Thanks to visit codestin.com
Credit goes to www.scribd.com

Scribd
Upload
95 views10 pages

R 4

This document summarizes the configuration of a Juniper router named Arcturus. It defines system settings like the host name, authentication methods, NTP settings, user accounts, and interfaces. The router is configured to backup to another router, authenticate users via RADIUS or passwords, and archive configuration changes via FTP. Interface configurations include IP addresses, VLAN assignments, and protocols like OSPF and RIP.

Uploaded by

Ramon Pirbux
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
95 views10 pages

R 4

This document summarizes the configuration of a Juniper router named Arcturus. It defines system settings like the host name, authentication methods, NTP settings, user accounts, and interfaces. The router is configured to backup to another router, authenticate users via RADIUS or passwords, and archive configuration changes via FTP. Interface configurations include IP addresses, VLAN assignments, and protocols like OSPF and RIP.

Uploaded by

Ramon Pirbux
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
You are on page 1/ 10

## Last commit: 2012-09-23 09:44:22 CEST by lab

version 11.4R5.5;
system {
host-name Arcturus;
backup-router 10.10.1.254 destination 10.10.10.0/24;
time-zone Europe/Amsterdam;
authentication-order [ radius password ];
root-authentication {
encrypted-password "$1$YpstA.mZ$uh1QVGGnSRigvLpxTdQH4/"; ## SECRET-DATA
}
name-server {
10.10.10.1;
}
radius-server {
10.10.10.1 {
secret "$9$cTzl87GUH.fzgoZjqfn6cylMLN"; ## SECRET-DATA
timeout 2;
retry 1;
}
}
inactive: scripts {
commit {
file interface-mask-check.slax;
}
op {
file show-interfaces.slax;
}
}
login {
class limited {
permissions [ view view-configuration ];
}
class privileged {
permissions all;
deny-commands "(clear)|(configure)|(edit)|(start shell)";
}
user lab {
uid 2000;
class super-user;
authentication {
encrypted-password "$1$RKAQmjDt$PRiEFMNcJ0i0x.TryJCHU1"; ## SECRET-
DATA
}
}
user noc {
uid 2001;
class privileged;
authentication {
encrypted-password "$1$9vRw6uu/$FsTkMWlOp1bu2aZvfHz3W/"; ## SECRET-
DATA
}
}
user ops {
uid 2002;
class operator;
authentication {
encrypted-password "$1$PVW/3KJ/$IWZ9CZtwVJyBBa/4vwNhl."; ## SECRET-
DATA
}
}
user remote {
uid 2003;
class limited;
}
}
services {
ftp;
ssh;
telnet;
}
syslog {
archive size 100k files 3;
user * {
any critical;
}
user ops {
any warning;
}
file user-commands {
interactive-commands any;
}
file jncie-sp-messages {
any notice;
change-log any;
interactive-commands any;
}
}
archival {
configuration {
transfer-on-commit;
archive-sites {
"ftp://[email protected]" password "$9$eCTK87-dsg4Z7NikPfzF"; ##
SECRET-DATA
}
}
}
ntp {
boot-server 10.10.1.100;
authentication-key 1 type md5 value "$9$tMfLOhrbwgaGixNVYoGq.tuORcl"; ##
SECRET-DATA
server 10.10.1.100 key 1; ## SECRET-DATA
trusted-key 1;
}
}
interfaces {
ge-0/0/0 {
unit 0 {
description "OoB management";
family inet {
address 10.10.1.4/24;
}
}
}
ge-0/0/4 {
vlan-tagging;
unit 114 {
description "R1 connection";
vlan-id 114;
family inet {
address 172.30.0.6/30;
}
}
unit 134 {
description "R3 connection";
vlan-id 134;
family inet {
address 172.30.0.22/30;
}
family inet6;
}
unit 145 {
description "R5 connection";
vlan-id 145;
family inet {
address 172.30.0.29/30;
}
family inet6;
}
unit 200 {
description "DC1 LAN 1";
vlan-id 200;
family inet {
address 172.30.1.2/24 {
vrrp-group 1 {
virtual-address 172.30.1.254;
authentication-type md5;
authentication-key "$9$4kZHmpu1ESe69tORSMW4aZjkP"; ##
SECRET-DATA
}
}
}
}
unit 201 {
description "DC1 LAN 2";
vlan-id 201;
family inet {
address 172.30.2.2/24 {
vrrp-group 2 {
virtual-address 172.30.2.254;
priority 150;
authentication-type md5;
authentication-key "$9$4kZHmpu1ESe69tORSMW4aZjkP"; ##
SECRET-DATA
track {
interface ge-0/0/4.114 {
priority-cost 30;
}
interface ge-0/0/4.145 {
priority-cost 30;
}
}
}
}
}
}
unit 202 {
description "DC2 connection";
vlan-id 202;
family inet {
address 172.30.0.49/30;
}
}
unit 203 {
description "DC3 connection";
vlan-id 203;
family inet {
address 172.30.0.53/30;
}
family inet6;
}
}
lo0 {
unit 0 {
family inet {
filter {
input protect-re;
}
address 172.30.5.4/32;
}
family inet6 {
address fd17:f0f4:f691:5::4/128;
}
}
}
}
inactive: event-options {
policy syslog_if_description {
events [ SNMP_TRAP_LINK_UP SNMP_TRAP_LINK_DOWN ];
then {
event-script syslog-int-desc-on-link-change.slax;
}
}
policy snmptrap_if_description {
events SYSTEM;
attributes-match {
SYSTEM.message matches NEW_SNMP_TRAP_LINK;
}
then {
raise-trap;
}
}
event-script {
file syslog-int-desc-on-link-change.slax;
}
}
snmp {
v3 {
usm {
local-engine {
user lab {
authentication-sha {
authentication-key
"$9$R6ScKMNdbsgobwoGUi.mQFn90BcylXNduOdb2gJZHqmfn/tpBcSefTlKWLVbmf5Tz6O1RcretpM8X7s
YZUjHkP5QF6/tzFev8LVbP5TFnCOBEeK8z3lKWLN-.PfTz6BIESlKhcoJZGiHp0OIEyvWLx7VyrJGUDkqQF
n/uOrevWX7CtvWLxdVk.m5n/"; ## SECRET-DATA
}
privacy-3des {
privacy-key
"$9$2KoDifTz3/CzFCu01hcevWXVwoJG.fTdbTz6/tpIEcyWLN-woaUylGDHqQzcyrlK8bs2oZUN-
ik.P3np0BIRSrev8LNKvUjkqQzSrlvWxbwgUDkKMGDHqf5hSylK8wYgaGD4oCtpu1I-
VbYgJjHqmPQJZtu0OREevWLdbZUjH.PxNjHqmTQRhcrWL"; ## SECRET-DATA
}
}
}
}
vacm {
security-to-group {
security-model usm {
security-name lab {
group primary-group;
}
}
}
access {
group primary-group {
default-context-prefix {
security-model usm {
security-level privacy {
read-view root-view;
}
}
}
}
}
}
target-address S1 {
address 10.10.10.1;
tag-list all-nms;
target-parameters S1-parameters;
}
target-parameters S1-parameters {
parameters {
message-processing-model v3;
security-model usm;
security-level privacy;
security-name lab;
}
notify-filter all-traps;
}
notify traps {
type trap;
tag all-nms;
}
notify-filter all-traps {
oid snmpTraps;
oid jnxTraps;
}
}
view root-view {
oid .1 include;
}
}
routing-options {
static {
route 10.10.10.0/24 {
next-hop 10.10.1.254;
no-readvertise;
}
}
router-id 172.30.5.4;
}
protocols {
ospf {
export rip-to-ospf;
area 0.0.0.4 {
stub;
interface ge-0/0/4.134 {
authentication {
md5 1 key "$9$eGdWNbHkPTF/ZUi.5FAtevWx-w"; ## SECRET-DATA
}
}
interface ge-0/0/4.145 {
authentication {
md5 1 key "$9$GGiPQ1IcrK8tuBEyKx7GDi.fz"; ## SECRET-DATA
}
}
interface lo0.0;
}
}
rip {
group rip {
export default-to-rip;
neighbor ge-0/0/4.202;
}
}
}
policy-options {
prefix-list bgp-peers {
apply-path "protocols bgp group <*> neighbor <*>";
}
policy-statement default-to-rip {
term 1 {
from {
protocol ospf;
route-filter 0.0.0.0/0 exact;
}
then accept;
}
}
policy-statement rip-to-ospf {
term 1 {
from protocol rip;
then accept;
}
}
}
security {
forwarding-options {
family {
inet6 {
mode packet-based;
}
mpls {
mode packet-based;
}
iso {
mode packet-based;
}
}
}
}
firewall {
family inet {
filter protect-re {
term ah {
from {
protocol ah;
}
then accept;
}
term bfd {
from {
protocol udp;
port 3784;
}
then accept;
}
term vrrp {
from {
protocol vrrp;
}
then accept;
}
term rip {
from {
protocol udp;
port rip;
}
then accept;
}
term ospf {
from {
protocol ospf;
}
then accept;
}
term ldp {
from {
protocol [ udp tcp ];
port ldp;
}
then accept;
}
term rsvp {
from {
protocol rsvp;
}
then accept;
}
term pim {
from {
protocol pim;
}
then accept;
}
term igmp {
from {
protocol igmp;
}
then accept;
}
term msdp {
from {
protocol tcp;
port msdp;
}
then accept;
}
term bgp {
from {
source-prefix-list {
bgp-peers;
}
protocol tcp;
port bgp;
}
}
term ntp {
from {
source-address {
10.10.1.0/24;
}
protocol udp;
port ntp;
}
then accept;
}
term snmp {
from {
source-address {
10.10.1.0/24;
}
protocol udp;
port snmp;
}
then accept;
}
term radius {
from {
source-address {
10.10.1.0/24;
}
protocol udp;
port radius;
}
then accept;
}
term dns {
from {
source-address {
10.10.1.0/24;
}
protocol udp;
port domain;
}
then accept;
}
term ssh {
from {
source-address {
10.10.1.0/24;
}
protocol tcp;
port ssh;
}
then accept;
}
term telnet {
from {
source-address {
10.10.1.0/24;
}
protocol tcp;
port telnet;
}
then accept;
}
term ftp {
from {
source-address {
10.10.1.00/24;
}
protocol tcp;
port [ ftp ftp-data ];
}
then accept;
}
term icmp {
from {
protocol icmp;
}
then {
policer re-policer;
accept;
}
}
term traceroute {
from {
protocol udp;
port 33434-33534;
}
then {
policer re-policer;
accept;
}
}
term last {
then {
count dropped-packets;
log;
discard;
}
}
}
}
policer re-policer {
if-exceeding {
bandwidth-limit 100k;
burst-size-limit 25k;
}
then discard;
}
}

You might also like