Scribd
Upload
159 views53 pages

Intro Juniper 2

The document provides instructions for basic Junos configuration and procedures, including: - Showing the active and candidate configurations - Rebooting and powering off the device - Updating the Junos software - Configuring system login classes and users - Configuring interfaces such as aggregated Ethernet (AE) interfaces - Configuring syslog settings

Uploaded by

Phylipi Reis Torres
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
159 views53 pages

Intro Juniper 2

The document provides instructions for basic Junos configuration and procedures, including: - Showing the active and candidate configurations - Rebooting and powering off the device - Updating the Junos software - Configuring system login classes and users - Configuring interfaces such as aggregated Ethernet (AE) interfaces - Configuring syslog settings

Uploaded by

Phylipi Reis Torres
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 53

INTRODUÇÃO AO JUNOS

Agosto de 2013

WZTECH Networks

Parte II

[email protected]
CONFIGURATION MODE

- Mostrar a configuracao ATIVA

lab@host> show configuration

- Mostrar a configuracao CANDIDATA (IDENTADO)

lab@host# show

- Mostrar a configuracao CANDIDATA

lab@host# show | display set | no-more

lab@host# show | display set | no-more | save (/var/home/user)

lab@host# show | display set | no-more | save ftp://user@pass:192.168...

lab@host# load set terminal (copy + paste no proprio terminal)


Ctrl + D
- REBOOT PROCEDIMENTOS INICIAIS
lab@host> request system reboot

- DESLIGAR A CAIXA
lab@host# run request system halt

- LIMPAR TEMPORARIOS
lab@host# run request system storage cleanup

- RESCUE
lab@host# run request system configuration rescue save
lab@host# run request system configuration rescue delete

- ATUALIZAR A CAIXA
Arquivo do JUNOS pode estar remote (FTP/SCP) ou no diretório local.
PEN DRIVE USB – FAT32 – apos colocar o pen drive aparecera o device na console (/dev/da1/s1) – user SHELL
Root% mkdir –p /var/tmp/usb
Root% mount –t msdos /dev/da1s1 /var/tmp/usb
Root% cp /var/mtp/usb/jinstall-12.tar.gz /var/tmp
Root% umount /var/tmp/usb
Root% cli
lab@host> request system software add /var/tmp/junos-domestic.tgz unlink no-copy no-validate
lab@host> request system software add ftp://192.168.10.100/junos-domestic.tgz unlink no-copy no-validate
lab@host> request system reboot
lab@host> request system snapshot slice alternate
lab@host> show system snapshot media internal
PROCEDIMENTOS INICIAIS
PROCEDIMENTOS INICIAIS
PROCEDIMENTOS INICIAIS
PROCEDIMENTOS INICIAIS
PROCEDIMENTOS INICIAIS

LEMBRAR DE APAGAR OS DIRETORIOS DE USUARIOS NO SHELL !!

root> start shell


root% rm -rf /var/home/giuliano/

root> file delete /config/*

root> file delete /var/db/config/*

root> start shell

root% echo "" > /var/db/commits

root> request system configurarion rescue delete

root# delete (yes)

root# exit (yes)


PROCEDIMENTOS INICIAIS
PROCEDIMENTOS INICIAIS
PROCEDIMENTOS INICIAIS

version 1.0;
ns junos = "http://xml.juniper.net/junos/*/junos";
ns xnm = "http://xml.juniper.net/xnm/1.1/xnm";
ns jcs = "http://xml.juniper.net/junos/commit-scripts/1.0";

import "../import/junos.xsl";

match / {
<op-script-results> {

var $cmd = <command> 'show version and haiku';


var $out = jcs:invoke($cmd);
copy-of ($out);
}
}
/var/db/scripts/op/

router# set system scripts op file hello.slax ( commit)

router> op hello
PROCEDIMENTOS INICIAIS
PROCEDIMENTOS INICIAIS
PROCEDIMENTOS INICIAIS
PROCEDIMENTOS INICIAIS
PROCEDIMENTOS INICIAIS
PROCEDIMENTOS INICIAIS
PROCEDIMENTOS INICIAIS

set system login class READ_ONLY_CLASS idle-timeout 30


set system login class READ_ONLY_CLASS permissions network
set system login class READ_ONLY_CLASS permissions view
set system login class READ_ONLY_CLASS permissions view-configuration
set system login class READ_ONLY_CLASS deny-commands "(request|restart|file delete|file rename)“

set system login class SUPER_USER_CLASS idle-timeout 60


set system login class SUPER_USER_CLASS permissions all
set system login class SUPER_USER_CLASS deny-commands "request system zeroize"

set system login user READ_ONLY


set system login user READ_ONLY class READ_ONLY_CLASS authentication plain-text-password

set system login user SUPER_USER


set system login user SUPER_USER class SUPER_USER_CLASS authentication plain-text-password
switch# show system | display set | no-more

set system host-name BORDER


set system domain-name wztech.com.br
set system time-zone America/Sao_Paulo
set system no-redirects
Set system no-multicast-echo
set system no-ping-record-route
set system no-ping-time-stamp
set system internet-options path-mtu-discovery
set system internet-options tcp-drop-synfin-set
set system internet-options ipv6-path-mtu-discovery
set system ports console log-out-on-disconnect
set system ports console type vt100
set system ports auxiliary disable
set system ports auxiliary type vt100
set system root-authentication encrypted-password “sonet40atm"
set system name-server 8.8.8.8
set system name-server 8.8.4.4
switch# show system | display set | no-more
set system login message ....
set system login class OPERATOR idle-timeout 10
set system login class OPERATOR permissions view
set system login class SUPER idle-timeout 10
set system login class SUPER permissions all
set system login user giuliano uid 2006
set system login user giuliano class SUPER
set system login user giuliano authentication encrypted-password “sonet40atm”
set system login password format sha1
set system services ssh root-login deny
set system services ssh no-tcp-forwarding
set system services ssh protocol-version v2
set system syslog archive size 512k
set system syslog archive files 5
set system syslog archive world-readable
set system syslog user * any emergency
set system syslog file messages any critical
set system syslog file messages authorization info
set system syslog file interactive-commands interactive-commands error
set system syslog file LOGS-DE-FIREWALL firewall any
set system syslog time-format year
set system syslog time-format millisecond
set system ntp boot-server 200.160.0.8
set system ntp server 200.160.0.8
CONFIGURACOES DE SYSLOG
set system syslog user * any emergency
set system syslog host <X.X.X.X> any info
set system syslog host <X.X.X.X> authorization info
set system syslog host <X.X.X.X> interactive-commands notice
set system syslog host <X.X.X.X> facility-override local7
set system syslog host <X.X.X.X> explicit-priority
set system syslog file messages any notice
set system syslog file messages authorization info
set system syslog file messages archive size 1m
set system syslog file messages archive files 10
set system syslog file interactive-commands interactive-commands any
set system syslog file default-log-messages any any
set system syslog file default-log-messages match "(requested 'commit' operation)|(copying configuration to juniper.save)|
ifAdminStatus |(FRU power)|(FRU removal)|(FRU insertion)|(link UP)|(vc add)|(vc delete)|transitioned|Transferred|transferfile|
(license add)|(license delete)| GRES"
set system syslog file default-log-messages structured-data
set system syslog file cli.log interactive-commands info
set system syslog file cli.log match .*CMDLINE.*
set system syslog file cli.log archive size 5m
set system syslog file cli.log archive files 10
set system syslog file link.up.down daemon info
set system syslog file link.up.down match "(SNMP_TRAP|VCCPD_PROTOCOL)"
set system syslog file link.up.down archive size 1m
set system syslog file link.up.down archive files 10
set system syslog file local.service external info
set system syslog time-format year
set system syslog time-format millisecond
set system syslog source-address <X.X.X.X VME IP>
INTERFACES
INTERFACES
INTERFACES
INTERFACES
INTERFACES
INTERFACES
INTERFACES
INTERFACES
INTERFACES
INTERFACES
INTERFACES

802.3ad
INTERFACES
INTERFACES
INTERFACES
INTERFACES
INTERFACES

Tem que criar a unidade ae0 na configuração pra ela subir !!!

Switch# set interfaces ae0 unit 0 family ethernet-switching (Layer-2)

Switch# set interfaces ae0 unit 0 family inet (Layer-3)

Switch> show interfaces ae0 extensive

Switch# set interfaces ae0 description “LIGACAO COM UNIDADE DA SAUDA”

{master:0}[edit]
root@BORDER-18# set interfaces ae0 aggregated-ether-options lacp ?
Possible completions:
active Initiate transmission of LACP packets
admin-key Node's administrative key
+ apply-groups Groups from which to inherit configuration data
+ apply-groups-except Don't inherit configuration data from these groups
> link-protection
passive Respond to LACP packets
periodic Timer interval for periodic transmission of LACP packets
system-id Node's System ID, encoded as a MAC address
system-priority Priority of the system (0 ... 65535)
INTERFACES AE

set interfaces ae<AE ID> description "To FAE <device name> <port-channel group>"

set interfaces ae<AE ID> aggregated-ether-options link-speed 10g


set interfaces ae<AE ID> aggregated-ether-options minimum-links 1

set interfaces ae<AE ID> aggregated-ether-options lacp passive

set interfaces ae<AE ID> traps

set interfaces ae<AE ID> unit 0 family ethernet-switching port-mode trunk


set interfaces ae<AE ID> unit 0 family ethernet-switching vlan members <VLAN ID>

set interfaces <xe-X/Y/Z> ether-options 802.3ad ae<AE ID>


set interfaces <xe-X/Y/Z> traps

set interfaces <xe-A/B/C> ether-options 802.3ad ae<AE ID>


set interfaces <xe-A/B/C> traps

set interfaces <xe-X/Y/Z> description "To FAE"


set interfaces <xe-A/B/C> description "To FAE"
INTERFACES AE
root@BORDER-18# run show interfaces ae0 extensive

Physical interface: ae0, Enabled, Physical link is Down


Interface index: 153, SNMP ifIndex: 551, Generation: 156
Description: LIGACAO COM SAUDE ZONA NORTE
Link-level type: Ethernet, MTU: 1514, Speed: Unspecified, BPDU Error: None,
MAC-REWRITE Error: None, Loopback: Disabled, Source filtering: Disabled,
Flow control: Disabled, Minimum links needed: 1, Minimum bandwidth needed: 0
Device flags : Present Running
Interface flags: Hardware-Down SNMP-Traps Internal: 0x4000
Current address: ac:4b:c8:26:9d:43, Hardware address: ac:4b:c8:26:9d:43
Last flapped : 2013-05-29 12:18:34 BRT (00:00:01 ago)
Statistics last cleared: Never
Traffic statistics:
Input bytes : 48855 0 bps
Output bytes : 0 0 bps
Input packets: 268 0 pps
Output packets: 0 0 pps
IPv6 transit statistics:
Input bytes : 0
Output bytes : 0
Input packets: 0
Output packets: 0
Input errors:
Errors: 0, Drops: 0, Framing errors: 0, Runts: 0, Giants: 0,
Policed discards: 0, Resource errors: 0
Output errors:
Carrier transitions: 1, Errors: 0, Drops: 0, MTU errors: 0,
Resource errors: 0

Logical interface ae0.0 (Index 65) (SNMP ifIndex 555) (Generation 130)
Flags: Hardware-Down Device-Down SNMP-Traps 0x4000 Encapsulation: ENET2
Statistics Packets pps Bytes bps
Bundle:
Input : 6 0 1306 0
Output: 0 0 0 0
Link:
ge-0/0/0.0 <-- down
Marker Statistics: Marker Rx Resp Tx Unknown Rx Illegal Rx
ge-0/0/0.0 0 0 0 0
Protocol eth-switch, Generation: 149, Route table: 0
Flags: Is-Primary
VLANS
VLANS
MAC TABLE

 Use the show ethernet-switching table command to view MAC


address table entries
MAC TABLE

 Use the clear ethernet-switching table command to clear MAC address table
contents

set ethernet-switching-options storm-control interface all (80%)


VLANS

 VLANs:
• Segment a single broadcast domain into multiple broadcast domains
• Allow for grouping users based on business needs, regardless of
physical location
VLANS

 All network ports belong to the default VLAN in the factory-default


configuration

 The mgmt VLAN allows redundant management connections to the vme


interface (EX 4200 switches only)
VLANS

 Switch ports operate in either access or trunk mode


 Access mode:
• Connects to network devices (desktop, IP phones, printers. etc.)
• Typically transmit untagged Ethernet frames for a single VLAN; exception
is when the voice VLAN feature is being used
• Default mode for all ports
 Trunk mode:
• Connects to other switches or a router
• Typically transmit tagged Ethernet frames for multiple VLANs;
exception is when the native VLAN option is configured
• Must be explicitly configured
VLANS

802.1Q Frame

 4 – byte tag inserted into Ethernet frame (max 1522 bytes)


 Tag protocol Identifier (TPID): 16 bits, default 0x8100
 Priority: 3 bits,802.1q
 Canonical Format Indicator (CFI): 1 bit, default 0
 Unique VLAN identifier (VID): 12 bits
VLANS

 A trunk is a single Ethernet link that can carry traffic for multiple
VLANs
VLANS
VLANS
VLANS
VLANS
VLANS

You might also like