• No results found

JUNOS Cheat-Sheet Quick Reference

N/A
N/A
Info
Download
Protected

Academic year: 2021

Share "JUNOS Cheat-Sheet Quick Reference"

Copied!
5
0
0

Loading.... (view fulltext now)

Download now ( 5 Page )

Full text

(1)

Show show sys tem upti me Set set date Set (N TP) set date ntp <IP > Show (NTP ) sh ow n tp a ssoc iati ons Set Timez one set syst em t im e-zone IOS JUNOS Disable interface <name> shutdown set inter

face <name> disable Enable interface

<name> no shutdown

delete interface <na

me> disable help topic

help reference General topics

Syntax help syslog

Lookup syslog msgs

JUNOS Cheat-Sheet

Quick Reference – www.cciezone.com

n = 1-3 n = 4-49 Stored in /config/juniper.conf.n.gz Stored in /config/db/config/juniper.c onf.n.gz Rollbacks Active /config/juniper.conf.gz JUNOS Images

Should be stored in /var/t

mp for easy cleanup

Rescue

/config/rescue.conf.gz

Upgrade

request system sof

tware add (all are ope

rational-mode comman ds) Reboot

request system reb oot Shutdown

request system pow er-off

request system configuration rescue save Create

[edit]

rollback rescue Rollback

(apply/restore) OR

Press the config button for less than 5 seconds

The

re is

no

defa

ult r

escu

e co

nfig

don’t

for

get

to c

reat

e it!

Login as root, run ezsetup

OR

Connect to ge-0/0/0, use DHCP and access 192.168.1.1 (web or telnet/SSH)

OR

Choose Enter Ezsetup from LCD screen

OR

Connect to me0 and access 192.168.2.1 (EX-series)

set system root-authentication plain-text-password Set Root

password

set system services ssh Enable SSH

delete system services telnet Disable Telnet

(2)

- All ports are family ethernet-switching - PoE is enabled on all PoE-capable ports - LLDP and RSTP enabled

- Virtual chassis system ID is 0 (zero) - mastership-priority of 128 load factory-default Reset back to default The E X-seri es can be an NTP serve r!

If me0 isn’t configured as a L3 interface, it is automatically assigned to the mgmt VLAN

-Up to 8 interfaces in a single LAG - Max # LAGs:

EX 3200 = 32 LAGs per switch EX 4200 = 64 LAGs per switch VCS = 128 LAGs per VCS

-Trunks do not have to have a native VLAN

1. Set the numb er of ae interfac es set chassis aggregated-d evices ethernet dev ice-co unt <#> 2. Bind the phys

ical interface to the ae interface set in terfac es <name> et her-options 802.

3ad <ae_int> 3. Set th e ae interface pr operties (physical and lo gical) - Up to 64 MSTP instances are su pported - Configure under [edit protocols] hierarch

y (stp, rstp and mstp)

- Use Redundant Trunk Groups (

RTGs) to have a failover/ secondary link without the use of

STP Up to 16 RTGs are supported per switch

1. Set the port mode to trunk set interfaces <name> unit <#> family ethernet-switching

port-mode trunk

2. Set the VLAN membership on the trunk set interfaces <name> unit <#> family ethernet-switching vlan

members <name(s)>

Rememb

er that

all por

ts by d

efault

are acc

ess port

s

3. Set the native VLAN (optional) set interfaces <name> unit <#>

family ethernet-switching native-vlan-id <name> VCPs Virtual Chassi s Ports – form t he backplane VCB Virtual Chassis Backplane ca bles – intercon nects switches into a VCS

Each EX 4

200 comes

with a

½-meter V

CB

VCEPs Virtual Chassis Extender Ports – uses fiber to interconnect re mote switches Only supported on 10Gbps upl ink module

VCCP Virtual Chassis Control Protoc ol – used to exchange LSA -based discove ry messages between PFEs in a VCS VME Virtual Manage

ment Ethernet interfa

ce – used to administer the

switch stack PFE Packet Forwar ding Engine 24-port EX 420 0s have 2 PFEs 48-port EX 420 0s have 3 PFEs request virt ual-chassis vc-port set pic-slot <#> port <#> Configure a V ME

- show chassis hardware

- show virtual-chassis status

- show virtual-chassis active-topology

- show virtual-chassis interfaces

- show virtual-chassis member-config

- show virtual-chassis protocol

Pre

-emp

tion

is en

able

d by

defa

ult,

high

est

prior

ity w

ins

Up to 10 (te

n) EX 4200s

can be stacked

into a VCS

[edit inte rfaces] vlan { unit 200 { family ine t { address 10 .1.1.1/24 } } } [edit vlans] test { vlan-id 20 0; l3-interfa ce vlan.200; }

Th

e V

LA

N

un

it d

oes

n’t

hav

e t

o

mat

ch

the

V

LA

N

ID

bes

t-p

rac

tice

s r

eco

mm

end

it

Provides inte r-VLAN routing . Like an SVI o n IOS.

[edit ethernet-switc

hing-options] redundant-trunk-grou p { group rtg10 { interface ge-0/0/3.0; interface ge-0/0/4. 0; } } show spanning-tree b

ridge show spanning-tree i

nterface show spanning-tree s

tatistics interface show spanning-tree m

stp configuration

show redundant-trunk-group

Ports ca n be: L2 Configur e family ethernet -switchi ng L3 Configure family inet

Juniper EX-series Cheat Sheet

(3)

Configuration Example: [edit forwarding-optio

ns helpers bootp] description “Main DHCP relay”; server 10.0.40.2; maximum-hop-count 4; minimum-wait-time 1; interface { vlan.2 { no-listen; } }

Juniper EX-series Cheat Sheet

Quick Reference – www.cciezone.com

Port Firewall Filter (PACL) Ingress / Received Packet VLAN Firewall Filter (VACL) Router Firewall Filter (RACL)

This is only use

d if it’s routed outside of the V LAN VLAN Firewall Filter (VACL) Egress / Transmit Packet MAC Lim iting pro tects the CAM: Only allo ws static ally-defin ed M AC a ddresses OR Lim its th e numbe r of dyna mica lly-learne d M AC a ddre sses [edit ethern et-swi tching -optio ns] secure -acces s-p ort { interf ace ge -0/0/0 .0 { allowe d-mac [ 00:0 0:00:0 0:00:0 1 ]; } interf ace ge -0/0/1 .0 { mac-li mit 2 action shutd own; } } MA C Lim iting actions: shutdo wn (bloc ks d ata traffic & gene rates sy stem log entry) dro p (d rops the pac ket and g enerate s a syste m lo g entry) log (does n ot drop p acke t, but ge nerates a system log entry) non e (do not do anyth ing) Configu ratio n Exam ple: Examin e show et her net -sw itc hin g t able to view the M AC table. Use cl ear et her net -sw itc hin g t able int erf ace <n ame> to cle ar viola tions. Look a t sh ow log me ssa ges for M AC Lim iting vio lation m ess ages.

show dhcp snooping binding clear dhcp snooping binding

Mitigate rogue DHCP servers! Default Port Trusts: Access port = untrusted Trunk port = trusted Configuration Example:

[edit ethe

rnet-switching-optio ns]

secure-access-p ort { interface ge-0/

0/0.0 { dhcp-trusted; }

interface ge-0/ 0/1.0 { no-dhcp-trusted ; } vlan test { examine-dhcp; } } 802.1X po rt modes: single (default – only first h ost is auth enticated, all other hosts piggy-back on the firs t supplica nt) single-s ecure (o nly permit s a single supplican t, all other s are denied) multiple (permits access fo r multiple supplican t, each sup plicant is authent icated ind ividually) 802.1X Pa rameters &

Options Default R eauthentic ation Peri od: 3600 seco nds Range: 1 t o 65,535 seconds A Guest V LAN can b e configure d and is us ed when: When aut henticatio n fails When a c lient does n’t respon d (have a supplican t) MAC Stat ic List is a n authenti cation byp ass for no n-802.1X h osts. MAC add resses are stored loc ally on the device. Configuration Example:

[edit protocols dot1x authenticator] interface { ge-0/0/0.0 { guest-vlan test-guest-vlan; reauthentication 3600; supplicant single-secure; } ge-0/0/3.0 { no-reauthentication; } } Static { 00:00:00:00:00:01 { interface ge-0/0/0.0; } 00:00:00:00:00:02; } Monitoring Commands: show dot1x interface Show dot1x static-mac-address show dot1x authentication-failed-users

Confi gurat ion Ex ample : [edi t syst em ser vice s dh cp] pool 1 0.0.0. 0/24 { addres s-rang e low 10.0.0 .1 hig h 10.0.0 .200; exclud e-addr ess { 10.0 .0.1; } maximu m-leas e-time 86400 ; defa ult-le ase-ti me 864 00; name-s erver { 10.0 .10.10 ; } router { 10.0.0 .254; } } Usefu l Com mand s: show syste m serv ices d hcp ? clear system servi ces dh cp con flict DHCP traceoptions are logged to

/var/log/fud by default

- Relies on examining entr

ies in the DHCP Snooping table, so require

s DHCP Snooping - Disabled on all VLANs by

default - It is enabled on a per-VLA

N basis - Any interface that is confi

gured as a trusted interface for DHCP Snoo

ping is also setup as a DAI trusted interface (byp

asses ARP inspection)

Configuration Example: [edit ethernet-switc

hing-options] secure-access-port { interface ge-0/0/0.0 { dhcp-trusted; } vlan test { arp-inspection; examine-dhcp; } } Monitoring Commands: show dhcp snnoping bindings show arp inspection statisti

(4)

-Configure C

oS before e

nabling voice VLAN

-Use voice V

LAN on ports with IP pho nes

-Use LLDP-M

ED to signal voice VLAN

ID and 802.1p value to IP phone Configuration Example: [edit eth ernet-switching-op tions] voip { interface ge-0/0/0 { vlan test-voice; forwardin

g-class voice-ep; }

}

Useful Commands: show vlan

s detail <name>

-Fully interchangeable

between E X 3200 and 4200 series switches -320W, 600W and 930 W capacitie

s are available

Confi gurat ion Ex ample : [edi t po e] inte rfac e ge -0/0 /0 { prio rity hig h; maxi mu m-powe r 15 .4; tele metr ies { inte rval 5; dura tion 1; } } inte rfac e ge -0/0 /1 { tele metr ies { disa ble; } } Usefu l Com mand s: show cha ssis har dwar e show poe con trol ler show poe int erfa ce - All switch ports are assigned to class

0 by default

- Modes:

Static – max power for po

rt is deducted from total po wer pool

(only supports class 0) Dynamic – power budget

ed from total power pool m atches

actual power consumed

Class – max power class budget is de

ducted from the total power pool

- PoE Telemetries provide

historical power usage for each powered device (PD)

Disabled by default Default interval is 5 minu

tes (1 to 30 mins) Default duration is 1 hour

(1 to 24 hrs)

LLDP

Multic

ast Ad

dress:

01-80

-C2-00

-00-0E

Configuration E xample: [edit protoc ols] lldp { advertisemen t-interval 3 0; hold-multipl ier 2; msgTxInterva l 30; msgTxHold 4; } lldp-med; Useful C ommands: show lldp st atistics show lldp de tail show lldp ne ighbors show lldp lo cal-info - All mandatory L

LDP TLVs are s

ent when LLDP

is enabled

- All optional LLD

P and LLDP-ME D TLVs are ena bled by default Assessment Design and Implementation Maintenance

(5)

Packet Forwarding Engine (PFE) Bridging Table (BT) Fwding Table (FT)

Packet Flow Packet Flow

Routing Engine (RE)

JUNOS Software Bridging Table (BT) Fwding Table (FT) Routing Table (RT) Control Plane Forwarding Plane

Juniper EX-series Cheat Sheet

Quick Reference – www.cciezone.com

- 24 to 48-ports

Basic model has 8 PoE ports Up to 48 PoE ports are supported

- Does not support VCS

- Intended for access layer usage

- Supports redundant power supplies (one internal, one via RPS port) - Field-replaceable PS and fan tray

- Uplink modules:

4 x 1Gbps Ethernet (SFP) 2 x 10Gbps Ethernet (XFP) - Line-rate switching (non-blocking)

- 24 to 48-ports

Basic model has 8 PoE ports Up to 48 PoE ports are supported - Supports VCS (up to 10 switches in a VCS) - Intended for distribution and access layer usage - Redundant (both internal), hot-swappable PS

- Field-replaceable fan tray (3 fans – one can fail & not affect operations) - Uplink modules:

References

Download now ( PDF - 5 Page - 664.16 KB )

Related documents

Impaired integration of object knowledge and visual input in a case of ventral simultanagnosia with bilateral damage to area V4

Although our study was not designed to specifically test this issue (and does not speak to category-specificity per se) it is perhaps relevant that our evidence supports a role

ethernet services for multi-site connectivity security, performance, ip transparency

An Ethernet Virtual Private Line (EVPL) service provides site-to-site connectivity using a point-to-point Ethernet Virtual Connection (P2P EVC) between Ethernet ports (UNIs) on

A Study On Determinants Of Rfid Adoption Intention Among Hajj Organizers In Indonesia And Malaysia And Its Strategic Information Systems Plan

5.9.7 RFID Adoption Intention by Hajj Organizations due to Technological, Organizational, and Environmental Factors and the Moderating Effect of Organizational Financial

Budget Direct Travel Insurance Quote

Legitimate claims or you budget direct insurance quote online experience with a claim and you are correct at the price. jerry seinfeld book letters treasure best forms of

A Guide to MANAGING. breathe easy

Respiratory infections causing the common cold, sore throat, sinus infection, and bronchitis are generally caused by viruses.. Viruses are not killed by antibiotics, which

Secure Virtual Network Configuration for Virtual Machine (VM) Protection

configuration inside the virtualized host (assigning VLAN IDs to ports of virtual switches or 421. virtual NICs of VMs) and the configuration outside the virtualized host

Secure Virtual Network Configuration for Virtual Machine (VM) Protection

Thus the combined VLAN configuration, consisting of the configuration inside the virtualized host (assigning VLAN IDs to ports of virtual switches or vNICs of VMs) and

Internetworking Solutions ETHERNET SWITCHING. The NetVantaTM Series.

Operating System (OS), NetVanta 1000 switches offer non-blocking Layer 2 switching with Fast Ethernet and Gigabit Ethernet uplink capability, VLAN (Virtual LAN) functionality,