Basic Junos

Configuring Junos Basics
Lab Guide
Worldwide Education Services

1133 Innovation Way
Sunnyvale, CA 94089
USA
408-745-2000
www.juniper.net
Course Number: PRT-CONFIG-JUNOS-BAS
This document is produced by Juniper Networks, Inc.

This document or any part thereof may not be reproduced or transmitted in any form under penalty of law, without the prior written permission of Juniper Networks
Education Services.
Juniper Networks, Junos, Steel-Belted Radius, NetScreen, and ScreenOS are registered trademarks of Juniper Networks, Inc. in the United States and other
countries. The Juniper Networks Logo, the Junos logo, and JunosE are trademarks of Juniper Networks, Inc. All other trademarks, service marks, registered
trademarks, or registered service marks are the property of their respective owners.
Configuring Junos Basics Lab Guide
Copyright 2015, Juniper Networks, Inc.
All rights reserved. Printed in USA.
Revision History:
June 2011
November 2011
April 2012
The information in this document is current as of the date listed above.
The information in this document has been carefully verified and is believed to be accurate for software Release 11.4R1.6. Juniper Networks assumes no
responsibilities for any inaccuracies that may appear in this document. In no event will Juniper Networks be liable for direct, indirect, special, exemplary, incidental
or consequential damages resulting from any defect or omission in this document, even if advised of the possibility of such damages.
Juniper Networks reserves the right to change, modify, transfer, or otherwise revise this publication without notice.
YEAR 2000 NOTICE
Juniper Networks hardware and software products do not suffer from Year 2000 problems and hence are Year 2000 compliant. The Junos operating system has
no known time-related limitations through the year 2038. However, the NTP application is known to have some difficulty in the year 2036.
SOFTWARE LICENSE
The terms and conditions for using Juniper Networks software are described in the software license provided with the software, or to the extent applicable, in an
agreement executed between you and Juniper Networks, or Juniper Networks agent. By using Juniper Networks software, you indicate that you understand and
agree to be bound by its license terms and conditions. Generally speaking, the software license restricts the manner in which you are permitted to use the Juniper
Networks software, may contain prohibitions against certain uses, and may state conditions under which the license is automatically terminated. You should
consult the software license for further details.
Document Conventions
CLI and GUI Text
Frequently throughout this course, we refer to text that appears in a command-line interface (CLI) or a graphical user
interface (GUI). To make the language of these documents easier to read, we distinguish GUI and CLI text from standard
text according to the following table.
Style
Description
Usage Example
Franklin Gothic
Normal text.
Most of what you read in the Lab Guide and

Student Guide.
Courier New
Console text:
Screen captures
Noncommand-related syntax
commit complete
Exiting configuration mode
GUI text elements:

Menu names
Text field entry
Select File > Open, and then click

Configuration.conf in the Filename
text box.
Input Text Versus Output Text

You will also frequently see cases where you must enter input text yourself. Often these instances will be shown in the
context of where you must enter them. We use bold style to distinguish text that is input versus text that is simply
displayed.
Style
Description
Usage Example
Normal CLI
No distinguishing variant.
Physical interface:fxp0, Enabled

View configuration history by clicking
Configuration > History.
Normal GUI
CLI Input
Text that you must enter.
lab@San_Jose> show route

Select File > Save, and type config.ini
in the Filename field.
GUI Input
Defined and Undefined Syntax Variables

Finally, this course distinguishes between regular text and syntax variables, and it also distinguishes between syntax
variables where the value is already assigned (defined variables) and syntax variables where you must assign the value
(undefined variables). Note that these styles can be combined with the input style as well.
Style
Description
Usage Example
CLI Variable
Text where variable value is already

assigned.
policy my-peers
Text where the variables value is the

users discretion or text where the
variables value as shown in the lab
guide might differ from the value the
user must input according to the lab
topology.
Type set policy policy-name.
GUI Variable
CLI Undefined
GUI Undefined
www.juniper.net
Click my-peers in the dialog.
ping 10.0.x.y
Select File > Save, and type filename in
the Filename field.
Document Conventions v
vi Document Conventions
www.juniper.net
Contents
Lab 0:
Introduction to the Juniper Networks Virtual Lab . . . . . . . . . . . . . . . . . . . . 0-1

Part 1:Accessing the Virtual Labs Homepage . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Part 2:Logging in to the Virtual Labs site . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Part 3:Entering and Exiting a Virtual Lab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Part 4:Additional Information and Feedback . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Lab 1:
0-2
0-2
0-3
0-7
Getting Started . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-1

Part 1:Logging In to the Junos OS Device Using the CLI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-2
Part 2:Performing System Basics Operations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-2
Part 3:Configuring the Root Access Credentials . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-4
Part 4:Configuring the Loopback Interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-5
Part 5:Viewing the MGMT Interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-7
Part 6:Setting the Date and Time . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-8
Part 7:Performing a Basic Interface Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-9
Part 8:Setting Up User Accounts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-11
Part 9:Configuring Remote Access . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-13
Lab 2:
SNMP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-1
Part 1:SNMP Trap Groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Part 2:SNMP Communities . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Part 3:Setting SNMP Contact Details . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Part 4:SNMP Views . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Part 5:SNMP RMON and Health-Monitoring . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Part 6:SNMP Health-Monitoring Logs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Lab 3:
2-1
2-2
2-3
2-4
2-6
2-8
Configuration Commands and Related Shortcuts . . . . . . . . . . . . . . . . . . . 3-1

Part 1:Time Saving Techniques when Modifying Configurations in CLI . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Part 2:Creating and Configuring Interface Groups and Templates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Part 3:Configure Interfaces to a Group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Part 4:Interface Exclusion from a Configured Group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Part 5:Saving and Loading Configuration Files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
www.juniper.net
3-2
3-4
3-5
3-7
3-9
www.juniper.net
Lab 0
Introduction to the Juniper Networks Virtual Lab
Overview
Lab 0 describes the basic procedures for accessing the Juniper Networks Virtual Lab (vLab)
environment using a standard Web browser.
The Purpose of the Virtual Labs
The vLabs help partners receive hands-on training through a virtual portal which is available
24 hours a day, 7 days a week. This is not a simulator, but live equipment to promote learning
and development for interested partners in association with the Juniper Networks Partner
Learning Academy.
The vLab exercises assist a student in becoming proficient at installing, configuring, and
troubleshooting Juniper products. The time needed to complete each course track and the
associated virtual lab exercises will vary. You will need your Juniper partner login to access the
virtual lab website.
Once logged in, access is granted on a first come, first served basis. The system will check to
see if the selected vLab has a lab environment available. If a vLab environment for the selected
lab is available, access is granted. If a vLab environment for the selected vLab is not available,
you will be asked to try again later. The vLabs are also available for dedicated instructor-led
courses on an as-needed basis.
Each of the vLab environments is duplicated multiple times, making it more likely that a vLab
environment will be available for you to use.
Note
We recommend that you read through Lab 0 prior to
starting your lab. The guide provides important
information regarding accessing the lab
environment and the lab exercises. Lab 0 is the
same for all vLabs.
Introduction to the Juniper Networks Virtual Lab Lab 01
Part 1: Accessing the Virtual Labs Homepage

The first step in accessing the vLabs is to login to the vLab website. To access the vLab
website, copy and paste the URL shown below into a web browser:
https://virtuallabs.juniper.net
Part 2: Logging in to the Virtual Labs site

If you are already logged into the Juniper Networks Partner Learning Academy or Partner
Center, you should not need to log into the Virtual Labs site. However, if you are not logged in to
the Learning Academy or Partner Center, a login screen will be presented, as shown below.
Once you have successfully logged in, you will be presented with the Course Management
homepage, which will look similar to the image shown below.
Lab 02 Introduction to the Juniper Networks Virtual Lab
Part 3: Entering and Exiting a Virtual Lab

Find the lab you wish to enter from amongst the tiles presented in the Courses Catalog on the
Course Management homepage. You can use Search courses in the upper left of the
screen if needed. In the default view the courses are presented as tiles, as shown in the first
image below. You can also click List, located on the right of the blue menu bar, to display the
course tiles as an alphabetized list, as shown in the second image below.
Clicking on a tiles image will show you a high-level diagram of the lab topology (use the back
button on your browser to return to the Course Management page). For additional information
regarding a particular lab, click the More Info link. When you are ready to enter the lab
environment, click the Reserve button.
Step 3.1
A RESERVE window which displays the time reserved for you to complete the lab exercises
(SCHEDULE field) will appear. The selected lab name is also displayed (NAME field). The
allotted time (typically 2 or 3 hours) should be more than adequate to complete the exercises,
but you can set the SCHEDULE time to a maximum of 4 hours if needed. The COURSE field
provides a drop down menu in case you want to select a different course.
Click the Reserve button to enter the lab environment for the selected lab.
Step 3.2
The lab environment for the course you selected will be displayed, similar to the image shown
below. The lab environment displays the main devices (represented as tiles) that comprise the
lab. The example below shows two tiles representing the MX Series routers in this particular
lab (mx1 and mx2), along with a virtual router tile (vr-device), and their associated
management IP addresses.
The initial configuration loaded on the devices is a base configuration needed to begin the
particular lab you have selected. Upon first entering the lab environment, a brief setup process
will initiate. The green Active icon on the blue menu bar will change to Setup and then back to
Active to signify the lab is ready to use.
Once you are on this lab environment page and setup is finished, you can begin the lab
exercises available in the lab guide for the selected course (you should begin with Lab 1 and
sequentially work through the lab exercises). A timer in the blue menu bar will show you how
much time you have left in your reservation to complete the lab exercises.
Step 3.3
When you are ready to leave the lab environment, click the END icon located on the right side
of the blue menu bar, as shown in the image below. The environment will go into a Teardown
process. You can leave the lab environment page while the Teardown process is occurring.
Step 3.4
Confirm your intent to leave the lab environment by clicking OK in the pop-up window that
appears.
Step 3.5
Upon clicking OK, the lab environment will begin the configuration teardown/reset process,
your reservation timer will end, and the lab environment you were using will be released.
The Course Management menu in the upper left of the screen provides a drop down menu so
that you can return to the Courses page if you want to start another course, or you can go to
the Reservations page. The Reservations page, shown in the first image below, shows a history
of the vLabs you have accessed.
You can logout of the Virtual Lab site from either the Course Management, Reservations, or lab
environment pages by clicking on your user name in the upper right of the screen and selecting
Logoff from the drop down menu, as shown in the second image below.
Part 4: Additional Information and Feedback

Virtual Lab Support:
If you have a question on, or issue with, the lab environment or this lab guide, please contact
Juniper University Support at:
JuniperUsupport@juniper.net
Feedback:
If you would like to provide feedback on ways we can improve your virtual lab experience,
please send an e-mail to elearning@juniper.net.
STOP
Be sure to view the appropriate section of the associated

courseware before proceeding to Lab 1.
Lab 1
Getting Started
Overview
This lab will demonstrate how to begin the actual setup of your Junos OS device with the
basic settings, including the base system, user accounts, remote access, and interfaces.
By completing this lab, you will perform the following tasks:
www.juniper.net
Logging into Junos OS device using the CLI.
Performing system basics operations.
Configuring root access credentials.
Configuring the loopback interface.
Configuring the MGMT interface.
Setting the date and time.
Performing a basic Interface configuration.
Setting up user accounts.
Configuring remote access.
Getting Started Lab 11

11.4R1.6
Part 1: Logging In to the Junos OS Device Using the CLI

In this lab part, you will become familiar with the access details used to connect to
the lab equipment. Once you are familiar with the access details, you use the
command-line interface (CLI) to log in to your designated device.
Step 1.1
Once you are in the lab environment (see Lab 0 for instructions regarding entering a
lab environment), access the SRX1 CLI by hovering the mouse pointer over the tile
that displays (srx1) in the upper right corner. Then, hover the mouse pointer over
the Action icon that appears (the downward pointing triangle icon) and select
Console from the menu that appears.
Step 1.2
A new tab, displaying the CLI for SRX1, will open in the browser. You might have to
press Enter once to display the prompt. Do not close any tabs until instructed to do
so.
Log in as user lab with the password lab123.
login: lab
Password:
--- JUNOS 12.1X44-D35 built 2014-05-19 21:36:43 UTC
lab@srxA-1>
Part 2: Performing System Basics Operations

In this lab part, you will use the set system command to explore the Junos CLI
hierarchy.
Lab 12 Getting Started
www.juniper.net
Step 2.1
Enter into configuration mode by issuing the configure command.
lab@srxA-1> configure
Entering configuration mode
Step 2.2
Issue the set system ? command to view the system hierarchy completions. Tap
the spacebar to continue the screen display back to the command prompt.
[edit]
lab@srxA-1# set system ?
Possible completions:
> accounting
System accounting configuration
allow-v4mapped-packets Allow processing for packets with V4 mapped address
+ apply-groups
Groups from which to inherit configuration data
+ apply-groups-except Don't inherit configuration data from these groups
> archival
System archival management
> arp
ARP settings
+ authentication-order Order in which authentication methods are invoked
> auto-configuration
> autoinstallation
Autoinstallation configuration
> backup-router
IPv4 router to use while booting
> commit
Configuration commit management
compress-configuration-files Compress the router configuration files
default-address-selection Use system address for locally originated traffic
> diag-port-authentication Authentication for the diagnostic port
domain-name
Domain name for this router
+ domain-search
List of domain names to search
dump-device
Device to record memory snapshots on operating system
failure
> dynamic-profile-options Dynamic profile options
encrypt-configuration-files Encrypt the router configuration files
> extensions
Configuration for extensions to JUNOS
> fips
FIPS configuration
host-name
Hostname for this router
> inet6-backup-router IPv6 router to use while booting
> internet-options
Tunable options for Internet operation
> kernel-replication
Kernel replication
> license
License information for the router
> location
Location of the system, in various forms
> login
Names, login classes, and passwords for users
max-configuration-rollbacks Number of rollback configuration files (0..49)
max-configurations-on-flash Number of configuration files stored on flash
> name-server
DNS name servers
nd-maxmcast-solicit Set Maximum multicast solicit
nd-retrasmit-timer
Set retransmit timer
no-compress-configuration-files Don't compress the router configuration files
no-multicast-echo
Disable ICMP echo on multicast addresses
no-neighbor-learn
Disable neighbor address learning
no-ping-record-route Do not insert IP address in ping replies
no-ping-time-stamp
Do not insert time stamp in ping replies
no-redirects
Disable ICMP redirects
no-saved-core-context Don't save context information for core files
> ntp
Network Time Protocol services
www.juniper.net
>
>
>
>
>
>
>
>
>
>
>
>
>
>
pic-console-authentication Authentication for the console port on PICs

ports
Craft interface RS-232 ports
processes
Process control
proxy
Proxy information for the router
radius-options
RADIUS options
radius-server
RADIUS server configuration
root-authentication Authentication information for the root login
saved-core-context
Save context information for core files
saved-core-files
Number of saved core files per executable (1..10)
scripts
Scripting mechanisms
services
System services
static-host-mapping Static hostname database mapping
syslog
System logging facility
tacplus-options
TACACS+ options
tacplus-server
TACACS+ server configuration
time-zone
Time zone name or POSIX-compliant time zone string
tracing
System wide option for remote tracing
use-imported-time-zones Use locally generated time-zone database
Question: What is the command that allows you to

modify system host name?
Answer: The set system host-name

command allows you to modify system host name.
Part 3: Configuring the Root Access Credentials

In this lab part, you will set up a root account. The root user is by default the
administrator or super user, who has absolute permission to both configure and
install software on a device.
Note
The root password for the Virtual lab is

training1.
Step 3.1
Issue the set system root authentication plain-text-password
command to configure a password for the root account.
[edit]
lab@srxA-1# set system root-authentication plain-text-password
New password: training1
Retype new password: training1
[edit]
www.juniper.net
lab@srxA-1#
Note
As you enter the password in plain text, the

Junos OS encrypts it immediately. You do
not have to tell Junos to encrypt the
password as in some other systems. Plain
text passwords are therefore hidden and
marked as ## SECRET-DATA in Junos
configuration listings.
Step 3.2
Use the show system root-authentication command to show the
encrypted items related to the new password selection.
[edit]
lab@srxA-1# show system root-authentication
encrypted-password "$1$bM4Hfjrg$Er7yUxmj1iySZmFOBh39w0"; ## SECRET-DATA
ssh-dsa "ssh-dss AAAAB3NzaC1kc3MAAACBAMQrfP2bZyBXJ6PC7XXZ+MzErI8Jl6jah5L4/
O8BsfP2hC7EvRfNoX7MqbrtCX/9gUH9gChVuBCB+ERULMdgRvM5uGhC/
gs4UX+4dBbfBgKYYwgmisM8EoT25m7qI8ybpl2YZvHNznvO8h7kr4kpYuQEpKvgsTdH/
Jle4Uqnjv7DAAAAFQDZaqA6QAgbW3O/
zveaLCIDj6p0dwAAAIB1iL+krWrXiD8NPpY+w4dWXEqaV3bnobzPC4eyxQKBUCOr80Q5YBlWXVBH
x9elwBWZwj0SF4hLKHznExnLerVsMuTMA846RbQmSz62vM6kGM13HFonWeQvWia0TDr78+rOEgWF
2KHBSIxL51lmIDW8Gql9hJfD/Dr/
NKP97w3L0wAAAIEAr3FkWU8XbYytQYEKxsIN9P1UQ1ERXB3G40YwqFO484SlyKyYCfaz+yNsaAJu
2C8UebDIR3GieyNcOAKf3inCG8jQwjLvZskuZwrvlsz/xtcxSoAh9axJcdUfSJYMW/
g+mD26JK1Cliw5rwp2nH9kUrJxeI7IReDp4egNkM4i15o= configurator@server1.he"; ##
SECRET-DATA
Question: What mode of operation must the device

be in to change the root password?
Answer: The device must be in configuration mode

to change the root password.
Part 4: Configuring the Loopback Interface

In this lab part, you will setup a loopback interface and show related settings. The
Junos OS follows the IP convention of using lo0 as the loopback interface's identifier
name. You can configure multiple addresses on a single loopback interface,
however there is only one loopback interface per Junos device.
Step 4.1
Issue the set interfaces lo0 unit 0 family inet address command
to set the loopback address.
[edit]
lab@srxA-1# set interfaces lo0 unit 0 family inet address 127.0.0.1/32
www.juniper.net
Step 4.2
Issue the run show interfaces lo0 command to check the interface state.
lab@srxA-1# run show interfaces lo0
Physical interface: lo0, Enabled, Physical link is Up
Interface index: 6, SNMP ifIndex: 6
Type: Loopback, MTU: Unlimited
Device flags
: Present Running Loopback
Interface flags: SNMP-Traps
Link flags
: None
Last flapped
: Never
Input packets : 50548
Output packets: 50548
Logical interface lo0.0 (Index 66) (SNMP ifIndex 16)
Flags: SNMP-Traps Encapsulation: Unspecified
Input packets : 0
Output packets: 0
Security: Zone: trust
Allowed host-inbound traffic : bootp bfd bgp dns dvmrp igmp ldp msdp nhrp
ospf ospf3 pgm pim rip ripng router-discovery rsvp sap vrrp dhcp finger ftp
tftp ident-reset http https ike netconf ping reverse-telnet reverse-ssh
rlogin rpm rsh snmp snmp-trap ssh telnet traceroute xnm-clear-text xnm-ssl
lsping ntp sip dhcpv6 r2cp
Protocol inet, MTU: Unlimited
Flags: Sendbcast-pkt-to-re
Addresses, Flags: Is-Default Is-Primary
Local: 192.168.1.1
Input packets : 0
Output packets: 0
Flags: None
Addresses
Local: 127.0.0.1
Input packets : 50548
Output packets: 50548
www.juniper.net
Flags: None
Addresses, Flags: Is-Default Is-Primary
Local: 10.0.0.1
Addresses
Local: 10.0.0.16
Addresses
Local: 128.0.0.1
Addresses
Local: 128.0.0.4
Addresses
Local: 128.0.1.16
Flags: Encapsulation: Unspecified
Input packets : 0
Output packets: 0
Security: Zone: null
Question: What command is used to set the

loopback interface in Junos CLI?
Answer: Use the set interfaces lo0 unit 0

family inet command to set the loopback
interface in Junos CLI.
Part 5: Viewing the MGMT Interface

In this lab part, you will view the dedicated management interface.
Step 5.1
Issue the show interfaces ge-0/0/0 command to view the MGMT interface.
Note that the IP address on your device might be different.
[edit]
lab@srxA-1# show interfaces ge-0/0/0
description "MGMT Interface - DO NOT DELETE";
unit 0 {
family inet {
address 10.210.41.131/27;
}
}
www.juniper.net

Note
The MGMT interface is defined in the

default configuration loaded on to your
device. To configure the MGMT interface
manually using the IP address of
10.210.41.131/27, issue the set
interfaces ge-0/0/0 unit 0
family inet address
10.210.41.131/27 command.
Question: What would happen if we substituted
fxp0 for ge0 above?
Answer: It would assign management port for

routers and gateways and not Gigabit Ethernet.
Step 5.2
Issue the commit command to set the configuration into memory.
[edit]
lab@srxA-1# commit
commit complete
[edit]
lab@srxA-1#
Part 6: Setting the Date and Time

In this lab part, you will configure the date and time from the Junos OS operational
mode.
Note
You have
been working in configuration

mode for several steps in this lab. You will
need to go back to operational mode to set
date and time.
Step 6.1
Issue the exit command to exit from configuration mode into operational mode.
lab@srxA-1# exit
lab@srxA-1>
www.juniper.net
Step 6.2
Issue the set date command to set the date and time for your Junos device.
Note
The date/time is in the format

YYYYMMDDhhmm.ss. Use todays date and
time per the format noted in the example
below.
lab@srxA-1> set date 201207131200.00
Fri Jul 13 12:00:00 UTC 2012
lab@srxA-1>
Question: What is the correct format to set the

device date and time?
Answer: YYYYMMDDhhmm.ss.
Part 7: Performing a Basic Interface Configuration

In this lab part, you will configure basic interfaces, as well as view them using the
Junos CLI.
Step 7.1
Issue the configure command to navigate from operational mode into
configuration mode.
Step 7.2
Issue the set interfaces ge-0/0/14 unit 0 family inet address
command to configure the interface address with 172.23.24.100/24 as the
specified IP address.
[edit]
lab@srxA-1# set interfaces ge-0/0/14 unit 0 family inet address 172.23.24.100/24
Step 7.3
Issue the show interfaces ge-0/0/14 command to check validity of the
interface address.
[edit]
unit 0 {
family inet {
address 172.23.24.100/24;
}
}
www.juniper.net
Step 7.4
Issue the commit command to set the configuration into memory.
[edit]
lab@srxA-1# commit
commit complete
Question: What does unit 0 in the command line

hierarchy represent?
Answer: Unit 0 is a logical unit configured within the

physical interface. Each physical interface must
have at least one configured logical interface, with
the first one numbered 0 (not 1) before it can carry
traffic.
Step 7.5
Issue the exit command to return to operational mode.
lab@srxA-1# exit
lab@srxA-1>
Issue the show interfaces terse command in operational mode to verify the
interface configuration.
lab@srxA-1> show interfaces terse
Interface
Admin Link
ge-0/0/0
up
up
ge-0/0/0.0
up
up
gr-0/0/0
up
up
ip-0/0/0
up
up
lsq-0/0/0
up
up
lt-0/0/0
up
up
mt-0/0/0
up
up
sp-0/0/0
up
up
sp-0/0/0.0
up
up
sp-0/0/0.16383
up
up
ge-0/0/1
ge-0/0/2
ge-0/0/3
ge-0/0/4
ge-0/0/5
ge-0/0/6
ge-0/0/7
ge-0/0/8
up
up
up
up
up
up
up
up
Proto
Local
inet
10.210.41.131/27
inet
inet
10.0.0.1
10.0.0.6
128.0.0.1
128.0.0.6
Remote
-->
-->
-->
-->
10.0.0.16
0/0
128.0.1.16
0/0
up
up
up
up
down
up
up
up
www.juniper.net
ge-0/0/9
ge-0/0/10
ge-0/0/11
ge-0/0/12
ge-0/0/13
ge-0/0/14
ge-0/0/14.0
ge-0/0/15
fxp2
fxp2.0
gre
ipip
irb
lo0
lo0.16384
lo0.16385
up
up
up
up
up
up
up
up
up
up
up
up
up
up
up
up
up
up
up
down
down
down
down
down
up
up
up
up
up
up
up
up
lo0.32768
lsi
mtun
pimd
pime
pp0
ppd0
ppe0
st0
tap
vlan
up
up
up
up
up
up
up
up
up
up
up
up
up
up
up
up
up
up
up
up
up
up
inet
172.23.24.100/24
tnp
0x1
inet
inet
127.0.0.1
10.0.0.1
10.0.0.16
128.0.0.1
128.0.0.4
128.0.1.16
-->
-->
-->
-->
-->
-->
0/0
0/0
0/0
0/0
0/0
0/0
Question: When in operational mode, what

command allows you to see what is in your active
configuration?
Answer: The show configuration command.
Part 8: Setting Up User Accounts

In this lab part, you set up a local user account to establish access to log in to a
device.
Step 8.1
Issue the configure command to enter into configuration mode.
www.juniper.net
Step 8.2
Issue the edit system login command to create the login.
[edit]
lab@srxA-1# edit system login
Step 8.3
Issue the edit user jadmin command to add a new user with the username
jadmin.
[edit system login]
lab@srxA-1# edit user jadmin
Step 8.4
Issue the set full-name command.
[edit system login user jadmin]
lab@srxA-1# set full-name "Juniper Network Administrator"
Note
If the full name includes spaces, you must

enclose the entire name in quotes.
Step 8.5
Issue the set authentication plain-text-password command to set a
new password for the user. Use admin123 for the password.
Note
The minimum password length is 6

characters and it requires a change in
case, digits, or punctuation.
lab@srxA-1# set authentication plain-text-password
New password: admin123
Retype new password: admin123
Step 8.6
Issue the set class super-user to specify the login class for the user.
lab@srxA-1# set class super-user
Question: What permissions are allowed for

super-user?
Answer: All permissions are allowed for super-user

class
www.juniper.net
Step 8.7
Issue the commit command to save your current configuration to memory.
lab@srxA-1# commit
commit complete
Part 9: Configuring Remote Access

In this lab part, you will enable ftp remote access in the configuration.
Step 9.1
Issue the top command to get to the top level of the hierarchy.
lab@srxA-1# top
[edit]
lab@srxA-1#
Step 9.2
Issue the show system services command to check systems services that
are currently enabled
[edit]
lab@srxA-1# show system services
ssh;
telnet;
Step 9.3
Issue the set system services ftp command to enable ftp on the Junos
system.
[edit]
lab@srxA-1# set system services ftp
Step 9.4
Issue the show system services command to verify that ftp is now listed as
an enabled service.
[edit]
lab@srxA-1# show system services
ftp;
ssh;
telnet;
Step 9.5
Commit the configuration to save your work to memory in the Junos system.
[edit]
lab@srxA-1# commit
commit complete
[edit]
www.juniper.net
lab@srxA-1#
Question: What services are currently enabled in

the setup above?
Answer: The FTP, SSH, and Telnet services are

currently enabled.
Step 9.6
Do not close any browser tabs. You will return to the SRX1 CLI tab to perform the
exercises in Lab 2.
STOP
You have completed Lab 1. Please return to the course and complete
the next section before proceeding to Lab 2.
www.juniper.net
Lab 2
SNMP
Overview
Successful network administrators have the ability and tools to determine where and
when a network failure is occurring. Juniper Networks offers the user the ability to monitor
various facets of system health through the use of the SNMP.
Create an SNMP trap group.
Create an SNMP community.
Set SNMP contact details.
Set SNMP views.
Configure the Health Monitor to log RMON alarms and events.
Part 1: SNMP Trap Groups

In this lab part, you will create an SNMP trap group and configure a related category that
specifies where the traps will be sent and what events will trigger those traps.
In the following example, you are gathering data around link failure. In actual practice in
your production environment, you may choose other SNMP alerts to track.
Step 1.1
Issue the set snmp trap-group link-failure command to create the
link-failure trap group.
[edit]
lab@srxA-1# set snmp trap-group link-failure
Step 1.2
Issue the set snmp trap-group link-failure categories authentication
chassis link command to create the authentication, chassis, and link
categories.
[edit]
lab@srxA-1# set snmp trap-group link-failure categories authentication chassis
link
www.juniper.net
SNMP Lab 21
11.4R1.6
Step 1.3
Issue the set snmp trap-group link-failure target 172.23.10.100
command to set the target of 172.23.10.100.
[edit]
lab@srxA-1# set snmp trap-group link-failure targets 172.23.10.100
Step 1.4
Issue the show snmp command to verify your work.
[edit]
lab@srxA-1# show snmp
trap-group link-failure {
categories {
authentication;
chassis;
link;
}
targets {
172.23.10.100;
}
}
Step 1.5
Issue the commit command to save the current configuration.
[edit]
lab@srxA-1# commit
commit complete
[edit]
lab@srxA-1#
Part 2: SNMP Communities

In this lab part, you will add an SNMP community as well as a community client.
Step 2.1
Issue the set snmp community limit-manager clients 1.2.3.4 command
to specify the community client.
[edit]
lab@srxA-1# set snmp community limit-manager clients 1.2.3.4
Note
Manager is used in our example, but you

may use alternative selection based on
what is applicable to your production
environment.
Step 2.2
Lab 22 SNMP
www.juniper.net
[edit]
community limit-manager {
clients {
1.2.3.4/32;
}
}
categories {
authentication;
chassis;
link;
}
targets {
172.23.10.100;
}
}
Part 3: Setting SNMP Contact Details

In this lab part, you will configure the contact details within SNMP related to your
equipment. It is good to be able to look at the logs and see where the device is
located and specified rack location.
Step 3.1
Issue the set snmp contact "Anglos G McGillicudy" command to set the
SNMP contact.
[edit]
lab@srxA-1# set snmp contact "Anglos G McGillicudy"
Note
If your input is multiple words, you should

use quotation marks to group it together.
Step 3.2
Issue the set snmp location "ADOC Second Floor Rack 2-B" command to
set the location for SNMP.
[edit]
lab@srxA-1# set snmp location "ADOC Second Floor Rack 2-B"
Step 3.3
Issue the set snmp description SRX240 command to set the set the SNMP
description.
[edit]
lab@srxA-1# set snmp description SRX240
Step 3.4
www.juniper.net
SNMP Lab 23
[edit]
description SRX240;
location "ADOC Second Floor Rack 2-B";
contact "Anglos G McGillicudy";
clients {
1.2.3.4/32;
}
}
categories {
authentication;
chassis;
link;
}
targets {
172.23.10.100;
}
}
Question: How do you add a location for your device

that contains more than one word?
Answer: To add a location that contains more than

one word, encapsulate the location in quotes.
Step 3.5
Issue the commit command to save the configuration.
[edit]
lab@srxA-1# commit
commit complete
[edit]
lab@srxA-1#
Part 4: SNMP Views

In this lab part, you will use the CLI to configure SNMP views to explicitly grant or
deny access to MIBs. By default, an SNMP community is granted access to all MIBs.
Step 4.1
Issue the set snmp view PING-OID oid 1.3.6.1.2.1.80 include command
to create the PING SNMP view.
Lab 24 SNMP
www.juniper.net
[edit]
lab@srxA-1# set snmp view PING-OID oid 1.3.6.1.2.1.80 include
Note
For this example, PING is used as the

noted name. You may use an alternative
name based on what is applicable to your
production environment.
Step 4.2
Issue the set snmp community limit-manager view PING-OID command to
associate the newly created view with a community.
[edit]
lab@srxA-1# set snmp community limit-manager view PING-OID
Step 4.3
[edit]
description SRX240;
view PING-OID {
oid 1.3.6.1.2.1.80 include;
}
view PING-OID;
clients {
1.2.3.4/32;
}
}
categories {
authentication;
chassis;
link;
}
targets {
172.23.10.100;
}
}
Step 4.4
[edit]
lab@srxA-1# commit
commit complete
[edit]
lab@srxA-1#
www.juniper.net
SNMP Lab 25
Part 5: SNMP RMON and Health-Monitoring

In this lab part, you will configure the Health Monitor to log RMON alarms and
events. The health monitor extends the RMON alarm infrastructure to provide
predefined monitoring for a selected set of object instances for file system usage,
CPU usage, and memory usage. It also includes support for unknown or dynamic
object instances such as Junos Software processes.
Step 5.1
Issue the set snmp health-monitor interval 3600 command to set the
interval.
[edit]
lab@srxA-1# set snmp health-monitor interval 3600
Step 5.2
Issue the set snmp health-monitor rising-threshold 80 command to set
the rising threshold to 80. This will be used to check monitored objects.
[edit]
lab@srxA-1# set snmp health-monitor rising-threshold 80
Step 5.3
Issue the set snmp health-monitor falling-threshold 70 command to set
the falling threshold to 70. This will be used to check monitored objects.
[edit]
lab@srxA-1# set snmp health-monitor falling-threshold 70
Step 5.4
[edit]
description SRX240;
view PING-OID {
oid 1.3.6.1.2.1.80 include;
}
view PING-OID;
clients {
1.2.3.4/32;
}
}
categories {
authentication;
chassis;
link;
}
targets {
172.23.10.100;
Lab 26 SNMP
www.juniper.net
}
}
health-monitor {
interval 3600;
rising-threshold 80;
falling-threshold 70;
}
Step 5.5
[edit]
lab@srxA-1# commit
commit complete
[edit]
lab@srxA-1#
Step 5.6
Issue the run show snmp health-monitor command to see what objects are
being monitored for health using the new configuration.
[edit]
lab@srxA-1# run show snmp health-monitor
Alarm
Index
Variable description
Value State
32768 Health Monitor: root file system utilization

jnxHrStoragePercentUsed.1
26 active
32769 Health Monitor: /config file system utilization

jnxHrStoragePercentUsed.2
32770 Health Monitor: RE 0 CPU utilization
jnxOperatingCPU.9.1.0.0
32771 Health Monitor: RE 1 CPU utilization
jnxOperatingCPU.9.2.0.0
32772 Health Monitor: RE 0 memory utilization
jnxOperatingBuffer.9.1.0.0
0 active
11 active
0 object not available
58 active
32773 Health Monitor: RE 1 memory utilization

jnxOperatingBuffer.9.2.0.0
0 object not available
32774 Health Monitor: Max Kernel Memory Used (%)

jnxBoxKernelMemoryUsedPercent.0
1 active
32775 Health Monitor: jroute daemon memory usage

Routing protocols process
Management process
Management process
Command-line interface
Periodic packet management process
www.juniper.net
47504
36612
48492
45912
9848
active
active
active
active
active
SNMP Lab 27
Bidirectional Forwarding Detection process

Service Deployment Client
Event processing process
Layer 2 address flooding and learning process
Multicast Snooping process
Feature license management process
11544 active
9880 active
8244 active
18652 active
8968 active
10800 active
32776 Health Monitor: jkernel daemon memory usage

32777 Health Monitor: FWDD Micro-Kernel threads total CPU Utilization
32778 Health Monitor: FWDD Real-Time threads total CPU Utilization
32779 Health Monitor: FWDD DMA Memory utilization
32780 Health Monitor: FWDD Heap utilization
Part 6: SNMP Health-Monitoring Logs

In this lab part, you will focus on adding special tags to the system syslog messages
file to identify events that have been triggered by the thresholds being breached
under Health-Monitoring. In addition to this, you will generate a list of the events
being triggered as a result of the Heath-Monitoring configuration.
Step 6.1
Issue the show system syslog command to see the logs for the events triggered
in the vLab environment.
lab@srxA-1# show system syslog
user * {
any emergency;
}
file messages {
any error;
authorization info;
}
file interactive-commands {
interactive-commands any;
}
Question: According to these settings, would the

system syslog file messages include the
notifications about health-monitoring?
Answer: No, the messages syslog would only be

capturing critical events.
Step 6.2
Issue the show snmp command to see the SNMP configuration.
Lab 28 SNMP
www.juniper.net
[edit]
description SRX240;
view PING-OID {
oid 1.3.6.1.2.1.80 include;
}
view PING-OID;
clients {
1.2.3.4/32;
}
}
categories {
authentication;
chassis;
link;
}
targets {
172.23.10.100;
}
}
health-monitor {
interval 3600;
}
Step 6.3
Issue the run show snmp health-monitor logs command to see the logs
triggered under show snmp health-monitor logs.
[edit]
lab@srxA-1# run show snmp health-monitor logs
Note
There should be no events displayed. Next

you will change the threshold values so that
you can see some events being triggered.
Step 6.4
Issue the set snmp health-monitor rising-threshold 20 command to set
the rising threshold to 20.
[edit]
lab@srxA-1# set snmp health-monitor rising-threshold 20
Step 6.5
Issue the set snmp health-monitor falling-threshold 10 command to set
the falling threshold to 10.
www.juniper.net
SNMP Lab 29
[edit]
lab@srxA-1# set snmp health-monitor falling-threshold 10
Step 6.6
Issue the set snmp health-monitor interval 1 to set the heath-monitor
interval to 1.
[edit]
lab@srxA-1# set snmp health-monitor interval 1
Step 6.7
[edit]
lab@srxA-1# commit
commit complete
[edit]
lab@srxA-1#
Step 6.8
Issue the run show snmp health-monitor logs command to see the logs
triggered under show snmp health-monitor logs.
[edit]
lab@srxA-1# run show snmp health-monitor logs
Event Index: 32768
Description: Health Monitor: root file system utilization crossed rising
threshold 20 (value: 26), (variable:
jnxHrStoragePercentUsed.1)
Time: 2012-07-13 13:07:40 UTC
Description: Health Monitor: RE 0 memory utilization crossed rising
threshold 20 (value: 57), (variable:
jnxOperatingBuffer.9.1.0.0)
Time: 2012-07-13 13:07:48 UTC
Description: Health Monitor: jkernel daemon memory usage (IDP policy
daemon) crossed rising threshold 52428 (value: 55384),
(variable: sysApplElmtRunMemory.3.124.1201)
Time: 2012-07-13 13:07:57 UTC
Step 6.9
Issue the run show log messages | match health command to compare the
differences in the system log messages.
[edit]
lab@srxA-1# run show log messages | match health
Jul 13 12:48:21 srxA-1 mgd[7738]: UI_CFG_AUDIT_OTHER: User 'lab' set: [snmp
health-monitor]
Jul 13 12:48:21 srxA-1 mgd[7738]: UI_CFG_AUDIT_SET: User 'lab' set: [snmp
health-monitor interval] <unconfigured> -> "3600"
Jul 13 12:48:21 srxA-1 mgd[7738]: UI_CMDLINE_READ_LINE: User 'lab', command
'set snmp health-monitor interval 3600 '
health-monitor rising-threshold] <unconfigured> -> "80"
'set snmp health-monitor rising-threshold 80 '
Lab 210 SNMP
www.juniper.net

health-monitor falling-threshold] <unconfigured> -> "70"
'set snmp health-monitor falling-threshold 70 '
'run show snmp health-monitor '
'run show snmp health-monitor logs '
health-monitor rising-threshold] "80 -> "20"
'set snmp health-monitor rising-threshold 20 '
health-monitor falling-threshold] "70 -> "10"
'set snmp health-monitor falling-threshold 10 '
health-monitor interval] "3600 -> "1"
'set snmp health-monitor interval 1 '
Jul 13 13:07:40 srxA-1 snmpd[1174]: SNMPD_HEALTH_MON_THRESH_CROSS: Health
Monitor: root file system utilization crossed rising threshold 20 (value:
26), (variable: jnxHrStoragePercentUsed.1)
Monitor: RE 0 memory utilization crossed rising threshold 20 (value: 57),
(variable: jnxOperatingBuffer.9.1.0.0)
Monitor: jkernel daemon memory usage (IDP policy daemon) crossed rising
threshold 52428 (value: 55384), (variable: sysApplElmtRunMemory.3.124.1201)
'run show snmp health-monitor logs '
Monitor: FWDD Heap utilization crossed rising threshold 20 (value: 49),
(variable: jnxFwddHeapUsage.0)
Monitor: RE 0 CPU utilization crossed rising threshold 20 (value: 21),
(variable: jnxOperatingCPU.9.1.0.0)
'run show log mesages | match health '
'run show log messages | match health '
Note
The messages file has been tagged with

HEALTH_MON_THRESH to show the events
being triggered as a result of the
Health-Monitoring.
Step 6.10
Do not close any browser tabs. You will return to the SRX1 CLI tab to perform the
exercises in Lab 3.
www.juniper.net
SNMP Lab 211
STOP
Lab 212 SNMP
You have completed Lab 2. Please return to the course and complete
the next section before proceeding to Lab 3.
www.juniper.net
Lab 3
Configuration Commands and Related Shortcuts
Overview
This lab focuses on various techniques that can save Network Administrators time and
effort when configuring and modifying configurations in the command-line interface (CLI).
These techniques provide a way to easily reuse configuration statements set up in other
parts of the configuration and even on other Junos devices. These shortcuts can not only
speed up configuration editing, but can also help to reduce errors associated with
repetitive command entry.
www.juniper.net
Use time saving techniques.
Create an interface group
Exclude interfaces from a group.
Save and load configuration files.
Configuration Commands and Related Shortcuts Lab 31

11.4R1.6
Part 1: Time Saving Techniques when Modifying Configurations in CLI

In this lab part, you will explore various commands used in configuration statements
within a Junos OS system, along with techniques that save you time and typing.
Step 1.1
172.23.11.100/24 command.
[edit]
Step 1.2
Issue the show interfaces ge-0/0/7 to view complete interface details.
unit 0 {
family inet {
address 172.23.11.100/24;
}
}
Step 1.3
Issue the show interfaces ge-0/0/7 | display set command to display
the command used to configure the ge-0/0/7 interface.
[edit]
lab@srxA-1# show interfaces ge-0/0/7 | display set
set interfaces ge-0/0/7 unit 0 family inet address 172.23.11.100/24
Step 1.4
Issue the show interfaces ge-0/0/6 command to show interface settings.
[edit]
[edit]
lab@srxA-1#
Question: Is the ge-0/0/6 interface configured?
Answer: No. The ge-0/0/6 interface is not

configured based on the results of the show
interfaces ge-0/0/6 command.
Step 1.5
Issue the rename interfaces ge-0/0/7 to ge-0/0/6 command to
rename a section of the configuration for re-use.
[edit]
lab@srxA-1# rename interfaces ge-0/0/7 to ge-0/0/6
Lab 32 Configuration Commands and Related Shortcuts
www.juniper.net
Step 1.6
Issue the show interfaces ge-0/0/6 command to verify that the rename
command worked.
[edit]
unit 0 {
family inet {
address 172.23.11.100/24;
}
}
Question: What is the command that allows you to

rename a section of the Junos configuration?
Answer: The rename command allows you to

rename a section of the Junos configuration.
Step 1.7
Issue the copy interfaces ge-0/0/6 to ge-0/0/4 command to copy
ge-0/0/3 to ge-0/0/4 interface.
[edit]
lab@srxA-1# copy interfaces ge-0/0/6 to ge-0/0/4
Step 1.8
Issue the show interfaces ge-0/0/4 command to view the ge-0/0/4
interface.
[edit]
unit 0 {
family inet {
address 172.23.11.100/24;
}
}
Step 1.9
Issue the replace pattern ge-0/0/4 with ge-0/0/5 command to
replace a pattern of configuration statements from ge-0/0/4 to ge-0/0/5.
[edit]
lab@srxA-1# replace pattern ge-0/0/4 with ge-0/0/5
Step 1.10
Issue the show interfaces ge-0/0/5 command to confirm that the replace
command was successful.
[edit]
unit 0 {
family inet {
address 172.23.11.100/24;
www.juniper.net
}
}
Question: What command line mode does the

replace command require?
Answer: You must be in configuration mode to run

the replace command.
Part 2: Creating and Configuring Interface Groups and Templates

In this lab part, you will configure a set-speed-and-duplex group to set the
speed and duplex of all GE links to 100 Mbps full duplex.
Step 2.1
Issue the edit groups commands to move to the edit groups hierarchy level.
[edit]
lab@srxA-1# edit groups
Step 2.2
Issue the show command to illustrate that the groups hierarchy level is currently
empty.
[edit groups]
lab@srxA-1# show
Step 2.3
Issue the edit set-speed-and-duplex command to create the
set-speed-and-duplex group.
[edit groups]
lab@srxA-1# edit set-speed-and-duplex
Step 2.4
Issue the set interfaces <ge-0/0/*> link-mode full-duplex
command.
Note
The <ge-0/0/*> is wildcard command to

allow multiple interfaces to be setup.
[edit groups set-speed-and-duplex]
lab@srxA-1# set interfaces <ge-0/0/*> link-mode full-duplex
Step 2.5
Issue the set interfaces <ge-0/0/*> speed 100m command.
lab@srxA-1# set interfaces <ge-0/0/*> speed 100m
www.juniper.net
Step 2.6
Issue the show command to show the interface and group setup.
lab@srxA-1# show
interfaces {
<ge-0/0/*> {
speed 100m;
link-mode full-duplex;
}
}
Part 3: Configure Interfaces to a Group

In this lab part, we will configure interfaces and apply the group at the top of the
hierarchy using the apply-groups command.
Step 3.1
Issue the top command to get to the top of the Junos hierarchy.
lab@srxA-1# top
Step 3.2
Issue the edit interfaces command to enter the edit interfaces hierarchy
level.
[edit]
lab@srxA-1# edit interfaces
Step 3.3
Issue the set apply-groups set-speed-and-duplex command.
[edit interfaces]
lab@srxA-1# set apply-groups set-speed-and-duplex
Step 3.4
Issue the show command.
[edit interfaces]
lab@srxA-1# show
apply-groups set-speed-and-duplex;
ge-0/0/0 {
unit 0 {
family inet {
address 10.210.41.131/27;
}
}
}
ge-0/0/5 {
unit 0 {
family inet {
address 172.23.11.100/24;
www.juniper.net
}
}
}
ge-0/0/6 {
unit 0 {
family inet
address
}
}
}
ge-0/0/14 {
unit 0 {
family inet
address
}
}
}
lo0 {
unit 0 {
family inet
address
}
}
}
{
172.23.11.100/24;
{
172.23.24.100/24;
{
127.0.0.1/32;
Step 3.5
Issue the show | display inheritance command to see what has been
inherited.
[edit interfaces]
lab@srxA-1# show | display inheritance
ge-0/0/0 {
##
## '100m' was inherited from group 'set-speed-and-duplex'
##
speed 100m;
##
## 'full-duplex' was inherited from group 'set-speed-and-duplex'
##
unit 0 {
family inet {
address 10.210.41.131/27;
}
}
}
ge-0/0/5 {
##
##
speed 100m;
##
##
www.juniper.net
unit 0 {
family inet {
address 172.23.11.100/24;
}
}
}
ge-0/0/6 {
##
##
speed 100m;
##
##
unit 0 {
family inet {
address 172.23.11.100/24;
}
}
}
ge-0/0/14 {
##
## '100m' was inherited from group 'set-speed-and-d
uplex'
##
speed 100m;
##
## 'full-duplex' was inherited from group 'set-spee
d-and-duplex'
##
unit 0 {
family inet {
address 172.23.24.100/24;
}
}
}
lo0 {
unit 0 {
family inet {
address 127.0.0.1/32;
}
}
}
Part 4: Interface Exclusion from a Configured Group

In this lab part, you will set up an interface to be excluded from the configured
group. The ge-0/0/1 interface will be the noted exclusion target.
www.juniper.net
Step 4.1
Issue the set ge-0/0/1 description "Exclude Me From Group"
command.
[edit interfaces]
lab@srxA-1# set ge-0/0/1 description "Exclude Me From Group"
Step 4.2
Issue the set ge-0/0/1 unit 0 family ethernet-switching
command.
[edit interfaces]
lab@srxA-1# set ge-0/0/1 unit 0 family ethernet-switching
Step 4.3
Issue the set ge-0/0/1 apply-groups-except
set-speed-and-duplex command.
[edit interfaces]
lab@srxA-1# set ge-0/0/1 apply-groups-except set-speed-and-duplex
Step 4.4
Issue the show command to see the ge-0/0/1 interface notation commands.
[edit interfaces]
lab@srxA-1# show
ge-0/0/0 {
unit 0 {
family inet {
address 10.210.41.131/27;
}
}
}
ge-0/0/1 {
apply-groups-except set-speed-and-duplex;
description "Exclude Me From Group";
unit 0 {
family ethernet-switching;
}
}
ge-0/0/5 {
unit 0 {
family inet {
address 172.23.11.100/24;
}
}
}
ge-0/0/6 {
unit 0 {
family inet {
address 172.23.11.100/24;
}
}
www.juniper.net
}
ge-0/0/14 {
unit 0 {
family inet
address
}
}
}
lo0 {
unit 0 {
family inet
address
}
}
}
{
172.23.24.100/24;
{
127.0.0.1/32;
Part 5: Saving and Loading Configuration Files

In this lab part, you will add two interfaces to a configuration file and then save it for
future use.
Step 5.1
Issue the top command to get to the top of the Junos hierarchy.
[edit interfaces]
lab@srxA-1# top
Step 5.2
172.23.22.100/24 command to add the IP address 172.23.22.100/24 to
interface ge-0/0/12.
[edit]
Step 5.3
172.23.23.100/24 command to add the IP address 172.23.23.100/24 to
interface ge-0/0/13..
[edit]
Step 5.4
Issue the show interfaces command to verify the interfaces were successfully
added.
[edit]
lab@srxA-1# show interfaces
ge-0/0/0 {
unit 0 {
family inet {
www.juniper.net
address 10.210.41.131/27;
}
}
}
ge-0/0/1 {
unit 0 {
}
}
ge-0/0/5 {
unit 0 {
family inet {
address 172.23.11.100/24;
}
}
}
ge-0/0/6 {
unit 0 {
family inet {
address 172.23.11.100/24;
}
}
}
ge-0/0/12 {
unit 0 {
family inet {
address 172.23.22.100/24;
}
}
}
ge-0/0/13 {
unit 0 {
family inet {
address 172.23.23.100/24;
}
}
}
ge-0/0/14 {
unit 0 {
family inet {
address 172.23.24.100/24;
}
}
}
lo0 {
unit 0 {
family inet {
address 127.0.0.1/32;
}
}
}
www.juniper.net
Step 5.5
Issue the commit command to save the changes to the configuration.
[edit]
lab@srxA-1# commit
commit complete
[edit]
lab@srxA-1#
Step 5.6
Issue the save /var/tmp/lab3.config command to archive this
configuration file. The files will be stored in /var/tmp/file name. The file name
that was used in this case is lab3.cfg.
[edit]
lab@srxA-1# save /var/tmp/lab3.config
Wrote 142 lines of configuration to '/var/tmp/lab3.config'
Note
The new modified configuration file is now

saved in /var/tmp/lab3.config. This
configuration file can now be used for
future needs.
Step 5.7
If you needed to load this saved configuration, you would issue the load
override /var/tmp/lab3.cfg command to completely replace the current
configuration file.
[edit]
lab@srxA-1# load override /var/tmp/lab3.config
load complete
Step 5.8
Issue the commit and-quit command to complete the loading of the new
configuration file.
[edit]
lab@srxA-1# commit and-quit
commit complete
Step 5.9
You can issue the show configuration command from operational mode to
confirm the new interface additions are in the configuration file.
lab@srxA-1> show configuration
## Last commit: 2012-07-13 13:58:23 UTC by lab
version 12.1X44-D35.5;
groups {
set-speed-and-duplex {
interfaces {
<ge-0/0/*> {
speed 100m;
www.juniper.net
}
}
}
}
system {
host-name srxA-1;
root-authentication {
encrypted-password "$1$KI99zGk6$MbYFuBbpLffu9tn2.sI7l1"; ## SECRET-DATA
ssh-dsa "ssh-dss
AAAAB3NzaC1kc3MAAACBAMQrfP2bZyBXJ6PC7XXZ+MzErI8Jl6jah5L4/
O8BsfP2hC7EvRfNoX7MqbrtCX/9gUH9gChVuBCB+ERULMdgRvM5uGhC/
gs4UX+4dBbfBgKYYwgmisM8EoT25m7qI8ybpl2YZvHNznvO8h7kr4kpYuQEpKvgsTdH/
Jle4Uqnjv7DAAAAFQDZaqA6QAgbW3O/
zveaLCIDj6p0dwAAAIB1iL+krWrXiD8NPpY+w4dWXEqaV3bnobzPC4eyxQKBUCOr80Q5YBlWXVBH
x9elwBWZwj0SF4hLKHznExnLerVsMuTMA846RbQmSz62vM6kGM13HFonWeQvWia0TDr78+rOEgWF
2KHBSIxL51lmIDW8Gql9hJfD/Dr/
NKP97w3L0wAAAIEAr3FkWU8XbYytQYEKxsIN9P1UQ1ERXB3G40YwqFO484SlyKyYCfaz+yNsaAJu
2C8UebDIR3GieyNcOAKf3inCG8jQwjLvZskuZwrvlsz/xtcxSoAh9axJcdUfSJYMW/
g+mD26JK1Cliw5rwp2nH9kUrJxeI7IReDp4egNkM4i15o= configurator@server1.he"; ##
SECRET-DATA
}
login {
user lab {
uid 2000;
class super-user;
authentication {
encrypted-password "$1$84J5Maes$cni5Hrazbd/IEHr/50oY30"; ##
SECRET-DATA
}
}
}
services {
ssh;
telnet;
}
syslog {
user * {
any emergency;
}
file messages {
any any;
authorization info;
}
file interactive-commands {
interactive-commands any;
}
}
}
interfaces {
ge-0/0/0 {
unit 0 {
family inet {
www.juniper.net
address 10.210.41.131/27;
}
}
}
ge-0/0/1 {
unit 0 {
}
}
ge-0/0/5 {
unit 0 {
family inet {
address 172.23.11.100/24;
}
}
}
ge-0/0/6 {
unit 0 {
family inet {
address 172.23.11.100/24;
}
}
}
ge-0/0/12 {
unit 0 {
family inet {
address 172.23.22.100/24;
}
}
}
ge-0/0/13 {
unit 0 {
family inet {
address 172.23.23.100/24;
}
}
}
}
ge-0/0/14 {
unit 0 {
family inet
address
}
}
}
lo0 {
unit 0 {
family inet
address
}
}
}
}
www.juniper.net
{
172.23.24.100/24;
{
127.0.0.1/32;
snmp {
description SRX240;
location ADOC;
contact "Anglos C";
view PING-OID {
oid 1.3.6.1.2.1.80 include;
}
view PING-OID;
clients {
1.2.3.4/32;
}
}
categories {
authentication;
chassis;
link;
}
targets {
172.23.10.100;
}
}
health-monitor {
interval 1;
}
}
security {
forwarding-options {
family {
mpls {
mode packet-based;
}
}
}
}
Step 5.10
You should now close the SRX1 CLI tab and end your reservation for this lab
environment. You may then choose another lab or log off of the Virtual Labs website.
STOP
Congratulations! You have completed Lab 3. Please return to the course

to complete the presentation.
www.juniper.net

Basic Junos

Загружено:

Сведения о документе

Авторское право

Доступные форматы

Поделиться этим документом

Поделиться или встроить документ

Параметры публикации

Этот документ был вам полезен?

Это неприемлемый материал?

Авторское право:

Доступные форматы

Basic Junos

Загружено:

Авторское право:

Доступные форматы

Configuring Junos Basics

Worldwide Education Services

This document is produced by Juniper Networks, Inc.

Most of what you read in the Lab Guide and

GUI text elements:

Select File > Open, and then click

Input Text Versus Output Text

Physical interface:fxp0, Enabled

Text that you must enter.

lab@San_Jose> show route

Defined and Undefined Syntax Variables

Text where variable value is already

Text where the variables value is the

Type set policy policy-name.

Click my-peers in the dialog.

Introduction to the Juniper Networks Virtual Lab . . . . . . . . . . . . . . . . . . . . 0-1

Getting Started . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-1

Configuration Commands and Related Shortcuts . . . . . . . . . . . . . . . . . . . 3-1

The Purpose of the Virtual Labs

Introduction to the Juniper Networks Virtual Lab Lab 01

Part 1: Accessing the Virtual Labs Homepage

Part 2: Logging in to the Virtual Labs site

Lab 02 Introduction to the Juniper Networks Virtual Lab

Part 3: Entering and Exiting a Virtual Lab

Introduction to the Juniper Networks Virtual Lab Lab 03

Lab 04 Introduction to the Juniper Networks Virtual Lab

Introduction to the Juniper Networks Virtual Lab Lab 05

Lab 06 Introduction to the Juniper Networks Virtual Lab

Part 4: Additional Information and Feedback

Be sure to view the appropriate section of the associated

Introduction to the Juniper Networks Virtual Lab Lab 07

Lab 08 Introduction to the Juniper Networks Virtual Lab

Logging into Junos OS device using the CLI.

Performing system basics operations.

Configuring root access credentials.

Configuring the loopback interface.

Configuring the MGMT interface.

Setting the date and time.

Performing a basic Interface configuration.

Setting up user accounts.

Configuring remote access.

Getting Started Lab 11

Configuring Junos Basics

Part 1: Logging In to the Junos OS Device Using the CLI

Part 2: Performing System Basics Operations

Configuring Junos Basics

Getting Started Lab 13

Configuring Junos Basics

pic-console-authentication Authentication for the console port on PICs

Question: What is the command that allows you to

Answer: The set system host-name

Part 3: Configuring the Root Access Credentials

The root password for the Virtual lab is

Lab 14 Getting Started

Configuring Junos Basics

As you enter the password in plain text, the

Question: What mode of operation must the device

Answer: The device must be in configuration mode

Part 4: Configuring the Loopback Interface

Getting Started Lab 15

Configuring Junos Basics

Configuring Junos Basics

Question: What command is used to set the

Answer: Use the set interfaces lo0 unit 0