*****************

COMANDOS JUNIPER
*****************

* COMANDOS IMPORANTES

- permite el paso de paquetes (APLICAR SIEMPRE SOBRE TODAS LAS INTERFACES QUE SE
USEN DEL ROUTER)

set security zones security-zone trust interfaces ge-0/0/0.0 host-inbound-traffic

protocols all ---> se pones interfaz WAN
set security zones security-zone trust interfaces irb.0 host-inbound-traffic
protocols all ---> se pones interfaz LAN

- Habilitar todos los servicios y protocolos de entrada, se requiere reinicio y es

necesario para poder gestionar el equipo

set security zones security-zone trust host-inbound-traffic system-services all

set security zones security-zone trust host-inbound-traffic protocols all

- Habilitar la pol�tica est�ndar para el tr�fico sobre el equipo

Primero se debe borrar la linea:

delete security forwarding-options family mpls mode packet-based

Luego se ponen todas las lineas antes de darle commit check

set security policies from-zone trust to-zone trust policy any match source-address
any
set security policies from-zone trust to-zone trust policy any match destination-
address any
set security policies from-zone trust to-zone trust policy any match application
any
set security policies from-zone trust to-zone trust policy any then permit

===================================================================================
=======
* PASAR A MODO DE CONFIGURACION

etb@GONZALO_JIMENEZ_QUESADA_PPAL> configure private

warning: uncommitted changes will be discarded on exit
Entering configuration mode
Users currently editing the configuration:
etb terminal p0 (pid 1836) on since 2018-01-19 16:12:05 UTC, idle 00:10:26
private [edit]

[edit]
etb@GONZALO_JIMENEZ_QUESADA_PPAL#
===================================================================================
=======

* CREAE USUARIO Y CONTRASE�A (etb oo7mundo)

set system login user etb uid 2000

set system login user etb class super-user
set system login user etb authentication encrypted-password
"$5$WI.fLwV2$MeEYewV4O3DQBS9aSXvDRvw9f6PX4gEBHHNoU5r0Gt2"
===================================================================================
=======

*POLITICA DE TRAFICO (Cambiar nombre 1 BW)

set firewall policer 2MB if-exceeding bandwidth-limit 2m

set firewall policer 2MB if-exceeding burst-size-limit 625k
set firewall policer 2MB then discard

set interfaces ge-0/0/0 unit 0 family inet policer input 2MB output 2MB ---> Se
aplica en la WAN

===================================================================================
=======

* HCAER ROLBACK

#rollback (enter)

luego se le da commit check y no debe mostrar errores

===================================================================================
=======

* REINICIAR EQUIPO

run request system reboot ---> en modo configuracion

===================================================================================
=======

* SATURAR DESDE EL MISMO ROUTER (sew ajusta el peso segun canal 20000)

ping (lan de mi canal) sourse (wan router) size 50000 rapid count 1000

===================================================================================
========
* DESCRIPCION DE LAS INTERFACES

set interfaces ge-0/0/0 unit 0 description CONEXION_WAN

set interfaces irb unit 0 description CONEXION_LAN

===================================================================================
=======

* VER CONFIGURACION DEL ROUTER

etb@GONZALO_JIMENEZ_QUESADA_PPAL> show configuration | display set

===================================================================================
========
* VER ASIGNACION POR DHCP

etb@GONZALO_JIMENEZ_QUESADA_PPAL> show dhcp server binding

etb@GONZALO_JIMENEZ_QUESADA_PPAL# run show dhcp server binding

IP address Session Id Hardware address Expires State Interface
192.168.1.2 1 18:67:b0:b0:60:87 2418582 BOUND ge-0/0/1.0
192.168.1.3 2 54:b8:0a:10:84:11 2418694 BOUND ge-0/0/1.0

[edit]
etb@GONZALO_JIMENEZ_QUESADA_PPAL#
===================================================================================
========

* VER LAS TRASLACIONES NAT

etb@NICANOR_VELASQUEZ_AMB_K5C16# run show security flow session nat

===================================================================================
========

* VER LAS INTERFACES DEL ROUTER

etb@GONZALO_JIMENEZ_QUESADA_PPAL> show interfaces terse

L# run show interfaces terse

===================================================================================
=========

* VER APRENDIZAJE DE MAC

etb@GONZALO_JIMENEZ_QUESADA_PPAL> show arp

===================================================================================
=========

* VER SERIAL DEL EQUIPO

etb@GOBER_TOLIMA_SUA_C3K5> show chassis hardware

===================================================================================
==========

* NAT CHASIS

set security nat source rule-set nat-chasis from routing-instance default

set security nat source rule-set nat-chasis to interface ge-0/0/0.0
set security nat source rule-set nat-chasis rule self-traf match source-address
192.168.1.1/24
set security nat source rule-set nat-chasis rule self-traf match destination-
address 0.0.0.0/0
set security nat source rule-set nat-chasis rule self-traf then source-nat pool
NAVEGACION

===================================================================================
==========

* NAT
set security nat source pool NAVEGACION address 200.119.125.85/32 to
200.119.125.86/32
set security nat source rule-set interface from interface irb.0
set security nat source rule-set interface to interface ge-0/0/0.0
set security nat source rule-set interface rule 1 match source-address
192.168.1.1/24
set security nat source rule-set interface rule 1 match destination-address
0.0.0.0/0
set security nat source rule-set interface rule 1 then source-nat pool NAVEGACION

===================================================================================
==========

* DHCP

set system services dhcp-local-server group SISA interface irb.0

set access address-assignment pool SISA family inet network 192.168.31.0/27
set access address-assignment pool SISA family inet range junosRange low
192.168.31.2
set access address-assignment pool SISA family inet range junosRange high
192.168.31.19
set access address-assignment pool SISA family inet dhcp-attributes maximum-lease-
time 2419200
set access address-assignment pool SISA family inet dhcp-attributes name-server
200.75.51.132
set access address-assignment pool SISA family inet dhcp-attributes name-server
200.75.51.133
set access address-assignment pool SISA family inet dhcp-attributes router
192.168.31.1

===================================================================================
==========

* CONFIGURACION CON NAT Y DHCP

etb@GONZALO_JIMENEZ_QUESADA_PPAL> show configuration | display set

set version 15.1X49-D70.3
set system host-name GONZALO_JIMENEZ_QUESADA_PPAL
set system root-authentication encrypted-password
"$5$.R1T0hp4$64IvQ65.P9k46s75OovJ4uikGi4cjhmJNFS4qu5L0A0"
set system login announcement "\n !*EEEEEEEEEEEEEEEEEEEEE:
***************************\n TEEEEEEEEEEEEEEEEEEEEEEEEEEEE *
*\n .EEEEEEEEETEEEEEE :!++: * GOBERNACION DEL TOLIMA *\n
ET!. EEEEE! * *\n
EEEEEE +EEEET * CL 3 2 09 *\n *TEEEEEEE!
:EEEEE. EEEEE. * *\n !EEEEEEEEEEEEE:
EEEEE+ EEEEE* ***************************\n TEEEEE .TEEEE+
+EEEEE :EEEEE * *\n *EEEEE :EEEEE!
EEEEEE! *EEEEE! .TEEEE: * El acceso a este equipo *\n EEEEE. .EEEEEE:
.EEEEE: EEEEE! +EEEEEEEE+ * es solo para personal *\nEEEEEEEEEEEEEEE:
EEEEET TEEEEEEEEEEEEEEEEE* * autorizado de ETB. *\nEEEEE++++!.
TEEEEE :EEEEEEE* EEEEEE! * *\nEEEEE
EEEEE+ EEEE+ .EEEEET * Toda actividad sera *\nEEEEEE: .!TE+ EEEEEE
*EEEEE. EEEEEE * monitoreada y almacenada*\n*EEEEEEEEEEEEEE .EEEEE:
EEEEE! *EEEEE! * y podra ser utilizada *\n !EEEEEEEEE+: !EEEEET
TEEEET EEEEEE: * legalmente. *\n EEEEE*
.TEEEEE! .TEEEEEET * *\n +*+**
EEEEEEEEEEEEE+ * *\n
.TEEEEEE+. * *\n!Atencion:
*******************************************************************\nUsted esta a
punto de utilizar un recursos tecnologico de ETB para
GONZALO_JIMENEZ_QUESADA_PPAL,\nno ingrese si no esta autorizado. Recuerde que su
clave de acceso es personal e intransferible.\nLa divulgacion de la clave puede
afectar la seguridad de nuestra red.\nEn caso de sospecha de divulgacion de su
clave proceda a cambiarla de
inmediato.\n***********************************************************************
*******\n"
set system login user etb uid 2000
set system login user etb class super-user
set system login user etb authentication encrypted-password
"$5$WI.fLwV2$MeEYewV4O3DQBS9aSXvDRvw9f6PX4gEBHHNoU5r0Gt2"
set system services ssh
set system services xnm-clear-text
set system services netconf ssh
set system services dhcp-local-server group junosDHCPPool interface ge-0/0/1.0
set system services web-management https system-generated-certificate
set system syslog archive size 100k
set system syslog archive files 3
set system syslog user * any emergency
set system syslog file messages any notice
set system syslog file messages authorization info
set system syslog file interactive-commands interactive-commands any
set system max-configurations-on-flash 5
set system max-configuration-rollbacks 5
set system license autoupdate url https://ae1.juniper.net/junos/key_retrieval
set security nat source pool NAVEGACION address 190.26.59.221/32 to
190.26.59.222/32
set security nat source rule-set interface from interface ge-0/0/1.0
set security nat source rule-set interface to interface ge-0/0/0.0
set security nat source rule-set interface rule 1 match source-address
192.168.1.1/24
set security nat source rule-set interface rule 1 match destination-address
0.0.0.0/0
set security nat source rule-set interface rule 1 then source-nat pool NAVEGACION
set security policies from-zone trust to-zone trust policy trust-to-trust match
source-address any
set security policies from-zone trust to-zone trust policy trust-to-trust match
destination-address any
set security policies from-zone trust to-zone trust policy trust-to-trust match
application any
set security policies from-zone trust to-zone trust policy trust-to-trust then
permit
set security zones security-zone trust host-inbound-traffic system-services all
set security zones security-zone trust host-inbound-traffic protocols all
set security zones security-zone trust interfaces ge-0/0/0.0 host-inbound-traffic
protocols all
set security zones security-zone trust interfaces ge-0/0/1.0 host-inbound-traffic
protocols all
set interfaces ge-0/0/0 description CONEXION_WAN
set interfaces ge-0/0/0 unit 0 family inet policer input 10MB
set interfaces ge-0/0/0 unit 0 family inet policer output 10MB
set interfaces ge-0/0/0 unit 0 family inet address 10.195.34.134/30
set interfaces ge-0/0/1 unit 0 description CONEXION_LAN
set interfaces ge-0/0/1 unit 0 family inet address 192.168.1.1/24
set interfaces ge-0/0/2 unit 0 family ethernet-switching vlan members vlan-trust
set interfaces ge-0/0/3 unit 0 family ethernet-switching vlan members vlan-trust
set interfaces ge-0/0/4 unit 0 family ethernet-switching vlan members vlan-trust
set interfaces ge-0/0/5 unit 0 family ethernet-switching vlan members vlan-trust
set interfaces ge-0/0/6 unit 0 family ethernet-switching vlan members vlan-trust
set interfaces ge-0/0/7 unit 0 family ethernet-switching vlan members vlan-trust
set interfaces irb unit 0 family inet
set routing-options static route 0.0.0.0/0 next-hop 10.195.34.133
set protocols l2-learning global-mode switching
set firewall policer 10MB if-exceeding bandwidth-limit 10m
set firewall policer 10MB if-exceeding burst-size-limit 625k
set firewall policer 10MB then discard
set access address-assignment pool junosDHCPPool family inet network 192.168.1.0/24
set access address-assignment pool junosDHCPPool family inet range junosRange low
192.168.1.2
set access address-assignment pool junosDHCPPool family inet range junosRange high
192.168.1.254
set access address-assignment pool junosDHCPPool family inet dhcp-attributes
maximum-lease-time 2419200
set access address-assignment pool junosDHCPPool family inet dhcp-attributes name-
server 200.75.51.132
set access address-assignment pool junosDHCPPool family inet dhcp-attributes name-
server 200.75.51.133
set access address-assignment pool junosDHCPPool family inet dhcp-attributes router
192.168.1.1
set vlans vlan-trust vlan-id 3
set vlans vlan-trust l3-interface irb.0

etb@GONZALO_JIMENEZ_QUESADA_PPAL>