차노 블로그

5.1.1 Changing the Settings for the Console Port

Of the three connections previously described, the console port is unique in that it is always used for the initial steps needed in configuration because it is by default the only interface that can be used to access the CLI on a Juniper Networks router. All other interfaces lack a functional configuration at initial startup. The console port is an RS232 male 9-pin connection on the craft interface of every Juniper Networks M-Series router. Refer to Figures 5-1 through 5-6 to identify the location of the console port connection on the craft interfaces of the routers.

By default the console port is considered to be secure in that it is permissible to log into the router as the root user through this connection. Those familiar with UNIX will recall that the root user has special permissions. In the Juniper Networks world, the root user is capable of accessing the UNIX kernel, as well as the core of JUNOS. Under normal conditions, root access should be permitted through the console. However, should a network engineer find it necessary, the console port can be blocked from allowing root access. The following example shows how to disable the root login on the console port:

[edit system ports console] 
lab@Chicago# set insecure

The default speed for the console connection is 9,600 baud. The following example shows the command completions for setting the connection speeds. By using the question mark, the valid completions for any command string can be accessed from any point within the JUNOS CLI.

[edit system ports console] 
lab@Chicago# set speed ?
Possible completions:
  115200               Standard terminal at 115200 baud
  19200                Standard terminal at 19200 baud
  38400                Standard terminal at 38400 baud
  4800                 Standard terminal at 4800 baud
  57600                Standard terminal at 57600 baud
  9600                 Standard terminal at 9600 baud

If the baud rate on the console port is changed, any user logged in through that port will immediately be disconnected once the change is committed. The configuration sample below shows how to set the link speed for the console port to 19.2Kbps. It also shows user lab being logged off once the change is committed:

[edit system ports console] 
lab@Chicago# set speed 19200

[edit system ports console]
lab@Chicago# show
speed 19200;

[edit system ports console]
lab@Chicago# commit

Problem

When you activate a configuration, you want to include a short message that describes the changes you made.

Solution

Include a comment when you activate the configuration:

        aviva@router1# commit comment "turned on telnet"

Discussion

It's good practice to include a short description of the changes you made to each version of a configuration file so you can keep a history of configuration changes. You do this by using the comment option with the commit command.

To track down what changed in the configuration and when, you can review the comments:

        aviva@router1> show system commit

        0   2005-03-31 20:26:16 UTC by aviva via cli

            turned on telnet

        1   2005-03-31 11:12:28 UTC by aviva via cli

            set host gildor facility-override local4