Professional Documents
Culture Documents
Overview
This lab introduces you to the Junos operating system command-line interface (CLI). In
this lab, you will familiarize yourself with various CLI operational mode and configuration
mode features.
The lab is available in two formats: a high-level format designed to make you think through
each step and a detailed format that offers step-by-step instructions complete with
sample output from most commands.
By completing this lab, you will perform the following tasks:
• Log in to and explore the Junos CLI using both operational and configuration
modes.
In this lab part, you become familiar with the access details used to connect to the
lab equipment. Once you are familiar with the access details, you will use the CLI to
log in to your team’s designated station and use the CLI to become familiar with
operational mode and configuration mode. You also gain experience with some of
the tools and functionality available within operational mode and configuration
mode.
Note
Depending on the class, the lab equipment
used might be remote from your physical
location. The instructor will inform you as to
the nature of your access and will provide
you the details needed to access your
assigned device.
Step 1.1
Ensure that you know to which student device you have been assigned. Check with
your instructor if you are not certain. Consult the management network diagram to
determine the management address of your student device
Step 1.2
Access the CLI at your station using either the console, Telnet, or SSH as directed by
your instructor. Refer to the management network diagram for the IP address
associated with your team’s station. The following example uses a simple Telnet
access to srxA-1 with the Secure CRT program as a basis:
Step 1.4
Determine what system information you can clear from the operational mode
command prompt.
Step 1.5
Experiment with command completion by entering show i<space>.
Step 1.6
Add characters to disambiguate your command so that you can display
interface-related information; use the Spacebar or Tab key for automatic command
completion.
Note
You can return to the command prompt
without scrolling through all of the
generated output from a command. Enter
the Ctrl+c key sequence or the q key to
abort the operation and return to the
command prompt.
Step 1.7
Try to clear SNMP statistics by entering the clear snmp command.
Step 1.8
Verify that the CLI does not let you complete invalid commands by trying to enter the
command show ip interface brief.
Step 1.9
Enter a show route command followed by a show system users command.
You are entering these commands to demonstrate command history recall. When
finished, enter the keyboard sequences indicated to answer the related questions.
Step 1.10
In many cases, the output of a command might exceed one full screen. For example,
the show interfaces interface-name extensive command displays a lot
of information about the specified interface. Enter this command now for your
system’s ge-0/0/0 interface, and answer the following questions. Use the h key as
needed to obtain help when CLI output is paused at the ---(more)--- prompt.
Step 1.11
Use the pipe (|) and match functions of the Junos CLI to list all interfaces that are
physically down.
Step 1.12
A large portion of the Junos OS documentation is available directly from the CLI. You
can retrieve high-level topics using the help topic command, whereas you can
obtain detailed configuration-related information with the help reference
command.
Use the help reference command along with the CLI question-mark operator
(?) to find detailed information about configuring a system hostname.
Step 1.13
Enter configuration mode.
Step 1.14
Display the interfaces portion of the candidate configuration.
Step 1.15
Position yourself at the [edit interfaces] configuration hierarchy.
Step 1.16
Move to the [edit protocols ospf] portion of the hierarchy. This step
requires that you first visit the root of the hierarchy, as you cannot jump directly
between branches. You can perform this step with a single command in the form of
top edit protocols ospf, however.
Note
If you have not already done so, return to
the [edit] hierarchy level using one of
the available methods.
Step 1.18
Try to return to operational mode by entering an exit command.
Step 1.19
Log out of your assigned device using the exit command.
Overview
This lab demonstrates configuration tasks typically performed on new devices running the
Junos operating system. In this lab, you use the CLI to perform initial configuration and
basic interface configuration.
The lab is available in two formats: a high-level format designed to make you think through
each step and a detailed format that offers step-by-step instructions complete with
sample output from most commands. Refer to the management network diagram for
access details.
By completing this lab, you will perform the following tasks:
• Load a factory-default configuration and perform initial system configuration.
• Save, delete, and restore a rescue configuration.
• Perform basic interface configuration.
In this lab part, you will load the factory-default configuration and perform initial
configuration tasks using the Junos CLI.
Step 1.1
Ensure that you know to which student device you have been assigned. Check with
your instructor if you are not certain. Consult the management network diagram to
determine the management address of your student device
Step 1.2
Access the CLI at your station using the console connection.
Note
During this lab, your access through the
management network will be affected.
Ensure that you use the console
connection to access your assigned station.
Using the console connection ensures
persistent connectivity even when the
management network access is
unavailable. If needed, ask your instructor
how to connect to your system using the
console port.
Step 1.3
Log in to the student device with the username lab using a password of lab123.
Note that both the name and password are case-sensitive. Enter configuration mode
and load a factory-default configuration using the load factory-default
command.
Note
The factory-default configuration displays
several statements pertaining to the
security hierarchy level. This information is
outside the scope of this class but is
covered in the Junos for Security Platforms
(JSEC) course.
Step 1.5
Try to activate the factory-default configuration by issuing a commit command.
Step 1.6
Navigate to the [edit system root-authentication] hierarchy level. Issue
the set plain-text-password command. When prompted to enter a new
password, type apples.
Step 1.7
Again, issue the set plain-text-password command. When prompted to
enter a new password, type Apples. When prompted to confirm the password, type
Oranges.
Step 1.8
Issue the set plain-text-password command once again. When prompted
to enter a new password, type Rootroot. When prompted to confirm the password,
type Rootroot. Activate the change and return to operational mode by issuing a
commit and-quit command.
Step 1.9
Issue the file list /var/tmp command.
Step 1.10
Log out as the lab user and log in as root. Use the newly defined password of
Rootroot.
Note
You should see the previously defined
hostname at the login prompt. The
amnesiac hostname is shown when the
hostname is removed and the system is
rebooted. You do not need to reboot the
system at this time because you will
configure a new hostname shortly.
Step 1.11
Start the CLI with the cli command and enter configuration mode.
Step 1.12
Define the system’s hostname. Use the hostname specified on the management
network diagram provided by your instructor.
Step 1.13
Configure the time zone and system time using the local time zone and current date
and time as input values.
Step 1.14
Remove the DHCP, interface, security, protocols and vlan sections from the
factory-default configuration, as this is not necessary in this lab environment.
Step 1.15
Configure the ge-0/0/0 interface using the address and subnet mask specified on
the management network diagram, and specify an interface description of "MGMT
INTERFACE - DO NOT DELETE".
STOP Wait for your instructor before you proceed to the next part.
In this lab part, you will save, display, load, and delete a rescue configuration using
the Junos CLI.
Step 2.1
Enter configuration mode and load the lab2-part2-start.config file from
the/var/home/lab/ijos/ directory. This will return the lab to its original state
and reestablish the lab user. Commit your configuration and return to operational
mode when complete.
Step 2.2
Log out of the root user by issuing the exit command twice, then log in as the
lab user using lab123 as the password.
Step 2.3
Save the active configuration as the rescue configuration.
Step 2.4
Display the contents of the recently saved rescue configuration.
Step 2.6
Verify that the [edit system services] hierarchy level is empty and then load
the rescue configuration.
Step 2.7
Verify that the [edit system services] hierarchy level once again contains
the ssh, telnet, and web-management services.
Step 2.8
Activate the rescue configuration and return to operational mode.
Step 2.9
Delete the rescue configuration and attempt to display the rescue.conf.gz file to
confirm the deletion.
STOP Wait for your instructor before you proceed to the next part.
In this lab part, you will perform interface configuration and verify the operational
state of interfaces using the Junos CLI.
Step 3.1
Enter configuration mode and load the lab2-part3-start.config file from
the /var/home/lab/ijos/ directory. Commit you configuration when complete.
Step 3.3
Issue the show interfaces terse CLI command to verify the state of the
configured interfaces.
Step 3.4
Log out of your assigned device using the exit command.
Overview
This lab demonstrates typical secondary configuration tasks performed on devices
running the Junos operating system.
The lab is available in two formats: a high-level format designed to make you think through
each step and a detailed format that offers step-by-step instructions complete with
sample outputs from most commands.
By completing this lab, you will perform the following tasks:
• Define user accounts and authentication options.
• Set up and verify proper operation of system logging (syslog).
• Configure and monitor NTP.
• Enable and monitor the operation of SNMP.
• Configure and monitor the configuration archival feature.
In this lab part, your team will configure user accounts and related authentication
options.
Step 1.1
Ensure that you know to which student device you have been assigned. Check with
your instructor if you are not certain. Consult the management network diagram to
determine the management address of your student device
Step 1.2
Access the CLI at your station using either the console, Telnet, or SSH as directed by
your instructor. Refer to the management network diagram for the IP address
associated with your team’s station. The following example uses a simple Telnet
access to srxA-1 with the Secure CRT program as a basis:
Step 1.3
Log in to the student device with the username lab using a password of lab123.
Note that both the name and password are case-sensitive. Enter configuration mode
and load the reset configuration file using the load override /var/home/
lab/ijos/lab3-start.config command. After the configuration has been
loaded, commit the changes.
Step 1.4
Navigate to [edit system login] and define a custom login class named
juniper with the following permissions:
• view
• view-configuration
• reset
Step 1.6
View the configuration under the [edit system login] hierarchy level. If you
are satisfied with the results, activate your new configuration by issuing the commit
command.
Note
The remainder of this lab part tests user
login options. To prevent yourself from
being locked out, keep the current console
session open!
Step 1.7
Open another terminal window and use Telnet to access your system’s management
IP address. If needed, refer to the management network diagram. Log in with the
username walter.
Step 1.8
Using the new terminal session, try to enter configuration mode.
Step 1.9
Enter a question mark (?) at the prompt to view the permitted operational mode
command options for the user walter.
Step 1.10
Verify that the user walter can view the configuration and other operational
outputs such as interface information.
Step 1.11
Restart the routing process using the restart routing command. This
command restarts the routing protocol daemon (rpd), which can be useful when
troubleshooting routing problems.
Step 1.12
Log out from the user walter and initiate a new Telnet session to the management
interface for the user nancy. (Hint: Use the reconnect option on your terminal
client.) Attempt to restart the routing protocol process using the restart
routing command.
Step 1.13
Attempt to clear interface statistics for the ge-0/0/0 interface using the clear
interfaces statistics ge-0/0/0 command.
Step 1.14
Return to the original session opened to the lab user.
From the session opened to the lab user attempt to add the clear permission to
the default read-only login class. Issue the show command to view the system
login hierarchy.
Step 1.15
Navigate to the top of the configuration hierarchy and configure a RADIUS server for
use with user authentication. Refer to your management network diagram for the
server address. The RADIUS secret should be Juniper. Configure the
authentication order so that user login attempts use only local password
authentication if the RADIUS server is unreachable. Use commit to activate the
changes.
Step 1.16
Return to the secondary Telnet session opened to you student device
From the secondary Telnet session in which the user nancy is logged in, issue the
exit command to log out. Test the RADIUS server by reconnecting to the Telnet
session and try to log back in as nancy.
Step 1.17
In the previous lab step, the defined RADIUS server was reachable. Because you did
not define the username on the RADIUS server, the RADIUS server rejected the
authentication. Therefore, the software did not consult the local password database.
Return to the original session opened to the lab user.
From the session opened to the lab user and change the IP address of the RADIUS
server to 10.1.1.1. You can use the rename command for this change. Do not forget
to issue commit to activate the change.
Step 1.18
Return to the secondary Telnet session opened to you student device
From the secondary Telnet session, try to log in to the system with the nancy
username once again.
Step 1.19
Return to the original session opened to the lab user.
From the session opened to the lab user and delete the
authentication-order statement. When complete commit your config and
return to operational mode.
STOP Wait for your instructor before you proceed to the next part.
In this lab part, you will perform configuration of some common system
management features. You will configure and monitor syslog, NTP, SNMP, and
configuration archival.
Step 2.1
Enter configuration mode and load the lab3-part2-start.config file from
the/var/home/lab/ijos/ directory. Commit your configuration when complete.
Step 2.2
Use the show system syslog command to view the current syslog
configuration.
Step 2.3
Navigate to the [edit system syslog] hierarchy and configure a new syslog
file named config-changes. Specify a facility of change-log and a severity of
info. Also, set the severity level for the default messages file to any.
Step 2.4
Configure your system to send logs to a remote server running the standard syslog
utility. Refer to your management network diagram for the server address. (Hint: Use
the host option.) Choose the correct facility that logs access attempts on the
system. (Hint: The current messages log file is already using this facility.) Use a
severity level of info. Commit your changes when complete.
Step 2.5
Using the run file list /var/log/ command, verify the creation of a log file
named config-changes.
Note
The files stored in the /var/log/
directory might vary between each system.
Step 2.6
Configure the system to synchronize its clock with an NTP server. Refer to the
management network diagram for the server’s IP address.
Step 2.7
Use the same server IP address used in the previous step and configure an NTP
boot server. Commit the configuration and return to operational mode when
complete.
Step 2.8
View the config-changes log and verify the logging of the latest configuration
changes.
Step 2.9
Manually force synchronization with the NTP server by issuing the set date ntp
operational mode command.
Step 2.10
Verify synchronization with the NTP server by using the show ntp
associations command. The system is synchronized with the NTP server if you
see the server address in the remote column with an asterisk (*) next to it. Check
the current system time using the show system uptime command.
Note
Step 2.11
Return to configuration mode and configure the system to allow SNMP access using
a community value of junos. The system should allow processing of SNMP
messages only when it receives them from the NMS server’s IP address. Refer to the
management network diagram for the server’s IP address.
Step 2.12
Configure an SNMP trap group to send traps to the NMS server. The SNMP trap
group should send traps whenever an interface transitions to a down state. Name
the trap group interfaces.
Step 2.13
To test your SNMP configuration, temporarily disable the ge-0/0/0 interface using
the set interfaces ge-0/0/0 disable command. Commit the new setting
and verify that the interface is down using the run show interfaces ge-0/
0/0 terse command. Next, re-enable the interface by issuing the delete
interfaces ge-0/0/0 disable command. Commit the change and return to
operational mode when complete.
Step 2.14
Verify that the interface transition resulted in the sending of a trap by viewing the
messages log. Use the pipe symbol (|) and match on the ge-0/0/0 interface and
the keyword snmp to parse the messages log output. Next, issue the show snmp
statistics command and confirm that the Traps value in the Output section
is not zero.
Step 2.15
Perform an SNMP MIB walk with the Junos CLI using the show snmp mib walk
jnxOperatingDescr command. Note that the resolved object identifier (OID) of
jnxOperatingDescr is case sensitive. The OID is variable; we are simply using
this OID as an example.
Note
Step 2.16
Enter configuration mode and configure your system to archive its configuration to a
remote FTP server whenever a commit operation occurs. You should configure the
archive-sites as “ftp://ftp@server address:/archive” including
the quotation marks. Refer to the management network diagram for the server’s IP
address. You should configure the password as ftp. You perform this configuration
under the [edit system archival configuration] hierarchy level.
Commit your configuration and return to operational mode when complete.
Step 2.17
Verify that the configuration successfully transferred to the remote FTP server by
using the show log messages | match transfer command.
Step 2.18
Log out of your assigned device using the exit command.
Overview
This lab covers common operational monitoring and platform maintenance activities. In
this lab, you monitor system, chassis, and interface operation, use network utilities, and
perform system maintenance tasks.
The lab is available in two formats: a high-level format designed to make you think through
each step and a detailed format that offers step-by-step instructions complete with
sample output from most commands.
By completing this lab, you will perform the following tasks:
• Monitor chassis, system, and interface operation.
• Use network utilities.
• Upgrade a device running the Junos operating system and recover the root
password.
In this lab part, each team will use key commands within the CLI to monitor system
and chassis operation.
Step 1.1
Ensure that you know to which student device you have been assigned. Check with
your instructor if you are not certain. Consult the management network diagram to
determine the management address of your student device
Step 1.2
Access the CLI at your station using either the console, Telnet, or SSH as directed by
your instructor. Refer to the management network diagram for the IP address
associated with your team’s station. The following example uses a simple Telnet
access to srxA-1 with the Secure CRT program as a basis:
Step 1.3
Log in to the student device with the username lab using a password of lab123.
Note that both the name and password are case-sensitive. Enter configuration mode
and load the reset configuration file using the load override /var/home/
lab/ijos/lab4-start.config command. After the configuration has been
loaded, commit the changes and return to operational mode.
Step 1.4
Issue the show system processes extensive command to check the status
of the routing protocol daemon (rpd). Alternatively, issue the show system
processes extensive | match "pid | rpd" command to parse the
output. The use of two pipes (|) in this command allows you to make multiple
matches. In this case it matches rpd for the routing protocol process as well as PID
to view the column headers.
Step 1.5
Issue the show system statistics command to view protocol statistics
related to your team’s device.
Step 1.6
Issue the show system storage command to view information regarding the
device storage space.
Step 1.7
Issue the show system uptime command to view the current system time.
Step 1.8
Open another terminal window and use Telnet to access your system’s management
IP address. If needed, refer to the management network diagram. Log in with the
username walter and the password walter123.
Step 1.10
Issue the request system logout user walter command to force a log
out for the user walter. Next, issue the show system users command to verify
that the user session for walter was terminated.
Step 1.11
Check the environmental status of your team’s device by issuing the show
chassis environment command.
Step 1.12
Issue the show chassis temperature-thresholds command.
Step 1.13
View details about your system’s hardware components using the show chassis
hardware command.
Step 1.15
Issue the show interfaces ge-0/0/0 extensive command and answer
the questions that follow:
Question:
Does the ge-0/0/0 interface show any input errors?
Step 1.16
Issue the clear interfaces statistics ge-0/0/0 command followed by
the show interfaces ge-0/0/0 extensive | find "traffic"
command.
STOP Wait for your instructor before you proceed to the next part.
In this lab part, each team will use network utilities within the CLI and monitor local
system traffic.
Step 2.1
Enter configuration mode and load the lab4-part2-start.config file from
the/var/home/lab/ijos/ directory. Commit your configuration and return to
operational mode when complete.
Step 2.2
Start a continuous ping to the server with a data size of 500 bytes. Refer to the
management network diagram for the server’s IP address.
Note
If you are not receiving Internet Control
Message Protocol (ICMP) echo replies from
the server, notify your instructor.
Step 2.3
Note
You can stop the ping operation by using
the Ctrl+c keystroke combination. You
should, however, let the ping operation
continue at this time for the subsequent
monitoring step.
Open a new terminal session to your team’s device. Use Telnet to access your
system’s management IP address. If needed, refer to the management network
diagram. Log in with the lab user account and the password provided by the
instructor. You will use this separate terminal session to monitor ping traffic
generation.
Step 2.4
Use the monitor traffic interface ge-0/0/0 command to begin
monitoring the ge-0/0/0 management interface.
Note
You can stop the monitoring operation by
using the Ctrl+c keystroke combination.
You can also increase the capture size
using the size option to avoid truncated
packets.
Note
The monitor traffic command
captures only packets that are local to the
device. It does not capture transit packets.
Step 2.5
In preparation for the next lab part, stop the monitor operation using the Ctrl+c
keystroke combination, and close the extra terminal session that you opened.
Step 2.6
Return to the original session opened to your device.
From the original session opened to your device, issue the Ctrl+c keystroke
combination to stop the continuous ping.
STOP Wait for your instructor before you proceed to the next part.
In this lab part, you will retrieve a Junos OS package from a remote server and
upgrade your assigned device. Note that to keep the software consistent, you
upgrade the device to the same version of the Junos OS that it is currently running.
Step 3.1
Enter configuration mode and load the lab4-part3-start.config file from
the/var/home/lab/ijos/ directory. Commit your configuration and return to
operational mode when complete.
Step 3.2
Use the file copy command in conjunction with FTP to retrieve the install image
named junos-srxsme-12.1R1.9-domestic.tgz from the server. Refer to
the management network diagram for the server’s IP address. Use the username
ftp and a password of ftp. Save the image to the /var/tmp directory on the
local device.
Note
If there is not enough room in the
/var/tmp directory to accommodate the
software package, notify your instructor.
Step 3.3
Verify that the software package transferred correctly to the local /var/tmp
directory by using the file list /var/tmp | match junos command.
Step 3.4
Issue the request system software add /var/tmp/
junos-srxsme-12.1R1.9-domestic.tgz command to upgrade your assigned
device. Use the reboot option to automatically perform a system reboot, which is a
requirement of the upgrade process. Use the console terminal session to monitor
the upgrade process.
Step 3.5
After the reboot is complete, log in again as the lab user and issue the show
version command.
STOP Wait for your instructor before you proceed to the next part.
In this lab part, you will perform root password recovery. The root password recovery
process requires that you use the console connection.
Step 4.1
Enter configuration mode and load the lab4-part4-start.config file from
the /var/home/lab/ijos/ directory. Commit your configuration and return to
operational mode when complete.
Step 4.4
When prompted to enter a pathname for shell or ‘recovery’ for root password
recovery, type recovery and press Enter.
Step 4.5
Once the prompt is available, enter configuration mode and set a new root password
of lab123. Commit the configuration and return to configuration mode. Use the
exit command to leave operational mode, the software prompts you about
rebooting. Type y and press Enter to reboot the system.
Step 4.6
Once the system boots, verify the root password recovery by logging in with the new
root password.
Step 4.7
Start the CLI and enter configuration mode.
Step 4.8
Restore the lab4-part4-start configuration using the load override /
var/home/lab/ijos/lab4-part4-start.config command. Activate the
configuration and log out of the system.
Overview
This lab introduces you to the J-Web graphical user interface (GUI). In this lab, you will
familiarize yourself with various J-Web features and capabilities.
The lab is available in two formats: a high-level format that is designed to make you think
through each step and a detailed format that offers step-by-step instructions complete
with sample output from most commands.
By completing this lab, you will perform the following tasks:
• Log in to the J-Web interface.
• Explore J-Web monitoring options.
• Explore J-Web configuration and diagnose options.
In this lab part, you will familiarize yourself with the access details for your team’s
station and log in through the J-Web interface. You will also familiarize yourself with
the various monitoring capabilities available in the J-Web user interface.
Note
Depending on the specifics of your class,
you might be accessing a router that is
remote from your physical location. The
instructor will inform you as to the nature of
your access and will provide you with the
details needed to access your router.
Step 1.1
Ensure that you know to which student device you have been assigned. Check with
your instructor if you are not certain. Consult the management network diagram to
determine the management address of your student device
Step 1.2
Access the CLI at your station using either the console, Telnet, or SSH as directed by
your instructor. Refer to the management network diagram for the IP address
associated with your team’s station. The following example uses a simple Telnet
access to srxA-1 with the Secure CRT program as a basis:
Step 1.3
Log in to the student device with the username lab using a password of lab123.
Note that both the name and password are case-sensitive. Enter configuration mode
and load the reset configuration file using the load override /var/home/
lab/ijos/lab5-start.config command. After the configuration has been
loaded, commit the changes and return to operational mode.
Step 1.6
After logging in click on the Dashboard tab in the upper left corner. Use the
information found in your browser to answer the following questions.
Step 1.7
Edit the Dashboard Preferences to display the Chassis Status.
Step 1.8
Navigate to Monitor > Interfaces and view the ge-0/0/0.0 interface.
In this lab part, you will familiarize yourself with the configuration and diagnostic
capabilities available in the J-Web interface. You will also identify the key pages that
relate to those capabilities.
Step 2.1
Access the J-Web configuration page by clicking the Configure tab.
Step 2.2
Step 2.4
Commit the new user by clicking on Actions in the upper right corner, then click
Commit.
Step 2.5
Return to User Management and remove the Jweb user created earlier.
Step 2.6
Click Actions, then click Compare to display changes in the configuration.
Step 2.7
Commit the changes by clicking on Actions then Commit.
Step 2.8
Navigate to Troubleshoot > Ping Host. Enter the IP address of the server in
the management network and click Start to begin the ping.
Step 2.9
Logout of your J-Web session. Return to the cli session opened to your device and
log out using the exit command.