Introduction to the Junos Operating System
Part 1: Configuring User Authentication
In this lab part, your team will configure user accounts and related authentication options.
Step 1.1
Ensure that you know to which student device you have been assigned. Check with your instructor if you are not certain. Consult the management network diagram to determine the management address of your student device
Question: What is the management address assigned to your station?
Answer: The answer varies; in the example used throughout this lab, the user belongs to the srxA-1 station, which uses an IP address of 10.210.14.131. Your answer will depend on the rack of equipment your class is using.
Step 1.2
Access the CLI at your station using either the console, Telnet, or SSH as directed by your instructor. Refer to the management network diagram for the IP address associated with your team’s station. The following example uses a simple Telnet access to srxA-1 with the Secure CRT program as a basis:
Step 1.3
Log in to the student device with the username lab using a password of lab123. Note that both the name and password are case-sensitive. Enter configuration mode and load the reset configuration file using the load override /var/home/ lab/ijos/lab3-start.config command. After the configuration has been loaded, commit the changes.
srxA-1 (ttyp0)
login: lab
Lab 3–2 • Secondary System Configuration (Detailed) |
www.juniper.net |
Introduction to the Junos Operating System
Password:
--- JUNOS 12.1R1.9 built 2012-03-24 12:12:49 UTC lab@srxA-1> configure
Entering configuration mode
[edit]
lab@srxA-1# load override ijos/lab3-start.config load complete
[edit]
lab@srxA-1# commit commit complete
[edit] lab@srxA-1#
Step 1.4
Navigate to [edit system login] and define a custom login class named juniper with the following permissions:
•view
•view-configuration
•reset
[edit]
lab@srxA-1# edit system login
[edit system login]
lab@srxA-1# set class juniper permissions [view view-configuration reset] error: invalid value: ]
Note
There may be an error after entering the command, but it should still be added to the configuration. Use the show command to verify this.
[edit system login] lab@srxB-1# show class juniper {
permissions [ reset view view-configuration ];
}
user lab { uid 2000;
class super-user; authentication {
encrypted-password "$1$84J5Maes$cni5Hrazbd/IEHr/50oY30"; ## SECRET-DATA
}
}
www.juniper.net |
Secondary System Configuration (Detailed) • Lab 3–3 |
Introduction to the Junos Operating System
Step 1.5
Next, define two new user accounts using the information from the following table:
Username |
Class |
Plain-Text Password |
|
|
|
|
|
|
walter |
juniper |
walter123 |
|
|
|
nancy |
read-only |
nancy123 |
|
|
|
[edit system login]
lab@srxA-1# set user walter class juniper
[edit system login]
lab@srxA-1# set user walter authentication plain-text-password
New password:
Retype new password:
[edit system login]
lab@srxA-1# set user nancy class read-only
[edit system login]
lab@srxA-1# set user nancy authentication plain-text-password
New password:
Retype new password:
Step 1.6
View the configuration under the [edit system login] hierarchy level. If you are satisfied with the results, activate your new configuration by issuing the commit command.
[edit system login] lab@srxA-1# show class juniper {
permissions [ reset view view-configuration ];
}
user lab { uid 2000;
class super-user; authentication {
encrypted-password "$1$mKkMA9pa$AUZPO2UJ9rWwOfp4Kb2/a1"; ## SECRET-DATA
}
}
user nancy {
class read-only; authentication {
encrypted-password "$1$sg4t2qIv$E3E5PQftT//p1PiswUgfS/"; ## SECRET-DATA
}
}
user walter { class juniper;
authentication {
encrypted-password "$1$BH89uJ/p$eNBGRpAVxSXzOhbxjjgi90"; ## SECRET-DATA
}
}
Lab 3–4 • Secondary System Configuration (Detailed) |
www.juniper.net |
Introduction to the Junos Operating System
[edit system login] lab@srxA-1# commit commit complete
Note
The remainder of this lab part tests user login options. To prevent yourself from being locked out, keep the current console session open!
Step 1.7
Open another terminal window and use Telnet to access your system’s management IP address. If needed, refer to the management network diagram. Log in with the username walter.
srxA-1 (ttyp0)
login: walter Password:
--- JUNOS 12.1R1.9 built 2012-03-24 12:12:49 UTC walter@srxA-1>
Step 1.8
Using the new terminal session, try to enter configuration mode.
walter@srxA-1> configure
^
unknown command.
www.juniper.net |
Secondary System Configuration (Detailed) • Lab 3–5 |