System Properties

This section contains the following topics:

Configuring the Device’s System Identity

To configure the device’s system identity:

  1. In the J-Web user interface, select Configure>System Properties>System Identity.
  2. Click Edit. The Edit System Identity dialog box appears.
  3. In the Hostname box, enter a hostname for the device.
  4. In the Domain name box, enter the network or subnetwork to which the device belongs.
  5. In the Root password and Confirm password boxes, enter a password for the “root” user and verify your entry.

    Note: After you have defined a root password, that password is required when you log in to the J-Web user interface or the CLI.

  6. If you want to configure the DNS server settings, choose one of the following options:
    • If you want to specify a server that the device can use to resolve hostnames into addresses, click Add in the DNS Servers section. Then enter the IP address of the server in the Add DNS Server dialog box and click OK.
    • If you want to edit an existing DNS server hostname, select it and click Edit. Then edit the IP address in the Edit DNS Server dialog box and click OK.
    • If you want to delete an existing DNS server hostname, select it and click Delete.
  7. If you want to configure the DNS hostname settings, choose one of the following options:
    • If you want to include the device’s domain name in a DNS search, click Add in the Domain Search section. Then enter the domain name in the Add Domain Search dialog box and click OK.
    • If you want to edit an existing domain name, select it and click Edit. Then edit the domain name in the Edit Domain Search dialog box and click OK.
    • If you want to delete an existing domain name, select it and click Delete.
  8. Click OK to save the configuration or Cancel to clear it.

Configuring Management Access

To configure device access options, such as HTTPS and certificates, select Configure>System Properties>Management Access in the J-Web user interface.

This section includes the following instructions:

Configuring Device Addresses

You can use the Management tab to configure IPv4 and loopback addresses on the device.

To configure IPv4 and loopback addresses:

  1. In the J-Web user interface, select Configure>System Properties>Management Access.
  2. Click Edit. The Edit Management Access dialog box appears.
  3. Select the Management tab.
  4. If you want to enable a loopback address for the device, enter an address and corresponding subnet mask in the Loopback address section.
  5. If you want to enable an IPv4 address for the device, select IPv4 address and enter a corresponding management port, subnet mask, and default gateway.
  6. Click OK to save the configuration or Cancel to clear it.

Enabling Access Services

You can use the Services tab to specify the type of connections that users can make to the device. For instance, you can enable secure HTTPS sessions to the device or enable access to the Junos XML protocol XML scripting API.

To enable access services:

  1. In the J-Web user interface, select Configure>System Properties>Management Access.
  2. Click Edit. The Edit Management Access dialog box appears.
  3. Select the Services tab.
  4. If you want to enable users to create secure Telnet or secure SSH connections to the device, select Enable Telnet or Enable SSH.
  5. If you want to enable access to the Junos XML protocol XML scripting API, select Enable Junos XML protocol over clear text or Enable Junos XML protocol over SSL. If you enable Junos XML protocol over SSL, select the certificate you want to use for encryption from the Junos XML protocol certificate drop-down list.
  6. Select Enable HTTP if you want users to connect to device interfaces over an HTTP connection. Then specify the interfaces that should use the HTTP connection:
    • Enable on all interfaces—Select this option if you want to enable HTTP on all device interfaces.
    • Selected interfaces—Use the arrow buttons to populate this list with individual interfaces if you want to enable HTTP on only some of the device interfaces.
  7. If you want users to connect to device interfaces over a secure HTTPS connection, select Enable HTTPS. Then select which certificate you want to use to secure the connection from the HTTPS certificates list and specify the interfaces that should use the HTTPS connection:
    • Enable on all interfaces—Select this option if you want to enable HTTPS on all device interfaces.
    • Selected interfaces—Use the arrow buttons to populate this list with individual interfaces if you want to enable HTTPS on only some of the device interfaces.
  8. Click OK to save the configuration or Cancel to clear it.

To verify that Web access is enabled correctly, connect to the device using one of the following methods:

Adding, Editing, and Deleting Certificates on the Device

You can use the Certificates tab to upload SSL certificates to the device, edit existing certificates on the device, or delete certificates from the device. You can use the certificates to secure HTTPS and Junos XML protocol sessions.

To add, edit, or delete a certificate:

  1. In the J-Web user interface, select Configure>System Properties>Management Access.
  2. Click Edit. The Edit Management Access dialog box appears.
  3. Select the Certificates tab.
  4. Choose one of the following options:
    • If you want to add a new certificate, click Add. The Add Certificate section is expanded.
    • If you want to edit the information for an existing certificate, select it and click Edit. The Edit Certificate section is expanded.
    • If you want to delete an existing certificate, select it and click Delete. (You can skip the remaining steps in this section.)
  5. In the Certificate Name box, type a name—for example, new.
  6. In the Certificate content box, paste the generated certificate and RSA private key.
  7. Click Save.
  8. Click OK to save the configuration or Cancel to clear it.

Managing User Authentication

This section contains the following topics:

Adding a RADIUS Server or TACACS Server for Authentication

You can use the User Management page to configure a RADIUS server or TACACS server for system authentication.

To configure a RADIUS server or TACACS server:

  1. In the J-Web interface, select Configure>System Properties>User Management.
  2. Click Edit. The Edit User Management dialog box appears.
  3. Select the Authentication Method and Order tab.
  4. In the RADIUS section or TACACS section, click Add. Either the Add Radius Server dialog box or Add TACACS Server dialog box appears.
  5. In the IP Address field, enter the server’s 32–bit IP address.
  6. In the Password and Confirm Password fields, enter the secret password for the server and verify your entry.
  7. In the Server Port field, enter the appropriate port.
  8. In the Source Address field, enter the source IP address of the server.
  9. In the Retry Attempts field, specify the number of times that the server should try to verify the user’s credentials.
  10. In the Time Out field, specify the amount of time (in seconds) the device should wait for a response from the server.
  11. Click OK.

Configuring System Authentication

You can use the User Management page to configure the authentication methods that the device uses to verify that a user can gain access. For each login attempt, the device tries the authentication methods in order, starting with the first one, until the password matches.

If you do not configure system authentication, users are verified based on their configured local passwords.

To configure system authentication:

  1. In the J-Web interface, select Configure>System Properties>User Management.
  2. Click Edit. The Edit User Management dialog box appears.
  3. Select the Authentication Method and Order tab.
  4. Under Available Methods, select the authentication method the device should use to authenticate users, and use the arrow button to move the item to the Selected Methods list. Available methods include:
    • RADIUS
    • TACACS+
    • Local Password

    If you want to use multiple methods to authenticate users, repeat this step to add the additional methods to the Selected Methods list.

  5. Under Selected Methods, use the up and down arrows to specify the order in which the device should execute the authentication methods.
  6. Click OK.

Adding New Users

You can use the User Management page to add new users to the device’s local database. For each account, you define a login name and password for the user and specify a login class for access privileges.

To configure users:

  1. In the J-Web interface, select Configure>System Properties>User Management.
  2. Click Edit. The Edit User Management dialog box appears.
  3. Select the Users tab.
  4. Click Add to add a new user. The Add User dialog box appears.
  5. In the User name field, enter a unique name for the user.

    Do not include spaces, colons, or commas in the username.

  6. In the User ID field, enter a unique ID for the user.
  7. In the Full Name field, enter the user’s full name.

    If the full name contains spaces, enclose it in quotation marks. Do not include colons or commas.

  8. In the Password and Confirm Password fields, enter a login password for the user and verify your entry. The login password must meet the following criteria:
    • The password must be at least 6 characters long.
    • You can include most character classes in a password (alphabetic, numeric, and special characters), except control characters.
    • The password must contain at least one change of case or character class.
  9. From the Login Class list, select the user’s access privilege:
    • operator
    • read-only
    • unauthorized

    This list also includes any user-defined login classes. For more information, see the Junos OS System Basics Configuration Guide.

  10. Click OK in the Add User dialog box and Edit User Management dialog box.

Configuring the Device’s Date and Time

To configure the device’s date and time:

  1. In the J-Web user interface, select Configure>System Properties>Date Time.
  2. Click Edit. The Edit Date and Time Settings dialog box appears.
  3. From the Timezone list, select the time zone in which the router resides. The current date and time are shown below the Timezone list.
  4. Specify which method the device should use to set the system time by selecting one of the following options:
    • Synchronize with PC time—Uses the PC that you are currently logged into to determine the system time for the device. When you select this option, the PC time that will be used is displayed in the Time field.
    • NTP servers—Synchronizes the system time with the NTP server that you select. Choose one of the following options:
      • To select an NTP server, click Add. Then enter the NTP server, key, and version in the Add NTP Server dialog box and click OK.
      • To edit the settings for an existing NTP server, select it and click Edit. Then edit the NTP server, key, and version in the Edit NTP Server dialog box and click OK.
      • To delete an existing NTP server, select it, click Delete, and click OK.
    • Manual—Enables you to manually select the date and time for the device. Set the date and time using the calendar pick tool and time fields.
  5. Click OK to save the configuration or Cancel to clear it.