Scribd
Upload
9 views70 pages

Intro Juniper-3

The document provides an introduction to Junos, detailing various networking protocols and configurations such as RPM, OSPF, static routing, and firewall filters. It outlines the setup for inter-VLAN routing, SNMP configurations, and the use of groups for managing settings. Additionally, it includes commands for configuring network devices and managing routing protocols effectively.

Uploaded by

Jose Wyllian Passos
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
9 views70 pages

Intro Juniper-3

The document provides an introduction to Junos, detailing various networking protocols and configurations such as RPM, OSPF, static routing, and firewall filters. It outlines the setup for inter-VLAN routing, SNMP configurations, and the use of groups for managing settings. Additionally, it includes commands for configuring network devices and managing routing protocols effectively.

Uploaded by

Jose Wyllian Passos
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 70

INTRODUÇÃO AO JUNOS

Agosto de 2013

WZTECH Networks

Parte III

[email protected]
RPM
giuliano@BORDER# show services
rpm {
probe example {
test test-name {
target address 178.185.250.1;
probe-count 3;
probe-interval 15;
test-interval 10;
thresholds {
successive-loss 3;
total-loss 3;
}
destination-interface fe-0/0/0.0;
}
}
}
ip-monitoring {
policy test {
match {
rpm-probe example;
}
then {
preferred-route {
route 0.0.0.0/0 {
next-hop 121.121.121.121;
}
}
}
}
}
EVENT-OPTIONS

set event-options generate-event Evento-Teste time-of-day “18:00:00 +0000"


set event-options policy Policy1 events Evento-Teste
set event-options policy Policy1 then execute-commands commands “show configuration | display set | no-more"
set event-options policy Policy1 then execute-commands output-filename Teste
set event-options policy Policy1 then execute-commands destination ftp
set event-options destinations ftp archive-sites ftp://[email protected]/ password sonet40atm!@#$

show event-options
generate-event {
testEvent time-of-day "10:42:00 +0000";
}
policy Policy1 {
events testEvent;
then {
execute-commands {
commands {
"show system uptime";
}
output-filename test1;
output-format text;
destination local-directory;
}
}
}
destinations {
local-directory {
archive-sites {
/var/tmp/;
}
}
}
RVI (INTER VLAN ROUTING)

 Inter-VLAN routing allows Layer 3 communications between individual


subnets or VLANs
 Inter-VLAN communication require that interfaces be configured for Layer 3
operation
• Protocol family determines layer of operation
RVI (INTER VLAN ROUTING)

 Use RVIs to allow inter-VLAN communications:


RVI (INTER VLAN ROUTING)
RVI (INTER VLAN ROUTING)

 Associate Layer 3 VLAN interfaces with proper VLANs:


PROTOCOLS

 EX-series switches support the following Layer 3


unicast forwarding mechanisms and protocols:
• Static routing
• RIP
• OSPF
• IS-IS
• RGP
• VRRP
• PROTOCOL DIRECT
• PROTOCOL STATIC
• PROTOCOL OSPF, RIP, IS-IS …
• PROTOCOL BGP
PROTOCOLS

 Compiles information learned from routing protocols


and other routing information sources
 Selects an active route to each destination
 Populates the forwarding table
 EX-series switches use the inter.0 routing table to
IPv4 unicast routing
PROTOCOLS

 Ranks routes received from different sources


 Primary criterion for selecting the active route
 Ranges from 0 to 4,294,967,295 with lower value preferred
PROTOCOLS

 Use show route to display route table contents:


STATIC ROUTE

 Manually configured routes added to route table


• Defined under [edit routing-options] hierarchy
 Always require a configured next hop
• Valid options are IP address, discard, and reject
• Qualified next-hop option allows independent preference
STATIC ROUTE

 Use static routing to provide connectivity among all


connected subnets and loopback addresses

set interfaces xe-0/1/0 disable (DESATIVA FISICAMENTE INTERFACE)


delete interfaces xe-0/1/0 disable (ATIVA FISICAMENTE INTERFACE)
STATIC ROUTE

 Create a default route on S1; use S2 as the next hop


STATIC ROUTE

 Create Static route on S2; use S1 as the next hop


STATIC ROUTE

 Display the routing table and to confirm reachability


OSPF

 OSPF is a link-state routing protocol that:


 Reliably flood LSAs to distribute link-state information
 Creates a complete database for the network
 Uses the SPF algorithm to calculate best paths within a network
 Uses areas to incorporate hierarchy and allow for scalability
OSPF
OSPF
OSPF

Router# set interfaces lo0 unit 0 family inet address 10.150.40.1/32


Router# set routing-options router-id 10.150.40.1
OSPF
OSPF
OSPF
OSPF

Switch> show ospf database router

Switch> show ospf database router advertising-router 10.240.0.1 detail


OSPF
• Authentication MD5
set protocols ospf area 0 interface xe-0/0/0 authentication md5 10 key sonet40atm

• Hello and Dead-Interval


set protocols ospf area 0 interface ge-0/0/15 hello-interval 2 (dead interval)

• Reference Bandwidth
set protocols ospf reference-bandwidth 10g

• Passive Interface
set protocols ospf area 0 interface ge-0/0/15 passive

• Import Policy (somente filtra rotas externas e não LSA internas)

• Export Policy – Observação da Import Policy

• Router ID Loopback
set interface lo0 unit 0 family inet address
set routing-options router-id

• (BFD)
set protocols ospf área 0 interface ge-0/0/0 bfd-liveness-detection minimum-interval 500
OSPF

{master:0}[edit]
empro@BORDER-18# run show bfd session detail
Detect Transmit
Address State Interface Time Interval Multiplier
10.150.10.2 Up vlan.10 1.500 0.500 3
Client OSPF realm ospf-v2 Area 0.0.0.0, TX interval 0.500, RX interval 0.500
Session up time 00:01:02
Local diagnostic None, remote diagnostic NbrSignal
Remote state Up, version 1
Detect Transmit
Address State Interface Time Interval Multiplier
10.150.80.2 Up vlan.80 1.500 0.500 3
Client OSPF realm ospf-v2 Area 0.0.0.0, TX interval 0.500, RX interval 0.500
Session up time 00:00:07
Local diagnostic NbrSignal, remote diagnostic None
Remote state Up, version 1

2 sessions, 2 clients
Cumulative transmit rate 4.0 pps, cumulative receive rate 4.0 pps
OSPF

• show ospf neighbor

• show ospf database

• show ospf interface extensive

• show ospf overview

• show route protocol ospf

• show ospf route


OSPF

• set protocols ospf area 0.0.0.0 interface ge-0/0/0.0 priority 255

• set protocols ospf area 0.0.0.0 interface lo0.0 passive

• set protocols ospf area 0.0.0.0 interface ge-0/0/0.0 interface-type p2p


OSPF

Switch> insert policy-options policy-statement OSPF-EXPORT term 15 before term 20

empro@BORDER-18# show policy-options


policy-statement OSPF-EXPORT {
term 10 {
from {
protocol direct;
route-filter 172.16.200.0/24 exact;
}
then accept;
}
term 15 {
from {
protocol static;
route-filter 192.168.18.0/24 exact;
}
then accept;
}
term 20 {
then reject;
}
}
OSPF

policy-statement OSPF-IMPORT {
term 10 {
from {
route-filter 192.168.6.0/24 exact;
route-filter 192.168.8.0/24 exact;
}
then reject;
}
term 20 {
then accept;
}
}

Show> set protocols ospf export OSPF-EXPORT


Show> set protocols ospf import OSPF-IMPORT
VRRP
VRRP
VRRP
SPANNING TREE
SPANNING TREE
SPANNING TREE
SPANNING TREE
SPANNING TREE
SPANNING TREE
SPANNING TREE
SPANNING TREE
SPANNING TREE
SPANNING TREE
SPANNING TREE
SPANNING TREE
SPANNING TREE
SPANNING TREE
SPANNING TREE
SPANNING TREE
SPANNING TREE
SPANNING TREE
SPANNING TREE
SPANNING TREE
SPANNING TREE

[edit protocols]
user@switch1# mstp configuration-name region1
user@switch1# mstp bridge-priority 16k
user@switch1# mstp interface ge-0/0/13.0 cost 1000
user@switch1# mstp interface ge-0/0/13.0 mode point-to-point
user@switch1# mstp interface ge-0/0/9.0 cost 1000
user@switch1# mstp interface ge-0/0/9.0 mode point-to-point
user@switch1# mstp interface ge-0/0/11.0 cost 4000
user@switch1# mstp interface ge-0/0/11.0 mode point-to-point
user@switch1# mstp msti 1 bridge-priority 16k
user@switch1# mstp msti 1 vlan [10 20]
user@switch1# mstp msti 1 interface ge-0/0/11.0 cost 4000
user@switch1# mstp msti 2 bridge-priority 8k
user@switch1# mstp msti 2 vlan [30 40]
SPANNING TREE
SPANNING TREE

set protocols rstp interface xe-0/1/0 no-root-port


wildcard range set protocols rstp interface ge-0/1/[0-10] no-root-port
set ethernet-switching-options bpdu-block interface ge-0/0/20
set protocols rstp interface ge-0/0/10 edge
set protocols rstp bpdu-block-on-edge
REDUDANT TRUNK GROUP
REDUDANT TRUNK GROUP
REDUDANT TRUNK GROUP
REDUDANT TRUNK GROUP
FIREWALL FILTER

apply-path "protocols bgp group <*> neighbor <*>"

set firewall family inet filter PROTECT-RE term 10 from source-address 10.150.0.0/16
set firewall family inet filter PROTECT-RE term 10 from protocol tcp
set firewall family inet filter PROTECT-RE term 10 from destination-port 22
set firewall family inet filter PROTECT-RE term 10 then accept
set firewall family inet filter PROTECT-RE term 20 from protocol tcp
set firewall family inet filter PROTECT-RE term 20 from destination-port 22
set firewall family inet filter PROTECT-RE term 20 then discard
set firewall family inet filter PROTECT-RE term 30 from protocol icmp
set firewall family inet filter PROTECT-RE term 30 from icmp-type echo-reply
set firewall family inet filter PROTECT-RE term 30 then accept
set firewall family inet filter PROTECT-RE term 40 from protocol udp
set firewall family inet filter PROTECT-RE term 40 from source-port ntp
set firewall family inet filter PROTECT-RE term 40 from source-port domain
set firewall family inet filter PROTECT-RE term 40 from destination-port ntp
set firewall family inet filter PROTECT-RE term 40 from destination-port domain
set firewall family inet filter PROTECT-RE term 40 then accept
set firewall family inet filter PROTECT-RE term 50 from protocol ospf
set firewall family inet filter PROTECT-RE term 50 then accept
set firewall family inet filter PROTECT-RE term 60 from protocol tcp
set firewall family inet filter PROTECT-RE term 60 from destination-port bgp
set firewall family inet filter PROTECT-RE term 60 then accept
set firewall family inet filter PROTECT-RE term 70 from protocol udp
set firewall family inet filter PROTECT-RE term 70 from source-port snmp
set firewall family inet filter PROTECT-RE term 70 from destination-port snmp
set firewall family inet filter PROTECT-RE term 70 then accept
set firewall family inet filter PROTECT-RE term 80 then discard
FIREWALL FILTER

set policy-options prefix-list CLIENTE-01 10.150.10.0/24


set policy-options prefix-list CLIENTE-01 10.150.20.0/24
set policy-options prefix-list CLIENTE-01 10.150.30.0/24
set policy-options prefix-list CLIENTE-01 10.150.40.0/24

policer ICMP-POLICER {
if-exceeding {
bandwidth-limit 512k;
burst-size-limit 32k;
}
then discard;
}

term 30 {
from {
protocol icmp;
icmp-type echo-reply;
}
then policer ICMP-POLICER;
}
PROTECAO DA RE
set firewall family inet filter PROTECT-RE term 10 from protocol icmp
set firewall family inet filter PROTECT-RE term 10 then discard
set firewall family inet filter PROTECT-RE term 20 from source-address 10.80.0.0/24
set firewall family inet filter PROTECT-RE term 20 from protocol tcp
set firewall family inet filter PROTECT-RE term 20 from destination-port ssh
set firewall family inet filter PROTECT-RE term 20 then accept
set firewall family inet filter PROTECT-RE term 30 from protocol tcp
set firewall family inet filter PROTECT-RE term 30 from destination-port ssh
set firewall family inet filter PROTECT-RE term 30 then discard
set firewall family inet filter PROTECT-RE term 40 then accept

root@CORE# show interfaces lo0


unit 0 {
family inet {
filter {
input PROTECT-RE;
}
}
}

root@CORE# show interfaces lo0 | display set


set interfaces lo0 unit 0 family inet filter input PROTECT-RE
UTILIZACAO DE GROUPS (LCD-MENU)

{master:8}[edit]

root@CORE# show groups | display set


set groups member0 chassis lcd-menu menu-item maintenance-menu disable
set groups member1 chassis lcd-menu menu-item maintenance-menu disable
set groups member8 chassis lcd-menu menu-item maintenance-menu disable
set groups member9 chassis lcd-menu menu-item maintenance-menu disable

{master:8}[edit]

root@CORE# show apply-groups | display set


set apply-groups member0
set apply-groups member1
set apply-groups member8
set apply-groups member9
SNMP

set snmp location "PCS Virtual Chassis"


set snmp contact <“[email protected]">
set snmp interface vme.0
set snmp view System oid system
set snmp community WZTECH-MGT authorization read-only
set snmp community WZTECH-MGT authorization read-write
set snmp trap-options source-address < xxx.xxx.xxx.xxx – ME IP >
set snmp trap-options enterprise-oid
set snmp trap-group space targets <X.X.X.X>
set snmp trap-group <public> categories authentication
set snmp trap-group <public> categories chassis
set snmp trap-group <public> categories link
set snmp trap-group <public> categories startup
set snmp trap-group <public> categories configuration
set snmp trap-group <public> categories routing
set snmp trap-group <public> categories services
set snmp trap-group <public> targets <X.X.X.X>
PIM e IGMP

pim {
rp {
local {
address 192.168.110.1;
}
static {
address 192.168.110.1; RP Estatico (escolher uma caixa)
}
(apontar estaticamente em todas)
}
interface all {
mode sparse-dense; Interfaces de Transito e Acesso
}
}

igmp {
interface xe-0/0/19.0 { Interfaces de Acesso
}
}
SFLOW

user@switch# show protocols


sflow {
polling-interval 20;
sample-rate 1000;
collector 10.204.32.46; Coletor
interfaces ge-0/0/0.0; Interface Monitorada
}
http://www.juniper.net/us/en/local/pdf/app-notes/3500162-en.pdf

http://www.juniper.net/techpubs/en_US/junos9.4/topics/task/configuration/sflow-ex-series-cli.html

http://www.inmon.com/support/faq.php#configuresFlowJuniper

http://www.plixer.com/Scrutinizer-Netflow-Sflow/scrutinizer-flow-analyzer.html

http://www.juniper.net/us/en/local/pdf/app-notes/3500204-en.pdf
HELPER ADDRESS
Topology:

[Client PC] --- ge-0/0/0 [EX Switch] ge0/0/1 --- [DHCP Server]

•Client PC is in VLAN 10.

•The DHCP server is in VLAN 20 with the 20.20.20.2 IP address.

•The EX switch is configured as DHCP relay and performs inter VLAN routing between VLANs 10 and 20.

Configuration:

set vlans vlan10 vlan-id 10


set interfaces ge-0/0/0 unit 0 family ethernet-switching vlan members vlan10

set vlans vlan10 l3-interface vlan.10


set interfaces vlan unit 10 family inet address 10.10.10.1/24

set vlans vlan20 vlan-id 20


set interfaces ge-0/0/1 unit 0 family ethernet-switching vlan members vlan20
set interfaces vlan unit 20 family inet address 20.20.20.1/24

set vlans vlan20 l3-interface vlan.20

set forwarding-options helpers bootp server 20.20.20.2


set forwarding-options helpers bootp interface vlan.10
HELPER ADDRESS

Verifying relay agent activity on EX:

juniper@EX> show helper statistics

bootps:
Received packets: 4
Forwarded packets: 4
Dropped packets: 0
Due to no interface in fud database: 0
Due to no matching routing instance: 0
Due to an error during packet read: 0
Due to an error during packet send: 0
Due to invalid server address: 0
Due to no valid local address: 0
Due to no route to server/client: 0
GRACEFULL SWITCHOVER

VIRTUAL CHASSIS (2 REs)

• set system commit synchronize

• set chassis redundancy graceful-switchover

• set routing-options nonstop-routing

• set ethernet-switching-options nonstop-bridging

You might also like