UAC-售后培训-UAC2-Installation

管理员登陆（https://<ip>/admin)
Navigating the UI
Tabs Location Indicator
Main Menu
Popup Submenus
Task Guide
Infranet Controller 界面初始化配置
步骤:
1. 设置时间 date/time 2. 更改管理员超时选项 ( (可选) ) 3. 安装最新的软件 (可选) 4. 安装 licenses许可 5. 生成和安装证书 6. 重启服务
证书导入与绑定
导入证书后，必须将证书与相关的端口绑定，才 会生效
证书绑定 点击相关证书
复习题目
1. 使用WEB方式管理IC的时候，使用什么URL进行登 陆? 2. IC的license生成，需要哪两个信息? 3. 为什么需要将证书与IC的端口进行绑定?
证书的生成－使用OPENSSL(2)
设置可执行文件的路径
• set path=%path%;c:\openssl\bin
生成RSA密钥
• • openssl genrsa -out ca.key 1024 输入相关的DN信息（注：OU信息必须与IC证书请求的OU相同）
生成根证书
• • • • openssl req -new -x509 -days 3650 -key ca.key -out demoCA/cacert.pem c:\openssl\certs\ demoCA\cacert.pem为根证书 根证书用来签发IC的证书 根证书需要保存好，用来做防火墙证书和用户端可信根证书
步骤:
1. 设备启动
• 选择 cluster或者stand-alone 配置
2. 完成 license agreement 3. 配置端口 interface
• 完成所有的IP相关配置 (address, mask, gateway, DNS)
4. 建立管理员帐号 5. 建立自签名证书
Step 1: 启动
Step 5: 自签名证书
Please provide information to create a self-signed Web server digital certificate. Common name (example: ): Organization name (example: Company Inc.): Class Net Please enter some random characters to augment the system's random key generator. We recommend that you enter approximately thirty characters. Random text (hit enter when done): asdoigqw,3m4tnx;vo7qwl4ktndacog87akjnnsdtgo87
Please choose from among the following options: 1. Network Settings and Tools 2. Create admin username and password 3. Display log 4. System Operations 5. Toggle password protection for the console (Off) 6. Create a Super Admin session. 7. System Snaphot Choice:
Creating self-signed digital certificate... The self-signed digital certificate was successfully created. ----------------------------------Congratulations! You have successfully completed the initial set up of your server.
Step 1: 设置系统时间 Date/Time
系统菜单 Status>overview >system date &time>edit
Step 2: 更改管理员超时选项
系统菜单 Admin roles>1.administrator >general > session option
Step 3: 系统软件升级
串口菜单
System is now ready. Press Enter to modify system settings. ^@ Welcome to the Juniper Networks IVE Serial Console! Current version: 5.1Platform/1.0 Controller (build 46783) Rollback version: 5.1Platform/1.0 Controller (build 46767) Reset version: 5.1-Beta (build 46537)
Step 2: License Agreement
Note that continuing signifies that you accept the terms of the Juniper license agreement. Type “r” to read the license agreement (the text is also available at any time from the License tab in the Administrator Console). Do you agree to the terms of the license agreement (y/n/r)?:
证书的生成－使用OPENSSL(1)
安装OPENSSL软件； 建立相关目录和文件
• C:\>cd openssl • C:\OpenSSL>md certs • C:\OpenSSL>cd certs • C:\OpenSSL\certs>md demoCA • C:\OpenSSL\certs>md demoCA\newcerts • C:\OpenSSL\certs>edit demoCA\index.txt (内容为空） • C:\OpenSSL\certs>edit demoCA\serial (内容为01）
在设备启动前，连接好Console口
Welcome to the initial configuration of your server! NOTE: Press ‘y’ if this is a stand-alone server or the first machine in a clustered configuration If this is going to be a member of an already running cluster press n to reboot. When you see the ‘Hit TAB for clustering options’ message press TAB and follow the directions. Would you like to proceed (y/n)?: y
Step 4: 创建管理员帐号
Please confirm the following setup: IP address: 1.1.7.240 Network mask: 255.255.255.0 Gateway IP: 1.1.7.1 Link speed: Auto Primary DNS server: 1.1.7.111 Secondary DNS: DNS domain(s): WINS server: Correct? (y/n): y Initial network configuration complete. ----------------------------------Please create an administrator username and password. Admin username: admin Password: Confirm password: The administrator was successfully created. -----------------------------------
proprietaryconfidentialwwwjunipernet证书的生成如果存在证书服务器可以直接给ic签发一个证书为服务器证书
配置UAC
初始化配置
Copyright © 2005 Juniper Networks, Inc.
Proprietary and Confidential

证书的生成－使用OPENSSL(3)
准备证书请求文件
• 将IC生成的证书请求字符串复制到 c:\openssl\certs\ic.csr当中
为IC签发证书
• openssl ca -in ic.csr -out ic.crt –days 3650 -keyfile ca.key
导入证书
• 将c:\openssl\certs\ic.crt导入到IC当中
目标
本章您将学到:
•对 Infranet Controller进行初始化配置 • 证书的生成
开始
用串口线连接到IC的Console口上 启动仿真终端
•9600 baud •8 data bits •1 stop bit •No flow control
Infranet Controller 初始化步骤
生成证书请求
Step 5:生成和安装证书 (4 of 4)
导入设备证书
Step 6: 重启服务
证书的生成
1. 如果存在证书服务器，可以直接给IC签发一个证 书，为服务器证书。 2. 如果无证书服务器，可以使用openssl来生成一套 证书。 3. 可以使用windows和linux版本的openssl.
Step 3: Interface 端口配置
Please provide ethernet configuration information IP address: 1.1.7.240 Network mask: 255.255.255.0 Default gateway: 1.1.7.1 Please provide DNS nameserver information: Primary DNS server: 1.1.7.111 Secondary (optional): DNS domain(s): Please provide Microsoft WINS server information: WINS server (optional): Please confirm the following setup: IP address: 1.1.7.240 Network mask: 255.255.255.0 Gateway IP: 1.1.7.1 Link speed: Auto Primary DNS server: 1.1.7.111 Secondary DNS: DNS domain(s): WINS server: Correct? (y/n): y
系统菜单 System > upgrade/downgrade
Step 4: 安装许可
系统菜单 Configuration>licensing
Step 5: 生成和安装证书 (1 of 4)
设备证书选项
Step 5:生成和安装证书 (2 of 4)
填写证书请求
Step 5:生成和安装证书 (3 of 4)