Documente Academic
Documente Profesional
Documente Cultură
Self packed online courses are available for this course at the below given link
http://www.juniper.net/training/technical_education/
http://www.juniper.net/training/jbooks/
http://www.juniper.net/techpubs
http://www.juniper.net/training/certification/resources.html
http://www.juniper.net/training/technical_education/
http://forums.juniper.net/t5/training-certification-and/bd-p/training_and_certification
1) root user
2) Non-root user
Root user: Highest privileged user by default can login into shell mode.
Non-root user : Limited privileged user who can run specific tasks only
1) Operation Mode
2) Configuration Mode
1) Operational Mode: This mode is used for monitoring & troubleshooting the
software,Network & hardware of your Juniper device.
> symbol represents this mode.
shell mode: Because Junos kernel is built on FreeBSD. This shell mode is of FreeBSD
kernel. Because of this reason we can't say this mode as Junos mode. % symbol
represents shell mode.
If root login into junos he will be directly entered into shell mode. In this mode he
can modify kernel parameters.
ex: root%
ex: root%cli
root>
user@R1#edit system
[edit system]
user@R1#set host-name juniper1
[edit system]
user@juniper1#exit
[edit]
user@juniper1#exit
Setting Routers Domain Name
Instructions:
1. Enter into configuration mode
2. Set domain name as fls.com
user@R1>configure
[edit]
user@R1#edit system
[edit system]
user@R1#set domain-name fls.com
[edit system]
user@R1#exit
Configure the Root Password (Encrypted Password)
Instructions:
1. Enter into configuration mode
2. Move to the root-authentication hierarchy
3. Set the encrypted password as 24adr3e
user@R1>configure
[edit]
user@R1#edit system root-authentication
[edit]
user@R1#edit system
[edit system]
user@R1#set backup-router 196.20.32.15/24
[edit system]
user@R1#exit
[edit]
user@R1#
Router Interface Address Configuration
Description: In this lab, you configure ge-0/0/1 interface under unit 0 and family inet
on a router
with specified ip address and subnet mask. Choose R1 in the network diagram and
exit.
Instructions:
1. Enter into configuration mode
2. Set ip address of ge-0/0/1 as 196.20.32.15 and subnet mask as 24
3. Issue show interfaces command to verify the configuration
user@R1>configure
[edit]
user@R1#edit interfaces ge-0/0/1
[edit interfaces ge-0/0/1]
user@R1#edit unit 0 family inet
[edit interfaces ge-0/0/1 unit 0 family inet]
user@R1#set address 196.20.32.15/24
[edit interfaces ge-0/0/1 unit 0 family inet]
user@R1#exit
[edit interfaces ge-0/0/1]
user@R1#exit
[edit]
user@R1#commit
commit complete
[edit]
user@R1#exit
user@R1>show interfaces ge-0/0/1
Shut down an Interface
Description: By default, an interface will be in up state. We need to issue disable
command to
bring-down the interface.
Instructions:1. View the information about interface ge-0/0/1
2. Bring ge-0/0/1 to no shutdown state
3. Now view the state of the interface ge-0/0/1
user@R1>configure
[edit]
user@R1#edit interfaces ge-0/0/1
[edit interfaces ge-0/0/1]
user@R1#set disable
[edit interfaces ge-0/0/1]
user@R1#exit
[edit]
user@R1#
Set Interface Description
Description: In this exercise, description to an interface is set by using set
description command.
Instructions:
4. Set the IP address on all the four fixed Gigabit Ethernet ports of J-Series router
5. Commit the configuration
6. Issue show configuration to verify the configuration set on the router.
7. Issue show interfaces brief command to display brief information about all
interfaces
configured on the router.
8. Issue show interfaces terse command to display summary information about
interfaces.
user@R1>configure
[edit]
user@R1#edit system
[edit system]
user@R1#set host-name Router1
[edit system]
user@ Router1#set domain-name router.net
[edit system]
user@ Router1#set root-authentication encrypted-password vhvc#!
[edit system]
user@ Router1#set name-server 10.148.2.32[edit system]
user@ Router1#set backup-router 192.168.2.34/24
[edit system]
user@ Router1#exit
[edit]
user@ Router1#edit interfaces
[edit interfaces]
user@ Router1#set ge-0/0/0 unit 0 family inet address 192.168.1.1/24
[edit interfaces]
cable information.
Static routing:
to view:
#show routing-options
OSPF:
To view:
#run show route protocol ospf
SRX AD Integration
set access profile profile-name ldap-server <AD Server IP address> port 389/636
[edit]
user@R1#edit policy-options policy-statement riproutes
[edit policy-options policy-statement riproutes]
user@R1#edit term AdvRip
[edit policy-options policy-statement riproutes term AdvRip]
user@R1#edit from
[edit policy-options policy-statement riproutes term AdvRip from]
user@R1#set protocol rip
[edit policy-options policy-statement riproutes term AdvRip from]
user@R1#exit
[edit policy-options policy-statement riproutes term AdvRip]
user@R1#edit then
[edit policy-options policy-statement riproutes term AdvRip then]
user@R1#set accept
[edit policy-options policy-statement riproutes term AdvRip then]
user@R1#exit
[edit policy-options policy-statement riproutes term AdvRip]
user@R1#exit
[edit policy-options policy-statement riproutes]
user@R1#exit[edit]
user@R1#
Routing Policy Lab 2
Description: Use this lab to configure the routing policy on router, by specifying the
match
condition to reject all rip routes, that is checked against the source address of the
route
advertised.
Instructions:
1. Enter into configuration mode.
2. Create a policy statement by name as same as riproutes.
3. Create a term under the policy created above by the name as AdvRip.
4. Create a match condition and specify to reject rip routes under the above term.
user@R1>configure
[edit]
user@R1#edit policy-options policy-statement riproutes
[edit policy-options policy-statement riproutes]
user@R1#edit term AdvRip
[edit policy-options policy-statement riproutes term AdvRip]
user@R1#edit from
[edit policy-options policy-statement riproutes term AdvRip from]
user@R1#set protocol rip
[edit policy-options policy-statement riproutes term AdvRip from]
user@R1#exit
[edit policy-options policy-statement riproutes term AdvRip]
user@R1#edit then
[edit policy-options policy-statement riproutes term AdvRip then]
user@R1#set reject
[edit policy-options policy-statement riproutes term AdvRip then]
user@R1#exit
[edit policy-options policy-statement riproutes term AdvRip]
user@R1#exit
[edit policy-options policy-statement riproutes]
user@R1#exit
[edit]
user@R1#
RIP CONFIGURATION LAB
RIP Configuration
Description: Use this lab to configure the RIP on router, by applying an export and
import
policies at their respective hierarchical levels.Instructions:
1. Enter into configuration mode.
2. Enable RIP routing on the router.
3. Create a group called neighborRouters apply an export policy riproutes to this
group.
4. Specify the neighbor interface as so-0/0/0 under the above created group and
apply an import
policy riproutes to this neighbor.
user@R1>configure
[edit]
user@R1#edit protocols rip
[edit protocols rip]
user@R1#edit group neighborRouters
[edit protocols rip group neighborRouters]
user@R1#set export riproutes
[edit protocols rip group neighborRouters]
user@R1#edit neighbor so-0/0/0
[edit protocols rip group neighborRouters neighbor so-0/0/0]
user@R1#set import riproutes
[edit protocols rip group neighborRouters neighbor so-0/0/0]
user@R1#exit
create 2 users u1 & u2 u1 should have only show permissions & u2 should have aall
permissions.
set system tacplus < tacacs server ip> secret < tacacs + key >
commit
commit
Archiving
set transfer-on-commit
set archive-sites ftp://username@ip password <password>
#dhclient
connect redhat dvd navigate to Server folder
#rpm -ivh ntp <tab> --force --aid
#gedit /etc/ntp.conf
under this line type as follows # Please consider joining the pool
(http://www.pool.ntp.org/join.html).
# server 0.rhel.pool.ntp.org
# server 1.rhel.pool.ntp.org
# server 2.rhel.pool.ntp.org
server 212.65.10.1
(save & quit)
#gedit /etc/ntp/ntpservers
add this ip
212.65.10.1
( save & quit)
#gedit /etc/ntp/step-tickers
add this line
server 212.65.10.1
(save & quit)
NTP server
SNMP
to test snmp
Routing Policies
edit policy-options
set policy-statement default-static term accept-default-static from protocol static
to verify:
Firewall Filters
Firewall filter:
case 1:
host A(10.0.0.1) cannot not be accessing web and ftp server
r1: set firewall filter <filtername> term block from source-address 10.0.0.1/32
r1: set firewall filter <filtername> term block then discard
r1: set firewall filter <filtername> term allow then accept
r1: set interface em0 unit 0 family inet filter output <filtername>
case2:
Host A cannot be accessing web server
r1: set firewall filter <filtername> term deny from source-address 10.0.0.1/32
r1: set firewall filter <filtername> term deny from destination-address 20.0.0.1/32
r1: set firewall filter <filtername> term deny from protocol tcp
r1: set firewall filter <filtername> term deny from destination-port http
r1: set firewall filter <filtername> term deny then discard
r1: set firewall filter protect term DENY-FTP from source- address10.0.0.2/32
r1: set firewall filter protect term DENY-FTP from destination- address20.0.0.2/32
r1: set firewall filter protect term DENY-FTP from protocol tcp
r1: set firewall filter protect term DENY- FTP from destination-port FTP
r1; set firewall filter protect term DENY-FTP then discard
r1: set firewall filter protect term PERMIT-ALL then accept
Verifying commands
what is routing
Components of routing
Routing tables
Copiles information learned from routing protocols and other routing information
sources.
Selects an active route to each destination.
Populates the forwarding table.
Main Unicast routing tables are inet.0 for ipv4 & inet6.0 for IPV6
Route preferences
Direct 0
Local
Static 5
OSPF internal 10
RIP
100
Forwarding Tables:
Stores information for packet forwarding operation; contents include the destination
prefixes and the associates outgoing interfaces.
Routing Instance :
The junos os logically groups routing tables, interfaces and routing protocol
parameters to form unique routing instances. The device logically keeps the routing
information in on erouting instance apart from all the other routing instances. The
use of routing instance introduces great flexibility because a single device ccan
effectively imitate multiple devices.
#show route instance is the command used to see default routing instance.
User can define his own rotuing instance under edit routing instance.