Добавил:
Upload Опубликованный материал нарушает ваши авторские права? Сообщите нам.
Вуз: Предмет: Файл:
IJOS-12a-guide_pdf / IJOS-12.a_LGD (Detailed Lab Guide).pdf
Скачиваний:
379
Добавлен:
11.04.2015
Размер:
1.51 Mб
Скачать

Introduction to the Junos Operating System

Question: How does the CLI respond when you try to enter configuration mode?

Answer: The CLI does not let user walter enter configuration mode. It responds by stating that the command is unknown.

Step 1.9

Enter a question mark (?) at the prompt to view the permitted operational mode command options for the user walter.

walter@srxA-1> ?

 

 

 

Possible completions:

 

 

 

file

Perform file operations

help

Provide help information

load

 

 

 

monitor

Show real-time debugging information

op

Invoke an operation script

quit

Exit the management session

request

Make system-level requests

restart

Restart software process

save

 

 

 

set

Set CLI properties, date/time, craft interface message

show

Show system information

start

Start shell

test

Perform diagnostic debugging

 

 

Question: Why is the user walter unable to enter

 

 

configuration mode?

 

 

 

 

 

 

 

 

Answer: The custom login class defined for the user walter does not give permission for entering configuration mode.

Step 1.10

Verify that the user walter can view the configuration and other operational outputs such as interface information.

walter@srxA-1> show configuration

## Last commit: 2012-04-18 12:14:08 PDT by lab version 12.1R1.9;

system {

host-name srxA-1;

time-zone America/Los_Angeles; root-authentication {

encrypted-password /* SECRET-DATA */; ## SECRET-DATA ssh-dsa /* SECRET-DATA */;

Lab 3–6 • Secondary System Configuration (Detailed)

www.juniper.net

Introduction to the Junos Operating System

}

login {

class juniper {

permissions [ reset view view-configuration ];

}

user lab { uid 2000;

class super-user; authentication {

encrypted-password /* SECRET-DATA */; ## SECRET-DATA

}

}

user nancy { uid 2001;

class read-only; authentication {

encrypted-password /* SECRET-DATA */; ## SECRET-DATA

}

}

user walter { uid 2002;

class juniper; authentication {

encrypted-password /* SECRET-DATA */; ## SECRET-DATA

}

}

}

...TRIMMED...

walter@srxA-1> show interfaces

Physical interface: ge-0/0/0, Enabled, Physical link is Up Interface index: 134, SNMP ifIndex: 508

Description: MGMT Interface - DO NOT DELETE

Link-level type: Ethernet, MTU: 1514, Link-mode: Full-duplex, Speed: 1000mbps, BPDU Error: None, MAC-REWRITE Error: None, Loopback: Disabled,

Source filtering: Disabled, Flow control: Enabled, Auto-negotiation: Enabled, Remote fault: Online

Device flags

:

Present Running

Interface flags:

SNMP-Traps Internal: 0x0

Link flags

:

None

CoS queues

:

8 supported, 8 maximum usable queues

Current address:

f8:c0:01:8f:8f:80, Hardware address: f8:c0:01:8f:8f:80

Last flapped

:

2012-04-18 10:27:06 PDT (01:57:39 ago)

Input rate

:

976 bps (2 pps)

Output rate

:

1280 bps (1 pps)

Active alarms

:

None

Active defects : None

Interface transmit statistics: Disabled

Logical interface ge-0/0/0.0 (Index 70) (SNMP ifIndex 512) Flags: SNMP-Traps 0x0 Encapsulation: ENET2

Input packets : 157 Output packets: 81

...TRIMMED...

www.juniper.net

Secondary System Configuration (Detailed) • Lab 3–7

Introduction to the Junos Operating System

Question: Can the user walter view the root password within the configuration? Why?

Answer: No. The Junos OS hides certain configuration elements that it determines to be security risks and notates them with a SECRET-DATA tag. In this case, the user walter does not have the secret permission defined for his login class. The secret permission is required to view configuration elements with the

SECRET-DATA tag.

Step 1.11

Restart the routing process using the restart routing command. This command restarts the routing protocol daemon (rpd), which can be useful when troubleshooting routing problems.

walter@srxA-1> restart routing

Routing protocols process started, pid 9777

Question: Which permission allows the user walter to perform this command?

Answer: The reset permission allows a user to restart software processes and certain hardware components. This permission will not, however, allow the user to reboot the system.

Step 1.12

Log out from the user walter and initiate a new Telnet session to the management interface for the user nancy. (Hint: Use the reconnect option on your terminal client.) Attempt to restart the routing protocol process using the restart routing command.

walter@srxA-1> exit

srxA-1 (ttyp0)

login: nancy Password:

--- JUNOS 11.1R1.10 built 2011-03-16 08:20:26 UTC nancy@srxA-1> restart

^

unknown command.

Lab 3–8 • Secondary System Configuration (Detailed)

www.juniper.net

Introduction to the Junos Operating System

Question: Can nancy successfully issue the restart command?

Answer: As shown in the output, the user nancy cannot issue the operational mode restart command.

Question: What is a quick way to view the top-level operational mode commands available to nancy?

Answer: Use the question mark (?) to view available commands anywhere within a command line. Commands that are not permitted due to user permissions do not display.

Question: Can the user nancy view the configuration?

Answer: The user nancy can issue the command show configuration, but the contents are hidden. The following is a sample capture, taken from the srxA-1 device:

nancy@srxA-1> show configuration

## Last commit: 2012-04-18 12:14:08 PDT by lab version /* ACCESS-DENIED */;

system { /* ACCESS-DENIED */ }; interfaces { /* ACCESS-DENIED */ }; routing-options { /* ACCESS-DENIED */ };

Step 1.13

Attempt to clear interface statistics for the ge-0/0/0 interface using the clear interfaces statistics ge-0/0/0 command.

nancy@srxA-1> clear

^

unknown command.

www.juniper.net

Secondary System Configuration (Detailed) • Lab 3–9