Changing from Secure Context to Router Context

To operate a Services Router running JUNOS Enhanced Services software as a routing device, you can use the jsr-series-routermode-factory.conf file that contains router context configuration values as a starting point for configuration. After changing to router context, you can customize the configuration for your network.

Secure-to-Router Context Task Overview

To change from secure context to router context, you perform the following tasks:

• Make a backup of your current configuration file.
• Use the load override command to load the configuration file for router context (jsr-series-routermode-factory.conf).
• Assign a root password for the router. For security purposes, the jsr-series-routermode-factory.conf file does not include a default root password. You need to assign a root password so that you are able to commit configuration changes.
• Optionally, to retain remote IP-based connectivity to the Services Router after changing to router context, perform the following tasks:
  • If you have a static IP address assigned to the ge-0/0/0 interface and do not want to run autoinstallation, you must remove the [system autoinstallation] hierarchy from the configuration. Doing so ensures that the router is not automatically assigned an IP address of 192.168.2.1 if it cannot acquire an IP address using DHCP. You must also configure the static IP address that was previously assigned to the ge-0/0/0 interface.

    For more information about autoinstallation, see Configuring Autoinstallation.

  • If you do not have remote access to the console, create a local user account to allow remote access for a non-root user account.
  • If you previously configured routing information, use your backup configuration file as a reference to configure the routing information for your network.
• Commit the configuration changes, and make the candidate configuration the running configuration.

Caution: If you do not assign an IP address for the ge-0/0/0 interface, create a local user account, and enter routing information, either from CLI configuration or using DHCP, before you commit the changes, the router is no longer remotely accessible. To manage the router, you must connect a PC or laptop to the physical console, or attach the PC or laptop to a subnet that is directly connected to the ge-0/0/0 interface, which is assigned an IP address of 192.168.2.1. Any configuration changes that you made before you issued the load override command are no longer part of the current running configuration.

If necessary, to return the Services Router to the factory default (secure context) configuration, you can press the RESET CONFIG button. Keep in mind that pressing the RESET CONFIG button for 15 seconds or more deletes all configuration files on the Services Router, including backup configuration and rescue configuration files. The factory configuration is loaded and committed. For more information about the RESET CONFIG button, see the JUNOS Enhanced Services J-series Services Router Getting Started Guide.

Changing to Router Context

To change the router from running in secure context to router context:

1. From configuration mode in the CLI, back up your current configuration file. For example, the following command saves a copy of the configuration to a file named config_backup in the home directory of the account you used to log in:
   user@host# save config_backup
   Wrote 127 lines of configuration to 'config_backup'
2. Make sure that you are currently at the top level of the configuration mode hierarchy. If you are below the top level, enter exit to return to the top level.
3. From the top of the configuration hierarchy, enter the load override command.
   user@host# load override /etc/config/jsr-series-routermode-factory.conf
4. Assign a root password for the router:
   user@host# set system root-authentication plain-text-password
   New password:
   Retype new password:
   [edit]
   user@host#

   The password does not appear as you type.

5. Do one of the following:
   • If you have a static IP assigned to the ge-0/0/0 interface and do not want to run autoinstallation, go to Step 6.
   • If you want to run autoinstallation, go to Step 9. For more information about autoinstallation, see Configuring Autoinstallation.
6. If you have an IP address assigned to the ge-0/0/0 interface, follow these steps:
   1. Delete the [system autoinstallation] hierarchy:
      user@host# delete system autoinstallation
   2. Configure the specific IP address for the ge-0/0/0 interface:
      user@host# set interfaces ge-0/0/0 unit logical-unit-number family inet address ip-address

      Replace the variables as follows:

      • logical-unit-number—Number of the logical unit. Use a value from 0 through 16,384.
      • ip-address—IP address for the ge-0/0/0 interface.
7. If you do not have console access, create a local user account. For example, the following command creates a local user account with a password that is entered as plain text in the CLI and encrypted by JUNOS Enhanced Services software.
   user@host# set system login user username class class-name authentication plain-text-password
   New password: type password here
   Retype new password: retype password here

   Replace the variables as follows:

   • username—Unique name of up to 64 characters that identifies the user. For details, see User Accounts.
   • class-name—Login class that defines user access and command privileges. You can define a login class or use the predefined classes. For details, see Login Classes.
8. Using your backup configuration file as a reference, configure routing as appropriate for your network.
9. Commit the configuration using one of the following methods:
   • Use the commit command to commit the configuration immediately.

     user@host# commit

     commit complete

     [edit]

     user@host#

   • If you do not have console access, use the commit confirmed command, which, by default, activates the configuration for 10 minutes. This command allows you to verify if the configuration is working correctly. You must confirm the commit by entering commit or commit-check within 10 minutes; otherwise, the router loads the previous configuration.

     user@host# commit confirmed

     commit confirmed will be automatically rolled back in 10 minutes unless confirmed commit complete

     # commit confirmed will be rolled back in 10 minutes

     [edit]

     user@host#

     The configuration is now committed, and its configuration values comprise the running configuration.

10. Use the following methods to access the router, depending on the steps you performed:
    • If you performed Steps 1 through 9, the configuration mode prompt returns in the Telnet or SSH session you used to change contexts. Use the CLI or J-Web interface to continue configuring the router. If you cannot remotely access the router with the session that you were using, connect to the console remotely or directly to the physical console port.
    • If you performed Steps 1 through 4 and Step 9 and autoinstallation successfully assigned an IP address, you can connect to the router using Telnet, SSH, or the J-Web interface. If you cannot access the router remotely, connect a PC or laptop to the physical console port.

      For information about autoinstallation, see Configuring Autoinstallation. For information about connecting to the console locally or remotely, see the JUNOS Enhanced Services J-series Services Router Getting Started Guide.