Installing Software When a Firewall Exists

When a firewall separates the router from the network host, you must use FTP to transfer the software release files from the network host to the router. In this case, you must configure the FTP server on the router and ensure that FTP client software is installed on the network host.

For this network configuration, you must install the software from the normal operational mode of the command-line interface (CLI). You can access the CLI through either the local console or a Telnet session. If you have not yet configured the router to support Telnet, then you must use the local console.

To install the software, perform the following tasks. (See Table 12.)

Table 12: Software Installation Procedure When a Firewall Exists

  1. Obtain the required information for the installation.
  2. For routers that are currently operating, divert network traffic to another router.
  3. Access the Privileged Exec CLI command mode.
  4. Configure IP on an interface.
  5. Copy the release files on the network host.
  6. Configure access to the network host.
  7. Enable the FTP server on the router.
  8. Identify the files to transfer.
  9. Transfer the files to the user space on the router.
  10. Install the software release file to the system space on the router.
  11. Save the current configuration.
  12. Reboot the system.

Task 1: Obtain the Required Information

Before you install the software, obtain the following information:

Task 2: Divert Network Traffic to Another Router

The system will be unavailable during the installation process.

Task 3: Access Privileged Exec Mode

To access this mode via the CLI:

  1. Issue the enable command.
    host1>enable
  2. Type the password if the system prompts you.

Task 4: Configure IP on an Interface

Typically, you configure IP on the Fast Ethernet interface of the SRP module. To configure IP on an interface:

  1. Determine the slot number of the module.
    host1#show version
  2. Determine the port number of the module.
  3. Determine whether the interface already has an IP address.
    • On ERX7xx models, ERX14xx models, and the ERX310 router:
      host1#show ip interface fastEthernet 6/0
    • On the E120 and E320 routers:
      host1# show ip interface fastEthernet 6/0/0

      Note: If an IP interface is not configured, an Invalid interface message appears.

    If the interface already has an IP address, go to Step 5. Otherwise, proceed with Step 4.

  4. Configure an IP address on the interface.
    • On ERX7xx models, ERX14xx models, and the ERX310 router:
      host1#configure Configuring from terminal or file [terminal]?Enter configuration commands, one per line. End with CNTL/Z. host1(config)#interface fastEthernet 6/0 host1(config-if)#ip address ipAddress [ mask ]
    • On the E120 and E320 routers:
      host1#configure Configuring from terminal or file [terminal]?Enter configuration commands, one per line. End with CNTL/Z. host1(config)#interface fastEthernet 6/0/0 host1(config-if)#ip address ipAddress [ mask ]
  5. Press Ctrl+z to return to Privileged Exec mode.

Task 5: Copy the Release Files to the Network Host

If you downloaded the software from the Juniper Networks website as a .zip file, uncompress the files to a directory, and copy the release files to the network host.

If you are accessing the release files from one of the software CDs that you created from the image bundle in compressed format that you downloaded from the Juniper Networks website, you must mount the CD. The way you mount the release files on the network host depends on the type of computer you use, the operating system, and the network configuration. To find out how to mount the release files on the network host, review the manual for the operating system, or contact your network administrator.

Task 6: Configure Access to the Network Host

To configure access to the network host:

  1. Use the ping command to determine whether the router can reach the network host.
    host1#ping hostname

    If the router can reach the network host, go to the next section. Otherwise, go to Step 2.

  2. Determine whether a route exists between the router and the network host.
    host1#show ip route

    If the appropriate route is displayed, go to Step 5. Otherwise, proceed with Step 3.

  3. Configure a route to reach the network host.
    host1#configure Configuring from terminal or file [terminal]?Enter configuration commands, one per line. End with CNTL/Z. host1(config)#ip route ipNetwork networkMask ipNextHop
  4. Press Ctrl+z to return to Privileged Exec mode.
  5. Determine whether the router has been configured to recognize the network host.
    host1#show host

    If the network host is listed, go to Step 8. Otherwise, proceed with Step 6.

  6. Add an entry to the Static Host Table so that the router can access the network host. Use the host command to specify the network hostname and IP address.
    host1#configure Configuring from terminal or file [terminal]?Enter configuration commands, one per line. End with CNTL/Z. host1(config)#host hostName ipAddress ftp loginname password
  7. Press Ctrl+z to return to Privileged Exec mode.
  8. Use the ping command to determine whether the router can now reach the network host.
    host1#ping hostname

    If the router cannot reach the network host, verify that you correctly performed the previous steps in this procedure and that the network host is operational.

Task 7: Enable the FTP Server on the Router

The router divides its vty resources among Telnet, SSH, and FTP services. Each FTP session requires one vty line, and the FTP service uses the authentication method configured for the vty line. If you configured more than one vty line for Telnet access, the FTP service uses one of those lines. If you configured only one line for Telnet access, configure another vty line.

To enable the FTP server, use the ftp-server enable command.

host1(config)#ftp-server enable

Task 8: Identify the Files to Transfer

To identify all the files for the release, use a text editor to open the software release (.rel) file on the JunosE Software CD that you created from the downloaded, compressed, image bundle or from the directory in which you downloaded from the Juniper Networks website. The software release file contains a list of all the files associated with the release. You must transfer the software release file and all the files it contains to the user space.

Task 9: Transfer Files to the User Space

To transfer the files for the release to the user space, use the FTP client software on the network host to connect to the FTP server on the router. Transfer the files to a subdirectory within the incoming directory. If you specify a subdirectory that does not exist, the router creates the directory.

Note: Be sure to transfer the software release file and all the files it lists.

Task 10: Install Files on the System Space

Installing the software release file to the system space installs all files listed in the software release file. To install the software release file from the incoming directory in the user space to the router space, use the copy command.

Be sure to specify the correct software release (.rel) filename for the router you are using, as described in Identifying the Software Release File.

Note: The destination file must have a .rel extension.

For example:

host1#copy /incoming/releases/erx_x-y-z.rel erx_x-y-z.rel

The software release is copied from the user space to the system space. This process can take several minutes.

Task 11: Save the Current Configuration

To save the current configuration, use the copy running-configuration command:

host1#copy running-configuration filename.cnf

Task 12: Reboot the System

To reboot the system using the newly installed software:

  1. Access Global Configuration mode.
    host1#configureConfiguring from terminal or file [terminal]?Enter configuration commands, one per line. End with CNTL/Z. host1(config)#
  2. Run the boot system command, specifying the .rel filename of the software release.

    For example:

    host1(config)#boot system erx_x-y-z.rel

    The following message appears when you issue this command:

    WARNING: We recommend that you copy the current running-configuration to a file prior to reloading a different release of software.
  3. Press Ctrl+z to return to Privileged Exec mode.
  4. Verify that the router is ready to boot with the new software release.
    host1#show boot

    If the old software version is still listed, verify that you completed the previous steps correctly.

  5. Run the reload command.
    host1# reload

    The following message appears when you issue this command:

    WARNING: Execution of this command will cause the system to reboot. Proceed with reload? [confirm]

    The system reboots. The reboot might take longer than normal because line modules initialize with the old version of the software, acquire the new version from the SRP module, and reinitialize. When you observe the LEDs on the line modules, the line modules appear to boot twice.