The following template will get the fundamental features setup in Junos and act as a base for building more advanced configurations:
# Enter configuration mode
cli
configure exclusive
# Configure root user key / password
set system root-authentication load-key-file
[OR]
set system root-authentication plain-text-password
# Enable remote management
edit system services
active ssh
ativate web-management https
set web-management https port 443
set web-management https system-generated-certificate
set web-management https interface fxp0.0
# Disable insecure services
deactivate telnet
decativate web-management http
# Setup hostname
top
set system host-name "host01"
# Setup time / date / ntp
set system time-zone Europe/London
exit
set date ntp 1.uk.pool.ntp.org
set cli idle-timeout 10
# Setup new user and assign login class
edit
edit system login
edit user jbloggs
set authentication plain-text-password
set full-name "Joe Bloggs"
set class operator | read-only | super-user
# Create custom login class
set system login class test-class permissions [interface interface-control]
set system login class test-class idle-timeout 10
[OR]
# Configure RADIUS
set system radius-server 10.11.12.254 source-address 10.11.12.1
edit system radius-server 10.11.12.254
set secret <pass-phrase>
set port 1845
# Ensure radius requests originate from the mgmt interface
routing-instance mgmt_junos
exit
set system authentication-order [radius password]
# Assign a default class for remote users
set system login user remote class super-user
### Setup Layer 3 Interface
# Change physical properties
edit interfaces ge-0/0/1
set speed 10m
set link-mode full-duplex
### Create VLAN
set vlans testvlan vlan-id 123
set vlans testvlan2 vlan-id 456
# Change logical properties
edit interfaces ge-0/0/1 unit 0
set vlan-id 50
edit family inet
set address 1.2.3.254/24
### Setup Access Port
# Change logical properties
edit interfaces ge-0/0/2 unit 0
set family ethernet-switching interface-mode access
set family ethernet-switching vlan members 123
### Setup Trunk Port
edit interfaces ge-0/0/3 unit 0
set family ethernet-switching port-mode trunk vlan members [testvlan testvlan2]
### Syslog Forwarding
* This is performed via the local syslog server rather than the Juniper CLI (messages found in /var/log/messages)
* To edit the configuration from the CLI use 'edit system syslog'.
### Commit changes
commit
No comments:
Post a Comment