[그린IDC]netscreen 204 설정

login: root
password:
 ### Login failed
login: root
password:
 ### Login failed
login: 0098042006000024
password:
!!! Lost Password Reset !!! You have initiated a command to reset the device to factory defaults, clearing all current configuration and settings. Would you like to continue?  y/[n] y

!! Reconfirm Lost Password Reset !! If you continue, the entire configuration of the device will be erased. In addition, a permanent counter will be incremented to signify that this device has been reset. This is your last chance to cancel this command. If you proceed, the device will return to factory default configuration, which is: System IP: 192.168.1.1; username: netscreen, password: netscreen. Would you like to continue?  y/[n] y
In reset ...

NetScreen NS-200 Boot Loader Version 3.0.0 (Checksum: B48FB1B8)
Copyright (c) 1997-2003 NetScreen Technologies, Inc.

Total physical memory: 128MB
    Test - Pass
    Initialization - Done

Model Number: NS-204

Hit any key to run loader
Hit any key to run loader
Hit any key to run loader
Hit any key to run loader

Loading default system image from on-board flash disk...

Ignore image authentication!

 Start loading...
....................................................................
Done.

 

Juniper Networks, Inc
NS-200 System Software
Copyright, 1997-2004

Version 5.0.0r10.0
Init Heap (1556010/50a9bf0,32, 00000000/00000000)
GT64120 revision id: 0x12
Load NVRAM Information ... (5.0)Done
GT64120 revision id: 0x12
Memory Test: b7800000,40000 ....... Done
Install module init vectors
Verify ACL register default value (at hw reset) ... Done
Verify ACL register read/write ... Done
Verify ACL rule read/write ... Done
Verify ACL rule search ... Done
MD5("a") = 0cc175b9 c0f1b6a8 31c399e2 69772661
MD5("abc") = 90015098 3cd24fb0 d6963f7d 28e17f72
MD5("message digest") = f96b697d 7cb7938d 525a2f31 aaf161d0
Verify DES register read/write ... Done
Install modules (006e2000,01141fe4) ...
Initializing DI 1.1.0-ns
load dns table : dns table file do not exist.
*********************************************************
System time: 18 Jan 2007 15:09:54
If this is the initial device startup,
use the "set clock" command to set the system clock.
*********************************************************
system init done..
login: System change state to Active(1)

login:
login:
login: netscreen
password:
ns204->
ns204-> get  config
Total Config size 1738:
set clock timezone 0
set vrouter trust-vr sharable
unset vrouter "trust-vr" auto-route-export
set auth-server "Local" id 0
set auth-server "Local" server-name "Local"
set auth default auth server "Local"
set admin name "netscreen"
set admin password "nKVUM2rwMUzPcrkG5sWIHdCtqkAibn"
set admin auth timeout 10
set admin auth server "Local"
set admin format dos
set zone "Trust" vrouter "trust-vr"
set zone "Untrust" vrouter "trust-vr"
set zone "DMZ" vrouter "trust-vr"
set zone "VLAN" vrouter "trust-vr"
set zone "Trust" tcp-rst
set zone "Untrust" block
unset zone "Untrust" tcp-rst
set zone "MGT" block
set zone "DMZ" tcp-rst
set zone "VLAN" block
--- more ---
set zone "VLAN" tcp-rst
set zone "Untrust" screen tear-drop
set zone "Untrust" screen syn-flood
set zone "Untrust" screen ping-death
set zone "Untrust" screen ip-filter-src
set zone "Untrust" screen land
set zone "V1-Untrust" screen tear-drop
set zone "V1-Untrust" screen syn-flood
set zone "V1-Untrust" screen ping-death
set zone "V1-Untrust" screen ip-filter-src
set zone "V1-Untrust" screen land
set interface "ethernet1" zone "Trust"
set interface "ethernet2" zone "DMZ"
set interface "ethernet3" zone "Untrust"
unset interface vlan1 ip
set interface ethernet1 ip 192.168.1.1/24
set interface ethernet1 nat
unset interface vlan1 bypass-others-ipsec
unset interface vlan1 bypass-non-ip
set interface ethernet1 ip manageable
set hostname ns204
set ike respond-bad-spi 1
--- more ---
set pki authority default scep mode "auto"
set pki x509 default cert-path partial
set ssh version v2
set config lock timeout 5
set snmp port listen 161
set snmp port trap 162
set vrouter "untrust-vr"
exit
set vrouter "trust-vr"
unset add-default-route
exit
ns204-> 
ns204->
ns204->
ns204-> get int

A - Active, I - Inactive, U - Up, D - Down, R - Ready

Interfaces in vsys Root:
Name           IP Address         Zone        MAC            VLAN State VSD     
eth1           192.168.1.1/24     Trust       0014.f641.f350    -   D   - 
eth2           0.0.0.0/0          DMZ         0014.f641.f355    -   D   - 
eth3           0.0.0.0/0          Untrust     0014.f641.f356    -   D   - 
eth4           0.0.0.0/0          HA          0014.f641.f357    -   D   - 
vlan1          0.0.0.0/0          VLAN        0014.f641.f35f    1   D   - 
ns204-> get int
ns204-> get interface

A - Active, I - Inactive, U - Up, D - Down, R - Ready

Interfaces in vsys Root:
Name           IP Address         Zone        MAC            VLAN State VSD     
eth1           192.168.1.1/24     Trust       0014.f641.f350    -   D   - 
eth2           0.0.0.0/0          DMZ         0014.f641.f355    -   D   - 
eth3           0.0.0.0/0          Untrust     0014.f641.f356    -   D   - 
eth4           0.0.0.0/0          HA          0014.f641.f357    -   D   - 
vlan1          0.0.0.0/0          VLAN        0014.f641.f35f    1   D   - 
ns204->
ns204->
ns204-> get sys
sys_clock            show sys clock info
syslog               show syslog information
system               show system info
ns204-> get syst
ns204-> get system
Product Name: NS204
Serial Number: 0098042006000024, Control Number: 00000000
Hardware Version: 0110(0)-(12), FPGA checksum: 00000000, VLAN1 IP (0.0.0.0)
Software Version: 5.0.0r10.0, Type: Firewall+VPN
Base Mac: 0014.f641.f350
File Name: ns200.5.0.0r10.0, Checksum: 43b877ac

Date 01/18/2007 15:28:44, Daylight Saving Time enabled
The Network Time Protocol is Disabled
Up 0 hours 18 minutes 53 seconds Since 18 Jan 2007 15:09:51
Total Device Resets: 1, Last Device Reset at: 01/18/2007 15:09:06

System in NAT/route mode.

Use interface IP, Config Port: 80
User Name: netscreen

Interface ethernet1:
  number 0, if_info 0, if_index 0, mode nat
  link down, phy-link down
  vsys Root, zone Trust, vr trust-vr
--- more ---
  dhcp client disabled
  PPPoE disabled
  *ip 192.168.1.1/24   mac 0014.f641.f350
  *manage ip 192.168.1.1, mac 0014.f641.f350
  route-deny disable
Interface ethernet2:
  number 5, if_info 10280, if_index 0, mode nat
  link down, phy-link down
  vsys Root, zone DMZ, vr trust-vr
  dhcp client disabled
  PPPoE disabled
  *ip 0.0.0.0/0   mac 0014.f641.f355
  *manage ip 0.0.0.0, mac 0014.f641.f355
Interface ethernet3:
  number 6, if_info 12336, if_index 0, mode route
  link down, phy-link down
  vsys Root, zone Untrust, vr trust-vr
  dhcp client disabled
  PPPoE disabled
  *ip 0.0.0.0/0   mac 0014.f641.f356
  *manage ip 0.0.0.0, mac 0014.f641.f356
Interface ethernet4:
--- more ---
  number 7, if_info 14392, if_index 0, mode nat
  link down, phy-link down
  vsys Root, zone HA, vr trust-vr
  *ip 0.0.0.0/0   mac 0014.f641.f357
ns204->
ns204->
ns204-> get int

A - Active, I - Inactive, U - Up, D - Down, R - Ready

Interfaces in vsys Root:
Name           IP Address         Zone        MAC            VLAN State VSD     
eth1           192.168.1.1/24     Trust       0014.f641.f350    -   D   - 
eth2           0.0.0.0/0          DMZ         0014.f641.f355    -   D   - 
eth3           0.0.0.0/0          Untrust     0014.f641.f356    -   D   - 
eth4           0.0.0.0/0          HA          0014.f641.f357    -   D   - 
vlan1          0.0.0.0/0          VLAN        0014.f641.f35f    1   D   - 
ns204-> unset int eth1 ip
ns204->
ns204-> sa
Save System Configuration  ...
Done
ns204-> get int

A - Active, I - Inactive, U - Up, D - Down, R - Ready

Interfaces in vsys Root:
Name           IP Address         Zone        MAC            VLAN State VSD     
eth1           0.0.0.0/0          Trust       0014.f641.f350    -   D   - 
eth2           0.0.0.0/0          DMZ         0014.f641.f355    -   D   - 
eth3           0.0.0.0/0          Untrust     0014.f641.f356    -   D   - 
eth4           0.0.0.0/0          HA          0014.f641.f357    -   D   - 
vlan1          0.0.0.0/0          VLAN        0014.f641.f35f    1   D   - 
ns204-> set int eth1 zone v1-trust
ns204-> set int eth2 zone v1-dmz
ns204-> set int eth3 zone v1-untrust
Changed to pure l2 mode
ns204->
ns204-> get sys
Product Name: NS204
Serial Number: 0098042006000024, Control Number: 00000000
Hardware Version: 0110(0)-(12), FPGA checksum: 00000000, VLAN1 IP (0.0.0.0)
Software Version: 5.0.0r10.0, Type: Firewall+VPN
Base Mac: 0014.f641.f350
File Name: ns200.5.0.0r10.0, Checksum: 43b877ac

Date 01/18/2007 15:31:17, Daylight Saving Time enabled
The Network Time Protocol is Disabled
Up 0 hours 21 minutes 26 seconds Since 18 Jan 2007 15:09:51
Total Device Resets: 1, Last Device Reset at: 01/18/2007 15:09:06

System in transparent mode.

Use interface IP, Config Port: 80
User Name: netscreen

Interface ethernet1:
  number 0, if_info 0, if_index 0, mode xparent, port vlan 1
  link down, phy-link down
  vsys Root, zone V1-Trust, vr trust-vr
--- more ---
  *ip 0.0.0.0/0   mac 0014.f641.f350
Interface ethernet2:
  number 5, if_info 10280, if_index 0, mode xparent, port vlan 1
  link down, phy-link down
  vsys Root, zone V1-DMZ, vr trust-vr
  *ip 0.0.0.0/0   mac 0014.f641.f355
Interface ethernet3:
  number 6, if_info 12336, if_index 0, mode xparent, port vlan 1
  link down, phy-link down
  vsys Root, zone V1-Untrust, vr trust-vr
  *ip 0.0.0.0/0   mac 0014.f641.f356
Interface ethernet4:
  number 7, if_info 14392, if_index 0, mode nat
  link down, phy-link down
  vsys Root, zone HA, vr trust-vr
  *ip 0.0.0.0/0   mac 0014.f641.f357
ns204->  ^
ns204->
ns204->
ns204->
ns204-> get int     

A - Active, I - Inactive, U - Up, D - Down, R - Ready

Interfaces in vsys Root:
Name           IP Address         Zone        MAC            VLAN State VSD     
eth1           0.0.0.0/0          V1-Trust    0014.f641.f350    -   D   - 
eth2           0.0.0.0/0          V1-DMZ      0014.f641.f355    -   D   - 
eth3           0.0.0.0/0          V1-Untrust  0014.f641.f356    -   D   - 
eth4           0.0.0.0/0          HA          0014.f641.f357    -   D   - 
vlan1          0.0.0.0/0          VLAN        0014.f641.f35f    1   D   - 
ns204-> set int vlan1 ip 221.143.43.57 255.255.255.224  
ns204->
ns204-> sa
Save System Configuration  ...
Done
ns204-> set route int vlan1 ?
                  ^------unknown keyword int
ns204-> set route 0.0.0.0/0 int vlan1 gateway 221.143.43.33
ns204->
ns204-> sa
Save System Configuration  ...
Done
ns204->
ns204-> ping 221.143.43.33
Type escape sequence to abort

Sending 5, 100-byte ICMP Echos to 221.143.43.33, timeout is 1 seconds
ip 221.143.43.33 is unreachable in vr trust-vr

Success Rate is 0 percent.
ns204-> ethernet3 interface change state to Up

ns204->
ns204-> ping 221.143.43.33
Type escape sequence to abort

Sending 5, 100-byte ICMP Echos to 221.143.43.33, timeout is 1 seconds
!!!!!
Success Rate is 100 percent (5/5), round-trip time min/avg/max=1/4/16 ms
ns204->
ns204->
ns204-> get config | in manage
set interface vlan1 ip manageable
ns204->
ns204->
ns204-> set int eth3 manage ping
ns204-> set int eth3 manage web
ns204-> set int eth3 manage telnet
ns204-> sa
Save System Configuration  ...
Done
ns204-> set int vlan1 manage ping
ns204-> set int vlan1 man
manage               interface manageability
manage-ip            interface management ip address
ns204-> ping 221.143.43.33       
Type escape sequence to abort

Sending 5, 100-byte ICMP Echos to 221.143.43.33, timeout is 1 seconds
!!!!!
Success Rate is 100 percent (5/5), round-trip time min/avg/max=2/2/2 ms
ns204-> ping 221.143.43.48
Type escape sequence to abort

Sending 5, 100-byte ICMP Echos to 221.143.43.48, timeout is 1 seconds
!!!!!
Success Rate is 100 percent (5/5), round-trip time min/avg/max=1/1/3 ms
ns204-> tra
ns204-> trace-route 221.143.43.48
Type escape sequence to escape

Send ICMP echos to 221.143.43.48, timeout is 2 seconds,  maximum hops are 32
1       1ms     2ms     1ms     221.143.43.48
Trace complete
ns204->
ns204->
ns204-> get int

A - Active, I - Inactive, U - Up, D - Down, R - Ready

Interfaces in vsys Root:
Name           IP Address         Zone        MAC            VLAN State VSD     
eth1           0.0.0.0/0          V1-Trust    0014.f641.f350    -   D   - 
eth2           0.0.0.0/0          V1-DMZ      0014.f641.f355    -   D   - 
eth3           0.0.0.0/0          V1-Untrust  0014.f641.f356    -   U   - 
eth4           0.0.0.0/0          HA          0014.f641.f357    -   D   - 
vlan1          221.143.43.57/27   VLAN        0014.f641.f35f    1   U   - 
ns204-> ping 168.126.63.1
Type escape sequence to abort

Sending 5, 100-byte ICMP Echos to 168.126.63.1, timeout is 1 seconds
!!!!!
Success Rate is 100 percent (5/5), round-trip time min/avg/max=3/3/3 ms
ns204-> set int v1-untrust manage ping
ns204-> set int v1-untrust manage web
ns204-> ethernet3 interface change state to Down
ethernet3 interface change state to Up

ns204->
ns204-> set int v1-untrust manage telnet
ns204-> sa
Save System Configuration  ...
Done
ns204-> set pol from v1-untrust to v1-trust any any any permit log
policy id = 1
ns204-> set pol from v1-trust to v1-untrust any any any permit log
policy id = 2
ns204-> sa
Save System Configuration  ...
Done
ns204->
ns204-> get int

A - Active, I - Inactive, U - Up, D - Down, R - Ready

Interfaces in vsys Root:
Name           IP Address         Zone        MAC            VLAN State VSD     
eth1           0.0.0.0/0          V1-Trust    0014.f641.f350    -   D   - 
eth2           0.0.0.0/0          V1-DMZ      0014.f641.f355    -   D   - 
eth3           0.0.0.0/0          V1-Untrust  0014.f641.f356    -   U   - 
eth4           0.0.0.0/0          HA          0014.f641.f357    -   D   - 
vlan1          221.143.43.57/27   VLAN        0014.f641.f35f    1   U   - 
ns204-> Save System Configuration  ...
Done
Save System Configuration  ...
Done
Save System Configuration  ...
Done
Save System Configuration  ...
Done
Save System Configuration  ...
Done
ns204-> exit
login:

이호스트데이터센터(http://www.greenidc.co.kr)
by .신