JNCIA Notes

Junos os fundamentals
This module is a part of JNCIA ( Junos ) certification
Self packed online courses are available for this course at the below given link
http://www.juniper.net/training/technical_education/
Additional Resources links
http://www.juniper.net/training/jbooks/
http://www.juniper.net/techpubs
http://www.juniper.net/training/certification/resources.html
for courses and syllabus:
http://www.juniper.net/training/technical_education/
Community for Juniper doubts & updates
http://forums.juniper.net/t5/training-certification-and/bd-p/training_and_certification
Junos O/S Fundamentals
By default Junos os is having 2 types of users.
1) root user
2) Non-root user
Root user: Highest privileged user by default can login into shell mode.
Non-root user : Limited privileged user who can run specific tasks only
Junos is having 2 modes.
1) Operation Mode
2) Configuration Mode
1) Operational Mode: This mode is used for monitoring & troubleshooting the
software,Network & hardware of your Juniper device.
> symbol represents this mode.
2) Configuration Mode: This mode is used to configure interfaces, Protocols, Firewall

Policies, Hardware control & User access.
# symbol represents this mode.
shell mode: Because Junos kernel is built on FreeBSD. This shell mode is of FreeBSD
kernel. Because of this reason we can't say this mode as Junos mode. % symbol
represents shell mode.
If root login into junos he will be directly entered into shell mode. In this mode he
can modify kernel parameters.
ex: root%
To enter into operational mode from shell mode command is cli
ex: root%cli
root>
Some commands which are essential in this mode.
>show version : To view Junos version

>show arp
: To view Arp Tables entries
>show confgiuration : To view entire Configuration file

>show firewall : To view firewall status
>show interfaces: To view interfaces
>show PFE brief or show PFE terse : To vie PFE version
>show route terse or show route brief: To view routing tables
>show security policies : To view security policies

>show security log:To view security logs
>show security nat static rule all : to view all static nat rules
>show system uptime : to view device uptime
>show system memory : to view Memory allocation to each module
>show system storage : to view storage information
> show system connections : To view seesion table (netstat )
>show system login lockout: to view locked user accounts
>show security flow status : to view whether your device is acting like an router or
firewall
( flow based= router, packet based =firewall )
> show system processes : to view current running process with ids
>show system users : current logged in users
> show interfaces ge-0/0/0 extensive : to view more info about an interface
> show interfaces terse : to view all interfaces along with status.
Entering configuration mode on a Router, and exit

:
1. Enter into configuration mode
2. Get back to the operational mode
user@R1>configure
[edit]
user@R1#exit
user@R1>
Setting Host Name
user@R1>configure
[edit]
user@R1#edit system
[edit system]
user@R1#set host-name juniper1
[edit system]
user@juniper1#exit
[edit]
user@juniper1#exit
Setting Routers Domain Name
Instructions:
2. Set domain name as fls.com
user@R1>configure
[edit]
user@R1#edit system
[edit system]
user@R1#set domain-name fls.com
[edit system]
user@R1#exit
Configure the Root Password (Encrypted Password)
Instructions:
2. Move to the root-authentication hierarchy
3. Set the encrypted password as 24adr3e
user@R1>configure
[edit]
user@R1#edit system root-authentication
[edit system root-authentication]

user@R1#set encrypted-password 24adr3e
[edit system root-authentication]
user@R1#exit
[edit]
Configure a DNS Name Server
Description: For the Router to resolve hostnames into addresses, one or more DNS
name servers
have to be configured.
Instructions:
2. Set the DNS name server as 196.20.32.15
user@R1>configure
[edit]
user@R1#edit system
[edit system]
user@R1#set name-server 196.20.32.15
[edit system]
user@R1#exit
[edit]
user@R1#
Configure a Backup Router
Description: This exercise demonstrates configuring a backup router.
Instructions:
2. Configure the backup router with an address of
196.20.32.15/24user@R1>configure
[edit]
user@R1#edit system
[edit system]
user@R1#set backup-router 196.20.32.15/24
[edit system]
user@R1#exit
[edit]
user@R1#
Router Interface Address Configuration
Description: In this lab, you configure ge-0/0/1 interface under unit 0 and family inet
on a router
with specified ip address and subnet mask. Choose R1 in the network diagram and
exit.
Instructions:
2. Set ip address of ge-0/0/1 as 196.20.32.15 and subnet mask as 24
3. Issue show interfaces command to verify the configuration
user@R1>configure
[edit]
user@R1#edit interfaces ge-0/0/1
[edit interfaces ge-0/0/1]
user@R1#edit unit 0 family inet
[edit interfaces ge-0/0/1 unit 0 family inet]
user@R1#set address 196.20.32.15/24
[edit interfaces ge-0/0/1 unit 0 family inet]
user@R1#exit
user@R1#exit
[edit]
user@R1#commit
commit complete
[edit]
user@R1#exit
user@R1>show interfaces ge-0/0/1
Shut down an Interface
Description: By default, an interface will be in up state. We need to issue disable
command to
bring-down the interface.
Instructions:1. View the information about interface ge-0/0/1
2. Bring ge-0/0/1 to no shutdown state
3. Now view the state of the interface ge-0/0/1
user@R1>configure
[edit]
user@R1#set disable
user@R1#exit
[edit]
user@R1#
Set Interface Description
Description: In this exercise, description to an interface is set by using set
description command.
Instructions:
1. Enter into configuration mode.

2. Set the description of interface ge-0/0/1 as "interface-ge-0/0/1" .
user@R1>configure
[edit]
user@R1#set description "interface-ge-0/0/1"
user@R1#exit
[edit]
user@R1#
Basic gigabit ethernet configuration on a J-series
router
Description : This lab exercise demonstrates configuring the gigabit ethernet
interface on
a J-series router and also setting other basic
parameters like hostname, domain-name, name-server, backup router etc. Show
command
is issued to verify the configuration set
on the router.
Instructions
1. Enter into system hierarchy on R1
2. Set the router hostname as Router1, domain-name as router.net, rootauthentication as
vhvc#!, name-server as 10.148.2.32,
backup-router as 192.168.2.34/24
3. Exit from system hierarchy and enter into interfaces hierarchy
4. Set the IP address on all the four fixed Gigabit Ethernet ports of J-Series router
5. Commit the configuration
6. Issue show configuration to verify the configuration set on the router.
7. Issue show interfaces brief command to display brief information about all
interfaces
configured on the router.
8. Issue show interfaces terse command to display summary information about
interfaces.
user@R1>configure
[edit]
user@R1#edit system
[edit system]
user@R1#set host-name Router1
[edit system]
user@ Router1#set domain-name router.net
[edit system]
user@ Router1#set root-authentication encrypted-password vhvc#!
[edit system]
user@ Router1#set name-server 10.148.2.32[edit system]
user@ Router1#set backup-router 192.168.2.34/24
[edit system]
user@ Router1#exit
[edit]
user@ Router1#edit interfaces
[edit interfaces]
user@ Router1#set ge-0/0/0 unit 0 family inet address 192.168.1.1/24
[edit interfaces]

[edit interfaces]
[edit interfaces]
[edit interfaces]
user@ Router1#exit
[edit]
user@Router1#commit
commit complete
[edit]
user@ Router1#exit
user@Router1>show configuration
user@Router1>show interfaces brief
user@Router1>show interfaces terse
Show chassis commands on J and M-series
routers
Description: This lab demonstrates the show chassis commands.Instructions
1. Display environmental information about the routing platform chassis,including
the
temperature and information about the fans, power supplies, and Routing Engine
2. Displays a list of all Flexible Physical Interface Card Concentrators (FPCs) and PICs
installed in the router chassis, including the hardware version level and serial
number.
3. Displays the FIC information, such as the FIC type, ASIC type, operating status,
PIC
version,and the amount of time the FIC has been online.The command output also
displays port
cable information.
Static routing:
R1: set routing-options static route 192.168.6.0/24 next-hop 192.168.0.100

R2: routing-options static route 192.168.5.0/24 next-hop 192.168.0.50
to view:
#show routing-options
OSPF:
R1: set protocols ospf area 0.0.0.0 interface em0

set protocols ospf area 0.0.0.0 interface em1
R2 : set protocols ospf area 0.0.0.0 interface em0

set protocols ospf area 0.0.0.0 interface em1
To view:
#run show route protocol ospf
#run traceroute <destination>
SRX AD Integration
set access profile profile-name authentication-order ldap
set access profile profile-name ldap-server <AD Server IP address> port 389/636
set access firewall-authentication pass-through default-profile profile-name
set access profile profile-name ldap-options base-distinguished-name

CN=Administrator,CN=Users,DC=fls,DC=com
POLICIES CONFIGURATION LABS

Routing Policy Lab 1
Description: Use this lab to configure the routing policy on router, by specifying the
match
condition to accept all rip routes, that is checked against the source address of the
route
advertised.
Instructions:
2. Create a policy statement by name as same as riproutes.
3. Create a term under the policy created above by the name as AdvRip.
4. Create a match condition and specify to accept rip routes under the above term.
user@R1>configure
[edit]
user@R1#edit policy-options policy-statement riproutes
[edit policy-options policy-statement riproutes]
user@R1#edit term AdvRip
[edit policy-options policy-statement riproutes term AdvRip]
user@R1#edit from
[edit policy-options policy-statement riproutes term AdvRip from]
user@R1#set protocol rip
user@R1#exit
user@R1#edit then
[edit policy-options policy-statement riproutes term AdvRip then]
user@R1#set accept
user@R1#exit
user@R1#exit
user@R1#exit[edit]
user@R1#
Routing Policy Lab 2
Description: Use this lab to configure the routing policy on router, by specifying the
match
condition to reject all rip routes, that is checked against the source address of the
route
advertised.
Instructions:
2. Create a policy statement by name as same as riproutes.
3. Create a term under the policy created above by the name as AdvRip.
4. Create a match condition and specify to reject rip routes under the above term.
user@R1>configure
[edit]
user@R1#edit policy-options policy-statement riproutes
user@R1#edit term AdvRip
user@R1#edit from
user@R1#set protocol rip
user@R1#exit
user@R1#edit then
user@R1#set reject
user@R1#exit
user@R1#exit
user@R1#exit
[edit]
user@R1#
RIP CONFIGURATION LAB
RIP Configuration
Description: Use this lab to configure the RIP on router, by applying an export and
import
policies at their respective hierarchical levels.Instructions:
2. Enable RIP routing on the router.
3. Create a group called neighborRouters apply an export policy riproutes to this
group.
4. Specify the neighbor interface as so-0/0/0 under the above created group and
apply an import
policy riproutes to this neighbor.
user@R1>configure
[edit]
user@R1#edit protocols rip
[edit protocols rip]
user@R1#edit group neighborRouters
[edit protocols rip group neighborRouters]
user@R1#set export riproutes
user@R1#edit neighbor so-0/0/0
[edit protocols rip group neighborRouters neighbor so-0/0/0]
user@R1#set import riproutes
[edit protocols rip group neighborRouters neighbor so-0/0/0]
user@R1#exit

user@R1#exit
[edit protocols rip]
user@R1#exit
[edit]
user@R1#
SHOW COMMAND LAB

Show Commands
Description: This exercise demonstrates various basic show commands
available.Instructions:
1. Issue show version brief command.
2. Issue show cli command.
3. Issue show cli history command.
user@R1>show version brief
user@R1>show cli
user@R1>show cli history
Configuring users & permissions
1) edit system login
Create a class with a name FLS-<ur name> permisssions view

Create a class with a name FLS-<ur name> permissions reset
create 2 users u1 & u2 u1 should have only show permissions & u2 should have aall
permissions.
set user u1 class FLS-<ur name>

set user u1 authentication plain-text-password class <read-only>
configuring external authentication
set system radius-server <server ip> secret <password>
set system authentication-order radius

commit
set system tacplus < tacacs server ip> secret < tacacs + key >
set system authentication order [ radius tacplus local ]
commit
delete system authentication order
commit
show system authentication
Archiving
edit system archival configuration
set transfer-on-commit
set archive-sites ftp://username@ip password <password>
file list /var/home/<username>
Secondary System configuration
Configuring Syslog messages
#show system syslog

#edit system syslog
#set file config-changes change-log info ( only info logs to watch)
#set file message any any
Using remote syslog server
set host <ip of syslog server> authorization info

commit
#run file list /var/log
configuring NTP server
Install redhat linux
#dhclient
connect redhat dvd navigate to Server folder
#rpm -ivh ntp <tab> --force --aid
#gedit /etc/ntp.conf
under this line type as follows # Please consider joining the pool
(http://www.pool.ntp.org/join.html).
# server 0.rhel.pool.ntp.org
server 212.65.10.1
(save & quit)
#gedit /etc/ntp/ntpservers
add this ip
212.65.10.1
( save & quit)
#gedit /etc/ntp/step-tickers
add this line
server 212.65.10.1
(save & quit)
NTP server
set system ntp server < ip >

set sytem ntp boot-server < ip >
#set interface lo0 unit 0 family inet address 127.100.0.2/32

show log config-changes
set date ntp
show ntp associations
SNMP
set snmp community junos clients <snmp server ip >

set snmp trap-group interfaces targets < server ip >
set snmp trap-group interfaces categories link
to test snmp
set interfaces ge-0/0/0 disable

commit
run show interfaces ge-0/0/0 terse
delete interfaces ge-0/0/0 disable
commit
> show log messages | match ge-0/0/0 | match snmp
>show snmp statistics
Routing Policies
edit policy-options
set policy-statement default-static term accept-default-static from protocol static
set policy-statement default-static term accept-default-static from route-filter

0.0.0.0/0 exact
set policy-statement default-static term accept-default-static then accept
top edit protocols ospf
set export default-static
commit
to verify:
run show route protocols ospf
Firewall Filters
Firewall filter:
case 1:
host A(10.0.0.1) cannot not be accessing web and ftp server
r1: set firewall filter <filtername> term block from source-address 10.0.0.1/32
r1: set firewall filter <filtername> term block then discard
r1: set firewall filter <filtername> term allow then accept
r1: set interface em0 unit 0 family inet filter output <filtername>
verify: show firewall filter <filtername>
case2:
Host A cannot be accessing web server
r1: set firewall filter <filtername> term deny from source-address 10.0.0.1/32
r1: set firewall filter <filtername> term deny from destination-address 20.0.0.1/32
r1: set firewall filter <filtername> term deny from protocol tcp
r1: set firewall filter <filtername> term deny from destination-port http
r1: set firewall filter <filtername> term deny then discard
Host B cannot be accessing ftp server
r1: set firewall filter protect term DENY-FTP from source- address10.0.0.2/32
r1: set firewall filter protect term DENY-FTP from destination- address20.0.0.2/32
r1: set firewall filter protect term DENY-FTP from protocol tcp
r1: set firewall filter protect term DENY- FTP from destination-port FTP
r1; set firewall filter protect term DENY-FTP then discard
r1: set firewall filter protect term PERMIT-ALL then accept
Apply the Firewall Filtering on router R1s Ethernet Interface.
Root@R1#set interface fe-0/0/0 unit 0 family inet filter input protect
Verifying commands
(Now Host A should not be accessing Web server & Host B
should not be accessing both FTP server).
root# show firewall filter FILTER-NAME
Juniper Routing Fundamentals
what is routing
The process of moving data between Layer 3 network is called routing.
Components of routing
For a device to commnicate with another device in a remote network, End-to-End

Communication path & Routing information of participating Layer3 devices must
exist.
Routing tables
Copiles information learned from routing protocols and other routing information
sources.
Selects an active route to each destination.
Populates the forwarding table.
Main Unicast routing tables are inet.0 for ipv4 & inet6.0 for IPV6
Some other Routing Tables
inet.2: Used for Multicats BGP

inet.3: Used for MPLS path information.
inet.4 : Used for Multicast Source Discovery Protocol route entries.

mpls.0 : Used for MPLS next hops
Route preferences
Ranks Routes Recieved from different sources

Primary Criteria for selecting active route is Roue prefernce value.
Direct 0
Local
Static 5
OSPF internal 10
RIP
100
OSPF external 150

BGP ( EBGP and IBGP ) 170
( Lowe Preference Values are preffered over higher preference values.

Routing instance
> Show route is the command to view routing tables.
Forwarding Tables:
Stores information for packet forwarding operation; contents include the destination
prefixes and the associates outgoing interfaces.
> show route forwarding-table
Routing Instance :
A Routing instance is a collection of routing tables, interfaces & routing protocol

parameters.
The junos os logically groups routing tables, interfaces and routing protocol
parameters to form unique routing instances. The device logically keeps the routing
information in on erouting instance apart from all the other routing instances. The
use of routing instance introduces great flexibility because a single device ccan
effectively imitate multiple devices.
Default routing instance present which is called as master routing instance.
#show route instance is the command used to see default routing instance.
User can define his own rotuing instance under edit routing instance.
static route: Manually configuring routes to add into route table.
Dynamic route: Method of Dynamically learning routing information.
Benefits of dynamic route :
1) Lower Administrative Overhead.
2) Increased Network Availabilty

3) Greater Network Scaability.

JNCIA Notes

Încărcat de

Informații document

Titlu original

Drepturi de autor

Formate disponibile

Partajați acest document

Partajați sau inserați document

Opțiuni de partajare

Vi se pare util acest document?

Este necorespunzător acest conținut?

Drepturi de autor:

Formate disponibile

JNCIA Notes

Încărcat de

Drepturi de autor:

Formate disponibile

Junos os fundamentals

This module is a part of JNCIA ( Junos ) certification

Additional Resources links

for courses and syllabus:

Community for Juniper doubts & updates

Junos O/S Fundamentals

By default Junos os is having 2 types of users.

Junos is having 2 modes.

2) Configuration Mode: This mode is used to configure interfaces, Protocols, Firewall

To enter into operational mode from shell mode command is cli

Some commands which are essential in this mode.

>show version : To view Junos version

: To view Arp Tables entries

>show confgiuration : To view entire Configuration file

>show security policies : To view security policies

Entering configuration mode on a Router, and exit

[edit system root-authentication]

1. Enter into configuration mode.

user@ Router1#set ge-0/0/1 unit 0 family inet address 192.168.2.1/24

R1: set routing-options static route 192.168.6.0/24 next-hop 192.168.0.100

R1: set protocols ospf area 0.0.0.0 interface em0

R2 : set protocols ospf area 0.0.0.0 interface em0

#run traceroute <destination>

set access profile profile-name authentication-order ldap

set access firewall-authentication pass-through default-profile profile-name

set access profile profile-name ldap-options base-distinguished-name

POLICIES CONFIGURATION LABS

[edit protocols rip group neighborRouters]

SHOW COMMAND LAB

Configuring users & permissions

1) edit system login

Create a class with a name FLS-<ur name> permisssions view

set user u1 class FLS-<ur name>

set system radius-server <server ip> secret <password>

set system authentication-order radius

set system authentication order [ radius tacplus local ]

delete system authentication order

show system authentication

edit system archival configuration

file list /var/home/<username>

Secondary System configuration

Configuring Syslog messages

#show system syslog

Using remote syslog server

set host <ip of syslog server> authorization info

configuring NTP server

Install redhat linux

set system ntp server < ip >

#set interface lo0 unit 0 family inet address 127.100.0.2/32

set snmp community junos clients <snmp server ip >

set interfaces ge-0/0/0 disable

set policy-statement default-static term accept-default-static from route-filter

run show route protocols ospf

verify: show firewall filter <filtername>

Host B cannot be accessing ftp server

Apply the Firewall Filtering on router R1s Ethernet Interface.

Root@R1#set interface fe-0/0/0 unit 0 family inet filter input protect

(Now Host A should not be accessing Web server & Host B

should not be accessing both FTP server).

root# show firewall filter FILTER-NAME

Juniper Routing Fundamentals

The process of moving data between Layer 3 network is called routing.

For a device to commnicate with another device in a remote network, End-to-End