Configuring the Router for the First Time

Problem

You have just installed and turned on a router and are configuring the JUNOS software for the first time.

Solution

Use the following commands to configure the router:

root# cli root@> cli> configure [edit] root@# set system host-name router1 root@# set system domain-name mynetwork.com root@# set interfaces fxp0 unit 0 family inet address 192.168.15.1/24 root@# set system backup-router 192.168.15.2 root@# set system name-server 192.168.15.3 root@# set system root-authentication plain-text-password New password: Retype password: root@ show system { host-name router1 ; domain-name mynetwork.com; backup-router 192.168.15.2; root-authentication { encrypted-password "$1$ZUlES4dp$OUwWo1g7cLoV/aMWpHUnC/"; ## SECRET-DATA; } name-server { 192.168.15.3; } interfaces { fxp0 { unit 0 { family inet { address 192.168.15.1/24; } } } } root@# commit root@router1# exit root@router1>

 

Discussion

On most JUNOS routers, the JUNOS software is installed in two places: the flash drive and the hard disk. When you first turn on the router, it runs the version of the software that is installed on the flash drive. The copy on the hard disk is a backup. Another backup copy of the software is provided on removable media, typically a PC card or a compact Flash card.

When you turn on your router for the first time, the JUNOS software automatically boots and starts. On some routers, a script prompts you for basic information about the router. On other routers, you use the J-Web browser to perform the initial configuration. At this point, you need to enter enough basic configuration information so that the router can be on the network and others can log in over the network. To work on the router to perform the initial configuration, you need to connect a terminal or laptop computer to the router through the console port, which is a serial port on the front of the router.

When you first connect to the router's console, you must log in as the user root. The root user is similar to the Unix superuser and has complete access to all functions on the router. Initially, the root account has no password. You can see that you are root because the prompt on the router shows the username root#. Start the JUNOS CLI using the command cli. The prompt root@> shows that you are the user root and that you are in operational mode. Once you have started the CLI, type the command configure to enter configuration mode. The prompt root@# indicates that you are now in configuration mode. If you look at the end of the previous example, you see that after you have activated the configuration with the commit command, the hostname that you configured is added to the end of the prompt, so the prompts become root@router1# in configuration mode and root@router1> in operational mode.

When you first configure the router, you set a number of basic properties for the router:

For the initial router configuration to take effectand in fact for any router configuration or configuration changes to take effectyou use the commit command. This command verifies that there are no syntax errors in the configuration and then activates it.

root@# commit root@router1#

It's worthwhile to take a moment to comment on the style you use to type configuration statements on JUNOS routers. In this recipe, you are at the [edit] configuration hierarchy level, which is the very top level of the hierarchy, so you have to type the full hierarchy to the statement as well as the statement itself. This hierarchy is fairly shallow, so there is not too much extra typing. When you are working in deeper hierarchies, you may find it easier to move to that hierarchy level, both so you have less typing to do and have a better sense of where you are in the configuration. For this recipe, you could type most of the configuration commands from the [edit system] hierarchy level:

root# cli root@> cli> configure [edit] root@# edit system [edit system] root@# set host-name router1 root@# set domain-name mynetwork.com root@# set backup-router 192.168.15.2 root@# set name-server 192.168.15.3 root@# set root-authentication plain-text-password New password: $123poppI Retype password: $123poppI

Then when you use the show command, you see only the statements at the [edit system] level:

[edit system] root@#show host-name router1; domain-name mynetwork.com; backup-router 192.168.15.2; root-authentication { encrypted-password "$1$ZUlES4dp$OUwWo1g7cLoV/aMWpHUnC/"; ## SECRET-DATA; } name-server { 192.168.15.3; }

In portions of the configuration where you are using the same configuration command repeatedly with only minor variations, it is handy to use the keystroke sequences listed in Table 1-1.

While the configuration shown in this recipe provides the minimum needed to access the router from another system on the network, you should add a few other settings to the configuration to provide a more robust level of basic network connectivity:

[edit] root@router1# set system ntp server 192.168.2.100 root@router1# set system time-zone America/Los_Angeles root@router1# set system services ssh root@router1# set interfaces lo0 unit 0 family inet address 207.17.139.42/32 root@router1# set system login user aviva class superuser root@router1# set system log user aviva authentication plain-text-password New password: Retype new password: root@router1# commit

The first command, set system ntp server, configures the IP address of an NTP server so that the router can set its time properly. Because we have already configured DNS on the router, you could specify the name of the time server instead of an IP address and it will be translated to an IP address. To have the router obtain accurate time from the servers, it is good practice to configure a minimum of four NTP servers. You can also optionally configure the time zone in which the router is located (see Recipe 6.2); by default, the time zone is UTC.

To be able to log in to the router over the network using SSH, enable SSH services on the router with the set system services ssh command. For this to work, SSH must also be configured on the network servers. SSH is also used to copy files to and from the router.(The JUNOS SSH uses the Unix scp command.) Note that you can also copy files with FTP or HTTP (see Recipe 2.1), but these are less secure than SSH. On routers with two Routing Engines, you can copy files between the two (see Recipe 1.30).

The set interfaces command sets the router's IP address by configuring an address on the loopback interface (see Recipe 7.3). The last two commands set up a non-root user account so an individual user can log in to the router (see Recipe 2.5).

If your router has two Routing Engines, you also need to configure a hostname and IP address for the second Routing Engine (see Recipe 1.30).

Again, issue the commit command for the configuration changes to take effect:

root@router1# commit

Recipes 1.7, 1.15, and 1.16 explain how the commit operation works, including how to provisionally commit configuration changes.

At this point, you are logged in to the router as the user root, so you have complete control over the router. As root, you can perform operational actions that shut down the router or make it inaccessible to the network. While there are times when you want to legitimately perform these types of operations, you generally want to make sure that the router continues to operate normally, and you want to minimize the chance of accidentally interfering with the router's operation.

At this point in configuring the router, you should either load an existing router configuration file, as described in Recipe 1.12, or add user accounts to the configuration (see Recipe 2.5), including one for yourself, and then log out and log back in to the router using your user ID.

See Also

Recipes 1.7, 1.12, 1.15, 1.16, 1.17, 1.30, 2.1, 2.2, 2.5, 6.2, and 7.3

Категории