Download - Jncia-er Lab Manual
-
8/9/2019 Jncia-er Lab Manual
1/34
-
8/9/2019 Jncia-er Lab Manual
2/34
-
8/9/2019 Jncia-er Lab Manual
3/34
()CI*-E+ ab anual
AB. ABS DESCRIPTION PAGE
NO.
1 Junos Basic and J-web Basics 2
2 Accessing the Juniper Router through Telnet/SSH/HTTP 11
3 Static Routing 12
4 Dynamic Routing
! R"P#! $SP%
14
16
5 %irewall %iltering! Simple %irewall %iltering#! Ad&ance 'irewall %iltering
18
20
6 Port Address Translation (PAT) 22
7 "mplement *RRP 24
8 "nter-&lan routing 26
9 +on'iguring dhcp 28
10 Password reco&ery
30
11 PPP Authentication 32
1
-
8/9/2019 Jncia-er Lab Manual
4/34
()CI*-E+ ab anual
Lab # 1
Junos Basic
Configuration
After connecting your PC to the Console Port.
.GI)rootP*SS0.+abc1!
+oo&
4o En&er In&o .era&ional oe 6ro7 8ni9 Shell : ;ice- ;ersa<
"oot $ cli
"oot %
&o 'nter (nto Configuration )ode.
"oot% configureEn&erin% con=i%ura&ion 7oe
"oot #
J*eb e+uivalent , Configuration
se Coit coand to activate your changes.
"oot# coit
&o change the /ost 0ae of "outer.
"oot# set syste host-nae host
"oot# coit
2
-
8/9/2019 Jncia-er Lab Manual
5/34
()CI*-E+ ab anual
J*eb e+uivalent , Configuration % uic2 Configuration % setup
3et the 3yste Date 4 &ie on the "outer
"oot% set date 1,15,6 7hh,,ss8
"oot% set date 559-15-: 7;;-))-DD8"oot# coit
J*eb e+uivalent , Configuration % uic2 Configuration % setup>se& &i7e 7anuall$?
-
8/9/2019 Jncia-er Lab Manual
6/34
()CI*-E+ ab anual
Displays per-second real-tie statistics for a physical interface
"oot% onitor interface se-5?5?
Coand prints pac2et headers to your terinal screen for inforation sent or
received by the "outing 'ngine
"oot%onitor traffic interface se-5?5?
)ove connection to another port for testing purpose
"oot#renae interfaces fe-5?5?5 to fe-5?5?1
7in this e>aple you *ill ove the configuration for fe-5?5?5 to fe-5?5?18
"uplicate an e>isting configuration and change a fe* coponents.
"oot#copy interfaces fe-5?5?5 to fe-5?5?1
7*e are replicating an e>isting configuration so *e can change a fe* coponents8
Configuring the 'ncapsulation on a Physical (nterface
"oot#set interfaces se-5?5? encapsulation ppp
3ho* Active Configuration.
"oot%sho* configuration
or
"oot%sho* syste rollbac2 5
or
"oot#sho*
J*eb e+uivalent, Configuration %
-
8/9/2019 Jncia-er Lab Manual
7/34
()CI*-E+ ab anual
3ho* Active Configuration in set display"oot # 3ho* @ display set
3ho* Active Configuration in >l forat
"oot # 3ho* @ display >l
s ho* candidate Configuration.
"oot% sho* syste rollbac2
7&eporary Configuration and becoes active *hen coit it8
J*eb e+uivalent , Configuration % history
Copare "ollbac2 Configuration.
"oot% sho* syste rollbac2 5 copare
J*eb e+uivalent , Configuration % history % copare
Configure "ollbac2 Configuration.
"oot#rollbac2
"oot#coit
Deactivate or Activate configuration.
"oot#deactivate Anyconfiguration
or e>aple
"oot#deactivate interfaces se-5?5?
5
-
8/9/2019 Jncia-er Lab Manual
8/34
()CI*-E+ ab anual
"oot#sho*
interfaces
inactive se-5?5?
3hut do*n an (nterface
"oot# set interfaces se-5?5? disable
"oot# delete interface se-5?5? disable
3et "escue Configuration.
"oot% re+uest 3yste configuration rescue save
73ave Active configuration as rescue configuration8
J*eb e+uivalent , configuration %rescue
Coit "escue Configuration.
"oot% rollbac2 rescue
=r7"eset C=0( button on the front of E-series router *ill load and coit the
rescue configuration 8
J*eb e+uivalent , Configuration % history 7Se& rescue con=i%ura&ion?
3ho* "escue Configuration.
"oot% 3ho* 3yste configuration rescue
J*eb e+uivalent , Configuration % history 7;ie rescue con=i%ura&ion ?
&o loo2 ho* any users are logged in Eunos
"oot%sho* syste user
!
http://10.0.0.10/?m%5B%5D=rescue&mode=set-rescuehttp://10.0.0.10/?m%5B%5D=rescue&mode=view-rescuehttp://10.0.0.10/?m%5B%5D=rescue&mode=set-rescuehttp://10.0.0.10/?m%5B%5D=rescue&mode=view-rescue
-
8/9/2019 Jncia-er Lab Manual
9/34
()CI*-E+ ab anual
&o loo2 at files stored in lash eory
"oot%sho* syste storage
&o loo2 at used tcp and udp ports
"oot%sho* syste connection
&o loo2 at syste license
"oot%sho* syste license
&o loo2 at syste fir*are
"oot%sho* syste fir*are
3ho* chassis coponent and teperature of cpu
"oot % sho* chassis environent
J*eb e+uivalent , )onitor % chassis
3ho* chassis hard*are
"oot % sho* chassis hard*are detail
J*eb e+uivalent , )onitor % chassis
3et the pass*ord of "oot in clear te>t.
"oot# set syste root-authentication plain-te>t-pass*ord )e Passor abc1!+e&$e ne assor abc1!
A
-
8/9/2019 Jncia-er Lab Manual
10/34
()CI*-E+ ab anual
J*eb e+uivalent , Configuration % uic2 Configuration % setup
3et the pass*ord of "oot in encrypted te>t.
"oot# set syste root-authentication encrypted-pass*ord abc1!
J*eb e+uivalent , Configuration % uic2 Configuration % setup
&o shutdo*n and restart the router
"oot% re+uest syste po*eroff
"oot% re+uest syste reboot
J*eb e+uivalent , )anage % "eboot
&o a2e the router on factory default setting
"oot # load factory-defaultarnin% ac&ia&in% =ac&or$ con=i%ura&ion
Dei&
"oot # set syste root-authentication plain-te>t-pass*ord
)e assor abc1!
+e&$e ne assor abc1!
Dei&
"oot # coit
@
-
8/9/2019 Jncia-er Lab Manual
11/34
()CI*-E+ ab anual
Assign the (P Address on the 'thernet (nterface of the"outer.
Configuration
Assign the (P Address on the 'thernet (nterface of the "outer .
"oot# set interfaces fe-5?5?5 unit 5 faily inet address 15.5.5.15?6
"oot#edit interface fe-5?5?5
"oot#3et description F&his is the 'thernet anageent interfaceF
"oot#top
"oot#coit
Delete the (P Address on the 'thernet (nterface of the "outer .
"oot#delete interface fe-5?5?5 unit 5 faily inet address 15.5.5.15?6
"enae the (P Address on the 'thernet (nterface of the "outer .
"oot#renae interface fe-5?5?5 unit 5 faily inet address 15.5.5.15?6 to 1G.5.5.15?6
J*eb e+uivalent , Configuration % uic2 Configuration % interfaces
-
8/9/2019 Jncia-er Lab Manual
12/34
()CI*-E+ ab anual
Assign the (P Address on the 3erial (nterfaces of the
"outer.
Configuration
Assign the (P Address on the 3erial (nterface of the "outer "1 7DC'8 .
"oot# set interfaces se-5?5? unit 5 faily inet address 1G.5.5.1?6
"oot# set interfaces se-5?5? serial options cloc2ing-ode dce
"oot# set interfaces se-5?5? serial options cloc2-rate :H.52hI
"oot# coit
J*eb e+uivalent , Configuration % uic2 Configuration % interfaces
Assign the (P Address on the 3erial (nterface of the "outer " .
"oot# set interfaces se-5?5? unit 5 faily inet address 1G.5.5.?6
"oot# coit
J*eb e+uivalent , Configuration % uic2 Configuration % interfaces
-
8/9/2019 Jncia-er Lab Manual
13/34
()CI*-E+ ab anual
Lab #
Accessing "outer through &elnet?33/?/&&P
7&elnet?33/?/&&P bet*een t*o "outers8
Configuration
Configuring telnet on "1.
"oot"1# set syste services telnet
"oot"1# set syste services ssh
"oot"1# set syste login user "1 class super-user authentication plain-te>t-
pass*ord
En&er assor abc1!
+e&$e assor abc1!
Configuring telnet on ".
"oot"# set syste services telnet
"oot"#set syste services ssh
"oot"1# set syste login user " class super-user authentication plain-te>t-
pass*ord
En&er assor abc1!+e&$e assor abc1!
-
8/9/2019 Jncia-er Lab Manual
14/34
()CI*-E+ ab anual
Lab # !
3&A&(C "outes
Diagra
Configuration
Configure the 3tatic "oute on the "outer "1 .
"oot# set routing-options static route 5.5.5.5?6 ne>t-hop 1G.5.5.
"oot# coit
J*eb e+uivalent , Configuration % uic2 Configuration % routing and
protocols
Configure the 3tatic "oute on the "outer " .
"oot# set routing-options static route 15.5.5.5?6 ne>t-hop 1G.5.5.1
"oot# coit
"P Address ,!!!Se-//#
"P Address ,!!!#Se-//#
R .A"P Address !!!%e-//
"P Address #!!!%e-//
Host A"P Address !!!
Host B"P Address #!!!
R#
12
-
8/9/2019 Jncia-er Lab Manual
15/34
()CI*-E+ ab anual
J*eb e+uivalent , Configuration % uic2 Configuration % routing andprotocols
-
8/9/2019 Jncia-er Lab Manual
16/34
()CI*-E+ ab anual
Lab # H 7i8
"outing Protocol- RI!
Diagra
Configuration'nable the "(P protocol on the "outer "1 .
root"1# set protocols rip group 0A)' e>port policy1
root"1# set protocols rip group 0A)' neighbor se-5?5?
Defining policy ,
root"1# set policy-options policy-stateent policy1 fro protocol direct
root"1#set policy-options policy-stateent policy1 then accept
J*eb e+uivalent , Configuration % uic2 Configuration % routing and
protocols
"P Address ,!!!Se-//#
"P Address ,!!!#Se-//#
R .A"P Address !!!
%e-//"P Address #!!!
%e-//
Host A"P Address !!!
Host B"P Address #!!!
R#
1"
-
8/9/2019 Jncia-er Lab Manual
17/34
()CI*-E+ ab anual
'nable the "(P protocol on the "outer " .
root"# set protocols rip group 0A)' e>port policy1
root"# set protocols rip group 0A)' neighbor se-5?5?
Defining policy ,
root"# set policy-options policy-stateent policy1 fro protocol direct
root"#set policy-options policy-stateent policy1 then accept
J*eb e+uivalent , Configuration % uic2 Configuration % routing and
protocols
-
8/9/2019 Jncia-er Lab Manual
18/34
()CI*-E+ ab anual
Lab # H 7ii8
"outing Protocol- "#!$ %Area &' Diagra
Configuration
'nable the =3P protocol on the "outer "1 .
"oot"1#set protocols ospf area 5.5.5.5 interface e-5?5?5
"oot"1#set protocols ospf area 5.5.5.5 interface 3e-5?5?
=r
"oot"1#set protocols ospf area 5.5.5.5 interface all
J*eb e+uivalent , Configuration % uic2 Configuration % routing andprotocols
"P Address ,!!!Se-//#
"P Address ,!!!#Se-//#
"P Address#!!!
%e-//
"P Address!!!
%e-//
Host B"P Address #!!!
Bac2bone Area ? Area 5
R#R
.A
Host A"P Address !!!
1!
-
8/9/2019 Jncia-er Lab Manual
19/34
()CI*-E+ ab anual
'nable the =3P protocol on the "outer " .
"oot"#set protocols ospf area 5.5.5.5 interface e-5?5?5"oot"#set protocols ospf area 5.5.5.5 interface 3e-5?5?
=r
"oot"#set protocols ospf area 5.5.5.5 interface all
J*eb e+uivalent , Configuration % uic2 Configuration % routing and
protocols
-
8/9/2019 Jncia-er Lab Manual
20/34
()CI*-E+ ab anual
Lab # G
ire*all ilteringi.3iple ire*all iltering
Diagra
(P Address 1G.5.5.1
Configuration
)a2e the 3tandard ACL on router "1 such that /ost AK can not be accessing
the eb 4 tp 3erver .
"oot"1# set fire*all filter (L&'"-(0 ter BL=CM-ALL-PACM'&3 frosource-address 15.5.5.1?!
"oot"1# set fire*all filter (L&'"-(0 ter BL=CM-ALL-PACM'&3 then
discard
"oot"1# set fire*all filter (L&'"-(0 ter ALL=-=&/'"3 then accept
Host B"P Address
!!!#
%TP Ser&er
"P Address#!!!#
"P Address#!!!
.0B Ser&er
Host A"P Address
!!!
"P Address!!!%e-//
"P Address#!!!
%t %e-//
"P Address ,!!!#Serial-//#
"P Address ,!!!Serial-//#
.A R
R#
1@
-
8/9/2019 Jncia-er Lab Manual
21/34
()CI*-E+ ab anual
Apply the 3tandard ACL on router "1Ks 3erial (nterface.
"oot"1#set interface se-5?5? unit 5 faily inet filter =&P& (L&'"-(0
-
8/9/2019 Jncia-er Lab Manual
22/34
-
8/9/2019 Jncia-er Lab Manual
23/34
()CI*-E+ ab anual
)a2e the ire*all iltering on router "1 such that /ost BK can not be accessing the
tp 3erver .
"oot"1#set fire*all filter protect ter D'0;-&P fro source-
address15.5.5.?!
"oot"1#set fire*all filter protect ter D'0;-&P fro destination-
address5.5.5.?!
"oot"1#set fire*all filter protect ter D'0;-&P fro protocol tcp
"oot"1#set fire*all filter protect ter D'0;- &P fro destination-port &P
"oot"1#set fire*all filter protect ter D'0;-&P then discard
"oot"1#set fire*all filter protect ter P'")(&-ALL then accept
Apply the ire*all iltering on router "1Ks 'thernet (nterface.
"oot"1#set interface fe-5?5?5 unit 5 faily inet filter input protect
-
8/9/2019 Jncia-er Lab Manual
24/34
()CI*-E+ ab anual
Lab # :
Port Address &ranslation 7PA&8
Diagra
ConfigurationConfiguring 3p interface
"oot#set interfaces sp-5?5?5 unit 5 faily inet
Defining 0at Pool
"oot#set services nat pool global-out address 1G.5.5.11?!
"oot#set services nat pool global-out port autoatic
Defining 0at rule
"oot#set services nat rule nat-out atch-direction output
"oot#set services nat rule nat-out ter nat-*ith-alg fro application-sets Eunos-
algs-outbound
"P Address ,!!!Serial
"P Address ,!!!#Serial
R .A"P Address !!!0thernet "P Address #!!!
0thernet
"P Address
#!!!
Host B
"P Address!!!#
"P Address
#!!!#
%TP Ser&er
.0B Ser&er
(nside Local =utside Local
(nside lobal =utside lobal
NAT 4ransla&ion 4able .=
"1
1
-
8/9/2019 Jncia-er Lab Manual
25/34
()CI*-E+ ab anual
"oot#set services nat rule nat-out ter nat-*ith-alg then translated source-pool
global-out
"oot#set services nat rule nat-out ter nat-*ith-alg then translated translation-type
source dynaic
Create service set
"oot#set services service-set nat-ss nat-rules nat-out
"oot#set services service-set nat-ss interface-service service-interface sp-5?5?5.5
Apply service set to nat interface
"oot#set interfaces se-5?5? unit 5 faily inet service input service-set nat-ss
"oot#set interfaces se-5?5? unit 5 faily inet service output service-set nat-ss
-
8/9/2019 Jncia-er Lab Manual
26/34
()CI*-E+ ab anual
Lab #N
+on'iguring *RRP
Configuration
Configuration of
-
8/9/2019 Jncia-er Lab Manual
27/34
()CI*-E+ ab anual
"oot#set interfaces fe-5?5?5 unit 5 faily inet address 15.5.5.15?6 vrrp-group 1
priority 55
"oot#set interfaces fe-5?5?5 unit 5 faily inet address 15.5.5.15?6 vrrp-group 1
accept-data
"oot#set interfaces lo5 unit 5 faily inet address 1G.5.5.?!
Configuration of
-
8/9/2019 Jncia-er Lab Manual
28/34
()CI*-E+ ab anual
Lab # 6
(nter-
-
8/9/2019 Jncia-er Lab Manual
29/34
()CI*-E+ ab anual
3*itch7config8#vlan 5
3*itch7config-vlan8#nae vlan-15
3*itch7config8#interface range fast'thernet 5?1 - 15
3*itch7config-if-range8#s*itchport ode access
3*itch7config-if-range8#s*itchport access vlan 15
3*itch7config8#interface range fast'thernet 5?11 - 5
3*itch7config-if-range8#s*itchport ode access
3*itch7config-if-range8#s*itchport access vlan 5
3*itch7config8#interface fast'thernet 5?H
3*itch7config-if8#s*itchport ode trun2
"outer"oot#set interfaces fe-5?5?5 vlan-tagging
"oot #set interfaces fe-5?5?5 unit 15 vlan-id 15
"oot #set interfaces fe-5?5?5 unit 15 faily inet address 15.5.5.15?6
"oot #set interfaces fe-5?5?5 unit 5 vlan-id 5
"oot #set interfaces fe-5?5?5 unit 5 faily inet address 5.5.5.15?6
-
8/9/2019 Jncia-er Lab Manual
30/34
()CI*-E+ ab anual
Lab # 9
Configuring Juniper "outer as a Dhcp
3erver
3tep 1, =n "outer Create 4 Configure Dhcp
"oot#set syste services dhcp pool 15.5.5.5?6
"oot#set syste services dhcp pool 15.5.5.5?6 router 15.5.5.15
"oot#set syste services dhcp pool 15.5.5.5?6 address-range lo* 15.5.5.1 high
15.5.5.1
2@
Host A Host B
%e-// !!! J()&&
-
8/9/2019 Jncia-er Lab Manual
31/34
()CI*-E+ ab anual
=n "outer reserve address 715.5.5.G8 by e>cluding fro dhcp pool
"oot#set syste services dhcp pool 15.5.5.5?6 e>clude-address 15.5.5.G
J*eb e+uivalent , Configuration % uic2 Configuration % dhcp
-
8/9/2019 Jncia-er Lab Manual
32/34
()CI*-E+ ab anual
Lab #15
Pass*ord "ecovery
Configuration
irst Press Po*er =0 Button reboot your router
*hen belo* line appear press space bar
/it O'nter to boot iediatelyQ or space bar for coand propt.
Booting O2ernel in 1 second...
&ype boot Rs at belo* propt
&ype STS for a list of coandsQ ShelpS for ore detailed help.
=2 boot -s
&ype recovery at belo* propt'nter full pathnae of shell or SrecoveryS for root pass*ord recovery or "'&"0
for ?bin?sh, recovery
CL( propt Appear
3tarting CL( ...
root%
&ype Configure and 3et "oot authentication Pass*ord
"oot%configure
"oot#set syste root-authentication plain-te>t-pass*ord
0e* pass*ord,UUUUUUU
"etype ne* pass*ord,UUUUUUU
3
-
8/9/2019 Jncia-er Lab Manual
33/34
()CI*-E+ ab anual
&ype coit to load configuration
"oot#coit"oot# e>it
&ype '>it to reboot the "outer
root% e>it
"eboot the systeT Oy?n yes
31
-
8/9/2019 Jncia-er Lab Manual
34/34
()CI*-E+ ab anual
Lab # 11
PPP A&/'0&(CA&(=0- C*A! Diagra
Configuration
C/AP Authentication Configuration for "outer "1.
"oot#set syste host-nae "1
"oot"1#set syste root-authentication encrypted-pass*ord abc1!
"oot"1#set interfaces se-5?5? encapsulation ppp
"oot"1#set interfaces se-5?5? ppp-options chap default-chap-secret abc1!
"oot"1#set interfaces se-5?5? ppp-options chap local-nae "1
C/AP Authentication Configuration for "outer ".
"oot#set syste host-nae "
"oot"#set syste root-authentication encrypted-pass*ord abc1!
"oot"#set interfaces se-5?5? encapsulation ppp
"oot"#set interfaces se-5?5? ppp-options chap default-chap-secret abc1!
"oot"#set interfaces se-5?5? ppp-options chap local-nae "
32
"P Address ,!!!Se-//#
"P Address ,!!!#Se-//#
R# R
.A