Securing Access to the Router
The goal of this chapter is to secure the network in Figure 6-2, which consists of three routers—Ale, PBR, and
Bock—that are running Open Shortest
Path First (OSPF) as the Interior Gateway Protocol (IGP). PBR connects to multiple Internet service
providers (ISPs) via the Border Gateway Protocol (BGP). Various types of
traffic are sent and received from the two ISPs, including web browsing,
email, and a variety of remote accounting and engineering applications.
The first step will be to secure access to Ale, PBR, and
Bock so that only authorized users have
access to each router.
Figure 6-2. Network topology
User Authentication
There are two types of users on a Juniper Networks router—a
nonroot user and a root user, both of which must be secured. Recall that
user root is the only user who is predefined by default, accessible only
via the console port without any default password. You must set a root
password before the router will allow you to commit the configuration.
To set up a root password, issue to the user the root-authentication keyword under the [edit system] level:
lab@Bock#set system root-authentication ? Possible completions: + apply-groups Groups from which to inherit configuration data + apply-groups-except Don't inherit configuration data from these groups encrypted-password Encrypted password string load-key-file File (URL) containing one or ...Get JUNOS Enterprise Routing now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
