Juniper SSG5 Router Manual PDF (Setup & Configuration Guide)

Home

Manuals

Juniper

SSG5

Page 26 / 64 Scroll up to view Page 21 - 25

SSG 5 Hardware Installation and Configuration Guide

Accessing a Device

Figure 11:

WebUI Login Prompt

If you have not yet changed the default login for the admin name and

password, enter

netscreen

at both the login and password prompts. (Use

lowercase letters only. The login and password fields are both case-sensitive.)

Using Telnet

To establish a Telnet connection, perform the following steps:

Connect your workstation to the 0/2 — 0/6 port (bgroup0 interface in the Trust

zone) on the device.

Ensure that your workstation is configured for DHCP or is statically configured

with an IP address in the 192.168.1.0/24 subnet.

Start a Telnet client application to the IP address for the bgroup0 interface (the

default IP address is 192.168.1.1). For example, enter

telnet 192.168.1.1

The Telnet application displays the login prompt.

If you have not yet changed the default user name and password, enter

netscreen

at both the login and password prompts. (Use lowercase letters only.

The login and password fields are both case-sensitive.)

(Optional) By default, the console times out and terminates automatically after

10 minutes of idle time. To remove the timeout, enter

set console timeout 0

Page 27 / 64

Default Device Settings

This section describes the default settings and operation of an SSG 5 device.

Table 4 shows the default zone bindings for ports on the devices.

Table 4:

Default Physical Interface to Zone Bindings

A bridge group (bgroup) is designed to allow network users to switch between wired

and wireless traffic without having to reconfigure or reboot the device. By default,

the ethernet0/2 — ethernet0/6 interfaces, labeled as ports 0/2 — 0/6 on the device,

are grouped together as the bgroup0 interface, have the IP address 192.168.1.1/24,

and are bound to the Trust security zone. You can configure up to four bgroups.

If you want to set an Ethernet or a wireless interface into a bgroup, you must first

make sure that the Ethernet or wireless interface is in the Null security zone.

Unsetting the Ethernet or wireless interface that is in a bgroup places the interface

in the Null security zone. Once assigned to the Null security zone, the Ethernet

interface can be bound to a security zone and assigned a different IP address.

Port Label

Interface

Zone

10/100 Ethernet ports:

0/0

ethernet0/0

Untrust

0/1

ethernet0/1

DMZ

0/2

bgroup0 (ethernet0/2)

Trust

0/3

bgroup0 (ethernet0/3)

Trust

0/4

bgroup0 (ethernet0/4)

Trust

0/5

bgroup0 (ethernet0/5)

Trust

0/6

bgroup0 (ethernet0/6)

Trust

AUX

serial0/0

Null

WAN ports:

ISDN

bri0/0

Untrust

V.92

serial0/0

Null

Page 28 / 64

SSG 5 Hardware Installation and Configuration Guide

Default Device Settings

To unset ethernet0/3 from bgroup0 and assign it to the Trust zone with a static IP

address of 192.168.3.1/24, use the WebUI or CLI as follows:

WebUI

Network > Interfaces > List > Edit (bgroup0) > Bind Port: Deselect

ethernet0/3

, then click

Apply

List > Edit (ethernet0/3): Enter the following, then click

Apply

Zone Name: Trust (select)

IP Address/Netmask: 192.168.3.1/24

CLI

unset interface bgroup0 port ethernet0/3

set interface ethernet0/3 zone trust

set interface ethernet0/3 ip 192.168.3.1/24

save

Table 5:

Wireless and Logical Interface Bindings

You can change the default IP address on the bgroup0 interface to match the

addresses on your LAN and WLAN. For configuring a wireless interface to a bgroup,

see “Basic Wireless Configuration” on page 33.

For additional bgroup information and examples, refer to the

Concepts & Examples

ScreenOS Reference Guide

There are no other default IP addresses configured on other Ethernet or wireless

interfaces on a device; you need to assign IP addresses to the other interfaces,

including the WAN interfaces.

SSG 5-WLAN

Interface

Zone

Wireless Interface

Specifies a wireless interface, which is

configurable to operate on 2.4G and/or

5G radio

wireless0/0 (default IP address is

192.168.2.1/24).

Trust

wireless0/1-0/3.

Null

Logical Interfaces

Layer-2 interface

vlan1 specifies the logical interfaces

used for management and VPN traffic

termination while the device is in

Transparent mode.

N/A

Tunnel interfaces

tunnel.

specifies a logical tunnel

interface. This interface is for VPN

traffic.

N/A

NOTE:

The bgroup interface does not work in Transparent mode when it contains a

wireless interface.

Page 29 / 64

Basic Device Configuration

This section describes the following basic configuration settings:

Root Admin Name and Password

Date and Time

Bridge Group Interfaces

Administrative Access

Management Services

Hostname and Domain Name

Default Route

Management Interface Address

Backup Untrust Interface Configuration

Root Admin Name and Password

The root admin user has complete privileges for configuring an SSG 5 device. We

recommend that you change the default root admin name and password (both

netscreen

) immediately.

To change the root admin name and password, use the WebUI or CLI as follows:

WebUI

Configuration > Admin > Administrators > Edit (for the Administrator Name):

Enter the following, then click

Administrator Name:

Old Password: netscreen

New Password:

Confirm New Password:

CLI

set admin name

name

set admin password

pswd_str

save

NOTE:

Passwords are not displayed in the WebUI.

Page 30 / 64

SSG 5 Hardware Installation and Configuration Guide

Basic Device Configuration

Date and Time

The time set on an SSG 5 device affects events such as the setup of VPN tunnels.

The easiest way to set the date and time on the device is to use the WebUI to

synchronize the device system clock with the workstation clock.

To configure the date and time on a device, use the WebUI or CLI as follows:

WebUI

Configuration > Date/Time: Click the Sync Clock with Client button.

A pop-up message prompts you to specify if you have enabled the daylight

saving time option on your workstation clock.

Click

Yes

to synchronize the system clock and adjust it according to

daylight saving time or click

to synchronize the system clock without

adjusting for daylight saving time.

You can also use the

set clock

CLI command in a Telnet or Console session to

manually enter the date and time for the device.

Bridge Group Interfaces

By default, the SSG 5 device has Ethernet interfaces ethernet0/2—ethernet0/4

grouped together in the Trust security zone. Grouping interfaces sets interfaces in

one subnet. You can unset an interface from a group and assign it to a different

security zone. Interfaces must be in the Null security zone before they can be

assigned to a group. To place a grouped interface in the Null security zone, use the

unset interface

interface

port

interface

CLI command.

The SSG 5-WLAN devices allow Ethernet and wireless interfaces to be grouped

under one subnet.

To configure a group with Ethernet and wireless interfaces, use the WebUI or CLI as

follows:

WebUI

Network > Interfaces > List > Edit (bgroup0) > Bind Port: deselect

ethernet0/3

and

ethernet0/4

, then click

Apply

Edit (bgroup1) > Bind Port: Select

ethernet0/3

ethernet0/4

, and

wireless0/2

then click

Apply

>Basic: Enter the following, then click

Apply

Zone Name: DMZ (select)

IP Address/Netmask: 10.0.0.1/24

NOTE:

Only wireless and Ethernet interfaces can be set in a bgroup.

Rate

Popular Juniper Models

Famous Router IPs

Famous Router Companies

Bookmark Our Site

Share