {
family ethernet-switching {
vlan {
members vlan-trust;
}
}
}
}ge-0/0/10 {
unit 0 {
family ethernet-switching {
vlan {
members vlan-trust;
}
7/21/2019 IJOS Lab Guide -Lab2.Ready
http://slidepdf.com/reader/full/ijos-lab-guide-lab2ready 6/30
IJOS Lab Guide
Page 6
}
}
}
ge-0/0/11 {
unit 0 {
family ethernet-switching {
vlan {members vlan-trust;
}
}
}
}
ge-0/0/12 {
unit 0 {
family ethernet-switching {
vlan {
members vlan-trust;
}
}
}
}
ge-0/0/13 {
unit 0 {
family ethernet-switching {
vlan {
members vlan-trust;
}
}}
}
ge-0/0/14 {
unit 0 {
family ethernet-switching {
vlan {
members vlan-trust;
}
}
}
}ge-0/0/15 {
unit 0 {
family ethernet-switching {
vlan {
members vlan-trust;
}
7/21/2019 IJOS Lab Guide -Lab2.Ready
http://slidepdf.com/reader/full/ijos-lab-guide-lab2ready 7/30
IJOS Lab Guide
Page 7
}
}
}
vlan {
unit 0 {
family inet {
address 192.168.1.1/24;}
}
}
}
protocols {
stp;
}
security {
screen {
ids-option untrust-screen {
icmp {
ping-death;
}
ip {
source-route-option;
tear-drop;
}
tcp {
syn-flood {
alarm-threshold 1024;
attack-threshold 200;source-threshold 1024;
destination-threshold 2048;
timeout 20;
}
land;
}
}
}
nat {
source {
rule-set trust-to-untrust {from zone trust;
to zone untrust;
rule source-nat-rule {
match {
source-address 0.0.0.0/0;
}
7/21/2019 IJOS Lab Guide -Lab2.Ready
http://slidepdf.com/reader/full/ijos-lab-guide-lab2ready 8/30
IJOS Lab Guide
Page 8
then {
source-nat {
interface;
}
}
}
}}
}
policies {
from-zone trust to-zone untrust {
policy trust-to-untrust {
match {
source-address any;
destination-address any;
application any;
}
then {
permit;
}
}
}
}
zones {
security-zone trust {
host-inbound-traffic {
system-services {
all;}
protocols {
all;
}
}
interfaces {
vlan.0;
}
}
security-zone untrust {
screen untrust-screen;interfaces {
ge-0/0/0.0 {
host-inbound-traffic {
system-services {
dhcp;
tftp;
7/21/2019 IJOS Lab Guide -Lab2.Ready
http://slidepdf.com/reader/full/ijos-lab-guide-lab2ready 9/30
IJOS Lab Guide
Page 9
}
}
}
}
}
}
}vlans {
vlan-trust {
vlan-id 3;
l3-interface vlan.0;
}
}
Note: The factory-default configuration displays several statements pertaining to the
security hierarchy level. This information is outside the scope of this class but is
covered in the Junos for Security Platforms (JSEC) course.
Step 1.3 Activate the factory-default configuration by issuing a commit command.
admin# commit
[edit]
'system'
Missing mandatory statement: 'root-authentication'
error: commit failed: (missing statements)
Question: Did the commit operation succeed? If not, why not?
____________________________________________________________________________
Answer: The commit operation should fail because the root authentication is missing.
We remedy this situation in the next lab part.
Part 2: Performing Initial Configuration
Step 2.1
7/21/2019 IJOS Lab Guide -Lab2.Ready
http://slidepdf.com/reader/full/ijos-lab-guide-lab2ready 10/30
IJOS Lab Guide
Page 10
Navigate to the [edit system root-authentication] hierarchy level. Issue the set plain-
text-password command. When prompted to enter a new password, type apples
[edit]
admin# edit system root-authentication
[edit system root-authentication]
admin# set plain-text-password
New password: apples
error: require change of case, digits or punctuation
Question: What happens when you enter the specified password? Why?
____________________________________________________________________________
Answer: The operation fails because the password does not meet the requirements.
Step 2.2 Again, issue the set plain-text-password command. When prompted to enter a new
password, type Apples. When prompted to confirm the password, type Oranges.
[edit system root-authentication]
admin# set plain-text-password
New password: Apples
Retype new password: Oranges
error: Passwords are not equal; aborting
Question: What happens when you enter the specified password? Why?
____________________________________________________________________________
Answer: The operation fails because the password are not equal.
Step 2.3
Issue the set plain-text-password command once again. When prompted to enter a new password, type juniper123. When prompted to confirm the password, type juniper123.
Activate the change and return to operational mode by issuing acommit and-quit
command.
[edit system root-authentication]
admin# set plain-text-password
7/21/2019 IJOS Lab Guide -Lab2.Ready
http://slidepdf.com/reader/full/ijos-lab-guide-lab2ready 11/30
IJOS Lab Guide
Page 11
New password: juniper123
Retype new password: juniper123
[edit system root-authentication]
admin# commit and-quit
commit complete
Exiting configuration mode
admin>
Step 2.4Issue the file list /var/tmp command.
admin> file list /var/tmp
error: no local user: admin
Question: What happens when you enter the specified command? Why?
____________________________________________________________________________
Answer: The operation generates an error because the admin user is no longer valid.
We restore the admin user account in a subsequent lab step.
Step 2.5
Log out as the admin user and log in as root. Use the newly defined password of juniper123.
admin> exit
Amnesiac (ttyu0)
login: root
Password: juniper123
--- JUNOS 11.4R2.14 built 2012-03-17 19:13:21 UTC
root@%
Note: You should see the previously defined hostname at the login prompt. The Amnesiac
hostname is shown when the hostname is removed and the system is rebooted. You
do not need to reboot the system at this time because you will configure a new
hostname shortly.
7/21/2019 IJOS Lab Guide -Lab2.Ready
http://slidepdf.com/reader/full/ijos-lab-guide-lab2ready 12/30
IJOS Lab Guide
Page 12
Step 2.6Start the CLI with the cli command and enter configuration mode.
root@% cli root> configure
Entering configuration mode
[edit]
root#
Step 2.7Delete interfaces, and VLANs from the [edit] hierarchy.
[edit]
root# delete interfaces
[edit]
root# delete vlans
Step 2.8Navigate to the [edit system] hierarchy level.
[edit]
root# edit system
[edit system]
root#
Step 2.9Define the system’s hostname. Use the hostname SRX P . Replace the P with your pod
number. For example, SRX1 for Pod 1.
[edit system]
root# set host-name SRXP
Step 2.10
7/21/2019 IJOS Lab Guide -Lab2.Ready
http://slidepdf.com/reader/full/ijos-lab-guide-lab2ready 13/30
IJOS Lab Guide
Page 13
Configure the time zone and system time using the local time zone and current time as
input values.
[edit system]
root# set time-zone Asia/Taipei
[edit system]
root# run set date 201205011800.00
Tue May 1 18:00:00 UTC 2012
Note: The default time zone on Junos devices is UTC (Coordinated Universal Time, formerly
known as Greenwich Mean Time, or GMT). When you define the local time, you must
account for the time difference between the defined time zone and the default time
zone. Once the time zone is changed and committed, the local time is adjusted
accordingly to account for the difference. If you do not want to make the necessary
adjustments, you can simply set the system’s time after the defined time zone
parameter has been committed.
Step 2.11Navigate to the [edit system services] hierarchy level.
[edit system]
root# edit services
[edit system services]
root#
Step 2.12Display the current dhcp service configuration under the [edit system services]
hierarchy], then erase them.
[edit system services]
root# show ssh;
telnet;xnm-clear-text;
web-management {
http {
interface vlan.0;
}
https {
system-generated-certificate;
7/21/2019 IJOS Lab Guide -Lab2.Ready
http://slidepdf.com/reader/full/ijos-lab-guide-lab2ready 14/30
IJOS Lab Guide
Page 14
interface vlan.0;
}
}
dhcp {
router {
192.168.1.1;
}pool 192.168.1.0/24 {
address-range low 192.168.P.2 high 192.168.P.254;
}
propagate-settings ge-0/0/0.0;
}
[edit system services]
root# delete dhcp
Step 2.13Configure the HTTP Web-management service to use the ge-0/0/5.0 interface. Remove
the vlan.0 interface from both the HTTP and HTTPS Web-management services.
Configure the HTTPS Web-management service to use all interfaces.
[edit system services]
root# set web-management http interface ge-0/0/5.0
[edit system services]
root# delete web-management http interface vlan.0
[edit system services]
root# delete web-management https interface vlan.0
[edit system services]
root# set web-management https interface all
Step 2.14
Configure the ge-0/0/5 interface using the address and subnet mask specified on theweb page diagram, and specify an interface description of "INSIDE INTERFACE ".
[edit system services]
root# top edit interfaces
[edit interfaces]
root# set ge-0/0/5 unit 0 family inet address 10.0.P.1/24
7/21/2019 IJOS Lab Guide -Lab2.Ready
http://slidepdf.com/reader/full/ijos-lab-guide-lab2ready 15/30
IJOS Lab Guide
Page 15
[edit interfaces]
root# set ge-0/0/5 description "INSIDE INTERFACE"
Step 2.15Configure the ge-0/0/3 interface using the address and subnet mask specified on the
web page diagram, and specify an interface description of "DMZ INTERFACE ".
[edit interfaces]
root# set ge-0/0/3 unit 0 family inet address 172.16.P.1/24
[edit interfaces]
root# set ge-0/0/3 description "DMZ INTERFACE"
Step 2.16Configure the ge-0/0/2 interface using the address and subnet mask specified on the
web page diagram, and specify an interface description of "OUTSIDE INTERFACE ".
[edit interfaces]
root# set ge-0/0/2 unit 0 family inet address 192.168.P.2/24
[edit interfaces]
root# set ge-0/0/2 description "OUTSIDE INTERFACE"
Step 2.17Verify all interfaces you configured in previous steps.
[edit interfaces]
root# show
ge-0/0/2 {
description "OUTSIDE INTERFACE";
unit 0 {
family inet {
address 192.168.P.2/24;
}
}
}
ge-0/0/3 {
description "DMZ INTERFACE";
unit 0 {
7/21/2019 IJOS Lab Guide -Lab2.Ready
http://slidepdf.com/reader/full/ijos-lab-guide-lab2ready 16/30
IJOS Lab Guide
Page 16
family inet {
address 172.16.P.1/24;
}
}
}
ge-0/0/5 {
description "INSIDE INTERFACE";
unit 0 {
family inet {
address 10.0.P.1/24;
}
}
}
Step 2.18Define a static default route to allow for reachability beyond the directly connected
subets. Use the RBB address, shown on the lab diagram, as the next-hop value.
[edit interfaces]
root# top edit routing-options
[edit routing-options]
root# set static route 0.0.0.0/0 next-hop 192.168.P.1
Step 2.19From the top hierarchy, delete all security configuration.
[edit routing-options]
root# top
[edit]
root# delete security
Step 2.20In the top of the configuration hierarchy, issue the show | compare command to view a
summary of the recent configuration additions
[edit]
root# show | compare [edit system]
7/21/2019 IJOS Lab Guide -Lab2.Ready
http://slidepdf.com/reader/full/ijos-lab-guide-lab2ready 17/30
IJOS Lab Guide
Page 17
+ host-name SRXP;
+ time-zone Asia/Taipei;
[edit system services web-management http]
- interface vlan.0;
+ interface ge-0/0/5.0;
[edit system services web-management https]
- interface vlan.0;+ interface all;
[edit system services]
- dhcp {
- router {
- 192.168.1.1;
- }
- pool 192.168.1.0/24 {
- address-range low 192.168.P.2 high 192.168.P.254;
- }
- propagate-settings ge-0/0/0.0;
- }
[edit interfaces]
- ge-0/0/0 {
- unit 0;
- }
- ge-0/0/1 {
- unit 0 {
- family ethernet-switching {
- vlan {
- members vlan-trust;
- }- }
- }
- }
[edit interfaces ge-0/0/2]
+ description "OUTSIDE INTERFACE";
[edit interfaces ge-0/0/2 unit 0]
+ family inet {
+ address 192.168.P.2/24;
+ }
- family ethernet-switching {
- vlan {- members vlan-trust;
- }
- }
[edit interfaces ge-0/0/3]
+ description "DMZ INTERFACE";
[edit interfaces ge-0/0/3 unit 0]
7/21/2019 IJOS Lab Guide -Lab2.Ready
http://slidepdf.com/reader/full/ijos-lab-guide-lab2ready 18/30
IJOS Lab Guide
Page 18
+ family inet {
+ address 172.16.P.1/24;
+ }
- family ethernet-switching {
- vlan {
- members vlan-trust;
- }- }
[edit interfaces]
- ge-0/0/4 {
- unit 0 {
- family ethernet-switching {
- vlan {
- members vlan-trust;
- }
- }
- }
- }
[edit interfaces ge-0/0/5]
+ description "INSIDE INTERFACE";
[edit interfaces ge-0/0/5 unit 0]
+ family inet {
+ address 10.0.P.1/24;
+ }
- family ethernet-switching {
- vlan {
- members vlan-trust;
- }- }
[edit interfaces]
- ge-0/0/6 {
- unit 0 {
- family ethernet-switching {
- vlan {
- members vlan-trust;
- }
- }
- }
- }- ge-0/0/7 {
- unit 0 {
- family ethernet-switching {
- vlan {
- members vlan-trust;
- }
7/21/2019 IJOS Lab Guide -Lab2.Ready
http://slidepdf.com/reader/full/ijos-lab-guide-lab2ready 19/30
IJOS Lab Guide
Page 19
- }
- }
- }
- ge-0/0/8 {
- unit 0 {
- family ethernet-switching {
- vlan {- members vlan-trust;
- }
- }
- }
- }
- ge-0/0/9 {
- unit 0 {
- family ethernet-switching {
- vlan {
- members vlan-trust;
- }
- }
- }
- }
- ge-0/0/10 {
- unit 0 {
- family ethernet-switching {
- vlan {
- members vlan-trust;
- }
- }- }
- }
- ge-0/0/11 {
- unit 0 {
- family ethernet-switching {
- vlan {
- members vlan-trust;
- }
- }
- }
- }- ge-0/0/12 {
- unit 0 {
- family ethernet-switching {
- vlan {
- members vlan-trust;
- }
7/21/2019 IJOS Lab Guide -Lab2.Ready
http://slidepdf.com/reader/full/ijos-lab-guide-lab2ready 20/30
IJOS Lab Guide
Page 20
- }
- }
- }
- ge-0/0/13 {
- unit 0 {
- family ethernet-switching {
- vlan {- members vlan-trust;
- }
- }
- }
- }
- ge-0/0/14 {
- unit 0 {
- family ethernet-switching {
- vlan {
- members vlan-trust;
- }
- }
- }
- }
- ge-0/0/15 {
- unit 0 {
- family ethernet-switching {
- vlan {
- members vlan-trust;
- }
- }- }
- }
- vlan {
- unit 0 {
- family inet {
- address 192.168.1.1/24;
- }
- }
- }
[edit]
+ routing-options {+ static {
+ route 0.0.0.0/0 next-hop 192.168.P.1;
+ }
+ }
- security {
- screen {
7/21/2019 IJOS Lab Guide -Lab2.Ready
http://slidepdf.com/reader/full/ijos-lab-guide-lab2ready 21/30
IJOS Lab Guide
Page 21
- ids-option untrust-screen {
- icmp {
- ping-death;
- }
- ip {
- source-route-option;
- tear-drop;- }
- tcp {
- syn-flood {
- alarm-threshold 1024;
- attack-threshold 200;
- source-threshold 1024;
- destination-threshold 2048;
- timeout 20;
- }
- land;
- }
- }
- }
- nat {
- source {
- rule-set trust-to-untrust {
- from zone trust;
- to zone untrust;
- rule source-nat-rule {
- match {
- source-address 0.0.0.0/0;- }
- then {
- source-nat {
- interface;
- }
- }
- }
- }
- }
- }
- policies {- from-zone trust to-zone untrust {
- policy trust-to-untrust {
- match {
- source-address any;
- destination-address any;
- application any;
7/21/2019 IJOS Lab Guide -Lab2.Ready
http://slidepdf.com/reader/full/ijos-lab-guide-lab2ready 22/30
IJOS Lab Guide
Page 22
- }
- then {
- permit;
- }
- }
- }
- }- zones {
- security-zone trust {
- host-inbound-traffic {
- system-services {
- all;
- }
- protocols {
- all;
- }
- }
- interfaces {
- vlan.0;
- }
- }
- security-zone untrust {
- screen untrust-screen;
- interfaces {
- ge-0/0/0.0 {
- host-inbound-traffic {
- system-services {
- dhcp;- tftp;
- }
- }
- }
- }
- }
- }
- }
- vlans {
- vlan-trust {
- vlan-id 3;- l3-interface vlan.0;
- }
- }
Question: With the exception of the root authentication, does the generated output
7/21/2019 IJOS Lab Guide -Lab2.Ready
http://slidepdf.com/reader/full/ijos-lab-guide-lab2ready 23/30
IJOS Lab Guide
Page 23
summarize the newly added configuration statements?
____________________________________________________________________________
Answer: The output should summarize the recently added configuration statements.
Step 2.21 Activate the changes and return to operational mode.
[edit]
root# commit and-quit
commit complete
Exiting configuration mode
root@SRXP>
Part 3: Saving, Displaying, Loading, and Deleting a Rescue
Configuration
Step 3.1
Save the active configuration as the rescue configuration
root@SRXP> request system configuration rescue save
Step 3.2Display the contents of the recently saved rescue configuration.
root@SRXP> file show /config/rescue.conf.gz ## Last changed: 2012-05-01 18:05:49 UTC
version 12.1R1.9system {
host-name SRXP;
time-zone Asia/Taipei;
root-authentication {
encrypted-password "$1$BPDZ4p0b$vb3OrwvurBAl.wrwQG16h/";
}
name-server {
7/21/2019 IJOS Lab Guide -Lab2.Ready
http://slidepdf.com/reader/full/ijos-lab-guide-lab2ready 24/30
IJOS Lab Guide
Page 24
208.67.222.222;
208.67.220.220;
}
services {
ssh;
telnet;
xnm-clear-text;web-management {
http {
interface ge-0/0/5.0;
}
https {
system-generated-certificate;
interface all;
---(more)---
< output omitted>
Question: Does the rescue configuration match the recently created active configuration?
____________________________________________________________________________
Answer: Yes, the rescue configuration should match the recently created active
configuration.
Question: What CLI command could you issue to compare the active and rescue
configuration files?____________________________________________________________________________
Answer: Use the file compare files / config/juniper.conf.gz /config/ rescue.conf.gz
command to compare the active and rescue configurations. As shown in the
following sample capture, the files do not contain any differences:.
root@SRXP> file compare files /config/juniper.conf.gz /config/rescue.conf.gz
Step 3.3Return to configuration mode and delete the [edit system services] hierarchy level.
Activate the change.
root@SRXP> configure
Entering configuration mode
7/21/2019 IJOS Lab Guide -Lab2.Ready
http://slidepdf.com/reader/full/ijos-lab-guide-lab2ready 25/30
IJOS Lab Guide
Page 25
[edit]
root@SRXP# delete system services
[edit]
root@SRXP# commit
commit complete
Step 3.4Verify that the [edit system services] hierarchy level is empty and then load the rescue
configuration
[edit]
root@SRXP# show system services
[edit]
root@SRXP# rollback rescue
load complete
Step 3.5Verify that the [edit system services] hierarchy level once again contains the ssh, telnet,
and web-management services.
[edit]
root@SRXP# show system services
ssh;
telnet;
xnm-clear-text;
web-management {
http {
interface ge-0/0/5.0;
}
https {
system-generated-certificate;
interface all;}
}
Question: Did the rescue configuration successfully load? Are the services enabled now?
If not, why not?
7/21/2019 IJOS Lab Guide -Lab2.Ready
http://slidepdf.com/reader/full/ijos-lab-guide-lab2ready 26/30
IJOS Lab Guide
Page 26
____________________________________________________________________________
Answer: Yes, the rescue configuration loaded successfully and restored the statements
at the [edit system services] hierarchy level. However, the software did not
enable the services. Remember, to enable the rescue configuration, or any
other candidate configuration, you must commit!
Step 3.6 Activate the rescue configuration and return to operational mode.
[edit]
root@SRXP# commit and-quit
commit complete
Exiting configuration mode
Step 3.7Delete the rescue configuration and attempt to display the rescue.conf.gz file to confirm
the deletion.
root@SRXP> request system configuration rescue delete
root@SRXP> file show /config/rescue.conf.gz
error: could not resolve file: /config/rescue.conf.gz
Question: Did you successfully delete the rescue configuration?
____________________________________________________________________________
Answer: Yes, based on the results shown, the deletion of the rescue configuration was
successful.
Part 4: Verifying Interface State and Backup Configuration to file.
Step 4.1Issue the show interfaces terse CLI command to verify the state of the configured
interfaces.
7/21/2019 IJOS Lab Guide -Lab2.Ready
http://slidepdf.com/reader/full/ijos-lab-guide-lab2ready 27/30
IJOS Lab Guide
Page 27
root@SRXP> show interfaces terse Interface Admin Link Proto Local Remote
ge-0/0/0 up down
gr-0/0/0 up up
ip-0/0/0 up up
lsq-0/0/0 up uplt-0/0/0 up up
mt-0/0/0 up up
sp-0/0/0 up up
sp-0/0/0.0 up up inet
sp-0/0/0.16383 up up inet 10.0.0.1 --> 10.0.0.16
10.0.0.6 --> 0/0
128.0.0.1 --> 128.0.1.16
128.0.0.6 --> 0/0
ge-0/0/1 up up
ge-0/0/2 up up
ge-0/0/2.0 up up inet 192.168.P.2/24
ge-0/0/3 up up
ge-0/0/3.0 up up inet 172.16.P.1/24
ge-0/0/4 up down
ge-0/0/5 up up
ge-0/0/5.0 up up inet 10.0.P.1/24
ge-0/0/6 up down
ge-0/0/7 up up
ge-0/0/8 up up
ge-0/0/9 up up
ge-0/0/10 up upge-0/0/11 up up
ge-0/0/12 up up
ge-0/0/13 up up
ge-0/0/14 up up
ge-0/0/15 up up
fxp2 up up
fxp2.0 up up tnp 0x1
gre up up
ipip up up
irb up up
lo0 up uplo0.16384 up up inet 127.0.0.1 --> 0/0
lo0.16385 up up inet 10.0.0.1 --> 0/0
10.0.0.16 --> 0/0
128.0.0.1 --> 0/0
128.0.0.4 --> 0/0
128.0.1.16 --> 0/0
7/21/2019 IJOS Lab Guide -Lab2.Ready
http://slidepdf.com/reader/full/ijos-lab-guide-lab2ready 28/30
IJOS Lab Guide
Page 28
lo0.32768 up up
lsi up up
mtun up up
pimd up up
pime up up
pp0 up up
ppd0 up upppe0 up up
st0 up up
tap up up
vlan up up
Question: What are the Admin and Link states of the recently configured interfaces?
____________________________________________________________________________
Answer: All configured interfaces should show Admin and Link states of up, as shown inthe sample capture..
Step 4.2Verify the CLI default parameters and extend the CLI screen-width to 130 characters.
root@SRXP> show cliCLI complete-on-space set to on
CLI idle-timeout disabled
CLI restart-on-upgrade set to on
CLI screen-length set to 24
CLI screen-width set to 80
CLI terminal is 'vt100'
CLI is operating in enhanced mode
CLI timestamp disabled
CLI working directory is '/cf/root'
root@SRXP> set cli screen-width 130
Screen width set to 130
Step 4.3Reconfigure the admin user account, with password “juniper123”. Commit the changes.
root@SRXP> configure
Entering configuration mode
7/21/2019 IJOS Lab Guide -Lab2.Ready
http://slidepdf.com/reader/full/ijos-lab-guide-lab2ready 29/30
IJOS Lab Guide
Page 29
[edit]
root@SRXP# set system login user admin class super-user authentication plain-text-
password
New password: juniper123
Retype new password: juniper123
[edit]
root@SRXP# commit and-quit
commit complete
Exiting configuration mode
Step 4.4Logout and then login as admin user.
root@SRXP> exit
root@SRXP% exit
logout
SRXP (ttyu0)
login: admin
Password: juniper123
--- JUNOS 12.1R1.9 built 2012-03-24 12:12:49 UTC
admin@SRXP>
Step 4.5Verify the lab1 configuration file you saved in the previous lab.
admin@SRXP> file list
/cf/var/home/admin/:
.ssh/
IJOS.LAB1
Step 4.6There are many methods to backup the configuration. One of the options is to Issue the
show configuration | save /cf/var/home/admin/IJOS.LAB2 CLI command to save
the active configuration as IJOS.LAB2 in the /cf/var/home/admin directory.
7/21/2019 IJOS Lab Guide -Lab2.Ready
http://slidepdf.com/reader/full/ijos-lab-guide-lab2ready 30/30
IJOS Lab Guide
admin@SRXP> show configuration | save /cf/var/home/admin/IJOS.LAB2
Wrote 90 lines of output to '/cf/var/home/admin/IJOS.LAB2'
admin@SRXP> file list
/cf/var/home/admin/:
.ssh/
IJOS.LAB1
IJOS.LAB2
By saving your current configuration, you are able to rollback at any time.
For Example:
[edit]
admin@SRXP# load override IJOS.LAB2
load complete
[edit]
admin@SRXP# commit
commit complete
Tell your instructor that you have completed this lab.