 |
Note: To configure a backup router, you must use the CLI or J-Web configuration editor. You cannot configure a backup router with J-Web Quick Configuration. |
To connect your Services Router to the network and establish basic connectivity, you enter information about your network. This overview contains the following topics:
The domain name defines the network or subnetwork that the Services Router belongs to. The hostname refers to the specific machine, while the domain name is shared among all the devices in a given network. Together the hostname and domain name identify the router in the network.
The root user has complete privileges to configure the Services Router, and manage files in the router's file system. Initially, the root password is not defined on the router. To ensure basic security, you must define the root password during initial configuration. If a root password is not defined, you cannot commit configuration settings to take effect on the router.
If you use a plain-text password, the router displays the password as an encrypted string so that users viewing the configuration cannot easily see the password.
The root password must meet the following conditions:
You define the time zone for the location where you plan to operate the Services Router by using a designation that consists of the following information for the location:
A Network Time Protocol (NTP) server provides accurate time across a network. The router synchronizes the system time with the NTP server, and periodically accesses the NTP server to maintain the correct time.
The time zone and system time must be accurate so that the router schedules events and operations as expected.
A Domain Name System (DNS) server on the network maintains a database for resolving hostnames and IP addresses. Network devices can query the DNS server by hostnames rather than IP addresses. The router accesses the DNS servers that are added to the configuration to resolve hostnames in the order in which you list them.
If you plan to include your router in several domains, you can add these domains to the configuration so that they are included in a DNS search. When DNS searches are requested, the domain suffixes are appended to the hostnames.
A default gateway is a static route that is used to direct packets addressed to networks not explicitly listed in the routing table. If a packet arrives at the Services Router with an address that the router does not have routing information for, the router sends the packet to the default gateway. The default gateway entry is always present in the routing and forwarding tables.
You can specify a backup router to take over when the routing protocol process of the Services Router is not running, usually when the Services Router is booting, or if its routing protocol process has failed. Packets arriving at a Services Router in this situation are routed to the backup router. When the routing protocol process starts up again, the address of the backup router is removed from the routing and forwarding tables of the Services Router. The backup router must be located on the same subnet.
|
Note: To configure a backup router, you must use the CLI or J-Web configuration editor. You cannot configure a backup router with J-Web Quick Configuration. |
The loopback address is the IP address of the Services Router. The loopback address ensures that the router provides an IP address to management applications. Because it must always be available to hosts attempting to route packets to the router, the loopback address resides on an interface that is always active, known as the loopback interface (lo0.0). Setting a loopback address ensures that the router can receive packets addressed to the loopback address as long as the router is reachable though any entry (ingress) interface. In addition, applications such as NTP, RADIUS, and TACACS+ can use the loopback address as the source address for outgoing packets.
If you use the J-Web Set Up Quick Configuration page, you can either set a loopback address of your choice or have the loopback address automatically set to 127.0.0.1 when you click Apply or OK to commit the configuration.
The built-in Gigabit Ethernet interfaces, ge-0/0/0 through ge-0/0/3, on the front panel of the Services Router, are the interfaces through which you perform initial router setup. The examples in this guide use the ge-0/0/0 interface as the management interface, but you can use any built-in Ethernet port for management. After the initial configuration is complete, you can attach the built-in Ethernet port that you are using for management purposes to the management network.
Before initial configuration, when the factory default configuration is active, the router attempts to perform autoinstallation by obtaining a router configuration through all its connected interfaces, including ge-0/0/0. The Services Router acts as a DHCP client out the built-in Ethernet interfaces.
If the Services Router does not find a DHCP server within a few seconds, it sets the address of ge-0/0/0 to 192.168.1.1/24 and becomes a DHCP server out the ge-0/0/0 interface.
|
Note: If the ge-0/0/1 interface is being used, it is set to 192.168.2.1/24. |
With the router temporarily acting as a DHCP server, you can manually configure it with the J-Web interface. Any DHCP client host, for example, a PC or laptop computer, directly connected to ge-0/0/0 receives an address on the 192.168.1.1/24 network.
|
Note: The DHCP functionality for initial setup is different from the configurable DHCP server functionality of the Services Router during operation. To configure the Services Router as a DHCP server, see the JUNOS Software Administration Guide. |
Once you connect your laptop or PC to ge-0/0/0, you can use a Web browser to visit the address 192.168.1.1/24, access the J-Web Set Up Quick Configuration page, and complete the initial configuration of the router.
After you perform the initial configuration and commit it by clicking Apply or OK on the Set Up page, the configured router can no longer act as a DHCP server. Therefore, to continue using ge-0/0/0 as a management interface you must configure the IP address of the interface as part of the initial configuration.
Telnet allows you to connect to the Services Router and access the CLI to execute commands from a remote system. Telnet connections are not encrypted and therefore can be intercepted.
Telnet access to the root user is prohibited. You must use more secure methods, such as SSH, to log in as root.
If you are using a JUNOScript server to configure and monitor routers, you can activate clear-text access on the router to allow unencrypted text to be sent directly over a TCP connection without using any additional protocol (such as SSH, SSL, or Telnet). Information sent in clear text is not encrypted and therefore can be intercepted. For more information about the JUNOScript application programming interface (API), see the JUNOScript API Guide.
SSH also allows you to connect to the router and access the CLI to execute commands from a remote system. However, unlike Telnet, SSH encrypts traffic so that it cannot be intercepted.
SSH can be configured so that connections are authenticated by a digital certificate. SSH uses public-private key technology for both connection and authentication. The SSH client software must be installed on the machine where the client application runs. If the SSH private key is encrypted (for greater security), the SSH client must be able to access the passphrase used to decrypt the key.
For information about obtaining SSH software, see http://www.ssh.com and http://www.openssh.com.
