Académique Documents
Professionnel Documents
Culture Documents
DELETE SECURITY
Set security forwarding-options family mpls mode packet-based (Si no se tiene
pines)
commit (Guardar)
configure private
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%SECURE%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
%
set security policies from-zone trust to-zone trust policy any match source-address
any
set security policies from-zone trust to-zone trust policy any match destination-
address any
set security policies from-zone trust to-zone trust policy any match application
any
set security policies from-zone trust to-zone trust policy any then permit
set security zones security-zone trust interfaces ge-0/0/0.0
set security zones security-zone trust interfaces ge-0/0/0.1
set security zones security-zone trust interfaces irb.0
set security zones security-zone trust interfaces lo0.0
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%BANNER%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
set system login announcement "\n
!*EEEEEEEEEEEEEEEEEEEEE: ***************************\n
TEEEEEEEEEEEEEEEEEEEEEEEEEEEE * UNIDAD DE SERVICIOS *\n
.EEEEEEEEETEEEEEE :!++: * PENITENCIARIOS Y *\n
ET!. EEEEE! * CARCELARIOS SPC *\n
EEEEEE +EEEET * Barrio las Mercede *\n
*TEEEEEEE! :EEEEE. EEEEE. * T�QUERRES *\n
!EEEEEEEEEEEEE: EEEEE+ EEEEE* ***************************\n
TEEEEE .TEEEE+ +EEEEE :EEEEE * *\n
*EEEEE :EEEEE! EEEEEE! *EEEEE! .TEEEE: * El acceso a este equipo *\n
EEEEE. .EEEEEE: .EEEEE: EEEEE! +EEEEEEEE+ * es solo para personal *\n
EEEEEEEEEEEEEEE: EEEEET TEEEEEEEEEEEEEEEEE* * autorizado de ETB. *\n
EEEEE++++!. TEEEEE :EEEEEEE* EEEEEE! * *\n
EEEEE EEEEE+ EEEEEE+ .EEEEET * Toda actividad sera *\n
EEEEEE: .!TE+ EEEEEE *EEEEE. EEEEEE * monitoreada y almacenada*\n
*EEEEEEEEEEEEEE .EEEEE: EEEEE! *EEEEE! * y podra ser utilizada *\n
!EEEEEEEEE+: !EEEEET TEEEET EEEEEE: * legalmente. *\n
EEEEE* .TEEEEE! .TEEEEEET * *\n
+*+** EEEEEEEEEEEEE+ * *\n
.TEEEEEE+. * *\n
!Atencion: *******************************************************************\n
Usted esta a punto de utilizar un recursos tecnologico de ETB para
USPEC_TUQ_BARRMERC_D,\n
no ingrese si no esta autorizado. Recuerde que su clave de acceso es personal e\n
intransferible. La divulgacion de la clave puede afectar la seguridad de nuestra
red.\n
En caso de sospecha de divulgacion de su clave proceda a cambiarla de inmediato.\n
******************************************************************************\n"
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
comandos de verificacion
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
etb@ORGAN_SERASES_BAR_K54C72# run show interfaces terse
etb@ORGAN_SERASES_BAR_K54C72# Interface Admin Link Proto Local
admin@GOBER_TOLIMA_LIB_C2K2_I#
************************************************
enr
admin@GOBER_TOLIMA_LIB_C2K2_I# run show interfaces ge-0/0/0 --> trafico
Physical interface: ge-0/0/0, Enabled, Physical link is Up
GOBER_TOLIMA_LIB_C2K2_I# show | compare
GOBER_TOLIMA_ESP_BVILLACA> show system uptime
GOBER_TOLIMA_LIB_C2K2_I> show version
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
PLATINO
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
set interfaces ge-0/0/0 unit 0 family inet sampling input
set interfaces ge-0/0/0 unit 0 family inet sampling output
set interfaces ge-0/0/0 unit 0 family inet addres X.X.X.X/XX
set forwarding-options sampling input rate 100 (Tiempo)
set forwarding-options sampling family inet output flow-server 10.243.16.81 port
3552
set forwarding-options sampling family inet output flow-server 10.243.16.81 version
5
set forwarding-options sampling family inet output inline-jflow source-address
10.171.232.20 -->LOOBACK
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
TAGEAR UN PUERTO
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
set interfaces ge-0/0/1 vlan-tagging
set interfaces ge-0/0/1 unit 0 vlan-id 201
set interfaces ge-0/0/1 unit 0 family inet mtu 1500
set interfaces ge-0/0/1 unit 0 family inet address 10.189.105.142/30
SE BORRAR
VRRP BACKUP
*********************************************************
**********
TRONCAL
**********
set interfaces irb unit 109 family inet sampling input
set interfaces irb unit 109 family inet sampling output
**********
acceso
**********
set interfaces ge-0/0/0 unit 0 family inet sampling input
set interfaces ge-0/0/0 unit 0 family inet sampling output
*************************************
verificacion snmp
*************************************
etb@USPEC_POP_K3C4_D> show snmp statistics
SNMP statistics:
Input:
Packets: 21870, Bad versions: 0, Bad community names: 11865,
Bad community uses: 0, ASN parse errors: 0,
Too bigs: 0, No such names: 0, Bad values: 0,
Read onlys: 0, General errors: 0,
Total request varbinds: 24893, Total set varbinds: 0,
Get requests: 4550, Get nexts: 5455, Set requests: 0,
Get responses: 0, Traps: 0,
Silent drops: 0, Proxy drops: 0, Commit pending drops: 0,
Throttle drops: 0, Duplicate request drops: 0
V3 Input:
Unknown security models: 0, Invalid messages: 0
Unknown pdu handlers: 0, Unavailable contexts: 0
Unknown contexts: 0, Unsupported security levels: 0
Not in time windows: 0, Unknown user names: 0
Unknown engine ids: 0, Wrong digests: 0, Decryption errors: 0
*************************************
TRONCAL
*************************************
delete interfaces ge-0/0/0
delete security
*************************************
GESTION
*************************************
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
NTP PARA CENTREX JUNOS
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
RUTAS
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
**************************************
etb@PMSLEGU_GUA_HAC_ESP_LAUNI_D> show snmp statistics
SNMP statistics:
Input:
Packets: 26328, Bad versions: 0, Bad community names: 99,
Bad community uses: 0, ASN parse errors: 0,
Too bigs: 0, No such names: 0, Bad values: 0,
Read onlys: 0, General errors: 0,
Total request varbinds: 52738, Total set varbinds: 0,
Get requests: 10236, Get nexts: 15993, Set requests: 0,
***********************************************************
set interfaces ge-0/0/1 unit 0 family ethernet-switching vlan members vlan-2
set interfaces ge-0/0/2 unit 0 family ethernet-switching vlan members vlan-2
set interfaces ge-0/0/3 unit 0 family ethernet-switching vlan members vlan-trust
set interfaces ge-0/0/4 unit 0 family ethernet-switching vlan members vlan-2
set interfaces ge-0/0/5 unit 0 family ethernet-switching vlan members vlan-2
*****************
multicast
*****************
set interfaces ge-0/0/0 per-unit-scheduler
set interfaces irb per-unit-scheduler
set protocols pim interface all mode sparse
set protocols pim interface all version 2
*****************
CONTROL DE ACCESO
*****************
set interfaces lo0 unit 0 family inet filter input local_acl
set interfaces lo0 unit 0 family inet address 127.0.0.1/32
set firewall family inet filter local_acl term terminal_access from source-address
10.248.225.249/32 WAN CONFIGURADA EN MPLS GESTION
set firewall family inet filter local_acl term terminal_access from source-address
10.248.225.245/32 WAN CONFIGURADA EN MPLS INTERNET
set firewall family inet filter local_acl term terminal_access from source-address
192.168.100.3/32 WAN PREDETERMINADA , ESTA NO SE BORRA
set firewall family inet filter local_acl term terminal_access from protocol tcp
set firewall family inet filter local_acl term terminal_access from port ssh
set firewall family inet filter local_acl term terminal_access from port telnet
set firewall family inet filter local_acl term terminal_access then accept
set firewall family inet filter local_acl term terminal_access_denied from protocol
tcp
set firewall family inet filter local_acl term terminal_access_denied from port ssh
set firewall family inet filter local_acl term terminal_access_denied from port
telnet
set firewall family inet filter local_acl term terminal_access_denied then log
set firewall family inet filter local_acl term terminal_access_denied then reject
set firewall family inet filter local_acl term default-term then accept
***********************************************************************************
********************************************************
RADIUS
***********************************************************************************
********************************************************
set routing-options static route 192.168.100.3/32 next-hop 10.254.113.245
set routing-options static route 192.168.173.4/32 next-hop 10.254.113.245
QUITAR RADIUS
[edit]
crisestc@UNIVE_MINDIOS_BCB_K24C47_I# delete system authentication-order radius
[edit]
crisestc@UNIVE_MINDIOS_BCB_K24C47_I# delete system login user remote uid 9999
[edit]
crisestc@UNIVE_MINDIOS_BCB_K24C47_I# delete system login user remote class super-
user
[edit]
crisestc@UNIVE_MINDIOS_BCB_K24C47_I# commit check
configuration check succeeds
[edit]
crisestc@UNIVE_MINDIOS_BCB_K24C47_I# commit confirmed
commit confirmed will be automatically rolled back in 10 minutes unless confirmed
commit complete