Introduction to Juniper Device Management

Topology

1. vMX-VFP1 (em1) connected to vMX-VCP1 (em1)

2. vMX-VFP1 (ge-0/0/1) connected to vMX-VFP2 (ge-0/0/1)

3. vMX-VFP1 (ge-0/0/8) connected to vPC1 (eth0)

4. vMX-VFP1 (ge-0/0/9) connected to vPC2 (eth0)

5. vMX-VFP2 (em1) connected to vMX-VCP2 (em1)

6. vMX-VFP2 (ge-0/0/8) connected to vSRX-NG (ge-0/0/4)

7. vMX-VFP2 (ge-0/0/9) connected to Cisco-Router (Gi0/0)

8. vSRX-NG (fxp0), Win (eth0), and Internet-Router (Gi0/1) are connected to a common Layer 2 switch for management.

Objective

This foundational lab introduces you to the two primary methods of managing Juniper devices: the Command-Line Interface (CLI) and the Web-based graphical interface (J-Web). You will learn to navigate between the host OS shell and the Junos CLI, and perform the initial setup required to manage a vSRX firewall via J-Web.

Part 1: Navigating the Junos CLI

Task 1: Accessing the CLI from the Shell

1. In your topology, open a console connection to the vMX-VCP2 device.

2. At the login: prompt, enter the username root. There is no password set by default, so press Enter when prompted.

3. You are now at the FreeBSD shell prompt (root@:~ #). This is the underlying operating system of the vMX.

4. Enter the command cli. This command transitions you from the host shell into the Junos Operational Mode CLI.

5. Observe that your prompt changes to root>. You are now in the Junos CLI, where you can issue Junos-specific commands.

Task 2: Basic CLI Verification

1. From the root> prompt, issue the command show version.

2. Examine the output. It confirms you are in the Junos CLI by displaying details like the Junos OS version, platform model (e.g., vmx), and the Juniper Networks copyright. Note: The exact version number may differ.

3. To return to the FreeBSD shell, issue the command start shell. Your prompt will revert to root@:~ #.

Key Concept: The cli and start shell commands allow you to move between the Junos CLI and the host OS shell. Most configuration and troubleshooting is done within the Junos CLI.

Part 2: Configuring a vSRX for J-Web Management

Task 3: Initial vSRX-NG CLI Setup

J-Web requires three configuration elements to be functional:

1. A root authentication password.

2. An IP address on an active interface.

3. The web-management service is enabled on that interface.

You will now configure the vSRX-NG firewall with these elements.

1. Open a console connection to the vSRX-NG device.

2. Log in with username root and no password. Enter the CLI command to access the Junos CLI (root>).

3. Enter Configuration Mode by typing configure or edit. Your prompt will change to root#, and you will see [edit] above it, indicating you are at the top of the configuration hierarchy.

Task 4: Setting the Root Password

Configure a secure password for the root user. For these labs, we will use uninets@123.

set system root-authentication plain-text-password 📋

When prompted, enter the password uninets@123 and confirm it.

Task 5: Configuring the Management Interface

The fxp0 interface is a dedicated out-of-band management interface.

1. Assign an IP address to the fxp0.0 logical unit.

set interfaces fxp0 unit 0 family inet address 192.168.122.27/24 📋

This configures the management interface with the IP address 192.168.122.27.

Task 6: Enabling Web Management

1. Enable the J-Web service (both HTTP and HTTPS) on the fxp0.0 interface. Using HTTPS with a self-signed certificate is recommended for security.

set system services web-management http interface fxp0.0
set system services web-management https system-generated-certificate interface fxp0.0 📋

2. It is also good practice to enable the SSH service for secure CLI access.

set system services ssh 📋

Task 7: Committing and Verifying Configuration

1. Save and activate your configuration by issuing the commit and-quit command. This commits the changes and exits Configuration Mode, returning you to Operational Mode (root>).

2. Verify your configuration is active.

● Check the interface IP address: show interfaces terse | match fxp0.0. You should see inet 192.168.122.27/24.

● Verify the system services: show configuration system services. Your output should list ssh, http, and https.

Part 3: Accessing and Exploring J-Web

Task 8: Logging into J-Web

1. In your topology, open the Windows (Win) machine.

2. Launch the web browser (e.g., Firefox).

3. In the address bar, enter the URL of your vSRX-NG's management interface: https://192.168.122.27.

4. Your browser will likely display a security warning because the certificate is self-signed. Accept the warning to proceed to the J-Web login page.

5. Log in using the credentials:

● Username: root

● Password: uninets@123

Task 9: Exploring the J-Web Interface

1. Once logged in, take a few minutes to navigate the J-Web dashboard.

2. Explore menus such as Configure, Monitor, and Maintain. Familiarize yourself with the layout.

3. Do not make any configuration changes at this time. The goal is simply to understand the interface.

4. When finished, you can close the browser tab.

Final Verification & Notes

Success: You have successfully accessed a Juniper device via both the CLI and J-Web.

Security Note: In a production environment, you should use a certificate from a trusted Certificate Authority (CA) for HTTPS and implement more complex user authentication.

Troubleshooting: If you cannot reach J-Web, ensure the fxp0.0 interface is up/up (show interfaces fxp0.0) and that the IP address on your Windows machine is on the same 192.168.122.0/24 network (it should receive one via DHCP from the Internet-Router).