[edit] Root # set system root-authentication plain-text-password New password: abc123
Retype new password: abc123
[edit] Root # commit
9 Assign the IP Address on the Ethernet Interface of the Router.
Configuration
Assign the IP Address on the Ethernet Interface of the Router.
Root# set interfaces fe-0/0/0 unit 0 family inet address 10.0.0.10/8 Root#edit interface fe-0/0/0 Root#Set description "This is the Ethernet management interface" Root#top Root#commit
Delete the IP Address on the Ethernet Interface of the Router.
Root#delete interface fe-0/0/0 unit 0 family inet address 10.0.0.10/8
Rename the IP Address on the Ethernet Interface of the Router.
Root#rename interface fe-0/0/0 unit 0 family inet address 10.0.0.10/8 to 15.0.0.10/8
Verifying Command Root> show interfaces Root> show interface terse Root>show interface description Root> show interfaces terse | match fe
10 Assign the IP Address on the Serial Interfaces of the Router.
Configuration
Assign the IP Address on the Serial Interface of the Router R1 (DCE).
Root# set interfaces se-0/0/2 unit 0 family inet address 15.0.0.1/8 Root# set interfaces se-0/0/2 serial options clocking-mode dce Root# set interfaces se-0/0/2 serial options clock-rate 64.0khz Root# commit
Root> show interfaces Root> show interfaces terse Root> show interfaces terse | match se Root> show interfaces detail se-0/0/2
11 Lab # 2 Accessing Router through Telnet/SSH/HTTP (Telnet/SSH/HTTP between two Routers)
Configuration
Configuring telnet on R1.
Root@R1# set system services telnet Root@R1# set system services ssh Root@R1# set system login user R1 class super-user authentication plain-text- password Enter password: abc123 Retype password: abc123
Configuring telnet on R2.
Root@R2# set system services telnet Root@R2#set system services ssh Root@R1# set system login user R2 class super-user authentication plain-text- password Enter password: abc123 Retype password: abc123
Verifying Commands
Root> show system users Root> show configu ration Root# show system
12 Lab # 3 STATIC Routes Diagram
Configuration
Configure the Static Route on the Router R1. Root# set routing-options static route 20.0.0.0/8 next-hop 15.0.0.2 Root# commit
Make the Firewall Filter on router R1 such that Host A can not be accessing the Web & Ftp Server. Root@R1# set firewall filter FILTER-IN term BLOCK-ALL-PACKETS from source-address 10.0.0.1/32
Root@R1# set firewall filter FILTER-IN term BLOCK-ALL-PACKETS then discard
Root@R1# set firewall filter FILTER-IN term ALLOW-OTHERS then accept
Host B IP Address 10.0.0.2 FTP Server IP Address 20.0.0.2 IP Address 20.0.0.1 WEB Server Host A IP Address 10.0.0.1 IP Address 10.0.0.10 Fe-0/0/0 IP Address 20.0.0.10 Ft 0Fe-0/0/0 IP Address 15.0.0.2 Serial-0/0/2
IP Address 15.0.0.1 Serial-0/0/2
WAN R1 R2
19
Apply the Firewall Filter on router R1s Serial Interface.
Root@R1#set interface se-0/0/2 unit 0 family inet filter OUTPUT FILTER-IN
Verifying commands (Now Host A should not be accessing both Web & FTP servers. However, Host B should be accessing both Web & FTP Servers) root# show firewall filter FILTER-NAME
20 ii. Advanced Firewall Filtering Diagram
Configuration
Make the Firewall Filtering on router R1 such that Host A can not be accessing the Web Server.
Root@R1#set firewall filter protect term DENY-http from source- address10.0.0.1/32
Root@R1#set firewall filter protect term DENY-http from destination- address20.0.0.1/32
Root@R1#set firewall filter protect term DENY-http from protocol tcp
Root@R1#set firewall filter protect term DENY-http from destination-port http
Root@R1#set firewall filter protect term DENY-http then discard
Host B IP Address 10.0.0.2 FTP Server IP Address 20.0.0.2 IP Address 20.0.0.1 WEB Server Host A IP Address 10.0.0.1 IP Address 10.0.0.10 Fe-0/0/0 IP Address 20.0.0.10 Ft 0Fe-0/0/0 IP Address 15.0.0.2 Serial-0/0/2
IP Address 15.0.0.1 Serial-0/0/2
WAN R1 R2
21 Make the Firewall Filtering on router R1 such that Host B can not be accessing the Ftp Server.
Root@R1#set firewall filter protect term DENY-FTP from source- address10.0.0.2/32
Root@R1#set firewall filter protect term DENY-FTP from destination- address20.0.0.2/32
Root@R1#set firewall filter protect term DENY-FTP from protocol tcp
Root@R1#set firewall filter protect term DENY- FTP from destination-port FTP
Root@R1#set firewall filter protect term DENY-FTP then discard
Root@R1#set firewall filter protect term PERMIT-ALL then accept
Apply the Firewall Filtering on router R1s Ethernet Interface.
Root@R1#set interface fe-0/0/0 unit 0 family inet filter input protect
Verifying commands (Now Host A should not be accessing Web server & Host B should not be accessing both FTP server).
root# show firewall filter FILTER-NAME
22 Lab # 6 Port Address Translation (PAT)
Diagram
Configuration Configuring Sp interface Root#set interfaces sp-0/0/0 unit 0 family inet
Defining Nat Pool
Root#set services nat pool global-out address 15.0.0.11/32 Root#set services nat pool global-out port automatic
Defining Nat rule
Root#set services nat rule nat-out match-direction output Root#set services nat rule nat-out term nat-with-alg from application-sets junos- algs-outbound
IP Address 15.0.0.1 Serial 0/0/2 IP Address 15.0.0.2 Serial 0/0/2 R1 WAN IP Address 10.0.0.10 Fe-0/0/0 IP Address 20.0.0.10 Fe-0/0/0 IP Address 20.0.0.1 Host B IP Address 10.0.0.2 IP Address 20.0.0.2 FTP Server WEB Server NAT Translation Table Of R1 10.0.0.1 15.0.0.11 10.0.0.2 15.0.0.11
Host A IP Address 10.0.0.1 R2
23 Root#set services nat rule nat-out term nat-with-alg then translated source-pool global-out
Root#set services nat rule nat-out term nat-with-alg then translated translation-type source dynamic
Root#set interfaces se-0/0/2 unit 0 family inet service input service-set nat-ss Root#set interfaces se-0/0/2 unit 0 family inet service output service-set nat-ss
Verifying commands
Root>sh services nat pool Root >sh services nat pool detail Root >clear services stateful-firewall flows
24 Lab #7 Configuring VRRP
Configuration
Configuration of Vrrp on Router A
Root#set interfaces fe-0/0/0 unit 0 family inet address 10.0.0.10/8 vrrp-group 1 virtual-address 10.0.0.5
L0 15.0.0.1 L0 15.0.0.1 Virtual Router 10.0.0.5
J2300 J2300 10.0.0.20 10.0.0.10 VRRP GROUP 1 Host A IP Address 10.0.0.1
25 Root#set interfaces fe-0/0/0 unit 0 family inet address 10.0.0.10/8 vrrp-group 1 priority 200
Root#set interfaces fe-0/0/0 unit 0 family inet address 10.0.0.10/8 vrrp-group 1 accept-data
Root#set interfaces lo0 unit 0 family inet address 15.0.0.1/32
Configuration of Vrrp on Router B
Root#set interfaces fe-0/0/0 unit 0 family inet address 10.0.0.20/8 vrrp-group 1 virtual-address 10.0.0.5
Root#set interfaces fe-0/0/0 unit 0 family inet address 10.0.0.20/8 vrrp-group 1 priority 100
Root#set interfaces fe-0/0/0 unit 0 family inet address 10.0.0.20/8 vrrp-group 1 accept-data
Root#set interfaces lo0 unit 0 family inet address 15.0.0.1/32
Verifying Commands
Root>show vrrp
Root>show vrrp interface fe-0/0/0
26 Lab # 8 Inter-VLAN Routing
Configuration Switch
Switch(config)#vlan 10 Switch(config-vlan)#name vlan-10 Switch(config)#vlan 20 Switch(config-vlan)#name vlan-10 Vlan 10 Vlan 20 Host A 10.0.0.1/8 10.0.0.10 Host B 20.0.0.1/8 20.0.0.10 Fa 0/24 Fa 0/1 Fa 0/11 Fe-0/0/0.10 10.0.0.10 / 8 Fe-0/0/0.20 20.0.0.10 / 8 Fe-0/0/0 J2300 2950
27
Switch(config)#interface range fastEthernet 0/1 - 10
Root# set interfaces ls-0/0/0 unit 0 family inet add 15.0.0.1/8 Root# set interfaces se-0/0/2 unit 0 family mlppp bundle ls-0/0/0.0 Root# set interfaces se-0/0/3 unit 0 family mlppp bundle ls-0/0/0.0
Configuration of mlppp on router B.
Root# set interfaces ls-0/0/0 unit 0 family inet add 15.0.0.2/8 Root# set interfaces se-0/0/2 unit 0 family mlppp bundle ls-0/0/0.0 Root# set interfaces se-0/0/3 unit 0 family mlppp bundle ls-0/0/0.0
Verifying Command Root> show interfaces ls-0/0/0
J2300 J2300 IP Address 15.0.0.2 Ls-0/0/0 IP Address 15.0.0.1 Ls-0/0/0
31 Lab #11 Password Recovery
Configuration
First Press Power ON Button reboot your router
when below line appear press space bar
Hit [Enter] to boot immediately, or space bar for command prompt. Booting [kernel] in 1 second...
Type boot s at below prompt
Type '?' for a list of commands, 'help' for more detailed help. Ok boot -s
Type recovery at below prompt Enter full pathname of shell or 'recovery' for root password recovery or RETURN for /bin/sh: recovery
CLI prompt Appear
Starting CLI ... root>
Type Configure and Set Root authentication Password
Root>configure Root#set system root-authentication plain-text-password New password:******* Retype new password:*******
32
Type commit to load configuration
Root#commit Root# exit
Type Exit to reboot the Router
root> exit
Reboot the system? [y/n] yes
33 Lab # 12
PPP AUTHENTICATION- CHAP Diagram
Configuration
CHAP Authentication Configuration for Router R1.
Root#set system host-name R1 Root@R1#set system root-authentication encrypted-password abc123 Root@R1#set interfaces se-0/0/2 encapsulation ppp Root@R1#set interfaces se-0/0/2 ppp-options chap default-chap-secret abc123 Root@R1#set interfaces se-0/0/2 ppp-options chap local-name R1
CHAP Authentication Configuration for Router R2.
Root#set system host-name R2 Root@R2#set system root-authentication encrypted-password abc123 Root@R2#set interfaces se-0/0/2 encapsulation ppp Root@R2#set interfaces se-0/0/2 ppp-options chap default-chap-secret abc123 Root@R2#set interfaces se-0/0/2 ppp-options chap local-name R2
Verifing Commands : Root > show interface terse Root > show interface se-0/0/2
IP Address 15.0.0.1 Se-0/0/2 IP Address 15.0.0.2 Se-0/0/2 R2 R1 WAN