Ssex03e ML5

e d u c a t io n se rv ic e s c o u rsew a re
Junos Switching Basics

Student Guide
NOTE: Please note this Student Guide has been developed from an audio narration. Therefore it will have
conversational English. The purpose of this transcript is to help you follow the online presentation and may require
reference to it.
Slide 1
Build the Best
2016 Juniper Networks, Inc. All rights reserved. CONFIDENTIAL SSEX03E-ML5 www.juniper.net | 1
Course SSEX03E-ML5 Juniper Networks, Inc. 2

Slide 2
2016 Juniper Networks, Inc. All rights reserved. | www.juniper.net | Proprietary and Confidential
Welcome to Juniper Networks Junos Switching Basics eLearning module.

Slide 3
Navigation
Throughout this module, you will find slides with valuable detailed information. You can stop any slide with the Pause
button to study the details. You can also read the notes by using the Notes tab. You can click the Feedback link at any
time to submit suggestions or corrections directly to the Juniper Networks eLearning team.

Slide 4
Course Objectives
After successfully completing this course, you will be

able to:
Configure and monitor interfaces on the Juniper EX Series
switching product
Configure and monitor Layer 2 on the Juniper EX Series
switching product
Configure security features on the Juniper EX Series
switching product
Configure a Virtual Chassis backplane between two Juniper
EX Series switches
After successfully completing this course, you will be able to:

Configure and monitor interfaces on the Juniper EX Series switching product;
Configure and monitor Layer 2 on the Juniper EX Series switching product;
Configure security features on the Juniper EX Series switching product; and
Configure a Virtual Chassis backplane between two Juniper EX Series switches.

Slide 5
Agenda: Junos Switching Basics
An Introduction to Using Junos OS on EX Series

Switches
Configuring and Monitoring Interfaces
Configuring and Monitoring Switching
Security
Virtual Chassis Configuration
This course consists of five sections. The five main sections are as follows:
An Introduction to Using Junos OS on EX Series Switches;
Configuring and Monitoring Interfaces;
Configuring and Monitoring Switching;
Security; and
Virtual Chassis Configuration.

Slide 6
An Introduction to Using Junos OS on

EX Series Switches
An Introduction to Using Junos OS on EX Series Switches

Slide 7
Section Objectives
After successfully completing this section, you will be

able to:
Explain Junos for EX Series switches
Describe the Junos operating system architecture
Explain the management options for Junos OS devices
After successfully completing this section, you will be able to:

Explain Junos for EX Series switches;
Describe the Junos operating system (Junos OS) architecture; and
Explain the management options for Junos OS devices.

Slide 8
Junos for EX Series Switches (1 of 4)
Switch
Router
Router Switch
operating operating
system system
Many networking companies have different software for their

routers and their switches
Junos for EX Series Switches: Part 1
Many networking companies have different software for their routers and their switches. Sometimes these are simply
different builds.

Slide 9
Router OS?
Switch OS?
Other times, these companies create different software for their very high-end routers than for their switcheswhich
means customers need to learn both operating systems.

Slide 10
Switching
Routing Security
The Junos OS is a reliable, high-performance network operating system for routing, switching, and security. Juniper
does produce several platform-specific builds of Junos to reduce package size by only including the parts of Junos
necessary for a particular platform.
However, its Junipers goal to limit the number of builds for a particular platform (often to just a single build) that
supports all the features supported by that platform.

Slide 11
In this course, we focus on EX Series switches. Juniper designed Junos for EX Series switches specifically with a
Layer 2 configuration syntax that would provide enterprises the ability to quickly configure Layer 2 features most
appropriate for the enterprise environment.

Slide 12
Junos OS Architecture
Separate Control and Forwarding Planes Provide Maximum Stability and Reliability
Routing protocols
Layer 2 interfaces
Junos OS Layer 3 interfaces
CLI
User
Routing and Forwarding Tables
Switching Tables
Control Plane
Routing Engine
Forwarding Plane
Packet Forwarding Engine
Forwarding Tables
Packets in Packets out
Junos OS Architecture
All devices running Junos have separate control and forwarding planes. All protocolssuch as routing protocols, the
Spanning Tree Protocol (or STP), and the Link Layer Discovery Protocol (or LLDP)run on the control plane. The
control plane maintains routing and switching tables, which it uses to build forwarding tables. The forwarding plane
receives the forwarding tables from the control plane and uses those to forward traffic correctly.
When you access the Junos command-line interface (or CLI), you are accessing the control plane. On the EX Series
switches, the control plane runs on a Routing Engine, which is either integrated or removable, depending on the
model. Regardless of whether the Routing Engine is removable or integrated in the chassis, it has its own processor,
memory, and storage.
The forwarding plane is built using custom application-specific integrated circuits (or ASICs), which perform packet
switching. This separation prevents the control plane from becoming so busy forwarding traffic that it cannot keep up
with protocol traffic, or vice versa. Because of the separation of the control and forwarding planes, Junos can reliably
forward the same amount of traffic regardless of the amount of protocol traffic the Routing Engine is processing.

Slide 13
Managing a Junos Device
SSH
Telnet
J-Web GUI
Console Port
SNMP
Junos Space
NETCONF API Junoscript API
Managing a Junos Device
There are multiple ways to manage a device running Junos.
Just like all other devices running Junos, you can manage the EX Series switch using the Junos CLI or a web
graphical user interface (or GUI).
You can access the CLI from the console port, Telnet, or SSH. You can also access the J-Web interface, which is a
web GUI, using either HTTP or HTTPS. You can also manage the device by using SNMP, the Junoscript API, the
NETCONF API, or Junos Space. The Junoscript API allows you to extend Junos with automated configuration
checking or expansion and automated maintenance commands. The wide variety of both proprietary and standards-
based network management choices make Junos quite flexible.

Slide 14
Section Summary
In this section, we:

Explained Junos for EX Series switches
Described the Junos OS architecture
Explained the management options for Junos OS devices

Explained Junos for EX Series switches;
Described the Junos OS architecture; and
Explained the management options for Junos OS devices.

Slide 15
Learning Activity 1: Question 1
The Junos OS is a reliable, high-performance network

operating system for which three types of networking
platforms? (Choose three.)
Routing
Switching
Security
Wireless

Slide 16

Slide 17
Section Objectives

able to:
Configure interfaces and verify operations
Configure an aggregated Ethernet interface
Deactivate and reactivate the interfaces

Configure interfaces and verify operations;
Configure an aggregated Ethernet interface; and
Deactivate and reactivate the interfaces.

Slide 18
Interface Designations (1 of 6)
After the two character interface media type, digits

identify FPC, PIC, and port numbers
ge-0/1/3
Gigabit Ethernet FPC PIC Port
Interface Names:
The type of interface is usually identified by a two-character
identifier. Examples include the following:
ge: Gigabit Ethernet interfaces
xe: 10-Gigabit Ethernet interfaces
Interface Designations: Part 1
Interface names are formed from a designation (usually two characters) that identifies the type of interface, followed
by the Flexible PIC Concentrator (FPC), PIC, and port number.
Some common interface designations include ge for Gigabit Ethernet Interfaces and xe for 10-Gigabit Ethernet
Interfaces.

Slide 19
Fixed Configuration Switches
FPC
Virtual Chassis Switches
Virtual Chassis
Member Number
On the fixed configuration switches, the FPC number is always 0. On switches with Virtual Chassis capability, the
Virtual Chassis member number replaces the FPC number.

Slide 20
The built-in ports are considered to be PIC 0. The uplink module (if installed) will be PIC 1.

Slide 21
ge-0/0/0 ge-0/0/2 ge-0/1/0 ge-0/1/1
ge-0/0/1
ge-0/1/2
ge-0/1/3
Chassis, module, and port numbering always starts with 0. Therefore, the first port is 0; the second port is 1, and so
on.

Slide 22
On a Virtual Chassis-capable switch, ge-0/1/2

identifies a Gigabit Ethernet port that is located on
the first chassis (or chassis 0), on the module in slot 1
of the chassis, and is the third Gigabit Ethernet port
on that module
As an example, on a Virtual Chassis-capable switch, ge-0/1/2 identifies a Gigabit Ethernet port that is located on the
first chassis (or chassis 0), on the module in slot 1 of the chassis, and is the third Gigabit Ethernet port on that module.

Slide 23
Port ge-2/0/0 is located here:

Gigabit Ethernet port
Switch 2 (the third switch)
Module 0 (the built-in ports)
Port 0 (the first port)
For another example, lets look at a Virtual Chassis composed of EX4200-48 switches. In this case, ge-2/0/0 refers to
a Gigabit Ethernet port. That port is on the third switch in a Virtual Chassis configuration and is on the first module (or
PIC 0, the built-in ports), and is port 0 (which is the first port on the switch).

Slide 24
Special Interfaces on EX Series Switches

lo0 The loopback interface:
You can configure addresses here that are not tied to a specific
physical interface
me0 The out-of-band Ethernet interface:
You can use this interface to manage the device
vme The virtual management Ethernet interface:
In an EX Series Virtual Chassis system, this interface is reachable
through any of the me0 interfaces on the switches that are part of
the Virtual Chassis system
vlan The VLAN interface:
This interface allows you to configure an EX Series switch to have a
routed Layer 3 interface for a VLAN by associating the VLAN with a
particular unit on the special VLAN interface
Special Interfaces on EX Series Switches
There are a few special interfaces on Junos EX Series switches.
lo0 is the loopback interface, similar to the loopback interface in IOS. The addresses you configure on this interface
are not associated with a specific physical interface. Because these addresses will always be reachable regardless of
the state of individual interfaces, the lo0 addresses are often used for management traffic to and from the switch.
me0 in an EX Series switch is an out-of-band Ethernet interface that you can use to manage the device. The me0
interface is unlike other interfaces on the device because the device does not switch traffic between the me0 interface
and other ports on the device. Its used to communicate with the device itself.
vme is a virtual management Ethernet interface. In an EX Series Virtual Chassis system, this interface is reachable
through any of the me0 interfaces on the switches that are part of the Virtual Chassis system. This interface ensures
that you will not lose reachability with the Virtual Chassis system as long as one of the me0 interfaces is connected.
vlan interfaces in an EX Series switch allow you to configure an EX Series switch to have a routed Layer 3 interface
for a VLAN by associating the VLAN with a particular unit on the special VLAN interface. You then perform Layer 3
configuration for the VLAN on this unit.

Slide 25
Units
IOS Software:
If you want to create multiple logical units on a single
physical interface, you can use subinterfaces
Junos OS:
All physical interfaces have at least one logical interface
called a unit
Units
If you have used Cisco IOS, you are probably familiar with the concept of subinterfaces. You use subinterfaces to
create multiple logical units on a single physical interface. For example, you can create subinterfaces for 802.1q
tagged interfaces that might require them.
The Junos OS has a similar concept, called a unit. However, in the Junos OS, all physical interfaces have at least one
logical interface.

Slide 26
Units: Layer 3
All Layer 3 configuration always occurs at the logical

interfaceat the unit level
Units: Layer 3
All Layer 3 configuration always occurs at the logical interfaceat the unit level.

Slide 27
Units: Physical Interface
Layer 2 configuration occurs at the physical interface

level when it affects the entire interface (such as
setting speed and duplex)
Units: Physical Interface
Layer 2 configuration occurs at the physical interface level when it affects the entire interface (such as setting speed
and duplex).

Slide 28
Units: Logical Unit
Layer 2 configuration occurs at the logical unit level

when it affects only a single logical unit (such as
assigning Ethernet switching parameters)
Units: Logical Unit
Layer 2 configuration occurs at the logical unit level when it affects only a single logical unit (such as assigning
Ethernet switching parameters).

Slide 29
Units: Unit 0
When you configure an Ethernet interface without

802.1q tagging, it supports only a single unit. In this
case, the unit must be unit 0
Units: Unit 0
When you configure an Ethernet interface without 802.1q tagging, it supports only a single unit. In this case, the unit
must be unit 0.

Slide 30
Units: Numbering
When using an interface that supports multiple units,

you are free to choose whatever unit number you like
for each sub-interface
Units: Numbering
When using an interface that supports multiple units, you are free to choose whatever unit number you like for each
sub-interface. The special vlan interface always supports multiple units. There is no requirement that you choose unit
numbers that match VLAN numbers, although it is advisable that you do so.
When you configure multiple units for a single physical interface, each unit is treated as a completely separate logical
interface. So, it is possible, for example, to route traffic between two logical interfaces on the vlan interface.

Slide 31
Units: interface.unit
You refer to units in Junos OS as interface.unit
when entering commands
Units: interface.unit
Just as you refer to IOS subinterfaces as interface.subinterface when entering commands on a Cisco device, you refer
to units in Junos as interface.unit when entering commands.

Slide 32
Logical Interface Configuration
Under the unit level, you configure Layer 2 switching

parameters and Layer 3 parameters under the family
stanzas
ethernet-switching: Layer 2 configuration
inet: IPv4 Layer 3 configuration
Logical Interface Configuration
Under the unit level, you configure Layer 2 switching parameters and Layer 3 parameters under the family stanzas.
Two types of families on EX Series switches include the ethernet-switching family and the inet family.

Slide 33
Logical Interface Configuration: Layer 2

Layer 2 Ethernet switching configuration uses the
ethernet-switching family
Configuring this address family makes a logical
interface a Layer 2, switched interface
Layer 2 Ethernet switching configuration uses the ethernet-switching family. The parameters that would be
configured with interface-level switchport configuration statements in IOS are generally configured under this
address family in Junos. Configuring this address family makes a logical interface a Layer 2, switched interface.

Slide 34

IPv4 configuration uses the inet address family
Configuring this address family makes a logical
interface a Layer 3, routed interface
IPv4 configuration uses the inet address family. The parameters that would be configured with interface-level ip
configuration statements in IOS are generally configured under this address family in Junos. Configuring this address
family makes a logical interface a Layer 3, routed interface.

Slide 35
Logical Interface Configuration (1 of 6)
On switches running the Junos OS, you always have

two choices:
Configure IP addresses directly on interfaces
Configure the interface to be a switch port that is part of a
VLAN
Logical Interface Configuration: Part 1
Junos allows you to choose to configure IP addresses directly on interfaces or to configure the interface to be a switch
port that is part of a VLAN.

Slide 36
You can enable processing of a type of traffic by

simply configuring the address family on the unit
For IPv4, such a configuration will cause the software

to behave in the same way as an IOS router would if
you configured ip unnumbered on an interface
You can choose to enable processing of a type of traffic by simply configuring the address family on the unit.
For IPv4, such a configuration will cause the software to behave in the same way as an IOS router would if you
configured ip unnumbered on an interface.

Slide 37
For Ethernet, such a configuration would cause the

interface to be an access port and would cause it to
belong to the default VLAN unless configured to be
part of another VLAN
For the ethernet-switching family, such a configuration would cause the interface to be an access port and would
cause it to belong to the default VLAN unless configured to be part of another VLAN.

Slide 38
Examples of some configurable elements under a

Layer 3 address family:
Addresses
Stateless packet filters that apply to traffic of that
address family
Unicast reverse-path forwarding (RPF) checks
Examples of some configurable elements under the
ethernet-switching family:
Port-mode (access or trunk)
VLANs
Stateless packet filters
Examples of some things you would configure under a Layer 3 address family include:
Addresses;
Stateless packet filters that apply to traffic of that address family; and
Unicast reverse-path-forwarding (or RPF) checks.
Examples of some things you would configure under the ethernet-switching family include:
Port-mode (access vs. trunk);
VLANs; and
Stateless packet filters.

Slide 39
You can assign descriptions to units as well as to

main interfaces
This comes in handy especially with the VLAN
interfaces. Here you see that we have configured the
special vlan interface with
two units
You can assign descriptions to units as well as to main interfaces. This comes in handy especially with the VLAN
interfaces. Here you see that we have configured the special vlan interface with two units.

Slide 40
We give these units descriptions to help us identify

them
Well give these units descriptions to help us identify them, as shown in the example on this slide. As you can see in
the sample output, a description appears in the configuration for each unit.

Slide 41
Activating Interfaces
IOS Software:
shutdown: Deactivate an interface
no shutdown: Re-activate an interface
Junos OS:
deactivate: Deactivate an interface's configuration
disable: Completely shut off a port
In IOS, you deactivate an interface with the shutdown command, and you re-activate an interface with the no
shutdown command.
In Junos, you can deactivate an interface in two ways. First, you can use the deactivate command shown earlier to
deactivate the configuration. However, that command does not actually shut the interface off; rather, it simply causes
Junos to ignore that interfaces configuration. To completely shut off a port, you use the disable configuration
command.

Slide 42
Activating Interfaces: Shut Off the Port

We configure the disable parameter on ge-0/0/10
We then see that the interface is down
Activating Interfaces: Shut Off the Port
Here, we disable interface ge-0/0/10. As you can see, the interface is now down.

Slide 43
Reactivating Interfaces
We delete the disable parameter on ge-0/0/10
The interface comes back up
To reactivate the interface, we delete the disable configuration parameter as shown in the example on this slide. This
is similar to using no shutdown to reactive ports in IOS.

Slide 44
Gigabit Ethernet Configuration (1 of 7)
EX Series switches come with built-in 10/100/1000

Ethernet ports
By default, these ports try to autonegotiate speed and
duplex
You can see the details of the autonegotiation using
the command show interfaces extensive
Gigabit Ethernet Configuration: Part 1
Now lets take a more detailed look at the configuration of Ethernet interfaces.
The EX Series switches come with built-in 10/100/1000 Ethernet ports. By default, these ports try to autonegotiate
speed and duplex. You can see the details of the autonegotiation using the command show interfaces extensive.
Heres a switch port that negotiated to 100Mbps speed and full-duplex operation.

Slide 45
Here is a switch port that negotiated to 1 Gbps speed

and full-duplex operation
Here is a switch port that negotiated to 1 Gbps speed and full-duplex operation.

Slide 46
On EX Series switches, many Ethernet-specific

configuration parameters are contained under the
[ether-options] hierarchy
You can set the speed and duplex manually using the
speed and link-mode commands
Gigabit Ethernet Configuration, Part 3
On EX Series switches, many Ethernet-specific configuration parameters are contained under the ether-options
hierarchy. You can set the speed and duplex manually using the speed and link-mode commands.

Slide 47
Changing the speed or duplex settings does not

disable autonegotiation
Changing the speed or duplex settings will change only the parameters that the switch uses when attempting
autonegotiation. It will not disable autonegotiation.
On this slide you see that the switch is still performing autonegotiation. It has autonegotiated to 100 Mbps speed and
full-duplex operation using the parameters that were configured.

Slide 48
The remote side has also autonegotiated to the same

settings
If you look at the remote side, you can see that it has also autonegotiated to the same settings.

Slide 49
To disable autonegotiation, we enter the command:

set interfaces ge-0/0/4 ether-options
no-auto-negotiation
If you want to also disable autonegotiation, you must do so separately.
To disable autonegotiation in our example, enter the command set interfaces ge-0/0/4 ether-options no-auto-
negotiation, as shown on this slide.

Slide 50
We see that autonegotiation is now disabled:
Here are the results of your configuration. Using the first few lines of output from the show interfaces command, you
can see that autonegotiation is disabled.

Slide 51
Aggregated Ethernet (1 of 5)
To configure links to be part of aggregated Ethernet

interfaces:
1. Tell the device to create the aggregated Ethernet
interfaces
2. Configure the device to associate certain physical links
with the aggregated Ethernet interface
3. Configure the aggregated Ethernet interface
Aggregated Ethernet: Part 1
Junos supports the IEEE 802.3ad link aggregation protocol. Configuring links to be part of aggregated Ethernet
interfaces requires three steps:
First, you have to tell the device to create the aggregated Ethernet interfaces.
Second, you must configure the device to associate certain physical links with the aggregated Ethernet interface.
Third, you must configure the aggregated Ethernet interface.

Slide 52
We tell the device to create a single aggregated

Ethernet interface
You tell the software to create aggregated Ethernet interfaces and allocate resources for them by setting the ethernet
device-count parameter under the [edit chassis aggregated-devices] hierarchy.
In this example, we set this parameter to 1, so the device will create one aggregated Ethernet interface.
Aggregated Ethernet interfaces are designated aeX, where X is a number. The switch creates the number of
aggregated Ethernet devices specified, beginning with ae0 and counting upwards. In this case, because we told the
switch to create only 1 interface, the switch will create interface ae0 only.

Slide 53
We associate interfaces ge-0/0/5 and ge-0/0/6 with the
aggregated Ethernet interface ae0 parameter under the
ether-options section of the physical interface, and view
the results
[]
Next, you configure the switch to associate certain physical links with the aggregated Ethernet interface. You do this
by setting the 802.3ad parameter under the ether-options section of the physical interface. Here, we will associate
ge-0/0/5 and ge-0/0/6 with interface ae0.

Slide 54
Finally, we configure the ae0 interface itself, setting up
802.1q as a switch trunk port
Also, well configure the switch to run LACP in active mode
(if you choose to run LACP, at least one side needs to be
active) and commit the changes
Finally, you configure the ae0 interface itself. You can configure most anything under this interface that you could
under the constituent interfaces. Among other things, that means you can configure 802.1q trunking. Well set this up
as a switch trunk port.
Also, well configure the switch to run the Link Aggregation Control Protocol (or, LACP) in active mode. (By default,
Junos does not run LACP. If you choose to run LACP, at least one side needs to be active for the link to come up.)
Unlike Cisco IOS, you configure these parameters only onceat the aggregated interface level.

Slide 55
With just five commands, you have created an

aggregated Ethernet bundle with two constituent
interfaces
So, here, with just five commands, youve created an aggregated Ethernet bundle with two constituent interfaces.

Slide 56
Basic Commands (1 of 4)
Two basic commands for displaying interface state

with Junos OS software:
show interfaces descriptions
show interfaces terse
Note: These are operational mode commands, so if you

want to use them in configuration mode, you must
preface them with run
Basic Commands: Part 1
Now lets look at monitoring interface state. Junos software provides several ways of displaying interface state. Two
basic commands are shown on screen.
These are operational mode commands, so if you want to use them in configuration mode, you must preface them
with run. The examples we use in this section are in operational mode.

Slide 57
You can use the show interfaces
descriptions command to get a listing of
interfaces and their configured descriptions
Only interfaces that have descriptions will be displayed
You can use the show interfaces descriptions command to get a listing of interfaces and their configured
descriptions. However, note that only interfaces that have descriptions will be displayed.

Slide 58
In Junos OS, show interfaces terse shows all
configured addresses of each address family on each
interface
[]
As youve seen already in this course, you can use the show interfaces terse command to get a listing of interfaces,
their status, and their addresses. In this output, you can see that the ge-0/0/5 and ge-0/0/6 interfaces are part of the
ae0 aggregated Ethernet bundle.
In IOS, to get a listing of interface status as well as the IP address (if assigned), you would type show ip interface
brief. In Junos, show interfaces terse shows all configured addresses of each address family on each interface.

Slide 59
Several interfaces in the Junos OS output have

multiple IP addresses configured
[]
[]
[]
Notice that several of the interfaces in the Junos output have multiple IP addresses configured. These addresses
would not have been visible using the IOS show ip interface brief. command.
In addition to information about IP addresses and interface status, this Junos command also lets you see the brief
configuration of each interface. You can also see which ports are configured as Ethernet Switch ports.

Slide 60
Retrieving Interface Details (1 of 5)

show interfaces interface-name
In Junos OS, you get details about an interface by
typing show interfaces followed by the
interface name
You can also add various switches to get more
information or less information
show interfaces ge-0/0/3 brief
show interfaces ge-0/0/3
show interfaces ge-0/0/3 detail
show interfaces ge-0/0/3 extensive
Retrieving Interface Details: Part 1
In the previous section, we saw two ways to view a summary of multiple interfaces. Now lets look at some ways we
can learn more about a particular interface.
In IOS, you get details about an interface by typing: show interfaces <interface-name>. In Junos, you get details
about an interface by typing the same command; however, in Junos, you can also add various switches to get more
information or less information.

Slide 61

Output of: show interfaces ge-0/0/3 brief
Here is some information about a Gigabit Ethernet port displayed with the command show interfaces ge-0/0/3 brief.
As you can see, this is just a high-level summary of the interface (including its logical interfaces).

Slide 62

Partial output from: show interfaces ge-0/0/
[]
[]
[]
Here is the output from the command show interfaces ge-0/0/3. Among other things, this commands a counter of
input and output packets for the particular units. It also shows hardware addresses and whether a switch port is
configured as an access or trunk port.

Slide 63

Partial output from:
show interfaces ge-0/0/3 detail
[]
[]
[]
Here is the same interface with the command show interfaces ge-0/0/3 detail. This command allows you to see
some more detailed traffic statistics, including per-queue statistics for the physical interface and a much greater level
of statistics at the logical unit level.

Slide 64

Partial output from:
show interfaces ge-0/0/0 extensive
[]
[]
[]
[]
Here is the same interface with the command show interfaces ge-0/0/3 extensive. Here, you see errors,
autonegotiation information, and detailed Layer 2 information.

Slide 65
Lab 1: Configuring Interfaces on Junos

Devices
Configure Interfaces and Verify Operations Deactivate and Reactivate the Interface
Configure an Aggregated ethernet Interface
Pause this presentation, follow the link shown below to

Junipers Virtual Lab environment, open the Lab Guide, and
complete Lab 1
https://virtuallabs.juniper.net/
Upon completing Lab 1, return to this presentation and

click the Play button ( ) to proceed.
Lab 1: Configuring Interfaces on Junos Devices
In this lab, you will:

Configure interfaces and verify operations;
Configure an aggregated ethernet interface; and
Deactivate and reactivate the interface.
At this point, you should pause the presentation, follow the link to Junipers Virtual Lab environment, open the Lab
Guide, and complete the lab portion of this section. When you are finished, return to this presentation and click Play to
continue.

Slide 66
Section Summary

Configured interfaces and verified operations
Configured an aggregated Ethernet interface
Deactivated and reactivated the interfaces

Configured interfaces and verified operations;
Configured an aggregated Ethernet interface; and
Deactivated and reactivated the interfaces.

Slide 67
To shut off the port on a given interface, we use what

command?
A) Disable
B) Shutdown
C) Remove
D) Delete

Slide 67
In Junos, show interfaces, plus which one of the

following, shows all configured addresses of each
address family on each interface?
A) Terse
B) Brief
C) Extensive
D) Ipbrief

Slide 68

Slide 69
Section Objectives

able to:
Configure access and trunk ports
Monitor switching operations
Configure an RVI (routed VLAN interface)

Configure access and trunk ports;
Monitor switching operations; and
Configure an RVI (routed VLAN interface).

Slide 70
Configuring VLANs (1 of 5)
We configure VLANs under the [edit vlans]
hierarchy
All you need to do is configure the name of a VLAN,

and it instantly becomes a VLAN
Here, we add a new VLAN called example
Configuring VLANs: Part 1
By default, all ports that are configured as switch ports are members of the default VLAN, which Junos automatically
creates. You configure VLANs under the [edit vlans] hierarchy.
All you need to do is configure the name of a VLAN, and it instantly becomes a VLAN. To add a new VLAN called
example, you would simply enter the command set example.

Slide 71
Here are the results:
Now enter the show command to see the results.

Slide 72
After committing the changes, you can view the new

VLAN along with the existing VLANS we have already
configured
Here we see our new VLAN and the existing VLANS we already configured.
You could now assign ports to the new VLAN, and it would begin to switch traffic between them.

Slide 73
If you want to use 802.1q tags to transmit this VLAN

on a trunk port, you should assign a VLAN ID to the
VLAN
In this case, we use VLAN ID 100. Then we commit
the changes
There are also a few other options you might want to configure. If you might want to use 802.1q tags to transmit this
VLAN on a trunk port, you should assign a VLAN ID to the VLAN. In this case, lets use VLAN ID 100.
Enter the command set example vlan-id 100.

Slide 74
We enter the run show vlans command again
and see that the example VLAN now has a VLAN ID
assigned
Now enter the run show vlans command again to view a list of VLANs. As you can see, the example VLAN now has
a VLAN ID assigned.

Slide 75
Configuring Access Ports (1 of 11)
There are two ways to statically assign ports to a VLAN
Configuring Access Ports: Part 1
Lets take a look at how you assign interfaces to a VLAN. There are two ways to statically assign ports to a VLAN.
Lets look at the phones VLAN for an example.
Here, you see that there are three interfaces assigned to the VLAN as tagged interfaces.

Slide 76
If you look at the VLAN configuration, you see a single

interface assigned
This is one way interfaces can be statically assigned to
a VLAN
If you look at the VLAN configuration, you see a single interface assigned. This method is one way interfaces can be
statically assigned to a VLAN.

Slide 77

A second way to statically assign ports to a VLAN is to
configure the VLAN membership under the edit
interfaces interface-name unit 0 family
ethernet-switching hierarchy
The other two interfaces were assigned to this VLAN using this method
Another way to statically assign ports to a VLAN is to configure the VLAN membership under the [edit interfaces
interface-name unit 0 family ethernet-switching] hierarchy. The other two interfaces were assigned to this VLAN
using this method. Lets take a look at those configurations. Here is the ge-0/0/3 interface.

Slide 78

By default, when you configure family ethernet-
switching on a unit, the port becomes an access
port that is part of the default VLAN
You can configure it to be a member of a different
VLAN by assigning it to the VLAN under the [edit
vlans] hierarchy or under the
[edit interfaces] hierarchy
By default, when you configure family ethernet-switching on a unit, the port becomes an access port that is part of
the default VLAN. You can configure it to be a member of a different VLAN by assigning it to the VLAN under the [edit
vlans] hierarchy or under the [edit interfaces] hierarchy.

Slide 79
Now, we'll configure three new access ports

ge-0/0/7, ge-0/0/8, and ge-0/0/9
to be members of the example VLAN
We configure ge-0/0/7 under the [edit vlans]
hierarchy
Now we move to the [edit interfaces]

hierarchy
Lets configure three new access portsge-0/0/7, ge-0/0/8, and ge-0/0/9to be members of the example VLAN. Well
configure ge-0/0/7 under the [edit vlans] hierarchy.
Now, lets move to the [edit interfaces] hierarchy.

Slide 80

We then configure ge-0/0/7 to be a switch port:
Here, well configure ge-0/0/7 to be a switch port.

Slide 81

Well configure ge-0/0/8 and ge-0/0/9 to become
members of the example VLAN under the [edit
interfaces] hierarchy. We can either use the VLAN ID or
the VLAN name
We configure ge-0/0/8 using the VLAN ID (100)
We configure ge-0/0/9 using the VLAN name example
Well configure ge-0/0/8 and ge-0/0/9 to become members of the example VLAN under the [edit interfaces]
hierarchy. We can either use the VLAN ID or the VLAN name.
Well configure ge-0/0/8 using the VLAN ID (100).
Well configure ge-0/0/9 using the VLAN name example.

Slide 82

Let's review the configuration
Here's the example VLAN:
Here's the first interface:
[]
Lets review the configuration for the example VLAN and the three interfaces that are part of it before committing.
Heres the example VLAN.
Heres the first interface

Slide 83
Here's the second interface:
[]
Here's the third interface:
[]
the second interface
and finally, the third interface.

Slide 84
We commit the configuration

All the interfaces become part of the VLAN, despite
the different ways we configured them:
Now well commit the configuration. Once the configuration is committed, you can see that all the interfaces become
part of the VLAN, despite the different ways we configured them.

Slide 85
You can use any of these methods to assign ports to

the same VLAN, or to assign a single trunk port to
multiple VLANs:
1. Configure the interface under the [edit vlans]
hierarchy.
2. Configure VLAN membership under the [edit
interfaces interface-name unit 0 family
Ethernet-switching] hierarchy either by:
a. Using the VLAN ID, or
b. Using the VLAN name
Choose the configuration format that best suits the
requirements of your network
You can use these different configuration methods to assign ports to the same VLAN, or to assign a single trunk port
to multiple VLANs. Junos gives you the flexibility to configure your device in the way that best suits the requirements
of your network.

Slide 86
Configuring Trunk Ports (1 of 12)
To configure a port to become a trunk port, you

configure port-mode trunk under the [family
ethernet-switching] hierarchy on the
interfaces logical unit
Configuring Trunk Ports: Part 1
So far, weve covered configuring access ports only (that is, ports that are members of a single VLAN and carry all
their traffic without 802.1q VLAN tags). This is the default mode for a switch port.
You configure a port to become a trunk port (that is, a port which carries multiple VLANs via 802.1q tags) by
configuring port-mode trunk under the family ethernet-switching hierarchy on the interfaces logical unit.

Slide 87

Well configure three ports to be trunk ports, carrying
the example, phones, and printers VLANs
We configure the ge-0/0/7 interface to be a
member of the phones VLAN
Well also configure that interface to be a member of

the printers VLAN
Now, well configure three ports to be trunk ports, carrying the example, phones, and printers VLANs. To be
consistent, well continue configuring them using the three different methods we used in the previous section. All three
ports are currently configured as access ports in the example VLAN.
Well start by configuring the ge-0/0/7 interface to be a member of the phones VLAN. Well also configure that
interface to be a member of the printers VLAN.

Slide 88

A commit check reveals an error
Junos OS will not let you accidentally configure an access
interface to be a member of multiple VLANs
When we perform a commit check, you can see that Junos will not let you accidentally configure an access interface
to be a member of multiple VLANs.
One of the benefits of editing a candidate configuration (rather than an active configuration, as in IOS) is the ability to
catch and resolve errors like this prior to any of the configuration becoming active. This process allows you to resolve
configuration problems before they actually affect network users.

Slide 89

We configure the ge-0/0/7 interface to be a trunk
interface
Next, well configure the ge-0/0/7 interface to be a trunk interface.

Slide 90
Now that we have configured this interface as a trunk

port, a commit check succeeds
Now that we have configured this interface as a trunk port, a commit check succeeds.

Slide 91
Now, well configure the remaining two interfaces

Here, we configure interface ge-0/0/8 to be a trunk
port, and we add the extra VLANs by number for this
interface
Now, well configure the remaining two interfaces.
Here, we configure interface ge-0/0/8 to be a trunk port.
Here, we add the extra VLANs for this interface.

Slide 92

Now, we configure interface ge-0/0/9 to be a trunk
port, adding the extra VLANs by name for this
interface
Now, well do the same for ge-0/0/9. However, well add the extra VLANs by name.

Slide 93

Before committing, lets take a quick look at each of
the interfaces we have configured:
[]
[]
[]
Before committing, lets take a quick look at each of the interfaces we have configured.

Slide 94

We commit the configuration and see that these
interfaces are now all listed as tagged interfaces for
all three VLANs
Now well commit the configuration.
After committing the configuration, you see that these interfaces are now all listed as tagged interfaces for all three
VLANs (that is, trunk interfaces on which a tag is being applied for this VLAN).

Slide 95

Now we decide to configure ge-0/0/9 to receive
untagged frames and to process those frames as part
of the default VLAN
Now, lets say that you want to configure ge-0/0/9 to receive untagged frames and to process those frames as part of
the default VLAN. (Configuring a trunk port to process untagged frames and treat them like they are part of a
configured VLAN is sometimes called configuring the native VLAN.)

Slide 96

We view the new configuration and commit the
change:
Here is the new configuration. Well commit this change.

Slide 97

Here is the default VLAN
ge-0/0/9 is listed as an untagged interface for the default
VLAN
The other two trunk ports we configured are not members of
this VLAN
You see that ge-0/0/9 is listed as an untagged interface for the default VLAN. Even though it is a trunk interface, the
native VLAN is transmitted and received without 802.1q tags; therefore, Junos identifies this interface as an untagged
member of this VLAN. Also, you see that the other two trunk ports we configured are not members of this VLAN. In
Junos, trunk ports only transmit those VLANs which they have been specifically configured to transmit. IOS defaults to
trunking all VLANs on all trunk ports and having VLAN 1 as the native VLAN on all trunk ports. Junos, on the other
hand, trunks only those VLANs that you configure for a particular port, and uses a native VLAN on a trunk port only if
you configure it to do so.

Slide 98
Configuring Routed VLAN Interfaces
You can configure routed VLAN interfaces as units

under the special VLAN interface that was described
earlier
Configuring Routed VLAN Interfaces
You can configure routed VLAN interfaces as units under the special VLAN interface that was described earlier. You
must do two things to enable this. First, you assign the VLAN a Layer 3 interface. While it is not necessary that you
match the unit numbers and 802.1q tags, we recommend you do so for ease of administration. Here, we assign the
example VLAN the Layer 3 interface vlan.100, which matches its VLAN ID of 100.
Next, we configure the actual Layer 3 interface. To make it easier to identify, we give the unit a description. Here, we
configure an IP address of 192.168.100.2/24.
The vlan.100 interface is just like any other interface on the switch. You can run routing protocols on that interface, or
use it just as you would any other interfaces on the switch.

Slide 99
Configuring a Logical Interface for

Access Mode
To configure an interface for access interface mode:
user1@switch1# set interfaces interface-name unit
logical-unit-number family ethernet-switching
interface-mode access
The following example shows a logical interface configured
as an access port with a VLAN ID of 20 (on routers and
switches that support the enhanced Layer 2 software):
[edit interfaces ge-1/2/0]
unit 1 {
family ethernet-switching {
interface-mode access;
vlan members 20;
}
}
Configuring a Logical Interface for Access Mode
You can configure a single logical interface to accept untagged packets and forward the packets within a specified
VLAN. A logical interface configured to accept untagged packets is called an access interface or access port. When
an untagged or tagged packet is received on an access interface, the packet is accepted, the VLAN ID is added to the
packet, and the packet is forwarded within the VLAN that is configured with the matching VLAN ID.
You can configure an interface for access interface mode using the following syntax in configuration mode:
set interfaces interface-name unit logical-unit-number family ethernet-switching interface-mode access
The slide shows an example of configuring a logical interface as an access port with a VLAN ID of 20 on routers and
switches that support the enhanced Layer 2 software.

Slide 100
Configuring Layer 3 Interfaces
To configure a Layer 3 interface, you must assign an

IP address to the interface
To configure an IPv4 address on an interface:
user1@switch1# set interfaces interface-name unit logical-
unit-number family inet address ip-address
Example:
user1@switch1# set interfaces ge-0/0/2 unit 0 family inet
address 172.23.30.1/24
To configure an IPv6 address on an interface:
user1@switch1# set interfaces interface-name unit logical-
unit-number family inet6 address ip-address
Example:
user1@switch1# set interfaces ge-0/0/2 unit 0 family inet6
address 2001:db8:0:5::/64
Configuring Layer 3 Interfaces
To configure a Layer 3 interface, you must assign an IP address to the interface. You assign an address to an
interface by specifying the address when configuring the protocol family. For the inet or inet6 family, configure the
interface IP address.
You can configure interfaces with a 32-bit IP version 4 (IPv4) address and optionally with a destination prefix,
sometimes called a subnet mask. An IPv4 address utilizes a 4-octet dotted decimal address syntax (for example,
192.16.1.1). An IPv4 address with destination prefix utilizes a 4-octet dotted decimal address syntax with a destination
prefix appended (for example, 192.16.1.1/30).
To specify an IP address for the logical unit using IPv4, use the following command syntax from configuration mode:
set interfaces interface-name unit logical-unit-number family inet address ip-address
You represent IP version 6 (IPv6) addresses in hexadecimal notation using a colon-separated list of 16-bit values. You
assign a 128-bit IPv6 address to an interface.
To specify an IP address for the logical unit using IPv6, use the following command syntax from configuration mode:
set interfaces interface-name unit logical-unit-number family inet6 address ip-address

Slide 101
Configuring an IRB Interface
IRB provides support for Layer 2 bridging and Layer 3

IP routing on the same interface
An interface named irb functions as a logical router on
which you can configure a Layer 3 logical interface for VLAN
To configure an IRB interface, first create a Layer 2 VLAN by
assigning it a name and a VLAN ID :
user1@switch1# set vlans vlan-name vlan-id vlan-id
Create an IRB logical interface:
user1@switch1# set interface irb unit logical-unit-
number family inet address ip-address
Associate the IRB interface with the VLAN:
user1@switch1# set vlans vlan-name l3-interface
irb.logical-unit-number
Configuring an IRB Interface
IRB provides support for Layer 2 bridging and Layer 3 IP routing on the same interface. IRB enables you to route
packets to another routed interface or to another VLAN that has a Layer 3 protocol configured. IRBs allow the device
to recognize packets that are being sent to local addresses so that they are bridged (switched) whenever possible and
are routed only when necessary. Whenever packets can be switched instead of routed, several layers of processing
are eliminated. An interface named irb functions as a logical router on which you can configure a Layer 3 logical
interface for VLAN. For redundancy, you can combine an IRB interface with implementations of VRRP in both bridging
and virtual private LAN service (VPLS) environments.
To configure an IRB interface, first create a Layer 2 VLAN by assigning it a name and a VLAN ID by using the
following command syntax in configuration mode:
set vlans vlan-name vlan-id vlan-id
Next, create an IRB logical interface with the following command syntax in configuration mode:
set interface irb unit logical-unit-number family inet address ip-address
Finally, associate the IRB interface with the VLAN using the following command syntax in configuration mode:
set vlans vlan-name l3-interface irb.logical-unit-number

Slide 102
Switch Ports (1 of 2)
IOS Software:
show interfaces switchport
show interfaces trunk
Junos OS:
show ethernet-switching interfaces
Switch Ports: Part 1
In Ciscos IOS, you would use the command show interfaces switchport to get information about a switch port, or
show interfaces trunk to get information about trunks.
With Junos, you use the command show ethernet-switching interfaces to get similar information. Like the Cisco
IOS commands, you can either specify an interface, or, if you dont specify one, the software will display information
on all interfaces.

Slide 103
Switch Ports (2 of 2)
You can use the command show ethernet-
switching interfaces to get information on the
ge-0/0/3.0 interface
If we add the detail flag, we see whether the VLAN is
transmitted with an 802.1q tag
Switch Ports: Part 2
Here, we use the command to get information on the ge-0/0/3.0 interface. When we add the detail flag, we can see
information about whether the VLAN is transmitted with an 802.1q tag.

Slide 104
VLANs (1 of 6)
IOS Software:
show vlan
show vlan id
Junos OS:
show vlans
VLANs: Part 1
In Ciscos IOS, you monitor VLANs with the show vlan command. As weve already seen, you monitor VLANs in
Junos with the show vlans command.

Slide 105
VLANs (2 of 6)
You need to use the show vlan id command to see

trunk ports in Cisco IOS
[]
VLANs: Part 2
The IOS command will show you a listing of all VLANs; however, the listing of ports does not include trunk ports. To
see trunk ports, you need to use the show vlan id command.

Slide 106
VLANs (3 of 6)
However, several extra ports show up in the VLAN 2

listing when we use the Cisco IOS show vlan id 2
command
These different outputs can cause confusion and cost
precious minutes in troubleshooting
[]
VLANs: Part 3
Look how several extra ports suddenly show up in the VLAN 2 listing when we use the show vlan id 2 command.
These different outputs can cause confusion and cost precious minutes in troubleshooting.

Slide 107
VLANs (4 of 6)
Junos OS gives you several pieces of key information

with the show vlans command:
A list of the VLANs
The assigned 802.1q VLAN tag for each VLAN
A listing of interfaces
An indication of whether they are up or down
VLANs: Part 4
Junos, on the other hand, allows you to get summary information with the show vlans command:
Here, you see several pieces of key information: a list of the VLANs, the assigned 802.1q VLAN tag for each VLAN, a
listing of interfaces, and an indication of whether they are up or down.

Slide 108
VLANs (5 of 6)
Here we use the detail switch:
VLANs: Part 5
To get more information about a VLAN, you can use the detail and extensive switches. As you can see here, the
detail switch gives you the configured VLAN description (if any), the primary IP address for the associated Layer 3
interfaces (if one is configured), the total number of ports configured to be part of the VLAN, and the total number of
those ports that are active. In addition to displaying a listing of interfaces and an indication of whether they are up or
down, the detail switch also lets you know whether the interfaces are tagged or untagged.

Slide 109
VLANs (6 of 6)
Here we use the extensive switch:
VLANs: Part 6
The extensive switch lists the origin of the VLAN (whether it was static or created through the GARP VLAN
Registration Protocol [or GVRP]), the time the VLAN was created, the associated Layer 3 interface, and an indication
of whether each interface is a trunk or access port.
As you can see, Junos never presents a partial listing of member interfaces.

Slide 110
MAC Tables (1 of 2)
In the Junos OS, you view the MAC address table with
the show ethernet-switching table
command
MAC Tables: Part 1
In Ciscos IOS, you view the MAC address table with the show mac-address-table command. In Junos, you view the
MAC address table with the show ethernet-switching table command.
Of course, you can also use the detail and extensive arguments to get more information.

Slide 111
MAC Tables (2 of 2)
Junos OS also has a feature to allow you to see a log

of recent MAC address table changes
MAC Tables: Part 2
Junos also has a feature to allow you to see a log of recent MAC address table changes. This feature allows you to
quickly track down some types of Layer 2 problems.

Slide 112
Lab 2: Configuring and Monitoring Layer 2

Switching on Junos Devices
Configure Access and Trunk Ports Configure an RVI (Routed VLAN
Monitor Switching Operations Interface)
Upon completing the lab, return to this presentation

and click the Play button ( ) to proceed.
Lab 2: Configuring and Monitoring Layer 2 Switching on Junos Devices

Configure Access and Trunk Ports;
Monitor Switching Operations; and
Configure an RVI (Routed VLAN Interface).
At this point, you should return to the Virtual Lab session you opened previously and complete the lab portion of this
section. When you are finished, return to this presentation and continue.

Slide 113
Section Summary

Configured access and trunk ports
Monitored switching operations
Configured an RVI (routed VLAN interface)

Configured access and trunk ports;
Monitored switching operations; and
Configured an RVI (routed VLAN interface).

Slide 114
You configure VLANs under which hierarchy?

A) [edit vlans]
B) [edit interface]
C) [edit configuration]
D) [edit root]

Slide 114
True or False: To statically assign ports to a VLAN is to

configure the VLAN membership under the
[edit interfaces interface-name unit 0 family inet]
hierarchy.
A) True
B) False

Slide 115
Security
Security

Slide 116
Section Objectives

able to:
Establish a baseline configuration
Configure and monitor firewall filters

Establish a baseline configuration: and
Configure and monitor firewall filters.

Slide 117
Security Overview (1 of 2)
IOS Software:
Junos OS:
Security Overview: Part 1
Next, lets take a look at security. In Ciscos IOS, you configure access control lists with either numbers or names.
Numbered access control lists have numbers that indicate the type of access control list (standard or extended) and
address family. Named access control lists also contain these indications.
The Junos equivalent to IOSs access list is a firewall filter. As in IOS, you configure Junos firewall filters per address
family, and there are different match options for each address family. Like IOSs access lists, Junos firewall filters can
be applied in either the inbound or outbound direction on an interface.

Slide 118
Security Overview (2 of 2)
Remember:
Firewall filters are not stateful firewall rules, but stateless
packet filters just like IOSs access lists
Security Overview: Part 2
Dont let the name firewall filter confuse you. Firewall filters are not stateful firewall rules, but stateless packet filters
just like IOSs access lists.
On switch ports and VLANs, you can filter traffic at Layer 2 or Layer 3, whether or not there is a Layer 3 interface
associated with the VLAN.

Slide 119
Terms (1 of 3)
Terms: Part 1
Like IOS, the Junos OS evaluates firewall-filter entries sequentially. In IOS, each entry is contained on a line, which
specifies match conditions along with the action to take. In Junos, each match-action pair is called a term. A term
comprises one or more match conditions, which must all be met for a match to occur, along with one or more action
conditions. These terms are then strung together to form a firewall filter.

Slide 120
Terms (2 of 3)
When a packet is discarded, the device

drops it without sending an error back to the
sender.
Terms: Part 2
In IOS, the default action is to deny packets that reach the end of the access list without matching an entry in it. Junos
has a similar default behavior. When a packet is discarded, the device drops it without sending an error back to the
sender. In Junos, the default action is to discard packets that do not match any entries in a firewall filter.

Slide 121
Terms (3 of 3)
IOS Software:
Junos OS:
Terms: Part 3
Lets take a very simple example: block all IPv4 traffic from 192.168.0.0/24. Accept everything else. In IOS, you would
use the following syntax.
An equivalent Junos configuration would look like this. Youll notice a few things. First, all stateless packet filters are
configured under the firewall hierarchy. That hierarchy contains a separate section for filters for each address family.

Slide 122
Policies
Junos firewall hierarchy elements:

[edit firewall family inet]:
IPv4 filters for Layer 3 interfaces
[edit firewall family ethernet-switching]:
Filters for Layer 2 interfaces
Policies
So, IPv4 firewall filters are configured under the [edit firewall family inet] hierarchy, while filters you apply to Layer 2
interfaces or VLANs are configured under the [edit firewall family ethernet-switching] hierarchy. Dont let the
names confuse you; you can match on Layer 3 information in filters you define under the ethernet-switching family,
in addition to MAC addresses, 802.1q tags or priorities, Ethernet Type values, and VLANs. Junos is flexible enough to
allow you to combine multiple types of rules in a single firewall filter, or even combine Layer 2 and Layer 3 match
criteria in a single term. In IOS, you would need to put the Layer 3 match conditions in an IP access list and the Layer
2 match conditions in a MAC access list.

Slide 123
Terms (1 of 9)
IOS Software:
Junos OS:
Terms: Part 1
Youll also notice that firewall filters in Junos always have names. In this case, we called the firewall filter sample-
filter.
Filters are composed of terms. Each term is analogous to a line from a Cisco access list, and the device processes
them sequentially, just as a device running Cisco IOS would process each line of an access list sequentially.
Within a term, there are from clauses, which describe match conditions and then clauses that describe action
conditions.
You can specify multiple match conditions and multiple action conditions in each term. Junos processes each term
sequentially until it finds a match. You can see that the term accept-all does not have any match conditions. If you do
not specify any match conditions for a term, all packets will match the term.

Slide 124
Terms (2 of 9)
We will now add a few more addresses. First, we

enter the show command.
Terms: Part 2
We will now add a few more addresses. To add two more prefixes to the block-bad-subnet term, first enter the show
command.

Slide 125
Terms (3 of 9)
We enter the command edit filter sample-
filter term block-bad-subnet from
to annotating the term for additional documentation
Terms: Part 3
Now enter the command edit filter sample-filter term block-bad-subnet from.

Slide 126
Terms (4 of 9)
We enter these two commands:

set source-address 192.168.10.0/24
set source-address 192.168.20.0/24
Terms: Part 4
Next enter the command set source-address 192.168.10.0/24.
Now enter the command set source-address 192.168.20.0/24.

Slide 127
Terms (5 of 9)
We go up three levels and view the results:
[]
Terms: Part 5
Enter the up 3 command. Finally, enter the show command.

Slide 128
Terms (6 of 9)
Term and filter names provide you with an excellent

way to document their purpose
You can also use the Junos OS annotate feature to
provide additional documentation
Terms: Part 6
Term names and filter names provide you with an excellent way to document the purpose of each filter and term.
However, you can also use Junos annotate feature to provide additional documentation.
Here, were adding comments to the source addresses using the Junos softwares annotate command.

Slide 129
Terms (7 of 9)
The software stores these comments in the

configuration:
Terms: Part 7
The software will store these comments in the configuration with the associated configuration elements for easy
reference. Here are the results.

Slide 130
Terms (8 of 9)
Network mask notation:

IOS software uses dotted-decimal notation
Junos OS uses standard Classless Interdomain Routing
(CIDR) notation
Both operating systems allow you to match on
noncontiguous bit masks
Terms: Part 8
Youve probably noticed that Junos uses normal network masks, rather than Ciscos wildcard masks. For many
applications, this makes configuring network masks much easier. However, IOSs wildcard masks do provide a great
deal of flexibility when thats needed by allowing you to match on non-contiguous bit masks. And thats why Junos
also supports non-contiguous bit masks.

Slide 131
Terms (9 of 9)
IOS Software:
Junos OS:
Terms: Part 9
For example, assume you have the 192.168.0.0/16 network broken into 24-bit subnets and you have other routers
using the first address of each subnet. You want to write an access list that blocks Telnet and SSH traffic to these
router addresses, yet allows all other traffic. In IOS, you would write an access list like this.
In Junos, this same access list looks like this. Notice that the destination address mask is still a standard network
mask in dotted-decimal notationit isnt backwards like a wildcard maskbut is still non-contiguous. Like all other
standard network masks, a 1 bit specifies that a bit must exactly match the pattern, while a 0 bit specifies that a bit
does not need to match.

Slide 132
Performance
IOS Software:
IOS software traditionally processes each packet through each line of an
access list in order
Network engineers may work to optimize the list to try to improve
performance
IOS software supports compiled access lists on some platforms, but not
others
Junos OS:
Junos firewall filters are always compiled
Junos OS software performs line-rate packet filtering with an optimized
and efficient match
Network engineers dont need to spend time trying to optimize filters
Performance
Ciscos IOS traditionally processes each packet through each line of an access list in order until it reaches a match.
To reduce the processing load on devices running Cisco IOS, network engineers have traditionally tried to optimize
the access list as much as possible to ensure that packets will match as early as possible. Cisco alleviated this
concern by enabling network engineers to activate compiled access lists, which are supported on at least some
platforms. Unlike IOS, Junos always compiles firewall filters. This design feature allows the Juniper Networks
hardware to perform line-rate packet filtering with an optimized and efficient match. So, network engineers do not
need to worry about optimizing Junos firewall filters to be efficient because the software does that automatically.

Slide 133
Changes (1 of 9)
Changes: Part 1
Making changes to IOS access lists can present a few problems. First, to insert a new line in the middle of an access
list, you must delete the whole access list and insert a new access list. This process is most efficiently done by
copying the old access list to a text editor, making the change, and then pasting in the new access list.

Slide 134
Changes (2 of 9)
Changes: Part 2
Starting with our complex example, lets say we want to add an additional SNMP server. In an IOS access list, we
would need to add four lines in four different places.

Slide 135
Changes (3 of 9)
Changes: Part 3
But, what if there is a typo? Well, then you could end up with an incomplete access list.

Slide 136
Changes (4 of 9)
Changes: Part 4
Second, when you delete and repaste an existing access list, IOS begins using the new access list as you enter each
line. And, like all access lists, there is an implicit deny ip any any line at the end. So, as soon as you remove the
access list, the device begins allowing all trafficnot very secure! Then, as soon as you enter the first line, it begins
dropping all traffic that doesnt match the first line, which likely means youre denying legitimate trafficnot very good
for end-user satisfaction! Worse yet, if youre accessing the device over a link using the access list, you could end up
blocking your own communication with the device!

Slide 137
Changes (5 of 9)
Changes: Part 5
The Junos configuration editing process has a much better solution. In Junos, you edit the candidate configuration.
Once youre done, you commit your changes, and Junos transitions from using the old firewall filter to the new firewall
filter.

Slide 138
Changes (6 of 9)
Every packet is processed by the complete firewall

filter
Junos OS does not process packets through a partial
firewall filter during the commit process
Changes: Part 6
Every packet is processed by the complete firewall filter. Junos doesnt process packets through a partial firewall filter
during the commit process; rather, it keeps using the old firewall filter until the entire new firewall filter is compiled and
downloaded to the hardware. It then begins using the new firewall filter.

Slide 139
Changes (7 of 9)
Changes: Part 7
Adding another SNMP server in our Junos example is a simpler and more stable process than what we saw in the IOS
example. Starting from the configuration shown on screen, we want to add our new SNMP server to the more-
complex-example filter as a destination address for both the allow-snmp and block-snmp terms.

Slide 140
Changes (8 of 9)
Changes: Part 8
Here are the commands we use to add the server to those two firewall terms.

Slide 141
Changes (9 of 9)
Changes: Part 9
Here is the resulting configuration.

Slide 142
Applying Firewall Filters (1 of 6)
IOS Software:
Applying Firewall Filters: Part 1
Like IOS, you can apply firewall filters on any Layer 3 interface in either the inbound or the outbound direction.

Slide 143
Junos OS:
You can apply firewall filters in the inbound direction on any switch port.

Slide 144
IOS Software:
Here is a sample IOS configuration.

Slide 145
Junos OS:
Here is the equivalent Junos configuration.

Slide 146
IOS Software:
In IOS, you can apply firewall filters that apply to an entire VLAN using the vlan access-map command. Similar to the
IOS concept of a route-map, a vlan access-map has various terms that match packets using ACLs. Packets that are
permitted by the ACL then have the action specified in the vlan access-map applied to them. This can be confusing
when the ACL action is permit, but the vlan access-map action is drop, becausein that casetraffic that is
permitted by an ACL will actually be dropped.

Slide 147
Junos OS:
In the Junos software, you can apply firewall filters in either the inbound or outbound direction for an entire VLAN. You
simply specify a normal firewall filter and the Junos software processes traffic through the firewall filter in the direction
you specify.

Slide 148
Other Security Features
Other Security Features:

Perform 802.1X authentication
Assign different computers on the same port to different
VLANs
Limit the number of MAC address moves
Perform DHCP inspection
Use firewall filters and 802.1x authentication to assign
class-of-service (CoS) parameters for traffic
Other Security Features
There are many other security features found in Junos that run on the EX Series switches. You can perform 802.1x
authentication, for exampleeven assigning different computers on the same port to different VLANs. You can also
limit the number of MAC address moves and perform DHCP inspection. You can also use firewall filters and 802.1X
authentication to assign class of service (or CoS) parameters for traffic.

Slide 149
Lab 3: Configuring Stateless Firewall Filters

on Junos Devices
Establish a Baseline Configuration
Configure and Monitor Firewall Filters

Lab 3: Configuring Stateless Firewall Filters on Junos Devices
In this lab you will:

Establish a Baseline Configuration, and
Configure and Monitor Firewall Filters

Slide 150
Section Summary

Established a baseline configuration
Configured and monitor firewall filters

Established a baseline configuration; and
Configured and monitor firewall filters.

Slide 151
True or False: Firewall filters are not stateful firewall

rules, but stateless packet filters just like IOSs
access lists.
A) True
B) False

Slide 151
All stateless packet filters are configured under which

hierarchy?
A) Firewall
B) Family inet
C) Family ethernet-switching

Slide 152

Slide 153
Section Objectives

able to:
Define a master switch
Define a backup switch
Add interfaces to the Virtual Chassis configuration
Create and monitor VCEPs

Define a master switch;
Define a backup switch;
Add interfaces to the Virtual Chassis configuration; and
Create and monitor VCEPs.

Slide 154
What Is a Virtual Chassis System?
A collection of interconnected EX Series switches that

are represented and managed as a single entity
Consists of up to 10 EX switches, depending on model
Provides a scaling solution within a switching environment
Allows up to 480 10/100/1000 Ethernet ports
What Is a Virtual Chassis System?
Simply put, a Virtual Chassis system is a collection of interconnected EX Series switches that are managed as a
single switch. A Virtual Chassis system can consists of up to 10 Virtual Chassis compatible EX Series switches,
depending on the model. Check the latest documentation to find out how many switches of a particular model can
participate in a Virtual Chassis, and which models can be combined in the same Virtual Chassis.
Virtual Chassis switches work together to provide higher port density while still being managed as a single switch.

Slide 155
Benefits of a Virtual Chassis System
Managed as a single switch

Simplifies management tasks such as software upgrades
Provides control plane redundancy
Facilitates master and backup Routing Engine election and
management
Allows growth and expansion based on needs
Start with a single EX Series switch and grow as needed (up
to a maximum of ten EX Series switches in a Virtual Chassis,
depending on the model used)
Benefits of a Virtual Chassis System
You can connect EX switches together to form a Virtual Chassis system, which you then can manage as a single
device.
In a Virtual Chassis configuration, one of the member switches is elected as the master switch and a second member
switch is chosen to become the backup switch. This facilitates control plane redundancy and is a requirement in many
environments.
The Virtual Chassis system allows expansion flexibility. You can start with a single Virtual Chassis capable EX Series
switch and then expand into a Virtual Chassis of up to ten switches (depending on the model used). Also, the ability to
grow and expand within and across wiring closets is a key advantage of Virtual Chassis in many environments.

Slide 156
Installing a Virtual Chassis System (1 of 2)
Recommended process:
Master (Active RE)
1. Install desired master switch 0
ON
Power up desired master switch
switch becomes master and Backup (Backup RE)
obtains member-id 0 1
ON
Assign mastership priority (255) Linecard
2. Add desired backup switch 2
Connect to master using VCP cable

Linecard
Power up desired backup switch 3
switch is elected as backup and
assigned member-id 1 Linecard
4
Assign mastership priority (254)
Installing a Virtual Chassis System: Part 1
The next two slides depict the proper installation process for installing the Virtual Chassis. This slide depicts the
installation of the master switch, which gets a member ID of 0 and a priority of 255. Then the desired backup switch is
selected, receiving a member ID of 1 and a priority of 254.

Slide 157
Installing a Virtual Chassis System (2 of 2)
Recommended process (contd.):

Master (Active RE)
3. Add line card switch 0
ON
Connect to switch above with VCP cable
Backup (Backup RE)
Power up third switch switch becomes
1
line card and is assigned ON
member-id 2 Linecard
Assign desired mastership priority 2
ON
4. Repeat Step 3 to add subsequent Linecard
line card switches 3
ON
Last line card switch completes loop by
Linecard
connecting with master
4
ON
Installing a Virtual Chassis System: Part 2
A third switch is powered up. This switch becomes the first member switch and is assigned a member ID of 2.
Additional line card switches are added in the same manner, receiving sequential member IDs3, 4, and so on.
There is more than one way to do the installation of a Virtual Chassis. However, this is the recommended out-of-box
process for performing the installation.

Slide 158
Connectivity
Single management interface

Individual management Ethernet ports on member switches
are tied to a special management VLAN associated with a
Layer 3 virtual management interface (vme)
Single management IP address
The Virtual Chassis system is managed as a single network
element; therefore, it has only one management IP address
Single virtual console
Connection to a console on any member switch in a Virtual
Chassis system is redirected to the Virtual Chassis master
by virtual console software running on all member switches
Connectivity
The management Ethernet ports on the individual member switches are automatically associated with a management
VLAN. This management VLAN uses a Layer 3 virtual management interface that facilitates communication through
the Virtual Chassis system to the master switch even if the master switchs management Ethernet port is inaccessible.
When you set up the master switch, you specify an IP address for the virtual management Ethernet interface (vme).
This single IP address allows you to configure and monitor all members of the Virtual Chassis system remotely
through Telnet or SSH.
All member switches participating in a Virtual Chassis system run virtual console software. This software redirects all
console connections to the master switch.

Slide 159
Roles and Responsibilities

Master switch:
Manages all switches participating in the Virtual Chassis system
Runs the Junos OS software in a master role
Runs chassis management processes and control protocols
Backup switch:
Maintains a state of readiness should the master fail
Receives synchronized protocol state and forwarding table
information from master switch
Runs the Junos OS software in a backup role
Line card:
The remaining member switches in the Virtual Chassis system are
operating as if they are line cards
Roles and Responsibilities
The master switch manages all switches participating in the Virtual Chassis system.
We highly recommend that all changes made on the master switch are replicated to the backup switch through the
use of the commit synchronize command.
The backup switch maintains a state of readiness to take over as master should the active master fail.
A line card switch (that is, any member other than the master or backup) programs its own local hardware. It does not
run the chassis management process or control protocols. A line card switch is responsible only for its local interfaces
within a chassis.

Slide 160
Mastership Election
Mastership determination:
1. Member with the highest user-configured priority
Priority range is 1255, factory-default value is 128
2. Member previously functioning as master prior to reboot
3. Member with the longest standing uptime
Difference must be greater than 1 minute
4. Member with the lowest MAC address
Used as tie breaker if all is equal through the first 3
determination points [edit virtual-chassis]
Configuring mastership priority: user@switch# show

member 0 {
mastership-priority 255;
}
member 1 {
mastership-priority 254;
}
Mastership Election
Mastership is determined by the following parameters:

Member with the highest user-configured priority
Priority range is 1255, factory-default value is 128
Member previously functioning as master prior to reboot
Member with the longest standing uptime
Difference must be greater than 1 minute
Member with the lowest MAC address
Used as tie breaker if all is equal through the first 3 determination points
To configure the mastership priority, use the coding at the lower right of the slide.

Slide 161
Mastership Election Considerations
Once the master is elected:

The member that is second in the master election process
becomes the backup switch
If a master or backup fails, one of the line card switches is
elected as the new backup switch
Preemption occurs when a switch with a higher mastership
priority joins the Virtual Chassis system
Mastership Election Considerations
So, once the master is elected:

The member that is second in the master election process becomes the backup switch;
If a master or backup fails, one of the line card switches is elected as the new backup switch; and
Preemption occurs when a switch with a higher mastership priority joins the Virtual Chassis system.

Slide 162
Member ID Assignment
Member ID assignment and considerations:

Master switch typically assumes member ID 0
Master switch assigns unique member IDs (19) to each
member switch (in a 10 switch Virtual Chassis)
Member IDs are assigned in ascending order based on the
sequence in which member switches were added to the
Virtual Chassis system
Member ID is preserved across reboot within a Virtual
Chassis system
Member ID serves as slot number for interface naming
Member ID can be manually configured through the CLI
Member ID Assignment
The master switch typically assumes a member ID of 0 because it is the first switch powered on. When the remainder
of the switches are interconnected and powered on, the master switch will assign a member ID from 1 through 9
making the complete member ID range 0-9. The master assigns each switch a member ID based upon the sequence
that the switch was added to the Virtual Chassis system. The member ID associated with each member switch is
preserved for the sake of consistency, across reboots. This preservation is helpful because the member ID is also a
key reference point when naming individual interfaces. The member ID serves the same purpose as a slot number
when configuring interfaces. Although the member ID is initially assigned by the master switch, you can change the
member ID values by using the CLI.
For example, the operational mode command to change a member ID from 0 to 8 would be: request virtual-chassis
renumber member-id 0 new-member-id 8.

Slide 163
Topology Discovery (1 of 3)
VCCP is used to exchange LSA-based discovery

messages
Discovery messages are exchanged between all PFEs and
build member switch topology and PFE topology maps
Each switch runs shortest-path algorithm for each PFE
Creates PFE map tables that outline shortest paths between
all PFEs
Source ID egress filter tables prevent broadcast and
multicast packets from looping
Filter tables are built for each PFE
Topology Discovery: Part 1
All switches participating in the Virtual Chassis system use the Virtual Chassis Control Protocol (VCCP) to exchange
LSA-based messages between all interconnected PFEs within a Virtual Chassis system. Based on these LSA-based
messages, each PFE builds a member switch topology in addition to a PFE topology map. These topology maps are
used when determining the best paths between individual PFEs.
Once the PFE topology map is built, the individual switches run a shortest path algorithm for each PFE. This algorithm
is based on hop count and bandwidth. The result is a map table for each PFE that outlines the shortest path to all
other PFEs within the Virtual Chassis system. In the event of failure, a new shortest path first (SPF) calculation is
performed.
To prevent loops each switch creates a unique source ID egress filter table on each PFE.

Slide 164
Example of topology discovery with the SPF algorithm:
a b c d e f g h i b c d
a e
i g f
h Virtual Chassis
Backplane
Virtual Chassis Backplane Cables
Physical Virtual Chassis Cabling Logical Virtual Chassis Ring Topology
Note: a, b, c, and so on are PFEs
This slide depicts a visual example of the physical cabling and logical ring topology of a Virtual Chassis system.

Slide 165
Example of topology discovery with the SPF algorithm

(continued):
b c d e
b c d i h g f
a e
PFE as Rooted Reachability SPF Tree
i g f
h Virtual Chassis Backplane
e d c
f
g
Logical Virtual Chassis Ring Topology
h i a b
Note: a, b, c, and so on are PFEs

PFE gs Rooted Reachability SPF Tree
Using the SPF algorithm, each PFE builds its own shortest path tree to all other PFEs based upon hop count and
bandwidth. This process is automatic and is not configurable.

Slide 166
Packet Flow Overview (Interchassis)

Packet flow example:
Packets always take the shortest ge-0/0/28 ge-0/0/10
path 0
Shortest path is determined by hop

count and bandwidth
1
Packets going from ge-0/0/10 to
ge-3/0/14 pass through member 4 ge-2/0/47
to reach member 3 because 0 to 4 2

to 3 is only one hop, whereas 0 to 1
to 2 to 3 is two hops ge-3/0/14
3
Packets going from ge-0/0/28 to
ge-2/0/47 pass through member 1
to reach member 2 because 0 to 1 4
to 2 is only one hop, whereas 0 to 4
to 3 to 2 is two hops
Packet Flow Overview (Interchassis)
As packets flow from one physical chassis to another through a Virtual Chassis system, they always take the shortest
path. This is based upon a combination of hop count and bandwidth. Based upon physical topology, the shortest path
is always selected from switch to switch in the Virtual Chassis system.

Slide 167
Operational Monitoring
Key operational commands:
Use show chassis hardware to view installed
hardware and inventory details for Virtual Chassis system
Use show virtual-chassis status to verify status
and role of individual members within the Virtual Chassis
system
Use show virtual-chassis active-topology to
view active topology details within Virtual Chassis system
Use show virtual-chassis vc-port to view VCP
status and associated details
Use show virtual-chassis member-config to view
Virtual Chassis configuration for individual members
Use show virtual-chassis protocol commands to
view interchassis communication details and status
Operational Monitoring
This slide displays some of the key operational mode commands along with a short description of the content each
command displays.

Slide 168
Lab 4: Configure a Virtual Chassis

Define a Master Switch Add Interfaces to the Virtual Chassis
Define a Backup Switch configuration
Create and Monitor VCEPs

Lab 4: Configure a Virtual Chassis

Define a master switch;
Define a backup switch;
Add Interfaces to the Virtual Chassis configuration; and
Create and Monitor VCEPs.

Slide 169
Section Summary

Defined a master switch
Defined a backup switch
Added interfaces to the Virtual Chassis
Created and monitored VCEPs

Defined a master switch;
Defined a backup switch;
Added interfaces to the Virtual Chassis; and
Created and monitored VCEPs.

Slide 170
What command is used to replicate changes made to

all members of the Virtual Chassis System?
A) Commit synchronize
B) Commit confirm
C) Rollback 0
D) System synchronize

Slide 170
What is the default mastership priority on the master

switch in an EX Series Virtual Chassis system?
A) 255
B) 100
C) 10
D) 256

Slide 171
Course Summary
In this course, we:

Configured and monitored interfaces on the Juniper EX
Series switching product
Configured and monitored Layer 2 on the Juniper EX Series
switching product
Configured security features on the Juniper EX Series
switching product
Configured a Virtual Chassis backplane between two Juniper
EX Series switches
In this course, we:

Configured and monitored interfaces on the Juniper EX Series switching product;
Configured and monitored Layer 2 on the Juniper EX Series switching product;
Configured security features on the Juniper EX Series switching product; and
Configured a Virtual Chassis backplane between two Juniper EX Series switches.

Slide 172
Additional Resources
Education Services training classes

http://www.juniper.net/training/technical_education/
Juniper Networks Certification Program Web site
www.juniper.net/certification
Juniper Networks documentation and white papers
www.juniper.net/techpubs
To submit errata or for general questions
elearning@juniper.net
For additional resources or to contact the Juniper Networks eLearning team, click the links on the screen.

Slide 173
Evaluation and Survey
You have reached the end of this Juniper Networks

eLearning module
You should now return to your Juniper Learning
Center to take the assessment and the student
survey
After successfully completing the assessment, you will earn
credits that will be recognized through certificates and non-
monetary rewards
The survey will allow you to give feedback on the quality and
usefulness of the course
You have reached the end of this Juniper Networks eLearning module. You should now return to your Juniper
Learning Center to take the assessment and the student survey. After successfully completing the assessment, you
will earn credits that will be recognized through certificates and non-monetary rewards. The survey will allow you to
give feedback on the quality and usefulness of the course.

Slide 174
Copyright 2016 Juniper Networks, Inc.
All rights reserved. JUNIPER NETWORKS, the Juniper Networks logo,

JUNOS, QFABRIC, NETSCREEN, and SCREENOS are registered
trademarks of Juniper Networks, Inc. in the United States and other
countries. All other trademarks, service marks, registered
trademarks, or registered service marks are the property of their
respective owners.
Copyright 2016 Juniper Networks, Inc.
All rights reserved. JUNIPER NETWORKS, the Juniper Networks logo, JUNOS, QFABRIC, NETSCREEN, and
SCREENOS are registered trademarks of Juniper Networks, Inc. in the United States and other countries. All other
trademarks, service marks, registered trademarks, or registered service marks are the property of their respective
owners. Juniper Networks reserves the right to change, modify, transfer or otherwise revise this publication without
notice.

Slide 175
CONFIDENTIAL

e d u c a t io n se r v ic e s c o u rsew a re
Co rp orat e and Sal es Head q uart ers APAC Head q uart ers EMEA Head q uart ers Copyright 20 10 Junip er Net w orks, Inc.
Al l right s reserved. Junip er Net w orks,
Junip er Net w orks, Inc. Junip er Net w orks ( Hong Kong) Junip er Net w orks Ireland t he Junip er Net w orks logo, Junos,
119 4 Nort h Mat hild a Avenue 26 / F, Cit yp laza One Airsid e Business Park Net Screen, and ScreenOS are regist ered
Sunnyvale, CA 9 4 0 8 9 USA 1111 Kings Road Sw ord s, Count y Dub l in, Ireland t rad em arks of Junip er Net w orks, Inc. in
Phone: 8 8 8 .JUNIPER Taikoo Shing, Hong Kong Phone: 35.31.8 9 0 3.6 0 0 t he Unit ed St at es and ot her count ries.
( 8 8 8 .58 6 .4737) Phone: 8 5 2.2332.36 36 EMEA Sales: 0 0 8 0 0 .4 58 6 .4737 Al l ot her t rad em arks, service m arks,
or 4 0 8 .74 5.20 0 0 Fax: 8 52.2574 .78 0 3 Fax: 35 .31.8 9 0 3.6 0 1 regist ered m arks, or regist ered service
Fax: 4 0 8 .74 5.210 0 m arks are t he p rop ert y of t heir
w w w.junip er.net resp ect ive ow ners. Junip er Net w orks
assum es no resp onsib il it y f or any
inaccuracies in t his d ocum ent . Junip er
Net w orks reserves t he right t o change,
m od if y, t ransf er, or ot herw ise revise t his
p ub l icat ion w it hout not ice.

Ssex03e ML5

Încărcat de

Informații document

Titlu original

Drepturi de autor

Formate disponibile

Partajați acest document

Partajați sau inserați document

Opțiuni de partajare

Vi se pare util acest document?

Este necorespunzător acest conținut?

Drepturi de autor:

Formate disponibile

Ssex03e ML5

Încărcat de

Drepturi de autor:

Formate disponibile

e d u c a t io n se rv ic e s c o u rsew a re

Junos Switching Basics

Build the Best

Course SSEX03E-ML5 Juniper Networks, Inc. 2

Junos Switching Basics

Welcome to Juniper Networks Junos Switching Basics eLearning module.

Course SSEX03E-ML5 Juniper Networks, Inc. 3

Course SSEX03E-ML5 Juniper Networks, Inc. 4

After successfully completing this course, you will be

After successfully completing this course, you will be able to:

Course SSEX03E-ML5 Juniper Networks, Inc. 5

Agenda: Junos Switching Basics

An Introduction to Using Junos OS on EX Series

Course SSEX03E-ML5 Juniper Networks, Inc. 6

Junos Switching Basics

An Introduction to Using Junos OS on

An Introduction to Using Junos OS on EX Series Switches

Course SSEX03E-ML5 Juniper Networks, Inc. 7

After successfully completing this section, you will be

After successfully completing this section, you will be able to:

Course SSEX03E-ML5 Juniper Networks, Inc. 8

Junos for EX Series Switches (1 of 4)

Many networking companies have different software for their

Junos for EX Series Switches: Part 1

Course SSEX03E-ML5 Juniper Networks, Inc. 9

Junos for EX Series Switches (2 of 4)

Junos for EX Series Switches: Part 2

Course SSEX03E-ML5 Juniper Networks, Inc. 10

Junos for EX Series Switches (3 of 4)

Junos for EX Series Switches: Part 3

Course SSEX03E-ML5 Juniper Networks, Inc. 11

Junos for EX Series Switches (4 of 4)

Junos for EX Series Switches: Part 4

Course SSEX03E-ML5 Juniper Networks, Inc. 12

Packets in Packets out

Course SSEX03E-ML5 Juniper Networks, Inc. 13

Managing a Junos Device

NETCONF API Junoscript API

Managing a Junos Device

There are multiple ways to manage a device running Junos.

Course SSEX03E-ML5 Juniper Networks, Inc. 14

In this section, we:

In this section, we:

Course SSEX03E-ML5 Juniper Networks, Inc. 15

Learning Activity 1: Question 1

The Junos OS is a reliable, high-performance network

Learning Activity 1: Question 1

Course SSEX03E-ML5 Juniper Networks, Inc. 16

Junos Switching Basics

Configuring and Monitoring Interfaces

Configuring and Monitoring Interfaces

Course SSEX03E-ML5 Juniper Networks, Inc. 17

After successfully completing this section, you will be

After successfully completing this section, you will be able to:

Course SSEX03E-ML5 Juniper Networks, Inc. 18

After the two character interface media type, digits

Gigabit Ethernet FPC PIC Port

Interface Designations: Part 1

Course SSEX03E-ML5 Juniper Networks, Inc. 19

Virtual Chassis Switches

Interface Designations: Part 2

Course SSEX03E-ML5 Juniper Networks, Inc. 20

Interface Designations: Part 3