Introduction to the Junos Operating System
Step 1.18
Return to the secondary Telnet session opened to you student device
From the secondary Telnet session, try to log in to the system with the nancy username once again.
login: nancy Password:
Local password:
--- JUNOS 12.1R1.9 built 2012-03-24 12:12:49 UTC nancy@srxA-1>
Question: What was different about the login behavior in this step as compared to the last step with respect to a reachable RADIUS server?
Answer: After entering the password, a short delay occurs while the system tries to consult the RADIUS server, and the user receives an option to enter a local password. After entering the user’s password, the system logs the user in.
Step 1.19
Return to the original session opened to the lab user.
From the session opened to the lab user and delete the authentication-order statement. When complete commit your config and return to operational mode.
[edit]
lab@srxA-1# delete system authentication-order
[edit]
lab@srxA-1# commit and-quit commit complete
Exiting configuration mode
lab@srxA-1>
STOP |
Wait for your instructor before you proceed to the next part.
Part 2: Performing System Management Options
In this lab part, you will perform configuration of some common system management features. You will configure and monitor syslog, NTP, SNMP, and configuration archival.
www.juniper.net |
Secondary System Configuration (Detailed) • Lab 3–13 |
Introduction to the Junos Operating System
Step 2.1
Enter configuration mode and load the lab3-part2-start.config file from the/var/home/lab/ijos/ directory. Commit your configuration when complete.
lab@srxA-1> configure Entering configuration mode
[edit]
lab@srxA-1# load override ijos/lab3-part2-start.config load complete
[edit]
lab@srxA-1# commit commit complete
[edit] lab@srxA-1#
Step 2.2
Use the show system syslog command to view the current syslog configuration.
[edit]
lab@srxA-1# show system syslog file messages {
any critical; authorization info;
}
file interactive-commands { interactive-commands any;
}
Question: What facilities and severity levels currently log to the messages log file?
Answer: In the sample output, the messages file shows the any and authorization facilities using the critical and info severities, respectively. The actual settings might vary between Junos devices and software versions.
Question: What is the purpose of specifying a facility of any?
Answer: This option logs all facility levels.
Lab 3–14 • Secondary System Configuration (Detailed) |
www.juniper.net |
Introduction to the Junos Operating System
Step 2.3
Navigate to the [edit system syslog] hierarchy and configure a new syslog file named config-changes. Specify a facility of change-log and a severity of info. Also, set the severity level for the default messages file to any.
[edit]
lab@srxA-1# edit system syslog
[edit system syslog]
lab@srxA-1# set file config-changes change-log info
[edit system syslog]
lab@srxA-1# set file messages any any
[edit system syslog] lab@srxA-1#
Step 2.4
Configure your system to send logs to a remote server running the standard syslog utility. Refer to your management network diagram for the server address. (Hint: Use the host option.) Choose the correct facility that logs access attempts on the system. (Hint: The current messages log file is already using this facility.) Use a severity level of info. Commit your changes when complete.
[edit system syslog]
lab@srxA-1# set host server address authorization info
[edit system syslog] lab@srxA-1# commit commit complete
Step 2.5
Using the run file list /var/log/ command, verify the creation of a log file named config-changes.
[edit system syslog]
lab@srxA-1# run file list /var/log/
/var/log/: authd_profilelib authd_sdb.log autod
chassisd config-changes cosd
dcd dfwc dfwd eccd gres-tp
httpd.log
httpd.log.old
idpd.addver interactive-commands inventory
www.juniper.net |
Secondary System Configuration (Detailed) • Lab 3–15 |
Introduction to the Junos Operating System
jsrpd jsrpd_chk_only kmd
license mastership messages nsd_chk_only pf pfed_trace.log pgmd
rtlogd sampled sdxd utmd-av
Note
The files stored in the /var/log/ directory might vary between each system.
Question: What other log files from your system’s configuration does this directory store?
Answer: Although the files in the /var/log/ directory might vary on each system, the messages and interactive-commands log files should be present on all systems.
Step 2.6
Configure the system to synchronize its clock with an NTP server. Refer to the management network diagram for the server’s IP address.
[edit system syslog] lab@srxA-1# top
[edit]
lab@srxA-1# set system ntp server server address
Step 2.7
Use the same server IP address used in the previous step and configure an NTP boot server. Commit the configuration and return to operational mode when complete.
[edit]
lab@srxA-1# set system ntp boot-server server address
[edit]
lab@srxA-1# commit and-quit commit complete
Lab 3–16 • Secondary System Configuration (Detailed) |
www.juniper.net |