Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Navigation
Guide That Contains This Content
[+] Expand All
[-] Collapse All

    Performing the Initial Software Configuration for the C Series Controller

    Setting Up Management Access and Logging In

    Before you power on the system, you must set up a management console. (See Connecting the C Series Controllers to External Devices.)

    You can monitor and manage the system through either of these methods:

    • Console terminal—Connect a console (PC, Macintosh, or UNIX workstation) directly to the system's RS-232 serial port.
    • Remote console—Connect a 10/100Base-T port (ETH0) to an Ethernet network, and run SSH or Telnet from a remote console.

    For initial access to the system, you need to physically connect your console directly to the system's RS-232 port. Through this connection you use the SRC command-line interface (CLI) to set the hostname and domain information. You can then access the system remotely (for example, by means of SSH).

    To communicate with the system, you must have a terminal emulation program running on your PC or Macintosh. You can use any terminal emulation program, such as HyperTerminal. A UNIX workstation can use the emulator TIP.

    To log in to the system:

    1. Start your terminal emulation program using the following settings:
      • Bits per second: 9600
      • Data bits: 8
      • Parity: None
      • Stop bits: 1
      • Flow control: none
    2. Enter the username.
      SRC Release 4.0 [V.4.0.0.R-1] localhost login:root
    3. Enter the password.
      Password:password

      You are now logged in as root user.

    4. To access the CLI, enter the cli command.
      [root@localhost ~]# cli--- SRC CLI 4.0 build CLI.R.4.0.0.001 (c) 2005-2009 Juniper Networks Inc.root@localhost>

    Configuring the Juniper Networks Database

    Each C Series Controller contains a Juniper Networks database. The database stores SRC data, sample data, configuration information, and user profiles. You must enable the Juniper Networks database the first time you power on the system. It can operate as a standalone database or as a member of a community of Juniper Networks databases.

    Note: The Juniper Networks database must be running before you start configuring the SRC software.

    Typically, you run the database in standalone mode only in testing environments. In standalone mode, the database does not communicate with other Juniper Networks databases; there is no data distribution and no redundancy. In community mode, databases distribute data changes among specified databases. When you have two or more C Series Controllers, enable the Juniper Networks database to run in community mode, and assign a role to each database:

    • Primary role—A database that provides read and write access to client applications. It replicates its data and distributes changes to any Juniper Networks databases configured as neighbors.
    • Secondary role—A database that provides read access to client applications. If client applications try to write data to this database, the database refers the client to a primary database.

    In the following example, a standalone database is enabled.

    To enable a Juniper Networks database to run in standalone mode:

    1. From configuration mode, access the configuration statement that configures the Juniper Networks database.
      root@host# edit system ldap server
    2. Enable standalone mode.
      [edit system ldap server]root@host# set stand-alone

    Configuring Hostname and Domain Parameters

    To set hostname and domain parameters:

    1. Enter configuration mode.
      root@host> edit
    2. Configure the hostname.
      [edit]root@host# set system host-name host-name

      For example:

      [edit]root@host# set system host-name my-hostname
    3. Configure either a list of domain names to search, or create the domain name. We recommend configuring a list of domain names to search.

      To configure a list of domain names to search:

      [edit]root@host# set system domain-search [domain-name1, domain-name2, ...]

      For example:

      [edit]root@host# set system domain-search [my-domain.juniper.net domain.juniper2.net]

      To configure the domain name:

      [edit]root@host# set system domain-name domain-name

      For example:

      [edit]root@host# set system domain-name my-domain.juniper.net

    Configuring the System for Remote Access

    To allow remote access to the system, you must configure the generic interfaces. You can specify an IP address with mask or a broadcast address with mask for an interface. For more information, see C Series Controller Remote Access.

    To configure the generic interfaces:

    1. From configuration mode, access the configuration statement that configures the interface.
      root@host# edit interfaces eth0
    2. Specify the unit, family, and IP address for the interface.
      [edit interfaces eth0]root@host# set unit number family inet address address

      For example, to configure an interface with only an IP address:

      [edit interfaces eth0]root@host# set unit 0 family inet address 192.2.0.10/24
    3. (Optional) Specify the broadcast address for the interface.
      [edit interfaces eth0]root@host# set unit number family inet broadcast broadcast

      For example, to configure an interface with only a broadcast address:

      [edit interfaces eth0]root@host# set unit 0 family inet broadcast 192.2.0.255
    4. Verify the interface configuration.
      [edit interfaces eth0]root@host# show unit 0 {
      family {inet {broadcast 192.2.0.255;}}
      }

    Configuring the System to Accept SSH and Telnet Connections

    You can enable SSH and Telnet to let users who have the appropriate privileges connect to the system. For security reasons, we recommend that you do not allow remote users to access the CLI as root. The system does not allow root access over a Telnet connection. For more information, see Configuring a C Series Controller to Accept SSH Connections (SRC CLI).

    To configure the system to accept SSH connections:

    1. From configuration mode, access the [edit system services ssh] hierarchy level.
    2. (Optional) Specify whether or not to allow root login through SSH.
      [edit system services ssh] root@host> set root-login (allow | deny | deny-password)

      where:

      • allow— Allow users to log in to the C Series Controller as root through SSH.
      • deny— Disable users from logging in to the system as root through SSH.
      • deny-password— Allow users to log in to the system as root through SSH when the authentication method (for example, RSA authentication) does not require a password. (Default)

    To configure the system to accept Telnet connections:

    • In edit mode, type the following command.
      [edit] root@host# set system services telnet

    Adding an Admin User Account

    Although you use root access for initial configuration of the system, you use user accounts to enter commands and statements at the CLI. Therefore, you must set up an admin account to allow further configuration. You can use a built-in class, such as super-user.

    To configure an account for an administrative user:

    1. Create an account for an administrative user.
      [edit]root@host# edit system login user user

      For example:

      [edit]root@host# edit system login user myadmin
    2. Set the class for the administrative user to the login class that you created.
      [edit system login user myadmin] root@host# set class class

      For example:

      [edit system login user myadmin] root@host# set class super-user
    3. Specify the name of the administrative user.
      [edit system login user myadmin]root@host# set full-name “John Doe”
    4. Set the CLI editing level to expert.
      [edit system login user myadmin] root@host# set level expert
    5. (Optional) Specify that a space be used for command completion.
      [edit system login user myadmin] root@host# set complete-on-space on
    6. Verify that the configuration for the administrative user is correct.
      [edit system login user myadmin] root@host# show class super-user; full-name "John Doe"; uid 506; gid 100; level expert; complete-on-space on;
    7. Set the password of the user.
      [edit] root@host#edit system login user myadmin authentication [edit system login user myadmin authentication] root@host# set plain-text-password

    Published: 2014-06-12