Jncia-er Lab Manual

JNCIA-ER Lab Manual

Developed by

M. Irfan Ghauri

M. Tanzeel Nasir

C-32/1 Block-5 Gulshan-e-Iqbal, Karachi

ESP Press

Ph #021-6034003 Copyrights 2009

LAB. LABS DESCRIPTION PAGE NO.

1 Junos Basic and J-web Basics ₂

2 Accessing the Juniper Router through Telnet/SSH/HTTP 11

3 Static Routing 12 4 Dynamic Routing 1. RIP 2. OSPF 14 16 5 Firewall Filtering

1. Simple Firewall Filtering 2. Advance firewall Filtering

18 20

6 Port Address Translation (PAT) 22

7 Implement VRRP 24 8 Inter-vlan routing 26 9 Configuring dhcp 28 10 Password recovery 30 11 PPP Authentication 32

Lab # 1

Junos Basic

Configuration

After connecting your PC to the Console Port.

LOGIN:root

PASSWORD:abc123

Root @% To Enter Into Operational Mode From Unix Shell & Vice- Versa.

Root @% cli

Root >

To Enter Into Configuration Mode.

Root> configure

Entering configuration mode

Root #

Jweb equivalent : Configuration

Use Commit command to activate your changes.

Root# commit

To change the Host Name of Router.

Root# set system host-name host Root# commit

Set the System Date & Time on the Router

Root> set date 12:10:8 (hh:mm:ss) Root> set date 2009-10-6 (YY-MM-DD) Root# commit

Jweb equivalent : Configuration > Quick Configuration > setup

(set time manually)

Verify the System Date & Time on the Router

Root> show system uptime

Current time: 2009-08-17 11:55:58 UTC

Jweb equivalent : Monitor> system

Display the Version Information of the Router.

Root>show system software Or

Root>show version

Show interface summary

Root> show interfaces terse

Jweb equivalent : Monitor > interfaces

Display the Interface

Root>show interface

Root>show interfaces extensive Root>show interface detail

Displays per-second real-time statistics for a physical interface

Root> monitor interface se-0/0/2

Command prints packet headers to your terminal screen for information sent or received by the Routing Engine

Root>monitor traffic interface se-0/0/2

Move connection to another port for testing purpose

Root#rename interfaces fe-0/0/0 to fe-0/0/1

(in this example you will move the configuration for fe-0/0/0 to fe-0/0/1)

Ruplicate an existing configuration and change a few components.

Root#copy interfaces fe-0/0/0 to fe-0/0/1

(we are replicating an existing configuration so we can change a few components)

Configuring the Encapsulation on a Physical Interface Root#set interfaces se-0/0/2 encapsulation ppp

Show Active Configuration.

Root>show configuration or

Root>show system rollback 0 or

Root#show

Jweb equivalent:

Configuration

>

View and Edit

>

View Configuration

Text

Show Active Configuration in set display Root # Show | display set

Show Active Configuration in xml format Root # Show | display xml

s

how candidate Configuration.

Root> show system rollback 2

(Temporary Configuration and becomes active when commit it)

Jweb equivalent : Configuration > history

Compare Rollback Configuration.

Root> show system rollback 0 compare 2

Jweb equivalent : Configuration > history > compare

Configure Rollback Configuration.

Root#rollback 2 Root#commit

Deactivate or Activate configuration.

Root#deactivate Anyconfiguration

For example

Root#deactivate interfaces se-0/0/2

Root#show interfaces{

inactive se-0/0/2{ }

Shut down an Interface

Root# set interfaces se-0/0/2 disable

Root# delete interface se-0/0/2 disable

Set Rescue Configuration.

Root> request System configuration rescue save

(Save Active configuration as rescue configuration)

Jweb equivalent : configuration >rescue

Commit Rescue Configuration.

Root> rollback rescue Or

(Reset CONFIG button on the front of j-series router will load and commit the rescue configuration )

Jweb equivalent : Configuration > history (

Set rescue configuration

)

Show Rescue Configuration.

Root> Show System configuration rescue

Jweb equivalent : Configuration > history (

View rescue configuration

)

To look how many users are logged in junos

Root>show system user

To look at files stored in Flash memory

Root>show system storage

To look at used tcp and udp ports

Root>show system connection

To look at system license

Root>show system license

To look at system firmware

Root>show system firmware

Show chassis component and temperature of cpu

Root > show chassis environment

Jweb equivalent : Monitor > chassis

Show chassis hardware

Root > show chassis hardware detail

Jweb equivalent : Monitor > chassis

Set the password of Root in clear text.

Root# set system root-authentication plain-text-password

New Password: abc123

Retype new password: abc123

Jweb equivalent : Configuration > Quick Configuration > setup

Set the password of Root in encrypted text.

Root# set system root-authentication encrypted-password abc123

Jweb equivalent : Configuration > Quick Configuration > setup

To shutdown and restart the router

Root> request system poweroff Root> request system reboot

Jweb equivalent : Manage > Reboot

To make the router on factory default setting

Root # load factory-default

warning: activating factory configuration [edit]

Root # set system root-authentication plain-text-password

New password: abc123

Retype new password: abc123 [edit]

Root # commit

Assign the IP Address on the Ethernet Interface of the

Router.

Configuration

Assign the IP Address on the Ethernet Interface of the Router .

Root# set interfaces fe-0/0/0 unit 0 family inet address 10.0.0.10/8 Root#edit interface fe-0/0/0

Root#Set description "This is the Ethernet management interface" Root#top

Root#commit

Delete the IP Address on the Ethernet Interface of the Router .

Root#delete interface fe-0/0/0 unit 0 family inet address 10.0.0.10/8

Rename the IP Address on the Ethernet Interface of the Router .

Root#rename interface fe-0/0/0 unit 0 family inet address 10.0.0.10/8 to 15.0.0.10/8

Jweb equivalent : Configuration > Quick Configuration > interfaces

Verifying Command Root> show interfaces Root> show interface terse Root>show interface description Root> show interfaces terse | match fe

Assign the IP Address on the Serial Interfaces of the

Router.

Configuration

Assign the IP Address on the Serial Interface of the Router R1 (DCE) .

Root# set interfaces se-0/0/2 unit 0 family inet address 15.0.0.1/8 Root# set interfaces se-0/0/2 serial options clocking-mode dce Root# set interfaces se-0/0/2 serial options clock-rate 64.0khz Root# commit

Jweb equivalent : Configuration > Quick Configuration > interfaces

Assign the IP Address on the Serial Interface of the Router R2 .

Root# set interfaces se-0/0/2 unit 0 family inet address 15.0.0.2/8 Root# commit

Jweb equivalent : Configuration > Quick Configuration > interfaces

Verifying Commands

Root> show interfaces Root> show interfaces terse

Root> show interfaces terse | match se Root> show interfaces detail se-0/0/2

Lab # 2

Accessing Router through Telnet/SSH/HTTP

(Telnet/SSH/HTTP between two Routers)

Configuration

Configuring telnet on R1

Root@R1# set system services telnet Root@R1# set system services ssh

Root@R1# set system login user R1 class super-user authentication plain-text-password

Enter password: abc123 Retype password: abc123

Configuring telnet on R2

Root@R2# set system services telnet Root@R2#set system services ssh

Root@R1# set system login user R2 class super-user authentication plain-text-password

Enter password: abc123 Retype password: abc123

Verifying Commands

Root> show system users Root> show configuration Root# show system

Lab # 3

STATIC Routes

Diagram

Configuration

Configure the Static Route on the Router R1 .

Root# set routing-options static route 20.0.0.0/8 next-hop 15.0.0.2 Root# commit

Jweb equivalent : Configuration > Quick Configuration > routing and

protocols

Configure the Static Route on the Router R2 .

Root# set routing-options static route 10.0.0.0/8 next-hop 15.0.0.1 Root# commit IP Address 15.0.0.1 Se-0/0/2 IP Address 15.0.0.2 Se-0/0/2 R1 WAN IP Address 10.0.0.10 Fe-0/0/0 IP Address 20.0.0.10 Fe-0/0/0 Host A IP Address 10.0.0.1 Host B IP Address 20.0.0.1 R2

Jweb equivalent : Configuration > Quick Configuration > routing and

protocols

Verifying Command

Root> show route

Root>show route protocol static Root> show configuration Root> show interfaces terse

Lab # 4 (i)

Routing Protocol-

RIP

Diagram

Configuration

Enable the RIP protocol on the Router R1 .

root@R1# set protocols rip group NAME export policy1

root@R1# set protocols rip group NAME neighbor se-0/0/2

Defining policy :

root@R1# set policy-options policy-statement policy1 from protocol direct

root@R1#set policy-options policy-statement policy1 then accept

Jweb equivalent : Configuration > Quick Configuration > routing and

protocols

Enable the RIP protocol on the Router R2 .

root@R2# set protocols rip group NAME export policy1

root@R2# set protocols rip group NAME neighbor se-0/0/2

Defining policy :

root@R2# set policy-options policy-statement policy1 from protocol direct

root@R2#set policy-options policy-statement policy1 then accept

Jweb equivalent : Configuration > Quick Configuration > routing and

protocols

Verifying Command

Root>show route

Root> show configuration Root> show interfaces terse Root>show route protocol rip

Lab # 4 (ii)

Routing Protocol-

OSPF

(Area 0)

Diagram

Configuration

Enable the OSPF protocol on the Router R1 .

Root@R1#set protocols ospf area 0.0.0.0 interface Fe-0/0/0 Root@R1#set protocols ospf area 0.0.0.0 interface Se-0/0/2

Or

Root@R1#set protocols ospf area 0.0.0.0 interface all

Jweb equivalent : Configuration > Quick Configuration > routing and

protocols

Backbone Area / Area 0

R2

R1 WAN

Host A IP Address 10.0.0.1

Root@R2#set protocols ospf area 0.0.0.0 interface Fe-0/0/0 Root@R2#set protocols ospf area 0.0.0.0 interface Se-0/0/2

Or

Root@R2#set protocols ospf area 0.0.0.0 interface all

Jweb equivalent : Configuration > Quick Configuration > routing and

protocols

Verifying Commands

Root>show route

Root>show ospf interface Root>show ospf neighbor Root>show route protocol ospf

Lab # 5

Firewall Filtering

i.Simple Firewall Filtering

Diagram

IP Address 15.0.0.1

Configuration

Make the Standard ACL on router R1 such that Host ‘A’ can not be accessing the Web & Ftp Server .

Root@R1# set firewall filter FILTER-IN term BLOCK-ALL-PACKETS from source-address 10.0.0.1/32

Root@R1# set firewall filter FILTER-IN term BLOCK-ALL-PACKETS then discard

Root@R1# set firewall filter FILTER-IN term ALLOW-OTHERS then accept

Host B IP Address 10.0.0.2 FTP Server IP Address 20.0.0.2 IP Address 20.0.0.1 WEB Server Host A IP Address 10.0.0.1 IP Address 10.0.0.10 Fe-0/0/0 IP Address 20.0.0.10 Ft 0Fe-0/0/0 IP Address 15.0.0.2 Serial-0/0/2 IP Address 15.0.0.1 Serial-0/0/2 WAN R1 R2

Root@R1#set interface se-0/0/2 unit 0 family inet filter OUTPUT FILTER-IN

Verifying commands (Now Host A should not be accessing both Web & FTP

root# show firewall filter FILTER-NAME

ii. Advanced Firewall Filtering

Diagram

Configuration

Make the Firewall Filtering on router R1 such that Host ‘A’ can not be accessing the Web Server.

Root@R1#set firewall filter protectterm DENY-http from source-address10.0.0.1/32

Root@R1#set firewall filter protectterm DENY-http from destination-address20.0.0.1/32

Root@R1#set firewall filter protectterm DENY-http from protocol tcp

Root@R1#set firewall filter protectterm DENY-http from destination-port http

Root@R1#set firewall filter protectterm DENY-http then discard

Host B IP Address 10.0.0.2 FTP Server IP Address 20.0.0.2 IP Address 20.0.0.1 WEB Server Host A IP Address 10.0.0.1 IP Address 10.0.0.10 Fe-0/0/0 IP Address 20.0.0.10 Ft 0Fe-0/0/0 IP Address 15.0.0.2 Serial-0/0/2 IP Address 15.0.0.1 Serial-0/0/2 WAN R1 R2

Make the Firewall Filtering on router R1 such that Host ‘B’ can not be accessing the Ftp Server .

Root@R1#set firewall filter protectterm DENY-FTP from source-address10.0.0.2/32

Root@R1#set firewall filter protectterm DENY-FTP from destination-address20.0.0.2/32

Root@R1#set firewall filter protectterm DENY-FTP from protocol tcp

Root@R1#set firewall filter protectterm DENY- FTP from destination-port FTP

Root@R1#set firewall filter protectterm DENY-FTP then discard

Root@R1#set firewall filter protectterm PERMIT-ALL then accept

Apply the Firewall Filtering on router R1’s Ethernet Interface.

Root@R1#set interface fe-0/0/0 unit 0 family inet filter input protect

Verifying commands (Now Host A should not be accessing Web server & Host B

root# show firewall filter FILTER-NAME

Lab # 6

Port Address Translation (PAT)

Diagram

Configuration

Configuring Sp interface

Root#set interfaces sp-0/0/0 unit 0 family inet

Defining Nat Pool

Root#set services nat pool global-out address 15.0.0.11/32 Root#set services nat pool global-out port automatic

Defining Nat rule

Root#set services nat rule nat-out match-direction output

Root#set services nat rule nat-out term nat-with-alg from application-sets junos-algs-outbound

IP Address 15.0.0.1

Serial 0 IP Address 15.0.0.2_{Serial 0} R1

WAN

IP Address 10.0.0.10

Ethernet 0 IP Address 20.0.0.10_{Ethernet 0}

IP Address 20.0.0.1 Host B IP Address 10.0.0.2 IP Address 20.0.0.2 FTP Server WEB Server

Inside Local Outside Local

Inside Global Outside Global

NAT Translation Table Of R1 10.0.0.1 15.0.0.11 10.0.0.2 15.0.0.12 Host A IP Address 10.0.0.1 R2

global-out

Root#set services nat rule nat-out term nat-with-alg then translated translation-type source dynamic

Create service set

Root#set services service-set nat-ss nat-rules nat-out

Root#set services service-set nat-ss interface-service service-interface sp-0/0/0.0

Apply service set to nat interface

Root#set interfaces se-0/0/2 unit 0 family inet service input service-set nat-ss Root#set interfaces se-0/0/2 unit 0 family inet service output service-set nat-ss

Verifying commands

Root>sh services nat pool Root >sh services nat pool detail

Root >clear services stateful-firewall flows

Lab #7

Configuring VRRP

Configuration

Configuration of Vrrp on Router A

Root#set interfaces fe-0/0/0 unit 0 family inet address 10.0.0.10/8 vrrp-group 1 virtual-address 10.0.0.5 L0 15.0.0.1 L0 15.0.0.1 Virtual Router 10.0.0.5 J2300 J2300 10.0.0.20 10.0.0.10 VRRP GROUP 1 Host A IP Address 10.0.0.1

priority 200

Root#set interfaces fe-0/0/0 unit 0 family inet address 10.0.0.10/8 vrrp-group 1 accept-data

Root#set interfaces lo0 unit 0 family inet address 15.0.0.2/32

Configuration of Vrrp on Router B

Root#set interfaces fe-0/0/0 unit 0 family inet address 10.0.0.20/8 vrrp-group 1 virtual-address 10.0.0.5

Root#set interfaces fe-0/0/0 unit 0 family inet address 10.0.0.10/8 vrrp-group 1 priority 100

Root#set interfaces fe-0/0/0 unit 0 family inet address 10.0.0.10/8 vrrp-group 1 accept-data

Root#set interfaces lo0 unit 0 family inet address 15.0.0.2/32

Verifying Commands

Root>show vrrp

Root>show vrrp interface fe-0/0/0

Lab # 8

Inter-VLAN Routing

Switch

Switch(config)#interface range fastEthernet 0/1 - 10

Switch(config-if-range)#switchport mode access Switch(config-if-range)#switchport access vlan 10

Switch(config)#interface range fastEthernet 0/11 - 20 Switch(config-if-range)#switchport mode access Switch(config-if-range)#switchport access vlan 20

Switch(config)#interface fastEthernet 0/24 Switch(config-if)#switchport mode trunk

Router

Root#set interfaces fe-0/0/0 vlan-tagging Root #set interfaces fe-0/0/0 unit 10 vlan-id 10

Root #set interfaces fe-0/0/0 unit 10 family inet address 10.0.0.10/8 Root #set interfaces fe-0/0/0 unit 20 vlan-id 20

Root #set interfaces fe-0/0/0 unit 20 family inet address 20.0.0.10/8

Verifying Command

root# show interfaces fe-0/0/0

root# show interfaces fe-0/0/0 | display set

Lab # 9

Configuring Juniper Router as a Dhcp

Server

Step 1: On Router Create & Configure Dhcp

Root#set system services dhcp pool 10.0.0.0/8

Root#set system services dhcp pool 10.0.0.0/8 router 10.0.0.10

Root#set system services dhcp pool 10.0.0.0/8 address-range low 10.0.0.1 high 10.0.0.12 Host A Host B Fe-0/0/0 10.0.0.10

J2300

On Router reserve address (10.0.0.5) by excluding from dhcp pool

Root#set system services dhcp pool 10.0.0.0/8 exclude-address 10.0.0.5

Jweb equivalent : Configuration > Quick Configuration > dhcp

Verifying Commands

Root>show system services dhcp binding

Lab #10

Password Recovery

Configuration

First Press Power ON Button reboot your router

when below line appear press space bar

Hit [Enter] to boot immediately, or space bar for command prompt. Booting [kernel] in 1 second...

Type boot –s at below prompt

Type '?' for a list of commands, 'help' for more detailed help. Ok boot -s

Type recovery at below prompt

Enter full pathname of shell or 'recovery' for root password recovery or RETURN for /bin/sh: recovery

CLI prompt Appear

Starting CLI ... root>

Type Configure and Set Root authentication Password

Root>configure

Root#set system root-authentication plain-text-password New password:*******

Retype new password:*******

Root#commit Root# exit

Type Exit to reboot the Router

root> exit

Reboot the system? [y/n] yes

Lab # 11

PPP AUTHENTICATION-

CHAP

Diagram

Configuration

CHAP Authentication Configuration for Router R1.

Root#set system host-name R1

Root@R1#set system root-authentication encrypted-password abc123 Root@R1#set interfaces se-0/0/2 encapsulation ppp

Root@R1#set interfaces se-0/0/2 ppp-options chap default-chap-secret abc123 Root@R1#set interfaces se-0/0/2 ppp-options chap local-name R1

CHAP Authentication Configuration for Router R2.

Root#set system host-name R2

Root@R2#set system root-authentication encrypted-password abc123 Root@R2#set interfaces se-0/0/2 encapsulation ppp

Root@R2#set interfaces se-0/0/2 ppp-options chap default-chap-secret abc123 Root@R2#set interfaces se-0/0/2 ppp-options chap local-name R2

IP Address 15.0.0.1

Se-0/0/2 IP Address 15.0.0.2_Se-0/0/2 R2 R1