I don't rember on wich version flow mode is default, but I think it is in 9.3. So you need to configure security zones and host-inbound-traffic system-service or enable packet mode with set security forwarding-options family mpls mode packet-based. See also http://kb.juniper.net/InfoCenter/index?page=content&id=KB11963. This setting doesn't do anything with mpls btw, it just bypasses the flow module completly this way.

If you can handle and outage you can run:

load override /etc/config/jsr-series-routermode-factory.conf

then load your configuration back in. This command will erase your config, but as long as you place it back in before commit you should be okay.

To get all of the set commands, enter edit, then do a show | display set, so you can have all of the set commands to restore your config after teh load override command

Thanks

Screenie,

thank you for reply. However, setting everything according to that KB did not help. I still cannot SSH to the device.

" root@cslab-j2320% telnet 192.168.2.57 22
Trying 192.168.2.57...
Connected to 192.168.2.57.
Escape character is '^]'.
Connection closed by foreign host. "

Do you think there is something to be done with SSH keys or certificates?

Dclarkjr1122,

thank you for your reply. I must say I am not quite sure if I understood you correctly but if not mistaken, you want me to
1. issue "load override /.../-factory.conf", and then
2. issue "load override /config/junifer.conf.gz" and then
3. commit ... right?

Doing things in that order did not also allow me to SSH to device.

Regards,

Jure

Close but try this order:

1) enter edit, do "show | display set" (copy this to notepad)

2) enter load override /etc/config/jsr-series-routermode-factory.conf

3) paste in output copied to notepad into the terminal

4) commit

 

Let me know if that helps

Thanks

 

 

Dear Dclarkjr1122,

 

I did what you had instructed me, but that did not help me.

 

I am not sure what was wrong with my SSH access but it was not until I confirmed one more time interface ge-0/0/0 (not ge-0/0/0.0) under security zone settings and allowed SSH ver 1, that I managed to SSH successfully. 

ersion 9.3R4.4;
system {
    host-name cslab-j2320;
    domain-name cslab.hr;
    root-authentication {
        encrypted-password "$1$.urQQgr3$uMcCLbIOrpSpfMnP.k..Y/";
    }
    name-server {
        192.168.0.11;
    }
    login {
        user nsm_admin {
            uid 2003;
            class super-user;
            authentication {
                ssh-rsa "ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAuZ4oEW/5qOEvejpr9JNqNTUqkYGfUVnRHU/fRQF/VwwGw9FIcaQYAOTjaRTag4TOKllrrsyip7D+B+zpYBhUbrixXp59NYm119+11bKIR4RcDLBrspKMX3sGNFDYvej8i283uWewVJC7v+yIeVa82oNOnL+gTbtbBknaBmFZ4t38sHsWlPTUEd/xFhCdo2Lka/iRQ/4gicEpKCZmHb6GMsJdYrsx3nkKCN7ggjv1Ojq47/x+Mt+KcVlP7ZHtsaOuGHBUHhsfonoDFr/veLLwibTZP1uH2B6Yfiq54Jbd6ZhXmz0CPHO3dXi/hj3Qf+ZiXkTCGpcZbEj39KvkeLShpQ== nsm_admin@nsm";
            }
        }
        user web_admin {
            uid 2001;
            class super-user;
            authentication {
                encrypted-password "$1$IkzqoM2o$1zst3l8ksN2gNvI79wMSc.";
            }
        }
    }
    services {
        ftp {
            connection-limit 10;
            rate-limit 4;
        }
        ssh {
            root-login allow;
            protocol-version [ v2 v1 ];
            connection-limit 10;
            rate-limit 4;
        }
        telnet;
        netconf {
            ssh;
        }
        web-management {
            http;
        }
    }
}
interfaces {
    ge-0/0/0 {
        unit 0 {
            family inet {
                address 192.168.2.57/24;
            }
        }
    }
}
routing-options {
    static {
        route 0.0.0.0/0 next-hop 192.168.2.1;
    }
}
security {
    zones {
        security-zone trust {
            host-inbound-traffic {
                system-services {
                    telnet;
                    ssh;
                    http;
                    ping;
                }
            }
            interfaces { ge-0/0/0.0;
            }
        }
    }
}

#####

UPDATE: I found out that my router does not support SSH ver 2 and it only works when I set ver1. (ver 9.3R4.4 world-wide download packet) 

 

Just, a a question more - does Junos 9.3 support  3DES for SSH at all?! 

 

Regards,

 

Jure

DES or 3DES depends on the version you install. There's the domestic (to US/Canada) or the export (worldwide on download page) version. On the export version only ssh v1 and DES is omplemented due to regulations..............  When your outside US/Canada you might need to fill in an encryption Agreement to use the domestic version.

 

Domestic shows domestic in the image name, WW will show export.

Screenie,

 

could you help me more with this please?! It is very important to me to have SSH ver2 because I am testing NSM software with Juniper appliances and SSHver2 must be used according to NSM Admin Guide.

 

I have link to 9.3 Junos software here and would like to ask you which packet i should install?

 

Currently on-box I have ver 9.3R4.4 running from this World Wide package:

 

J-series Junos with Enhanced Services Install Package
Advance BGP and JFlow require a license key to enable the features.

 

Regards,

 

Jure