Cofiguration Files

[Contents] [Prev] [Next] [Index] [Report an Error]

All configuration settings for the router are handled in the configuration files on the router. These files are saved in the /config directory on the router.

Configuration File Selection Sequence

During the boot process, the router configures the router based on a predefined configuration file. The router selects the configuration file based on the sequence show in Figure 3:

Figure 3: Configuration Selection Sequence

Image g016922.gif

/config/juniper.conf—Active configuration file.
/config/rescue.conf—Rescue configuration file. This file is created by the router administrator.
/config/juniper.conf.1—First rollback configuration.
/etc/config/factory.conf—Default factory configuration file.
The factory.conf file is the initial router configuration file shipped with the system. All configuration settings are returned to the factory default, and access to the router is restricted to the console. For more information on setting up your router from the factory default configuration, see the specific hardware guide for your router.

Remote Configuration File Storage

Configuration files can be stored off the router. This can be helpful if the router encounters a software failure or other problem that forces you to restore the router’s software. Once the software is restored, you can then reload the saved configuration file. For more information on restoring the JUNOS software, see Load and Commit the Configuration FileLoad and Commit the Configuration FileLoad and Commit the Configuration FileLoad and Commit the Configuration File.

When the configuration file is stored off the router, you can encrypt the configuration files using the Data Encryption Standard (DES) encryption algorithm.

Automatic Installation

On J-series routers, you can specify a remote server where configuration files are located. If a configuration file cannot be found on the router’s CompactFlash card, the router automatically retrieves the configuration file from this remote server. For security purposes, you can encrypt these remote files using the DES cipher, and once they have been retrieved, the router decrypts them for use on the server.

To encrypt the files, we recommend the openSSL tool. You can get the openSSL tool at: http://www.openssl.org/. To encrypt the file, use the following syntax:



% openssl enc -des -k passphrase -in original-file -out encrypted-file

passphrase—Passphrase used to encrypt the configuration file. The passphrase should be the name of the file without the path information or file extension.
original-file—Unencrypted configuration file.
encrypted-file—Name of the encrypted configuration file.

For example, if you are encrypting the active configuration file juniper.conf.gz, the passphrase is juniper.conf. The openSSL syntax used to encrypt the file is:



% openssl enc -des -k juniper.conf -in juniper.conf.gz -out juniper.conf.gz.enc

For more information about the automatic installation feature, see the J-series Services Router Administration Guide.

[Contents] [Prev] [Next] [Index] [Report an Error]