When you first connect a management PC or laptop to a built-in Ethernet port on a Services Router, the router acts as a DHCP client and attempts to perform an autoinstallation. If it does not find a DHCP server, the router assigns 192.168.1.1/24 as the IP address for port 0. (If you are connected to port 1, 192.168.2.1/24 is assigned as the IP address. Port 2 and port 3 are assigned 192.168.3.1/24 and 192.168.4.1/24, respectively.)
Because this address is not part of any explicit configuration, it is removed when you change the configuration in any way. You must configure an IP address for this LAN port when you commit your initial configuration. (See Step 2. Configuring Basic Settings with J-Web Quick Configuration or Step 2. Configuring Basic Settings with the CLI.)
The Web interface to the router—called the J-Web interface—is enabled by default. To configure the router with the Web interface, you attach a PC or laptop to a built-in Ethernet port. The examples in this document use the first built-in Gigabit Ethernet port 0/0 (internally named ge-0/0/0).
See Step 1. Connecting, Logging In, and Starting the J-Web Interface.
Services Routers are shipped with a console cable and adapter. To configure a Services Router through the console port with the JUNOS command-line interface (CLI), you use a terminal emulation program such as Microsoft Windows HyperTermimal. (See Step 1. Connecting, Logging In, and Starting the CLI.)
You can operate the router either in secure context or router context. These contexts are meant to be starting points from which you can customize the configuration for your network requirements. By default, the Services Router operates in secure context. For information describing how to change contexts, see the JUNOS Software Administration Guide.
The basic configuration for secure context binds the ge-/0/0/0 interface to a preconfigured zone called trust. All other interfaces are bound to a preconfigured untrust zone. The ge-0/0/0 interface has SSH and HTTP services enabled for management access. These services as well as Telnet, HTTPS, and DHCP are configured as host-inbound services for the ge-0/0/0 interface. For the trust zone, TCP Reset is also enabled. The default policy for the trust zone allows transmission of traffic from the trust zone to the untrust zone. All traffic within the trust zone is allowed.
To protect against attacks launched from within the zone, the following screens are enabled for the untrust zone: ICMP ping-of-death, IP source route options, IP teardrop, TCP land attack, and TCP SYN flood. The default policy for the untrust zone denies all traffic.
In router context, all transit traffic security checks are disabled. The default policy allows all transit traffic, and all interfaces are bound to the trust zone.
To use the following features on a Services Router, you must purchase a license. (See Step 4. Adding Licenses with the CLI or Step 2. Configuring Basic Settings with J-Web Quick Configuration.)
For these features, the presence on the router of the appropriate software license keys (passwords) determines whether you can use the feature. You must install and properly configure the license. The router allows you to commit a configuration with a feature that requires a license even if the license is not present, but you are prohibited from actually using the feature.
The J Series Services Routers have the following slots for replaceable Physical Interface Modules (PIMs). PIM slots are numbered from top to bottom and left to right.
Interfaces are named by type, slot number, module number (always 0), and port number. Port numbering starts with 0. For example:
Although HTTP and SSH are supported, they are disabled by default.
