Professional Documents
Culture Documents
M. Irfan Ghauri
M. Tanzeel Nasir
ESP Press
Copyrights 2009
LAB.
LABS DESCRIPTION
PAGE
NO.
Static Routing
Dynamic Routing
1. RIP
2. OSPF
14
16
Firewall Filtering
1. Simple Firewall Filtering
2. Advance firewall Filtering
18
20
22
Implement VRRP
24
Inter-vlan routing
26
Configuring dhcp
28
10
Password recovery
30
11
PPP Authentication
32
2
11
12
Lab # 1
Junos Basic
Configuration
After connecting your PC to the Console Port.
LOGIN:root
PASSWORD:abc123
Root @%
To Enter Into Operational Mode From Unix Shell & Vice- Versa.
Root @% cli
Root >
To Enter Into Configuration Mode.
Root> configure
Entering configuration mode
Root #
Jweb equivalent: Configuration > View and Edit > View Configuration
Text
show candidate
Configuration.
Root#show
interfaces{
inactive se-0/0/2{
}
Verifying Command
Root> show interfaces
Root> show interface terse
Root>show interface description
Root> show interfaces terse | match fe
10
Lab # 2
Accessing Router through Telnet/SSH/HTTP
(Telnet/SSH/HTTP between two Routers)
Configuration
Configuring telnet on R1.
Root@R1# set system services telnet
Root@R1# set system services ssh
Root@R1# set system login user R1 class super-user authentication plain-textpassword
Enter password: abc123
Retype password: abc123
Verifying Commands
Root> show system users
Root> show configuration
Root# show system
11
12
Lab # 3
STATIC Routes
Diagram
IP Address 15.0.0.2
Se-0/0/2
IP Address 15.0.0.1
Se-0/0/2
IP Address 10.0.0.10
Fe-0/0/0
WAN
R1
Host A
IP Address 10.0.0.1
R2
IP Address 20.0.0.10
Fe-0/0/0
Host B
IP Address 20.0.0.1
Configuration
Configure the Static Route on the Router R1.
Root# set routing-options static route 20.0.0.0/8 next-hop 15.0.0.2
Root# commit
13
14
Lab # 4 (i)
IP Address 15.0.0.1
Se-0/0/2
IP Address 10.0.0.10
Fe-0/0/0
R1
WAN
Host A
IP Address 10.0.0.1
R2
IP Address 20.0.0.10
Fe-0/0/0
Host B
IP Address 20.0.0.1
Configuration
Enable the RIP protocol on the Router R1.
root@R1# set protocols rip group NAME export policy1
root@R1# set protocols rip group NAME neighbor se-0/0/2
Defining policy :
root@R1# set policy-options policy-statement policy1 from protocol direct
root@R1#set policy-options policy-statement policy1 then accept
15
16
Lab # 4 (ii)
IP Address
10.0.0.10
Fe-0/0/0
IP Address 15.0.0.2
Se-0/0/2
WAN
R1
R2
Host A
IP Address 10.0.0.1
IP Address
20.0.0.10
Fe-0/0/0
Host B
IP Address 20.0.0.1
Configuration
Enable the OSPF protocol on the Router R1.
Root@R1#set protocols ospf area 0.0.0.0 interface Fe-0/0/0
Root@R1#set protocols ospf area 0.0.0.0 interface Se-0/0/2
Or
Root@R1#set protocols ospf area 0.0.0.0 interface all
Verifying Commands
Root>show route
Root>show ospf interface
Root>show ospf neighbor
Root>show route protocol ospf
17
18
Lab # 5
Firewall Filtering
i.Simple Firewall Filtering
Diagram
IP Address 15.0.0.1
Serial-0/0/2
IP Address 15.0.0.2
Serial-0/0/2
WAN
IP Address
20.0.0.10
R2Ft 0Fe-0/0/0
R1
IP Address
10.0.0.10
Fe-0/0/0
FTP Server
WEB Server
IP Address
20.0.0.2
IP Address
20.0.0.1
Host A
IP Address
10.0.0.1
Host B
IP Address
10.0.0.2
IP Address 15.0.0.1
Configuration
Make the Standard ACL on router R1 such that Host A can not be
accessing
the Web & Ftp Server.
Root@R1# set firewall filter FILTER-IN term BLOCK-ALL-PACKETS from
source-address 10.0.0.1/32
Root@R1# set firewall filter FILTER-IN term BLOCK-ALL-PACKETS then
discard
Root@R1# set firewall filter FILTER-IN term ALLOW-OTHERS then accept
19
Verifying commands (Now Host A should not be accessing both Web & FTP
servers. However, Host B should be accessing both Web & FTP Servers)
root# show firewall filter FILTER-NAME
20
IP Address 15.0.0.2
Serial-0/0/2
WAN
IP Address
20.0.0.10
R2Ft 0Fe-0/0/0
R1
IP Address
10.0.0.10
Fe-0/0/0
FTP Server
WEB Server
IP Address
20.0.0.2
IP Address
20.0.0.1
Host A
IP Address
10.0.0.1
Host B
IP Address
10.0.0.2
Configuration
Make the Firewall Filtering on router R1 such that Host A can not be
the Web Server.
accessing
21
Make the Firewall Filtering on router R1 such that Host B can not be accessing the
Ftp Server.
Root@R1#set firewall filter protect term DENY-FTP from sourceaddress10.0.0.2/32
Root@R1#set firewall filter protect term DENY-FTP from destinationaddress20.0.0.2/32
Root@R1#set firewall filter protect term DENY-FTP from protocol tcp
Root@R1#set firewall filter protect term DENY- FTP from destination-port FTP
Root@R1#set firewall filter protect term DENY-FTP then discard
Root@R1#set firewall filter protect term PERMIT-ALL then accept
Verifying commands
22
Lab # 6
Outside Global
Inside Local
Outside Local
IP Address 15.0.0.1
Serial 0
IP Address 10.0.0.10
Ethernet 0
IP Address 15.0.0.2
Serial 0
WAN
R1
R2
IP Address 20.0.0.10
Ethernet 0
NAT
Translation Table Of
R1
10.0.0.1
15.0.0.11
10.0.0.2
15.0.0.12
FTP Server
WEB Server
Host A
IP Address
10.0.0.1
Host B
IP Address
10.0.0.2
IP Address
20.0.0.1
IP Address
20.0.0.2
Configuration
Configuring Sp interface
Root#set interfaces sp-0/0/0 unit 0 family inet
Defining Nat Pool
Root#set services nat pool global-out address 15.0.0.11/32
Root#set services nat pool global-out port automatic
Defining Nat rule
Root#set services nat rule nat-out match-direction output
Root#set services nat rule nat-out term nat-with-alg from application-sets junosalgs-outbound
23
Root#set services nat rule nat-out term nat-with-alg then translated source-pool
global-out
Root#set services nat rule nat-out term nat-with-alg then translated translation-type
source dynamic
Create service set
Root#set services service-set nat-ss nat-rules nat-out
Root#set services service-set nat-ss interface-service service-interface sp-0/0/0.0
Apply service set to nat interface
Root#set interfaces se-0/0/2 unit 0 family inet service input service-set nat-ss
Root#set interfaces se-0/0/2 unit 0 family inet service output service-set nat-ss
Verifying commands
Root>sh services nat pool
Root >sh services nat pool detail
Root >clear services stateful-firewall flows
24
Lab #7
Configuring VRRP
Virtual
Router
10.0.0.5
10.0.0.10
L0 15.0.0.1
J2300
VRRP
GROUP
1
10.0.0.20
J2300
L0 15.0.0.1
Host A
IP Address
10.0.0.1
Configuration
Configuration of Vrrp on Router A
Root#set interfaces fe-0/0/0 unit 0 family inet address 10.0.0.10/8 vrrp-group 1
virtual-address 10.0.0.5
Verifying Commands
Root>show vrrp
Root>show vrrp interface fe-0/0/0
25
26
Lab # 8
Inter-VLAN Routing
J2300
Fe-0/0/0
Fe-0/0/0.10
10.0.0.10 / 8
Fe-0/0/0.20
20.0.0.10 / 8
Fa 0/24
2950
Fa 0/1
Vlan 10
Host A
10.0.0.1/8
10.0.0.10
Switch
Switch(config)#vlan 10
Switch(config-vlan)#name vlan-10
Fa 0/11
Vlan 20
Host B
20.0.0.1/8
20.0.0.10
Switch(config)#vlan 20
Switch(config-vlan)#name vlan-10
Switch(config)#interface range fastEthernet 0/1 - 10
Switch(config-if-range)#switchport mode access
Switch(config-if-range)#switchport access vlan 10
Switch(config)#interface range fastEthernet 0/11 - 20
Switch(config-if-range)#switchport mode access
Switch(config-if-range)#switchport access vlan 20
Switch(config)#interface fastEthernet 0/24
Switch(config-if)#switchport mode trunk
Router
Root#set interfaces fe-0/0/0 vlan-tagging
Root #set interfaces fe-0/0/0 unit 10 vlan-id 10
Root #set interfaces fe-0/0/0 unit 10 family inet address 10.0.0.10/8
Root #set interfaces fe-0/0/0 unit 20 vlan-id 20
Root #set interfaces fe-0/0/0 unit 20 family inet address 20.0.0.10/8
Verifying Command
root# show interfaces fe-0/0/0
root# show interfaces fe-0/0/0 | display set
27
28
Lab # 9
Host A
Host B
29
30
Lab #10
Password Recovery
Configuration
First Press Power ON Button reboot your router
when below line appear press space bar
Hit [Enter] to boot immediately, or space bar for command prompt.
Booting [kernel] in 1 second...
Type boot s at below prompt
Type '?' for a list of commands, 'help' for more detailed help.
Ok boot -s
Type recovery at below prompt
Enter full pathname of shell or 'recovery' for root password recovery or RETURN
for /bin/sh: recovery
CLI prompt Appear
Starting CLI ...
root>
Type Configure and Set Root authentication Password
Root>configure
Root#set system root-authentication plain-text-password
New password:*******
Retype new password:*******
31
32
Lab # 11
IP Address 15.0.0.1
Se-0/0/2
IP Address 15.0.0.2
Se-0/0/2
WAN
R1
R2
Configuration
CHAP Authentication Configuration for Router R1.
Root#set system host-name R1
Root@R1#set system root-authentication encrypted-password abc123
Root@R1#set interfaces se-0/0/2 encapsulation ppp
Root@R1#set interfaces se-0/0/2 ppp-options chap default-chap-secret abc123
Root@R1#set interfaces se-0/0/2 ppp-options chap local-name R1
CHAP Authentication Configuration for Router R2.
Root#set system host-name R2
Root@R2#set system root-authentication encrypted-password abc123
Root@R2#set interfaces se-0/0/2 encapsulation ppp
Root@R2#set interfaces se-0/0/2 ppp-options chap default-chap-secret abc123
Root@R2#set interfaces se-0/0/2 ppp-options chap local-name R2