Labs

 View Only
last person joined: yesterday 

Discover how to get the most of Juniper labs and share what you've built.

  • 1.  SSH connection

    Posted 11-14-2022 12:50
    Hi, I have a question, I'm starting to work with Juniper and I'm having trouble SSH connection to the device. I am using 2 vSRX running on GNS3 and have created a network Host -> Switch-> Firewall I changed the operating mode of the device: set security forwarding-options family mpls mode packet-based and rebooted the device. Devices are able to ping from host, however from host I can only connect via SSH to SRX (firewall) SRX(switch) stops after 60 seconds (connection timed out)

    SRX:
    system {
         host-name switch;
          root-authentication {
          encrypted-password "$6$zQ6HVWdo$rc4o.XcCI9c2sk4l/7dpCE7ylN1cZu5u4JqnWn08VAjYVFc.s7lUcc5642DTuZvvJPW9hBpabQM/Oox/ZVEjO."; ## SECRET-DATA
    }
    services {
         ssh;
         netconf {
         ssh {
              port 830;
         }
         rfc-compliant;
    }

    security {
        forwarding-options {
              family {
                    mpls {
                         mode packet-based;
                    }
             }
       }
    }
    interfaces {
          ge-0/0/0 {
                 unit 0 {
                        family ethernet-switching {
                                 interface-mode trunk;
                                        vlan {
                                                  members [ 20 99 admin pracownicy ];
                                        }
                           }
               }
          }
    ge-0/0/1 {
         unit 0 {
            family ethernet-switching {
                interface-mode access;
                vlan {
                    members admin;
                }
            }
        }
    }
        irb {
            unit 99 {
                family inet {
                    address 12.0.0.3/8;
                }
            }
        }
    }
    vlans {
        admin {
            vlan-id 99;
            l3-interface irb.99;
        }
        pracownicy {
        vlan-id 20;
        }
    }



    system {
    host-name FireWall;
    root-authentication {
    encrypted-password "$6$puKcsYUz$qLj.sIrT/vSWiUUWOifsjmhGqPtQNrX4RlBhGjpYfbusAGs5mGI5xVX2gF/FElPcBw8Y9jYIeo/bRwQ6Kiue5/"; ## SECRET-DATA
    }
    login {
    user PyNet {
    uid 2001;
    class super-user;
    authentication {
    encrypted-password "$6$peYctrmQ$souUfll57mw8IeWoMepzC5mmXMv07poeE8lxLTIrmtF/nB4VFordbead1A3yZ1zdKUWWt9.S/omxgP1grG3RE."; ## SECRET-DATA
    }
    }
    }
    services {
    ssh {
    root-login allow;
    }
    netconf {
    ssh {
    port 830;
    }
    rfc-compliant;
    }
    }
    }
    security {
    policies {
    from-zone untrust to-zone untrust {
    policy trust-to-trust {
    match {
    source-address any;
    destination-address any;
    application any;
    }
    then {
    permit;
    }
    }
    }
    }
    zones {
    security-zone untrust {
    host-inbound-traffic {
    system-services {
    all;
    }
    protocols {
    all;
    }
    }
    interfaces {
    ge-0/0/1.0;
    ge-0/0/0.99;
    }
    }
    }
    }
    interfaces {
    ge-0/0/0 {
    vlan-tagging;
    unit 99 {
    vlan-id 99;
    family inet {
    address 12.0.0.1/8;
    }
    }
    }
    ge-0/0/1 {
    unit 0 {
    family inet {
    address 10.0.1.1/8;
    }
    }
    }
    }
    vlans {
    vlan-trust {
    vlan-id 99;
    }
    }





    ------------------------------
    Mariusz Daroch
    ------------------------------