Professional Documents
Culture Documents
Juniper Networks reserves the right to change, modify, transfer, or otherwise revise this publication without notice.
YEAR 2000 NOTICE
Juniper Networks hardware and software products do not suffer from Year 2000 problems and hence are Year 2000 compliant. The Junos
operating system has no known time-related limitations through the year 2038. However, the NTP application is known to have some difficulty
in the year 2036.
SOFTWARE LICENSE
The terms and conditions for using Juniper Networks software are described in the software license provided with the software, or to the
extent applicable, in an agreement executed between you and Juniper Networks, or Juniper Networks agent. By using Juniper Networks
software, you indicate that you understand and agree to be bound by its license terms and conditions. Generally speaking, the software
license restricts the manner in which you are permitted to use the Juniper Networks software, may contain prohibitions against certain uses,
and may state conditions under which the license is automatically terminated. You should consult the software license for further details.
Contents
Lab 1:
Lab 2:
Lab 3:
Lab 4:
Lab 5:
www.juniper.net
Contents iii
iv Contents
www.juniper.net
Course Overview
This one-day course provides students with the foundational knowledge required to work with the
Junos operating system and to configure Junos devices. The course provides a brief overview of the
Junos device families and discusses the key architectural components of the software. Additional
key topics include user interface options with a heavy focus on the command-line interface (CLI),
configuration tasks typically associated with the initial setup of devices, interface configuration
basics with configuration examples, secondary system configuration, and the basics of operational
monitoring and maintenance of Junos devices.
Through demonstrations and hands-on labs, you will gain experience in configuring and monitoring
the Junos OS and monitoring basic device operations. This course is based on Junos OS Release
12.1R1.9.
Objectives
After successfully completing this course, you should be able to:
Perform secondary configuration tasks for features and services such as system
logging (syslog) and tracing, Network Time Protocol (NTP), configuration archival, and
SNMP.
Intended Audience
This course benefits individuals responsible for configuring and monitoring devices running the
Junos OS.
Course Level
The Introduction to the Junos Operating System course is a one-day, introductory course.
Prerequisites
Students should have basic networking knowledge and an understanding of the Open Systems
Interconnection (OSI) reference model and the TCP/IP protocol suite.
www.juniper.net
Course Overview v
Course Agenda
Day 1
Chapter 1:
Chapter 2:
Chapter 3:
Initial Configuration
Lab 2: Initial System Configuration
Chapter 4:
Chapter 5:
vi Course Agenda
www.juniper.net
Document Conventions
CLI and GUI Text
Frequently throughout this course, we refer to text that appears in a command-line interface (CLI)
or a graphical user interface (GUI). To make the language of these documents easier to read, we
distinguish GUI and CLI text from chapter text according to the following table.
Style
Description
Usage Example
Franklin Gothic
Normal text.
Courier New
Console text:
Screen captures
Noncommand-related
syntax
commit complete
Exiting configuration mode
Select File > Open, and then click
Configuration.conf in the
Filename text box.
Description
Usage Example
Normal CLI
No distinguishing variant.
Physical interface:fxp0,
Enabled
Normal GUI
CLI Input
GUI Input
Description
Usage Example
CLI Variable
policy my-peers
GUI Variable
www.juniper.net
Additional Information
Education Services Offerings
You can obtain information on the latest Education Services offerings, course dates, and class
locations from the World Wide Web by pointing your Web browser to:
http://www.juniper.net/training/education/.
Technical Publications
You can print technical manuals and release notes directly from the Internet in a variety of formats:
Go to http://www.juniper.net/techpubs/.
Locate the specific software or hardware release and title you need, and choose the
format in which you want to view or print the document.
Documentation sets and CDs are available through your local Juniper Networks sales office or
account representative.
www.juniper.net
Lab 1
The Junos CLI (Detailed)
Overview
This lab introduces you to the Junos operating system command-line interface (CLI). In
this lab, you will familiarize yourself with various CLI operational mode and configuration
mode features.
The lab is available in two formats: a high-level format designed to make you think through
each step and a detailed format that offers step-by-step instructions complete with
sample output from most commands.
By completing this lab, you will perform the following tasks:
www.juniper.net
Log in to and explore the Junos CLI using both operational and configuration
modes.
www.juniper.net
Step 1.3
Log in to the student device with the username lab using a password of lab123.
Note that both the name and password are case-sensitive. Issue the configure
command to enter configuration mode and load the reset configuration file using
the load override /var/home/lab/ijos/lab1-start.config
command. After the configuration has been loaded, commit the changes and return
to operational mode using the commit and-quit command.
srxA-1 (ttyp0)
login: lab
Password:
--- JUNOS 12.1R1.9 built 2012-03-24 12:12:49 UTC
lab@srxA-1> configure
Entering configuration mode
[edit]
lab@srxA-1# load override ijos/lab1-start.config
load complete
[edit]
lab@srxA-1# commit and-quit
commit complete
Exiting configuration mode
lab@srxA-1>
Step 1.4
Determine what system information you can clear from the operational mode
command prompt.
lab@srxA-1> clear ?
Possible completions:
amt
arp
auto-configuration
bfd
bgp
bridge
www.juniper.net
chassis
database-replication
dhcpv6
dot1x
esis
ethernet-switching
fabric
firewall
gvrp
helper
igmp
igmp-snooping
interfaces
ipv6
isdn
isis
information
l2-learning
lacp
ldp
lldp
log
mld
mld-snooping
mpls
msdp
multicast
network-access
ospf
ospf3
passive-monitoring
pfe
pgm
pim
ppp
pppoe
protection-group
r2cp
rip
ripng
rsvp
security
services
snmp
spanning-tree
system
vpls
vrrp
wlan
www.juniper.net
Show
Show
Show
Show
Show
Show
Show
Show
Step 1.6
Add characters to disambiguate your command so that you can display
interface-related information; use the Spacebar or Tab key for automatic command
completion.
Note
Input rate
Output rate
Active alarms
Active defects
:
:
:
:
Step 1.7
Try to clear SNMP statistics by entering the clear snmp command.
lab@srxA-1> clear snmp
^
syntax error, expecting <command>.
www.juniper.net
*[Direct/0] 02:12:04
> via ge-0/0/0.0
*[Local/0] 02:12:10
Local via ge-0/0/0.0
www.juniper.net
www.juniper.net
www.juniper.net
Step 1.12
A large portion of the Junos OS documentation is available directly from the CLI. You
can retrieve high-level topics using the help topic command, whereas you can
obtain detailed configuration-related information with the help reference
command.
Use the help reference command along with the CLI question-mark operator
(?) to find detailed information about configuring a system hostname.
lab@srxA-1> help reference ?
Possible completions:
access
accounting-options
ancp
applications
bfd
bgp
bridge-domains
chassis
class-of-service
connections
diameter
dlsw
dot1x
dvmrp
dynamic-profiles
esis
event-options
firewall
forwarding-options
igmp
interfaces
isis
l2-learning
l2circuit
l2vpn
layer2-control
layer2-vpns
Use the 'help reference l2vpn' command
layer3-vpns
ldp
link-management
lldp
logical-systems
mld
mpls
msdp
mvpn
oam
ospf
ospf3
pgm
pim
www.juniper.net
poe
policy-options
ppp
protection-group
rip
ripng
router-advertisement
router-discovery
routing-instances
routing-options
rsvp
sap
schedulers
security
services
snmp
stp
switch-options
system
vpls
vpns
vrrp
www.juniper.net
Options
hostname--Name of the router or switch.
Required Privilege Level
system--To view this statement in the configuration.
system-control--To add this statement to the configuration.
Related Topics
* Configuring the Hostname of the Router
Step 1.13
Enter configuration mode.
lab@srxA-1> configure
Entering configuration mode
[edit]
lab@srxA-1#
www.juniper.net
ge-0/0/0 {
description "MGMT Interface - DO NOT DELETE";
unit 0 {
family inet {
address 10.210.14.131/27;
}
}
}
Step 1.15
Position yourself at the [edit interfaces] configuration hierarchy.
[edit]
lab@srxA-1# edit interfaces
[edit interfaces]
lab@srxA-1#
www.juniper.net
Step 1.16
Move to the [edit protocols ospf] portion of the hierarchy. This step
requires that you first visit the root of the hierarchy, as you cannot jump directly
between branches. You can perform this step with a single command in the form of
top edit protocols ospf, however.
[edit interfaces]
lab@srxA-1# top edit protocols ospf
[edit protocols ospf]
lab@srxA-1#
www.juniper.net
Serial number
AH3809AA0054
AAAX6922
Description
SRX240h-poe
RE-SRX240H-POE
FPC
16x GE Base PIC
Step 1.18
Try to return to operational mode by entering an exit command.
[edit]
lab@srxA-1# exit
The configuration has been changed but not committed
Exit with uncommitted changes? [yes,no] (yes)
www.juniper.net
Step 1.19
Log out of your assigned device using the exit command.
www.juniper.net
lab@srxA-1> exit
srxA-1 (ttyu0)
login:
STOP
www.juniper.net
Lab 2
Initial System Configuration (Detailed)
Overview
This lab demonstrates configuration tasks typically performed on new devices running the
Junos operating system. In this lab, you use the CLI to perform initial configuration and
basic interface configuration.
The lab is available in two formats: a high-level format designed to make you think through
each step and a detailed format that offers step-by-step instructions complete with
sample output from most commands. Refer to the management network diagram for
access details.
By completing this lab, you will perform the following tasks:
www.juniper.net
Note
www.juniper.net
Step 1.3
Log in to the student device with the username lab using a password of lab123.
Note that both the name and password are case-sensitive. Enter configuration mode
and load a factory-default configuration using the load factory-default
command.
srxA-1 (ttyp0)
login: lab
Password:
--- JUNOS 12.1R1.9 built 2012-03-24 12:12:49 UTC
lab@srxA-1> configure
Entering configuration mode
[edit]
lab@srxA-1# load factory-default
warning: activating factory configuration
Step 1.4
Display the factory-default configuration.
[edit]
lab@srxA-1# show
## Last changed: 2012-04-17 23:59:34 UTC
system {
autoinstallation {
delete-upon-commit; ## Deletes [system autoinstallation] upon change/
commit
traceoptions {
level verbose;
flag {
all;
}
}
interfaces {
ge-0/0/0 {
bootp;
}
}
}
name-server {
208.67.222.222;
208.67.220.220;
}
services {
ssh;
telnet;
xnm-clear-text;
web-management {
http {
interface vlan.0;
}
https {
system-generated-certificate;
www.juniper.net
interface vlan.0;
}
}
dhcp {
router {
192.168.1.1;
}
pool 192.168.1.0/24 {
address-range low 192.168.1.2 high 192.168.1.254;
}
propagate-settings ge-0/0/0.0;
}
}
syslog {
archive size 100k files 3;
user * {
any emergency;
}
file messages {
any critical;
authorization info;
}
file interactive-commands {
interactive-commands error;
}
}
max-configurations-on-flash 5;
##
## Warning: statement ignored: unsupported platform (srx240h)
##
max-configuration-rollbacks 5;
license {
autoupdate {
url https://ae1.juniper.net/junos/key_retrieval;
}
}
## Warning: missing mandatory statement(s): 'root-authentication'
}
interfaces {
ge-0/0/0
unit
}
ge-0/0/1
unit
{
0;
{
0 {
family ethernet-switching {
vlan {
members vlan-trust;
}
}
}
}
ge-0/0/2 {
unit 0 {
family ethernet-switching {
vlan {
Lab 24 Initial System Configuration (Detailed)
www.juniper.net
members vlan-trust;
}
}
}
}
ge-0/0/3 {
unit 0 {
family ethernet-switching {
vlan {
members vlan-trust;
}
}
}
}
ge-0/0/4 {
unit 0 {
family ethernet-switching {
vlan {
members vlan-trust;
}
}
}
}
ge-0/0/5 {
unit 0 {
family ethernet-switching {
vlan {
members vlan-trust;
}
}
}
}
ge-0/0/6 {
unit 0 {
family ethernet-switching {
vlan {
members vlan-trust;
}
}
}
}
ge-0/0/7 {
unit 0 {
family ethernet-switching {
vlan {
members vlan-trust;
}
}
}
}
ge-0/0/8 {
unit 0 {
family ethernet-switching {
vlan {
members vlan-trust;
www.juniper.net
}
}
}
}
ge-0/0/9 {
unit 0 {
family ethernet-switching {
vlan {
members vlan-trust;
}
}
}
}
ge-0/0/10 {
unit 0 {
family ethernet-switching {
vlan {
members vlan-trust;
}
}
}
}
ge-0/0/11 {
unit 0 {
family ethernet-switching {
vlan {
members vlan-trust;
}
}
}
}
ge-0/0/12 {
unit 0 {
family ethernet-switching {
vlan {
members vlan-trust;
}
}
}
}
ge-0/0/13 {
unit 0 {
family ethernet-switching {
vlan {
members vlan-trust;
}
}
}
}
ge-0/0/14 {
unit 0 {
family ethernet-switching {
vlan {
members vlan-trust;
}
Lab 26 Initial System Configuration (Detailed)
www.juniper.net
}
}
}
ge-0/0/15 {
unit 0 {
family ethernet-switching {
vlan {
members vlan-trust;
}
}
}
}
vlan {
unit 0 {
family inet {
address 192.168.1.1/24;
}
}
}
}
protocols {
stp;
}
security {
screen {
ids-option untrust-screen {
icmp {
ping-death;
}
ip {
source-route-option;
tear-drop;
}
tcp {
syn-flood {
alarm-threshold 1024;
attack-threshold 200;
source-threshold 1024;
destination-threshold 2048;
timeout 20;
}
land;
}
}
}
nat {
source {
rule-set trust-to-untrust {
from zone trust;
to zone untrust;
rule source-nat-rule {
match {
source-address 0.0.0.0/0;
}
then {
www.juniper.net
source-nat {
interface;
}
}
}
}
}
}
policies {
from-zone trust to-zone untrust {
policy trust-to-untrust {
match {
source-address any;
destination-address any;
application any;
}
then {
permit;
}
}
}
}
zones {
security-zone trust {
host-inbound-traffic {
system-services {
all;
}
protocols {
all;
}
}
interfaces {
vlan.0;
}
}
security-zone untrust {
screen untrust-screen;
interfaces {
ge-0/0/0.0 {
host-inbound-traffic {
system-services {
dhcp;
tftp;
}
}
}
}
}
}
}
vlans {
vlan-trust {
vlan-id 3;
l3-interface vlan.0;
Lab 28 Initial System Configuration (Detailed)
www.juniper.net
}
}
Note
www.juniper.net
Step 1.7
Again, issue the set plain-text-password command. When prompted to
enter a new password, type Apples. When prompted to confirm the password, type
Oranges.
[edit system root-authentication]
lab@srxA-1# set plain-text-password
New password:
Retype new password:
error: Passwords are not equal; aborting
Step 1.9
Issue the file list /var/tmp command.
lab@srxA-1> file list /var/tmp
error: no local user: lab
www.juniper.net
Step 1.10
Log out as the lab user and log in as root. Use the newly defined password of
Rootroot.
lab@srxA-1> exit
srxA-1 (ttyu0)
login: root
Password:
--- JUNOS 12.1R1.9 built 2012-03-24 12:12:49 UTC
root@srxA-1%
Note
Step 1.12
Define the systems hostname. Use the hostname specified on the management
network diagram provided by your instructor.
[edit]
root@srxA-1# set system host-name hostname
Step 1.13
Configure the time zone and system time using the local time zone and current date
and time as input values.
[edit]
root@srxA-1# set system time-zone time-zone
[edit]
root@srxA-1# run set date date/time
Wed April 25 04:19:00 PDT 2012
www.juniper.net
Step 1.14
Remove the DHCP, interface, security, protocols and vlan sections from the
factory-default configuration, as this is not necessary in this lab environment.
[edit]
root@srxA-1# delete system services dhcp
[edit]
root@srxA-1# delete interfaces
[edit]
root@srxA-1# delete security
[edit]
root@srxA-1# delete protocols
[edit]
root@srxA-1# delete vlans
Step 1.15
Configure the ge-0/0/0 interface using the address and subnet mask specified on
the management network diagram, and specify an interface description of "MGMT
INTERFACE - DO NOT DELETE".
[edit]
root@srxA-1# edit interfaces
[edit interfaces]
root@srxA-1# set ge-0/0/0 unit 0 family inet address management IP address
[edit interfaces]
root@srxA-1# set ge-0/0/0 description "MGMT Interface - DO NOT DELETE"
[edit interfaces]
root@srxA-1#
Step 1.16
Navigate to [edit routing-options] and define a static route for the
10.210.0.0/16 destination prefix to allow for reachability beyond the local
management subnet. Use the gateway address, shown on the management network
diagram, as the next-hop value. When complete commit the configuration and return
to operational mode.
[edit interfaces]
root@srxA-1# top edit routing-options
[edit routing-options]
root@srxA-1# set static route 10.210.0.0/16 next-hop gateway address
[edit routing-options]
root@srxA-1# commit and-quit
commit complete
Exiting configuration mode
root@srxA-1>
Lab 212 Initial System Configuration (Detailed)
www.juniper.net
STOP
Wait for your instructor before you proceed to the next part.
Step 2.2
Log out of the root user by issuing the exit command twice, then log in as the
lab user using lab123 as the password.
root@srxA-1> exit
root@srxA-1% exit
logout
srxA-1 (ttyu0)
login: lab
Password:
--- JUNOS 12.1R1.9 built 2012-03-24 12:12:49 UTC
lab@srxA-1>
Step 2.3
Save the active configuration as the rescue configuration.
lab@srxA-1> request system configuration rescue save
Step 2.4
Display the contents of the recently saved rescue configuration.
www.juniper.net
www.juniper.net
unit 0 {
family inet {
address 10.210.35.133/26;
}
}
}
}
routing-options {
static {
route 10.210.0.0/16 next-hop 10.210.35.130;
}
}
Step 2.5
Return to configuration mode and delete the [edit system services]
hierarchy level. Activate the change.
lab@srxA-1> configure
Entering configuration mode
[edit]
lab@srxA-1# delete system services
[edit]
lab@srxA-1# commit
commit complete
[edit]
lab@srxA-1#
Step 2.6
Verify that the [edit system services] hierarchy level is empty and then load
the rescue configuration.
www.juniper.net
[edit]
lab@srxA-1# show system services
[edit]
lab@srxA-1# rollback rescue
load complete
Step 2.7
Verify that the [edit system services] hierarchy level once again contains
the ssh, telnet, and web-management services.
[edit]
lab@srxA-1# show system services
ssh;
telnet;
web-management {
http {
interface ge-0/0/0.0;
}
https {
system-generated-certificate;
interface all;
}
}
Step 2.9
Delete the rescue configuration and attempt to display the rescue.conf.gz file to
confirm the deletion.
www.juniper.net
STOP
Wait for your instructor before you proceed to the next part.
Step 3.2
Refer to the network diagram for this lab and configure the listed interfaces. Use
logical unit 0 on all specified interfaces. Commit the configuration and return to
operational mode when complete.
[edit]
lab@srxA-1# edit interfaces
[edit interfaces]
lab@srxA-1# set ge-0/0/3 unit 0 family inet address address/30
[edit interfaces]
lab@srxA-1# set ge-0/0/2 unit 0 family inet address address/30
www.juniper.net
[edit interfaces]
lab@srxA-1# set ge-0/0/1 unit 0 family inet address address/30
[edit interfaces]
lab@srxA-1# set lo0 unit 0 family inet address address/32
[edit interfaces]
lab@srxA-1# commit and-quit
commit complete
Exiting configuration mode
lab@srxA-1>
Step 3.3
Issue the show interfaces terse CLI command to verify the state of the
configured interfaces.
lab@srxA-1> show interfaces terse
Interface
Admin Link
ge-0/0/0
up
up
ge-0/0/0.0
up
up
...TRIMMED..
ge-0/0/1
up
up
ge-0/0/1.0
up
up
ge-0/0/2
up
up
ge-0/0/2.0
up
up
ge-0/0/3
up
up
ge-0/0/3.0
up
up
...TRIMMED..
lo0
up
up
lo0.0
up
up
...TRIMMED..
Proto
Local
inet
10.210.14.131/27
inet
172.20.77.1/30
inet
172.20.66.1/30
inet
172.18.1.2/30
inet
192.168.1.1
Remote
--> 0/0
www.juniper.net
STOP
www.juniper.net
www.juniper.net
Lab 3
Secondary System Configuration (Detailed)
Overview
This lab demonstrates typical secondary configuration tasks performed on devices
running the Junos operating system.
The lab is available in two formats: a high-level format designed to make you think through
each step and a detailed format that offers step-by-step instructions complete with
sample outputs from most commands.
By completing this lab, you will perform the following tasks:
www.juniper.net
Step 1.3
Log in to the student device with the username lab using a password of lab123.
Note that both the name and password are case-sensitive. Enter configuration mode
and load the reset configuration file using the load override /var/home/
lab/ijos/lab3-start.config command. After the configuration has been
loaded, commit the changes.
srxA-1 (ttyp0)
login: lab
Lab 32 Secondary System Configuration (Detailed)
www.juniper.net
Password:
--- JUNOS 12.1R1.9 built 2012-03-24 12:12:49 UTC
lab@srxA-1> configure
Entering configuration mode
[edit]
lab@srxA-1# load override ijos/lab3-start.config
load complete
[edit]
lab@srxA-1# commit
commit complete
[edit]
lab@srxA-1#
Step 1.4
Navigate to [edit system login] and define a custom login class named
juniper with the following permissions:
view
view-configuration
reset
[edit]
lab@srxA-1# edit system login
[edit system login]
lab@srxA-1# set class juniper permissions [view view-configuration reset]
error: invalid value: ]
Note
www.juniper.net
Step 1.5
Next, define two new user accounts using the information from the following table:
Username
Class
Plain-Text Password
walter
juniper
walter123
nancy
read-only
nancy123
Step 1.6
View the configuration under the [edit system login] hierarchy level. If you
are satisfied with the results, activate your new configuration by issuing the commit
command.
[edit system login]
lab@srxA-1# show
class juniper {
permissions [ reset view view-configuration ];
}
user lab {
uid 2000;
class super-user;
authentication {
encrypted-password "$1$mKkMA9pa$AUZPO2UJ9rWwOfp4Kb2/a1"; ## SECRET-DATA
}
}
user nancy {
class read-only;
authentication {
encrypted-password "$1$sg4t2qIv$E3E5PQftT//p1PiswUgfS/"; ## SECRET-DATA
}
}
user walter {
class juniper;
authentication {
encrypted-password "$1$BH89uJ/p$eNBGRpAVxSXzOhbxjjgi90"; ## SECRET-DATA
}
}
Lab 34 Secondary System Configuration (Detailed)
www.juniper.net
srxA-1 (ttyp0)
login: walter
Password:
--- JUNOS 12.1R1.9 built 2012-03-24 12:12:49 UTC
walter@srxA-1>
Step 1.8
Using the new terminal session, try to enter configuration mode.
walter@srxA-1> configure
^
unknown command.
www.juniper.net
www.juniper.net
}
login {
class juniper {
permissions [ reset view view-configuration ];
}
user lab {
uid 2000;
class super-user;
authentication {
encrypted-password /* SECRET-DATA */; ## SECRET-DATA
}
}
user nancy {
uid 2001;
class read-only;
authentication {
encrypted-password /* SECRET-DATA */; ## SECRET-DATA
}
}
user walter {
uid 2002;
class juniper;
authentication {
encrypted-password /* SECRET-DATA */; ## SECRET-DATA
}
}
}
...TRIMMED...
walter@srxA-1> show interfaces
Physical interface: ge-0/0/0, Enabled, Physical link is Up
Interface index: 134, SNMP ifIndex: 508
Description: MGMT Interface - DO NOT DELETE
Link-level type: Ethernet, MTU: 1514, Link-mode: Full-duplex, Speed: 1000mbps,
BPDU Error: None, MAC-REWRITE Error: None, Loopback: Disabled,
Source filtering: Disabled, Flow control: Enabled, Auto-negotiation: Enabled,
Remote fault: Online
Device flags
: Present Running
Interface flags: SNMP-Traps Internal: 0x0
Link flags
: None
CoS queues
: 8 supported, 8 maximum usable queues
Current address: f8:c0:01:8f:8f:80, Hardware address: f8:c0:01:8f:8f:80
Last flapped
: 2012-04-18 10:27:06 PDT (01:57:39 ago)
Input rate
: 976 bps (2 pps)
Output rate
: 1280 bps (1 pps)
Active alarms : None
Active defects : None
Interface transmit statistics: Disabled
Logical interface ge-0/0/0.0 (Index 70) (SNMP ifIndex 512)
Flags: SNMP-Traps 0x0 Encapsulation: ENET2
Input packets : 157
Output packets: 81
...TRIMMED...
www.juniper.net
www.juniper.net
Step 1.13
Attempt to clear interface statistics for the ge-0/0/0 interface using the clear
interfaces statistics ge-0/0/0 command.
nancy@srxA-1> clear
^
unknown command.
www.juniper.net
www.juniper.net
www.juniper.net
www.juniper.net
Step 1.18
Return to the secondary Telnet session opened to you student device
From the secondary Telnet session, try to log in to the system with the nancy
username once again.
login: nancy
Password:
Local password:
--- JUNOS 12.1R1.9 built 2012-03-24 12:12:49 UTC
nancy@srxA-1>
STOP
Wait for your instructor before you proceed to the next part.
Step 2.1
Enter configuration mode and load the lab3-part2-start.config file from
the/var/home/lab/ijos/ directory. Commit your configuration when complete.
lab@srxA-1> configure
Entering configuration mode
[edit]
lab@srxA-1# load override ijos/lab3-part2-start.config
load complete
[edit]
lab@srxA-1# commit
commit complete
[edit]
lab@srxA-1#
Step 2.2
Use the show system syslog command to view the current syslog
configuration.
[edit]
lab@srxA-1# show system syslog
file messages {
any critical;
authorization info;
}
file interactive-commands {
interactive-commands any;
}
www.juniper.net
Step 2.3
Navigate to the [edit system syslog] hierarchy and configure a new syslog
file named config-changes. Specify a facility of change-log and a severity of
info. Also, set the severity level for the default messages file to any.
[edit]
lab@srxA-1# edit system syslog
[edit system syslog]
lab@srxA-1# set file config-changes change-log info
[edit system syslog]
lab@srxA-1# set file messages any any
[edit system syslog]
lab@srxA-1#
Step 2.4
Configure your system to send logs to a remote server running the standard syslog
utility. Refer to your management network diagram for the server address. (Hint: Use
the host option.) Choose the correct facility that logs access attempts on the
system. (Hint: The current messages log file is already using this facility.) Use a
severity level of info. Commit your changes when complete.
[edit system syslog]
lab@srxA-1# set host server address authorization info
[edit system syslog]
lab@srxA-1# commit
commit complete
Step 2.5
Using the run file list /var/log/ command, verify the creation of a log file
named config-changes.
[edit system syslog]
lab@srxA-1# run file list /var/log/
/var/log/:
authd_profilelib
authd_sdb.log
autod
chassisd
config-changes
cosd
dcd
dfwc
dfwd
eccd
gres-tp
httpd.log
httpd.log.old
idpd.addver
interactive-commands
inventory
www.juniper.net
jsrpd
jsrpd_chk_only
kmd
license
mastership
messages
nsd_chk_only
pf
pfed_trace.log
pgmd
rtlogd
sampled
sdxd
utmd-av
Note
Step 2.7
Use the same server IP address used in the previous step and configure an NTP
boot server. Commit the configuration and return to operational mode when
complete.
[edit]
lab@srxA-1# set system ntp boot-server server address
[edit]
lab@srxA-1# commit and-quit
commit complete
www.juniper.net
Step 2.8
View the config-changes log and verify the logging of the latest configuration
changes.
lab@srxA-1> show log config-changes
Apr 22 18:58:08 srxA-1 mgd[2552]: UI_CFG_AUDIT_OTHER: User 'lab' set: [system
ntp]
Apr 22 18:58:08 srxA-1 mgd[2552]: UI_CFG_AUDIT_OTHER: User 'lab' set: [system
ntp server 10.210.14.130]
Apr 22 18:58:16 srxA-1 mgd[2552]: UI_CFG_AUDIT_SET: User 'lab' set: [system ntp
boot-server] <unconfigured> -> "10.210.14.130"
Step 2.9
Manually force synchronization with the NTP server by issuing the set date ntp
operational mode command.
lab@srxA-1> set date ntp
22 Apr 19:04:24 ntpdate[3080]: step time server 10.210.14.130 offset -0.000025
sec
Step 2.10
Verify synchronization with the NTP server by using the show ntp
associations command. The system is synchronized with the NTP server if you
see the server address in the remote column with an asterisk (*) next to it. Check
the current system time using the show system uptime command.
Note
www.juniper.net
Step 2.12
Configure an SNMP trap group to send traps to the NMS server. The SNMP trap
group should send traps whenever an interface transitions to a down state. Name
the trap group interfaces.
[edit]
lab@srxA-1# set snmp trap-group interfaces targets server address
[edit]
lab@srxA-1# set snmp trap-group interfaces categories link
www.juniper.net
Step 2.13
To test your SNMP configuration, temporarily disable the ge-0/0/0 interface using
the set interfaces ge-0/0/0 disable command. Commit the new setting
and verify that the interface is down using the run show interfaces ge-0/
0/0 terse command. Next, re-enable the interface by issuing the delete
interfaces ge-0/0/0 disable command. Commit the change and return to
operational mode when complete.
[edit]
lab@srxA-1# set interfaces ge-0/0/0 disable
[edit]
lab@srxA-1# commit
commit complete
[edit]
lab@srxA-1# run show interfaces ge-0/0/0 terse
Interface
Admin Link Proto
Local
ge-0/0/0
down down
ge-0/0/0.0
up
down inet
10.210.14.131/27
Remote
[edit]
lab@srxA-1# delete interfaces ge-0/0/0 disable
[edit]
lab@srxA-1# commit and-quit
commit complete
Exiting configuration mode
lab@srxA-1>
Step 2.14
Verify that the interface transition resulted in the sending of a trap by viewing the
messages log. Use the pipe symbol (|) and match on the ge-0/0/0 interface and
the keyword snmp to parse the messages log output. Next, issue the show snmp
statistics command and confirm that the Traps value in the Output section
is not zero.
lab@srxA-1> show log messages | match ge-0/0/0 | match snmp
Apr 19 11:05:22 srxB-1 mib2d[1223]: SNMP_TRAP_LINK_DOWN: ifIndex 508,
ifAdminStatus down(2), ifOperStatus down(2), ifName ge-0/0/0
Apr 19 11:06:14 srxB-1 mib2d[1223]: SNMP_TRAP_LINK_UP: ifIndex 508,
ifAdminStatus up(1), ifOperStatus up(1), ifName ge-0/0/0
Apr 19 11:06:14 srxB-1 mib2d[1223]: SNMP_TRAP_LINK_UP: ifIndex 512,
ifAdminStatus up(1), ifOperStatus up(1), ifName ge-0/0/0.0
Apr 19 11:13:28 srxB-1 mgd[1291]: UI_CMDLINE_READ_LINE: User 'lab', command
'show log messages | match ge-0/0/0 | match snmp '
lab@srxA-1> show snmp statistics
SNMP statistics:
Input:
Packets: 0, Bad versions: 0, Bad community names: 0,
Bad community uses: 0, ASN parse errors: 0,
Too bigs: 0, No such names: 0, Bad values: 0,
www.juniper.net
walk jnxOperatingDescr
= midplane
= PEM 0
= SRX240 PowerSupply fan 1
= SRX240 PowerSupply fan 2
= SRX240 CPU fan 1
= SRX240 CPU fan 2
= SRX240 IO fan 1
www.juniper.net
jnxOperatingDescr.4.6.0.0
jnxOperatingDescr.7.1.0.0
jnxOperatingDescr.7.2.0.0
jnxOperatingDescr.8.1.1.0
jnxOperatingDescr.8.2.1.0
jnxOperatingDescr.9.1.0.0
jnxOperatingDescr.9.1.1.0
=
=
=
=
=
=
=
SRX240 IO fan 2
FPC: FPC @ 0/*/*
FPC: FPC @ 1/*/*
PIC: 16x GE Base PIC @ 0/0/*
PIC: 1x Serial mPIM @ 1/0/*
Routing Engine
USB Hub
Note
Step 2.17
Verify that the configuration successfully transferred to the remote FTP server by
using the show log messages | match transfer command.
lab@srxA-1> show log messages | match transfer
Apr 19 13:01:46 srxB-1 mgd[1291]: UI_CFG_AUDIT_SET: User 'lab' set: [system
archival configuration] <unconfigured> -> "transfer-on-commit"
Apr 19 13:01:46 srxB-1 mgd[1291]: UI_CMDLINE_READ_LINE: User 'lab', command
'set transfer-on-commit '
Apr 19 13:02:43 srxB-1 logger: transfer-file: Transferred /var/transfer/
config/srxB-1_juniper.conf.gz_20120419_200200
Apr 19 13:15:28 srxB-1 mgd[1291]: UI_CMDLINE_READ_LINE: User 'lab', command
'show log messages | match transfer '
Note
STOP
www.juniper.net
Lab 4
Operational Monitoring and Maintenance (Detailed)
Overview
This lab covers common operational monitoring and platform maintenance activities. In
this lab, you monitor system, chassis, and interface operation, use network utilities, and
perform system maintenance tasks.
The lab is available in two formats: a high-level format designed to make you think through
each step and a detailed format that offers step-by-step instructions complete with
sample output from most commands.
By completing this lab, you will perform the following tasks:
www.juniper.net
Upgrade a device running the Junos operating system and recover the root
password.
Step 1.3
Log in to the student device with the username lab using a password of lab123.
Note that both the name and password are case-sensitive. Enter configuration mode
and load the reset configuration file using the load override /var/home/
lab/ijos/lab4-start.config command. After the configuration has been
loaded, commit the changes and return to operational mode.
srxA-1 (ttyp0)
login: lab
Password:
Lab 42 Operational Monitoring and Maintenance (Detailed)
www.juniper.net
Step 1.4
Issue the show system processes extensive command to check the status
of the routing protocol daemon (rpd). Alternatively, issue the show system
processes extensive | match "pid | rpd" command to parse the
output. The use of two pipes (|) in this command allows you to make multiple
matches. In this case it matches rpd for the routing protocol process as well as PID
to view the column headers.
lab@srxA-1> show system processes extensive
last pid: 5976; load averages: 0.08, 0.14, 0.07
124 processes: 18 running, 95 sleeping, 11 waiting
up 1+21:08:16
07:32:28
Mem: 143M Active, 98M Inact, 535M Wired, 159M Cache, 112M Buf, 34M Free
Swap:
PID USERNAME THR PRI NICE
SIZE
RES STATE C
TIME
WCPU COMMAND
1234 root
7 76
0
511M 61524K select 0 140.4H 282.62%
flowd_octeon_hm
22 root
1 171
52
0K
16K RUN
0 39.0H 87.94% idle: cpu0
23 root
1 -20 -139
0K
16K RUN
0 16:54 0.00% swi7: clock
1256 root
1 76
0 10896K 4104K select 0
5:14 0.00% license-check
5 root
1 -16
0
0K
16K rtfifo 0
5:12 0.00% rtfifo_kern_recv
1223 root
1 76
0 26180K 9224K select 0
4:03 0.00% mib2d
1225 root
1 76
0 18768K 7252K select 0
3:41 0.00% l2ald
1244 root
1 76
0 15588K 3464K select 0
2:48 0.00% shm-rtsdbd
1218 root
1 76
0
113M 16796K select 0
1:49 0.00% chassisd
19 root
1 171
52
0K
16K RUN
3
1:44 0.00% idle: cpu3
20 root
1 171
52
0K
16K RUN
2
1:44 0.00% idle: cpu2
21 root
1 171
52
0K
16K RUN
1
1:43 0.00% idle: cpu1
1227 root
2 76
0 22948K 7616K select 0
1:40 0.00% pfed
1222 root
1 76
0 18932K 11360K select 0
1:33 0.00% snmpd
1252 root
1 76
0 16684K 7916K select 0
1:28 0.00% utmd
50 root
1 -16
0
0K
16K psleep 0
1:14 0.00% vmkmemdaemon
25 root
1 -40 -159
0K
16K WAIT
0
1:13 0.00% swi2: netisr 0
1215 root
1 76
0 3288K 1376K select 0
1:10 0.00% bslockd
1219 root
1 76
0 11132K 3324K select 0
1:10 0.00% alarmd
1685 root
1
4
0 49392K 22156K kqread 0
0:40 0.00% rpd
...TRIMMED...
www.juniper.net
Used
497M
1.0K
1.0K
477M
497M
1.0K
Avail
330M
0B
0B
0B
330M
0B
Capacity
60%
100%
100%
100%
60%
100%
Mounted on
/
/dev
/dev/
/junos
/junos/cf
/junos/dev/
www.juniper.net
procfs
/dev/bo0s1e
/dev/md1
/dev/da0s1f
/cf/var/jail
devfs
/dev/md2
4.0K
24M
168M
61M
898M
1.0K
39M
4.0K
22K
13M
624K
497M
1.0K
4.0K
0B
22M
142M
55M
330M
0B
36M
100%
0%
8%
1%
60%
100%
0%
/proc
/config
/mfs
/cf/var/log
/jail/var
/jail/dev
/mfs/var/run/utm
www.juniper.net
srxA-1 (ttyp0)
login: walter
Password:
--- JUNOS 12.1R1.9 built 2012-03-24 12:12:49 UTC
walter@srxA-1>
Step 1.9
Return to the original session opened to your device.
Return to the original session logged in as lab and issue the show system users
command to view information about users logged in to your teams device.
lab@srxA-1> show system users
12:41PM up 46 mins, 2 users, load averages: 0.03, 0.08, 0.12
USER
TTY
FROM
LOGIN@ IDLE WHAT
lab
u0
2:33PM
- -cli (cli)
walter
p0
10.210.14.129
3:07PM
1 -cli (cli)
www.juniper.net
Step 1.11
Check the environmental status of your teams device by issuing the show
chassis environment command.
lab@srxA-1> show chassis environment
Class Item
Status
Temp Routing Engine
OK
Routing Engine CPU
OK
Fans SRX240 PowerSupply fan 1
OK
SRX240 PowerSupply fan 2
OK
SRX240 CPU fan 1
OK
SRX240 CPU fan 2
OK
SRX240 IO fan 1
OK
SRX240 IO fan 2
OK
Power Power Supply 0
OK
Measurement
37 degrees C / 98 degrees F
36 degrees C / 96 degrees F
Spinning at high speed
Spinning at high speed
Spinning at high speed
Spinning at high speed
Spinning at high speed
Spinning at high speed
Load averages:
1 minute
0.11
5 minute
0.11
15 minute
0.11
Step 1.12
Issue the show chassis temperature-thresholds command.
lab@srxA-1> show chassis temperature-thresholds
Fan speed
Yellow alarm
Red alarm
Fire
(degrees C)
(degrees C)
(degrees C) (degrees C)
Item
Normal High
Normal Bad fan
Normal Bad fan
Normal
Chassis default
35
45
50
40
75
65
100
Routing Engine
35
45
50
40
75
65
100
Serial number
AH2909AA0041
AAAK4071
Description
SRX240-poe
RE-SRX240-POE
FPC
16x GE Base PIC
Local
Remote
10.210.14.131/27
www.juniper.net
gr-0/0/0
ip-0/0/0
ls-0/0/0
lt-0/0/0
mt-0/0/0
pd-0/0/0
pe-0/0/0
ge-0/0/1
ge-0/0/1.0
ge-0/0/2
ge-0/0/2.0
ge-0/0/3
ge-0/0/3.0
ge-0/0/4
ge-0/0/5
ge-0/0/6
ge-0/0/7
ge-0/0/8
ge-0/0/9
ge-0/0/10
ge-0/0/11
ge-0/0/12
ge-0/0/13
ge-0/0/14
ge-0/0/15
gre
ipip
lo0
lo0.0
lo0.16384
lo0.16385
up
up
up
up
up
up
up
up
up
up
up
up
up
up
up
up
up
up
up
up
up
up
up
up
up
up
up
up
up
up
up
up
up
up
up
up
up
up
up
up
up
up
up
up
up
down
down
down
down
down
down
down
down
down
down
down
up
up
up
up
up
up
lo0.32768
lsi
mtun
pimd
pime
pp0
st0
tap
vlan
up
up
up
up
up
up
up
up
up
up
up
up
up
up
up
up
up
up
inet
172.20.77.1/30
inet
172.20.66.1/30
inet
172.18.1.2/30
inet
inet
inet
192.168.1.1
--> 0/0
127.0.0.1
--> 0/0
10.0.0.1
--> 0/0
10.0.0.16
--> 0/0
128.0.0.1
--> 0/0
128.0.1.16
--> 0/0
fe80::226:88ff:fe02:6700
inet6
www.juniper.net
Step 1.15
Issue the show interfaces ge-0/0/0 extensive command and answer
the questions that follow:
lab@srxA-1> show interfaces ge-0/0/0 extensive
Physical interface: ge-0/0/0, Enabled, Physical link is Up
Interface index: 131, SNMP ifIndex: 117, Generation: 134
Description: MGMT Interface - DO NOT DELETE
Link-level type: Ethernet, MTU: 1514, Link-mode: Full-duplex, Speed: 1000mbps,
BPDU Error: None, MAC-REWRITE Error: None, Loopback: Disabled,
Source filtering: Disabled, Flow control: Enabled, Auto-negotiation: Enabled,
Remote fault: Online
Device flags
: Present Running
Interface flags: SNMP-Traps Internal: 0x0
Link flags
: None
CoS queues
: 8 supported, 8 maximum usable queues
Hold-times
: Up 0 ms, Down 0 ms
Current address: 00:26:88:02:67:00, Hardware address: 00:26:88:02:67:00
Last flapped
: 2012-04-19 11:06:14 PDT (21:34:34 ago)
Statistics last cleared: Never
Traffic statistics:
Input bytes :
2145595228
0 bps
Output bytes :
118650
0 bps
Input packets:
35759921
0 pps
Output packets:
1512
0 pps
Input errors:
Errors: 0, Drops: 0, Framing errors: 0, Runts: 0, Policed discards: 0,
L3 incompletes: 0, L2 channel errors: 0, L2 mismatch timeouts: 0,
FIFO errors: 0, Resource errors: 0
...TRIMMED...
Logical interface ge-0/0/0.0 (Index 67) (SNMP ifIndex 118) (Generation 132)
Flags: SNMP-Traps Encapsulation: ENET2
...TRIMMED...
www.juniper.net
STOP
www.juniper.net
Wait for your instructor before you proceed to the next part.
Step 2.2
Start a continuous ping to the server with a data size of 500 bytes. Refer to the
management network diagram for the servers IP address.
Note
ms
ms
ms
ms
ms
ms
ms
www.juniper.net
srxA-1 (ttyp0)
login: lab
Password:
--- JUNOS 12.1R1.9 built 2012-03-24 12:12:49 UTC
lab@srxA-1>
www.juniper.net
Step 2.4
Use the monitor traffic interface ge-0/0/0 command to begin
monitoring the ge-0/0/0 management interface.
Note
www.juniper.net
Step 2.6
Return to the original session opened to your device.
From the original session opened to your device, issue the Ctrl+c keystroke
combination to stop the continuous ping.
...TRIMMED...
508 bytes from 10.210.14.130: icmp_seq=3 ttl=64 time=2.803 ms
508 bytes from 10.210.14.130: icmp_seq=4 ttl=64 time=4.753 ms
508 bytes from 10.210.14.130: icmp_seq=5 ttl=64 time=2.495 ms
Lab 416 Operational Monitoring and Maintenance (Detailed)
www.juniper.net
STOP
Wait for your instructor before you proceed to the next part.
Step 3.2
Use the file copy command in conjunction with FTP to retrieve the install image
named junos-srxsme-12.1R1.9-domestic.tgz from the server. Refer to
the management network diagram for the servers IP address. Use the username
ftp and a password of ftp. Save the image to the /var/tmp directory on the
local device.
lab@srxA-1> file copy ftp://ftp:ftp@server address/
junos-srxsme-12.1R1.9-domestic.tgz /var/tmp/
/var/home/lab/...transferring.file.........U4R100% of
www.juniper.net
Step 3.4
Issue the request system software add /var/tmp/
junos-srxsme-12.1R1.9-domestic.tgz command to upgrade your assigned
device. Use the reboot option to automatically perform a system reboot, which is a
requirement of the upgrade process. Use the console terminal session to monitor
the upgrade process.
lab@srxA-1> request system software add /var/tmp/
junos-srxsme-12.1R1.9-domestic.tgz reboot
NOTICE: Validating configuration against junos-srxsme-12.1R1.9-domestic.tgz.
NOTICE: Use the 'no-validate' option to skip this if desired.
Formatting alternate root (/dev/da0s1a)...
/dev/da0s1a: 296.9MB (607996 sectors) block size 16384, fragment size 2048
using 4 cylinder groups of 74.22MB, 4750 blks, 9600 inodes.
super-block backups (for fsck -b #) at:
32, 152032, 304032, 456032
Lab 418 Operational Monitoring and Maintenance (Detailed)
www.juniper.net
Step 3.5
After the reboot is complete, log in again as the lab user and issue the show
version command.
srxA-1 (ttyu0)
login: lab
Password:
--- JUNOS 12.1R1.9 built 2012-03-24 12:12:49 UTC
lab@srxA-1> show version
Hostname: srxA-1
Model: srx240-poe
JUNOS Software Release [12.1R1.9]
lab@srxA-1>
www.juniper.net
STOP
Wait for your instructor before you proceed to the next part.
Step 4.2
Using a terminal session connected to the console port, reboot the system. Enter
yes to authorize the reboot. When prompted to enter the command prompt, press
the space bar.
lab@srxA-1> request system reboot
Reboot the system ? [yes,no] (no) yes
Shutdown NOW!
[pid 950]
lab@srxA-1>
*** FINAL System shutdown message from lab@srxA-1 ***
System going down IMMEDIATELY
...TRIMMED...
FreeBSD/MIPS U-Boot bootstrap loader, Revision 1.9
(builder@zigeth.juniper.net, Mon May 17 05:45:58 UTC 2010)
Memory: 1024MB
[0]Booting from nand-flash slice 1
Un-Protected 1 sectors
writing to flash...
Protected 1 sectors
Loading /boot/defaults/loader.conf
/kernel data=0xa17310+0xdbc54 syms=[0x4+0x7f730+0x4+0xb6cd4]
www.juniper.net
Step 4.3
At the prompt, first disable the watchdog process by using the watchdog
disable command. Secondly, type boot -s and press Enter to boot the Junos OS
in single-user mode.
loader> watchdog disable
loader> boot -s
Kernel entry at 0x801000d8 ...
init regular console
Primary ICache: Sets 64 Size 128 Asso 4
Primary DCache: Sets 1 Size 128 Asso 64
Secondary DCache: Sets 512 Size 128 Asso 8
...TRIMMED...
System watchdog timer disabled
Enter full pathname of shell or 'recovery' for root password recovery or RETURN
for /bin/sh:
Step 4.4
When prompted to enter a pathname for shell or recovery for root password
recovery, type recovery and press Enter.
Enter full pathname of shell or 'recovery' for root password recovery or RETURN
for /bin/sh: recovery
Performing system setup ...
...TRIMMED...
Performing initialization of management services ...
Performing checkout of management services ...
NOTE:
NOTE:
NOTE:
NOTE:
NOTE:
NOTE:
NOTE:
NOTE:
NOTE:
NOTE:
NOTE:
Once in the CLI, you will need to enter configuration mode using
the 'configure' command to make any required changes. For example,
to reset the root password, type:
configure
set system root-authentication plain-text-password
(enter the new password when asked)
commit
exit
exit
When you exit the CLI, you will be asked if you want to reboot
the system
www.juniper.net
Step 4.5
Once the prompt is available, enter configuration mode and set a new root password
of lab123. Commit the configuration and return to configuration mode. Use the
exit command to leave operational mode, the software prompts you about
rebooting. Type y and press Enter to reboot the system.
root@srxA-1> configure
Entering configuration mode
[edit]
root@srxA-1# set system root-authentication plain-text-password
New password:
Retype new password:
[edit]
lab@srxA-1# commit and-quit
commit complete
Exiting configuration mode
lab@srxA-1> exit
Reboot the system? [y/n] y
Waiting (max 60 seconds) for system
Waiting (max 60 seconds) for system
Waiting (max 60 seconds) for system
Syncing disks, vnodes remaining...1
process
process
process
1 1 1 0
`vnlru' to stop...done
`bufdaemon' to stop...done
`syncer' to stop...
0 done
Step 4.6
Once the system boots, verify the root password recovery by logging in with the new
root password.
srxA-1 (ttyu0)
login: root
Password:
--- JUNOS 12.1R1.9 built 2012-03-24 12:12:49 UTC
root@srxA-1%
www.juniper.net
Step 4.8
Restore the lab4-part4-start configuration using the load override /
var/home/lab/ijos/lab4-part4-start.config command. Activate the
configuration and log out of the system.
[edit]
root@srxA-1# load override /var/home/lab/ijos/lab4-part4-start.config
load complete
[edit]
root@srxA-1# commit and-quit
commit complete
Exiting configuration mode
root@srxA-1> exit
root@srxA-1% exit
logout
srxA-1 (ttyu0)
login:
STOP
www.juniper.net
www.juniper.net
Lab 5 (Optional)
The J-Web Interface (Detailed)
Overview
This lab introduces you to the J-Web graphical user interface (GUI). In this lab, you will
familiarize yourself with various J-Web features and capabilities.
The lab is available in two formats: a high-level format that is designed to make you think
through each step and a detailed format that offers step-by-step instructions complete
with sample output from most commands.
By completing this lab, you will perform the following tasks:
www.juniper.net
www.juniper.net
Step 1.3
Log in to the student device with the username lab using a password of lab123.
Note that both the name and password are case-sensitive. Enter configuration mode
and load the reset configuration file using the load override /var/home/
lab/ijos/lab5-start.config command. After the configuration has been
loaded, commit the changes and return to operational mode.
srxA-1 (ttyp0)
login: lab
Password:
--- JUNOS 12.1R1.9 built 2012-03-24 12:12:49 UTC
lab@srxA-1> configure
Entering configuration mode
[edit]
lab@srxA-1# load override ijos/lab5-start.config
load complete
[edit]
lab@srxA-1# commit and-quit
commit complete
Exiting configuration mode
lab@srxA-1>
Step 1.4
Open a Web browser on your PC.
From a Web browser on your PC. navigate to the management address of your
device. Refer to the management network diagram for the IP address associated
with your teams station.
Step 1.5
Log in as user lab with the password supplied by your instructor.
www.juniper.net
Step 1.6
After logging in click on the Dashboard tab in the upper left corner. Use the
information found in your browser to answer the following questions.
www.juniper.net
www.juniper.net
1.
2.
Scroll down the list of available Panels, and select Chassis Status,
then click OK.
www.juniper.net
Step 1.8
Navigate to Monitor > Interfaces and view the ge-0/0/0.0 interface.
www.juniper.net
Step 1.9
Navigate to Monitor > Routing > Route Information to view the current
static routes.
www.juniper.net
Step 2.2
Navigate to Configure > System Properties > User Management.
Step 2.3
Click Edit. In the Edit User Management window, click Add and create the
user Jweb. Use the password lab123 and fullname Jweb User. Keep the login
class as read-only. Leave the User ID field blank. Click OK when complete.
www.juniper.net
Step 2.4
Commit the new user by clicking on Actions in the upper right corner, then click
Commit.
Step 2.5
Return to User Management and remove the Jweb user created earlier.
1.
2.
Click Edit.
3.
4.
Click OK.
Step 2.6
Click Actions, then click Compare to display changes in the configuration.
Lab 510 The J-Web Interface (Detailed)
www.juniper.net
Step 2.7
Commit the changes by clicking on Actions then Commit.
Step 2.8
Navigate to Troubleshoot > Ping Host. Enter the IP address of the server in
the management network and click Start to begin the ping.
www.juniper.net
STOP
www.juniper.net
A2 Lab Diagrams
www.juniper.net
www.juniper.net
Lab Diagrams A3
A4 Lab Diagrams
www.juniper.net