Rate and give feedback:  Feedback Received. Thank You!

Rate and give feedback: 

X

This document helped resolve my issue

Yes No

Additional Comments

800 characters remaining

May we contact you if necessary?

Name:  

E-mail: 

Enter a valid Email ID

Need product assistance? Contact Juniper Support

Submit

This site is protected by hCaptcha and its Privacy Policy and Terms of Service apply.

English  

English

Connecting Your Branch SRX Series for the First Time

Connecting Your Branch SRX Series Through the Console Port for the First Time

The following procedure describes the steps required to connect a branch SRX Series through the console port for the first time.

1. Connect your computer or laptop to the console port on the SRX Series .
2. Start the terminal emulation program on the computer or laptop, select the COM port, and configure the following port settings:
   • Bits per second —9600
   • Data bits—8
   • Parity—none
   • Stop bits—1
   • Flow control—none
3. Click Open or Connect (the term varies in different applications).
4. Press the POWER button on the device, and wait till the Power LED turns green.
5. Log in to the device as root and leave the password field blank. When you boot the device with the factory default configuration, you do not need a password.
6. Enter the UNIX shell after you are authenticated through the CLI:

   Amnesiac (ttyu0)
   login: root
   Password:
   --- JUNOS 12.1X44-D10.4 built 2013-01-08 05:15:31 UTC

7. At the % prompt, type cli to start the CLI and press Enter. The prompt changes to an angle bracket (>) when you enter CLI operational mode.

   root@% cli
   root>

8. At the (>) prompt, type configure and press Enter. The prompt changes from > to # when you enter configuration mode.

   root> configure
   Entering configuration mode
   [edit]
   root#

9. Create a password for the root user to manage the SRX Series.

   set system root authentication plain-text-password

   Enter a password at the New password prompt, then confirm by entering the same password at the Retype New password prompt.

   New password: 
   Retype New password:

   At the CLI prompt, type commit to activate the configuration.

   Now, proceed with configuring system identification settings, users and classes. See Configuring System Identification and User Classes for Your Branch SRX Series.

   Note: If you are unable to log in with the username root and no password, it could be because the device has a different configuration than the factory settings. If you do not know the password of the root account, or any another account with super-user privileges, then a password reset is required. The process to do a password recovery can be found here: http://kb.juniper.net/KB12167.

Configuring System Identification and User Classes for Your Branch SRX Series

After assigning a root password, you must set up a hostname, domain name, and user accounts. All the users logging in to the SRX Series must be mapped to a login class. You can use the predefined login classes: operator, read-only, super-user, and unauthorized, or create a new login class. You can then apply one login class to an individual user account.

1. Set the system hostname.
   [edit]root@host# set system host-name srx210-host
2. Create an administrative user to manage the SRX Series.
   [edit]root@host# set system login user admin-user class super-userroot@host# set system login user admin-user authentication plain-text-password

   Enter the password and retype the password when prompted.

3. Create a read-only administrative user.
   [edit]root@host# set system login user read-only-user class read-onlyroot@host# set system login user read-only-user authentication plain-text-password

   Enter the password and retype the password when prompted.

Configuring Internet Access for Your Branch SRX Series

Connect the SRX210 WAN port (typically the port labeled 0/0) to the cable modem or to the connection device provided by your Internet service provider (ISP). You can enable Internet access in the following ways:

• Assign an IP address and gateway through DHCP—If your ISP supports DHCP, your services gateway acquires an IP address and other settings (domain name servers, default routes) from your ISP.
• Assign IP address manually—If your ISP does not provide IP address information through DHCP, you can configure the gateway WAN port with a static IP address and a default route.

Figure 1 shows connecting an SRX210 to the Internet.

Figure 1: Connecting an SRX210 to the Internet

1. Configure interface ge-0/0/0 to obtain an IP address and default gateway from a DHCP server:
   [edit]root@host# set interfaces ge-0/0/0 unit 0 family inet dhcp

1. Configure a static default route pointing to the Internet router with IP address 1.1.1.2 as the next hop:
   [edit]root@host# set interfaces ge-0/0/0 unit 0 family inet address 1.1.1.1/29root@host# set routing-options static route 0.0.0.0/0 next-hop 1.1.1.2
2. Enter the IP addresses of one or more DNS name servers. If your ISP does not support DHCP, then you might have to configure it statically.
   [edit]root@host# set system name-server 11.11.11.11

   Note: The servers 208.67.222.222 and 208.67.222.220 are available as part of default configuration. You can add new servers or delete existing servers and configure new servers.

Configuring a Network Time Protocol Server for Your Branch SRX Series

Network Time Protocol (NTP) can be used to synchronize network devices to a common, and preferably accurate, time source. By synchronizing all network devices, timestamps on log messages are both accurate and meaningful.

1. Configure the NTP server and time zone.
   [edit]root@host# set system ntp server 160.90.182.55
   [edit]root@host# set system time-zone GMT-8
2. Update the system clock to make use of the new NTP server settings from operational mode.
   root@host>set date NTP

Validating Your Branch SRX Series Configuration

Purpose

Verify that the device was configured with a hostname, user classes, name server, and an NTP server.

Action

From configuration mode, confirm your configuration by entering the show commands such as show system host-name, show system login, and show system name-server as shown in the following samples:

• Verify system hostname details.
  [edit]root@host# show system host-namehost-name srx210-host;
• Verify system user classes and login details.
  [edit]root@host# show system login

  user admin-user {class super-user;authentication {encrypted-password "$1$cU0SqbQO$S6F4B18k4/oRX3Zm9MnwZ/"; ## SECRET-DATA}}user read-only-user {class read-only;authentication {encrypted-password "$1$2bOut0DZ$tup2Ymo4pCKcjung0ricb0"; ## SECRET-DATA}}
• Verify system name server details.
  [edit]root@host# show system name-server

  208.67.222.222;208.67.220.220;11.11.11.11
• Use run show interface terse to verify the acquired IP address.

If you are done configuring the device, enter commit from configuration mode.

Verifying Your Branch SRX Series Configuration

Purpose

Verify that your SRX Series configuration is working properly.

Action

From configuration mode, confirm your configuration by entering the show system services dhcp client command.

• Verify DHCP client configuration.

  user@srx210-host> show system services dhcp client ge-0/0/0.0

  Logical Interface Name   ge-0/0/1.0
  			Hardware address 		00:12:1e:a9:7b:81
  			Client Status			bound
  			Address obtained		1.1.1.20
  			update server 			enables
  			Lease Obtained at		2007-05-10 18:16:04 PST
  			Lease Expires at		2007-05-11 18:16:04 PST
  
  		DHCP Options:
  			Name: name-server, Value: [ 1.1.1.2 ]
  			Code: 1, Type: ip-address, Value: 255.255.255.0
  			Name: name-server, Value: [11.11.11.11]
  			Name: domain-name, Value: dept.juniper.net

• Verify the Internet connection on your SRX Series.
  • To verify the connectivity from your device, ping to the gateway and DNS from your SRX Series to verify the connectivity.
  • To verify that your SRX Series is connected and everything is working properly, access https://www.juniper.net/techpubs/ or other Web destinations to ensure that you are connected to the Internet.
• Verify that the login classes you have created are working properly.

  Log out from the device and log in again using the credentials that you have configured for the newly created user classes.

• Verify NTP server details.

  user@srx210-host# show system ntp

  server 160.90.182.55;