Tuesday 2 July 2019

2.7.19

By Peter

In: , ,

No comments

Base Junos Configuration

The following template will get the fundamental features setup in Junos and act as a base for building more advanced configurations:

# Enter configuration mode
cli
configure exclusive

# Configure root user key / password
set system root-authentication load-key-file
[OR]
set system root-authentication plain-text-password

# Enable remote management
edit system services
active ssh
ativate web-management https
set web-management https port 443
set web-management https system-generated-certificate
set web-management https interface fxp0.0

# Disable insecure services
deactivate telnet
decativate web-management http

# Setup hostname
top
set system host-name "host01"

# Setup time / date / ntp
set system time-zone Europe/London
exit
set date ntp 1.uk.pool.ntp.org
set cli idle-timeout 10

# Setup new user and assign login class
edit
edit system login
edit user jbloggs
set authentication plain-text-password
set full-name "Joe Bloggs"
set class operator | read-only | super-user

# Create custom login class
set system login class test-class permissions [interface interface-control]
set system login class test-class idle-timeout 10
[OR]
# Configure RADIUS
set system radius-server 10.11.12.254 source-address 10.11.12.1
edit system radius-server 10.11.12.254
set secret <pass-phrase>
set port 1845
# Ensure radius requests originate from the mgmt interface
routing-instance mgmt_junos
exit
set system authentication-order [radius password]
# Assign a default class for remote users
set system login user remote class super-user

### Setup Layer 3 Interface
# Change physical properties
edit interfaces ge-0/0/1
set speed 10m
set link-mode full-duplex

### Create VLAN
set vlans testvlan vlan-id 123
set vlans testvlan2 vlan-id 456

# Change logical properties
edit interfaces ge-0/0/1 unit 0
set vlan-id 50
edit family inet
set address 1.2.3.254/24

### Setup Access Port
# Change logical properties
edit interfaces ge-0/0/2 unit 0
set family ethernet-switching interface-mode access
set family ethernet-switching vlan members 123

### Setup Trunk Port
edit interfaces ge-0/0/3 unit 0
set family ethernet-switching port-mode trunk vlan members [testvlan testvlan2]

### Syslog Forwarding
* This is performed via the local syslog server rather than the Juniper CLI (messages found in /var/log/messages)
* To edit the configuration from the CLI use 'edit system syslog'.

### Commit changes
commit

0 comments:

Post a Comment