Categories
Networking

MikroTik basic terminal commands

Show walled-garden IP

ip hotspot walled-garden ip print

Categories
Networking

Can’t ping Juniper SRX

Assign the interface to the security zone

#set security zones security-zone untrust interfaces ge-0/0/0

Enable ping in the security zone

#set security zones security-zone host-inbound-traffic system-services ping
#commit check
#commit
Categories
Networking

Juniper SRX Install Software

Initial check

user@host> request system snapshot
user@host> request system snapshot media internal

Installing image

user@host> request system software add [package location]/[package name] reboot
user@host>request system software add "ftp://test.jnpr.net/pub/junos/7.5R2.8/jinstall-7.5R2.8-domestic-signed.tgz reboot
user@host>request system software add /var/tmp/7.5R2.8/jinstall-7.5R2.8-domestic-signed.tgz reboot

Other options

user@host>request system software add /var/tmp/7.5R2.8/jinstall-7.5R2.8-domestic-signed.tgz no-validate no-copy reboot

Installing step by step

user@host>file copy ftp://username:prompt@ftp.hostname.net/filename  /var/tmp/
user@host> request system software add /var/tmp/jinstall-8.x-package-name-signed.tgz
user@host> request system reboot

Primary and backup copy to be the same

user@host> request system snapshot slice alternate
Categories
Networking

Juniper Ansible Playbook setup

Check if netconf is enabled

ssh admin@xx.xx.xx.xx -p 830 -s netconf
Categories
Networking

Juniper SRX setup

Initialise

root%           <-- Shell
root% cli       <-- Operational CLI mode
root>           <-- Logged in to operational CLI mode
root>configure <-- Configuration mode
root#           <-- Logged in to configuration mode

Creating a password

root# set system root-authentication plain-text-password

New password:
Retype new password:

root# set system host-name srx
root# commit

commit complete

root@srx#

Security zone allowing ping, ssh and netconf

#set security zones security-zone untrust interfaces ge-0/0/0.0 host-inbound-traffic system-services ping
#set security zones security-zone untrust interfaces ge-0/0/0.0 host-inbound-traffic system-services ssh
#set security zones security-zone untrust interfaces ge-0/0/0.0 host-inbound-traffic system-services netconf

Juniper SRX Allow root login

set system services ssh root-login allow

Interfaces

#delete interfaces ge-0/0/0
#delete interfaces ge-0/0/1
#set interfaces ge-0/0/0 unit 0 family inet address 192.168.100.38/24
#set interfaces ge-0/0/1 unit 0 family inet address 192.168.239.1/24

Default route

#set routing-options static route 0.0.0.0/0 next-hop 192.168.100.1

Address book entries

#set security zones security-zone INTERNAL address-book address network_239 192.168.239.0/24

Security policies

#delete security policies
#set security policies from-zone internal to-zone internet policy allow-internal-clients match source-address network_239
#set security policies from-zone internal to-zone internet policy allow-internal-clients match destination-address any
#set security policies from-zone internal to-zone internet policy allow-internal-clients match application any
#set security policies from-zone INTERNAL to-zone internet policy allow-internal-clients then permit

Nat for internal clients

#delete security nat
#set security nat source rule-set internal-to-internet from zone internal
#set security nat source rule-set internal-to-internet to zone internet
#set security nat source rule-set internal-to-internet rule internet-access match source-address 192.168.239.0/24
#set security nat source rule-set internal-to-internet rule internet-access match destination-address 0.0.0.0/0
#set security nat source rule-set internal-to-internet rule internet-access then source-nat interface
#commit

Enable specific incoming system service traffic

#set security zones security-zone INTERNAL host-inbound-traffic system-services all
#set security zones security-zone INTERNAL host-inbound-traffic system-services ftp except
#set security zones security-zone INTERNAL host-inbound-traffic system-services http except

Allow SSH and NetConf for Ansible to connect

user@hostname> configure 
Entering configuration mode

[edit]
user@hostname# set system services netconf ssh 

[edit]
user@hostname# commit and-quit 
commit complete
Exiting configuration mode

user@hostname> show system connections inet | match 830 
tcp4       0      0  *.830                    *.*                       LISTEN

user@hostname> show system connections inet6 | match 830   
tcp6       0      0  *.830                    *.*   

Assign static IP

set interfaces ge-0/0/0 unit 0 family inet address [xx.xx.xx.xx]
set interfaces ge-0/0/0 unit 0 family inet address 192.168.1.1

Create a user

set system login user [USERNAME] class super-user authentication plain-text-password
set system login user praison class super-user authentication plain-text-password

Request system logout

request system logout pid [XXX]
request system logout pid 1234