It is very simple to setup NTP. In summary here is the 3 steps.
1) Set the timezone
2) Set the time via CLI to get an immediate update
3) Sync up with an NTP source for persistent time sync.
Below is the steps fleshed out.
Load hierarchical config
You can, if you want, load hierarchical config directly under the edit prompt if you have such a piece of config. For example you just want to copy a section of config you already have working from one device to another or maybe you want to copy a piece of config you have seen.
Here we copy a user definition into another device using the load merge command.
Also note the use of the "relative" keyword as we are not loading at the top of the hierarchy
Here we copy a user definition into another device using the load merge command.
Also note the use of the "relative" keyword as we are not loading at the top of the hierarchy
Logging (Olive - Firewall)
Now we can login to the olive, control the login through a firewall filter and see hits on the filter. But that only gives us a packet and byte count. It doesn't tell us when the counts happened or where they were sourced from. For that we need logging.
An easy way to do this is to use the action "log" on the term..
user@olive-core> show configuration firewall
filter ACCESS-CNTRL {
term TELNET-BLOCK {
from {
destination-port telnet;
}
then {
count COUNTER-TELNET-BLOCK;
log;
discard;
}
}
term PERMIT-ALL {
from {
source-address {
0.0.0.0/0;
}
}
then {
count COUNTER-PERMIT-ALL;
accept;
}
}
}
To see the log..(And there must be hits against the term to see the kind of output below)
An easy way to do this is to use the action "log" on the term..
user@olive-core> show configuration firewall
filter ACCESS-CNTRL {
term TELNET-BLOCK {
from {
destination-port telnet;
}
then {
count COUNTER-TELNET-BLOCK;
log;
discard;
}
}
term PERMIT-ALL {
from {
source-address {
0.0.0.0/0;
}
}
then {
count COUNTER-PERMIT-ALL;
accept;
}
}
}
To see the log..(And there must be hits against the term to see the kind of output below)
Access (Olive)
All you need to access the device, an Olive on VirtualBox in this case, is this config.
system {
services {
ssh;
telnet;
}
This config would allow ssh and telnet access to all interfaces.
Note: Root will not authenticate with telnet.
Now suppose you would like to block access on one or more interfaces.
You need a firewall filter.
system {
services {
ssh;
telnet;
}
This config would allow ssh and telnet access to all interfaces.
Note: Root will not authenticate with telnet.
Now suppose you would like to block access on one or more interfaces.
You need a firewall filter.
Subscribe to:
Posts (Atom)