Jncia-er Lab Manual

8/9/2019 Jncia-er Lab Manual

1/34


2/34


3/34

()CI*-E+ ab anual

AB. ABS DESCRIPTION PAGE

NO.

1 Junos Basic and J-web Basics 2

2 Accessing the Juniper Router through Telnet/SSH/HTTP 11

3 Static Routing 12

4 Dynamic Routing

! R"P#! $SP%

14

16

5 %irewall %iltering! Simple %irewall %iltering#! Ad&ance 'irewall %iltering

18

20

6 Port Address Translation (PAT) 22

7 "mplement *RRP 24

8 "nter-&lan routing 26

9 +on'iguring dhcp 28

10 Password reco&ery

30

11 PPP Authentication 32

1


4/34

()CI*-E+ ab anual

Lab # 1

Junos Basic

Configuration

After connecting your PC to the Console Port.

.GI)rootP*SS0.+abc1!

+oo&

4o En&er In&o .era&ional oe 6ro7 8ni9 Shell : ;ice- ;ersa<

"oot $ cli

"oot %

&o 'nter (nto Configuration )ode.

"oot% configureEn&erin% con=i%ura&ion 7oe

"oot #

J*eb e+uivalent , Configuration

se Coit coand to activate your changes.

"oot# coit

&o change the /ost 0ae of "outer.

"oot# set syste host-nae host

"oot# coit

2


5/34

()CI*-E+ ab anual

J*eb e+uivalent , Configuration % uic2 Configuration % setup

3et the 3yste Date 4 &ie on the "outer

"oot% set date 1,15,6 7hh,,ss8

"oot% set date 559-15-: 7;;-))-DD8"oot# coit

J*eb e+uivalent , Configuration % uic2 Configuration % setup>se& &i7e 7anuall$?


6/34

()CI*-E+ ab anual

Displays per-second real-tie statistics for a physical interface

"oot% onitor interface se-5?5?

Coand prints pac2et headers to your terinal screen for inforation sent or

received by the "outing 'ngine

"oot%onitor traffic interface se-5?5?

)ove connection to another port for testing purpose

"oot#renae interfaces fe-5?5?5 to fe-5?5?1

7in this e>aple you *ill ove the configuration for fe-5?5?5 to fe-5?5?18

"uplicate an e>isting configuration and change a fe* coponents.

"oot#copy interfaces fe-5?5?5 to fe-5?5?1

7*e are replicating an e>isting configuration so *e can change a fe* coponents8

Configuring the 'ncapsulation on a Physical (nterface

"oot#set interfaces se-5?5? encapsulation ppp

3ho* Active Configuration.

"oot%sho* configuration

or

"oot%sho* syste rollbac2 5

or

"oot#sho*

J*eb e+uivalent, Configuration %


7/34

()CI*-E+ ab anual

3ho* Active Configuration in set display"oot # 3ho* @ display set

3ho* Active Configuration in >l forat

"oot # 3ho* @ display >l

s ho* candidate Configuration.

"oot% sho* syste rollbac2

7&eporary Configuration and becoes active *hen coit it8

J*eb e+uivalent , Configuration % history

Copare "ollbac2 Configuration.

"oot% sho* syste rollbac2 5 copare

J*eb e+uivalent , Configuration % history % copare

Configure "ollbac2 Configuration.

"oot#rollbac2

"oot#coit

Deactivate or Activate configuration.

"oot#deactivate Anyconfiguration

or e>aple

"oot#deactivate interfaces se-5?5?

5


8/34

()CI*-E+ ab anual

"oot#sho*

interfaces

inactive se-5?5?

3hut do*n an (nterface

"oot# set interfaces se-5?5? disable

"oot# delete interface se-5?5? disable

3et "escue Configuration.

"oot% re+uest 3yste configuration rescue save

73ave Active configuration as rescue configuration8

J*eb e+uivalent , configuration %rescue

Coit "escue Configuration.

"oot% rollbac2 rescue

=r7"eset C=0( button on the front of E-series router *ill load and coit the

rescue configuration 8

J*eb e+uivalent , Configuration % history 7Se& rescue con=i%ura&ion?

3ho* "escue Configuration.

"oot% 3ho* 3yste configuration rescue

J*eb e+uivalent , Configuration % history 7;ie rescue con=i%ura&ion ?

&o loo2 ho* any users are logged in Eunos

"oot%sho* syste user

!

http://10.0.0.10/?m%5B%5D=rescue&mode=set-rescuehttp://10.0.0.10/?m%5B%5D=rescue&mode=view-rescuehttp://10.0.0.10/?m%5B%5D=rescue&mode=set-rescuehttp://10.0.0.10/?m%5B%5D=rescue&mode=view-rescue


9/34

()CI*-E+ ab anual

&o loo2 at files stored in lash eory

"oot%sho* syste storage

&o loo2 at used tcp and udp ports

"oot%sho* syste connection

&o loo2 at syste license

"oot%sho* syste license

&o loo2 at syste fir*are

"oot%sho* syste fir*are

3ho* chassis coponent and teperature of cpu

"oot % sho* chassis environent

J*eb e+uivalent , )onitor % chassis

3ho* chassis hard*are

"oot % sho* chassis hard*are detail

J*eb e+uivalent , )onitor % chassis

3et the pass*ord of "oot in clear te>t.

"oot# set syste root-authentication plain-te>t-pass*ord )e Passor abc1!+e&$e ne assor abc1!

A


10/34

()CI*-E+ ab anual


3et the pass*ord of "oot in encrypted te>t.

"oot# set syste root-authentication encrypted-pass*ord abc1!


&o shutdo*n and restart the router

"oot% re+uest syste po*eroff

"oot% re+uest syste reboot

J*eb e+uivalent , )anage % "eboot

&o a2e the router on factory default setting

"oot # load factory-defaultarnin% ac&ia&in% =ac&or$ con=i%ura&ion

Dei&

"oot # set syste root-authentication plain-te>t-pass*ord

)e assor abc1!

+e&$e ne assor abc1!

Dei&

"oot # coit

@


11/34

()CI*-E+ ab anual

Assign the (P Address on the 'thernet (nterface of the"outer.

Configuration

Assign the (P Address on the 'thernet (nterface of the "outer .

"oot# set interfaces fe-5?5?5 unit 5 faily inet address 15.5.5.15?6

"oot#edit interface fe-5?5?5

"oot#3et description F&his is the 'thernet anageent interfaceF

"oot#top

"oot#coit

Delete the (P Address on the 'thernet (nterface of the "outer .

"oot#delete interface fe-5?5?5 unit 5 faily inet address 15.5.5.15?6

"enae the (P Address on the 'thernet (nterface of the "outer .

"oot#renae interface fe-5?5?5 unit 5 faily inet address 15.5.5.15?6 to 1G.5.5.15?6

J*eb e+uivalent , Configuration % uic2 Configuration % interfaces


12/34

()CI*-E+ ab anual

Assign the (P Address on the 3erial (nterfaces of the

"outer.

Configuration

Assign the (P Address on the 3erial (nterface of the "outer "1 7DC'8 .

"oot# set interfaces se-5?5? unit 5 faily inet address 1G.5.5.1?6

"oot# set interfaces se-5?5? serial options cloc2ing-ode dce

"oot# set interfaces se-5?5? serial options cloc2-rate :H.52hI

"oot# coit


Assign the (P Address on the 3erial (nterface of the "outer " .

"oot# set interfaces se-5?5? unit 5 faily inet address 1G.5.5.?6

"oot# coit



13/34

()CI*-E+ ab anual

Lab #

Accessing "outer through &elnet?33/?/&&P

7&elnet?33/?/&&P bet*een t*o "outers8

Configuration

Configuring telnet on "1.

"oot"1# set syste services telnet

"oot"1# set syste services ssh

"oot"1# set syste login user "1 class super-user authentication plain-te>t-

pass*ord

En&er assor abc1!

+e&$e assor abc1!

Configuring telnet on ".

"oot"# set syste services telnet

"oot"#set syste services ssh

"oot"1# set syste login user " class super-user authentication plain-te>t-

pass*ord

En&er assor abc1!+e&$e assor abc1!


14/34

()CI*-E+ ab anual

Lab # !

3&A&(C "outes

Diagra

Configuration

Configure the 3tatic "oute on the "outer "1 .

"oot# set routing-options static route 5.5.5.5?6 ne>t-hop 1G.5.5.

"oot# coit

J*eb e+uivalent , Configuration % uic2 Configuration % routing and

protocols

Configure the 3tatic "oute on the "outer " .

"oot# set routing-options static route 15.5.5.5?6 ne>t-hop 1G.5.5.1

"oot# coit

"P Address ,!!!Se-//#

"P Address ,!!!#Se-//#

R .A"P Address !!!%e-//

"P Address #!!!%e-//

Host A"P Address !!!

Host B"P Address #!!!

R#

12


15/34

()CI*-E+ ab anual

J*eb e+uivalent , Configuration % uic2 Configuration % routing andprotocols


16/34

()CI*-E+ ab anual

Lab # H 7i8

"outing Protocol- RI!

Diagra

Configuration'nable the "(P protocol on the "outer "1 .

root"1# set protocols rip group 0A)' e>port policy1

root"1# set protocols rip group 0A)' neighbor se-5?5?

Defining policy ,

root"1# set policy-options policy-stateent policy1 fro protocol direct

root"1#set policy-options policy-stateent policy1 then accept


protocols



R .A"P Address !!!

%e-//"P Address #!!!

%e-//



R#

1"


17/34

()CI*-E+ ab anual

'nable the "(P protocol on the "outer " .

root"# set protocols rip group 0A)' e>port policy1

root"# set protocols rip group 0A)' neighbor se-5?5?

Defining policy ,

root"# set policy-options policy-stateent policy1 fro protocol direct

root"#set policy-options policy-stateent policy1 then accept


protocols


18/34

()CI*-E+ ab anual

Lab # H 7ii8

"outing Protocol- "#!$ %Area &' Diagra

Configuration

'nable the =3P protocol on the "outer "1 .

"oot"1#set protocols ospf area 5.5.5.5 interface e-5?5?5

"oot"1#set protocols ospf area 5.5.5.5 interface 3e-5?5?

=r

"oot"1#set protocols ospf area 5.5.5.5 interface all

J*eb e+uivalent , Configuration % uic2 Configuration % routing andprotocols



"P Address#!!!

%e-//

"P Address!!!

%e-//


Bac2bone Area ? Area 5

R#R

.A


1!


19/34

()CI*-E+ ab anual

'nable the =3P protocol on the "outer " .

"oot"#set protocols ospf area 5.5.5.5 interface e-5?5?5"oot"#set protocols ospf area 5.5.5.5 interface 3e-5?5?

=r

"oot"#set protocols ospf area 5.5.5.5 interface all


protocols


20/34

()CI*-E+ ab anual

Lab # G

ire*all ilteringi.3iple ire*all iltering

Diagra

(P Address 1G.5.5.1

Configuration

)a2e the 3tandard ACL on router "1 such that /ost AK can not be accessing

the eb 4 tp 3erver .

"oot"1# set fire*all filter (L&'"-(0 ter BL=CM-ALL-PACM'&3 frosource-address 15.5.5.1?!

"oot"1# set fire*all filter (L&'"-(0 ter BL=CM-ALL-PACM'&3 then

discard

"oot"1# set fire*all filter (L&'"-(0 ter ALL=-=&/'"3 then accept

Host B"P Address

!!!#

%TP Ser&er

"P Address#!!!#

"P Address#!!!

.0B Ser&er

Host A"P Address

!!!

"P Address!!!%e-//

"P Address#!!!

%t %e-//

"P Address ,!!!#Serial-//#

"P Address ,!!!Serial-//#

.A R

R#

1@


21/34

()CI*-E+ ab anual

Apply the 3tandard ACL on router "1Ks 3erial (nterface.

"oot"1#set interface se-5?5? unit 5 faily inet filter =&P& (L&'"-(0


22/34


23/34

()CI*-E+ ab anual

)a2e the ire*all iltering on router "1 such that /ost BK can not be accessing the

tp 3erver .

"oot"1#set fire*all filter protect ter D'0;-&P fro source-

address15.5.5.?!

"oot"1#set fire*all filter protect ter D'0;-&P fro destination-

address5.5.5.?!

"oot"1#set fire*all filter protect ter D'0;-&P fro protocol tcp

"oot"1#set fire*all filter protect ter D'0;- &P fro destination-port &P

"oot"1#set fire*all filter protect ter D'0;-&P then discard

"oot"1#set fire*all filter protect ter P'")(&-ALL then accept

Apply the ire*all iltering on router "1Ks 'thernet (nterface.

"oot"1#set interface fe-5?5?5 unit 5 faily inet filter input protect


24/34

()CI*-E+ ab anual

Lab # :

Port Address &ranslation 7PA&8

Diagra

ConfigurationConfiguring 3p interface

"oot#set interfaces sp-5?5?5 unit 5 faily inet

Defining 0at Pool

"oot#set services nat pool global-out address 1G.5.5.11?!

"oot#set services nat pool global-out port autoatic

Defining 0at rule

"oot#set services nat rule nat-out atch-direction output

"oot#set services nat rule nat-out ter nat-*ith-alg fro application-sets Eunos-

algs-outbound

"P Address ,!!!Serial

"P Address ,!!!#Serial

R .A"P Address !!!0thernet "P Address #!!!

0thernet

"P Address

#!!!

Host B

"P Address!!!#

"P Address

#!!!#

%TP Ser&er

.0B Ser&er

(nside Local =utside Local

(nside lobal =utside lobal

NAT 4ransla&ion 4able .=

"1

1


25/34

()CI*-E+ ab anual

"oot#set services nat rule nat-out ter nat-*ith-alg then translated source-pool

global-out

"oot#set services nat rule nat-out ter nat-*ith-alg then translated translation-type

source dynaic

Create service set

"oot#set services service-set nat-ss nat-rules nat-out

"oot#set services service-set nat-ss interface-service service-interface sp-5?5?5.5

Apply service set to nat interface

"oot#set interfaces se-5?5? unit 5 faily inet service input service-set nat-ss

"oot#set interfaces se-5?5? unit 5 faily inet service output service-set nat-ss


26/34

()CI*-E+ ab anual

Lab #N

+on'iguring *RRP

Configuration

Configuration of


27/34

()CI*-E+ ab anual

"oot#set interfaces fe-5?5?5 unit 5 faily inet address 15.5.5.15?6 vrrp-group 1

priority 55

"oot#set interfaces fe-5?5?5 unit 5 faily inet address 15.5.5.15?6 vrrp-group 1

accept-data

"oot#set interfaces lo5 unit 5 faily inet address 1G.5.5.?!

Configuration of


28/34

()CI*-E+ ab anual

Lab # 6

(nter-


29/34

()CI*-E+ ab anual

3*itch7config8#vlan 5

3*itch7config-vlan8#nae vlan-15

3*itch7config8#interface range fast'thernet 5?1 - 15

3*itch7config-if-range8#s*itchport ode access

3*itch7config-if-range8#s*itchport access vlan 15

3*itch7config8#interface range fast'thernet 5?11 - 5

3*itch7config-if-range8#s*itchport ode access

3*itch7config-if-range8#s*itchport access vlan 5

3*itch7config8#interface fast'thernet 5?H

3*itch7config-if8#s*itchport ode trun2

"outer"oot#set interfaces fe-5?5?5 vlan-tagging

"oot #set interfaces fe-5?5?5 unit 15 vlan-id 15

"oot #set interfaces fe-5?5?5 unit 15 faily inet address 15.5.5.15?6

"oot #set interfaces fe-5?5?5 unit 5 vlan-id 5

"oot #set interfaces fe-5?5?5 unit 5 faily inet address 5.5.5.15?6


30/34

()CI*-E+ ab anual

Lab # 9

Configuring Juniper "outer as a Dhcp

3erver

3tep 1, =n "outer Create 4 Configure Dhcp

"oot#set syste services dhcp pool 15.5.5.5?6

"oot#set syste services dhcp pool 15.5.5.5?6 router 15.5.5.15

"oot#set syste services dhcp pool 15.5.5.5?6 address-range lo* 15.5.5.1 high

15.5.5.1

2@

Host A Host B

%e-// !!! J()&&


31/34

()CI*-E+ ab anual

=n "outer reserve address 715.5.5.G8 by e>cluding fro dhcp pool

"oot#set syste services dhcp pool 15.5.5.5?6 e>clude-address 15.5.5.G

J*eb e+uivalent , Configuration % uic2 Configuration % dhcp


32/34

()CI*-E+ ab anual

Lab #15

Pass*ord "ecovery

Configuration

irst Press Po*er =0 Button reboot your router

*hen belo* line appear press space bar

/it O'nter to boot iediatelyQ or space bar for coand propt.

Booting O2ernel in 1 second...

&ype boot Rs at belo* propt

&ype STS for a list of coandsQ ShelpS for ore detailed help.

=2 boot -s

&ype recovery at belo* propt'nter full pathnae of shell or SrecoveryS for root pass*ord recovery or "'&"0

for ?bin?sh, recovery

CL( propt Appear

3tarting CL( ...

root%

&ype Configure and 3et "oot authentication Pass*ord

"oot%configure

"oot#set syste root-authentication plain-te>t-pass*ord

0e* pass*ord,UUUUUUU

"etype ne* pass*ord,UUUUUUU

3


33/34

()CI*-E+ ab anual

&ype coit to load configuration

"oot#coit"oot# e>it

&ype '>it to reboot the "outer

root% e>it

"eboot the systeT Oy?n yes

31


34/34

()CI*-E+ ab anual

Lab # 11

PPP A&/'0&(CA&(=0- C*A! Diagra

Configuration

C/AP Authentication Configuration for "outer "1.

"oot#set syste host-nae "1

"oot"1#set syste root-authentication encrypted-pass*ord abc1!

"oot"1#set interfaces se-5?5? encapsulation ppp

"oot"1#set interfaces se-5?5? ppp-options chap default-chap-secret abc1!

"oot"1#set interfaces se-5?5? ppp-options chap local-nae "1

C/AP Authentication Configuration for "outer ".

"oot#set syste host-nae "

"oot"#set syste root-authentication encrypted-pass*ord abc1!

"oot"#set interfaces se-5?5? encapsulation ppp

"oot"#set interfaces se-5?5? ppp-options chap default-chap-secret abc1!

"oot"#set interfaces se-5?5? ppp-options chap local-nae "

32



R# R

.A

Documents

Jncia-er Lab Manual