Table of Contents
- 1 First steps
- 2 Exercise 1 – root password
- 3 Exercise 2 – host-name
- 4 Exercise 3 – rollback
- 5 Exercise 4 – edit
- 6 Exercise 5 – up
- 7 Exercise 6 – top & commit check
- 8 Exercise 7 – set vs. edit & set
- 9 Exercise 8 – telnet
- 10 Exercise 9 – run
- 11 Exercise 10 – automatic rollback
- 12 Exercise 11 – copy & rename
- 13 Exercise 12 – annotate
- 14 Exercise 13 – rescue
- 15 Exercise 14 – preferred IP address
First steps
This page is to practice what you learned in Juniper’s PDF (part 1), chapter 2 and 3. So now it is time to get active and log in as root without any password.
First thing you should notice is that Amnesiac is the default host-name. This indicates that our JunOS is running with the factory-default configuration (you can use the load factory-default command in configuration mode to have a JunOS in this state).
You are logged in as root, you should see the UNIX shell prompt root@% where you can type UNIX commands like ls or ps but this is beyond our scope. What we want is the operational mode prompt root> that is started with the cli command.
Amnesiac (ttyd0) login: root --- JUNOS 10.1R1.8 built 2010-02-12 17:15:05 UTC root@% cli root>
Type show configuration to display the current factory-default configuration.
root> show configuration
## Last commit: 2011-02-17 00:34:21 UTC by root
version 10.1R1.8;
system {
syslog {
user * {
any emergency;
}
file messages {
any notice;
authorization info;
}
file interactive-commands {
interactive-commands any;
}
}
## Warning: missing mandatory statement(s): 'root-authentication'
}
Note the missing mandatory statement warning, this means you will not be able to commit your changes until you set up a password for root.
Exercise 1 – root password
Go to configuration mode using the configure command and try to commit the current candidate configuration, then set a password for root and commit again.
Solution below
root> configure Entering configuration mode [edit] root# commit [edit] 'system' Missing mandatory statement: 'root-authentication' error: commit failed: (missing statements) [edit] root# set system root-authentication plain-text-password New password: Retype new password: [edit] root# commit commit complete
Now your JunOS route is ready for new commits! Let’s see if you can apply the same configuration on your second router without looking at the solution above. Remember, you must first login, then go to operational mode and then to configuration mode. The command to set up the root password starts with set system, use ? to find the complete command. Finally, don’t forget to commit or your configuration will not be active!
root# set system ? Possible completions: > accounting System accounting configuration + apply-groups Groups from which to inherit configuration data ... > tracing System wide option for remote tracing
Also try out the help topic command to display usage guidelines (if you want the all story), the help reference command to display summary information (the most useful when you want to know about all command options) and the help apropos command which displays the contexts (typically set commands) relevant to the configuration hierarchy level at which you are currently positioned (if you want help only for your current hierarchy level and nothing else).
[edit] root# help topic system root-authentication root# help reference system root-authentication root# help apropos root-authentication
Exercise 2 – host-name
Have you noticed? We have exactly the same prompt on both routers; this is annoying as we want to know which is which. Let’s add a host-name for both routers. We’ll let you find the right command (hint: use set system ?)
Solution below
root# set system host-name JUNOS1 root# set system host-name JUNOS2
Now compare the candidate configuration with the active configuration using show | compare. The + are lines that are going to be added to the active configuration when you commit and – lines are going to be removed. This is very useful to know exactly what is about to be changed. Do it on both routers and commit.
root# show | compare [edit system] + host-name JUNOS1; [edit] root# commit commit complete
Exercise 3 – rollback
On JUNOS2, configure a wrong hostname, anything. Commit your configuration and rollback to the one containing the right hostname.
Solution below
[edit] root# set system host-name typo [edit] root@JUNOS2# commit commit complete [edit] root@typo# rollback 1 load complete [edit] root@typo# show | compare [edit system] - host-name typo; + host-name JUNOS2; [edit] root@typo# commit commit complete [edit] root@JUNOS2#
Exercise 4 – edit
Let’s configure an IP address for the first interface on our JUNOS1 router using the edit command. Place yourself at the following level: interfaces em0 unit 0 family inet. em0 is the name for our first interface, give it this IP address and mask: 192.168.1.1/24
Solution below
[edit] root@JUNOS1# edit interfaces em0 unit 0 family inet [edit interfaces em0 unit 0 family inet] root@JUNOS1# set address 192.168.1.1/24 [edit interfaces em0 unit 0 family inet] root@JUNOS1# show address 192.168.1.1/24;
Exercise 5 – up
Go back up 3 levels and edit em1 in the same way as em0. Configure the following IP address and mask: 10.1.1.1/8
Solution below
[edit interfaces em0 unit 0 family inet] root@JUNOS1# up 3 [edit interfaces] root@JUNOS1# edit em1 unit 0 family inet [edit interfaces em1 unit 0 family inet] root@JUNOS1# set address 10.1.1.1/8
Exercise 6 – top & commit check
Go to the top level, check your configuration and commit.
Solution below
[edit interfaces em1 unit 0 family inet] root@JUNOS1# top [edit] root@JUNOS1# commit check configuration check succeeds [edit] root@JUNOS1# commit commit complete
Exercise 7 – set vs. edit & set
Configure the em0 (logical unit 0, IPv4 family) interface on JUNOS2 router with 192.168.1.2/24 IP address using the set command from the top level (remember ? is your friend).
Solution below
[edit] root@JUNOS2# set interfaces em0 unit 0 family inet address 192.168.1.2/24
Configure IP address 10.1.1.2/8 on em1 by placing yourself to the last level using edit.
Solution below
[edit] root@JUNOS2# edit interfaces em1 unit 0 family inet [edit interfaces em1 unit 0 family inet] root@JUNOS2# set address 10.1.1.2/8
Exercise 8 – telnet
Now we would like to configure telnet (SSH would be a better choice as it is secured) to remotely configure JUNOS2 from JUNOS1. First check that nothing is configured under system services level while staying at your current level (hint: use top). Then edit that level without going back to the top level. Configure telnet with the set command, exit to the top level, check what you are about to change and finally commit.
Solution below
[edit interfaces em1 unit 0 family inet]
root@JUNOS2# top show system services
[edit interfaces em1 unit 0 family inet]
root@JUNOS2# top edit system services
[edit system services]
root@JUNOS2# set telnet
[edit system services]
root@JUNOS2# exit
[edit]
root@JUNOS2# show | compare
[edit system]
+ services {
+ telnet;
+ }
[edit]
+ interfaces {
+ em0 {
+ unit 0 {
+ family inet {
+ address 192.168.1.2/24;
+ }
+ }
+ }
+ em1 {
+ unit 0 {
+ family inet {
+ address 10.1.1.2/8;
+ }
+ }
+ }
+ }
[edit]
root@JUNOS2# commit
commit complete
Add a user account to access this device using telnet and commit again.
Solution below
[edit] root@JUNOS2# set system login user junuser class super-user authentication plain-text-password
Exercise 9 – run
Back to JUNOS1, without leaving configuration mode, ping and telnet to JUNOS2 (IP address: 192.168.1.2). Use Ctrl + C to stop pinging. Use the username and password you previously created to authenticate with JUNOS2.
Solution below
[edit] root@JUNOS1# run ping 192.168.1.2 PING 192.168.1.2 (192.168.1.2): 56 data bytes … 64 bytes from 192.168.1.2: icmp_seq=3 ttl=64 time=1.019 ms 64 bytes from 192.168.1.2: icmp_seq=4 ttl=64 time=0.940 ms ^C --- 192.168.1.2 ping statistics --- 5 packets transmitted, 5 packets received, 0% packet loss round-trip min/avg/max/stddev = 0.940/4.298/17.504/6.603 ms [edit] root@JUNOS1# run telnet 192.168.1.2 Trying 192.168.1.2... Connected to 192.168.1.2. Escape character is '^]'. JUNOS2 (ttyp0) login: junuser Password: --- JUNOS 10.1R1.8 built 2010-02-12 17:15:05 UTC junuser@JUNOS2> configure Entering configuration mode Users currently editing the configuration: root terminal d0 (pid 1392) on since 2011-12-15 18:57:48 UTC, idle 00:01:45
Exercise 10 – automatic rollback
From your telnet session on JUNOS2, delete the telnet statement under system services level and commit in a way that if you lose your connection to JUNOS2, the configuration is automatically rolled back after 1 minute. Exit both configuration and operational modes to go back to JUNOS1. Try to telnet again to 192.168.1.2; this should not work. Wait about 2 minutes (take a coffee break) and try again. This time it should work as your previous commit should have been rolled back.
Solution below
[edit] junuser@JUNOS2# delete system services telnet [edit] junuser@JUNOS2# commit confirmed 1 commit confirmed will be automatically rolled back in 1 minutes unless confirmed commit complete # commit confirmed will be rolled back in 1 minute [edit] junuser@JUNOS2# exit Exiting configuration mode # commit confirmed will be rolled back in 1 minute junuser@JUNOS2> exit
Exercise 11 – copy & rename
Copy em1 configuration to em2 and rename em2 to em3. Deactivate em3. Go to interfaces level and display the candidate configuration. Note the inactive: em3. Finally commit.
Solution below
[edit]
root@JUNOS1# copy interfaces em1 to em2
[edit]
root@JUNOS1# rename interfaces em2 to em3
[edit]
root@JUNOS1# deactivate interfaces em3
[edit]
root@JUNOS1# edit interfaces
[edit interfaces]
root@JUNOS1# show
em0 {
unit 0 {
family inet {
address 192.168.1.1/24;
}
}
}
em1 {
unit 0 {
family inet {
address 10.1.1.1/8;
}
}
}
inactive: em3 {
unit 0 {
family inet {
address 10.1.1.1/8;
}
}
}
[edit interfaces]
root@JUNOS1# commit
commit complete
Change em3 IP address from 10.1.1.1/8 to 10.1.1.3/8 (hint: use the rename command). Maybe you would like to see what commands produced this candidate configuration? Use show and a pipe to find out.
Solution below
[edit interfaces] root@JUNOS1# rename em3 unit 0 family inet address 10.1.1.1/8 to address 10.1.1.3/8 [edit interfaces] root@JUNOS1# show | display set set interfaces em0 unit 0 family inet address 192.168.1.1/24 set interfaces em1 unit 0 family inet address 10.1.1.1/8 set interfaces em3 unit 0 family inet address 10.1.1.3/8 deactivate interfaces em3
Exercise 12 – annotate
Add an annotation saying that em3 is inactive. Using only one command, commit with a comment describing what you just did and return to operational mode.
Solution below
[edit interfaces] root@JUNOS1# annotate em3 "Inactive interface" [edit interfaces] root@JUNOS1# commit comment "Added inactive em3 interface" and-quit commit complete Exiting configuration mode root@JUNOS1>
Compare the active configuration with the previous one using the show configuration command.
Solution below
root@JUNOS1> show configuration | compare rollback 1
[edit interfaces]
+ /* Inactive interface */
+ inactive: em3 {
+ unit 0 {
+ family inet {
+ address 10.1.1.3/8;
+ }
+ }
+ }
Exercise 13 – rescue
You know your configuration works well (basic connectivity is established for instance). Therefore you want to make it the rescue configuration in case of problem; this will speed up a recovery. Create the rescue configuration and restore it.
Solution below
root@JUNOS1> request system configuration rescue save root@JUNOS1> configure Entering configuration mode root@JUNOS1# rollback rescue load complete [edit] root@JUNOS1# commit commit complete
Exercise 14 – preferred IP address
Configure an additional IP address (192.168.1.3/24) for em0 and configure your router so that it uses this IP as the source when sending pings to JUNOS2. Commit, exit to operational mode and check with the show interfaces command that em0 has 2 IP addresses.
Solution below
[edit]
root@JUNOS1# set interfaces em0 unit 0 family inet address 192.168.1.3/24 preferred
[edit]
root@JUNOS1# show | compare
[edit interfaces em0 unit 0 family inet]
address 192.168.1.1/24 { ... }
+ address 192.168.1.3/24 {
+ preferred;
+ }
[edit]
root@JUNOS1# commit
commit complete
[edit]
root@JUNOS1# exit
Exiting configuration mode
root@JUNOS1> show interfaces em0 terse
Interface Admin Link Proto Local Remote
em0 up up
em0.0 up up inet 192.168.1.1/24
192.168.1.3/24
Let’s check that JUNOS1 can actually send packets using source IP address 192.168.1.3. On JUNOS2, in operational mode, use the following command to monitor the traffic to and from the router: monitor traffic interface em0 (Ctrl + C to exit). Then ping from JUNOS1 to 192.168.1.2. You should see that you are receiving packets from 192.168.1.3 (192.168.1.3 > 192.168.1.2)
root@JUNOS1> ping 192.168.1.2 PING 192.168.1.2 (192.168.1.2): 56 data bytes 64 bytes from 192.168.1.2: icmp_seq=0 ttl=64 time=12.510 ms 64 bytes from 192.168.1.2: icmp_seq=1 ttl=64 time=1.665 ms root@JUNOS2> monitor traffic interface em0 verbose output suppressed, use <detail> or <extensive> for full protocol decode Address resolution is ON. Use <no-resolve> to avoid any reverse lookup delay. Address resolution timeout is 4s. Listening on em0, capture size 96 bytes 04:37:18.543830 192.168.1.3 > 192.168.1.2: ICMP echo request, id 40718, seq 12, length 64 04:37:18.544023 192.168.1.2 > 192.168.1.3: ICMP echo reply, id 40718, seq 12, length 64
Congratulations, you completed this page! If you are ready to have some more, please go to Secondary System Configuration
