Scribd
Upload
34 views21 pages

JUNOS

admin configuration

Uploaded by

Doloran Doloran
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
34 views21 pages

JUNOS

admin configuration

Uploaded by

Doloran Doloran
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 21

INTRODUCTION TO JUNOS

MINZAT ALEXANDRU
INTRODUCTION TO JUNOS
1. JUNIPER DEVICE LINEUP
2. JUNIPER DEVICE COMPONENTS
3. TRAFFIC HANDLING
4. JunOS
5. JUNIPER INITIAL CONFIGURATION
INTRODUCTION TO JUNOS
JUNIPER DEVICES LINEUP
SWITCHING ROUTING SECURITY

EX QFX vQFX MX vMX ACX SRX vSRX


INTRODUCTION TO JUNOS
JUNIPER DEVICES COMPONENTS

IS THE BRAIN OF THE PLATFORM - CONTROLS AND MONITORS THE CHASSIS,


MANAGES THE PFE.
IT IS MAINTAINING: ROUTING-TABLES, SWITCHING TABLE, FORWARDING TABLE. ROUTING ENGINE
IT IS HANDLING: PROTOCOL SETUP, PROTOCOL UPDATES.

INTERNAL LINK USED FOR


COMMUNICATION BETWEEN RE
AND PFE
HANDLING TRANSIT TRAFFIC
IT HAS SPECIFIC HARDWARE - ASICS TO
HANDLE THE TRAFFIC
PACKET FORWARDING ENGINE

FPC 0 FPC 1
FPC IS THE NETWORK CARD THAT
AGGREGATES PORTS, SOME FPCs MAY
HAVE PICs OTHERS DON'T PIC 0 PIC 1 PIC 0 PIC 1

PORT PORT PORT PORT PORT PORT PORT PORT


PICs ARE COMPONENTS OF FPCs

PORTS ARE USED TO RECEIVE AND SEND TRAFFIC, INTERFACES ARE NAMED AS FOLLOWS:
[port-type]-[fpc X]/[]pic X]/[port X] - xe-0/0/1; et-0/0/1 ; ge-0/0/0
INTRODUCTION TO JUNOS
TRAFFIC HANDLING

ROUTING ENGINE
LOCAL TRAFFIC IS CONSIDERED TRAFFIC DESTINED TO
ROUTING ENGINE, IF YOU PING PORT 1.1.1.1 THE TRAFFIC
WILL BE PROCESSED BY ROUTING ENGINE.

ALL PROTOCOLS WHICH HAVE A TERMINATION ON THE


LOCAL DEVICE WILL HAVE TO COMMUNICATE WITH RE
PACKET FORWARDING ENGINE
LOCAL TRAFFIC CAN BE VIEWED USING:
monitor traf c interface ge/xe/et-x/x/x.x
FPC 0 FPC 1

PIC 0 PIC 1 PIC 0 PIC 1


PORT 1
PORT PORT PORT PORT PORT PORT IP 1.1.1.1 PORT

LOCAL
ISIS BGP PING
OSPF
UPDATE UPDATE UPDATE 1.1.1.1
fi
INTRODUCTION TO JUNOS
TRAFFIC HANDLING

ROUTING ENGINE

PACKET FORWARDING ENGINE


TRANSIT TRAFFIC IS HANDLED ENTIRELY BY PFE.
TRANSIT TRAFFIC IS REPRESENTING ACTUAL DATA
THAT IS TRANSMITTED FROM HOST TO HOST FPC 0 FPC 1
TRANSIT TRAFFIC CANNOT BE VIEWED USING:
monitor traf c interface ge/xe/et-x/x/x.x PIC 0 PIC 1 PIC 0 PIC 1
IN ORDER TO VIEW TRANSIT TRAFFIC:
con gure port forwarding PORT PORT PORT PORT PORT PORT PORT PORT
TRANSIT TRAFFIC CAN BE VIEWED ONLY ON SRX
DEVICES: show security ow session [options]

HOST A HOST B
fi
fi
fl
INTRODUCTION TO JUNOS
JunOS

- JunOS IS A MODULAR OS
- DEVICE FUNCTIONALITY IS MANAGED BY DIFFERENT ISOLATED PROCESSES
THAT CAN BE RESTARTED SEPARATELY
- IF A PROCESS IS FAILING JunOS MODULARITY IS ENSURING THAT IT WILL NOT
INTERFERE WITH OTHER PROCESSES
INTRODUCTION TO JUNOS
JunOS
IN JUNOS, CLI IS ORGANIZED AN VERY EASY TO USE, EACH COMMAND IS INTUITIVE TO ISSUE AND EASY TO FIND.
JUNOS CLI HAVE 2 OPERATING MODES:
- OPERATION MODE
- CONFIGURATION MODE
OPERATIONAL MODE

root@:RE:0% cli
{master:0}
root> DEFAULT MODE WHEN LOGGINNG TO JUNOS, USED TO ISSUE OPERATIONL COMMANDS: PING, TELNET, SHOW

HELP CHARACTER “?” CAN BE USED TO FIND THE COMMAND YOU ARE LOOKING FOR:
root> ?
Possible completions:
clear Clear information in the system
configure Manipulate software configuration information
file Perform file operations
help Provide help information
load Load information from file
monitor Show real-time debugging information
mtrace Trace multicast path from source to receiver
op Invoke an operation script
ping Ping remote target
quit Exit the management session
request Make system-level requests
restart Restart software process
save Save information to file
set Set CLI properties, date/time, craft interface message
INTRODUCTION TO JUNOS
JunOS
CONFIGURATION MODE

root@:RE:0% cli
{master:0}
root> edit
Entering configuration mode

{master:0}[edit]
root# USED TO ISSUE CONFIGURATION COMMANDS

HELP CHARACTER “?” CAN BE USED TO FIND THE COMMAND YOU ARE LOOKING FOR, TO ADD A CONFIGURATION START WITH “set” COMMAND:
root# set ?
Possible completions:
> access Network access configuration
> access-profile Access profile for this instance
> accounting-options Accounting data configuration
> applications Define applications by protocol characteristics
+ apply-groups Groups from which to inherit configuration data
> chassis Chassis configuration
> class-of-service Class-of-service configuration
> diameter Diameter protocol layer
> event-options Event processing configuration
> firewall Define a firewall configuration
> forwarding-options Configure options to control packet forwarding
> groups Configuration groups
> interfaces Interface configuration
INTRODUCTION TO JUNOS
JunOS
YOU CAN USE PIPE TO FILTER INFORMATION IN BOTH MODES:

root# show | ? root> show route | ?

Possible completions:
append Append output text to file
compare Compare configuration changes with prior version
count Count occurrences
display Show additional kinds of information
except Show only text that does not match a pattern
find Search for first occurrence of pattern
hold Hold text without exiting the --More-- prompt
last Display end of output only
match Show only text that matches a pattern
no-more Don't paginate output
request Make system-level requests
save Save output text to file
tee Write to standard output and file
trim Trim specified number of columns from start of line
YOU ARE IN CONFIGURATION MODE AND WANT TO ACCESS OPERATION MODE COMMANDS? NO PROBLEM USE “run”:
root# run show route

169.254.0.0/24 *[Direct/0] 00:25:06


> via em1.0
169.254.0.2/32 *[Local/0] 00:25:06
Local via em1.0
INTRODUCTION TO JUNOS
JunOS
IN JUNOS CONFIGURATION IS NOT IMMEDIATELY APPLIED AFTER ISSUING IT, IT MUST BE COMMITED:

{master:0}[edit]
root# set interfaces ge-0/0/0.0 family inet address 192.168.0.1/24

{master:0}[edit]
root# show | compare
[edit interfaces]
+ ge-0/0/0 {
+ unit 0 {
+ family inet {
+ address 192.168.0.1/24;
+ }
+ }
+ }

{master:0}[edit]
root# commit
configuration check succeeds
commit complete

root# commit confirmed 10


commit confirmed will be automatically rolled back in 10 minutes unless
confirmed
commit complete

# commit confirmed will be rolled back in 10 minutes


INTRODUCTION TO JUNOS
JunOS
MESSED UP THE CONFIG? NO PROBLEM USE ROLLBACK.
INTRODUCTION TO JUNOS
JunOS root# show OR root> show configuration
## Last changed: 2022-12-22 09:59:38 UTC
VIEWING THE CONFIGURATION version 18.4R1.8;
system {
root-authentication {
encrypted-password “

}
syslog {
user * {
any emergency;
}
file messages {
any notice;
authorization info;
}
file interactive-commands {
interactive-commands any;
}
}
}
interfaces {
em1 {
unit 0 {
family inet {
address 169.254.0.2/24;
}
}
}
INTRODUCTION TO JUNOS
JunOS
VIEWING THE CONFIGURATION

root# show | display set OR root> show configuration | display set


set version 18.4R1.8
set system root-authentication encrypted-password
"$6$JjoeAsEA$026gobm8SIsd7HEGoqhW2Qn1rdodilCYLpvqBlF8nUCyfPE2FvC9wymFBq74A3kdSLsPWNMbRx78zk4DbZWOX1"
set system syslog user * any emergency
set system syslog file messages any notice
set system syslog file messages authorization info
set system syslog file interactive-commands interactive-commands any
set interfaces em1 unit 0 family inet address 169.254.0.2/24
set forwarding-options storm-control-profiles default all

SAVING THE CONFIGURATION

{master:0}[edit]
root# show | save /var/tmp/config.txt OR root> show configuration | save /var/tmp/config.txt
Wrote 33 lines of output to '/var/tmp/config.txt'

MORE COMMANDS WIL BE EXPLORED AS WE CONTINUE THIS PRACTICE ORIENTED COURSE


INTRODUCTION TO JUNOS
SOFTWARE VERSIONS AND UPGRADE/DOWNGRADE

JUNIPER SOFTWARE CAN BE IDENTIFIED AS FOLLOWS:

m.nZb.s -> 18.4R1.8 WHERE:

m - MAJOR RELEASE NUMBER OF THE PRODUCT [18]


n - MINOR RELEASE NUMBER [4]
Z - TYPE OF RELEASE [R]

• R—FRS/Maintenance release software


• B—Beta release software
• I—Internal release software: Private software release for verifying fixes
• S—Service release software: Released to customers to solve a specific problem—this release will be maintained along with the life span of the underlying
release
• X—Special (eXception) release software: Released to customers to solve an immediate problem—customers are expected to migrate to a supported release
when available

b - BUILT NUMBER OF THE PRODUCT [1]


s - SPIN OF THE PRODUCT [8]
INTRODUCTION TO JUNOS
SOFTWARE VERSIONS AND UPGRADE/DOWNGRADE

IN JUNOS UPGRADE CAN BE PERFORMED IN MULTIPLE WAYS, MOST POPULAR IS THE NORMAL UPGRADE.
ACCORDING TO JUNIPER BEST PRACTICES, WHEN PERFORMING A NORMAL UPGRADE, IT IS RECOMMENDED NOT TO SKIP MORE THAN 2 MAJOR
RELEASES.

WITH THIS METHOD ALL OF THE CONFIGURATION, LOG FILE OR ANY OTHER FILES ON THE DEVICE WILL REMAIN UNTOUCHED.
DEVICE WILL BOOT DIRECTLY INTO NEW VERSION.

LETS SAY WE WANT TO UPGRADE JUNOS FROM 18.3 TO 22.1, WE WILL HAVE TO MAKE A FEW STOPS: 18.3 -> 20.1 -> 22.1

Junos OS 22.1
Junos OS 21.4
Junos OS 21.3
Junos OS 21.2 THINK OF A NETWORK DEVICE AS OF FANCY PC AND THAT YOU ARE JUST INSTALLING THE WINDOWS ON IT.
Junos OS 21.1
Junos OS 20.3 1. COPY THE IMAGE ON THE DEVICE VIA SFTP OR DOWNLOAD IT DIRECTLY: le copy “URL” /var/tmp/junos-vmhost-
Junos OS 20.2 install-mx-x86-64-20.4R3-S5.4-limited.tgz
Junos OS 20.1 2. ISSUE: >request system software add /var/tmp/junos-vmhost-install-mx-x86-64-20.4R3-S5.4-limited.tgz
Junos OS 19.4 3. WAIT FOR IT TO FISNISH THE INSTALATION THEN IT WILL ASK FOR A REBOOT, REBOOT IT
Junos OS 19.3 4. DEVICE WILL REBOOT WITH THE NEW VERSION
Junos OS 19.2 5. CHECK IF THE VERSION WAS INSTALLED: show version
Junos OS 19.1
Junos OS 18.4
Junos OS 18.3
fi
INTRODUCTION TO JUNOS
SOFTWARE VERSIONS AND UPGRADE/DOWNGRADE

IN JUNOS UPGRADE CAN BE PERFORMED IN MULTIPLE WAYS, MOST POPULAR IS THE NORMAL UPGRADE, THE OTHER ONE IS FORMAT INSTALL.

DURING FORMAT INSTALL YOU CAN JUMP STRAIGHT TO THE DESIRED VERSION, BUT ALL THE CONFIGURATION AND THE DATA ON THE DEVICE
HDD/SSD WILL BE WIPED.

A SPECIAL IMAGE IS USED FOR FORMAT INSTALL OR USB INSTALL: THE KEYWORDS ARE jinstall-media/install-usb : junos-vmhost-install-usb-mx-
x86-64-20.4R3-S5.4-limited.img.gz

1. CREATE A BOOTABLE USB WITH RUFUS


2. INSERT THE USB IN THE USB PORT OF THE DEVICE
3. REBOOT THE SYSTEM
4. PRESS THE KEY ASKED TO ENTER BOOT FROM USB MODE
5. WAIT FOR THE INSTALL
6. DEVICE WILL BOOT WITH THE NEW VERSION
INTRODUCTION TO JUNOS
INITIAL CONFIGURATION
UPON RECEIVING A NEW JUNIPER UNIT, IT WILL ARRIVE WITH DEFAULT CONFIGURATION, IT MAY VARRY FROM DEVICE TO DEVICE, BUT MOST NEWER
DEVICES HAVE THIS CONFIG:

set version 20190829.221548_builder.r1052644


set system autoinstallation delete-upon-commit
set system autoinstallation traceoptions level verbose
set system autoinstallation traceoptions flag all
set system services ssh
set system services web-management http interface fxp0.0
set system services web-management https system-generated-certificate
set system services web-management https interface fxp0.0
set system syslog user * any emergency
set system syslog file messages any any
set system syslog file messages authorization info
set system syslog file interactive-commands interactive-commands any

DEFAULT USERNAME BEING: root WITHOUT PASSWORD.

UPON COMMITTING ANY CONFIGURATION ON THE NEW BOX, JUNOS WILL REQUIRE A ROOT PASSWORD:

[edit]
[edit]
'system'
root@SRX# set system root-authentication plain-text-password
Missing mandatory statement: 'root-authentication'
New password:
error: commit failed: (missing mandatory statements)
Retype new password:

[edit]
root@SRX# commit
commit complete
INTRODUCTION TO JUNOS
INITIAL CONFIGURATION

SETTING UP A HOSTNAME:
#set system hostname JUNIPER

CONFIGURE A MANAGEMENT INTERFACE:


#set interfaces fxp0 unit 0 family inet address 192.168.1.1/24

CONFIGURE SSH LOGIN WITH ROOT USER:


#set system services ssh root-login allow

CONFIGURE THE DNS SERVER:


#set system name-server 8.8.8.8

CONFIGURE USERS IF NEEDED:


#set system login user LAB class super-user authentication [encrypted-password / ssha-rsa
Juniper operational mode:
- show chassis routing engine
- Show route
- Show ethernet switching table
- show log messages | cu match
- Show log interactive-commands
Con guration mode:
- run show commands
- commint / commit con rmed / commit comment
- Rollback 1,2,3 / rollback dupa con g
INITIAL CONFIG:
- set system root-authentication plain-text-password
Commit
- set sys hostname vMX1
- Set interfaces fxp0 unit 0 family inet address 192.168.0.222/24
- Set system login user badcompany class super user authentication — incercat ssh
- Set system services ssh root-login allow - ce se intampla daca il avem si daca nu il avem
Ce se intampla daca nu avem name-service XXXXX
- Set system name-service 8.8.8.8
fi
fi
fi
THANK YOU!

MINZAT ALEXANDRU

You might also like

pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy