On Oct 13, 2010, at 4:56 PM, Brad Fleming wrote: > I'm thinking of using a smaller SRX for public telnet/ssh access to run some > basic commands at a CLI (show route, traceroute). Does anyone do similar and > would be willing to share their system->login->class configuration? > > I can get the box limited down to only the 4 to 5 commands I want to allow by > using a regex filter on the login class but issuing a "?" at the default > prompt takes 3-4 *minutes* to return results. I'll include my configuration > since it seems likely I made a mistake. Thanks in advance for any suggestions.
I'm not sure you made a mistake. The smaller SRX boxes seem to be notoriously under powered. That said, it might be somewhat simpler configuration to deny everything and explicitly list the "4 to 5 commands" you want to allow. Hopefully that will help the performance. [edit system login] u...@host# show class guests idle-timeout 1; permissions view; allow-commands "show route|quit"; deny-commands .*; --Stacy _______________________________________________ juniper-nsp mailing list [email protected] https://puck.nether.net/mailman/listinfo/juniper-nsp
