[j-nsp] Public Looking Glass Template
Smith W. Stacy
stacy at acm.org
Wed Oct 13 19:28:28 EDT 2010
On Oct 13, 2010, at 4:56 PM, Brad Fleming wrote:
> I'm thinking of using a smaller SRX for public telnet/ssh access to run some basic commands at a CLI (show route, traceroute). Does anyone do similar and would be willing to share their system->login->class configuration?
>
> I can get the box limited down to only the 4 to 5 commands I want to allow by using a regex filter on the login class but issuing a "?" at the default prompt takes 3-4 *minutes* to return results. I'll include my configuration since it seems likely I made a mistake. Thanks in advance for any suggestions.
I'm not sure you made a mistake. The smaller SRX boxes seem to be notoriously under powered.
That said, it might be somewhat simpler configuration to deny everything and explicitly list the "4 to 5 commands" you want to allow. Hopefully that will help the performance.
[edit system login]
user at host# show class guests
idle-timeout 1;
permissions view;
allow-commands "show route|quit";
deny-commands .*;
--Stacy
More information about the juniper-nsp
mailing list