O'Reilly logo

Junos Enterprise Routing, 2nd Edition by Harry Reynolds, Peter Southwick, Doug Marschke

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Securing Access to the Router

The goal of this chapter is to secure the network in Figure 8-2, which consists of three routers—Ale, PBR, and Bock—that are running Open Shortest Path First (OSPF) as the Interior Gateway Protocol (IGP). PBR connects to multiple Internet service providers (ISPs) via the Border Gateway Protocol (BGP). Various types of traffic are sent and received from the two ISPs, including web browsing, email, and a variety of remote accounting and engineering applications. The first step will be to secure access to Ale, PBR, and Bock so that only authorized users have access to each router.

Network topology

Figure 8-2. Network topology

User Authentication

There are two types of users on a Junos-based device—a nonroot user and a root user, both of which must be secured. Recall that user root is the only user who is predefined by default, accessible only via the console port without any default password. You must set a root password before the router will allow you to commit the configuration. To set up a root password, issue the root-authentication keyword under the [edit system] level:

lab@Bock# set system root-authentication ? Possible completions: + apply-groups Groups from which to inherit configuration data + apply-groups-except Don't inherit configuration data from these groups encrypted-password Encrypted password string load-key-file File (URL) containing one or more ssh keys plain-text-password ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required