Juniper Networks J2350 manual Management Access, Before You Begin

Chapter 6: Establishing Basic Connectivity

With the router temporarily acting as a DHCP server, you can manually configure it with the J-Web interface. Any DHCP client host, for example, a PC or laptop computer, directly connected to ge-0/0/0receives an address on the 192.168.1.1/24 network.

NOTE: The DHCP functionality for initial setup is different from the configurable DHCP server functionality of the Services Router during operation. To configure the Services Router as a DHCP server, see the JUNOS Software Administration Guide.

Once you connect your laptop or PC to ge-0/0/0, you can use a Web browser to visit the address 192.168.1.1/24, access the J-Web Set Up Quick Configuration page, and complete the initial configuration of the router.

After you perform the initial configuration and commit it by clicking Apply or OK on the Set Up page, the configured router can no longer act as a DHCP server. Therefore, to continue using ge-0/0/0as a management interface you must configure the IP address of the interface as part of the initial configuration.

Management Access

Telnet allows you to connect to the Services Router and access the CLI to execute commands from a remote system. Telnet connections are not encrypted and therefore can be intercepted.

Telnet access to the root user is prohibited. You must use more secure methods, such as SSH, to log in as root.

If you are using a JUNOScript server to configure and monitor routers, you can activate clear-text access on the router to allow unencrypted text to be sent directly over a TCP connection without using any additional protocol (such as SSH, SSL, or Telnet). Information sent in clear text is not encrypted and therefore can be intercepted. For more information about the JUNOScript application programming interface (API), see the JUNOScript API Guide.

SSH also allows you to connect to the router and access the CLI to execute commands from a remote system. However, unlike Telnet, SSH encrypts traffic so that it cannot be intercepted.

SSH can be configured so that connections are authenticated by a digital certificate. SSH uses public-private key technology for both connection and authentication. The SSH client software must be installed on the machine where the client application runs. If the SSH private key is encrypted (for greater security), the SSH client must be able to access the passphrase used to decrypt the key.

For information about obtaining SSH software, see http://www.ssh.com and

http://www.openssh.com.

Before You Begin

Before you begin initial configuration, complete the following tasks:

Before You Begin ■ 95