root# show | no-more ## Last changed: 2009-10-31 09:05:56 UTC version 9.2R4.4; system { root-authentication { encrypted-password "$1$9aQTmFHm$lNkr4e5JOZC0TYiq.TUe/1"; ## SECRET-DATA } login { user lab { uid 2001; class super-user; authentication { encrypted-password "$1$2Ef07UvV$lITxZrsWXDDBZFgNISmAj0"; ## SECRET-DATA } } } services { ssh; telnet; web-management { http { interface [ ge-0/0/0.0 ge-2/0/0.0 ]; } } } syslog { user * { any emergency; } file messages { any any; authorization info; } file interactive-commands { interactive-commands any; } } license { autoupdate { url https://ae1.juniper.net/junos/key_retrieval; } } } chassis { fpc 2 { pic 0 { ethernet { pic-mode enhanced-switching; } } } } interfaces { ge-0/0/0 { unit 0; } ls-0/0/0 { unit 1 { family inet { address 192.168.1.1/30; } family mpls; } } ge-0/0/1 { unit 0; } ge-2/0/0 { unit 0 { family inet { address 50.50.50.3/24; } } } ge-2/0/1 { unit 0; } e1-3/0/0 { e1-options { framing unframed; } unit 0 { family mlppp { bundle ls-0/0/0.1; } } } e1-3/0/1 { e1-options { framing unframed; } unit 0 { family mlppp { bundle ls-0/0/0.1; } } } lo0 { unit 0 { family inet { address 1.1.1.1/32; } } } } routing-options { autonomous-system 65000; } protocols { mpls { interface ls-0/0/0.1; } bgp { group inte { type internal; local-address 1.1.1.1; family inet-vpn { unicast; } neighbor 1.1.1.2; } } ospf { area 0.0.0.0 { interface ls-0/0/0.1; interface lo0.0; } } ldp { interface ls-0/0/0.1; } } security { screen { ids-option untrust-screen { icmp { ping-death; } ip { source-route-option; tear-drop; } tcp { syn-flood { alarm-threshold 1024; attack-threshold 200; source-threshold 1024; destination-threshold 2048; queue-size 2000; ## Warning: 'queue-size' is deprecated timeout 20; } land; } } } zones { security-zone untrust { screen untrust-screen; } security-zone trust { tcp-rst; } security-zone default { host-inbound-traffic { system-services { all; } protocols { all; } } interfaces { all; } } } policies { from-zone trust to-zone trust { policy default-permit { match { source-address any; destination-address any; application any; } then { permit; } } } from-zone trust to-zone untrust { policy default-permit { match { source-address any; destination-address any; application any; } then { permit; } } } from-zone untrust to-zone trust { policy default-deny { match { source-address any; destination-address any; application any; } then { permit; } } } default-policy { permit-all; } } } routing-instances { l3vpn { instance-type vrf; interface ge-2/0/0.0; route-distinguisher 65000:1; vrf-target target:65000:1; vrf-table-label; } } [edit] root# run ping routing-instance l3vpn 192.168.0.100 PING 192.168.0.100 (192.168.0.100): 56 data bytes 64 bytes from 192.168.0.100: icmp_seq=0 ttl=127 time=4.164 ms 64 bytes from 192.168.0.100: icmp_seq=1 ttl=127 time=7.286 ms 64 bytes from 192.168.0.100: icmp_seq=2 ttl=127 time=6.287 ms 64 bytes from 192.168.0.100: icmp_seq=3 ttl=127 time=4.510 ms ^C --- 192.168.0.100 ping statistics --- 4 packets transmitted, 4 packets received, 0% packet loss round-trip min/avg/max/stddev = 4.164/5.562/7.286/1.281 ms [edit] root# run telnet 192.168.1.2 Trying 192.168.1.2... Connected to 192.168.1.2. Escape character is '^]'. (ttyp0) login: root Password: Login incorrect login: login: lab Password: No home directory. Logging in with home = "/". invalid user: getpwuid failsConnection closed by foreign host. [edit] root# root ^ unknown command. [edit] root# run telnet 192.168.1.2 Trying 192.168.1.2... Connected to 192.168.1.2. Escape character is '^]'. (ttyp0) login: root Password: Login incorrect login: login: login: login: login: as Password: Login incorrect login: [edit] root# [edit] root# [edit] root# [edit] root# [edit] root# show ## Last changed: 2009-10-31 08:43:15 UTC version 9.2R4.4; system { root-authentication { encrypted-password "$1$LDh/6jEb$e3xe2SE9P./z89p5hpmg/0"; ## SECRET-DATA } login { user lab { uid 2000; class super-user; authentication { encrypted-password "$1$gMVASxqR$nC7jqVtrE9OEUxFG/Nkgk."; ## SECRET-DATA } } } services { ssh; telnet; web-management { http { interface [ ge-0/0/0.0 ge-0/0/1.0 ]; } } } syslog { user * { any emergency; } file messages { any any; authorization info; } file interactive-commands { interactive-commands any; } } license { autoupdate { url https://ae1.juniper.net/junos/key_retrieval; } } } chassis { fpc 0 { pic 0 { ethernet { pic-mode enhanced-switching; } } } } interfaces { ge-0/0/0 { vlan-tagging; unit 0 { vlan-id 2; family inet { address 192.168.10.1/24; } } unit 10 { vlan-id 10; family inet { address 20.20.20.1/24; } } unit 20 { vlan-id 20; family inet { address 40.40.40.1/24; } } } ls-0/0/0 { unit 1 { family inet { address 192.168.1.2/30; } family mpls; } } ge-0/0/1 { unit 0 { family inet { address 192.168.0.10/24; } } } ge-0/0/2 { unit 0; } e1-4/0/0 { clocking external; e1-options { framing unframed; } unit 0 { family mlppp { bundle ls-0/0/0.1; } } } e1-4/0/1 { clocking external; e1-options { framing unframed; } unit 0 { family mlppp { bundle ls-0/0/0.1; } } } lo0 { unit 0 { family inet { address 1.1.1.2/32; } } } vlan { unit 10 { family inet { address 10.10.10.250/24; } } } } routing-options { autonomous-system 65000; } protocols { mpls { interface ls-0/0/0.1; } bgp { group intern { type internal; local-address 1.1.1.2; family inet-vpn { unicast; } neighbor 1.1.1.1; } } ospf { area 0.0.0.0 { interface lo0.0; interface ls-0/0/0.1; } } ldp { interface ls-0/0/0.1; } } security { screen { ids-option untrust-screen { icmp { ping-death; } ip { source-route-option; tear-drop; } tcp { syn-flood { alarm-threshold 1024; attack-threshold 200; source-threshold 1024; destination-threshold 2048; queue-size 2000; ## Warning: 'queue-size' is deprecated timeout 20; } land; } } } zones { security-zone trust; security-zone untrust { screen untrust-screen; } security-zone default { host-inbound-traffic { system-services { all; } protocols { all; } } interfaces { all; } } } policies { from-zone trust to-zone trust { policy default-permit { match { source-address any; destination-address any; application any; } then { permit; } } } from-zone trust to-zone untrust { policy default-permit { match { source-address any; destination-address any; application any; } then { permit; } } } from-zone untrust to-zone trust { policy default-deny { match { source-address any; destination-address any; application any; } then { permit; } } } default-policy { permit-all; } } } routing-instances { l3vpn { instance-type vrf; interface vlan.10; interface ge-0/0/1.0; route-distinguisher 65000:1; vrf-target target:65000:1; vrf-table-label; } } vlans { vlan10 { vlan-id 10; l3-interface vlan.10; } } [edit] root# run ping routing-instance l3vpn 50.50.50.4 PING 50.50.50.4 (50.50.50.4): 56 data bytes 64 bytes from 50.50.50.4: icmp_seq=0 ttl=127 time=6.066 ms 64 bytes from 50.50.50.4: icmp_seq=1 ttl=127 time=4.414 ms 64 bytes from 50.50.50.4: icmp_seq=2 ttl=127 time=4.150 ms 64 bytes from 50.50.50.4: icmp_seq=3 ttl=127 time=5.431 ms ^C --- 50.50.50.4 ping statistics --- 4 packets transmitted, 4 packets received, 0% packet loss round-trip min/avg/max/stddev = 4.150/5.015/6.066/0.773 ms [edit]