Before diving deeper into JunOS configuration you should have read chapter 4 of Juniper’s first PDF. Let’s continue with the same lab as before.
Exercise 1 – Syslog
On JUNOS2, set up a syslog file to record any config changes (hint: system syslog). Commit and quit.
Solution below
[edit] root@JUNOS2# set system syslog file config-changes change-log info [edit] root@JUNOS2# commit and-quit commit complete Exiting configuration mode
Now go back to configuration mode and change junuser to give operator permissions instead of super-user. Again, commit and-quit. Using the show command, display the log related to your previous commit.
Solution below
[edit] root@JUNOS2# set system login user junuser class operator [edit] root@JUNOS2# commit and-quit commit complete Exiting configuration mode root@JUNOS2> show log config-changes Dec 16 05:06:24 JUNOS2 mgd[1392]: UI_CFG_AUDIT_SET: User 'root' set: [system login user junuser class] "super-user -> "operator"
Use the help syslog command to learn more about the message code (UI_CFG_AUDIT_SET).
Solution below
root@JUNOS2> help syslog UI_CFG_AUDIT_SET Name: UI_CFG_AUDIT_SET Message: User '<username>' <action>: <pathname> <delimiter><data> -> "<value>" Help: Value has been set for configuration object Description: The indicated user set a value for a configuration object, as indicated. Type: Event: This message reports an event, not an error Severity: info
From JUNOS1, telnet to JUNOS2 (192.168.1.2), log in and start monitoring the change-log file in real time.
Solution below
root@JUNOS1> telnet 192.168.1.2 Trying 192.168.1.2... Connected to 192.168.1.2. Escape character is '^]'. JUNOS2 (ttyp0) login: junuser Password: --- JUNOS 10.1R1.8 built 2010-02-12 17:15:05 UTC junuser@JUNOS2> monitor start config-changes
Using the console (logged with root) on JUNOS2, delete em1 configuration and cancel your current candidate configuration using the rollback command. The operator connected via telnet should have been informed of what just happened. Stop all monitoring and exit.
Solution below
[edit] root@JUNOS2# delete interfaces em1 [edit] root@JUNOS2# rollback 0 load complete junuser@JUNOS2> *** config-changes *** Dec 16 05:16:53 JUNOS2 mgd[1392]: UI_CFG_AUDIT_OTHER: User 'root' delete: [interfaces em1] Dec 16 05:17:12 JUNOS2 mgd[1392]: UI_CFG_AUDIT_OTHER: User 'root' rollback: /config/juniper.conf ... junuser@JUNOS2> monitor list monitor start "config-changes" (Last changed Dec 16 05:17:13) junuser@JUNOS2> monitor stop junuser@JUNOS2> exit
Exercise 2 – FTP and automated configuration backup
On JUNOS2, activate FTP and commit (hint: use set system services).
Solution below
[edit] root@JUNOS2# set system services ftp [edit] root@JUNOS2# commit commit complete
Back to JUNOS1, configure it to backup any new configuration that becomes active on JUNOS2 (192.168.1.2) using FTP to ftp://[email protected] (hint: configuration is done in system archival configuration level). Commit once to apply your candidate configuration, delete interface em3 and commit again. After a few seconds your new configuration should be backed up on JUNOS2 (use the file list /var/home/junuser command to check).
Solution below
[edit] root@JUNOS1# edit system archival configuration [edit system archival configuration] root@JUNOS1# set transfer-on-commit root@JUNOS1# set archive-sites ftp://[email protected] password mypassword [edit system archival configuration] root@JUNOS1# commit commit complete [edit system archival configuration] root@JUNOS1# top delete interfaces em3 [edit system archival configuration] root@JUNOS1# commit commit complete [edit] root@JUNOS1# run show log messages | match juniper.conf Dec 16 07:06:20 JUNOS1 logger: transfer-file: Transferred /var/transfer/config/JUNOS1_juniper.conf.gz_20111216_070529 root@JUNOS2> file list /var/home/junuser /var/home/junuser: .ssh/ JUNOS1_juniper.conf.gz_20111216_070459
